From d8bee2c6a3ab253f8f189656577c3ca1f21cbc79 Mon Sep 17 00:00:00 2001 From: wangli <274027703@qq.com> Date: Mon, 12 Jan 2026 10:51:54 +0800 Subject: [PATCH 1/5] =?UTF-8?q?fix=20-=20=E5=A4=84=E7=90=86=E7=94=9F?= =?UTF-8?q?=E4=BA=A7=E7=8E=AF=E5=A2=83=E5=8F=91=E7=8E=B0=E7=9A=84=E5=AD=97?= =?UTF-8?q?=E7=AC=A6=E4=B8=B2"null"=E7=9A=84=E5=BC=82=E5=B8=B8=E5=A4=84?= =?UTF-8?q?=E7=90=86=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/axzo/workflow/server/common/util/WpsUtil.java | 8 ++++---- .../controller/web/manage/PrintAdminController.java | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java index a04e21e2f..3bd4eb3c0 100644 --- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java +++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java @@ -296,16 +296,16 @@ public class WpsUtil { return Optional.empty(); } OrgNodeUserBriefInfoListReq req = new OrgNodeUserBriefInfoListReq(); - if (StringUtils.hasText(assigner.getTenantId())) { + if (StringUtils.hasText(assigner.getTenantId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setWorkspaceId(Long.valueOf(assigner.getTenantId())); } - if (StringUtils.hasText(assigner.getOuId())) { + if (StringUtils.hasText(assigner.getOuId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setOuId(Long.valueOf(assigner.getOuId())); } - if (StringUtils.hasText(assigner.getNodeId())) { + if (StringUtils.hasText(assigner.getNodeId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setOrgNodeIds(Lists.newArrayList(Long.valueOf(assigner.getNodeId()))); } - if (StringUtils.hasText(assigner.getPersonId())) { + if (StringUtils.hasText(assigner.getPersonId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setPersonIds(Lists.newArrayList(Long.valueOf(assigner.getPersonId()))); } req.setNeedJob(true); diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java index 5e3657116..112292f5d 100644 --- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java +++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java @@ -476,16 +476,16 @@ public class PrintAdminController implements PrintAdminApi { return Optional.empty(); } OrgNodeUserBriefInfoListReq req = new OrgNodeUserBriefInfoListReq(); - if (StringUtils.hasText(assigner.getTenantId())) { + if (StringUtils.hasText(assigner.getTenantId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setWorkspaceId(Long.valueOf(assigner.getTenantId())); } - if (StringUtils.hasText(assigner.getOuId())) { + if (StringUtils.hasText(assigner.getOuId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setOuId(Long.valueOf(assigner.getOuId())); } - if (StringUtils.hasText(assigner.getNodeId())) { + if (StringUtils.hasText(assigner.getNodeId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setOrgNodeIds(Lists.newArrayList(Long.valueOf(assigner.getNodeId()))); } - if (StringUtils.hasText(assigner.getPersonId())) { + if (StringUtils.hasText(assigner.getPersonId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setPersonIds(Lists.newArrayList(Long.valueOf(assigner.getPersonId()))); } req.setNeedJob(true); From f87ae7cdbc1829d86aaeb00116f39fb398741449 Mon Sep 17 00:00:00 2001 From: wangli <274027703@qq.com> Date: Tue, 13 Jan 2026 18:04:17 +0800 Subject: [PATCH 2/5] =?UTF-8?q?feature/dingdingLogin:=20=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E9=92=89=E9=92=89=E6=8E=88=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/conf/FlowableConfiguration.java | 3 + .../web/DangerOperationController.java | 172 +++++++--- .../server/service/AuthCodeService.java | 46 --- .../src/main/resources/templates/form.html | 320 +++++------------- 4 files changed, 217 insertions(+), 324 deletions(-) delete mode 100644 workflow-engine-server/src/main/java/cn/axzo/workflow/server/service/AuthCodeService.java diff --git a/workflow-engine-core/src/main/java/cn/axzo/workflow/core/conf/FlowableConfiguration.java b/workflow-engine-core/src/main/java/cn/axzo/workflow/core/conf/FlowableConfiguration.java index 53fc11e8e..8fcd6ac20 100644 --- a/workflow-engine-core/src/main/java/cn/axzo/workflow/core/conf/FlowableConfiguration.java +++ b/workflow-engine-core/src/main/java/cn/axzo/workflow/core/conf/FlowableConfiguration.java @@ -187,6 +187,8 @@ public class FlowableConfiguration { private Environment environment; @Value("${ossEnvUrl:http://dev-app.axzo.cn/oss}") private String ossEvnUrl; + @Value("${rivenEnvUrl:http://dev-app.axzo.cn/riven}") + private String rivenEnvUrl; private static String POD_NAMESPACE; static { @@ -205,6 +207,7 @@ public class FlowableConfiguration { String url = requestTemplate.feignTarget().url(); // 如需修改微服务地址,建议通过外部化参数来调整 url = url.replace("http://oss:9123", ossEvnUrl); + url = url.replace("http://riven:8080", rivenEnvUrl); String profile = environment.getProperty("spring.profiles.active"); if (Objects.equals(profile, "test") && url.contains("dev-app.axzo.cn")) { url = url.replace("dev-app", "test-api"); diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java index 704796aea..67a459964 100644 --- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java +++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java @@ -1,6 +1,9 @@ package cn.axzo.workflow.server.controller.web; import cn.axzo.framework.domain.data.AssertUtil; +import cn.axzo.riven.client.domain.ThirdPartyUserDTO; +import cn.axzo.riven.client.feign.ThirdPartySyncApi; +import cn.axzo.riven.client.req.ThirdPartyUserReq; import cn.axzo.workflow.common.model.request.bpmn.process.BpmnProcessInstanceAbortDTO; import cn.axzo.workflow.common.model.request.bpmn.process.BpmnProcessInstanceCancelDTO; import cn.axzo.workflow.common.model.request.bpmn.task.BpmnTaskAuditDTO; @@ -8,16 +11,19 @@ import cn.axzo.workflow.common.model.request.bpmn.task.BpmnTaskDelegateAssigner; import cn.axzo.workflow.core.repository.entity.ExtAxProcessLog; import cn.axzo.workflow.core.service.BpmnProcessTaskService; import cn.axzo.workflow.core.service.ExtAxProcessLogService; +import cn.axzo.workflow.server.common.util.RpcExternalUtil; import cn.axzo.workflow.server.controller.web.bpmn.BpmnProcessInstanceController; import cn.axzo.workflow.server.controller.web.bpmn.BpmnProcessJobController; import cn.axzo.workflow.server.controller.web.bpmn.BpmnProcessTaskController; -import cn.axzo.workflow.server.service.AuthCodeService; import cn.axzo.workflow.server.xxljob.DangerSuperOperationJobHandler; import cn.azxo.framework.common.model.CommonResponse; +import cn.hutool.http.HttpRequest; import com.alibaba.fastjson.JSON; +import com.alibaba.fastjson.JSONObject; import lombok.extern.slf4j.Slf4j; import org.flowable.engine.RuntimeService; import org.flowable.engine.runtime.ProcessInstance; +import org.springframework.beans.factory.annotation.Value; import org.springframework.core.env.Environment; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -62,65 +68,50 @@ public class DangerOperationController { @Resource private ExtAxProcessLogService processLogService; @Resource - private AuthCodeService authCodeService; - @Resource private