kot.pink
1package state
2
3import (
4 "fmt"
5 "net/http"
6 "strings"
7
8 "tangled.org/core/appview/pages"
9)
10
11func (s *State) Login(w http.ResponseWriter, r *http.Request) {
12 l := s.logger.With("handler", "Login")
13
14 switch r.Method {
15 case http.MethodGet:
16 returnURL := r.URL.Query().Get("return_url")
17 s.pages.Login(w, pages.LoginParams{
18 ReturnUrl: returnURL,
19 })
20 case http.MethodPost:
21 handle := r.FormValue("handle")
22
23 // when users copy their handle from bsky.app, it tends to have these characters around it:
24 //
25 // @nelind.dk:
26 // \u202a ensures that the handle is always rendered left to right and
27 // \u202c reverts that so the rest of the page renders however it should
28 handle = strings.TrimPrefix(handle, "\u202a")
29 handle = strings.TrimSuffix(handle, "\u202c")
30
31 // `@` is harmless
32 handle = strings.TrimPrefix(handle, "@")
33
34 // basic handle validation
35 if !strings.Contains(handle, ".") {
36 l.Error("invalid handle format", "raw", handle)
37 s.pages.Notice(
38 w,
39 "login-msg",
40 fmt.Sprintf("\"%s\" is an invalid handle. Did you mean %s.bsky.social or %s.tngl.sh?", handle, handle, handle),
41 )
42 return
43 }
44
45 redirectURL, err := s.oauth.ClientApp.StartAuthFlow(r.Context(), handle)
46 if err != nil {
47 http.Error(w, err.Error(), http.StatusInternalServerError)
48 return
49 }
50
51 s.pages.HxRedirect(w, redirectURL)
52 }
53}
54
55func (s *State) Logout(w http.ResponseWriter, r *http.Request) {
56 l := s.logger.With("handler", "Logout")
57
58 err := s.oauth.DeleteSession(w, r)
59 if err != nil {
60 l.Error("failed to logout", "err", err)
61 } else {
62 l.Info("logged out successfully")
63 }
64
65 s.pages.HxRedirect(w, "/login")
66}