diff --git a/server/handlers/room.go b/server/handlers/room.go
index 3d7b7fb..9a74591 100644
--- a/server/handlers/room.go
+++ b/server/handlers/room.go
@@ -215,9 +215,14 @@ func LoginRoom(ctx *gin.Context) {
 		return
 	}
 
-	room, err := middlewares.AuthRoomWithPassword(user, req.RoomId, req.Password)
+	room, err := op.LoadOrInitRoomByID(req.RoomId)
 	if err != nil {
-		ctx.AbortWithStatusJSON(http.StatusUnauthorized, model.NewApiErrorResp(err))
+		ctx.AbortWithStatusJSON(http.StatusNotFound, model.NewApiErrorResp(err))
+		return
+	}
+
+	if room.CreatorID != user.ID && !room.CheckPassword(req.Password) {
+		ctx.AbortWithStatusJSON(http.StatusForbidden, model.NewApiErrorStringResp("password error"))
 		return
 	}
 
diff --git a/server/middlewares/auth.go b/server/middlewares/auth.go
index c8c47cf..11b4c4b 100644
--- a/server/middlewares/auth.go
+++ b/server/middlewares/auth.go
@@ -87,17 +87,6 @@ func AuthRoom(Authorization string) (*op.User, *op.Room, error) {
 	return u, r, nil
 }
 
-func AuthRoomWithPassword(u *op.User, roomId uint, password string) (*op.Room, error) {
-	r, err := op.LoadOrInitRoomByID(roomId)
-	if err != nil {
-		return nil, err
-	}
-	if !r.CheckPassword(password) {
-		return nil, ErrAuthFailed
-	}
-	return r, nil
-}
-
 func AuthUser(Authorization string) (*op.User, error) {
 	claims, err := authUser(Authorization)
 	if err != nil {