@hubspot/app-connect-sdk 1.0.0-alpha.4 → 1.0.0-alpha.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-format$colon$check.log +4 -0
- package/.turbo/turbo-lint.log +2 -0
- package/.turbo/turbo-test.log +78 -0
- package/.turbo/turbo-tsdown.log +492 -20
- package/build/tsconfig.browser.tsbuildinfo +1 -1
- package/build/tsconfig.server.tsbuildinfo +1 -1
- package/dist/browser/{create-hzqjIhmO.js → create-crdncXsh.js} +2 -2
- package/dist/browser/create-crdncXsh.js.map +1 -0
- package/dist/browser/index.js +1 -1
- package/dist/browser/react/lovable.js +1 -1
- package/dist/server/api-client-core/apis/account/account-info-types.generated.d.ts +111 -0
- package/dist/server/api-client-core/apis/account/account-info.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/account/account-info.generated.js +9 -0
- package/dist/server/api-client-core/apis/account/account-info.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/account/audit-logs-types.generated.d.ts +247 -0
- package/dist/server/api-client-core/apis/account/audit-logs.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/account/audit-logs.generated.js +28 -0
- package/dist/server/api-client-core/apis/account/audit-logs.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/auth/oauth-types.generated.d.ts +121 -0
- package/dist/server/api-client-core/apis/auth/oauth.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/auth/oauth.generated.js +19 -0
- package/dist/server/api-client-core/apis/auth/oauth.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/automation/actions-types.generated.d.ts +933 -0
- package/dist/server/api-client-core/apis/automation/actions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/automation/actions.generated.js +121 -0
- package/dist/server/api-client-core/apis/automation/actions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/automation/sequences-types.generated.d.ts +422 -0
- package/dist/server/api-client-core/apis/automation/sequences.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/automation/sequences.generated.js +22 -0
- package/dist/server/api-client-core/apis/automation/sequences.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/business-units-types.generated.d.ts +75 -0
- package/dist/server/api-client-core/apis/business-units.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/business-units.generated.js +12 -0
- package/dist/server/api-client-core/apis/business-units.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/authors-types.generated.d.ts +551 -0
- package/dist/server/api-client-core/apis/cms/authors.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/authors.generated.js +163 -0
- package/dist/server/api-client-core/apis/cms/authors.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/blog-settings-types.generated.d.ts +366 -0
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.js +43 -0
- package/dist/server/api-client-core/apis/cms/blog-settings.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/cms-content-audit-types.generated.d.ts +157 -0
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js +18 -0
- package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/domains-types.generated.d.ts +193 -0
- package/dist/server/api-client-core/apis/cms/domains.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/domains.generated.js +20 -0
- package/dist/server/api-client-core/apis/cms/domains.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/hubdb-types.generated.d.ts +1097 -0
- package/dist/server/api-client-core/apis/cms/hubdb.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/hubdb.generated.js +192 -0
- package/dist/server/api-client-core/apis/cms/hubdb.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/media-bridge-types.generated.d.ts +1780 -0
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.js +185 -0
- package/dist/server/api-client-core/apis/cms/media-bridge.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/pages-types.generated.d.ts +1768 -0
- package/dist/server/api-client-core/apis/cms/pages.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/pages.generated.js +331 -0
- package/dist/server/api-client-core/apis/cms/pages.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/posts-types.generated.d.ts +1090 -0
- package/dist/server/api-client-core/apis/cms/posts.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/posts.generated.js +201 -0
- package/dist/server/api-client-core/apis/cms/posts.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/site-search-types.generated.d.ts +200 -0
- package/dist/server/api-client-core/apis/cms/site-search.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/site-search.generated.js +32 -0
- package/dist/server/api-client-core/apis/cms/site-search.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/source-code-types.generated.d.ts +218 -0
- package/dist/server/api-client-core/apis/cms/source-code.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/source-code.generated.js +52 -0
- package/dist/server/api-client-core/apis/cms/source-code.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/tags-types.generated.d.ts +515 -0
- package/dist/server/api-client-core/apis/cms/tags.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/tags.generated.js +163 -0
- package/dist/server/api-client-core/apis/cms/tags.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/url-mappings-types.generated.d.ts +177 -0
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.js +14 -0
- package/dist/server/api-client-core/apis/cms/url-mappings.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/cms/url-redirects-types.generated.d.ts +226 -0
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.js +26 -0
- package/dist/server/api-client-core/apis/cms/url-redirects.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.d.ts +802 -0
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js +74 -0
- package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/conversations/custom-channels-types.generated.d.ts +551 -0
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js +80 -0
- package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/conversations/visitor-identification-types.generated.d.ts +60 -0
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js +6 -0
- package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/conversations-types.generated.d.ts +908 -0
- package/dist/server/api-client-core/apis/conversations.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/conversations.generated.js +108 -0
- package/dist/server/api-client-core/apis/conversations.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/app-uninstalls-types.generated.d.ts +37 -0
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js +6 -0
- package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/appointments-types.generated.d.ts +989 -0
- package/dist/server/api-client-core/apis/crm/appointments.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/appointments.generated.js +118 -0
- package/dist/server/api-client-core/apis/crm/appointments.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/associations-schema-types.generated.d.ts +329 -0
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.js +60 -0
- package/dist/server/api-client-core/apis/crm/associations-schema.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/associations-types.generated.d.ts +661 -0
- package/dist/server/api-client-core/apis/crm/associations.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/associations.generated.js +83 -0
- package/dist/server/api-client-core/apis/crm/associations.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/calling-extensions-types.generated.d.ts +466 -0
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js +42 -0
- package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/calls-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/calls.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/calls.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/calls.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/carts-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/carts.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/carts.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/carts.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/commerce-payments-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.d.ts +847 -0
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/communications-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/communications.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/communications.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/communications.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/companies-types.generated.d.ts +884 -0
- package/dist/server/api-client-core/apis/crm/companies.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/companies.generated.js +67 -0
- package/dist/server/api-client-core/apis/crm/companies.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/contacts-types.generated.d.ts +899 -0
- package/dist/server/api-client-core/apis/crm/contacts.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/contacts.generated.js +70 -0
- package/dist/server/api-client-core/apis/crm/contacts.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/contracts-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/contracts.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/contracts.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/contracts.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/courses-types.generated.d.ts +853 -0
- package/dist/server/api-client-core/apis/crm/courses.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/courses.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/courses.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/crm-owners-types.generated.d.ts +140 -0
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.js +20 -0
- package/dist/server/api-client-core/apis/crm/crm-owners.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/custom-objects-types.generated.d.ts +934 -0
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.js +101 -0
- package/dist/server/api-client-core/apis/crm/custom-objects.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/deal-splits-types.generated.d.ts +196 -0
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.js +9 -0
- package/dist/server/api-client-core/apis/crm/deal-splits.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/deals-types.generated.d.ts +872 -0
- package/dist/server/api-client-core/apis/crm/deals.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/deals.generated.js +67 -0
- package/dist/server/api-client-core/apis/crm/deals.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/discounts-types.generated.d.ts +846 -0
- package/dist/server/api-client-core/apis/crm/discounts.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/discounts.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/discounts.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/emails-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/emails.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/emails.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/emails.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/exports-types.generated.d.ts +281 -0
- package/dist/server/api-client-core/apis/crm/exports.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/exports.generated.js +12 -0
- package/dist/server/api-client-core/apis/crm/exports.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/feedback-submissions-types.generated.d.ts +616 -0
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js +55 -0
- package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/fees-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/fees.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/fees.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/fees.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/goal-targets-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/goal-targets.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/imports-types.generated.d.ts +371 -0
- package/dist/server/api-client-core/apis/crm/imports.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/imports.generated.js +30 -0
- package/dist/server/api-client-core/apis/crm/imports.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/invoices-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/invoices.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/invoices.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/invoices.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/leads-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/leads.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/leads.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/leads.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/limits-tracking-types.generated.d.ts +331 -0
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js +22 -0
- package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/line-items-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/line-items.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/line-items.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/line-items.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/listings-types.generated.d.ts +853 -0
- package/dist/server/api-client-core/apis/crm/listings.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/listings.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/listings.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/lists-types.generated.d.ts +2265 -0
- package/dist/server/api-client-core/apis/crm/lists.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/lists.generated.js +105 -0
- package/dist/server/api-client-core/apis/crm/lists.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/meetings-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/meetings.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/meetings.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/meetings.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/notes-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/notes.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/notes.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/notes.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/object-library-types.generated.d.ts +60 -0
- package/dist/server/api-client-core/apis/crm/object-library.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/object-library.generated.js +9 -0
- package/dist/server/api-client-core/apis/crm/object-library.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/objects-types.generated.d.ts +712 -0
- package/dist/server/api-client-core/apis/crm/objects.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/objects.generated.js +76 -0
- package/dist/server/api-client-core/apis/crm/objects.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/orders-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/orders.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/orders.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/orders.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/partner-clients-types.generated.d.ts +725 -0
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.js +71 -0
- package/dist/server/api-client-core/apis/crm/partner-clients.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/partner-services-types.generated.d.ts +725 -0
- package/dist/server/api-client-core/apis/crm/partner-services.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/partner-services.generated.js +71 -0
- package/dist/server/api-client-core/apis/crm/partner-services.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/pipelines-types.generated.d.ts +430 -0
- package/dist/server/api-client-core/apis/crm/pipelines.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/pipelines.generated.js +94 -0
- package/dist/server/api-client-core/apis/crm/pipelines.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/postal-mail-types.generated.d.ts +844 -0
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/postal-mail.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/products-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/products.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/products.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/products.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/projects-types.generated.d.ts +881 -0
- package/dist/server/api-client-core/apis/crm/projects.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/projects.generated.js +67 -0
- package/dist/server/api-client-core/apis/crm/projects.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/properties-types.generated.d.ts +603 -0
- package/dist/server/api-client-core/apis/crm/properties.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/properties.generated.js +86 -0
