@temporary-name/server 1.9.3-alpha.e2d8d164da72fb570c2b14a4fa956c80f9e33cdc → 1.9.3-alpha.ec3bfb9dce56198911349c322c970208b21b50db

package/dist/index.mjs

@@ -1,50 +1,69 @@
-import { onError, resolveMaybeOptionalOptions } from '@temporary-name/shared';
-export { AsyncIteratorClass, EventPublisher, ORPCError, asyncIteratorToStream as eventIteratorToStream, isDefinedError, onError, onFinish, onStart, onSuccess, safe, streamToAsyncIteratorClass as streamToEventIterator } from '@temporary-name/shared';
-import { isContractProcedure, mergePrefix, mergeErrorMap, enhanceRoute, mergeTags, ContractProcedure, mergeMeta, mergeRoute, prefixRoute, getContractRouter } from '@temporary-name/contract';
-export { ValidationError, eventIterator, validateORPCError } from '@temporary-name/contract';
-import { SchemaClass, gatingContext } from '@temporary-name/zod';
-import { c as createProcedureClient, i as isLazy, g as getLazyMeta, l as lazy, u as unlazy } from './shared/server.BYYf0Wn6.mjs';
-export { L as LAZY_SYMBOL, a as createORPCErrorConstructorMap, m as mergeCurrentContext, b as middlewareOutputFn } from './shared/server.BYYf0Wn6.mjs';
+import { assertNever, splitFirst, ORPCError, onError, resolveMaybeOptionalOptions, isTypescriptObject, isPropertyKey } from '@temporary-name/shared';
+export { AsyncIteratorClass, EventPublisher, ORPCError, asyncIteratorToStream as eventIteratorToStream, isDefinedError, onError, onFinish, onStart, onSuccess, streamToAsyncIteratorClass as streamToEventIterator } from '@temporary-name/shared';
+import * as z from '@temporary-name/zod';
+import { SchemaClass, object, core, gatingContext } from '@temporary-name/zod';
+import { g as getCookie } from './shared/server.C1RJffw4.mjs';
+import { P as Procedure, m as mergePrefix, a as mergeTags, e as enhanceRouter, C as Contract, p as parseEndpointDefinition, b as mergeRoute, c as prefixRoute, d as addMiddleware, l as lazyInternal, f as getLazyMeta, u as unlazy, i as isProcedure, h as isLazy, j as getRouter } from './shared/server.ChOv1yG3.mjs';
+export { L as LAZY_SYMBOL, V as ValidationError, q as createAccessibleLazyRouter, w as endpointRegex, g as getDynamicParams, n as isStartWithMiddlewares, k as lazy, o as mergeMiddlewares, r as resolveContractProcedures, s as standardizeHTTPPath, t as traverseContractProcedures, v as unlazyRouter } from './shared/server.ChOv1yG3.mjs';
+import { c as createProcedureClient } from './shared/server.Cza0RB3u.mjs';
+export { m as mergeCurrentContext, a as middlewareOutputFn } from './shared/server.Cza0RB3u.mjs';
+export { e as eventIterator, g as getEventIteratorSchemaDetails } from './shared/server.YUvuxHty.mjs';
 export { getEventMeta, withEventMeta } from '@temporary-name/standard-server';
+import 'cookie';
 
-function isStartWithMiddlewares(middlewares, compare) {
-  if (compare.length > middlewares.length) {
-    return false;
-  }
-  for (let i = 0; i < middlewares.length; i++) {
-    if (compare[i] === void 0) {
-      return true;
-    }
-    if (middlewares[i] !== compare[i]) {
-      return false;
-    }
+function validateTokenPrefix(prefix, token) {
+  if (prefix && !token.startsWith(prefix)) {
+    throw new ORPCError("UNAUTHORIZED", { message: `Invalid auth token. It must start with "${prefix}"` });
   }
-  return true;
 }
-function mergeMiddlewares(first, second, options) {
-  if (options.dedupeLeading && isStartWithMiddlewares(second, first)) {
-    return second;
-  }
-  return [...first, ...second];
+function validateTokenAuth(config, token, options) {
+  const { tokenPrefix, validate } = config;
+  validateTokenPrefix(tokenPrefix, token);
+  return validate(token, options);
 }
-function addMiddleware(middlewares, addition) {
-  return [...middlewares, addition];
+function authByQuery(config, options) {
+  const { name, tokenPrefix, validate } = config;
+  const query = options.request.url.searchParams;
+  const token = query.get(name);
+  if (!token) return void 0;
+  validateTokenPrefix(tokenPrefix, token);
+  return validate(token, options);
 }
-
-class Procedure {
-  /**
-   * This property holds the defined options.
