diff --git a/internal/context/context.go b/internal/context/context.go index b098043..3b1763b 100644 --- a/internal/context/context.go +++ b/internal/context/context.go @@ -186,3 +186,14 @@ func (c *UDRContext) GetTokenCtx(scope, targetNF string) ( return oauth.GetTokenCtx(models.NfType_UDR, c.NfId, c.NrfUri, scope, targetNF) } + +func (context *UDRContext) AuthorizationCheck(token, serviceName string) error { + if !context.OAuth2Required { + return nil + } + err := oauth.VerifyOAuth(token, serviceName, context.NrfCertPem) + if err != nil { + return err + } + return nil +} diff --git a/internal/sbi/datarepository/api_access_and_mobility_subscription_data_document.go b/internal/sbi/datarepository/api_access_and_mobility_subscription_data_document.go index 243bad7..eac4cf4 100644 --- a/internal/sbi/datarepository/api_access_and_mobility_subscription_data_document.go +++ b/internal/sbi/datarepository/api_access_and_mobility_subscription_data_document.go @@ -23,6 +23,12 @@ import ( // HTTPQueryAmData - Retrieves the access and mobility subscription data of a UE func HTTPQueryAmData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId") diff --git a/internal/sbi/datarepository/api_amf3_gpp_access_registration_document.go b/internal/sbi/datarepository/api_amf3_gpp_access_registration_document.go index 29ce877..368d294 100644 --- a/internal/sbi/datarepository/api_amf3_gpp_access_registration_document.go +++ b/internal/sbi/datarepository/api_amf3_gpp_access_registration_document.go @@ -23,6 +23,12 @@ import ( // HTTPAmfContext3gpp - To modify the AMF context data of a UE using 3gpp access in the UDR func HTTPAmfContext3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var patchItemArray []models.PatchItem requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPAmfContext3gpp(c *gin.Context) { // HTTPCreateAmfContext3gpp - To store the AMF context data of a UE using 3gpp access in the UDR func HTTPCreateAmfContext3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var amf3GppAccessRegistration models.Amf3GppAccessRegistration requestBody, err := c.GetRawData() @@ -121,6 +133,12 @@ func HTTPCreateAmfContext3gpp(c *gin.Context) { // HTTPQueryAmfContext3gpp - Retrieves the AMF context data of a UE using 3gpp access func HTTPQueryAmfContext3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_amf_non3_gpp_access_registration_document.go b/internal/sbi/datarepository/api_amf_non3_gpp_access_registration_document.go index 38d60c6..12c2326 100644 --- a/internal/sbi/datarepository/api_amf_non3_gpp_access_registration_document.go +++ b/internal/sbi/datarepository/api_amf_non3_gpp_access_registration_document.go @@ -23,6 +23,12 @@ import ( // HTTPAmfContextNon3gpp - To modify the AMF context data of a UE using non 3gpp access in the UDR func HTTPAmfContextNon3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var patchItemArray []models.PatchItem requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPAmfContextNon3gpp(c *gin.Context) { // HTTPCreateAmfContextNon3gpp - To store the AMF context data of a UE using non-3gpp access in the UDR func HTTPCreateAmfContextNon3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var amfNon3GppAccessRegistration models.AmfNon3GppAccessRegistration requestBody, err := c.GetRawData() @@ -121,6 +133,12 @@ func HTTPCreateAmfContextNon3gpp(c *gin.Context) { // HTTPQueryAmfContextNon3gpp - Retrieves the AMF context data of a UE using non-3gpp access func HTTPQueryAmfContextNon3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_amf_subscription_info_document.go b/internal/sbi/datarepository/api_amf_subscription_info_document.go index 4cf986e..e5933c9 100644 --- a/internal/sbi/datarepository/api_amf_subscription_info_document.go +++ b/internal/sbi/datarepository/api_amf_subscription_info_document.go @@ -23,6 +23,12 @@ import ( // HTTPModifyAmfSubscriptionInfo - modify the AMF Subscription Info func HTTPModifyAmfSubscriptionInfo(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var patchItemArray []models.PatchItem requestBody, err := c.GetRawData() diff --git a/internal/sbi/datarepository/api_authentication_data_document.go b/internal/sbi/datarepository/api_authentication_data_document.go index 