Class: Ace::Git::Secrets::Molecules::TokenRevoker

Inherits:

Object

• Object
• Ace::Git::Secrets::Molecules::TokenRevoker

Defined in:

lib/ace/git/secrets/molecules/token_revoker.rb

Overview

Orchestrates token revocation across multiple services Routes tokens to appropriate service handlers

Instance Attribute Summary

• #api_client ⇒ Object readonly

  Returns the value of attribute api_client.

Instance Method Summary

• #initialize(api_client: nil) ⇒ TokenRevoker constructor

  A new instance of TokenRevoker.

• #revocation_instructions(token) ⇒ Hash

  Get revocation instructions for a token.

• #revoke_all(tokens, services: nil) ⇒ Array<Models::RevocationResult>

  Revoke multiple tokens.

• #revoke_token(token) ⇒ Models::RevocationResult

  Revoke a single token.

Constructor Details

#initialize(api_client: nil) ⇒ TokenRevoker

Returns a new instance of TokenRevoker.

Parameters:

• api_client (Atoms::ServiceApiClient, nil) (defaults to: nil) —

  API client for revocation

# File 'lib/ace/git/secrets/molecules/token_revoker.rb', line 13

def initialize(api_client: nil)
  @api_client = api_client || Atoms::ServiceApiClient.new
end

Instance Attribute Details

#api_client ⇒ Object (readonly)

Returns the value of attribute api_client.

# File 'lib/ace/git/secrets/molecules/token_revoker.rb', line 10

def api_client
  @api_client
end

Instance Method Details

#revocation_instructions(token) ⇒ Hash

Get revocation instructions for a token

Parameters:

• token (DetectedToken) —

  Token to get instructions for

Returns:

• (Hash) —

  Instructions hash

# File 'lib/ace/git/secrets/molecules/token_revoker.rb', line 54

def revocation_instructions(token)
  service = token.revocation_service
  api_client.build_revocation_request(service, token.raw_value)
end

#revoke_all(tokens, services: nil) ⇒ Array<Models::RevocationResult>

Revoke multiple tokens

Parameters:

• tokens (Array<DetectedToken>) —

  Tokens to revoke

• services (Array<String>, nil) (defaults to: nil) —

  Filter to specific services

Returns:

• (Array<Models::RevocationResult>)

# File 'lib/ace/git/secrets/molecules/token_revoker.rb', line 21

def revoke_all(tokens, services: nil)
  tokens.map do |token|
    next unless token.revocable?
    next if services && !services.include?(token.revocation_service)

    revoke_token(token)
  end.compact
end

#revoke_token(token) ⇒ Models::RevocationResult

Revoke a single token

Parameters:

• token (DetectedToken) —

  Token to revoke

Returns:

• (Models::RevocationResult)

# File 'lib/ace/git/secrets/molecules/token_revoker.rb', line 33

def revoke_token(token)
  service = token.revocation_service

  unless service
    return Models::RevocationResult.unsupported(token: token)
  end

  case service
  when "github"
    revoke_github(token)
  when "anthropic", "openai", "aws"
    # These services don't have public revocation APIs
    manual_revocation_result(token, service)
  else
    Models::RevocationResult.unsupported(token: token, service: service)
  end
end