From 86dd6f7c7f2d7271e3f43c39e0cf66392cd1ae08 Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Wed, 14 Jan 2026 11:14:15 +0800
Subject: [PATCH 1/7] =?UTF-8?q?fix=20-=20=E5=A2=9E=E5=8A=A0=E7=99=BB?=
 =?UTF-8?q?=E9=99=86=E5=AE=89=E5=85=A8=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../main/java/cn/axzo/workflow/common/code/OtherRespCode.java   | 1 +
 .../server/controller/web/DangerOperationController.java        | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/workflow-engine-common/src/main/java/cn/axzo/workflow/common/code/OtherRespCode.java b/workflow-engine-common/src/main/java/cn/axzo/workflow/common/code/OtherRespCode.java
index 11ad6951d..8dd4b4c93 100644
--- a/workflow-engine-common/src/main/java/cn/axzo/workflow/common/code/OtherRespCode.java
+++ b/workflow-engine-common/src/main/java/cn/axzo/workflow/common/code/OtherRespCode.java
@@ -24,6 +24,7 @@ public enum OtherRespCode implements IModuleRespCode {
     MESSAGE_IM_EVENT_BUILD_ERROR("009", "不能使用 createEvent 函数创建`IM 消息`的事件, 请调用 createIMEvent 函数"),
     ASSIGNEE_NODE_ID_NOT_EXISTS("010", "【{}】 nodeId 不存在, 请检查参数是否正确"),
     CANT_GENERATE_PROCESS_LOG_PDF("011", "流程未处于终态不能用默认参数创建，请自行添加 BizCode和 BizKey"),
+    DANGER_OPERATION_NOT_SIGN_IN("012", "流程实例后端操作必须登陆授权后才能使用"),
     ;
 
     private final String code;
diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
index 2431f3f27..4e7e1d4af 100644
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@@ -42,6 +42,7 @@ import java.util.List;
 import java.util.Objects;
 
 import static cn.axzo.workflow.common.code.BpmnInstanceRespCode.PROCESS_INSTANCE_NOT_EXISTS;
+import static cn.axzo.workflow.common.code.OtherRespCode.DANGER_OPERATION_NOT_SIGN_IN;
 import static cn.axzo.workflow.common.constant.BpmnConstants.INTERNAL_INITIATOR;
 import static cn.axzo.workflow.common.constant.StarterConstants.K8S_POD_NAME_SPACE;
 import static cn.axzo.workflow.common.enums.BpmnProcessInstanceResultEnum.PROCESSING;
@@ -109,6 +110,7 @@ public class DangerOperationController {
 
         // 处理表单提交的逻辑
         log.info("{} 请求操作流程: {}", getOperatorInfo(session), JSON.toJSONString(jobParam));
+        AssertUtil.notNull(session, DANGER_OPERATION_NOT_SIGN_IN);
 
         try {
             ProcessInstance processInstance = runtimeService.createProcessInstanceQuery().processInstanceId(jobParam.getProcessInstanceId()).singleResult();

From 040e4a3365218daeb9f8c432d097537ebd8a335a Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Wed, 14 Jan 2026 15:11:15 +0800
Subject: [PATCH 2/7] =?UTF-8?q?fix=20-=20=E5=A2=9E=E5=8A=A0=E7=99=BB?=
 =?UTF-8?q?=E9=99=86=E5=AE=89=E5=85=A8=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../controller/web/DangerOperationController.java   | 13 +++++--------
 1 file changed, 5 insertions(+), 8 deletions(-)

diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
index 4e7e1d4af..777f25b14 100644
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@@ -3,7 +3,6 @@ package cn.axzo.workflow.server.controller.web;
 import cn.axzo.framework.domain.data.AssertUtil;
 import cn.axzo.riven.client.domain.ThirdPartyUserDTO;
 import cn.axzo.riven.client.feign.ThirdPartySyncApi;
-import cn.axzo.riven.client.req.ThirdPartyUserReq;
 import cn.axzo.workflow.common.model.request.bpmn.process.BpmnProcessInstanceAbortDTO;
 import cn.axzo.workflow.common.model.request.bpmn.process.BpmnProcessInstanceCancelDTO;
 import cn.axzo.workflow.common.model.request.bpmn.task.BpmnTaskAuditDTO;
@@ -278,18 +277,16 @@ public class DangerOperationController {
 
             log.info("DingTalk User Response: {}", userInfoResponse);
             JSONObject userJson = JSON.parseObject(userInfoResponse);
-            String unionId = userJson.getString("unionId");
-            String openId = userJson.getString("openId");
             String nick = userJson.getString("nick");
+            String mobile = userJson.getString("mobile");
 
-            if (!StringUtils.hasText(openId) && !StringUtils.hasText(unionId)) {
+            if (!StringUtils.hasText(mobile)) {
                 log.error("Failed to get user info: {}", userInfoResponse);
-                model.addAttribute("authError", "钉钉登录验证失败: 无法获取用户信息");
+                model.addAttribute("authError", "钉钉登录验证失败: 无法获取用户手机号");
                 return "form";
             }
 
-            ThirdPartyUserReq build = ThirdPartyUserReq.builder().unionId(unionId).build();
-            List<ThirdPartyUserDTO> users = RpcExternalUtil.rpcApiResultProcessor(() -> thirdPartySyncApi.getUserInfos(build), "查询用户是否存在", build);
+            List<ThirdPartyUserDTO> users = RpcExternalUtil.rpcApiResultProcessor(() -> thirdPartySyncApi.getUserInfosByPhone(mobile), "查询用户是否存在", mobile);
             if (CollectionUtils.isEmpty(users)) {
                 model.addAttribute("authError", "用户未授权！");
                 return "form";
@@ -297,7 +294,7 @@ public class DangerOperationController {
 
 
             // 3. 登录成功
-            log.info("DingTalk Login Success: nick={}, unionId={}", nick, unionId);
+            log.info("DingTalk Login Success: nick={}, mobile={}", nick, mobile);
             session.setAttribute("isAuthenticated", true);
             // 可以把用户信息也存进去
             session.setAttribute("dingUser", userJson);

From f577b818bccfa9b253b816aaf719013bd92daa17 Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Wed, 14 Jan 2026 16:04:45 +0800
Subject: [PATCH 3/7] =?UTF-8?q?fix=20-=20=E8=B0=83=E6=95=B4=E7=99=BB?=
 =?UTF-8?q?=E9=99=86=E6=88=90=E5=8A=9F=E5=90=8E=E7=9A=84=E9=A1=B5=E9=9D=A2?=
 =?UTF-8?q?=E5=9C=B0=E5=9D=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/DangerOperationController.java         | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
index 777f25b14..103af6bea 100644
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@@ -232,7 +232,7 @@ public class DangerOperationController {
      * @param authCode 钉钉返回的授权码
      */
     @GetMapping("/web/process/dingtalk-callback")
-    public String dingTalkCallback(@RequestParam("authCode") String authCode, HttpSession session, Model model) {
+    public String dingTalkCallback(@RequestParam("authCode") String authCode, HttpSession session, Model model, javax.servlet.http.HttpServletRequest request) {
         log.info("收到钉钉登录回调, authCode: {}", authCode);
 
         // 如果没有配置 AppSecret，则无法进行后续交互，直接返回错误（或者为了测试方便这里可以留个后门? 不，严格处理）
@@ -299,8 +299,20 @@ public class DangerOperationController {
             // 可以把用户信息也存进去
             session.setAttribute("dingUser", userJson);
 
