npm - @hubspot/app-connect-sdk - Versions diffs - 1.0.0-alpha.2 → 1.0.0-alpha.3 - Mend

@hubspot/app-connect-sdk 1.0.0-alpha.2 → 1.0.0-alpha.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (70) hide show

package/src/server/hono/utils/cors-middleware.test.ts ADDED Viewed

@@ -0,0 +1,79 @@
+import { Hono } from 'hono';
+import { describe, expect, it } from 'vitest';
+import { HUBSPOT_APP_ORIGIN_COOKIE_NAME } from '../../constants.ts';
+import { corsMiddleware } from './cors-middleware.ts';
+const APP_ORIGIN = 'https://app.example.com';
+const PINNED_ORIGIN = 'https://pinned.example.com';
+function buildApp(): Hono {
+  const app = new Hono();
+  app.use('*', corsMiddleware());
+  app.get('/echo', (c) => c.json({ ok: true }));
+  app.post('/echo', (c) => c.json({ ok: true }));
+  return app;
+}
+describe('corsMiddleware', () => {
+  it('answers OPTIONS preflight with 204 + credentialed CORS headers', async () => {
+    const app = buildApp();
+    const res = await app.request('http://localhost/echo', {
+      method: 'OPTIONS',
+      headers: { Origin: APP_ORIGIN },
+    });
+    expect(res.status).toBe(204);
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBe(APP_ORIGIN);
+    expect(res.headers.get('Access-Control-Allow-Credentials')).toBe('true');
+    expect(res.headers.get('Access-Control-Allow-Methods')).toContain('GET');
+    expect(res.headers.get('Access-Control-Allow-Methods')).toContain('POST');
+    expect(res.headers.get('Access-Control-Allow-Methods')).toContain(
+      'OPTIONS'
+    );
+    expect(res.headers.get('Access-Control-Allow-Headers')).toContain(
+      'authorization'
+    );
+    expect(res.headers.get('Access-Control-Allow-Headers')).toContain('apikey');
+    expect(res.headers.get('Access-Control-Max-Age')).toBe('600');
+    expect(res.headers.get('Vary')).toContain('Origin');
+  });
+  it('echoes the request Origin when no pinned origin cookie is present', async () => {
+    const app = buildApp();
+    const res = await app.request('http://localhost/echo', {
+      method: 'GET',
+      headers: { Origin: APP_ORIGIN },
+    });
+    expect(res.status).toBe(200);
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBe(APP_ORIGIN);
+    expect(res.headers.get('Access-Control-Allow-Credentials')).toBe('true');
+    expect(res.headers.get('Vary')).toContain('Origin');
+    expect(res.headers.get('Vary')).toContain('Cookie');
+  });
+  it('prefers the pinned `__Host-hs_app_origin` cookie over the Origin header', async () => {
+    const app = buildApp();
+    const res = await app.request('http://localhost/echo', {
+      method: 'GET',
+      headers: {
+        Origin: APP_ORIGIN,
+        Cookie: `${HUBSPOT_APP_ORIGIN_COOKIE_NAME}=${PINNED_ORIGIN}`,
+      },
+    });
+    expect(res.status).toBe(200);
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBe(PINNED_ORIGIN);
+    expect(res.headers.get('Access-Control-Allow-Credentials')).toBe('true');
+  });
+  it('omits CORS headers when the request has no Origin (server-to-server / curl)', async () => {
+    const app = buildApp();
+    const res = await app.request('http://localhost/echo', { method: 'GET' });
+    expect(res.status).toBe(200);
+    expect(res.headers.get('Access-Control-Allow-Origin')).toBeNull();
+    expect(res.headers.get('Access-Control-Allow-Credentials')).toBeNull();
+  });
+});

package/src/server/hono/utils/cors-middleware.ts ADDED Viewed

@@ -0,0 +1,95 @@
+import type { Context, MiddlewareHandler } from 'hono';
+import { HUBSPOT_APP_ORIGIN_COOKIE_NAME } from '../../constants.ts';
+import { parseCookies } from '../../utils/cookie-utils.ts';
+/**
+ * Comma-separated list of request headers the SDK accepts on
+ * cross-site fetches. Mirrors the Supabase Edge Functions defaults
+ * the Lovable AI agent emits today, plus `content-type` for the
+ * `auth/complete` POST body and `accept` so JSON content negotiation
+ * works.
+ */
+const ALLOWED_HEADERS = [
+  'authorization',
+  'x-client-info',
+  'apikey',
+  'content-type',
+  'accept',
+  'x-supabase-client-platform',
+  'x-supabase-client-platform-version',
+  'x-supabase-client-runtime',
+  'x-supabase-client-runtime-version',
+].join(', ');
+const ALLOWED_METHODS = 'GET, POST, OPTIONS';
+const PREFLIGHT_MAX_AGE_SECONDS = '600';
+/**
+ * Reads the persisted app-origin cookie from the request, falling
+ * back to the literal `Origin` request header. The cookie is the
+ * authoritative pin once `auth/init-session` has run; on the very
+ * first init-session call (no cookie yet) we just echo whatever
+ * `Origin` the caller sent — the actual access decision is enforced
+ * by cookie-based authentication on every other route, not by CORS.
+ */
+function resolveAllowedOrigin(c: Context): string | null {
+  const cookies = parseCookies(c.req.header('Cookie'));
+  const pinned = cookies[HUBSPOT_APP_ORIGIN_COOKIE_NAME];
+  if (pinned) return pinned;
+  return c.req.header('Origin') ?? null;
+}
+function setSharedCorsHeaders(c: Context, allowOrigin: string): void {
+  c.res.headers.set('Access-Control-Allow-Origin', allowOrigin);
+  c.res.headers.set('Access-Control-Allow-Credentials', 'true');
+  // `Origin` so caches differentiate per-caller responses; `Cookie`
+  // because the allowed origin is derived from the persisted
+  // `__Host-hs_app_origin` cookie.
+  c.res.headers.set('Vary', 'Origin, Cookie');
+}
+/**
+ * Hono middleware that emits credentialed CORS response headers for
+ * the cross-origin Lovable / Supabase deployment shape.
+ *
+ * - On `OPTIONS` preflight: short-circuits with a 204 carrying
+ *   `Access-Control-Allow-*` headers. The browser will then send the
+ *   real request with cookies attached.
+ * - On every other method: echoes the pinned `__Host-hs_app_origin`
+ *   cookie value (or, before init-session has run, the request
+ *   `Origin` header) as `Access-Control-Allow-Origin`, with
+ *   `Access-Control-Allow-Credentials: true`. The wildcard `*` is
+ *   forbidden by browsers when credentials are included, so the
+ *   middleware always echoes a concrete origin.
+ *
+ * Skips header emission entirely when the request has no `Origin`
+ * (server-to-server calls, curl, etc.) so non-browser callers are
+ * left untouched.
+ */
+export function corsMiddleware(): MiddlewareHandler {
+  return async (c, next) => {
+    const allowOrigin = resolveAllowedOrigin(c);
+    if (c.req.method === 'OPTIONS') {
+      const headers = new Headers();
+      if (allowOrigin) {
+        headers.set('Access-Control-Allow-Origin', allowOrigin);
+        headers.set('Access-Control-Allow-Credentials', 'true');
+        headers.set('Vary', 'Origin, Cookie');
+      }
+      headers.set('Access-Control-Allow-Methods', ALLOWED_METHODS);
+      headers.set('Access-Control-Allow-Headers', ALLOWED_HEADERS);
+      headers.set('Access-Control-Max-Age', PREFLIGHT_MAX_AGE_SECONDS);
+      return new Response(null, { status: 204, headers });
+    }
+    await next();
+    if (allowOrigin) {
+      setSharedCorsHeaders(c, allowOrigin);
+    }
+    return;
+  };
+}

package/src/server/sanitize-request.ts CHANGED Viewed

@@ -10,18 +10,17 @@ function serializeCookies(cookies: Map<string, string>): string {
 }
 /**
- * Returns a clone of `original` whose `Cookie` header has every
- * protected cookie removed (see
- * {@link isProtectedCookieName}). When no other cookies
- * remain, the header is dropped entirely.
+ * Mutates `headers` in place: parses the `Cookie` header, drops every
+ * protected cookie (see {@link isProtectedCookieName}), and rewrites
+ * the header. Deletes the header entirely when nothing survives.
  *
- * Used by `createAppConnectRequestHandler` so the user's route
- * handlers never see — and therefore cannot leak — the access token,
- * session ID, or refresh-token cookies.
+ * Used by the SDK's auth middleware after it has read the access
+ * token / session ID, so user route handlers never see — and
+ * therefore cannot leak — those cookies, while CORS / auth
+ * middleware that ran first still got the raw values.
  */
-export function sanitizeRequest(original: Request): Request {
-  const cookies = parseCookies(original.headers.get('Cookie'));
+export function stripProtectedCookies(headers: Headers): void {
+  const cookies = parseCookies(headers.get('Cookie'));
   const surviving = new Map<string, string>();
   for (const [name, value] of Object.entries(cookies)) {
     if (!isProtectedCookieName(name)) {
@@ -29,12 +28,27 @@ export function sanitizeRequest(original: Request): Request {
     }
   }
-  const headers = new Headers(original.headers);
   if (surviving.size === 0) {
     headers.delete('cookie');
   } else {
     headers.set('cookie', serializeCookies(surviving));
   }
+}
+/**
+ * Returns a clone of `original` whose `Cookie` header has every
+ * protected cookie removed (see {@link isProtectedCookieName}). When
+ * no other cookies remain, the header is dropped entirely.
+ *
+ * Standalone helper retained for callers that want a new Request
+ * (e.g. tests). Inside the SDK's per-request handler, the auth
+ * middleware uses {@link stripProtectedCookies} directly on
+ * `c.req.raw.headers` so the auth check itself can still read the
+ * protected cookies before they are stripped.
+ */
+export function sanitizeRequest(original: Request): Request {
+  const headers = new Headers(original.headers);
+  stripProtectedCookies(headers);
   const init: RequestInit = {
     method: original.method,

package/src/server/types.ts CHANGED Viewed

@@ -56,7 +56,7 @@ export interface JwkSet {
 export interface UserCredentials {
   /** Access token. */
-  accessToken: string;
+  accessToken: string | undefined;
   /** Session ID. */
-  sessionId: string;
+  sessionId: string | undefined;
 }

package/src/shared/constants.ts CHANGED Viewed

@@ -6,8 +6,36 @@
 /**
  * Query parameter on the OAuth return URL that carries the new access
- * token's expiry (Unix epoch milliseconds). The server emits this on
- * the `auth/callback` redirect; the browser parses it during `initSdk`
- * and then strips it from the URL via `history.replaceState`.
+ * token's expiry (Unix epoch milliseconds). The browser controller
+ * sets this in the URL after a successful `auth/complete` call and
+ * then strips it during `initAppConnect` via `history.replaceState`.
  */
 export const EXPIRES_AT_URL_PARAM = '__hs_expires_at';
+/**
+ * Path the browser visits after HubSpot's authorize endpoint
+ * redirects back to the app. Mounted on the **frontend** origin (not
+ * the SDK's edge function host) so all OAuth-related cookies live in
+ * the `(frontend, edge)` CHIPS partition.
+ *
+ * The SDK's `auth/init-session` builds the OAuth `redirect_uri` as
+ * `${requestOrigin}${HUBSPOT_FRONTEND_CALLBACK_PATH}`. The browser
+ * controller, on `start()`, recognizes this path on `window.location`
+ * and forwards `?code` + `?state` to the SDK's `auth/complete`
+ * endpoint via a credentialed cross-site fetch. The host app must
+ * register `${app_origin}${HUBSPOT_FRONTEND_CALLBACK_PATH}` as a
+ * redirect URI in its HubSpot app settings.
+ */
+export const HUBSPOT_FRONTEND_CALLBACK_PATH = '/__hubspot_oauth_callback';
+/**
+ * Query parameter on the `auth/complete` POST request carrying the
+ * authorization `code` HubSpot returned to the frontend callback.
+ */
+export const AUTH_COMPLETE_CODE_PARAM = 'code';
+/**
+ * Query parameter on the `auth/complete` POST request carrying the
+ * OAuth `state` HubSpot echoed back to the frontend callback.
+ */
+export const AUTH_COMPLETE_STATE_PARAM = 'state';

package/src/shared/wire-types.ts CHANGED Viewed

@@ -15,6 +15,25 @@ export interface InitSessionResponse {
   authorization_url: string;
 }
+/**
+ * Body returned by `POST /auth/complete` once the SDK has exchanged
+ * the OAuth authorization code for an access + refresh token. The
+ * SDK has set the durable session cookies on the response by this
+ * point; the browser controller uses these fields to update its
+ * client-side expiry tracking and to navigate the user back to the
+ * page they started the connect flow from.
+ */
+export interface AuthCompleteResponse {
+  /** Access-token expiry as Unix epoch milliseconds. */
+  expires_at: number;
+  /**
+   * Path the browser should land on after the connect flow finishes,
+   * carried through the OAuth `state` round-trip. Always begins with
+   * `/` and is restricted to safe internal paths.
+   */
+  return_path: string;
+}
 /**
  * Body returned by `POST /auth/refresh` after a successful access-token
  * refresh.

