futu_backend/auth/commconfig/

mod.rs

//! auth/commconfig — 拆 commconfig.rs 1123 → commconfig/{mod, 5 子}.rs
//! (v1.4.110 CC Batch M)
//!
//! C++ `PullCommonConfigV2()` 对齐：动态拉取后台 IP 池 + 配置, 比 DNS / 硬编码
//! 更权威 (`guaranteed_ip_for_conn` 按 ConnIdentity 分组).
//!
//! 子模块:
//! - `types`      : 6 type alias + 9 const (CONN_WEB_*) + 2 struct (ForcedIpEntry, CommonConfigSnapshot)
//! - `totp`       : base32_decode + gen_totp_sha1 (Google Authenticator 风格 6 digit)
//! - `parsers`    : api_root + fetch_page + 4 parse_* + value_kind + is_*_identity
//! - `fetch`      : fetch_all (主入口) + SharedCommConfig + empty_snapshot + spawn_refresher
//! - `accessors`  : forced_ip_for_attribution + 3 ips_for_* + webtcp_hardcoded_addrs + 3 identity 派生
//! - `tests`      : 单元测试 (内容不变, 已 split sibling)
//!
//! Parent auth/mod.rs `pub mod commconfig;` 路径不变 (mod.rs re-export 全 pub 项).

mod accessors;
mod fetch;
mod parsers;
mod totp;
mod types;

#[cfg(test)]
mod tests;

// hoist for tests.rs (super::* 接 trade_query 类似套路)
#[cfg(test)]
pub(super) use super::*;

// ===== 外部 callers 直接用的 (auth/webtcp.rs, auth/broker.rs, auth/mod.rs) =====
pub use accessors::{
    broker_auth_webtcp_identity, default_webtcp_identity_for_client_type,
    forced_ip_for_attribution, ips_for_attribution, ips_for_broker, ips_for_web_identity,
    spawn_refresher, webtcp_addrs_for_identity, webtcp_hardcoded_addrs,
};
pub use fetch::server_now_ts;
pub use fetch::{SharedCommConfig, empty_snapshot, fetch_all};
pub use parsers::{api_root_for_client, client_version_dotted, is_web_identity};
pub use totp::gen_totp_sha1;
pub use types::{
    AuthGuaranteedDomainMap, CONN_WEB_AU, CONN_WEB_CA, CONN_WEB_CN, CONN_WEB_HK, CONN_WEB_JP,
    CONN_WEB_MY, CONN_WEB_SG, CONN_WEB_US, CommonConfigSnapshot, ForcedIpEntry, ForcedIpMap,
    GuaranteedBrokerIpMap, GuaranteedIpMap, GuaranteedWebIpMap,
};

/// Build the shared Futu common HTTP `auth_token`.
///
/// Ref: C++ `NNProtoCenter/NNProtoCenter_Inner_Inline.h`
/// `NNProto_BuildCommonHttpClientToken()` uses key `PEHMABDNLXIOG65U`,
/// server time, 30s period, and `GenGoogleOTPCode_SHA1`.
pub fn common_http_auth_token(unix_ts: i64) -> Option<String> {
    gen_totp_sha1(types::AUTH_TOKEN_KEY_B32, unix_ts, 30)
}

/// Build the C++ common HTTP `client_token`.
///
/// Ref: `FutuOpenD/Src/NNProtoCenter/Login/NNDataUrl.cpp:222-235`
/// `NNDataUrl::GetTimeEncryptKey()` writes server time into a 16-byte block,
/// encrypts it with AES-128 using ASCII key `PEHMABDNLXIOG65U`, then hex encodes
/// the encrypted block.
pub fn common_http_client_token(unix_ts: i64) -> Option<String> {
    if unix_ts <= 0 {
        return None;
    }

    let unix_ts = unix_ts.to_string();
    let mut block = [0u8; 16];
    let bytes = unix_ts.as_bytes();
    let len = bytes.len().min(block.len());
    block[..len].copy_from_slice(&bytes[..len]);

    use aes::cipher::{BlockEncrypt, KeyInit, generic_array::GenericArray};
    let cipher = aes::Aes128::new_from_slice(types::AUTH_TOKEN_KEY_B32.as_bytes()).ok()?;
    let mut block = GenericArray::clone_from_slice(&block);
    cipher.encrypt_block(&mut block);
    Some(hex::encode(block))
}

// ===== 内部 re-export 给 sibling tests.rs (super::* 接) =====
#[cfg(test)]
pub(super) use accessors::delay_until_next_refresh;
#[cfg(test)]
pub(super) use fetch::server_now_ts_at;
#[cfg(test)]
pub(super) use parsers::{
    is_broker_identity, parse_auth_guaranteed_domain_list, parse_forced_ip, parse_guaranteed_ip,
    parse_web_tcp_config_identity, value_kind,
};
#[cfg(test)]
pub(super) use std::collections::HashMap;
#[cfg(test)]
pub(super) use totp::base32_decode;