@hubspot/app-connect-sdk 1.0.0-alpha.2 → 1.0.0-alpha.21
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-format$colon$check.log +1 -1
- package/.turbo/turbo-test.log +101 -57
- package/.turbo/turbo-tsdown.log +474 -469
- package/build/tsconfig.browser.tsbuildinfo +1 -1
- package/build/tsconfig.server.tsbuildinfo +1 -1
- package/dist/browser/{HubSpotAppConnect-BW45gyDs.js → HubSpotAppConnect-721kYr9d.js} +17 -23
- package/dist/browser/HubSpotAppConnect-721kYr9d.js.map +1 -0
- package/dist/browser/{create-vctOhpX9.js → create-DxEyGG-k.js} +336 -100
- package/dist/browser/create-DxEyGG-k.js.map +1 -0
- package/dist/browser/index.d.ts +2 -2
- package/dist/browser/index.js +1 -1
- package/dist/browser/react/lovable.d.ts +9 -2
- package/dist/browser/react/lovable.js +7 -4
- package/dist/browser/react/lovable.js.map +1 -1
- package/dist/browser/react.d.ts +2 -3
- package/dist/browser/react.js +1 -1
- package/dist/browser/{types-rTQw6A54.d.ts → types-C3wed8dU.d.ts} +52 -7
- package/dist/server/api-client-core/apis/account/account-info-types.generated.d.ts +73 -85
- package/dist/server/api-client-core/apis/account/account-info.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/account/account-info.generated.js +4 -3
- package/dist/server/api-client-core/apis/account/account-info.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/account/audit-logs-types.generated.d.ts +203 -215
- package/dist/server/api-client-core/apis/account/audit-logs.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/account/audit-logs.generated.js +4 -3
- package/dist/server/api-client-core/apis/account/audit-logs.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/auth/oauth-types.generated.d.ts +78 -90
- package/dist/server/api-client-core/apis/auth/oauth.generated.d.ts +1 -1
- package/dist/server/api-client-core/apis/auth/oauth.generated.js +3 -2
- package/dist/server/api-client-core/apis/auth/oauth.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/automation/actions-types.generated.d.ts +779 -794
- package/dist/server/api-client-core/apis/automation/actions.generated.d.ts +6 -3
- package/dist/server/api-client-core/apis/automation/actions.generated.js +101 -102
- package/dist/server/api-client-core/apis/automation/actions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/automation/sequences-types.generated.d.ts +370 -382
- package/dist/server/api-client-core/apis/automation/sequences.generated.d.ts +1 -1
- package/dist/server/api-client-core/apis/automation/sequences.generated.js +3 -2
- package/dist/server/api-client-core/apis/automation/sequences.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/business-units-types.generated.d.ts +43 -55
- package/dist/server/api-client-core/apis/business-units.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/business-units.generated.js +4 -3
- package/dist/server/api-client-core/apis/business-units.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/authors-types.generated.d.ts +420 -445
- package/dist/server/api-client-core/apis/cms/authors.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/authors.generated.js +155 -158
- package/dist/server/api-client-core/apis/cms/authors.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/blog-settings-types.generated.d.ts +270 -295
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.js +35 -38
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/cms-content-audit-types.generated.d.ts +107 -131
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js +6 -5
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/domains-types.generated.d.ts +155 -167
- package/dist/server/api-client-core/apis/cms/domains.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/cms/domains.generated.js +3 -2
- package/dist/server/api-client-core/apis/cms/domains.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/hubdb-types.generated.d.ts +876 -889
- package/dist/server/api-client-core/apis/cms/hubdb.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/hubdb.generated.js +184 -185
- package/dist/server/api-client-core/apis/cms/hubdb.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/media-bridge-types.generated.d.ts +1550 -1575
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.js +161 -164
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/pages-types.generated.d.ts +1583 -1547
- package/dist/server/api-client-core/apis/cms/pages.generated.d.ts +15 -3
- package/dist/server/api-client-core/apis/cms/pages.generated.js +335 -326
- package/dist/server/api-client-core/apis/cms/pages.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/posts-types.generated.d.ts +900 -904
- package/dist/server/api-client-core/apis/cms/posts.generated.d.ts +7 -3
- package/dist/server/api-client-core/apis/cms/posts.generated.js +197 -196
- package/dist/server/api-client-core/apis/cms/posts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/site-search-types.generated.d.ts +162 -174
- package/dist/server/api-client-core/apis/cms/site-search.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/site-search.generated.js +4 -3
- package/dist/server/api-client-core/apis/cms/site-search.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/source-code-types.generated.d.ts +148 -172
- package/dist/server/api-client-core/apis/cms/source-code.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/source-code.generated.js +40 -43
- package/dist/server/api-client-core/apis/cms/source-code.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/tags-types.generated.d.ts +406 -420
- package/dist/server/api-client-core/apis/cms/tags.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/cms/tags.generated.js +157 -158
- package/dist/server/api-client-core/apis/cms/tags.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/url-mappings-types.generated.d.ts +127 -139
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.js +4 -3
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/cms/url-redirects-types.generated.d.ts +170 -182
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.js +4 -3
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.d.ts +728 -742
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js +66 -69
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/conversations/custom-channels-types.generated.d.ts +445 -471
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js +70 -73
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/conversations/visitor-identification-types.generated.d.ts +28 -40
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js +3 -2
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/conversations-types.generated.d.ts +768 -781
- package/dist/server/api-client-core/apis/conversations.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/conversations.generated.js +101 -102
- package/dist/server/api-client-core/apis/conversations.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/app-uninstalls-types.generated.d.ts +8 -19
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js +3 -2
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/appointments-types.generated.d.ts +887 -891
- package/dist/server/api-client-core/apis/crm/appointments.generated.d.ts +7 -3
- package/dist/server/api-client-core/apis/crm/appointments.generated.js +105 -106
- package/dist/server/api-client-core/apis/crm/appointments.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/associations-schema-types.generated.d.ts +247 -260
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.js +48 -49
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/associations-types.generated.d.ts +576 -590
- package/dist/server/api-client-core/apis/crm/associations.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/associations.generated.js +71 -72
- package/dist/server/api-client-core/apis/crm/associations.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/calling-extensions-types.generated.d.ts +355 -379
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js +34 -37
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/calls-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/calls.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/calls.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/calls.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/carts-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/carts.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/carts.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/carts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/commerce-payments-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.d.ts +752 -766
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/communications-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/communications.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/communications.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/communications.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/companies-types.generated.d.ts +769 -795
- package/dist/server/api-client-core/apis/crm/companies.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/companies.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/companies.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/contacts-types.generated.d.ts +786 -812
- package/dist/server/api-client-core/apis/crm/contacts.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/contacts.generated.js +60 -61
- package/dist/server/api-client-core/apis/crm/contacts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/contracts-types.generated.d.ts +796 -777
- package/dist/server/api-client-core/apis/crm/contracts.generated.d.ts +8 -3
- package/dist/server/api-client-core/apis/crm/contracts.generated.js +60 -57
- package/dist/server/api-client-core/apis/crm/contracts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/courses-types.generated.d.ts +758 -772
- package/dist/server/api-client-core/apis/crm/courses.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/courses.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/courses.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/crm-owners-types.generated.d.ts +103 -115
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/custom-objects-types.generated.d.ts +833 -848
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.d.ts +6 -3
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.js +91 -90
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/deal-splits-types.generated.d.ts +158 -170
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/deals-types.generated.d.ts +771 -785
- package/dist/server/api-client-core/apis/crm/deals.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/deals.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/deals.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/discounts-types.generated.d.ts +754 -768
- package/dist/server/api-client-core/apis/crm/discounts.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/discounts.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/discounts.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/emails-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/emails.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/emails.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/emails.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/exports-types.generated.d.ts +227 -251
- package/dist/server/api-client-core/apis/crm/exports.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/exports.generated.js +4 -5
- package/dist/server/api-client-core/apis/crm/exports.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/feedback-submissions-types.generated.d.ts +551 -565
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js +45 -46
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/fees-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/fees.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/fees.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/fees.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/goal-targets-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/imports-types.generated.d.ts +305 -329
- package/dist/server/api-client-core/apis/crm/imports.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/imports.generated.js +20 -23
- package/dist/server/api-client-core/apis/crm/imports.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/invoices-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/invoices.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/invoices.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/invoices.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/leads-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/leads.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/leads.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/leads.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/limits-tracking-types.generated.d.ts +251 -263
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/line-items-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/line-items.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/line-items.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/line-items.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/listings-types.generated.d.ts +758 -772
- package/dist/server/api-client-core/apis/crm/listings.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/listings.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/listings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/lists-types.generated.d.ts +2075 -2111
- package/dist/server/api-client-core/apis/crm/lists.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/lists.generated.js +97 -98
- package/dist/server/api-client-core/apis/crm/lists.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/meetings-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/meetings.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/meetings.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/meetings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/notes-types.generated.d.ts +755 -769
- package/dist/server/api-client-core/apis/crm/notes.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/notes.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/notes.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/object-library-types.generated.d.ts +24 -36
- package/dist/server/api-client-core/apis/crm/object-library.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/object-library.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/object-library.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/objects-types.generated.d.ts +620 -645
- package/dist/server/api-client-core/apis/crm/objects.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/objects.generated.js +66 -67
- package/dist/server/api-client-core/apis/crm/objects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/orders-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/orders.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/orders.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/orders.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/partner-clients-types.generated.d.ts +646 -660
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.js +63 -62
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/partner-services-types.generated.d.ts +646 -660
- package/dist/server/api-client-core/apis/crm/partner-services.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/partner-services.generated.js +63 -62
- package/dist/server/api-client-core/apis/crm/partner-services.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/pipelines-types.generated.d.ts +320 -332
- package/dist/server/api-client-core/apis/crm/pipelines.generated.d.ts +2 -2
- package/dist/server/api-client-core/apis/crm/pipelines.generated.js +3 -2
- package/dist/server/api-client-core/apis/crm/pipelines.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/postal-mail-types.generated.d.ts +744 -758
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/products-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/products.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/products.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/products.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/projects-types.generated.d.ts +761 -787
- package/dist/server/api-client-core/apis/crm/projects.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/projects.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/projects.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/properties-types.generated.d.ts +526 -528
