diff --git a/pkg/api/middleware.go b/pkg/api/middleware.go
index 3092b5b..ffd9c4e 100644
--- a/pkg/api/middleware.go
+++ b/pkg/api/middleware.go
@@ -5,6 +5,7 @@ import (
 	"github.com/labstack/echo/v4"
 	"next-terminal/pkg/global"
 	"next-terminal/pkg/model"
+	"regexp"
 	"strings"
 	"time"
 )
@@ -27,19 +28,32 @@ func ErrorHandler(next echo.HandlerFunc) echo.HandlerFunc {
 
 func Auth(next echo.HandlerFunc) echo.HandlerFunc {
 
-	urls := []string{"/download", "/recording", "/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
+	startWithUrls := []string{"/login", "/static", "/favicon.ico", "/logo.svg", "/asciinema"}
+
+	download := regexp.MustCompile(`/sessions/\w{8}(-\w{4}){3}-\w{12}/download`)
+	recording := regexp.MustCompile(`/sessions/\w{8}(-\w{4}){3}-\w{12}/recording`)
 
 	return func(c echo.Context) error {
+
+		uri := c.Request().RequestURI
+		if uri == "/" || strings.HasPrefix(uri, "/#") {
+			return next(c)
+		}
 		// 路由拦截 - 登录身份、资源权限判断等
-		for i := range urls {
-			if c.Request().RequestURI == "/" || strings.HasPrefix(c.Request().RequestURI, "/#") {
-				return next(c)
-			}
-			if strings.HasPrefix(c.Request().RequestURI, urls[i]) {
+		for i := range startWithUrls {
+			if strings.HasPrefix(uri, startWithUrls[i]) {
 				return next(c)
 			}
 		}
 
+		if download.FindString(uri) != "" {
+			return next(c)
+		}
+
+		if recording.FindString(uri) != "" {
+			return next(c)
+		}
+
 		token := GetToken(c)
 		cacheKey := strings.Join([]string{Token, token}, ":")
 		authorization, found := global.Cache.Get(cacheKey)