Environment environment; + @Resource + private ThirdPartySyncApi thirdPartySyncApi; + + @Value("${dingtalk.appKey:dingja2qgqydgwsodrux}") + private String appKey; + + @Value("${dingtalk.appSecret:bi0zHpCEqyLQ28MyEDL9llEdxo2X1L_KWSCzvZX0g7O1aeOnc2IDV20mAXiDTm7l}") + private String appSecret; + @Value("${dingtalk.corpId:ding509fc72d6685d56d4ac5d6980864d335}") + private String corpId; // 显示表单页面 @GetMapping("/web/process/form") public String showProcessForm(HttpSession session, Model model) { + log.info("{} 访问流程表单页面", getOperatorInfo(session)); // 检查session中是否已验证授权码 Boolean isAuthenticated = (Boolean) session.getAttribute("isAuthenticated"); model.addAttribute("isAuthenticated", isAuthenticated != null && isAuthenticated); + // 如果已认证,尝试获取用户信息并传递给页面 + if (isAuthenticated != null && isAuthenticated) { + Object dingUserObj = session.getAttribute("dingUser"); + if (dingUserObj instanceof JSONObject) { + String nick = ((JSONObject) dingUserObj).getString("nick"); + model.addAttribute("userNick", nick); + } + } + String myPodNamespace = environment.getProperty(K8S_POD_NAME_SPACE); model.addAttribute("apiBaseUrl", StringUtils.hasText(myPodNamespace) ? "/workflow-engine" : ""); + model.addAttribute("dingTalkAppKey", appKey); + model.addAttribute("dingTalkCorpId", corpId); // 可以在这里添加需要传递到页面的数据 return "form"; // 对应templates目录下的form.html } - /** - * 获取授权码 - * - * @param password - * @return - */ - @PostMapping("/web/process/get-auth-code") - @ResponseBody - public CommonResponse getAuthCode(@RequestParam String password) { - if (Objects.equals("WANG+lI648438", password)) { - String authCode = authCodeService.generateAuthCode(); - return CommonResponse.success(authCode); - } - return CommonResponse.error("密码错误"); - } - - /** - * 验证用户输入的授权码 - */ - @PostMapping("/web/process/validate-auth") - public String validateAuthCode(@RequestParam String authCode, HttpSession session, Model model) { - if (Objects.equals("WANG+lI648438", authCode) || authCodeService.validateAuthCode(authCode)) { - // 验证通过:在session中标记 - session.setAttribute("isAuthenticated", true); - model.addAttribute("isAuthenticated", true); - } else { - // 验证失败:提示错误 - model.addAttribute("isAuthenticated", false); - model.addAttribute("authError", "授权码无效或已过期,请重新输入"); - } - String myPodNamespace = environment.getProperty(K8S_POD_NAME_SPACE); - model.addAttribute("apiBaseUrl", StringUtils.hasText(myPodNamespace) ? "/workflow-engine" : ""); - return "form"; // 重新显示授权码输入框 - } - // 处理表单提交 @PostMapping(value = "/web/process/handle") @ResponseBody - public CommonResponse handleProcess(@Validated @RequestBody DangerSuperOperationJobHandler.DangerOperationJobParam jobParam, Model model) { + public CommonResponse handleProcess(@Validated @RequestBody DangerSuperOperationJobHandler.DangerOperationJobParam jobParam, HttpSession session, Model model) { // 处理表单提交的逻辑 - log.info("请求参入: {}", JSON.toJSONString(jobParam)); + log.info("{} 请求操作流程: {}", getOperatorInfo(session), JSON.toJSONString(jobParam)); try { ProcessInstance processInstance = runtimeService.createProcessInstanceQuery().processInstanceId(jobParam.getProcessInstanceId()).singleResult(); @@ -237,4 +228,105 @@ public class DangerOperationController { log.info("撤回操作完成"); } + /** + * 钉钉扫码登录回调 + * + * @param authCode 钉钉返回的授权码 + */ + @GetMapping("/web/process/dingtalk-callback") + public String dingTalkCallback(@RequestParam("authCode") String authCode, HttpSession session, Model model) { + log.info("收到钉钉登录回调, authCode: {}", authCode); + + // 如果没有配置 AppSecret,则无法进行后续交互,直接返回错误(或者为了测试方便这里可以留个后门? 