@hubspot/app-connect-sdk 1.0.0-alpha.2 → 1.0.0-alpha.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-format$colon$check.log +1 -1
- package/.turbo/turbo-test.log +101 -57
- package/.turbo/turbo-tsdown.log +474 -469
- package/build/tsconfig.browser.tsbuildinfo +1 -1
- package/build/tsconfig.server.tsbuildinfo +1 -1
- package/dist/browser/{HubSpotAppConnect-BW45gyDs.js → HubSpotAppConnect-721kYr9d.js} +17 -23
- package/dist/browser/HubSpotAppConnect-721kYr9d.js.map +1 -0
- package/dist/browser/{create-vctOhpX9.js → create-DxEyGG-k.js} +336 -100
- package/dist/browser/create-DxEyGG-k.js.map +1 -0
- package/dist/browser/index.d.ts +2 -2
- package/dist/browser/index.js +1 -1
- package/dist/browser/react/lovable.d.ts +9 -2
- package/dist/browser/react/lovable.js +7 -4
- package/dist/browser/react/lovable.js.map +1 -1
- package/dist/browser/react.d.ts +2 -3
- package/dist/browser/react.js +1 -1
- package/dist/browser/{types-rTQw6A54.d.ts → types-C3wed8dU.d.ts} +52 -7
- package/dist/server/api-client-core/apis/account/account-info-types.generated.d.ts +73 -85
- package/dist/server/api-client-core/apis/account/account-info.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/account/account-info.generated.js +4 -3
- package/dist/server/api-client-core/apis/account/account-info.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/account/audit-logs-types.generated.d.ts +203 -215
- package/dist/server/api-client-core/apis/account/audit-logs.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/account/audit-logs.generated.js +4 -3
- package/dist/server/api-client-core/apis/account/audit-logs.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/auth/oauth-types.generated.d.ts +78 -90
- package/dist/server/api-client-core/apis/auth/oauth.generated.d.ts +1 -1
- package/dist/server/api-client-core/apis/auth/oauth.generated.js +3 -2
- package/dist/server/api-client-core/apis/auth/oauth.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/automation/actions-types.generated.d.ts +779 -794
- package/dist/server/api-client-core/apis/automation/actions.generated.d.ts +6 -3
- package/dist/server/api-client-core/apis/automation/actions.generated.js +101 -102
- package/dist/server/api-client-core/apis/automation/actions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/automation/sequences-types.generated.d.ts +370 -382
- package/dist/server/api-client-core/apis/automation/sequences.generated.d.ts +1 -1
- package/dist/server/api-client-core/apis/automation/sequences.generated.js +3 -2
- package/dist/server/api-client-core/apis/automation/sequences.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/business-units-types.generated.d.ts +43 -55
- package/dist/server/api-client-core/apis/business-units.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/business-units.generated.js +4 -3
- package/dist/server/api-client-core/apis/business-units.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/authors-types.generated.d.ts +420 -445
- package/dist/server/api-client-core/apis/cms/authors.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/authors.generated.js +155 -158
- package/dist/server/api-client-core/apis/cms/authors.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/blog-settings-types.generated.d.ts +270 -295
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.js +35 -38
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/cms-content-audit-types.generated.d.ts +107 -131
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js +6 -5
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/domains-types.generated.d.ts +155 -167
- package/dist/server/api-client-core/apis/cms/domains.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/cms/domains.generated.js +3 -2
- package/dist/server/api-client-core/apis/cms/domains.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/hubdb-types.generated.d.ts +876 -889
- package/dist/server/api-client-core/apis/cms/hubdb.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/hubdb.generated.js +184 -185
- package/dist/server/api-client-core/apis/cms/hubdb.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/media-bridge-types.generated.d.ts +1550 -1575
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.js +161 -164
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/pages-types.generated.d.ts +1583 -1547
- package/dist/server/api-client-core/apis/cms/pages.generated.d.ts +15 -3
- package/dist/server/api-client-core/apis/cms/pages.generated.js +335 -326
- package/dist/server/api-client-core/apis/cms/pages.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/posts-types.generated.d.ts +900 -904
- package/dist/server/api-client-core/apis/cms/posts.generated.d.ts +7 -3
- package/dist/server/api-client-core/apis/cms/posts.generated.js +197 -196
- package/dist/server/api-client-core/apis/cms/posts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/site-search-types.generated.d.ts +162 -174
- package/dist/server/api-client-core/apis/cms/site-search.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/site-search.generated.js +4 -3
- package/dist/server/api-client-core/apis/cms/site-search.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/source-code-types.generated.d.ts +148 -172
- package/dist/server/api-client-core/apis/cms/source-code.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/source-code.generated.js +40 -43
- package/dist/server/api-client-core/apis/cms/source-code.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/tags-types.generated.d.ts +406 -420
- package/dist/server/api-client-core/apis/cms/tags.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/cms/tags.generated.js +157 -158
- package/dist/server/api-client-core/apis/cms/tags.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/url-mappings-types.generated.d.ts +127 -139
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.js +4 -3
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/url-redirects-types.generated.d.ts +170 -182
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.js +4 -3
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.d.ts +728 -742
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js +66 -69
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/conversations/custom-channels-types.generated.d.ts +445 -471
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js +70 -73
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/conversations/visitor-identification-types.generated.d.ts +28 -40
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js +3 -2
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/conversations-types.generated.d.ts +768 -781
- package/dist/server/api-client-core/apis/conversations.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/conversations.generated.js +101 -102
- package/dist/server/api-client-core/apis/conversations.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/app-uninstalls-types.generated.d.ts +8 -19
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js +3 -2
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/appointments-types.generated.d.ts +887 -891
- package/dist/server/api-client-core/apis/crm/appointments.generated.d.ts +7 -3
- package/dist/server/api-client-core/apis/crm/appointments.generated.js +105 -106
- package/dist/server/api-client-core/apis/crm/appointments.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/associations-schema-types.generated.d.ts +247 -260
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.js +48 -49
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/associations-types.generated.d.ts +576 -590
- package/dist/server/api-client-core/apis/crm/associations.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/associations.generated.js +71 -72
- package/dist/server/api-client-core/apis/crm/associations.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/calling-extensions-types.generated.d.ts +355 -379
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js +34 -37
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/calls-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/calls.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/calls.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/calls.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/carts-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/carts.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/carts.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/carts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/commerce-payments-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.d.ts +752 -766
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/communications-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/communications.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/communications.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/communications.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/companies-types.generated.d.ts +769 -795
- package/dist/server/api-client-core/apis/crm/companies.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/companies.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/companies.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/contacts-types.generated.d.ts +786 -812
- package/dist/server/api-client-core/apis/crm/contacts.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/contacts.generated.js +60 -61
- package/dist/server/api-client-core/apis/crm/contacts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/contracts-types.generated.d.ts +796 -777
- package/dist/server/api-client-core/apis/crm/contracts.generated.d.ts +8 -3
- package/dist/server/api-client-core/apis/crm/contracts.generated.js +60 -57
- package/dist/server/api-client-core/apis/crm/contracts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/courses-types.generated.d.ts +758 -772
- package/dist/server/api-client-core/apis/crm/courses.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/courses.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/courses.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/crm-owners-types.generated.d.ts +103 -115
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/custom-objects-types.generated.d.ts +833 -848
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.d.ts +6 -3
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.js +91 -90
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/deal-splits-types.generated.d.ts +158 -170
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/deals-types.generated.d.ts +771 -785
- package/dist/server/api-client-core/apis/crm/deals.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/deals.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/deals.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/discounts-types.generated.d.ts +754 -768
- package/dist/server/api-client-core/apis/crm/discounts.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/discounts.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/discounts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/emails-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/emails.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/emails.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/emails.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/exports-types.generated.d.ts +227 -251
- package/dist/server/api-client-core/apis/crm/exports.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/exports.generated.js +4 -5
- package/dist/server/api-client-core/apis/crm/exports.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/feedback-submissions-types.generated.d.ts +551 -565
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js +45 -46
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/fees-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/fees.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/fees.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/fees.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/goal-targets-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/imports-types.generated.d.ts +305 -329
- package/dist/server/api-client-core/apis/crm/imports.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/imports.generated.js +20 -23
- package/dist/server/api-client-core/apis/crm/imports.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/invoices-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/invoices.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/invoices.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/invoices.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/leads-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/leads.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/leads.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/leads.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/limits-tracking-types.generated.d.ts +251 -263
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/line-items-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/line-items.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/line-items.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/line-items.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/listings-types.generated.d.ts +758 -772
- package/dist/server/api-client-core/apis/crm/listings.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/listings.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/listings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/lists-types.generated.d.ts +2075 -2111
- package/dist/server/api-client-core/apis/crm/lists.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/lists.generated.js +97 -98
- package/dist/server/api-client-core/apis/crm/lists.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/meetings-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/meetings.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/meetings.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/meetings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/notes-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/notes.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/notes.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/notes.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/object-library-types.generated.d.ts +24 -36
- package/dist/server/api-client-core/apis/crm/object-library.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/object-library.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/object-library.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/objects-types.generated.d.ts +620 -645
- package/dist/server/api-client-core/apis/crm/objects.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/objects.generated.js +66 -67
- package/dist/server/api-client-core/apis/crm/objects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/orders-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/orders.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/orders.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/orders.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/partner-clients-types.generated.d.ts +646 -660
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.js +63 -62
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/partner-services-types.generated.d.ts +646 -660
- package/dist/server/api-client-core/apis/crm/partner-services.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/partner-services.generated.js +63 -62
- package/dist/server/api-client-core/apis/crm/partner-services.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/pipelines-types.generated.d.ts +320 -332
- package/dist/server/api-client-core/apis/crm/pipelines.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/pipelines.generated.js +3 -2
- package/dist/server/api-client-core/apis/crm/pipelines.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/postal-mail-types.generated.d.ts +744 -758
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/products-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/products.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/products.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/products.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/projects-types.generated.d.ts +761 -787
- package/dist/server/api-client-core/apis/crm/projects.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/projects.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/projects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/properties-types.generated.d.ts +526 -528
- package/dist/server/api-client-core/apis/crm/properties.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/properties.generated.js +79 -78
- package/dist/server/api-client-core/apis/crm/properties.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/property-validations-types.generated.d.ts +71 -83
- package/dist/server/api-client-core/apis/crm/property-validations.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/property-validations.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/property-validations.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.d.ts +409 -433
