From b5f52f6c0420433d03a05657ff224852c8d4ae2e Mon Sep 17 00:00:00 2001
From: Leo Franchi <lfranchi@kde.org>
Date: Wed, 23 Feb 2011 01:21:31 -0500
Subject: [PATCH] Add auth support to Playdar procol handling. Needs graphic
 design BADLY!

add part one of auth
fix stage two of auth as well
Fix API.
---
 data/www/auth.html                            |  64 +++++++++
 data/www/auth.na.html                         |  44 ++++++
 data/www/playdar_auth_logo.gif                | Bin 0 -> 16828 bytes
 resources.qrc                                 |   2 +
 src/libtomahawk/CMakeLists.txt                |   4 +
 .../databasecommand_addclientauth.cpp         |  46 +++++++
 .../database/databasecommand_addclientauth.h  |  45 ++++++
 .../databasecommand_clientauthvalid.cpp       |  42 ++++++
 .../databasecommand_clientauthvalid.h         |  49 +++++++
 src/libtomahawk/database/databaseimpl.cpp     |   3 +-
 src/libtomahawk/database/schema.sql           |  12 +-
 src/libtomahawk/database/schema.sql.h         |  12 +-
 src/tomahawk.protocol                         |  12 ++
 src/web/api_v1.h                              | 129 +++++++++++++++++-
 14 files changed, 456 insertions(+), 8 deletions(-)
 create mode 100644 data/www/auth.html
 create mode 100644 data/www/auth.na.html
 create mode 100644 data/www/playdar_auth_logo.gif
 create mode 100644 src/libtomahawk/database/databasecommand_addclientauth.cpp
 create mode 100644 src/libtomahawk/database/databasecommand_addclientauth.h
 create mode 100644 src/libtomahawk/database/databasecommand_clientauthvalid.cpp
 create mode 100644 src/libtomahawk/database/databasecommand_clientauthvalid.h
 create mode 100644 src/tomahawk.protocol

diff --git a/data/www/auth.html b/data/www/auth.html
new file mode 100644
index 000000000..a8aac4c37
--- /dev/null
+++ b/data/www/auth.html
@@ -0,0 +1,64 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <title>Allow Tomahawk Access</title>
+    <style>
+    body {
+        margin: 0;
+        padding: 0;
+        font: normal 12px 'Verdana', sans-serif;
+    }
+    a img,
+    img {
+        border: 0;
+    }
+    a {
+        color: #598d0c;
+    }
+    a#head {
+        display: block;
+        width: 100%;
+        height: 68px;
+        background: #cbdab1;
+    }
+    div#content {
+        margin: 30px;
+        text-align: center;
+    }
+    div#content p {
+        margin: 0 0 25px 0;
+    }
+    input.button {
+        border: 1px solid #999;
+        padding: 4px 10px;
+        border-color: #999 #555 #555 #999;
+        background: #ddd;
+    }
+    input.confirm {
+        background: #81bd0e;
+        color: #fff;
