rusty_common/websocket/

auth.rs

//! WebSocket authentication module
//!
//! Provides authentication abstractions for WebSocket connections.

use crate::collections::FxHashMap;
use simd_json::OwnedValue;
use simd_json::prelude::*;
use smartstring::alias::String;

use super::{WebSocketError, WebSocketResult};
use crate::auth::hmac::generate_hmac_signature;
use crate::types::Exchange;

/// WebSocket authentication method
#[derive(Debug, Clone)]
pub enum AuthMethod {
    /// No authentication
    None,

    /// API key authentication
    ApiKey {
        /// The API key.
        key: String,
        /// The API secret.
        secret: String,
    },

    /// JWT token authentication
    Jwt {
        /// The JWT token.
        token: String,
    },

    /// Custom authentication with headers
    Custom {
        /// The custom headers.
        headers: FxHashMap<String, String>,
    },
}

/// WebSocket authentication provider
pub trait WebSocketAuth: Send + Sync {
    /// Create authentication message
    fn create_auth_message(&self) -> WebSocketResult<Option<OwnedValue>>;

    /// Get authentication headers
    fn get_auth_headers(&self) -> WebSocketResult<FxHashMap<String, String>>;

    /// Handle authentication response
    fn handle_auth_response(&mut self, response: &OwnedValue) -> WebSocketResult<bool>;
}

/// Default WebSocket authenticator
pub struct DefaultWebSocketAuth {
    exchange: Exchange,
    method: AuthMethod,
}

impl DefaultWebSocketAuth {
    /// Create a new authenticator
    #[must_use]
    pub const fn new(exchange: Exchange, method: AuthMethod) -> Self {
        Self { exchange, method }
    }
}

impl WebSocketAuth for DefaultWebSocketAuth {
    fn create_auth_message(&self) -> WebSocketResult<Option<OwnedValue>> {
        match &self.method {
            AuthMethod::None => Ok(None),

            AuthMethod::ApiKey { key, secret } => {
                match self.exchange {
                    Exchange::Binance => {
                        // Binance doesn't use WebSocket auth messages
                        // Authentication is done via listen key
                        Ok(None)
                    }

                    Exchange::Bybit => {
                        // Bybit uses auth message
                        let expires = crate::time::get_timestamp_ms() as i64 + 10000;
                        let message = format!("GET/realtime{expires}");
                        let signature = generate_hmac_signature(secret, &message)
                            .map_err(|e| WebSocketError::AuthenticationError(e.to_string()))?;

                        Ok(Some(simd_json::json!({
                            "op": "auth",
                            "args": [key, expires, signature]
                        })))
                    }

                    Exchange::Coinbase => {
                        // Coinbase requires signature in subscription message
                        Ok(None)
                    }

                    Exchange::Upbit => {
                        // Upbit uses JWT
                        Ok(None)
                    }

                    Exchange::Bithumb => {
                        // Bithumb auth is in subscription message
                        Ok(None)
                    }
                }
            }

            AuthMethod::Jwt { token: _ } => {
                match self.exchange {
                    Exchange::Upbit => {
                        // Upbit sends JWT in Authorization header
                        Ok(None)
                    }
                    _ => Err(WebSocketError::AuthenticationError(
                        "JWT not supported for this exchange".into(),
                    )),
                }
            }

            AuthMethod::Custom { .. } => Ok(None),
        }
    }

    fn get_auth_headers(&self) -> WebSocketResult<FxHashMap<String, String>> {
        let mut headers = FxHashMap::default();

        match &self.method {
            AuthMethod::None => {}

            AuthMethod::ApiKey { .. } => {
                // Most exchanges don't use headers for API key auth
            }

            AuthMethod::Jwt { token } => {
                if self.exchange == Exchange::Upbit {
                    headers.insert("Authorization".into(), format!("Bearer {token}").into());
                }
            }

            AuthMethod::Custom { headers: custom } => {
                for (k, v) in custom {
                    headers.insert(k.clone(), v.clone());
                }
            }
        }

        Ok(headers)
    }

    fn handle_auth_response(&mut self, response: &OwnedValue) -> WebSocketResult<bool> {
        // Parse common response patterns
        if let Some(success) = response.get("success").and_then(|v| v.as_bool()) {
            return Ok(success);
        }

        if let Some(status) = response.get("status").and_then(|v| v.as_str()) {
            return Ok(status == "success" || status == "ok");
        }

        if let Some(result) = response.get("result").and_then(|v| v.as_str()) {
            return Ok(result == "true" || result == "success");
        }

        // Exchange specific patterns
        if self.exchange == Exchange::Bybit
            && let Some(ret_code) = response.get("ret_code").and_then(|v| v.as_i64())
        {
            return Ok(ret_code == 0);
        }

        // If no clear indication, assume success if no error field
        Ok(!response.contains_key("error") && !response.contains_key("code"))
    }
}

/// Create authenticator for exchange
pub fn create_authenticator(
    exchange: Exchange,
    api_key: Option<String>,
    api_secret: Option<String>,
) -> Box<dyn WebSocketAuth> {
    let method = match (api_key, api_secret) {
        (Some(key), Some(secret)) => AuthMethod::ApiKey { key, secret },
        _ => AuthMethod::None,
    };

    Box::new(DefaultWebSocketAuth::new(exchange, method))
}