futu_backend/auth/commconfig/

parsers.rs

//! auth/commconfig/parsers — api helpers + fetch_page + parse_forced_ip + parse_guaranteed_ip +
//! parse_web_tcp + parse_auth_guaranteed_domain + value_kind + is_*_identity
//! (v1.4.110 CC Batch M: 拆自 commconfig.rs L245-664)

use std::collections::HashMap;

use futu_core::error::{FutuError, Result};

use crate::auth::UserAttribution;

use super::totp::gen_totp_sha1;
use super::types::{
    AUTH_TOKEN_KEY_B32, AuthGuaranteedDomainMap, CONN_WEB_AU, CONN_WEB_CA, CONN_WEB_CN,
    CONN_WEB_HK, CONN_WEB_JP, CONN_WEB_MY, CONN_WEB_SG, CONN_WEB_US, ForcedIpEntry, ForcedIpMap,
    GuaranteedBrokerIpMap, GuaranteedIpMap, GuaranteedWebIpMap,
};

pub fn api_root_for_client(client_type: u8) -> &'static str {
    if client_type == 40 {
        "https://api.futunn.com"
    } else {
        "https://api.moomoo.com"
    }
}

/// `nClientVer = 1030` → `"10.30.0"` 点分形式（对齐 C++ 拼法）。
/// BuildVer 我们统一填 0。
pub fn client_version_dotted(num_ver: u32) -> String {
    let major = num_ver / 100;
    let minor = num_ver % 100;
    format!("{major}.{minor}.0")
}

/// 单次拉取 `begin_id` 对应那一页的原始 JSON 响应。
pub async fn fetch_page(
    http: &reqwest::Client,
    client_type: u8,
    device_id: &str,
    user_id: u64,
    begin_id: i32,
    svr_time_offset: i64,
) -> Result<serde_json::Value> {
    // v1.4.22：用服务端时间 = local + offset 作 TOTP 种子，对齐 C++
    // `INNBiz_SvrTime::GetSvrTimeStamp()`。offset 在 salt 响应里算出，
    // 传递到此处。机器时钟偏差 >30s 时保证 TOTP 不被拒。
    let svr_ts = super::fetch::server_now_ts(svr_time_offset);
    let token = gen_totp_sha1(AUTH_TOKEN_KEY_B32, svr_ts, 30)
        .ok_or_else(|| FutuError::Encryption("commconfig: TOTP generation failed".into()))?;

    let client_ver_num = crate::conn::BackendConn::CLIENT_VER_FTGTW as u32;
    let client_ver_dotted = client_version_dotted(client_ver_num);

    let url = format!(
        "{root}/v2/conf/select_all?user_id={uid}&auth_token={tok}&is_visitor=0\
         &clienttype={ct}&clientver={cv}&content=0",
        root = api_root_for_client(client_type),
        uid = user_id,
        tok = token,
        ct = client_type,
        cv = client_ver_dotted,
    );

    let body = serde_json::json!({ "begin_id": begin_id });

    let auth_headers = super::super::http_client::auth_http_default_headers(client_type)?;

    // 单独设置 per-request 头：commconfig / AuthIPList 分支保留 C++ 的
    // X-Futu-Client-Type / Version / Lang；业务 auth 请求不复用这套头。
    let resp = http
        .post(&url)
        .headers(auth_headers)
        .header("X-Futu-Client-Deviceid", device_id)
        .header("X-Futu-Client-NNid", user_id.to_string())
        .json(&body)
        .send()
        .await
        .map_err(|e| FutuError::Codec(format!("commconfig POST failed: {e}")))?;

    let status = resp.status();
    let text = resp
        .text()
        .await
        .map_err(|e| FutuError::Codec(format!("commconfig read body: {e}")))?;

    if !status.is_success() {
        return Err(FutuError::Codec(format!(
            "commconfig HTTP {status}: {body}",
            body = text.chars().take(200).collect::<String>()
        )));
    }

    serde_json::from_str(&text).map_err(|e| {
        FutuError::Codec(format!(
            "commconfig JSON parse failed: {e} (body head: {head})",
            head = text.chars().take(200).collect::<String>()
        ))
    })
}

