@mondaydotcomorg/monday-authorization 3.8.0 → 3.9.4-feat-shaime-fix-timeout-5ff7b3a

package/src/authorization-internal-service.ts

@@ -1,54 +1,207 @@
 import { signAuthorizationHeader } from '@mondaydotcomorg/monday-jwt';
-import { fetch, MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import * as MondayLogger from '@mondaydotcomorg/monday-logger';
 import {
   NullableErrorWithType,
   OnRetryCallback,
+  Response,
   RetryPolicy,
-  RetryDelayCallback,
+  GetTimeout,
 } from '@mondaydotcomorg/monday-fetch-api';
 import { IgniteClient } from '@mondaydotcomorg/ignite-sdk';
 import { BaseRequest } from './types/general';
+import type { AuthorizationFetchOptions } from './types/fetch-options';
 
 const INTERNAL_APP_NAME = 'internal_ms';
 export const MAX_RETRIES = 3;
 export const RETRY_DELAY_MS = 20;
 export const logger = MondayLogger.getLogger();
 
-const defaultMondayFetchOptions: MondayFetchOptions = {
+export const IGNITE_RETRY_CONFIG_KEY = 'authorization_retry_config';
+
+let igniteClient: IgniteClient | undefined;
+
+type RetryConfig = {
+  retries: number;
+  baseDelayMs: number;
+  exponentBase: number;
+  jitterMinMs: number;
+  jitterMaxMs: number;
+  /**
+   * Array of status matchers used by RetryPolicy.retryOn.
+   * Supported forms:
+   * - "429" (exact status)
+   * - "5**" (wildcards; '*' matches any digit) => 5xx
+   * - "5*9" (wildcards; '*' matches any digit) => 509, 519, ... 599
+   */
+  retryOnStatusPatterns: string[];
+};
+
+const defaultRetryConfig: RetryConfig = {
   retries: MAX_RETRIES,
-  callback: logOnFetchFail,
+  baseDelayMs: RETRY_DELAY_MS,
+  exponentBase: 2,
+  jitterMinMs: 0,
+  jitterMaxMs: 1000,
+  retryOnStatusPatterns: ['429', '5**'],
 };
 
-export const onRetryCallback: OnRetryCallback = (attempt: number, error?: NullableErrorWithType) => {
-  if (attempt == MAX_RETRIES) {
-    logger.error({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed');
+/**
+ * Sanitizes retry configuration values to ensure they are within valid ranges
+ */
+function sanitizeRetryConfig(config: RetryConfig): RetryConfig {
+  return {
+    ...config,
+    retries: Math.max(0, Math.min(5, config.retries)),
+    exponentBase: Math.max(1, Math.min(100, config.exponentBase)),
+    jitterMinMs: Math.max(0, config.jitterMinMs),
+  };
+}
+
+function getRetryConfig(): RetryConfig {
+  if (!igniteClient) {
+    return defaultRetryConfig;
+  }
+  try {
+    const config = igniteClient.configuration.getObjectValue<RetryConfig>(IGNITE_RETRY_CONFIG_KEY, defaultRetryConfig);
+    return sanitizeRetryConfig(config);
+  } catch (error) {
+    logger.error(
+      { tag: 'authorization-service', error, key: IGNITE_RETRY_CONFIG_KEY, defaultValue: defaultRetryConfig },
+      'Failed to get ignite retry config, using defaults'
+    );
+    return defaultRetryConfig;
+  }
+}
+
+function randomIntInclusive(min: number, max: number): number {
+  if (max <= min) {
+    return min;
+  }
+  return Math.floor(min + Math.random() * (max - min + 1));
+}
+
+type StatusMatcher = (status: number) => boolean;
+
+function buildHttpStatusMatchers(patterns: string[]): StatusMatcher[] {
+  const matchers: StatusMatcher[] = [];
+
+  const addWildcardMatcher = (wildcard: string) => {
+    // Normalized 3-char pattern with digits or '*'
+    matchers.push((status: number) => {
+      const s = String(status);
+      if (s.length !== 3) {
+        return false;
+      }
+      for (let i = 0; i < 3; i++) {
+        const w = wildcard[i];
+        const c = s[i];
+        if (w === '*') {
+          continue;
+        }
+        if (w !== c) {
+          return false;
+        }
+      }
+      return true;
+    });
+  };
+
+  for (const raw of patterns ?? []) {
+    const p = String(raw).trim();
+    if (!p) {
+      continue;
+    }
+
+    // Exact numeric status (e.g. "429")
+    if (/^\d+$/.test(p)) {
+      const exact = Number(p);
+      if (Number.isFinite(exact)) {
+        matchers.push((status: number) => status === exact);
+      }
+      continue;
+    }
+
+    // Wildcards for 3-digit HTTP codes:
+    // - "5**" => 5xx
+    // - "5*9" => 5?9
+    if (/^[0-9*]+$/.test(p) && p.includes('*')) {
+      const normalized = p.length < 3 ? p.padEnd(3, '*') : p;
+      if (normalized.length !== 3) {
+        logger.warn(
+          { tag: 'authorization-service', pattern: p },
+          'Invalid retry status wildcard pattern (expected a 3-character pattern like "5**" or "5*9")'
+        );
+      } else {
+        addWildcardMatcher(normalized);
+      }
+      continue;
+    }
+
+    logger.warn(
+      { tag: 'authorization-service', pattern: p },
+      'Invalid retry status pattern (supported: exact code like "429" or wildcard like "5**")'
+    );
+  }
+  return matchers;
+}
+
+function shouldRetryOnResponseStatus(
+  responseOrStatus: Response | null | undefined,
+  statusMatchers: StatusMatcher[]
+): boolean {
+  const status = responseOrStatus?.status;
+  if (typeof status !== 'number') {
+    return false;
+  }
+  return statusMatchers.some(matcher => matcher(status));
+}
+
+export const onRetryCallback: OnRetryCallback = (
+  attempt: number,
+  error?: NullableErrorWithType,
+  response?: Response | null,
+  isTimeoutError?: boolean
+) => {
+  const effectiveMaxRetries = getRetryConfig().retries;
+  if (attempt == effectiveMaxRetries) {
+    logger.error(
+      { tag: 'authorization-service', attempt, error, response, isTimeoutError },
+      'Authorization attempt failed'
+    );
   } else {
-    logger.info({ tag: 'authorization-service', attempt, error }, 'Authorization attempt failed, trying again');
+    logger.info(
+      { tag: 'authorization-service', attempt, error, response, isTimeoutError },
+      'Authorization attempt failed, trying again'
+    );
   }
 };
 
