diff --git a/server/auth/internal/handler/userresetpasswordhandler.go b/server/auth/internal/handler/userresetpasswordhandler.go
index cd072197..3682e6e5 100644
--- a/server/auth/internal/handler/userresetpasswordhandler.go
+++ b/server/auth/internal/handler/userresetpasswordhandler.go
@@ -14,7 +14,7 @@ import (
 func UserResetPasswordHandler(svcCtx *svc.ServiceContext) http.HandlerFunc {
 	return func(w http.ResponseWriter, r *http.Request) {
 
-		var req types.RequestUserLogin
+		var req types.RequestUserResetPassword
 		userinfo, err := basic.RequestParse(w, r, svcCtx, &req)
 		if err != nil {
 			return
diff --git a/server/auth/internal/logic/userresetpasswordlogic.go b/server/auth/internal/logic/userresetpasswordlogic.go
index a1074861..09cb0fac 100644
--- a/server/auth/internal/logic/userresetpasswordlogic.go
+++ b/server/auth/internal/logic/userresetpasswordlogic.go
@@ -1,6 +1,8 @@
 package logic
 
 import (
+	"fmt"
+	"fusenapi/model/gmodel"
 	"fusenapi/utils/auth"
 	"fusenapi/utils/basic"
 
@@ -10,6 +12,7 @@ import (
 	"fusenapi/server/auth/internal/types"
 
 	"github.com/zeromicro/go-zero/core/logx"
+	"gorm.io/gorm"
 )
 
 type UserResetPasswordLogic struct {
@@ -30,10 +33,41 @@ func NewUserResetPasswordLogic(ctx context.Context, svcCtx *svc.ServiceContext)
 // func (l *UserResetPasswordLogic) BeforeLogic(w http.ResponseWriter, r *http.Request) {
 // }
 
-func (l *UserResetPasswordLogic) UserResetPassword(req *types.RequestUserLogin, userinfo *auth.UserInfo) (resp *basic.Response) {
+func (l *UserResetPasswordLogic) UserResetPassword(req *types.RequestUserResetPassword, userinfo *auth.UserInfo) (resp *basic.Response) {
 	// 返回值必须调用Set重新返回, resp可以空指针调用 resp.SetStatus(basic.CodeOK, data)
 	// userinfo 传入值时, 一定不为null
 
+	if !userinfo.IsUser() {
+		return resp.SetStatus(basic.CodeUnAuth)
+	}
+
+	rt, err := l.svcCtx.ResetTokenManger.Decrypt(req.ResetToken)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatus(basic.CodeOAuthResetTokenDecryptErr, err.Error())
+	}
+
+	// TODO: 存储
+	if rt.OperateType != auth.OpTypeResetToken {
+		return resp.SetStatus(basic.CodeOAuthTypeErr, "error OperateType: rt.OperateType != auth.OpTypeResetToken")
+	}
+
+	err = l.svcCtx.AllModels.FsUser.Transaction(l.ctx, func(tx *gorm.DB) error {
+		user := &gmodel.FsUser{Id: int64(rt.UserId)}
+		err := tx.Take(user).Error
+		if err != nil {
+			return err
+		}
+		if *user.PasswordHash != rt.OldPassword {
+			return fmt.Errorf("password had beed updated")
+		}
+		return tx.Update("PasswordHash", req.Password).Error
+	})
+
+	if err != nil {
+		return resp.SetStatus(basic.CodeDbSqlErr, err.Error())
+	}
+
 	return resp.SetStatus(basic.CodeOK)
 }
 
diff --git a/server/auth/internal/logic/userresettokenlogic.go b/server/auth/internal/logic/userresettokenlogic.go
index cdb04b18..d59926f8 100644
--- a/server/auth/internal/logic/userresettokenlogic.go
+++ b/server/auth/internal/logic/userresettokenlogic.go
@@ -50,13 +50,21 @@ func (l *UserResetTokenLogic) UserResetToken(req *types.RequestUserResetToken, u
 		UserId:      uint64(userinfo.UserId),
 		Wid:         req.Wid,
 		Email:       *user.Email,
-		Password:    *user.PasswordHash,
+		OldPassword: *user.PasswordHash,
 		CreateAt:    time.Now(),
 	}
 
-	l.svcCtx.ResetTokenManger.Encrypt(token)
+	rtoken, err := l.svcCtx.ResetTokenManger.Encrypt(token)
+	if err != nil {
+		logx.Error(err)
+		return resp.SetStatus(basic.CodeOAuthResetTokenEncryptErr, err.Error())
+	}
 
-	return resp.SetStatus(basic.CodeOK)
+	data := types.DataResetToken{
+		ResetToken: rtoken,
+	}
+
+	return resp.SetStatus(basic.CodeOK, data)
 }
 
 // 处理逻辑后 w,r 如:重定向, resp 必须重新处理
diff --git a/server_api/auth.api b/server_api/auth.api
index e3fddf51..2ad36931 100644
--- a/server_api/auth.api
+++ b/server_api/auth.api
@@ -29,7 +29,7 @@ service auth {
 	get /api/auth/reset/token(RequestUserResetToken) returns (response);
 	
 	@handler UserResetPasswordHandler
-	post /api/auth/reset/password(RequestUserLogin) returns (response);
+	post /api/auth/reset/password(RequestUserResetPassword) returns (response);
 }
 
 type (
diff --git a/utils/auth/register.go b/utils/auth/register.go
index bfd59fa7..2beb0962 100644
--- a/utils/auth/register.go
+++ b/utils/auth/register.go
@@ -28,7 +28,7 @@ type ResetToken struct {
 	UserId      uint64    // guest_id 需要继承
 	Wid         string    // websocket 通道id
 	Email       string    // email
-	Password    string    // 密码
+	OldPassword string    // 旧密码
 	CreateAt    time.Time // 创建时间
 }
 
diff --git a/utils/basic/basic.go b/utils/basic/basic.go
index 8ccf7d45..1a4b58f1 100644
--- a/utils/basic/basic.go
+++ b/utils/basic/basic.go
@@ -44,6 +44,9 @@ var (
 	CodeOAuthEmailErr               = &StatusResponse{5072, "Invalid email format"}
 	CodeOAuthRandReaderErr          = &StatusResponse{5073, "rand reader error"}
 	CodeOAuthConfirmationTimeoutErr = &StatusResponse{5074, "confirmation timeout error"}
+	CodeOAuthResetTokenEncryptErr   = &StatusResponse{5075, "oauth2 reset  token encrypt error"}
+	CodeOAuthResetTokenDecryptErr   = &StatusResponse{5076, "oauth2 reset  token decrypt error"}
+	CodeOAuthTypeErr                = &StatusResponse{5077, "oauth2 token operator error"}
 
 	CodeS3PutObjectRequestErr = &StatusResponse{5060, "s3 PutObjectRequest error"}    // s3 PutObjectRequest 错误
 	CodeS3PutSizeLimitErr     = &StatusResponse{5061, "s3 over limit size error"}     // s3 超过文件大小限制 错误