Commit Graph

151 Commits (5a6551a77074394a82786d0f495c83caa04c058e)

Author SHA1 Message Date
guqing ae6724a2b6
feat: implement persistent token based remember me mechanism (#6131)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x

#### What this PR does / why we need it:
新增基于持久化 Token 的 RememberMe 机制

本次更新引入了一种新的 RememberMe 机制,该机制基于持久化 Token,以增强安全性和管理灵活性。在此之前,RememberMe 功能通过以下方式生成 Token,并将其作为 cookie 发送回客户端:
 username + ":" + expiryTime + ":" + algorithmName + ":"
   + algorithmHex(username + ":" + expiryTime + ":" + password + ":" + key)
此方法的优点在于无需存储 Token 就可以进行验证,并且用户密码的更改会自动使 Token 失效。然而,它的主要缺点是缺乏管理能力,例如无法手动撤销 Token。

鉴于最新的设备管理需求(见 PR #6100),我们需要一种支持设备撤销(revoke)的机制。因此,我们采用了持久化 Token 的方式,并通过随机生成的方法来提高安全性,而不将用户名和密码直接签名在 Token 中。新的 Token 格式如下:

#### Does this PR introduce a user-facing change?
引入基于持久化 Token 的新 RememberMe 机制以增强安全性和管理灵活性,升级后需要重新登录
2024-06-26 08:40:49 +00:00
guqing 3f94cfc9a8
refactor: add list options for sync all synchronizer (#6145)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x

#### What this PR does / why we need it:
为启动时同步添加 ListOptions 选项为后续保持 ExtensionMatcher 的纯粹做准备,后续将移除 ExtensionMatcher 中多余的方法声明,只保留 match 方法,最终的结果希望是
public interface ExtensionMatcher {
    boolean match(Extension extension);
以前构建 Controller 的写法
public Controller setupWith(ControllerBuilder builder) {
         return builder
            .extension(new Post())
            .onAddMatcher(DefaultExtensionMatcher.builder(client, Post.GVK)
                    equal(Post.REQUIRE_SYNC_ON_STARTUP_INDEX_NAME, TRUE))
public Controller setupWith(ControllerBuilder builder) {
        var post = new Post();
        return builder
            // 当有新数据添加时
            .onAddMatcher(extension -> "fake-post".equals(extension.getMetadata().getName()))
            // 使用 syncAllListOptions 作为启动时同步的查询条件过滤不需要的数据
                .fieldQuery(equal(Post.REQUIRE_SYNC_ON_STARTUP_INDEX_NAME, TRUE))

#### Does this PR introduce a user-facing change?
开发者相关:重构 ControllerBuilder 的匹配条件并增加 syncAllListOptions 作为启动时同步的查询条件
2024-06-26 06:50:50 +00:00
guqing 50f751dda2
refactor: add builder for list options (#6148)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x

#### What this PR does / why we need it:
为 ListOptions 增加 Builder 以方便构建 ListOptions 对象,可以通过以下形式创建
var listOptions = ListOptions.builder()
                .labelSelector()// 构建 LabelSelector
                .eq("key-1", "value-1")
                .notEq("key-2", "value-1")
                .end()// 结束构建 LabelSelector
                .fieldQuery(equal("spec.title", "fake-title"))  // 构建 FieldSelector
                .andQuery(equal("spec.slug", "fake-slug"))
                .orQuery(equal("spec.slug", "test"))

#### Does this PR introduce a user-facing change?
开发者相关:支持通过 Builder 来简化 ListOptions 的构建
2024-06-26 06:44:49 +00:00
John Niang e4cce918f7
Refactor ExtensionGetter for enabling or disabling extensions (#6134)
#### What type of PR is this?

/kind improvement
/kind api-change
/area core

#### What this PR does / why we need it:

This PR refactors ExtensionGetter implementation to add a support of enabling extension point(s). Here is an example of data field of `system` config map:

  "data": {
    "extensionPointEnabled": "{  \"search-engine\": [\"search-engine-algolia\"]}"

> 1. The `search-engine` is a name of extension point definition.
> 2. The `search-engine-algolia` is a name of extension definition.

#### Does this PR introduce a user-facing change?

2024-06-25 07:46:45 +00:00
guqing c10862d6fe
refactor: index mechanism to enhance overall performance (#6039)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x

#### What this PR does / why we need it:

**how to test it?**
使用 postgre 数据库,初始化 Halo ,然后执行以下脚本创建 30w 文章数据进行测试:
<summary>点击展开查看 SQL</summary>

DO $$
    i integer;
    postNameIndex integer;
    snapshotName varchar;
    totalRecords integer;
    postNameIndex := 1;
    totalRecords := 300000;

    FOR i IN 1..3 LOOP
      INSERT INTO "public"."extensions" ("name", "data", "version")
      VALUES (
                  'spec', jsonb_build_object(
                      'displayName', '分类-'||i,
                      'slug', 'category-'||i,
                      'description', '测试分类',
                      'cover', '',
                      'template', '',
                      'priority', 0,
                      'children', '[]'::jsonb
                  'status', jsonb_build_object(
                      'permalink', '/categories/category-'||i,
                      'postCount', totalRecords,
                      'visiblePostCount', totalRecords
                  'apiVersion', '',
                  'kind', 'Category',
                  'metadata', jsonb_build_object(
                      'finalizers', jsonb_build_array('category-protection'),
                      'name', 'category-' || i,
                      'annotations', jsonb_build_object(
                          '', 'categories'
                      'version', 0,
                      'creationTimestamp', '2024-06-12T03:56:40.315592Z'
          )::text, 'UTF8'),

    FOR i IN 1..3 LOOP
      INSERT INTO "public"."extensions" ("name", "data", "version")
        VALUES (
            '/registry/' || i,
               'spec', jsonb_build_object(
                   'displayName', 'Halo tag ' || i,
                   'slug', 'tag-'||i,
                   'color', '#ffffff',
                   'cover', ''
               'status', jsonb_build_object(
                   'permalink', '/tags/tag-' || i,
                   'visiblePostCount', totalRecords,
                   'postCount', totalRecords,
                   'observedVersion', 0
               'apiVersion', '',
               'kind', 'Tag',
               'metadata', jsonb_build_object(
                   'finalizers', jsonb_build_array('tag-protection'),
                   'name', 'tag-'||i,
                   'annotations', jsonb_build_object(
                       '', 'tags'
                   'version', 0,
                   'creationTimestamp', '2024-06-12T03:56:40.406407Z'
       )::text, 'UTF8'),

    FOR i IN postNameIndex..totalRecords LOOP
        -- Generate snapshotName
        snapshotName := 'snapshot-' || i;

        -- Insert post data
        INSERT INTO "public"."extensions" ("name", "data", "version")
        VALUES (
            '/registry/' || postNameIndex,
                    'spec', jsonb_build_object(
                        'title', 'title-' || postNameIndex,
                        'slug', 'slug-' || postNameIndex,
                        'releaseSnapshot', snapshotName,
                        'headSnapshot', snapshotName,
                        'baseSnapshot', snapshotName,
                        'owner', 'admin',
                        'template', '',
                        'cover', '',
                        'deleted', false,
                        'publish', true,
                        'pinned', false,
                        'allowComment', true,
                        'visible', 'PUBLIC',
                        'priority', 0,
                        'excerpt', jsonb_build_object(
                            'autoGenerate', true,
                            'raw', ''
                        'categories', ARRAY['category-kEvDb', 'category-XcRVk', 'category-adca'],
                        'tags', ARRAY['tag-RtKos', 'tag-vEsTR', 'tag-UBKCc'],
                        'htmlMetas', '[]'::jsonb
                    'status', jsonb_build_object(
                        'phase', 'PUBLISHED',
                        'conditions', ARRAY[
                                'type', 'PUBLISHED',
                                'status', 'TRUE',
                                'lastTransitionTime', '2024-06-11T10:16:15.617748Z',
                                'message', 'Post published successfully.',
                                'reason', 'Published'
                                'type', 'DRAFT',
                                'status', 'TRUE',
                                'lastTransitionTime', '2024-06-11T10:16:15.457668Z',
                                'message', 'Drafted post successfully.',
                                'reason', 'DraftedSuccessfully'
                        'permalink', '/archives/slug-' || postNameIndex,
                        'excerpt', '如果你看到了这一篇文章,那么证明你已经安装成功了,感谢使用 Halo 进行创作,希望能够使用愉快。',
                        'inProgress', false,
                        'contributors', ARRAY['admin'],
                        'lastModifyTime', '2024-06-11T10:16:15.421467Z',
                        'observedVersion', 0
                    'apiVersion', '',
                    'kind', 'Post',
                    'metadata', jsonb_build_object(
                        'finalizers', ARRAY['post-protection'],
                        'name', 'post-' || postNameIndex,
                        'labels', jsonb_build_object(
                            '', 'true',
                            '', 'false',
                            '', 'admin',
                            '', 'PUBLIC',
                            '', '2024',
                            '', '06',
                            '', '11'
                        'annotations', jsonb_build_object(
                            '', '/archives/{slug}',
                            '', snapshotName,
                            'checksum/config', '73e40d4115f5a7d1e74fcc9228861c53d2ef60468e1e606e367b01efef339309'
                        'version', 0,
                        'creationTimestamp', '2024-06-11T05:51:46.059292Z'
                )::text, 'UTF8'),