package/dist/browser/HubSpotAppConnect-BW45gyDs.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"HubSpotAppConnect-BW45gyDs.js","names":["styles.root","styles.variant","variant","styles.size","size","styles","styles","styles","styles"],"sources":["../../src/browser/react/context.ts","../../src/browser/react/hooks.ts","../../src/browser/react/components/Button/Button.css.ts","../../src/browser/react/components/Button/Button.tsx","../../src/browser/react/components/ConnectButton/ConnectButton.css.ts","../../src/browser/react/components/ConnectButton/ConnectButton.tsx","../../src/browser/react/components/icons/ChevronDownIcon.tsx","../../src/browser/react/components/icons/ExternalLinkIcon.tsx","../../src/browser/react/components/icons/HubSpotDataSourceIcon.tsx","../../src/browser/react/components/icons/LogoutIcon.tsx","../../src/browser/react/components/icons/ShareIcon.tsx","../../src/browser/react/components/ShareButton/ShareButton.css.ts","../../src/browser/react/components/ShareButton/ShareButton.tsx","../../src/browser/react/components/AppConnectHeader/AppConnectHeader.css.ts","../../src/browser/react/components/AppConnectHeader/AppConnectHeader.tsx","../../src/browser/react/components/DisconnectedBody/DisconnectedBody.css.ts","../../src/browser/react/components/DisconnectedBody/DisconnectedBody.tsx","../../src/browser/react/components/LoadingIndicator/LoadingIndicator.css.ts","../../src/browser/react/components/LoadingIndicator/LoadingIndicator.tsx","../../src/browser/react/components/HubSpotAppConnect/HubSpotAppConnect.css.ts","../../src/browser/react/components/HubSpotAppConnect/HubSpotAppConnect.tsx"],"sourcesContent":["import { createContext } from 'react';\n\nimport type { AppConnectController } from '../types.ts';\n\n/**\n * React context that carries the `AppConnectController` from the\n * `HubSpotAppConnect` provider down to consumers of\n * `useHubSpotAppConnect`. `null` indicates the hook is being used\n * outside a provider.\n */\nexport const HubSpotAppConnectControllerContext =\n createContext<AppConnectController | null>(null);\n","import { useContext, useSyncExternalStore } from 'react';\n\nimport type { AppConnectState } from '../types.ts';\nimport { HubSpotAppConnectControllerContext } from './context.ts';\n\nexport type UseHubSpotAppConnectResult = AppConnectState;\n\n/**\n * React hook that returns the current `AppConnectState`. Must be\n * called inside a {@link HubSpotAppConnect} provider — throws when\n * no controller is available.\n *\n * The hook subscribes to the controller via `useSyncExternalStore`\n * so React 18+ batched updates and SSR work correctly.\n */\nexport function useHubSpotAppConnect(): UseHubSpotAppConnectResult {\n const controller = useContext(HubSpotAppConnectControllerContext);\n if (controller == null) {\n throw new Error(\n 'useHubSpotAppConnect must be used within HubSpotAppConnect'\n );\n }\n return useSyncExternalStore(\n controller.subscribe,\n controller.getSnapshot,\n controller.getServerSnapshot\n );\n}\n","import { style, styleVariants } from '@vanilla-extract/css';\n\nimport { themeVars } from '../../../theme.css.ts';\n\nexport const root = style({\n appearance: 'none',\n WebkitAppearance: 'none',\n margin: 0,\n font: 'inherit',\n fontWeight: 500,\n lineHeight: 'inherit',\n textAlign: 'center',\n cursor: 'pointer',\n borderWidth: 1,\n borderStyle: 'solid',\n borderRadius: themeVars.borderRadius[100],\n transition:\n 'background-color 120ms ease, border-color 120ms ease, color 120ms ease, opacity 120ms ease',\n selectors: {\n '&:disabled': {\n cursor: 'wait',\n opacity: 0.55,\n },\n },\n});\n\nexport const variant = styleVariants({\n primary: {\n backgroundColor: themeVars.fill.primary.default,\n color: themeVars.text.primary.default,\n borderColor: themeVars.border.primary.default,\n selectors: {\n '&:hover:not(:disabled)': {\n filter: 'brightness(0.95)',\n },\n },\n },\n secondary: {\n backgroundColor: themeVars.fill.surface.default.default,\n color: themeVars.text.core.default,\n borderColor: themeVars.border.core.default,\n selectors: {\n '&:hover:not(:disabled)': {\n backgroundColor: '#f7f7f7',\n },\n },\n },\n});\n\nexport const size = styleVariants({\n md: {\n padding: `${themeVars.space[200]} ${themeVars.space[300]}`,\n fontSize: 14,\n },\n lg: {\n padding: `${themeVars.space[300]} ${themeVars.space[500]}`,\n fontSize: 16,\n },\n});\n","import type { ButtonHTMLAttributes, ReactNode } from 'react';\n\nimport * as styles from './Button.css.ts';\n\nexport type ButtonVariant = 'primary' | 'secondary';\nexport type ButtonSize = 'md' | 'lg';\n\nexport interface ButtonProps extends Omit<\n ButtonHTMLAttributes<HTMLButtonElement>,\n 'children'\n> {\n children: ReactNode;\n variant?: ButtonVariant;\n size?: ButtonSize;\n}\n\nexport function Button({\n children,\n className,\n variant = 'primary',\n size = 'md',\n type = 'button',\n ...rest\n}: ButtonProps) {\n const composedClassName = [\n styles.root,\n styles.variant[variant],\n styles.size[size],\n className,\n ]\n .filter(Boolean)\n .join(' ');\n return (\n <button {...rest} type={type} className={composedClassName}>\n {children}\n </button>\n );\n}\n","import { keyframes, style, styleVariants } from '@vanilla-extract/css';\n\nimport { themeVars } from '../../../theme.css.ts';\n\nconst spin = keyframes({\n from: { transform: 'rotate(0deg)' },\n to: { transform: 'rotate(360deg)' },\n});\n\nexport const root = style({\n position: 'relative',\n});\n\nexport const label = style({\n position: 'relative',\n zIndex: 0,\n});\n\nexport const labelMuted = style({\n opacity: 0.22,\n});\n\nexport const loadingBackdrop = styleVariants({\n primary: {\n position: 'absolute',\n left: '50%',\n top: '50%',\n zIndex: 1,\n display: 'flex',\n alignItems: 'center',\n justifyContent: 'center',\n width: 36,\n height: 36,\n marginLeft: -18,\n marginTop: -18,\n borderRadius: '50%',\n backgroundColor: 'rgba(255, 255, 255, 0.88)',\n boxShadow: '0 1px 6px rgba(0, 0, 0, 0.14)',\n pointerEvents: 'none',\n },\n secondary: {\n position: 'absolute',\n left: '50%',\n top: '50%',\n zIndex: 1,\n display: 'flex',\n alignItems: 'center',\n justifyContent: 'center',\n width: 36,\n height: 36,\n marginLeft: -18,\n marginTop: -18,\n borderRadius: '50%',\n backgroundColor: 'rgba(255, 255, 255, 0.82)',\n borderWidth: 1,\n borderStyle: 'solid',\n borderColor: themeVars.border.core.subtle.default,\n boxShadow: '0 1px 4px rgba(0, 0, 0, 0.08)',\n pointerEvents: 'none',\n },\n});\n\nexport const spinner = style({\n display: 'block',\n width: 14,\n height: 14,\n borderWidth: 2,\n borderStyle: 'solid',\n borderColor: themeVars.border.core.subtle.default,\n borderTopColor: themeVars.fill.primary.default,\n borderRadius: '50%',\n animation: `${spin} 0.8s linear infinite`,\n});\n","import { useHubSpotAppConnect } from '../../hooks.ts';\nimport type { ButtonProps } from '../Button/Button.tsx';\nimport { Button } from '../Button/Button.tsx';\nimport {\n label,\n labelMuted,\n loadingBackdrop,\n root,\n spinner,\n} from './ConnectButton.css.ts';\n\nexport interface ConnectButtonProps extends Pick<\n ButtonProps,\n 'variant' | 'size' | 'className'\n> {}\n\nexport function ConnectButton({\n variant = 'primary',\n size = 'md',\n className,\n}: ConnectButtonProps) {\n const { status, connectToHubSpot } = useHubSpotAppConnect();\n const isConnecting = status === 'connecting';\n const composedClassName = [root, className].filter(Boolean).join(' ');\n const labelClassName = isConnecting ? `${label} ${labelMuted}` : label;\n return (\n <Button\n variant={variant}\n size={size}\n className={composedClassName}\n aria-busy={isConnecting}\n onClick={() => void connectToHubSpot()}\n disabled={isConnecting}\n >\n <span className={labelClassName}>Connect to HubSpot</span>\n {isConnecting ? (\n <span className={loadingBackdrop[variant]} aria-hidden=\"true\">\n <span className={spinner} />\n </span>\n ) : null}\n </Button>\n );\n}\n","export interface ChevronDownIconProps {\n className?: string;\n}\n\nexport function ChevronDownIcon({ className }: ChevronDownIconProps) {\n return (\n <svg\n className={className}\n viewBox=\"0 0 16 16\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n aria-hidden=\"true\"\n >\n <path\n d=\"M4 6l4 4 4-4\"\n stroke=\"currentColor\"\n strokeWidth=\"1.5\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n />\n </svg>\n );\n}\n","export interface ExternalLinkIconProps {\n className?: string;\n}\n\nexport function ExternalLinkIcon({ className }: ExternalLinkIconProps) {\n return (\n <svg\n className={className}\n viewBox=\"0 0 16 16\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n aria-hidden=\"true\"\n >\n <path\n d=\"M6.5 3.5H4a1 1 0 0 0-1 1v8a1 1 0 0 0 1 1h8a1 1 0 0 0 1-1v-2.5M10 2.5h3.5V6M9 7l5-5\"\n stroke=\"currentColor\"\n strokeWidth=\"1.25\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n />\n </svg>\n );\n}\n","export interface HubSpotDataSourceIconProps {\n className?: string;\n}\n\nexport function HubSpotDataSourceIcon({\n className,\n}: HubSpotDataSourceIconProps) {\n return (\n <svg\n className={className}\n viewBox=\"0 0 16 16\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n aria-hidden=\"true\"\n >\n <rect\n x=\"2.5\"\n y=\"2.5\"\n width=\"11\"\n height=\"11\"\n rx=\"1.5\"\n stroke=\"currentColor\"\n strokeWidth=\"1.25\"\n />\n <path\n d=\"M5 6h6M5 8.25h6M5 10.5h4\"\n stroke=\"currentColor\"\n strokeWidth=\"1.25\"\n strokeLinecap=\"round\"\n />\n </svg>\n );\n}\n","export interface LogoutIconProps {\n className?: string;\n}\n\nexport function LogoutIcon({ className }: LogoutIconProps) {\n return (\n <svg\n className={className}\n viewBox=\"0 0 16 16\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n aria-hidden=\"true\"\n >\n <path\n d=\"M6.5 2.5h-3a1 1 0 0 0-1 1v9a1 1 0 0 0 1 1h3\"\n stroke=\"currentColor\"\n strokeWidth=\"1.5\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n />\n <path\n d=\"M10.5 11l3-3-3-3\"\n stroke=\"currentColor\"\n strokeWidth=\"1.5\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n />\n <path\n d=\"M13.5 8h-7\"\n stroke=\"currentColor\"\n strokeWidth=\"1.5\"\n strokeLinecap=\"round\"\n strokeLinejoin=\"round\"\n />\n </svg>\n );\n}\n","export interface ShareIconProps {\n className?: string;\n}\n\nexport function ShareIcon({ className }: ShareIconProps) {\n return (\n <svg\n className={className}\n viewBox=\"0 0 24 24\"\n fill=\"none\"\n xmlns=\"http://www.w3.org/2000/svg\"\n aria-hidden=\"true\"\n >\n <circle cx=\"18\" cy=\"5\" r=\"2.75\" stroke=\"currentColor\" strokeWidth=\"1.5\" />\n <circle cx=\"6\" cy=\"12\" r=\"2.75\" stroke=\"currentColor\" strokeWidth=\"1.5\" />\n <circle\n cx=\"18\"\n cy=\"19\"\n r=\"2.75\"\n stroke=\"currentColor\"\n strokeWidth=\"1.5\"\n />\n <path\n d=\"M8.6 10.5L15.4 6.5M8.6 13.5L15.4 17.5\"\n stroke=\"currentColor\"\n strokeWidth=\"1.5\"\n strokeLinecap=\"round\"\n />\n </svg>\n );\n}\n","import { style } from '@vanilla-extract/css';\n\nimport { themeVars } from '../../../theme.css.ts';\n\nconst