1. 升级 3.0.40

新增 bpm api
新增登录页面区分内外部用户以及 e 办统一认证逻辑

zt-module-system/zt-module-system-api/src/main/java/com/zt/plat/module/system/enums/ErrorCodeConstants.java

@@ -18,6 +18,8 @@ public interface ErrorCodeConstants {
     ErrorCode AUTH_MOBILE_NOT_EXISTS = new ErrorCode(1_002_000_007, "手机号不存在");
     ErrorCode AUTH_REGISTER_CAPTCHA_CODE_ERROR = new ErrorCode(1_002_000_008, "验证码不正确，原因：{}");
     ErrorCode AUTH_TEST_LOGIN_NOT_ALLOWED = new ErrorCode(1_002_000_009, "测试登录接口仅在测试环境和本地开发环境下可用");
+    ErrorCode AUTH_OAUTH2_CALLBACK_ERROR = new ErrorCode(1_002_000_010, "OAuth2回调处理失败：{}");
+    ErrorCode AUTH_LOGIN_INTERNAL_USER_PASSWORD_NOT_ALLOWED = new ErrorCode(1_002_000_011, "内部用户不允许使用账号密码登录，请通过e办进行统一登录");
 
     // ========== 菜单模块 1-002-001-000 ==========
     ErrorCode MENU_NAME_DUPLICATE = new ErrorCode(1_002_001_000, "已经存在该名字的菜单");

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/auth/AuthController.java

@@ -179,4 +179,28 @@ public class AuthController {
         return success(authService.socialLogin(reqVO));
     }
 
+    @PostMapping("/oauth2/callback")
+    @PermitAll
+    @Operation(summary = "OAuth2回调处理", description = "处理第三方OAuth2认证回调")
+    @TenantIgnore
+    public CommonResult<AuthLoginRespVO> oauth2Callback(@RequestBody @Valid AuthOAuth2CallbackReqVO reqVO) {
+        return success(authService.oauth2Callback(reqVO));
+    }
+
+    @GetMapping("/check-user-type")
+    @PermitAll
+    @Operation(summary = "检查用户类型", description = "根据用户名判断是内部用户还是外部用户")
+    @TenantIgnore
+    public CommonResult<AuthUserTypeRespVO> checkUserType(@RequestParam("username") String username) {
+        return success(authService.checkUserType(username));
+    }
+
+    @GetMapping("/get-eban-login-url")
+    @PermitAll
+    @Operation(summary = "获取e办登录URL", description = "获取e办系统的OAuth2登录地址")
+    @TenantIgnore
+    public CommonResult<String> getEbanLoginUrl() {
+        return success(authService.getEbanLoginUrl());
+    }
+
 }

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/auth/vo/AuthOAuth2CallbackReqVO.java

@@ -0,0 +1,24 @@
+package com.zt.plat.module.system.controller.admin.auth.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import jakarta.validation.constraints.NotEmpty;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Schema(description = "管理后台 - OAuth2回调 Request VO")
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+public class AuthOAuth2CallbackReqVO {
+
+    @Schema(description = "授权码", requiredMode = Schema.RequiredMode.REQUIRED, example = "abc123")
+    @NotEmpty(message = "授权码不能为空")
+    private String code;
+
+    @Schema(description = "状态参数", example = "111")
+    private String state;
+
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/auth/vo/AuthUserTypeRespVO.java

@@ -0,0 +1,22 @@
+package com.zt.plat.module.system.controller.admin.auth.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Schema(description = "管理后台 - 用户类型检查 Response VO")
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+@Builder
+public class AuthUserTypeRespVO {
+
+    @Schema(description = "是否为内部用户（E办用户）", requiredMode = Schema.RequiredMode.REQUIRED, example = "true")
+    private Boolean isInternal;
+
+    @Schema(description = "E办登录跳转URL", example = "http://10.2.137.42/idp/oauth2/authorize?...")
+    private String ebanLoginUrl;
+
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/auth/AdminAuthService.java

@@ -93,4 +93,27 @@ public interface AdminAuthService {
      */
     void resetPassword(AuthResetPasswordReqVO reqVO);
 
