From f91d2d05e8182b57d0b1f8c747827605688efb72 Mon Sep 17 00:00:00 2001 From: wuzongyong <13203449218@163.com> Date: Thu, 29 Jan 2026 15:26:25 +0800 Subject: [PATCH 1/2] =?UTF-8?q?feat(iwork):=20=E6=B7=BB=E5=8A=A0=E5=B7=A5?= =?UTF-8?q?=E4=BD=9C=E6=B5=81=E5=88=9B=E5=BB=BA=E6=93=8D=E4=BD=9C=E4=B8=AD?= =?UTF-8?q?operatorUserId=E5=AD=97=E6=AE=B5=E9=AA=8C=E8=AF=81?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - 在createWorkflow方法中添加operatorUserId必填字段检查 - 在createGenericWorkflow方法中添加operatorUserId必填字段检查 - 当operatorUserId为空时抛出IWORK_SEAL_REQUIRED_FIELD_MISSING异常 - 优化createGenericWorkflow中operatorUserId参数传递逻辑 --- .../iwork/impl/IWorkIntegrationServiceImpl.java | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/impl/IWorkIntegrationServiceImpl.java b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/impl/IWorkIntegrationServiceImpl.java index fcf0bd56..d184dd7e 100644 --- a/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/impl/IWorkIntegrationServiceImpl.java +++ b/zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/impl/IWorkIntegrationServiceImpl.java @@ -140,6 +140,11 @@ public class IWorkIntegrationServiceImpl implements IWorkIntegrationService { @Override public IWorkOperationRespVO createWorkflow(IWorkWorkflowCreateReqVO reqVO) { + // 检查是否传输了operatorId + String reqVOOperatorUserId = reqVO.getOperatorUserId(); + if (!StringUtils.hasText(reqVOOperatorUserId)) { + throw ServiceExceptionUtil.exception(IWORK_SEAL_REQUIRED_FIELD_MISSING, "operatorUserId"); + } assertConfigured(); String appId = resolveAppId(); ClientKeyPair clientKeyPair = resolveClientKeyPair(appId, Boolean.TRUE.equals(reqVO.getForceRefreshToken())); @@ -163,10 +168,16 @@ public class IWorkIntegrationServiceImpl implements IWorkIntegrationService { @Override public IWorkOperationRespVO createGenericWorkflow(IWorkGenericWorkflowCreateReqVO reqVO) { + // 检查是否传输了operatorId + String reqVOOperatorUserId = reqVO.getOperatorUserId(); + if (!StringUtils.hasText(reqVOOperatorUserId)) { + throw ServiceExceptionUtil.exception(IWORK_SEAL_REQUIRED_FIELD_MISSING, "operatorUserId"); + } + assertConfigured(); String appId = resolveAppId(); ClientKeyPair clientKeyPair = resolveClientKeyPair(appId, Boolean.TRUE.equals(reqVO.getForceRefreshToken())); - String operatorUserId = resolveOperatorUserId(reqVO.getOperatorUserId()); + String operatorUserId = resolveOperatorUserId(reqVOOperatorUserId); IWorkSession session = createSession(appId, clientKeyPair, operatorUserId, Boolean.TRUE.equals(reqVO.getForceRefreshToken())); // 构建透传参数,将 workflowId 加入 payload From cabd6e32978698543d68199a0300002c00c429e5 Mon Sep 17 00:00:00 2001 From: yangchaojin <549193112@qq.com> Date: Thu, 29 Jan 2026 15:38:07 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E7=8E=AF=E5=A2=83=E5=A4=9A=E7=BA=A7=E4=BB=A3=E7=90=86=E8=B7=AF?= =?UTF-8?q?=E5=8A=B2=E6=8B=BC=E6=8E=A5=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../controller/admin/file/FileController.java | 32 +++++++++++++------ 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/zt-module-infra/zt-module-infra-server/src/main/java/com/zt/plat/module/infra/controller/admin/file/FileController.java b/zt-module-infra/zt-module-infra-server/src/main/java/com/zt/plat/module/infra/controller/admin/file/FileController.java index f33232bc..17ec1e54 100644 --- a/zt-module-infra/zt-module-infra-server/src/main/java/com/zt/plat/module/infra/controller/admin/file/FileController.java +++ b/zt-module-infra/zt-module-infra-server/src/main/java/com/zt/plat/module/infra/controller/admin/file/FileController.java @@ -270,18 +270,32 @@ public class FileController { } private String buildPublicBaseUrl(HttpServletRequest request) { - if (previewBaseUrl != null && !previewBaseUrl.isBlank()) { - return previewBaseUrl.endsWith("/") - ? previewBaseUrl.substring(0, previewBaseUrl.length() - 1) - : previewBaseUrl; + // 1. 优先使用配置(必须是合法 http(s)) + if (previewBaseUrl != null) { + String v = previewBaseUrl.trim(); + if (!v.isEmpty() && (v.startsWith("http://") || v.startsWith("https://"))) { + return v.endsWith("/") ? v.substring(0, v.length() - 1) : v; + } } - // 兜底:从请求推断 - String scheme = request.getHeader("X-Forwarded-Proto"); - if (scheme == null) scheme = request.getScheme(); + // 2. 从请求头推断 scheme(注意:多级代理会是 "http,http") + String scheme = request.getHeader("X-Forwarded-Proto"); + if (scheme == null || scheme.isBlank()) { + scheme = request.getScheme(); + } else { + scheme = scheme.split(",")[0].trim(); + } + + // 3. 从请求头推断 host(同样可能是多值) String host = request.getHeader("X-Forwarded-Host"); - if (host == null) host = request.getHeader("Host"); - if (host == null) host = request.getServerName() + ":" + request.getServerPort(); + if (host == null || host.isBlank()) { + host = request.getHeader("Host"); + } + if (host == null || host.isBlank()) { + host = request.getServerName() + ":" + request.getServerPort(); + } else { + host = host.split(",")[0].trim(); + } return scheme + "://" + host; }