@hubspot/app-connect-sdk 1.0.0-alpha.2 → 1.0.0-alpha.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (721) hide show
  1. package/.turbo/turbo-format$colon$check.log +1 -1
  2. package/.turbo/turbo-test.log +93 -52
  3. package/.turbo/turbo-tsdown.log +475 -472
  4. package/build/tsconfig.browser.tsbuildinfo +1 -1
  5. package/build/tsconfig.server.tsbuildinfo +1 -1
  6. package/dist/browser/{HubSpotAppConnect-BW45gyDs.js → HubSpotAppConnect-DFe9b90e.js} +4 -3
  7. package/dist/browser/HubSpotAppConnect-DFe9b90e.js.map +1 -0
  8. package/dist/browser/{create-vctOhpX9.js → create-BNQazCF-.js} +277 -86
  9. package/dist/browser/create-BNQazCF-.js.map +1 -0
  10. package/dist/browser/index.d.ts +2 -2
  11. package/dist/browser/index.js +1 -1
  12. package/dist/browser/react/lovable.d.ts +9 -2
  13. package/dist/browser/react/lovable.js +7 -4
  14. package/dist/browser/react/lovable.js.map +1 -1
  15. package/dist/browser/react.d.ts +2 -3
  16. package/dist/browser/react.js +1 -1
  17. package/dist/browser/{types-rTQw6A54.d.ts → types-DkAmHcZt.d.ts} +22 -7
  18. package/dist/server/api-client-core/apis/account/account-info-types.generated.d.ts +73 -85
  19. package/dist/server/api-client-core/apis/account/account-info.generated.d.ts +3 -3
  20. package/dist/server/api-client-core/apis/account/account-info.generated.js +4 -3
  21. package/dist/server/api-client-core/apis/account/account-info.generated.js.map +1 -1
  22. package/dist/server/api-client-core/apis/account/audit-logs-types.generated.d.ts +203 -215
  23. package/dist/server/api-client-core/apis/account/audit-logs.generated.d.ts +3 -3
  24. package/dist/server/api-client-core/apis/account/audit-logs.generated.js +4 -3
  25. package/dist/server/api-client-core/apis/account/audit-logs.generated.js.map +1 -1
  26. package/dist/server/api-client-core/apis/auth/oauth-types.generated.d.ts +78 -90
  27. package/dist/server/api-client-core/apis/auth/oauth.generated.d.ts +1 -1
  28. package/dist/server/api-client-core/apis/auth/oauth.generated.js +3 -2
  29. package/dist/server/api-client-core/apis/auth/oauth.generated.js.map +1 -1
  30. package/dist/server/api-client-core/apis/automation/actions-types.generated.d.ts +779 -794
  31. package/dist/server/api-client-core/apis/automation/actions.generated.d.ts +6 -3
  32. package/dist/server/api-client-core/apis/automation/actions.generated.js +101 -102
  33. package/dist/server/api-client-core/apis/automation/actions.generated.js.map +1 -1
  34. package/dist/server/api-client-core/apis/automation/sequences-types.generated.d.ts +370 -382
  35. package/dist/server/api-client-core/apis/automation/sequences.generated.d.ts +1 -1
  36. package/dist/server/api-client-core/apis/automation/sequences.generated.js +3 -2
  37. package/dist/server/api-client-core/apis/automation/sequences.generated.js.map +1 -1
  38. package/dist/server/api-client-core/apis/business-units-types.generated.d.ts +43 -55
  39. package/dist/server/api-client-core/apis/business-units.generated.d.ts +3 -3
  40. package/dist/server/api-client-core/apis/business-units.generated.js +4 -3
  41. package/dist/server/api-client-core/apis/business-units.generated.js.map +1 -1
  42. package/dist/server/api-client-core/apis/cms/authors-types.generated.d.ts +420 -445
  43. package/dist/server/api-client-core/apis/cms/authors.generated.d.ts +4 -3
  44. package/dist/server/api-client-core/apis/cms/authors.generated.js +155 -158
  45. package/dist/server/api-client-core/apis/cms/authors.generated.js.map +1 -1
  46. package/dist/server/api-client-core/apis/cms/blog-settings-types.generated.d.ts +270 -295
  47. package/dist/server/api-client-core/apis/cms/blog-settings.generated.d.ts +4 -3
  48. package/dist/server/api-client-core/apis/cms/blog-settings.generated.js +35 -38
  49. package/dist/server/api-client-core/apis/cms/blog-settings.generated.js.map +1 -1
  50. package/dist/server/api-client-core/apis/cms/cms-content-audit-types.generated.d.ts +107 -131
  51. package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.d.ts +3 -3
  52. package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js +6 -5
  53. package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js.map +1 -1
  54. package/dist/server/api-client-core/apis/cms/domains-types.generated.d.ts +155 -167
  55. package/dist/server/api-client-core/apis/cms/domains.generated.d.ts +2 -2
  56. package/dist/server/api-client-core/apis/cms/domains.generated.js +3 -2
  57. package/dist/server/api-client-core/apis/cms/domains.generated.js.map +1 -1
  58. package/dist/server/api-client-core/apis/cms/hubdb-types.generated.d.ts +876 -889
  59. package/dist/server/api-client-core/apis/cms/hubdb.generated.d.ts +4 -3
  60. package/dist/server/api-client-core/apis/cms/hubdb.generated.js +184 -185
  61. package/dist/server/api-client-core/apis/cms/hubdb.generated.js.map +1 -1
  62. package/dist/server/api-client-core/apis/cms/media-bridge-types.generated.d.ts +1550 -1575
  63. package/dist/server/api-client-core/apis/cms/media-bridge.generated.d.ts +4 -3
  64. package/dist/server/api-client-core/apis/cms/media-bridge.generated.js +161 -164
  65. package/dist/server/api-client-core/apis/cms/media-bridge.generated.js.map +1 -1
  66. package/dist/server/api-client-core/apis/cms/pages-types.generated.d.ts +1583 -1547
  67. package/dist/server/api-client-core/apis/cms/pages.generated.d.ts +15 -3
  68. package/dist/server/api-client-core/apis/cms/pages.generated.js +335 -326
  69. package/dist/server/api-client-core/apis/cms/pages.generated.js.map +1 -1
  70. package/dist/server/api-client-core/apis/cms/posts-types.generated.d.ts +900 -904
  71. package/dist/server/api-client-core/apis/cms/posts.generated.d.ts +7 -3
  72. package/dist/server/api-client-core/apis/cms/posts.generated.js +197 -196
  73. package/dist/server/api-client-core/apis/cms/posts.generated.js.map +1 -1
  74. package/dist/server/api-client-core/apis/cms/site-search-types.generated.d.ts +162 -174
  75. package/dist/server/api-client-core/apis/cms/site-search.generated.d.ts +3 -3
  76. package/dist/server/api-client-core/apis/cms/site-search.generated.js +4 -3
  77. package/dist/server/api-client-core/apis/cms/site-search.generated.js.map +1 -1
  78. package/dist/server/api-client-core/apis/cms/source-code-types.generated.d.ts +148 -172
  79. package/dist/server/api-client-core/apis/cms/source-code.generated.d.ts +3 -3
  80. package/dist/server/api-client-core/apis/cms/source-code.generated.js +40 -43
  81. package/dist/server/api-client-core/apis/cms/source-code.generated.js.map +1 -1
  82. package/dist/server/api-client-core/apis/cms/tags-types.generated.d.ts +406 -420
  83. package/dist/server/api-client-core/apis/cms/tags.generated.d.ts +5 -3
  84. package/dist/server/api-client-core/apis/cms/tags.generated.js +157 -158
  85. package/dist/server/api-client-core/apis/cms/tags.generated.js.map +1 -1
  86. package/dist/server/api-client-core/apis/cms/url-mappings-types.generated.d.ts +127 -139
  87. package/dist/server/api-client-core/apis/cms/url-mappings.generated.d.ts +3 -3
  88. package/dist/server/api-client-core/apis/cms/url-mappings.generated.js +4 -3
  89. package/dist/server/api-client-core/apis/cms/url-mappings.generated.js.map +1 -1
  90. package/dist/server/api-client-core/apis/cms/url-redirects-types.generated.d.ts +170 -182
  91. package/dist/server/api-client-core/apis/cms/url-redirects.generated.d.ts +3 -3
  92. package/dist/server/api-client-core/apis/cms/url-redirects.generated.js +4 -3
  93. package/dist/server/api-client-core/apis/cms/url-redirects.generated.js.map +1 -1
  94. package/dist/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.d.ts +728 -742
  95. package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.d.ts +5 -3
  96. package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js +66 -69
  97. package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js.map +1 -1
  98. package/dist/server/api-client-core/apis/conversations/custom-channels-types.generated.d.ts +445 -471
  99. package/dist/server/api-client-core/apis/conversations/custom-channels.generated.d.ts +5 -3
  100. package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js +70 -73
  101. package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js.map +1 -1
  102. package/dist/server/api-client-core/apis/conversations/visitor-identification-types.generated.d.ts +28 -40
  103. package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.d.ts +3 -3
  104. package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js +3 -2
  105. package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js.map +1 -1
  106. package/dist/server/api-client-core/apis/conversations-types.generated.d.ts +768 -781
  107. package/dist/server/api-client-core/apis/conversations.generated.d.ts +4 -3
  108. package/dist/server/api-client-core/apis/conversations.generated.js +101 -102
  109. package/dist/server/api-client-core/apis/conversations.generated.js.map +1 -1
  110. package/dist/server/api-client-core/apis/crm/app-uninstalls-types.generated.d.ts +8 -19
  111. package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.d.ts +3 -3
  112. package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js +3 -2
  113. package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js.map +1 -1
  114. package/dist/server/api-client-core/apis/crm/appointments-types.generated.d.ts +887 -891
  115. package/dist/server/api-client-core/apis/crm/appointments.generated.d.ts +7 -3
  116. package/dist/server/api-client-core/apis/crm/appointments.generated.js +105 -106
  117. package/dist/server/api-client-core/apis/crm/appointments.generated.js.map +1 -1
  118. package/dist/server/api-client-core/apis/crm/associations-schema-types.generated.d.ts +247 -260
  119. package/dist/server/api-client-core/apis/crm/associations-schema.generated.d.ts +4 -3
  120. package/dist/server/api-client-core/apis/crm/associations-schema.generated.js +48 -49
  121. package/dist/server/api-client-core/apis/crm/associations-schema.generated.js.map +1 -1
  122. package/dist/server/api-client-core/apis/crm/associations-types.generated.d.ts +576 -590
  123. package/dist/server/api-client-core/apis/crm/associations.generated.d.ts +5 -3
  124. package/dist/server/api-client-core/apis/crm/associations.generated.js +71 -72
  125. package/dist/server/api-client-core/apis/crm/associations.generated.js.map +1 -1
  126. package/dist/server/api-client-core/apis/crm/calling-extensions-types.generated.d.ts +355 -379
  127. package/dist/server/api-client-core/apis/crm/calling-extensions.generated.d.ts +3 -3
  128. package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js +34 -37
  129. package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js.map +1 -1
  130. package/dist/server/api-client-core/apis/crm/calls-types.generated.d.ts +755 -769
  131. package/dist/server/api-client-core/apis/crm/calls.generated.d.ts +5 -3
  132. package/dist/server/api-client-core/apis/crm/calls.generated.js +58 -57
  133. package/dist/server/api-client-core/apis/crm/calls.generated.js.map +1 -1
  134. package/dist/server/api-client-core/apis/crm/carts-types.generated.d.ts +755 -769
  135. package/dist/server/api-client-core/apis/crm/carts.generated.d.ts +5 -3
  136. package/dist/server/api-client-core/apis/crm/carts.generated.js +58 -57
  137. package/dist/server/api-client-core/apis/crm/carts.generated.js.map +1 -1
  138. package/dist/server/api-client-core/apis/crm/commerce-payments-types.generated.d.ts +755 -769
  139. package/dist/server/api-client-core/apis/crm/commerce-payments.generated.d.ts +5 -3
  140. package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js +58 -57
  141. package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js.map +1 -1
  142. package/dist/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.d.ts +752 -766
  143. package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.d.ts +5 -3
  144. package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js +58 -57
  145. package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js.map +1 -1
  146. package/dist/server/api-client-core/apis/crm/communications-types.generated.d.ts +755 -769
  147. package/dist/server/api-client-core/apis/crm/communications.generated.d.ts +5 -3
  148. package/dist/server/api-client-core/apis/crm/communications.generated.js +58 -57
  149. package/dist/server/api-client-core/apis/crm/communications.generated.js.map +1 -1
  150. package/dist/server/api-client-core/apis/crm/companies-types.generated.d.ts +769 -795
  151. package/dist/server/api-client-core/apis/crm/companies.generated.d.ts +5 -3
  152. package/dist/server/api-client-core/apis/crm/companies.generated.js +59 -58
  153. package/dist/server/api-client-core/apis/crm/companies.generated.js.map +1 -1
  154. package/dist/server/api-client-core/apis/crm/contacts-types.generated.d.ts +786 -812
  155. package/dist/server/api-client-core/apis/crm/contacts.generated.d.ts +5 -3
  156. package/dist/server/api-client-core/apis/crm/contacts.generated.js +60 -61
  157. package/dist/server/api-client-core/apis/crm/contacts.generated.js.map +1 -1
  158. package/dist/server/api-client-core/apis/crm/contracts-types.generated.d.ts +796 -777
  159. package/dist/server/api-client-core/apis/crm/contracts.generated.d.ts +8 -3
  160. package/dist/server/api-client-core/apis/crm/contracts.generated.js +60 -57
  161. package/dist/server/api-client-core/apis/crm/contracts.generated.js.map +1 -1
  162. package/dist/server/api-client-core/apis/crm/courses-types.generated.d.ts +758 -772
  163. package/dist/server/api-client-core/apis/crm/courses.generated.d.ts +5 -3
  164. package/dist/server/api-client-core/apis/crm/courses.generated.js +58 -57
  165. package/dist/server/api-client-core/apis/crm/courses.generated.js.map +1 -1
  166. package/dist/server/api-client-core/apis/crm/crm-owners-types.generated.d.ts +103 -115
  167. package/dist/server/api-client-core/apis/crm/crm-owners.generated.d.ts +3 -3
  168. package/dist/server/api-client-core/apis/crm/crm-owners.generated.js +4 -3
  169. package/dist/server/api-client-core/apis/crm/crm-owners.generated.js.map +1 -1
  170. package/dist/server/api-client-core/apis/crm/custom-objects-types.generated.d.ts +833 -848
  171. package/dist/server/api-client-core/apis/crm/custom-objects.generated.d.ts +6 -3
  172. package/dist/server/api-client-core/apis/crm/custom-objects.generated.js +91 -90
  173. package/dist/server/api-client-core/apis/crm/custom-objects.generated.js.map +1 -1
  174. package/dist/server/api-client-core/apis/crm/deal-splits-types.generated.d.ts +158 -170
  175. package/dist/server/api-client-core/apis/crm/deal-splits.generated.d.ts +3 -3
  176. package/dist/server/api-client-core/apis/crm/deal-splits.generated.js +4 -3
  177. package/dist/server/api-client-core/apis/crm/deal-splits.generated.js.map +1 -1
  178. package/dist/server/api-client-core/apis/crm/deals-types.generated.d.ts +771 -785
  179. package/dist/server/api-client-core/apis/crm/deals.generated.d.ts +5 -3
  180. package/dist/server/api-client-core/apis/crm/deals.generated.js +59 -58
  181. package/dist/server/api-client-core/apis/crm/deals.generated.js.map +1 -1
  182. package/dist/server/api-client-core/apis/crm/discounts-types.generated.d.ts +754 -768
  183. package/dist/server/api-client-core/apis/crm/discounts.generated.d.ts +5 -3
  184. package/dist/server/api-client-core/apis/crm/discounts.generated.js +58 -57
  185. package/dist/server/api-client-core/apis/crm/discounts.generated.js.map +1 -1
  186. package/dist/server/api-client-core/apis/crm/emails-types.generated.d.ts +755 -769
  187. package/dist/server/api-client-core/apis/crm/emails.generated.d.ts +5 -3
  188. package/dist/server/api-client-core/apis/crm/emails.generated.js +58 -57
  189. package/dist/server/api-client-core/apis/crm/emails.generated.js.map +1 -1
  190. package/dist/server/api-client-core/apis/crm/exports-types.generated.d.ts +227 -251
  191. package/dist/server/api-client-core/apis/crm/exports.generated.d.ts +2 -2
  192. package/dist/server/api-client-core/apis/crm/exports.generated.js +4 -5