- package/dist/server/api-client-core/apis/crm/properties.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/properties.generated.js +79 -78
- package/dist/server/api-client-core/apis/crm/properties.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/property-validations-types.generated.d.ts +71 -83
- package/dist/server/api-client-core/apis/crm/property-validations.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/property-validations.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/property-validations.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.d.ts +409 -433
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js +24 -25
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.d.ts +156 -169
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js +55 -56
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/quotes-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/quotes.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/quotes.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/quotes.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/schemas-types.generated.d.ts +575 -600
- package/dist/server/api-client-core/apis/crm/schemas.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/schemas.generated.js +33 -34
- package/dist/server/api-client-core/apis/crm/schemas.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/services-types.generated.d.ts +750 -764
- package/dist/server/api-client-core/apis/crm/services.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/services.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/services.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/tasks-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/tasks.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/tasks.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/tasks.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/taxes-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/taxes.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/taxes.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/taxes.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/tickets-types.generated.d.ts +764 -790
- package/dist/server/api-client-core/apis/crm/tickets.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/tickets.generated.js +59 -58
- package/dist/server/api-client-core/apis/crm/tickets.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/timeline-types.generated.d.ts +136 -149
- package/dist/server/api-client-core/apis/crm/timeline.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/timeline.generated.js +5 -6
- package/dist/server/api-client-core/apis/crm/timeline.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/transcriptions-types.generated.d.ts +104 -117
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.js +7 -10
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/users-types.generated.d.ts +747 -761
- package/dist/server/api-client-core/apis/crm/users.generated.d.ts +5 -3
- package/dist/server/api-client-core/apis/crm/users.generated.js +58 -57
- package/dist/server/api-client-core/apis/crm/users.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.d.ts +28 -40
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js +4 -3
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/events/manage-event-definitions-types.generated.d.ts +909 -945
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js +29 -30
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/events/send-event-completions-types.generated.d.ts +49 -62
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.js +4 -5
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/events-types.generated.d.ts +99 -111
- package/dist/server/api-client-core/apis/events.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/events.generated.js +4 -3
- package/dist/server/api-client-core/apis/events.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/files-types.generated.d.ts +636 -649
- package/dist/server/api-client-core/apis/files.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/files.generated.js +112 -113
- package/dist/server/api-client-core/apis/files.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.d.ts +799 -816
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.d.ts +8 -3
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js +126 -127
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/marketing-emails-types.generated.d.ts +745 -769
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js +100 -103
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/marketing-events-types.generated.d.ts +1504 -1546
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.d.ts +9 -3
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js +162 -167
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/single-send-types.generated.d.ts +91 -103
- package/dist/server/api-client-core/apis/marketing/single-send.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/marketing/single-send.generated.js +3 -2
- package/dist/server/api-client-core/apis/marketing/single-send.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/marketing/transactional-single-send-types.generated.d.ts +187 -200
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js +14 -15
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/meta/origins-types.generated.d.ts +41 -53
- package/dist/server/api-client-core/apis/meta/origins.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/meta/origins.generated.js +4 -3
- package/dist/server/api-client-core/apis/meta/origins.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/scheduler/meetings-types.generated.d.ts +850 -863
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.d.ts +4 -3
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.js +28 -29
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/settings/multicurrency-types.generated.d.ts +281 -296
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.d.ts +6 -3
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.js +32 -33
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/settings/tax-rates-types.generated.d.ts +71 -83
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.js +4 -3
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/settings/user-provisioning-types.generated.d.ts +202 -250
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js +23 -26
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/webhooks-journal-types.generated.d.ts +490 -526
- package/dist/server/api-client-core/apis/webhooks-journal.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/webhooks-journal.generated.js +65 -70
- package/dist/server/api-client-core/apis/webhooks-journal.generated.js.map +1 -1
- package/dist/server/api-client-core/apis/webhooks-types.generated.d.ts +816 -852
- package/dist/server/api-client-core/apis/webhooks.generated.d.ts +3 -3
- package/dist/server/api-client-core/apis/webhooks.generated.js +93 -98
- package/dist/server/api-client-core/apis/webhooks.generated.js.map +1 -1
- package/dist/server/api-client-core/binary-data.js.map +1 -1
- package/dist/server/api-client-core/client.js +5 -1
- package/dist/server/api-client-core/client.js.map +1 -1
- package/dist/server/api-client-core/codegen-helpers/file-op-wrappers.js.map +1 -1
- package/dist/server/api-client-core/errors.js.map +1 -1
- package/dist/server/api-client-core/op.js.map +1 -1
- package/dist/server/api-client-core/pagination.d.ts +2 -2
- package/dist/server/api-client-core/pagination.js +2 -2
- package/dist/server/api-client-core/pagination.js.map +1 -1
- package/dist/server/api-client-core/plugins/fetch-transport.js +33 -9
- package/dist/server/api-client-core/plugins/fetch-transport.js.map +1 -1
- package/dist/server/api-client-core/types.d.ts +1 -1
- package/dist/server/api-client.d.ts +184 -184
- package/dist/server/api-client.js +89 -89
- package/dist/server/constants.js +33 -6
- package/dist/server/constants.js.map +1 -1
- package/dist/server/deno/start.js.map +1 -1
- package/dist/server/hono/hono-request-handler.js +32 -23
- package/dist/server/hono/hono-request-handler.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/auth-complete.js +158 -0
- package/dist/server/hono/hubspot-connect-routes/auth-complete.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/auth-init-session.js +25 -12
- package/dist/server/hono/hubspot-connect-routes/auth-init-session.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/auth-logout.js +32 -9
- package/dist/server/hono/hubspot-connect-routes/auth-logout.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/auth-refresh.js +32 -18
- package/dist/server/hono/hubspot-connect-routes/auth-refresh.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js +4 -1
- package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/fetch-hubspot-client-metadata.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js +4 -2
- package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js +5 -5
- package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/oauth-client.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/utils.js +53 -6
- package/dist/server/hono/hubspot-connect-routes/utils.js.map +1 -1
- package/dist/server/hono/hubspot-connect-routes/whoami.js +51 -0
- package/dist/server/hono/hubspot-connect-routes/whoami.js.map +1 -0
- package/dist/server/hono/types.d.ts +9 -10
- package/dist/server/hono/utils/cookie-utils.js +2 -1
- package/dist/server/hono/utils/cookie-utils.js.map +1 -1
- package/dist/server/hono/utils/cors-middleware.js +85 -0
- package/dist/server/hono/utils/cors-middleware.js.map +1 -0
- package/dist/server/import-app-keys.js.map +1 -1
- package/dist/server/lovable/create-app-function-start.d.ts +1 -1
- package/dist/server/lovable/create-app-function-start.js +4 -6
- package/dist/server/lovable/create-app-function-start.js.map +1 -1
- package/dist/server/lovable/hubspot-connect/index.js.map +1 -1
- package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js +14 -15
- package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js.map +1 -1
- package/dist/server/sanitize-request.js +14 -11
- package/dist/server/sanitize-request.js.map +1 -1
- package/dist/server/secure-start-core.js +4 -5
- package/dist/server/secure-start-core.js.map +1 -1
- package/dist/server/shared/constants.js +22 -9
- package/dist/server/shared/constants.js.map +1 -1
- package/dist/server/shared/encoding/base64.js.map +1 -1
- package/dist/server/shared/encoding/sha256.js.map +1 -1
- package/dist/server/shared/logger.js.map +1 -1
- package/dist/server/types.d.ts +1 -35
- package/dist/server/utils/cookie-utils.js.map +1 -1
- package/dist/server/utils/dpop-utils.js.map +1 -1
- package/dist/server/utils/env-utils.js +60 -7
- package/dist/server/utils/env-utils.js.map +1 -1
- package/dist/server/utils/hubspot-dpop-auth-headers.js +38 -0
- package/dist/server/utils/hubspot-dpop-auth-headers.js.map +1 -0
- package/dist/server/utils/jwk-utils.js.map +1 -1
- package/dist/server/utils/jwt-utils.js.map +1 -1
- package/package.json +15 -21
- package/src/browser/app-connect-controller/README.md +5 -2
- package/src/browser/app-connect-controller/connect-start.test.ts +157 -0
- package/src/browser/app-connect-controller/connect-start.ts +18 -3
- package/src/browser/app-connect-controller/constants.ts +6 -4
- package/src/browser/app-connect-controller/create.ts +8 -2
- package/src/browser/app-connect-controller/disconnect.ts +5 -7
- package/src/browser/app-connect-controller/init.test.ts +275 -0
- package/src/browser/app-connect-controller/init.ts +44 -19
- package/src/browser/app-connect-controller/oauth-complete.test.ts +110 -0
- package/src/browser/app-connect-controller/oauth-complete.ts +53 -0
- package/src/browser/app-connect-controller/oauth-popup.test.ts +239 -0
- package/src/browser/app-connect-controller/oauth-popup.ts +160 -0
- package/src/browser/app-connect-controller/types.ts +3 -0
- package/src/browser/app-connect-controller/utils/iframe-utils.ts +12 -0
- package/src/browser/app-connect-controller/utils/resolve-oauth-connect-mode.test.ts +35 -0
- package/src/browser/app-connect-controller/utils/resolve-oauth-connect-mode.ts +21 -0
- package/src/browser/app-connect-controller/utils/session-utils.test.ts +73 -22
- package/src/browser/app-connect-controller/utils/session-utils.ts +74 -33
- package/src/browser/app-connect-controller/view-state.test.ts +1 -0
- package/src/browser/app-connect-controller/view-state.ts +1 -0
- package/src/browser/index.ts +1 -0
- package/src/browser/react/components/AppConnectHeader/AppConnectHeader.tsx +21 -34
- package/src/browser/react/components/ConnectButton/ConnectButton.tsx +1 -1
- package/src/browser/react/lovable/LovableHubSpotAppConnect.tsx +12 -2
- package/src/browser/types.ts +30 -5
- package/src/server/api-client-core/__tests__/errors.test.ts +309 -0
- package/src/server/api-client-core/__tests__/operation-headers.test.ts +251 -0
- package/src/server/api-client-core/apis/account/account-info-types.generated.ts +74 -88
- package/src/server/api-client-core/apis/account/account-info.generated.ts +2 -4
- package/src/server/api-client-core/apis/account/audit-logs-types.generated.ts +346 -360
- package/src/server/api-client-core/apis/account/audit-logs.generated.ts +2 -4
- package/src/server/api-client-core/apis/auth/oauth-types.generated.ts +81 -99
- package/src/server/api-client-core/apis/auth/oauth.generated.ts +1 -3
- package/src/server/api-client-core/apis/automation/actions-types.generated.ts +1162 -1188
- package/src/server/api-client-core/apis/automation/actions.generated.ts +10 -12
- package/src/server/api-client-core/apis/automation/sequences-types.generated.ts +379 -393
- package/src/server/api-client-core/apis/automation/sequences.generated.ts +1 -3
- package/src/server/api-client-core/apis/business-units-types.generated.ts +43 -59
- package/src/server/api-client-core/apis/business-units.generated.ts +9 -10
- package/src/server/api-client-core/apis/cms/authors-types.generated.ts +3823 -3853
- package/src/server/api-client-core/apis/cms/authors.generated.ts +31 -37
- package/src/server/api-client-core/apis/cms/blog-settings-types.generated.ts +3667 -3696
- package/src/server/api-client-core/apis/cms/blog-settings.generated.ts +46 -51
- package/src/server/api-client-core/apis/cms/cms-content-audit-types.generated.ts +138 -163
- package/src/server/api-client-core/apis/cms/cms-content-audit.generated.ts +2 -10
- package/src/server/api-client-core/apis/cms/domains-types.generated.ts +153 -167
- package/src/server/api-client-core/apis/cms/domains.generated.ts +2 -4
- package/src/server/api-client-core/apis/cms/hubdb-types.generated.ts +1013 -1063
- package/src/server/api-client-core/apis/cms/hubdb.generated.ts +3 -5
- package/src/server/api-client-core/apis/cms/media-bridge-types.generated.ts +8623 -8657
- package/src/server/api-client-core/apis/cms/media-bridge.generated.ts +16 -22
- package/src/server/api-client-core/apis/cms/pages-types.generated.ts +5259 -5272
- package/src/server/api-client-core/apis/cms/pages.generated.ts +262 -226
- package/src/server/api-client-core/apis/cms/posts-types.generated.ts +4420 -4438
- package/src/server/api-client-core/apis/cms/posts.generated.ts +108 -106
- package/src/server/api-client-core/apis/cms/site-search-types.generated.ts +1867 -1881
- package/src/server/api-client-core/apis/cms/site-search.generated.ts +2 -4
- package/src/server/api-client-core/apis/cms/source-code-types.generated.ts +144 -177
- package/src/server/api-client-core/apis/cms/source-code.generated.ts +15 -23
- package/src/server/api-client-core/apis/cms/tags-types.generated.ts +3820 -3845
- package/src/server/api-client-core/apis/cms/tags.generated.ts +80 -82
- package/src/server/api-client-core/apis/cms/url-mappings-types.generated.ts +188 -202
- package/src/server/api-client-core/apis/cms/url-mappings.generated.ts +2 -4
- package/src/server/api-client-core/apis/cms/url-redirects-types.generated.ts +182 -196
- package/src/server/api-client-core/apis/cms/url-redirects.generated.ts +2 -4
- package/src/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.ts +810 -828
- package/src/server/api-client-core/apis/communication-preferences/subscriptions.generated.ts +66 -63
- package/src/server/api-client-core/apis/conversations/custom-channels-types.generated.ts +564 -601
