feat(middleware): add body limit middleware ⚠️

- Add body limit documentation for English and Indonesian
- Add BodyLimit middleware implementation
- Export bodyLimit in middleware index
- Fix Indonesian image path in index page
- Fix Indonesian translation for route-specific middleware
- Reorganize imports alphabetically in Handler.ts
- Reorder warning blocks in basic-auth documentation
- Update Basic Auth navigation labels with construction emoji
- Update documentation navigation with body limit links
- Update import paths from Types.ts to index.ts across source files
- Update README with body limit middleware reference

Author: NeaByteLab

README.md

@@ -33,6 +33,7 @@ Follow our [installing guide](https://docs-deserve.neabyte.com/en/getting-starte
   - [Use Global](https://docs-deserve.neabyte.com/en/middleware/global) - Cross-cutting functionality
   - [Use Route-Specific](https://docs-deserve.neabyte.com/en/middleware/route-specific) - Targeted middleware for specific routes
   - [Basic Auth](https://docs-deserve.neabyte.com/en/middleware/basic-auth) - HTTP Basic Authentication
+  - [Body Limit](https://docs-deserve.neabyte.com/en/middleware/body-limit) - Enforce maximum request body size
   - [CORS](https://docs-deserve.neabyte.com/en/middleware/cors) - Cross-origin request handling
   - [WebSocket](https://docs-deserve.neabyte.com/en/middleware/websocket) - Real-time bidirectional communication
 

docs/.vitepress/config.ts

@@ -96,7 +96,8 @@ export default withMermaid(
                 items: [
                   { text: 'Use Global', link: '/en/middleware/global' },
                   { text: 'Use Route-Specific', link: '/en/middleware/route-specific' },
-                  { text: 'Basic Auth (Unreleased)', link: '/en/middleware/basic-auth' },
+                  { text: '🚧 Basic Auth', link: '/en/middleware/basic-auth' },
+                  { text: '🚧 Body Limit', link: '/en/middleware/body-limit' },
                   { text: 'CORS', link: '/en/middleware/cors' },
                   { text: 'WebSocket', link: '/en/middleware/websocket' }
                 ]
@@ -165,7 +166,8 @@ export default withMermaid(
                 items: [
                   { text: 'Use Global', link: '/en/middleware/global' },
                   { text: 'Use Route-Specific', link: '/en/middleware/route-specific' },
-                  { text: 'Basic Auth', link: '/en/middleware/basic-auth' },
+                  { text: '🚧 Basic Auth', link: '/en/middleware/basic-auth' },
+                  { text: '🚧 Body Limit', link: '/en/middleware/body-limit' },
                   { text: 'CORS', link: '/en/middleware/cors' },
                   { text: 'WebSocket', link: '/en/middleware/websocket' }
                 ]
@@ -273,8 +275,9 @@ export default withMermaid(
                 collapsed: true,
                 items: [
                   { text: 'Gunakan Global', link: '/id/middleware/global' },
-                  { text: 'Gunakan Route-Spesific', link: '/id/middleware/route-specific' },
-                  { text: 'Basic Auth', link: '/id/middleware/basic-auth' },
+                  { text: 'Gunakan Spesifik Rute', link: '/id/middleware/route-specific' },
+                  { text: '🚧 Basic Auth', link: '/id/middleware/basic-auth' },
+                  { text: '🚧 Body Limit', link: '/id/middleware/body-limit' },
                   { text: 'CORS', link: '/id/middleware/cors' },
                   { text: 'WebSocket', link: '/id/middleware/websocket' }
                 ]

docs/en/middleware/basic-auth.md

@@ -1,9 +1,8 @@
 # Basic Auth Middleware
 
-> **Reference**: [MDN HTTP Authentication Guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Authentication)
+> [!WARNING] This feature is available in the development version but not yet released.
 
-> [!WARNING]
-> This feature is available in the development version but not yet released.
+> **Reference**: [MDN HTTP Authentication Guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Authentication)
 
 HTTP Basic Authentication middleware for protecting routes with username and password authentication. Simple, secure, and easy to configure.
 

