fix: 429 rate limiting — reduce polling, add cache headers, improve error UX

- PositionChart: reduce price poll from 10s to 30s, chart from 60s to 300s
- /api/trading: add Cache-Control s-maxage=60 header on Supabase responses
- middleware: add /api/trading to CACHEABLE_ROUTES for CDN caching
- rate-limit: increase API limit from 60 to 120 req/min
- auto-trading page: show friendly 429 error with retry button

huggingface-space/nextjs-app/src/components/PositionChart.tsx

@@ -110,8 +110,8 @@ export default function PositionChart({
   exitPrice,
   exitDate,
   exitReason,
-  priceRefreshMs = 10_000,
-  chartRefreshMs = 60_000,
+  priceRefreshMs = 30_000,
+  chartRefreshMs = 300_000,
 }: PositionChartProps) {
   const [priceData, setPriceData] = useState<PricePoint[]>([])
   const [currentPrice, setCurrentPrice] = useState<number | null>(null)

nextjs-app/src/app/api/trading/route.ts

@@ -36,7 +36,9 @@ async function proxyGet(): Promise<NextResponse> {
       return await proxyGetHF()
     }
     const data = await resp.json()
-    return NextResponse.json(data)
+    return NextResponse.json(data, {
+      headers: { 'Cache-Control': 'public, s-maxage=60, stale-while-revalidate=120' },
+    })
   } catch {
     // Fallback to HF Space
     return await proxyGetHF()
@@ -70,6 +72,16 @@ async function proxyGetHF(): Promise<NextResponse> {
   }
 }
 
+function actionUnavailableResponse(action: unknown, rootError: string) {
+  return NextResponse.json({
+    success: false,
+    action: typeof action === 'string' ? action : null,
+    error: rootError,
+    hint: 'HF trading backend gecici olarak ulasilamaz durumda. Dashboard snapshot verisi okunabilir, ancak trading aksiyonlari su an calistirilamaz.',
+    unavailable: true,
+  })
+}
+
 async function proxyPost(body: Record<string, unknown>): Promise<NextResponse> {
   const controller = new AbortController()
   const timeout = setTimeout(() => controller.abort(), 120000)
@@ -82,16 +94,20 @@ async function proxyPost(body: Record<string, unknown>): Promise<NextResponse> {
     })
     if (!resp.ok) {
       const text = await resp.text().catch(() => '')
+      const errorMessage = `Trading action backend error (HTTP ${resp.status}): ${text}`
+      if (resp.status >= 500) {
+        return actionUnavailableResponse(body.action, errorMessage)
+      }
       return NextResponse.json(
-        { error: `Trading action backend error (HTTP ${resp.status}): ${text}` },
-        { status: resp.status >= 400 && resp.status < 500 ? resp.status : 502 }
+        { error: errorMessage },
+        { status: resp.status }
       )
     }
     const data = await resp.json()
     return NextResponse.json(data)
   } catch (e: unknown) {
     const msg = e instanceof Error ? e.message : 'Unknown'
-    return NextResponse.json({ error: `Trading action proxy failed: ${msg}` }, { status: 502 })
+    return actionUnavailableResponse(body.action, `Trading action proxy failed: ${msg}`)
   } finally {
     clearTimeout(timeout)
   }

nextjs-app/src/app/auto-trading/page.tsx

@@ -257,7 +257,7 @@ const EMPTY_PERFORMANCE: Performance = {
 export default function AutoTradingPage() {
   const { market } = useMarket()
   const isUS = market === 'us'
-  const t = (tr: string, en: string) => isUS ? en : tr
+  const t = useCallback((tr: string, en: string) => isUS ? en : tr, [isUS])
 
   const [data, setData] = useState<TradingData | null>(null)
   const [loading, setLoading] = useState(true)
@@ -284,7 +284,15 @@ export default function AutoTradingPage() {
       // The user's explicit market selection (from global context) takes
       // priority even when the snapshot has no data for that market.
     } catch (e: unknown) {
-      setError(e instanceof Error ? e.message : t('Veriler alınamadı', 'Failed to load data'))
+      const is429 = e instanceof Error && (e.message.includes('429') || (e as { status?: number }).status === 429)
+      if (is429) {
+        setError(t(
+          'Sunucu yoğun — lütfen 1 dakika bekleyip tekrar deneyin.',
+          'Server busy — please wait 1 minute and retry.'
+        ))
+      } else {
+        setError(e instanceof Error ? e.message : t('Veriler alınamadı', 'Failed to load data'))
+      }
     } finally {
       setLoading(false)
     }
@@ -312,7 +320,7 @@ export default function AutoTradingPage() {
 
