diff --git a/go.mod b/go.mod index 74f91498..11a5ce0a 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/free5gc/aper v1.0.4 github.com/free5gc/nas v1.1.0 github.com/free5gc/ngap v1.0.6 - github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 + github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693 github.com/free5gc/pfcp v1.0.6 github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94 github.com/gin-gonic/gin v1.9.1 diff --git a/go.sum b/go.sum index ed905f46..4cd40b00 100644 --- a/go.sum +++ b/go.sum @@ -70,8 +70,8 @@ github.com/free5gc/ngap v1.0.6 h1:f9sKqHMNrFZVo9Kp8hAyrCXSoI8l746N5O+DFn7vKHA= github.com/free5gc/ngap v1.0.6/go.mod h1:TG1kwwU/EyIlJ3bxY591rdxpD5ZeYnLZTzoWjcfvrBM= github.com/free5gc/openapi v1.0.4/go.mod h1:KRCnnp0GeK0Bl4gnrX79cQAidKXNENf8VRdG0y9R0Fc= github.com/free5gc/openapi v1.0.6/go.mod h1:iw/N0E+FlX44EEx24IBi2EdZW8v+bkj3ETWPGnlK9DI= -github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 h1:8P/wOkTAQMgZJe9pUUNSTE5PWeAdlMrsU9kLsI+VAVE= -github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA= +github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693 h1:gFyYBsErQAkx4OVHXYqjO0efO9gPWydQavQcjU0CkHY= +github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA= github.com/free5gc/pfcp v1.0.6 h1:dKEVyZWozF1G+yk1JXw/1ggtIRI0v362say/Q6VDZTE= github.com/free5gc/pfcp v1.0.6/go.mod h1:WzpW7Zxhx5WONMumNKRWbPn7pl/iTYp2FqRLNiOWUjs= github.com/free5gc/tlv v1.0.2-0.20230131124215-8b6ebd69bf93 h1:QPSSI5zw4goiIfxem9doVyMqTO8iKLQ536pzpET5Y+Q= diff --git a/internal/context/context.go b/internal/context/context.go index 1cee3ffc..d692d788 100644 --- a/internal/context/context.go +++ b/internal/context/context.go @@ -24,6 +24,12 @@ func Init() { smfContext.NfInstanceID = uuid.New().String() } +type NFContext interface { + AuthorizationCheck(token, serviceName string) error +} + +var _ NFContext = &SMFContext{} + var smfContext SMFContext type SMFContext struct { @@ -288,23 +294,19 @@ func GetUEDefaultPathPool(groupName string) *UEDefaultPaths { return smfContext.UEDefaultPathPool[groupName] } -func (c *SMFContext) GetTokenCtx(scope, targetNF string) ( +func (c *SMFContext) GetTokenCtx(scope string, targetNF models.NfType) ( context.Context, *models.ProblemDetails, error, ) { if !c.OAuth2Required { return context.TODO(), nil, nil } - return oauth.GetTokenCtx(models.NfType_SMF, - c.NfInstanceID, c.NrfUri, scope, targetNF) + return oauth.GetTokenCtx(models.NfType_SMF, targetNF, + c.NfInstanceID, c.NrfUri, scope) } -func (context *SMFContext) AuthorizationCheck(token, serviceName string) error { - if !context.OAuth2Required { +func (c *SMFContext) AuthorizationCheck(token, serviceName string) error { + if !c.OAuth2Required { return nil } - err := oauth.VerifyOAuth(token, serviceName, context.NrfCertPem) - if err != nil { - return err - } - return nil + return oauth.VerifyOAuth(token, serviceName, c.NrfCertPem) } diff --git a/internal/logger/logger.go b/internal/logger/logger.go index 81936e74..2acaf1e8 100644 --- a/internal/logger/logger.go +++ b/internal/logger/logger.go @@ -23,6 +23,7 @@ var ( GsmLog *logrus.Entry PfcpLog *logrus.Entry PduSessLog *logrus.Entry + UtilLog *logrus.Entry ) func init() { @@ -42,4 +43,5 @@ func init() { GsmLog = NfLog.WithField(logger_util.FieldCategory, "GSM") PfcpLog = NfLog.WithField(logger_util.FieldCategory, "PFCP") PduSessLog = NfLog.WithField(logger_util.FieldCategory, "PduSess") + UtilLog = NfLog.WithField(logger_util.FieldCategory, "Util") } diff --git a/internal/sbi/consumer/nf_discovery.go b/internal/sbi/consumer/nf_discovery.go index c671d534..fd5fea3a 100644 --- a/internal/sbi/consumer/nf_discovery.go +++ b/internal/sbi/consumer/nf_discovery.go @@ -15,7 +15,7 @@ import ( ) func SendNFDiscoveryUDM() (*models.ProblemDetails, error) { - ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF") + ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", models.NfType_NRF) if err != nil { return pd, err } @@ -61,7 +61,7 @@ func SendNFDiscoveryUDM() (*models.ProblemDetails, error) { } func SendNFDiscoveryPCF() (problemDetails *models.ProblemDetails, err error) { - ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF") + ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", models.NfType_NRF) if err != nil { return pd, err } @@ -101,7 +101,7 @@ func SendNFDiscoveryPCF() (problemDetails *models.ProblemDetails, err error) { } func SendNFDiscoveryServingAMF(smContext *smf_context.SMContext) (*models.ProblemDetails, error) { - ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF") + ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-disc", models.NfType_NRF) if