@orpc/server 0.0.0-next.a246703 → 0.0.0-next.a2b3a55

package/dist/plugins/index.d.mts

@@ -1,9 +1,46 @@
-import { b as StandardHandlerInterceptorOptions, c as StandardHandlerPlugin, a as StandardHandlerOptions } from '../shared/server.BMkFIQUb.mjs';
 import { Value } from '@orpc/shared';
-import { C as Context } from '../shared/server.D0YVcfZk.mjs';
-import '@orpc/client';
-import '@orpc/contract';
-import '@orpc/standard-server';
+import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
+import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
+import { S as StandardHandlerInterceptorOptions, a as StandardHandlerPlugin, b as StandardHandlerOptions } from '../shared/server.B1oIHH_j.mjs';
+import { C as Context, F as ProcedureClientInterceptorOptions } from '../shared/server.BVHsfJ99.mjs';
+import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
+import { ORPCError } from '@orpc/client';
+
+interface BatchHandlerOptions<T extends Context> {
+    /**
+     * The max size of the batch allowed.
+     *
+     * @default 10
+     */
+    maxSize?: Value<number, [StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Map the request before processing it.
+     *
+     * @default merged back batch request headers into the request
+     */
+    mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
+    /**
+     * Success batch response status code.
+     *
+     * @default 207
+     */
+    successStatus?: Value<number, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * success batch response headers.
+     *
+     * @default {}
+     */
+    headers?: Value<StandardHeaders, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+}
+declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly maxSize;
+    private readonly mapRequestItem;
+    private readonly successStatus;
+    private readonly headers;
+    order: number;
+    constructor(options?: BatchHandlerOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
+}
 
 interface CORSOptions<T extends Context> {
     origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
@@ -16,6 +53,7 @@ interface CORSOptions<T extends Context> {
 }
 declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
     private readonly options;
+    order: number;
     constructor(options?: CORSOptions<T>);
     init(options: StandardHandlerOptions<T>): void;
 }
@@ -27,4 +65,61 @@ declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> impl
     init(options: StandardHandlerOptions<T>): void;
 }
 
-export { type CORSOptions, CORSPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext };
+interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
+    /**
+     * The name of the header to check.
+     *
+     * @default 'x-csrf-token'
+     */
+    headerName?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * The value of the header to check.
+     *
+     * @default 'orpc'
+     *
+     */
+    headerValue?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Exclude a procedure from the plugin.
+     *
+     * @default false
+     *
+     */
+    exclude?: Value<boolean, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
+    /**
+     * The error thrown when the CSRF token is invalid.
+     *
+     * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
+     *   status: 403,
+     *   message: 'Invalid CSRF token',
+     * })
+     */
+    error?: InstanceType<typeof ORPCError>;
+}
+declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly headerName;
+    private readonly headerValue;
+    private readonly exclude;
+    private readonly error;
+    constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
+    order: number;
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface StrictGetMethodPluginOptions {
+    /**
+     * The error thrown when a GET request is made to a procedure that doesn't allow GET.
+     *
+     * @default new ORPCError('METHOD_NOT_SUPPORTED')
+     */
+    error?: InstanceType<typeof ORPCError$1>;
+}
+declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly error;
+    order: number;
+    constructor(options?: StrictGetMethodPluginOptions);
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
+export type { BatchHandlerOptions, CORSOptions, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };

package/dist/plugins/index.d.ts

@@ -1,9 +1,46 @@
-import { b as StandardHandlerInterceptorOptions, c as StandardHandlerPlugin, a as StandardHandlerOptions } from '../shared/server.ywWqDZgA.js';
 import { Value } from '@orpc/shared';
-import { C as Context } from '../shared/server.D0YVcfZk.js';
-import '@orpc/client';
-import '@orpc/contract';
-import '@orpc/standard-server';
+import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
+import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
+import { S as StandardHandlerInterceptorOptions, a as StandardHandlerPlugin, b as StandardHandlerOptions } from '../shared/server.CaWivVk3.js';
+import { C as Context, F as ProcedureClientInterceptorOptions } from '../shared/server.BVHsfJ99.js';
+import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
+import { ORPCError } from '@orpc/client';
+
+interface BatchHandlerOptions<T extends Context> {
+    /**
+     * The max size of the batch allowed.
+     *
+     * @default 10
+     */
+    maxSize?: Value<number, [StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Map the request before processing it.
+     *
+     * @default merged back batch request headers into the request
+     */
+    mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
+    /**
+     * Success batch response status code.
+     *
+     * @default 207
+     */
+    successStatus?: Value<number, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * success batch response headers.
+     *
+     * @default {}
+     */
+    headers?: Value<StandardHeaders, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+}
+declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly maxSize;
+    private readonly mapRequestItem;
+    private readonly successStatus;
+    private readonly headers;
+    order: number;
+    constructor(options?: BatchHandlerOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
+}
 
