futu_backend/

login.rs

// 后端 TCP 登录
//
// 对应 C++ `FTChannelImpl::Logger::SendLoginReq`
// （`FTLogin/Src/ftlogin/channel/impl/logger.cpp:150-220`）
// 使用 FTConnLogin.proto 的 LoginReq/LoginRsp 完成登录
// 登录命令（cmd_id=6001）不加密（由通道自身不走 session_key 路径），
// 但 LoginReq 里的 encrypt_data 字段是用 client_key 做 AES-CBC-MD5 加密过的
// ReqEncryptData protobuf。

use futu_core::error::{FutuError, Result};
use futu_core::log_redact::endpoint_log_fingerprint;

use crate::auth::AuthResult;
use crate::conn::BackendConn;

/// Platform channel 登录命令 ID（C++ `kCmdLoginPlatform`）
pub const CMD_LOGIN_PLATFORM: u16 = 6001;
/// Broker channel 登录命令 ID（C++ `kCmdLoginBroker`）
pub const CMD_LOGIN_BROKER: u16 = 1001;

/// C++ `FTGTW_Client_Build`（`FTGTW_Version.h:6`）——编译版本号
/// **注意**：ReqEncryptData.client_ex_ver 填的是这个 BuildVersion，
/// 不是 `BackendConn::CLIENT_VER_FTGTW`。C++ `logger.cpp:165` 用 `AppConfig::GetBuildVersion()`。
/// 对齐 v10.02 当前公开值 6208。
const FTGTW_CLIENT_BUILD: u32 = 6208;

/// C++ `ftlogin_def.h:230` `kNetTypeEthernet = 3`。
/// FutuOpenD 的 `FTGTW_Inner_API.cpp:444` `GetNetType()` 硬编码返回 Ethernet，
/// 我们也遵循。
const NET_TYPE_ETHERNET: u32 = 3;

/// 返回 C++ `AppConfig::GetOSName()` 对应的字符串（`app_config.cpp:47-62`）。
/// 值域：`Mac` / `Windows` / `Ubuntu` / `CentOS` / `iOS` / `Android` / `Unknown`。
/// FutuOpenD C++ 在 `FTGTW_Version.h` 里按编译目标硬定 `FTGTW_OSType`，
/// 我们用 `cfg!(target_os = "...")` 按编译目标派生 —— FutuOpenD 只上架 Mac/
/// Linux/Windows 三平台，Linux 发行版本无法区分 Ubuntu vs CentOS，统一用
/// "Ubuntu"（与 C++ `FTGTW_OSType=2` 对齐，大部分 opend-linux 用户跑 Ubuntu）。
fn os_name() -> &'static str {
    if cfg!(target_os = "macos") {
        "Mac"
    } else if cfg!(target_os = "windows") {
        "Windows"
    } else if cfg!(target_os = "linux") {
        "Ubuntu"
    } else {
        "Unknown"
    }
}

/// 返回 C++ `GetNetTypeStr(kNetTypeEthernet)`（`logger.cpp:41-52`）的字符串值。
/// Ethernet 对应字符串是 **"LAN"**，不是 "Ethernet"。
fn net_type_str_ethernet() -> &'static str {
    "LAN"
}

fn format_session_key_len_marker(session_key_len: usize) -> String {
    format!("session_key_len={session_key_len}")
}

/// 登录结果
#[derive(Debug, Clone)]
pub struct LoginResult {
    pub user_id: u64,
    /// RspEncryptData.session_key 原始字节 —— 长度由服务端决定，对齐 C++
    /// `Logger::session_key_` 是 `std::string`（`logger.h:152`）变长存储。
    /// Platform 通常 16 字节，Broker 可能 32 字节，不能强制截断。
    pub session_key: Vec<u8>,
    pub keep_alive_interval: u32,
    pub sec_data: u32,
    pub server_time: u64,
    /// RspEncryptData.client_ip(field 14), server 视角的客户端外网 IP。
    ///
    /// Ref: FTLogin `FTConnLogin.proto:105` + `logger.cpp:511-516`。
    /// C++ 会把它保存到 working_tcp_client->client_ip，并在 broker CMD20147
    /// `ConnIpReq.client_feature.client_ip` 中回填；broker 1007 会严格校验。
    pub client_ip: String,
}