docs/en/middleware/body-limit.md

@@ -0,0 +1,112 @@
+# Body Limit Middleware
+
+> [!WARNING] This feature is available in the development version but not yet released.
+
+> **Reference**: [RFC 7230 HTTP/1.1 Message Syntax and Routing](https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.1)
+
+Body Limit middleware enforces maximum request body size by checking the `Content-Length` header. Prevents large payloads from overwhelming your server.
+
+## Basic Usage
+
+Apply body limit middleware using Deserve's built-in middleware:
+
+```typescript
+import { Router, Mware } from '@neabyte/deserve'
+
+const router = new Router()
+
+router.use(Mware.bodyLimit({
+  limit: 1024 * 1024 // 1MB limit
+}))
+
+await router.serve(8000)
+```
+
+## Route-Specific Limits
+
+Apply different body limits to specific routes:
+
+```typescript
+// 1MB limit for general routes
+router.use(Mware.bodyLimit({ limit: 1024 * 1024 }))
+
+// 5MB limit for upload routes
+router.use('/uploads', Mware.bodyLimit({ limit: 5 * 1024 * 1024 }))
+
+// 10MB limit for API routes
+router.use('/api', Mware.bodyLimit({ limit: 10 * 1024 * 1024 }))
+```
+
+## Configuration Options
+
+### `limit`
+
+Maximum body size in bytes:
+
+```typescript
+// 1MB (1,048,576 bytes)
+limit: 1024 * 1024
+
+// 5MB (5,242,880 bytes)
+limit: 5 * 1024 * 1024
+
+// 10MB (10,485,760 bytes)
+limit: 10 * 1024 * 1024
+```
+
+## How It Works
+
+The middleware checks the `Content-Length` header before the body is read:
+
+1. **GET/HEAD requests** - Automatically skipped (no body)
+2. **Content-Length present** - Validates against limit
+3. **Transfer-Encoding present** - Passes through (chunked encoding)
+4. **No headers** - Passes through (size unknown)
+
+### RFC 7230 Compliance
+
+The middleware follows RFC 7230:
+- If both `Transfer-Encoding` and `Content-Length` are present, `Transfer-Encoding` takes precedence and body size is not validated
+- Only validates `Content-Length` when `Transfer-Encoding` is absent
+- Handles chunked encoding by passing through (can't check size upfront)
+
+## Complete Example
+
+```typescript
+import { Router, Mware } from '@neabyte/deserve'
+
+const router = new Router({ routesDir: './routes' })
+
+// Global 1MB limit
+router.use(Mware.bodyLimit({ limit: 1024 * 1024 }))
+
+// 5MB for file uploads
+router.use('/uploads', Mware.bodyLimit({ limit: 5 * 1024 * 1024 }))
+
+// 10MB for API routes
+router.use('/api', Mware.bodyLimit({ limit: 10 * 1024 * 1024 }))
+
+await router.serve(8000)
+```
+
+## Error Handling
+
+Body Limit automatically uses `router.catch()` if defined:
+
+```typescript
+router.catch((ctx, { statusCode, error }) => {
+  if (statusCode === 413) {
+    return ctx.send.json(
+      { error: 'Request entity too large', message: error?.message },
+      { status: 413 }
+    )
+  }
+  return ctx.send.json({
+    error: error?.message ?? 'Unknown error'
+  }, { status: statusCode })
+})
+
+router.use(Mware.bodyLimit({ limit: 1024 * 1024 }))
+```
+
+When the limit is exceeded, the middleware returns message `Request entity too large` with `status code: 413` before the request body is read.

docs/id/index.md

@@ -6,7 +6,7 @@ hero:
   text: "Framework Web"
   tagline: "Bangun server HTTP dengan mudah tanpa konfigurasi untuk produktivitas."
   image:
-    src: /public/image.png
+    src: /image.png
     alt: Deserve
 
   actions:

docs/id/middleware/basic-auth.md

@@ -1,9 +1,8 @@
 # Middleware Basic Auth
 
-> **Referensi**: [MDN HTTP Authentication Guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Authentication)
+> [!WARNING] Fitur ini tersedia di versi development tetapi belum dirilis.
 
-> [!WARNING]
-> Fitur ini tersedia di versi development tetapi belum dirilis.
+> **Referensi**: [MDN HTTP Authentication Guide](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Authentication)
 
 Middleware HTTP Basic Authentication untuk melindungi route dengan autentikasi username dan password. Sederhana, aman, dan mudah dikonfigurasi.
 