-   */
-  "~orpc";
-  constructor(def) {
-    this["~orpc"] = def;
-  }
+function authByHeader(config, options) {
+  const authHeader = options.request.headers.get(config.name);
+  return authHeader ? validateTokenAuth(config, authHeader, options) : void 0;
 }
-function isProcedure(item) {
-  if (item instanceof Procedure) {
-    return true;
-  }
-  return isContractProcedure(item) && "middlewares" in item["~orpc"] && "handler" in item["~orpc"];
+function authByCookie(config, options) {
+  const cookie = getCookie(options.request.headers, config.name);
+  return cookie ? validateTokenAuth(config, cookie, options) : void 0;
+}
+function authByBearer(config, options) {
+  const authHeader = options.request.headers.get("Authorization");
+  if (!authHeader) return void 0;
+  const [authType, bearer] = splitFirst(authHeader, " ");
+  return authType === "Bearer" ? validateTokenAuth(config, bearer, options) : void 0;
+}
+function authByBasic(config, options) {
+  const authHeader = options.request.headers.get("Authorization");
+  if (!authHeader) return void 0;
+  const [authType, encoded] = splitFirst(authHeader, " ");
+  if (authType !== "Basic") return void 0;
+  const decoded = Buffer.from(encoded, "base64").toString("utf-8");
+  const [username, password] = splitFirst(decoded, ":");
+  validateTokenPrefix(config.tokenPrefix, password);
+  return config.validate(username, password, options);
+}
+function authByType(config, options) {
+  const { type } = config;
+  return type === "header" ? authByHeader(config, options) : type === "query" ? authByQuery(config, options) : type === "cookie" ? authByCookie(config, options) : type === "bearer" ? authByBearer(config, options) : type === "basic" ? authByBasic(config, options) : type === "none" ? false : assertNever(type);
+}
+function authDescription(config) {
+  const { type } = config;
+  return type === "basic" ? "a Basic Authentication header" : type === "bearer" ? "a Bearer Authentication header" : type === "header" ? `a header named "${config.name}"` : type === "query" ? `a query parameter named "${config.name}"` : type === "cookie" ? `a cookie named "${config.name}"` : type === "none" ? "no authentication" : assertNever(type);
+}
+
+function mergeMeta(meta1, meta2) {
+  return { ...meta1, ...meta2 };
 }
 
 class DecoratedProcedure extends Procedure {
@@ -66,170 +85,19 @@ class DecoratedProcedure extends Procedure {
   }
 }
 
-const HIDDEN_ROUTER_CONTRACT_SYMBOL = Symbol("ORPC_HIDDEN_ROUTER_CONTRACT");
-function setHiddenRouterContract(router, contract) {
-  return new Proxy(router, {
-    get(target, key) {
-      if (key === HIDDEN_ROUTER_CONTRACT_SYMBOL) {
-        return contract;
-      }
-      return Reflect.get(target, key);
-    }
-  });
-}
-function getHiddenRouterContract(router) {
-  return router[HIDDEN_ROUTER_CONTRACT_SYMBOL];
-}
-
-function getRouter(router, path) {
-  let current = router;
-  for (let i = 0; i < path.length; i++) {
-    const segment = path[i];
-    if (!current) {
-      return void 0;
-    }
-    if (isProcedure(current)) {
-      return void 0;
-    }
-    if (!isLazy(current)) {
-      current = current[segment];
-      continue;
-    }
-    const lazied = current;
-    const rest = path.slice(i);
-    return lazy(async () => {
-      const unwrapped = await unlazy(lazied);
-      const next = getRouter(unwrapped.default, rest);
-      return unlazy(next);
-    }, getLazyMeta(lazied));
-  }
-  return current;
-}
-function createAccessibleLazyRouter(lazied) {
-  const recursive = new Proxy(lazied, {
-    get(target, key) {
-      if (typeof key !== "string") {
-        return Reflect.get(target, key);
-      }
