futu_backend/

ftlogin_wire.rs

//! FTLogin/F3CLogin channel wire layer.
//!
//! C++ Futu_OpenD receives already-unwrapped protobuf bodies from
//! F3CLogin.framework. This Rust daemon does not link that framework, so this
//! module implements the equivalent inbound wire layer from FTLogin source.
//!
//! Hardcoded / assumption ledger:
//! - Header layout and protocol version are protocol constants from
//!   `/Users/leaf/ai-lab/o-src/FTLogin/Src/ftlogin/channel/impl/protocol_header.h`
//!   and `protocol_header.cpp` (`kProtoVersion = 39`).
//!   We emit v39, but inbound non-v39 frames are decoded with the legacy byte-11
//!   `cmd_type` interpretation used by the pre-v39 Rust decoder. This prevents a
//!   broker-side mixed-version response from tearing down the whole channel.
//! - Compressed bodies reserve the first 4 body bytes for BE uncompressed size,
//!   then carry an LZ4 raw block. Ref:
//!   `/Users/leaf/ai-lab/o-src/FTLogin/Src/ftlogin/channel/impl/channel_impl.cpp`
//!   (`kBodyFrontReservedBytes = 4`, `LZ4_decompress_safe`).
//! - Decompressed length limit is 12 MiB per the same C++ file
//!   (`kDecompressedDataLengthLimit = 12 * 1024 * 1024`).

use futu_core::error::FutuError;

pub const MAGIC: [u8; 2] = [b'F', b'T'];
pub const PROTO_VERSION: u8 = 39;
pub const HEADER_LEN: usize = 32;
pub const RESERVED_LEN: usize = 8;
pub const BODY_FRONT_RESERVED_BYTES: usize = 4;
pub const DECOMPRESSED_DATA_LEN_LIMIT: usize = 12 * 1024 * 1024;

const FLAG_PUSH: u8 = 0b0000_0001;
const FLAG_COMPRESS: u8 = 0b0000_0010;

#[derive(Debug, Clone, PartialEq, Eq)]
pub struct ProtocolHeader {
    pub proto_version: u8,
    pub client_type: u8,
    pub client_version: u16,
    pub language: u8,
    pub user_id: u32,
    pub is_push: bool,
    pub is_compressed: bool,
    pub serial_num: u32,
    pub cmd: u16,
    pub ex_head_body_len: u32,
    pub reserved: [u8; RESERVED_LEN],
    pub ex_head_len: u16,
}

impl ProtocolHeader {
    pub fn decode(bytes: &[u8]) -> Result<Self, FutuError> {
        if bytes.len() < HEADER_LEN {
            return Err(FutuError::Codec(format!(
                "FTLogin header too short: actual={} expected={HEADER_LEN}",
                bytes.len()
            )));
        }
        if bytes[0..2] != MAGIC {
            return Err(FutuError::InvalidHeader);
        }
        let proto_version = bytes[2];
        let flags = bytes[11];
        let ex_head_body_len = read_be_u32(bytes, 18, "ex_head_body_len")?;
        let ex_head_len = read_be_u16(bytes, 30, "ex_head_len")?;
        if u32::from(ex_head_len) > ex_head_body_len {
            return Err(FutuError::Codec(format!(
                "FTLogin header ex_head_len > ex_head_body_len: ex_head_len={ex_head_len} ex_head_body_len={ex_head_body_len}"
            )));
        }
        let cmd = read_be_u16(bytes, 16, "cmd")?;
        let (is_push, is_compressed) = if proto_version == PROTO_VERSION {
            (flags & FLAG_PUSH != 0, flags & FLAG_COMPRESS != 0)
        } else {
            // v1.4.107 tolerated older NN-style frames on broker channels because
            // byte 11 was treated as cmd_type (1 = push, other = reply). Keep that
            // compatibility while still decoding v39 flags for compressed pushes.
            tracing::warn!(
                actual = proto_version,
                expected = PROTO_VERSION,
                cmd,
                "FTLogin protocol version mismatch; falling back to legacy cmd_type semantics"
            );
            (flags == FLAG_PUSH, false)
        };

