Skip to content

Commit

Permalink
Merge pull request #120 from tim1207/feature/oauth2
Browse files Browse the repository at this point in the history
Feature/oauth2
  • Loading branch information
ianchen0119 authored Feb 6, 2024
2 parents c19b0b4 + db35588 commit 5cd14b2
Show file tree
Hide file tree
Showing 19 changed files with 340 additions and 53 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ require (
github.com/free5gc/aper v1.0.5-0.20230614030933-c73735898582
github.com/free5gc/nas v1.1.2-0.20230828074825-175b09665828
github.com/free5gc/ngap v1.0.7-0.20230614061954-9c128114ab1f
github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6
github.com/free5gc/openapi v1.0.7-0.20240206085156-20cdf964e9da
github.com/free5gc/sctp v0.0.0-20231121085449-400a702ea7f9
github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94
github.com/gin-contrib/cors v1.3.1
Expand Down
6 changes: 4 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,10 @@ github.com/free5gc/nas v1.1.2-0.20230828074825-175b09665828/go.mod h1:fjWwpyp7/w
github.com/free5gc/ngap v1.0.7-0.20230614061954-9c128114ab1f h1:wgXjoknZ7JJoZ72J15g/f2/0DgdCpfcTg189lnhUPuY=
github.com/free5gc/ngap v1.0.7-0.20230614061954-9c128114ab1f/go.mod h1:lKA1sLTYM3CGEBhZVxkGGJIkai5+Bvy2yHIMhb7Vx/k=
github.com/free5gc/openapi v1.0.6/go.mod h1:iw/N0E+FlX44EEx24IBi2EdZW8v+bkj3ETWPGnlK9DI=
github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6 h1:8P/wOkTAQMgZJe9pUUNSTE5PWeAdlMrsU9kLsI+VAVE=
github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693 h1:gFyYBsErQAkx4OVHXYqjO0efO9gPWydQavQcjU0CkHY=
github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
github.com/free5gc/openapi v1.0.7-0.20240206085156-20cdf964e9da h1:vr8v4Fere76nfj0SWpkUeIuUbS4bLPjRQsf3ly1K3fY=
github.com/free5gc/openapi v1.0.7-0.20240206085156-20cdf964e9da/go.mod h1:qv9KqEucoZSeENPRFGxfTe+33ZWYyiYFx1Rj+H0DoWA=
github.com/free5gc/sctp v0.0.0-20231121085449-400a702ea7f9 h1:L02UI8oODfXgH1fGzWWuWF4zyze4IScEFm20q3PKZdE=
github.com/free5gc/sctp v0.0.0-20231121085449-400a702ea7f9/go.mod h1:Nr81VlvMkBHZsCbWPXjosBh+SWLdeEyz8o0OrS110Ic=
github.com/free5gc/util v1.0.5-0.20231001095115-433858e5be94 h1:tNylIqH/m5Kq+3KuC+jjXGl06Y6EmM8yq61ZUgNrPBY=
Expand Down
27 changes: 24 additions & 3 deletions internal/context/context.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ func init() {
amfUeNGAPIDGenerator = idgenerator.NewGenerator(1, MaxValueOfAmfUeNgapId)
}

type NFContext interface {
AuthorizationCheck(token string, serviceName models.ServiceName) error
}

var _ NFContext = &AMFContext{}

type AMFContext struct {
EventSubscriptionIDGenerator *idgenerator.IDGenerator
EventSubscriptions sync.Map
Expand Down Expand Up @@ -551,12 +557,27 @@ func GetSelf() *AMFContext {
return &amfContext
}

func (c *AMFContext) GetTokenCtx(scope, targetNF string) (
func (c *AMFContext) GetTokenCtx(serviceName models.ServiceName, targetNF models.NfType) (
context.Context, *models.ProblemDetails, error,
) {
if !c.OAuth2Required {
return context.TODO(), nil, nil
}
return oauth.GetTokenCtx(models.NfType_AMF,
c.NfId, c.NrfUri, scope, targetNF)
return oauth.GetTokenCtx(models.NfType_AMF, targetNF,
c.NfId, c.NrfUri, string(serviceName))
}

func (c *AMFContext) AuthorizationCheck(token string, serviceName models.ServiceName) error {
if !c.OAuth2Required {
logger.UtilLog.Debugf("AMFContext::AuthorizationCheck: OAuth2 not required\n")
return nil
}
// TODO: free5gc webconsole uses namf-oam but it can't get token since it's not an NF.
if serviceName == models.ServiceName_NAMF_OAM {
logger.UtilLog.Warnf("OAuth2 is enable but namf-oam didn't check token now.")
return nil
}

