@orpc/server 0.0.0-next.e7b4f63 → 0.0.0-next.e7c0280

package/dist/adapters/websocket/index.d.ts

@@ -0,0 +1,54 @@
+import { MaybeOptionalOptions } from '@orpc/shared';
+import { C as Context, R as Router } from '../../shared/server.CYNGeoCm.js';
+import { f as StandardHandler } from '../../shared/server.Bmh5xd4n.js';
+import { HandleStandardServerPeerMessageOptions } from '../standard-peer/index.js';
+import { S as StandardRPCHandlerOptions } from '../../shared/server.D0H-iaY3.js';
+import '@orpc/client';
+import '@orpc/contract';
+import '@orpc/standard-server';
+import '@orpc/standard-server-peer';
+import '../../shared/server.B7b2w3_i.js';
+import '@orpc/client/standard';
+import '../../shared/server.jMTkVNIb.js';
+
+type MinimalWebsocket = Pick<WebSocket, 'addEventListener' | 'send'>;
+declare class WebsocketHandler<T extends Context> {
+    #private;
+    constructor(standardHandler: StandardHandler<T>);
+    /**
+     * Upgrades a WebSocket to enable handling
+     *
+     * This attaches the necessary 'message' and 'close' listeners to the WebSocket
+     *
+     * @warning Do not use this method if you're using `.message()` or `.close()`
+     */
+    upgrade(ws: MinimalWebsocket, ...rest: MaybeOptionalOptions<HandleStandardServerPeerMessageOptions<T>>): void;
+    /**
+     * Handles a single message received from a WebSocket.
+     *
+     * @warning Avoid calling this directly if `.upgrade()` is used.
+     *
+     * @param ws The WebSocket instance
+     * @param data The message payload, usually place in `event.data`
+     */
+    message(ws: MinimalWebsocket, data: string | ArrayBuffer | Blob, ...rest: MaybeOptionalOptions<HandleStandardServerPeerMessageOptions<T>>): Promise<void>;
+    /**
+     * Closes the WebSocket peer and cleans up.
+     *
+     * @warning Avoid calling this directly if `.upgrade()` is used.
+     */
+    close(ws: MinimalWebsocket): void;
+}
+
+/**
+ * RPC Handler for Websocket adapter
+ *
+ * @see {@link https://orpc.unnoq.com/docs/rpc-handler RPC Handler Docs}
+ * @see {@link https://orpc.unnoq.com/docs/adapters/websocket Websocket Adapter Docs}
+ */
+declare class RPCHandler<T extends Context> extends WebsocketHandler<T> {
+    constructor(router: Router<any, T>, options?: NoInfer<StandardRPCHandlerOptions<T>>);
+}
+
+export { RPCHandler, WebsocketHandler };
+export type { MinimalWebsocket };

package/dist/adapters/websocket/index.mjs

@@ -0,0 +1,69 @@
+import { readAsBuffer, resolveMaybeOptionalOptions } from '@orpc/shared';
+import { ServerPeer } from '@orpc/standard-server-peer';
+import { h as handleStandardServerPeerMessage } from '../../shared/server.C6Q5sqYw.mjs';
+import '@orpc/client';
+import '@orpc/standard-server';
+import '@orpc/contract';
+import { b as StandardRPCHandler } from '../../shared/server.CIL9uKTN.mjs';
+import '@orpc/client/standard';
+import '../../shared/server.DZ5BIITo.mjs';
+import '../../shared/server.NeumLVdS.mjs';
+
+class WebsocketHandler {
+  #peers = /* @__PURE__ */ new WeakMap();
+  #handler;
+  constructor(standardHandler) {
+    this.#handler = standardHandler;
+  }
+  /**
+   * Upgrades a WebSocket to enable handling
+   *
+   * This attaches the necessary 'message' and 'close' listeners to the WebSocket
+   *
+   * @warning Do not use this method if you're using `.message()` or `.close()`
+   */
+  upgrade(ws, ...rest) {
+    ws.addEventListener("message", (event) => this.message(ws, event.data, ...rest));
+    ws.addEventListener("close", () => this.close(ws));
+  }
+  /**
+   * Handles a single message received from a WebSocket.
+   *
+   * @warning Avoid calling this directly if `.upgrade()` is used.
+   *
+   * @param ws The WebSocket instance
+   * @param data The message payload, usually place in `event.data`
+   */
+  async message(ws, data, ...rest) {
+    let peer = this.#peers.get(ws);
+    if (!peer) {
+      this.#peers.set(ws, peer = new ServerPeer(ws.send.bind(ws)));
+    }
+    const message = data instanceof Blob ? await readAsBuffer(data) : data;
+    await handleStandardServerPeerMessage(
+      this.#handler,
+      peer,
+      message,
+      resolveMaybeOptionalOptions(rest)
+    );
+  }
+  /**
+   * Closes the WebSocket peer and cleans up.
+   *
+   * @warning Avoid calling this directly if `.upgrade()` is used.
+   */
+  close(ws) {
+    const peer = this.#peers.get(ws);
+    if (peer) {
+      peer.close();
+    }
+  }
+}
+
+class RPCHandler extends WebsocketHandler {
+  constructor(router, options = {}) {
+    super(new StandardRPCHandler(router, options));
+  }
+}
+
+export { RPCHandler, WebsocketHandler };

