Class: AtprotoAuth::DPoP::NonceManager

Inherits:

Object

• Object
• AtprotoAuth::DPoP::NonceManager

Defined in:

lib/atproto_auth/dpop/nonce_manager.rb

Overview

Manages DPoP nonces provided by servers during the OAuth flow. Tracks separate nonces for each server using persistent storage. Thread-safe to handle concurrent requests.

Defined Under Namespace

Classes: NonceError, StoredNonce

Constant Summary

DEFAULT_TTL =

Default time in seconds a nonce is considered valid

300

Instance Method Summary

• #clear(server_url) ⇒ Object

  Clears a nonce for a server.

• #get(server_url) ⇒ String^?

  Gets the current nonce for a server.

• #initialize(ttl: nil) ⇒ NonceManager constructor

  5 minutes.

• #update(nonce:, server_url:) ⇒ Object

  Updates the stored nonce for a server.

• #valid_nonce?(server_url) ⇒ Boolean

  Check if a server has a valid nonce.

Constructor Details

#initialize(ttl: nil) ⇒ NonceManager

5 minutes

# File 'lib/atproto_auth/dpop/nonce_manager.rb', line 26

def initialize(ttl: nil)
  @ttl = ttl || DEFAULT_TTL
  @serializer = Serialization::StoredNonce.new
end

Instance Method Details

#clear(server_url) ⇒ Object

Clears a nonce for a server

Parameters:

• server_url (String) —

  The server’s URL

# File 'lib/atproto_auth/dpop/nonce_manager.rb', line 70

def clear(server_url)
  validate_server_url!(server_url)
  origin = normalize_server_url(server_url)
  key = Storage::KeyBuilder.nonce_key(origin)
  AtprotoAuth.storage.delete(key)
end

#get(server_url) ⇒ String^?

Gets the current nonce for a server

Parameters:

• server_url (String) —

  The server’s URL

Returns:

• (String, nil) —

  The current nonce or nil if none exists/expired

Raises:

• (NonceError) —

  if server_url is invalid

# File 'lib/atproto_auth/dpop/nonce_manager.rb', line 52

def get(server_url)
  validate_server_url!(server_url)
  origin = normalize_server_url(server_url)
  key = Storage::KeyBuilder.nonce_key(origin)

  stored = AtprotoAuth.storage.get(key)
  return nil unless stored

  begin
    stored_nonce = @serializer.deserialize(stored)
    stored_nonce.value
  rescue Serialization::Error => e
    raise NonceError, "Failed to deserialize nonce: #{e.message}"
  end
end

#update(nonce:, server_url:) ⇒ Object

Updates the stored nonce for a server

Parameters:

• nonce (String) —

  The new nonce value

• server_url (String) —

  The server’s URL

Raises:

• (NonceError) —

  if inputs are invalid

# File 'lib/atproto_auth/dpop/nonce_manager.rb', line 35

def update(nonce:, server_url:)
  validate_inputs!(nonce, server_url)
  origin = normalize_server_url(server_url)

  stored_nonce = StoredNonce.new(nonce, origin)
  serialized = @serializer.serialize(stored_nonce)

  key = Storage::KeyBuilder.nonce_key(origin)
  return if AtprotoAuth.storage.set(key, serialized, ttl: @ttl)

  raise NonceError, "Failed to store nonce"
end

#valid_nonce?(server_url) ⇒ Boolean

Check if a server has a valid nonce

Parameters:

• server_url (String) —

  The server’s URL

Returns:

• (Boolean) —

  true if server has a valid nonce

# File 'lib/atproto_auth/dpop/nonce_manager.rb', line 80

def valid_nonce?(server_url)
  validate_server_url!(server_url)
  origin = normalize_server_url(server_url)
  key = Storage::KeyBuilder.nonce_key(origin)
  AtprotoAuth.storage.exists?(key)
end