diff --git a/open-isle-cli/src/utils/discord.js b/open-isle-cli/src/utils/discord.js
index 4fa45ac84..521ecc8fa 100644
--- a/open-isle-cli/src/utils/discord.js
+++ b/open-isle-cli/src/utils/discord.js
@@ -1,6 +1,7 @@
 import { API_BASE_URL, DISCORD_CLIENT_ID, toast } from '../main'
 import { WEBSITE_BASE_URL } from '../constants'
 import { setToken, loadCurrentUser } from './auth'
+import { registerPush } from './push'
 
 export function discordAuthorize(state = '') {
   if (!DISCORD_CLIENT_ID) {
@@ -24,6 +25,7 @@ export async function discordExchange(code, state, reason) {
       setToken(data.token)
       await loadCurrentUser()
       toast.success('登录成功')
+      registerPush()
       return {
         success: true,
         needReason: false
diff --git a/open-isle-cli/src/utils/github.js b/open-isle-cli/src/utils/github.js
index 4b0cb6f68..cca908654 100644
--- a/open-isle-cli/src/utils/github.js
+++ b/open-isle-cli/src/utils/github.js
@@ -1,6 +1,7 @@
 import { API_BASE_URL, GITHUB_CLIENT_ID, toast } from '../main'
 import { setToken, loadCurrentUser } from './auth'
 import { WEBSITE_BASE_URL } from '../constants'
+import { registerPush } from './push'
 
 export function githubAuthorize(state = '') {
   if (!GITHUB_CLIENT_ID) {
@@ -24,6 +25,7 @@ export async function githubExchange(code, state, reason) {
       setToken(data.token)
       await loadCurrentUser()
       toast.success('登录成功')
+      registerPush()
       return {
         success: true,
         needReason: false
diff --git a/open-isle-cli/src/utils/google.js b/open-isle-cli/src/utils/google.js
index fcdf0c92b..533d6c808 100644
--- a/open-isle-cli/src/utils/google.js
+++ b/open-isle-cli/src/utils/google.js
@@ -1,5 +1,6 @@
 import { API_BASE_URL, GOOGLE_CLIENT_ID, toast } from '../main'
 import { setToken, loadCurrentUser } from './auth'
+import { registerPush } from './push'
 
 export async function googleGetIdToken() {
   return new Promise((resolve, reject) => {
@@ -29,6 +30,7 @@ export async function googleAuthWithToken(idToken, redirect_success, redirect_no
       setToken(data.token)
       await loadCurrentUser()
       toast.success('登录成功')
+      registerPush()
       if (redirect_success) redirect_success()
     } else if (data.reason_code === 'NOT_APPROVED') {
       toast.info('当前为注册审核模式，请填写注册理由')
diff --git a/open-isle-cli/src/utils/twitter.js b/open-isle-cli/src/utils/twitter.js
index cc19da4db..8362d17af 100644
--- a/open-isle-cli/src/utils/twitter.js
+++ b/open-isle-cli/src/utils/twitter.js
@@ -1,6 +1,7 @@
 import { API_BASE_URL, TWITTER_CLIENT_ID, toast } from '../main'
 import { WEBSITE_BASE_URL } from '../constants'
 import { setToken, loadCurrentUser } from './auth'
+import { registerPush } from './push'
 
