41 Commits

Author SHA1 Message Date
LIghtJUNction
96d189fadc Merge remote-tracking branch 'origin/feat/service-command' into dev 2026-05-22 16:51:59 +08:00
LIghtJUNction
944afc4b33 Merge remote-tracking branch 'origin' into dev
# Conflicts:
#	astrbot/builtin_stars/astrbot/main.py
#	astrbot/cli/__main__.py
#	astrbot/cli/commands/__init__.py
#	astrbot/core/provider/sources/openai_source.py
2026-05-22 15:19:54 +08:00
Soulter
97f0fd3de3 feat: add CLI commands documentation and service management features
- Updated the VitePress configuration to include links to CLI commands in both English and Chinese.
- Enhanced the AstrBot deployment documentation with instructions for installing it as a system service.
- Created comprehensive CLI commands documentation covering initialization, service management, configuration, and plugin management.
- Added tests for CLI command aliases and service functionalities to ensure proper command registration and behavior.
- Implemented service log management features, including enabling application logging and controlling log visibility.
2026-05-21 23:44:28 +08:00
Weilong Liao
d15606d202 feat(password): add command to change AstrBot dashboard password (#8272)
closes: #8268
2026-05-21 21:37:10 +08:00
LIghtJUNction
987099d4cb chore: merge origin/master into dev 2026-05-19 21:15:22 +08:00
Weilong Liao
7ddf6371b9 fix(webui): enforce 12-char dashboard password policy with backend+frontend validation (#7338)
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation

* fix(i18n): update password policy hints and validation rules for improved security

* test: adapt dashboard auth fixtures for hashed default password

* fix(security): increase PBKDF2 iterations

* feat(auth): implement secure login challenge and proof verification

* chore: ruff format

* fix(auth): update md5 import syntax for consistency

* feat(dashboard): implement random password generation for empty dashboard password

* feat(auth): enforce plaintext password requirement for legacy MD5 hashes

* fix(i18n): update password hint texts to reflect auto-generated initial passwords

* feat(dashboard): implement password change requirement and reset logic

* feat(auth): implement account setup flow and password change requirements

* feat: Implement legacy password support and upgrade mechanism

- Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords.
- Updated configuration handling to store both PBKDF2 and legacy password hashes.
- Introduced logic to check if password storage has been upgraded and if a password change is required.
- Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades.
- Updated frontend to display warnings for legacy password storage and required upgrades.
- Enhanced tests to cover scenarios for legacy password handling and migration to new storage format.

* fix(logo): update text color styles to use CSS variables for consistency

* feat(dashboard): upgrade password storage and enforce change requirement

* fix(dashboard): update minimum password length from 12 to 10 characters

* fix(dashboard): update minimum password length from 10 to 8 characters

---------

Co-authored-by: RC-CHN <1051989940@qq.com>
2026-05-12 23:46:57 +08:00
LIghtJUNction
c4048bb8eb refactor: delete _internal
remove deprecated API modules and example scripts; update core modules
(agents, providers, tools, platform adapters, utils), dashboard package
and components, and unit tests.
2026-04-23 04:16:30 +08:00
LIghtJUNction
dcf84e6726 feat: enhance CLI prompts and fix frontend 401 handling
- cmd_conf: show password rules before setting, display length after input
- cmd_init/cmd_run: add Chinese prompts and HTTPS security warnings
- openai_source/gemini_source: add missing provider adapter import
- ConsoleDisplayer: add missing resolveApiUrl import for SSE
- WelcomePage: show user-friendly message for 401 unauthorized errors
2026-04-10 21:58:52 +08:00
LIghtJUNction
18e66595f0 chore: ruff check --fix && ruff format . 2026-04-10 20:12:33 +08:00
LIghtJUNction
ec1af1ac0f ruff check --fix --select ALL 2026-04-10 19:57:02 +08:00
LIghtJUNction
3cd48ad1d9 feat(cli): block password change if astrbot is running
AstrBot uses a lock file (astrbot.lock) to prevent concurrent instances.
Before allowing a password change via `astrbot conf admin`, the CLI now
attempts to acquire the lock with a 1-second timeout. If acquisition fails
(another process holds it), the command is rejected with a clear error
message instructing the user to stop astrbot first.
2026-04-08 21:28:14 +08:00
LIghtJUNction
5012475c29 style: remove redundant empty lines and unused exception variables 2026-04-04 17:53:05 +08:00
LIghtJUNction
6bff35d40c fix(dashboard): resolve JSON syntax errors and BOM in auth.json 2026-04-04 17:22:39 +08:00
LIghtJUNction
3d2ff938f5 fix(cli): use raise from e in exception clauses 2026-04-04 16:34:56 +08:00
LIghtJUNction
4308580039 chore: ruff 2026-04-04 16:29:00 +08:00
LIghtJUNction
c4dee9091a refactor(cli): unify password encryption logic in cmd_conf.py 2026-04-04 16:27:53 +08:00
LIghtJUNction
7b22e56252 security: remove legacy SHA256/MD5 password verification and fix API key logging
- Remove insecure SHA256/MD5 password hash verification from cmd_conf.py
  (rejection logic for storing legacy hashes is preserved)
- Remove API key logging from gemini_source.py, openai_source.py
- Remove header logging (contains Authorization header) from volcengine_tts.py

