Quik Framework :: HTTP Base
- Codename: Berlin
- Version: 0.2.0-beta.76
- License: Check license here
Provides an abstract HTTP engine with routing utilities. The module loads locales, optionally initializes a pluggable HTTP engine, and manages start/stop during boot hooks.
Installation
npm install @quik/http
Configuration
Common settings (env overrides):
HTTP_LISTEN(default:127.0.0.1)HTTP_PORT(default:7200)HTTP_URLS_APP(default:http://HTTP_LISTEN:HTTP_PORT)HTTP_URLS_UI(default:http://HTTP_LISTEN:HTTP_PORT)API_BASE_PATH(default:/api/v1)DOCS_BASE_PATH(default:/api/docs)COOKIE_DOMAIN(default:localhost)COOKIE_SECURE(default:false)CORS_ORIGIN,CORS_METHODSSESSION_SECRETHTTP_BODY_JSON_LIMIT(default:1mb)HTTP_BODY_URLENCODED_LIMIT(default:1mb)HTTP_BODY_TEXT_LIMIT(default:1mb)HTTP_REQUEST_TIMEOUT_MS(default:0, disables request timeout)HTTP_HEADERS_TIMEOUT_MS(default:0, disables header timeout)HTTP_SHUTDOWN_TIMEOUT_MS(default:15000)HTTP_STATIC_CONTENT_SERVE,HTTP_STATIC_CONTENT_GLOBALHTTP_STATIC_CONTENT_FOLDER(default:./public)HTTP_STATIC_CONTENT_PATH(default: root)HTTP_STATIC_SINGLE_PAGE_APPLICATION_ENABLEHTTP_STATIC_SINGLE_PAGE_APPLICATION_INDEX_FILE(default:index.html)
Default response headers can be configured via http.headers in your configuration
file. Endpoint-specific headers override these defaults.
Cookie defaults are configured through http.cookie.domain and
http.cookie.secure. HTTP engine implementations use these values when
writing or clearing cookies unless endpoint code passes explicit cookie
options.
Static SPA fallback is configured under http.static.singlePageApplication.
When enabled, engine implementations can rewrite browser navigation requests to
the configured HTML entry file.
Usage
Define routes with decorators:
import { Decorators, QRoute } from '@quik/http';
@Decorators.Route.Route('/health')
export class HealthRoute extends QRoute {
@Decorators.Endpoint.GET('/')
async get(event) {
event.setCookie('lastHealthCheck', 'ok', { sameSite: 'lax' });
return { status: 'ok' };
}
}
API Highlights
QHTTPEnginebase class for HTTP engines.QContextbase class for adapter-specific request/response context wrappers.QEventendpoint event wrapper for headers, parameters, body data, files, services, translations, and cookies.Decorators.RouteandDecorators.Endpointfor route definitions.QRouterstores registered routes.Responseshelpers for standardized responses.IQCookieOptionsdescribes cookie write and clear options shared by HTTP adapters.TooManyRequestsError— maps to HTTP 429; i18n in all 8 supported languages.@RateLimit({ max, windowMs })— endpoint decorator that enforces a fixed-window rate limit keyed on client IP.IQRateLimiter/QInMemoryRateLimiter— interface and default implementation. CallsetRateLimiter(impl)to swap in a Redis or other backend.
Endpoint events and cookies
Endpoint handlers receive a QEvent. The event exposes validated body,
query, and path entities, request metadata, custom request objects,
translation helpers, scoped service resolution, and cookie helpers.
import { Decorators, QRoute, type IQEvent } from '@quik/http';
@Decorators.Route.Route('/session')
export class SessionRoute extends QRoute {
@Decorators.Endpoint.GET('/')
async read(event: IQEvent) {
return {
requestId: event.requestId,
sessionId: event.getCookie('sessionId') ?? null
};
}
@Decorators.Endpoint.POST('/')
async write(event: IQEvent) {
event.setCookie('sessionId', 'abc123', {
httpOnly: true,
sameSite: 'lax',
secure: true
});
return { status: 'created' };
}
@Decorators.Endpoint.DELETE('/')
async clear(event: IQEvent) {
event.clearCookie('sessionId');
return { status: 'cleared' };
}
}
Rate limiting
import { Decorators, QRoute } from '@quik/http';
import { RateLimit } from '@quik/http';
@Decorators.Route.Route('/search')
export class SearchRoute extends QRoute {
@RateLimit({ max: 10, windowMs: 60_000 }) // 10 req/min per IP
@Decorators.Endpoint.GET('/')
async search() {
return { results: [] };
}
}
Testing & Coverage
See the root instructions for details on running pnpm run test:coverage and accessing coverage artifacts.
API Reference
Generated API documentation is available in the http API section.