@orpc/server 1.14.6 → 2.0.0-beta.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +78 -137
- package/dist/adapters/crossws/index.d.mts +42 -21
- package/dist/adapters/crossws/index.d.ts +42 -21
- package/dist/adapters/crossws/index.mjs +37 -18
- package/dist/adapters/fetch/index.d.mts +83 -67
- package/dist/adapters/fetch/index.d.ts +83 -67
- package/dist/adapters/fetch/index.mjs +131 -106
- package/dist/adapters/message-port/index.d.mts +51 -34
- package/dist/adapters/message-port/index.d.ts +51 -34
- package/dist/adapters/message-port/index.mjs +73 -38
- package/dist/adapters/node/index.d.mts +82 -60
- package/dist/adapters/node/index.d.ts +82 -60
- package/dist/adapters/node/index.mjs +127 -98
- package/dist/adapters/standard/index.d.mts +16 -18
- package/dist/adapters/standard/index.d.ts +16 -18
- package/dist/adapters/standard/index.mjs +5 -5
- package/dist/adapters/standard-peer/index.d.mts +12 -14
- package/dist/adapters/standard-peer/index.d.ts +12 -14
- package/dist/adapters/standard-peer/index.mjs +2 -21
- package/dist/adapters/websocket/index.d.mts +50 -36
- package/dist/adapters/websocket/index.d.ts +50 -36
- package/dist/adapters/websocket/index.mjs +55 -42
- package/dist/extensions/callable.d.mts +10 -0
- package/dist/extensions/callable.d.ts +10 -0
- package/dist/extensions/callable.mjs +11 -0
- package/dist/helpers/index.d.mts +2 -2
- package/dist/helpers/index.d.ts +2 -2
- package/dist/helpers/index.mjs +1 -1
- package/dist/index.d.mts +163 -770
- package/dist/index.d.ts +163 -770
- package/dist/index.mjs +296 -403
- package/dist/plugins/index.d.mts +120 -127
- package/dist/plugins/index.d.ts +120 -127
- package/dist/plugins/index.mjs +252 -223
- package/dist/shared/server.BL22TloH.d.mts +184 -0
- package/dist/shared/server.BL22TloH.d.ts +184 -0
- package/dist/shared/server.BsNNjG5J.d.mts +61 -0
- package/dist/shared/server.BwHnWUuN.mjs +222 -0
- package/dist/shared/server.CX4vUnDk.mjs +11 -0
- package/dist/shared/server.Cj5lgPuG.d.mts +66 -0
- package/dist/shared/server.CjOb6ItT.mjs +41 -0
- package/dist/shared/server.CrlKQucM.mjs +233 -0
- package/dist/shared/server.DBANIheG.d.ts +104 -0
- package/dist/shared/server.DJIkub_t.d.mts +104 -0
- package/dist/shared/server.D_QauotT.mjs +30 -0
- package/dist/shared/server.GDpX6Df8.mjs +271 -0
- package/dist/shared/server.Pa0F03f_.d.ts +61 -0
- package/dist/shared/{server.DZ5BIITo.mjs → server.W91HSRkE.mjs} +2 -2
- package/dist/shared/server.d_2NS3g5.d.ts +66 -0
- package/package.json +26 -55
- package/dist/adapters/aws-lambda/index.d.mts +0 -46
- package/dist/adapters/aws-lambda/index.d.ts +0 -46
- package/dist/adapters/aws-lambda/index.mjs +0 -40
- package/dist/adapters/bun-ws/index.d.mts +0 -36
- package/dist/adapters/bun-ws/index.d.ts +0 -36
- package/dist/adapters/bun-ws/index.mjs +0 -47
- package/dist/adapters/fastify/index.d.mts +0 -53
- package/dist/adapters/fastify/index.d.ts +0 -53
- package/dist/adapters/fastify/index.mjs +0 -52
- package/dist/adapters/ws/index.d.mts +0 -31
- package/dist/adapters/ws/index.d.ts +0 -31
- package/dist/adapters/ws/index.mjs +0 -37
- package/dist/hibernation/index.d.mts +0 -44
- package/dist/hibernation/index.d.ts +0 -44
- package/dist/hibernation/index.mjs +0 -65
- package/dist/shared/server.7cEtMB30.d.ts +0 -74
- package/dist/shared/server.B8gYOD5g.d.mts +0 -12
- package/dist/shared/server.BqadksTP.d.mts +0 -74
- package/dist/shared/server.C8_sRzQB.d.mts +0 -42
- package/dist/shared/server.ChUyt5-i.d.mts +0 -32
- package/dist/shared/server.ChyoA9XY.d.ts +0 -42
- package/dist/shared/server.DEBcqOjg.mjs +0 -418
- package/dist/shared/server.EfTOZ2Q7.d.ts +0 -12
- package/dist/shared/server.TEVCLCFC.mjs +0 -39
- package/dist/shared/server.ZxHCEN1h.mjs +0 -226
- package/dist/shared/server.qKsRrdxW.d.mts +0 -193
