npm - te.js - Versions diffs - 2.1.0 → 2.1.2 - Mend

te.js 2.1.0 → 2.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/README.md +197 -196
package/auto-docs/analysis/handler-analyzer.js +58 -58
package/auto-docs/analysis/source-resolver.js +101 -101
package/auto-docs/constants.js +37 -37
package/auto-docs/docs-llm/index.js +7 -7
package/auto-docs/docs-llm/prompts.js +222 -222
package/auto-docs/docs-llm/provider.js +132 -132
package/auto-docs/index.js +146 -146
package/auto-docs/openapi/endpoint-processor.js +277 -277
package/auto-docs/openapi/generator.js +107 -107
package/auto-docs/openapi/level3.js +131 -131
package/auto-docs/openapi/spec-builders.js +244 -244
package/auto-docs/ui/docs-ui.js +186 -186
package/auto-docs/utils/logger.js +17 -17
package/auto-docs/utils/strip-usage.js +10 -10
package/cli/docs-command.js +315 -315
package/cli/fly-command.js +71 -71
package/cli/index.js +56 -56
package/cors/index.js +71 -0
package/database/index.js +165 -165
package/database/mongodb.js +146 -146
package/database/redis.js +201 -201
package/docs/README.md +36 -36
package/docs/ammo.md +362 -362
package/docs/api-reference.md +490 -490
package/docs/auto-docs.md +216 -216
package/docs/cli.md +152 -152
package/docs/configuration.md +275 -275
package/docs/database.md +390 -390
package/docs/error-handling.md +438 -438
package/docs/file-uploads.md +333 -333
package/docs/getting-started.md +214 -214
package/docs/middleware.md +355 -355
package/docs/rate-limiting.md +393 -393
package/docs/routing.md +302 -302
package/lib/llm/client.js +73 -0
package/lib/llm/index.js +7 -0
package/lib/llm/parse.js +89 -0
package/package.json +64 -62
package/rate-limit/algorithms/fixed-window.js +141 -141
package/rate-limit/algorithms/sliding-window.js +147 -147
package/rate-limit/algorithms/token-bucket.js +115 -115
package/rate-limit/base.js +165 -165
package/rate-limit/index.js +147 -147
package/rate-limit/storage/base.js +104 -104
package/rate-limit/storage/memory.js +101 -101
package/rate-limit/storage/redis.js +88 -88
package/server/ammo/body-parser.js +220 -220
package/server/ammo/dispatch-helper.js +103 -103
package/server/ammo/enhancer.js +57 -57
package/server/ammo.js +454 -415
package/server/endpoint.js +97 -74
package/server/error.js +9 -9
package/server/errors/code-context.js +125 -125
package/server/errors/llm-error-service.js +140 -140
package/server/files/helper.js +33 -33
package/server/files/uploader.js +143 -143
package/server/handler.js +158 -119
package/server/target.js +185 -175
package/server/targets/middleware-validator.js +22 -22
package/server/targets/path-validator.js +21 -21
package/server/targets/registry.js +160 -160
package/server/targets/shoot-validator.js +21 -21
package/te.js +428 -402
package/utils/auto-register.js +17 -17
package/utils/configuration.js +64 -64
package/utils/errors-llm-config.js +84 -84
package/utils/request-logger.js +43 -43
package/utils/status-codes.js +82 -82
package/utils/tejas-entrypoint-html.js +18 -18

package/docs/rate-limiting.md CHANGED Viewed

@@ -1,393 +1,393 @@
-# Rate Limiting
-Tejas includes a powerful rate limiting system to protect your API from abuse. It supports multiple algorithms and storage backends.
-## Quick Start
-```javascript
-import Tejas from 'te.js';
-const app = new Tejas();
-app
-  .withRedis({ url: 'redis://localhost:6379' })
-  .withRateLimit({
-    maxRequests: 100,
-    timeWindowSeconds: 60
-  })
-  .takeoff();
-```
-This limits all endpoints to 100 requests per minute per IP address.
