diff --git a/src/email/email.service.ts b/src/email/email.service.ts
index 1abc2f1..1b801d1 100644
--- a/src/email/email.service.ts
+++ b/src/email/email.service.ts
@@ -68,11 +68,16 @@ export class EmailService {
     return { token, userId: user?.id }
   }
 
+  // TODO： 邮箱使用缓存而不是jwt来验证正确性和时效性，校验成功后要让验证码失效。set-cookie而不是在body返回？
   async verifyEmailCode(data: EmailVerifycationDto) {
     const { token, verifyCode, email, scene } = data
-    const payload = this.jwtService.verify<EmailSendDto>(token, {
-      secret: this.getEmailJwtSecret(verifyCode, scene),
-    })
+    const payload = await this.jwtService
+      .verifyAsync<EmailSendDto>(token, {
+        secret: this.getEmailJwtSecret(verifyCode, scene),
+      })
+      .catch((err) => {
+        throw new ForbiddenException(err.message)
+      })
     if (payload.email !== email || payload.scene !== scene) {
       throw new ForbiddenException('邮箱验证码验证失败')
     }