- package/src/server/api-client-core/apis/conversations/custom-channels.generated.ts +90 -86
- package/src/server/api-client-core/apis/conversations/visitor-identification-types.generated.ts +31 -44
- package/src/server/api-client-core/apis/conversations/visitor-identification.generated.ts +6 -8
- package/src/server/api-client-core/apis/conversations-types.generated.ts +955 -991
- package/src/server/api-client-core/apis/conversations.generated.ts +6 -5
- package/src/server/api-client-core/apis/crm/app-uninstalls-types.generated.ts +7 -19
- package/src/server/api-client-core/apis/crm/app-uninstalls.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/appointments-types.generated.ts +965 -969
- package/src/server/api-client-core/apis/crm/appointments.generated.ts +143 -137
- package/src/server/api-client-core/apis/crm/associations-schema-types.generated.ts +292 -322
- package/src/server/api-client-core/apis/crm/associations-schema.generated.ts +17 -19
- package/src/server/api-client-core/apis/crm/associations-types.generated.ts +657 -675
- package/src/server/api-client-core/apis/crm/associations.generated.ts +70 -70
- package/src/server/api-client-core/apis/crm/calling-extensions-types.generated.ts +417 -441
- package/src/server/api-client-core/apis/crm/calling-extensions.generated.ts +62 -69
- package/src/server/api-client-core/apis/crm/calls-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/calls.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/carts-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/carts.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/commerce-payments-types.generated.ts +847 -856
- package/src/server/api-client-core/apis/crm/commerce-payments.generated.ts +73 -73
- package/src/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.ts +844 -853
- package/src/server/api-client-core/apis/crm/commerce-subscriptions.generated.ts +50 -51
- package/src/server/api-client-core/apis/crm/communications-types.generated.ts +846 -856
- package/src/server/api-client-core/apis/crm/communications.generated.ts +73 -73
- package/src/server/api-client-core/apis/crm/companies-types.generated.ts +859 -885
- package/src/server/api-client-core/apis/crm/companies.generated.ts +44 -50
- package/src/server/api-client-core/apis/crm/contacts-types.generated.ts +875 -907
- package/src/server/api-client-core/apis/crm/contacts.generated.ts +46 -52
- package/src/server/api-client-core/apis/crm/contracts-types.generated.ts +894 -862
- package/src/server/api-client-core/apis/crm/contracts.generated.ts +66 -56
- package/src/server/api-client-core/apis/crm/courses-types.generated.ts +842 -859
- package/src/server/api-client-core/apis/crm/courses.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/crm-owners-types.generated.ts +102 -115
- package/src/server/api-client-core/apis/crm/crm-owners.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/custom-objects-types.generated.ts +900 -915
- package/src/server/api-client-core/apis/crm/custom-objects.generated.ts +128 -126
- package/src/server/api-client-core/apis/crm/deal-splits-types.generated.ts +157 -170
- package/src/server/api-client-core/apis/crm/deal-splits.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/deals-types.generated.ts +858 -875
- package/src/server/api-client-core/apis/crm/deals.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/discounts-types.generated.ts +842 -855
- package/src/server/api-client-core/apis/crm/discounts.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/emails-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/emails.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/exports-types.generated.ts +284 -314
- package/src/server/api-client-core/apis/crm/exports.generated.ts +6 -11
- package/src/server/api-client-core/apis/crm/feedback-submissions-types.generated.ts +607 -622
- package/src/server/api-client-core/apis/crm/feedback-submissions.generated.ts +84 -80
- package/src/server/api-client-core/apis/crm/fees-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/fees.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/goal-targets-types.generated.ts +845 -856
- package/src/server/api-client-core/apis/crm/goal-targets.generated.ts +50 -51
- package/src/server/api-client-core/apis/crm/imports-types.generated.ts +663 -692
- package/src/server/api-client-core/apis/crm/imports.generated.ts +2 -7
- package/src/server/api-client-core/apis/crm/invoices-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/invoices.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/leads-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/leads.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/limits-tracking-types.generated.ts +263 -275
- package/src/server/api-client-core/apis/crm/limits-tracking.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/line-items-types.generated.ts +843 -856
- package/src/server/api-client-core/apis/crm/line-items.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/listings-types.generated.ts +842 -859
- package/src/server/api-client-core/apis/crm/listings.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/lists-types.generated.ts +2794 -2845
- package/src/server/api-client-core/apis/crm/lists.generated.ts +8 -20
- package/src/server/api-client-core/apis/crm/meetings-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/meetings.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/notes-types.generated.ts +839 -856
- package/src/server/api-client-core/apis/crm/notes.generated.ts +42 -44
- package/src/server/api-client-core/apis/crm/object-library-types.generated.ts +26 -39
- package/src/server/api-client-core/apis/crm/object-library.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/objects-types.generated.ts +688 -716
- package/src/server/api-client-core/apis/crm/objects.generated.ts +79 -83
- package/src/server/api-client-core/apis/crm/orders-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/orders.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/partner-clients-types.generated.ts +721 -735
- package/src/server/api-client-core/apis/crm/partner-clients.generated.ts +60 -60
- package/src/server/api-client-core/apis/crm/partner-services-types.generated.ts +720 -734
- package/src/server/api-client-core/apis/crm/partner-services.generated.ts +60 -60
- package/src/server/api-client-core/apis/crm/pipelines-types.generated.ts +366 -388
- package/src/server/api-client-core/apis/crm/pipelines.generated.ts +2 -4
- package/src/server/api-client-core/apis/crm/postal-mail-types.generated.ts +830 -843
- package/src/server/api-client-core/apis/crm/postal-mail.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/products-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/products.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/projects-types.generated.ts +845 -875
- package/src/server/api-client-core/apis/crm/projects.generated.ts +47 -53
- package/src/server/api-client-core/apis/crm/properties-types.generated.ts +623 -626
- package/src/server/api-client-core/apis/crm/properties.generated.ts +33 -28
- package/src/server/api-client-core/apis/crm/property-validations-types.generated.ts +160 -174
- package/src/server/api-client-core/apis/crm/property-validations.generated.ts +2 -6
- package/src/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.ts +467 -494
- package/src/server/api-client-core/apis/crm/public-app-crm-cards.generated.ts +7 -15
- package/src/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.ts +166 -177
- package/src/server/api-client-core/apis/crm/public-app-feature-flags.generated.ts +6 -8
- package/src/server/api-client-core/apis/crm/quotes-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/quotes.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/schemas-types.generated.ts +613 -640
- package/src/server/api-client-core/apis/crm/schemas.generated.ts +8 -14
- package/src/server/api-client-core/apis/crm/services-types.generated.ts +832 -849
- package/src/server/api-client-core/apis/crm/services.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/tasks-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/tasks.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/taxes-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/taxes.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/tickets-types.generated.ts +848 -878
- package/src/server/api-client-core/apis/crm/tickets.generated.ts +47 -53
- package/src/server/api-client-core/apis/crm/timeline-types.generated.ts +144 -161
- package/src/server/api-client-core/apis/crm/timeline.generated.ts +6 -8
- package/src/server/api-client-core/apis/crm/transcriptions-types.generated.ts +149 -164
- package/src/server/api-client-core/apis/crm/transcriptions.generated.ts +22 -22
- package/src/server/api-client-core/apis/crm/users-types.generated.ts +829 -846
- package/src/server/api-client-core/apis/crm/users.generated.ts +45 -47
- package/src/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.ts +29 -42
- package/src/server/api-client-core/apis/crm/video-conferencing-extension.generated.ts +17 -19
- package/src/server/api-client-core/apis/events/manage-event-definitions-types.generated.ts +1509 -1558
- package/src/server/api-client-core/apis/events/manage-event-definitions.generated.ts +55 -65
- package/src/server/api-client-core/apis/events/send-event-completions-types.generated.ts +51 -68
- package/src/server/api-client-core/apis/events/send-event-completions.generated.ts +10 -10
- package/src/server/api-client-core/apis/events-types.generated.ts +97 -110
- package/src/server/api-client-core/apis/events.generated.ts +2 -4
- package/src/server/api-client-core/apis/files-types.generated.ts +727 -757
- package/src/server/api-client-core/apis/files.generated.ts +3 -5
- package/src/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.ts +1221 -1234
- package/src/server/api-client-core/apis/marketing/campaigns-public-api.generated.ts +45 -47
- package/src/server/api-client-core/apis/marketing/marketing-emails-types.generated.ts +3704 -3733
- package/src/server/api-client-core/apis/marketing/marketing-emails.generated.ts +44 -52
- package/src/server/api-client-core/apis/marketing/marketing-events-types.generated.ts +1787 -1848
- package/src/server/api-client-core/apis/marketing/marketing-events.generated.ts +236 -241
- package/src/server/api-client-core/apis/marketing/single-send-types.generated.ts +142 -155
- package/src/server/api-client-core/apis/marketing/single-send.generated.ts +2 -6
- package/src/server/api-client-core/apis/marketing/transactional-single-send-types.generated.ts +253 -269
- package/src/server/api-client-core/apis/marketing/transactional-single-send.generated.ts +32 -31
- package/src/server/api-client-core/apis/meta/origins-types.generated.ts +40 -56
- package/src/server/api-client-core/apis/meta/origins.generated.ts +2 -4
- package/src/server/api-client-core/apis/scheduler/meetings-types.generated.ts +1001 -1014
- package/src/server/api-client-core/apis/scheduler/meetings.generated.ts +6 -8
- package/src/server/api-client-core/apis/settings/multicurrency-types.generated.ts +1906 -1912
- package/src/server/api-client-core/apis/settings/multicurrency.generated.ts +64 -63
- package/src/server/api-client-core/apis/settings/tax-rates-types.generated.ts +71 -85
- package/src/server/api-client-core/apis/settings/tax-rates.generated.ts +2 -4
- package/src/server/api-client-core/apis/settings/user-provisioning-types.generated.ts +207 -257
- package/src/server/api-client-core/apis/settings/user-provisioning.generated.ts +8 -24
- package/src/server/api-client-core/apis/webhooks-journal-types.generated.ts +740 -771
- package/src/server/api-client-core/apis/webhooks-journal.generated.ts +47 -59
- package/src/server/api-client-core/apis/webhooks-types.generated.ts +1194 -1228
- package/src/server/api-client-core/apis/webhooks.generated.ts +52 -64
- package/src/server/api-client-core/client.ts +5 -1
- package/src/server/api-client-core/pagination.ts +2 -2
- package/src/server/api-client-core/plugins/fetch-transport.ts +70 -12
- package/src/server/api-client-core/types.ts +1 -1
- package/src/server/constants.ts +29 -4
- package/src/server/hono/hono-request-handler.ts +68 -27
- package/src/server/hono/hubspot-connect-routes/auth-complete.test.ts +394 -0
- package/src/server/hono/hubspot-connect-routes/{auth-callback.ts → auth-complete.ts} +81 -30
- package/src/server/hono/hubspot-connect-routes/auth-init-session.test.ts +114 -30
- package/src/server/hono/hubspot-connect-routes/auth-init-session.ts +35 -10
- package/src/server/hono/hubspot-connect-routes/auth-logout.test.ts +13 -0
- package/src/server/hono/hubspot-connect-routes/auth-logout.ts +39 -10
- package/src/server/hono/hubspot-connect-routes/auth-refresh.test.ts +6 -0
- package/src/server/hono/hubspot-connect-routes/auth-refresh.ts +24 -9
- package/src/server/hono/hubspot-connect-routes/cimd-public-routes.test.ts +7 -6
- package/src/server/hono/hubspot-connect-routes/cimd-public-routes.ts +5 -1
- package/src/server/hono/hubspot-connect-routes/hubspot-connect-routes.ts +11 -3
- package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.test.ts +17 -24
- package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.ts +8 -8
- package/src/server/hono/hubspot-connect-routes/utils.test.ts +16 -46
- package/src/server/hono/hubspot-connect-routes/utils.ts +61 -5
- package/src/server/hono/hubspot-connect-routes/whoami.ts +74 -0
- package/src/server/hono/types.ts +11 -10
- package/src/server/hono/utils/cookie-utils.ts +27 -2
- package/src/server/hono/utils/cors-middleware.test.ts +80 -0
- package/src/server/hono/utils/cors-middleware.ts +95 -0
- package/src/server/lovable/create-app-function-start.ts +4 -7
- package/src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts +21 -16
- package/src/server/sanitize-request.ts +15 -12
- package/src/server/secure-start-core.ts +7 -6
- package/src/server/types.ts +2 -38
- package/src/server/utils/env-utils.test.ts +140 -12
- package/src/server/utils/env-utils.ts +80 -6
- package/src/server/utils/hubspot-dpop-auth-headers.test.ts +43 -0
- package/src/server/utils/hubspot-dpop-auth-headers.ts +48 -0
- package/src/shared/constants.ts +40 -3
- package/src/shared/wire-types.ts +49 -0
- package/dist/browser/HubSpotAppConnect-BW45gyDs.js.map +0 -1
- package/dist/browser/create-vctOhpX9.js.map +0 -1
- package/dist/server/hono/hubspot-connect-routes/auth-callback.js +0 -125
- package/dist/server/hono/hubspot-connect-routes/auth-callback.js.map +0 -1
- package/dist/server/proxy.js +0 -68
- package/dist/server/proxy.js.map +0 -1
- package/src/server/hono/hubspot-connect-routes/auth-callback.test.ts +0 -225
- package/src/server/proxy.test.ts +0 -80
- package/src/server/proxy.ts +0 -116
|
@@ -1,17 +1,30 @@
|
|
|
1
1
|
//#region src/shared/constants.ts
|
|
2
2
|
/**
|
|
3
|
-
*
|
|
4
|
-
*
|
|
5
|
-
*
|
|
3
|
+
* Path the browser visits after HubSpot's authorize endpoint
|
|
4
|
+
* redirects back to the app. Mounted on the **frontend** origin (not
|
|
5
|
+
* the SDK's edge function host) so all OAuth-related cookies live in
|
|
6
|
+
* the `(frontend, edge)` CHIPS partition.
|
|
7
|
+
*
|
|
8
|
+
* The SDK's `auth/init-session` builds the OAuth `redirect_uri` as
|
|
9
|
+
* `${requestOrigin}${HUBSPOT_FRONTEND_CALLBACK_PATH}`. The browser
|
|
10
|
+
* controller, on `start()`, recognizes this path on `window.location`
|
|
11
|
+
* and forwards `?code` + `?state` to the SDK's `auth/complete`
|
|
12
|
+
* endpoint via a credentialed cross-site fetch. The host app must
|
|
13
|
+
* register `${app_origin}${HUBSPOT_FRONTEND_CALLBACK_PATH}` as a
|
|
14
|
+
* redirect URI in its HubSpot app settings.
|
|
6
15
|
*/
|
|
16
|
+
const OAUTH_CALLBACK_PATH = "/__hubspot_oauth_callback";
|
|
7
17
|
/**
|
|
8
|
-
* Query parameter on the
|
|
9
|
-
*
|
|
10
|
-
* the `auth/callback` redirect; the browser parses it during `initSdk`
|
|
11
|
-
* and then strips it from the URL via `history.replaceState`.
|
|
18
|
+
* Query parameter on the `auth/complete` POST request carrying the
|
|
19
|
+
* authorization `code` HubSpot returned to the frontend callback.
|
|
12
20
|
*/
|
|
13
|
-
const
|
|
21
|
+
const AUTH_COMPLETE_CODE_PARAM = "code";
|
|
22
|
+
/**
|
|
23
|
+
* Query parameter on the `auth/complete` POST request carrying the
|
|
24
|
+
* OAuth `state` HubSpot echoed back to the frontend callback.