4fca7b1..04c2a2f 100644 --- a/internal/sbi/datarepository/api_authentication_data_document.go +++ b/internal/sbi/datarepository/api_authentication_data_document.go @@ -23,6 +23,12 @@ import ( // HTTPModifyAuthentication - modify the authentication subscription data of a UE func HTTPModifyAuthentication(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var patchItemArray []models.PatchItem requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPModifyAuthentication(c *gin.Context) { // HTTPQueryAuthSubsData - Retrieves the authentication subscription data of a UE func HTTPQueryAuthSubsData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_authentication_so_r_document.go b/internal/sbi/datarepository/api_authentication_so_r_document.go index 2467484..0d771e8 100644 --- a/internal/sbi/datarepository/api_authentication_so_r_document.go +++ b/internal/sbi/datarepository/api_authentication_so_r_document.go @@ -23,6 +23,12 @@ import ( // HTTPCreateAuthenticationSoR - To store the SoR acknowledgement information of a UE func HTTPCreateAuthenticationSoR(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var sorData models.SorData requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPCreateAuthenticationSoR(c *gin.Context) { // HTTPQueryAuthSoR - Retrieves the SoR acknowledgement information of a UE func HTTPQueryAuthSoR(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_authentication_status_document.go b/internal/sbi/datarepository/api_authentication_status_document.go index 53d708e..c15fc69 100644 --- a/internal/sbi/datarepository/api_authentication_status_document.go +++ b/internal/sbi/datarepository/api_authentication_status_document.go @@ -23,6 +23,12 @@ import ( // HTTPCreateAuthenticationStatus - To store the Authentication Status data of a UE func HTTPCreateAuthenticationStatus(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var authEvent models.AuthEvent requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPCreateAuthenticationStatus(c *gin.Context) { // HTTPQueryAuthenticationStatus - Retrieves the Authentication Status of a UE func HTTPQueryAuthenticationStatus(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_default.go b/internal/sbi/datarepository/api_default.go index a187d67..a536667 100644 --- a/internal/sbi/datarepository/api_default.go +++ b/internal/sbi/datarepository/api_default.go @@ -58,18 +58,36 @@ func getDataFromRequestBody(c *gin.Context, data interface{}) error { // HTTPApplicationDataPfdsAppIdDelete - func HTTPApplicationDataPfdsAppIdDelete(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + rsp := producer.HandleApplicationDataPfdsAppIdDelete(c.Params.ByName("appId")) sendResponse(c, rsp) } // HTTPApplicationDataPfdsAppIdGet - func HTTPApplicationDataPfdsAppIdGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + rsp := producer.HandleApplicationDataPfdsAppIdGet(c.Params.ByName("appId")) sendResponse(c, rsp) } // HTTPApplicationDataPfdsAppIdPut - func HTTPApplicationDataPfdsAppIdPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var pfdDataforApp models.PfdDataForApp if err := getDataFromRequestBody(c, &pfdDataforApp); err != nil { @@ -83,6 +101,12 @@ func HTTPApplicationDataPfdsAppIdPut(c *gin.Context) { // HTTPApplicationDataPfdsGet - func HTTPApplicationDataPfdsGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + query := c.Request.URL.Query() rsp := producer.HandleApplicationDataPfdsGet(query["appId"]) sendResponse(c, rsp) @@ -105,6 +129,12 @@ func HTTPExposureDataSubsToNotifySubIdPut(c *gin.Context) { // HTTPPolicyDataBdtDataBdtReferenceIdDelete - func HTTPPolicyDataBdtDataBdtReferenceIdDelete(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["bdtReferenceId"] = c.Params.ByName("bdtReferenceId") @@ -115,6 +145,12 @@ func HTTPPolicyDataBdtDataBdtReferenceIdDelete(c *gin.Context) { // HTTPPolicyDataBdtDataBdtReferenceIdGet - func HTTPPolicyDataBdtDataBdtReferenceIdGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["bdtReferenceId"] = c.Params.ByName("bdtReferenceId") @@ -125,6 +161,12 @@ func HTTPPolicyDataBdtDataBdtReferenceIdGet(c *gin.Context) { // HTTPPolicyDataBdtDataBdtReferenceIdPut - func HTTPPolicyDataBdtDataBdtReferenceIdPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var