@orpc/server 1.14.6 → 2.0.0-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (78) hide show
  1. package/README.md +78 -137
  2. package/dist/adapters/crossws/index.d.mts +42 -21
  3. package/dist/adapters/crossws/index.d.ts +42 -21
  4. package/dist/adapters/crossws/index.mjs +37 -18
  5. package/dist/adapters/fetch/index.d.mts +83 -67
  6. package/dist/adapters/fetch/index.d.ts +83 -67
  7. package/dist/adapters/fetch/index.mjs +131 -106
  8. package/dist/adapters/message-port/index.d.mts +51 -34
  9. package/dist/adapters/message-port/index.d.ts +51 -34
  10. package/dist/adapters/message-port/index.mjs +73 -38
  11. package/dist/adapters/node/index.d.mts +82 -60
  12. package/dist/adapters/node/index.d.ts +82 -60
  13. package/dist/adapters/node/index.mjs +127 -98
  14. package/dist/adapters/standard/index.d.mts +16 -18
  15. package/dist/adapters/standard/index.d.ts +16 -18
  16. package/dist/adapters/standard/index.mjs +5 -5
  17. package/dist/adapters/standard-peer/index.d.mts +12 -14
  18. package/dist/adapters/standard-peer/index.d.ts +12 -14
  19. package/dist/adapters/standard-peer/index.mjs +2 -21
  20. package/dist/adapters/websocket/index.d.mts +50 -36
  21. package/dist/adapters/websocket/index.d.ts +50 -36
  22. package/dist/adapters/websocket/index.mjs +55 -42
  23. package/dist/extensions/callable.d.mts +10 -0
  24. package/dist/extensions/callable.d.ts +10 -0
  25. package/dist/extensions/callable.mjs +11 -0
  26. package/dist/helpers/index.d.mts +2 -2
  27. package/dist/helpers/index.d.ts +2 -2
  28. package/dist/helpers/index.mjs +1 -1
  29. package/dist/index.d.mts +163 -770
  30. package/dist/index.d.ts +163 -770
  31. package/dist/index.mjs +296 -403
  32. package/dist/plugins/index.d.mts +120 -127
  33. package/dist/plugins/index.d.ts +120 -127
  34. package/dist/plugins/index.mjs +252 -223
  35. package/dist/shared/server.BL22TloH.d.mts +184 -0
  36. package/dist/shared/server.BL22TloH.d.ts +184 -0
  37. package/dist/shared/server.BsNNjG5J.d.mts +61 -0
  38. package/dist/shared/server.BwHnWUuN.mjs +222 -0
  39. package/dist/shared/server.CX4vUnDk.mjs +11 -0
  40. package/dist/shared/server.Cj5lgPuG.d.mts +66 -0
  41. package/dist/shared/server.CjOb6ItT.mjs +41 -0
  42. package/dist/shared/server.CrlKQucM.mjs +233 -0
  43. package/dist/shared/server.DBANIheG.d.ts +104 -0
  44. package/dist/shared/server.DJIkub_t.d.mts +104 -0
  45. package/dist/shared/server.D_QauotT.mjs +30 -0
  46. package/dist/shared/server.GDpX6Df8.mjs +271 -0
  47. package/dist/shared/server.Pa0F03f_.d.ts +61 -0
  48. package/dist/shared/{server.DZ5BIITo.mjs → server.W91HSRkE.mjs} +2 -2
  49. package/dist/shared/server.d_2NS3g5.d.ts +66 -0
  50. package/package.json +26 -55
  51. package/dist/adapters/aws-lambda/index.d.mts +0 -46
  52. package/dist/adapters/aws-lambda/index.d.ts +0 -46
  53. package/dist/adapters/aws-lambda/index.mjs +0 -40
  54. package/dist/adapters/bun-ws/index.d.mts +0 -36
  55. package/dist/adapters/bun-ws/index.d.ts +0 -36
  56. package/dist/adapters/bun-ws/index.mjs +0 -47
  57. package/dist/adapters/fastify/index.d.mts +0 -53
  58. package/dist/adapters/fastify/index.d.ts +0 -53
  59. package/dist/adapters/fastify/index.mjs +0 -52
  60. package/dist/adapters/ws/index.d.mts +0 -31
  61. package/dist/adapters/ws/index.d.ts +0 -31
  62. package/dist/adapters/ws/index.mjs +0 -37
  63. package/dist/hibernation/index.d.mts +0 -44
  64. package/dist/hibernation/index.d.ts +0 -44
  65. package/dist/hibernation/index.mjs +0 -65
  66. package/dist/shared/server.7cEtMB30.d.ts +0 -74
  67. package/dist/shared/server.B8gYOD5g.d.mts +0 -12
