#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
see https://github.com/halo-dev/halo/issues/7193#issuecomment-2581699190 for more details
避免对资源造成浪费如 AI 摘要生成
#### Which issue(s) this PR fixes:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
#### Which issue(s) this PR fixes:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for hooking user creating. Plugin developers can define extension points of `UserPreCreatingHandler` and `UserPostCreatingHandler` to do something else.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复索引比较会因为全是 0 的字符串与其他字符串可能相等的问题
原因是遇到了全是 0 的字符串会因为跳过前导 0 的逻辑导致全部忽略了
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors sign up data binding using internal `bind` method in `ServerRequest` instead of binding my hand. It's more convenient and simpler.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind feature
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
This PR exposes user and role services into plugins. Some authentication plugins may interact with users and users' roles.
#### Does this PR introduce a user-facing change?
允许在插件中使用 UserService 和 RoleService
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
恢复 https://github.com/halo-dev/halo/pull/6846 中删除的 SystemSetting.AuthProvider#enabled 字段避免插件应用到了它可能会发生错误,将其标记为过时
#### Does this PR introduce a user-facing change?
* refactor: auth provider sorting logic for better maintainability and clarity
* Refine UI
* chore: remove other auth type
* Remove other auth providers
Co-authored-by: Ryan Wang <i@ryanc.cc>
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
#### Which issue(s) this PR fixes:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR prevents caching from cache plugin for pre-auth pages and logout page.
#### Which issue(s) this PR fixes:
#### Special notes for your reviewer:
1. Install `Page Cache Plugin` from <https://www.halo.run/store/apps/app-BaamQ>.
2. Open a private browser window
3. Access login page twice
4. Try to login
5. See the result
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind feature
/milestone 2.20.x
/area core
#### What this PR does / why we need it:
Fixes https://github.com/halo-dev/halo/issues/5278
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds [a Gradle plugin ](https://github.com/ben-manes/gradle-versions-plugin)to discover dependency updates.
❯ ./gradlew dependencyUpdates -Drevision=release
> Task :api:dependencyUpdates
:api Project Dependency Updates (report to plain text file)
The following dependencies are using the latest release version:
- com.github.ben-manes.caffeine:caffeine:3.1.8
- com.github.java-json-tools:json-patch:1.13
- com.j256.two-factor-auth:two-factor-auth:1.3
- io.asyncer:r2dbc-mysql:1.3.0
- io.github.java-diff-utils:java-diff-utils:4.12
- io.github.resilience4j:resilience4j-reactor:2.2.0
- io.github.resilience4j:resilience4j-spring-boot3:2.2.0
- io.projectreactor:reactor-test:3.7.0-M6
- io.r2dbc:r2dbc-h2:1.0.0.RELEASE
- io.seruco.encoding:base62:0.1.3
- org.apache.commons:commons-lang3:3.17.0
- org.imgscalr:imgscalr-lib:4.2
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.mariadb:r2dbc-mariadb:1.2.2
- org.openapi4j:openapi-schema-validator:1.0.7
- org.pf4j:pf4j:3.12.0
- org.postgresql:postgresql:42.7.4
- org.postgresql:r2dbc-postgresql:1.0.5.RELEASE
- org.projectlombok:lombok:1.18.30
- org.springdoc:springdoc-openapi-starter-webflux-ui:2.6.0
- org.springframework.boot:spring-boot-starter-actuator:3.4.0-M3
- org.springframework.boot:spring-boot-starter-cache:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-jpa:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-r2dbc:3.4.0-M3
- org.springframework.boot:spring-boot-starter-mail:3.4.0-M3
- org.springframework.boot:spring-boot-starter-security:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.boot:spring-boot-starter-thymeleaf:3.4.0-M3
- org.springframework.boot:spring-boot-starter-validation:3.4.0-M3
- org.springframework.boot:spring-boot-starter-webflux:3.4.0-M3
- org.springframework.integration:spring-integration-core:6.4.0-M3
- org.springframework.security:spring-security-oauth2-client:6.4.0-M4
- org.springframework.security:spring-security-oauth2-jose:6.4.0-M4
- org.springframework.security:spring-security-oauth2-resource-server:6.4.0-M4
- org.springframework.security:spring-security-test:6.4.0-M4
- org.springframework.session:spring-session-core:3.4.0-M2
- org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.2.RELEASE
The following dependencies have later release versions:
- com.google.guava:guava [32.0.1-jre -> 33.3.1-jre]
- net.bytebuddy:byte-buddy [1.15.1 -> 1.15.3]
- org.apache.lucene:lucene-analysis-common [9.11.1 -> 9.12.0]
- org.apache.lucene:lucene-backward-codecs [9.11.1 -> 9.12.0]
- org.apache.lucene:lucene-core [9.11.1 -> 9.12.0]
- org.apache.lucene:lucene-highlighter [9.11.1 -> 9.12.0]
- org.apache.lucene:lucene-queryparser [9.11.1 -> 9.12.0]
- org.apache.tika:tika-core [2.9.2 -> 3.0.0-BETA2]
- org.jsoup:jsoup [1.15.3 -> 1.18.1]
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
> Task :application:dependencyUpdates
:application Project Dependency Updates (report to plain text file)
The following dependencies are using the latest release version:
- com.puppycrawl.tools:checkstyle:9.3
- io.projectreactor:reactor-test:3.7.0-M6
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.springframework:spring-context-indexer:6.2.0-RC1
- org.springframework.boot:spring-boot-configuration-processor:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.security:spring-security-test:6.4.0-M4
- org.webjars.npm:jsencrypt:3.3.2
- org.webjars.npm:normalize.css:8.0.1
The following dependencies have later release versions:
- org.projectlombok:lombok [1.18.30 -> 1.18.34]
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
For more on this, please refer to https://docs.gradle.org/8.10.2/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.
