#### What type of PR is this?
/kind feature
/area ui
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
将 Console 与 UC 页面的标签页标题改为网站实际标题
#### How to test it?
查看 Console 页面与 UC 页面的标题页标题是否变为网站实际标题
#### Which issue(s) this PR fixes:
Fixes#5679
#### Does this PR introduce a user-facing change?
```release-note
将 Console 与 UC 的标签页标题改为网站实际标题
```
#### What type of PR is this?
/kind feature
#### What this PR does / why we need it:
文章支持根据访问量和评论量排序
#### Which issue(s) this PR fixes:
Fixes#3216
#### Does this PR introduce a user-facing change?
```release-note
文章支持根据访问量和评论量排序
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化文章上一篇下一篇的查询方式避免瞬时内存占用过高
#### Does this PR introduce a user-facing change?
```release-note
优化文章上一篇下一篇的查询方式避免瞬时内存占用过高
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化通知订阅数据查询
#### Does this PR introduce a user-facing change?
```release-note
优化通知订阅数据查询以解决由于数据过多导致查询慢进而阻塞调用方的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化分类关联文章数量的查询避免因查询数据量过大而导致的阻塞或内存溢出
#### Does this PR introduce a user-facing change?
```release-note
优化分类关联文章数量的查询避免因查询数据量过大而导致的阻塞或内存溢出
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.14.0
#### What this PR does / why we need it:
在 Halo 完成动态数据的 i18n 之前,使用中文描述存储策略名称。
Ref https://github.com/halo-dev/plugin-s3/pull/128
#### Does this PR introduce a user-facing change?
```release-note
将默认存储策略模板的显示名称改为中文
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
减少文章更新因版本号冲突而失败的次数
#### Which issue(s) this PR fixes:
Fixes#5579
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
修复在个人中心下,用户无法修改发布时间的问题。
#### How to test it?
需要测试两种情况:
1. 用户首次发布文章时,修改发布时间是否有效。
2. 用户后续编辑文章发布时间时是否生效。
#### Which issue(s) this PR fixes:
Fixes#5473
#### Does this PR introduce a user-facing change?
```release-note
修复个人中心中用户无法修改文章发布时间的问题
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind bug
/kind api-change
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
As described in #5350, when using Amazon SES, for example, as email provider, SMTP username for authentication may not exactly match sender email address. When this happens, websites using Halo will not be able to send emails due to invalid addresses that Halo put in SMTP requests. This PR adds a configuration field for those who got a non-email-address username to specify one separately.
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes#5350
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
Yes
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
action required
添加了“发送邮件地址”配置项。如果你的 username 是邮件地址,那么忽略这一栏即可;如果不是,那么请在这里填上你希望使用的发件人地址
```
#### What type of PR is this?
/area comment
/area core
/kind improvement
#### What this PR does / why we need it:
> 开启了新评论审核设置,如果是在文章页面登录超级管理员账号进行评论,仍然需要在后台进行审核
#### Which issue(s) this PR fixes:
Fixes#5468
#### Does this PR introduce a user-facing change?
```release-note
新增评论设置,允许有评论管理权限的用户发布的评论无需审核
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
修复主题测评论列表顺序不一致的问题
此问题由 #5505 导致,开启了同时返回回复后,评论列表的顺序出现问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.14.0
#### What this PR does / why we need it:
improve the help tips for system setting options
<img width="612" alt="image" src="https://github.com/halo-dev/halo/assets/21301288/9f97a4d7-09f7-4671-8a4e-f4ab7dc8dcbd">
#### Which issue(s) this PR fixes:
Fixes#5513
#### Does this PR introduce a user-facing change?
```release-note
完善系统设置选项的帮助提示。
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.14.x
/kind api-change
#### What this PR does / why we need it:
主题端评论列表支持同时获得评论数据
Resolves#5435
#### Does this PR introduce a user-facing change?
```release-note
主题端评论列表支持同时获得评论数据
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
优化评论控制器的实现逻辑以优化代码和性能
Resolves#5435
how to test it?
- 测试删除评论时能正确连同回复一起删除
- 测试评论下的最新回复的已读功能是否正确
- 删除/审核评论,观察主题端和Console端分别显示的评论数量是否正确
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
优化并重新整理文章和自定义页面 Service 的部分代码
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
修复分配通知器权限时一片空白的问题
- 隐藏了原先权限中展示的通知器配置权限选项
- 系统设置的权限中依赖了通知器配置权限,但需要有系统设置管理权限才会展示通知配置的 Tab
Fixes#5492
#### Does this PR introduce a user-facing change?
```release-note
修复仅拥有通知器配置权限时无法修改配置的问题
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
This PR collects all Gradle plugin versions into root build.gradle for easy management.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
使用索引机制优化回复功能的查询以提高查询速度
#### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化回复功能的查询以提高查询速度
```
#### What type of PR is this?
/kind chore
/area core
#### What this PR does / why we need it:
I get the following errors when I develop Halo in JDK 21:
```bash
FAILURE: Build failed with an exception.
* What went wrong:
Could not determine the dependencies of task ':application:bootRun'.
> Could not resolve all dependencies for configuration ':application:runtimeClasspath'.
> Failed to calculate the value of task ':application:compileJava' property 'javaCompiler'.
> No matching toolchains found for requested specification: {languageVersion=17, vendor=any, implementation=vendor-specific} for MAC_OS on aarch64.
> No locally installed toolchains match and toolchain download repositories have not been configured.
```
This PR removes the Java toolchain configuration and adds source and target compatibility to Java 17, allowing developers to develop Halo in Java 17 or higher versions.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
优化标签关联的文章数量的更新方式以降低标签太多时对 CPU 的消耗
how to test it?
测试文章关联标签、取消关联、更新关联、删除文章到回收站、彻底删除文章时标签对应的文章可见文章数量和所有文章数量是否正确
#### Does this PR introduce a user-facing change?
```release-note
优化标签关联的文章数量的更新方式以降低标签太多时对 CPU 的消耗
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
使用索引机制优化评论数据查询以提高效率
how to test it?
- 测试 console 评论列表和筛选条件是否正确
- 测试主题端评论显示是否正确
#### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化评论数据查询以提高效率
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind bug
/area core
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
更新邮件模板中查看通知的链接
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes https://github.com/halo-dev/halo/issues/5458
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
None
```
#### What type of PR is this?
/area core
/milestone 2.13.0
/kind improvement
#### What this PR does / why we need it:
更新预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
### What this PR does / why we need it:
使用索引机制优化通知和订阅查询以提高性能
how to test it
测试通知列表不报错即可
### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化通知和订阅查询以提高性能
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
This PR checks dependencies while installing and upgrading plugins.
Steps to test:
1. Prepare a plugin with dependencies.
```diff
apiVersion: plugin.halo.run/v1alpha1
kind: Plugin
metadata:
name: a-plugin
...
+ pluginDependencies:
+ app-store-integration: 1.*
```
2. Build the plugin.
3. Try to uninstall `app-store` plugin.
4. Install `a-plugin`.
5. See the result
#### Which issue(s) this PR fixes:
Fixes#5345
#### Does this PR introduce a user-facing change?
```release-note
插件安装和更新时检查依赖是否合法
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.13.0
#### What this PR does / why we need it:
为用户设置中 **注册需验证邮箱** 选项添加提示。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
构建查询视图时只选择被使用到的索引字段
how to test it?
验证文章和附件列表的查询条件和排序条件不会报错即可
#### Does this PR introduce a user-facing change?
```release-note
优化查询视图构建只选择被使用到的索引字段构建查询视图
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
使用索引机制优化用户查询以提高性能
#### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化用户查询以提高性能
```
#### What type of PR is this?
/kind bug
/area plugin
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
Fix the problem of updating plugin extensions incorrectly.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5394
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
Upgrade Spring Boot to [3.2.3](https://github.com/spring-projects/spring-boot/releases/tag/v3.2.3).
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.2.3
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
This PR ignored `email verified` status while 2FA was enabled.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5398
#### Does this PR introduce a user-facing change?
```release-note
修复开启两步验证但未配置 TOTP 可能无法登录的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
为插件静态代理资源增加缓存控制以减少不必要的请求
#### Which issue(s) this PR fixes:
Fixes#5357
#### Does this PR introduce a user-facing change?
```release-note
为插件静态代理资源增加缓存控制以减少不必要的请求
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
/milestone 2.13.x
#### What this PR does / why we need it:
See https://github.com/halo-dev/halo/issues/5379 for more.