  193. package/dist/server/api-client-core/apis/crm/exports.generated.js.map +1 -1
  194. package/dist/server/api-client-core/apis/crm/feedback-submissions-types.generated.d.ts +551 -565
  195. package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.d.ts +5 -3
  196. package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js +45 -46
  197. package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js.map +1 -1
  198. package/dist/server/api-client-core/apis/crm/fees-types.generated.d.ts +755 -769
  199. package/dist/server/api-client-core/apis/crm/fees.generated.d.ts +5 -3
  200. package/dist/server/api-client-core/apis/crm/fees.generated.js +58 -57
  201. package/dist/server/api-client-core/apis/crm/fees.generated.js.map +1 -1
  202. package/dist/server/api-client-core/apis/crm/goal-targets-types.generated.d.ts +755 -769
  203. package/dist/server/api-client-core/apis/crm/goal-targets.generated.d.ts +5 -3
  204. package/dist/server/api-client-core/apis/crm/goal-targets.generated.js +58 -57
  205. package/dist/server/api-client-core/apis/crm/goal-targets.generated.js.map +1 -1
  206. package/dist/server/api-client-core/apis/crm/imports-types.generated.d.ts +305 -329
  207. package/dist/server/api-client-core/apis/crm/imports.generated.d.ts +2 -2
  208. package/dist/server/api-client-core/apis/crm/imports.generated.js +20 -23
  209. package/dist/server/api-client-core/apis/crm/imports.generated.js.map +1 -1
  210. package/dist/server/api-client-core/apis/crm/invoices-types.generated.d.ts +755 -769
  211. package/dist/server/api-client-core/apis/crm/invoices.generated.d.ts +5 -3
  212. package/dist/server/api-client-core/apis/crm/invoices.generated.js +58 -57
  213. package/dist/server/api-client-core/apis/crm/invoices.generated.js.map +1 -1
  214. package/dist/server/api-client-core/apis/crm/leads-types.generated.d.ts +755 -769
  215. package/dist/server/api-client-core/apis/crm/leads.generated.d.ts +5 -3
  216. package/dist/server/api-client-core/apis/crm/leads.generated.js +58 -57
  217. package/dist/server/api-client-core/apis/crm/leads.generated.js.map +1 -1
  218. package/dist/server/api-client-core/apis/crm/limits-tracking-types.generated.d.ts +251 -263
  219. package/dist/server/api-client-core/apis/crm/limits-tracking.generated.d.ts +3 -3
  220. package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js +4 -3
  221. package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js.map +1 -1
  222. package/dist/server/api-client-core/apis/crm/line-items-types.generated.d.ts +755 -769
  223. package/dist/server/api-client-core/apis/crm/line-items.generated.d.ts +5 -3
  224. package/dist/server/api-client-core/apis/crm/line-items.generated.js +58 -57
  225. package/dist/server/api-client-core/apis/crm/line-items.generated.js.map +1 -1
  226. package/dist/server/api-client-core/apis/crm/listings-types.generated.d.ts +758 -772
  227. package/dist/server/api-client-core/apis/crm/listings.generated.d.ts +5 -3
  228. package/dist/server/api-client-core/apis/crm/listings.generated.js +58 -57
  229. package/dist/server/api-client-core/apis/crm/listings.generated.js.map +1 -1
  230. package/dist/server/api-client-core/apis/crm/lists-types.generated.d.ts +2075 -2111
  231. package/dist/server/api-client-core/apis/crm/lists.generated.d.ts +2 -2
  232. package/dist/server/api-client-core/apis/crm/lists.generated.js +97 -98
  233. package/dist/server/api-client-core/apis/crm/lists.generated.js.map +1 -1
  234. package/dist/server/api-client-core/apis/crm/meetings-types.generated.d.ts +755 -769
  235. package/dist/server/api-client-core/apis/crm/meetings.generated.d.ts +5 -3
  236. package/dist/server/api-client-core/apis/crm/meetings.generated.js +58 -57
  237. package/dist/server/api-client-core/apis/crm/meetings.generated.js.map +1 -1
  238. package/dist/server/api-client-core/apis/crm/notes-types.generated.d.ts +755 -769
  239. package/dist/server/api-client-core/apis/crm/notes.generated.d.ts +5 -3
  240. package/dist/server/api-client-core/apis/crm/notes.generated.js +58 -57
  241. package/dist/server/api-client-core/apis/crm/notes.generated.js.map +1 -1
  242. package/dist/server/api-client-core/apis/crm/object-library-types.generated.d.ts +24 -36
  243. package/dist/server/api-client-core/apis/crm/object-library.generated.d.ts +3 -3
  244. package/dist/server/api-client-core/apis/crm/object-library.generated.js +4 -3
  245. package/dist/server/api-client-core/apis/crm/object-library.generated.js.map +1 -1
  246. package/dist/server/api-client-core/apis/crm/objects-types.generated.d.ts +620 -645
  247. package/dist/server/api-client-core/apis/crm/objects.generated.d.ts +4 -3
  248. package/dist/server/api-client-core/apis/crm/objects.generated.js +66 -67
  249. package/dist/server/api-client-core/apis/crm/objects.generated.js.map +1 -1
  250. package/dist/server/api-client-core/apis/crm/orders-types.generated.d.ts +747 -761
  251. package/dist/server/api-client-core/apis/crm/orders.generated.d.ts +5 -3
  252. package/dist/server/api-client-core/apis/crm/orders.generated.js +58 -57
  253. package/dist/server/api-client-core/apis/crm/orders.generated.js.map +1 -1
  254. package/dist/server/api-client-core/apis/crm/partner-clients-types.generated.d.ts +646 -660
  255. package/dist/server/api-client-core/apis/crm/partner-clients.generated.d.ts +5 -3
  256. package/dist/server/api-client-core/apis/crm/partner-clients.generated.js +63 -62
  257. package/dist/server/api-client-core/apis/crm/partner-clients.generated.js.map +1 -1
  258. package/dist/server/api-client-core/apis/crm/partner-services-types.generated.d.ts +646 -660
  259. package/dist/server/api-client-core/apis/crm/partner-services.generated.d.ts +5 -3
  260. package/dist/server/api-client-core/apis/crm/partner-services.generated.js +63 -62
  261. package/dist/server/api-client-core/apis/crm/partner-services.generated.js.map +1 -1
  262. package/dist/server/api-client-core/apis/crm/pipelines-types.generated.d.ts +320 -332
  263. package/dist/server/api-client-core/apis/crm/pipelines.generated.d.ts +2 -2
  264. package/dist/server/api-client-core/apis/crm/pipelines.generated.js +3 -2
  265. package/dist/server/api-client-core/apis/crm/pipelines.generated.js.map +1 -1
  266. package/dist/server/api-client-core/apis/crm/postal-mail-types.generated.d.ts +744 -758
  267. package/dist/server/api-client-core/apis/crm/postal-mail.generated.d.ts +5 -3
  268. package/dist/server/api-client-core/apis/crm/postal-mail.generated.js +58 -57
  269. package/dist/server/api-client-core/apis/crm/postal-mail.generated.js.map +1 -1
  270. package/dist/server/api-client-core/apis/crm/products-types.generated.d.ts +747 -761
  271. package/dist/server/api-client-core/apis/crm/products.generated.d.ts +5 -3
  272. package/dist/server/api-client-core/apis/crm/products.generated.js +58 -57
  273. package/dist/server/api-client-core/apis/crm/products.generated.js.map +1 -1
  274. package/dist/server/api-client-core/apis/crm/projects-types.generated.d.ts +761 -787
  275. package/dist/server/api-client-core/apis/crm/projects.generated.d.ts +5 -3
  276. package/dist/server/api-client-core/apis/crm/projects.generated.js +59 -58
  277. package/dist/server/api-client-core/apis/crm/projects.generated.js.map +1 -1
  278. package/dist/server/api-client-core/apis/crm/properties-types.generated.d.ts +526 -528
  279. package/dist/server/api-client-core/apis/crm/properties.generated.d.ts +5 -3
  280. package/dist/server/api-client-core/apis/crm/properties.generated.js +79 -78
  281. package/dist/server/api-client-core/apis/crm/properties.generated.js.map +1 -1
  282. package/dist/server/api-client-core/apis/crm/property-validations-types.generated.d.ts +71 -83
  283. package/dist/server/api-client-core/apis/crm/property-validations.generated.d.ts +3 -3
  284. package/dist/server/api-client-core/apis/crm/property-validations.generated.js +4 -3
  285. package/dist/server/api-client-core/apis/crm/property-validations.generated.js.map +1 -1
  286. package/dist/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.d.ts +409 -433
  287. package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.d.ts +3 -3
  288. package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js +24 -25
  289. package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js.map +1 -1
  290. package/dist/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.d.ts +156 -169
  291. package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.d.ts +4 -3
  292. package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js +55 -56
  293. package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js.map +1 -1
  294. package/dist/server/api-client-core/apis/crm/quotes-types.generated.d.ts +747 -761
  295. package/dist/server/api-client-core/apis/crm/quotes.generated.d.ts +5 -3
  296. package/dist/server/api-client-core/apis/crm/quotes.generated.js +58 -57
  297. package/dist/server/api-client-core/apis/crm/quotes.generated.js.map +1 -1
  298. package/dist/server/api-client-core/apis/crm/schemas-types.generated.d.ts +575 -600
  299. package/dist/server/api-client-core/apis/crm/schemas.generated.d.ts +4 -3
  300. package/dist/server/api-client-core/apis/crm/schemas.generated.js +33 -34
  301. package/dist/server/api-client-core/apis/crm/schemas.generated.js.map +1 -1
  302. package/dist/server/api-client-core/apis/crm/services-types.generated.d.ts +750 -764
  303. package/dist/server/api-client-core/apis/crm/services.generated.d.ts +5 -3
  304. package/dist/server/api-client-core/apis/crm/services.generated.js +58 -57
  305. package/dist/server/api-client-core/apis/crm/services.generated.js.map +1 -1
  306. package/dist/server/api-client-core/apis/crm/tasks-types.generated.d.ts +747 -761
  307. package/dist/server/api-client-core/apis/crm/tasks.generated.d.ts +5 -3
  308. package/dist/server/api-client-core/apis/crm/tasks.generated.js +58 -57
  309. package/dist/server/api-client-core/apis/crm/tasks.generated.js.map +1 -1
  310. package/dist/server/api-client-core/apis/crm/taxes-types.generated.d.ts +747 -761
  311. package/dist/server/api-client-core/apis/crm/taxes.generated.d.ts +5 -3
  312. package/dist/server/api-client-core/apis/crm/taxes.generated.js +58 -57
  313. package/dist/server/api-client-core/apis/crm/taxes.generated.js.map +1 -1
  314. package/dist/server/api-client-core/apis/crm/tickets-types.generated.d.ts +764 -790
  315. package/dist/server/api-client-core/apis/crm/tickets.generated.d.ts +5 -3
  316. package/dist/server/api-client-core/apis/crm/tickets.generated.js +59 -58
  317. package/dist/server/api-client-core/apis/crm/tickets.generated.js.map +1 -1
  318. package/dist/server/api-client-core/apis/crm/timeline-types.generated.d.ts +136 -149
  319. package/dist/server/api-client-core/apis/crm/timeline.generated.d.ts +4 -3
  320. package/dist/server/api-client-core/apis/crm/timeline.generated.js +5 -6
  321. package/dist/server/api-client-core/apis/crm/timeline.generated.js.map +1 -1
  322. package/dist/server/api-client-core/apis/crm/transcriptions-types.generated.d.ts +104 -117
  323. package/dist/server/api-client-core/apis/crm/transcriptions.generated.d.ts +4 -3
  324. package/dist/server/api-client-core/apis/crm/transcriptions.generated.js +7 -10
  325. package/dist/server/api-client-core/apis/crm/transcriptions.generated.js.map +1 -1
  326. package/dist/server/api-client-core/apis/crm/users-types.generated.d.ts +747 -761
  327. package/dist/server/api-client-core/apis/crm/users.generated.d.ts +5 -3
  328. package/dist/server/api-client-core/apis/crm/users.generated.js +58 -57
  329. package/dist/server/api-client-core/apis/crm/users.generated.js.map +1 -1
  330. package/dist/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.d.ts +28 -40
  331. package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.d.ts +3 -3
  332. package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js +4 -3
  333. package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js.map +1 -1
  334. package/dist/server/api-client-core/apis/events/manage-event-definitions-types.generated.d.ts +909 -945
  335. package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.d.ts +3 -3
  336. package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js +29 -30
  337. package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js.map +1 -1
  338. package/dist/server/api-client-core/apis/events/send-event-completions-types.generated.d.ts +49 -62
  339. package/dist/server/api-client-core/apis/events/send-event-completions.generated.d.ts +4 -3
  340. package/dist/server/api-client-core/apis/events/send-event-completions.generated.js +4 -5
  341. package/dist/server/api-client-core/apis/events/send-event-completions.generated.js.map +1 -1
  342. package/dist/server/api-client-core/apis/events-types.generated.d.ts +99 -111
  343. package/dist/server/api-client-core/apis/events.generated.d.ts +3 -3
  344. package/dist/server/api-client-core/apis/events.generated.js +4 -3
  345. package/dist/server/api-client-core/apis/events.generated.js.map +1 -1
  346. package/dist/server/api-client-core/apis/files-types.generated.d.ts +636 -649
  347. package/dist/server/api-client-core/apis/files.generated.d.ts +4 -3
  348. package/dist/server/api-client-core/apis/files.generated.js +112 -113
  349. package/dist/server/api-client-core/apis/files.generated.js.map +1 -1
  350. package/dist/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.d.ts +799 -816
  351. package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.d.ts +8 -3
  352. package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js +126 -127
  353. package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js.map +1 -1
  354. package/dist/server/api-client-core/apis/marketing/marketing-emails-types.generated.d.ts +745 -769
  355. package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.d.ts +3 -3
  356. package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js +100 -103
  357. package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js.map +1 -1
  358. package/dist/server/api-client-core/apis/marketing/marketing-events-types.generated.d.ts +1504 -1546
  359. package/dist/server/api-client-core/apis/marketing/marketing-events.generated.d.ts +9 -3
  360. package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js +162 -167
  361. package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js.map +1 -1
  362. package/dist/server/api-client-core/apis/marketing/single-send-types.generated.d.ts +91 -103
  363. package/dist/server/api-client-core/apis/marketing/single-send.generated.d.ts +3 -3
  364. package/dist/server/api-client-core/apis/marketing/single-send.generated.js +3 -2
  365. package/dist/server/api-client-core/apis/marketing/single-send.generated.js.map +1 -1
  366. package/dist/server/api-client-core/apis/marketing/transactional-single-send-types.generated.d.ts +187 -200
  367. package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.d.ts +4 -3
  368. package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js +14 -15
  369. package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js.map +1 -1
  370. package/dist/server/api-client-core/apis/meta/origins-types.generated.d.ts +41 -53
  371. package/dist/server/api-client-core/apis/meta/origins.generated.d.ts +3 -3
  372. package/dist/server/api-client-core/apis/meta/origins.generated.js +4 -3
  373. package/dist/server/api-client-core/apis/meta/origins.generated.js.map +1 -1
  374. package/dist/server/api-client-core/apis/scheduler/meetings-types.generated.d.ts +850 -863
  375. package/dist/server/api-client-core/apis/scheduler/meetings.generated.d.ts +4 -3
  376. package/dist/server/api-client-core/apis/scheduler/meetings.generated.js +28 -29
  377. package/dist/server/api-client-core/apis/scheduler/meetings.generated.js.map +1 -1
  378. package/dist/server/api-client-core/apis/settings/multicurrency-types.generated.d.ts +281 -296
  379. package/dist/server/api-client-core/apis/settings/multicurrency.generated.d.ts +6 -3
  380. package/dist/server/api-client-core/apis/settings/multicurrency.generated.js +32 -33
  381. package/dist/server/api-client-core/apis/settings/multicurrency.generated.js.map +1 -1