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js +24 -25
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.d.ts +156 -169
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js +55 -56
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/quotes-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/quotes.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/quotes.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/quotes.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/schemas-types.generated.d.ts +575 -600
- package/dist/server/api-client-core/apis/crm/schemas.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/schemas.generated.js +33 -34
- package/dist/server/api-client-core/apis/crm/schemas.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/services-types.generated.d.ts +750 -764
- package/dist/server/api-client-core/apis/crm/services.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/services.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/services.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/tasks-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/tasks.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/tasks.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/tasks.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/taxes-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/taxes.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/taxes.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/taxes.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/tickets-types.generated.d.ts +764 -790
- package/dist/server/api-client-core/apis/crm/tickets.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/tickets.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/tickets.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/timeline-types.generated.d.ts +136 -149
- package/dist/server/api-client-core/apis/crm/timeline.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/timeline.generated.js +5 -6
- package/dist/server/api-client-core/apis/crm/timeline.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/transcriptions-types.generated.d.ts +104 -117
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.js +7 -10
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/users-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/users.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/users.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/users.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.d.ts +28 -40
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/events/manage-event-definitions-types.generated.d.ts +909 -945
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js +29 -30
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/events/send-event-completions-types.generated.d.ts +49 -62
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.js +4 -5
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/events-types.generated.d.ts +99 -111
- package/dist/server/api-client-core/apis/events.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/events.generated.js +4 -3
- package/dist/server/api-client-core/apis/events.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/files-types.generated.d.ts +636 -649
- package/dist/server/api-client-core/apis/files.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/files.generated.js +112 -113
- package/dist/server/api-client-core/apis/files.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.d.ts +799 -816
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.d.ts +8 -3
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js +126 -127
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/marketing-emails-types.generated.d.ts +745 -769
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js +100 -103
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/marketing-events-types.generated.d.ts +1504 -1546
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.d.ts +9 -3
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js +162 -167
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/single-send-types.generated.d.ts +91 -103
- package/dist/server/api-client-core/apis/marketing/single-send.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/marketing/single-send.generated.js +3 -2
- package/dist/server/api-client-core/apis/marketing/single-send.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/transactional-single-send-types.generated.d.ts +187 -200
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js +14 -15
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/meta/origins-types.generated.d.ts +41 -53
- package/dist/server/api-client-core/apis/meta/origins.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/meta/origins.generated.js +4 -3
- package/dist/server/api-client-core/apis/meta/origins.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/scheduler/meetings-types.generated.d.ts +850 -863
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.js +28 -29
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/settings/multicurrency-types.generated.d.ts +281 -296
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.d.ts +6 -3
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.js +32 -33
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/settings/tax-rates-types.generated.d.ts +71 -83
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.js +4 -3
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/settings/user-provisioning-types.generated.d.ts +202 -250
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js +23 -26
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/webhooks-journal-types.generated.d.ts +490 -526
- package/dist/server/api-client-core/apis/webhooks-journal.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/webhooks-journal.generated.js +65 -70
- package/dist/server/api-client-core/apis/webhooks-journal.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/webhooks-types.generated.d.ts +816 -852
- package/dist/server/api-client-core/apis/webhooks.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/webhooks.generated.js +93 -98
- package/dist/server/api-client-core/apis/webhooks.generated.js.map +1 -1
- package/dist/server/api-client-core/binary-data.js.map +1 -1
- package/dist/server/api-client-core/client.js +5 -1
- package/dist/server/api-client-core/client.js.map +1 -1
- package/dist/server/api-client-core/codegen-helpers/file-op-wrappers.js.map +1 -1
- package/dist/server/api-client-core/errors.js.map +1 -1
- package/dist/server/api-client-core/op.js.map +1 -1
- package/dist/server/api-client-core/pagination.d.ts +2 -2
- package/dist/server/api-client-core/pagination.js +2 -2
- package/dist/server/api-client-core/pagination.js.map +1 -1
- package/dist/server/api-client-core/plugins/fetch-transport.js +33 -9
- package/dist/server/api-client-core/plugins/fetch-transport.js.map +1 -1
- package/dist/server/api-client-core/types.d.ts +1 -1
- package/dist/server/api-client.d.ts +184 -184
- package/dist/server/api-client.js +89 -89
- package/dist/server/constants.js +33 -6
- package/dist/server/constants.js.map +1 -1
- package/dist/server/deno/start.js.map +1 -1
- package/dist/server/hono/hono-request-handler.js +32 -23
- package/dist/server/hono/hono-request-handler.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/auth-complete.js +158 -0
- package/dist/server/hono/hubspot-connect-routes/auth-complete.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/auth-init-session.js +25 -12
- package/dist/server/hono/hubspot-connect-routes/auth-init-session.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/auth-logout.js +32 -9
- package/dist/server/hono/hubspot-connect-routes/auth-logout.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/auth-refresh.js +32 -18
- package/dist/server/hono/hubspot-connect-routes/auth-refresh.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js +4 -1
- package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/fetch-hubspot-client-metadata.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js +4 -2
- package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js +5 -5
- package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/oauth-client.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/utils.js +53 -6
- package/dist/server/hono/hubspot-connect-routes/utils.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/whoami.js +51 -0
- package/dist/server/hono/hubspot-connect-routes/whoami.js.map +1 -0
- package/dist/server/hono/types.d.ts +9 -10
- package/dist/server/hono/utils/cookie-utils.js +2 -1
- package/dist/server/hono/utils/cookie-utils.js.map +1 -1
- package/dist/server/hono/utils/cors-middleware.js +85 -0
- package/dist/server/hono/utils/cors-middleware.js.map +1 -0
- package/dist/server/import-app-keys.js.map +1 -1
- package/dist/server/lovable/create-app-function-start.d.ts +1 -1
- package/dist/server/lovable/create-app-function-start.js +4 -6
- package/dist/server/lovable/create-app-function-start.js.map +1 -1
- package/dist/server/lovable/hubspot-connect/index.js.map +1 -1
- package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js +14 -15
- package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js.map +1 -1
- package/dist/server/sanitize-request.js +14 -11
- package/dist/server/sanitize-request.js.map +1 -1
- package/dist/server/secure-start-core.js +4 -5
- package/dist/server/secure-start-core.js.map +1 -1
- package/dist/server/shared/constants.js +22 -9
- package/dist/server/shared/constants.js.map +1 -1
- package/dist/server/shared/encoding/base64.js.map +1 -1
- package/dist/server/shared/encoding/sha256.js.map +1 -1
- package/dist/server/shared/logger.js.map +1 -1
- package/dist/server/types.d.ts +1 -35
- package/dist/server/utils/cookie-utils.js.map +1 -1
- package/dist/server/utils/dpop-utils.js.map +1 -1
- package/dist/server/utils/env-utils.js +60 -7
- package/dist/server/utils/env-utils.js.map +1 -1
- package/dist/server/utils/hubspot-dpop-auth-headers.js +38 -0
- package/dist/server/utils/hubspot-dpop-auth-headers.js.map +1 -0
- package/dist/server/utils/jwk-utils.js.map +1 -1
- package/dist/server/utils/jwt-utils.js.map +1 -1
- package/package.json +15 -21
- package/src/browser/app-connect-controller/README.md +5 -2
- package/src/browser/app-connect-controller/connect-start.test.ts +157 -0
- package/src/browser/app-connect-controller/connect-start.ts +18 -3
- package/src/browser/app-connect-controller/constants.ts +6 -4
- package/src/browser/app-connect-controller/create.ts +8 -2
- package/src/browser/app-connect-controller/disconnect.ts +5 -7
- package/src/browser/app-connect-controller/init.test.ts +275 -0
- package/src/browser/app-connect-controller/init.ts +44 -19
- package/src/browser/app-connect-controller/oauth-complete.test.ts +110 -0
- package/src/browser/app-connect-controller/oauth-complete.ts +53 -0
- package/src/browser/app-connect-controller/oauth-popup.test.ts +239 -0
- package/src/browser/app-connect-controller/oauth-popup.ts +160 -0
- package/src/browser/app-connect-controller/types.ts +3 -0
- package/src/browser/app-connect-controller/utils/iframe-utils.ts +12 -0
- package/src/browser/app-connect-controller/utils/resolve-oauth-connect-mode.test.ts +35 -0
- package/src/browser/app-connect-controller/utils/resolve-oauth-connect-mode.ts +21 -0
- package/src/browser/app-connect-controller/utils/session-utils.test.ts +73 -22
- package/src/browser/app-connect-controller/utils/session-utils.ts +74 -33
- package/src/browser/app-connect-controller/view-state.test.ts +1 -0
- package/src/browser/app-connect-controller/view-state.ts +1 -0
- package/src/browser/index.ts +1 -0
- package/src/browser/react/components/AppConnectHeader/AppConnectHeader.tsx +21 -34
- package/src/browser/react/components/ConnectButton/ConnectButton.tsx +1 -1
- package/src/browser/react/lovable/LovableHubSpotAppConnect.tsx +12 -2
- package/src/browser/types.ts +30 -5
- package/src/server/api-client-core/__tests__/errors.test.ts +309 -0
- package/src/server/api-client-core/__tests__/operation-headers.test.ts +251 -0
- package/src/server/api-client-core/apis/account/account-info-types.generated.ts +74 -88
- package/src/server/api-client-core/apis/account/account-info.generated.ts +2 -4
- package/src/server/api-client-core/apis/account/audit-logs-types.generated.ts +346 -360
- package/src/server/api-client-core/apis/account/audit-logs.generated.ts +2 -4
- package/src/server/api-client-core/apis/auth/oauth-types.generated.ts +81 -99
- package/src/server/api-client-core/apis/auth/oauth.generated.ts +1 -3
- package/src/server/api-client-core/apis/automation/actions-types.generated.ts +1162 -1188
- package/src/server/api-client-core/apis/automation/actions.generated.ts +10 -12
- package/src/server/api-client-core/apis/automation/sequences-types.generated.ts +379 -393
- package/src/server/api-client-core/apis/automation/sequences.generated.ts +1 -3
- package/src/server/api-client-core/apis/business-units-types.generated.ts +43 -59
- package/src/server/api-client-core/apis/business-units.generated.ts +9 -10
- package/src/server/api-client-core/apis/cms/authors-types.generated.ts +3823 -3853
- package/src/server/api-client-core/apis/cms/authors.generated.ts +31 -37
- package/src/server/api-client-core/apis/cms/blog-settings-types.generated.ts +3667 -3696
- package/src/server/api-client-core/apis/cms/blog-settings.generated.ts +46 -51
- package/src/server/api-client-core/apis/cms/cms-content-audit-types.generated.ts +138 -163
- package/src/server/api-client-core/apis/cms/cms-content-audit.generated.ts +2 -10
- package/src/server/api-client-core/apis/cms/domains-types.generated.ts +153 -167
- package/src/server/api-client-core/apis/cms/domains.generated.ts +2 -4
- package/src/server/api-client-core/apis/cms/hubdb-types.generated.ts +1013 -1063
- package/src/server/api-client-core/apis/cms/hubdb.generated.ts +3 -5
- package/src/server/api-client-core/apis/cms/media-bridge-types.generated.ts +8623 -8657
- package/src/server/api-client-core/apis/cms/media-bridge.generated.ts +16 -22
- package/src/server/api-client-core/apis/cms/pages-types.generated.ts +5259 -5272
- package/src/server/api-client-core/apis/cms/pages.generated.ts +262 -226
- package/src/server/api-client-core/apis/cms/posts-types.generated.ts +4420 -4438
- package/src/server/api-client-core/apis/cms/posts.generated.ts +108 -106
- package/src/server/api-client-core/apis/cms/site-search-types.generated.ts +1867 -1881
- package/src/server/api-client-core/apis/cms/site-search.generated.ts +2 -4
- package/src/server/api-client-core/apis/cms/source-code-types.generated.ts +144 -177
- package/src/server/api-client-core/apis/cms/source-code.generated.ts +15 -23
- package/src/server/api-client-core/apis/cms/tags-types.generated.ts +3820 -3845
- package/src/server/api-client-core/apis/cms/tags.generated.ts +80 -82
- package/src/server/api-client-core/apis/cms/url-mappings-types.generated.ts +188 -202
- package/src/server/api-client-core/apis/cms/url-mappings.generated.ts +2 -4
- package/src/server/api-client-core/apis/cms/url-redirects-types.generated.ts +182 -196
- package/src/server/api-client-core/apis/cms/url-redirects.generated.ts +2 -4
- package/src/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.ts +810 -828
- package/src/server/api-client-core/apis/communication-preferences/subscriptions.generated.ts +66 -63
- package/src/server/api-client-core/apis/conversations/custom-channels-types.generated.ts +564 -601
- package/src/server/api-client-core/apis/conversations/custom-channels.generated.ts +90 -86
- package/src/server/api-client-core/apis/conversations/visitor-identification-types.generated.ts +31 -44
- package/src/server/api-client-core/apis/conversations/visitor-identification.generated.ts +6 -8
- package/src/server/api-client-core/apis/conversations-types.generated.ts +955 -991
- package/src/server/api-client-core/apis/conversations.generated.ts +6 -5
- package/src/server/api-client-core/apis/crm/app-uninstalls-types.generated.ts +7 -19
- package/src/server/api-client-core/apis/crm/app-uninstalls.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/appointments-types.generated.ts +965 -969
- package/src/server/api-client-core/apis/crm/appointments.generated.ts +143 -137
- package/src/server/api-client-core/apis/crm/associations-schema-types.generated.ts +292 -322
- package/src/server/api-client-core/apis/crm/associations-schema.generated.ts +17 -19
- package/src/server/api-client-core/apis/crm/associations-types.generated.ts +657 -675
- package/src/server/api-client-core/apis/crm/associations.generated.ts +70 -70
- package/src/server/api-client-core/apis/crm/calling-extensions-types.generated.ts +417 -441
- package/src/server/api-client-core/apis/crm/calling-extensions.generated.ts +62 -69
