diff --git a/oaweb/composables/api/token.ts b/oaweb/composables/api/token.ts
index 9c6c632..4c56b14 100644
--- a/oaweb/composables/api/token.ts
+++ b/oaweb/composables/api/token.ts
@@ -15,14 +15,15 @@ export function TokenSalt(json: TokenSaltOpts) {
   return webapi.Post<{ id: string, salt: string }>(`/token/salt`, { json })
 }
 export interface PostOpts {
-  user_id: string
+  refresh?: string
+  typ?: 'app' | 'ufs'
+  user_id?: string
   salt?: string
   code?: string
   app_id?: string
   expired_at?: Date
   over_perm?: string
   device?: string
-  refresh?: string
 }
 
 // keep
@@ -48,6 +49,7 @@ export function Delete(token_id: string) {
 export interface ListOpts {
   user_id: string
   app_id: string
+  limit: number
 }
 export function List(json: ListOpts) {
   return webapi.Get<models.Token[]>(`/token`, { json })
diff --git a/oaweb/composables/api/webapi.ts b/oaweb/composables/api/webapi.ts
index a68a6a2..d0e5a8e 100644
--- a/oaweb/composables/api/webapi.ts
+++ b/oaweb/composables/api/webapi.ts
@@ -149,7 +149,10 @@ interface data {
 
 
 function transData(d: data) {
-  let opts = { params: d.query, data: {}, headers: {} as any }
+  let opts = { headers: {} } as any
+  if (d.query) {
+    opts.params = d.query
+  }
   if (d.form) {
     opts.data = d.form
     opts.headers['content-type'] = 'application/x-www-form-urlencoded'
diff --git a/oaweb/pages/login.vue b/oaweb/pages/login.vue
index 61b2ffc..30f444b 100644
--- a/oaweb/pages/login.vue
+++ b/oaweb/pages/login.vue
@@ -147,9 +147,33 @@ definePageMeta({
 
 const route = useRoute()
 const isValid = ref(oaer.isValid())
+const uuid = ref(route.query.uuid as string)
 const app = ref<models.App>({} as models.App)
 const app_perm = ref<{ [key: string]: [boolean, string, number] }>({ 'fs': [true, '/', 4], 'app': [true, '', 1], 'user': [true, '', 1] })
 
+const auto_redirect = () => {
+  if (isValid.value) {
+    if (uuid.value) {
+      api.app.Get(uuid.value).then(e => {
+        app.value = e
+        console.log(oaer.local())
+        api.token.List({ limit: 1, app_id: uuid.value, user_id: oaer.local().id }).then(e => {
+          console.log(e)
+        })
+      }).catch(e => {
+        if (e.code === 40401) {
+          msg.Warn('参数错误: 该应用不存在')
+          uuid.value = ''
+          redirect()
+          return
+        }
+        console.warn(e)
+      })
+    } else {
+      redirect()
+    }
+  }
+}
 
 let data = ref({
   username: '',
@@ -204,7 +228,9 @@ const signin = () => {
         salt.toString()
     }).then(e => {
       oaer.init('', '', e).then(() => {
-        redirect("")
+        isValid.value = true
+        auto_redirect()
+        // redirect("")
       }).catch((e) => {
         console.warn(e)
         msg.Warn('登录失败：' + (e?.err || e))
@@ -254,10 +280,9 @@ function redirect(url?: string) {
   if (route.query.redirect) {
     url = route.query.redirect as string
   }
-  let uuid = route.query.uuid as string
-  if (uuid) {
-    oaer.api().app.Get(uuid as string).then((app) => {
-      if (uuid === oaer.logic().oa_id) {
+  if (uuid.value) {
+    api.app.Get(uuid.value).then((app) => {
+      if (uuid.value === oaer.logic().oa_id) {
         oaer.goto(url || app.init_url || '/')
       } else {
         let perm = []
@@ -271,9 +296,9 @@ function redirect(url?: string) {
             })
           }
         }
-        oaer.api().token.Post({
+        api.token.Post({
           refresh: oaer.logic().token.refresh.raw(),
-          app_id: uuid,
+          app_id: uuid.value,
           over_perm: JSON.stringify(perm)
         }).then(e => {
           url = url || app.init_url
@@ -295,19 +320,7 @@ function redirect(url?: string) {
 }
 