不,严格处理) + if (!StringUtils.hasText(appSecret)) { + log.error("DingTalk AppSecret not configured"); + model.addAttribute("authError", "服务端未配置 AppSecret,无法登录"); + return "form"; + } + + try { + // 1. 获取 AccessToken + // 文档: https://open.dingtalk.com/document/isvapp/obtain-user-token + JSONObject tokenParams = new JSONObject(); + tokenParams.put("clientId", appKey); + tokenParams.put("clientSecret", appSecret); + tokenParams.put("code", authCode); + tokenParams.put("grantType", "authorization_code"); + + String tokenResponse = HttpRequest.post("https://api.dingtalk.com/v1.0/oauth2/userAccessToken") + .body(tokenParams.toJSONString()) + .timeout(5000) + .execute() + .body(); + + log.info("DingTalk Token Response: {}", tokenResponse); + JSONObject tokenJson = JSON.parseObject(tokenResponse); + String accessToken = tokenJson.getString("accessToken"); + + if (!StringUtils.hasText(accessToken)) { + log.error("Failed to get access token: {}", tokenResponse); + model.addAttribute("authError", "钉钉登录验证失败: 无法获取 AccessToken"); + return "form"; + } + + // 2. 获取用户详情 + // 文档: https://open.dingtalk.com/document/isvapp/obtain-user-information + String userInfoResponse = HttpRequest.get("https://api.dingtalk.com/v1.0/contact/users/me") + .header("x-acs-dingtalk-access-token", accessToken) + .timeout(5000) + .execute() + .body(); + + log.info("DingTalk User Response: {}", userInfoResponse); + JSONObject userJson = JSON.parseObject(userInfoResponse); + String unionId = userJson.getString("unionId"); + String openId = userJson.getString("openId"); + String nick = userJson.getString("nick"); + + if (!StringUtils.hasText(openId) && !StringUtils.hasText(unionId)) { + log.error("Failed to get user info: {}", userInfoResponse); + model.addAttribute("authError", "钉钉登录验证失败: 无法获取用户信息"); + return "form"; + } + + ThirdPartyUserReq build = ThirdPartyUserReq.builder().unionId(unionId).build(); + List users = RpcExternalUtil.rpcApiResultProcessor(() -> thirdPartySyncApi.getUserInfos(build), "查询用户是否存在", build); + if (CollectionUtils.isEmpty(users)) { + model.addAttribute("authError", "用户未授权!"); + return "form"; + } + + + // 3. 登录成功 + log.info("DingTalk Login Success: nick={}, unionId={}", nick, unionId); + session.setAttribute("isAuthenticated", true); + // 可以把用户信息也存进去 + session.setAttribute("dingUser", userJson); + + // 重定向回表单页 + return "redirect:/web/process/form"; + + } catch (Exception e) { + log.error("DingTalk Callback Error", e); + model.addAttribute("authError", "登录过程中发生异常"); + return "form"; + } + } + + /** + * 获取当前操作人信息 (姓名+手机号) + */ + private String getOperatorInfo(HttpSession session) { + if (session == null) { + return "[Unknown]"; + } + Object dingUserObj = session.getAttribute("dingUser"); + if (dingUserObj instanceof JSONObject) { + JSONObject user = (JSONObject) dingUserObj; + String nick = user.getString("nick"); + String mobile = user.getString("mobile"); // DingTalk API 字段通常是 mobile + return String.format("[%s(%s)]", nick, mobile != null ? mobile : "NoMobile"); + } + return "[Unknown/Admin]"; + } } diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/service/AuthCodeService.