  68. package/dist/shared/server.BqadksTP.d.mts +0 -74
  69. package/dist/shared/server.C8_sRzQB.d.mts +0 -42
  70. package/dist/shared/server.ChUyt5-i.d.mts +0 -32
  71. package/dist/shared/server.ChyoA9XY.d.ts +0 -42
  72. package/dist/shared/server.DEBcqOjg.mjs +0 -418
  73. package/dist/shared/server.EfTOZ2Q7.d.ts +0 -12
  74. package/dist/shared/server.TEVCLCFC.mjs +0 -39
  75. package/dist/shared/server.ZxHCEN1h.mjs +0 -226
  76. package/dist/shared/server.qKsRrdxW.d.mts +0 -193
  77. package/dist/shared/server.qKsRrdxW.d.ts +0 -193
  78. package/dist/shared/server.yoEB3Fx4.d.ts +0 -32
@@ -1,76 +1,133 @@
1
1
  import { Value, Promisable, ThrowableError } from '@orpc/shared';
2
- import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
3
- import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
4
- import { C as Context, d as ProcedureClientInterceptorOptions } from '../shared/server.qKsRrdxW.mjs';
5
- import { d as StandardHandlerInterceptorOptions, g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.BqadksTP.mjs';
6
- import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
7
- import { ORPCError } from '@orpc/client';
2
+ import { StandardLazyRequest, StandardHeaders } from '@standardserver/core';
3
+ import { C as Context } from '../shared/server.BL22TloH.mjs';
4
+ import { e as StandardHandlerPlugin, f as StandardHandlerRoutingInterceptorOptions, a as StandardHandlerOptions, g as StandardHandlerInterceptorOptions } from '../shared/server.DJIkub_t.mjs';
5
+ import '@orpc/client';
6
+ import '@orpc/contract';
8
7
 
9
- interface BatchHandlerOptions<T extends Context> {
8
+ interface BatchHandlerPluginOptions<T extends Context> {
10
9
  /**
11
10
  * The max size of the batch allowed.
12
11
  *
13
12
  * @default 10
14
13
  */
15
- maxSize?: Value<Promisable<number>, [StandardHandlerInterceptorOptions<T>]>;
14
+ maxSize?: Value<Promisable<number>, [options: StandardHandlerRoutingInterceptorOptions<T>]>;
16
15
  /**
17
- * Map the request before processing it.
16
+ * Map each subrequest in the batch before it is processed.
18
17
  *
19
- * @default merged back batch request headers into the request
18
+ * @default merges the batch request headers into the subrequest and remove `orpc-batch` header to prevent nested batching
20
19
  */
21
- mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
20
+ mapSubrequest?: (subrequest: StandardLazyRequest, batchOptions: StandardHandlerRoutingInterceptorOptions<T>) => StandardLazyRequest;
22
21
  /**
23
22
  * Success batch response status code.
24
23
  *
25
24
  * @default 207
26
25
  */
27
- successStatus?: Value<Promisable<number>, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
26
+ successStatus?: Value<Promisable<number>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
28
27
  /**
29
- * success batch response headers.
28
+ * Success batch response headers.
30
29
  *
31
30
  * @default {}
32
31
  */
33
- headers?: Value<Promisable<StandardHeaders>, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
32
+ headers?: Value<Promisable<StandardHeaders>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
34
33
  }
35
- /**
36
- * The Batch Requests Plugin allows you to combine multiple requests and responses into a single batch,
37
- * reducing the overhead of sending each one separately.
38
- *
39
- * @see {@link https://orpc.dev/docs/plugins/batch-requests Batch Requests Plugin Docs}
40
- */
41
34
  declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
35
+ name: string;
36
+ /**
37
+ * Run batch interceptors before OpenTelemetry interceptors
38
+ * so each subrequest gets its own span instead of sharing one batch-level span.