|
|
25
|
+
*/
|
|
26
|
+
const AUTH_COMPLETE_STATE_PARAM = "state";
|
|
14
27
|
//#endregion
|
|
15
|
-
export {
|
|
28
|
+
export { AUTH_COMPLETE_CODE_PARAM, AUTH_COMPLETE_STATE_PARAM, OAUTH_CALLBACK_PATH };
|
|
16
29
|
|
|
17
30
|
//# sourceMappingURL=constants.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"constants.js","names":[],"sources":["../../../src/shared/constants.ts"],"sourcesContent":["/**\n * Constants whose values are part of the contract between the browser\n * controller and the server-side hubspot-connect routes. Both halves\n * import from this module so the wire format stays in sync.\n */\n\n/**\n * Query parameter on the OAuth return URL that carries the new access\n * token's expiry (Unix epoch milliseconds). The
|
|
1
|
+
{"version":3,"file":"constants.js","names":[],"sources":["../../../src/shared/constants.ts"],"sourcesContent":["/**\n * Constants whose values are part of the contract between the browser\n * controller and the server-side hubspot-connect routes. Both halves\n * import from this module so the wire format stays in sync.\n */\n\n/**\n * Query parameter on the OAuth return URL that carries the new access\n * token's expiry (Unix epoch milliseconds). The browser controller\n * sets this in the URL after a successful `auth/complete` call and\n * then strips it during `initAppConnect` via `history.replaceState`.\n */\nexport const EXPIRES_AT_URL_PARAM = '__hs_expires_at';\n\n/**\n * Path the browser visits after HubSpot's authorize endpoint\n * redirects back to the app. Mounted on the **frontend** origin (not\n * the SDK's edge function host) so all OAuth-related cookies live in\n * the `(frontend, edge)` CHIPS partition.\n *\n * The SDK's `auth/init-session` builds the OAuth `redirect_uri` as\n * `${requestOrigin}${HUBSPOT_FRONTEND_CALLBACK_PATH}`. The browser\n * controller, on `start()`, recognizes this path on `window.location`\n * and forwards `?code` + `?state` to the SDK's `auth/complete`\n * endpoint via a credentialed cross-site fetch. The host app must\n * register `${app_origin}${HUBSPOT_FRONTEND_CALLBACK_PATH}` as a\n * redirect URI in its HubSpot app settings.\n */\nexport const OAUTH_CALLBACK_PATH = '/__hubspot_oauth_callback';\n\n/**\n * Query parameter on the `auth/complete` POST request carrying the\n * authorization `code` HubSpot returned to the frontend callback.\n */\nexport const AUTH_COMPLETE_CODE_PARAM = 'code';\n\n/**\n * Query parameter on the `auth/complete` POST request carrying the\n * OAuth `state` HubSpot echoed back to the frontend callback.\n */\nexport const AUTH_COMPLETE_STATE_PARAM = 'state';\n\n/**\n * `postMessage` `data.type` value the OAuth popup sends to its opener\n * with the authorization `code` and `state` from the callback URL. The\n * opener POSTs them to `auth/complete` so credentialed cookies stay in\n * the same CHIPS partition as `auth/init-session`.\n */\nexport const OAUTH_POPUP_CALLBACK_MESSAGE_TYPE =\n 'hubspot-app-connect:oauth-callback';\n"],"mappings":";;;;;;;;;;;;;;;AA4BA,MAAa,sBAAsB;;;;;AAMnC,MAAa,2BAA2B;;;;;AAMxC,MAAa,4BAA4B"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"base64.js","names":[],"sources":["../../../../src/shared/encoding/base64.ts"],"sourcesContent":["/**\n * Base64url encoding and decoding helpers shared by the browser and\n * server halves of `@hubspot/app-connect-sdk`.\n *\n * Base64url (RFC 4648 §5) replaces `+`/`/` with `-`/`_` and drops `=`\n * padding. JWT, DPoP, and JWK thumbprints all use this variant.\n */\n\n/**\n * Encodes a binary buffer as a base64url string (RFC 4648 §5).\n */\nexport function base64url(input: ArrayBuffer | Uint8Array): string {\n const bytes = input instanceof Uint8Array ? input : new Uint8Array(input);\n let binary = '';\n for (const byte of bytes) {\n binary += String.fromCharCode(byte);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\n/**\n * Decodes a base64url string into a `Uint8Array`. Tolerates missing\n * padding by re-adding it before delegating to `atob`.\n */\nexport function base64urlDecode(encoded: string): Uint8Array<ArrayBuffer> {\n const padLen = (4 - (encoded.length % 4)) % 4;\n const padded =\n encoded.replace(/-/g, '+').replace(/_/g, '/') + '='.repeat(padLen);\n const binary = atob(padded);\n const out = new Uint8Array(new ArrayBuffer(binary.length));\n for (let i = 0; i < binary.length; i++) {\n out[i] = binary.charCodeAt(i) ?? 0;\n }\n return out;\n}\n\n/**\n * Decodes a *standard* base64 string (with `+`/`/` and required `=`\n * padding) into an `ArrayBuffer`. Used for PKCS8-encoded private keys\n * stored in environment variables.\n */\nexport function base64StandardToArrayBuffer(b64: string): ArrayBuffer {\n const bin = atob(b64);\n const buf = new ArrayBuffer(bin.length);\n const view = new Uint8Array(buf);\n for (let i = 0; i < bin.length; i++) {\n view[i] = bin.charCodeAt(i) ?? 0;\n }\n return buf;\n}\n"],"mappings":";;;;;;;;;;;AAWA,SAAgB,UAAU,OAAyC;CACjE,MAAM,QAAQ,iBAAiB,aAAa,QAAQ,IAAI,WAAW,
|
|
1
|
+
{"version":3,"file":"base64.js","names":[],"sources":["../../../../src/shared/encoding/base64.ts"],"sourcesContent":["/**\n * Base64url encoding and decoding helpers shared by the browser and\n * server halves of `@hubspot/app-connect-sdk`.\n *\n * Base64url (RFC 4648 §5) replaces `+`/`/` with `-`/`_` and drops `=`\n * padding. JWT, DPoP, and JWK thumbprints all use this variant.\n */\n\n/**\n * Encodes a binary buffer as a base64url string (RFC 4648 §5).\n */\nexport function base64url(input: ArrayBuffer | Uint8Array): string {\n const bytes = input instanceof Uint8Array ? input : new Uint8Array(input);\n let binary = '';\n for (const byte of bytes) {\n binary += String.fromCharCode(byte);\n }\n return btoa(binary).replace(/\\+/g, '-').replace(/\\//g, '_').replace(/=/g, '');\n}\n\n/**\n * Decodes a base64url string into a `Uint8Array`. Tolerates missing\n * padding by re-adding it before delegating to `atob`.\n */\nexport function base64urlDecode(encoded: string): Uint8Array<ArrayBuffer> {\n const padLen = (4 - (encoded.length % 4)) % 4;\n const padded =\n encoded.replace(/-/g, '+').replace(/_/g, '/') + '='.repeat(padLen);\n const binary = atob(padded);\n const out = new Uint8Array(new ArrayBuffer(binary.length));\n for (let i = 0; i < binary.length; i++) {\n out[i] = binary.charCodeAt(i) ?? 0;\n }\n return out;\n}\n\n/**\n * Decodes a *standard* base64 string (with `+`/`/` and required `=`\n * padding) into an `ArrayBuffer`. Used for PKCS8-encoded private keys\n * stored in environment variables.\n */\nexport function base64StandardToArrayBuffer(b64: string): ArrayBuffer {\n const bin = atob(b64);\n const buf = new ArrayBuffer(bin.length);\n const view = new Uint8Array(buf);\n for (let i = 0; i < bin.length; i++) {\n view[i] = bin.charCodeAt(i) ?? 0;\n }\n return buf;\n}\n"],"mappings":";;;;;;;;;;;AAWA,SAAgB,UAAU,OAAyC;CACjE,MAAM,QAAQ,iBAAiB,aAAa,QAAQ,IAAI,WAAW,KAAK;CACxE,IAAI,SAAS;CACb,KAAK,MAAM,QAAQ,OACjB,UAAU,OAAO,aAAa,IAAI;CAEpC,OAAO,KAAK,MAAM,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,OAAO,GAAG,EAAE,QAAQ,MAAM,EAAE;AAC9E;;;;;AAMA,SAAgB,gBAAgB,SAA0C;CACxE,MAAM,UAAU,IAAK,QAAQ,SAAS,KAAM;CAC5C,MAAM,SACJ,QAAQ,QAAQ,MAAM,GAAG,EAAE,QAAQ,MAAM,GAAG,IAAI,IAAI,OAAO,MAAM;CACnE,MAAM,SAAS,KAAK,MAAM;CAC1B,MAAM,MAAM,IAAI,WAAW,IAAI,YAAY,OAAO,MAAM,CAAC;CACzD,KAAK,IAAI,IAAI,GAAG,IAAI,OAAO,QAAQ,KACjC,IAAI,KAAK,OAAO,WAAW,CAAC,KAAK;CAEnC,OAAO;AACT;;;;;;AAOA,SAAgB,4BAA4B,KAA0B;CACpE,MAAM,MAAM,KAAK,GAAG;CACpB,MAAM,MAAM,IAAI,YAAY,IAAI,MAAM;CACtC,MAAM,OAAO,IAAI,WAAW,GAAG;CAC/B,KAAK,IAAI,IAAI,GAAG,IAAI,IAAI,QAAQ,KAC9B,KAAK,KAAK,IAAI,WAAW,CAAC,KAAK;CAEjC,OAAO;AACT"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sha256.js","names":[],"sources":["../../../../src/shared/encoding/sha256.ts"],"sourcesContent":["import { base64url } from './base64.ts';\n\n/**\n * Hashes a UTF-8 string with SHA-256 and encodes the digest as\n * base64url. Used to compute DPoP `ath`/`sid` claims, JWK thumbprints\n * (RFC 7638), and PKCE code challenges.\n */\nexport async function sha256base64url(input: string): Promise<string> {\n const digest = await crypto.subtle.digest(\n 'SHA-256',\n new TextEncoder().encode(input)\n );\n return base64url(new Uint8Array(digest));\n}\n"],"mappings":";;;;;;;AAOA,eAAsB,gBAAgB,OAAgC;CACpE,MAAM,SAAS,MAAM,OAAO,OAAO,OACjC,WACA,IAAI,
|
|
1
|
+
{"version":3,"file":"sha256.js","names":[],"sources":["../../../../src/shared/encoding/sha256.ts"],"sourcesContent":["import { base64url } from './base64.ts';\n\n/**\n * Hashes a UTF-8 string with SHA-256 and encodes the digest as\n * base64url. Used to compute DPoP `ath`/`sid` claims, JWK thumbprints\n * (RFC 7638), and PKCE code challenges.\n */\nexport async function sha256base64url(input: string): Promise<string> {\n const digest = await crypto.subtle.digest(\n 'SHA-256',\n new TextEncoder().encode(input)\n );\n return base64url(new Uint8Array(digest));\n}\n"],"mappings":";;;;;;;AAOA,eAAsB,gBAAgB,OAAgC;CACpE,MAAM,SAAS,MAAM,OAAO,OAAO,OACjC,WACA,IAAI,YAAY,EAAE,OAAO,KAAK,CAChC;CACA,OAAO,UAAU,IAAI,WAAW,MAAM,CAAC;AACzC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"logger.js","names":[],"sources":["../../../src/shared/logger.ts"],"sourcesContent":["/**\n * Pluggable logger contract used by the SDK on both the browser and\n * server. Consumers can pass `console`-like loggers, structured\n * loggers (pino / winston / etc.) or no-op stubs in tests.\n */\nexport interface Logger {\n debug: (message: string, ...args: unknown[]) => void;\n info: (message: string, ...args: unknown[]) => void;\n warn: (message: string, ...args: unknown[]) => void;\n error: (message: string, ...args: unknown[]) => void;\n}\n\nfunction formatPrefix(name: string): string {\n return `[${name}]`;\n}\n\n/**\n * Creates a console-backed logger that prefixes every line with the\n * supplied `name`. Used as the default when no custom logger is\n * provided.\n */\nexport function createLogger(name: string): Logger {\n const prefix = formatPrefix(name);\n return {\n debug: (message, ...args) => {\n console.debug(prefix, message, ...args);\n },\n info: (message, ...args) => {\n console.info(prefix, message, ...args);\n },\n warn: (message, ...args) => {\n console.warn(prefix, message, ...args);\n },\n error: (message, ...args) => {\n console.error(prefix, message, ...args);\n },\n };\n}\n\n/**\n * Logger that swallows every message. Convenient for tests and for\n * the SDK's server-side handlers when no logger is provided by the\n * host application.\n */\nexport const noopLogger: Logger = {\n debug: () => {},\n info: () => {},\n warn: () => {},\n error: () => {},\n};\n"],"mappings":";;;;;;AA4CA,MAAa,aAAqB;CAChC,aAAa;
|
|
1
|
+
{"version":3,"file":"logger.js","names":[],"sources":["../../../src/shared/logger.ts"],"sourcesContent":["/**\n * Pluggable logger contract used by the SDK on both the browser and\n * server. Consumers can pass `console`-like loggers, structured\n * loggers (pino / winston / etc.) or no-op stubs in tests.\n */\nexport interface Logger {\n debug: (message: string, ...args: unknown[]) => void;\n info: (message: string, ...args: unknown[]) => void;\n warn: (message: string, ...args: unknown[]) => void;\n error: (message: string, ...args: unknown[]) => void;\n}\n\nfunction formatPrefix(name: string): string {\n return `[${name}]`;\n}\n\n/**\n * Creates a console-backed logger that prefixes every line with the\n * supplied `name`. Used as the default when no custom logger is\n * provided.\n */\nexport function createLogger(name: string): Logger {\n const prefix = formatPrefix(name);\n return {\n debug: (message, ...args) => {\n console.debug(prefix, message, ...args);\n },\n info: (message, ...args) => {\n console.info(prefix, message, ...args);\n },\n warn: (message, ...args) => {\n console.warn(prefix, message, ...args);\n },\n error: (message, ...args) => {\n console.error(prefix, message, ...args);\n },\n };\n}\n\n/**\n * Logger that swallows every message. Convenient for tests and for\n * the SDK's server-side handlers when no logger is provided by the\n * host application.\n */\nexport const noopLogger: Logger = {\n debug: () => {},\n info: () => {},\n warn: () => {},\n error: () => {},\n};\n"],"mappings":";;;;;;AA4CA,MAAa,aAAqB;CAChC,aAAa,CAAC;CACd,YAAY,CAAC;CACb,YAAY,CAAC;CACb,aAAa,CAAC;AAChB"}
|
package/dist/server/types.d.ts
CHANGED
|
@@ -10,40 +10,6 @@ interface AppKeys {
|
|
|
10
10
|
/** Public key in JWK form. Used to derive the JWK thumbprint and `cnf`. */
|
|
11
11
|
appPublicKeyJwk: JsonWebKey;
|
|
12
12
|
}
|
|
13
|
-
/**
|
|
14
|
-
* Request shape accepted by `HubSpotProxy.fetch`. Only the `path`
|
|
15
|
-
* is required; everything else mirrors the equivalent fetch fields.
|
|
16
|
-
*/
|
|
17
|
-
interface HubSpotProxyRequest {
|
|
18
|
-
/** Path component of the upstream URL, including leading slash. */
|
|
19
|
-
path: string;
|
|
20
|
-
/** HTTP method. Defaults to `GET`. */
|
|
21
|
-
method?: string;
|
|
22
|
-
/**
|
|
23
|
-
* Extra request headers. The proxy adds `Authorization` itself
|
|
24
|
-
* (`DPoP` access token plus `DPoP` proof when `HUBSPOT_DPOP_ENABLED` is
|
|
25
|
-
* not `"false"` and `appKeys` is non-null; otherwise `Bearer` only).
|
|
26
|
-
*/
|
|
27
|
-
headers?: Record<string, string>;
|
|
28
|
-
/** Optional request body. Pass `null`/`undefined` for empty bodies. */
|
|
29
|
-
body?: string | null | undefined;
|
|
30
|
-
}
|
|
31
|
-
/**
|
|
32
|
-
* Authenticated proxy returned by `createHubSpotProxy`. Use it
|
|
33
|
-
* inside Hono handlers (via `c.env.hubSpotProxy`) to call
|
|
34
|
-
* HubSpot's API on behalf of the browser session that issued the
|
|
35
|
-
* incoming request.
|
|
36
|
-
*/
|
|
37
|
-
interface HubSpotProxy {
|
|
38
|
-
/**
|
|
39
|
-
* `true` when the session cookies present on the inbound request
|
|
40
|
-
* yielded a usable access token. When `false`, every `fetch()` call
|
|
41
|
-
* returns a 401 without contacting the upstream.
|
|
42
|
-
*/
|
|
43
|
-
authenticated: boolean;
|
|
44
|
-
/** Performs an authenticated upstream request. */
|
|
45
|
-
fetch: (request: HubSpotProxyRequest) => Promise<Response>;
|
|
46
|
-
}
|
|
47
13
|
/**
|
|
48
14
|
* RFC 7517 JWK Set. Returned by HubSpot's `/oauth/v1/jwks` endpoint
|
|
49
15
|
* and used to verify access tokens on the resource server.
