diff --git a/basic-app/src/main/java/ink/wgink/app/filter/AppTokenFilter.java b/basic-app/src/main/java/ink/wgink/app/filter/AppTokenFilter.java
index b83efa96..4edaabe3 100644
--- a/basic-app/src/main/java/ink/wgink/app/filter/AppTokenFilter.java
+++ b/basic-app/src/main/java/ink/wgink/app/filter/AppTokenFilter.java
@@ -86,7 +86,8 @@ public class AppTokenFilter extends GenericFilterBean implements InitializingBea
         String requestUri = request.getRequestURI();
         // 非app 放行
         boolean appMatcher = antPathMatcher.match("/**/app/**", requestUri);
-        if (!appMatcher) {
+        boolean appRouteMatcher = antPathMatcher.match("/**/approute/**", requestUri);
+        if (!appMatcher && !appRouteMatcher) {
             filterChain.doFilter(request, response);
             return;
         }
@@ -104,7 +105,8 @@ public class AppTokenFilter extends GenericFilterBean implements InitializingBea
             filterChain.doFilter(request, response);
             return;
         }
-        String token = request.getHeader("token");
+        // 判断header中的token
+        String token = getToken(request);
         if (StringUtils.isBlank(token)) {
             errorResponse(response, "token不能为空");
             return;
@@ -119,6 +121,24 @@ public class AppTokenFilter extends GenericFilterBean implements InitializingBea
         filterChain.doFilter(request, response);
     }
 
+    /**
+     * 获取token，先校验 header 中的 token, 没有校验参数中是否有token
+     *
+     * @param request
+     * @return
+     */
+    private String getToken(HttpServletRequest request) {
+        String headerToken = request.getHeader("token");
+        if (!StringUtils.isBlank(headerToken)) {
+            return headerToken;
+        }
+        String queryToken = request.getParameter("token");
+        if (!StringUtils.isBlank(queryToken)) {
+            return queryToken;
+        }
+        return null;
+    }
+
     /**
      * 校验token
      *