diff --git a/auth/auth.go b/auth/auth.go
index c1c4273..ce7c052 100644
--- a/auth/auth.go
+++ b/auth/auth.go
@@ -1,6 +1,8 @@
 package auth
 
 import (
+	"strconv"
+
 	"git.lxtend.com/qqbot/constants"
 	"git.lxtend.com/qqbot/model"
 	"git.lxtend.com/qqbot/sqlite3"
@@ -25,6 +27,14 @@ func HasPermission(qqID int64, level constants.PermissionLevel) bool {
 	return auth.Role <= level
 }
 
+func SetPermission(qqID int64, level constants.PermissionLevel) error {
+	auth := Auth{
+		Qqid: strconv.Itoa(int(qqID)),
+		Role: level,
+	}
+	return setAuth(auth)
+}
+
 func TryExecHandler(msg model.Message, level constants.PermissionLevel, handler model.Handler) (reply model.Reply) {
 	if HasPermission(msg.UserId, level) {
 		return handler(msg)
diff --git a/auth/model.go b/auth/model.go
index 45f13a3..f6527ed 100644
--- a/auth/model.go
+++ b/auth/model.go
@@ -3,6 +3,7 @@ package auth
 import "git.lxtend.com/qqbot/constants"
 
 type Auth struct {
+	ID   int64                     `json:"id" db:"id"`
 	Qqid string                    `json:"qqid" db:"qqid"`
 	Role constants.PermissionLevel `json:"role" db:"role"`
 }
diff --git a/auth/service.go b/auth/service.go
index 73b952b..90b03db 100644
--- a/auth/service.go
+++ b/auth/service.go
@@ -22,3 +22,17 @@ func getAuth(qqID int64) (auth Auth, err error) {
 	}
 	return auth, nil
 }
+
+func setAuth(auth Auth) error {
+	tx, err := sqlite3.GetTran()
+	if err != nil {
+		return err
+	}
+	defer tx.Rollback()
+	_, err = tx.Exec("UPDATE auth SET role = ? WHERE qqid = ?", auth.Role, auth.Qqid)
+	if err != nil {
+		return err
+	}
+	err = tx.Commit()
+	return err
+}
diff --git a/handler/auth/auth.go b/handler/auth/auth.go
new file mode 100644
index 0000000..8a61d50
--- /dev/null
+++ b/handler/auth/auth.go
@@ -0,0 +1,71 @@
+package auth
+
+import (
+	"log"
+	"regexp"
+	"strconv"
+
+	"git.lxtend.com/qqbot/auth"
+	"git.lxtend.com/qqbot/constants"
+	"git.lxtend.com/qqbot/handler"
+	"git.lxtend.com/qqbot/model"
+)
+
+func init() {
+	handler.RegisterFrontMatchHandler("用户权限", setUserLevel, constants.LEVEL_ROOT)
+	handler.RegisterHelpInform("用户权限", "用户权限 [用户] [权限] 设置用户权限。允许的权限有：根用户、管理员、信任、用户、拉黑")
+}
+
+var userLevelMap = map[string]constants.PermissionLevel{
+	"根用户": constants.LEVEL_ROOT,
+	"管理员": constants.LEVEL_ADMIN,
+	"信任":  constants.LEVEL_TRUSTED,
+	"用户":  constants.LEVEL_USER,
+	"拉黑":  constants.LEVEL_BANNED,
+}
+
+func setUserLevel(msg model.Message) (reply model.Reply) {
+	re := regexp.MustCompile(`\s+`)
+	tokens := re.Split(msg.RawMsg, -1)
+	if len(tokens) < 3 {
+		return model.Reply{
+			ReplyMsg:       "参数不足",
+			ReferOriginMsg: true,
+			FromMsg:        msg,
+		}
+	}
+	userText := tokens[1]
+	if userId, err := model.ParseAtMessage(userText); err == nil {
+		userText = userId.Data.QQ
+	}
+	log.Println(userText)
+	user, err := strconv.Atoi(userText)
+	if err != nil {
+		return model.Reply{
+			ReplyMsg:       "用户解析失败",
+			ReferOriginMsg: true,
+			FromMsg:        msg,
+		}
+	}
+	levelText := tokens[2]
+	level, ok := userLevelMap[levelText]
+	if !ok {
+		return model.Reply{
+			ReplyMsg:       "权限不存在",
+			ReferOriginMsg: true,
+			FromMsg:        msg,
+		}
+	}
+	if err := auth.SetPermission(int64(user), level); err != nil {
+		return model.Reply{
+			ReplyMsg:       "权限设置失败",
+			ReferOriginMsg: true,
+			FromMsg:        msg,
+		}
+	}
+	return model.Reply{
+		ReplyMsg:       "权限设置成功",
+		ReferOriginMsg: true,
+		FromMsg:        msg,
+	}
+}
diff --git a/model/cq_message.go b/model/cq_message.go
index 62c30a4..940803f 100644
--- a/model/cq_message.go
+++ b/model/cq_message.go
@@ -19,6 +19,27 @@ type AtData struct {
 	QQ string `json:"qq"`
 }
 
