From 784ba447856f4e03bd9412a20d2c8eca39193ac6 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Mon, 8 Jun 2015 20:49:30 -0700
Subject: [PATCH] Restrict amount of files created per site

---
 app/api.rb          |  4 ++++
 app/site_files.rb   |  4 ++++
 tests/api_tests.rb  | 13 +++++++++++++
 tests/site_tests.rb |  6 ++++--
 4 files changed, 25 insertions(+), 2 deletions(-)

diff --git a/app/api.rb b/app/api.rb
index 57950539..1387c659 100644
--- a/app/api.rb
+++ b/app/api.rb
@@ -23,6 +23,10 @@ post '/api/upload' do
     api_error 400, 'too_large', 'files are too large to fit in your space, try uploading smaller (or less) files'
   end
 
+  if current_site.too_many_files?(files.length)
+    api_error 400, 'too_many_files', "cannot exceed the maximum site files limit (#{current_site.plan_feature(:maximum_site_files)}), #{current_site.supporter? ? 'please contact support' : 'please upgrade to a supporter account'}"
+  end
+
   files.each do |file|
     if !current_site.okay_to_upload?(file)
       api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content) for this site, files have not been uploaded"
diff --git a/app/site_files.rb b/app/site_files.rb
index 80ca6130..aa7107dc 100644
--- a/app/site_files.rb
+++ b/app/site_files.rb
@@ -124,6 +124,10 @@ post '/site_files/upload' do
     file_upload_response "File(s) do not fit in your available space, upload cancelled."
   end
 
+  if current_site.too_many_files? params[:files].length
+    file_upload_response "Too many files, cannot upload"
+  end
+
   results = current_site.store_files params[:files]
   file_upload_response
 end
diff --git a/tests/api_tests.rb b/tests/api_tests.rb
index f12af381..668589f8 100644
--- a/tests/api_tests.rb
+++ b/tests/api_tests.rb
@@ -160,6 +160,19 @@ describe 'api upload' do
     res[:error_type].must_equal 'missing_files'
   end
 
+  it 'fails with too many files' do
+    create_site
+    basic_authorize @user, @pass
+    @site.plan_feature(:maximum_site_files).times {
+      uuid = SecureRandom.uuid.gsub('-', '')+'.html'
+      @site.add_site_file path: uuid
+    }
+    post '/api/upload', {
+      '/lol.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
+    }
+    res[:error_type].must_equal 'too_many_files'
+  end
+
   it 'resists directory traversal attack' do
     create_site
     basic_authorize @user, @pass
diff --git a/tests/site_tests.rb b/tests/site_tests.rb
index c42d1d49..e72a685e 100644
--- a/tests/site_tests.rb
+++ b/tests/site_tests.rb
@@ -53,10 +53,12 @@ describe Site do
     end
 
     it 'should match plan_type' do
-      %w{supporter neko catbus fatcat}.each do |plan_type|
+      %w{supporter free}.each do |plan_type|
         site = Fabricate :site, plan_type: plan_type
         site.plan_type.must_equal plan_type
       end
+      site = Fabricate :site, plan_type: nil
+      site.plan_type.must_equal 'free'
     end
   end
 
@@ -77,4 +79,4 @@ describe Site do
       site.suggestions.length.must_equal Site::SUGGESTIONS_LIMIT
     end
   end
-end
\ No newline at end of file
+end