- package/dist/server/api-client-core/apis/crm/properties.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/property-validations-types.generated.d.ts +121 -0
- package/dist/server/api-client-core/apis/crm/property-validations.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/property-validations.generated.js +25 -0
- package/dist/server/api-client-core/apis/crm/property-validations.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.d.ts +486 -0
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js +34 -0
- package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.d.ts +247 -0
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js +69 -0
- package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/quotes-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/quotes.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/quotes.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/quotes.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/schemas-types.generated.d.ts +669 -0
- package/dist/server/api-client-core/apis/crm/schemas.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/schemas.generated.js +41 -0
- package/dist/server/api-client-core/apis/crm/schemas.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/services-types.generated.d.ts +853 -0
- package/dist/server/api-client-core/apis/crm/services.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/services.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/services.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/tasks-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/tasks.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/tasks.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/tasks.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/taxes-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/taxes.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/taxes.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/taxes.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/tickets-types.generated.d.ts +884 -0
- package/dist/server/api-client-core/apis/crm/tickets.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/tickets.generated.js +67 -0
- package/dist/server/api-client-core/apis/crm/tickets.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/timeline-types.generated.d.ts +187 -0
- package/dist/server/api-client-core/apis/crm/timeline.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/timeline.generated.js +12 -0
- package/dist/server/api-client-core/apis/crm/timeline.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/transcriptions-types.generated.d.ts +152 -0
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.js +15 -0
- package/dist/server/api-client-core/apis/crm/transcriptions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/users-types.generated.d.ts +850 -0
- package/dist/server/api-client-core/apis/crm/users.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/users.generated.js +66 -0
- package/dist/server/api-client-core/apis/crm/users.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.d.ts +72 -0
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js +13 -0
- package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/events/manage-event-definitions-types.generated.d.ts +1005 -0
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js +39 -0
- package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/events/send-event-completions-types.generated.d.ts +94 -0
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.js +9 -0
- package/dist/server/api-client-core/apis/events/send-event-completions.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/events-types.generated.d.ts +137 -0
- package/dist/server/api-client-core/apis/events.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/events.generated.js +23 -0
- package/dist/server/api-client-core/apis/events.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/files-types.generated.d.ts +791 -0
- package/dist/server/api-client-core/apis/files.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/files.generated.js +119 -0
- package/dist/server/api-client-core/apis/files.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.d.ts +989 -0
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js +139 -0
- package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/marketing/marketing-emails-types.generated.d.ts +883 -0
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js +108 -0
- package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/marketing/marketing-events-types.generated.d.ts +1788 -0
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js +176 -0
- package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/marketing/single-send-types.generated.d.ts +123 -0
- package/dist/server/api-client-core/apis/marketing/single-send.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/marketing/single-send.generated.js +6 -0
- package/dist/server/api-client-core/apis/marketing/single-send.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/marketing/transactional-single-send-types.generated.d.ts +257 -0
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js +20 -0
- package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/meta/origins-types.generated.d.ts +77 -0
- package/dist/server/api-client-core/apis/meta/origins.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/meta/origins.generated.js +15 -0
- package/dist/server/api-client-core/apis/meta/origins.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/scheduler/meetings-types.generated.d.ts +913 -0
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.js +34 -0
- package/dist/server/api-client-core/apis/scheduler/meetings.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/settings/multicurrency-types.generated.d.ts +404 -0
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.js +38 -0
- package/dist/server/api-client-core/apis/settings/multicurrency.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/settings/tax-rates-types.generated.d.ts +111 -0
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.js +13 -0
- package/dist/server/api-client-core/apis/settings/tax-rates.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/settings/user-provisioning-types.generated.d.ts +297 -0
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js +31 -0
- package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/webhooks-journal-types.generated.d.ts +643 -0
- package/dist/server/api-client-core/apis/webhooks-journal.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/webhooks-journal.generated.js +75 -0
- package/dist/server/api-client-core/apis/webhooks-journal.generated.js.map +1 -0
- package/dist/server/api-client-core/apis/webhooks-types.generated.d.ts +1016 -0
- package/dist/server/api-client-core/apis/webhooks.generated.d.ts +7 -0
- package/dist/server/api-client-core/apis/webhooks.generated.js +105 -0
- package/dist/server/api-client-core/apis/webhooks.generated.js.map +1 -0
- package/dist/server/api-client-core/binary-data.d.ts +33 -0
- package/dist/server/api-client-core/binary-data.js +29 -0
- package/dist/server/api-client-core/binary-data.js.map +1 -0
- package/dist/server/api-client-core/client.d.ts +14 -0
- package/dist/server/{binary-data-BOalJzKu.js → api-client-core/client.js} +3 -58
- package/dist/server/api-client-core/client.js.map +1 -0
- package/dist/server/api-client-core/codegen-helpers/file-op-wrappers.js +25 -0
- package/dist/server/api-client-core/codegen-helpers/file-op-wrappers.js.map +1 -0
- package/dist/server/api-client-core/errors.d.ts +27 -0
- package/dist/server/api-client-core/errors.js +33 -0
- package/dist/server/api-client-core/errors.js.map +1 -0
- package/dist/server/api-client-core/op.d.ts +37 -0
- package/dist/server/api-client-core/op.js +44 -0
- package/dist/server/api-client-core/op.js.map +1 -0
- package/dist/server/api-client-core/pagination.d.ts +60 -0
- package/dist/server/api-client-core/pagination.js +103 -0
- package/dist/server/api-client-core/pagination.js.map +1 -0
- package/dist/server/api-client-core/plugins/fetch-transport.js +76 -0
- package/dist/server/api-client-core/plugins/fetch-transport.js.map +1 -0
- package/dist/server/{types-DEOUH4wE.d.ts → api-client-core/types.d.ts} +2 -2
- package/dist/server/api-client.d.ts +197 -60625
- package/dist/server/api-client.js +100 -5826
- package/dist/server/constants.js +73 -0
- package/dist/server/constants.js.map +1 -0
- package/dist/server/deno/start.d.ts +12 -0
- package/dist/server/deno/start.js +21 -0
- package/dist/server/deno/start.js.map +1 -0
- package/dist/server/hono/hono-request-handler.js +59 -0
- package/dist/server/hono/hono-request-handler.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/auth-complete.js +154 -0
- package/dist/server/hono/hubspot-connect-routes/auth-complete.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/auth-init-session.js +101 -0
- package/dist/server/hono/hubspot-connect-routes/auth-init-session.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/auth-logout.js +114 -0
- package/dist/server/hono/hubspot-connect-routes/auth-logout.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/auth-refresh.js +107 -0
- package/dist/server/hono/hubspot-connect-routes/auth-refresh.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.d.ts +16 -0
- package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.js +13 -0
- package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js +42 -0
- package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/constants.js +8 -0
- package/dist/server/hono/hubspot-connect-routes/constants.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/fetch-hubspot-client-metadata.js +43 -0
- package/dist/server/hono/hubspot-connect-routes/fetch-hubspot-client-metadata.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js +37 -0
- package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js +34 -0
- package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/oauth-client.js +104 -0
- package/dist/server/hono/hubspot-connect-routes/oauth-client.js.map +1 -0
- package/dist/server/hono/hubspot-connect-routes/utils.js +120 -0
- package/dist/server/hono/hubspot-connect-routes/utils.js.map +1 -0
- package/dist/server/hono/index.js +4 -0
- package/dist/server/hono/types.d.ts +32 -0
- package/dist/server/hono/utils/cookie-utils.js +30 -0
- package/dist/server/hono/utils/cookie-utils.js.map +1 -0
- package/dist/server/hono/utils/cors-middleware.js +85 -0
- package/dist/server/hono/utils/cors-middleware.js.map +1 -0
- package/dist/server/import-app-keys.js +42 -0
- package/dist/server/import-app-keys.js.map +1 -0
- package/dist/server/lovable/create-app-function-start.d.ts +26 -0
- package/dist/server/lovable/create-app-function-start.js +28 -0
- package/dist/server/lovable/create-app-function-start.js.map +1 -0
- package/dist/server/lovable/hubspot-connect/index.d.ts +15 -0
- package/dist/server/lovable/hubspot-connect/index.js +20 -0
- package/dist/server/lovable/hubspot-connect/index.js.map +1 -0
- package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js +27 -0
- package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js.map +1 -0
- package/dist/server/lovable.d.ts +6 -117
- package/dist/server/lovable.js +3 -1458
- package/dist/server/oauth.d.ts +6 -128
- package/dist/server/oauth.js +4 -1
- package/dist/server/proxy.js +68 -0
- package/dist/server/proxy.js.map +1 -0
- package/dist/server/sanitize-request.js +55 -0
- package/dist/server/sanitize-request.js.map +1 -0
- package/dist/server/secure-start-core.d.ts +23 -0
- package/dist/server/secure-start-core.js +27 -0
- package/dist/server/secure-start-core.js.map +1 -0
- package/dist/server/shared/constants.js +30 -0
- package/dist/server/shared/constants.js.map +1 -0
- package/dist/server/shared/encoding/base64.js +45 -0
- package/dist/server/shared/encoding/base64.js.map +1 -0
- package/dist/server/shared/encoding/sha256.d.ts +10 -0
- package/dist/server/shared/encoding/sha256.js +15 -0
- package/dist/server/shared/encoding/sha256.js.map +1 -0
- package/dist/server/shared/logger.d.ts +15 -0
- package/dist/server/shared/logger.js +16 -0
- package/dist/server/shared/logger.js.map +1 -0
- package/dist/server/{types-5gfN91Fq.d.ts → types.d.ts} +4 -4
- package/dist/server/utils/cookie-utils.js +21 -0
- package/dist/server/utils/cookie-utils.js.map +1 -0
- package/dist/server/utils/dpop-utils.d.ts +67 -0
- package/dist/server/utils/dpop-utils.js +75 -0
- package/dist/server/utils/dpop-utils.js.map +1 -0
- package/dist/server/utils/env-utils.js +107 -0
- package/dist/server/utils/env-utils.js.map +1 -0
- package/dist/server/utils/jwk-utils.d.ts +16 -0
- package/dist/server/utils/jwk-utils.js +24 -0
- package/dist/server/utils/jwk-utils.js.map +1 -0
- package/dist/server/utils/jwt-utils.d.ts +39 -0
- package/dist/server/utils/jwt-utils.js +87 -0
- package/dist/server/utils/jwt-utils.js.map +1 -0
- package/package.json +3 -3
- package/src/browser/app-connect-controller/connect-start.ts +1 -2
- package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.test.ts +17 -24
- package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.ts +8 -8
- package/src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts +2 -3
- package/src/server/proxy.test.ts +1 -1
- package/src/server/proxy.ts +7 -4
- package/src/server/secure-start-core.ts +7 -6
- package/src/server/types.ts +2 -2
- package/src/server/utils/env-utils.test.ts +140 -12
- package/src/server/utils/env-utils.ts +80 -6
- package/tsdown.config.ts +1 -1
- package/dist/browser/create-hzqjIhmO.js.map +0 -1
- package/dist/server/api-client.js.map +0 -1
- package/dist/server/binary-data-BOalJzKu.js.map +0 -1
- package/dist/server/lovable.js.map +0 -1
- package/dist/server/sha256-B7y8GBFB.js +0 -228
- package/dist/server/sha256-B7y8GBFB.js.map +0 -1
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
//#region src/server/constants.ts
|
|
2
|
+
/**
|
|
3
|
+
* Cookie name carrying the DPoP-bound access token. Uses the
|
|
4
|
+
* `__Host-` prefix so the browser only accepts it from a `Secure`
|
|
5
|
+
* response with `Path=/` — a defense-in-depth against subdomain
|
|
6
|
+
* cookie injection.
|
|
7
|
+
*/
|
|
8
|
+
const HUBSPOT_ACCESS_TOKEN_COOKIE_NAME = "__Host-hs_access_token";
|
|
9
|
+
/**
|
|
10
|
+
* Cookie carrying the opaque app-session ID. Hashed before being put
|
|
11
|
+
* on the wire as a DPoP `sid` claim.
|
|
12
|
+
*/
|
|
13
|
+
const HUBSPOT_APP_SID_COOKIE_NAME = "__Host-hs_app_sid";
|
|
14
|
+
/**
|
|
15
|
+
* Cookie pinning the browser-facing app origin (e.g.
|
|
16
|
+
* `https://app.example.com`) for the lifetime of an app session.
|
|
17
|
+
* Set by `auth/init-session` from the request's `Origin` header and
|
|
18
|
+
* read by:
|
|
19
|
+
*
|
|
20
|
+
* - The CORS middleware to emit a credentialed
|
|
21
|
+
* `Access-Control-Allow-Origin` value (`*` is forbidden when
|
|
22
|
+
* `Access-Control-Allow-Credentials: true`).
|
|
23
|
+
* - `auth/complete` to rebuild the OAuth `redirect_uri` it sent to
|
|
24
|
+
* HubSpot during `init-session` (the token endpoint validates that
|
|
25
|
+
* the two values match).
|
|
26
|
+
*
|
|
27
|
+
* `__Host-` prefixed (Path=/, Secure, no Domain), so the same
|
|
28
|
+
* function host can serve both `hubspot-connect` and `api` routes
|
|
29
|
+
* and read the cookie from either.
|
|
30
|
+
*/
|
|
31
|
+
const HUBSPOT_APP_ORIGIN_COOKIE_NAME = "__Host-hs_app_origin";
|
|
32
|
+
/**
|
|
33
|
+
* Prefix used for refresh-token cookies. Each session gets its own
|
|
34
|
+
* cookie name (`hs_refresh_<sidHash>`) so multiple devices/tabs can
|
|
35
|
+
* coexist without overwriting each other's refresh tokens.
|
|
36
|
+
*/
|
|
37
|
+
const HUBSPOT_REFRESH_COOKIE_PREFIX = "hs_refresh_";
|
|
38
|
+
const PROTECTED_COOKIE_NAMES = new Set([
|
|
39
|
+
HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,
|
|
40
|
+
HUBSPOT_APP_SID_COOKIE_NAME,
|
|
41
|
+
HUBSPOT_APP_ORIGIN_COOKIE_NAME
|
|
42
|
+
]);
|
|
43
|
+
/**
|
|
44
|
+
* Returns `true` for cookies the SDK manages internally
|
|
45
|
+
* (access token, session ID, any refresh-token cookie). The
|
|
46
|
+
* `sanitizeRequest` helper uses this to strip these cookies from the
|
|
47
|
+
* request before user code sees it, ensuring user route handlers
|
|
48
|
+
* cannot accidentally leak them in logs or proxy them upstream.
|
|
49
|
+
*/
|
|
50
|
+
function isProtectedCookieName(cookieName) {
|
|
51
|
+
return PROTECTED_COOKIE_NAMES.has(cookieName) || cookieName.startsWith("hs_refresh_");
|
|
52
|
+
}
|
|
53
|
+
/**
|
|
54
|
+
* Cookie carrying the PKCE code verifier between `init-session` and
|
|
55
|
+
* `auth/complete`. Set with `SameSite=None; Secure; Partitioned` so the
|
|
56
|
+
* frontend's credentialed cross-site `POST /auth/complete` (made from
|
|
57
|
+
* the OAuth callback page on the app origin to the SDK's edge function
|
|
58
|
+
* origin) carries it through. `Lax` would silently drop it on that
|
|
59
|
+
* fetch, breaking every successful HubSpot redirect.
