#### What type of PR is this?
/area plugin
/area editor
/milestone 2.20.x
#### What this PR does / why we need it:
Previously, editor extension related types were not exported because the type names conflicted with some UI component names, making it impossible to import extension types in plugins. This PR modifies the type names and exports them in index.ts.
#### Does this PR introduce a user-facing change?
```release-note
导出与编辑器扩展相关的类型定义
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for redirection on logout. We can request <http://localhost:8090/logout?redirect_uri=/archives> with GET method, then click the logout to see the redirection.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7401
#### Does this PR introduce a user-facing change?
```release-note
登出页面支持自定义重定向
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
1. This PR removes duplicate invocations while resolving handler functions of theme.
2. Throw NotFoundException while post was not found.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7409
#### Does this PR introduce a user-facing change?
```release-note
修复访问不存在的分类或者文章页面时始终抛出异常的问题
```
#### What type of PR is this?
/kind feature
#### What this PR does / why we need it:
标签支持根据文章量排序
#### Does this PR introduce a user-facing change?
```release-note
标签支持根据文章量排序
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds SwitchUserGrantedAuthorityMixin into HaloSecurityJackson2Module to fix the deserialization error.
See https://github.com/halo-dev/halo/issues/7406 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7406
#### Does this PR introduce a user-facing change?
```release-note
修复个人中心处可能出现登录设备查询异常的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR makes Argon2 password encoder as default to remove password limit of 72.
Please note that there is no compatibility issue for old passwords.
#### Which issue(s) this PR fixes:
Fixes#7405
#### Special notes for your reviewer:
1. Try to login as admin
2. Create a password having the length of 73 or more for a new user
3. See the result
#### Does this PR introduce a user-facing change?
```release-note
修复无法设置长度超过72个字符的密码的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds therapi-runtime-javadoc dependency and annotationProcessor for api and application projects. After doing that, SpringDoc will introspect Javadoc annotations and comments. See https://springdoc.org/#javadoc-support for more.
For support in plugin, just add an annotationProcessor like below:
```gradle
dependencies {
implementation platform('run.halo.tools.platform:plugin:2.20.8-SNAPSHOT')
compileOnly 'run.halo.app:api'
annotationProcessor 'com.github.therapi:therapi-runtime-javadoc-scribe:0.13.0'
}
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR bumps Spring Boot to [3.4.5](https://github.com/spring-projects/spring-boot/releases/tag/v3.4.5).
#### Which issue(s) this PR fixes:
Fixes#7374
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.4.5,同时解决可能无法登录的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR upgrades Gradle to 8.13.
#### Does this PR introduce a user-facing change?
```release-note
升级构建工具 Gradle 至 8.13
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复 Unstructured Metadata 的 equals hashcode 排除 version,这可能是之前误操作提交的
ed50a0224d/api/src/main/java/run/halo/app/extension/Unstructured.java (L75)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area ui
/milestone 2.20.x
#### What this PR does / why we need it:
Add support for multiple roles during user creation
#### Which issue(s) this PR fixes:
Fixes#7325
#### Does this PR introduce a user-facing change?
```release-note
新建用户时支持设置多个角色
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
Use `Promise.all` to execute part of the batch operation logic of the post in chunks to optimize the execution performance.
#### Which issue(s) this PR fixes:
Fixes #
#### Does this PR introduce a user-facing change?
```release-note
优化文章部分批量操作的执行性能
```
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
This PR manually set UTF-8 charset while loading YAML file to fix the problem "java.nio.charset.MalformedInputException: Input length = 1".
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6937
Fixes https://github.com/orgs/halo-dev/discussions/7375
#### Does this PR introduce a user-facing change?
```release-note
修复 Windows 下可能无法正常初始化的问题
```
### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
In PR <https://github.com/halo-dev/halo/pull/7371>, I used strong secure random to generate metadata name, but the random may cause system block in some specific environments. See https://github.com/orgs/lxware-dev/discussions/13#discussioncomment-12907298 for more.
So this PR revert the use of strong secure random.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR use secure-strong SecureRandom to generate unpredictable metadata name. Meanwhile, the length of generate name suffix is increased to `8` and lower-case is to prevent data conflicts caused by database case sensitivity as possible.
Another improvement is using bounded-elastic thread to run the method `secureString()#nextAlphanumeric` because the method contains blocking operation, which might cause system block.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR removes application startup steps buffer to reduce memory usage.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR disables CSRF check for PAT authentication because the authentication won't pass any cookies to server.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for impersonating other users for super admin.
1. Login as super admin
2. Request `POST /login/impersonate?username=xxx` and the current user should be xxx
3. Request `POST /logout/impersonate` and the current user should be super admin
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.20.x
#### What this PR does / why we need it:
文章访问路径支持设置 `/categories/{categorySlug}/{postSlug}` 的形式
#### Which issue(s) this PR fixes:
Fixes#7330
#### Does this PR introduce a user-facing change?
```release-note
文章访问路径支持设置 `/categories/{categorySlug}/{postSlug}` 的形式
```
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
修复 postFinder.list() 传参 categoryName 查询不到子类文章
#### Which issue(s) this PR fixes:
Fixes#7296
#### Does this PR introduce a user-facing change?
```release-note
修复 postFinder.list() 的 categoryName 参数无效的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors UserScopedPatHandlerImpl with PAT service to make PAT operations flexible.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area theme
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for sec:authorize attribute of Thymeleaf which is not supported yet. See https://github.com/halo-dev/halo/issues/7316 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7316
#### Does this PR introduce a user-facing change?
```release-note
完善主题模板判断用户角色等功能
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR fixes the NPE while post content is null. See https://github.com/halo-dev/halo/issues/7320 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7320
#### Does this PR introduce a user-facing change?
```release-note
修复通过接口创建文章可能导致无法发布和删除的问题
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
/area ui
/kind bug
#### What this PR does / why we need it:
See #6994
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes#6994
#### Special notes for your reviewer:
统一了发布文章时的行为,均先确保服务端创建草稿后保存内容。
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
修复文章重复生成的问题
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR allows users to upload local attachment always with a random filename to simply prevent resource leak.
