+11 -5

web/routes_auth.py

reviewed

··· 4 4 from urllib.parse import quote, urlencode, urlparse 5 5 6 6 from authlib.jose import JsonWebKey 7 7 - from quart import Blueprint, current_app, redirect, request, session 7 7 + from quart import Blueprint, current_app, redirect, render_template, request, session 8 8 9 9 from core.auth.oauth import ( 10 10 exchange_code, ··· 93 93 client_id, redirect_uri = _compute_client_id() 94 94 95 95 # Resolve identity 96 96 - identity = await resolve_identity(client, handle) 96 96 + try: 97 97 + identity = await resolve_identity(client, handle) 98 98 + except Exception: 99 99 + return await render_template("login.html", error="Could not resolve that handle.") 97 100 pds_url = identity.pds 98 101 if not pds_url: 99 99 - return redirect("/") 102 102 + return await render_template("login.html", error="Could not resolve that handle.") 100 103 101 104 # Discover auth server 102 102 - authserver_url = await resolve_pds_authserver(client, pds_url) 103 103 - authserver_meta = await fetch_authserver_meta(client, authserver_url) 105 105 + try: 106 106 + authserver_url = await resolve_pds_authserver(client, pds_url) 107 107 + authserver_meta = await fetch_authserver_meta(client, authserver_url) 108 108 + except Exception: 109 109 + return await render_template("login.html", error="Could not reach your PDS. Try again.") 104 110 105 111 # Generate DPoP keypair for this login attempt 106 112 dpop_key = JsonWebKey.generate_key("EC", "P-256", is_private=True)

+1

web/templates/login.html

reviewed

··· 3 3 {% block content %} 4 4 <h1 class="text-lg text-neutral-200 mb-1">log in</h1> 5 5 <p class="text-neutral-500 mb-6">Sign in with your atproto handle to post threads and replies.</p> 6 6 + {% if error %}<p class="text-red-400 mb-4">{{ error }}</p>{% endif %} 6 7 <form method="post" action="/oauth/login" class="flex gap-2 max-w-md"> 7 8 <input 8 9 type="text"