#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
注册表单发送邮箱验证码时,支持显示来自后端的异常。
<img width="693" alt="image" src="https://github.com/user-attachments/assets/78d1d793-7673-4442-9b0b-1eb7c4d91ebd">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复首次初始化之后,个人中心使用的附件存储策略没有默认值的问题。
#### Which issue(s) this PR fixes:
Fixes#6834
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复初始化登录之后,没有正确重定向到 /console 的问题。
#### Which issue(s) this PR fixes:
Fixes#6850
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR fills operation ID while building setup route to prevent errors when generating OpenAPI docs.
```java
2024-10-13T22:09:46.997+08:00 ERROR 68966 --- [ parallel-4] a.w.r.e.AbstractErrorWebExceptionHandler : [88654f05-3] 500 Server Error for HTTP GET "/v3/api-docs/apis_aggregated.api_v1alpha1"
java.lang.IllegalStateException: You should either fill, the Operation or at least the bean class and the bean method
at org.springdoc.core.fn.builders.operation.Builder.build(Builder.java:467) ~[springdoc-openapi-starter-common-2.6.0.jar:2.6.0]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/milestone 2.20.x
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
忽略预设插件安装时的错误避免无法初始化
可能因为没有预先 download 预设插件到项目目录而发生 IO 异常影响初始化流程
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复竖向图片生成缩略图后会丢失方向信息展示为横向图片的问题
#### Which issue(s) this PR fixes:
Fixes#6802
#### Does this PR introduce a user-facing change?
```release-note
修复竖向图片生成缩略图后会丢失方向信息展示为横向图片的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR preserves `remember-me` option after authentication failure.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6835
#### Special notes for your reviewer:
1. Go to login page
2. Input invalid username or password and select `remember-me` option
3. Click `Login` button
4. See the result
#### Does this PR introduce a user-facing change?
```release-note
修复登录失败后记住我选项被重置的问题
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
优化登录等页面的 UI,主要优化低分屏下的 UI 表现,防止元素过大。
#### Does this PR introduce a user-facing change?
```release-note
优化登录等页面的 UI,优化低分屏下的 UI 表现,防止元素过大。
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR makes users not be able to configure a invalid external URL like `https:www/halo.run` even if it is an valid URL format.
#### Which issue(s) this PR fixes:
Fixes#6837
#### Does this PR introduce a user-facing change?
```release-note
修复可配置无效的外部访问地址的问题
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
提升登录页面的可访问性。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds globalInfo data into logout template model.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6821
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR disables CSRF protection for actuator endpoints because they are not state-changing operations.
#### Which issue(s) this PR fixes:
Fixes#6827
#### Special notes for your reviewer:
Try to restore Halo.
#### Does this PR introduce a user-facing change?
```release-note
修复恢复备份后无法自动重启的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR prevents caching from cache plugin for pre-auth pages and logout page.
#### Which issue(s) this PR fixes:
Fixes#6826
#### Special notes for your reviewer:
1. Install `Page Cache Plugin` from <https://www.halo.run/store/apps/app-BaamQ>.
2. Open a private browser window
3. Access login page twice
4. Try to login
5. See the result
#### Does this PR introduce a user-facing change?
```release-note
解决因缓存插件缓存登录页面导致无法登录的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds globalInfo into template models and refactors password reset to adapt data binding.
Fixes https://github.com/halo-dev/halo/issues/6821
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复不能正常显示邮箱验证提示的问题。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
重置密码跳转到登录页面之后,在顶部添加重置成功的提示。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
优化登录页面的 UI。
<img width="1910" alt="image" src="https://github.com/user-attachments/assets/736b1f72-e7c1-4c19-a0d9-dc935c738931">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
优化校验提示信息根据用户选择的语言代替 `Locale#getDefault()#getLanguage()`
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR supports redirecting to URI with fragment. e.g.: <http://localhost:8090/login?redirect_uri=%2F%23afragment>(redirect_uri is `/#afragment`).
#### Which issue(s) this PR fixes:
Fixes#6767
#### Special notes for your reviewer:
1. Request <http://localhost:8090/login?redirect_uri=%2F%23afragment>
2. Log in
3. See the redirection
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
模板 head 和 footer 标签注入功能忽略错误页面避免当扩展发生错误时导致错误页面无法显示
#### Which issue(s) this PR fixes:
Fixes#6500 , #6750
#### Does this PR introduce a user-facing change?
```release-note
代码注入功能忽略对错误页面和登录注册等页面的注入
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
优化退出登录页面的 UI。
<img width="568" alt="image" src="https://github.com/user-attachments/assets/dd3b405b-e200-478a-ba87-b0d474e6ee1f">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
为注册用户增加用户名和密码长度校验
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
优化文件类型检测并支持根据文件名作为决策依据
#### Does this PR introduce a user-facing change?
```release-note
优化文件类型检测并支持根据文件名作为决策依据
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
重构登录、注册相关的模板结构,主要目的是为了解耦,修改页面时仅修改相关的模板和语言文件。
重构之后主题的引用方式如下:
login.html
```html
<div th:replace="~{gateway_fragments/login::form}"></div>
```
#### Special notes for your reviewer:
需要测试各个页面是否功能正常
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
完善部分表单的确定密码校验。
1. 封装单独的校验函数。
2. 完善 i18n。
<img width="676" alt="image" src="https://github.com/user-attachments/assets/af8a4edc-d6ba-419f-b7ba-baa9d488186d">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
Currently, logout page is always visible for anyone whether the user is authenticated. This PR restricts the visibility of logout page to authenticated users but anonymous users.
#### Special notes for your reviewer:
```bash
> http http://localhost:8090/logout
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Expires: 0
Location: /login?authentication_required
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
content-length: 0
```
#### Does this PR introduce a user-facing change?
```release-note
修复未登录情况下依然能够访问登出页面的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复当用户通知偏好设置中出现不存在的通知器名称时会导致 NPE 的问题
此问题可能发生在,通知器由插件或者专业版提供并且修改了偏好设置后禁用了插件或切换到开源版导致找不到该通知器的记录
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors password reset for extensibility. If we want to add another password reset method, first thing we need to do is adding a new password reset method into `halo.security.password-reset-methods[]` and then defining PasswordResetAvailabilityProvider bean.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
在提交登录表单时,不在密码框中显示加密文本。
#### Which issue(s) this PR fixes:
Fixes#6799
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR makes XOR operation for CSRF token and changes the CSRF cookie `HttpOnly` to `true` to forbid JavaScript from accessing the cookie.
See https://docs.spring.io/spring-security/reference/servlet/exploits/csrf.html#csrf-token-request-handler-breach for more details.