- package/src/server/api-client-core/apis/crm/calls-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/calls.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/carts-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/carts.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/commerce-payments-types.generated.ts +847 -856
- package/src/server/api-client-core/apis/crm/commerce-payments.generated.ts +73 -73
- package/src/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.ts +844 -853
- package/src/server/api-client-core/apis/crm/commerce-subscriptions.generated.ts +50 -51
- package/src/server/api-client-core/apis/crm/communications-types.generated.ts +846 -856
- package/src/server/api-client-core/apis/crm/communications.generated.ts +73 -73
- package/src/server/api-client-core/apis/crm/companies-types.generated.ts +859 -885
- package/src/server/api-client-core/apis/crm/companies.generated.ts +44 -50
- package/src/server/api-client-core/apis/crm/contacts-types.generated.ts +875 -907
- package/src/server/api-client-core/apis/crm/contacts.generated.ts +46 -52
- package/src/server/api-client-core/apis/crm/contracts-types.generated.ts +894 -862
- package/src/server/api-client-core/apis/crm/contracts.generated.ts +66 -56
- package/src/server/api-client-core/apis/crm/courses-types.generated.ts +842 -859
- package/src/server/api-client-core/apis/crm/courses.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/crm-owners-types.generated.ts +102 -115
- package/src/server/api-client-core/apis/crm/crm-owners.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/custom-objects-types.generated.ts +900 -915
- package/src/server/api-client-core/apis/crm/custom-objects.generated.ts +128 -126
- package/src/server/api-client-core/apis/crm/deal-splits-types.generated.ts +157 -170
- package/src/server/api-client-core/apis/crm/deal-splits.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/deals-types.generated.ts +858 -875
- package/src/server/api-client-core/apis/crm/deals.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/discounts-types.generated.ts +842 -855
- package/src/server/api-client-core/apis/crm/discounts.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/emails-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/emails.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/exports-types.generated.ts +284 -314
- package/src/server/api-client-core/apis/crm/exports.generated.ts +6 -11
- package/src/server/api-client-core/apis/crm/feedback-submissions-types.generated.ts +607 -622
- package/src/server/api-client-core/apis/crm/feedback-submissions.generated.ts +84 -80
- package/src/server/api-client-core/apis/crm/fees-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/fees.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/goal-targets-types.generated.ts +845 -856
- package/src/server/api-client-core/apis/crm/goal-targets.generated.ts +50 -51
- package/src/server/api-client-core/apis/crm/imports-types.generated.ts +663 -692
- package/src/server/api-client-core/apis/crm/imports.generated.ts +2 -7
- package/src/server/api-client-core/apis/crm/invoices-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/invoices.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/leads-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/leads.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/limits-tracking-types.generated.ts +263 -275
- package/src/server/api-client-core/apis/crm/limits-tracking.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/line-items-types.generated.ts +843 -856
- package/src/server/api-client-core/apis/crm/line-items.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/listings-types.generated.ts +842 -859
- package/src/server/api-client-core/apis/crm/listings.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/lists-types.generated.ts +2794 -2845
- package/src/server/api-client-core/apis/crm/lists.generated.ts +8 -20
- package/src/server/api-client-core/apis/crm/meetings-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/meetings.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/notes-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/notes.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/object-library-types.generated.ts +26 -39
- package/src/server/api-client-core/apis/crm/object-library.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/objects-types.generated.ts +688 -716
- package/src/server/api-client-core/apis/crm/objects.generated.ts +79 -83
- package/src/server/api-client-core/apis/crm/orders-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/orders.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/partner-clients-types.generated.ts +721 -735
- package/src/server/api-client-core/apis/crm/partner-clients.generated.ts +60 -60
- package/src/server/api-client-core/apis/crm/partner-services-types.generated.ts +720 -734
- package/src/server/api-client-core/apis/crm/partner-services.generated.ts +60 -60
- package/src/server/api-client-core/apis/crm/pipelines-types.generated.ts +366 -388
- package/src/server/api-client-core/apis/crm/pipelines.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/postal-mail-types.generated.ts +830 -843
- package/src/server/api-client-core/apis/crm/postal-mail.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/products-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/products.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/projects-types.generated.ts +845 -875
- package/src/server/api-client-core/apis/crm/projects.generated.ts +47 -53
- package/src/server/api-client-core/apis/crm/properties-types.generated.ts +623 -626
- package/src/server/api-client-core/apis/crm/properties.generated.ts +33 -28
- package/src/server/api-client-core/apis/crm/property-validations-types.generated.ts +160 -174
- package/src/server/api-client-core/apis/crm/property-validations.generated.ts +2 -6
- package/src/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.ts +467 -494
- package/src/server/api-client-core/apis/crm/public-app-crm-cards.generated.ts +7 -15
- package/src/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.ts +166 -177
- package/src/server/api-client-core/apis/crm/public-app-feature-flags.generated.ts +6 -8
- package/src/server/api-client-core/apis/crm/quotes-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/quotes.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/schemas-types.generated.ts +613 -640
- package/src/server/api-client-core/apis/crm/schemas.generated.ts +8 -14
- package/src/server/api-client-core/apis/crm/services-types.generated.ts +832 -849
- package/src/server/api-client-core/apis/crm/services.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/tasks-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/tasks.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/taxes-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/taxes.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/tickets-types.generated.ts +848 -878
- package/src/server/api-client-core/apis/crm/tickets.generated.ts +47 -53
- package/src/server/api-client-core/apis/crm/timeline-types.generated.ts +144 -161
- package/src/server/api-client-core/apis/crm/timeline.generated.ts +6 -8
- package/src/server/api-client-core/apis/crm/transcriptions-types.generated.ts +149 -164
- package/src/server/api-client-core/apis/crm/transcriptions.generated.ts +22 -22
- package/src/server/api-client-core/apis/crm/users-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/users.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.ts +29 -42
- package/src/server/api-client-core/apis/crm/video-conferencing-extension.generated.ts +17 -19
- package/src/server/api-client-core/apis/events/manage-event-definitions-types.generated.ts +1509 -1558
- package/src/server/api-client-core/apis/events/manage-event-definitions.generated.ts +55 -65
- package/src/server/api-client-core/apis/events/send-event-completions-types.generated.ts +51 -68
- package/src/server/api-client-core/apis/events/send-event-completions.generated.ts +10 -10
- package/src/server/api-client-core/apis/events-types.generated.ts +97 -110
- package/src/server/api-client-core/apis/events.generated.ts +2 -4
- package/src/server/api-client-core/apis/files-types.generated.ts +727 -757
- package/src/server/api-client-core/apis/files.generated.ts +3 -5
- package/src/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.ts +1221 -1234
- package/src/server/api-client-core/apis/marketing/campaigns-public-api.generated.ts +45 -47
- package/src/server/api-client-core/apis/marketing/marketing-emails-types.generated.ts +3704 -3733
- package/src/server/api-client-core/apis/marketing/marketing-emails.generated.ts +44 -52
- package/src/server/api-client-core/apis/marketing/marketing-events-types.generated.ts +1787 -1848
- package/src/server/api-client-core/apis/marketing/marketing-events.generated.ts +236 -241
- package/src/server/api-client-core/apis/marketing/single-send-types.generated.ts +142 -155
- package/src/server/api-client-core/apis/marketing/single-send.generated.ts +2 -6
- package/src/server/api-client-core/apis/marketing/transactional-single-send-types.generated.ts +253 -269
- package/src/server/api-client-core/apis/marketing/transactional-single-send.generated.ts +32 -31
- package/src/server/api-client-core/apis/meta/origins-types.generated.ts +40 -56
- package/src/server/api-client-core/apis/meta/origins.generated.ts +2 -4
- package/src/server/api-client-core/apis/scheduler/meetings-types.generated.ts +1001 -1014
- package/src/server/api-client-core/apis/scheduler/meetings.generated.ts +6 -8
- package/src/server/api-client-core/apis/settings/multicurrency-types.generated.ts +1906 -1912
- package/src/server/api-client-core/apis/settings/multicurrency.generated.ts +64 -63
- package/src/server/api-client-core/apis/settings/tax-rates-types.generated.ts +71 -85
- package/src/server/api-client-core/apis/settings/tax-rates.generated.ts +2 -4
- package/src/server/api-client-core/apis/settings/user-provisioning-types.generated.ts +207 -257
- package/src/server/api-client-core/apis/settings/user-provisioning.generated.ts +8 -24
- package/src/server/api-client-core/apis/webhooks-journal-types.generated.ts +740 -771
- package/src/server/api-client-core/apis/webhooks-journal.generated.ts +47 -59
- package/src/server/api-client-core/apis/webhooks-types.generated.ts +1194 -1228
- package/src/server/api-client-core/apis/webhooks.generated.ts +52 -64
- package/src/server/api-client-core/client.ts +5 -1
- package/src/server/api-client-core/pagination.ts +2 -2
- package/src/server/api-client-core/plugins/fetch-transport.ts +70 -12
- package/src/server/api-client-core/types.ts +1 -1
- package/src/server/constants.ts +29 -4
- package/src/server/hono/hono-request-handler.ts +68 -27
- package/src/server/hono/hubspot-connect-routes/auth-complete.test.ts +394 -0
- package/src/server/hono/hubspot-connect-routes/{auth-callback.ts → auth-complete.ts} +81 -30
- package/src/server/hono/hubspot-connect-routes/auth-init-session.test.ts +114 -30
- package/src/server/hono/hubspot-connect-routes/auth-init-session.ts +35 -10
- package/src/server/hono/hubspot-connect-routes/auth-logout.test.ts +13 -0
- package/src/server/hono/hubspot-connect-routes/auth-logout.ts +39 -10
- package/src/server/hono/hubspot-connect-routes/auth-refresh.test.ts +6 -0
- package/src/server/hono/hubspot-connect-routes/auth-refresh.ts +24 -9
- package/src/server/hono/hubspot-connect-routes/cimd-public-routes.test.ts +7 -6
- package/src/server/hono/hubspot-connect-routes/cimd-public-routes.ts +5 -1
- package/src/server/hono/hubspot-connect-routes/hubspot-connect-routes.ts +11 -3
- package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.test.ts +17 -24
- package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.ts +8 -8
- package/src/server/hono/hubspot-connect-routes/utils.test.ts +16 -46
- package/src/server/hono/hubspot-connect-routes/utils.ts +61 -5
- package/src/server/hono/hubspot-connect-routes/whoami.ts +74 -0
- package/src/server/hono/types.ts +11 -10
- package/src/server/hono/utils/cookie-utils.ts +27 -2
- package/src/server/hono/utils/cors-middleware.test.ts +80 -0
- package/src/server/hono/utils/cors-middleware.ts +95 -0
- package/src/server/lovable/create-app-function-start.ts +4 -7
- package/src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts +21 -16
- package/src/server/sanitize-request.ts +15 -12
- package/src/server/secure-start-core.ts +7 -6
- package/src/server/types.ts +2 -38
- package/src/server/utils/env-utils.test.ts +140 -12
- package/src/server/utils/env-utils.ts +80 -6
- package/src/server/utils/hubspot-dpop-auth-headers.test.ts +43 -0
- package/src/server/utils/hubspot-dpop-auth-headers.ts +48 -0
- package/src/shared/constants.ts +40 -3
- package/src/shared/wire-types.ts +49 -0
- package/dist/browser/HubSpotAppConnect-BW45gyDs.js.map +0 -1
- package/dist/browser/create-vctOhpX9.js.map +0 -1
- package/dist/server/hono/hubspot-connect-routes/auth-callback.js +0 -125
- package/dist/server/hono/hubspot-connect-routes/auth-callback.js.map +0 -1
- package/dist/server/proxy.js +0 -68
- package/dist/server/proxy.js.map +0 -1
- package/src/server/hono/hubspot-connect-routes/auth-callback.test.ts +0 -225
- package/src/server/proxy.test.ts +0 -80
- package/src/server/proxy.ts +0 -116
|
@@ -1,3 +1,4 @@
|
|
|
1
|
+
import { OAUTH_CALLBACK_PATH } from "../../shared/constants.js";
|
|
1
2
|
import { serializeCookie } from "../utils/cookie-utils.js";
|
|
2
3
|
//#region src/server/hono/hubspot-connect-routes/utils.ts
|
|
3
4
|
function clearTempCookie(name) {
|
|
@@ -5,10 +6,56 @@ function clearTempCookie(name) {
|
|
|
5
6
|
name,
|
|
6
7
|
value: "",
|
|
7
8
|
path: "/",
|
|
8
|
-
sameSite: "
|
|
9
|
-
maxAge: 0
|
|
9
|
+
sameSite: "None",
|
|
10
|
+
maxAge: 0,
|
|
11
|
+
partitioned: true
|
|
10
12
|
});
|
|
11
13
|
}
|
|
14
|
+
/**
|
|
15
|
+
* Parses the request `Origin` header into the canonical origin
|
|
16
|
+
* string (`URL.origin`) or returns `null` when the header is
|
|
17
|
+
* missing, malformed, or carries a scheme/host the SDK does not
|
|
18
|
+
* accept.
|
|
19
|
+
*
|
|
20
|
+
* Accepted shapes:
|
|
21
|
+
*
|
|
22
|
+
* - `https://<host>` for production deployments.
|
|
23
|
+
* - `http://localhost[:<port>]` and `http://127.0.0.1[:<port>]`
|
|
24
|
+
* for local development; browsers exempt these from the `Secure`
|
|
25
|
+
* cookie restriction.
|
|
26
|
+
*
|
|
27
|
+
* Rejects values with a path/query/hash component (the request
|
|
28
|
+
* `Origin` header is by spec a bare origin, so anything else
|
|
29
|
+
* indicates a malformed or hostile request).
|
|
30
|
+
*/
|
|
31
|
+
function parseAppOriginHeader(originHeader) {
|
|
32
|
+
if (!originHeader) return null;
|
|
33
|
+
let parsed;
|
|
34
|
+
try {
|
|
35
|
+
parsed = new URL(originHeader);
|
|
36
|
+
} catch {
|
|
37
|
+
return null;
|
|
38
|
+
}
|
|
39
|
+
if (parsed.pathname !== "/" && parsed.pathname !== "") return null;
|
|
40
|
+
if (parsed.search !== "" || parsed.hash !== "") return null;
|
|
41
|
+
if (parsed.protocol === "https:") return parsed.origin;
|
|
42
|
+
if (parsed.protocol === "http:" && (parsed.hostname === "localhost" || parsed.hostname === "127.0.0.1")) return parsed.origin;
|
|
43
|
+
return null;
|
|
44
|
+
}
|
|
45
|
+
/**
|
|
46
|
+
* OAuth `redirect_uri` for the cross-origin app shape: the OAuth
|
|
47
|
+
* callback lands on the **frontend** origin (not the SDK's edge
|
|
48
|
+
* function host), so all cookies set by `init-session` and read by
|
|
49
|
+
* `auth/complete` live in the same `(frontend, edge)` CHIPS
|
|
50
|
+
* partition.
|
|
51
|
+
*
|
|
52
|
+
* Used by `auth/init-session` (when building `authorization_url`)
|
|
53
|
+
* and `auth/complete` (which must rebuild the same value to satisfy
|
|
54
|
+
* the OAuth token endpoint's `redirect_uri` check).
|
|
55
|
+
*/
|
|
56
|
+
function buildFrontendOAuthRedirectUri(appOrigin) {
|
|
57
|
+
return `${appOrigin}${OAUTH_CALLBACK_PATH}`;
|
|
58
|
+
}
|
|
12
59
|
function isSafeReturnPath(rawPath) {
|
|
13
60
|
if (!rawPath.startsWith("/")) return false;
|
|
14
61
|
if (rawPath.includes("\0")) return false;
|
|
@@ -47,15 +94,15 @@ function buildHubSpotConnectRequestOrigin(options) {
|
|
|
47
94
|
* origin.
|
|
48
95
|
*/
|
|
49
96
|
function buildOAuthRedirectUriFromRequest(options) {
|
|
50
|
-
const
|
|
51
|
-
return `${
|
|
97
|
+
const { appOrigin } = options;
|
|
98
|
+
return `${appOrigin}${OAUTH_CALLBACK_PATH}`;
|
|
52
99
|
}
|
|
53
100
|
/**
|
|
54
101
|
* CIMD `client_id` URL: `{origin}{basePath}/client.json`.
|
|
55
102
|
*/
|
|
56
103
|
function buildCimdClientIdUrlFromRequest(options) {
|
|
57
104
|
const trimmed = normalizeHubSpotConnectBasePath(options.basePath);
|
|
58
|
-
return `${buildHubSpotConnectRequestOrigin(options)}${trimmed}/client.json`;
|
|
105
|
+
return `${buildHubSpotConnectRequestOrigin(options)}${trimmed}/client.json?app_origin=${encodeURIComponent(options.appOrigin)}`;
|
|
59
106
|
}
|
|
60
107
|
/**
|
|
61
108
|
* App JWKS URL published in CIMD: `{origin}{basePath}/jwks.json`.
