@orpc/server 1.7.4 → 1.7.5

package/dist/helpers/index.d.mts

@@ -0,0 +1,130 @@
+import { SerializeOptions, ParseOptions } from 'cookie';
+
+/**
+ * Encodes a Uint8Array to base64url format
+ * Base64url is URL-safe and doesn't use padding
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function encodeBase64url(data: Uint8Array): string;
+/**
+ * Decodes a base64url string to Uint8Array
+ * Returns undefined if the input is invalid
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function decodeBase64url(base64url: string | undefined | null): Uint8Array | undefined;
+
+interface SetCookieOptions extends SerializeOptions {
+    /**
+     * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
+     *
+     * @default '/'
+     */
+    path?: string;
+}
+/**
+ * Sets a cookie in the response headers,
+ *
+ * Does nothing if `headers` is `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers()
+ *
+ * setCookie(headers, 'sessionId', 'abc123', { httpOnly: true, maxAge: 3600 })
+ *
+ * expect(headers.get('Set-Cookie')).toBe('sessionId=abc123; HttpOnly; Max-Age=3600')
+ * ```
+ *
+ */
+declare function setCookie(headers: Headers | undefined, name: string, value: string, options?: SetCookieOptions): void;
+interface GetCookieOptions extends ParseOptions {
+}
+/**
+ * Gets a cookie value from request headers
+ *
+ * Returns `undefined` if the cookie is not found or headers are `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers({ 'Cookie': 'sessionId=abc123; theme=dark' })
+ *
+ * const sessionId = getCookie(headers, 'sessionId')
+ *
+ * expect(sessionId).toEqual('abc123')
+ * ```
+ */
+declare function getCookie(headers: Headers | undefined, name: string, options?: GetCookieOptions): string | undefined;
+
+/**
+ * Encrypts a string using AES-GCM with a secret key.
+ * The output is base64url encoded to be URL-safe.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function encrypt(value: string, secret: string): Promise<string>;
+/**
+ * Decrypts a base64url encoded string using AES-GCM with a secret key.
+ * Returns the original string if decryption is successful, or undefined if it fails.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function decrypt(encrypted: string | undefined | null, secret: string): Promise<string | undefined>;
+
+/**
+ * Signs a string value using HMAC-SHA256 with a secret key.
+ *
+ * This function creates a cryptographic signature that can be used to verify
+ * the integrity and authenticity of the data. The signature is appended to
+ * the original value, separated by a dot, using base64url encoding (no padding).
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = await sign("user123", "my-secret-key")
+ * expect(signedValue).toEqual("user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA")
+ * ```
+ */
+declare function sign(value: string, secret: string): Promise<string>;
+/**
+ * Verifies and extracts the original value from a signed string.
+ *
+ * This function validates the signature of a previously signed value using the same
+ * secret key. If the signature is valid, it returns the original value. If the
+ * signature is invalid or the format is incorrect, it returns undefined.
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = "user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA"
+ * const originalValue = await unsign(signedValue, "my-secret-key")
+ * expect(originalValue).toEqual("user123")
+ * ```
+ */
+declare function unsign(signedValue: string | undefined | null, secret: string): Promise<string | undefined>;
+
+export { decodeBase64url, decrypt, encodeBase64url, encrypt, getCookie, setCookie, sign, unsign };
+export type { GetCookieOptions, SetCookieOptions };

