rusty_common/auth/exchanges/

bithumb.rs

//! Bithumb authentication implementation - Performance optimized for HFT
//!
//! This module provides high-performance JWT-based authentication for Bithumb API.
//! Optimized with stack allocation, pre-allocated constants, and zero-copy operations.

use super::build_query_smartstring;
use crate::Result;
use crate::SmartString;
use crate::collections::FxHashMap;
use hex;
use sha2::{Digest, Sha512};
use smallvec::SmallVec;
use std::fmt::Write;
use std::time::{SystemTime, UNIX_EPOCH};
use uuid::Uuid;

const HASH_ALGORITHM: &str = "SHA512";

// Thread-local buffer pool for zero-allocation JSON parsing
thread_local! {
    static JSON_BUFFER: std::cell::RefCell<Vec<u8>> = std::cell::RefCell::new(Vec::with_capacity(8192));
}

/// Bithumb header key constants for type safety and performance
pub mod header_keys {
    use crate::SmartString;

    /// The header key for authorization.
    pub const AUTHORIZATION: &str = "Authorization";
    /// The header key for the content type.
    pub const CONTENT_TYPE: &str = "Content-Type";
    /// The value for the application/json content type.
    pub const CONTENT_TYPE_VALUE: &str = "application/json; charset=utf-8";

    /// Pre-allocated SmartString constants for zero-allocation header creation
    #[must_use]
    pub fn authorization() -> SmartString {
        AUTHORIZATION.into()
    }
    /// Returns the `Content-Type` header value as a `SmartString`.
    pub fn content_type() -> SmartString {
        CONTENT_TYPE.into()
    }
    /// Returns the `Content-Type` header value as a `SmartString`.
    pub fn content_type_value() -> SmartString {
        CONTENT_TYPE_VALUE.into()
    }
}

/// Bithumb authentication handler
#[derive(Debug, Clone)]
pub struct BithumbAuth {
    api_key: SmartString,
    secret_key: SmartString,
}

impl BithumbAuth {
    /// Create new Bithumb auth instance
    #[must_use]
    pub const fn new(api_key: SmartString, api_secret: SmartString) -> Self {
        Self {
            api_key,
            secret_key: api_secret,
        }
    }

    /// Optimized parameter string building using SmallVec for stack allocation
    /// Uses SmallVec<[SmartString; 8]> to avoid heap allocation for typical parameter counts
    /// Enhanced with auth module's optimized implementation
    ///
    /// **Important:** Bithumb's API specification requires parameters to be sorted
    /// alphabetically by key name for signature verification. This implementation
    /// processes parameters in their input order for performance optimization.
    ///
    /// **Note:** Ensure parameters are pre-sorted before calling this function
    /// if signature verification is required, as mandated by Bithumb's API.
    pub fn build_param_string_optimized(params: &[(&str, &str)]) -> Result<SmartString> {
        if params.is_empty() {
            return Ok(SmartString::new());
        }

        // Use SmallVec to avoid heap allocation for typical parameter counts (< 8)
        let mut param_strings: SmallVec<[SmartString; 8]> = SmallVec::with_capacity(params.len());
        let mut buffer = SmartString::new();

        for (key, value) in params {
            Self::encode_params_zero_copy(value, &mut buffer)?;
            let param = crate::safe_format!("{}={}", key, buffer.as_str());
            param_strings.push(param);
        }

        // Join using iterator to minimize allocations
        Ok(SmartString::from(
            param_strings
                .iter()
                .map(|s| s.as_str())
                .collect::<SmallVec<[&str; 8]>>()
                .join("&"),
        ))
    }

    /// Generate API nonce (UUID v4)
    #[must_use]
    pub fn generate_nonce() -> SmartString {
        Uuid::new_v4().to_string().into()
    }

    /// Generate timestamp in milliseconds
    #[must_use]
    pub fn generate_timestamp() -> u64 {
        SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap_or_default()
            .as_millis() as u64
    }

    /// Generate timestamp in nanoseconds for high-precision timing
    #[must_use]
    pub fn generate_timestamp_nanos() -> u128 {
        SystemTime::now()
            .duration_since(UNIX_EPOCH)
            .unwrap_or_default()
            .as_nanos()
    }

    /// Generate query hash for parameters (SHA512)
    fn generate_query_hash(params: &str) -> SmartString {
        if params.is_empty() {
            return "".into();
        }

        let mut hasher = Sha512::new();
        hasher.update(params.as_bytes());
        let result = hasher.finalize();
        hex::encode(result).into()
    }

