1

ruoyi-admin/src/main/java/com/ruoyi/web/controller/jarvis/KdocsCallbackController.java

@@ -44,8 +44,9 @@ public class KdocsCallbackController extends BaseController {
                 log.error("金山文档授权失败: {}", msg);
                 return htmlPage(false, "授权失败: " + msg, null);
             }
+            // 无 code：多为平台校验回调可达性，或用户直接打开本地址（非授权失败）
             if (StringUtils.isBlank(code)) {
-                return htmlPage(false, "缺少授权码 code", null);
+                return callbackEndpointInfoPage();
             }
             log.info("金山文档授权回调 code 已收到 state={}", state);
             KdocsTokenInfo tokenInfo = kdocsOAuthService.getAccessTokenByCode(code);
@@ -83,4 +84,20 @@ public class KdocsCallbackController extends BaseController {
         html.append("</script></body></html>");
         return new ResponseEntity<>(html.toString(), headers, HttpStatus.OK);
     }
+
+    /**
+     * 无授权参数时的占位页：HTTP 200，避免被误判为「回调不可用」，也不向 opener 误发失败消息。
+     */
+    private ResponseEntity<String> callbackEndpointInfoPage() {
+        HttpHeaders headers = new HttpHeaders();
+        headers.setContentType(MediaType.TEXT_HTML);
+        String html = "<!DOCTYPE html><html lang='zh-CN'><head><meta charset='UTF-8'><meta name='robots' content='noindex'>"
+            + "<title>金山文档授权回调</title></head>"
+            + "<body style='font-family:sans-serif;text-align:center;padding:40px;color:#333'>"
+            + "<h2>金山文档授权回调</h2>"
+            + "<p>此地址用于 OAuth 授权完成后的跳转，请勿直接收藏或打开。</p>"
+            + "<p>请在系统中点击「连接金山文档」或「授权」后，由金山文档页面自动跳转到此处。</p>"
+            + "</body></html>";
+        return new ResponseEntity<>(html, headers, HttpStatus.OK);
+    }
 }

ruoyi-admin/src/main/java/com/ruoyi/web/controller/jarvis/Wps365ToKdocsCallbackRedirectController.java

@@ -0,0 +1,30 @@
+package com.ruoyi.web.controller.jarvis;
+
+import com.ruoyi.common.annotation.Anonymous;
+import com.ruoyi.common.utils.StringUtils;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import java.net.URI;
+
+/**
+ * 迁移金山文档后，开放平台若仍登记旧回调 /wps365-callback，则 302 到新路径并保留 query（含 code）。
+ */
+@Anonymous
+@RestController
+public class Wps365ToKdocsCallbackRedirectController {
+
+    @Anonymous
+    @GetMapping("/wps365-callback")
+    public ResponseEntity<Void> redirectToKdocs(HttpServletRequest request) {
+        String q = request.getQueryString();
+        String path = "/kdocs-callback" + (StringUtils.isNotBlank(q) ? "?" + q : "");
+        HttpHeaders headers = new HttpHeaders();
+        headers.setLocation(URI.create(path));
+        return new ResponseEntity<>(null, headers, HttpStatus.FOUND);
+    }
+}

ruoyi-framework/src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -118,6 +118,10 @@ public class SecurityConfig
                     .antMatchers("/jarvis/tendoc/oauth/callback").permitAll()
                     // 腾讯文档OAuth回调接口（备用路径），允许匿名访问
                     .antMatchers("/tendoc-callback").permitAll()
+                    // 金山文档 OAuth 回调（与 @Anonymous 双保险，避免未扫描进白名单时 401）
+                    .antMatchers("/kdocs-callback").permitAll()
+                    // 旧 WPS 回调路径：重定向到新路径，便于后台仍登记旧 URL 时可用
+                    .antMatchers("/wps365-callback").permitAll()
                     // 静态资源，可匿名访问
                     .antMatchers(HttpMethod.GET, "/", "/*.html", "/**/*.html", "/**/*.css", "/**/*.js", "/profile/**").permitAll()
                     .antMatchers("/swagger-ui.html", "/swagger-resources/**", "/webjars/**", "/*/api-docs", "/druid/**").permitAll()