- package/dist/shared/server.qKsRrdxW.d.ts +0 -193
- package/dist/shared/server.yoEB3Fx4.d.ts +0 -32
package/dist/plugins/index.d.mts
CHANGED
|
@@ -1,76 +1,133 @@
|
|
|
1
1
|
import { Value, Promisable, ThrowableError } from '@orpc/shared';
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
import {
|
|
5
|
-
import
|
|
6
|
-
import
|
|
7
|
-
import { ORPCError } from '@orpc/client';
|
|
2
|
+
import { StandardLazyRequest, StandardHeaders } from '@standardserver/core';
|
|
3
|
+
import { C as Context } from '../shared/server.BL22TloH.mjs';
|
|
4
|
+
import { e as StandardHandlerPlugin, f as StandardHandlerRoutingInterceptorOptions, a as StandardHandlerOptions, g as StandardHandlerInterceptorOptions } from '../shared/server.DJIkub_t.mjs';
|
|
5
|
+
import '@orpc/client';
|
|
6
|
+
import '@orpc/contract';
|
|
8
7
|
|
|
9
|
-
interface
|
|
8
|
+
interface BatchHandlerPluginOptions<T extends Context> {
|
|
10
9
|
/**
|
|
11
10
|
* The max size of the batch allowed.
|
|
12
11
|
*
|
|
13
12
|
* @default 10
|
|
14
13
|
*/
|
|
15
|
-
maxSize?: Value<Promisable<number>, [
|
|
14
|
+
maxSize?: Value<Promisable<number>, [options: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
16
15
|
/**
|
|
17
|
-
* Map the
|
|
16
|
+
* Map each subrequest in the batch before it is processed.
|
|
18
17
|
*
|
|
19
|
-
* @default
|
|
18
|
+
* @default merges the batch request headers into the subrequest and remove `orpc-batch` header to prevent nested batching
|
|
20
19
|
*/
|
|
21
|
-
|
|
20
|
+
mapSubrequest?: (subrequest: StandardLazyRequest, batchOptions: StandardHandlerRoutingInterceptorOptions<T>) => StandardLazyRequest;
|
|
22
21
|
/**
|
|
23
22
|
* Success batch response status code.
|
|
24
23
|
*
|
|
25
24
|
* @default 207
|
|
26
25
|
*/
|
|
27
|
-
successStatus?: Value<Promisable<number>, [
|
|
26
|
+
successStatus?: Value<Promisable<number>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
28
27
|
/**
|
|
29
|
-
*
|
|
28
|
+
* Success batch response headers.
|
|
30
29
|
*
|
|
31
30
|
* @default {}
|
|
32
31
|
*/
|
|
33
|
-
headers?: Value<Promisable<StandardHeaders>, [
|
|
32
|
+
headers?: Value<Promisable<StandardHeaders>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
34
33
|
}
|
|
35
|
-
/**
|
|
36
|
-
* The Batch Requests Plugin allows you to combine multiple requests and responses into a single batch,
|
|
37
|
-
* reducing the overhead of sending each one separately.
|
|
38
|
-
*
|
|
39
|
-
* @see {@link https://orpc.dev/docs/plugins/batch-requests Batch Requests Plugin Docs}
|
|
40
|
-
*/
|
|
41
34
|
declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
35
|
+
name: string;
|
|
36
|
+
/**
|
|
37
|
+
* Run batch interceptors before OpenTelemetry interceptors
|
|
38
|
+
* so each subrequest gets its own span instead of sharing one batch-level span.
|
|
39
|
+
*/
|
|
40
|
+
after: string[];
|
|
42
41
|
private readonly maxSize;
|
|
43
|
-
private readonly
|
|
42
|
+
private readonly mapSubrequest;
|
|
44
43
|
private readonly successStatus;
|
|
45
44
|
private readonly headers;
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
init(options: StandardHandlerOptions<T>): void;
|
|
45
|
+
constructor(options?: BatchHandlerPluginOptions<T>);
|
|
46
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
49
47
|
}
|
|
50
48
|
|
|
51
|
-
interface
|
|
52
|
-
|
|
53
|
-
|
|
49
|
+
interface CORSHandlerPluginOptions<T extends Context> {
|
|
50
|
+
/**
|
|
51
|
+
* Configures the `Access-Control-Allow-Origin` header.
|
|
52
|
+
* Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
|
|
53
|
+
*
|
|
54
|
+
* @default (origin) => origin
|
|
55
|
+
*/
|
|
56
|
+
origin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
57
|
+
/**
|
|
58
|
+
* Configures the `Timing-Allow-Origin` header.