    /// URL-encode the provided parameter string using a pre-allocated buffer.
    ///
    /// This performs zero-copy encoding to avoid unpredictable heap
    /// allocations on critical paths.
    pub fn encode_params_zero_copy(params: &str, buffer: &mut SmartString) -> Result<()> {
        super::url_encode_params(params, buffer)
    }

    /// Generate JWT token for Bithumb API authentication
    fn generate_jwt(&self, query_hash: Option<SmartString>) -> Result<SmartString> {
        use jsonwebtoken::{Algorithm, EncodingKey, Header, encode};
        use serde::Serialize;

        #[derive(Serialize)]
        struct Claims {
            access_key: String,
            nonce: String,
            timestamp: u64,
            #[serde(skip_serializing_if = "Option::is_none")]
            query_hash: Option<SmartString>,
            #[serde(skip_serializing_if = "Option::is_none")]
            query_hash_alg: Option<SmartString>,
        }

        let hash_alg: Option<SmartString> = if query_hash.is_some() {
            Some(HASH_ALGORITHM.into())
        } else {
            None
        };

        let query_hash: SmartString = query_hash.unwrap_or_default();

        let is_empty = query_hash.is_empty();

        let claims = Claims {
            access_key: self.api_key.to_string(),
            nonce: Self::generate_nonce().to_string(),
            timestamp: Self::generate_timestamp(),
            query_hash: if is_empty { None } else { Some(query_hash) },
            query_hash_alg: if is_empty { None } else { hash_alg },
        };

        let header = Header::new(Algorithm::HS256);
        let encoding_key = EncodingKey::from_secret(self.secret_key.as_bytes());

        encode(&header, &claims, &encoding_key)
            .map(|s| s.into())
            .map_err(|e| crate::CommonError::Auth(crate::safe_format!("JWT encoding error: {e}")))
    }

    /// Generates authentication headers for a request.
    pub fn generate_headers(
        &self,
        _method: &str,
        _path: &str,
        params: Option<&[(&str, &str)]>,
    ) -> Result<FxHashMap<SmartString, SmartString>> {
        // Build parameter string and generate query hash if needed (optimized path)
        let query_hash = if let Some(params) = params {
            if params.is_empty() {
                None
            } else {
                let joined_params = Self::build_param_string_optimized(params)?;
                let mut encoded_params = SmartString::new();
                Self::encode_params_zero_copy(&joined_params, &mut encoded_params)?;
                Some(Self::generate_query_hash(&encoded_params))
            }
        } else {
            None
        };

        // Generate JWT token
        let jwt_token = self.generate_jwt(query_hash)?;

        // Pre-allocate HashMap with exact capacity for optimal performance
        let mut headers = FxHashMap::default();
        headers.insert(
            header_keys::authorization(),
            crate::safe_format!("Bearer {jwt_token}"),
        );
        headers.insert(
            header_keys::content_type(),
            header_keys::content_type_value(),
        );

        Ok(headers)
    }

    /// Generate headers for JSON body requests (POST/PUT/DELETE)
    ///
    /// Bithumb API requires:
    /// - Request body in JSON format
    /// - Authentication hash calculated from URL-encoded representation of JSON parameters
    /// - Content-Type: application/json; charset=utf-8
    pub fn generate_headers_for_json_body(
        &self,
        json_body: &str,
    ) -> Result<FxHashMap<SmartString, SmartString>> {
        // Parse JSON body to extract parameters for hash calculation
        let query_hash = if json_body.is_empty() || json_body == "{}" {
            None
        } else {
            // Convert JSON body to URL-encoded format for hash calculation
            let encoded_params = Self::json_to_url_encoded(json_body)?;
            Some(Self::generate_query_hash(&encoded_params))
        };

        // Generate JWT token with query hash
        let jwt_token = self.generate_jwt(query_hash)?;

        // Pre-allocate HashMap with exact capacity for optimal performance
        let mut headers = FxHashMap::default();
        headers.insert(
            header_keys::authorization(),
            crate::safe_format!("Bearer {jwt_token}"),
        );
        headers.insert(
            header_keys::content_type(),
            header_keys::content_type_value(),
        );

        Ok(headers)
    }

    /// Convert JSON body to URL-encoded format for hash calculation
    ///
    /// This extracts key-value pairs from JSON and converts them to the format
    /// expected by Bithumb's authentication system (URL-encoded query string).
    ///
    /// Uses a thread-local buffer pool to avoid heap allocations on the critical path.
    fn json_to_url_encoded(json_body: &str) -> Result<SmartString> {
        use simd_json::OwnedValue;
        use simd_json::prelude::*;

