#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR is a regular update for Spring Boot. See https://github.com/spring-projects/spring-boot/releases/tag/v3.5.5 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.5.5
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR allows ListResult to be deserialized with JSON. So we can resolve ListResult response of APIs correctly.
#### Does this PR introduce a user-facing change?
```release-note
None
```
* Add 'hidden' field to comment and reply requests
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Add support for filtering comments with hidden
* Specify hidden=false and approved=true for anonymous users
* Set default hidden flag only if null in comments
* Add 'private reply' option to comment modals
* Add private tag for hidden comments and replies
* Allow hiding comments only
* Enhance comment visibility logic to allow owners to view hidden comments
* Remove hidden input for reply form
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Refine i18n
Signed-off-by: Ryan Wang <i@ryanc.cc>
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: John Niang <johnniang@foxmail.com>
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.21.x
#### What this PR does / why we need it:
This PR optimizes SEO tag generation with the following changes:
1. Site description and keywords settings now only apply to the homepage and are no longer inserted on other pages.
2. Added meta description tags for category archive pages, using the category description as content.
3. Improved the help text descriptions for SEO options in system settings.
#### Which issue(s) this PR fixes:
Fixes#7662
#### Does this PR introduce a user-facing change?
```release-note
优化页面的 SEO 标签的生成
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR fixes the internal check of selector converter `NotEquals`, which might lead to failing check of `metadata.name!=1`.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7666
#### Does this PR introduce a user-facing change?
```release-note
修复极端场景下无法检查文章别名是否存在的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR refactors posts query to reduce database queries significantly.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7593
Supersedes https://github.com/halo-dev/halo/pull/7644
#### Does this PR introduce a user-facing change?
```release-note
优化首页、归档页加载速度
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.21.x
#### What this PR does / why we need it:
This PR fixes the problem of starting synchronizer multiple times while configuring multiple workers.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
#### What this PR does / why we need it:
This PR adds UserLoginEvent and UserLogoutEvent which are shared to plugins.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7436
#### Does this PR introduce a user-facing change?
```release-note
添加用户登录/登出事件
```
#### What type of PR is this?
/kind improvement
#### What this PR does / why we need it:
过期的Spring @Component API
#### Which issue(s) this PR fixes:
Fixes#7431
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复 Unstructured Metadata 的 equals hashcode 排除 version,这可能是之前误操作提交的
ed50a0224d/api/src/main/java/run/halo/app/extension/Unstructured.java (L75)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors UserScopedPatHandlerImpl with PAT service to make PAT operations flexible.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adjusts the order of checking instance of ExecutorService and AutoCloseable interfaces. Because the ExecutorService extends AutoCloseable in Java 21. As a result, unit tests against the method won't be passed in Java 21.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
#### Which issue(s) this PR fixes:
Fixes#7204
#### Does this PR introduce a user-facing change?
```release-note
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
Replaces deprecated functions (`String defaultString(final String str, final String nullDefault)`) with its recommended alternatives
See 29ccc7665f/src/main/java/org/apache/commons/lang3/StringUtils.java (L1635) for more.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
自动生成摘要仅对内容变更时生效
see https://github.com/halo-dev/halo/issues/7193#issuecomment-2581699190 for more details
避免对资源造成浪费如 AI 摘要生成
#### Which issue(s) this PR fixes:
Fixes#7193
#### Does this PR introduce a user-facing change?
```release-note
自动生成摘要仅对内容发生变更时生效
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复文件类型限制能通过混合文件类型绕过检测的问题
参考:https://github.com/halo-dev/halo/security/advisories/GHSA-99mc-ch53-pqh9
#### Does this PR introduce a user-facing change?
```release-note
修复文件类型限制能通过混合文件类型绕过检测的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
#### Which issue(s) this PR fixes:
Fixes#6967
#### Does this PR introduce a user-facing change?
```release-note
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for hooking user creating. Plugin developers can define extension points of `UserPreCreatingHandler` and `UserPostCreatingHandler` to do something else.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中定义用户创建的前置和后置处理器
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复索引比较会因为全是 0 的字符串与其他字符串可能相等的问题
原因是遇到了全是 0 的字符串会因为跳过前导 0 的逻辑导致全部忽略了
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors sign up data binding using internal `bind` method in `ServerRequest` instead of binding my hand. It's more convenient and simpler.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
This PR exposes user and role services into plugins. Some authentication plugins may interact with users and users' roles.
#### Does this PR introduce a user-facing change?
```release-note
允许在插件中使用 UserService 和 RoleService
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
恢复 https://github.com/halo-dev/halo/pull/6846 中删除的 SystemSetting.AuthProvider#enabled 字段避免插件应用到了它可能会发生错误,将其标记为过时
#### Does this PR introduce a user-facing change?
```release-note
None
```
* refactor: auth provider sorting logic for better maintainability and clarity
* Refine UI
* chore: remove other auth type
* Remove other auth providers
---------
Co-authored-by: Ryan Wang <i@ryanc.cc>
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR prevents caching from cache plugin for pre-auth pages and logout page.
#### Which issue(s) this PR fixes:
Fixes#6826
#### Special notes for your reviewer:
1. Install `Page Cache Plugin` from <https://www.halo.run/store/apps/app-BaamQ>.
2. Open a private browser window
3. Access login page twice
4. Try to login
5. See the result
#### Does this PR introduce a user-facing change?
```release-note
解决因缓存插件缓存登录页面导致无法登录的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
优化文件类型检测并支持根据文件名作为决策依据
#### Does this PR introduce a user-facing change?
```release-note
优化文件类型检测并支持根据文件名作为决策依据
```
#### What type of PR is this?
/kind feature
/milestone 2.20.x
/area core
#### What this PR does / why we need it:
支持用户在个人中心管理自己的附件(需要具有对应权限)
Fixes https://github.com/halo-dev/halo/issues/5278
#### Does this PR introduce a user-facing change?
```release-note
支持用户在个人中心管理自己的附件(需要具有对应权限)
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR provides an endpoint for disconnecting user connection. After the user connection is disconnected, an event `UserConnectionDisconnectedEvent` will be published for plugins.
