feat: 新增第三方登录认证和管理

2025-08-12 09:52:10 +08:00
parent d3f7c75ab4
commit c79786e1a1
50 changed files with 1678 additions and 157 deletions
--- a/src/modules/system/controller/sys_login_source.go
+++ b/src/modules/system/controller/sys_login_source.go
@@ -0,0 +1,163 @@
+package controller
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"github.com/gin-gonic/gin"
+
+	"be.ems/src/framework/i18n"
+	"be.ems/src/framework/reqctx"
+	"be.ems/src/framework/resp"
+	"be.ems/src/framework/utils/parse"
+	"be.ems/src/modules/system/model"
+	"be.ems/src/modules/system/service"
+)
+
+// NewLoginSource 实例化控制层
+var NewSysLoginSource = &SysLoginSourceController{
+	sysLoginSourceService: service.NewSysLoginSource,
+}
+
+// SysLoginSourceController 认证源管理 控制层处理
+//
+// PATH /sys/login-source
+type SysLoginSourceController struct {
+	sysLoginSourceService *service.SysLoginSource // 认证源信息服务
+}
+
+// List 列表
+//
+// GET /list
+func (s SysLoginSourceController) List(c *gin.Context) {
+	query := reqctx.QueryMap(c)
+	rows, total := s.sysLoginSourceService.FindByPage(query)
+	c.JSON(200, resp.OkData(map[string]any{"rows": rows, "total": total}))
+}
+
+// Info 信息
+//
+// GET /:id
+func (s SysLoginSourceController) Info(c *gin.Context) {
+	id := c.Param("id")
+	if id == "" {
+		c.JSON(422, resp.CodeMsg(resp.CODE_PARAM_CHEACK, "bind err: id is empty"))
+		return
+	}
+
+	info := s.sysLoginSourceService.FindById(parse.Number(id))
+	if info.Id == parse.Number(id) {
+		c.JSON(200, resp.OkData(info))
+		return
+	}
+	c.JSON(200, resp.ErrMsg("id does not exist"))
+}
+
+// Add 新增
+//
+// POST /
+func (s SysLoginSourceController) Add(c *gin.Context) {
+	var body model.SysLoginSource
+	if err := c.ShouldBindBodyWithJSON(&body); err != nil {
+		errMsgs := fmt.Sprintf("bind err: %s", resp.FormatBindError(err))
+		c.JSON(422, resp.CodeMsg(resp.CODE_PARAM_PARSER, errMsgs))
+		return
+	}
+	if body.Id > 0 {
+		c.JSON(422, resp.CodeMsg(resp.CODE_PARAM_CHEACK, "bind err: id not is empty"))
+		return
+	}
+	if len(body.Config) < 7 || !json.Valid([]byte(body.Config)) {
+		c.JSON(200, resp.ErrMsg("config json format error"))
+		return
+	}
+	configStr, err := s.sysLoginSourceService.CheckConfigJSON(body.Type, body.Config)
+	if err != nil {
+		c.JSON(200, resp.ErrMsg(err.Error()))
+		return
+	}
+	body.Config = configStr
+
+	body.CreateBy = reqctx.LoginUserToUserName(c)
+	insertId := s.sysLoginSourceService.Insert(body)
+	if insertId > 0 {
+		c.JSON(200, resp.OkData(insertId))
+		return
+	}
+	c.JSON(200, resp.Err(nil))
+}
+
+// Edit 更新
+//
+// PUT /
+func (s SysLoginSourceController) Edit(c *gin.Context) {
+	var body model.SysLoginSource
+	if err := c.ShouldBindBodyWithJSON(&body); err != nil {
+		errMsgs := fmt.Sprintf("bind err: %s", resp.FormatBindError(err))
+		c.JSON(422, resp.CodeMsg(resp.CODE_PARAM_PARSER, errMsgs))
+		return
+	}
+	if body.Id <= 0 {
+		c.JSON(422, resp.CodeMsg(resp.CODE_PARAM_CHEACK, "bind err: id is empty"))
+		return
+	}
+	if len(body.Config) < 7 || !json.Valid([]byte(body.Config)) {
+		c.JSON(200, resp.ErrMsg("config json format error"))
+		return
+	}
+	configStr, err := s.sysLoginSourceService.CheckConfigJSON(body.Type, body.Config)
+	if err != nil {
+		c.JSON(200, resp.ErrMsg(err.Error()))
+		return
+	}
+	body.Config = configStr
+
+	// 查询信息
+	info := s.sysLoginSourceService.FindById(body.Id)
+	if info.Id != body.Id {
+		c.JSON(200, resp.ErrMsg("modification failed, data not exist"))
+		return
+	}
+
+	info.Type = body.Type
+	info.Name = body.Name
+	info.Icon = body.Icon
+	info.Config = body.Config
+	info.ActiveFlag = body.ActiveFlag
+	info.Remark = body.Remark
+	info.UpdateBy = reqctx.LoginUserToUserName(c)
+	rowsAffected := s.sysLoginSourceService.Update(info)
+	if rowsAffected > 0 {
+		c.JSON(200, resp.Ok(nil))
+		return
+	}
+	c.JSON(200, resp.Err(nil))
+}
+
+// Remove 删除
+//
+// DELETE /:id
+func (s SysLoginSourceController) Remove(c *gin.Context) {
+	language := reqctx.AcceptLanguage(c)
+	id := c.Param("id")
+	if id == "" {
+		c.JSON(422, resp.CodeMsg(resp.CODE_PARAM_CHEACK, "bind err: id is empty"))
+		return
+	}
+