  382. package/dist/server/api-client-core/apis/settings/tax-rates-types.generated.d.ts +71 -83
  383. package/dist/server/api-client-core/apis/settings/tax-rates.generated.d.ts +3 -3
  384. package/dist/server/api-client-core/apis/settings/tax-rates.generated.js +4 -3
  385. package/dist/server/api-client-core/apis/settings/tax-rates.generated.js.map +1 -1
  386. package/dist/server/api-client-core/apis/settings/user-provisioning-types.generated.d.ts +202 -250
  387. package/dist/server/api-client-core/apis/settings/user-provisioning.generated.d.ts +3 -3
  388. package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js +23 -26
  389. package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js.map +1 -1
  390. package/dist/server/api-client-core/apis/webhooks-journal-types.generated.d.ts +490 -526
  391. package/dist/server/api-client-core/apis/webhooks-journal.generated.d.ts +3 -3
  392. package/dist/server/api-client-core/apis/webhooks-journal.generated.js +65 -70
  393. package/dist/server/api-client-core/apis/webhooks-journal.generated.js.map +1 -1
  394. package/dist/server/api-client-core/apis/webhooks-types.generated.d.ts +816 -852
  395. package/dist/server/api-client-core/apis/webhooks.generated.d.ts +3 -3
  396. package/dist/server/api-client-core/apis/webhooks.generated.js +93 -98
  397. package/dist/server/api-client-core/apis/webhooks.generated.js.map +1 -1
  398. package/dist/server/api-client-core/binary-data.js.map +1 -1
  399. package/dist/server/api-client-core/client.js +5 -1
  400. package/dist/server/api-client-core/client.js.map +1 -1
  401. package/dist/server/api-client-core/codegen-helpers/file-op-wrappers.js.map +1 -1
  402. package/dist/server/api-client-core/errors.js.map +1 -1
  403. package/dist/server/api-client-core/op.js.map +1 -1
  404. package/dist/server/api-client-core/pagination.d.ts +2 -2
  405. package/dist/server/api-client-core/pagination.js +2 -2
  406. package/dist/server/api-client-core/pagination.js.map +1 -1
  407. package/dist/server/api-client-core/plugins/fetch-transport.js +33 -9
  408. package/dist/server/api-client-core/plugins/fetch-transport.js.map +1 -1
  409. package/dist/server/api-client-core/types.d.ts +1 -1
  410. package/dist/server/api-client.d.ts +184 -184
  411. package/dist/server/api-client.js +89 -89
  412. package/dist/server/constants.js +33 -6
  413. package/dist/server/constants.js.map +1 -1
  414. package/dist/server/deno/start.js.map +1 -1
  415. package/dist/server/hono/hono-request-handler.js +32 -23
  416. package/dist/server/hono/hono-request-handler.js.map +1 -1
  417. package/dist/server/hono/hubspot-connect-routes/auth-complete.js +155 -0
  418. package/dist/server/hono/hubspot-connect-routes/auth-complete.js.map +1 -0
  419. package/dist/server/hono/hubspot-connect-routes/auth-init-session.js +25 -12
  420. package/dist/server/hono/hubspot-connect-routes/auth-init-session.js.map +1 -1
  421. package/dist/server/hono/hubspot-connect-routes/auth-logout.js +32 -9
  422. package/dist/server/hono/hubspot-connect-routes/auth-logout.js.map +1 -1
  423. package/dist/server/hono/hubspot-connect-routes/auth-refresh.js +32 -18
  424. package/dist/server/hono/hubspot-connect-routes/auth-refresh.js.map +1 -1
  425. package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.js.map +1 -1
  426. package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js +4 -1
  427. package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js.map +1 -1
  428. package/dist/server/hono/hubspot-connect-routes/fetch-hubspot-client-metadata.js.map +1 -1
  429. package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js +4 -2
  430. package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js.map +1 -1
  431. package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js +5 -5
  432. package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js.map +1 -1
  433. package/dist/server/hono/hubspot-connect-routes/oauth-client.js.map +1 -1
  434. package/dist/server/hono/hubspot-connect-routes/utils.js +53 -6
  435. package/dist/server/hono/hubspot-connect-routes/utils.js.map +1 -1
  436. package/dist/server/hono/types.d.ts +9 -10
  437. package/dist/server/hono/utils/cookie-utils.js +2 -1
  438. package/dist/server/hono/utils/cookie-utils.js.map +1 -1
  439. package/dist/server/hono/utils/cors-middleware.js +85 -0
  440. package/dist/server/hono/utils/cors-middleware.js.map +1 -0
  441. package/dist/server/import-app-keys.js.map +1 -1
  442. package/dist/server/lovable/create-app-function-start.d.ts +1 -1
  443. package/dist/server/lovable/create-app-function-start.js +4 -6
  444. package/dist/server/lovable/create-app-function-start.js.map +1 -1
  445. package/dist/server/lovable/hubspot-connect/index.js.map +1 -1
  446. package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js +14 -15
  447. package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js.map +1 -1
  448. package/dist/server/sanitize-request.js +14 -11
  449. package/dist/server/sanitize-request.js.map +1 -1
  450. package/dist/server/secure-start-core.js +4 -5
  451. package/dist/server/secure-start-core.js.map +1 -1
  452. package/dist/server/shared/constants.js +22 -9
  453. package/dist/server/shared/constants.js.map +1 -1
  454. package/dist/server/shared/encoding/base64.js.map +1 -1
  455. package/dist/server/shared/encoding/sha256.js.map +1 -1
  456. package/dist/server/shared/logger.js.map +1 -1
  457. package/dist/server/types.d.ts +1 -35
  458. package/dist/server/utils/cookie-utils.js.map +1 -1
  459. package/dist/server/utils/dpop-utils.js.map +1 -1
  460. package/dist/server/utils/env-utils.js +60 -7
  461. package/dist/server/utils/env-utils.js.map +1 -1
  462. package/dist/server/utils/hubspot-dpop-auth-headers.js +38 -0
  463. package/dist/server/utils/hubspot-dpop-auth-headers.js.map +1 -0
  464. package/dist/server/utils/jwk-utils.js.map +1 -1
  465. package/dist/server/utils/jwt-utils.js.map +1 -1
  466. package/package.json +16 -22
  467. package/src/browser/app-connect-controller/README.md +5 -2
  468. package/src/browser/app-connect-controller/connect-start.test.ts +156 -0
  469. package/src/browser/app-connect-controller/connect-start.ts +18 -3
  470. package/src/browser/app-connect-controller/disconnect.ts +4 -7
  471. package/src/browser/app-connect-controller/init.test.ts +260 -0
  472. package/src/browser/app-connect-controller/init.ts +44 -19
  473. package/src/browser/app-connect-controller/oauth-complete.test.ts +106 -0
  474. package/src/browser/app-connect-controller/oauth-complete.ts +53 -0
  475. package/src/browser/app-connect-controller/oauth-popup.test.ts +238 -0
  476. package/src/browser/app-connect-controller/oauth-popup.ts +160 -0
  477. package/src/browser/app-connect-controller/utils/iframe-utils.ts +12 -0
  478. package/src/browser/app-connect-controller/utils/resolve-oauth-connect-mode.test.ts +35 -0
  479. package/src/browser/app-connect-controller/utils/resolve-oauth-connect-mode.ts +21 -0
  480. package/src/browser/index.ts +1 -0
  481. package/src/browser/react/components/AppConnectHeader/AppConnectHeader.tsx +3 -5
  482. package/src/browser/react/components/ConnectButton/ConnectButton.tsx +1 -1
  483. package/src/browser/react/lovable/LovableHubSpotAppConnect.tsx +12 -2
  484. package/src/browser/types.ts +21 -5
  485. package/src/server/api-client-core/__tests__/errors.test.ts +309 -0
  486. package/src/server/api-client-core/__tests__/operation-headers.test.ts +251 -0
  487. package/src/server/api-client-core/apis/account/account-info-types.generated.ts +74 -88
  488. package/src/server/api-client-core/apis/account/account-info.generated.ts +2 -4
  489. package/src/server/api-client-core/apis/account/audit-logs-types.generated.ts +346 -360
  490. package/src/server/api-client-core/apis/account/audit-logs.generated.ts +2 -4
  491. package/src/server/api-client-core/apis/auth/oauth-types.generated.ts +81 -99
  492. package/src/server/api-client-core/apis/auth/oauth.generated.ts +1 -3
  493. package/src/server/api-client-core/apis/automation/actions-types.generated.ts +1162 -1188
  494. package/src/server/api-client-core/apis/automation/actions.generated.ts +10 -12
  495. package/src/server/api-client-core/apis/automation/sequences-types.generated.ts +379 -393
  496. package/src/server/api-client-core/apis/automation/sequences.generated.ts +1 -3
  497. package/src/server/api-client-core/apis/business-units-types.generated.ts +43 -59
  498. package/src/server/api-client-core/apis/business-units.generated.ts +9 -10
  499. package/src/server/api-client-core/apis/cms/authors-types.generated.ts +3823 -3853
  500. package/src/server/api-client-core/apis/cms/authors.generated.ts +31 -37
  501. package/src/server/api-client-core/apis/cms/blog-settings-types.generated.ts +3667 -3696
  502. package/src/server/api-client-core/apis/cms/blog-settings.generated.ts +46 -51
  503. package/src/server/api-client-core/apis/cms/cms-content-audit-types.generated.ts +138 -163
  504. package/src/server/api-client-core/apis/cms/cms-content-audit.generated.ts +2 -10
  505. package/src/server/api-client-core/apis/cms/domains-types.generated.ts +153 -167
  506. package/src/server/api-client-core/apis/cms/domains.generated.ts +2 -4
  507. package/src/server/api-client-core/apis/cms/hubdb-types.generated.ts +1013 -1063
  508. package/src/server/api-client-core/apis/cms/hubdb.generated.ts +3 -5
  509. package/src/server/api-client-core/apis/cms/media-bridge-types.generated.ts +8623 -8657
  510. package/src/server/api-client-core/apis/cms/media-bridge.generated.ts +16 -22
  511. package/src/server/api-client-core/apis/cms/pages-types.generated.ts +5259 -5272
  512. package/src/server/api-client-core/apis/cms/pages.generated.ts +262 -226
  513. package/src/server/api-client-core/apis/cms/posts-types.generated.ts +4420 -4438
  514. package/src/server/api-client-core/apis/cms/posts.generated.ts +108 -106
  515. package/src/server/api-client-core/apis/cms/site-search-types.generated.ts +1867 -1881
  516. package/src/server/api-client-core/apis/cms/site-search.generated.ts +2 -4
  517. package/src/server/api-client-core/apis/cms/source-code-types.generated.ts +144 -177
  518. package/src/server/api-client-core/apis/cms/source-code.generated.ts +15 -23
  519. package/src/server/api-client-core/apis/cms/tags-types.generated.ts +3820 -3845
  520. package/src/server/api-client-core/apis/cms/tags.generated.ts +80 -82
  521. package/src/server/api-client-core/apis/cms/url-mappings-types.generated.ts +188 -202
  522. package/src/server/api-client-core/apis/cms/url-mappings.generated.ts +2 -4
  523. package/src/server/api-client-core/apis/cms/url-redirects-types.generated.ts +182 -196
  524. package/src/server/api-client-core/apis/cms/url-redirects.generated.ts +2 -4
  525. package/src/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.ts +810 -828
  526. package/src/server/api-client-core/apis/communication-preferences/subscriptions.generated.ts +66 -63
  527. package/src/server/api-client-core/apis/conversations/custom-channels-types.generated.ts +564 -601
  528. package/src/server/api-client-core/apis/conversations/custom-channels.generated.ts +90 -86
  529. package/src/server/api-client-core/apis/conversations/visitor-identification-types.generated.ts +31 -44
  530. package/src/server/api-client-core/apis/conversations/visitor-identification.generated.ts +6 -8
  531. package/src/server/api-client-core/apis/conversations-types.generated.ts +955 -991
  532. package/src/server/api-client-core/apis/conversations.generated.ts +6 -5
  533. package/src/server/api-client-core/apis/crm/app-uninstalls-types.generated.ts +7 -19
  534. package/src/server/api-client-core/apis/crm/app-uninstalls.generated.ts +2 -4
  535. package/src/server/api-client-core/apis/crm/appointments-types.generated.ts +965 -969
  536. package/src/server/api-client-core/apis/crm/appointments.generated.ts +143 -137
  537. package/src/server/api-client-core/apis/crm/associations-schema-types.generated.ts +292 -322
  538. package/src/server/api-client-core/apis/crm/associations-schema.generated.ts +17 -19
  539. package/src/server/api-client-core/apis/crm/associations-types.generated.ts +657 -675
  540. package/src/server/api-client-core/apis/crm/associations.generated.ts +70 -70
  541. package/src/server/api-client-core/apis/crm/calling-extensions-types.generated.ts +417 -441
  542. package/src/server/api-client-core/apis/crm/calling-extensions.generated.ts +62 -69
  543. package/src/server/api-client-core/apis/crm/calls-types.generated.ts +839 -856
  544. package/src/server/api-client-core/apis/crm/calls.generated.ts +42 -44
  545. package/src/server/api-client-core/apis/crm/carts-types.generated.ts +839 -856
  546. package/src/server/api-client-core/apis/crm/carts.generated.ts +42 -44
  547. package/src/server/api-client-core/apis/crm/commerce-payments-types.generated.ts +847 -856
  548. package/src/server/api-client-core/apis/crm/commerce-payments.generated.ts +73 -73
  549. package/src/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.ts +844 -853
  550. package/src/server/api-client-core/apis/crm/commerce-subscriptions.generated.ts +50 -51
  551. package/src/server/api-client-core/apis/crm/communications-types.generated.ts +846 -856
  552. package/src/server/api-client-core/apis/crm/communications.generated.ts +73 -73
  553. package/src/server/api-client-core/apis/crm/companies-types.generated.ts +859 -885
  554. package/src/server/api-client-core/apis/crm/companies.generated.ts +44 -50
  555. package/src/server/api-client-core/apis/crm/contacts-types.generated.ts +875 -907
  556. package/src/server/api-client-core/apis/crm/contacts.generated.ts +46 -52
  557. package/src/server/api-client-core/apis/crm/contracts-types.generated.ts +894 -862
  558. package/src/server/api-client-core/apis/crm/contracts.generated.ts +66 -56
  559. package/src/server/api-client-core/apis/crm/courses-types.generated.ts +842 -859
  560. package/src/server/api-client-core/apis/crm/courses.generated.ts +42 -44
  561. package/src/server/api-client-core/apis/crm/crm-owners-types.generated.ts +102 -115
  562. package/src/server/api-client-core/apis/crm/crm-owners.generated.ts +2 -4
  563. package/src/server/api-client-core/apis/crm/custom-objects-types.generated.ts +900 -915
  564. package/src/server/api-client-core/apis/crm/custom-objects.generated.ts +128 -126
  565. package/src/server/api-client-core/apis/crm/deal-splits-types.generated.ts +157 -170
  566. package/src/server/api-client-core/apis/crm/deal-splits.generated.ts +2 -4
  567. package/src/server/api-client-core/apis/crm/deals-types.generated.ts +858 -875
  568. package/src/server/api-client-core/apis/crm/deals.generated.ts +42 -44
  569. package/src/server/api-client-core/apis/crm/discounts-types.generated.ts +842 -855
  570. package/src/server/api-client-core/apis/crm/discounts.generated.ts +42 -44
  571. package/src/server/api-client-core/apis/crm/emails-types.generated.ts +839 -856
  572. package/src/server/api-client-core/apis/crm/emails.generated.ts +42 -44
  573. package/src/server/api-client-core/apis/crm/exports-types.generated.ts +284 -314
  574. package/src/server/api-client-core/apis/crm/exports.generated.ts +6 -11
  575. package/src/server/api-client-core/apis/crm/feedback-submissions-types.generated.ts +607 -622
  576. package/src/server/api-client-core/apis/crm/feedback-submissions.generated.ts +84 -80
  577. package/src/server/api-client-core/apis/crm/fees-types.generated.ts +839 -856
  578. package/src/server/api-client-core/apis/crm/fees.generated.ts +42 -44
  579. package/src/server/api-client-core/apis/crm/goal-targets-types.generated.ts +845 -856
  580. package/src/server/api-client-core/apis/crm/goal-targets.generated.ts +50 -51
  581. package/src/server/api-client-core/apis/crm/imports-types.generated.ts +663 -692
  582. package/src/server/api-client-core/apis/crm/imports.generated.ts +2 -7
  583. package/src/server/api-client-core/apis/crm/invoices-types.generated.ts +839 -856
  584. package/src/server/api-client-core/apis/crm/invoices.generated.ts +42 -44
