From f33fcdfb5ad1cc5aa359f48523ddc84b26966a89 Mon Sep 17 00:00:00 2001
From: brookjeynes <me@brookjeynes.dev>
Date: Wed, 15 Oct 2025 14:27:27 +1000
Subject: [PATCH] fix(auth): handle bad identity lookups
Change-Id: trrpxxyxxmotqnxwwywusmsmnxtwvxxr

Signed-off-by: brookjeynes <me@brookjeynes.dev>
---
 internal/server/handlers/login.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/internal/server/handlers/login.go b/internal/server/handlers/login.go
index 467bd17..a9b6c5b 100644
--- a/internal/server/handlers/login.go
+++ b/internal/server/handlers/login.go
@@ -55,13 +55,17 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
 
 		// Basic handle validation
 		if !strings.Contains(handle, ".") {
-			l.Error("invalid handle format", "err", handle)
+			l.Error("invalid handle format", "handle", handle)
 			htmx.HxError(w, http.StatusBadGateway, fmt.Sprintf("'%s' is an invalid handle. Did you mean %s.bsky.social?", handle, handle))
 			return
 		}
 
 		resolved, err := h.IdResolver.ResolveIdent(context.Background(), handle)
-		if err == nil {
+		if err != nil {
+			l.Error("failed to resolve handle", "handle", handle, "err", err)
+			htmx.HxError(w, http.StatusBadGateway, fmt.Sprintf("'%s' is an invalid handle", handle))
+			return
+		} else {
 			if !h.Config.Core.Dev && resolved.DID.String() != "" {
 				err := h.Posthog.Enqueue(posthog.Capture{
 					DistinctId: string(resolved.DID),
@@ -75,6 +79,7 @@ func (h *Handler) Login(w http.ResponseWriter, r *http.Request) {
 
 		redirectURL, err := h.Oauth.ClientApp.StartAuthFlow(r.Context(), handle)
 		if err != nil {
+			l.Error("failed to resolve auth flow", "handle", handle, "err", err)
 			http.Error(w, err.Error(), http.StatusInternalServerError)
 			return
 		}
-- 
2.43.0