#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
清理已经过时很久的 yaml extension 声明
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
修复当插件入口文件的缓存目录被系统清理后会导致一直无法加载的问题
原问题复现步骤:
1. 登录后刷新页面,此时缓存目录被创建
2. 删除缓存目录后就会提示文件不存在然后导致插件入口文件一致无法加载直到重启 Halo
#### Which issue(s) this PR fixes:
Fixes#6226
#### Does this PR introduce a user-facing change?
```release-note
修复当插件入口文件的缓存目录被系统清理后会导致一直无法加载的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.0
#### What this PR does / why we need it:
This PR provides a configuration property to control whether two-factor authentication is disabled. e.g.:
```yaml
halo:
security:
two-factor-auth:
disabled: true | false # Default is false.
```
#### Which issue(s) this PR fixes:
Fixes#5640
#### Special notes for your reviewer:
1. Enable 2FA and configure TOTP
2. Disable 2FA by configuring property above
3. Restart Halo and try to login
#### Does this PR introduce a user-facing change?
```release-note
支持通过配置的方式全局禁用二步验证
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
提供对模板中 halo footer 标签内容的扩展点以支持扩展页脚内容
#### Which issue(s) this PR fixes:
Fixes#6189
#### Does this PR introduce a user-facing change?
```release-note
提供对模板中 halo footer 标签内容的扩展点以支持扩展页脚内容
```
#### What type of PR is this?
/kind feature
/area core
/area theme
/milestone 2.17.x
#### What this PR does / why we need it:
支持在主题中检查已启动的插件是否符合指定的版本要求,以便可以在某些功能可以正常工作时才渲染
示例
```html
<p th:if="${pluginFinder.available('plugin-search-widget', '>=2.3.0')}>
<!-- do something -->
</p>
```
#### Does this PR introduce a user-facing change?
```release-note
支持在主题中检查已启动的插件是否符合指定的版本要求
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.0
#### What this PR does / why we need it:
This PR adds missed type to HaloDocument while converting.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6235
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/kind api-change
/area core
/area plugin
/milestone 2.17.0
#### What this PR does / why we need it:
This PR creates a SearchService and makes it invokable for plugins.
#### Special notes for your reviewer:
1. Create a plugin
2. Publish all publication into Maven local repository by executing `./gradlew publishAllPublicationsToMavenLocalRepository`
3. Use `2.17.0-SNAPSHOT` as dependency version and refresh dependencies
4. Try to use the SearchService to search something.
#### Does this PR introduce a user-facing change?
```release-note
为插件提供全文搜索服务
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
This PR add support for allowing plugin to listen the event that the plugin has started. Below is an example of listening the event in plugin:
```java
@EventListener
void onPluginStartedEvent(PluginStartedEvent event) {
// do something.
}
```
See https://github.com/halo-dev/halo/issues/5339#issuecomment-2199220068 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5339#issuecomment-2199220068
#### Special notes for your reviewer:
1. Create a plugin, add the listener above and write some logs
2. Build and install the plugin
3. Start plugin and see the logs you wrote
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中监听已启动事件
```
#### What type of PR is this?
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
由于2.17.0 修改了 listAll 的实现导致出现了不兼容 Sort 参数为 null 的情况,考虑到给开发者适应的时间因此先兼容并给出警告日志
see also #6219
#### Which issue(s) this PR fixes:
Fixes#6219
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
新增 LoginHandlerEnhancer 用于 Halo 扩展登录成功或失败后的处理逻辑如 RememberMe 和设备管理等
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.17.x
#### What this PR does / why we need it:
更新预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
This PR makes sure the method `cache#put` is called before the event is published to avoid the event listener to fetch the old value from the cache.
The problem was introduced by <https://github.com/halo-dev/halo/pull/6141>.
#### Which issue(s) this PR fixes:
Fixes#6213
#### Does this PR introduce a user-facing change?
```release-note
修复在插件配置变更监听器中始终获取到旧数据的问题
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
#### What this PR does / why we need it:
修复当启动插件遇到 Error 级别的错误时会导致 API 被挂起无法终止的问题
```
- Throwable
- Error
- Exception
```
see #6192 for more details
#### Which issue(s) this PR fixes:
Fixes#6192
#### Does this PR introduce a user-facing change?
```release-note
修复当启动插件遇到 Error 级别的错误时会导致 API 被挂起无法终止的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