/// `conf_info["forced_ip_for_conn"]` 解析 —— 对齐 C++
/// `address.cpp:360-400` 的 `ParseForcedIpConfig()`。
///
/// 这个字段的值**和 `guaranteed_ip_for_conn` schema 不同**：
/// - 外层是 object（不是直接 array）：`{"forced_ip_for_conn": [...]}`
/// - entry 字段：`{identity, ip, port, expire}` —— 单 IP + expire 时间戳
/// - 未过期的 forced_ip **绕过**其他 fallback 直接用（最高优先级）
///
/// 和 `parse_guaranteed_ip` 一样支持三态（Null / Array-JSON-string / Object）。
/// 多了一层 "object → forced_ip_for_conn" 的嵌套解包。
pub fn parse_forced_ip(value: &serde_json::Value) -> ForcedIpMap {
    let mut map: ForcedIpMap = HashMap::new();
    if value.is_null() {
        tracing::debug!("commconfig: forced_ip_for_conn is null");
        return map;
    }
    // 取出 object 层：直接 object、或字符串装 object 两种都接受
    let obj_value: std::borrow::Cow<serde_json::Value> = if let Some(s) = value.as_str() {
        if s.is_empty() {
            return map;
        }
        match serde_json::from_str::<serde_json::Value>(s) {
            Ok(v) => std::borrow::Cow::Owned(v),
            Err(e) => {
                tracing::warn!(
                    error = %e,
                    "commconfig: forced_ip_for_conn string-to-json parse failed"
                );
                return map;
            }
        }
    } else {
        std::borrow::Cow::Borrowed(value)
    };
    // 嵌套 unwrap：{ "forced_ip_for_conn": [...] } → array
    let arr = obj_value
        .as_object()
        .and_then(|o| o.get("forced_ip_for_conn"))
        .and_then(|v| v.as_array());
    let Some(arr) = arr else {
        tracing::warn!(
            kind = value_kind(value),
            "commconfig: forced_ip_for_conn missing nested `forced_ip_for_conn` array"
        );
        return map;
    };

    for entry in arr {
        let Some(o) = entry.as_object() else {
            continue;
        };
        let Some(identity) = json_u32_field(o, "identity", 0, "forced_ip_for_conn.identity") else {
            continue;
        };
        let ip = o
            .get("ip")
            .and_then(|v| v.as_str())
            .unwrap_or("")
            .to_string();
        let Some(port) = json_u16_field(o, "port", 9595, "forced_ip_for_conn.port") else {
            continue;
        };
        let expire_ts = o.get("expire").and_then(|v| v.as_i64()).unwrap_or(0);

        if ip.is_empty() {
            continue;
        }
        let Some(attr) = UserAttribution::from_u32(identity) else {
            tracing::debug!(
                identity,
                "commconfig: forced_ip skipping non-platform identity"
            );
            continue;
        };
        tracing::debug!(
            identity,
            ip = %ip,
            port,
            expire_ts,
            "commconfig: forced_ip loaded"
        );
        map.insert(
            attr,
            ForcedIpEntry {
                ip,
                port,
                expire_ts,
            },
        );
    }
    map
}

/// 诊断 log 用 —— 返回 `serde_json::Value` 的类型名字（Null/Bool/Number/
/// String/Array/Object）。WARN 里带这个比 `{:?}` 更可读。
pub fn value_kind(v: &serde_json::Value) -> &'static str {
    match v {
        serde_json::Value::Null => "Null",
        serde_json::Value::Bool(_) => "Bool",
        serde_json::Value::Number(_) => "Number",
        serde_json::Value::String(_) => "String",
        serde_json::Value::Array(_) => "Array",
        serde_json::Value::Object(_) => "Object",
    }
}

fn json_u32_field(
    obj: &serde_json::Map<String, serde_json::Value>,
    field: &'static str,
    default: u32,
    context: &'static str,
) -> Option<u32> {
    let Some(value) = obj.get(field) else {
        return Some(default);
    };
    if let Some(raw) = value.as_i64()
        && let Ok(parsed) = u32::try_from(raw)
    {
        return Some(parsed);
    }
    if let Some(raw) = value.as_u64()
        && let Ok(parsed) = u32::try_from(raw)
    {
        return Some(parsed);
    }
    tracing::warn!(
        context,
        field,
        kind = value_kind(value),
        value = ?value,
        "commconfig: skipping invalid u32 field"
    );
    None
}

fn json_u16_field(
    obj: &serde_json::Map<String, serde_json::Value>,
    field: &'static str,
    default: u16,
    context: &'static str,
) -> Option<u16> {
    let Some(value) = obj.get(field) else {
        return Some(default);
    };
    if let Some(raw) = value.as_i64()
        && let Ok(parsed) = u16::try_from(raw)
    {
        return Some(parsed);
    }
    if let Some(raw) = value.as_u64()
        && let Ok(parsed) = u16::try_from(raw)
    {
        return Some(parsed);
    }
    tracing::warn!(
        context,
        field,
        kind = value_kind(value),
        value = ?value,
        "commconfig: skipping invalid u16 field"
    );
    None
}