-## Configuration Options
-```javascript
-app.withRateLimit({
-  // Core settings
-  maxRequests: 100,           // Maximum requests in time window
-  timeWindowSeconds: 60,      // Time window in seconds
-  // Algorithm selection
-  algorithm: 'sliding-window', // 'sliding-window' | 'token-bucket' | 'fixed-window'
-  // Storage backend
-  store: 'redis',             // 'redis' | 'memory'
-  // Custom key generator (defaults to IP-based)
-  keyGenerator: (ammo) => ammo.ip,
-  // Algorithm-specific options
-  algorithmOptions: {},
-  // Key prefix for storage keys (useful for namespacing)
-  keyPrefix: 'rl:',
-  // Header format
-  headerFormat: {
-    type: 'standard',         // 'standard' | 'legacy' | 'both'
-    draft7: false,            // Include RateLimit-Policy header (e.g. "100;w=60")
-    draft8: false             // Use delta-seconds for RateLimit-Reset instead of Unix timestamp
-  },
-  // Custom handler when rate limited
-  onRateLimited: (ammo) => {
-    ammo.fire(429, { error: 'Slow down!' });
-  }
-});
-```
-## Algorithms
-### Sliding Window (Default)
-Best for smooth, accurate rate limiting. Prevents the "burst at window boundary" problem.
-```javascript
-app.withRateLimit({
-  maxRequests: 100,
-  timeWindowSeconds: 60,
-  algorithm: 'sliding-window'
-});
-```
-**How it works:** Calculates the request rate using a weighted combination of the current and previous time windows.
-### Token Bucket
-Best for APIs that allow occasional bursts while maintaining a long-term average rate.
-```javascript
-app.withRateLimit({
-  maxRequests: 100,
-  timeWindowSeconds: 60,
-  algorithm: 'token-bucket',
-  algorithmOptions: {
-    refillRate: 1.67,    // Tokens per second (100/60)
-    burstSize: 150       // Maximum tokens (allows 50% burst)
-  }
-});
-```
-**How it works:** Tokens are added at a steady rate. Each request consumes a token. Allows bursts up to `burstSize`.
-### Fixed Window
-Simplest algorithm. Good for basic use cases.
-```javascript
-app.withRateLimit({
-  maxRequests: 100,
-  timeWindowSeconds: 60,
-  algorithm: 'fixed-window',
-  algorithmOptions: {
-    strictWindow: true   // Align to clock boundaries
-  }
-});
-```
-**How it works:** Counts requests in fixed time windows (e.g., every minute). Can allow 2x requests at window boundaries.
-## Storage Backends
-### Memory (Default)
-Good for single-server deployments:
-```javascript
-app.withRateLimit({
-  maxRequests: 100,
-  timeWindowSeconds: 60,
-  store: 'memory'
-});
-```
-**Pros:** No external dependencies, fast
-**Cons:** Not shared between server instances
-### Redis
-Required for distributed/multi-server deployments:
-```javascript
-app
-  .withRedis({ url: 'redis://localhost:6379' })
-  .withRateLimit({
-    maxRequests: 100,
-    timeWindowSeconds: 60,
-    store: 'redis'
-  });
-```
-**Pros:** Shared across all servers, persistent
-**Cons:** Requires Redis server, slightly higher latency
-> **Important:** Initialize Redis with `withRedis()` before using `store: 'redis'`
-## Custom Key Generation
-By default, rate limiting is based on client IP. Customize this:
-### By User ID
-```javascript
-app.withRateLimit({
-  maxRequests: 100,
-  timeWindowSeconds: 60,
-  keyGenerator: (ammo) => ammo.user?.id || ammo.ip
-});
-```
-### By API Key
-```javascript
-app.withRateLimit({
-  maxRequests: 1000,
-  timeWindowSeconds: 60,
-  keyGenerator: (ammo) => ammo.headers['x-api-key'] || ammo.ip
-});
-```
-### By Endpoint
-```javascript
-app.withRateLimit({
-  maxRequests: 100,
-  timeWindowSeconds: 60,
-  keyGenerator: (ammo) => `${ammo.ip}:${ammo.endpoint}`
-});
-```
-## Response Headers
-Rate limit headers are automatically added to responses:
-### Standard Headers (Default)
-```
-RateLimit-Limit: 100
-RateLimit-Remaining: 95
-RateLimit-Reset: 1706540400
-```
-### Legacy Headers
-```javascript
-app.withRateLimit({
-  headerFormat: { type: 'legacy' }
-});
-```
-```
-X-RateLimit-Limit: 100
-X-RateLimit-Remaining: 95
-X-RateLimit-Reset: 1706540400
-```
-### Both Header Types
-```javascript
-app.withRateLimit({
-  headerFormat: { type: 'both' }
-});
-```
-### Draft 7 Policy Header
-```javascript
-app.withRateLimit({
-  headerFormat: { type: 'standard', draft7: true }
-});
-```
-Adds: `RateLimit-Policy: 100;w=60`
-## When Rate Limited
-### Default Behavior
-Returns `429 Too Many Requests` with a `Retry-After` header (seconds until the rate limit resets).