This PR provides three extension points:
- FormLoginSecurityWebFilter
- AuthenticationSecurityWebFilter
- AnonymousAuthenticationSecurityWebFilter
which could be extended by plugins easily.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5379
#### Special notes for your reviewer:
TBD.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/kind improvement
/area core
/area console
/kind api-change
#### What this PR does / why we need it:
增加对用户注册时必须验证邮箱的支持
#### Which issue(s) this PR fixes:
Fixes#5016
#### Special notes for your reviewer:
`regRequireVerifyEmail` 为 `false` 时与现在的注册行为一致
为 `true` 时注册页显示验证码校验相关,注册成功后 `UserSpec.emailVerified` 即为 `true`
没有判断邮件通知是否开启,与现有的邮箱验证一致,如未开启则收不到邮件
#### Does this PR introduce a user-facing change?
```release-note
增加对用户注册时必须验证邮箱的支持
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.13.x
#### What this PR does / why we need it:
补全插件已存在错误提示的翻译。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
使用索引功能优化附件列表查询
#### Does this PR introduce a user-facing change?
```release-note
使用索引功能优化附件列表查询
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
In fact, PAT is a JWT, which is very long. However, we put the claim `roles` into PAT, which will cause the length of PAT to increase as the `roles` information increases.
So, the current PR removes the claim `roles` from PAT, which ensures that the length of PAT becomes stable and we can update roles information for PAT at runtime.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5366
#### Does this PR introduce a user-facing change?
```release-note
避免个人令牌长度随着角色信息增长
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
UsernamePasswordAuthenticator is a normal webfilter instead of authentication webfilter in security filter chain. There does not guarentee expected results due to different in execution order. So this PR changes UsernamePasswordAuthenticator to AuthenticationWebFilter for managing the filter by security filter chain.
By the way, these changes will not affect any plugins.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
This PR creates AdditionalWebFilterChainProxy to call all additional filters instead of using SecurityWebFilterChain.
Please note that:
- the AdditionalWebFilterChainProxy should be executed before `org.springframework.security.web.server.WebFilterChainProxy`.
- I don't change `UsernamePasswordAuthenticator` because of <https://github.com/halo-dev/halo/pull/5348>. The authenticator should be in Security scope instead of a standalone webfilter.
See https://github.com/halo-dev/halo/issues/5300#issuecomment-1933436652 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5300
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
移除启动时不必要的搜索引擎索引构建步骤
#### Does this PR introduce a user-facing change?
```release-note
移除启动时不必要的搜索引擎索引构建步骤
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
修复启动时 GcSynchronizer 没有精准过滤出所需数据导致内存占用会出现较高峰值的问题
#### Which issue(s) this PR fixes:
Fixes#5324
#### Does this PR introduce a user-facing change?
```release-note
修复启动时 GcSynchronizer 没有精准过滤出所需数据导致内存占用会出现较高峰值的问题
```
#### What type of PR is this?
/kind bugfix
/milestone 2.12.x
/area core
#### What this PR does / why we need it:
修复事务未提交便触发控制器执行可能导致数据状态不正确的问题
**how to test it?**
1. 测试如 #5315 的问题是否还存在
2. 测试添加重名自定义模型对象会抛出异常且数据被回滚
#### Which issue(s) this PR fixes:
Fixes#5315
#### Does this PR introduce a user-facing change?
```release-note
修复事务未提交便触发控制器执行可能导致数据状态不正确的问题
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.12.x
#### What this PR does / why we need it:
为通知类型设置添加 UI 权限判断。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4728
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
为通知类型设置添加 UI 权限判断。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
优化启动时用户头像获取不到的错误提示
原因是在启动时用户被执行 reconcile 时使用的 plugin-s3 插件还没有启动所以无法获取到 permalink 需要重试
how to test it?
使用 plugin-s3 插件作为用户头像的存储策略然后上传头像测试此 PR 在启动时的异常提示是否输出为:
```
2024-01-29T11:53:13.674+08:00 WARN 31937 --- [rReconciler-t-1] r.h.a.c.e.reconciler.UserReconciler : Failed to get avatar permalink for user [guqing] with attachment [460be0c4-b09f-4b25-ad93-e45f30331ec7], re-enqueuing...
```
#### Which issue(s) this PR fixes:
Fixes#5268
#### Does this PR introduce a user-facing change?
```release-note
优化启动时用户头像获取不到的错误提示
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.12.0
#### What this PR does / why we need it:
This PR adjusts the order of starting reconcilers in plugin, or it will be stuck in starting synchronizer and no reconcilers will be executed.
The problem may be introduced by <https://github.com/halo-dev/halo/pull/5251>.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.12.x
#### What this PR does / why we need it:
This PR mainly simplifies halo plugin manager. Before this,
- we have too many repeat code from super class, which is uncessary
- we maintain plugin application context in ExtensionComponentsFinder, which is uncessary and is hard to manage
- we fire halo plugin event in halo plugin manager, which is complicated and leads to too many repeat code
This PR does:
- refactor halo plugin manager
- wrap base plugin with spring plugin which contains application context
- remove ExtensionComponentsFinder
- bridge halo plugin event and spring plugin event
- wait extensions fully deleted when stopping
Meanwhile, this PR will supersede PR <https://github.com/halo-dev/halo/pull/5236>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5226
#### Special notes for your reviewer:
Test installing, enabing, disabling, upgrading, reloading and deleting plugins.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.12.x
/area core
#### What this PR does / why we need it:
我们为文章自定义模型的数据调协过程引入了重要的优化。
在以前,当数据量大(例如,50,000篇文章)的情况下,每次系统重启都会触发耗时且资源密集的所有数据的协调过程,即使大部分数据并不需要调协。这导致了不必要的数据库查询和高资源消耗。
为了解决这个问题,我们在文章自定义模型的 status 中添加了一个新的 `Long observedVersion` 属性。
每次协调后,此属性将更新为 `metadata.version`,还调整了 `syncAllOnStart` 条件,只有当 `status.observedVersion < metadata.version` 时才会调协数据。
这个改变确保了只有在启动时需要的数据会被协调,从而减少了资源使用和不必要的协调过程。
因此,Halo 的数据承载能力得到了显著提高。
**how to test it?**
使用此 PR 测试:启动时文章只有首次会执行 reconcile,再次重启时则不会再执行,如果直接修改数据去除掉 `status.observedVersion` 来模拟迁移或漏 reconcile 的过程则启动时该数据会被再次执行 reconcile
#### Which issue(s) this PR fixes:
Fixes#5147
#### Does this PR introduce a user-facing change?
```release-note
优化文章数据的调协过程以降低 Halo 启动时文章的调协耗时同时提高性能和资源利用率
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.12.x
#### What this PR does / why we need it:
使用索引功能来查询文章列表
how to test it?
1. 测试文章列表的筛选条件是否正确
2. 测试文章列表中关联的标签和分类信息是否正确
3. 测试仪表盘的文章数量统计是否正确
4. 测试分类关联文章的数量是否正确
5. 测试标签关联文章的文章是否正确
6. 测试主题端文章列表是否正确
#### Which issue(s) this PR fixes:
Fixes#5223
#### Does this PR introduce a user-facing change?
```release-note
使用高级索引功能检索文章以显著降低资源消耗并提供更快、更高效的文章检索体验
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
修复同一个自定义模型构建出的 Scheme 不相等导致无法正确从 SchemeManager 中移除的问题
#### Which issue(s) this PR fixes:
Fixes#5243
#### Does this PR introduce a user-facing change?
```release-note
修复同一个自定义模型构建出的 Scheme 不相等导致无法正确从 SchemeManager 中移除的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
This PR reverts changes in PR <https://github.com/halo-dev/halo/pull/4023>, mainly thanks to PR <https://github.com/halo-dev/halo/pull/5148>.
We don't need to refresh the plugin wrapper on every startup, because we entirely disable the plugin in plugin manager when disabling plugin at console.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4016
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area console
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
优化角色模板依赖的相关功能:
1. 修复勾选某个角色模板之后,其下依赖模板没有选中的问题。
2. 修复编辑角色时,模板其下依赖模板没有选中的问题。
3. 修复角色管理列表中,权限数量显示有误的问题。
4. 移除 **允许管理所有文章** 的角色模板,此角色模板与文章管理重复。
5. 优化 i18n。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5222
#### Special notes for your reviewer:
需要测试上诉问题是否还存在。
#### Does this PR introduce a user-facing change?
```release-note
优化角色模板依赖的相关功能,优化文章相关角色的翻译。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
通过重构 QueryIndexView 的实现方式来优化 IndexedQueryEngine 的逻辑并简化排序过程
how to test it?
单元测试通过即可,此 PR 的修改都是基于单元测试的基础上对原代码做的重构
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
重构 ListResult.subList 方法在获取所有数据时的处理逻辑,只要 size 为 0 就返回所有数据
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
See https://github.com/spring-projects/spring-boot/releases/tag/v3.2.2 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.2.2
```
#### What type of PR is this?
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
修改文章编辑角色的显示名称为**文章管理员**,这样会更加直观。
#### Which issue(s) this PR fixes:
Fixes#5221
#### Does this PR introduce a user-facing change?
```release-note
修改文章编辑角色的显示名称为**文章管理员**。
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
When we are developing a plugin in development environment, APIs in plugin are frequently changed. But they are not reflected in Swagger UI instantly unless we restart Halo entirely.