        -- Insert content data
        INSERT INTO "public"."extensions" ("name", "data", "version")
        VALUES (
            '/registry/' || snapshotName,
                    'spec', jsonb_build_object(
                        'subjectRef', jsonb_build_object(
                            'group', '',
                            'version', 'v1alpha1',
                            'kind', 'Post',
                            'name', 'post-' || postNameIndex
                        'rawType', 'HTML',
                        'rawPatch', '<p style=\"\">测试内容</p>',
                        'contentPatch', '<p style=\"\">测试内容</p>',
                        'lastModifyTime', '2024-06-11T06:01:25.748755Z',
                        'owner', 'admin',
                        'contributors', ARRAY['admin']
                    'apiVersion', '',
                    'kind', 'Snapshot',
                    'metadata', jsonb_build_object(
                        'name', snapshotName,
                        'annotations', jsonb_build_object(
                            '', 'true'
                        'creationTimestamp', '2024-06-11T06:01:25.748925Z'
                )::text, 'UTF8'),

        postNameIndex := postNameIndex + 1;
END $$;


使用以下 API 查询文章
curl 'http://localhost:8090/apis/' \
--header 'Authorization: Basic YWRtaW46YWRtaW4='



#### Does this PR introduce a user-facing change?
重构索引机制的查询和排序使整体性能提升 50% 以上
2024-06-21 08:04:11 +00:00
guqing 8bdde317e5
feat: add preventParentPostCascadeQuery option to control visibility of child category posts (#6083)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x

#### What this PR does / why we need it:
此次变更为文章分类引入了一个新的 `preventParentPostCascadeQuery` 布尔属性,用于控制分类及其子分类下的文章显示方式。具体变更包括:

- 在分类结构中增加了 `preventParentPostCascadeQuery` 属性。
- 当分类的 `preventParentPostCascadeQuery` 属性设置为 `true` 时,该分类的文章数量不会汇总到父分类中。
- 更新了树结构遍历逻辑,以支持对 `preventParentPostCascadeQuery` 属性的处理。
- 确保独立分类中的文章显示受控,不向上级分类进行聚合。
- 增加了相应的测试用例,以验证在不同树结构中 `preventParentPostCascadeQuery` 属性的功能性。

#### Which issue(s) this PR fixes:
Fixes #5663 
Fixes #4923

#### Does this PR introduce a user-facing change?
2024-06-21 04:08:10 +00:00
John Niang c0ac2f37d7
Add support for patching extensions (#6031)
#### What type of PR is this?

/kind feature
/area core
/milestone 2.17.x

#### What this PR does / why we need it:

This PR adds patch method for all extensions API.

Patch example:

http -a admin:admin PATCH http://localhost:8090/apis/ \
  Content-Type:application/json-patch+json \
  --raw='[{"op": "replace", "path": "/spec/enabled", "value": false}]'

#### Which issue(s) this PR fixes:

Fixes #2311 

#### Does this PR introduce a user-facing change?

2024-06-20 09:32:06 +00:00
guqing b5f9010e60
feat: support setting rendering templates for related posts on category (#6106)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x

#### What this PR does / why we need it:

1. 文章关联的分类上设置的文章模板,如果有多个则选择第一个
2. 文章上设置的自定义模板
3. 文章的默认模板

#### Which issue(s) this PR fixes:
Fixes #6101

#### Does this PR introduce a user-facing change?
2024-06-20 08:12:07 +00:00
John Niang b692db1f57
Move post events into api modules (#6052)
Signed-off-by: JohnNiang <>
2024-06-07 18:34:09 +08:00
John Niang 5df51bb715
Refactor plugin reconciliation for dependency mechanism (#5900)
#### What type of PR is this?

/kind improvement
/area core
/area plugin

#### What this PR does / why we need it:

This PR wholly refactors plugin reconciliation to implement dependency mechanism.

- If we disable plugin which has dependents, the plugin must wait for dependents to be disabled.
- If we enable plugin which has dependencies , the plugin must wait for dependencies to be enabled.
- If we upgrade plugin which has dependents, the plugin must request dependents to be unloaded. After the plugin is unloaded, the plugin must cancel unload request for dependents.

#### Which issue(s) this PR fixes:

Fixes #5872 

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

2024-05-27 08:16:56 +00:00
guqing cb2138580c
chore: provide post content retrieval bean for plugins (#5981)
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.16.x

#### What this PR does / why we need it:
为插件提供文章内容获取的 bean 以简化文章内容获取

#### Which issue(s) this PR fixes:
Fixes #

#### Does this PR introduce a user-facing change?
为插件提供文章内容获取的 Bean
2024-05-24 06:46:51 +00:00
guqing c1e8bdb568
feat: add scheduled post publishing feature (#5940)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.16.x

#### What this PR does / why we need it:

#### Which issue(s) this PR fixes:
Fixes #4602

#### Does this PR introduce a user-facing change?
2024-05-24 04:58:51 +00:00
guqing 2a7900cca9
refactor: add default sort for extension listing (#5937)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x

#### What this PR does / why we need it:
为自定义模型 List API 添加默认排序

#### Which issue(s) this PR fixes:
Fixes #5647

#### Does this PR introduce a user-facing change?
为自定义模型 List API 添加默认排序
2024-05-20 08:34:42 +00:00
guqing c22b4e9ef4
refactor: optimize auth provider sorting with drag-and-drop support (#5914)
#### What type of PR is this?
/kind feature
/area core
/area ui
/milestone 2.16.x

#### What this PR does / why we need it:

#### Which issue(s) this PR fixes:
Fixes #5813

#### Does this PR introduce a user-facing change?
2024-05-20 08:30:42 +00:00
guqing dc451e2629
fix: changes to Unstructured metadata do not take effect (#5880)
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.x

#### What this PR does / why we need it:
修复对 Unstructured 的 metadata 进行更改不会被应用的问题

#### Does this PR introduce a user-facing change?
2024-05-10 04:32:24 +00:00
guqing 0e17d53ede
feat: subscription support for expression-based subscribing (#5705)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.15.x

#### What this PR does / why we need it:

see #5632 for more details

how to test it?
1. 测试系统通知功能的文章、页面有新评论通知和评论有新回复通知的功能是否正常
2. 测试 2.14 创建的文章、评论和回复升级到此版本后是否能继续收到相应通知,如文章有新评论

#### Which issue(s) this PR fixes:
Fixes #5632

#### Does this PR introduce a user-facing change?
2024-04-26 10:26:41 +00:00
Ryan Wang ee76f19572
feat: add issues field for plugin and theme manifest (#5755)
#### What type of PR is this?

