diff --git a/business/partner/purchase/tao_vegetable/order.go b/business/partner/purchase/tao_vegetable/order.go
index 813e75d79..812ffca41 100644
--- a/business/partner/purchase/tao_vegetable/order.go
+++ b/business/partner/purchase/tao_vegetable/order.go
@@ -306,7 +306,7 @@ func (c *PurchaseHandler) onOrderMsg(orderStatus, orderId string, orderCallback
 	msg := orderCallback.(*tao_vegetable.CallbackOrder)
 	if orderStatus == tao_vegetable.OrderStatusOnSaleCancel {
 		onSale := orderCallback.(*tao_vegetable.OnSaleCancel)
-		msg.PublicModel = onSale.PublicModel
+		//msg.PublicModel = onSale.PublicModel
 		msg.MerchantCode = onSale.MerchantCode
 		msg.StoreId = onSale.StoreId
 		msg.BizOrderId = onSale.BizOrderId
@@ -387,7 +387,8 @@ func (c *PurchaseHandler) callbackOrderMsg2Status(msg *tao_vegetable.CallbackOrd
 		RefVendorOrderID: orderId,
 		RefVendorID:      model.VendorIDTaoVegetable,
 		VendorStatus:     msg.OrderStatus,
-		StatusTime:       utils.Str2TimeWithDefault(msg.Timestamp, time.Now()),
+		//StatusTime:       utils.Str2TimeWithDefault(msg.Timestamp, time.Now()),
+		StatusTime: time.Now(),
 	}
 
 	switch msg.OrderStatus {
@@ -421,18 +422,18 @@ func (c *PurchaseHandler) callbackOrderMsg2Status(msg *tao_vegetable.CallbackOrd
 
 func (c *PurchaseHandler) postFakeMsg(vendorOrderID, cmd, vendorStatus string) {
 	msg := &tao_vegetable.CallbackOrder{
-		PublicModel: tao_vegetable.PublicModel{
-			Method:     "",
-			AppKey:     "",
-			Session:    "",
-			Timestamp:  utils.Time2Str(time.Now()),
-			V:          "",
-			SignMethod: "",
-			Sign:       "",
-			Format:     "",
-			Simplify:   false,
-			CustomerId: false,
-		},
+		//PublicModel: tao_vegetable.PublicModel{
+		//	Method:     "",
+		//	AppKey:     "",
+		//	Session:    "",
+		//	Timestamp:  utils.Time2Str(time.Now()),
+		//	V:          "",
+		//	SignMethod: "",
+		//	Sign:       "",
+		//	Format:     "",
+		//	Simplify:   false,
+		//	CustomerId: false,
+		//},
 		MerchantCode: "",
 		StoreId:      "",
 		BizOrderId:   utils.Str2Int64(vendorOrderID),
diff --git a/business/partner/purchase/tao_vegetable/order_afs.go b/business/partner/purchase/tao_vegetable/order_afs.go
index 5c7bec82b..8164a5b5f 100644
--- a/business/partner/purchase/tao_vegetable/order_afs.go
+++ b/business/partner/purchase/tao_vegetable/order_afs.go
@@ -15,6 +15,7 @@ import (
 	"git.rosy.net.cn/jx-callback/business/partner"
 	"git.rosy.net.cn/jx-callback/globals"
 	"git.rosy.net.cn/jx-callback/globals/api"
+	"time"
 )
 
 var (
@@ -196,7 +197,7 @@ func (c *PurchaseHandler) callbackAfsMsg2Status(status string, msg interface{})
 		orderStatus.RefVendorOrderID = refundData.OutOrderId
 		orderStatus.VendorStatus = fmt.Sprintf("%s:%s", tao_vegetable.OrderStatusApplyAfs, "用户申请取消")
 		orderStatus.Status = c.GetAfsStatusFromVendorStatus(tao_vegetable.OrderStatusApplyAfs)
-		orderStatus.StatusTime = utils.Str2Time(refundData.Timestamp)
+		orderStatus.StatusTime = time.Now()
 		orderStatus.Remark = refundData.Remarks
 		orderStatus.VendorOrderID = refundData.BizRefundId
 	case tao_vegetable.OrderStatusCancelAfs:
@@ -204,7 +205,7 @@ func (c *PurchaseHandler) callbackAfsMsg2Status(status string, msg interface{})
 		orderStatus.RefVendorOrderID = refundData.OutOrderId
 		orderStatus.VendorStatus = fmt.Sprintf("%s:%s", tao_vegetable.OrderStatusCancelAfs, "用户取消售后申请")
 		orderStatus.Status = c.GetAfsStatusFromVendorStatus(tao_vegetable.OrderStatusCancelAfs)
-		orderStatus.StatusTime = utils.Str2Time(refundData.Timestamp)
+		orderStatus.StatusTime = time.Now()
 		orderStatus.VendorOrderID = refundData.BizRefundId
 	//case tao_vegetable.OrderStatusOnSaleCancel:
 	//	refundData := msg.(*tao_vegetable.OnSaleCancel)
@@ -218,7 +219,7 @@ func (c *PurchaseHandler) callbackAfsMsg2Status(status string, msg interface{})
 		orderStatus.RefVendorOrderID = refundData.OutMainRefundId
 		orderStatus.VendorStatus = fmt.Sprintf("%s:%s", tao_vegetable.OrderStatusRefundSuccess, "用户售后退款成功")
 		orderStatus.Status = c.GetAfsStatusFromVendorStatus(tao_vegetable.OrderStatusRefundSuccess)
-		orderStatus.StatusTime = utils.Str2Time(refundData.Timestamp)
+		orderStatus.StatusTime = time.Now()
 		orderStatus.VendorOrderID = refundData.BizSubRefundId
 	}
 
