Document and refactor optional features and middleware

Expanded documentation in README files to detail optional features such as JWT, CORS, rate limiting, and configuration management. Updated Cargo.toml feature flags for clarity and consistency. Refactored feature-gated re-exports in lib.rs for simpler usage and improved documentation. Improved header extraction test to handle duplicate headers correctly.

Author: Tuntii

Cargo.lock

@@ -30,12 +30,22 @@ We believe that writing high-performance, type-safe web APIs in Rust shouldn't r
 - **📝 Automatic OpenAPI**: Your code *is* your documentation. Swagger UI is served at `/docs` out of the box.
 - **✅ Built-in Validation**: Add `#[validate(email)]` to your structs and get automatic 422 error handling.
 - **🧩 Intuitive Routing**: Radix-tree based routing with simple macros `#[rustapi::get]`, `#[rustapi::post]`.
-- **🔋 Batteries Included**: Tracing, graceful shutdown, state management, and error handling are pre-configured.
+- **🔋 Batteries Included**: Middleware, JWT auth, CORS, rate limiting, and configuration management.
+- **🔐 Security First**: JWT authentication, CORS middleware, and IP-based rate limiting out of the box.
+- **⚙️ Configuration**: Environment-based config with `.env` file support and typed config extraction.
 
 ## 📦 Quick Start
 
 Add `rustapi-rs` to your `Cargo.toml`.
 
