@hubspot/app-connect-sdk 1.0.0-alpha.4 → 1.0.0-alpha.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (513) hide show
  1. package/.turbo/turbo-format$colon$check.log +4 -0
  2. package/.turbo/turbo-lint.log +2 -0
  3. package/.turbo/turbo-test.log +78 -0
  4. package/.turbo/turbo-tsdown.log +492 -20
  5. package/build/tsconfig.browser.tsbuildinfo +1 -1
  6. package/build/tsconfig.server.tsbuildinfo +1 -1
  7. package/dist/browser/{create-hzqjIhmO.js → create-crdncXsh.js} +2 -2
  8. package/dist/browser/create-crdncXsh.js.map +1 -0
  9. package/dist/browser/index.js +1 -1
  10. package/dist/browser/react/lovable.js +1 -1
  11. package/dist/server/api-client-core/apis/account/account-info-types.generated.d.ts +111 -0
  12. package/dist/server/api-client-core/apis/account/account-info.generated.d.ts +7 -0
  13. package/dist/server/api-client-core/apis/account/account-info.generated.js +9 -0
  14. package/dist/server/api-client-core/apis/account/account-info.generated.js.map +1 -0
  15. package/dist/server/api-client-core/apis/account/audit-logs-types.generated.d.ts +247 -0
  16. package/dist/server/api-client-core/apis/account/audit-logs.generated.d.ts +7 -0
  17. package/dist/server/api-client-core/apis/account/audit-logs.generated.js +28 -0
  18. package/dist/server/api-client-core/apis/account/audit-logs.generated.js.map +1 -0
  19. package/dist/server/api-client-core/apis/auth/oauth-types.generated.d.ts +121 -0
  20. package/dist/server/api-client-core/apis/auth/oauth.generated.d.ts +7 -0
  21. package/dist/server/api-client-core/apis/auth/oauth.generated.js +19 -0
  22. package/dist/server/api-client-core/apis/auth/oauth.generated.js.map +1 -0
  23. package/dist/server/api-client-core/apis/automation/actions-types.generated.d.ts +933 -0
  24. package/dist/server/api-client-core/apis/automation/actions.generated.d.ts +7 -0
  25. package/dist/server/api-client-core/apis/automation/actions.generated.js +121 -0
  26. package/dist/server/api-client-core/apis/automation/actions.generated.js.map +1 -0
  27. package/dist/server/api-client-core/apis/automation/sequences-types.generated.d.ts +422 -0
  28. package/dist/server/api-client-core/apis/automation/sequences.generated.d.ts +7 -0
  29. package/dist/server/api-client-core/apis/automation/sequences.generated.js +22 -0
  30. package/dist/server/api-client-core/apis/automation/sequences.generated.js.map +1 -0
  31. package/dist/server/api-client-core/apis/business-units-types.generated.d.ts +75 -0
  32. package/dist/server/api-client-core/apis/business-units.generated.d.ts +7 -0
  33. package/dist/server/api-client-core/apis/business-units.generated.js +12 -0
  34. package/dist/server/api-client-core/apis/business-units.generated.js.map +1 -0
  35. package/dist/server/api-client-core/apis/cms/authors-types.generated.d.ts +551 -0
  36. package/dist/server/api-client-core/apis/cms/authors.generated.d.ts +7 -0
  37. package/dist/server/api-client-core/apis/cms/authors.generated.js +163 -0
  38. package/dist/server/api-client-core/apis/cms/authors.generated.js.map +1 -0
  39. package/dist/server/api-client-core/apis/cms/blog-settings-types.generated.d.ts +366 -0
  40. package/dist/server/api-client-core/apis/cms/blog-settings.generated.d.ts +7 -0
  41. package/dist/server/api-client-core/apis/cms/blog-settings.generated.js +43 -0
  42. package/dist/server/api-client-core/apis/cms/blog-settings.generated.js.map +1 -0
  43. package/dist/server/api-client-core/apis/cms/cms-content-audit-types.generated.d.ts +157 -0
  44. package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.d.ts +7 -0
  45. package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js +18 -0
  46. package/dist/server/api-client-core/apis/cms/cms-content-audit.generated.js.map +1 -0
  47. package/dist/server/api-client-core/apis/cms/domains-types.generated.d.ts +193 -0
  48. package/dist/server/api-client-core/apis/cms/domains.generated.d.ts +7 -0
  49. package/dist/server/api-client-core/apis/cms/domains.generated.js +20 -0
  50. package/dist/server/api-client-core/apis/cms/domains.generated.js.map +1 -0
  51. package/dist/server/api-client-core/apis/cms/hubdb-types.generated.d.ts +1097 -0
  52. package/dist/server/api-client-core/apis/cms/hubdb.generated.d.ts +7 -0
  53. package/dist/server/api-client-core/apis/cms/hubdb.generated.js +192 -0
  54. package/dist/server/api-client-core/apis/cms/hubdb.generated.js.map +1 -0
  55. package/dist/server/api-client-core/apis/cms/media-bridge-types.generated.d.ts +1780 -0
  56. package/dist/server/api-client-core/apis/cms/media-bridge.generated.d.ts +7 -0
  57. package/dist/server/api-client-core/apis/cms/media-bridge.generated.js +185 -0
  58. package/dist/server/api-client-core/apis/cms/media-bridge.generated.js.map +1 -0
  59. package/dist/server/api-client-core/apis/cms/pages-types.generated.d.ts +1768 -0
  60. package/dist/server/api-client-core/apis/cms/pages.generated.d.ts +7 -0
  61. package/dist/server/api-client-core/apis/cms/pages.generated.js +331 -0
  62. package/dist/server/api-client-core/apis/cms/pages.generated.js.map +1 -0
  63. package/dist/server/api-client-core/apis/cms/posts-types.generated.d.ts +1090 -0
  64. package/dist/server/api-client-core/apis/cms/posts.generated.d.ts +7 -0
  65. package/dist/server/api-client-core/apis/cms/posts.generated.js +201 -0
  66. package/dist/server/api-client-core/apis/cms/posts.generated.js.map +1 -0
  67. package/dist/server/api-client-core/apis/cms/site-search-types.generated.d.ts +200 -0
  68. package/dist/server/api-client-core/apis/cms/site-search.generated.d.ts +7 -0
  69. package/dist/server/api-client-core/apis/cms/site-search.generated.js +32 -0
  70. package/dist/server/api-client-core/apis/cms/site-search.generated.js.map +1 -0
  71. package/dist/server/api-client-core/apis/cms/source-code-types.generated.d.ts +218 -0
  72. package/dist/server/api-client-core/apis/cms/source-code.generated.d.ts +7 -0
  73. package/dist/server/api-client-core/apis/cms/source-code.generated.js +52 -0
  74. package/dist/server/api-client-core/apis/cms/source-code.generated.js.map +1 -0
  75. package/dist/server/api-client-core/apis/cms/tags-types.generated.d.ts +515 -0
  76. package/dist/server/api-client-core/apis/cms/tags.generated.d.ts +7 -0
  77. package/dist/server/api-client-core/apis/cms/tags.generated.js +163 -0
  78. package/dist/server/api-client-core/apis/cms/tags.generated.js.map +1 -0
  79. package/dist/server/api-client-core/apis/cms/url-mappings-types.generated.d.ts +177 -0
  80. package/dist/server/api-client-core/apis/cms/url-mappings.generated.d.ts +7 -0
  81. package/dist/server/api-client-core/apis/cms/url-mappings.generated.js +14 -0
  82. package/dist/server/api-client-core/apis/cms/url-mappings.generated.js.map +1 -0
  83. package/dist/server/api-client-core/apis/cms/url-redirects-types.generated.d.ts +226 -0
  84. package/dist/server/api-client-core/apis/cms/url-redirects.generated.d.ts +7 -0
  85. package/dist/server/api-client-core/apis/cms/url-redirects.generated.js +26 -0
  86. package/dist/server/api-client-core/apis/cms/url-redirects.generated.js.map +1 -0
  87. package/dist/server/api-client-core/apis/communication-preferences/subscriptions-types.generated.d.ts +802 -0
  88. package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.d.ts +7 -0
  89. package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js +74 -0
  90. package/dist/server/api-client-core/apis/communication-preferences/subscriptions.generated.js.map +1 -0
  91. package/dist/server/api-client-core/apis/conversations/custom-channels-types.generated.d.ts +551 -0
  92. package/dist/server/api-client-core/apis/conversations/custom-channels.generated.d.ts +7 -0
  93. package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js +80 -0
  94. package/dist/server/api-client-core/apis/conversations/custom-channels.generated.js.map +1 -0
  95. package/dist/server/api-client-core/apis/conversations/visitor-identification-types.generated.d.ts +60 -0
  96. package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.d.ts +7 -0
  97. package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js +6 -0
  98. package/dist/server/api-client-core/apis/conversations/visitor-identification.generated.js.map +1 -0
  99. package/dist/server/api-client-core/apis/conversations-types.generated.d.ts +908 -0
  100. package/dist/server/api-client-core/apis/conversations.generated.d.ts +7 -0
  101. package/dist/server/api-client-core/apis/conversations.generated.js +108 -0
  102. package/dist/server/api-client-core/apis/conversations.generated.js.map +1 -0
  103. package/dist/server/api-client-core/apis/crm/app-uninstalls-types.generated.d.ts +37 -0
  104. package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.d.ts +7 -0
  105. package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js +6 -0
  106. package/dist/server/api-client-core/apis/crm/app-uninstalls.generated.js.map +1 -0
  107. package/dist/server/api-client-core/apis/crm/appointments-types.generated.d.ts +989 -0
  108. package/dist/server/api-client-core/apis/crm/appointments.generated.d.ts +7 -0
  109. package/dist/server/api-client-core/apis/crm/appointments.generated.js +118 -0
  110. package/dist/server/api-client-core/apis/crm/appointments.generated.js.map +1 -0
  111. package/dist/server/api-client-core/apis/crm/associations-schema-types.generated.d.ts +329 -0
  112. package/dist/server/api-client-core/apis/crm/associations-schema.generated.d.ts +7 -0
  113. package/dist/server/api-client-core/apis/crm/associations-schema.generated.js +60 -0
  114. package/dist/server/api-client-core/apis/crm/associations-schema.generated.js.map +1 -0
  115. package/dist/server/api-client-core/apis/crm/associations-types.generated.d.ts +661 -0
  116. package/dist/server/api-client-core/apis/crm/associations.generated.d.ts +7 -0
  117. package/dist/server/api-client-core/apis/crm/associations.generated.js +83 -0
  118. package/dist/server/api-client-core/apis/crm/associations.generated.js.map +1 -0
  119. package/dist/server/api-client-core/apis/crm/calling-extensions-types.generated.d.ts +466 -0
  120. package/dist/server/api-client-core/apis/crm/calling-extensions.generated.d.ts +7 -0
  121. package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js +42 -0
  122. package/dist/server/api-client-core/apis/crm/calling-extensions.generated.js.map +1 -0
  123. package/dist/server/api-client-core/apis/crm/calls-types.generated.d.ts +850 -0
  124. package/dist/server/api-client-core/apis/crm/calls.generated.d.ts +7 -0
  125. package/dist/server/api-client-core/apis/crm/calls.generated.js +66 -0
  126. package/dist/server/api-client-core/apis/crm/calls.generated.js.map +1 -0
  127. package/dist/server/api-client-core/apis/crm/carts-types.generated.d.ts +850 -0
