futu_rest/

ws.rs

//! WebSocket 推送模块
//!
//! 在 REST API 端口上提供 /ws 路由，客户端通过 WebSocket 接收实时推送。
//!
//! 推送事件通过 broadcast channel 从 OpenD 核心分发到所有 WebSocket 客户端。

use std::collections::{HashMap, HashSet};
use std::sync::Arc;

use axum::extract::ws::{Message, WebSocket, WebSocketUpgrade};
use axum::extract::{Query, State};
use axum::http::{HeaderMap, StatusCode};
use axum::response::IntoResponse;
use chrono::Utc;
use futures::{SinkExt, StreamExt};
use tokio::sync::broadcast;

use futu_auth::{KeyRecord, KeyStore, Scope};
use futu_server::push::ExternalPushSink;

use crate::adapter::RestState;

/// WebSocket 推送事件
#[derive(Clone, Debug, serde::Serialize)]
pub struct WsPushEvent {
    /// 推送类型: "quote", "trade", "notify"
    #[serde(rename = "type")]
    pub event_type: String,
    /// 该事件需要哪个 scope 才能被某个 client 接收（filter 用，不发到客户端）
    #[serde(skip)]
    pub required_scope: WsPushScope,
    /// 协议 ID
    pub proto_id: u32,
    /// 证券标识 (行情推送)
    #[serde(skip_serializing_if = "Option::is_none")]
    pub sec_key: Option<String>,
    /// 订阅类型 (行情推送)
    #[serde(skip_serializing_if = "Option::is_none")]
    pub sub_type: Option<i32>,
    /// 交易账户 ID (交易推送)
    #[serde(skip_serializing_if = "Option::is_none")]
    pub acc_id: Option<u64>,
    /// protobuf body 的 base64 编码
    pub body_b64: String,
}

/// WS 推送事件需要的最低 scope（client 没这个 scope 就收不到）
///
/// - `Quote` → `qot:read`：行情类
/// - `Notify` → `qot:read`：通用通知（如订阅状态、网关心跳）
/// - `Trade` → `acc:read`：交易回报涉及账户隐私，必须有账户读权限
#[derive(Clone, Copy, Debug, Default, PartialEq, Eq)]
pub enum WsPushScope {
    #[default]
    Quote,
    Notify,
    Trade,
}

impl WsPushScope {
    /// 该事件类型需要的 Scope；client 必须持有这个 scope 才能收到
    pub fn required_scope(&self) -> Scope {
        match self {
            WsPushScope::Quote => Scope::QotRead,
            WsPushScope::Notify => Scope::QotRead,
            WsPushScope::Trade => Scope::AccRead,
        }
    }
}

/// WebSocket 推送广播器
///
/// OpenD 核心推送事件 → broadcast channel → 所有 WebSocket 客户端
///
/// 实现 `ExternalPushSink` trait，可直接嵌入 PushDispatcher。
#[derive(Clone)]
pub struct WsBroadcaster {
    tx: broadcast::Sender<WsPushEvent>,
}

impl WsBroadcaster {
    pub fn new(capacity: usize) -> Self {
        let (tx, _) = broadcast::channel(capacity);
        Self { tx }
    }

    /// 发送推送事件到所有 WebSocket 客户端
    pub fn send(&self, event: WsPushEvent) {
        // 忽略没有接收者的情况
        let _ = self.tx.send(event);
    }

    /// 创建接收端
    pub fn subscribe(&self) -> broadcast::Receiver<WsPushEvent> {
        self.tx.subscribe()
    }

    fn encode_body(body: &[u8]) -> String {
        use base64::Engine;
        base64::engine::general_purpose::STANDARD.encode(body)
    }

    /// 发送行情推送
    pub fn push_quote(&self, sec_key: &str, sub_type: i32, proto_id: u32, body: &[u8]) {
        self.send(WsPushEvent {
            event_type: "quote".to_string(),
            required_scope: WsPushScope::Quote,
            proto_id,
            sec_key: Some(sec_key.to_string()),
            sub_type: Some(sub_type),
            acc_id: None,
            body_b64: Self::encode_body(body),
        });
    }

    /// 发送广播推送
    pub fn push_broadcast(&self, proto_id: u32, body: &[u8]) {
        self.send(WsPushEvent {
            event_type: "notify".to_string(),
            required_scope: WsPushScope::Notify,
            proto_id,
            sec_key: None,
            sub_type: None,
            acc_id: None,
            body_b64: Self::encode_body(body),
        });
    }