        // Parse JSON using simd_json with pooled buffer for performance
        let parsed: OwnedValue = JSON_BUFFER.with(|buffer_cell| {
            let mut buffer = buffer_cell.borrow_mut();

            // Ensure buffer has sufficient capacity
            let required_len = json_body.len();
            if buffer.capacity() < required_len {
                let additional = required_len - buffer.capacity();
                buffer.reserve(additional);
            }

            // Clear and copy data to mutable buffer (zero allocation if capacity sufficient)
            buffer.clear();
            buffer.extend_from_slice(json_body.as_bytes());

            // Parse with simd_json (requires mutable slice)
            // Use OwnedValue to avoid borrowing issues
            simd_json::from_slice(&mut buffer).map_err(|e| {
                crate::CommonError::Json(crate::safe_format!("Failed to parse JSON body: {e}"))
            })
        })?;

        // Extract key-value pairs from JSON object
        let obj = parsed
            .as_object()
            .ok_or_else(|| crate::CommonError::Json("JSON body must be an object".into()))?;

        if obj.is_empty() {
            return Ok(SmartString::new());
        }

        // Convert to parameters for URL encoding
        let mut params: SmallVec<[(SmartString, SmartString); 8]> =
            SmallVec::with_capacity(obj.len());

        for (key, value) in obj.iter() {
            // Skip null values entirely
            if value.is_null() {
                continue;
            }

            let key_str: SmartString = key.clone().into();
            let value_str: SmartString = {
                // Handle all types by converting to string representation
                let mut s = SmartString::new();
                if let Some(i) = value.as_i64() {
                    let _ = write!(s, "{i}");
                    s
                } else if let Some(u) = value.as_u64() {
                    let _ = write!(s, "{u}");
                    s
                } else if let Some(f) = value.as_f64() {
                    let _ = write!(s, "{f}");
                    s
                } else if let Some(b) = value.as_bool() {
                    let _ = write!(s, "{b}");
                    s
                } else if let OwnedValue::String(val) = value {
                    val.clone().into()
                } else {
                    return Err(crate::CommonError::Json(crate::safe_format!(
                        "Unsupported JSON value type for key '{key}'"
                    )));
                }
            };
            params.push((key_str, value_str));
        }

        // Sort parameters for consistent hash calculation
        params.sort_by(|a, b| a.0.cmp(&b.0));

        // Build URL-encoded string
        let mut result = SmartString::new();
        for (i, (key, value)) in params.iter().enumerate() {
            if i > 0 {
                result.push('&');
            }

            // URL encode key
            let mut encoded_key = SmartString::new();
            Self::encode_params_zero_copy(key, &mut encoded_key)?;
            result.push_str(&encoded_key);

            result.push('=');

            // URL encode value
            let mut encoded_value = SmartString::new();
            Self::encode_params_zero_copy(value, &mut encoded_value)?;
            result.push_str(&encoded_value);
        }

        Ok(result)
    }

    /// Generate query string from parameters (optimized version using auth module)
    ///
    /// **Important:** Bithumb's API specification requires parameters to be sorted
    /// alphabetically by key name for signature verification. However, this implementation
    /// currently uses natural order (no sorting) for performance optimization.
    ///
    /// **Note:** If signature verification fails, ensure parameters are pre-sorted
    /// before calling this function, as required by Bithumb's API documentation.
    pub fn build_query_string(params: &[(&str, &str)]) -> Result<SmartString> {
        // Use auth module's optimized implementation (natural order, no sorting)
        // TODO: Add parameter sorting if signature verification requires it
        Ok(build_query_smartstring(params))
    }

    /// Fast parameter count for pre-allocation decisions
    #[inline]
    #[must_use]
    pub fn param_count(params: Option<&[(&str, &str)]>) -> usize {
        params.map_or(0, |p| p.len())
    }

    /// Generate WebSocket authentication message
    /// Bithumb WebSocket uses PING/PONG for connection management
    pub fn generate_ws_auth(&self) -> Result<SmartString> {
        // Bithumb WebSocket uses PING/PONG for connection management
        // Private WebSocket streams may require different authentication
        // For now, return a simple PING message as per documentation
        Ok("PING".into())
    }

    /// Generate joined parameter string (for backward compatibility)
    #[must_use]
    pub fn generate_joined_param(params: &[(&str, &str)]) -> Option<SmartString> {
        if params.is_empty() {
            None
        } else {
            Self::build_param_string_optimized(params).ok()
        }
    }