logger.UtilLog.Debugf("AMFContext::AuthorizationCheck: token[%s] serviceName[%s]\n", token, serviceName)
return oauth.VerifyOAuth(token, string(serviceName), c.NrfCertPem)
}
8 changes: 8 additions & 0 deletions internal/sbi/communication/routers.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,11 @@ import (
"github.com/gin-gonic/gin"
"github.com/sirupsen/logrus"

amf_context "github.com/free5gc/amf/internal/context"
"github.com/free5gc/amf/internal/logger"
"github.com/free5gc/amf/internal/util"
"github.com/free5gc/amf/pkg/factory"
"github.com/free5gc/openapi/models"
logger_util "github.com/free5gc/util/logger"
)

Expand Down Expand Up @@ -52,6 +55,11 @@ func NewRouter() *gin.Engine {
func AddService(engine *gin.Engine) *gin.RouterGroup {
group := engine.Group(factory.AmfCommResUriPrefix)

routerAuthorizationCheck := util.NewRouterAuthorizationCheck(models.ServiceName_NAMF_COMM)
group.Use(func(c *gin.Context) {
routerAuthorizationCheck.Check(c, amf_context.GetSelf())
})

for _, route := range routes {
switch route.Method {
case "GET":
Expand Down
25 changes: 17 additions & 8 deletions internal/sbi/consumer/am_policy.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package consumer

import (
"context"
"regexp"

amf_context "github.com/free5gc/amf/internal/context"
Expand All @@ -18,6 +17,10 @@ func AMPolicyControlCreate(ue *amf_context.AmfUe, anType models.AccessType) (*mo
client := Npcf_AMPolicy.NewAPIClient(configuration)

amfSelf := amf_context.GetSelf()
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NPCF_AM_POLICY_CONTROL, models.NfType_PCF)
if err != nil {
return nil, err
}

policyAssociationRequest := models.PolicyAssociationRequest{
NotificationUri: amfSelf.GetIPv4Uri() + factory.AmfCallbackResUriPrefix + "/am-policy/",
Expand All @@ -35,8 +38,7 @@ func AMPolicyControlCreate(ue *amf_context.AmfUe, anType models.AccessType) (*mo
if ue.AccessAndMobilitySubscriptionData != nil {
policyAssociationRequest.Rfsp = ue.AccessAndMobilitySubscriptionData.RfspIndex
}

res, httpResp, localErr := client.DefaultApi.PoliciesPost(context.Background(), policyAssociationRequest)
res, httpResp, localErr := client.DefaultApi.PoliciesPost(ctx, policyAssociationRequest)
defer func() {
if httpResp != nil {
if rspCloseErr := httpResp.Body.Close(); rspCloseErr != nil {
Expand Down Expand Up @@ -87,9 +89,13 @@ func AMPolicyControlUpdate(ue *amf_context.AmfUe, updateRequest models.PolicyAss
configuration := Npcf_AMPolicy.NewConfiguration()
configuration.SetBasePath(ue.PcfUri)
client := Npcf_AMPolicy.NewAPIClient(configuration)
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NPCF_AM_POLICY_CONTROL, models.NfType_PCF)
if err != nil {
return nil, err
}

res, httpResp, localErr := client.DefaultApi.PoliciesPolAssoIdUpdatePost(
context.Background(), ue.PolicyAssociationId, updateRequest)
ctx, ue.PolicyAssociationId, updateRequest)
defer func() {
if httpResp != nil {
if rspCloseErr := httpResp.Body.Close(); rspCloseErr != nil {
Expand Down Expand Up @@ -133,8 +139,12 @@ func AMPolicyControlDelete(ue *amf_context.AmfUe) (problemDetails *models.Proble
configuration := Npcf_AMPolicy.NewConfiguration()
configuration.SetBasePath(ue.PcfUri)
client := Npcf_AMPolicy.NewAPIClient(configuration)
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NPCF_AM_POLICY_CONTROL, models.NfType_PCF)
if err != nil {
return nil, err
}

httpResp, localErr := client.DefaultApi.PoliciesPolAssoIdDelete(context.Background(), ue.PolicyAssociationId)
httpResp, localErr := client.DefaultApi.PoliciesPolAssoIdDelete(ctx, ue.PolicyAssociationId)
defer func() {
if httpResp != nil {
if rspCloseErr := httpResp.Body.Close(); rspCloseErr != nil {
Expand All @@ -148,13 +158,12 @@ func AMPolicyControlDelete(ue *amf_context.AmfUe) (problemDetails *models.Proble
} else if httpResp != nil {
if httpResp.Status != localErr.Error() {
err = localErr
return
return nil, err
}
problem := localErr.(openapi.GenericOpenAPIError).Model().(models.ProblemDetails)
problemDetails = &problem
} else {
err = openapi.ReportError("server no response")
}