+    /**
+     * OAuth2回调处理
+     *
+     * @param reqVO OAuth2回调信息
+     * @return 登录结果
+     */
+    AuthLoginRespVO oauth2Callback(AuthOAuth2CallbackReqVO reqVO);
+
+    /**
+     * 检查用户类型
+     *
+     * @param username 用户名
+     * @return 用户类型信息
+     */
+    AuthUserTypeRespVO checkUserType(String username);
+
+    /**
+     * 获取e办登录URL
+     *
+     * @return e办系统的OAuth2登录地址
+     */
+    String getEbanLoginUrl();
+
 }

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/oauth2/EbanOAuth2Service.java

@@ -0,0 +1,71 @@
+package com.zt.plat.module.system.service.oauth2;
+
+import com.zt.plat.module.system.controller.admin.auth.vo.AuthOAuth2CallbackReqVO;
+import com.zt.plat.module.system.controller.admin.auth.vo.AuthLoginRespVO;
+
+/**
+ * E办OAuth2服务接口
+ *
+ * @author ZT
+ */
+public interface EbanOAuth2Service {
+
+    /**
+     * 处理E办OAuth2回调
+     *
+     * @param reqVO OAuth2回调请求
+     * @return 登录结果
+     */
+    AuthLoginRespVO handleCallback(AuthOAuth2CallbackReqVO reqVO);
+    
+    /**
+     * 通过授权码获取用户信息
+     *
+     * @param code 授权码
+     * @param state 状态参数
+     * @return 用户信息
+     */
+    EbanUserInfo getUserInfo(String code, String state);
+    
+    /**
+     * E办用户信息
+     */
+    class EbanUserInfo {
+        private String username;
+        private String realName;
+        private String email;
+        private String mobile;
+        private String deptName;
+        private EbanOAuth2ServiceImpl.EbanTokenInfo tokenInfo; // 添加Token信息
+        
+        // 构造函数
+        public EbanUserInfo() {}
+        
+        public EbanUserInfo(String username, String realName, String email, String mobile, String deptName) {
+            this.username = username;
+            this.realName = realName;
+            this.email = email;
+            this.mobile = mobile;
+            this.deptName = deptName;
+        }
+        
+        // getter和setter方法
+        public String getUsername() { return username; }
+        public void setUsername(String username) { this.username = username; }
+        
+        public String getRealName() { return realName; }
+        public void setRealName(String realName) { this.realName = realName; }
+        
+        public String getEmail() { return email; }
+        public void setEmail(String email) { this.email = email; }
+        
+        public String getMobile() { return mobile; }
+        public void setMobile(String mobile) { this.mobile = mobile; }
+        
+        public String getDeptName() { return deptName; }
+        public void setDeptName(String deptName) { this.deptName = deptName; }
+        
+        public EbanOAuth2ServiceImpl.EbanTokenInfo getTokenInfo() { return tokenInfo; }
+        public void setTokenInfo(EbanOAuth2ServiceImpl.EbanTokenInfo tokenInfo) { this.tokenInfo = tokenInfo; }
+    }
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/oauth2/EbanTokenService.java

@@ -0,0 +1,65 @@
+package com.zt.plat.module.system.service.oauth2;
+
+import com.zt.plat.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
+import com.zt.plat.module.system.dal.dataobject.oauth2.OAuth2RefreshTokenDO;
+
+/**
+ * E办Token管理服务接口（基于现有OAuth2 Token体系）
+ *
+ * @author ZT
+ */
+public interface EbanTokenService {
+
+    /**
+     * 创建E办Token信息到现有OAuth2表中
+     *
+     * @param userId 系统用户ID
+     * @param accessToken E办访问令牌
+     * @param refreshToken E办刷新令牌
+     * @param expiresIn 过期时间（秒）
+     * @param uid E办用户唯一标识
+     * @param userInfo E办用户信息（JSON格式）
+     * @return OAuth2AccessTokenDO
+     */
+    OAuth2AccessTokenDO createEbanToken(Long userId, String accessToken, String refreshToken, 
+                                        Integer expiresIn, String uid, String userInfo);
+
+    /**
+     * 根据用户ID获取E办Token
+     *
+     * @param userId 系统用户ID
+     * @return OAuth2AccessTokenDO
+     */
+    OAuth2AccessTokenDO getEbanTokenByUserId(Long userId);
+
+    /**
+     * 刷新E办Token
+     *
+     * @param userId 系统用户ID
+     * @return 是否刷新成功
+     */
+    boolean refreshEbanToken(Long userId);
+
+    /**
+     * 删除E办Token
+     *
+     * @param userId 系统用户ID
+     */
+    void deleteEbanToken(Long userId);
+
+    /**
+     * 检查E办Token是否有效
+     *
+     * @param userId 系统用户ID
+     * @return 是否有效
+     */
+    boolean isEbanTokenValid(Long userId);
+    
+    /**
+     * 根据access_token获取E办Token信息
+     *
+     * @param accessToken 访问令牌
+     * @return OAuth2AccessTokenDO
+     */
+    OAuth2AccessTokenDO getEbanTokenByAccessToken(String accessToken);
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/oauth2/EbanTokenServiceImpl.java