package/dist/adapters/ws/index.d.mts

@@ -0,0 +1,31 @@
+import { MaybeOptionalOptions } from '@orpc/shared';
+import { WebSocket } from 'ws';
+import { C as Context, R as Router } from '../../shared/server.CYNGeoCm.mjs';
+import { f as StandardHandler } from '../../shared/server.gqRxT-yN.mjs';
+import { HandleStandardServerPeerMessageOptions } from '../standard-peer/index.mjs';
+import { S as StandardRPCHandlerOptions } from '../../shared/server.BU4WI18A.mjs';
+import '@orpc/client';
+import '@orpc/contract';
+import '@orpc/standard-server';
+import '@orpc/standard-server-peer';
+import '../../shared/server.BEFBl-Cb.mjs';
+import '@orpc/client/standard';
+import '../../shared/server.DhJj-1X9.mjs';
+
+declare class WsHandler<T extends Context> {
+    private readonly standardHandler;
+    constructor(standardHandler: StandardHandler<T>);
+    upgrade(ws: Pick<WebSocket, 'addEventListener' | 'send'>, ...rest: MaybeOptionalOptions<HandleStandardServerPeerMessageOptions<T>>): Promise<void>;
+}
+
+/**
+ * RPC Handler for ws (node ws) adapter
+ *
+ * @see {@link https://orpc.unnoq.com/docs/rpc-handler RPC Handler Docs}
+ * @see {@link https://orpc.unnoq.com/docs/adapters/websocket Websocket Adapter Docs}
+ */
+declare class RPCHandler<T extends Context> extends WsHandler<T> {
+    constructor(router: Router<any, T>, options?: NoInfer<StandardRPCHandlerOptions<T>>);
+}
+
+export { RPCHandler, WsHandler };

package/dist/adapters/ws/index.d.ts

@@ -0,0 +1,31 @@
+import { MaybeOptionalOptions } from '@orpc/shared';
+import { WebSocket } from 'ws';
+import { C as Context, R as Router } from '../../shared/server.CYNGeoCm.js';
+import { f as StandardHandler } from '../../shared/server.Bmh5xd4n.js';
+import { HandleStandardServerPeerMessageOptions } from '../standard-peer/index.js';
+import { S as StandardRPCHandlerOptions } from '../../shared/server.D0H-iaY3.js';
+import '@orpc/client';
+import '@orpc/contract';
+import '@orpc/standard-server';
+import '@orpc/standard-server-peer';
+import '../../shared/server.B7b2w3_i.js';
+import '@orpc/client/standard';
+import '../../shared/server.jMTkVNIb.js';
+
+declare class WsHandler<T extends Context> {
+    private readonly standardHandler;
+    constructor(standardHandler: StandardHandler<T>);
+    upgrade(ws: Pick<WebSocket, 'addEventListener' | 'send'>, ...rest: MaybeOptionalOptions<HandleStandardServerPeerMessageOptions<T>>): Promise<void>;
+}
+
+/**
+ * RPC Handler for ws (node ws) adapter
+ *
+ * @see {@link https://orpc.unnoq.com/docs/rpc-handler RPC Handler Docs}
+ * @see {@link https://orpc.unnoq.com/docs/adapters/websocket Websocket Adapter Docs}
+ */
+declare class RPCHandler<T extends Context> extends WsHandler<T> {
+    constructor(router: Router<any, T>, options?: NoInfer<StandardRPCHandlerOptions<T>>);
+}
+
+export { RPCHandler, WsHandler };