#### Special notes for your reviewer:
```bash
http http://localhost:8090/login -ph
HTTP/1.1 200 OK
set-cookie: XSRF-TOKEN=6d5dd83f-f0a7-4d94-a33e-73f213d679ff; Path=/; HTTPOnly
```
```bash
http http://localhost:8090/login -pb | grep _csrf
><input type="hidden" name="_csrf" value="ctubmrEC3dAbxC5H_k_-VnVUtih2BrfjcPfLmVAyaP0a1kAdEb-t_IcwuLM29B11yGLKNRQxm0lFZILOFZX-_GcHWJ974iR5"/>
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.20.x
/area core
#### What this PR does / why we need it:
支持用户在个人中心管理自己的附件(需要具有对应权限)
Fixes https://github.com/halo-dev/halo/issues/5278
#### Does this PR introduce a user-facing change?
```release-note
支持用户在个人中心管理自己的附件(需要具有对应权限)
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复注册时,不能正常显示用户名重复的错误的问题。
<img width="666" alt="image" src="https://github.com/user-attachments/assets/bef83af1-ab9d-4c84-8c3e-0d4f8a6892f3">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR changes the redirect URI to `/uc` instead of `/console` after authenticating successfully.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
更新默认主题的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
优化重置密码表单的错误提示样式。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复注册页面的 JS 错误。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
升级预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR changes server.forward-header-strategy to native instead of framework due to a bug of Spring Framework 6.20.0-RC.1.
See https://github.com/spring-projects/spring-framework/pull/32097#discussion_r1791264218 for more.
If Halo server is proxied by OpenResty which is using HTTP 2, all header names proxied into Halo server will be lowercase. This behavior makes Halo get a null header(e.g.:: `content-type: application/json`) while invoking `request.getHeaders().getContentType()`.
And I found that `ServerHttpRequest` is mutated by `org.springframework.web.server.adapter.ForwardedHeaderTransformer`, so I try to use native forward-header-strategy to resolve the problem and it works very well. See [reactor.netty.http.server.DefaultHttpForwardedHeaderHandler](446683826b/reactor-netty-http/src/main/java/reactor/netty/http/server/DefaultHttpForwardedHeaderHandler.java) for more.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR separates authorization exchange customization into security configurers. I also define the annotations `@Order` on every security configurer in order to customize authorization exchange in separated source file instead of modifying existing.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
完善登录方式选择按钮的 i18n。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6759
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
Fixes https://github.com/halo-dev/halo/issues/6760
重构登录、注册、找回密码、两步验证等模板的结构,提供更好的复用性,现在主题可以这样复用模板:
login.html
```html
<form th:replace="~{gateway_modules/form_fragments::login}"></form>
```
signup.html
```html
<form th:replace="~{gateway_modules/form_fragments::signup}"></form>
```
challenges/two-factor/totp.html
```html
<form th:replace="~{gateway_modules/form_fragments::totp}"></form>
```
#### Special notes for your reviewer:
需要测试各个页面是否功能正常
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
/sig docs
#### What this PR does / why we need it:
修复恢复备份后可能会因为与之前的数据冲突导致无法启动的问题
如果恢复时发生不可预知的错误,需要重启之后重新初始化再进行恢复
#### Which issue(s) this PR fixes:
Fixes#6672
#### Does this PR introduce a user-facing change?
```release-note
修复恢复备份后可能会因为与恢复之前存在的数据冲突导致无法启动的问题
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
为系统默认的存储策略添加保护措施,不允许删除。
<img width="893" alt="image" src="https://github.com/user-attachments/assets/990f834f-3d97-4ee8-9c24-01cc188b7be6">
#### Does this PR introduce a user-facing change?
```release-note
为系统默认的存储策略添加保护措施,不允许删除。
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
备份时排除全文索引目录 indices,防止恢复之后因为索引文件问题无法启动。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6443
#### Does this PR introduce a user-facing change?
```release-note
备份时排除全文索引目录 indices,防止恢复之后因为索引文件问题无法启动。
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
微调登录相关页面的样式。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds [a Gradle plugin ](https://github.com/ben-manes/gradle-versions-plugin)to discover dependency updates.
```bash
❯ ./gradlew dependencyUpdates -Drevision=release
> Task :api:dependencyUpdates
------------------------------------------------------------
:api Project Dependency Updates (report to plain text file)
------------------------------------------------------------
The following dependencies are using the latest release version:
- com.github.ben-manes.caffeine:caffeine:3.1.8
- com.github.java-json-tools:json-patch:1.13
- com.j256.two-factor-auth:two-factor-auth:1.3
- io.asyncer:r2dbc-mysql:1.3.0
- io.github.java-diff-utils:java-diff-utils:4.12
- io.github.resilience4j:resilience4j-reactor:2.2.0
- io.github.resilience4j:resilience4j-spring-boot3:2.2.0
- io.projectreactor:reactor-test:3.7.0-M6
- io.r2dbc:r2dbc-h2:1.0.0.RELEASE
- io.seruco.encoding:base62:0.1.3
- org.apache.commons:commons-lang3:3.17.0
- org.imgscalr:imgscalr-lib:4.2
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.mariadb:r2dbc-mariadb:1.2.2
- org.openapi4j:openapi-schema-validator:1.0.7
- org.pf4j:pf4j:3.12.0
- org.postgresql:postgresql:42.7.4
- org.postgresql:r2dbc-postgresql:1.0.5.RELEASE
- org.projectlombok:lombok:1.18.30
- org.springdoc:springdoc-openapi-starter-webflux-ui:2.6.0
- org.springframework.boot:spring-boot-starter-actuator:3.4.0-M3
- org.springframework.boot:spring-boot-starter-cache:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-jpa:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-r2dbc:3.4.0-M3
- org.springframework.boot:spring-boot-starter-mail:3.4.0-M3
- org.springframework.boot:spring-boot-starter-security:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.boot:spring-boot-starter-thymeleaf:3.4.0-M3
- org.springframework.boot:spring-boot-starter-validation:3.4.0-M3
- org.springframework.boot:spring-boot-starter-webflux:3.4.0-M3
- org.springframework.integration:spring-integration-core:6.4.0-M3
- org.springframework.security:spring-security-oauth2-client:6.4.0-M4
- org.springframework.security:spring-security-oauth2-jose:6.4.0-M4
- org.springframework.security:spring-security-oauth2-resource-server:6.4.0-M4
- org.springframework.security:spring-security-test:6.4.0-M4
- org.springframework.session:spring-session-core:3.4.0-M2
- org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.2.RELEASE
The following dependencies have later release versions:
- com.google.guava:guava [32.0.1-jre -> 33.3.1-jre]
https://github.com/google/guava
- net.bytebuddy:byte-buddy [1.15.1 -> 1.15.3]
https://bytebuddy.net
- org.apache.lucene:lucene-analysis-common [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-backward-codecs [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-core [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-highlighter [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-queryparser [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.tika:tika-core [2.9.2 -> 3.0.0-BETA2]
https://tika.apache.org/
- org.jsoup:jsoup [1.15.3 -> 1.18.1]
https://jsoup.org/
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
> Task :application:dependencyUpdates
------------------------------------------------------------
:application Project Dependency Updates (report to plain text file)
------------------------------------------------------------
The following dependencies are using the latest release version:
- com.puppycrawl.tools:checkstyle:9.3
- io.projectreactor:reactor-test:3.7.0-M6
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.springframework:spring-context-indexer:6.2.0-RC1
- org.springframework.boot:spring-boot-configuration-processor:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.security:spring-security-test:6.4.0-M4
- org.webjars.npm:jsencrypt:3.3.2
- org.webjars.npm:normalize.css:8.0.1
The following dependencies have later release versions:
- org.projectlombok:lombok [1.18.30 -> 1.18.34]
https://projectlombok.org
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
For more on this, please refer to https://docs.gradle.org/8.10.2/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.