 /**
  * Exponential backoff retry delay callback
- * Calculates delay as: baseDelay * 2^(attemptCount - 1)
+ * Calculates delay as: baseDelay * (exponentBase)^(attemptCount - 1) + jitter(min..max)
  * Example: attempt 1 -> 100ms, attempt 2 -> 200ms, attempt 3 -> 400ms
  */
-export const calcDelayDurationInMs: RetryDelayCallback = ({ attemptCount }) => {
-  return RETRY_DELAY_MS * Math.pow(2, attemptCount - 1);
+export const calcDelayDurationInMs = ({ attemptCount }: { attemptCount: number }): number => {
+  const { baseDelayMs, exponentBase, jitterMinMs, jitterMaxMs } = getRetryConfig();
+  const jitterMin = Math.min(jitterMinMs, jitterMaxMs);
+  const jitterMax = Math.max(jitterMinMs, jitterMaxMs);
+  const expDelay = baseDelayMs * Math.pow(exponentBase, attemptCount - 1);
+  const jitter = randomIntInclusive(jitterMin, jitterMax);
+  return expDelay + jitter;
 };
 
-function logOnFetchFail(retriesLeft: number, error: Error) {
-  if (retriesLeft == 0) {
-    logger.error({ retriesLeft, error }, `Authorization attempt failed due to ${error.message}`);
-  } else {
-    logger.info({ retriesLeft, error }, `Authorization attempt failed due to ${error.message}, trying again`);
-  }
-}
-
-let mondayFetchOptions: MondayFetchOptions = defaultMondayFetchOptions;
+let mondayFetchOptions: AuthorizationFetchOptions = {
+  retries: defaultRetryConfig.retries,
+};
 
 export class AuthorizationInternalService {
-  static igniteClient?: IgniteClient;
+  static get igniteClient(): IgniteClient | undefined {
+    return igniteClient;
+  }
+
+  static set igniteClient(client: IgniteClient | undefined) {
+    igniteClient = client;
+  }
   static skipAuthorization(requset: BaseRequest): void {
     requset.authorizationSkipPerformed = true;
   }
@@ -63,7 +216,7 @@ export class AuthorizationInternalService {
     }
   }
 
-  static throwOnHttpErrorIfNeeded(response: Awaited<ReturnType<typeof fetch>>, placement: string): void {
+  static throwOnHttpErrorIfNeeded(response: Response, placement: string): void {
     if (response.ok) {
       return;
     }
@@ -89,25 +242,28 @@ export class AuthorizationInternalService {
     return signAuthorizationHeader({ appName: INTERNAL_APP_NAME, accountId, userId });
   }
 