        Ok(Self {
            proto_version,
            client_type: bytes[3],
            client_version: read_be_u16(bytes, 4, "client_version")?,
            language: bytes[6],
            user_id: read_be_u32(bytes, 7, "user_id")?,
            is_push,
            is_compressed,
            serial_num: read_be_u32(bytes, 12, "serial_num")?,
            cmd,
            ex_head_body_len,
            reserved: read_exact::<RESERVED_LEN>(bytes, 22, "reserved")?,
            ex_head_len,
        })
    }

    pub fn encode(&self) -> [u8; HEADER_LEN] {
        let mut out = [0u8; HEADER_LEN];
        out[0..2].copy_from_slice(&MAGIC);
        out[2] = self.proto_version;
        out[3] = self.client_type;
        out[4..6].copy_from_slice(&self.client_version.to_be_bytes());
        out[6] = self.language;
        out[7..11].copy_from_slice(&self.user_id.to_be_bytes());
        out[11] = encode_flags(self.is_push, self.is_compressed);
        out[12..16].copy_from_slice(&self.serial_num.to_be_bytes());
        out[16..18].copy_from_slice(&self.cmd.to_be_bytes());
        out[18..22].copy_from_slice(&self.ex_head_body_len.to_be_bytes());
        out[22..30].copy_from_slice(&self.reserved);
        out[30..32].copy_from_slice(&self.ex_head_len.to_be_bytes());
        out
    }

    pub fn flags(&self) -> u8 {
        encode_flags(self.is_push, self.is_compressed)
    }

    pub fn body_len(&self) -> Result<usize, FutuError> {
        let body_len = self
            .ex_head_body_len
            .checked_sub(u32::from(self.ex_head_len))
            .ok_or_else(|| {
                FutuError::Codec(format!(
                    "FTLogin header ex_head_len > ex_head_body_len: ex_head_len={} ex_head_body_len={}",
                    self.ex_head_len, self.ex_head_body_len
                ))
            })?;
        usize::try_from(body_len)
            .map_err(|_| FutuError::Codec("FTLogin body length too large".into()))
    }

    pub fn frame_len(&self) -> Result<usize, FutuError> {
        HEADER_LEN
            .checked_add(self.ex_head_body_len as usize)
            .ok_or_else(|| FutuError::Codec("FTLogin frame length overflow".into()))
    }
}

pub fn decode_inbound_body(is_compressed: bool, raw_body: &[u8]) -> Result<Vec<u8>, FutuError> {
    if !is_compressed {
        return Ok(raw_body.to_vec());
    }

    let original_len = compressed_original_len(raw_body)?;
    decompress_lz4_block(&raw_body[BODY_FRONT_RESERVED_BYTES..], original_len)
}

pub fn compressed_original_len(body: &[u8]) -> Result<usize, FutuError> {
    if body.len() <= BODY_FRONT_RESERVED_BYTES {
        return Err(FutuError::Codec(format!(
            "FTLogin compressed body too short: actual={} min={}",
            body.len(),
            BODY_FRONT_RESERVED_BYTES + 1
        )));
    }

    let len = read_be_u32(body, 0, "compressed_original_len")? as usize;
    if len > DECOMPRESSED_DATA_LEN_LIMIT {
        return Err(FutuError::Codec(format!(
            "FTLogin compressed body declares oversized decompressed len: actual={len} max={DECOMPRESSED_DATA_LEN_LIMIT}"
        )));
    }
    Ok(len)
}