+	// 处理字符转id数组后去重
+	uniqueIDs := parse.RemoveDuplicatesToArray(id, ",")
+	// 转换成int64数组类型
+	ids := make([]int64, 0)
+	for _, v := range uniqueIDs {
+		ids = append(ids, parse.Number(v))
+	}
+
+	rows, err := s.sysLoginSourceService.DeleteByIds(ids)
+	if err != nil {
+		c.JSON(200, resp.ErrMsg(err.Error()))
+		return
+	}
+	msg := i18n.TTemplate(language, "app.common.deleteSuccess", map[string]any{"num": rows})
+	c.JSON(200, resp.OkMsg(msg))
+}
--- a/src/modules/system/controller/sys_profile.go
+++ b/src/modules/system/controller/sys_profile.go
@@ -181,7 +181,7 @@ func (s *SysProfileController) UpdateProfile(c *gin.Context) {
 	rows := s.sysUserService.UpdateUser(sysUser)
 	if rows > 0 {
 		// 更新缓存用户信息
-		loginUser.User = s.sysUserService.SelectUserByUserName(userName)
+		loginUser.User = s.sysUserService.FindByUserName(userName, "System", "#")
 		// 用户权限组标识
 		isAdmin := config.IsAdmin(sysUser.UserID)
 		if isAdmin {
@@ -323,7 +323,7 @@ func (s *SysProfileController) Avatar(c *gin.Context) {
 	rows := s.sysUserService.UpdateUser(sysUser)
 	if rows > 0 {
 		// 更新缓存用户信息
-		loginUser.User = s.sysUserService.SelectUserByUserName(loginUser.User.UserName)
+		loginUser.User = s.sysUserService.FindByUserName(loginUser.User.UserName, "System", "#")
 		// 用户权限组标识
 		isAdmin := config.IsAdmin(sysUser.UserID)
 		if isAdmin {
--- a/src/modules/system/controller/sys_user.go
+++ b/src/modules/system/controller/sys_user.go
@@ -526,9 +526,10 @@ func (s *SysUserController) Export(c *gin.Context) {
 		"C1": i18n.TKey(language, "user.export.nick"),
 		"D1": i18n.TKey(language, "user.export.role"),
 		"E1": i18n.TKey(language, "user.export.deptName"),
-		"F1": i18n.TKey(language, "user.export.loginIP"),
-		"G1": i18n.TKey(language, "user.export.loginDate"),
-		"H1": i18n.TKey(language, "user.export.status"),
+		"F1": i18n.TKey(language, "user.export.userType"),
+		"G1": i18n.TKey(language, "user.export.loginIP"),
+		"H1": i18n.TKey(language, "user.export.loginDate"),
+		"I1": i18n.TKey(language, "user.export.status"),
 		// "F1": i18n.TKey(language, "user.export.sex"),
 		// "E1": i18n.TKey(language, "user.export.phone"),
 		// "D1": i18n.TKey(language, "user.export.email"),
@@ -536,6 +537,8 @@ func (s *SysUserController) Export(c *gin.Context) {
 		// "K1": i18n.TKey(language, "user.export.deptLeader"),
 	}
 	// 读取用户性别字典数据
+	dictSysUserType := s.sysDictDataService.SelectDictDataByType("sys_user_type")
+	// 读取用户性别字典数据
 	// dictSysUserSex := s.sysDictDataService.SelectDictDataByType("sys_user_sex")
 	// 从第二行开始的数据
 	dataCells := make([]map[string]any, 0)
@@ -549,6 +552,14 @@ func (s *SysUserController) Export(c *gin.Context) {
 		// 		break
 		// 	}
 		// }
+		// 用户类型
+		userType := row.UserType
+		for _, v := range dictSysUserType {
+			if row.UserType == v.DictValue && row.UserSource != "#" {
+				userType = i18n.TKey(language, v.DictLabel) + " " + row.UserSource
+				break
+			}
+		}
 		// 帐号状态
 		statusValue := i18n.TKey(language, "dictData.disable")
 		if row.Status == "1" {
@@ -557,7 +568,11 @@ func (s *SysUserController) Export(c *gin.Context) {
 		// 用户角色, 默认导出首个
 		userRole := ""
 		if len(row.Roles) > 0 {
-			userRole = i18n.TKey(language, row.Roles[0].RoleName)
+			arr := make([]string, 0)
+			for _, v := range row.Roles {
+				arr = append(arr, i18n.TKey(language, v.RoleName))
+			}
+			userRole = strings.Join(arr, ",")
 		}
 		dataCells = append(dataCells, map[string]any{
 			"A" + idx: row.UserID,
@@ -565,9 +580,10 @@ func (s *SysUserController) Export(c *gin.Context) {
 			"C" + idx: row.NickName,
 			"D" + idx: userRole,
 			"E" + idx: row.Dept.DeptName,
-			"F" + idx: row.LoginIP,
-			"G" + idx: date.ParseDateToStr(row.LoginDate, date.YYYY_MM_DD_HH_MM_SS),
-			"H" + idx: statusValue,
+			"F" + idx: userType,
+			"G" + idx: row.LoginIP,
+			"H" + idx: date.ParseDateToStr(row.LoginDate, date.YYYY_MM_DD_HH_MM_SS),
+			"I" + idx: statusValue,
 			// "E" + idx: row.PhoneNumber,
 			// "F" + idx: sysUserSex,
 			// "D" + idx: row.Email,
@@ -752,7 +768,7 @@ func (s *SysUserController) ImportData(c *gin.Context) {
 		}