39
+ */
40
+ after: string[];
42
41
  private readonly maxSize;
43
- private readonly mapRequestItem;
42
+ private readonly mapSubrequest;
44
43
  private readonly successStatus;
45
44
  private readonly headers;
46
- order: number;
47
- constructor(options?: BatchHandlerOptions<T>);
48
- init(options: StandardHandlerOptions<T>): void;
45
+ constructor(options?: BatchHandlerPluginOptions<T>);
46
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
49
47
  }
50
48
 
51
- interface CORSOptions<T extends Context> {
52
- origin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
53
- timingOrigin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
49
+ interface CORSHandlerPluginOptions<T extends Context> {
50
+ /**
51
+ * Configures the `Access-Control-Allow-Origin` header.
52
+ * Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
53
+ *
54
+ * @default (origin) => origin
55
+ */
56
+ origin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
57
+ /**
58
+ * Configures the `Timing-Allow-Origin` header.
59
+ * Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
60
+ *
61
+ * @default undefined
62
+ */
63
+ timingOrigin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
64
+ /**
65
+ * Configures the `Access-Control-Allow-Methods` header for preflight requests.
66
+ *
67
+ * @default ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH']
68
+ */
54
69
  allowMethods?: readonly string[];
70
+ /**
71
+ * Configures the `Access-Control-Allow-Headers` header for preflight requests.
72
+ * Falls back to the request's `Access-Control-Request-Headers` if not set.
73
+ *
74
+ * @default undefined
75
+ */
55
76
  allowHeaders?: readonly string[];
77
+ /**
78
+ * Configures the `Access-Control-Max-Age` header (in seconds) for preflight requests.
79
+ *
80
+ * @default undefined
81
+ */
56
82
  maxAge?: number;
83
+ /**
84
+ * Configures the `Access-Control-Allow-Credentials` header.
85
+ *
86
+ * @default undefined
87
+ */
57
88
  credentials?: boolean;
89
+ /**
90
+ * Configures the `Access-Control-Expose-Headers` header.
91
+ *
92
+ * @default undefined
93
+ */
58
94
  exposeHeaders?: readonly string[];
59
95
  }
60
96
  /**
61
- * CORSPlugin is a plugin for oRPC that allows you to configure CORS for your API.
97
+ * CORSHandlerPlugin is a plugin for oRPC that allows you to configure CORS for your API.
62
98
  *
63
99
  * @see {@link https://orpc.dev/docs/plugins/cors CORS Plugin Docs}
64
100
  */
65
- declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
101
+ declare class CORSHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
66
102
  private readonly options;
67
- order: number;
68
- constructor(options?: CORSOptions<T>);
69
- init(options: StandardHandlerOptions<T>): void;
103
+ name: string;
104
+ /**
105
+ * - Do not create spans for CORS preflight requests.
106
+ * - Run CORS interceptors before batch interceptors so headers are applied to
107
+ * the actual response rather than sub-responses.
108
+ */
109
+ after: string[];
110
+ constructor(options?: CORSHandlerPluginOptions<T>);
111
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
70
112
  }
71
113
 
72
- interface RequestHeadersPluginContext {
73
- reqHeaders?: Headers;
114
+ /**
115
+ * Adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
116
+ * When a request includes cookies, it helps ensure the request originates from JavaScript
117
+ * (for example, fetch/XHR) rather than from standard HTML forms or direct browser navigation.
118
+ *
119
+ * @info This plugin is enabled by default for `RPCHandler` over HTTP.
120
+ */
121
+ declare class CSRFGuardHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
122
+ name: string;
123
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
124
+ }
125
+
126
+ interface RequestHeadersHandlerPluginContext {
127
+ /**
128
+ * Request headers as a Headers instance. This is injected by the Request Headers Plugin.
129
+ */
130
+ reqHeaders?: Headers | undefined;
74
131
  }
75
132
  /**
76
133
  * The Request Headers Plugin injects a `reqHeaders` instance into the context,
@@ -78,12 +135,17 @@ interface RequestHeadersPluginContext {
78
135
  *
79
136
  * @see {@link https://orpc.dev/docs/plugins/request-headers Request Headers Plugin Docs}
80
137
  */
81
- declare class RequestHeadersPlugin<T extends RequestHeadersPluginContext> implements StandardHandlerPlugin<T> {
82
- init(options: StandardHandlerOptions<T>): void;
138
+ declare class RequestHeadersHandlerPlugin<T extends RequestHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
139
+ name: string;
140
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
83
141
  }
84
142
 
85
- interface ResponseHeadersPluginContext {
86
- resHeaders?: Headers;
143
+ interface ResponseHeadersHandlerPluginContext {
144
+ /**
145
+ * Response headers as a Headers instance. This is injected by the Response Headers Plugin.
