just appended some bytes to the ciphertext, and found that it decrypts
successfully
Normally this shouldn't happen, as the appended bytes surely aren't a valid authentication tag for the previous "ciphertext". I suppose (but don't know!) the implementation you are using encoded the length of the ciphertext, the associated data and the tag and retrieved these values upon decryption, ignoring the added values, yielding a correct decryption.
AES GCM is authenticate then encrypt algorithm? because I feel that
encrypt then authenticate feels more secure to me
AES-GCM is an authenticated encryption algorithm. Encrypt-then-Authenticate is one specific construction that achieves this general definition and is indeed preferable to Authenticate-then-Encrypt, which is why GCM internally does encrypt-then-authenticate and so AES-GCM achieves the same security definition as CBC-then-HMAC.
is AES-128-CBC then SHA-256 more secure than AES-128-GCM?
When you say "AES-128-CBC then SHA-256" I suppose you actually mean AES-128-CBC with HMAC-SHA256 authentication on the ciphertext.
Then yes, technically that is more secure, because HMAC-SHA256 requires $2^{128}$ operations to come up with a forgery, whereas AES-128-GCM allows you to perform a multi-target search for a key that works dropping security slightly below $2^{128}$. So it also has a serious security level unlike CRC. Also from this we can infer that both are secure, as neither $2^{128}$ nor $2^{100}$ operations are feasible making them both "secure" (a.k.a. "meh, can't break"), so you might as well use the easier-to-use and faster AES-GCM, assuming you have hardware support available, which is the case on modern x86 processors.
See Squeamish's comments below for a more detailed discussion of the actual values. Also see their answer here.
