From ad6f16452c1bba4735829de16763a5789b8d96f4 Mon Sep 17 00:00:00 2001
From: Vishal Egbert <vishal.egbert@thetradedesk.com>
Date: Thu, 21 Nov 2024 15:03:28 +1100
Subject: [PATCH 1/4] Fix unbounded path label

---
 .../com/uid2/core/vertx/CoreVerticle.java     | 32 +++++++--------
 .../java/com/uid2/core/vertx/Endpoints.java   | 39 +++++++++++++++++++
 2 files changed, 55 insertions(+), 16 deletions(-)
 create mode 100644 src/main/java/com/uid2/core/vertx/Endpoints.java

diff --git a/src/main/java/com/uid2/core/vertx/CoreVerticle.java b/src/main/java/com/uid2/core/vertx/CoreVerticle.java
index 23b793c0..b76d3156 100644
--- a/src/main/java/com/uid2/core/vertx/CoreVerticle.java
+++ b/src/main/java/com/uid2/core/vertx/CoreVerticle.java
@@ -176,26 +176,26 @@ private Router createRoutesSetup() {
                 .allowedHeader("Content-Type"));
         router.route().failureHandler(new GenericFailureHandler());
 
-        router.post("/attest")
+        router.post(Endpoints.ATTEST.toString())
                 .handler(new AttestationFailureHandler())
                 .handler(auth.handle(this::handleAttestAsync, Role.OPERATOR, Role.OPTOUT_SERVICE));
-        router.get("/cloud_encryption_keys/retrieve").handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
-        router.get("/sites/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
-        router.get("/key/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
-        router.get("/key/acl/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
-        router.get("/key/keyset/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeysetRefresh), Role.OPERATOR));
-        router.get("/key/keyset-keys/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleKeysetKeyRefresh), Role.OPERATOR));
-        router.get("/salt/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleSaltRefresh), Role.OPERATOR));
-        router.get("/clients/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleClientRefresh), Role.OPERATOR));
-        router.get("/client_side_keypairs/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), Role.OPERATOR));
-        router.get("/services/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleServiceRefresh), Role.OPERATOR));
-        router.get("/service_links/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleServiceLinkRefresh), Role.OPERATOR));
-        router.get("/operators/refresh").handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
-        router.get("/partners/refresh").handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
-        router.get("/ops/healthcheck").handler(this::handleHealthCheck);
+        router.get(Endpoints.CLOUD_ENCRYPTION_KEYS_RETRIEVE.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleCloudEncryptionKeysRetrieval), Role.OPERATOR));
+        router.get(Endpoints.SITES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSiteRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_ACL_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeyAclRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_KEYSET_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetRefresh), Role.OPERATOR));
+        router.get(Endpoints.KEY_KEYSET_KEYS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleKeysetKeyRefresh), Role.OPERATOR));
+        router.get(Endpoints.SALT_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleSaltRefresh), Role.OPERATOR));
+        router.get(Endpoints.CLIENTS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientRefresh), Role.OPERATOR));
+        router.get(Endpoints.CLIENT_SIDE_KEYPAIRS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleClientSideKeypairRefresh), Role.OPERATOR));
+        router.get(Endpoints.SERVICES_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceRefresh), Role.OPERATOR));
+        router.get(Endpoints.SERVICE_LINKS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleServiceLinkRefresh), Role.OPERATOR));
+        router.get(Endpoints.OPERATORS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handleOperatorRefresh), Role.OPTOUT_SERVICE));
+        router.get(Endpoints.PARTNERS_REFRESH.toString()).handler(auth.handle(attestationMiddleware.handle(this::handlePartnerRefresh), Role.OPTOUT_SERVICE));
+        router.get(Endpoints.OPS_HEALTHCHECK.toString()).handler(this::handleHealthCheck);
 
         if (Optional.ofNullable(ConfigStore.Global.getBoolean("enable_test_endpoints")).orElse(false)) {
-            router.route("/attest/get_token").handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
+            router.route(Endpoints.ATTEST_GET_TOKEN.toString()).handler(auth.handle(this::handleTestGetAttestationToken, Role.OPERATOR));
         }
 