package/dist/helpers/index.d.ts

@@ -0,0 +1,130 @@
+import { SerializeOptions, ParseOptions } from 'cookie';
+
+/**
+ * Encodes a Uint8Array to base64url format
+ * Base64url is URL-safe and doesn't use padding
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function encodeBase64url(data: Uint8Array): string;
+/**
+ * Decodes a base64url string to Uint8Array
+ * Returns undefined if the input is invalid
+ *
+ * @example
+ * ```ts
+ * const text = "Hello World"
+ * const encoded = encodeBase64url(new TextEncoder().encode(text))
+ * const decoded = decodeBase64url(encoded)
+ * expect(new TextDecoder().decode(decoded)).toEqual(text)
+ * ```
+ */
+declare function decodeBase64url(base64url: string | undefined | null): Uint8Array | undefined;
+
+interface SetCookieOptions extends SerializeOptions {
+    /**
+     * Specifies the value for the [`Path` `Set-Cookie` attribute](https://tools.ietf.org/html/rfc6265#section-5.2.4).
+     *
+     * @default '/'
+     */
+    path?: string;
+}
+/**
+ * Sets a cookie in the response headers,
+ *
+ * Does nothing if `headers` is `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers()
+ *
+ * setCookie(headers, 'sessionId', 'abc123', { httpOnly: true, maxAge: 3600 })
+ *
+ * expect(headers.get('Set-Cookie')).toBe('sessionId=abc123; HttpOnly; Max-Age=3600')
+ * ```
+ *
+ */
+declare function setCookie(headers: Headers | undefined, name: string, value: string, options?: SetCookieOptions): void;
+interface GetCookieOptions extends ParseOptions {
+}
+/**
+ * Gets a cookie value from request headers
+ *
+ * Returns `undefined` if the cookie is not found or headers are `undefined`.
+ *
+ * @example
+ * ```ts
+ * const headers = new Headers({ 'Cookie': 'sessionId=abc123; theme=dark' })
+ *
+ * const sessionId = getCookie(headers, 'sessionId')
+ *
+ * expect(sessionId).toEqual('abc123')
+ * ```
+ */
+declare function getCookie(headers: Headers | undefined, name: string, options?: GetCookieOptions): string | undefined;
+
+/**
+ * Encrypts a string using AES-GCM with a secret key.
+ * The output is base64url encoded to be URL-safe.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function encrypt(value: string, secret: string): Promise<string>;
+/**
+ * Decrypts a base64url encoded string using AES-GCM with a secret key.
+ * Returns the original string if decryption is successful, or undefined if it fails.
+ *
+ * @example
+ * ```ts
+ * const encrypted = await encrypt("Hello, World!", "test-secret-key")
+ * const decrypted = await decrypt(encrypted, "test-secret-key")
+ * expect(decrypted).toBe("Hello, World!")
+ * ```
+ */
+declare function decrypt(encrypted: string | undefined | null, secret: string): Promise<string | undefined>;
+
+/**
+ * Signs a string value using HMAC-SHA256 with a secret key.
+ *
+ * This function creates a cryptographic signature that can be used to verify
+ * the integrity and authenticity of the data. The signature is appended to
+ * the original value, separated by a dot, using base64url encoding (no padding).
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = await sign("user123", "my-secret-key")
+ * expect(signedValue).toEqual("user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA")
+ * ```
+ */
+declare function sign(value: string, secret: string): Promise<string>;
+/**
+ * Verifies and extracts the original value from a signed string.
+ *
+ * This function validates the signature of a previously signed value using the same
+ * secret key. If the signature is valid, it returns the original value. If the
+ * signature is invalid or the format is incorrect, it returns undefined.
+ *
+ *
+ * @example
+ * ```ts
+ * const signedValue = "user123.oneQsU0r5dvwQFHFEjjV1uOI_IR3gZfkYHij3TRauVA"
+ * const originalValue = await unsign(signedValue, "my-secret-key")
+ * expect(originalValue).toEqual("user123")
+ * ```
+ */
+declare function unsign(signedValue: string | undefined | null, secret: string): Promise<string | undefined>;
+
+export { decodeBase64url, decrypt, encodeBase64url, encrypt, getCookie, setCookie, sign, unsign };
+export type { GetCookieOptions, SetCookieOptions };