|
|
@@ -68,6 +115,6 @@ function isPositiveFiniteNumber(value) {
|
|
|
68
115
|
return typeof value === "number" && Number.isFinite(value) && value > 0;
|
|
69
116
|
}
|
|
70
117
|
//#endregion
|
|
71
|
-
export { buildCimdClientIdUrlFromRequest, buildHubSpotAppJwksUrlFromRequest, buildOAuthRedirectUriFromRequest, clearTempCookie, isPositiveFiniteNumber, isSafeReturnPath };
|
|
118
|
+
export { buildCimdClientIdUrlFromRequest, buildFrontendOAuthRedirectUri, buildHubSpotAppJwksUrlFromRequest, buildOAuthRedirectUriFromRequest, clearTempCookie, isPositiveFiniteNumber, isSafeReturnPath, parseAppOriginHeader };
|
|
72
119
|
|
|
73
120
|
//# sourceMappingURL=utils.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","names":[],"sources":["../../../../src/server/hono/hubspot-connect-routes/utils.ts"],"sourcesContent":["import { serializeCookie } from '../utils/cookie-utils.ts';\n\nexport function clearTempCookie(name: string): string {\n return serializeCookie({\n name,\n value: '',\n path: '/',\n sameSite: '
|
|
1
|
+
{"version":3,"file":"utils.js","names":[],"sources":["../../../../src/server/hono/hubspot-connect-routes/utils.ts"],"sourcesContent":["import { OAUTH_CALLBACK_PATH } from '../../../shared/constants.ts';\nimport { serializeCookie } from '../utils/cookie-utils.ts';\n\nexport function clearTempCookie(name: string): string {\n return serializeCookie({\n name,\n value: '',\n path: '/',\n sameSite: 'None',\n maxAge: 0,\n partitioned: true,\n });\n}\n\n/**\n * Parses the request `Origin` header into the canonical origin\n * string (`URL.origin`) or returns `null` when the header is\n * missing, malformed, or carries a scheme/host the SDK does not\n * accept.\n *\n * Accepted shapes:\n *\n * - `https://<host>` for production deployments.\n * - `http://localhost[:<port>]` and `http://127.0.0.1[:<port>]`\n * for local development; browsers exempt these from the `Secure`\n * cookie restriction.\n *\n * Rejects values with a path/query/hash component (the request\n * `Origin` header is by spec a bare origin, so anything else\n * indicates a malformed or hostile request).\n */\nexport function parseAppOriginHeader(\n originHeader: string | undefined\n): string | null {\n if (!originHeader) return null;\n let parsed: URL;\n try {\n parsed = new URL(originHeader);\n } catch {\n return null;\n }\n if (parsed.pathname !== '/' && parsed.pathname !== '') return null;\n if (parsed.search !== '' || parsed.hash !== '') return null;\n if (parsed.protocol === 'https:') return parsed.origin;\n if (\n parsed.protocol === 'http:' &&\n (parsed.hostname === 'localhost' || parsed.hostname === '127.0.0.1')\n ) {\n return parsed.origin;\n }\n return null;\n}\n\n/**\n * OAuth `redirect_uri` for the cross-origin app shape: the OAuth\n * callback lands on the **frontend** origin (not the SDK's edge\n * function host), so all cookies set by `init-session` and read by\n * `auth/complete` live in the same `(frontend, edge)` CHIPS\n * partition.\n *\n * Used by `auth/init-session` (when building `authorization_url`)\n * and `auth/complete` (which must rebuild the same value to satisfy\n * the OAuth token endpoint's `redirect_uri` check).\n */\nexport function buildFrontendOAuthRedirectUri(appOrigin: string): string {\n return `${appOrigin}${OAUTH_CALLBACK_PATH}`;\n}\n\nexport function isSafeReturnPath(rawPath: string): boolean {\n if (!rawPath.startsWith('/')) return false;\n if (rawPath.includes('\\0')) return false;\n let decoded: string;\n try {\n decoded = decodeURIComponent(rawPath);\n } catch {\n return false;\n }\n if (!decoded.startsWith('/')) return false;\n const second = decoded.charAt(1);\n if (second === '/' || second === '\\\\') return false;\n return true;\n}\n\nexport function getRequestHost(requestUrl: string): string {\n return new URL(requestUrl).host;\n}\n\nexport interface GetRequestHostForHubspotConnectOptions {\n requestUrl: string;\n xForwardedHost?: string | undefined;\n /** `Host` when `X-Forwarded-Host` is absent (some proxies only set `X-Forwarded-Proto`). */\n requestHostHeader?: string | undefined;\n}\n\n/**\n * Host for CIMD `client_id` URLs when hubspot-connect sits behind a reverse\n * proxy (e.g. Vite → Deno): prefers `X-Forwarded-Host`, then `Host`, then the\n * request URL host.\n */\nexport function getRequestHostForHubspotConnect(\n options: GetRequestHostForHubspotConnectOptions\n): string {\n const rawForwarded = options.xForwardedHost?.split(',')[0]?.trim();\n if (rawForwarded) {\n try {\n return new URL(`https://${rawForwarded}`).host;\n } catch {\n /* invalid forwarded host */\n }\n }\n const rawHost = options.requestHostHeader?.split(',')[0]?.trim();\n if (rawHost) {\n try {\n return new URL(`https://${rawHost}`).host;\n } catch {\n /* invalid host header */\n }\n }\n return getRequestHost(options.requestUrl);\n}\n\nexport interface BuildOAuthRedirectUriFromRequestOptions {\n requestUrl: string;\n basePath: string;\n xForwardedProto?: string | undefined;\n xForwardedHost?: string | undefined;\n /** `Host` when `X-Forwarded-Host` is absent but `X-Forwarded-Proto` is set. */\n requestHostHeader?: string | undefined;\n appOrigin: string;\n}\n\nfunction normalizeHubSpotConnectBasePath(basePath: string): string {\n return basePath.endsWith('/') && basePath.length > 1\n ? basePath.slice(0, -1)\n : basePath;\n}\n\n/**\n * Public origin for hubspot-connect URLs (`redirect_uri`, CIMD `client_id`,\n * `jwks_uri`). Matches the host/proto rules used for the OAuth callback.\n */\nexport function buildHubSpotConnectRequestOrigin(\n options: BuildOAuthRedirectUriFromRequestOptions\n): string {\n const { requestUrl, xForwardedProto, xForwardedHost, requestHostHeader } =\n options;\n const proto = xForwardedProto?.split(',')[0]?.trim();\n if (proto && (proto === 'http' || proto === 'https')) {\n const forwardedHost = xForwardedHost?.split(',')[0]?.trim();\n const hostHeader = requestHostHeader?.split(',')[0]?.trim();\n const hostPart = forwardedHost || hostHeader || new URL(requestUrl).host;\n return `${proto}://${hostPart}`;\n }\n return new URL(requestUrl).origin;\n}\n\n/**\n * OAuth `redirect_uri` for the hubspot-connect callback. Uses\n * `X-Forwarded-Proto` with `X-Forwarded-Host`, then `Host`, then the request URL\n * host when the proto is forwarded (reverse proxy); otherwise the request URL\n * origin.\n */\nexport function buildOAuthRedirectUriFromRequest(\n options: BuildOAuthRedirectUriFromRequestOptions\n): string {\n const { appOrigin } = options;\n return `${appOrigin}${OAUTH_CALLBACK_PATH}`;\n}\n\n/**\n * CIMD `client_id` URL: `{origin}{basePath}/client.json`.\n */\nexport function buildCimdClientIdUrlFromRequest(\n options: BuildOAuthRedirectUriFromRequestOptions\n): string {\n const trimmed = normalizeHubSpotConnectBasePath(options.basePath);\n const origin = buildHubSpotConnectRequestOrigin(options);\n return `${origin}${trimmed}/client.json?app_origin=${encodeURIComponent(options.appOrigin)}`;\n}\n\n/**\n * App JWKS URL published in CIMD: `{origin}{basePath}/jwks.json`.\n */\nexport function buildHubSpotAppJwksUrlFromRequest(\n options: BuildOAuthRedirectUriFromRequestOptions\n): string {\n const trimmed = normalizeHubSpotConnectBasePath(options.basePath);\n const origin = buildHubSpotConnectRequestOrigin(options);\n return `${origin}${trimmed}/jwks.json`;\n}\n\nexport function isPositiveFiniteNumber(value: unknown): value is number {\n return typeof value === 'number' && Number.isFinite(value) && value > 0;\n}\n"],"mappings":";;;AAGA,SAAgB,gBAAgB,MAAsB;CACpD,OAAO,gBAAgB;EACrB;EACA,OAAO;EACP,MAAM;EACN,UAAU;EACV,QAAQ;EACR,aAAa;CACf,CAAC;AACH;;;;;;;;;;;;;;;;;;AAmBA,SAAgB,qBACd,cACe;CACf,IAAI,CAAC,cAAc,OAAO;CAC1B,IAAI;CACJ,IAAI;EACF,SAAS,IAAI,IAAI,YAAY;CAC/B,QAAQ;EACN,OAAO;CACT;CACA,IAAI,OAAO,aAAa,OAAO,OAAO,aAAa,IAAI,OAAO;CAC9D,IAAI,OAAO,WAAW,MAAM,OAAO,SAAS,IAAI,OAAO;CACvD,IAAI,OAAO,aAAa,UAAU,OAAO,OAAO;CAChD,IACE,OAAO,aAAa,YACnB,OAAO,aAAa,eAAe,OAAO,aAAa,cAExD,OAAO,OAAO;CAEhB,OAAO;AACT;;;;;;;;;;;;AAaA,SAAgB,8BAA8B,WAA2B;CACvE,OAAO,GAAG,YAAY;AACxB;AAEA,SAAgB,iBAAiB,SAA0B;CACzD,IAAI,CAAC,QAAQ,WAAW,GAAG,GAAG,OAAO;CACrC,IAAI,QAAQ,SAAS,IAAI,GAAG,OAAO;CACnC,IAAI;CACJ,IAAI;EACF,UAAU,mBAAmB,OAAO;CACtC,QAAQ;EACN,OAAO;CACT;CACA,IAAI,CAAC,QAAQ,WAAW,GAAG,GAAG,OAAO;CACrC,MAAM,SAAS,QAAQ,OAAO,CAAC;CAC/B,IAAI,WAAW,OAAO,WAAW,MAAM,OAAO;CAC9C,OAAO;AACT;AAkDA,SAAS,gCAAgC,UAA0B;CACjE,OAAO,SAAS,SAAS,GAAG,KAAK,SAAS,SAAS,IAC/C,SAAS,MAAM,GAAG,EAAE,IACpB;AACN;;;;;AAMA,SAAgB,iCACd,SACQ;CACR,MAAM,EAAE,YAAY,iBAAiB,gBAAgB,sBACnD;CACF,MAAM,QAAQ,iBAAiB,MAAM,GAAG,EAAE,IAAI,KAAK;CACnD,IAAI,UAAU,UAAU,UAAU,UAAU,UAAU;EACpD,MAAM,gBAAgB,gBAAgB,MAAM,GAAG,EAAE,IAAI,KAAK;EAC1D,MAAM,aAAa,mBAAmB,MAAM,GAAG,EAAE,IAAI,KAAK;EAE1D,OAAO,GAAG,MAAM,KADC,iBAAiB,cAAc,IAAI,IAAI,UAAU,EAAE;CAEtE;CACA,OAAO,IAAI,IAAI,UAAU,EAAE;AAC7B;;;;;;;AAQA,SAAgB,iCACd,SACQ;CACR,MAAM,EAAE,cAAc;CACtB,OAAO,GAAG,YAAY;AACxB;;;;AAKA,SAAgB,gCACd,SACQ;CACR,MAAM,UAAU,gCAAgC,QAAQ,QAAQ;CAEhE,OAAO,GADQ,iCAAiC,OACjC,IAAI,QAAQ,0BAA0B,mBAAmB,QAAQ,SAAS;AAC3F;;;;AAKA,SAAgB,kCACd,SACQ;CACR,MAAM,UAAU,gCAAgC,QAAQ,QAAQ;CAEhE,OAAO,GADQ,iCAAiC,OACjC,IAAI,QAAQ;AAC7B;AAEA,SAAgB,uBAAuB,OAAiC;CACtE,OAAO,OAAO,UAAU,YAAY,OAAO,SAAS,KAAK,KAAK,QAAQ;AACxE"}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
import { createHubSpotClient } from "../../api-client-core/client.js";
|
|
2
|
+
import { account } from "../../api-client-core/apis/account/account-info.generated.js";
|
|
3
|
+
import { authOauth } from "../../api-client-core/apis/auth/oauth.generated.js";
|
|
4
|
+
import { settingsUsers } from "../../api-client-core/apis/settings/user-provisioning.generated.js";
|
|
5
|
+
import { getHubSpotApiOrigin } from "../../utils/env-utils.js";
|
|
6
|
+
import { fetchTransportPlugin } from "../../api-client-core/plugins/fetch-transport.js";
|
|
7
|
+
//#region src/server/hono/hubspot-connect-routes/whoami.ts
|
|
8
|
+
async function fetchWhoami(accessToken, hubspotConnectEnv) {
|
|
9
|
+
const apiClient = createHubSpotClient({ plugins: [fetchTransportPlugin({
|
|
10
|
+
getEndpoint: getHubSpotApiOrigin,
|
|
11
|
+
getAccessToken: () => accessToken
|
|
12
|
+
})] });
|
|
13
|
+
const introspectInput = hubspotConnectEnv.isCimdEnabled ? { token: accessToken } : {
|
|
14
|
+
client_id: hubspotConnectEnv.hubspotClientId,
|
|
15
|
+
client_secret: hubspotConnectEnv.hubspotClientSecret,
|
|
16
|
+
token: accessToken
|
|
17
|
+
};
|
|
18
|
+
const [introspectResult, hubResult] = await Promise.allSettled([apiClient.send(authOauth.introspectToken(introspectInput)), apiClient.send(account.get())]);
|
|
19
|
+
const whoami = {
|
|
20
|
+
hub: {},
|
|
21
|
+
user: {}
|
|
22
|
+
};
|
|
23
|
+
if (hubResult.status === "fulfilled") {
|
|
24
|
+
const portal = hubResult.value;
|
|
25
|
+
whoami.hub.id = portal.portalId;
|
|
26
|
+
whoami.hub.uiDomain = portal.uiDomain;
|
|
27
|
+
}
|
|
28
|
+
if (introspectResult.status === "fulfilled" && introspectResult.value.token_use === "access_token") {
|
|
29
|
+
whoami.hub.domain = introspectResult.value.hub_domain;
|
|
30
|
+
const userId = String(introspectResult.value.user_id);
|
|
31
|
+
const userResult = await apiClient.send(settingsUsers.get({
|
|
32
|
+
userId,
|
|
33
|
+
idProperty: "USER_ID"
|
|
34
|
+
})).then((u) => ({
|
|
35
|
+
ok: true,
|
|
36
|
+
value: u
|
|
37
|
+
}), () => ({ ok: false }));
|
|
38
|
+
if (userResult.ok) {
|
|
39
|
+