BUILD SUCCESSFUL in 1s
9 actionable tasks: 2 executed, 7 up-to-date
```
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR make authenticated users redirect to user center if they are trying to access login and signup pages.
#### Special notes for your reviewer:
1. Log in Halo
2. Try to request <http://localhost:8090/login> or <http://localhost:8090/signup>.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR provides an endpoint for disconnecting user connection. After the user connection is disconnected, an event `UserConnectionDisconnectedEvent` will be published for plugins.
Now, OAuth2 plugin can simplify the authentication, binding and unbinding logic, please see the AuthProvider configuration snippet below:
```diff
spec:
authenticationUrl: /oauth2/authorization/github
- bindingUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/github
+ bindingUrl: /oauth2/authorization/github
- unbindUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/github
+ unbindUrl: /apis/uc.api.auth.halo.run/v1alpha1/user-connections/github/disconnect
```
Please note that, OAuth2 plugin can also define binding and unbinding endpoints by self.
#### Special notes for your reviewer:
OAuth2 test plugin:
[plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17184215/plugin-oauth2-1.0.4-SNAPSHOT.zip)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/milestone 2.20.x
/area core
/kind improvement
#### What this PR does / why we need it:
允许通过 `halo.security.basic-auth.disabled=true` 配置来禁用 Basic Auth 认证
#### Which issue(s) this PR fixes:
Fixes#5408
#### Does this PR introduce a user-facing change?
```release-note
允许通过 `halo.security.basic-auth.disabled=true` 配置来禁用 Basic Auth 认证,在 2.20 版本生产环境下默认禁用了 Basic Auth
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
备份时忽略缩略图目录
#### Which issue(s) this PR fixes:
Fixes#6717
#### Does this PR introduce a user-facing change?
```release-note
备份时忽略缩略图目录以减少文件大小
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR add support for binding OAuth2 user automatically. So we can remove the user-binding page.
Please note that those changes may break the OAuth2 and SocialLogin plugins.
#### Special notes for your reviewer:
Build OAuth2 plugin from <https://github.com/halo-sigs/plugin-oauth2/pull/64> or use [plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17177592/plugin-oauth2-1.0.4-SNAPSHOT.zip) I built.
- Bind after logging in
1. Log in Halo with username and password method
2. Try to unbind OAuth2 user
3. Bind OAuth2 user again
- Initially bind without logging in
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to login page
3. Log in with username and password method
4. See the result of binding
- Log in with OAuth2 method after binding
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to uc page directly
#### Does this PR introduce a user-facing change?
```release-note
支持自动绑定 OAuth2 登录用户
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds confirmPassword field into SignUpData for validation. So the signup page can be rendered correctly.
See https://github.com/halo-dev/halo/issues/6718 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6718
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
完善新登录相关页面的多语言资源文件。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6721
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
移除在 Edge 浏览器中,为密码输入框添加显示密码明文按钮。
<img width="406" alt="image" src="https://github.com/user-attachments/assets/49801c25-d8dc-46db-9cba-302653af1951">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
将索引构建状态添加到就绪检测的指标中
#### Which issue(s) this PR fixes:
Fixes#6632
#### Does this PR introduce a user-facing change?
```release-note
将索引构建状态添加到就绪检测的指标中以优化就绪时访问出现索引不可用的问题
```
#### What type of PR is this?
/milestone 2.20.x
/area core
#### What this PR does / why we need it:
将内容管理相关的数据更新类归档到 content 包下,如访问量和评论量统计
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复文章封面图链接包含空格时主题端会因为生成缩略图错误而无法访问的问题
这是由于 URI string 中包含空格无法创建 URI 对象,目前将忽略这种非法参数,如果生成失败则直接返回原始 URI string
#### Which issue(s) this PR fixes:
Fixes#6690
#### Does this PR introduce a user-facing change?
```release-note
修复文章封面图链接包含空格时主题端会因为生成缩略图错误而无法访问的问题
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR registers a ServerWebExchangeContextFilter to make ServerWebExchange available under ContextView. The usage example is as follows:
```java
Mono.deferContextual(contextView -> {
var exchange = ServerWebExchangeContextFilter.getExchange(contextView);
assertTrue(exchange.isPresent());
return mono;
})
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复文件上传时类型校验失效的问题
此问题由 #6390 导致
#### Does this PR introduce a user-facing change?
```release-note
修复文件上传时类型校验失效的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR upgrades to [Spring Boot 3.4.0-M3](https://github.com/spring-projects/spring-boot/releases/tag/v3.4.0-M3).
1. Fix the compilation error of OptimalPropertyAccess because the class has been privated in [this commit](b431594021).
2. Fix exception `org.mockito.exceptions.misusing.UnnecessaryStubbingException` for some unit tests after upgrading.
3. Replace deprecated annotations `@MockBean` and `@SpyBean` with `@MockitoBean` and `@MockitoSpyBean` respectively.
#### Does this PR introduce a user-facing change?
```release-note
升级 Spring Boot 至 3.4.0-M3
```
#### What type of PR is this?
/kind improvement
/area core
/area theme
#### What this PR does / why we need it:
This PR removes ReactivePropertyAccessor because it use `AstUtils#getPropertyAccessorsToTry` which is already hidden in [the commit](33fbd7141d (diff-deaf3517fbd66f40a8717877a8328dee0fb2581dfb6be487f327dc73ea33b5b5)). If we upgraded to Spring Boot 3.4.0-M3, the code in ReactivePropertyAccessor would be broken.
More importantly, I believe there is one issue with the current implementation although it can resolve the reactive issue.
- The PropertyAccessor modified the process flow of SPEL
This PR provides some wrappers to wrap existing PropertyAccessor and MethodResolver to evaluate reactive return value.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
Plugins can implement their own RouterFunctions and ControllerMappings, but those might expose root ApplicationContext for plugins, which is not expected.
So this PR fixes the insecure access to root ApplicationContext.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
This PR disables access to ApplicationContext using ITemplateContext.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds chunked transfer support for rendering templates, which means that the max memory used by rendering template will be max chunk size instead of size of rendering result.
Users can define the max chunk size like below:
```yaml
spring:
thymeleaf:
reactive:
maxChunkSize: 8KB # Setting to 0 will disable the chunked response.