146
+ * When set before the response is sent, these headers will be included in the response. If not set, no additional headers will be added.
147
+ */
148
+ resHeaders?: Headers | undefined;
87
149
  }
88
150
  /**
89
151
  * The Response Headers Plugin allows you to set response headers in oRPC.
@@ -91,11 +153,16 @@ interface ResponseHeadersPluginContext {
91
153
  *
92
154
  * @see {@link https://orpc.dev/docs/plugins/response-headers Response Headers Plugin Docs}
93
155
  */
94
- declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> implements StandardHandlerPlugin<T> {
95
- init(options: StandardHandlerOptions<T>): void;
156
+ declare class ResponseHeadersHandlerPlugin<T extends ResponseHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
157
+ name: string;
158
+ /**
159
+ * Interceptors should run after batch interceptors so headers are applied to each sub-response.
160
+ */
161
+ before: string[];
162
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
96
163
  }
97
164
 
98
- interface experimental_RethrowHandlerPluginOptions<T extends Context> {
165
+ interface RethrowHandlerPluginOptions<T extends Context> {
99
166
  /**
100
167
  * Decide which errors should be rethrown.
101
168
  *
@@ -109,96 +176,22 @@ interface experimental_RethrowHandlerPluginOptions<T extends Context> {
109
176
  * })
110
177
  * ```
111
178
  */
112
- filter: Value<boolean, [error: ThrowableError, options: StandardHandlerInterceptorOptions<T>]>;
179
+ filter: (error: ThrowableError, options: StandardHandlerInterceptorOptions<T>) => boolean;
113
180
  }
114
181
  /**
115
- * The plugin allows you to catch and rethrow specific errors that occur during request handling.
116
- * This is particularly useful when your framework has its own error handling mechanism
117
- * (e.g., global exception filters in NestJS, error middleware in Express)
118
- * and you want certain errors to be processed by that mechanism instead of being handled by the
119
- * oRPC error handling flow.
182
+ * The plugin can bypass oRPC's built-in error handling
183
+ * and rethrow matching errors directly to your framework's error handling mechanism
184
+ * (e.g., NestJS exception filters, Express error middleware).
120
185
  *
121
- * @see {@link https://orpc.dev/docs/plugins/rethrow-handler Rethrow Handler Plugin Docs}
186
+ * @see {@link https://orpc.dev/docs/plugins/rethrow Rethrow Plugin Documentation}
122
187
  */
123
- declare class experimental_RethrowHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
188
+ declare class RethrowHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
189
+ name: string;
124
190
  private readonly filter;
125
- CONTEXT_SYMBOL: symbol;
126
- constructor(options: experimental_RethrowHandlerPluginOptions<T>);
127
- init(options: StandardHandlerOptions<T>): void;
128
- }
129
-
130
- interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
131
- /**
132
- * The name of the header to check.
133
- *
134
- * @default 'x-csrf-token'
135
- */
136
- headerName?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
137
- /**
138
- * The value of the header to check.
139
- *
140
- * @default 'orpc'
141
- *
142
- */
143
- headerValue?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
144
- /**
145
- * Exclude a procedure from the plugin.
146
- *
147
- * @default false
148
- *
149
- */
150
- exclude?: Value<Promisable<boolean>, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
151
- /**
152
- * The error thrown when the CSRF token is invalid.
153
- *
154
- * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
155
- * status: 403,
156
- * message: 'Invalid CSRF token',
157
- * })
158
- */
159
- error?: InstanceType<typeof ORPCError>;
160
- }
161
- /**
162
- * This plugin adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
163
- * It helps ensure that requests to your procedures originate from JavaScript code,
164
- * not from other sources like standard HTML forms or direct browser navigation.
165
- *
166
- * @see {@link https://orpc.dev/docs/plugins/simple-csrf-protection Simple CSRF Protection Plugin Docs}
167
- */
168
- declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
169
- private readonly headerName;
170
- private readonly headerValue;
171
- private readonly exclude;
172
- private readonly error;
173
- constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
174
- order: number;
175
- init(options: StandardHandlerOptions<T>): void;
176
- }
177
-
178
- interface StrictGetMethodPluginOptions {
179
- /**
180
- * The error thrown when a GET request is made to a procedure that doesn't allow GET.