package/dist/adapters/ws/index.mjs

@@ -0,0 +1,39 @@
+import { readAsBuffer, resolveMaybeOptionalOptions } from '@orpc/shared';
+import { ServerPeer } from '@orpc/standard-server-peer';
+import { h as handleStandardServerPeerMessage } from '../../shared/server.C6Q5sqYw.mjs';
+import '@orpc/client';
+import '@orpc/standard-server';
+import '@orpc/contract';
+import { b as StandardRPCHandler } from '../../shared/server.CIL9uKTN.mjs';
+import '@orpc/client/standard';
+import '../../shared/server.DZ5BIITo.mjs';
+import '../../shared/server.NeumLVdS.mjs';
+
+class WsHandler {
+  constructor(standardHandler) {
+    this.standardHandler = standardHandler;
+  }
+  async upgrade(ws, ...rest) {
+    const peer = new ServerPeer(ws.send.bind(ws));
+    ws.addEventListener("message", async (event) => {
+      const message = Array.isArray(event.data) ? await readAsBuffer(new Blob(event.data)) : event.data;
+      await handleStandardServerPeerMessage(
+        this.standardHandler,
+        peer,
+        message,
+        resolveMaybeOptionalOptions(rest)
+      );
+    });
+    ws.addEventListener("close", () => {
+      peer.close();
+    });
+  }
+}
+
+class RPCHandler extends WsHandler {
+  constructor(router, options = {}) {
+    super(new StandardRPCHandler(router, options));
+  }
+}
+
+export { RPCHandler, WsHandler };

package/dist/helpers/index.d.mts

@@ -0,0 +1,130 @@
+import { SerializeOptions, ParseOptions } from 'cookie';
+
+/**
+ * Encodes a Uint8Array to base64url format
+ * Base64url is URL-safe and doesn't use padding
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function encodeBase64url(data: Uint8Array): string;
+/**
+ * Decodes a base64url string to Uint8Array
+ * Returns undefined if the input is invalid
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function decodeBase64url(base64url: string | undefined | null): Uint8Array | undefined;
+
+interface SetCookieOptions extends SerializeOptions {
+    /**
+     * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
+     *
+     * @default '/'
+     */
+    path?: string;
+}
+/**
+ * Sets a cookie in the response headers,
+ *
+ * Does nothing if `headers` is `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers()
+ *
+ * setCookie(headers, 'sessionId', 'abc123', { httpOnly: true, maxAge: 3600 })
+ *
+ * expect(headers.get('Set-Cookie')).toBe('sessionId=abc123; HttpOnly; Max-Age=3600')
+ * ```
+ *
+ */
+declare function setCookie(headers: Headers | undefined, name: string, value: string, options?: SetCookieOptions): void;
+interface GetCookieOptions extends ParseOptions {
+}
+/**
+ * Gets a cookie value from request headers
+ *
+ * Returns `undefined` if the cookie is not found or headers are `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers({ 'Cookie': 'sessionId=abc123; theme=dark' })
+ *
+ * const sessionId = getCookie(headers, 'sessionId')
+ *
+ * expect(sessionId).toEqual('abc123')
+ * ```
+ */
+declare function getCookie(headers: Headers | undefined, name: string, options?: GetCookieOptions): string | undefined;
+
+/**
+ * Encrypts a string using AES-GCM with a secret key.
+ * The output is base64url encoded to be URL-safe.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function encrypt(value: string, secret: string): Promise<string>;
+/**
+ * Decrypts a base64url encoded string using AES-GCM with a secret key.
+ * Returns the original string if decryption is successful, or undefined if it fails.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function decrypt(encrypted: string | undefined | null, secret: string): Promise<string | undefined>;
+
+/**
+ * Signs a string value using HMAC-SHA256 with a secret key.
+ *
+ * This function creates a cryptographic signature that can be used to verify
+ * the integrity and authenticity of the data. The signature is appended to
+ * the original value, separated by a dot, using base64url encoding (no padding).
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = await sign("user123", "my-secret-key")
+ * expect(signedValue).toEqual("user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA")
+ * ```
+ */
+declare function sign(value: string, secret: string): Promise<string>;
+/**
+ * Verifies and extracts the original value from a signed string.
+ *
+ * This function validates the signature of a previously signed value using the same
+ * secret key. If the signature is valid, it returns the original value. If the
+ * signature is invalid or the format is incorrect, it returns undefined.
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = "user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA"
+ * const originalValue = await unsign(signedValue, "my-secret-key")
+ * expect(originalValue).toEqual("user123")
+ * ```
+ */
+declare function unsign(signedValue: string | undefined | null, secret: string): Promise<string | undefined>;
+
+export { decodeBase64url, decrypt, encodeBase64url, encrypt, getCookie, setCookie, sign, unsign };
+export type { GetCookieOptions, SetCookieOptions };