  585. package/src/server/api-client-core/apis/crm/leads-types.generated.ts +839 -856
  586. package/src/server/api-client-core/apis/crm/leads.generated.ts +42 -44
  587. package/src/server/api-client-core/apis/crm/limits-tracking-types.generated.ts +263 -275
  588. package/src/server/api-client-core/apis/crm/limits-tracking.generated.ts +2 -4
  589. package/src/server/api-client-core/apis/crm/line-items-types.generated.ts +843 -856
  590. package/src/server/api-client-core/apis/crm/line-items.generated.ts +42 -44
  591. package/src/server/api-client-core/apis/crm/listings-types.generated.ts +842 -859
  592. package/src/server/api-client-core/apis/crm/listings.generated.ts +42 -44
  593. package/src/server/api-client-core/apis/crm/lists-types.generated.ts +2794 -2845
  594. package/src/server/api-client-core/apis/crm/lists.generated.ts +8 -20
  595. package/src/server/api-client-core/apis/crm/meetings-types.generated.ts +839 -856
  596. package/src/server/api-client-core/apis/crm/meetings.generated.ts +42 -44
  597. package/src/server/api-client-core/apis/crm/notes-types.generated.ts +839 -856
  598. package/src/server/api-client-core/apis/crm/notes.generated.ts +42 -44
  599. package/src/server/api-client-core/apis/crm/object-library-types.generated.ts +26 -39
  600. package/src/server/api-client-core/apis/crm/object-library.generated.ts +2 -4
  601. package/src/server/api-client-core/apis/crm/objects-types.generated.ts +688 -716
  602. package/src/server/api-client-core/apis/crm/objects.generated.ts +79 -83
  603. package/src/server/api-client-core/apis/crm/orders-types.generated.ts +829 -846
  604. package/src/server/api-client-core/apis/crm/orders.generated.ts +45 -47
  605. package/src/server/api-client-core/apis/crm/partner-clients-types.generated.ts +721 -735
  606. package/src/server/api-client-core/apis/crm/partner-clients.generated.ts +60 -60
  607. package/src/server/api-client-core/apis/crm/partner-services-types.generated.ts +720 -734
  608. package/src/server/api-client-core/apis/crm/partner-services.generated.ts +60 -60
  609. package/src/server/api-client-core/apis/crm/pipelines-types.generated.ts +366 -388
  610. package/src/server/api-client-core/apis/crm/pipelines.generated.ts +2 -4
  611. package/src/server/api-client-core/apis/crm/postal-mail-types.generated.ts +830 -843
  612. package/src/server/api-client-core/apis/crm/postal-mail.generated.ts +45 -47
  613. package/src/server/api-client-core/apis/crm/products-types.generated.ts +829 -846
  614. package/src/server/api-client-core/apis/crm/products.generated.ts +45 -47
  615. package/src/server/api-client-core/apis/crm/projects-types.generated.ts +845 -875
  616. package/src/server/api-client-core/apis/crm/projects.generated.ts +47 -53
  617. package/src/server/api-client-core/apis/crm/properties-types.generated.ts +623 -626
  618. package/src/server/api-client-core/apis/crm/properties.generated.ts +33 -28
  619. package/src/server/api-client-core/apis/crm/property-validations-types.generated.ts +160 -174
  620. package/src/server/api-client-core/apis/crm/property-validations.generated.ts +2 -6
  621. package/src/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.ts +467 -494
  622. package/src/server/api-client-core/apis/crm/public-app-crm-cards.generated.ts +7 -15
  623. package/src/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.ts +166 -177
  624. package/src/server/api-client-core/apis/crm/public-app-feature-flags.generated.ts +6 -8
  625. package/src/server/api-client-core/apis/crm/quotes-types.generated.ts +829 -846
  626. package/src/server/api-client-core/apis/crm/quotes.generated.ts +45 -47
  627. package/src/server/api-client-core/apis/crm/schemas-types.generated.ts +613 -640
  628. package/src/server/api-client-core/apis/crm/schemas.generated.ts +8 -14
  629. package/src/server/api-client-core/apis/crm/services-types.generated.ts +832 -849
  630. package/src/server/api-client-core/apis/crm/services.generated.ts +45 -47
  631. package/src/server/api-client-core/apis/crm/tasks-types.generated.ts +829 -846
  632. package/src/server/api-client-core/apis/crm/tasks.generated.ts +45 -47
  633. package/src/server/api-client-core/apis/crm/taxes-types.generated.ts +829 -846
  634. package/src/server/api-client-core/apis/crm/taxes.generated.ts +45 -47
  635. package/src/server/api-client-core/apis/crm/tickets-types.generated.ts +848 -878
  636. package/src/server/api-client-core/apis/crm/tickets.generated.ts +47 -53
  637. package/src/server/api-client-core/apis/crm/timeline-types.generated.ts +144 -161
  638. package/src/server/api-client-core/apis/crm/timeline.generated.ts +6 -8
  639. package/src/server/api-client-core/apis/crm/transcriptions-types.generated.ts +149 -164
  640. package/src/server/api-client-core/apis/crm/transcriptions.generated.ts +22 -22
  641. package/src/server/api-client-core/apis/crm/users-types.generated.ts +829 -846
  642. package/src/server/api-client-core/apis/crm/users.generated.ts +45 -47
  643. package/src/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.ts +29 -42
  644. package/src/server/api-client-core/apis/crm/video-conferencing-extension.generated.ts +17 -19
  645. package/src/server/api-client-core/apis/events/manage-event-definitions-types.generated.ts +1509 -1558
  646. package/src/server/api-client-core/apis/events/manage-event-definitions.generated.ts +55 -65
  647. package/src/server/api-client-core/apis/events/send-event-completions-types.generated.ts +51 -68
  648. package/src/server/api-client-core/apis/events/send-event-completions.generated.ts +10 -10
  649. package/src/server/api-client-core/apis/events-types.generated.ts +97 -110
  650. package/src/server/api-client-core/apis/events.generated.ts +2 -4
  651. package/src/server/api-client-core/apis/files-types.generated.ts +727 -757
  652. package/src/server/api-client-core/apis/files.generated.ts +3 -5
  653. package/src/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.ts +1221 -1234
  654. package/src/server/api-client-core/apis/marketing/campaigns-public-api.generated.ts +45 -47
  655. package/src/server/api-client-core/apis/marketing/marketing-emails-types.generated.ts +3704 -3733
  656. package/src/server/api-client-core/apis/marketing/marketing-emails.generated.ts +44 -52
  657. package/src/server/api-client-core/apis/marketing/marketing-events-types.generated.ts +1787 -1848
  658. package/src/server/api-client-core/apis/marketing/marketing-events.generated.ts +236 -241
  659. package/src/server/api-client-core/apis/marketing/single-send-types.generated.ts +142 -155
  660. package/src/server/api-client-core/apis/marketing/single-send.generated.ts +2 -6
  661. package/src/server/api-client-core/apis/marketing/transactional-single-send-types.generated.ts +253 -269
  662. package/src/server/api-client-core/apis/marketing/transactional-single-send.generated.ts +32 -31
  663. package/src/server/api-client-core/apis/meta/origins-types.generated.ts +40 -56
  664. package/src/server/api-client-core/apis/meta/origins.generated.ts +2 -4
  665. package/src/server/api-client-core/apis/scheduler/meetings-types.generated.ts +1001 -1014
  666. package/src/server/api-client-core/apis/scheduler/meetings.generated.ts +6 -8
  667. package/src/server/api-client-core/apis/settings/multicurrency-types.generated.ts +1906 -1912
  668. package/src/server/api-client-core/apis/settings/multicurrency.generated.ts +64 -63
  669. package/src/server/api-client-core/apis/settings/tax-rates-types.generated.ts +71 -85
  670. package/src/server/api-client-core/apis/settings/tax-rates.generated.ts +2 -4
  671. package/src/server/api-client-core/apis/settings/user-provisioning-types.generated.ts +207 -257
  672. package/src/server/api-client-core/apis/settings/user-provisioning.generated.ts +8 -24
  673. package/src/server/api-client-core/apis/webhooks-journal-types.generated.ts +740 -771
  674. package/src/server/api-client-core/apis/webhooks-journal.generated.ts +47 -59
  675. package/src/server/api-client-core/apis/webhooks-types.generated.ts +1194 -1228
  676. package/src/server/api-client-core/apis/webhooks.generated.ts +52 -64
  677. package/src/server/api-client-core/client.ts +5 -1
  678. package/src/server/api-client-core/pagination.ts +2 -2
  679. package/src/server/api-client-core/plugins/fetch-transport.ts +70 -12
  680. package/src/server/api-client-core/types.ts +1 -1
  681. package/src/server/constants.ts +29 -4
  682. package/src/server/hono/hono-request-handler.ts +68 -27
  683. package/src/server/hono/hubspot-connect-routes/auth-complete.test.ts +285 -0
  684. package/src/server/hono/hubspot-connect-routes/{auth-callback.ts → auth-complete.ts} +74 -30
  685. package/src/server/hono/hubspot-connect-routes/auth-init-session.test.ts +114 -30
  686. package/src/server/hono/hubspot-connect-routes/auth-init-session.ts +35 -10
  687. package/src/server/hono/hubspot-connect-routes/auth-logout.test.ts +13 -0
  688. package/src/server/hono/hubspot-connect-routes/auth-logout.ts +39 -10
  689. package/src/server/hono/hubspot-connect-routes/auth-refresh.test.ts +6 -0
  690. package/src/server/hono/hubspot-connect-routes/auth-refresh.ts +24 -9
  691. package/src/server/hono/hubspot-connect-routes/cimd-public-routes.test.ts +7 -6
  692. package/src/server/hono/hubspot-connect-routes/cimd-public-routes.ts +5 -1
  693. package/src/server/hono/hubspot-connect-routes/hubspot-connect-routes.ts +11 -3
  694. package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.test.ts +17 -24
  695. package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.ts +8 -8
  696. package/src/server/hono/hubspot-connect-routes/utils.test.ts +16 -46
  697. package/src/server/hono/hubspot-connect-routes/utils.ts +61 -5
  698. package/src/server/hono/types.ts +11 -10
  699. package/src/server/hono/utils/cookie-utils.ts +27 -2
  700. package/src/server/hono/utils/cors-middleware.test.ts +80 -0
  701. package/src/server/hono/utils/cors-middleware.ts +95 -0
  702. package/src/server/lovable/create-app-function-start.ts +4 -7
  703. package/src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts +21 -16
  704. package/src/server/sanitize-request.ts +15 -12
  705. package/src/server/secure-start-core.ts +7 -6
  706. package/src/server/types.ts +2 -38
  707. package/src/server/utils/env-utils.test.ts +140 -12
  708. package/src/server/utils/env-utils.ts +80 -6
  709. package/src/server/utils/hubspot-dpop-auth-headers.test.ts +43 -0
  710. package/src/server/utils/hubspot-dpop-auth-headers.ts +48 -0
  711. package/src/shared/constants.ts +40 -3
  712. package/src/shared/wire-types.ts +19 -0
  713. package/dist/browser/HubSpotAppConnect-BW45gyDs.js.map +0 -1
  714. package/dist/browser/create-vctOhpX9.js.map +0 -1
  715. package/dist/server/hono/hubspot-connect-routes/auth-callback.js +0 -125
  716. package/dist/server/hono/hubspot-connect-routes/auth-callback.js.map +0 -1
  717. package/dist/server/proxy.js +0 -68
  718. package/dist/server/proxy.js.map +0 -1
  719. package/src/server/hono/hubspot-connect-routes/auth-callback.test.ts +0 -225
  720. package/src/server/proxy.test.ts +0 -80
  721. package/src/server/proxy.ts +0 -116
@@ -1 +1 @@
1
- {"version":3,"file":"logger.js","names":[],"sources":["../../../src/shared/logger.ts"],"sourcesContent":["/**\n * Pluggable logger contract used by the SDK on both the browser and\n * server. Consumers can pass `console`-like loggers, structured\n * loggers (pino / winston / etc.) or no-op stubs in tests.\n */\nexport interface Logger {\n debug: (message: string, ...args: unknown[]) => void;\n info: (message: string, ...args: unknown[]) => void;\n warn: (message: string, ...args: unknown[]) => void;\n error: (message: string, ...args: unknown[]) => void;\n}\n\nfunction formatPrefix(name: string): string {\n return `[${name}]`;\n}\n\n/**\n * Creates a console-backed logger that prefixes every line with the\n * supplied `name`. Used as the default when no custom logger is\n * provided.\n */\nexport function createLogger(name: string): Logger {\n const prefix = formatPrefix(name);\n return {\n debug: (message, ...args) => {\n console.debug(prefix, message, ...args);\n },\n info: (message, ...args) => {\n console.info(prefix, message, ...args);\n },\n warn: (message, ...args) => {\n console.warn(prefix, message, ...args);\n },\n error: (message, ...args) => {\n console.error(prefix, message, ...args);\n },\n };\n}\n\n/**\n * Logger that swallows every message. Convenient for tests and for\n * the SDK's server-side handlers when no logger is provided by the\n * host application.\n */\nexport const noopLogger: Logger = {\n debug: () => {},\n info: () => {},\n warn: () => {},\n error: () => {},\n};\n"],"mappings":";;;;;;AA4CA,MAAa,aAAqB;CAChC,aAAa;CACb,YAAY;CACZ,YAAY;CACZ,aAAa;CACd"}
1
+ {"version":3,"file":"logger.js","names":[],"sources":["../../../src/shared/logger.ts"],"sourcesContent":["/**\n * Pluggable logger contract used by the SDK on both the browser and\n * server. Consumers can pass `console`-like loggers, structured\n * loggers (pino / winston / etc.) or no-op stubs in tests.\n */\nexport interface Logger {\n debug: (message: string, ...args: unknown[]) => void;\n info: (message: string, ...args: unknown[]) => void;\n warn: (message: string, ...args: unknown[]) => void;\n error: (message: string, ...args: unknown[]) => void;\n}\n\nfunction formatPrefix(name: string): string {\n return `[${name}]`;\n}\n\n/**\n * Creates a console-backed logger that prefixes every line with the\n * supplied `name`. Used as the default when no custom logger is\n * provided.\n */\nexport function createLogger(name: string): Logger {\n const prefix = formatPrefix(name);\n return {\n debug: (message, ...args) => {\n console.debug(prefix, message, ...args);\n },\n info: (message, ...args) => {\n console.info(prefix, message, ...args);\n },\n warn: (message, ...args) => {\n console.warn(prefix, message, ...args);\n },\n error: (message, ...args) => {\n console.error(prefix, message, ...args);\n },\n };\n}\n\n/**\n * Logger that swallows every message. Convenient for tests and for\n * the SDK's server-side handlers when no logger is provided by the\n * host application.\n */\nexport const noopLogger: Logger = {\n debug: () => {},\n info: () => {},\n warn: () => {},\n error: () => {},\n};\n"],"mappings":";;;;;;AA4CA,MAAa,aAAqB;CAChC,aAAa,CAAC;CACd,YAAY,CAAC;CACb,YAAY,CAAC;CACb,aAAa,CAAC;AAChB"}
@@ -10,40 +10,6 @@ interface AppKeys {
10
10
  /** Public key in JWK form. Used to derive the JWK thumbprint and `cnf`. */
11
11
  appPublicKeyJwk: JsonWebKey;
12
12
  }
13
- /**
14
- * Request shape accepted by `HubSpotProxy.fetch`. Only the `path`
15
- * is required; everything else mirrors the equivalent fetch fields.
16
- */
17
- interface HubSpotProxyRequest {
18
- /** Path component of the upstream URL, including leading slash. */
19
- path: string;
20
- /** HTTP method. Defaults to `GET`. */
21
- method?: string;
22
- /**
23
- * Extra request headers. The proxy adds `Authorization` itself
24
- * (`DPoP` access token plus `DPoP` proof when `HUBSPOT_DPOP_ENABLED` is
25
- * not `"false"` and `appKeys` is non-null; otherwise `Bearer` only).
26
- */
27
- headers?: Record<string, string>;
28
- /** Optional request body. Pass `null`/`undefined` for empty bodies. */
29
- body?: string | null | undefined;
30
- }
31
- /**
32
- * Authenticated proxy returned by `createHubSpotProxy`. Use it
33
- * inside Hono handlers (via `c.env.hubSpotProxy`) to call
34
- * HubSpot's API on behalf of the browser session that issued the
35
- * incoming request.
36
- */
37
- interface HubSpotProxy {
38
- /**
39
- * `true` when the session cookies present on the inbound request
40
- * yielded a usable access token. When `false`, every `fetch()` call
41
- * returns a 401 without contacting the upstream.
42
- */
43
- authenticated: boolean;
44
- /** Performs an authenticated upstream request. */
45
- fetch: (request: HubSpotProxyRequest) => Promise<Response>;
46
- }
47
13
  /**
48
14
  * RFC 7517 JWK Set. Returned by HubSpot's `/oauth/v1/jwks` endpoint
49
15
  * and used to verify access tokens on the resource server.
@@ -52,5 +18,5 @@ interface JwkSet {
52
18
  keys: JsonWebKey[];
53
19
  }
54
20
  //#endregion
55
- export { AppKeys, HubSpotProxy, JwkSet };
21
+ export { AppKeys, JwkSet };
56
22
  //# sourceMappingURL=types.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"cookie-utils.js","names":[],"sources":["../../../src/server/utils/cookie-utils.ts"],"sourcesContent":["/**\n * Parses an HTTP `Cookie` request header into a `name -> value` map.\n * Tolerates leading/trailing whitespace, missing `=` (treats the\n * cookie value as empty), and duplicate names (last write wins).\n *\n * Returns an empty object when `cookieHeader` is `null`/`undefined`\n * /empty so callers don't have to null-check the input.\n */\nexport function parseCookies(\n cookieHeader: string | null | undefined\n): Record<string, string> {\n if (!cookieHeader) return {};\n return Object.fromEntries(\n cookieHeader\n .split(';')\n .map((pair) => {\n const eqIdx = pair.indexOf('=');\n if (eqIdx === -1) return [pair.trim(), ''] as [string, string];\n return [pair.slice(0, eqIdx).trim(), pair.slice(eqIdx + 1).trim()] as [\n string,\n string,\n ];\n })\n .filter(([name]) => name.length > 0)\n );\n}\n"],"mappings":";;;;;;;;;AAQA,SAAgB,aACd,cACwB;CACxB,IAAI,CAAC,cAAc,OAAO,EAAE;CAC5B,OAAO,OAAO,YACZ,aACG,MAAM,IAAI,CACV,KAAK,SAAS;EACb,MAAM,QAAQ,KAAK,QAAQ,IAAI;EAC/B,IAAI,UAAU,IAAI,OAAO,CAAC,KAAK,MAAM,EAAE,GAAG;EAC1C,OAAO,CAAC,KAAK,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,MAAM,QAAQ,EAAE,CAAC,MAAM,CAAC;GAIlE,CACD,QAAQ,CAAC,UAAU,KAAK,SAAS,EAAE,CACvC"}
1
+ {"version":3,"file":"cookie-utils.js","names":[],"sources":["../../../src/server/utils/cookie-utils.ts"],"sourcesContent":["/**\n * Parses an HTTP `Cookie` request header into a `name -> value` map.\n * Tolerates leading/trailing whitespace, missing `=` (treats the\n * cookie value as empty), and duplicate names (last write wins).\n *\n * Returns an empty object when `cookieHeader` is `null`/`undefined`\n * /empty so callers don't have to null-check the input.\n */\nexport function parseCookies(\n cookieHeader: string | null | undefined\n): Record<string, string> {\n if (!cookieHeader) return {};\n return Object.fromEntries(\n cookieHeader\n .split(';')\n .map((pair) => {\n const eqIdx = pair.indexOf('=');\n if (eqIdx === -1) return [pair.trim(), ''] as [string, string];\n return [pair.slice(0, eqIdx).trim(), pair.slice(eqIdx + 1).trim()] as [\n string,\n string,\n ];\n })\n .filter(([name]) => name.length > 0)\n );\n}\n"],"mappings":";;;;;;;;;AAQA,SAAgB,aACd,cACwB;CACxB,IAAI,CAAC,cAAc,OAAO,CAAC;CAC3B,OAAO,OAAO,YACZ,aACG,MAAM,GAAG,EACT,KAAK,SAAS;EACb,MAAM,QAAQ,KAAK,QAAQ,GAAG;EAC9B,IAAI,UAAU,IAAI,OAAO,CAAC,KAAK,KAAK,GAAG,EAAE;EACzC,OAAO,CAAC,KAAK,MAAM,GAAG,KAAK,EAAE,KAAK,GAAG,KAAK,MAAM,QAAQ,CAAC,EAAE,KAAK,CAAC;CAInE,CAAC,EACA,QAAQ,CAAC,UAAU,KAAK,SAAS,CAAC,CACvC;AACF"}
@@ -1 +1 @@
1
- {"version":3,"file":"dpop-utils.js","names":[],"sources":["../../../src/server/utils/dpop-utils.ts"],"sourcesContent":["import { type AppKeys } from '../types.ts';\nimport { base64urlDecode } from './base64-utils.ts';\nimport { getJwkThumbprint } from './jwk-utils.ts';\nimport { decodeAndVerifyJwt, encodeAndSignJwt } from './jwt-utils.ts';\n\n/**\n * Claims that go into a DPoP proof JWT (RFC 9449 §4.2). Extra\n * properties pass through to the encoder unchanged so callers can\n * include implementation-specific claims.\n */\nexport interface DpopClaims {\n /** HTTP method of the protected request, uppercase. */\n htm: string;\n /** Target URI of the protected request, fully-qualified. */\n htu: string;\n /** Unique proof identifier (RFC 9449 §4.2, recommended UUID). */\n jti: string;\n /** Issuance time, Unix epoch seconds. */\n iat: number;\n /**\n * Hash of the access token presented alongside this proof, if any\n * (RFC 9449 §4.2). Required for resource-server DPoP.\n */\n ath?: string;\n /**\n * App session ID hash. Custom HubSpot extension that lets the auth\n * server bind tokens to the browser session that minted them.\n */\n sid?: string;\n [key: string]: unknown;\n}\n\nfunction ecPublicJwkForDpopHeader(jwk: JsonWebKey): JsonWebKey {\n if (\n jwk.kty !== 'EC' ||\n jwk.crv !== 'P-256' ||\n typeof jwk.x !== 'string' ||\n typeof jwk.y !== 'string'\n ) {\n throw new Error('Expected P-256 EC public JWK');\n }\n return {\n kty: 'EC',\n crv: 'P-256',\n x: jwk.x,\n y: jwk.y,\n };\n}\n\nexport interface SignDpopProofOptions {\n /** App key material produced by `secureStart`. */\n appKeys: AppKeys;\n /** Claims to include in the DPoP proof. */\n claims: DpopClaims;\n}\n\n/**\n * Mints a DPoP proof JWT (RFC 9449) signed with the app's private\n * key. The header is set to `typ=dpop+jwt`, `alg=ES256`, and embeds\n * the public JWK so the receiver can verify the signature without\n * out-of-band key distribution.\n */\nexport async function signDpopProof(\n options: SignDpopProofOptions\n): Promise<string> {\n const { appKeys, claims } = options;\n const publicJwk = ecPublicJwkForDpopHeader(appKeys.appPublicKeyJwk);\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk },\n payload: claims,\n privateKey: appKeys.appPrivateKey,\n });\n}\n\n/**\n * Result of a successful {@link verifyDpopProof} call.\n */\nexport interface VerifiedDpopProof {\n /** Public JWK extracted from the proof's header. */\n publicKeyJwk: JsonWebKey;\n /** RFC 7638 JWK thumbprint of `publicKeyJwk`. */\n jkt: string;\n /** Decoded claims from the proof's payload. */\n claims: DpopClaims;\n}\n\nexport interface VerifyDpopProofOptions {\n /** The compact-serialized DPoP proof. */\n proof: string;\n /** Expected HTTP method (RFC 9449 `htm` claim). */\n htm: string;\n /** Expected request URI (RFC 9449 `htu` claim). */\n htu: string;\n /** Expected access-token hash (RFC 9449 `ath` claim). */\n ath?: string;\n /** Expected app-session-ID hash (`sid` claim). */\n sid?: string;\n}\n\ninterface DpopProofHeader {\n typ?: string;\n alg?: string;\n jwk?: JsonWebKey;\n}\n\n/**\n * Verifies a DPoP proof JWT and returns the embedded public JWK,\n * its thumbprint, and the decoded claims.\n *\n * Enforces RFC 9449's required checks:\n *\n * - `typ=dpop+jwt`, `alg=ES256`, and a JWK in the header.\n * - Signature is valid against the embedded JWK.\n * - `htm`, `htu`, and (when supplied) `ath`/`sid` match.\n * - `iat` is within ±5 minutes of \"now\".\n *\n * @throws {Error} If any of the above checks fail.\n */\nexport async function verifyDpopProof(\n options: VerifyDpopProofOptions\n): Promise<VerifiedDpopProof> {\n const { proof, htm, htu, ath, sid } = options;\n const parts = proof.split('.');\n if (parts.length !== 3) throw new Error('Invalid DPoP proof format');\n\n const encodedHeader = parts[0];\n if (!encodedHeader) throw new Error('Missing DPoP header');\n\n const header = JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedHeader))\n ) as DpopProofHeader;\n\n if (header.typ !== 'dpop+jwt') throw new Error('Invalid DPoP typ header');\n if (header.alg !== 'ES256') throw new Error('Unsupported DPoP algorithm');\n const publicKeyJwk = header.jwk;\n if (!publicKeyJwk) throw new Error('Missing jwk in DPoP header');\n\n const payload = await decodeAndVerifyJwt({ token: proof, publicKeyJwk });\n const claims = payload as unknown as DpopClaims;\n\n if (claims.htm !== htm) {\n throw new Error(`DPoP htm mismatch: expected ${htm}, got ${claims.htm}`);\n }\n if (claims.htu !== htu) {\n throw new Error(`DPoP htu mismatch: expected ${htu}, got ${claims.htu}`);\n }\n if (ath !== undefined && claims.ath !== ath) {\n throw new Error('DPoP ath mismatch');\n }\n if (sid !== undefined && claims.sid !== sid) {\n throw new Error('DPoP sid mismatch');\n }\n\n const now = Math.floor(Date.now() / 1000);\n if (Math.abs(now - claims.iat) > 300) {\n throw new Error('DPoP proof expired or too far in future');\n }\n\n const jkt = await getJwkThumbprint({ publicKeyJwk });\n return { publicKeyJwk, jkt, claims };\n}\n"],"mappings":";;;;AAgCA,SAAS,yBAAyB,KAA6B;CAC7D,IACE,IAAI,QAAQ,QACZ,IAAI,QAAQ,WACZ,OAAO,IAAI,MAAM,YACjB,OAAO,IAAI,MAAM,UAEjB,MAAM,IAAI,MAAM,+BAA+B;CAEjD,OAAO;EACL,KAAK;EACL,KAAK;EACL,GAAG,IAAI;EACP,GAAG,IAAI;EACR;;;;;;;;AAgBH,eAAsB,cACpB,SACiB;CACjB,MAAM,EAAE,SAAS,WAAW;CAE5B,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;GAAY,KAFzB,yBAAyB,QAAQ,gBAEM;GAAE;EACzD,SAAS;EACT,YAAY,QAAQ;EACrB,CAAC;;;;;;;;;;;;;;;AA+CJ,eAAsB,gBACpB,SAC4B;CAC5B,MAAM,EAAE,OAAO,KAAK,KAAK,KAAK,QAAQ;CACtC,MAAM,QAAQ,MAAM,MAAM,IAAI;CAC9B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,4BAA4B;CAEpE,MAAM,gBAAgB,MAAM;CAC5B,IAAI,CAAC,eAAe,MAAM,IAAI,MAAM,sBAAsB;CAE1D,MAAM,SAAS,KAAK,MAClB,IAAI,aAAa,CAAC,OAAO,gBAAgB,cAAc,CAAC,CACzD;CAED,IAAI,OAAO,QAAQ,YAAY,MAAM,IAAI,MAAM,0BAA0B;CACzE,IAAI,OAAO,QAAQ,SAAS,MAAM,IAAI,MAAM,6BAA6B;CACzE,MAAM,eAAe,OAAO;CAC5B,IAAI,CAAC,cAAc,MAAM,IAAI,MAAM,6BAA6B;CAGhE,MAAM,SAAS,MADO,mBAAmB;EAAE,OAAO;EAAO;EAAc,CAAC;CAGxE,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,MAAM;CAE1E,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,MAAM;CAE1E,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,oBAAoB;CAEtC,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,oBAAoB;CAGtC,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CACzC,IAAI,KAAK,IAAI,MAAM,OAAO,IAAI,GAAG,KAC/B,MAAM,IAAI,MAAM,0CAA0C;CAI5D,OAAO;EAAE;EAAc,KAAA,MADL,iBAAiB,EAAE,cAAc,CAAC;EACxB;EAAQ"}
1
+ {"version":3,"file":"dpop-utils.js","names":[],"sources":["../../../src/server/utils/dpop-utils.ts"],"sourcesContent":["import { type AppKeys } from '../types.ts';\nimport { base64urlDecode } from './base64-utils.ts';\nimport { getJwkThumbprint } from './jwk-utils.ts';\nimport { decodeAndVerifyJwt, encodeAndSignJwt } from './jwt-utils.ts';\n\n/**\n * Claims that go into a DPoP proof JWT (RFC 9449 §4.2). Extra\n * properties pass through to the encoder unchanged so callers can\n * include implementation-specific claims.\n */\nexport interface DpopClaims {\n /** HTTP method of the protected request, uppercase. */\n htm: string;\n /** Target URI of the protected request, fully-qualified. */\n htu: string;\n /** Unique proof identifier (RFC 9449 §4.2, recommended UUID). */\n jti: string;\n /** Issuance time, Unix epoch seconds. */\n iat: number;\n /**\n * Hash of the access token presented alongside this proof, if any\n * (RFC 9449 §4.2). Required for resource-server DPoP.\n */\n ath?: string;\n /**\n * App session ID hash. Custom HubSpot extension that lets the auth\n * server bind tokens to the browser session that minted them.\n */\n sid?: string;\n [key: string]: unknown;\n}\n\nfunction ecPublicJwkForDpopHeader(jwk: JsonWebKey): JsonWebKey {\n if (\n jwk.kty !== 'EC' ||\n jwk.crv !== 'P-256' ||\n typeof jwk.x !== 'string' ||\n typeof jwk.y !== 'string'\n ) {\n throw new Error('Expected P-256 EC public JWK');\n }\n return {\n kty: 'EC',\n crv: 'P-256',\n x: jwk.x,\n y: jwk.y,\n };\n}\n\nexport interface SignDpopProofOptions {\n /** App key material produced by `secureStart`. */\n appKeys: AppKeys;\n /** Claims to include in the DPoP proof. */\n claims: DpopClaims;\n}\n\n/**\n * Mints a DPoP proof JWT (RFC 9449) signed with the app's private\n * key. The header is set to `typ=dpop+jwt`, `alg=ES256`, and embeds\n * the public JWK so the receiver can verify the signature without\n * out-of-band key distribution.\n */\nexport async function signDpopProof(\n options: SignDpopProofOptions\n): Promise<string> {\n const { appKeys, claims } = options;\n const publicJwk = ecPublicJwkForDpopHeader(appKeys.appPublicKeyJwk);\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk },\n payload: claims,\n privateKey: appKeys.appPrivateKey,\n });\n}\n\n/**\n * Result of a successful {@link verifyDpopProof} call.\n */\nexport interface VerifiedDpopProof {\n /** Public JWK extracted from the proof's header. */\n publicKeyJwk: JsonWebKey;\n /** RFC 7638 JWK thumbprint of `publicKeyJwk`. */\n jkt: string;\n /** Decoded claims from the proof's payload. */\n claims: DpopClaims;\n}\n\nexport interface VerifyDpopProofOptions {\n /** The compact-serialized DPoP proof. */\n proof: string;\n /** Expected HTTP method (RFC 9449 `htm` claim). */\n htm: string;\n /** Expected request URI (RFC 9449 `htu` claim). */\n htu: string;\n /** Expected access-token hash (RFC 9449 `ath` claim). */\n ath?: string;\n /** Expected app-session-ID hash (`sid` claim). */\n sid?: string;\n}\n\ninterface DpopProofHeader {\n typ?: string;\n alg?: string;\n jwk?: JsonWebKey;\n}\n\n/**\n * Verifies a DPoP proof JWT and returns the embedded public JWK,\n * its thumbprint, and the decoded claims.\n *\n * Enforces RFC 9449's required checks:\n *\n * - `typ=dpop+jwt`, `alg=ES256`, and a JWK in the header.\n * - Signature is valid against the embedded JWK.\n * - `htm`, `htu`, and (when supplied) `ath`/`sid` match.\n * - `iat` is within ±5 minutes of \"now\".\n *\n * @throws {Error} If any of the above checks fail.\n */\nexport async function verifyDpopProof(\n options: VerifyDpopProofOptions\n): Promise<VerifiedDpopProof> {\n const { proof, htm, htu, ath, sid } = options;\n const parts = proof.split('.');\n if (parts.length !== 3) throw new Error('Invalid DPoP proof format');\n\n const encodedHeader = parts[0];\n if (!encodedHeader) throw new Error('Missing DPoP header');\n\n const header = JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedHeader))\n ) as DpopProofHeader;\n\n if (header.typ !== 'dpop+jwt') throw new Error('Invalid DPoP typ header');\n if (header.alg !== 'ES256') throw new Error('Unsupported DPoP algorithm');\n const publicKeyJwk = header.jwk;\n if (!publicKeyJwk) throw new Error('Missing jwk in DPoP header');\n\n const payload = await decodeAndVerifyJwt({ token: proof, publicKeyJwk });\n const claims = payload as unknown as DpopClaims;\n\n if (claims.htm !== htm) {\n throw new Error(`DPoP htm mismatch: expected ${htm}, got ${claims.htm}`);\n }\n if (claims.htu !== htu) {\n throw new Error(`DPoP htu mismatch: expected ${htu}, got ${claims.htu}`);\n }\n if (ath !== undefined && claims.ath !== ath) {\n throw new Error('DPoP ath mismatch');\n }\n if (sid !== undefined && claims.sid !== sid) {\n throw new Error('DPoP sid mismatch');\n }\n\n const now = Math.floor(Date.now() / 1000);\n if (Math.abs(now - claims.iat) > 300) {\n throw new Error('DPoP proof expired or too far in future');\n }\n\n const jkt = await getJwkThumbprint({ publicKeyJwk });\n return { publicKeyJwk, jkt, claims };\n}\n"],"mappings":";;;;AAgCA,SAAS,yBAAyB,KAA6B;CAC7D,IACE,IAAI,QAAQ,QACZ,IAAI,QAAQ,WACZ,OAAO,IAAI,MAAM,YACjB,OAAO,IAAI,MAAM,UAEjB,MAAM,IAAI,MAAM,8BAA8B;CAEhD,OAAO;EACL,KAAK;EACL,KAAK;EACL,GAAG,IAAI;EACP,GAAG,IAAI;CACT;AACF;;;;;;;AAeA,eAAsB,cACpB,SACiB;CACjB,MAAM,EAAE,SAAS,WAAW;CAE5B,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;GAAY,KAFzB,yBAAyB,QAAQ,eAEK;EAAE;EACxD,SAAS;EACT,YAAY,QAAQ;CACtB,CAAC;AACH;;;;;;;;;;;;;;AA8CA,eAAsB,gBACpB,SAC4B;CAC5B,MAAM,EAAE,OAAO,KAAK,KAAK,KAAK,QAAQ;CACtC,MAAM,QAAQ,MAAM,MAAM,GAAG;CAC7B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,2BAA2B;CAEnE,MAAM,gBAAgB,MAAM;CAC5B,IAAI,CAAC,eAAe,MAAM,IAAI,MAAM,qBAAqB;CAEzD,MAAM,SAAS,KAAK,MAClB,IAAI,YAAY,EAAE,OAAO,gBAAgB,aAAa,CAAC,CACzD;CAEA,IAAI,OAAO,QAAQ,YAAY,MAAM,IAAI,MAAM,yBAAyB;CACxE,IAAI,OAAO,QAAQ,SAAS,MAAM,IAAI,MAAM,4BAA4B;CACxE,MAAM,eAAe,OAAO;CAC5B,IAAI,CAAC,cAAc,MAAM,IAAI,MAAM,4BAA4B;CAG/D,MAAM,SAAS,MADO,mBAAmB;EAAE,OAAO;EAAO;CAAa,CAAC;CAGvE,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,KAAK;CAEzE,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,KAAK;CAEzE,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,mBAAmB;CAErC,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,mBAAmB;CAGrC,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;CACxC,IAAI,KAAK,IAAI,MAAM,OAAO,GAAG,IAAI,KAC/B,MAAM,IAAI,MAAM,yCAAyC;CAI3D,OAAO;EAAE;EAAc,KAAA,MADL,iBAAiB,EAAE,aAAa,CAAC;EACvB;CAAO;AACrC"}
@@ -1,4 +1,9 @@
1
1
  //#region src/server/utils/env-utils.ts
2
+ const HUBSPOT_API_ORIGIN_DEFAULT = "https://api.hubapi.com";
3
+ const HUBSPOT_OAUTH_API_ORIGIN_DEFAULT = "https://api.hubapi.com";
4
+ const HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT = "https://app.hubspot.com/oauth/authorize";
5
+ /** Environment variable name for the app private key loaded by `secureStart`. */
6
+ const HUBSPOT_APP_PRIVATE_KEY_ENV = "HUBSPOT_APP_PRIVATE_KEY";
2
7
  /**
3
8
  * Reads an environment variable in a way that works under both Node
4
9
  * (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when
@@ -12,6 +17,15 @@ function getEnv(key) {
12
17
  if (deno !== void 0) return deno.env.get(key);
13
18
  }
14
19
  /**
20
+ * Reads an environment variable, returning `defaultValue` when it is
21
+ * unset or an empty string.
22
+ */
23
+ function getEnvWithDefault(key, defaultValue) {
24
+ const value = getEnv(key);
25
+ if (!value) return defaultValue;
26
+ return value;
27
+ }
28
+ /**
15
29
  * Reads an environment variable and throws when it is missing or empty.
16
30
  * Use for values the SDK cannot fall back on (e.g. upstream service
17
31
  * URLs).
@@ -25,20 +39,59 @@ function requireEnv(key) {
25
39
  return value;
26
40
  }
27
41
  /**
42
+ * HubSpot API origin used by the HubSpot API client transport. Defaults to
43
+ * `https://api.hubapi.com` when `HUBSPOT_API_ORIGIN` is unset.
44
+ */
45
+ function getHubSpotApiOrigin() {
46
+ return getEnvWithDefault("HUBSPOT_API_ORIGIN", HUBSPOT_API_ORIGIN_DEFAULT);
47
+ }
48
+ /**
49
+ * Full OAuth authorize URL for hubspot-connect routes. Defaults to
50
+ * `https://app.hubspot.com/oauth/authorize` when
51
+ * `HUBSPOT_AUTHORIZATION_ENDPOINT` is unset.
52
+ */
53
+ function getHubSpotAuthorizationEndpoint() {
54
+ return getEnvWithDefault("HUBSPOT_AUTHORIZATION_ENDPOINT", HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT);
55
+ }
56
+ /**
57
+ * HubSpot OAuth API origin (token, revoke, JWKS). Normalized to a URL
58
+ * origin. Defaults to `https://api.hubapi.com` when
59
+ * `HUBSPOT_OAUTH_API_ORIGIN` is unset.
60
+ */
61
+ function getHubSpotOAuthApiOrigin() {
62
+ return new URL(getEnvWithDefault("HUBSPOT_OAUTH_API_ORIGIN", HUBSPOT_OAUTH_API_ORIGIN_DEFAULT)).origin;
63
+ }
64
+ /**
65
+ * Static OAuth client ID. Required when CIMD is disabled.
66
+ *
67
+ * @throws {Error} When `HUBSPOT_CLIENT_ID` is unset or empty.
68
+ */
69
+ function requireHubSpotClientId() {
70
+ return requireEnv("HUBSPOT_CLIENT_ID");
71
+ }
72
+ /**
73
+ * Static OAuth client secret. Required when CIMD is disabled.
74
+ *
75
+ * @throws {Error} When `HUBSPOT_CLIENT_SECRET` is unset or empty.
76
+ */
77
+ function requireHubSpotClientSecret() {
78
+ return requireEnv("HUBSPOT_CLIENT_SECRET");
79
+ }
80
+ /**
28
81
  * Whether outbound HubSpot OAuth and API calls should attach DPoP on
29
- * the wire. Disabled only when `HUBSPOT_DPOP_ENABLED` is exactly the
30
- * string `"false"` (unset or any other value keeps DPoP enabled).
82
+ * the wire. Enabled only when `HUBSPOT_DPOP_ENABLED` is exactly the
83
+ * string `"true"` (unset or any other value keeps DPoP disabled).
31
84
  */
32
85
  function isHubspotDpopEnabled() {
33
- return getEnv("HUBSPOT_DPOP_ENABLED") !== "false";
86
+ return getEnv("HUBSPOT_DPOP_ENABLED") === "true";
34
87
  }
35
88
  /**
36
89
  * Whether the SDK should use CIMD-style OAuth (client ID URL + JWT client
37
- * assertion). Disabled only when `HUBSPOT_CIMD_ENABLED` is exactly the
38
- * string `"false"` (unset or any other value keeps CIMD enabled).
90
+ * assertion). Enabled only when `HUBSPOT_CIMD_ENABLED` is exactly the
91
+ * string `"true"` (unset or any other value keeps CIMD disabled).
39
92
  */
40
93
  function isHubspotCimdEnabled() {
41
- return getEnv("HUBSPOT_CIMD_ENABLED") !== "false";
94
+ return getEnv("HUBSPOT_CIMD_ENABLED") === "true";
42
95
  }
43
96
  /**
44
97
  * Whether `HUBSPOT_APP_PRIVATE_KEY` must be set for `secureStart`. False
@@ -49,6 +102,6 @@ function isHubspotAppPrivateKeyRequired() {
49
102
  return isHubspotCimdEnabled() || isHubspotDpopEnabled();
50
103
  }
51
104
  //#endregion
52
- export { isHubspotAppPrivateKeyRequired, isHubspotCimdEnabled, isHubspotDpopEnabled, requireEnv };
105
+ export { HUBSPOT_APP_PRIVATE_KEY_ENV, getHubSpotApiOrigin, getHubSpotAuthorizationEndpoint, getHubSpotOAuthApiOrigin, isHubspotAppPrivateKeyRequired, isHubspotCimdEnabled, isHubspotDpopEnabled, requireHubSpotClientId, requireHubSpotClientSecret };
53
106
 
54
107
  //# sourceMappingURL=env-utils.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"env-utils.js","names":[],"sources":["../../../src/server/utils/env-utils.ts"],"sourcesContent":["interface GlobalWithOptionalEnv {\n process?: { env?: Record<string, string | undefined> };\n Deno?: { env: { get(name: string): string | undefined } };\n}\n\n/**\n * Reads an environment variable in a way that works under both Node\n * (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when\n * the variable is unset or when neither runtime is available.\n */\nexport function getEnv(key: string): string | undefined {\n const g = globalThis as GlobalWithOptionalEnv;\n const proc = g.process;\n if (proc?.env) {\n return proc.env[key];\n }\n const deno = g.Deno;\n if (deno !== undefined) {\n return deno.env.get(key);\n }\n return undefined;\n}\n\n/**\n * Reads an environment variable and throws when it is missing or empty.\n * Use for values the SDK cannot fall back on (e.g. upstream service\n * URLs).\n *\n * @throws {Error} When the environment variable is unset or an empty\n * string.\n */\nexport function requireEnv(key: string): string {\n const value = getEnv(key);\n if (!value) {\n throw new Error(`Missing required environment variable: ${key}`);\n }\n return value;\n}\n\n/**\n * Whether outbound HubSpot OAuth and API calls should attach DPoP on\n * the wire. Disabled only when `HUBSPOT_DPOP_ENABLED` is exactly the\n * string `\"false\"` (unset or any other value keeps DPoP enabled).\n */\nexport function isHubspotDpopEnabled(): boolean {\n return getEnv('HUBSPOT_DPOP_ENABLED') !== 'false';\n}\n\n/**\n * Whether the SDK should use CIMD-style OAuth (client ID URL + JWT client\n * assertion). Disabled only when `HUBSPOT_CIMD_ENABLED` is exactly the\n * string `\"false\"` (unset or any other value keeps CIMD enabled).\n */\nexport function isHubspotCimdEnabled(): boolean {\n return getEnv('HUBSPOT_CIMD_ENABLED') !== 'false';\n}\n\n/**\n * Whether `HUBSPOT_APP_PRIVATE_KEY` must be set for `secureStart`. False\n * when both CIMD and DPoP are disabled — the SDK then uses\n * `client_secret` for OAuth and Bearer tokens only for API calls.\n */\nexport function isHubspotAppPrivateKeyRequired(): boolean {\n return isHubspotCimdEnabled() || isHubspotDpopEnabled();\n}\n"],"mappings":";;;;;;AAUA,SAAgB,OAAO,KAAiC;CACtD,MAAM,IAAI;CACV,MAAM,OAAO,EAAE;CACf,IAAI,MAAM,KACR,OAAO,KAAK,IAAI;CAElB,MAAM,OAAO,EAAE;CACf,IAAI,SAAS,KAAA,GACX,OAAO,KAAK,IAAI,IAAI,IAAI;;;;;;;;;;AAa5B,SAAgB,WAAW,KAAqB;CAC9C,MAAM,QAAQ,OAAO,IAAI;CACzB,IAAI,CAAC,OACH,MAAM,IAAI,MAAM,0CAA0C,MAAM;CAElE,OAAO;;;;;;;AAQT,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,uBAAuB,KAAK;;;;;;;AAQ5C,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,uBAAuB,KAAK;;;;;;;AAQ5C,SAAgB,iCAA0C;CACxD,OAAO,sBAAsB,IAAI,sBAAsB"}
1
+ {"version":3,"file":"env-utils.js","names":[],"sources":["../../../src/server/utils/env-utils.ts"],"sourcesContent":["interface GlobalWithOptionalEnv {\n process?: { env?: Record<string, string | undefined> };\n Deno?: { env: { get(name: string): string | undefined } };\n}\n\nconst HUBSPOT_API_ORIGIN_DEFAULT = 'https://api.hubapi.com';\n\nconst HUBSPOT_OAUTH_API_ORIGIN_DEFAULT = 'https://api.hubapi.com';\n\nconst HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT =\n 'https://app.hubspot.com/oauth/authorize';\n\n/** Environment variable name for the app private key loaded by `secureStart`. */\nexport const HUBSPOT_APP_PRIVATE_KEY_ENV = 'HUBSPOT_APP_PRIVATE_KEY';\n\n/**\n * Reads an environment variable in a way that works under both Node\n * (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when\n * the variable is unset or when neither runtime is available.\n */\nexport function getEnv(key: string): string | undefined {\n const g = globalThis as GlobalWithOptionalEnv;\n const proc = g.process;\n if (proc?.env) {\n return proc.env[key];\n }\n const deno = g.Deno;\n if (deno !== undefined) {\n return deno.env.get(key);\n }\n return undefined;\n}\n\n/**\n * Reads an environment variable, returning `defaultValue` when it is\n * unset or an empty string.\n */\nexport function getEnvWithDefault(key: string, defaultValue: string): string {\n const value = getEnv(key);\n if (!value) {\n return defaultValue;\n }\n return value;\n}\n\n/**\n * Reads an environment variable and throws when it is missing or empty.\n * Use for values the SDK cannot fall back on (e.g. upstream service\n * URLs).\n *\n * @throws {Error} When the environment variable is unset or an empty\n * string.\n */\nexport function requireEnv(key: string): string {\n const value = getEnv(key);\n if (!value) {\n throw new Error(`Missing required environment variable: ${key}`);\n }\n return value;\n}\n\n/**\n * HubSpot API origin used by the HubSpot API client transport. Defaults to\n * `https://api.hubapi.com` when `HUBSPOT_API_ORIGIN` is unset.\n */\nexport function getHubSpotApiOrigin(): string {\n return getEnvWithDefault('HUBSPOT_API_ORIGIN', HUBSPOT_API_ORIGIN_DEFAULT);\n}\n\n/**\n * Full OAuth authorize URL for hubspot-connect routes. Defaults to\n * `https://app.hubspot.com/oauth/authorize` when\n * `HUBSPOT_AUTHORIZATION_ENDPOINT` is unset.\n */\nexport function getHubSpotAuthorizationEndpoint(): string {\n return getEnvWithDefault(\n 'HUBSPOT_AUTHORIZATION_ENDPOINT',\n HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT\n );\n}\n\n/**\n * HubSpot OAuth API origin (token, revoke, JWKS). Normalized to a URL\n * origin. Defaults to `https://api.hubapi.com` when\n * `HUBSPOT_OAUTH_API_ORIGIN` is unset.\n */\nexport function getHubSpotOAuthApiOrigin(): string {\n return new URL(\n getEnvWithDefault(\n 'HUBSPOT_OAUTH_API_ORIGIN',\n HUBSPOT_OAUTH_API_ORIGIN_DEFAULT\n )\n ).origin;\n}\n\n/**\n * Static OAuth client ID. Required when CIMD is disabled.\n *\n * @throws {Error} When `HUBSPOT_CLIENT_ID` is unset or empty.\n */\nexport function requireHubSpotClientId(): string {\n return requireEnv('HUBSPOT_CLIENT_ID');\n}\n\n/**\n * Static OAuth client secret. Required when CIMD is disabled.\n *\n * @throws {Error} When `HUBSPOT_CLIENT_SECRET` is unset or empty.\n */\nexport function requireHubSpotClientSecret(): string {\n return requireEnv('HUBSPOT_CLIENT_SECRET');\n}\n\n/**\n * Whether outbound HubSpot OAuth and API calls should attach DPoP on\n * the wire. Enabled only when `HUBSPOT_DPOP_ENABLED` is exactly the\n * string `\"true\"` (unset or any other value keeps DPoP disabled).\n */\nexport function isHubspotDpopEnabled(): boolean {\n return getEnv('HUBSPOT_DPOP_ENABLED') === 'true';\n}\n\n/**\n * Whether the SDK should use CIMD-style OAuth (client ID URL + JWT client\n * assertion). Enabled only when `HUBSPOT_CIMD_ENABLED` is exactly the\n * string `\"true\"` (unset or any other value keeps CIMD disabled).\n */\nexport function isHubspotCimdEnabled(): boolean {\n return getEnv('HUBSPOT_CIMD_ENABLED') === 'true';\n}\n\n/**\n * Whether `HUBSPOT_APP_PRIVATE_KEY` must be set for `secureStart`. False\n * when both CIMD and DPoP are disabled — the SDK then uses\n * `client_secret` for OAuth and Bearer tokens only for API calls.\n */\nexport function isHubspotAppPrivateKeyRequired(): boolean {\n return isHubspotCimdEnabled() || isHubspotDpopEnabled();\n}\n"],"mappings":";AAKA,MAAM,6BAA6B;AAEnC,MAAM,mCAAmC;AAEzC,MAAM,yCACJ;;AAGF,MAAa,8BAA8B;;;;;;AAO3C,SAAgB,OAAO,KAAiC;CACtD,MAAM,IAAI;CACV,MAAM,OAAO,EAAE;CACf,IAAI,MAAM,KACR,OAAO,KAAK,IAAI;CAElB,MAAM,OAAO,EAAE;CACf,IAAI,SAAS,KAAA,GACX,OAAO,KAAK,IAAI,IAAI,GAAG;AAG3B;;;;;AAMA,SAAgB,kBAAkB,KAAa,cAA8B;CAC3E,MAAM,QAAQ,OAAO,GAAG;CACxB,IAAI,CAAC,OACH,OAAO;CAET,OAAO;AACT;;;;;;;;;AAUA,SAAgB,WAAW,KAAqB;CAC9C,MAAM,QAAQ,OAAO,GAAG;CACxB,IAAI,CAAC,OACH,MAAM,IAAI,MAAM,0CAA0C,KAAK;CAEjE,OAAO;AACT;;;;;AAMA,SAAgB,sBAA8B;CAC5C,OAAO,kBAAkB,sBAAsB,0BAA0B;AAC3E;;;;;;AAOA,SAAgB,kCAA0C;CACxD,OAAO,kBACL,kCACA,sCACF;AACF;;;;;;AAOA,SAAgB,2BAAmC;CACjD,OAAO,IAAI,IACT,kBACE,4BACA,gCACF,CACF,EAAE;AACJ;;;;;;AAOA,SAAgB,yBAAiC;CAC/C,OAAO,WAAW,mBAAmB;AACvC;;;;;;AAOA,SAAgB,6BAAqC;CACnD,OAAO,WAAW,uBAAuB;AAC3C;;;;;;AAOA,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,sBAAsB,MAAM;AAC5C;;;;;;AAOA,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,sBAAsB,MAAM;AAC5C;;;;;;AAOA,SAAgB,iCAA0C;CACxD,OAAO,qBAAqB,KAAK,qBAAqB;AACxD"}
@@ -0,0 +1,38 @@
1
+ import { signDpopProof } from "./dpop-utils.js";
2
+ import { sha256base64url } from "../shared/encoding/sha256.js";
3
+ //#region src/server/utils/hubspot-dpop-auth-headers.ts
4
+ function getDpopHtuFromTargetUrl(targetUrl) {
5
+ const url = new URL(targetUrl);
6
+ url.search = "";
7
+ url.hash = "";
8
+ return url.toString();
9
+ }
10
+ /**
11
+ * Builds `Authorization` and `DPoP` headers for an authenticated
12
+ * HubSpot API request when DPoP is enabled.
13
+ */
14
+ async function buildHubSpotDpopAuthHeaders(options) {
15
+ const { accessToken, sessionId, appKeys, method, targetUrl } = options;
16
+ const htu = getDpopHtuFromTargetUrl(targetUrl);
17
+ const ath = await sha256base64url(accessToken);
18
+ const sid = await sha256base64url(sessionId);
19
+ const dpopProof = await signDpopProof({
20
+ appKeys,
21
+ claims: {
22
+ htm: method,
23
+ htu,
24
+ jti: crypto.randomUUID(),
25
+ iat: Math.floor(Date.now() / 1e3),
26
+ ath,
27
+ sid
28
+ }
29
+ });
30
+ return {
31
+ Authorization: `DPoP ${accessToken}`,
32
+ DPoP: dpopProof
33
+ };
34
+ }
35
+ //#endregion
36
+ export { buildHubSpotDpopAuthHeaders };
37
+
38
+ //# sourceMappingURL=hubspot-dpop-auth-headers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"hubspot-dpop-auth-headers.js","names":[],"sources":["../../../src/server/utils/hubspot-dpop-auth-headers.ts"],"sourcesContent":["import { type AppKeys } from '../types.ts';\nimport { sha256base64url } from './crypto-utils.ts';\nimport { signDpopProof } from './dpop-utils.ts';\n\nexport interface BuildHubSpotDpopAuthHeadersOptions {\n accessToken: string;\n sessionId: string;\n appKeys: AppKeys;\n method: string;\n targetUrl: string;\n}\n\nfunction getDpopHtuFromTargetUrl(targetUrl: string): string {\n const url = new URL(targetUrl);\n url.search = '';\n url.hash = '';\n return url.toString();\n}\n\n/**\n * Builds `Authorization` and `DPoP` headers for an authenticated\n * HubSpot API request when DPoP is enabled.\n */\nexport async function buildHubSpotDpopAuthHeaders(\n options: BuildHubSpotDpopAuthHeadersOptions\n): Promise<Record<string, string>> {\n const { accessToken, sessionId, appKeys, method, targetUrl } = options;\n const htu = getDpopHtuFromTargetUrl(targetUrl);\n\n const ath = await sha256base64url(accessToken);\n const sid = await sha256base64url(sessionId);\n const dpopProof = await signDpopProof({\n appKeys,\n claims: {\n htm: method,\n htu,\n jti: crypto.randomUUID(),\n iat: Math.floor(Date.now() / 1000),\n ath,\n sid,\n },\n });\n\n return {\n Authorization: `DPoP ${accessToken}`,\n DPoP: dpopProof,\n };\n}\n"],"mappings":";;;AAYA,SAAS,wBAAwB,WAA2B;CAC1D,MAAM,MAAM,IAAI,IAAI,SAAS;CAC7B,IAAI,SAAS;CACb,IAAI,OAAO;CACX,OAAO,IAAI,SAAS;AACtB;;;;;AAMA,eAAsB,4BACpB,SACiC;CACjC,MAAM,EAAE,aAAa,WAAW,SAAS,QAAQ,cAAc;CAC/D,MAAM,MAAM,wBAAwB,SAAS;CAE7C,MAAM,MAAM,MAAM,gBAAgB,WAAW;CAC7C,MAAM,MAAM,MAAM,gBAAgB,SAAS;CAC3C,MAAM,YAAY,MAAM,cAAc;EACpC;EACA,QAAQ;GACN,KAAK;GACL;GACA,KAAK,OAAO,WAAW;GACvB,KAAK,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;GACjC;GACA;EACF;CACF,CAAC;CAED,OAAO;EACL,eAAe,QAAQ;EACvB,MAAM;CACR;AACF"}
@@ -1 +1 @@
1
- {"version":3,"file":"jwk-utils.js","names":[],"sources":["../../../src/server/utils/jwk-utils.ts"],"sourcesContent":["import { base64url } from './base64-utils.ts';\n\nexport interface GetJwkThumbprintOptions {\n /** EC P-256 public JWK whose thumbprint to compute. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Computes the RFC 7638 JWK thumbprint of an EC P-256 public JWK.\n * Per §3.2 the canonical form contains only `crv`, `kty`, `x`, `y`,\n * sorted lexicographically — no whitespace, no other members. The\n * SHA-256 of this canonical UTF-8 JSON, base64url-encoded, is the\n * stable identifier (`jkt`) DPoP uses to bind tokens to public keys.\n */\nexport async function getJwkThumbprint(\n options: GetJwkThumbprintOptions\n): Promise<string> {\n const { publicKeyJwk } = options;\n const canonical = JSON.stringify({\n crv: publicKeyJwk.crv,\n kty: publicKeyJwk.kty,\n x: publicKeyJwk.x,\n y: publicKeyJwk.y,\n });\n const digest = await crypto.subtle.digest(\n 'SHA-256',\n new TextEncoder().encode(canonical)\n );\n return base64url(new Uint8Array(digest));\n}\n"],"mappings":";;;;;;;;;AAcA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,iBAAiB;CACzB,MAAM,YAAY,KAAK,UAAU;EAC/B,KAAK,aAAa;EAClB,KAAK,aAAa;EAClB,GAAG,aAAa;EAChB,GAAG,aAAa;EACjB,CAAC;CACF,MAAM,SAAS,MAAM,OAAO,OAAO,OACjC,WACA,IAAI,aAAa,CAAC,OAAO,UAAU,CACpC;CACD,OAAO,UAAU,IAAI,WAAW,OAAO,CAAC"}
1
+ {"version":3,"file":"jwk-utils.js","names":[],"sources":["../../../src/server/utils/jwk-utils.ts"],"sourcesContent":["import { base64url } from './base64-utils.ts';\n\nexport interface GetJwkThumbprintOptions {\n /** EC P-256 public JWK whose thumbprint to compute. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Computes the RFC 7638 JWK thumbprint of an EC P-256 public JWK.\n * Per §3.2 the canonical form contains only `crv`, `kty`, `x`, `y`,\n * sorted lexicographically — no whitespace, no other members. The\n * SHA-256 of this canonical UTF-8 JSON, base64url-encoded, is the\n * stable identifier (`jkt`) DPoP uses to bind tokens to public keys.\n */\nexport async function getJwkThumbprint(\n options: GetJwkThumbprintOptions\n): Promise<string> {\n const { publicKeyJwk } = options;\n const canonical = JSON.stringify({\n crv: publicKeyJwk.crv,\n kty: publicKeyJwk.kty,\n x: publicKeyJwk.x,\n y: publicKeyJwk.y,\n });\n const digest = await crypto.subtle.digest(\n 'SHA-256',\n new TextEncoder().encode(canonical)\n );\n return base64url(new Uint8Array(digest));\n}\n"],"mappings":";;;;;;;;;AAcA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,iBAAiB;CACzB,MAAM,YAAY,KAAK,UAAU;EAC/B,KAAK,aAAa;EAClB,KAAK,aAAa;EAClB,GAAG,aAAa;EAChB,GAAG,aAAa;CAClB,CAAC;CACD,MAAM,SAAS,MAAM,OAAO,OAAO,OACjC,WACA,IAAI,YAAY,EAAE,OAAO,SAAS,CACpC;CACA,OAAO,UAAU,IAAI,WAAW,MAAM,CAAC;AACzC"}
@@ -1 +1 @@
1
- {"version":3,"file":"jwt-utils.js","names":[],"sources":["../../../src/server/utils/jwt-utils.ts"],"sourcesContent":["import { base64url, base64urlDecode } from './base64-utils.ts';\n\ninterface EncodeAndSignJwtOptions {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n privateKey: CryptoKey;\n}\n\n/**\n * Low-level helper that encodes a JWS Compact Serialization JWT\n * (RFC 7519) and signs it with the supplied `privateKey` using\n * ES256 (P-256 + SHA-256). Returns the three-segment compact form.\n */\nexport async function encodeAndSignJwt(\n options: EncodeAndSignJwtOptions\n): Promise<string> {\n const { header, payload, privateKey } = options;\n\n const encodedHeader = base64url(\n new TextEncoder().encode(JSON.stringify(header))\n );\n const encodedPayload = base64url(\n new TextEncoder().encode(JSON.stringify(payload))\n );\n const signingInput = `${encodedHeader}.${encodedPayload}`;\n const signatureBuffer = await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey,\n new TextEncoder().encode(signingInput)\n );\n return `${signingInput}.${base64url(new Uint8Array(signatureBuffer))}`;\n}\n\nasync function importPublicKey(jwk: JsonWebKey): Promise<CryptoKey> {\n return crypto.subtle.importKey(\n 'jwk',\n jwk,\n { name: 'ECDSA', namedCurve: 'P-256' },\n false,\n ['verify']\n );\n}\n\ninterface DecodeAndVerifyJwtOptions {\n token: string;\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies the ES256 signature on `token` against `publicKeyJwk` and\n * returns the decoded payload. Does not check `exp` — use\n * {@link verifyJwt} when expiry enforcement is desired.\n *\n * @throws {Error} When the token isn't three segments, when the\n * signature fails verification, or when the payload isn't valid\n * JSON.\n */\nexport async function decodeAndVerifyJwt(\n options: DecodeAndVerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const parts = token.split('.');\n if (parts.length !== 3) throw new Error('Invalid JWT format');\n const [encodedHeader, encodedPayload, encodedSignature] = parts as [\n string,\n string,\n string,\n ];\n const publicKey = await importPublicKey(publicKeyJwk);\n const valid = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey,\n base64urlDecode(encodedSignature),\n new TextEncoder().encode(`${encodedHeader}.${encodedPayload}`)\n );\n if (!valid) throw new Error('JWT signature verification failed');\n return JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedPayload))\n ) as Record<string, unknown>;\n}\n\nexport interface VerifyJwtOptions {\n /** Compact-serialized JWT to verify. */\n token: string;\n /** Public key in JWK form. Caller is responsible for trusting it. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies signature and (if present) `exp` (RFC 7519 §4.1.4) on a\n * JWT and returns its payload.\n *\n * @throws {Error} When the signature fails or when `exp` has passed.\n */\nexport async function verifyJwt(\n options: VerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const payload = await decodeAndVerifyJwt({ token, publicKeyJwk });\n const now = Math.floor(Date.now() / 1000);\n if (typeof payload['exp'] === 'number' && payload['exp'] < now) {\n throw new Error('JWT expired');\n }\n return payload;\n}\n\nexport interface SignJwtOptions {\n /** ES256 private key as a non-extractable WebCrypto key. */\n privateKey: CryptoKey;\n /**\n * Custom claims merged onto an `iat` claim (and `exp` when\n * `ttlSeconds` is supplied). Caller-provided keys override the\n * standard ones.\n */\n payload: Record<string, unknown>;\n /**\n * Lifetime of the token in seconds. When set, the JWT's `exp` claim\n * is computed as `iat + ttlSeconds`. When omitted, no `exp` is added\n * (the caller is responsible for one if needed).\n */\n ttlSeconds?: number;\n}\n\n/**\n * Signs a JWT (RFC 7519) with `alg=ES256, typ=JWT` and returns the\n * compact serialization. Always sets `iat` to the current second; the\n * caller controls every other claim via `payload`.\n */\nexport async function signJwt(options: SignJwtOptions): Promise<string> {\n const { privateKey, payload, ttlSeconds } = options;\n const now = Math.floor(Date.now() / 1000);\n const payloadWithStandardClaims =\n ttlSeconds !== undefined\n ? { iat: now, exp: now + ttlSeconds, ...payload }\n : { iat: now, ...payload };\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'JWT' },\n payload: payloadWithStandardClaims,\n privateKey,\n });\n}\n"],"mappings":";;;;;;;AAaA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,QAAQ,SAAS,eAAe;CAQxC,MAAM,eAAe,GANC,UACpB,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,OAAO,CAAC,CAKb,CAAC,GAHf,UACrB,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,QAAQ,CAAC,CAEI;CACvD,MAAM,kBAAkB,MAAM,OAAO,OAAO,KAC1C;EAAE,MAAM;EAAS,MAAM;EAAW,EAClC,YACA,IAAI,aAAa,CAAC,OAAO,aAAa,CACvC;CACD,OAAO,GAAG,aAAa,GAAG,UAAU,IAAI,WAAW,gBAAgB,CAAC;;AAGtE,eAAe,gBAAgB,KAAqC;CAClE,OAAO,OAAO,OAAO,UACnB,OACA,KACA;EAAE,MAAM;EAAS,YAAY;EAAS,EACtC,OACA,CAAC,SAAS,CACX;;;;;;;;;;;AAiBH,eAAsB,mBACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,QAAQ,MAAM,MAAM,IAAI;CAC9B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,qBAAqB;CAC7D,MAAM,CAAC,eAAe,gBAAgB,oBAAoB;CAK1D,MAAM,YAAY,MAAM,gBAAgB,aAAa;CAOrD,IAAI,CAAC,MANe,OAAO,OAAO,OAChC;EAAE,MAAM;EAAS,MAAM;EAAW,EAClC,WACA,gBAAgB,iBAAiB,EACjC,IAAI,aAAa,CAAC,OAAO,GAAG,cAAc,GAAG,iBAAiB,CAC/D,EACW,MAAM,IAAI,MAAM,oCAAoC;CAChE,OAAO,KAAK,MACV,IAAI,aAAa,CAAC,OAAO,gBAAgB,eAAe,CAAC,CAC1D;;;;;;;;AAgBH,eAAsB,UACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,UAAU,MAAM,mBAAmB;EAAE;EAAO;EAAc,CAAC;CACjE,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CACzC,IAAI,OAAO,QAAQ,WAAW,YAAY,QAAQ,SAAS,KACzD,MAAM,IAAI,MAAM,cAAc;CAEhC,OAAO;;;;;;;AAyBT,eAAsB,QAAQ,SAA0C;CACtE,MAAM,EAAE,YAAY,SAAS,eAAe;CAC5C,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CAKzC,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;GAAO;EACpC,SALA,eAAe,KAAA,IACX;GAAE,KAAK;GAAK,KAAK,MAAM;GAAY,GAAG;GAAS,GAC/C;GAAE,KAAK;GAAK,GAAG;GAAS;EAI5B;EACD,CAAC"}
1
+ {"version":3,"file":"jwt-utils.js","names":[],"sources":["../../../src/server/utils/jwt-utils.ts"],"sourcesContent":["import { base64url, base64urlDecode } from './base64-utils.ts';\n\ninterface EncodeAndSignJwtOptions {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n privateKey: CryptoKey;\n}\n\n/**\n * Low-level helper that encodes a JWS Compact Serialization JWT\n * (RFC 7519) and signs it with the supplied `privateKey` using\n * ES256 (P-256 + SHA-256). Returns the three-segment compact form.\n */\nexport async function encodeAndSignJwt(\n options: EncodeAndSignJwtOptions\n): Promise<string> {\n const { header, payload, privateKey } = options;\n\n const encodedHeader = base64url(\n new TextEncoder().encode(JSON.stringify(header))\n );\n const encodedPayload = base64url(\n new TextEncoder().encode(JSON.stringify(payload))\n );\n const signingInput = `${encodedHeader}.${encodedPayload}`;\n const signatureBuffer = await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey,\n new TextEncoder().encode(signingInput)\n );\n return `${signingInput}.${base64url(new Uint8Array(signatureBuffer))}`;\n}\n\nasync function importPublicKey(jwk: JsonWebKey): Promise<CryptoKey> {\n return crypto.subtle.importKey(\n 'jwk',\n jwk,\n { name: 'ECDSA', namedCurve: 'P-256' },\n false,\n ['verify']\n );\n}\n\ninterface DecodeAndVerifyJwtOptions {\n token: string;\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies the ES256 signature on `token` against `publicKeyJwk` and\n * returns the decoded payload. Does not check `exp` — use\n * {@link verifyJwt} when expiry enforcement is desired.\n *\n * @throws {Error} When the token isn't three segments, when the\n * signature fails verification, or when the payload isn't valid\n * JSON.\n */\nexport async function decodeAndVerifyJwt(\n options: DecodeAndVerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const parts = token.split('.');\n if (parts.length !== 3) throw new Error('Invalid JWT format');\n const [encodedHeader, encodedPayload, encodedSignature] = parts as [\n string,\n string,\n string,\n ];\n const publicKey = await importPublicKey(publicKeyJwk);\n const valid = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey,\n base64urlDecode(encodedSignature),\n new TextEncoder().encode(`${encodedHeader}.${encodedPayload}`)\n );\n if (!valid) throw new Error('JWT signature verification failed');\n return JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedPayload))\n ) as Record<string, unknown>;\n}\n\nexport interface VerifyJwtOptions {\n /** Compact-serialized JWT to verify. */\n token: string;\n /** Public key in JWK form. Caller is responsible for trusting it. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies signature and (if present) `exp` (RFC 7519 §4.1.4) on a\n * JWT and returns its payload.\n *\n * @throws {Error} When the signature fails or when `exp` has passed.\n */\nexport async function verifyJwt(\n options: VerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const payload = await decodeAndVerifyJwt({ token, publicKeyJwk });\n const now = Math.floor(Date.now() / 1000);\n if (typeof payload['exp'] === 'number' && payload['exp'] < now) {\n throw new Error('JWT expired');\n }\n return payload;\n}\n\nexport interface SignJwtOptions {\n /** ES256 private key as a non-extractable WebCrypto key. */\n privateKey: CryptoKey;\n /**\n * Custom claims merged onto an `iat` claim (and `exp` when\n * `ttlSeconds` is supplied). Caller-provided keys override the\n * standard ones.\n */\n payload: Record<string, unknown>;\n /**\n * Lifetime of the token in seconds. When set, the JWT's `exp` claim\n * is computed as `iat + ttlSeconds`. When omitted, no `exp` is added\n * (the caller is responsible for one if needed).\n */\n ttlSeconds?: number;\n}\n\n/**\n * Signs a JWT (RFC 7519) with `alg=ES256, typ=JWT` and returns the\n * compact serialization. Always sets `iat` to the current second; the\n * caller controls every other claim via `payload`.\n */\nexport async function signJwt(options: SignJwtOptions): Promise<string> {\n const { privateKey, payload, ttlSeconds } = options;\n const now = Math.floor(Date.now() / 1000);\n const payloadWithStandardClaims =\n ttlSeconds !== undefined\n ? { iat: now, exp: now + ttlSeconds, ...payload }\n : { iat: now, ...payload };\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'JWT' },\n payload: payloadWithStandardClaims,\n privateKey,\n });\n}\n"],"mappings":";;;;;;;AAaA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,QAAQ,SAAS,eAAe;CAQxC,MAAM,eAAe,GANC,UACpB,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,MAAM,CAAC,CAKb,EAAE,GAHf,UACrB,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,OAAO,CAAC,CAEI;CACtD,MAAM,kBAAkB,MAAM,OAAO,OAAO,KAC1C;EAAE,MAAM;EAAS,MAAM;CAAU,GACjC,YACA,IAAI,YAAY,EAAE,OAAO,YAAY,CACvC;CACA,OAAO,GAAG,aAAa,GAAG,UAAU,IAAI,WAAW,eAAe,CAAC;AACrE;AAEA,eAAe,gBAAgB,KAAqC;CAClE,OAAO,OAAO,OAAO,UACnB,OACA,KACA;EAAE,MAAM;EAAS,YAAY;CAAQ,GACrC,OACA,CAAC,QAAQ,CACX;AACF;;;;;;;;;;AAgBA,eAAsB,mBACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,QAAQ,MAAM,MAAM,GAAG;CAC7B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,oBAAoB;CAC5D,MAAM,CAAC,eAAe,gBAAgB,oBAAoB;CAK1D,MAAM,YAAY,MAAM,gBAAgB,YAAY;CAOpD,IAAI,CAAC,MANe,OAAO,OAAO,OAChC;EAAE,MAAM;EAAS,MAAM;CAAU,GACjC,WACA,gBAAgB,gBAAgB,GAChC,IAAI,YAAY,EAAE,OAAO,GAAG,cAAc,GAAG,gBAAgB,CAC/D,GACY,MAAM,IAAI,MAAM,mCAAmC;CAC/D,OAAO,KAAK,MACV,IAAI,YAAY,EAAE,OAAO,gBAAgB,cAAc,CAAC,CAC1D;AACF;;;;;;;AAeA,eAAsB,UACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,UAAU,MAAM,mBAAmB;EAAE;EAAO;CAAa,CAAC;CAChE,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;CACxC,IAAI,OAAO,QAAQ,WAAW,YAAY,QAAQ,SAAS,KACzD,MAAM,IAAI,MAAM,aAAa;CAE/B,OAAO;AACT;;;;;;AAwBA,eAAsB,QAAQ,SAA0C;CACtE,MAAM,EAAE,YAAY,SAAS,eAAe;CAC5C,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;CAKxC,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;EAAM;EACnC,SALA,eAAe,KAAA,IACX;GAAE,KAAK;GAAK,KAAK,MAAM;GAAY,GAAG;EAAQ,IAC9C;GAAE,KAAK;GAAK,GAAG;EAAQ;EAI3B;CACF,CAAC;AACH"}
package/package.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "@hubspot/app-connect-sdk",
3
- "version": "1.0.0-alpha.2",
3
+ "version": "1.0.0-alpha.20",
4
4
  "description": "HubSpot App Connect SDK (alpha release). Documentation and integration guidance forthcoming.",
5
5
  "type": "module",
6
6
  "exports": {
7
7
  "./browser": "./dist/browser/index.js",
8
8
  "./react": "./dist/browser/react.js",
9
9
  "./react/lovable": "./dist/browser/react/lovable.js",
10
- "./server/api-client": "./dist/server/api-client-core.js",
10
+ "./server/api-client": "./dist/server/api-client.js",
11
11
  "./server/lovable": "./dist/server/lovable.js",
12
12
  "./server/oauth": "./dist/server/oauth.js"
13
13
  },
@@ -23,36 +23,30 @@
23
23
  },
24
24
  "prettier": "@private/prettier-config",
25
25
  "peerDependencies": {
26
- "hono": "^4.0.0",
27
26
  "react": "^18.0.0 || ^19.0.0"
28
27
  },
29
- "peerDependenciesMeta": {
30
- "hono": {
31
- "optional": true
32
- }
33
- },
34
28
  "dependencies": {
35
- "@base-ui/react": "^1.4.1"
29
+ "@base-ui/react": "1.4.1",
30
+ "hono": "4.12.19"
36
31
  },
37
32
  "engines": {
38
33
  "node": ">=24.0.0"
39
34
  },
40
35
  "devDependencies": {
41
- "@types/deno": "^2.5.0",
42
- "@types/node": "25.6.0",
43
- "@types/react": "^19.1.0",
44
- "@vanilla-extract/css": "^1.20.1",
45
- "@vanilla-extract/rollup-plugin": "^1.5.3",
46
- "eslint": "10.0.3",
47
- "hono": "^4.7.11",
48
- "prettier": "3.8.1",
49
- "react": "^19.1.0",
50
- "tsdown": "0.22.0-beta.3",
36
+ "@types/deno": "2.7.0",
37
+ "@types/node": "25.9.0",
38
+ "@types/react": "19.2.14",
39
+ "@vanilla-extract/css": "1.20.1",
40
+ "@vanilla-extract/rollup-plugin": "1.5.3",
41
+ "eslint": "10.4.0",
42
+ "prettier": "3.8.3",
43
+ "react": "19.2.6",
44
+ "tsdown": "0.22.0",
51
45
  "typescript": "6.0.3",
52
- "vitest": "4.0.18",
53
- "@private/tsconfig": "0.1.0",
46
+ "vitest": "4.1.6",
54
47
  "@private/eslint-config": "0.1.0",
55
- "@private/prettier-config": "0.1.0"
48
+ "@private/prettier-config": "0.1.0",
49
+ "@private/tsconfig": "0.1.0"
56
50
  },
57
51
  "scripts": {
58
52
  "clean": "rm -rf dist build *.tsbuildinfo node_modules .turbo",
@@ -57,8 +57,11 @@ flowchart TD
57
57
  ## Module map
58
58
 
59
59
  - [create.ts](./create.ts) — factory; the only file [`../index.ts`](../index.ts) imports from. Wires the context, defines `connectToHubSpot` / `disconnectFromHubSpot`, and applies `memoizeLast` to `getSnapshot`.
60
- - [init.ts](./init.ts) — runs once on `start()`. Reads `?__hs_expires_at=…` from `window.location`, persists it via [`utils/session-utils.ts`](./utils/session-utils.ts), and scrubs the parameter from the address bar with `history.replaceState`.
61
- - [connect-start.ts](./connect-start.ts) — `GET`s the SDK's `/auth/init-session` route, then full-page redirects to HubSpot's `authorize` URL. The `return_path` is the current path + query so the user lands back where they started.
60
+ - [init.ts](./init.ts) — runs once on `start()`. Redirect flow: POSTs `code` + `state` to `/auth/complete`, persists `expires_at`, `history.replaceState`s to `return_path`. Popup flow (`window.opener`): relays `code` + `state` to the opener and closes (no `auth/complete` in the popup).
61
+ - [connect-start.ts](./connect-start.ts) — `GET`s `/auth/init-session`, then redirects or opens a popup per `config.oauthConnectMode` (`auto` uses a popup when embedded in an iframe). See [oauth-popup.ts](./oauth-popup.ts).
62
+ - [oauth-popup.ts](./oauth-popup.ts) — opener waits for popup `postMessage` with `code` + `state`, then POSTs `/auth/complete`.
63
+ - [oauth-complete.ts](./oauth-complete.ts) — shared credentialed `POST /auth/complete` used by redirect init and the opener popup handler.
64
+ - [utils/resolve-oauth-connect-mode.ts](./utils/resolve-oauth-connect-mode.ts) / [utils/iframe-utils.ts](./utils/iframe-utils.ts) — map `oauthConnectMode` + iframe detection to redirect vs popup.
62
65
  - [disconnect.ts](./disconnect.ts) — `POST`s `/auth/logout`, clears local session storage, and redirects to the server-supplied `redirect_to`. Errors are caught and surfaced via `state.error`.
63
66
  - [refresh.ts](./refresh.ts) — subscribes to the store and (re)schedules a `/auth/refresh` call whenever `expiresAt` changes. Exposes `RefreshSchedulerHandle.stop()` for teardown.
64
67
  - [view-state.ts](./view-state.ts) — `getDerivedStatus` and `SERVER_VIEW` (the SSR snapshot returned by `getServerSnapshot`).
@@ -0,0 +1,156 @@
1
+ import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
2
+
3
+ import { noopLogger } from '../../shared/logger.ts';
4
+ import { startHubSpotConnection } from './connect-start.ts';
5
+ import type {
6
+ AppConnectContext,
7
+ AppConnectInternalState,
8
+ SessionStorage,
9
+ } from './types.ts';
10
+ import { createStore } from './utils/store-utils.ts';
11
+
12
+ const HUBSPOT_CONNECT_BASE_URL =
13
+ 'https://edge.example.com/functions/v1/hubspot-connect';
14
+
15
+ function createInMemorySessionStorage(): SessionStorage {
16
+ const map = new Map<string, string>();
17
+ return {
18
+ getItem: (key) => map.get(key) ?? null,
19
+ setItem: (key, value) => {
20
+ map.set(key, value);
21
+ },
22
+ removeItem: (key) => {
23
+ map.delete(key);
24
+ },
25
+ };
26
+ }
27
+
28
+ function createTestContext(
29
+ oauthConnectMode?: AppConnectContext['config']['oauthConnectMode']
30
+ ): AppConnectContext {
31
+ const initialState: AppConnectInternalState = {
32
+ isInitComplete: true,
33
+ isConnectInFlight: true,
34
+ isSessionConnected: false,
35
+ isDisconnectInFlight: false,
36
+ error: null,
37
+ expiresAt: null,
38
+ };
39
+ return {
40
+ config: {
41
+ hubSpotConnectBaseUrl: HUBSPOT_CONNECT_BASE_URL,
42
+ ...(oauthConnectMode !== undefined ? { oauthConnectMode } : {}),
43
+ },
44
+ logger: noopLogger,
45
+ sessionStorage: createInMemorySessionStorage(),
46
+ store: createStore<AppConnectInternalState>(initialState),
47
+ };
48
+ }
49
+
50
+ describe('startHubSpotConnection', () => {
51
+ beforeEach(() => {
52
+ vi.useFakeTimers();
53
+ });
54
+
55
+ afterEach(() => {
56
+ vi.unstubAllGlobals();
57
+ vi.restoreAllMocks();
58
+ vi.useRealTimers();
59
+ });
60
+
61
+ it('redirects the browser when oauthConnectMode is redirect', async () => {
62
+ const top = {};
63
+ const location = {
64
+ origin: 'https://app.example.com',
65
+ pathname: '/dashboard',
66
+ search: '?tab=1',
67
+ href: '',
68
+ };
69
+ vi.stubGlobal('window', {
70
+ self: top,
71
+ top,
72
+ location,
73
+ open: vi.fn(),
74
+ addEventListener: vi.fn(),
75
+ removeEventListener: vi.fn(),
76
+ });
77
+ vi.spyOn(globalThis, 'fetch').mockResolvedValue(
78
+ new Response(
79
+ JSON.stringify({
80
+ authorization_url: 'https://auth.example/authorize',
81
+ }),
82
+ { status: 200 }
83
+ )
84
+ );
85
+
86
+ const context = createTestContext('redirect');
87
+ const connectPromise = startHubSpotConnection(context);
88
+ await vi.advanceTimersByTimeAsync(500);
89
+ await connectPromise;
90
+
91
+ expect(location.href).toBe('https://auth.example/authorize');
92
+ expect(window.open).not.toHaveBeenCalled();
93
+ });
94
+
95
+ it('opens a popup when oauthConnectMode is popup', async () => {
96
+ const top = {};
97
+ const popup = { closed: false, close: vi.fn() };
98
+ const messageListeners: Array<(event: MessageEvent) => void> = [];
99
+
100
+ vi.stubGlobal('window', {
101
+ self: top,
102
+ top,
103
+ location: {
104
+ origin: 'https://app.example.com',
105
+ pathname: '/dashboard',
106
+ search: '',
107
+ },
108
+ open: vi.fn(() => popup),
109
+ addEventListener: (
110
+ type: string,
111
+ listener: (event: MessageEvent) => void
112
+ ) => {
113
+ if (type === 'message') messageListeners.push(listener);
114
+ },
115
+ removeEventListener: vi.fn(),
116
+ });
117
+ const expiresAt = Date.now() + 1800 * 1000;
118
+ vi.spyOn(globalThis, 'fetch')
119
+ .mockResolvedValueOnce(
120
+ new Response(
121
+ JSON.stringify({
122
+ authorization_url: 'https://auth.example/authorize',
123
+ }),
124
+ { status: 200 }
125
+ )
126
+ )
127
+ .mockResolvedValueOnce(
128
+ new Response(
129
+ JSON.stringify({ expires_at: expiresAt, return_path: '/dashboard' }),
130
+ { status: 200 }
131
+ )
132
+ );
133
+
134
+ const context = createTestContext('popup');
135
+ const connectPromise = startHubSpotConnection(context);
136
+ await vi.advanceTimersByTimeAsync(500);
137
+
138
+ expect(window.open).toHaveBeenCalledWith(
139
+ 'https://auth.example/authorize',
140
+ expect.any(String),
141
+ expect.stringContaining('popup=yes')
142
+ );
143
+
144
+ messageListeners[0]!({
145
+ origin: 'https://app.example.com',
146
+ data: {
147
+ type: 'hubspot-app-connect:oauth-callback',
148
+ code: 'auth-code',
149
+ state: 'auth-state',
150
+ },
151
+ } as MessageEvent);
152
+
153
+ await connectPromise;
154
+ expect(context.store.getSnapshot().expiresAt).toBe(expiresAt);
155
+ });
156
+ });
@@ -1,5 +1,7 @@
1
1
  import type { InitSessionResponse } from '../../shared/wire-types.ts';
2
+ import { waitForHubSpotOAuthPopup } from './oauth-popup.ts';
2
3
  import type { AppConnectContext } from './types.ts';
4
+ import { resolveOAuthConnectMode } from './utils/resolve-oauth-connect-mode.ts';
3
5
  import { delay } from './utils/timeout-utils.ts';
4
6
 
5
7
  /** Extra wait before redirect so the connect progress UI is visible; set to `0` to disable. */
@@ -10,12 +12,14 @@ const ARTIFICIAL_CONNECT_REDIRECT_DELAY_MS = 500;
10
12
  *
11
13
  * 1. Calls the SDK's `auth/init-session` route to mint a fresh PKCE
12
14
  * verifier + state and obtain HubSpot's `authorize` URL.
13
- * 2. Navigates the browser to that URL (full-page redirect).
15
+ * 2. Navigates to that URL via full-page redirect, or opens it in a
16
+ * popup when embedded in an iframe or when `oauthConnectMode` is
17
+ * `'popup'`.
14
18
  *
15
19
  * The `return_path` is the current path + query so the user lands
16
- * back where they started after authorizing.
20
+ * back where they started after authorizing (redirect mode only).
17
21
  *
18
- * Throws when the init call fails. Does not return after the redirect
22
+ * Throws when the init call fails. Does not return after a redirect
19
23
  * begins because the page is unloaded.
20
24
  */
21
25
  export async function startHubSpotConnection(
@@ -41,5 +45,16 @@ export async function startHubSpotConnection(
41
45
 
42
46
  await delay(ARTIFICIAL_CONNECT_REDIRECT_DELAY_MS);
43
47
 
48
+ const connectMode = resolveOAuthConnectMode(
49
+ config.oauthConnectMode !== undefined
50
+ ? { oauthConnectMode: config.oauthConnectMode }
51
+ : {}
52
+ );
53
+
54
+ if (connectMode === 'popup') {
55
+ await waitForHubSpotOAuthPopup({ context, authorizationUrl });
56
+ return;
57
+ }
58
+
44
59
  window.location.href = authorizationUrl;
45
60
  }
@@ -1,4 +1,3 @@
1
- import type { LogoutResponse } from '../../shared/wire-types.ts';
2
1
  import type { AppConnectContext } from './types.ts';
3
2
  import { clearSessionStorage } from './utils/session-utils.ts';
4
3
 
@@ -8,8 +7,8 @@ import { clearSessionStorage } from './utils/session-utils.ts';
8
7
  * 1. Calls the SDK's `auth/logout` route to revoke the upstream token
9
8
  * and clear the refresh-token cookie.
10
9
  * 2. Clears the local session-storage `expiresAt` entry.
11
- * 3. Updates the controller state to `disconnected` and navigates the
12
- * browser to the URL the server returned in `redirect_to`.
10
+ * 3. Updates the controller state to `disconnected` so the UI re-renders
11
+ * without a page reload.
13
12
  *
14
13
  * Errors are caught, logged, and surfaced via the controller's
15
14
  * `error` field so the UI can show a retry state.
@@ -32,8 +31,7 @@ export async function disconnectFromHubSpot(
32
31
  if (!response.ok) {
33
32
  throw new Error(`Logout failed: ${response.status}`);
34
33
  }
35
- const { redirect_to: redirectTo } =
36
- (await response.json()) as LogoutResponse;
34
+ await response.body?.cancel();
37
35
 
38
36
  store.setState({
39
37
  expiresAt: null,
@@ -41,8 +39,7 @@ export async function disconnectFromHubSpot(
41
39
  isDisconnectInFlight: false,
42
40
  });
43
41
 
44
- window.location.href = redirectTo;
45
- logger.info('disconnectFromHubSpot: redirecting');
42
+ logger.info('disconnectFromHubSpot: complete');
46
43
  } catch (err) {
47
44
  const message = err instanceof Error ? err.message : 'Disconnect failed';
48
45
  logger.error('disconnectFromHubSpot: failed', err);