diff --git a/src/main/java/com/imyeyu/api/modules/common/bean/SettingKey.java b/src/main/java/com/imyeyu/api/modules/common/bean/SettingKey.java
index e63121a..e02fb86 100644
--- a/src/main/java/com/imyeyu/api/modules/common/bean/SettingKey.java
+++ b/src/main/java/com/imyeyu/api/modules/common/bean/SettingKey.java
@@ -139,6 +139,10 @@ public enum SettingKey {
 
 	JOURNAL_APP_SECRET,
 
+	JOURNAL_MEMO,
+
+	JOURNAL_OPEN_ID_WHITE_LIST,
+
 	// ---------- 临时文件 ----------
 
 	/** 临时文件最小缓存时间 */
diff --git a/src/main/java/com/imyeyu/api/modules/common/service/SettingService.java b/src/main/java/com/imyeyu/api/modules/common/service/SettingService.java
index edd6027..ebbc417 100644
--- a/src/main/java/com/imyeyu/api/modules/common/service/SettingService.java
+++ b/src/main/java/com/imyeyu/api/modules/common/service/SettingService.java
@@ -4,9 +4,9 @@ import com.google.gson.JsonArray;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.reflect.TypeToken;
-import com.imyeyu.java.bean.timi.TimiException;
 import com.imyeyu.api.modules.common.bean.SettingKey;
 import com.imyeyu.api.modules.common.entity.Setting;
+import com.imyeyu.java.bean.timi.TimiException;
 import com.imyeyu.spring.service.UpdatableService;
 
 import java.util.Arrays;
diff --git a/src/main/java/com/imyeyu/api/modules/common/service/implement/SettingServiceImplement.java b/src/main/java/com/imyeyu/api/modules/common/service/implement/SettingServiceImplement.java
index a81f84d..67dd508 100644
--- a/src/main/java/com/imyeyu/api/modules/common/service/implement/SettingServiceImplement.java
+++ b/src/main/java/com/imyeyu/api/modules/common/service/implement/SettingServiceImplement.java
@@ -46,6 +46,12 @@ public class SettingServiceImplement extends AbstractEntityService<Setting, Stri
 		return mapper;
 	}
 
+	@Override
+	public void update(Setting setting) {
+		super.update(setting);
+		clearCache(setting.getKey());
+	}
+
 	public Setting getByKey(SettingKey key) {
 		if (key == null) {
 			throw new TimiException(TimiCode.ARG_MISS).msgKey("key can not be null");
diff --git a/src/main/java/com/imyeyu/api/modules/journal/bean/RequiredUploadPermission.java b/src/main/java/com/imyeyu/api/modules/journal/bean/RequiredUploadPermission.java
new file mode 100644
index 0000000..461b13b
--- /dev/null
+++ b/src/main/java/com/imyeyu/api/modules/journal/bean/RequiredUploadPermission.java
@@ -0,0 +1,8 @@
+package com.imyeyu.api.modules.journal.bean;
+
+/**
+ * @author 夜雨
+ * @since 2026-01-29 10:59
+ */
+public @interface RequiredUploadPermission {
+}
diff --git a/src/main/java/com/imyeyu/api/modules/journal/controller/JournalController.java b/src/main/java/com/imyeyu/api/modules/journal/controller/JournalController.java
index 35c593a..57166bc 100644
--- a/src/main/java/com/imyeyu/api/modules/journal/controller/JournalController.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/JournalController.java
@@ -7,8 +7,10 @@ import com.imyeyu.api.modules.common.bean.SettingKey;
 import com.imyeyu.api.modules.common.entity.Attachment;
 import com.imyeyu.api.modules.common.service.AttachmentService;
 import com.imyeyu.api.modules.common.service.SettingService;
+import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.api.modules.journal.entity.Journal;
 import com.imyeyu.api.modules.journal.service.JournalService;
+import com.imyeyu.api.modules.journal.util.JournalAPIInterceptor;
 import com.imyeyu.api.modules.journal.vo.journal.ArchiveRequest;
 import com.imyeyu.api.modules.journal.vo.journal.JournalRequest;
 import com.imyeyu.api.modules.journal.vo.journal.JournalResponse;
@@ -52,6 +54,8 @@ public class JournalController {
 	private final SettingService settingService;
 	private final AttachmentService attachmentService;
 
+	private final JournalAPIInterceptor apiInterceptor;
+
 	/**
 	 * 初始化用户 OpenId
 	 *
@@ -76,6 +80,11 @@ public class JournalController {
 		}
 	}
 