shareBorder = '#cbd6e2';\nconst shareText = '#33475b';\n\nexport const styles = {\n shareButton: style({\n flexShrink: 0,\n appearance: 'none',\n WebkitAppearance: 'none',\n margin: 0,\n fontFamily: 'inherit',\n fontSize: 14,\n fontWeight: 500,\n lineHeight: 1,\n cursor: 'pointer',\n display: 'inline-flex',\n alignItems: 'center',\n justifyContent: 'center',\n gap: themeVars.space[200],\n padding: `8px ${themeVars.space[300]}`,\n color: shareText,\n backgroundColor: themeVars.fill.surface.default.default,\n borderWidth: 1,\n borderStyle: 'solid',\n borderColor: shareBorder,\n borderRadius: 100,\n transition:\n 'background-color 120ms ease, border-color 120ms ease, color 120ms ease',\n selectors: {\n '&:hover:not(:disabled)': {\n backgroundColor: '#f5f8fa',\n },\n '&:focus-visible': {\n outline: `2px solid ${themeVars.border.tertiary.default}`,\n outlineOffset: 2,\n },\n '&:disabled': {\n cursor: 'not-allowed',\n opacity: 0.55,\n },\n },\n }),\n shareIcon: style({\n width: 16,\n height: 16,\n flexShrink: 0,\n display: 'block',\n }),\n} as const;\n","import { ShareIcon } from '../icons/ShareIcon.tsx';\nimport { styles } from './ShareButton.css.ts';\n\ninterface ShareAppConnectPageOptions {\n pageTitle: string;\n}\n\nasync function shareAppConnectPage(\n options: ShareAppConnectPageOptions\n): Promise<void> {\n const { pageTitle } = options;\n const url = window.location.href;\n if (typeof navigator.share === 'function') {\n try {\n await navigator.share({ title: pageTitle, text: pageTitle, url });\n return;\n } catch (error) {\n if (error instanceof DOMException && error.name === 'AbortError') {\n return;\n }\n }\n }\n if (typeof navigator.clipboard?.writeText === 'function') {\n await navigator.clipboard.writeText(url);\n }\n}\n\nexport interface ShareButtonProps {\n pageTitle: string;\n}\n\nexport function ShareButton({ pageTitle }: ShareButtonProps) {\n return (\n <button\n type=\"button\"\n className={styles.shareButton}\n onClick={() => void shareAppConnectPage({ pageTitle })}\n >\n <ShareIcon className={styles.shareIcon} />\n <span>Share</span>\n </button>\n );\n}\n","import { style } from '@vanilla-extract/css';\n\nimport { themeVars } from '../../../theme.css.ts';\n\nconst avatarOrange = themeVars.fill.brand.default;\nconst avatarTextColor = themeVars.text.primary.default;\n\nexport const styles = {\n header: style({\n display: 'flex',\n alignItems: 'center',\n justifyContent: 'space-between',\n gap: themeVars.space[300],\n paddingBottom: themeVars.space[300],\n borderBottomWidth: 1,\n borderBottomStyle: 'solid',\n borderBottomColor: themeVars.border.core.subtle.default,\n }),\n titleRow: style({\n display: 'flex',\n alignItems: 'center',\n flex: 1,\n minWidth: 0,\n }),\n leftStack: style({\n display: 'flex',\n flexDirection: 'column',\n alignItems: 'flex-start',\n gap: themeVars.space[200],\n minWidth: 0,\n flex: 1,\n }),\n contextRow: style({\n display: 'flex',\n alignItems: 'center',\n gap: 6,\n fontSize: 14,\n lineHeight: 1.35,\n color: themeVars.text.core.subtle,\n minWidth: 0,\n }),\n contextIcon: style({\n width: 16,\n height: 16,\n flexShrink: 0,\n color: themeVars.text.core.subtle,\n }),\n contextPrefix: style({\n flexShrink: 0,\n }),\n contextLink: style({\n display: 'inline-flex',\n alignItems: 'center',\n gap: 4,\n color: themeVars.fill.brand.default,\n textDecoration: 'none',\n fontWeight: 500,\n selectors: {\n '&:hover': {\n textDecoration: 'underline',\n },\n },\n }),\n contextExternalIcon: style({\n width: 14,\n height: 14,\n flexShrink: 0,\n }),\n titleCluster: style({\n display: 'flex',\n alignItems: 'center',\n gap: themeVars.space[200],\n width: 'max-content',\n maxWidth: '100%',\n minWidth: 0,\n }),\n title: style({\n flex: '0 1 auto',\n fontSize: 20,\n fontWeight: 600,\n margin: 0,\n color: themeVars.text.core.default,\n minWidth: 0,\n overflow: 'hidden',\n textOverflow: 'ellipsis',\n whiteSpace: 'nowrap',\n }),\n userTrigger: style({\n appearance: 'none',\n WebkitAppearance: 'none',\n margin: 0,\n font: 'inherit',\n lineHeight: 1,\n cursor: 'pointer',\n display: 'inline-flex',\n alignItems: 'center',\n gap: themeVars.space[200],\n padding: `6px ${themeVars.space[300]} 6px 6px`,\n backgroundColor: themeVars.fill.surface.default.default,\n color: themeVars.text.core.default,\n borderWidth: 1,\n borderStyle: 'solid',\n borderColor: themeVars.border.core.default,\n borderRadius: 999,\n transition: 'background-color 120ms ease, border-color 120ms ease',\n selectors: {\n '&:hover': {\n backgroundColor: '#f7f7f7',\n },\n '&[data-popup-open]': {\n backgroundColor: '#f7f7f7',\n },\n },\n }),\n triggerName: style({\n fontWeight: 500,\n fontSize: 14,\n }),\n chevron: style({\n width: 14,\n height: 14,\n color: themeVars.text.core.subtle,\n transition: 'transform 150ms ease',\n selectors: {\n '[data-popup-open] &': {\n transform: 'rotate(180deg)',\n },\n },\n }),\n avatar: style({\n display: 'inline-flex',\n alignItems: 'center',\n justifyContent: 'center',\n backgroundColor: avatarOrange,\n color: avatarTextColor,\n fontWeight: 600,\n flexShrink: 0,\n borderRadius: '50%',\n userSelect: 'none',\n }),\n avatarSm: style({\n width: 28,\n height: 28,\n fontSize: 11,\n }),\n avatarLg: style({\n width: 40,\n height: 40,\n fontSize: 14,\n }),\n popup: style({\n minWidth: 240,\n backgroundColor: themeVars.fill.surface.default.default,\n color: themeVars.text.core.default,\n borderWidth: 1,\n borderStyle: 'solid',\n borderColor: themeVars.border.core.subtle.default,\n borderRadius: themeVars.borderRadius[300],\n boxShadow:\n '0 6px 16px rgba(17, 17, 17, 0.08), 0 2px 6px rgba(17, 17, 17, 0.04)',\n padding: `${themeVars.space[200]} 0`,\n outline: 'none',\n transformOrigin: 'top right',\n opacity: 0,\n transform: 'scale(0.96)',\n transition: 'opacity 120ms ease, transform 120ms ease',\n selectors: {\n '&[data-starting-style]': {\n opacity: 0,\n transform: 'scale(0.96)',\n },\n '&[data-open]': {\n opacity: 1,\n transform: 'scale(1)',\n },\n },\n }),\n userInfo: style({\n display: 'flex',\n alignItems: 'center',\n gap: themeVars.space[300],\n padding: `${themeVars.space[200]} ${themeVars.space[300]}`,\n }),\n userInfoText: style({\n display: 'flex',\n flexDirection: 'column',\n minWidth: 0,\n }),\n userInfoName: style({\n fontWeight: 600,\n fontSize: 14,\n color: themeVars.text.core.default,\n whiteSpace: 'nowrap',\n overflow: 'hidden',\n textOverflow: 'ellipsis',\n }),\n userInfoEmail: style({\n fontSize: 13,\n color: themeVars.text.core.subtle,\n whiteSpace: 'nowrap',\n overflow: 'hidden',\n textOverflow: 'ellipsis',\n }),\n separator: style({\n height: 1,\n margin: `${themeVars.space[200]} 0`,\n backgroundColor: themeVars.border.core.subtle.default,\n border: 'none',\n }),\n disconnectItem: style({\n display: 'flex',\n alignItems: 'center',\n gap: themeVars.space[200],\n padding: `${themeVars.space[200]} ${themeVars.space[300]}`,\n color: themeVars.text.alert.default,\n fontSize: 14,\n fontWeight: 500,\n cursor: 'pointer',\n outline: 'none',\n userSelect: 'none',\n selectors: {\n '&[data-highlighted]': {\n backgroundColor: themeVars.fill.accent.red.subtle.default,\n },\n },\n }),\n disconnectIcon: style({\n width: 16,\n height: 16,\n }),\n} as const;\n","import { Menu } from '@base-ui/react/menu';\n\nimport { useHubSpotAppConnect } from '../../hooks.ts';\nimport { ConnectButton } from '../ConnectButton/ConnectButton.tsx';\nimport { ChevronDownIcon } from '../icons/ChevronDownIcon.tsx';\nimport { ExternalLinkIcon } from '../icons/ExternalLinkIcon.tsx';\nimport { HubSpotDataSourceIcon } from '../icons/HubSpotDataSourceIcon.tsx';\nimport { LogoutIcon } from '../icons/LogoutIcon.tsx';\nimport { ShareButton } from '../ShareButton/ShareButton.tsx';\nimport { styles } from './AppConnectHeader.css.ts';\n\ninterface FakeUser {\n firstName: string;\n lastName: string;\n email: string;\n}\n\nconst FAKE_USER: FakeUser = {\n firstName: 'Gabby',\n lastName: 'Martinez',\n email: 'gabby.martinez@acmecorp.com',\n};\n\nfunction getUserInitials(user: FakeUser): string {\n const first = user.firstName.charAt(0).toUpperCase();\n const last = user.lastName.charAt(0).toUpperCase();\n return `${first}${last}`;\n}\n\nfunction getFullName(user: FakeUser): string {\n return `${user.firstName} ${user.lastName}`;\n}\n\ninterface AppConnectHeaderProps {\n title: string;\n}\n\nexport function AppConnectHeader({ title }: AppConnectHeaderProps) {\n const { status } = useHubSpotAppConnect();\n return (\n <header className={styles.header}>\n <div className={styles.titleRow}>\n <div className={styles.leftStack}>\n <div className={styles.titleCluster}>\n <h1 className={styles.title}>{title}</h1>\n <ShareButton pageTitle={title} />\n </div>\n {status === 'connected' ? <ViewingHubSpotContextRow /> : null}\n </div>\n </div>\n {status === 'connected' ? (\n <UserMenu />\n ) : (\n <ConnectButton variant=\"secondary\" />\n )}\n </header>\n );\n}\n\nfunction ViewingHubSpotContextRow() {\n return (\n <div className={styles.contextRow}>\n <HubSpotDataSourceIcon className={styles.contextIcon} />\n <span className={styles.contextPrefix}>Viewing HubSpot data from </span>\n <a\n className={styles.contextLink}\n href=\"#\"\n onClick={(event) => {\n event.preventDefault();\n }}\n >\n Acme Corp · HubSpot\n <ExternalLinkIcon className={styles.contextExternalIcon} />\n </a>\n </div>\n );\n}\n\nfunction UserMenu() {\n const { disconnectFromHubSpot } = useHubSpotAppConnect();\n const initials = getUserInitials(FAKE_USER);\n const fullName = getFullName(FAKE_USER);\n\n return (\n <Menu.Root modal={false}>\n <Menu.Trigger className={styles.userTrigger}>\n <span\n className={`${styles.avatar} ${styles.avatarSm}`}\n aria-hidden=\"true\"\n >\n {initials}\n </span>\n <span className={styles.triggerName}>{fullName}</span>\n <ChevronDownIcon className={styles.chevron} />\n </Menu.Trigger>\n <Menu.Portal>\n <Menu.Positioner sideOffset={8} align=\"end\">\n <Menu.Popup className={styles.popup}>\n <div className={styles.userInfo}>\n <span\n className={`${styles.avatar} ${styles.avatarLg}`}\n aria-hidden=\"true\"\n >\n {initials}\n </span>\n <div className={styles.userInfoText}>\n <span className={styles.userInfoName}>{fullName}</span>\n <span className={styles.userInfoEmail}>{FAKE_USER.email}</span>\n </div>\n </div>\n <Menu.Separator className={styles.separator} />\n <Menu.Item\n className={styles.disconnectItem}\n onClick={() => void disconnectFromHubSpot()}\n >\n <LogoutIcon className={styles.disconnectIcon} />\n Disconnect\n </Menu.Item>\n </Menu.Popup>\n </Menu.Positioner>\n </Menu.Portal>\n </Menu.Root>\n );\n}\n","import { style } from '@vanilla-extract/css';\n\nimport { themeVars } from '../../../theme.css.ts';\n\nexport const styles = {\n card: style({\n borderWidth: 1,\n borderStyle: 'solid',\n borderColor: themeVars.border.core.default,\n borderRadius: themeVars.borderRadius[400],\n padding: themeVars.space[500],\n textAlign: 'center',\n backgroundColor: themeVars.fill.surface.default.default,\n color: themeVars.text.core.default,\n }),\n message: style({\n marginTop: 0,\n marginBottom: themeVars.space[400],\n }),\n errorText: style({\n marginTop: themeVars.space[300],\n marginBottom: 0,\n color: themeVars.text.alert.default,\n }),\n} as const;\n","import type { ReactNode } from 'react';\n\nimport { useHubSpotAppConnect } from '../../hooks.ts';\nimport { ConnectButton } from '../ConnectButton/ConnectButton.tsx';\nimport { styles } from './DisconnectedBody.css.ts';\n\ninterface DisconnectedBodyProps {\n message: ReactNode;\n}\n\nexport function DisconnectedBody({ message }: DisconnectedBodyProps) {\n const { error } = useHubSpotAppConnect();\n\n return (\n <div className={styles.card}>\n <p className={styles.message}>{message}</p>\n <ConnectButton size=\"lg\" />\n {error && (\n <p className={styles.errorText}>\n Failed to connect to HubSpot. {error}\n </p>\n )}\n </div>\n );\n}\n","import { keyframes, style } from '@vanilla-extract/css';\n\nimport { themeVars } from '../../../theme.css.ts';\n\nconst spin = keyframes({\n from: { transform: 'rotate(0deg)' },\n to: { transform: 'rotate(360deg)' },\n});\n\nexport const styles = {\n wrapper: style({\n display: 'flex',\n alignItems: 'center',\n justifyContent: 'center',\n minHeight: 200,\n padding: themeVars.space[600],\n }),\n spinner: style({\n width: 40,\n height: 40,\n borderWidth: 3,\n borderStyle: 'solid',\n borderColor: themeVars.border.core.subtle.default,\n borderTopColor: themeVars.fill.primary.default,\n borderRadius: '50%',\n animation: `${spin} 0.8s linear infinite`,\n }),\n} as const;\n","import { styles } from './LoadingIndicator.css.ts';\n\nexport function LoadingIndicator() {\n return (\n <div className={styles.wrapper} role=\"status\" aria-label=\"Loading\">\n <div className={styles.spinner} />\n </div>\n );\n}\n","import { style } from '@vanilla-extract/css';\n\nimport { themeVars } from '../../../theme.css.ts';\n\nexport const styles = {\n shell: style({\n width: '100%',\n padding: `${themeVars.space[400]} ${themeVars.space[500]}`,\n }),\n content: style({\n marginTop: themeVars.space[500],\n }),\n connectedErrorBanner: style({\n backgroundColor: themeVars.fill.alert.subtle,\n borderWidth: 1,\n borderStyle: 'solid',\n borderColor: themeVars.border.alert.default,\n borderRadius: themeVars.borderRadius[300],\n padding: themeVars.space[300],\n marginBottom: themeVars.space[300],\n color: themeVars.text.alert.default,\n }),\n} as const;\n","import { useEffect, type ReactNode } from 'react';\n\nimport { themeClass } from '../../../theme.css.ts';\nimport type { AppConnectController } from '../../../types.ts';\nimport { HubSpotAppConnectControllerContext } from '../../context.ts';\nimport { useHubSpotAppConnect } from '../../hooks.ts';\nimport { AppConnectHeader } from '../AppConnectHeader/AppConnectHeader.tsx';\nimport { DisconnectedBody } from '../DisconnectedBody/DisconnectedBody.tsx';\nimport { LoadingIndicator } from '../LoadingIndicator/LoadingIndicator.tsx';\nimport { styles } from './HubSpotAppConnect.css.ts';\n\n/**\n * Props accepted by {@link HubSpotAppConnect}.\n */\nexport interface HubSpotAppConnectProps {\n /** Title text rendered in the standard SDK header. */\n title: string;\n /** Controller produced by `createAppConnectController`. */\n controller: AppConnectController;\n /** Content rendered when the controller is in the `connected` state. */\n connected: ReactNode;\n /**\n * Description text rendered inside the SDK-owned disconnected card,\n * above the primary \"Connect to HubSpot\" button.\n */\n disconnectedMessage: ReactNode;\n}\n\n/**\n * Layout component that exposes `controller` to {@link useHubSpotAppConnect},\n * starts it once on mount, and renders a standard header plus the content\n * slot that matches the current connection status.\n */\nexport function HubSpotAppConnect({\n title,\n controller,\n connected,\n disconnectedMessage,\n}: HubSpotAppConnectProps) {\n useEffect(() => {\n controller.start();\n }, [controller]);\n useEffect(() => {\n document.documentElement.classList.add(themeClass);\n return () => {\n document.documentElement.classList.remove(themeClass);\n };\n }, []);\n return (\n <HubSpotAppConnectControllerContext.Provider value={controller}>\n <div className={styles.shell}>\n <AppConnectHeader title={title} />\n <div className={styles.content}>\n <HubSpotAppConnectContent\n connected={connected}\n disconnectedMessage={disconnectedMessage}\n />\n </div>\n </div>\n </HubSpotAppConnectControllerContext.Provider>\n );\n}\n\ninterface HubSpotAppConnectContentProps {\n connected: ReactNode;\n disconnectedMessage: ReactNode;\n}\n\nfunction HubSpotAppConnectContent({\n connected,\n disconnectedMessage,\n}: HubSpotAppConnectContentProps) {\n const { status, error } = useHubSpotAppConnect();\n if (status === 'initializing') {\n return <LoadingIndicator />;\n }\n if (status === 'connected') {\n return (\n <>\n {error ? (\n <div className={styles.connectedErrorBanner} role=\"alert\">\n {error}\n </div>\n ) : null}\n {connected}\n </>\n );\n }\n return <DisconnectedBody message={disconnectedMessage} />;\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAUA,MAAa,qCACX,cAA2C,KAAK;;;;;;;;;;;ACIlD,SAAgB,uBAAmD;CACjE,MAAM,aAAa,WAAW,mCAAmC;CACjE,IAAI,cAAc,MAChB,MAAM,IAAI,MACR,6DACD;CAEH,OAAO,qBACL,WAAW,WACX,WAAW,aACX,WAAW,kBACZ;;;;;;;;;;;;;;;AEVH,SAAgB,OAAO,EACrB,UACA,WACA,SAAA,YAAU,WACV,MAAA,SAAO,MACP,OAAO,UACP,GAAG,QACW;CACd,MAAM,oBAAoB;EACxBA;EACAC,QAAeC;EACfC,KAAYC;EACZ;EACD,CACE,OAAO,QAAQ,CACf,KAAK,IAAI;CACZ,OACE,oBAAC,UAAD;EAAQ,GAAI;EAAY;EAAM,WAAW;EACtC;EACM,CAAA;;;;;;;;;;;;;;AEnBb,SAAgB,cAAc,EAC5B,UAAU,WACV,OAAO,MACP,aACqB;CACrB,MAAM,EAAE,QAAQ,qBAAqB,sBAAsB;CAC3D,MAAM,eAAe,WAAW;CAGhC,OACE,qBAAC,QAAD;EACW;EACH;EACN,WANsB,CAAC,MAAM,UAAU,CAAC,OAAO,QAAQ,CAAC,KAAK,IAMjC;EAC5B,aAAW;EACX,eAAe,KAAK,kBAAkB;EACtC,UAAU;YANZ,CAQE,oBAAC,QAAD;GAAM,WAVa,eAAe,GAAG,MAAM,GAAG,eAAe;aAU5B;GAAyB,CAAA,EACzD,eACC,oBAAC,QAAD;GAAM,WAAW,gBAAgB;GAAU,eAAY;aACrD,oBAAC,QAAD,EAAM,WAAW,SAAW,CAAA;GACvB,CAAA,GACL,KACG;;;;;ACpCb,SAAgB,gBAAgB,EAAE,aAAmC;CACnE,OACE,oBAAC,OAAD;EACa;EACX,SAAQ;EACR,MAAK;EACL,OAAM;EACN,eAAY;YAEZ,oBAAC,QAAD;GACE,GAAE;GACF,QAAO;GACP,aAAY;GACZ,eAAc;GACd,gBAAe;GACf,CAAA;EACE,CAAA;;;;AChBV,SAAgB,iBAAiB,EAAE,aAAoC;CACrE,OACE,oBAAC,OAAD;EACa;EACX,SAAQ;EACR,MAAK;EACL,OAAM;EACN,eAAY;YAEZ,oBAAC,QAAD;GACE,GAAE;GACF,QAAO;GACP,aAAY;GACZ,eAAc;GACd,gBAAe;GACf,CAAA;EACE,CAAA;;;;AChBV,SAAgB,sBAAsB,EACpC,aAC6B;CAC7B,OACE,qBAAC,OAAD;EACa;EACX,SAAQ;EACR,MAAK;EACL,OAAM;EACN,eAAY;YALd,CAOE,oBAAC,QAAD;GACE,GAAE;GACF,GAAE;GACF,OAAM;GACN,QAAO;GACP,IAAG;GACH,QAAO;GACP,aAAY;GACZ,CAAA,EACF,oBAAC,QAAD;GACE,GAAE;GACF,QAAO;GACP,aAAY;GACZ,eAAc;GACd,CAAA,CACE;;;;;AC1BV,SAAgB,WAAW,EAAE,aAA8B;CACzD,OACE,qBAAC,OAAD;EACa;EACX,SAAQ;EACR,MAAK;EACL,OAAM;EACN,eAAY;YALd;GAOE,oBAAC,QAAD;IACE,GAAE;IACF,QAAO;IACP,aAAY;IACZ,eAAc;IACd,gBAAe;IACf,CAAA;GACF,oBAAC,QAAD;IACE,GAAE;IACF,QAAO;IACP,aAAY;IACZ,eAAc;IACd,gBAAe;IACf,CAAA;GACF,oBAAC,QAAD;IACE,GAAE;IACF,QAAO;IACP,aAAY;IACZ,eAAc;IACd,gBAAe;IACf,CAAA;GACE;;;;;AC9BV,SAAgB,UAAU,EAAE,aAA6B;CACvD,OACE,qBAAC,OAAD;EACa;EACX,SAAQ;EACR,MAAK;EACL,OAAM;EACN,eAAY;YALd;GAOE,oBAAC,UAAD;IAAQ,IAAG;IAAK,IAAG;IAAI,GAAE;IAAO,QAAO;IAAe,aAAY;IAAQ,CAAA;GAC1E,oBAAC,UAAD;IAAQ,IAAG;IAAI,IAAG;IAAK,GAAE;IAAO,QAAO;IAAe,aAAY;IAAQ,CAAA;GAC1E,oBAAC,UAAD;IACE,IAAG;IACH,IAAG;IACH,GAAE;IACF,QAAO;IACP,aAAY;IACZ,CAAA;GACF,oBAAC,QAAD;IACE,GAAE;IACF,QAAO;IACP,aAAY;IACZ,eAAc;IACd,CAAA;GACE;;;;;;;;;;;AErBV,eAAe,oBACb,SACe;CACf,MAAM,EAAE,cAAc;CACtB,MAAM,MAAM,OAAO,SAAS;CAC5B,IAAI,OAAO,UAAU,UAAU,YAC7B,IAAI;EACF,MAAM,UAAU,MAAM;GAAE,OAAO;GAAW,MAAM;GAAW;GAAK,CAAC;EACjE;UACO,OAAO;EACd,IAAI,iBAAiB,gBAAgB,MAAM,SAAS,cAClD;;CAIN,IAAI,OAAO,UAAU,WAAW,cAAc,YAC5C,MAAM,UAAU,UAAU,UAAU,IAAI;;AAQ5C,SAAgB,YAAY,EAAE,aAA+B;CAC3D,OACE,qBAAC,UAAD;EACE,MAAK;EACL,WAAWC,SAAO;EAClB,eAAe,KAAK,oBAAoB,EAAE,WAAW,CAAC;YAHxD,CAKE,oBAAC,WAAD,EAAW,WAAWA,SAAO,WAAa,CAAA,EAC1C,oBAAC,QAAD,EAAA,UAAM,SAAY,CAAA,CACX;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AEvBb,MAAM,YAAsB;CAC1B,WAAW;CACX,UAAU;CACV,OAAO;CACR;AAED,SAAS,gBAAgB,MAAwB;CAG/C,OAAO,GAFO,KAAK,UAAU,OAAO,EAAE,CAAC,aAExB,GADF,KAAK,SAAS,OAAO,EAAE,CAAC,aACf;;AAGxB,SAAS,YAAY,MAAwB;CAC3C,OAAO,GAAG,KAAK,UAAU,GAAG,KAAK;;AAOnC,SAAgB,iBAAiB,EAAE,SAAgC;CACjE,MAAM,EAAE,WAAW,sBAAsB;CACzC,OACE,qBAAC,UAAD;EAAQ,WAAWC,SAAO;YAA1B,CACE,oBAAC,OAAD;GAAK,WAAWA,SAAO;aACrB,qBAAC,OAAD;IAAK,WAAWA,SAAO;cAAvB,CACE,qBAAC,OAAD;KAAK,WAAWA,SAAO;eAAvB,CACE,oBAAC,MAAD;MAAI,WAAWA,SAAO;gBAAQ;MAAW,CAAA,EACzC,oBAAC,aAAD,EAAa,WAAW,OAAS,CAAA,CAC7B;QACL,WAAW,cAAc,oBAAC,0BAAD,EAA4B,CAAA,GAAG,KACrD;;GACF,CAAA,EACL,WAAW,cACV,oBAAC,UAAD,EAAY,CAAA,GAEZ,oBAAC,eAAD,EAAe,SAAQ,aAAc,CAAA,CAEhC;;;AAIb,SAAS,2BAA2B;CAClC,OACE,qBAAC,OAAD;EAAK,WAAWA,SAAO;YAAvB;GACE,oBAAC,uBAAD,EAAuB,WAAWA,SAAO,aAAe,CAAA;GACxD,oBAAC,QAAD;IAAM,WAAWA,SAAO;cAAe;IAAiC,CAAA;GACxE,qBAAC,KAAD;IACE,WAAWA,SAAO;IAClB,MAAK;IACL,UAAU,UAAU;KAClB,MAAM,gBAAgB;;cAJ1B,CAMC,uBAEC,oBAAC,kBAAD,EAAkB,WAAWA,SAAO,qBAAuB,CAAA,CACzD;;GACA;;;AAIV,SAAS,WAAW;CAClB,MAAM,EAAE,0BAA0B,sBAAsB;CACxD,MAAM,WAAW,gBAAgB,UAAU;CAC3C,MAAM,WAAW,YAAY,UAAU;CAEvC,OACE,qBAAC,KAAK,MAAN;EAAW,OAAO;YAAlB,CACE,qBAAC,KAAK,SAAN;GAAc,WAAWA,SAAO;aAAhC;IACE,oBAAC,QAAD;KACE,WAAW,GAAGA,SAAO,OAAO,GAAGA,SAAO;KACtC,eAAY;eAEX;KACI,CAAA;IACP,oBAAC,QAAD;KAAM,WAAWA,SAAO;eAAc;KAAgB,CAAA;IACtD,oBAAC,iBAAD,EAAiB,WAAWA,SAAO,SAAW,CAAA;IACjC;MACf,oBAAC,KAAK,QAAN,EAAA,UACE,oBAAC,KAAK,YAAN;GAAiB,YAAY;GAAG,OAAM;aACpC,qBAAC,KAAK,OAAN;IAAY,WAAWA,SAAO;cAA9B;KACE,qBAAC,OAAD;MAAK,WAAWA,SAAO;gBAAvB,CACE,oBAAC,QAAD;OACE,WAAW,GAAGA,SAAO,OAAO,GAAGA,SAAO;OACtC,eAAY;iBAEX;OACI,CAAA,EACP,qBAAC,OAAD;OAAK,WAAWA,SAAO;iBAAvB,CACE,oBAAC,QAAD;QAAM,WAAWA,SAAO;kBAAe;QAAgB,CAAA,EACvD,oBAAC,QAAD;QAAM,WAAWA,SAAO;kBAAgB,UAAU;QAAa,CAAA,CAC3D;SACF;;KACN,oBAAC,KAAK,WAAN,EAAgB,WAAWA,SAAO,WAAa,CAAA;KAC/C,qBAAC,KAAK,MAAN;MACE,WAAWA,SAAO;MAClB,eAAe,KAAK,uBAAuB;gBAF7C,CAIE,oBAAC,YAAD,EAAY,WAAWA,SAAO,gBAAkB,CAAA,EAAA,aAEtC;;KACD;;GACG,CAAA,EACN,CAAA,CACJ;;;;;;;;;;;;AE/GhB,SAAgB,iBAAiB,EAAE,WAAkC;CACnE,MAAM,EAAE,UAAU,sBAAsB;CAExC,OACE,qBAAC,OAAD;EAAK,WAAWC,SAAO;YAAvB;GACE,oBAAC,KAAD;IAAG,WAAWA,SAAO;cAAU;IAAY,CAAA;GAC3C,oBAAC,eAAD,EAAe,MAAK,MAAO,CAAA;GAC1B,SACC,qBAAC,KAAD;IAAG,WAAWA,SAAO;cAArB,CAAgC,kCACC,MAC7B;;GAEF;;;;;;;;;;;AEpBV,SAAgB,mBAAmB;CACjC,OACE,oBAAC,OAAD;EAAK,WAAWC,SAAO;EAAS,MAAK;EAAS,cAAW;YACvD,oBAAC,OAAD,EAAK,WAAWA,SAAO,SAAW,CAAA;EAC9B,CAAA;;;;;;;;;;;;;;;;AE2BV,SAAgB,kBAAkB,EAChC,OACA,YACA,WACA,uBACyB;CACzB,gBAAgB;EACd,WAAW,OAAO;IACjB,CAAC,WAAW,CAAC;CAChB,gBAAgB;EACd,SAAS,gBAAgB,UAAU,IAAI,WAAW;EAClD,aAAa;GACX,SAAS,gBAAgB,UAAU,OAAO,WAAW;;IAEtD,EAAE,CAAC;CACN,OACE,oBAAC,mCAAmC,UAApC;EAA6C,OAAO;YAClD,qBAAC,OAAD;GAAK,WAAW,OAAO;aAAvB,CACE,oBAAC,kBAAD,EAAyB,OAAS,CAAA,EAClC,oBAAC,OAAD;IAAK,WAAW,OAAO;cACrB,oBAAC,0BAAD;KACa;KACU;KACrB,CAAA;IACE,CAAA,CACF;;EACsC,CAAA;;AASlD,SAAS,yBAAyB,EAChC,WACA,uBACgC;CAChC,MAAM,EAAE,QAAQ,UAAU,sBAAsB;CAChD,IAAI,WAAW,gBACb,OAAO,oBAAC,kBAAD,EAAoB,CAAA;CAE7B,IAAI,WAAW,aACb,OACE,qBAAA,UAAA,EAAA,UAAA,CACG,QACC,oBAAC,OAAD;EAAK,WAAW,OAAO;EAAsB,MAAK;YAC/C;EACG,CAAA,GACJ,MACH,UACA,EAAA,CAAA;CAGP,OAAO,oBAAC,kBAAD,EAAkB,SAAS,qBAAuB,CAAA"}