err != nil { return pd, err } diff --git a/internal/sbi/consumer/nf_management.go b/internal/sbi/consumer/nf_management.go index 7f85b37a..d0d417c5 100644 --- a/internal/sbi/consumer/nf_management.go +++ b/internal/sbi/consumer/nf_management.go @@ -106,7 +106,7 @@ func RetrySendNFRegistration(MaxRetry int) error { func SendNFDeregistration() error { // Check data (Use RESTful DELETE) - ctx, _, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF") + ctx, _, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", models.NfType_NRF) if err != nil { return err } @@ -136,7 +136,7 @@ func SendNFDeregistration() error { func SendDeregisterNFInstance() (*models.ProblemDetails, error) { logger.ConsumerLog.Infof("Send Deregister NFInstance") - ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF") + ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nnrf-nfm", models.NfType_NRF) if err != nil { return pd, err } diff --git a/internal/sbi/consumer/nsmf_pdusession_callback.go b/internal/sbi/consumer/nsmf_pdusession_callback.go index b7942e07..22751c64 100644 --- a/internal/sbi/consumer/nsmf_pdusession_callback.go +++ b/internal/sbi/consumer/nsmf_pdusession_callback.go @@ -1,12 +1,12 @@ package consumer import ( + "context" "net/http" "github.com/free5gc/openapi" "github.com/free5gc/openapi/Nsmf_PDUSession" "github.com/free5gc/openapi/models" - smf_context "github.com/free5gc/smf/internal/context" "github.com/free5gc/smf/internal/logger" ) @@ -19,15 +19,10 @@ func SendSMContextStatusNotification(uri string) (*models.ProblemDetails, error) configuration := Nsmf_PDUSession.NewConfiguration() client := Nsmf_PDUSession.NewAPIClient(configuration) - ctx, pd, err := smf_context.GetSelf().GetTokenCtx("nsmf-pdusession", "SMF") - if err != nil { - return pd, err - } - logger.CtxLog.Infoln("[SMF] Send SMContext Status Notification") httpResp, localErr := client. IndividualSMContextNotificationApi. - SMContextNotification(ctx, uri, request) + SMContextNotification(context.Background(), uri, request) if localErr == nil { if httpResp.StatusCode != http.StatusNoContent { diff --git a/internal/sbi/consumer/sm_policy.go b/internal/sbi/consumer/sm_policy.go index 15d6370b..cde88bb9 100644 --- a/internal/sbi/consumer/sm_policy.go +++ b/internal/sbi/consumer/sm_policy.go @@ -47,7 +47,7 @@ func SendSMPolicyAssociationCreate(smContext *smf_context.SMContext) (string, *m } smPolicyData.SuppFeat = "F" - ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", "PCF") + ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", models.NfType_PCF) if err != nil { return "", nil, err } @@ -148,7 +148,7 @@ func SendSMPolicyAssociationUpdateByUERequestModification( } } - ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", "PCF") + ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", models.NfType_PCF) if err != nil { return nil, err } @@ -374,7 +374,7 @@ func SendSMPolicyAssociationTermination(smContext *smf_context.SMContext) error return errors.Errorf("smContext not selected PCF") } - ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", "PCF") + ctx, _, err := smf_context.GetSelf().GetTokenCtx("npcf-smpolicycontrol", models.NfType_PCF) if err != nil { return err } diff --git a/internal/sbi/eventexposure/api_default.go b/internal/sbi/eventexposure/api_default.go index 7dacdca7..60b90b6d 100644 --- a/internal/sbi/eventexposure/api_default.go +++ b/internal/sbi/eventexposure/api_default.go @@ -17,40 +17,20 @@ import ( // SubscriptionsPost - func SubscriptionsPost(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } // SubscriptionsSubIdDelete - func SubscriptionsSubIdDelete(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } // SubscriptionsSubIdGet - func SubscriptionsSubIdGet(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } // SubscriptionsSubIdPut - func SubscriptionsSubIdPut(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } diff --git a/internal/sbi/eventexposure/routers.go b/internal/sbi/eventexposure/routers.go index cc9b53d5..db460336 100644 --- a/internal/sbi/eventexposure/routers.go +++ b/internal/sbi/eventexposure/routers.go @@ -17,7 +17,9 @@ import ( smf_context "github.com/free5gc/smf/internal/context" "github.com/free5gc/smf/internal/logger" + "github.com/free5gc/smf/internal/util/oauth" "github.com/free5gc/smf/pkg/factory" + "github.com/free5gc/openapi/models" logger_util "github.com/free5gc/util/logger" ) @@ -33,6 +35,8 @@ type Route struct { HandlerFunc gin.HandlerFunc } +const serviceName string = string(models.ServiceName_NSMF_EVENT_EXPOSURE) + // Routes is the list of the generated Route. type