'use strict'; Object.defineProperty(exports, '__esModule', { value: true }); var backendPluginApi = require('@backstage/backend-plugin-api'); var crypto = require('crypto'); var errors = require('@backstage/errors'); var jose = require('jose'); var url = require('url'); var pickBy = require('lodash/pickBy'); var zodToJsonSchema = require('zod-to-json-schema'); function _interopDefaultLegacy (e) { return e && typeof e === 'object' && 'default' in e ? e : { 'default': e }; } var crypto__default = /*#__PURE__*/_interopDefaultLegacy(crypto); var pickBy__default = /*#__PURE__*/_interopDefaultLegacy(pickBy); var zodToJsonSchema__default = /*#__PURE__*/_interopDefaultLegacy(zodToJsonSchema); const authProvidersExtensionPoint = backendPluginApi.createExtensionPoint({ id: "auth.providers" }); function safelyEncodeURIComponent(value) { return encodeURIComponent(value).replace(/'/g, "%27"); } function sendWebMessageResponse(res, appOrigin, response) { const jsonData = JSON.stringify(response, (_, value) => { if (value instanceof Error) { return errors.serializeError(value); } return value; }); const base64Data = safelyEncodeURIComponent(jsonData); const base64Origin = safelyEncodeURIComponent(appOrigin); const script = ` var authResponse = decodeURIComponent('${base64Data}'); var origin = decodeURIComponent('${base64Origin}'); var originInfo = {'type': 'config_info', 'targetOrigin': origin}; (window.opener || window.parent).postMessage(originInfo, '*'); (window.opener || window.parent).postMessage(JSON.parse(authResponse), origin); setTimeout(() => { window.close(); }, 100); // same as the interval of the core-app-api lib/loginPopup.ts (to address race conditions) `; const hash = crypto__default["default"].createHash("sha256").update(script).digest("base64"); res.setHeader("Content-Type", "text/html"); res.setHeader("X-Frame-Options", "sameorigin"); res.setHeader("Content-Security-Policy", `script-src 'sha256-${hash}'`); res.end(`