Merge pull request #30 from andy89923/refactor/auth-logic

Refactor: Move AuthorizationCheck() to context.go
free5gc · Dec 26, 2023 · 26fb5a1 · 26fb5a1
2 parents 80caa1c + 8c5d435
commit 26fb5a1
Show file tree

Hide file tree

Showing 9 changed files with 56 additions and 28 deletions.
diff --git a/internal/context/context.go b/internal/context/context.go
@@ -184,3 +184,14 @@ func SignNFCert(nfType, nfId string) error {
 func GetSelf() *NRFContext {
 	return &nrfContext
 }
+
+func (context *NRFContext) AuthorizationCheck(token, serviceName string) error {
+	if !factory.NrfConfig.GetOAuth() {
+		return nil
+	}
+	err := oauth.VerifyOAuth(token, serviceName, factory.NrfConfig.GetNrfCertPemPath())
+	if err != nil {
+		return err
+	}
+	return nil
+}
diff --git a/internal/sbi/discovery/api_nf_instances_store.go b/internal/sbi/discovery/api_nf_instances_store.go
@@ -25,6 +25,7 @@ import (
 func HTTPSearchNFInstances(c *gin.Context) {
 	auth_err := authorizationCheck(c)
 	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
 		return
 	}
 

diff --git a/internal/sbi/discovery/routers.go b/internal/sbi/discovery/routers.go
@@ -15,8 +15,8 @@ import (
 
 	"github.com/gin-gonic/gin"
 
+	nrf_context "github.com/free5gc/nrf/internal/context"
 	"github.com/free5gc/nrf/internal/logger"
-	"github.com/free5gc/nrf/internal/util"
 	"github.com/free5gc/nrf/pkg/factory"
 	logger_util "github.com/free5gc/util/logger"
 )
@@ -44,7 +44,8 @@ func NewRouter() *gin.Engine {
 }
 
 func authorizationCheck(c *gin.Context) error {
-	return util.AuthorizationCheck(c, "nnrf-disc")
+	token := c.Request.Header.Get("Authorization")
+	return nrf_context.GetSelf().AuthorizationCheck(token, "nnrf-disc")
 }
 
 func AddService(engine *gin.Engine) *gin.RouterGroup {

diff --git a/internal/sbi/management/api_nf_instance_id_document.go b/internal/sbi/management/api_nf_instance_id_document.go
@@ -25,6 +25,7 @@ import (
 func HTTPDeregisterNFInstance(c *gin.Context) {
 	auth_err := authorizationCheck(c)
 	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
 		return
 	}
 
@@ -49,6 +50,12 @@ func HTTPDeregisterNFInstance(c *gin.Context) {
 
 // GetNFInstance - Read the profile of a given NF Instance
 func HTTPGetNFInstance(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
+		return
+	}
+
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["nfInstanceID"] = c.Params.ByName("nfInstanceID")
 
@@ -72,6 +79,7 @@ func HTTPGetNFInstance(c *gin.Context) {
 func HTTPRegisterNFInstance(c *gin.Context) {
 	// auth_err := authorizationCheck(c)
 	// if auth_err != nil {
+	// 	c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
 	// 	return
 	// }
 
@@ -131,6 +139,12 @@ func HTTPRegisterNFInstance(c *gin.Context) {
 
 // UpdateNFInstance - Update NF Instance profile
 func HTTPUpdateNFInstance(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
+		return
+	}
+
 	// step 1: retrieve http request body
 	requestBody, err := c.GetRawData()
 	if err != nil {

diff --git a/internal/sbi/management/api_nf_instances_store.go b/internal/sbi/management/api_nf_instances_store.go
@@ -23,6 +23,12 @@ import (
 
 // GetNFInstances - Retrieves a collection of NF Instances
 func HTTPGetNFInstances(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
+		return
+	}
+
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Query = c.Request.URL.Query()
 

diff --git a/internal/sbi/management/api_subscription_id_document.go b/internal/sbi/management/api_subscription_id_document.go
@@ -23,6 +23,12 @@ import (
 
 // RemoveSubscription - Deletes a subscription
 func HTTPRemoveSubscription(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
+		return
+	}
+
 	req := httpwrapper.NewRequest(c.Request, nil)
 	req.Params["subscriptionID"] = c.Params.ByName("subscriptionID")
 
@@ -44,6 +50,12 @@ func HTTPRemoveSubscription(c *gin.Context) {
 
 // UpdateSubscription - Updates a subscription
 func HTTPUpdateSubscription(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
+		return
+	}
+
 	requestBody, err := c.GetRawData()
 	if err != nil {
 		problemDetail := models.ProblemDetails{

diff --git a/internal/sbi/management/api_subscriptions_collection.go b/internal/sbi/management/api_subscriptions_collection.go
@@ -25,6 +25,12 @@ import (
 
 // CreateSubscription - Create a new subscription
 func HTTPCreateSubscription(c *gin.Context) {
+	auth_err := authorizationCheck(c)
+	if auth_err != nil {
+		c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()})
+		return
+	}
+
 	var subscription models.NrfSubscriptionData
 
 	// step 1: retrieve http request body

diff --git a/internal/sbi/management/routers.go b/internal/sbi/management/routers.go
@@ -15,8 +15,8 @@ import (
 
 	"github.com/gin-gonic/gin"
 
+	nrf_context "github.com/free5gc/nrf/internal/context"
 	"github.com/free5gc/nrf/internal/logger"
-	"github.com/free5gc/nrf/internal/util"
 	"github.com/free5gc/nrf/pkg/factory"
 	logger_util "github.com/free5gc/util/logger"
 )
@@ -44,7 +44,8 @@ func NewRouter() *gin.Engine {
 }
 
 func authorizationCheck(c *gin.Context) error {
-	return util.AuthorizationCheck(c, "nnrf-nfm")
+	token := c.Request.Header.Get("Authorization")
+	return nrf_context.GetSelf().AuthorizationCheck(token, "nnrf-nfm")
 }
 
 func AddService(engine *gin.Engine) *gin.RouterGroup {

diff --git a/internal/util/nf_authorization.go b/internal/util/nf_authorization.go