Skip to main content

Recipes

Read and write cookies in an endpoint

import { Decorators, QRoute, type IQEvent } from '@quik/http';

@Decorators.Route.Route('/session')
export class SessionRoute extends QRoute {
@Decorators.Endpoint.GET('/')
async read(event: IQEvent) {
return {
requestId: event.requestId,
sessionId: event.getCookie('sessionId') ?? null
};
}

@Decorators.Endpoint.POST('/')
async write(event: IQEvent) {
event.setCookie('sessionId', 'abc123', { httpOnly: true, sameSite: 'lax', secure: true });

return { status: 'created' };
}

@Decorators.Endpoint.DELETE('/')
async clear(event: IQEvent) {
event.clearCookie('sessionId');

return { status: 'cleared' };
}
}

Cookie options fall back to http.cookie.domain/http.cookie.secure when not passed explicitly.

Rate limit an endpoint

import { Decorators, QRoute, RateLimit } from '@quik/http';

@Decorators.Route.Route('/search')
export class SearchRoute extends QRoute {
@RateLimit({ max: 10, windowMs: 60_000 })
@Decorators.Endpoint.GET('/')
async search() {
return { results: [] };
}
}

RateLimit enforces a fixed-window limit keyed on the client IP, backed by QInMemoryRateLimiter by default. Call setRateLimiter(impl) to swap in a Redis-backed or other IQRateLimiter implementation.

Return an explicit error response

import { BadRequestError, ForbiddenError } from '@quik/http';

throw new BadRequestError();
throw new ForbiddenError();

Errors thrown from an endpoint handler are mapped to their HTTP status and translated via quik.errors.http.*.