Merge remote-tracking branch 'base-version/main' into dev

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/IWorkIntegrationController.java

@@ -1,6 +1,10 @@
 package com.zt.plat.module.system.controller.admin.integration.iwork;
 
 import com.zt.plat.framework.common.pojo.CommonResult;
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthRegisterReqVO;
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthRegisterRespVO;
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthTokenReqVO;
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthTokenRespVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkDepartmentQueryReqVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkJobTitleQueryReqVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkOperationRespVO;
@@ -39,6 +43,18 @@ public class IWorkIntegrationController {
     private final IWorkIntegrationService integrationService;
     private final IWorkOrgRestService orgRestService;
 
+    @PostMapping("/auth/register")
+    @Operation(summary = "注册 iWork 凭证，获取服务端公钥与 secret")
+    public CommonResult<IWorkAuthRegisterRespVO> register(@Valid @RequestBody IWorkAuthRegisterReqVO reqVO) {
+        return success(integrationService.registerSession(reqVO));
+    }
+
+    @PostMapping("/auth/token")
+    @Operation(summary = "申请 iWork Token（独立接口）")
+    public CommonResult<IWorkAuthTokenRespVO> acquireToken(@Valid @RequestBody IWorkAuthTokenReqVO reqVO) {
+        return success(integrationService.acquireToken(reqVO));
+    }
+
     @PostMapping("/user/resolve")
     @Operation(summary = "根据外部标识获取 iWork 用户编号")
     public CommonResult<IWorkUserInfoRespVO> resolveUser(@Valid @RequestBody IWorkUserInfoReqVO reqVO) {

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkAuthRegisterReqVO.java

@@ -0,0 +1,14 @@
+package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+/**
+ * 请求重新向 iWork 注册以换取服务端公钥与 secret。
+ */
+@Data
+public class IWorkAuthRegisterReqVO {
+
+    @Schema(description = "是否强制刷新注册信息", example = "false")
+    private Boolean forceRefreshRegistration;
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkAuthRegisterRespVO.java

@@ -0,0 +1,26 @@
+package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+/**
+ * 返回 iWork 注册后的公钥与密钥信息。
+ */
+@Data
+public class IWorkAuthRegisterRespVO {
+
+    @Schema(description = "使用的 iWork 应用编号", example = "iwork-app")
+    private String appId;
+
+    @Schema(description = "本地配置的客户端公钥（Base64）")
+    private String clientPublicKey;
+
+    @Schema(description = "自动生成的客户端私钥（Base64），仅在未配置固定公钥时返回")
+    private String clientPrivateKey;
+
+    @Schema(description = "iWork 返回的 server public key（Base64）")
+    private String serverPublicKey;
+
+    @Schema(description = "iWork 返回的 secret，用于后续申请 token")
+    private String secret;
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkAuthTokenReqVO.java

@@ -0,0 +1,16 @@
+package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+
+/**
+ * 申请 iWork token 的请求参数。
+ */
+@Data
+@EqualsAndHashCode(callSuper = true)
+public class IWorkAuthTokenReqVO extends IWorkBaseReqVO {
+
+    @Schema(description = "是否强制重新执行注册流程")
+    private Boolean forceRefreshRegistration;
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/controller/admin/integration/iwork/vo/IWorkAuthTokenRespVO.java

@@ -0,0 +1,29 @@
+package com.zt.plat.module.system.controller.admin.integration.iwork.vo;
+
+import io.swagger.v3.oas.annotations.media.Schema;
+import lombok.Data;
+
+/**
+ * 申请 token 的返回结果。
+ */
+@Data
+public class IWorkAuthTokenRespVO {
+
+    @Schema(description = "使用的 iWork appId", example = "iwork-app")
+    private String appId;
+
+    @Schema(description = "作为操作人的 iWork 用户编号", example = "1")
+    private String operatorUserId;
+
+    @Schema(description = "iWork 返回的访问 token")
+    private String token;
+
+    @Schema(description = "与 token 匹配的加密 userId，供 header 直接使用")
+    private String encryptedUserId;
+
+    @Schema(description = "token 预计过期时间（Epoch 秒）")
+    private Long expiresAtEpochSecond;
+
+    @Schema(description = "当前会话对应的 server public key")
+    private String serverPublicKey;
+}