```
#### Special notes for your reviewer:
1. Try to start Halo instance
2. Execute the command like below and see if the response headers contain `transfer-encoding: chunked`:
```bash
http http://localhost:8090/ -p h
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: en-CN
Content-Type: text/html
Expires: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
content-encoding: gzip
set-cookie: XSRF-TOKEN=1e677724-ce82-4b63-911c-f78b22cd9169; Path=/
transfer-encoding: chunked
```
#### Does this PR introduce a user-facing change?
```release-note
优化模板渲染时所需的内存
```
#### What type of PR is this?
/milestone 2.20.x
/area core
#### What this PR does / why we need it:
替换 Version 过时方法的引用为新 API
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.20.x
/area theme
#### What this PR does / why we need it:
主题支持通过 `${site.version}` 得到 Halo 版本号
#### Which issue(s) this PR fixes:
Fixes#6676
#### Does this PR introduce a user-facing change?
```release-note
主题支持通过 `${site.version}` 得到 Halo 版本号
```
#### What type of PR is this?
/kind feature
/area plugin
#### What this PR does / why we need it:
This PR provides an interface ElementTagProcessor to make plugin handle element tag easily. e.g.:
```java
public class ImgTagProcessor implements ElementTagPostProcessor {
@Override
public Mono<Void> process(ITemplateContext context, IProcessableElementTag tag,
IElementTagStructureHandler structureHandler) {
var elementName = tag.getElementDefinition().getElementName();
if (!Objects.equals("img", elementName.getElementName())) {
return Mono.empty();
}
var srcAttr = tag.getAttribute("src");
if (srcAttr == null) {
return Mono.empty();
}
var newSrc = srcAttr.getValue();
// TODO rewrite src
structureHandler.setAttribute("src", newSrc);
return Mono.empty();
}
}
```
After PR merged, plugins https://github.com/webp-sh/halo-plugin-webp-cloud and https://github.com/guqing/plugin-cloudinary can be refined with new method.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中操作渲染结果
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
If we are running Halo instance in machine with small memory available, the JS/CSS bundle might not be accessible.
This RP refactors generation of JS and CSS bundle with fixed buffer size rather than length of original resources.
```java
2024-09-02T15:01:27.667+08:00 WARN 62039 --- [boundedElastic-3] reactor.core.Exceptions : throwIfFatal detected a jvm fatal exception, which is thrown and logged below:
java.lang.OutOfMemoryError: Java heap space
at java.base/java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:64) ~[na:na]
at java.base/java.nio.ByteBuffer.allocate(ByteBuffer.java:363) ~[na:na]
at org.springframework.core.io.buffer.DefaultDataBuffer.allocate(DefaultDataBuffer.java:234) ~[spring-core-6.1.12.jar:6.1.12]
at org.springframework.core.io.buffer.DefaultDataBuffer.setCapacity(DefaultDataBuffer.java:196) ~[spring-core-6.1.12.jar:6.1.12]
at org.springframework.core.io.buffer.DefaultDataBuffer.ensureWritable(DefaultDataBuffer.java:228) ~[spring-core-6.1.12.jar:6.1.12]
at org.springframework.core.io.buffer.DefaultDataBuffer.write(DefaultDataBuffer.java:296) ~[spring-core-6.1.12.jar:6.1.12]
at org.springframework.core.io.buffer.DefaultDataBuffer.write(DefaultDataBuffer.java:289) ~[spring-core-6.1.12.jar:6.1.12]
at org.springframework.core.io.buffer.DefaultDataBuffer.write(DefaultDataBuffer.java:43) ~[spring-core-6.1.12.jar:6.1.12]
at run.halo.app.core.extension.service.impl.PluginServiceImpl.lambda$uglifyJsBundle$17(PluginServiceImpl.java:257) ~[classes/:na]
at run.halo.app.core.extension.service.impl.PluginServiceImpl$$Lambda$4661/0x000000c80214e298.accept(Unknown Source) ~[na:na]
at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onNext(FluxPeekFuseable.java:196) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxUsing$UsingFuseableSubscriber.onNext(FluxUsing.java:353) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxGenerate$GenerateSubscription.next(FluxGenerate.java:178) ~[reactor-core-3.6.9.jar:3.6.9]
at org.springframework.core.io.buffer.DataBufferUtils$ReadableByteChannelGenerator.accept(DataBufferUtils.java:1002) ~[spring-core-6.1.12.jar:6.1.12]
at org.springframework.core.io.buffer.DataBufferUtils$ReadableByteChannelGenerator.accept(DataBufferUtils.java:974) ~[spring-core-6.1.12.jar:6.1.12]
at reactor.core.publisher.FluxGenerate.lambda$new$1(FluxGenerate.java:58) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxGenerate$$Lambda$4155/0x000000c802069228.apply(Unknown Source) ~[na:na]
at reactor.core.publisher.FluxGenerate$GenerateSubscription.slowPath(FluxGenerate.java:271) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxGenerate$GenerateSubscription.request(FluxGenerate.java:213) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxUsing$UsingFuseableSubscriber.request(FluxUsing.java:320) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.request(FluxPeekFuseable.java:144) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxFlatMap$FlatMapInner.onSubscribe(FluxFlatMap.java:968) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onSubscribe(FluxPeekFuseable.java:178) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxUsing$UsingFuseableSubscriber.onSubscribe(FluxUsing.java:347) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxGenerate.subscribe(FluxGenerate.java:85) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxUsing.subscribe(FluxUsing.java:102) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.Flux.subscribe(Flux.java:8848) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxFlatMap$FlatMapMain.onNext(FluxFlatMap.java:430) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxHandleFuseable$HandleFuseableSubscriber.tryOnNext(FluxHandleFuseable.java:135) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxIterable$IterableSubscriptionConditional.slowPath(FluxIterable.java:664) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxIterable$IterableSubscriptionConditional.request(FluxIterable.java:623) ~[reactor-core-3.6.9.jar:3.6.9]
at reactor.core.publisher.FluxHandleFuseable$HandleFuseableSubscriber.request(FluxHandleFuseable.java:260) ~[reactor-core-3.6.9.jar:3.6.9]
2024-09-02T15:01:27.681+08:00 DEBUG 62039 --- [boundedElastic-3] a.w.r.e.AbstractErrorWebExceptionHandler : [131a559b-102] Resolved [OutOfMemoryError: Java heap space] for HTTP GET /apis/api.console.halo.run/v1alpha1/plugins/-/bundle.js
2024-09-02T15:01:27.681+08:00 ERROR 62039 --- [boundedElastic-3] a.w.r.e.AbstractErrorWebExceptionHandler : [131a559b-102] 500 Server Error for HTTP GET "/apis/api.console.halo.run/v1alpha1/plugins/-/bundle.js?v=1725260408176"
java.lang.OutOfMemoryError: Java heap space
at java.base/java.nio.HeapByteBuffer.<init>(HeapByteBuffer.java:64) ~[na:na]
```
#### Does this PR introduce a user-facing change?
```release-note
优化在内存紧张时 Console 端无法加载插件资源的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
删除 SubscriptionServiceIntegrationTest 类。因为当前测试类不经常性出错,暂时无法排查原因。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复 external-url 配置带了尾部斜杠导致邮件通知的查看通知链接无法访问的问题
#### Which issue(s) this PR fixes:
Fixes#6655
#### Does this PR introduce a user-facing change?
```release-note
修复 external-url 配置带了尾部斜杠导致邮件通知的查看通知链接无法访问的问题
```
#### What type of PR is this?
/kind feature
/area theme
/sig docs
/milestone 2.20.x
#### What this PR does / why we need it:
After this PR, we can define i18n message files next to the template file.
