From 9d9b55528659d42fdae942105523c12cf86b541a Mon Sep 17 00:00:00 2001
From: Ayoub Faouzi <ayoubfaouzi@users.noreply.github.com>
Date: Tue, 7 Apr 2026 07:25:41 +0100
Subject: [PATCH] Checks resp.StatusCode != 201 and returns an error with the
 response body

---
 cmd/scanui.go            |  6 +++++-
 internal/webapi/files.go | 25 ++++++++++++++++---------
 2 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/cmd/scanui.go b/cmd/scanui.go
index 03069de..7d44146 100644
--- a/cmd/scanui.go
+++ b/cmd/scanui.go
@@ -88,10 +88,14 @@ func uploadFileCmd(index int, web webapi.Service, filename, token string) tea.Cm
 		}
 
 		if !exists {
-			_, err = web.Scan(filename, token, osFlag, enableDetonationFlag, timeoutFlag)
+			file, err := web.Scan(filename, token, osFlag, enableDetonationFlag, timeoutFlag)
 			if err != nil {
 				return fileUploadedMsg{index: index, err: fmt.Errorf("upload: %w", err)}
 			}
+			// Use the SHA256 from the server response. For single-file ZIPs,
+			// the server extracts the file and returns the child's hash, not
+			// the ZIP's hash.
+			return fileUploadedMsg{index: index, sha256: file.SHA256}
 		} else if forceRescanFlag {
 			err = web.Rescan(sha256, token, osFlag, enableDetonationFlag, timeoutFlag)
 			if err != nil {
diff --git a/internal/webapi/files.go b/internal/webapi/files.go
index 18c6a82..8e9d668 100644
--- a/internal/webapi/files.go
+++ b/internal/webapi/files.go
@@ -117,7 +117,7 @@ func (s Service) ListFiles(authToken string, page int) (*Pages, error) {
 
 }
 
-func (s Service) Scan(filepath string, authToken, preferredOS string, enableDetonation bool, timeout int) (string, error) {
+func (s Service) Scan(filepath string, authToken, preferredOS string, enableDetonation bool, timeout int) (*entity.File, error) {
 	params := map[string]string{
 		"skip_detonation": strconv.FormatBool(!enableDetonation),
 		"os":              preferredOS,
@@ -127,7 +127,7 @@ func (s Service) Scan(filepath string, authToken, preferredOS string, enableDeto
 	// Create a new file upload request.
 	request, err := s.newfileUploadRequest("file", filepath, params)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
 
 	// Add our auth token.
@@ -136,17 +136,24 @@ func (s Service) Scan(filepath string, authToken, preferredOS string, enableDeto
 	// Perform the http request.
 	resp, err := s.client.Do(request)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
+	defer resp.Body.Close()
 
-	// Read the response.
-	body := &bytes.Buffer{}
-	_, err = body.ReadFrom(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return "", err
+		return nil, err
 	}
-	resp.Body.Close()
-	return body.String(), nil
+
+	if resp.StatusCode != http.StatusCreated {
+		return nil, fmt.Errorf("upload failed: HTTP %d: %s", resp.StatusCode, body)
+	}
+
+	var file entity.File
+	if err := json.Unmarshal(body, &file); err != nil {
+		return nil, fmt.Errorf("failed to parse upload response: %w", err)
+	}
+	return &file, nil
 }
 
 func (s Service) Rescan(sha256, authToken, preferredOS string, enableDetonation bool, timeout int) error {