npm - @mpen/routekit - Versions diffs - 0.1.0 → 0.1.2 - Mend

@mpen/routekit 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (133) hide show

package/dist/bin.d.mts +4 -0
package/dist/client/react.d.mts +178 -0
package/dist/client/react.mjs +142 -0
package/dist/client.d.mts +433 -0
package/dist/client.mjs +264 -0
package/dist/content-BuDOmhH_.mjs +102 -0
package/dist/core-CzUCxvGk.d.mts +140 -0
package/dist/core-DbmQauwS.mjs +81 -0
package/dist/handlers.d.mts +72 -0
package/dist/handlers.mjs +153 -0
package/dist/index.d.mts +3 -0
package/dist/index.mjs +1152 -0
package/dist/middleware.d.mts +388 -0
package/dist/middleware.mjs +1222 -0
package/dist/request-Dn0zc-xm.mjs +1025 -0
package/dist/response/content.d.mts +79 -0
package/dist/response/content.mjs +2 -0
package/dist/response/json-rpc.d.mts +1 -0
package/dist/response/json-rpc.mjs +1 -0
package/dist/response/problem/valibot.d.mts +230 -0
package/dist/response/problem/valibot.mjs +258 -0
package/dist/response/problem.d.mts +415 -0
package/dist/response/problem.mjs +183 -0
package/dist/response/status.d.mts +45 -0
package/dist/response/status.mjs +2 -0
package/dist/responses-B379Ep9Y.d.mts +296 -0
package/dist/responses-BpVrgeYi.mjs +101 -0
package/dist/router-Cwb7ak0J.d.mts +1819 -0
package/dist/routes.d.mts +282 -0
package/dist/routes.mjs +311 -0
package/dist/status-C-8mw-FB.mjs +59 -0
package/dist/valibot-D7liFYyB.d.mts +290 -0
package/dist/valibot-Du97X-TS.mjs +326 -0
package/package.json +8 -2
package/src/bin/gen-api-client.test.ts +0 -70
package/src/bin/gen-api-client.ts +0 -986
package/src/client/headers.ts +0 -31
package/src/client/index.ts +0 -8
package/src/client/promise.ts +0 -11
package/src/client/react/index.test.tsx +0 -266
package/src/client/react/index.ts +0 -431
package/src/client/responses.test.ts +0 -151
package/src/client/responses.ts +0 -278
package/src/client/transport.ts +0 -74
package/src/client/transports/body-codec.ts +0 -61
package/src/client/transports/fetch.ts +0 -113
package/src/client/tsconfig.json +0 -9
package/src/client/types.ts +0 -15
package/src/client/url.ts +0 -31
package/src/index.ts +0 -63
package/src/router/fetch-types.ts +0 -13
package/src/router/handlers/index.ts +0 -2
package/src/router/handlers/openapi/index.ts +0 -2
package/src/router/handlers/openapi/openapi.ts +0 -293
package/src/router/integration/zod-openapi.test.ts +0 -74
package/src/router/lib/charset.test.ts +0 -22
package/src/router/lib/charset.ts +0 -133
package/src/router/lib/collections.ts +0 -3
package/src/router/lib/format.test.ts +0 -67
package/src/router/lib/format.ts +0 -35
package/src/router/lib/host.ts +0 -4
package/src/router/lib/json-schema.ts +0 -6
package/src/router/lib/media-type.test.ts +0 -122
package/src/router/lib/media-type.ts +0 -289
package/src/router/lib/pathname.test.ts +0 -18
package/src/router/lib/pathname.ts +0 -19
package/src/router/lib/route-names.ts +0 -70
package/src/router/lib/route-normalize.test.ts +0 -36
package/src/router/lib/route-normalize.ts +0 -67
package/src/router/lib/schema-merge.ts +0 -56
package/src/router/middleware/accept-ctx.test.ts +0 -33
package/src/router/middleware/accept-ctx.ts +0 -12
package/src/router/middleware/body-limit.test.ts +0 -112
package/src/router/middleware/body-limit.ts +0 -121
package/src/router/middleware/content-type-context.ts +0 -0
package/src/router/middleware/cors.test.ts +0 -269
package/src/router/middleware/cors.ts +0 -490
package/src/router/middleware/csrf.test.ts +0 -106
package/src/router/middleware/csrf.ts +0 -192
package/src/router/middleware/define.ts +0 -249
package/src/router/middleware/index.ts +0 -34
package/src/router/middleware/jsxhtml-response.ts +0 -0
package/src/router/middleware/oas-swagger.ts +0 -0
package/src/router/middleware/rate-limit.test.ts +0 -886
package/src/router/middleware/rate-limit.ts +0 -920
package/src/router/middleware/request-id-ctx.test.ts +0 -183
package/src/router/middleware/request-id-ctx.ts +0 -135
package/src/router/middleware/request-logger-format.test.ts +0 -16
package/src/router/middleware/request-logger-format.ts +0 -269
package/src/router/middleware/request-logger.test.ts +0 -267
package/src/router/middleware/request-logger.ts +0 -131
package/src/router/middleware/start-time-ctx.ts +0 -5
package/src/router/request.ts +0 -611
package/src/router/response/core.ts +0 -181
package/src/router/response/directives.ts +0 -233
package/src/router/response/formats/content/bodyless.ts +0 -54
package/src/router/response/formats/content/content.ts +0 -79
package/src/router/response/formats/content/index.ts +0 -2
package/src/router/response/formats/json-rpc/index.ts +0 -2
package/src/router/response/formats/problem/badRequest.ts +0 -90
package/src/router/response/formats/problem/conflict.ts +0 -90
package/src/router/response/formats/problem/created.ts +0 -40
package/src/router/response/formats/problem/index.ts +0 -27
package/src/router/response/formats/problem/notFound.ts +0 -90