+	@PostMapping("/can-upload")
+	public boolean canUpload() {
+		return apiInterceptor.canUploadKey();
+	}
+
 	@AOPLog
 	@RequestRateLimit
 	@RequestMapping("/{id}")
@@ -103,6 +112,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/create")
 	public void create(@RequestBody JournalRequest request) {
 		service.create(request);
@@ -115,6 +125,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/update")
 	public void update(@RequestBody @Valid UpdateRequest request) {
 		service.update(request);
@@ -126,6 +137,7 @@ public class JournalController {
 	 * @param id 记录 ID
 	 */
 	@AOPLog
+	@RequiredUploadPermission
 	@PostMapping("/delete")
 	public void delete(@RequestSingleParam Long id) {
 		service.delete(id);
@@ -213,6 +225,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/moment/create")
 	public List<Attachment> createMoment(@RequestBody String[] tempFileIds) {
 		return service.createMoment(tempFileIds);
@@ -260,6 +273,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/moment/delete")
 	public void deleteMoment(@RequestBody Long[] thumbIds) {
 		service.deleteMoment(thumbIds);
@@ -272,6 +286,7 @@ public class JournalController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/moment/archive")
 	public void archiveMoment(@RequestBody ArchiveRequest request) {
 		service.archiveMoment(request);
diff --git a/src/main/java/com/imyeyu/api/modules/journal/controller/ToolController.java b/src/main/java/com/imyeyu/api/modules/journal/controller/ToolController.java
new file mode 100644
index 0000000..f495a79
--- /dev/null
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/ToolController.java
@@ -0,0 +1,39 @@
+package com.imyeyu.api.modules.journal.controller;
+
+import com.imyeyu.api.modules.common.bean.SettingKey;
+import com.imyeyu.api.modules.common.entity.Setting;
+import com.imyeyu.api.modules.common.service.SettingService;
+import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
+import com.imyeyu.spring.annotation.RequestSingleParam;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * @author 夜雨
+ * @since 2026-01-28 11:36
+ */
+@Slf4j
+@RestController
+@RequiredArgsConstructor
+@RequestMapping("/journal/tool")
+public class ToolController {
+
+	private final SettingService settingService;
+
+	@GetMapping("/memo")
+	public String getMemo() {
+		return settingService.getAsString(SettingKey.JOURNAL_MEMO);
+	}
+
+	@RequiredUploadPermission
+	@PostMapping("/memo/update")
+	public void updateMemo(@RequestSingleParam String data) {
+		Setting setting = settingService.getByKey(SettingKey.JOURNAL_MEMO);
+		setting.setValue(data);
+		settingService.update(setting);
+	}
+}
diff --git a/src/main/java/com/imyeyu/api/modules/journal/controller/TravelController.java b/src/main/java/com/imyeyu/api/modules/journal/controller/TravelController.java
index 0f8a684..2dfc2eb 100644
--- a/src/main/java/com/imyeyu/api/modules/journal/controller/TravelController.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/TravelController.java
@@ -1,6 +1,6 @@
 package com.imyeyu.api.modules.journal.controller;
 
-import com.imyeyu.api.modules.common.service.AttachmentService;
+import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.api.modules.journal.entity.Travel;
 import com.imyeyu.api.modules.journal.service.TravelService;
 import com.imyeyu.spring.annotation.AOPLog;
@@ -31,7 +31,6 @@ import org.springframework.web.bind.annotation.RestController;
 public class TravelController {
 
 	private final TravelService service;
-	private final AttachmentService attachmentService;
 