/area core
/area ui
/kind feature
/kind api-change

#### What this PR does / why we need it:

为主题和插件的定义文件添加 issues 字段,用于填写问题反馈地址。方便使用者可以清楚的知道可以在哪里反馈问题。

<img width="767" alt="image" src="">

#### Which issue(s) this PR fixes:

Fixes #5715 

#### Does this PR introduce a user-facing change?

2024-04-26 07:20:31 +00:00
John Niang a635881d34
Add WebSocket support in plugins (#5662)
#### What type of PR is this?

/kind feature
/area core
/area plugin

#### What this PR does / why we need it:

This PR allows plugin developers defining WebSocket endpoints in plugins.

#### Which issue(s) this PR fixes:

Fixes #5285 

#### Does this PR introduce a user-facing change?

支持在插件中实现 WebSocket
2024-04-25 08:19:14 +00:00
guqing 06e0b63b5b
feat: invalidate all sessions of a user after password changed (#5757)
* feat: invalidate all sessions of a user after password changed

* fix: unit test case

* refactor: use spring session 3.3 to adapt

* refactor: compatible with session timeout configuration

* refactor: indexed session repository

* Reload page after changed the password

Signed-off-by: Ryan Wang <>

* chore: update session repository


Signed-off-by: Ryan Wang <>
Co-authored-by: Ryan Wang <>
2024-04-23 15:21:24 +08:00
guqing 25339c7d14
refactor: optimize comment reconciliation for better performance and efficiency (#5708) 2024-04-23 11:28:28 +08:00
guqing b4b6693732
refactor: refine statistical approach for tallying posts by category association (#5671) 2024-04-22 15:48:44 +08:00
John Niang 3c20ce3c55
Generate API docs and regenerate API client (#5742)
#### What type of PR is this?

/kind cleanup
/area core

#### What this PR does / why we need it:

This PR adds support for generating API docs into project and generate API client according the API docs.

To generate/update latest API docs, execute the following command:

./gradlew clean generateOpenApiDocs

To generate/update latest API client, execute the following command:

make -C ui api-client-gen

Meanwhile, I also remove the lint on API client due to unnecessary.

Supersedes of

#### Does this PR introduce a user-facing change?

2024-04-19 02:34:07 +00:00
ZhengHaoYu 817963c15e
feat: support sorting posts by views and comment count (#5614)
#### What type of PR is this?
/kind feature

#### What this PR does / why we need it:

#### Which issue(s) this PR fixes:

Fixes #3216 

#### Does this PR introduce a user-facing change?

2024-04-11 10:10:11 +00:00
guqing 52204d6487
refactor: optimize query for category association posts count to prevent blocking due to large data (#5658)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x

#### What this PR does / why we need it:

#### Does this PR introduce a user-facing change?
2024-04-08 09:18:08 +00:00
mashirot c630a37eea
feat: add gravatar url into annotation of spec of comment for anonymous (#5642)
/kind feature
/area core

#### What this PR does / why we need it:


#### Which issue(s) this PR fixes:

Fixes #5641 

评论数据返回邮箱地址 hash 值以便生成默认头像
2024-04-08 08:14:07 +00:00
John Niang 0843747abc
Collect Gradle plugin versions into root build.gradle (#5511)
#### What type of PR is this?

/kind cleanup
/area core

#### What this PR does / why we need it:

This PR collects all Gradle plugin versions into root build.gradle for easy management.

#### Does this PR introduce a user-facing change?

2024-03-15 10:34:07 +00:00
guqing b4564f5913
revert: changes to the return value type of And query (#5507)
#### What type of PR is this?
/area core
/milestone 2.14.x

#### What this PR does / why we need it:
撤销 中对 And query 返回值类型的更改 这会导致插件中用到这个方法的地方出现类型不兼容问题

see also

#### Does this PR introduce a user-facing change?
2024-03-14 07:46:07 +00:00
John Niang 956f4ef3f3
Set source and target compatibility to Java 17 (#5499)
#### What type of PR is this?

/kind chore
/area core

#### What this PR does / why we need it:

I get the following errors when I develop Halo in JDK 21:

FAILURE: Build failed with an exception.

* What went wrong:
Could not determine the dependencies of task ':application:bootRun'.
> Could not resolve all dependencies for configuration ':application:runtimeClasspath'.
   > Failed to calculate the value of task ':application:compileJava' property 'javaCompiler'.
      > No matching toolchains found for requested specification: {languageVersion=17, vendor=any, implementation=vendor-specific} for MAC_OS on aarch64.
         > No locally installed toolchains match and toolchain download repositories have not been configured.

This PR removes the Java toolchain configuration and adds source and target compatibility to Java 17, allowing developers to develop Halo in Java 17 or higher versions.

#### Does this PR introduce a user-facing change?

2024-03-12 07:44:07 +00:00
guqing ed23914050
refactor: optimize the update method for the number of tag associated with posts (#5422)
#### What type of PR is this?
/kind improvement
/area core

#### What this PR does / why we need it:
优化标签关联的文章数量的更新方式以降低标签太多时对 CPU 的消耗

how to test it?

#### Does this PR introduce a user-facing change?
优化标签关联的文章数量的更新方式以降低标签太多时对 CPU 的消耗
2024-03-12 03:16:07 +00:00
guqing 20d80f8f65
refactor: using index mechanisms to optimize comment queries (#5453)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x

#### What this PR does / why we need it:

how to test it?
- 测试 console 评论列表和筛选条件是否正确
- 测试主题端评论显示是否正确

#### Does this PR introduce a user-facing change?
2024-03-08 13:32:06 +00:00
guqing 5281eb01bb
fix: query mismatch with non-intersecting OR and nested AND condition (#5452)
#### What type of PR is this?
/kind bug
/area core
/milestone 2.14.x

#### What this PR does / why we need it:
修复了索引查询使用含有 OR 条件嵌套 AND 条件时若匹配数据集间无交集导致的查询结果不正确的问题

如伪查询:`or(query, and(otherQuery1, otherQuery2))`
问题描述:当 `query` 匹配的结果与 `and(otherQuery1, otherQuery2)` 匹配的结果无交集时 and 会将自身不匹配的数据剔除导致 `query` 无法匹配到而出现缺少数据的问题

#### Does this PR introduce a user-facing change?

2024-03-06 09:24:08 +00:00
guqing 11114416fa
refactor: optimize notification and subscription query using index (#5414)
### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x

### What this PR does / why we need it:

how to test it

### Does this PR introduce a user-facing change?

2024-02-27 11:53:13 +00:00
guqing 7f4abbba09
refactor: only select the required index fields when build query index view (#5312)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x

#### What this PR does / why we need it:
how to test it?

#### Does this PR introduce a user-facing change?
2024-02-27 09:21:12 +00:00
guqing a15a9587b8
refactor: optimize user query using index (#5396)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x

#### What this PR does / why we need it:

#### Does this PR introduce a user-facing change?
2024-02-27 08:45:12 +00:00
John Niang bbe79bac10
Provide extension points for authentication-related web filters (#5386)
#### What type of PR is this?

/kind feature
/area core
/area plugin
/milestone 2.13.x

#### What this PR does / why we need it:

See for more.

This PR provides three extension points:

- FormLoginSecurityWebFilter
- AuthenticationSecurityWebFilter
- AnonymousAuthenticationSecurityWebFilter

which could be extended by plugins easily.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:


#### Does this PR introduce a user-facing change?

2024-02-23 09:04:40 +00:00
MashiroT 50fbe37be8
feat: add support for force verify email during user registration (#5320)
#### What type of PR is this?

/kind feature
/kind improvement
/area core
/area console
/kind api-change

#### What this PR does / why we need it:

#### Which issue(s) this PR fixes:

Fixes #5016

#### Special notes for your reviewer:
`regRequireVerifyEmail` 为 `false` 时与现在的注册行为一致
为 `true` 时注册页显示验证码校验相关,注册成功后 `UserSpec.emailVerified` 即为 `true`

#### Does this PR introduce a user-facing change?

2024-02-22 09:44:06 +00:00
guqing 80e14e97d7
refactor: optimize old attachment query parameters using index (#5363)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x

#### What this PR does / why we need it:

#### Does this PR introduce a user-facing change?
2024-02-20 02:58:09 +00:00
John Niang b4e196372d
Compatible with negative page number and size (#5311)
#### What type of PR is this?

