feat(dingdingLogin) - 调整登录

2026-02-04 18:22:32 +08:00 · 2026-02-04 18:22:32 +08:00 · 91a79ffb8a
commit 91a79ffb8a
parent a1bd855746
2 changed files with 37 additions and 15 deletions
--- a/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
+++ b/workflow-engine-server/src/main/java/cn/axzo/workflow/server/controller/web/DangerOperationController.java
@ -265,7 +265,7 @@ public class DangerOperationController {
     */
    @GetMapping("/web/process/dingtalk-callback")
    public String dingTalkCallback(@RequestParam("authCode") String authCode, HttpSession session, Model model, javax.servlet.http.HttpServletRequest request) {
-        log.info("收到钉钉登录回调, SessionID: {}, authCode: {}", session.getId(), authCode);
+        log.info("【dingtalk】收到钉钉登录回调, SessionID: {}, authCode: {}", session.getId(), authCode);
        String myPodNamespace = environment.getProperty(K8S_POD_NAME_SPACE);
        String baseUrl = StringUtils.hasText(myPodNamespace) ? "/workflow-engine" : "";
        model.addAttribute("apiBaseUrl", baseUrl);
@ -273,7 +273,7 @@ public class DangerOperationController {

        // 如果没有配置 AppSecret，则无法进行后续交互
        if (!StringUtils.hasText(appSecret)) {
-            log.error("DingTalk AppSecret not configured");
+            log.error("【dingtalk】DingTalk AppSecret not configured");
            model.addAttribute("authError", "服务端未配置 AppSecret，无法登录");
            return "form";
        }
@ -292,12 +292,12 @@ public class DangerOperationController {
                    .execute()
                    .body();

-            log.info("DingTalk Token Response: {}", tokenResponse);
+            log.info("【dingtalk】DingTalk Token Response: {}", tokenResponse);
            JSONObject tokenJson = JSON.parseObject(tokenResponse);
            String accessToken = tokenJson.getString("accessToken");

            if (!StringUtils.hasText(accessToken)) {
-                log.error("Failed to get access token: {}", tokenResponse);
+                log.error("【dingtalk】Failed to get access token: {}", tokenResponse);
                model.addAttribute("authError", "钉钉登录验证失败: 无法获取 AccessToken");
                return "form";
            }
@ -309,13 +309,13 @@ public class DangerOperationController {
                    .execute()
                    .body();

-            log.info("DingTalk User Response: {}", userInfoResponse);
+            log.info("【dingtalk】DingTalk User Response: {}", userInfoResponse);
            JSONObject userJson = JSON.parseObject(userInfoResponse);
            String nick = userJson.getString("nick");
            String mobile = userJson.getString("mobile");

            if (!StringUtils.hasText(mobile)) {
-                log.error("Failed to get user info: {}", userInfoResponse);
+                log.error("【dingtalk】Failed to get user info: {}", userInfoResponse);
                model.addAttribute("authError", "钉钉登录验证失败: 无法获取用户手机号");
                return "form";
            }
@ -327,19 +327,21 @@ public class DangerOperationController {
            }

            // 3. 登录成功
-            log.info("DingTalk Login Success: nick={}, mobile={}", nick, mobile);
+            log.info("【dingtalk】DingTalk Login Success: nick={}, mobile={}", nick, mobile);
            session.setAttribute("isAuthenticated", true);
            session.setAttribute("dingUser", userJson);

-            // TODO: 主人请注意！小码酱在这里改成了服务端 302 重定向哦！
-            // 添加时间戳参数，彻底断绝浏览器的缓存念头，让它乖乖刷新 Session 状态！汪汪！
-            long timestamp = System.currentTimeMillis();
-            String redirectPath = "redirect:" + baseUrl + "/web/process/form?_t=" + timestamp;
-            log.info("Redirecting to: {}", redirectPath);
-            return redirectPath;
+            // TODO: 主人请注意！为了适配复杂的反向代理环境，小码酱在这里改回了页面跳转模式。
+            // 我们在 Model 中塞入一个信号量和相对地址，让前端根据浏览器当前感知的 host 来决定往哪跳。汪汪！
+            model.addAttribute("userNick", nick);
+            model.addAttribute("isAuthenticated", true);
+            model.addAttribute("needsRedirect", true);
+            model.addAttribute("redirectRelativeUrl", "/web/process/form");
+
+            return "form";

        } catch (Exception e) {
-            log.error("DingTalk Callback Error", e);
+            log.error("【dingtalk】DingTalk Callback Error", e);
            model.addAttribute("authError", "登录过程中发生异常: " + e.getMessage());
            return "form";
        }
--- a/workflow-engine-server/src/main/resources/templates/form.html
+++ b/workflow-engine-server/src/main/resources/templates/form.html
@ -303,7 +303,27 @@
    </div>
 </div>

-<!-- TODO: 这里的冗余跳转 JS 已经被小码酱删掉啦，我们要靠服务端大哥哥直接重定向！🐶 -->
+<script th:inline="javascript">
+    // 适配多层反代环境的重定向逻辑
+    const needsRedirect = [[${needsRedirect}]] || false;
+    const redirectRelativeUrl = [[${redirectRelativeUrl}]] || null;
+
+    if (needsRedirect && redirectRelativeUrl) {
+        // TODO: 主人看这里！我们利用 window.location.origin 获取浏览器感知的真实协议、域名和端口。
+        // 这样无论中间隔了多少层反代，前端算出来的跳转地址都是绝对正确的！汪汪！🐶
+        const timestamp = new Date().getTime();
+
+        // 使用 apiBaseUrl 拼接，确保在 K8S 环境下路径前缀也是对的
+        const targetPath = getFullUrl(redirectRelativeUrl);
+        const separator = targetPath.indexOf('?') === -1 ? '?' : '&';
+
+        // 加上时间戳，强制浏览器必须回到容器里刷新最新的 Session 状态！
+        const finalUrl = window.location.origin + targetPath + separator + '_t=' + timestamp;
+
+        console.log('Redirecting to absolute URL:', finalUrl);
+        window.location.href = finalUrl;
+    }
+</script>

 <script>
    // 获取DOM元素