rusty_ems/auth/

traits.rs

//! Common traits for authentication across all exchange implementations

use crate::error::{EMSError, Result};
use async_trait::async_trait;
use reqwest::header::HeaderMap;
use rusty_common::SmartString;
use std::time::Duration;

/// Authentication context for a request
#[derive(Debug, Clone)]
pub struct AuthenticationContext {
    /// HTTP method (GET, POST, PUT, DELETE)
    pub method: SmartString,
    /// API path (e.g., "/api/v3/order")
    pub path: SmartString,
    /// Query parameters
    pub query_params: Option<Vec<(SmartString, SmartString)>>,
    /// Request body (if any)
    pub body: Option<SmartString>,
    /// Request timestamp (optional, will use current time if None)
    pub timestamp: Option<u64>,
    /// Additional context-specific data
    pub metadata: Option<SmartString>,
}

impl AuthenticationContext {
    /// Create a new authentication context
    pub fn new(method: impl Into<SmartString>, path: impl Into<SmartString>) -> Self {
        Self {
            method: method.into(),
            path: path.into(),
            query_params: None,
            body: None,
            timestamp: None,
            metadata: None,
        }
    }

    /// Set query parameters
    #[must_use]
    pub fn with_query_params(mut self, params: Vec<(SmartString, SmartString)>) -> Self {
        self.query_params = Some(params);
        self
    }

    /// Set request body
    pub fn with_body(mut self, body: impl Into<SmartString>) -> Self {
        self.body = Some(body.into());
        self
    }

    /// Set timestamp
    #[must_use]
    pub const fn with_timestamp(mut self, timestamp: u64) -> Self {
        self.timestamp = Some(timestamp);
        self
    }

    /// Set metadata
    pub fn with_metadata(mut self, metadata: impl Into<SmartString>) -> Self {
        self.metadata = Some(metadata.into());
        self
    }
}

/// Result of authentication operations
#[derive(Debug, Clone)]
pub struct AuthenticationResult {
    /// HTTP headers for the request
    pub headers: HeaderMap,
    /// Signed query string (if applicable)
    pub signed_query: Option<SmartString>,
    /// WebSocket authentication message (if applicable)
    pub ws_auth_message: Option<SmartString>,
    /// Authentication validity duration
    pub validity_duration: Option<Duration>,
}

impl AuthenticationResult {
    /// Create a new authentication result with headers
    #[must_use]
    pub const fn new(headers: HeaderMap) -> Self {
        Self {
            headers,
            signed_query: None,
            ws_auth_message: None,
            validity_duration: None,
        }
    }

    /// Set signed query string
    pub fn with_signed_query(mut self, query: impl Into<SmartString>) -> Self {
        self.signed_query = Some(query.into());
        self
    }

    /// Set WebSocket authentication message
    pub fn with_ws_auth_message(mut self, message: impl Into<SmartString>) -> Self {
        self.ws_auth_message = Some(message.into());
        self
    }

    /// Set validity duration
    #[must_use]
    pub const fn with_validity_duration(mut self, duration: Duration) -> Self {
        self.validity_duration = Some(duration);
        self
    }
}

/// Unified authentication manager trait for all exchanges
#[async_trait]
pub trait AuthenticationManager: Send + Sync {
    /// Generate authentication for a REST API request
    async fn authenticate_rest_request(
        &self,
        context: &AuthenticationContext,
    ) -> Result<AuthenticationResult>;

    /// Generate authentication for a WebSocket connection
    async fn authenticate_websocket(&self) -> Result<AuthenticationResult>;

    /// Generate WebSocket trading authentication (if supported)
    async fn authenticate_websocket_trading(
        &self,
        timestamp: Option<u64>,
    ) -> Result<AuthenticationResult> {
        let _ = timestamp;
        Err(EMSError::not_supported(
            self.exchange_name(),
            "WebSocket trading authentication",
        ))
    }

    /// Check if authentication is still valid
    fn is_authentication_valid(&self) -> bool;

    /// Get the time until authentication expires (if applicable)
    fn time_until_expiration(&self) -> Option<Duration>;

    /// Refresh authentication if needed (for JWT-based exchanges)
    async fn refresh_authentication(&self) -> Result<()> {
        Ok(()) // Default: no refresh needed
    }

    /// Get the exchange name
    fn exchange_name(&self) -> &str;

    /// Get the API key
    fn api_key(&self) -> &str;

    /// Check if this authentication supports WebSocket trading
    fn supports_websocket_trading(&self) -> bool {
        false
    }

    /// Check if this authentication requires periodic refresh
    fn requires_refresh(&self) -> bool {
        false
    }

    /// Get refresh interval (if applicable)
    fn refresh_interval(&self) -> Option<Duration> {
        None
    }
}

/// Trait for authentication adapters that wrap exchange-specific auth implementations
#[async_trait]
pub trait AuthenticationAdapter: AuthenticationManager {
    /// Get the underlying exchange-specific authentication implementation
    fn underlying_auth(&self) -> &dyn std::any::Any;
}

/// WebSocket authentication message types
#[derive(Debug, Clone)]
pub enum WebSocketAuthMessage {
    /// Simple authentication message (JSON)
    Simple(SmartString),
    /// JWT-based authentication
    Jwt(SmartString),
    /// Custom authentication with metadata
    Custom {
        /// The authentication message
        message: SmartString,
        /// Additional metadata for the authentication
        metadata: SmartString,
    },
}

/// Authentication method types supported by exchanges
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum AuthenticationMethod {
    /// HMAC-SHA256 signature
    HmacSha256,
    /// Ed25519 signature (Binance advanced)
    Ed25519,
    /// ECDSA signature (Coinbase)
    Ecdsa,
    /// JWT with HMAC (Korean exchanges)
    JwtHmac,
    /// Custom authentication method
    Custom,
}

/// Authentication requirements for different operation types
#[derive(Debug, Clone)]
pub struct AuthenticationRequirements {
    /// Whether REST API authentication is required
    pub rest_required: bool,
    /// Whether WebSocket authentication is required
    pub websocket_required: bool,
    /// Whether WebSocket trading authentication is required
    pub websocket_trading_required: bool,
    /// Authentication method used
    pub method: AuthenticationMethod,
    /// Whether authentication has expiration
    pub has_expiration: bool,
    /// Default validity duration
    pub default_validity: Option<Duration>,
}

impl AuthenticationRequirements {
    /// Create requirements for HMAC-based authentication
    #[must_use]
    pub const fn hmac_based() -> Self {
        Self {
            rest_required: true,
            websocket_required: false,
            websocket_trading_required: false,
            method: AuthenticationMethod::HmacSha256,
            has_expiration: false,
            default_validity: None,
        }
    }

    /// Create requirements for JWT-based authentication
    #[must_use]
    pub const fn jwt_based() -> Self {
        Self {
            rest_required: true,
            websocket_required: true,
            websocket_trading_required: false,
            method: AuthenticationMethod::JwtHmac,
            has_expiration: true,
            default_validity: Some(Duration::from_secs(3600)), // 1 hour
        }
    }

    /// Create requirements for Ed25519-based authentication
    #[must_use]
    pub const fn ed25519_based() -> Self {
        Self {
            rest_required: true,
            websocket_required: true,
            websocket_trading_required: true,
            method: AuthenticationMethod::Ed25519,
            has_expiration: false,
            default_validity: None,
        }
    }
}