fix #50: add exponential backoff for 429 calls (#67)

gkwang · web-flow · commit 264f83034ecb · 2025-12-05T10:34:42.000+11:00
* fix #50: add exponential backoff for 429 calls
diff --git a/analyzer/tools/auth0.js b/analyzer/tools/auth0.js
@@ -10,6 +10,52 @@ const PER_PAGE = 100;
 axios.defaults.headers.common["User-Agent"] =
   `${packageName}/${packageVersion}`;
 
+// Add exponential backoff interceptor
+axios.interceptors.response.use(
+  (response) => response,
+  async (error) => {
+    const config = error.config;
+
+    // Retry on 429 (Too Many Requests)
+    if (error.response && error.response.status === 429) {
+      config.__retryCount = config.__retryCount || 0;
+      const MAX_RETRIES = 5;
+
+      if (config.__retryCount >= MAX_RETRIES) {
+        return Promise.reject(error);
+      }
+
+      // Calculate delay
+      let delayInMs = 1000;
+      if (error.response.headers["retry-after"]) {
+        //usually Auth0 provides seconds in retry-after header
+        const retryAfter = parseInt(error.response.headers["retry-after"], 10);
+        if (!isNaN(retryAfter)) {
+          delayInMs = retryAfter * 1000;
+        }
+      } else {
+        // In case Auth0 changes retry-after header
+        delayInMs = Math.pow(2, config.__retryCount) * 1000;
+      }
+
+      // Add some jitter to prevent thundering herd
+      delayInMs += Math.random() * 1000;
+
+      logger.log(
+        "warn",
+        `Rate limited. Retrying in ${Math.round(delayInMs)}ms... 
+        (Attempt ${config.__retryCount}/${MAX_RETRIES}) due to ${error.response.status} response`,
+      );
+
+      config.__retryCount += 1;
+      await new Promise((resolve) => setTimeout(resolve, delayInMs));
+      return axios(config);
+    }
+
+    return Promise.reject(error);
+  }
+);
+
 async function getAccessToken(domain, client_id, client_secret, access_token) {
   if (access_token) {
     return access_token;
diff --git a/tests/tools/auth0_retry.test.js b/tests/tools/auth0_retry.test.js
@@ -0,0 +1,215 @@
+const { expect } = require("chai");
+const axios = require("axios");
+const logger = require("../../analyzer/lib/logger");
+// We need to require the file to ensure the interceptor is attached
+require("../../analyzer/tools/auth0");
+
+describe("Auth0 API Retry Logic", function() {
+  let originalAdapter;
+  let originalLoggerLog;
+  let logSpy = [];
+
+  beforeEach(function() {
+    originalAdapter = axios.defaults.adapter;
+    originalLoggerLog = logger.log;
+    logSpy = [];
+    logger.log = (level, message) => {
+      logSpy.push({ level, message });
+    };
+  });
+
+  afterEach(function() {
+    axios.defaults.adapter = originalAdapter;
+    logger.log = originalLoggerLog;
+  });
+
+  it("should retry on 429 and eventually succeed", async function() {
+    let attempts = 0;
+    
+    // Mock adapter that fails twice with 429 then succeeds
+    axios.defaults.adapter = async (config) => {
+      attempts++;
+      if (attempts <= 2) {
+        const error = new Error("Request failed with status code 429");
+        error.config = config; // Attach config to error
+        error.response = {
+          status: 429,
+          headers: { "retry-after": "1" }, // 1 second
+          config: config,
+          data: {}
+        };
+        // We need to reject for the interceptor to catch it
+        return Promise.reject(error);
+      }
+      return {
+        status: 200,
+        statusText: "OK",
+        headers: {},
+        config: config,
+        data: { success: true }
+      };
+    };
+
+    // Override setTimeout to speed up tests
+    const originalSetTimeout = global.setTimeout;
+    global.setTimeout = (fn) => fn();
+
+    try {
+      const response = await axios.get("https://auth0.com/api");
+      expect(response.data.success).to.be.true;
+      expect(attempts).to.equal(3); // Initial + 2 retries
+      
+      // Verify logs
+      const retryLogs = logSpy.filter(l => l.message.includes("Rate limited. Retrying"));
+      expect(retryLogs.length).to.equal(2);
+    } finally {
+      global.setTimeout = originalSetTimeout;
+    }
+  });
+
+  it("should fail after max retries", async function() {
+    let attempts = 0;
+    
+    axios.defaults.adapter = async (config) => {