       // Handle 403 gracefully (run/reset moved to worker)
       if (res.error && res.hint) {
-        setActionMessage(`${res.error}`)
+        setActionMessage(`${t('Hata', 'Error')}: ${res.error} ${res.hint}`)
         return
       }
       if (res.error) throw new Error(res.error)
@@ -356,14 +364,19 @@ export default function AutoTradingPage() {
   }
 
   if (error) {
+    const is429 = error.includes('429') || error.includes('yoğun') || error.includes('busy')
     return (
       <div className="min-h-screen bg-gray-50 flex items-center justify-center">
-        <div className="bg-red-900/30 border border-red-500/50 rounded-lg p-6 max-w-md text-center">
-          <AlertTriangle className="w-8 h-8 text-red-400 mx-auto mb-3" />
-          <p className="text-red-300 mb-4">{error}</p>
+        <div className={`${is429 ? 'bg-yellow-50 border-yellow-300' : 'bg-red-50 border-red-300'} border rounded-lg p-6 max-w-md text-center`}>
+          {is429 ? (
+            <Clock className="w-8 h-8 text-yellow-500 mx-auto mb-3" />
+          ) : (
+            <AlertTriangle className="w-8 h-8 text-red-500 mx-auto mb-3" />
+          )}
+          <p className={`${is429 ? 'text-yellow-700' : 'text-red-700'} mb-4`}>{error}</p>
           <button
             onClick={loadData}
-            className="px-4 py-2 bg-red-600 hover:bg-red-500 text-white rounded-lg text-sm"
+            className={`px-4 py-2 ${is429 ? 'bg-yellow-600 hover:bg-yellow-500' : 'bg-red-600 hover:bg-red-500'} text-white rounded-lg text-sm`}
           >
             {t('Tekrar Dene', 'Retry')}
           </button>
@@ -777,8 +790,8 @@ export default function AutoTradingPage() {
                     entryDate={p.entryDate}
                     quantity={p.quantity}
                     market={market}
-                    priceRefreshMs={10_000}
-                    chartRefreshMs={60_000}
+                    priceRefreshMs={30_000}
+                    chartRefreshMs={300_000}
                   />
                 ))}
               </div>

nextjs-app/src/components/PositionChart.tsx

@@ -111,8 +111,8 @@ export default function PositionChart({
   exitPrice,
   exitDate,
   exitReason,
-  priceRefreshMs = 10_000,
-  chartRefreshMs = 60_000,
+  priceRefreshMs = 30_000,
+  chartRefreshMs = 300_000,
   market = 'bist',
 }: PositionChartProps) {
   const isUS = market === 'us'
@@ -124,9 +124,14 @@ export default function PositionChart({
   const [lastUpdate, setLastUpdate] = useState<string>('')
   const [expanded, setExpanded] = useState(true)
   const mountedRef = useRef(true)
+  const currentPriceRef = useRef<number | null>(null)
 
   const isClosed = !!exitDate
 
+  useEffect(() => {
+    currentPriceRef.current = currentPrice
+  }, [currentPrice])
+
   // ─── Fetch full chart data ─────────────
   const fetchChart = useCallback(async () => {
     try {
@@ -139,7 +144,7 @@ export default function PositionChart({
         setPriceData(json.data)
         const last = json.data[json.data.length - 1]
         if (last) {
-          setPrevPrice(currentPrice)
+          setPrevPrice(currentPriceRef.current)
           setCurrentPrice(last.close)
         }
       }
@@ -160,7 +165,7 @@ export default function PositionChart({
       if (!mountedRef.current) return
       if (json.ok && json.data?.length > 0) {
         const last = json.data[json.data.length - 1]
-        setPrevPrice(currentPrice)
+        setPrevPrice(currentPriceRef.current)
         setCurrentPrice(last.close)
         setLastUpdate(new Date().toLocaleTimeString(isUS ? 'en-US' : 'tr-TR'))
       }

nextjs-app/src/lib/rate-limit.ts

@@ -81,8 +81,8 @@ export function getClientIp(headers: Headers): string {
 
 // ─── Rate limit presets ───
 
-/** General API: 60 requests per minute */
-export const API_RATE_LIMIT = { maxRequests: 60, windowMs: 60_000 }
+/** General API: 120 requests per minute */
+export const API_RATE_LIMIT = { maxRequests: 120, windowMs: 60_000 }
 
 /** Write operations (POST actions): 20 per minute */
 export const WRITE_RATE_LIMIT = { maxRequests: 20, windowMs: 60_000 }

nextjs-app/src/middleware.ts

@@ -40,6 +40,7 @@ const CACHEABLE_ROUTES: Record<string, string> = {
   '/api/stocks': 'public, s-maxage=60, stale-while-revalidate=120',
   '/api/stock-data': 'public, s-maxage=60, stale-while-revalidate=120',
   '/api/technical-analysis': 'public, s-maxage=120, stale-while-revalidate=300',
+  '/api/trading': 'public, s-maxage=60, stale-while-revalidate=120',
   '/api/universe': 'public, s-maxage=3600, stale-while-revalidate=7200',
   '/api/news': 'public, s-maxage=120, stale-while-revalidate=300',
   '/api/kap': 'public, s-maxage=60, stale-while-revalidate=120',