chore: enhance AuthGuardFilter and JSP files for improved static asse…

[ArchILLtect]

This pull request improves static asset handling, public route access, and page styling across the application. The most significant changes are the addition of static asset and public page whitelisting in the authentication filter, updates to servlet URL mappings, and consistent inclusion of layout stylesheets in JSP files.

Authentication and Routing Improvements:

• The AuthGuardFilter now explicitly allows requests for static assets (such as CSS, JS, images) and public pages (home, about, login, error) to bypass authentication, improving access for unauthenticated users and preventing unnecessary filtering of these resources.
• The HomeServlet mapping is updated to only respond to /home, removing the root path (/) from its URL patterns.

Styling and Layout Consistency:

• Added the layout.css stylesheet to several JSP views (home.jsp, challenges/list.jsp, challenges/detail.jsp) to ensure consistent layout styling across pages. [1] [2] [3]
• Removed redundant meta tags and unnecessary HTML boilerplate from header.jsp and drill/solve.jsp, relying instead on the shared head-meta.jsp for meta information and improving maintainability. [1] [2]
• Cleaned up navigation dropdown markup in header.jsp for better readability and consistency.

Other Minor Changes:

• Removed unused HttpSession import from AuthGuardFilter.java.

[Copilot]

Pull request overview

This PR enhances the application's routing, authentication filtering, and styling consistency. The primary changes include introducing a welcome page mechanism via index.jsp, updating the HomeServlet to handle only the /home route, extending the AuthGuardFilter to explicitly whitelist static assets and public pages, and ensuring consistent inclusion of the layout.css stylesheet across JSP views.

Key Changes:

• Added explicit static asset and public route whitelisting in AuthGuardFilter to prevent authentication checks on CSS, images, and public pages
• Introduced index.jsp as a welcome file that forwards to /home, while removing the root path mapping from HomeServlet
• Added layout.css to several JSP pages (home, challenges list/detail) and cleaned up redundant HTML boilerplate in header and drill pages

Reviewed changes

Copilot reviewed 7 out of 8 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
src/main/webapp/index.jsp	New welcome file that forwards root requests to /home
src/main/webapp/WEB-INF/jsp/home.jsp	Added layout.css stylesheet and removed redundant meta tags
src/main/webapp/WEB-INF/jsp/header.jsp	Removed standalone HTML boilerplate and improved code formatting
src/main/webapp/WEB-INF/jsp/drill/solve.jsp	Removed comment about explicit meta tags
src/main/webapp/WEB-INF/jsp/challenges/list.jsp	Added layout.css stylesheet for consistent layout
src/main/webapp/WEB-INF/jsp/challenges/detail.jsp	Added layout.css stylesheet for consistent layout
src/main/java/me/nickhanson/codeforge/web/HomeServlet.java	Removed root path (/) from URL patterns, keeping only /home
src/main/java/me/nickhanson/codeforge/web/AuthGuardFilter.java	Added static asset and public page whitelisting with path and extension checks

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The comment on line 63 has inconsistent indentation. It should be aligned with the surrounding code at the same indentation level as the if statement below it, rather than being flush with the left margin.

Suggested change

	// 2) Allow your public pages (home/about/login/error)
	// 2) Allow your public pages (home/about/login/error)

[Copilot]

The static asset filtering has redundant checks. Lines 46-50 check for paths starting with "/css/", "/images/", etc., while lines 51-58 check for file extensions like ".css", ".js", ".png", etc. A file like "/css/styles.css" would be allowed by line 46 before reaching the extension check on line 51. Similarly, a CSS file served from a non-standard location (e.g., "/static/app.css") would be allowed by the ".css" extension check on line 51, even though "/static/" isn't in the path prefix list. Consider whether both approaches are needed or if one method would be more maintainable and clearer in intent.

[Copilot]

The path "/favicon" (line 50) is redundant since the check on line 49 already covers "/favicon.ico" with an exact match, and any path starting with "/favicon" would include "/favicon.ico" as well. The startsWith check for "/favicon" would also match paths like "/favicon.png" or "/favicons/", which may be the intended behavior, but if "/favicon.ico" is the only favicon path that needs to be allowed, line 50 should be removed to avoid confusion.

Suggested change

|| path.startsWith("/favicon")

[Copilot]

The layout.css stylesheet has been added to home.jsp and the challenges pages (list.jsp, detail.jsp), but not to drill pages (queue.jsp, solve.jsp) or the about.jsp page, which also use the same header component and page structure. This inconsistency could lead to different styling across pages that should have a consistent layout. Consider adding layout.css to all pages that use the header component for consistency.

[Copilot]

A new variable 'uri' is introduced on line 39 but it's only used once to derive 'path' on line 40. This adds an unnecessary intermediate variable. Consider removing the 'uri' variable and keeping the original single-line assignment: String path = req.getRequestURI().substring(contextPath.length());

Suggested change

	String uri = req.getRequestURI();
	String path = uri.substring(contextPath.length());
	String path = req.getRequestURI().substring(contextPath.length());