diff --git a/LoongPanel-Asp/ApplicationDbContext.cs b/LoongPanel-Asp/ApplicationDbContext.cs
index 8722cd4..b9963d5 100755
--- a/LoongPanel-Asp/ApplicationDbContext.cs
+++ b/LoongPanel-Asp/ApplicationDbContext.cs
@@ -116,7 +116,7 @@ public class ApplicationDbContext(DbContextOptions<ApplicationDbContext> options
                 NormalizedName = roleName.ToUpperInvariant(),
                 ApiPermissions =
                     ["1","2","3","4","5", "6", "7", "8", "9", "10", "11", "12", "13", "14", "15", "16", "17", "18", "19", "20","21","22","23","24","25","26","27","28","29","30","31","32","33","34","35"],
-                RouterPermissions = ["1", "2", "3", "4","5","6","7","8","9","10","11","12","13","14","15","16"]
+                RouterPermissions = ["1", "3", "4","5","6","7","8","9","10","11","12","13","14","15","16"]
             });
         }
         
diff --git a/LoongPanel-Asp/Controllers/AccountController.cs b/LoongPanel-Asp/Controllers/AccountController.cs
index a9296e6..b483dc5 100755
--- a/LoongPanel-Asp/Controllers/AccountController.cs
+++ b/LoongPanel-Asp/Controllers/AccountController.cs
@@ -81,6 +81,17 @@ public class AccountController(
                 user.Id
             });
         }
+        //创建修改密码令牌
+        var tokenPassword = await userManager.GeneratePasswordResetTokenAsync(user);
+        if (user.PasswordExpiredDate == null || user.PasswordExpiredDate < DateTimeOffset.Now)
+        {
+            //返回402
+            return StatusCode(402,new
+            {
+                tokenPassword,
+                user.Id,
+            });
+        }
         var roles = await userManager.GetRolesAsync(user);
         var roleId = roles.ToList()[0]; // 直接获取角色ID列表
         var claimsIdentity = new ClaimsIdentity(new[]
@@ -90,16 +101,7 @@ public class AccountController(
             new Claim(ClaimTypes.Role, roleId.ToLower()) // 将角色ID列表转换为逗号分隔的字符串
         });
         var token = tokenHelper.GenerateToken(claimsIdentity);
-        if (user.PasswordExpiredDate == null || user.PasswordExpiredDate < DateTimeOffset.Now)
-        {
-            //返回402
-            return StatusCode(402,new
-            {
-                token,
-                user.Id,
-            });
-        }
-
+        
         return Ok(new
         {
             user.NickName,
@@ -128,32 +130,14 @@ public class AccountController(
         return Ok("邮件已发送");
     }
     [HttpGet("ChangePassword")]
-    public async Task<IActionResult> ChangePassword([FromQuery] string currentPassword,[FromQuery] string newPassword)
+    public async Task<IActionResult> ChangePassword([FromQuery] string userId, [FromQuery] string token,[FromQuery] string newPassword)
     {
         // 获取当前经过身份验证的用户
-        var authenticatedUser = await userManager.GetUserAsync(HttpContext.User);
-    
+        var authenticatedUser = await userManager.FindByIdAsync(userId);
         if (authenticatedUser == null)
         {
-            return BadRequest("用户未登录");
+            return BadRequest("用户不存在");
         }
-
-        // 检查当前密码是否正确
-        var isCurrentPasswordValid = await userManager.CheckPasswordAsync(authenticatedUser, currentPassword);
-        if (!isCurrentPasswordValid)
-        {
-            return BadRequest("当前密码不正确");
-        }
-
-        // 检查新密码是否与旧密码相同
-        if (currentPassword == newPassword)
-        {
-            return BadRequest("新密码不能与旧密码相同");
-        }
-
-        // 生成密码重置令牌
-        var token = await userManager.GeneratePasswordResetTokenAsync(authenticatedUser);
-
         // 重置密码
         var result = await userManager.ResetPasswordAsync(authenticatedUser, token, newPassword);
 