  128. package/dist/server/api-client-core/apis/crm/carts.generated.d.ts +7 -0
  129. package/dist/server/api-client-core/apis/crm/carts.generated.js +66 -0
  130. package/dist/server/api-client-core/apis/crm/carts.generated.js.map +1 -0
  131. package/dist/server/api-client-core/apis/crm/commerce-payments-types.generated.d.ts +850 -0
  132. package/dist/server/api-client-core/apis/crm/commerce-payments.generated.d.ts +7 -0
  133. package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js +66 -0
  134. package/dist/server/api-client-core/apis/crm/commerce-payments.generated.js.map +1 -0
  135. package/dist/server/api-client-core/apis/crm/commerce-subscriptions-types.generated.d.ts +847 -0
  136. package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.d.ts +7 -0
  137. package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js +66 -0
  138. package/dist/server/api-client-core/apis/crm/commerce-subscriptions.generated.js.map +1 -0
  139. package/dist/server/api-client-core/apis/crm/communications-types.generated.d.ts +850 -0
  140. package/dist/server/api-client-core/apis/crm/communications.generated.d.ts +7 -0
  141. package/dist/server/api-client-core/apis/crm/communications.generated.js +66 -0
  142. package/dist/server/api-client-core/apis/crm/communications.generated.js.map +1 -0
  143. package/dist/server/api-client-core/apis/crm/companies-types.generated.d.ts +884 -0
  144. package/dist/server/api-client-core/apis/crm/companies.generated.d.ts +7 -0
  145. package/dist/server/api-client-core/apis/crm/companies.generated.js +67 -0
  146. package/dist/server/api-client-core/apis/crm/companies.generated.js.map +1 -0
  147. package/dist/server/api-client-core/apis/crm/contacts-types.generated.d.ts +899 -0
  148. package/dist/server/api-client-core/apis/crm/contacts.generated.d.ts +7 -0
  149. package/dist/server/api-client-core/apis/crm/contacts.generated.js +70 -0
  150. package/dist/server/api-client-core/apis/crm/contacts.generated.js.map +1 -0
  151. package/dist/server/api-client-core/apis/crm/contracts-types.generated.d.ts +850 -0
  152. package/dist/server/api-client-core/apis/crm/contracts.generated.d.ts +7 -0
  153. package/dist/server/api-client-core/apis/crm/contracts.generated.js +66 -0
  154. package/dist/server/api-client-core/apis/crm/contracts.generated.js.map +1 -0
  155. package/dist/server/api-client-core/apis/crm/courses-types.generated.d.ts +853 -0
  156. package/dist/server/api-client-core/apis/crm/courses.generated.d.ts +7 -0
  157. package/dist/server/api-client-core/apis/crm/courses.generated.js +66 -0
  158. package/dist/server/api-client-core/apis/crm/courses.generated.js.map +1 -0
  159. package/dist/server/api-client-core/apis/crm/crm-owners-types.generated.d.ts +140 -0
  160. package/dist/server/api-client-core/apis/crm/crm-owners.generated.d.ts +7 -0
  161. package/dist/server/api-client-core/apis/crm/crm-owners.generated.js +20 -0
  162. package/dist/server/api-client-core/apis/crm/crm-owners.generated.js.map +1 -0
  163. package/dist/server/api-client-core/apis/crm/custom-objects-types.generated.d.ts +934 -0
  164. package/dist/server/api-client-core/apis/crm/custom-objects.generated.d.ts +7 -0
  165. package/dist/server/api-client-core/apis/crm/custom-objects.generated.js +101 -0
  166. package/dist/server/api-client-core/apis/crm/custom-objects.generated.js.map +1 -0
  167. package/dist/server/api-client-core/apis/crm/deal-splits-types.generated.d.ts +196 -0
  168. package/dist/server/api-client-core/apis/crm/deal-splits.generated.d.ts +7 -0
  169. package/dist/server/api-client-core/apis/crm/deal-splits.generated.js +9 -0
  170. package/dist/server/api-client-core/apis/crm/deal-splits.generated.js.map +1 -0
  171. package/dist/server/api-client-core/apis/crm/deals-types.generated.d.ts +872 -0
  172. package/dist/server/api-client-core/apis/crm/deals.generated.d.ts +7 -0
  173. package/dist/server/api-client-core/apis/crm/deals.generated.js +67 -0
  174. package/dist/server/api-client-core/apis/crm/deals.generated.js.map +1 -0
  175. package/dist/server/api-client-core/apis/crm/discounts-types.generated.d.ts +846 -0
  176. package/dist/server/api-client-core/apis/crm/discounts.generated.d.ts +7 -0
  177. package/dist/server/api-client-core/apis/crm/discounts.generated.js +66 -0
  178. package/dist/server/api-client-core/apis/crm/discounts.generated.js.map +1 -0
  179. package/dist/server/api-client-core/apis/crm/emails-types.generated.d.ts +850 -0
  180. package/dist/server/api-client-core/apis/crm/emails.generated.d.ts +7 -0
  181. package/dist/server/api-client-core/apis/crm/emails.generated.js +66 -0
  182. package/dist/server/api-client-core/apis/crm/emails.generated.js.map +1 -0
  183. package/dist/server/api-client-core/apis/crm/exports-types.generated.d.ts +281 -0
  184. package/dist/server/api-client-core/apis/crm/exports.generated.d.ts +7 -0
  185. package/dist/server/api-client-core/apis/crm/exports.generated.js +12 -0
  186. package/dist/server/api-client-core/apis/crm/exports.generated.js.map +1 -0
  187. package/dist/server/api-client-core/apis/crm/feedback-submissions-types.generated.d.ts +616 -0
  188. package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.d.ts +7 -0
  189. package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js +55 -0
  190. package/dist/server/api-client-core/apis/crm/feedback-submissions.generated.js.map +1 -0
  191. package/dist/server/api-client-core/apis/crm/fees-types.generated.d.ts +850 -0
  192. package/dist/server/api-client-core/apis/crm/fees.generated.d.ts +7 -0
  193. package/dist/server/api-client-core/apis/crm/fees.generated.js +66 -0
  194. package/dist/server/api-client-core/apis/crm/fees.generated.js.map +1 -0
  195. package/dist/server/api-client-core/apis/crm/goal-targets-types.generated.d.ts +850 -0
  196. package/dist/server/api-client-core/apis/crm/goal-targets.generated.d.ts +7 -0
  197. package/dist/server/api-client-core/apis/crm/goal-targets.generated.js +66 -0
  198. package/dist/server/api-client-core/apis/crm/goal-targets.generated.js.map +1 -0
  199. package/dist/server/api-client-core/apis/crm/imports-types.generated.d.ts +371 -0
  200. package/dist/server/api-client-core/apis/crm/imports.generated.d.ts +7 -0
  201. package/dist/server/api-client-core/apis/crm/imports.generated.js +30 -0
  202. package/dist/server/api-client-core/apis/crm/imports.generated.js.map +1 -0
  203. package/dist/server/api-client-core/apis/crm/invoices-types.generated.d.ts +850 -0
  204. package/dist/server/api-client-core/apis/crm/invoices.generated.d.ts +7 -0
  205. package/dist/server/api-client-core/apis/crm/invoices.generated.js +66 -0
  206. package/dist/server/api-client-core/apis/crm/invoices.generated.js.map +1 -0
  207. package/dist/server/api-client-core/apis/crm/leads-types.generated.d.ts +850 -0
  208. package/dist/server/api-client-core/apis/crm/leads.generated.d.ts +7 -0
  209. package/dist/server/api-client-core/apis/crm/leads.generated.js +66 -0
  210. package/dist/server/api-client-core/apis/crm/leads.generated.js.map +1 -0
  211. package/dist/server/api-client-core/apis/crm/limits-tracking-types.generated.d.ts +331 -0
  212. package/dist/server/api-client-core/apis/crm/limits-tracking.generated.d.ts +7 -0
  213. package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js +22 -0
  214. package/dist/server/api-client-core/apis/crm/limits-tracking.generated.js.map +1 -0
  215. package/dist/server/api-client-core/apis/crm/line-items-types.generated.d.ts +850 -0
  216. package/dist/server/api-client-core/apis/crm/line-items.generated.d.ts +7 -0
  217. package/dist/server/api-client-core/apis/crm/line-items.generated.js +66 -0
  218. package/dist/server/api-client-core/apis/crm/line-items.generated.js.map +1 -0
  219. package/dist/server/api-client-core/apis/crm/listings-types.generated.d.ts +853 -0
  220. package/dist/server/api-client-core/apis/crm/listings.generated.d.ts +7 -0
  221. package/dist/server/api-client-core/apis/crm/listings.generated.js +66 -0
  222. package/dist/server/api-client-core/apis/crm/listings.generated.js.map +1 -0
  223. package/dist/server/api-client-core/apis/crm/lists-types.generated.d.ts +2265 -0
  224. package/dist/server/api-client-core/apis/crm/lists.generated.d.ts +7 -0
  225. package/dist/server/api-client-core/apis/crm/lists.generated.js +105 -0
  226. package/dist/server/api-client-core/apis/crm/lists.generated.js.map +1 -0
  227. package/dist/server/api-client-core/apis/crm/meetings-types.generated.d.ts +850 -0
  228. package/dist/server/api-client-core/apis/crm/meetings.generated.d.ts +7 -0
  229. package/dist/server/api-client-core/apis/crm/meetings.generated.js +66 -0
  230. package/dist/server/api-client-core/apis/crm/meetings.generated.js.map +1 -0
  231. package/dist/server/api-client-core/apis/crm/notes-types.generated.d.ts +850 -0
  232. package/dist/server/api-client-core/apis/crm/notes.generated.d.ts +7 -0
  233. package/dist/server/api-client-core/apis/crm/notes.generated.js +66 -0
  234. package/dist/server/api-client-core/apis/crm/notes.generated.js.map +1 -0
  235. package/dist/server/api-client-core/apis/crm/object-library-types.generated.d.ts +60 -0
  236. package/dist/server/api-client-core/apis/crm/object-library.generated.d.ts +7 -0
  237. package/dist/server/api-client-core/apis/crm/object-library.generated.js +9 -0
  238. package/dist/server/api-client-core/apis/crm/object-library.generated.js.map +1 -0
  239. package/dist/server/api-client-core/apis/crm/objects-types.generated.d.ts +712 -0
  240. package/dist/server/api-client-core/apis/crm/objects.generated.d.ts +7 -0
  241. package/dist/server/api-client-core/apis/crm/objects.generated.js +76 -0
  242. package/dist/server/api-client-core/apis/crm/objects.generated.js.map +1 -0
  243. package/dist/server/api-client-core/apis/crm/orders-types.generated.d.ts +850 -0
  244. package/dist/server/api-client-core/apis/crm/orders.generated.d.ts +7 -0
  245. package/dist/server/api-client-core/apis/crm/orders.generated.js +66 -0
  246. package/dist/server/api-client-core/apis/crm/orders.generated.js.map +1 -0
  247. package/dist/server/api-client-core/apis/crm/partner-clients-types.generated.d.ts +725 -0
  248. package/dist/server/api-client-core/apis/crm/partner-clients.generated.d.ts +7 -0
  249. package/dist/server/api-client-core/apis/crm/partner-clients.generated.js +71 -0
  250. package/dist/server/api-client-core/apis/crm/partner-clients.generated.js.map +1 -0
  251. package/dist/server/api-client-core/apis/crm/partner-services-types.generated.d.ts +725 -0
  252. package/dist/server/api-client-core/apis/crm/partner-services.generated.d.ts +7 -0
  253. package/dist/server/api-client-core/apis/crm/partner-services.generated.js +71 -0
  254. package/dist/server/api-client-core/apis/crm/partner-services.generated.js.map +1 -0