 interface CORSOptions<T extends Context> {
     origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
@@ -16,6 +53,7 @@ interface CORSOptions<T extends Context> {
 }
 declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
     private readonly options;
+    order: number;
     constructor(options?: CORSOptions<T>);
     init(options: StandardHandlerOptions<T>): void;
 }
@@ -27,4 +65,61 @@ declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> impl
     init(options: StandardHandlerOptions<T>): void;
 }
 
-export { type CORSOptions, CORSPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext };
+interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
+    /**
+     * The name of the header to check.
+     *
+     * @default 'x-csrf-token'
+     */
+    headerName?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * The value of the header to check.
+     *
+     * @default 'orpc'
+     *
+     */
+    headerValue?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Exclude a procedure from the plugin.
+     *
+     * @default false
+     *
+     */
+    exclude?: Value<boolean, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
+    /**
+     * The error thrown when the CSRF token is invalid.
+     *
+     * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
+     *   status: 403,
+     *   message: 'Invalid CSRF token',
+     * })
+     */
+    error?: InstanceType<typeof ORPCError>;
+}
+declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly headerName;
+    private readonly headerValue;
+    private readonly exclude;
+    private readonly error;
+    constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
+    order: number;
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface StrictGetMethodPluginOptions {
+    /**
+     * The error thrown when a GET request is made to a procedure that doesn't allow GET.
+     *
+     * @default new ORPCError('METHOD_NOT_SUPPORTED')
+     */
+    error?: InstanceType<typeof ORPCError$1>;
+}
+declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly error;
+    order: number;
+    constructor(options?: StrictGetMethodPluginOptions);
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
+export type { BatchHandlerOptions, CORSOptions, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };

package/dist/plugins/index.mjs

@@ -1,7 +1,109 @@
-import { value } from '@orpc/shared';
+import { value, isAsyncIteratorObject } from '@orpc/shared';
+import { parseBatchRequest, toBatchResponse } from '@orpc/standard-server/batch';
+import { ORPCError } from '@orpc/client';
+export { S as StrictGetMethodPlugin } from '../shared/server.BW-nUGgA.mjs';
+import '@orpc/contract';
+
+class BatchHandlerPlugin {
+  maxSize;
+  mapRequestItem;
+  successStatus;
+  headers;
+  order = 5e6;
+  constructor(options = {}) {
+    this.maxSize = options.maxSize ?? 10;
+    this.mapRequestItem = options.mapRequestItem ?? ((request, { request: batchRequest }) => ({
+      ...request,
+      headers: {
+        ...batchRequest.headers,
+        ...request.headers
+      }
+    }));
+    this.successStatus = options.successStatus ?? 207;
+    this.headers = options.headers ?? {};
+  }
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      if (options2.request.headers["x-orpc-batch"] !== "1") {
+        return options2.next();
+      }
+      let isParsing = false;
+      try {
+        isParsing = true;
+        const parsed = parseBatchRequest({ ...options2.request, body: await options2.request.body() });
+        isParsing = false;
+        const maxSize = await value(this.maxSize, options2);
+        if (parsed.length > maxSize) {
+          return {
+            matched: true,
+            response: {
+              status: 413,
+              headers: {},
+              body: "Batch request size exceeds the maximum allowed size"
+            }
+          };
+        }
+        const responses = parsed.map(
+          (request, index) => {
+            const mapped = this.mapRequestItem(request, options2);
+            return options2.next({ ...options2, request: { ...mapped, body: () => Promise.resolve(mapped.body) } }).then(({ response: response2, matched }) => {
+              if (matched) {
+                if (response2.body instanceof Blob || response2.body instanceof FormData || isAsyncIteratorObject(response2.body)) {
+                  return {
+                    index,
+                    status: 500,
+                    headers: {},
+                    body: "Batch responses do not support file/blob, or event-iterator. Please call this procedure separately outside of the batch request."
+                  };
+                }
+                return { ...response2, index };
+              }
+              return { index, status: 404, headers: {}, body: "No procedure matched" };
+            }).catch(() => {
+              return { index, status: 500, headers: {}, body: "Internal server error" };
+            });
+          }
+        );
+        await Promise.race(responses);
+        const status = await value(this.successStatus, responses, options2);
+        const headers = await value(this.headers, responses, options2);
+        const response = toBatchResponse({
+          status,
+          headers,
+          body: async function* () {
+            const promises = [...responses];
+            while (true) {
+              const handling = promises.filter((p) => p !== void 0);
+              if (handling.length === 0) {
+                return;
+              }
+              const result = await Promise.race(handling);
+              promises[result.index] = void 0;
+              yield result;
+            }
+          }()
+        });
+        return {
+          matched: true,
+          response
+        };
+      } catch (cause) {
+        if (isParsing) {
+          return {
+            matched: true,
+            response: { status: 400, headers: {}, body: "Invalid batch request, this could be caused by a malformed request body or a missing header" }
+          };
+        }
+        throw cause;
+      }
+    });
+  }
+}
 
