futu_grpc/

server.rs

//! gRPC 服务实现
//!
//! FutuOpenD 服务通过通用的 proto_id + body 方式，
//! 将所有请求转发到现有的 RequestRouter。
//! 支持流式推送：行情、交易、广播事件通过 SubscribePush 接口推送给客户端。

use std::sync::atomic::{AtomicU32, AtomicU64, Ordering};
use std::sync::Arc;

use bytes::Bytes;
use tokio::sync::{broadcast, mpsc};
use tokio_stream::wrappers::ReceiverStream;
use tonic::{Request, Response, Status};

use chrono::Utc;
use futu_auth::{CheckCtx, KeyRecord, KeyStore, LimitOutcome, RuntimeCounters, Scope};
use futu_codec::header::ProtoFmtType;
use futu_proto::{trd_modify_order, trd_place_order};
use futu_server::conn::IncomingRequest;
use futu_server::push::ExternalPushSink;
use futu_server::router::RequestRouter;
use prost::Message;

use crate::auth::{authenticate, check_scope, scope_for_proto};
use crate::proto::futu_open_d_server::{FutuOpenD, FutuOpenDServer};
use crate::proto::{FutuRequest, FutuResponse, PushEvent, SubscribePushRequest};

/// gRPC 推送广播器
///
/// 实现 `ExternalPushSink` trait，接收 PushDispatcher 的推送事件，
/// 通过 broadcast channel 分发给所有 SubscribePush 流式连接。
#[derive(Clone)]
pub struct GrpcPushBroadcaster {
    tx: broadcast::Sender<PushEvent>,
}

impl GrpcPushBroadcaster {
    pub fn new(capacity: usize) -> Self {
        let (tx, _) = broadcast::channel(capacity);
        Self { tx }
    }

    /// 创建接收端
    pub fn subscribe(&self) -> broadcast::Receiver<PushEvent> {
        self.tx.subscribe()
    }

    fn send(&self, event: PushEvent) {
        let _ = self.tx.send(event);
    }
}

impl ExternalPushSink for GrpcPushBroadcaster {
    fn on_quote_push(&self, sec_key: &str, sub_type: i32, proto_id: u32, body: &[u8]) {
        self.send(PushEvent {
            proto_id,
            sec_key: sec_key.to_string(),
            sub_type,
            body: body.to_vec(),
            event_type: "quote".to_string(),
            acc_id: 0,
        });
    }

    fn on_broadcast_push(&self, proto_id: u32, body: &[u8]) {
        self.send(PushEvent {
            proto_id,
            sec_key: String::new(),
            sub_type: 0,
            body: body.to_vec(),
            event_type: "notify".to_string(),
            acc_id: 0,
        });
    }

    fn on_trade_push(&self, acc_id: u64, proto_id: u32, body: &[u8]) {
        self.send(PushEvent {
            proto_id,
            sec_key: String::new(),
            sub_type: 0,
            body: body.to_vec(),
            event_type: "trade".to_string(),
            acc_id,
        });
    }
}

/// gRPC 服务实现
pub struct FutuGrpcService {
    router: Arc<RequestRouter>,
    push_broadcaster: Arc<GrpcPushBroadcaster>,
    key_store: Arc<KeyStore>,
    counters: Arc<RuntimeCounters>,
    conn_id_counter: AtomicU64,
    serial_counter: AtomicU32,
}

impl FutuGrpcService {
    pub fn new(router: Arc<RequestRouter>, push_broadcaster: Arc<GrpcPushBroadcaster>) -> Self {
        Self::with_auth(
            router,
            push_broadcaster,
            Arc::new(KeyStore::empty()),
            Arc::new(RuntimeCounters::new()),
        )
    }

    /// 仅 key_store，counters 新建（向后兼容，调用方暂未接 counters 时用）
    pub fn with_key_store(
        router: Arc<RequestRouter>,
        push_broadcaster: Arc<GrpcPushBroadcaster>,
        key_store: Arc<KeyStore>,
    ) -> Self {
        Self::with_auth(
            router,
            push_broadcaster,
            key_store,
            Arc::new(RuntimeCounters::new()),
        )
    }

