diff --git a/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php b/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php
index b26e995e..e4b63c4b 100644
--- a/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php
+++ b/app/Endpoint/Api/Http/Controllers/Auth/LoginController.php
@@ -38,6 +38,8 @@ class LoginController extends Controller
 
         $user = $this->{$method}($request);
 
+        $user->checkStatus();
+
         if ($type === 'password') {
             if ($user->old_password) {
                 $user->password = $request->input('password');
diff --git a/app/Endpoint/Api/Http/Middleware/CheckUserStatus.php b/app/Endpoint/Api/Http/Middleware/CheckUserStatus.php
new file mode 100644
index 00000000..017ad02f
--- /dev/null
+++ b/app/Endpoint/Api/Http/Middleware/CheckUserStatus.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace App\Endpoint\Api\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+
+class CheckUserStatus
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param \Illuminate\Http\Request $request
+     * @param \Closure $next
+     * @return mixed
+     */
+    public function handle(Request $request, Closure $next)
+    {
+        if ($user = $request->user()) {
+            $user->checkStatus();
+        }
+
+        return $next($request);
+    }
+}
diff --git a/app/Endpoint/Api/routes.php b/app/Endpoint/Api/routes.php
index c4b351f4..ebb68180 100644
--- a/app/Endpoint/Api/routes.php
+++ b/app/Endpoint/Api/routes.php
@@ -96,7 +96,10 @@ Route::group([
         Route::post('unbind-user/{provider}', [Auth\SocialiteAuthController::class, 'unbindUser']);
     });
 
-    Route::middleware(['auth:api'])->group(function () {
+    Route::middleware([
+        'auth:api',
+        \App\Endpoint\Api\Http\Middleware\CheckUserStatus::class,
+    ])->group(function () {
         // 我的信息
         Route::get('me', [UserController::class, 'show']);
         Route::put('me', [UserController::class, 'update']);
diff --git a/app/Models/User.php b/app/Models/User.php
index 4e481af9..c99f856e 100644
--- a/app/Models/User.php
+++ b/app/Models/User.php
@@ -2,6 +2,7 @@
 
 namespace App\Models;
 
+use App\Exceptions\BizException;
 use Dcat\Admin\Traits\HasDateTimeFormatter;
 use Illuminate\Auth\Authenticatable;
 use Illuminate\Contracts\Auth\Access\Authorizable as AuthorizableContract;
@@ -523,4 +524,17 @@ class User extends Model implements AuthorizableContract, AuthenticatableContrac
 
         return $user;
     }
+
+    public function checkStatus()
+    {
+        if (in_array($this->status, [static::STATUS_ACTIVE, static::STATUS_INACTIVATED])) {
+            return;
+        } elseif ($this->status === static::STATUS_FROZEN) {
+            abort(403, '账号已冻结');
+        } elseif ($this->status === static::STATUS_DISABLED) {
+            abort(403, '账号已禁用');
+        }
+
+        abort(403, '账号状态异常');
+    }
 }