<!-- Thanks for sending a pull request! Here are some tips for you:
1. 如果这是你的第一次,请阅读我们的贡献指南:<https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/master/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
-->
#### What type of PR is this?
<!--
添加其中一个类别:
Add one of the following kinds:
/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement
适当添加其中一个或多个类别(可选):
Optionally add one or more of the following kinds if applicable:
/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->
/kind bug
/area core
#### What this PR does / why we need it:
Fix the problem that the meta description with special characters causes the page to display abnormally.
Use htmlEscape in org.springframework.web.util.HtmlUtils to escape the special characters contained in the original description.
see #4000
#### Which issue(s) this PR fixes:
<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.
用法:`Fixes #<issue 号>`,或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes#4000
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
NONE
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
On first start, we will receive an exception about post indices, please see the logs below:
```java
2023-06-01T10:49:57.191+08:00 INFO 7 --- [ task-1] run.halo.app.search.IndicesInitializer : Initialize post indices...
2023-06-01T10:49:57.352+08:00 ERROR 7 --- [-controller-t-1] reactor.core.publisher.Operators : Operator called default onErrorDropped
reactor.core.Exceptions$ErrorCallbackNotImplemented: org.apache.lucene.index.IndexNotFoundException: no segments* file found in LockValidatingDirectoryWrapper(MMapDirectory@/root/.halo2/indices/posts lockFactory=org.apache.lucene.store.NativeFSLockFactory@3de15f4f): files: [write.lock]
Caused by: org.apache.lucene.index.IndexNotFoundException: no segments* file found in LockValidatingDirectoryWrapper(MMapDirectory@/root/.halo2/indices/posts lockFactory=org.apache.lucene.store.NativeFSLockFactory@3de15f4f): files: [write.lock]
at org.apache.lucene.index.IndexWriter.<init>(IndexWriter.java:1075) ~[lucene-core-9.5.0.jar:9.5.0 13803aa6ea7fee91f798cfeded4296182ac43a21 - 2023-01-25 16:44:59]
at run.halo.app.search.post.LucenePostSearchService.removeAllDocuments(LucenePostSearchService.java:133) ~[classes/:2.6.0-SNAPSHOT]
at run.halo.app.search.IndicesServiceImpl.lambda$rebuildPostIndices$0(IndicesServiceImpl.java:31) ~[classes/:2.6.0-SNAPSHOT]
at reactor.core.publisher.MonoRunnable.call(MonoRunnable.java:73) ~[reactor-core-3.5.6.jar:3.5.6]
at reactor.core.publisher.MonoRunnable.call(MonoRunnable.java:32) ~[reactor-core-3.5.6.jar:3.5.6]
```
The problem is caused by <https://github.com/halo-dev/halo/pull/3877>.
This PR sets open mode of indices to `CREATE_OR_APPEND`, which should resolve the problem.
#### Special notes for your reviewer:
1. Try to delete indices folder, such as `~/halo2-dev/indices`
2. Start Halo and check the log
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
更新默认主题至 1.4.0
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
This PR adapts HTML5 history mode of console in non-proxy mode. In PR <https://github.com/halo-dev/halo/pull/4005>, history mode of console has changed from hash mode into HTML5 mode, so that we cannot access console project when refreshing pages.
#### Special notes for your reviewer:
1. Build console project by executing command `make -C console build`
1. Change value of property `halo.console.proxy.enabled` into `false`.
2. Start Halo and check console pages.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
This PR refactors request predicate of path when building router functions for single page. I only compare the exact slug name instead of treating it as a URI template.
See <https://github.com/halo-dev/halo/issues/3931> for more.