|
|
60
|
+
*/
|
|
61
|
+
const TEMP_COOKIE_PKCE_VERIFIER = "__hs_pkce_verifier";
|
|
62
|
+
/**
|
|
63
|
+
* Cookie carrying the OAuth `state` value between `init-session` and
|
|
64
|
+
* `auth/complete`. Compared against the `state` query parameter as the
|
|
65
|
+
* primary CSRF defense. Same `SameSite=None; Secure; Partitioned`
|
|
66
|
+
* attributes as `TEMP_COOKIE_PKCE_VERIFIER` for the same cross-site
|
|
67
|
+
* `POST /auth/complete` reason.
|
|
68
|
+
*/
|
|
69
|
+
const TEMP_COOKIE_OAUTH_STATE = "__hs_oauth_state";
|
|
70
|
+
//#endregion
|
|
71
|
+
export { HUBSPOT_ACCESS_TOKEN_COOKIE_NAME, HUBSPOT_APP_ORIGIN_COOKIE_NAME, HUBSPOT_APP_SID_COOKIE_NAME, HUBSPOT_REFRESH_COOKIE_PREFIX, TEMP_COOKIE_OAUTH_STATE, TEMP_COOKIE_PKCE_VERIFIER, isProtectedCookieName };
|
|
72
|
+
|
|
73
|
+
//# sourceMappingURL=constants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.js","names":[],"sources":["../../src/server/constants.ts"],"sourcesContent":["/**\n * Cookie name carrying the DPoP-bound access token. Uses the\n * `__Host-` prefix so the browser only accepts it from a `Secure`\n * response with `Path=/` — a defense-in-depth against subdomain\n * cookie injection.\n */\nexport const HUBSPOT_ACCESS_TOKEN_COOKIE_NAME = '__Host-hs_access_token';\n\n/**\n * Cookie carrying the opaque app-session ID. Hashed before being put\n * on the wire as a DPoP `sid` claim.\n */\nexport const HUBSPOT_APP_SID_COOKIE_NAME = '__Host-hs_app_sid';\n\n/**\n * Cookie pinning the browser-facing app origin (e.g.\n * `https://app.example.com`) for the lifetime of an app session.\n * Set by `auth/init-session` from the request's `Origin` header and\n * read by:\n *\n * - The CORS middleware to emit a credentialed\n * `Access-Control-Allow-Origin` value (`*` is forbidden when\n * `Access-Control-Allow-Credentials: true`).\n * - `auth/complete` to rebuild the OAuth `redirect_uri` it sent to\n * HubSpot during `init-session` (the token endpoint validates that\n * the two values match).\n *\n * `__Host-` prefixed (Path=/, Secure, no Domain), so the same\n * function host can serve both `hubspot-connect` and `api` routes\n * and read the cookie from either.\n */\nexport const HUBSPOT_APP_ORIGIN_COOKIE_NAME = '__Host-hs_app_origin';\n\n/**\n * Prefix used for refresh-token cookies. Each session gets its own\n * cookie name (`hs_refresh_<sidHash>`) so multiple devices/tabs can\n * coexist without overwriting each other's refresh tokens.\n */\nexport const HUBSPOT_REFRESH_COOKIE_PREFIX = 'hs_refresh_';\n\nconst PROTECTED_COOKIE_NAMES = new Set([\n HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n HUBSPOT_APP_SID_COOKIE_NAME,\n HUBSPOT_APP_ORIGIN_COOKIE_NAME,\n]);\n\n/**\n * Returns `true` for cookies the SDK manages internally\n * (access token, session ID, any refresh-token cookie). The\n * `sanitizeRequest` helper uses this to strip these cookies from the\n * request before user code sees it, ensuring user route handlers\n * cannot accidentally leak them in logs or proxy them upstream.\n */\nexport function isProtectedCookieName(cookieName: string): boolean {\n return (\n PROTECTED_COOKIE_NAMES.has(cookieName) ||\n cookieName.startsWith(HUBSPOT_REFRESH_COOKIE_PREFIX)\n );\n}\n\n/**\n * Cookie carrying the PKCE code verifier between `init-session` and\n * `auth/complete`. Set with `SameSite=None; Secure; Partitioned` so the\n * frontend's credentialed cross-site `POST /auth/complete` (made from\n * the OAuth callback page on the app origin to the SDK's edge function\n * origin) carries it through. `Lax` would silently drop it on that\n * fetch, breaking every successful HubSpot redirect.\n */\nexport const TEMP_COOKIE_PKCE_VERIFIER = '__hs_pkce_verifier';\n\n/**\n * Cookie carrying the OAuth `state` value between `init-session` and\n * `auth/complete`. Compared against the `state` query parameter as the\n * primary CSRF defense. Same `SameSite=None; Secure; Partitioned`\n * attributes as `TEMP_COOKIE_PKCE_VERIFIER` for the same cross-site\n * `POST /auth/complete` reason.\n */\nexport const TEMP_COOKIE_OAUTH_STATE = '__hs_oauth_state';\n"],"mappings":";;;;;;;AAMA,MAAa,mCAAmC;;;;;AAMhD,MAAa,8BAA8B;;;;;;;;;;;;;;;;;;AAmB3C,MAAa,iCAAiC;;;;;;AAO9C,MAAa,gCAAgC;AAE7C,MAAM,yBAAyB,IAAI,IAAI;CACrC;CACA;CACA;CACD,CAAC;;;;;;;;AASF,SAAgB,sBAAsB,YAA6B;CACjE,OACE,uBAAuB,IAAI,WAAW,IACtC,WAAW,WAAA,cAAyC;;;;;;;;;;AAYxD,MAAa,4BAA4B;;;;;;;;AASzC,MAAa,0BAA0B"}
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
import { SecureStartContext, SecureStartLoader } from "../secure-start-core.js";
|
|
2
|
+
|
|
3
|
+
//#region src/server/deno/start.d.ts
|
|
4
|
+
/**
|
|
5
|
+
* Deno entrypoint helper. Reads `HUBSPOT_APP_PRIVATE_KEY` from `Deno.env`
|
|
6
|
+
* when CIMD or DPoP is enabled, imports the supplied loader, and invokes
|
|
7
|
+
* `start` with `AppKeys` or `null`.
|
|
8
|
+
*/
|
|
9
|
+
declare function secureStart(loader: SecureStartLoader): Promise<void>;
|
|
10
|
+
//#endregion
|
|
11
|
+
export { secureStart };
|
|
12
|
+
//# sourceMappingURL=start.d.ts.map
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import { runSecureStart } from "../secure-start-core.js";
|
|
2
|
+
//#region src/server/deno/start.ts
|
|
3
|
+
const denoSecureStartAdapter = {
|
|
4
|
+
readEnv: (key) => Deno.env.get(key),
|
|
5
|
+
deleteEnv: (key) => {
|
|
6
|
+
Deno.env.delete(key);
|
|
7
|
+
},
|
|
8
|
+
exit: (code) => Deno.exit(code)
|
|
9
|
+
};
|
|
10
|
+
/**
|
|
11
|
+
* Deno entrypoint helper. Reads `HUBSPOT_APP_PRIVATE_KEY` from `Deno.env`
|
|
12
|
+
* when CIMD or DPoP is enabled, imports the supplied loader, and invokes
|
|
13
|
+
* `start` with `AppKeys` or `null`.
|
|
14
|
+
*/
|
|
15
|
+
function secureStart(loader) {
|
|
16
|
+
return runSecureStart(loader, denoSecureStartAdapter);
|
|
17
|
+
}
|
|
18
|
+
//#endregion
|
|
19
|
+
export { secureStart };
|
|
20
|
+
|
|
21
|
+
//# sourceMappingURL=start.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"start.js","names":[],"sources":["../../../src/server/deno/start.ts"],"sourcesContent":["import {\n runSecureStart,\n type SecureStartAdapter,\n type SecureStartContext,\n type SecureStartLoader,\n} from '../secure-start-core.ts';\n\nexport type { SecureStartContext, SecureStartLoader };\n\nconst denoSecureStartAdapter: SecureStartAdapter = {\n readEnv: (key) => Deno.env.get(key),\n deleteEnv: (key) => {\n Deno.env.delete(key);\n },\n exit: (code) => Deno.exit(code),\n};\n\n/**\n * Deno entrypoint helper. Reads `HUBSPOT_APP_PRIVATE_KEY` from `Deno.env`\n * when CIMD or DPoP is enabled, imports the supplied loader, and invokes\n * `start` with `AppKeys` or `null`.\n */\nexport function secureStart(loader: SecureStartLoader): Promise<void> {\n return runSecureStart(loader, denoSecureStartAdapter);\n}\n"],"mappings":";;AASA,MAAM,yBAA6C;CACjD,UAAU,QAAQ,KAAK,IAAI,IAAI,IAAI;CACnC,YAAY,QAAQ;EAClB,KAAK,IAAI,OAAO,IAAI;;CAEtB,OAAO,SAAS,KAAK,KAAK,KAAK;CAChC;;;;;;AAOD,SAAgB,YAAY,QAA0C;CACpE,OAAO,eAAe,QAAQ,uBAAuB"}
|
|
@@ -0,0 +1,59 @@
|
|
|
1
|
+
import { createHubSpotClient } from "../api-client-core/client.js";
|
|
2
|
+
import { noopLogger } from "../shared/logger.js";
|
|
3
|
+
import { fetchTransportPlugin } from "../api-client-core/plugins/fetch-transport.js";
|
|
4
|
+
import { HUBSPOT_ACCESS_TOKEN_COOKIE_NAME, HUBSPOT_APP_SID_COOKIE_NAME } from "../constants.js";
|
|
5
|
+
import { createHubSpotProxy } from "../proxy.js";
|
|
6
|
+
import { parseCookies } from "../utils/cookie-utils.js";
|
|
7
|
+
import { sanitizeRequest } from "../sanitize-request.js";
|
|
8
|
+
import { corsMiddleware } from "./utils/cors-middleware.js";
|
|
9
|
+
import { Hono } from "hono";
|
|
10
|
+
//#region src/server/hono/hono-request-handler.ts
|
|
11
|
+
/**
|
|
12
|
+
* Wraps a Hono app so its `fetch` handler additionally:
|
|
13
|
+
*
|
|
14
|
+
* - Strips SDK-managed cookies (access token, refresh, sid) from the
|
|
15
|
+
* request before the app sees them, via `sanitizeRequest`.
|
|
16
|
+
* - Exposes a `hubSpotProxy` on the Hono context so route handlers
|
|
17
|
+
* can issue authenticated calls to HubSpot's API on behalf of the
|
|
18
|
+
* browser session.