-      const next = getRouter(lazied, [key]);
-      return createAccessibleLazyRouter(next);
-    }
-  });
-  return recursive;
-}
-function enhanceRouter(router, options) {
-  if (isLazy(router)) {
-    const laziedMeta = getLazyMeta(router);
-    const enhancedPrefix = laziedMeta?.prefix ? mergePrefix(options.prefix, laziedMeta?.prefix) : options.prefix;
-    const enhanced2 = lazy(
-      async () => {
-        const { default: unlaziedRouter } = await unlazy(router);
-        const enhanced3 = enhanceRouter(unlaziedRouter, options);
-        return unlazy(enhanced3);
-      },
-      {
-        ...laziedMeta,
-        prefix: enhancedPrefix
-      }
-    );
-    const accessible = createAccessibleLazyRouter(enhanced2);
-    return accessible;
-  }
-  if (isProcedure(router)) {
-    const newMiddlewares = mergeMiddlewares(options.middlewares, router["~orpc"].middlewares, {
-      dedupeLeading: options.dedupeLeadingMiddlewares
-    });
-    const newMiddlewareAdded = newMiddlewares.length - router["~orpc"].middlewares.length;
-    const enhanced2 = new Procedure({
-      ...router["~orpc"],
-      route: enhanceRoute(router["~orpc"].route, options),
-      errorMap: mergeErrorMap(options.errorMap, router["~orpc"].errorMap),
-      middlewares: newMiddlewares,
-      inputValidationIndex: router["~orpc"].inputValidationIndex + newMiddlewareAdded,
-      outputValidationIndex: router["~orpc"].outputValidationIndex + newMiddlewareAdded
-    });
-    return enhanced2;
-  }
-  const enhanced = {};
-  for (const key in router) {
-    enhanced[key] = enhanceRouter(router[key], options);
-  }
-  return enhanced;
-}
-function traverseContractProcedures(options, callback, lazyOptions = []) {
-  let currentRouter = options.router;
-  const hiddenContract = getHiddenRouterContract(options.router);
-  if (hiddenContract !== void 0) {
-    currentRouter = hiddenContract;
-  }
-  if (isLazy(currentRouter)) {
-    lazyOptions.push({
-      router: currentRouter,
-      path: options.path
-    });
-  } else if (isContractProcedure(currentRouter)) {
-    callback({
-      contract: currentRouter,
-      path: options.path
-    });
-  } else {
-    for (const key in currentRouter) {
-      traverseContractProcedures(
-        {
-          router: currentRouter[key],
-          path: [...options.path, key]
-        },
-        callback,
-        lazyOptions
-      );
-    }
-  }
-  return lazyOptions;
-}
-async function resolveContractProcedures(options, callback) {
-  const pending = [options];
-  for (const options2 of pending) {
-    const lazyOptions = traverseContractProcedures(options2, callback);
-    for (const options3 of lazyOptions) {
-      const { default: router } = await unlazy(options3.router);
-      pending.push({
-        router,
-        path: options3.path
-      });
-    }
-  }
-}
-async function unlazyRouter(router) {
-  if (isProcedure(router)) {
-    return router;
-  }
-  const unlazied = {};
-  for (const key in router) {
-    const item = router[key];
-    const { default: unlaziedRouter } = await unlazy(item);
-    unlazied[key] = await unlazyRouter(unlaziedRouter);
-  }
-  return unlazied;
-}
+const initialSchemas = {
+  pathSchema: z.strictObject({}),
+  querySchema: z.strictObject({}),
+  bodySchema: z.strictObject({}),
+  outputSchema: z.unknown()
+};
 
-class ProcedureBuilder extends ContractProcedure {
+class ProcedureBuilder extends Contract {
   z;
   constructor(def) {
     super(def);
     this.z = new SchemaClass();
   }
-  /**
-   * Adds type-safe custom errors to the contract.
-   * The provided errors are spared-merged with any existing errors in the contract.
