feat: add hubspot provider

guilherme-codes · web-flow · commit 1a79baf217ef · 2024-12-13T12:21:29.000+01:00
* feat: add hubspot to the docs

* feat: add hubspot to playground

* feat: add hubspot module config

* feat: add hubspot to runtime config

* feat: add auth handle

* fix: provider name

* feat: add types

* fix: scope

* fix: use spaces for scopes separation
diff --git a/README.md b/README.md
@@ -214,6 +214,7 @@ It can also be set using environment variables:
 - GitHub
 - GitLab
 - Google
+- Hubspot
 - Instagram
 - Keycloak
 - Linear
diff --git a/playground/.env.example b/playground/.env.example
@@ -97,3 +97,7 @@ NUXT_OAUTH_AUTHENTIK_DOMAIN=
 # Strava
 NUXT_OAUTH_STRAVA_CLIENT_ID=
 NUXT_OAUTH_STRAVA_CLIENT_SECRET=
+# Hubspot
+NUXT_OAUTH_HUBSPOT_CLIENT_ID=
+NUXT_OAUTH_HUBSPOT_CLIENT_SECRET=
+NUXT_OAUTH_HUBSPOT_REDIRECT_URL=
diff --git a/playground/app.vue b/playground/app.vue
@@ -177,6 +177,12 @@ const providers = computed(() =>
       disabled: Boolean(user.value?.strava),
       icon: 'i-simple-icons-strava',
     },
+    {
+      label: user.value?.hubspot || 'HubSpot',
+      to: '/auth/hubspot',
+      disabled: Boolean(user.value?.hubspot),
+      icon: 'i-simple-icons-hubspot',
+    },
   ].map(p => ({
     ...p,
     prefetch: false,
diff --git a/playground/auth.d.ts b/playground/auth.d.ts
@@ -32,6 +32,7 @@ declare module '#auth-utils' {
     authentik?: string
     seznam?: string
     strava?: string
+    hubspot?: string
   }
 