bdtData models.BdtData if err := getDataFromRequestBody(c, &bdtData); err != nil { @@ -141,6 +183,12 @@ func HTTPPolicyDataBdtDataBdtReferenceIdPut(c *gin.Context) { // HTTPPolicyDataBdtDataGet - func HTTPPolicyDataBdtDataGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) rsp := producer.HandlePolicyDataBdtDataGet(req) @@ -150,6 +198,12 @@ func HTTPPolicyDataBdtDataGet(c *gin.Context) { // HTTPPolicyDataPlmnsPlmnIdUePolicySetGet - func HTTPPolicyDataPlmnsPlmnIdUePolicySetGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["plmnId"] = c.Params.ByName("plmnId") @@ -160,6 +214,12 @@ func HTTPPolicyDataPlmnsPlmnIdUePolicySetGet(c *gin.Context) { // HTTPPolicyDataSponsorConnectivityDataSponsorIdGet - func HTTPPolicyDataSponsorConnectivityDataSponsorIdGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["sponsorId"] = c.Params.ByName("sponsorId") @@ -170,6 +230,12 @@ func HTTPPolicyDataSponsorConnectivityDataSponsorIdGet(c *gin.Context) { // HTTPPolicyDataSubsToNotifyPost - func HTTPPolicyDataSubsToNotifyPost(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var policyDataSubscription models.PolicyDataSubscription if err := getDataFromRequestBody(c, &policyDataSubscription); err != nil { @@ -190,6 +256,12 @@ func HTTPPolicyDataSubsToNotifyPost(c *gin.Context) { // HTTPPolicyDataSubsToNotifySubsIdDelete - func HTTPPolicyDataSubsToNotifySubsIdDelete(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["subsId"] = c.Params.ByName("subsId") @@ -200,6 +272,12 @@ func HTTPPolicyDataSubsToNotifySubsIdDelete(c *gin.Context) { // HTTPPolicyDataSubsToNotifySubsIdPut - func HTTPPolicyDataSubsToNotifySubsIdPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var policyDataSubscription models.PolicyDataSubscription if err := getDataFromRequestBody(c, &policyDataSubscription); err != nil { @@ -216,6 +294,12 @@ func HTTPPolicyDataSubsToNotifySubsIdPut(c *gin.Context) { // HTTPPolicyDataUesUeIdAmDataGet - func HTTPPolicyDataUesUeIdAmDataGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") @@ -226,6 +310,12 @@ func HTTPPolicyDataUesUeIdAmDataGet(c *gin.Context) { // HTTPPolicyDataUesUeIdOperatorSpecificDataGet - func HTTPPolicyDataUesUeIdOperatorSpecificDataGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") @@ -236,6 +326,12 @@ func HTTPPolicyDataUesUeIdOperatorSpecificDataGet(c *gin.Context) { // HTTPPolicyDataUesUeIdOperatorSpecificDataPatch - Need to be fixed func HTTPPolicyDataUesUeIdOperatorSpecificDataPatch(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var patchItemArray []models.PatchItem if err := getDataFromRequestBody(c, &patchItemArray); err != nil { @@ -252,6 +348,12 @@ func HTTPPolicyDataUesUeIdOperatorSpecificDataPatch(c *gin.Context) { // HTTPPolicyDataUesUeIdOperatorSpecificDataPut - func HTTPPolicyDataUesUeIdOperatorSpecificDataPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var operatorSpecificDataContainerMap map[string]models.OperatorSpecificDataContainer if err := getDataFromRequestBody(c, &operatorSpecificDataContainerMap); err != nil { @@ -268,6 +370,12 @@ func HTTPPolicyDataUesUeIdOperatorSpecificDataPut(c *gin.Context) { // HTTPPolicyDataUesUeIdSmDataGet - func HTTPPolicyDataUesUeIdSmDataGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") @@ -278,6 +386,12 @@ func HTTPPolicyDataUesUeIdSmDataGet(c *gin.Context) { // HTTPPolicyDataUesUeIdSmDataPatch - Need to be fixed func HTTPPolicyDataUesUeIdSmDataPatch(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var usageMonDataMap map[string]models.UsageMonData if err := getDataFromRequestBody(c, &usageMonDataMap); err != nil { @@ -294,6 +408,12 @@ func HTTPPolicyDataUesUeIdSmDataPatch(c *gin.Context) { // HTTPPolicyDataUesUeIdSmDataUsageMonIdDelete - func HTTPPolicyDataUesUeIdSmDataUsageMonIdDelete(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["usageMonId"] = c.Params.ByName("usageMonId") @@ -305,6 +425,12 @@ func HTTPPolicyDataUesUeIdSmDataUsageMonIdDelete(c *gin.Context) { // HTTPPolicyDataUesUeIdSmDataUsageMonIdGet - func HTTPPolicyDataUesUeIdSmDataUsageMonIdGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["usageMonId"] = c.Params.ByName("usageMonId") @@ -316,6 +442,12 @@ func HTTPPolicyDataUesUeIdSmDataUsageMonIdGet(c *gin.Context) { // HTTPPolicyDataUesUeIdSmDataUsageMonIdPut - func HTTPPolicyDataUesUeIdSmDataUsageMonIdPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var usageMonData models.UsageMonData if err := getDataFromRequestBody(c, &usageMonData); err != nil { @@ -333,6 +465,12 @@ func HTTPPolicyDataUesUeIdSmDataUsageMonIdPut(c *gin.Context) { // HTTPPolicyDataUesUeIdUePolicySetGet - func HTTPPolicyDataUesUeIdUePolicySetGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") @@ -343,6 +481,12 @@ func HTTPPolicyDataUesUeIdUePolicySetGet(c *gin.Context) { // HTTPPolicyDataUesUeIdUePolicySetPatch - func HTTPPolicyDataUesUeIdUePolicySetPatch(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var uePolicySet models.UePolicySet if err := getDataFromRequestBody(c, &uePolicySet); err != nil { @@ -359,6 +503,12 @@ func HTTPPolicyDataUesUeIdUePolicySetPatch(c *gin.Context) { // HTTPPolicyDataUesUeIdUePolicySetPut - func HTTPPolicyDataUesUeIdUePolicySetPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var uePolicySet models.UePolicySet if err := getDataFromRequestBody(c, &uePolicySet); err != nil { diff --git a/internal/sbi/datarepository/api_event_amf_subscription_info_document.go b/internal/sbi/datarepository/api_event_amf_subscription_info_document.go index 75c1d2f..cafc881 100644 --- a/internal/sbi/datarepository/api_event_amf_subscription_info_document.go +++ b/internal/sbi/datarepository/api_event_amf_subscription_info_document.go @@ -23,6 +23,12 @@ import ( // HTTPCreateAMFSubscriptions - Creates AMF Subscription Info for an eeSubscription func HTTPCreateAMFSubscriptions(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var amfSubscriptionInfoArray []models.AmfSubscriptionInfo requestBody, err := c.GetRawData() @@ -73,6 +79,12 @@ func HTTPCreateAMFSubscriptions(c *gin.Context) { // HTTPRemoveAmfSubscriptionsInfo - Deletes AMF Subscription Info for an eeSubscription func HTTPRemoveAmfSubscriptionsInfo(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["subsId"] = c.Params.ByName("subsId") diff --git a/internal/sbi/datarepository/api_individual_influence_data_subscription_document.go b/internal/sbi/datarepository/api_individual_influence_data_subscription_document.go index 4235d61..2e25950 100644 --- a/internal/sbi/datarepository/api_individual_influence_data_subscription_document.go +++ b/internal/sbi/datarepository/api_individual_influence_data_subscription_document.go @@ -23,6 +23,12 @@ import ( // HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdDelete - func HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdDelete(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + // New HTTP request req := httpwrapper.NewRequest(c.Request, nil) req.Params["subscriptionId"] = c.Params.ByName("subscriptionId") @@ -51,6 +57,12 @@ func HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdDelete(c *gin.Con // HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdGet - func HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + // New HTTP request req := httpwrapper.NewRequest(c.Request, nil) req.Params["subscriptionId"] = c.Params.ByName("subscriptionId") @@ -75,6 +87,12 @@ func HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdGet(c *gin.Contex // HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdPut - func HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + // Get HTTP request body requestBody, err := c.GetRawData() if err != nil { diff --git a/internal/sbi/datarepository/api_influence_data.go b/internal/sbi/datarepository/api_influence_data.go index bc27e10..40e2b66 100644 --- a/internal/sbi/datarepository/api_influence_data.go +++ b/internal/sbi/datarepository/api_influence_data.go @@ -23,6 +23,12 @@ import ( // HTTPApplicationDataInfluenceDataGet - func HTTPApplicationDataInfluenceDataGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Query["influence-Ids"] = c.QueryArray("influence-Ids") req.Query["dnns"] = c.QueryArray("dnns") diff --git a/internal/sbi/datarepository/api_provisioned_data_document.go b/internal/sbi/datarepository/api_provisioned_data_document.go index 881569b..19f666a 100644 --- a/internal/sbi/datarepository/api_provisioned_data_document.go +++ b/internal/sbi/datarepository/api_provisioned_data_document.go @@ -23,6 +23,12 @@ import ( // HTTPQueryProvisionedData - Retrieve multiple provisioned data sets of a UE func HTTPQueryProvisionedData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId") diff --git a/internal/sbi/datarepository/api_query_amf_subscription_info_document.go b/internal/sbi/datarepository/api_query_amf_subscription_info_document.go index cd81f4c..d03b854 100644 --- a/internal/sbi/datarepository/api_query_amf_subscription_info_document.go +++ b/internal/sbi/datarepository/api_query_amf_subscription_info_document.go @@ -23,6 +23,12 @@ import ( // HTTPGetAmfSubscriptionInfo - Retrieve AMF subscription Info func HTTPGetAmfSubscriptionInfo(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["subsId"] = c.Params.ByName("subsId") diff --git a/internal/sbi/datarepository/api_sdm_subscription_document.go b/internal/sbi/datarepository/api_sdm_subscription_document.go index 26347c6..147db1e 100644 --- a/internal/sbi/datarepository/api_sdm_subscription_document.go +++ b/internal/sbi/datarepository/api_sdm_subscription_document.go @@ -23,6 +23,12 @@ import ( // HTTPRemovesdmSubscriptions - Deletes a sdmsubscriptions func HTTPRemovesdmSubscriptions(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["subsId"] = c.Params.ByName("subsId") @@ -45,6 +51,12 @@ func HTTPRemovesdmSubscriptions(c *gin.Context) { // HTTPUpdatesdmsubscriptions - Stores an individual sdm subscriptions of a UE func HTTPUpdatesdmsubscriptions(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var sdmSubscription models.SdmSubscription requestBody, err := c.GetRawData() diff --git a/internal/sbi/datarepository/api_sdm_subscriptions_collection.go b/internal/sbi/datarepository/api_sdm_subscriptions_collection.go index 3196fe2..d6fa03b 100644 --- a/internal/sbi/datarepository/api_sdm_subscriptions_collection.go +++ b/internal/sbi/datarepository/api_sdm_subscriptions_collection.go @@ -23,6 +23,12 @@ import ( // HTTPCreateSdmSubscriptions - Create individual sdm subscription func HTTPCreateSdmSubscriptions(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var sdmSubscription models.SdmSubscription requestBody, err := c.GetRawData() @@ -75,6 +81,12 @@ func HTTPCreateSdmSubscriptions(c *gin.Context) { // HTTPQuerysdmsubscriptions - Retrieves the sdm subscriptions of a UE func HTTPQuerysdmsubscriptions(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_session_management_subscription_data.go b/internal/sbi/datarepository/api_session_management_subscription_data.go index 624bfdf..5bef2a7 100644 --- a/internal/sbi/datarepository/api_session_management_subscription_data.go +++ b/internal/sbi/datarepository/api_session_management_subscription_data.go @@ -23,6 +23,12 @@ import ( // HTTPQuerySmData - Retrieves the Session Management subscription data of a UE func HTTPQuerySmData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId") diff --git a/internal/sbi/datarepository/api_smf_registration_document.go b/internal/sbi/datarepository/api_smf_registration_document.go index 5bb269d..7187986 100644 --- a/internal/sbi/datarepository/api_smf_registration_document.go +++ b/internal/sbi/datarepository/api_smf_registration_document.go @@ -23,6 +23,12 @@ import ( // HTTPCreateSmfContextNon3gpp - To create an individual SMF context data of a UE in the UDR func HTTPCreateSmfContextNon3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var smfRegistration models.SmfRegistration requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPCreateSmfContextNon3gpp(c *gin.Context) { // HTTPDeleteSmfContext - To remove an individual SMF context data of a UE the UDR func HTTPDeleteSmfContext(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["pduSessionId"] = c.Params.ByName("pduSessionId") @@ -94,6 +106,12 @@ func HTTPDeleteSmfContext(c *gin.Context) { // HTTPQuerySmfRegistration - Retrieves the individual SMF registration of a UE func HTTPQuerySmfRegistration(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["pduSessionId"] = c.Params.ByName("pduSessionId") diff --git a/internal/sbi/datarepository/api_smf_registrations_collection.go b/internal/sbi/datarepository/api_smf_registrations_collection.go index ca2cec6..6d7b8e2 100644 --- a/internal/sbi/datarepository/api_smf_registrations_collection.go +++ b/internal/sbi/datarepository/api_smf_registrations_collection.go @@ -23,6 +23,12 @@ import ( // HTTPQuerySmfRegList - Retrieves the SMF registration list of a UE func HTTPQuerySmfRegList(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_smf_selection_subscription_data_document.go b/internal/sbi/datarepository/api_smf_selection_subscription_data_document.go index f643ca1..5fd29f2 100644 --- a/internal/sbi/datarepository/api_smf_selection_subscription_data_document.go +++ b/internal/sbi/datarepository/api_smf_selection_subscription_data_document.go @@ -23,6 +23,12 @@ import ( // HTTPQuerySmfSelectData - Retrieves the SMF selection subscription data of a UE func HTTPQuerySmfSelectData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId") diff --git a/internal/sbi/datarepository/api_sms_management_subscription_data_document.go b/internal/sbi/datarepository/api_sms_management_subscription_data_document.go index 8476038..d210c24 100644 --- a/internal/sbi/datarepository/api_sms_management_subscription_data_document.go +++ b/internal/sbi/datarepository/api_sms_management_subscription_data_document.go @@ -23,6 +23,12 @@ import ( // HTTPQuerySmsMngData - Retrieves the SMS management subscription data of a UE func HTTPQuerySmsMngData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId") diff --git a/internal/sbi/datarepository/api_sms_subscription_data_document.go b/internal/sbi/datarepository/api_sms_subscription_data_document.go index 9355c05..644bc06 100644 --- a/internal/sbi/datarepository/api_sms_subscription_data_document.go +++ b/internal/sbi/datarepository/api_sms_subscription_data_document.go @@ -23,6 +23,12 @@ import ( // HTTPQuerySmsData - Retrieves the SMS subscription data of a UE func HTTPQuerySmsData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId") diff --git a/internal/sbi/datarepository/api_smsf3_gpp_registration_document.go b/internal/sbi/datarepository/api_smsf3_gpp_registration_document.go index 52356b1..761f38a 100644 --- a/internal/sbi/datarepository/api_smsf3_gpp_registration_document.go +++ b/internal/sbi/datarepository/api_smsf3_gpp_registration_document.go @@ -23,6 +23,12 @@ import ( // HTTPCreateSmsfContext3gpp - Create the SMSF context data of a UE via 3GPP access func HTTPCreateSmsfContext3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var smsfRegistration models.SmsfRegistration requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPCreateSmsfContext3gpp(c *gin.Context) { // HTTPDeleteSmsfContext3gpp - To remove the SMSF context data of a UE via 3GPP access func HTTPDeleteSmsfContext3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") @@ -93,6 +105,12 @@ func HTTPDeleteSmsfContext3gpp(c *gin.Context) { // HTTPQuerySmsfContext3gpp - Retrieves the SMSF context data of a UE using 3gpp access func HTTPQuerySmsfContext3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_smsf_non3_gpp_registration_document.go b/internal/sbi/datarepository/api_smsf_non3_gpp_registration_document.go index 76b5df2..d874dc6 100644 --- a/internal/sbi/datarepository/api_smsf_non3_gpp_registration_document.go +++ b/internal/sbi/datarepository/api_smsf_non3_gpp_registration_document.go @@ -23,6 +23,12 @@ import ( // HTTPCreateSmsfContextNon3gpp - Create the SMSF context data of a UE via non-3GPP access func HTTPCreateSmsfContextNon3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + var smsfRegistration models.SmsfRegistration requestBody, err := c.GetRawData() @@ -72,6 +78,12 @@ func HTTPCreateSmsfContextNon3gpp(c *gin.Context) { // HTTPDeleteSmsfContextNon3gpp - To remove the SMSF context data of a UE via non-3GPP access func HTTPDeleteSmsfContextNon3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") @@ -93,6 +105,12 @@ func HTTPDeleteSmsfContextNon3gpp(c *gin.Context) { // HTTPQuerySmsfContextNon3gpp - Retrieves the SMSF context data of a UE using non-3gpp access func HTTPQuerySmsfContextNon3gpp(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") diff --git a/internal/sbi/datarepository/api_trace_data_document.go b/internal/sbi/datarepository/api_trace_data_document.go index 5eb2174..513c140 100644 --- a/internal/sbi/datarepository/api_trace_data_document.go +++ b/internal/sbi/datarepository/api_trace_data_document.go @@ -23,6 +23,12 @@ import ( // HTTPQueryTraceData - Retrieves the trace configuration data of a UE func HTTPQueryTraceData(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + req := httpwrapper.NewRequest(c.Request, nil) req.Params["ueId"] = c.Params.ByName("ueId") req.Params["servingPlmnId"] = c.Params.ByName("servingPlmnId") diff --git a/internal/sbi/datarepository/routers.go b/internal/sbi/datarepository/routers.go index 645e601..febc7aa 100644 --- a/internal/sbi/datarepository/routers.go +++ b/internal/sbi/datarepository/routers.go @@ -15,6 +15,7 @@ import ( "github.com/gin-gonic/gin" + udr_context "github.com/free5gc/udr/internal/context" "github.com/free5gc/udr/internal/logger" "github.com/free5gc/udr/pkg/factory" logger_util "github.com/free5gc/util/logger" @@ -43,6 +44,12 @@ func NewRouter() *gin.Engine { } func subMsgShortDispatchHandlerFunc(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + op := c.Param("ueId") for _, route := range subShortRoutes { if strings.Contains(route.Pattern, op) && route.Method == c.Request.Method { @@ -54,6 +61,12 @@ func subMsgShortDispatchHandlerFunc(c *gin.Context) { } func subMsgDispatchHandlerFunc(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + op := c.Param("servingPlmnId") subsToNotify := c.Param("ueId") for _, route := range subRoutes { @@ -74,6 +87,12 @@ func subMsgDispatchHandlerFunc(c *gin.Context) { } func eeMsgShortDispatchHandlerFunc(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + groupData := c.Param("ueId") contextData := c.Param("servingPlmnId") for _, route := range eeShortRoutes { @@ -91,6 +110,12 @@ func eeMsgShortDispatchHandlerFunc(c *gin.Context) { } func eeMsgDispatchHandlerFunc(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + groupData := c.Param("ueId") contextData := c.Param("servingPlmnId") for _, route := range eeRoutes { @@ -108,6 +133,12 @@ func eeMsgDispatchHandlerFunc(c *gin.Context) { } func appMsgDispatchHandlerFunc(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + subsToNotify := c.Param("influenceId") for _, route := range appRoutes { if subsToNotify == "subs-to-notify" && @@ -127,6 +158,12 @@ func appMsgDispatchHandlerFunc(c *gin.Context) { } func expoMsgDispatchHandlerFunc(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + subsToNotify := c.Param("ueId") op := c.Param("subId") for _, route := range expoRoutes { @@ -199,6 +236,12 @@ func Index(c *gin.Context) { // HandleAppDataInfluDataSubsToNotifyConflictDelete filters invalid requested resource on subs-to-notify DELETE func HandleAppDataInfluDataSubsToNotifyConflictDelete(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + influenceId := c.Param("influenceId") if influenceId == "subs-to-notify" { HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdDelete(c) @@ -209,6 +252,12 @@ func HandleAppDataInfluDataSubsToNotifyConflictDelete(c *gin.Context) { // HandleAppDataInfluDataSubsToNotifyConflictGet filters invalid requested resource on subs-to-notify GET func HandleAppDataInfluDataSubsToNotifyConflictGet(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + influenceId := c.Param("influenceId") if influenceId == "subs-to-notify" { HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdGet(c) @@ -219,6 +268,12 @@ func HandleAppDataInfluDataSubsToNotifyConflictGet(c *gin.Context) { // HandleAppDataInfluDataSubsToNotifyConflictPut filters invalid requested resource on subs-to-notify PUT func HandleAppDataInfluDataSubsToNotifyConflictPut(c *gin.Context) { + auth_err := authorizationCheck(c) + if auth_err != nil { + c.JSON(http.StatusUnauthorized, gin.H{"error": auth_err.Error()}) + return + } + influenceId := c.Param("influenceId") if influenceId == "subs-to-notify" { HTTPApplicationDataInfluenceDataSubsToNotifySubscriptionIdPut(c) @@ -227,6 +282,11 @@ func HandleAppDataInfluDataSubsToNotifyConflictPut(c *gin.Context) { c.String(http.StatusNotFound, "404 page not found") } +func authorizationCheck(c *gin.Context) error { + token := c.Request.Header.Get("Authorization") + return udr_context.GetSelf().AuthorizationCheck(token, "nudr-dr") +} + var routes = Routes{ { "Index",