```yaml
i18n:
default.properties
templates:
index.html
index.properties # Higher properties than default.properties
index_zh.properties # Higher properties than index.properties
index_zh_CN.properties # Higher priority than index_zh.properties
```
It's convenient for plugins that define the template files.
See https://www.thymeleaf.org/doc/tutorials/3.1/usingthymeleaf.html#standard-message-resolver for more.
#### Does this PR introduce a user-facing change?
```release-note
支持在主题中通过 Thymeleaf 默认行为实现国际化
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support changing locale using query `language`. After passing the query, we will automatically respond a cookie `language` back to browser.
Please see the result below:
```bash
http http://localhost:8090/\?language\=zh-CN Accept:text/html -p h
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Content-Language: zh-CN
Content-Type: text/html
Expires: 0
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
content-encoding: gzip
content-length: 4765
set-cookie: language=zh-CN; Path=/; Secure
set-cookie: XSRF-TOKEN=f0f2c972-0024-4575-aef2-0609356b4757; Path=/
```
#### Does this PR introduce a user-facing change?
```release-note
支持利用参数 language 切换地域语言
```
#### What type of PR is this?
/kind improvement
/area theme
/milestone 2.20.x
#### What this PR does / why we need it:
This PR simplifies ThemeLocaleContextResolver by removing unused attributes.
In another PR <https://github.com/halo-dev/halo/pull/6647>, fixed locale resolution for query parameter `language`. This PR fixes locale resolution for cookie `language` as well.
Please see the results below:
```bash
http https://www.halo.run/ Cookie:language=zh-CN -p h
HTTP/1.1 200 OK
Content-Language: und
```
```bash
http http://localhost:8090 Cookie:language=zh-CN -p h
HTTP/1.1 200 OK
Content-Language: zh-CN
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
不允许回复未通过审核的评论
#### Does this PR introduce a user-facing change?
```release-note
禁止非管理员回复未通过审核的评论
```
#### What type of PR is this?
/kind bug
/area theme
/milestone 2.20.x
#### What this PR does / why we need it:
If we pass a query `language` while requesting index page, we will get the wrong header `Content-Language`. Please see the result below:
```bash
http https://www.halo.run/\?language\=zh-CN -p h
HTTP/1.1 200 OK
Content-Language: und
...
```
After fixing, we will get the right header `Content-Language`.
```bash
http http://localhost:8090/\?language\=zh-CN -p h
HTTP/1.1 200 OK
Content-Language: zh-CN
...
```
#### Does this PR introduce a user-facing change?
```release-note
修复主题端区域和语言解析错误的问题
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
Currently, we are refactoring login and logout pages to make them extensible. If plugins want to realize a new authentication method, the CryptoService and RateLimiterRegistry may be used to authenticate.
So this PR exposes the two beans to plugins. No side effect will be introduced.
#### Does this PR introduce a user-facing change?
```release-note
【开发相关】允许在插件使用 CryptoService 和 RateLimiterRegistry
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
优化根据 URI 生成缩略图时的请求头
1. 由于之前 attachment 的 permalink 是 `URI.toString` 会导致根据 permalink 索引查询附件可能由于编码问题无法查询到导致生成缩略图只能根据 URI 生成
2. 可能配置了 nginx 判断请求头不允许脚本请求如导致根据 URI 访问图片无法访问导致无法生成,如
```
if ($http_user agent ~*(python curlljava wget go-http-client httpclient okhttp)){
}
```
Fixes#6627
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR filters blank role name while granting roles for an user to prevent null role in permissions.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6604
#### Does this PR introduce a user-facing change?
```release-note
修复取消用户角色后无法正常渲染用户列表的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复 GIF 缩略图生成只会保留第一帧的问题
#### Which issue(s) this PR fixes:
Fixes#6596
#### Does this PR introduce a user-facing change?
```release-note
修复 GIF 缩略图生成只会保留第一帧的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
当生成缩略图时如果原图尺寸小于请求尺寸则返回原图以保持其质量
#### Which issue(s) this PR fixes:
Fixes#6579
#### Does this PR introduce a user-facing change?
```release-note
当生成缩略图时如果原图尺寸小于请求尺寸则返回原图以保持其质量
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR add keyword synchronized for methods `addOrUpdateDocuments`, `deleteDocuments` and `deleteAll` to ensure the write lock of Lucene is obtained only by one IndexWriter at the same time.
#### Which issue(s) this PR fixes:
Fixes#6569
#### Does this PR introduce a user-facing change?
```release-note
修复重启后无法搜索部分文档的问题
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.19.0
#### What this PR does / why we need it:
将缩略图生成的模式改为自动,速度优先会导致图片失真率较高,部分图片在 w1600 的尺寸下看起来会比较模糊。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
获取缩略图时检查缩略图链接是否可访问否则重定向到原图链接
#### Does this PR introduce a user-facing change?
```release-note
获取缩略图时检查缩略图链接是否可访问否则重定向到原图链接
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
For backward compatibility, the slug of single page should not be unique.
BTW, the problem was introduced by <https://github.com/halo-dev/halo/pull/6540>.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
优化评论和回复的逻辑并减少重复代码
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
修复 postFinder 的 list 排序参数不生效的问题
此问题由于 https://github.com/halo-dev/halo/pull/6531 导致
#### Which issue(s) this PR fixes:
Fixes#6534
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
This PR refactors LuceneSearchEngine to let IndexWriter and SearcherManager load lazily to prevent LockObtainFailedException from performing a rolling update.
#### Which issue(s) this PR fixes:
Fixes#6541
#### Special notes for your reviewer:
1. Use MySQL or PostgreSQL as database for Halo
2. Start an instance of Halo
3. Try to initialize Halo and search posts
4. Change the `server.port` and start another instance of Halo
5. Check the status of another instance
#### Does this PR introduce a user-facing change?
```release-note
修复滚动更新时无法启动新的 Halo 实例的问题
```
#### What type of PR is this?
/kind cleanup
/kind improvement
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
This PR refactors some requests with sort parameter by reusing SortableRequest, and refactors some queries with indexer.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
重命名缩略图大小的参数名以便和主题端 finder 用法保持一致
同时确保通过 encode 或者没有 encode 的 uri 都可以获取到缩略图
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.19.x
/area core
#### What this PR does / why we need it:
为 postFinder 添加一个统一参数的 list 方法并支持传递排序参数
Fixes https://github.com/halo-dev/halo/issues/4933
#### Does this PR introduce a user-facing change?
```release-note
为 postFinder 添加一个统一参数的 list 方法并支持传递排序参数
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
This PR corrects list options builder for listing aggregated roles, because I wrongly used the label selector in <https://github.com/halo-dev/halo/pull/6471>.