#### Which issue(s) this PR fixes:
Fixes <https://github.com/halo-dev/halo/issues/3931>
#### Special notes for your reviewer:
1. Try to create a single page with slug name like `{}[]{[]}[{}]`.
2. Publish the single page.
3. Try to request the page.
4. See the result.
#### Does this PR introduce a user-facing change?
```release-note
修复页面别名包含特殊字符导致无法访问的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
对客户端评论接口进行脱敏处理,移除 `ipAddress` 属性以及 owner 下的 `email` 及 `name` 属性。 UA 由于主题端有使用的可能以及敏感性不强,因此未移除。
对于 #3915 中提到的评论时间为排序时间,需要在 [`https://github.com/halo-sigs/plugin-comment-widget`](https://github.com/halo-sigs/plugin-comment-widget) 插件中做处理。
#### Which issue(s) this PR fixes:
#3915
#### Special notes for your reviewer:
查看评论接口 `/apis/api.halo.run/v1alpha1/comments` 及回复接口 `/apis/api.halo.run/v1alpha1/comments/{commentName}/reply` 返回字段是否存在
`spec.ipAddress` 、`owner.email`与 `owner.name` 字段。
#### Does this PR introduce a user-facing change?
```release-note
对客户端评论及回复列表接口进行脱敏处理
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.6.x
#### What this PR does / why we need it:
新增文章和自定义页面预览功能
提供了以下两个路由用于预览,必须登录且是对应文章或自定义页面的 contributors 才能访问,如果不是 contributor 则先得到没有权限访问异常,如果有权限访问但预览文章不存在则得到 404
- 文章预览 `GET /preview/posts/{name}`
- 自定义页面预览 `GET /preview/singlepages/{name}`
两个路由都可以通过查询参数 snapshotName 来指定需要预览的内容快照,它是可选的,默认为当前正在编辑的内容
#### Which issue(s) this PR fixes:
Fixes#2349
#### Does this PR introduce a user-facing change?
```release-note
新增文章和自定义页面预览功能
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
Upgrade to Spring Boot 3.1.0, please refer to <https://github.com/spring-projects/spring-boot/releases/tag/v3.1.0>.
#### Does this PR introduce a user-facing change?
```release-note
升级 Spring Boot 至 3.1.0
```
#### What type of PR is this?
/kind improvement
/area core
/area console
/kind api-change
/milestone 2.6.x
#### What this PR does / why we need it:
重构排序参数以统一自定义 APIs 的风格
- 文章的排序参数字段名改为 `creationTimestamp`、`publishTime` 查询参数示例为 sort=creationTimestamp,desc
- 自定义页面排序参数字段名同文章
- 评论排序参数字段名为 `creationTimestamp`,`replyCount`,`lastReplyTime` 查询参数示例为 sort=creationTimestamp,desc
需要 Console 适配
#### Which issue(s) this PR fixes:
Fixes#3464
#### Does this PR introduce a user-facing change?
```release-note
重构排序参数以统一自定义 APIs 的风格
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
修复在 Windows 系统无法启动插件的问题
how to test it?
1. 使用 windows 系统环境测试插件开发模式和生产模式是否正常工作
2. 测试从 2.0.0 版本安装插件然后切换到此 PR 后插件不会出现找不到文件的错误
3. 测试插件安装和升级是否正常
#### Which issue(s) this PR fixes:
Fixes#3906
#### Does this PR introduce a user-facing change?
```release-note
修复在 Windows 系统无法启动插件的问题
```
#### What type of PR is this?
/kind bug
/kind improvement
/area core
#### What this PR does / why we need it:
This PR refactors post reconciler to reduce post updates and refines post events.
Previously, we need 3 - 4 updates per reconciliation, but now we only need 1. And all events collected in reconciler will be fired after updating post.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3121
#### Special notes for your reviewer:
0. Install search plugin
1. Create a public post and publish it
2. Search posts
3. Try to make the post private
4. Search posts
5. Try to make the post public
6. Search posts
7. Try to delete the post
8. Search posts
9. Try to recover the post
10. Search posts
#### Does this PR introduce a user-facing change?
```release-note
修复依然能搜索到已删除文章的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
This PR make the type of `site.url` to URL instead of URI. If we don't configure `halo.external-url`, the request URI will be used.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3908
#### Special notes for your reviewer:
Add the line below into any templates:
```html
<b th:text="${site.url}"></b>
```
And check if the output is correct by accessing `http://localhost:8090` or `http://127.0.0.1:8090` or `http://192.168.xxx.xxx:8090` when `halo.external-url` is not set.