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/framework/integration/iwork/config/IWorkProperties.java

@@ -85,12 +85,12 @@ public class IWorkProperties {
 
     @Getter
     public static class Headers {
-        private final String appId = "app-id";
+        private final String appId = "appid";
-        private final String clientPublicKey = "client-public-key";
+        private final String clientPublicKey = "cpk";
         private final String secret = "secret";
         private final String token = "token";
         private final String time = "time";
-        private final String userId = "user-id";
+        private final String userId = "userid";
     }
 
     @Data

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/IWorkIntegrationErrorCodeConstants.java

@@ -9,7 +9,7 @@ public interface IWorkIntegrationErrorCodeConstants {
 
     ErrorCode IWORK_BASE_URL_MISSING = new ErrorCode(1_010_200_001, "iWork 集成未配置网关地址");
     ErrorCode IWORK_CONFIGURATION_INVALID = new ErrorCode(1_010_200_002,
-        "iWork 集成缺少必填配置（appId/clientPublicKey/userId/workflowId）");
+        "iWork 集成缺少必填配置（appId/userId/workflowId）或配置无效");
     ErrorCode IWORK_REGISTER_FAILED = new ErrorCode(1_010_200_003, "iWork 注册授权失败");
     ErrorCode IWORK_APPLY_TOKEN_FAILED = new ErrorCode(1_010_200_004, "iWork 令牌申请失败");
     ErrorCode IWORK_REMOTE_REQUEST_FAILED = new ErrorCode(1_010_200_005, "iWork 接口请求失败");

zt-module-system/zt-module-system-server/src/main/java/com/zt/plat/module/system/service/integration/iwork/IWorkIntegrationService.java

@@ -1,5 +1,9 @@
 package com.zt.plat.module.system.service.integration.iwork;
 
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthRegisterReqVO;
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthRegisterRespVO;
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthTokenReqVO;
+import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkAuthTokenRespVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkOperationRespVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkUserInfoReqVO;
 import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkUserInfoRespVO;
@@ -11,6 +15,16 @@ import com.zt.plat.module.system.controller.admin.integration.iwork.vo.IWorkWork
  */
 public interface IWorkIntegrationService {
 
+    /**
+     * 主动触发注册流程，获取 iWork 返回的服务端公钥与 secret。
+     */
+    IWorkAuthRegisterRespVO registerSession(IWorkAuthRegisterReqVO reqVO);
+
+    /**
+     * 主动向 iWork 申请访问 token，并返回相关会话信息。
+     */
+    IWorkAuthTokenRespVO acquireToken(IWorkAuthTokenReqVO reqVO);
+
     /**
      * 根据外部标识解析 iWork 内部用户编号。
      */

zt-module-system/zt-module-system-server/src/main/resources/application.yaml

@@ -107,10 +107,11 @@ easy-trans:
 
 iwork:
   base-url: http://172.16.36.233:8080
-  app-id:
+#  app-id: f47ac10b-58cc-4372-a567-0e02b2c3d479
+  app-id: f47ac10b-58cc-4372-a567-0e02b2c3d479
   client-public-key:
-  user-id:
+  user-id: 9869
-  workflow-id:
+  workflow-id: 1753
   paths:
     register: /api/ec/dev/auth/regist
     apply-token: /api/ec/dev/auth/applytoken
@@ -169,6 +170,8 @@ xxl:
   job:
     executor:
       appname: ${spring.application.name} # 执行器 AppName
+      port: 0
+      ip: 172.16.234.132
       logpath: ${user.home}/logs/xxl-job/${spring.application.name} # 执行器运行日志文件存储磁盘路径
     accessToken: default_token # 执行器通讯TOKEN