diff --git a/app/Endpoint/Api/Http/Controllers/Auth/ResetPasswordController.php b/app/Endpoint/Api/Http/Controllers/Auth/ResetPasswordController.php
new file mode 100644
index 00000000..89e62b67
--- /dev/null
+++ b/app/Endpoint/Api/Http/Controllers/Auth/ResetPasswordController.php
@@ -0,0 +1,45 @@
+<?php
+
+namespace App\Endpoint\Api\Http\Controllers\Auth;
+
+use App\Endpoint\Api\Http\Controllers\Controller;
+use App\Endpoint\Api\Http\Requests\ResetPasswordRequest;
+use App\Exceptions\BizException;
+use App\Models\SmsCode;
+use App\Models\User;
+use App\Services\SmsCodeService;
+
+class ResetPasswordController extends Controller
+{
+    /**
+     * 重置密码
+     *
+     * @param \App\Endpoint\Api\Http\Requests\LoginRequest $request
+     * @param \App\Services\SmsCodeService $smsCodeService
+     * @return \Illuminate\Http\JsonResponse
+     */
+    public function __invoke(ResetPasswordRequest $request, SmsCodeService $smsCodeService)
+    {
+        $input = $request->validated();
+
+        $smsCodeService->validate(
+            $input['phone'],
+            SmsCode::TYPE_RESET_PASSWORD,
+            $input['verify_code']
+        );
+
+        $user = User::where('phone', $input['phone'])->first();
+
+        if ($user === null) {
+            throw new BizException(__('The phone number is not registered'));
+        }
+
+        $user->update([
+            'password' => $input['password'],
+        ]);
+
+        $user->tokens()->delete();
+
+        return response()->noContent();
+    }
+}
diff --git a/app/Endpoint/Api/Http/Requests/ResetPasswordRequest.php b/app/Endpoint/Api/Http/Requests/ResetPasswordRequest.php
new file mode 100644
index 00000000..fda45607
--- /dev/null
+++ b/app/Endpoint/Api/Http/Requests/ResetPasswordRequest.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace App\Endpoint\Api\Http\Requests;
+
+use App\Rules\PhoneNumber;
+use Illuminate\Foundation\Http\FormRequest;
+
+class ResetPasswordRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'phone' => ['bail', 'required', new PhoneNumber()],
+            'password' => ['bail', 'required', 'string', 'min:6', 'max:32'],
+            'verify_code' => ['bail', 'required', 'string'],
+        ];
+    }
+}
diff --git a/app/Endpoint/Api/routes.php b/app/Endpoint/Api/routes.php
index e0fa7f7d..06c97210 100644
--- a/app/Endpoint/Api/routes.php
+++ b/app/Endpoint/Api/routes.php
@@ -1,6 +1,7 @@
 <?php
 
 use App\Endpoint\Api\Http\Controllers\AdController;
+use App\Endpoint\Api\Http\Controllers\Auth\ResetPasswordController;
 use App\Endpoint\Api\Http\Controllers\CaptchaController;
 use App\Endpoint\Api\Http\Controllers\LoginController;
 use App\Endpoint\Api\Http\Controllers\LogoutController;
@@ -27,6 +28,7 @@ Route::group([
     Route::post('login', LoginController::class);
     Route::post('logout', LogoutController::class);
     Route::post('register', RegisterController::class);
+    Route::post('reset-password', ResetPasswordController::class);
 
     Route::get('ads', [AdController::class, 'index']);
 
diff --git a/app/Models/SmsCode.php b/app/Models/SmsCode.php
index c7f65c89..e6b79dcd 100644
--- a/app/Models/SmsCode.php
+++ b/app/Models/SmsCode.php
@@ -13,6 +13,7 @@ class SmsCode extends Model
     use Notifiable;
 
     public const TYPE_REGISTER = 1;
+    public const TYPE_RESET_PASSWORD = 2;
 
     /**
      * @var array
@@ -49,6 +50,7 @@ class SmsCode extends Model
      */
     public static $allowedTypes = [
         self::TYPE_REGISTER,
+        self::TYPE_RESET_PASSWORD,
     ];
 
     /**
diff --git a/resources/lang/zh_CN.json b/resources/lang/zh_CN.json
index 2e0d9f77..b94fae46 100644
--- a/resources/lang/zh_CN.json
+++ b/resources/lang/zh_CN.json
@@ -7,5 +7,6 @@
     "Invalid verification code type": "无效的验证码类型",
     "Registration failed, please try again": "注册失败，请重试",
     "Sending too frequently, please try again later": "发送过于频繁，请稍后再试",
-    "The phone number is already registered": "手机号码已被注册"
+    "The phone number is already registered": "手机号码已被注册",
+    "The phone number is not registered": "手机号码未注册"
 }