    /// 发送交易推送
    pub fn push_trade(&self, acc_id: u64, proto_id: u32, body: &[u8]) {
        self.send(WsPushEvent {
            event_type: "trade".to_string(),
            required_scope: WsPushScope::Trade,
            proto_id,
            sec_key: None,
            sub_type: None,
            acc_id: Some(acc_id),
            body_b64: Self::encode_body(body),
        });
    }
}

/// 实现 ExternalPushSink，使 WsBroadcaster 可嵌入 PushDispatcher
impl ExternalPushSink for WsBroadcaster {
    fn on_quote_push(&self, sec_key: &str, sub_type: i32, proto_id: u32, body: &[u8]) {
        self.push_quote(sec_key, sub_type, proto_id, body);
    }

    fn on_broadcast_push(&self, proto_id: u32, body: &[u8]) {
        self.push_broadcast(proto_id, body);
    }

    fn on_trade_push(&self, acc_id: u64, proto_id: u32, body: &[u8]) {
        self.push_trade(acc_id, proto_id, body);
    }
}

/// WebSocket 握手鉴权：从 `?token=xxx` 查询参数或 `Authorization: Bearer` header 提取 token
///
/// 浏览器 WebSocket API 不允许设置自定义 header，所以优先支持 `?token=`；
/// 原生客户端（curl / websocat / tokio-tungstenite）可以用任一方式。
fn extract_ws_token(headers: &HeaderMap, query: &HashMap<String, String>) -> Option<String> {
    if let Some(t) = query.get("token") {
        return Some(t.clone());
    }
    headers
        .get("authorization")
        .and_then(|v| v.to_str().ok())
        .and_then(|v| v.strip_prefix("Bearer ").map(|s| s.trim().to_string()))
}

/// 校验 WebSocket 握手的 token；返回 `Ok(Some(rec))` 表示 scope 模式 + 通过；
/// `Ok(None)` 表示 legacy 模式（未配 KeyStore），所有事件无条件放行。
///
/// - `key_store.is_configured() == false` → 无条件放行（legacy 模式）
/// - 配置了 KeyStore：必须有 token，且 key 有 `qot:read` scope（最低门槛，
///   实际收哪些事件由后续 push filter 按 scope 决定）
fn authenticate_ws(
    key_store: &KeyStore,
    headers: &HeaderMap,
    query: &HashMap<String, String>,
) -> Result<Option<Arc<KeyRecord>>, (StatusCode, &'static str)> {
    if !key_store.is_configured() {
        return Ok(None);
    }

    let Some(token) = extract_ws_token(headers, query) else {
        futu_auth::audit::reject(
            "ws",
            "/ws",
            "<missing>",
            "missing token (query or Authorization)",
        );
        return Err((StatusCode::UNAUTHORIZED, "missing api key"));
    };

    let Some(rec) = key_store.verify(&token) else {
        futu_auth::audit::reject("ws", "/ws", "<invalid>", "invalid api key");
        return Err((StatusCode::UNAUTHORIZED, "invalid api key"));
    };

    if rec.is_expired(Utc::now()) {
        futu_auth::audit::reject("ws", "/ws", &rec.id, "key expired");
        return Err((StatusCode::UNAUTHORIZED, "key expired"));
    }

    if !rec.scopes.contains(&Scope::QotRead) {
        futu_auth::audit::reject("ws", "/ws", &rec.id, "missing qot:read scope");
        return Err((StatusCode::FORBIDDEN, "missing qot:read scope"));
    }

    futu_auth::audit::allow("ws", "/ws", &rec.id, Some("qot:read"));
    Ok(Some(rec))
}

/// WebSocket 升级处理
pub async fn ws_handler(
    ws: WebSocketUpgrade,
    headers: HeaderMap,
    Query(query): Query<HashMap<String, String>>,
    State(state): State<RestState>,
) -> impl IntoResponse {
    let rec = match authenticate_ws(&state.key_store, &headers, &query) {
        Ok(rec) => rec,
        Err((code, msg)) => return (code, msg).into_response(),
    };
    // legacy（rec=None）时给个"全 scope"快照让 filter 全放行；scope 模式用 rec.scopes
    let scopes: HashSet<Scope> = match &rec {
        Some(r) => r.scopes.clone(),
        None => all_scopes(),
    };
    let key_id = rec.as_ref().map(|r| r.id.clone());
    let broadcaster = Arc::clone(&state.ws_broadcaster);
    ws.on_upgrade(move |socket| handle_ws_connection(socket, broadcaster, scopes, key_id))
        .into_response()
}

/// 全 scope 集合（legacy 模式用）
fn all_scopes() -> HashSet<Scope> {
    [
        Scope::QotRead,
        Scope::AccRead,
        Scope::TradeSimulate,
        Scope::TradeReal,
    ]
    .into_iter()
    .collect()
}

