diff --git a/package.json b/package.json
index fbde38b1..5f5b9ad5 100644
--- a/package.json
+++ b/package.json
@@ -58,6 +58,7 @@
     "@ffmpeg.wasm/main": "^0.13.1",
     "@homebridge/node-pty-prebuilt-multiarch": "^0.12.0-beta.5",
     "express": "^5.0.0",
+    "express-rate-limit": "^7.5.0",
     "piscina": "^4.7.0",
     "qrcode-terminal": "^0.12.0",
     "silk-wasm": "^3.6.1",
diff --git a/src/webui/src/router/File.ts b/src/webui/src/router/File.ts
index fb906f03..c282d229 100644
--- a/src/webui/src/router/File.ts
+++ b/src/webui/src/router/File.ts
@@ -1,4 +1,5 @@
 import { Router } from 'express';
+import rateLimit from 'express-rate-limit';
 import {
     ListFilesHandler,
     CreateDirHandler,
@@ -14,13 +15,20 @@ import {
 
 const router = Router();
 
+const apiLimiter = rateLimit({
+    windowMs: 1 * 60 * 1000, // 1分钟内
+    max: 60, // 最大60个请求
+});
+
+router.use(apiLimiter);
+
 router.get('/list', ListFilesHandler);
 router.post('/mkdir', CreateDirHandler);
 router.post('/delete', DeleteHandler);
 router.get('/read', ReadFileHandler);
 router.post('/write', WriteFileHandler);
 router.post('/create', CreateFileHandler);
-router.post('/batchDelete', BatchDeleteHandler); // 添加这一行
+router.post('/batchDelete', BatchDeleteHandler);
 router.post('/rename', RenameHandler);
 router.post('/move', MoveHandler);
 router.post('/batchMove', BatchMoveHandler);