8 Commits

Author SHA1 Message Date
RainySY
c67b7779ab fix: 修复登录假成功,Cookie 改为每会话注入
根因:linux.do 登录表单启用 hCaptcha 人机验证,自动化浏览器无法通过,
旧自动登录永远不可能成功;而抓取的 _forum_session 是匿名会话本就存在的
cookie,误报「自动登录成功」,导致受限主题一直 404。

修复:
- 移除无效的账号密码自动登录(_auto_login_and_capture)
- Cookie 改为每个 StealthySession 会话都重新注入(旧代码跨请求丢失)
- 登录校验端点改用 /notifications.json(匿名 403 / 登录 200),
  弃用对匿名也返回 404 的 /session/current_user.json
- Cookie 配置支持多格式:完整 Cookie 头、单 name=value、裸值(向后兼容)

linuxdo_username/password 保留仅为兼容,不再生效。
2026-06-16 23:52:59 +08:00
RainySY
136f15e3ec feat: add auto-login to capture session cookie
When linuxdo_username and linuxdo_password are configured, the plugin
automatically logs in via Playwright and captures the _forum_session
cookie from the browser context. No manual cookie copy needed.

Auth priority:
1. Manual linuxdo_session_cookie (if configured)
2. Auto-login via username+password (if configured)
3. Anonymous access (fallback)

Also update README and CHANGELOG with dual-mode auth documentation.
2026-06-16 14:25:23 +08:00
RainySY
70f4f6eb97 refactor: replace Playwright form login with cookie injection
linux.do doesn't provide user-level API keys, and the Playwright form
login approach was fragile (depends on SPA rendering, CSRF handling,
selector stability). Replace with a simpler cookie injection approach:

- User copies _forum_session cookie from browser DevTools
- Plugin injects it into StealthySession's browser context
- Validates via /session/current_user.json
- Falls back to anonymous if cookie is invalid/expired

Config changes:
- Add linuxdo_session_cookie (string, optional)
- Remove linuxdo_username and linuxdo_password (no longer needed)
2026-06-16 14:16:30 +08:00
RainySY
b7111cdcac feat: add LinuxDo account login for accessing restricted content
When linuxdo_username and linuxdo_password are configured, the plugin
automatically logs in via Playwright's form POST to /login on Discourse.
The session cookies persist in the StealthySession context, enabling
authenticated API calls to access restricted categories, private
messages, and other non-public content.

The login flow:
1. _ensure_authenticated() is called once per StealthySession lifetime
2. _check_login_state() detects if already logged in (avoids re-login)
3. If not logged in, _do_login() navigates to /login, fills the form
   (username/password), and clicks submit (no CSRF token needed for
   HTML form POST — Discourse only enforces CSRF on XHR)
4. If login fails (wrong credentials, 2FA, rate limit), the plugin
   gracefully degrades to anonymous access and proceeds normally

Config additions:
- linuxdo_username: string, optional
- linuxdo_password: string, optional (sensitive, plaintext in config)

Version: 1.1.3 → 1.2.0 (new feature)
2026-06-16 13:29:54 +08:00
RainySY
7f3831f301 docs: update CHANGELOG and bump to 1.1.3
Document the screenshot decoupling from full_page flag (6aae30e) under
a new 1.1.3 patch entry. Bump metadata.yaml version.
2026-06-16 12:46:22 +08:00
RainySY
f72efbc2d3 docs: update CHANGELOG and bump to 1.1.2
Document the adaptive .card element screenshot fix from 0496d68 under
a new 1.1.2 patch entry. Bump metadata.yaml version.
2026-06-16 12:36:50 +08:00
RainySY
7dda0e5a9c docs: update CHANGELOG and bump to 1.1.1
Document the broken-image / Discourse meta cleanup fixes shipped in
f17dd28 under a new 1.1.1 patch entry. Bump metadata.yaml version.
2026-06-16 12:26:08 +08:00
RainySY
818bac1458 docs: add CHANGELOG.md
Track version history using Keep a Changelog format. Documents 1.1.0
(API + custom HTML render) and backfills 1.0.0 release notes from
git log.
2026-06-16 12:13:05 +08:00