Debug After Golangci-Lint Run on AUSF

free5gc · Jan 24, 2024 · f826954 · f826954
1 parent ea17cf1
commit f826954
Show file tree

Hide file tree

Showing 11 changed files with 179 additions and 9 deletions.
diff --git a/go.mod b/go.mod
@@ -6,7 +6,6 @@ require (
 	github.com/antihax/optional v1.0.0
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d
 	github.com/bronze1man/radius v0.0.0-20190516032554-afd8baec892d
-	github.com/free5gc/openapi v1.0.7-0.20231216094313-e15a4ff046f6
 	github.com/free5gc/openapi v1.0.7-0.20240117084712-52ad99299693
 	github.com/free5gc/util v1.0.5-0.20231205080047-308f623d6808
 	github.com/gin-gonic/gin v1.9.1

diff --git a/internal/context/context.go b/internal/context/context.go
@@ -167,14 +167,14 @@ func (a *AUSFContext) GetSelfID() string {
 	return a.NfId
 }
 
-func (c *AUSFContext) GetTokenCtx(scope string, targetNF model.NfType) (
+func (c *AUSFContext) GetTokenCtx(scope string, targetNF models.NfType) (
 	context.Context, *models.ProblemDetails, error,
 ) {
 	if !c.OAuth2Required {
 		return context.TODO(), nil, nil
 	}
 	return oauth.GetTokenCtx(models.NfType_AUSF, targetNF,
-		c.NfID, c.NrfUri, scope)
+		c.NfId, c.NrfUri, scope)
 }
 
 func (c *AUSFContext) AuthorizationCheck(token, serviceName string) error {

diff --git a/internal/sbi/consumer/nf_discovery.go b/internal/sbi/consumer/nf_discovery.go
@@ -22,8 +22,8 @@ func SendSearchNFInstances(nrfUri string, targetNfType, requestNfType models.NfT
 	configuration.SetBasePath(nrfUri)
 	client := Nnrf_NFDiscovery.NewAPIClient(configuration)
 
-	result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(ctx,
-		targetNfType, requestNfType, &param)
+	result, rsp, rspErr := client.NFInstancesStoreApi.SearchNFInstances(ctx, targetNfType, requestNfType, &param)
+
 	if rspErr != nil {
 		return nil, fmt.Errorf("NFInstancesStoreApi Response error: %+w", rspErr)
 	}

diff --git a/internal/sbi/consumer/nf_management.go b/internal/sbi/consumer/nf_management.go
@@ -40,9 +40,14 @@ func SendRegisterNFInstance(nrfUri, nfInstanceId string, profile models.NfProfil
 	configuration.SetBasePath(nrfUri)
 	client := Nnrf_NFManagement.NewAPIClient(configuration)
 
+	ctx, _, err := ausf_context.GetSelf().GetTokenCtx("nnrf-nfm", models.NfType_NRF)
+	if err != nil {
+		return "", "", err
+	}
+
 	var res *http.Response
 	for {
-		nf, resTmp, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(context.TODO(), nfInstanceId, profile)
+		nf, resTmp, err := client.NFInstanceIDDocumentApi.RegisterNFInstance(ctx, nfInstanceId, profile)
 		if err != nil || resTmp == nil {
 			logger.ConsumerLog.Errorf("AUSF register to NRF Error[%v]", err)
 			time.Sleep(2 * time.Second)

diff --git a/internal/sbi/producer/functions.go b/internal/sbi/producer/functions.go
@@ -372,7 +372,13 @@ func sendAuthResultToUDM(id string, authType models.AuthType, success bool, serv
 	authEvent.NfInstanceId = self.GetSelfID()
 
 	client := createClientToUdmUeau(udmUrl)
-	_, rsp, confirmAuthErr := client.ConfirmAuthApi.ConfirmAuth(context.Background(), id, authEvent)
+
+	ctx, _, err := ausf_context.GetSelf().GetTokenCtx("nudm-ueau", models.NfType_UDM)
+	if err != nil {
+		return err
+	}
+
+	_, rsp, confirmAuthErr := client.ConfirmAuthApi.ConfirmAuth(ctx, id, authEvent)
 	defer func() {
 		if rspCloseErr := rsp.Body.Close(); rspCloseErr != nil {
 			logger.ConsumerLog.Errorf("ConfirmAuth Response cannot close: %v", rspCloseErr)