  255. package/dist/server/api-client-core/apis/crm/pipelines-types.generated.d.ts +430 -0
  256. package/dist/server/api-client-core/apis/crm/pipelines.generated.d.ts +7 -0
  257. package/dist/server/api-client-core/apis/crm/pipelines.generated.js +94 -0
  258. package/dist/server/api-client-core/apis/crm/pipelines.generated.js.map +1 -0
  259. package/dist/server/api-client-core/apis/crm/postal-mail-types.generated.d.ts +844 -0
  260. package/dist/server/api-client-core/apis/crm/postal-mail.generated.d.ts +7 -0
  261. package/dist/server/api-client-core/apis/crm/postal-mail.generated.js +66 -0
  262. package/dist/server/api-client-core/apis/crm/postal-mail.generated.js.map +1 -0
  263. package/dist/server/api-client-core/apis/crm/products-types.generated.d.ts +850 -0
  264. package/dist/server/api-client-core/apis/crm/products.generated.d.ts +7 -0
  265. package/dist/server/api-client-core/apis/crm/products.generated.js +66 -0
  266. package/dist/server/api-client-core/apis/crm/products.generated.js.map +1 -0
  267. package/dist/server/api-client-core/apis/crm/projects-types.generated.d.ts +881 -0
  268. package/dist/server/api-client-core/apis/crm/projects.generated.d.ts +7 -0
  269. package/dist/server/api-client-core/apis/crm/projects.generated.js +67 -0
  270. package/dist/server/api-client-core/apis/crm/projects.generated.js.map +1 -0
  271. package/dist/server/api-client-core/apis/crm/properties-types.generated.d.ts +603 -0
  272. package/dist/server/api-client-core/apis/crm/properties.generated.d.ts +7 -0
  273. package/dist/server/api-client-core/apis/crm/properties.generated.js +86 -0
  274. package/dist/server/api-client-core/apis/crm/properties.generated.js.map +1 -0
  275. package/dist/server/api-client-core/apis/crm/property-validations-types.generated.d.ts +121 -0
  276. package/dist/server/api-client-core/apis/crm/property-validations.generated.d.ts +7 -0
  277. package/dist/server/api-client-core/apis/crm/property-validations.generated.js +25 -0
  278. package/dist/server/api-client-core/apis/crm/property-validations.generated.js.map +1 -0
  279. package/dist/server/api-client-core/apis/crm/public-app-crm-cards-types.generated.d.ts +486 -0
  280. package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.d.ts +7 -0
  281. package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js +34 -0
  282. package/dist/server/api-client-core/apis/crm/public-app-crm-cards.generated.js.map +1 -0
  283. package/dist/server/api-client-core/apis/crm/public-app-feature-flags-types.generated.d.ts +247 -0
  284. package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.d.ts +7 -0
  285. package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js +69 -0
  286. package/dist/server/api-client-core/apis/crm/public-app-feature-flags.generated.js.map +1 -0
  287. package/dist/server/api-client-core/apis/crm/quotes-types.generated.d.ts +850 -0
  288. package/dist/server/api-client-core/apis/crm/quotes.generated.d.ts +7 -0
  289. package/dist/server/api-client-core/apis/crm/quotes.generated.js +66 -0
  290. package/dist/server/api-client-core/apis/crm/quotes.generated.js.map +1 -0
  291. package/dist/server/api-client-core/apis/crm/schemas-types.generated.d.ts +669 -0
  292. package/dist/server/api-client-core/apis/crm/schemas.generated.d.ts +7 -0
  293. package/dist/server/api-client-core/apis/crm/schemas.generated.js +41 -0
  294. package/dist/server/api-client-core/apis/crm/schemas.generated.js.map +1 -0
  295. package/dist/server/api-client-core/apis/crm/services-types.generated.d.ts +853 -0
  296. package/dist/server/api-client-core/apis/crm/services.generated.d.ts +7 -0
  297. package/dist/server/api-client-core/apis/crm/services.generated.js +66 -0
  298. package/dist/server/api-client-core/apis/crm/services.generated.js.map +1 -0
  299. package/dist/server/api-client-core/apis/crm/tasks-types.generated.d.ts +850 -0
  300. package/dist/server/api-client-core/apis/crm/tasks.generated.d.ts +7 -0
  301. package/dist/server/api-client-core/apis/crm/tasks.generated.js +66 -0
  302. package/dist/server/api-client-core/apis/crm/tasks.generated.js.map +1 -0
  303. package/dist/server/api-client-core/apis/crm/taxes-types.generated.d.ts +850 -0
  304. package/dist/server/api-client-core/apis/crm/taxes.generated.d.ts +7 -0
  305. package/dist/server/api-client-core/apis/crm/taxes.generated.js +66 -0
  306. package/dist/server/api-client-core/apis/crm/taxes.generated.js.map +1 -0
  307. package/dist/server/api-client-core/apis/crm/tickets-types.generated.d.ts +884 -0
  308. package/dist/server/api-client-core/apis/crm/tickets.generated.d.ts +7 -0
  309. package/dist/server/api-client-core/apis/crm/tickets.generated.js +67 -0
  310. package/dist/server/api-client-core/apis/crm/tickets.generated.js.map +1 -0
  311. package/dist/server/api-client-core/apis/crm/timeline-types.generated.d.ts +187 -0
  312. package/dist/server/api-client-core/apis/crm/timeline.generated.d.ts +7 -0
  313. package/dist/server/api-client-core/apis/crm/timeline.generated.js +12 -0
  314. package/dist/server/api-client-core/apis/crm/timeline.generated.js.map +1 -0
  315. package/dist/server/api-client-core/apis/crm/transcriptions-types.generated.d.ts +152 -0
  316. package/dist/server/api-client-core/apis/crm/transcriptions.generated.d.ts +7 -0
  317. package/dist/server/api-client-core/apis/crm/transcriptions.generated.js +15 -0
  318. package/dist/server/api-client-core/apis/crm/transcriptions.generated.js.map +1 -0
  319. package/dist/server/api-client-core/apis/crm/users-types.generated.d.ts +850 -0
  320. package/dist/server/api-client-core/apis/crm/users.generated.d.ts +7 -0
  321. package/dist/server/api-client-core/apis/crm/users.generated.js +66 -0
  322. package/dist/server/api-client-core/apis/crm/users.generated.js.map +1 -0
  323. package/dist/server/api-client-core/apis/crm/video-conferencing-extension-types.generated.d.ts +72 -0
  324. package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.d.ts +7 -0
  325. package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js +13 -0
  326. package/dist/server/api-client-core/apis/crm/video-conferencing-extension.generated.js.map +1 -0
  327. package/dist/server/api-client-core/apis/events/manage-event-definitions-types.generated.d.ts +1005 -0
  328. package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.d.ts +7 -0
  329. package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js +39 -0
  330. package/dist/server/api-client-core/apis/events/manage-event-definitions.generated.js.map +1 -0
  331. package/dist/server/api-client-core/apis/events/send-event-completions-types.generated.d.ts +94 -0
  332. package/dist/server/api-client-core/apis/events/send-event-completions.generated.d.ts +7 -0
  333. package/dist/server/api-client-core/apis/events/send-event-completions.generated.js +9 -0
  334. package/dist/server/api-client-core/apis/events/send-event-completions.generated.js.map +1 -0
  335. package/dist/server/api-client-core/apis/events-types.generated.d.ts +137 -0
  336. package/dist/server/api-client-core/apis/events.generated.d.ts +7 -0
  337. package/dist/server/api-client-core/apis/events.generated.js +23 -0
  338. package/dist/server/api-client-core/apis/events.generated.js.map +1 -0
  339. package/dist/server/api-client-core/apis/files-types.generated.d.ts +791 -0
  340. package/dist/server/api-client-core/apis/files.generated.d.ts +7 -0
  341. package/dist/server/api-client-core/apis/files.generated.js +119 -0
  342. package/dist/server/api-client-core/apis/files.generated.js.map +1 -0
  343. package/dist/server/api-client-core/apis/marketing/campaigns-public-api-types.generated.d.ts +989 -0
  344. package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.d.ts +7 -0
  345. package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js +139 -0
  346. package/dist/server/api-client-core/apis/marketing/campaigns-public-api.generated.js.map +1 -0
  347. package/dist/server/api-client-core/apis/marketing/marketing-emails-types.generated.d.ts +883 -0
  348. package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.d.ts +7 -0
  349. package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js +108 -0
  350. package/dist/server/api-client-core/apis/marketing/marketing-emails.generated.js.map +1 -0
  351. package/dist/server/api-client-core/apis/marketing/marketing-events-types.generated.d.ts +1788 -0
  352. package/dist/server/api-client-core/apis/marketing/marketing-events.generated.d.ts +7 -0
  353. package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js +176 -0
  354. package/dist/server/api-client-core/apis/marketing/marketing-events.generated.js.map +1 -0
  355. package/dist/server/api-client-core/apis/marketing/single-send-types.generated.d.ts +123 -0
  356. package/dist/server/api-client-core/apis/marketing/single-send.generated.d.ts +7 -0
  357. package/dist/server/api-client-core/apis/marketing/single-send.generated.js +6 -0
  358. package/dist/server/api-client-core/apis/marketing/single-send.generated.js.map +1 -0
  359. package/dist/server/api-client-core/apis/marketing/transactional-single-send-types.generated.d.ts +257 -0
  360. package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.d.ts +7 -0
  361. package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js +20 -0
  362. package/dist/server/api-client-core/apis/marketing/transactional-single-send.generated.js.map +1 -0
  363. package/dist/server/api-client-core/apis/meta/origins-types.generated.d.ts +77 -0
  364. package/dist/server/api-client-core/apis/meta/origins.generated.d.ts +7 -0
  365. package/dist/server/api-client-core/apis/meta/origins.generated.js +15 -0
  366. package/dist/server/api-client-core/apis/meta/origins.generated.js.map +1 -0
  367. package/dist/server/api-client-core/apis/scheduler/meetings-types.generated.d.ts +913 -0
  368. package/dist/server/api-client-core/apis/scheduler/meetings.generated.d.ts +7 -0
  369. package/dist/server/api-client-core/apis/scheduler/meetings.generated.js +34 -0
  370. package/dist/server/api-client-core/apis/scheduler/meetings.generated.js.map +1 -0
  371. package/dist/server/api-client-core/apis/settings/multicurrency-types.generated.d.ts +404 -0
  372. package/dist/server/api-client-core/apis/settings/multicurrency.generated.d.ts +7 -0
  373. package/dist/server/api-client-core/apis/settings/multicurrency.generated.js +38 -0
  374. package/dist/server/api-client-core/apis/settings/multicurrency.generated.js.map +1 -0
  375. package/dist/server/api-client-core/apis/settings/tax-rates-types.generated.d.ts +111 -0
  376. package/dist/server/api-client-core/apis/settings/tax-rates.generated.d.ts +7 -0
  377. package/dist/server/api-client-core/apis/settings/tax-rates.generated.js +13 -0
  378. package/dist/server/api-client-core/apis/settings/tax-rates.generated.js.map +1 -0