+        border-color: #6ba318 #426c0b #426c0b #6ba318;
+    }
+    </style>
+</head>
+<body>
+    <a href="http://www.playdar.org/" title="Tomahawk - Powered by Playdar" id="head">
+        <img alt="Tomahawk - Powered by Playdar" src="/static/playdar_auth_logo.gif" width="233" height="68"/>
+    </a>
+    
+    <div id="content">
+        <form method="post" action="/auth_2/" id="auth">
+            <p>Allow access to Tomahawk from <a href="<%WEBSITE%>"><%NAME%></a></p>
+            <p class="buttons">
+                <input type="button" value="Deny" class="button" onclick="window.close();" />
+                <input type="submit" value="Allow" class="confirm button" />
+            </p>
+            <input type="hidden" name="formtoken" value="<%FORMTOKEN%>" />
+            <input type="hidden" name="receiverurl" value="<%URL%>" />
+            <input type="hidden" name="website" value="<%WEBSITE%>" />
+            <input type="hidden" name="name" value="<%NAME%>" />
+        </form>
+    </div>
+</body>
+</html>
diff --git a/data/www/auth.na.html b/data/www/auth.na.html
new file mode 100644
index 000000000..450a2b114
--- /dev/null
+++ b/data/www/auth.na.html
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+    <title>Allow Tomahawk Access</title>
+    <style>
+    body {
+        margin: 0;
+        padding: 0;
+        font: normal 12px 'Verdana', sans-serif;
+    }
+    a img,
+    img {
+        border: 0;
+    }
+    a {
+        color: #598d0c;
+    }
+    a#head {
+        display: block;
+        width: 100%;
+        height: 68px;
+        background: #cbdab1;
+    }
+    div#content {
+        margin: 30px;
+        text-align: center;
+    }
+    div#content p {
+        margin: 0 0 25px 0;
+    }
+    </style>
+</head>
+<body>
+    <a href="http://www.playdar.org/" title="Tomahawk - Powered by Playdar" id="head">
+        <img alt="Tomahawk - Powered by Playdar" src="/static/playdar_auth_logo.gif" width="233" height="68"/>
+    </a>
+    
+    <div id="content">
+        <p>You have allowed access to Tomahawk from <a href="<%WEBSITE%>"><%NAME%></a></p>
+        <p>Copy and paste this authentication <strong>token</strong> into the status bar then close this window.</p>
+        <p>Token: <input type="text" value="<%AUTHCODE%>" size="35" onclick="this.focus(); this.select();" />
+</body>
+</html>
diff --git a/data/www/playdar_auth_logo.gif b/data/www/playdar_auth_logo.gif
new file mode 100644
index 0000000000000000000000000000000000000000..22b06bfa34ac6c89cf511ca499a269fb7319dfd8
GIT binary patch
literal 16828
zcmeI3XIPV2w}umXLJLI+Js?#|LQv@tNI<%wDCi&%AoLOfN+?Q~t{|v1B@mEMRC*Vw