 class CORSPlugin {
   options;
+  order = 9e6;
   constructor(options = {}) {
     const defaults = {
       origin: (origin) => origin,
@@ -104,4 +206,47 @@ class ResponseHeadersPlugin {
   }
 }
 
-export { CORSPlugin, ResponseHeadersPlugin };
+const SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL = Symbol("SIMPLE_CSRF_PROTECTION_CONTEXT");
+class SimpleCsrfProtectionHandlerPlugin {
+  headerName;
+  headerValue;
+  exclude;
+  error;
+  constructor(options = {}) {
+    this.headerName = options.headerName ?? "x-csrf-token";
+    this.headerValue = options.headerValue ?? "orpc";
+    this.exclude = options.exclude ?? false;
+    this.error = options.error ?? new ORPCError("CSRF_TOKEN_MISMATCH", {
+      status: 403,
+      message: "Invalid CSRF token"
+    });
+  }
+  order = 8e6;
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.clientInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      const headerName = await value(this.headerName, options2);
+      const headerValue = await value(this.headerValue, options2);
+      return options2.next({
+        ...options2,
+        context: {
+          ...options2.context,
+          [SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]: options2.request.headers[headerName] === headerValue
+        }
+      });
+    });
+    options.clientInterceptors.unshift(async (options2) => {
+      if (typeof options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL] !== "boolean") {
+        throw new TypeError("[SimpleCsrfProtectionHandlerPlugin] CSRF protection context has been corrupted or modified by another plugin or interceptor");
+      }
+      const excluded = await value(this.exclude, options2);
+      if (!excluded && !options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]) {
+        throw this.error;
+      }
+      return options2.next();
+    });
+  }
+}
+
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin };

package/dist/shared/{server.ywWqDZgA.d.ts → server.B1oIHH_j.d.mts}

@@ -1,8 +1,18 @@
 import { HTTPPath, ORPCError } from '@orpc/client';
-import { AnySchema, Meta, InferSchemaOutput, ErrorFromErrorMap } from '@orpc/contract';
-import { Interceptor } from '@orpc/shared';
+import { Meta, InferSchemaOutput, AnySchema, ErrorFromErrorMap } from '@orpc/contract';
+import { Interceptor, ThrowableError } from '@orpc/shared';
 import { StandardResponse, StandardLazyRequest } from '@orpc/standard-server';
-import { a as AnyRouter, A as AnyProcedure, C as Context, P as ProcedureClientInterceptorOptions, R as Router } from './server.D0YVcfZk.js';
+import { C as Context, f as AnyRouter, h as AnyProcedure, F as ProcedureClientInterceptorOptions, R as Router } from './server.BVHsfJ99.mjs';
+
+interface StandardHandlerPlugin<TContext extends Context> {
+    order?: number;
+    init?(options: StandardHandlerOptions<TContext>): void;
+}
+declare class CompositeStandardHandlerPlugin<T extends Context, TPlugin extends StandardHandlerPlugin<T>> implements StandardHandlerPlugin<T> {
+    protected readonly plugins: TPlugin[];
+    constructor(plugins?: readonly TPlugin[]);
+    init(options: StandardHandlerOptions<T>): void;
+}
 