/// TCP login target fields written into `ReqEncryptData` fields 2/6/7/9.
#[derive(Debug, Clone, Copy)]
pub struct TcpLoginTarget<'a> {
    pub is_new_login: bool,
    pub redirect_ttl: u32,
    pub host_ip: &'a str,
    pub host_port: u32,
}

impl<'a> TcpLoginTarget<'a> {
    pub fn new(is_new_login: bool, redirect_ttl: u32, host_ip: &'a str, host_port: u32) -> Self {
        Self {
            is_new_login,
            redirect_ttl,
            host_ip,
            host_port,
        }
    }
}

/// Channel-specific login identity. Platform and broker login share the same
/// body shape, but these fields intentionally differ.
#[derive(Debug, Clone, Copy)]
pub struct TcpLoginChannel<'a> {
    pub cmd_id: u16,
    pub conn_identity: u32,
    pub effective_user_id: u64,
    pub client_sig: &'a [u8],
}

impl<'a> TcpLoginChannel<'a> {
    pub fn platform(auth: &'a AuthResult) -> Self {
        Self {
            cmd_id: CMD_LOGIN_PLATFORM,
            conn_identity: auth.user_attribution.to_conn_identity(),
            effective_user_id: auth.user_id,
            client_sig: &auth.client_sig,
        }
    }

    pub fn broker(conn_identity: u32, customer_id: u64, broker_client_sig: &'a [u8]) -> Self {
        Self {
            cmd_id: CMD_LOGIN_BROKER,
            conn_identity,
            effective_user_id: customer_id,
            client_sig: broker_client_sig,
        }
    }
}

/// Platform 通道登录的外层封装：填入 platform 专用参数后调 `tcp_login_raw`。
/// 保持 v1.4.7 语义不变——默认 cmd=6001，conn_identity 从 attribution 派生，user_id=auth.user_id。
pub async fn tcp_login(
    conn: &BackendConn,
    auth: &AuthResult,
    client_key: &[u8],
    target: TcpLoginTarget<'_>,
) -> Result<LoginResult> {
    tcp_login_raw(conn, client_key, target, TcpLoginChannel::platform(auth)).await
}

/// 执行 TCP 登录（通用版 —— 同时用于 Platform cmd=6001 和 Broker cmd=1001）
///
/// 构造 `ReqEncryptData` → AES-CBC-MD5 加密（key=完整 client_key，
/// 32 字节时是 AES-256） → 放进 `LoginReq.encrypt_data` → 发指定 cmd。
///
/// 对齐 `logger.cpp:150-220` —— 该函数是 C++ `SendNormalLoginProtocol` 的等价
/// 实现，cmd=6001/1001 共用同一套 ReqEncryptData 字段布局，只是以下三个值
/// 随通道变化：
///
/// - `cmd_id`：6001=`kCmdLoginPlatform`，1001=`kCmdLoginBroker`
/// - `conn_identity`：Platform 是 1-6（按 UserAttribution），Broker 是 1001/1007/...
/// - `effective_user_id`：Platform 是 uid，Broker 是 **customer_id (cid)** —— 对齐
///   C++ `channel_->outer_uid_`（`logger.cpp:107,120,161,194`）
///
/// `TcpLoginChannel::client_sig`：Platform 用 `auth.client_sig`，Broker 用 `broker_client_sig`。
pub async fn tcp_login_raw(
    conn: &BackendConn,
    client_key: &[u8],
    target: TcpLoginTarget<'_>,
    channel: TcpLoginChannel<'_>,
) -> Result<LoginResult> {
    let TcpLoginTarget {
        is_new_login,
        redirect_ttl,
        host_ip,
        host_port,
    } = target;
    let TcpLoginChannel {
        cmd_id,
        conn_identity,
        effective_user_id,
        client_sig,
    } = channel;