181
- *
182
- * @default new ORPCError('METHOD_NOT_SUPPORTED')
183
- */
184
- error?: InstanceType<typeof ORPCError$1>;
185
- }
186
- /**
187
- * This plugin enhances security by ensuring only procedures explicitly marked to accept GET requests
188
- * can be called using the HTTP GET method for RPC Protocol. This helps prevent certain types of
189
- * Cross-Site Request Forgery (CSRF) attacks.
190
- *
191
- * @see {@link https://orpc.dev/docs/plugins/strict-get-method Strict Get Method Plugin Docs}
192
- */
193
- declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
194
- private readonly error;
195
- /**
196
- * make sure execute before batch plugin to get real method
197
- */
198
- order: number;
199
- constructor(options?: StrictGetMethodPluginOptions);
200
- init(options: StandardHandlerOptions<T>): void;
191
+ private readonly CONTEXT_SYMBOL;
192
+ constructor(options: RethrowHandlerPluginOptions<T>);
193
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
201
194
  }
202
195
 
203
- export { BatchHandlerPlugin, CORSPlugin, RequestHeadersPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin, experimental_RethrowHandlerPlugin };
204
- export type { BatchHandlerOptions, CORSOptions, RequestHeadersPluginContext, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions, experimental_RethrowHandlerPluginOptions };
196
+ export { BatchHandlerPlugin, CORSHandlerPlugin, CSRFGuardHandlerPlugin, RequestHeadersHandlerPlugin, ResponseHeadersHandlerPlugin, RethrowHandlerPlugin };
197
+ export type { BatchHandlerPluginOptions, CORSHandlerPluginOptions, RequestHeadersHandlerPluginContext, ResponseHeadersHandlerPluginContext, RethrowHandlerPluginOptions };
@@ -1,76 +1,133 @@
1
1
  import { Value, Promisable, ThrowableError } from '@orpc/shared';
2
- import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
3
- import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
4
- import { C as Context, d as ProcedureClientInterceptorOptions } from '../shared/server.qKsRrdxW.js';
5
- import { d as StandardHandlerInterceptorOptions, g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.7cEtMB30.js';
6
- import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
7
- import { ORPCError } from '@orpc/client';
2
+ import { StandardLazyRequest, StandardHeaders } from '@standardserver/core';
3
+ import { C as Context } from '../shared/server.BL22TloH.js';
4
+ import { e as StandardHandlerPlugin, f as StandardHandlerRoutingInterceptorOptions, a as StandardHandlerOptions, g as StandardHandlerInterceptorOptions } from '../shared/server.DBANIheG.js';
5
+ import '@orpc/client';
6
+ import '@orpc/contract';
8
7
 
9
- interface BatchHandlerOptions<T extends Context> {
8
+ interface BatchHandlerPluginOptions<T extends Context> {
10
9
  /**
11
10
  * The max size of the batch allowed.
12
11
  *
13
12
  * @default 10
14
13
  */
15
- maxSize?: Value<Promisable<number>, [StandardHandlerInterceptorOptions<T>]>;
14
+ maxSize?: Value<Promisable<number>, [options: StandardHandlerRoutingInterceptorOptions<T>]>;
16
15
  /**
17
- * Map the request before processing it.
16
+ * Map each subrequest in the batch before it is processed.
18
17
  *
19
- * @default merged back batch request headers into the request
18
+ * @default merges the batch request headers into the subrequest and remove `orpc-batch` header to prevent nested batching
20
19
  */
21
- mapRequestItem?(request: StandardRequest, batchOptions: StandardHandlerInterceptorOptions<T>): StandardRequest;
20
+ mapSubrequest?: (subrequest: StandardLazyRequest, batchOptions: StandardHandlerRoutingInterceptorOptions<T>) => StandardLazyRequest;
22
21
  /**
23
22
  * Success batch response status code.
24
23
  *
25
24
  * @default 207
26
25
  */
27
- successStatus?: Value<Promisable<number>, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
26
+ successStatus?: Value<Promisable<number>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
28
27
  /**
29
- * success batch response headers.