package/dist/helpers/index.d.ts

@@ -0,0 +1,130 @@
+import { SerializeOptions, ParseOptions } from 'cookie';
+
+/**
+ * Encodes a Uint8Array to base64url format
+ * Base64url is URL-safe and doesn't use padding
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function encodeBase64url(data: Uint8Array): string;
+/**
+ * Decodes a base64url string to Uint8Array
+ * Returns undefined if the input is invalid
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function decodeBase64url(base64url: string | undefined | null): Uint8Array | undefined;
+
+interface SetCookieOptions extends SerializeOptions {
+    /**
+     * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
+     *
+     * @default '/'
+     */
+    path?: string;
+}
+/**
+ * Sets a cookie in the response headers,
+ *
+ * Does nothing if `headers` is `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers()
+ *
+ * setCookie(headers, 'sessionId', 'abc123', { httpOnly: true, maxAge: 3600 })
+ *
+ * expect(headers.get('Set-Cookie')).toBe('sessionId=abc123; HttpOnly; Max-Age=3600')
+ * ```
+ *
+ */
+declare function setCookie(headers: Headers | undefined, name: string, value: string, options?: SetCookieOptions): void;
+interface GetCookieOptions extends ParseOptions {
+}
+/**
+ * Gets a cookie value from request headers
+ *
+ * Returns `undefined` if the cookie is not found or headers are `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers({ 'Cookie': 'sessionId=abc123; theme=dark' })
+ *
+ * const sessionId = getCookie(headers, 'sessionId')
+ *
+ * expect(sessionId).toEqual('abc123')
+ * ```
+ */
+declare function getCookie(headers: Headers | undefined, name: string, options?: GetCookieOptions): string | undefined;
+
+/**
+ * Encrypts a string using AES-GCM with a secret key.
+ * The output is base64url encoded to be URL-safe.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function encrypt(value: string, secret: string): Promise<string>;
+/**
+ * Decrypts a base64url encoded string using AES-GCM with a secret key.
+ * Returns the original string if decryption is successful, or undefined if it fails.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function decrypt(encrypted: string | undefined | null, secret: string): Promise<string | undefined>;
+
+/**
+ * Signs a string value using HMAC-SHA256 with a secret key.
+ *
+ * This function creates a cryptographic signature that can be used to verify
+ * the integrity and authenticity of the data. The signature is appended to
+ * the original value, separated by a dot, using base64url encoding (no padding).
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = await sign("user123", "my-secret-key")
+ * expect(signedValue).toEqual("user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA")
+ * ```
+ */
+declare function sign(value: string, secret: string): Promise<string>;
+/**
+ * Verifies and extracts the original value from a signed string.
+ *
+ * This function validates the signature of a previously signed value using the same
+ * secret key. If the signature is valid, it returns the original value. If the
+ * signature is invalid or the format is incorrect, it returns undefined.
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = "user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA"
+ * const originalValue = await unsign(signedValue, "my-secret-key")
+ * expect(originalValue).toEqual("user123")
+ * ```
+ */
+declare function unsign(signedValue: string | undefined | null, secret: string): Promise<string | undefined>;
+
+export { decodeBase64url, decrypt, encodeBase64url, encrypt, getCookie, setCookie, sign, unsign };
+export type { GetCookieOptions, SetCookieOptions };

