futu_opend/

main.rs

use anyhow::Result;
use clap::Parser;

use futu_gateway::bridge::{GatewayBridge, GatewayConfig};
use futu_server::listener::{ApiServer, ServerConfig};
use futu_server::ws_listener::WsServer;

/// FutuOpenD Rust Gateway — 完全替代 C++ OpenD
#[derive(Parser, Debug)]
#[command(name = "futu-opend", version, about = "FutuOpenD Rust Gateway")]
struct Args {
    /// XML 配置文件路径 (兼容 C++ FutuOpenD.xml)
    #[arg(long)]
    cfg_file: Option<String>,

    /// API 服务监听地址
    #[arg(short = 'i', long)]
    ip: Option<String>,

    /// API 服务监听端口
    #[arg(short = 'p', long)]
    port: Option<u16>,

    /// 登录账号
    #[arg(long)]
    login_account: Option<String>,

    /// 登录密码明文
    #[arg(long)]
    login_pwd: Option<String>,

    /// 登录密码 MD5 (32 位小写 hex)
    #[arg(long)]
    login_pwd_md5: Option<String>,

    /// 后端连接区域 (gz/sh/hk)
    #[arg(long)]
    login_region: Option<String>,

    /// 认证服务器 URL
    #[arg(long)]
    auth_server: Option<String>,

    /// 日志级别
    #[arg(long)]
    log_level: Option<String>,

    /// WebSocket 服务监听端口（可选，不指定则不启动 WebSocket）
    #[arg(long)]
    websocket_port: Option<u16>,

    /// Telnet 管理端口（可选，不指定则不启动 Telnet）
    #[arg(long)]
    telnet_port: Option<u16>,

    /// REST API 监听端口（可选，不指定则不启动 REST API）
    #[arg(long)]
    rest_port: Option<u16>,

    /// gRPC 服务监听端口（可选，不指定则不启动 gRPC）
    #[arg(long)]
    grpc_port: Option<u16>,

    /// RSA 私钥文件路径（PEM 格式，启用后 InitConnect 使用 RSA 加解密）
    #[arg(long)]
    rsa_private_key: Option<String>,

    /// JSON 格式日志
    #[arg(long)]
    json_log: bool,

    /// 界面语言 (chs=简体中文, cht=繁体中文, en=英文)
    #[arg(long)]
    lang: Option<String>,

    /// REST API Bearer Token 鉴权：加载 keys.json（futucli gen-key 生成）
    ///
    /// 不指定时 REST API 无鉴权（保持旧行为，启动 warn）。
    #[arg(long)]
    rest_keys_file: Option<std::path::PathBuf>,

    /// gRPC Bearer Token 鉴权：加载 keys.json（futucli gen-key 生成）
    ///
    /// 不指定时 gRPC 无鉴权。通常与 --rest-keys-file 指向同一文件。
    #[arg(long)]
    grpc_keys_file: Option<std::path::PathBuf>,

    /// 核心 WebSocket Bearer Token 鉴权：加载 keys.json
    ///
    /// v1.0 起核心 WS（`--websocket-port`，Futu SDK 使用的 binary WS）支持
    /// 握手 + per-message scope 鉴权。客户端用 `?token=<plaintext>` query 或
    /// `Authorization: Bearer <plaintext>` header 传 key。不指定这个 flag 时
    /// WS 无鉴权（legacy 保持兼容，启动 warn）。通常与 `--rest-keys-file` 指向
    /// 同一文件。
    #[arg(long)]
    ws_keys_file: Option<std::path::PathBuf>,

    /// 审计日志输出：JSONL 文件路径或目录
    ///
    /// - 带扩展名的路径（如 `/var/log/futu-audit.jsonl`）→ 单文件 append
    /// - 不带扩展名 / 以 `/` 结尾（如 `/var/log/futu-audit/`）→ 每日滚动，
    ///   文件名 `futu-audit.log` + 日期后缀
    ///
    /// 只记录 auth / 交易 事件（target = "futu_audit"），常规日志不受影响。
    #[arg(long)]
    audit_log: Option<std::path::PathBuf>,
}

