Merge pull request #5 from JawherKl/feature/5-implement-best-practices

implemented: Rate limiting, caching, input validation, streaming and …

Author: JawherKl

package-lock.json

@@ -13,6 +13,11 @@
   "dependencies": {
     "dotenv": "^16.4.7",
     "express": "^4.21.2",
-    "openai": "^4.82.0"
+    "express-rate-limit": "^7.5.0",
+    "ioredis": "^5.4.2",
+    "openai": "^4.82.0",
+    "prom-client": "^15.1.3",
+    "rate-limit-redis": "^4.2.0",
+    "zod": "^3.24.1"
   }
 }

package.json

@@ -2,12 +2,17 @@ import express from "express";
 import analyzeRoutes from "./routes/analyzeRoutes.mjs";
 import searchRoutes from "./routes/searchRoutes.mjs";
 import { errorHandler } from "./middlewares/errorHandler.mjs";
+import rateLimiter from "./middlewares/rateLimiter.mjs";
+import { trackRequests, metricsHandler } from "./middlewares/monitoring.mjs";
 
 const app = express();
 app.use(express.json());
 
 app.use("/search", searchRoutes);
 app.use("/analyze", analyzeRoutes);
+app.use(rateLimiter);
+app.use(trackRequests);
+app.get("/metrics", metricsHandler);
 
 app.use(errorHandler);
 

src/app.mjs

@@ -0,0 +1,11 @@
+import Redis from "ioredis";
+import { config } from "dotenv";
+
+config();
+
+const redis = new Redis({
+  host: process.env.REDIS_HOST || "127.0.0.1",
+  port: process.env.REDIS_PORT || 6379,
+});
+
+export default redis;

src/config/redisConfig.mjs

@@ -0,0 +1,32 @@
+import client from "prom-client";
+
+const collectDefaultMetrics = client.collectDefaultMetrics;
+collectDefaultMetrics();
+
+const requestCount = new client.Counter({
+  name: "api_requests_total",
+  help: "Total API requests",
+});
+
+const requestDuration = new client.Histogram({
+  name: "api_response_time_seconds",
+  help: "API response time in seconds",
+  buckets: [0.1, 0.3, 0.5, 1, 2, 5]
+});
+
+export function trackRequests(req, res, next) {
+  requestCount.inc();
+  const start = process.hrtime();
+
+  res.on("finish", () => {
+    const duration = process.hrtime(start);
+    requestDuration.observe(duration[0] + duration[1] / 1e9);
+  });
+
+  next();
+}
+
+export function metricsHandler(req, res) {
+  res.set("Content-Type", client.register.contentType);
+  client.register.metrics().then(metrics => res.end(metrics));
+}

src/middlewares/monitoring.mjs

@@ -0,0 +1,17 @@
+import rateLimit from "express-rate-limit";
+import RedisStore from "rate-limit-redis";
+import redis from "../config/redisConfig.mjs";
+
+const rateLimiter = rateLimit({
+  store: new RedisStore({
+    sendCommand: (...args) => redis.call(...args),
+  }),
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // Max 100 requests per window
+  handler: (req, res) => {
+    res.status(429).json({ error: "Too many requests, please try again later." });
+  },
+  keyGenerator: (req) => req.ip, // Rate limit per IP
+});
+
+export default rateLimiter;

src/middlewares/rateLimiter.mjs

@@ -0,0 +1,20 @@
+import { z } from "zod";
+
+export function validateSchema(schema) {
+  return (req, res, next) => {
+    const result = schema.safeParse(req.body);
+    if (!result.success) {
+      return res.status(400).json({ error: result.error.errors });
+    }
+    next();
+  };
+}
+
+export const searchSchema = z.object({
+  query: z.string().min(1, "Query must not be empty"),
+  model: z.string().optional(),
+});
+
+export const analyzeSchema = z.object({
+  text: z.string().min(1, "Text must not be empty"),
+});