package/dist/helpers/index.mjs

@@ -0,0 +1,182 @@
+import { serialize, parse } from 'cookie';
+
+function encodeBase64url(data) {
+  const chunkSize = 8192;
+  let binaryString = "";
+  for (let i = 0; i < data.length; i += chunkSize) {
+    const chunk = data.subarray(i, i + chunkSize);
+    binaryString += String.fromCharCode(...chunk);
+  }
+  const base64 = btoa(binaryString);
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function decodeBase64url(base64url) {
+  try {
+    if (typeof base64url !== "string") {
+      return void 0;
+    }
+    let base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+    while (base64.length % 4) {
+      base64 += "=";
+    }
+    const binaryString = atob(base64);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes;
+  } catch {
+    return void 0;
+  }
+}
+
+function setCookie(headers, name, value, options = {}) {
+  if (headers === void 0) {
+    return;
+  }
+  const cookieString = serialize(name, value, {
+    path: "/",
+    ...options
+  });
+  headers.append("Set-Cookie", cookieString);
+}
+function getCookie(headers, name, options = {}) {
+  if (headers === void 0) {
+    return void 0;
+  }
+  const cookieHeader = headers.get("cookie");
+  if (cookieHeader === null) {
+    return void 0;
+  }
+  return parse(cookieHeader, options)[name];
+}
+
+const PBKDF2_CONFIG = {
+  name: "PBKDF2",
+  iterations: 6e4,
+  // Recommended minimum iterations per current OWASP guidelines
+  hash: "SHA-256"
+};
+const AES_GCM_CONFIG = {
+  name: "AES-GCM",
+  length: 256
+};
+const CRYPTO_CONSTANTS = {
+  SALT_LENGTH: 16,
+  IV_LENGTH: 12
+};
+async function encrypt(value, secret) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(value);
+  const salt = crypto.getRandomValues(new Uint8Array(CRYPTO_CONSTANTS.SALT_LENGTH));
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    PBKDF2_CONFIG.name,
+    false,
+    ["deriveKey"]
+  );
+  const key = await crypto.subtle.deriveKey(
+    { ...PBKDF2_CONFIG, salt },
+    keyMaterial,
+    AES_GCM_CONFIG,
+    false,
+    ["encrypt"]
+  );
+  const iv = crypto.getRandomValues(new Uint8Array(CRYPTO_CONSTANTS.IV_LENGTH));
+  const encrypted = await crypto.subtle.encrypt(
+    { name: AES_GCM_CONFIG.name, iv },
+    key,
+    data
+  );
+  const result = new Uint8Array(salt.length + iv.length + encrypted.byteLength);
+  result.set(salt, 0);
+  result.set(iv, salt.length);
+  result.set(new Uint8Array(encrypted), salt.length + iv.length);
+  return encodeBase64url(result);
+}
+async function decrypt(encrypted, secret) {
+  try {
+    const data = decodeBase64url(encrypted);
+    if (data === void 0) {
+      return void 0;
+    }
+    const encoder = new TextEncoder();
+    const decoder = new TextDecoder();
+    const salt = data.slice(0, CRYPTO_CONSTANTS.SALT_LENGTH);
+    const iv = data.slice(CRYPTO_CONSTANTS.SALT_LENGTH, CRYPTO_CONSTANTS.SALT_LENGTH + CRYPTO_CONSTANTS.IV_LENGTH);
+    const encryptedData = data.slice(CRYPTO_CONSTANTS.SALT_LENGTH + CRYPTO_CONSTANTS.IV_LENGTH);
+    const keyMaterial = await crypto.subtle.importKey(
+      "raw",
+      encoder.encode(secret),
+      PBKDF2_CONFIG.name,
+      false,
+      ["deriveKey"]
+    );
+    const key = await crypto.subtle.deriveKey(
+      { ...PBKDF2_CONFIG, salt },
+      keyMaterial,
+      AES_GCM_CONFIG,
+      false,
+      ["decrypt"]
+    );
+    const decrypted = await crypto.subtle.decrypt(
+      { name: AES_GCM_CONFIG.name, iv },
+      key,
+      encryptedData
+    );
+    return decoder.decode(decrypted);
+  } catch {
+    return void 0;
+  }
+}
+
+const ALGORITHM = { name: "HMAC", hash: "SHA-256" };
+async function sign(value, secret) {
+  const encoder = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    ALGORITHM,
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign(
+    ALGORITHM,
+    key,
+    encoder.encode(value)
+  );
+  return `${value}.${encodeBase64url(new Uint8Array(signature))}`;
+}
+async function unsign(signedValue, secret) {
+  if (typeof signedValue !== "string") {
+    return void 0;
+  }
+  const lastDotIndex = signedValue.lastIndexOf(".");
+  if (lastDotIndex === -1) {
+    return void 0;
+  }
+  const value = signedValue.slice(0, lastDotIndex);
+  const signatureBase64url = signedValue.slice(lastDotIndex + 1);
+  const signature = decodeBase64url(signatureBase64url);
+  if (signature === void 0) {
+    return void 0;
+  }
+  const encoder = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    ALGORITHM,
+    false,
+    ["verify"]
+  );
+  const isValid = await crypto.subtle.verify(
+    ALGORITHM,
+    key,
+    signature,
+    encoder.encode(value)
+  );
+  return isValid ? value : void 0;
+}
+
+export { decodeBase64url, decrypt, encodeBase64url, encrypt, getCookie, setCookie, sign, unsign };