diff --git a/common/config.py b/common/config.py
index d11dbbe..a52f58d 100644
--- a/common/config.py
+++ b/common/config.py
@@ -124,7 +124,7 @@ default = {
             "enable": False,
             "_enable-desc": "是否开启请求key，开启后只有请求头中包含key，且值一样时可以访问API",
             "ban": True,
-            "value": "114514",
+            "values": ["114514"],
         },
         "whitelist_host": [
             "localhost",
diff --git a/common/lx_script.py b/common/lx_script.py
index 40fd5f4..512751a 100644
--- a/common/lx_script.py
+++ b/common/lx_script.py
@@ -68,7 +68,7 @@ async def get_script():
         logger.warning('请求源脚本内容失败')
 
 async def generate_script_response(request):
-    if (request.query.get('key') != config.read_config('security.key.value') and config.read_config('security.key.enable')):
+    if (request.query.get('key') not in config.read_config('security.key.values') and config.read_config('security.key.enable')):
         return {'code': 6, 'msg': 'key验证失败', 'data': None}, 403
     try:
         with open('./lx-music-source-example.js', 'r', encoding='utf-8') as f:
@@ -83,13 +83,13 @@ async def generate_script_response(request):
         if (line.startswith('const API_URL')):
             newScriptLines.append(f'''const API_URL = "{'https' if config.read_config('common.ssl_info.is_https') else 'http'}://{request.host}"''')
         elif (line.startswith('const API_KEY')):
-            newScriptLines.append(f'const API_KEY = "{config.read_config("security.key.value")}"')
+            newScriptLines.append(f"""const API_KEY = `{request.query.get("key") if request.query.get("key") else ''''''}`""")
         elif (line.startswith("* @name")):
             newScriptLines.append(" * @name " + config.read_config("common.download_config.name"))
         elif (line.startswith("* @description")):
             newScriptLines.append(" * @description " + config.read_config("common.download_config.intro"))
         elif (line.startswith("* @author")):
-            newScriptLines.append((" * @author helloplhm-qwq & Folltoshe & " + config.read_config("common.download_config.author")) if config.read_config("common.download_config.author") else " * @author helloplhm-qwq & Folltoshe")
+            newScriptLines.append(" * @author " + config.read_config("common.download_config.author"))
         elif (line.startswith("* @version")):
             newScriptLines.append(" * @version " + config.read_config("common.download_config.version"))
         elif (line.startswith("const DEV_ENABLE ")):
diff --git a/main.py b/main.py
index 71436a9..ae271a9 100644
--- a/main.py
+++ b/main.py
@@ -126,7 +126,7 @@ async def handle(request):
     songId = request.match_info.get('songId')
     quality = request.match_info.get('quality')
     if (config.read_config("security.key.enable") and request.host.split(':')[0] not in config.read_config('security.whitelist_host')):
-        if (request.headers.get("X-Request-Key")) != config.read_config("security.key.value"):
+        if (request.headers.get("X-Request-Key")) not in config.read_config("security.key.values"):
             if (config.read_config("security.key.ban")):
                 config.ban_ip(request.remote_addr)
             return handleResult({"code": 1, "msg": "key验证失败", "data": None}, 403)