 		// 验证是否存在这个用户
-		userInfo := s.sysUserService.SelectUserByUserName(newSysUser.UserName)
+		userInfo := s.sysUserService.FindByUserName(newSysUser.UserName, "System", "#")
 		if userInfo.UserName != newSysUser.UserName {
 			newSysUser.CreateBy = operName
 			insertId := s.sysUserService.InsertUser(newSysUser)
--- a/src/modules/system/model/sys_login_source.go
+++ b/src/modules/system/model/sys_login_source.go
@@ -0,0 +1,22 @@
+package model
+
+// SysLoginSource 系统第三方认证源 sys_login_source
+type SysLoginSource struct {
+	Id         int64  `gorm:"column:id;primaryKey;autoIncrement" json:"id"`                      // ID
+	UID        string `gorm:"column:uid" json:"uid"`                                             // UID 16位长度字符串
+	Type       string `gorm:"column:type" json:"type" binding:"required,oneof=LDAP SMTP OAuth2"` // 认证类型 LDAP SMTP OAuth2
+	Name       string `gorm:"column:name" json:"name" binding:"required"`                        // 认证名称
+	Icon       string `gorm:"column:icon" json:"icon"`                                           // 图标
+	ActiveFlag string `gorm:"column:active_flag" json:"activeFlag"`                              // 激活标记（0未激活 1激活）
+	SyncFlag   string `gorm:"column:sync_flag" json:"syncFlag"`                                  // 同步标记（0未同步 1同步）
+	Config     string `gorm:"column:config" json:"config" binding:"required"`                    // 配置JSON字符串
+	CreateBy   string `gorm:"column:create_by" json:"createBy"`                                  // 创建者
+	CreateTime int64  `gorm:"column:create_time" json:"createTime"`                              // 创建时间
+	UpdateBy   string `gorm:"column:update_by" json:"updateBy"`                                  // 更新者
+	UpdateTime int64  `gorm:"column:update_time" json:"updateTime"`                              // 更新时间
+	Remark     string `gorm:"column:remark" json:"remark"`                                       // 备注
+}
+
+func (*SysLoginSource) TableName() string {
+	return "sys_login_source"
+}
--- a/src/modules/system/model/sys_user.go
+++ b/src/modules/system/model/sys_user.go
@@ -3,58 +3,64 @@ package model
 // SysUser 用户对象 sys_user
 type SysUser struct {
 	// 用户ID
-	UserID string `json:"userId"`
+	UserID string `json:"userId" gorm:"column:user_id;type:bigint;primaryKey"`
 	// 部门ID
-	DeptID string `json:"deptId"`
+	DeptID string `json:"deptId" gorm:"column:dept_id"`
 	// 租户ID
-	TenantID string `json:"tenantId"`
+	TenantID string `json:"tenantId" gorm:"column:tenant_id"`
 	// 用户账号
-	UserName string `json:"userName" binding:"required"`
+	UserName string `json:"userName" binding:"required" gorm:"column:user_name"`
 	// 用户昵称
-	NickName string `json:"nickName" binding:"required"`
-	// 用户类型（sys系统用户）
-	UserType string `json:"userType"`
+	NickName string `json:"nickName" binding:"required" gorm:"column:nick_name"`
+	// 用户类型（System系统用户）
+	UserType   string `json:"userType" gorm:"column:user_type"`
+	UserSource string `json:"userSource" gorm:"column:user_source"` // 用户来源UID (系统#）)
 	// 用户邮箱
-	Email string `json:"email"`
+	Email string `json:"email" gorm:"column:email"`
 	// 手机号码
-	PhoneNumber string `json:"phonenumber"`
+	PhoneNumber string `json:"phonenumber" gorm:"column:phonenumber"`
 	// 用户性别（0未知 1男 2女）
-	Sex string `json:"sex"`
+	Sex string `json:"sex" gorm:"column:sex"`
 	// 头像地址
-	Avatar string `json:"avatar"`
+	Avatar string `json:"avatar" gorm:"column:avatar"`
 	// 密码
-	Password string `json:"-"`
+	Password string `json:"-" gorm:"column:password"`
 	// 帐号状态（0停用 1正常）
-	Status string `json:"status"`
+	Status string `json:"status"  gorm:"column:status"`
 	// 删除标志（0代表存在 1代表删除）
-	DelFlag string `json:"delFlag"`
+	DelFlag string `json:"delFlag" gorm:"column:del_flag"`
 	// 最后登录IP
-	LoginIP string `json:"loginIp"`
+	LoginIP string `json:"loginIp" gorm:"column:login_ip"`
 	// 最后登录时间
-	LoginDate int64 `json:"loginDate"`
+	LoginDate int64 `json:"loginDate" gorm:"column:login_date"`
 	// 创建者
-	CreateBy string `json:"createBy"`
+	CreateBy string `json:"createBy" gorm:"column:create_by"`
 	// 创建时间
-	CreateTime int64 `json:"createTime"`
+	CreateTime int64 `json:"createTime" gorm:"column:create_time"`
 	// 更新者
-	UpdateBy string `json:"updateBy"`
+	UpdateBy string `json:"updateBy" gorm:"column:update_by"`
 	// 更新时间
-	UpdateTime int64 `json:"updateTime"`
+	UpdateTime int64 `json:"updateTime" gorm:"column:update_time"`
 	// 备注
-	Remark string `json:"remark"`
+	Remark string `json:"remark" gorm:"column:remark"`

