Merge pull request #25 from TYuan0816/feature/oauth2

Add OAuth2 on UDR

go.mod

@@ -5,11 +5,12 @@ go 1.17
 require (
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/evanphx/json-patch v0.5.2
-	github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6
+	github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693
 	github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808
 	github.com/gin-gonic/gin v1.9.1
 	github.com/google/uuid v1.3.0
 	github.com/mitchellh/mapstructure v1.4.3
+	github.com/pkg/errors v0.9.1
 	github.com/sirupsen/logrus v1.8.1
 	github.com/stretchr/testify v1.8.3
 	github.com/urfave/cli v1.22.5
@@ -43,7 +44,6 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
-	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/tim-ywliu/nested-logrus-formatter v1.3.2 // indirect

go.sum

@@ -61,8 +61,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v0.5.2 h1:xVCHIVMUu1wtM/VkR9jVZ45N3FhZfYMMYGorLCR8P3k=
 github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ=
-github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 h1:8P/wOkTAQMgZJe9pUUNSTE5PWeAdlMrsU9kLsI+VAVE=
-github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
+github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693 h1:gFyYBsErQAkx4OVHXYqjO0efO9gPWydQavQcjU0CkHY=
+github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
 github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808 h1:8/IoWEgcO2DLlLCqbsxwduD7CzXdKe/BFJU2tcAqnxo=
 github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808/go.mod h1:d+79g84a3YHhzvjJ2IhurrBOavOA8xWIQ/GCywPXqQk=
 github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q7OhCmWKU=

internal/context/context.go

@@ -76,6 +76,12 @@ type EeSubscriptionCollection struct {
 	AmfSubscriptionInfos []models.AmfSubscriptionInfo
 }
 
+type NFContext interface {
+	AuthorizationCheck(token string, serviceName models.ServiceName) error
+}
+
+var _ NFContext = &UDRContext{}
+
 // Reset UDR Context
 func (context *UDRContext) Reset() {
 	context.UESubsCollection.Range(func(key, value interface{}) bool {
@@ -177,23 +183,22 @@ func NewInfluenceDataSubscriptionId() string {
 	return fmt.Sprintf("%08x", GetSelf().InfluenceDataSubscriptionIDGenerator.Uint32())
 }
 
-func (c *UDRContext) GetTokenCtx(scope, targetNF string) (
+func (c *UDRContext) GetTokenCtx(serviceName models.ServiceName, targetNF models.NfType) (
 	context.Context, *models.ProblemDetails, error,
 ) {
 	if !c.OAuth2Required {
 		return context.TODO(), nil, nil
 	}
-	return oauth.GetTokenCtx(models.NfType_UDR,
-		c.NfId, c.NrfUri, scope, targetNF)
+	return oauth.GetTokenCtx(models.NfType_UDR, targetNF,
+		c.NfId, c.NrfUri, string(serviceName))
 }
 
-func (context *UDRContext) AuthorizationCheck(token, serviceName string) error {
-	if !context.OAuth2Required {
+func (c *UDRContext) AuthorizationCheck(token string, serviceName models.ServiceName) error {
+	if !c.OAuth2Required {
+		logger.UtilLog.Debugf("UDRContext::AuthorizationCheck: OAuth2 not required\n")
 		return nil
 	}
-	err := oauth.VerifyOAuth(token, serviceName, context.NrfCertPem)
-	if err != nil {
-		return err
-	}
-	return nil
+
+	logger.UtilLog.Debugf("UDRContext::AuthorizationCheck: token[%s] serviceName[%s]\n", token, serviceName)
+	return oauth.VerifyOAuth(token, string(serviceName), c.NrfCertPem)
 }

internal/sbi/consumer/nf_discovery.go

@@ -18,7 +18,7 @@ func SendSearchNFInstances(nrfUri string, targetNfType, requestNfType models.NfT
 	configuration.SetBasePath(nrfUri)
 	client := Nnrf_NFDiscovery.NewAPIClient(configuration)
 
-	ctx, _, err := udr_context.GetSelf().GetTokenCtx("nnrf-disc", "NRF")
+	ctx, _, err := udr_context.GetSelf().GetTokenCtx(models.ServiceName_NNRF_DISC, models.NfType_NRF)
 	if err != nil {
 		return nil, err
 	}

internal/sbi/consumer/nf_managemant.go

@@ -1,7 +1,6 @@
 package consumer
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 	"strings"
@@ -72,8 +71,13 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil
 	var resouceNrfUri string
 	var retrieveNfInstanceId string
 
+	ctx, _, err := udr_context.GetSelf().GetTokenCtx(models.ServiceName_NNRF_NFM, models.NfType_NRF)
+	if err != nil {
+		return "", "", err
+	}
+
 	for {
-		nf, res, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(context.TODO(), nfInstanceId, profile)
+		nf, res, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(ctx, nfInstanceId, profile)
 		if err != nil || res == nil {
 			// TODO : add log
 			fmt.Println(fmt.Errorf("UDR register to NRF Error[%s]", err.Error()))
@@ -119,7 +123,7 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil
 func SendDeregisterNFInstance() (problemDetails *models.ProblemDetails, err error) {
 	logger.ConsumerLog.Infof("Send Deregister NFInstance")
 