 onMounted(() => {
-  let uuid = route.query.uuid as string
-  if (isValid.value && uuid) {
-    oaer.api().app.Get(uuid).then(e => {
-      app.value = e
-    }).catch(e => {
-      if (e.code === 40401) {
-        msg.Warn('参数错误: 该应用不存在')
-        return
-      }
-      console.warn(e)
-    })
-
-  }
+  auto_redirect()
 })
 </script>
 
diff --git a/oaweb/pages/user.vue b/oaweb/pages/user.vue
index d10eda8..ebd41b8 100644
--- a/oaweb/pages/user.vue
+++ b/oaweb/pages/user.vue
@@ -1,4 +1,4 @@
- <!--
+<!--
  * user.vue
  * Copyright (C) 2024 veypi <i@veypi.com>
  * 2024-06-06 16:32
@@ -6,12 +6,91 @@
  -->
 <template>
   <div>
-    user
+    <h1 class="page-h1">账号设置</h1>
+    <div class="flex justify-center pt-10">
+      <crud ref="table" editable :keys="keys" :data="[oaer.local()]" @update="newData = $event[0]">
+        <template #k_icon="{ value, set }">
+          <div class="w-full flex justify-center">
+            <uploader class="" @success="set" dir="/usr/icon">
+              <img class="rounded-full h-8 w-8" :src="value">
+            </uploader>
+          </div>
+        </template>
+        <template #k_pass>
+          <div class="vbtn" @click="prompt = true" size='sm' color='secondary'>修改</div>
+        </template>
+      </crud>
+    </div>
+    <UModal v-model="prompt" persistent>
+      <UCard style="min-width: 350px">
+        <template #header>
+          <div class="text-h6">请输入新密码</div>
+        </template>
+        <vinput type='password' class="my-8" v-model="pass[0]">
+        </vinput>
+        <vinput type='password' class="my-8" v-model="pass[1]">
+        </vinput>
+
+        <template #footer class="">
+          <div class="flex justify-end gap-8">
+            <div class="vbtn bg-vignore w-32" @click="prompt = false">{{ $t('c.cancel') }}</div>
+            <div class="vbtn bg-vprimary w-32" @click="reset">{{ $t('c.ok') }}</div>
+          </div>
+        </template>
+      </UCard>
+    </UModal>
+
+    <div v-if="newData" class="flex justify-center gap-8 mt-6">
+      <div class="vbtn bg-vignore w-32" @click="table.reload">{{ $t('c.cancel') }}</div>
+      <div class="vbtn bg-vprimary w-32" @click="save">{{ $t('c.ok') }}</div>
+    </div>
   </div>
 </template>
 
 <script lang="ts" setup>
+import msg from '@veypi/msg';
+import oaer from '@veypi/oaer'
+
+let prompt = ref(false)
+let table = ref()
+const keys = ref<any>([
+  { name: 'id', label: 'ID', editable: false },
+  { name: 'username', label: '用户名' },
+  { name: 'pass', label: '密码' },
+  { name: 'nickname', label: '昵称' },
+  { name: 'icon', label: 'logo' },
+  { name: 'email', label: '邮箱' },
+  { name: 'phone', label: '手机号' },
+])
+
+const newData = ref()
+const save = () => {
+  api.user.Patch(oaer.local().id, newData.value)
+    .then(e => {
+      msg.Info('更新成功')
+      Object.assign(oaer.logic().user, newData.value)
+      newData.value = null
+    }).catch(e => {
+      msg.Warn('更新失败 ' + e)
+    })
+}
+let pass = ref(['', ''])
+const reset = () => {
+  if (pass.value[0] == '' || pass.value[1] == '') {
+    msg.Warn('密码不能为空')
+    return
+  }
+  if (pass.value[0] != pass.value[1]) {
+    msg.Warn('两次密码不一致')
+    return
+  }
+  prompt.value = false
+  // api.user.reset(u.id, pass.value[0]).then((e) => {
+  //   msg.Info('密码重置成功')
+  // }).catch(e => {
+  //   msg.Warn('密码重置失败 ' + e)
+  // })
+}
 </script>
 
 <style scoped></style>
-