Feature: Support OAuth2

free5gc · Nov 8, 2023 · 10ea600 · 10ea600
1 parent 4f04786
commit 10ea600
Show file tree

Hide file tree

Showing 23 changed files with 157 additions and 14 deletions.
diff --git a/internal/context/context.go b/internal/context/context.go
@@ -50,8 +50,6 @@ type UDMContext struct {
 	SubscriptionOfSharedDataChange sync.Map                     // subscriptionID as key
 	SuciProfiles                   []suci.SuciProfile
 	EeSubscriptionIDGenerator      *idgenerator.IDGenerator
-	ClientMap                      sync.Map
-	TokenMap                       sync.Map
 }
 
 type UdmUeContext struct {

diff --git a/internal/sbi/consumer/nf_discovery.go b/internal/sbi/consumer/nf_discovery.go
@@ -1,7 +1,6 @@
 package consumer
 
 import (
-	"context"
 	"fmt"
 	"net/http"
 
@@ -21,27 +20,28 @@ const (
 
 func SendNFIntances(nrfUri string, targetNfType, requestNfType models.NfType,
 	param Nnrf_NFDiscovery.SearchNFInstancesParamOpts,
-) (result models.SearchResult, err error) {
+) (*models.SearchResult, error) {
 	configuration := Nnrf_NFDiscovery.NewConfiguration()
 	configuration.SetBasePath(nrfUri) // addr
 	clientNRF := Nnrf_NFDiscovery.NewAPIClient(configuration)
 
-	result, res, err1 := clientNRF.NFInstancesStoreApi.SearchNFInstances(context.TODO(), targetNfType,
-		requestNfType, &param)
-	if err1 != nil {
-		err = err1
-		return
+	ctx, _, err := GetTokenCtx("nnrf-disc", "NRF")
+	if err != nil {
+		return nil, err
+	}
+
+	result, res, err := clientNRF.NFInstancesStoreApi.SearchNFInstances(ctx, targetNfType, requestNfType, &param)
+	if res != nil && res.StatusCode == http.StatusTemporaryRedirect {
+		err = fmt.Errorf("Temporary Redirect For Non NRF Consumer")
+		return nil, err
 	}
+
 	defer func() {
 		if rspCloseErr := res.Body.Close(); rspCloseErr != nil {
 			logger.ConsumerLog.Errorf("SearchNFInstances response body cannot close: %+v", rspCloseErr)
 		}
 	}()
-
-	if res != nil && res.StatusCode == http.StatusTemporaryRedirect {
-		err = fmt.Errorf("Temporary Redirect For Non NRF Consumer")
-	}
-	return
+	return &result, err
 }
 
 func SendNFIntancesUDR(id string, types int) string {

diff --git a/internal/sbi/eventexposure/api_create_ee_subscription.go b/internal/sbi/eventexposure/api_create_ee_subscription.go
@@ -23,6 +23,11 @@ import (
 
 // HTTPCreateEeSubscription - Subscribe
 func HTTPCreateEeSubscription(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var eeSubscriptionReq models.EeSubscription
 
 	requestBody, err := c.GetRawData()

diff --git a/internal/sbi/eventexposure/api_delete_ee_subscription.go b/internal/sbi/eventexposure/api_delete_ee_subscription.go
@@ -18,6 +18,11 @@ import (
 
 // DeleteEeSubscription - Unsubscribe
 func HTTPDeleteEeSubscription(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueIdentity"] = c.Params.ByName("ueIdentity")
 	req.Params["subscriptionID"] = c.Params.ByName("subscriptionId")

diff --git a/internal/sbi/eventexposure/api_update_ee_subscription.go b/internal/sbi/eventexposure/api_update_ee_subscription.go
@@ -23,6 +23,11 @@ import (
 
 // UpdateEeSubscription - Patch
 func HTTPUpdateEeSubscription(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var patchList []models.PatchItem
 
 	requestBody, err := c.GetRawData()

diff --git a/internal/sbi/eventexposure/routers.go b/internal/sbi/eventexposure/routers.go
@@ -16,6 +16,7 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"github.com/free5gc/udm/internal/logger"
+	"github.com/free5gc/udm/internal/util"
 	"github.com/free5gc/udm/pkg/factory"
 	logger_util "github.com/free5gc/util/logger"
 )
@@ -42,6 +43,10 @@ func NewRouter() *gin.Engine {
 	return router
 }
 
+func authorizationCheck(c *gin.Context) error {
+	return util.AuthorizationCheck(c, "nudm-ee")
+}
+
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.UdmEeResUriPrefix)
 

diff --git a/internal/sbi/httpcallback/data_change_notification_to_nf.go b/internal/sbi/httpcallback/data_change_notification_to_nf.go
@@ -13,6 +13,10 @@ import (
 )
 
 func HTTPDataChangeNotificationToNF(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
 	var dataChangeNotify models.DataChangeNotify
 	// step 1: retrieve http request body
 	requestBody, err := c.GetRawData()

diff --git a/internal/sbi/httpcallback/router.go b/internal/sbi/httpcallback/router.go
@@ -8,6 +8,7 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/free5gc/udm/internal/logger"
+	"github.com/free5gc/udm/internal/util"
 	logger_util "github.com/free5gc/util/logger"
 )
 