/// `conf_info["guaranteed_ip_for_conn"]` 的值可能是：
/// 1. **JSON 字符串**（C++ `NNBiz_CommonConfig.cpp:141` + `toStyledString()`
///    的典型来源，值是 `"[{...},{...}]"` 需要二次 parse）
/// 2. **直接 array**（服务端没 stringify，直接嵌 JSON object）
/// 3. `null` / 空串 / 缺字段（某些地区 / 账号状态，服务端没配置 guaranteed
///    IP；正常，由调用方进入该通道自己的 fallback 链）
///
/// v1.4.21 前只支持 1，遇到 2/3 会打 `EOF while parsing a value` WARN 并
/// 返回空 map。改成**同时支持三种形态**，只在明显的"格式错误"时才 WARN。
///
/// 对齐 C++ `ChannelAddressManager::ParseGuaranteedIpConfig()`
/// (`address.cpp:302-358`) —— C++ 只处理字符串入口，我们更宽松。
/// 返回 `(platform_map, broker_map, web_map)` —— Platform identity(1-6) 进 platform_map；
/// C++ `channel.h:61-75` `kAllConnIdentity` 里列出的
/// `CONN_BROKER_FUTU_*` (1001/1007/1008/1009/1012/1017/1019) 进 broker_map；
/// `CONN_WEB_*` (10100..10107) 进 web_map；其他未知 identity 跳过。
pub fn parse_guaranteed_ip(
    value: &serde_json::Value,
) -> (GuaranteedIpMap, GuaranteedBrokerIpMap, GuaranteedWebIpMap) {
    let mut platform: GuaranteedIpMap = HashMap::new();
    let mut broker: GuaranteedBrokerIpMap = HashMap::new();
    let mut web: GuaranteedWebIpMap = HashMap::new();
    // 空 / null → 没配置，安静返回（避免噪音 WARN 污染日志）
    if value.is_null() {
        tracing::debug!(
            "commconfig: guaranteed_ip_for_conn is null (no guaranteed IPs for this account)"
        );
        return (platform, broker, web);
    }
    // 取出 array：直接是 array、或字符串里装 array 两种都接受
    let arr_value: std::borrow::Cow<serde_json::Value> = if let Some(s) = value.as_str() {
        if s.is_empty() {
            tracing::debug!("commconfig: guaranteed_ip_for_conn is empty string");
            return (platform, broker, web);
        }
        match serde_json::from_str::<serde_json::Value>(s) {
            Ok(v) => std::borrow::Cow::Owned(v),
            Err(e) => {
                tracing::warn!(
                    error = %e,
                    preview = %s.chars().take(80).collect::<String>(),
                    "commconfig: guaranteed_ip_for_conn string-to-json parse failed"
                );
                return (platform, broker, web);
            }
        }
    } else {
        std::borrow::Cow::Borrowed(value)
    };
    let Some(arr) = arr_value.as_array() else {
        tracing::warn!(
            kind = ?value_kind(value),
            "commconfig: guaranteed_ip_for_conn is neither array nor array-string"
        );
        return (platform, broker, web);
    };

    for entry in arr {
        let Some(obj) = entry.as_object() else {
            continue;
        };
        let Some(identity) = json_u32_field(obj, "identity", 0, "guaranteed_ip_for_conn.identity")
        else {
            continue;
        };
        let Some(port) = json_u16_field(obj, "port", 9595, "guaranteed_ip_for_conn.port") else {
            continue;
        };
        let ips = obj.get("ip").and_then(|v| v.as_array());
        let Some(ips) = ips else {
            continue;
        };

        let mut pool: Vec<(String, u16)> = Vec::new();
        for ip_v in ips {
            if let Some(ip) = ip_v.as_str()
                && !ip.is_empty()
            {
                pool.push((ip.to_string(), port));
            }
        }
        if pool.is_empty() {
            continue;
        }

        if let Some(attr) = UserAttribution::from_u32(identity) {
            // Platform identity (1-6)
            tracing::debug!(
                identity,
                port,
                count = pool.len(),
                "commconfig: platform guaranteed_ip loaded"
            );
            platform.insert(attr, pool);
        } else if is_broker_identity(identity) {
            // Broker identity (CONN_BROKER_FUTU_*)
            tracing::debug!(
                identity,
                port,
                count = pool.len(),
                "commconfig: broker guaranteed_ip loaded"
            );
            broker.insert(identity, pool);
        } else if is_web_identity(identity) {
            // WebTCP-short identity (CONN_WEB_*)
            tracing::debug!(
                identity,
                port,
                count = pool.len(),
                "commconfig: web guaranteed_ip loaded"
            );
            web.insert(identity, pool);
        } else {
            tracing::debug!(
                identity,
                "commconfig: skipping unknown guaranteed_ip identity"
            );
        }
    }
    (platform, broker, web)
}

