diff --git a/app/Http/Controllers/Api/HostController.php b/app/Http/Controllers/Api/HostController.php
index 1baee4f..5889ee7 100644
--- a/app/Http/Controllers/Api/HostController.php
+++ b/app/Http/Controllers/Api/HostController.php
@@ -3,9 +3,9 @@
 namespace App\Http\Controllers\Api;
 
 use App\Http\Controllers\Controller;
+use App\Http\Requests\User\HostRequest;
 use App\Models\Host;
 use Illuminate\Http\JsonResponse;
-use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Cache;
 use function auth;
 use function dispatch;
@@ -23,7 +23,7 @@ public function index(): JsonResponse
     }
 
     //
-    public function update(Request $request, Host $host): JsonResponse
+    public function update(HostRequest $request, Host $host): JsonResponse
     {
         $request->validate([
             'status' => 'required|in:running,stopped',
@@ -35,34 +35,26 @@ public function update(Request $request, Host $host): JsonResponse
             return $this->error('余额不足，无法开启计费项目。');
         }
 
-        if ($host->user_id == $user->id) {
-            $host->update([
-                'status' => $request->status,
-            ]);
+        $host->update([
+            'status' => $request->status,
+        ]);
 
-            return $this->updated($host);
-        } else {
-            return $this->error('无权操作');
-        }
+        return $this->updated($host);
     }
 
-    public function destroy(Host $host)
+    public function destroy(HostRequest $host)
     {
-        if ($host->user_id == auth()->id()) {
-            if ($host->status == 'pending') {
-                // 如果上次更新时间大于 5min
-                if (time() - strtotime($host->updated_at) > 300) {
-                    $host->delete();
-                } else {
-                    return $this->error('请等待 5 分钟后再试');
-                }
+        if ($host->status == 'pending') {
+            // 如果上次更新时间大于 5min
+            if (time() - strtotime($host->updated_at) > 300) {
+                $host->delete();
+            } else {
+                return $this->error('请等待 5 分钟后再试');
             }
-
-            dispatch(new \App\Jobs\Module\Host($host, 'delete'));
-        } else {
-            return $this->error('无权操作');
         }
 
+        dispatch(new \App\Jobs\Module\Host($host, 'delete'));
+
         return $this->deleted($host);
     }
 
diff --git a/app/Http/Requests/User/HostRequest.php b/app/Http/Requests/User/HostRequest.php
new file mode 100644
index 0000000..ce1eb9d
--- /dev/null
+++ b/app/Http/Requests/User/HostRequest.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Http\Requests\User;
+
+use Illuminate\Foundation\Http\FormRequest;
+
+class HostRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize(): bool
+    {
+        $host = $this->route('host');
+
+        // 检测是否是自己的主机
+        return $host->user_id == auth()->id();
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array<string, mixed>
+     */
+    public function rules()
+    {
+        return [
+            //
+        ];
+    }
+}
diff --git a/app/Http/Requests/User/WorkOrder/WorkOrderRequest.php b/app/Http/Requests/User/WorkOrder/WorkOrderRequest.php
index 1bcbfaf..ad312e5 100644
--- a/app/Http/Requests/User/WorkOrder/WorkOrderRequest.php
+++ b/app/Http/Requests/User/WorkOrder/WorkOrderRequest.php
@@ -17,17 +17,7 @@ public function authorize(): bool
 
         $work_order = $this->route('workOrder');
 
-        // if work_order is model
-        if ($work_order instanceof WorkOrder) {
-            $work_order_id = $work_order->id;
-        } else {
-            $work_order_id = $work_order;
-        }
-
-
-        return WorkOrder::where('user_id', auth()->id())->where('id', $work_order_id)->exists();
-
-        return false;
+        return $work_order->user_id == auth()->id();
     }
 
     /**