@orpc/server 0.0.0-next.c0dd7cd → 0.0.0-next.c287818

package/dist/index.mjs

@@ -1,7 +1,8 @@
 import { mergeErrorMap, mergeMeta, mergeRoute, mergePrefix, mergeTags, isContractProcedure, getContractRouter } from '@orpc/contract';
 export { ValidationError, eventIterator, type } from '@orpc/contract';
-import { P as Procedure, d as addMiddleware, c as createProcedureClient, e as enhanceRouter, l as lazy, s as setHiddenRouterContract, i as isProcedure, f as isLazy, h as createAssertedLazyProcedure, g as getRouter } from './shared/server.BtxZnWJ9.mjs';
-export { L as LAZY_SYMBOL, q as call, w as createAccessibleLazyRouter, b as createContractedProcedure, j as createORPCErrorConstructorMap, r as getHiddenRouterContract, k as getLazyMeta, o as isStartWithMiddlewares, m as mergeCurrentContext, p as mergeMiddlewares, n as middlewareOutputFn, x as resolveContractProcedures, a as toHttpPath, t as traverseContractProcedures, u as unlazy, y as unlazyRouter, v as validateORPCError } from './shared/server.BtxZnWJ9.mjs';
+import { P as Procedure, b as addMiddleware, c as createProcedureClient, e as enhanceRouter, l as lazy, s as setHiddenRouterContract, i as isProcedure, d as isLazy, f as createAssertedLazyProcedure, g as getRouter } from './shared/server.C37gDhSZ.mjs';
+export { L as LAZY_SYMBOL, p as call, r as createAccessibleLazyRouter, a as createContractedProcedure, h as createORPCErrorConstructorMap, q as getHiddenRouterContract, j as getLazyMeta, n as isStartWithMiddlewares, m as mergeCurrentContext, o as mergeMiddlewares, k as middlewareOutputFn, w as resolveContractProcedures, t as traverseContractProcedures, u as unlazy, x as unlazyRouter, v as validateORPCError } from './shared/server.C37gDhSZ.mjs';
+import { toORPCError } from '@orpc/client';
 export { ORPCError, isDefinedError, safe } from '@orpc/client';
 export { onError, onFinish, onStart, onSuccess } from '@orpc/shared';
 export { getEventMeta, withEventMeta } from '@orpc/standard-server';
@@ -44,6 +45,17 @@ function decorateMiddleware(middleware) {
   return decorated;
 }
 
+function createActionableClient(client) {
+  const action = async (input) => {
+    try {
+      return [null, await client(input)];
+    } catch (error) {
+      return [toORPCError(error).toJSON(), void 0];
+    }
+  };
+  return action;
+}
+
 class DecoratedProcedure extends Procedure {
   errors(errors) {
     return new DecoratedProcedure({
@@ -74,7 +86,8 @@ class DecoratedProcedure extends Procedure {
    * Make this procedure callable (works like a function while still being a procedure).
    */
   callable(...rest) {
-    return new Proxy(createProcedureClient(this, ...rest), {
+    const client = createProcedureClient(this, ...rest);
+    return new Proxy(client, {
       get: (target, key) => {
         return Reflect.has(this, key) ? Reflect.get(this, key) : Reflect.get(target, key);
       },
@@ -84,10 +97,18 @@ class DecoratedProcedure extends Procedure {
     });
   }
   /**
-   * Make this procedure compatible with server action (the same as .callable, but the type is compatible with server action).
+   * Make this procedure compatible with server action.
    */
   actionable(...rest) {
-    return this.callable(...rest);
+    const action = createActionableClient(createProcedureClient(this, ...rest));
+    return new Proxy(action, {
+      get: (target, key) => {
+        return Reflect.has(this, key) ? Reflect.get(this, key) : Reflect.get(target, key);
+      },
+      has: (target, key) => {
+        return Reflect.has(this, key) || Reflect.has(target, key);
+      }
+    });
   }
 }
 
@@ -315,12 +336,12 @@ function implement(contract, config = {}) {
   return impl;
 }
 