CodeQL issues fixed:
- Broken cryptographic hash (SHA256/MD5 for passwords)
- Clear-text logging of sensitive information (API keys)
2026-03-29 15:48:38 +08:00
LIghtJUNction
16f8cdea92 fix: add missing normalize method to base ToolSet
Also show password hash values instead of masking in conf set output.
2026-03-24 18:57:01 +08:00
LIghtJUNction
310d2d6998 feat: add integration tests infrastructure and MCP echo server fixture
- Add tests/integration/ directory with fixtures/
- Create echo_mcp_server.py for MCP testing
- Create test_mcp_integration.py with basic tests
- Fix bug in MCP client: use stdio_transport instead of _streams_context
- Add examples/abp_demo.py demonstrating ABP protocol
- Update openspec with integration tests change
2026-03-23 23:01:55 +08:00
LIghtJUNction
ced1a4fbb6 chore: auto commit 2026-03-23 21:35:18 +08:00
LIghtJUNction
320425f7e7 refactor: remove unused is_legacy_dashboard_password_hash
Remove the dead is_legacy_dashboard_password_hash helper which was
never used by verify_dashboard_password. Legacy SHA-256/MD5 hashes
are not supported - only Argon2 and PBKDF2 are valid password hashes.
Users with old SHA-256 hashes must reset their password.
2026-03-23 20:34:02 +08:00
LIghtJUNction
f55016bcb2 refactor: type annotations and i18n improvements
- Add i18n support to cmd_conf.py (config validators)
- Fix BaseFunctionToolExecutor to be an ABC
- Add explicit type annotations for dict payloads
- Various type annotation improvements
2026-03-23 12:49:13 +08:00
LIghtJUNction
af77f82c51 更名:conf password可以修改账户名称,因此改名为admin
astrbot conf admin -p xxx
2026-03-21 00:47:14 +08:00
LIghtJUNction
00c9388da3 重构:彻底放弃md5保存密码
main.py调整说明
修复一系列导入问题
修复一部分ruff check问题
2026-03-21 00:09:58 +08:00
LIghtJUNction
13132517b2 重构: 修正一些错误,引入_internel包 2026-03-20 16:51:27 +08:00
LIghtJUNction
0b2a143681 cli(run): simplify env loading — move .env early-load to astrbot_path; service-config treated as .env; preserve CLI > service-config > .env precedence 2026-03-20 16:05:30 +08:00
LIghtJUNction
a3371ad6c8 core: refactor modules & fix typing/runtime issues 2026-03-19 23:06:27 +08:00
LIghtJUNction
b6f4614c58 fix(cli): robust password hashing when argon2 missing (fallback to PBKDF2) 2026-03-19 20:02:24 +08:00
LIghtJUNction
17b0dfe974 fix(cli): restore cmd_conf password hashing and validators; use absolute import for check_astrbot_root 2026-03-19 19:46:21 +08:00
LIghtJUNction
c0282e4d28 Potential fix for code scanning alert no. 45: Use of a broken or weak cryptographic hashing algorithm on sensitive data
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-03-19 17:40:25 +08:00
LIghtJUNction
fce8069b18 Potential fix for code scanning alert no. 44: Use of a broken or weak cryptographic hashing algorithm on sensitive data
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-03-19 17:40:09 +08:00
LIghtJUNction
201a19a63e Potential fix for code scanning alert no. 46: Use of a broken or weak cryptographic hashing algorithm on sensitive data
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2026-03-19 17:39:55 +08:00
LIghtJUNction
98a8502ebe fix: resolve asynchronous context manager and coroutine attribute issues
- Fixed '_GeneratorContextManager' error in pip_installer.py by using synchronous 'with' for constraints_file().
- Fixed 'CoroutineType' has no attribute 'is_file' in dashboard/routes/config.py by adding missing await.
- Fixed undefined names (Group, ComponentTypes, File, Reply, At) in aiocqhttp_platform_adapter.py.
- Added 'pytest-cov' for code coverage testing.
2026-03-18 22:35:49 +08:00
LIghtJUNction
e8c234f0cf feat: improve cli admin setup and api startup logs 2026-03-18 18:21:49 +08:00
LIghtJUNction
976398d1f2 feat(cli): enhance backup capabilities and refactor path management
- Introduce 'astrbot bk' command with GPG signing, encryption, and digest support
- Add import/export functionality using core backup modules
- Refactor path management to use 'AstrbotPaths' singleton across CLI commands
- Replace blocking subprocess calls with asyncio.create_subprocess_exec in backup command
- Add comprehensive tests for uninstall and backup commands
- Improve module resource handling for bundled dashboard assets
2026-03-17 18:32:32 +08:00
Soulter
6b642d7674 refactor: bundled webui static files into wheel and replace astrbot cli log with English (#5665)
* refactor: bundled webui static files into wheel and replace astrbot cli log with English

