pub async fn resolve_acc_id_with_card_num(
client: &Arc<FutuClient>,
acc_id: u64,
card_num: Option<&str>,
allowed_card_nums: Option<&[String]>,
caller_allowed_acc_ids: Option<&HashSet<u64>>,
) -> Result<u64, String>Expand description
v1.4.105 D12 (Phase 2): 解析 acc_id from (acc_id, card_num) 二选一输入.
行为契约 (与 REST extract_and_resolve_card_num_into_acc_id 等价语义):
- acc_id != 0 + card_num=None → 用 acc_id (兼容老 client)
- acc_id == 0 + card_num=Some → resolve via GetAccList
- acc_id == 0 + card_num=None → reject (二选一必填)
- acc_id != 0 + card_num=Some → resolve, 校验一致 (resolved == acc_id), 不一致 reject
v1.4.105 D12 contract-hardening 补丁 (用户审查后要求): 加 allowed_card_nums
参数. caller key 配 allowed_card_nums 非空时, user 传 card_num 字符串
必须 ∈ 白名单 (string-level reject before resolve). 不在 → Err (loud,
“你这个 key 不允许 card_num X”).
与 REST extract_and_resolve_card_num_into_acc_id_with_resolver 行为对称.
v1.4.106 codex round 2 F1 case 2 (P1) fix: 加 caller_allowed_acc_ids
snapshot 参数. 受限 key 调用时, daemon GetAccList 返回的账户列表先按
snapshot 交集过滤 — 不在 snapshot 的 acc_id 视作“对该 caller 不存在“.
防 enumeration: 受限 key 用 4-digit suffix 探测其他用户卡号时, 0-match /
1-match / N-match timing 不再泄漏 daemon-level 账户存在性.
caller_allowed_acc_ids 语义:
None: full key (master 模式 / scope 关 / KeyRecord.allowed_acc_ids None) → 不做交集过滤, 行为同 v1.4.105Some(empty): 与 KeyRecord / Limits contract 一致, 等价不限制Some(non_empty_set): 受限 key, match 仅在 set 内做