优化pdd授权url

api/gateway/src/main/java/cn/qihangerp/gateway/TokenFilter.java

@@ -29,6 +29,7 @@ public class TokenFilter implements GlobalFilter, Ordered {
         if(url.equals("/api/sys-api/login") || url.equals("/api/sys-api/getInfo") || url.equals("/api/sys-api/logout")
                 || url.contains("/system/config")
                 || url.contains("/captchaImage")
+                || url.contains("/oauth_callback")
         )
         {
             // 登录页面 放行

core/security/src/main/java/cn/qihangerp/security/JwtAuthenticationTokenFilter.java

@@ -45,14 +45,15 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
 //        String token = exchange.getRequest().getHeaders().getFirst(TOKEN_HEADER);
         String token = request.getHeader("Authorization");
         String url = request.getRequestURI();
-        log.info("intercept " + url);
+//        log.info("intercept " + url);
 //        log.info("token: " + token); || request.getRequestURI().equals("/getInfo") || request.getRequestURI().equals("/logout")
         if (request.getRequestURI().equals("/login")
-                || request.getRequestURI().contains("/login")
+                || url.contains("/login")
-                || request.getRequestURI().contains("/captchaImage")
+                || url.contains("/captchaImage")
-                || request.getRequestURI().contains("/order/get_detail")
+                || url.contains("/order/get_detail")
-                || request.getRequestURI().contains("/refund/get_detail")
+                || url.contains("/refund/get_detail")
-                || request.getRequestURI().contains("/system/config")
+                || url.contains("/system/config")
+                || url.contains("/oauth_callback")
         ) {
             // 登录页面，放行 || request.getRequestURI().equals("/order/get_detail")
             chain.doFilter(request, response);

core/security/src/main/java/cn/qihangerp/security/SecurityConfig.java

@@ -67,6 +67,7 @@ public class SecurityConfig {
                         .requestMatchers(HttpMethod.GET, "/system/config/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/captchaImage").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/sys-api/system/config/**").permitAll()
+                        .requestMatchers("/pdd/oauth_callback").permitAll()
                         // 允许直接访问授权登录接口
                         .requestMatchers(HttpMethod.POST, "/login").permitAll()
                         .requestMatchers(HttpMethod.POST, "/api/sys-api/login").permitAll()

microservices/pdd-api/src/main/java/cn/qihangerp/api/pdd/controller/PddOAuthController.java

@@ -1,10 +1,9 @@
 package cn.qihangerp.api.pdd.controller;
 
-
-
 import cn.qihangerp.api.pdd.PddTokenCreateBo;
 import cn.qihangerp.common.AjaxResult;
 import cn.qihangerp.common.enums.EnumShopType;
+import cn.qihangerp.model.entity.OShop;
 import cn.qihangerp.model.entity.OShopPlatform;
 import cn.qihangerp.module.service.OShopPlatformService;
 import cn.qihangerp.module.service.OShopService;
@@ -12,25 +11,36 @@ import cn.qihangerp.open.common.ApiResultVo;
 import cn.qihangerp.open.pdd.PddTokenApiHelper;
 
 import cn.qihangerp.open.pdd.model.Token;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 
 import java.io.IOException;
+import java.net.URLDecoder;
 import java.net.URLEncoder;
+import java.util.HashMap;
+import java.util.Map;
 
-@AllArgsConstructor
+@Slf4j
 @RequestMapping("/pdd")
 @RestController
 public class PddOAuthController {
-    private final OShopService shopService;
+    @Autowired
-    private final OShopPlatformService platformService;
+    private OShopService shopService;
-//    @Autowired
+    @Autowired
-//    private IShopService shopService;
+    private OShopPlatformService platformService;
-//    @Autowired
+
-//    private ServerConfig serverConfig;
+    @Value("${qihangerp.auth-redirect-url:''}")
-    private static Logger log = LoggerFactory.getLogger(PddOAuthController.class);
+    private String authRedirectUrl;
+
 
     @GetMapping("/getOauthUrl")
     public AjaxResult oauth(@RequestParam Integer shopId) {
@@ -40,7 +50,7 @@ public class PddOAuthController {
         String appKey = platform.getAppKey();
         String appSercet = platform.getAppSecret();
 