-  static setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions) {
+  static setRequestFetchOptions(customMondayFetchOptions: AuthorizationFetchOptions) {
+    const sanitizedOptions: AuthorizationFetchOptions = { ...customMondayFetchOptions };
+    if (sanitizedOptions.retries !== undefined) {
+      sanitizedOptions.retries = Math.max(0, Math.min(5, sanitizedOptions.retries));
+    }
     mondayFetchOptions = {
-      ...defaultMondayFetchOptions,
-      ...customMondayFetchOptions,
+      ...defaultRetryConfig,
+      ...sanitizedOptions,
     };
   }
 
-  static getRequestFetchOptions(): MondayFetchOptions {
+  static getRequestFetchOptions(): AuthorizationFetchOptions {
     return mondayFetchOptions;
   }
 
   static setIgniteClient(client: IgniteClient) {
-    this.igniteClient = client;
+    igniteClient = client;
   }
 
   static getRequestTimeout() {
     const isDevEnv = process.env.NODE_ENV === 'development';
     const defaultTimeout = isDevEnv ? 60000 : 2000;
-
     if (!this.igniteClient) {
       return defaultTimeout;
     }
@@ -133,12 +289,25 @@ export class AuthorizationInternalService {
 
   static getRetriesPolicy(): RetryPolicy {
     const fetchOptions = AuthorizationInternalService.getRequestFetchOptions();
-    const retryDelayMS = calcDelayDurationInMs;
+    const retryConfig = getRetryConfig();
+    const statusMatchers = buildHttpStatusMatchers(retryConfig.retryOnStatusPatterns);
+    const defaultRetryOn = (_attempt, _error, response, isTimeoutError) => {
+      return isTimeoutError ? true : shouldRetryOnResponseStatus(response ?? undefined, statusMatchers);
+    };
+    // Sanitize retries from fetchOptions: clamp between 0 and 5
+    const rawMaxRetries = fetchOptions?.retries ?? retryConfig.retries;
+    const effectiveMaxRetries = Math.max(0, Math.min(5, rawMaxRetries));
+    const defaultGetTimeout: GetTimeout = timeoutsCount =>
+      calcDelayDurationInMs({ attemptCount: timeoutsCount }) + AuthorizationInternalService.getRequestTimeout();
+
     return {
-      useRetries: !!fetchOptions.retries,
-      maxRetries: fetchOptions.retries ?? 0,
-      onRetry: onRetryCallback,
-      retryDelayMS,
+      useRetries: fetchOptions?.useRetries ?? true,
+      maxRetries: effectiveMaxRetries,
+      retryDelayMS: fetchOptions?.retryDelayMS ?? calcDelayDurationInMs,
+      onRetry: fetchOptions?.callback ?? onRetryCallback,
+      retryOn: fetchOptions?.retryOn ?? defaultRetryOn,
+      timeoutRetries: fetchOptions?.timeoutRetries ?? effectiveMaxRetries,
+      getTimeout: fetchOptions?.getTimeout ?? defaultGetTimeout,
     };
   }
 }

package/src/authorization-service.ts

@@ -1,5 +1,4 @@
 import { performance } from 'perf_hooks';
-import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { Api } from '@mondaydotcomorg/trident-backend-api';
 import { HttpFetcherError } from '@mondaydotcomorg/monday-fetch-api';
 import { getIgniteClient, IgniteClient } from '@mondaydotcomorg/ignite-sdk';
@@ -17,6 +16,7 @@ import { getAttributionsFromApi, getProfile } from './attributions-service';
 import { GraphApi } from './clients/graph-api';
 import { PlatformApi } from './clients/platform-api';
 import { scopeToResource } from './utils/authorization.utils';
+import { AuthorizationFetchOptions } from './types/fetch-options';
 
 const GRANTED_FEATURE_CACHE_EXPIRATION_SECONDS = 5 * 60;
 const PLATFORM_AUTHORIZE_PATH = '/internal_ms/authorization/authorize';
@@ -29,7 +29,7 @@ export interface AuthorizeResponse {
   unauthorizedObjects?: AuthorizationObject[];
 }
 
-export function setRequestFetchOptions(customMondayFetchOptions: MondayFetchOptions) {
+export function setRequestFetchOptions(customMondayFetchOptions: AuthorizationFetchOptions) {
   AuthorizationInternalService.setRequestFetchOptions(customMondayFetchOptions);
 }
 

package/src/constants.ts

@@ -15,11 +15,6 @@ export const ERROR_MESSAGES = {
 } as const;
 
 export const DEFAULT_FETCH_OPTIONS: RecursivePartial<FetcherConfig> = {
-  retryPolicy: {
-    useRetries: true,
-    maxRetries: 3,
-    retryDelayMS: 10,
-  },
   logPolicy: {
     logErrors: 'error',
     logRequests: 'info',