|
|
59
|
+
* Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
|
|
60
|
+
*
|
|
61
|
+
* @default undefined
|
|
62
|
+
*/
|
|
63
|
+
timingOrigin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
64
|
+
/**
|
|
65
|
+
* Configures the `Access-Control-Allow-Methods` header for preflight requests.
|
|
66
|
+
*
|
|
67
|
+
* @default ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH']
|
|
68
|
+
*/
|
|
54
69
|
allowMethods?: readonly string[];
|
|
70
|
+
/**
|
|
71
|
+
* Configures the `Access-Control-Allow-Headers` header for preflight requests.
|
|
72
|
+
* Falls back to the request's `Access-Control-Request-Headers` if not set.
|
|
73
|
+
*
|
|
74
|
+
* @default undefined
|
|
75
|
+
*/
|
|
55
76
|
allowHeaders?: readonly string[];
|
|
77
|
+
/**
|
|
78
|
+
* Configures the `Access-Control-Max-Age` header (in seconds) for preflight requests.
|
|
79
|
+
*
|
|
80
|
+
* @default undefined
|
|
81
|
+
*/
|
|
56
82
|
maxAge?: number;
|
|
83
|
+
/**
|
|
84
|
+
* Configures the `Access-Control-Allow-Credentials` header.
|
|
85
|
+
*
|
|
86
|
+
* @default undefined
|
|
87
|
+
*/
|
|
57
88
|
credentials?: boolean;
|
|
89
|
+
/**
|
|
90
|
+
* Configures the `Access-Control-Expose-Headers` header.
|
|
91
|
+
*
|
|
92
|
+
* @default undefined
|
|
93
|
+
*/
|
|
58
94
|
exposeHeaders?: readonly string[];
|
|
59
95
|
}
|
|
60
96
|
/**
|
|
61
|
-
*
|
|
97
|
+
* CORSHandlerPlugin is a plugin for oRPC that allows you to configure CORS for your API.
|
|
62
98
|
*
|
|
63
99
|
* @see {@link https://orpc.dev/docs/plugins/cors CORS Plugin Docs}
|
|
64
100
|
*/
|
|
65
|
-
declare class
|
|
101
|
+
declare class CORSHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
66
102
|
private readonly options;
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
103
|
+
name: string;
|
|
104
|
+
/**
|
|
105
|
+
* - Do not create spans for CORS preflight requests.
|
|
106
|
+
* - Run CORS interceptors before batch interceptors so headers are applied to
|
|
107
|
+
* the actual response rather than sub-responses.
|
|
108
|
+
*/
|
|
109
|
+
after: string[];
|
|
110
|
+
constructor(options?: CORSHandlerPluginOptions<T>);
|
|
111
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
70
112
|
}
|
|
71
113
|
|
|
72
|
-
|
|
73
|
-
|
|
114
|
+
/**
|
|
115
|
+
* Adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
|
|
116
|
+
* When a request includes cookies, it helps ensure the request originates from JavaScript
|
|
117
|
+
* (for example, fetch/XHR) rather than from standard HTML forms or direct browser navigation.
|
|
118
|
+
*
|
|
119
|
+
* @info This plugin is enabled by default for `RPCHandler` over HTTP.
|
|
120
|
+
*/
|
|
121
|
+
declare class CSRFGuardHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
122
|
+
name: string;
|
|
123
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
interface RequestHeadersHandlerPluginContext {
|
|
127
|
+
/**
|
|
128
|
+
* Request headers as a Headers instance. This is injected by the Request Headers Plugin.
|
|
129
|
+
*/
|
|
130
|
+
reqHeaders?: Headers | undefined;
|
|
74
131
|
}
|
|
75
132
|
/**
|
|
76
133
|
* The Request Headers Plugin injects a `reqHeaders` instance into the context,
|
|
@@ -78,12 +135,17 @@ interface RequestHeadersPluginContext {
|
|
|
78
135
|
*
|
|
79
136
|
* @see {@link https://orpc.dev/docs/plugins/request-headers Request Headers Plugin Docs}
|
|
80
137
|
*/
|
|
81
|
-
declare class
|
|
82
|
-
|
|
138
|
+
declare class RequestHeadersHandlerPlugin<T extends RequestHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
|
|
139
|
+
name: string;
|
|
140
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
83
141
|
}
|
|
84
142
|
|
|
85
|
-
interface
|
|
86
|
-
|
|
143
|
+
interface ResponseHeadersHandlerPluginContext {
|
|
144
|
+
/**
|
|
145
|
+
* Response headers as a Headers instance. This is injected by the Response Headers Plugin.
|
|
146
|
+
* When set before the response is sent, these headers will be included in the response. If not set, no additional headers will be added.
