@orpc/server 0.0.0-next.62473ae → 0.0.0-next.624aa8b

package/dist/plugins/index.d.ts

@@ -1,31 +1,156 @@
-import { a as StandardHandlerInterceptorOptions, P as Plugin, b as StandardHandlerOptions } from '../shared/server.Drm1Lma3.js';
-export { C as CompositePlugin } from '../shared/server.Drm1Lma3.js';
-import { Value } from '@orpc/shared';
-import { C as Context } from '../shared/server.ptXwNGQr.js';
-import '@orpc/contract';
-import '@orpc/standard-server';
-import '@orpc/client';
+import { Value, Promisable } from '@orpc/shared';
+import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
+import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
+import { S as StandardHandlerInterceptorOptions, a as StandardHandlerPlugin, b as StandardHandlerOptions } from '../shared/server.-ACo36I0.js';
+import { C as Context, F as ProcedureClientInterceptorOptions } from '../shared/server.DD2C4ujN.js';
+import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
+import { ORPCError } from '@orpc/client';
 
-interface CORSOptions<TContext extends Context> {
-    origin?: Value<string | string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
-    timingOrigin?: Value<string | string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
-    allowMethods?: string[];
-    allowHeaders?: string[];
+interface BatchHandlerOptions<T extends Context> {
+    /**
+     * The max size of the batch allowed.
+     *
+     * @default 10
+     */
+    maxSize?: Value<Promisable<number>, [StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Map the request before processing it.
+     *
+     * @default merged back batch request headers into the request
+     */
+    mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
+    /**
+     * Success batch response status code.
+     *
+     * @default 207
+     */
+    successStatus?: Value<Promisable<number>, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * success batch response headers.
+     *
+     * @default {}
+     */
+    headers?: Value<Promisable<StandardHeaders>, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+}
+/**
+ * The Batch Request/Response Plugin allows you to combine multiple requests and responses into a single batch,
+ * reducing the overhead of sending each one separately.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/batch-request-response Batch Request/Response Plugin Docs}
+ */
+declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly maxSize;
+    private readonly mapRequestItem;
+    private readonly successStatus;
+    private readonly headers;
+    order: number;
+    constructor(options?: BatchHandlerOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface CORSOptions<T extends Context> {
+    origin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
+    timingOrigin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
+    allowMethods?: readonly string[];
+    allowHeaders?: readonly string[];
     maxAge?: number;
     credentials?: boolean;
-    exposeHeaders?: string[];
+    exposeHeaders?: readonly string[];
 }
-declare class CORSPlugin<TContext extends Context> implements Plugin<TContext> {
+/**
+ * CORSPlugin is a plugin for oRPC that allows you to configure CORS for your API.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/cors CORS Plugin Docs}
+ */
+declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
     private readonly options;
-    constructor(options?: Partial<CORSOptions<TContext>>);
-    init(options: StandardHandlerOptions<TContext>): void;
+    order: number;
+    constructor(options?: CORSOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
 interface ResponseHeadersPluginContext {
     resHeaders?: Headers;
 }
-declare class ResponseHeadersPlugin<TContext extends ResponseHeadersPluginContext & Context> implements Plugin<TContext> {
-    init(options: StandardHandlerOptions<TContext>): void;
+/**
+ * The Response Headers Plugin allows you to set response headers in oRPC.
+ * It injects a resHeaders instance into the context, enabling you to modify response headers easily.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/response-headers Response Headers Plugin Docs}
+ */
+declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> implements StandardHandlerPlugin<T> {
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
+    /**
+     * The name of the header to check.
+     *
+     * @default 'x-csrf-token'
+     */
+    headerName?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * The value of the header to check.
+     *
+     * @default 'orpc'
+     *
+     */
+    headerValue?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Exclude a procedure from the plugin.
+     *
+     * @default false
+     *
+     */
+    exclude?: Value<Promisable<boolean>, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
+    /**
+     * The error thrown when the CSRF token is invalid.
+     *
+     * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
+     *   status: 403,
+     *   message: 'Invalid CSRF token',
+     * })
+     */
+    error?: InstanceType<typeof ORPCError>;
+}
+/**
+ * This plugin adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
+ * It helps ensure that requests to your procedures originate from JavaScript code,
+ * not from other sources like standard HTML forms or direct browser navigation.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/simple-csrf-protection Simple CSRF Protection Plugin Docs}
+ */
+declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly headerName;
+    private readonly headerValue;
+    private readonly exclude;
+    private readonly error;
+    constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
+    order: number;
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface StrictGetMethodPluginOptions {
+    /**
+     * The error thrown when a GET request is made to a procedure that doesn't allow GET.
+     *
+     * @default new ORPCError('METHOD_NOT_SUPPORTED')
+     */
+    error?: InstanceType<typeof ORPCError$1>;
+}
+/**
+ * This plugin enhances security by ensuring only procedures explicitly marked to accept GET requests
+ * can be called using the HTTP GET method for RPC Protocol. This helps prevent certain types of
+ * Cross-Site Request Forgery (CSRF) attacks.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/strict-get-method Strict Get Method Plugin Docs}
+ */
+declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly error;
+    order: number;
+    constructor(options?: StrictGetMethodPluginOptions);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
-export { type CORSOptions, CORSPlugin, Plugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext };
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
+export type { BatchHandlerOptions, CORSOptions, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };

package/dist/plugins/index.mjs

@@ -1,9 +1,111 @@
-export { C as CompositePlugin } from '../shared/server.Q6ZmnTgO.mjs';
-import { value } from '@orpc/shared';
+import { value, isAsyncIteratorObject } from '@orpc/shared';
+import { parseBatchRequest, toBatchResponse } from '@orpc/standard-server/batch';
+import { flattenHeader } from '@orpc/standard-server';
+import { ORPCError } from '@orpc/client';
+export { S as StrictGetMethodPlugin } from '../shared/server.BW-nUGgA.mjs';
+import '@orpc/contract';
+
+class BatchHandlerPlugin {
+  maxSize;
+  mapRequestItem;
+  successStatus;
+  headers;
+  order = 5e6;
+  constructor(options = {}) {
+    this.maxSize = options.maxSize ?? 10;
+    this.mapRequestItem = options.mapRequestItem ?? ((request, { request: batchRequest }) => ({
+      ...request,
+      headers: {
+        ...batchRequest.headers,
+        ...request.headers
+      }
+    }));
+    this.successStatus = options.successStatus ?? 207;
+    this.headers = options.headers ?? {};
+  }
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      if (options2.request.headers["x-orpc-batch"] !== "1") {
+        return options2.next();
+      }
+      let isParsing = false;
+      try {
+        isParsing = true;
+        const parsed = parseBatchRequest({ ...options2.request, body: await options2.request.body() });
+        isParsing = false;
+        const maxSize = await value(this.maxSize, options2);
+        if (parsed.length > maxSize) {
+          return {
+            matched: true,
+            response: {
+              status: 413,
+              headers: {},
+              body: "Batch request size exceeds the maximum allowed size"
+            }
+          };
+        }
+        const responses = parsed.map(
+          (request, index) => {
+            const mapped = this.mapRequestItem(request, options2);
+            return options2.next({ ...options2, request: { ...mapped, body: () => Promise.resolve(mapped.body) } }).then(({ response: response2, matched }) => {
+              if (matched) {
+                if (response2.body instanceof Blob || response2.body instanceof FormData || isAsyncIteratorObject(response2.body)) {
+                  return {
+                    index,
+                    status: 500,
+                    headers: {},
+                    body: "Batch responses do not support file/blob, or event-iterator. Please call this procedure separately outside of the batch request."
+                  };
+                }
+                return { ...response2, index };
+              }
+              return { index, status: 404, headers: {}, body: "No procedure matched" };
+            }).catch(() => {
+              return { index, status: 500, headers: {}, body: "Internal server error" };
+            });
+          }
+        );
+        await Promise.race(responses);
+        const status = await value(this.successStatus, responses, options2);
+        const headers = await value(this.headers, responses, options2);
+        const response = toBatchResponse({
+          status,
+          headers,
+          body: async function* () {
+            const promises = [...responses];
+            while (true) {
+              const handling = promises.filter((p) => p !== void 0);
+              if (handling.length === 0) {
+                return;
+              }
+              const result = await Promise.race(handling);
+              promises[result.index] = void 0;
+              yield result;
+            }
+          }()
+        });
+        return {
+          matched: true,
+          response
+        };
+      } catch (cause) {
+        if (isParsing) {
+          return {
+            matched: true,
+            response: { status: 400, headers: {}, body: "Invalid batch request, this could be caused by a malformed request body or a missing header" }
+          };
+        }
+        throw cause;
+      }
+    });
+  }
+}
 
