diff --git a/src/main/java/com/vibevault/controller/AuthController.java b/src/main/java/com/vibevault/controller/AuthController.java
index 88066a1..40325c7 100644
--- a/src/main/java/com/vibevault/controller/AuthController.java
+++ b/src/main/java/com/vibevault/controller/AuthController.java
@@ -10,13 +10,13 @@ import org.springframework.web.server.ResponseStatusException;
 
 /**
  * 认证控制器
- * 
+ *
  * 需要实现以下端点：
  * - POST /api/auth/register - 用户注册
  *   - 检查用户名是否已存在（已存在返回 409 Conflict）
  *   - 密码需要加密存储
  *   - 成功返回 201
- * 
+ *
  * - POST /api/auth/login - 用户登录
  *   - 验证用户名和密码
  *   - 验证失败返回 401 Unauthorized
@@ -36,9 +36,43 @@ public class AuthController {
         this.jwtService = jwtService;
     }
 
-    // TODO: 实现 POST /api/auth/register (状态码 201)
+    // POST /api/auth/register - 用户注册 状态码 201
+    @PostMapping("/register")
+    @ResponseStatus(HttpStatus.CREATED)
+    public RegisterResponse register(@RequestBody RegisterRequest request) {
+        // 检查用户名是否已存在
+        if (userRepository.existsByUsername(request.username())) {
+            throw new ResponseStatusException(HttpStatus.CONFLICT, "Username already exists");
+        }
 
-    // TODO: 实现 POST /api/auth/login
+        // 创建用户并加密密码
+        User user = new User();
+        user.setUsername(request.username());
+        user.setPassword(passwordEncoder.encode(request.password()));
+        // 默认角色设置为普通用户（根据你的User类调整）
+        user.setRole("ROLE_USER");
+        userRepository.save(user);
+
+        return new RegisterResponse("User registered successfully", request.username());
+    }
+
+    // POST /api/auth/login - 用户登录
+    @PostMapping("/login")
+    public LoginResponse login(@RequestBody LoginRequest request) {
+        // 查询用户
+        User user = userRepository.findByUsername(request.username())
+                .orElseThrow(() -> new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid username or password"));
+
+        // 验证密码
+        if (!passwordEncoder.matches(request.password(), user.getPassword())) {
+            throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "Invalid username or password");
+        }
+
+        // 生成JWT token
+        String token = jwtService.generateToken(user.getUsername());
+
+        return new LoginResponse(token, user.getUsername());
+    }
 }
 
 /**
@@ -59,4 +93,4 @@ record LoginRequest(String username, String password) {}
 /**
  * 登录响应 DTO
  */
-record LoginResponse(String token, String username) {}
+record LoginResponse(String token, String username) {}
\ No newline at end of file