@@ -39,6 +40,10 @@ func NewRouter() *gin.Engine {
 	return router
 }
 
+func authorizationCheck(c *gin.Context) error {
+	return util.AuthorizationCheck(c, "nudm-sdm")
+}
+
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group("")
 

diff --git a/internal/sbi/parameterprovision/api_subscription_data_update.go b/internal/sbi/parameterprovision/api_subscription_data_update.go
@@ -23,6 +23,10 @@ import (
 
 // Update - provision parameters
 func HTTPUpdate(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
 	var ppDataReq models.PpData
 
 	// step 1: retrieve http request body

diff --git a/internal/sbi/parameterprovision/routers.go b/internal/sbi/parameterprovision/routers.go
@@ -16,6 +16,7 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"github.com/free5gc/udm/internal/logger"
+	"github.com/free5gc/udm/internal/util"
 	"github.com/free5gc/udm/pkg/factory"
 	logger_util "github.com/free5gc/util/logger"
 )
@@ -42,6 +43,10 @@ func NewRouter() *gin.Engine {
 	return router
 }
 
+func authorizationCheck(c *gin.Context) error {
+	return util.AuthorizationCheck(c, "nudm-pp")
+}
+
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.UdmPpResUriPrefix)
 

diff --git a/internal/sbi/subscriberdatamanagement/routers.go b/internal/sbi/subscriberdatamanagement/routers.go
@@ -16,6 +16,7 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"github.com/free5gc/udm/internal/logger"
+	"github.com/free5gc/udm/internal/util"
 	"github.com/free5gc/udm/pkg/factory"
 	logger_util "github.com/free5gc/util/logger"
 )
@@ -43,6 +44,11 @@ func NewRouter() *gin.Engine {
 }
 
 func oneLayerPathHandlerFunc(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	supi := c.Param("supi")
 	for _, route := range oneLayerPathRouter {
 		if strings.Contains(route.Pattern, supi) && route.Method == c.Request.Method {
@@ -61,6 +67,11 @@ func oneLayerPathHandlerFunc(c *gin.Context) {
 }
 
 func twoLayerPathHandlerFunc(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	supi := c.Param("supi")
 	op := c.Param("subscriptionId")
 
@@ -94,6 +105,11 @@ func twoLayerPathHandlerFunc(c *gin.Context) {
 }
 
 func threeLayerPathHandlerFunc(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	op := c.Param("subscriptionId")
 
 	// for "/:supi/sdm-subscriptions/:subscriptionId"
@@ -125,6 +141,10 @@ func threeLayerPathHandlerFunc(c *gin.Context) {
 	c.String(http.StatusNotFound, "404 page not found")
 }
 
+func authorizationCheck(c *gin.Context) error {
+	return util.AuthorizationCheck(c, "nudm-sdm")
+}
+
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.UdmSdmResUriPrefix)
 

diff --git a/internal/sbi/ueauthentication/api_confirm_auth.go b/internal/sbi/ueauthentication/api_confirm_auth.go
@@ -23,6 +23,11 @@ import (
 
 // ConfirmAuth - Create a new confirmation event
 func HTTPConfirmAuth(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var authEvent models.AuthEvent
 	// step 1: retrieve http request body
 	requestBody, err := c.GetRawData()

diff --git a/internal/sbi/ueauthentication/routers.go b/internal/sbi/ueauthentication/routers.go
@@ -17,6 +17,7 @@ import (
 	"github.com/sirupsen/logrus"
 
 	"github.com/free5gc/udm/internal/logger"
+	"github.com/free5gc/udm/internal/util"
 	"github.com/free5gc/udm/pkg/factory"
 	logger_util "github.com/free5gc/util/logger"
 )
@@ -50,6 +51,11 @@ func NewRouter() *gin.Engine {
 }
 
 func genAuthDataHandlerFunc(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	c.Params = append(c.Params, gin.Param{Key: "supiOrSuci", Value: c.Param("supi")})
 	if strings.ToUpper("Post") == c.Request.Method {
 		HttpGenerateAuthData(c)
@@ -59,6 +65,10 @@ func genAuthDataHandlerFunc(c *gin.Context) {
 	c.String(http.StatusNotFound, "404 page not found")
 }
 