const u = userResult.value;
|
|
40
|
+
whoami.user.id = u.id;
|
|
41
|
+
whoami.user.email = u.email;
|
|
42
|
+
whoami.user.firstName = u.firstName;
|
|
43
|
+
whoami.user.lastName = u.lastName;
|
|
44
|
+
}
|
|
45
|
+
}
|
|
46
|
+
return whoami;
|
|
47
|
+
}
|
|
48
|
+
//#endregion
|
|
49
|
+
export { fetchWhoami };
|
|
50
|
+
|
|
51
|
+
//# sourceMappingURL=whoami.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"whoami.js","names":[],"sources":["../../../../src/server/hono/hubspot-connect-routes/whoami.ts"],"sourcesContent":["import type { AuthCompleteWhoami } from '../../../shared/wire-types.ts';\nimport {\n account,\n authOauth,\n createHubSpotClient,\n settingsUsers,\n} from '../../api-client-core/index.ts';\nimport { fetchTransportPlugin } from '../../api-client-core/plugins/fetch-transport.ts';\nimport { getHubSpotApiOrigin } from '../../utils/env-utils.ts';\nimport type { HubSpotConnectRoutesEnv } from './load-hubspot-connect-routes-env.ts';\n\nexport async function fetchWhoami(\n accessToken: string,\n hubspotConnectEnv: HubSpotConnectRoutesEnv\n): Promise<AuthCompleteWhoami> {\n const apiClient = createHubSpotClient({\n plugins: [\n fetchTransportPlugin({\n getEndpoint: getHubSpotApiOrigin,\n getAccessToken: () => accessToken,\n }),\n ],\n });\n\n const introspectInput = hubspotConnectEnv.isCimdEnabled\n ? { token: accessToken }\n : {\n client_id: hubspotConnectEnv.hubspotClientId,\n client_secret: hubspotConnectEnv.hubspotClientSecret,\n token: accessToken,\n };\n\n // Introspect and account.get are independent — run in parallel.\n // settingsUsers.get requires user_id from introspect, so it runs after.\n const [introspectResult, hubResult] = await Promise.allSettled([\n apiClient.send(authOauth.introspectToken(introspectInput)),\n apiClient.send(account.get()),\n ]);\n\n const whoami: AuthCompleteWhoami = {\n hub: {},\n user: {},\n };\n\n if (hubResult.status === 'fulfilled') {\n const portal = hubResult.value;\n whoami.hub.id = portal.portalId;\n whoami.hub.uiDomain = portal.uiDomain;\n }\n\n if (\n introspectResult.status === 'fulfilled' &&\n introspectResult.value.token_use === 'access_token'\n ) {\n whoami.hub.domain = introspectResult.value.hub_domain;\n\n const userId = String(introspectResult.value.user_id);\n const userResult = await apiClient\n .send(settingsUsers.get({ userId, idProperty: 'USER_ID' }))\n .then(\n (u) => ({ ok: true as const, value: u }),\n () => ({ ok: false as const })\n );\n if (userResult.ok) {\n const u = userResult.value;\n whoami.user.id = u.id;\n whoami.user.email = u.email;\n whoami.user.firstName = u.firstName;\n whoami.user.lastName = u.lastName;\n }\n }\n\n return whoami;\n}\n"],"mappings":";;;;;;;AAWA,eAAsB,YACpB,aACA,mBAC6B;CAC7B,MAAM,YAAY,oBAAoB,EACpC,SAAS,CACP,qBAAqB;EACnB,aAAa;EACb,sBAAsB;CACxB,CAAC,CACH,EACF,CAAC;CAED,MAAM,kBAAkB,kBAAkB,gBACtC,EAAE,OAAO,YAAY,IACrB;EACE,WAAW,kBAAkB;EAC7B,eAAe,kBAAkB;EACjC,OAAO;CACT;CAIJ,MAAM,CAAC,kBAAkB,aAAa,MAAM,QAAQ,WAAW,CAC7D,UAAU,KAAK,UAAU,gBAAgB,eAAe,CAAC,GACzD,UAAU,KAAK,QAAQ,IAAI,CAAC,CAC9B,CAAC;CAED,MAAM,SAA6B;EACjC,KAAK,CAAC;EACN,MAAM,CAAC;CACT;CAEA,IAAI,UAAU,WAAW,aAAa;EACpC,MAAM,SAAS,UAAU;EACzB,OAAO,IAAI,KAAK,OAAO;EACvB,OAAO,IAAI,WAAW,OAAO;CAC/B;CAEA,IACE,iBAAiB,WAAW,eAC5B,iBAAiB,MAAM,cAAc,gBACrC;EACA,OAAO,IAAI,SAAS,iBAAiB,MAAM;EAE3C,MAAM,SAAS,OAAO,iBAAiB,MAAM,OAAO;EACpD,MAAM,aAAa,MAAM,UACtB,KAAK,cAAc,IAAI;GAAE;GAAQ,YAAY;EAAU,CAAC,CAAC,EACzD,MACE,OAAO;GAAE,IAAI;GAAe,OAAO;EAAE,WAC/B,EAAE,IAAI,MAAe,EAC9B;EACF,IAAI,WAAW,IAAI;GACjB,MAAM,IAAI,WAAW;GACrB,OAAO,KAAK,KAAK,EAAE;GACnB,OAAO,KAAK,QAAQ,EAAE;GACtB,OAAO,KAAK,YAAY,EAAE;GAC1B,OAAO,KAAK,WAAW,EAAE;EAC3B;CACF;CAEA,OAAO;AACT"}
|
|
@@ -1,24 +1,23 @@
|
|
|
1
1
|
import { HubSpotClient } from "../api-client-core/types.js";
|
|
2
|
-
import { HubSpotProxy } from "../types.js";
|
|
3
2
|
|
|
4
3
|
//#region src/server/hono/types.d.ts
|
|
5
|
-
interface
|
|
4
|
+
interface AppConnectRequestContext {
|
|
6
5
|
/**
|
|
7
|
-
*
|
|
8
|
-
* API on behalf of the browser session that made the inbound
|
|
9
|
-
* request. `authenticated: false` when the session cookies are
|
|
10
|
-
* absent or invalid.
|
|
6
|
+
* HubSpot API client.
|
|
11
7
|
*/
|
|
12
|
-
|
|
8
|
+
client: HubSpotClient;
|
|
13
9
|
/**
|
|
14
|
-
*
|
|
10
|
+
* Whether the browser session is authenticated.
|
|
15
11
|
*/
|
|
16
|
-
|
|
12
|
+
authenticated: boolean;
|
|
13
|
+
}
|
|
14
|
+
interface AppConnectHonoBindings {
|
|
15
|
+
hubSpot: AppConnectRequestContext;
|
|
17
16
|
}
|
|
18
17
|
/**
|
|
19
18
|
* Hono environment shape used by handlers running inside a hubspot-
|
|
20
19
|
* connect request handler. Exposes the per-request
|
|
21
|
-
* {@link
|
|
20
|
+
* {@link AppConnectRequestContext} as `c.env.hubSpot`.
|
|
22
21
|
*/
|
|
23
22
|
interface AppConnectHonoEnv {
|
|
24
23
|
Bindings: AppConnectHonoBindings;
|
|
@@ -14,13 +14,14 @@ function setResponseCookie(options) {
|
|
|
14
14
|
* cookies share the same policy.
|
|
15
15
|
*/
|
|
16
16
|
function serializeCookie(options) {
|
|
17
|
-
const { name, value, path, sameSite = "Strict", maxAge, secure = true, httpOnly = true } = options;
|
|
17
|
+
const { name, value, path, sameSite = "Strict", maxAge, secure = true, httpOnly = true, partitioned = false } = options;
|
|
18
18
|
const parts = [`${name}=${value}`];
|
|
19
19
|
if (httpOnly) parts.push("HttpOnly");
|
|
20
20
|
if (secure) parts.push("Secure");
|
|
21
21
|
parts.push(`SameSite=${sameSite}`);
|
|
22
22
|
parts.push(`Path=${path}`);
|
|
23
23
|
parts.push(`Max-Age=${maxAge}`);
|
|
24
|
+
if (partitioned) parts.push("Partitioned");
|
|
24
25
|
return parts.join("; ");
|
|
25
26
|
}
|
|
26
27
|
//#endregion
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie-utils.js","names":[],"sources":["../../../../src/server/hono/utils/cookie-utils.ts"],"sourcesContent":["import type { Context } from 'hono';\n\nexport interface SetResponseCookieOptions {\n c: Context;\n value: string;\n}\n\n/**\n * Appends a `Set-Cookie` header to the response. Hono replaces single\n * headers by default, so this uses `{ append: true }` to emit multiple\n * cookies on the same response.\n */\nexport function setResponseCookie(options: SetResponseCookieOptions): void {\n const { c, value } = options;\n c.header('Set-Cookie', value, { append: true });\n}\n\nexport interface SerializeCookieOptions {\n name: string;\n value: string;\n /** `__Host-` prefix requires `Path=/` and is recommended for session cookies. */\n path: string;\n
|
|
1
|
+
{"version":3,"file":"cookie-utils.js","names":[],"sources":["../../../../src/server/hono/utils/cookie-utils.ts"],"sourcesContent":["import type { Context } from 'hono';\n\nexport interface SetResponseCookieOptions {\n c: Context;\n value: string;\n}\n\n/**\n * Appends a `Set-Cookie` header to the response. Hono replaces single\n * headers by default, so this uses `{ append: true }` to emit multiple\n * cookies on the same response.\n */\nexport function setResponseCookie(options: SetResponseCookieOptions): void {\n const { c, value } = options;\n c.header('Set-Cookie', value, { append: true });\n}\n\nexport interface SerializeCookieOptions {\n name: string;\n value: string;\n /** `__Host-` prefix requires `Path=/` and is recommended for session cookies. */\n path: string;\n /**\n * Defaults to `Strict`.\n *\n * - `Strict`: only sent on same-site requests. Default for self-hosted\n * same-origin deployments.\n * - `Lax`: also sent on top-level cross-site GET navigations. Use for\n * short-lived OAuth temp cookies that need to survive a redirect.\n * - `None`: sent on all cross-site requests; **requires `Secure=true`\n * and is typically combined with `Partitioned=true`** for the\n * cross-origin Lovable / Supabase deployment shape.\n */\n sameSite?: 'Strict' | 'Lax' | 'None';\n /** Lifetime in seconds. `0` deletes the cookie. */\n maxAge: number;\n /** Defaults to `true`; only set `false` for tests or non-HTTPS dev hosts. */\n secure?: boolean;\n /** Defaults to `true`. */\n httpOnly?: boolean;\n /**\n * When `true`, appends the `Partitioned` attribute (CHIPS — Cookies\n * Having Independent Partitioned State). The browser then keys the\n * cookie by `(top-level site, cookie host)` instead of by cookie\n * host alone, which is required for the cross-origin SDK shape\n * where the React app and the SDK's edge functions live on\n * different sites and third-party cookies are blocked.\n *\n * Defaults to `false`. Browsers ignore `Partitioned` on cookies\n * without `Secure=true` and reject it on cookies without\n * `SameSite=None`.\n */\n partitioned?: boolean;\n}\n\n/**\n * Builds a `Set-Cookie` header value with HubSpot's default attributes\n * (HttpOnly, Secure, SameSite). Centralizes the serialization so all\n * cookies share the same policy.\n */\nexport function serializeCookie(options: SerializeCookieOptions): string {\n const {\n name,\n value,\n path,\n sameSite = 'Strict',\n maxAge,\n secure = true,\n httpOnly = true,\n partitioned = false,\n } = options;\n const parts: string[] = [`${name}=${value}`];\n if (httpOnly) parts.push('HttpOnly');\n if (secure) parts.push('Secure');\n parts.push(`SameSite=${sameSite}`);\n parts.push(`Path=${path}`);\n parts.push(`Max-Age=${maxAge}`);\n if (partitioned) parts.push('Partitioned');\n return parts.join('; ');\n}\n"],"mappings":";;;;;;AAYA,SAAgB,kBAAkB,SAAyC;CACzE,MAAM,EAAE,GAAG,UAAU;CACrB,EAAE,OAAO,cAAc,OAAO,EAAE,QAAQ,KAAK,CAAC;AAChD;;;;;;AA6CA,SAAgB,gBAAgB,SAAyC;CACvE,MAAM,EACJ,MACA,OACA,MACA,WAAW,UACX,QACA,SAAS,MACT,WAAW,MACX,cAAc,UACZ;CACJ,MAAM,QAAkB,CAAC,GAAG,KAAK,GAAG,OAAO;CAC3C,IAAI,UAAU,MAAM,KAAK,UAAU;CACnC,IAAI,QAAQ,MAAM,KAAK,QAAQ;CAC/B,MAAM,KAAK,YAAY,UAAU;CACjC,MAAM,KAAK,QAAQ,MAAM;CACzB,MAAM,KAAK,WAAW,QAAQ;CAC9B,IAAI,aAAa,MAAM,KAAK,aAAa;CACzC,OAAO,MAAM,KAAK,IAAI;AACxB"}
|
|
@@ -0,0 +1,85 @@
|
|
|
1
|
+
import { HUBSPOT_APP_ORIGIN_COOKIE_NAME } from "../../constants.js";
|
|
2
|
+
import { parseCookies } from "../../utils/cookie-utils.js";
|
|
3
|
+
//#region src/server/hono/utils/cors-middleware.ts
|
|
4
|
+
/**
|
|
5
|
+
* Comma-separated list of request headers the SDK accepts on
|
|
6
|
+
* cross-site fetches. Mirrors the Supabase Edge Functions defaults
|
|
7
|
+
* the Lovable AI agent emits today, plus `content-type` for the
|
|
8
|
+
* `auth/complete` POST body and `accept` so JSON content negotiation
|
|
9
|
+
* works.
|
|
10
|
+
*/
|
|
11
|
+
const ALLOWED_HEADERS = [
|
|
12
|
+
"authorization",
|
|
13
|
+
"x-client-info",
|
|
14
|
+
"apikey",
|
|
15
|
+
"content-type",
|
|
16
|
+
"accept",
|
|
17
|
+
"x-supabase-client-platform",
|
|
18
|
+
"x-supabase-client-platform-version",
|
|
19
|
+
"x-supabase-client-runtime",
|
|
20
|
+
"x-supabase-client-runtime-version"
|
|
21
|
+
].join(", ");
|
|
22
|
+
const ALLOWED_METHODS = "GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS";
|
|
23
|
+
const PREFLIGHT_MAX_AGE_SECONDS = "600";
|
|
24
|
+
/**
|
|
25
|
+
* Reads the persisted app-origin cookie from the request, falling
|
|
26
|
+
* back to the literal `Origin` request header. The cookie is the
|
|
27
|
+
* authoritative pin once `auth/init-session` has run; on the very
|
|
28
|
+
* first init-session call (no cookie yet) we just echo whatever
|
|
29
|
+
* `Origin` the caller sent — the actual access decision is enforced
|
|
30
|
+
* by cookie-based authentication on every other route, not by CORS.