/// 解析 C++ `web_tcp_config` 的全局 WebTCP-short identity。
///
/// 服务端可能把 `web_tcp_config` 作为 JSON 字符串或 object 下发。C++
/// `WebRequestManager::UpdateCommConfig()` 只使用其中 `web_conn_identity`
/// 来决定 WebTCP-short 目标 identity；它不是 broker 维度字段。
pub fn parse_web_tcp_config_identity(value: &serde_json::Value) -> Option<u32> {
    let obj_value: std::borrow::Cow<serde_json::Value> = if let Some(s) = value.as_str() {
        if s.is_empty() {
            return None;
        }
        match serde_json::from_str::<serde_json::Value>(s) {
            Ok(v) => std::borrow::Cow::Owned(v),
            Err(e) => {
                tracing::warn!(
                    error = %e,
                    preview = %s.chars().take(80).collect::<String>(),
                    "commconfig: web_tcp_config string-to-json parse failed"
                );
                return None;
            }
        }
    } else {
        std::borrow::Cow::Borrowed(value)
    };

    let Some(obj) = obj_value.as_object() else {
        tracing::debug!(
            kind = value_kind(value),
            "commconfig: web_tcp_config is not object/object-string"
        );
        return None;
    };
    let identity = json_u32_field(
        obj,
        "web_conn_identity",
        0,
        "web_tcp_config.web_conn_identity",
    )?;
    if is_web_identity(identity) {
        Some(identity)
    } else {
        tracing::warn!(
            identity,
            "commconfig: ignoring invalid web_tcp_config.web_conn_identity"
        );
        None
    }
}

/// 解析 C++ `auth_guaranteed_domain_list` 动态兜底域名表。
///
/// 服务端可能把它作为 JSON string 或 object 下发；key 是原始鉴权域名，
/// value 是失败后用于 retry-domain 阶段的域名。
pub fn parse_auth_guaranteed_domain_list(
    value: &serde_json::Value,
) -> (AuthGuaranteedDomainMap, bool) {
    let mut out = AuthGuaranteedDomainMap::new();
    if value.is_null() {
        return (out, false);
    }

    let obj_value: std::borrow::Cow<serde_json::Value> = if let Some(s) = value.as_str() {
        if s.is_empty() {
            return (out, false);
        }
        match serde_json::from_str::<serde_json::Value>(s) {
            Ok(v) => std::borrow::Cow::Owned(v),
            Err(e) => {
                tracing::warn!(
                    error = %e,
                    preview = %s.chars().take(80).collect::<String>(),
                    "commconfig: auth_guaranteed_domain_list string-to-json parse failed"
                );
                return (out, false);
            }
        }
    } else {
        std::borrow::Cow::Borrowed(value)
    };

    let Some(obj) = obj_value.as_object() else {
        tracing::warn!(
            kind = value_kind(value),
            "commconfig: auth_guaranteed_domain_list is neither object nor object-string"
        );
        return (out, false);
    };

    for (domain, retry_domain) in obj {
        let Some(retry_domain) = retry_domain.as_str() else {
            continue;
        };
        if domain.is_empty() || retry_domain.is_empty() {
            continue;
        }
        out.insert(domain.clone(), retry_domain.to_string());
    }
    (out, true)
}

/// 对齐 C++ `FTLogin/Src/ftlogin/channel/channel.h:61-75` `kAllConnIdentity`
/// 里的 broker identity 集合。C++ enum 里有 `CONN_BROKER_AIR_STAR = 1022`，
/// 但当前 `kAllConnIdentity` 没有列它，所以这里也不把 1022 当作 commconfig
/// broker IP 池 identity。
#[inline]
pub fn is_broker_identity(identity: u32) -> bool {
    matches!(identity, 1001 | 1007 | 1008 | 1009 | 1012 | 1017 | 1019)
}

/// 对齐 C++ `FTConnCmn.proto` 的 `CONN_WEB_*` identity。
#[inline]
pub fn is_web_identity(identity: u32) -> bool {
    matches!(
        identity,
        CONN_WEB_CN
            | CONN_WEB_US
            | CONN_WEB_SG
            | CONN_WEB_AU
            | CONN_WEB_JP
            | CONN_WEB_HK
            | CONN_WEB_MY
            | CONN_WEB_CA
    )
}