-function createRouterClient(router, ...[options]) {
+function createRouterClient(router, ...rest) {
   if (isProcedure(router)) {
-    const caller = createProcedureClient(router, options);
+    const caller = createProcedureClient(router, ...rest);
     return caller;
   }
-  const procedureCaller = isLazy(router) ? createProcedureClient(createAssertedLazyProcedure(router), options) : {};
+  const procedureCaller = isLazy(router) ? createProcedureClient(createAssertedLazyProcedure(router), ...rest) : {};
   const recursive = new Proxy(procedureCaller, {
     get(target, key) {
       if (typeof key !== "string") {
@@ -331,12 +352,12 @@ function createRouterClient(router, ...[options]) {
         return Reflect.get(target, key);
       }
       return createRouterClient(next, {
-        ...options,
-        path: [...options?.path ?? [], key]
+        ...rest[0],
+        path: [...rest[0]?.path ?? [], key]
       });
     }
   });
   return recursive;
 }
 
-export { Builder, DecoratedProcedure, Procedure, addMiddleware, createAssertedLazyProcedure, createProcedureClient, createRouterClient, decorateMiddleware, enhanceRouter, fallbackConfig, getRouter, implement, implementerInternal, isLazy, isProcedure, lazy, os, setHiddenRouterContract };
+export { Builder, DecoratedProcedure, Procedure, addMiddleware, createActionableClient, createAssertedLazyProcedure, createProcedureClient, createRouterClient, decorateMiddleware, enhanceRouter, fallbackConfig, getRouter, implement, implementerInternal, isLazy, isProcedure, lazy, os, setHiddenRouterContract };

package/dist/plugins/index.d.mts

@@ -1,31 +1,124 @@
-import { b as StandardHandlerInterceptorOptions, H as HandlerPlugin, a as StandardHandlerOptions } from '../shared/server.P4_D9lKb.mjs';
-export { C as CompositeHandlerPlugin } from '../shared/server.P4_D9lKb.mjs';
 import { Value } from '@orpc/shared';
-import { C as Context } from '../shared/server.MZvbGc3n.mjs';
-import '@orpc/contract';
-import '@orpc/standard-server';
-import '@orpc/client';
+import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
+import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
+import { h as StandardHandlerInterceptorOptions, i as StandardHandlerPlugin, a as StandardHandlerOptions } from '../shared/server.DOYDVeMX.mjs';
+import { C as Context, P as ProcedureClientInterceptorOptions } from '../shared/server.DLt5njUb.mjs';
+import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
+import { ORPCError } from '@orpc/client';
 
-interface CORSOptions<TContext extends Context> {
-    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
-    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
+interface BatchHandlerOptions<T extends Context> {
+    /**
+     * The max size of the batch allowed.
+     *
+     * @default 10
+     */
+    maxSize?: Value<number, [StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Map the request before processing it.
+     *
+     * @default merged back batch request headers into the request
+     */
+    mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
+    /**
+     * Success batch response status code.
+     *
+     * @default 207
+     */
+    successStatus?: Value<number, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * success batch response headers.
+     *
+     * @default {}
+     */
+    headers?: Value<StandardHeaders, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+}
+declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly maxSize;
+    private readonly mapRequestItem;
+    private readonly successStatus;
+    private readonly headers;
+    order: number;
+    constructor(options?: BatchHandlerOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface CORSOptions<T extends Context> {
+    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
+    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
     allowMethods?: readonly string[];
     allowHeaders?: readonly string[];
     maxAge?: number;
     credentials?: boolean;
     exposeHeaders?: readonly string[];
 }
-declare class CORSPlugin<TContext extends Context> implements HandlerPlugin<TContext> {
+declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
     private readonly options;
-    constructor(options?: CORSOptions<TContext>);
-    init(options: StandardHandlerOptions<TContext>): void;
+    order: number;
+    constructor(options?: CORSOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
 interface ResponseHeadersPluginContext {
     resHeaders?: Headers;
 }
-declare class ResponseHeadersPlugin<TContext extends ResponseHeadersPluginContext & Context> implements HandlerPlugin<TContext> {
-    init(options: StandardHandlerOptions<TContext>): void;
+declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> implements StandardHandlerPlugin<T> {
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
+    /**
+     * The name of the header to check.
+     *
+     * @default 'x-csrf-token'
+     */
+    headerName?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * The value of the header to check.
+     *
+     * @default 'orpc'
+     *
+     */
+    headerValue?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Exclude a procedure from the plugin.
+     *
+     * @default false
+     *
+     */
+    exclude?: Value<boolean, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
+    /**
+     * The error thrown when the CSRF token is invalid.
+     *
+     * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
+     *   status: 403,
+     *   message: 'Invalid CSRF token',
+     * })
+     */
+    error?: InstanceType<typeof ORPCError>;
+}
+declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly headerName;
+    private readonly headerValue;
+    private readonly exclude;
+    private readonly error;
+    constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
+    order: number;
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface StrictGetMethodPluginOptions {
+    /**
+     * The error thrown when a GET request is made to a procedure that doesn't allow GET.
+     *
+     * @default new ORPCError('METHOD_NOT_SUPPORTED')
+     */
+    error?: InstanceType<typeof ORPCError$1>;
+}
+declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly error;
+    order: number;
+    constructor(options?: StrictGetMethodPluginOptions);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
-export { type CORSOptions, CORSPlugin, HandlerPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext };
+export { type BatchHandlerOptions, BatchHandlerPlugin, type CORSOptions, CORSPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPlugin, type SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPlugin, type StrictGetMethodPluginOptions };