package/dist/helpers/index.mjs

@@ -0,0 +1,182 @@
+import { serialize, parse } from 'cookie';
+
+function encodeBase64url(data) {
+  const chunkSize = 8192;
+  let binaryString = "";
+  for (let i = 0; i < data.length; i += chunkSize) {
+    const chunk = data.subarray(i, i + chunkSize);
+    binaryString += String.fromCharCode(...chunk);
+  }
+  const base64 = btoa(binaryString);
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function decodeBase64url(base64url) {
+  try {
+    if (typeof base64url !== "string") {
+      return void 0;
+    }
+    let base64 = base64url.replace(/-/g, "+").replace(/_/g, "/");
+    while (base64.length % 4) {
+      base64 += "=";
+    }
+    const binaryString = atob(base64);
+    const bytes = new Uint8Array(binaryString.length);
+    for (let i = 0; i < binaryString.length; i++) {
+      bytes[i] = binaryString.charCodeAt(i);
+    }
+    return bytes;
+  } catch {
+    return void 0;
+  }
+}
+
+function setCookie(headers, name, value, options = {}) {
+  if (headers === void 0) {
+    return;
+  }
+  const cookieString = serialize(name, value, {
+    path: "/",
+    ...options
+  });
+  headers.append("Set-Cookie", cookieString);
+}
+function getCookie(headers, name, options = {}) {
+  if (headers === void 0) {
+    return void 0;
+  }
+  const cookieHeader = headers.get("cookie");
+  if (cookieHeader === null) {
+    return void 0;
+  }
+  return parse(cookieHeader, options)[name];
+}
+
+const PBKDF2_CONFIG = {
+  name: "PBKDF2",
+  iterations: 6e4,
+  // Recommended minimum iterations per current OWASP guidelines
+  hash: "SHA-256"
+};
+const AES_GCM_CONFIG = {
+  name: "AES-GCM",
+  length: 256
+};
+const CRYPTO_CONSTANTS = {
+  SALT_LENGTH: 16,
+  IV_LENGTH: 12
+};
+async function encrypt(value, secret) {
+  const encoder = new TextEncoder();
+  const data = encoder.encode(value);
+  const salt = crypto.getRandomValues(new Uint8Array(CRYPTO_CONSTANTS.SALT_LENGTH));
+  const keyMaterial = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    PBKDF2_CONFIG.name,
+    false,
+    ["deriveKey"]
+  );
+  const key = await crypto.subtle.deriveKey(
+    { ...PBKDF2_CONFIG, salt },
+    keyMaterial,
+    AES_GCM_CONFIG,
+    false,
+    ["encrypt"]
+  );
+  const iv = crypto.getRandomValues(new Uint8Array(CRYPTO_CONSTANTS.IV_LENGTH));
+  const encrypted = await crypto.subtle.encrypt(
+    { name: AES_GCM_CONFIG.name, iv },
+    key,
+    data
+  );
+  const result = new Uint8Array(salt.length + iv.length + encrypted.byteLength);
+  result.set(salt, 0);
+  result.set(iv, salt.length);
+  result.set(new Uint8Array(encrypted), salt.length + iv.length);
+  return encodeBase64url(result);
+}
+async function decrypt(encrypted, secret) {
+  try {
+    const data = decodeBase64url(encrypted);
+    if (data === void 0) {
+      return void 0;
+    }
+    const encoder = new TextEncoder();
+    const decoder = new TextDecoder();
+    const salt = data.slice(0, CRYPTO_CONSTANTS.SALT_LENGTH);
+    const iv = data.slice(CRYPTO_CONSTANTS.SALT_LENGTH, CRYPTO_CONSTANTS.SALT_LENGTH + CRYPTO_CONSTANTS.IV_LENGTH);
+    const encryptedData = data.slice(CRYPTO_CONSTANTS.SALT_LENGTH + CRYPTO_CONSTANTS.IV_LENGTH);
+    const keyMaterial = await crypto.subtle.importKey(
+      "raw",
+      encoder.encode(secret),
+      PBKDF2_CONFIG.name,
+      false,
+      ["deriveKey"]
+    );
+    const key = await crypto.subtle.deriveKey(
+      { ...PBKDF2_CONFIG, salt },
+      keyMaterial,
+      AES_GCM_CONFIG,
+      false,
+      ["decrypt"]
+    );
+    const decrypted = await crypto.subtle.decrypt(
+      { name: AES_GCM_CONFIG.name, iv },
+      key,
+      encryptedData
+    );
+    return decoder.decode(decrypted);
+  } catch {
+    return void 0;
+  }
+}
+
+const ALGORITHM = { name: "HMAC", hash: "SHA-256" };
+async function sign(value, secret) {
+  const encoder = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    ALGORITHM,
+    false,
+    ["sign"]
+  );
+  const signature = await crypto.subtle.sign(
+    ALGORITHM,
+    key,
+    encoder.encode(value)
+  );
+  return `${value}.${encodeBase64url(new Uint8Array(signature))}`;
+}
+async function unsign(signedValue, secret) {
+  if (typeof signedValue !== "string") {
+    return void 0;
+  }
+  const lastDotIndex = signedValue.lastIndexOf(".");
+  if (lastDotIndex === -1) {
+    return void 0;
+  }
+  const value = signedValue.slice(0, lastDotIndex);
+  const signatureBase64url = signedValue.slice(lastDotIndex + 1);
+  const signature = decodeBase64url(signatureBase64url);
+  if (signature === void 0) {
+    return void 0;
+  }
+  const encoder = new TextEncoder();
+  const key = await crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    ALGORITHM,
+    false,
+    ["verify"]
+  );
+  const isValid = await crypto.subtle.verify(
+    ALGORITHM,
+    key,
+    signature,
+    encoder.encode(value)
+  );
+  return isValid ? value : void 0;
+}
+
+export { decodeBase64url, decrypt, encodeBase64url, encrypt, getCookie, setCookie, sign, unsign };

