'use strict';

var zod = require('zod');
var createSignInResolverFactory = require('./createSignInResolverFactory.cjs.js');
var errors = require('@backstage/errors');

const reEmail = /^([^@+]+)(\+[^@]+)?(@.*)$/;
exports.commonSignInResolvers = void 0;
((commonSignInResolvers2) => {
  commonSignInResolvers2.emailMatchingUserEntityProfileEmail = createSignInResolverFactory.createSignInResolverFactory({
    optionsSchema: zod.z.object({
      allowedDomains: zod.z.array(zod.z.string()).optional(),
      dangerouslyAllowSignInWithoutUserInCatalog: zod.z.boolean().optional()
    }).optional(),
    create(options = {}) {
      return async (info, ctx) => {
        const { profile } = info;
        if (!profile.email) {
          throw new Error(
            "Login failed, user profile does not contain an email"
          );
        }
        try {
          return await ctx.signInWithCatalogUser({
            filter: {
              "spec.profile.email": profile.email
            }
          });
        } catch (err) {
          if (err?.name === "NotFoundError") {
            const m = profile.email.match(reEmail);
            if (m?.length === 4) {
              const [_, name, _plus, domain] = m;
              const noPlusEmail = `${name}${domain}`;
              return ctx.signInWithCatalogUser(
                {
                  filter: {
                    "spec.profile.email": noPlusEmail
                  }
                },
                {
                  dangerousEntityRefFallback: options?.dangerouslyAllowSignInWithoutUserInCatalog ? { entityRef: { name: noPlusEmail } } : void 0
                }
              );
            }
          }
          throw err;
        }
      };
    }
  });
  commonSignInResolvers2.emailLocalPartMatchingUserEntityName = createSignInResolverFactory.createSignInResolverFactory({
    optionsSchema: zod.z.object({
      allowedDomains: zod.z.array(zod.z.string()).optional(),
      dangerouslyAllowSignInWithoutUserInCatalog: zod.z.boolean().optional()
    }).optional(),
    create(options = {}) {
      const { allowedDomains } = options;
      return async (info, ctx) => {
        const { profile } = info;
        if (!profile.email) {
          throw new Error(
            "Login failed, user profile does not contain an email"
          );
        }
        const [localPart] = profile.email.split("@");
        const domain = profile.email.slice(localPart.length + 1);
        if (allowedDomains && !allowedDomains.includes(domain)) {
          throw new errors.NotAllowedError(
            "Sign-in user email is not from an allowed domain"
          );
        }
        return ctx.signInWithCatalogUser(
          { entityRef: { name: localPart } },
          {
            dangerousEntityRefFallback: options?.dangerouslyAllowSignInWithoutUserInCatalog ? { entityRef: { name: localPart } } : void 0
          }
        );
      };
    }
  });
})(exports.commonSignInResolvers || (exports.commonSignInResolvers = {}));
//# sourceMappingURL=commonSignInResolvers.cjs.js.map