#### Special notes for your reviewer:
1. Try to install the plugin <https://www.halo.run/store/apps/app-YXyaD>
2. Enable the plugin and enable setting `匿名评论需要验证码`
3. **Anonymous** request any of posts with comment enabled
4. Check the captcha in comment area
#### Does this PR introduce a user-facing change?
```release-note
修复可能无法正常访问插件提供的接口的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
构建完索引后增加数据量一致性校验的步骤
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
升级预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind feature
/milestone 2.19.x
#### What this PR does / why we need it:
升级默认主题的版本为 [1.9.0](https://github.com/halo-dev/theme-earth/releases/tag/v1.9.0)。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
After merging https://github.com/halo-dev/halo/pull/6512 and https://github.com/halo-dev/halo/pull/6511, unit tests fail due to the changes of <05b73ceeec>.
This PR fixes the problem by letting `run.halo.app.infra.exception.handlers.ProblemDetailErrorAttributes` extend `org.springframework.boot.web.reactive.error.DefaultErrorAttributes`.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind api-change
/kind feature
/area core
#### What this PR does / why we need it:
see #2335
增加将第三方资源转存为附件资源的接口。
`/apis/api.console.halo.run/v1alpha1/attachments/-/upload-from-url`
UC:
`/apis/uc.api.content.halo.run/v1alpha1/attachments/-/upload-from-url`
其中参数为
```json
{
"url": "string",
"filename": "string",
"groupName": "string",
"policyName": "string"
}
```
#### How to test it?
测试能否将第三方接口的资源保存至附件中。
测试各类附件,例如图片、视频、文本等。
#### Does this PR introduce a user-facing change?
```release-note
增加通过链接转存第三方资源至附件库的接口
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
This PR refactors "Template Not Found Exception" into "NotFoundException" to prevent too many exception stacktraces in logs file.
#### Which issue(s) this PR fixes:
Fixes#6501
#### Special notes for your reviewer:
1. Activate default theme
2. Request <http://localhost:8090/categories>
3. See the result
#### Does this PR introduce a user-facing change?
```release-note
优化当主题模板找不到的异常提示
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
修复切换账号登录时设备信息更新不正确的问题
原因:
1. 使用 admin 账号登录,此时会记录 device_id 的 cookie
2. 退出登录,device_id 会保留在 cookie 中并随着新账号带到服务端
3. 服务端根据 device_id 查询当前设备是否有对应的记录,但是没有校验用户名是否与当前登陆的一致然后就去更新登录时间
4. 正确的处理是校验 device_id 是否有与之对应的记录并且用户名相同,如果不相同则认为是新设备重新生成 device_id
**how to test it?**
1. 先清理 cookie 然后使用一个账号登录
2. 退出登陆并切换新账号登录
3. 检查新登录的账号的设备信息是否正确
#### Does this PR introduce a user-facing change?
```release-note
修复切换账号登录时设备信息更新不正确的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
修复文章的上一篇下一篇链接包含了隐藏分类下的文章
#### Does this PR introduce a user-facing change?
```release-note
修复文章的上一篇下一篇链接包含了隐藏分类下的文章
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR refactors searching roles by using index mechanism to speed up every request and fix the problem of not being able to grant roles to users sometimes.
#### Which issue(s) this PR fixes:
Fixes#5807
Fixes https://github.com/halo-dev/halo/issues/4954
Fixes https://github.com/halo-dev/halo/issues/5057
#### Does this PR introduce a user-facing change?
```release-note
修复有时无法给用户赋权限的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
清理没有用到的索引
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
优化用户创建
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR allows users to filter search result by types, owner names, category names and tag names.
#### Does this PR introduce a user-facing change?
```release-note
完善搜索引擎过滤功能
```
#### What type of PR is this?
/milestone 2.19.x
/area core
/kind cleanup
#### What this PR does / why we need it:
删除对文章错误的索引声明
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
新增文章摘要生成扩展点用于扩展自动生成摘要的方式
#### Does this PR introduce a user-facing change?
```release-note
新增文章摘要生成扩展点用于扩展自动生成摘要的方式
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
修复保存系统配置时出现的 NPE 问题
此问题由于 PR #6346 导致
#### Which issue(s) this PR fixes:
Fixes#6416
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
This PR refines debug logs of listing all extensions.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
移除在 https://github.com/halo-dev/halo/pull/6403 中误推送的代码。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
插件启动时触发一次插件配置更新事件以便进行资源初始化操作
之前配置插件完后重启/升级插件无法监听到事件则不方便初始化资源需要通过再次监听插件启动事件来实现,现在改为插件启动时可以监听到
#### Does this PR introduce a user-facing change?
```release-note
插件启动时触发一次插件配置更新事件以便进行资源初始化操作
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.18.x
#### What this PR does / why we need it:
升级 tiptap 的相关依赖至 2.5.7。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
通过将 ExtensionGetter Bean 共享到给插件的 ApplicationContext,插件能够方便地使用该 Bean 来获取扩展。此更改确保插件具有可靠的扩展访问方式,从而促进系统内更好的模块化和可扩展性。
#### Which issue(s) this PR fixes:
Fixes#6357
#### Does this PR introduce a user-facing change?
```release-note
将 ExtensionGetter Bean 共享给插件使用,以便插件可以通过它来获取扩展
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.18.x
#### What this PR does / why we need it:
This PR checks if the plugin is already unloaded while getting dependents to fix the problem that plugins without jar file may not be deleted or not be enabled or disabled.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6072
#### Special notes for your reviewer:
1. Try to move plugins folder to another folder
2. Restart Halo
3. Try to change state of plugins or delete plugins directly
4. See the result
#### Does this PR introduce a user-facing change?
```release-note
修复在没有插件文件的情况下可能无法删除插件的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
This PR checks readable of theme resources while getting resources to prevent Halo from throwing FileNotFoundException.
#### Which issue(s) this PR fixes:
Fixes#6338
#### Special notes for your reviewer:
1. Try to request <https://www.halo.run/themes/fake-theme/assets/favicons/favicon-32x32.png>
2. See the result
#### Does this PR introduce a user-facing change?
```release-note
修复访问不存在的主题资源时出现服务器异常的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
This PR prevent remember-me token from updating after auto login.
#### Which issue(s) this PR fixes:
Fixes#6290
#### Does this PR introduce a user-facing change?
```release-note
修复“保持登录”可能失效的问题
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
更新预设插件版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
This PR fixes the problem of not being able to rebuild search index due to null description and updateTimestamp.
#### Which issue(s) this PR fixes:
Fixes#6317
#### Does this PR introduce a user-facing change?
```release-note
修复无法正常刷新搜索引擎的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
This PR simplifies RememberMeAuthenticationFilter by reusing AuthenticationWebFilter.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/area plugin
#### What this PR does / why we need it:
This PR adds `BeforeSecurityWebFilter` and `AfterSecurityWebFilter` extension points. See https://github.com/halo-sigs/plugin-page-cache/issues/4#issuecomment-2216677891 for more.