  379. package/dist/server/api-client-core/apis/settings/user-provisioning-types.generated.d.ts +297 -0
  380. package/dist/server/api-client-core/apis/settings/user-provisioning.generated.d.ts +7 -0
  381. package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js +31 -0
  382. package/dist/server/api-client-core/apis/settings/user-provisioning.generated.js.map +1 -0
  383. package/dist/server/api-client-core/apis/webhooks-journal-types.generated.d.ts +643 -0
  384. package/dist/server/api-client-core/apis/webhooks-journal.generated.d.ts +7 -0
  385. package/dist/server/api-client-core/apis/webhooks-journal.generated.js +75 -0
  386. package/dist/server/api-client-core/apis/webhooks-journal.generated.js.map +1 -0
  387. package/dist/server/api-client-core/apis/webhooks-types.generated.d.ts +1016 -0
  388. package/dist/server/api-client-core/apis/webhooks.generated.d.ts +7 -0
  389. package/dist/server/api-client-core/apis/webhooks.generated.js +105 -0
  390. package/dist/server/api-client-core/apis/webhooks.generated.js.map +1 -0
  391. package/dist/server/api-client-core/binary-data.d.ts +33 -0
  392. package/dist/server/api-client-core/binary-data.js +29 -0
  393. package/dist/server/api-client-core/binary-data.js.map +1 -0
  394. package/dist/server/api-client-core/client.d.ts +14 -0
  395. package/dist/server/{binary-data-BOalJzKu.js → api-client-core/client.js} +3 -58
  396. package/dist/server/api-client-core/client.js.map +1 -0
  397. package/dist/server/api-client-core/codegen-helpers/file-op-wrappers.js +25 -0
  398. package/dist/server/api-client-core/codegen-helpers/file-op-wrappers.js.map +1 -0
  399. package/dist/server/api-client-core/errors.d.ts +27 -0
  400. package/dist/server/api-client-core/errors.js +33 -0
  401. package/dist/server/api-client-core/errors.js.map +1 -0
  402. package/dist/server/api-client-core/op.d.ts +37 -0
  403. package/dist/server/api-client-core/op.js +44 -0
  404. package/dist/server/api-client-core/op.js.map +1 -0
  405. package/dist/server/api-client-core/pagination.d.ts +60 -0
  406. package/dist/server/api-client-core/pagination.js +103 -0
  407. package/dist/server/api-client-core/pagination.js.map +1 -0
  408. package/dist/server/api-client-core/plugins/fetch-transport.js +76 -0
  409. package/dist/server/api-client-core/plugins/fetch-transport.js.map +1 -0
  410. package/dist/server/{types-DEOUH4wE.d.ts → api-client-core/types.d.ts} +2 -2
  411. package/dist/server/api-client.d.ts +197 -60625
  412. package/dist/server/api-client.js +100 -5826
  413. package/dist/server/constants.js +73 -0
  414. package/dist/server/constants.js.map +1 -0
  415. package/dist/server/deno/start.d.ts +12 -0
  416. package/dist/server/deno/start.js +21 -0
  417. package/dist/server/deno/start.js.map +1 -0
  418. package/dist/server/hono/hono-request-handler.js +59 -0
  419. package/dist/server/hono/hono-request-handler.js.map +1 -0
  420. package/dist/server/hono/hubspot-connect-routes/auth-complete.js +154 -0
  421. package/dist/server/hono/hubspot-connect-routes/auth-complete.js.map +1 -0
  422. package/dist/server/hono/hubspot-connect-routes/auth-init-session.js +101 -0
  423. package/dist/server/hono/hubspot-connect-routes/auth-init-session.js.map +1 -0
  424. package/dist/server/hono/hubspot-connect-routes/auth-logout.js +114 -0
  425. package/dist/server/hono/hubspot-connect-routes/auth-logout.js.map +1 -0
  426. package/dist/server/hono/hubspot-connect-routes/auth-refresh.js +107 -0
  427. package/dist/server/hono/hubspot-connect-routes/auth-refresh.js.map +1 -0
  428. package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.d.ts +16 -0
  429. package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.js +13 -0
  430. package/dist/server/hono/hubspot-connect-routes/cimd-client-metadata-types.js.map +1 -0
  431. package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js +42 -0
  432. package/dist/server/hono/hubspot-connect-routes/cimd-public-routes.js.map +1 -0
  433. package/dist/server/hono/hubspot-connect-routes/constants.js +8 -0
  434. package/dist/server/hono/hubspot-connect-routes/constants.js.map +1 -0
  435. package/dist/server/hono/hubspot-connect-routes/fetch-hubspot-client-metadata.js +43 -0
  436. package/dist/server/hono/hubspot-connect-routes/fetch-hubspot-client-metadata.js.map +1 -0
  437. package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js +37 -0
  438. package/dist/server/hono/hubspot-connect-routes/hubspot-connect-routes.js.map +1 -0
  439. package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js +34 -0
  440. package/dist/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.js.map +1 -0
  441. package/dist/server/hono/hubspot-connect-routes/oauth-client.js +104 -0
  442. package/dist/server/hono/hubspot-connect-routes/oauth-client.js.map +1 -0
  443. package/dist/server/hono/hubspot-connect-routes/utils.js +120 -0
  444. package/dist/server/hono/hubspot-connect-routes/utils.js.map +1 -0
  445. package/dist/server/hono/index.js +4 -0
  446. package/dist/server/hono/types.d.ts +32 -0
  447. package/dist/server/hono/utils/cookie-utils.js +30 -0
  448. package/dist/server/hono/utils/cookie-utils.js.map +1 -0
  449. package/dist/server/hono/utils/cors-middleware.js +85 -0
  450. package/dist/server/hono/utils/cors-middleware.js.map +1 -0
  451. package/dist/server/import-app-keys.js +42 -0
  452. package/dist/server/import-app-keys.js.map +1 -0
  453. package/dist/server/lovable/create-app-function-start.d.ts +26 -0
  454. package/dist/server/lovable/create-app-function-start.js +28 -0
  455. package/dist/server/lovable/create-app-function-start.js.map +1 -0
  456. package/dist/server/lovable/hubspot-connect/index.d.ts +15 -0
  457. package/dist/server/lovable/hubspot-connect/index.js +20 -0
  458. package/dist/server/lovable/hubspot-connect/index.js.map +1 -0
  459. package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js +27 -0
  460. package/dist/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.js.map +1 -0
  461. package/dist/server/lovable.d.ts +6 -117
  462. package/dist/server/lovable.js +3 -1458
  463. package/dist/server/oauth.d.ts +6 -128
  464. package/dist/server/oauth.js +4 -1
  465. package/dist/server/proxy.js +68 -0
  466. package/dist/server/proxy.js.map +1 -0
  467. package/dist/server/sanitize-request.js +55 -0
  468. package/dist/server/sanitize-request.js.map +1 -0
  469. package/dist/server/secure-start-core.d.ts +23 -0
  470. package/dist/server/secure-start-core.js +27 -0
  471. package/dist/server/secure-start-core.js.map +1 -0
  472. package/dist/server/shared/constants.js +30 -0
  473. package/dist/server/shared/constants.js.map +1 -0
  474. package/dist/server/shared/encoding/base64.js +45 -0
  475. package/dist/server/shared/encoding/base64.js.map +1 -0
  476. package/dist/server/shared/encoding/sha256.d.ts +10 -0
  477. package/dist/server/shared/encoding/sha256.js +15 -0
  478. package/dist/server/shared/encoding/sha256.js.map +1 -0
  479. package/dist/server/shared/logger.d.ts +15 -0
  480. package/dist/server/shared/logger.js +16 -0
  481. package/dist/server/shared/logger.js.map +1 -0
  482. package/dist/server/{types-5gfN91Fq.d.ts → types.d.ts} +4 -4
  483. package/dist/server/utils/cookie-utils.js +21 -0
  484. package/dist/server/utils/cookie-utils.js.map +1 -0
  485. package/dist/server/utils/dpop-utils.d.ts +67 -0
  486. package/dist/server/utils/dpop-utils.js +75 -0
  487. package/dist/server/utils/dpop-utils.js.map +1 -0
  488. package/dist/server/utils/env-utils.js +107 -0
  489. package/dist/server/utils/env-utils.js.map +1 -0
  490. package/dist/server/utils/jwk-utils.d.ts +16 -0
  491. package/dist/server/utils/jwk-utils.js +24 -0
  492. package/dist/server/utils/jwk-utils.js.map +1 -0
  493. package/dist/server/utils/jwt-utils.d.ts +39 -0
  494. package/dist/server/utils/jwt-utils.js +87 -0
  495. package/dist/server/utils/jwt-utils.js.map +1 -0
  496. package/package.json +3 -3
  497. package/src/browser/app-connect-controller/connect-start.ts +1 -2
  498. package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.test.ts +17 -24
  499. package/src/server/hono/hubspot-connect-routes/load-hubspot-connect-routes-env.ts +8 -8
  500. package/src/server/lovable/hubspot-connect/run-hubspot-connect-lovable-server.ts +2 -3
  501. package/src/server/proxy.test.ts +1 -1
  502. package/src/server/proxy.ts +7 -4
  503. package/src/server/secure-start-core.ts +7 -6
  504. package/src/server/types.ts +2 -2
  505. package/src/server/utils/env-utils.test.ts +140 -12
  506. package/src/server/utils/env-utils.ts +80 -6
  507. package/tsdown.config.ts +1 -1
  508. package/dist/browser/create-hzqjIhmO.js.map +0 -1
  509. package/dist/server/api-client.js.map +0 -1
  510. package/dist/server/binary-data-BOalJzKu.js.map +0 -1
  511. package/dist/server/lovable.js.map +0 -1
  512. package/dist/server/sha256-B7y8GBFB.js +0 -228
  513. package/dist/server/sha256-B7y8GBFB.js.map +0 -1
@@ -0,0 +1,75 @@
1
+ import { base64urlDecode } from "../shared/encoding/base64.js";
2
+ import { getJwkThumbprint } from "./jwk-utils.js";
3
+ import { decodeAndVerifyJwt, encodeAndSignJwt } from "./jwt-utils.js";
4
+ //#region src/server/utils/dpop-utils.ts
5
+ function ecPublicJwkForDpopHeader(jwk) {
6
+ if (jwk.kty !== "EC" || jwk.crv !== "P-256" || typeof jwk.x !== "string" || typeof jwk.y !== "string") throw new Error("Expected P-256 EC public JWK");
7
+ return {
8
+ kty: "EC",
9
+ crv: "P-256",
10
+ x: jwk.x,
11
+ y: jwk.y
12
+ };
13
+ }
14
+ /**
15
+ * Mints a DPoP proof JWT (RFC 9449) signed with the app's private
16
+ * key. The header is set to `typ=dpop+jwt`, `alg=ES256`, and embeds
17
+ * the public JWK so the receiver can verify the signature without
18
+ * out-of-band key distribution.
19
+ */
20
+ async function signDpopProof(options) {
21
+ const { appKeys, claims } = options;
22
+ return encodeAndSignJwt({
23
+ header: {
24
+ alg: "ES256",
25
+ typ: "dpop+jwt",
26
+ jwk: ecPublicJwkForDpopHeader(appKeys.appPublicKeyJwk)
27
+ },
28
+ payload: claims,
29
+ privateKey: appKeys.appPrivateKey
30
+ });
31
+ }
32
+ /**
33
+ * Verifies a DPoP proof JWT and returns the embedded public JWK,
34
+ * its thumbprint, and the decoded claims.
35
+ *
36
+ * Enforces RFC 9449's required checks:
37
+ *
38
+ * - `typ=dpop+jwt`, `alg=ES256`, and a JWK in the header.
39
+ * - Signature is valid against the embedded JWK.
40
+ * - `htm`, `htu`, and (when supplied) `ath`/`sid` match.
41
+ * - `iat` is within ±5 minutes of "now".
42
+ *
43
+ * @throws {Error} If any of the above checks fail.
44
+ */
45
+ async function verifyDpopProof(options) {
46
+ const { proof, htm, htu, ath, sid } = options;
47
+ const parts = proof.split(".");
48
+ if (parts.length !== 3) throw new Error("Invalid DPoP proof format");