return
return problemDetails, err
}
28 changes: 22 additions & 6 deletions internal/sbi/consumer/communication.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package consumer

import (
"context"
"fmt"

amf_context "github.com/free5gc/amf/internal/context"
Expand Down Expand Up @@ -124,7 +123,11 @@ func CreateUEContextRequest(ue *amf_context.AmfUe, ueContextCreateData models.Ue
req := models.CreateUeContextRequest{
JsonData: &ueContextCreateData,
}
res, httpResp, localErr := client.IndividualUeContextDocumentApi.CreateUEContext(context.TODO(), ue.Guti, req)
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NAMF_COMM, models.NfType_AMF)
if err != nil {
return nil, nil, err
}
res, httpResp, localErr := client.IndividualUeContextDocumentApi.CreateUEContext(ctx, ue.Guti, req)
defer func() {
if httpResp != nil {
if rspCloseErr := httpResp.Body.Close(); rspCloseErr != nil {
Expand Down Expand Up @@ -170,9 +173,12 @@ func ReleaseUEContextRequest(ue *amf_context.AmfUe, ngapCause models.NgApCause)
ueContextRelease.Supi = ue.Supi
ueContextRelease.UnauthenticatedSupi = true
}

ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NAMF_COMM, models.NfType_AMF)
if err != nil {
return nil, err
}
httpResp, localErr := client.IndividualUeContextDocumentApi.ReleaseUEContext(
context.TODO(), ueContextId, ueContextRelease)
ctx, ueContextId, ueContextRelease)
defer func() {
if httpResp != nil {
if rspCloseErr := httpResp.Body.Close(); rspCloseErr != nil {
Expand Down Expand Up @@ -225,7 +231,11 @@ func UEContextTransferRequest(
// guti format is defined at TS 29.518 Table 6.1.3.2.2-1 5g-guti-[0-9]{5,6}[0-9a-fA-F]{14}
ueContextId := fmt.Sprintf("5g-guti-%s", ue.Guti)

res, httpResp, localErr := client.IndividualUeContextDocumentApi.UEContextTransfer(context.TODO(), ueContextId, req)
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NAMF_COMM, models.NfType_AMF)
if err != nil {
return nil, nil, err
}
res, httpResp, localErr := client.IndividualUeContextDocumentApi.UEContextTransfer(ctx, ueContextId, req)
defer func() {
if httpResp != nil {
if rspCloseErr := httpResp.Body.Close(); rspCloseErr != nil {
Expand Down Expand Up @@ -259,8 +269,14 @@ func RegistrationStatusUpdate(ue *amf_context.AmfUe, request models.UeRegStatusU
client := Namf_Communication.NewAPIClient(configuration)

ueContextId := fmt.Sprintf("5g-guti-%s", ue.Guti)

ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NAMF_COMM, models.NfType_AMF)
if err != nil {
return regStatusTransferComplete, nil, err
}

res, httpResp, localErr := client.IndividualUeContextDocumentApi.
RegistrationStatusUpdate(context.TODO(), ueContextId, request)
RegistrationStatusUpdate(ctx, ueContextId, request)
defer func() {
if httpResp != nil {
if rspCloseErr := httpResp.Body.Close(); rspCloseErr != nil {
Expand Down
2 changes: 1 addition & 1 deletion internal/sbi/consumer/nf_discovery.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ func SendSearchNFInstances(nrfUri string, targetNfType, requestNfType models.NfT
configuration.SetBasePath(nrfUri)
client := Nnrf_NFDiscovery.NewAPIClient(configuration)

ctx, _, err := amf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF")
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NNRF_DISC, models.NfType_NRF)
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion internal/sbi/consumer/nf_mangement.go
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil
func SendDeregisterNFInstance() (problemDetails *models.ProblemDetails, err error) {
logger.ConsumerLog.Infof("[AMF] Send Deregister NFInstance")

ctx, pd, err := amf_context.GetSelf().GetTokenCtx("nnrf-nfm", "NRF")
ctx, pd, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NNRF_NFM, models.NfType_NRF)
if err != nil {
return pd, err
}
Expand Down
14 changes: 11 additions & 3 deletions internal/sbi/consumer/nsselection.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package consumer

import (
"context"
"encoding/json"