修复文章关联或取消关联隐藏分类后显示不正确的问题
#### Which issue(s) this PR fixes:
Fixes#6194Fixes#6195
#### Does this PR introduce a user-facing change?
```release-note
修复文章关联或取消关联隐藏分类后显示不正确的问题
```
#### What type of PR is this?
/area core
/kind api-change
/milestone 2.17.x
#### What this PR does / why we need it:
移除内置的页面静态缓存功能,后续将由 https://github.com/halo-sigs/plugin-page-cache 插件提供。
#### Which issue(s) this PR fixes:
Fixes#5639
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
移除内置的页面静态缓存功能,后续由 https://github.com/halo-sigs/plugin-page-cache 插件提供。
```
#### What type of PR is this?
/kind bug
/area core
/area theme
/milestone 2.17.x
#### What this PR does / why we need it:
修复获取隐藏分类的面包屑路径不正确的问题
#### Which issue(s) this PR fixes:
Fixes#6197
#### Does this PR introduce a user-facing change?
```release-note
修复获取隐藏分类的面包屑路径不正确的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
In PR <https://github.com/halo-dev/halo/pull/6130>, I changed the api group of PAT and 2FA endpoints, but I forgot to change the corresponding role templates. So other users except admin will encounter 403 error like <https://github.com/halo-dev/halo/issues/6199>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6199
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.17.x
#### What this PR does / why we need it:
将扩展点定义和扩展点的描述文件改为简体中文。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
In <https://github.com/halo-dev/halo/pull/5386>, I marked ExtensionComponentsFinder as deprecated. Four months have passed, it's time to remove it.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind failing-test
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
This PR allows retrying to operate on posts when optimistic locking errors occur.
#### Which issue(s) this PR fixes:
Fixes#6186
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
优化触发 Extension Watch 方法(onAdd/onUpdate/onDelete)时的参数始终为真实类型避免使用时进行类型转换
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
为分类 Finder 提供获取指定节点的面包屑路径方法
#### Which issue(s) this PR fixes:
Fixes#3374
#### Does this PR introduce a user-facing change?
```release-note
为分类 Finder 提供获取指定节点的面包屑路径方法
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
Some users encountered 2FA required issue after upgrading Halo 2.16, because they enabled 2FA but didn't configure TOTP before. The issue was introduced by <https://github.com/halo-dev/halo/pull/6005>.
This PR checks if TOTP configured to determine whether 2FA is required.
#### Does this PR introduce a user-facing change?
```release-note
修复在没有配置 TOTP 验证器的情况下仍被要求二步验证的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
修复查询分类的排序条件拼写错误导致的错误
#### Which issue(s) this PR fixes:
Fixes#6171
#### Does this PR introduce a user-facing change?
```release-note
修复查询分类的排序条件拼写错误导致的错误
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
Use top-level interface `org.springframework.session.ReactiveFindByIndexNameSessionRepository` for being compatible with other session repositories.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6159
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area plugin
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
增强插件配置的缓存管理
1. 通过 SettingFetcher/ReactiveSettingFetcher 获取插件配置可以不在考虑获取数据的性能问题,当数据变更后会自动更新缓存
2. 现在你可以通过在插件中监听 `PluginConfigUpdatedEvent` 事件来做一些处理,它会在用户更改插件配置后被触发
#### Does this PR introduce a user-facing change?
```release-note
增强插件配置的缓存管理并支持通过监听 `PluginConfigUpdatedEvent` 事件做一些特殊处理
```
#### What type of PR is this?
/kind improvement
/kind api-change
/area core
#### What this PR does / why we need it:
This PR refactors ExtensionGetter implementation to add a support of enabling extension point(s). Here is an example of data field of `system` config map:
```json
{
"data": {
"extensionPointEnabled": "{ \"search-engine\": [\"search-engine-algolia\"]}"
},
```
> 1. The `search-engine` is a name of extension point definition.
> 2. The `search-engine-algolia` is a name of extension definition.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
此次变更为文章分类引入了一个新的 `preventParentPostCascadeQuery` 布尔属性,用于控制分类及其子分类下的文章显示方式。具体变更包括:
- 在分类结构中增加了 `preventParentPostCascadeQuery` 属性。
- 当分类的 `preventParentPostCascadeQuery` 属性设置为 `true` 时,该分类的文章数量不会汇总到父分类中。
- 更新了树结构遍历逻辑,以支持对 `preventParentPostCascadeQuery` 属性的处理。
- 确保独立分类中的文章显示受控,不向上级分类进行聚合。
- 增加了相应的测试用例,以验证在不同树结构中 `preventParentPostCascadeQuery` 属性的功能性。
#### Which issue(s) this PR fixes:
Fixes#5663Fixes#4923
Fixes https://github.com/halo-dev/halo/issues/3418
#### Does this PR introduce a user-facing change?
```release-note
新增独立分类选项用于控制关联的子分类下的文章显示以提供更灵活的内容管理方式
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
This PR adds patch method for all extensions API.
Patch example:
```bash
http -a admin:admin PATCH http://localhost:8090/apis/plugin.halo.run/v1alpha1/plugins/app-store-integration \
Content-Type:application/json-patch+json \
--raw='[{"op": "replace", "path": "/spec/enabled", "value": false}]'
```
#### Which issue(s) this PR fixes:
Fixes#2311
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
支持在分类上为关联的文章统一设置渲染模板
现在文章的模板生效顺序为:
1. 文章关联的分类上设置的文章模板,如果有多个则选择第一个
2. 文章上设置的自定义模板
3. 文章的默认模板
#### Which issue(s) this PR fixes:
Fixes#6101
#### Does this PR introduce a user-facing change?
```release-note
支持在分类上为关联的文章统一设置渲染模板
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
修复已验证邮箱可以重复的问题
如果出现多个重复的已验证邮箱,则只保留一个其他的设置为未验证
#### Does this PR introduce a user-facing change?
```release-note
修复已验证邮箱可以重复的问题
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
This PR enhance usage of SharedEvent annotation to add support for publishing events among plugins.