-            // 重定向回表单页
-            return "redirect:/web/process/form";
+            // 重定向回表单页，使用完整的URL包括域名和contextPath
+            String scheme = request.getScheme(); // http 或 https
+            String serverName = request.getServerName(); // 服务器名称
+            int serverPort = request.getServerPort(); // 端口号
+            String contextPath = request.getContextPath(); // 上下文路径
+            
+            StringBuilder redirectUrl = new StringBuilder();
+            redirectUrl.append(scheme).append("://").append(serverName);
+            if (("http".equals(scheme) && serverPort != 80) || ("https".equals(scheme) && serverPort != 443)) {
+                redirectUrl.append(":").append(serverPort);
+            }
+            redirectUrl.append(contextPath).append("/web/process/form");
+            
+            return "redirect:" + redirectUrl.toString();
 
         } catch (Exception e) {
             log.error("DingTalk Callback Error", e);

From e9e2c026ad27e0b951dec7b7a7390432b55f19e7 Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Wed, 14 Jan 2026 16:37:24 +0800
Subject: [PATCH 4/7] =?UTF-8?q?fix=20-=20=E8=B0=83=E6=95=B4=E7=99=BB?=
 =?UTF-8?q?=E9=99=86=E6=88=90=E5=8A=9F=E5=90=8E=E7=9A=84=E9=A1=B5=E9=9D=A2?=
 =?UTF-8?q?=E5=9C=B0=E5=9D=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/DangerOperationController.java           | 16 +---------------
 1 file changed, 1 insertion(+), 15 deletions(-)

diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
index 103af6bea..5a0a2c35d 100644
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@@ -298,21 +298,7 @@ public class DangerOperationController {
             session.setAttribute("isAuthenticated", true);
             // 可以把用户信息也存进去
             session.setAttribute("dingUser", userJson);
-
-            // 重定向回表单页，使用完整的URL包括域名和contextPath
-            String scheme = request.getScheme(); // http 或 https
-            String serverName = request.getServerName(); // 服务器名称
-            int serverPort = request.getServerPort(); // 端口号
-            String contextPath = request.getContextPath(); // 上下文路径
-            
-            StringBuilder redirectUrl = new StringBuilder();
-            redirectUrl.append(scheme).append("://").append(serverName);
-            if (("http".equals(scheme) && serverPort != 80) || ("https".equals(scheme) && serverPort != 443)) {
-                redirectUrl.append(":").append(serverPort);
-            }
-            redirectUrl.append(contextPath).append("/web/process/form");
-            
-            return "redirect:" + redirectUrl.toString();
+            return "form";
 
         } catch (Exception e) {
             log.error("DingTalk Callback Error", e);

From 84cc69dad33d1edfe6f371853810dd6f43c6bd86 Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Wed, 14 Jan 2026 17:08:00 +0800
Subject: [PATCH 5/7] =?UTF-8?q?fix=20-=20=E8=B0=83=E6=95=B4=E7=99=BB?=
 =?UTF-8?q?=E9=99=86=E6=88=90=E5=8A=9F=E5=90=8E=E7=9A=84=E9=A1=B5=E9=9D=A2?=
 =?UTF-8?q?=E5=9C=B0=E5=9D=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../web/DangerOperationController.java           | 16 +++++++++++-----
 .../src/main/resources/templates/form.html       |  8 ++++++++
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
index 5a0a2c35d..10a4cc6b1 100644
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@@ -234,8 +234,12 @@ public class DangerOperationController {
     @GetMapping("/web/process/dingtalk-callback")
     public String dingTalkCallback(@RequestParam("authCode") String authCode, HttpSession session, Model model, javax.servlet.http.HttpServletRequest request) {
         log.info("收到钉钉登录回调, authCode: {}", authCode);
+        String myPodNamespace = environment.getProperty(K8S_POD_NAME_SPACE);
+        String baseUrl = StringUtils.hasText(myPodNamespace) ? "/workflow-engine" : "";
+        model.addAttribute("apiBaseUrl", baseUrl);
+        model.addAttribute("dingTalkAppKey", appKey);
 