package/dist/browser/create-vctOhpX9.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"create-vctOhpX9.js","names":["disconnectFromHubSpot","runDisconnectFromHubSpot"],"sources":["../../src/shared/logger.ts","../../src/browser/app-connect-controller/utils/timeout-utils.ts","../../src/browser/app-connect-controller/connect-start.ts","../../src/browser/app-connect-controller/default-session-storage.ts","../../src/shared/constants.ts","../../src/browser/app-connect-controller/constants.ts","../../src/browser/app-connect-controller/utils/session-utils.ts","../../src/browser/app-connect-controller/disconnect.ts","../../src/browser/app-connect-controller/init.ts","../../src/browser/app-connect-controller/refresh.ts","../../src/browser/app-connect-controller/utils/memoize-utils.ts","../../src/browser/app-connect-controller/utils/store-utils.ts","../../src/browser/app-connect-controller/view-state.ts","../../src/browser/app-connect-controller/create.ts"],"sourcesContent":["/**\n * Pluggable logger contract used by the SDK on both the browser and\n * server. Consumers can pass `console`-like loggers, structured\n * loggers (pino / winston / etc.) or no-op stubs in tests.\n */\nexport interface Logger {\n debug: (message: string, ...args: unknown[]) => void;\n info: (message: string, ...args: unknown[]) => void;\n warn: (message: string, ...args: unknown[]) => void;\n error: (message: string, ...args: unknown[]) => void;\n}\n\nfunction formatPrefix(name: string): string {\n return `[${name}]`;\n}\n\n/**\n * Creates a console-backed logger that prefixes every line with the\n * supplied `name`. Used as the default when no custom logger is\n * provided.\n */\nexport function createLogger(name: string): Logger {\n const prefix = formatPrefix(name);\n return {\n debug: (message, ...args) => {\n console.debug(prefix, message, ...args);\n },\n info: (message, ...args) => {\n console.info(prefix, message, ...args);\n },\n warn: (message, ...args) => {\n console.warn(prefix, message, ...args);\n },\n error: (message, ...args) => {\n console.error(prefix, message, ...args);\n },\n };\n}\n\n/**\n * Logger that swallows every message. Convenient for tests and for\n * the SDK's server-side handlers when no logger is provided by the\n * host application.\n */\nexport const noopLogger: Logger = {\n debug: () => {},\n info: () => {},\n warn: () => {},\n error: () => {},\n};\n","export function delay(ms: number): Promise<void> {\n if (ms <= 0) {\n return Promise.resolve();\n }\n return new Promise((resolve) => {\n setTimeout(resolve, ms);\n });\n}\n","import type { InitSessionResponse } from '../../shared/wire-types.ts';\nimport type { AppConnectContext } from './types.ts';\nimport { delay } from './utils/timeout-utils.ts';\n\n/** Extra wait before redirect so the connect progress UI is visible; set to `0` to disable. */\nconst ARTIFICIAL_CONNECT_REDIRECT_DELAY_MS = 500;\n\n/**\n * Begins the OAuth connect flow:\n *\n * 1. Calls the SDK's `auth/init-session` route to mint a fresh PKCE\n * verifier + state and obtain HubSpot's `authorize` URL.\n * 2. Navigates the browser to that URL (full-page redirect).\n *\n * The `return_path` is the current path + query so the user lands\n * back where they started after authorizing.\n *\n * Throws when the init call fails. Does not return after the redirect\n * begins because the page is unloaded.\n */\nexport async function startHubSpotConnection(\n context: AppConnectContext\n): Promise<void> {\n const { config } = context;\n\n const returnPath = `${window.location.pathname}${window.location.search}`;\n\n const initUrl = new URL(\n `${config.hubSpotConnectBaseUrl}/auth/init-session`,\n window.location.origin\n );\n initUrl.searchParams.set('return_path', returnPath);\n\n const initResponse = await fetch(initUrl.toString(), {\n credentials: 'include',\n });\n if (!initResponse.ok)\n throw new Error(`Failed to init session: ${initResponse.status}`);\n const { authorization_url: authorizationUrl } =\n (await initResponse.json()) as InitSessionResponse;\n\n await delay(ARTIFICIAL_CONNECT_REDIRECT_DELAY_MS);\n\n window.location.href = authorizationUrl;\n}\n","import type { SessionStorage } from './types.ts';\n\n/**\n * Builds a `SessionStorage` adapter that delegates to the global\n * `sessionStorage` object exposed by browsers. The controller uses\n * this when no custom storage is supplied (e.g. for tests or non-DOM\n * environments).\n */\nexport function createDefaultSessionStorage(): SessionStorage {\n return {\n setItem: (key, value) => {\n sessionStorage.setItem(key, value);\n },\n getItem: (key) => {\n return sessionStorage.getItem(key);\n },\n removeItem: (key) => {\n sessionStorage.removeItem(key);\n },\n };\n}\n","/**\n * Constants whose values are part of the contract between the browser\n * controller and the server-side hubspot-connect routes. Both halves\n * import from this module so the wire format stays in sync.\n */\n\n/**\n * Query parameter on the OAuth return URL that carries the new access\n * token's expiry (Unix epoch milliseconds). The server emits this on\n * the `auth/callback` redirect; the browser parses it during `initSdk`\n * and then strips it from the URL via `history.replaceState`.\n */\nexport const EXPIRES_AT_URL_PARAM = '__hs_expires_at';\n","export { EXPIRES_AT_URL_PARAM } from '../../shared/constants.ts';\n\n/**\n * Key the controller persists the access-token `expiresAt` (Unix\n * epoch milliseconds) under in `sessionStorage`. Survives full-page\n * navigations within the same tab.\n */\nexport const EXPIRES_AT_KEY = 'hubspot_token_expires_at';\n\n/**\n * Number of milliseconds before `expiresAt` that the refresh\n * scheduler attempts to mint a new access token. 60s is comfortably\n * larger than typical network latency without burning lifetime.\n */\nexport const REFRESH_BUFFER_MS = 60_000;\n","import { EXPIRES_AT_KEY } from '../constants.ts';\nimport type { AppConnectContext } from '../types.ts';\n\ninterface StoreExpiresAtOptions {\n context: AppConnectContext;\n expiresAtMs: number;\n}\n\n/**\n * Persists the access-token `expiresAt` (Unix epoch milliseconds) to\n * both the in-memory store and `sessionStorage` so it survives\n * full-page navigations within the same tab.\n */\nexport function storeExpiresAt(options: StoreExpiresAtOptions): void {\n const { context, expiresAtMs } = options;\n context.store.setState({ expiresAt: expiresAtMs });\n context.sessionStorage.setItem(EXPIRES_AT_KEY, String(expiresAtMs));\n}\n\n/**\n * Reads the persisted `expiresAt` from `sessionStorage`. Removes the\n * value (and returns `null`) if it is malformed or already expired,\n * so a stale entry never reactivates a dead session.\n */\nexport function getExpiresAtFromSessionStorage(\n context: AppConnectContext\n): number | null {\n const raw = context.sessionStorage.getItem(EXPIRES_AT_KEY);\n if (!raw) return null;\n const val = parseInt(raw, 10);\n if (isNaN(val)) {\n context.sessionStorage.removeItem(EXPIRES_AT_KEY);\n return null;\n }\n if (Date.now() > val) {\n context.sessionStorage.removeItem(EXPIRES_AT_KEY);\n return null;\n }\n return val;\n}\n\n/**\n * Clears the persisted session-storage state. Called on disconnect.\n */\nexport function clearSessionStorage(context: AppConnectContext): void {\n context.sessionStorage.removeItem(EXPIRES_AT_KEY);\n}\n\n/**\n * Returns `true` when the controller has an `expiresAt` whose value\n * is still in the future. Used both to drive the UI status and to\n * decide whether the refresh scheduler should run.\n */\nexport function isClientSessionActive(context: AppConnectContext): boolean {\n const state = context.store.getSnapshot();\n const expiresAt = state.expiresAt;\n return expiresAt !== null && Date.now() < expiresAt;\n}\n","import type { LogoutResponse } from '../../shared/wire-types.ts';\nimport type { AppConnectContext } from './types.ts';\nimport { clearSessionStorage } from './utils/session-utils.ts';\n\n/**\n * Disconnect flow:\n *\n * 1. Calls the SDK's `auth/logout` route to revoke the upstream token\n * and clear the refresh-token cookie.\n * 2. Clears the local session-storage `expiresAt` entry.\n * 3. Updates the controller state to `disconnected` and navigates the\n * browser to the URL the server returned in `redirect_to`.\n *\n * Errors are caught, logged, and surfaced via the controller's\n * `error` field so the UI can show a retry state.\n */\nexport async function disconnectFromHubSpot(\n context: AppConnectContext\n): Promise<void> {\n const { config, logger, store } = context;\n logger.info('disconnectFromHubSpot: starting');\n store.setState({ error: null, isDisconnectInFlight: true });\n const { hubSpotConnectBaseUrl: appConnectBaseUrl } = config;\n\n try {\n clearSessionStorage(context);\n\n const response = await fetch(`${appConnectBaseUrl}/auth/logout`, {\n method: 'POST',\n credentials: 'include',\n });\n if (!response.ok) {\n throw new Error(`Logout failed: ${response.status}`);\n }\n const { redirect_to: redirectTo } =\n (await response.json()) as LogoutResponse;\n\n store.setState({\n expiresAt: null,\n isSessionConnected: false,\n isDisconnectInFlight: false,\n });\n\n window.location.href = redirectTo;\n logger.info('disconnectFromHubSpot: redirecting');\n } catch (err) {\n const message = err instanceof Error ? err.message : 'Disconnect failed';\n logger.error('disconnectFromHubSpot: failed', err);\n store.setState({\n error: message,\n isDisconnectInFlight: false,\n });\n }\n}\n","import { EXPIRES_AT_KEY, EXPIRES_AT_URL_PARAM } from './constants.ts';\nimport type { AppConnectContext } from './types.ts';\n\n/**\n * Picks up the `__hs_expires_at` parameter the OAuth callback adds to\n * the redirect URL, persists it to the controller, and strips it from\n * the address bar so it's not logged or bookmarked.\n *\n * Called once by `controller.start()`. A no-op when the parameter\n * isn't present (e.g. on every page load other than the OAuth return\n * trip).\n */\nexport async function initAppConnect(\n context: AppConnectContext\n): Promise<void> {\n const params = new URLSearchParams(window.location.search);\n const expiresAtStr = params.get(EXPIRES_AT_URL_PARAM);\n if (!expiresAtStr) return;\n\n const expiresAt = parseInt(expiresAtStr, 10);\n if (isNaN(expiresAt)) return;\n\n params.delete(EXPIRES_AT_URL_PARAM);\n const cleanSearch = params.toString();\n history.replaceState(\n null,\n '',\n cleanSearch\n ? `${window.location.pathname}?${cleanSearch}`\n : window.location.pathname\n );\n\n context.store.setState({ expiresAt });\n context.sessionStorage.setItem(EXPIRES_AT_KEY, String(expiresAt));\n}\n","import type { RefreshTokenResponse } from '../../shared/wire-types.ts';\nimport { REFRESH_BUFFER_MS } from './constants.ts';\nimport type { AppConnectContext } from './types.ts';\nimport {\n isClientSessionActive,\n storeExpiresAt,\n} from './utils/session-utils.ts';\n\n/**\n * Tear-down handle returned by {@link startRefreshScheduler}. Calling\n * `stop()` clears any pending refresh timer and unsubscribes from the\n * store so the controller can be garbage-collected.\n */\nexport interface RefreshSchedulerHandle {\n stop: () => void;\n}\n\nasync function refreshAccessToken(context: AppConnectContext): Promise<void> {\n const { config } = context;\n\n const refreshResponse = await fetch(\n `${config.hubSpotConnectBaseUrl}/auth/refresh`,\n {\n method: 'POST',\n credentials: 'include',\n }\n );\n if (!refreshResponse.ok) {\n throw new Error(`Refresh failed: ${refreshResponse.status}`);\n }\n const { expires_in: expiresInSeconds } =\n (await refreshResponse.json()) as RefreshTokenResponse;\n if (\n typeof expiresInSeconds !== 'number' ||\n !Number.isFinite(expiresInSeconds) ||\n expiresInSeconds <= 0\n ) {\n throw new Error('Refresh response missing or invalid expires_in');\n }\n const expiresAtMs = Date.now() + expiresInSeconds * 1000;\n\n storeExpiresAt({ context, expiresAtMs });\n}\n\n/**\n * Subscribes to store changes and (re)schedules a token refresh\n * whenever `expiresAt` moves. Returns a handle that the caller can\n * use to stop the scheduler when the controller is destroyed.\n */\nexport function startRefreshScheduler(\n context: AppConnectContext\n): RefreshSchedulerHandle {\n const { logger, store } = context;\n\n let refreshTimer: ReturnType<typeof setTimeout> | null = null;\n let stopped = false;\n\n const scheduleRefresh = () => {\n if (refreshTimer) {\n clearTimeout(refreshTimer);\n refreshTimer = null;\n }\n if (stopped) return;\n\n const state = store.getSnapshot();\n if (!state.isInitComplete || !state.isSessionConnected) {\n return;\n }\n\n const expiresAt = state.expiresAt;\n if (!expiresAt) {\n logger.debug('scheduleRefresh: no expiresAt, skipping');\n return;\n }\n const delayMs = Math.max(0, expiresAt - Date.now() - REFRESH_BUFFER_MS);\n logger.debug(\n 'scheduleRefresh: next refresh in ',\n (delayMs / 1000).toFixed(1),\n 's',\n {\n expiresAt,\n }\n );\n refreshTimer = setTimeout(() => {\n logger.debug('scheduleRefresh: timer fired, refreshing token');\n refreshTimer = null;\n if (stopped) return;\n\n void (async () => {\n try {\n await refreshAccessToken(context);\n if (stopped) return;\n if (isClientSessionActive(context)) {\n logger.info('token refresh: success, session still active');\n } else {\n logger.warn(\n 'token refresh: success but no active session in storage'\n );\n store.setState({ isSessionConnected: false });\n }\n } catch (err) {\n logger.error('token refresh: failed', err);\n if (stopped) return;\n store.setState({ isSessionConnected: false });\n }\n })();\n }, delayMs);\n };\n\n const unsubscribe = store.subscribe(() => {\n scheduleRefresh();\n });\n\n return {\n stop: () => {\n stopped = true;\n unsubscribe();\n if (refreshTimer) {\n clearTimeout(refreshTimer);\n refreshTimer = null;\n }\n },\n };\n}\n","/**\n * Wraps `fn` so that calls with the same input (compared via\n * `Object.is`) return the previous output without re-invoking `fn`.\n * The cache holds at most one entry, so this is safe to use for\n * derived view-state from a single store snapshot.\n *\n * Used by `getSnapshot` to keep the React state reference stable\n * between unrelated store updates — `useSyncExternalStore` would\n * otherwise re-render every consumer on every change.\n */\nexport function memoizeLast<TInput, TOutput>(\n fn: (input: TInput) => TOutput\n): (input: TInput) => TOutput {\n let lastInput: TInput;\n let lastOutput: TOutput;\n let hasValue = false;\n return (input: TInput): TOutput => {\n if (hasValue && Object.is(lastInput, input)) {\n return lastOutput;\n }\n lastInput = input;\n lastOutput = fn(input);\n hasValue = true;\n return lastOutput;\n };\n}\n","/**\n * Tiny external store used by the controller. Shaped to be compatible\n * with React's `useSyncExternalStore` while remaining usable outside\n * React.