+```toml
+[dependencies]
+rustapi-rs = "0.1"
+
+# Optional features
+# rustapi-rs = { version = "0.1", features = ["jwt", "cors", "rate-limit"] }
+```
+
 ```rust
 use rustapi_rs::prelude::*;
 
@@ -68,6 +78,84 @@ async fn main() -> Result<()> {
 
 Visit `http://127.0.0.1:8080/docs` to see your interactive API documentation!
 
+## 🔐 Optional Features
+
+RustAPI provides optional features to keep your binary size minimal:
+
+| Feature | Description |
+|---------|-------------|
+| `jwt` | JWT authentication middleware and `AuthUser<T>` extractor |
+| `cors` | CORS middleware with builder pattern configuration |
+| `rate-limit` | IP-based rate limiting middleware |
+| `config` | Configuration management with `.env` file support |
+| `cookies` | Cookie parsing extractor |
+| `sqlx` | SQLx database error conversion to ApiError |
+| `extras` | Meta feature enabling jwt, cors, and rate-limit |
+| `full` | All optional features enabled |
+
+### JWT Authentication Example
+
+```rust
+use rustapi_rs::prelude::*;
+
+#[derive(Debug, Deserialize, Serialize)]
+struct Claims {
+    sub: String,
+    exp: u64,
+}
+
+async fn protected(AuthUser(claims): AuthUser<Claims>) -> Json<String> {
+    Json(format!("Hello, {}!", claims.sub))
+}
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    RustApi::new()
+        .with_middleware(JwtLayer::<Claims>::new("your-secret-key"))
+        .route("/protected", get(protected))
+        .run("127.0.0.1:8080")
+        .await
+}
+```
+
+### CORS Configuration Example
+
+```rust
+use rustapi_rs::prelude::*;
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let cors = CorsLayer::new()
+        .allow_origins(["https://example.com"])
+        .allow_methods([Method::GET, Method::POST])
+        .allow_credentials(true);
+
+    RustApi::new()
+        .with_middleware(cors)
+        .route("/api", get(handler))
+        .run("127.0.0.1:8080")
+        .await
+}
+```
+
+### Rate Limiting Example
+
+```rust
+use rustapi_rs::prelude::*;
+use std::time::Duration;
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let rate_limit = RateLimitLayer::new(100, Duration::from_secs(60)); // 100 req/min
+
+    RustApi::new()
+        .with_middleware(rate_limit)
+        .route("/api", get(handler))
+        .run("127.0.0.1:8080")
+        .await
+}
+```
+
 ## 🏗️ Architecture
 
 RustAPI follows a **Facade Architecture** to ensure long-term stability:
@@ -81,7 +169,7 @@ RustAPI follows a **Facade Architecture** to ensure long-term stability:
 
 - [x] **Phase 1: MVP**: Core routing, extractors, and server.
 - [x] **Phase 2: Validation & OpenAPI**: Auto-docs, strict validation, and metadata.
-- [ ] **Phase 3: Batteries Included**: Authentication (JWT), CORS, Rate Limiting, and Middleware.
+- [x] **Phase 3: Batteries Included**: Authentication (JWT), CORS, Rate Limiting, Middleware, and Configuration.
 - [ ] **Phase 4: v1.0 Polish**: Advanced ergonomics, CLI tool, and production hardening.
 
 

README.md

@@ -928,18 +928,26 @@ mod tests {
                     .map_err(|e| TestCaseError::fail(format!("Failed to extract headers: {}", e)))?;
 
                 // Verify all original headers are present
+                // HTTP allows duplicate headers - get_all() returns all values for a header name
                 for (name, value) in &headers {
-                    let header_value = extracted.get(name.as_str())
-                        .ok_or_else(|| TestCaseError::fail(format!("Header '{}' not found", name)))?;
+                    // Check that the header name exists
+                    let all_values: Vec<_> = extracted.get_all(name.as_str()).iter().collect();
+                    prop_assert!(
+                        !all_values.is_empty(),
+                        "Header '{}' not found",
+                        name
+                    );
 
-                    let extracted_value = header_value.to_str()
-                        .map_err(|e| TestCaseError::fail(format!("Invalid header value: {}", e)))?;
+                    // Check that the value is among the extracted values
+                    let value_found = all_values.iter().any(|v| {
+                        v.to_str().map(|s| s == value.as_str()).unwrap_or(false)
+                    });
 
-                    prop_assert_eq!(
-                        extracted_value,
-                        value.as_str(),
-                        "Header '{}' value mismatch",
-                        name
+                    prop_assert!(
+                        value_found,
+                        "Header '{}' value '{}' not found in extracted values",
+                        name,
+                        value
                     );
                 }
 

crates/rustapi-core/src/extract.rs

@@ -31,13 +31,13 @@ tokio = { workspace = true, features = ["macros", "rt-multi-thread"] }
 default = ["swagger-ui"]
 swagger-ui = ["rustapi-core/swagger-ui", "rustapi-openapi/swagger-ui"]
 
-# Security and utility features from rustapi-extras
-jwt = ["rustapi-extras", "rustapi-extras/jwt"]
-cors = ["rustapi-extras", "rustapi-extras/cors"]
-rate-limit = ["rustapi-extras", "rustapi-extras/rate-limit"]
-config = ["rustapi-extras", "rustapi-extras/config"]
-cookies = ["rustapi-extras", "rustapi-extras/cookies", "rustapi-core/cookies"]
-sqlx = ["rustapi-extras", "rustapi-extras/sqlx"]
+# Security and utility features (from rustapi-extras)
+jwt = ["dep:rustapi-extras", "rustapi-extras/jwt"]
+cors = ["dep:rustapi-extras", "rustapi-extras/cors"]
+rate-limit = ["dep:rustapi-extras", "rustapi-extras/rate-limit"]
+config = ["dep:rustapi-extras", "rustapi-extras/config"]
+cookies = ["dep:rustapi-extras", "rustapi-extras/cookies", "rustapi-core/cookies"]
+sqlx = ["dep:rustapi-extras", "rustapi-extras/sqlx"]
 
 # Meta features
 extras = ["jwt", "cors", "rate-limit"]

crates/rustapi-rs/Cargo.toml

@@ -30,12 +30,22 @@ We believe that writing high-performance, type-safe web APIs in Rust shouldn't r
 - **📝 Automatic OpenAPI**: Your code *is* your documentation. Swagger UI is served at `/docs` out of the box.
 - **✅ Built-in Validation**: Add `#[validate(email)]` to your structs and get automatic 422 error handling.
 - **🧩 Intuitive Routing**: Radix-tree based routing with simple macros `#[rustapi::get]`, `#[rustapi::post]`.
-- **🔋 Batteries Included**: Tracing, graceful shutdown, state management, and error handling are pre-configured.
+- **🔋 Batteries Included**: Middleware, JWT auth, CORS, rate limiting, and configuration management.
+- **🔐 Security First**: JWT authentication, CORS middleware, and IP-based rate limiting out of the box.
+- **⚙️ Configuration**: Environment-based config with `.env` file support and typed config extraction.
 
 ## 📦 Quick Start
 
 Add `rustapi-rs` to your `Cargo.toml`.
 
+```toml
+[dependencies]
+rustapi-rs = "0.1"
+
+# Optional features
+# rustapi-rs = { version = "0.1", features = ["jwt", "cors", "rate-limit"] }
+```
+
 ```rust
 use rustapi_rs::prelude::*;
 
@@ -81,9 +91,22 @@ RustAPI follows a **Facade Architecture** to ensure long-term stability:
 
 - [x] **Phase 1: MVP**: Core routing, extractors, and server.
 - [x] **Phase 2: Validation & OpenAPI**: Auto-docs, strict validation, and metadata.
-- [ ] **Phase 3: Batteries Included**: Authentication (JWT), CORS, Rate Limiting, and Middleware.
+- [x] **Phase 3: Batteries Included**: Authentication (JWT), CORS, Rate Limiting, Middleware, and Configuration.
 - [ ] **Phase 4: v1.0 Polish**: Advanced ergonomics, CLI tool, and production hardening.
 
+## 🔐 Optional Features
+
+| Feature | Description |
+|---------|-------------|
+| `jwt` | JWT authentication middleware and `AuthUser<T>` extractor |
+| `cors` | CORS middleware with builder pattern configuration |
+| `rate-limit` | IP-based rate limiting middleware |
+| `config` | Configuration management with `.env` file support |
+| `cookies` | Cookie parsing extractor |
+| `sqlx` | SQLx database error conversion to ApiError |
+| `extras` | Meta feature enabling jwt, cors, and rate-limit |
+| `full` | All optional features enabled |
+
 
 ## 📄 License