-        String url = "https://mms.pinduoduo.com/open.html?response_type=code&client_id=" + appKey + "&redirect_uri=" + URLEncoder.encode(platform.getRedirectUri());
+        String url = "https://mms.pinduoduo.com/open.html?response_type=code&client_id=" + appKey + "&redirect_uri=" + URLEncoder.encode(platform.getRedirectUri())+"&state="+shopId;
         return AjaxResult.success("SUCCESS",url);
     }
 
@@ -74,5 +84,91 @@ public class PddOAuthController {
 //    }
 
 
+    /**
+     * 授权返回
+     * @param request
+     * @return
+     * @throws IOException
+     */
+    @GetMapping("/oauth_callback")
+    public void oauthCallback(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        log.info("================Pdd授权返回==========");
+        String shopId = request.getParameter("state");
+        String code = request.getParameter("code");
+        // 打印查询参数（URL中的参数）
+        request.getParameterMap().forEach((key, value) -> {
+            log.info("Request param: {} = {}", key, String.join(", ", value));
+        });
+
+        OShop shop = shopService.getById(shopId);
+        log.info("========获取店铺");
+        if(shop==null) {
+            log.error("============店铺不存在========");
+            sendJsonResponse(response, 500, "店铺不存在");
+            return;
+        }
+        else if(shop.getType()!=EnumShopType.PDD.getIndex()) {
+            log.error("============非PDD店铺========");
+            sendJsonResponse(response, 500, "非PDD店铺");
+            return;
+        }
+        String appKey="";
+        String appSecret="";
+        if(StringUtils.hasText(shop.getAppKey())){
+            appKey = shop.getAppKey();
+            appSecret = shop.getAppSecret();
+
+        }else {
+            OShopPlatform oShopPlatform = platformService.selectById(EnumShopType.PDD.getIndex());
+            appKey = oShopPlatform.getAppKey();
+            appSecret = oShopPlatform.getAppSecret();
 
         }
+        if (!StringUtils.hasText(appKey)) {
+            log.error("============平台参数设置错误，没有找到AppKey========");
+            sendJsonResponse(response, 500, "平台参数设置错误，没有找到AppKey");
+            return;
+        }
+        if (!StringUtils.hasText(appSecret)) {
+            log.error("============平台参数设置错误，没有找到AppSecret========");
+            sendJsonResponse(response, 500, "平台参数设置错误，没有找到AppSecret");
+            return;
+        }
+//        log.info("========获取平台参数：{}",appKey);
+//        PopAccessTokenClient accessTokenClient = new PopAccessTokenClient(appKey, appSecret);
+
+        // 生成AccessToken
+        try {
+            ApiResultVo<Token> token = PddTokenApiHelper.getToken(appKey, appSecret, code);
+//            log.info("==========获取拼多多授权token:{}", JSONObject.toJSONString(token));
+            if (token.getCode() != 0) {
+                log.error("===========获取拼多多授权token错误：" + token.getMsg());
+                sendJsonResponse(response, 500, token.getMsg());
+                return;
+            }
+
+            //保存accessToken
+            shopService.updateSessionKey(shop.getId(),token.getData().getAccess_token());
+            log.info("===========获取拼多多授权token成功=====SAVE====");
+        } catch (Exception e) {
+            e.printStackTrace();
+            log.error("=======获取拼多多AccessToken异常：{}",e.getMessage());
+            sendJsonResponse(response, 500, e.getMessage());
+            return;
+        }
+        log.info("======拼多多AccessToken获取成功=========");
+        response.sendRedirect(StringUtils.hasText(authRedirectUrl)?authRedirectUrl:"https://erp.qihangerp.cn/");  // 跳转到新页面
+    }
+
+    // 返回JSON响应
+    private void sendJsonResponse(HttpServletResponse response, int code, String msg) throws IOException {
+        response.setContentType("application/json");
+        response.setCharacterEncoding("UTF-8");
+        Map<String, Object> map = new HashMap<>();
+        map.put("code", code);
+        map.put("msg", URLDecoder.decode(msg, "UTF-8"));
+        ObjectMapper mapper = new ObjectMapper();
+        String json = mapper.writeValueAsString(map);
+        response.getWriter().write(json);
+    }
+}

microservices/pdd-api/src/main/resources/application.yml

@@ -2,3 +2,4 @@ qihangerp:
   name: 启航电商ERP
   goods:
     version: 2.4.21
+  auth-redirect-url: http://erp.qihangerp.cn:88