#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR changes server.forward-header-strategy to native instead of framework due to a bug of Spring Framework 6.20.0-RC.1.
See https://github.com/spring-projects/spring-framework/pull/32097#discussion_r1791264218 for more.
If Halo server is proxied by OpenResty which is using HTTP 2, all header names proxied into Halo server will be lowercase. This behavior makes Halo get a null header(e.g.:: `content-type: application/json`) while invoking `request.getHeaders().getContentType()`.
And I found that `ServerHttpRequest` is mutated by `org.springframework.web.server.adapter.ForwardedHeaderTransformer`, so I try to use native forward-header-strategy to resolve the problem and it works very well. See [reactor.netty.http.server.DefaultHttpForwardedHeaderHandler](446683826b/reactor-netty-http/src/main/java/reactor/netty/http/server/DefaultHttpForwardedHeaderHandler.java) for more.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复 Code 输入框在模态框(VModal)组件中无法正常全屏显示的问题。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6682
#### Does this PR introduce a user-facing change?
```release-note
修复 Code 输入框在模态框(VModal)组件中无法正常全屏显示的问题。
```
#### What type of PR is this?
/kind improvement
/area ui
/milsetone 2.20.x
#### What this PR does / why we need it:
在 userSelect 查询用户列表时,移除匿名与已删除用户这两个保留用户。
#### How to test it?
在文章设置,用户列表中不存在匿名与已删除用户即可。
#### Which issue(s) this PR fixes:
Fixes#6665
#### Does this PR introduce a user-facing change?
```release-note
在 user select 中不再显示匿名与已删除用户。
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR separates authorization exchange customization into security configurers. I also define the annotations `@Order` on every security configurer in order to customize authorization exchange in separated source file instead of modifying existing.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
完善登录方式选择按钮的 i18n。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6759
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
支持检查是否有权限访问 /console。
#### Which issue(s) this PR fixes:
Fixes#6773
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
Fixes https://github.com/halo-dev/halo/issues/6760
重构登录、注册、找回密码、两步验证等模板的结构,提供更好的复用性,现在主题可以这样复用模板:
login.html
```html
<form th:replace="~{gateway_modules/form_fragments::login}"></form>
```
signup.html
```html
<form th:replace="~{gateway_modules/form_fragments::signup}"></form>
```
challenges/two-factor/totp.html
```html
<form th:replace="~{gateway_modules/form_fragments::totp}"></form>
```
#### Special notes for your reviewer:
需要测试各个页面是否功能正常
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
/sig docs
#### What this PR does / why we need it:
修复恢复备份后可能会因为与之前的数据冲突导致无法启动的问题
如果恢复时发生不可预知的错误,需要重启之后重新初始化再进行恢复
#### Which issue(s) this PR fixes:
Fixes#6672
#### Does this PR introduce a user-facing change?
```release-note
修复恢复备份后可能会因为与恢复之前存在的数据冲突导致无法启动的问题
```
#### What type of PR is this?
/area ui
/kind api-change
/milestone 2.20.x
#### What this PR does / why we need it:
See #6774
#### Which issue(s) this PR fixes:
Fixes#6774
#### Does this PR introduce a user-facing change?
```release-note
移除角色的 **登录之后默认跳转位置** 设置选项。
```
#### What type of PR is this?
/area ui
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复 Console 中退出登录功能失效的问题。
#### Which issue(s) this PR fixes:
Fixes#6756
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
为系统默认的存储策略添加保护措施,不允许删除。
<img width="893" alt="image" src="https://github.com/user-attachments/assets/990f834f-3d97-4ee8-9c24-01cc188b7be6">
#### Does this PR introduce a user-facing change?
```release-note
为系统默认的存储策略添加保护措施,不允许删除。
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
备份时排除全文索引目录 indices,防止恢复之后因为索引文件问题无法启动。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6443