// ===== XML 配置文件解析 (兼容 C++ FutuOpenD.xml) =====
#[derive(Debug, Default, serde::Deserialize)]
struct XmlConfig {
    // 登录参数
    login_account: Option<String>,
    login_pwd: Option<String>,
    login_pwd_md5: Option<String>,
    login_region: Option<String>,
    // 服务监听
    ip: Option<String>,
    #[serde(alias = "api_port")]
    port: Option<u16>,
    // WebSocket
    websocket_port: Option<u16>,
    // Telnet
    telnet_port: Option<u16>,
    // REST API
    rest_port: Option<u16>,
    // gRPC
    grpc_port: Option<u16>,
    // RSA
    rsa_private_key: Option<String>,
    // 系统
    lang: Option<String>,
    log_level: Option<String>,
}

/// 从 XML 配置文件读取配置 (兼容 C++ <futu_opend> 格式)
fn load_xml_config(path: &str) -> Result<XmlConfig> {
    let content = std::fs::read_to_string(path)?;
    let config: XmlConfig = quick_xml::de::from_str(&content)?;
    tracing::info!(path, "loaded XML config");
    Ok(config)
}

/// 合并后的运行时配置
struct RuntimeConfig {
    ip: String,
    port: u16,
    login_account: Option<String>,
    login_pwd: Option<String>,
    #[expect(dead_code)]
    login_pwd_md5: Option<String>,
    login_region: String,
    auth_server: String,
    log_level: String,
    websocket_port: Option<u16>,
    telnet_port: Option<u16>,
    rest_port: Option<u16>,
    grpc_port: Option<u16>,
    rsa_private_key: Option<String>,
    json_log: bool,
    lang: String,
}

/// 合并 CLI args + XML config (CLI 优先)
fn merge_config(args: Args) -> Result<RuntimeConfig> {
    let xml = if let Some(ref path) = args.cfg_file {
        load_xml_config(path).unwrap_or_else(|e| {
            eprintln!("warning: failed to load config file {path}: {e}");
            XmlConfig::default()
        })
    } else {
        // 尝试自动检测同目录下的 FutuOpenD.xml
        let exe_dir = std::env::current_exe()
            .ok()
            .and_then(|p| p.parent().map(|d| d.to_path_buf()));
        let auto_path = exe_dir.map(|d| d.join("FutuOpenD.xml"));
        if let Some(ref path) = auto_path {
            if path.exists() {
                load_xml_config(&path.to_string_lossy()).unwrap_or_default()
            } else {
                XmlConfig::default()
            }
        } else {
            XmlConfig::default()
        }
    };

    Ok(RuntimeConfig {
        ip: args.ip.or(xml.ip).unwrap_or_else(|| "0.0.0.0".to_string()),
        port: args.port.or(xml.port).unwrap_or(11111),
        login_account: args.login_account.or(xml.login_account),
        login_pwd: args.login_pwd.or(xml.login_pwd),
        login_pwd_md5: args.login_pwd_md5.or(xml.login_pwd_md5),
        login_region: args
            .login_region
            .or(xml.login_region)
            .unwrap_or_else(|| "gz".to_string()),
        auth_server: args
            .auth_server
            .unwrap_or_else(|| "https://auth.futunn.com".to_string()),
        log_level: args
            .log_level
            .or(xml.log_level)
            .unwrap_or_else(|| "info".to_string()),
        websocket_port: args.websocket_port.or(xml.websocket_port),
        telnet_port: args.telnet_port.or(xml.telnet_port),
        rest_port: args.rest_port.or(xml.rest_port),
        grpc_port: args.grpc_port.or(xml.grpc_port),
        rsa_private_key: {
            let key_path = args.rsa_private_key.or(xml.rsa_private_key);
            if let Some(ref path) = key_path {
                match std::fs::read_to_string(path) {
                    Ok(pem) => {
                        eprintln!("loaded RSA private key from {path}");
                        Some(pem)
                    }
                    Err(e) => {
                        eprintln!("warning: failed to load RSA private key from {path}: {e}");
                        None
                    }
                }
            } else {
                None
            }
        },
        json_log: args.json_log,
        lang: args.lang.or(xml.lang).unwrap_or_else(|| "chs".to_string()),
    })
}

#[tokio::main]
async fn main() -> Result<()> {
    let args = Args::parse();
    let rest_keys_file = args.rest_keys_file.clone();
    let ws_keys_file = args.ws_keys_file.clone();
    let grpc_keys_file = args.grpc_keys_file.clone();
    let audit_log = args.audit_log.clone();
    let config = merge_config(args)?;