package/src/index.ts

@@ -1,8 +1,8 @@
-import { MondayFetchOptions } from '@mondaydotcomorg/monday-fetch';
 import { setPrometheus } from './prometheus-service';
 import { setIgniteClient, setRedisClient, setRequestFetchOptions } from './authorization-service';
 import { initializeMetrics, MetricsClient } from './metrics-service';
 import * as TestKit from './testKit';
+import { AuthorizationFetchOptions } from './types/fetch-options';
 
 interface MetricsInitOptions {
   client?: MetricsClient;
@@ -14,7 +14,7 @@ interface MetricsInitOptions {
 
 export interface InitOptions {
   prometheus?: any;
-  mondayFetchOptions?: MondayFetchOptions;
+  mondayFetchOptions?: AuthorizationFetchOptions;
   redisClient?: any;
   grantedFeatureRedisExpirationInSeconds?: number;
   metrics?: MetricsInitOptions;

package/src/memberships.ts

@@ -8,6 +8,7 @@ import {
 } from 'types/memberships';
 import { handleApiError } from 'utils/api-error-handler';
 import { getAttributionsFromApi } from './attributions-service';
+import { AuthorizationInternalService } from './authorization-internal-service';
 
 import { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES } from './constants';
 
@@ -69,7 +70,11 @@ export class MembershipsService {
           },
           body: JSON.stringify({ memberships }),
         },
-        this.fetchOptions
+        {
+          ...this.fetchOptions,
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
       );
     } catch (err) {
       return handleApiError(err, 'authorization', 'upsertMemberships');
@@ -101,7 +106,11 @@ export class MembershipsService {
           },
           body: JSON.stringify({ memberships }),
         },
-        this.fetchOptions
+        {
+          ...this.fetchOptions,
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
       );
     } catch (err) {
       return handleApiError(err, 'authorization', 'deleteMemberships');

package/src/roles-service.ts

@@ -2,6 +2,7 @@ import { Api, FetcherConfig, HttpClient } from '@mondaydotcomorg/trident-backend
 import { HttpFetcherError, RecursivePartial } from '@mondaydotcomorg/monday-fetch-api';
 import { RoleCreateRequest, RolesResponse, RoleUpdateRequest } from 'types/roles';
 import { getAttributionsFromApi } from 'attributions-service';
+import { AuthorizationInternalService } from './authorization-internal-service';
 import { APP_NAME, DEFAULT_FETCH_OPTIONS, ERROR_MESSAGES } from './constants';
 
 const API_PATH = '/roles/account/{accountId}';
@@ -113,7 +114,11 @@ export class RolesService {
           },
           body: method === 'GET' ? undefined : body,
         },
-        this.fetchOptions
+        {
+          ...this.fetchOptions,
+          timeout: AuthorizationInternalService.getRequestTimeout(),
+          retryPolicy: AuthorizationInternalService.getRetriesPolicy(),
+        }
       );
     } catch (err) {
       if (err instanceof HttpFetcherError) {

package/src/types/fetch-options.ts

@@ -0,0 +1,18 @@
+import type {
+  ShouldRetryCallback,
+  RetryDelayCallback,
+  OnRetryCallback,
+  GetTimeout,
+} from '@mondaydotcomorg/monday-fetch-api';
+
+interface FetchOptions {
+  callback: OnRetryCallback;
+  useRetries: boolean;
+  retries: number;
+  retryDelayMS: number | RetryDelayCallback;
+  retryOn: ShouldRetryCallback;
+  getTimeout: GetTimeout;
+  timeoutRetries: number;
+}
+
+export type AuthorizationFetchOptions = Partial<FetchOptions>;

package/src/types/scoped-actions-contracts.ts

@@ -18,17 +18,7 @@ export interface AccountScope {
   accountId: number;
 }
 
-export interface CredentialsSharedConfigScope {
-  credentialsSharedConfigId: number;
-}
-
-export type ScopeOptions =
-  | WorkspaceScope
-  | BoardScope
-  | PulseScope
-  | AccountProductScope
-  | AccountScope
-  | CredentialsSharedConfigScope;
+export type ScopeOptions = WorkspaceScope | BoardScope | PulseScope | AccountProductScope | AccountScope;
 
 export interface Translation {
   key: string;

package/src/utils/authorization.utils.ts

@@ -28,9 +28,6 @@ export function scopeToResource(scope: ScopeOptions): { resourceType: ResourceTy
   if ('accountId' in scope) {
     return { resourceType: 'account', resourceId: scope.accountId };
   }
-  if ('credentialsSharedConfigId' in scope) {
-    return { resourceType: 'credentials_shared_config', resourceId: scope.credentialsSharedConfigId };
-  }
 
   throw new Error('Unsupported scope provided');
 }