diff --git a/src/admin/controllers/game.controller.ts b/src/admin/controllers/game.controller.ts
index efca350..e354a26 100644
--- a/src/admin/controllers/game.controller.ts
+++ b/src/admin/controllers/game.controller.ts
@@ -6,7 +6,7 @@ import { generateQrFile } from '../../services/File'
 import { getInviteeNum } from '../../services/JCFW'
 import { UserItem } from '../../models/user/UserItem'
 import { checkText } from '../../services/Baidu'
-import { refreshToken } from '../../services/Wechat'
+import { msgSecCheck, refreshToken } from '../../services/Wechat'
 
 class GameController extends BaseController {
   @role('anon')
@@ -23,8 +23,10 @@ class GameController extends BaseController {
     // return result
     const { txt } = req.params
     // const res = await checkText(txt)
-    const token = await refreshToken('wxf8c3da4e7dfe00a2', '8c0a1e88a6b43e4be80ed6a597c0b047')
-    return { token }
+    // const token = await refreshToken('wxf8c3da4e7dfe00a2', '8c0a1e88a6b43e4be80ed6a597c0b047')
+    // return { token }
+    const { data } = await msgSecCheck(txt)
+    return { data }
   }
   @permission(['game:read', 'shop:game_setting'])
   @router('post /api/games')
diff --git a/src/services/Wechat.ts b/src/services/Wechat.ts
index 292c016..1027c71 100644
--- a/src/services/Wechat.ts
+++ b/src/services/Wechat.ts
@@ -43,4 +43,19 @@ export async function refreshToken(appId: string, appSecret: string) {
   }
 }
 
-export async function msgSecCheck(content: string) {}
+export async function msgSecCheck(content: string) {
+  let data = { content }
+  const token = await refreshToken('wxf8c3da4e7dfe00a2', '8c0a1e88a6b43e4be80ed6a597c0b047')
+  const url = `https://api.weixin.qq.com/wxa/msg_sec_check?access_token=${token}`
+  let reqConfig: AxiosRequestConfig = {
+    method: 'post',
+    url,
+    headers: {
+      'Cache-Control': 'no-cache',
+      'Content-Type': 'application/json',
+    },
+    responseType: 'stream',
+    data,
+  }
+  return axios(reqConfig)
+}