28
+ * Success batch response headers.
30
29
  *
31
30
  * @default {}
32
31
  */
33
- headers?: Value<Promisable<StandardHeaders>, [responses: Promise<BatchResponseBodyItem>[], batchOptions: StandardHandlerInterceptorOptions<T>]>;
32
+ headers?: Value<Promisable<StandardHeaders>, [batchOptions: StandardHandlerRoutingInterceptorOptions<T>]>;
34
33
  }
35
- /**
36
- * The Batch Requests Plugin allows you to combine multiple requests and responses into a single batch,
37
- * reducing the overhead of sending each one separately.
38
- *
39
- * @see {@link https://orpc.dev/docs/plugins/batch-requests Batch Requests Plugin Docs}
40
- */
41
34
  declare class BatchHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
35
+ name: string;
36
+ /**
37
+ * Run batch interceptors before OpenTelemetry interceptors
38
+ * so each subrequest gets its own span instead of sharing one batch-level span.
39
+ */
40
+ after: string[];
42
41
  private readonly maxSize;
43
- private readonly mapRequestItem;
42
+ private readonly mapSubrequest;
44
43
  private readonly successStatus;
45
44
  private readonly headers;
46
- order: number;
47
- constructor(options?: BatchHandlerOptions<T>);
48
- init(options: StandardHandlerOptions<T>): void;
45
+ constructor(options?: BatchHandlerPluginOptions<T>);
46
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
49
47
  }
50
48
 
51
- interface CORSOptions<T extends Context> {
52
- origin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
53
- timingOrigin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerInterceptorOptions<T>]>;
49
+ interface CORSHandlerPluginOptions<T extends Context> {
50
+ /**
51
+ * Configures the `Access-Control-Allow-Origin` header.
52
+ * Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
53
+ *
54
+ * @default (origin) => origin
55
+ */
56
+ origin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
57
+ /**
58
+ * Configures the `Timing-Allow-Origin` header.
59
+ * Can be a string, an array of allowed origins, or a function that returns the allowed origin(s).
60
+ *
61
+ * @default undefined
62
+ */
63
+ timingOrigin?: Value<Promisable<string | readonly string[] | null | undefined>, [origin: string, options: StandardHandlerRoutingInterceptorOptions<T>]>;
64
+ /**
65
+ * Configures the `Access-Control-Allow-Methods` header for preflight requests.
66
+ *
67
+ * @default ['GET', 'HEAD', 'PUT', 'POST', 'DELETE', 'PATCH']
68
+ */
54
69
  allowMethods?: readonly string[];
70
+ /**
71
+ * Configures the `Access-Control-Allow-Headers` header for preflight requests.
72
+ * Falls back to the request's `Access-Control-Request-Headers` if not set.
73
+ *
74
+ * @default undefined
75
+ */
55
76
  allowHeaders?: readonly string[];
77
+ /**
78
+ * Configures the `Access-Control-Max-Age` header (in seconds) for preflight requests.
79
+ *
80
+ * @default undefined
81
+ */
56
82
  maxAge?: number;
83
+ /**
84
+ * Configures the `Access-Control-Allow-Credentials` header.
85
+ *
86
+ * @default undefined
87
+ */
57
88
  credentials?: boolean;
89
+ /**
90
+ * Configures the `Access-Control-Expose-Headers` header.
91
+ *
92
+ * @default undefined
93
+ */
58
94
  exposeHeaders?: readonly string[];
59
95
  }
60
96
  /**
61
- * CORSPlugin is a plugin for oRPC that allows you to configure CORS for your API.
97
+ * CORSHandlerPlugin is a plugin for oRPC that allows you to configure CORS for your API.
62
98
  *
63
99
  * @see {@link https://orpc.dev/docs/plugins/cors CORS Plugin Docs}
64
100
  */
65
- declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T> {
101
+ declare class CORSHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
66
102
  private readonly options;
67
- order: number;
68
- constructor(options?: CORSOptions<T>);
69
- init(options: StandardHandlerOptions<T>): void;
103
+ name: string;
104
+ /**
105
+ * - Do not create spans for CORS preflight requests.
106
+ * - Run CORS interceptors before batch interceptors so headers are applied to
107
+ * the actual response rather than sub-responses.