 function generateCodeVerifier() {
   const array = new Uint8Array(32)
@@ -59,6 +60,7 @@ export async function twitterExchange(code, state, reason) {
       setToken(data.token)
       await loadCurrentUser()
       toast.success('登录成功')
+      registerPush()
       return { success: true, needReason: false }
     } else if (data.reason_code === 'NOT_APPROVED') {
       toast.info('当前为注册审核模式，请填写注册理由')
diff --git a/open-isle-cli/src/views/LoginPageView.vue b/open-isle-cli/src/views/LoginPageView.vue
index c8418ca9d..cba93fb48 100644
--- a/open-isle-cli/src/views/LoginPageView.vue
+++ b/open-isle-cli/src/views/LoginPageView.vue
@@ -59,6 +59,7 @@ import { githubAuthorize } from '../utils/github'
 import { discordAuthorize } from '../utils/discord'
 import { twitterAuthorize } from '../utils/twitter'
 import BaseInput from '../components/BaseInput.vue'
+import { registerPush } from '../utils/push'
 export default {
   name: 'LoginPageView',
   components: { BaseInput },
@@ -87,6 +88,7 @@ export default {
           setToken(data.token)
           await loadCurrentUser()
           toast.success('登录成功')
+          registerPush()
           this.$router.push('/')
         } else if (data.reason_code === 'NOT_VERIFIED') {
           toast.info('当前邮箱未验证，已经为您重新发送验证码')
diff --git a/src/main/java/com/openisle/config/SecurityConfig.java b/src/main/java/com/openisle/config/SecurityConfig.java
index 44ef64d65..e93419ca2 100644
--- a/src/main/java/com/openisle/config/SecurityConfig.java
+++ b/src/main/java/com/openisle/config/SecurityConfig.java
@@ -108,6 +108,7 @@ public class SecurityConfig {
                     .requestMatchers(HttpMethod.POST,"/api/auth/reason").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/search/**").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/users/**").permitAll()
+                    .requestMatchers(HttpMethod.GET, "/api/push/public-key").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/reaction-types").permitAll()
                     .requestMatchers(HttpMethod.GET, "/api/activities/**").permitAll()
                     .requestMatchers(HttpMethod.POST, "/api/categories/**").hasAuthority("ADMIN")
@@ -140,7 +141,7 @@ public class SecurityConfig {
                          uri.startsWith("/api/categories") || uri.startsWith("/api/tags") ||
                         uri.startsWith("/api/search") || uri.startsWith("/api/users") ||
                          uri.startsWith("/api/reaction-types") || uri.startsWith("/api/config") ||
-                         uri.startsWith("/api/activities"));
+                         uri.startsWith("/api/activities") || uri.startsWith("/api/push/public-key"));
 
                 if (authHeader != null && authHeader.startsWith("Bearer ")) {
                     String token = authHeader.substring(7);
diff --git a/src/main/java/com/openisle/service/PushNotificationService.java b/src/main/java/com/openisle/service/PushNotificationService.java
index 862fb9904..8f9336e2d 100644
--- a/src/main/java/com/openisle/service/PushNotificationService.java
+++ b/src/main/java/com/openisle/service/PushNotificationService.java
@@ -3,6 +3,7 @@ package com.openisle.service;
 import com.openisle.model.PushSubscription;
 import com.openisle.model.User;
 import com.openisle.repository.PushSubscriptionRepository;
+import lombok.extern.slf4j.Slf4j;
 import nl.martijndwars.webpush.Notification;
 import nl.martijndwars.webpush.PushService;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
@@ -15,6 +16,7 @@ import java.security.GeneralSecurityException;
 import java.security.Security;
 import java.util.List;
 
+@Slf4j
 @Service
 public class PushNotificationService {
     private final PushSubscriptionRepository subscriptionRepository;
@@ -35,7 +37,7 @@ public class PushNotificationService {
                 Notification notification = new Notification(sub.getEndpoint(), sub.getP256dh(), sub.getAuth(), payload);
                 pushService.send(notification);
             } catch (GeneralSecurityException | IOException | JoseException | InterruptedException | java.util.concurrent.ExecutionException e) {
-                // ignore
+                log.error(e.getMessage());
             }
         }
     }
diff --git a/src/main/java/com/openisle/service/PushSubscriptionService.java b/src/main/java/com/openisle/service/PushSubscriptionService.java
index 6d76c2b85..5a062b302 100644
--- a/src/main/java/com/openisle/service/PushSubscriptionService.java
+++ b/src/main/java/com/openisle/service/PushSubscriptionService.java
@@ -6,6 +6,7 @@ import com.openisle.repository.PushSubscriptionRepository;
 import com.openisle.repository.UserRepository;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
 
 import java.util.List;
 
@@ -15,6 +16,7 @@ public class PushSubscriptionService {
     private final PushSubscriptionRepository subscriptionRepository;
     private final UserRepository userRepository;
 
+    @Transactional
     public void saveSubscription(String username, String endpoint, String p256dh, String auth) {
         User user = userRepository.findByUsername(username)
                 .orElseThrow(() -> new com.openisle.exception.NotFoundException("User not found"));