diff --git a/middleware/auth.go b/middleware/auth.go
index 915114a7..6f7ad41f 100644
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -98,6 +98,16 @@ func TokenAuth() func(c *gin.Context) {
 			c.Abort()
 			return
 		}
+		if !model.IsUserEnabled(token.UserId) {
+			c.JSON(http.StatusOK, gin.H{
+				"error": gin.H{
+					"message": "用户已被封禁",
+					"type":    "one_api_error",
+				},
+			})
+			c.Abort()
+			return
+		}
 		c.Set("id", token.UserId)
 		c.Set("token_id", token.Id)
 		c.Set("unlimited_times", token.UnlimitedTimes)
diff --git a/model/user.go b/model/user.go
index 3b5db50f..bc2348b9 100644
--- a/model/user.go
+++ b/model/user.go
@@ -195,6 +195,19 @@ func IsAdmin(userId int) bool {
 	return user.Role >= common.RoleAdminUser
 }
 
+func IsUserEnabled(userId int) bool {
+	if userId == 0 {
+		return false
+	}
+	var user User
+	err := DB.Where("id = ?", userId).Select("status").Find(&user).Error
+	if err != nil {
+		common.SysError("No such user " + err.Error())
+		return false
+	}
+	return user.Status == common.UserStatusEnabled
+}
+
 func ValidateAccessToken(token string) (user *User) {
 	if token == "" {
 		return nil