Now, we can do something before and after authenticating.
#### Does this PR introduce a user-facing change?
```release-note
添加认证授权的前置和后置处理器扩展点
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
设备管理去除 IP 地址检查以避免频繁登录
#### Does this PR introduce a user-facing change?
```release-note
设备管理去除 IP 地址检查以避免频繁登录
```
#### What type of PR is this?
/kind improvement
/area core
/kind api-change
/milestone 2.18.x
#### What this PR does / why we need it:
This PR makes ConcurrencyFailureException respond http status code 409 instead of 500.
#### Which issue(s) this PR fixes:
Fixes#6254
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
为了平滑升级先保留 PluginWrapper 的 Bean
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/area plugin
#### What this PR does / why we need it:
This PR supports obtaining plugins root in plugins. Below is an example in plugin:
```java
@Component
class PluginsRootGetterDemo {
private final PluginsRootGetter pluginsRootGetter;
PluginsRootGetterDemo(PluginsRootGetter pluginsRootGetter) {
this.pluginsRootGetter = pluginsRootGetter;
}
}
```
Meanwhile, I remove the `PluginProperties#pluginsRoot` for a clear way to obtain plugins root.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中获取插件根目录
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
This PR treats `ui/build/dist` as resource dir for application module to adapt building and running using IntelliJ IDEA.
How to use?
1. Build ui project by executing command `./gradlew :ui:build -x :ui:check`.
1. Create a `Run/Debug Configuration` with arguments `--spring.profiles.active=dev --halo.console.proxy.enabled=false --halo.uc.proxy.enabled=false`.
1. Go to `Settings | Build, Execution, Deployment | Build Tools | Gradle` and select `IntelliJ IDEA` for `Build and run using:`
1. Run/Debug the configuration
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
移除 BasePlugin 中已经过时的构造方法
在 2.6.1 版本中将 `BasePlugin(PluginWrapper wrapper)` 标记为过时并使用 `BasePlugin(PluginContext pluginContext)` 代替,现在已经过了很多版本,是时候移除它了。
see also #4023
#### Does this PR introduce a user-facing change?
```release-note
开发者相关:移除 BasePlugin 中已经过时的构造方法
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
清理已经过时很久的 yaml extension 声明
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
修复当插件入口文件的缓存目录被系统清理后会导致一直无法加载的问题
原问题复现步骤:
1. 登录后刷新页面,此时缓存目录被创建
2. 删除缓存目录后就会提示文件不存在然后导致插件入口文件一致无法加载直到重启 Halo
#### Which issue(s) this PR fixes:
Fixes#6226
#### Does this PR introduce a user-facing change?
```release-note
修复当插件入口文件的缓存目录被系统清理后会导致一直无法加载的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.0
#### What this PR does / why we need it:
This PR provides a configuration property to control whether two-factor authentication is disabled. e.g.:
```yaml
halo:
security:
two-factor-auth:
disabled: true | false # Default is false.
```
#### Which issue(s) this PR fixes:
Fixes#5640
#### Special notes for your reviewer:
1. Enable 2FA and configure TOTP
2. Disable 2FA by configuring property above
3. Restart Halo and try to login
#### Does this PR introduce a user-facing change?
```release-note
支持通过配置的方式全局禁用二步验证
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
提供对模板中 halo footer 标签内容的扩展点以支持扩展页脚内容
#### Which issue(s) this PR fixes:
Fixes#6189
#### Does this PR introduce a user-facing change?
```release-note
提供对模板中 halo footer 标签内容的扩展点以支持扩展页脚内容
```
#### What type of PR is this?
/kind feature
/area core
/area theme
/milestone 2.17.x
#### What this PR does / why we need it:
支持在主题中检查已启动的插件是否符合指定的版本要求,以便可以在某些功能可以正常工作时才渲染
示例
```html
<p th:if="${pluginFinder.available('plugin-search-widget', '>=2.3.0')}>
<!-- do something -->
</p>
```
#### Does this PR introduce a user-facing change?
```release-note
支持在主题中检查已启动的插件是否符合指定的版本要求
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.0
#### What this PR does / why we need it:
This PR adds missed type to HaloDocument while converting.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6235
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/area plugin
/milestone 2.17.0
#### What this PR does / why we need it:
This PR creates a SearchService and makes it invokable for plugins.
#### Special notes for your reviewer:
1. Create a plugin
2. Publish all publication into Maven local repository by executing `./gradlew publishAllPublicationsToMavenLocalRepository`
3. Use `2.17.0-SNAPSHOT` as dependency version and refresh dependencies
4. Try to use the SearchService to search something.
#### Does this PR introduce a user-facing change?
```release-note
为插件提供全文搜索服务
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
This PR add support for allowing plugin to listen the event that the plugin has started. Below is an example of listening the event in plugin:
```java
@EventListener
void onPluginStartedEvent(PluginStartedEvent event) {
// do something.
}
```
See https://github.com/halo-dev/halo/issues/5339#issuecomment-2199220068 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5339#issuecomment-2199220068
#### Special notes for your reviewer:
1. Create a plugin, add the listener above and write some logs
2. Build and install the plugin
3. Start plugin and see the logs you wrote
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中监听已启动事件
```
#### What type of PR is this?
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
由于2.17.0 修改了 listAll 的实现导致出现了不兼容 Sort 参数为 null 的情况,考虑到给开发者适应的时间因此先兼容并给出警告日志
see also #6219
#### Which issue(s) this PR fixes:
Fixes#6219
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
新增 LoginHandlerEnhancer 用于 Halo 扩展登录成功或失败后的处理逻辑如 RememberMe 和设备管理等
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.17.x
#### What this PR does / why we need it:
更新预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
This PR makes sure the method `cache#put` is called before the event is published to avoid the event listener to fetch the old value from the cache.
The problem was introduced by <https://github.com/halo-dev/halo/pull/6141>.
#### Which issue(s) this PR fixes:
Fixes#6213
#### Does this PR introduce a user-facing change?
```release-note
修复在插件配置变更监听器中始终获取到旧数据的问题
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
#### What this PR does / why we need it:
修复当启动插件遇到 Error 级别的错误时会导致 API 被挂起无法终止的问题
```
- Throwable
- Error
- Exception
```
see #6192 for more details
#### Which issue(s) this PR fixes:
Fixes#6192
#### Does this PR introduce a user-facing change?
```release-note
修复当启动插件遇到 Error 级别的错误时会导致 API 被挂起无法终止的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