#### How to test?
1. Clone repository https://github.com/halo-dev/plugin-starter
2. Change build.gradle as following:
```gradle
dependencies {
implementation platform('run.halo.tools.platform:plugin:2.17.0-SNAPSHOT')
```
3. Change StarterPlugin as following:
```java
@Component
public class StarterPlugin extends BasePlugin {
private final ApplicationContext appContext;
public StarterPlugin(PluginContext pluginContext, ApplicationContext appContext) {
super(pluginContext);
this.appContext = appContext;
}
@Override
public void start() {
appContext.publishEvent(new PostDeletedEvent(this, "fake-plugin"));
}
@Override
public void stop() {
}
@EventListener(PostDeletedEvent.class)
public void onApplicationEvent(PostDeletedEvent event) {
System.out.println("Post deleted event received in plugin: " + event.getName());
}
}
```
4. Add a listener to Halo core
```java
@EventListener(PostDeletedEvent.class)
public void onApplicationEvent(PostDeletedEvent event) {
System.out.println("Post deleted event received in core: " + event.getName());
}
```
5. Build plugin and install plugin
6. Enable the plugin and see the result
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind regression
/area plugin
/milestone 2.17.x
#### What this PR does / why we need it:
This PR reverts changes of generating bundle resource version in <https://github.com/halo-dev/halo/pull/6028>.
Because the changes were adapted realtime change of bundle files for plugin developers in plugin development runtime mode, but I ignored it.
#### Special notes for your reviewer:
1. Try to start Halo in plugin development mode
2. Change and rebuild ui resources
3. Refresh console and check the result
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
When initialized for the first time, the folder `${halo.work-dir}/themes` does not exist, resulting in the `themes` path being ignored when invoking `themeRootResource.createRelative(themeName + "/templates/assets/");`. It works very well after restarting.
This PR fixes the problem by resolving theme resource directly rather than delegating to PathResourceResolver.
#### Which issue(s) this PR fixes:
Fixes#6048
#### Does this PR introduce a user-facing change?
```release-note
修复首次初始化后无法正常访问主题资源的问题
```
#### What type of PR is this?
/kind failing-test
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
I wrongly invoked `Arraylist#add`(probes) method in multi threads. So the unit test was unstable and might encounter the problem as follows:
```java
Expected :1
Actual :0
<Click to see difference>
org.opentest4j.AssertionFailedError: expected: <1> but was: <0>
at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:166)
at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:161)
at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:632)
at run.halo.app.core.extension.service.impl.PluginServiceImplTest$BundleCacheTest.concurrentComputeBundleFileIfAbsent(PluginServiceImplTest.java:460)
```
See https://github.com/halo-dev/halo/actions/runs/9382059472/job/25832681545 for more.
This PR moves the invocation outside thread tasks.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
补充缺失的系统设置默认值。
#### Does this PR introduce a user-facing change?
```release-note
修复系统设置未保存导致无法正常注册的问题
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.16.0
#### What this PR does / why we need it:
Before the PR, any user can generate bundle files by providing random query param `v` while requesting bundle files.
This PR refactors the whole bundle file generation method.
1. Do nothing if users provide arbitrary bundle file version
2. Better lock for writing bundle files if not exist
#### Special notes for your reviewer:
1. Request `http://localhost:8090/apis/api.console.halo.run/v1alpha1/plugins/-/bundle.js?v=xyz`
2. Check if the file `xyz.js` in folder `$TMPDIR/halo-plugin-bundle**`
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/kind milestone 2.16.x
#### What this PR does / why we need it:
使用索引机制来查询扩展点定义
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR unifies cache control for static resources.
Example configuration of cache control:
```yaml
spring:
web:
resources:
cache:
cachecontrol:
no-cache: true
no-store: true
use-last-modified: false
```
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6003
#### Special notes for your reviewer:
1. Run with `default` and `dev` profiles respectively.
2. See the difference of the `Cache-Control` header in HTTP response
#### Does this PR introduce a user-facing change?
```release-note
优化 HTTP 缓存控制
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.0
#### What this PR does / why we need it:
PAT could not be created or restored while logging in with remember-me due to lack of RememberMeAuthenticationToken check.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6000
#### Special notes for your reviewer:
1. Log in with remember-me
2. Create a PAT or restore a PAT
3. See the result
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR adds support for serializing HaloUser and 2FA.
1. Refactor delegate of HaloUser using `org.springframework.security.core.userdetails.User`.
2. Add `HaloSecurityJackson2Module` to enable serialization/deserialization of Halo security module.
Below is code snippet of integration:
```java
this.objectMapper = Jackson2ObjectMapperBuilder.json()
.modules(SecurityJackson2Modules.getModules(this.getClass().getClassLoader()))
.modules(modules -> modules.add(new HaloSecurityJackson2Module()))
.indentOutput(true)
.build();
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
#### What this PR does / why we need it:
This PR wholly refactors plugin reconciliation to implement dependency mechanism.
Currently,
- If we disable plugin which has dependents, the plugin must wait for dependents to be disabled.
- If we enable plugin which has dependencies , the plugin must wait for dependencies to be enabled.