-### Custom Handler
-```javascript
-app.withRateLimit({
-  maxRequests: 100,
-  timeWindowSeconds: 60,
-  onRateLimited: (ammo) => {
-    ammo.fire(429, {
-      error: 'Rate limit exceeded',
-      message: 'Please slow down and try again later',
-      retryAfter: ammo.res.getHeader('Retry-After')
-    });
-  }
-});
-```
-## Route-Specific Rate Limiting
-Apply different limits to different routes using middleware:
-```javascript
-import Tejas, { Target } from 'te.js';
-import rateLimiter from 'te.js/rate-limit/index.js';
-const app = new Tejas();
-const api = new Target('/api');
-// Strict limit for auth endpoints
-const authLimiter = rateLimiter({
-  maxRequests: 5,
-  timeWindowSeconds: 60,
-  algorithm: 'fixed-window'
-});
-// Relaxed limit for read operations
-const readLimiter = rateLimiter({
-  maxRequests: 1000,
-  timeWindowSeconds: 60,
-  algorithm: 'sliding-window'
-});
-// Apply to specific routes
-api.register('/login', authLimiter, (ammo) => {
-  // Login logic
-});
-api.register('/data', readLimiter, (ammo) => {
-  // Data retrieval
-});
-```
-## Algorithm Comparison
-| Algorithm | Best For | Burst Handling | Accuracy | Memory |
-|-----------|----------|----------------|----------|--------|
-| **Sliding Window** | Most APIs | Smooth | High | Medium |
-| **Token Bucket** | Burst-tolerant APIs | Allows bursts | Medium | Low |
-| **Fixed Window** | Simple cases | Poor at boundaries | Low | Low |
-## Examples
-### API with Different Tiers
-```javascript
-const tierLimits = {
-  free: { maxRequests: 100, timeWindowSeconds: 3600 },
-  pro: { maxRequests: 1000, timeWindowSeconds: 3600 },
-  enterprise: { maxRequests: 10000, timeWindowSeconds: 3600 }
-};
-app.withRateLimit({
-  ...tierLimits.free, // Default to free tier
-  keyGenerator: (ammo) => {
-    const tier = ammo.user?.tier || 'free';
-    return `${tier}:${ammo.user?.id || ammo.ip}`;
-  },
-  algorithmOptions: {
-    // Dynamically set limits based on tier
-    getLimits: (key) => {
-      const tier = key.split(':')[0];
-      return tierLimits[tier] || tierLimits.free;
-    }
-  }
-});
-```
-### Endpoint-Specific with Global Fallback
-```javascript
-// Global rate limit
-app.withRateLimit({
-  maxRequests: 1000,
-  timeWindowSeconds: 60
-});
-// Stricter limit for expensive endpoints
-const expensiveLimiter = rateLimiter({
-  maxRequests: 10,
-  timeWindowSeconds: 60,
-  store: 'redis'
-});
-api.register('/search', expensiveLimiter, (ammo) => {
-  // Search logic
-});
-api.register('/export', expensiveLimiter, (ammo) => {
-  // Export logic
-});
-```
-## Monitoring
-Check rate limit status in your handlers:
-```javascript
-target.register('/status', (ammo) => {
-  ammo.fire({
-    limit: ammo.res.getHeader('RateLimit-Limit'),
-    remaining: ammo.res.getHeader('RateLimit-Remaining'),
-    reset: ammo.res.getHeader('RateLimit-Reset')
-  });
-});
-```
-## Custom Storage Backend
-Extend the `RateLimitStorage` base class to create your own storage backend:
-```javascript
-import RateLimitStorage from 'te.js/rate-limit/storage/base.js';