Now, OAuth2 plugin can simplify the authentication, binding and unbinding logic, please see the AuthProvider configuration snippet below:
```diff
spec:
authenticationUrl: /oauth2/authorization/github
- bindingUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/github
+ bindingUrl: /oauth2/authorization/github
- unbindUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/github
+ unbindUrl: /apis/uc.api.auth.halo.run/v1alpha1/user-connections/github/disconnect
```
Please note that, OAuth2 plugin can also define binding and unbinding endpoints by self.
#### Special notes for your reviewer:
OAuth2 test plugin:
[plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17184215/plugin-oauth2-1.0.4-SNAPSHOT.zip)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR add support for binding OAuth2 user automatically. So we can remove the user-binding page.
Please note that those changes may break the OAuth2 and SocialLogin plugins.
#### Special notes for your reviewer:
Build OAuth2 plugin from <https://github.com/halo-sigs/plugin-oauth2/pull/64> or use [plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17177592/plugin-oauth2-1.0.4-SNAPSHOT.zip) I built.
- Bind after logging in
1. Log in Halo with username and password method
2. Try to unbind OAuth2 user
3. Bind OAuth2 user again
- Initially bind without logging in
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to login page
3. Log in with username and password method
4. See the result of binding
- Log in with OAuth2 method after binding
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to uc page directly
#### Does this PR introduce a user-facing change?
```release-note
支持自动绑定 OAuth2 登录用户
```
#### What type of PR is this?
/kind feature
/area plugin
#### What this PR does / why we need it:
This PR provides an interface ElementTagProcessor to make plugin handle element tag easily. e.g.:
```java
public class ImgTagProcessor implements ElementTagPostProcessor {
@Override
public Mono<Void> process(ITemplateContext context, IProcessableElementTag tag,
IElementTagStructureHandler structureHandler) {
var elementName = tag.getElementDefinition().getElementName();
if (!Objects.equals("img", elementName.getElementName())) {
return Mono.empty();
}
var srcAttr = tag.getAttribute("src");
if (srcAttr == null) {
return Mono.empty();
}
var newSrc = srcAttr.getValue();
// TODO rewrite src
structureHandler.setAttribute("src", newSrc);
return Mono.empty();
}
}
```
After PR merged, plugins https://github.com/webp-sh/halo-plugin-webp-cloud and https://github.com/guqing/plugin-cloudinary can be refined with new method.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中操作渲染结果
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
Currently, we are refactoring login and logout pages to make them extensible. If plugins want to realize a new authentication method, the CryptoService and RateLimiterRegistry may be used to authenticate.
So this PR exposes the two beans to plugins. No side effect will be introduced.
#### Does this PR introduce a user-facing change?
```release-note
【开发相关】允许在插件使用 CryptoService 和 RateLimiterRegistry
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
重构 KeyComparator 并通过更多的测试用例来确保排序功能的正确性
同时修复了可能存在溢出导致比较结果不正确的问题,目前:
1. 字符串长度比较:在 compareStrings 方法中,字符串的长度比较使用 Integer.compare,这部分代码不会产生整数溢出问题。
2. 数字部分的比较:在 compareNumbers 方法中,数字的比较是基于字符比较的(即逐位比较每个数字字符),没有涉及到将数3. 字字符串转化为 int 或 long 类型的操作,所以不会存在整数溢出问题。
4. 处理小数部分的比较:在 compareDecimalNumbers 方法中,类似地,比较操作也是基于字符的,不涉及到数值转换,因此也不存在整数溢出问题
#### Which issue(s) this PR fixes:
Fixes#6466
#### Does this PR introduce a user-facing change?
```release-note
修复由于索引比较时可能出现整数溢出导致文章偶尔无法访问的问题
```
#### What type of PR is this?
/kind cleanup
/kind improvement
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
This PR refactors some requests with sort parameter by reusing SortableRequest, and refactors some queries with indexer.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind api-change
/kind feature
/area core
#### What this PR does / why we need it:
see #2335
增加将第三方资源转存为附件资源的接口。
`/apis/api.console.halo.run/v1alpha1/attachments/-/upload-from-url`
UC:
`/apis/uc.api.content.halo.run/v1alpha1/attachments/-/upload-from-url`
其中参数为
```json
{
"url": "string",
"filename": "string",
"groupName": "string",
"policyName": "string"
}
```
#### How to test it?
测试能否将第三方接口的资源保存至附件中。
测试各类附件,例如图片、视频、文本等。
#### Does this PR introduce a user-facing change?
```release-note
增加通过链接转存第三方资源至附件库的接口
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR refactors searching roles by using index mechanism to speed up every request and fix the problem of not being able to grant roles to users sometimes.
#### Which issue(s) this PR fixes:
Fixes#5807
Fixes https://github.com/halo-dev/halo/issues/4954
Fixes https://github.com/halo-dev/halo/issues/5057
#### Does this PR introduce a user-facing change?
```release-note
修复有时无法给用户赋权限的问题
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR allows users to filter search result by types, owner names, category names and tag names.
#### Does this PR introduce a user-facing change?
```release-note
完善搜索引擎过滤功能
```
John Niang