package/dist/hibernation/index.d.mts

@@ -1,8 +1,8 @@
 import { StandardRPCJsonSerializerOptions } from '@orpc/client/standard';
-import { g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.De2J-WNx.mjs';
+import { g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.DHgXKx3q.mjs';
 import { experimental_HibernationEventIterator } from '@orpc/standard-server';
 export { experimental_HibernationEventIterator, experimental_HibernationEventIteratorCallback } from '@orpc/standard-server';
-import { C as Context, R as Router } from '../shared/server.CRejaM08.mjs';
+import { C as Context, R as Router } from '../shared/server.wMv480px.mjs';
 import '@orpc/client';
 import '@orpc/contract';
 import '@orpc/shared';

package/dist/hibernation/index.d.ts

@@ -1,8 +1,8 @@
 import { StandardRPCJsonSerializerOptions } from '@orpc/client/standard';
-import { g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.BX8Iro5z.js';
+import { g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.DVBSOxWU.js';
 import { experimental_HibernationEventIterator } from '@orpc/standard-server';
 export { experimental_HibernationEventIterator, experimental_HibernationEventIteratorCallback } from '@orpc/standard-server';
-import { C as Context, R as Router } from '../shared/server.CRejaM08.js';
+import { C as Context, R as Router } from '../shared/server.wMv480px.js';
 import '@orpc/client';
 import '@orpc/contract';
 import '@orpc/shared';