9 actionable tasks: 2 executed, 7 up-to-date
#### Does this PR introduce a user-facing change?
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR provides an endpoint for disconnecting user connection. After the user connection is disconnected, an event `UserConnectionDisconnectedEvent` will be published for plugins.
Now, OAuth2 plugin can simplify the authentication, binding and unbinding logic, please see the AuthProvider configuration snippet below:
authenticationUrl: /oauth2/authorization/github
- bindingUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/github
+ bindingUrl: /oauth2/authorization/github
- unbindUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/github
+ unbindUrl: /apis/uc.api.auth.halo.run/v1alpha1/user-connections/github/disconnect
Please note that, OAuth2 plugin can also define binding and unbinding endpoints by self.
#### Special notes for your reviewer:
OAuth2 test plugin:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR add support for binding OAuth2 user automatically. So we can remove the user-binding page.
Please note that those changes may break the OAuth2 and SocialLogin plugins.
#### Special notes for your reviewer:
Build OAuth2 plugin from <https://github.com/halo-sigs/plugin-oauth2/pull/64> or use [plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17177592/plugin-oauth2-1.0.4-SNAPSHOT.zip) I built.
- Bind after logging in
1. Log in Halo with username and password method
2. Try to unbind OAuth2 user
3. Bind OAuth2 user again
- Initially bind without logging in
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to login page
3. Log in with username and password method
4. See the result of binding
- Log in with OAuth2 method after binding
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to uc page directly
#### Does this PR introduce a user-facing change?
支持自动绑定 OAuth2 登录用户
#### What type of PR is this?
/kind feature
/area plugin
#### What this PR does / why we need it:
This PR provides an interface ElementTagProcessor to make plugin handle element tag easily. e.g.:
public class ImgTagProcessor implements ElementTagPostProcessor {
public Mono<Void> process(ITemplateContext context, IProcessableElementTag tag,
IElementTagStructureHandler structureHandler) {
var elementName = tag.getElementDefinition().getElementName();
if (!Objects.equals("img", elementName.getElementName())) {
return Mono.empty();
var srcAttr = tag.getAttribute("src");
if (srcAttr == null) {
return Mono.empty();
var newSrc = srcAttr.getValue();
// TODO rewrite src
structureHandler.setAttribute("src", newSrc);
return Mono.empty();
After PR merged, plugins https://github.com/webp-sh/halo-plugin-webp-cloud and https://github.com/guqing/plugin-cloudinary can be refined with new method.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind feature
/area core
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
Currently, we are refactoring login and logout pages to make them extensible. If plugins want to realize a new authentication method, the CryptoService and RateLimiterRegistry may be used to authenticate.
So this PR exposes the two beans to plugins. No side effect will be introduced.
#### Does this PR introduce a user-facing change?
【开发相关】允许在插件使用 CryptoService 和 RateLimiterRegistry
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.19.x
#### What this PR does / why we need it:
重构 KeyComparator 并通过更多的测试用例来确保排序功能的正确性
1. 字符串长度比较:在 compareStrings 方法中,字符串的长度比较使用 Integer.compare,这部分代码不会产生整数溢出问题。
2. 数字部分的比较:在 compareNumbers 方法中,数字的比较是基于字符比较的(即逐位比较每个数字字符),没有涉及到将数3. 字字符串转化为 int 或 long 类型的操作,所以不会存在整数溢出问题。
4. 处理小数部分的比较:在 compareDecimalNumbers 方法中,类似地,比较操作也是基于字符的,不涉及到数值转换,因此也不存在整数溢出问题
#### Which issue(s) this PR fixes:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind cleanup
/kind improvement
/area core
/milestone 2.19.0
#### What this PR does / why we need it:
This PR refactors some requests with sort parameter by reusing SortableRequest, and refactors some queries with indexer.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind api-change
/kind feature
/area core
#### What this PR does / why we need it:
see #2335
"url": "string",
"filename": "string",
"groupName": "string",
"policyName": "string"