|
|
147
|
+
*/
|
|
148
|
+
resHeaders?: Headers | undefined;
|
|
87
149
|
}
|
|
88
150
|
/**
|
|
89
151
|
* The Response Headers Plugin allows you to set response headers in oRPC.
|
|
@@ -91,11 +153,16 @@ interface ResponseHeadersPluginContext {
|
|
|
91
153
|
*
|
|
92
154
|
* @see {@link https://orpc.dev/docs/plugins/response-headers Response Headers Plugin Docs}
|
|
93
155
|
*/
|
|
94
|
-
declare class
|
|
95
|
-
|
|
156
|
+
declare class ResponseHeadersHandlerPlugin<T extends ResponseHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
|
|
157
|
+
name: string;
|
|
158
|
+
/**
|
|
159
|
+
* Interceptors should run after batch interceptors so headers are applied to each sub-response.
|
|
160
|
+
*/
|
|
161
|
+
before: string[];
|
|
162
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
96
163
|
}
|
|
97
164
|
|
|
98
|
-
interface
|
|
165
|
+
interface RethrowHandlerPluginOptions<T extends Context> {
|
|
99
166
|
/**
|
|
100
167
|
* Decide which errors should be rethrown.
|
|
101
168
|
*
|
|
@@ -109,96 +176,22 @@ interface experimental_RethrowHandlerPluginOptions<T extends Context> {
|
|
|
109
176
|
* })
|
|
110
177
|
* ```
|
|
111
178
|
*/
|
|
112
|
-
filter:
|
|
179
|
+
filter: (error: ThrowableError, options: StandardHandlerInterceptorOptions<T>) => boolean;
|
|
113
180
|
}
|
|
114
181
|
/**
|
|
115
|
-
* The plugin
|
|
116
|
-
*
|
|
117
|
-
* (e.g.,
|
|
118
|
-
* and you want certain errors to be processed by that mechanism instead of being handled by the
|
|
119
|
-
* oRPC error handling flow.
|
|
182
|
+
* The plugin can bypass oRPC's built-in error handling
|
|
183
|
+
* and rethrow matching errors directly to your framework's error handling mechanism
|
|
184
|
+
* (e.g., NestJS exception filters, Express error middleware).
|
|
120
185
|
*
|
|
121
|
-
* @see {@link https://orpc.dev/docs/plugins/rethrow
|
|
186
|
+
* @see {@link https://orpc.dev/docs/plugins/rethrow Rethrow Plugin Documentation}
|
|
122
187
|
*/
|
|
123
|
-
declare class
|
|
188
|
+
declare class RethrowHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
189
|
+
name: string;
|
|
124
190
|
private readonly filter;
|
|
125
|
-
CONTEXT_SYMBOL
|
|
126
|
-
constructor(options:
|
|
127
|
-
init(options: StandardHandlerOptions<T>):
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
|
|
131
|
-
/**
|
|
132
|
-
* The name of the header to check.
|
|
133
|
-
*
|
|
134
|
-
* @default 'x-csrf-token'
|
|
135
|
-
*/
|
|
136
|
-
headerName?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
|
|
137
|
-
/**
|
|
138
|
-
* The value of the header to check.
|
|
139
|
-
*
|
|
140
|
-
* @default 'orpc'
|
|
141
|
-
*
|
|
142
|
-
*/
|
|
143
|
-
headerValue?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
|
|
144
|
-
/**
|
|
145
|
-
* Exclude a procedure from the plugin.
|
|
146
|
-
*
|
|
147
|
-
* @default false
|
|
148
|
-
*
|
|
149
|
-
*/
|
|
150
|
-
exclude?: Value<Promisable<boolean>, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
|
|
151
|
-
/**
|
|
152
|
-
* The error thrown when the CSRF token is invalid.
|
|
153
|
-
*
|
|
154
|
-
* @default new ORPCError('CSRF_TOKEN_MISMATCH', {
|
|
155
|
-
* status: 403,
|
|
156
|
-
* message: 'Invalid CSRF token',
|
|
157
|
-
* })
|
|
158
|
-
*/
|
|
159
|
-
error?: InstanceType<typeof ORPCError>;
|
|
160
|
-
}
|
|
161
|
-
/**
|
|
162
|
-
* This plugin adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
|
|
163
|
-
* It helps ensure that requests to your procedures originate from JavaScript code,
|
|
164
|
-
* not from other sources like standard HTML forms or direct browser navigation.