108
+ */
109
+ after: string[];
110
+ constructor(options?: CORSHandlerPluginOptions<T>);
111
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
70
112
  }
71
113
 
72
- interface RequestHeadersPluginContext {
73
- reqHeaders?: Headers;
114
+ /**
115
+ * Adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
116
+ * When a request includes cookies, it helps ensure the request originates from JavaScript
117
+ * (for example, fetch/XHR) rather than from standard HTML forms or direct browser navigation.
118
+ *
119
+ * @info This plugin is enabled by default for `RPCHandler` over HTTP.
120
+ */
121
+ declare class CSRFGuardHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
122
+ name: string;
123
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
124
+ }
125
+
126
+ interface RequestHeadersHandlerPluginContext {
127
+ /**
128
+ * Request headers as a Headers instance. This is injected by the Request Headers Plugin.
129
+ */
130
+ reqHeaders?: Headers | undefined;
74
131
  }
75
132
  /**
76
133
  * The Request Headers Plugin injects a `reqHeaders` instance into the context,
@@ -78,12 +135,17 @@ interface RequestHeadersPluginContext {
78
135
  *
79
136
  * @see {@link https://orpc.dev/docs/plugins/request-headers Request Headers Plugin Docs}
80
137
  */
81
- declare class RequestHeadersPlugin<T extends RequestHeadersPluginContext> implements StandardHandlerPlugin<T> {
82
- init(options: StandardHandlerOptions<T>): void;
138
+ declare class RequestHeadersHandlerPlugin<T extends RequestHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
139
+ name: string;
140
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
83
141
  }
84
142
 
85
- interface ResponseHeadersPluginContext {
86
- resHeaders?: Headers;
143
+ interface ResponseHeadersHandlerPluginContext {
144
+ /**
145
+ * Response headers as a Headers instance. This is injected by the Response Headers Plugin.
146
+ * When set before the response is sent, these headers will be included in the response. If not set, no additional headers will be added.
147
+ */
148
+ resHeaders?: Headers | undefined;
87
149
  }
88
150
  /**
89
151
  * The Response Headers Plugin allows you to set response headers in oRPC.
@@ -91,11 +153,16 @@ interface ResponseHeadersPluginContext {
91
153
  *
92
154
  * @see {@link https://orpc.dev/docs/plugins/response-headers Response Headers Plugin Docs}
93
155
  */
94
- declare class ResponseHeadersPlugin<T extends ResponseHeadersPluginContext> implements StandardHandlerPlugin<T> {
95
- init(options: StandardHandlerOptions<T>): void;
156
+ declare class ResponseHeadersHandlerPlugin<T extends ResponseHeadersHandlerPluginContext> implements StandardHandlerPlugin<T> {
157
+ name: string;
158
+ /**
159
+ * Interceptors should run after batch interceptors so headers are applied to each sub-response.
160
+ */
161
+ before: string[];
162
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
96
163
  }
97
164
 
98
- interface experimental_RethrowHandlerPluginOptions<T extends Context> {
165
+ interface RethrowHandlerPluginOptions<T extends Context> {
99
166
  /**
100
167
  * Decide which errors should be rethrown.
101
168
  *
@@ -109,96 +176,22 @@ interface experimental_RethrowHandlerPluginOptions<T extends Context> {
109
176
  * })
110
177
  * ```
111
178
  */
112
- filter: Value<boolean, [error: ThrowableError, options: StandardHandlerInterceptorOptions<T>]>;
179
+ filter: (error: ThrowableError, options: StandardHandlerInterceptorOptions<T>) => boolean;
113
180
  }
114
181
  /**
115
- * The plugin allows you to catch and rethrow specific errors that occur during request handling.
116
- * This is particularly useful when your framework has its own error handling mechanism
117
- * (e.g., global exception filters in NestJS, error middleware in Express)
118
- * and you want certain errors to be processed by that mechanism instead of being handled by the
119
- * oRPC error handling flow.
182
+ * The plugin can bypass oRPC's built-in error handling
183
+ * and rethrow matching errors directly to your framework's error handling mechanism
184
+ * (e.g., NestJS exception filters, Express error middleware).
