Fix: use models in serviceName

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/free5gc/aper v1.0.5-0.20230614030933-c73735898582
 	github.com/free5gc/nas v1.1.2-0.20230828074825-175b09665828
 	github.com/free5gc/ngap v1.0.7-0.20230614061954-9c128114ab1f
-	github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693
+	github.com/free5gc/openapi v1.0.7-0.20240206085156-20cdf964e9da
 	github.com/free5gc/sctp v0.0.0-20231121085449-400a702ea7f9
 	github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94
 	github.com/gin-contrib/cors v1.3.1

go.sum

@@ -72,6 +72,8 @@ github.com/free5gc/ngap v1.0.7-0.20230614061954-9c128114ab1f/go.mod h1:lKA1sLTYM
 github.com/free5gc/openapi v1.0.6/go.mod h1:iw/N0E+FlX44EEx24IBi2EdZW8v+bkj3ETWPGnlK9DI=
 github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693 h1:gFyYBsErQAkx4OVHXYqjO0efO9gPWydQavQcjU0CkHY=
 github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
+github.com/free5gc/openapi v1.0.7-0.20240206085156-20cdf964e9da h1:vr8v4Fere76nfj0SWpkUeIuUbS4bLPjRQsf3ly1K3fY=
+github.com/free5gc/openapi v1.0.7-0.20240206085156-20cdf964e9da/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
 github.com/free5gc/sctp v0.0.0-20231121085449-400a702ea7f9 h1:L02UI8oODfXgH1fGzWWuWF4zyze4IScEFm20q3PKZdE=
 github.com/free5gc/sctp v0.0.0-20231121085449-400a702ea7f9/go.mod h1:Nr81VlvMkBHZsCbWPXjosBh+SWLdeEyz8o0OrS110Ic=
 github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94 h1:tNylIqH/m5Kq+3KuC+jjXGl06Y6EmM8yq61ZUgNrPBY=

internal/context/context.go

@@ -46,7 +46,7 @@ func init() {
 }
 
 type NFContext interface {
-	AuthorizationCheck(token, serviceName string) error
+	AuthorizationCheck(token string, serviceName models.ServiceName) error
 }
 
 var _ NFContext = &AMFContext{}
@@ -567,12 +567,17 @@ func (c *AMFContext) GetTokenCtx(serviceName models.ServiceName, targetNF models
 		c.NfId, c.NrfUri, string(serviceName))
 }
 
-func (c *AMFContext) AuthorizationCheck(token, serviceName string) error {
+func (c *AMFContext) AuthorizationCheck(token string, serviceName models.ServiceName) error {
 	if !c.OAuth2Required {
 		logger.UtilLog.Debugf("AMFContext::AuthorizationCheck: OAuth2 not required\n")
 		return nil
 	}
+	// TODO: free5gc webconsole uses namf-oam but it can't get token since it's not an NF.
+	if serviceName == models.ServiceName_NAMF_OAM {
+		logger.UtilLog.Warnf("OAuth2 is enable but namf-oam didn't check token now.")
+		return nil
+	}
 
 	logger.UtilLog.Debugf("AMFContext::AuthorizationCheck: token[%s] serviceName[%s]\n", token, serviceName)
-	return oauth.VerifyOAuth(token, serviceName, c.NrfCertPem)
+	return oauth.VerifyOAuth(token, string(serviceName), c.NrfCertPem)
 }

internal/sbi/communication/routers.go

@@ -24,8 +24,6 @@ import (
 	logger_util "github.com/free5gc/util/logger"
 )
 
-const serviceName string = string(models.ServiceName_NAMF_COMM)
-
 var HttpLog *logrus.Entry
 
 func init() {
@@ -57,7 +55,7 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AmfCommResUriPrefix)
 
-	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(serviceName)
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(models.ServiceName_NAMF_COMM)
 	group.Use(func(c *gin.Context) {
 		routerAuthorizationCheck.Check(c, amf_context.GetSelf())
 	})

internal/sbi/eventexposure/routers.go

@@ -23,8 +23,6 @@ import (
 	logger_util "github.com/free5gc/util/logger"
 )
 
-const serviceName string = string(models.ServiceName_NAMF_EVTS)
-
 // Route is the information for every URI.
 type Route struct {
 	// Name is the name of this Route.
@@ -50,7 +48,7 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AmfEvtsResUriPrefix)
 