|
|
165
|
-
*
|
|
166
|
-
* @see {@link https://orpc.dev/docs/plugins/simple-csrf-protection Simple CSRF Protection Plugin Docs}
|
|
167
|
-
*/
|
|
168
|
-
declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
169
|
-
private readonly headerName;
|
|
170
|
-
private readonly headerValue;
|
|
171
|
-
private readonly exclude;
|
|
172
|
-
private readonly error;
|
|
173
|
-
constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
|
|
174
|
-
order: number;
|
|
175
|
-
init(options: StandardHandlerOptions<T>): void;
|
|
176
|
-
}
|
|
177
|
-
|
|
178
|
-
interface StrictGetMethodPluginOptions {
|
|
179
|
-
/**
|
|
180
|
-
* The error thrown when a GET request is made to a procedure that doesn't allow GET.
|
|
181
|
-
*
|
|
182
|
-
* @default new ORPCError('METHOD_NOT_SUPPORTED')
|
|
183
|
-
*/
|
|
184
|
-
error?: InstanceType<typeof ORPCError$1>;
|
|
185
|
-
}
|
|
186
|
-
/**
|
|
187
|
-
* This plugin enhances security by ensuring only procedures explicitly marked to accept GET requests
|
|
188
|
-
* can be called using the HTTP GET method for RPC Protocol. This helps prevent certain types of
|
|
189
|
-
* Cross-Site Request Forgery (CSRF) attacks.
|
|
190
|
-
*
|
|
191
|
-
* @see {@link https://orpc.dev/docs/plugins/strict-get-method Strict Get Method Plugin Docs}
|
|
192
|
-
*/
|
|
193
|
-
declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
194
|
-
private readonly error;
|
|
195
|
-
/**
|
|
196
|
-
* make sure execute before batch plugin to get real method
|
|
197
|
-
*/
|
|
198
|
-
order: number;
|
|
199
|
-
constructor(options?: StrictGetMethodPluginOptions);
|
|
200
|
-
init(options: StandardHandlerOptions<T>): void;
|
|
191
|
+
private readonly CONTEXT_SYMBOL;
|
|
192
|
+
constructor(options: RethrowHandlerPluginOptions<T>);
|
|
193
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
201
194
|
}
|
|
202
195
|
|
|
203
|
-
export { BatchHandlerPlugin,
|
|
204
|
-
export type {
|
|
196
|
+
export { BatchHandlerPlugin, CORSHandlerPlugin, CSRFGuardHandlerPlugin, RequestHeadersHandlerPlugin, ResponseHeadersHandlerPlugin, RethrowHandlerPlugin };
|
|
197
|
+
export type { BatchHandlerPluginOptions, CORSHandlerPluginOptions, RequestHeadersHandlerPluginContext, ResponseHeadersHandlerPluginContext, RethrowHandlerPluginOptions };
|
package/dist/plugins/index.d.ts
CHANGED
|
@@ -1,76 +1,133 @@
|
|
|
1
1
|
import { Value, Promisable, ThrowableError } from '@orpc/shared';
|
|
2
|
-
import {
|
|
3
|
-
import {
|
|
4
|
-
import {
|
|
5
|
-
import
|
|
6
|
-
import
|
|
7
|
-
import { ORPCError } from '@orpc/client';
|
|
2
|
+
import { StandardLazyRequest, StandardHeaders } from '@standardserver/core';
|
|
3
|
+
import { C as Context } from '../shared/server.BL22TloH.js';
|
|
4
|
+
import { e as StandardHandlerPlugin, f as StandardHandlerRoutingInterceptorOptions, a as StandardHandlerOptions, g as StandardHandlerInterceptorOptions } from '../shared/server.DBANIheG.js';
|
|
5
|
+
import '@orpc/client';
|
|
6
|
+
import '@orpc/contract';
|
|
8
7
|
|
|
9
|
-
interface
|
|
8
|
+
interface BatchHandlerPluginOptions<T extends Context> {
|
|
10
9
|
/**
|
|
11
10
|
* The max size of the batch allowed.
|
|
12
11
|
*
|
|
13
12
|
* @default 10
|
|
14
13
|
*/
|
|
15
|
-
maxSize?: Value<Promisable<number>, [
|
|
14
|
+
maxSize?: Value<Promisable<number>, [options: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
16
15
|
/**
|
|
17
|
-
* Map the
|
|
16
|
+
* Map each subrequest in the batch before it is processed.
|
|
18
17
|
*
|
|
19
|
-
* @default
|
|
18
|
+
* @default merges the batch request headers into the subrequest and remove `orpc-batch` header to prevent nested batching
|
|
20
19
|
*/
|
|
21
|
-
|
|
20
|
+
mapSubrequest?: (subrequest: StandardLazyRequest, batchOptions: StandardHandlerRoutingInterceptorOptions<T>) => StandardLazyRequest;
|
|
22
21
|
/**
|
|
23
22
|
* Success batch response status code.
|
|
24
23
|
*
|
|
25
24
|
* @default 207
|
|
26
25
|
*/
|
|
27
|
-
successStatus?: Value<Promisable<number>, [
|
|
26
|
+
successStatus?: Value<Promisable<number>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
28
27
|
/**
|
|
29
|
-
*
|
|
28
|
+
* Success batch response headers.
