diff --git a/client/src/http/BaseModel.ts b/client/src/http/BaseModel.ts
index 5463b113..90de8a91 100644
--- a/client/src/http/BaseModel.ts
+++ b/client/src/http/BaseModel.ts
@@ -52,6 +52,10 @@ export default class BaseModel {
   static async create<T>(options: updateParamsType) {
     const { path, data } = options;
     const res = await http.post(path, data);
+    const code = res?.data?.data?.error_code;
+    if (code !== 'Success') {
+      throw new Error(res?.data?.data?.detail || res?.data?.data?.reason || 'create failed');
+    }
     return (res.data.data || {}) as T;
   }
 
diff --git a/client/src/pages/user/User.tsx b/client/src/pages/user/User.tsx
index 9794fa63..34233f31 100644
--- a/client/src/pages/user/User.tsx
+++ b/client/src/pages/user/User.tsx
@@ -72,16 +72,20 @@ const Users = () => {
   } = usePaginationHook(users || []);
 
   const handleCreate = async (data: CreateUserParams) => {
-    await UserService.createUser(data);
-    // assign user role if
-    await UserService.updateUserRole({
-      username: data.username,
-      roles: data.roles,
-    });
+    try {
+      await UserService.createUser(data);
+      // assign user role if
+      await UserService.updateUserRole({
+        username: data.username,
+        roles: data.roles,
+      });
 
-    fetchUsers();
-    openSnackBar(successTrans('create', { name: userTrans('user') }));
-    handleCloseDialog();
+      fetchUsers();
+      openSnackBar(successTrans('create', { name: userTrans('user') }));
+      handleCloseDialog();
+    } catch (error: any) {
+      openSnackBar(error.message, 'error');
+    }
   };
 
   const onUpdate = async (data: UpdateUserRoleParams) => {
diff --git a/server/src/users/dto.ts b/server/src/users/dto.ts
index bfb584f8..95c0fc61 100644
--- a/server/src/users/dto.ts
+++ b/server/src/users/dto.ts
@@ -1,9 +1,13 @@
-import { IsString, IsOptional } from 'class-validator';
+import { IsString, IsOptional,MinLength,MaxLength,Matches } from 'class-validator';
 
 export class CreateUserDto {
+  @Matches(/^[a-zA-Z][a-zA-Z0-9_-]*$/, {
+    message: 'Username must start with a letter and can only contain letters, numbers, underscores, and hyphens'
+  })
   @IsString({ message: 'username is required.' })
   readonly username: string;
-
+  @MinLength(6, { message: 'Password must be at least 6 characters long' })
+  @MaxLength(72, { message: 'Password must not exceed 72 characters' })
   @IsString({ message: 'password is required.' })
   readonly password: string;
 }