npm - @orpc/server - Versions diffs - 0.0.0-next.cd121e3 → 0.0.0-next.cf06e99 - Mend

@orpc/server 0.0.0-next.cd121e3 → 0.0.0-next.cf06e99

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (44) hide show

package/README.md +14 -1
package/dist/adapters/fetch/index.d.mts +42 -11
package/dist/adapters/fetch/index.d.ts +42 -11
package/dist/adapters/fetch/index.mjs +103 -7
package/dist/adapters/node/index.d.mts +44 -22
package/dist/adapters/node/index.d.ts +44 -22
package/dist/adapters/node/index.mjs +82 -20
package/dist/adapters/standard/index.d.mts +14 -17
package/dist/adapters/standard/index.d.ts +14 -17
package/dist/adapters/standard/index.mjs +6 -5
package/dist/index.d.mts +160 -122
package/dist/index.d.ts +160 -122
package/dist/index.mjs +78 -48
package/dist/plugins/index.d.mts +111 -18
package/dist/plugins/index.d.ts +111 -18
package/dist/plugins/index.mjs +157 -8
package/dist/shared/server.B5yVxwZh.d.mts +17 -0
package/dist/shared/server.BVwwTHyO.mjs +9 -0
package/dist/shared/server.BW-nUGgA.mjs +36 -0
package/dist/shared/server.By38lRwX.d.ts +17 -0
package/dist/shared/{server.V6zT5iYQ.mjs → server.C37gDhSZ.mjs} +158 -173
package/dist/shared/server.ClO23hLW.d.mts +73 -0
package/dist/shared/server.Cqam9L0P.d.mts +10 -0
package/dist/shared/server.CuXY46Yy.d.ts +10 -0
package/dist/shared/server.DFuJLDuo.mjs +190 -0
package/dist/shared/server.DQJX4Gnf.d.mts +143 -0
package/dist/shared/server.DQJX4Gnf.d.ts +143 -0
package/dist/shared/server.DsVSuKTu.d.ts +73 -0
package/package.json +8 -22
package/dist/adapters/hono/index.d.mts +0 -20
package/dist/adapters/hono/index.d.ts +0 -20
package/dist/adapters/hono/index.mjs +0 -32
package/dist/adapters/next/index.d.mts +0 -27
package/dist/adapters/next/index.d.ts +0 -27
package/dist/adapters/next/index.mjs +0 -29
package/dist/shared/server.BBGuTxHE.mjs +0 -163
package/dist/shared/server.BqEaivV1.d.ts +0 -9
package/dist/shared/server.CHpDfeOK.d.mts +0 -77
package/dist/shared/server.CI7U5gRZ.d.mts +0 -152
package/dist/shared/server.CI7U5gRZ.d.ts +0 -152
package/dist/shared/server.CUE4Aija.mjs +0 -24
package/dist/shared/server.DSZ2XY8G.d.ts +0 -77
package/dist/shared/server.MnOqRlBp.d.mts +0 -9
package/dist/shared/server.Q6ZmnTgO.mjs +0 -12