    /// Get API key
    #[must_use]
    pub fn api_key(&self) -> &str {
        &self.api_key
    }
}

#[cfg(test)]
mod tests {
    use super::*;

    fn create_test_auth() -> BithumbAuth {
        BithumbAuth::new("test_api_key".into(), "test_secret_key".into())
    }

    #[test]
    fn test_new() {
        let auth = create_test_auth();
        assert_eq!(auth.api_key(), "test_api_key");
    }

    #[test]
    fn test_generate_nonce_format() {
        let nonce = BithumbAuth::generate_nonce();
        // UUID v4 format: 8-4-4-4-12 characters
        assert_eq!(nonce.len(), 36);
        assert_eq!(nonce.chars().nth(8), Some('-'));
        assert_eq!(nonce.chars().nth(13), Some('-'));
        assert_eq!(nonce.chars().nth(18), Some('-'));
        assert_eq!(nonce.chars().nth(23), Some('-'));
    }

    #[test]
    fn test_generate_nonce_uniqueness() {
        let nonce1 = BithumbAuth::generate_nonce();
        let nonce2 = BithumbAuth::generate_nonce();
        assert_ne!(nonce1, nonce2);
    }

    #[test]
    fn test_generate_timestamp() {
        let timestamp1 = BithumbAuth::generate_timestamp();
        std::thread::sleep(std::time::Duration::from_millis(1));
        let timestamp2 = BithumbAuth::generate_timestamp();

        assert!(timestamp2 > timestamp1);
        // Should be reasonable timestamp (after 2020-01-01)
        assert!(timestamp1 > 1_577_836_800_000); // 2020-01-01 in ms
    }

    #[test]
    fn test_generate_query_hash_empty() {
        let hash = BithumbAuth::generate_query_hash("");
        assert_eq!(hash, SmartString::from(""));
    }

    #[test]
    fn test_generate_query_hash_non_empty() {
        let hash = BithumbAuth::generate_query_hash("test=value");
        // SHA512 hex output should be 128 characters
        assert_eq!(hash.len(), 128);
        assert!(hash.chars().all(|c| c.is_ascii_hexdigit()));
    }

    #[test]
    fn test_generate_query_hash_consistency() {
        let input = "key1=value1&key2=value2";
        let hash1 = BithumbAuth::generate_query_hash(input);
        let hash2 = BithumbAuth::generate_query_hash(input);
        assert_eq!(hash1, hash2);
    }

    #[test]
    fn test_encode_params_zero_copy() {
        let input = "param=value with spaces";
        let mut buffer = SmartString::new();
        BithumbAuth::encode_params_zero_copy(input, &mut buffer).unwrap();
        assert_eq!(buffer, "param%3Dvalue%20with%20spaces");

        // Verify that safe characters remain unchanged
        let safe_input = "ABC-_.~";
        BithumbAuth::encode_params_zero_copy(safe_input, &mut buffer).unwrap();
        assert_eq!(buffer, safe_input);
    }

    #[test]
    fn test_generate_joined_param_empty() {
        let params: &[(&str, &str)] = &[];
        let result = BithumbAuth::generate_joined_param(params);

        assert!(result.is_none());
    }

    #[test]
    fn test_generate_joined_param_single() {
        let params = &[("key", "value")];
        let result = BithumbAuth::generate_joined_param(params);

        assert!(result.is_some());

        let result = result.unwrap();
        assert_eq!(result, SmartString::from("key=value"));
    }

    #[test]
    fn test_generate_joined_param_multiple() {
        let params = &[("key1", "value1"), ("key2", "value2")];
        let result = BithumbAuth::generate_joined_param(params);

        assert!(result.is_some());

        let result = result.unwrap();
        assert_eq!(result, SmartString::from("key1=value1&key2=value2"));
    }

    #[test]
    fn test_generate_jwt_without_query_hash() {
        let auth = create_test_auth();
        let jwt = auth.generate_jwt(None).unwrap();

        // JWT should have 3 parts separated by dots
        let parts: Vec<&str> = jwt.split('.').collect();
        assert_eq!(parts.len(), 3);

        // Each part should be base64-like (alphanumeric + / + =)
        for part in parts {
            assert!(part.chars().all(|c| c.is_alphanumeric()
                || c == '+'
                || c == '/'
                || c == '='
                || c == '-'
                || c == '_'));
        }
    }

    #[test]
    fn test_generate_jwt_with_query_hash() {
        let auth = create_test_auth();
        let query_hash = Some("test_hash".into());
        let jwt = auth.generate_jwt(query_hash).unwrap();