This PR disables Swagger cache in that case.
#### Does this PR introduce a user-facing change?
```release-note
None
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
/kind feature
/kind api-change
#### What this PR does / why we need it:
add getParentByName method to CategoryFinder interface
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #
#### Special notes for your reviewer:
${categoryFinder.getParentByName(anyChild.metadata.name)}
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
NONE
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
Prior to this proposal, we encountered an error requesting any page before Halo is in ready state. That is because the timing of schemes initialization is incorrect.
The current proposal is to advance schemes initialization before refreshing application and removes `SchemeInitializedEvent` because it cannot be listened by other beans.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4946
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
修复 Halo 还未处于准备就绪时访问页面或接口出现“Scheme not found”错误的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.11.0
#### What this PR does / why we need it:
This PR adds role templates for posts in user center for recreating more flexible roles. Related to <https://github.com/halo-dev/halo/pull/4866>.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.11.x
#### What this PR does / why we need it:
新增使用邮箱地址找回密码功能
#### Which issue(s) this PR fixes:
Fixes#4940
#### Does this PR introduce a user-facing change?
```release-note
新增使用邮箱地址找回密码功能
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.11.x
#### What this PR does / why we need it:
优化个人中心相关的角色模板:
1. 暂时使用简体中文描述,等待 https://github.com/halo-dev/halo/issues/3573 获得支持。
2. 移除未使用的 post-attachment-viewer
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area console
/kind feature
/milestone 2.11.x
#### What this PR does / why we need it:
支持为自定义角色配置 **禁止访问 Console** 的选项。
#### Special notes for your reviewer:
测试方式:
1. 创建一个新角色,勾选禁止访问 Console 的选项,并赋予给某个用户。
2. 登录之后,尝试访问 /console 观察是否能够正常访问。
3. 检查个人中心左下角是否有进入 Console 的按钮。
4. 测试其他未设置这个选项的角色是否正常。
#### Does this PR introduce a user-facing change?
```release-note
支持为自定义角色配置 **禁止访问 Console** 的选项。
```
#### What type of PR is this?
/area core
/milestone 2.11.0
#### What this PR does / why we need it:
更新默认主题至 https://github.com/halo-dev/theme-earth/releases/tag/v1.7.1
#### Does this PR introduce a user-facing change?
```release-note
更新默认主题至 1.7.1
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.11.0
#### What this PR does / why we need it:
This PR resolves the problem of incorrect old data passed to watcher during updates. As shown in the following line, the old value should be `old` instead of `extension` from outside.
7a84f55300/application/src/main/java/run/halo/app/extension/ReactiveExtensionClientImpl.java (L172)
#### Does this PR introduce a user-facing change?
```release-note
None
```
* Support managing posts in user center
Signed-off-by: John Niang <johnniang@foxmail.com>
* Adapt post management in user center
Signed-off-by: Ryan Wang <i@ryanc.cc>
---------
Signed-off-by: John Niang <johnniang@foxmail.com>
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: Ryan Wang <i@ryanc.cc>
#### What type of PR is this?
/kind feature
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
新增用户邮箱验证机制
#### Which issue(s) this PR fixes:
Fixes#4656
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
新增用户邮箱验证机制
```
#### What type of PR is this?
/kind feature
/area core
/area console
#### What this PR does / why we need it:
新增用户站内消息删除功能
<img width="588" alt="图片" src="https://github.com/halo-dev/halo/assets/21301288/6034e43c-0dbc-4e4e-88c6-4848c8b25e0c">
#### Which issue(s) this PR fixes:
Fixes#4706
#### Does this PR introduce a user-facing change?
```release-note
新增用户站内消息删除功能
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
暴露 Actuator 指标端点以便监控服务状态
暴露了 Actuator 端点并提供角色模板,用户可创建 PAT 用于获取 Halo 运行状态数据或分配给其他用户
#### Which issue(s) this PR fixes:
Fixes#4894
#### Does this PR introduce a user-facing change?
```release-note
暴露 Actuator 指标端点以便监控服务状态
```
* fix: OOM occured when using ab to test custom endpoints provided by plugin
* refactor: custom endpoints to rotuer function register for plugin
* refactor: bean post processor register
* Register AggregatedRouterFunction bean instead of adding bean factory post processor
* Remove debug lines
---------
Co-authored-by: John Niang <johnniang@foxmail.com>
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
Respond HTTP status CREATED for system initialization API instead of string `true`.
#### Which issue(s) this PR fixes:
Fixes#4885
#### Does this PR introduce a user-facing change?
```release-note
None
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind bug
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
在加入索引前判断文章的可见性。只将PUBLIC文章加入索引,修复手动刷新搜索索引会将私有文章加入索引的问题
#### Which issue(s) this PR fixes:
Fix#4879
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
#### Special notes for your reviewer:
null
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
修复手动刷新搜索索引会将私有文章加入索引的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
This PR upgrades to SpringDoc 2.2.1-SNAPSHOT to resolve the problem of Swagger API doc display errors.
#### Does this PR introduce a user-facing change?
```release-note
升级 SpringDoc 至 2.2.1-SNAPSHOT 以解决部分 API 文档无法正常使用的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
- Upgrade to Spring Boot 3.2.0-RC2.
- Fix unit test errors due to upgrading.
See https://github.com/spring-projects/spring-boot/releases/tag/v3.2.0-RC2 for more.
#### Does this PR introduce a user-facing change?
Anyone who is using H2 database and wants to upgrade this version has to backup and restore Halo or upgrade old h2 database file manually.
```release-note
[Action Required] 升级 Spring Boot 至 3.2.0-RC2
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
This PR fixes the unit test errors on Windows environment, mainly caused by different file systems.
```bash
PS C:\Users\johnniang\IdeaProjects\halo> ./gradlew check
> Task :application:checkstyleTest
Checkstyle rule violations were found. See the report at: file:///C:/Users/johnniang/IdeaProjects/halo/application/build/reports/checkstyle/test.html
Checkstyle files with violations: 16
Checkstyle violations by severity: [warning:43]
> Task :application:checkstyleMain
Checkstyle rule violations were found. See the report at: file:///C:/Users/johnniang/IdeaProjects/halo/application/build/reports/checkstyle/main.html
Checkstyle files with violations: 135
Checkstyle violations by severity: [warning:218]
> Task :application:test
BUILD SUCCESSFUL in 1m 39s
25 actionable tasks: 5 executed, 20 up-to-date
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
Currently, some Windows developers using GBK as character encoding are unable to build project, please see https://github.com/halo-dev/halo/issues/4771 for more.
Because the source code are using UTF-8 character encoding, the `javadoc`, `compileJava`, `compileTestJava` and `delombok` tasks will use the default character encoding GBK to handle the sources, which prevents the `:api:javadoc` task from running properly.
At the same time, we thank to @DaiYuANg for his first proposed solution in https://github.com/halo-dev/halo/pull/4517.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4771
#### Special notes for your reviewer:
Validate the result by executing command `./gradlew clean build -x check` on Windows environment.
#### Does this PR introduce a user-facing change?
```release-note
修复在部分 Windows 开发者无法正常构建 Halo 的问题
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
Please see https://html.spec.whatwg.org/multipage/semantics.html#meta-generator for more.
This PR add the generator meta into head, so that we can know what sites are using Halo.
```bash
http localhost:8090/ | grep generator
<meta name="generator" content="Halo 2.11.0-SNAPSHOT"/>
```
If someone want to disable the generator meta, they can configure the property `halo.theme.generator-meta-disabled` to `true`.
#### Does this PR introduce a user-facing change?
```release-note
添加 Generator 元数据标识
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
修改发布文章的等待时间以防止因数据库执行延迟较高导致的错误提示
最大等待时间为:`100ms * 2 ^ (retryNum - 1)` = `25600ms`
总共需等待时间为:`100ms * (2 ^ retryNum - 1)` = `31900ms` = `31.9 s`
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
修改发布文章的等待时间以防止因数据库执行延迟较高导致的错误提示
最大等待时间为:`100ms * 2 ^ (retryNum - 1)` = `1600ms`
总共需等待时间为:`100ms * (2 ^ retryNum - 1)` = `3100ms`
#### Does this PR introduce a user-facing change?
```release-note
修改发布文章的等待时间以防止因数据库执行延迟较高导致的错误提示
```
#### What type of PR is this?
/kind feature
/area core
/area console
#### What this PR does / why we need it:
This PR add a route to support user-center.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.11.x
#### What this PR does / why we need it:
Fix the problem that we will encounter "insufficient roles" error while creating PAT with hidden roles.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4783
#### Does this PR introduce a user-facing change?
```release-note
修复因部分角色导致无法正常创建个人令牌的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
如果文章是发布状态但没有发布时间则自动填充
#### Does this PR introduce a user-facing change?
```release-note
None
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind bug
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
在主题使用如下FinderAPI时
将产生如下错误
因为方法定义为
所以修改方法参数
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
NONE
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
修复筛选未发布文章时结果不正确的问题
#### Which issue(s) this PR fixes:
Fixes#4730
#### Does this PR introduce a user-facing change?
```release-note
修复筛选未发布文章时结果不正确的问题
```
#### What type of PR is this?
/kind improvement
/area core
/area console
#### What this PR does / why we need it:
提供允许同步更改插件运行状态的 API
#### Which issue(s) this PR fixes:
Fixes#4744
#### Does this PR introduce a user-facing change?
```release-note
提供允许同步更改插件运行状态的 API
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
Upgrade to Spring Boot 3.1.5. See https://github.com/spring-projects/spring-boot/releases/tag/v3.1.5 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.1.5
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind improvement
/kind api-change
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
优化ContributorVo格式,支持更多信息。
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes#4645
#### Special notes for your reviewer:
none
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
contributorFinder 支持返回用户元数据、注册信息、用户权限等。
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
If someone logs in Halo via OAuth2, they will be prohibited from creating PATs. See https://github.com/halo-dev/halo/issues/4697 for more.