 type StandardParams = Record<string, string>;
 type StandardMatchResult = {
@@ -31,9 +41,6 @@ type StandardHandleResult = {
     matched: false;
     response: undefined;
 };
-interface StandardHandlerPlugin<TContext extends Context> {
-    init?(options: StandardHandlerOptions<TContext>): void;
-}
 interface StandardHandlerInterceptorOptions<T extends Context> extends StandardHandleOptions<T> {
     request: StandardLazyRequest;
 }
@@ -42,16 +49,16 @@ interface StandardHandlerOptions<TContext extends Context> {
     /**
      * Interceptors at the request level, helpful when you want catch errors
      */
-    interceptors?: Interceptor<StandardHandlerInterceptorOptions<TContext>, StandardHandleResult, unknown>[];
+    interceptors?: Interceptor<StandardHandlerInterceptorOptions<TContext>, StandardHandleResult, ThrowableError>[];
     /**
      * Interceptors at the root level, helpful when you want override the request/response
      */
-    rootInterceptors?: Interceptor<StandardHandlerInterceptorOptions<TContext>, StandardHandleResult, unknown>[];
+    rootInterceptors?: Interceptor<StandardHandlerInterceptorOptions<TContext>, StandardHandleResult, ThrowableError>[];
     /**
      *
      * Interceptors for procedure client.
      */
-    clientInterceptors?: Interceptor<ProcedureClientInterceptorOptions<TContext, AnySchema, Record<never, never>, Meta>, InferSchemaOutput<AnySchema>, ErrorFromErrorMap<Record<never, never>>>[];
+    clientInterceptors?: Interceptor<ProcedureClientInterceptorOptions<TContext, Record<never, never>, Meta>, InferSchemaOutput<AnySchema>, ErrorFromErrorMap<Record<never, never>>>[];
 }
 declare class StandardHandler<T extends Context> {
     private readonly matcher;
@@ -63,4 +70,5 @@ declare class StandardHandler<T extends Context> {
     handle(request: StandardLazyRequest, options: StandardHandleOptions<T>): Promise<StandardHandleResult>;
 }
 
-export { type StandardHandleOptions as S, type StandardHandlerOptions as a, type StandardHandlerInterceptorOptions as b, type StandardHandlerPlugin as c, type StandardCodec as d, type StandardParams as e, type StandardMatcher as f, type StandardMatchResult as g, type StandardHandleResult as h, StandardHandler as i };
+export { CompositeStandardHandlerPlugin as C, StandardHandler as i };
+export type { StandardHandlerInterceptorOptions as S, StandardHandlerPlugin as a, StandardHandlerOptions as b, StandardCodec as c, StandardParams as d, StandardMatcher as e, StandardMatchResult as f, StandardHandleOptions as g, StandardHandleResult as h };

package/dist/shared/{server.D0YVcfZk.d.mts → server.BVHsfJ99.d.mts}

@@ -1,8 +1,8 @@
 import { ORPCErrorCode, ORPCErrorOptions, ORPCError, HTTPPath, ClientContext, Client } from '@orpc/client';
-import { MaybeOptionalOptions, Promisable, Interceptor, Value } from '@orpc/shared';
 import { ErrorMap, ErrorMapItem, InferSchemaInput, AnySchema, Meta, ContractProcedureDef, InferSchemaOutput, ErrorFromErrorMap, AnyContractRouter, ContractProcedure } from '@orpc/contract';
+import { MaybeOptionalOptions, Promisable, Interceptor, Value } from '@orpc/shared';
 