/kind bug
/area core
/milestone 2.13.x

#### What this PR does / why we need it:

This PR makes Halo compatible with negative page number and size parameters to resolve <>.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

Try to install [Hao theme]( and [Chirpy theme]( and check the frontend pages.

#### Does this PR introduce a user-facing change?

2024-02-02 12:30:05 +00:00
guqing 17a0fb9e05
feat: optimized post reconciliation process for enhanced performance and resource utilization (#5250)
#### What type of PR is this?
/kind feature
/milestone 2.12.x
/area core

#### What this PR does / why we need it:


为了解决这个问题,我们在文章自定义模型的 status 中添加了一个新的 `Long observedVersion` 属性。
每次协调后,此属性将更新为 `metadata.version`,还调整了 `syncAllOnStart` 条件,只有当 `status.observedVersion < metadata.version` 时才会调协数据。

因此,Halo 的数据承载能力得到了显著提高。

**how to test it?**
使用此 PR 测试:启动时文章只有首次会执行 reconcile,再次重启时则不会再执行,如果直接修改数据去除掉 `status.observedVersion` 来模拟迁移或漏 reconcile 的过程则启动时该数据会被再次执行 reconcile

#### Which issue(s) this PR fixes:
Fixes #5147

#### Does this PR introduce a user-facing change?
优化文章数据的调协过程以降低 Halo 启动时文章的调协耗时同时提高性能和资源利用率
2024-01-26 09:02:10 +00:00
guqing 3f27f6f262
refactor: using indexes to query post lists (#5230)
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.12.x

#### What this PR does / why we need it:

how to test it?
1. 测试文章列表的筛选条件是否正确
2. 测试文章列表中关联的标签和分类信息是否正确
3. 测试仪表盘的文章数量统计是否正确
4. 测试分类关联文章的数量是否正确
5. 测试标签关联文章的文章是否正确
6. 测试主题端文章列表是否正确

#### Which issue(s) this PR fixes:
Fixes #5223

#### Does this PR introduce a user-facing change?
2024-01-25 12:17:12 +08:00
guqing 29bd0590ca
fix: resolve unequal schemes built from same Extension blocking unregister (#5245)
#### What type of PR is this?
/kind bug
/area core
/milestone 2.12.x

#### What this PR does / why we need it:
修复同一个自定义模型构建出的 Scheme 不相等导致无法正确从 SchemeManager 中移除的问题

#### Which issue(s) this PR fixes:
Fixes #5243

#### Does this PR introduce a user-facing change?
修复同一个自定义模型构建出的 Scheme 不相等导致无法正确从 SchemeManager 中移除的问题
2024-01-25 03:27:52 +00:00
guqing 57fb644173
refactor: optimize the implementation of indexed query engine through query index view (#5233)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.12.x

#### What this PR does / why we need it:
通过重构 QueryIndexView 的实现方式来优化 IndexedQueryEngine 的逻辑并简化排序过程

how to test it?
单元测试通过即可,此 PR 的修改都是基于单元测试的基础上对原代码做的重构

#### Does this PR introduce a user-facing change?
2024-01-24 02:27:44 +00:00
guqing 8523a67e06
refactor: logic for subList method when retrieving all data (#5235)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.12.x

#### What this PR does / why we need it:
重构 ListResult.subList 方法在获取所有数据时的处理逻辑,只要 size 为 0 就返回所有数据

#### Does this PR introduce a user-facing change?
2024-01-23 08:19:19 +00:00
guqing 6a37df07a8
feat: add index mechanism for extension (#5121)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.12.x

#### What this PR does / why we need it:

- metadata.labels
- metadata.creationTimestamp
- metadata.deletionTimestamp

**how to test it?**
1. 测试应用的启动和停止
2. 测试 Reconciler 被正确执行,如创建文章发布文章,测试删除文章的某个 label 数据启动后能被 PostReconciler 恢复(即Reconciler 被正确执行)
3. 测试自定义模型自动生成的 list APIs
	1. 能根据 labels 正确过滤数据和分页
	2. 能根据 creationTimestamp 正确排序
	3. 测试插件启用后也能正确使用 list APIs 根据 labels 过滤数据和 creationTimestamp 排序
4. 能正确删除数据(则表示 GcReconciler 使用索引正确)
5. 测试在插件中为自定义模型注册索引
public class DemoPlugin extension BasePlugin {
    private final SchemeManager schemeManager;

    public MomentsPlugin(PluginContext pluginContext, SchemeManager schemeManager) {
        this.schemeManager = schemeManager;

    public void start() {
        schemeManager.register(Moment.class, indexSpecs -> {
            indexSpecs.add(new IndexSpec()
                .setIndexFunc(multiValueAttribute(Moment.class, moment -> {
                    var tags = moment.getSpec().getTags();
                    return tags == null ? Set.of() : tags;
            indexSpecs.add(new IndexSpec()
                    moment -> moment.getSpec().getOwner())
            indexSpecs.add(new IndexSpec()
                .setIndexFunc(simpleAttribute(Moment.class, moment -> {
                    var releaseTime = moment.getSpec().getReleaseTime();
                    return releaseTime == null ? null : releaseTime.toString();

            indexSpecs.add(new IndexSpec()
                .setIndexFunc(simpleAttribute(Moment.class, moment -> {
                    var visible = moment.getSpec().getVisible();
                    return visible == null ? null : visible.toString();

    public void stop() {
        // unregister scheme 即可,不需要手动删除索引
可以正确在自动生成的 list APIs 使用 fieldSelector 来过滤 `spec.slug` 和排序,可以自己添加其他的 indexSpec 测试
6. 测试唯一索引并添加重复数据,期望无法添加进去

#### Which issue(s) this PR fixes:
Fixes #5058

#### Does this PR introduce a user-facing change?
2024-01-19 06:36:09 +00:00
John Niang 7946585bb5 Support TOTP two-factor authentication for backend
Signed-off-by: John Niang <>
2024-01-15 15:22:06 +08:00
John Niang 6d49047408
Refactor plugin reconciliation to ensure only one update on plugin (#5148)
Signed-off-by: John Niang <>
2024-01-14 22:58:42 +08:00
TL 8b405faa57
fix: ineffective single-character queries in labelSelector (#5007)
**What this PR does / why we need it:**
This PR resolves the reported bug in issue #5001,

**Which issue(s) this PR fixes:**

Fixes [#5001](

修复 labelSelector 单字符值查询无效的问题
2023-12-07 08:52:07 +00:00
John Niang 5208b5c925
Fix the problem of incorrect old data passed to watcher during updates (#4959)
#### What type of PR is this?

/kind bug
/area core
/milestone 2.11.0

#### What this PR does / why we need it:

This PR resolves the problem of incorrect old data passed to watcher during updates. As shown in the following line, the old value should be `old` instead of `extension` from outside.

7a84f55300/application/src/main/java/run/halo/app/extension/ (L172)

#### Does this PR introduce a user-facing change?

2023-11-30 10:46:08 +00:00
John Niang b2b096c544
Support managing posts in the user center (#4866)
* Support managing posts in user center

Signed-off-by: John Niang <>

* Adapt post management in user center

Signed-off-by: Ryan Wang <>


Signed-off-by: John Niang <>
Signed-off-by: Ryan Wang <>
Co-authored-by: Ryan Wang <>
2023-11-30 11:55:29 +08:00
guqing f659a3279e
feat: add supports for provide theme templates in plugin class path (#4862)
* feat: add supports for provide theme templates in plugin class path

Co-authored-by: Ryan Wang <>
2023-11-30 11:53:58 +08:00
guqing 96d4897d11
feat: support user email verification mechanism (#4878)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.11.x

#### What this PR does / why we need it:

#### Which issue(s) this PR fixes:

Fixes #4656

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

2023-11-27 14:20:09 +00:00
AirboZH aa9f84ea6f
Prevent private posts from being indexed when rebuilding index. (#4882)
<!--  Thanks for sending a pull request!  Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<>。
1. If this is your first time, please read our contributor guidelines: <>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.