package/src/router/response/formats/problem/permissionDenied.ts +0 -90
package/src/router/response/formats/problem/problem.test.ts +0 -888
package/src/router/response/formats/problem/rateLimited.ts +0 -90
package/src/router/response/formats/problem/responses.ts +0 -219
package/src/router/response/formats/problem/root-errors.ts +0 -48
package/src/router/response/formats/problem/sessionExpired.ts +0 -90
package/src/router/response/formats/problem/types.ts +0 -170
package/src/router/response/formats/problem/unauthenticated.ts +0 -90
package/src/router/response/formats/problem/valibot.ts +0 -410
package/src/router/response/formats/status/index.ts +0 -1
package/src/router/response/formats/status/responses.ts +0 -59
package/src/router/response/formats/status/status.test.ts +0 -21
package/src/router/response/framers.ts +0 -85
package/src/router/response/index.ts +0 -28
package/src/router/response/openapi.test.ts +0 -96
package/src/router/response/openapi.ts +0 -1
package/src/router/response/serializers.ts +0 -66
package/src/router/response/stream.ts +0 -35
package/src/router/router.test.ts +0 -1571
package/src/router/router.ts +0 -1965
package/src/router/routes/index.ts +0 -46
package/src/router/routes/valibot/index.ts +0 -18
package/src/router/routes/valibot/valibot.ts +0 -1393
package/src/router/routes/valibot.test.ts +0 -286
package/src/router/routes/zod/index.ts +0 -18
package/src/router/routes/zod/zod.ts +0 -1318
package/src/router/routes/zod.test.ts +0 -280
package/src/router/server-interface.ts +0 -31
package/src/router/types.ts +0 -657

package/src/router/middleware/rate-limit.test.ts DELETED Viewed

@@ -1,886 +0,0 @@
-#!/usr/bin/env -S bun test
-import { describe, expect, it } from 'bun:test'
-import { HttpMethod } from '@mpen/http'
-import { existsSync } from 'node:fs'
-import { fileURLToPath } from 'node:url'
-import { Router } from '../router'
-import { rateLimit } from './rate-limit'
-const asnDbPath = fileURLToPath(new URL('../testing/GeoLite2-ASN.mmdb', import.meta.url))
-const countryDbPath = fileURLToPath(new URL('../testing/GeoLite2-Country.mmdb', import.meta.url))
-const hasMaxmindDbs = existsSync(asnDbPath) && existsSync(countryDbPath)
-class CaptureStorage {
-    keys: string[] = []
-    async readCounter(_ctx: unknown, _key: string) {
-        return null
-    }
-    async writeCounter(_ctx: unknown, key: string, _counter: unknown, _ttlMs: number) {
-        this.keys.push(key)
-    }
-}
-const delay = (ms: number) => new Promise((resolve) => setTimeout(resolve, ms))
-describe(rateLimit.name, () => {
-    it('declares its throttled response on affected routes', () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 2,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({ method: HttpMethod.GET, path: '/', handler: () => new Response() })
-        expect(router.getRoutes()[0]?.schema?.response?.body).toEqual({
-            429: { type: 'string' },
-        })
-    })
-    it('enforces per-user identity limits', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 2,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/',
-            handler: () => new Response('ok'),
-        })
-        const makeRequest = () =>
-            new Request('https://example.com/', {
-                headers: { 'x-forwarded-for': '203.0.113.5' },
-            })
-        const response1 = await router.fetch(makeRequest())
-        const response2 = await router.fetch(makeRequest())
-        const response3 = await router.fetch(makeRequest())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(200)
-        expect(response3.status).toBe(429)
-    })
-    it('applies endpoint limits to identity and subnet', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null,
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 100,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: true,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [{ pattern: '/limited', limit: { GET: 1 } }],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/limited',
-            handler: () => new Response('ok'),
-        })
-        const makeRequest = () =>
-            new Request('https://example.com/limited', {
-                headers: { 'x-forwarded-for': '203.0.113.7' },
-            })
-        const response1 = await router.fetch(makeRequest())
-        const response2 = await router.fetch(makeRequest())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-        expect(response2.headers.get('retry-after')).not.toBeNull()
-    })
-    it('avoids duplicate identity prefixes in endpoint keys', async () => {
-        const storage = new CaptureStorage()
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 10,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [{ pattern: '/endpoint', limit: { GET: 1 } }],
-                includeQueryInEndpointKey: false,
-                storage,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/endpoint',