49
+ const encodedHeader = parts[0];
50
+ if (!encodedHeader) throw new Error("Missing DPoP header");
51
+ const header = JSON.parse(new TextDecoder().decode(base64urlDecode(encodedHeader)));
52
+ if (header.typ !== "dpop+jwt") throw new Error("Invalid DPoP typ header");
53
+ if (header.alg !== "ES256") throw new Error("Unsupported DPoP algorithm");
54
+ const publicKeyJwk = header.jwk;
55
+ if (!publicKeyJwk) throw new Error("Missing jwk in DPoP header");
56
+ const claims = await decodeAndVerifyJwt({
57
+ token: proof,
58
+ publicKeyJwk
59
+ });
60
+ if (claims.htm !== htm) throw new Error(`DPoP htm mismatch: expected ${htm}, got ${claims.htm}`);
61
+ if (claims.htu !== htu) throw new Error(`DPoP htu mismatch: expected ${htu}, got ${claims.htu}`);
62
+ if (ath !== void 0 && claims.ath !== ath) throw new Error("DPoP ath mismatch");
63
+ if (sid !== void 0 && claims.sid !== sid) throw new Error("DPoP sid mismatch");
64
+ const now = Math.floor(Date.now() / 1e3);
65
+ if (Math.abs(now - claims.iat) > 300) throw new Error("DPoP proof expired or too far in future");
66
+ return {
67
+ publicKeyJwk,
68
+ jkt: await getJwkThumbprint({ publicKeyJwk }),
69
+ claims
70
+ };
71
+ }
72
+ //#endregion
73
+ export { signDpopProof, verifyDpopProof };
74
+
75
+ //# sourceMappingURL=dpop-utils.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"dpop-utils.js","names":[],"sources":["../../../src/server/utils/dpop-utils.ts"],"sourcesContent":["import { type AppKeys } from '../types.ts';\nimport { base64urlDecode } from './base64-utils.ts';\nimport { getJwkThumbprint } from './jwk-utils.ts';\nimport { decodeAndVerifyJwt, encodeAndSignJwt } from './jwt-utils.ts';\n\n/**\n * Claims that go into a DPoP proof JWT (RFC 9449 §4.2). Extra\n * properties pass through to the encoder unchanged so callers can\n * include implementation-specific claims.\n */\nexport interface DpopClaims {\n /** HTTP method of the protected request, uppercase. */\n htm: string;\n /** Target URI of the protected request, fully-qualified. */\n htu: string;\n /** Unique proof identifier (RFC 9449 §4.2, recommended UUID). */\n jti: string;\n /** Issuance time, Unix epoch seconds. */\n iat: number;\n /**\n * Hash of the access token presented alongside this proof, if any\n * (RFC 9449 §4.2). Required for resource-server DPoP.\n */\n ath?: string;\n /**\n * App session ID hash. Custom HubSpot extension that lets the auth\n * server bind tokens to the browser session that minted them.\n */\n sid?: string;\n [key: string]: unknown;\n}\n\nfunction ecPublicJwkForDpopHeader(jwk: JsonWebKey): JsonWebKey {\n if (\n jwk.kty !== 'EC' ||\n jwk.crv !== 'P-256' ||\n typeof jwk.x !== 'string' ||\n typeof jwk.y !== 'string'\n ) {\n throw new Error('Expected P-256 EC public JWK');\n }\n return {\n kty: 'EC',\n crv: 'P-256',\n x: jwk.x,\n y: jwk.y,\n };\n}\n\nexport interface SignDpopProofOptions {\n /** App key material produced by `secureStart`. */\n appKeys: AppKeys;\n /** Claims to include in the DPoP proof. */\n claims: DpopClaims;\n}\n\n/**\n * Mints a DPoP proof JWT (RFC 9449) signed with the app's private\n * key. The header is set to `typ=dpop+jwt`, `alg=ES256`, and embeds\n * the public JWK so the receiver can verify the signature without\n * out-of-band key distribution.\n */\nexport async function signDpopProof(\n options: SignDpopProofOptions\n): Promise<string> {\n const { appKeys, claims } = options;\n const publicJwk = ecPublicJwkForDpopHeader(appKeys.appPublicKeyJwk);\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'dpop+jwt', jwk: publicJwk },\n payload: claims,\n privateKey: appKeys.appPrivateKey,\n });\n}\n\n/**\n * Result of a successful {@link verifyDpopProof} call.\n */\nexport interface VerifiedDpopProof {\n /** Public JWK extracted from the proof's header. */\n publicKeyJwk: JsonWebKey;\n /** RFC 7638 JWK thumbprint of `publicKeyJwk`. */\n jkt: string;\n /** Decoded claims from the proof's payload. */\n claims: DpopClaims;\n}\n\nexport interface VerifyDpopProofOptions {\n /** The compact-serialized DPoP proof. */\n proof: string;\n /** Expected HTTP method (RFC 9449 `htm` claim). */\n htm: string;\n /** Expected request URI (RFC 9449 `htu` claim). */\n htu: string;\n /** Expected access-token hash (RFC 9449 `ath` claim). */\n ath?: string;\n /** Expected app-session-ID hash (`sid` claim). */\n sid?: string;\n}\n\ninterface DpopProofHeader {\n typ?: string;\n alg?: string;\n jwk?: JsonWebKey;\n}\n\n/**\n * Verifies a DPoP proof JWT and returns the embedded public JWK,\n * its thumbprint, and the decoded claims.\n *\n * Enforces RFC 9449's required checks:\n *\n * - `typ=dpop+jwt`, `alg=ES256`, and a JWK in the header.\n * - Signature is valid against the embedded JWK.\n * - `htm`, `htu`, and (when supplied) `ath`/`sid` match.\n * - `iat` is within ±5 minutes of \"now\".\n *\n * @throws {Error} If any of the above checks fail.\n */\nexport async function verifyDpopProof(\n options: VerifyDpopProofOptions\n): Promise<VerifiedDpopProof> {\n const { proof, htm, htu, ath, sid } = options;\n const parts = proof.split('.');\n if (parts.length !== 3) throw new Error('Invalid DPoP proof format');\n\n const encodedHeader = parts[0];\n if (!encodedHeader) throw new Error('Missing DPoP header');\n\n const header = JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedHeader))\n ) as DpopProofHeader;\n\n if (header.typ !== 'dpop+jwt') throw new Error('Invalid DPoP typ header');\n if (header.alg !== 'ES256') throw new Error('Unsupported DPoP algorithm');\n const publicKeyJwk = header.jwk;\n if (!publicKeyJwk) throw new Error('Missing jwk in DPoP header');\n\n const payload = await decodeAndVerifyJwt({ token: proof, publicKeyJwk });\n const claims = payload as unknown as DpopClaims;\n\n if (claims.htm !== htm) {\n throw new Error(`DPoP htm mismatch: expected ${htm}, got ${claims.htm}`);\n }\n if (claims.htu !== htu) {\n throw new Error(`DPoP htu mismatch: expected ${htu}, got ${claims.htu}`);\n }\n if (ath !== undefined && claims.ath !== ath) {\n throw new Error('DPoP ath mismatch');\n }\n if (sid !== undefined && claims.sid !== sid) {\n throw new Error('DPoP sid mismatch');\n }\n\n const now = Math.floor(Date.now() / 1000);\n if (Math.abs(now - claims.iat) > 300) {\n throw new Error('DPoP proof expired or too far in future');\n }\n\n const jkt = await getJwkThumbprint({ publicKeyJwk });\n return { publicKeyJwk, jkt, claims };\n}\n"],"mappings":";;;;AAgCA,SAAS,yBAAyB,KAA6B;CAC7D,IACE,IAAI,QAAQ,QACZ,IAAI,QAAQ,WACZ,OAAO,IAAI,MAAM,YACjB,OAAO,IAAI,MAAM,UAEjB,MAAM,IAAI,MAAM,+BAA+B;CAEjD,OAAO;EACL,KAAK;EACL,KAAK;EACL,GAAG,IAAI;EACP,GAAG,IAAI;EACR;;;;;;;;AAgBH,eAAsB,cACpB,SACiB;CACjB,MAAM,EAAE,SAAS,WAAW;CAE5B,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;GAAY,KAFzB,yBAAyB,QAAQ,gBAEM;GAAE;EACzD,SAAS;EACT,YAAY,QAAQ;EACrB,CAAC;;;;;;;;;;;;;;;AA+CJ,eAAsB,gBACpB,SAC4B;CAC5B,MAAM,EAAE,OAAO,KAAK,KAAK,KAAK,QAAQ;CACtC,MAAM,QAAQ,MAAM,MAAM,IAAI;CAC9B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,4BAA4B;CAEpE,MAAM,gBAAgB,MAAM;CAC5B,IAAI,CAAC,eAAe,MAAM,IAAI,MAAM,sBAAsB;CAE1D,MAAM,SAAS,KAAK,MAClB,IAAI,aAAa,CAAC,OAAO,gBAAgB,cAAc,CAAC,CACzD;CAED,IAAI,OAAO,QAAQ,YAAY,MAAM,IAAI,MAAM,0BAA0B;CACzE,IAAI,OAAO,QAAQ,SAAS,MAAM,IAAI,MAAM,6BAA6B;CACzE,MAAM,eAAe,OAAO;CAC5B,IAAI,CAAC,cAAc,MAAM,IAAI,MAAM,6BAA6B;CAGhE,MAAM,SAAS,MADO,mBAAmB;EAAE,OAAO;EAAO;EAAc,CAAC;CAGxE,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,MAAM;CAE1E,IAAI,OAAO,QAAQ,KACjB,MAAM,IAAI,MAAM,+BAA+B,IAAI,QAAQ,OAAO,MAAM;CAE1E,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,oBAAoB;CAEtC,IAAI,QAAQ,KAAA,KAAa,OAAO,QAAQ,KACtC,MAAM,IAAI,MAAM,oBAAoB;CAGtC,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CACzC,IAAI,KAAK,IAAI,MAAM,OAAO,IAAI,GAAG,KAC/B,MAAM,IAAI,MAAM,0CAA0C;CAI5D,OAAO;EAAE;EAAc,KAAA,MADL,iBAAiB,EAAE,cAAc,CAAC;EACxB;EAAQ"}
@@ -0,0 +1,107 @@
1
+ //#region src/server/utils/env-utils.ts
2
+ const HUBSPOT_API_ORIGIN_DEFAULT = "https://api.hubapi.com";
3
+ const HUBSPOT_OAUTH_API_ORIGIN_DEFAULT = "https://api.hubapi.com";
4
+ const HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT = "https://app.hubspot.com/oauth/authorize";
5
+ /** Environment variable name for the app private key loaded by `secureStart`. */
6
+ const HUBSPOT_APP_PRIVATE_KEY_ENV = "HUBSPOT_APP_PRIVATE_KEY";
7
+ /**
8
+ * Reads an environment variable in a way that works under both Node
9
+ * (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when
10
+ * the variable is unset or when neither runtime is available.
11
+ */
12
+ function getEnv(key) {
13
+ const g = globalThis;
14
+ const proc = g.process;
15
+ if (proc?.env) return proc.env[key];
16
+ const deno = g.Deno;
17
+ if (deno !== void 0) return deno.env.get(key);
18
+ }
19
+ /**
20
+ * Reads an environment variable, returning `defaultValue` when it is
21
+ * unset or an empty string.
22
+ */
23
+ function getEnvWithDefault(key, defaultValue) {
24
+ const value = getEnv(key);
25
+ if (!value) return defaultValue;
26
+ return value;
27
+ }
28
+ /**
29
+ * Reads an environment variable and throws when it is missing or empty.
30
+ * Use for values the SDK cannot fall back on (e.g. upstream service
31
+ * URLs).
32
+ *
33
+ * @throws {Error} When the environment variable is unset or an empty
34
+ * string.
35
+ */
36
+ function requireEnv(key) {
37
+ const value = getEnv(key);
38
+ if (!value) throw new Error(`Missing required environment variable: ${key}`);
39
+ return value;
40
+ }
41
+ /**
42
+ * HubSpot API origin used by {@link createHubSpotProxy}. Defaults to
43
+ * `https://api.hubapi.com` when `HUBSPOT_API_ORIGIN` is unset.
44
+ */
45
+ function getHubSpotApiOrigin() {
46
+ return getEnvWithDefault("HUBSPOT_API_ORIGIN", HUBSPOT_API_ORIGIN_DEFAULT);
47
+ }
48
+ /**
49
+ * Full OAuth authorize URL for hubspot-connect routes. Defaults to
50
+ * `https://app.hubspot.com/oauth/authorize` when
51
+ * `HUBSPOT_AUTHORIZATION_ENDPOINT` is unset.
52
+ */
53
+ function getHubSpotAuthorizationEndpoint() {
54
+ return getEnvWithDefault("HUBSPOT_AUTHORIZATION_ENDPOINT", HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT);
55
+ }
56
+ /**
57
+ * HubSpot OAuth API origin (token, revoke, JWKS). Normalized to a URL
58
+ * origin. Defaults to `https://api.hubapi.com` when
59
+ * `HUBSPOT_OAUTH_API_ORIGIN` is unset.
60
+ */
61
+ function getHubSpotOAuthApiOrigin() {
62
+ return new URL(getEnvWithDefault("HUBSPOT_OAUTH_API_ORIGIN", HUBSPOT_OAUTH_API_ORIGIN_DEFAULT)).origin;
63
+ }
64
+ /**
65
+ * Static OAuth client ID. Required when CIMD is disabled.
66
+ *
67
+ * @throws {Error} When `HUBSPOT_CLIENT_ID` is unset or empty.
68
+ */
69
+ function requireHubSpotClientId() {
70
+ return requireEnv("HUBSPOT_CLIENT_ID");
71
+ }
72
+ /**
73
+ * Static OAuth client secret. Required when CIMD is disabled.
74
+ *
75
+ * @throws {Error} When `HUBSPOT_CLIENT_SECRET` is unset or empty.
76
+ */
77
