1 ，安全：路由污染漏洞修复

2，逻辑 未开启登录拦截且未登录时处理修改

src/store/modules/routes.js

@@ -24,11 +24,13 @@ const mutations = {
 };
 const actions = {
   async setRoutes({ commit }, permissions) {
+    //防止污染路由
+    const baseRoutes = [...asyncRoutes];
     let accessedRoutes = [];
     if (permissions.includes("admin")) {
-      accessedRoutes = asyncRoutes;
+      accessedRoutes = baseRoutes;
     } else {
-      accessedRoutes = await filterAsyncRoutes(asyncRoutes, permissions);
+      accessedRoutes = await filterAsyncRoutes(baseRoutes, permissions);
     }
     commit("setRoutes", accessedRoutes);
     return accessedRoutes;

src/utils/request.js

@@ -9,6 +9,7 @@ import {
   requestTimeout,
   successCode,
   tokenName,
+  loginInterception,
 } from "@/config/settings";
 import store from "@/store";
 import qs from "qs";
@@ -44,7 +45,10 @@ const handleCode = (code, msg) => {
     case invalidCode:
       Vue.prototype.$baseMessage(msg || `后端接口${code}异常`, "error");
       store.dispatch("user/resetAccessToken").catch(() => {});
-      location.reload();
+      //开启登录拦截才需要刷新，不然死循环
+      if (loginInterception) {
+        location.reload();
+      }
       break;
     case noPermissionCode:
       router.push({ path: "/401" }).catch(() => {});