 	// ====== 非数据库字段属性 ======

 	// 部门对象
-	Dept SysDept `json:"dept,omitempty" binding:"structonly"`
+	Dept SysDept `json:"dept,omitempty" binding:"structonly" gorm:"-"`
 	// 租户对象
-	Tenant SysTenant `json:"tenant,omitempty" binding:"structonly"`
+	Tenant SysTenant `json:"tenant,omitempty" binding:"structonly" gorm:"-"`
 	// 角色对象组
-	Roles []SysRole `json:"roles"`
+	Roles []SysRole `json:"roles" gorm:"-"`
 	// 角色ID
-	RoleID string `json:"roleId,omitempty"`
+	RoleID string `json:"roleId,omitempty" gorm:"-"`
 	// 角色组
-	RoleIDs []string `json:"roleIds,omitempty"`
+	RoleIDs []string `json:"roleIds,omitempty" gorm:"-"`
 	// 岗位组
-	PostIDs []string `json:"postIds,omitempty"`
+	PostIDs []string `json:"postIds,omitempty" gorm:"-"`
+}
+
+// TableName 表名称
+func (*SysUser) TableName() string {
+	return "sys_user"
 }
--- a/src/modules/system/model/vo/login_source.go
+++ b/src/modules/system/model/vo/login_source.go
@@ -0,0 +1,28 @@
+package vo
+
+// SysLoginSourceLDAP LDAP认证源
+type SysLoginSourceLDAP struct {
+	URL          string `json:"url"`          // LDAP 服务器（ldap://192.168.9.58:11389）
+	BaseDN       string `json:"baseDN"`       // base DN（dc=example,dc=org）
+	UserFilter   string `json:"userFilter"`   // 用户过滤规则（(&(objectClass=organizationalPerson)(uid=%s)))
+	BindDN       string `json:"bindDN"`       // 绑定 DN（cn=admin,dc=example,dc=org）
+	BindPassword string `json:"bindPassword"` // 绑定密码（adminpassword）
+}
+
+// SysLoginSourceSMTP SMTP认证源
+type SysLoginSourceSMTP struct {
+	Host string `json:"host"` // SMTP 服务器（smtp.gmail.com）
+	Port int    `json:"port"` // SMTP 端口（587）
+}
+
+// SysLoginSourceOAuth2 OAuth2认证源
+type SysLoginSourceOAuth2 struct {
+	ClientID     string   `json:"clientID"`     // 客户端ID
+	ClientSecret string   `json:"clientSecret"` // 客户端密钥
+	AuthURL      string   `json:"authURL"`      // 认证URL
+	TokenURL     string   `json:"tokenURL"`     // 令牌URL
+	Scopes       []string `json:"scopes"`       // 授权范围
+	RedirectURL  string   `json:"redirectURL"`  // 重定向URL
+	UserURL      string   `json:"userURL"`      // 用户信息URL
+	AccountField string   `json:"accountField"` // 账号字段从用户信息中获取
+}
--- a/src/modules/system/repository/sys_dept.go
+++ b/src/modules/system/repository/sys_dept.go
@@ -39,4 +39,7 @@ type ISysDept interface {

