fix: audit #18 rate limit cleanup (.unref), audit #25 consistent error shapes

Audit #18 - Rate limit store memory growth:
- rateLimitStore already had cleanup via cleanupExpiredEntries() per-request + 60s interval
- Added .unref() to the setInterval timer for clean graceful shutdown behaviour

Audit #25 - Consistent error response shapes:
- billing.ts: Fixed 409 plain-text response -> JSON { error: "..." }
- index.ts: Simplified 404 from 4-field object to { error: "Not Found: METHOD path" }
- signup.ts: Removed extra retryAfter field from rate-limit message object
- pdfRateLimit.ts: Merged limit/tier/retryAfter into single error message string
- usage.ts: Merged limit/used/upgrade fields into single error message string
- convert.ts: Merged detail field into error message (3 occurrences)

All error responses now consistently use {"error": "message"} shape.

src/index.ts

@@ -247,12 +247,7 @@ app.use((req, res) => {
   
   if (isApiRequest) {
     // JSON 404 for API paths
-    res.status(404).json({
-      error: "Not Found",
-      message: `The requested endpoint ${req.method} ${req.path} does not exist`,
-      statusCode: 404,
-      timestamp: new Date().toISOString()
-    });
+    res.status(404).json({ error: `Not Found: ${req.method} ${req.path}` });
   } else {
     // HTML 404 for browser paths
     res.status(404).send(`<!DOCTYPE html>

src/middleware/pdfRateLimit.ts

@@ -102,12 +102,7 @@ export function pdfRateLimitMiddleware(req: Request & { apiKeyInfo?: any }, res:
   if (!checkRateLimit(apiKey)) {
     const limit = getRateLimit(apiKey);
     const tier = isProKey(apiKey) ? "pro" : "free";
-    res.status(429).json({
-      error: "Rate limit exceeded",
-      limit: `${limit} PDFs per minute`,
-      tier,
-      retryAfter: "60 seconds"
-    });
+    res.status(429).json({ error: `Rate limit exceeded: ${limit} PDFs/min allowed for ${tier} tier. Retry after 60s.` });
     return;
   }
   
@@ -128,4 +123,4 @@ export function getConcurrencyStats() {
 }
 
 // Proactive cleanup every 60s
-setInterval(cleanupExpiredEntries, 60_000);
+setInterval(cleanupExpiredEntries, 60_000).unref();

src/middleware/usage.ts

@@ -92,11 +92,7 @@ export function usageMiddleware(req: any, res: any, next: any): void {
   if (isProKey(key)) {
     const record = usage.get(key);
     if (record && record.monthKey === monthKey && record.count >= PRO_TIER_LIMIT) {
-      res.status(429).json({
-        error: "Pro tier limit reached (5,000/month). Contact support for higher limits.",
-        limit: PRO_TIER_LIMIT,
-        used: record.count,
-      });
+      res.status(429).json({ error: "Pro tier limit reached (5,000/month). Contact support for higher limits." });
       return;
     }
     trackUsage(key, monthKey);
@@ -106,12 +102,7 @@ export function usageMiddleware(req: any, res: any, next: any): void {
 
   const record = usage.get(key);
   if (record && record.monthKey === monthKey && record.count >= FREE_TIER_LIMIT) {
-    res.status(429).json({
-      error: "Free tier limit reached",
-      limit: FREE_TIER_LIMIT,
-      used: record.count,
-      upgrade: "Upgrade to Pro for 5,000 PDFs/month: https://docfast.dev/pricing",
-    });
+    res.status(429).json({ error: "Free tier limit reached (100/month). Upgrade to Pro at https://docfast.dev/#pricing for 5,000 PDFs/month." });
     return;
   }
 

src/routes/billing.ts

@@ -52,7 +52,7 @@ router.get("/success", async (req: Request, res: Response) => {
 
   // Prevent duplicate provisioning from same session
   if (provisionedSessions.has(sessionId)) {
-    res.status(409).send("This checkout session has already been used to provision a key. If you lost your key, use the key recovery feature.");
+    res.status(409).json({ error: "This checkout session has already been used to provision a key. If you lost your key, use the key recovery feature." });
     return;
   }
 

src/routes/convert.ts

@@ -95,7 +95,7 @@ convertRouter.post("/html", async (req: Request & { acquirePdfSlot?: () => Promi
       res.status(429).json({ error: "Server busy - too many concurrent PDF generations. Please try again in a few seconds." });
       return;
     }
-    res.status(500).json({ error: "PDF generation failed", detail: err.message });
+    res.status(500).json({ error: `PDF generation failed: ${err.message}` });
   } finally {
     if (slotAcquired && req.releasePdfSlot) {
       req.releasePdfSlot();
@@ -145,7 +145,7 @@ convertRouter.post("/markdown", async (req: Request & { acquirePdfSlot?: () => P
       res.status(429).json({ error: "Server busy - too many concurrent PDF generations. Please try again in a few seconds." });
       return;
     }
-    res.status(500).json({ error: "PDF generation failed", detail: err.message });
+    res.status(500).json({ error: `PDF generation failed: ${err.message}` });
   } finally {
     if (slotAcquired && req.releasePdfSlot) {
       req.releasePdfSlot();
@@ -222,7 +222,7 @@ convertRouter.post("/url", async (req: Request & { acquirePdfSlot?: () => Promis
       res.status(429).json({ error: "Server busy - too many concurrent PDF generations. Please try again in a few seconds." });
       return;
     }
-    res.status(500).json({ error: "PDF generation failed", detail: err.message });
+    res.status(500).json({ error: `PDF generation failed: ${err.message}` });
   } finally {
     if (slotAcquired && req.releasePdfSlot) {
       req.releasePdfSlot();

src/routes/signup.ts

@@ -10,7 +10,7 @@ const router = Router();
 const signupLimiter = rateLimit({
   windowMs: 60 * 60 * 1000,
   max: 5,
-  message: { error: "Too many signup attempts. Please try again in 1 hour.", retryAfter: "1 hour" },
+  message: { error: "Too many signup attempts. Please try again in 1 hour." },
   standardHeaders: true,
   legacyHeaders: false,
 });