 class CORSPlugin {
   options;
-  constructor(options) {
+  order = 9e6;
+  constructor(options = {}) {
     const defaults = {
       origin: (origin) => origin,
       allowMethods: ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"]
@@ -22,13 +124,11 @@ class CORSPlugin {
           resHeaders["access-control-max-age"] = this.options.maxAge.toString();
         }
         if (this.options.allowMethods?.length) {
-          resHeaders["access-control-allow-methods"] = this.options.allowMethods.join(",");
+          resHeaders["access-control-allow-methods"] = flattenHeader(this.options.allowMethods);
         }
         const allowHeaders = this.options.allowHeaders ?? interceptorOptions.request.headers["access-control-request-headers"];
-        if (Array.isArray(allowHeaders) && allowHeaders.length) {
-          resHeaders["access-control-allow-headers"] = allowHeaders.join(",");
-        } else if (typeof allowHeaders === "string") {
-          resHeaders["access-control-allow-headers"] = allowHeaders;
+        if (typeof allowHeaders === "string" || allowHeaders?.length) {
+          resHeaders["access-control-allow-headers"] = flattenHeader(allowHeaders);
         }
         return {
           matched: true,
@@ -46,7 +146,7 @@ class CORSPlugin {
       if (!result.matched) {
         return result;
       }
-      const origin = Array.isArray(interceptorOptions.request.headers.origin) ? interceptorOptions.request.headers.origin.join(",") : interceptorOptions.request.headers.origin || "";
+      const origin = flattenHeader(interceptorOptions.request.headers.origin) ?? "";
       const allowedOrigin = await value(this.options.origin, origin, interceptorOptions);
       const allowedOriginArr = Array.isArray(allowedOrigin) ? allowedOrigin : [allowedOrigin];
       if (allowedOriginArr.includes("*")) {
@@ -68,7 +168,7 @@ class CORSPlugin {
         result.response.headers["access-control-allow-credentials"] = "true";
       }
       if (this.options.exposeHeaders?.length) {
-        result.response.headers["access-control-expose-headers"] = this.options.exposeHeaders.join(",");
+        result.response.headers["access-control-expose-headers"] = flattenHeader(this.options.exposeHeaders);
       }
       return result;
     });
@@ -79,14 +179,19 @@ class ResponseHeadersPlugin {
   init(options) {
     options.rootInterceptors ??= [];
     options.rootInterceptors.push(async (interceptorOptions) => {
-      const headers = new Headers();
-      interceptorOptions.context.resHeaders = headers;
-      const result = await interceptorOptions.next();
+      const resHeaders = interceptorOptions.context.resHeaders ?? new Headers();
+      const result = await interceptorOptions.next({
+        ...interceptorOptions,
+        context: {
+          ...interceptorOptions.context,
+          resHeaders
+        }
+      });
       if (!result.matched) {
         return result;
       }
       const responseHeaders = result.response.headers;
-      for (const [key, value] of headers) {
+      for (const [key, value] of resHeaders) {
         if (Array.isArray(responseHeaders[key])) {
           responseHeaders[key].push(value);
         } else if (responseHeaders[key] !== void 0) {
@@ -100,4 +205,47 @@ class ResponseHeadersPlugin {
   }
 }
 
-export { CORSPlugin, ResponseHeadersPlugin };
+const SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL = Symbol("SIMPLE_CSRF_PROTECTION_CONTEXT");
+class SimpleCsrfProtectionHandlerPlugin {
+  headerName;
+  headerValue;
+  exclude;
+  error;
+  constructor(options = {}) {
+    this.headerName = options.headerName ?? "x-csrf-token";
+    this.headerValue = options.headerValue ?? "orpc";
+    this.exclude = options.exclude ?? false;
+    this.error = options.error ?? new ORPCError("CSRF_TOKEN_MISMATCH", {
+      status: 403,
+      message: "Invalid CSRF token"
+    });
+  }
+  order = 8e6;
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.clientInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      const headerName = await value(this.headerName, options2);
+      const headerValue = await value(this.headerValue, options2);
+      return options2.next({
+        ...options2,
+        context: {
+          ...options2.context,
+          [SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]: options2.request.headers[headerName] === headerValue
+        }
+      });
+    });
+    options.clientInterceptors.unshift(async (options2) => {
+      if (typeof options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL] !== "boolean") {
+        throw new TypeError("[SimpleCsrfProtectionHandlerPlugin] CSRF protection context has been corrupted or modified by another plugin or interceptor");
+      }
+      const excluded = await value(this.exclude, options2);
+      if (!excluded && !options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]) {
+        throw this.error;
+      }
+      return options2.next();
+    });
+  }
+}
+
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin };

package/dist/shared/server.-ACo36I0.d.ts

@@ -0,0 +1,74 @@
+import { HTTPPath, ORPCError } from '@orpc/client';
+import { Meta } from '@orpc/contract';
+import { Interceptor } from '@orpc/shared';
+import { StandardResponse, StandardLazyRequest } from '@orpc/standard-server';
+import { C as Context, R as Router, f as AnyRouter, h as AnyProcedure, F as ProcedureClientInterceptorOptions } from './server.DD2C4ujN.js';
+
+interface StandardHandlerPlugin<T extends Context> {
+    order?: number;
+    init?(options: StandardHandlerOptions<T>, router: Router<any, T>): void;
+}
+declare class CompositeStandardHandlerPlugin<T extends Context, TPlugin extends StandardHandlerPlugin<T>> implements StandardHandlerPlugin<T> {
+    protected readonly plugins: TPlugin[];
+    constructor(plugins?: readonly TPlugin[]);
+    init(options: StandardHandlerOptions<T>, router: Router<any, T>): void;
+}
+
+type StandardParams = Record<string, string>;
+type StandardMatchResult = {
+    path: readonly string[];
+    procedure: AnyProcedure;
+    params?: StandardParams;
+} | undefined;
+interface StandardMatcher {
+    init(router: AnyRouter): void;
+    match(method: string, pathname: HTTPPath): Promise<StandardMatchResult>;
+}
+interface StandardCodec {
+    encode(output: unknown, procedure: AnyProcedure): StandardResponse;
+    encodeError(error: ORPCError<any, any>): StandardResponse;
+    decode(request: StandardLazyRequest, params: StandardParams | undefined, procedure: AnyProcedure): Promise<unknown>;
+}
+
+interface StandardHandleOptions<T extends Context> {
+    prefix?: HTTPPath;
+    context: T;
+}
+type StandardHandleResult = {
+    matched: true;
+    response: StandardResponse;
+} | {
+    matched: false;
+    response: undefined;
+};
+interface StandardHandlerInterceptorOptions<T extends Context> extends StandardHandleOptions<T> {
+    request: StandardLazyRequest;
+}
+interface StandardHandlerOptions<TContext extends Context> {
+    plugins?: StandardHandlerPlugin<TContext>[];
+    /**
+     * Interceptors at the request level, helpful when you want catch errors
+     */
+    interceptors?: Interceptor<StandardHandlerInterceptorOptions<TContext>, Promise<StandardHandleResult>>[];
+    /**
+     * Interceptors at the root level, helpful when you want override the request/response
+     */
+    rootInterceptors?: Interceptor<StandardHandlerInterceptorOptions<TContext>, Promise<StandardHandleResult>>[];
+    /**
+     *
+     * Interceptors for procedure client.
+     */
+    clientInterceptors?: Interceptor<ProcedureClientInterceptorOptions<TContext, Record<never, never>, Meta>, Promise<unknown>>[];
+}
+declare class StandardHandler<T extends Context> {
+    private readonly matcher;
+    private readonly codec;
+    private readonly interceptors;
+    private readonly clientInterceptors;
+    private readonly rootInterceptors;
+    constructor(router: Router<any, T>, matcher: StandardMatcher, codec: StandardCodec, options: NoInfer<StandardHandlerOptions<T>>);
+    handle(request: StandardLazyRequest, options: StandardHandleOptions<T>): Promise<StandardHandleResult>;
+}
+
+export { CompositeStandardHandlerPlugin as C, StandardHandler as i };
+export type { StandardHandlerInterceptorOptions as S, StandardHandlerPlugin as a, StandardHandlerOptions as b, StandardCodec as c, StandardParams as d, StandardMatcher as e, StandardMatchResult as f, StandardHandleOptions as g, StandardHandleResult as h };