        // JWT should have 3 parts separated by dots
        let parts: Vec<&str> = jwt.split('.').collect();
        assert_eq!(parts.len(), 3);
        assert!(!jwt.is_empty());
    }

    #[test]
    fn test_generate_auth_headers_with_query_hash() {
        let auth = create_test_auth();

        let jwt = auth.generate_jwt(None);
        let second_jwt = auth.generate_jwt(Some(SmartString::new()));

        assert!(jwt.is_ok());
        assert!(second_jwt.is_ok());

        assert_ne!(jwt.unwrap(), second_jwt.unwrap());
    }

    #[test]
    fn test_generate_headers_no_params() {
        let auth = create_test_auth();
        let headers = auth.generate_headers("GET", "/test", None).unwrap();

        assert!(headers.contains_key(&SmartString::from("Authorization")));
        assert!(headers.contains_key(&SmartString::from("Content-Type")));

        let auth_header = headers.get(&SmartString::from("Authorization")).unwrap();
        assert!(auth_header.starts_with("Bearer "));

        let content_type = headers.get(&SmartString::from("Content-Type")).unwrap();
        assert_eq!(
            content_type,
            &SmartString::from("application/json; charset=utf-8")
        );
    }

    #[test]
    fn test_generate_headers_with_params() {
        let auth = create_test_auth();
        let params = &[("key1", "value1"), ("key2", "value2")];
        let headers = auth
            .generate_headers("POST", "/test", Some(params))
            .unwrap();

        assert!(headers.contains_key(&SmartString::from("Authorization")));
        assert!(headers.contains_key(&SmartString::from("Content-Type")));

        let auth_header = headers.get(&SmartString::from("Authorization")).unwrap();
        assert!(auth_header.starts_with("Bearer "));
        assert!(auth_header.len() > 10); // Should be substantial JWT token
    }

    #[test]
    fn test_generate_headers_different_params_different_tokens() {
        let auth = create_test_auth();
        let params1 = &[("key1", "value1")];
        let params2 = &[("key2", "value2")];

        let headers1 = auth
            .generate_headers("POST", "/test", Some(params1))
            .unwrap();
        let headers2 = auth
            .generate_headers("POST", "/test", Some(params2))
            .unwrap();

        let auth1 = headers1.get(&SmartString::from("Authorization")).unwrap();
        let auth2 = headers2.get(&SmartString::from("Authorization")).unwrap();

        // Should generate different tokens for different parameters
        assert_ne!(auth1, auth2);
    }

    #[test]
    fn test_generate_ws_auth() {
        let auth = create_test_auth();
        let ws_auth = auth.generate_ws_auth().unwrap();
        assert_eq!(ws_auth, SmartString::from("PING"));
    }

    #[test]
    fn test_api_key() {
        let auth = create_test_auth();
        assert_eq!(auth.api_key(), "test_api_key");
    }

    #[test]
    fn test_hash_algorithm_constant() {
        assert_eq!(HASH_ALGORITHM, "SHA512");
    }

    #[test]
    fn test_jwt_claims_structure() {
        let auth = create_test_auth();
        let jwt = auth.generate_jwt(None).unwrap();

        // Decode JWT to verify structure (basic check)
        use jsonwebtoken::{Algorithm, DecodingKey, Validation, decode};
        use serde::Deserialize;

        #[derive(Deserialize)]
        struct Claims {
            access_key: String,
            nonce: String,
            timestamp: u64,
            #[serde(skip_serializing_if = "Option::is_none")]
            query_hash: Option<String>,
            #[serde(skip_serializing_if = "Option::is_none")]
            query_hash_alg: Option<String>,
        }

        let key = DecodingKey::from_secret("test_secret_key".as_bytes());
        let mut validation = Validation::new(Algorithm::HS256);
        validation.validate_exp = false; // Disable expiration validation
        validation.validate_nbf = false; // Disable not-before validation
        validation.required_spec_claims.clear(); // Remove all required claims

        let decoded = decode::<Claims>(&jwt, &key, &validation);
        if let Err(ref e) = decoded {
            panic!("JWT decode failed: {e:?}");
        }

        let claims = decoded.unwrap().claims;
        assert_eq!(claims.access_key, "test_api_key");
        assert!(!claims.nonce.is_empty());
        assert!(claims.timestamp > 0);
        assert!(claims.query_hash.is_none()); // Should be None when no query hash provided
        assert!(claims.query_hash_alg.is_none()); // Should be None when no query hash provided
    }