diff --git a/internal/sbi/producer/ue_authentication.go b/internal/sbi/producer/ue_authentication.go
@@ -124,7 +124,13 @@ func UeAuthPostRequestProcedure(updateAuthenticationInfo models.AuthenticationIn
 
 	udmUrl := getUdmUrl(self.NrfUri)
 	client := createClientToUdmUeau(udmUrl)
-	authInfoResult, rsp, err := client.GenerateAuthDataApi.GenerateAuthData(context.Background(), supiOrSuci, authInfoReq)
+
+	ctx, _, err := ausf_context.GetSelf().GetTokenCtx("nudm-ueau", models.NfType_UDM)
+	if err != nil {
+		return nil, "", nil
+	}
+
+	authInfoResult, rsp, err := client.GenerateAuthDataApi.GenerateAuthData(ctx, supiOrSuci, authInfoReq)
 	if err != nil {
 		logger.UeAuthLog.Infoln(err.Error())
 		var problemDetails models.ProblemDetails

diff --git a/internal/sbi/sorprotection/routers.go b/internal/sbi/sorprotection/routers.go
@@ -12,14 +12,19 @@ package sorprotection
 import (
 	"net/http"
 	"strings"
-
+	
 	"github.com/gin-gonic/gin"
 
+	ausf_context "github.com/free5gc/ausf/internal/context"
 	"github.com/free5gc/ausf/internal/logger"
+	"github.com/free5gc/ausf/internal/util"
 	"github.com/free5gc/ausf/pkg/factory"
+	"github.com/free5gc/openapi/models"
 	logger_util "github.com/free5gc/util/logger"
 )
 
+const serviceName string = string(models.ServiceName_NAUSF_SORPROTECTION)
+
 // Route is the information for every URI.
 type Route struct {
 	// Name is the name of this Route.
@@ -45,6 +50,11 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AusfSorprotectionResUriPrefix)
 
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(serviceName)
+	group.Use(func(c *gin.Context) {
+		routerAuthorizationCheck.Check(c, ausf_context.GetSelf())
+	})
+
 	for _, route := range routes {
 		switch route.Method {
 		case "GET":

diff --git a/internal/sbi/ueauthentication/routers.go b/internal/sbi/ueauthentication/routers.go
@@ -15,11 +15,16 @@ import (
 
 	"github.com/gin-gonic/gin"
 
+	ausf_context "github.com/free5gc/ausf/internal/context"
 	"github.com/free5gc/ausf/internal/logger"
+	"github.com/free5gc/ausf/internal/util"
 	"github.com/free5gc/ausf/pkg/factory"
+	"github.com/free5gc/openapi/models"
 	logger_util "github.com/free5gc/util/logger"
 )
 
+const serviceName string = string(models.ServiceName_NAUSF_AUTH)
+
 // Route is the information for every URI.
 type Route struct {
 	// Name is the name of this Route.
@@ -45,6 +50,11 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AusfAuthResUriPrefix)
 
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(serviceName)
+	group.Use(func(c *gin.Context) {
+		routerAuthorizationCheck.Check(c, ausf_context.GetSelf())
+	})
+
 	for _, route := range routes {
 		switch route.Method {
 		case "GET":

diff --git a/internal/sbi/upuprotection/routers.go b/internal/sbi/upuprotection/routers.go
@@ -15,11 +15,16 @@ import (
 
 	"github.com/gin-gonic/gin"
 
+	ausf_context "github.com/free5gc/ausf/internal/context"
 	"github.com/free5gc/ausf/internal/logger"
+	"github.com/free5gc/ausf/internal/util"
 	"github.com/free5gc/ausf/pkg/factory"
+	"github.com/free5gc/openapi/models"
 	logger_util "github.com/free5gc/util/logger"
 )
 