package/dist/plugins/index.d.ts

@@ -1,31 +1,124 @@
-import { b as StandardHandlerInterceptorOptions, H as HandlerPlugin, a as StandardHandlerOptions } from '../shared/server.CPqNKiJp.js';
-export { C as CompositeHandlerPlugin } from '../shared/server.CPqNKiJp.js';
 import { Value } from '@orpc/shared';
-import { C as Context } from '../shared/server.MZvbGc3n.js';
-import '@orpc/contract';
-import '@orpc/standard-server';
-import '@orpc/client';
+import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
+import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
+import { h as StandardHandlerInterceptorOptions, i as StandardHandlerPlugin, a as StandardHandlerOptions } from '../shared/server.DFFT_EZo.js';
+import { C as Context, P as ProcedureClientInterceptorOptions } from '../shared/server.DLt5njUb.js';
+import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
+import { ORPCError } from '@orpc/client';
 
-interface CORSOptions<TContext extends Context> {
-    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
-    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<TContext>]>;
+interface BatchHandlerOptions<T extends Context> {
+    /**
+     * The max size of the batch allowed.
+     *
+     * @default 10
+     */
+    maxSize?: Value<number, [StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Map the request before processing it.
+     *
+     * @default merged back batch request headers into the request
+     */
+    mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
+    /**
+     * Success batch response status code.
+     *
+     * @default 207
+     */
+    successStatus?: Value<number, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * success batch response headers.
+     *
+     * @default {}
+     */
+    headers?: Value<StandardHeaders, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
+}
+declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly maxSize;
+    private readonly mapRequestItem;
+    private readonly successStatus;
+    private readonly headers;
+    order: number;
+    constructor(options?: BatchHandlerOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface CORSOptions<T extends Context> {
+    origin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
+    timingOrigin?: Value<string | readonly string[] | null | undefined, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
     allowMethods?: readonly string[];
     allowHeaders?: readonly string[];
     maxAge?: number;
     credentials?: boolean;
     exposeHeaders?: readonly string[];
 }
-declare class CORSPlugin<TContext extends Context> implements HandlerPlugin<TContext> {
+declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
     private readonly options;
-    constructor(options?: CORSOptions<TContext>);
-    init(options: StandardHandlerOptions<TContext>): void;
+    order: number;
+    constructor(options?: CORSOptions<T>);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
 interface ResponseHeadersPluginContext {
     resHeaders?: Headers;
 }
-declare class ResponseHeadersPlugin<TContext extends ResponseHeadersPluginContext & Context> implements HandlerPlugin<TContext> {
-    init(options: StandardHandlerOptions<TContext>): void;
+declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> implements StandardHandlerPlugin<T> {
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
+    /**
+     * The name of the header to check.
+     *
+     * @default 'x-csrf-token'
+     */
+    headerName?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * The value of the header to check.
+     *
+     * @default 'orpc'
+     *
+     */
+    headerValue?: Value<string, [options: StandardHandlerInterceptorOptions<T>]>;
+    /**
+     * Exclude a procedure from the plugin.
+     *
+     * @default false
+     *
+     */
+    exclude?: Value<boolean, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
+    /**
+     * The error thrown when the CSRF token is invalid.
+     *
+     * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
+     *   status: 403,
+     *   message: 'Invalid CSRF token',
+     * })
+     */
+    error?: InstanceType<typeof ORPCError>;
+}
+declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly headerName;
+    private readonly headerValue;
+    private readonly exclude;
+    private readonly error;
+    constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
+    order: number;
+    init(options: StandardHandlerOptions<T>): void;
+}
+
+interface StrictGetMethodPluginOptions {
+    /**
+     * The error thrown when a GET request is made to a procedure that doesn't allow GET.
+     *
+     * @default new ORPCError('METHOD_NOT_SUPPORTED')
+     */
+    error?: InstanceType<typeof ORPCError$1>;
+}
+declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
+    private readonly error;
+    order: number;
+    constructor(options?: StrictGetMethodPluginOptions);
+    init(options: StandardHandlerOptions<T>): void;
 }
 