#### What type of PR is this?
/kind bug
Add one of the following kinds:

/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement

Optionally add one or more of the following kinds if applicable:

/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression

#### What this PR does / why we need it:


#### Which issue(s) this PR fixes:
Fix #4879 

PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.

用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
#### Special notes for your reviewer:


#### Does this PR introduce a user-facing change?

如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".

2023-11-21 06:28:07 +00:00
John Niang 08898bf100 Integrate with SonarCloud 2023-11-15 15:14:55 +08:00
John Niang b04496e4f3
Upgrade to SpringDoc 2.2.1-SNAPSHOT (#4854)
#### What type of PR is this?

/kind bug
/area core
/milestone 2.11.x

#### What this PR does / why we need it:

This PR upgrades to SpringDoc 2.2.1-SNAPSHOT to resolve the problem of Swagger API doc display errors.

#### Does this PR introduce a user-facing change?

升级 SpringDoc 至 2.2.1-SNAPSHOT 以解决部分 API 文档无法正常使用的问题
2023-11-15 03:04:09 +00:00
John Niang 841aa96e59
Upgrade to Lombok gradle plugin 8.4 (#4849)
#### What type of PR is this?

/kind cleanup
/area core
/milestone 2.11.x

#### What this PR does / why we need it:

Upgrade to Lombok gradle plugin 8.4.

See and for more.

#### Does this PR introduce a user-facing change?

升级 Lombok Gradle 插件至 8.4
2023-11-13 03:08:09 +00:00
John Niang ee52adf24c
Fix the problem where some Windows developers are unable to build project (#4844)
#### What type of PR is this?

/kind bug
/area core

#### What this PR does / why we need it:

Currently, some Windows developers using GBK as character encoding are unable to build project, please see for more. 

Because the source code are using UTF-8 character encoding, the `javadoc`, `compileJava`, `compileTestJava` and `delombok` tasks will use the default character encoding GBK to handle the sources, which prevents the `:api:javadoc` task from running properly.

At the same time, we thank to @DaiYuANg for his first proposed solution in

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

Validate the result by executing command `./gradlew clean build -x check` on Windows environment.

#### Does this PR introduce a user-facing change?

修复在部分 Windows 开发者无法正常构建 Halo 的问题
2023-11-12 04:30:08 +00:00
guqing 9454f445a5
feat: add the notification mechanism implementation (#4527)
#### What type of PR is this?
/kind feature
/milestone 2.10.x
/area core

#### What this PR does / why we need it:

how to test it?
1. 执行以下命令配置发件服务
curl -u admin:admin -X POST 'http://localhost:8090/apis/' \
--header 'Content-Type: application/json' \
--data-raw '{
    "displayName": "Halo Team",
    "username": "{发件使用的邮箱}",
    "password": "{发件邮箱密码}",
    "host": "",
    "port": "587"
2. 评论文章或页面可以收到通知
3. 文章/页面作者是评论者不发送新评论通知,回复者是评论作者不发送回复通知

#### Which issue(s) this PR fixes:
Fixes #4045

#### Does this PR introduce a user-facing change?
2023-09-28 13:32:23 +00:00
guqing 1f0cfc18e3
feat: support running plugins from JAR in development mode (#4589)
#### What type of PR is this?
/kind feature
/milestone 2.10.x
/area core

#### What this PR does / why we need it:
支持在开发模式下通过 JAR 运行插件

*从此版本开始 BasePlugin 的子类建议使用 BasePlugin(PluginContext context) 构造函数,而不要使用之前的 BasePlugin(PluginWrapper wrapper) 构造函数。BasePlugin(PluginWrapper wrapper) 构造函数将计划在后续版本移除* ,当移除构造函数后不再将 PluginWrapper 暴露给插件使用,它只应该在 halo core 使用。

how to test it?
1. 测试开发模式下配置的 `halo.plugin.fixed-plugin-path` 插件是否正确运行
2. 测试开发模式下通过 JAR 包安装插件是否正确运行
3. 测试生产模式下是否能通过项目目录的方式运行插件,期望是生产模式不可以运行开发模式的插件
4. 测试开发模式和生产模式的插件卸载功能是否正确

#### Which issue(s) this PR fixes:

Fixes #2908

#### Does this PR introduce a user-facing change?

支持在开发模式下通过 JAR 运行插件
2023-09-27 02:16:16 +00:00
John Niang a29c608311
Support for personal access token mechanism (#4598)
#### What type of PR is this?

/kind feature
/kind api-change
/area core

#### What this PR does / why we need it:

Support for personal access token mechanism.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

2023-09-25 03:30:14 +00:00
Hilary Liu e13563bad0
feat: add strategy setting for post slug generation (#4551)
#### What type of PR is this?

/kind improvement

#### What this PR does / why we need it:


#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

<img width="582" alt="image" src="">

#### Does this PR introduce a user-facing change?

2023-09-10 14:08:13 +00:00
John Niang e40b5d2388
Refine search result by customizing analyzer (#4456)
#### What type of PR is this?

/kind improvement
/area core
/milestone 2.9.x

#### What this PR does / why we need it:

- Removes dependency `cn.shenyanchao.ik-analyzer:ik-analyzer:9.0.0` due to no significant effect for searching result.
- Customize our own analyzer with StandardTokenizer, HTMLStripCharFilter and LowerCaseFilterFactory.

Please be aware of that the default field to search has become to `content` instead of `title` + `excerpt` + `content`. If someone wants to search title only, use `title: halo` as query string. For more details, please refer to <>.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

2023-08-25 15:46:12 +00:00
John Niang 229bcafe71
Upgrade Spring Boot to 3.1.3 (#4478)
#### What type of PR is this?

/kind cleanup
/area core
/milestone 2.9.x

#### What this PR does / why we need it:

This PR upgrades Spring Boot to 3.1.3. See for more.

#### Does this PR introduce a user-facing change?

升级依赖 Spring Boot 至 3.1.3
2023-08-25 08:40:11 +00:00
John Niang 8e3bd7f3d8
Support getting backup root path in plugin (#4422)
#### What type of PR is this?

/kind feature
/area core
/milestone 2.9.x

#### What this PR does / why we need it:

We already support backup and restore feature in Halo 2.8.0, but we cannot obtain backup files through regular channels in the plugin. For example, we want to upload backup files to OSS in the plugin.

This PR is aimed at solving this problem.

#### Does this PR introduce a user-facing change?

2023-08-14 11:38:11 +00:00
guqing 5690de3f24
refactor: improve the system initialization process (#4306)
* refactor: improve the system initialization process

* Sync api-client

Signed-off-by: Ryan Wang <>

* feat: add initialized state to global info

* Refine setup page ui

Signed-off-by: Ryan Wang <>

* refactor: improve the system initialization process

* Refine setup page ui

Signed-off-by: Ryan Wang <>

* Refine setup page ui

Signed-off-by: Ryan Wang <>

* fix: update with initialize state

* Refactor setup

Signed-off-by: Ryan Wang <>

* refactor: initialization state

* Refactor router guards

Signed-off-by: Ryan Wang <>

* Refine i18n

Signed-off-by: Ryan Wang <>

* Refactor init data

Signed-off-by: Ryan Wang <>

* Refactor init data

Signed-off-by: Ryan Wang <>

* Update console/src/views/system/Setup.vue

Co-authored-by: Takagi <>

* refactor: initialization interface


Signed-off-by: Ryan Wang <>
Co-authored-by: Ryan Wang <>
Co-authored-by: Takagi <>
2023-08-11 09:10:35 +08:00
John Niang b9b663e124
Move Backup extension into api module (#4392)
#### What type of PR is this?

/kind cleanup
/area core
/milestone 2.9.x

#### What this PR does / why we need it:

Move Backup extension into api module to share the extension to plugins. 

After this PR is merged, I will publish Halo to maven repository (2.9.0-SNAPSHOT). This way, developers can use the Backup extension in the plugin.

#### Does this PR introduce a user-facing change?

2023-08-09 02:48:11 +00:00
Roozen f148b1f7b7
chore: move the ExtensionVoOperator to the api directory so that the plugin can implement the interface (#4356)
<!--  Thanks for sending a pull request!  Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<>。
1. If this is your first time, please read our contributor guidelines: <>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.

