Added support for secure IP extraction from proxies, removed API rate limiter, added Cache-Control header, added option to change update interval

Author: zigazajc007

.env-example

@@ -1,7 +1,26 @@
+# Server Configuration
 SERVER_HOST="0.0.0.0"
 SERVER_PORT=3000
 
+# Trading212 API Credentials
+# Get these from your Trading212 account dashboard
+TRADING212_API_KEY=your_trading212_api_key_here
+TRADING212_API_SECRET=your_trading212_api_secret_here
+
+# Trading212 API Update Interval (in milliseconds)
+# Minimum: 5000 (5 seconds) due to Trading212 API limits
+# Default: 10000
+UPDATE_INTERVAL=10000
+
+# Logging Configuration
+# 0 = ERROR, 1 = WARN, 2 = AUDIT, 3 = INFO, 4 = HTTP, 5 = DEBUG, 6 = VERBOSE, 7 = SILLY
+# Default: 3 (INFO) - Recommended: 3 for production, 5 for development
 LOGGER_LEVEL=3
 
-TRADING212_API_KEY=your_trading212_api_key
-TRADING212_API_SECRET=your_trading212_api_secret
+# Proxy Configuration
+# Important: Set this to match your deployment environment to prevent IP spoofing
+# Options: "aws" (AWS ELB/ALB), "azure" (Azure), "cloudflare" (Cloudflare),
+#          "gcp" (Google Cloud), "nginx" (Nginx), "vercel" (Vercel),
+#          "direct" (no proxy/development), "development" (dev with proxy headers)
+# Default: "direct"
+PROXY=direct

README.md

@@ -24,9 +24,32 @@ A high-performance stock API built with Bun that fetches real-time stock data fr
 Create a `.env` file in your project root:
 
 ```toml
-TRADING212_API_KEY=your_api_key_here
-TRADING212_API_SECRET=your_api_secret_here
+# Server Configuration
+SERVER_HOST="0.0.0.0"
+SERVER_PORT=3000
+
+# Trading212 API Credentials
+# Get these from your Trading212 account dashboard
+TRADING212_API_KEY=your_trading212_api_key_here
+TRADING212_API_SECRET=your_trading212_api_secret_here
+
+# Trading212 API Update Interval (in milliseconds)
+# Minimum: 5000 (5 seconds) due to Trading212 API limits
+# Default: 10000
+UPDATE_INTERVAL=10000
+
+# Logging Configuration
+# 0 = ERROR, 1 = WARN, 2 = AUDIT, 3 = INFO, 4 = HTTP, 5 = DEBUG, 6 = VERBOSE, 7 = SILLY
+# Default: 3 (INFO) - Recommended: 3 for production, 5 for development
 LOGGER_LEVEL=3
+
+# Proxy Configuration
+# Important: Set this to match your deployment environment to prevent IP spoofing
+# Options: "aws" (AWS ELB/ALB), "azure" (Azure), "cloudflare" (Cloudflare),
+#          "gcp" (Google Cloud), "nginx" (Nginx), "vercel" (Vercel),
+#          "direct" (no proxy/development), "development" (dev with proxy headers)
+# Default: "direct"
+PROXY=direct
 ```
 
 ### Running with Docker Compose
@@ -40,9 +63,11 @@ services:
     ports:
       - "3000:3000"
     environment:
-      - LOGGER_LEVEL
       - TRADING212_API_KEY
       - TRADING212_API_SECRET
+      - UPDATE_INTERVAL
+      - LOGGER_LEVEL
+      - PROXY
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:3000"]
       interval: 10s
@@ -65,7 +90,9 @@ docker run -d \
   -p 3000:3000 \
   -e TRADING212_API_KEY=your_key \
   -e TRADING212_API_SECRET=your_secret \
-  -e LOGGER_LEVEL=3 \
+	-e UPDATE_INTERVAL=10000 \
+	-e LOGGER_LEVEL=3 \
+	-e PROXY=direct \
   rabbitcompany/rabbitstockapi:latest
 ```
 
@@ -80,13 +107,14 @@ Health Check
 	"message": "RabbitStockAPI is running",
 	"stocksCount": 16,
 	"instrumentsCount": 12811,
+	"updateInterval": "10000ms",
 	"lastUpdate": "2025-10-31T13:49:16.007Z"
 }
 ```
 