- If we upgrade plugin which has dependents, the plugin must request dependents to be unloaded. After the plugin is unloaded, the plugin must cancel unload request for dependents.
#### Which issue(s) this PR fixes:
Fixes#5872
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
优化被依赖的插件的升级,启用和禁用
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.16.x
#### What this PR does / why we need it:
为插件提供文章内容获取的 bean 以简化文章内容获取
#### Which issue(s) this PR fixes:
Fixes #
#### Does this PR introduce a user-facing change?
```release-note
为插件提供文章内容获取的 Bean
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
为登录增加记住我机制以优化登录体验
how to test it?
1. 勾选记住密码选项后登录
2. 退出浏览器后打开 console 期望依然可以访问而不需要登录
3. 测试修改密码功能,期望修改密码后所有会话需要重新登录包括当前设备和其他设备
#### Which issue(s) this PR fixes:
Fixes#2362
#### Does this PR introduce a user-facing change?
```release-note
为登录增加记住我机制以优化登录体验
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
新增文章定时发布功能
#### Which issue(s) this PR fixes:
Fixes#4602
#### Does this PR introduce a user-facing change?
```release-note
新增文章定时发布功能
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR removes PatJwkSupplier interface, scheduled RSA key generation, and move some of them into CryptoService.
Currently, we only use `pat_id_rsa` as private key for authentication modules instead of `id_rsa`(deprecated).
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind cleanup
/milestone 2.16.x
#### What this PR does / why we need it:
规范 api client 的方法名,之前生成的 api client 的方法名没有完全遵循驼峰命名。
#### Which issue(s) this PR fixes:
Close https://github.com/halo-dev/halo/issues/5716
#### Special notes for your reviewer:
CI 通过即可。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR unifies api and portal security configurations into one for a better maintenance.
Meanwhile, removing `HaloAnonymousAuthenticationWebFilter` introduced by <https://github.com/halo-dev/halo/pull/3152> may fix <https://github.com/halo-dev/halo/issues/4047>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4047
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
修复登录成功后立即出现登录失效的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR ignores `includeSubdomains` for HSTS header. See https://github.com/halo-dev/halo/issues/4943 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4943
#### Does this PR introduce a user-facing change?
```release-note
修复开启 HSTS 可能会导致未开启 HSTS 的子域名站点无法访问的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
邮件通知功能现在只向经过验证的邮箱地址发送通知匿名用户除外
#### Which issue(s) this PR fixes:
Fixes#5722
#### Does this PR introduce a user-facing change?
```release-note
邮件通知功能现在只向经过验证的邮箱地址发送通知匿名用户除外
```
#### What type of PR is this?
/kind feature
/area core
/area ui
/milestone 2.16.x
#### What this PR does / why we need it:
优化认证方式的排序并支持拖动
#### Which issue(s) this PR fixes:
Fixes#5813
#### Does this PR introduce a user-facing change?
```release-note
优化认证方式的排序并支持拖动
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
管理员回复评论或回复后自动通过审核
#### Which issue(s) this PR fixes:
Fixes#5870
#### Does this PR introduce a user-facing change?
```release-note
管理员回复评论或回复后自动通过审核
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
当 session id 改变时清除原来的 session id 记录
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area theme
/milestone 2.16.x
#### What this PR does / why we need it:
为主题管理增加在线清理缓存功能
#### Which issue(s) this PR fixes:
Fixes#5440
#### Does this PR introduce a user-facing change?
```release-note
为主题管理增加在线清理缓存功能
```
#### What type of PR is this?
/kind feature
/area core
/area ui
#### What this PR does / why we need it:
为 `/apis/api.console.halo.run/v1alpha1/attachments` 接口增加了 `accepts` 可选参数,用于根据附件的 `MediaType` 进行筛选。
为附件库增加通过文件的 MediaType 类型进行筛选的筛选项。
同时支持使用了 `CoreSelectorProvider` 组件的文件选择框的筛选。现在只会显示 `accepts` 所支持的文件。
#### How to test it?
测试 ui 端文件选择框的类型筛选是否正确有效。
测试使用了 `CoreSelectorProvider` 组件的 `accepts` 是否有效。
#### Which issue(s) this PR fixes:
Fixes#5054
#### Does this PR introduce a user-facing change?
```release-note
附件库支持按文件类型进行过滤
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
修复 Secret 的 data 字段无法在 YAML 使用的问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR fixes the problem where extensions were not changed but still updated. What we want is to not update the extension if it has not changed.