|
|
30
29
|
*
|
|
31
30
|
* @default {}
|
|
32
31
|
*/
|
|
33
|
-
headers?: Value<Promisable<StandardHeaders>, [
|
|
32
|
+
headers?: Value<Promisable<StandardHeaders>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
34
33
|
}
|
|
35
|
-
/**
|
|
36
|
-
* The Batch Requests Plugin allows you to combine multiple requests and responses into a single batch,
|
|
37
|
-
* reducing the overhead of sending each one separately.
|
|
38
|
-
*
|
|
39
|
-
* @see {@link https://orpc.dev/docs/plugins/batch-requests Batch Requests Plugin Docs}
|
|
40
|
-
*/
|
|
41
34
|
declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
35
|
+
name: string;
|
|
36
|
+
/**
|
|
37
|
+
* Run batch interceptors before OpenTelemetry interceptors
|
|
38
|
+
* so each subrequest gets its own span instead of sharing one batch-level span.
|
|
39
|
+
*/
|
|
40
|
+
after: string[];
|
|
42
41
|
private readonly maxSize;
|
|
43
|
-
private readonly
|
|
42
|
+
private readonly mapSubrequest;
|
|
44
43
|
private readonly successStatus;
|
|
45
44
|
private readonly headers;
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
init(options: StandardHandlerOptions<T>): void;
|
|
45
|
+
constructor(options?: BatchHandlerPluginOptions<T>);
|
|
46
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
49
47
|
}
|
|
50
48
|
|
|
51
|
-
interface
|
|
52
|
-
|
|
53
|
-
|
|
49
|
+
interface CORSHandlerPluginOptions<T extends Context> {
|
|
50
|
+
/**
|
|
51
|
+
* Configures the `Access-Control-Allow-Origin` header.
|
|
52
|
+
* Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
|
|
53
|
+
*
|
|
54
|
+
* @default (origin) => origin
|
|
55
|
+
*/
|
|
56
|
+
origin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
57
|
+
/**
|
|
58
|
+
* Configures the `Timing-Allow-Origin` header.
|
|
59
|
+
* Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
|
|
60
|
+
*
|
|
61
|
+
* @default undefined
|
|
62
|
+
*/
|
|
63
|
+
timingOrigin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
|
|
64
|
+
/**
|
|
65
|
+
* Configures the `Access-Control-Allow-Methods` header for preflight requests.
|
|
66
|
+
*
|
|
67
|
+
* @default ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH']
|
|
68
|
+
*/
|
|
54
69
|
allowMethods?: readonly string[];
|
|
70
|
+
/**
|
|
71
|
+
* Configures the `Access-Control-Allow-Headers` header for preflight requests.
|
|
72
|
+
* Falls back to the request's `Access-Control-Request-Headers` if not set.
|
|
73
|
+
*
|
|
74
|
+
* @default undefined
|
|
75
|
+
*/
|
|
55
76
|
allowHeaders?: readonly string[];
|
|
77
|
+
/**
|
|
78
|
+
* Configures the `Access-Control-Max-Age` header (in seconds) for preflight requests.
|
|
79
|
+
*
|
|
80
|
+
* @default undefined
|
|
81
|
+
*/
|
|
56
82
|
maxAge?: number;
|
|
83
|
+
/**
|
|
84
|
+
* Configures the `Access-Control-Allow-Credentials` header.
|
|
85
|
+
*
|
|
86
|
+
* @default undefined
|
|
87
|
+
*/
|
|
57
88
|
credentials?: boolean;
|
|
89
|
+
/**
|
|
90
|
+
* Configures the `Access-Control-Expose-Headers` header.
|
|
91
|
+
*
|
|
92
|
+
* @default undefined
|
|
93
|
+
*/
|
|
58
94
|
exposeHeaders?: readonly string[];
|
|
59
95
|
}
|
|
60
96
|
/**
|
|
61
|
-
*
|
|
97
|
+
* CORSHandlerPlugin is a plugin for oRPC that allows you to configure CORS for your API.
|
|
62
98
|
*
|
|
63
99
|
* @see {@link https://orpc.dev/docs/plugins/cors CORS Plugin Docs}
|
|
64
100
|
*/
|
|
65
|
-
declare class
|
|
101
|
+
declare class CORSHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
66
102
|
private readonly options;
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
103
|
+
name: string;
|
|
104
|
+
/**
|
|
105
|
+
* - Do not create spans for CORS preflight requests.
|
|
106
|
+
* - Run CORS interceptors before batch interceptors so headers are applied to
|
|
107
|
+
* the actual response rather than sub-responses.
