Sessions, lastfm auth workarounds

app/controllers/last_fm_controller.rb

@@ -0,0 +1,72 @@
+require 'open-uri'
+
+class LastFmController < ApplicationController
+  
+  @@api_key = '04fda005dbf61a50af5abc3e90f111f2'
+  @@secret = '19e70e98b291e9f15d0516925945eb1b'
+  
+  def connect
+    unless params[:sid].nil? or params[:token].nil?
+      session = Session.find_by_key(params[:sid])
+      unless session.nil?
+        session.user.lastfm_token = params[:token]
+        session.user.save
+        render :text => '<script>window.close();</script>'
+      else
+        render :text => 'You Don\'t Fool Me'
+      end
+    else
+      render :text => 'So Much Trouble In The World'
+    end
+  end
+  
+  def getinfo
+    #return unless authorized?
+    @res = {}
+    
+    user = User.find_by_vkid(1217744)#params[:mid])
+    @res[:connected] = false
+    @res[:lastfm_login_url] = 'http://www.last.fm/api/auth?api_key='+ @@api_key +'&cb=http://localhost/lastfm/connect/?sid='+ user.session.key
+    
+    unless user.lastfm_token.nil?
+      lastfm_response = auth_query({:method => 'auth.getSession', :token => user.lastfm_token})
+      render :json => lastfm_response
+      return
+      if lastfm_response
+        user.lastfm_token = lastfm_response[1]
+        user.save
+        @res[:connected] = true
+        @res[:username] = lastfm_response[0];
+      end
+    end
+    
+    render :json => @res
+  end
+  
+  private
+  
+  def auth_query params
+    url = 'http://ws.audioscrobbler.com/2.0/?'
+    params[:api_key] = @@api_key
+    params.each do |k, v|
+      url << k.to_s << '=' << v << '&'
+    end
+    url << 'api_sig=' << get_signature(params)
+    begin
+      open(url).read.match(/<name>(.*?)<\/name>.*?<key>(.*?)<\/key>/m)
+    rescue
+      false
+    end
+  end
+  
+  def get_signature params
+    params = params.to_a.sort! { |a, b| a[0] <=> b[0] }
+    params = Hash[params]
+    str = '';
+    params.each do |k, v|
+      str << k.to_s << v
+    end
+    Digest::MD5.hexdigest(str + @@secret)
+  end
+  
+end

app/controllers/user_controller.rb

@@ -13,6 +13,9 @@ class UserController < ApplicationController
     end
     @res[:id] = user.id
     @res[:username] = user.name
+    session = Session.find_or_create_by_user_id(user.id)
+    session.key = Digest::SHA256.hexdigest(rand(99999999).to_s + user.id.to_s + rand(99999999).to_s)
+    session.save
     
     render :json => @res
   end