\n */\nexport interface Store<TState extends object> {\n /** Returns the current state. The reference changes on every update. */\n getSnapshot: () => Readonly<TState>;\n /**\n * Subscribes to state changes. Returns an unsubscribe function the\n * caller can invoke at teardown.\n */\n subscribe: (onChange: () => void) => () => void;\n /**\n * Merges `update` into the current state. When `update` is a\n * function, it receives the current state and returns a partial.\n * Listeners are only notified when at least one key actually\n * changed (shallow compare).\n */\n setState: (\n update:\n | Partial<TState>\n | ((prev: Readonly<TState>) => Partial<TState> | TState)\n ) => void;\n /** Reads a single key from the current state. */\n get: <K extends keyof TState>(key: K) => TState[K];\n /** Writes a single key. Listeners only fire when the value changes. */\n set: <K extends keyof TState>(key: K, value: TState[K]) => void;\n /**\n * Drops every listener and prevents future `setState`/`set` calls\n * from notifying. Used by `controller.destroy()`.\n */\n destroy: () => void;\n}\n\nfunction shallowEqualState<TState extends object>(\n a: TState,\n b: TState\n): boolean {\n const keys = new Set([\n ...Object.keys(a),\n ...Object.keys(b),\n ] as (keyof TState)[]);\n for (const k of keys) {\n if (!Object.is(a[k], b[k])) {\n return false;\n }\n }\n return true;\n}\n\nfunction mergeState<TState extends object>(\n prev: TState,\n partial: Partial<TState>\n): TState {\n return { ...prev, ...partial } as TState;\n}\n\n/**\n * Creates a new {@link Store}. The store starts with a shallow copy\n * of `initialState`; subsequent mutations never touch the caller's\n * object.\n */\nexport function createStore<TState extends object>(\n initialState: TState\n): Store<TState> {\n let state: TState = { ...initialState };\n const listeners = new Set<() => void>();\n let destroyed = false;\n\n const notify = () => {\n for (const listener of listeners) {\n listener();\n }\n };\n\n return {\n getSnapshot() {\n return state as Readonly<TState>;\n },\n subscribe(onChange) {\n listeners.add(onChange);\n return () => {\n listeners.delete(onChange);\n };\n },\n setState(update) {\n if (destroyed) return;\n const patch =\n typeof update === 'function'\n ? update(state as Readonly<TState>)\n : update;\n if (typeof patch !== 'object' || patch == null) {\n return;\n }\n const next = mergeState(state, patch as Partial<TState>);\n if (shallowEqualState(state, next)) {\n return;\n }\n state = next;\n notify();\n },\n get(key) {\n return state[key];\n },\n set(key, value) {\n if (destroyed) return;\n if (Object.is(state[key], value)) {\n return;\n }\n state = { ...state, [key]: value } as TState;\n notify();\n },\n destroy() {\n destroyed = true;\n listeners.clear();\n },\n };\n}\n","import type { AppConnectState, AppConnectStatus } from '../types.ts';\nimport type { AppConnectInternalState } from './types.ts';\n\nconst noop = (): Promise<void> => Promise.resolve();\n\n/**\n * Snapshot returned by `getServerSnapshot` for SSR. Has stable\n * references and inert connect/disconnect actions because actions are\n * meaningless before hydration.\n */\nexport const SERVER_VIEW: AppConnectState = {\n status: 'initializing',\n error: null,\n connectToHubSpot: noop,\n disconnectFromHubSpot: noop,\n};\n\n/**\n * Reduces the boolean lifecycle flags into the user-facing\n * `AppConnectStatus` enum value. The order of checks matters:\n * disconnect-in-flight beats connect-in-flight (a transitional logout\n * shouldn't show a \"connecting\" spinner), and connected beats default.\n */\nexport function getDerivedStatus(\n state: AppConnectInternalState\n): AppConnectStatus {\n const {\n isInitComplete,\n isConnectInFlight,\n isSessionConnected,\n isDisconnectInFlight,\n } = state;\n if (!isInitComplete) {\n return 'initializing';\n }\n if (isDisconnectInFlight) return 'disconnecting';\n if (isConnectInFlight) return 'connecting';\n if (isSessionConnected) return 'connected';\n return 'disconnected';\n}\n","import { noopLogger, type Logger } from '../../shared/logger.ts';\nimport type {\n AppConnectBrowserConfig,\n AppConnectController,\n AppConnectState,\n} from '../types.ts';\nimport { startHubSpotConnection } from './connect-start.ts';\nimport { createDefaultSessionStorage } from './default-session-storage.ts';\nimport { disconnectFromHubSpot as runDisconnectFromHubSpot } from './disconnect.ts';\nimport { initAppConnect } from './init.ts';\nimport { startRefreshScheduler } from './refresh.ts';\nimport type {\n AppConnectContext,\n AppConnectInternalState,\n AppConnectStore,\n} from './types.ts';\nimport { memoizeLast } from './utils/memoize-utils.ts';\nimport {\n getExpiresAtFromSessionStorage,\n isClientSessionActive,\n} from './utils/session-utils.ts';\nimport { createStore } from './utils/store-utils.ts';\nimport { getDerivedStatus, SERVER_VIEW } from './view-state.ts';\n\n/**\n * Options accepted by {@link createAppConnectController}.\n */\nexport interface CreateAppConnectControllerOptions {\n /** Runtime configuration; see {@link AppConnectBrowserConfig}. */\n config: AppConnectBrowserConfig;\n /** Logger the controller uses for status/debug messages. */\n logger?: Logger;\n}\n\n/**\n * Creates an `AppConnectController`. Exactly one controller should be\n * shared by the entire app — the React provider takes the controller\n * as a prop and exposes it via context.\n *\n * The returned controller is inert until `start()` is called: nothing\n * is read from session storage, no refresh timer is scheduled, and no\n * fetches are issued. Tests can construct a controller and inspect\n * its initial snapshot without triggering side effects.\n */\nexport function createAppConnectController(\n options: CreateAppConnectControllerOptions\n): AppConnectController {\n const { config, logger = noopLogger } = options;\n const sessionStorage = createDefaultSessionStorage();\n const store: AppConnectStore = createStore<AppConnectInternalState>({\n isInitComplete: false,\n isConnectInFlight: false,\n isDisconnectInFlight: false,\n isSessionConnected: false,\n error: null,\n expiresAt: null,\n });\n const context: AppConnectContext = {\n config,\n logger,\n sessionStorage,\n store,\n };\n\n store.setState({ expiresAt: getExpiresAtFromSessionStorage(context) });\n\n let hasStarted = false;\n\n const connectToHubSpot = async () => {\n logger.info('connectToHubSpot: starting');\n store.setState({ error: null, isConnectInFlight: true });\n try {\n await startHubSpotConnection(context);\n } catch (err) {\n const message = err instanceof Error ? err.message : 'Connection failed';\n logger.error('connectToHubSpot: failed', err);\n store.setState({ error: message });\n } finally {\n logger.debug(\n 'connectToHubSpot: connect flow step finished (may redirect to HubSpot)'\n );\n store.setState({ isConnectInFlight: false });\n }\n };\n const disconnectFromHubSpot = () => runDisconnectFromHubSpot(context);\n\n const getViewStateMemoized = memoizeLast<\n Readonly<AppConnectInternalState>,\n AppConnectState\n >((storeState) => ({\n status: getDerivedStatus(storeState),\n error: storeState.error,\n connectToHubSpot,\n disconnectFromHubSpot,\n }));\n\n function getSnapshot() {\n return getViewStateMemoized(store.getSnapshot());\n }\n\n return {\n start() {\n if (hasStarted) {\n logger.debug('start skipped (already started)');\n return;\n }\n hasStarted = true;\n startRefreshScheduler(context);\n\n logger.info('start: initSdk (OAuth return handling if applicable)');\n void (async () => {\n try {\n await initAppConnect(context);\n logger.info('initSdk: completed without error');\n } catch (err) {\n logger.error('initSdk: failed', err);\n store.setState({\n error:\n err instanceof Error\n ? err.message\n : 'App Connect initialization failed',\n });\n } finally {\n const sessionActive = isClientSessionActive(context);\n logger.info('start: init complete, session active:', sessionActive);\n store.setState({\n isInitComplete: true,\n isSessionConnected: sessionActive,\n });\n }\n })();\n },\n subscribe: (fn) => store.subscribe(fn),\n getSnapshot,\n getServerSnapshot: () => SERVER_VIEW,\n };\n}\n"],"mappings":";AAYA,SAAS,aAAa,MAAsB;CAC1C,OAAO,IAAI,KAAK;;;;;;;AAQlB,SAAgB,aAAa,MAAsB;CACjD,MAAM,SAAS,aAAa,KAAK;CACjC,OAAO;EACL,QAAQ,SAAS,GAAG,SAAS;GAC3B,QAAQ,MAAM,QAAQ,SAAS,GAAG,KAAK;;EAEzC,OAAO,SAAS,GAAG,SAAS;GAC1B,QAAQ,KAAK,QAAQ,SAAS,GAAG,KAAK;;EAExC,OAAO,SAAS,GAAG,SAAS;GAC1B,QAAQ,KAAK,QAAQ,SAAS,GAAG,KAAK;;EAExC,QAAQ,SAAS,GAAG,SAAS;GAC3B,QAAQ,MAAM,QAAQ,SAAS,GAAG,KAAK;;EAE1C;;;;;;;AAQH,MAAa,aAAqB;CAChC,aAAa;CACb,YAAY;CACZ,YAAY;CACZ,aAAa;CACd;;;ACjDD,SAAgB,MAAM,IAA2B;CAC/C,IAAI,MAAM,GACR,OAAO,QAAQ,SAAS;CAE1B,OAAO,IAAI,SAAS,YAAY;EAC9B,WAAW,SAAS,GAAG;GACvB;;;;;ACDJ,MAAM,uCAAuC;;;;;;;;;;;;;;AAe7C,eAAsB,uBACpB,SACe;CACf,MAAM,EAAE,WAAW;CAEnB,MAAM,aAAa,GAAG,OAAO,SAAS,WAAW,OAAO,SAAS;CAEjE,MAAM,UAAU,IAAI,IAClB,GAAG,OAAO,sBAAsB,qBAChC,OAAO,SAAS,OACjB;CACD,QAAQ,aAAa,IAAI,eAAe,WAAW;CAEnD,MAAM,eAAe,MAAM,MAAM,QAAQ,UAAU,EAAE,EACnD,aAAa,WACd,CAAC;CACF,IAAI,CAAC,aAAa,IAChB,MAAM,IAAI,MAAM,2BAA2B,aAAa,SAAS;CACnE,MAAM,EAAE,mBAAmB,qBACxB,MAAM,aAAa,MAAM;CAE5B,MAAM,MAAM,qCAAqC;CAEjD,OAAO,SAAS,OAAO;;;;;;;;;;ACnCzB,SAAgB,8BAA8C;CAC5D,OAAO;EACL,UAAU,KAAK,UAAU;GACvB,eAAe,QAAQ,KAAK,MAAM;;EAEpC,UAAU,QAAQ;GAChB,OAAO,eAAe,QAAQ,IAAI;;EAEpC,aAAa,QAAQ;GACnB,eAAe,WAAW,IAAI;;EAEjC;;;;;;;;;;;;;;;ACPH,MAAa,uBAAuB;;;;;;;;ACLpC,MAAa,iBAAiB;;;;;;AAO9B,MAAa,oBAAoB;;;;;;;;ACDjC,SAAgB,eAAe,SAAsC;CACnE,MAAM,EAAE,SAAS,gBAAgB;CACjC,QAAQ,MAAM,SAAS,EAAE,WAAW,aAAa,CAAC;CAClD,QAAQ,eAAe,QAAQ,gBAAgB,OAAO,YAAY,CAAC;;;;;;;AAQrE,SAAgB,+BACd,SACe;CACf,MAAM,MAAM,QAAQ,eAAe,QAAQ,eAAe;CAC1D,IAAI,CAAC,KAAK,OAAO;CACjB,MAAM,MAAM,SAAS,KAAK,GAAG;CAC7B,IAAI,MAAM,IAAI,EAAE;EACd,QAAQ,eAAe,WAAW,eAAe;EACjD,OAAO;;CAET,IAAI,KAAK,KAAK,GAAG,KAAK;EACpB,QAAQ,eAAe,WAAW,eAAe;EACjD,OAAO;;CAET,OAAO;;;;;AAMT,SAAgB,oBAAoB,SAAkC;CACpE,QAAQ,eAAe,WAAW,eAAe;;;;;;;AAQnD,SAAgB,sBAAsB,SAAqC;CAEzE,MAAM,YADQ,QAAQ,MAAM,aACL,CAAC;CACxB,OAAO,cAAc,QAAQ,KAAK,KAAK,GAAG;;;;;;;;;;;;;;;;ACxC5C,eAAsB,sBACpB,SACe;CACf,MAAM,EAAE,QAAQ,QAAQ,UAAU;CAClC,OAAO,KAAK,kCAAkC;CAC9C,MAAM,SAAS;EAAE,OAAO;EAAM,sBAAsB;EAAM,CAAC;CAC3D,MAAM,EAAE,uBAAuB,sBAAsB;CAErD,IAAI;EACF,oBAAoB,QAAQ;EAE5B,MAAM,WAAW,MAAM,MAAM,GAAG,kBAAkB,eAAe;GAC/D,QAAQ;GACR,aAAa;GACd,CAAC;EACF,IAAI,CAAC,SAAS,IACZ,MAAM,IAAI,MAAM,kBAAkB,SAAS,SAAS;EAEtD,MAAM,EAAE,aAAa,eAClB,MAAM,SAAS,MAAM;EAExB,MAAM,SAAS;GACb,WAAW;GACX,oBAAoB;GACpB,sBAAsB;GACvB,CAAC;EAEF,OAAO,SAAS,OAAO;EACvB,OAAO,KAAK,qCAAqC;UAC1C,KAAK;EACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;EACrD,OAAO,MAAM,iCAAiC,IAAI;EAClD,MAAM,SAAS;GACb,OAAO;GACP,sBAAsB;GACvB,CAAC;;;;;;;;;;;;;;ACvCN,eAAsB,eACpB,SACe;CACf,MAAM,SAAS,IAAI,gBAAgB,OAAO,SAAS,OAAO;CAC1D,MAAM,eAAe,OAAO,IAAI,qBAAqB;CACrD,IAAI,CAAC,cAAc;CAEnB,MAAM,YAAY,SAAS,cAAc,GAAG;CAC5C,IAAI,MAAM,UAAU,EAAE;CAEtB,OAAO,OAAO,qBAAqB;CACnC,MAAM,cAAc,OAAO,UAAU;CACrC,QAAQ,aACN,MACA,IACA,cACI,GAAG,OAAO,SAAS,SAAS,GAAG,gBAC/B,OAAO,SAAS,SACrB;CAED,QAAQ,MAAM,SAAS,EAAE,WAAW,CAAC;CACrC,QAAQ,eAAe,QAAQ,gBAAgB,OAAO,UAAU,CAAC;;;;AChBnE,eAAe,mBAAmB,SAA2C;CAC3E,MAAM,EAAE,WAAW;CAEnB,MAAM,kBAAkB,MAAM,MAC5B,GAAG,OAAO,sBAAsB,gBAChC;EACE,QAAQ;EACR,aAAa;EACd,CACF;CACD,IAAI,CAAC,gBAAgB,IACnB,MAAM,IAAI,MAAM,mBAAmB,gBAAgB,SAAS;CAE9D,MAAM,EAAE,YAAY,qBACjB,MAAM,gBAAgB,MAAM;CAC/B,IACE,OAAO,qBAAqB,YAC5B,CAAC,OAAO,SAAS,iBAAiB,IAClC,oBAAoB,GAEpB,MAAM,IAAI,MAAM,iDAAiD;CAInE,eAAe;EAAE;EAAS,aAFN,KAAK,KAAK,GAAG,mBAAmB;EAEb,CAAC;;;;;;;AAQ1C,SAAgB,sBACd,SACwB;CACxB,MAAM,EAAE,QAAQ,UAAU;CAE1B,IAAI,eAAqD;CACzD,IAAI,UAAU;CAEd,MAAM,wBAAwB;EAC5B,IAAI,cAAc;GAChB,aAAa,aAAa;GAC1B,eAAe;;EAEjB,IAAI,SAAS;EAEb,MAAM,QAAQ,MAAM,aAAa;EACjC,IAAI,CAAC,MAAM,kBAAkB,CAAC,MAAM,oBAClC;EAGF,MAAM,YAAY,MAAM;EACxB,IAAI,CAAC,WAAW;GACd,OAAO,MAAM,0CAA0C;GACvD;;EAEF,MAAM,UAAU,KAAK,IAAI,GAAG,YAAY,KAAK,KAAK,GAAG,kBAAkB;EACvE,OAAO,MACL,sCACC,UAAU,KAAM,QAAQ,EAAE,EAC3B,KACA,EACE,WACD,CACF;EACD,eAAe,iBAAiB;GAC9B,OAAO,MAAM,iDAAiD;GAC9D,eAAe;GACf,IAAI,SAAS;GAEb,CAAM,YAAY;IAChB,IAAI;KACF,MAAM,mBAAmB,QAAQ;KACjC,IAAI,SAAS;KACb,IAAI,sBAAsB,QAAQ,EAChC,OAAO,KAAK,+CAA+C;UACtD;MACL,OAAO,KACL,0DACD;MACD,MAAM,SAAS,EAAE,oBAAoB,OAAO,CAAC;;aAExC,KAAK;KACZ,OAAO,MAAM,yBAAyB,IAAI;KAC1C,IAAI,SAAS;KACb,MAAM,SAAS,EAAE,oBAAoB,OAAO,CAAC;;OAE7C;KACH,QAAQ;;CAGb,MAAM,cAAc,MAAM,gBAAgB;EACxC,iBAAiB;GACjB;CAEF,OAAO,EACL,YAAY;EACV,UAAU;EACV,aAAa;EACb,IAAI,cAAc;GAChB,aAAa,aAAa;GAC1B,eAAe;;IAGpB;;;;;;;;;;;;;;AChHH,SAAgB,YACd,IAC4B;CAC5B,IAAI;CACJ,IAAI;CACJ,IAAI,WAAW;CACf,QAAQ,UAA2B;EACjC,IAAI,YAAY,OAAO,GAAG,WAAW,MAAM,EACzC,OAAO;EAET,YAAY;EACZ,aAAa,GAAG,MAAM;EACtB,WAAW;EACX,OAAO;;;;;ACYX,SAAS,kBACP,GACA,GACS;CACT,MAAM,OAAO,IAAI,IAAI,CACnB,GAAG,OAAO,KAAK,EAAE,EACjB,GAAG,OAAO,KAAK,EAAE,CAClB,CAAqB;CACtB,KAAK,MAAM,KAAK,MACd,IAAI,CAAC,OAAO,GAAG,EAAE,IAAI,EAAE,GAAG,EACxB,OAAO;CAGX,OAAO;;AAGT,SAAS,WACP,MACA,SACQ;CACR,OAAO;EAAE,GAAG;EAAM,GAAG;EAAS;;;;;;;AAQhC,SAAgB,YACd,cACe;CACf,IAAI,QAAgB,EAAE,GAAG,cAAc;CACvC,MAAM,4BAAY,IAAI,KAAiB;CACvC,IAAI,YAAY;CAEhB,MAAM,eAAe;EACnB,KAAK,MAAM,YAAY,WACrB,UAAU;;CAId,OAAO;EACL,cAAc;GACZ,OAAO;;EAET,UAAU,UAAU;GAClB,UAAU,IAAI,SAAS;GACvB,aAAa;IACX,UAAU,OAAO,SAAS;;;EAG9B,SAAS,QAAQ;GACf,IAAI,WAAW;GACf,MAAM,QACJ,OAAO,WAAW,aACd,OAAO,MAA0B,GACjC;GACN,IAAI,OAAO,UAAU,YAAY,SAAS,MACxC;GAEF,MAAM,OAAO,WAAW,OAAO,MAAyB;GACxD,IAAI,kBAAkB,OAAO,KAAK,EAChC;GAEF,QAAQ;GACR,QAAQ;;EAEV,IAAI,KAAK;GACP,OAAO,MAAM;;EAEf,IAAI,KAAK,OAAO;GACd,IAAI,WAAW;GACf,IAAI,OAAO,GAAG,MAAM,MAAM,MAAM,EAC9B;GAEF,QAAQ;IAAE,GAAG;KAAQ,MAAM;IAAO;GAClC,QAAQ;;EAEV,UAAU;GACR,YAAY;GACZ,UAAU,OAAO;;EAEpB;;;;AClHH,MAAM,aAA4B,QAAQ,SAAS;;;;;;AAOnD,MAAa,cAA+B;CAC1C,QAAQ;CACR,OAAO;CACP,kBAAkB;CAClB,uBAAuB;CACxB;;;;;;;AAQD,SAAgB,iBACd,OACkB;CAClB,MAAM,EACJ,gBACA,mBACA,oBACA,yBACE;CACJ,IAAI,CAAC,gBACH,OAAO;CAET,IAAI,sBAAsB,OAAO;CACjC,IAAI,mBAAmB,OAAO;CAC9B,IAAI,oBAAoB,OAAO;CAC/B,OAAO;;;;;;;;;;;;;;ACMT,SAAgB,2BACd,SACsB;CACtB,MAAM,EAAE,QAAQ,SAAS,eAAe;CACxC,MAAM,iBAAiB,6BAA6B;CACpD,MAAM,QAAyB,YAAqC;EAClE,gBAAgB;EAChB,mBAAmB;EACnB,sBAAsB;EACtB,oBAAoB;EACpB,OAAO;EACP,WAAW;EACZ,CAAC;CACF,MAAM,UAA6B;EACjC;EACA;EACA;EACA;EACD;CAED,MAAM,SAAS,EAAE,WAAW,+BAA+B,QAAQ,EAAE,CAAC;CAEtE,IAAI,aAAa;CAEjB,MAAM,mBAAmB,YAAY;EACnC,OAAO,KAAK,6BAA6B;EACzC,MAAM,SAAS;GAAE,OAAO;GAAM,mBAAmB;GAAM,CAAC;EACxD,IAAI;GACF,MAAM,uBAAuB,QAAQ;WAC9B,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU;GACrD,OAAO,MAAM,4BAA4B,IAAI;GAC7C,MAAM,SAAS,EAAE,OAAO,SAAS,CAAC;YAC1B;GACR,OAAO,MACL,yEACD;GACD,MAAM,SAAS,EAAE,mBAAmB,OAAO,CAAC;;;CAGhD,MAAMA,gCAA8BC,sBAAyB,QAAQ;CAErE,MAAM,uBAAuB,aAG1B,gBAAgB;EACjB,QAAQ,iBAAiB,WAAW;EACpC,OAAO,WAAW;EAClB;EACA,uBAAA;EACD,EAAE;CAEH,SAAS,cAAc;EACrB,OAAO,qBAAqB,MAAM,aAAa,CAAC;;CAGlD,OAAO;EACL,QAAQ;GACN,IAAI,YAAY;IACd,OAAO,MAAM,kCAAkC;IAC/C;;GAEF,aAAa;GACb,sBAAsB,QAAQ;GAE9B,OAAO,KAAK,uDAAuD;GACnE,CAAM,YAAY;IAChB,IAAI;KACF,MAAM,eAAe,QAAQ;KAC7B,OAAO,KAAK,mCAAmC;aACxC,KAAK;KACZ,OAAO,MAAM,mBAAmB,IAAI;KACpC,MAAM,SAAS,EACb,OACE,eAAe,QACX,IAAI,UACJ,qCACP,CAAC;cACM;KACR,MAAM,gBAAgB,sBAAsB,QAAQ;KACpD,OAAO,KAAK,yCAAyC,cAAc;KACnE,MAAM,SAAS;MACb,gBAAgB;MAChB,oBAAoB;MACrB,CAAC;;OAEF;;EAEN,YAAY,OAAO,MAAM,UAAU,GAAG;EACtC;EACA,yBAAyB;EAC1B"}