+ function requireHubSpotClientSecret() {
78
+ return requireEnv("HUBSPOT_CLIENT_SECRET");
79
+ }
80
+ /**
81
+ * Whether outbound HubSpot OAuth and API calls should attach DPoP on
82
+ * the wire. Enabled only when `HUBSPOT_DPOP_ENABLED` is exactly the
83
+ * string `"true"` (unset or any other value keeps DPoP disabled).
84
+ */
85
+ function isHubspotDpopEnabled() {
86
+ return getEnv("HUBSPOT_DPOP_ENABLED") === "true";
87
+ }
88
+ /**
89
+ * Whether the SDK should use CIMD-style OAuth (client ID URL + JWT client
90
+ * assertion). Enabled only when `HUBSPOT_CIMD_ENABLED` is exactly the
91
+ * string `"true"` (unset or any other value keeps CIMD disabled).
92
+ */
93
+ function isHubspotCimdEnabled() {
94
+ return getEnv("HUBSPOT_CIMD_ENABLED") === "true";
95
+ }
96
+ /**
97
+ * Whether `HUBSPOT_APP_PRIVATE_KEY` must be set for `secureStart`. False
98
+ * when both CIMD and DPoP are disabled — the SDK then uses
99
+ * `client_secret` for OAuth and Bearer tokens only for API calls.
100
+ */
101
+ function isHubspotAppPrivateKeyRequired() {
102
+ return isHubspotCimdEnabled() || isHubspotDpopEnabled();
103
+ }
104
+ //#endregion
105
+ export { HUBSPOT_APP_PRIVATE_KEY_ENV, getHubSpotApiOrigin, getHubSpotAuthorizationEndpoint, getHubSpotOAuthApiOrigin, isHubspotAppPrivateKeyRequired, isHubspotCimdEnabled, isHubspotDpopEnabled, requireHubSpotClientId, requireHubSpotClientSecret };
106
+
107
+ //# sourceMappingURL=env-utils.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"env-utils.js","names":[],"sources":["../../../src/server/utils/env-utils.ts"],"sourcesContent":["interface GlobalWithOptionalEnv {\n process?: { env?: Record<string, string | undefined> };\n Deno?: { env: { get(name: string): string | undefined } };\n}\n\nconst HUBSPOT_API_ORIGIN_DEFAULT = 'https://api.hubapi.com';\n\nconst HUBSPOT_OAUTH_API_ORIGIN_DEFAULT = 'https://api.hubapi.com';\n\nconst HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT =\n 'https://app.hubspot.com/oauth/authorize';\n\n/** Environment variable name for the app private key loaded by `secureStart`. */\nexport const HUBSPOT_APP_PRIVATE_KEY_ENV = 'HUBSPOT_APP_PRIVATE_KEY';\n\n/**\n * Reads an environment variable in a way that works under both Node\n * (`process.env`) and Deno (`Deno.env.get`). Returns `undefined` when\n * the variable is unset or when neither runtime is available.\n */\nexport function getEnv(key: string): string | undefined {\n const g = globalThis as GlobalWithOptionalEnv;\n const proc = g.process;\n if (proc?.env) {\n return proc.env[key];\n }\n const deno = g.Deno;\n if (deno !== undefined) {\n return deno.env.get(key);\n }\n return undefined;\n}\n\n/**\n * Reads an environment variable, returning `defaultValue` when it is\n * unset or an empty string.\n */\nexport function getEnvWithDefault(key: string, defaultValue: string): string {\n const value = getEnv(key);\n if (!value) {\n return defaultValue;\n }\n return value;\n}\n\n/**\n * Reads an environment variable and throws when it is missing or empty.\n * Use for values the SDK cannot fall back on (e.g. upstream service\n * URLs).\n *\n * @throws {Error} When the environment variable is unset or an empty\n * string.\n */\nexport function requireEnv(key: string): string {\n const value = getEnv(key);\n if (!value) {\n throw new Error(`Missing required environment variable: ${key}`);\n }\n return value;\n}\n\n/**\n * HubSpot API origin used by {@link createHubSpotProxy}. Defaults to\n * `https://api.hubapi.com` when `HUBSPOT_API_ORIGIN` is unset.\n */\nexport function getHubSpotApiOrigin(): string {\n return getEnvWithDefault('HUBSPOT_API_ORIGIN', HUBSPOT_API_ORIGIN_DEFAULT);\n}\n\n/**\n * Full OAuth authorize URL for hubspot-connect routes. Defaults to\n * `https://app.hubspot.com/oauth/authorize` when\n * `HUBSPOT_AUTHORIZATION_ENDPOINT` is unset.\n */\nexport function getHubSpotAuthorizationEndpoint(): string {\n return getEnvWithDefault(\n 'HUBSPOT_AUTHORIZATION_ENDPOINT',\n HUBSPOT_AUTHORIZATION_ENDPOINT_DEFAULT\n );\n}\n\n/**\n * HubSpot OAuth API origin (token, revoke, JWKS). Normalized to a URL\n * origin. Defaults to `https://api.hubapi.com` when\n * `HUBSPOT_OAUTH_API_ORIGIN` is unset.\n */\nexport function getHubSpotOAuthApiOrigin(): string {\n return new URL(\n getEnvWithDefault(\n 'HUBSPOT_OAUTH_API_ORIGIN',\n HUBSPOT_OAUTH_API_ORIGIN_DEFAULT\n )\n ).origin;\n}\n\n/**\n * Static OAuth client ID. Required when CIMD is disabled.\n *\n * @throws {Error} When `HUBSPOT_CLIENT_ID` is unset or empty.\n */\nexport function requireHubSpotClientId(): string {\n return requireEnv('HUBSPOT_CLIENT_ID');\n}\n\n/**\n * Static OAuth client secret. Required when CIMD is disabled.\n *\n * @throws {Error} When `HUBSPOT_CLIENT_SECRET` is unset or empty.\n */\nexport function requireHubSpotClientSecret(): string {\n return requireEnv('HUBSPOT_CLIENT_SECRET');\n}\n\n/**\n * Whether outbound HubSpot OAuth and API calls should attach DPoP on\n * the wire. Enabled only when `HUBSPOT_DPOP_ENABLED` is exactly the\n * string `\"true\"` (unset or any other value keeps DPoP disabled).\n */\nexport function isHubspotDpopEnabled(): boolean {\n return getEnv('HUBSPOT_DPOP_ENABLED') === 'true';\n}\n\n/**\n * Whether the SDK should use CIMD-style OAuth (client ID URL + JWT client\n * assertion). Enabled only when `HUBSPOT_CIMD_ENABLED` is exactly the\n * string `\"true\"` (unset or any other value keeps CIMD disabled).\n */\nexport function isHubspotCimdEnabled(): boolean {\n return getEnv('HUBSPOT_CIMD_ENABLED') === 'true';\n}\n\n/**\n * Whether `HUBSPOT_APP_PRIVATE_KEY` must be set for `secureStart`. False\n * when both CIMD and DPoP are disabled — the SDK then uses\n * `client_secret` for OAuth and Bearer tokens only for API calls.\n */\nexport function isHubspotAppPrivateKeyRequired(): boolean {\n return isHubspotCimdEnabled() || isHubspotDpopEnabled();\n}\n"],"mappings":";AAKA,MAAM,6BAA6B;AAEnC,MAAM,mCAAmC;AAEzC,MAAM,yCACJ;;AAGF,MAAa,8BAA8B;;;;;;AAO3C,SAAgB,OAAO,KAAiC;CACtD,MAAM,IAAI;CACV,MAAM,OAAO,EAAE;CACf,IAAI,MAAM,KACR,OAAO,KAAK,IAAI;CAElB,MAAM,OAAO,EAAE;CACf,IAAI,SAAS,KAAA,GACX,OAAO,KAAK,IAAI,IAAI,IAAI;;;;;;AAS5B,SAAgB,kBAAkB,KAAa,cAA8B;CAC3E,MAAM,QAAQ,OAAO,IAAI;CACzB,IAAI,CAAC,OACH,OAAO;CAET,OAAO;;;;;;;;;;AAWT,SAAgB,WAAW,KAAqB;CAC9C,MAAM,QAAQ,OAAO,IAAI;CACzB,IAAI,CAAC,OACH,MAAM,IAAI,MAAM,0CAA0C,MAAM;CAElE,OAAO;;;;;;AAOT,SAAgB,sBAA8B;CAC5C,OAAO,kBAAkB,sBAAsB,2BAA2B;;;;;;;AAQ5E,SAAgB,kCAA0C;CACxD,OAAO,kBACL,kCACA,uCACD;;;;;;;AAQH,SAAgB,2BAAmC;CACjD,OAAO,IAAI,IACT,kBACE,4BACA,iCACD,CACF,CAAC;;;;;;;AAQJ,SAAgB,yBAAiC;CAC/C,OAAO,WAAW,oBAAoB;;;;;;;AAQxC,SAAgB,6BAAqC;CACnD,OAAO,WAAW,wBAAwB;;;;;;;AAQ5C,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,uBAAuB,KAAK;;;;;;;AAQ5C,SAAgB,uBAAgC;CAC9C,OAAO,OAAO,uBAAuB,KAAK;;;;;;;AAQ5C,SAAgB,iCAA0C;CACxD,OAAO,sBAAsB,IAAI,sBAAsB"}
@@ -0,0 +1,16 @@
1
+ //#region src/server/utils/jwk-utils.d.ts
2
+ interface GetJwkThumbprintOptions {
3
+ /** EC P-256 public JWK whose thumbprint to compute. */
4
+ publicKeyJwk: JsonWebKey;
5
+ }
6
+ /**
7
+ * Computes the RFC 7638 JWK thumbprint of an EC P-256 public JWK.
8
+ * Per §3.2 the canonical form contains only `crv`, `kty`, `x`, `y`,
9
+ * sorted lexicographically — no whitespace, no other members. The
10
+ * SHA-256 of this canonical UTF-8 JSON, base64url-encoded, is the
11
+ * stable identifier (`jkt`) DPoP uses to bind tokens to public keys.
12
+ */
13
+ declare function getJwkThumbprint(options: GetJwkThumbprintOptions): Promise<string>;
14
+ //#endregion
15
+ export { getJwkThumbprint };
16
+ //# sourceMappingURL=jwk-utils.d.ts.map
@@ -0,0 +1,24 @@
1
+ import { base64url } from "../shared/encoding/base64.js";
2
+ //#region src/server/utils/jwk-utils.ts
3
+ /**
4
+ * Computes the RFC 7638 JWK thumbprint of an EC P-256 public JWK.
5
+ * Per §3.2 the canonical form contains only `crv`, `kty`, `x`, `y`,
6
+ * sorted lexicographically — no whitespace, no other members. The
7
+ * SHA-256 of this canonical UTF-8 JSON, base64url-encoded, is the
8
+ * stable identifier (`jkt`) DPoP uses to bind tokens to public keys.
9
+ */
10
+ async function getJwkThumbprint(options) {
11
+ const { publicKeyJwk } = options;
12
+ const canonical = JSON.stringify({
13
+ crv: publicKeyJwk.crv,
14
+ kty: publicKeyJwk.kty,
15
+ x: publicKeyJwk.x,
16
+ y: publicKeyJwk.y
17
+ });
18
+ const digest = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(canonical));
19
+ return base64url(new Uint8Array(digest));
20
+ }
21
+ //#endregion
22
+ export { getJwkThumbprint };
23
+
24
+ //# sourceMappingURL=jwk-utils.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"jwk-utils.js","names":[],"sources":["../../../src/server/utils/jwk-utils.ts"],"sourcesContent":["import { base64url } from './base64-utils.ts';\n\nexport interface GetJwkThumbprintOptions {\n /** EC P-256 public JWK whose thumbprint to compute. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Computes the RFC 7638 JWK thumbprint of an EC P-256 public JWK.\n * Per §3.2 the canonical form contains only `crv`, `kty`, `x`, `y`,\n * sorted lexicographically — no whitespace, no other members. The\n * SHA-256 of this canonical UTF-8 JSON, base64url-encoded, is the\n * stable identifier (`jkt`) DPoP uses to bind tokens to public keys.\n */\nexport async function getJwkThumbprint(\n options: GetJwkThumbprintOptions\n): Promise<string> {\n const { publicKeyJwk } = options;\n const canonical = JSON.stringify({\n crv: publicKeyJwk.crv,\n kty: publicKeyJwk.kty,\n x: publicKeyJwk.x,\n y: publicKeyJwk.y,\n });\n const digest = await crypto.subtle.digest(\n 'SHA-256',\n new TextEncoder().encode(canonical)\n );\n return base64url(new Uint8Array(digest));\n}\n"],"mappings":";;;;;;;;;AAcA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,iBAAiB;CACzB,MAAM,YAAY,KAAK,UAAU;EAC/B,KAAK,aAAa;EAClB,KAAK,aAAa;EAClB,GAAG,aAAa;EAChB,GAAG,aAAa;EACjB,CAAC;CACF,MAAM,SAAS,MAAM,OAAO,OAAO,OACjC,WACA,IAAI,aAAa,CAAC,OAAO,UAAU,CACpC;CACD,OAAO,UAAU,IAAI,WAAW,OAAO,CAAC"}
@@ -0,0 +1,39 @@
1
+ //#region src/server/utils/jwt-utils.d.ts
2
+ interface VerifyJwtOptions {
3
+ /** Compact-serialized JWT to verify. */
4
+ token: string;
5
+ /** Public key in JWK form. Caller is responsible for trusting it. */
6
+ publicKeyJwk: JsonWebKey;
7
+ }
8
+ /**
9
+ * Verifies signature and (if present) `exp` (RFC 7519 §4.1.4) on a
10
+ * JWT and returns its payload.
11
+ *
12
+ * @throws {Error} When the signature fails or when `exp` has passed.
13
+ */
14
+ declare function verifyJwt(options: VerifyJwtOptions): Promise<Record<string, unknown>>;
15
+ interface SignJwtOptions {
16
+ /** ES256 private key as a non-extractable WebCrypto key. */
17
+ privateKey: CryptoKey;
18
+ /**
19
+ * Custom claims merged onto an `iat` claim (and `exp` when
20
+ * `ttlSeconds` is supplied). Caller-provided keys override the
21
+ * standard ones.
22
+ */
23
+ payload: Record<string, unknown>;