diff --git a/controllers/taobao_vegetable.go b/controllers/taobao_vegetable.go
index 5020c2a9f..1e57e22f5 100644
--- a/controllers/taobao_vegetable.go
+++ b/controllers/taobao_vegetable.go
@@ -1,6 +1,8 @@
 package controllers
 
 import (
+	"crypto/md5"
+	"fmt"
 	"git.rosy.net.cn/baseapi/platformapi/tao_vegetable"
 	"git.rosy.net.cn/baseapi/platformapi/tiktok_shop/tiktok_api"
 	"git.rosy.net.cn/baseapi/utils"
@@ -12,6 +14,9 @@ import (
 	"github.com/astaxie/beego/server/web"
 	"io/ioutil"
 	"net/http"
+	"net/url"
+	"sort"
+	"strings"
 )
 
 type TaoBaoVegetableController struct {
@@ -71,15 +76,36 @@ func (c *TaoBaoVegetableController) GetCode() {
 
 // OrderStatus 订单状态变化 [post]
 func (c *TaoBaoVegetableController) OrderStatus() {
-	order, err := api.TaoVegetableApi.ReaderOrderInfo(c.Ctx.Request)
-	globals.SugarLogger.Debugf("OrderStatus := %s", utils.Format4Output(order, false))
+	urlParam := c.Ctx.Request.URL.RawQuery
+
+	// 获取url参数
+	values, err := url.ParseQuery(urlParam)
 	if err != nil {
-		globals.SugarLogger.Debugf("订单状态变化:%s", err.Error())
 		c.Data["json"] = tao_vegetable.CallBackResultInfo(err)
 		c.ServeJSON()
 		return
 	}
 
+	// 获取body参数
+	order, err := api.TaoVegetableApi.ReaderOrderInfo(c.Ctx.Request)
+	if err != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultInfo(err)
+		c.ServeJSON()
+		return
+	}
+
+	// 验签
+	sign := Sign(values, utils.Format4Output(order, false), api.TaoVegetableApi.GetAppSecret())
+	if sign != values.Get("sign") && order != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
+		c.ServeJSON()
+		return
+	} else {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
+		c.ServeJSON()
+		return
+	}
+
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusChange, utils.Int64ToStr(order.BizOrderId), order)
 	c.Data["json"] = callbackResponse
 	c.ServeJSON()
@@ -88,6 +114,16 @@ func (c *TaoBaoVegetableController) OrderStatus() {
 
 // ApplyCancelOrder 用户发起售后申请
 func (c *TaoBaoVegetableController) ApplyCancelOrder() {
+	urlParam := c.Ctx.Request.URL.RawQuery
+
+	// 获取url参数
+	values, err := url.ParseQuery(urlParam)
+	if err != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultInfo(err)
+		c.ServeJSON()
+		return
+	}
+
 	afsOrder, err := api.TaoVegetableApi.UserApplyRefund(c.Ctx.Request)
 	globals.SugarLogger.Debugf("ApplyCancelOrder := %s", utils.Format4Output(afsOrder, false))
 	if err != nil {
@@ -96,6 +132,19 @@ func (c *TaoBaoVegetableController) ApplyCancelOrder() {
 		c.ServeJSON()
 		return
 	}
+
+	// 验签
+	sign := Sign(values, utils.Format4Output(afsOrder, false), api.TaoVegetableApi.GetAppSecret())
+	if sign != values.Get("sign") && afsOrder != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
+		c.ServeJSON()
+		return
+	} else {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
+		c.ServeJSON()
+		return
+	}
+
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusApplyAfs, afsOrder.OutOrderId, afsOrder)
 	c.Data["json"] = callbackResponse
 	c.ServeJSON()
@@ -104,6 +153,16 @@ func (c *TaoBaoVegetableController) ApplyCancelOrder() {
 