|
|
@@ -52,5 +18,5 @@ interface JwkSet {
|
|
|
52
18
|
keys: JsonWebKey[];
|
|
53
19
|
}
|
|
54
20
|
//#endregion
|
|
55
|
-
export { AppKeys,
|
|
21
|
+
export { AppKeys, JwkSet };
|
|
56
22
|
//# sourceMappingURL=types.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"cookie-utils.js","names":[],"sources":["../../../src/server/utils/cookie-utils.ts"],"sourcesContent":["/**\n * Parses an HTTP `Cookie` request header into a `name -> value` map.\n * Tolerates leading/trailing whitespace, missing `=` (treats the\n * cookie value as empty), and duplicate names (last write wins).\n *\n * Returns an empty object when `cookieHeader` is `null`/`undefined`\n * /empty so callers don't have to null-check the input.\n */\nexport function parseCookies(\n cookieHeader: string | null | undefined\n): Record<string, string> {\n if (!cookieHeader) return {};\n return Object.fromEntries(\n cookieHeader\n .split(';')\n .map((pair) => {\n const eqIdx = pair.indexOf('=');\n if (eqIdx === -1) return [pair.trim(), ''] as [string, string];\n return [pair.slice(0, eqIdx).trim(), pair.slice(eqIdx + 1).trim()] as [\n string,\n string,\n ];\n })\n .filter(([name]) => name.length > 0)\n );\n}\n"],"mappings":";;;;;;;;;AAQA,SAAgB,aACd,cACwB;CACxB,IAAI,CAAC,cAAc,OAAO,
|
|
1
|
+
{"version":3,"file":"cookie-utils.js","names":[],"sources":["../../../src/server/utils/cookie-utils.ts"],"sourcesContent":["/**\n * Parses an HTTP `Cookie` request header into a `name -> value` map.\n * Tolerates leading/trailing whitespace, missing `=` (treats the\n * cookie value as empty), and duplicate names (last write wins).\n *\n * Returns an empty object when `cookieHeader` is `null`/`undefined`\n * /empty so callers don't have to null-check the input.\n */\nexport function parseCookies(\n cookieHeader: string | null | undefined\n): Record<string, string> {\n if (!cookieHeader) return {};\n return Object.fromEntries(\n cookieHeader\n .split(';')\n .map((pair) => {\n const eqIdx = pair.indexOf('=');\n if (eqIdx === -1) return [pair.trim(), ''] as [string, string];\n return [pair.slice(0, eqIdx).trim(), pair.slice(eqIdx + 1).trim()] as [\n string,\n string,\n ];\n })\n .filter(([name]) => name.length > 0)\n );\n}\n"],"mappings":";;;;;;;;;AAQA,SAAgB,aACd,cACwB;CACxB,IAAI,CAAC,cAAc,OAAO,CAAC;CAC3B,OAAO,OAAO,YACZ,aACG,MAAM,GAAG,EACT,KAAK,SAAS;EACb,MAAM,QAAQ,KAAK,QAAQ,GAAG;EAC9B,IAAI,UAAU,IAAI,OAAO,CAAC,KAAK,KAAK,GAAG,EAAE;EACzC,OAAO,CAAC,KAAK,MAAM,GAAG,KAAK,EAAE,KAAK,GAAG,KAAK,MAAM,QAAQ,CAAC,EAAE,KAAK,CAAC;CAInE,CAAC,EACA,QAAQ,CAAC,UAAU,KAAK,SAAS,CAAC,CACvC;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"dpop-utils.js","names":[],"sources":["../../../src/server/utils/dpop-utils.ts"],"sourcesContent":["import { type AppKeys } from '../types.ts';\nimport { base64urlDecode } from './base64-utils.ts';\nimport { getJwkThumbprint } from './jwk-utils.ts';\nimport { decodeAndVerifyJwt, encodeAndSignJwt } from './jwt-utils.ts';\n\n/**\n * Claims that go into a DPoP proof JWT (RFC 9449 §4.2). Extra\n * properties pass through to the encoder unchanged so callers can\n * include implementation-specific claims.\n */\nexport interface DpopClaims {\n /** HTTP method of the protected request, uppercase. */\n htm: string;\n /** Target URI of the protected request, fully-qualified. */\n htu: string;\n /** Unique proof identifier (RFC 9449 §4.2, recommended UUID). */\n jti: string;\n /** Issuance time, Unix epoch seconds. */\n iat: number;\n /**\n * Hash of the access token presented alongside this proof, if any\n * (RFC 9449 §4.2). Required for resource-server DPoP.\n */\n ath?: string;\n /**\n * App session ID hash. Custom HubSpot extension that lets the auth\n * server bind tokens to the browser session that minted them.\n */\n sid?: string;\n [key: string]: unknown;\n}\n\nfunction ecPublicJwkForDpopHeader(jwk: JsonWebKey): JsonWebKey {\n if (\n jwk.kty !== 'EC' ||\n jwk.crv !== 'P-256' ||\n typeof jwk.x !== 'string' ||\n typeof jwk.y !== 'string'\n ) {\n throw new Error('Expected P-256 EC public JWK');\n }\n return {\n kty: 'EC',\n crv: 'P-256',\n x: jwk.x,\n y: jwk.y,\n };\n}\n\nexport interface SignDpopProofOptions {\n /** App key material produced by `secureStart`. */\n appKeys: AppKeys;\n /** Claims to include in the DPoP proof. */\n claims: DpopClaims;\n}\n\n/**\n * Mints a DPoP proof JWT (RFC 9449) signed with the app's private\n * key. The header is set to `typ=dpop+jwt`, `alg=ES256`, and embeds\n * the public JWK so the receiver can verify the signature without\n * out-of-band key distribution.\n */\nexport async function signDpopProof(\n options: SignDpopProofOptions\n): Promise<string> {\n const { appKeys, claims } = options;\n const publicJwk = ecPublicJwkForDpopHeader(appKeys.appPublicKeyJwk);\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk },\n payload: claims,\n privateKey: appKeys.appPrivateKey,\n });\n}\n\n/**\n * Result of a successful {@link verifyDpopProof} call.\n */\nexport interface VerifiedDpopProof {\n /** Public JWK extracted from the proof's header. */\n publicKeyJwk: JsonWebKey;\n /** RFC 7638 JWK thumbprint of `publicKeyJwk`. */\n jkt: string;\n /** Decoded claims from the proof's payload. */\n claims: DpopClaims;\n}\n\nexport interface VerifyDpopProofOptions {\n /** The compact-serialized DPoP proof. */\n proof: string;\n /** Expected HTTP method (RFC 9449 `htm` claim). */\n htm: string;\n /** Expected request URI (RFC 9449 `htu` claim). */\n htu: string;\n /** Expected access-token hash (RFC 9449 `ath` claim). */\n ath?: string;\n /** Expected app-session-ID hash (`sid` claim). */\n sid?: string;\n}\n\ninterface DpopProofHeader {\n typ?: string;\n alg?: string;\n jwk?: JsonWebKey;\n}\n\n/**\n * Verifies a DPoP proof JWT and returns the embedded public JWK,\n * its thumbprint, and the decoded claims.\n *\n * Enforces RFC 9449's required checks:\n *\n * - `typ=dpop+jwt`, `alg=ES256`, and a JWK in the header.\n * - Signature is valid against the embedded JWK.\n * - `htm`, `htu`, and (when supplied) `ath`/`sid` match.\n * - `iat` is within ±5 minutes of \"now\".\n *\n * @throws {Error} If any of the above checks fail.\n */\nexport async function verifyDpopProof(\n options: VerifyDpopProofOptions\n): Promise<VerifiedDpopProof> {\n const { proof, htm, htu, ath, sid } = options;\n const parts = proof.split('.');\n if (parts.length !== 3) throw new Error('Invalid DPoP proof format');\n\n const encodedHeader = parts[0];\n if (!encodedHeader) throw new Error('Missing DPoP header');\n\n const header = JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedHeader))\n ) as DpopProofHeader;\n\n if (header.typ !== 'dpop+jwt') throw new Error('Invalid DPoP typ header');\n if (header.alg !== 'ES256') throw new Error('Unsupported DPoP algorithm');\n const publicKeyJwk = header.jwk;\n if (!publicKeyJwk) throw new Error('Missing jwk in DPoP header');\n\n const payload = await decodeAndVerifyJwt({ token: proof, publicKeyJwk });\n const claims = payload as unknown as DpopClaims;\n\n if (claims.htm !== htm) {\n throw new Error(`DPoP htm mismatch: expected ${htm}, got ${claims.htm}`);\n }\n if (claims.htu !== htu) {\n throw new Error(`DPoP htu mismatch: expected ${htu}, got ${claims.htu}`);\n }\n if (ath !== undefined && claims.ath !== ath) {\n throw new Error('DPoP ath mismatch');\n }\n if (sid !== undefined && claims.sid !== sid) {\n throw new Error('DPoP sid mismatch');\n }\n\n const now = Math.floor(Date.now() / 1000);\n if (Math.abs(now - claims.iat) > 300) {\n throw new Error('DPoP proof expired or too far in future');\n }\n\n const jkt = await getJwkThumbprint({ publicKeyJwk });\n return { publicKeyJwk, jkt, claims };\n}\n"],"mappings":";;;;AAgCA,SAAS,yBAAyB,KAA6B;CAC7D,IACE,IAAI,QAAQ,QACZ,IAAI,QAAQ,WACZ,OAAO,IAAI,MAAM,YACjB,OAAO,IAAI,MAAM,UAEjB,MAAM,IAAI,MAAM
|
|
1
|
+
{"version":3,"file":"dpop-utils.js","names":[],"sources":["../../../src/server/utils/dpop-utils.ts"],"sourcesContent":["import { type AppKeys } from '../types.ts';\nimport { base64urlDecode } from './base64-utils.ts';\nimport { getJwkThumbprint } from './jwk-utils.ts';\nimport { decodeAndVerifyJwt, encodeAndSignJwt } from './jwt-utils.ts';\n\n/**\n * Claims that go into a DPoP proof JWT (RFC 9449 §4.2). Extra\n * properties pass through to the encoder unchanged so callers can\n * include implementation-specific claims.\n */\nexport interface DpopClaims {\n /** HTTP method of the protected request, uppercase. */\n htm: string;\n /** Target URI of the protected request, fully-qualified. */\n htu: string;\n /** Unique proof identifier (RFC 9449 §4.2, recommended UUID). */\n jti: string;\n /** Issuance time, Unix epoch seconds. */\n iat: number;\n /**\n * Hash of the access token presented alongside this proof, if any\n * (RFC 9449 §4.2). Required for resource-server DPoP.\n */\n ath?: string;\n /**\n * App session ID hash. Custom HubSpot extension that lets the auth\n * server bind tokens to the browser session that minted them.\n */\n sid?: string;\n [key: string]: unknown;\n}\n\nfunction ecPublicJwkForDpopHeader(jwk: JsonWebKey): JsonWebKey {\n if (\n jwk.kty !== 'EC' ||\n jwk.crv !== 'P-256' ||\n typeof jwk.x !== 'string' ||\n typeof jwk.y !== 'string'\n ) {\n throw new Error('Expected P-256 EC public JWK');\n }\n return {\n kty: 'EC',\n crv: 'P-256',\n x: jwk.x,\n y: jwk.y,\n };\n}\n\nexport interface SignDpopProofOptions {\n /** App key material produced by `secureStart`. */\n appKeys: AppKeys;\n /** Claims to include in the DPoP proof. */\n claims: DpopClaims;\n}\n\n/**\n * Mints a DPoP proof JWT (RFC 9449) signed with the app's private\n * key. The header is set to `typ=dpop+jwt`, `alg=ES256`, and embeds\n * the public JWK so the receiver can verify the signature without\n * out-of-band key distribution.\n */\nexport async function signDpopProof(\n options: SignDpopProofOptions\n): Promise<string> {\n const { appKeys, claims } = options;\n const publicJwk = ecPublicJwkForDpopHeader(appKeys.appPublicKeyJwk);\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk },\n payload: claims,\n privateKey: appKeys.appPrivateKey,\n });\n}\n\n/**\n * Result of a successful {@link verifyDpopProof} call.\n */\nexport interface VerifiedDpopProof {\n /** Public JWK extracted from the proof's header. */\n publicKeyJwk: JsonWebKey;\n /** RFC 7638 JWK thumbprint of `publicKeyJwk`. */\n jkt: string;\n /** Decoded claims from the proof's payload. */\n claims: DpopClaims;\n}\n\nexport interface VerifyDpopProofOptions {\n /** The compact-serialized DPoP proof. */\n proof: string;\n /** Expected HTTP method (RFC 9449 `htm` claim). */\n htm: string;\n /** Expected request URI (RFC 9449 `htu` claim). */\n htu: string;\n /** Expected access-token hash (RFC 9449 `ath` claim). */\n ath?: string;\n /** Expected app-session-ID hash (`sid` claim). */\n sid?: string;\n}\n\ninterface DpopProofHeader {\n typ?: string;\n alg?: string;\n jwk?: JsonWebKey;\n}\n\n/**\n * Verifies a DPoP proof JWT and returns the embedded public JWK,\n * its thumbprint, and the decoded claims.\n *\n * Enforces RFC 9449's required checks:\n *\n * - `typ=dpop+jwt`, `alg=ES256`, and a JWK in the header.\n * - Signature is valid against the embedded JWK.\n * - `htm`, `htu`, and (when supplied) `ath`/`sid` match.\n * - `iat` is within ±5 minutes of \"now\".\n *\n * @throws {Error} If any of the above checks fail.\n */\nexport async function verifyDpopProof(\n options: VerifyDpopProofOptions\n): Promise<VerifiedDpopProof> {\n const { proof, htm, htu, ath, sid } = options;\n const parts = proof.split('.');\n if (parts.length !== 3) throw new Error('Invalid DPoP proof format');\n\n const encodedHeader = parts[0];\n if (!encodedHeader) throw new Error('Missing DPoP header');\n\n const header = JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedHeader))\n ) as DpopProofHeader;\n\n if (header.typ !== 'dpop+jwt') throw new Error('Invalid DPoP typ header');\n if (header.alg !== 'ES256') throw new Error('Unsupported DPoP algorithm');\n const publicKeyJwk = header.jwk;\n if (!publicKeyJwk) throw new Error('Missing jwk in DPoP header');\n\n const payload = await decodeAndVerifyJwt({ token: proof, publicKeyJwk });\n const claims = payload as unknown as DpopClaims;\n\n if (claims.htm !== htm) {\n throw new Error(`DPoP htm mismatch: expected ${htm}, got ${claims.htm}`);\n }\n if (claims.htu !== htu) {\n throw new Error(`DPoP htu mismatch: expected ${htu}, got ${claims.htu}`);\n }\n if (ath !== undefined && claims.ath !== ath) {\n throw new Error('DPoP ath mismatch');\n }\n if (sid !== undefined && claims.sid !== sid) {\n throw new Error('DPoP sid mismatch');\n }\n\n const now = Math.floor(Date.now() / 1000);\n if (Math.abs(now - claims.iat) > 300) {\n throw new Error('DPoP proof expired or too far in future');\n }\n\n const jkt = await getJwkThumbprint({ publicKeyJwk });\n return { publicKeyJwk, jkt, claims };\n}\n"],"mappings":";;;;AAgCA,SAAS,yBAAyB,KAA6B;CAC7D,IACE,IAAI,QAAQ,QACZ,IAAI,QAAQ,WACZ,OAAO,IAAI,MAAM,YACjB,OAAO,IAAI,MAAM,UAEjB,MAAM,IAAI,MAAM,8BAA8B;CAEhD,OAAO;EACL,KAAK;EACL,KAAK;EACL,GAAG,IAAI;EACP,GAAG,IAAI;CACT;AACF;;;;;;;AAeA,eAAsB,cACpB,SACiB;CACjB,MAAM,EAAE,SAAS,WAAW;CAE5B,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;GAAY,KAFzB,yBAAyB,QAAQ,eAEK;EAAE;EACxD,SAAS;EACT,YAAY,QAAQ;CACtB,CAAC;AACH;;;;;;;;;;;;;;AA8CA,eAAsB,gBACpB,SAC4B;CAC5B,MAAM,EAAE,OAAO,KAAK,KAAK,KAAK,QAAQ;CACtC,MAAM,QAAQ,MAAM,MAAM,GAAG;CAC7B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,2BAA2B;CAEnE,MAAM,gBAAgB,MAAM;CAC5B,IAAI,CAAC,eAAe,MAAM,IAAI,MAAM,qBAAqB;CAEzD,MAAM,SAAS,KAAK,MAClB,IAAI,YAAY,EAAE,OAAO,gBAAgB,aAAa,CAAC,CACzD;CAEA,IAAI,OAAO,QAAQ,YAAY,MAAM,IAAI,MAAM,yBAAyB;CACxE,IAAI,OAAO,QAAQ,SAAS,MAAM,IAAI,MAAM,4BAA4B;CACxE,MAAM,eAAe,OAAO;CAC5B,IAAI,CAAC,cAAc,MAAM,IAAI,MAAM,4BAA4B;CAG/D,MAAM,SAAS,MADO,mBAAmB;EAAE,OAAO;EAAO;CAAa,CAAC;CAGvE,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,KAAK;CAEzE,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,KAAK;CAEzE,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,mBAAmB;CAErC,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,mBAAmB;CAGrC,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;CACxC,IAAI,KAAK,IAAI,MAAM,OAAO,GAAG,IAAI,KAC/B,MAAM,IAAI,MAAM,yCAAyC;CAI3D,OAAO;EAAE;EAAc,KAAA,MADL,iBAAiB,EAAE,aAAa,CAAC;EACvB;CAAO;AACrC"}
|
|
@@ -1,4 +1,9 @@
|
|
|
1
1
|
//#region src/server/utils/env-utils.ts
|
|
2
|
+
const HUBSPOT_API_ORIGIN_DEFAULT = "https://api.hubapi.com";
|
|
3
|
+
const HUBSPOT_OAUTH_API_ORIGIN_DEFAULT = "https://api.hubapi.com";
|
|
4
|
+
const HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT = "https://app.hubspot.com/oauth/authorize";
|
|
5
|
+
/** Environment variable name for the app private key loaded by `secureStart`. */
|
|
6
|
+
const HUBSPOT_APP_PRIVATE_KEY_ENV = "HUBSPOT_APP_PRIVATE_KEY";
|
|
2
7
|
/**
|
|
3
8
|
* Reads an environment variable in a way that works under both Node
|
|
4
9
|
* (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when
|
|
@@ -12,6 +17,15 @@ function getEnv(key) {
|
|
|
12
17
|
if (deno !== void 0) return deno.env.get(key);
|
|
13
18
|
}
|
|
14
19
|
/**
|
|
20
|
+
* Reads an environment variable, returning `defaultValue` when it is
|
|
21
|
+
* unset or an empty string.
