Add feature of OAuth2: consumer & producer (Event Exposure and PDU Se…

…ssion)
free5gc · Jan 19, 2024 · 3af8952 · 3af8952
1 parent 9b92113
commit 3af8952
Show file tree

Hide file tree

Showing 15 changed files with 45 additions and 96 deletions.
diff --git a/go.mod b/go.mod
@@ -9,7 +9,7 @@ require (
 	github.com/free5gc/aper v1.0.4
 	github.com/free5gc/nas v1.1.0
 	github.com/free5gc/ngap v1.0.6
-	github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6
+	github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693
 	github.com/free5gc/pfcp v1.0.6
 	github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94
 	github.com/gin-gonic/gin v1.9.1

diff --git a/go.sum b/go.sum
@@ -70,8 +70,8 @@ github.com/free5gc/ngap v1.0.6 h1:f9sKqHMNrFZVo9Kp8hAyrCXSoI8l746N5O+DFn7vKHA=
 github.com/free5gc/ngap v1.0.6/go.mod h1:TG1kwwU/EyIlJ3bxY591rdxpD5ZeYnLZTzoWjcfvrBM=
 github.com/free5gc/openapi v1.0.4/go.mod h1:KRCnnp0GeK0Bl4gnrX79cQAidKXNENf8VRdG0y9R0Fc=
 github.com/free5gc/openapi v1.0.6/go.mod h1:iw/N0E+FlX44EEx24IBi2EdZW8v+bkj3ETWPGnlK9DI=
-github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 h1:8P/wOkTAQMgZJe9pUUNSTE5PWeAdlMrsU9kLsI+VAVE=
-github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
+github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693 h1:gFyYBsErQAkx4OVHXYqjO0efO9gPWydQavQcjU0CkHY=
+github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
 github.com/free5gc/pfcp v1.0.6 h1:dKEVyZWozF1G+yk1JXw/1ggtIRI0v362say/Q6VDZTE=
 github.com/free5gc/pfcp v1.0.6/go.mod h1:WzpW7Zxhx5WONMumNKRWbPn7pl/iTYp2FqRLNiOWUjs=
 github.com/free5gc/tlv v1.0.2-0.20230131124215-8b6ebd69bf93 h1:QPSSI5zw4goiIfxem9doVyMqTO8iKLQ536pzpET5Y+Q=

diff --git a/internal/context/context.go b/internal/context/context.go
@@ -24,6 +24,12 @@ func Init() {
 	smfContext.NfInstanceID = uuid.New().String()
 }
 
+type NFContext interface {
+	AuthorizationCheck(token, serviceName string) error
+}
+
+var _ NFContext = &SMFContext{}
+
 var smfContext SMFContext
 
 type SMFContext struct {
@@ -288,23 +294,19 @@ func GetUEDefaultPathPool(groupName string) *UEDefaultPaths {
 	return smfContext.UEDefaultPathPool[groupName]
 }
 
-func (c *SMFContext) GetTokenCtx(scope, targetNF string) (
+func (c *SMFContext) GetTokenCtx(scope string, targetNF models.NfType) (
 	context.Context, *models.ProblemDetails, error,
 ) {
 	if !c.OAuth2Required {
 		return context.TODO(), nil, nil
 	}
-	return oauth.GetTokenCtx(models.NfType_SMF,
-		c.NfInstanceID, c.NrfUri, scope, targetNF)
+	return oauth.GetTokenCtx(models.NfType_SMF, targetNF,
+		c.NfInstanceID, c.NrfUri, scope)
 }
 
-func (context *SMFContext) AuthorizationCheck(token, serviceName string) error {
-	if !context.OAuth2Required {
+func (c *SMFContext) AuthorizationCheck(token, serviceName string) error {
+	if !c.OAuth2Required {
 		return nil
 	}
-	err := oauth.VerifyOAuth(token, serviceName, context.NrfCertPem)
-	if err != nil {
-		return err
-	}
-	return nil
+	return oauth.VerifyOAuth(token, serviceName, c.NrfCertPem)
 }
diff --git a/internal/logger/logger.go b/internal/logger/logger.go
@@ -23,6 +23,7 @@ var (
 	GsmLog      *logrus.Entry
 	PfcpLog     *logrus.Entry
 	PduSessLog  *logrus.Entry
+	UtilLog     *logrus.Entry
 )
 
 func init() {
@@ -42,4 +43,5 @@ func init() {
 	GsmLog = NfLog.WithField(logger_util.FieldCategory, "GSM")
 	PfcpLog = NfLog.WithField(logger_util.FieldCategory, "PFCP")
 	PduSessLog = NfLog.WithField(logger_util.FieldCategory, "PduSess")
+	UtilLog = NfLog.WithField(logger_util.FieldCategory, "Util")
 }
diff --git a/internal/sbi/consumer/nf_discovery.go b/internal/sbi/consumer/nf_discovery.go
@@ -15,7 +15,7 @@ import (
 )
 