    /// 完整构造：同时接 key_store + counters（v1.0 推荐入口）
    ///
    /// `counters` 应由 main 全进程共享：REST / gRPC / MCP 共用一个实例才能保证
    /// rate limit / 日累计跨接口一致
    pub fn with_auth(
        router: Arc<RequestRouter>,
        push_broadcaster: Arc<GrpcPushBroadcaster>,
        key_store: Arc<KeyStore>,
        counters: Arc<RuntimeCounters>,
    ) -> Self {
        Self {
            router,
            push_broadcaster,
            key_store,
            counters,
            conn_id_counter: AtomicU64::new(20_000_000), // gRPC 虚拟连接从 20M 开始
            serial_counter: AtomicU32::new(1),
        }
    }

    fn next_conn_id(&self) -> u64 {
        self.conn_id_counter.fetch_add(1, Ordering::Relaxed)
    }

    fn next_serial(&self) -> u32 {
        self.serial_counter.fetch_add(1, Ordering::Relaxed)
    }
}

#[tonic::async_trait]
impl FutuOpenD for FutuGrpcService {
    /// 通用请求-响应
    async fn request(
        &self,
        request: Request<FutuRequest>,
    ) -> Result<Response<FutuResponse>, Status> {
        // 鉴权：提取 Bearer token → 验证 key → 按 proto_id 校验 scope
        let authed = authenticate(&self.key_store, &request)?;

        let req = request.into_inner();

        if req.proto_id == 0 {
            return Err(Status::invalid_argument("proto_id is required"));
        }

        if let Some(needed) = scope_for_proto(req.proto_id) {
            check_scope(&authed, req.proto_id, needed)?;

            // trade:real 的请求过一次通用 rate + hours 闸门（CheckCtx 全空，
            // 不解析 body，只挂全局闸门；细粒度检查 handler 层做）
            if needed == Scope::TradeReal {
                if let Some(rec) = authed.as_ref() {
                    let ctx = CheckCtx {
                        market: String::new(),
                        symbol: String::new(),
                        order_value: None,
                        trd_side: None,
                    };
                    if let LimitOutcome::Reject(reason) =
                        self.counters
                            .check_and_commit(&rec.id, &rec.limits(), &ctx, Utc::now())
                    {
                        let endpoint = format!("proto_id={}", req.proto_id);
                        futu_auth::audit::reject(
                            "grpc",
                            &endpoint,
                            &rec.id,
                            &format!("limit: {reason}"),
                        );
                        return Err(Status::resource_exhausted(format!(
                            "limit check failed: {reason}"
                        )));
                    }

                    // v1.2 handler 层 full CheckCtx：按 proto_id prost decode body
                    // 提取 market/symbol/value/side/daily（rate 已 commit，用
                    // check_full_skip_rate 不重复计 rate）
                    grpc_handler_full_check(&self.counters, rec, req.proto_id, &req.body)?;
                }
            }
        }

        let incoming = IncomingRequest {
            conn_id: self.next_conn_id(),
            proto_id: req.proto_id,
            serial_no: self.next_serial(),
            proto_fmt_type: ProtoFmtType::Protobuf,
            body: Bytes::from(req.body),
        };

        match self.router.dispatch(incoming.conn_id, &incoming).await {
            Some(resp_bytes) => Ok(Response::new(FutuResponse {
                ret_type: 0,
                ret_msg: String::new(),
                proto_id: req.proto_id,
                body: resp_bytes,
            })),
            None => Ok(Response::new(FutuResponse {
                ret_type: -1,
                ret_msg: "handler returned no response".to_string(),
                proto_id: req.proto_id,
                body: Vec::new(),
            })),
        }
    }

    type SubscribePushStream = ReceiverStream<Result<PushEvent, Status>>;

    /// 流式推送：客户端建立连接后持续接收行情、交易、广播推送
    ///
    /// v1.1：按订阅 key 的 scope 过滤推送 —— `qot:read`-only 的 key 不会收到
    /// `trade` 类（账户交易回报），对齐 REST `/ws` v0.9.0 加的 push filter。
    async fn subscribe_push(
        &self,
        request: Request<SubscribePushRequest>,
    ) -> Result<Response<Self::SubscribePushStream>, Status> {
        // 鉴权：握手最低门槛 qot:read；后续推送按 scope 过滤
        let authed = authenticate(&self.key_store, &request)?;
        check_scope(&authed, 0, Scope::QotRead)?;

