diff --git a/server/handles/auth.go b/server/handles/auth.go
index ff906090..9a5b48fa 100644
--- a/server/handles/auth.go
+++ b/server/handles/auth.go
@@ -18,7 +18,7 @@ var (
 
 type LoginReq struct {
 	Username string `json:"username" binding:"required"`
-	Password string `json:"password" binding:"required"`
+	Password string `json:"password"`
 }
 
 func Login(c *gin.Context) {
@@ -75,7 +75,9 @@ func UpdateCurrent(c *gin.Context) {
 	}
 	user := c.MustGet("user").(*model.User)
 	user.Username = req.Username
-	user.Password = req.Password
+	if req.Password != "" {
+		user.Password = req.Password
+	}
 	if err := db.UpdateUser(user); err != nil {
 		common.ErrorResp(c, err, 500)
 	} else {
diff --git a/server/router.go b/server/router.go
index c2173456..9aba9d43 100644
--- a/server/router.go
+++ b/server/router.go
@@ -22,8 +22,8 @@ func Init(r *gin.Engine) {
 	auth := api.Group("", middlewares.Auth)
 
 	api.POST("/auth/login", handles.Login)
-	auth.GET("/profile", handles.CurrentUser)
-	auth.POST("/profile/update", handles.UpdateCurrent)
+	auth.GET("/me", handles.CurrentUser)
+	auth.POST("/me/update", handles.UpdateCurrent)
 
 	// no need auth
 	public := api.Group("/public")