Commit Graph

204 Commits

Author SHA1 Message Date
LIghtJUNction
92c58f8a2a fix: resolve merge follow-ups (typing, imports, frontend tests) 2026-05-19 21:16:25 +08:00
LIghtJUNction
987099d4cb chore: merge origin/master into dev 2026-05-19 21:15:22 +08:00
Soulter
d609f23b71 chore: bump version to 4.25.1 2026-05-17 15:01:59 +08:00
Soulter
02291a3217 chore: bump version to 4.25.0 2026-05-16 01:39:04 +08:00
Soulter
c77cb0f4e2 chore: bump version to 4.24.5 2026-05-14 01:16:26 +08:00
Soulter
0e6ad1c443 feat: cli supports ASTRBOT_DASHBOARD_INITIAL_PASSWORD env 2026-05-14 01:13:46 +08:00
Soulter
c48108040c chore: bump version to 4.24.4 2026-05-13 01:46:08 +08:00
Soulter
989cc0d609 chore: bump version to 4.24.3 2026-05-13 00:17:27 +08:00
Weilong Liao
7ddf6371b9 fix(webui): enforce 12-char dashboard password policy with backend+frontend validation (#7338)
* fix(webui): enforce 12-char dashboard password policy with backend+frontend validation

* fix(i18n): update password policy hints and validation rules for improved security

* test: adapt dashboard auth fixtures for hashed default password

* fix(security): increase PBKDF2 iterations

* feat(auth): implement secure login challenge and proof verification

* chore: ruff format

* fix(auth): update md5 import syntax for consistency

* feat(dashboard): implement random password generation for empty dashboard password

* feat(auth): enforce plaintext password requirement for legacy MD5 hashes

* fix(i18n): update password hint texts to reflect auto-generated initial passwords

* feat(dashboard): implement password change requirement and reset logic

* feat(auth): implement account setup flow and password change requirements

* feat: Implement legacy password support and upgrade mechanism

- Added `hash_legacy_dashboard_password` function for MD5 hashing of passwords.
- Updated configuration handling to store both PBKDF2 and legacy password hashes.
- Introduced logic to check if password storage has been upgraded and if a password change is required.
- Modified dashboard authentication routes to handle legacy password checks and prompts for upgrades.
- Updated frontend to display warnings for legacy password storage and required upgrades.
- Enhanced tests to cover scenarios for legacy password handling and migration to new storage format.

* fix(logo): update text color styles to use CSS variables for consistency

* feat(dashboard): upgrade password storage and enforce change requirement

* fix(dashboard): update minimum password length from 12 to 10 characters

* fix(dashboard): update minimum password length from 10 to 8 characters

---------

Co-authored-by: RC-CHN <1051989940@qq.com>
2026-05-12 23:46:57 +08:00
LIghtJUNction
d373a24320 merge: sync origin/master into dev
Resolved 76 file conflicts across backend, frontend, and tests:
- Core backend: agent, platform, provider, star, tools, cron, KB, utils
- Dashboard backend: auth, config, plugin routes, server, runtime bootstrap
- Frontend components: shared, extension, provider components
- Frontend views: console, trace, cron, extension, platform, provider, etc.
- Frontend infrastructure: layouts, router, stores, main.ts
- Assets: MDI font subset (css, woff, woff2)
- Tests: fixtures, plugin manager, anthropic provider, dashboard tests