修复文章关联或取消关联隐藏分类后显示不正确的问题
#### Which issue(s) this PR fixes:
Fixes#6194Fixes#6195
#### Does this PR introduce a user-facing change?
```release-note
修复文章关联或取消关联隐藏分类后显示不正确的问题
```
#### What type of PR is this?
/area core
/kind api-change
/milestone 2.17.x
#### What this PR does / why we need it:
移除内置的页面静态缓存功能,后续将由 https://github.com/halo-sigs/plugin-page-cache 插件提供。
#### Which issue(s) this PR fixes:
Fixes#5639
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
移除内置的页面静态缓存功能,后续由 https://github.com/halo-sigs/plugin-page-cache 插件提供。
```
#### What type of PR is this?
/kind bug
/area core
/area theme
/milestone 2.17.x
#### What this PR does / why we need it:
修复获取隐藏分类的面包屑路径不正确的问题
#### Which issue(s) this PR fixes:
Fixes#6197
#### Does this PR introduce a user-facing change?
```release-note
修复获取隐藏分类的面包屑路径不正确的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
In PR <https://github.com/halo-dev/halo/pull/6130>, I changed the api group of PAT and 2FA endpoints, but I forgot to change the corresponding role templates. So other users except admin will encounter 403 error like <https://github.com/halo-dev/halo/issues/6199>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6199
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.17.x
#### What this PR does / why we need it:
将扩展点定义和扩展点的描述文件改为简体中文。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
In <https://github.com/halo-dev/halo/pull/5386>, I marked ExtensionComponentsFinder as deprecated. Four months have passed, it's time to remove it.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind failing-test
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
This PR allows retrying to operate on posts when optimistic locking errors occur.
#### Which issue(s) this PR fixes:
Fixes#6186
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
优化触发 Extension Watch 方法(onAdd/onUpdate/onDelete)时的参数始终为真实类型避免使用时进行类型转换
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
为分类 Finder 提供获取指定节点的面包屑路径方法
#### Which issue(s) this PR fixes:
Fixes#3374
#### Does this PR introduce a user-facing change?
```release-note
为分类 Finder 提供获取指定节点的面包屑路径方法
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
Some users encountered 2FA required issue after upgrading Halo 2.16, because they enabled 2FA but didn't configure TOTP before. The issue was introduced by <https://github.com/halo-dev/halo/pull/6005>.
This PR checks if TOTP configured to determine whether 2FA is required.
#### Does this PR introduce a user-facing change?
```release-note
修复在没有配置 TOTP 验证器的情况下仍被要求二步验证的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
修复查询分类的排序条件拼写错误导致的错误
#### Which issue(s) this PR fixes:
Fixes#6171
#### Does this PR introduce a user-facing change?
```release-note
修复查询分类的排序条件拼写错误导致的错误
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
Use top-level interface `org.springframework.session.ReactiveFindByIndexNameSessionRepository` for being compatible with other session repositories.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6159
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area plugin
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
增强插件配置的缓存管理
1. 通过 SettingFetcher/ReactiveSettingFetcher 获取插件配置可以不在考虑获取数据的性能问题,当数据变更后会自动更新缓存
2. 现在你可以通过在插件中监听 `PluginConfigUpdatedEvent` 事件来做一些处理,它会在用户更改插件配置后被触发
#### Does this PR introduce a user-facing change?
```release-note
增强插件配置的缓存管理并支持通过监听 `PluginConfigUpdatedEvent` 事件做一些特殊处理
```
#### What type of PR is this?
/kind improvement
/kind api-change
/area core
#### What this PR does / why we need it:
This PR refactors ExtensionGetter implementation to add a support of enabling extension point(s). Here is an example of data field of `system` config map:
```json
{
"data": {
"extensionPointEnabled": "{ \"search-engine\": [\"search-engine-algolia\"]}"
},
```
> 1. The `search-engine` is a name of extension point definition.
> 2. The `search-engine-algolia` is a name of extension definition.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
此次变更为文章分类引入了一个新的 `preventParentPostCascadeQuery` 布尔属性,用于控制分类及其子分类下的文章显示方式。具体变更包括:
- 在分类结构中增加了 `preventParentPostCascadeQuery` 属性。
- 当分类的 `preventParentPostCascadeQuery` 属性设置为 `true` 时,该分类的文章数量不会汇总到父分类中。
- 更新了树结构遍历逻辑,以支持对 `preventParentPostCascadeQuery` 属性的处理。
- 确保独立分类中的文章显示受控,不向上级分类进行聚合。
- 增加了相应的测试用例,以验证在不同树结构中 `preventParentPostCascadeQuery` 属性的功能性。
#### Which issue(s) this PR fixes:
Fixes#5663Fixes#4923
Fixes https://github.com/halo-dev/halo/issues/3418
#### Does this PR introduce a user-facing change?
```release-note
新增独立分类选项用于控制关联的子分类下的文章显示以提供更灵活的内容管理方式
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
This PR adds patch method for all extensions API.
Patch example:
```bash
http -a admin:admin PATCH http://localhost:8090/apis/plugin.halo.run/v1alpha1/plugins/app-store-integration \
Content-Type:application/json-patch+json \
--raw='[{"op": "replace", "path": "/spec/enabled", "value": false}]'
```
#### Which issue(s) this PR fixes:
Fixes#2311
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
支持在分类上为关联的文章统一设置渲染模板
现在文章的模板生效顺序为:
1. 文章关联的分类上设置的文章模板,如果有多个则选择第一个
2. 文章上设置的自定义模板
3. 文章的默认模板
#### Which issue(s) this PR fixes:
Fixes#6101
#### Does this PR introduce a user-facing change?
```release-note
支持在分类上为关联的文章统一设置渲染模板
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
修复已验证邮箱可以重复的问题
如果出现多个重复的已验证邮箱,则只保留一个其他的设置为未验证
#### Does this PR introduce a user-facing change?
```release-note
修复已验证邮箱可以重复的问题
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
This PR enhance usage of SharedEvent annotation to add support for publishing events among plugins.
#### How to test?
1. Clone repository https://github.com/halo-dev/plugin-starter
2. Change build.gradle as following:
```gradle
dependencies {
implementation platform('run.halo.tools.platform:plugin:2.17.0-SNAPSHOT')
```
3. Change StarterPlugin as following:
```java
@Component
public class StarterPlugin extends BasePlugin {
private final ApplicationContext appContext;
public StarterPlugin(PluginContext pluginContext, ApplicationContext appContext) {
super(pluginContext);
this.appContext = appContext;
}
@Override
public void start() {
appContext.publishEvent(new PostDeletedEvent(this, "fake-plugin"));
}
@Override
public void stop() {
}
@EventListener(PostDeletedEvent.class)
public void onApplicationEvent(PostDeletedEvent event) {
System.out.println("Post deleted event received in plugin: " + event.getName());
}
}
```
4. Add a listener to Halo core
```java
@EventListener(PostDeletedEvent.class)
public void onApplicationEvent(PostDeletedEvent event) {
System.out.println("Post deleted event received in core: " + event.getName());
}
```
5. Build plugin and install plugin
6. Enable the plugin and see the result
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind regression
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
This PR reverts changes of generating bundle resource version in <https://github.com/halo-dev/halo/pull/6028>.
Because the changes were adapted realtime change of bundle files for plugin developers in plugin development runtime mode, but I ignored it.
#### Special notes for your reviewer:
1. Try to start Halo in plugin development mode
2. Change and rebuild ui resources
3. Refresh console and check the result
#### Does this PR introduce a user-facing change?
```release-note
None
```
johnniang
