diff --git a/src/main/java/com/qiwenshare/file/controller/FiletransferController.java b/src/main/java/com/qiwenshare/file/controller/FiletransferController.java
index 8ebe595..5be8c11 100644
--- a/src/main/java/com/qiwenshare/file/controller/FiletransferController.java
+++ b/src/main/java/com/qiwenshare/file/controller/FiletransferController.java
@@ -145,7 +145,12 @@ public class FiletransferController {
     @GetMapping("/preview")
     public void preview(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,  PreviewDTO previewDTO){
 
+        String token = previewDTO.getToken();
+        UserBean sessionUserBean = userService.getUserBeanByToken(token);
         UserFile userFile = userFileService.getById(previewDTO.getUserFileId());
+        if (userFile.getUserId() != sessionUserBean.getUserId()) {
+            return;
+        }
         FileBean fileBean = fileService.getById(userFile.getFileId());
         String mime= MimeUtils.getMime(userFile.getExtendName());
         httpServletResponse.setHeader("Content-Type", mime);
diff --git a/src/main/java/com/qiwenshare/file/dto/file/PreviewDTO.java b/src/main/java/com/qiwenshare/file/dto/file/PreviewDTO.java
index 529dfa3..8f9ea05 100644
--- a/src/main/java/com/qiwenshare/file/dto/file/PreviewDTO.java
+++ b/src/main/java/com/qiwenshare/file/dto/file/PreviewDTO.java
@@ -7,4 +7,5 @@ import lombok.Data;
 @Schema(name = "预览文件DTO",required = true)
 public class PreviewDTO {
     private Long userFileId;
+    private String token;
 }
diff --git a/src/main/java/com/qiwenshare/file/interceptor/AuthenticationInterceptor.java b/src/main/java/com/qiwenshare/file/interceptor/AuthenticationInterceptor.java
index 92dcd1a..e8f7ea0 100644
--- a/src/main/java/com/qiwenshare/file/interceptor/AuthenticationInterceptor.java
+++ b/src/main/java/com/qiwenshare/file/interceptor/AuthenticationInterceptor.java
@@ -33,9 +33,9 @@ public class AuthenticationInterceptor implements HandlerInterceptor {
         if ("undefined".equals(token) || StringUtils.isEmpty(token)) {
             throw new NotLoginException("token不存在");
         }
-        if (!token.startsWith("Bearer ")) {
-            throw new NotLoginException("token格式错误");
-        }
+//        if (!token.startsWith("Bearer ")) {
+//            throw new NotLoginException("token格式错误");
+//        }
         token = token.replace("Bearer ", "");
         UserBean userBean = userService.getUserBeanByToken(token);
         if (userBean == null) {
diff --git a/src/main/java/com/qiwenshare/file/service/UserService.java b/src/main/java/com/qiwenshare/file/service/UserService.java
index 69d1e90..7c7f3eb 100644
--- a/src/main/java/com/qiwenshare/file/service/UserService.java
+++ b/src/main/java/com/qiwenshare/file/service/UserService.java
@@ -3,6 +3,7 @@ package com.qiwenshare.file.service;
 import com.alibaba.fastjson.JSON;
 import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
 import com.baomidou.mybatisplus.extension.service.impl.ServiceImpl;
+import com.qiwenshare.common.exception.NotLoginException;
 import com.qiwenshare.common.util.DateUtil;
 import com.qiwenshare.common.result.RestResult;
 import com.qiwenshare.common.util.JjwtUtil;
@@ -39,6 +40,9 @@ public class UserService extends ServiceImpl<UserMapper, UserBean> implements IU
         if (StringUtils.isEmpty(token)) {
             return null;
         }
+//        if (!token.startsWith("Bearer ")) {
+//            throw new NotLoginException("token格式错误");
+//        }
         token = token.replace("Bearer ", "");
         try {
             c = JjwtUtil.parseJWT(token);