-type Context = Record<string, any>;
+type Context = Record<PropertyKey, any>;
 type MergedInitialContext<TInitial extends Context, TAdditional extends Context, TCurrent extends Context> = TInitial & Omit<TAdditional, keyof TCurrent>;
 type MergedCurrentContext<T extends Context, U extends Context> = Omit<T, keyof U> & U;
 declare function mergeCurrentContext<T extends Context, U extends Context>(context: T, other: U): MergedCurrentContext<T, U>;
@@ -97,9 +97,9 @@ interface MapInputMiddleware<TInput, TMappedInput> {
 declare function middlewareOutputFn<TOutput>(output: TOutput): MiddlewareResult<Record<never, never>, TOutput>;
 
 type ProcedureClient<TClientContext extends ClientContext, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap> = Client<TClientContext, InferSchemaInput<TInputSchema>, InferSchemaOutput<TOutputSchema>, ErrorFromErrorMap<TErrorMap>>;
-interface ProcedureClientInterceptorOptions<TInitialContext extends Context, TInputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta> {
+interface ProcedureClientInterceptorOptions<TInitialContext extends Context, TErrorMap extends ErrorMap, TMeta extends Meta> {
     context: TInitialContext;
-    input: InferSchemaInput<TInputSchema>;
+    input: unknown;
     errors: ORPCErrorConstructorMap<TErrorMap>;
     path: readonly string[];
     procedure: Procedure<Context, Context, AnySchema, AnySchema, ErrorMap, TMeta>;
@@ -109,18 +109,18 @@ interface ProcedureClientInterceptorOptions<TInitialContext extends Context, TIn
 /**
  * Options for creating a procedure caller with comprehensive type safety
  */
-type CreateProcedureClientOptions<TInitialContext extends Context, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext> = {
+type CreateProcedureClientOptions<TInitialContext extends Context, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext> = {
     /**
      * This is helpful for logging and analytics.
      */
     path?: readonly string[];
-    interceptors?: Interceptor<ProcedureClientInterceptorOptions<TInitialContext, TInputSchema, TErrorMap, TMeta>, InferSchemaOutput<TOutputSchema>, ErrorFromErrorMap<TErrorMap>>[];
+    interceptors?: Interceptor<ProcedureClientInterceptorOptions<TInitialContext, TErrorMap, TMeta>, InferSchemaOutput<TOutputSchema>, ErrorFromErrorMap<TErrorMap>>[];
 } & (Record<never, never> extends TInitialContext ? {
     context?: Value<TInitialContext, [clientContext: TClientContext]>;
 } : {
     context: Value<TInitialContext, [clientContext: TClientContext]>;
 });
-declare function createProcedureClient<TInitialContext extends Context, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext>(lazyableProcedure: Lazyable<Procedure<TInitialContext, any, TInputSchema, TOutputSchema, TErrorMap, TMeta>>, ...[options]: MaybeOptionalOptions<CreateProcedureClientOptions<TInitialContext, TInputSchema, TOutputSchema, TErrorMap, TMeta, TClientContext>>): ProcedureClient<TClientContext, TInputSchema, TOutputSchema, TErrorMap>;
+declare function createProcedureClient<TInitialContext extends Context, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext>(lazyableProcedure: Lazyable<Procedure<TInitialContext, any, TInputSchema, TOutputSchema, TErrorMap, TMeta>>, ...[options]: MaybeOptionalOptions<CreateProcedureClientOptions<TInitialContext, TOutputSchema, TErrorMap, TMeta, TClientContext>>): ProcedureClient<TClientContext, TInputSchema, TOutputSchema, TErrorMap>;
 
 type Router<T extends AnyContractRouter, TInitialContext extends Context> = T extends ContractProcedure<infer UInputSchema, infer UOutputSchema, infer UErrorMap, infer UMeta> ? Procedure<TInitialContext, any, UInputSchema, UOutputSchema, UErrorMap, UMeta> : {
     [K in keyof T]: T[K] extends AnyContractRouter ? Lazyable<Router<T[K], TInitialContext>> : never;
@@ -140,4 +140,5 @@ type InferRouterOutputs<T extends AnyRouter> = T extends Procedure<any, any, any
     [K in keyof T]: T[K] extends Lazyable<infer U extends AnyRouter> ? InferRouterOutputs<U> : never;
 };
 
-export { type AnyProcedure as A, middlewareOutputFn as B, type Context as C, type ProcedureHandlerOptions as D, type ProcedureDef as E, isProcedure as F, createProcedureClient as G, type InferRouterInitialContexts as H, type InferRouterInitialContext as I, type InferRouterCurrentContexts as J, type InferRouterInputs as K, type Lazyable as L, type Middleware as M, type InferRouterOutputs as N, type ORPCErrorConstructorMap as O, type ProcedureClientInterceptorOptions as P, type Router as R, type AnyRouter as a, Procedure as b, type MergedInitialContext as c, type MergedCurrentContext as d, type MapInputMiddleware as e, type CreateProcedureClientOptions as f, type ProcedureClient as g, type AnyMiddleware as h, type Lazy as i, type ProcedureHandler as j, type ORPCErrorConstructorMapItemOptions as k, type ORPCErrorConstructorMapItem as l, mergeCurrentContext as m, createORPCErrorConstructorMap as n, LAZY_SYMBOL as o, type LazyMeta as p, lazy as q, isLazy as r, getLazyMeta as s, type MiddlewareResult as t, unlazy as u, validateORPCError as v, type MiddlewareNextFnOptions as w, type MiddlewareNextFn as x, type MiddlewareOutputFn as y, type MiddlewareOptions as z };
+export { isProcedure as E, createProcedureClient as G, Procedure as P, createORPCErrorConstructorMap as l, mergeCurrentContext as m, LAZY_SYMBOL as n, lazy as p, isLazy as q, getLazyMeta as r, unlazy as u, validateORPCError as v, middlewareOutputFn as z };
+export type { AnyMiddleware as A, ProcedureHandlerOptions as B, Context as C, ProcedureDef as D, ProcedureClientInterceptorOptions as F, InferRouterInitialContexts as H, InferRouterInitialContext as I, InferRouterCurrentContexts as J, InferRouterInputs as K, Lazyable as L, Middleware as M, InferRouterOutputs as N, ORPCErrorConstructorMap as O, Router as R, MergedInitialContext as a, MergedCurrentContext as b, MapInputMiddleware as c, CreateProcedureClientOptions as d, ProcedureClient as e, AnyRouter as f, Lazy as g, AnyProcedure as h, ProcedureHandler as i, ORPCErrorConstructorMapItemOptions as j, ORPCErrorConstructorMapItem as k, LazyMeta as o, MiddlewareResult as s, MiddlewareNextFnOptions as t, MiddlewareNextFn as w, MiddlewareOutputFn as x, MiddlewareOptions as y };

package/dist/shared/{server.D0YVcfZk.d.ts → server.BVHsfJ99.d.ts}

@@ -1,8 +1,8 @@
 import { ORPCErrorCode, ORPCErrorOptions, ORPCError, HTTPPath, ClientContext, Client } from '@orpc/client';
-import { MaybeOptionalOptions, Promisable, Interceptor, Value } from '@orpc/shared';
 import { ErrorMap, ErrorMapItem, InferSchemaInput, AnySchema, Meta, ContractProcedureDef, InferSchemaOutput, ErrorFromErrorMap, AnyContractRouter, ContractProcedure } from '@orpc/contract';
+import { MaybeOptionalOptions, Promisable, Interceptor, Value } from '@orpc/shared';
 
-type Context = Record<string, any>;
+type Context = Record<PropertyKey, any>;
 type MergedInitialContext<TInitial extends Context, TAdditional extends Context, TCurrent extends Context> = TInitial & Omit<TAdditional, keyof TCurrent>;
 type MergedCurrentContext<T extends Context, U extends Context> = Omit<T, keyof U> & U;
 declare function mergeCurrentContext<T extends Context, U extends Context>(context: T, other: U): MergedCurrentContext<T, U>;
@@ -97,9 +97,9 @@ interface MapInputMiddleware<TInput, TMappedInput> {
 declare function middlewareOutputFn<TOutput>(output: TOutput): MiddlewareResult<Record<never, never>, TOutput>;
 
