Class: TunnelRb::Server::TokenStore

Inherits:

Object

• Object
• TunnelRb::Server::TokenStore

Defined in:

lib/tunnel_rb/server/token_store.rb

Overview

Persistent token <-> subdomain mapping with TTL. Tokens belonging to a currently-connected client never expire (they’re refreshed implicitly). Tokens of disconnected clients age out after TOKEN_TTL.

Constant Summary

DEFAULT_PATH =

"/tmp/tunnel-rb-server-tokens.json".freeze

TOKEN_TTL =

seconds

24 * 3600

CLEANUP_INTERVAL =

600

Instance Method Summary

• #cleanup_expired ⇒ Object

  Drops tokens whose subdomain has no active client and whose TTL has elapsed.

• #cleanup_loop(interval: CLEANUP_INTERVAL, stop_flag: nil) ⇒ Object
• #generate_subdomain ⇒ Object
• #initialize(path: DEFAULT_PATH, active_subdomains:, logger: nil) ⇒ TokenStore constructor

  active_subdomains: callable returning a Set/Array of subdomains held by currently-connected clients.

• #issue(subdomain) ⇒ Object
• #persist_now ⇒ Object
• #resolve(token) ⇒ Object

  Returns the subdomain bound to ‘token` if the token is valid, or nil.

• #revoke(token) ⇒ Object
• #to_h ⇒ Object

  Snapshot for tests/diagnostics.

Constructor Details

#initialize(path: DEFAULT_PATH, active_subdomains:, logger: nil) ⇒ TokenStore

active_subdomains: callable returning a Set/Array of subdomains held by currently-connected clients. Used to keep their tokens alive and to avoid colliding when generating new subdomains.

# File 'lib/tunnel_rb/server/token_store.rb', line 21

def initialize(path: DEFAULT_PATH, active_subdomains:, logger: nil)
  @path = path
  @active_subdomains = active_subdomains
  @logger = logger
  @mutex = Mutex.new
  @tokens = load_from_disk
end

Instance Method Details

#cleanup_expired ⇒ Object

Drops tokens whose subdomain has no active client and whose TTL has elapsed. Called both periodically and on every registration.

# File 'lib/tunnel_rb/server/token_store.rb', line 79

def cleanup_expired
  @mutex.synchronize { cleanup_unlocked }
end

#cleanup_loop(interval: CLEANUP_INTERVAL, stop_flag: nil) ⇒ Object

# File 'lib/tunnel_rb/server/token_store.rb', line 83

def cleanup_loop(interval: CLEANUP_INTERVAL, stop_flag: nil)
  loop do
    interval.times do
      return if stop_flag && stop_flag.call

      sleep 1
    end
    return if stop_flag && stop_flag.call

    cleanup_expired
  end
end

#generate_subdomain ⇒ Object

# File 'lib/tunnel_rb/server/token_store.rb', line 68

def generate_subdomain
  @mutex.synchronize do
    loop do
      candidate = SecureRandom.hex(4)
      return candidate unless taken_unlocked?(candidate)
    end
  end
end

#issue(subdomain) ⇒ Object

# File 'lib/tunnel_rb/server/token_store.rb', line 29

def issue(subdomain)
  @mutex.synchronize do
    loop do
      token = SecureRandom.hex(16)
      next if @tokens.key?(token)

      @tokens[token] = entry(subdomain)
      persist
      return token
    end
  end
end

#persist_now ⇒ Object

# File 'lib/tunnel_rb/server/token_store.rb', line 96

def persist_now
  @mutex.synchronize { persist }
end

#resolve(token) ⇒ Object

Returns the subdomain bound to ‘token` if the token is valid, or nil. A token is valid if either (a) its subdomain currently has an active client, or (b) the token has not expired yet.

# File 'lib/tunnel_rb/server/token_store.rb', line 55

def resolve(token)
  @mutex.synchronize do
    record = @tokens[token]
    return nil unless record

    sub = subdomain_of(record)
    return sub if active?(sub)
    return nil if expired?(record)

    sub
  end
end

#revoke(token) ⇒ Object

# File 'lib/tunnel_rb/server/token_store.rb', line 42

def revoke(token)
  return unless token

  @mutex.synchronize do
    next unless @tokens.delete(token)

    persist
  end
end

#to_h ⇒ Object

Snapshot for tests/diagnostics.

# File 'lib/tunnel_rb/server/token_store.rb', line 101

def to_h
  @mutex.synchronize { @tokens.dup }
end