|
|
22
|
+
*/
|
|
23
|
+
function getEnvWithDefault(key, defaultValue) {
|
|
24
|
+
const value = getEnv(key);
|
|
25
|
+
if (!value) return defaultValue;
|
|
26
|
+
return value;
|
|
27
|
+
}
|
|
28
|
+
/**
|
|
15
29
|
* Reads an environment variable and throws when it is missing or empty.
|
|
16
30
|
* Use for values the SDK cannot fall back on (e.g. upstream service
|
|
17
31
|
* URLs).
|
|
@@ -25,20 +39,59 @@ function requireEnv(key) {
|
|
|
25
39
|
return value;
|
|
26
40
|
}
|
|
27
41
|
/**
|
|
42
|
+
* HubSpot API origin used by the HubSpot API client transport. Defaults to
|
|
43
|
+
* `https://api.hubapi.com` when `HUBSPOT_API_ORIGIN` is unset.
|
|
44
|
+
*/
|
|
45
|
+
function getHubSpotApiOrigin() {
|
|
46
|
+
return getEnvWithDefault("HUBSPOT_API_ORIGIN", HUBSPOT_API_ORIGIN_DEFAULT);
|
|
47
|
+
}
|
|
48
|
+
/**
|
|
49
|
+
* Full OAuth authorize URL for hubspot-connect routes. Defaults to
|
|
50
|
+
* `https://app.hubspot.com/oauth/authorize` when
|
|
51
|
+
* `HUBSPOT_AUTHORIZATION_ENDPOINT` is unset.
|
|
52
|
+
*/
|
|
53
|
+
function getHubSpotAuthorizationEndpoint() {
|
|
54
|
+
return getEnvWithDefault("HUBSPOT_AUTHORIZATION_ENDPOINT", HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT);
|
|
55
|
+
}
|
|
56
|
+
/**
|
|
57
|
+
* HubSpot OAuth API origin (token, revoke, JWKS). Normalized to a URL
|
|
58
|
+
* origin. Defaults to `https://api.hubapi.com` when
|
|
59
|
+
* `HUBSPOT_OAUTH_API_ORIGIN` is unset.
|
|
60
|
+
*/
|
|
61
|
+
function getHubSpotOAuthApiOrigin() {
|
|
62
|
+
return new URL(getEnvWithDefault("HUBSPOT_OAUTH_API_ORIGIN", HUBSPOT_OAUTH_API_ORIGIN_DEFAULT)).origin;
|
|
63
|
+
}
|
|
64
|
+
/**
|
|
65
|
+
* Static OAuth client ID. Required when CIMD is disabled.
|
|
66
|
+
*
|
|
67
|
+
* @throws {Error} When `HUBSPOT_CLIENT_ID` is unset or empty.
|
|
68
|
+
*/
|
|
69
|
+
function requireHubSpotClientId() {
|
|
70
|
+
return requireEnv("HUBSPOT_CLIENT_ID");
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Static OAuth client secret. Required when CIMD is disabled.
|
|
74
|
+
*
|
|
75
|
+
* @throws {Error} When `HUBSPOT_CLIENT_SECRET` is unset or empty.
|
|
76
|
+
*/
|
|
77
|
+
function requireHubSpotClientSecret() {
|
|
78
|
+
return requireEnv("HUBSPOT_CLIENT_SECRET");
|
|
79
|
+
}
|
|
80
|
+
/**
|
|
28
81
|
* Whether outbound HubSpot OAuth and API calls should attach DPoP on
|
|
29
|
-
* the wire.
|
|
30
|
-
* string `"
|
|
82
|
+
* the wire. Enabled only when `HUBSPOT_DPOP_ENABLED` is exactly the
|
|
83
|
+
* string `"true"` (unset or any other value keeps DPoP disabled).
|
|
31
84
|
*/
|
|
32
85
|
function isHubspotDpopEnabled() {
|
|
33
|
-
return getEnv("HUBSPOT_DPOP_ENABLED")
|
|
86
|
+
return getEnv("HUBSPOT_DPOP_ENABLED") === "true";
|
|
34
87
|
}
|
|
35
88
|
/**
|
|
36
89
|
* Whether the SDK should use CIMD-style OAuth (client ID URL + JWT client
|
|
37
|
-
* assertion).
|
|
38
|
-
* string `"
|
|
90
|
+
* assertion). Enabled only when `HUBSPOT_CIMD_ENABLED` is exactly the
|
|
91
|
+
* string `"true"` (unset or any other value keeps CIMD disabled).
|
|
39
92
|
*/
|
|
40
93
|
function isHubspotCimdEnabled() {
|
|
41
|
-
return getEnv("HUBSPOT_CIMD_ENABLED")
|
|
94
|
+
return getEnv("HUBSPOT_CIMD_ENABLED") === "true";
|
|
42
95
|
}
|
|
43
96
|
/**
|
|
44
97
|
* Whether `HUBSPOT_APP_PRIVATE_KEY` must be set for `secureStart`. False
|
|
@@ -49,6 +102,6 @@ function isHubspotAppPrivateKeyRequired() {
|
|
|
49
102
|
return isHubspotCimdEnabled() || isHubspotDpopEnabled();
|
|
50
103
|
}
|
|
51
104
|
//#endregion
|
|
52
|
-
export { isHubspotAppPrivateKeyRequired, isHubspotCimdEnabled, isHubspotDpopEnabled,
|
|
105
|
+
export { HUBSPOT_APP_PRIVATE_KEY_ENV, getHubSpotApiOrigin, getHubSpotAuthorizationEndpoint, getHubSpotOAuthApiOrigin, isHubspotAppPrivateKeyRequired, isHubspotCimdEnabled, isHubspotDpopEnabled, requireHubSpotClientId, requireHubSpotClientSecret };
|
|
53
106
|
|
|
54
107
|
//# sourceMappingURL=env-utils.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"env-utils.js","names":[],"sources":["../../../src/server/utils/env-utils.ts"],"sourcesContent":["interface GlobalWithOptionalEnv {\n process?: { env?: Record<string, string | undefined> };\n Deno?: { env: { get(name: string): string | undefined } };\n}\n\n/**\n * Reads an environment variable in a way that works under both Node\n * (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when\n * the variable is unset or when neither runtime is available.\n */\nexport function getEnv(key: string): string | undefined {\n const g = globalThis as GlobalWithOptionalEnv;\n const proc = g.process;\n if (proc?.env) {\n return proc.env[key];\n }\n const deno = g.Deno;\n if (deno !== undefined) {\n return deno.env.get(key);\n }\n return undefined;\n}\n\n/**\n * Reads an environment variable and throws when it is missing or empty.\n * Use for values the SDK cannot fall back on (e.g. upstream service\n * URLs).\n *\n * @throws {Error} When the environment variable is unset or an empty\n * string.\n */\nexport function requireEnv(key: string): string {\n const value = getEnv(key);\n if (!value) {\n throw new Error(`Missing required environment variable: ${key}`);\n }\n return value;\n}\n\n/**\n * Whether outbound HubSpot OAuth and API calls should attach DPoP on\n * the wire.