-        // 如果没有配置 AppSecret，则无法进行后续交互，直接返回错误（或者为了测试方便这里可以留个后门? 不，严格处理）
+        // 如果没有配置 AppSecret，则无法进行后续交互
         if (!StringUtils.hasText(appSecret)) {
             log.error("DingTalk AppSecret not configured");
             model.addAttribute("authError", "服务端未配置 AppSecret，无法登录");
@@ -244,7 +248,6 @@ public class DangerOperationController {
 
         try {
             // 1. 获取 AccessToken
-            // 文档: https://open.dingtalk.com/document/isvapp/obtain-user-token
             JSONObject tokenParams = new JSONObject();
             tokenParams.put("clientId", appKey);
             tokenParams.put("clientSecret", appSecret);
@@ -268,7 +271,6 @@ public class DangerOperationController {
             }
 
             // 2. 获取用户详情
-            // 文档: https://open.dingtalk.com/document/isvapp/obtain-user-information
             String userInfoResponse = HttpRequest.get("https://api.dingtalk.com/v1.0/contact/users/me")
                     .header("x-acs-dingtalk-access-token", accessToken)
                     .timeout(5000)
@@ -292,12 +294,16 @@ public class DangerOperationController {
                 return "form";
             }
 
-
             // 3. 登录成功
             log.info("DingTalk Login Success: nick={}, mobile={}", nick, mobile);
             session.setAttribute("isAuthenticated", true);
-            // 可以把用户信息也存进去
             session.setAttribute("dingUser", userJson);
+            model.addAttribute("userNick", nick);
+            model.addAttribute("isAuthenticated", true);
+
+            // 新增：添加重定向URL到Model，让前端JS执行跳转
+            model.addAttribute("redirectUrl", baseUrl + "/web/process/form");
+
             return "form";
 
         } catch (Exception e) {
diff --git a/workflow-engine-server/src/main/resources/templates/form.html b/workflow-engine-server/src/main/resources/templates/form.html
index d69d28f3c..8489e7993 100644
--- a/workflow-engine-server/src/main/resources/templates/form.html
+++ b/workflow-engine-server/src/main/resources/templates/form.html
@@ -303,6 +303,14 @@
     </div>
 </div>
 
+<script th:inline="javascript">
+    // 检查并执行重定向
+    const redirectUrl = /*[[${redirectUrl}]]*/ null;
+    if (redirectUrl) {
+        window.location.replace(redirectUrl);
+    }
+</script>
+
 <script>
     // 获取DOM元素
     const operationType = document.getElementById('operationType');