|
|
31
|
+
*/
|
|
32
|
+
function resolveAllowedOrigin(c) {
|
|
33
|
+
const pinned = parseCookies(c.req.header("Cookie"))[HUBSPOT_APP_ORIGIN_COOKIE_NAME];
|
|
34
|
+
if (pinned) return pinned;
|
|
35
|
+
return c.req.header("Origin") ?? null;
|
|
36
|
+
}
|
|
37
|
+
function setSharedCorsHeaders(c, allowOrigin) {
|
|
38
|
+
c.res.headers.set("Access-Control-Allow-Origin", allowOrigin);
|
|
39
|
+
c.res.headers.set("Access-Control-Allow-Credentials", "true");
|
|
40
|
+
c.res.headers.set("Vary", "Origin, Cookie");
|
|
41
|
+
}
|
|
42
|
+
/**
|
|
43
|
+
* Hono middleware that emits credentialed CORS response headers for
|
|
44
|
+
* the cross-origin Lovable / Supabase deployment shape.
|
|
45
|
+
*
|
|
46
|
+
* - On `OPTIONS` preflight: short-circuits with a 204 carrying
|
|
47
|
+
* `Access-Control-Allow-*` headers. The browser will then send the
|
|
48
|
+
* real request with cookies attached.
|
|
49
|
+
* - On every other method: echoes the pinned `__Host-hs_app_origin`
|
|
50
|
+
* cookie value (or, before init-session has run, the request
|
|
51
|
+
* `Origin` header) as `Access-Control-Allow-Origin`, with
|
|
52
|
+
* `Access-Control-Allow-Credentials: true`. The wildcard `*` is
|
|
53
|
+
* forbidden by browsers when credentials are included, so the
|
|
54
|
+
* middleware always echoes a concrete origin.
|
|
55
|
+
*
|
|
56
|
+
* Skips header emission entirely when the request has no `Origin`
|
|
57
|
+
* (server-to-server calls, curl, etc.) so non-browser callers are
|
|
58
|
+
* left untouched.
|
|
59
|
+
*/
|
|
60
|
+
function corsMiddleware() {
|
|
61
|
+
return async (c, next) => {
|
|
62
|
+
const allowOrigin = resolveAllowedOrigin(c);
|
|
63
|
+
if (c.req.method === "OPTIONS") {
|
|
64
|
+
const headers = new Headers();
|
|
65
|
+
if (allowOrigin) {
|
|
66
|
+
headers.set("Access-Control-Allow-Origin", allowOrigin);
|
|
67
|
+
headers.set("Access-Control-Allow-Credentials", "true");
|
|
68
|
+
headers.set("Vary", "Origin, Cookie");
|
|
69
|
+
}
|
|
70
|
+
headers.set("Access-Control-Allow-Methods", ALLOWED_METHODS);
|
|
71
|
+
headers.set("Access-Control-Allow-Headers", ALLOWED_HEADERS);
|
|
72
|
+
headers.set("Access-Control-Max-Age", PREFLIGHT_MAX_AGE_SECONDS);
|
|
73
|
+
return new Response(null, {
|
|
74
|
+
status: 204,
|
|
75
|
+
headers
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
await next();
|
|
79
|
+
if (allowOrigin) setSharedCorsHeaders(c, allowOrigin);
|
|
80
|
+
};
|
|
81
|
+
}
|
|
82
|
+
//#endregion
|
|
83
|
+
export { corsMiddleware };
|
|
84
|
+
|
|
85
|
+
//# sourceMappingURL=cors-middleware.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"cors-middleware.js","names":[],"sources":["../../../../src/server/hono/utils/cors-middleware.ts"],"sourcesContent":["import type { Context, MiddlewareHandler } from 'hono';\n\nimport { HUBSPOT_APP_ORIGIN_COOKIE_NAME } from '../../constants.ts';\nimport { parseCookies } from '../../utils/cookie-utils.ts';\n\n/**\n * Comma-separated list of request headers the SDK accepts on\n * cross-site fetches. Mirrors the Supabase Edge Functions defaults\n * the Lovable AI agent emits today, plus `content-type` for the\n * `auth/complete` POST body and `accept` so JSON content negotiation\n * works.\n */\nconst ALLOWED_HEADERS = [\n 'authorization',\n 'x-client-info',\n 'apikey',\n 'content-type',\n 'accept',\n 'x-supabase-client-platform',\n 'x-supabase-client-platform-version',\n 'x-supabase-client-runtime',\n 'x-supabase-client-runtime-version',\n].join(', ');\n\nconst ALLOWED_METHODS = 'GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS';\n\nconst PREFLIGHT_MAX_AGE_SECONDS = '600';\n\n/**\n * Reads the persisted app-origin cookie from the request, falling\n * back to the literal `Origin` request header. The cookie is the\n * authoritative pin once `auth/init-session` has run; on the very\n * first init-session call (no cookie yet) we just echo whatever\n * `Origin` the caller sent — the actual access decision is enforced\n * by cookie-based authentication on every other route, not by CORS.\n */\nfunction resolveAllowedOrigin(c: Context): string | null {\n const cookies = parseCookies(c.req.header('Cookie'));\n const pinned = cookies[HUBSPOT_APP_ORIGIN_COOKIE_NAME];\n if (pinned) return pinned;\n return c.req.header('Origin') ?? null;\n}\n\nfunction setSharedCorsHeaders(c: Context, allowOrigin: string): void {\n c.res.headers.set('Access-Control-Allow-Origin', allowOrigin);\n c.res.headers.set('Access-Control-Allow-Credentials', 'true');\n // `Origin` so caches differentiate per-caller responses; `Cookie`\n // because the allowed origin is derived from the persisted\n // `__Host-hs_app_origin` cookie.\n c.res.headers.set('Vary', 'Origin, Cookie');\n}\n\n/**\n * Hono middleware that emits credentialed CORS response headers for\n * the cross-origin Lovable / Supabase deployment shape.\n *\n * - On `OPTIONS` preflight: short-circuits with a 204 carrying\n * `Access-Control-Allow-*` headers. The browser will then send the\n * real request with cookies attached.\n * - On every other method: echoes the pinned `__Host-hs_app_origin`\n * cookie value (or, before init-session has run, the request\n * `Origin` header) as `Access-Control-Allow-Origin`, with\n * `Access-Control-Allow-Credentials: true`. The wildcard `*` is\n * forbidden by browsers when credentials are included, so the\n * middleware always echoes a concrete origin.\n *\n * Skips header emission entirely when the request has no `Origin`\n * (server-to-server calls, curl, etc.) so non-browser callers are\n * left untouched.\n */\nexport function corsMiddleware(): MiddlewareHandler {\n return async (c, next) => {\n const allowOrigin = resolveAllowedOrigin(c);\n\n if (c.req.method === 'OPTIONS') {\n const headers = new Headers();\n if (allowOrigin) {\n headers.set('Access-Control-Allow-Origin', allowOrigin);\n headers.set('Access-Control-Allow-Credentials', 'true');\n headers.set('Vary', 'Origin, Cookie');\n }\n headers.set('Access-Control-Allow-Methods', ALLOWED_METHODS);\n headers.set('Access-Control-Allow-Headers', ALLOWED_HEADERS);\n headers.set('Access-Control-Max-Age', PREFLIGHT_MAX_AGE_SECONDS);\n return new Response(null, { status: 204, headers });\n }\n\n await next();\n\n if (allowOrigin) {\n setSharedCorsHeaders(c, allowOrigin);\n }\n return;\n };\n}\n"],"mappings":";;;;;;;;;;AAYA,MAAM,kBAAkB;CACtB;CACA;CACA;CACA;CACA;CACA;CACA;CACA;CACA;AACF,EAAE,KAAK,IAAI;AAEX,MAAM,kBAAkB;AAExB,MAAM,4BAA4B;;;;;;;;;AAUlC,SAAS,qBAAqB,GAA2B;CAEvD,MAAM,SADU,aAAa,EAAE,IAAI,OAAO,QAAQ,CAC7B,EAAE;CACvB,IAAI,QAAQ,OAAO;CACnB,OAAO,EAAE,IAAI,OAAO,QAAQ,KAAK;AACnC;AAEA,SAAS,qBAAqB,GAAY,aAA2B;CACnE,EAAE,IAAI,QAAQ,IAAI,+BAA+B,WAAW;CAC5D,EAAE,IAAI,QAAQ,IAAI,oCAAoC,MAAM;CAI5D,EAAE,IAAI,QAAQ,IAAI,QAAQ,gBAAgB;AAC5C;;;;;;;;;;;;;;;;;;;AAoBA,SAAgB,iBAAoC;CAClD,OAAO,OAAO,GAAG,SAAS;EACxB,MAAM,cAAc,qBAAqB,CAAC;EAE1C,IAAI,EAAE,IAAI,WAAW,WAAW;GAC9B,MAAM,UAAU,IAAI,QAAQ;GAC5B,IAAI,aAAa;IACf,QAAQ,IAAI,+BAA+B,WAAW;IACtD,QAAQ,IAAI,oCAAoC,MAAM;IACtD,QAAQ,IAAI,QAAQ,gBAAgB;GACtC;GACA,QAAQ,IAAI,gCAAgC,eAAe;GAC3D,QAAQ,IAAI,gCAAgC,eAAe;GAC3D,QAAQ,IAAI,0BAA0B,yBAAyB;GAC/D,OAAO,IAAI,SAAS,MAAM;IAAE,QAAQ;IAAK;GAAQ,CAAC;EACpD;EAEA,MAAM,KAAK;EAEX,IAAI,aACF,qBAAqB,GAAG,WAAW;CAGvC;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"import-app-keys.js","names":[],"sources":["../../src/server/import-app-keys.ts"],"sourcesContent":["import type { AppKeys } from './types.ts';\nimport { base64StandardToArrayBuffer } from './utils/base64-utils.ts';\n\n/**\n * Imports a base64-encoded PKCS8 ES256 private key into the\n * `AppKeys` shape used throughout the SDK.\n *\n * The function imports the key twice: once as **extractable** to\n * derive the public JWK (via `crypto.subtle.exportKey`), and once\n * as **non-extractable** so the long-lived `appPrivateKey` can never\n * be exfiltrated.\n *\n * @throws {Error} When `envKey` is empty/undefined or when the key\n * isn't an EC P-256 keypair.\n */\nexport async function importAppKeys(\n envKey: string | undefined\n): Promise<AppKeys> {\n const b64 = envKey?.trim() ?? '';\n if (!b64) {\n throw new Error('HUBSPOT_APP_PRIVATE_KEY is not set');\n }\n\n const pkcs8 = base64StandardToArrayBuffer(b64);\n const tempPrivateKey = await crypto.subtle.importKey(\n 'pkcs8',\n pkcs8,\n { name: 'ECDSA', namedCurve: 'P-256' },\n true,\n ['sign']\n );\n const privateJwk = await crypto.subtle.exportKey('jwk', tempPrivateKey);\n if (\n privateJwk.kty !== 'EC' ||\n privateJwk.crv !== 'P-256' ||\n typeof privateJwk.x !== 'string' ||\n typeof privateJwk.y !== 'string'\n ) {\n throw new Error('Expected P-256 EC private key JWK with x and y');\n }\n const appPublicKeyJwk: JsonWebKey = {\n kty: 'EC',\n crv: 'P-256',\n x: privateJwk.x,\n y: privateJwk.y,\n };\n const appPrivateKey = await crypto.subtle.importKey(\n 'pkcs8',\n pkcs8,\n { name: 'ECDSA', namedCurve: 'P-256' },\n false,\n ['sign']\n );\n return { appPrivateKey, appPublicKeyJwk };\n}\n"],"mappings":";;;;;;;;;;;;;;AAeA,eAAsB,cACpB,QACkB;CAClB,MAAM,MAAM,QAAQ,
|
|
1
|
+
{"version":3,"file":"import-app-keys.js","names":[],"sources":["../../src/server/import-app-keys.ts"],"sourcesContent":["import type { AppKeys } from './types.ts';\nimport { base64StandardToArrayBuffer } from './utils/base64-utils.ts';\n\n/**\n * Imports a base64-encoded PKCS8 ES256 private key into the\n * `AppKeys` shape used throughout the SDK.\n *\n * The function imports the key twice: once as **extractable** to\n * derive the public JWK (via `crypto.subtle.exportKey`), and once\n * as **non-extractable** so the long-lived `appPrivateKey` can never\n * be exfiltrated.\n *\n * @throws {Error} When `envKey` is empty/undefined or when the key\n * isn't an EC P-256 keypair.\n */\nexport async function importAppKeys(\n envKey: string | undefined\n): Promise<AppKeys> {\n const b64 = envKey?.trim() ?? '';\n if (!b64) {\n throw new Error('HUBSPOT_APP_PRIVATE_KEY is not set');\n }\n\n const pkcs8 = base64StandardToArrayBuffer(b64);\n const tempPrivateKey = await crypto.subtle.importKey(\n 'pkcs8',\n pkcs8,\n { name: 'ECDSA', namedCurve: 'P-256' },\n true,\n ['sign']\n );\n const privateJwk = await crypto.subtle.exportKey('jwk', tempPrivateKey);\n if (\n privateJwk.kty !== 'EC' ||\n privateJwk.crv !== 'P-256' ||\n typeof privateJwk.x !== 'string' ||\n typeof privateJwk.y !== 'string'\n ) {\n throw new Error('Expected P-256 EC private key JWK with x and y');\n }\n const appPublicKeyJwk: JsonWebKey = {\n kty: 'EC',\n crv: 'P-256',\n x: privateJwk.x,\n y: privateJwk.y,\n };\n const appPrivateKey = await crypto.subtle.importKey(\n 'pkcs8',\n pkcs8,\n { name: 'ECDSA', namedCurve: 'P-256' },\n false,\n ['sign']\n );\n return { appPrivateKey, appPublicKeyJwk };\n}\n"],"mappings":";;;;;;;;;;;;;;AAeA,eAAsB,cACpB,QACkB;CAClB,MAAM,MAAM,QAAQ,KAAK,KAAK;CAC9B,IAAI,CAAC,KACH,MAAM,IAAI,MAAM,oCAAoC;CAGtD,MAAM,QAAQ,4BAA4B,GAAG;CAC7C,MAAM,iBAAiB,MAAM,OAAO,OAAO,UACzC,SACA,OACA;EAAE,MAAM;EAAS,YAAY;CAAQ,GACrC,MACA,CAAC,MAAM,CACT;CACA,MAAM,aAAa,MAAM,OAAO,OAAO,UAAU,OAAO,cAAc;CACtE,IACE,WAAW,QAAQ,QACnB,WAAW,QAAQ,WACnB,OAAO,WAAW,MAAM,YACxB,OAAO,WAAW,MAAM,UAExB,MAAM,IAAI,MAAM,gDAAgD;CAElE,MAAM,kBAA8B;EAClC,KAAK;EACL,KAAK;EACL,GAAG,WAAW;EACd,GAAG,WAAW;CAChB;CAQA,OAAO;EAAE,eAAA,MAPmB,OAAO,OAAO,UACxC,SACA,OACA;GAAE,MAAM;GAAS,YAAY;EAAQ,GACrC,OACA,CAAC,MAAM,CACT;EACwB;CAAgB;AAC1C"}
|
|
@@ -17,7 +17,7 @@ type AppFunctionStart = (context: SecureStartContext) => Promise<void>;
|
|
|
17
17
|
/**
|
|
18
18
|
* Builds a Deno-style `start({ appKeys })` entry point that boots a
|
|
19
19
|
* Hono app under `basePath`, wires the SDK's per-request HubSpot
|
|
20
|
-
*
|
|
20
|
+
* client via `createAppConnectRequestHandler`, and serves it with
|
|
21
21
|
* `Deno.serve` on `PORT`.