Before that, we update the version of extension manually while getting the latest extension, this will lead to change the type of metadata.version from int to long.See the code snippet below:
a629961e8d/application/src/main/java/run/halo/app/extension/JSONExtensionConverter.java (L83)
Now, we force update the versions using type Long.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.16.x
#### What this PR does / why we need it:
This PR refactors plugin running state change method to resolve the problem of not being able to initialize preset plugins due to too small gap between installation and enabling.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5867
#### Does this PR introduce a user-facing change?
```release-note
解决初始化时无法正常启用插件的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
修复对 Unstructured 的 metadata 进行更改不会被应用的问题
#### Does this PR introduce a user-facing change?
```release-note
修复插件定义的权限没有在插件详情页显示的问题
```
#### What type of PR is this?
/kind bug
/area plugin
/area core
#### What this PR does / why we need it:
This PR resolves the problem that some plugins could not be used after upgrading dependent plugin.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5615
#### Special notes for your reviewer:
1. Install plugin [app-store](https://www.halo.run/store/apps/app-VYJbF)
2. Install plugin [backup](https://www.halo.run/store/apps/app-dHakX) and activate it
3. Disable plugin app-store
4. Check the features of plugin backup
5. Enable plugin app-store
6. Check the features of plugin backup
7. Upgrade plugin app-store with the any versions
8. Check the features of plugin backup
#### Does this PR introduce a user-facing change?
```release-note
修复因升级应用市场插件导致部分插件意外停止的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
修复初始化时未按预期删除自定义资源
#### Does this PR introduce a user-facing change?
```release-note
修复初始化时未按预期删除自定义资源
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.15.0
#### What this PR does / why we need it:
升级所有预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复重试更新文章的错误写法
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复拥有文章管理权限的用户无法正常使用版本历史的问题
#### Which issue(s) this PR fixes:
Fixes#5815
#### Does this PR introduce a user-facing change?
```release-note
修复拥有文章管理权限的用户无法正常使用版本历史的问题
```
#### What type of PR is this?
/kind bug
/area ui
#### What this PR does / why we need it:
补充 #5593 中缺少的 `api.console.halo.run` 权限。用于解决具有文章列表权限的用户,访问标签列表时提示无权限的问题
#### How to test it?
创建一个具有文章列表查看权限的用户,是否能够访问到标签列表。
#### Which issue(s) this PR fixes:
Fixes#5814
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
通知订阅支持基于表达式订阅
see #5632 for more details
how to test it?
1. 测试系统通知功能的文章、页面有新评论通知和评论有新回复通知的功能是否正常
2. 测试 2.14 创建的文章、评论和回复升级到此版本后是否能继续收到相应通知,如文章有新评论
#### Which issue(s) this PR fixes:
Fixes#5632
#### Does this PR introduce a user-facing change?
```release-note
通知订阅支持基于表达式订阅避免订阅随数据量增长同时自动优化之前的订阅数据
```
#### What type of PR is this?
/kind feature
/milestone 2.15.x
/area core
#### What this PR does / why we need it:
增加了在用户尝试更新邮箱地址时进行密码验证的步骤。此举提高了安全性,确保邮箱修改操作由经过身份验证的用户执行。
#### Which issue(s) this PR fixes:
Fixes#5750
#### Does this PR introduce a user-facing change?
```release-note
更新邮箱地址时需进行密码验证
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化评论和回复删除,只有删除第一页后才会再次查询避免数据堆积
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
This PR allows plugin developers defining WebSocket endpoints in plugins.
#### Which issue(s) this PR fixes:
Fixes#5285
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中实现 WebSocket
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复由于没有更新 observed version 导致评论和回复的 reconciler 执行次数控制没有生效的问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
* feat: invalidate all sessions of a user after password changed
* fix: unit test case
* refactor: use spring session 3.3 to adapt
* refactor: compatible with session timeout configuration
* refactor: indexed session repository
* Reload page after changed the password
Signed-off-by: Ryan Wang <i@ryanc.cc>
* chore: update session repository
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: Ryan Wang <i@ryanc.cc>
* feat: add original password verification for password change
* chore: update properties file
* Refine ui
Signed-off-by: Ryan Wang <i@ryanc.cc>
* chore: update properties file
* fix: confirm assword
* fix: unit test case
* feat: add new api for change own password
* chore: regenerate api client
* chore: adapt to UI
* chore: enusre old password not blank
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: Ryan Wang <i@ryanc.cc>
#### What type of PR is this?
/kind bug
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复分页遍历数据的查询参数
此问题由 #5504 和 #5656 重构导致,如果数据超过分页限制会导致无法结束的致命问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
This PR adds support for generating API docs into project and generate API client according the API docs.
To generate/update latest API docs, execute the following command:
```bash
./gradlew clean generateOpenApiDocs
```
To generate/update latest API client, execute the following command:
```bash
make -C ui api-client-gen
```
Meanwhile, I also remove the lint on API client due to unnecessary.
