Releases: one-ea/Monolith
Releases · one-ea/Monolith
v2.5.0
v2.4.1
v2.4.0
v2.3.2 — 跨平台部署链路加固
跨平台部署链路加固
源自 H005 Linux 端到端实测 + Win/Mac 平台推演。
🛠️ 部署脚本(scripts/deploy-cloudflare.mjs)
checkPrerequisites() 末尾追加 Windows 11 环境卫生预检(仅 IS_WIN 触发,非阻断):
- W4:git autocrlf 检测 —
git config --get core.autocrlf=true时给出 hint,避免wrangler.toml/*.mjs被改成 CRLF 导致 wrangler 解析报怪错 - W5:OneDrive 同步目录检测 — 正则
(?:^|[\\/])onedrive(?:[\s\-\\/]|[A-Za-z]|$)/i覆盖:- 个人版
OneDrive - 企业版
OneDrive - Contoso - 历史变体
OneDriveCommercial/OneDrive-Personal - 不误匹配
onedrive_user/my-onedrive-backup - 9/9 单测全过
- 个人版
📚 Wiki 文档(Deployment.md)
- 步骤 2 新增「Windows 11 前置卫生」章节(autocrlf / OneDrive / Defender 三条)
- 步骤 2 新增「macOS 注意点」(Apple Silicon 不要
brew install wrangler/ Gatekeeper 首次 OAuth 警告) - 步骤 5 验证段补
/api/auth/logincurl 示例(实测发现首次部署用户易误用/api/admin/login报 401)
🤝 Reviewers
- CodeRabbit 提出 OneDrive 企业版漏检 issue,已修复并扩展正则(详见 PR #58)
📦 Pull Requests
Full Changelog: v2.3.1...v2.3.2
v2.3.1 — Win11 部署修复 + Bitwarden 兼容
修复
Windows 11 部署链路(#56)
修复 v2.3.0 在 Windows 11 上 npm run deploy:cloudflare 卡在「应用远程数据库迁移」步骤静默退出的问题:
- 绕过 npm workspace shim,直接调用
npx wrangler d1 migrations apply(cwd=server) - 显式喂入
y\n兜底 wrangler 默认交互确认在非 TTY 环境下秒退 - runStep 增强
status === null/ signal 诊断,避免再次静默
密码管理器自动填充(#55)
管理员密码框现已正确支持 Bitwarden / 1Password / Chrome 内置密码管理器:
- W3C 推荐的 hidden username 模式
- 双登录入口同步:admin-gate.tsx 弹窗 + pages/admin/login.tsx 全屏登录页
- 完整 name / id / aria-label / autoComplete metadata,零视觉变化
升级动作
XBro / 全体 Win11 部署用户:拉最新 main 分支重新跑 npm run deploy:cloudflare 即可。
完整变更
v2.3.0 — Cloudflare Analytics Engine 全维度埋点
新增能力
- AE Worker 端原生埋点
POST /api/track,写入 BLOG_ANALYTICS 数据集 - 客户端
tracker.js+analytics.ts自动采集(路径/UA/语言/屏幕/停留) - 后台新增 AE Tab:访客时序 / 国家 / 引荐 / 设备 / 浏览器 / OS / 页面 / 屏幕 / 语言
- 扩展维度:每周热力图 / 停留分桶 / 入口出口 / 新老访客 / 跳出率 / 人均页数 / 引荐 Top 20
关键修复
- AE SQL 严格子集兼容:移除全部
multiIf/if()/countIf/argMin/CASE WHEN - 改用「多查询并发 + JS 端组装」模式实现条件分支
- 部署脚本兼容 wrangler ASCII commit-message 限制
风险
- AE 数据保留 31 天,长窗口查询自然降级
- 单 visitor_id 基于 cookie,浏览器隔离环境会重复计数(已知行为)
v2.2.0
What's Changed
- feat(seo): SEO 仪表盘 + sitemap/robots 路由代理与 origin 修正 by @one-ea in #50
- chore(release): v2.2.0 by @one-ea in #51
Full Changelog: v2.1.0...v2.2.0
Contributors
one-ea
Assets 2
v2.1.0
What's Changed
Full Changelog: v2.0.0...v2.1.0
Contributors
one-ea
Assets 2
v2.0.0 — V1 周期收口,进入 V2 主线
What's Changed
- fix: security & logic improvements (high/medium priority issues) by @one-ea in #1
- fix(ui): mobile responsive layout by @one-ea in #2
- fix(ui): dashboard mobile layout v2 by @one-ea in #3
- feat(v1.2): 流量统计、后台重构、Pages Functions 代理、Bug 修复、文档更新 by @one-ea in #4
- docs+chore: README 更新 + CodeRabbit AI 审查配置 by @one-ea in #5
- feat(seo): SEO 全面增强 — 爬虫预渲染 + JSON-LD + 面包屑 + 404 页面 by @one-ea in #6