120
185
  *
121
- * @see {@link https://orpc.dev/docs/plugins/rethrow-handler Rethrow Handler Plugin Docs}
186
+ * @see {@link https://orpc.dev/docs/plugins/rethrow Rethrow Plugin Documentation}
122
187
  */
123
- declare class experimental_RethrowHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
188
+ declare class RethrowHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
189
+ name: string;
124
190
  private readonly filter;
125
- CONTEXT_SYMBOL: symbol;
126
- constructor(options: experimental_RethrowHandlerPluginOptions<T>);
127
- init(options: StandardHandlerOptions<T>): void;
128
- }
129
-
130
- interface SimpleCsrfProtectionHandlerPluginOptions<T extends Context> {
131
- /**
132
- * The name of the header to check.
133
- *
134
- * @default 'x-csrf-token'
135
- */
136
- headerName?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
137
- /**
138
- * The value of the header to check.
139
- *
140
- * @default 'orpc'
141
- *
142
- */
143
- headerValue?: Value<Promisable<string>, [options: StandardHandlerInterceptorOptions<T>]>;
144
- /**
145
- * Exclude a procedure from the plugin.
146
- *
147
- * @default false
148
- *
149
- */
150
- exclude?: Value<Promisable<boolean>, [options: ProcedureClientInterceptorOptions<T, Record<never, never>, Meta>]>;
151
- /**
152
- * The error thrown when the CSRF token is invalid.
153
- *
154
- * @default new ORPCError('CSRF_TOKEN_MISMATCH', {
155
- * status: 403,
156
- * message: 'Invalid CSRF token',
157
- * })
158
- */
159
- error?: InstanceType<typeof ORPCError>;
160
- }
161
- /**
162
- * This plugin adds basic Cross-Site Request Forgery (CSRF) protection to your oRPC application.
163
- * It helps ensure that requests to your procedures originate from JavaScript code,
164
- * not from other sources like standard HTML forms or direct browser navigation.
165
- *
166
- * @see {@link https://orpc.dev/docs/plugins/simple-csrf-protection Simple CSRF Protection Plugin Docs}
167
- */
168
- declare class SimpleCsrfProtectionHandlerPlugin<T extends Context> implements StandardHandlerPlugin<T> {
169
- private readonly headerName;
170
- private readonly headerValue;
171
- private readonly exclude;
172
- private readonly error;
173
- constructor(options?: SimpleCsrfProtectionHandlerPluginOptions<T>);
174
- order: number;
175
- init(options: StandardHandlerOptions<T>): void;
176
- }
177
-
178
- interface StrictGetMethodPluginOptions {
179
- /**
180
- * The error thrown when a GET request is made to a procedure that doesn't allow GET.
181
- *
182
- * @default new ORPCError('METHOD_NOT_SUPPORTED')
183
- */
184
- error?: InstanceType<typeof ORPCError$1>;
185
- }
186
- /**
187
- * This plugin enhances security by ensuring only procedures explicitly marked to accept GET requests
188
- * can be called using the HTTP GET method for RPC Protocol. This helps prevent certain types of
189
- * Cross-Site Request Forgery (CSRF) attacks.
190
- *
191
- * @see {@link https://orpc.dev/docs/plugins/strict-get-method Strict Get Method Plugin Docs}
192
- */
193
- declare class StrictGetMethodPlugin<T extends Context> implements StandardHandlerPlugin<T> {
194
- private readonly error;
195
- /**
196
- * make sure execute before batch plugin to get real method
197
- */
198
- order: number;
199
- constructor(options?: StrictGetMethodPluginOptions);
200
- init(options: StandardHandlerOptions<T>): void;
191
+ private readonly CONTEXT_SYMBOL;
192
+ constructor(options: RethrowHandlerPluginOptions<T>);
193
+ init(options: StandardHandlerOptions<T>): StandardHandlerOptions<T>;
201
194
  }
202
195
 
203
- export { BatchHandlerPlugin, CORSPlugin, RequestHeadersPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin, experimental_RethrowHandlerPlugin };
204
- export type { BatchHandlerOptions, CORSOptions, RequestHeadersPluginContext, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions, experimental_RethrowHandlerPluginOptions };
196
+ export { BatchHandlerPlugin, CORSHandlerPlugin, CSRFGuardHandlerPlugin, RequestHeadersHandlerPlugin, ResponseHeadersHandlerPlugin, RethrowHandlerPlugin };
197
+ export type { BatchHandlerPluginOptions, CORSHandlerPluginOptions, RequestHeadersHandlerPluginContext, ResponseHeadersHandlerPluginContext, RethrowHandlerPluginOptions };