24
+ /**
25
+ * Lifetime of the token in seconds. When set, the JWT's `exp` claim
26
+ * is computed as `iat + ttlSeconds`. When omitted, no `exp` is added
27
+ * (the caller is responsible for one if needed).
28
+ */
29
+ ttlSeconds?: number;
30
+ }
31
+ /**
32
+ * Signs a JWT (RFC 7519) with `alg=ES256, typ=JWT` and returns the
33
+ * compact serialization. Always sets `iat` to the current second; the
34
+ * caller controls every other claim via `payload`.
35
+ */
36
+ declare function signJwt(options: SignJwtOptions): Promise<string>;
37
+ //#endregion
38
+ export { signJwt, verifyJwt };
39
+ //# sourceMappingURL=jwt-utils.d.ts.map
@@ -0,0 +1,87 @@
1
+ import { base64url, base64urlDecode } from "../shared/encoding/base64.js";
2
+ //#region src/server/utils/jwt-utils.ts
3
+ /**
4
+ * Low-level helper that encodes a JWS Compact Serialization JWT
5
+ * (RFC 7519) and signs it with the supplied `privateKey` using
6
+ * ES256 (P-256 + SHA-256). Returns the three-segment compact form.
7
+ */
8
+ async function encodeAndSignJwt(options) {
9
+ const { header, payload, privateKey } = options;
10
+ const signingInput = `${base64url(new TextEncoder().encode(JSON.stringify(header)))}.${base64url(new TextEncoder().encode(JSON.stringify(payload)))}`;
11
+ const signatureBuffer = await crypto.subtle.sign({
12
+ name: "ECDSA",
13
+ hash: "SHA-256"
14
+ }, privateKey, new TextEncoder().encode(signingInput));
15
+ return `${signingInput}.${base64url(new Uint8Array(signatureBuffer))}`;
16
+ }
17
+ async function importPublicKey(jwk) {
18
+ return crypto.subtle.importKey("jwk", jwk, {
19
+ name: "ECDSA",
20
+ namedCurve: "P-256"
21
+ }, false, ["verify"]);
22
+ }
23
+ /**
24
+ * Verifies the ES256 signature on `token` against `publicKeyJwk` and
25
+ * returns the decoded payload. Does not check `exp` — use
26
+ * {@link verifyJwt} when expiry enforcement is desired.
27
+ *
28
+ * @throws {Error} When the token isn't three segments, when the
29
+ * signature fails verification, or when the payload isn't valid
30
+ * JSON.
31
+ */
32
+ async function decodeAndVerifyJwt(options) {
33
+ const { token, publicKeyJwk } = options;
34
+ const parts = token.split(".");
35
+ if (parts.length !== 3) throw new Error("Invalid JWT format");
36
+ const [encodedHeader, encodedPayload, encodedSignature] = parts;
37
+ const publicKey = await importPublicKey(publicKeyJwk);
38
+ if (!await crypto.subtle.verify({
39
+ name: "ECDSA",
40
+ hash: "SHA-256"
41
+ }, publicKey, base64urlDecode(encodedSignature), new TextEncoder().encode(`${encodedHeader}.${encodedPayload}`))) throw new Error("JWT signature verification failed");
42
+ return JSON.parse(new TextDecoder().decode(base64urlDecode(encodedPayload)));
43
+ }
44
+ /**
45
+ * Verifies signature and (if present) `exp` (RFC 7519 §4.1.4) on a
46
+ * JWT and returns its payload.
47
+ *
48
+ * @throws {Error} When the signature fails or when `exp` has passed.
49
+ */
50
+ async function verifyJwt(options) {
51
+ const { token, publicKeyJwk } = options;
52
+ const payload = await decodeAndVerifyJwt({
53
+ token,
54
+ publicKeyJwk
55
+ });
56
+ const now = Math.floor(Date.now() / 1e3);
57
+ if (typeof payload["exp"] === "number" && payload["exp"] < now) throw new Error("JWT expired");
58
+ return payload;
59
+ }
60
+ /**
61
+ * Signs a JWT (RFC 7519) with `alg=ES256, typ=JWT` and returns the
62
+ * compact serialization. Always sets `iat` to the current second; the
63
+ * caller controls every other claim via `payload`.
64
+ */
65
+ async function signJwt(options) {
66
+ const { privateKey, payload, ttlSeconds } = options;
67
+ const now = Math.floor(Date.now() / 1e3);
68
+ return encodeAndSignJwt({
69
+ header: {
70
+ alg: "ES256",
71
+ typ: "JWT"
72
+ },
73
+ payload: ttlSeconds !== void 0 ? {
74
+ iat: now,
75
+ exp: now + ttlSeconds,
76
+ ...payload
77
+ } : {
78
+ iat: now,
79
+ ...payload
80
+ },
81
+ privateKey
82
+ });
83
+ }
84
+ //#endregion
85
+ export { decodeAndVerifyJwt, encodeAndSignJwt, signJwt, verifyJwt };
86
+
87
+ //# sourceMappingURL=jwt-utils.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"jwt-utils.js","names":[],"sources":["../../../src/server/utils/jwt-utils.ts"],"sourcesContent":["import { base64url, base64urlDecode } from './base64-utils.ts';\n\ninterface EncodeAndSignJwtOptions {\n header: Record<string, unknown>;\n payload: Record<string, unknown>;\n privateKey: CryptoKey;\n}\n\n/**\n * Low-level helper that encodes a JWS Compact Serialization JWT\n * (RFC 7519) and signs it with the supplied `privateKey` using\n * ES256 (P-256 + SHA-256). Returns the three-segment compact form.\n */\nexport async function encodeAndSignJwt(\n options: EncodeAndSignJwtOptions\n): Promise<string> {\n const { header, payload, privateKey } = options;\n\n const encodedHeader = base64url(\n new TextEncoder().encode(JSON.stringify(header))\n );\n const encodedPayload = base64url(\n new TextEncoder().encode(JSON.stringify(payload))\n );\n const signingInput = `${encodedHeader}.${encodedPayload}`;\n const signatureBuffer = await crypto.subtle.sign(\n { name: 'ECDSA', hash: 'SHA-256' },\n privateKey,\n new TextEncoder().encode(signingInput)\n );\n return `${signingInput}.${base64url(new Uint8Array(signatureBuffer))}`;\n}\n\nasync function importPublicKey(jwk: JsonWebKey): Promise<CryptoKey> {\n return crypto.subtle.importKey(\n 'jwk',\n jwk,\n { name: 'ECDSA', namedCurve: 'P-256' },\n false,\n ['verify']\n );\n}\n\ninterface DecodeAndVerifyJwtOptions {\n token: string;\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies the ES256 signature on `token` against `publicKeyJwk` and\n * returns the decoded payload. Does not check `exp` — use\n * {@link verifyJwt} when expiry enforcement is desired.\n *\n * @throws {Error} When the token isn't three segments, when the\n * signature fails verification, or when the payload isn't valid\n * JSON.\n */\nexport async function decodeAndVerifyJwt(\n options: DecodeAndVerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const parts = token.split('.');\n if (parts.length !== 3) throw new Error('Invalid JWT format');\n const [encodedHeader, encodedPayload, encodedSignature] = parts as [\n string,\n string,\n string,\n ];\n const publicKey = await importPublicKey(publicKeyJwk);\n const valid = await crypto.subtle.verify(\n { name: 'ECDSA', hash: 'SHA-256' },\n publicKey,\n base64urlDecode(encodedSignature),\n new TextEncoder().encode(`${encodedHeader}.${encodedPayload}`)\n );\n if (!valid) throw new Error('JWT signature verification failed');\n return JSON.parse(\n new TextDecoder().decode(base64urlDecode(encodedPayload))\n ) as Record<string, unknown>;\n}\n\nexport interface VerifyJwtOptions {\n /** Compact-serialized JWT to verify. */\n token: string;\n /** Public key in JWK form. Caller is responsible for trusting it. */\n publicKeyJwk: JsonWebKey;\n}\n\n/**\n * Verifies signature and (if present) `exp` (RFC 7519 §4.1.4) on a\n * JWT and returns its payload.\n *\n * @throws {Error} When the signature fails or when `exp` has passed.\n */\nexport async function verifyJwt(\n options: VerifyJwtOptions\n): Promise<Record<string, unknown>> {\n const { token, publicKeyJwk } = options;\n const payload = await decodeAndVerifyJwt({ token, publicKeyJwk });\n const now = Math.floor(Date.now() / 1000);\n if (typeof payload['exp'] === 'number' && payload['exp'] < now) {\n throw new Error('JWT expired');\n }\n return payload;\n}\n\nexport interface SignJwtOptions {\n /** ES256 private key as a non-extractable WebCrypto key. */\n privateKey: CryptoKey;\n /**\n * Custom claims merged onto an `iat` claim (and `exp` when\n * `ttlSeconds` is supplied). Caller-provided keys override the\n * standard ones.\n */\n payload: Record<string, unknown>;\n /**\n * Lifetime of the token in seconds. When set, the JWT's `exp` claim\n * is computed as `iat + ttlSeconds`. When omitted, no `exp` is added\n * (the caller is responsible for one if needed).\n */\n ttlSeconds?: number;\n}\n\n/**\n * Signs a JWT (RFC 7519) with `alg=ES256, typ=JWT` and returns the\n * compact serialization. Always sets `iat` to the current second; the\n * caller controls every other claim via `payload`.\n */\nexport async function signJwt(options: SignJwtOptions): Promise<string> {\n const { privateKey, payload, ttlSeconds } = options;\n const now = Math.floor(Date.now() / 1000);\n const payloadWithStandardClaims =\n ttlSeconds !== undefined\n ? { iat: now, exp: now + ttlSeconds, ...payload }\n : { iat: now, ...payload };\n return encodeAndSignJwt({\n header: { alg: 'ES256', typ: 'JWT' },\n payload: payloadWithStandardClaims,\n privateKey,\n });\n}\n"],"mappings":";;;;;;;AAaA,eAAsB,iBACpB,SACiB;CACjB,MAAM,EAAE,QAAQ,SAAS,eAAe;CAQxC,MAAM,eAAe,GANC,UACpB,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,OAAO,CAAC,CAKb,CAAC,GAHf,UACrB,IAAI,aAAa,CAAC,OAAO,KAAK,UAAU,QAAQ,CAAC,CAEI;CACvD,MAAM,kBAAkB,MAAM,OAAO,OAAO,KAC1C;EAAE,MAAM;EAAS,MAAM;EAAW,EAClC,YACA,IAAI,aAAa,CAAC,OAAO,aAAa,CACvC;CACD,OAAO,GAAG,aAAa,GAAG,UAAU,IAAI,WAAW,gBAAgB,CAAC;;AAGtE,eAAe,gBAAgB,KAAqC;CAClE,OAAO,OAAO,OAAO,UACnB,OACA,KACA;EAAE,MAAM;EAAS,YAAY;EAAS,EACtC,OACA,CAAC,SAAS,CACX;;;;;;;;;;;AAiBH,eAAsB,mBACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,QAAQ,MAAM,MAAM,IAAI;CAC9B,IAAI,MAAM,WAAW,GAAG,MAAM,IAAI,MAAM,qBAAqB;CAC7D,MAAM,CAAC,eAAe,gBAAgB,oBAAoB;CAK1D,MAAM,YAAY,MAAM,gBAAgB,aAAa;CAOrD,IAAI,CAAC,MANe,OAAO,OAAO,OAChC;EAAE,MAAM;EAAS,MAAM;EAAW,EAClC,WACA,gBAAgB,iBAAiB,EACjC,IAAI,aAAa,CAAC,OAAO,GAAG,cAAc,GAAG,iBAAiB,CAC/D,EACW,MAAM,IAAI,MAAM,oCAAoC;CAChE,OAAO,KAAK,MACV,IAAI,aAAa,CAAC,OAAO,gBAAgB,eAAe,CAAC,CAC1D;;;;;;;;AAgBH,eAAsB,UACpB,SACkC;CAClC,MAAM,EAAE,OAAO,iBAAiB;CAChC,MAAM,UAAU,MAAM,mBAAmB;EAAE;EAAO;EAAc,CAAC;CACjE,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CACzC,IAAI,OAAO,QAAQ,WAAW,YAAY,QAAQ,SAAS,KACzD,MAAM,IAAI,MAAM,cAAc;CAEhC,OAAO;;;;;;;AAyBT,eAAsB,QAAQ,SAA0C;CACtE,MAAM,EAAE,YAAY,SAAS,eAAe;CAC5C,MAAM,MAAM,KAAK,MAAM,KAAK,KAAK,GAAG,IAAK;CAKzC,OAAO,iBAAiB;EACtB,QAAQ;GAAE,KAAK;GAAS,KAAK;GAAO;EACpC,SALA,eAAe,KAAA,IACX;GAAE,KAAK;GAAK,KAAK,MAAM;GAAY,GAAG;GAAS,GAC/C;GAAE,KAAK;GAAK,GAAG;GAAS;EAI5B;EACD,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@hubspot/app-connect-sdk",
3
- "version": "1.0.0-alpha.4",
3
+ "version": "1.0.0-alpha.7",
4
4
  "description": "HubSpot App Connect SDK (alpha release). Documentation and integration guidance forthcoming.",
5
5
  "type": "module",
6
6
  "exports": {
@@ -45,8 +45,8 @@
45
45
  "typescript": "6.0.3",
46
46
  "vitest": "4.0.18",
47
47
  "@private/eslint-config": "0.1.0",
48
- "@private/tsconfig": "0.1.0",
49
- "@private/prettier-config": "0.1.0"
48
+ "@private/prettier-config": "0.1.0",
49
+ "@private/tsconfig": "0.1.0"
50
50
  },
51
51
  "scripts": {
52
52
  "clean": "rm -rf dist build *.tsbuildinfo node_modules .turbo",
@@ -41,6 +41,5 @@ export async function startHubSpotConnection(
41
41
 