|
|
108
|
+
*/
|
|
109
|
+
after: string[];
|
|
110
|
+
constructor(options?: CORSHandlerPluginOptions<T>);
|
|
111
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
70
112
|
}
|
|
71
113
|
|
|
72
|
-
|
|
73
|
-
|
|
114
|
+
/**
|
|
115
|
+
* Adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
|
|
116
|
+
* When a request includes cookies, it helps ensure the request originates from JavaScript
|
|
117
|
+
* (for example, fetch/XHR) rather than from standard HTML forms or direct browser navigation.
|
|
118
|
+
*
|
|
119
|
+
* @info This plugin is enabled by default for `RPCHandler` over HTTP.
|
|
120
|
+
*/
|
|
121
|
+
declare class CSRFGuardHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
122
|
+
name: string;
|
|
123
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
124
|
+
}
|
|
125
|
+
|
|
126
|
+
interface RequestHeadersHandlerPluginContext {
|
|
127
|
+
/**
|
|
128
|
+
* Request headers as a Headers instance. This is injected by the Request Headers Plugin.
|
|
129
|
+
*/
|
|
130
|
+
reqHeaders?: Headers | undefined;
|
|
74
131
|
}
|
|
75
132
|
/**
|
|
76
133
|
* The Request Headers Plugin injects a `reqHeaders` instance into the context,
|
|
@@ -78,12 +135,17 @@ interface RequestHeadersPluginContext {
|
|
|
78
135
|
*
|
|
79
136
|
* @see {@link https://orpc.dev/docs/plugins/request-headers Request Headers Plugin Docs}
|
|
80
137
|
*/
|
|
81
|
-
declare class
|
|
82
|
-
|
|
138
|
+
declare class RequestHeadersHandlerPlugin<T extends RequestHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
|
|
139
|
+
name: string;
|
|
140
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
83
141
|
}
|
|
84
142
|
|
|
85
|
-
interface
|
|
86
|
-
|
|
143
|
+
interface ResponseHeadersHandlerPluginContext {
|
|
144
|
+
/**
|
|
145
|
+
* Response headers as a Headers instance. This is injected by the Response Headers Plugin.
|
|
146
|
+
* When set before the response is sent, these headers will be included in the response. If not set, no additional headers will be added.
|
|
147
|
+
*/
|
|
148
|
+
resHeaders?: Headers | undefined;
|
|
87
149
|
}
|
|
88
150
|
/**
|
|
89
151
|
* The Response Headers Plugin allows you to set response headers in oRPC.
|
|
@@ -91,11 +153,16 @@ interface ResponseHeadersPluginContext {
|
|
|
91
153
|
*
|
|
92
154
|
* @see {@link https://orpc.dev/docs/plugins/response-headers Response Headers Plugin Docs}
|
|
93
155
|
*/
|
|
94
|
-
declare class
|
|
95
|
-
|
|
156
|
+
declare class ResponseHeadersHandlerPlugin<T extends ResponseHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
|
|
157
|
+
name: string;
|
|
158
|
+
/**
|
|
159
|
+
* Interceptors should run after batch interceptors so headers are applied to each sub-response.
|
|
160
|
+
*/
|
|
161
|
+
before: string[];
|
|
162
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
96
163
|
}
|
|
97
164
|
|
|
98
|
-
interface
|
|
165
|
+
interface RethrowHandlerPluginOptions<T extends Context> {
|
|
99
166
|
/**
|
|
100
167
|
* Decide which errors should be rethrown.
|
|
101
168
|
*
|
|
@@ -109,96 +176,22 @@ interface experimental_RethrowHandlerPluginOptions<T extends Context> {
|
|
|
109
176
|
* })
|
|
110
177
|
* ```
|
|
111
178
|
*/
|
|
112
|
-
filter:
|
|
179
|
+
filter: (error: ThrowableError, options: StandardHandlerInterceptorOptions<T>) => boolean;
|
|
113
180
|
}
|
|
114
181
|
/**
|
|
115
|
-
* The plugin
|
|
116
|
-
*
|
|
117
|
-
* (e.g.,
|
|
118
|
-
* and you want certain errors to be processed by that mechanism instead of being handled by the
|
|
119
|
-
* oRPC error handling flow.
|
|
182
|
+
* The plugin can bypass oRPC's built-in error handling
|
|
183
|
+
* and rethrow matching errors directly to your framework's error handling mechanism
|
|
184
|
+
* (e.g., NestJS exception filters, Express error middleware).