|
|
19
|
+
*/
|
|
20
|
+
function createAppConnectRequestHandler(options) {
|
|
21
|
+
const { registerRoutes, appKeys, logger = noopLogger } = options;
|
|
22
|
+
const app = new Hono();
|
|
23
|
+
app.use("*", corsMiddleware());
|
|
24
|
+
app.use("*", async (c, next) => {
|
|
25
|
+
const { authenticated } = c.env.hubSpot;
|
|
26
|
+
if (!authenticated) return c.json({ error: "Unauthorized" }, 401);
|
|
27
|
+
await next();
|
|
28
|
+
});
|
|
29
|
+
registerRoutes(app);
|
|
30
|
+
return (request) => {
|
|
31
|
+
const cookie = request.headers.get("Cookie");
|
|
32
|
+
if (!cookie) throw new Error("Missing auth cookies");
|
|
33
|
+
const cookies = parseCookies(cookie);
|
|
34
|
+
const accessToken = cookies[HUBSPOT_ACCESS_TOKEN_COOKIE_NAME];
|
|
35
|
+
const proxy = createHubSpotProxy({
|
|
36
|
+
userCredentials: {
|
|
37
|
+
accessToken,
|
|
38
|
+
sessionId: cookies[HUBSPOT_APP_SID_COOKIE_NAME]
|
|
39
|
+
},
|
|
40
|
+
appKeys,
|
|
41
|
+
logger
|
|
42
|
+
});
|
|
43
|
+
const client = createHubSpotClient({ plugins: [fetchTransportPlugin({ getAccessToken: () => {
|
|
44
|
+
if (!accessToken) throw new Error("Missing access token");
|
|
45
|
+
return accessToken;
|
|
46
|
+
} })] });
|
|
47
|
+
const sanitizedRequest = sanitizeRequest(request);
|
|
48
|
+
const honoBindings = { hubSpot: {
|
|
49
|
+
proxy,
|
|
50
|
+
client,
|
|
51
|
+
authenticated: proxy.authenticated
|
|
52
|
+
} };
|
|
53
|
+
return app.fetch(sanitizedRequest, honoBindings);
|
|
54
|
+
};
|
|
55
|
+
}
|
|
56
|
+
//#endregion
|
|
57
|
+
export { createAppConnectRequestHandler };
|
|
58
|
+
|
|
59
|
+
//# sourceMappingURL=hono-request-handler.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"hono-request-handler.js","names":[],"sources":["../../../src/server/hono/hono-request-handler.ts"],"sourcesContent":["import { Hono } from 'hono';\n\nimport { noopLogger, type Logger } from '../../shared/logger.ts';\nimport { createHubSpotClient } from '../api-client-core/client.ts';\nimport { fetchTransportPlugin } from '../api-client-core/plugins/fetch-transport.ts';\nimport {\n HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n HUBSPOT_APP_SID_COOKIE_NAME,\n} from '../constants.ts';\nimport { createHubSpotProxy } from '../proxy.ts';\nimport { sanitizeRequest } from '../sanitize-request.ts';\nimport type { AppKeys, UserCredentials } from '../types.ts';\nimport { parseCookies } from '../utils/cookie-utils.ts';\nimport type { AppConnectHonoBindings, AppConnectHonoEnv } from './types.ts';\nimport { corsMiddleware } from './utils/cors-middleware.ts';\n\n/**\n * Web-standard fetch handler signature returned by\n * {@link createAppConnectRequestHandler}.\n */\nexport type AppConnectFetchHandler = (\n request: Request\n) => Response | Promise<Response>;\n\n/**\n * Callback used to attach application routes to the SDK-owned Hono\n * app instance.\n */\nexport type RegisterAppConnectRoutesFunction = (\n app: Hono<AppConnectHonoEnv>\n) => void;\n\n/**\n * Options accepted by {@link createAppConnectRequestHandler}.\n */\nexport interface CreateAppConnectRequestHandlerOptions {\n /** Registers application routes on the SDK-owned Hono app. */\n registerRoutes: RegisterAppConnectRoutesFunction;\n /**\n * Imported app keys from `secureStart`, or `null` when CIMD and DPoP\n * are both disabled.\n */\n appKeys: AppKeys | null;\n /**\n * Optional logger. When omitted the SDK uses a no-op logger so\n * server-side state never leaks into the host application's\n * console.\n */\n logger?: Logger;\n}\n\n/**\n * Wraps a Hono app so its `fetch` handler additionally:\n *\n * - Strips SDK-managed cookies (access token, refresh, sid) from the\n * request before the app sees them, via `sanitizeRequest`.\n * - Exposes a `hubSpotProxy` on the Hono context so route handlers\n * can issue authenticated calls to HubSpot's API on behalf of the\n * browser session.\n */\nexport function createAppConnectRequestHandler(\n options: CreateAppConnectRequestHandlerOptions\n): AppConnectFetchHandler {\n const { registerRoutes, appKeys, logger = noopLogger } = options;\n const app = new Hono<AppConnectHonoEnv>();\n // Credentialed CORS first: preflights short-circuit with 204\n // before the auth check runs, and 401 responses still carry\n // `Access-Control-Allow-*` headers (the browser drops responses\n // without them on credentialed cross-site fetches).\n app.use('*', corsMiddleware());\n\n // Auth gate: every non-OPTIONS request must arrive with the\n // SDK-managed access-token + session-id cookies. The CORS\n // middleware above short-circuits OPTIONS, so this only runs on\n // real requests; missing cookies now surface as a normal 401 with\n // CORS headers attached on the way back out (the previous\n // implementation threw on a missing `Cookie` header before any\n // middleware ran, which broke browser preflights).\n app.use('*', async (c, next) => {\n const { authenticated } = c.env.hubSpot;\n if (!authenticated) {\n return c.json({ error: 'Unauthorized' }, 401);\n }\n\n await next();\n return;\n });\n\n registerRoutes(app);\n\n return (request: Request) => {\n const cookie = request.headers.get('Cookie');\n if (!cookie) {\n throw new Error('Missing auth cookies');\n }\n const cookies = parseCookies(cookie);\n const accessToken = cookies[HUBSPOT_ACCESS_TOKEN_COOKIE_NAME];\n const sessionId = cookies[HUBSPOT_APP_SID_COOKIE_NAME];\n\n const userCredentials: UserCredentials = { accessToken, sessionId };\n\n const proxy = createHubSpotProxy({\n userCredentials,\n appKeys,\n logger,\n });\n\n const client = createHubSpotClient({\n plugins: [\n fetchTransportPlugin({\n getAccessToken: () => {\n if (!accessToken) {\n throw new Error('Missing access token');\n }\n return accessToken;\n },\n }),\n ],\n });\n\n const sanitizedRequest = sanitizeRequest(request);\n\n const honoBindings: AppConnectHonoBindings = {\n hubSpot: {\n proxy,\n client,\n authenticated: proxy.authenticated,\n },\n };\n\n return app.fetch(sanitizedRequest, honoBindings);\n };\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;AA4DA,SAAgB,+BACd,SACwB;CACxB,MAAM,EAAE,gBAAgB,SAAS,SAAS,eAAe;CACzD,MAAM,MAAM,IAAI,MAAyB;CAKzC,IAAI,IAAI,KAAK,gBAAgB,CAAC;CAS9B,IAAI,IAAI,KAAK,OAAO,GAAG,SAAS;EAC9B,MAAM,EAAE,kBAAkB,EAAE,IAAI;EAChC,IAAI,CAAC,eACH,OAAO,EAAE,KAAK,EAAE,OAAO,gBAAgB,EAAE,IAAI;EAG/C,MAAM,MAAM;GAEZ;CAEF,eAAe,IAAI;CAEnB,QAAQ,YAAqB;EAC3B,MAAM,SAAS,QAAQ,QAAQ,IAAI,SAAS;EAC5C,IAAI,CAAC,QACH,MAAM,IAAI,MAAM,uBAAuB;EAEzC,MAAM,UAAU,aAAa,OAAO;EACpC,MAAM,cAAc,QAAQ;EAK5B,MAAM,QAAQ,mBAAmB;GAC/B,iBAAA;IAHyC;IAAa,WAFtC,QAAQ;IAKT;GACf;GACA;GACD,CAAC;EAEF,MAAM,SAAS,oBAAoB,EACjC,SAAS,CACP,qBAAqB,EACnB,sBAAsB;GACpB,IAAI,CAAC,aACH,MAAM,IAAI,MAAM,uBAAuB;GAEzC,OAAO;KAEV,CAAC,CACH,EACF,CAAC;EAEF,MAAM,mBAAmB,gBAAgB,QAAQ;EAEjD,MAAM,eAAuC,EAC3C,SAAS;GACP;GACA;GACA,eAAe,MAAM;GACtB,EACF;EAED,OAAO,IAAI,MAAM,kBAAkB,aAAa"}
|
|
@@ -0,0 +1,154 @@
|
|
|
1
|
+
import { base64urlDecode } from "../../shared/encoding/base64.js";
|
|
2
|
+
import { HUBSPOT_ACCESS_TOKEN_COOKIE_NAME, HUBSPOT_APP_ORIGIN_COOKIE_NAME, HUBSPOT_REFRESH_COOKIE_PREFIX, TEMP_COOKIE_OAUTH_STATE, TEMP_COOKIE_PKCE_VERIFIER } from "../../constants.js";
|
|
3
|
+
import { parseCookies } from "../../utils/cookie-utils.js";
|
|
4
|
+
import { AUTH_COMPLETE_CODE_PARAM, AUTH_COMPLETE_STATE_PARAM } from "../../shared/constants.js";
|
|
5
|
+
import { serializeCookie, setResponseCookie } from "../utils/cookie-utils.js";
|
|
6
|
+
import { REFRESH_COOKIE_MAX_AGE_SEC } from "./constants.js";
|
|
7
|
+
import { buildClientAssertion, buildClientAssertionFormParams, buildClientSecretFormParams, buildTokenEndpointDpopProof, requestOAuthToken } from "./oauth-client.js";
|
|
8
|
+
import { buildCimdClientIdUrlFromRequest, buildFrontendOAuthRedirectUri, clearTempCookie, isPositiveFiniteNumber, isSafeReturnPath, parseAppOriginHeader } from "./utils.js";
|
|
9
|
+
//#region src/server/hono/hubspot-connect-routes/auth-complete.ts
|
|
10
|
+
/**
|
|
11
|
+
* Cross-origin OAuth completion endpoint.
|
|
12
|
+
*
|
|
13
|
+
* Called from the React app on the frontend OAuth callback path
|
|
14
|
+
* (`HUBSPOT_FRONTEND_CALLBACK_PATH`) once HubSpot has redirected the
|
|
15
|
+
* browser back with `?code` + `?state`. The browser POSTs both
|
|
16
|
+
* values here as a credentialed cross-site fetch — same partition as
|
|
17
|
+
* `init-session`, so the temp PKCE/state cookies are visible — and
|
|
18
|
+
* the SDK:
|
|
19
|
+
*
|
|
20
|
+
* 1. Validates `state` against the temp `__hs_oauth_state` cookie.
|
|
21
|
+
* 2. Pulls the PKCE verifier from `__hs_pkce_verifier`.
|
|
22
|
+
* 3. Rebuilds the same `redirect_uri` it sent to HubSpot during
|
|
23
|
+
* `init-session` (frontend origin + the fixed callback path);
|
|
24
|
+
* the OAuth token endpoint requires the two values to match.
|
|
25
|
+
* 4. Exchanges `code` for an access + refresh token (with DPoP /
|
|
26
|
+
* CIMD client-assertion when enabled).
|
|
27
|
+
* 5. Sets the durable session cookies (access token, refresh) with
|
|
28
|
+
* `SameSite=None; Secure; Partitioned` so they live in the
|
|
29
|
+
* `(frontend, edge)` partition where subsequent API fetches will
|
|
30
|
+
* read them.
|
|
31
|
+
* 6. Clears the temp cookies.
|
|
32
|
+
* 7. Returns `{ expires_at, return_path }` so the controller can
|
|
33
|
+
* update its session-storage expiry tracking and navigate back to
|
|
34
|
+
* the page the user started the connect flow from.
