Skip to content

feat(config): Add DcRegion for x-dc-region data-center routing#554

Merged
huacnlee merged 8 commits into
mainfrom
feat/us-dc-region
Jul 3, 2026
Merged

feat(config): Add DcRegion for x-dc-region data-center routing#554
huacnlee merged 8 commits into
mainfrom
feat/us-dc-region

Conversation

@huacnlee

Copy link
Copy Markdown
Member

What

Adds first-class support for the x-dc-region data-center routing header.

Longbridge access tokens are prefixed with their region (us_… / ap_…). The API gateway routes a request to the matching data center based on the x-dc-region header; an absent header defaults to ap.

Changes

  • New region module: DcRegion enum with from_access_token (prefix us_Us, otherwise Ap) and as_str ("us" / "ap"), plus the DC_REGION_HEADER constant.
  • Config::dc_region() convenience that sets x-dc-region on every HTTP and WebSocket upgrade request (via the existing custom_headers path).
  • Re-exported DcRegion and DC_REGION_HEADER at the crate root.

Consumers (longbridge-terminal, longbridge-mcp) derive the region from their access token and attach the header so US-region tokens reach the US data center. US and AP share the same OAuth endpoints — only the routing header differs.

Test

  • Unit tests for DcRegion::from_access_token (incl. Bearer tolerance and unprefixed → ap default) and as_str.
  • cargo clippy --all-features clean; cargo +nightly fmt applied.

🤖 Generated with Claude Code

Longbridge credentials are prefixed with their data center: `us_…` for
the US data center and `ap_…` for Asia-Pacific. This applies to the OAuth
access token and, in legacy API-key mode, to the `app_key`, `app_secret`,
and `access_token`. The API gateway routes a request to the matching data
center via the `x-dc-region` header, defaulting to `ap` when absent.

- `longbridge-geo`: add `DcRegion` (`from_credential` / `from_credentials`
  / `as_str`) and the `DC_REGION_HEADER` constant, re-exported through
  `longbridge-httpcli` and the crate root.
- The HTTP client and the quote/trade WebSocket upgrade now auto-inject
  `x-dc-region` derived from the auth credentials, so US-region tokens
  reach the US data center with no caller changes. An explicitly-set
  header (e.g. via a custom header or `Config::dc_region`) is preserved.
- `Config::dc_region()` remains as an explicit override.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@huacnlee huacnlee force-pushed the feat/us-dc-region branch from a7a4af1 to d35f634 Compare June 30, 2026 04:07
The `us_`/`ap_` prefix on an access token is region metadata used to derive
the `x-dc-region` routing header — it is not part of the verifiable bearer
credential. Sending the full `us_…` token in `Authorization: Bearer` makes
the gateway reject it (401102 token verification failed).

Strip the region prefix before building the `Authorization` header (deriving
the region from the prefix first), so the gateway verifies the bare token and
routes by `x-dc-region`. WebSocket auth is unaffected: it uses an OTP fetched
over this same HTTP path. Add `DcRegion::strip_region_prefix`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
hogan-yuan and others added 6 commits July 1, 2026 22:36
… URLs

Based on live testing:
- Tokens with region prefixes (hk_m_, us_m_, ap_m_) are sent as-is to the
  gateway. The server accepts the full prefixed token and routes via the
  x-dc-region header — no prefix stripping is needed.
- strip_region_prefix now only removes a leading "Bearer " prefix.
- Add http_url_staging, quote_ws_url_staging, trade_ws_url_staging helpers:
    US: openapi-global.longbridge.xyz
        openapi-global-quote.longbridge.xyz
        openapi-global-trade.longbridge.xyz
    AP: openapi.longbridge.xyz / openapi-quote.longbridge.xyz / ...
- Update strip_region_prefix test to reflect new behavior.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Introduce a declarative `RequestBuilder::dc_restrict(region)` API so a call
site can restrict a request to a single data center. When the session's
region differs, `do_send` short-circuits with a unified
`HttpClientError::DcRegionRestricted { path, required, current }` instead of
forwarding a request the target data center cannot serve.

- geo: `DcRegion::allows()` + uppercase `Display` (AP/US) for messages, while
  `as_str()` keeps the lowercase `x-dc-region` header value (us/ap).
- httpcli: `RequestBuilder::dc_restrict()`, `HttpClient::dc_region()`, and the
  `DcRegionRestricted` error variant.
- Declare AP-only endpoints via the API: recurring investment (DCA, whole
  module), operating reviews, broker holdings, and the broker-queue WebSocket
  command.

Supports future US-only endpoints by declaring `DcRegion::Us` at their call
sites — no path-prefix heuristics.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@huacnlee huacnlee merged commit a501512 into main Jul 3, 2026
56 checks passed
@huacnlee huacnlee deleted the feat/us-dc-region branch July 3, 2026 02:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants