From fd012e423f17fed651a2de4967a752bcfd5c86ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=96=AF=E7=8B=82=E7=9A=84=E7=8B=AE=E5=AD=90li?=
 <15040126243@163.com>
Date: Thu, 11 May 2023 10:23:37 +0800
Subject: [PATCH] =?UTF-8?q?fix=20=E4=BF=AE=E5=A4=8D=20sa-token.check-same-?=
 =?UTF-8?q?token=20=E5=BC=80=E5=85=B3=E5=AF=B9=E7=BD=91=E5=85=B3=E9=89=B4?=
 =?UTF-8?q?=E6=9D=83=E6=97=A0=E6=95=88=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../common/security/config/SecurityConfiguration.java      | 7 ++++++-
 .../java/org/dromara/gateway/filter/ForwardAuthFilter.java | 5 +++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java
index 9d4a4958..efd34fc2 100644
--- a/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java
+++ b/ruoyi-common/ruoyi-common-security/src/main/java/org/dromara/common/security/config/SecurityConfiguration.java
@@ -1,5 +1,6 @@
 package org.dromara.common.security.config;
 
+import cn.dev33.satoken.SaManager;
 import cn.dev33.satoken.filter.SaServletFilter;
 import cn.dev33.satoken.interceptor.SaInterceptor;
 import cn.dev33.satoken.same.SaSameUtil;
@@ -35,7 +36,11 @@ public class SecurityConfiguration implements WebMvcConfigurer {
         return new SaServletFilter()
             .addInclude("/**")
             .addExclude("/actuator/**")
-            .setAuth(obj -> SaSameUtil.checkCurrentRequestToken())
+            .setAuth(obj -> {
+                if (SaManager.getConfig().getCheckSameToken()) {
+                    SaSameUtil.checkCurrentRequestToken();
+                }
+            })
             .setError(e -> SaResult.error("认证失败，无法访问系统资源").setCode(HttpStatus.UNAUTHORIZED));
     }
 
diff --git a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/ForwardAuthFilter.java b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/ForwardAuthFilter.java
index 7e7fb1df..fe0348b8 100644
--- a/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/ForwardAuthFilter.java
+++ b/ruoyi-gateway/src/main/java/org/dromara/gateway/filter/ForwardAuthFilter.java
@@ -1,5 +1,6 @@
 package org.dromara.gateway.filter;
 
+import cn.dev33.satoken.SaManager;
 import cn.dev33.satoken.same.SaSameUtil;
 import org.springframework.cloud.gateway.filter.GatewayFilterChain;
 import org.springframework.cloud.gateway.filter.GlobalFilter;
@@ -18,6 +19,10 @@ import reactor.core.publisher.Mono;
 public class ForwardAuthFilter implements GlobalFilter, Ordered {
     @Override
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
+        // 未开启配置则直接跳过
+        if (!SaManager.getConfig().getCheckSameToken()) {
+            return chain.filter(exchange);
+        }
         ServerHttpRequest newRequest = exchange
             .getRequest()
             .mutate()