        // 拍下连接的 scope 集合 + key_id 用于 filter 决策；legacy 模式（authed=None）
        // 给"全 scope" 让 filter 全放行
        let (scopes, key_id) = match authed.as_ref() {
            Some(rec) => (rec.scopes.clone(), rec.id.clone()),
            None => (
                [
                    Scope::QotRead,
                    Scope::AccRead,
                    Scope::TradeSimulate,
                    Scope::TradeReal,
                ]
                .into_iter()
                .collect::<std::collections::HashSet<Scope>>(),
                "<none>".to_string(),
            ),
        };

        let (tx, rx) = mpsc::channel(256);
        let mut push_rx = self.push_broadcaster.subscribe();

        tracing::info!(key_id = %key_id, scopes = ?scopes, "gRPC client subscribed to push events");

        // 后台任务：从 broadcast channel 读取推送 → 按 scope 过滤 → 发到 gRPC 流
        tokio::spawn(async move {
            loop {
                match push_rx.recv().await {
                    Ok(event) => {
                        let needed = scope_for_event(&event.event_type);
                        if !scopes.contains(&needed) {
                            // 计 metrics counter：方便看"哪个 key 因 scope 不够丢了多少推送"
                            futu_auth::metrics::bump_ws_filtered(&event.event_type, &key_id);
                            continue;
                        }
                        if tx.send(Ok(event)).await.is_err() {
                            break; // 客户端断开
                        }
                    }
                    Err(broadcast::error::RecvError::Lagged(n)) => {
                        tracing::warn!(skipped = n, "gRPC push client lagged, skipped events");
                        // 继续接收，不断开
                    }
                    Err(broadcast::error::RecvError::Closed) => {
                        break; // 广播器关闭
                    }
                }
            }
            tracing::info!("gRPC push stream ended");
        });

        Ok(Response::new(ReceiverStream::new(rx)))
    }
}

/// gRPC PushEvent 的 event_type → 客户端必须持有的 scope（与 REST `/ws` 对齐）
/// `Trd_Common.TrdMarket` enum int → 市场字符串（同 REST 的 helper，
/// 复制一份避免给 futu-grpc 拉 futu-rest 依赖）
fn trd_market_str(i: i32) -> &'static str {
    match i {
        1 => "HK",
        2 => "US",
        3 => "CN",
        4 => "HKCC",
        5 => "FUTURES",
        6 => "SG",
        7 => "JP",
        _ => "",
    }
}

/// `Trd_Common.TrdSide` enum int → 方向字符串
fn trd_side_str(i: i32) -> &'static str {
    match i {
        1 => "BUY",
        2 => "SELL",
        3 => "SELL_SHORT",
        4 => "BUY_BACK",
        _ => "",
    }
}

/// gRPC handler 层 full CheckCtx —— 在 trade:real 通用闸门通过后调用。
/// 按 proto_id 解码 body 提取 market/symbol/value/side，调
/// `check_full_skip_rate`（rate 已在 auth 层 commit，这里不重复计）。
///
/// proto_id 不是 PlaceOrder/ModifyOrder（比如 UnlockTrade、ReconfirmOrder）
/// 时直接放行 —— 这些请求没有 order params，只挂 rate/hours 全局闸门即可。
/// body decode 失败时也放行，让下游 handler 报真正的 protobuf 错误。
#[allow(clippy::result_large_err)] // tonic Status 与 RPC 签名一致
fn grpc_handler_full_check(
    counters: &RuntimeCounters,
    rec: &KeyRecord,
    proto_id: u32,
    body: &[u8],
) -> Result<(), Status> {
    let ctx = match proto_id {
        2202 => {
            // TRD_PLACE_ORDER
            let parsed = match trd_place_order::Request::decode(body) {
                Ok(p) => p,
                Err(_) => return Ok(()), // 让下游报 decode 错误
            };
            let c2s = &parsed.c2s;
            let market = trd_market_str(c2s.header.trd_market);
            let symbol = if market.is_empty() {
                String::new()
            } else {
                format!("{market}.{}", c2s.code)
            };
            let trd_side = match trd_side_str(c2s.trd_side) {
                "" => None,
                s => Some(s.to_string()),
            };
            CheckCtx {
                market: market.to_string(),
                symbol,
                order_value: c2s.price.map(|p| p * c2s.qty),
                trd_side,
            }
        }
        2205 => {
            // TRD_MODIFY_ORDER —— 只有 order_id，能拿到 trd_market
            let parsed = match trd_modify_order::Request::decode(body) {
                Ok(p) => p,
                Err(_) => return Ok(()),
            };
            CheckCtx {
                market: trd_market_str(parsed.c2s.header.trd_market).to_string(),
                symbol: String::new(),
                order_value: None,
                trd_side: None,
            }
        }
        _ => return Ok(()),
    };