-class PostgresStorage extends RateLimitStorage {
-  async get(key) {
-    // Retrieve rate limit data for key
-    // Return object or null if not found
-  }
-  async set(key, value, ttl) {
-    // Store rate limit data with TTL (seconds)
-  }
-  async increment(key) {
-    // Increment counter, return new value or null
-  }
-  async delete(key) {
-    // Delete rate limit data for key
-  }
-}
-```
-The built-in backends (`MemoryStorage` and `RedisStorage`) both extend this base class.
-## Best Practices
-1. **Use Redis in production** — Memory store doesn't scale across instances
-2. **Set appropriate limits** — Too strict frustrates users, too lenient invites abuse
-3. **Different limits for different endpoints** — Auth endpoints need stricter limits
-4. **Include headers** — Help clients self-regulate
-5. **Provide clear error messages** — Tell users when they can retry
-6. **Consider user tiers** — Premium users may need higher limits
-7. **Monitor and adjust** — Track rate limit hits and adjust accordingly
+# Rate Limiting
+Tejas includes a powerful rate limiting system to protect your API from abuse. It supports multiple algorithms and storage backends.
+## Quick Start
+```javascript
+import Tejas from 'te.js';
+const app = new Tejas();
+app
+  .withRedis({ url: 'redis://localhost:6379' })
+  .withRateLimit({
+    maxRequests: 100,
+    timeWindowSeconds: 60
+  })
+  .takeoff();
+```
+This limits all endpoints to 100 requests per minute per IP address.
+## Configuration Options
+```javascript
+app.withRateLimit({
+  // Core settings
+  maxRequests: 100,           // Maximum requests in time window
+  timeWindowSeconds: 60,      // Time window in seconds
+  // Algorithm selection
+  algorithm: 'sliding-window', // 'sliding-window' | 'token-bucket' | 'fixed-window'
+  // Storage backend
+  store: 'redis',             // 'redis' | 'memory'
+  // Custom key generator (defaults to IP-based)
+  keyGenerator: (ammo) => ammo.ip,
+  // Algorithm-specific options
+  algorithmOptions: {},
+  // Key prefix for storage keys (useful for namespacing)
+  keyPrefix: 'rl:',
+  // Header format
+  headerFormat: {
+    type: 'standard',         // 'standard' | 'legacy' | 'both'
+    draft7: false,            // Include RateLimit-Policy header (e.g. "100;w=60")
+    draft8: false             // Use delta-seconds for RateLimit-Reset instead of Unix timestamp
+  },
+  // Custom handler when rate limited
+  onRateLimited: (ammo) => {
+    ammo.fire(429, { error: 'Slow down!' });
+  }
+});
+```
+## Algorithms
+### Sliding Window (Default)
+Best for smooth, accurate rate limiting. Prevents the "burst at window boundary" problem.
+```javascript
+app.withRateLimit({
+  maxRequests: 100,
+  timeWindowSeconds: 60,
+  algorithm: 'sliding-window'
+});
+```
+**How it works:** Calculates the request rate using a weighted combination of the current and previous time windows.
+### Token Bucket
+Best for APIs that allow occasional bursts while maintaining a long-term average rate.
