diff --git a/api/login/sso.go b/api/login/sso.go
index c44f592..de5e7a1 100644
--- a/api/login/sso.go
+++ b/api/login/sso.go
@@ -7,6 +7,7 @@ import (
 	"epur-pay/pkg/utils"
 	"fmt"
 	"golang.org/x/crypto/bcrypt"
+	"regexp"
 )
 
 type SsoLoginParams struct {
@@ -33,6 +34,12 @@ type SsoLoginResponse struct {
 func SsoLogin(a *dapi.ApiBase, data *SsoLoginParams) error {
 	Response := SsoLoginResponse{}
 
+	mobileRegex := `^1[3-9]\d{9}$`
+	matched, err := regexp.MatchString(mobileRegex, data.Mobile)
+	if err != nil || !matched {
+		return a.ReturnPublicErrorResponse(a.Translate("invalid_mobile"))
+	}
+
 	user := model.User{}
 	utils.Error(a.Ts.Table(user.TableName()).Where("mobile", data.Mobile).Scan(&user).Error)