diff --git a/route/api/index.js b/route/api/index.js
index f41bd1b..f21420f 100644
--- a/route/api/index.js
+++ b/route/api/index.js
@@ -45,7 +45,8 @@ r.post('/login', koaBody(), async (c, n) => {
   let values = [c.request.body.account]
   let userAcc = await c.db.query({text, values})
   if (userAcc.rowCount === 0) throw genError('NotFound', 'user not found')
-  if (!comparePassword(c.request.body.password, userAcc.rows[0].password)) throw genError('DataFormat', 'account or password error')
+  let matchPass = await comparePassword(c.request.body.password, userAcc.rows[0].password)
+  if (!matchPass) throw genError('DataFormat', 'account or password error')
 
   let user = userAcc.rows[0]
   delete user.password