- Translated and standardized log messages in cmd_conf.py for better clarity.
- Updated initialization logic in cmd_init.py to provide clearer user prompts and error handling.
- Improved plugin management commands in cmd_plug.py with consistent language and error messages.
- Enhanced run command in cmd_run.py with clearer status messages and error handling.
- Updated utility functions in basic.py and plugin.py to improve readability and maintainability.
- Added version comparison logic in version_comparator.py with clearer comments.
- Enhanced logging configuration in log.py to suppress noisy loggers.
- Updated the updater logic in updator.py to provide clearer error messages for users.
- Improved IO utility functions in io.py to handle dashboard versioning more effectively.
- Enhanced dashboard server logic in server.py to prioritize bundled assets and improve user feedback.
- Updated pyproject.toml to include bundled dashboard assets and custom build hooks.
- Added a custom build script (hatch_build.py) to automate dashboard builds during package creation.

* refactor: improve exception messages and formatting in CLI command validation

* perf: change npm install to npm ci for consistent dependency installation

* fix
2026-03-03 12:58:59 +08:00
Dt8333
7dd95d8a59 chore: auto ann fix by ruff (#4903)
* chore: auto fix by ruff

* refactor: 统一修正返回类型注解为 None/bool 以匹配实现

* refactor: 将 _get_next_page 改为异步并移除多余的请求错误抛出

* refactor: 将 get_client 的返回类型改为 object

* style: 为 LarkMessageEvent 的相关方法添加返回类型注解 None

---------

Co-authored-by: Soulter <37870767+Soulter@users.noreply.github.com>
2026-02-09 00:22:24 +08:00
Copilot
94bf3b8195 Fix incorrect type annotations and errors (#3250)
* Initial plan

* Fix type annotation errors in cmd_conf, cmd_init, and version_comparator

Co-authored-by: LIghtJUNction <106986785+LIghtJUNction@users.noreply.github.com>

* Changes before error encountered

Co-authored-by: LIghtJUNction <106986785+LIghtJUNction@users.noreply.github.com>

* Fix more type annotation errors: change `= None` to `| None = None`

Co-authored-by: LIghtJUNction <106986785+LIghtJUNction@users.noreply.github.com>

* Fix final batch of type annotation errors

Co-authored-by: LIghtJUNction <106986785+LIghtJUNction@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: LIghtJUNction <106986785+LIghtJUNction@users.noreply.github.com>
Co-authored-by: LIghtJUNction <lightjunction.me@gmail.com>
2025-11-02 17:02:56 +08:00
LIghtJUNction
0b7fc29ac4 style: add ruff lint module of isort and pyupgrade, and some ruff check fix (#3214)
Co-authored-by: Dt8333 <25431943+Dt8333@users.noreply.github.com>
Co-authored-by: Soulter <905617992@qq.com>
2025-11-01 13:26:19 +08:00
Raven95676
f315f284aa fix: improve error handling for config loading and setting 2025-05-10 16:24:52 +08:00
Raven95676
c367f5009d feat: CLI支持部分配置文件项的设定 2025-05-10 16:03:08 +08:00