diff --git a/server/apps/system/views.py b/server/apps/system/views.py
index 3a8ee08..0be077b 100644
--- a/server/apps/system/views.py
+++ b/server/apps/system/views.py
@@ -56,7 +56,7 @@ def get_tokens_for_user(user):
         'refresh': str(refresh),
         'access': str(refresh.access_token),
     }
-
+import datetime
 class Login2View(APIView):
     authentication_classes = []
     permission_classes = []
@@ -65,7 +65,8 @@ class Login2View(APIView):
         msg = request.data['msg']
         if not User.objects.filter(username=mail).exists():
             return Response('账户不存在', status=status.HTTP_400_BAD_REQUEST)
-        if Message.objects.filter(mail=mail).exists() and Message.objects.filter(mail=mail).last().msg == msg:
+        a_minute_ago=datetime.datetime.now()-datetime.timedelta(minutes=1)
+        if Message.objects.filter(mail=mail, create_time__gte=a_minute_ago).exists() and Message.objects.filter(mail=mail).last().msg == msg:
             user = User.objects.get(username=mail)
             return Response(get_tokens_for_user(user), status=status.HTTP_200_OK)
         return Response('验证码错误', status=status.HTTP_400_BAD_REQUEST)