|
|
22
22
|
*/
|
|
23
23
|
declare function createAppFunctionStart(options: CreateAppFunctionStartOptions): AppFunctionStart;
|
|
@@ -5,21 +5,19 @@ const serveOptions = typeof PORT === "string" ? { port: parseInt(PORT, 10) } : {
|
|
|
5
5
|
/**
|
|
6
6
|
* Builds a Deno-style `start({ appKeys })` entry point that boots a
|
|
7
7
|
* Hono app under `basePath`, wires the SDK's per-request HubSpot
|
|
8
|
-
*
|
|
8
|
+
* client via `createAppConnectRequestHandler`, and serves it with
|
|
9
9
|
* `Deno.serve` on `PORT`.
|
|
10
10
|
*/
|
|
11
11
|
function createAppFunctionStart(options) {
|
|
12
12
|
const { basePath, registerRoutes, logger } = options;
|
|
13
|
-
return ({ appKeys }) => {
|
|
14
|
-
Deno.serve(serveOptions, createAppConnectRequestHandler({
|
|
13
|
+
return async ({ appKeys }) => {
|
|
14
|
+
await Deno.serve(serveOptions, createAppConnectRequestHandler({
|
|
15
15
|
appKeys,
|
|
16
16
|
...logger !== void 0 ? { logger } : {},
|
|
17
17
|
registerRoutes: (app) => {
|
|
18
18
|
registerRoutes(app.basePath(basePath));
|
|
19
19
|
}
|
|
20
|
-
}));
|
|
21
|
-
console.log(`[app-function ${basePath}] Listening on http://localhost:${PORT}`);
|
|
22
|
-
return Promise.resolve();
|
|
20
|
+
})).finished;
|
|
23
21
|
};
|
|
24
22
|
}
|
|
25
23
|
//#endregion
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"create-app-function-start.js","names":[],"sources":["../../../src/server/lovable/create-app-function-start.ts"],"sourcesContent":["import type { Hono } from 'hono';\n\nimport type { Logger } from '../../shared/logger.ts';\nimport { createAppConnectRequestHandler } from '../hono/hono-request-handler.ts';\nimport type { AppConnectHonoEnv } from '../hono/types.ts';\nimport type { SecureStartContext } from '../secure-start-core.ts';\n\nconst PORT = Deno.env.get('PORT');\nconst serveOptions =\n typeof PORT === 'string' ? { port: parseInt(PORT, 10) } : {};\n\nexport type RegisterAppFunctionRoutesFunction = (\n app: Hono<AppConnectHonoEnv>\n) => void;\n\nexport interface CreateAppFunctionStartOptions {\n /** Base path the user's routes are mounted under (e.g. `/functions/v1/api`). */\n basePath: string;\n /** Attach app routes to the SDK-owned Hono instance. */\n registerRoutes: RegisterAppFunctionRoutesFunction;\n /** Optional logger forwarded to `createAppConnectRequestHandler`. */\n logger?: Logger;\n}\n\nexport type AppFunctionStart = (context: SecureStartContext) => Promise<void>;\n\n/**\n * Builds a Deno-style `start({ appKeys })` entry point that boots a\n * Hono app under `basePath`, wires the SDK's per-request HubSpot\n *
|
|
1
|
+
{"version":3,"file":"create-app-function-start.js","names":[],"sources":["../../../src/server/lovable/create-app-function-start.ts"],"sourcesContent":["import type { Hono } from 'hono';\n\nimport type { Logger } from '../../shared/logger.ts';\nimport { createAppConnectRequestHandler } from '../hono/hono-request-handler.ts';\nimport type { AppConnectHonoEnv } from '../hono/types.ts';\nimport type { SecureStartContext } from '../secure-start-core.ts';\n\nconst PORT = Deno.env.get('PORT');\nconst serveOptions =\n typeof PORT === 'string' ? { port: parseInt(PORT, 10) } : {};\n\nexport type RegisterAppFunctionRoutesFunction = (\n app: Hono<AppConnectHonoEnv>\n) => void;\n\nexport interface CreateAppFunctionStartOptions {\n /** Base path the user's routes are mounted under (e.g. `/functions/v1/api`). */\n basePath: string;\n /** Attach app routes to the SDK-owned Hono instance. */\n registerRoutes: RegisterAppFunctionRoutesFunction;\n /** Optional logger forwarded to `createAppConnectRequestHandler`. */\n logger?: Logger;\n}\n\nexport type AppFunctionStart = (context: SecureStartContext) => Promise<void>;\n\n/**\n * Builds a Deno-style `start({ appKeys })` entry point that boots a\n * Hono app under `basePath`, wires the SDK's per-request HubSpot\n * client via `createAppConnectRequestHandler`, and serves it with\n * `Deno.serve` on `PORT`.\n */\nexport function createAppFunctionStart(\n options: CreateAppFunctionStartOptions\n): AppFunctionStart {\n const { basePath, registerRoutes, logger } = options;\n\n return async ({ appKeys }) => {\n const server = Deno.serve(\n serveOptions,\n createAppConnectRequestHandler({\n appKeys,\n ...(logger !== undefined ? { logger } : {}),\n registerRoutes: (app) => {\n registerRoutes(app.basePath(basePath));\n },\n })\n );\n\n await server.finished;\n };\n}\n"],"mappings":";;AAOA,MAAM,OAAO,KAAK,IAAI,IAAI,MAAM;AAChC,MAAM,eACJ,OAAO,SAAS,WAAW,EAAE,MAAM,SAAS,MAAM,EAAE,EAAE,IAAI,CAAC;;;;;;;AAuB7D,SAAgB,uBACd,SACkB;CAClB,MAAM,EAAE,UAAU,gBAAgB,WAAW;CAE7C,OAAO,OAAO,EAAE,cAAc;EAY5B,MAXe,KAAK,MAClB,cACA,+BAA+B;GAC7B;GACA,GAAI,WAAW,KAAA,IAAY,EAAE,OAAO,IAAI,CAAC;GACzC,iBAAiB,QAAQ;IACvB,eAAe,IAAI,SAAS,QAAQ,CAAC;GACvC;EACF,CAAC,CAGQ,EAAE;CACf;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","names":[],"sources":["../../../../src/server/lovable/hubspot-connect/index.ts"],"sourcesContent":["import { secureStart } from '../../deno/start.ts';\nimport { assertHubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\nimport type { HubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\nimport { runHubSpotConnectLovableServer } from './run-hubspot-connect-lovable-server.ts';\n\nexport type { HubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\n\nexport interface StartHubSpotConnectFunctionOptions {\n client: HubSpotConnectCimdClientMetadata;\n}\n\n/**\n * Lovable-style entry point for the hubspot-connect Deno function.\n * Loads `HUBSPOT_APP_PRIVATE_KEY` via `secureStart`, then serves OAuth\n * and CIMD routes under `/functions/v1/hubspot-connect`.\n */\nexport async function startHubSpotConnectFunction(\n options: StartHubSpotConnectFunctionOptions\n): Promise<void> {\n assertHubSpotConnectCimdClientMetadata(options.client);\n await secureStart(async () => ({\n start: (context) =>\n runHubSpotConnectLovableServer({\n ...context,\n cimdClientMetadata: options.client,\n }),\n }));\n}\n"],"mappings":";;;;;;;;;AAgBA,eAAsB,4BACpB,SACe;CACf,uCAAuC,QAAQ,
|
|
1
|
+
{"version":3,"file":"index.js","names":[],"sources":["../../../../src/server/lovable/hubspot-connect/index.ts"],"sourcesContent":["import { secureStart } from '../../deno/start.ts';\nimport { assertHubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\nimport type { HubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\nimport { runHubSpotConnectLovableServer } from './run-hubspot-connect-lovable-server.ts';\n\nexport type { HubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\n\nexport interface StartHubSpotConnectFunctionOptions {\n client: HubSpotConnectCimdClientMetadata;\n}\n\n/**\n * Lovable-style entry point for the hubspot-connect Deno function.\n * Loads `HUBSPOT_APP_PRIVATE_KEY` via `secureStart`, then serves OAuth\n * and CIMD routes under `/functions/v1/hubspot-connect`.\n */\nexport async function startHubSpotConnectFunction(\n options: StartHubSpotConnectFunctionOptions\n): Promise<void> {\n assertHubSpotConnectCimdClientMetadata(options.client);\n await secureStart(async () => ({\n start: (context) =>\n runHubSpotConnectLovableServer({\n ...context,\n cimdClientMetadata: options.client,\n }),\n }));\n}\n"],"mappings":";;;;;;;;;AAgBA,eAAsB,4BACpB,SACe;CACf,uCAAuC,QAAQ,MAAM;CACrD,MAAM,YAAY,aAAa,EAC7B,QAAQ,YACN,+BAA+B;EAC7B,GAAG;EACH,oBAAoB,QAAQ;CAC9B,CAAC,EACL,EAAE;AACJ"}
|
|
@@ -4,24 +4,23 @@ import "../../hono/index.js";
|
|
|
4
4
|
import { Hono } from "hono";
|
|
5
5
|
//#region src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts
|
|
6
6
|
const PORT = Deno.env.get("PORT");
|
|
7
|
-
const
|
|
8
|
-
const
|
|
9
|
-
function runHubSpotConnectLovableServer(options) {
|
|
7
|
+
const port = typeof PORT === "string" ? parseInt(PORT, 10) : void 0;
|
|
8
|
+
const PUBLIC_HUBSPOT_CONNECT_BASE_PATH = "/functions/v1/hubspot-connect";
|
|
9
|
+
async function runHubSpotConnectLovableServer(options) {
|
|
10
10
|
const { appKeys, cimdClientMetadata } = options;
|
|
11
11
|
const hubspotConnectEnv = loadHubSpotConnectRoutesEnv();
|
|
12
|
-
const
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
cimdClientMetadata
|
|
20
|
-
});
|
|
21
|
-
return app.fetch(request);
|
|
12
|
+
const app = new Hono().basePath("/hubspot-connect");
|
|
13
|
+
registerHubSpotConnectRoutes({
|
|
14
|
+
app,
|
|
15
|
+
appKeys,
|
|
16
|
+
basePath: PUBLIC_HUBSPOT_CONNECT_BASE_PATH,
|
|
17
|
+
hubspotConnectEnv,
|
|
18
|
+
cimdClientMetadata
|
|
22
19
|
});
|
|
23
|
-
|
|
24
|
-
|
|
20
|
+
const serveHandler = (request) => {
|
|
21
|
+
return app.fetch(request);
|
|
22
|
+
};
|
|
23
|
+
await (port !== void 0 ? Deno.serve({ port }, serveHandler) : Deno.serve(serveHandler)).finished;
|
|
25
24
|
}
|
|
26
25
|
//#endregion
|
|
27
26
|
export { runHubSpotConnectLovableServer };
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"run-hubspot-connect-lovable-server.js","names":[],"sources":["../../../../src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts"],"sourcesContent":["import { Hono } from 'hono';\n\nimport type { SecureStartContext } from '../../deno/start.ts';\nimport type { HubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\nimport {\n loadHubSpotConnectRoutesEnv,\n registerHubSpotConnectRoutes,\n} from '../../hono/index.ts';\n\nconst PORT = Deno.env.get('PORT');\nconst
|
|
1
|
+
{"version":3,"file":"run-hubspot-connect-lovable-server.js","names":[],"sources":["../../../../src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts"],"sourcesContent":["import { Hono } from 'hono';\n\nimport type { SecureStartContext } from '../../deno/start.ts';\nimport type { HubSpotConnectCimdClientMetadata } from '../../hono/hubspot-connect-routes/cimd-client-metadata-types.ts';\nimport {\n loadHubSpotConnectRoutesEnv,\n registerHubSpotConnectRoutes,\n} from '../../hono/index.ts';\n\nconst PORT = Deno.env.get('PORT');\nconst port = typeof PORT === 'string' ? parseInt(PORT!, 10) : undefined;\n\nconst PUBLIC_HUBSPOT_CONNECT_BASE_PATH = '/functions/v1/hubspot-connect';\n\nexport interface RunHubSpotConnectLovableServerOptions extends SecureStartContext {\n cimdClientMetadata: HubSpotConnectCimdClientMetadata;\n}\n\nexport async function runHubSpotConnectLovableServer(\n options: RunHubSpotConnectLovableServerOptions\n): Promise<void> {\n const { appKeys, cimdClientMetadata } = options;\n const hubspotConnectEnv = loadHubSpotConnectRoutesEnv();\n\n const app = new Hono().basePath('/hubspot-connect');\n\n registerHubSpotConnectRoutes({\n app,\n appKeys,\n basePath: PUBLIC_HUBSPOT_CONNECT_BASE_PATH,\n hubspotConnectEnv,\n cimdClientMetadata,\n });\n\n const serveHandler = (request: Request): Response | Promise<Response> => {\n return app.fetch(request);\n };\n\n const server =\n port !== undefined\n ? Deno.serve({ port }, serveHandler)\n : Deno.serve(serveHandler);\n\n await server.finished;\n}\n"],"mappings":";;;;;AASA,MAAM,OAAO,KAAK,IAAI,IAAI,MAAM;AAChC,MAAM,OAAO,OAAO,SAAS,WAAW,SAAS,MAAO,EAAE,IAAI,KAAA;AAE9D,MAAM,mCAAmC;AAMzC,eAAsB,+BACpB,SACe;CACf,MAAM,EAAE,SAAS,uBAAuB;CACxC,MAAM,oBAAoB,4BAA4B;CAEtD,MAAM,MAAM,IAAI,KAAK,EAAE,SAAS,kBAAkB;CAElD,6BAA6B;EAC3B;EACA;EACA,UAAU;EACV;EACA;CACF,CAAC;CAED,MAAM,gBAAgB,YAAmD;EACvE,OAAO,IAAI,MAAM,OAAO;CAC1B;CAOA,OAJE,SAAS,KAAA,IACL,KAAK,MAAM,EAAE,KAAK,GAAG,YAAY,IACjC,KAAK,MAAM,YAAY,GAEhB;AACf"}
|
|
@@ -7,22 +7,25 @@ function serializeCookies(cookies) {
|
|
|
7
7
|
return parts.join("; ");
|
|
8
8
|
}
|
|
9
9
|
/**
|
|
10
|
-
*
|
|
11
|
-
* protected cookie
|
|
12
|
-
*
|
|
13
|
-
* remain, the header is dropped entirely.