/// 处理单个 WebSocket 连接
///
/// `scopes` 是该连接 key 持有的 scope 集合，用于按 `WsPushScope::required_scope()`
/// 过滤推送事件。例如只有 `qot:read` 的 key 不会收到 `trade` 类推送。
async fn handle_ws_connection(
    socket: WebSocket,
    broadcaster: Arc<WsBroadcaster>,
    scopes: HashSet<Scope>,
    key_id: Option<String>,
) {
    let (mut ws_tx, mut ws_rx) = socket.split();
    let mut push_rx = broadcaster.subscribe();

    tracing::info!(
        key_id = ?key_id,
        scopes = ?scopes,
        "WebSocket push client connected"
    );

    // 推送任务：从 broadcast channel 读取事件 → 按 scope 过滤 → 发送给客户端
    let send_scopes = scopes.clone();
    let send_key_id = key_id.clone().unwrap_or_else(|| "<none>".to_string());
    let send_task = tokio::spawn(async move {
        while let Ok(event) = push_rx.recv().await {
            // 按 client scope 过滤：key 没这个 scope 就不发
            if !send_scopes.contains(&event.required_scope.required_scope()) {
                // 记一次"被挡住的推送"，供 Prometheus `/metrics` 观察
                futu_auth::metrics::bump_ws_filtered(&event.event_type, &send_key_id);
                continue;
            }
            let json = match serde_json::to_string(&event) {
                Ok(j) => j,
                Err(_) => continue,
            };
            if ws_tx.send(Message::Text(json.into())).await.is_err() {
                break; // 客户端断开
            }
        }
    });

    // 接收任务：处理客户端消息（ping/pong/close）
    let recv_task = tokio::spawn(async move {
        while let Some(msg) = ws_rx.next().await {
            match msg {
                Ok(Message::Close(_)) | Err(_) => break,
                Ok(Message::Ping(data)) => {
                    // axum 自动回复 pong，不需要手动处理
                    let _ = data;
                }
                _ => {} // 忽略其他消息
            }
        }
    });

    // 任一任务结束则关闭连接
    tokio::select! {
        _ = send_task => {}
        _ = recv_task => {}
    }

    tracing::info!("WebSocket push client disconnected");
}

#[cfg(test)]
mod tests {
    use super::*;

    /// `qot:read` only 的 client 只应收到 Quote/Notify（两者都 required_scope=QotRead），
    /// Trade 类推送应被挡住
    #[test]
    fn scope_filter_blocks_trade_for_qot_only_client() {
        let scopes: HashSet<Scope> = [Scope::QotRead].into_iter().collect();

        // Quote → QotRead → 放行
        assert!(scopes.contains(&WsPushScope::Quote.required_scope()));
        // Notify → QotRead → 放行
        assert!(scopes.contains(&WsPushScope::Notify.required_scope()));
        // Trade → AccRead → 挡住
        assert!(!scopes.contains(&WsPushScope::Trade.required_scope()));
    }

    /// `qot:read + acc:read` 的 client 三类推送都能收
    #[test]
    fn scope_filter_allows_all_for_qot_plus_acc() {
        let scopes: HashSet<Scope> = [Scope::QotRead, Scope::AccRead].into_iter().collect();
        for s in [WsPushScope::Quote, WsPushScope::Notify, WsPushScope::Trade] {
            assert!(
                scopes.contains(&s.required_scope()),
                "{:?} should be allowed",
                s
            );
        }
    }

    /// legacy 模式（全 scope）三类都收
    #[test]
    fn legacy_all_scopes_allows_everything() {
        let scopes = all_scopes();
        for s in [WsPushScope::Quote, WsPushScope::Notify, WsPushScope::Trade] {
            assert!(scopes.contains(&s.required_scope()));
        }
    }

    /// 字段映射：required_scope 的文字命名和 event_type 一致不跑偏
    #[test]
    fn event_type_matches_scope_category() {
        let b = WsBroadcaster::new(4);
        let mut rx = b.subscribe();
        b.push_quote("HK.00700", 1, 0, b"x");
        b.push_broadcast(0, b"x");
        b.push_trade(42, 0, b"x");

        let e1 = rx.try_recv().unwrap();
        assert_eq!(e1.event_type, "quote");
        assert_eq!(e1.required_scope, WsPushScope::Quote);

        let e2 = rx.try_recv().unwrap();
        assert_eq!(e2.event_type, "notify");
        assert_eq!(e2.required_scope, WsPushScope::Notify);

        let e3 = rx.try_recv().unwrap();
        assert_eq!(e3.event_type, "trade");
        assert_eq!(e3.required_scope, WsPushScope::Trade);
    }
}