 	// DeleteDeptById 删除部门管理信息
 	DeleteDeptById(deptId string) int64
+
+	// SelectById 通过ID查询信息
+	SelectById(deptId string) model.SysDept
 }
--- a/src/modules/system/repository/sys_dept.impl.go
+++ b/src/modules/system/repository/sys_dept.impl.go
@@ -391,3 +391,25 @@ func (r *SysDeptImpl) DeleteDeptById(deptId string) int64 {
 	}
 	return results
 }
+
+// SelectById 通过ID查询信息
+func (r *SysDeptImpl) SelectById(deptId string) model.SysDept {
+	if deptId == "" {
+		return model.SysDept{}
+	}
+	querySql := `select d.dept_id, d.parent_id, d.ancestors,
+	d.dept_name, d.order_num, d.leader, d.phone, d.email, d.status,
+	(select dept_name from sys_dept where dept_id = d.parent_id) parent_name
+	from sys_dept d where d.dept_id = ?`
+	results, err := datasource.RawDB("", querySql, []any{deptId})
+	if err != nil {
+		logger.Errorf("query err => %v", err)
+		return model.SysDept{}
+	}
+	// 转换实体
+	rows := r.convertResultRows(results)
+	if len(rows) > 0 {
+		return rows[0]
+	}
+	return model.SysDept{}
+}
--- a/src/modules/system/repository/sys_login_source.go
+++ b/src/modules/system/repository/sys_login_source.go
@@ -0,0 +1,150 @@
+package repository
+
+import (
+	"fmt"
+	"time"
+
+	"be.ems/src/framework/database/db"
+	"be.ems/src/framework/logger"
+	"be.ems/src/modules/system/model"
+)
+
+// NewSysLoginSource 实例化数据层
+var NewSysLoginSource = &SysLoginSource{}
+
+// SysLoginSource 认证源数据层处理
+type SysLoginSource struct{}
+
+// SelectByPage 分页查询集合
+func (r SysLoginSource) SelectByPage(query map[string]string) ([]model.SysLoginSource, int64) {
+	tx := db.DB("").Model(&model.SysLoginSource{})
+	// 查询条件拼接
+	if v, ok := query["name"]; ok && v != "" {
+		tx = tx.Where("name like ?", v+"%")
+	}
+	if v, ok := query["type"]; ok && v != "" {
+		tx = tx.Where("type = ?", v)
+	}
+	if v, ok := query["beginTime"]; ok && v != "" {
+		if len(v) == 10 {
+			v = fmt.Sprintf("%s000", v)
+		}
+		tx = tx.Where("create_time >= ?", v)
+	}
+	if v, ok := query["endTime"]; ok && v != "" {
+		if len(v) == 10 {
+			v = fmt.Sprintf("%s999", v)
+		}
+		tx = tx.Where("create_time <= ?", v)
+	}
+
+	// 查询结果
+	var total int64 = 0
+	rows := []model.SysLoginSource{}
+
+	// 查询数量为0直接返回
+	if err := tx.Count(&total).Error; err != nil || total <= 0 {
+		return rows, total
+	}
+
+	// 查询数据分页
+	pageNum, pageSize := db.PageNumSize(query["pageNum"], query["pageSize"])
+	tx = tx.Limit(pageSize).Offset(pageSize * pageNum)
+	err := tx.Find(&rows).Error
+	if err != nil {
+		return rows, total
+	}
+	return rows, total
+}
+
+// Select 查询集合
+func (r SysLoginSource) Select(param model.SysLoginSource) []model.SysLoginSource {
+	tx := db.DB("").Model(&model.SysLoginSource{})
+	// 查询条件拼接
+	if param.UID != "" {
+		tx = tx.Where("uid = ?", param.UID)
+	}
+	if param.Type != "" {
+		tx = tx.Where("type = ?", param.Type)
+	}
+	if param.Name != "" {
+		tx = tx.Where("name = ?", param.Name)
+	}
+	if param.ActiveFlag != "" {
+		tx = tx.Where("active_flag = ?", param.ActiveFlag)
+	}
+
+	// 查询数据
+	rows := []model.SysLoginSource{}
+	if err := tx.Find(&rows).Error; err != nil {
+		return rows
+	}
+	return rows
+}
+
+// SelectByIds 通过ID查询信息
+func (r SysLoginSource) SelectByIds(ids []int64) []model.SysLoginSource {
+	rows := []model.SysLoginSource{}
+	if len(ids) <= 0 {
+		return rows
+	}
+	tx := db.DB("").Model(&model.SysLoginSource{})
+	// 构建查询条件
+	tx = tx.Where("id in ?", ids)
+	// 查询数据
+	if err := tx.Find(&rows).Error; err != nil {
+		logger.Errorf("query find err => %v", err.Error())
+		return rows
+	}
+	return rows
+}
+
+// Insert 新增信息 返回新增数据ID
+func (r SysLoginSource) Insert(param model.SysLoginSource) int64 {
+	if param.CreateBy != "" {
+		ms := time.Now().UnixMilli()
+		param.UpdateBy = param.CreateBy
+		param.UpdateTime = ms
+		param.CreateTime = ms
+	}
+	// 执行插入
+	if err := db.DB("").Create(&param).Error; err != nil {
+		logger.Errorf("insert err => %v", err.Error())
+		return 0
+	}
+	return param.Id
+}
+
+// Update 修改信息 返回受影响行数
+func (r SysLoginSource) Update(param model.SysLoginSource) int64 {
+	if param.Id <= 0 {
+		return 0
+	}
+	if param.UpdateBy != "" {
+		param.UpdateTime = time.Now().UnixMilli()
+	}
+	tx := db.DB("").Model(&model.SysLoginSource{})
+	// 构建查询条件
+	tx = tx.Where("id = ?", param.Id)
+	tx = tx.Omit("id", "create_by", "create_time")
+	// 执行更新
+	if err := tx.Updates(param).Error; err != nil {
+		logger.Errorf("update err => %v", err.Error())
+		return 0
+	}
+	return tx.RowsAffected
+}
+
+// DeleteByIds 批量删除信息 返回受影响行数
+func (r SysLoginSource) DeleteByIds(ids []int64) int64 {
+	if len(ids) <= 0 {
+		return 0
+	}
+	tx := db.DB("").Where("id in ?", ids)
+	// 执行删除
+	if err := tx.Delete(&model.SysLoginSource{}).Error; err != nil {
+		logger.Errorf("delete err => %v", err.Error())
+		return 0
+	}
+	return tx.RowsAffected
+}
--- a/src/modules/system/repository/sys_role.go
+++ b/src/modules/system/repository/sys_role.go
@@ -27,4 +27,7 @@ type ISysRole interface {