|
|
1
|
+
{"version":3,"file":"env-utils.js","names":[],"sources":["../../../src/server/utils/env-utils.ts"],"sourcesContent":["interface GlobalWithOptionalEnv {\n process?: { env?: Record<string, string | undefined> };\n Deno?: { env: { get(name: string): string | undefined } };\n}\n\nconst HUBSPOT_API_ORIGIN_DEFAULT = 'https://api.hubapi.com';\n\nconst HUBSPOT_OAUTH_API_ORIGIN_DEFAULT = 'https://api.hubapi.com';\n\nconst HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT =\n 'https://app.hubspot.com/oauth/authorize';\n\n/** Environment variable name for the app private key loaded by `secureStart`. */\nexport const HUBSPOT_APP_PRIVATE_KEY_ENV = 'HUBSPOT_APP_PRIVATE_KEY';\n\n/**\n * Reads an environment variable in a way that works under both Node\n * (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when\n * the variable is unset or when neither runtime is available.\n */\nexport function getEnv(key: string): string | undefined {\n const g = globalThis as GlobalWithOptionalEnv;\n const proc = g.process;\n if (proc?.env) {\n return proc.env[key];\n }\n const deno = g.Deno;\n if (deno !== undefined) {\n return deno.env.get(key);\n }\n return undefined;\n}\n\n/**\n * Reads an environment variable, returning `defaultValue` when it is\n * unset or an empty string.\n */\nexport function getEnvWithDefault(key: string, defaultValue: string): string {\n const value = getEnv(key);\n if (!value) {\n return defaultValue;\n }\n return value;\n}\n\n/**\n * Reads an environment variable and throws when it is missing or empty.\n * Use for values the SDK cannot fall back on (e.g. upstream service\n * URLs).\n *\n * @throws {Error} When the environment variable is unset or an empty\n * string.\n */\nexport function requireEnv(key: string): string {\n const value = getEnv(key);\n if (!value) {\n throw new Error(`Missing required environment variable: ${key}`);\n }\n return value;\n}\n\n/**\n * HubSpot API origin used by the HubSpot API client transport. Defaults to\n * `https://api.hubapi.com` when `HUBSPOT_API_ORIGIN` is unset.\n */\nexport function getHubSpotApiOrigin(): string {\n return getEnvWithDefault('HUBSPOT_API_ORIGIN', HUBSPOT_API_ORIGIN_DEFAULT);\n}\n\n/**\n * Full OAuth authorize URL for hubspot-connect routes. Defaults to\n * `https://app.hubspot.com/oauth/authorize` when\n * `HUBSPOT_AUTHORIZATION_ENDPOINT` is unset.\n */\nexport function getHubSpotAuthorizationEndpoint(): string {\n return getEnvWithDefault(\n 'HUBSPOT_AUTHORIZATION_ENDPOINT',\n HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT\n );\n}\n\n/**\n * HubSpot OAuth API origin (token, revoke, JWKS). Normalized to a URL\n * origin. Defaults to `https://api.hubapi.com` when\n * `HUBSPOT_OAUTH_API_ORIGIN` is unset.\n */\nexport function getHubSpotOAuthApiOrigin(): string {\n return new URL(\n getEnvWithDefault(\n 'HUBSPOT_OAUTH_API_ORIGIN',\n HUBSPOT_OAUTH_API_ORIGIN_DEFAULT\n )\n ).origin;\n}\n\n/**\n * Static OAuth client ID. Required when CIMD is disabled.\n *\n * @throws {Error} When `HUBSPOT_CLIENT_ID` is unset or empty.\n */\nexport function requireHubSpotClientId(): string {\n return requireEnv('HUBSPOT_CLIENT_ID');\n}\n\n/**\n * Static OAuth client secret. Required when CIMD is disabled.\n *\n * @throws {Error} When `HUBSPOT_CLIENT_SECRET` is unset or empty.\n */\nexport function requireHubSpotClientSecret(): string {\n return requireEnv('HUBSPOT_CLIENT_SECRET');\n}\n\n/**\n * Whether outbound HubSpot OAuth and API calls should attach DPoP on\n * the wire. Enabled only when `HUBSPOT_DPOP_ENABLED` is exactly the\n * string `\"true\"` (unset or any other value keeps DPoP disabled).\n */\nexport function isHubspotDpopEnabled(): boolean {\n return getEnv('HUBSPOT_DPOP_ENABLED') === 'true';\n}\n\n/**\n * Whether the SDK should use CIMD-style OAuth (client ID URL + JWT client\n * assertion). Enabled only when `HUBSPOT_CIMD_ENABLED` is exactly the\n * string `\"true\"` (unset or any other value keeps CIMD disabled).\n */\nexport function isHubspotCimdEnabled(): boolean {\n return getEnv('HUBSPOT_CIMD_ENABLED') === 'true';\n}\n\n/**\n * Whether `HUBSPOT_APP_PRIVATE_KEY` must be set for `secureStart`. False\n * when both CIMD and DPoP are disabled — the SDK then uses\n * `client_secret` for OAuth and Bearer tokens only for API calls.\n */\nexport function isHubspotAppPrivateKeyRequired(): boolean {\n return isHubspotCimdEnabled() || isHubspotDpopEnabled();\n}\n"],"mappings":";AAKA,MAAM,6BAA6B;AAEnC,MAAM,mCAAmC;AAEzC,MAAM,yCACJ;;AAGF,MAAa,8BAA8B;;;;;;AAO3C,SAAgB,OAAO,KAAiC;CACtD,MAAM,IAAI;CACV,MAAM,OAAO,EAAE;CACf,IAAI,MAAM,KACR,OAAO,KAAK,IAAI;CAElB,MAAM,OAAO,EAAE;CACf,IAAI,SAAS,KAAA,GACX,OAAO,KAAK,IAAI,IAAI,GAAG;AAG3B;;;;;AAMA,SAAgB,kBAAkB,KAAa,cAA8B;CAC3E,MAAM,QAAQ,OAAO,GAAG;CACxB,IAAI,CAAC,OACH,OAAO;CAET,OAAO;AACT;;;;;;;;;AAUA,SAAgB,WAAW,KAAqB;CAC9C,MAAM,QAAQ,OAAO,GAAG;CACxB,IAAI,CAAC,OACH,MAAM,IAAI,MAAM,0CAA0C,KAAK;CAEjE,OAAO;AACT;;;;;AAMA,SAAgB,sBAA8B;CAC5C,OAAO,kBAAkB,sBAAsB,0BAA0B;AAC3E;;;;;;AAOA,SAAgB,kCAA0C;CACxD,OAAO,kBACL,kCACA,sCACF;AACF;;;;;;AAOA,SAAgB,2BAAmC;CACjD,OAAO,IAAI,IACT,kBACE,4BACA,gCACF,CACF,EAAE;AACJ;;;;;;AAOA,SAAgB,yBAAiC;CAC/C,OAAO,WAAW,mBAAmB;AACvC;;;;;;AAOA,SAAgB,6BAAqC;CACnD,OAAO,WAAW,uBAAuB;AAC3C;;;;;;AAOA,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,sBAAsB,MAAM;AAC5C;;;;;;AAOA,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,sBAAsB,MAAM;AAC5C;;;;;;AAOA,SAAgB,iCAA0C;CACxD,OAAO,qBAAqB,KAAK,qBAAqB;AACxD"}
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import { signDpopProof } from "./dpop-utils.js";
|
|
2
|
+
import { sha256base64url } from "../shared/encoding/sha256.js";
|
|
3
|
+
//#region src/server/utils/hubspot-dpop-auth-headers.ts
|
|
4
|
+
function getDpopHtuFromTargetUrl(targetUrl) {
|
|
5
|
+
const url = new URL(targetUrl);
|
|
6
|
+
url.search = "";
|
|
7
|
+
url.hash = "";
|
|
8
|
+
return url.toString();
|
|
9
|
+
}
|
|
10
|
+
/**
|
|
11
|
+
* Builds `Authorization` and `DPoP` headers for an authenticated
|
|
12
|
+
* HubSpot API request when DPoP is enabled.
|
|
13
|
+
*/
|
|
14
|
+
async function buildHubSpotDpopAuthHeaders(options) {
|
|
15
|
+
const { accessToken, sessionId, appKeys, method, targetUrl } = options;
|
|
16
|
+
const htu = getDpopHtuFromTargetUrl(targetUrl);
|
|
17
|
+
const ath = await sha256base64url(accessToken);
|
|
18
|
+
const sid = await sha256base64url(sessionId);
|
|
19
|
+
const dpopProof = await signDpopProof({
|
|
20
|
+
appKeys,
|
|
21
|
+
claims: {
|
|
22
|
+
htm: method,
|
|
23
|
+
htu,
|
|
24
|
+
jti: crypto.randomUUID(),
|
|
25
|
+
iat: Math.floor(Date.now() / 1e3),
|
|
26
|
+
ath,
|
|
27
|
+
sid
|
|
28
|
+
}
|
|
29
|
+
});
|
|
30
|
+
return {
|
|
31
|
+
Authorization: `DPoP ${accessToken}`,
|
|
32
|
+
DPoP: dpopProof
|
|
33
|
+
};
|
|
34
|
+
}
|
|
35
|
+
//#endregion
|
|
36
|
+
export { buildHubSpotDpopAuthHeaders };
|
|
37
|
+
|
|
38
|
+
//# sourceMappingURL=hubspot-dpop-auth-headers.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hubspot-dpop-auth-headers.js","names":[],"sources":["../../../src/server/utils/hubspot-dpop-auth-headers.ts"],"sourcesContent":["import { type AppKeys } from '../types.ts';\nimport { sha256base64url } from './crypto-utils.ts';\nimport { signDpopProof } from './dpop-utils.ts';\n\nexport interface BuildHubSpotDpopAuthHeadersOptions {\n accessToken: string;\n sessionId: string;\n appKeys: AppKeys;\n method: string;\n targetUrl: string;\n}\n\nfunction getDpopHtuFromTargetUrl(targetUrl: string): string {\n const url = new URL(targetUrl);\n url.search = '';\n url.hash = '';\n return url.toString();\n}\n\n/**\n * Builds `Authorization` and `DPoP` headers for an authenticated\n * HubSpot API request when DPoP is enabled.\n */\nexport async function buildHubSpotDpopAuthHeaders(\n options: BuildHubSpotDpopAuthHeadersOptions\n): Promise<Record<string, string>> {\n const { accessToken, sessionId, appKeys, method, targetUrl } = options;\n const htu = getDpopHtuFromTargetUrl(targetUrl);\n\n const ath = await sha256base64url(accessToken);\n const sid = await sha256base64url(sessionId);\n const dpopProof = await signDpopProof({\n appKeys,\n claims: {\n htm: method,\n htu,\n jti: crypto.randomUUID(),\n iat: Math.floor(Date.now() / 1000),\n ath,\n sid,\n },\n });\n\n return {\n Authorization: `DPoP ${accessToken}`,\n DPoP: dpopProof,\n };\n}\n"],"mappings":";;;AAYA,SAAS,wBAAwB,WAA2B;CAC1D,MAAM,MAAM,IAAI,IAAI,SAAS;CAC7B,IAAI,SAAS;CACb,IAAI,OAAO;CACX,OAAO,IAAI,SAAS;AACtB;;;;;AAMA,eAAsB,4BACpB,SACiC;CACjC,MAAM,EAAE,aAAa,WAAW,SAAS,QAAQ,cAAc;CAC/D,MAAM,MAAM,wBAAwB,SAAS;CAE7C,MAAM,MAAM,MAAM,gBAAgB,WAAW;CAC7C,MAAM,MAAM,MAAM,gBAAgB,SAAS;CAC3C,MAAM,YAAY,MAAM,cAAc;EACpC;EACA,QAAQ;GACN,KAAK;GACL;GACA,KAAK,OAAO,WAAW;GACvB,KAAK,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;GACjC;GACA;EACF;CACF,CAAC;CAED,OAAO;EACL,eAAe,QAAQ;EACvB,MAAM;CACR;AACF"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwk-utils.js","names":[],"sources":["../../../src/server/utils/jwk-utils.ts"],"sourcesContent":["import { base64url } from './base64-utils.ts';\n\nexport interface GetJwkThumbprintOptions {\n /** EC P-256 public JWK whose thumbprint to compute. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Computes the RFC 7638 JWK thumbprint of an EC P-256 public JWK.\n * Per §3.2 the canonical form contains only `crv`, `kty`, `x`, `y`,\n * sorted lexicographically — no whitespace, no other members. The\n * SHA-256 of this canonical UTF-8 JSON, base64url-encoded, is the\n * stable identifier (`jkt`) DPoP uses to bind tokens to public keys.\n */\nexport async function getJwkThumbprint(\n options: GetJwkThumbprintOptions\n): Promise<string> {\n const { publicKeyJwk } = options;\n const canonical = JSON.stringify({\n crv: publicKeyJwk.crv,\n kty: publicKeyJwk.kty,\n x: publicKeyJwk.x,\n y: publicKeyJwk.y,\n });\n const digest = await crypto.subtle.digest(\n 'SHA-256',\n new TextEncoder().encode(canonical)\n );\n return base64url(new Uint8Array(digest));\n}\n"],"mappings":";;;;;;;;;AAcA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,iBAAiB;CACzB,MAAM,YAAY,KAAK,UAAU;EAC/B,KAAK,aAAa;EAClB,KAAK,aAAa;EAClB,GAAG,aAAa;EAChB,GAAG,aAAa;
|
|
1
|
+
{"version":3,"file":"jwk-utils.js","names":[],"sources":["../../../src/server/utils/jwk-utils.ts"],"sourcesContent":["import { base64url } from './base64-utils.ts';\n\nexport interface GetJwkThumbprintOptions {\n /** EC P-256 public JWK whose thumbprint to compute. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Computes the RFC 7638 JWK thumbprint of an EC P-256 public JWK.\n * Per §3.2 the canonical form contains only `crv`, `kty`, `x`, `y`,\n * sorted lexicographically — no whitespace, no other members. The\n * SHA-256 of this canonical UTF-8 JSON, base64url-encoded, is the\n * stable identifier (`jkt`) DPoP uses to bind tokens to public keys.\n */\nexport async function getJwkThumbprint(\n options: GetJwkThumbprintOptions\n): Promise<string> {\n const { publicKeyJwk } = options;\n const canonical = JSON.stringify({\n crv: publicKeyJwk.crv,\n kty: publicKeyJwk.kty,\n x: publicKeyJwk.x,\n y: publicKeyJwk.y,\n });\n const digest = await crypto.subtle.digest(\n 'SHA-256',\n new TextEncoder().encode(canonical)\n );\n return base64url(new Uint8Array(digest));\n}\n"],"mappings":";;;;;;;;;AAcA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,iBAAiB;CACzB,MAAM,YAAY,KAAK,UAAU;EAC/B,KAAK,aAAa;EAClB,KAAK,aAAa;EAClB,GAAG,aAAa;EAChB,GAAG,aAAa;CAClB,CAAC;CACD,MAAM,SAAS,MAAM,OAAO,OAAO,OACjC,WACA,IAAI,YAAY,EAAE,OAAO,SAAS,CACpC;CACA,OAAO,UAAU,IAAI,WAAW,MAAM,CAAC;AACzC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jwt-utils.js","names":[],"sources":["../../../src/server/utils/jwt-utils.ts"],"sourcesContent":["import { base64url, base64urlDecode } from './base64-utils.ts';\n\ninterface EncodeAndSignJwtOptions {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n privateKey: CryptoKey;\n}\n\n/**\n * Low-level helper that encodes a JWS Compact Serialization JWT\n * (RFC 7519) and signs it with the supplied `privateKey` using\n * ES256 (P-256 + SHA-256). Returns the three-segment compact form.\n */\nexport async function encodeAndSignJwt(\n options: EncodeAndSignJwtOptions\n): Promise<string> {\n const { header, payload, privateKey } = options;\n\n const encodedHeader = base64url(\n new TextEncoder().encode(JSON.stringify(header))\n );\n const encodedPayload = base64url(\n new TextEncoder().encode(JSON.stringify(payload))\n );\n const signingInput = `${encodedHeader}.${encodedPayload}`;\n const signatureBuffer = await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey,\n new TextEncoder().encode(signingInput)\n );\n return `${signingInput}.${base64url(new Uint8Array(signatureBuffer))}`;\n}\n\nasync function importPublicKey(jwk: JsonWebKey): Promise<CryptoKey> {\n return crypto.subtle.importKey(\n 'jwk',\n jwk,\n { name: 'ECDSA', namedCurve: 'P-256' },\n false,\n ['verify']\n );\n}\n\ninterface DecodeAndVerifyJwtOptions {\n token: string;\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies the ES256 signature on `token` against `publicKeyJwk` and\n * returns the decoded payload. Does not check `exp` — use\n * {@link verifyJwt} when expiry enforcement is desired.