- feat(v2.0): 完整版本更新、批量处理、版本历史与各类安全修复 by @one-ea in #7
- chore(config): 优化 Dependabot 合并策略 (启用群组构建) by @one-ea in #14
- chore(ci): bump actions/checkout from 4 to 6 by @dependabot[bot] in #10
- chore(ci): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #8
- chore(ci): bump actions/setup-node from 4 to 6 by @dependabot[bot] in #9
- chore(deps): bump drizzle-kit from 0.21.4 to 0.31.10 in /server by @dependabot[bot] in #12
- fix: address CodeRabbit review findings (竞态优化与样式修复) by @one-ea in #16
- chore(ci): bump the actions-updates group with 2 updates by @dependabot[bot] in #15
- feat(mcp): 新增博客专属 MCP 服务器 + fix(markdown): 修复表格渲染 by @one-ea in #17
- security: resolve remaining Code Scanning Object Injection alerts by @one-ea in #19
- feat(admin): refactor settings module to categorized sidebar tabs by @one-ea in #20
- chore: sync admin hardening and code scanning fixes into main by @one-ea in #21
- fix: restore editor back navigation by @one-ea in #22
- perf: speed up public post loading by @one-ea in #24
- feat: 前端样式精修 + 后台主题切换 + 部署管道安全加固 by @one-ea in #26
- fix(ci): add package-lock.json to main to unblock GitHub Actions deployment by @one-ea in #27
- style: enhance editor UI text contrast and visibility by @one-ea in #30
- chore(deps): bump hono from 4.12.12 to 4.12.14 by @dependabot[bot] in #28
- chore(deps): bump dompurify from 3.3.3 to 3.4.0 by @dependabot[bot] in #29
- fix(deps): resolve 8 Dependabot security alerts via overrides by @one-ea in #31
- fix(security): resolve 4 Code Scanning alerts (ESLint false positives) by @one-ea in #32
- fix(lint): disable security/detect-object-injection at config level by @one-ea in #33
- ci: harden Dependabot & Code Scanning configurations by @one-ea in #34
- chore(ci): bump the actions-updates group with 4 updates by @dependabot[bot] in #35
- chore(deps): bump @types/dompurify from 3.0.5 to 3.2.0 in the root-minor-patch-updates group by @dependabot[bot] in #37
- fix(security): harden Monolith against XSS, SSRF, info leaks, and abuse by @one-ea in #38
- feat: 独立页动态导航、后台侧栏固定、移动端代码块优化、标签折叠 by @one-ea in #40
- chore: KaTeX math support + project cleanup by @one-ea in #42
- fix(ci): use PAT_TOKEN for dependabot auto-approve by @one-ea in #44
- chore(deps): bump fast-xml-parser and @aws-sdk/xml-builder by @dependabot[bot] in #43
- chore: refresh repo metadata + fix CI (setup-node v6→v4) by @one-ea in #45
- chore(repo): add lint scripts, .nvmrc, .editorconfig, CONTRIBUTING.md by @one-ea in #46
- chore(release): v2.0.0 by @one-ea in #47
New Contributors
- @one-ea made their first contribution in #1
- @dependabot[bot] made their first contribution in #10
Full Changelog: https://github.com/one-ea/Monolith/commits/v2.0.0
Contributors
dependabot and one-ea