diff --git a/controller/validator/validate.go b/controller/validator/validate.go
index da67f85..041c524 100644
--- a/controller/validator/validate.go
+++ b/controller/validator/validate.go
@@ -12,7 +12,7 @@ var (
 	ReValidRef  = regexp.MustCompile(`^\w+/?\w+$`)
 	ReValidRepo = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_\-]{1,61}[a-zA-Z0-9]$`)
 	ReValidUser = regexp.MustCompile(`^[a-zA-Z0-9][a-zA-Z0-9_-]{1,28}[a-zA-Z0-9]$`)
-	ReValidPath = regexp.MustCompile(`^(?:/?[^\x00-\x1F\\/:*?"<>|]+/)*[^\x00-\x1F\\/:*?"<>|]+(\.[^\x00-\x1F\\/:*?"<>|]+)?$`)
+	ReValidPath = regexp.MustCompile(`^[^\x00/:*?"<>|]*/?([^/\s\x00:*?"<>|]+/)*[^/\s\x00:*?"<>|]+(?:\.[a-zA-Z0-9]+)?$`)
 
 	// RepoNameBlackList forbid repo name, reserve for routes
 	RepoNameBlackList = []string{"repository", "repositories", "wip", "wips", "object", "objects", "commit", "commits", "ref", "refs", "repo", "repos", "user", "users"}
diff --git a/controller/validator/validate_test.go b/controller/validator/validate_test.go
index 776fcb0..4bfaf4f 100644
--- a/controller/validator/validate_test.go
+++ b/controller/validator/validate_test.go
@@ -98,7 +98,7 @@ func TestValidateUsername(t *testing.T) {
 
 func TestValidateObjectPath(t *testing.T) {
 	//Validate Obj Path
-	validObjectPaths := []string{"path/to/object", "file.txt", "folder/file.txt", "我的图片.png", "我的文件/我的应用.exe", "私のビデオ.mp3, /video.mp3, /path/pic.png"}
+	validObjectPaths := []string{"path/to/object", "file.txt", "folder/file.txt", "我的图片.png", "我的文件/我的应用.exe", "私のビデオ.mp3", "/video.mp3", "/path/pic.png"}
 	for _, path := range validObjectPaths {
 		err := ValidateObjectPath(path)
 		if err != nil {