This PR also checks for UsernamePasswordAuthenticationToken while checking whether the current session was created by a real user.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4697
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
修复邮件通知中取消订阅链接不正确的问题
#### Does this PR introduce a user-facing change?
```release-note
修复邮件通知中取消订阅链接不正确的问题
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.10.x
#### What this PR does / why we need it:
升级默认主题 Earth 的版本至 [1.6.0](https://github.com/halo-dev/theme-earth/releases/tag/v1.6.0)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.10.x
#### What this PR does / why we need it:
修改应用市场插件的版本为 [1.0.0-beta.2](https://github.com/halo-dev/plugin-app-store/releases/tag/v1.0.0-beta.2)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.10.x
#### What this PR does / why we need it:
用户支持为不同的通知事件配置通知方式
<img width="872" alt="image" src="https://github.com/halo-dev/halo/assets/21301288/dad85ba3-96bc-4580-9dae-2b9e66e877fe">
#### Does this PR introduce a user-facing change?
```release-note
用户支持为不同的通知事件配置通知方式
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
为邮件通知发件设置增加加密方式配置
#### Which issue(s) this PR fixes:
Fixes#4674
#### Does this PR introduce a user-facing change?
```release-note
为邮件通知发件设置增加加密方式配置
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
修复当评论或回复者的邮箱为空时通知报错的问题
#### Which issue(s) this PR fixes:
Fixes#4684
#### Does this PR introduce a user-facing change?
```release-note
修复当评论或回复者的邮箱为空时通知报错的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
修复插件 css bundle 内容被错误拆分导致无法加载的问题
#### Which issue(s) this PR fixes:
Fixes#4677
#### Does this PR introduce a user-facing change?
```release-note
修复插件 css bundle 内容被错误拆分导致无法加载的问题
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
Lucene search engine will stop updating while the content of any post is `null`.
This PR resets the `null` content into empty string and ignore the error while updating Lucene document.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4623
#### Does this PR introduce a user-facing change?
```release-note
修复因某篇文章的内容为 null 导致无法搜索部分文章的问题
```
#### What type of PR is this?
/kind feature
/milestone 2.10.x
/area core
#### What this PR does / why we need it:
新增消息和通知机制的实现
how to test it?
1. 执行以下命令配置发件服务
```shell
curl -u admin:admin -X POST 'http://localhost:8090/apis/api.console.halo.run/v1alpha1/notifiers/default-email-notifier/senderConfig' \
--header 'Content-Type: application/json' \
--data-raw '{
"displayName": "Halo Team",
"username": "{发件使用的邮箱}",
"password": "{发件邮箱密码}",
"host": "smtp.exmail.qq.com",
"port": "587"
}'
```
2. 评论文章或页面可以收到通知
3. 文章/页面作者是评论者不发送新评论通知,回复者是评论作者不发送回复通知
#### Which issue(s) this PR fixes:
Fixes#4045
#### Does this PR introduce a user-facing change?
```release-note
新增消息和通知机制的实现
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.10.x
#### What this PR does / why we need it:
添加 https://github.com/halo-dev/plugin-app-store 作为预设插件。
#### Does this PR introduce a user-facing change?
```release-note
添加应用市场预设插件
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.10.x
#### What this PR does / why we need it:
重构插件类加载器以优化当插件的 resources 目录资源与 Halo 中同名时加载不到的问题
how to test it?
1. 在创建的 resources/extensions 目录创建一个与 halo 的 resources/extensions 目录中已存在的同名 yaml
2. 使用插件观察插件的同名文件 yaml 是否被 apply 到 halo 中
3. 测试插件的其他功能是否正常比如静态资源加载如 logo 等
#### Which issue(s) this PR fixes:
Fixes#4610
#### Does this PR introduce a user-facing change?
```release-note
重构插件类加载器以优化当插件的 resources 目录资源与 Halo 中同名时加载不到的问题
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.10.0
#### What this PR does / why we need it:
Upgrade to Spring Boot [3.1.4](https://github.com/spring-projects/spring-boot/releases/tag/v3.1.4).
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.1.4
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.10.x
#### What this PR does / why we need it:
升级所有预设插件的版本。
#### Special notes for your reviewer:
执行 `./gradlew downloadPluginPresets` 检查是否能够正常下载。
#### Does this PR introduce a user-facing change?
```release-note
升级所有预设插件的版本。
```
#### What type of PR is this?
/kind feature
/milestone 2.10.x
/area core
#### What this PR does / why we need it:
支持在开发模式下通过 JAR 运行插件
*从此版本开始 BasePlugin 的子类建议使用 BasePlugin(PluginContext context) 构造函数,而不要使用之前的 BasePlugin(PluginWrapper wrapper) 构造函数。BasePlugin(PluginWrapper wrapper) 构造函数将计划在后续版本移除* ,当移除构造函数后不再将 PluginWrapper 暴露给插件使用,它只应该在 halo core 使用。
how to test it?
1. 测试开发模式下配置的 `halo.plugin.fixed-plugin-path` 插件是否正确运行
2. 测试开发模式下通过 JAR 包安装插件是否正确运行
3. 测试生产模式下是否能通过项目目录的方式运行插件,期望是生产模式不可以运行开发模式的插件
4. 测试开发模式和生产模式的插件卸载功能是否正确
#### Which issue(s) this PR fixes:
Fixes#2908
#### Does this PR introduce a user-facing change?
```release-note
支持在开发模式下通过 JAR 运行插件
```
#### What type of PR is this?
/kind improvement
/kind api-change
/area core
#### What this PR does / why we need it:
This PR refines route paths created from <https://github.com/halo-dev/halo/pull/4598>. Because the user scope is not necessary here.
#### Special notes for your reviewer:
Try to manage your PATs.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.10.x
#### What this PR does / why we need it:
修复当插件升级后 Logo 改变会无法显示的问题
how to test it?
1. 使用生产模式运行插件
2. 使用 sitemap 插件 1.0.1版本,https://www.halo.run/store/apps/app-QDFMI?tab=releases
3. 升级 sitemap 插件到 1.1.0, https://www.halo.run/store/apps/app-QDFMI?tab=releases
4. 期望 logo 由原先的 halo 图标变为新图标
#### Which issue(s) this PR fixes:
Fixes#4646
#### Does this PR introduce a user-facing change?
```release-note
修复当插件升级后 Logo 改变会无法显示的问题
```
#### What type of PR is this?
/kind feature
/kind api-change
/area core
#### What this PR does / why we need it:
Support for personal access token mechanism.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/1309
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
提供个人访问令牌机制
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
修复 bundle resource 的缓存 key 生成可能会重复的问题
#### Which issue(s) this PR fixes:
Fixes#4586
#### Does this PR introduce a user-facing change?
```release-note
修复 bundle resource 的缓存 key 生成可能会重复的问题
```
#### What type of PR is this?
/area core
/kind cleanup
#### What this PR does / why we need it:
修改预设插件的下载地址,目前四个预设插件的仓库都已经转移到 halo-dev 组织。
#### Special notes for your reviewer:
需要测试 `./gradlew downloadPluginPresets` 是否能够正常下载预设插件。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/kind api-change
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
See https://github.com/halo-dev/halo/issues/4547 for more.
This PR creates header `WWW-Authenticate` like `FormLogin realm="console"` instead of `Basic realm="realm"` while unauthorized.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4547
#### Special notes for your reviewer:
```bash
curl --head 'http://localhost:8090/actuator/info'
HTTP/1.1 401 Unauthorized
transfer-encoding: chunked
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
WWW-Authenticate: FormLogin realm="console"
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 0
Referrer-Policy: no-referrer
```
#### Does this PR introduce a user-facing change?
```release-note
防止浏览器弹出基础认证弹窗
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
补全系统全局设置的默认值
how to test it?
