fix: allow handle format with tld shorter than 3 characters

[Johannes-Andersen]

When trying to sign up in the oAuth flow with a tld or domain shorter than 3 char, you end up getting blocked by zod validation against the post body.

Example of failing ones:
"hello.norwegian.no"
"hello.vg.com"

One could in theory move the logic from ensureHandleServiceConstraints https://github.com/Johannes-Andersen/atproto/blob/main/packages/pds/src/handle/index.ts#L26 to align the logic. But not familiar enough with the codebase to know how that would be done.

Logic can also be tested on https://zod-playground.vercel.app/

Ref implementation done by @matthieusieben in #2945

--
Error:

Stack from logs:

{
  "name": "pds:oauth",
  "err": {
    "type": "ZodError",
    "message": [
      {
        "validation": "regex",
        "code": "invalid_string",
        "message": "Invalid",
        "path": [
          "body",
          "handle"
        ]
      }
    ],
    "stack": "ZodError: [\n  {\n    \"validation\": \"regex\",\n    \"code\": \"invalid_string\",\n    \"message\": \"Invalid\",\n    \"path\": [\n      \"body\",\n      \"handle\"\n    ]\n  }\n]\n    at get error (/app/node_modules/.pnpm/zod@3.24.1/node_modules/zod/lib/types.js:55:31)\n    at ZodObject.parseAsync (/app/node_modules/.pnpm/zod@3.24.1/node_modules/zod/lib/types.js:196:22)\n    at process.processTicksAndRejections (node:internal/process/task_queues:105:5)\n    at async <anonymous> (/app/node_modules/.pnpm/@atproto+oauth-provider@0.5.1/node_modules/@atproto/oauth-provider/src/oauth-provider.ts:1256:23)\n    at async <anonymous> (/app/node_modules/.pnpm/@atproto+oauth-provider@0.5.1/node_modules/@atproto/oauth-provider/src/oauth-provider.ts:1164:26)",
    "aggregateErrors": [
      {
        "type": "Object",
        "message": "Invalid",
        "stack": "",
        "validation": "regex",
        "code": "invalid_string",
        "path": [
          "body",
          "handle"
        ]
      }
    ],
    "issues": [
      {
        "validation": "regex",
        "code": "invalid_string",
        "message": "Invalid",
        "path": [
          "body",
          "handle"
        ]
      }
    ],
    "name": "ZodError"
  },
  "req": {
    "_parsedUrl": {
      "_raw": "/oauth/authorize/verify-handle-availability",
      "auth": null,
      "hash": null,
      "host": null,
      "hostname": null,
      "href": "/oauth/authorize/verify-handle-availability",
      "path": "/oauth/authorize/verify-handle-availability",
      "pathname": "/oauth/authorize/verify-handle-availability",
      "port": null,
      "protocol": null,
      "query": null,
      "search": null,
      "slashes": null
    },
    "method": "POST",
    "originalUrl": "/oauth/authorize/verify-handle-availability",
    "params": {},
    "query": {},
    "upgrade": false,
    "url": "/oauth/authorize/verify-handle-availability"
  },
  "msg": "OAuth request error"
}

[Johannes-Andersen]

Copied length check from https://github.com/Johannes-Andersen/atproto/blob/2759ef1a0043134d5bc228c431fd276bbe76c4a3/packages/pds/src/handle/index.ts#L43-L44

[matthieusieben]

Thank you for your contribution. This looks almost right 👍

[bnewbold]

would it be clearer to validate the overall handle syntax using the @atproto/syntax library, and then check the additional "name" constraints after that? Instead of having checks for digits, dashes, etc duplicated here.

[Johannes-Andersen]

would it be clearer to validate the overall handle syntax using the @atproto/syntax library, and then check the additional "name" constraints after that? Instead of having checks for digits, dashes, etc duplicated here.

I agree!
I’ll have a go at it later in the week to see if I can get something up for review if someone doesn’t beat me to it.

Just need to figure out how to properly get it all running locally and wrap my head around the codebase and packages 😄

[matthieusieben]

#3622