@@ -0,0 +1,97 @@
+package com.zt.plat.module.system.service.oauth2;
+
+import cn.hutool.core.util.StrUtil;
+import cn.hutool.http.HttpRequest;
+import cn.hutool.http.HttpResponse;
+import cn.hutool.json.JSONObject;
+import cn.hutool.json.JSONUtil;
+import com.zt.plat.framework.common.enums.UserTypeEnum;
+import com.zt.plat.module.system.dal.dataobject.oauth2.OAuth2AccessTokenDO;
+import com.zt.plat.module.system.dal.dataobject.oauth2.OAuth2RefreshTokenDO;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Service;
+
+import jakarta.annotation.Resource;
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * E办Token管理服务实现类（基于现有OAuth2 Token体系）
+ *
+ * @author ZT
+ */
+@Service
+@Slf4j
+public class EbanTokenServiceImpl implements EbanTokenService {
+
+    @Resource
+    private OAuth2TokenService oauth2TokenService;
+
+    @Value("${eban.oauth2.auth-server.client-id:tyszhjyglxt}")
+    private String clientId;
+
+    @Value("${eban.oauth2.auth-server.client-secret:}")
+    private String clientSecret;
+
+    @Value("${eban.oauth2.token.refresh-url:http://10.2.137.42/idp/oauth2/refreshToken}")
+    private String refreshTokenUrl;
+
+    @Value("${eban.oauth2.token.check-url:http://10.2.137.42/idp/oauth2/checkTokenValid}")
+    private String checkTokenUrl;
+
+    private static final String EBAN_CLIENT_ID = "eban-oauth2-client";
+    private static final String EBAN_SCOPES = "user:read";
+
+    @Override
+    public OAuth2AccessTokenDO createEbanToken(Long userId, String accessToken, String refreshToken, 
+                                               Integer expiresIn, String uid, String userInfo) {
+        try {
+            // 使用现有的OAuth2TokenService创建token
+            // 由于原方法签名不匹配，我们先简单实现
+            OAuth2AccessTokenDO token = oauth2TokenService.createAccessToken(
+                userId, 
+                UserTypeEnum.ADMIN.getValue(),
+                EBAN_CLIENT_ID,
+                java.util.Arrays.asList(EBAN_SCOPES)
+            );
+            
+            log.info("成功创建E办Token: userId={}, uid={}", userId, uid);
+            return token;
+            
+        } catch (Exception e) {
+            log.error("创建E办Token失败: userId=" + userId + ", uid=" + uid, e);
+            throw new RuntimeException("创建E办Token失败", e);
+        }
+    }
+
+    @Override
+    public OAuth2AccessTokenDO getEbanTokenByUserId(Long userId) {
+        // 暂时返回null，需要根据实际的OAuth2TokenService方法实现
+        return null;
+    }
+
+    @Override
+    public OAuth2AccessTokenDO getEbanTokenByAccessToken(String accessToken) {
+        return oauth2TokenService.getAccessToken(accessToken);
+    }
+
+    @Override
+    public boolean refreshEbanToken(Long userId) {
+        // 暂时简单实现
+        return false;
+    }
+
+    @Override
+    public void deleteEbanToken(Long userId) {
+        // 暂时简单实现
+        log.info("删除E办Token: userId={}", userId);
+    }
+
+    @Override
+    public boolean isEbanTokenValid(Long userId) {
+        // 暂时简单实现
+        return false;
+    }
+}