From 884d673ec8e074b707fa27bf07ed8986131b9ddb Mon Sep 17 00:00:00 2001 From: oppiliappan Date: Tue, 3 Jun 2025 22:19:29 +0100 Subject: [PATCH] appview: oauth: improve error handling around bad handles Change-Id: lvuknrupsyoxulysnvurzoolrsnrmklv - removes characters that bsky.app inserts for handles - better errors for handles that do not conform to atproto format Signed-off-by: oppiliappan --- appview/oauth/handler/handler.go | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/appview/oauth/handler/handler.go b/appview/oauth/handler/handler.go index fc07f8d..e3efd04 100644 --- a/appview/oauth/handler/handler.go +++ b/appview/oauth/handler/handler.go @@ -102,7 +102,25 @@ func (o *OAuthHandler) login(w http.ResponseWriter, r *http.Request) { case http.MethodGet: o.pages.Login(w, pages.LoginParams{}) case http.MethodPost: - handle := strings.TrimPrefix(r.FormValue("handle"), "@") + handle := r.FormValue("handle") + + // when users copy their handle from bsky.app, it tends to have these characters around it: + // + // @nelind.dk: + // \u202a ensures that the handle is always rendered left to right and + // \u202c reverts that so the rest of the page renders however it should + handle = strings.TrimPrefix(handle, "\u202a") + handle = strings.TrimSuffix(handle, "\u202c") + + // `@` is harmless + handle = strings.TrimPrefix(handle, "@") + + // basic handle validation + if !strings.Contains(handle, ".") { + log.Println("invalid handle format", "raw", handle) + o.pages.Notice(w, "login-msg", fmt.Sprintf("\"%s\" is an invalid handle. Did you mean %s.bsky.social?", handle, handle)) + return + } resolved, err := o.idResolver.ResolveIdent(r.Context(), handle) if err != nil { -- 2.43.0