fix: BUG-012 remove email requirement from free signup + fix 429 handling

src/routes/signup.ts

@@ -20,20 +20,19 @@ const signupLimiter = rateLimit({
 
 // Self-service free API key signup
 router.post("/free", signupLimiter, (req: Request, res: Response) => {
-  const { email } = req.body;
+  const { email } = req.body || {};
 
-  if (!email || typeof email !== "string") {
-    res.status(400).json({ error: "Email is required" });
-    return;
+  // Email is optional — validate only if provided
+  let cleanEmail: string | undefined;
+  if (email && typeof email === "string") {
+    if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+      res.status(400).json({ error: "Invalid email address" });
+      return;
+    }
+    cleanEmail = email.trim().toLowerCase();
   }
 
-  // Basic email validation
-  if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
-    res.status(400).json({ error: "Invalid email address" });
-    return;
-  }
-
-  const keyInfo = createFreeKey(email.trim().toLowerCase());
+  const keyInfo = createFreeKey(cleanEmail);
 
   res.json({
     message: "Welcome to DocFast! 🚀",

src/services/keys.ts

@@ -67,15 +67,17 @@ function generateKey(prefix: string): string {
   return `${prefix}_${randomBytes(24).toString("hex")}`;
 }
 
-export function createFreeKey(email: string): ApiKey {
-  // Check if email already has a free key
-  const existing = store.keys.find((k) => k.email === email && k.tier === "free");
-  if (existing) return existing;
+export function createFreeKey(email?: string): ApiKey {
+  // If email provided, check if it already has a free key
+  if (email) {
+    const existing = store.keys.find((k) => k.email === email && k.tier === "free");
+    if (existing) return existing;
+  }
 
   const entry: ApiKey = {
     key: generateKey("df_free"),
     tier: "free",
-    email,
+    email: email || "",
     createdAt: new Date().toISOString(),
   };
   store.keys.push(entry);