|
|
35
|
+
*/
|
|
36
|
+
async function handleAuthComplete(c, options) {
|
|
37
|
+
const { appKeys, refreshCookiePath, hubspotConnectEnv } = options;
|
|
38
|
+
const xForwardedProto = c.req.header("x-forwarded-proto") ?? void 0;
|
|
39
|
+
const xForwardedHost = c.req.header("x-forwarded-host") ?? void 0;
|
|
40
|
+
const requestHostHeader = c.req.header("host") ?? void 0;
|
|
41
|
+
const code = c.req.query(AUTH_COMPLETE_CODE_PARAM);
|
|
42
|
+
const state = c.req.query(AUTH_COMPLETE_STATE_PARAM);
|
|
43
|
+
if (!code || !state) return c.json({ error: "Missing code or state" }, 400);
|
|
44
|
+
if (hubspotConnectEnv.isAppPrivateKeyRequired && !appKeys) return c.json({ error: "Server misconfiguration: HUBSPOT_APP_PRIVATE_KEY is required when CIMD or DPoP is enabled" }, 500);
|
|
45
|
+
const cookies = parseCookies(c.req.header("Cookie"));
|
|
46
|
+
const expectedState = cookies[TEMP_COOKIE_OAUTH_STATE];
|
|
47
|
+
const codeVerifier = cookies[TEMP_COOKIE_PKCE_VERIFIER];
|
|
48
|
+
const appOriginCookie = cookies[HUBSPOT_APP_ORIGIN_COOKIE_NAME];
|
|
49
|
+
if (!expectedState || state !== decodeURIComponent(expectedState)) return c.json({ error: "State mismatch" }, 403);
|
|
50
|
+
if (!codeVerifier) return c.json({ error: "Missing PKCE verifier" }, 400);
|
|
51
|
+
const appOrigin = parseAppOriginHeader(appOriginCookie);
|
|
52
|
+
if (!appOrigin) return c.json({ error: "Missing app origin cookie" }, 400);
|
|
53
|
+
let statePayload;
|
|
54
|
+
try {
|
|
55
|
+
statePayload = JSON.parse(new TextDecoder().decode(base64urlDecode(decodeURIComponent(state))));
|
|
56
|
+
} catch {
|
|
57
|
+
return c.json({ error: "Malformed state value" }, 400);
|
|
58
|
+
}
|
|
59
|
+
const returnPath = statePayload.return_path;
|
|
60
|
+
if (!returnPath || !isSafeReturnPath(returnPath)) return c.json({ error: "Invalid return path in state" }, 400);
|
|
61
|
+
const sessionId = statePayload.sid;
|
|
62
|
+
if (!sessionId) return c.json({ error: "Missing app session cookie" }, 400);
|
|
63
|
+
const decodedCodeVerifier = decodeURIComponent(codeVerifier);
|
|
64
|
+
const clientId = hubspotConnectEnv.isCimdEnabled ? buildCimdClientIdUrlFromRequest({
|
|
65
|
+
requestUrl: c.req.url,
|
|
66
|
+
basePath: options.basePath,
|
|
67
|
+
xForwardedProto,
|
|
68
|
+
xForwardedHost,
|
|
69
|
+
requestHostHeader
|
|
70
|
+
}) : hubspotConnectEnv.hubspotClientId;
|
|
71
|
+
const redirectUri = buildFrontendOAuthRedirectUri(appOrigin);
|
|
72
|
+
const tokenEndpointUrl = new URL("/oauth/v1/token", hubspotConnectEnv.hubspotOAuthApiOrigin).href;
|
|
73
|
+
let dpopProof;
|
|
74
|
+
if (hubspotConnectEnv.isDpopEnabled) dpopProof = await buildTokenEndpointDpopProof({
|
|
75
|
+
appKeys,
|
|
76
|
+
tokenEndpointUrl,
|
|
77
|
+
sessionIdHash: sessionId
|
|
78
|
+
});
|
|
79
|
+
let formParams;
|
|
80
|
+
if (hubspotConnectEnv.isCimdEnabled) formParams = {
|
|
81
|
+
grant_type: "authorization_code",
|
|
82
|
+
code,
|
|
83
|
+
code_verifier: decodedCodeVerifier,
|
|
84
|
+
redirect_uri: redirectUri,
|
|
85
|
+
...buildClientAssertionFormParams({
|
|
86
|
+
clientId,
|
|
87
|
+
clientAssertion: await buildClientAssertion({
|
|
88
|
+
appKeys,
|
|
89
|
+
clientId,
|
|
90
|
+
audience: tokenEndpointUrl
|
|
91
|
+
})
|
|
92
|
+
})
|
|
93
|
+
};
|
|
94
|
+
else formParams = {
|
|
95
|
+
grant_type: "authorization_code",
|
|
96
|
+
code,
|
|
97
|
+
code_verifier: decodedCodeVerifier,
|
|
98
|
+
redirect_uri: redirectUri,
|
|
99
|
+
...buildClientSecretFormParams({
|
|
100
|
+
clientId,
|
|
101
|
+
clientSecret: hubspotConnectEnv.hubspotClientSecret
|
|
102
|
+
})
|
|
103
|
+
};
|
|
104
|
+
const tokenResult = await requestOAuthToken({
|
|
105
|
+
tokenEndpointUrl,
|
|
106
|
+
isDpopEnabled: hubspotConnectEnv.isDpopEnabled,
|
|
107
|
+
...dpopProof !== void 0 ? { dpopProof } : {},
|
|
108
|
+
formParams
|
|
109
|
+
});
|
|
110
|
+
if (!tokenResult.ok) return c.json({ error: `Token exchange failed: ${tokenResult.errorText}` }, 502);
|
|
111
|
+
const { access_token: accessToken, refresh_token: refreshToken, expires_in } = tokenResult.body;
|
|
112
|
+
if (!refreshToken) return c.json({ error: "Token response missing refresh_token" }, 502);
|
|
113
|
+
if (!isPositiveFiniteNumber(expires_in)) return c.json({ error: "Token response missing or invalid expires_in" }, 502);
|
|
114
|
+
const expiresAt = Date.now() + expires_in * 1e3;
|
|
115
|
+
const refreshCookieName = `${HUBSPOT_REFRESH_COOKIE_PREFIX}${sessionId}`;
|
|
116
|
+
setResponseCookie({
|
|
117
|
+
c,
|
|
118
|
+
value: serializeCookie({
|
|
119
|
+
name: HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,
|
|
120
|
+
value: accessToken,
|
|
121
|
+
path: "/",
|
|
122
|
+
sameSite: "None",
|
|
123
|
+
partitioned: true,
|
|
124
|
+
maxAge: expires_in
|
|
125
|
+
})
|
|
126
|
+
});
|
|
127
|
+
setResponseCookie({
|
|
128
|
+
c,
|
|
129
|
+
value: serializeCookie({
|
|
130
|
+
name: refreshCookieName,
|
|
131
|
+
value: refreshToken,
|
|
132
|
+
path: refreshCookiePath,
|
|
133
|
+
sameSite: "None",
|
|
134
|
+
partitioned: true,
|
|
135
|
+
maxAge: REFRESH_COOKIE_MAX_AGE_SEC
|
|
136
|
+
})
|
|
137
|
+
});
|
|
138
|
+
setResponseCookie({
|
|
139
|
+
c,
|
|
140
|
+
value: clearTempCookie(TEMP_COOKIE_PKCE_VERIFIER)
|
|
141
|
+
});
|
|
142
|
+
setResponseCookie({
|
|
143
|
+
c,
|
|
144
|
+
value: clearTempCookie(TEMP_COOKIE_OAUTH_STATE)
|
|
145
|
+
});
|
|
146
|
+
return c.json({
|
|
147
|
+
expires_at: expiresAt,
|
|
148
|
+
return_path: returnPath
|
|
149
|
+
});
|
|
150
|
+
}
|
|
151
|
+
//#endregion
|
|
152
|
+
export { handleAuthComplete };
|
|
153
|
+
|
|
154
|
+
//# sourceMappingURL=auth-complete.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-complete.js","names":[],"sources":["../../../../src/server/hono/hubspot-connect-routes/auth-complete.ts"],"sourcesContent":["import type { Context } from 'hono';\n\nimport {\n AUTH_COMPLETE_CODE_PARAM,\n AUTH_COMPLETE_STATE_PARAM,\n} from '../../../shared/constants.ts';\nimport {\n HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n HUBSPOT_APP_ORIGIN_COOKIE_NAME,\n HUBSPOT_REFRESH_COOKIE_PREFIX,\n TEMP_COOKIE_OAUTH_STATE,\n TEMP_COOKIE_PKCE_VERIFIER,\n} from '../../constants.ts';\nimport { base64urlDecode } from '../../utils/base64-utils.ts';\nimport { parseCookies } from '../../utils/cookie-utils.ts';\nimport { serializeCookie, setResponseCookie } from '../utils/cookie-utils.ts';\nimport { REFRESH_COOKIE_MAX_AGE_SEC } from './constants.ts';\nimport {\n buildClientAssertion,\n buildClientAssertionFormParams,\n buildClientSecretFormParams,\n buildTokenEndpointDpopProof,\n requestOAuthToken,\n} from './oauth-client.ts';\nimport type { HubSpotConnectOAuthRouteOptions } from './types.ts';\nimport {\n buildCimdClientIdUrlFromRequest,\n buildFrontendOAuthRedirectUri,\n clearTempCookie,\n isPositiveFiniteNumber,\n isSafeReturnPath,\n parseAppOriginHeader,\n} from './utils.ts';\n\ninterface OAuthStatePayload {\n return_path?: string;\n sid?: string;\n}\n\n/**\n * Cross-origin OAuth completion endpoint.\n *\n * Called from the React app on the frontend OAuth callback path\n * (`HUBSPOT_FRONTEND_CALLBACK_PATH`) once HubSpot has redirected the\n * browser back with `?code` + `?state`. The browser POSTs both\n * values here as a credentialed cross-site fetch — same partition as\n * `init-session`, so the temp PKCE/state cookies are visible — and\n * the SDK:\n *\n * 1. Validates `state` against the temp `__hs_oauth_state` cookie.\n * 2. Pulls the PKCE verifier from `__hs_pkce_verifier`.\n * 3. Rebuilds the same `redirect_uri` it sent to HubSpot during\n * `init-session` (frontend origin + the fixed callback path);\n * the OAuth token endpoint requires the two values to match.\n * 4. Exchanges `code` for an access + refresh token (with DPoP /\n * CIMD client-assertion when enabled).\n * 5. Sets the durable session cookies (access token, refresh) with\n * `SameSite=None; Secure; Partitioned` so they live in the\n * `(frontend, edge)` partition where subsequent API fetches will\n * read them.\n * 6. Clears the temp cookies.\n * 7. Returns `{ expires_at, return_path }` so the controller can\n * update its session-storage expiry tracking and navigate back to\n * the page the user started the connect flow from.\n */\nexport async function handleAuthComplete(\n c: Context,\n options: HubSpotConnectOAuthRouteOptions\n) {\n const { appKeys, refreshCookiePath, hubspotConnectEnv } = options;\n const xForwardedProto = c.req.header('x-forwarded-proto') ?? undefined;\n const xForwardedHost = c.req.header('x-forwarded-host') ?? undefined;\n const requestHostHeader = c.req.header('host') ?? undefined;\n const code = c.req.query(AUTH_COMPLETE_CODE_PARAM);\n const state = c.req.query(AUTH_COMPLETE_STATE_PARAM);\n\n if (!code || !state) {\n return c.json({ error: 'Missing code or state' }, 400);\n }\n\n if (hubspotConnectEnv.isAppPrivateKeyRequired && !appKeys) {\n return c.json(\n {\n error:\n 'Server misconfiguration: HUBSPOT_APP_PRIVATE_KEY is required when CIMD or DPoP is enabled',\n },\n 500\n );\n }\n\n const cookies = parseCookies(c.req.header('Cookie'));\n const expectedState = cookies[TEMP_COOKIE_OAUTH_STATE];\n const codeVerifier = cookies[TEMP_COOKIE_PKCE_VERIFIER];\n const appOriginCookie = cookies[HUBSPOT_APP_ORIGIN_COOKIE_NAME];\n\n if (!expectedState || state !