futu_mcp/handlers/trade/

accounts.rs

//! mcp/handlers/trade/accounts — AccountOut + list_accounts_filtered + visible_card_num helpers
//! (v1.4.110 CC Batch O: 拆自 trade.rs L113-237)

use std::collections::HashSet;
use std::sync::Arc;

use anyhow::Result;
use futu_net::client::FutuClient;
use serde::Serialize;

#[derive(Serialize)]
pub struct AccountOut {
    pub acc_id: String,
    pub trd_env: i32,
    pub env_label: &'static str,
    pub trd_market_auth_list: Vec<i32>,
    // v1.4.108 account-discovery fix: MCP 是用户/agent 可见 surface, 不暴露
    // C++ 的 `cardNum` / `uniCardNum` 双字段差异。对外只有一个 `card_num`:
    // App 可见综合卡号优先, 普通账户退回 raw cardNum。内部 TrdAcc 仍保留两
    // 个字段供 backend 语义判断。
    //
    // 同时 acc_id 用 string 序列化，避免 JSON/JS 消费端把 u64 大账户号四舍五入。
    #[serde(skip_serializing_if = "Option::is_none")]
    pub card_num: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub security_firm: Option<i32>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub acc_type: Option<i32>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub acc_status: Option<i32>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub acc_role: Option<i32>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub acc_label: Option<String>,
    #[serde(skip_serializing_if = "Option::is_none")]
    pub sim_acc_type: Option<i32>,
    #[serde(skip_serializing_if = "Vec::is_empty")]
    pub jp_acc_type: Vec<i32>,
}

pub fn visible_card_num_for_account(a: &futu_trd::account::TrdAcc) -> Option<String> {
    futu_core::account_locator::visible_card_num(a).map(ToOwned::to_owned)
}

pub fn unique_acc_ids_from_allowed_card_nums(
    accs: &[futu_trd::account::TrdAcc],
    allowed_card_nums: Option<&[String]>,
) -> HashSet<u64> {
    let mut ids = HashSet::new();
    let Some(allowed_card_nums) = allowed_card_nums else {
        return ids;
    };
    for card_num in allowed_card_nums
        .iter()
        .map(|s| s.trim())
        .filter(|s| !s.is_empty())
    {
        if let Ok(futu_core::account_locator::CardNumResolution::Resolved(acc_id)) =
            futu_core::account_locator::resolve_card_num_in_records(accs, card_num, None)
        {
            ids.insert(acc_id);
        }
    }
    ids
}

pub fn caller_visible_accounts<'a>(
    accs: &'a [futu_trd::account::TrdAcc],
    caller_allowed: Option<&HashSet<u64>>,
    allowed_card_nums: Option<&[String]>,
) -> Vec<&'a futu_trd::account::TrdAcc> {
    let allowed_ids_active = caller_allowed.is_some_and(|s| !s.is_empty());
    let allowed_cards_active = allowed_card_nums.is_some_and(|v| !v.is_empty());
    if !allowed_ids_active && !allowed_cards_active {
        return accs.iter().collect();
    }

    let allowed_by_card = unique_acc_ids_from_allowed_card_nums(accs, allowed_card_nums);
    accs.iter()
        .filter(|a| {
            let allowed_by_id =
                caller_allowed.is_some_and(|allowed| a.acc_id != 0 && allowed.contains(&a.acc_id));
            allowed_by_id || allowed_by_card.contains(&a.acc_id)
        })
        .collect()
}

/// v1.4.103 codex F2.5 (P2): 按 caller 的 allowed_acc_ids filter list.
///
/// 之前 `list_accounts` 返全部账户列表 — 受限 key (allowed_acc_ids 非空) 仍能
/// enumerate 所有 acc_id 用于跨 surface discovery (即使 read 操作被拦, 信息
/// 已泄漏). 本版 filter 让受限 key 只看到自己 allowed 的账户.
///
/// `caller_allowed = None` 或空集 → 不 filter (legacy / 无限制 key, 与原行为
/// 兼容).
pub async fn list_accounts_filtered(
    client: &Arc<FutuClient>,
    caller_allowed: Option<&std::collections::HashSet<u64>>,
    allowed_card_nums: Option<&[String]>,
) -> Result<String> {
    let accs = futu_trd::account::app_visible_accounts(
        futu_trd::account::get_acc_list_for_account_discovery(client).await?,
    );
    let visible = caller_visible_accounts(&accs, caller_allowed, allowed_card_nums);
    let out: Vec<AccountOut> = visible
        .into_iter()
        .map(|a| AccountOut {
            acc_id: a.acc_id.to_string(),
            trd_env: a.trd_env,
            env_label: match a.trd_env {
                0 => "simulate",
                1 => "real",
                _ => "unknown",
            },
            trd_market_auth_list: a.trd_market_auth_list.clone(),
            card_num: visible_card_num_for_account(a),
            security_firm: a.security_firm,
            acc_type: a.acc_type,
            acc_status: a.acc_status,
            acc_role: a.acc_role,
            acc_label: a.acc_label.clone(),
            sim_acc_type: a.sim_acc_type,
            jp_acc_type: a.jp_acc_type.clone(),
        })
        .collect();
    Ok(serde_json::to_string_pretty(&out)?)
}