diff --git a/app/Http/Controllers/Api/V1/Auth/RegisterController.php b/app/Http/Controllers/Api/V1/Auth/RegisterController.php
index 5d9f529d..be7d6a0e 100644
--- a/app/Http/Controllers/Api/V1/Auth/RegisterController.php
+++ b/app/Http/Controllers/Api/V1/Auth/RegisterController.php
@@ -5,11 +5,12 @@ namespace App\Http\Controllers\Api\V1\Auth;
 use App\Constants\Device;
 use App\Exceptions\BizException;
 use App\Http\Controllers\Api\V1\Controller;
+use App\Http\Requests\Api\V1\RegisterRequest;
+use App\Models\SmsCode;
 use App\Models\User;
 use App\Models\UserInfo;
-use Illuminate\Http\Request;
+use App\Services\SmsCodeService;
 use Illuminate\Support\Facades\DB;
-use Illuminate\Validation\Rule;
 use Throwable;
 
 class RegisterController extends Controller
@@ -17,25 +18,25 @@ class RegisterController extends Controller
     /**
      * 注册
      *
-     * @param \Illuminate\Http\Request $request
-     * @return \Illuminate\Http\Response
+     * @param \App\Http\Requests\Api\V1\RegisterRequest $request
+     * @param \App\Services\SmsCodeService $smsCodeService
+     * @return \Illuminate\Http\JsonResponse
      */
-    public function __invoke(Request $request)
+    public function __invoke(RegisterRequest $request, SmsCodeService $smsCodeService)
     {
-        $request->validate([
-            'phone' => ['bail', 'required', Rule::unique(User::class)],
-            'password' => ['bail', 'required', 'string', 'min:6', 'max:32'],
-            'verify_code' => ['bail', 'required', 'string'],
-            'code' => ['bail', 'nullable', 'string'],
-        ]);
+        $input = $request->validated();
 
-        // @todo 验证短信验证码
+        $smsCodeService->validate(
+            $input['phone'],
+            SmsCode::TYPE_REGISTER,
+            $input['verify_code']
+        );
 
         $inviter = null;
 
         if (
-            $request->filled('code')
-            && is_null($inviter = UserInfo::where('code', $request->input('code'))->first())
+            $request->filled('code') &&
+            is_null($inviter = UserInfo::where('code', $input['code'])->first())
         ) {
             throw new BizException(__('Invalid invitation code'));
         }
@@ -46,7 +47,7 @@ class RegisterController extends Controller
         try {
             DB::beginTransaction();
 
-            $user = new User($request->only(['phone', 'password']));
+            $user = new User($input);
             $user->phone_verified_at = $time;
             $user->register_ip = $ip;
             $user->last_login_at = $time;
diff --git a/app/Http/Requests/Api/V1/RegisterRequest.php b/app/Http/Requests/Api/V1/RegisterRequest.php
new file mode 100644
index 00000000..1040d117
--- /dev/null
+++ b/app/Http/Requests/Api/V1/RegisterRequest.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace App\Http\Requests\Api\V1;
+
+use App\Models\User;
+use App\Rules\PhoneNumber;
+use Illuminate\Foundation\Http\FormRequest;
+use Illuminate\Validation\Rule;
+
+class RegisterRequest extends FormRequest
+{
+    /**
+     * Determine if the user is authorized to make this request.
+     *
+     * @return bool
+     */
+    public function authorize()
+    {
+        return true;
+    }
+
+    /**
+     * Get the validation rules that apply to the request.
+     *
+     * @return array
+     */
+    public function rules()
+    {
+        return [
+            'phone' => ['bail', 'required', new PhoneNumber(), Rule::unique(User::class)],
+            'password' => ['bail', 'required', 'string', 'min:6', 'max:32'],
+            'verify_code' => ['bail', 'required', 'string'],
+            'code' => ['bail', 'nullable', 'string'],
+        ];
+    }
+}