Strategy per file:
- Most backend: merged master improvements (metrics, http_client -> default_headers,
  download_url params, plugin i18n, runtime guards, auth middleware)
- Frontend views: adopted master dashboard-shell layout (v-container, is-dark theme)
- InstalledPluginsTab: kept dev pinned-plugins feature (drag-sort, pin/unpin)
- Binary assets: resolved via git checkout
- Tests: merged both branches' assertions and mock updates
2026-05-08 11:04:03 +08:00
Soulter
39386eeb3e chore: bump version to 4.24.2 2026-05-04 00:21:43 +08:00
Soulter
010e6d2eda chore: bump version to 4.24.1 2026-05-03 23:00:16 +08:00
Soulter
afe999550d chore: bump version to 4.24.0 2026-05-03 22:20:25 +08:00
LIghtJUNction
0208dbb15f Merge branch 'master' of https://github.com/AstrBotDevs/AstrBot into dev
# Conflicts:
#	dashboard/vite.config.ts
2026-04-29 02:16:18 +08:00
Soulter
09ab45fcb5 chore: bump version to 4.23.6 2026-04-27 13:05:20 +08:00
Soulter
9f8ce24726 chore: bump version to 4.23.5 2026-04-23 22:28:40 +08:00
Soulter
8eefda4611 chore: bump version to 4.23.4 2026-04-23 21:30:03 +08:00
Soulter
c1cd5627bb chore: bump version to 4.23.3 2026-04-23 12:00:10 +08:00
LIghtJUNction
c4048bb8eb refactor: delete _internal
remove deprecated API modules and example scripts; update core modules
(agents, providers, tools, platform adapters, utils), dashboard package
and components, and unit tests.
2026-04-23 04:16:30 +08:00
LIghtJUNction
33ec7bbf9c merge: master -> dev 2026-04-23 01:12:06 +08:00
Rain-0x01_
6b756f666f docs: Unify documentation links (#7709)
astrbot.app -> docs.astrbot.app
2026-04-21 22:42:27 +08:00
Soulter
00689604b4 chore: bump version to 4.23.2 2026-04-19 17:50:03 +08:00
LIghtJUNction
e16e5c7630 fix: resolve merge conflicts from upstream and fix tool conflict resolution
- ToolSet.add() now protects active tools from inactive overrides
- Add missing _has_meaningful_content() method in RespondStage
- Remove is_local=True from ExecuteShellTool (no longer supported)
- Fix ToolSet() missing namespace argument in get_full_tool_set()
- Rewrite tests to match new tool architecture (cron_tools, func_tool_manager, tool_conflict_resolution)
2026-04-15 20:45:11 +08:00
Soulter
1292faa446 chore: bump version to 4.23.1 2026-04-13 23:39:34 +08:00
Soulter
6131386893 chore: bump version to 4.23.0 2026-04-13 00:36:04 +08:00
Soulter
b801003801 chore: bump version to 4.23.0-beta.1 2026-04-11 21:15:30 +08:00
LIghtJUNction
6a81739392 feat(cli): show ASCII logo and QR code only in interactive mode
- Move logo and print_logo to new astrbot/cli/banner.py module
  to avoid circular imports
- Add is_interactive() helper to detect TTY
- Show ASCII logo in run/init commands only in interactive mode
- Show WeChat QR code ASCII art only in interactive mode;
  non-interactive mode shows just the QR link
2026-04-10 22:42:43 +08:00
LIghtJUNction
1cd49b438d refactor(cli): remove logo from default CLI output
Logo is now only shown in commands that have their own
startup output (run, init), keeping other commands clean.
2026-04-10 22:31:05 +08:00
LIghtJUNction
9daf44aa4e feat(cli): add detailed version command with system and git info
- Add `astrbot version` subcommand showing:
  - AstrBot version
  - Python version
  - System/machine info
  - Git branch and commit
  - AstrBot root path
  - Platform details
- Also works with `astrbot --version` flag
2026-04-10 22:23:37 +08:00
LIghtJUNction
dcf84e6726 feat: enhance CLI prompts and fix frontend 401 handling
- cmd_conf: show password rules before setting, display length after input
- cmd_init/cmd_run: add Chinese prompts and HTTPS security warnings
- openai_source/gemini_source: add missing provider adapter import
- ConsoleDisplayer: add missing resolveApiUrl import for SSE
- WelcomePage: show user-friendly message for 401 unauthorized errors
2026-04-10 21:58:52 +08:00
LIghtJUNction
18e66595f0 chore: ruff check --fix && ruff format . 2026-04-10 20:12:33 +08:00
LIghtJUNction
ec1af1ac0f ruff check --fix --select ALL 2026-04-10 19:57:02 +08:00
LIghtJUNction
3cd48ad1d9 feat(cli): block password change if astrbot is running
AstrBot uses a lock file (astrbot.lock) to prevent concurrent instances.
Before allowing a password change via `astrbot conf admin`, the CLI now
attempts to acquire the lock with a 1-second timeout. If acquisition fails
(another process holds it), the command is rejected with a clear error
message instructing the user to stop astrbot first.
2026-04-08 21:28:14 +08:00
Soulter
ff299f770f chore: bump version to 4.22.3 2026-04-05 23:39:41 +08:00
LIghtJUNction
5012475c29 style: remove redundant empty lines and unused exception variables 2026-04-04 17:53:05 +08:00
LIghtJUNction
6bff35d40c fix(dashboard): resolve JSON syntax errors and BOM in auth.json 2026-04-04 17:22:39 +08:00
LIghtJUNction
3d2ff938f5 fix(cli): use raise from e in exception clauses 2026-04-04 16:34:56 +08:00
LIghtJUNction
4308580039 chore: ruff 2026-04-04 16:29:00 +08:00
LIghtJUNction
c4dee9091a refactor(cli): unify password encryption logic in cmd_conf.py 2026-04-04 16:27:53 +08:00
LIghtJUNction
26ff632831 chore: remove astrbot-rs 2026-04-03 01:26:25 +08:00
LIghtJUNction
3af00b90bd chore: cmd_run 2026-04-02 21:30:59 +08:00
LIghtJUNction
ca4923dec6 refactor: remove TUI from cmd_run 2026-04-02 21:28:37 +08:00
LIghtJUNction
868c81bbc7 chore: commit all changes 2026-04-02 21:23:23 +08:00
LIghtJUNction
7b22e56252 security: remove legacy SHA256/MD5 password verification and fix API key logging
- Remove insecure SHA256/MD5 password hash verification from cmd_conf.py
  (rejection logic for storing legacy hashes is preserved)
- Remove API key logging from gemini_source.py, openai_source.py
- Remove header logging (contains Authorization header) from volcengine_tts.py

CodeQL issues fixed:
- Broken cryptographic hash (SHA256/MD5 for passwords)
- Clear-text logging of sensitive information (API keys)
2026-03-29 15:48:38 +08:00
Soulter
afa43fc0e2 chore: update version to 4.22.2 in multiple files 2026-03-29 00:32:31 +08:00
LIghtJUNction
e8cd999596 chore: 更新项目配置和 CLI
- 更新 .env.example 环境变量示例
- 更新 pyproject.toml 依赖配置
- 删除 tui 相关命令 (cmd_tui.py, cmd_run_tui.py)
- 更新 CLI i18n 和核心模块
- 删除 tombi.toml
2026-03-27 00:16:03 +08:00
Soulter
b2718b07b6 chore: bump version to 4.22.1 2026-03-26 00:03:23 +08:00
LIghtJUNction
be65022de1 refactor(protocols): update protocol client implementations 2026-03-25 00:10:29 +08:00
LIghtJUNction
613910f592 refactor(cli): update CLI commands structure 2026-03-25 00:10:23 +08:00
LIghtJUNction
abbb2c85fc revert: restore run command to old architecture
The run command should use the original InitialLoader-based startup,
not the new _internal/runtime bootstrap. Only the dev subcommand
uses the new architecture.
2026-03-24 21:02:53 +08:00