    // 1. 初始化日志（--log-level 参数生效，RUST_LOG 环境变量优先）
    // audit 日志 guard 必须活到进程退出，否则 tracing-appender 后台线程可能丢事件。
    let _audit_guard = if config.json_log {
        if audit_log.is_some() {
            eprintln!("warning: --audit-log is ignored when --json-log is set (main subscriber already JSON)");
        }
        futu_core::log::init_json_logging_with_level(&config.log_level);
        None
    } else {
        match futu_core::log::init_logging_with_audit(&config.log_level, audit_log.as_deref()) {
            Ok(guard) => {
                if let (Some(path), Some(_)) = (audit_log.as_ref(), guard.as_ref()) {
                    tracing::info!(
                        path = %path.display(),
                        "audit JSONL logger enabled (target=futu_audit → file)"
                    );
                }
                guard
            }
            Err(e) => {
                eprintln!("warning: failed to init audit log: {e}");
                futu_core::log::init_logging_with_level(&config.log_level);
                None
            }
        }
    };

    // 2. install 全局 metrics registry（让 audit::* 的 counter hook 和
    //    REST `/metrics` 端点能对齐同一套计数器）
    futu_auth::metrics::install(std::sync::Arc::new(futu_auth::MetricsRegistry::default()));

    // 2.1 共享 RuntimeCounters：REST / gRPC 共用一个，这样 rate limit 和日累计
    //     跨接口一致（同一把 key 通过 REST 下 3 单、gRPC 下 3 单，rate 窗口
    //     看到 6 单，不是各看 3 单）
    let shared_counters = std::sync::Arc::new(futu_auth::RuntimeCounters::new());

    let listen_addr = format!("{}:{}", config.ip, config.port);
    tracing::info!(addr = %listen_addr, "starting FutuOpenD Rust Gateway");

    // 2. 创建并初始化业务桥接层
    let mut bridge = GatewayBridge::new();
    let mut push_receiver = None;

    // 需要明文密码（auth 内部做 MD5）
    let password = config.login_pwd.clone();

    if let (Some(account), Some(password)) = (&config.login_account, &password) {
        // device_id 必须 ≤16 字符（tgtgt 只取前 16 字节，URL 中也发同样的值）
        let device_id = {
            let hash = format!(
                "{:x}",
                md5::compute(format!("futu-opend-rs-{}", account).as_bytes())
            );
            hash[..16].to_string()
        };
        tracing::info!(account = %account, device_id = %device_id, "login credentials");
        let app_lang = match config.lang.to_lowercase().as_str() {
            "chs" => 0, // 简体中文
            "cht" => 1, // 繁体中文
            "en" => 2,  // 英文
            _ => 0,     // 默认简体
        };
        let gw_config = GatewayConfig {
            auth_server: config.auth_server.clone(),
            account: account.clone(),
            password: password.clone(),
            region: config.login_region.clone(),
            listen_addr: listen_addr.clone(),
            device_id,
            app_lang,
        };

        match bridge.initialize(&gw_config, None).await {
            Ok(push_rx) => {
                push_receiver = Some(push_rx);
            }
            Err(e) => {
                tracing::error!(error = %e, "gateway initialization failed, starting in offline mode");
            }
        }
    } else {
        tracing::warn!("no login credentials provided, starting in offline mode");
        tracing::warn!("use --login-account and --login-pwd to connect to backend");
    }

    // 3. 创建 API 服务端
    let user_id = bridge
        .login_cache
        .get_login_state()
        .map(|s| s.user_id as u64)
        .unwrap_or(0);

    let server_config = ServerConfig {
        listen_addr: listen_addr.clone(),
        server_ver: 1000,
        login_user_id: user_id,
        keepalive_interval: 10,
        rsa_private_key: config.rsa_private_key.clone(),
    };
    if server_config.rsa_private_key.is_some() {
        tracing::info!("RSA encryption enabled for InitConnect");
    }
    let mut server = ApiServer::new(server_config.clone());
    server.set_metrics(std::sync::Arc::clone(&bridge.metrics));
    server.set_subscriptions(std::sync::Arc::clone(&bridge.subscriptions));

    // 4. 注册业务处理器
    bridge.register_handlers(&server);

    // 5. 创建推送广播器 (REST WebSocket + gRPC)
    let ws_broadcaster = std::sync::Arc::new(futu_rest::ws::WsBroadcaster::new(1024));
    let grpc_broadcaster = std::sync::Arc::new(futu_grpc::server::GrpcPushBroadcaster::new(1024));

