Directly return error about missing username field

essential-randomness · essential-randomness · commit 5afb389423e8 · 2026-03-08T18:14:40.000-07:00
diff --git a/.changeset/dark-horses-feel.md b/.changeset/dark-horses-feel.md
@@ -0,0 +1,5 @@
+---
+"@fujocoded/authproto": patch
+---
+
+Directly return error about missing username field
diff --git a/astro-authproto/src/routes/oauth/login.ts b/astro-authproto/src/routes/oauth/login.ts
@@ -23,8 +23,17 @@ export const POST: APIRoute = async ({ redirect, request, session }) => {
     ...(referer && !customRedirect && { referer }),
   };
 
+  if (!atprotoId) {
+    session?.set(AUTHPROTO_ERROR_CODE, "MISSING_FIELD");
+    session?.set(
+      AUTHPROTO_ERROR_DESCRIPTION,
+      'Missing required "atproto-id" field in login form data',
+    );
+    return redirect(stateData.referer || "/");
+  }
+
   try {
-    const url = await oauthClient.authorize(atprotoId!, {
+    const url = await oauthClient.authorize(atprotoId, {
       scope: scopes.join(" "),
       // This random value protects against CSRF (Cross-Site Request
       // Forgery) attacks. We send it along our authorization request, and the OAuth

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@fujocoded/authproto": patch
 +---
++
 +Directly return error about missing username field