package/dist/server/hono/hubspot-connect-routes/auth-callback.js DELETED Viewed

@@ -1,125 +0,0 @@
-import { base64urlDecode } from "../../shared/encoding/base64.js";
-import { HUBSPOT_ACCESS_TOKEN_COOKIE_NAME, HUBSPOT_REFRESH_COOKIE_PREFIX, TEMP_COOKIE_OAUTH_STATE, TEMP_COOKIE_PKCE_VERIFIER } from "../../constants.js";
-import { parseCookies } from "../../utils/cookie-utils.js";
-import { EXPIRES_AT_URL_PARAM } from "../../shared/constants.js";
-import { serializeCookie, setResponseCookie } from "../utils/cookie-utils.js";
-import { REFRESH_COOKIE_MAX_AGE_SEC } from "./constants.js";
-import { buildClientAssertion, buildClientAssertionFormParams, buildClientSecretFormParams, buildTokenEndpointDpopProof, requestOAuthToken } from "./oauth-client.js";
-import { buildCimdClientIdUrlFromRequest, buildOAuthRedirectUriFromRequest, clearTempCookie, isPositiveFiniteNumber, isSafeReturnPath } from "./utils.js";
-//#region src/server/hono/hubspot-connect-routes/auth-callback.ts
-async function handleAuthCallback(c, options) {
-	const { appKeys, refreshCookiePath, basePath, hubspotConnectEnv } = options;
-	const xForwardedProto = c.req.header("x-forwarded-proto") ?? void 0;
-	const xForwardedHost = c.req.header("x-forwarded-host") ?? void 0;
-	const requestHostHeader = c.req.header("host") ?? void 0;
-	const code = c.req.query("code");
-	const state = c.req.query("state");
-	if (!code || !state) return c.text("Missing code or state", 400);
-	if (hubspotConnectEnv.isAppPrivateKeyRequired && !appKeys) return c.text("Server misconfiguration: HUBSPOT_APP_PRIVATE_KEY is required when CIMD or DPoP is enabled", 500);
-	const cookies = parseCookies(c.req.header("Cookie"));
-	const expectedState = cookies[TEMP_COOKIE_OAUTH_STATE];
-	const codeVerifier = cookies[TEMP_COOKIE_PKCE_VERIFIER];
-	if (!expectedState || state !== decodeURIComponent(expectedState)) return c.text("State mismatch", 403);
-	if (!codeVerifier) return c.text("Missing PKCE verifier", 400);
-	let statePayload;
-	try {
-		statePayload = JSON.parse(new TextDecoder().decode(base64urlDecode(decodeURIComponent(state))));
-	} catch {
-		return c.text("Malformed state value", 400);
-	}
-	const returnPath = statePayload.return_path;
-	if (!returnPath || !isSafeReturnPath(returnPath)) return c.text("Invalid return path in state", 400);
-	const sessionId = statePayload.sid;
-	if (!sessionId) return c.text("Missing app session cookie", 400);
-	const decodedCodeVerifier = decodeURIComponent(codeVerifier);
-	const clientId = hubspotConnectEnv.isCimdEnabled ? buildCimdClientIdUrlFromRequest({
-		requestUrl: c.req.url,
-		basePath,
-		xForwardedProto,
-		xForwardedHost,
-		requestHostHeader
-	}) : hubspotConnectEnv.hubspotClientId;
-	const redirectUri = buildOAuthRedirectUriFromRequest({
-		requestUrl: c.req.url,
-		basePath,
-		xForwardedProto,
-		xForwardedHost,
-		requestHostHeader
-	});
-	const tokenEndpointUrl = new URL("/oauth/v1/token", hubspotConnectEnv.hubspotOAuthApiOrigin).href;
-	let dpopProof;
-	if (hubspotConnectEnv.isDpopEnabled) dpopProof = await buildTokenEndpointDpopProof({
-		appKeys,
-		tokenEndpointUrl,
-		sessionIdHash: sessionId
-	});
-	let formParams;
-	if (hubspotConnectEnv.isCimdEnabled) formParams = {
-		grant_type: "authorization_code",
-		code,
-		code_verifier: decodedCodeVerifier,
-		redirect_uri: redirectUri,
-		...buildClientAssertionFormParams({
-			clientId,
-			clientAssertion: await buildClientAssertion({
-				appKeys,
-				clientId,
-				audience: tokenEndpointUrl
-			})
-		})
-	};
-	else formParams = {
-		grant_type: "authorization_code",
-		code,
-		code_verifier: decodedCodeVerifier,
-		redirect_uri: redirectUri,
-		...buildClientSecretFormParams({
-			clientId,
-			clientSecret: hubspotConnectEnv.hubspotClientSecret
-		})
-	};
-	const tokenResult = await requestOAuthToken({
-		tokenEndpointUrl,
-		isDpopEnabled: hubspotConnectEnv.isDpopEnabled,
-		...dpopProof !== void 0 ? { dpopProof } : {},
-		formParams
-	});
-	if (!tokenResult.ok) return c.text(`Token exchange failed: ${tokenResult.errorText}`, 502);
-	const { access_token: accessToken, refresh_token: refreshToken, expires_in } = tokenResult.body;
-	if (!refreshToken) return c.text("Token response missing refresh_token", 502);
-	if (!isPositiveFiniteNumber(expires_in)) return c.text("Token response missing or invalid expires_in", 502);
-	const expiresAt = Date.now() + expires_in * 1e3;
-	const refreshCookieName = `${HUBSPOT_REFRESH_COOKIE_PREFIX}${sessionId}`;
-	setResponseCookie({
-		c,
-		value: serializeCookie({
-			name: HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,
-			value: accessToken,
-			path: "/",
-			maxAge: expires_in
-		})
-	});
-	setResponseCookie({
-		c,
-		value: serializeCookie({
-			name: refreshCookieName,
-			value: refreshToken,
-			path: refreshCookiePath,
-			maxAge: REFRESH_COOKIE_MAX_AGE_SEC
-		})
-	});
-	setResponseCookie({
-		c,
-		value: clearTempCookie(TEMP_COOKIE_PKCE_VERIFIER)
-	});
-	setResponseCookie({
-		c,
-		value: clearTempCookie(TEMP_COOKIE_OAUTH_STATE)
-	});
-	const separator = returnPath.includes("?") ? "&" : "?";
-	return c.redirect(`${returnPath}${separator}${EXPIRES_AT_URL_PARAM}=${expiresAt}`, 302);
-}
-//#endregion
-export { handleAuthCallback };
-//# sourceMappingURL=auth-callback.js.map