1. 初始化 halo
2. 安装评论组件
3. 到文章页面可以评论
#### Which issue(s) this PR fixes:
Fixes#4561
#### Does this PR introduce a user-facing change?
```release-note
补全系统全局设置的默认值
```
#### What type of PR is this?
/kind improvement
/milestone 2.10.x
/area core
#### What this PR does / why we need it:
为插件捆绑资源设置 cache-control 以优化静态资源加载
如获取插件 bundle.js 会自动携带参数缓存时间为 7 天,当有插件停止或新增时 v 参数会变化浏览器则使用新的 key 缓存静态资源,旧的 key 将在一天内失效
```
/apis/api.console.halo.run/v1alpha1/plugins/-/bundle.js?v=6c5956f37e7207ab1c0f2f2340f51a101f46b748233992d73729415cd58f3587
```
#### Which issue(s) this PR fixes:
Fixes#4543
#### Does this PR introduce a user-facing change?
```release-note
为插件捆绑资源设置 cache-control 以优化静态资源加载
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.10.x
#### What this PR does / why we need it:
This PR fixes the problem of username being case-insensitive and logging in without permissions. Please note that the problem only occurs with MySQL.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4549
#### Special notes for your reviewer:
```bash
docker run -it --rm --name halodb -p 3306:3306 -e MYSQL_ROOT_PASSWORD=openmysql -e MYSQL_DATABASE=halo mysql:8
./gradlew bootRun --args="--spring.profiles.active=dev,mysql --halo.plugin.runtime-mode=deployment"
```
#### Does this PR introduce a user-facing change?
```release-note
修复因大小写问题导致登录后无权限的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
As I mentioned in <https://github.com/halo-dev/halo/issues/4519>, some extensions which are deletable cannot be recycled by GC. This PR provides an ability to watch scheme changes and recycles deletable extensions.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4519
#### Does this PR introduce a user-facing change?
```release-note
修复因重启后部分可被回收的资源一直处于删除中的状态
```
#### What type of PR is this?
/kind feature
#### What this PR does / why we need it:
spring.sql.init.platform 增加 mariadb 参数支持
适配 1Panel 安装 halo 时 选择 mariadb
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
- Removes dependency `cn.shenyanchao.ik-analyzer:ik-analyzer:9.0.0` due to no significant effect for searching result.
- Customize our own analyzer with StandardTokenizer, HTMLStripCharFilter and LowerCaseFilterFactory.
Please be aware of that the default field to search has become to `content` instead of `title` + `excerpt` + `content`. If someone wants to search title only, use `title: halo` as query string. For more details, please refer to <https://lucene.apache.org/core/9_5_0/queryparser/org/apache/lucene/queryparser/flexible/standard/StandardQueryParser.html>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4455
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
优化本地搜索引擎
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
修复新增加的配置项默认值没有填充的问题
how to test it?
测试插件和主题新增加的配置项(带默认值)在升级后是否具有默认值
#### Which issue(s) this PR fixes:
Fixes#4377
#### Does this PR introduce a user-facing change?
```release-note
修复新增加的配置项默认值没有填充的问题
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
Currently, we only support restoring by uploading backup file. Downloading and uploading larger backup files can be cumbersome for users.
This PR supports restoring with downloadable URL or backup name as well.
#### Special notes for your reviewer:
```bash
# Replace ${BACKUP_NAME} by yourself.
curl -u admin:admin 'http://localhost:8090/apis/api.console.migration.halo.run/v1alpha1/restorations' \
-H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundary3Al7pC6AbBNfB1js' \
--data-raw $'------WebKitFormBoundary3Al7pC6AbBNfB1js\r\nContent-Disposition: form-data; name="backupName"\r\n\r\n${BACKUP_NAME}\r\n------WebKitFormBoundary3Al7pC6AbBNfB1js--\r\n'
```
```bash
# Replace ${DOWNLOAD_LINK} by yourself.
curl -u admin:admin 'http://localhost:8090/apis/api.console.migration.halo.run/v1alpha1/restorations' \
-H 'Content-Type: multipart/form-data; boundary=----WebKitFormBoundarytv6cqgmANkCpSuZm' \
--data-raw $'------WebKitFormBoundarytv6cqgmANkCpSuZm\r\nContent-Disposition: form-data; name="downloadUrl"\r\n\r\n${DOWNLOAD_LINK}\r\n------WebKitFormBoundarytv6cqgmANkCpSuZm--\r\n'
```
#### Does this PR introduce a user-facing change?
```release-note
新增提供下载链接或者备份名进行系统恢复的功能。
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
修复 Windows 系统上的插件路径问题
how to test it?
1. 在 windows 系统上使用插件生成模式初始化 halo 插件可以正常运行,测试上传插件 jar 升级可以正常运行
2. 测试 windows 系统上使用插件开发模式可以正确运行插件
#### Which issue(s) this PR fixes:
Fixes#4466
#### Does this PR introduce a user-facing change?
```release-note
修复 Windows 系统上的插件路径问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
用户列表搜索支持按用户名搜索
#### Which issue(s) this PR fixes:
Fixes#4256
#### Does this PR introduce a user-facing change?
```release-note
用户列表搜索支持按用户名搜索
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
登录后支持在主题端展示作者的私有文章
how to test it?
1. 测试登录后是否能访问到自己创建的私有文章,退出登录后私有文章消失
2. 不能在在主题端看到别人创建的私有文章
3. 创建私有文章测试登录后使用主题端的上一页下一页功能是否正常
#### Which issue(s) this PR fixes:
Fixes#3016
#### Does this PR introduce a user-facing change?
```release-note
登录后支持在主题端展示作者的私有文章
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
This PR upgrades Spring Boot to 3.1.3. See https://github.com/spring-projects/spring-boot/releases/tag/v3.1.3 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.1.3
```
#### What type of PR is this?
/kind feature
/milestone 2.3.x
/area core
#### What this PR does / why we need it:
提供 `/apis/api.console.halo.run/v1alpha1/plugins/bundle.js` 来获取已启用插件的捆绑后的 main.js 和 style.css 文件
#### Which issue(s) this PR fixes:
Fixes#3442
#### Does this PR introduce a user-facing change?
```release-note
优化已启用插件 jsbundle 文件的加载方式
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
Before this, if we deleted a backup without filename, the BackupReconciler would get stuck infinitely. And no further backups would be reconciled.
This PR fixes the problem that it is always in deleting phase after deleting backups.
#### Does this PR introduce a user-facing change?
```release-note
修复因备份数据状态不正常导致无法正常删除备份的问题。
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
修复从插件管理器中获取已启动插件的记录不正确的问题
由于 PR #4403 优化了 plugin extension 的 status 与内存状态的同步方式,优先级改为以数据库为准但这样状态维护变得复杂,所以此 PR 还是以内存为准但不同的是:
1. 当状态不一致时在 reconciler 中先将数据库的和内存状态都统一为停止状态即调用 haloPluginManager.stopPlugin 然后将停止状态更新到 status 的 phase 上,在继续后续的逻辑
2. 如果在更新 status 失败时加上重试避免因乐观锁而容易导致插件启动或停止成功但 status 更新失败导致的不一致几率问题。
经过上述两点的双重保障,多次测试后暂没有发现状态不一致的场景
how to test it?
1. 多安装几个插件十个以上最好,测试启动后通过 HaloPluginManager 获取已启动插件名称是否与 Console 已启动插件列表一致
```java
haloPluginManager.getStartedPlugins()
```
2. 对于提供了 console 功能的插件不会出现启动成功但 status 的 entry 为空的情况
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
优化插件 Reconciler 中对 status 的更新
how to test it?
测试插件启动和停止没有问题即可,着重看一下 status 中是否会存在 stylesheet 和 entry 期望有值但却没有值的情况是否会发生
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
修复评论启用状态的主题模板变量名作用域不正确的问题
评论组件标签处理器只会在处理到 `<halo:comment/>` 自定义标签时被执行,而 haloCommentEnabled 状态是评论标签之前使用的那么此时值还没有被评论标签处理器填充所以取不到正确的值,目前的做法是在模板开始解析时填充 haloCommentEnabled 变量到 context,但这样存在的问题时无法判断页面是否使用了评论自定义标签即每个页面都会有这个变量,不过目前没有更好的办法去解决这样的问题。
how to test it?
在模板页面的任意位置使用 `${haloCommentEnabled}` 都能取到正确的值。
#### Which issue(s) this PR fixes:
Fixes#4378
#### Does this PR introduce a user-facing change?
```release-note
修复评论启用状态的主题模板变量名作用域不正确的问题
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
We already support backup and restore feature in Halo 2.8.0, but we cannot obtain backup files through regular channels in the plugin. For example, we want to upload backup files to OSS in the plugin.
This PR is aimed at solving this problem.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中获取备份文件根目录。
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
Before this, If we use a file with length less than 256KB for recovery, the process remains stagnant until we cancel the request.
