@forge/api 0.0.0-experimental-4e6084f → 0.0.0-experimental-d18f8dd

package/CHANGELOG.md

@@ -1,15 +1,142 @@
 # @forge/api
 
-## 0.0.0-experimental-4e6084f
+## 0.0.0-experimental-d18f8dd
+
+### Patch Changes
+
+- d18f8dd: Force bump
+- Updated dependencies [d18f8dd]
+  - @forge/auth@0.0.0-experimental-d18f8dd
+  - @forge/storage@0.0.0-experimental-d18f8dd
+
+## 2.3.0
 
 ### Minor Changes
 
-- 8e5fe0f: Remove engines.node declaration
+- 0d7fe27: Support secret storage API
+
+### Patch Changes
+
+- df58629: Allow custom headers in requestGraph
+- Updated dependencies [0d7fe27]
+  - @forge/storage@1.1.0
+
+## 2.3.0-next.1
+
+### Patch Changes
+
+- df58629: Allow custom headers in requestGraph
+
+## 2.3.0-next.0
+
+### Minor Changes
+
+- 0d7fe27: Support secret storage API
+
+### Patch Changes
+
+- Updated dependencies [0d7fe27]
+  - @forge/storage@1.1.0-next.0
+
+## 2.2.1
 
 ### Patch Changes
 
-- Updated dependencies [8e5fe0f]
-  - @forge/storage@0.0.0-experimental-4e6084f
+- Updated dependencies [0700578]
+  - @forge/storage@1.0.5
+
+## 2.2.1-next.0
+
+### Patch Changes
+
+- Updated dependencies [0700578]
+  - @forge/storage@1.0.5-next.0
+
+## 2.2.0
+
+### Minor Changes
+
+- 5dcb9bd: Routes can be passed to api.fetch. Routes can be partially-constructed using other Routes.
+
+## 2.2.0-next.0
+
+### Minor Changes
+
+- 5dcb9bd: Routes can be passed to api.fetch. Routes can be partially-constructed using other Routes.
+
+## 2.1.0
+
+### Minor Changes
+
+- 339a8ad: Export StorageAPI interface
+- 390e3d0: Add authorize API
+
+### Patch Changes
+
+- fef6d3a: Export Route as type for @forge/api
+- 85ce23a: Update error message and build config
+- Updated dependencies [5ff60ec]
+- Updated dependencies [4eda18e]
+- Updated dependencies [85ce23a]
+- Updated dependencies [2d3bec6]
+  - @forge/storage@1.0.4
+  - @forge/auth@0.0.1
+
+## 2.1.0-next.4
+
+### Patch Changes
+
+- 85ce23a: Update error message and build config
+- Updated dependencies [85ce23a]
+  - @forge/auth@0.0.1-next.2
+
+## 2.1.0-next.3
+
+### Minor Changes
+
+- 390e3d0: Add authorize API
+
+### Patch Changes
+
+- Updated dependencies [4eda18e]
+  - @forge/auth@0.0.1-next.0
+
+## 2.1.0-next.2
+
+### Patch Changes
+
+- fef6d3a: Export Route as type for @forge/api
+
+## 2.1.0-next.1
+
+### Minor Changes
+
+- 339a8ad: Export StorageAPI interface
+
+## 2.0.2-next.0
+
+### Patch Changes
+
+- Updated dependencies [5ff60ec]
+  - @forge/storage@1.0.4-next.0
+
+## 2.0.1
+
+### Patch Changes
+
+- d3d180e: Remove engines limitation
+
+## 2.0.1-next.0
+
+### Patch Changes
+
+- d3d180e: Remove engines limitation
+
+## 2.0.0
+
+### Major Changes
+
+- 4ae62248a: `@forge/api` requires usage of a new route helper when calling requestJira/requestConfluence
 
 ## 1.2.0
 

package/out/api/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EAAE,QAAQ,EAAkD,MAAM,IAAI,CAAC;AAC9E,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,oBAAY,YAAY,GAAG,CAAC,QAAQ,EAAE,QAAQ,KAAK,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,GAAG,CAAC;AAYjG,eAAO,MAAM,mBAAmB,QAAS,GAAG,aAAa,YAAY,KAAG,QAgBvE,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/api/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACtD,OAAO,EACL,QAAQ,EAMT,MAAM,IAAI,CAAC;AACZ,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAIxD,oBAAY,YAAY,GAAG,CAAC,QAAQ,EAAE,QAAQ,KAAK,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,GAAG,CAAC;AAsBjG,eAAO,MAAM,mBAAmB,QAAS,GAAG,aAAa,YAAY,KAAG,QAgBvE,CAAC"}

package/out/api/index.js

@@ -3,24 +3,33 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.wrapFetchApiMethods = void 0;
 var polyfill_response_1 = require("./polyfill-response");
 Object.defineProperty(exports, "transformResponse", { enumerable: true, get: function () { return polyfill_response_1.transformResponse; } });
-const wrapRequestGraph = (requestGraphApi) => (query, variables) => requestGraphApi('/graphql', {
+const safeUrl_1 = require("../safeUrl");
+const wrapRequestGraph = (requestGraphApi) => (query, variables, headers = {}) => requestGraphApi('/graphql', {
     method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
+    headers: Object.assign(Object.assign({}, headers), { 'Content-Type': 'application/json' }),
     body: JSON.stringify(Object.assign({ query }, (variables ? { variables } : {})))
 });
+const wrapRequestProduct = (requestProduct) => (path, init) => {
+    const safeUrl = safeUrl_1.requireSafeUrl(path);
+    return requestProduct(safeUrl.value, init);
+};
+const wrapWithRouteUnwrapper = (fetch) => (path, init) => {
+    const stringPath = safeUrl_1.isRoute(path) ? path.value : path;
+    return fetch(stringPath, init);
+};
 exports.wrapFetchApiMethods = (api, wrapFetch) => {
     return {
-        fetch: wrapFetch(api.fetch),
-        requestJira: wrapFetch(api.requestJira),
-        requestConfluence: wrapFetch(api.requestConfluence),
+        fetch: wrapWithRouteUnwrapper(wrapFetch(api.fetch)),
+        requestJira: wrapRequestProduct(wrapFetch(api.requestJira)),
+        requestConfluence: wrapRequestProduct(wrapFetch(api.requestConfluence)),
         asUser: () => ({
-            requestJira: wrapFetch(api.asUser().requestJira),
-            requestConfluence: wrapFetch(api.asUser().requestConfluence),
+            requestJira: wrapRequestProduct(wrapFetch(api.asUser().requestJira)),
+            requestConfluence: wrapRequestProduct(wrapFetch(api.asUser().requestConfluence)),
             requestGraph: wrapRequestGraph(wrapFetch(api.asUser().requestGraph))
         }),
         asApp: () => ({
-            requestJira: wrapFetch(api.asApp().requestJira),
-            requestConfluence: wrapFetch(api.asApp().requestConfluence),
+            requestJira: wrapRequestProduct(wrapFetch(api.asApp().requestJira)),
+            requestConfluence: wrapRequestProduct(wrapFetch(api.asApp().requestConfluence)),
             requestGraph: wrapRequestGraph(wrapFetch(api.asApp().requestGraph))
         })
     };

package/out/authorization/index.d.ts

@@ -0,0 +1,7 @@
+export declare const authorize: () => {
+    readonly onJira: (projectPermissionsInput: import("@forge/auth/out/jira").ProjectPermission[]) => Promise<import("@forge/auth/out/jira").ProjectPermissionResponse[]>;
+    readonly onJiraProject: (projects: string | number | (string | number)[]) => Record<string, import("@forge/auth/out/types").PermissionCheck>;
+    readonly onJiraIssue: (issues: string | number | (string | number)[]) => Record<string, import("@forge/auth/out/types").PermissionCheck>;
+    readonly onConfluenceContent: (contentId: string | number) => Record<string, import("@forge/auth/out/types").PermissionCheck>;
+};
+//# sourceMappingURL=index.d.ts.map

package/out/authorization/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/authorization/index.ts"],"names":[],"mappings":"AAKA,eAAO,MAAM,SAAS;;;;;CAgBrB,CAAC"}

package/out/authorization/index.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authorize = void 0;
+const auth_1 = require("@forge/auth");
+const api = global.api;
+exports.authorize = () => {
+    if (!process.env.__CURRENT_USER_ACCOUNT_ID)
+        throw new Error(`Couldn’t find the accountId of the invoking user. This API can only be used inside user-invoked modules.`);
+    const accountId = process.env.__CURRENT_USER_ACCOUNT_ID;
+    return Object.assign(Object.assign({}, auth_1.authorizeConfluenceWithFetch(async (path, opts) => {
+        const res = await api.asUser().requestConfluence(path, opts);
+        return res.json();
+    }, accountId)), auth_1.authorizeJiraWithFetch(async (path, opts) => {
+        const res = await api.asUser().requestJira(path, opts);
+        return res.json();
+    }, accountId));
+};

package/out/index.d.ts

@@ -1,15 +1,19 @@
 import { RequestInit, Response } from 'node-fetch';
-import { webTrigger } from './webTrigger';
 import { QueryApi } from '@forge/storage';
+import { authorize } from './authorization';
+import { Route } from './safeUrl';
+import { webTrigger } from './webTrigger';
 export declare type APIResponse = Pick<Response, 'json' | 'text' | 'arrayBuffer' | 'ok' | 'status' | 'statusText' | 'headers'>;
 export declare type FetchMethod = (url: string, init?: RequestInit) => Promise<APIResponse>;
+export declare type FetchMethodAllowingRoute = (url: string | Route, init?: RequestInit) => Promise<APIResponse>;
+export declare type RequestProductMethod = (url: Route, init?: RequestInit) => Promise<APIResponse>;
 export declare type FetchOptions = RequestInit;
-export interface FetchMethods {
-    requestJira: FetchMethod;
-    requestConfluence: FetchMethod;
+export interface RequestProductMethods {
+    requestJira: RequestProductMethod;
+    requestConfluence: RequestProductMethod;
 }
 export interface GraphQLFetchMethods {
-    requestGraph: (query: string, variables?: any) => Promise<APIResponse>;
+    requestGraph: (query: string, variables?: any, headers?: Record<string, any>) => Promise<APIResponse>;
 }
 export interface StorageMethods {
     get: (key: string) => Promise<any>;
@@ -22,7 +26,12 @@ export interface PropertiesAPI {
     onConfluencePage: (context: string) => StorageMethods;
     onConfluenceSpace: (context: string) => StorageMethods;
 }
-interface StorageAPI extends StorageMethods, QueryApi {
+export interface StorageAPI extends StorageMethods, QueryApi {
+}
+export interface ForgeStorageAPI extends StorageAPI {
+    getSecret: (key: string) => Promise<any>;
+    setSecret: (key: string, value: any) => Promise<void>;
+    deleteSecret: (key: string) => Promise<void>;
 }
 export interface StoreAPI extends PropertiesAPI {
     onJiraProject: (context: string) => StorageMethods;
@@ -30,28 +39,29 @@ export interface StoreAPI extends PropertiesAPI {
     onConfluencePage: (context: string) => StorageMethods;
     onConfluenceSpace: (context: string) => StorageMethods;
 }
-export interface FetchAPI extends FetchMethods {
-    asUser(): FetchMethods & GraphQLFetchMethods;
-    asApp(): FetchMethods & GraphQLFetchMethods;
-    fetch: FetchMethod;
+export interface FetchAPI extends RequestProductMethods {
+    asUser(): RequestProductMethods & GraphQLFetchMethods;
+    asApp(): RequestProductMethods & GraphQLFetchMethods;
+    fetch: FetchMethodAllowingRoute;
 }
 export interface ForgeAPI extends FetchAPI {
     store: StoreAPI;
 }
-declare const asUser: () => FetchMethods & GraphQLFetchMethods;
-declare const asApp: () => FetchMethods & GraphQLFetchMethods;
-declare const fetch: FetchMethod;
-declare const requestJira: FetchMethod;
-declare const requestConfluence: FetchMethod;
+declare const asUser: () => RequestProductMethods & GraphQLFetchMethods;
+declare const asApp: () => RequestProductMethods & GraphQLFetchMethods;
+declare const fetch: FetchMethodAllowingRoute;
+declare const requestJira: RequestProductMethod;
+declare const requestConfluence: RequestProductMethod;
 declare const store: PropertiesAPI;
-declare const storage: StorageAPI;
+declare const storage: ForgeStorageAPI;
 declare const properties: PropertiesAPI;
 declare const API: ForgeAPI;
 export declare const privacy: {
     reportPersonalData: (accounts: import("./privacy").Account[]) => Promise<import("./privacy").AccountUpdate[]>;
 };
 export default API;
-export { asUser, asApp, fetch, requestJira, requestConfluence, store, storage, properties, webTrigger };
+export { asUser, asApp, authorize, fetch, requestJira, requestConfluence, store, storage, properties, webTrigger };
 export { QueryBuilder, QueryApi, Condition, ListResult, Predicate, Result, Value } from '@forge/storage';
 export { startsWith } from '@forge/storage';
+export { route, assumeTrustedRoute, Route } from './safeUrl';
 //# sourceMappingURL=index.d.ts.map

package/out/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAInD,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAA8C,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAEtF,oBAAY,WAAW,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,aAAa,GAAG,IAAI,GAAG,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC,CAAC;AACvH,oBAAY,WAAW,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;AACpF,oBAAY,YAAY,GAAG,WAAW,CAAC;AAEvC,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,WAAW,CAAC;IACzB,iBAAiB,EAAE,WAAW,CAAC;CAChC;AAED,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,GAAG,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;CACxE;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IACnD,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IACjD,gBAAgB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IACtD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;CACxD;AAED,UAAU,UAAW,SAAQ,cAAc,EAAE,QAAQ;CAAG;AAMxD,MAAM,WAAW,QAAS,SAAQ,aAAa;IAK7C,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IAMnD,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IAMjD,gBAAgB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IAMtD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;CACxD;AAED,MAAM,WAAW,QAAS,SAAQ,YAAY;IAC5C,MAAM,IAAI,YAAY,GAAG,mBAAmB,CAAC;IAC7C,KAAK,IAAI,YAAY,GAAG,mBAAmB,CAAC;IAC5C,KAAK,EAAE,WAAW,CAAC;CACpB;AAED,MAAM,WAAW,QAAS,SAAQ,QAAQ;IACxC,KAAK,EAAE,QAAQ,CAAC;CACjB;AAaD,QAAA,MAAM,MAAM,QApBA,YAAY,GAAG,mBAoBG,CAAC;AAC/B,QAAA,MAAM,KAAK,QApBA,YAAY,GAAG,mBAoBE,CAAC;AAC7B,QAAA,MAAM,KAAK,aAAiB,CAAC;AAC7B,QAAA,MAAM,WAAW,aAAuB,CAAC;AACzC,QAAA,MAAM,iBAAiB,aAA6B,CAAC;AAerD,QAAA,MAAM,KAAK,eAA0B,CAAC;AACtC,QAAA,MAAM,OAAO,EAAE,UAEd,CAAC;AAEF,QAAA,MAAM,UAAU,EAAE,aAA6B,CAAC;AAEhD,QAAA,MAAM,GAAG,EAAE,QAGV,CAAC;AAEF,eAAO,MAAM,OAAO;;CAEnB,CAAC;AAEF,eAAe,GAAG,CAAC;AACnB,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AACxG,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACzG,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AACnD,OAAO,EAA8C,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAGtF,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAG5C,OAAO,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC;AAClC,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAE1C,oBAAY,WAAW,GAAG,IAAI,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,GAAG,aAAa,GAAG,IAAI,GAAG,QAAQ,GAAG,YAAY,GAAG,SAAS,CAAC,CAAC;AACvH,oBAAY,WAAW,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;AACpF,oBAAY,wBAAwB,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,KAAK,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;AACzG,oBAAY,oBAAoB,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;AAC5F,oBAAY,YAAY,GAAG,WAAW,CAAC;AAEvC,MAAM,WAAW,qBAAqB;IACpC,WAAW,EAAE,oBAAoB,CAAC;IAClC,iBAAiB,EAAE,oBAAoB,CAAC;CACzC;AAED,MAAM,WAAW,mBAAmB;IAClC,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,KAAK,OAAO,CAAC,WAAW,CAAC,CAAC;CACvG;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IACnC,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxC;AAED,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IACnD,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IACjD,gBAAgB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IACtD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;CACxD;AAED,MAAM,WAAW,UAAW,SAAQ,cAAc,EAAE,QAAQ;CAAG;AAE/D,MAAM,WAAW,eAAgB,SAAQ,UAAU;IACjD,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IACzC,SAAS,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACtD,YAAY,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9C;AAMD,MAAM,WAAW,QAAS,SAAQ,aAAa;IAK7C,aAAa,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IAMnD,WAAW,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IAMjD,gBAAgB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;IAMtD,iBAAiB,EAAE,CAAC,OAAO,EAAE,MAAM,KAAK,cAAc,CAAC;CACxD;AAED,MAAM,WAAW,QAAS,SAAQ,qBAAqB;IACrD,MAAM,IAAI,qBAAqB,GAAG,mBAAmB,CAAC;IACtD,KAAK,IAAI,qBAAqB,GAAG,mBAAmB,CAAC;IACrD,KAAK,EAAE,wBAAwB,CAAC;CACjC;AAED,MAAM,WAAW,QAAS,SAAQ,QAAQ;IACxC,KAAK,EAAE,QAAQ,CAAC;CACjB;AAaD,QAAA,MAAM,MAAM,QApBA,qBAAqB,GAAG,mBAoBN,CAAC;AAC/B,QAAA,MAAM,KAAK,QApBA,qBAAqB,GAAG,mBAoBP,CAAC;AAC7B,QAAA,MAAM,KAAK,0BAAiB,CAAC;AAC7B,QAAA,MAAM,WAAW,sBAAuB,CAAC;AACzC,QAAA,MAAM,iBAAiB,sBAA6B,CAAC;AAerD,QAAA,MAAM,KAAK,eAA0B,CAAC;AACtC,QAAA,MAAM,OAAO,EAAE,eAEd,CAAC;AAEF,QAAA,MAAM,UAAU,EAAE,aAA6B,CAAC;AAEhD,QAAA,MAAM,GAAG,EAAE,QAGV,CAAC;AAEF,eAAO,MAAM,OAAO;;CAEnB,CAAC;AAEF,eAAe,GAAG,CAAC;AACnB,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,WAAW,EAAE,iBAAiB,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,CAAC;AACnH,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,SAAS,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AACzG,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAE5C,OAAO,EAAE,KAAK,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,WAAW,CAAC"}

package/out/index.js

@@ -1,12 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.webTrigger = exports.properties = exports.storage = exports.store = exports.requestConfluence = exports.requestJira = exports.fetch = exports.asApp = exports.asUser = exports.privacy = void 0;
+exports.webTrigger = exports.properties = exports.storage = exports.store = exports.requestConfluence = exports.requestJira = exports.fetch = exports.authorize = exports.asApp = exports.asUser = exports.privacy = void 0;
+const storage_1 = require("@forge/storage");
 const api_1 = require("./api");
+const authorization_1 = require("./authorization");
+Object.defineProperty(exports, "authorize", { enumerable: true, get: function () { return authorization_1.authorize; } });
 const properties_1 = require("./properties");
 const privacy_1 = require("./privacy");
 const webTrigger_1 = require("./webTrigger");
 Object.defineProperty(exports, "webTrigger", { enumerable: true, get: function () { return webTrigger_1.webTrigger; } });
-const storage_1 = require("@forge/storage");
 function withDeprecatedMessage(method, message) {
     const wrappedMethod = (...args) => {
         console.warn(message);
@@ -46,3 +48,6 @@ exports.privacy = {
 exports.default = API;
 var storage_2 = require("@forge/storage");
 Object.defineProperty(exports, "startsWith", { enumerable: true, get: function () { return storage_2.startsWith; } });
+var safeUrl_1 = require("./safeUrl");
+Object.defineProperty(exports, "route", { enumerable: true, get: function () { return safeUrl_1.route; } });
+Object.defineProperty(exports, "assumeTrustedRoute", { enumerable: true, get: function () { return safeUrl_1.assumeTrustedRoute; } });

package/out/properties/confluence-page.d.ts

@@ -1,8 +1,7 @@
-import { FetchMethod } from '../index';
+import { RequestProductMethod } from '../index';
 import { ConfluenceVersionedStorage } from './confluence-versioned-storage';
 export declare class ConfluencePageStorage extends ConfluenceVersionedStorage {
-    private static readonly API_PATH;
-    constructor(pageId: string, apiClient: FetchMethod);
+    constructor(pageId: string, apiClient: RequestProductMethod);
     set(key: string, value: any): Promise<void>;
 }
 //# sourceMappingURL=confluence-page.d.ts.map

package/out/properties/confluence-page.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"confluence-page.d.ts","sourceRoot":"","sources":["../../src/properties/confluence-page.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAE5E,qBAAa,qBAAsB,SAAQ,0BAA0B;IACnE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAA6B;gBAEjD,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW;IAM5C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;CAGlD"}
+{"version":3,"file":"confluence-page.d.ts","sourceRoot":"","sources":["../../src/properties/confluence-page.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAE5E,qBAAa,qBAAsB,SAAQ,0BAA0B;gBACvD,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,oBAAoB;IAMrD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;CAGlD"}

package/out/properties/confluence-page.js

@@ -1,10 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ConfluencePageStorage = void 0;
+const safeUrl_1 = require("../safeUrl");
 const confluence_versioned_storage_1 = require("./confluence-versioned-storage");
 class ConfluencePageStorage extends confluence_versioned_storage_1.ConfluenceVersionedStorage {
     constructor(pageId, apiClient) {
-        const storageApiPath = `${ConfluencePageStorage.API_PATH}${pageId}/property`;
+        const storageApiPath = (key) => safeUrl_1.route `/wiki/rest/api/content/${pageId}/property/${key}`;
         super(storageApiPath, apiClient);
     }
     async set(key, value) {
@@ -12,4 +13,3 @@ class ConfluencePageStorage extends confluence_versioned_storage_1.ConfluenceVer
     }
 }
 exports.ConfluencePageStorage = ConfluencePageStorage;
-ConfluencePageStorage.API_PATH = '/wiki/rest/api/content/';

package/out/properties/confluence-space.d.ts

@@ -1,8 +1,7 @@
-import { FetchMethod } from '../index';
+import { RequestProductMethod } from '../index';
 import { ConfluenceVersionedStorage } from './confluence-versioned-storage';
 export declare class ConfluenceSpaceStorage extends ConfluenceVersionedStorage {
-    private static readonly API_PATH;
-    constructor(spaceId: string, apiClient: FetchMethod);
+    constructor(spaceId: string, apiClient: RequestProductMethod);
     set(key: string, value: any): Promise<void>;
 }
 //# sourceMappingURL=confluence-space.d.ts.map

package/out/properties/confluence-space.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"confluence-space.d.ts","sourceRoot":"","sources":["../../src/properties/confluence-space.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AACvC,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAE5E,qBAAa,sBAAuB,SAAQ,0BAA0B;IACpE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAA2B;gBAE/C,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW;IAM7C,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;CAGlD"}
+{"version":3,"file":"confluence-space.d.ts","sourceRoot":"","sources":["../../src/properties/confluence-space.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,0BAA0B,EAAE,MAAM,gCAAgC,CAAC;AAE5E,qBAAa,sBAAuB,SAAQ,0BAA0B;gBACxD,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,oBAAoB;IAMtD,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;CAGlD"}

package/out/properties/confluence-space.js

@@ -1,10 +1,11 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ConfluenceSpaceStorage = void 0;
+const safeUrl_1 = require("../safeUrl");
 const confluence_versioned_storage_1 = require("./confluence-versioned-storage");
 class ConfluenceSpaceStorage extends confluence_versioned_storage_1.ConfluenceVersionedStorage {
     constructor(spaceId, apiClient) {
-        const storageApiPath = `${ConfluenceSpaceStorage.API_PATH}${spaceId}/property`;
+        const storageApiPath = (key) => safeUrl_1.route `/wiki/rest/api/space/${spaceId}/property/${key}`;
         super(storageApiPath, apiClient);
     }
     async set(key, value) {
@@ -12,4 +13,3 @@ class ConfluenceSpaceStorage extends confluence_versioned_storage_1.ConfluenceVe
     }
 }
 exports.ConfluenceSpaceStorage = ConfluenceSpaceStorage;
-ConfluenceSpaceStorage.API_PATH = '/wiki/rest/api/space/';

package/out/properties/confluence-versioned-storage.js

@@ -5,7 +5,7 @@ const product_scoped_storage_1 = require("./product-scoped-storage");
 const storage_1 = require("@forge/storage");
 class ConfluenceVersionedStorage extends product_scoped_storage_1.ProductScopedStorage {
     async versionedSet(key, value) {
-        const versionResponse = await this.apiClient(`${this.storageApiPath}/${key}`);
+        const versionResponse = await this.apiClient(this.storageApiPath(key));
         if (!versionResponse.ok && versionResponse.status !== 404) {
             throw storage_1.APIError.forStatus(versionResponse.status);
         }
@@ -17,7 +17,7 @@ class ConfluenceVersionedStorage extends product_scoped_storage_1.ProductScopedS
                 number: updatedVersionNumber
             }
         };
-        await this.apiClient(`${this.storageApiPath}/${key}`, this.buildSetRequestOptions(requestBody, requestMethod));
+        await this.apiClient(this.storageApiPath(key), this.buildSetRequestOptions(requestBody, requestMethod));
     }
     async getUpdatedVersion(versionResponse) {
         if (!versionResponse.ok) {

package/out/properties/jira-issue.d.ts

@@ -1,7 +1,6 @@
 import { ProductScopedStorage } from './product-scoped-storage';
-import { FetchMethod } from '../index';
+import { RequestProductMethod } from '../index';
 export declare class JiraIssueStorage extends ProductScopedStorage {
-    private static readonly API_PATH;
-    constructor(issueKey: string, apiClient: FetchMethod);
+    constructor(issueKey: string, apiClient: RequestProductMethod);
 }
 //# sourceMappingURL=jira-issue.d.ts.map

package/out/properties/jira-issue.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jira-issue.d.ts","sourceRoot":"","sources":["../../src/properties/jira-issue.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,qBAAa,gBAAiB,SAAQ,oBAAoB;IACxD,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAwB;gBAE5C,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW;CAKrD"}
+{"version":3,"file":"jira-issue.d.ts","sourceRoot":"","sources":["../../src/properties/jira-issue.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAGhD,qBAAa,gBAAiB,SAAQ,oBAAoB;gBAC5C,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,oBAAoB;CAK9D"}

package/out/properties/jira-issue.js

@@ -2,11 +2,11 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JiraIssueStorage = void 0;
 const product_scoped_storage_1 = require("./product-scoped-storage");
+const safeUrl_1 = require("../safeUrl");
 class JiraIssueStorage extends product_scoped_storage_1.ProductScopedStorage {
     constructor(issueKey, apiClient) {
-        const storageApiPath = `${JiraIssueStorage.API_PATH}${issueKey}/properties`;
+        const storageApiPath = (key) => safeUrl_1.route `/rest/api/3/issue/${issueKey}/properties/${key}`;
         super(storageApiPath, apiClient);
     }
 }
 exports.JiraIssueStorage = JiraIssueStorage;
-JiraIssueStorage.API_PATH = '/rest/api/3/issue/';

package/out/properties/jira-project.d.ts

@@ -1,7 +1,6 @@
 import { ProductScopedStorage } from './product-scoped-storage';
-import { FetchMethod } from '../index';
+import { RequestProductMethod } from '../index';
 export declare class JiraProjectStorage extends ProductScopedStorage {
-    private static readonly API_PATH;
-    constructor(projectKey: string, apiClient: FetchMethod);
+    constructor(projectKey: string, apiClient: RequestProductMethod);
 }
 //# sourceMappingURL=jira-project.d.ts.map

package/out/properties/jira-project.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"jira-project.d.ts","sourceRoot":"","sources":["../../src/properties/jira-project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,qBAAa,kBAAmB,SAAQ,oBAAoB;IAC1D,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAA0B;gBAE9C,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,WAAW;CAKvD"}
+{"version":3,"file":"jira-project.d.ts","sourceRoot":"","sources":["../../src/properties/jira-project.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AAChE,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAGhD,qBAAa,kBAAmB,SAAQ,oBAAoB;gBAC9C,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,oBAAoB;CAKhE"}

package/out/properties/jira-project.js

@@ -2,11 +2,11 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.JiraProjectStorage = void 0;
 const product_scoped_storage_1 = require("./product-scoped-storage");
+const safeUrl_1 = require("../safeUrl");
 class JiraProjectStorage extends product_scoped_storage_1.ProductScopedStorage {
     constructor(projectKey, apiClient) {
-        const storageApiPath = `${JiraProjectStorage.API_PATH}${projectKey}/properties`;
+        const storageApiPath = (key) => safeUrl_1.route `/rest/api/3/project/${projectKey}/properties/${key}`;
         super(storageApiPath, apiClient);
     }
 }
 exports.JiraProjectStorage = JiraProjectStorage;
-JiraProjectStorage.API_PATH = '/rest/api/3/project/';

package/out/properties/product-scoped-storage.d.ts

@@ -1,9 +1,10 @@
 import { StorageAdapter } from './storage-adapter';
-import { FetchMethod } from '../index';
+import { RequestProductMethod } from '../index';
+import { Route } from '../safeUrl';
 export declare class ProductScopedStorage implements StorageAdapter {
-    protected storageApiPath: string;
-    protected apiClient: FetchMethod;
-    constructor(storageApiPath: string, apiClient: FetchMethod);
+    protected storageApiPath: (key: string) => Route;
+    protected apiClient: RequestProductMethod;
+    constructor(storageApiPath: (key: string) => Route, apiClient: RequestProductMethod);
     get(key: string): Promise<any>;
     set(key: string, value: any): Promise<void>;
     delete(key: string): Promise<void>;

package/out/properties/product-scoped-storage.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"product-scoped-storage.d.ts","sourceRoot":"","sources":["../../src/properties/product-scoped-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,UAAU,CAAC;AAEvC,qBAAa,oBAAqB,YAAW,cAAc;IAC7C,SAAS,CAAC,cAAc,EAAE,MAAM;IAAE,SAAS,CAAC,SAAS,EAAE,WAAW;gBAAxD,cAAc,EAAE,MAAM,EAAY,SAAS,EAAE,WAAW;IAExE,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAe9B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ3C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQxC,SAAS,CAAC,sBAAsB,CAAC,WAAW,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,GAAG,MAAM;;;;;;;CASjF"}
+{"version":3,"file":"product-scoped-storage.d.ts","sourceRoot":"","sources":["../../src/properties/product-scoped-storage.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAEnD,OAAO,EAAE,oBAAoB,EAAE,MAAM,UAAU,CAAC;AAEhD,OAAO,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAEnC,qBAAa,oBAAqB,YAAW,cAAc;IAC7C,SAAS,CAAC,cAAc,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,KAAK;IAAE,SAAS,CAAC,SAAS,EAAE,oBAAoB;gBAAjF,cAAc,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,KAAK,EAAY,SAAS,EAAE,oBAAoB;IAEjG,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC;IAe9B,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAQ3C,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAQxC,SAAS,CAAC,sBAAsB,CAAC,WAAW,EAAE,GAAG,EAAE,aAAa,EAAE,KAAK,GAAG,MAAM;;;;;;;CASjF"}

package/out/properties/product-scoped-storage.js

@@ -8,7 +8,7 @@ class ProductScopedStorage {
         this.apiClient = apiClient;
     }
     async get(key) {
-        const response = await this.apiClient(`${this.storageApiPath}/${key}`);
+        const response = await this.apiClient(this.storageApiPath(key));
         if (!response.ok) {
             if (/400|401|403|404/.test(response.status.toString())) {
                 return undefined;
@@ -19,13 +19,13 @@ class ProductScopedStorage {
         return value;
     }
     async set(key, value) {
-        const response = await this.apiClient(`${this.storageApiPath}/${key}`, this.buildSetRequestOptions(value, 'PUT'));
+        const response = await this.apiClient(this.storageApiPath(key), this.buildSetRequestOptions(value, 'PUT'));
         if (!response.ok) {
             throw storage_1.APIError.forStatus(response.status);
         }
     }
     async delete(key) {
-        const response = await this.apiClient(`${this.storageApiPath}/${key}`, { method: 'DELETE' });
+        const response = await this.apiClient(this.storageApiPath(key), { method: 'DELETE' });
         if (!response.ok) {
             throw storage_1.APIError.forStatus(response.status);
         }

package/out/safeUrl.d.ts

@@ -0,0 +1,8 @@
+export declare type Route = {
+    readonly value: string;
+};
+export declare function isRoute(x: unknown): x is Route;
+export declare function route(path: TemplateStringsArray, ...parameters: (string | number | URLSearchParams | Route)[]): Route;
+export declare function requireSafeUrl(url: unknown): Route;
+export declare function assumeTrustedRoute(route: string): Route;
+//# sourceMappingURL=safeUrl.d.ts.map

package/out/safeUrl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"safeUrl.d.ts","sourceRoot":"","sources":["../src/safeUrl.ts"],"names":[],"mappings":"AAAA,oBAAY,KAAK,GAAG;IAClB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB,CAAC;AAcF,wBAAgB,OAAO,CAAC,CAAC,EAAE,OAAO,GAAG,CAAC,IAAI,KAAK,CAE9C;AAED,wBAAgB,KAAK,CAAC,IAAI,EAAE,oBAAoB,EAAE,GAAG,UAAU,EAAE,CAAC,MAAM,GAAG,MAAM,GAAG,eAAe,GAAG,KAAK,CAAC,EAAE,GAAG,KAAK,CAqBrH;AAED,wBAAgB,cAAc,CAAC,GAAG,EAAE,OAAO,GAAG,KAAK,CASlD;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,KAAK,CAEvD"}

package/out/safeUrl.js

@@ -0,0 +1,53 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.assumeTrustedRoute = exports.requireSafeUrl = exports.route = exports.isRoute = void 0;
+class ReadonlyRoute {
+    constructor(value_) {
+        this.value_ = value_;
+    }
+    set value(_) {
+        throw new Error('modification of a Route is not allowed');
+    }
+    get value() {
+        return this.value_;
+    }
+}
+function isRoute(x) {
+    return x instanceof ReadonlyRoute;
+}
+exports.isRoute = isRoute;
+function route(path, ...parameters) {
+    let fullPath = '';
+    for (let i = 0; i < path.length; i++) {
+        fullPath += path[i];
+        if (i < parameters.length) {
+            const parameter = parameters[i];
+            if (parameter === '..') {
+                throw new Error('Disallowing path traversal attempt');
+            }
+            else if (isRoute(parameter)) {
+                fullPath += parameter.value;
+            }
+            else if (parameter instanceof URLSearchParams) {
+                fullPath += parameter.toString();
+            }
+            else {
+                fullPath += encodeURIComponent(parameter);
+            }
+        }
+    }
+    return new ReadonlyRoute(fullPath);
+}
+exports.route = route;
+function requireSafeUrl(url) {
+    if (url instanceof ReadonlyRoute) {
+        return url;
+    }
+    throw new Error(`You must create your route using the 'route' export from '@forge/api'.
+See https://go.atlassian.com/forge-fetch-route for more information.`);
+}
+exports.requireSafeUrl = requireSafeUrl;
+function assumeTrustedRoute(route) {
+    return new ReadonlyRoute(route);
+}
+exports.assumeTrustedRoute = assumeTrustedRoute;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forge/api",
-  "version": "0.0.0-experimental-4e6084f",
+  "version": "0.0.0-experimental-d18f8dd",
   "description": "Forge API methods",
   "author": "Atlassian",
   "license": "UNLICENSED",
@@ -15,7 +15,8 @@
     "@types/node": "^12.12.63"
   },
   "dependencies": {
-    "@forge/storage": "^0.0.0-experimental-4e6084f",
+    "@forge/auth": "^0.0.0-experimental-d18f8dd",
+    "@forge/storage": "^0.0.0-experimental-d18f8dd",
     "@types/node-fetch": "^2.5.7",
     "node-fetch": "^2.6.1"
   }