#### What type of PR is this?
/kind failing-test
/area core
/milestone 2.17.x
#### What this PR does / why we need it:
I wrongly invoked `Arraylist#add`(probes) method in multi threads. So the unit test was unstable and might encounter the problem as follows:
```java
Expected :1
Actual :0
<Click to see difference>
org.opentest4j.AssertionFailedError: expected: <1> but was: <0>
at org.junit.jupiter.api.AssertionFailureBuilder.build(AssertionFailureBuilder.java:151)
at org.junit.jupiter.api.AssertionFailureBuilder.buildAndThrow(AssertionFailureBuilder.java:132)
at org.junit.jupiter.api.AssertEquals.failNotEqual(AssertEquals.java:197)
at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:166)
at org.junit.jupiter.api.AssertEquals.assertEquals(AssertEquals.java:161)
at org.junit.jupiter.api.Assertions.assertEquals(Assertions.java:632)
at run.halo.app.core.extension.service.impl.PluginServiceImplTest$BundleCacheTest.concurrentComputeBundleFileIfAbsent(PluginServiceImplTest.java:460)
```
See https://github.com/halo-dev/halo/actions/runs/9382059472/job/25832681545 for more.
This PR moves the invocation outside thread tasks.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
补充缺失的系统设置默认值。
#### Does this PR introduce a user-facing change?
```release-note
修复系统设置未保存导致无法正常注册的问题
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.16.0
#### What this PR does / why we need it:
Before the PR, any user can generate bundle files by providing random query param `v` while requesting bundle files.
This PR refactors the whole bundle file generation method.
1. Do nothing if users provide arbitrary bundle file version
2. Better lock for writing bundle files if not exist
#### Special notes for your reviewer:
1. Request `http://localhost:8090/apis/api.console.halo.run/v1alpha1/plugins/-/bundle.js?v=xyz`
2. Check if the file `xyz.js` in folder `$TMPDIR/halo-plugin-bundle**`
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/kind milestone 2.16.x
#### What this PR does / why we need it:
使用索引机制来查询扩展点定义
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
This PR unifies cache control for static resources.
Example configuration of cache control:
```yaml
spring:
web:
resources:
cache:
cachecontrol:
no-cache: true
no-store: true
use-last-modified: false
```
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6003
#### Special notes for your reviewer:
1. Run with `default` and `dev` profiles respectively.
2. See the difference of the `Cache-Control` header in HTTP response
#### Does this PR introduce a user-facing change?
```release-note
优化 HTTP 缓存控制
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.0
#### What this PR does / why we need it:
PAT could not be created or restored while logging in with remember-me due to lack of RememberMeAuthenticationToken check.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6000
#### Special notes for your reviewer:
1. Log in with remember-me
2. Create a PAT or restore a PAT
3. See the result
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR adds support for serializing HaloUser and 2FA.
1. Refactor delegate of HaloUser using `org.springframework.security.core.userdetails.User`.
2. Add `HaloSecurityJackson2Module` to enable serialization/deserialization of Halo security module.
Below is code snippet of integration:
```java
this.objectMapper = Jackson2ObjectMapperBuilder.json()
.modules(SecurityJackson2Modules.getModules(this.getClass().getClassLoader()))
.modules(modules -> modules.add(new HaloSecurityJackson2Module()))
.indentOutput(true)
.build();
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
#### What this PR does / why we need it:
This PR wholly refactors plugin reconciliation to implement dependency mechanism.
Currently,
- If we disable plugin which has dependents, the plugin must wait for dependents to be disabled.
- If we enable plugin which has dependencies , the plugin must wait for dependencies to be enabled.
- If we upgrade plugin which has dependents, the plugin must request dependents to be unloaded. After the plugin is unloaded, the plugin must cancel unload request for dependents.
#### Which issue(s) this PR fixes:
Fixes#5872
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
优化被依赖的插件的升级,启用和禁用
```
#### What type of PR is this?
/kind improvement
/area core
/area plugin
/milestone 2.16.x
#### What this PR does / why we need it:
为插件提供文章内容获取的 bean 以简化文章内容获取
#### Which issue(s) this PR fixes:
Fixes #
#### Does this PR introduce a user-facing change?
```release-note
为插件提供文章内容获取的 Bean
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
为登录增加记住我机制以优化登录体验
how to test it?