package/dist/index.d.mts

@@ -4,10 +4,10 @@ import { AnySchema, ErrorMap, InferSchemaInput, InferSchemaOutput, ErrorFromErro
 export { ContractProcedure, ContractProcedureDef, ContractRouter, ErrorMap, ErrorMapItem, InferSchemaInput, InferSchemaOutput, InputStructure, MergedErrorMap, Meta, OutputStructure, Route, Schema, ValidationError, eventIterator, type } from '@orpc/contract';
 import { ThrowableError, IntersectPick, MaybeOptionalOptions } from '@orpc/shared';
 export { EventPublisher, EventPublisherOptions, EventPublisherSubscribeIteratorOptions, IntersectPick, Registry, ThrowableError, asyncIteratorToStream as eventIteratorToStream, onError, onFinish, onStart, onSuccess, streamToAsyncIteratorClass as streamToEventIterator } from '@orpc/shared';
-import { C as Context, P as Procedure, e as Middleware, O as ORPCErrorConstructorMap, M as MergedInitialContext, f as MergedCurrentContext, g as MapInputMiddleware, h as CreateProcedureClientOptions, i as ProcedureClient, j as ProcedureHandler, R as Router, c as Lazy, a as AnyMiddleware, b as AnyRouter, A as AnyProcedure, L as Lazyable, I as InferRouterInitialContext } from './shared/server.CRejaM08.mjs';
-export { J as InferRouterCurrentContexts, H as InferRouterInitialContexts, K as InferRouterInputs, N as InferRouterOutputs, o as LAZY_SYMBOL, p as LazyMeta, x as MiddlewareNextFn, w as MiddlewareNextFnOptions, z as MiddlewareOptions, y as MiddlewareOutputFn, t as MiddlewareResult, l as ORPCErrorConstructorMapItem, k as ORPCErrorConstructorMapItemOptions, d as ProcedureClientInterceptorOptions, E as ProcedureDef, D as ProcedureHandlerOptions, n as createORPCErrorConstructorMap, G as createProcedureClient, s as getLazyMeta, r as isLazy, F as isProcedure, q as lazy, m as mergeCurrentContext, B as middlewareOutputFn, u as unlazy, v as validateORPCError } from './shared/server.CRejaM08.mjs';
-import { E as EnhanceRouterOptions, a as EnhancedRouter } from './shared/server.DrG30u7a.mjs';
-export { A as AccessibleLazyRouter, C as ContractProcedureCallbackOptions, L as LazyTraverseContractProceduresOptions, T as TraverseContractProcedureCallbackOptions, b as TraverseContractProceduresOptions, U as UnlaziedRouter, c as createAccessibleLazyRouter, e as enhanceRouter, g as getRouter, r as resolveContractProcedures, t as traverseContractProcedures, u as unlazyRouter } from './shared/server.DrG30u7a.mjs';
+import { C as Context, P as Procedure, e as Middleware, O as ORPCErrorConstructorMap, M as MergedInitialContext, f as MergedCurrentContext, g as MapInputMiddleware, h as CreateProcedureClientOptions, i as ProcedureClient, j as ProcedureHandler, R as Router, c as Lazy, a as AnyMiddleware, b as AnyRouter, A as AnyProcedure, L as Lazyable, I as InferRouterInitialContext } from './shared/server.wMv480px.mjs';
+export { J as InferRouterCurrentContexts, H as InferRouterInitialContexts, K as InferRouterInputs, N as InferRouterOutputs, o as LAZY_SYMBOL, p as LazyMeta, x as MiddlewareNextFn, w as MiddlewareNextFnOptions, z as MiddlewareOptions, y as MiddlewareOutputFn, t as MiddlewareResult, l as ORPCErrorConstructorMapItem, k as ORPCErrorConstructorMapItemOptions, d as ProcedureClientInterceptorOptions, E as ProcedureDef, D as ProcedureHandlerOptions, n as createORPCErrorConstructorMap, G as createProcedureClient, s as getLazyMeta, r as isLazy, F as isProcedure, q as lazy, m as mergeCurrentContext, B as middlewareOutputFn, u as unlazy, v as validateORPCError } from './shared/server.wMv480px.mjs';
+import { E as EnhanceRouterOptions, a as EnhancedRouter } from './shared/server.Cwq7K86l.mjs';
+export { A as AccessibleLazyRouter, C as ContractProcedureCallbackOptions, L as LazyTraverseContractProceduresOptions, T as TraverseContractProcedureCallbackOptions, b as TraverseContractProceduresOptions, U as UnlaziedRouter, c as createAccessibleLazyRouter, e as enhanceRouter, g as getRouter, r as resolveContractProcedures, t as traverseContractProcedures, u as unlazyRouter } from './shared/server.Cwq7K86l.mjs';
 export { getEventMeta, withEventMeta } from '@orpc/standard-server';
 
 type ActionableError<T> = T extends ORPCError<infer U, infer V> ? ORPCErrorJSON<U, V> & {

