diff --git a/app/api/admin/users/[[...path]]/route.ts b/app/api/admin/users/[[...path]]/route.ts
index 9f8e8268a..4a53239f0 100644
--- a/app/api/admin/users/[[...path]]/route.ts
+++ b/app/api/admin/users/[[...path]]/route.ts
@@ -51,7 +51,22 @@ async function handle(
             },
           });
       const count = result.length;
-      return NextResponse.json({ count: count, results: result });
+      return NextResponse.json({
+        count: count,
+        results: result.map((item) => {
+          return {
+            id: item.id,
+            name: item.name,
+            username: item.username,
+            gh_username: item.gh_username,
+            image: item.image,
+            email: item.email,
+            emailVerified: item.emailVerified,
+            createdAt: item.createdAt,
+            updatedAt: item.updatedAt,
+          };
+        }),
+      });
     } catch {}
     return NextResponse.json({ error: "未知错误" }, { status: 500 });
   }
diff --git a/app/app/(auth)/login/user-login-button.tsx b/app/app/(auth)/login/user-login-button.tsx
index 4862ce310..d54b0a04b 100644
--- a/app/app/(auth)/login/user-login-button.tsx
+++ b/app/app/(auth)/login/user-login-button.tsx
@@ -8,11 +8,16 @@ export default function UserLoginButton() {
   const [loading, setLoading] = useState(false);
 
   const nameInput = useRef<HTMLInputElement>(null);
+  const passwordInput = useRef<HTMLInputElement>(null);
   const emailInput = useRef<HTMLInputElement>(null);
   const [username, setUsername] = useState("");
+  const [password, setPassword] = useState("");
+
   const [error, setError] = useState(false);
 
-  const handleComposition = (e: React.CompositionEvent<HTMLInputElement>) => {
+  const handleNameComposition = (
+    e: React.CompositionEvent<HTMLInputElement>,
+  ) => {
     if (e.type === "compositionend") {
       setUsername(e.currentTarget.value);
     }
@@ -23,6 +28,12 @@ export default function UserLoginButton() {
     }
     setUsername(e.target.value);
   };
+  const onPasswordChange = (e: React.ChangeEvent<HTMLInputElement>) => {
+    if ((e.nativeEvent as InputEvent).isComposing) {
+      return;
+    }
+    setPassword(e.target.value);
+  };
   const onSubmitHandler = async (e: React.FormEvent<HTMLFormElement>) => {
     // handle yow submition
     setLoading(true);
@@ -40,6 +51,7 @@ export default function UserLoginButton() {
     } else {
       result = await signIn("credentials", {
         username: username,
+        password: password,
         redirect: false,
       });
     }
@@ -93,7 +105,7 @@ export default function UserLoginButton() {
                 ref={nameInput}
                 // value={username}
                 onCompositionStart={(e) => e.preventDefault()}
-                onCompositionEnd={handleComposition}
+                onCompositionEnd={handleNameComposition}
                 onChange={onNameChange}
                 // required
                 placeholder="输入姓名、拼音或邮箱"
@@ -109,6 +121,29 @@ export default function UserLoginButton() {
                   }
                 `}
               />
+              <input
+                id="password"
+                name="password"
+                type="password"
+                ref={passwordInput}
+                value={password}
+                // onCompositionStart={(e) => e.preventDefault()}
+                // onCompositionEnd={handleComposition}
+                onChange={onPasswordChange}
+                // required
+                placeholder="密码验证，测试阶段"
+                className={`${
+                  loading
+                    ? "cursor-not-allowed bg-stone-50 dark:bg-stone-800"
+                    : "bg-white hover:bg-stone-50 active:bg-stone-100 dark:bg-black dark:hover:border-white dark:hover:bg-black"
+                } group my-2 flex h-10 w-full items-center justify-center space-x-2 rounded-md border border-stone-200 transition-colors duration-75 focus:outline-none dark:border-stone-700
+                  ${
+                    error
+                      ? "focus:invalid:border-red-500 focus:invalid:ring-red-500"
+                      : ""
+                  }
+                `}
+              />
               <input
                 id="email"
                 name="email"
diff --git a/lib/auth.ts b/lib/auth.ts
index 279bcceeb..ba0d4b4c6 100644
--- a/lib/auth.ts
+++ b/lib/auth.ts
@@ -7,7 +7,7 @@ import prisma from "@/lib/prisma";
 import { User } from "@prisma/client";
 import {ADMIN_LIST, isEmail, isName} from "@/lib/auth_list";
 import {createTransport} from "nodemailer";
-
+import { comparePassword, hashPassword } from "@/lib/utils";
 const SECURE_COOKIES:boolean = !!process.env.SECURE_COOKIES;
 