-	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(serviceName)
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(models.ServiceName_NAMF_EVTS)
 	group.Use(func(c *gin.Context) {
 		routerAuthorizationCheck.Check(c, amf_context.GetSelf())
 	})

internal/sbi/location/routers.go

@@ -23,8 +23,6 @@ import (
 	logger_util "github.com/free5gc/util/logger"
 )
 
-const serviceName string = string(models.ServiceName_NAMF_LOC)
-
 // Route is the information for every URI.
 type Route struct {
 	// Name is the name of this Route.
@@ -50,7 +48,7 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AmfLocResUriPrefix)
 
-	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(serviceName)
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(models.ServiceName_NAMF_LOC)
 	group.Use(func(c *gin.Context) {
 		routerAuthorizationCheck.Check(c, amf_context.GetSelf())
 	})

internal/sbi/mt/routers.go

@@ -23,8 +23,6 @@ import (
 	logger_util "github.com/free5gc/util/logger"
 )
 
-const serviceName string = string(models.ServiceName_NAMF_MT)
-
 // Route is the information for every URI.
 type Route struct {
 	// Name is the name of this Route.
@@ -50,7 +48,7 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AmfMtResUriPrefix)
 
-	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(serviceName)
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(models.ServiceName_NAMF_MT)
 	group.Use(func(c *gin.Context) {
 		routerAuthorizationCheck.Check(c, amf_context.GetSelf())
 	})

internal/sbi/oam/routers.go

@@ -6,8 +6,11 @@ import (
 	"github.com/gin-contrib/cors"
 	"github.com/gin-gonic/gin"
 
+	amf_context "github.com/free5gc/amf/internal/context"
 	"github.com/free5gc/amf/internal/logger"
+	"github.com/free5gc/amf/internal/util"
 	"github.com/free5gc/amf/pkg/factory"
+	"github.com/free5gc/openapi/models"
 	logger_util "github.com/free5gc/util/logger"
 )
 
@@ -49,6 +52,11 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AmfOamResUriPrefix)
 
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(models.ServiceName_NAMF_OAM)
+	group.Use(func(c *gin.Context) {
+		routerAuthorizationCheck.Check(c, amf_context.GetSelf())
+	})
+
 	for _, route := range routes {
 		switch route.Method {
 		case "GET":

internal/util/router_auth_check.go

@@ -7,13 +7,14 @@ import (
 
 	amf_context "github.com/free5gc/amf/internal/context"
 	"github.com/free5gc/amf/internal/logger"
+	"github.com/free5gc/openapi/models"
 )
 
 type RouterAuthorizationCheck struct {
-	serviceName string
+	serviceName models.ServiceName
 }
 
-func NewRouterAuthorizationCheck(serviceName string) *RouterAuthorizationCheck {
+func NewRouterAuthorizationCheck(serviceName models.ServiceName) *RouterAuthorizationCheck {
 	return &RouterAuthorizationCheck{
 		serviceName: serviceName,
 	}

internal/util/router_auth_check_test.go

@@ -7,6 +7,8 @@ import (
 
 	"github.com/gin-gonic/gin"
 	"github.com/pkg/errors"
+
+	"github.com/free5gc/openapi/models"
 )
 
 const (
@@ -20,7 +22,7 @@ func newMockAMFContext() *mockAMFContext {
 	return &mockAMFContext{}
 }
 
-func (m *mockAMFContext) AuthorizationCheck(token string, serviceName string) error {
+func (m *mockAMFContext) AuthorizationCheck(token string, serviceName models.ServiceName) error {
 	if token == Valid {
 		return nil
 	}
@@ -81,7 +83,9 @@ func TestRouterAuthorizationCheck_Check(t *testing.T) {
 			}
 			c.Request.Header.Set("Authorization", tt.args.token)
 
-			rac := NewRouterAuthorizationCheck("testService")
+			var testService models.ServiceName = "testService"
+
+			rac := NewRouterAuthorizationCheck(testService)
 			rac.Check(c, newMockAMFContext())
 			if w.Code != tt.want.statusCode {
 				t.Errorf("StatusCode should be %d, but got %d", tt.want.statusCode, w.Code)