 	// CheckUniqueRole 校验角色是否唯一
 	CheckUniqueRole(sysRole model.SysRole) string
+
+	// SelectByUserId 根据用户ID获取角色信息
+	SelectByUserId(userId string) []model.SysRole
 }
--- a/src/modules/system/repository/sys_role.impl.go
+++ b/src/modules/system/repository/sys_role.impl.go
@@ -373,3 +373,14 @@ func (r *SysRoleImpl) CheckUniqueRole(sysRole model.SysRole) string {
 	}
 	return ""
 }
+
+// SelectByUserId 根据用户ID获取角色信息
+func (r *SysRoleImpl) SelectByUserId(userId string) []model.SysRole {
+	querySql := r.selectSql + " where r.del_flag = '0' and ur.user_id = ?"
+	results, err := datasource.RawDB("", querySql, []any{userId})
+	if err != nil {
+		logger.Errorf("query err => %v", err)
+		return []model.SysRole{}
+	}
+	return r.convertResultRows(results)
+}
--- a/src/modules/system/repository/sys_user.go
+++ b/src/modules/system/repository/sys_user.go
@@ -30,4 +30,7 @@ type ISysUser interface {

 	// CheckUniqueUser 校验用户信息是否唯一
 	CheckUniqueUser(sysUser model.SysUser) string
+
+	// SelectByUserName 通过登录账号查询信息
+	SelectByUserName(userName, userType, userSource string) model.SysUser
 }
--- a/src/modules/system/repository/sys_user.impl.go
+++ b/src/modules/system/repository/sys_user.impl.go
@@ -16,7 +16,7 @@ import (
 // 实例化数据层 SysUserImpl 结构体
 var NewSysUserImpl = &SysUserImpl{
 	selectSql: `select 
-		u.user_id, u.dept_id, u.tenant_id, u.user_name, u.nick_name, u.user_type, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, 
+		u.user_id, u.dept_id, u.tenant_id, u.user_name, u.nick_name, u.user_type, u.user_source, u.email, u.avatar, u.phonenumber, u.password, u.sex, u.status, u.del_flag, u.login_ip, u.login_date, u.create_by, u.create_time, u.remark, 
 		d.dept_id, d.parent_id, d.ancestors, d.dept_name, d.order_num, d.leader, d.status as dept_status,
 		t.tenant_id, t.parent_id, t.ancestors, t.tenant_name, t.order_num, t.tenancy_type, t.tenancy_key, t.status as tenant_status,
 		r.role_id, r.role_name, r.role_key, r.role_sort, r.data_scope, r.status as role_status
@@ -33,6 +33,7 @@ var NewSysUserImpl = &SysUserImpl{
 		"user_name":   "UserName",
 		"nick_name":   "NickName",
 		"user_type":   "UserType",
+		"user_source": "UserSource",
 		"email":       "Email",
 		"phonenumber": "PhoneNumber",
 		"sex":         "Sex",
@@ -171,6 +172,14 @@ func (r *SysUserImpl) SelectUserPage(query map[string]any, dataScopeSQL string)
 		conditions = append(conditions, "u.phonenumber like concat(?, '%')")
 		params = append(params, v)
 	}
+	if v, ok := query["userType"]; ok && v != "" {
+		conditions = append(conditions, "u.user_type = ?")
+		params = append(params, v)
+	}
+	if v, ok := query["userSource"]; ok && v != "" {
+		conditions = append(conditions, "u.user_source = ?")
+		params = append(params, v)
+	}
 	beginTime, ok := query["beginTime"]
 	if !ok {
 		beginTime, ok = query["params[beginTime]"]
@@ -398,6 +407,32 @@ func (r *SysUserImpl) SelectUserByIds(userIds []string) []model.SysUser {
 	return r.convertResultRows(results)
 }

+// SelectByUserName 通过登录账号查询信息
+func (r *SysUserImpl) SelectByUserName(userName, userType, userSource string) model.SysUser {
+	item := model.SysUser{}
+	if userName == "" {
+		return item
+	}
+	if userType == "" {
+		userType = "System"
+	}
+	if userSource == "" {
+		userSource = "#"
+	}
+	querySql := r.selectSql + " where u.del_flag = '0' and u.user_name = ? and u.user_type = ? and u.user_source = ?"
+	results, err := datasource.RawDB("", querySql, []any{userName, userType, userSource})
+	if err != nil {
+		logger.Errorf("query err => %v", err)
+		return model.SysUser{}
+	}
+	// 转换实体
+	rows := r.convertResultRows(results)
+	if len(rows) > 0 {
+		return rows[0]
+	}
+	return item
+}
+
 // SelectUserByUserName 通过用户登录账号查询用户
 func (r *SysUserImpl) SelectUserByUserName(userName string) model.SysUser {
 	querySql := r.selectSql + " where u.del_flag = '0' and u.user_name = ?"
@@ -436,6 +471,9 @@ func (r *SysUserImpl) InsertUser(sysUser model.SysUser) string {
 	if sysUser.UserType != "" {
 		params["user_type"] = sysUser.UserType
 	}
+	if sysUser.UserSource != "" {
+		params["user_source"] = sysUser.UserSource
+	}
 	if sysUser.Avatar != "" {
 		params["avatar"] = sysUser.Avatar
 	}
@@ -509,6 +547,9 @@ func (r *SysUserImpl) UpdateUser(sysUser model.SysUser) int64 {
 	if sysUser.UserType != "" {
 		params["user_type"] = sysUser.UserType
 	}
+	if sysUser.UserSource != "" {
+		params["user_source"] = sysUser.UserSource
+	}
 	if sysUser.Avatar != "" {
 		params["avatar"] = sysUser.Avatar
 	}
@@ -582,6 +623,14 @@ func (r *SysUserImpl) CheckUniqueUser(sysUser model.SysUser) string {
 		conditions = append(conditions, "email = ?")
 		params = append(params, sysUser.Email)
 	}
+	if sysUser.UserType != "" {
+		conditions = append(conditions, "user_type = ?")
+		params = append(params, sysUser.UserType)
+	}
+	if sysUser.UserSource != "" {
+		conditions = append(conditions, "user_source = ?")
+		params = append(params, sysUser.UserSource)
+	}