    // ===== 构建 ReqEncryptData（对齐 C++ logger.cpp:160-180）=====
    let mut req_encrypt = Vec::with_capacity(128);
    // field 1: user_id (uint64) —— Broker 场景是 customer_id 而非 auth.user_id
    prost::encoding::uint64::encode(1, &effective_user_id, &mut req_encrypt);
    // field 2: mac_addr (string) —— FutuOpenD 抓包上报 "00:00:00:00:00:00" 也能登
    let mac_addr = "00:00:00:00:00:00".to_string();
    prost::encoding::string::encode(2, &mac_addr, &mut req_encrypt);
    // field 3: os_type (uint32) —— C++ 用 GetClientTypeValue()，FutuOpenD FTNN=40
    prost::encoding::uint32::encode(3, &40u32, &mut req_encrypt);
    // field 4: client_ex_ver (uint32) —— C++ 用 GetBuildVersion() = FTGTW_Client_Build (6208)
    // 注意这是 BuildVersion，不是 BackendConn::CLIENT_VER_FTGTW。
    prost::encoding::uint32::encode(4, &FTGTW_CLIENT_BUILD, &mut req_encrypt);
    // field 5: net_type (uint32) —— 3=ETHERNET
    prost::encoding::uint32::encode(5, &NET_TYPE_ETHERNET, &mut req_encrypt);
    // field 6: redirect_ttl (uint32)
    prost::encoding::uint32::encode(6, &redirect_ttl, &mut req_encrypt);
    // field 7: host_ip (string) —— 当前 TCP 连接的目标 IP，服务端用来识别接入点
    let host_ip_str = host_ip.to_string();
    prost::encoding::string::encode(7, &host_ip_str, &mut req_encrypt);
    // field 8: conn_identity (uint32) —— 服务端用来识别"登错情况"的关键字段
    // Platform: 1-6 (CN/US/SG/AU/JP/HK)；Broker: 1001/1007/1008/... 对齐 FTConnCmn.proto
    prost::encoding::uint32::encode(8, &conn_identity, &mut req_encrypt);
    // field 9: host_port (uint32)
    prost::encoding::uint32::encode(9, &host_port, &mut req_encrypt);
    // field 10: client_feature 嵌套 message（新版客户端必填）——
    // 字段 1 device_model、2 net_type、3 carrier
    let client_feature = build_client_feature();
    prost::encoding::bytes::encode(10, &client_feature, &mut req_encrypt);
    // field 12: os_name (string) —— 对齐 C++ `AppConfig::GetOSName()` 的返回值
    //（"Mac" / "Windows" / "Ubuntu" / "CentOS"，注意不是 "macOS"），
    // 按运行时 target_os 派生；v1.4.7 前硬编码 "macOS" 是错误字符串
    let os = os_name().to_string();
    prost::encoding::string::encode(12, &os, &mut req_encrypt);

    // ===== AES-CBC-MD5 加密 ReqEncryptData =====
    // C++ `OMCrypt_FTAES_MD5_Encrypt(client_key.c_str(), client_key.size(), ...)`
    // 用**完整 client_key** —— 32 字节时是 AES-256，16 字节时是 AES-128
    // 我们 v1.4.6 之前错用 client_key[..16] 截断到 AES-128，是 bug
    let encrypted_data = if client_key.is_empty() {
        req_encrypt.clone()
    } else {
        futu_net::encrypt::aes_cbc_md5_encrypt_var(client_key, &req_encrypt)?
    };

    // ===== 构建 LoginReq 外层协议 =====
    // field 1: user_id  field 2: new_login  field 3: client_sig  field 4: encrypt_data
    let mut login_req = Vec::with_capacity(256);
    prost::encoding::uint64::encode(1, &effective_user_id, &mut login_req);
    prost::encoding::bool::encode(2, &is_new_login, &mut login_req);
    prost::encoding::bytes::encode(3, &client_sig.to_vec(), &mut login_req);
    prost::encoding::bytes::encode(4, &encrypted_data, &mut login_req);

    let chan_desc = match cmd_id {
        CMD_LOGIN_PLATFORM => "platform",
        CMD_LOGIN_BROKER => "broker",
        _ => "other",
    };
    tracing::info!(
        user_id = effective_user_id,
        cmd_id = cmd_id,
        channel = chan_desc,
        conn_identity = conn_identity,
        host_fp = %endpoint_log_fingerprint(&format!("{host_ip}:{host_port}")),
        "sending TCP login request"
    );
    tracing::debug!(
        login_req_len = login_req.len(),
        req_encrypt_plain_len = req_encrypt.len(),
        client_key_len = client_key.len(),
        client_sig_len = client_sig.len(),
        encrypted_data_len = encrypted_data.len(),
        "TCP login request details"
    );

    let resp_frame = conn.request(cmd_id, login_req).await?;