+func (msg *AtMessage) ToCQString() string {
+	return fmt.Sprintf(`\[CQ:at,qq=%s\]`, msg.Data.QQ)
+}
+
+func ParseAtMessage(data string) (*AtMessage, error) {
+	// 使用正则表达式提取QQ号
+	re := regexp.MustCompile(`\[CQ:at,qq=(\d+)\]`)
+	matches := re.FindStringSubmatch(data)
+	if len(matches) < 2 {
+		return nil, fmt.Errorf("数据格式不正确")
+	}
+
+	// 返回解析后的结构体
+	return &AtMessage{
+		Type: "at",
+		Data: AtData{
+			QQ: matches[1],
+		},
+	}, nil
+}
+
 // 回复消息结构体
 type ReplyMessage struct {
 	Type string    `json:"type"`
@@ -30,7 +51,12 @@ type ReplyData struct {
 	ID string `json:"id"`
 }
 
-type CQImageMessage struct {
+type ImageMessage struct {
+	Type string           `json:"type"`
+	Data ImageMessageData `json:"data"`
+}
+
+type ImageMessageData struct {
 	File       string
 	SubType    string
 	FileID     string
@@ -39,20 +65,20 @@ type CQImageMessage struct {
 	FileUnique string
 }
 
-func (msg *CQImageMessage) ToCQString() (string, error) {
+func (msg *ImageMessage) ToCQString() (string, error) {
 	// URL 转义
-	escapedURL := url.QueryEscape(msg.URL)
+	escapedURL := url.QueryEscape(msg.Data.URL)
 
 	// 构造 CQ:image 字符串
 	cqString := fmt.Sprintf("[CQ:image,file=%s,sub_type=%s,file_id=%s,url=%s,file_size=%d,file_unique=%s]",
-		msg.File, msg.SubType, msg.FileID, escapedURL, msg.FileSize, msg.FileUnique)
+		msg.Data.File, msg.Data.SubType, msg.Data.FileID, escapedURL, msg.Data.FileSize, msg.Data.FileUnique)
 
 	return cqString, nil
 }
 
-func ParseCQImageMessage(data string) (*CQImageMessage, error) {
+func ParseCQImageMessage(data string) (*ImageMessage, error) {
 	// 使用正则表达式提取各个字段
-	re := regexp.MustCompile(`CQ:image,file=(.*?),sub_type=(.*?),file_id=(.*?),url=(.*?),file_size=(\d+),file_unique=(.*?)\]`)
+	re := regexp.MustCompile(`\[CQ:image,file=(.*?),sub_type=(.*?),file_id=(.*?),url=(.*?),file_size=(\d+),file_unique=(.*?)\]`)
 	matches := re.FindStringSubmatch(data)
 	if len(matches) < 7 {
 		return nil, fmt.Errorf("数据格式不正确")
@@ -76,12 +102,23 @@ func ParseCQImageMessage(data string) (*CQImageMessage, error) {
 	}
 
 	// 返回解析后的结构体
-	return &CQImageMessage{
-		File:       matches[1],
-		SubType:    matches[2],
-		FileID:     matches[3],
-		URL:        decodedURL,
-		FileSize:   fileSize,
-		FileUnique: matches[6],
+	// return &ImageMessageData{
+	// 	File:       matches[1],
+	// 	SubType:    matches[2],
+	// 	FileID:     matches[3],
+	// 	URL:        decodedURL,
+	// 	FileSize:   fileSize,
+	// 	FileUnique: matches[6],
+	// }, nil
+	return &ImageMessage{
+		Type: "image",
+		Data: ImageMessageData{
+			File:       matches[1],
+			SubType:    matches[2],
+			FileID:     matches[3],
+			URL:        decodedURL,
+			FileSize:   fileSize,
+			FileUnique: matches[6],
+		},
 	}, nil
 }
diff --git a/register.go b/register.go
index 39ca007..d9c2620 100644
--- a/register.go
+++ b/register.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	_ "git.lxtend.com/qqbot/handler/auth"
 	_ "git.lxtend.com/qqbot/handler/beatleader"
 	_ "git.lxtend.com/qqbot/handler/echo"
 	_ "git.lxtend.com/qqbot/handler/getweb"
diff --git a/service/xibao/image_gen.go b/service/xibao/image_gen.go
index 861233a..086ff0c 100644
--- a/service/xibao/image_gen.go
+++ b/service/xibao/image_gen.go
@@ -124,7 +124,7 @@ func GenerateCongratulationImage(text string, inputFile, outputFile string, isGo
 
 func isImageCQ(text string) (string, bool) {
 	if img, err := model.ParseCQImageMessage(text); err == nil {
-		return img.URL, true
+		return img.Data.URL, true
 	}
 	return "", false
 }