 func SendNFDiscoveryUDM() (*models.ProblemDetails, error) {
-	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF")
+	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", models.NfType_NRF)
 	if err != nil {
 		return pd, err
 	}
@@ -61,7 +61,7 @@ func SendNFDiscoveryUDM() (*models.ProblemDetails, error) {
 }
 
 func SendNFDiscoveryPCF() (problemDetails *models.ProblemDetails, err error) {
-	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF")
+	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", models.NfType_NRF)
 	if err != nil {
 		return pd, err
 	}
@@ -101,7 +101,7 @@ func SendNFDiscoveryPCF() (problemDetails *models.ProblemDetails, err error) {
 }
 
 func SendNFDiscoveryServingAMF(smContext *smf_context.SMContext) (*models.ProblemDetails, error) {
-	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF")
+	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", models.NfType_NRF)
 	if err != nil {
 		return pd, err
 	}

diff --git a/internal/sbi/consumer/nf_management.go b/internal/sbi/consumer/nf_management.go
@@ -106,7 +106,7 @@ func RetrySendNFRegistration(MaxRetry int) error {
 func SendNFDeregistration() error {
 	// Check data (Use RESTful DELETE)
 
-	ctx, _, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF")
+	ctx, _, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", models.NfType_NRF)
 	if err != nil {
 		return err
 	}
@@ -136,7 +136,7 @@ func SendNFDeregistration() error {
 func SendDeregisterNFInstance() (*models.ProblemDetails, error) {
 	logger.ConsumerLog.Infof("Send Deregister NFInstance")
 
-	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF")
+	ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", models.NfType_NRF)
 	if err != nil {
 		return pd, err
 	}

diff --git a/internal/sbi/consumer/nsmf_pdusession_callback.go b/internal/sbi/consumer/nsmf_pdusession_callback.go
@@ -1,12 +1,12 @@
 package consumer
 
 import (
+	"context"
 	"net/http"
 
 	"github.com/free5gc/openapi"
 	"github.com/free5gc/openapi/Nsmf_PDUSession"
 	"github.com/free5gc/openapi/models"
-	smf_context "github.com/free5gc/smf/internal/context"
 	"github.com/free5gc/smf/internal/logger"
 )
 
@@ -19,15 +19,10 @@ func SendSMContextStatusNotification(uri string) (*models.ProblemDetails, error)
 		configuration := Nsmf_PDUSession.NewConfiguration()
 		client := Nsmf_PDUSession.NewAPIClient(configuration)
 
-		ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nsmf-pdusession", "SMF")
-		if err != nil {
-			return pd, err
-		}
-
 		logger.CtxLog.Infoln("[SMF] Send SMContext Status Notification")
 		httpResp, localErr := client.
 			IndividualSMContextNotificationApi.
-			SMContextNotification(ctx, uri, request)
+			SMContextNotification(context.Background(), uri, request)
 
 		if localErr == nil {
 			if httpResp.StatusCode != http.StatusNoContent {

diff --git a/internal/sbi/consumer/sm_policy.go b/internal/sbi/consumer/sm_policy.go
@@ -47,7 +47,7 @@ func SendSMPolicyAssociationCreate(smContext *smf_context.SMContext) (string, *m
 	}
 	smPolicyData.SuppFeat = "F"
 
-	ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", "PCF")
+	ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", models.NfType_PCF)
 	if err != nil {
 		return "", nil, err
 	}
@@ -148,7 +148,7 @@ func SendSMPolicyAssociationUpdateByUERequestModification(
 		}
 	}
 
-	ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", "PCF")
+	ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", models.NfType_PCF)
 	if err != nil {
 		return nil, err
 	}
@@ -374,7 +374,7 @@ func SendSMPolicyAssociationTermination(smContext *smf_context.SMContext) error
 		return errors.Errorf("smContext not selected PCF")
 	}
 
-	ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", "PCF")
+	ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", models.NfType_PCF)
 	if err != nil {
 		return err
 	}

diff --git a/internal/sbi/eventexposure/api_default.go b/internal/sbi/eventexposure/api_default.go
@@ -17,40 +17,20 @@ import (
 
 // SubscriptionsPost -
 func SubscriptionsPost(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
 
 // SubscriptionsSubIdDelete -
 func SubscriptionsSubIdDelete(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
 
 // SubscriptionsSubIdGet -
 func SubscriptionsSubIdGet(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
 
 // SubscriptionsSubIdPut -
 func SubscriptionsSubIdPut(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
diff --git a/internal/sbi/eventexposure/routers.go b/internal/sbi/eventexposure/routers.go
@@ -17,7 +17,9 @@ import (
 
 	smf_context "github.com/free5gc/smf/internal/context"
 	"github.com/free5gc/smf/internal/logger"
+	"github.com/free5gc/smf/internal/util/oauth"
 	"github.com/free5gc/smf/pkg/factory"
+	"github.com/free5gc/openapi/models"
 	logger_util "github.com/free5gc/util/logger"
 )
 