-            handler: () => new Response('ok'),
-        })
-        await router.fetch(
-            new Request('https://example.com/endpoint', {
-                headers: { 'x-forwarded-for': '203.0.113.11' },
-            }),
-        )
-        expect(storage.keys.some((key) => key.includes('identity:identity:'))).toBe(false)
-    })
-    it('normalizes query params by default', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null,
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 10,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [{ pattern: '/search', limit: { GET: 1 } }],
-                includeQueryInEndpointKey: true,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/search',
-            handler: () => new Response('ok'),
-        })
-        const request1 = new Request('https://example.com/search?a=1&b=2', {
-            headers: { 'x-forwarded-for': '203.0.113.70' },
-        })
-        const request2 = new Request('https://example.com/search?b=2&a=1', {
-            headers: { 'x-forwarded-for': '203.0.113.70' },
-        })
-        const response1 = await router.fetch(request1)
-        const response2 = await router.fetch(request2)
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('enforces ipv4 subnet limits', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 0.2, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/ipv4',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/ipv4', {
-                headers: { 'x-forwarded-for': '203.0.113.10' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('enforces ipv6 subnet limits', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 0.2 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/ipv6',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/ipv6', {
-                headers: { 'x-forwarded-for': '2001:db8:abcd:12::1' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('applies a conservative subnet scale for unknown IPs', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getIpAddress: async () => 'not-an-ip',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 0.4, ipv6: 0.2 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/unknown-ip',
-            handler: () => new Response('ok'),
-        })
-        const request = () => new Request('https://example.com/unknown-ip')
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('uses ipv4-mapped IPv6 addresses as ipv4', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 0.2, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/ipv4-mapped',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/ipv4-mapped', {
-                headers: { 'x-forwarded-for': '::ffff:203.0.113.80' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('uses ipv4Prefix:32 so subnet keys are per-IP (no grouping)', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null, // force identity=ip so subnet layer is what we’re testing
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                // subnet max = bucketMax * ipv4 scale = 5 * 0.2 = 1 request per /prefix per second
-                scales: { subnet: { ipv4: 0.2, ipv6: 10, ipv4Prefix: 32 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/ipv4-prefix',
-            handler: () => new Response('ok'),
-        })
-        const request = (ip: string) =>
-            new Request('https://example.com/ipv4-prefix', {
-                headers: { 'x-forwarded-for': ip },
-            })
-        // Different IPs => different /32 subnet keys => both allowed (each gets 1)
-        const r1 = await router.fetch(request('203.0.113.10'))
-        const r2 = await router.fetch(request('203.0.113.11'))
-        // Second request from same IP => same /32 subnet key => blocked
-        const r3 = await router.fetch(request('203.0.113.10'))
-        const r4 = await router.fetch(request('203.0.113.11'))
-        expect(r1.status).toBe(200)
-        expect(r2.status).toBe(200)
-        expect(r3.status).toBe(429)
-        expect(r4.status).toBe(429)
-    })
-    it('uses ipv4Prefix:16 so all IPs in the same /16 share a subnet bucket', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null, // force identity=ip; subnet layer is under test
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                // subnet max = 5 * 0.2 = 1 request per /16 per second
-                scales: { subnet: { ipv4: 0.2, ipv6: 10, ipv4Prefix: 16 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/ipv4-prefix',
-            handler: () => new Response('ok'),
-        })
-        const request = (ip: string) =>
-            new Request('https://example.com/ipv4-prefix', {
-                headers: { 'x-forwarded-for': ip },
-            })
-        // Same /16: 203.0.0.0/16
-        const r1 = await router.fetch(request('203.0.113.10'))
-        const r2 = await router.fetch(request('203.0.200.42'))