 
@@ -73,13 +73,14 @@ export const authOptions: NextAuthOptions = {
             // You can pass any HTML attribute to the <input> tag through the object.
             credentials: {
                 username: { label: "Username", type: "text", placeholder: "输入姓名或邮箱" },
-                // password: { label: "Password", type: "password" }
+                password: { label: "Password", type: "password", placeholder: "密码验证，测试阶段" }
             },
             // @ts-ignore
             async authorize(credential, req) {
                 const username = cleanUpString(`${credential?.username}`);
+                const password = cleanPassword(`${credential?.password}`);
                 // 验证用户名
-                // console.log(credential, username, '==============3')
+                console.log(credential, 'p', password, '==============3')
                 // 判断姓名格式是否符合要求，不符合则拒绝
                 if (username && isName(username)) {
                     // Any object returned will be saved in `user` property of the JWT
@@ -89,6 +90,12 @@ export const authOptions: NextAuthOptions = {
                     } else {
                         user['name'] = username;
                     }
+                    if (password) {
+                      user['password'] = password;
+                      // 如果有密码，则启用密码验证，查询数据库，否则失败
+                      return await validatePassword(user);
+                    }
+
                     return await insertUser(user) ?? user
                 } else {
                     // If you return null then an error will be displayed advising the user to check their details.
@@ -183,76 +190,37 @@ export async function VerifiedAdminUser() {
     return !!(name && ADMIN_LIST.includes(name));
 }
 
-// export function withSiteAuth(action: any) {
-//     return async (
-//         formData: FormData | null,
-//         siteId: string,
-//         key: string | null,
-//     ) => {
-//         const session = await getSession();
-//         if (!session) {
-//             return {
-//                 error: "Not authenticated",
-//             };
-//         }
-//         const site = await prisma.site.findUnique({
-//             where: {
-//                 id: siteId,
-//             },
-//         });
-//         if (!site || site.userId !== session.user.id) {
-//             return {
-//                 error: "Not authorized",
-//             };
-//         }
-//
-//         return action(formData, site, key);
-//     };
-// }
-//
-// export function withPostAuth(action: any) {
-//     return async (
-//         formData: FormData | null,
-//         postId: string,
-//         key: string | null,
-//     ) => {
-//         const session = await getSession();
-//         if (!session?.user.id) {
-//             return {
-//                 error: "Not authenticated",
-//             };
-//         }
-//         const post = await prisma.post.findUnique({
-//             where: {
-//                 id: postId,
-//             },
-//             include: {
-//                 site: true,
-//             },
-//         });
-//         if (!post || post.userId !== session.user.id) {
-//             return {
-//                 error: "Post not found",
-//             };
-//         }
-//
-//         return action(formData, post, key);
-//     };
-// }
+export async function validatePassword(user: {[key: string]: string}): Promise<User | void> {
+
+  const existingUser = await existUser(user);
+  console.log('------', 'existUser', existUser)
+
+  if (!existingUser) {
+    throw new Error("用户名或密码不正确");
+  }
+  if (existingUser.password == null) {
+    throw new Error("未设置密码");
+  }
+  if (!comparePassword(user.passowrd, existingUser.password)) {
+    throw new Error("用户名或密码不正确")
+  } else {
+    return existingUser;
+  }
+}
 
 async function existUser(user: {[key: string]: string} | User ) {
-    const conditions = [];
-    if (user?.name) {
-        conditions.push({ name: user.name });
-    }
-    if (user?.email) {
-        conditions.push({ email: user.email });
-    }
-    return conditions.length ? await prisma.user.findFirst({
-        where: {
-            AND: conditions,
-        },
-    }) : null
+  const conditions = [];
+  if (user?.name) {
+    conditions.push({ name: user.name });
+  }
+  if (user?.email) {
+    conditions.push({ email: user.email });
+  }
+  return conditions.length ? await prisma.user.findFirst({
+    where: {
+      AND: conditions,
+    },
+  }) : null
 }
 
 export async function insertUser(user: {[key: string]: string}) {
@@ -287,6 +255,15 @@ function cleanUpString(input: string): string {
     }
 }
 
+function cleanPassword(input: string): string {
+  try {
+    // 去除前后空格
+    return input.trim()
+  }
+  catch {
+    return '';
+  }
+}