Routes []Route @@ -43,14 +47,14 @@ func NewRouter() *gin.Engine { return router } -func authorizationCheck(c *gin.Context) error { - token := c.Request.Header.Get("Authorization") - return smf_context.GetSelf().AuthorizationCheck(token, "nsmf-event-exposure") -} - func AddService(engine *gin.Engine) *gin.RouterGroup { group := engine.Group(factory.SmfEventExposureResUriPrefix) + routerAuthorizationCheck := util_oauth.NewRouterAuthorizationCheck(serviceName) + group.Use(func(c *gin.Context) { + routerAuthorizationCheck.Check(c, smf_context.GetSelf()) + }) + for _, route := range routes { switch route.Method { case "GET": diff --git a/internal/sbi/pdusession/api_individual_pdu_session_hsmf.go b/internal/sbi/pdusession/api_individual_pdu_session_hsmf.go index 542d09ed..b3a920e4 100644 --- a/internal/sbi/pdusession/api_individual_pdu_session_hsmf.go +++ b/internal/sbi/pdusession/api_individual_pdu_session_hsmf.go @@ -17,20 +17,10 @@ import ( // ReleasePduSession - Release func ReleasePduSession(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } // UpdatePduSession - Update (initiated by V-SMF) func UpdatePduSession(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } diff --git a/internal/sbi/pdusession/api_individual_sm_context.go b/internal/sbi/pdusession/api_individual_sm_context.go index 722ab739..0987c839 100644 --- a/internal/sbi/pdusession/api_individual_sm_context.go +++ b/internal/sbi/pdusession/api_individual_sm_context.go @@ -25,12 +25,6 @@ import ( // HTTPReleaseSmContext - Release SM Context func HTTPReleaseSmContext(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } - logger.PduSessLog.Info("Receive Release SM Context Request") var request models.ReleaseSmContextRequest request.JsonData = new(models.SmContextReleaseData) @@ -60,22 +54,11 @@ func HTTPReleaseSmContext(c *gin.Context) { // RetrieveSmContext - Retrieve SM Context func RetrieveSmContext(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } // HTTPUpdateSmContext - Update SM Context func HTTPUpdateSmContext(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } - logger.PduSessLog.Info("Receive Update SM Context Request") var request models.UpdateSmContextRequest request.JsonData = new(models.SmContextUpdateData) diff --git a/internal/sbi/pdusession/api_pdu_sessions_collection.go b/internal/sbi/pdusession/api_pdu_sessions_collection.go index 38f11b37..cf08d4c1 100644 --- a/internal/sbi/pdusession/api_pdu_sessions_collection.go +++ b/internal/sbi/pdusession/api_pdu_sessions_collection.go @@ -17,10 +17,5 @@ import ( // PostPduSessions - Create func PostPduSessions(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } c.JSON(http.StatusOK, gin.H{}) } diff --git a/internal/sbi/pdusession/api_sm_contexts_collection.go b/internal/sbi/pdusession/api_sm_contexts_collection.go index 65852f46..4f378b11 100644 --- a/internal/sbi/pdusession/api_sm_contexts_collection.go +++ b/internal/sbi/pdusession/api_sm_contexts_collection.go @@ -24,12 +24,6 @@ import ( // HTTPPostSmContexts - Create SM Context func HTTPPostSmContexts(c *gin.Context) { - auth_err := authorizationCheck(c) - if auth_err != nil { - c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) - return - } - logger.PduSessLog.Info("Receive Create SM Context Request") var request models.PostSmContextsRequest diff --git a/internal/sbi/pdusession/routers.go b/internal/sbi/pdusession/routers.go index 5a0e578a..97747dc3 100644 --- a/internal/sbi/pdusession/routers.go +++ b/internal/sbi/pdusession/routers.go @@ -17,7 +17,9 @@ import ( smf_context "github.com/free5gc/smf/internal/context" "github.com/free5gc/smf/internal/logger" + "github.com/free5gc/smf/internal/util/oauth" "github.com/free5gc/smf/pkg/factory" + "github.com/free5gc/openapi/models" logger_util "github.com/free5gc/util/logger" ) @@ -33,6 +35,8 @@ type Route struct { HandlerFunc gin.HandlerFunc } +const serviceName string = string(models.ServiceName_NSMF_PDUSESSION) + // Routes is the list of the generated Route. type Routes []Route @@ -43,14 +47,14 @@ func NewRouter() *gin.Engine { return router } -func authorizationCheck(c *gin.Context) error { - token := c.Request.Header.Get("Authorization") - return smf_context.GetSelf().AuthorizationCheck(token, "nsmf-pdusession") -} - func AddService(engine *gin.Engine) *gin.RouterGroup { group := engine.Group(factory.SmfPdusessionResUriPrefix) + routerAuthorizationCheck := util_oauth.NewRouterAuthorizationCheck(serviceName) + group.Use(func(c *gin.Context) { + routerAuthorizationCheck.Check(c, smf_context.GetSelf()) + }) + for _, route := range routes { switch route.Method { case "GET":