@@ -33,6 +35,8 @@ type Route struct {
 	HandlerFunc gin.HandlerFunc
 }
 
+const serviceName string = string(models.ServiceName_NSMF_EVENT_EXPOSURE)
+
 // Routes is the list of the generated Route.
 type Routes []Route
 
@@ -43,14 +47,14 @@ func NewRouter() *gin.Engine {
 	return router
 }
 
-func authorizationCheck(c *gin.Context) error {
-	token := c.Request.Header.Get("Authorization")
-	return smf_context.GetSelf().AuthorizationCheck(token, "nsmf-event-exposure")
-}
-
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.SmfEventExposureResUriPrefix)
 
+	routerAuthorizationCheck := util_oauth.NewRouterAuthorizationCheck(serviceName)
+	group.Use(func(c *gin.Context) {
+		routerAuthorizationCheck.Check(c, smf_context.GetSelf())
+	})
+
 	for _, route := range routes {
 		switch route.Method {
 		case "GET":

diff --git a/internal/sbi/pdusession/api_individual_pdu_session_hsmf.go b/internal/sbi/pdusession/api_individual_pdu_session_hsmf.go
@@ -17,20 +17,10 @@ import (
 
 // ReleasePduSession - Release
 func ReleasePduSession(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
 
 // UpdatePduSession - Update (initiated by V-SMF)
 func UpdatePduSession(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
diff --git a/internal/sbi/pdusession/api_individual_sm_context.go b/internal/sbi/pdusession/api_individual_sm_context.go
@@ -25,12 +25,6 @@ import (
 
 // HTTPReleaseSmContext - Release SM Context
 func HTTPReleaseSmContext(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	logger.PduSessLog.Info("Receive Release SM Context Request")
 	var request models.ReleaseSmContextRequest
 	request.JsonData = new(models.SmContextReleaseData)
@@ -60,22 +54,11 @@ func HTTPReleaseSmContext(c *gin.Context) {
 
 // RetrieveSmContext - Retrieve SM Context
 func RetrieveSmContext(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
 
 // HTTPUpdateSmContext - Update SM Context
 func HTTPUpdateSmContext(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	logger.PduSessLog.Info("Receive Update SM Context Request")
 	var request models.UpdateSmContextRequest
 	request.JsonData = new(models.SmContextUpdateData)

diff --git a/internal/sbi/pdusession/api_pdu_sessions_collection.go b/internal/sbi/pdusession/api_pdu_sessions_collection.go
@@ -17,10 +17,5 @@ import (
 
 // PostPduSessions - Create
 func PostPduSessions(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
 	c.JSON(http.StatusOK, gin.H{})
 }
diff --git a/internal/sbi/pdusession/api_sm_contexts_collection.go b/internal/sbi/pdusession/api_sm_contexts_collection.go
@@ -24,12 +24,6 @@ import (
 
 // HTTPPostSmContexts - Create SM Context
 func HTTPPostSmContexts(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	logger.PduSessLog.Info("Receive Create SM Context Request")
 	var request models.PostSmContextsRequest
 

diff --git a/internal/sbi/pdusession/routers.go b/internal/sbi/pdusession/routers.go
@@ -17,7 +17,9 @@ import (
 
 	smf_context "github.com/free5gc/smf/internal/context"
 	"github.com/free5gc/smf/internal/logger"
+	"github.com/free5gc/smf/internal/util/oauth"
 	"github.com/free5gc/smf/pkg/factory"
+	"github.com/free5gc/openapi/models"
 	logger_util "github.com/free5gc/util/logger"
 )
 
@@ -33,6 +35,8 @@ type Route struct {
 	HandlerFunc gin.HandlerFunc
 }
 
+const serviceName string = string(models.ServiceName_NSMF_PDUSESSION)
+
 // Routes is the list of the generated Route.
 type Routes []Route
 
@@ -43,14 +47,14 @@ func NewRouter() *gin.Engine {
 	return router
 }
 
-func authorizationCheck(c *gin.Context) error {
-	token := c.Request.Header.Get("Authorization")
-	return smf_context.GetSelf().AuthorizationCheck(token, "nsmf-pdusession")
-}
-
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.SmfPdusessionResUriPrefix)
 
+	routerAuthorizationCheck := util_oauth.NewRouterAuthorizationCheck(serviceName)
+	group.Use(func(c *gin.Context) {
+		routerAuthorizationCheck.Check(c, smf_context.GetSelf())
+	})
+
 	for _, route := range routes {
 		switch route.Method {
 		case "GET":