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/service/AuthCodeService.java deleted file mode 100644 index 5f322076b..000000000 --- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/service/AuthCodeService.java +++ /dev/null @@ -1,46 +0,0 @@ -package cn.axzo.workflow.server.service; - -import cn.axzo.workflow.server.common.util.RedisUtils; -import org.springframework.stereotype.Service; - -import java.time.Duration; -import java.util.Objects; -import java.util.UUID; - -/** - * form.html 页面授权码 - * - * @author wangli - * @since 2025-11-19 10:51 - */ -@Service -public class AuthCodeService { - private static final String AUTH_CODE_KEY_PREFIX = "we:auth_code"; - // 授权码有效期:1小时(可自定义) - private static final long EXPIRE_HOURS = 1; - - /** - * 生成授权码(仅管理员可调用) - */ - public String generateAuthCode() { - // 生成随机授权码(UUID简化) - String authCode = UUID.randomUUID().toString().replace("-", "").substring(0, 8); - RedisUtils.setCacheObject(AUTH_CODE_KEY_PREFIX, authCode, Duration.ofMinutes(1)); - return authCode; - } - - /** - * 验证授权码是否有效 - */ - public boolean validateAuthCode(String authCode) { - if (authCode == null || authCode.isEmpty()) { - return false; - } - String key = RedisUtils.getCacheObject(AUTH_CODE_KEY_PREFIX); - if (key == null || !Objects.equals(key, authCode)) { - return false; - } - RedisUtils.deleteObject(AUTH_CODE_KEY_PREFIX); - return true; - } -} diff --git a/workflow-engine-server/src/main/resources/templates/form.html b/workflow-engine-server/src/main/resources/templates/form.html index d37fcc98e..3e855fed2 100644 --- a/workflow-engine-server/src/main/resources/templates/form.html +++ b/workflow-engine-server/src/main/resources/templates/form.html @@ -1,5 +1,6 @@ + @@ -8,6 +9,8 @@ + + +
@@ -118,7 +126,8 @@
- 管理员操作 + + 管理员操作
@@ -133,108 +142,35 @@

+ th:text="${isAuthenticated} ? '请根据需要选择相应操作并填写表单信息' : '请输入或获取授权码以继续操作'"> +

- -
-
- - -
+ +
+ +
+

验证失败

+
+
+ +
+
+ 请使用钉钉扫码登录以验证身份 +
- -
- -
- -
- - - - + +
- -

+ 安全由钉钉提供支持

- - -
- -
- - - -
- -
- -
- - - - -
- - -
- - -
-

- 获取到的授权码 -

-
- - -
-

- 授权码有效期为30分钟,请及时使用 -

-
- - -
- -
-
@@ -256,7 +192,8 @@ -
+
@@ -292,8 +229,7 @@ + placeholder="请输入自然人ID" oninput="this.value = this.value.replace(/[^0-9]/g, '');"/>
- -
- - 操作提交成功! -
- - -
- - 授权码已复制! -
-
@@ -392,14 +314,6 @@ const personId = document.getElementById('personId'); const comment = document.getElementById('comment'); const processForm = document.getElementById('processForm'); - const authForm = document.getElementById('authForm'); - const getAuthForm = document.getElementById('getAuthForm'); - const getAuthCodeBtn = document.getElementById('getAuthCodeBtn'); - const authPassword = document.getElementById('authPassword'); - const authCodeDisplay = document.getElementById('authCodeDisplay'); - const displayedAuthCode = document.getElementById('displayedAuthCode'); - const successToast = document.getElementById('successToast'); - const copyToast = document.getElementById('copyToast'); const submitMask = document.getElementById('submitMask'); const maskMessage = document.getElementById('maskMessage'); const operationMessage = document.getElementById('operationMessage'); @@ -409,46 +323,54 @@ const personIdError = document.getElementById('personIdError'); const commentError = document.getElementById('commentError'); const authError = document.getElementById('authError'); - const getAuthError = document.getElementById('getAuthError'); // 清除所有元素的计时器,防止冲突 const elementTimeouts = new Map(); - // Tab切换功能 - function switchTab(tabType) { - const inputTab = document.getElementById('inputTab'); - const getTab = document.getElementById('getTab'); + // 钉钉登录初始化 + // 计算回调地址:当前 Origin + ContextPath + Callback Endpoint + const redirectUri = window.location.origin + getFullUrl('web/process/dingtalk-callback'); - // 