NAME
Chandra::Socket::Token - Token management with rotation and expiry
SYNOPSIS
use Chandra::Socket::Token;
my $tm = Chandra::Socket::Token->new(
ttl => 3600, # Token expires after 1 hour (seconds)
rotation => 1800, # Rotate every 30 minutes
grace => 60, # Old token valid for 60s after rotation
length => 32, # Token length in bytes (default 32)
);
my $token = $tm->current;
my $valid = $tm->validate($token);
$tm->rotate;
# Old token still valid during grace period
$tm->validate($token); # true (within grace)
# Info hash
my $info = $tm->info;DESCRIPTION
Chandra::Socket::Token manages cryptographic token generation, validation, rotation and expiry for the Chandra Socket IPC system.
Tokens are generated from /dev/urandom (with a rand() fallback) and represented as hex-encoded strings.
METHODS
new(%opts)
Create a new token manager. Options:
- ttl => $seconds
-
Token lifetime. Default 3600 (1 hour).
- rotation => $seconds
-
Rotation interval. Default 1800 (30 minutes).
- grace => $seconds
-
Grace period after rotation during which the old token is still accepted. Default 60.
- length => $bytes
-
Token length in bytes (hex output is 2x this). Default 32.
generate
Generate and return a new random token (does not affect manager state).
current
Return the current active token.
previous
Return the previous token (during grace period), or undef.
validate($token)
Return 1 if the token matches current or previous (during grace), 0 otherwise.
rotate
Force a token rotation. Current token becomes previous with grace period.
rotation_due
Return 1 if the rotation interval has elapsed.
expired
Return 1 if the token has exceeded its TTL.
in_grace
Return 1 if currently within a grace period after rotation.
info
Return a hashref with token state: current, previous, created_at, expires_at, rotation_at, grace_until.
on_rotate($coderef)
Register a callback fired on each rotation, receiving the new token.
ttl
Return the configured TTL.
rotation_interval
Return the configured rotation interval.
grace_period
Return the configured grace period.