diff --git a/app/Http/Controllers/IndexController.php b/app/Http/Controllers/IndexController.php
index 80d9020c4..c36495ae5 100755
--- a/app/Http/Controllers/IndexController.php
+++ b/app/Http/Controllers/IndexController.php
@@ -322,8 +322,8 @@ class IndexController extends InvokeController
         $path = Arr::get($data, 'path');
         $file = public_path($path);
         // 防止 ../ 穿越获取到系统文件
-        if (strpos(realpath($file), public_path()) !== 0) {
-            return abort(404);
+        if (!str_starts_with(realpath($file), public_path())) {
+            abort(404);
         }
         //
         if (file_exists($file)) {
@@ -331,11 +331,23 @@ class IndexController extends InvokeController
             $name = Arr::get($query, 'name');
             $ext = strtolower(Arr::get($query, 'ext'));
             $userAgent = strtolower(Request::server('HTTP_USER_AGENT'));
-            if ($ext === 'pdf'
-                && (str_contains($userAgent, 'electron') || str_contains($userAgent, 'chrome'))) {
-                return Response::download($file, $name, [
-                    'Content-Type' => 'application/pdf'
-                ], 'inline');
+            if ($ext === 'pdf') {
+                // electron 直接在线预览查看
+                if (str_contains($userAgent, 'electron')) {
+                    return Response::download($file, $name, [
+                        'Content-Type' => 'application/pdf'
+                    ], 'inline');
+                }
+                // EEUI App 直接在线预览查看
+                if (str_contains($userAgent, 'eeui')) {
+                    if (str_contains($userAgent, 'iphone') || str_contains($userAgent, 'ipad')) {
+                        $message = Base::array2json([
+                            'type' => 'currentOpen',
+                            'url' => Base::fillUrl($path),
+                        ]);
+                        return "<script>window.top.postMessage($message, '*')</script>";
+                    }
+                }
             }
             //
             if (in_array($ext, File::localExt)) {
@@ -351,7 +363,7 @@ class IndexController extends InvokeController
             $toUrl = Base::fillUrl("fileview/onlinePreview?url=" . urlencode(base64_encode($url)));
             return Redirect::to($toUrl, 301);
         }
-        return abort(404);
+        abort(404);
     }
 
     /**
@@ -366,6 +378,18 @@ class IndexController extends InvokeController
         ]);
     }
 
+    /**
+     * 设置用户信息
+     * @return \Illuminate\Contracts\Foundation\Application|\Illuminate\Contracts\View\Factory|\Illuminate\Contracts\View\View
+     */
+    public function setting__userinfo()
+    {
+        return view('setting', [
+            'userid' => Request::input('userid'),
+            'token' => Request::input('token')
+        ]);
+    }
+
     /**
      * 提取所有中文
      * @return array|string
diff --git a/resources/assets/js/App.vue b/resources/assets/js/App.vue
index 4f4788d8d..eed60a9a0 100755
--- a/resources/assets/js/App.vue
+++ b/resources/assets/js/App.vue
@@ -68,12 +68,14 @@ export default {
     mounted() {
         window.addEventListener('resize', this.windowSizeListener);
         window.addEventListener('scroll', this.windowScrollListener);
+        window.addEventListener('message', this.windowHandleMessage)
         this.searchInter = setInterval(this.searchEnter, 1000);
     },
 
     beforeDestroy() {
         window.removeEventListener('resize', this.windowSizeListener);
         window.removeEventListener('scroll', this.windowScrollListener);
+        window.removeEventListener('message', this.windowHandleMessage)
         this.searchInter && clearInterval(this.searchInter);
     },
 
@@ -106,6 +108,7 @@ export default {
         userId: {
             handler() {
                 this.$store.dispatch("websocketConnection");
+                this.synchUserToken();
                 //
                 if (this.userId > 0) {
                     if (this.$isEEUiApp) {
@@ -223,6 +226,16 @@ export default {
             });
         },
 
+        synchUserToken() {
+            if (this.isSoftware) {
+                this.iframes = this.iframes.filter(({key}) => key != 'synchUserToken')
+                this.iframes.push({
+                    key: 'synchUserToken',
+                    url: $A.apiUrl(`../setting/userinfo?userid=${this.userId}&token=${this.userToken}`)
+                })
+            }
+        },
+
         autoTheme() {
             if (this.themeMode === "auto") {
                 this.$store.dispatch("synchTheme")
@@ -271,6 +284,15 @@ export default {
             this.$store.state.windowScrollY = window.scrollY
         },
 
+        windowHandleMessage({data}) {
+            data = $A.jsonParse(data);
+            if (data.type === 'currentOpen') {
+                if ($A.getDomain(window.location.href) === $A.getDomain(data.url) || $A.getDomain($A.apiUrl('../')) === $A.getDomain(data.url)) {
+                    window.location.href = data.url
+                }
+            }
+        },
+
         electronEvents() {
             if (!this.$Electron) {
                 return;
diff --git a/resources/views/setting.blade.php b/resources/views/setting.blade.php
index bc61b3a2f..4a941ecd4 100755
--- a/resources/views/setting.blade.php
+++ b/resources/views/setting.blade.php
@@ -5,4 +5,10 @@
 @if ($language)
     window.localStorage.setItem("__language:type__", "{{ $language }}");
 @endif
+@if ($userid)
+    window.localStorage.setItem("__user:userid__", "{{ $userid }}");
+@endif
+@if ($token)
+    window.localStorage.setItem("__user:token__", "{{ $token }}");
+@endif
 </script>