    #[test]
    fn test_jwt_claims_with_query_hash() {
        let auth = create_test_auth();
        let query_hash = Some("test_query_hash".into());
        let jwt = auth.generate_jwt(query_hash).unwrap();

        // Decode JWT to verify structure with query hash
        use jsonwebtoken::{Algorithm, DecodingKey, Validation, decode};
        use serde::Deserialize;

        #[derive(Deserialize)]
        struct Claims {
            access_key: String,
            nonce: String,
            timestamp: u64,
            query_hash: Option<String>,
            query_hash_alg: Option<String>,
        }

        let key = DecodingKey::from_secret("test_secret_key".as_bytes());
        let mut validation = Validation::new(Algorithm::HS256);
        validation.validate_exp = false;
        validation.validate_nbf = false;
        validation.required_spec_claims.clear(); // Remove all required claims

        let decoded = decode::<Claims>(&jwt, &key, &validation);
        if let Err(ref e) = decoded {
            panic!("JWT decode failed: {e:?}");
        }

        let claims = decoded.unwrap().claims;
        assert_eq!(claims.access_key, "test_api_key");
        assert!(!claims.nonce.is_empty());
        assert!(claims.timestamp > 0);
        assert_eq!(claims.query_hash, Some("test_query_hash".to_string()));
        assert_eq!(claims.query_hash_alg, Some("SHA512".to_string()));
    }

    #[test]
    fn test_smallvec_performance_advantage() {
        // Test that SmallVec works with 8 parameters (within stack allocation)
        let params = &[
            ("param1", "value1"),
            ("param2", "value2"),
            ("param3", "value3"),
            ("param4", "value4"),
            ("param5", "value5"),
            ("param6", "value6"),
            ("param7", "value7"),
            ("param8", "value8"),
        ];

        let result = BithumbAuth::build_param_string_optimized(params).unwrap();
        assert!(result.contains("param1=value1"));
        assert!(result.contains("param8=value8"));
        assert_eq!(result.matches('&').count(), 7); // 7 separators for 8 params
    }

    #[test]
    fn test_optimized_methods() {
        let auth = create_test_auth();

        // Test direct header generation method
        let headers = auth.generate_headers("POST", "/trade/place", None).unwrap();
        assert!(headers.contains_key(&SmartString::from("Authorization")));
        assert!(headers.contains_key(&SmartString::from("Content-Type")));

        // Test optimized parameter building
        let params = &[("symbol", "BTC_KRW"), ("side", "buy")];
        let query_string = BithumbAuth::build_query_string(params).unwrap();
        assert!(!query_string.is_empty());
        assert!(query_string.contains("symbol"));
        assert!(query_string.contains("buy"));

        // Test parameter count utility
        assert_eq!(BithumbAuth::param_count(Some(params)), 2);
        assert_eq!(BithumbAuth::param_count(None), 0);

        // Test nanosecond timestamp
        let nanos1 = BithumbAuth::generate_timestamp_nanos();
        let nanos2 = BithumbAuth::generate_timestamp_nanos();
        assert!(nanos2 >= nanos1);
    }

    #[test]
    fn test_header_keys_module() {
        // Test header key constants
        assert_eq!(header_keys::AUTHORIZATION, "Authorization");
        assert_eq!(header_keys::CONTENT_TYPE, "Content-Type");
        assert_eq!(
            header_keys::CONTENT_TYPE_VALUE,
            "application/json; charset=utf-8"
        );

        // Test pre-allocated SmartString functions
        let auth_header = header_keys::authorization();
        let content_type = header_keys::content_type();
        let content_value = header_keys::content_type_value();

        assert_eq!(auth_header, "Authorization");
        assert_eq!(content_type, "Content-Type");
        assert_eq!(content_value, "application/json; charset=utf-8");
    }

    #[test]
    fn test_generate_headers_consistency() {
        let auth = create_test_auth();
        let params = &[("symbol", "BTC_KRW"), ("amount", "100")];

        // Multiple calls should produce consistent structure
        let headers1 = auth
            .generate_headers("POST", "/trade/place", Some(params))
            .unwrap();
        let headers2 = auth
            .generate_headers("POST", "/trade/place", Some(params))
            .unwrap();

        // Should contain same keys and structure
        assert_eq!(headers1.len(), headers2.len());
        assert!(headers1.contains_key(&header_keys::authorization()));
        assert!(headers1.contains_key(&header_keys::content_type()));
        assert!(headers2.contains_key(&header_keys::authorization()));
        assert!(headers2.contains_key(&header_keys::content_type()));
    }