 	/**
 	 * 创建旅行计划
@@ -40,6 +39,7 @@ public class TravelController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/create")
 	public void create(@RequestBody @Valid Travel travel) {
 		service.create(travel);
@@ -52,6 +52,7 @@ public class TravelController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/update")
 	public void update(@RequestBody @Valid Travel travel) {
 		service.update(travel);
@@ -64,6 +65,7 @@ public class TravelController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/delete")
 	public void delete(@RequestSingleParam Long id) {
 		service.delete(id);
diff --git a/src/main/java/com/imyeyu/api/modules/journal/controller/TravelLocationController.java b/src/main/java/com/imyeyu/api/modules/journal/controller/TravelLocationController.java
index a9c4abe..fbd4dfc 100644
--- a/src/main/java/com/imyeyu/api/modules/journal/controller/TravelLocationController.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/controller/TravelLocationController.java
@@ -4,6 +4,7 @@ import com.imyeyu.api.bean.PreviewPage;
 import com.imyeyu.api.modules.common.bean.MediaAttach;
 import com.imyeyu.api.modules.common.entity.Attachment;
 import com.imyeyu.api.modules.common.service.AttachmentService;
+import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.api.modules.journal.entity.TravelLocation;
 import com.imyeyu.api.modules.journal.service.TravelLocationService;
 import com.imyeyu.spring.annotation.AOPLog;
@@ -45,6 +46,7 @@ public class TravelLocationController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/create")
 	public void create(@RequestBody @Valid TravelLocation location) {
 		service.create(location);
@@ -57,6 +59,7 @@ public class TravelLocationController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/update")
 	public void update(@RequestBody @Valid TravelLocation location) {
 		service.update(location);
@@ -69,6 +72,7 @@ public class TravelLocationController {
 	 */
 	@AOPLog
 	@RequestRateLimit
+	@RequiredUploadPermission
 	@PostMapping("/delete")
 	public void delete(@RequestSingleParam Long id) {
 		service.delete(id);
diff --git a/src/main/java/com/imyeyu/api/modules/journal/util/JournalAPIInterceptor.java b/src/main/java/com/imyeyu/api/modules/journal/util/JournalAPIInterceptor.java
index cefeeb3..1bcd906 100644
--- a/src/main/java/com/imyeyu/api/modules/journal/util/JournalAPIInterceptor.java
+++ b/src/main/java/com/imyeyu/api/modules/journal/util/JournalAPIInterceptor.java
@@ -2,6 +2,7 @@ package com.imyeyu.api.modules.journal.util;
 
 import com.imyeyu.api.modules.common.bean.SettingKey;
 import com.imyeyu.api.modules.common.service.SettingService;
+import com.imyeyu.api.modules.journal.bean.RequiredUploadPermission;
 import com.imyeyu.java.TimiJava;
 import com.imyeyu.java.bean.timi.TimiCode;
 import com.imyeyu.java.bean.timi.TimiException;
@@ -13,8 +14,11 @@ import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.lang.NonNull;
 import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
 import org.springframework.web.servlet.HandlerInterceptor;
 
+import java.util.Set;
+
 /**
  * @author 夜雨
  * @version 2023-11-23 17:09
@@ -28,20 +32,34 @@ public class JournalAPIInterceptor implements HandlerInterceptor {
 
 	private final SettingService settingService;
 
-	private String[] keys;
+	private Set<String> keys, openIds;
 
 	@PostConstruct
 	private void postConstruct() {
-		keys = settingService.getAsString(SettingKey.JOURNAL_KEY).split(",");
+		keys = Set.of(settingService.getAsString(SettingKey.JOURNAL_KEY).split(","));
+		openIds = Set.of(settingService.getAsString(SettingKey.JOURNAL_OPEN_ID_WHITE_LIST).split(","));
 	}
 
 	public boolean preHandle(@NonNull HttpServletRequest req, @NonNull HttpServletResponse resp, @NonNull Object handler) {
-		String key = TimiJava.firstNotEmpty(TimiSpring.getHeader("Key"), TimiSpring.getRequestArg("key"));
-		for (int i = 0; i < keys.length; i++) {
-			if (keys[i].equals(key)) {
-				return true;
-			}
+		boolean requiredUploadPermission = false;
+		if (handler instanceof HandlerMethod handlerMethod) {
+			requiredUploadPermission = handlerMethod.getMethodAnnotation(RequiredUploadPermission.class) != null;
 		}
-		throw new TimiException(TimiCode.PERMISSION_MISS).msgKey("invalid.key");
+		if (!canAccess()) {
+			throw new TimiException(TimiCode.PERMISSION_MISS).msgKey("invalid.key");
+		}
+		return !requiredUploadPermission || canUploadKey();
+	}
+
+	public boolean canAccess() {
+		String reqKey = TimiJava.defaultIfEmpty(TimiSpring.getHeader("Key"), TimiSpring.getRequestArg("key"));
+		return keys.contains(reqKey);
+	}
+
+	public boolean canUploadKey() {
+		String reqKey = TimiJava.defaultIfEmpty(TimiSpring.getHeader("Key"), TimiSpring.getRequestArg("key"));
+//		String reqOpenId = TimiJava.defaultIfEmpty(TimiSpring.getHeader("OpenId"), TimiSpring.getRequestArg("openid"));
+//		return canAccess() && reqKey.startsWith("i") && openIds.contains(reqOpenId);
+		return canAccess() && reqKey.startsWith("i");
 	}
 }
diff --git a/src/test/java/test/Test.java b/src/test/java/test/Test.java
index b820cc4..c15e0d0 100644
--- a/src/test/java/test/Test.java
+++ b/src/test/java/test/Test.java
@@ -1,6 +1,5 @@
 package test;
 
-import com.imyeyu.io.IOSize;
 import com.imyeyu.utils.Text;
 import com.imyeyu.utils.Time;