|
|
14
|
-
*
|
|
15
|
-
* Used by `createAppConnectRequestHandler` so the user's route
|
|
16
|
-
* handlers never see — and therefore cannot leak — the access token,
|
|
17
|
-
* session ID, or refresh-token cookies.
|
|
10
|
+
* Mutates `headers` in place: parses the `Cookie` header, drops every
|
|
11
|
+
* protected cookie (see {@link isProtectedCookieName}), and rewrites
|
|
12
|
+
* the header. Deletes the header entirely when nothing survives.
|
|
18
13
|
*/
|
|
19
|
-
function
|
|
20
|
-
const cookies = parseCookies(
|
|
14
|
+
function stripProtectedCookies(headers) {
|
|
15
|
+
const cookies = parseCookies(headers.get("Cookie"));
|
|
21
16
|
const surviving = /* @__PURE__ */ new Map();
|
|
22
17
|
for (const [name, value] of Object.entries(cookies)) if (!isProtectedCookieName(name)) surviving.set(name, value);
|
|
23
|
-
const headers = new Headers(original.headers);
|
|
24
18
|
if (surviving.size === 0) headers.delete("cookie");
|
|
25
19
|
else headers.set("cookie", serializeCookies(surviving));
|
|
20
|
+
}
|
|
21
|
+
/**
|
|
22
|
+
* Returns a clone of `original` whose `Cookie` header has every
|
|
23
|
+
* protected cookie removed (see {@link isProtectedCookieName}). When
|
|
24
|
+
* no other cookies remain, the header is dropped entirely.
|
|
25
|
+
*/
|
|
26
|
+
function sanitizeRequest(original) {
|
|
27
|
+
const headers = new Headers(original.headers);
|
|
28
|
+
stripProtectedCookies(headers);
|
|
26
29
|
const init = {
|
|
27
30
|
method: original.method,
|
|
28
31
|
headers,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sanitize-request.js","names":[],"sources":["../../src/server/sanitize-request.ts"],"sourcesContent":["import { isProtectedCookieName } from './constants.ts';\nimport { parseCookies } from './utils/cookie-utils.ts';\n\nfunction serializeCookies(cookies: Map<string, string>): string {\n const parts: string[] = [];\n for (const [name, value] of cookies) {\n parts.push(`${name}=${value}`);\n }\n return parts.join('; ');\n}\n\n/**\n *
|
|
1
|
+
{"version":3,"file":"sanitize-request.js","names":[],"sources":["../../src/server/sanitize-request.ts"],"sourcesContent":["import { isProtectedCookieName } from './constants.ts';\nimport { parseCookies } from './utils/cookie-utils.ts';\n\nfunction serializeCookies(cookies: Map<string, string>): string {\n const parts: string[] = [];\n for (const [name, value] of cookies) {\n parts.push(`${name}=${value}`);\n }\n return parts.join('; ');\n}\n\n/**\n * Mutates `headers` in place: parses the `Cookie` header, drops every\n * protected cookie (see {@link isProtectedCookieName}), and rewrites\n * the header. Deletes the header entirely when nothing survives.\n */\nfunction stripProtectedCookies(headers: Headers): void {\n const cookies = parseCookies(headers.get('Cookie'));\n const surviving = new Map<string, string>();\n for (const [name, value] of Object.entries(cookies)) {\n if (!isProtectedCookieName(name)) {\n surviving.set(name, value);\n }\n }\n\n if (surviving.size === 0) {\n headers.delete('cookie');\n } else {\n headers.set('cookie', serializeCookies(surviving));\n }\n}\n\n/**\n * Returns a clone of `original` whose `Cookie` header has every\n * protected cookie removed (see {@link isProtectedCookieName}). When\n * no other cookies remain, the header is dropped entirely.\n */\nexport function sanitizeRequest(original: Request): Request {\n const headers = new Headers(original.headers);\n stripProtectedCookies(headers);\n\n const init: RequestInit = {\n method: original.method,\n headers,\n redirect: original.redirect,\n signal: original.signal,\n };\n\n if (original.body !== null) {\n init.body = original.body;\n (init as RequestInit & { duplex: 'half' }).duplex = 'half';\n }\n\n return new Request(original.url, init);\n}\n"],"mappings":";;;AAGA,SAAS,iBAAiB,SAAsC;CAC9D,MAAM,QAAkB,CAAC;CACzB,KAAK,MAAM,CAAC,MAAM,UAAU,SAC1B,MAAM,KAAK,GAAG,KAAK,GAAG,OAAO;CAE/B,OAAO,MAAM,KAAK,IAAI;AACxB;;;;;;AAOA,SAAS,sBAAsB,SAAwB;CACrD,MAAM,UAAU,aAAa,QAAQ,IAAI,QAAQ,CAAC;CAClD,MAAM,4BAAY,IAAI,IAAoB;CAC1C,KAAK,MAAM,CAAC,MAAM,UAAU,OAAO,QAAQ,OAAO,GAChD,IAAI,CAAC,sBAAsB,IAAI,GAC7B,UAAU,IAAI,MAAM,KAAK;CAI7B,IAAI,UAAU,SAAS,GACrB,QAAQ,OAAO,QAAQ;MAEvB,QAAQ,IAAI,UAAU,iBAAiB,SAAS,CAAC;AAErD;;;;;;AAOA,SAAgB,gBAAgB,UAA4B;CAC1D,MAAM,UAAU,IAAI,QAAQ,SAAS,OAAO;CAC5C,sBAAsB,OAAO;CAE7B,MAAM,OAAoB;EACxB,QAAQ,SAAS;EACjB;EACA,UAAU,SAAS;EACnB,QAAQ,SAAS;CACnB;CAEA,IAAI,SAAS,SAAS,MAAM;EAC1B,KAAK,OAAO,SAAS;EACrB,KAA2C,SAAS;CACtD;CAEA,OAAO,IAAI,QAAQ,SAAS,KAAK,IAAI;AACvC"}
|
|
@@ -1,7 +1,6 @@
|
|
|
1
1
|
import { importAppKeys } from "./import-app-keys.js";
|
|
2
|
-
import { isHubspotAppPrivateKeyRequired } from "./utils/env-utils.js";
|
|
2
|
+
import { HUBSPOT_APP_PRIVATE_KEY_ENV, isHubspotAppPrivateKeyRequired } from "./utils/env-utils.js";
|
|
3
3
|
//#region src/server/secure-start-core.ts
|
|
4
|
-
const APP_PRIVATE_KEY_ENV = "HUBSPOT_APP_PRIVATE_KEY";
|
|
5
4
|
/**
|
|
6
5
|
* Loads `HUBSPOT_APP_PRIVATE_KEY` when CIMD or DPoP is enabled, deletes
|
|
7
6
|
* it from the environment so later code cannot re-read it, imports the
|
|
@@ -12,10 +11,10 @@ const APP_PRIVATE_KEY_ENV = "HUBSPOT_APP_PRIVATE_KEY";
|
|
|
12
11
|
async function runSecureStart(loader, adapter) {
|
|
13
12
|
let appKeys = null;
|
|
14
13
|
if (isHubspotAppPrivateKeyRequired()) {
|
|
15
|
-
const envKey = adapter.readEnv(
|
|
16
|
-
if (!envKey) throw new Error(`${
|
|
14
|
+
const envKey = adapter.readEnv(HUBSPOT_APP_PRIVATE_KEY_ENV)?.trim();
|
|
15
|
+
if (!envKey) throw new Error(`${HUBSPOT_APP_PRIVATE_KEY_ENV} is not set`);
|
|
17
16
|
appKeys = await importAppKeys(envKey);
|
|
18
|
-
adapter.deleteEnv(
|
|
17
|
+
adapter.deleteEnv(HUBSPOT_APP_PRIVATE_KEY_ENV);
|
|
19
18
|
}
|
|
20
19
|
return (await loader()).start({ appKeys }).catch((error) => {
|
|
21
20
|
console.error(error);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secure-start-core.js","names":[],"sources":["../../src/server/secure-start-core.ts"],"sourcesContent":["import { importAppKeys } from './import-app-keys.ts';\nimport type { AppKeys } from './types.ts';\nimport {
|
|
1
|
+
{"version":3,"file":"secure-start-core.js","names":[],"sources":["../../src/server/secure-start-core.ts"],"sourcesContent":["import { importAppKeys } from './import-app-keys.ts';\nimport type { AppKeys } from './types.ts';\nimport {\n HUBSPOT_APP_PRIVATE_KEY_ENV,\n isHubspotAppPrivateKeyRequired,\n} from './utils/env-utils.ts';\n\n/**\n * Context passed to a function-style entrypoint loaded by `runSecureStart`.\n * Contains imported `AppKeys` when CIMD or DPoP is enabled; otherwise\n * `null` (traditional OAuth with `client_secret` and Bearer API calls).\n */\nexport interface SecureStartContext {\n appKeys: AppKeys | null;\n}\n\ninterface SecureEntryPointExports {\n start: (context: SecureStartContext) => Promise<void>;\n}\n\n/**\n * Loader returned to `runSecureStart` that produces the entrypoint\n * module. Always pass an `() => import('...')` arrow so the bundler\n * preserves dynamic-import semantics.\n */\nexport type SecureStartLoader = () => Promise<SecureEntryPointExports>;\n\n/**\n * Platform adapters injected by the runtime-specific shim\n * (`node/start.ts` or `deno/start.ts`). Keeping the env/exit/delete\n * functions out of the core lets the shared logic stay platform-free.\n */\nexport interface SecureStartAdapter {\n /** Reads the named env var, or returns `undefined` when unset. */\n readEnv: (key: string) => string | undefined;\n /** Removes the named env var so child processes cannot read it. */\n deleteEnv: (key: string) => void;\n /** Terminates the process with the given exit code. */\n exit: (code: number) => never;\n}\n\n/**\n * Loads `HUBSPOT_APP_PRIVATE_KEY` when CIMD or DPoP is enabled, deletes\n * it from the environment so later code cannot re-read it, imports the\n * entrypoint module via `loader`, and invokes `start` with `AppKeys` or\n * `null` when both features are off. On failure, logs the error and\n * exits with code 1.\n */\nexport async function runSecureStart(\n loader: SecureStartLoader,\n adapter: SecureStartAdapter\n): Promise<void> {\n let appKeys: AppKeys | null = null;\n if (isHubspotAppPrivateKeyRequired()) {\n const envKey = adapter.readEnv(HUBSPOT_APP_PRIVATE_KEY_ENV)?.trim();\n if (!envKey) {\n throw new Error(`${HUBSPOT_APP_PRIVATE_KEY_ENV} is not set`);\n }\n appKeys = await importAppKeys(envKey);\n adapter.deleteEnv(HUBSPOT_APP_PRIVATE_KEY_ENV);\n }\n\n const exports = await loader();\n return exports.start({ appKeys }).catch((error) => {\n console.error(error);\n return adapter.exit(1);\n });\n}\n"],"mappings":";;;;;;;;;;AAgDA,eAAsB,eACpB,QACA,SACe;CACf,IAAI,UAA0B;CAC9B,IAAI,+BAA+B,GAAG;EACpC,MAAM,SAAS,QAAQ,QAAQ,2BAA2B,GAAG,KAAK;EAClE,IAAI,CAAC,QACH,MAAM,IAAI,MAAM,GAAG,4BAA4B,YAAY;EAE7D,UAAU,MAAM,cAAc,MAAM;EACpC,QAAQ,UAAU,2BAA2B;CAC/C;CAGA,QAAO,MADe,OAAO,GACd,MAAM,EAAE,QAAQ,CAAC,EAAE,OAAO,UAAU;EACjD,QAAQ,MAAM,KAAK;EACnB,OAAO,QAAQ,KAAK,CAAC;CACvB,CAAC;AACH"}
|