This PR refactors the transformation between data buffers and input stream and resolve the issue above. We should avoid returning InputStream directly in reactive stream.
- DataBufferUtils before
```java
public static InputStream toInputStream(Flux<DataBuffer> content) throws IOException {
var pos = new PipedOutputStream();
var pis = new PipedInputStream(pos);
write(content, pos)
.doOnComplete(() -> {
try {
pos.close();
} catch (IOException ignored) {
// Ignore the error
}
})
.subscribeOn(Schedulers.boundedElastic())
.subscribe(releaseConsumer(), error -> {
if (error instanceof IOException) {
// Ignore the error
return;
}
log.error("Failed to write DataBuffer into OutputStream", error);
});
return pis;
```
- DataBufferUtils after
```java
public static Mono<InputStream> toInputStream(Publisher<DataBuffer> content,
Scheduler scheduler) {
return Mono.create(sink -> {
try {
var pos = new PipedOutputStream();
var pis = new PipedInputStream(pos);
var disposable = write(content, pos)
.subscribeOn(scheduler)
.subscribe(releaseConsumer(), sink::error, () -> FileUtils.closeQuietly(pos),
Context.of(sink.contextView()));
sink.onDispose(disposable);
sink.success(pis);
} catch (IOException e) {
sink.error(e);
}
});
```
#### Special notes for your reviewer:
Please test for plugins, themes and migrations.
#### Does this PR introduce a user-facing change?
```release-note
解决备份恢复时因文件小于 256KB 而导致接口卡住的问题。
```
* refactor: improve the system initialization process
* Sync api-client
Signed-off-by: Ryan Wang <i@ryanc.cc>
* feat: add initialized state to global info
* Refine setup page ui
Signed-off-by: Ryan Wang <i@ryanc.cc>
* refactor: improve the system initialization process
* Refine setup page ui
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Refine setup page ui
Signed-off-by: Ryan Wang <i@ryanc.cc>
* fix: update with initialize state
* Refactor setup
Signed-off-by: Ryan Wang <i@ryanc.cc>
* refactor: initialization state
* Refactor router guards
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Refine i18n
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Refactor init data
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Refactor init data
Signed-off-by: Ryan Wang <i@ryanc.cc>
* Update console/src/views/system/Setup.vue
Co-authored-by: Takagi <mail@e.lixingyong.com>
* refactor: initialization interface
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: Takagi <mail@e.lixingyong.com>
#### What type of PR is this?
/kind feature
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
Support restarting Halo and enable restart endpoint by default.
Restart endpoint detail:
request uri: `/actuator/restart`
request method: `POST`
Please note that memory usage may slightly increase after restarting Halo.
#### Does this PR introduce a user-facing change?
```release-note
支持在线重启 Halo。
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.9.x
#### What this PR does / why we need it:
Move Backup extension into api module to share the extension to plugins.
After this PR is merged, I will publish Halo to maven repository (2.9.0-SNAPSHOT). This way, developers can use the Backup extension in the plugin.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
This PR upgrades SpringDoc to 2.2.0 for OpenAPI 3.1 support. Please see https://github.com/springdoc/springdoc-openapi/releases/tag/v2.2.0 for more.
#### Special notes for your reviewer:
- Start Halo by using following command:
```bash
./gradlew bootRun --args="--spring.profiles.active=dev --halo.plugin.runtime-mode=deployment"
```
- Try to request <http://localhost:8090/swagger-ui.html> and check if the OpenAPI version is 3.1
#### Does this PR introduce a user-facing change?
```release-note
升级 SpringDoc 至 2.2.0
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind improvement
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
插件中的VO类目前无法实现接口run.halo.app.theme.finders.vo.ExtensionVoOperator,因为插件的依赖中不存在该接口,导致主题中使用形如`#annotations.get(extension,key)`的语法报错
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes (https://github.com/halo-sigs/plugin-links/issues/42)
#### Special notes for your reviewer:
希望更新一下api的依赖包
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
none
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
- Remove route when single pages become unpublished
- Add some unit tests against the change.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4309
#### Special notes for your reviewer:
1. Create a single page with slug name `about.html` and publish it.
2. Create a static file `about.html` into static folder`${halo.work-dir}/static/`.
3. Try to request <http://localhost:8090/about.html> and check the result.
4. Unpublish the single page and then do the step 3 again.
#### Does this PR introduce a user-facing change?
```release-note
修复页面取消发布后访问仍然出现页面未找到错误。
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
- Suppress compilation warnings.
- Remove deprecated methods and classes.
- Remove unused methods.
- Before
```bash
❯ ./gradlew compileJava compileTestJava
> Task :application:compileJava
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ThemeReconciler.java:48: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
private final ThemePathPolicy themePathPolicy;
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ThemeReconciler.java:48: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
private final ThemePathPolicy themePathPolicy;
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ThemeReconciler.java:48: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
private final ThemePathPolicy themePathPolicy;
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ThemeReconciler.java:48: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
private final ThemePathPolicy themePathPolicy;
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ThemeReconciler.java:48: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
private final ThemePathPolicy themePathPolicy;
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/core/extension/reconciler/ThemeReconciler.java:60: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
themePathPolicy = new ThemePathPolicy(haloProperties.getWorkDir());
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java:64: warning: [removal] authorizeExchange() in ServerHttpSecurity has been deprecated and marked for removal
.authorizeExchange().anyExchange()
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java:65: warning: [removal] and() in ServerHttpSecurity.AuthorizeExchangeSpec has been deprecated and marked for removal
.access(new RequestInfoAuthorizationManager(roleService)).and()
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java:88: warning: [removal] authorizeExchange() in ServerHttpSecurity has been deprecated and marked for removal
.authorizeExchange().anyExchange().permitAll().and()
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java:88: warning: [removal] and() in ServerHttpSecurity.AuthorizeExchangeSpec has been deprecated and marked for removal
.authorizeExchange().anyExchange().permitAll().and()
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java:90: warning: [removal] headers() in ServerHttpSecurity has been deprecated and marked for removal
.headers()
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java💯 warning: [removal] cache() in ServerHttpSecurity.HeaderSpec has been deprecated and marked for removal
.cache().disable().and()
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/config/WebServerSecurityConfig.java💯 warning: [removal] and() in ServerHttpSecurity.HeaderSpec has been deprecated and marked for removal
.cache().disable().and()
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/security/CsrfConfigurer.java:24: warning: [removal] csrf() in ServerHttpSecurity has been deprecated and marked for removal
http.csrf().csrfTokenRepository(CookieServerCsrfTokenRepository.withHttpOnlyFalse())
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/security/authorization/DefaultRuleResolver.java:58: warning: [removal] visitRulesFor(UserDetails,RuleAccumulator) in AuthorizationRuleResolver has been deprecated and marked for removal
public void visitRulesFor(UserDetails user, RuleAccumulator visitor) {
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/security/authorization/DefaultRuleResolver.java:43: warning: [removal] rulesFor(UserDetails) in AuthorizationRuleResolver has been deprecated and marked for removal
public PolicyRuleList rulesFor(UserDetails user) {
^
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/extension/ReactiveExtensionClientImpl.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
16 warnings
> Task :application:compileTestJava
/Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/core/extension/reconciler/ThemeReconcilerTest.java:90: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
final ThemePathPolicy themePathPolicy = new ThemePathPolicy(testWorkDir);
^
/Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/core/extension/reconciler/ThemeReconcilerTest.java:90: warning: [removal] ThemePathPolicy in run.halo.app.theme has been deprecated and marked for removal
final ThemePathPolicy themePathPolicy = new ThemePathPolicy(testWorkDir);
^
Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/security/authorization/RequestInfoResolverTest.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/test/java/run/halo/app/migration/BackupReconcilerTest.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
2 warnings
```
- After
```bash
❯ ./gradlew clean compileJava compileTestJava
> Task :api:compileJava
/Users/johnniang/workspaces/halo-dev/halo/api/src/main/java/run/halo/app/extension/Unstructured.java:69: warning: This field does not exist, or would have been excluded anyway.
@EqualsAndHashCode(exclude = "version")
^
Note: /Users/johnniang/workspaces/halo-dev/halo/api/src/main/java/run/halo/app/extension/Unstructured.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
1 warning
> Task :application:compileJava
Note: /Users/johnniang/workspaces/halo-dev/halo/application/src/main/java/run/halo/app/plugin/SpringExtensionFactory.java uses or overrides a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
> Task :api:compileTestJava
Note: /Users/johnniang/workspaces/halo-dev/halo/api/src/test/java/run/halo/app/infra/utils/JsonUtilsTest.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
BUILD SUCCESSFUL in 7s
22 actionable tasks: 15 executed, 7 up-to-date
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
解决 #4253 所导致的用户旧头像被删除的问题。
#### Special notes for your reviewer:
1. 使用 2.7.x 之前的 Halo 版本,新建用户并设置其头像。
2. 升级 Halo 至 2.8.0-rc.1
3. 头像还存在即可。
4. 测试头像上传、移除功能是否正常可用。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area theme
/milestone 2.8.x
#### What this PR does / why we need it:
升级默认主题版本至 1.5.0
https://github.com/halo-dev/theme-earth/releases/tag/v1.5.0
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.8.x
/area theme
#### What this PR does / why we need it:
按条件渲染评论组件以简化主题端对评论组件是否显示的条件控制
使用了评论标签的模板页面都能直接使用 `${haloCommentEnabled}` 取值能得到评论组件是否可见的结果为`true/false` 用于在需要级联条件渲染的组件上使用,如:
```html
<!-- 评论组件不可见时不渲染标题 -->
<p th:if="${haloCommentEnabled}">评论</p>
<halo:comment />
```
how to test it?