    // ===== 解析 LoginRsp =====
    let resp_body = &resp_frame.body;
    // v1.4.102 F-003 fix (P2, leaf v1.4.100 报告): redact LoginRsp body hex.
    // 历史: DEBUG log 把 encrypted LoginRsp body 全 hex dump (96 字节). 不是
    // 明文密码泄漏, 但 auth response body 应 default redact (defense-in-depth).
    // 攻击者可能结合其他 log 离线分析 cipher / session_key 派生路径.
    // 改打 length + first-4-bytes hex (cmd_id sniff 已足够 debug, 不暴露 payload).
    tracing::debug!(
        resp_body_len = resp_body.len(),
        resp_body_first4 = hex::encode(&resp_body[..resp_body.len().min(4)]),
        "TCP login response (body redacted, F-003 v1.4.102 fix)"
    );

    let result_code = extract_int32_field(resp_body, 1).unwrap_or(-1);

    if result_code != 0 {
        let desc = extract_bytes_field(resp_body, 3).unwrap_or_default();
        let desc_str = String::from_utf8_lossy(&desc).to_string();

        if result_code == 1 {
            // 重定向
            let redirect = parse_login_redirect(resp_body)?;
            let redirect_endpoint = format!("{}:{}", redirect.addr, redirect.port);
            tracing::warn!(
                addr_fp = %endpoint_log_fingerprint(&redirect_endpoint),
                ttl = redirect.ttl,
                "login redirect"
            );
            return Err(FutuError::ServerError {
                ret_type: result_code,
                msg: format!("redirect to {}:{}", redirect.addr, redirect.port),
            });
        }

        return Err(FutuError::ServerError {
            ret_type: result_code,
            msg: desc_str,
        });
    }

    // 解密 RspEncryptData —— 同样用**完整 client_key**
    let enc_data = extract_bytes_field(resp_body, 2)
        .ok_or(FutuError::Codec("missing encrypt_data in LoginRsp".into()))?;

    let dec_data = if client_key.is_empty() {
        enc_data
    } else {
        futu_net::encrypt::aes_cbc_md5_decrypt_var(client_key, &enc_data)?
    };

    let result = parse_rsp_encrypt_login_result(&dec_data, effective_user_id)?;
    let session_key_len = result.session_key.len();

    let session_key_len_marker = format_session_key_len_marker(session_key_len);
    tracing::info!(
        user_id = result.user_id,
        keep_alive = result.keep_alive_interval,
        session_key_len,
        session_key_len_marker = %session_key_len_marker,
        client_ip_present = !result.client_ip.is_empty(),
        "TCP login succeeded, got session key; {session_key_len_marker}"
    );

    Ok(result)
}

#[derive(Debug, Clone, PartialEq, Eq)]
struct LoginRedirect {
    addr: String,
    port: u32,
    ttl: u32,
}

fn parse_login_redirect(resp_body: &[u8]) -> Result<LoginRedirect> {
    // C++ `FTChannelImpl::Logger::OnRecvNormalLoginProtocolRedirect`
    // (`FTLogin/Src/ftlogin/channel/impl/logger.cpp:655-684`) requires all
    // three redirect fields before reconnecting.
    let addr = extract_string_field(resp_body, 5)
        .ok_or_else(|| FutuError::Codec("missing redir_svr_addr in redirect LoginRsp".into()))?;
    let port = extract_uint32_field(resp_body, 6)
        .ok_or_else(|| FutuError::Codec("missing redir_svr_port in redirect LoginRsp".into()))?;
    let ttl = extract_uint32_field(resp_body, 8)
        .ok_or_else(|| FutuError::Codec("missing redirect_ttl in redirect LoginRsp".into()))?;

    Ok(LoginRedirect { addr, port, ttl })
}

fn parse_rsp_encrypt_login_result(dec_data: &[u8], effective_user_id: u64) -> Result<LoginResult> {
    // 解析 RspEncryptData 字段（fallback 用 effective_user_id，
    // 以便 broker 登录成功时也能正确回落到 customer_id）
    let user_id = extract_uint64_field(dec_data, 1).unwrap_or(effective_user_id);
    let session_key_bytes = extract_bytes_field(dec_data, 4)
        .ok_or_else(|| FutuError::Codec("missing session_key in RspEncryptData".into()))?;
    let session_key_len = session_key_bytes.len();
    let keep_alive = extract_uint32_field(dec_data, 8).unwrap_or(10);
    let sec_data = extract_uint32_field(dec_data, 9).unwrap_or(1);
    let server_time = extract_uint64_field(dec_data, 10).unwrap_or(0);
    let client_ip = extract_string_field(dec_data, 14).unwrap_or_default();

    // 检查 session_key 长度合法（AES-128/192/256 要求 16/24/32）
    if !matches!(session_key_len, 16 | 24 | 32) {
        return Err(FutuError::Encryption(format!(
            "session key has unexpected length: {} bytes (expected 16/24/32)",
            session_key_len
        )));
    }

