1 ，安全：路由污染漏洞修复

2，逻辑未开启登录拦截且未登录时处理修改

1 ，安全：路由污染漏洞修复
2，逻辑未开启登录拦截且未登录时处理修改
a12a2375 · may_zhouwei · 89f9db19 · a12a2375 · a12a2375
Commit a12a2375 authored Sep 09, 2020 by may_zhouwei
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 2 deletions

src/store/modules/routes.js
+4 -2

src/utils/request.js
+4 -0

No files found.
--- a/src/store/modules/routes.js
+++ b/src/store/modules/routes.js
@@ -24,11 +24,13 @@ const mutations = {
 };
 const actions = {
  async setRoutes({ commit }, permissions) {
+    //防止污染路由
+    const baseRoutes = [...asyncRoutes];
    let accessedRoutes = [];
    if (permissions.includes("admin")) {
-      accessedRoutes = asyncRoutes;
+      accessedRoutes = baseRoutes;
    } else {
-      accessedRoutes = await filterAsyncRoutes(asyncRoutes, permissions);
+      accessedRoutes = await filterAsyncRoutes(baseRoutes, permissions);
    }
    commit("setRoutes", accessedRoutes);
    return accessedRoutes;

--- a/src/utils/request.js
+++ b/src/utils/request.js
@@ -9,6 +9,7 @@ import {
  requestTimeout,
  successCode,
  tokenName,
+  loginInterception,
 } from "@/config/settings";
 import store from "@/store";
 import qs from "qs";
@@ -44,7 +45,10 @@ const handleCode = (code, msg) => {
    case invalidCode:
      Vue.prototype.$baseMessage(msg || `后端接口${code}异常`, "error");
      store.dispatch("user/resetAccessToken").catch(() => {});
+      //开启登录拦截才需要刷新，不然死循环
+      if (loginInterception) {
        location.reload();
+      }
      break;
    case noPermissionCode:
      router.push({ path: "/401" }).catch(() => {});