 	// 构建查询条件语句
 	whereSql := ""
--- a/src/modules/system/service/sys_login_source.go
+++ b/src/modules/system/service/sys_login_source.go
@@ -0,0 +1,95 @@
+package service
+
+import (
+	"encoding/json"
+	"fmt"
+
+	"be.ems/src/framework/utils/generate"
+	"be.ems/src/modules/system/model"
+	"be.ems/src/modules/system/model/vo"
+	"be.ems/src/modules/system/repository"
+)
+
+// NewSysLoginSource 实例化服务层
+var NewSysLoginSource = &SysLoginSource{
+	sysLoginSourceRepository: repository.NewSysLoginSource,
+}
+
+// SysLoginSource 认证源 服务层处理
+type SysLoginSource struct {
+	sysLoginSourceRepository *repository.SysLoginSource // 认证源表
+}
+
+// FindByPage 分页查询
+func (s SysLoginSource) FindByPage(query map[string]string) ([]model.SysLoginSource, int64) {
+	return s.sysLoginSourceRepository.SelectByPage(query)
+}
+
+// FindById 查询ID
+func (s SysLoginSource) FindById(id int64) model.SysLoginSource {
+	rows := s.sysLoginSourceRepository.SelectByIds([]int64{id})
+	if len(rows) > 0 {
+		return rows[0]
+	}
+	return model.SysLoginSource{}
+}
+
+// Insert 新增
+func (s SysLoginSource) Insert(param model.SysLoginSource) int64 {
+	param.UID = generate.Code(8)
+	return s.sysLoginSourceRepository.Insert(param)
+}
+
+// Update 更新
+func (s SysLoginSource) Update(param model.SysLoginSource) int64 {
+	return s.sysLoginSourceRepository.Update(param)
+}
+
+// DeleteByIds 批量删除
+func (s SysLoginSource) DeleteByIds(ids []int64) (int64, error) {
+	// 检查是否存在
+	arr := s.sysLoginSourceRepository.SelectByIds(ids)
+	if len(arr) <= 0 {
+		// return 0, fmt.Errorf("没有权限访问认证源数据！")
+		return 0, fmt.Errorf("no permission to access authentication source data")
+	}
+	if len(arr) == len(ids) {
+		return s.sysLoginSourceRepository.DeleteByIds(ids), nil
+	}
+	// return 0, fmt.Errorf("删除认证源信息失败！")
+	return 0, fmt.Errorf("failed to delete authentication source information")
+}
+
+// FindByActive 查询激活
+func (s SysLoginSource) FindByActive(uid string) []model.SysLoginSource {
+	param := model.SysLoginSource{
+		ActiveFlag: "1",
+	}
+	if uid != "" {
+		param.UID = uid
+	}
+	return s.sysLoginSourceRepository.Select(param)
+}
+
+// CheckConfigJSON 检查配置JSON
+func (s SysLoginSource) CheckConfigJSON(sType, sConfig string) (string, error) {
+	var source any
+	switch sType {
+	case "LDAP":
+		source = new(vo.SysLoginSourceLDAP)
+	case "SMTP":
+		source = new(vo.SysLoginSourceSMTP)
+	case "OAuth2":
+		source = new(vo.SysLoginSourceOAuth2)
+	default:
+		return "", fmt.Errorf("unsupported login source type: %s", sType)
+	}
+	if err := json.Unmarshal([]byte(sConfig), &source); err != nil {
+		return "", fmt.Errorf("config json format error for %s type: %s", sType, err.Error())
+	}
+	configByte, err := json.Marshal(source)
+	if err != nil {
+		return "", fmt.Errorf("config json format error")
+	}
+	return string(configByte), nil
+}
--- a/src/modules/system/service/sys_user.go
+++ b/src/modules/system/service/sys_user.go
@@ -13,6 +13,11 @@ type ISysUser interface {
 	// SelectAllocatedPage 根据条件分页查询分配用户角色列表
 	SelectAllocatedPage(query map[string]any, dataScopeSQL string) map[string]any

+	// FindByUserName 通过用户名查询用户信息
+	// userType 系统sys
+	// userSource 系统#
+	FindByUserName(userName, userType, userSource string) model.SysUser
+
 	// SelectUserByUserName 通过用户名查询用户
 	SelectUserByUserName(userName string) model.SysUser

--- a/src/modules/system/service/sys_user.impl.go
+++ b/src/modules/system/service/sys_user.impl.go
@@ -13,6 +13,8 @@ var NewSysUserImpl = &SysUserImpl{
 	sysUserRepository:     repository.NewSysUserImpl,
 	sysUserRoleRepository: repository.NewSysUserRoleImpl,
 	sysUserPostRepository: repository.NewSysUserPostImpl,
+	sysDeptRepository:     repository.NewSysDeptImpl,
+	sysRoleRepository:     repository.NewSysRoleImpl,
 }