-        // Different /16: 198.51.0.0/16
-        const r3 = await router.fetch(request('198.51.100.5'))
-        expect(r1.status).toBe(200)
-        // Second request from same /16 exceeds subnet bucket
-        expect(r2.status).toBe(429)
-        // Different /16 should not be affected
-        expect(r3.status).toBe(200)
-    })
-    it('uses custom ipv6Prefix for subnet grouping', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 0.2, ipv6Prefix: 128 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/ipv6-prefix',
-            handler: () => new Response('ok'),
-        })
-        const request = (ip: string) =>
-            new Request('https://example.com/ipv6-prefix', {
-                headers: { 'x-forwarded-for': ip },
-            })
-        const response1 = await router.fetch(request('2001:db8:abcd:12::1'))
-        const response2 = await router.fetch(request('2001:db8:abcd:12::2'))
-        const response3 = await router.fetch(request('2001:db8:abcd:12::1'))
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(200)
-        expect(response3.status).toBe(429)
-    })
-    it('prefixes subnet keys to avoid collisions', async () => {
-        const storage = new CaptureStorage()
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 1,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                storage,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/subnet-prefix',
-            handler: () => new Response('ok'),
-        })
-        await router.fetch(
-            new Request('https://example.com/subnet-prefix', {
-                headers: { 'x-forwarded-for': '203.0.113.90' },
-            }),
-        )
-        expect(storage.keys.some((key) => key.startsWith('subnet:'))).toBe(true)
-    })
-    it('enforces country limits', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                getCountryCode: async () => 'US',
-                scales: {
-                    subnet: { ipv4: 10, ipv6: 10 },
-                    country: { US: 0.2, other: 1, unknown: 1 },
-                },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/country',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/country', {
-                headers: { 'x-forwarded-for': '203.0.113.20' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('calls getGlobalPeakConcurrentUsers per request', async () => {
-        let calls = 0
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => {
-                    calls += 1
-                    return 1
-                },
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                getCountryCode: async () => 'US',
-                scales: {
-                    subnet: { ipv4: 10, ipv6: 10 },
-                    country: { US: 1, other: 1, unknown: 1 },
-                },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/peak',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/peak', {
-                headers: { 'x-forwarded-for': '203.0.113.21' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(200)
-        expect(calls).toBe(2)
-    })
-    it('enforces ASN limits', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                getAsn: async () => ({ asn: 15169, organization: 'Google' }),
-                scales: {
-                    subnet: { ipv4: 10, ipv6: 10 },
-                    asnClass: { cloud: 0.2, unknown: 1 },
-                },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/asn',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/asn', {
-                headers: { 'x-forwarded-for': '203.0.113.30' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it.skipIf(!hasMaxmindDbs)('enforces ASN limits via MaxMind database', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 10_000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 10_000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                maxmindAsnDatabase: asnDbPath,
-                scales: {
-                    subnet: { ipv4: 10, ipv6: 10 },
-                    asnClass: { cloud: 0.2, unknown: 1 },
-                },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/asn-maxmind',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/asn-maxmind', {
-                headers: { 'x-forwarded-for': '8.8.8.8' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('uses a custom getIpAddress implementation', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null,
-                getIpAddress: async (ctx) => ctx.request.headers.get('x-test-ip') ?? 'unknown',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 1,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/custom-ip',
-            handler: () => new Response('ok'),
-        })
-        const request = (ip: string) =>
-            new Request('https://example.com/custom-ip', {
-                headers: { 'x-test-ip': ip },
-            })
-        const response1 = await router.fetch(request('203.0.113.40'))