    #[test]
    fn test_clone_and_debug() {
        let auth = create_test_auth();
        let auth_clone = auth.clone();

        assert_eq!(auth.api_key(), auth_clone.api_key());

        // Test Debug implementation
        let debug_output = format!("{auth:?}");
        assert!(debug_output.contains("BithumbAuth"));
    }

    #[test]
    fn test_performance_optimizations() {
        let auth = create_test_auth();

        // Test that headers are pre-allocated with exact capacity
        let headers = auth.generate_headers("GET", "/info/balance", None).unwrap();
        assert_eq!(headers.len(), 2); // Should have exactly 2 headers

        // Test with parameters
        let params = &[("order_id", "12345"), ("currency", "BTC")];
        let headers_with_params = auth
            .generate_headers("POST", "/trade/cancel", Some(params))
            .unwrap();
        assert_eq!(headers_with_params.len(), 2); // Should still have exactly 2 headers

        // Verify header contents are optimized SmartStrings
        let auth_value = headers.get(&header_keys::authorization()).unwrap();
        let content_type_value = headers.get(&header_keys::content_type()).unwrap();

        assert!(auth_value.starts_with("Bearer "));
        assert_eq!(content_type_value, &header_keys::content_type_value());
    }

    #[test]
    fn test_stack_allocation_performance() {
        // Test parameter building with various sizes to ensure SmallVec stack allocation

        // Test with 1 parameter (well within stack allocation)
        let small_params = &[("key", "value")];
        let small_result = BithumbAuth::build_param_string_optimized(small_params).unwrap();
        assert_eq!(small_result, "key=value");

        // Test with 8 parameters (at the edge of stack allocation)
        let medium_params = &[
            ("param1", "value1"),
            ("param2", "value2"),
            ("param3", "value3"),
            ("param4", "value4"),
            ("param5", "value5"),
            ("param6", "value6"),
            ("param7", "value7"),
            ("param8", "value8"),
        ];
        let medium_result = BithumbAuth::build_param_string_optimized(medium_params).unwrap();
        assert_eq!(medium_result.matches('&').count(), 7); // 7 separators for 8 params

        // Test that empty parameters return empty string efficiently
        let empty_params: &[(&str, &str)] = &[];
        let empty_result = BithumbAuth::build_param_string_optimized(empty_params).unwrap();
        assert!(empty_result.is_empty());
    }

    #[test]
    fn test_generate_headers_for_json_body_empty() {
        let auth = create_test_auth();
        let headers = auth.generate_headers_for_json_body("{}").unwrap();

        assert_eq!(headers.len(), 2);
        assert!(headers.contains_key(&header_keys::authorization()));
        assert!(headers.contains_key(&header_keys::content_type()));

        let content_type = headers.get(&header_keys::content_type()).unwrap();
        assert_eq!(content_type, &header_keys::content_type_value());
    }

    #[test]
    fn test_generate_headers_for_json_body_with_data() {
        let auth = create_test_auth();
        let json_body = r#"{"symbol":"BTC_KRW","side":"buy","amount":"100"}"#;
        let headers = auth.generate_headers_for_json_body(json_body).unwrap();

        assert_eq!(headers.len(), 2);
        assert!(headers.contains_key(&header_keys::authorization()));
        assert!(headers.contains_key(&header_keys::content_type()));

        let auth_header = headers.get(&header_keys::authorization()).unwrap();
        assert!(auth_header.starts_with("Bearer "));
        assert!(auth_header.len() > 10); // Should be substantial JWT token
    }

    #[test]
    fn test_json_to_url_encoded_empty() {
        let result = BithumbAuth::json_to_url_encoded("{}").unwrap();
        assert!(result.is_empty());
    }

    #[test]
    fn test_json_to_url_encoded_single_param() {
        let json = r#"{"key":"value"}"#;
        let result = BithumbAuth::json_to_url_encoded(json).unwrap();
        assert_eq!(result, "key=value");
    }

    #[test]
    fn test_json_to_url_encoded_multiple_params() {
        let json = r#"{"symbol":"BTC_KRW","side":"buy","amount":"100"}"#;
        let result = BithumbAuth::json_to_url_encoded(json).unwrap();

        // Parameters should be sorted alphabetically
        assert!(result.contains("amount=100"));
        assert!(result.contains("side=buy"));
        assert!(result.contains("symbol=BTC_KRW"));

        // Should be in sorted order: amount, side, symbol
        assert!(result.starts_with("amount=100"));
        assert!(result.contains("side=buy"));
        assert!(result.ends_with("symbol=BTC_KRW"));
    }