重置所有错误提示 - if (authError) authError.classList.add('hidden'); - if (getAuthError) getAuthError.classList.add('hidden'); - - if (tabType === 'input') { - // 切换到输入授权码 - inputTab.classList.add('tab-active'); - inputTab.classList.remove('text-gray-500', 'hover:text-gray-700', 'border-transparent'); - getTab.classList.remove('tab-active'); - getTab.classList.add('text-gray-500', 'hover:text-gray-700', 'border-transparent'); - - hideElement(getAuthForm); - setTimeout(() => { - showElement(authForm); - }, 300); - } else { - // 切换到获取授权码 - getTab.classList.add('tab-active'); - getTab.classList.remove('text-gray-500', 'hover:text-gray-700', 'border-transparent'); - inputTab.classList.remove('tab-active'); - inputTab.classList.add('text-gray-500', 'hover:text-gray-700', 'border-transparent'); - - hideElement(authForm); - setTimeout(() => { - showElement(getAuthForm); - // 隐藏授权码显示区域 - hideElement(authCodeDisplay); - }, 300); + // 初始化钉钉扫码 + // 文档参考: https://open.dingtalk.com/document/isvapp/tutorial-obtaining-user-information-by-scanning-qr-codes-on-websites + const initDingTalkLogin = () => { + if (typeof window.DTFrameLogin !== 'function') { + console.error('DingTalk SDK not loaded'); + return; } - } + + window.DTFrameLogin( + { + id: 'login_container', + width: 300, + height: 300, + }, + { + redirect_uri: encodeURIComponent(redirectUri), + client_id: dingTalkAppKey, + scope: dingTalkCorpId, // 2025新版标准 Scope + response_type: 'code', + state: 'STATE_DANGER_OP', // 可选防重放参数 + prompt: 'consent', + }, + (success) => { + // 扫码成功后的前端回调 + console.log('Login Success:', success); + const authCode = success.authCode; + if (authCode) { + // 重定向到后端回调接口,携带 authCode + // 注意:这里手动构建重定向,因为 DTFrameLogin 在某些模式下只返回 Code 不跳转 + window.location.href = redirectUri + "?authCode=" + authCode; + } + }, + (error) => { + console.error('Login Error:', error); + // 可以在 DOM 中显示错误 + const container = document.getElementById('login_container'); + container.innerHTML = `
钉钉组件加载失败: ${error}
`; + } + ); + }; // 显示元素的动画 function showElement(element) { @@ -483,19 +405,6 @@ submitMask.classList.add('opacity-0', 'pointer-events-none'); } - // 复制授权码 - function copyAuthCode() { - const code = displayedAuthCode.value; - if (code) { - navigator.clipboard.writeText(code).then(() => { - copyToast.classList.remove('translate-x-full'); - setTimeout(() => { - copyToast.classList.add('translate-x-full'); - }, 2000); - }); - } - } - // 根据选择的操作类型显示对应的表单字段 function updateFormFields() { const selectedValue = operationType.value; @@ -570,62 +479,13 @@ return isValid; } - // 显示成功提示 - function showSuccessToast() { - successToast.classList.remove('translate-x-full'); - setTimeout(() => { - successToast.classList.add('translate-x-full'); - }, 3000); - } - - // 获取授权码 - async function getAuthCode() { - const password = authPassword.value.trim(); - if (!password) { - getAuthError.innerHTML = '请输入管理员密码'; - getAuthError.classList.remove('hidden'); - return; - } - - // 显示遮罩层 - showMask('请稍候,正在获取授权码...'); - getAuthError.classList.add('hidden'); - - try { - // 使用全局上下文路径变量拼接URL - const url = getFullUrl(`web/process/get-auth-code?password=${encodeURIComponent(password)}`); - - // 保持POST请求方式,参数通过URL查询参数传递 - const response = await fetch(url, { - method: 'POST', - headers: { - 'Accept': 'application/json' - } - }); - - const result = await response.json(); - - if (response.ok && result.code === 200 && result.data) { - // 成功获取授权码 - displayedAuthCode.value = result.data; - showElement(authCodeDisplay); - // 