#### How to test it?
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR refactors searching roles by using index mechanism to speed up every request and fix the problem of not being able to grant roles to users sometimes.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4954
Fixes https://github.com/halo-dev/halo/issues/5057
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR allows users to filter search result by types, owner names, category names and tag names.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind feature
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
在 https://github.com/halo-dev/halo/pull/6244 中移除了过时的 `QueryParamBuildUtil.buildParametersFromType` 方法,但是由于留给插件适配的时间不够,很多官方提供的插件也要和 2.18 一起发版这样会导致使用了此方法的插件无法启动,因此留下方法声明并输出日志等到后续版本在删除,这样可以给出一些时间给用户先升级插件而不是挂掉。
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
通过将 ExtensionGetter Bean 共享到给插件的 ApplicationContext,插件能够方便地使用该 Bean 来获取扩展。此更改确保插件具有可靠的扩展访问方式,从而促进系统内更好的模块化和可扩展性。
#### Which issue(s) this PR fixes:
#### Does this PR introduce a user-facing change?
将 ExtensionGetter Bean 共享给插件使用,以便插件可以通过它来获取扩展
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/area plugin
#### What this PR does / why we need it:
This PR adds `BeforeSecurityWebFilter` and `AfterSecurityWebFilter` extension points. See https://github.com/halo-sigs/plugin-page-cache/issues/4#issuecomment-2216677891 for more.
Now, we can do something before and after authenticating.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/milestone 2.18.x
#### What this PR does / why we need it:
将 BasePlugin 的 PluginWrapper 构造函数标记为过时并输出警告日志提示
#### Does this PR introduce a user-facing change?
在 BasePlugin 的 PluginWrapper 构造函数输出过时警告日志以提醒开发者尽快适配
#### What type of PR is this?
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
为了平滑升级先保留 PluginWrapper 的 Bean
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/area plugin
#### What this PR does / why we need it:
This PR supports obtaining plugins root in plugins. Below is an example in plugin:
class PluginsRootGetterDemo {
private final PluginsRootGetter pluginsRootGetter;
PluginsRootGetterDemo(PluginsRootGetter pluginsRootGetter) {
this.pluginsRootGetter = pluginsRootGetter;
Meanwhile, I remove the `PluginProperties#pluginsRoot` for a clear way to obtain plugins root.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind cleanup
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
移除 BasePlugin 中已经过时的构造方法
在 2.6.1 版本中将 `BasePlugin(PluginWrapper wrapper)` 标记为过时并使用 `BasePlugin(PluginContext pluginContext)` 代替,现在已经过了很多版本,是时候移除它了。
see also #4023
#### Does this PR introduce a user-facing change?
开发者相关:移除 BasePlugin 中已经过时的构造方法
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.18.x
#### What this PR does / why we need it:
移除 `QueryParamBuildUtil.buildParametersFromType` 方法使用手动构建代替,参考:
f5ebd9fe43/application/src/main/java/run/halo/app/content/PostQuery.java (L135)
#### Does this PR introduce a user-facing change?
移除 `QueryParamBuildUtil.buildParametersFromType` 方法使用手动构建代替
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
提供对模板中 halo footer 标签内容的扩展点以支持扩展页脚内容
#### Which issue(s) this PR fixes:
#### Does this PR introduce a user-facing change?
提供对模板中 halo footer 标签内容的扩展点以支持扩展页脚内容
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/area plugin
/milestone 2.17.0
#### What this PR does / why we need it:
This PR creates a SearchService and makes it invokable for plugins.
#### Special notes for your reviewer:
1. Create a plugin
2. Publish all publication into Maven local repository by executing `./gradlew publishAllPublicationsToMavenLocalRepository`
3. Use `2.17.0-SNAPSHOT` as dependency version and refresh dependencies
4. Try to use the SearchService to search something.
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
This PR add support for allowing plugin to listen the event that the plugin has started. Below is an example of listening the event in plugin:
void onPluginStartedEvent(PluginStartedEvent event) {
// do something.
See https://github.com/halo-dev/halo/issues/5339#issuecomment-2199220068 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5339#issuecomment-2199220068
#### Special notes for your reviewer:
1. Create a plugin, add the listener above and write some logs
2. Build and install the plugin
3. Start plugin and see the logs you wrote
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
新增 LoginHandlerEnhancer 用于 Halo 扩展登录成功或失败后的处理逻辑如 RememberMe 和设备管理等
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/area core
/kind bug
/milestone 2.17.x
#### What this PR does / why we need it:
修复 Device 模型中,Kind 定义错误的问题。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6221
#### Does this PR introduce a user-facing change?
#### What type of PR is this?
/area core
/kind api-change
/milestone 2.17.x
#### What this PR does / why we need it:
移除内置的页面静态缓存功能,后续将由 https://github.com/halo-sigs/plugin-page-cache 插件提供。
#### Which issue(s) this PR fixes:
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
移除内置的页面静态缓存功能,后续由 https://github.com/halo-sigs/plugin-page-cache 插件提供。
#### What type of PR is this?
/kind feature
/area plugin
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
1. 通过 SettingFetcher/ReactiveSettingFetcher 获取插件配置可以不在考虑获取数据的性能问题,当数据变更后会自动更新缓存
2. 现在你可以通过在插件中监听 `PluginConfigUpdatedEvent` 事件来做一些处理,它会在用户更改插件配置后被触发
#### Does this PR introduce a user-facing change?
增强插件配置的缓存管理并支持通过监听 `PluginConfigUpdatedEvent` 事件做一些特殊处理