+```javascript
+app.withRateLimit({
+  maxRequests: 100,
+  timeWindowSeconds: 60,
+  algorithm: 'token-bucket',
+  algorithmOptions: {
+    refillRate: 1.67,    // Tokens per second (100/60)
+    burstSize: 150       // Maximum tokens (allows 50% burst)
+  }
+});
+```
+**How it works:** Tokens are added at a steady rate. Each request consumes a token. Allows bursts up to `burstSize`.
+### Fixed Window
+Simplest algorithm. Good for basic use cases.
+```javascript
+app.withRateLimit({
+  maxRequests: 100,
+  timeWindowSeconds: 60,
+  algorithm: 'fixed-window',
+  algorithmOptions: {
+    strictWindow: true   // Align to clock boundaries
+  }
+});
+```
+**How it works:** Counts requests in fixed time windows (e.g., every minute). Can allow 2x requests at window boundaries.
+## Storage Backends
+### Memory (Default)
+Good for single-server deployments:
+```javascript
+app.withRateLimit({
+  maxRequests: 100,
+  timeWindowSeconds: 60,
+  store: 'memory'
+});
+```
+**Pros:** No external dependencies, fast
+**Cons:** Not shared between server instances
+### Redis
+Required for distributed/multi-server deployments:
+```javascript
+app
+  .withRedis({ url: 'redis://localhost:6379' })
+  .withRateLimit({
+    maxRequests: 100,
+    timeWindowSeconds: 60,
+    store: 'redis'
+  });
+```
+**Pros:** Shared across all servers, persistent
+**Cons:** Requires Redis server, slightly higher latency
+> **Important:** Initialize Redis with `withRedis()` before using `store: 'redis'`
+## Custom Key Generation
+By default, rate limiting is based on client IP. Customize this:
+### By User ID
+```javascript
+app.withRateLimit({
+  maxRequests: 100,
+  timeWindowSeconds: 60,
+  keyGenerator: (ammo) => ammo.user?.id || ammo.ip
+});
+```
+### By API Key
+```javascript
+app.withRateLimit({
+  maxRequests: 1000,
+  timeWindowSeconds: 60,
+  keyGenerator: (ammo) => ammo.headers['x-api-key'] || ammo.ip
+});
+```
+### By Endpoint
+```javascript
+app.withRateLimit({
+  maxRequests: 100,
+  timeWindowSeconds: 60,
+  keyGenerator: (ammo) => `${ammo.ip}:${ammo.endpoint}`
+});
+```
+## Response Headers
+Rate limit headers are automatically added to responses:
+### Standard Headers (Default)
+```
+RateLimit-Limit: 100
+RateLimit-Remaining: 95
+RateLimit-Reset: 1706540400
+```
+### Legacy Headers
+```javascript
+app.withRateLimit({
+  headerFormat: { type: 'legacy' }
+});
+```
+```
+X-RateLimit-Limit: 100
+X-RateLimit-Remaining: 95
+X-RateLimit-Reset: 1706540400
+```
+### Both Header Types
+```javascript
+app.withRateLimit({
+  headerFormat: { type: 'both' }
+});
+```
+### Draft 7 Policy Header
+```javascript
+app.withRateLimit({
+  headerFormat: { type: 'standard', draft7: true }
+});
+```
+Adds: `RateLimit-Policy: 100;w=60`
+## When Rate Limited
+### Default Behavior
+Returns `429 Too Many Requests` with a `Retry-After` header (seconds until the rate limit resets).