-   *
-   * @see {@link https://orpc.unnoq.com/docs/error-handling#type%E2%80%90safe-error-handling Type-Safe Error Handling Docs}
-   */
-  errors(errors) {
-    return new ProcedureBuilder({
-      ...this["~orpc"],
-      errorMap: mergeErrorMap(this["~orpc"].errorMap, errors)
-    });
-  }
   /**
    * Sets or updates the metadata for the contract.
    * The provided metadata is spared-merged with any existing metadata in the contract.
@@ -242,6 +110,19 @@ class ProcedureBuilder extends ContractProcedure {
       meta: mergeMeta(this["~orpc"].meta, meta)
     });
   }
+  endpoint(stringsOrEndpoint, ...values) {
+    const { method, path, pathSchema } = parseEndpointDefinition(stringsOrEndpoint, values);
+    const { prefix } = this["~orpc"];
+    const route = { method, path };
+    return new ProcedureBuilder({
+      ...this["~orpc"],
+      route: mergeRoute(this["~orpc"].route, prefix ? prefixRoute(route, prefix) : route),
+      schemas: {
+        ...this["~orpc"].schemas,
+        pathSchema
+      }
+    });
+  }
   /**
    * Sets or updates the route definition for the contract.
    * The provided route is spared-merged with any existing route in the contract.
@@ -250,22 +131,30 @@ class ProcedureBuilder extends ContractProcedure {
    * @see {@link https://orpc.unnoq.com/docs/openapi/routing OpenAPI Routing Docs}
    * @see {@link https://orpc.unnoq.com/docs/openapi/input-output-structure OpenAPI Input/Output Structure Docs}
    */
-  route(route) {
+  endpointOpts(route) {
     const { prefix } = this["~orpc"];
     return new ProcedureBuilder({
       ...this["~orpc"],
       route: mergeRoute(this["~orpc"].route, prefix ? prefixRoute(route, prefix) : route)
     });
   }
-  /**
-   * Defines the input validation schema.
-   *
-   * @see {@link https://orpc.unnoq.com/docs/procedure#input-output-validation Input Validation Docs}
-   */
-  input(schema) {
+  query(schema) {
+    return new ProcedureBuilder({
+      ...this["~orpc"],
+      schemas: {
+        ...this["~orpc"].schemas,
+        querySchema: schema instanceof core.$ZodType ? schema : object(schema)
+      },
+      inputValidationIndex: this["~orpc"].middlewares.length
+    });
+  }
+  body(schema) {
     return new ProcedureBuilder({
       ...this["~orpc"],
-      inputSchema: schema,
+      schemas: {
+        ...this["~orpc"].schemas,
+        bodySchema: schema instanceof core.$ZodType ? schema : object(schema)
+      },
       inputValidationIndex: this["~orpc"].middlewares.length
     });
   }
@@ -277,23 +166,49 @@ class ProcedureBuilder extends ContractProcedure {
   output(schema) {
     return new ProcedureBuilder({
       ...this["~orpc"],
-      outputSchema: schema,
+      schemas: {
+        ...this["~orpc"].schemas,
+        outputSchema: schema instanceof core.$ZodType ? schema : object(schema)
+      },
       outputValidationIndex: this["~orpc"].middlewares.length
     });
   }
-  /**
-   * Uses a middleware to modify the context or improve the pipeline.
-   *
-   * @info Supports both normal middleware and inline middleware implementations.
-   * @note The current context must be satisfy middleware dependent-context
-   * @see {@link https://orpc.unnoq.com/docs/middleware Middleware Docs}
-   */
   use(middleware) {
     return new this.constructor({
       ...this["~orpc"],
       middlewares: addMiddleware(this["~orpc"].middlewares, middleware)
     });
   }
+  // `& {}` is so AuthType will be expanded in parameter info tooltips.
+  // The default of false for ValidatedAuthContext is used when you pass in the type 'none'. We use false
+  // because we can't use null or undefined (see ValidatedAuthContext) but we still want it to be falsy.