Check if the output is correct by accessing `http://localhost:8090` or `http://127.0.0.1:8090` or `http://192.168.xxx.xxx:8090` when `halo.external-url` is set to `https://halo.run/`.
#### Does this PR introduce a user-facing change?
```release-note
修复 site.url 解析有误的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.6.x
#### What this PR does / why we need it:
When we use curl or ab command to access any pages rendered by thymeleaf at first up, we will get the error described in <https://github.com/halo-dev/halo/issues/3861>.
This PR will resolve the problem by checking null value.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3861
#### Does this PR introduce a user-facing change?
```release-note
解决访问页面无法渲染的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.2
#### What this PR does / why we need it:
添加系统初始化检查,如果未初始化则重定向到控制台。
此检查只针对首页,当用户访问首页时检查到未初始化则跳转到 Console 让用户初始化以优化没有数据时的访问体验。
SetupStateCache 用于缓存系统初始化状态,当数据库状态改变时会更新缓存以优化性能,避免每次访问首页都查询数据。
#### Which issue(s) this PR fixes:
A part of #3230
#### Does this PR introduce a user-facing change?
```release-note
添加系统初始化检查,如果未初始化则重定向到控制台
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
修复插件缺失路径信息升级后无法使用的兼容性问题
how to test it?
1. 生产模式安装插件
2. 更新插件将插件中的 status.loadLocation 和 metadata.annotations["plugin.halo.run/plugin-path"] 删除
3. 查看插件功能是否正常
#### Does this PR introduce a user-facing change?
```release-note
修复插件缺失路径信息升级后无法使用的兼容性问题
```
#### What type of PR is this?
/kind improvement
#### What this PR does / why we need it:
升级默认主题的版本为 1.3.0:https://github.com/halo-dev/theme-earth/releases/tag/v1.3.0
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
修复页面的链接不能包含特殊字符的问题。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3808
#### Special notes for your reviewer:
测试方式:
1. 创建一个页面。
2. 尝试设置别名为中文或者其他字符。
3. 尝试包含多个 `/` 分隔符。
4. 尝试访问页面,检查是否能够正常访问。
#### Does this PR introduce a user-facing change?
```release-note
修复页面链接包含中文等字符后无法访问的问题。
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
为评论接口增加排序条件。当前只增加了根据创建时间进行正/倒序排列,后续持续进行补充。
#### Which issue(s) this PR fixes:
Fixes#3364
#### Special notes for your reviewer:
调用评论列表接口。增加排序条件 `sort=creationTimestamp,desc` ,查看列表是否正确排序。
#### Does this PR introduce a user-facing change?
```release-note
为评论列表接口增加按照创建时间进行最新/最早排序
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
优化插件的升级流程
how to test it?
1. 测试正常的插件升级是否正常
2. 测试插件升级失败后插件是否会被卸载的问题
3. 测试没有 version 的插件安装是否能成功
4. 在插件目录不会多出一个名为 `{升级插件名称}-null.jar` 的文件
#### Which issue(s) this PR fixes:
Fixes#3839
#### Does this PR introduce a user-facing
```release-note
优化插件的升级流程
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
This PR adds PostVisibleChangedEvent to synchronizing post indices when post visible is changed, whether from public to private or from private to public.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3438
#### Special notes for your reviewer:
1. Install Search plugin
2. Create a post
3. Try to search the post
4. Make post private
5. Try to search the post
6. Make post public
7. Try to search the post
#### Does this PR introduce a user-facing change?
```release-note
修复隐藏的文章已然能够被搜索到问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
修复文章上下篇数据查询 NPE 问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.5.x
/kind api-change
#### What this PR does / why we need it:
为客户端提供一套 APIs
#### Which issue(s) this PR fixes:
Fixes#3661
#### Does this PR introduce a user-facing change?
```release-note
为访客端提供一套完整的 API
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
修复插件安装后无法启动会导致卸载后插件 JAR 文件残留的问题
how to test it?
