···
···
+
// Validate format (DID or handle) with proper regex patterns
+
if strings.HasPrefix(req.Community, "did:") {
+
// Validate DID format: did:method:identifier
+
// atProto supports did:plc and did:web
+
didRegex := regexp.MustCompile(`^did:(plc|web):[a-zA-Z0-9._:%-]+$`)
+
if !didRegex.MatchString(req.Community) {
+
writeError(w, http.StatusBadRequest, "InvalidRequest", "invalid DID format")
+
} else if strings.HasPrefix(req.Community, "!") {
+
// Validate handle format: !name@domain.tld
+
if !strings.Contains(req.Community, "@") {
+
writeError(w, http.StatusBadRequest, "InvalidRequest", "handle must contain @domain")
writeError(w, http.StatusBadRequest, "InvalidRequest",
"community must be a DID (did:plc:...) or handle (!name@instance.com)")
···
+
// Validate format (DID or handle) with proper regex patterns
+
if strings.HasPrefix(req.Community, "did:") {
+
// Validate DID format: did:method:identifier
+
didRegex := regexp.MustCompile(`^did:(plc|web):[a-zA-Z0-9._:%-]+$`)
+
if !didRegex.MatchString(req.Community) {
+
writeError(w, http.StatusBadRequest, "InvalidRequest", "invalid DID format")
+
} else if strings.HasPrefix(req.Community, "!") {
+
// Validate handle format: !name@domain.tld
+
if !strings.Contains(req.Community, "@") {
+
writeError(w, http.StatusBadRequest, "InvalidRequest", "handle must contain @domain")
writeError(w, http.StatusBadRequest, "InvalidRequest",
"community must be a DID (did:plc:...) or handle (!name@instance.com)")
bretton.dev