    // 6. 启动推送分发 (push_callback → channel → PushDispatcher → 客户端 + WebSocket + gRPC)
    //    PushDispatcher 内部通过 ExternalPushSink 自动转发所有推送，
    //    包括行情、广播、交易推送 (UpdateOrder/UpdateOrderFill)
    if let Some(push_rx) = push_receiver {
        let sinks: Vec<std::sync::Arc<dyn futu_server::push::ExternalPushSink>> = vec![
            std::sync::Arc::clone(&ws_broadcaster) as _,
            std::sync::Arc::clone(&grpc_broadcaster) as _,
        ];
        bridge.start_push_dispatcher(&server, push_rx, sinks);
        tracing::info!("push dispatcher started (with WebSocket + gRPC broadcast)");
    }

    // 7. 启动 WebSocket 服务（可选）
    let ws_handle = if let Some(ws_port) = config.websocket_port {
        let ws_addr = format!("{}:{}", config.ip, ws_port);
        // v1.0：WS 握手鉴权 —— 复用 REST 的 key store 设计（`--ws-keys-file` 独立
        // 指定，不指定时 legacy 放行）
        let ws_key_store = match &ws_keys_file {
            Some(path) => match futu_auth::KeyStore::load(path) {
                Ok(ks) => {
                    tracing::info!(
                        path = %path.display(),
                        keys_loaded = ks.len(),
                        "WS keys file loaded (Bearer/?token auth enabled)"
                    );
                    Some(std::sync::Arc::new(ks))
                }
                Err(e) => {
                    tracing::error!(error = %e, "failed to load WS keys file; continuing WITHOUT auth");
                    None
                }
            },
            None => None,
        };
        let ws_counters = std::sync::Arc::clone(&shared_counters);
        let ws_server = WsServer::with_auth(
            ws_addr.clone(),
            server_config.clone(),
            std::sync::Arc::clone(server.connections()),
            std::sync::Arc::clone(server.router()),
            Some(std::sync::Arc::clone(&bridge.subscriptions)),
            ws_key_store,
            Some(ws_counters),
        );
        tracing::info!(addr = %ws_addr, "starting WebSocket server");
        Some(tokio::spawn(async move {
            if let Err(e) = ws_server.run().await {
                tracing::error!(error = %e, "WebSocket server error");
            }
        }))
    } else {
        None
    };

    // 8. 启动 REST API 服务（可选，含 WebSocket 推送）
    let rest_handle = if let Some(rest_port) = config.rest_port {
        let rest_addr = format!("{}:{}", config.ip, rest_port);
        let router = std::sync::Arc::clone(server.router());
        let broadcaster = std::sync::Arc::clone(&ws_broadcaster);
        let rest_key_store = match &rest_keys_file {
            Some(path) => match futu_auth::KeyStore::load(path) {
                Ok(ks) => {
                    tracing::info!(
                        path = %path.display(),
                        keys_loaded = ks.len(),
                        "REST keys file loaded (Bearer auth enabled)"
                    );
                    std::sync::Arc::new(ks)
                }
                Err(e) => {
                    tracing::error!(error = %e, "failed to load REST keys file; continuing WITHOUT auth");
                    std::sync::Arc::new(futu_auth::KeyStore::empty())
                }
            },
            None => std::sync::Arc::new(futu_auth::KeyStore::empty()),
        };
        tracing::info!(addr = %rest_addr, "starting REST API server (WebSocket: /ws)");

        // SIGHUP 热重载 REST keys.json（unix only）
        #[cfg(unix)]
        {
            let ks = std::sync::Arc::clone(&rest_key_store);
            if ks.is_configured() {
                tokio::spawn(async move {
                    use tokio::signal::unix::{signal, SignalKind};
                    let mut sig = match signal(SignalKind::hangup()) {
                        Ok(s) => s,
                        Err(e) => {
                            tracing::error!(error = %e, "SIGHUP install failed (REST)");
                            return;
                        }
                    };
                    tracing::info!("REST keys: SIGHUP handler installed");
                    while sig.recv().await.is_some() {
                        match ks.reload() {
                            Ok(()) => tracing::warn!(
                                keys_loaded = ks.len(),
                                "REST keys reloaded on SIGHUP"
                            ),
                            Err(e) => {
                                tracing::error!(error = %e, "REST keys reload failed")
                            }
                        }
                    }
                });
            }
        }

        let rest_counters = std::sync::Arc::clone(&shared_counters);
        Some(tokio::spawn(async move {
            if let Err(e) = futu_rest::server::start_with_auth(
                &rest_addr,
                router,
                broadcaster,
                rest_key_store,
                rest_counters,
            )
            .await
            {
                tracing::error!(error = %e, "REST API server error");
            }
        }))
    } else {
        None
    };