#### Does this PR introduce a user-facing change?
```release-note
备份时排除全文索引目录 indices,防止恢复之后因为索引文件问题无法启动。
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
微调登录相关页面的样式。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR upgrades to jsoup 1.18.1. See https://github.com/jhy/jsoup/releases/tag/jsoup-1.18.1 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 jsoup 至 1.18.1
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
Bump vue version to [3.5.11](https://github.com/vuejs/core/blob/main/CHANGELOG.md#3511-2024-10-03)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR upgrades to Lucene 9.12.0. See https://lucene.apache.org/core/9_12_0/changes/Changes.html for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Lucene 至 9.12.0
```
#### What type of PR is this?
/kind cleanup
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR upgrades to Guava 33.3.1-jre. See https://github.com/google/guava/releases/tag/v33.3.1 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级依赖 Guava 至 33.3.1-jre
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds [a Gradle plugin ](https://github.com/ben-manes/gradle-versions-plugin)to discover dependency updates.
```bash
❯ ./gradlew dependencyUpdates -Drevision=release
> Task :api:dependencyUpdates
------------------------------------------------------------
:api Project Dependency Updates (report to plain text file)
------------------------------------------------------------
The following dependencies are using the latest release version:
- com.github.ben-manes.caffeine:caffeine:3.1.8
- com.github.java-json-tools:json-patch:1.13
- com.j256.two-factor-auth:two-factor-auth:1.3
- io.asyncer:r2dbc-mysql:1.3.0
- io.github.java-diff-utils:java-diff-utils:4.12
- io.github.resilience4j:resilience4j-reactor:2.2.0
- io.github.resilience4j:resilience4j-spring-boot3:2.2.0
- io.projectreactor:reactor-test:3.7.0-M6
- io.r2dbc:r2dbc-h2:1.0.0.RELEASE
- io.seruco.encoding:base62:0.1.3
- org.apache.commons:commons-lang3:3.17.0
- org.imgscalr:imgscalr-lib:4.2
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.mariadb:r2dbc-mariadb:1.2.2
- org.openapi4j:openapi-schema-validator:1.0.7
- org.pf4j:pf4j:3.12.0
- org.postgresql:postgresql:42.7.4
- org.postgresql:r2dbc-postgresql:1.0.5.RELEASE
- org.projectlombok:lombok:1.18.30
- org.springdoc:springdoc-openapi-starter-webflux-ui:2.6.0
- org.springframework.boot:spring-boot-starter-actuator:3.4.0-M3
- org.springframework.boot:spring-boot-starter-cache:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-jpa:3.4.0-M3
- org.springframework.boot:spring-boot-starter-data-r2dbc:3.4.0-M3
- org.springframework.boot:spring-boot-starter-mail:3.4.0-M3
- org.springframework.boot:spring-boot-starter-security:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.boot:spring-boot-starter-thymeleaf:3.4.0-M3
- org.springframework.boot:spring-boot-starter-validation:3.4.0-M3
- org.springframework.boot:spring-boot-starter-webflux:3.4.0-M3
- org.springframework.integration:spring-integration-core:6.4.0-M3
- org.springframework.security:spring-security-oauth2-client:6.4.0-M4
- org.springframework.security:spring-security-oauth2-jose:6.4.0-M4
- org.springframework.security:spring-security-oauth2-resource-server:6.4.0-M4
- org.springframework.security:spring-security-test:6.4.0-M4
- org.springframework.session:spring-session-core:3.4.0-M2
- org.thymeleaf.extras:thymeleaf-extras-springsecurity6:3.1.2.RELEASE
The following dependencies have later release versions:
- com.google.guava:guava [32.0.1-jre -> 33.3.1-jre]
https://github.com/google/guava
- net.bytebuddy:byte-buddy [1.15.1 -> 1.15.3]
https://bytebuddy.net
- org.apache.lucene:lucene-analysis-common [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-backward-codecs [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-core [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-highlighter [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.lucene:lucene-queryparser [9.11.1 -> 9.12.0]
