fix(auth): enhance the URL check (apache#2422)

Co-authored-by: imbajin <[email protected]>

.github/PULL_REQUEST_TEMPLATE.md

@@ -51,11 +51,12 @@ For example:
 
 <!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. -->
 
-- [ ]  Nope
-- [ ]  Dependencies (add/update license info) <!-- Don't forget to add/update the info in "LICENSE" & "NOTICE" files (both in root & dist module) -->
+- [ ]  Dependencies ([add/update license](https://hugegraph.apache.org/docs/contribution-guidelines/contribute/#321-check-licenses) info & [regenerate_dependencies](../hugegraph-server/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh)) <!-- Don't forget to add/update the info in "LICENSE" & "NOTICE" files (both in root & dist module) -->
 - [ ]  Modify configurations
 - [ ]  The public API
 - [ ]  Other affects (typed here)
+- [ ]  Nope
+
 
 ## Documentation Status
 

.github/workflows/ci.yml

@@ -10,6 +10,7 @@ on:
 
 jobs:
   build:
+    # TODO: we need test & replace it to ubuntu-24.04 or ubuntu-latest
     runs-on: ubuntu-20.04
     env:
       USE_STAGE: 'false' # Whether to include the stage repository.

hugegraph-server/hugegraph-api/pom.xml

@@ -164,6 +164,12 @@
             <artifactId>arthas-packaging</artifactId>
             <version>${arthas.version}</version>
         </dependency>
+      <dependency>
+        <groupId>org.gridkit.jvmtool</groupId>
+        <artifactId>sjk-core</artifactId>
+        <version>0.22</version>
+        <scope>compile</scope>
+      </dependency>
     </dependencies>
 
     <build>

hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java

@@ -41,6 +41,7 @@
 import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
 import org.glassfish.grizzly.http.server.Request;
 import org.glassfish.grizzly.utils.Charsets;
+import org.gridkit.jvmtool.cmd.AntPathMatcher;
 import org.slf4j.Logger;
 
 import com.alipay.remoting.util.StringUtils;
@@ -71,10 +72,11 @@ public class AuthenticationFilter implements ContainerRequestFilter {
     private static final Logger LOG = Log.logger(AuthenticationFilter.class);
 
     private static final List<String> WHITE_API_LIST = ImmutableList.of(
-            "auth/login",
+            "graphs/*/auth/login",
             "versions",
             "openapi.json"
     );
+    private static final AntPathMatcher MATCHER = new AntPathMatcher();
 
     private static String whiteIpStatus;
 
@@ -314,9 +316,8 @@ public boolean equals(Object obj) {
 
     public static boolean isWhiteAPI(ContainerRequestContext context) {
         String path = context.getUriInfo().getPath();
-
         for (String whiteApi : WHITE_API_LIST) {
-            if (path.endsWith(whiteApi)) {
+            if (MATCHER.match(whiteApi, path)) {
                 return true;
             }
         }

hugegraph-server/hugegraph-dist/scripts/dependency/known-dependencies.txt

@@ -1,8 +1,10 @@
+HdrHistogram-2.1.9.jar
+ST4-4.0.8.jar
 accessors-smart-1.2.jar
 airline-0.8.jar
 animal-sniffer-annotations-1.19.jar
-annotations-4.1.1.4.jar
 annotations-13.0.jar
+annotations-4.1.1.4.jar
 ansj_seg-5.1.6.jar
 antlr-runtime-3.5.2.jar
 aopalliance-repackaged-3.0.1.jar
@@ -100,7 +102,6 @@ hamcrest-2.2.jar
 hamcrest-core-1.3.jar
 hanlp-portable-1.8.3.jar
 hbase-shaded-endpoint-2.0.6.jar
-HdrHistogram-2.1.9.jar
 hessian-3.3.6.jar
 high-scale-lib-1.0.6.jar
 hk2-api-3.0.1.jar
@@ -172,8 +173,8 @@ jersey-media-json-jackson-3.0.3.jar
 jersey-server-3.0.3.jar
 jersey-test-framework-core-3.0.3.jar
 jersey-test-framework-provider-grizzly2-3.0.3.jar
-jffi-1.2.16.jar
 jffi-1.2.16-native.jar
+jffi-1.2.16.jar
 jflex-1.8.2.jar
 jieba-analysis-1.0.2.jar
 jjwt-api-0.11.5.jar
@@ -253,21 +254,31 @@ parser-9.0-9.0.20190305.jar
 perfmark-api-0.25.0.jar
 picocli-4.3.2.jar
 postgresql-42.4.3.jar
-protobuf-java-3.21.7.jar
 proto-google-common-protos-1.17.0.jar
+protobuf-java-3.21.7.jar
 psjava-0.1.19.jar
-reporter-config3-3.0.3.jar
 reporter-config-base-3.0.3.jar
+reporter-config3-3.0.3.jar
 rewriting-9.0-9.0.20190305.jar
 rocksdbjni-7.2.2.jar
 scala-java8-compat_2.12-0.8.0.jar
 scala-library-2.12.7.jar
 scala-reflect-2.12.7.jar
 sigar-1.6.4.jar
+sjk-agent-0.22.jar
 sjk-cli-0.14.jar
+sjk-cli-0.22.jar
 sjk-core-0.14.jar
+sjk-core-0.22.jar
+sjk-hflame-0.22.jar
+sjk-jfr-standalone-0.7.jar
+sjk-jfr5-0.5.jar
+sjk-jfr6-0.7.jar
 sjk-json-0.14.jar
+sjk-json-0.22.jar
+sjk-nps-0.9.jar
 sjk-stacktrace-0.14.jar
+sjk-stacktrace-0.22.jar
 slf4j-api-1.7.25.jar
 snakeyaml-1.26.jar
 snakeyaml-1.27.jar
@@ -277,7 +288,6 @@ snowball-stemmer-1.3.0.581.1.jar
 sofa-common-tools-1.0.12.jar
 sofa-rpc-all-5.7.6.jar
 sourcecode_2.12-0.1.4.jar
-ST4-4.0.8.jar
 stream-2.5.2.jar
 swagger-annotations-1.5.18.jar
 swagger-annotations-jakarta-2.2.18.jar

hugegraph-server/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh

@@ -16,7 +16,7 @@
 # limitations under the License.
 #
 
-BASE_PATH=$(cd $(dirname $0); pwd)
+BASE_PATH=$(cd "$(dirname $0)" || exit; pwd)
 DEP_PATH=$BASE_PATH/all_dependencies
 FILE_NAME=${1:-known-dependencies.txt}
 
@@ -25,7 +25,7 @@ if [[ -d $DEP_PATH ]];then
   rm -r -f $DEP_PATH
 fi
 
-cd $BASE_PATH/../../../
+cd "$BASE_PATH"/../../../ || exit
 
 mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=$DEP_PATH