-	ctx, pd, err := udr_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF")
+	ctx, pd, err := udr_context.GetSelf().GetTokenCtx(models.ServiceName_NNRF_NFM, models.NfType_NRF)
 	if err != nil {
 		return pd, err
 	}

internal/sbi/datarepository/api_access_and_mobility_subscription_data_document.go

@@ -23,12 +23,6 @@ import (
 
 // HTTPQueryAmData - Retrieves the access and mobility subscription data of a UE
 func HTTPQueryAmData(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Params.ByName("ueId")
 	req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId")

internal/sbi/datarepository/api_amf3_gpp_access_registration_document.go

@@ -23,12 +23,6 @@ import (
 
 // HTTPAmfContext3gpp - To modify the AMF context data of a UE using 3gpp access in the UDR
 func HTTPAmfContext3gpp(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var patchItemArray []models.PatchItem
 
 	requestBody, err := c.GetRawData()
@@ -78,12 +72,6 @@ func HTTPAmfContext3gpp(c *gin.Context) {
 
 // HTTPCreateAmfContext3gpp - To store the AMF context data of a UE using 3gpp access in the UDR
 func HTTPCreateAmfContext3gpp(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var amf3GppAccessRegistration models.Amf3GppAccessRegistration
 
 	requestBody, err := c.GetRawData()
@@ -133,12 +121,6 @@ func HTTPCreateAmfContext3gpp(c *gin.Context) {
 
 // HTTPQueryAmfContext3gpp - Retrieves the AMF context data of a UE using 3gpp access
 func HTTPQueryAmfContext3gpp(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Params.ByName("ueId")
 

internal/sbi/datarepository/api_amf_non3_gpp_access_registration_document.go

@@ -23,12 +23,6 @@ import (
 
 // HTTPAmfContextNon3gpp - To modify the AMF context data of a UE using non 3gpp access in the UDR
 func HTTPAmfContextNon3gpp(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var patchItemArray []models.PatchItem
 
 	requestBody, err := c.GetRawData()
@@ -78,12 +72,6 @@ func HTTPAmfContextNon3gpp(c *gin.Context) {
 
 // HTTPCreateAmfContextNon3gpp - To store the AMF context data of a UE using non-3gpp access in the UDR
 func HTTPCreateAmfContextNon3gpp(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var amfNon3GppAccessRegistration models.AmfNon3GppAccessRegistration
 
 	requestBody, err := c.GetRawData()
@@ -133,12 +121,6 @@ func HTTPCreateAmfContextNon3gpp(c *gin.Context) {
 
 // HTTPQueryAmfContextNon3gpp - Retrieves the AMF context data of a UE using non-3gpp access
 func HTTPQueryAmfContextNon3gpp(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Params.ByName("ueId")
 

internal/sbi/datarepository/api_amf_subscription_info_document.go

@@ -23,12 +23,6 @@ import (
 
 // HTTPModifyAmfSubscriptionInfo - modify the AMF Subscription Info
 func HTTPModifyAmfSubscriptionInfo(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var patchItemArray []models.PatchItem
 
 	requestBody, err := c.GetRawData()

internal/sbi/datarepository/api_authentication_data_document.go

@@ -23,12 +23,6 @@ import (
 
 // HTTPModifyAuthentication - modify the authentication subscription data of a UE
 func HTTPModifyAuthentication(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var patchItemArray []models.PatchItem
 
 	requestBody, err := c.GetRawData()
@@ -78,12 +72,6 @@ func HTTPModifyAuthentication(c *gin.Context) {
 
 // HTTPQueryAuthSubsData - Retrieves the authentication subscription data of a UE
 func HTTPQueryAuthSubsData(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Params.ByName("ueId")
 

internal/sbi/datarepository/api_authentication_so_r_document.go

@@ -23,12 +23,6 @@ import (
 
 // HTTPCreateAuthenticationSoR - To store the SoR acknowledgement information of a UE
 func HTTPCreateAuthenticationSoR(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var sorData models.SorData
 
 	requestBody, err := c.GetRawData()
@@ -78,12 +72,6 @@ func HTTPCreateAuthenticationSoR(c *gin.Context) {
 
 // HTTPQueryAuthSoR - Retrieves the SoR acknowledgement information of a UE
 func HTTPQueryAuthSoR(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Params.ByName("ueId")
 

internal/sbi/datarepository/api_authentication_status_document.go

@@ -23,12 +23,6 @@ import (
 
 // HTTPCreateAuthenticationStatus - To store the Authentication Status data of a UE
 func HTTPCreateAuthenticationStatus(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	var authEvent models.AuthEvent
 
 	requestBody, err := c.GetRawData()
@@ -78,12 +72,6 @@ func HTTPCreateAuthenticationStatus(c *gin.Context) {
 
 // HTTPQueryAuthenticationStatus - Retrieves the Authentication Status of a UE
 func HTTPQueryAuthenticationStatus(c *gin.Context) {
-	auth_err := authorizationCheck(c)
-	if auth_err != nil {
-		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
-		return
-	}
-
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Params.ByName("ueId")