package/dist/index.d.ts

@@ -4,10 +4,10 @@ import { AnySchema, ErrorMap, InferSchemaInput, InferSchemaOutput, ErrorFromErro
 export { ContractProcedure, ContractProcedureDef, ContractRouter, ErrorMap, ErrorMapItem, InferSchemaInput, InferSchemaOutput, InputStructure, MergedErrorMap, Meta, OutputStructure, Route, Schema, ValidationError, eventIterator, type } from '@orpc/contract';
 import { ThrowableError, IntersectPick, MaybeOptionalOptions } from '@orpc/shared';
 export { EventPublisher, EventPublisherOptions, EventPublisherSubscribeIteratorOptions, IntersectPick, Registry, ThrowableError, asyncIteratorToStream as eventIteratorToStream, onError, onFinish, onStart, onSuccess, streamToAsyncIteratorClass as streamToEventIterator } from '@orpc/shared';
-import { C as Context, P as Procedure, e as Middleware, O as ORPCErrorConstructorMap, M as MergedInitialContext, f as MergedCurrentContext, g as MapInputMiddleware, h as CreateProcedureClientOptions, i as ProcedureClient, j as ProcedureHandler, R as Router, c as Lazy, a as AnyMiddleware, b as AnyRouter, A as AnyProcedure, L as Lazyable, I as InferRouterInitialContext } from './shared/server.CRejaM08.js';
-export { J as InferRouterCurrentContexts, H as InferRouterInitialContexts, K as InferRouterInputs, N as InferRouterOutputs, o as LAZY_SYMBOL, p as LazyMeta, x as MiddlewareNextFn, w as MiddlewareNextFnOptions, z as MiddlewareOptions, y as MiddlewareOutputFn, t as MiddlewareResult, l as ORPCErrorConstructorMapItem, k as ORPCErrorConstructorMapItemOptions, d as ProcedureClientInterceptorOptions, E as ProcedureDef, D as ProcedureHandlerOptions, n as createORPCErrorConstructorMap, G as createProcedureClient, s as getLazyMeta, r as isLazy, F as isProcedure, q as lazy, m as mergeCurrentContext, B as middlewareOutputFn, u as unlazy, v as validateORPCError } from './shared/server.CRejaM08.js';
-import { E as EnhanceRouterOptions, a as EnhancedRouter } from './shared/server.Bi2_bIHo.js';
-export { A as AccessibleLazyRouter, C as ContractProcedureCallbackOptions, L as LazyTraverseContractProceduresOptions, T as TraverseContractProcedureCallbackOptions, b as TraverseContractProceduresOptions, U as UnlaziedRouter, c as createAccessibleLazyRouter, e as enhanceRouter, g as getRouter, r as resolveContractProcedures, t as traverseContractProcedures, u as unlazyRouter } from './shared/server.Bi2_bIHo.js';
+import { C as Context, P as Procedure, e as Middleware, O as ORPCErrorConstructorMap, M as MergedInitialContext, f as MergedCurrentContext, g as MapInputMiddleware, h as CreateProcedureClientOptions, i as ProcedureClient, j as ProcedureHandler, R as Router, c as Lazy, a as AnyMiddleware, b as AnyRouter, A as AnyProcedure, L as Lazyable, I as InferRouterInitialContext } from './shared/server.wMv480px.js';
+export { J as InferRouterCurrentContexts, H as InferRouterInitialContexts, K as InferRouterInputs, N as InferRouterOutputs, o as LAZY_SYMBOL, p as LazyMeta, x as MiddlewareNextFn, w as MiddlewareNextFnOptions, z as MiddlewareOptions, y as MiddlewareOutputFn, t as MiddlewareResult, l as ORPCErrorConstructorMapItem, k as ORPCErrorConstructorMapItemOptions, d as ProcedureClientInterceptorOptions, E as ProcedureDef, D as ProcedureHandlerOptions, n as createORPCErrorConstructorMap, G as createProcedureClient, s as getLazyMeta, r as isLazy, F as isProcedure, q as lazy, m as mergeCurrentContext, B as middlewareOutputFn, u as unlazy, v as validateORPCError } from './shared/server.wMv480px.js';
+import { E as EnhanceRouterOptions, a as EnhancedRouter } from './shared/server.a_VzWVCm.js';
+export { A as AccessibleLazyRouter, C as ContractProcedureCallbackOptions, L as LazyTraverseContractProceduresOptions, T as TraverseContractProcedureCallbackOptions, b as TraverseContractProceduresOptions, U as UnlaziedRouter, c as createAccessibleLazyRouter, e as enhanceRouter, g as getRouter, r as resolveContractProcedures, t as traverseContractProcedures, u as unlazyRouter } from './shared/server.a_VzWVCm.js';
 export { getEventMeta, withEventMeta } from '@orpc/standard-server';
 
 type ActionableError<T> = T extends ORPCError<infer U, infer V> ? ORPCErrorJSON<U, V> & {