自动切换到输入标签页并填充授权码 - // setTimeout(() => { - // switchTab('input'); - // document.getElementById('authCode').value = result.data; - // }, 1000); + // 如果未认证,且存在 login_container,则初始化 + if (document.getElementById('login_container')) { + // 确保 SDK 加载完成后执行 + if (document.readyState === 'complete') { + initDingTalkLogin(); } else { - // 显示错误信息 - getAuthError.innerHTML = '' + (result.msg || '密码错误,无法获取授权码'); - getAuthError.classList.remove('hidden'); - } - } catch (error) { - console.error('获取授权码错误:', error); - getAuthError.innerHTML = '网络错误,请稍后重试'; - getAuthError.classList.remove('hidden'); - } finally { - // 隐藏遮罩层 - hideMask(); + window.addEventListener('load', initDingTalkLogin); } } @@ -697,23 +557,6 @@ }); } - // 授权码表单提交处理 - if (authForm) { - authForm.addEventListener('submit', function (e) { - // 显示遮罩层 - showMask('请稍候,正在验证授权码...'); - // 清除之前的错误提示 - if (authError) { - authError.classList.add('hidden'); - } - // 允许表单正常提交 - }); - } - - // 获取授权码按钮点击事件 - if (getAuthCodeBtn) { - getAuthCodeBtn.addEventListener('click', getAuthCode); - } // 初始化 if (operationType) { @@ -742,4 +585,5 @@ }); + \ No newline at end of file From 1fda179385af28da7fd54a6d91703508773f94a5 Mon Sep 17 00:00:00 2001 From: wangli <274027703@qq.com> Date: Tue, 13 Jan 2026 18:32:46 +0800 Subject: [PATCH 3/5] =?UTF-8?q?feature/dingdingLogin:=20=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E9=92=89=E9=92=89=E6=8E=88=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../server/controller/web/DangerOperationController.java | 7 ++----- .../src/main/resources/templates/form.html | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java index 67a459964..2431f3f27 100644 --- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java +++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java @@ -72,13 +72,11 @@ public class DangerOperationController { @Resource private ThirdPartySyncApi thirdPartySyncApi; - @Value("${dingtalk.appKey:dingja2qgqydgwsodrux}") + @Value("${dingtalk.appKey:dingfg3ijkpjkqnrgapc}") private String appKey; - @Value("${dingtalk.appSecret:bi0zHpCEqyLQ28MyEDL9llEdxo2X1L_KWSCzvZX0g7O1aeOnc2IDV20mAXiDTm7l}") + @Value("${dingtalk.appSecret:MECKP45vlYF9zmbpueUsPlPWQIPkMdbNMH4q7kCASFDWkMRDDU8iQ-eQdWWhIVZE}") private String appSecret; - @Value("${dingtalk.corpId:ding509fc72d6685d56d4ac5d6980864d335}") - private String corpId; // 显示表单页面 @GetMapping("/web/process/form") @@ -100,7 +98,6 @@ public class DangerOperationController { String myPodNamespace = environment.getProperty(K8S_POD_NAME_SPACE); model.addAttribute("apiBaseUrl", StringUtils.hasText(myPodNamespace) ? "/workflow-engine" : ""); model.addAttribute("dingTalkAppKey", appKey); - model.addAttribute("dingTalkCorpId", corpId); // 可以在这里添加需要传递到页面的数据 return "form"; // 对应templates目录下的form.html } diff --git a/workflow-engine-server/src/main/resources/templates/form.html b/workflow-engine-server/src/main/resources/templates/form.html index 3e855fed2..7119fe55a 100644 --- a/workflow-engine-server/src/main/resources/templates/form.html +++ b/workflow-engine-server/src/main/resources/templates/form.html @@ -142,7 +142,7 @@

+ th:text="${isAuthenticated} ? '请根据需要选择相应操作并填写表单信息' : '请输入扫码登陆'">