   interface UserSession {
diff --git a/playground/server/routes/auth/hubspot.get.ts b/playground/server/routes/auth/hubspot.get.ts
@@ -0,0 +1,15 @@
+export default defineOAuthHubspotEventHandler({
+  config: {
+    scope: ['oauth'],
+  },
+  async onSuccess(event, { user }) {
+    await setUserSession(event, {
+      user: {
+        hubspot: user.email,
+      },
+      loggedInAt: Date.now(),
+    })
+
+    return sendRedirect(event, '/')
+  },
+})
diff --git a/src/module.ts b/src/module.ts
@@ -348,5 +348,11 @@ export default defineNuxtModule<ModuleOptions>({
       clientSecret: '',
       redirectURL: '',
     })
+    // Hubspot OAuth
+    runtimeConfig.oauth.hubspot = defu(runtimeConfig.oauth.hubspot, {
+      clientId: '',
+      clientSecret: '',
+      redirectURL: '',
+    })
   },
 })
diff --git a/src/runtime/server/lib/oauth/hubspot.ts b/src/runtime/server/lib/oauth/hubspot.ts
@@ -0,0 +1,121 @@
+import type { H3Event } from 'h3'
+import { eventHandler, getQuery, sendRedirect } from 'h3'
+import { withQuery } from 'ufo'
+import defu from 'defu'
+import {
+  getOAuthRedirectURL,
+  handleAccessTokenErrorResponse,
+  handleMissingConfiguration,
+  requestAccessToken,
+} from '../utils'
+import { useRuntimeConfig } from '#imports'
+import type { OAuthConfig } from '#auth-utils'
+
+export interface OAuthHubspotConfig {
+  /**
+   * Hubspot OAuth Client ID
+   * @default process.env.NUXT_OAUTH_HUBSPOT_CLIENT_ID
+   */
+  clientId?: string
+
+  /**
+   * Hubspot OAuth Client Secret
+   * @default process.env.NUXT_OAUTH_HUBSPOT_CLIENT_SECRET
+   */
+  clientSecret?: string
+
+  /**
+   * Hubspot OAuth Redirect URL
+   * @default process.env.NUXT_OAUTH_HUBSPOT_REDIRECT_URL
+   */
+  redirectURL?: string
+
+  /**
+   * Hubspot OAuth Scope
+   * @default ['oauth']
+   * @see https://developers.hubspot.com/beta-docs/guides/apps/authentication/scopes
+   * @example ['accounting', 'automation', 'actions']
+   */
+  scope?: string[]
+}
+interface SignedAccessToken {
+  expiresAt: number
+  scopes: string
+  hubId: number
+  userId: number
+  appId: number
+  signature: string
+  scopeToScopeGroupPks?: string
+  newSignature?: string
+  hublet?: string
+  trialScopes?: string
+  trialScopeToScopeGroupPks?: string
+  isUserLevel: boolean
+}
+
+interface OAuthHubspotAccessInfo {
+  token: string
+  user: string
+  hub_domain: string
+  scopes: string[]
+  signed_access_token: SignedAccessToken
+  hub_id: number
+  app_id: number
+  expires_in: number
+  user_id: number
+  token_type: string
+}
+
+export function defineOAuthHubspotEventHandler({ config, onSuccess, onError }: OAuthConfig<OAuthHubspotConfig>) {
+  return eventHandler(async (event: H3Event) => {
+    config = defu(config, useRuntimeConfig(event).oauth?.hubspot) as OAuthHubspotConfig
+
+    if (!config.clientId || !config.clientSecret || !config.redirectURL) {
+      return handleMissingConfiguration(event, 'hubspot', ['clientId', 'clientSecret', 'redirectURL'], onError)
+    }
+
+    const query = getQuery<{ code?: string, state?: string, error?: string, error_description?: string }>(event)
+    const redirectURL = config.redirectURL || getOAuthRedirectURL(event)
+
+    if (query.error) {
+      return handleAccessTokenErrorResponse(event, 'hubspot', query, onError)
+    }
+
+    if (!query.code) {
+      return sendRedirect(
+        event,
+        withQuery('https://app.hubspot.com/oauth/authorize', {
+          client_id: config.clientId,
+          redirect_uri: redirectURL,
+          scope: config.scope?.join(' ') || 'oauth',
+        }),
+      )
+    }
+
+    const tokens = await requestAccessToken(
+      'https://api.hubapi.com/oauth/v1/token', {
+        body: {
+          client_id: config.clientId,
+          client_secret: config.clientSecret,
+          code: query.code as string,
+          redirect_uri: redirectURL,
+          grant_type: 'authorization_code',
+        },
+      })
+
+    if (tokens.error) {
+      return handleAccessTokenErrorResponse(event, 'hubspot', tokens, onError)
+    }
+
+    const info: OAuthHubspotAccessInfo = await $fetch('https://api.hubapi.com/oauth/v1/access-tokens/' + tokens.access_token)
+
+    return onSuccess(event, {
+      user: {
+        id: info.user_id,
+        email: info.user,
+        domain: info.hub_domain,
+      },
+      tokens,
+    })
+  })
+}
diff --git a/src/runtime/types/oauth-config.ts b/src/runtime/types/oauth-config.ts
@@ -1,6 +1,6 @@
 import type { H3Event, H3Error } from 'h3'
 
-export type OAuthProvider = 'auth0' | 'authentik' | 'battledotnet' | 'cognito' | 'discord' | 'dropbox' | 'facebook' | 'github' | 'gitlab' | 'google' | 'instagram' | 'keycloak' | 'linear' | 'linkedin' | 'microsoft' | 'paypal' | 'polar' | 'spotify' | 'seznam' | 'steam' | 'strava' | 'tiktok' | 'twitch' | 'vk' | 'workos' | 'x' | 'xsuaa' | 'yandex' | 'zitadel' | (string & {})
+export type OAuthProvider = 'auth0' | 'authentik' | 'battledotnet' | 'cognito' | 'discord' | 'dropbox' | 'facebook' | 'github' | 'gitlab' | 'google' | 'hubspot' | 'instagram' | 'keycloak' | 'linear' | 'linkedin' | 'microsoft' | 'paypal' | 'polar' | 'spotify' | 'seznam' | 'steam' | 'strava' | 'tiktok' | 'twitch' | 'vk' | 'workos' | 'x' | 'xsuaa' | 'yandex' | 'zitadel' | (string & {})
 
 export type OnError = (event: H3Event, error: H3Error) => Promise<void> | void
 

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,7 @@ declare module '#auth-utils' {`
`32`	`32`	`authentik?: string`
`33`	`33`	`seznam?: string`
`34`	`34`	`strava?: string`
	`35`	`+ hubspot?: string`
`35`	`36`	`}`
`36`	`37`
`37`	`38`	`interface UserSession {`