-### GET `/stocks`
+### GET `/prices`
 
-Stock Data
+Stock prices data
 
 ```json
 {

docker-compose.override.yml

@@ -7,9 +7,11 @@ services:
     ports:
       - "3000:3000"
     environment:
-      - LOGGER_LEVEL
       - TRADING212_API_KEY
       - TRADING212_API_SECRET
+      - UPDATE_INTERVAL
+      - LOGGER_LEVEL
+      - PROXY
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:3000"]
       interval: 10s

docker-compose.yml

@@ -6,9 +6,11 @@ services:
     ports:
       - "3000:3000"
     environment:
-      - LOGGER_LEVEL
       - TRADING212_API_KEY
       - TRADING212_API_SECRET
+      - UPDATE_INTERVAL
+      - LOGGER_LEVEL
+      - PROXY
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:3000"]
       interval: 10s

package.json

@@ -1,7 +1,7 @@
 {
 	"name": "rabbitstockapi",
 	"module": "src/index.ts",
-	"version": "1.0.1",
+	"version": "2.0.0",
 	"type": "module",
 	"private": true,
 	"scripts": {

src/index.ts

@@ -5,7 +5,8 @@ import { Web } from "@rabbit-company/web";
 import { Logger } from "./logger";
 import { cors } from "@rabbit-company/web-middleware/cors";
 import { logger } from "@rabbit-company/web-middleware/logger";
-import { Algorithm, rateLimit } from "@rabbit-company/web-middleware/rate-limit";
+import { IP_EXTRACTION_PRESETS, ipExtract } from "@rabbit-company/web-middleware/ip-extract";
+import type { CloudProvider } from "./types";
 
 const { apiKey, apiSecret } = validateEnvironment();
 const config = {
@@ -16,6 +17,13 @@ const config = {
 
 const host = process.env.SERVER_HOST || "0.0.0.0";
 const port = parseInt(process.env.SERVER_PORT || "3000") || 3000;
+const proxy = Object.keys(IP_EXTRACTION_PRESETS).includes(process.env.PROXY || "direct") ? (process.env.PROXY as CloudProvider) : "direct";
+const updateInterval = parseInt(process.env.UPDATE_INTERVAL || "10000") || 10000;
+const actualInterval = Math.max(updateInterval, 5000);
+
+if (updateInterval < 5000) {
+	Logger.warn(`Update interval too low: ${updateInterval}ms. Using minimum 5000ms for Trading212 API compliance`);
+}
 
 const tradingClient = new Trading212Client(config);
 const stockCache = new StockCache();
@@ -35,25 +43,26 @@ app.use(
 	})
 );
 
-app.use(
-	rateLimit({
-		algorithm: Algorithm.FIXED_WINDOW,
-		windowMs: 10 * 1000, // 10 seconds
-		max: 10,
-	})
-);
+app.use(ipExtract(proxy));
 
 app.get("/", (c) => {
-	return c.json({
-		message: "RabbitStockAPI is running",
-		stocksCount: stockCache.getStockCount(),
-		instrumentsCount: stockCache.getInstrumentCount(),
-		lastUpdate: new Date().toISOString(),
-	});
+	return c.json(
+		{
+			message: "RabbitStockAPI is running",
+			stocksCount: stockCache.getStockCount(),
+			instrumentsCount: stockCache.getInstrumentCount(),
+			updateInterval: `${actualInterval}ms`,
+			lastUpdate: new Date().toISOString(),
+		},
+		200,
+		{ "Cache-Control": `public, s-maxage=${Math.floor(actualInterval / 2 / 1000)}, max-age=0, stale-while-revalidate=300, stale-if-error=86400` }
+	);
 });
 
-app.get("/stocks", (c) => {
-	return c.json(stockCache.getStocks());
+app.get("/prices", (c) => {
+	return c.json(stockCache.getStocks(), 200, {
+		"Cache-Control": `public, s-maxage=${Math.floor(actualInterval / 2 / 1000)}, max-age=0, stale-while-revalidate=300, stale-if-error=86400`,
+	});
 });
 
 async function fetchInstruments(): Promise<void> {
@@ -84,10 +93,12 @@ async function initializeApp(): Promise<void> {
 		await fetchInstruments();
 		await updateStockPrices();
 
-		setInterval(updateStockPrices, 10000);
+		const actualInterval = Math.max(updateInterval, 5000);
+		setInterval(updateStockPrices, actualInterval);
 
 		Logger.info("RabbitStockAPI started successfully");
-		Logger.info(`Server running on http://localhost:${port}`);
+		Logger.info(`Server running on http://${host}:${port}`);
+		Logger.info(`Stock updates every ${actualInterval}ms (Trading212 compliant)`);
 		Logger.info("Available endpoints:");
 		Logger.info("	GET /          - Health check");
 		Logger.info("	GET /stocks    - Stock data");

src/logger.ts

@@ -1,5 +1,5 @@
 import { Logger as RabbitLogger } from "@rabbit-company/web-middleware/logger";
 
 export const Logger = new RabbitLogger({
-	level: parseInt(process.env.LOGGER_LEVEL || "") || 3,
+	level: parseInt(process.env.LOGGER_LEVEL || "3") || 3,
 });

src/types.ts

@@ -1,3 +1,5 @@
+export type CloudProvider = "aws" | "azure" | "cloudflare" | "development" | "direct" | "gcp" | "nginx" | "vercel";
+
 export interface Instrument {
 	ticker: string;
 	type: string;