    let now = Utc::now();
    if let LimitOutcome::Reject(reason) =
        counters.check_full_skip_rate(&rec.id, &rec.limits(), &ctx, now)
    {
        let endpoint = format!("proto_id={proto_id}");
        futu_auth::audit::reject("grpc", &endpoint, &rec.id, &format!("limit: {reason}"));
        return Err(Status::resource_exhausted(format!(
            "limit check failed: {reason}"
        )));
    }
    Ok(())
}

fn scope_for_event(event_type: &str) -> Scope {
    match event_type {
        "trade" => Scope::AccRead, // 账户交易回报
        _ => Scope::QotRead,       // quote / notify / 未知都按行情门槛
    }
}

/// 构建 gRPC 服务（供外部调用 tonic Server 使用）
pub fn build_service(
    router: Arc<RequestRouter>,
    push_broadcaster: Arc<GrpcPushBroadcaster>,
) -> FutuOpenDServer<FutuGrpcService> {
    FutuOpenDServer::new(FutuGrpcService::new(router, push_broadcaster))
}

/// 构建 gRPC 服务（带 KeyStore 鉴权 + 共享限额 counters）
pub fn build_service_with_auth(
    router: Arc<RequestRouter>,
    push_broadcaster: Arc<GrpcPushBroadcaster>,
    key_store: Arc<KeyStore>,
    counters: Arc<RuntimeCounters>,
) -> FutuOpenDServer<FutuGrpcService> {
    FutuOpenDServer::new(FutuGrpcService::with_auth(
        router,
        push_broadcaster,
        key_store,
        counters,
    ))
}

/// 启动 gRPC 服务
pub async fn start(
    listen_addr: &str,
    router: Arc<RequestRouter>,
    push_broadcaster: Arc<GrpcPushBroadcaster>,
) -> Result<(), Box<dyn std::error::Error>> {
    start_with_auth(
        listen_addr,
        router,
        push_broadcaster,
        Arc::new(KeyStore::empty()),
        Arc::new(RuntimeCounters::new()),
    )
    .await
}

/// 启动 gRPC 服务（带 KeyStore 鉴权 + 共享限额 counters）
pub async fn start_with_auth(
    listen_addr: &str,
    router: Arc<RequestRouter>,
    push_broadcaster: Arc<GrpcPushBroadcaster>,
    key_store: Arc<KeyStore>,
    counters: Arc<RuntimeCounters>,
) -> Result<(), Box<dyn std::error::Error>> {
    let addr = listen_addr
        .parse()
        .map_err(|e| format!("invalid addr: {e}"))?;
    if !key_store.is_configured() {
        tracing::warn!(
            "gRPC server running WITHOUT API key auth (legacy mode); \
             all RPCs are open. Pass --grpc-keys-file to enable scope-based auth."
        );
    }
    let service = build_service_with_auth(router, push_broadcaster, key_store, counters);
    tracing::info!(addr = %listen_addr, "gRPC 服务已启动");
    tonic::transport::Server::builder()
        .add_service(service)
        .serve(addr)
        .await?;
    Ok(())
}