diff --git a/src/email/email.service.ts b/src/email/email.service.ts
index 68b2ca8..3d70c2b 100644
--- a/src/email/email.service.ts
+++ b/src/email/email.service.ts
@@ -1,4 +1,9 @@
-import { ConflictException, Inject, Injectable } from '@nestjs/common'
+import {
+  ConflictException,
+  Inject,
+  Injectable,
+  NotFoundException,
+} from '@nestjs/common'
 import { securityConfig, SecurityConfig } from 'src/common/configs'
 import { MailerService } from '@nestjs-modules/mailer'
 import { JwtService } from '@nestjs/jwt'
@@ -22,21 +27,21 @@ export class EmailService {
   ) {}
 
   async sendEmailToken(email: string, scene: EmailScene) {
+    const user = await this.prismaService.user.findUnique({
+      where: { email },
+    })
     switch (scene) {
       case EmailScene.register:
-        const user = await this.prismaService.user.findUnique({
-          where: { email },
-        })
+      case EmailScene.updateEmail:
         if (user) {
           throw new ConflictException(`邮箱${email}已注册`)
         }
         break
       case EmailScene.updatePassword:
-      case EmailScene.updateEmail:
       case EmailScene.deleteUser:
-        await this.prismaService.user.findUniqueOrThrow({
-          where: { email },
-        })
+        if (!user) {
+          throw new NotFoundException(`用户${email}不存在`)
+        }
         break
     }
 
diff --git a/src/users/users.controller.ts b/src/users/users.controller.ts
index 0c90c43..d4c1003 100644
--- a/src/users/users.controller.ts
+++ b/src/users/users.controller.ts
@@ -43,8 +43,11 @@ export class UsersController {
   @NeedAuth()
   @ApiOperation({ summary: '删除用户' })
   @Delete('me')
-  async deleteUser(@Body() userData: DeleteUserDto) {
-    return this.userService.deleteUser(userData)
+  async deleteUser(
+    @Body() userData: DeleteUserDto,
+    @User('userId') userId: string,
+  ) {
+    return this.userService.deleteUser(userData, userId)
   }
 
   @ApiOperation({ summary: '修改密码' })
diff --git a/src/users/users.service.ts b/src/users/users.service.ts
index dad61d4..cc0bc16 100644
--- a/src/users/users.service.ts
+++ b/src/users/users.service.ts
@@ -42,22 +42,30 @@ export class UsersService {
     return this.tokenService.generateTokens({ userId: user.id })
   }
 
-  async deleteUser(userData: DeleteUserDto) {
+  async deleteUser(userToDelete: DeleteUserDto, userId: string) {
     await this.verifyEmail(
-      userData.email,
-      userData.token,
-      userData.verifyCode,
+      userToDelete.email,
+      userToDelete.token,
+      userToDelete.verifyCode,
       EmailScene.deleteUser,
     )
-    const user = await this.prismaService.user.findUnique({
-      where: { email: userData.email },
+    const user = await this.prismaService.user.findUniqueOrThrow({
+      where: { email: userToDelete.email },
     })
-    const passwordValid = await bcrypt.compare(user.password, userData.password)
+    if (user.id !== userId) {
+      throw new ForbiddenException()
+    }
+    const passwordValid = await bcrypt.compare(
+      user.password,
+      userToDelete.password,
+    )
     if (!passwordValid) {
       throw new ForbiddenException('Invalid password')
     }
 
-    return this.prismaService.user.delete({ where: { email: userData.email } })
+    return this.prismaService.user.delete({
+      where: { email: userToDelete.email },
+    })
   }
 
   async updatePassword(payload: UpdatePassword) {