From bf089379aa75a818c8a54c7d86ed5f3a97e56f19 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Sun, 21 May 2017 20:16:37 -0700
Subject: [PATCH] fixes for upload hash check, catch index.html delete scenario

---
 app/api.rb         | 12 +++---------
 tests/api_tests.rb | 16 +---------------
 2 files changed, 4 insertions(+), 24 deletions(-)

diff --git a/app/api.rb b/app/api.rb
index 5faa25e4..60884132 100644
--- a/app/api.rb
+++ b/app/api.rb
@@ -7,17 +7,11 @@ end
 
 post '/api/upload_hash' do
   require_api_credentials
-
   res = {}
-
-  if params[:files].blank? || !params[:files].is_a?(Hash)
-    api_error 400, 'no_file_hashes_provided', 'no file hashes provided'
-  end
-
-  params[:files].each do |k,v|
+  files = []
+  params.each do |k,v|
     res[k] = current_site.sha1_hash_match? k, v
   end
-
   api_success files: res
 end
 
@@ -101,7 +95,7 @@ post '/api/delete' do
       api_error 400, 'missing_files', "#{path} was not found on your site, canceled deleting"
     end
 
-    if path == 'index.html'
+    if path == 'index.html' || path == '/index.html'
       api_error 400, 'cannot_delete_index', 'you cannot delete your index.html file, canceled deleting'
     end
 
diff --git a/tests/api_tests.rb b/tests/api_tests.rb
index 30e2d97c..e7fdc281 100644
--- a/tests/api_tests.rb
+++ b/tests/api_tests.rb
@@ -233,26 +233,12 @@ describe 'api upload hash' do
       'test2.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
     }
 
-    post '/api/upload_hash', "files[test.jpg]" => test_hash, "files[test2.jpg]" => Digest::SHA1.hexdigest('herpderp')
+    post '/api/upload_hash', "test.jpg" => test_hash, "test2.jpg" => Digest::SHA1.hexdigest('herpderp')
 
     res[:result].must_equal 'success'
     res[:files][:'test.jpg'].must_equal true
     res[:files][:'test2.jpg'].must_equal false
   end
-
-  it 'throws error for missing data' do
-    create_site
-    basic_authorize @user, @pass
-    post '/api/upload_hash'
-    res[:error_type].must_equal 'no_file_hashes_provided'
-  end
-
-  it 'throws errors for weird data' do
-    create_site
-    basic_authorize @user, @pass
-    post '/api/upload_hash', 'files[]' => 'DUMPSTER FIRE'
-    res[:error_type].must_equal 'no_file_hashes_provided'
-  end
 end
 
 describe 'api upload' do