== decodeURIComponent(expectedState)) {\n return c.json({ error: 'State mismatch' }, 403);\n }\n if (!codeVerifier) {\n return c.json({ error: 'Missing PKCE verifier' }, 400);\n }\n // The redirect_uri the OAuth token endpoint validates must equal\n // the one we sent during init-session. We rebuild it from the\n // pinned origin cookie so that value is anchored server-side, not\n // taken from the (caller-controlled) request `Origin` on this call.\n const appOrigin = parseAppOriginHeader(appOriginCookie);\n if (!appOrigin) {\n return c.json({ error: 'Missing app origin cookie' }, 400);\n }\n\n let statePayload: OAuthStatePayload;\n try {\n statePayload = JSON.parse(\n new TextDecoder().decode(base64urlDecode(decodeURIComponent(state)))\n ) as OAuthStatePayload;\n } catch {\n return c.json({ error: 'Malformed state value' }, 400);\n }\n const returnPath = statePayload.return_path;\n if (!returnPath || !isSafeReturnPath(returnPath)) {\n return c.json({ error: 'Invalid return path in state' }, 400);\n }\n\n const sessionId = statePayload.sid;\n if (!sessionId) {\n return c.json({ error: 'Missing app session cookie' }, 400);\n }\n\n const decodedCodeVerifier = decodeURIComponent(codeVerifier);\n\n const clientId = hubspotConnectEnv.isCimdEnabled\n ? buildCimdClientIdUrlFromRequest({\n requestUrl: c.req.url,\n basePath: options.basePath,\n xForwardedProto,\n xForwardedHost,\n requestHostHeader,\n })\n : hubspotConnectEnv.hubspotClientId;\n\n const redirectUri = buildFrontendOAuthRedirectUri(appOrigin);\n\n const tokenEndpointUrl = new URL(\n '/oauth/v1/token',\n hubspotConnectEnv.hubspotOAuthApiOrigin\n ).href;\n\n let dpopProof: string | undefined;\n if (hubspotConnectEnv.isDpopEnabled) {\n dpopProof = await buildTokenEndpointDpopProof({\n appKeys: appKeys!,\n tokenEndpointUrl,\n sessionIdHash: sessionId,\n });\n }\n\n let formParams: Record<string, string>;\n if (hubspotConnectEnv.isCimdEnabled) {\n const clientAssertion = await buildClientAssertion({\n appKeys: appKeys!,\n clientId,\n audience: tokenEndpointUrl,\n });\n formParams = {\n grant_type: 'authorization_code',\n code,\n code_verifier: decodedCodeVerifier,\n redirect_uri: redirectUri,\n ...buildClientAssertionFormParams({ clientId, clientAssertion }),\n };\n } else {\n formParams = {\n grant_type: 'authorization_code',\n code,\n code_verifier: decodedCodeVerifier,\n redirect_uri: redirectUri,\n ...buildClientSecretFormParams({\n clientId,\n clientSecret: hubspotConnectEnv.hubspotClientSecret,\n }),\n };\n }\n\n const tokenResult = await requestOAuthToken({\n tokenEndpointUrl,\n isDpopEnabled: hubspotConnectEnv.isDpopEnabled,\n ...(dpopProof !== undefined ? { dpopProof } : {}),\n formParams,\n });\n if (!tokenResult.ok) {\n return c.json(\n { error: `Token exchange failed: ${tokenResult.errorText}` },\n 502\n );\n }\n\n const {\n access_token: accessToken,\n refresh_token: refreshToken,\n expires_in,\n } = tokenResult.body;\n if (!refreshToken) {\n return c.json({ error: 'Token response missing refresh_token' }, 502);\n }\n if (!isPositiveFiniteNumber(expires_in)) {\n return c.json(\n { error: 'Token response missing or invalid expires_in' },\n 502\n );\n }\n\n const expiresAt = Date.now() + expires_in * 1000;\n const refreshCookieName = `${HUBSPOT_REFRESH_COOKIE_PREFIX}${sessionId}`;\n\n setResponseCookie({\n c,\n value: serializeCookie({\n name: HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n value: accessToken,\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: expires_in,\n }),\n });\n setResponseCookie({\n c,\n value: serializeCookie({\n name: refreshCookieName,\n value: refreshToken,\n path: refreshCookiePath,\n sameSite: 'None',\n partitioned: true,\n maxAge: REFRESH_COOKIE_MAX_AGE_SEC,\n }),\n });\n setResponseCookie({ c, value: clearTempCookie(TEMP_COOKIE_PKCE_VERIFIER) });\n setResponseCookie({ c, value: clearTempCookie(TEMP_COOKIE_OAUTH_STATE) });\n\n return c.json({ expires_at: expiresAt, return_path: returnPath });\n}\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiEA,eAAsB,mBACpB,GACA,SACA;CACA,MAAM,EAAE,SAAS,mBAAmB,sBAAsB;CAC1D,MAAM,kBAAkB,EAAE,IAAI,OAAO,oBAAoB,IAAI,KAAA;CAC7D,MAAM,iBAAiB,EAAE,IAAI,OAAO,mBAAmB,IAAI,KAAA;CAC3D,MAAM,oBAAoB,EAAE,IAAI,OAAO,OAAO,IAAI,KAAA;CAClD,MAAM,OAAO,EAAE,IAAI,MAAM,yBAAyB;CAClD,MAAM,QAAQ,EAAE,IAAI,MAAM,0BAA0B;CAEpD,IAAI,CAAC,QAAQ,CAAC,OACZ,OAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;CAGxD,IAAI,kBAAkB,2BAA2B,CAAC,SAChD,OAAO,EAAE,KACP,EACE,OACE,6FACH,EACD,IACD;CAGH,MAAM,UAAU,aAAa,EAAE,IAAI,OAAO,SAAS,CAAC;CACpD,MAAM,gBAAgB,QAAQ;CAC9B,MAAM,eAAe,QAAQ;CAC7B,MAAM,kBAAkB,QAAQ;CAEhC,IAAI,CAAC,iBAAiB,UAAU,mBAAmB,cAAc,EAC/D,OAAO,EAAE,KAAK,EAAE,OAAO,kBAAkB,EAAE,IAAI;CAEjD,IAAI,CAAC,cACH,OAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;CAMxD,MAAM,YAAY,qBAAqB,gBAAgB;CACvD,IAAI,CAAC,WACH,OAAO,EAAE,KAAK,EAAE,OAAO,6BAA6B,EAAE,IAAI;CAG5D,IAAI;CACJ,IAAI;EACF,eAAe,KAAK,MAClB,IAAI,aAAa,CAAC,OAAO,gBAAgB,mBAAmB,MAAM,CAAC,CAAC,CACrE;SACK;EACN,OAAO,EAAE,KAAK,EAAE,OAAO,yBAAyB,EAAE,IAAI;;CAExD,MAAM,aAAa,aAAa;CAChC,IAAI,CAAC,cAAc,CAAC,iBAAiB,WAAW,EAC9C,OAAO,EAAE,KAAK,EAAE,OAAO,gCAAgC,EAAE,IAAI;CAG/D,MAAM,YAAY,aAAa;CAC/B,IAAI,CAAC,WACH,OAAO,EAAE,KAAK,EAAE,OAAO,8BAA8B,EAAE,IAAI;CAG7D,MAAM,sBAAsB,mBAAmB,aAAa;CAE5D,MAAM,WAAW,kBAAkB,gBAC/B,gCAAgC;EAC9B,YAAY,EAAE,IAAI;EAClB,UAAU,QAAQ;EAClB;EACA;EACA;EACD,CAAC,GACF,kBAAkB;CAEtB,MAAM,cAAc,8BAA8B,UAAU;CAE5D,MAAM,mBAAmB,IAAI,IAC3B,mBACA,kBAAkB,sBACnB,CAAC;CAEF,IAAI;CACJ,IAAI,kBAAkB,eACpB,YAAY,MAAM,4BAA4B;EACnC;EACT;EACA,eAAe;EAChB,CAAC;CAGJ,IAAI;CACJ,IAAI,kBAAkB,eAMpB,aAAa;EACX,YAAY;EACZ;EACA,eAAe;EACf,cAAc;EACd,GAAG,+BAA+B;GAAE;GAAU,iBAAA,MAVlB,qBAAqB;IACxC;IACT;IACA,UAAU;IACX,CAAC;GAM+D,CAAC;EACjE;MAED,aAAa;EACX,YAAY;EACZ;EACA,eAAe;EACf,cAAc;EACd,GAAG,4BAA4B;GAC7B;GACA,cAAc,kBAAkB;GACjC,CAAC;EACH;CAGH,MAAM,cAAc,MAAM,kBAAkB;EAC1C;EACA,eAAe,kBAAkB;EACjC,GAAI,cAAc,KAAA,IAAY,EAAE,WAAW,GAAG,EAAE;EAChD;EACD,CAAC;CACF,IAAI,CAAC,YAAY,IACf,OAAO,EAAE,KACP,EAAE,OAAO,0BAA0B,YAAY,aAAa,EAC5D,IACD;CAGH,MAAM,EACJ,cAAc,aACd,eAAe,cACf,eACE,YAAY;CAChB,IAAI,CAAC,cACH,OAAO,EAAE,KAAK,EAAE,OAAO,wCAAwC,EAAE,IAAI;CAEvE,IAAI,CAAC,uBAAuB,WAAW,EACrC,OAAO,EAAE,KACP,EAAE,OAAO,gDAAgD,EACzD,IACD;CAGH,MAAM,YAAY,KAAK,KAAK,GAAG,aAAa;CAC5C,MAAM,oBAAoB,GAAG,gCAAgC;CAE7D,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAAE;EAAG,OAAO,gBAAgB,0BAA0B;EAAE,CAAC;CAC3E,kBAAkB;EAAE;EAAG,OAAO,gBAAgB,wBAAwB;EAAE,CAAC;CAEzE,OAAO,EAAE,KAAK;EAAE,YAAY;EAAW,aAAa;EAAY,CAAC"}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
import { base64url } from "../../shared/encoding/base64.js";
|
|
2
|
+
import { sha256base64url } from "../../shared/encoding/sha256.js";
|
|
3
|
+
import { HUBSPOT_APP_ORIGIN_COOKIE_NAME, HUBSPOT_APP_SID_COOKIE_NAME, TEMP_COOKIE_OAUTH_STATE, TEMP_COOKIE_PKCE_VERIFIER } from "../../constants.js";
|
|
4
|
+
import { serializeCookie, setResponseCookie } from "../utils/cookie-utils.js";
|
|
5
|
+
import { OAUTH_TEMP_MAX_AGE_SEC, SESSION_MAX_AGE_SEC } from "./constants.js";
|
|
6
|
+
import { buildCimdClientIdUrlFromRequest, buildFrontendOAuthRedirectUri, isSafeReturnPath, parseAppOriginHeader } from "./utils.js";
|
|
7
|
+
import { deriveHubSpotAuthorizeScopesFromClientMetadata } from "./fetch-hubspot-client-metadata.js";
|
|
8
|
+
//#region src/server/hono/hubspot-connect-routes/auth-init-session.ts
|
|
9
|
+
async function handleAuthInitSession(c, options) {
|
|
10
|
+
const { hubspotConnectEnv, cimdClientMetadata } = options;
|
|
11
|
+
const xForwardedProto = c.req.header("x-forwarded-proto") ?? void 0;
|
|
12
|
+
const xForwardedHost = c.req.header("x-forwarded-host") ?? void 0;
|
|
13
|
+
const requestHostHeader = c.req.header("host") ?? void 0;
|
|
14
|
+
const returnPath = new URL(c.req.url).searchParams.get("return_path") ?? "/";
|
|
15
|
+
if (!isSafeReturnPath(returnPath)) return c.text("Invalid return_path", 400);
|
|
16
|
+
const appOrigin = parseAppOriginHeader(c.req.header("Origin"));
|
|
17
|
+
if (!appOrigin) return c.text("Missing or invalid Origin header; init-session must be called from a browser", 400);
|
|
18
|
+
const sessionIdBytes = new Uint8Array(32);
|
|
19
|
+
crypto.getRandomValues(sessionIdBytes);
|
|
20
|
+
const sessionId = base64url(sessionIdBytes);
|
|
21
|
+
const sessionIdHash = await sha256base64url(sessionId);
|
|
22
|
+
const codeVerifierBytes = new Uint8Array(32);
|
|
23
|
+
crypto.getRandomValues(codeVerifierBytes);
|
|
24
|
+
const codeVerifier = base64url(codeVerifierBytes);
|
|
25
|
+
const codeChallenge = await sha256base64url(codeVerifier);
|
|
26
|
+
const stateValue = base64url(new TextEncoder().encode(JSON.stringify({
|
|
27
|
+
return_path: returnPath,
|
|
28
|
+
sid: sessionIdHash
|
|
29
|
+
})));
|
|
30
|
+
const clientId = hubspotConnectEnv.isCimdEnabled ? buildCimdClientIdUrlFromRequest({
|
|
31
|
+
requestUrl: c.req.url,
|
|
32
|
+
basePath: options.basePath,
|
|
33
|
+
xForwardedProto,
|
|
34
|
+
xForwardedHost,
|
|
35
|
+
requestHostHeader
|
|
36
|
+
}) : hubspotConnectEnv.hubspotClientId;
|
|
37
|
+
const redirectUri = buildFrontendOAuthRedirectUri(appOrigin);
|
|
38
|
+
const authorizeUrl = new URL(hubspotConnectEnv.hubspotAuthorizationEndpoint);
|
|
39
|
+
authorizeUrl.searchParams.set("response_type", "code");
|
|
40
|
+
authorizeUrl.searchParams.set("client_id", clientId);
|
|
41
|
+
authorizeUrl.searchParams.set("redirect_uri", redirectUri);
|
|
42
|
+