Supersedes of https://github.com/halo-dev/halo/pull/5637
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area ui
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
将 Console 与 UC 页面的标签页标题改为网站实际标题
#### How to test it?
查看 Console 页面与 UC 页面的标题页标题是否变为网站实际标题
#### Which issue(s) this PR fixes:
Fixes#5679
#### Does this PR introduce a user-facing change?
```release-note
将 Console 与 UC 的标签页标题改为网站实际标题
```
#### What type of PR is this?
/kind feature
#### What this PR does / why we need it:
文章支持根据访问量和评论量排序
#### Which issue(s) this PR fixes:
Fixes#3216
#### Does this PR introduce a user-facing change?
```release-note
文章支持根据访问量和评论量排序
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化文章上一篇下一篇的查询方式避免瞬时内存占用过高
#### Does this PR introduce a user-facing change?
```release-note
优化文章上一篇下一篇的查询方式避免瞬时内存占用过高
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化通知订阅数据查询
#### Does this PR introduce a user-facing change?
```release-note
优化通知订阅数据查询以解决由于数据过多导致查询慢进而阻塞调用方的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化分类关联文章数量的查询避免因查询数据量过大而导致的阻塞或内存溢出
#### Does this PR introduce a user-facing change?
```release-note
优化分类关联文章数量的查询避免因查询数据量过大而导致的阻塞或内存溢出
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.14.0
#### What this PR does / why we need it:
在 Halo 完成动态数据的 i18n 之前,使用中文描述存储策略名称。
Ref https://github.com/halo-dev/plugin-s3/pull/128
#### Does this PR introduce a user-facing change?
```release-note
将默认存储策略模板的显示名称改为中文
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
减少文章更新因版本号冲突而失败的次数
#### Which issue(s) this PR fixes:
Fixes#5579
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
修复在个人中心下,用户无法修改发布时间的问题。
#### How to test it?
需要测试两种情况:
1. 用户首次发布文章时,修改发布时间是否有效。
2. 用户后续编辑文章发布时间时是否生效。
#### Which issue(s) this PR fixes:
Fixes#5473
#### Does this PR introduce a user-facing change?
```release-note
修复个人中心中用户无法修改文章发布时间的问题
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind bug
/kind api-change
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
As described in #5350, when using Amazon SES, for example, as email provider, SMTP username for authentication may not exactly match sender email address. When this happens, websites using Halo will not be able to send emails due to invalid addresses that Halo put in SMTP requests. This PR adds a configuration field for those who got a non-email-address username to specify one separately.
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes#5350
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
Yes
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
action required
添加了“发送邮件地址”配置项。如果你的 username 是邮件地址,那么忽略这一栏即可;如果不是,那么请在这里填上你希望使用的发件人地址
```
#### What type of PR is this?
/area comment
/area core
/kind improvement
#### What this PR does / why we need it:
> 开启了新评论审核设置,如果是在文章页面登录超级管理员账号进行评论,仍然需要在后台进行审核
#### Which issue(s) this PR fixes:
Fixes#5468
#### Does this PR introduce a user-facing change?
```release-note
新增评论设置,允许有评论管理权限的用户发布的评论无需审核
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
修复主题测评论列表顺序不一致的问题
此问题由 #5505 导致,开启了同时返回回复后,评论列表的顺序出现问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.14.0
#### What this PR does / why we need it:
improve the help tips for system setting options
<img width="612" alt="image" src="https://github.com/halo-dev/halo/assets/21301288/9f97a4d7-09f7-4671-8a4e-f4ab7dc8dcbd">
#### Which issue(s) this PR fixes:
Fixes#5513
#### Does this PR introduce a user-facing change?
```release-note
完善系统设置选项的帮助提示。
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.14.x
/kind api-change
#### What this PR does / why we need it:
主题端评论列表支持同时获得评论数据
Resolves#5435
#### Does this PR introduce a user-facing change?
```release-note
主题端评论列表支持同时获得评论数据
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
优化评论控制器的实现逻辑以优化代码和性能
Resolves#5435
how to test it?
- 测试删除评论时能正确连同回复一起删除
- 测试评论下的最新回复的已读功能是否正确
- 删除/审核评论,观察主题端和Console端分别显示的评论数量是否正确
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
优化并重新整理文章和自定义页面 Service 的部分代码
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
修复分配通知器权限时一片空白的问题
- 隐藏了原先权限中展示的通知器配置权限选项
- 系统设置的权限中依赖了通知器配置权限,但需要有系统设置管理权限才会展示通知配置的 Tab
Fixes#5492
#### Does this PR introduce a user-facing change?
```release-note
修复仅拥有通知器配置权限时无法修改配置的问题
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
This PR collects all Gradle plugin versions into root build.gradle for easy management.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
使用索引机制优化回复功能的查询以提高查询速度
#### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化回复功能的查询以提高查询速度
```
#### What type of PR is this?
/kind chore
/area core
#### What this PR does / why we need it:
I get the following errors when I develop Halo in JDK 21:
```bash
FAILURE: Build failed with an exception.
* What went wrong:
Could not determine the dependencies of task ':application:bootRun'.
> Could not resolve all dependencies for configuration ':application:runtimeClasspath'.
> Failed to calculate the value of task ':application:compileJava' property 'javaCompiler'.
> No matching toolchains found for requested specification: {languageVersion=17, vendor=any, implementation=vendor-specific} for MAC_OS on aarch64.
> No locally installed toolchains match and toolchain download repositories have not been configured.
```
This PR removes the Java toolchain configuration and adds source and target compatibility to Java 17, allowing developers to develop Halo in Java 17 or higher versions.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
优化标签关联的文章数量的更新方式以降低标签太多时对 CPU 的消耗
how to test it?
测试文章关联标签、取消关联、更新关联、删除文章到回收站、彻底删除文章时标签对应的文章可见文章数量和所有文章数量是否正确
#### Does this PR introduce a user-facing change?
```release-note
优化标签关联的文章数量的更新方式以降低标签太多时对 CPU 的消耗
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.14.x
#### What this PR does / why we need it:
使用索引机制优化评论数据查询以提高效率
how to test it?
