diff --git a/backend/middlewares/auth.go b/backend/middlewares/auth.go
index 1600c0e2..977fea78 100644
--- a/backend/middlewares/auth.go
+++ b/backend/middlewares/auth.go
@@ -1,28 +1,53 @@
 package middlewares
 
 import (
+	"crawlab/constants"
 	"crawlab/routes"
 	"crawlab/services"
 	"github.com/gin-gonic/gin"
 	"net/http"
+	"strings"
 )
 
 func AuthorizationMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		tokenStr := c.GetHeader("Authorization")
-		if c.Request.URL.Path == "/login" || (c.Request.URL.Path == "/users" && c.Request.Method == "PUT") {
+		// 如果为登录或注册，不用校验
+		if c.Request.URL.Path == "/login" ||
+			(c.Request.URL.Path == "/users" && c.Request.Method == "PUT") ||
+			strings.HasSuffix(c.Request.URL.Path, "download") {
 			c.Next()
-		} else {
-			_, err := services.CheckToken(tokenStr)
-			if err == nil {
-				c.Next()
-			} else {
+			return
+		}
+
+		// 获取token string
+		tokenStr := c.GetHeader("Authorization")
+
+		// 校验token
+		user, err := services.CheckToken(tokenStr)
+
+		// 校验失败，返回错误响应
+		if err != nil {
+			c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{
+				Status:  "ok",
+				Message: "unauthorized",
+				Error:   "unauthorized",
+			})
+			return
+		}
+
+		// 如果为普通权限，校验请求地址是否符合要求
+		if user.Role == constants.RoleNormal {
+			if strings.HasPrefix(strings.ToLower(c.Request.URL.Path), "/users") {
 				c.AbortWithStatusJSON(http.StatusUnauthorized, routes.Response{
 					Status:  "ok",
 					Message: "unauthorized",
 					Error:   "unauthorized",
 				})
+				return
 			}
 		}
+
+		// 校验成功
+		c.Next()
 	}
 }
diff --git a/backend/model/user.go b/backend/model/user.go
index d9e2248c..19313e97 100644
--- a/backend/model/user.go
+++ b/backend/model/user.go
@@ -2,6 +2,7 @@ package model
 
 import (
 	"crawlab/database"
+	"crawlab/utils"
 	"github.com/apex/log"
 	"github.com/globalsign/mgo"
 	"github.com/globalsign/mgo/bson"
@@ -127,6 +128,12 @@ func UpdateUser(id bson.ObjectId, item User) error {
 		return err
 	}
 
+	if item.Password == "" {
+		item.Password = result.Password
+	} else {
+		item.Password = utils.EncryptPassword(item.Password)
+	}
+
 	if err := item.Save(); err != nil {
 		return err
 	}
diff --git a/frontend/src/api/request.js b/frontend/src/api/request.js
index 4a7aa9cf..e2fe1910 100644
--- a/frontend/src/api/request.js
+++ b/frontend/src/api/request.js
@@ -1,4 +1,5 @@
 import axios from 'axios'
+import router from '../router'
 
 let baseUrl = process.env.VUE_APP_BASE_URL ? process.env.VUE_APP_BASE_URL : 'http://localhost:8000/api'
 
@@ -16,7 +17,13 @@ const request = (method, path, params, data) => {
       headers
     })
       .then(resolve)
-      .catch(reject)
+      .catch(error => {
+        console.log(error)
+        if (error.response.status === 401) {
+          router.push('/login')
+        }
+        reject(error)
+      })
   })
 }
 
diff --git a/frontend/src/store/modules/user.js b/frontend/src/store/modules/user.js
index 2f7a9050..85fe99e1 100644
--- a/frontend/src/store/modules/user.js
+++ b/frontend/src/store/modules/user.js
@@ -10,11 +10,24 @@ const user = {
     roles: [],
     userList: [],
     userForm: {},
+    userInfo: undefined,
+    adminPaths: [
+      '/users'
+    ],
     pageNum: 1,
     pageSize: 10,
     totalCount: 0
   },
 
