From ea1c5b982c28b9e15c2baf02c37b240e3e6d6fe4 Mon Sep 17 00:00:00 2001
From: Bel LaPointe <breel@qualtrics.com>
Date: Thu, 10 Feb 2022 08:53:14 -0700
Subject: [PATCH] try to protect

---
 spike/review/reinvent/ezmded/server/server.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/spike/review/reinvent/ezmded/server/server.go b/spike/review/reinvent/ezmded/server/server.go
index 3d5f8b6..45e4e14 100644
--- a/spike/review/reinvent/ezmded/server/server.go
+++ b/spike/review/reinvent/ezmded/server/server.go
@@ -249,6 +249,9 @@ func (server *Server) apiV0FilesPostHandler(w http.ResponseWriter, r *http.Reque
 
 func (server *Server) apiV0FilesIDGetHandler(w http.ResponseWriter, r *http.Request) error {
 	id := server.fileId(r)
+	if len(id) == 0 || id[0] == "" {
+		return fmt.Errorf("no id found: %+v", id)
+	}
 
 	leaf, err := server.tree().Get(id)
 	if os.IsNotExist(err) {
@@ -265,6 +268,9 @@ func (server *Server) apiV0FilesIDGetHandler(w http.ResponseWriter, r *http.Requ
 
 func (server *Server) apiV0FilesIDDelHandler(w http.ResponseWriter, r *http.Request) error {
 	id := server.fileId(r)
+	if len(id) == 0 || id[0] == "" {
+		return fmt.Errorf("no id found: %+v", id)
+	}
 
 	leaf, err := server.tree().Get(id)
 	if os.IsNotExist(err) {
@@ -291,15 +297,20 @@ func (server *Server) urlFileId(id []string) string {
 func (server *Server) fileId(r *http.Request) []string {
 	return strings.Split(
 		strings.TrimPrefix(
-			strings.Trim(r.URL.Path, "/"),
-			"api/v0/files/",
-		),
+			strings.TrimPrefix(
+				strings.Trim(r.URL.Path, "/"),
+				"api/v0/files",
+			),
+			"/"),
 		"/",
 	)
 }
 
 func (server *Server) apiV0FilesIDPutHandler(w http.ResponseWriter, r *http.Request) error {
 	id := server.fileId(r)
+	if len(id) == 0 || id[0] == "" {
+		return fmt.Errorf("no id found: %+v", id)
+	}
 
 	leaf, err := server.tree().Get(id)
 	if os.IsNotExist(err) {