+### Custom Handler
+```javascript
+app.withRateLimit({
+  maxRequests: 100,
+  timeWindowSeconds: 60,
+  onRateLimited: (ammo) => {
+    ammo.fire(429, {
+      error: 'Rate limit exceeded',
+      message: 'Please slow down and try again later',
+      retryAfter: ammo.res.getHeader('Retry-After')
+    });
+  }
+});
+```
+## Route-Specific Rate Limiting
+Apply different limits to different routes using middleware:
+```javascript
+import Tejas, { Target } from 'te.js';
+import rateLimiter from 'te.js/rate-limit/index.js';
+const app = new Tejas();
+const api = new Target('/api');
+// Strict limit for auth endpoints
+const authLimiter = rateLimiter({
+  maxRequests: 5,
+  timeWindowSeconds: 60,
+  algorithm: 'fixed-window'
+});
+// Relaxed limit for read operations
+const readLimiter = rateLimiter({
+  maxRequests: 1000,
+  timeWindowSeconds: 60,
+  algorithm: 'sliding-window'
+});
+// Apply to specific routes
+api.register('/login', authLimiter, (ammo) => {
+  // Login logic
+});
+api.register('/data', readLimiter, (ammo) => {
+  // Data retrieval
+});
+```
+## Algorithm Comparison
+| Algorithm | Best For | Burst Handling | Accuracy | Memory |
+|-----------|----------|----------------|----------|--------|
+| **Sliding Window** | Most APIs | Smooth | High | Medium |
+| **Token Bucket** | Burst-tolerant APIs | Allows bursts | Medium | Low |
+| **Fixed Window** | Simple cases | Poor at boundaries | Low | Low |
+## Examples
+### API with Different Tiers
+```javascript
+const tierLimits = {
+  free: { maxRequests: 100, timeWindowSeconds: 3600 },
+  pro: { maxRequests: 1000, timeWindowSeconds: 3600 },
+  enterprise: { maxRequests: 10000, timeWindowSeconds: 3600 }
+};
+app.withRateLimit({
+  ...tierLimits.free, // Default to free tier
+  keyGenerator: (ammo) => {
+    const tier = ammo.user?.tier || 'free';
+    return `${tier}:${ammo.user?.id || ammo.ip}`;
+  },
+  algorithmOptions: {
+    // Dynamically set limits based on tier
+    getLimits: (key) => {
+      const tier = key.split(':')[0];
+      return tierLimits[tier] || tierLimits.free;
+    }
+  }
+});
+```
+### Endpoint-Specific with Global Fallback
+```javascript
+// Global rate limit
+app.withRateLimit({
+  maxRequests: 1000,
+  timeWindowSeconds: 60
+});
+// Stricter limit for expensive endpoints
+const expensiveLimiter = rateLimiter({
+  maxRequests: 10,
+  timeWindowSeconds: 60,
+  store: 'redis'
+});
+api.register('/search', expensiveLimiter, (ammo) => {
+  // Search logic
+});
+api.register('/export', expensiveLimiter, (ammo) => {
+  // Export logic
+});
+```
+## Monitoring
+Check rate limit status in your handlers:
+```javascript
+target.register('/status', (ammo) => {
+  ammo.fire({
+    limit: ammo.res.getHeader('RateLimit-Limit'),
+    remaining: ammo.res.getHeader('RateLimit-Remaining'),
+    reset: ammo.res.getHeader('RateLimit-Reset')
+  });
+});
+```
+## Custom Storage Backend
+Extend the `RateLimitStorage` base class to create your own storage backend:
+```javascript
+import RateLimitStorage from 'te.js/rate-limit/storage/base.js';
+class PostgresStorage extends RateLimitStorage {
+  async get(key) {
+    // Retrieve rate limit data for key
+    // Return object or null if not found
+  }
+  async set(key, value, ttl) {
+    // Store rate limit data with TTL (seconds)
+  }
+  async increment(key) {
+    // Increment counter, return new value or null
+  }
+  async delete(key) {
+    // Delete rate limit data for key
+  }
+}
+```
+The built-in backends (`MemoryStorage` and `RedisStorage`) both extend this base class.
+## Best Practices
+1. **Use Redis in production** — Memory store doesn't scale across instances
+2. **Set appropriate limits** — Too strict frustrates users, too lenient invites abuse
+3. **Different limits for different endpoints** — Auth endpoints need stricter limits
+4. **Include headers** — Help clients self-regulate
+5. **Provide clear error messages** — Tell users when they can retry
+6. **Consider user tiers** — Premium users may need higher limits
+7. **Monitor and adjust** — Track rate limit hits and adjust accordingly