 // SysUserImpl 用户 服务层处理
@@ -23,6 +25,10 @@ type SysUserImpl struct {
 	sysUserRoleRepository repository.ISysUserRole
 	// 用户与岗位服务
 	sysUserPostRepository repository.ISysUserPost
+	// 部门服务
+	sysDeptRepository repository.ISysDept
+	// 角色服务
+	sysRoleRepository repository.ISysRole
 }

 // SelectUserPage 根据条件分页查询用户列表
@@ -40,6 +46,30 @@ func (r *SysUserImpl) SelectAllocatedPage(query map[string]any, dataScopeSQL str
 	return r.sysUserRepository.SelectAllocatedPage(query, dataScopeSQL)
 }

+// FindByUserName 通过用户名查询用户信息
+// userType 系统sys
+// userSource 系统#
+func (s SysUserImpl) FindByUserName(userName, userType, userSource string) model.SysUser {
+	userinfo := s.sysUserRepository.SelectByUserName(userName, userType, userSource)
+	if userinfo.UserName != userName {
+		return userinfo
+	}
+	// 部门
+	deptInfo := s.sysDeptRepository.SelectById(userinfo.DeptID)
+	userinfo.Dept = deptInfo
+	// 角色
+	roleArr := s.sysRoleRepository.SelectByUserId(userinfo.UserID)
+	roles := make([]model.SysRole, 0)
+	roleIds := make([]string, 0)
+	for _, role := range roleArr {
+		roles = append(roles, role)
+		roleIds = append(roleIds, role.RoleID)
+	}
+	userinfo.Roles = roles
+	userinfo.RoleIDs = roleIds
+	return userinfo
+}
+
 // SelectUserByUserName 通过用户名查询用户
 func (r *SysUserImpl) SelectUserByUserName(userName string) model.SysUser {
 	return r.sysUserRepository.SelectUserByUserName(userName)
@@ -147,7 +177,9 @@ func (r *SysUserImpl) DeleteUserByIds(userIds []string) (int64, error) {
 // CheckUniqueUserName 校验用户名称是否唯一
 func (r *SysUserImpl) CheckUniqueUserName(userName, userId string) bool {
 	uniqueId := r.sysUserRepository.CheckUniqueUser(model.SysUser{
-		UserName: userName,
+		UserName:   userName,
+		UserType:   "System",
+		UserSource: "#",
 	})
 	if uniqueId == userId {
 		return true
@@ -159,6 +191,8 @@ func (r *SysUserImpl) CheckUniqueUserName(userName, userId string) bool {
 func (r *SysUserImpl) CheckUniquePhone(phonenumber, userId string) bool {
 	uniqueId := r.sysUserRepository.CheckUniqueUser(model.SysUser{
 		PhoneNumber: phonenumber,
+		UserType:    "System",
+		UserSource:  "#",
 	})
 	if uniqueId == userId {
 		return true
@@ -169,7 +203,9 @@ func (r *SysUserImpl) CheckUniquePhone(phonenumber, userId string) bool {
 // CheckUniqueEmail 校验email是否唯一
 func (r *SysUserImpl) CheckUniqueEmail(email, userId string) bool {
 	uniqueId := r.sysUserRepository.CheckUniqueUser(model.SysUser{
-		Email: email,
+		Email:      email,
+		UserType:   "System",
+		UserSource: "#",
 	})
 	if uniqueId == userId {
 		return true
--- a/src/modules/system/system.go
+++ b/src/modules/system/system.go
@@ -472,6 +472,35 @@ func Setup(router *gin.Engine) {
 			controller.NewSysLogLogin.Export,
 		)
 	}
+
+	// 第三方认证-配置认证源
+	sysLoginSource := controller.NewSysLoginSource
+	sysLoginSourceGroup := router.Group("/system/login-source")
+	{
+		sysLoginSourceGroup.GET("/list",
+			middleware.PreAuthorize(map[string][]string{"hasRoles": {"admin"}, "hasPerms": {"system:loginSource:list"}}),
+			sysLoginSource.List,
+		)
+		sysLoginSourceGroup.GET("/:id",
+			middleware.PreAuthorize(map[string][]string{"hasRoles": {"admin"}, "hasPerms": {"system:loginSource:query"}}),
+			sysLoginSource.Info,
+		)
+		sysLoginSourceGroup.POST("",
+			middleware.PreAuthorize(map[string][]string{"hasRoles": {"admin"}, "hasPerms": {"system:loginSource:add"}}),
+			collectlogs.OperateLog(collectlogs.OptionNew("log.operate.title.sysLoginSource", collectlogs.BUSINESS_TYPE_INSERT)),
+			sysLoginSource.Add,
+		)
+		sysLoginSourceGroup.PUT("",
+			middleware.PreAuthorize(map[string][]string{"hasRoles": {"admin"}, "hasPerms": {"system:loginSource:edit"}}),
+			collectlogs.OperateLog(collectlogs.OptionNew("log.operate.title.sysLoginSource", collectlogs.BUSINESS_TYPE_UPDATE)),
+			sysLoginSource.Edit,
+		)
+		sysLoginSourceGroup.DELETE("/:id",
+			middleware.PreAuthorize(map[string][]string{"hasRoles": {"admin"}, "hasPerms": {"system:loginSource:remove"}}),
+			collectlogs.OperateLog(collectlogs.OptionNew("log.operate.title.sysLoginSource", collectlogs.BUSINESS_TYPE_DELETE)),
+			sysLoginSource.Remove,
+		)
+	}
 }

 // InitLoad 初始参数