Please see the configuration and the uploaded result below:
```json
{
"spec": {
"displayName": "halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer",
"policyName": "attachment-policy-XVdDK",
"ownerName": "admin",
"mediaType": "application/pkix-cert",
"size": 1803
},
"status": {
"permalink": "/upload/random/halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer"
},
"apiVersion": "storage.halo.run/v1alpha1",
"kind": "Attachment",
"metadata": {
"finalizers": [
"attachment-manager"
],
"name": "44b4c8de-0d3b-4bbb-acc2-4af50175a2b5",
"annotations": {
"storage.halo.run/local-relative-path": "upload/random/halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer",
"storage.halo.run/uri": "/upload/random/halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer"
},
"version": 2,
"creationTimestamp": "2025-03-18T15:53:11.817541483Z"
}
}
```
#### Does this PR introduce a user-facing change?
```release-note
支持上传附件至本地时总是随机命名文件名
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adjusts the order of checking instance of ExecutorService and AutoCloseable interfaces. Because the ExecutorService extends AutoCloseable in Java 21. As a result, unit tests against the method won't be passed in Java 21.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds timeout for blocking Extension client to prevent system from blocking without any error.
#### Which issue(s) this PR fixes:
Recently, we have received several issues about getting stuck in creating menu items. Please refer to the key threaddump detail:
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
撤回对插件类加载顺序的改动这可能导致破坏性更新
同时,不在考虑修改加载顺序问题,由于社区版和专业版引入的依赖不同插件无法以社区版为依赖基准保证功能在专业版也可用,举个例子:
1. 插件引入了 okhttp4 作为依赖,这可能是插件引入的依赖所附带的
2. 在社区版没有问题,插件开发者也是这么测试的
3. 但是在专业版中引入了 okhttp3 作为依赖,此时插件在专业版就不可用了因为插件依赖了 okhttp4 的功能
通过上述问题就导致了不可预知的问题
#### Does this PR introduce a user-facing change?
```release-note
撤回对插件类加载顺序的改动这可能导致破坏性更新
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
Add favicon to login page
#### Which issue(s) this PR fixes:
Fixes#7287
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
为登录相关的页面添加 Favicon
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
#### Which issue(s) this PR fixes:
Fixes#7204
#### Does this PR introduce a user-facing change?
```release-note
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR turns off the logging of TemplateEngine to prevent too many annoying and useless logs.
Please note that the TemplateExceptions won't be eat up because we have a global error handler to log them.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4468
#### Special notes for your reviewer:
Steps to verify:
- Start Halo instance
- Execute command `ab -c 100 -n 10000 -H 'Accept: text/html' -H 'Cache-Control: no-cache' http://localhost:8090/` and then press `Ctrl + C` to stop the ab process.
- See the logs of Halo instance.
#### Does this PR introduce a user-facing change?
```release-note
解决日志中出现大量 InterruptedException 异常的问题
```
#### What type of PR is this?
/area ui
/kind feature
/milestone 2.20.x
#### What this PR does / why we need it:
Add support for batch deletion and batch marking as read for notifications in the UC.
<img width="763" alt="image" src="https://github.com/user-attachments/assets/a470ae2d-c4d2-4e6c-8c05-76f9f29e378d" />
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7164
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
个人中心的消息管理支持批量删除和批量标记为已读
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR fixes the pending problem of requesting console and ui pages in dev mode.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7191
#### Special notes for your reviewer:
Steps to reproduce:
- Start ui projects with dev mode by executing command `make -C ui dev`.
- Run Halo instance in dev mode by executing command `./gradlew bootRun --args="--spring.profiles.active=dev"`.
- Try to request <http://localhost:8090/uc> and <http://localhost:8090/console>.
- Try to refresh page by hand and see the result
#### Does this PR introduce a user-facing change?
```release-note
修复开发模式下无法正常进入管理和个人中心页面的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
仅对包含文章权限的用户生成作者页面
#### Which issue(s) this PR fixes:
Fixes#7202
#### Does this PR introduce a user-facing change?
```release-note
仅对包含文章权限的用户生成作者页面
```
#### What type of PR is this?
/kind bug
/area editor
/milestone 2.20.x
#### What this PR does / why we need it:
解决默认编辑器中,粘贴后的图片,按下回车可能会导致重复触发上传的问题。
#### How to test it?
1. 在默认编辑器中粘贴一个图片。
2. 在图片前进行回车换行。
3. 查看图片是否被重复上传。
#### Which issue(s) this PR fixes:
Fixes#7206
#### Does this PR introduce a user-facing change?
```release-note
解决默认编辑器中附件会重复上传的问题
```
#### What type of PR is this?
/kind improvment
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
为自定义页面的图片增加缩略图支持
<img width="1594" alt="image" src="https://github.com/user-attachments/assets/f317d73b-e515-4c3c-83e7-06ef55873a37" />
#### Which issue(s) this PR fixes:
Fixes#7232
#### Does this PR introduce a user-facing change?
```release-note
为自定义页面的图片增加缩略图支持
```
John Niang