42
42
  await delay(ARTIFICIAL_CONNECT_REDIRECT_DELAY_MS);
43
43
 
44
- console.log('authorizationUrl', authorizationUrl);
45
- // window.location.href = authorizationUrl;
44
+ window.location.href = authorizationUrl;
46
45
  }
@@ -1,5 +1,9 @@
1
1
  import { afterEach, describe, expect, it, vi } from 'vitest';
2
2
 
3
+ import {
4
+ getHubSpotAuthorizationEndpoint,
5
+ getHubSpotOAuthApiOrigin,
6
+ } from '../../utils/env-utils.ts';
3
7
  import { loadHubSpotConnectRoutesEnv } from './load-hubspot-connect-routes-env.ts';
4
8
 
5
9
  const HUBSPOT_AUTHORIZATION_ENDPOINT_EXAMPLE =
@@ -19,29 +23,16 @@ describe('loadHubSpotConnectRoutesEnv', () => {
19
23
  vi.unstubAllEnvs();
20
24
  });
21
25
 
22
- it('throws when HUBSPOT_AUTHORIZATION_ENDPOINT is missing', () => {
23
- vi.stubEnv('HUBSPOT_OAUTH_API_ORIGIN', HUBSPOT_OAUTH_API_ORIGIN_EXAMPLE);
26
+ it('uses production URL defaults when OAuth endpoint vars are unset', () => {
24
27
  vi.stubEnv('HUBSPOT_CIMD_ENABLED', 'false');
25
28
  vi.stubEnv('HUBSPOT_DPOP_ENABLED', 'false');
26
- vi.stubEnv('HUBSPOT_CLIENT_ID', 'cid');
27
- vi.stubEnv('HUBSPOT_CLIENT_SECRET', 'sec');
28
- expect(() => loadHubSpotConnectRoutesEnv()).toThrow(
29
- 'Missing required environment variable: HUBSPOT_AUTHORIZATION_ENDPOINT'
30
- );
31
- });
32
-
33
- it('throws when HUBSPOT_OAUTH_API_ORIGIN is missing', () => {
34
- vi.stubEnv(
35
- 'HUBSPOT_AUTHORIZATION_ENDPOINT',
36
- HUBSPOT_AUTHORIZATION_ENDPOINT_EXAMPLE
37
- );
38
- vi.stubEnv('HUBSPOT_CIMD_ENABLED', 'false');
39
- vi.stubEnv('HUBSPOT_DPOP_ENABLED', 'false');
40
- vi.stubEnv('HUBSPOT_CLIENT_ID', 'cid');
41
- vi.stubEnv('HUBSPOT_CLIENT_SECRET', 'sec');
42
- expect(() => loadHubSpotConnectRoutesEnv()).toThrow(
43
- 'Missing required environment variable: HUBSPOT_OAUTH_API_ORIGIN'
29
+ vi.stubEnv('HUBSPOT_CLIENT_ID', 'my-id');
30
+ vi.stubEnv('HUBSPOT_CLIENT_SECRET', 'my-secret');
31
+ const env = loadHubSpotConnectRoutesEnv();
32
+ expect(env.hubspotAuthorizationEndpoint).toBe(
33
+ getHubSpotAuthorizationEndpoint()
44
34
  );
35
+ expect(env.hubspotOAuthApiOrigin).toBe(getHubSpotOAuthApiOrigin());
45
36
  });
46
37
 
47
38
  it('throws when CIMD is disabled and HUBSPOT_CLIENT_ID is missing', () => {
@@ -120,12 +111,14 @@ describe('loadHubSpotConnectRoutesEnv', () => {
120
111
  expect(loadHubSpotConnectRoutesEnv().isAppPrivateKeyRequired).toBe(true);
121
112
  });
122
113
 
123
- it('sets isAppPrivateKeyRequired true when both are enabled by default', () => {
114
+ it('sets CIMD and DPoP disabled when both flags are unset', () => {
124
115
  stubHubSpotOAuthEndpoints();
116
+ vi.stubEnv('HUBSPOT_CLIENT_ID', 'id');
117
+ vi.stubEnv('HUBSPOT_CLIENT_SECRET', 'sec');
125
118
  const env = loadHubSpotConnectRoutesEnv();
126
- expect(env.isCimdEnabled).toBe(true);
127
- expect(env.isDpopEnabled).toBe(true);
128
- expect(env.isAppPrivateKeyRequired).toBe(true);
119
+ expect(env.isCimdEnabled).toBe(false);
120
+ expect(env.isDpopEnabled).toBe(false);
121
+ expect(env.isAppPrivateKeyRequired).toBe(false);
129
122
  });
130
123
 
131
124
  it('normalizes HUBSPOT_OAUTH_API_ORIGIN to an origin URL', () => {
@@ -1,7 +1,10 @@
1
1
  import {
2
+ getHubSpotAuthorizationEndpoint,
3
+ getHubSpotOAuthApiOrigin,
2
4
  isHubspotCimdEnabled,
3
5
  isHubspotDpopEnabled,
4
- requireEnv,
6
+ requireHubSpotClientId,
7
+ requireHubSpotClientSecret,
5
8
  } from '../../utils/env-utils.ts';
6
9
 
7
10
  /**
@@ -36,11 +39,8 @@ export interface HubSpotConnectRoutesEnvClientSecret {
36
39
  * {@link registerHubSpotConnectRoutes}.
37
40
  */
38
41
  export function loadHubSpotConnectRoutesEnv(): HubSpotConnectRoutesEnv {
39
- const hubspotAuthorizationEndpoint = requireEnv(
40
- 'HUBSPOT_AUTHORIZATION_ENDPOINT'
41
- );
42
- const hubspotOAuthApiOrigin = new URL(requireEnv('HUBSPOT_OAUTH_API_ORIGIN'))
43
- .origin;
42
+ const hubspotAuthorizationEndpoint = getHubSpotAuthorizationEndpoint();
43
+ const hubspotOAuthApiOrigin = getHubSpotOAuthApiOrigin();
44
44
  const isCimdEnabled = isHubspotCimdEnabled();
45
45
  const isDpopEnabled = isHubspotDpopEnabled();
46
46
  const isAppPrivateKeyRequired = isCimdEnabled || isDpopEnabled;
@@ -61,7 +61,7 @@ export function loadHubSpotConnectRoutesEnv(): HubSpotConnectRoutesEnv {
61
61
  isCimdEnabled: false,
62
62
  isDpopEnabled,
63
63
  isAppPrivateKeyRequired,
64
- hubspotClientId: requireEnv('HUBSPOT_CLIENT_ID'),
65
- hubspotClientSecret: requireEnv('HUBSPOT_CLIENT_SECRET'),
64
+ hubspotClientId: requireHubSpotClientId(),
65
+ hubspotClientSecret: requireHubSpotClientSecret(),
66
66
  };
67
67
  }
@@ -21,7 +21,7 @@ export function runHubSpotConnectLovableServer(
21
21
  ): Promise<void> {
22
22
  const { appKeys, cimdClientMetadata } = options;
23
23
  const hubspotConnectEnv = loadHubSpotConnectRoutesEnv();
24
- const result = Deno.serve(serveOptions, (request) => {
24
+ const server = Deno.serve(serveOptions, (request) => {
25
25
  const app = new Hono();
26
26
 
27
27
  registerHubSpotConnectRoutes({
@@ -35,6 +35,5 @@ export function runHubSpotConnectLovableServer(
35
35
  return app.fetch(request);
36
36
  });
37
37
 
38
- console.log(`[hubspot-connect] Listening on ${result.addr.port}`);
39
- return Promise.resolve();
38
+ return server.finished;
40
39
  }
@@ -35,7 +35,7 @@ describe('createHubSpotProxy', () => {
35
35
  appKeys: null,
36
36
  })
37
37
  ).toThrow(
38
- 'createHubSpotProxy: appKeys is required when HUBSPOT_DPOP_ENABLED is not false'
38
+ 'createHubSpotProxy: appKeys is required when HUBSPOT_DPOP_ENABLED is true'
39
39
  );
40
40
  });
41
41
 
@@ -7,9 +7,12 @@ import {
7
7
  } from './types.ts';
8
8
  import { sha256base64url } from './utils/crypto-utils.ts';
9
9
  import { signDpopProof } from './utils/dpop-utils.ts';
10
- import { isHubspotDpopEnabled, requireEnv } from './utils/env-utils.ts';
10
+ import {
11
+ getHubSpotApiOrigin,
12
+ isHubspotDpopEnabled,
13
+ } from './utils/env-utils.ts';
11
14
 
12
- const HUBSPOT_API_ORIGIN = requireEnv('HUBSPOT_API_ORIGIN');
15
+ const hubSpotApiOrigin = getHubSpotApiOrigin();
13
16
 
14
17
  /**
15
18
  * Options accepted by {@link createHubSpotProxy}.
@@ -51,7 +54,7 @@ export function createHubSpotProxy(
51
54
 
52
55
  if (isHubspotDpopEnabled() && appKeys === null) {
53
56
  throw new Error(
54
- 'createHubSpotProxy: appKeys is required when HUBSPOT_DPOP_ENABLED is not false'
57
+ 'createHubSpotProxy: appKeys is required when HUBSPOT_DPOP_ENABLED is true'
55
58
  );
56
59
  }
57
60
 
@@ -67,7 +70,7 @@ export function createHubSpotProxy(
67
70
  async function proxyFetch(request: HubSpotProxyRequest): Promise<Response> {
68
71
  const { path, method = 'GET', headers = EMPTY_HEADERS, body } = request;
69
72
 
70
- const targetUrl = `${HUBSPOT_API_ORIGIN}${path}`;
73
+ const targetUrl = `${hubSpotApiOrigin}${path}`;
71
74
  const useDpop = isHubspotDpopEnabled();
72
75
 
73
76
  let authorizationHeaders: Record<string, string>;
@@ -1,6 +1,9 @@
1
1
  import { importAppKeys } from './import-app-keys.ts';
2
2
  import type { AppKeys } from './types.ts';
3
- import { isHubspotAppPrivateKeyRequired } from './utils/env-utils.ts';
3
+ import {
4
+ HUBSPOT_APP_PRIVATE_KEY_ENV,
5
+ isHubspotAppPrivateKeyRequired,
6
+ } from './utils/env-utils.ts';
4
7
 
5
8
  /**
6
9
  * Context passed to a function-style entrypoint loaded by `runSecureStart`.
@@ -36,8 +39,6 @@ export interface SecureStartAdapter {
36
39
  exit: (code: number) => never;
37
40
  }
38
41
 
39
- const APP_PRIVATE_KEY_ENV = 'HUBSPOT_APP_PRIVATE_KEY';
40
-
41
42
  /**
42
43
  * Loads `HUBSPOT_APP_PRIVATE_KEY` when CIMD or DPoP is enabled, deletes
43
44
  * it from the environment so later code cannot re-read it, imports the
@@ -51,12 +52,12 @@ export async function runSecureStart(
51
52
  ): Promise<void> {
52
53
  let appKeys: AppKeys | null = null;
53
54
  if (isHubspotAppPrivateKeyRequired()) {
54
- const envKey = adapter.readEnv(APP_PRIVATE_KEY_ENV)?.trim();
55
+ const envKey = adapter.readEnv(HUBSPOT_APP_PRIVATE_KEY_ENV)?.trim();
55
56
  if (!envKey) {
56
- throw new Error(`${APP_PRIVATE_KEY_ENV} is not set`);
57
+ throw new Error(`${HUBSPOT_APP_PRIVATE_KEY_ENV} is not set`);
57
58
  }
58
59
  appKeys = await importAppKeys(envKey);
59
- adapter.deleteEnv(APP_PRIVATE_KEY_ENV);
60
+ adapter.deleteEnv(HUBSPOT_APP_PRIVATE_KEY_ENV);
60
61
  }
61
62
 
62
63
  const exports = await loader();
@@ -21,8 +21,8 @@ export interface HubSpotProxyRequest {
21
21
  method?: string;
22
22
  /**
23
23
  * Extra request headers. The proxy adds `Authorization` itself
24
- * (`DPoP` access token plus `DPoP` proof when `HUBSPOT_DPOP_ENABLED` is
25
- * not `"false"` and `appKeys` is non-null; otherwise `Bearer` only).
24
+ * (`DPoP` access token plus `DPoP` proof when DPoP is enabled and
25
+ * `appKeys` is non-null; otherwise `Bearer` only).
26
26
  */
27
27
  headers?: Record<string, string>;
28
28
  /** Optional request body. Pass `null`/`undefined` for empty bodies. */