/// LZ4 raw block decompression compatible with C++ `LZ4_decompress_safe`.
pub fn decompress_lz4_block(compressed: &[u8], original_len: usize) -> Result<Vec<u8>, FutuError> {
    let mut input_pos = 0usize;
    let mut output = Vec::with_capacity(original_len);

    while input_pos < compressed.len() {
        let token = compressed[input_pos];
        input_pos += 1;

        let literal_len = read_extended_len(compressed, &mut input_pos, usize::from(token >> 4))?;
        let literal_end = input_pos
            .checked_add(literal_len)
            .ok_or_else(|| FutuError::Codec("LZ4 literal length overflow".into()))?;
        if literal_end > compressed.len() {
            return Err(FutuError::Codec("LZ4 literal run exceeds input".into()));
        }
        if output.len().saturating_add(literal_len) > original_len {
            return Err(FutuError::Codec(
                "LZ4 literal run exceeds output limit".into(),
            ));
        }
        output.extend_from_slice(&compressed[input_pos..literal_end]);
        input_pos = literal_end;

        if input_pos == compressed.len() {
            break;
        }

        if input_pos + 2 > compressed.len() {
            return Err(FutuError::Codec("LZ4 missing match offset".into()));
        }
        let offset = usize::from(u16::from_le_bytes([
            compressed[input_pos],
            compressed[input_pos + 1],
        ]));
        input_pos += 2;
        if offset == 0 || offset > output.len() {
            return Err(FutuError::Codec(format!(
                "LZ4 invalid match offset: {offset}"
            )));
        }

        let match_len = read_extended_len(compressed, &mut input_pos, usize::from(token & 0x0f))?
            .checked_add(4)
            .ok_or_else(|| FutuError::Codec("LZ4 match length overflow".into()))?;
        if output.len().saturating_add(match_len) > original_len {
            return Err(FutuError::Codec(
                "LZ4 match run exceeds output limit".into(),
            ));
        }

        let mut read_pos = output.len() - offset;
        let mut copied = 0;
        // LZ4 match run requires byte-by-byte append from a moving read_pos
        // (allowing overlap with the just-appended bytes). Keep this as a
        // while loop; iterator rewrites can accidentally read from the
        // pre-append buffer only and break overlapping matches.
        while copied < match_len {
            let byte = output[read_pos];
            output.push(byte);
            read_pos += 1;
            copied += 1;
        }
    }

    if output.len() != original_len {
        return Err(FutuError::Codec(format!(
            "LZ4 decompressed length mismatch: expected={original_len} actual={}",
            output.len()
        )));
    }
    Ok(output)
}

fn read_extended_len(
    input: &[u8],
    input_pos: &mut usize,
    base_len: usize,
) -> Result<usize, FutuError> {
    let mut len = base_len;
    if base_len != 15 {
        return Ok(len);
    }

    loop {
        if *input_pos >= input.len() {
            return Err(FutuError::Codec("LZ4 truncated extended length".into()));
        }
        let value = input[*input_pos];
        *input_pos += 1;
        len = len
            .checked_add(usize::from(value))
            .ok_or_else(|| FutuError::Codec("LZ4 extended length overflow".into()))?;
        if value != 255 {
            return Ok(len);
        }
    }
}

fn encode_flags(is_push: bool, is_compressed: bool) -> u8 {
    u8::from(is_push) | (u8::from(is_compressed) << 1)
}

fn read_be_u16(bytes: &[u8], start: usize, field: &str) -> Result<u16, FutuError> {
    Ok(u16::from_be_bytes(read_exact::<2>(bytes, start, field)?))
}

fn read_be_u32(bytes: &[u8], start: usize, field: &str) -> Result<u32, FutuError> {
    Ok(u32::from_be_bytes(read_exact::<4>(bytes, start, field)?))
}

fn read_exact<const N: usize>(
    bytes: &[u8],
    start: usize,
    field: &str,
) -> Result<[u8; N], FutuError> {
    let end = start
        .checked_add(N)
        .ok_or_else(|| FutuError::Codec(format!("FTLogin field offset overflow: {field}")))?;
    let slice = bytes.get(start..end).ok_or_else(|| {
        FutuError::Codec(format!(
            "FTLogin field too short: {field} start={start} len={N} actual={}",
            bytes.len()
        ))
    })?;
    let mut out = [0u8; N];
    out.copy_from_slice(slice);
    Ok(out)
}

#[cfg(test)]
mod tests;