https://lucene.apache.org/
- org.apache.tika:tika-core [2.9.2 -> 3.0.0-BETA2]
https://tika.apache.org/
- org.jsoup:jsoup [1.15.3 -> 1.18.1]
https://jsoup.org/
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
> Task :application:dependencyUpdates
------------------------------------------------------------
:application Project Dependency Updates (report to plain text file)
------------------------------------------------------------
The following dependencies are using the latest release version:
- com.puppycrawl.tools:checkstyle:9.3
- io.projectreactor:reactor-test:3.7.0-M6
- org.jacoco:org.jacoco.agent:0.8.12
- org.jacoco:org.jacoco.ant:0.8.12
- org.springframework:spring-context-indexer:6.2.0-RC1
- org.springframework.boot:spring-boot-configuration-processor:3.4.0-M3
- org.springframework.boot:spring-boot-starter-test:3.4.0-M3
- org.springframework.security:spring-security-test:6.4.0-M4
- org.webjars.npm:jsencrypt:3.3.2
- org.webjars.npm:normalize.css:8.0.1
The following dependencies have later release versions:
- org.projectlombok:lombok [1.18.30 -> 1.18.34]
https://projectlombok.org
Gradle release-candidate updates:
- Gradle: [8.10.2: UP-TO-DATE]
Generated report file build/dependencyUpdates/report.txt
Deprecated Gradle features were used in this build, making it incompatible with Gradle 9.0.
You can use '--warning-mode all' to show the individual deprecation warnings and determine if they come from your own scripts or plugins.
For more on this, please refer to https://docs.gradle.org/8.10.2/userguide/command_line_interface.html#sec:command_line_warnings in the Gradle documentation.
BUILD SUCCESSFUL in 1s
9 actionable tasks: 2 executed, 7 up-to-date
```
#### Does this PR introduce a user-facing change?
<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更,在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新(Break Change),
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR upgrades to Gradle 8.10.2 regularly. See https://github.com/gradle/gradle/releases/tag/v8.10.2 for more.
#### Does this PR introduce a user-facing change?
```release-note
升级至 Gradle 8.10.2
```
#### What type of PR is this?
/area ui
/kind cleanup
#### What this PR does / why we need it:
修复 DefaultEditor 组件中的格式问题。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind improvement
#### What this PR does / why we need it:
#### Which issue(s) this PR fixes:
#6748Fixes#6748
#### Special notes for your reviewer:
使英文标题中字母不被截断
#### Does this PR introduce a user-facing change?
```release-note
修复文章编辑页面标题输入框中,英文字符可能会被隐藏的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR make authenticated users redirect to user center if they are trying to access login and signup pages.
#### Special notes for your reviewer:
1. Log in Halo
2. Try to request <http://localhost:8090/login> or <http://localhost:8090/signup>.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
添加登录失效的引导。
<img width="1080" alt="image" src="https://github.com/user-attachments/assets/a84c0059-b0ef-4105-b8e9-ae6b3d39d89d">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR provides an endpoint for disconnecting user connection. After the user connection is disconnected, an event `UserConnectionDisconnectedEvent` will be published for plugins.
Now, OAuth2 plugin can simplify the authentication, binding and unbinding logic, please see the AuthProvider configuration snippet below:
```diff
spec:
authenticationUrl: /oauth2/authorization/github
- bindingUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/connect/github
+ bindingUrl: /oauth2/authorization/github
- unbindUrl: /apis/api.plugin.halo.run/v1alpha1/plugins/plugin-oauth2/disconnect/github
+ unbindUrl: /apis/uc.api.auth.halo.run/v1alpha1/user-connections/github/disconnect
```
Please note that, OAuth2 plugin can also define binding and unbinding endpoints by self.