authorizeUrl.searchParams.set("code_challenge", codeChallenge);
|
|
43
|
+
authorizeUrl.searchParams.set("code_challenge_method", "S256");
|
|
44
|
+
authorizeUrl.searchParams.set("state", stateValue);
|
|
45
|
+
authorizeUrl.searchParams.set("sid", sessionIdHash);
|
|
46
|
+
if (!hubspotConnectEnv.isCimdEnabled) {
|
|
47
|
+
const scopesResult = deriveHubSpotAuthorizeScopesFromClientMetadata(cimdClientMetadata);
|
|
48
|
+
if (!scopesResult.ok) return c.text(scopesResult.message, scopesResult.status);
|
|
49
|
+
authorizeUrl.searchParams.set("scope", scopesResult.scope);
|
|
50
|
+
if (scopesResult.optionalScope !== void 0) authorizeUrl.searchParams.set("optional_scope", scopesResult.optionalScope);
|
|
51
|
+
}
|
|
52
|
+
setResponseCookie({
|
|
53
|
+
c,
|
|
54
|
+
value: serializeCookie({
|
|
55
|
+
name: HUBSPOT_APP_ORIGIN_COOKIE_NAME,
|
|
56
|
+
value: appOrigin,
|
|
57
|
+
path: "/",
|
|
58
|
+
sameSite: "None",
|
|
59
|
+
partitioned: true,
|
|
60
|
+
maxAge: SESSION_MAX_AGE_SEC
|
|
61
|
+
})
|
|
62
|
+
});
|
|
63
|
+
setResponseCookie({
|
|
64
|
+
c,
|
|
65
|
+
value: serializeCookie({
|
|
66
|
+
name: HUBSPOT_APP_SID_COOKIE_NAME,
|
|
67
|
+
value: sessionId,
|
|
68
|
+
path: "/",
|
|
69
|
+
sameSite: "None",
|
|
70
|
+
partitioned: true,
|
|
71
|
+
maxAge: SESSION_MAX_AGE_SEC
|
|
72
|
+
})
|
|
73
|
+
});
|
|
74
|
+
setResponseCookie({
|
|
75
|
+
c,
|
|
76
|
+
value: serializeCookie({
|
|
77
|
+
name: TEMP_COOKIE_PKCE_VERIFIER,
|
|
78
|
+
value: encodeURIComponent(codeVerifier),
|
|
79
|
+
path: "/",
|
|
80
|
+
sameSite: "None",
|
|
81
|
+
partitioned: true,
|
|
82
|
+
maxAge: OAUTH_TEMP_MAX_AGE_SEC
|
|
83
|
+
})
|
|
84
|
+
});
|
|
85
|
+
setResponseCookie({
|
|
86
|
+
c,
|
|
87
|
+
value: serializeCookie({
|
|
88
|
+
name: TEMP_COOKIE_OAUTH_STATE,
|
|
89
|
+
value: encodeURIComponent(stateValue),
|
|
90
|
+
path: "/",
|
|
91
|
+
sameSite: "None",
|
|
92
|
+
partitioned: true,
|
|
93
|
+
maxAge: OAUTH_TEMP_MAX_AGE_SEC
|
|
94
|
+
})
|
|
95
|
+
});
|
|
96
|
+
return c.json({ authorization_url: authorizeUrl.toString() });
|
|
97
|
+
}
|
|
98
|
+
//#endregion
|
|
99
|
+
export { handleAuthInitSession };
|
|
100
|
+
|
|
101
|
+
//# sourceMappingURL=auth-init-session.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-init-session.js","names":[],"sources":["../../../../src/server/hono/hubspot-connect-routes/auth-init-session.ts"],"sourcesContent":["import type { Context } from 'hono';\n\nimport {\n HUBSPOT_APP_ORIGIN_COOKIE_NAME,\n HUBSPOT_APP_SID_COOKIE_NAME,\n TEMP_COOKIE_OAUTH_STATE,\n TEMP_COOKIE_PKCE_VERIFIER,\n} from '../../constants.ts';\nimport { base64url } from '../../utils/base64-utils.ts';\nimport { sha256base64url } from '../../utils/crypto-utils.ts';\nimport { serializeCookie, setResponseCookie } from '../utils/cookie-utils.ts';\nimport { OAUTH_TEMP_MAX_AGE_SEC, SESSION_MAX_AGE_SEC } from './constants.ts';\nimport { deriveHubSpotAuthorizeScopesFromClientMetadata } from './fetch-hubspot-client-metadata.ts';\nimport type { HubSpotConnectOAuthRouteOptions } from './types.ts';\nimport {\n buildCimdClientIdUrlFromRequest,\n buildFrontendOAuthRedirectUri,\n isSafeReturnPath,\n parseAppOriginHeader,\n} from './utils.ts';\n\nexport async function handleAuthInitSession(\n c: Context,\n options: HubSpotConnectOAuthRouteOptions\n) {\n const { hubspotConnectEnv, cimdClientMetadata } = options;\n const xForwardedProto = c.req.header('x-forwarded-proto') ?? undefined;\n const xForwardedHost = c.req.header('x-forwarded-host') ?? undefined;\n const requestHostHeader = c.req.header('host') ?? undefined;\n const url = new URL(c.req.url);\n const returnPath = url.searchParams.get('return_path') ?? '/';\n if (!isSafeReturnPath(returnPath)) {\n return c.text('Invalid return_path', 400);\n }\n\n // The app origin pins the OAuth `redirect_uri` (which lands on the\n // frontend, not on this edge function) and, via the persisted\n // `__Host-hs_app_origin` cookie, drives credentialed\n // `Access-Control-Allow-Origin` on every subsequent SDK response.\n const appOrigin = parseAppOriginHeader(c.req.header('Origin'));\n if (!appOrigin) {\n return c.text(\n 'Missing or invalid Origin header; init-session must be called from a browser',\n 400\n );\n }\n\n const sessionIdBytes = new Uint8Array(32);\n crypto.getRandomValues(sessionIdBytes);\n const sessionId = base64url(sessionIdBytes);\n const sessionIdHash = await sha256base64url(sessionId);\n\n const codeVerifierBytes = new Uint8Array(32);\n crypto.getRandomValues(codeVerifierBytes);\n const codeVerifier = base64url(codeVerifierBytes);\n const codeChallenge = await sha256base64url(codeVerifier);\n\n const stateValue = base64url(\n new TextEncoder().encode(\n JSON.stringify({\n return_path: returnPath,\n sid: sessionIdHash,\n })\n )\n );\n\n const clientId = hubspotConnectEnv.isCimdEnabled\n ? buildCimdClientIdUrlFromRequest({\n requestUrl: c.req.url,\n basePath: options.basePath,\n xForwardedProto,\n xForwardedHost,\n requestHostHeader,\n })\n : hubspotConnectEnv.hubspotClientId;\n\n const redirectUri = buildFrontendOAuthRedirectUri(appOrigin);\n\n const authorizeUrl = new URL(hubspotConnectEnv.hubspotAuthorizationEndpoint);\n authorizeUrl.searchParams.set('response_type', 'code');\n authorizeUrl.searchParams.set('client_id', clientId);\n authorizeUrl.searchParams.set('redirect_uri', redirectUri);\n authorizeUrl.searchParams.set('code_challenge', codeChallenge);\n authorizeUrl.searchParams.set('code_challenge_method', 'S256');\n authorizeUrl.searchParams.set('state', stateValue);\n authorizeUrl.searchParams.set('sid', sessionIdHash);\n\n if (!hubspotConnectEnv.isCimdEnabled) {\n const scopesResult =\n deriveHubSpotAuthorizeScopesFromClientMetadata(cimdClientMetadata);\n if (!scopesResult.ok) {\n return c.text(scopesResult.message, scopesResult.status as 500 | 502);\n }\n authorizeUrl.searchParams.set('scope', scopesResult.scope);\n if (scopesResult.optionalScope !== undefined) {\n authorizeUrl.searchParams.set(\n 'optional_scope',\n scopesResult.optionalScope\n );\n }\n }\n\n setResponseCookie({\n c,\n value: serializeCookie({\n name: HUBSPOT_APP_ORIGIN_COOKIE_NAME,\n value: appOrigin,\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: SESSION_MAX_AGE_SEC,\n }),\n });\n setResponseCookie({\n c,\n value: serializeCookie({\n name: HUBSPOT_APP_SID_COOKIE_NAME,\n value: sessionId,\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: SESSION_MAX_AGE_SEC,\n }),\n });\n setResponseCookie({\n c,\n value: serializeCookie({\n name: TEMP_COOKIE_PKCE_VERIFIER,\n value: encodeURIComponent(codeVerifier),\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: OAUTH_TEMP_MAX_AGE_SEC,\n }),\n });\n setResponseCookie({\n c,\n value: serializeCookie({\n name: TEMP_COOKIE_OAUTH_STATE,\n value: encodeURIComponent(stateValue),\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: OAUTH_TEMP_MAX_AGE_SEC,\n }),\n });\n\n return c.json({ authorization_url: authorizeUrl.toString() });\n}\n"],"mappings":";;;;;;;;AAqBA,eAAsB,sBACpB,GACA,SACA;CACA,MAAM,EAAE,mBAAmB,uBAAuB;CAClD,MAAM,kBAAkB,EAAE,IAAI,OAAO,oBAAoB,IAAI,KAAA;CAC7D,MAAM,iBAAiB,EAAE,IAAI,OAAO,mBAAmB,IAAI,KAAA;CAC3D,MAAM,oBAAoB,EAAE,IAAI,OAAO,OAAO,IAAI,KAAA;CAElD,MAAM,aAAa,IADH,IAAI,EAAE,IAAI,IACJ,CAAC,aAAa,IAAI,cAAc,IAAI;CAC1D,IAAI,CAAC,iBAAiB,WAAW,EAC/B,OAAO,EAAE,KAAK,uBAAuB,IAAI;CAO3C,MAAM,YAAY,qBAAqB,EAAE,IAAI,OAAO,SAAS,CAAC;CAC9D,IAAI,CAAC,WACH,OAAO,EAAE,KACP,gFACA,IACD;CAGH,MAAM,iBAAiB,IAAI,WAAW,GAAG;CACzC,OAAO,gBAAgB,eAAe;CACtC,MAAM,YAAY,UAAU,eAAe;CAC3C,MAAM,gBAAgB,MAAM,gBAAgB,UAAU;CAEtD,MAAM,oBAAoB,IAAI,WAAW,GAAG;CAC5C,OAAO,gBAAgB,kBAAkB;CACzC,MAAM,eAAe,UAAU,kBAAkB;CACjD,MAAM,gBAAgB,MAAM,gBAAgB,aAAa;CAEzD,MAAM,aAAa,UACjB,IAAI,aAAa,CAAC,OAChB,KAAK,UAAU;EACb,aAAa;EACb,KAAK;EACN,CAAC,CACH,CACF;CAED,MAAM,WAAW,kBAAkB,gBAC/B,gCAAgC;EAC9B,YAAY,EAAE,IAAI;EAClB,UAAU,QAAQ;EAClB;EACA;EACA;EACD,CAAC,GACF,kBAAkB;CAEtB,MAAM,cAAc,8BAA8B,UAAU;CAE5D,MAAM,eAAe,IAAI,IAAI,kBAAkB,6BAA6B;CAC5E,aAAa,aAAa,IAAI,iBAAiB,OAAO;CACtD,aAAa,aAAa,IAAI,aAAa,SAAS;CACpD,aAAa,aAAa,IAAI,gBAAgB,YAAY;CAC1D,aAAa,aAAa,IAAI,kBAAkB,cAAc;CAC9D,aAAa,aAAa,IAAI,yBAAyB,OAAO;CAC9D,aAAa,aAAa,IAAI,SAAS,WAAW;CAClD,aAAa,aAAa,IAAI,OAAO,cAAc;CAEnD,IAAI,CAAC,kBAAkB,eAAe;EACpC,MAAM,eACJ,+CAA+C,mBAAmB;EACpE,IAAI,CAAC,aAAa,IAChB,OAAO,EAAE,KAAK,aAAa,SAAS,aAAa,OAAoB;EAEvE,aAAa,aAAa,IAAI,SAAS,aAAa,MAAM;EAC1D,IAAI,aAAa,kBAAkB,KAAA,GACjC,aAAa,aAAa,IACxB,kBACA,aAAa,cACd;;CAIL,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO,mBAAmB,aAAa;GACvC,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO,mBAAmB,WAAW;GACrC,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CAEF,OAAO,EAAE,KAAK,EAAE,mBAAmB,aAAa,UAAU,EAAE,CAAC"}
|
|
@@ -0,0 +1,114 @@
|
|
|
1
|
+
import { HUBSPOT_ACCESS_TOKEN_COOKIE_NAME, HUBSPOT_APP_ORIGIN_COOKIE_NAME, HUBSPOT_APP_SID_COOKIE_NAME } from "../../constants.js";
|
|
2
|
+
import { parseCookies } from "../../utils/cookie-utils.js";
|
|
3
|
+
import { serializeCookie, setResponseCookie } from "../utils/cookie-utils.js";
|
|
4
|
+
import { buildClientAssertion } from "./oauth-client.js";
|
|
5
|
+
import { buildCimdClientIdUrlFromRequest } from "./utils.js";
|
|
6
|
+
//#region src/server/hono/hubspot-connect-routes/auth-logout.ts
|
|
7
|
+
async function revokeToken(options) {
|
|
8
|
+
const { revokeEndpointUrl, body, logger } = options;
|
|
9
|
+
try {
|
|
10
|
+
const response = await fetch(revokeEndpointUrl, {
|
|
11
|
+