+func authorizationCheck(c *gin.Context) error {
+	return util.AuthorizationCheck(c, "nudm-ueau")
+}
+
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.UdmUeauResUriPrefix)
 

diff --git a/internal/sbi/uecontextmanagement/api_amf3_gpp_access_registration_info_retrieval.go b/internal/sbi/uecontextmanagement/api_amf3_gpp_access_registration_info_retrieval.go
@@ -23,6 +23,11 @@ import (
 
 // GetAmf3gppAccess - retrieve the AMF registration for 3GPP access information
 func HTTPGetAmf3gppAccess(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Param("ueId")
 	req.Query.Add("supported-features", c.Query("supported-features"))

diff --git a/internal/sbi/uecontextmanagement/api_amf_non3_gpp_access_registration_info_retrieval.go b/internal/sbi/uecontextmanagement/api_amf_non3_gpp_access_registration_info_retrieval.go
@@ -23,6 +23,11 @@ import (
 
 // GetAmfNon3gppAccess - retrieve the AMF registration for non-3GPP access information
 func HTTPGetAmfNon3gppAccess(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Param("ueId")
 	req.Query.Add("supported-features", c.Query("supported-features"))

diff --git a/internal/sbi/uecontextmanagement/api_amf_registration_for3_gpp_access.go b/internal/sbi/uecontextmanagement/api_amf_registration_for3_gpp_access.go
@@ -23,6 +23,11 @@ import (
 
 // RegistrationAmf3gppAccess - register as AMF for 3GPP access
 func HTTPRegistrationAmf3gppAccess(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var amf3GppAccessRegistration models.Amf3GppAccessRegistration
 	// step 1: retrieve http request body
 	requestBody, err := c.GetRawData()

diff --git a/internal/sbi/uecontextmanagement/api_amf_registration_for_non3_gpp_access.go b/internal/sbi/uecontextmanagement/api_amf_registration_for_non3_gpp_access.go
@@ -23,6 +23,11 @@ import (
 
 // Register - register as AMF for non-3GPP access
 func HTTPRegistrationAmfNon3gppAccess(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var amfNon3GppAccessRegistration models.AmfNon3GppAccessRegistration
 
 	// step 1: retrieve http request body

diff --git a/...l/sbi/uecontextmanagement/api_parameter_update_in_the_amf_registration_for3_gpp_access.go b/...l/sbi/uecontextmanagement/api_parameter_update_in_the_amf_registration_for3_gpp_access.go
@@ -23,6 +23,11 @@ import (
 
 // UpdateAmf3gppAccess - Update a parameter in the AMF registration for 3GPP access
 func HTTPUpdateAmf3gppAccess(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var amf3GppAccessRegistrationModification models.Amf3GppAccessRegistrationModification
 
 	// step 1: retrieve http request body

diff --git a/...i/uecontextmanagement/api_parameter_update_in_the_amf_registration_for_non3_gpp_access.go b/...i/uecontextmanagement/api_parameter_update_in_the_amf_registration_for_non3_gpp_access.go
@@ -23,6 +23,11 @@ import (
 
 // UpdateAmfNon3gppAccess - update a parameter in the AMF registration for non-3GPP access
 func HTTPUpdateAmfNon3gppAccess(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var amfNon3GppAccessRegistrationModification models.AmfNon3GppAccessRegistrationModification
 	// step 1: retrieve http request body
 	requestBody, err := c.GetRawData()

diff --git a/internal/sbi/uecontextmanagement/api_smf_deregistration.go b/internal/sbi/uecontextmanagement/api_smf_deregistration.go
@@ -23,6 +23,11 @@ import (
 
 // DeregistrationSmfRegistrations - delete an SMF registration
 func HTTPDeregistrationSmfRegistrations(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["ueId"] = c.Params.ByName("ueId")
 	req.Params["pduSessionId"] = c.Params.ByName("pduSessionId")

diff --git a/internal/sbi/uecontextmanagement/api_smf_registration.go b/internal/sbi/uecontextmanagement/api_smf_registration.go
@@ -23,6 +23,11 @@ import (
 
 // RegistrationSmfRegistrations - register as SMF
 func HTTPRegistrationSmfRegistrations(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		return
+	}
+
 	var smfRegistration models.SmfRegistration
 
 	// step 1: retrieve http request body

diff --git a/internal/sbi/uecontextmanagement/routers.go b/internal/sbi/uecontextmanagement/routers.go
@@ -16,6 +16,7 @@ import (
 	"github.com/gin-gonic/gin"
 
 	"github.com/free5gc/udm/internal/logger"
+	"github.com/free5gc/udm/internal/util"
 	"github.com/free5gc/udm/pkg/factory"
 	logger_util "github.com/free5gc/util/logger"
 )
@@ -42,6 +43,10 @@ func NewRouter() *gin.Engine {
 	return router
 }
 
+func authorizationCheck(c *gin.Context) error {
+	return util.AuthorizationCheck(c, "nudm-uecm")
+}
+
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.UdmUecmResUriPrefix)