+      attempts++;
+      const error = new Error("Request failed with status code 429");
+      error.config = config; // Attach config to error
+      error.response = {
+        status: 429,
+        headers: {}, // No retry-after, use exponential backoff
+        config: config,
+        data: {}
+      };
+      return Promise.reject(error);
+    };
+
+    // Override setTimeout
+    const originalSetTimeout = global.setTimeout;
+    global.setTimeout = (fn) => fn();
+
+    try {
+      await axios.get("https://auth0.com/api");
+      throw new Error("Should have failed");
+    } catch (error) {
+      expect(error.response.status).to.equal(429);
+      // Initial + 5 retries = 6 attempts
+      expect(attempts).to.equal(6);
+    } finally {
+      global.setTimeout = originalSetTimeout;
+    }
+  });
+
+  it("should respect Retry-After header", async function() {
+    let attempts = 0;
+    let delays = [];
+
+    // Mock setTimeout to capture delays
+    const originalSetTimeout = global.setTimeout;
+    global.setTimeout = (fn, delay) => {
+      delays.push(delay);
+      fn();
+    };
+
+    axios.defaults.adapter = async (config) => {
+      attempts++;
+      if (attempts === 1) {
+        const error = new Error("Request failed with status code 429");
+        error.config = config; // Attach config to error
+        error.response = {
+          status: 429,
+          headers: { "retry-after": "2" }, // 2 seconds
+          config: config,
+          data: {}
+        };
+        return Promise.reject(error);
+      }
+      return { status: 200, data: {} };
+    };
+
+    try {
+      await axios.get("https://auth0.com/api");
+      expect(attempts).to.equal(2);
+      // Delay should be around 2000ms + jitter
+      expect(delays[0]).to.be.at.least(2000);
+      expect(delays[0]).to.be.below(3100); // 2000 + max 1000 jitter
+    } finally {
+      global.setTimeout = originalSetTimeout;
+    }
+  });
+
+  it("should handle Date format Retry-After header", async function() {
+    let attempts = 0;
+    let delays = [];
+
+    // Mock setTimeout to capture delays
+    const originalSetTimeout = global.setTimeout;
+    global.setTimeout = (fn, delay) => {
+      delays.push(delay);
+      fn();
+    };
+
+    axios.defaults.adapter = async (config) => {
+      attempts++;
+      if (attempts === 1) {
+        const error = new Error("Request failed with status code 429");
+        error.config = config; // Attach config to error
+        error.response = {
+          status: 429,
+          headers: { "retry-after": "Wed, 21 Oct 2015 07:28:00 GMT" }, 
+          config: config,
+          data: {}
+        };
+        return Promise.reject(error);
+      }
+      return { status: 200, data: {} };
+    };
+
+    try {
+      await axios.get("https://auth0.com/api");
+      expect(attempts).to.equal(2);
+      // Delay should be default, around 1000ms + jitter
+      expect(delays[0]).to.be.at.least(1000);
+      expect(delays[0]).to.be.below(2000); // 1000 + max 1000 jitter
+    } finally {
+      global.setTimeout = originalSetTimeout;
+    }
+  });
+
+  it("should handle non existent Retry-After header", async function() {
+    let attempts = 0;
+    let delays = [];
+
+    // Mock setTimeout to capture delays
+    const originalSetTimeout = global.setTimeout;
+    global.setTimeout = (fn, delay) => {
+      delays.push(delay);
+      fn();
+    };
+
+    axios.defaults.adapter = async (config) => {
+      attempts++;
+      if (attempts === 1) {
+        const error = new Error("Request failed with status code 429");
+        error.config = config; // Attach config to error
+        error.response = {
+          status: 429,
+          headers: {}, // No retry-after
+          config: config,
+          data: {}
+        };
+        return Promise.reject(error);
+      }
+      return { status: 200, data: {} };
+    };
+
+    try {
+      await axios.get("https://auth0.com/api");
+      expect(attempts).to.equal(2);
+      // Delay should be default, around 1000ms + jitter
+      expect(delays[0]).to.be.at.least(1000);
+      expect(delays[0]).to.be.below(2000); // 1000 + max 1000 jitter
+    } finally {
+      global.setTimeout = originalSetTimeout;
+    }
+  });
+});