-export { type CORSOptions, CORSPlugin, HandlerPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext };
+export { type BatchHandlerOptions, BatchHandlerPlugin, type CORSOptions, CORSPlugin, ResponseHeadersPlugin, type ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPlugin, type SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPlugin, type StrictGetMethodPluginOptions };

package/dist/plugins/index.mjs

@@ -1,8 +1,109 @@
-export { C as CompositeHandlerPlugin } from '../shared/server.Dba3Iiyp.mjs';
-import { value } from '@orpc/shared';
+import { value, isAsyncIteratorObject } from '@orpc/shared';
+import { parseBatchRequest, toBatchResponse } from '@orpc/standard-server/batch';
+import { ORPCError } from '@orpc/client';
+export { S as StrictGetMethodPlugin } from '../shared/server.BW-nUGgA.mjs';
+import '@orpc/contract';
+
+class BatchHandlerPlugin {
+  maxSize;
+  mapRequestItem;
+  successStatus;
+  headers;
+  order = 5e6;
+  constructor(options = {}) {
+    this.maxSize = options.maxSize ?? 10;
+    this.mapRequestItem = options.mapRequestItem ?? ((request, { request: batchRequest }) => ({
+      ...request,
+      headers: {
+        ...batchRequest.headers,
+        ...request.headers
+      }
+    }));
+    this.successStatus = options.successStatus ?? 207;
+    this.headers = options.headers ?? {};
+  }
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      if (options2.request.headers["x-orpc-batch"] !== "1") {
+        return options2.next();
+      }
+      let isParsing = false;
+      try {
+        isParsing = true;
+        const parsed = parseBatchRequest({ ...options2.request, body: await options2.request.body() });
+        isParsing = false;
+        const maxSize = await value(this.maxSize, options2);
+        if (parsed.length > maxSize) {
+          return {
+            matched: true,
+            response: {
+              status: 413,
+              headers: {},
+              body: "Batch request size exceeds the maximum allowed size"
+            }
+          };
+        }
+        const responses = parsed.map(
+          (request, index) => {
+            const mapped = this.mapRequestItem(request, options2);
+            return options2.next({ ...options2, request: { ...mapped, body: () => Promise.resolve(mapped.body) } }).then(({ response: response2, matched }) => {
+              if (matched) {
+                if (response2.body instanceof Blob || response2.body instanceof FormData || isAsyncIteratorObject(response2.body)) {
+                  return {
+                    index,
+                    status: 500,
+                    headers: {},
+                    body: "Batch responses do not support file/blob, or event-iterator. Please call this procedure separately outside of the batch request."
+                  };
+                }
+                return { ...response2, index };
+              }
+              return { index, status: 404, headers: {}, body: "No procedure matched" };
+            }).catch(() => {
+              return { index, status: 500, headers: {}, body: "Internal server error" };
+            });
+          }
+        );
+        await Promise.race(responses);
+        const status = await value(this.successStatus, responses, options2);
+        const headers = await value(this.headers, responses, options2);
+        const response = toBatchResponse({
+          status,
+          headers,
+          body: async function* () {
+            const promises = [...responses];
+            while (true) {
+              const handling = promises.filter((p) => p !== void 0);
+              if (handling.length === 0) {
+                return;
+              }
+              const result = await Promise.race(handling);
+              promises[result.index] = void 0;
+              yield result;
+            }
+          }()
+        });
+        return {
+          matched: true,
+          response
+        };
+      } catch (cause) {
+        if (isParsing) {
+          return {
+            matched: true,
+            response: { status: 400, headers: {}, body: "Invalid batch request, this could be caused by a malformed request body or a missing header" }
+          };
+        }
+        throw cause;
+      }
+    });
+  }
+}
 
