#9921)

#### What type of PR is this?

/kind improvement
/area core
/milestone 2.24.x

#### What this PR does / why we need it:

This PR uses [UAP](https://github.com/ua-parser/uap-java) to parse user agent string instead of resolving by hand.

#### Special notes for your reviewer:

1. Try to revoke all devices and log in
2. See the latest notification

#### Does this PR introduce a user-facing change?

```release-note
None
```

Added contributor agreement terms regarding code usage and open-source agreement adjustments.

<!--  Thanks for sending a pull request!  Here are some tips for you:
1. 如果这是你的第一次，请阅读我们的贡献指南：<https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>。
1. If this is your first time, please read our contributor guidelines: <https://github.com/halo-dev/halo/blob/main/CONTRIBUTING.md>.
2. 请根据你解决问题的类型为 Pull Request 添加合适的标签。
2. Please label this pull request according to what type of issue you are addressing, especially if this is a release targeted pull request.
3. 请确保你已经添加并运行了适当的测试。
3. Ensure you have added or ran the appropriate tests for your PR.
4. 如果你的 PR 使用了 LLM 生成代码，请在 PR 中添加相应的说明，我们不反对使用 LLM 辅助开发，但希望你能够先对生成的代码进行审查。
5. If your PR uses LLM generated code, please add a corresponding description in the PR, we do not oppose using LLM to assist development, but we hope you can review the generated code first.
-->

#### What type of PR is this?

<!--
添加其中一个类别：
Add one of the following kinds:

/kind bug
/kind cleanup
/kind documentation
/kind feature
/kind improvement

适当添加其中一个或多个类别（可选）：
Optionally add one or more of the following kinds if applicable:

/kind api-change
/kind deprecation
/kind failing-test
/kind flake
/kind regression
-->

#### What this PR does / why we need it:

#### Which issue(s) this PR fixes:

<!--
PR 合并时自动关闭 issue。
Automatically closes linked issue when PR is merged.

用法：`Fixes #<issue 号>`，或者 `Fixes (粘贴 issue 完整链接)`
Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`.
-->
Fixes #

#### Special notes for your reviewer:

#### Does this PR introduce a user-facing change?

<!--
如果当前 Pull Request 的修改不会造成用户侧的任何变更，在 `release-note` 代码块儿中填写 `NONE`。
否则请填写用户侧能够理解的 Release Note。如果当前 Pull Request 包含破坏性更新（Break Change），
Release Note 需要以 `action required` 开头。
If no, just write "NONE" in the release-note block below.
If yes, a release note is required:
Enter your extended release note in the block below. If the PR requires additional action from users switching to the new release, include the string "action required".
-->

```release-note
```

…nd update static resource path patterns (#9928)

#### What type of PR is this?

/kind bug
/kind regression
/area core
/milestone 2.24.x

#### What this PR does / why we need it:

This PR refactors remember-me token handling with rotation and grace period. Meanwhile, this PR also updates static resource path patterns `/ui-assets/**` to skip authentication for those requests towards static resources.

The PR #6329 was a temporary solution and this PR fixes it completely.

#### Which issue(s) this PR fixes:

Fixes #6290

#### Special notes for your reviewer:

1. Try to log in with remember-me checked and go to `/console`.
2. Open browser devetools and try to delete cookie `SESSION` singly.
3. Click menu `Posts` on your left side bar.
4. Click other menus see whether you will be redirected to login page.

#### Does this PR introduce a user-facing change?

```release-note
解决“记住我”功能在特定情况下可能失效的问题
```

…upload from URL (#9931)

#### What type of PR is this?

/kind improvement
/kind bug

#### What this PR does / why we need it:

Replace `ReactiveUrlDataBufferFetcher` with `WebClient` for downloading attachments from URLs. The previous implementation used `ReactiveUrlDataBufferFetcher`, which had a hard response body size limit (10MB) enforced by `HttpSecurityUtils.maxResponseSizeFilter`. This limit caused plugin installation failures when downloading larger plugins from the app store.

The new implementation uses a dedicated `WebClient` with configurable timeouts and no artificial size limit, improving download reliability. It also adds support for redirect-following and basic error handling for HTTP errors.

Key changes:
- Replace `ReactiveUrlDataBufferFetcher` with `WebClient` in `DefaultAttachmentService.uploadFromUrl()`
- Add `@Nullable` annotations to `groupName` and `filename` parameters in the `AttachmentService` interface
- Update tests to use `MockServerClient` instead of wiring `ReactiveUrlDataBufferFetcher`
- Remove unused `BufferSize` option from `DefaultReactiveUrlDataBufferFetcher`

#### Which issue(s) this PR fixes:

Fixes #9923

#### Special notes for your reviewer:

None.

#### Does this PR introduce a user-facing change?

```release-note
修复通过 URL 下载大文件（如插件安装包）时因响应体大小限制导致下载失败的问题。
```

* Fix random post retrieval to always return requested size

The random method in PostFinderImpl could return fewer posts than
requested when the randomly selected page was the last page. Now it
wraps around to the beginning to fill up to the requested size.

Fixes #9929

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* Enhance random post retrieval with shuffling and unsorted sort

* Use default sort in random post retrieval

---------

Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>