diff --git a/src/apps/account/views.py b/src/apps/account/views.py
index 8e01836..56a004d 100644
--- a/src/apps/account/views.py
+++ b/src/apps/account/views.py
@@ -26,8 +26,9 @@ class LoginView(ObtainJSONWebToken, GenericView):
 
     def post(self, request, *args, **kwargs):
         # 登录次数限制
+        remote_ip = request.META.get('HTTP_REMOTEIP', '')
         user_name = request.data.get('username', '')
-        times = rh.get_login_times(user_name)
+        times = rh.get_login_times(remote_ip)
         if isinstance(times, int) and times >= LOGIN_TIMES_LIMIT:
             raise self.invalid_params(msg="重试次数限制")
 
@@ -35,7 +36,7 @@ class LoginView(ObtainJSONWebToken, GenericView):
         self.running_log.info('[users.login] username: {0}'.format(user_name))
 
         if res.status_code == status.HTTP_400_BAD_REQUEST:
-            rh.set_login_times(user_name, LOGIN_TIMES_LIMIT_EXPIRES)
+            rh.set_login_times(remote_ip, LOGIN_TIMES_LIMIT_EXPIRES)
             raise self.invalid_params(msg="用户名或密码错误")
         serializer = self.get_serializer(data=request.data)
         serializer.is_valid()
diff --git a/src/apps/doc/views.py b/src/apps/doc/views.py
index 50394ac..8d90733 100644
--- a/src/apps/doc/views.py
+++ b/src/apps/doc/views.py
@@ -1005,10 +1005,10 @@ class DocView(GenericView, DocHandler):
 
 
 class CompareResultView(GenericView):
-    permission_classes = []
-    authentication_classes = []
-    # permission_classes = [IsAuthenticated]
-    # authentication_classes = [OAuth2AuthenticationWithUser]
+    # permission_classes = []
+    # authentication_classes = []
+    permission_classes = [IsAuthenticated]
+    authentication_classes = [OAuth2AuthenticationWithUser]
 
     # 获取比对结果
     @use_args(compare_result_args, location='querystring')
@@ -1307,10 +1307,10 @@ class SEContractView(GenericView):
 
 
 class AutoSettlementView(GenericView):
-    permission_classes = []
-    authentication_classes = []
-    # permission_classes = [IsAuthenticated]
-    # authentication_classes = [OAuth2AuthenticationWithUser]
+    # permission_classes = []
+    # authentication_classes = []
+    permission_classes = [IsAuthenticated]
+    authentication_classes = [OAuth2AuthenticationWithUser]
 
     # 获取auto settlement列表
     @use_args(auto_list_args, location='querystring')
diff --git a/src/common/redis_cache/handler.py b/src/common/redis_cache/handler.py
index eb0d17c..64179c8 100644
--- a/src/common/redis_cache/handler.py
+++ b/src/common/redis_cache/handler.py
@@ -78,6 +78,8 @@ class RedisHandler:
         return self.redis.get('{0}:{1}'.format(self.login_limit_key, user_name))
 
     def set_login_times(self, user_name, expires=None):
+        if user_name == '':
+            return
         key = '{0}:{1}'.format(self.login_limit_key, user_name)
         self.redis.incr(key)
         if isinstance(expires, int):