#### What type of PR is this?
/kind improvement
Add one of the following kinds:

/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement

Optionally add one or more of the following kinds if applicable:

/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression

#### What this PR does / why we need it:

#### Which issue(s) this PR fixes:

PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.

用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
Fixes (

#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?

如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".

2023-08-02 05:16:02 +00:00
John Niang 150e9975ba
Suppress compilation warnings and remove deprecated method and classes (#4308)
#### What type of PR is this?

/kind cleanup
/area core
/milestone 2.8.x

#### What this PR does / why we need it:

- Suppress compilation warnings.
- Remove deprecated methods and classes.
- Remove unused methods.

- Before
    ❯ ./gradlew compileJava compileTestJava
    > Task :application:compileJava
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
        private final ThemePathPolicy themePathPolicy;
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
        private final ThemePathPolicy themePathPolicy;
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
        private final ThemePathPolicy themePathPolicy;
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
        private final ThemePathPolicy themePathPolicy;
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
        private final ThemePathPolicy themePathPolicy;
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
            themePathPolicy = new ThemePathPolicy(haloProperties.getWorkDir());
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/ warning: [removal] authorizeExchange() in ServerHttpSecurity has been deprecated and marked for removal
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/ warning: [removal] and() in ServerHttpSecurity.AuthorizeExchangeSpec has been deprecated and marked for removal
                .access(new RequestInfoAuthorizationManager(roleService)).and()
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/ warning: [removal] authorizeExchange() in ServerHttpSecurity has been deprecated and marked for removal
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/ warning: [removal] and() in ServerHttpSecurity.AuthorizeExchangeSpec has been deprecated and marked for removal
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/ warning: [removal] headers() in ServerHttpSecurity has been deprecated and marked for removal
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/💯 warning: [removal] cache() in ServerHttpSecurity.HeaderSpec has been deprecated and marked for removal
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/💯 warning: [removal] and() in ServerHttpSecurity.HeaderSpec has been deprecated and marked for removal
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/security/ warning: [removal] csrf() in ServerHttpSecurity has been deprecated and marked for removal
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/security/authorization/ warning: [removal] visitRulesFor(UserDetails,RuleAccumulator) in AuthorizationRuleResolver has been deprecated and marked for removal
        public void visitRulesFor(UserDetails user, RuleAccumulator visitor) {
    /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/security/authorization/ warning: [removal] rulesFor(UserDetails) in AuthorizationRuleResolver has been deprecated and marked for removal
        public PolicyRuleList rulesFor(UserDetails user) {
    Note: Some input files use or override a deprecated API.
    Note: Recompile with -Xlint:deprecation for details.
    Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/extension/ uses unchecked or unsafe operations.
    Note: Recompile with -Xlint:unchecked for details.
    16 warnings
    > Task :application:compileTestJava
    /Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
            final ThemePathPolicy themePathPolicy = new ThemePathPolicy(testWorkDir);
    /Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/core/extension/reconciler/ warning: [removal] ThemePathPolicy in has been deprecated and marked for removal
            final ThemePathPolicy themePathPolicy = new ThemePathPolicy(testWorkDir);
    Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/security/authorization/ uses or overrides a deprecated API.
    Note: Recompile with -Xlint:deprecation for details.
    Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/migration/ uses unchecked or unsafe operations.
    Note: Recompile with -Xlint:unchecked for details.
    2 warnings
- After

    ❯ ./gradlew clean compileJava compileTestJava
    > Task :api:compileJava
    /Users/johnniang/workspaces/halo-dev/halo/api/src/main/java/run/halo/app/extension/ warning: This field does not exist, or would have been excluded anyway.
        @EqualsAndHashCode(exclude = "version")
    Note: /Users/johnniang/workspaces/halo-dev/halo/api/src/main/java/run/halo/app/extension/ uses unchecked or unsafe operations.
    Note: Recompile with -Xlint:unchecked for details.
    1 warning
    > Task :application:compileJava
    Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/plugin/ uses or overrides a deprecated API.
    Note: Recompile with -Xlint:deprecation for details.
    > Task :api:compileTestJava
    Note: /Users/johnniang/workspaces/halo-dev/halo/api/src/test/java/run/halo/app/infra/utils/ uses unchecked or unsafe operations.
    Note: Recompile with -Xlint:unchecked for details.
    22 actionable tasks: 15 executed, 7 up-to-date

#### Does this PR introduce a user-facing change?

2023-07-27 08:59:19 +00:00
guqing bf1be64959
refactor: conditionally render comment for theme (#4271)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.8.x
/area theme

#### What this PR does / why we need it:

使用了评论标签的模板页面都能直接使用 `${haloCommentEnabled}` 取值能得到评论组件是否可见的结果为`true/false` 用于在需要级联条件渲染的组件上使用,如:

<!-- 评论组件不可见时不渲染标题 -->
<p th:if="${haloCommentEnabled}">评论</p>
<halo:comment />

how to test it?
1. 测试全局评论组件是否开启的设置是否有效
2. 测试文章和自定义页面是否开启评论的设置是否有效
3. 测试评论组件启用和停止时评论组件的渲染是否正确
4. 测试 `${haloCommentEnabled}` 结果是否正确

#### Which issue(s) this PR fixes:
Fixes #4137

#### Does this PR introduce a user-facing change?
2023-07-24 09:38:14 +00:00
John Niang 4505fcfd16
Support extending username password authentication (#4265)
#### What type of PR is this?

/kind feature
/area core
/area plugin

#### What this PR does / why we need it:

Plugin developers are able to define own UsernamePasswordAuthenticationManager to take charge of username password authentication. 

1. If the manager fails to handle, the default authentication manager will be used.
2. If the manager returns `Mono.empty()`, the default authentication manager will be used.

For example:

public class LdapAuthenticationManager
    extends UserDetailsRepositoryReactiveAuthenticationManager
    implements UsernamePasswordAuthenticationManager {

    public LdapAuthenticationManager(ReactiveUserDetailsService userDetailsService) {

    protected Mono<UserDetails> retrieveUser(String username) {
        return super.retrieveUser(username);

#### Which issue(s) this PR fixes:

See for more.

#### Does this PR introduce a user-facing change?

2023-07-24 09:26:14 +00:00
John Niang bd912c36b9
Support backup and restore (#4206)
#### What type of PR is this?

/kind feature
/area core

#### What this PR does / why we need it:

See 9921deb076/docs/ for more.

<img width="1906" alt="image" src="">
<img width="1909" alt="image" src="">

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

2023-07-24 08:26:16 +00:00
Takagi 84093d8db0
feat: add support for user avatar upload (#4253)
#### What type of PR is this?

/kind improvement
/area console
/area core

#### What this PR does / why we need it:

此 PR 对用户头像上传的方式进行了重构,移除了原有的头像链接及上传至附件库的方案。允许具有用户管理权限的用户对其他用户的头像进行修改和移除。

新增了 `/apis/` 的 `POST` 以及 `DELETE` 接口,用来上传用户的头像及删除当前用户的头像。


需等待 #4247 合并

#### Which issue(s) this PR fixes:

Fixes #2688 

See #4251 
See #4247 

#### Special notes for your reviewer:

1. 测试上传、删除头像接口是否能够正常执行。
2. 查看当前用户的头像是否能够设置成功。
3. 查看附件库中,当前用户的头像文件是否为 0 或 1 个。

#### Does this PR introduce a user-facing change?

2023-07-24 08:08:04 +00:00
John Niang fdfaa53614
Support sort parameter when listing extensions (#4274)
#### What type of PR is this?

/kind feature
/area core

#### What this PR does / why we need it:

Currently, we cannot pass a sort parameter into extensions' list API, so the result of the API is unsortable.

This PR add the support for that API. e.g.:

curl -X 'GET' \
  'http://localhost:8090/api/v1alpha1/annotationsettings?,desc' \
  -H 'accept: */*'

#### Does this PR introduce a user-facing change?

Extension 查询接口支持排序参数。
2023-07-24 07:02:23 +00:00
Takagi 5a7e794fea
feat: allow attachment library to filter certain groups and their attachments (#4255)
#### What type of PR is this?

