BreakGlass.TokenStore (BreakGlassEx v0.1.0)

Copy Markdown View Source

GenServer that owns the :break_glass_tokens ETS table.

Maintains at most one active break-glass session token in memory. A node restart automatically invalidates any active token — by design.

ETS Table

Table name: :break_glass_tokens Record format: {:active_token, token :: binary(), inserted_at :: DateTime.t()} Access: :protected with read_concurrency: true

lookup/1 reads ETS directly — no GenServer round-trip. All mutations go through GenServer.call/2 so writes are serialised and race-free.

Functions

  • build_and_store/0 — generates a 32-byte cryptographically random token, stores it with a UTC timestamp, and returns the binary token
  • lookup/1 — returns {:ok, inserted_at} if the token matches, or :error
  • delete/1 — removes the token if it matches; returns :ok or :error
  • clear/0 — unconditionally removes the active token record

Summary

Functions

build_and_store()

Generates a 32-byte cryptographically random token, stores it with a UTC insertion timestamp (replacing any previously stored token), and returns the raw binary token.

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

clear()

Unconditionally removes the active token record from the ETS table.

delete(token)

Deletes the stored token if it matches token.

lookup(token)

Looks up token in the ETS table.

start_link(opts \\ [])

Starts the TokenStore GenServer and registers it under Elixir.BreakGlass.TokenStore.

Functions

build_and_store()

@spec build_and_store() :: binary()

Generates a 32-byte cryptographically random token, stores it with a UTC insertion timestamp (replacing any previously stored token), and returns the raw binary token.

child_spec(init_arg)

Returns a specification to start this module under a supervisor.

See Supervisor.

clear()

@spec clear() :: :ok

Unconditionally removes the active token record from the ETS table.

Returns :ok.

delete(token)

@spec delete(token :: binary()) :: :ok | :error

Deletes the stored token if it matches token.

First checks the stored token against token via an ETS read, then delegates the actual removal to the GenServer to serialise the write.

Returns :ok on a successful match-and-delete, or :error when the token does not match (or no token is stored).

lookup(token)

@spec lookup(token :: binary()) :: {:ok, DateTime.t()} | :error

Looks up token in the ETS table.

Reads ETS directly — no GenServer round-trip.

Returns {:ok, inserted_at} when token matches the stored token, or :error when there is no match or no token is stored.

start_link(opts \\ [])

@spec start_link(keyword()) :: GenServer.on_start()

Starts the TokenStore GenServer and registers it under Elixir.BreakGlass.TokenStore.