#[non_exhaustive]pub enum Scope {
QotRead,
AccRead,
TradeSimulate,
TradeReal,
TradeUnlock,
Admin,
Trade,
MetricsRead,
}Expand description
API Key 能力分组
Variants (Non-exhaustive)§
This enum is marked as non-exhaustive
QotRead
行情只读(11 个工具)
AccRead
账户只读(5 个工具)
TradeSimulate
模拟交易写
TradeReal
真实交易写
TradeUnlock
允许自动 unlock_trade(从 keychain 读密码)
Admin
v1.4.32+ daemon 管理 (/api/admin/status|reload|shutdown)。
权限危险,只给运维 / 监控 key;LLM key 永远不要加这个。
Trade
v1.4.90 P1-A: trade 类 super-scope。仅在 REST middleware
scope_for_path 用作“需要任意 trade scope“的占位需求*:持有
Scope::TradeReal / Scope::TradeSimulate / Scope::TradeUnlock
任一即满足。不应写入 keys.json(KeyRecord.scopes 里出现
Scope::Trade 没意义,等价于不分 sim/real/unlock 的旧式权限)。
env 是 sim 还是 real 由 handler 层用 KeyRecord 真实 scopes 二次校验。
MetricsRead
v1.4.106 codex 0542 F1 [P2 SECURITY]: /metrics 端点 scope-gated 的
专用 scope. default secure — 不再像 v1.4.105 之前那样无 auth 暴露
key_id 标签 (= API key id 明文 cardinality enumeration channel,
任意本机 process / agent skill 都能 fingerprint).
行为:
- 持
MetricsRead的 key →/metrics通过,key_id=label 仍 redact 为kh_<8hex>(短 SHA256 hash, 反查 key id 需要离线 dictionary 攻击) - 不持
MetricsRead→ 401 (legacy 模式) 或 403 - opt-out: 老用户 dashboard 依赖明文 key_id 时设
FUTU_METRICS_PUBLIC=1环境变量回退 v1.4.105 行为 (无 auth + 明文 key_id). 此为 backward-compat 边界 trade-off — secure default + 明示 opt-out, 而非 opt-in.
与 Scope::Admin 区别: Admin 含 mutating endpoint (shutdown/reload),
MetricsRead 仅 read-only Prometheus 抓取. dashboard / Prometheus
scraper 应持 MetricsRead 而不是 Admin.
Implementations§
Source§impl Scope
impl Scope
pub const ALL: &'static [Scope]
pub fn as_str(&self) -> &'static str
Sourcepub fn trade_super_members() -> &'static [Scope]
pub fn trade_super_members() -> &'static [Scope]
v1.4.90 P1-A: super-scope Scope::Trade 的成员集合。REST
middleware 在 mutating trade endpoint 的需求侧用 Scope::Trade
占位,持有任一成员即视为满足;handler 层再用真实 scopes
二次校验 env (sim/real/unlock).
Trait Implementations§
Source§impl<'de> Deserialize<'de> for Scope
impl<'de> Deserialize<'de> for Scope
Source§fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where
__D: Deserializer<'de>,
impl Copy for Scope
impl Eq for Scope
impl StructuralPartialEq for Scope
Auto Trait Implementations§
impl Freeze for Scope
impl RefUnwindSafe for Scope
impl Send for Scope
impl Sync for Scope
impl Unpin for Scope
impl UnsafeUnpin for Scope
impl UnwindSafe for Scope
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self>
fn instrument(self, span: Span) -> Instrumented<Self>
§fn in_current_span(self) -> Instrumented<Self>
fn in_current_span(self) -> Instrumented<Self>
§impl<T> PolicyExt for Twhere
T: ?Sized,
impl<T> PolicyExt for Twhere
T: ?Sized,
§impl<T> ToStringFallible for Twhere
T: Display,
impl<T> ToStringFallible for Twhere
T: Display,
§fn try_to_string(&self) -> Result<String, TryReserveError>
fn try_to_string(&self) -> Result<String, TryReserveError>
ToString::to_string, but without panic on OOM.