JLNTV_IPD/vue-admin-beautiful
4
0
Fork 0
mirror of https://gitee.com/chu1204505056/vue-admin-beautiful.git synced 2025-04-30 04:06:35 +08:00
Code Issues Projects Releases Wiki Activity

1 ,安全:路由污染漏洞修复

Browse Source 
2,逻辑 未开启登录拦截且未登录时处理修改
This commit is contained in:
may_zhouwei 2020-09-09 13:44:00 +08:00
parent 89f9db190a
commit a12a2375e7
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/store/modules/routes.js
View File

@ -24,11 +24,13 @@ const mutations = {
}; };
const actions = { const actions = {
async setRoutes({ commit }, permissions) { async setRoutes({ commit }, permissions) {
//防止污染路由
const baseRoutes = [...asyncRoutes];
let accessedRoutes = []; let accessedRoutes = [];
if (permissions.includes("admin")) { if (permissions.includes("admin")) {
accessedRoutes = asyncRoutes; accessedRoutes = baseRoutes;
} else { } else {
accessedRoutes = await filterAsyncRoutes(asyncRoutes, permissions); accessedRoutes = await filterAsyncRoutes(baseRoutes, permissions);
} }
commit("setRoutes", accessedRoutes); commit("setRoutes", accessedRoutes);
return accessedRoutes; return accessedRoutes;

4
src/utils/request.js
View File

@ -9,6 +9,7 @@ import {
requestTimeout, requestTimeout,
successCode, successCode,
tokenName, tokenName,
loginInterception,
} from "@/config/settings"; } from "@/config/settings";
import store from "@/store"; import store from "@/store";
import qs from "qs"; import qs from "qs";
@ -44,7 +45,10 @@ const handleCode = (code, msg) => {
case invalidCode: case invalidCode:
Vue.prototype.$baseMessage(msg || `后端接口${code}异常`, "error"); Vue.prototype.$baseMessage(msg || `后端接口${code}异常`, "error");
store.dispatch("user/resetAccessToken").catch(() => {}); store.dispatch("user/resetAccessToken").catch(() => {});
//开启登录拦截才需要刷新,不然死循环
if (loginInterception) {
location.reload(); location.reload();
}
break; break;
case noPermissionCode: case noPermissionCode:
router.push({ path: "/401" }).catch(() => {}); router.push({ path: "/401" }).catch(() => {});