+const serviceName string = string(models.ServiceName_NAUSF_UPUPROTECTION)
+
 // Route is the information for every URI.
 type Route struct {
 	// Name is the name of this Route.
@@ -45,6 +50,11 @@ func NewRouter() *gin.Engine {
 func AddService(engine *gin.Engine) *gin.RouterGroup {
 	group := engine.Group(factory.AusfAuthResUriPrefix)
 
+	routerAuthorizationCheck := util.NewRouterAuthorizationCheck(serviceName)
+	group.Use(func(c *gin.Context) {
+		routerAuthorizationCheck.Check(c, ausf_context.GetSelf())
+	})
+
 	for _, route := range routes {
 		switch route.Method {
 		case "GET":

diff --git a/internal/util/router_auth_check.go b/internal/util/router_auth_check.go
@@ -0,0 +1,33 @@
+package util
+
+import (
+	"net/http"
+
+	"github.com/gin-gonic/gin"
+
+ausf_context "github.com/free5gc/ausf/internal/context"
+	"github.com/free5gc/ausf/internal/logger"
+)
+
+type RouterAuthorizationCheck struct {
+	serviceName string
+}
+
+func NewRouterAuthorizationCheck(serviceName string) *RouterAuthorizationCheck {
+	return &RouterAuthorizationCheck{
+		serviceName: serviceName,
+	}
+}
+
+func (rac *RouterAuthorizationCheck) Check(c *gin.Context, ausfContext ausf_context.NFContext) {
+	token := c.Request.Header.Get("Authorization")
+	err := ausfContext.AuthorizationCheck(token, rac.serviceName)
+	if err != nil {
+		logger.UtilLog.Debugf("RouterAuthorizationCheck: Check Unauthorized: %s", err.Error())
+		c.JSON(http.StatusUnauthorized, gin.H{"error": err.Error()})
+		c.Abort()
+		return
+	}
+
+	logger.UtilLog.Debugf("RouterAuthorizationCheck: Check Authorized")
+}
diff --git a/internal/util/router_auth_check_test.go b/internal/util/router_auth_check_test.go
@@ -0,0 +1,91 @@
+package util
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/gin-gonic/gin"
+	"github.com/pkg/errors"
+)
+
+const (
+	Valid   = "valid"
+	Invalid = "invalid"
+)
+
+type mockAUSFContext struct{}
+
+func newMockAUSFContext() *mockAUSFContext {
+	return &mockAUSFContext{}
+}
+
+func (m *mockAUSFContext) AuthorizationCheck(token string, serviceName string) error {
+	if token == Valid {
+		return nil
+	}
+
+	return errors.New("invalid token")
+}
+
+func TestRouterAuthorizationCheck_Check(t *testing.T) {
+	// Mock gin.Context
+	w := httptest.NewRecorder()
+	c, _ := gin.CreateTestContext(w)
+
+	var err error
+	c.Request, err = http.NewRequest("GET", "/", nil)
+	if err != nil {
+		t.Errorf("error on http request: %+v", err)
+	}
+
+	type Args struct {
+		token string
+	}
+	type Want struct {
+		statusCode int
+	}
+
+	tests := []struct {
+		name string
+		args Args
+		want Want
+	}{
+		{
+			name: "Valid Token",
+			args: Args{
+				token: Valid,
+			},
+			want: Want{
+				statusCode: http.StatusOK,
+			},
+		},
+		{
+			name: "Invalid Token",
+			args: Args{
+				token: Invalid,
+			},
+			want: Want{
+				statusCode: http.StatusUnauthorized,
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			w = httptest.NewRecorder()
+			c, _ = gin.CreateTestContext(w)
+			c.Request, err = http.NewRequest("GET", "/", nil)
+			if err != nil {
+				t.Errorf("error on http request: %+v", err)
+			}
+			c.Request.Header.Set("Authorization", tt.args.token)
+
+			rac := NewRouterAuthorizationCheck("testService")
+			rac.Check(c, newMockAUSFContext())
+			if w.Code != tt.want.statusCode {
+				t.Errorf("StatusCode should be %d, but got %d", tt.want.statusCode, w.Code)
+			}
+		})
+	}
+}