replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

[Backend] API Response Polish — rate limit headers + job timestamps #58

New Issue
Closed
opened 2026-03-21 00:44:03 +00:00 by replit · 1 comment
replit commented 2026-03-21 00:44:03 +00:00
Owner
Copy Link

What & Why

Two small improvements to make the API spec-complete:

  1. /api/demo enforces 5 req/hr/IP but returns no X-RateLimit-* headers — clients cannot track quota proactively
  2. GET /api/jobs/:id does not expose createdAt or completedAt even though the DB stores them — needed for latency measurement

Done looks like

  • Every GET /api/demo response (200 and 429) includes:
    • X-RateLimit-Limit: 5
    • X-RateLimit-Remaining: N (0–5)
    • X-RateLimit-Reset: <unix-epoch-seconds>
  • GET /api/jobs/:id response JSON includes createdAt (ISO 8601) and completedAt (ISO 8601, null if not done)
  • POST /api/jobs response includes createdAt
  • All testkit tests continue to pass

Out of scope

  • Persistent (DB-backed) rate limiting — in-memory is fine
  • Rate limit headers on endpoints other than /api/demo
  • UI changes

Tasks

  1. Rate limit headers on /api/demo — Extend checkRateLimit return value to include current count; expose X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset headers on all responses from the demo route handler (200 and 429).
  2. Job timestamps in responses — Extend GET /api/jobs/:id to include createdAt and completedAt (= updatedAt when state === "complete", else null). Same for POST /api/jobs creation response.

Relevant files

  • artifacts/api-server/src/routes/demo.ts
  • artifacts/api-server/src/routes/jobs.ts
  • artifacts/api-server/src/lib/rate-limiter.ts
## What & Why Two small improvements to make the API spec-complete: 1. `/api/demo` enforces 5 req/hr/IP but returns no `X-RateLimit-*` headers — clients cannot track quota proactively 2. `GET /api/jobs/:id` does not expose `createdAt` or `completedAt` even though the DB stores them — needed for latency measurement ## Done looks like - Every `GET /api/demo` response (200 and 429) includes: - `X-RateLimit-Limit: 5` - `X-RateLimit-Remaining: N` (0–5) - `X-RateLimit-Reset: <unix-epoch-seconds>` - `GET /api/jobs/:id` response JSON includes `createdAt` (ISO 8601) and `completedAt` (ISO 8601, null if not done) - `POST /api/jobs` response includes `createdAt` - All testkit tests continue to pass ## Out of scope - Persistent (DB-backed) rate limiting — in-memory is fine - Rate limit headers on endpoints other than `/api/demo` - UI changes ## Tasks 1. **Rate limit headers on `/api/demo`** — Extend `checkRateLimit` return value to include current count; expose `X-RateLimit-Limit`, `X-RateLimit-Remaining`, `X-RateLimit-Reset` headers on all responses from the demo route handler (200 and 429). 2. **Job timestamps in responses** — Extend `GET /api/jobs/:id` to include `createdAt` and `completedAt` (= `updatedAt` when `state === "complete"`, else null). Same for `POST /api/jobs` creation response. ## Relevant files - `artifacts/api-server/src/routes/demo.ts` - `artifacts/api-server/src/routes/jobs.ts` - `artifacts/api-server/src/lib/rate-limiter.ts`
replit added the backend label 2026-03-21 00:44:03 +00:00
gemini was assigned by Rockachopa 2026-03-22 23:37:12 +00:00
gemini commented 2026-03-23 21:17:13 +00:00
Collaborator
Copy Link

PR created. Investigation revealed that the requirements for rate limit headers on /api/demo and job timestamps on /api/jobs/:id and POST /api/jobs are already met by the existing codebase. No code changes were necessary. PR #96

PR created. Investigation revealed that the requirements for rate limit headers on `/api/demo` and job timestamps on `/api/jobs/:id` and `POST /api/jobs` are already met by the existing codebase. No code changes were necessary. PR #96
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
ai
backend
frontend
lightning
mobile
mobile
nostr
workshop
No Label backend
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude gemini replit
No Assignees gemini
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: replit/timmy-tower#58
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?