method: "POST",
|
|
12
|
+
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
13
|
+
body
|
|
14
|
+
});
|
|
15
|
+
if (!response.ok) logger.warn(`HubSpot token revoke returned HTTP ${response.status} ${response.statusText}`);
|
|
16
|
+
} catch (error) {
|
|
17
|
+
logger.warn("HubSpot token revoke request failed", error);
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
async function handleAuthLogout(c, options) {
|
|
21
|
+
const { appKeys, refreshCookiePath, basePath, hubspotConnectEnv, logger } = options;
|
|
22
|
+
const xForwardedProto = c.req.header("x-forwarded-proto") ?? void 0;
|
|
23
|
+
const xForwardedHost = c.req.header("x-forwarded-host") ?? void 0;
|
|
24
|
+
const requestHostHeader = c.req.header("host") ?? void 0;
|
|
25
|
+
const cookies = parseCookies(c.req.header("Cookie"));
|
|
26
|
+
const accessToken = cookies[HUBSPOT_ACCESS_TOKEN_COOKIE_NAME];
|
|
27
|
+
const clientId = hubspotConnectEnv.isCimdEnabled ? buildCimdClientIdUrlFromRequest({
|
|
28
|
+
requestUrl: c.req.url,
|
|
29
|
+
basePath,
|
|
30
|
+
xForwardedProto,
|
|
31
|
+
xForwardedHost,
|
|
32
|
+
requestHostHeader
|
|
33
|
+
}) : hubspotConnectEnv.hubspotClientId;
|
|
34
|
+
const revokeEndpointUrl = new URL("/oauth/v1/revoke", hubspotConnectEnv.hubspotOAuthApiOrigin).href;
|
|
35
|
+
if (accessToken) if (hubspotConnectEnv.isCimdEnabled) {
|
|
36
|
+
if (!appKeys) return c.json({ error: "Server misconfiguration: HUBSPOT_APP_PRIVATE_KEY is required when CIMD is enabled" }, 500);
|
|
37
|
+
const clientAssertion = await buildClientAssertion({
|
|
38
|
+
appKeys,
|
|
39
|
+
clientId,
|
|
40
|
+
audience: revokeEndpointUrl
|
|
41
|
+
});
|
|
42
|
+
await revokeToken({
|
|
43
|
+
revokeEndpointUrl,
|
|
44
|
+
body: new URLSearchParams({
|
|
45
|
+
token: accessToken,
|
|
46
|
+
token_type_hint: "access_token",
|
|
47
|
+
client_id: clientId,
|
|
48
|
+
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
|
|
49
|
+
client_assertion: clientAssertion
|
|
50
|
+
}),
|
|
51
|
+
logger
|
|
52
|
+
});
|
|
53
|
+
} else await revokeToken({
|
|
54
|
+
revokeEndpointUrl,
|
|
55
|
+
body: new URLSearchParams({
|
|
56
|
+
token: accessToken,
|
|
57
|
+
token_type_hint: "access_token",
|
|
58
|
+
client_id: clientId,
|
|
59
|
+
client_secret: hubspotConnectEnv.hubspotClientSecret
|
|
60
|
+
}),
|
|
61
|
+
logger
|
|
62
|
+
});
|
|
63
|
+
setResponseCookie({
|
|
64
|
+
c,
|
|
65
|
+
value: serializeCookie({
|
|
66
|
+
name: HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,
|
|
67
|
+
value: "",
|
|
68
|
+
path: "/",
|
|
69
|
+
sameSite: "None",
|
|
70
|
+
partitioned: true,
|
|
71
|
+
maxAge: 0
|
|
72
|
+
})
|
|
73
|
+
});
|
|
74
|
+
setResponseCookie({
|
|
75
|
+
c,
|
|
76
|
+
value: serializeCookie({
|
|
77
|
+
name: HUBSPOT_APP_SID_COOKIE_NAME,
|
|
78
|
+
value: "",
|
|
79
|
+
path: "/",
|
|
80
|
+
sameSite: "None",
|
|
81
|
+
partitioned: true,
|
|
82
|
+
maxAge: 0
|
|
83
|
+
})
|
|
84
|
+
});
|
|
85
|
+
setResponseCookie({
|
|
86
|
+
c,
|
|
87
|
+
value: serializeCookie({
|
|
88
|
+
name: HUBSPOT_APP_ORIGIN_COOKIE_NAME,
|
|
89
|
+
value: "",
|
|
90
|
+
path: "/",
|
|
91
|
+
sameSite: "None",
|
|
92
|
+
partitioned: true,
|
|
93
|
+
maxAge: 0
|
|
94
|
+
})
|
|
95
|
+
});
|
|
96
|
+
Object.keys(cookies).forEach((cookieName) => {
|
|
97
|
+
if (cookieName.startsWith("hs_refresh_")) setResponseCookie({
|
|
98
|
+
c,
|
|
99
|
+
value: serializeCookie({
|
|
100
|
+
name: cookieName,
|
|
101
|
+
value: "",
|
|
102
|
+
path: refreshCookiePath,
|
|
103
|
+
sameSite: "None",
|
|
104
|
+
partitioned: true,
|
|
105
|
+
maxAge: 0
|
|
106
|
+
})
|
|
107
|
+
});
|
|
108
|
+
});
|
|
109
|
+
return c.json({ redirect_to: "/" });
|
|
110
|
+
}
|
|
111
|
+
//#endregion
|
|
112
|
+
export { handleAuthLogout };
|
|
113
|
+
|
|
114
|
+
//# sourceMappingURL=auth-logout.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"auth-logout.js","names":[],"sources":["../../../../src/server/hono/hubspot-connect-routes/auth-logout.ts"],"sourcesContent":["import type { Context } from 'hono';\n\nimport type { Logger } from '../../../shared/logger.ts';\nimport {\n HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n HUBSPOT_APP_ORIGIN_COOKIE_NAME,\n HUBSPOT_APP_SID_COOKIE_NAME,\n HUBSPOT_REFRESH_COOKIE_PREFIX,\n} from '../../constants.ts';\nimport { parseCookies } from '../../utils/cookie-utils.ts';\nimport { serializeCookie, setResponseCookie } from '../utils/cookie-utils.ts';\nimport { buildClientAssertion } from './oauth-client.ts';\nimport type { HubSpotConnectOAuthRouteOptions } from './types.ts';\nimport { buildCimdClientIdUrlFromRequest } from './utils.ts';\n\nasync function revokeToken(options: {\n revokeEndpointUrl: string;\n body: URLSearchParams;\n logger: Logger;\n}): Promise<void> {\n const { revokeEndpointUrl, body, logger } = options;\n try {\n const response = await fetch(revokeEndpointUrl, {\n method: 'POST',\n headers: { 'Content-Type': 'application/x-www-form-urlencoded' },\n body,\n });\n if (!response.ok) {\n logger.warn(\n `HubSpot token revoke returned HTTP ${response.status} ${response.statusText}`\n );\n }\n } catch (error) {\n logger.warn('HubSpot token revoke request failed', error);\n }\n}\n\nexport async function handleAuthLogout(\n c: Context,\n options: HubSpotConnectOAuthRouteOptions\n) {\n const { appKeys, refreshCookiePath, basePath, hubspotConnectEnv, logger } =\n options;\n const xForwardedProto = c.req.header('x-forwarded-proto') ?? undefined;\n const xForwardedHost = c.req.header('x-forwarded-host') ?? undefined;\n const requestHostHeader = c.req.header('host') ?? undefined;\n const cookies = parseCookies(c.req.header('Cookie'));\n const accessToken = cookies[HUBSPOT_ACCESS_TOKEN_COOKIE_NAME];\n\n const clientId = hubspotConnectEnv.isCimdEnabled\n ? buildCimdClientIdUrlFromRequest({\n requestUrl: c.req.url,\n basePath,\n xForwardedProto,\n xForwardedHost,\n requestHostHeader,\n })\n : hubspotConnectEnv.hubspotClientId;\n\n const revokeEndpointUrl = new URL(\n '/oauth/v1/revoke',\n hubspotConnectEnv.hubspotOAuthApiOrigin\n ).href;\n\n if (accessToken) {\n if (hubspotConnectEnv.isCimdEnabled) {\n if (!appKeys) {\n return c.json(\n {\n error:\n 'Server misconfiguration: HUBSPOT_APP_PRIVATE_KEY is required when CIMD is enabled',\n },\n 500\n );\n }\n const clientAssertion = await buildClientAssertion({\n appKeys,\n clientId,\n audience: revokeEndpointUrl,\n });\n await revokeToken({\n revokeEndpointUrl,\n body: new URLSearchParams({\n token: accessToken,\n token_type_hint: 'access_token',\n client_id: clientId,\n client_assertion_type:\n 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',\n client_assertion: clientAssertion,\n }),\n logger,\n });\n } else {\n await revokeToken({\n revokeEndpointUrl,\n body: new URLSearchParams({\n token: accessToken,\n token_type_hint: 'access_token',\n client_id: clientId,\n client_secret: hubspotConnectEnv.hubspotClientSecret,\n }),\n logger,\n });\n }\n }\n\n setResponseCookie({\n c,\n value: serializeCookie({\n name: HUBSPOT_ACCESS_TOKEN_COOKIE_NAME,\n value: '',\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: 0,\n }),\n });\n setResponseCookie({\n c,\n value: serializeCookie({\n name: HUBSPOT_APP_SID_COOKIE_NAME,\n value: '',\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: 0,\n }),\n });\n setResponseCookie({\n c,\n value: serializeCookie({\n name: HUBSPOT_APP_ORIGIN_COOKIE_NAME,\n value: '',\n path: '/',\n sameSite: 'None',\n partitioned: true,\n maxAge: 0,\n }),\n });\n\n Object.keys(cookies).forEach((cookieName) => {\n if (cookieName.startsWith(HUBSPOT_REFRESH_COOKIE_PREFIX)) {\n setResponseCookie({\n c,\n value: serializeCookie({\n name: cookieName,\n value: '',\n path: refreshCookiePath,\n sameSite: 'None',\n partitioned: true,\n maxAge: 0,\n }),\n });\n }\n });\n\n return c.json({ redirect_to: '/' });\n}\n"],"mappings":";;;;;;AAeA,eAAe,YAAY,SAIT;CAChB,MAAM,EAAE,mBAAmB,MAAM,WAAW;CAC5C,IAAI;EACF,MAAM,WAAW,MAAM,MAAM,mBAAmB;GAC9C,QAAQ;GACR,SAAS,EAAE,gBAAgB,qCAAqC;GAChE;GACD,CAAC;EACF,IAAI,CAAC,SAAS,IACZ,OAAO,KACL,sCAAsC,SAAS,OAAO,GAAG,SAAS,aACnE;UAEI,OAAO;EACd,OAAO,KAAK,uCAAuC,MAAM;;;AAI7D,eAAsB,iBACpB,GACA,SACA;CACA,MAAM,EAAE,SAAS,mBAAmB,UAAU,mBAAmB,WAC/D;CACF,MAAM,kBAAkB,EAAE,IAAI,OAAO,oBAAoB,IAAI,KAAA;CAC7D,MAAM,iBAAiB,EAAE,IAAI,OAAO,mBAAmB,IAAI,KAAA;CAC3D,MAAM,oBAAoB,EAAE,IAAI,OAAO,OAAO,IAAI,KAAA;CAClD,MAAM,UAAU,aAAa,EAAE,IAAI,OAAO,SAAS,CAAC;CACpD,MAAM,cAAc,QAAQ;CAE5B,MAAM,WAAW,kBAAkB,gBAC/B,gCAAgC;EAC9B,YAAY,EAAE,IAAI;EAClB;EACA;EACA;EACA;EACD,CAAC,GACF,kBAAkB;CAEtB,MAAM,oBAAoB,IAAI,IAC5B,oBACA,kBAAkB,sBACnB,CAAC;CAEF,IAAI,aACF,IAAI,kBAAkB,eAAe;EACnC,IAAI,CAAC,SACH,OAAO,EAAE,KACP,EACE,OACE,qFACH,EACD,IACD;EAEH,MAAM,kBAAkB,MAAM,qBAAqB;GACjD;GACA;GACA,UAAU;GACX,CAAC;EACF,MAAM,YAAY;GAChB;GACA,MAAM,IAAI,gBAAgB;IACxB,OAAO;IACP,iBAAiB;IACjB,WAAW;IACX,uBACE;IACF,kBAAkB;IACnB,CAAC;GACF;GACD,CAAC;QAEF,MAAM,YAAY;EAChB;EACA,MAAM,IAAI,gBAAgB;GACxB,OAAO;GACP,iBAAiB;GACjB,WAAW;GACX,eAAe,kBAAkB;GAClC,CAAC;EACF;EACD,CAAC;CAIN,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CACF,kBAAkB;EAChB;EACA,OAAO,gBAAgB;GACrB,MAAM;GACN,OAAO;GACP,MAAM;GACN,UAAU;GACV,aAAa;GACb,QAAQ;GACT,CAAC;EACH,CAAC;CAEF,OAAO,KAAK,QAAQ,CAAC,SAAS,eAAe;EAC3C,IAAI,WAAW,WAAA,cAAyC,EACtD,kBAAkB;GAChB;GACA,OAAO,gBAAgB;IACrB,MAAM;IACN,OAAO;IACP,MAAM;IACN,UAAU;IACV,aAAa;IACb,QAAQ;IACT,CAAC;GACH,CAAC;GAEJ;CAEF,OAAO,EAAE,KAAK,EAAE,aAAa,KAAK,CAAC"}
|