package/dist/server/hono/hubspot-connect-routes/auth-callback.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"auth-callback.js","names":[],"sources":["../../../../src/server/hono/hubspot-connect-routes/auth-callback.ts"],"sourcesContent":["import type { Context } from 'hono';\n\nimport { EXPIRES_AT_URL_PARAM } from '../../../shared/constants.ts';\nimport {\n HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n HUBSPOT_REFRESH_COOKIE_PREFIX,\n TEMP_COOKIE_OAUTH_STATE,\n TEMP_COOKIE_PKCE_VERIFIER,\n} from '../../constants.ts';\nimport { base64urlDecode } from '../../utils/base64-utils.ts';\nimport { parseCookies } from '../../utils/cookie-utils.ts';\nimport { serializeCookie, setResponseCookie } from '../utils/cookie-utils.ts';\nimport { REFRESH_COOKIE_MAX_AGE_SEC } from './constants.ts';\nimport {\n buildClientAssertion,\n buildClientAssertionFormParams,\n buildClientSecretFormParams,\n buildTokenEndpointDpopProof,\n requestOAuthToken,\n} from './oauth-client.ts';\nimport type { HubSpotConnectOAuthRouteOptions } from './types.ts';\nimport {\n buildCimdClientIdUrlFromRequest,\n buildOAuthRedirectUriFromRequest,\n clearTempCookie,\n isPositiveFiniteNumber,\n isSafeReturnPath,\n} from './utils.ts';\n\ninterface OAuthStatePayload {\n return_path?: string;\n sid?: string;\n}\n\nexport async function handleAuthCallback(\n c: Context,\n options: HubSpotConnectOAuthRouteOptions\n) {\n const { appKeys, refreshCookiePath, basePath, hubspotConnectEnv } = options;\n const xForwardedProto = c.req.header('x-forwarded-proto') ?? undefined;\n const xForwardedHost = c.req.header('x-forwarded-host') ?? undefined;\n const requestHostHeader = c.req.header('host') ?? undefined;\n const code = c.req.query('code');\n const state = c.req.query('state');\n\n if (!code || !state) {\n return c.text('Missing code or state', 400);\n }\n\n if (hubspotConnectEnv.isAppPrivateKeyRequired && !appKeys) {\n return c.text(\n 'Server misconfiguration: HUBSPOT_APP_PRIVATE_KEY is required when CIMD or DPoP is enabled',\n 500\n );\n }\n\n const cookies = parseCookies(c.req.header('Cookie'));\n const expectedState = cookies[TEMP_COOKIE_OAUTH_STATE];\n const codeVerifier = cookies[TEMP_COOKIE_PKCE_VERIFIER];\n\n if (!expectedState || state !== decodeURIComponent(expectedState)) {\n return c.text('State mismatch', 403);\n }\n if (!codeVerifier) {\n return c.text('Missing PKCE verifier', 400);\n }\n\n let statePayload: OAuthStatePayload;\n try {\n statePayload = JSON.parse(\n new TextDecoder().decode(base64urlDecode(decodeURIComponent(state)))\n ) as OAuthStatePayload;\n } catch {\n return c.text('Malformed state value', 400);\n }\n const returnPath = statePayload.return_path;\n if (!returnPath || !isSafeReturnPath(returnPath)) {\n return c.text('Invalid return path in state', 400);\n }\n\n const sessionId = statePayload.sid;\n if (!sessionId) {\n return c.text('Missing app session cookie', 400);\n }\n\n const decodedCodeVerifier = decodeURIComponent(codeVerifier);\n\n const clientId = hubspotConnectEnv.isCimdEnabled\n ? buildCimdClientIdUrlFromRequest({\n requestUrl: c.req.url,\n basePath,\n xForwardedProto,\n xForwardedHost,\n requestHostHeader,\n })\n : hubspotConnectEnv.hubspotClientId;\n\n const redirectUri = buildOAuthRedirectUriFromRequest({\n requestUrl: c.req.url,\n basePath,\n xForwardedProto,\n xForwardedHost,\n requestHostHeader,\n });\n\n const tokenEndpointUrl = new URL(\n '/oauth/v1/token',\n hubspotConnectEnv.hubspotOAuthApiOrigin\n ).href;\n\n let dpopProof: string | undefined;\n if (hubspotConnectEnv.isDpopEnabled) {\n dpopProof = await buildTokenEndpointDpopProof({\n appKeys: appKeys!,\n tokenEndpointUrl,\n sessionIdHash: sessionId,\n });\n }\n\n let formParams: Record<string, string>;\n if (hubspotConnectEnv.isCimdEnabled) {\n const clientAssertion = await buildClientAssertion({\n appKeys: appKeys!,\n clientId,\n audience: tokenEndpointUrl,\n });\n formParams = {\n grant_type: 'authorization_code',\n code,\n code_verifier: decodedCodeVerifier,\n redirect_uri: redirectUri,\n ...buildClientAssertionFormParams({ clientId, clientAssertion }),\n };\n } else {\n formParams = {\n grant_type: 'authorization_code',\n code,\n code_verifier: decodedCodeVerifier,\n redirect_uri: redirectUri,\n ...buildClientSecretFormParams({\n clientId,\n clientSecret: hubspotConnectEnv.hubspotClientSecret,\n }),\n };\n }\n\n const tokenResult = await requestOAuthToken({\n tokenEndpointUrl,\n isDpopEnabled: hubspotConnectEnv.isDpopEnabled,\n ...(dpopProof !== undefined ? { dpopProof } : {}),\n formParams,\n });\n if (!tokenResult.ok) {\n return c.text(`Token exchange failed: ${tokenResult.errorText}`, 502);\n }\n\n const {\n access_token: accessToken,\n refresh_token: refreshToken,\n expires_in,\n } = tokenResult.body;\n if (!refreshToken) {\n return c.text('Token response missing refresh_token', 502);\n }\n if (!isPositiveFiniteNumber(expires_in)) {\n return c.text('Token response missing or invalid expires_in', 502);\n }\n\n const expiresAt = Date.now() + expires_in * 1000;\n const refreshCookieName = `${HUBSPOT_REFRESH_COOKIE_PREFIX}${sessionId}`;\n\n setResponseCookie({\n c,\n value: serializeCookie({\n name: HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n value: accessToken,\n path: '/',\n maxAge: expires_in,\n }),\n });\n setResponseCookie({\n c,\n value: serializeCookie({\n name: refreshCookieName,\n value: refreshToken,\n path: refreshCookiePath,\n maxAge: REFRESH_COOKIE_MAX_AGE_SEC,\n }),\n });\n setResponseCookie({ c, value: clearTempCookie(TEMP_COOKIE_PKCE_VERIFIER) });\n setResponseCookie({ c, value: clearTempCookie(TEMP_COOKIE_OAUTH_STATE) });\n\n const separator = returnPath.includes('?') ? '&' : '?';\n return c.redirect(\n `${returnPath}${separator}${EXPIRES_AT_URL_PARAM}=${expiresAt}`,\n 302\n );\n}\n"],"mappings":";;;;;;;;;AAkCA,eAAsB,mBACpB,GACA,SACA;CACA,MAAM,EAAE,SAAS,mBAAmB,UAAU,sBAAsB;CACpE,MAAM,kBAAkB,EAAE,IAAI,OAAO,oBAAoB,IAAI,KAAA;CAC7D,MAAM,iBAAiB,EAAE,IAAI,OAAO,mBAAmB,IAAI,KAAA;CAC3D,MAAM,oBAAoB,EAAE,IAAI,OAAO,OAAO,IAAI,KAAA;CAClD,MAAM,OAAO,EAAE,IAAI,MAAM,OAAO;CAChC,MAAM,QAAQ,EAAE,IAAI,MAAM,QAAQ;CAElC,IAAI,CAAC,QAAQ,CAAC,OACZ,OAAO,EAAE,KAAK,yBAAyB,IAAI;CAG7C,IAAI,kBAAkB,2BAA2B,CAAC,SAChD,OAAO,EAAE,KACP,6FACA,IACD;CAGH,MAAM,UAAU,aAAa,EAAE,IAAI,OAAO,SAAS,CAAC;CACpD,MAAM,gBAAgB,QAAQ;CAC9B,MAAM,eAAe,QAAQ;CAE7B,IAAI,CAAC,iBAAiB,UAAU,mBAAmB,cAAc,EAC/D,OAAO,EAAE,KAAK,kBAAkB,IAAI;CAEtC,IAAI,CAAC,cACH,OAAO,EAAE,KAAK,yBAAyB,IAAI;CAG7C,IAAI;CACJ,IAAI;EACF,eAAe,KAAK,MAClB,IAAI,aAAa,CAAC,OAAO,gBAAgB,mBAAmB,MAAM,CAAC,CAAC,CACrE;SACK;EACN,OAAO,EAAE,KAAK,yBAAyB,IAAI;;CAE7C,MAAM,aAAa,aAAa;CAChC,IAAI,CAAC,cAAc,CAAC,iBAAiB,WAAW,EAC9C,OAAO,EAAE,KAAK,gCAAgC,IAAI;CAGpD,MAAM,YAAY,aAAa;CAC/B,IAAI,CAAC,WACH,OAAO,EAAE,KAAK,8BAA8B,IAAI;CAGlD,MAAM,sBAAsB,mBAAmB,aAAa;CAE5D,MAAM,WAAW,kBAAkB,gBAC/B,gCAAgC;EAC9B,YAAY,EAAE,IAAI;EAClB;EACA;EACA;EACA;EACD,CAAC,GACF,kBAAkB;CAEtB,MAAM,cAAc,iCAAiC;EACnD,YAAY,EAAE,IAAI;EAClB;EACA;EACA;EACA;EACD,CAAC;CAEF,MAAM,mBAAmB,IAAI,IAC3B,mBACA,kBAAkB,sBACnB,CAAC;CAEF,IAAI;CACJ,IAAI,kBAAkB,eACpB,YAAY,MAAM,4BAA4B;EACnC;EACT;EACA,eAAe;EAChB,CAAC;CAGJ,IAAI;CACJ,IAAI,kBAAkB,eAMpB,aAAa;EACX,YAAY;EACZ;EACA,eAAe;EACf,cAAc;EACd,GAAG,+BAA+B;GAAE;GAAU,iBAAA,MAVlB,qBAAqB;IACxC;IACT;IACA,UAAU;IACX,CAAC;GAM+D,CAAC;EACjE;MAED,aAAa;EACX,YAAY;EACZ;EACA,eAAe;EACf,cAAc;EACd,GAAG,4BAA4B;GAC7B;GACA,cAAc,kBAAkB;GACjC,CAAC;EACH;CAGH,MAAM,cAAc,MAAM,kBAAkB;EAC1C;EACA,eAAe,kBAAkB;EACjC,GAAI,cAAc,KAAA,IAAY,EAAE,WAAW,GAAG,EAAE;EAChD;EACD,CAAC;CACF,IAAI,CAAC,YAAY,IACf,OAAO,EAAE,KAAK,0BAA0B,YAAY,aAAa,IAAI;CAGvE,MAAM,EACJ,cAAc,aACd,eAAe,cACf,eACE,YAAY;CAChB,IAAI,CAAC,cACH,OAAO,EAAE,KAAK,wCAAwC,IAAI;CAE5D,IAAI,CAAC,uBAAuB,WAAW,EACrC,OAAO,EAAE,KAAK,gDAAgD,IAAI;CAGpE,MAAM,YAAY,KAAK,KAAK,GAAG,aAAa;CAC5C,MAAM,oBAAoB,GAAG,gCAAgC;CAE7D,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAAE;EAAG,OAAO,gBAAgB,0BAA0B;EAAE,CAAC;CAC3E,kBAAkB;EAAE;EAAG,OAAO,gBAAgB,wBAAwB;EAAE,CAAC;CAEzE,MAAM,YAAY,WAAW,SAAS,IAAI,GAAG,MAAM;CACnD,OAAO,EAAE,SACP,GAAG,aAAa,YAAY,qBAAqB,GAAG,aACpD,IACD"}