diff --git a/pkg/handler/user.go b/pkg/handler/user.go
index abc1234..def5678 100644
@@ -15,7 +15,12 @@ func (h *UserHandler) GetProfile(w http.ResponseWriter, r *http.Request) {
userID := r.URL.Query().Get("id")
user, err := h.store.FindByID(userID)
- if err != nil {
+ // Fix: check for nil user before accessing fields
+ // Bug: FindByID returns (nil, nil) for missing users, causing panic
+ if err != nil {
+ http.Error(w, "internal error", http.StatusInternalServerError)
+ return
+ }
+ if user == nil {
http.Error(w, "not found", http.StatusNotFound)
return
}