 type ProcedureClient<TClientContext extends ClientContext, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap> = Client<TClientContext, InferSchemaInput<TInputSchema>, InferSchemaOutput<TOutputSchema>, ErrorFromErrorMap<TErrorMap>>;
-interface ProcedureClientInterceptorOptions<TInitialContext extends Context, TInputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta> {
+interface ProcedureClientInterceptorOptions<TInitialContext extends Context, TErrorMap extends ErrorMap, TMeta extends Meta> {
     context: TInitialContext;
-    input: InferSchemaInput<TInputSchema>;
+    input: unknown;
     errors: ORPCErrorConstructorMap<TErrorMap>;
     path: readonly string[];
     procedure: Procedure<Context, Context, AnySchema, AnySchema, ErrorMap, TMeta>;
@@ -109,18 +109,18 @@ interface ProcedureClientInterceptorOptions<TInitialContext extends Context, TIn
 /**
  * Options for creating a procedure caller with comprehensive type safety
  */
-type CreateProcedureClientOptions<TInitialContext extends Context, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext> = {
+type CreateProcedureClientOptions<TInitialContext extends Context, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext> = {
     /**
      * This is helpful for logging and analytics.
      */
     path?: readonly string[];
-    interceptors?: Interceptor<ProcedureClientInterceptorOptions<TInitialContext, TInputSchema, TErrorMap, TMeta>, InferSchemaOutput<TOutputSchema>, ErrorFromErrorMap<TErrorMap>>[];
+    interceptors?: Interceptor<ProcedureClientInterceptorOptions<TInitialContext, TErrorMap, TMeta>, InferSchemaOutput<TOutputSchema>, ErrorFromErrorMap<TErrorMap>>[];
 } & (Record<never, never> extends TInitialContext ? {
     context?: Value<TInitialContext, [clientContext: TClientContext]>;
 } : {
     context: Value<TInitialContext, [clientContext: TClientContext]>;
 });
-declare function createProcedureClient<TInitialContext extends Context, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext>(lazyableProcedure: Lazyable<Procedure<TInitialContext, any, TInputSchema, TOutputSchema, TErrorMap, TMeta>>, ...[options]: MaybeOptionalOptions<CreateProcedureClientOptions<TInitialContext, TInputSchema, TOutputSchema, TErrorMap, TMeta, TClientContext>>): ProcedureClient<TClientContext, TInputSchema, TOutputSchema, TErrorMap>;
+declare function createProcedureClient<TInitialContext extends Context, TInputSchema extends AnySchema, TOutputSchema extends AnySchema, TErrorMap extends ErrorMap, TMeta extends Meta, TClientContext extends ClientContext>(lazyableProcedure: Lazyable<Procedure<TInitialContext, any, TInputSchema, TOutputSchema, TErrorMap, TMeta>>, ...[options]: MaybeOptionalOptions<CreateProcedureClientOptions<TInitialContext, TOutputSchema, TErrorMap, TMeta, TClientContext>>): ProcedureClient<TClientContext, TInputSchema, TOutputSchema, TErrorMap>;
 
 type Router<T extends AnyContractRouter, TInitialContext extends Context> = T extends ContractProcedure<infer UInputSchema, infer UOutputSchema, infer UErrorMap, infer UMeta> ? Procedure<TInitialContext, any, UInputSchema, UOutputSchema, UErrorMap, UMeta> : {
     [K in keyof T]: T[K] extends AnyContractRouter ? Lazyable<Router<T[K], TInitialContext>> : never;
@@ -140,4 +140,5 @@ type InferRouterOutputs<T extends AnyRouter> = T extends Procedure<any, any, any
     [K in keyof T]: T[K] extends Lazyable<infer U extends AnyRouter> ? InferRouterOutputs<U> : never;
 };
 
