checking the did type

Author: fatfingers23

package.json

@@ -43,6 +43,7 @@
     "@atproto/common": "0.5.10",
     "@atproto/lex": "0.0.13",
     "@atproto/oauth-client-node": "^0.3.15",
+    "@atproto/syntax": "0.4.3",
     "@deno/doc": "jsr:^0.189.1",
     "@floating-ui/vue": "1.1.10",
     "@iconify-json/carbon": "1.2.18",
@@ -75,7 +76,6 @@
     "defu": "6.1.4",
     "fast-npm-meta": "1.0.0",
     "focus-trap": "^7.8.0",
-    "tinyglobby": "0.2.15",
     "marked": "17.0.1",
     "module-replacements": "2.11.0",
     "nuxt": "4.3.0",
@@ -88,6 +88,7 @@
     "simple-git": "3.30.0",
     "spdx-license-list": "6.11.0",
     "std-env": "3.10.0",
+    "tinyglobby": "0.2.15",
     "ufo": "1.6.3",
     "unocss": "66.6.0",
     "unplugin-vue-router": "0.19.2",

pnpm-lock.yaml

@@ -7,8 +7,9 @@ import { SLINGSHOT_HOST } from '#shared/utils/constants'
 import { useServerSession } from '#server/utils/server-session'
 import type { PublicUserSession } from '#shared/schemas/publicUserSession'
 import { handleResolver } from '#server/utils/atproto/oauth'
-import { type AtIdentifierString, Client } from '@atproto/lex'
+import { Client } from '@atproto/lex'
 import * as app from '#shared/types/lexicons/app'
+import { ensureValidAtIdentifier } from '@atproto/syntax'
 
 /**
  * Fetch the user's profile record to get their avatar blob reference
@@ -22,10 +23,10 @@ async function getAvatar(did: string, pds: string) {
     const pdsUrl = new URL(pds)
     // Only fetch from HTTPS PDS endpoints to prevent SSRF
     if (did && pdsUrl.protocol === 'https:') {
+      ensureValidAtIdentifier(did)
       const client = new Client(pdsUrl)
       const profileResponse = await client.get(app.bsky.actor.profile, {
-        // Hack for now need to find an example on how to use it properly
-        repo: did as AtIdentifierString,
+        repo: did,
         rkey: 'self',
       })