+  getters: {
+    userInfo (state) {
+      if (state.userInfo) return state.userInfo
+      const userInfoStr = window.localStorage.getItem('user_info')
+      if (!userInfoStr) return {}
+      return JSON.parse(userInfoStr)
+    }
+  },
+
   mutations: {
     SET_TOKEN: (state, token) => {
       state.token = token
@@ -34,6 +47,9 @@ const user = {
     SET_USER_FORM: (state, value) => {
       state.userForm = value
     },
+    SET_USER_INFO: (state, value) => {
+      state.userInfo = value
+    },
     SET_PAGE_NUM: (state, value) => {
       state.pageNum = value
     },
@@ -64,23 +80,13 @@ const user = {
     },
 
     // 获取用户信息
-    // getInfo ({ commit, state }) {
-    //   return new Promise((resolve, reject) => {
-    //     getInfo(state.token).then(response => {
-    //       const data = response.data
-    //       if (data.roles && data.roles.length > 0) { // 验证返回的roles是否是一个非空数组
-    //         commit('SET_ROLES', data.roles)
-    //       } else {
-    //         reject(new Error('getInfo: roles must be a non-null array !'))
-    //       }
-    //       commit('SET_NAME', data.name)
-    //       commit('SET_AVATAR', data.avatar)
-    //       resolve(response)
-    //     }).catch(error => {
-    //       reject(error)
-    //     })
-    //   })
-    // },
+    getInfo ({ commit, state }) {
+      return request.get('/me')
+        .then(response => {
+          commit('SET_USER_INFO', response.data.data)
+          window.localStorage.setItem('user_info', JSON.stringify(response.data.data))
+        })
+    },
 
     // 注册
     register ({ dispatch, commit, state }, userInfo) {
@@ -99,6 +105,8 @@ const user = {
     logout ({ commit, state }) {
       return new Promise((resolve, reject) => {
         window.localStorage.removeItem('token')
+        window.localStorage.removeItem('user_info')
+        commit('SET_USER_INFO', undefined)
         commit('SET_TOKEN', '')
         commit('SET_ROLES', [])
         resolve()
diff --git a/frontend/src/views/layout/components/Sidebar/index.vue b/frontend/src/views/layout/components/Sidebar/index.vue
index 3b395974..951b6430 100644
--- a/frontend/src/views/layout/components/Sidebar/index.vue
+++ b/frontend/src/views/layout/components/Sidebar/index.vue
@@ -15,13 +15,16 @@
 </template>
 
 <script>
-import { mapGetters } from 'vuex'
+import { mapState, mapGetters } from 'vuex'
 import variables from '@/styles/variables.scss'
 import SidebarItem from './SidebarItem'
 