@@ -348,7 +348,7 @@ { redirect_uri: encodeURIComponent(redirectUri), client_id: dingTalkAppKey, - scope: dingTalkCorpId, // 2025新版标准 Scope + scope: 'openid', // 2025新版标准 Scope response_type: 'code', state: 'STATE_DANGER_OP', // 可选防重放参数 prompt: 'consent', From d16c45ae501dd812a042690e25ee80ea7faf449f Mon Sep 17 00:00:00 2001 From: wangli <274027703@qq.com> Date: Tue, 13 Jan 2026 18:33:52 +0800 Subject: [PATCH 4/5] =?UTF-8?q?feature/dingdingLogin:=20=E6=96=B0=E5=A2=9E?= =?UTF-8?q?=E9=92=89=E9=92=89=E6=8E=88=E6=9D=83?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- workflow-engine-server/src/main/resources/templates/form.html | 1 - 1 file changed, 1 deletion(-) diff --git a/workflow-engine-server/src/main/resources/templates/form.html b/workflow-engine-server/src/main/resources/templates/form.html index 7119fe55a..d69d28f3c 100644 --- a/workflow-engine-server/src/main/resources/templates/form.html +++ b/workflow-engine-server/src/main/resources/templates/form.html @@ -99,7 +99,6 @@ // 钉钉配置 const dingTalkAppKey = [[${dingTalkAppKey}]] || ''; - const dingTalkCorpId = [[${dingTalkCorpId}]] || '' From f0347133ca294e777e2874df39226a1064499afb Mon Sep 17 00:00:00 2001 From: wangli Date: Wed, 14 Jan 2026 10:08:59 +0800 Subject: [PATCH 5/5] =?UTF-8?q?feat(REQ-3845)=20-=20=E8=B0=83=E6=95=B4?= =?UTF-8?q?=E6=9B=BF=E6=8D=A2=E5=8F=98=E9=87=8F=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../java/cn/axzo/workflow/server/common/util/WpsUtil.java | 6 +++--- .../server/controller/web/manage/PrintAdminController.java | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java index 37a430015..90d6069cf 100644 --- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java +++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/common/util/WpsUtil.java @@ -287,13 +287,13 @@ public class WpsUtil { if (StringUtils.hasText(assigner.getTenantId()) && !Objects.equals(assigner.getTenantId(), "null")) { req.setWorkspaceId(Long.valueOf(assigner.getTenantId())); } - if (StringUtils.hasText(assigner.getOuId()) && !Objects.equals(assigner.getTenantId(), "null")) { + if (StringUtils.hasText(assigner.getOuId()) && !Objects.equals(assigner.getOuId(), "null")) { req.setOrganizationalUnitId(Long.valueOf(assigner.getOuId())); } - if (StringUtils.hasText(assigner.getNodeId()) && !Objects.equals(assigner.getTenantId(), "null")) { + if (StringUtils.hasText(assigner.getNodeId()) && !Objects.equals(assigner.getNodeId(), "null")) { req.setAncestorNodeIds(Lists.newArrayList(Long.valueOf(assigner.getNodeId()))); } - if (StringUtils.hasText(assigner.getPersonId()) && !Objects.equals(assigner.getTenantId(), "null")) { + if (StringUtils.hasText(assigner.getPersonId()) && !Objects.equals(assigner.getPersonId(), "null")) { req.setPersonIds(Lists.newArrayList(Long.valueOf(assigner.getPersonId()))); } req.setNeeds(ListNodeUserReq.Needs.builder().job(true).unit(true).personProfile(true).build()); diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java index 7741241a4..fe3580c9e 100644 --- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java +++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/manage/PrintAdminController.java @@ -510,7 +510,7 @@ public class PrintAdminController implements PrintAdminApi { if (StringUtils.hasText(assigner.getNodeId()) && !Objects.equals(assigner.getNodeId(), "null")) { req.setAncestorNodeIds(Lists.newArrayList(Long.valueOf(assigner.getNodeId()))); } - if (StringUtils.hasText(assigner.getPersonId()) && !Objects.equals(assigner.getTenantId(), "null")) { + if (StringUtils.hasText(assigner.getPersonId()) && !Objects.equals(assigner.getPersonId(), "null")) { req.setPersonIds(Lists.newArrayList(Long.valueOf(assigner.getPersonId()))); } req.setNeeds(ListNodeUserReq.Needs.builder().job(true).unit(true).personProfile(true).build());