diff --git a/LoongPanel-Asp/Controllers/RoteController.cs b/LoongPanel-Asp/Controllers/RoteController.cs
index 6c9e2f8..a2dd959 100755
--- a/LoongPanel-Asp/Controllers/RoteController.cs
+++ b/LoongPanel-Asp/Controllers/RoteController.cs
@@ -21,10 +21,15 @@ public class RoteController(
         var rotes = role!.RouterPermissions.ToList();
         //获取路由列表
         var apiPermissions = dbContext.RotePermissions.ToList().Where(x => rotes.Any(y => y == x.Id.ToString())).Select(x=>x.Router).ToList();
+        //如果rotes 中包括* 
+        if (rotes.Contains("*"))
+        {
+            return Ok("权限验证通过");
+        }
         //将path全部小写
         path = path.ToLower();
         //使用正则匹配
         var firstOrDefault = apiPermissions.FirstOrDefault(x => Regex.IsMatch(path,x));
-        return Ok(firstOrDefault != null ? new ApiResponse(ApiResponseState.Success) : new ApiResponse(ApiResponseState.Forbidden));
+        return Ok(firstOrDefault != null ?  Ok("权限验证通过") : Unauthorized("你不具有访问此资源的权力"));
     }
 }
\ No newline at end of file
diff --git a/LoongPanel-Asp/LoongPanel-Asp.csproj b/LoongPanel-Asp/LoongPanel-Asp.csproj
index 805ab29..52adf0a 100755
--- a/LoongPanel-Asp/LoongPanel-Asp.csproj
+++ b/LoongPanel-Asp/LoongPanel-Asp.csproj
@@ -43,9 +43,6 @@
         <None Update="app.db">
           <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
         </None>
-        <None Update="apptemp.db">
-          <CopyToOutputDirectory>Never</CopyToOutputDirectory>
-        </None>
     </ItemGroup>
 
     <ItemGroup>
diff --git a/LoongPanel-Asp/Properties/launchSettings.json b/LoongPanel-Asp/Properties/launchSettings.json
index d43adb8..07f55f2 100755
--- a/LoongPanel-Asp/Properties/launchSettings.json
+++ b/LoongPanel-Asp/Properties/launchSettings.json
@@ -14,7 +14,7 @@
       "dotnetRunMessages": true,
       "launchBrowser": false,
       "launchUrl": "swagger",
-      "applicationUrl": "http://192.168.0.13:5253",
+      "applicationUrl": "http://127.0.0.1:5000",
       "environmentVariables": {
         "ASPNETCORE_ENVIRONMENT": "Development"
       }
diff --git a/LoongPanel-Asp/appsettings.json b/LoongPanel-Asp/appsettings.json
index eb177b1..921d13d 100755
--- a/LoongPanel-Asp/appsettings.json
+++ b/LoongPanel-Asp/appsettings.json
@@ -20,5 +20,5 @@
   "Secret": "p4Qzf/+GPP/XNLalZGCzwlelOl6skiFZscj6iZ6rZZE=",
   "Issuer": "LoongPanel",
   "Audience": "LoongPanel",
-  "PubLicApi": "/Api/Account/Login;/Api/Account/VerifyEmail;/Api/Account/ForgotPassword;/Api/Account/ResetPassword;"
+  "PubLicApi": "/Api/Account/Login;/Api/Account/VerifyEmail;/Api/Account/ForgotPassword;/Api/Account/ResetPassword;/Api/Account/ChangePassword"
 }
diff --git a/LoongPanel-Asp/apptemp.db b/LoongPanel-Asp/apptemp.db
index c5ea5ea..1fef4b3 100644
Binary files a/LoongPanel-Asp/apptemp.db and b/LoongPanel-Asp/apptemp.db differ
diff --git a/web/middleware/auth.ts b/web/middleware/auth.ts
index fe5ef93..b54db43 100755
--- a/web/middleware/auth.ts
+++ b/web/middleware/auth.ts
@@ -1,9 +1,7 @@
-import type {HttpType} from "~/types/baseType";
 import {defineNuxtRouteMiddleware} from "#app";
 import {useToast} from 'vue-toastification'
 
-interface RouteBackType extends HttpType<any> {
-}
+
 
 export default defineNuxtRouteMiddleware(async (to, from) => {
     const toast = useToast();
@@ -21,9 +19,8 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
 
