diff --git a/server/controllers/get.go b/server/controllers/get.go
new file mode 100644
index 00000000..39c4fad8
--- /dev/null
+++ b/server/controllers/get.go
@@ -0,0 +1,49 @@
+package controllers
+
+import (
+	"github.com/Xhofe/alist/alidrive"
+	"github.com/Xhofe/alist/server/models"
+	"github.com/gin-gonic/gin"
+	log "github.com/sirupsen/logrus"
+	"path/filepath"
+)
+
+// get request bean
+type GetReq struct {
+	Path     string `json:"path" binding:"required"`
+	Password string `json:"password"`
+}
+
+// handle get request
+func Get(c *gin.Context) {
+	var get GetReq
+	if err := c.ShouldBindJSON(&get); err != nil {
+		c.JSON(200, MetaResponse(400, "Bad Request:"+err.Error()))
+		return
+	}
+	log.Debugf("list:%+v", get)
+	dir, name := filepath.Split(get.Path)
+	file, err := models.GetFileByDirAndName(dir, name)
+	if err != nil {
+		if file == nil {
+			c.JSON(200, MetaResponse(404, "Path not found."))
+			return
+		}
+		c.JSON(200, MetaResponse(500, err.Error()))
+		return
+	}
+	if file.Password != "" && file.Password != get.Password {
+		if get.Password == "" {
+			c.JSON(200, MetaResponse(401, "need password."))
+		} else {
+			c.JSON(200, MetaResponse(401, "wrong password."))
+		}
+		return
+	}
+	down, err := alidrive.GetDownLoadUrl(file.FileId)
+	if err != nil {
+		c.JSON(200, MetaResponse(500, err.Error()))
+		return
+	}
+	c.JSON(200, DataResponse(down))
+}
diff --git a/server/models/file.go b/server/models/file.go
index dd166933..eee479b4 100644
--- a/server/models/file.go
+++ b/server/models/file.go
@@ -17,6 +17,7 @@ type File struct {
 	ContentType   string     `json:"content_type"`
 	Size          int64      `json:"size"`
 	Password      string     `json:"password"`
+	Url           string     `json:"url" gorm:"-"`
 }
 
 func (file *File) Create() error {
diff --git a/server/router.go b/server/router.go
index 0391a0f3..a227b01e 100644
--- a/server/router.go
+++ b/server/router.go
@@ -24,11 +24,12 @@ func InitApiRouter(engine *gin.Engine) {
 	apiV2 := engine.Group("/api")
 	{
 		apiV2.GET("/info", controllers.Info)
+		apiV2.POST("/get", controllers.Get)
 		apiV2.POST("/path", controllers.Path)
 		apiV2.POST("/office_preview", controllers.OfficePreview)
 		apiV2.POST("/local_search", controllers.LocalSearch)
 		apiV2.POST("/global_search", controllers.GlobalSearch)
+		apiV2.GET("/rebuild/*password", controllers.RebuildTree)
 	}
 	engine.GET("/d/*path", controllers.Down)
-	engine.GET("/rebuild/*password", controllers.RebuildTree)
 }