"github.com/antihax/optional"
Expand All @@ -21,6 +20,10 @@ func NSSelectionGetForRegistration(ue *amf_context.AmfUe, requestedNssai []model
client := Nnssf_NSSelection.NewAPIClient(configuration)

amfSelf := amf_context.GetSelf()
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NNSSF_NSSELECTION, models.NfType_NSSF)
if err != nil {
return nil, err
}
sliceInfo := models.SliceInfoForRegistration{
SubscribedNssai: ue.SubscribedNssai,
}
Expand All @@ -40,7 +43,8 @@ func NSSelectionGetForRegistration(ue *amf_context.AmfUe, requestedNssai []model
SliceInfoRequestForRegistration: optional.NewInterface(string(e)),
}
}
res, httpResp, localErr := client.NetworkSliceInformationDocumentApi.NSSelectionGet(context.Background(),

res, httpResp, localErr := client.NetworkSliceInformationDocumentApi.NSSelectionGet(ctx,
models.NfType_AMF, amfSelf.NfId, &paramOpt)
defer func() {
if httpResp != nil {
Expand Down Expand Up @@ -90,7 +94,11 @@ func NSSelectionGetForPduSession(ue *amf_context.AmfUe, snssai models.Snssai) (
paramOpt := Nnssf_NSSelection.NSSelectionGetParamOpts{
SliceInfoRequestForPduSession: optional.NewInterface(string(e)),
}
res, httpResp, localErr := client.NetworkSliceInformationDocumentApi.NSSelectionGet(context.Background(),
ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NNSSF_NSSELECTION, models.NfType_NSSF)
if err != nil {
return nil, nil, err
}
res, httpResp, localErr := client.NetworkSliceInformationDocumentApi.NSSelectionGet(ctx,
models.NfType_AMF, amfSelf.NfId, &paramOpt)
defer func() {
if httpResp != nil {
Expand Down
21 changes: 15 additions & 6 deletions internal/sbi/consumer/sm_context.go
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
package consumer

import (
"context"
"fmt"
"net/url"
"strconv"
Expand Down Expand Up @@ -130,9 +129,12 @@ func SendCreateSmContextRequest(ue *amf_context.AmfUe, smContext *amf_context.Sm
configuration := Nsmf_PDUSession.NewConfiguration()
configuration.SetBasePath(smContext.SmfUri())
client := Nsmf_PDUSession.NewAPIClient(configuration)

ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NSMF_PDUSESSION, models.NfType_SMF)
if err != nil {
return nil, "", nil, nil, err
}
postSmContextReponse, httpResponse, err := client.SMContextsCollectionApi.
PostSmContexts(context.Background(), postSmContextsRequest)
PostSmContexts(ctx, postSmContextsRequest)
defer func() {
if httpResponse != nil {
if rspCloseErr := httpResponse.Body.Close(); rspCloseErr != nil {
Expand Down Expand Up @@ -435,8 +437,12 @@ func SendUpdateSmContextRequest(smContext *amf_context.SmContext,
updateSmContextRequest.BinaryDataN1SmMessage = n1Msg
updateSmContextRequest.BinaryDataN2SmInformation = n2Info

ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NSMF_PDUSESSION, models.NfType_SMF)
if err != nil {
return nil, nil, nil, err
}
updateSmContextReponse, httpResponse, err := client.IndividualSMContextApi.
UpdateSmContext(context.Background(), smContext.SmContextRef(),
UpdateSmContext(ctx, smContext.SmContextRef(),
updateSmContextRequest)
defer func() {
if httpResponse != nil {
Expand Down Expand Up @@ -481,9 +487,12 @@ func SendReleaseSmContextRequest(ue *amf_context.AmfUe, smContext *amf_context.S
releaseSmContextRequest := models.ReleaseSmContextRequest{
JsonData: &releaseData,
}

ctx, _, err := amf_context.GetSelf().GetTokenCtx(models.ServiceName_NSMF_PDUSESSION, models.NfType_SMF)
if err != nil {
return nil, err
}
response, err1 := client.IndividualSMContextApi.ReleaseSmContext(
context.Background(), smContext.SmContextRef(), releaseSmContextRequest)
ctx, smContext.SmContextRef(), releaseSmContextRequest)
defer func() {
if response != nil {
if rspCloseErr := response.Body.Close(); rspCloseErr != nil {
Expand Down
Loading

0 comments on commit 5cd14b2

Please sign in to comment.