- 测试 console 评论列表和筛选条件是否正确
- 测试主题端评论显示是否正确
#### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化评论数据查询以提高效率
```
<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
/kind bug
/area core
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
#### What this PR does / why we need it:
更新邮件模板中查看通知的链接
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes https://github.com/halo-dev/halo/issues/5458
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
None
```
#### What type of PR is this?
/area core
/milestone 2.13.0
/kind improvement
#### What this PR does / why we need it:
更新预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
### What this PR does / why we need it:
使用索引机制优化通知和订阅查询以提高性能
how to test it
测试通知列表不报错即可
### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化通知和订阅查询以提高性能
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
This PR checks dependencies while installing and upgrading plugins.
Steps to test:
1. Prepare a plugin with dependencies.
```diff
apiVersion: plugin.halo.run/v1alpha1
kind: Plugin
metadata:
name: a-plugin
...
+ pluginDependencies:
+ app-store-integration: 1.*
```
2. Build the plugin.
3. Try to uninstall `app-store` plugin.
4. Install `a-plugin`.
5. See the result
#### Which issue(s) this PR fixes:
Fixes#5345
#### Does this PR introduce a user-facing change?
```release-note
插件安装和更新时检查依赖是否合法
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.13.0
#### What this PR does / why we need it:
为用户设置中 **注册需验证邮箱** 选项添加提示。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
构建查询视图时只选择被使用到的索引字段
how to test it?
验证文章和附件列表的查询条件和排序条件不会报错即可
#### Does this PR introduce a user-facing change?
```release-note
优化查询视图构建只选择被使用到的索引字段构建查询视图
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
使用索引机制优化用户查询以提高性能
#### Does this PR introduce a user-facing change?
```release-note
使用索引机制优化用户查询以提高性能
```
#### What type of PR is this?
/kind bug
/area plugin
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
Fix the problem of updating plugin extensions incorrectly.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5394
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
Upgrade Spring Boot to [3.2.3](https://github.com/spring-projects/spring-boot/releases/tag/v3.2.3).
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Spring Boot 至 3.2.3
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
This PR ignored `email verified` status while 2FA was enabled.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5398
#### Does this PR introduce a user-facing change?
```release-note
修复开启两步验证但未配置 TOTP 可能无法登录的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
为插件静态代理资源增加缓存控制以减少不必要的请求
#### Which issue(s) this PR fixes:
Fixes#5357
#### Does this PR introduce a user-facing change?
```release-note
为插件静态代理资源增加缓存控制以减少不必要的请求
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
/milestone 2.13.x
#### What this PR does / why we need it:
See https://github.com/halo-dev/halo/issues/5379 for more.
This PR provides three extension points:
- FormLoginSecurityWebFilter
- AuthenticationSecurityWebFilter
- AnonymousAuthenticationSecurityWebFilter
which could be extended by plugins easily.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5379
#### Special notes for your reviewer:
TBD.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/kind improvement
/area core
/area console
/kind api-change
#### What this PR does / why we need it:
增加对用户注册时必须验证邮箱的支持
#### Which issue(s) this PR fixes:
Fixes#5016
#### Special notes for your reviewer:
`regRequireVerifyEmail` 为 `false` 时与现在的注册行为一致
为 `true` 时注册页显示验证码校验相关,注册成功后 `UserSpec.emailVerified` 即为 `true`
没有判断邮件通知是否开启,与现有的邮箱验证一致,如未开启则收不到邮件
#### Does this PR introduce a user-facing change?
```release-note
增加对用户注册时必须验证邮箱的支持
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.13.x
#### What this PR does / why we need it:
补全插件已存在错误提示的翻译。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
使用索引功能优化附件列表查询
#### Does this PR introduce a user-facing change?
```release-note
使用索引功能优化附件列表查询
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
In fact, PAT is a JWT, which is very long. However, we put the claim `roles` into PAT, which will cause the length of PAT to increase as the `roles` information increases.
So, the current PR removes the claim `roles` from PAT, which ensures that the length of PAT becomes stable and we can update roles information for PAT at runtime.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5366
#### Does this PR introduce a user-facing change?
```release-note
避免个人令牌长度随着角色信息增长
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
UsernamePasswordAuthenticator is a normal webfilter instead of authentication webfilter in security filter chain. There does not guarentee expected results due to different in execution order. So this PR changes UsernamePasswordAuthenticator to AuthenticationWebFilter for managing the filter by security filter chain.
By the way, these changes will not affect any plugins.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
This PR creates AdditionalWebFilterChainProxy to call all additional filters instead of using SecurityWebFilterChain.
Please note that:
- the AdditionalWebFilterChainProxy should be executed before `org.springframework.security.web.server.WebFilterChainProxy`.
- I don't change `UsernamePasswordAuthenticator` because of <https://github.com/halo-dev/halo/pull/5348>. The authenticator should be in Security scope instead of a standalone webfilter.