/kind feature
/area core

#### What this PR does / why we need it:

为附件库增加过滤条件,过滤 labels 中包含 `` 的分组及其附件。

#### Which issue(s) this PR fixes:

Fixes #4251 

#### Special notes for your reviewer:

或者为分组增加 `` label,之后查看接口中是否不包含具有目标分组及其附件。

#### Does this PR introduce a user-facing change?

2023-07-20 07:28:17 +00:00
guqing 9a0c52fb2a
feat: support obtaining the raw external URL configuration (#4150)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.7.x

#### What this PR does / why we need it:
支持通过 ExternalUrlSupplier 获取 externalUrl 配置

#### Which issue(s) this PR fixes:

Fixes #4149

#### Does this PR introduce a user-facing change?
支持通过 ExternalUrlSupplier 获取 externalUrl 配置
2023-06-29 07:04:12 +00:00
guqing 55cb21ccaa
feat: support for obtaining the newest comments on theme-side (#4104)
#### What type of PR is this?
/kind feature
/milestone 2.7.x
/area core
/area theme

#### What this PR does / why we need it:

主题端如果想展示评论所属的具体的主体比如 Moment 可能不好展示

how to test it?
通过 list 方法获取评论看排序和数据是否正确
<p th:each="result : ${commentFinder.list(null,1,10)}">
  <span th:text="${result.spec.raw}"></span>
  -> <span th:text="${#temporals.format(result.spec.creationTime, 'yyyy-MM-dd HH:mm:ss')}"></span>
  -> <span th:text="${result.spec.subjectRef}"></span>
#### Which issue(s) this PR fixes:
Fixes #4088

#### Does this PR introduce a user-facing change?
2023-06-28 15:48:11 +00:00
guqing cabcd98ef4
feat: add content extension points for post and single page on theme-side (#4080)
#### What type of PR is this?
/kind feature
/milestone 2.7.x
/area core

#### What this PR does / why we need it:
插件可以通过实现扩展点来干预文章和自定义页面的内容显示,如修改内容的 html 结构,改变特定样式等


#### Which issue(s) this PR fixes:

Fixes #4003

#### Does this PR introduce a user-facing change?

2023-06-28 15:30:11 +00:00
guqing 972ebed03a
refactor: content page meta tags now override global injected (#4069)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.7.x

#### What this PR does / why we need it:
修复文章页 HTML Meta 标签重复问题

see #4049 for more details.

#### Which issue(s) this PR fixes:

Fixes #4049

#### Does this PR introduce a user-facing change?

修复文章页 Meta Description 标签重复问题
2023-06-28 14:54:12 +00:00
John Niang d0526ec592
Add support for caching template rendering result (#4091)
#### What type of PR is this?

/kind feature
/area core

#### What this PR does / why we need it:

This PR adds dependency [spring-boot-starter-cache]( as cache framework and [caffeine]( as cache implementation to cache template rendering result.

By default, we disable the cache feature. If you want to enable it, please try to configure properties like this:

    disabled: false

#### Which issue(s) this PR fixes:

Fixes #2827 

#### Special notes for your reviewer:

1. Start Halo
2. Browse any page twice
3. See the difference in request times

#### Does this PR introduce a user-facing change?

2023-06-26 14:38:00 +00:00
guqing 2791d2f0e5
refactor: uinify some properties of plugins and themes (#4061)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.7.x
/kind api-change

#### What this PR does / why we need it:
1. 统一网站字段为 homepage,将主题的 website 标记为过时并兼容为 homepage
2. 主题添加 license 字段
3. 插件添加 repo

#### Which issue(s) this PR fixes:
Fixes #4011

#### Does this PR introduce a user-facing change?
2023-06-26 14:33:58 +00:00
John Niang 02369fbd3c
Add rate limiter for login endpoint (#4062)
#### What type of PR is this?

/kind feature
/area core

#### What this PR does / why we need it:

This PR introduces to archive the feature. The login endpoint has limited login failures at a rate of 3 per minute.

See for more.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

1. Start Halo.
2. Try to login with incorrect credential 4 times
3. Check the response.

#### Does this PR introduce a user-facing change?

2023-06-16 04:50:12 +00:00
guqing 6d251a7f58
refactor: refresh the plugin wrapper when starting the plugin (#4023)
#### What type of PR is this?
/kind improvement
/kind bug
/area core
/area plugin
/milestone 2.6.x

#### What this PR does / why we need it:
修复插件重启后 MainClass 对象缓存未清除的问题

how to test it?

测试从 [/var/folders/1z/3hlt62691tx63dxx6y0mryw00000gn/T/halo-plugin3709893537121269748.txt] 文件读取内容
修改日志中给出的文件的内容后 reload 插件会看到`插件启动成功!` 后会跟随最新的文件内容则表示 MainClass 是最新的状态没有缓存。

#### Which issue(s) this PR fixes:

Fixes #4016

#### Does this PR introduce a user-facing change?

修复插件重启后 MainClass 对象缓存未清除的问题
2023-06-14 10:08:14 +00:00
John Niang ebcafe6117
Replace R2DBC MySQL driver to io.asyncer:r2dbc-mysql (#3918)
#### What type of PR is this?

/kind improvement
/area core

#### What this PR does / why we need it:

Replace R2DBC MySQL driver to io.asyncer:r2dbc-mysql. See for more.

Please note that there will be an error like below when starting up Halo on MacOS:

2023-05-09T14:24:45.161+08:00 ERROR 4668 --- [  restartedMain] i.n.r.d.DnsServerAddressStreamProviders  : Unable to load io.netty.resolver.dns.macos.MacOSDnsServerAddressStreamProvider, fallback to system defaults. This may result in incorrect DNS resolutions on MacOS. Check whether you have a dependency on 'io.netty:netty-resolver-dns-native-macos'. Use DEBUG level to see the full stack: java.lang.UnsatisfiedLinkError: failed to load the required native library

After manual test, I haven't found any problems caused by the error. And this only occurs on MacOS when developing.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

Steps to test:

1. Start up a MySQL server, e.g.:
    docker run -it --rm --name halodb -p 3306:3306 -e MYSQL_ROOT_PASSWORD=openmysql -e MYSQL_DATABASE=halo mysql:8
3. Start Halo with mysql profile active
    make -C console dev
    ./gradlew bootRun --args=",mysql --halo.plugin.runtime-mode=deployment"
5. Check the functionality of Halo

#### Does this PR introduce a user-facing change?

替换 R2DBC MySQL 驱动为:io.asyncer:r2dbc-mysql
2023-05-31 06:41:03 +00:00
John Niang 937d48b839
Fix the problem of deleting failed plugins for a long time (#4002)
#### What type of PR is this?

/kind bug
/area core
/milestone 2.6.x

#### What this PR does / why we need it:

This PR fixes the problem of deleting failed plugins for a long time by replacing older delayed entry in reconciler queue.

#### Does this PR introduce a user-facing change?

2023-05-29 09:10:56 +00:00
John Niang 88597ac137
Fix the problem of inconsistent OpenAPI generation (#3954)
#### What type of PR is this?

/kind bug
/area core
/milestone 2.6.x

#### What this PR does / why we need it:

Sort properties before building.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

Try to generate api client several times.

#### Does this PR introduce a user-facing change?

2023-05-16 07:04:18 +00:00
John Niang c0c1806476
Upgrade to Spring Boot 3.1.0-RC2 (#3917)
#### What type of PR is this?

/kind cleanup
/area core

#### What this PR does / why we need it:

Upgrade to Spring Boot 3.1.0-RC2.

See and for more.

#### Which issue(s) this PR fixes:


#### Does this PR introduce a user-facing change?

升级 Spring Boot 至 3.1.0-RC2
2023-05-09 04:31:43 +00:00
John Niang 3b61807e8b
Fix the problem of being able to search deleted posts (#3877)
#### What type of PR is this?

