diff --git a/src/main/java/com/iflytop/gd/app/controller/AuthController.java b/src/main/java/com/iflytop/gd/app/controller/AuthController.java
new file mode 100644
index 0000000..aba2842
--- /dev/null
+++ b/src/main/java/com/iflytop/gd/app/controller/AuthController.java
@@ -0,0 +1,55 @@
+package com.iflytop.gd.app.controller;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.iflytop.gd.app.model.dto.LoginDTO;
+import com.iflytop.gd.common.enums.Deleted;
+import com.iflytop.gd.common.result.Result;
+import com.iflytop.gd.common.result.ResultCode;
+import com.iflytop.gd.infrastructure.repository.entity.User;
+import com.iflytop.gd.infrastructure.repository.service.UserService;
+import io.swagger.v3.oas.annotations.Operation;
+import io.swagger.v3.oas.annotations.tags.Tag;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Objects;
+
+/**
+ * 认证控制
+ */
+@Tag(name = "认证")
+@RestController
+@RequestMapping("/api/auth")
+@RequiredArgsConstructor
+@Slf4j
+public class AuthController {
+
+    private final UserService userService;
+
+    @Operation(summary = "账号密码登录")
+    @PostMapping("/login")
+    public Result<String> login(@RequestBody LoginDTO loginDTO) {
+        User user = userService.getOne(
+                new LambdaQueryWrapper<>(User.class)
+                        .eq(User::getUsername, loginDTO.getUsername())
+        );
+        if (user != null
+                && !Objects.equals(user.getDeleted(), Deleted.ENABLE)
+                && user.getPassword().equals(loginDTO.getPassword())) {
+            userService.setCurrentUser(user);
+            return Result.success();
+        }
+        return Result.failed(ResultCode.INVALID_CREDENTIALS);
+    }
+
+    @Operation(summary = "用户登出")
+    @PostMapping("/logout")
+    public Result<String> logout() {
+        userService.clearCurrentUser();
+        return Result.success();
+    }
+}
diff --git a/src/main/java/com/iflytop/gd/app/model/dto/LoginDTO.java b/src/main/java/com/iflytop/gd/app/model/dto/LoginDTO.java
new file mode 100644
index 0000000..c79dd95
--- /dev/null
+++ b/src/main/java/com/iflytop/gd/app/model/dto/LoginDTO.java
@@ -0,0 +1,22 @@
+package com.iflytop.gd.app.model.dto;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotBlank;
+import lombok.Data;
+
+/**
+ * 用户登录表单
+ */
+@Schema(description = "用户登录")
+@Data
+public class LoginDTO {
+
+    @NotBlank()
+    @Schema(description = "用户名", example = "admin")
+    private String username;
+
+    @NotBlank()
+    @Schema(description = "用户密码", example = "12345")
+    private String password;
+
+}