See https://github.com/halo-dev/halo/issues/5300#issuecomment-1933436652 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5300
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
移除启动时不必要的搜索引擎索引构建步骤
#### Does this PR introduce a user-facing change?
```release-note
移除启动时不必要的搜索引擎索引构建步骤
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.13.x
#### What this PR does / why we need it:
修复启动时 GcSynchronizer 没有精准过滤出所需数据导致内存占用会出现较高峰值的问题
#### Which issue(s) this PR fixes:
Fixes#5324
#### Does this PR introduce a user-facing change?
```release-note
修复启动时 GcSynchronizer 没有精准过滤出所需数据导致内存占用会出现较高峰值的问题
```
#### What type of PR is this?
/kind bugfix
/milestone 2.12.x
/area core
#### What this PR does / why we need it:
修复事务未提交便触发控制器执行可能导致数据状态不正确的问题
**how to test it?**
1. 测试如 #5315 的问题是否还存在
2. 测试添加重名自定义模型对象会抛出异常且数据被回滚
#### Which issue(s) this PR fixes:
Fixes#5315
#### Does this PR introduce a user-facing change?
```release-note
修复事务未提交便触发控制器执行可能导致数据状态不正确的问题
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.12.x
#### What this PR does / why we need it:
为通知类型设置添加 UI 权限判断。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4728
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
为通知类型设置添加 UI 权限判断。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
优化启动时用户头像获取不到的错误提示
原因是在启动时用户被执行 reconcile 时使用的 plugin-s3 插件还没有启动所以无法获取到 permalink 需要重试
how to test it?
使用 plugin-s3 插件作为用户头像的存储策略然后上传头像测试此 PR 在启动时的异常提示是否输出为:
```
2024-01-29T11:53:13.674+08:00 WARN 31937 --- [rReconciler-t-1] r.h.a.c.e.reconciler.UserReconciler : Failed to get avatar permalink for user [guqing] with attachment [460be0c4-b09f-4b25-ad93-e45f30331ec7], re-enqueuing...
```
#### Which issue(s) this PR fixes:
Fixes#5268
#### Does this PR introduce a user-facing change?
```release-note
优化启动时用户头像获取不到的错误提示
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.12.0
#### What this PR does / why we need it:
This PR adjusts the order of starting reconcilers in plugin, or it will be stuck in starting synchronizer and no reconcilers will be executed.
The problem may be introduced by <https://github.com/halo-dev/halo/pull/5251>.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.12.x
#### What this PR does / why we need it:
This PR mainly simplifies halo plugin manager. Before this,
- we have too many repeat code from super class, which is uncessary
- we maintain plugin application context in ExtensionComponentsFinder, which is uncessary and is hard to manage
- we fire halo plugin event in halo plugin manager, which is complicated and leads to too many repeat code
This PR does:
- refactor halo plugin manager
- wrap base plugin with spring plugin which contains application context
- remove ExtensionComponentsFinder
- bridge halo plugin event and spring plugin event
- wait extensions fully deleted when stopping
Meanwhile, this PR will supersede PR <https://github.com/halo-dev/halo/pull/5236>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5226
#### Special notes for your reviewer:
Test installing, enabing, disabling, upgrading, reloading and deleting plugins.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.12.x
/area core
#### What this PR does / why we need it:
我们为文章自定义模型的数据调协过程引入了重要的优化。
在以前,当数据量大(例如,50,000篇文章)的情况下,每次系统重启都会触发耗时且资源密集的所有数据的协调过程,即使大部分数据并不需要调协。这导致了不必要的数据库查询和高资源消耗。
为了解决这个问题,我们在文章自定义模型的 status 中添加了一个新的 `Long observedVersion` 属性。
每次协调后,此属性将更新为 `metadata.version`,还调整了 `syncAllOnStart` 条件,只有当 `status.observedVersion < metadata.version` 时才会调协数据。
这个改变确保了只有在启动时需要的数据会被协调,从而减少了资源使用和不必要的协调过程。
因此,Halo 的数据承载能力得到了显著提高。
**how to test it?**
使用此 PR 测试:启动时文章只有首次会执行 reconcile,再次重启时则不会再执行,如果直接修改数据去除掉 `status.observedVersion` 来模拟迁移或漏 reconcile 的过程则启动时该数据会被再次执行 reconcile
#### Which issue(s) this PR fixes:
Fixes#5147
#### Does this PR introduce a user-facing change?
```release-note
优化文章数据的调协过程以降低 Halo 启动时文章的调协耗时同时提高性能和资源利用率
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.12.x
#### What this PR does / why we need it:
使用索引功能来查询文章列表
how to test it?
1. 测试文章列表的筛选条件是否正确
2. 测试文章列表中关联的标签和分类信息是否正确
3. 测试仪表盘的文章数量统计是否正确
4. 测试分类关联文章的数量是否正确
5. 测试标签关联文章的文章是否正确
6. 测试主题端文章列表是否正确
#### Which issue(s) this PR fixes:
Fixes#5223
#### Does this PR introduce a user-facing change?
```release-note
使用高级索引功能检索文章以显著降低资源消耗并提供更快、更高效的文章检索体验
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.12.x
#### What this PR does / why we need it:
修复同一个自定义模型构建出的 Scheme 不相等导致无法正确从 SchemeManager 中移除的问题
#### Which issue(s) this PR fixes:
Fixes#5243
#### Does this PR introduce a user-facing change?
```release-note
修复同一个自定义模型构建出的 Scheme 不相等导致无法正确从 SchemeManager 中移除的问题
```
guqing