+  useAuth(type, ...rest) {
+    const config = { type, ...rest[0] };
+    const middleware = baseApi.$context().middleware(async (options) => {
+      const { next, context } = options;
+      if (context.auth) return next();
+      const auth = await authByType(config, options);
+      if (auth === void 0) {
+        const { authConfigs } = options.procedure["~orpc"];
+        if (context.auth !== false && config === authConfigs.at(-1)) {
+          let authDescriptions = authConfigs.map(authDescription).join(", ");
+          if (authConfigs.length > 1) {
+            authDescriptions = `one of: ${authDescriptions}`;
+          }
+          throw new ORPCError("UNAUTHORIZED", {
+            message: `Authentication required. You must provide ${authDescriptions}`
+          });
+        }
+        return next();
+      }
+      return next({ context: { auth } });
+    });
+    return new this.constructor({
+      ...this["~orpc"],
+      authConfigs: [...this["~orpc"].authConfigs, config],
+      middlewares: addMiddleware(this["~orpc"].middlewares, middleware)
+    });
+  }
   useGating(gates, isGateEnabled) {
     return this.use(({ next, context }) => {
       return gatingContext.run(
@@ -308,6 +223,9 @@ class ProcedureBuilder extends ContractProcedure {
    * @see {@link https://orpc.unnoq.com/docs/procedure Procedure Docs}
    */
   handler(handler) {
+    if (this["~orpc"].schemas.outputSchema === initialSchemas.outputSchema) {
+      throw new Error("You must call .output() before calling .handler()");
+    }
     return new DecoratedProcedure({
       ...this["~orpc"],
       handler
@@ -359,31 +277,6 @@ function decorateMiddleware(middleware) {
     );
     return mapped;
   };
-  decorated.concat = (concatMiddleware, mapInput) => {
-    const mapped = mapInput ? decorateMiddleware(concatMiddleware).mapInput(mapInput) : concatMiddleware;
-    const concatted = decorateMiddleware((options, input, output, ...rest) => {
-      const merged = middleware(
-        {
-          ...options,
-          next: (...[nextOptions1]) => mapped(
-            {
-              ...options,
-              context: { ...options.context, ...nextOptions1?.context },
-              next: (...[nextOptions2]) => options.next({ context: { ...nextOptions1?.context, ...nextOptions2?.context } })
-            },
-            input,
-            output,
-            ...rest
-          )
-        },
-        input,
-        output,
-        ...rest
-      );
-      return merged;
-    });
-    return concatted;
-  };
   return decorated;
 }
 
@@ -405,112 +298,25 @@ class Builder extends BuilderWithMiddlewares {
     return decorateMiddleware(middleware);
   }
 }
-function createApiBuilder(opts = {}) {
-  return new Builder({
-    route: {},
-    meta: opts.meta ?? {},
-    errorMap: {},
-    inputValidationIndex: 0,
-    outputValidationIndex: 0,
-    middlewares: [
-      onError((error, _options) => {
-        console.dir(error, { depth: null });
-      })
-    ],
-    // NB: this is a relic from orpc -- I'm not convinced there's a need for this (or if there is, that it's
-    // the best solution). For now I've removed the interface to configure it externally.
-    dedupeLeadingMiddlewares: true
-  });
-}
-const os = createApiBuilder();
-
-function implementerInternal(contract, middlewares) {
-  if (isContractProcedure(contract)) {
-    const impl2 = new Builder({
-      ...contract["~orpc"],
-      middlewares,
-      inputValidationIndex: middlewares.length,
-      outputValidationIndex: middlewares.length,
-      dedupeLeadingMiddlewares: true
-    });
-    return impl2;
-  }
-  const impl = new Proxy(contract, {
-    get: (target, key) => {
-      if (typeof key !== "string") {
-        return Reflect.get(target, key);
-      }
-      let method;
-      if (key === "middleware") {
-        method = (mid) => decorateMiddleware(mid);
-      } else if (key === "use") {
-        method = (mid) => {
-          return implementerInternal(contract, addMiddleware(middlewares, mid));
-        };
-      } else if (key === "router") {
-        method = (router) => {
-          const adapted = enhanceRouter(router, {
-            middlewares,
-            errorMap: {},
-            prefix: void 0,
-            tags: void 0,