         return router;
diff --git a/src/main/java/com/uid2/core/vertx/Endpoints.java b/src/main/java/com/uid2/core/vertx/Endpoints.java
new file mode 100644
index 00000000..64f48318
--- /dev/null
+++ b/src/main/java/com/uid2/core/vertx/Endpoints.java
@@ -0,0 +1,39 @@
+package com.uid2.core.vertx;
+
+import java.util.Set;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+public enum Endpoints {
+    OPS_HEALTHCHECK("/ops/healthcheck"),
+    ATTEST("/attest"),
+    ATTEST_GET_TOKEN("/attest/get_token"),
+    CLOUD_ENCRYPTION_KEYS_RETRIEVE("/cloud_encryption_keys/retrieve"),
+    SITES_REFRESH("/sites/refresh"),
+    KEY_REFRESH("/key/refresh"),
+    KEY_ACL_REFRESH("/key/acl/refresh"),
+    KEY_KEYSET_REFRESH("/key/keyset/refresh"),
+    KEY_KEYSET_KEYS_REFRESH("/key/keyset-keys/refresh"),
+    SALT_REFRESH("/salt/refresh"),
+    CLIENTS_REFRESH("/clients/refresh"),
+    CLIENT_SIDE_KEYPAIRS_REFRESH("/client_side_keypairs/refresh"),
+    SERVICES_REFRESH("/services/refresh"),
+    SERVICE_LINKS_REFRESH("/service_links/refresh"),
+    OPERATORS_REFRESH("/operators/refresh"),
+    PARTNERS_REFRESH("/partners/refresh");
+
+    private final String path;
+
+    Endpoints(final String path) {
+        this.path = path;
+    }
+
+    public static Set<String> pathSet() {
+        return Stream.of(Endpoints.values()).map(Endpoints::toString).collect(Collectors.toSet());
+    }
+
+    @Override
+    public String toString() {
+        return path;
+    }
+}

From 3507309556f90428f69792d68bb6cd20bbb27377 Mon Sep 17 00:00:00 2001
From: Vishal Egbert <vishal.egbert@thetradedesk.com>
Date: Thu, 21 Nov 2024 15:09:47 +1100
Subject: [PATCH 2/4] Meter filter

---
 src/main/java/com/uid2/core/Main.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/uid2/core/Main.java b/src/main/java/com/uid2/core/Main.java
index f6e46231..16327a1d 100644
--- a/src/main/java/com/uid2/core/Main.java
+++ b/src/main/java/com/uid2/core/Main.java
@@ -7,6 +7,7 @@
 import com.uid2.core.service.AttestationService;
 import com.uid2.core.service.OperatorJWTTokenProvider;
 import com.uid2.core.vertx.CoreVerticle;
+import com.uid2.core.vertx.Endpoints;
 import com.uid2.shared.Const;
 import com.uid2.shared.Utils;
 import com.uid2.shared.attest.AttestationTokenService;
@@ -183,7 +184,8 @@ private static void setupMetrics(MicrometerMetricsOptions metricOptions) {
                     .meterFilter(new PrometheusRenameFilter())
                     .meterFilter(MeterFilter.replaceTagValues(Label.HTTP_PATH.toString(), actualPath -> {
                         try {
-                            return HttpUtils.normalizePath(actualPath).split("\\?")[0];
+                            String normalized = HttpUtils.normalizePath(actualPath).split("\\?")[0];
+                            return Endpoints.pathSet().contains(normalized) ? normalized : "/unknown";
                         } catch (IllegalArgumentException e) {
                             return actualPath;
                         }

From f2160bcb15ed860716f64b5437bb5891d02b13b5 Mon Sep 17 00:00:00 2001
From: Release Workflow <unifiedid-admin+release@thetradedesk.com>
Date: Thu, 21 Nov 2024 04:33:42 +0000
Subject: [PATCH 3/4] [CI Pipeline] Released Snapshot version:
 2.21.1-alpha-60-SNAPSHOT

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index caa5f99c..277133b8 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-core</artifactId>
-    <version>2.21.0</version>
+    <version>2.21.1-alpha-60-SNAPSHOT</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

From f5ec7206b5fc5be0ebc3d0098cf677f839305881 Mon Sep 17 00:00:00 2001
From: Vishal Egbert <vishal.egbert@thetradedesk.com>
Date: Mon, 25 Nov 2024 15:11:08 +1100
Subject: [PATCH 4/4] Revert version

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 277133b8..caa5f99c 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
 
     <groupId>com.uid2</groupId>
     <artifactId>uid2-core</artifactId>
-    <version>2.21.1-alpha-60-SNAPSHOT</version>
+    <version>2.21.0</version>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>