package/dist/index.mjs

@@ -1,7 +1,7 @@
 import { mergeErrorMap, mergeMeta, mergeRoute, mergePrefix, mergeTags, isContractProcedure, getContractRouter, fallbackContractConfig } from '@orpc/contract';
 export { ValidationError, eventIterator, type } from '@orpc/contract';
-import { P as Procedure, b as addMiddleware, c as createProcedureClient, e as enhanceRouter, l as lazy, s as setHiddenRouterContract, u as unlazy, g as getRouter, i as isProcedure, d as isLazy, f as createAssertedLazyProcedure } from './shared/server.DLJzqnSX.mjs';
-export { L as LAZY_SYMBOL, p as call, r as createAccessibleLazyRouter, a as createContractedProcedure, h as createORPCErrorConstructorMap, q as getHiddenRouterContract, j as getLazyMeta, n as isStartWithMiddlewares, m as mergeCurrentContext, o as mergeMiddlewares, k as middlewareOutputFn, w as resolveContractProcedures, t as traverseContractProcedures, x as unlazyRouter, v as validateORPCError } from './shared/server.DLJzqnSX.mjs';
+import { P as Procedure, b as addMiddleware, c as createProcedureClient, e as enhanceRouter, l as lazy, s as setHiddenRouterContract, u as unlazy, g as getRouter, i as isProcedure, d as isLazy, f as createAssertedLazyProcedure } from './shared/server.NeumLVdS.mjs';
+export { L as LAZY_SYMBOL, p as call, r as createAccessibleLazyRouter, a as createContractedProcedure, h as createORPCErrorConstructorMap, q as getHiddenRouterContract, j as getLazyMeta, n as isStartWithMiddlewares, m as mergeCurrentContext, o as mergeMiddlewares, k as middlewareOutputFn, w as resolveContractProcedures, t as traverseContractProcedures, x as unlazyRouter, v as validateORPCError } from './shared/server.NeumLVdS.mjs';
 import { toORPCError } from '@orpc/client';
 export { ORPCError, isDefinedError, safe } from '@orpc/client';
 import { resolveMaybeOptionalOptions } from '@orpc/shared';
@@ -462,11 +462,12 @@ function inferRPCMethodFromRouter(router) {
 }
 
 function createRouterClient(router, ...rest) {
+  const options = resolveMaybeOptionalOptions(rest);
   if (isProcedure(router)) {
-    const caller = createProcedureClient(router, resolveMaybeOptionalOptions(rest));
+    const caller = createProcedureClient(router, options);
     return caller;
   }
-  const procedureCaller = isLazy(router) ? createProcedureClient(createAssertedLazyProcedure(router), resolveMaybeOptionalOptions(rest)) : {};
+  const procedureCaller = isLazy(router) ? createProcedureClient(createAssertedLazyProcedure(router), options) : {};
   const recursive = new Proxy(procedureCaller, {
     get(target, key) {
       if (typeof key !== "string") {

package/dist/plugins/index.d.mts

@@ -1,8 +1,8 @@
 import { Value, Promisable } from '@orpc/shared';
 import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
 import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
-import { d as StandardHandlerInterceptorOptions, g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.De2J-WNx.mjs';
-import { C as Context, d as ProcedureClientInterceptorOptions } from '../shared/server.CRejaM08.mjs';
+import { d as StandardHandlerInterceptorOptions, g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.DHgXKx3q.mjs';
+import { C as Context, d as ProcedureClientInterceptorOptions } from '../shared/server.wMv480px.mjs';
 import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
 import { ORPCError } from '@orpc/client';
 
@@ -69,6 +69,19 @@ declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T>
     init(options: StandardHandlerOptions<T>): void;
 }
 
+interface RequestHeadersPluginContext {
+    reqHeaders?: Headers;
+}
+/**
+ * The Request Headers Plugin injects a `reqHeaders` instance into the context,
+ * allowing access to request headers in oRPC.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/request-headers Request Headers Plugin Docs}
+ */
+declare class RequestHeadersPlugin<T extends RequestHeadersPluginContext> implements StandardHandlerPlugin<T> {
+    init(options: StandardHandlerOptions<T>): void;
+}
+
 interface ResponseHeadersPluginContext {
     resHeaders?: Headers;
 }
@@ -152,5 +165,5 @@ declare class StrictGetMethodPlugin<T extends Context> implements StandardHandle
     init(options: StandardHandlerOptions<T>): void;
 }
 
-export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
-export type { BatchHandlerOptions, CORSOptions, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };
+export { BatchHandlerPlugin, CORSPlugin, RequestHeadersPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
+export type { BatchHandlerOptions, CORSOptions, RequestHeadersPluginContext, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };

package/dist/plugins/index.d.ts

@@ -1,8 +1,8 @@
 import { Value, Promisable } from '@orpc/shared';
 import { StandardRequest, StandardHeaders } from '@orpc/standard-server';
 import { BatchResponseBodyItem } from '@orpc/standard-server/batch';
-import { d as StandardHandlerInterceptorOptions, g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.BX8Iro5z.js';
-import { C as Context, d as ProcedureClientInterceptorOptions } from '../shared/server.CRejaM08.js';
+import { d as StandardHandlerInterceptorOptions, g as StandardHandlerPlugin, e as StandardHandlerOptions } from '../shared/server.DVBSOxWU.js';
+import { C as Context, d as ProcedureClientInterceptorOptions } from '../shared/server.wMv480px.js';
 import { Meta, ORPCError as ORPCError$1 } from '@orpc/contract';
 import { ORPCError } from '@orpc/client';
 
