fix(auth): enhance the URL check (#2422)
Co-authored-by: imbajin <jin@apache.org>
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 356c834..c71e5e4 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -51,11 +51,12 @@
<!-- DO NOT REMOVE THIS SECTION. CHECK THE PROPER BOX ONLY. -->
-- [ ] Nope
-- [ ] Dependencies (add/update license info) <!-- Don't forget to add/update the info in "LICENSE" & "NOTICE" files (both in root & dist module) -->
+- [ ] Dependencies ([add/update license](https://hugegraph.apache.org/docs/contribution-guidelines/contribute/#321-check-licenses) info & [regenerate_dependencies](../hugegraph-server/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh)) <!-- Don't forget to add/update the info in "LICENSE" & "NOTICE" files (both in root & dist module) -->
- [ ] Modify configurations
- [ ] The public API
- [ ] Other affects (typed here)
+- [ ] Nope
+
## Documentation Status
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d439c31..e1130bd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -10,6 +10,7 @@
jobs:
build:
+ # TODO: we need test & replace it to ubuntu-24.04 or ubuntu-latest
runs-on: ubuntu-20.04
env:
USE_STAGE: 'false' # Whether to include the stage repository.
diff --git a/hugegraph-server/hugegraph-api/pom.xml b/hugegraph-server/hugegraph-api/pom.xml
index ce18f8d..e13849d 100644
--- a/hugegraph-server/hugegraph-api/pom.xml
+++ b/hugegraph-server/hugegraph-api/pom.xml
@@ -164,6 +164,12 @@
<artifactId>arthas-packaging</artifactId>
<version>${arthas.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.gridkit.jvmtool</groupId>
+ <artifactId>sjk-core</artifactId>
+ <version>0.22</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
<build>
diff --git a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
index fffe5ef..8505d43 100644
--- a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
+++ b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/api/filter/AuthenticationFilter.java
@@ -41,6 +41,7 @@
import org.apache.tinkerpop.gremlin.server.auth.AuthenticationException;
import org.glassfish.grizzly.http.server.Request;
import org.glassfish.grizzly.utils.Charsets;
+import org.gridkit.jvmtool.cmd.AntPathMatcher;
import org.slf4j.Logger;
import com.alipay.remoting.util.StringUtils;
@@ -71,10 +72,11 @@
private static final Logger LOG = Log.logger(AuthenticationFilter.class);
private static final List<String> WHITE_API_LIST = ImmutableList.of(
- "auth/login",
+ "graphs/*/auth/login",
"versions",
"openapi.json"
);
+ private static final AntPathMatcher MATCHER = new AntPathMatcher();
private static String whiteIpStatus;
@@ -314,9 +316,8 @@
public static boolean isWhiteAPI(ContainerRequestContext context) {
String path = context.getUriInfo().getPath();
-
for (String whiteApi : WHITE_API_LIST) {
- if (path.endsWith(whiteApi)) {
+ if (MATCHER.match(whiteApi, path)) {
return true;
}
}
diff --git a/hugegraph-server/hugegraph-dist/scripts/dependency/known-dependencies.txt b/hugegraph-server/hugegraph-dist/scripts/dependency/known-dependencies.txt
index 92e406a..c1319ff 100644
--- a/hugegraph-server/hugegraph-dist/scripts/dependency/known-dependencies.txt
+++ b/hugegraph-server/hugegraph-dist/scripts/dependency/known-dependencies.txt
@@ -1,8 +1,10 @@
+HdrHistogram-2.1.9.jar
+ST4-4.0.8.jar
accessors-smart-1.2.jar
airline-0.8.jar
animal-sniffer-annotations-1.19.jar
-annotations-4.1.1.4.jar
annotations-13.0.jar
+annotations-4.1.1.4.jar
ansj_seg-5.1.6.jar
antlr-runtime-3.5.2.jar
aopalliance-repackaged-3.0.1.jar
@@ -100,7 +102,6 @@
hamcrest-core-1.3.jar
hanlp-portable-1.8.3.jar
hbase-shaded-endpoint-2.0.6.jar
-HdrHistogram-2.1.9.jar
hessian-3.3.6.jar
high-scale-lib-1.0.6.jar
hk2-api-3.0.1.jar
@@ -172,8 +173,8 @@
jersey-server-3.0.3.jar
jersey-test-framework-core-3.0.3.jar
jersey-test-framework-provider-grizzly2-3.0.3.jar
-jffi-1.2.16.jar
jffi-1.2.16-native.jar
+jffi-1.2.16.jar
jflex-1.8.2.jar
jieba-analysis-1.0.2.jar
jjwt-api-0.11.5.jar
@@ -253,21 +254,31 @@
perfmark-api-0.25.0.jar
picocli-4.3.2.jar
postgresql-42.4.3.jar
-protobuf-java-3.21.7.jar
proto-google-common-protos-1.17.0.jar
+protobuf-java-3.21.7.jar
psjava-0.1.19.jar
-reporter-config3-3.0.3.jar
reporter-config-base-3.0.3.jar
+reporter-config3-3.0.3.jar
rewriting-9.0-9.0.20190305.jar
rocksdbjni-7.2.2.jar
scala-java8-compat_2.12-0.8.0.jar
scala-library-2.12.7.jar
scala-reflect-2.12.7.jar
sigar-1.6.4.jar
+sjk-agent-0.22.jar
sjk-cli-0.14.jar
+sjk-cli-0.22.jar
sjk-core-0.14.jar
+sjk-core-0.22.jar
+sjk-hflame-0.22.jar
+sjk-jfr-standalone-0.7.jar
+sjk-jfr5-0.5.jar
+sjk-jfr6-0.7.jar
sjk-json-0.14.jar
+sjk-json-0.22.jar
+sjk-nps-0.9.jar
sjk-stacktrace-0.14.jar
+sjk-stacktrace-0.22.jar
slf4j-api-1.7.25.jar
snakeyaml-1.26.jar
snakeyaml-1.27.jar
@@ -277,7 +288,6 @@
sofa-common-tools-1.0.12.jar
sofa-rpc-all-5.7.6.jar
sourcecode_2.12-0.1.4.jar
-ST4-4.0.8.jar
stream-2.5.2.jar
swagger-annotations-1.5.18.jar
swagger-annotations-jakarta-2.2.18.jar
diff --git a/hugegraph-server/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh b/hugegraph-server/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh
index b555bd6..64bb571 100644
--- a/hugegraph-server/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh
+++ b/hugegraph-server/hugegraph-dist/scripts/dependency/regenerate_known_dependencies.sh
@@ -16,7 +16,7 @@
# limitations under the License.
#
-BASE_PATH=$(cd $(dirname $0); pwd)
+BASE_PATH=$(cd "$(dirname $0)" || exit; pwd)
DEP_PATH=$BASE_PATH/all_dependencies
FILE_NAME=${1:-known-dependencies.txt}
@@ -25,7 +25,7 @@
rm -r -f $DEP_PATH
fi
-cd $BASE_PATH/../../../
+cd "$BASE_PATH"/../../../ || exit
mvn dependency:copy-dependencies -DincludeScope=runtime -DoutputDirectory=$DEP_PATH