package/dist/shared/{server.DKrKGnk2.mjs → server.4FnxLwwr.mjs}

@@ -1,51 +1,69 @@
+import { toHttpPath, StandardRPCJsonSerializer, StandardRPCSerializer } from '@orpc/client/standard';
 import { ORPCError, toORPCError } from '@orpc/client';
-import { intercept, trim, parseEmptyableJSON } from '@orpc/shared';
-import { C as CompositePlugin } from './server.Q6ZmnTgO.mjs';
-import { c as createProcedureClient, e as eachContractProcedure, a as convertPathToHttpPath, i as isProcedure, u as unlazy, g as getRouterChild, b as createContractedProcedure } from './server.V6zT5iYQ.mjs';
+import { toArray, intercept, parseEmptyableJSON } from '@orpc/shared';
+import { flattenHeader } from '@orpc/standard-server';
+import { c as createProcedureClient, t as traverseContractProcedures, i as isProcedure, u as unlazy, g as getRouter, a as createContractedProcedure } from './server.DG7Tamti.mjs';
+
+class CompositeStandardHandlerPlugin {
+  plugins;
+  constructor(plugins = []) {
+    this.plugins = [...plugins].sort((a, b) => (a.order ?? 0) - (b.order ?? 0));
+  }
+  init(options, router) {
+    for (const plugin of this.plugins) {
+      plugin.init?.(options, router);
+    }
+  }
+}
 
 class StandardHandler {
   constructor(router, matcher, codec, options) {
     this.matcher = matcher;
     this.codec = codec;
-    this.options = options;
-    this.plugin = new CompositePlugin(options.plugins);
-    this.plugin.init(this.options);
+    const plugins = new CompositeStandardHandlerPlugin(options.plugins);
+    plugins.init(options, router);
+    this.interceptors = toArray(options.interceptors);
+    this.clientInterceptors = toArray(options.clientInterceptors);
+    this.rootInterceptors = toArray(options.rootInterceptors);
     this.matcher.init(router);
   }
-  plugin;
-  handle(request, ...[options]) {
+  interceptors;
+  clientInterceptors;
+  rootInterceptors;
+  async handle(request, options) {
+    const prefix = options.prefix?.replace(/\/$/, "") || void 0;
+    if (prefix && !request.url.pathname.startsWith(`${prefix}/`) && request.url.pathname !== prefix) {
+      return { matched: false, response: void 0 };
+    }
     return intercept(
-      this.options.rootInterceptors ?? [],
-      {
-        request,
-        ...options,
-        context: options?.context ?? {}
-        // context is optional only when all fields are optional so we can safely force it to have a context
-      },
+      this.rootInterceptors,
+      { ...options, request, prefix },
       async (interceptorOptions) => {
         let isDecoding = false;
         try {
           return await intercept(
-            this.options.interceptors ?? [],
+            this.interceptors,
             interceptorOptions,
-            async (interceptorOptions2) => {
-              const method = interceptorOptions2.request.method;
-              const url = interceptorOptions2.request.url;
-              const pathname = `/${trim(url.pathname.replace(interceptorOptions2.prefix ?? "", ""), "/")}`;
-              const match = await this.matcher.match(method, pathname);
+            async ({ request: request2, context, prefix: prefix2 }) => {
+              const method = request2.method;
+              const url = request2.url;
+              const pathname = prefix2 ? url.pathname.replace(prefix2, "") : url.pathname;
+              const match = await this.matcher.match(method, `/${pathname.replace(/^\/|\/$/g, "")}`);
               if (!match) {
                 return { matched: false, response: void 0 };
               }
               const client = createProcedureClient(match.procedure, {
-                context: interceptorOptions2.context,
+                context,
                 path: match.path,
-                interceptors: this.options.clientInterceptors
+                interceptors: this.clientInterceptors
               });
               isDecoding = true;
-              const input = await this.codec.decode(request, match.params, match.procedure);
+              const input = await this.codec.decode(request2, match.params, match.procedure);
               isDecoding = false;
-              const lastEventId = Array.isArray(request.headers["last-event-id"]) ? request.headers["last-event-id"].at(-1) : request.headers["last-event-id"];
-              const output = await client(input, { signal: request.signal, lastEventId });
+              const output = await client(input, {
+                signal: request2.signal,
+                lastEventId: flattenHeader(request2.headers["last-event-id"])
+              });
               const response = this.codec.encode(output, match.procedure);
               return {
                 matched: true,
@@ -54,7 +72,7 @@ class StandardHandler {
             }
           );
         } catch (e) {
-          const error = isDecoding ? new ORPCError("BAD_REQUEST", {
+          const error = isDecoding && !(e instanceof ORPCError) ? new ORPCError("BAD_REQUEST", {
             message: `Malformed request. Ensure the request body is properly formatted and the 'Content-Type' header is set correctly.`,
             cause: e
           }) : toORPCError(e);
@@ -69,7 +87,7 @@ class StandardHandler {
   }
 }
 
