tangled.org / core
Monorepo for Tangled tangled.org
fork atom

appview: oauth: improve error handling around bad handles

- removes characters that bsky.app inserts for handles
- better errors for handles that do not conform to atproto format

Signed-off-by: oppiliappan <me@oppi.li>

authored by oppi.li and committed by Tangled 6d3ed294 1d1adbfe

options
unified split
Changed files
+19 -1
appview
oauth
handler
handler.go
+19 -1
appview/oauth/handler/handler.go
··· 102 102 case http.MethodGet: 103 103 o.pages.Login(w, pages.LoginParams{}) 104 104 case http.MethodPost: 105 - handle := strings.TrimPrefix(r.FormValue("handle"), "@") 105 + handle := r.FormValue("handle") 106 + 107 + // when users copy their handle from bsky.app, it tends to have these characters around it: 108 + // 109 + // @nelind.dk: 110 + // \u202a ensures that the handle is always rendered left to right and 111 + // \u202c reverts that so the rest of the page renders however it should 112 + handle = strings.TrimPrefix(handle, "\u202a") 113 + handle = strings.TrimSuffix(handle, "\u202c") 114 + 115 + // `@` is harmless 116 + handle = strings.TrimPrefix(handle, "@") 117 + 118 + // basic handle validation 119 + if !strings.Contains(handle, ".") { 120 + log.Println("invalid handle format", "raw", handle) 121 + o.pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle. Did you mean %s.bsky.social?", handle, handle)) 122 + return 123 + } 106 124 107 125 resolved, err := o.idResolver.ResolveIdent(r.Context(), handle) 108 126 if err != nil {