docs/id/middleware/body-limit.md

@@ -0,0 +1,112 @@
+# Middleware Body Limit
+
+> [!WARNING] Fitur ini tersedia di versi development tetapi belum dirilis.
+
+> **Referensi**: [RFC 7230 HTTP/1.1 Message Syntax and Routing](https://datatracker.ietf.org/doc/html/rfc7230#section-3.3.1)
+
+Middleware Body Limit menegakkan ukuran body request maksimum dengan memeriksa header `Content-Length`. Mencegah payload besar yang dapat membebani server Anda.
+
+## Penggunaan Dasar
+
+Terapkan middleware body limit menggunakan middleware built-in Deserve:
+
+```typescript
+import { Router, Mware } from '@neabyte/deserve'
+
+const router = new Router()
+
+router.use(Mware.bodyLimit({
+  limit: 1024 * 1024 // 1MB limit
+}))
+
+await router.serve(8000)
+```
+
+## Limit Spesifik Rute
+
+Terapkan limit body berbeda pada route tertentu:
+
+```typescript
+// Limit 1MB untuk route umum
+router.use(Mware.bodyLimit({ limit: 1024 * 1024 }))
+
+// Limit 5MB untuk route upload
+router.use('/uploads', Mware.bodyLimit({ limit: 5 * 1024 * 1024 }))
+
+// Limit 10MB untuk route API
+router.use('/api', Mware.bodyLimit({ limit: 10 * 1024 * 1024 }))
+```
+
+## Opsi Konfigurasi
+
+### `limit`
+
+Ukuran body maksimum dalam bytes:
+
+```typescript
+// 1MB (1,048,576 bytes)
+limit: 1024 * 1024
+
+// 5MB (5,242,880 bytes)
+limit: 5 * 1024 * 1024
+
+// 10MB (10,485,760 bytes)
+limit: 10 * 1024 * 1024
+```
+
+## Cara Kerja
+
+Middleware memeriksa header `Content-Length` sebelum body dibaca:
+
+1. **Request GET/HEAD** - Secara otomatis dilewati (tidak ada body)
+2. **Content-Length ada** - Memvalidasi terhadap limit
+3. **Transfer-Encoding ada** - Melewati (chunked encoding)
+4. **Tidak ada header** - Melewati (ukuran tidak diketahui)
+
+### Kepatuhan RFC 7230
+
+Middleware mengikuti RFC 7230:
+- Jika `Transfer-Encoding` dan `Content-Length` keduanya ada, `Transfer-Encoding` memiliki prioritas dan ukuran body tidak divalidasi
+- Hanya memvalidasi `Content-Length` ketika `Transfer-Encoding` tidak ada
+- Menangani chunked encoding dengan melewati (tidak dapat memeriksa ukuran sebelumnya)
+
+## Contoh Lengkap
+
+```typescript
+import { Router, Mware } from '@neabyte/deserve'
+
+const router = new Router({ routesDir: './routes' })
+
+// Limit global 1MB
+router.use(Mware.bodyLimit({ limit: 1024 * 1024 }))
+
+// 5MB untuk upload file
+router.use('/uploads', Mware.bodyLimit({ limit: 5 * 1024 * 1024 }))
+
+// 10MB untuk route API
+router.use('/api', Mware.bodyLimit({ limit: 10 * 1024 * 1024 }))
+
+await router.serve(8000)
+```
+
+## Penanganan Error
+
+Body Limit secara otomatis menggunakan `router.catch()` jika didefinisikan:
+
+```typescript
+router.catch((ctx, { statusCode, error }) => {
+  if (statusCode === 413) {
+    return ctx.send.json(
+      { error: 'Request entity too large', message: error?.message },
+      { status: 413 }
+    )
+  }
+  return ctx.send.json({
+    error: error?.message ?? 'Error tidak diketahui'
+  }, { status: statusCode })
+})
+
+router.use(Mware.bodyLimit({ limit: 1024 * 1024 }))
+```
+
+Ketika limit terlampaui, middleware mengembalikan pesan `Request entity too large` dengan `status code: 413` sebelum body request dibaca.

src/Context.ts

@@ -1,4 +1,4 @@
-import type { ErrorHandler } from '@app/Types.ts'
+import type { ErrorHandler } from '@app/index.ts'
 
 /**
  * Request context class.

src/Handler.ts

@@ -1,16 +1,16 @@
-import type {
-  ErrorMiddleware,
-  Middleware,
-  MiddlewareEntry,
-  RouteHandler,
-  RouteMetadata,
-  ServeOptions,
-  StaticFileHandler
-} from '@app/Types.ts'
-import { FastRouter } from '@neabyte/fast-router'
+import {
+  Context,
+  type ErrorMiddleware,
+  type Middleware,
+  type MiddlewareEntry,
+  type RouteHandler,
+  type RouteMetadata,
+  type ServeOptions,
+  type StaticFileHandler
+} from '@app/index.ts'
 import { pathToFileURL } from 'node:url'
+import { FastRouter } from '@neabyte/fast-router'
 import { allowedExtensions, contentTypes, httpMethods } from '@app/Constant.ts'
-import { Context } from '@app/Context.ts'
 
 /**
  * Request handler class.

src/Router.ts

@@ -1,4 +1,4 @@
-import type { ErrorMiddleware, Middleware, RouterOptions, ServeOptions } from '@app/Types.ts'
+import type { ErrorMiddleware, Middleware, RouterOptions, ServeOptions } from '@app/index.ts'
 import { Handler } from '@app/Handler.ts'
 
 /**