-            dedupeLeadingMiddlewares: true
-          });
-          return setHiddenRouterContract(adapted, contract);
-        };
-      } else if (key === "lazyRoute") {
-        method = (loader) => {
-          const adapted = enhanceRouter(lazy(loader), {
-            middlewares,
-            errorMap: {},
-            prefix: void 0,
-            tags: void 0,
-            dedupeLeadingMiddlewares: true
-          });
-          return setHiddenRouterContract(adapted, contract);
-        };
-      }
-      const next = getContractRouter(target, [key]);
-      if (!next) {
-        return method ?? next;
-      }
-      const nextImpl = implementerInternal(next, middlewares);
-      if (method) {
-        return new Proxy(method, {
-          get(_, key2) {
-            return Reflect.get(nextImpl, key2);
-          }
-        });
-      }
-      return nextImpl;
-    }
-  });
-  return impl;
-}
-function implement(contract) {
-  const implInternal = implementerInternal(contract, []);
-  const impl = new Proxy(implInternal, {
-    get: (target, key) => {
-      let method;
-      if (key === "$context") {
-        method = () => impl;
-      }
-      const next = Reflect.get(target, key);
-      if (!method || !next || typeof next !== "function" && typeof next !== "object") {
-        return method || next;
-      }
-      return new Proxy(method, {
-        get(_, key2) {
-          return Reflect.get(next, key2);
-        }
-      });
-    }
-  });
-  return impl;
-}
+const baseApi = new Builder({
+  route: {},
+  meta: {},
+  inputValidationIndex: 0,
+  outputValidationIndex: 0,
+  middlewares: [
+    onError((error, _options) => {
+      console.dir(error, { depth: null });
+    })
+  ],
+  schemas: initialSchemas,
+  // NB: this is a relic from orpc -- I'm not convinced there's a need for this (or if there is, that it's
+  // the best solution). For now I've removed the interface to configure it externally.
+  dedupeLeadingMiddlewares: true,
+  authConfigs: []
+});
 
 function createAssertedLazyProcedure(lazied) {
-  const lazyProcedure = lazy(async () => {
+  const lazyProcedure = lazyInternal(async () => {
     const { default: maybeProcedure } = await unlazy(lazied);
     if (!isProcedure(maybeProcedure)) {
       throw new Error(`
@@ -523,14 +329,6 @@ function createAssertedLazyProcedure(lazied) {
   }, getLazyMeta(lazied));
   return lazyProcedure;
 }
-function createContractedProcedure(procedure, contract) {
-  return new Procedure({
-    ...procedure["~orpc"],
-    errorMap: contract["~orpc"].errorMap,
-    route: contract["~orpc"].route,
-    meta: contract["~orpc"].meta
-  });
-}
 function call(procedure, input, ...rest) {
   const options = resolveMaybeOptionalOptions(rest);
   return createProcedureClient(procedure, options)(input, options);
@@ -561,4 +359,21 @@ function createRouterClient(router, ...rest) {
   return recursive;
 }
 
-export { Builder, BuilderWithMiddlewares, DecoratedProcedure, Procedure, ProcedureBuilder, addMiddleware, call, createAccessibleLazyRouter, createApiBuilder, createAssertedLazyProcedure, createContractedProcedure, createProcedureClient, createRouterClient, decorateMiddleware, enhanceRouter, getHiddenRouterContract, getLazyMeta, getRouter, implement, implementerInternal, isLazy, isProcedure, isStartWithMiddlewares, lazy, mergeMiddlewares, os, resolveContractProcedures, setHiddenRouterContract, traverseContractProcedures, unlazy, unlazyRouter };
+function isSchemaIssue(issue) {
+  if (!isTypescriptObject(issue) || typeof issue.message !== "string") {
+    return false;
+  }
+  if (issue.path !== void 0) {
+    if (!Array.isArray(issue.path)) {
+      return false;
+    }
+    if (!issue.path.every(
+      (segment) => isPropertyKey(segment) || isTypescriptObject(segment) && isPropertyKey(segment.key)
+    )) {
+      return false;
+    }
+  }
+  return true;
+}
+
+export { Builder, BuilderWithMiddlewares, Contract, DecoratedProcedure, Procedure, ProcedureBuilder, addMiddleware, baseApi, call, createAssertedLazyProcedure, createProcedureClient, createRouterClient, decorateMiddleware, enhanceRouter, getLazyMeta, getRouter, initialSchemas, isLazy, isProcedure, isSchemaIssue, lazyInternal, mergeMeta, parseEndpointDefinition, unlazy };