/kind bug
/kind improvement
/area core

#### What this PR does / why we need it:

This PR refactors post reconciler to reduce post updates and refines post events.

Previously, we need 3 - 4 updates per reconciliation, but now we only need 1. And all events collected in reconciler will be fired after updating post.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

0. Install search plugin
1. Create a public post and publish it
2. Search posts
3. Try to make the post private
4. Search posts
5. Try to make the post public
6. Search posts
7. Try to delete the post
8. Search posts
9. Try to recover the post
10. Search posts

#### Does this PR introduce a user-facing change?

2023-05-09 02:49:43 +00:00
guqing 8619d96f6a
refactor: optimizing plugin upgrade steps (#3838)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.x

#### What this PR does / why we need it:

how to test it?
1. 测试正常的插件升级是否正常
2. 测试插件升级失败后插件是否会被卸载的问题
3. 测试没有 version 的插件安装是否能成功
4. 在插件目录不会多出一个名为 `{升级插件名称}-null.jar` 的文件

#### Which issue(s) this PR fixes:

Fixes #3839

#### Does this PR introduce a user-facing 
2023-04-27 03:50:15 +00:00
guqing e412866749
feat: add public APIs for client side (#3787)
#### What type of PR is this?
/kind feature
/area core
/milestone 2.5.x
/kind api-change

#### What this PR does / why we need it:
为客户端提供一套 APIs

#### Which issue(s) this PR fixes:
Fixes #3661

#### Does this PR introduce a user-facing change?
为访客端提供一套完整的 API
2023-04-24 12:16:15 +00:00
John Niang a94c0c7f85
Add property halo.use-absolute-permalink to control permalink generation (#3772)
#### What type of PR is this?

/kind improvement
/kind api-change
/area core
/milestone 2.5.x

#### What this PR does / why we need it:

Add property `halo.use-absolute-permalink`(default is `false`) to control permalink generation. Leave `halo.external-url` as `null` by default.

Meanwhile, I enhanced `ExternalUrlSupplier#getURL` to get URL from not only properties but only http request.

#### How to use it?

  use-absolute-permalink: false


  use-absolute-permalink: false


  use-absolute-permalink: true

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

2023-04-19 07:54:24 +00:00
John Niang ed14fcb5f4
Support publishing to maven central repository (#3767)
#### What type of PR is this?

/kind feature
/area core

#### What this PR does / why we need it:

Use Gradle plugin `maven-publish` to publish Halo modules(`platform.application`, `platform.plugin` and `api`) to Maven central repository.

# Try to publish to Maven local repository.
./gradlew publish
# Really publish to Maven central repository.
./gradlew -Prelease publish -PossrhUsername=username -PossrhPassword=password

Note that currently we only support manually publishing.

#### Which issue(s) this PR fixes:


#### Does this PR introduce a user-facing change?

2023-04-18 14:28:23 +08:00
John Niang d760d4d362
Expose attachment service to plugin (#3740)
#### What type of PR is this?

/kind feature
/area core
/area plugin

#### What this PR does / why we need it:

This PR refactor AttachmentEndpoint by extracting `upload`, `delete`, `getPremalink` and `getSharedURL` logic in the endpoint into AttachmentService. Meanwhile, I expose the service to plugin, so that we can use the service in plugin conveniently.

#### Special notes for your reviewer:

Please confirm that those changes won't influence existing attachment features.

#### Does this PR introduce a user-facing change?

2023-04-14 09:26:49 +00:00
John Niang 2bbdb96979
Fix the problem that generateing OpenAPI defined in Plugin may not work (#3729)
#### What type of PR is this?

/kind bug
/area core

#### What this PR does / why we need it:

- Use the class loader belonging to the parameter type when creating a generic class.
- Use full qualified class name when generating a generic class.

Before testing, you have to set property `springdoc.cache.disabled` to `true`.

#### Which issue(s) this PR fixes:

Fixes #3728 

#### Does this PR introduce a user-facing change?

2023-04-10 15:20:25 +00:00
John Niang 0973c64ad2
Move common classes related to theme into api module (#3686)
#### What type of PR is this?

/kind cleanup
/area core

#### What this PR does / why we need it:

Move common classes related to theme into api module.

#### Does this PR introduce a user-facing change?

2023-04-03 08:06:13 +00:00
guqing d355e797bd
feat: add reactive setting fetcher for plugin (#3625)
#### What type of PR is this?
/kind feature
/milestone 2.4.x
/area core

#### What this PR does / why we need it:
提供 ReactiveSettingFetcher 供插件获取配置

此 PR 基于原有的阻塞的 SettingFetcher 逻辑挪到 DefaultReactiveSettingFetcher 中并将阻塞的实现用 Reactive 得代理,不需要测试,单元测试过了即可。
可以尝试在插件中依赖注入 ReactiveSettingFetcher 看是否能正确注入

#### Which issue(s) this PR fixes:
Fixes #3620

#### Does this PR introduce a user-facing change?

提供 ReactiveSettingFetcher 供插件获取配置
2023-03-30 08:38:13 +00:00
guqing bd4cc0c72d
feat: support aggregate several roles into one combined role (#3568)
#### What type of PR is this?
/kind feature
/milestone 2.4.x
/area core

#### What this PR does / why we need it:

see #3560 for more details.

how to test it?
创建一个测试角色和和一个 RoleBinding 将此角色的绑定到其他角色,在不修改用户权限的情况下,用户将拥有新创建的测试角色的权限。

#### Which issue(s) this PR fixes:

Fixes #3560

#### Does this PR introduce a user-facing change?

2023-03-27 09:48:01 +00:00
guqing 3339b381c8
feat: provide a secret extension to store sensitive data (#3594)
#### What type of PR is this?
/kind feature
/milestone 2.4.x
/area core

#### What this PR does / why we need it:
提供 Secret 自定义模型用于存储敏感数据
例如:密码、token 等

#### Which issue(s) this PR fixes:

Fixes #3267

#### Does this PR introduce a user-facing change?
提供 Secret 自定义模型用于存储敏感数据
2023-03-27 09:25:59 +00:00
guqing 2b73a56b6c
fix: unapproved replies are included in the reply count of comments (#3578)
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.4.x
/kind api-change

#### What this PR does / why we need it:

此改动需要评论组件修改回复数量取值为 `status.visibleReplyCount`

how to test it?
1. 创建评论,并在评论下回复
2. 评论的所有回复被计数在 `status.replyCount` 中
3. 而 `status.visibleReplyCount` 数量不包含 `spec.hiden=true` 或 `spec.approved = false` 的

#### Which issue(s) this PR fixes:
Fixes #3165

#### Does this PR introduce a user-facing change?

2023-03-27 09:08:04 +00:00
Ryan Wang 8ce0913c0e
perf: hide disabled auth providers in user profile (#3561)
#### What type of PR is this?

/kind improvement
/area console

#### What this PR does / why we need it:


#### Which issue(s) this PR fixes:

Fixes #3556 

#### Special notes for your reviewer:


1. 安装 OAuth 2 插件:
2. 再不做任何配置的情况下,访问已登录用户的个人资料页面,检查是否列出了认证方式。
3. 配置某个认证方式并开启,再检查是否列出了已启用的认证方式。

#### Does this PR introduce a user-facing change?

2023-03-27 08:32:12 +00:00
Ryan Wang fbe8e627e8
perf: hide the switch of local identity authentication (#3562)
#### What type of PR is this?

/kind improvement
/area console 

#### What this PR does / why we need it:


<img width="1402" alt="image" src="">

#### Which issue(s) this PR fixes:

Fixes #3557 

#### Does this PR introduce a user-facing change?

2023-03-27 08:02:20 +00:00
John Niang fa7f3c119a
Change type of SettingFetcher from interface into abstract class (#3593)
#### What type of PR is this?

/kind bug
/area core

#### What this PR does / why we need it:

Change type of SettingFetcher from interface into abstract class for backward compatibility. See for more.

#### Which issue(s) this PR fixes:


#### Special notes for your reviewer:

Please use [plugin-search-widget]( to test.

#### Does this PR introduce a user-facing change?

2023-03-27 04:22:10 +00:00