1. 安装一个无法启动的插件,比如在插件声明周期方法中抛一个异常
2. 启动插件,然后卸载插件看插件 JAR 是否被正确删除
3. 如果是插件开发模式则不会删除文件
#### Which issue(s) this PR fixes:
Fixes#3840
#### Does this PR introduce a user-facing change?
```release-note
修复插件安装后无法启动会导致卸载后插件 JAR 文件残留的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.x
/kind api-change
#### What this PR does / why we need it:
提供自定义 API 用于创建用户账号
简化了创建用户账号需要先创建账号,再分配角色再重置密码的复杂流程。
需要 Console 端适配此 PR
#### Which issue(s) this PR fixes:
Fixes#2852
#### Does this PR introduce a user-facing change?
```release-note
优化用户账号创建流程
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
Upgrade to Spring Boot 3.0.6.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3829
#### Does this PR introduce a user-facing change?
```release-note
升级 Spring Boot 至 3.0.6
```
#### What type of PR is this?
/kind bug
/area plugin
/area core
#### What this PR does / why we need it:
Close file system after reading plugin descriptor.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3720
#### How to test?
1. Build a plugin and install it
2. Update plugin.yaml of the plugin, rebuild and upgrade it
3. Check the change you modified
#### Does this PR introduce a user-facing change?
```release-note
修复无法正常升级插件的问题
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
对初始超级管理员用户名增加合法性校验
#### Which issue(s) this PR fixes:
Fixes#3482
#### Does this PR introduce a user-facing change?
```release-note
对初始超级管理员用户名增加合法性校验
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
This PR adds reconciliation mechanism for plugin. After that, we could define a `Reconciler<Request>` like the following when developing plugin:
```java
@Slf4j
@Component
public class ApplicationReconciler implements Reconciler<Reconciler.Request> {
@Override
public Result reconcile(Request request) {
log.info("Application {} changed.", request);
return Result.doNotRetry();
}
@Override
public Controller setupWith(ControllerBuilder builder) {
return builder
.extension(new Application())
.workerCount(1)
.build();
}
}
```
You can reconcile any extensions as needed.
Meanwhile, all plugins will be stopped when Halo is shutting down.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3783
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中定义 Reconciler
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
优化异常信息
- 5xx 服务器内部错误不显示异常详情到页面,如主题模板表达式错误
- 访问 `GET /apis/api.halo.run/v1alpha1/comments` 提示 400 且不会打印异常堆栈
- 访问不存在的主题静态资源提示 404 且不会打印异常堆栈,如 `GET /themes/guqing-higan/assets/dist/style1.css`
#### Which issue(s) this PR fixes:
Fixes#3483
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/kind api-change
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
Add property `halo.use-absolute-permalink`(default is `false`) to control permalink generation. Leave `halo.external-url` as `null` by default.
Meanwhile, I enhanced `ExternalUrlSupplier#getURL` to get URL from not only properties but only http request.
#### How to use it?
```yaml
halo:
use-absolute-permalink: false
```
Or:
```yaml
halo:
external-url: https://halo.run/
use-absolute-permalink: false
```
Or:
```yaml
halo:
external-url: https://halo.run/
use-absolute-permalink: true
```
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3762
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
新增是否生成相对地址的配置
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
允许用户修改自己的元数据信息
how to test it
使用 API 修改元数据 `PUT localhost:8090/apis/api.console.halo.run/v1alpha1/users/-`
1. 修改 annotations 中的 `"rbac.authorization.halo.run/role-names": "[\"super-role\",\"fake-role\"]"` 会被复原
2. 修改其他的 annotations 能正确修改,也能增加新的 annotation
#### Which issue(s) this PR fixes:
Fixes#3544
#### Does this PR introduce a user-facing change?
```release-note
允许用户修改自己的元数据信息
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
/kind api-change
#### What this PR does / why we need it:
新增 reload 插件的 API
how to test it?