在主题端未加渲染条件时:
1. 测试全局评论组件是否开启的设置是否有效
2. 测试文章和自定义页面是否开启评论的设置是否有效
3. 测试评论组件启用和停止时评论组件的渲染是否正确
4. 测试 `${haloCommentEnabled}` 结果是否正确
#### Which issue(s) this PR fixes:
Fixes#4137
#### Does this PR introduce a user-facing change?
```release-note
按条件渲染评论组件以简化主题端对评论组件是否显示的条件控制
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
Plugin developers are able to define own UsernamePasswordAuthenticationManager to take charge of username password authentication.
1. If the manager fails to handle, the default authentication manager will be used.
2. If the manager returns `Mono.empty()`, the default authentication manager will be used.
For example:
```java
@Component
public class LdapAuthenticationManager
extends UserDetailsRepositoryReactiveAuthenticationManager
implements UsernamePasswordAuthenticationManager {
public LdapAuthenticationManager(ReactiveUserDetailsService userDetailsService) {
super(userDetailsService);
}
@Override
protected Mono<UserDetails> retrieveUser(String username) {
return super.retrieveUser(username);
}
}
```
#### Which issue(s) this PR fixes:
See https://github.com/halo-dev/halo/issues/4207#issuecomment-1643042348 for more.
#### Does this PR introduce a user-facing change?
```release-note
提供用户名密码认证扩展
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
If content is terminated with an error, the file already wrote partially into attachment folder won't be cleaned.
Imagine a scenario where we check that the content size is not larger than 2MB when we write content to the attachments folder. Once the limit is reached, files that have been partially written should be cleaned instead of being kept.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
Bump plugin preset. See https://github.com/halo-sigs/plugin-comment-widget/releases/tag/v1.7.0 for more.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
Support resolving static resources at halo work directory `${halo.work-dir}/static/`.
Please note that we only support adding static resources at hand by logging in the server.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4087
#### Special notes for your reviewer:
1. Create a file `index.html` at `${halo.work-dir}/static`
2. Edit the file with any content
3. Browse with `http://localhost:8090/index.html`
#### Does this PR introduce a user-facing change?
```release-note
支持静态资源映射
```
#### What type of PR is this?
/kind improvement
/area console
/area core
#### What this PR does / why we need it:
此 PR 对用户头像上传的方式进行了重构,移除了原有的头像链接及上传至附件库的方案。允许具有用户管理权限的用户对其他用户的头像进行修改和移除。
Core:
新增了 `/apis/api.console.halo.run/v1alpha1/users/-/avatar` 的 `POST` 以及 `DELETE` 接口,用来上传用户的头像及删除当前用户的头像。
Console:
新增对用户头像进行裁剪的功能,并调用上传接口保存用户头像。
需等待 #4247 合并
#### Which issue(s) this PR fixes:
Fixes#2688
See #4251
See #4247
#### Special notes for your reviewer:
1. 测试上传、删除头像接口是否能够正常执行。
2. 查看当前用户的头像是否能够设置成功。
3. 查看附件库中,当前用户的头像文件是否为 0 或 1 个。
#### Does this PR introduce a user-facing change?
```release-note
支持裁剪、上传和删除用户头像。
```
#### What type of PR is this?
/kind feature
/area core
#### What this PR does / why we need it:
Currently, we cannot pass a sort parameter into extensions' list API, so the result of the API is unsortable.
This PR add the support for that API. e.g.:
```bash
curl -X 'GET' \
'http://localhost:8090/api/v1alpha1/annotationsettings?sort=metadata.name,desc' \
-H 'accept: */*'
```
#### Does this PR introduce a user-facing change?
```release-note
Extension 查询接口支持排序参数。
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
Upgrade Spring Boot 3.1.2. See https://github.com/spring-projects/spring-boot/releases/tag/v3.1.2 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级 Spring Boot 至 3.1.2。
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.8.x
#### What this PR does / why we need it:
修复由于多线程环境下导致的插件卸载时的路由异常问题
改动描述:
为了确保在多线程环境下访问 ExtensionContextRegistry 类的注册表时的线程安全。通过添加读写锁,可以保证在读取和写入PluginApplicationContext 时只有一个线程可以访问,从而避免了多个线程同时访问注册表时可能出现的竞态条件和数据不一致的问题。同时,更新了 register、remove、getByPluginId、containsContext 和 getPluginApplicationContexts 方法,以在访问注册表时获取和释放适当的锁,从而确保了线程安全。
问题原因:
当插件卸载时,卸载动作在 Reconciler 线程中执行而路由访问是在 reactor 的 NonBlockingThread 线程执行,当 PluginCompositeRouterFunction 的 routerFunctions() 方法从 ExtensionContextRegistry 中获取所有 PluginApplicationContext 并持有还未处理完成时由于 PluginReconciler 中执行了卸载插件逻辑而将某个 PluginApplicationContext 关闭从而让 PluginCompositeRouterFunction 中持有到的对象引用发生变化出现数据不一致问题导致出现 `PluginApplicationContext@14971c8e has been closed already` 异常。
解决方案:
所以此修改让读取和写入PluginApplicationContext 时只有一个线程可以访问来解决此问题
how to test it?
测试开发模式下卸载插件时是否会出现如 #4242 中所描述的异常信息
#### Which issue(s) this PR fixes:
Fixes#4242
#### Does this PR introduce a user-facing change?
```release-note
修复由于多线程环境下导致的插件卸载时的路由异常问题
```
#### What type of PR is this?
/kind bug
/kind improvement
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
修复插件被卸载时 delete 生命周期方法不会被触发的问题
how to test it?
1. 测试开发模式下卸载插件,delete 生命周期方法被触发且不会误删项目目录
2. 测试生产模式下插件卸载,文件正确被删除且触发 delete 生命生命周期方法
#### Which issue(s) this PR fixes:
Fixes#4238
#### Does this PR introduce a user-facing change?
```release-note
修复插件被卸载时 delete 生命周期方法不会被触发的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
优化评论扩展点的使用方式
how to test it?
测试评论插件是否正常可用
#### Does this PR introduce a user-facing change?
```release-note
优化评论扩展点的使用方式
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.8.x
#### What this PR does / why we need it:
优化去除 Html Meta 重复标签的正则表达式
see #4234 for more details.
#### Which issue(s) this PR fixes:
Fixes#4234
#### Does this PR introduce a user-facing change?
```release-note
优化去除 Html Meta 重复标签的正则表达式
```
#### What type of PR is this?
/kind feature
/area core
#### What this PR does / why we need it:
为附件库增加过滤条件,过滤 labels 中包含 `halo.run/hidden` 的分组及其附件。
#### Which issue(s) this PR fixes:
Fixes#4251
#### Special notes for your reviewer:
保证默认情况下附件能够正常访问即可。
或者为分组增加 `halo.run/hidden` label,之后查看接口中是否不包含具有目标分组及其附件。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.7.x
#### What this PR does / why we need it:
修复生产模式下插件安装时的位置信息为绝对路径会影响迁移的问题
how to test it?
1. 生产模式下安装插件看 annotation 中 `plugin.halo.run/plugin-path` 的值是否为相对于 pluginsRoot 的相对路径
2. 在生产模式下在 main 分支启动后安装的插件切换到此 PR 后 `plugin.halo.run/plugin-path` 是否变为相对路径
#### Which issue(s) this PR fixes:
Fixes#4178
#### Does this PR introduce a user-facing change?
```release-note
修复生产模式下插件安装时的位置信息为绝对路径会影响迁移的问题
```
#### What type of PR is this?
/area plugin
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
Update preset plugins version
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
Add role template for managing cache. Anyone with role `role-template-manage-cache` can see the `Refresh Page Cache` button.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4143
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
支持通过 ExternalUrlSupplier 获取 externalUrl 配置
#### Which issue(s) this PR fixes:
Fixes#4149
#### Does this PR introduce a user-facing change?
```release-note
支持通过 ExternalUrlSupplier 获取 externalUrl 配置
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
Refactor configuration properties to configure caching with separate names, so that we can enable / disable cache with name.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4144
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.7.x
/area core
/area theme
#### What this PR does / why we need it:
主题端支持获取最新评论
可能存在的问题:
主题端如果想展示评论所属的具体的主体比如 Moment 可能不好展示
how to test it?