\n *\n * @throws {Error} When the token isn't three segments, when the\n * signature fails verification, or when the payload isn't valid\n * JSON.\n */\nexport async function decodeAndVerifyJwt(\n options: DecodeAndVerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const parts = token.split('.');\n if (parts.length !== 3) throw new Error('Invalid JWT format');\n const [encodedHeader, encodedPayload, encodedSignature] = parts as [\n string,\n string,\n string,\n ];\n const publicKey = await importPublicKey(publicKeyJwk);\n const valid = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey,\n base64urlDecode(encodedSignature),\n new TextEncoder().encode(`${encodedHeader}.${encodedPayload}`)\n );\n if (!valid) throw new Error('JWT signature verification failed');\n return JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedPayload))\n ) as Record<string, unknown>;\n}\n\nexport interface VerifyJwtOptions {\n /** Compact-serialized JWT to verify. */\n token: string;\n /** Public key in JWK form. Caller is responsible for trusting it. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies signature and (if present) `exp` (RFC 7519 §4.1.4) on a\n * JWT and returns its payload.\n *\n * @throws {Error} When the signature fails or when `exp` has passed.\n */\nexport async function verifyJwt(\n options: VerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const payload = await decodeAndVerifyJwt({ token, publicKeyJwk });\n const now = Math.floor(Date.now() / 1000);\n if (typeof payload['exp'] === 'number' && payload['exp'] < now) {\n throw new Error('JWT expired');\n }\n return payload;\n}\n\nexport interface SignJwtOptions {\n /** ES256 private key as a non-extractable WebCrypto key. */\n privateKey: CryptoKey;\n /**\n * Custom claims merged onto an `iat` claim (and `exp` when\n * `ttlSeconds` is supplied). Caller-provided keys override the\n * standard ones.\n */\n payload: Record<string, unknown>;\n /**\n * Lifetime of the token in seconds. When set, the JWT's `exp` claim\n * is computed as `iat + ttlSeconds`. When omitted, no `exp` is added\n * (the caller is responsible for one if needed).\n */\n ttlSeconds?: number;\n}\n\n/**\n * Signs a JWT (RFC 7519) with `alg=ES256, typ=JWT` and returns the\n * compact serialization. Always sets `iat` to the current second; the\n * caller controls every other claim via `payload`.\n */\nexport async function signJwt(options: SignJwtOptions): Promise<string> {\n const { privateKey, payload, ttlSeconds } = options;\n const now = Math.floor(Date.now() / 1000);\n const payloadWithStandardClaims =\n ttlSeconds !== undefined\n ? { iat: now, exp: now + ttlSeconds, ...payload }\n : { iat: now, ...payload };\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'JWT' },\n payload: payloadWithStandardClaims,\n privateKey,\n });\n}\n"],"mappings":";;;;;;;AAaA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,QAAQ,SAAS,eAAe;CAQxC,MAAM,eAAe,GANC,UACpB,IAAI,
|
|
1
|
+
{"version":3,"file":"jwt-utils.js","names":[],"sources":["../../../src/server/utils/jwt-utils.ts"],"sourcesContent":["import { base64url, base64urlDecode } from './base64-utils.ts';\n\ninterface EncodeAndSignJwtOptions {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n privateKey: CryptoKey;\n}\n\n/**\n * Low-level helper that encodes a JWS Compact Serialization JWT\n * (RFC 7519) and signs it with the supplied `privateKey` using\n * ES256 (P-256 + SHA-256). Returns the three-segment compact form.\n */\nexport async function encodeAndSignJwt(\n options: EncodeAndSignJwtOptions\n): Promise<string> {\n const { header, payload, privateKey } = options;\n\n const encodedHeader = base64url(\n new TextEncoder().encode(JSON.stringify(header))\n );\n const encodedPayload = base64url(\n new TextEncoder().encode(JSON.stringify(payload))\n );\n const signingInput = `${encodedHeader}.${encodedPayload}`;\n const signatureBuffer = await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey,\n new TextEncoder().encode(signingInput)\n );\n return `${signingInput}.${base64url(new Uint8Array(signatureBuffer))}`;\n}\n\nasync function importPublicKey(jwk: JsonWebKey): Promise<CryptoKey> {\n return crypto.subtle.importKey(\n 'jwk',\n jwk,\n { name: 'ECDSA', namedCurve: 'P-256' },\n false,\n ['verify']\n );\n}\n\ninterface DecodeAndVerifyJwtOptions {\n token: string;\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies the ES256 signature on `token` against `publicKeyJwk` and\n * returns the decoded payload. Does not check `exp` — use\n * {@link verifyJwt} when expiry enforcement is desired.\n *\n * @throws {Error} When the token isn't three segments, when the\n * signature fails verification, or when the payload isn't valid\n * JSON.\n */\nexport async function decodeAndVerifyJwt(\n options: DecodeAndVerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const parts = token.split('.');\n if (parts.length !== 3) throw new Error('Invalid JWT format');\n const [encodedHeader, encodedPayload, encodedSignature] = parts as [\n string,\n string,\n string,\n ];\n const publicKey = await importPublicKey(publicKeyJwk);\n const valid = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey,\n base64urlDecode(encodedSignature),\n new TextEncoder().encode(`${encodedHeader}.${encodedPayload}`)\n );\n if (!valid) throw new Error('JWT signature verification failed');\n return JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedPayload))\n ) as Record<string, unknown>;\n}\n\nexport interface VerifyJwtOptions {\n /** Compact-serialized JWT to verify. */\n token: string;\n /** Public key in JWK form. Caller is responsible for trusting it. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies signature and (if present) `exp` (RFC 7519 §4.1.4) on a\n * JWT and returns its payload.\n *\n * @throws {Error} When the signature fails or when `exp` has passed.\n */\nexport async function verifyJwt(\n options: VerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const payload = await decodeAndVerifyJwt({ token, publicKeyJwk });\n const now = Math.floor(Date.now() / 1000);\n if (typeof payload['exp'] === 'number' && payload['exp'] < now) {\n throw new Error('JWT expired');\n }\n return payload;\n}\n\nexport interface SignJwtOptions {\n /** ES256 private key as a non-extractable WebCrypto key. */\n privateKey: CryptoKey;\n /**\n * Custom claims merged onto an `iat` claim (and `exp` when\n * `ttlSeconds` is supplied). Caller-provided keys override the\n * standard ones.\n */\n payload: Record<string, unknown>;\n /**\n * Lifetime of the token in seconds. When set, the JWT's `exp` claim\n * is computed as `iat + ttlSeconds`. When omitted, no `exp` is added\n * (the caller is responsible for one if needed).\n */\n ttlSeconds?: number;\n}\n\n/**\n * Signs a JWT (RFC 7519) with `alg=ES256, typ=JWT` and returns the\n * compact serialization. Always sets `iat` to the current second; the\n * caller controls every other claim via `payload`.\n */\nexport async function signJwt(options: SignJwtOptions): Promise<string> {\n const { privateKey, payload, ttlSeconds } = options;\n const now = Math.floor(Date.now() / 1000);\n const payloadWithStandardClaims =\n ttlSeconds !== undefined\n ? { iat: now, exp: now + ttlSeconds, ...payload }\n : { iat: now, ...payload };\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'JWT' },\n payload: payloadWithStandardClaims,\n privateKey,\n });\n}\n"],"mappings":";;;;;;;AAaA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,QAAQ,SAAS,eAAe;CAQxC,MAAM,eAAe,GANC,UACpB,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,MAAM,CAAC,CAKb,EAAE,GAHf,UACrB,IAAI,YAAY,EAAE,OAAO,KAAK,UAAU,OAAO,CAAC,CAEI;CACtD,MAAM,kBAAkB,MAAM,OAAO,OAAO,KAC1C;EAAE,MAAM;EAAS,MAAM;CAAU,GACjC,YACA,IAAI,YAAY,EAAE,OAAO,YAAY,CACvC;CACA,OAAO,GAAG,aAAa,GAAG,UAAU,IAAI,WAAW,eAAe,CAAC;AACrE;AAEA,eAAe,gBAAgB,KAAqC;CAClE,OAAO,OAAO,OAAO,UACnB,OACA,KACA;EAAE,MAAM;EAAS,YAAY;CAAQ,GACrC,OACA,CAAC,QAAQ,CACX;AACF;;;;;;;;;;AAgBA,eAAsB,mBACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,QAAQ,MAAM,MAAM,GAAG;CAC7B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,oBAAoB;CAC5D,MAAM,CAAC,eAAe,gBAAgB,oBAAoB;CAK1D,MAAM,YAAY,MAAM,gBAAgB,YAAY;CAOpD,IAAI,CAAC,MANe,OAAO,OAAO,OAChC;EAAE,MAAM;EAAS,MAAM;CAAU,GACjC,WACA,gBAAgB,gBAAgB,GAChC,IAAI,YAAY,EAAE,OAAO,GAAG,cAAc,GAAG,gBAAgB,CAC/D,GACY,MAAM,IAAI,MAAM,mCAAmC;CAC/D,OAAO,KAAK,MACV,IAAI,YAAY,EAAE,OAAO,gBAAgB,cAAc,CAAC,CAC1D;AACF;;;;;;;AAeA,eAAsB,UACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,UAAU,MAAM,mBAAmB;EAAE;EAAO;CAAa,CAAC;CAChE,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;CACxC,IAAI,OAAO,QAAQ,WAAW,YAAY,QAAQ,SAAS,KACzD,MAAM,IAAI,MAAM,aAAa;CAE/B,OAAO;AACT;;;;;;AAwBA,eAAsB,QAAQ,SAA0C;CACtE,MAAM,EAAE,YAAY,SAAS,eAAe;CAC5C,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,GAAI;CAKxC,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;EAAM;EACnC,SALA,eAAe,KAAA,IACX;GAAE,KAAK;GAAK,KAAK,MAAM;GAAY,GAAG;EAAQ,IAC9C;GAAE,KAAK;GAAK,GAAG;EAAQ;EAI3B;CACF,CAAC;AACH"}
|
package/package.json
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@hubspot/app-connect-sdk",
|
|
3
|
-
"version": "1.0.0-alpha.
|
|
3
|
+
"version": "1.0.0-alpha.21",
|
|
4
4
|
"description": "HubSpot App Connect SDK (alpha release). Documentation and integration guidance forthcoming.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"exports": {
|
|
7
7
|
"./browser": "./dist/browser/index.js",
|
|
8
8
|
"./react": "./dist/browser/react.js",
|
|
9
9
|
"./react/lovable": "./dist/browser/react/lovable.js",
|
|
10
|
-
"./server/api-client": "./dist/server/api-client
|
|
10
|
+
"./server/api-client": "./dist/server/api-client.js",
|
|
11
11
|
"./server/lovable": "./dist/server/lovable.js",
|
|
12
12
|
"./server/oauth": "./dist/server/oauth.js"
|
|
13
13
|
},
|
|
@@ -23,35 +23,29 @@
|
|
|
23
23
|
},
|
|
24
24
|
"prettier": "@private/prettier-config",
|
|
25
25
|
"peerDependencies": {
|
|
26
|
-
"hono": "^4.0.0",
|
|
27
26
|
"react": "^18.0.0 || ^19.0.0"
|
|
28
27
|
},
|
|
29
|
-
"peerDependenciesMeta": {
|
|
30
|
-
"hono": {
|
|
31
|
-
"optional": true
|
|
32
|
-
}
|
|
33
|
-
},
|
|
34
28
|
"dependencies": {
|
|
35
|
-
"@base-ui/react": "
|
|
29
|
+
"@base-ui/react": "1.4.1",
|
|
30
|
+
"hono": "4.12.19"
|
|
36
31
|
},
|
|
37
32
|
"engines": {
|
|
38
33
|
"node": ">=24.0.0"
|
|
39
34
|
},
|
|
40
35
|
"devDependencies": {
|
|
41
|
-
"@types/deno": "
|
|
42
|
-
"@types/node": "25.
|
|
43
|
-
"@types/react": "
|
|
44
|
-
"@vanilla-extract/css": "
|
|
45
|
-
"@vanilla-extract/rollup-plugin": "
|
|
46
|
-
"eslint": "10.0
|
|
47
|
-
"
|
|
48
|
-
"
|
|
49
|
-
"
|
|
50
|
-
"tsdown": "0.22.0-beta.3",
|
|
36
|
+
"@types/deno": "2.7.0",
|
|
37
|
+
"@types/node": "25.9.0",
|
|
38
|
+
"@types/react": "19.2.14",
|
|
39
|
+
"@vanilla-extract/css": "1.20.1",
|
|
40
|
+
"@vanilla-extract/rollup-plugin": "1.5.3",
|
|
41
|
+
"eslint": "10.4.0",
|
|
42
|
+
"prettier": "3.8.3",
|
|
43
|
+
"react": "19.2.6",
|
|
44
|
+
"tsdown": "0.22.0",
|
|
51
45
|
"typescript": "6.0.3",
|
|
52
|
-
"vitest": "4.
|
|
53
|
-
"@private/tsconfig": "0.1.0",
|
|
46
|
+
"vitest": "4.1.6",
|
|
54
47
|
"@private/eslint-config": "0.1.0",
|
|
48
|
+
"@private/tsconfig": "0.1.0",
|
|
55
49
|
"@private/prettier-config": "0.1.0"
|
|
56
50
|
},
|
|
57
51
|
"scripts": {
|
|
@@ -57,8 +57,11 @@ flowchart TD
|
|
|
57
57
|
## Module map
|
|
58
58
|
|
|
59
59
|
- [create.ts](./create.ts) — factory; the only file [`../index.ts`](../index.ts) imports from. Wires the context, defines `connectToHubSpot` / `disconnectFromHubSpot`, and applies `memoizeLast` to `getSnapshot`.
|
|
60
|
-
- [init.ts](./init.ts) — runs once on `start()`.
|
|
61
|
-
- [connect-start.ts](./connect-start.ts) — `GET`s
|
|
60
|
+
- [init.ts](./init.ts) — runs once on `start()`. Redirect flow: POSTs `code` + `state` to `/auth/complete`, persists `expires_at`, `history.replaceState`s to `return_path`. Popup flow (`window.opener`): relays `code` + `state` to the opener and closes (no `auth/complete` in the popup).
|
|
61
|
+
- [connect-start.ts](./connect-start.ts) — `GET`s `/auth/init-session`, then redirects or opens a popup per `config.oauthConnectMode` (`auto` uses a popup when embedded in an iframe). See [oauth-popup.ts](./oauth-popup.ts).
|
|
62
|
+
- [oauth-popup.ts](./oauth-popup.ts) — opener waits for popup `postMessage` with `code` + `state`, then POSTs `/auth/complete`.
|
|
63
|
+
- [oauth-complete.ts](./oauth-complete.ts) — shared credentialed `POST /auth/complete` used by redirect init and the opener popup handler.
|
|
64
|
+
- [utils/resolve-oauth-connect-mode.ts](./utils/resolve-oauth-connect-mode.ts) / [utils/iframe-utils.ts](./utils/iframe-utils.ts) — map `oauthConnectMode` + iframe detection to redirect vs popup.
|
|
62
65
|
- [disconnect.ts](./disconnect.ts) — `POST`s `/auth/logout`, clears local session storage, and redirects to the server-supplied `redirect_to`. Errors are caught and surfaced via `state.error`.
|
|
63
66
|
- [refresh.ts](./refresh.ts) — subscribes to the store and (re)schedules a `/auth/refresh` call whenever `expiresAt` changes. Exposes `RefreshSchedulerHandle.stop()` for teardown.
|
|
64
67
|
- [view-state.ts](./view-state.ts) — `getDerivedStatus` and `SERVER_VIEW` (the SSR snapshot returned by `getServerSnapshot`).
|