通过以下 API 测试是否可以在不重启 Halo 的情况下使新改动的插件代码生效
```shell
./gradlew clean build && curl -u your-name:your-password -X PUT http://127.0.0.1:8090/apis/api.console.halo.run/v1alpha1/plugins/{plugin-name}/reload
```
#### Which issue(s) this PR fixes:
Fixes#3748
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
This PR refactor AttachmentEndpoint by extracting `upload`, `delete`, `getPremalink` and `getSharedURL` logic in the endpoint into AttachmentService. Meanwhile, I expose the service to plugin, so that we can use the service in plugin conveniently.
#### Special notes for your reviewer:
Please confirm that those changes won't influence existing attachment features.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
修复作者页无法访问的问题
#### Which issue(s) this PR fixes:
Fixes#3718
#### Does this PR introduce a user-facing change?
```release-note
修复作者页无法访问的问题
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
将文章摘要作为 meta description 以优化文章页的 SEO
how to test it?
查看文章页和自定义页面的 head 中是否具有 `<meta name="description" content="文章摘要"/>` 标签
#### Which issue(s) this PR fixes:
Fixes#2682
#### Does this PR introduce a user-facing change?
```release-note
将文章摘要作为 meta description 以优化文章页的 SEO
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.5.x
#### What this PR does / why we need it:
仅允许拥有 authenticated 角色的用户修改个人资料
how to test it?
用户在未登录时访问 `PUT /apis/api.console.halo.run/v1alpha1/users/-` 出现 401 状态码则符合预期,登录后则可以正常调用
#### Which issue(s) this PR fixes:
Fixes#3737
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
Set property `server.forward-header-strategy` to `framework` to enable handling `X-Forwarded*` headers correctly.
By default, Spring won't handle `X-Forwarded*` headers. It doesn't work correctly if Halo is running back reverse proxy server.
Supported headers: <310344cf61/spring-web/src/main/java/org/springframework/web/server/adapter/ForwardedHeaderTransformer.java (L63-L69)>.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3670
#### Does this PR introduce a user-facing change?
```release-note
解决反向代理后无法正确获取当前请求 URI 的问题
```
#### What type of PR is this?
/kind feature
/area core
/area plugin
#### What this PR does / why we need it:
Including CustomEndpoint beans while building plugin router functions.
After that, we can define a CustomEndpoint in plugin like this:
```java
@Component
public class ApplicationEndpoint implements CustomEndpoint {
@Override
public RouterFunction<ServerResponse> endpoint() {
return SpringdocRouteBuilder.route()
.GET("/applications", request -> ServerResponse.ok().build(), builder -> {
builder.operationId("ListV1Alpha1Applications");
})
.build();
}
@Override
public GroupVersion groupVersion() {
return CustomEndpoint.super.groupVersion();
}
}
```
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3700
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
Move common classes related to theme into api module.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
#### What this PR does / why we need it:
Configure default external-url as slash. So that system will generate relative links for all permalinks.
See https://github.com/halo-dev/halo/issues/3654 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3654
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
Move `defaultHandler#onAuthenticationSuccess` up to response write, or it will be executed always.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3553
#### Special notes for your reviewer:
Try to login and see the log detail.