-        const response2 = await router.fetch(request('198.51.100.42'))
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(200)
-    })
-    it.skipIf(!hasMaxmindDbs)('enforces country limits via MaxMind database', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                maxmindCountryDatabase: countryDbPath,
-                scales: {
-                    subnet: { ipv4: 10, ipv6: 10 },
-                    country: { US: 0.2, other: 1, unknown: 1 },
-                },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/country-maxmind',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/country-maxmind', {
-                headers: { 'x-forwarded-for': '8.8.8.8' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it.skipIf(!hasMaxmindDbs)('falls back to registered country from MaxMind', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 5,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                maxmindCountryDatabase: countryDbPath,
-                scales: {
-                    subnet: { ipv4: 10, ipv6: 10 },
-                    country: { AU: 0.2, other: 1, unknown: 1 },
-                },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/country-registered',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/country-registered', {
-                headers: { 'x-forwarded-for': '1.1.1.1' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('applies non-default baseWindowMs and anonymousIpMultiplier', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null,
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 2000,
-                baseMaxRequestsPerBaseWindow: 2,
-                anonymousIpMultiplier: 0.5,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 2000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/anon',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/anon', {
-                headers: { 'x-forwarded-for': '203.0.113.50' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('does not expire in-memory counters before the window resets', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null,
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 10_000,
-                baseMaxRequestsPerBaseWindow: 1,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 10_000, scale: 1 }],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                inMemory: { ttlMs: 0 },
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/ttl',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/ttl', {
-                headers: { 'x-forwarded-for': '203.0.113.100' },
-            })
-        const response1 = await router.fetch(request())
-        await delay(30)
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('enforces multiple buckets', async () => {
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => 'user-1',
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 3,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [
-                    { windowMs: 1000, scale: 1 },
-                    { windowMs: 4000, scale: 0.1 },
-                ],
-                endpointLimits: [],
-                includeQueryInEndpointKey: false,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/buckets',
-            handler: () => new Response('ok'),
-        })
-        const request = () =>
-            new Request('https://example.com/buckets', {
-                headers: { 'x-forwarded-for': '203.0.113.60' },
-            })
-        const response1 = await router.fetch(request())
-        const response2 = await router.fetch(request())
-        expect(response1.status).toBe(200)
-        expect(response2.status).toBe(429)
-    })
-    it('omits query separator when the query is empty', async () => {
-        const storage = new CaptureStorage()
-        const router = new Router()
-        router.use(
-            rateLimit({
-                getUserId: async () => null,
-                getGlobalPeakConcurrentUsers: async () => 1,
-                baseWindowMs: 1000,
-                baseMaxRequestsPerBaseWindow: 1,
-                anonymousIpMultiplier: 1,
-                addRetryAfterHeader: false,
-                buckets: [{ windowMs: 1000, scale: 1 }],
-                endpointLimits: [{ pattern: '/empty-query', limit: { GET: 1 } }],
-                includeQueryInEndpointKey: true,
-                storage,
-                scales: { subnet: { ipv4: 10, ipv6: 10 } },
-            }),
-        )
-        router.add({
-            method: HttpMethod.GET,
-            path: '/empty-query',
-            handler: () => new Response('ok'),
-        })
-        await router.fetch(
-            new Request('https://example.com/empty-query', {
-                headers: { 'x-forwarded-for': '203.0.113.110' },
-            }),
-        )
-        expect(storage.keys.some((key) => key.includes('routeq:GET:/empty-query?'))).toBe(false)
-    })
-})