 // UserCancelRefund 用户取消售后
 func (c *TaoBaoVegetableController) UserCancelRefund() {
+	urlParam := c.Ctx.Request.URL.RawQuery
+
+	// 获取url参数
+	values, err := url.ParseQuery(urlParam)
+	if err != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultInfo(err)
+		c.ServeJSON()
+		return
+	}
+
 	afsOrder, err := api.TaoVegetableApi.UserCancelRefundApply(c.Ctx.Request)
 	globals.SugarLogger.Debugf("UserCancelRefund := %s", utils.Format4Output(afsOrder, false))
 	if err != nil {
@@ -112,6 +171,19 @@ func (c *TaoBaoVegetableController) UserCancelRefund() {
 		c.ServeJSON()
 		return
 	}
+
+	// 验签
+	sign := Sign(values, utils.Format4Output(afsOrder, false), api.TaoVegetableApi.GetAppSecret())
+	if sign != values.Get("sign") && afsOrder != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
+		c.ServeJSON()
+		return
+	} else {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
+		c.ServeJSON()
+		return
+	}
+
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusCancelAfs, afsOrder.OutOrderId, afsOrder)
 	c.Data["json"] = callbackResponse
 	c.ServeJSON()
@@ -120,6 +192,16 @@ func (c *TaoBaoVegetableController) UserCancelRefund() {
 
 // CancelOnSaleRefundOrder 用户售中取消(走订单取消流程)
 func (c *TaoBaoVegetableController) CancelOnSaleRefundOrder() {
+	urlParam := c.Ctx.Request.URL.RawQuery
+
+	// 获取url参数
+	values, err := url.ParseQuery(urlParam)
+	if err != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultInfo(err)
+		c.ServeJSON()
+		return
+	}
+
 	afsOrder, err := api.TaoVegetableApi.OnSaleRefundOrder(c.Ctx.Request)
 	globals.SugarLogger.Debugf("CancelOnSaleRefundOrder := %s", utils.Format4Output(afsOrder, false))
 	if err != nil {
@@ -128,6 +210,19 @@ func (c *TaoBaoVegetableController) CancelOnSaleRefundOrder() {
 		c.ServeJSON()
 		return
 	}
+
+	// 验签
+	sign := Sign(values, utils.Format4Output(afsOrder, false), api.TaoVegetableApi.GetAppSecret())
+	if sign != values.Get("sign") && afsOrder != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
+		c.ServeJSON()
+		return
+	} else {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
+		c.ServeJSON()
+		return
+	}
+
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusOnSaleCancel, utils.Int64ToStr(afsOrder.BizOrderId), afsOrder)
 	c.Data["json"] = callbackResponse
 	c.ServeJSON()
@@ -136,6 +231,16 @@ func (c *TaoBaoVegetableController) CancelOnSaleRefundOrder() {
 
 // RefundOrderSuccess 用户售后成功通知,只有退款成功了才会通知(商户拒绝退款,不会通知)
 func (c *TaoBaoVegetableController) RefundOrderSuccess() {
+	urlParam := c.Ctx.Request.URL.RawQuery
+
+	// 获取url参数
+	values, err := url.ParseQuery(urlParam)
+	if err != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultInfo(err)
+		c.ServeJSON()
+		return
+	}
+
 	refundSuccess, err := api.TaoVegetableApi.RefundOrderFinish(c.Ctx.Request)
 	globals.SugarLogger.Debugf("RefundOrderSuccess := %s", utils.Format4Output(refundSuccess, false))
 	if err != nil {
@@ -144,8 +249,34 @@ func (c *TaoBaoVegetableController) RefundOrderSuccess() {
 		c.ServeJSON()
 		return
 	}
+	// 验签
+	sign := Sign(values, utils.Format4Output(refundSuccess, false), api.TaoVegetableApi.GetAppSecret())
+	if sign != values.Get("sign") && refundSuccess != nil {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(fmt.Errorf("非法签名"))
+		c.ServeJSON()
+		return
+	} else {
+		c.Data["json"] = tao_vegetable.CallBackResultSign(nil)
+		c.ServeJSON()
+		return
+	}
+
 	callbackResponse := taoVegetable.OnCallbackMsg(tao_vegetable.OrderStatusRefundSuccess, refundSuccess.OutSubOrderId, refundSuccess)
 	c.Data["json"] = callbackResponse
 	c.ServeJSON()
 	return
 }
+
+func Sign(param url.Values, data, secret string) string {
+	var publicParam = make([]string, 0, 0)
+	for k, v := range param {
+		if k == "sign" {
+			continue
+		}
+		publicParam = append(publicParam, fmt.Sprintf("%s%s", k, v[0]))
+	}
+
+	sort.Strings(publicParam)
+	cc := secret + strings.Join(publicParam, "") + strings.ReplaceAll(strings.ReplaceAll(strings.ReplaceAll(data, "\n", ""), "\t", ""), " ", "") + secret
+	return fmt.Sprintf("%X", md5.Sum([]byte(cc)))
+}