通过 list 方法获取评论看排序和数据是否正确
```html
<p th:each="result : ${commentFinder.list(null,1,10)}">
<span th:text="${result.spec.raw}"></span>
-> <span th:text="${#temporals.format(result.spec.creationTime, 'yyyy-MM-dd HH:mm:ss')}"></span>
-> <span th:text="${result.spec.subjectRef}"></span>
</p>
```
#### Which issue(s) this PR fixes:
Fixes#4088
#### Does this PR introduce a user-facing change?
```release-note
主题端支持获取最新评论
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
Add rate limiter for signing up. We only allow 3 registrations within 1 hour by default, despite registration failure.
#### Special notes for your reviewer:
1. Start Halo and console.
2. Try to enable registration for public users.
3. Browse <http://localhost:8090/console/login?type=signup>
4. Input duplicate username for 4 times and see the result.
5. Or input valid username for 4 times and see the result.
#### Does this PR introduce a user-facing change?
```release-note
限制注册接口的请求速率
```
#### What type of PR is this?
/kind feature
/milestone 2.7.x
/area core
#### What this PR does / why we need it:
为主题端的文章和自定义页面内容添加扩展点
插件可以通过实现扩展点来干预文章和自定义页面的内容显示,如修改内容的 html 结构,改变特定样式等
使用方式参考:[docs/extension-points/content.md](9b2b9f1837)
#### Which issue(s) this PR fixes:
Fixes#4003
#### Does this PR introduce a user-facing change?
```release-note
为主题端的文章和自定义页面内容添加扩展点
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
修复文章页 HTML Meta 标签重复问题
see #4049 for more details.
#### Which issue(s) this PR fixes:
Fixes#4049
#### Does this PR introduce a user-facing change?
```release-note
修复文章页 Meta Description 标签重复问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
In some special situations, Halo can not obtain client IP address from request headers and socket address is unresolved, so that `java.lang.NullPointerException: Cannot invoke "java.net.InetAddress.getHostAddress()" because the return value of "java.net.InetSocketAddress.getAddress()" is null` will happen.
This PR will resolve the problem by checking `X-Real-IP` header and checking if remote address is unresolved.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4134
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
Upgrade Spring Boot to 3.1.1. See https://github.com/spring-projects/spring-boot/releases/tag/v3.1.1 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级 Spring Boot 至 3.1.1
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
Apply rate limiter for replying a comment as well. This feature is supplement of <https://github.com/halo-dev/halo/pull/4084>.
#### Special notes for your reviewer:
Try to reply any comments 11 times within 1 minute.
#### Does this PR introduce a user-facing change?
```release-note
对评论回复添加频率限制
```
#### What type of PR is this?
/kind feature
/area core
#### What this PR does / why we need it:
This PR adds dependency [spring-boot-starter-cache](https://docs.spring.io/spring-boot/docs/current/reference/html/io.html#io.caching) as cache framework and [caffeine](https://github.com/ben-manes/caffeine/wiki) as cache implementation to cache template rendering result.
By default, we disable the cache feature. If you want to enable it, please try to configure properties like this:
```yaml
halo:
cache:
disabled: false
```
#### Which issue(s) this PR fixes:
Fixes#2827
#### Special notes for your reviewer:
1. Start Halo
2. Browse any page twice
3. See the difference in request times
#### Does this PR introduce a user-facing change?
```release-note
支持模板渲染结果缓存
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.7.x
/kind api-change
#### What this PR does / why we need it:
统一主题和插件描述文件的部分字段
1. 统一网站字段为 homepage,将主题的 website 标记为过时并兼容为 homepage
2. 主题添加 license 字段
3. 插件添加 repo
#### Which issue(s) this PR fixes:
Fixes#4011
#### Does this PR introduce a user-facing change?
```release-note
统一主题和插件描述文件的部分字段
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
插件的 Controllers 支持自定义 API Group
如:
```java
@RestController
@ApiVersion("fake.halo.run/v1")
@RequestMapping("/fake")
public class DemoController {
}
```
则生成路由为 `/apis/fake.halo.run/v1/fake`
如果没有 group 默认兼容以前的为 `/apis/api.plugin.halo.run/{version}/plugins/{pluginName}/**`
```java
@RestController
@ApiVersion("v1alpha1")
@RequestMapping("/fake")
public class DemoController {
}
```
#### Which issue(s) this PR fixes:
Fixes#4053
#### Does this PR introduce a user-facing change?
```release-note
插件的 Controllers 支持自定义 API Group
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
#### What this PR does / why we need it:
插件的 ApplicationContext 刷新之后在注册到 Registry 中
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
Catch UserNotFoundException instead of ExtensionNotFoundException to map correctly to BadCredentialsException.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4057
#### Special notes for your reviewer:
1. Start Halo
2. Login with an username which does not exist
3. Check the response
#### Does this PR introduce a user-facing change?
```release-note
修复登录时出现用户名不存在的问题。
```
#### What type of PR is this?
/kind feature
/kind core
#### What this PR does / why we need it:
This PR limited comment creation at a rate of 10 per minute.
See https://github.com/halo-dev/halo/issues/4044 for more.
#### Special notes for your reviewer:
1. Start Halo.
2. Create 11 new comments
3. Check the response.
#### Does this PR introduce a user-facing change?
```release-note
增加发表评论频率限制功能
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
Define a global map to mapping exception to problem detail type.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
This PR excludes WebSocket request when serving console index and remove request predicate accept in ConsoleProxyFilter.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4083
#### Special notes for your reviewer:
1. Start Console with dev environment
2. Start Halo with dev profile
3. Try to browse <http://localhost:8090/console> and check the log
#### Does this PR introduce a user-facing change?
```release-note
修复开发环境下访问 Console 出现错误的问题
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
This is a bug introduced from https://github.com/halo-dev/halo/pull/4062. I have overridden onAuthenticationSuccess to create rate limiter in advance instead of invoking `securityContextRepository#save` before.
See https://github.com/halo-dev/halo/pull/4099#issuecomment-1598074131 for more.
#### Special notes for your reviewer:
1. Try to log in with incorrect password three times
2. Log in with correct password and check if the response headers contain `Set-Cookie`
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
#### What this PR does / why we need it:
This PR introduces https://github.com/resilience4j/resilience4j to archive the feature. The login endpoint has limited login failures at a rate of 3 per minute.
See https://github.com/halo-dev/halo/issues/4044 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4044
#### Special notes for your reviewer:
1. Start Halo.
2. Try to login with incorrect credential 4 times
3. Check the response.
#### Does this PR introduce a user-facing change?
```release-note
增加登录失败次数限制功能
```
#### What type of PR is this?
/kind improvement
/kind bug
/area core
/area plugin
/milestone 2.6.x
#### What this PR does / why we need it:
修复插件重启后 MainClass 对象缓存未清除的问题
how to test it?
下载此插件:
[plugin-starter-1.0.0-SNAPSHOT.jar.zip](https://github.com/halo-dev/halo/files/11620847/plugin-starter-1.0.0-SNAPSHOT.jar.zip)
安装并启动插件,会看到类似如下日志:
```
测试从 [/var/folders/1z/3hlt62691tx63dxx6y0mryw00000gn/T/halo-plugin3709893537121269748.txt] 文件读取内容
插件启动成功!
```
修改日志中给出的文件的内容后 reload 插件会看到`插件启动成功!` 后会跟随最新的文件内容则表示 MainClass 是最新的状态没有缓存。
#### Which issue(s) this PR fixes:
Fixes#4016
#### Does this PR introduce a user-facing change?
```release-note
修复插件重启后 MainClass 对象缓存未清除的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.7.x
#### What this PR does / why we need it:
修复主题和插件静态资源的文件遍历漏洞
漏洞描述:
攻击者可以通过`/plugins/{name}/assets/console/{*resource}` 和 `/themes/{themeName}/assets/{*resource}` 的 resource 参数部分添加特殊字符(如 ../ 或 ..\)来绕过应用程序的访问控制,访问他们没有权限访问的文件或目录。
修复方法:
访问文件之前检查文件路径是否在被限制的目录下,如:
resource = /themes/default/templates/../../test
简化路径为 /themes/test
想限制路径在 `/themes/default/templates` 则已经越权拒绝访问
how to test it?
1. 访问例如 `localhost:8090/themes/theme-earth/assets/dist/../../../../../keys/id_rsa` 来检查获取上级目录,上上级目录是否可以访问到,必须只能访问到 themes/assets下的文件即为合理
2. 类似步骤 1 可以尝试`../`, `..\` 来访问 `localhost:8090/plugins/{name}/assets/console/{*resource}`,必须只能访问到插件的 `classpath:console/` 下的文件即为合理
#### Does this PR introduce a user-facing change?
```release-note
修复主题和插件静态资源的路径遍历漏洞
```
Takagi