@@ -69,6 +69,19 @@ declare class CORSPlugin<T extends Context> implements StandardHandlerPlugin<T>
     init(options: StandardHandlerOptions<T>): void;
 }
 
+interface RequestHeadersPluginContext {
+    reqHeaders?: Headers;
+}
+/**
+ * The Request Headers Plugin injects a `reqHeaders` instance into the context,
+ * allowing access to request headers in oRPC.
+ *
+ * @see {@link https://orpc.unnoq.com/docs/plugins/request-headers Request Headers Plugin Docs}
+ */
+declare class RequestHeadersPlugin<T extends RequestHeadersPluginContext> implements StandardHandlerPlugin<T> {
+    init(options: StandardHandlerOptions<T>): void;
+}
+
 interface ResponseHeadersPluginContext {
     resHeaders?: Headers;
 }
@@ -152,5 +165,5 @@ declare class StrictGetMethodPlugin<T extends Context> implements StandardHandle
     init(options: StandardHandlerOptions<T>): void;
 }
 
-export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
-export type { BatchHandlerOptions, CORSOptions, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };
+export { BatchHandlerPlugin, CORSPlugin, RequestHeadersPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin, StrictGetMethodPlugin };
+export type { BatchHandlerOptions, CORSOptions, RequestHeadersPluginContext, ResponseHeadersPluginContext, SimpleCsrfProtectionHandlerPluginOptions, StrictGetMethodPluginOptions };

package/dist/plugins/index.mjs

@@ -1,6 +1,7 @@
 import { value, isAsyncIteratorObject, clone } from '@orpc/shared';
 import { flattenHeader } from '@orpc/standard-server';
 import { parseBatchRequest, toBatchResponse } from '@orpc/standard-server/batch';
+import { toFetchHeaders } from '@orpc/standard-server-fetch';
 import { ORPCError } from '@orpc/client';
 export { S as StrictGetMethodPlugin } from '../shared/server.BW-nUGgA.mjs';
 import '@orpc/contract';
@@ -177,6 +178,22 @@ class CORSPlugin {
   }
 }
 
+class RequestHeadersPlugin {
+  init(options) {
+    options.rootInterceptors ??= [];
+    options.rootInterceptors.push((interceptorOptions) => {
+      const reqHeaders = interceptorOptions.context.reqHeaders ?? toFetchHeaders(interceptorOptions.request.headers);
+      return interceptorOptions.next({
+        ...interceptorOptions,
+        context: {
+          ...interceptorOptions.context,
+          reqHeaders
+        }
+      });
+    });
+  }
+}
+
 class ResponseHeadersPlugin {
   init(options) {
     options.rootInterceptors ??= [];
@@ -256,4 +273,4 @@ class SimpleCsrfProtectionHandlerPlugin {
   }
 }
 
-export { BatchHandlerPlugin, CORSPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin };
+export { BatchHandlerPlugin, CORSPlugin, RequestHeadersPlugin, ResponseHeadersPlugin, SimpleCsrfProtectionHandlerPlugin };

package/dist/shared/{server.C-F_fMXW.d.mts → server.CC8z0B3U.d.mts}

@@ -1,9 +1,9 @@
 import { StandardRPCJsonSerializerOptions } from '@orpc/client/standard';
-import { b as AnyRouter, C as Context, R as Router } from './server.CRejaM08.mjs';
-import { i as StandardMatcher, h as StandardMatchResult, e as StandardHandlerOptions, f as StandardHandler } from './server.De2J-WNx.mjs';
+import { b as AnyRouter, C as Context, R as Router } from './server.wMv480px.mjs';
+import { i as StandardMatcher, h as StandardMatchResult, e as StandardHandlerOptions, f as StandardHandler } from './server.DHgXKx3q.mjs';
 import { HTTPPath } from '@orpc/client';
 import { Value } from '@orpc/shared';
-import { T as TraverseContractProcedureCallbackOptions } from './server.DrG30u7a.mjs';
+import { T as TraverseContractProcedureCallbackOptions } from './server.Cwq7K86l.mjs';
 
 interface StandardRPCMatcherOptions {
     /**