#### Special notes for your reviewer:
OAuth2 test plugin:
[plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17184215/plugin-oauth2-1.0.4-SNAPSHOT.zip)
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area ui
/kind feature
/milestone 2.20.x
#### What this PR does / why we need it:
Dialog API 支持传入 uniqueId,以限制同一时间仅打开一个。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6724
#### Does this PR introduce a user-facing change?
```release-note
Dialog API 支持传入 uniqueId,以限制同一时间仅打开一个。
```
#### What type of PR is this?
/milestone 2.20.x
/area core
/kind improvement
#### What this PR does / why we need it:
允许通过 `halo.security.basic-auth.disabled=true` 配置来禁用 Basic Auth 认证
#### Which issue(s) this PR fixes:
Fixes#5408
#### Does this PR introduce a user-facing change?
```release-note
允许通过 `halo.security.basic-auth.disabled=true` 配置来禁用 Basic Auth 认证,在 2.20 版本生产环境下默认禁用了 Basic Auth
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
备份时忽略缩略图目录
#### Which issue(s) this PR fixes:
Fixes#6717
#### Does this PR introduce a user-facing change?
```release-note
备份时忽略缩略图目录以减少文件大小
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR add support for binding OAuth2 user automatically. So we can remove the user-binding page.
Please note that those changes may break the OAuth2 and SocialLogin plugins.
#### Special notes for your reviewer:
Build OAuth2 plugin from <https://github.com/halo-sigs/plugin-oauth2/pull/64> or use [plugin-oauth2-1.0.4-SNAPSHOT.zip](https://github.com/user-attachments/files/17177592/plugin-oauth2-1.0.4-SNAPSHOT.zip) I built.
- Bind after logging in
1. Log in Halo with username and password method
2. Try to unbind OAuth2 user
3. Bind OAuth2 user again
- Initially bind without logging in
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to login page
3. Log in with username and password method
4. See the result of binding
- Log in with OAuth2 method after binding
1. Go to login page
2. Log in with OAuth2 method and you will be redirected to uc page directly
#### Does this PR introduce a user-facing change?
```release-note
支持自动绑定 OAuth2 登录用户
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds confirmPassword field into SignUpData for validation. So the signup page can be rendered correctly.
See https://github.com/halo-dev/halo/issues/6718 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6718
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
完善新登录相关页面的多语言资源文件。
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6721
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind cleanup
/milestone 2.20.x
#### What this PR does / why we need it:
重新生成 OpenAPI 定义和 API Client,在 https://github.com/halo-dev/halo/pull/6488 中忘了重新生成。
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
移除在 Edge 浏览器中,为密码输入框添加显示密码明文按钮。
<img width="406" alt="image" src="https://github.com/user-attachments/assets/49801c25-d8dc-46db-9cba-302653af1951">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
将索引构建状态添加到就绪检测的指标中
#### Which issue(s) this PR fixes:
Fixes#6632
#### Does this PR introduce a user-facing change?
```release-note
将索引构建状态添加到就绪检测的指标中以优化就绪时访问出现索引不可用的问题
```
#### What type of PR is this?
/milestone 2.20.x
/area core
#### What this PR does / why we need it:
将内容管理相关的数据更新类归档到 content 包下,如访问量和评论量统计
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复文章封面图链接包含空格时主题端会因为生成缩略图错误而无法访问的问题
这是由于 URI string 中包含空格无法创建 URI 对象,目前将忽略这种非法参数,如果生成失败则直接返回原始 URI string
#### Which issue(s) this PR fixes:
Fixes#6690
#### Does this PR introduce a user-facing change?
```release-note
修复文章封面图链接包含空格时主题端会因为生成缩略图错误而无法访问的问题
```
#### What type of PR is this?
/area ui
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复在 FireFox 浏览器下的编辑器中无法通过粘贴文件上传的问题。
#### Which issue(s) this PR fixes:
Fixes#6684
#### Special notes for your reviewer:
在 FireFox 浏览器中,复制一张本地的图片,尝试在编辑器中粘贴,观察是否上传成功。
#### Does this PR introduce a user-facing change?
```release-note
修复在 FireFox 浏览器下的编辑器中无法通过粘贴文件上传的问题。
```
John Niang