1. 勾选记住密码选项后登录
2. 退出浏览器后打开 console 期望依然可以访问而不需要登录
3. 测试修改密码功能,期望修改密码后所有会话需要重新登录包括当前设备和其他设备
#### Which issue(s) this PR fixes:
Fixes#2362
#### Does this PR introduce a user-facing change?
```release-note
为登录增加记住我机制以优化登录体验
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
新增文章定时发布功能
#### Which issue(s) this PR fixes:
Fixes#4602
#### Does this PR introduce a user-facing change?
```release-note
新增文章定时发布功能
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR removes PatJwkSupplier interface, scheduled RSA key generation, and move some of them into CryptoService.
Currently, we only use `pat_id_rsa` as private key for authentication modules instead of `id_rsa`(deprecated).
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind cleanup
/milestone 2.16.x
#### What this PR does / why we need it:
规范 api client 的方法名,之前生成的 api client 的方法名没有完全遵循驼峰命名。
#### Which issue(s) this PR fixes:
Close https://github.com/halo-dev/halo/issues/5716
#### Special notes for your reviewer:
CI 通过即可。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR unifies api and portal security configurations into one for a better maintenance.
Meanwhile, removing `HaloAnonymousAuthenticationWebFilter` introduced by <https://github.com/halo-dev/halo/pull/3152> may fix <https://github.com/halo-dev/halo/issues/4047>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4047
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
修复登录成功后立即出现登录失效的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR ignores `includeSubdomains` for HSTS header. See https://github.com/halo-dev/halo/issues/4943 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4943
#### Does this PR introduce a user-facing change?
```release-note
修复开启 HSTS 可能会导致未开启 HSTS 的子域名站点无法访问的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
邮件通知功能现在只向经过验证的邮箱地址发送通知匿名用户除外
#### Which issue(s) this PR fixes:
Fixes#5722
#### Does this PR introduce a user-facing change?
```release-note
邮件通知功能现在只向经过验证的邮箱地址发送通知匿名用户除外
```
#### What type of PR is this?
/kind feature
/area core
/area ui
/milestone 2.16.x
#### What this PR does / why we need it:
优化认证方式的排序并支持拖动
#### Which issue(s) this PR fixes:
Fixes#5813
#### Does this PR introduce a user-facing change?
```release-note
优化认证方式的排序并支持拖动
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
管理员回复评论或回复后自动通过审核
#### Which issue(s) this PR fixes:
Fixes#5870
#### Does this PR introduce a user-facing change?
```release-note
管理员回复评论或回复后自动通过审核
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
当 session id 改变时清除原来的 session id 记录
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area theme
/milestone 2.16.x
#### What this PR does / why we need it:
为主题管理增加在线清理缓存功能
#### Which issue(s) this PR fixes:
Fixes#5440
#### Does this PR introduce a user-facing change?
```release-note
为主题管理增加在线清理缓存功能
```
#### What type of PR is this?
/kind feature
/area core
/area ui
#### What this PR does / why we need it:
为 `/apis/api.console.halo.run/v1alpha1/attachments` 接口增加了 `accepts` 可选参数,用于根据附件的 `MediaType` 进行筛选。
为附件库增加通过文件的 MediaType 类型进行筛选的筛选项。
同时支持使用了 `CoreSelectorProvider` 组件的文件选择框的筛选。现在只会显示 `accepts` 所支持的文件。
#### How to test it?
测试 ui 端文件选择框的类型筛选是否正确有效。
测试使用了 `CoreSelectorProvider` 组件的 `accepts` 是否有效。
#### Which issue(s) this PR fixes:
Fixes#5054
#### Does this PR introduce a user-facing change?
```release-note
附件库支持按文件类型进行过滤
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
修复 Secret 的 data 字段无法在 YAML 使用的问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
This PR fixes the problem where extensions were not changed but still updated. What we want is to not update the extension if it has not changed.
Before that, we update the version of extension manually while getting the latest extension, this will lead to change the type of metadata.version from int to long.See the code snippet below:
a629961e8d/application/src/main/java/run/halo/app/extension/JSONExtensionConverter.java (L83)
Now, we force update the versions using type Long.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/area plugin
/milestone 2.16.x
#### What this PR does / why we need it:
This PR refactors plugin running state change method to resolve the problem of not being able to initialize preset plugins due to too small gap between installation and enabling.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5867