-class RPCCodec {
+class StandardRPCCodec {
   constructor(serializer) {
     this.serializer = serializer;
   }
@@ -93,15 +111,12 @@ class RPCCodec {
   }
 }
 
-class RPCMatcher {
+class StandardRPCMatcher {
   tree = {};
   pendingRouters = [];
   init(router, path = []) {
-    const laziedOptions = eachContractProcedure({
-      router,
-      path
-    }, ({ path: path2, contract }) => {
-      const httpPath = convertPathToHttpPath(path2);
+    const laziedOptions = traverseContractProcedures({ router, path }, ({ path: path2, contract }) => {
+      const httpPath = toHttpPath(path2);
       if (isProcedure(contract)) {
         this.tree[httpPath] = {
           path: path2,
@@ -121,7 +136,7 @@ class RPCMatcher {
     });
     this.pendingRouters.push(...laziedOptions.map((option) => ({
       ...option,
-      httpPathPrefix: convertPathToHttpPath(option.path)
+      httpPathPrefix: toHttpPath(option.path)
     })));
   }
   async match(_method, pathname) {
@@ -129,7 +144,7 @@ class RPCMatcher {
       const newPendingRouters = [];
       for (const pendingRouter of this.pendingRouters) {
         if (pathname.startsWith(pendingRouter.httpPathPrefix)) {
-          const { default: router } = await unlazy(pendingRouter.lazied);
+          const { default: router } = await unlazy(pendingRouter.router);
           this.init(router, pendingRouter.path);
         } else {
           newPendingRouters.push(pendingRouter);
@@ -142,14 +157,14 @@ class RPCMatcher {
       return void 0;
     }
     if (!match.procedure) {
-      const { default: maybeProcedure } = await unlazy(getRouterChild(match.router, ...match.path));
+      const { default: maybeProcedure } = await unlazy(getRouter(match.router, match.path));
       if (!isProcedure(maybeProcedure)) {
         throw new Error(`
-          [Contract-First] Missing or invalid implementation for procedure at path: ${convertPathToHttpPath(match.path)}.
+          [Contract-First] Missing or invalid implementation for procedure at path: ${toHttpPath(match.path)}.
           Ensure that the procedure is correctly defined and matches the expected contract.
         `);
       }
-      match.procedure = createContractedProcedure(match.contract, maybeProcedure);
+      match.procedure = createContractedProcedure(maybeProcedure, match.contract);
     }
     return {
       path: match.path,
@@ -158,4 +173,14 @@ class RPCMatcher {
   }
 }
 
-export { RPCCodec as R, StandardHandler as S, RPCMatcher as a };
+class StandardRPCHandler extends StandardHandler {
+  constructor(router, options = {}) {
+    const jsonSerializer = new StandardRPCJsonSerializer(options);
+    const serializer = new StandardRPCSerializer(jsonSerializer);
+    const matcher = new StandardRPCMatcher();
+    const codec = new StandardRPCCodec(serializer);
+    super(router, matcher, codec, options);
+  }
+}
+
+export { CompositeStandardHandlerPlugin as C, StandardHandler as S, StandardRPCCodec as a, StandardRPCHandler as b, StandardRPCMatcher as c };

package/dist/shared/server.BPAWobQg.d.ts

@@ -0,0 +1,12 @@
+import { StandardRPCJsonSerializerOptions } from '@orpc/client/standard';
+import { C as Context, R as Router } from './server.DD2C4ujN.js';
+import { b as StandardHandlerOptions, i as StandardHandler } from './server.-ACo36I0.js';
+
+interface StandardRPCHandlerOptions<T extends Context> extends StandardHandlerOptions<T>, StandardRPCJsonSerializerOptions {
+}
+declare class StandardRPCHandler<T extends Context> extends StandardHandler<T> {
+    constructor(router: Router<any, T>, options?: StandardRPCHandlerOptions<T>);
+}
+
+export { StandardRPCHandler as a };
+export type { StandardRPCHandlerOptions as S };