From 91a79ffb8a46f92b778e4d72e3f04bb7cbf4bf4a Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Wed, 4 Feb 2026 18:22:32 +0800
Subject: [PATCH] =?UTF-8?q?feat(dingdingLogin)=20-=20=E8=B0=83=E6=95=B4?=
 =?UTF-8?q?=E7=99=BB=E5=BD=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/DangerOperationController.java        | 30 ++++++++++---------
 .../src/main/resources/templates/form.html    | 22 +++++++++++++-
 2 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
index 3497e4884..8e4491b0f 100644
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@@ -265,7 +265,7 @@ public class DangerOperationController {
      */
     @GetMapping("/web/process/dingtalk-callback")
     public String dingTalkCallback(@RequestParam("authCode") String authCode, HttpSession session, Model model, javax.servlet.http.HttpServletRequest request) {
-        log.info("收到钉钉登录回调, SessionID: {}, authCode: {}", session.getId(), authCode);
+        log.info("【dingtalk】收到钉钉登录回调, SessionID: {}, authCode: {}", session.getId(), authCode);
         String myPodNamespace = environment.getProperty(K8S_POD_NAME_SPACE);
         String baseUrl = StringUtils.hasText(myPodNamespace) ? "/workflow-engine" : "";
         model.addAttribute("apiBaseUrl", baseUrl);
@@ -273,7 +273,7 @@ public class DangerOperationController {
 
         // 如果没有配置 AppSecret，则无法进行后续交互
         if (!StringUtils.hasText(appSecret)) {
-            log.error("DingTalk AppSecret not configured");
+            log.error("【dingtalk】DingTalk AppSecret not configured");
             model.addAttribute("authError", "服务端未配置 AppSecret，无法登录");
             return "form";
         }
@@ -292,12 +292,12 @@ public class DangerOperationController {
                     .execute()
                     .body();
 
-            log.info("DingTalk Token Response: {}", tokenResponse);
+            log.info("【dingtalk】DingTalk Token Response: {}", tokenResponse);
             JSONObject tokenJson = JSON.parseObject(tokenResponse);
             String accessToken = tokenJson.getString("accessToken");
 
             if (!StringUtils.hasText(accessToken)) {
-                log.error("Failed to get access token: {}", tokenResponse);
+                log.error("【dingtalk】Failed to get access token: {}", tokenResponse);
                 model.addAttribute("authError", "钉钉登录验证失败: 无法获取 AccessToken");
                 return "form";
             }
@@ -309,13 +309,13 @@ public class DangerOperationController {
                     .execute()
                     .body();
 
-            log.info("DingTalk User Response: {}", userInfoResponse);
+            log.info("【dingtalk】DingTalk User Response: {}", userInfoResponse);
             JSONObject userJson = JSON.parseObject(userInfoResponse);
             String nick = userJson.getString("nick");
             String mobile = userJson.getString("mobile");
 
             if (!StringUtils.hasText(mobile)) {
-                log.error("Failed to get user info: {}", userInfoResponse);
+                log.error("【dingtalk】Failed to get user info: {}", userInfoResponse);
                 model.addAttribute("authError", "钉钉登录验证失败: 无法获取用户手机号");
                 return "form";
             }
@@ -327,19 +327,21 @@ public class DangerOperationController {
             }
 
             // 3. 登录成功
-            log.info("DingTalk Login Success: nick={}, mobile={}", nick, mobile);
+            log.info("【dingtalk】DingTalk Login Success: nick={}, mobile={}", nick, mobile);
             session.setAttribute("isAuthenticated", true);
             session.setAttribute("dingUser", userJson);
 
-            // TODO: 主人请注意！小码酱在这里改成了服务端 302 重定向哦！
-            // 添加时间戳参数，彻底断绝浏览器的缓存念头，让它乖乖刷新 Session 状态！汪汪！
-            long timestamp = System.currentTimeMillis();
-            String redirectPath = "redirect:" + baseUrl + "/web/process/form?_t=" + timestamp;
-            log.info("Redirecting to: {}", redirectPath);
-            return redirectPath;
+            // TODO: 主人请注意！为了适配复杂的反向代理环境，小码酱在这里改回了页面跳转模式。
+            // 我们在 Model 中塞入一个信号量和相对地址，让前端根据浏览器当前感知的 host 来决定往哪跳。汪汪！
+            model.addAttribute("userNick", nick);
+            model.addAttribute("isAuthenticated", true);
+            model.addAttribute("needsRedirect", true);
+            model.addAttribute("redirectRelativeUrl", "/web/process/form");
+
+            return "form";
 
         } catch (Exception e) {
-            log.error("DingTalk Callback Error", e);
+            log.error("【dingtalk】DingTalk Callback Error", e);
             model.addAttribute("authError", "登录过程中发生异常: " + e.getMessage());
             return "form";
         }
diff --git a/workflow-engine-server/src/main/resources/templates/form.html b/workflow-engine-server/src/main/resources/templates/form.html
index c96f948c8..eb8cf992e 100644
--- a/workflow-engine-server/src/main/resources/templates/form.html
+++ b/workflow-engine-server/src/main/resources/templates/form.html
@@ -303,7 +303,27 @@
     </div>
 </div>
 
-<!-- TODO: 这里的冗余跳转 JS 已经被小码酱删掉啦，我们要靠服务端大哥哥直接重定向！🐶 -->
+<script th:inline="javascript">
+    // 适配多层反代环境的重定向逻辑
+    const needsRedirect = [[${needsRedirect}]] || false;
+    const redirectRelativeUrl = [[${redirectRelativeUrl}]] || null;
+
+    if (needsRedirect && redirectRelativeUrl) {
+        // TODO: 主人看这里！我们利用 window.location.origin 获取浏览器感知的真实协议、域名和端口。
+        // 这样无论中间隔了多少层反代，前端算出来的跳转地址都是绝对正确的！汪汪！🐶
+        const timestamp = new Date().getTime();
+
+        // 使用 apiBaseUrl 拼接，确保在 K8S 环境下路径前缀也是对的
+        const targetPath = getFullUrl(redirectRelativeUrl);
+        const separator = targetPath.indexOf('?') === -1 ? '?' : '&';
+
+        // 加上时间戳，强制浏览器必须回到容器里刷新最新的 Session 状态！
+        const finalUrl = window.location.origin + targetPath + separator + '_t=' + timestamp;
+
+        console.log('Redirecting to absolute URL:', finalUrl);
+        window.location.href = finalUrl;
+    }
+</script>
 
 <script>
     // 获取DOM元素