 class CORSPlugin {
   options;
+  order = 9e6;
   constructor(options = {}) {
     const defaults = {
       origin: (origin) => origin,
@@ -79,14 +180,19 @@ class ResponseHeadersPlugin {
   init(options) {
     options.rootInterceptors ??= [];
     options.rootInterceptors.push(async (interceptorOptions) => {
-      const headers = new Headers();
-      interceptorOptions.context.resHeaders = headers;
-      const result = await interceptorOptions.next();
+      const resHeaders = interceptorOptions.context.resHeaders ?? new Headers();
+      const result = await interceptorOptions.next({
+        ...interceptorOptions,
+        context: {
+          ...interceptorOptions.context,
+          resHeaders
+        }
+      });
       if (!result.matched) {
         return result;
       }
       const responseHeaders = result.response.headers;
-      for (const [key, value] of headers) {
+      for (const [key, value] of resHeaders) {
         if (Array.isArray(responseHeaders[key])) {
           responseHeaders[key].push(value);
         } else if (responseHeaders[key] !== void 0) {
@@ -100,4 +206,47 @@ class ResponseHeadersPlugin {
   }
 }
 
-export { CORSPlugin, ResponseHeadersPlugin };
+const SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL = Symbol("SIMPLE_CSRF_PROTECTION_CONTEXT");
+class SimpleCsrfProtectionHandlerPlugin {
+  headerName;
+  headerValue;
+  exclude;
+  error;
+  constructor(options = {}) {
+    this.headerName = options.headerName ?? "x-csrf-token";
+    this.headerValue = options.headerValue ?? "orpc";
+    this.exclude = options.exclude ?? false;
+    this.error = options.error ?? new ORPCError("CSRF_TOKEN_MISMATCH", {
+      status: 403,
+      message: "Invalid CSRF token"
+    });
+  }
+  order = 8e6;
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.clientInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      const headerName = await value(this.headerName, options2);
+      const headerValue = await value(this.headerValue, options2);
+      return options2.next({
+        ...options2,
+        context: {
+          ...options2.context,
+          [SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]: options2.request.headers[headerName] === headerValue
+        }
+      });
+    });
+    options.clientInterceptors.unshift(async (options2) => {
+      if (typeof options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL] !== "boolean") {
+        throw new TypeError("[SimpleCsrfProtectionHandlerPlugin] CSRF protection context has been corrupted or modified by another plugin or interceptor");
+      }
+      const excluded = await value(this.exclude, options2);
+      if (!excluded && !options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]) {
+        throw this.error;
+      }
+      return options2.next();
+    });
+  }
+}
+
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin };

package/dist/shared/server.BVwwTHyO.mjs

@@ -0,0 +1,9 @@
+function resolveFriendlyStandardHandleOptions(options) {
+  return {
+    ...options,
+    context: options?.context ?? {}
+    // Context only optional if all fields are optional
+  };
+}
+
+export { resolveFriendlyStandardHandleOptions as r };

package/dist/shared/server.BW-nUGgA.mjs

@@ -0,0 +1,36 @@
+import { ORPCError, fallbackContractConfig } from '@orpc/contract';
+
+const STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL = Symbol("STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT");
+class StrictGetMethodPlugin {
+  error;
+  order = 7e6;
+  constructor(options = {}) {
+    this.error = options.error ?? new ORPCError("METHOD_NOT_SUPPORTED");
+  }
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.clientInterceptors ??= [];
+    options.rootInterceptors.unshift((options2) => {
+      const isGetMethod = options2.request.method === "GET";
+      return options2.next({
+        ...options2,
+        context: {
+          ...options2.context,
+          [STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL]: isGetMethod
+        }
+      });
+    });
+    options.clientInterceptors.unshift((options2) => {
+      if (typeof options2.context[STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL] !== "boolean") {
+        throw new TypeError("[StrictGetMethodPlugin] strict GET method context has been corrupted or modified by another plugin or interceptor");
+      }
+      const procedureMethod = fallbackContractConfig("defaultMethod", options2.procedure["~orpc"].route.method);
+      if (options2.context[STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL] && procedureMethod !== "GET") {
+        throw this.error;
+      }
+      return options2.next();
+    });
+  }
+}
+
+export { StrictGetMethodPlugin as S };