 export default {
   components: { SidebarItem },
   computed: {
+    ...mapState('user', [
+      'adminPaths'
+    ]),
     ...mapGetters([
       'sidebar'
     ]),
@@ -30,8 +33,12 @@ export default {
       return `/${pathArray[1]}`
     },
     routes () {
-      // console.log(this.$router.options.routes.filter(d => !d.hidden))
-      return this.$router.options.routes
+      return this.$router.options.routes.filter(d => {
+        const role = this.$store.getters['user/userInfo'].role
+        if (role === 'admin') return true
+        console.log(role)
+        return !this.adminPaths.includes(d.path)
+      })
     },
     variables () {
       return variables
diff --git a/frontend/src/views/login/index.vue b/frontend/src/views/login/index.vue
index 75061ce4..83fee9d8 100644
--- a/frontend/src/views/login/index.vue
+++ b/frontend/src/views/login/index.vue
@@ -22,7 +22,7 @@
           name="password"
           auto-complete="on"
           :placeholder="$t('Password')"
-          @keyup.enter.native="isSignUp ? handleSignup : handleLogin"/>
+          @keyup.enter.native="onKeyEnter"/>
       </el-form-item>
       <el-form-item v-if="isSignUp" prop="confirmPassword" style="margin-bottom: 28px;">
         <el-input
@@ -31,7 +31,7 @@
           name="password"
           auto-complete="on"
           :placeholder="$t('Confirm Password')"
-          @keyup.enter.native="isSignUp ? handleSignup : handleLogin"
+          @keyup.enter.native="onKeyEnter"
         />
       </el-form-item>
       <el-form-item style="border: none">
@@ -105,13 +105,15 @@ export default {
         confirmPassword: [{ required: true, trigger: 'blur', validator: validateConfirmPass }]
       },
       loading: false,
-      pwdType: 'password',
-      redirect: undefined
+      pwdType: 'password'
     }
   },
   computed: {
     isSignUp () {
       return this.$route.path === '/signup'
+    },
+    redirect () {
+      return this.$route.query.redirect
     }
   },
   methods: {
@@ -122,6 +124,7 @@ export default {
           this.$store.dispatch('user/login', this.loginForm).then(() => {
             this.loading = false
             this.$router.push({ path: this.redirect || '/' })
+            this.$store.dispatch('user/getInfo')
           }).catch(() => {
             this.$message.error(this.$t('Error when logging in (Please check username and password)'))
             this.loading = false
@@ -142,6 +145,10 @@ export default {
           })
         }
       })
+    },
+    onKeyEnter () {
+      const func = this.isSignUp ? this.handleSignup : this.handleLogin
+      func()
     }
   },
   mounted () {
diff --git a/frontend/src/views/task/TaskDetail.vue b/frontend/src/views/task/TaskDetail.vue
index b9bb3ba6..67d4e582 100644
--- a/frontend/src/views/task/TaskDetail.vue
+++ b/frontend/src/views/task/TaskDetail.vue
@@ -95,7 +95,7 @@ export default {
       this.$store.dispatch('task/getTaskResults', this.$route.params.id)
     },
     downloadCSV () {
-      window.location.href = this.$request.baseUrl + '/tasks/' + this.$route.params.id + '/download_results'
+      window.location.href = this.$request.baseUrl + '/tasks/' + this.$route.params.id + '/results/download'
       this.$st.sendEv('任务详情-结果', '下载CSV')
     }
   },
diff --git a/frontend/src/views/user/UserList.vue b/frontend/src/views/user/UserList.vue
index e373e4d1..ff4db016 100644
--- a/frontend/src/views/user/UserList.vue
+++ b/frontend/src/views/user/UserList.vue
@@ -2,13 +2,13 @@
   <div class="app-container">
     <!--dialog-->
     <el-dialog :visible.sync="dialogVisible" :title="$t('Edit User')">
-      <el-form label-width="80px">
+      <el-form ref="form" :model="userForm" label-width="80px" :rules="rules" inline-message>
         <el-form-item :label="$t('Username')">
           <el-input v-model="userForm.username" disabled></el-input>
         </el-form-item>
-        <!--<el-form-item :label="$t('Password')">-->
-        <!--<el-input type="password" v-model="userForm.password" :placeholder="$t('Password')"></el-input>-->
-        <!--</el-form-item>-->
+        <el-form-item prop="password" :label="$t('Password')">
+          <el-input type="password" v-model="userForm.password" :placeholder="$t('Password')"></el-input>
+        </el-form-item>
         <el-form-item :label="$t('Role')">
           <el-select v-model="userForm.role">
             <el-option value="admin" :label="$t('admin')"></el-option>
@@ -92,8 +92,19 @@ import dayjs from 'dayjs'
 export default {
   name: 'UserList',
   data () {
+    const validatePass = (rule, value, callback) => {
+      if (!value) return callback()
+      if (value.length < 5) {
+        callback(new Error(this.$t('Password length should be no shorter than 5')))
+      } else {
+        callback()
+      }
+    }
     return {
-      dialogVisible: false
+      dialogVisible: false,
+      rules: {
+        password: [{ validator: validatePass }]
+      }
     }
   },
   computed: {
@@ -149,13 +160,17 @@ export default {
     },
     onConfirm () {
       this.dialogVisible = false
-      this.$store.dispatch('user/editUser')
-        .then(() => {
-          this.$message({
-            type: 'success',
-            message: this.$t('Saved successfully')
-          })
-        })
+      this.$refs.form.validate(valid => {
+        if (valid) {
+          this.$store.dispatch('user/editUser')
+            .then(() => {
+              this.$message({
+                type: 'success',
+                message: this.$t('Saved successfully')
+              })
+            })
+        }
+      })
       this.$st.sendEv('用户', '编辑')
     }
   },