-export { type AnyProcedure as A, middlewareOutputFn as B, type Context as C, type ProcedureHandlerOptions as D, type ProcedureDef as E, isProcedure as F, createProcedureClient as G, type InferRouterInitialContexts as H, type InferRouterInitialContext as I, type InferRouterCurrentContexts as J, type InferRouterInputs as K, type Lazyable as L, type Middleware as M, type InferRouterOutputs as N, type ORPCErrorConstructorMap as O, type ProcedureClientInterceptorOptions as P, type Router as R, type AnyRouter as a, Procedure as b, type MergedInitialContext as c, type MergedCurrentContext as d, type MapInputMiddleware as e, type CreateProcedureClientOptions as f, type ProcedureClient as g, type AnyMiddleware as h, type Lazy as i, type ProcedureHandler as j, type ORPCErrorConstructorMapItemOptions as k, type ORPCErrorConstructorMapItem as l, mergeCurrentContext as m, createORPCErrorConstructorMap as n, LAZY_SYMBOL as o, type LazyMeta as p, lazy as q, isLazy as r, getLazyMeta as s, type MiddlewareResult as t, unlazy as u, validateORPCError as v, type MiddlewareNextFnOptions as w, type MiddlewareNextFn as x, type MiddlewareOutputFn as y, type MiddlewareOptions as z };
+export { isProcedure as E, createProcedureClient as G, Procedure as P, createORPCErrorConstructorMap as l, mergeCurrentContext as m, LAZY_SYMBOL as n, lazy as p, isLazy as q, getLazyMeta as r, unlazy as u, validateORPCError as v, middlewareOutputFn as z };
+export type { AnyMiddleware as A, ProcedureHandlerOptions as B, Context as C, ProcedureDef as D, ProcedureClientInterceptorOptions as F, InferRouterInitialContexts as H, InferRouterInitialContext as I, InferRouterCurrentContexts as J, InferRouterInputs as K, Lazyable as L, Middleware as M, InferRouterOutputs as N, ORPCErrorConstructorMap as O, Router as R, MergedInitialContext as a, MergedCurrentContext as b, MapInputMiddleware as c, CreateProcedureClientOptions as d, ProcedureClient as e, AnyRouter as f, Lazy as g, AnyProcedure as h, ProcedureHandler as i, ORPCErrorConstructorMapItemOptions as j, ORPCErrorConstructorMapItem as k, LazyMeta as o, MiddlewareResult as s, MiddlewareNextFnOptions as t, MiddlewareNextFn as w, MiddlewareOutputFn as x, MiddlewareOptions as y };

package/dist/shared/server.BW-nUGgA.mjs

@@ -0,0 +1,36 @@
+import { ORPCError, fallbackContractConfig } from '@orpc/contract';
+
+const STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL = Symbol("STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT");
+class StrictGetMethodPlugin {
+  error;
+  order = 7e6;
+  constructor(options = {}) {
+    this.error = options.error ?? new ORPCError("METHOD_NOT_SUPPORTED");
+  }
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.clientInterceptors ??= [];
+    options.rootInterceptors.unshift((options2) => {
+      const isGetMethod = options2.request.method === "GET";
+      return options2.next({
+        ...options2,
+        context: {
+          ...options2.context,
+          [STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL]: isGetMethod
+        }
+      });
+    });
+    options.clientInterceptors.unshift((options2) => {
+      if (typeof options2.context[STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL] !== "boolean") {
+        throw new TypeError("[StrictGetMethodPlugin] strict GET method context has been corrupted or modified by another plugin or interceptor");
+      }
+      const procedureMethod = fallbackContractConfig("defaultMethod", options2.procedure["~orpc"].route.method);
+      if (options2.context[STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL] && procedureMethod !== "GET") {
+        throw this.error;
+      }
+      return options2.next();
+    });
+  }
+}
+
+export { StrictGetMethodPlugin as S };

package/dist/shared/server.BuLPHTX1.d.mts

@@ -0,0 +1,18 @@
+import { StandardRPCJsonSerializerOptions } from '@orpc/client/standard';
+import { C as Context, R as Router } from './server.BVHsfJ99.mjs';
+import { b as StandardHandlerOptions, i as StandardHandler } from './server.B1oIHH_j.mjs';
+
+interface StandardRPCHandlerOptions<T extends Context> extends StandardHandlerOptions<T>, StandardRPCJsonSerializerOptions {
+    /**
+     * Enables or disables the StrictGetMethodPlugin.
+     *
+     * @default true
+     */
+    strictGetMethodPluginEnabled?: boolean;
+}
+declare class StandardRPCHandler<T extends Context> extends StandardHandler<T> {
+    constructor(router: Router<any, T>, options: StandardRPCHandlerOptions<T>);
+}
+
+export { StandardRPCHandler as a };
+export type { StandardRPCHandlerOptions as S };