|
|
120
185
|
*
|
|
121
|
-
* @see {@link https://orpc.dev/docs/plugins/rethrow
|
|
186
|
+
* @see {@link https://orpc.dev/docs/plugins/rethrow Rethrow Plugin Documentation}
|
|
122
187
|
*/
|
|
123
|
-
declare class
|
|
188
|
+
declare class RethrowHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
189
|
+
name: string;
|
|
124
190
|
private readonly filter;
|
|
125
|
-
CONTEXT_SYMBOL
|
|
126
|
-
constructor(options:
|
|
127
|
-
init(options: StandardHandlerOptions<T>):
|
|
128
|
-
}
|
|
129
|
-
|
|
130
|
-
interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
|
|
131
|
-
/**
|
|
132
|
-
* The name of the header to check.
|
|
133
|
-
*
|
|
134
|
-
* @default 'x-csrf-token'
|
|
135
|
-
*/
|
|
136
|
-
headerName?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
|
|
137
|
-
/**
|
|
138
|
-
* The value of the header to check.
|
|
139
|
-
*
|
|
140
|
-
* @default 'orpc'
|
|
141
|
-
*
|
|
142
|
-
*/
|
|
143
|
-
headerValue?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
|
|
144
|
-
/**
|
|
145
|
-
* Exclude a procedure from the plugin.
|
|
146
|
-
*
|
|
147
|
-
* @default false
|
|
148
|
-
*
|
|
149
|
-
*/
|
|
150
|
-
exclude?: Value<Promisable<boolean>, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
|
|
151
|
-
/**
|
|
152
|
-
* The error thrown when the CSRF token is invalid.
|
|
153
|
-
*
|
|
154
|
-
* @default new ORPCError('CSRF_TOKEN_MISMATCH', {
|
|
155
|
-
* status: 403,
|
|
156
|
-
* message: 'Invalid CSRF token',
|
|
157
|
-
* })
|
|
158
|
-
*/
|
|
159
|
-
error?: InstanceType<typeof ORPCError>;
|
|
160
|
-
}
|
|
161
|
-
/**
|
|
162
|
-
* This plugin adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
|
|
163
|
-
* It helps ensure that requests to your procedures originate from JavaScript code,
|
|
164
|
-
* not from other sources like standard HTML forms or direct browser navigation.
|
|
165
|
-
*
|
|
166
|
-
* @see {@link https://orpc.dev/docs/plugins/simple-csrf-protection Simple CSRF Protection Plugin Docs}
|
|
167
|
-
*/
|
|
168
|
-
declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
169
|
-
private readonly headerName;
|
|
170
|
-
private readonly headerValue;
|
|
171
|
-
private readonly exclude;
|
|
172
|
-
private readonly error;
|
|
173
|
-
constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
|
|
174
|
-
order: number;
|
|
175
|
-
init(options: StandardHandlerOptions<T>): void;
|
|
176
|
-
}
|
|
177
|
-
|
|
178
|
-
interface StrictGetMethodPluginOptions {
|
|
179
|
-
/**
|
|
180
|
-
* The error thrown when a GET request is made to a procedure that doesn't allow GET.
|
|
181
|
-
*
|
|
182
|
-
* @default new ORPCError('METHOD_NOT_SUPPORTED')
|
|
183
|
-
*/
|
|
184
|
-
error?: InstanceType<typeof ORPCError$1>;
|
|
185
|
-
}
|
|
186
|
-
/**
|
|
187
|
-
* This plugin enhances security by ensuring only procedures explicitly marked to accept GET requests
|
|
188
|
-
* can be called using the HTTP GET method for RPC Protocol. This helps prevent certain types of
|
|
189
|
-
* Cross-Site Request Forgery (CSRF) attacks.
|
|
190
|
-
*
|
|
191
|
-
* @see {@link https://orpc.dev/docs/plugins/strict-get-method Strict Get Method Plugin Docs}
|
|
192
|
-
*/
|
|
193
|
-
declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
|
|
194
|
-
private readonly error;
|
|
195
|
-
/**
|
|
196
|
-
* make sure execute before batch plugin to get real method
|
|
197
|
-
*/
|
|
198
|
-
order: number;
|
|
199
|
-
constructor(options?: StrictGetMethodPluginOptions);
|
|
200
|
-
init(options: StandardHandlerOptions<T>): void;
|
|
191
|
+
private readonly CONTEXT_SYMBOL;
|
|
192
|
+
constructor(options: RethrowHandlerPluginOptions<T>);
|
|
193
|
+
init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
|
|
201
194
|
}
|
|
202
195
|
|
|
203
|
-
export { BatchHandlerPlugin,
|
|
204
|
-
export type {
|
|
196
|
+
export { BatchHandlerPlugin, CORSHandlerPlugin, CSRFGuardHandlerPlugin, RequestHeadersHandlerPlugin, ResponseHeadersHandlerPlugin, RethrowHandlerPlugin };
|
|
197
|
+
export type { BatchHandlerPluginOptions, CORSHandlerPluginOptions, RequestHeadersHandlerPluginContext, ResponseHeadersHandlerPluginContext, RethrowHandlerPluginOptions };
|