     // 获取当前导航路径
     const currentPath = to.path;
-
     try {
-        const response = await $fetch('/Api/Rote/RoteVerify', {
+        await $fetch('/Api/Rote/RoteVerify', {
             method: 'GET',
             headers: {
                 'Authorization': 'Bearer ' + token
@@ -31,27 +28,10 @@ export default defineNuxtRouteMiddleware(async (to, from) => {
             baseURL: runtimeConfig.public.baseUrl,
             params: {'path': currentPath}
         });
-
-        // 直接从响应中获取状态码
-        const data = response as HttpType<any>;
-        if (data.code !== 200) {
-            toast.error('未登录', {timeout: 3000})
-
-            if (data.code === 403) {
-                if (to.path === from.path) {
-                    return navigateTo("/Home");
-                }
-                return navigateTo(from.path);
-            }
-
-            return navigateTo("/SignIn");
-        }
-    } catch (error) {
-        // 处理错误情况
-        console.error('请求验证路由时发生错误:', error);
-        toast.error('请求错误', {timeout: 3000})
-        return navigateTo("/SignIn");
+        // 如果验证成功，继续导航
+        return true;
+    } catch (err) {
+        toast.error('权限不足', {timeout: 3000});
+        return navigateTo("/error/403");
     }
-
-    return true;
 });
diff --git a/web/pages/changePassword/[[id]].vue b/web/pages/changePassword.vue
similarity index 86%
rename from web/pages/changePassword/[[id]].vue
rename to web/pages/changePassword.vue
index ea7a081..c4bc748 100644
--- a/web/pages/changePassword/[[id]].vue
+++ b/web/pages/changePassword.vue
@@ -1,7 +1,6 @@
 <script setup lang="ts">
 definePageMeta({
   layout: 'login',
-  middleware: ['auth']
 })
 //导入yup
 import * as yup from 'yup'
@@ -9,16 +8,13 @@ import {useToast} from "vue-toastification";
 import Vcode from 'vue3-puzzle-vcode';
 //创建表单
 const form = reactive({
-  currentPassword:'',
   password: '',
   confirmPassword: ''
 })
+const userId = useRoute().query.id;
 const isShow=ref(false);
 const toast=useToast()
 const schema = yup.object().shape({
-  currentPassword:yup.string()
-      .required('密码为必填项')
-      .min(8, '密码至少需要8个字符'),
   password: yup.string()
       .required('密码为必填项')
       .min(8, '密码至少需要8个字符')
@@ -53,16 +49,14 @@ const onSuccess=()=>{
   $fetch('/Api/Account/ChangePassword', {
     method: 'GET',
     params:{
-      CurrentPassword:form.currentPassword,
+      userId:userId,
       NewPassword:form.password,
-    },
-    headers: {
-      'Authorization': 'Bearer ' + useCookie('token').value
+      token:useCookie('tokenPassword').value??""
     },
     baseURL: useRuntimeConfig().public.baseUrl,
   }).then((res) => {
     //清除临时token
-    useCookie('token').value = ""
+    useCookie('tokenPassword').value = ""
     toast.success(res)
     setTimeout(()=>{
       navigateTo("/SignIn")
@@ -79,15 +73,11 @@ const onSuccess=()=>{
 <div class="change-password-layout">
   <Vcode :show="isShow" @success="onSuccess"/>
   <NuxtLink href="/signIn">< 返回</NuxtLink>
-  <div class="info">
+  <div class="info" v-if="userId">
     <h1>修改你的密码 👍</h1>
     <h2>当前账号密码已过期,请重新设置以继续登录</h2>
-  </div>
-  <form class="form-box" @submit.prevent="handleSubmit">
-    <div class="form-item">
-      <label>当前密码</label>
-      <input placeholder="最少8位" required type="password" minlength="8" v-model="form.currentPassword">
-    </div>
+  </div >
+  <form class="form-box" @submit.prevent="handleSubmit" v-if="userId">
     <div class="form-item">
       <label>新的密码</label>
       <input placeholder="最少8位" required type="password" minlength="8" v-model="form.password">
@@ -98,11 +88,12 @@ const onSuccess=()=>{
     </div>
     <button type="submit">提交</button>
   </form>
+  <h1 v-else>！错误的请求</h1>
 </div>
 </template>
 
 <style scoped lang="scss">
-@import "base";
+@import "../base";
 .change-password-layout{
   display: grid;
   grid-template-rows: repeat(3,auto);
diff --git a/web/pages/signIn.vue b/web/pages/signIn.vue
index aa46301..cfa64dd 100755
--- a/web/pages/signIn.vue
+++ b/web/pages/signIn.vue
@@ -60,11 +60,17 @@ const onSuccess = () => {
       return
     }
     if(err.response.status===402){
-      toast.error('登录失败，密码过期,请修改密码')
+      toast.info('登录失败，密码过期,请修改密码')
       const data=err.response._data
-      useCookie('token').value =data.token;
+      useCookie('tokenPassword').value =data.tokenPassword;
       setTimeout(()=>{
-        navigateTo(`/changePassword/${data.id}`)
+        navigateTo({
+          path:'/changePassword',
+          query:{
+            id:data.id
+          }
+
+        })
       },2000)
       return
     }