    Ok(LoginResult {
        user_id,
        session_key: session_key_bytes,
        keep_alive_interval: keep_alive,
        sec_data,
        server_time,
        client_ip,
    })
}

/// 对齐 C++ `logger.cpp:177-179`：
/// `client_feature.device_model = AppConfig::GetDeviceModel()` 等 3 字段。
/// ClientFeature proto：field 1 device_model, 2 net_type, 3 carrier.
fn build_client_feature() -> Vec<u8> {
    let mut out = Vec::with_capacity(32);
    // field 1: device_model (string) —— C++ 拿 `AppConfig::GetDeviceModel()`（如
    // "MacBookPro15,4"）。当前未做机型探测，用 OS 名字兜底（"Mac" / "Ubuntu" / ...）
    let device_model = os_name().to_string();
    prost::encoding::string::encode(1, &device_model, &mut out);
    // field 2: net_type (string) —— C++ `GetNetTypeStr(kNetTypeEthernet)` 返回 "LAN"
    // （`logger.cpp:47`）不是 "Ethernet"。v1.4.7 前写错了
    let net_type = net_type_str_ethernet().to_string();
    prost::encoding::string::encode(2, &net_type, &mut out);
    // field 3: carrier (string) —— 桌面无 carrier，省略
    out
}

// ===== 简单的 protobuf 字段提取（避免依赖内部 proto 编译） =====

fn extract_int32_field(data: &[u8], field_num: u32) -> Option<i32> {
    extract_varint_field(data, field_num).map(|v| v as i32)
}

fn extract_uint32_field(data: &[u8], field_num: u32) -> Option<u32> {
    extract_varint_field(data, field_num).map(|v| v as u32)
}

fn extract_uint64_field(data: &[u8], field_num: u32) -> Option<u64> {
    extract_varint_field(data, field_num)
}

fn extract_string_field(data: &[u8], field_num: u32) -> Option<String> {
    extract_bytes_field(data, field_num).map(|b| String::from_utf8_lossy(&b).to_string())
}

fn extract_bytes_field(data: &[u8], field_num: u32) -> Option<Vec<u8>> {
    let mut pos = 0;
    while pos < data.len() {
        let (tag, new_pos) = decode_varint(data, pos)?;
        pos = new_pos;

        let wire_type = (tag & 0x07) as u8;
        let num = (tag >> 3) as u32;

        match wire_type {
            0 => {
                // varint
                let (_val, new_pos) = decode_varint(data, pos)?;
                if num == field_num {
                    return Some(vec![]); // varint 不是 bytes
                }
                pos = new_pos;
            }
            2 => {
                // length-delimited
                let (len, new_pos) = decode_varint(data, pos)?;
                pos = new_pos;
                let len = len as usize;
                if pos + len > data.len() {
                    return None;
                }
                if num == field_num {
                    return Some(data[pos..pos + len].to_vec());
                }
                pos += len;
            }
            1 => {
                pos += 8;
            } // 64-bit
            5 => {
                pos += 4;
            } // 32-bit
            _ => return None,
        }
    }
    None
}

fn extract_varint_field(data: &[u8], field_num: u32) -> Option<u64> {
    let mut pos = 0;
    while pos < data.len() {
        let (tag, new_pos) = decode_varint(data, pos)?;
        pos = new_pos;

        let wire_type = (tag & 0x07) as u8;
        let num = (tag >> 3) as u32;

        match wire_type {
            0 => {
                let (val, new_pos) = decode_varint(data, pos)?;
                if num == field_num {
                    return Some(val);
                }
                pos = new_pos;
            }
            2 => {
                let (len, new_pos) = decode_varint(data, pos)?;
                pos = new_pos + len as usize;
            }
            1 => {
                pos += 8;
            }
            5 => {
                pos += 4;
            }
            _ => return None,
        }
    }
    None
}

fn decode_varint(data: &[u8], start: usize) -> Option<(u64, usize)> {
    let mut result: u64 = 0;
    let mut shift = 0;
    let mut pos = start;
    loop {
        if pos >= data.len() {
            return None;
        }
        let byte = data[pos];
        result |= ((byte & 0x7F) as u64) << shift;
        pos += 1;
        if byte & 0x80 == 0 {
            return Some((result, pos));
        }
        shift += 7;
        if shift >= 64 {
            return None;
        }
    }
}

#[cfg(test)]
mod tests;