#### Does this PR introduce a user-facing change?
```release-note
解决初始化时无法正常启用插件的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
修复对 Unstructured 的 metadata 进行更改不会被应用的问题
#### Does this PR introduce a user-facing change?
```release-note
修复插件定义的权限没有在插件详情页显示的问题
```
#### What type of PR is this?
/kind bug
/area plugin
/area core
#### What this PR does / why we need it:
This PR resolves the problem that some plugins could not be used after upgrading dependent plugin.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/5615
#### Special notes for your reviewer:
1. Install plugin [app-store](https://www.halo.run/store/apps/app-VYJbF)
2. Install plugin [backup](https://www.halo.run/store/apps/app-dHakX) and activate it
3. Disable plugin app-store
4. Check the features of plugin backup
5. Enable plugin app-store
6. Check the features of plugin backup
7. Upgrade plugin app-store with the any versions
8. Check the features of plugin backup
#### Does this PR introduce a user-facing change?
```release-note
修复因升级应用市场插件导致部分插件意外停止的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.16.x
#### What this PR does / why we need it:
修复初始化时未按预期删除自定义资源
#### Does this PR introduce a user-facing change?
```release-note
修复初始化时未按预期删除自定义资源
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.15.0
#### What this PR does / why we need it:
升级所有预设插件的版本。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复重试更新文章的错误写法
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复拥有文章管理权限的用户无法正常使用版本历史的问题
#### Which issue(s) this PR fixes:
Fixes#5815
#### Does this PR introduce a user-facing change?
```release-note
修复拥有文章管理权限的用户无法正常使用版本历史的问题
```
#### What type of PR is this?
/kind bug
/area ui
#### What this PR does / why we need it:
补充 #5593 中缺少的 `api.console.halo.run` 权限。用于解决具有文章列表权限的用户,访问标签列表时提示无权限的问题
#### How to test it?
创建一个具有文章列表查看权限的用户,是否能够访问到标签列表。
#### Which issue(s) this PR fixes:
Fixes#5814
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
通知订阅支持基于表达式订阅
see #5632 for more details
how to test it?
1. 测试系统通知功能的文章、页面有新评论通知和评论有新回复通知的功能是否正常
2. 测试 2.14 创建的文章、评论和回复升级到此版本后是否能继续收到相应通知,如文章有新评论
#### Which issue(s) this PR fixes:
Fixes#5632
#### Does this PR introduce a user-facing change?
```release-note
通知订阅支持基于表达式订阅避免订阅随数据量增长同时自动优化之前的订阅数据
```
#### What type of PR is this?
/kind feature
/milestone 2.15.x
/area core
#### What this PR does / why we need it:
增加了在用户尝试更新邮箱地址时进行密码验证的步骤。此举提高了安全性,确保邮箱修改操作由经过身份验证的用户执行。
#### Which issue(s) this PR fixes:
Fixes#5750
#### Does this PR introduce a user-facing change?
```release-note
更新邮箱地址时需进行密码验证
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
优化评论和回复删除,只有删除第一页后才会再次查询避免数据堆积
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
This PR allows plugin developers defining WebSocket endpoints in plugins.
#### Which issue(s) this PR fixes:
Fixes#5285
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中实现 WebSocket
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复由于没有更新 observed version 导致评论和回复的 reconciler 执行次数控制没有生效的问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
* feat: invalidate all sessions of a user after password changed
* fix: unit test case
* refactor: use spring session 3.3 to adapt
* refactor: compatible with session timeout configuration
* refactor: indexed session repository
* Reload page after changed the password
Signed-off-by: Ryan Wang <i@ryanc.cc>
* chore: update session repository
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: Ryan Wang <i@ryanc.cc>
* feat: add original password verification for password change
* chore: update properties file
* Refine ui
Signed-off-by: Ryan Wang <i@ryanc.cc>
* chore: update properties file
* fix: confirm assword
* fix: unit test case
* feat: add new api for change own password
* chore: regenerate api client
* chore: adapt to UI
* chore: enusre old password not blank
---------
Signed-off-by: Ryan Wang <i@ryanc.cc>
Co-authored-by: Ryan Wang <i@ryanc.cc>
#### What type of PR is this?
/kind bug
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
修复分页遍历数据的查询参数
此问题由 #5504 和 #5656 重构导致,如果数据超过分页限制会导致无法结束的致命问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
This PR adds support for generating API docs into project and generate API client according the API docs.
To generate/update latest API docs, execute the following command:
```bash
./gradlew clean generateOpenApiDocs
```
To generate/update latest API client, execute the following command:
```bash
make -C ui api-client-gen
```
Meanwhile, I also remove the lint on API client due to unnecessary.
Supersedes of https://github.com/halo-dev/halo/pull/5637
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area ui
/area core
/milestone 2.15.x
#### What this PR does / why we need it:
将 Console 与 UC 页面的标签页标题改为网站实际标题
#### How to test it?
查看 Console 页面与 UC 页面的标题页标题是否变为网站实际标题
#### Which issue(s) this PR fixes:
Fixes#5679
#### Does this PR introduce a user-facing change?
```release-note
将 Console 与 UC 的标签页标题改为网站实际标题
```
John Niang