From 17e8230e0be3f6ea9b0bb3762873da7c808647be Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Fri, 16 Jan 2026 14:40:15 +0800
Subject: [PATCH 6/7] =?UTF-8?q?fix=20-=20=E6=B5=8B=E8=AF=95=20chrome=20?=
 =?UTF-8?q?=E6=B5=8F=E8=A7=88=E5=99=A8=E6=89=AB=E7=A0=81=E5=90=8E=E4=B8=8D?=
 =?UTF-8?q?=E8=83=BD=E6=AD=A3=E7=A1=AE=E8=B7=B3=E8=BD=AC=E5=88=B0=E6=93=8D?=
 =?UTF-8?q?=E4=BD=9C=E9=A1=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../server/controller/web/DangerOperationController.java  | 4 ++--
 workflow-engine-server/src/main/resources/application.yml | 8 +++++++-
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
index 10a4cc6b1..095b2cd58 100644
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@@ -81,7 +81,7 @@ public class DangerOperationController {
     // 显示表单页面
     @GetMapping("/web/process/form")
     public String showProcessForm(HttpSession session, Model model) {
-        log.info("{} 访问流程表单页面", getOperatorInfo(session));
+        log.info("{} 访问流程表单页面, SessionID: {}", getOperatorInfo(session), session.getId());
         // 检查session中是否已验证授权码
         Boolean isAuthenticated = (Boolean) session.getAttribute("isAuthenticated");
         model.addAttribute("isAuthenticated", isAuthenticated != null && isAuthenticated);
@@ -233,7 +233,7 @@ public class DangerOperationController {
      */
     @GetMapping("/web/process/dingtalk-callback")
     public String dingTalkCallback(@RequestParam("authCode") String authCode, HttpSession session, Model model, javax.servlet.http.HttpServletRequest request) {
-        log.info("收到钉钉登录回调, authCode: {}", authCode);
+        log.info("收到钉钉登录回调, SessionID: {}, authCode: {}", session.getId(), authCode);
         String myPodNamespace = environment.getProperty(K8S_POD_NAME_SPACE);
         String baseUrl = StringUtils.hasText(myPodNamespace) ? "/workflow-engine" : "";
         model.addAttribute("apiBaseUrl", baseUrl);
diff --git a/workflow-engine-server/src/main/resources/application.yml b/workflow-engine-server/src/main/resources/application.yml
index cd302d4ed..4589dcca2 100644
--- a/workflow-engine-server/src/main/resources/application.yml
+++ b/workflow-engine-server/src/main/resources/application.yml
@@ -8,4 +8,10 @@ spring:
     cache: false
     encoding: UTF-8
     prefix: classpath:/templates/
-    suffix: .html
\ No newline at end of file
+    suffix: .html
+server:
+  servlet:
+    session:
+      cookie:
+        same-site: lax
+        http-only: true
\ No newline at end of file

From ca47825a2ebe43209dc4685a95b52ce1a970c1e9 Mon Sep 17 00:00:00 2001
From: wangli <274027703@qq.com>
Date: Mon, 19 Jan 2026 11:08:21 +0800
Subject: [PATCH 7/7] =?UTF-8?q?fix=20-=20=E6=B5=8B=E8=AF=95=20chrome=20?=
 =?UTF-8?q?=E6=B5=8F=E8=A7=88=E5=99=A8=E6=89=AB=E7=A0=81=E5=90=8E=E4=B8=8D?=
 =?UTF-8?q?=E8=83=BD=E6=AD=A3=E7=A1=AE=E8=B7=B3=E8=BD=AC=E5=88=B0=E6=93=8D?=
 =?UTF-8?q?=E4=BD=9C=E9=A1=B5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/main/resources/templates/form.html         | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/workflow-engine-server/src/main/resources/templates/form.html b/workflow-engine-server/src/main/resources/templates/form.html
index 8489e7993..9e0a5926d 100644
--- a/workflow-engine-server/src/main/resources/templates/form.html
+++ b/workflow-engine-server/src/main/resources/templates/form.html
@@ -304,10 +304,20 @@
 </div>
 
 <script th:inline="javascript">
-    // 检查并执行重定向
+    // 检查并执行重定向 - 多浏览器兼容方案
     const redirectUrl = /*[[${redirectUrl}]]*/ null;
     if (redirectUrl) {
-        window.location.replace(redirectUrl);
+        // TODO: 主人请注意！根据2025年最佳实践，这里使用最稳定的跳转方案！
+        // window.location.href 在所有主流浏览器(Chrome/Edge/Safari/Firefox)中都有100%兼容性
+        // 比 location.replace 更可靠，尤其在 Edge 浏览器和移动端 WebView 中
+
+        // 添加时间戳参数，避免浏览器缓存旧页面，确保服务器重新渲染并更新 isAuthenticated
+        const timestamp = new Date().getTime();
+        const separator = redirectUrl.indexOf('?') === -1 ? '?' : '&';
+        const finalUrl = redirectUrl + separator + '_t=' + timestamp;
+
+        // 直接使用 href 进行跳转，触发完整页面重新加载
+        window.location.href = finalUrl;
     }
 </script>