diff --git a/include/server/response.h b/include/server/response.h
index 23f0c01..7af73ac 100644
--- a/include/server/response.h
+++ b/include/server/response.h
@@ -8,6 +8,7 @@ void res_must_get(mg_connection* conn);
 void res_must_post(mg_connection* conn);
 void res_need_token(mg_connection* conn);
 void res_auth_fail(mg_connection* conn);
+void res_unauth(mg_connection* conn);
 void res_check_exist_fail(mg_connection* conn);
 void res_user_exist(mg_connection* conn);
 void res_not_exist(mg_connection* conn);
diff --git a/src/server/auth/admin.c b/src/server/auth/admin.c
index aa808a6..acf1baf 100644
--- a/src/server/auth/admin.c
+++ b/src/server/auth/admin.c
@@ -90,7 +90,7 @@ static void impl_repasswd(mg_connection* conn, admin_form_t* form)
 
     int result;
     if (!admin_login(form->password, &result)) {
-        res_auth_fail(conn);
+        res_unauth(conn);
     } else if (!result) {
         res_incorrect(conn);
     }
diff --git a/src/server/auth/delete.c b/src/server/auth/delete.c
index 8094fb8..8898a20 100644
--- a/src/server/auth/delete.c
+++ b/src/server/auth/delete.c
@@ -76,7 +76,7 @@ int user_delete_handler(mg_connection* conn, void* cbdata)
         return 1;
     }
     if (!verify_token(form.token, secret)) {
-        res_auth_fail(conn);
+        res_unauth(conn);
         delete_form_dtor(&form);
         return 1;
     }
diff --git a/src/server/auth/repasswd.c b/src/server/auth/repasswd.c
index 2ef5e0b..056c56d 100644
--- a/src/server/auth/repasswd.c
+++ b/src/server/auth/repasswd.c
@@ -89,7 +89,7 @@ int user_repasswd_handler(mg_connection* conn, void* cbdata)
         return 1;
     }
     if (!verify_token(form.token, secret)) {
-        res_auth_fail(conn);
+        res_unauth(conn);
         repasswd_form_dtor(&form);
         return 1;
     }
diff --git a/src/server/response.c b/src/server/response.c
index 6cf1de0..ef60ac3 100644
--- a/src/server/response.c
+++ b/src/server/response.c
@@ -35,13 +35,13 @@ void res_need_token(mg_connection* conn)
               "Access-Control-Allow-Origin: *\r\n\r\n"
               "{\"error\":\"need token\"}");
 }
-void res_auth_fail(mg_connection* conn)
+void res_unauth(mg_connection* conn)
 {
     mg_printf(conn,
               "HTTP/1.1 401 Unauthorized\r\n"
               "Content-Type: application/json\r\n"
               "Access-Control-Allow-Origin: *\r\n\r\n"
-              "{\"error\":\"auth failed\"}");
+              "{\"error\":\"unauthorized\"}");
 }
 void res_check_exist_fail(mg_connection* conn)
 {
@@ -252,3 +252,12 @@ void res_need_xxx(mg_connection* conn, const char* xxx)
               "{\"error\":\"need %s\"}",
               xxx);
 }
+
+void res_auth_fail(mg_connection* conn)
+{
+    mg_printf(conn,
+              "HTTP/1.1 500 Internal Server Error\r\n"
+              "Content-Type: application/json\r\n"
+              "Access-Control-Allow-Origin: *\r\n\r\n"
+              "{\"error\":\"failed to authorize\"}");
+}