    #[test]
    fn test_json_to_url_encoded_numeric_types() {
        let json = r#"{"price":84000000,"volume":0.001,"is_test":true}"#;
        let result = BithumbAuth::json_to_url_encoded(json).unwrap();

        assert!(result.contains("price=84000000"));
        assert!(result.contains("volume=0.001"));
        assert!(result.contains("is_test=true"));
    }

    #[test]
    fn test_json_to_url_encoded_url_encoding() {
        let json = r#"{"message":"hello world","special":"key=value&other"}"#;
        let result = BithumbAuth::json_to_url_encoded(json).unwrap();

        // Spaces and special characters should be URL encoded
        assert!(result.contains("hello%20world"));
        assert!(result.contains("key%3Dvalue%26other"));
    }

    #[test]
    fn test_json_to_url_encoded_invalid_json() {
        let invalid_json = "{invalid json}";
        let result = BithumbAuth::json_to_url_encoded(invalid_json);
        assert!(result.is_err());
    }

    #[test]
    fn test_json_to_url_encoded_non_object() {
        let array_json = "[1, 2, 3]";
        let result = BithumbAuth::json_to_url_encoded(array_json);
        assert!(result.is_err());

        let string_json = "\"hello\"";
        let result = BithumbAuth::json_to_url_encoded(string_json);
        assert!(result.is_err());
    }

    #[test]
    fn test_json_to_url_encoded_null_values() {
        // Test that null values are completely skipped
        let json = r#"{
            "symbol": "BTC_KRW",
            "amount": 100,
            "comment": null,
            "side": "buy",
            "metadata": null
        }"#;
        let result = BithumbAuth::json_to_url_encoded(json).unwrap();

        // Should contain non-null values
        assert!(result.contains("symbol=BTC_KRW"));
        assert!(result.contains("amount=100"));
        assert!(result.contains("side=buy"));

        // Should NOT contain null values or their keys
        assert!(!result.contains("comment"));
        assert!(!result.contains("metadata"));
        assert!(!result.contains("null"));

        // Test edge case with only null values
        let null_only_json = r#"{"field1": null, "field2": null}"#;
        let null_result = BithumbAuth::json_to_url_encoded(null_only_json).unwrap();
        assert_eq!(null_result, ""); // Should be empty string
    }

    #[test]
    fn test_json_body_vs_params_consistency() {
        let auth = create_test_auth();

        // Create equivalent data as params and JSON
        let params = &[("amount", "100"), ("side", "buy"), ("symbol", "BTC_KRW")];
        let json_body = r#"{"symbol":"BTC_KRW","side":"buy","amount":"100"}"#;

        let headers_params = auth
            .generate_headers("POST", "/test", Some(params))
            .unwrap();
        let headers_json = auth.generate_headers_for_json_body(json_body).unwrap();

        // Both should have same structure
        assert_eq!(headers_params.len(), headers_json.len());
        assert!(headers_params.contains_key(&header_keys::authorization()));
        assert!(headers_json.contains_key(&header_keys::authorization()));

        // Content-Type should be the same (JSON)
        let content_type_params = headers_params.get(&header_keys::content_type()).unwrap();
        let content_type_json = headers_json.get(&header_keys::content_type()).unwrap();
        assert_eq!(content_type_params, content_type_json);
        assert_eq!(content_type_json, &header_keys::content_type_value());
    }

    #[test]
    fn test_json_body_authentication_flow() {
        let auth = create_test_auth();

        // Test complete authentication flow for JSON body
        let order_data = r#"{
            "symbol": "BTC_KRW",
            "side": "buy",
            "order_type": "limit",
            "price": 84000000,
            "volume": 0.001
        }"#;

        let headers = auth.generate_headers_for_json_body(order_data).unwrap();

        // Verify all required headers are present
        assert!(headers.contains_key(&header_keys::authorization()));
        assert!(headers.contains_key(&header_keys::content_type()));

        // Verify authorization header format
        let auth_header = headers.get(&header_keys::authorization()).unwrap();
        assert!(auth_header.starts_with("Bearer "));

        // Verify JWT has proper format (3 base64 parts separated by dots)
        let jwt_token = auth_header.strip_prefix("Bearer ").unwrap();
        let parts: Vec<&str> = jwt_token.split('.').collect();
        assert_eq!(parts.len(), 3);

        // Verify content type
        let content_type = headers.get(&header_keys::content_type()).unwrap();
        assert_eq!(content_type, "application/json; charset=utf-8");
    }
}