Recipes
Read and write cookies in an endpoint
import { Decorators, QRoute, type IQEvent } from '@quik/http';
@Decorators.Route.Route('/session')
export class SessionRoute extends QRoute {
@Decorators.Endpoint.GET('/')
async read(event: IQEvent) {
return {
requestId: event.requestId,
sessionId: event.getCookie('sessionId') ?? null
};
}
@Decorators.Endpoint.POST('/')
async write(event: IQEvent) {
event.setCookie('sessionId', 'abc123', { httpOnly: true, sameSite: 'lax', secure: true });
return { status: 'created' };
}
@Decorators.Endpoint.DELETE('/')
async clear(event: IQEvent) {
event.clearCookie('sessionId');
return { status: 'cleared' };
}
}
Cookie options fall back to http.cookie.domain/http.cookie.secure when not passed explicitly.
Rate limit an endpoint
import { Decorators, QRoute, RateLimit } from '@quik/http';
@Decorators.Route.Route('/search')
export class SearchRoute extends QRoute {
@RateLimit({ max: 10, windowMs: 60_000 })
@Decorators.Endpoint.GET('/')
async search() {
return { results: [] };
}
}
RateLimit enforces a fixed-window limit keyed on the client IP, backed by QInMemoryRateLimiter by default. Call
setRateLimiter(impl) to swap in a Redis-backed or other IQRateLimiter implementation.
Return an explicit error response
import { BadRequestError, ForbiddenError } from '@quik/http';
throw new BadRequestError();
throw new ForbiddenError();
Errors thrown from an endpoint handler are mapped to their HTTP status and translated via quik.errors.http.*.