package/dist/plugins/index.mjs CHANGED Viewed

@@ -1,9 +1,110 @@
-export { C as CompositePlugin } from '../shared/server.Q6ZmnTgO.mjs';
-import { value } from '@orpc/shared';
+import { value, isAsyncIteratorObject } from '@orpc/shared';
+import { parseBatchRequest, toBatchResponse } from '@orpc/standard-server/batch';
+import { ORPCError } from '@orpc/client';
+export { S as StrictGetMethodPlugin } from '../shared/server.BW-nUGgA.mjs';
+import '@orpc/contract';
+class BatchHandlerPlugin {
+  maxSize;
+  mapRequestItem;
+  successStatus;
+  headers;
+  order = 5e6;
+  constructor(options = {}) {
+    this.maxSize = options.maxSize ?? 10;
+    this.mapRequestItem = options.mapRequestItem ?? ((request, { request: batchRequest }) => ({
+      ...request,
+      headers: {
+        ...batchRequest.headers,
+        ...request.headers
+      }
+    }));
+    this.successStatus = options.successStatus ?? 207;
+    this.headers = options.headers ?? {};
+  }
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      if (options2.request.headers["x-orpc-batch"] !== "1") {
+        return options2.next();
+      }
+      let isParsing = false;
+      try {
+        isParsing = true;
+        const parsed = parseBatchRequest({ ...options2.request, body: await options2.request.body() });
+        isParsing = false;
+        const maxSize = await value(this.maxSize, options2);
+        if (parsed.length > maxSize) {
+          return {
+            matched: true,
+            response: {
+              status: 413,
+              headers: {},
+              body: "Batch request size exceeds the maximum allowed size"
+            }
+          };
+        }
+        const responses = parsed.map(
+          (request, index) => {
+            const mapped = this.mapRequestItem(request, options2);
+            return options2.next({ ...options2, request: { ...mapped, body: () => Promise.resolve(mapped.body) } }).then(({ response: response2, matched }) => {
+              if (matched) {
+                if (response2.body instanceof Blob || response2.body instanceof FormData || isAsyncIteratorObject(response2.body)) {
+                  return {
+                    index,
+                    status: 500,
+                    headers: {},
+                    body: "Batch responses do not support file/blob, or event-iterator. Please call this procedure separately outside of the batch request."
+                  };
+                }
+                return { ...response2, index };
+              }
+              return { index, status: 404, headers: {}, body: "No procedure matched" };
+            }).catch(() => {
+              return { index, status: 500, headers: {}, body: "Internal server error" };
+            });
+          }
+        );
+        await Promise.race(responses);
+        const status = await value(this.successStatus, responses, options2);
+        const headers = await value(this.headers, responses, options2);
+        const response = toBatchResponse({
+          status,
+          headers,
+          body: async function* () {
+            const promises = [...responses];
+            while (true) {
+              const handling = promises.filter((p) => p !== void 0);
+              if (handling.length === 0) {
+                return;
+              }
+              const result = await Promise.race(handling);
+              promises[result.index] = void 0;
+              yield result;
+            }
+          }()
+        });
+        return {
+          matched: true,
+          response
+        };
+      } catch (cause) {
+        if (isParsing) {
+          return {
+            matched: true,
+            response: { status: 400, headers: {}, body: "Invalid batch request, this could be caused by a malformed request body or a missing header" }
+          };
+        }
+        throw cause;
+      }
+    });
+  }
+}
 class CORSPlugin {
   options;
-  constructor(options) {
+  order = 9e6;
+  constructor(options = {}) {
     const defaults = {
       origin: (origin) => origin,
       allowMethods: ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"]
@@ -79,14 +180,19 @@ class ResponseHeadersPlugin {
   init(options) {
     options.rootInterceptors ??= [];
     options.rootInterceptors.push(async (interceptorOptions) => {
-      const headers = new Headers();
-      interceptorOptions.context.resHeaders = headers;
-      const result = await interceptorOptions.next();
+      const resHeaders = interceptorOptions.context.resHeaders ?? new Headers();
+      const result = await interceptorOptions.next({
+        ...interceptorOptions,
+        context: {
+          ...interceptorOptions.context,
+          resHeaders
+        }
+      });
       if (!result.matched) {
         return result;
       }
       const responseHeaders = result.response.headers;
-      for (const [key, value] of headers) {
+      for (const [key, value] of resHeaders) {
         if (Array.isArray(responseHeaders[key])) {
           responseHeaders[key].push(value);
         } else if (responseHeaders[key] !== void 0) {
@@ -100,4 +206,47 @@ class ResponseHeadersPlugin {
   }
 }
-export { CORSPlugin, ResponseHeadersPlugin };
+const SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL = Symbol("SIMPLE_CSRF_PROTECTION_CONTEXT");
+class SimpleCsrfProtectionHandlerPlugin {
+  headerName;
+  headerValue;
+  exclude;
+  error;
+  constructor(options = {}) {
+    this.headerName = options.headerName ?? "x-csrf-token";
+    this.headerValue = options.headerValue ?? "orpc";
+    this.exclude = options.exclude ?? false;
+    this.error = options.error ?? new ORPCError("CSRF_TOKEN_MISMATCH", {
+      status: 403,
+      message: "Invalid CSRF token"
+    });
+  }
+  order = 8e6;
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.clientInterceptors ??= [];
+    options.rootInterceptors.unshift(async (options2) => {
+      const headerName = await value(this.headerName, options2);
+      const headerValue = await value(this.headerValue, options2);
+      return options2.next({
+        ...options2,
+        context: {
+          ...options2.context,
+          [SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]: options2.request.headers[headerName] === headerValue
+        }
+      });
+    });
+    options.clientInterceptors.unshift(async (options2) => {
+      if (typeof options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL] !== "boolean") {
+        throw new TypeError("[SimpleCsrfProtectionHandlerPlugin] CSRF protection context has been corrupted or modified by another plugin or interceptor");
+      }
+      const excluded = await value(this.exclude, options2);
+      if (!excluded && !options2.context[SIMPLE_CSRF_PROTECTION_CONTEXT_SYMBOL]) {
+        throw this.error;
+      }
+      return options2.next();
+    });
+  }
+}
+export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin };

package/dist/shared/server.B5yVxwZh.d.mts ADDED Viewed

@@ -0,0 +1,17 @@
+import { C as Context, R as Router } from './server.DQJX4Gnf.mjs';
+import { StandardRPCJsonSerializerOptions } from '@orpc/client/standard';
+import { b as StandardHandlerOptions, i as StandardHandler } from './server.ClO23hLW.mjs';
+interface StandardRPCHandlerOptions<T extends Context> extends StandardHandlerOptions<T>, StandardRPCJsonSerializerOptions {
+    /**
+     * Enables or disables the StrictGetMethodPlugin.
+     *
+     * @default true
+     */
+    strictGetMethodPluginEnabled?: boolean;
+}
+declare class StandardRPCHandler<T extends Context> extends StandardHandler<T> {
+    constructor(router: Router<any, T>, options: StandardRPCHandlerOptions<T>);
+}
+export { type StandardRPCHandlerOptions as S, StandardRPCHandler as a };

package/dist/shared/server.BVwwTHyO.mjs ADDED Viewed

@@ -0,0 +1,9 @@
+function resolveFriendlyStandardHandleOptions(options) {
+  return {
+    ...options,
+    context: options?.context ?? {}
+    // Context only optional if all fields are optional
+  };
+}
+export { resolveFriendlyStandardHandleOptions as r };

package/dist/shared/server.BW-nUGgA.mjs ADDED Viewed

@@ -0,0 +1,36 @@
+import { ORPCError, fallbackContractConfig } from '@orpc/contract';
+const STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL = Symbol("STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT");
+class StrictGetMethodPlugin {
+  error;
+  order = 7e6;
+  constructor(options = {}) {
+    this.error = options.error ?? new ORPCError("METHOD_NOT_SUPPORTED");
+  }
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.clientInterceptors ??= [];
+    options.rootInterceptors.unshift((options2) => {
+      const isGetMethod = options2.request.method === "GET";
+      return options2.next({
+        ...options2,
+        context: {
+          ...options2.context,
+          [STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL]: isGetMethod
+        }
+      });
+    });
+    options.clientInterceptors.unshift((options2) => {
+      if (typeof options2.context[STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL] !== "boolean") {
+        throw new TypeError("[StrictGetMethodPlugin] strict GET method context has been corrupted or modified by another plugin or interceptor");
+      }
+      const procedureMethod = fallbackContractConfig("defaultMethod", options2.procedure["~orpc"].route.method);
+      if (options2.context[STRICT_GET_METHOD_PLUGIN_IS_GET_METHOD_CONTEXT_SYMBOL] && procedureMethod !== "GET") {
+        throw this.error;
+      }
+      return options2.next();
+    });
+  }
+}
+export { StrictGetMethodPlugin as S };

package/dist/shared/server.By38lRwX.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { C as Context, R as Router } from './server.DQJX4Gnf.js';
+import { StandardRPCJsonSerializerOptions } from '@orpc/client/standard';
+import { b as StandardHandlerOptions, i as StandardHandler } from './server.DsVSuKTu.js';
+interface StandardRPCHandlerOptions<T extends Context> extends StandardHandlerOptions<T>, StandardRPCJsonSerializerOptions {
+    /**
+     * Enables or disables the StrictGetMethodPlugin.
+     *
+     * @default true
+     */
+    strictGetMethodPluginEnabled?: boolean;
+}
+declare class StandardRPCHandler<T extends Context> extends StandardHandler<T> {
+    constructor(router: Router<any, T>, options: StandardRPCHandlerOptions<T>);
+}
+export { type StandardRPCHandlerOptions as S, StandardRPCHandler as a };