diff --git a/apps/backend/src/admin/controller/admin-user.controller.ts b/apps/backend/src/admin/controller/admin-user.controller.ts
index ec16f77..f87bfb6 100644
--- a/apps/backend/src/admin/controller/admin-user.controller.ts
+++ b/apps/backend/src/admin/controller/admin-user.controller.ts
@@ -41,7 +41,7 @@ export class AdminUserController {
 
   @Post()
   async create(@Body() createDto: CreateDto) {
-    return this.userService.create({
+    return this.userService.register({
       ...createDto,
       ...(createDto.password &&
         (() => {
diff --git a/apps/backend/src/auth/auth.controller.ts b/apps/backend/src/auth/auth.controller.ts
index 413257b..ef81277 100644
--- a/apps/backend/src/auth/auth.controller.ts
+++ b/apps/backend/src/auth/auth.controller.ts
@@ -15,6 +15,9 @@ import { Throttle, ThrottlerGuard } from '@nestjs/throttler';
 import { Response } from 'express';
 import { UserService } from 'src/user/user.service';
 import { AuthGuard } from './guards/auth.guard';
+import { SmsLoginDto } from './dto/sms-login.dto';
+import { SmsService } from 'src/sms/sms.service';
+import { UserSession } from 'src/user/entities/user-session.entity';
 
 @Controller('auth')
 export class AuthController {
@@ -22,26 +25,11 @@ export class AuthController {
     private readonly authService: AuthService,
     private readonly userService: UserService,
     private readonly userSessionService: UserSessionService,
+    private readonly smsService: SmsService,
   ) { }
 
-  // @Post('login')
-  // @UseGuards(ThrottlerGuard)
-  // @Throttle({ default: { limit: 20, ttl: 60000 } })
-  // async login(@Body() loginDto: LoginDto) {
-  //   switch (loginDto.type) {
-  //     case 'password':
-  //       return this.authService.loginWithPassword(loginDto);
-  //     case 'phone':
-  //       return this.authService.loginWithPhone(loginDto);
-  //     case 'email':
-  //       return this.authService.loginWithEmail(loginDto);
-  //     default:
-  //       throw new BadRequestException('服务器错误');
-  //   }
-  // }
-
-  private setUserSession(res: Response, sessionId: string) {
-    res.cookie('session', sessionId, {
+  private setUserSession(res: Response, session: UserSession) {
+    res.cookie('session', session.sessionId, {
       httpOnly: true,
       secure: process.env.NODE_ENV === 'production',
       sameSite: 'lax',
@@ -57,20 +45,22 @@ export class AuthController {
   ) {
     const { identifier, password } = loginDto;
     const session = await this.authService.loginWithPassword(identifier, password);
-    this.setUserSession(res, session.sessionId);
+    this.setUserSession(res, session);
     return {
       user: await this.userService.findById(session.userId),
     };
   }
 
-  @Post('sms/send')
-  async sendSms() {
-    throw new NotImplementedException();
-  }
-
   @Post('login/sms')
-  async loginBySms() {
-    throw new NotImplementedException();
+  async loginBySms(
+    @Body() dto: SmsLoginDto,
+    @Res({ passthrough: true }) res: Response,
+  ) {
+    const { phone, code } = dto;
+    await this.smsService.checkSms(phone, 'login', code);
+    // 验证通过，（注册并）登陆
+    const session = await this.authService.loginWithPhone(phone);
+    this.setUserSession(res, session);
   }
 
   @Post('passkey/login/options')
diff --git a/apps/backend/src/auth/auth.module.ts b/apps/backend/src/auth/auth.module.ts
index 3eeaf9a..d2f8fae 100644
--- a/apps/backend/src/auth/auth.module.ts
+++ b/apps/backend/src/auth/auth.module.ts
@@ -8,6 +8,7 @@ import { ConfigModule } from '@nestjs/config';
 import { VerificationModule } from 'src/verification/verification.module';
 import { AuthGuard } from './guards/auth.guard';
 import { OptionalAuthGuard } from './guards/optional-auth.guard';
+import { SmsModule } from 'src/sms/sms.module';
 
 @Module({
   imports: [
@@ -15,6 +16,7 @@ import { OptionalAuthGuard } from './guards/optional-auth.guard';
     forwardRef(() => UserModule),
     TypeOrmModule.forFeature([UserSession]),
     VerificationModule,
+    SmsModule,
   ],
   controllers: [AuthController],
   providers: [AuthService, AuthGuard, OptionalAuthGuard],
diff --git a/apps/backend/src/auth/auth.service.ts b/apps/backend/src/auth/auth.service.ts
index 710ed05..a1b3e5d 100644
--- a/apps/backend/src/auth/auth.service.ts
+++ b/apps/backend/src/auth/auth.service.ts
@@ -11,7 +11,6 @@ export class AuthService {
   constructor(
     private readonly userService: UserService,
     private readonly userSessionService: UserSessionService,
-    private readonly verificationService: VerificationService,
   ) { }
 
   async loginWithPassword(identifier: string, password: string) {
@@ -51,27 +50,7 @@ export class AuthService {
     return this.userSessionService.createSession(userId);
   }
 
-  async loginWithPhone(data: { phone: string; code: string; }) {
-    const { phone, code } = data;
-    // 先判断验证码是否正确
-    const isValid = this.verificationService.verifyPhoneCode(
-      phone,
-      code,
-      'login',
-    );
-    switch (isValid) {
-      case 0:
-        break;
-      case -1:
-        throw new BadRequestException('验证码已过期');
-      case -2:
-        throw new BadRequestException('验证码错误');
-      case -3:
-        throw new BadRequestException('验证码已失效');
-      default:
-        throw new BadRequestException('验证码错误');
-    }
-
+  async loginWithPhone(phone: string) {
     // 判断用户是否存在，若不存在则进行注册
     let user = await this.userService.findOne({ phone }, { withDeleted: true });
     if (user && user.deletedAt !== null) {
@@ -80,7 +59,7 @@ export class AuthService {
 
     if (!user) {
       // 执行注册操作
-      user = await this.userService.create({ phone: phone });
+      user = await this.userService.register({ phone });
     }
 
     if (!user || !user.userId) {
@@ -88,9 +67,7 @@ export class AuthService {
       throw new BadRequestException('请求失败，请稍后再试');
     }
 
-    return {
-      userId: user.userId
-    };
+    return this.userSessionService.createSession(user.userId);
   }
 
   private hashPassword(password: string, salt: string): string {
diff --git a/apps/backend/src/sms/sms.service.ts b/apps/backend/src/sms/sms.service.ts
index b198c7b..5333979 100644
--- a/apps/backend/src/sms/sms.service.ts
+++ b/apps/backend/src/sms/sms.service.ts
@@ -170,7 +170,6 @@ export class SmsService {
 
             record.usedAt = new Date();
             await this.smsRecordRepository.save(record);
-            return true;
         } else {
             throw new InternalServerErrorException('未知的Sms类型');
         }
diff --git a/apps/backend/src/user/user.service.ts b/apps/backend/src/user/user.service.ts
index 0136f23..950adec 100644
--- a/apps/backend/src/user/user.service.ts
+++ b/apps/backend/src/user/user.service.ts
@@ -74,7 +74,7 @@ export class UserService {
     });
   }
 
-  async create(user: Partial<User>): Promise<User> {
+  async register(user: Partial<User>): Promise<User> {
     try {
       const newUser = this.userRepository.create(user);
       return await this.userRepository.save(newUser);