#### Does this PR introduce a user-facing change?
```release-note
修复登录成功或失败后报错的问题
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
Upgrade to plugin-comment-widget 1.5.0.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.4.0
#### What this PR does / why we need it:
移除 AuthProviderReconciler 中关于 authProvier 数据被删除时禁用它提供的登录方式的逻辑
当第三方登录插件如 plugin-oauth2 被停止时不应该从已启用的登录配置中移除 auth provider name,这会导致插件被停用在启用后需要重新启用登录方式。
之前之所以如此是想着去掉 system configmap 中的配置残余,虽然现在去掉了 Reconciler 但为了确保数据干净或许还得想其他办法来解决它,但目前不是重点也没有一个很好的办法,或许可以在插件中去做,比如当插件被卸载的生命周期方法中去更新 ConfigMap 中关于此项的配置。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.4.0
#### What this PR does / why we need it:
将系统设置中的用户注册的默认角色输入框改为选择框。
<img width="575" alt="image" src="https://user-images.githubusercontent.com/21301288/228888394-8355b71e-7d18-46bf-b177-569fa7b311d6.png">
#### Special notes for your reviewer:
测试 `系统设置 -> 用户设置` 中的默认角色是否可以正常设置即可。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.4.0
#### What this PR does / why we need it:
当用户被删除时关联删除用户的绑定账号信息
how to test it?
1. 创建用户
2. 绑定账号
3. 使用管理员删除此用户并查看关联的 UserConnection 是否被删除
```shell
curl -u 'your-username:your-password' http://127.0.0.1:8090/apis/auth.halo.run/v1alpha1/userconnections | jq -r '.'
```
#### Which issue(s) this PR fixes:
Fixes#3639
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/area console
/milestone 2.4.0
#### What this PR does / why we need it:
新增用户注册功能
#### Which issue(s) this PR fixes:
Fixes#2813
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
新增用户注册功能
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.4.x
#### What this PR does / why we need it:
修复 Local 认证方式的开关初始化状态为关闭
#### Which issue(s) this PR fixes:
Fixes#3602
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.4.x
/area core
#### What this PR does / why we need it:
提供 ReactiveSettingFetcher 供插件获取配置
此 PR 基于原有的阻塞的 SettingFetcher 逻辑挪到 DefaultReactiveSettingFetcher 中并将阻塞的实现用 Reactive 得代理,不需要测试,单元测试过了即可。
可以尝试在插件中依赖注入 ReactiveSettingFetcher 看是否能正确注入
#### Which issue(s) this PR fixes:
Fixes#3620
#### Does this PR introduce a user-facing change?
```release-note
提供 ReactiveSettingFetcher 供插件获取配置
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.4.x
#### What this PR does / why we need it:
修复升级主题或插件时新增加的配置默认值没有更新的问题
how to test it?
1. 安装包含设置的主题后获取主题的 ConfigMap 并记下
2. 修改(增加/更新)主题的设置(Setting)的默认值,模拟更新主题
3. 期望默认值改变不会影响到之前已有的配置,对于新增加的配置的默认值会被合并到已有的 ConfigMap 中
#### Which issue(s) this PR fixes:
Fixes#3446
#### Does this PR introduce a user-facing change?
```release-note
修复升级主题或插件时新增加的配置默认值没有更新的问题
```
#### What type of PR is this?
/kind feature
/area core
#### What this PR does / why we need it:
This PR provides a configuration item to control referrer-policy header. Default is `strict-origin-when-cross-origin`.
```yaml
halo:
security:
referrer-options:
policy: no-referrer
```
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3064
#### Does this PR introduce a user-facing change?
```release-note
提供配置以控制站点引用策略(Referrer-Policy)
```
#### What type of PR is this?
/kind bug
/area core
#### What this PR does / why we need it:
This PR makes extension initialization before starting reconcilers to prevent modification conflicts.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/3601
#### Special notes for your reviewer:
1. Try to run Halo 2.3.2 with command `docker run --rm -it -v ~/halo2-dev:/root/.halo2 -p 8090:8090 halohub/halo:2.3.2`
2. Then run Halo 2.4.0-SNAPSHOT with dev profile.
```bash
./gradlew bootRun --args="--spring.profiles.active=dev"
```
4. Check logs and logging functionality
5. Repeat steps above
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
#### What this PR does / why we need it:
升级默认主题的版本为 1.2.1:https://github.com/halo-dev/theme-earth/releases/tag/v1.2.1
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.4.x
/area core
#### What this PR does / why we need it:
支持聚合多个角色到一个角色
see #3560 for more details.
how to test it?