    // 9. 启动 gRPC 服务（可选，含流式推送）
    let grpc_handle = if let Some(grpc_port) = config.grpc_port {
        let grpc_addr = format!("{}:{}", config.ip, grpc_port);
        let router = std::sync::Arc::clone(server.router());
        let broadcaster = std::sync::Arc::clone(&grpc_broadcaster);
        let grpc_key_store = match &grpc_keys_file {
            Some(path) => match futu_auth::KeyStore::load(path) {
                Ok(ks) => {
                    tracing::info!(
                        path = %path.display(),
                        keys_loaded = ks.len(),
                        "gRPC keys file loaded (Bearer auth enabled)"
                    );
                    std::sync::Arc::new(ks)
                }
                Err(e) => {
                    tracing::error!(error = %e, "failed to load gRPC keys file; continuing WITHOUT auth");
                    std::sync::Arc::new(futu_auth::KeyStore::empty())
                }
            },
            None => std::sync::Arc::new(futu_auth::KeyStore::empty()),
        };
        tracing::info!(addr = %grpc_addr, "starting gRPC server (SubscribePush: streaming)");

        // SIGHUP 热重载 gRPC keys.json（unix only）
        #[cfg(unix)]
        {
            let ks = std::sync::Arc::clone(&grpc_key_store);
            if ks.is_configured() {
                tokio::spawn(async move {
                    use tokio::signal::unix::{signal, SignalKind};
                    let mut sig = match signal(SignalKind::hangup()) {
                        Ok(s) => s,
                        Err(e) => {
                            tracing::error!(error = %e, "SIGHUP install failed (gRPC)");
                            return;
                        }
                    };
                    tracing::info!("gRPC keys: SIGHUP handler installed");
                    while sig.recv().await.is_some() {
                        match ks.reload() {
                            Ok(()) => tracing::warn!(
                                keys_loaded = ks.len(),
                                "gRPC keys reloaded on SIGHUP"
                            ),
                            Err(e) => {
                                tracing::error!(error = %e, "gRPC keys reload failed")
                            }
                        }
                    }
                });
            }
        }

        let grpc_counters = std::sync::Arc::clone(&shared_counters);
        Some(tokio::spawn(async move {
            if let Err(e) = futu_grpc::server::start_with_auth(
                &grpc_addr,
                router,
                broadcaster,
                grpc_key_store,
                grpc_counters,
            )
            .await
            {
                tracing::error!(error = %e, "gRPC server error");
            }
        }))
    } else {
        None
    };

    // 10. 启动 Telnet 管理服务（可选）
    let (shutdown_tx, mut shutdown_rx) = tokio::sync::watch::channel(false);
    let telnet_handle = if let Some(telnet_port) = config.telnet_port {
        let telnet_addr = format!("{}:{}", config.ip, telnet_port);
        let telnet_server = futu_server::telnet::TelnetServer::new(
            telnet_addr.clone(),
            std::sync::Arc::clone(server.connections()),
            Some(std::sync::Arc::clone(&bridge.subscriptions)),
            Some(std::sync::Arc::clone(server.metrics())),
            shutdown_tx,
        );
        tracing::info!(addr = %telnet_addr, "starting Telnet server");
        Some(tokio::spawn(async move {
            if let Err(e) = telnet_server.run().await {
                tracing::error!(error = %e, "Telnet server error");
            }
        }))
    } else {
        None
    };

    tracing::info!("gateway ready, accepting connections on {listen_addr}");
    tracing::info!("press Ctrl+C to exit");

    // 11. 启动 API 服务 + 信号处理
    tokio::select! {
        result = server.run() => {
            if let Err(e) = result {
                tracing::error!(error = %e, "API server error");
            }
        }
        _ = tokio::signal::ctrl_c() => {
            tracing::info!("received Ctrl+C, shutting down gracefully...");
        }
        _ = async {
            while shutdown_rx.changed().await.is_ok() {
                if *shutdown_rx.borrow() {
                    break;
                }
            }
        } => {
            tracing::info!("shutdown requested via telnet");
        }
    }

    // 清理后台任务
    if let Some(handle) = ws_handle {
        handle.abort();
    }
    if let Some(handle) = rest_handle {
        handle.abort();
    }
    if let Some(handle) = grpc_handle {
        handle.abort();
    }
    if let Some(handle) = telnet_handle {
        handle.abort();
    }

    tracing::info!("gateway stopped");
    Ok(())
}