创建一个测试角色和和一个 RoleBinding 将此角色的绑定到其他角色,在不修改用户权限的情况下,用户将拥有新创建的测试角色的权限。
#### Which issue(s) this PR fixes:
Fixes#3560
#### Does this PR introduce a user-facing change?
```release-note
支持聚合多个角色到一个角色
```
#### What type of PR is this?
/kind feature
/milestone 2.4.x
/area core
#### What this PR does / why we need it:
提供 Secret 自定义模型用于存储敏感数据
例如:密码、token 等
参考自: https://kubernetes.io/docs/concepts/configuration/secret
#### Which issue(s) this PR fixes:
Fixes#3267
#### Does this PR introduce a user-facing change?
```release-note
提供 Secret 自定义模型用于存储敏感数据
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.4.x
/kind api-change
#### What this PR does / why we need it:
修复未审核过的回复包含在了评论的回复数量中的问题
此改动需要评论组件修改回复数量取值为 `status.visibleReplyCount`
how to test it?
1. 创建评论,并在评论下回复
2. 评论的所有回复被计数在 `status.replyCount` 中
3. 而 `status.visibleReplyCount` 数量不包含 `spec.hiden=true` 或 `spec.approved = false` 的
#### Which issue(s) this PR fixes:
Fixes#3165
#### Does this PR introduce a user-facing change?
```release-note
修复未审核过的回复包含在了评论的回复数量中的问题
```
#### What type of PR is this?
/kind improvement
/area console
#### What this PR does / why we need it:
隐藏个人资料中未启用的认证方式。
#### Which issue(s) this PR fixes:
Fixes#3556
#### Special notes for your reviewer:
测试方式:
1. 安装 OAuth 2 插件:https://github.com/halo-sigs/plugin-oauth2/pull/3
2. 再不做任何配置的情况下,访问已登录用户的个人资料页面,检查是否列出了认证方式。
3. 配置某个认证方式并开启,再检查是否列出了已启用的认证方式。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.4.x
#### What this PR does / why we need it:
修复插件启动失败后停止插件时出现的 NPE 问题
how to test it?
见 #3579,先使用 issue 描述步骤复现问题,在切换到此 PR 尝试相同步骤
#### Which issue(s) this PR fixes:
Fixes#3579
#### Does this PR introduce a user-facing change?
```release-note
修复插件启动失败后停止插件时出现的 NPE 问题
```
#### What type of PR is this?
/kind cleanup
/area core
#### What this PR does / why we need it:
This PR totally refactor project structure for a better plugin development. Now we can maintain and publish api and platform modules at Halo application side, which will be references by plugins.
Currently, we can execute command `./gradlew clean publish` to publish api and platform modules into **local** Maven repository, so that we can refer these dependencies (`run.halo.tools.platform:plugin:2.4.0-SNAPSHOT` and `run.halo.app:api:2.4.0-SNAPSHOT`) in plugin projects.
I will make another pull request to publish api library and platforms into Maven central repository.
**Modules explanation**:
- API module contains common classes which might be used by plugins.
- Plugin Platform module contains dependency declarations of other plugin API modules.
- Application Platform module contains dependency declarations application module might uses.
If we want to build application only(exclude check and jar), we have to execute the command below:
```bash
./gradlew clean :application:build -x :application:check -x :application:jar
```
The executable Jar will be generated at folder `application/build/libs/`.
If we want to build a Docker image, we could execute the command below:
```bash
docker build -t johnniang/halo:project-structure .
# Test the Docker image
docker run -it --rm -p8090:8090 johnniang/halo:project-structure
```
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/2730
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
重构项目结构
```
contour