z8hTZcBH%b8R%FycM#({EKF9N&IcKh1*ZKbC{gLeK{j9a#eXnQd-#%<%rmcfp2Veld
z0RT0#F0K)Jp2gsbMQGm(Pg3onhIxnPDg22PaXojQuxg=#ZglhG0LrwDcY$I|oqp|<
zBV|VKOtV<`Gq3LHyrb!0mt64GnL{=6=*%viqA}g@n*IJ1p7~cDnSDA1vx1Z<bkVSF
zOdDVOgNUM8nWm?PB~w=R3A{mMm8w;d8%qbP77hAm${L=cF`?kHN9u{4+J!gHP&+b*
z9^JgLaH725p?<=rYu&2mfqT(ibat;+00nyOw&RTjhx*x*w-&s@YUHfK_H-?IU2Tj=
z>=LSfda!U<wf&iE)r?KY&;FDL2gjb3T^ts=I4({Z#{?CNr&VK$rc~S4EYk-hGkZ-6
z#}8D@IF>(_$+?T}SaywRRPA~k5KQGs=uk^(g_{I&UmbJIn-(~p#S_<dpmM|^b5O9M
z|5DZX(cBS*jN6#n@t?8=m6Ch;Y6nOkwqH_dM;n&#MGvIff5sM$o7F#6HxK7Y>(Gq9
z%@@~(sGc^n@D~lc!COPa)s7yko;C6=;VD@X${V&w?~u=}3Me18rqFCFhwMs+EQ=or
z+Q#r*pE=(0!2iq6cKL|qrBU^Bw-G(BY&xH#8<*Uviz;Yy-S9K`=%j#a)#<$x)Uumd
z>3JkqyuGHDYD@pMeG1YwZI`ge%mf7aFOd`ci7v5eA#^%DdxC%99X4x(zi3{-jbuo9
zq}#r(-M(hpz3w#p{$xy!YwBITTTfwazZ|caGsRt!sDJ2zi`I{AHqIa4Lwi_#`7W~H
zo^3#pQ2VM|^_+Ij%_G^>u4$d>?r9Qr%T94kdbdV`YL-!XorV`$43i5z^M}#3%O-;l
zDzVZ04NI06%7d=8`82FLHLf1-n=PqZ@Vz{se|sYTGR?5`o^^DMQpH1s(g*Oa)v#7t
zv0s`du~6yMWv$lb;B!5qnM07ip99@<c#~QbQ@V94A379G$fe&AE*UvoF?pnO>{87f
zwtVaer3Y7gFQ8#8y!Tn?wK<WRG3<?=bbO(3-2%R4$+u(W_?^Yngm!TN05CFNFGJ^c
zw!y+MxNzL=x4sdHfb$H%hr>MZK7PRlvTr-@$in=*3}l@S+8}HQXuPkVc@z=v5M}G=
z85Q8E<0Wfk2-YX*l7a|9_;4JI6ciX7rb{xA#d(Ez;B|M$U#H=+uy2y^00UX$uM4oR
zHPInNJnVqFhMFfr^APO7A$6qIAuS|A6=o9>3^T)fz%+DVNCZL)hD7RWXzCu&g#G!*
z8iIF6`a~~pU3-k#pEY-X8OZvEhZA(+@Q8>A^$1P%5TXxULq|skjzGeZNVQ#sT3BRo
zIF6(i9JcR|B>&2T!H0Pg{RrWHyQRP8#d(CB3OA6I{aWbz^XKMpgztrd!_>cRRNXTq
z2u{Kg;2P=(`1j1af%?0Xx@aOE7mnXWj5plfkB%BbQ%&Qb<L;J_hjft#Pw0P*{898*
z(Qn~4Azpsok^d0>gXrJGcN^ff+unal@T2U{6#DS5EPi0~4gA+_{oDLMG4t~Lj*M`M
z82GI-UY>A#AU+5m93HldP2;~~^YYa74j~5N!VUd`a6WiAA=pPB{@3LH_xlliL&8JC
zd_(@1&VFD1pZ)#5q>By-3?c5e0dJ_O5C6OAANumwvIQEAC5CwW1>z0AC4gC@F+Ya?
zu>QC4=6+$}A;d`d_s;xn%l>HO?qS(Itnlxr^<OdH4gMb){Po)Zk@SBgWfoxwE)y3M
z7efRX5;NV!#KjN+hQv&FF>x_OfFUu{T})gI5nxEnbQcpBLj)KSGu_3+#Sj68#7uWF
zaWO=IAu-ckOk4~RU`Wh#7ZVpl1Q-%C-NnSk5CMk7Om{JHF+_kNG1Fa4TnrIlNX&E>
z6Bk1S7!otx#l*!B0fxj(cQJ7>M1UbN(_Ktl3=v>R%ybtM7efRX5;NV!#KjN+hQv&F
zF>x_OfFbe!=`QeJ_h0bAyO&-fc5k-;={sLO|Gxcc>$i^|-v7G!ZsYBn*RNi_Sbx6u
z?3brMKUrN_e!R4}F#l-o;e-3LGt*O(6XRo}Bf~?qdv^y1`ulo&?sVVo>g;H5Yi((6
zYHX;lyLIzMZB2C*weosJIi;+WTypJdaZzDG{*}v@@^UZcWM4R+m6?&AmYQ-dIVmwA
zJ}&m`nV9IPNK(Y<Q{iF6P(ny>P+)++pRbQM-pkVi=kDfu(&eWU$DN&y9d&fDx5FN>
zwXwFcv@kzxW{N?Z7^92~4fOSNb+ok(9Xz0k)Ih-1)l^mXD=R4~$jj}Mm4Qi1NlJ)|
zi9$v8?hzIe6oBya@$ztkL0p_1>};$oKmb7I6Wi`xApk)2>&Mq?a{w+nfDV!{uOs&+
zatZBsq1Bc4r$F{u7Ms_X4Q4<!{TFHVlzSIo=yVB-hVr3YC5LL4p@xc)D+tfwVvEM>
zV@29wFBXRyD<?`&iC{^~Ch8Q$Ja_-eZES8uC6?l9IX5&tn{iY_BfR>9`~4dB8nfo|
zDiw@P88lszyIFN6E${QtRjY^6l}9*@KXE5d<r-nRjfR?&uyD7;(ig+L73;MwU0}HK
zG3zb0fwtWBDBaXgW$x|X{FWb`9=ZD@p4CjmQy(r<lPQ`LHUW=ho>{epxd{$hs0Srf
zs+=g4j70RUuxXqWdlNEKVMEl?D;@#0xU6-AYTgPC<4Arh>>WqP*kbeEB|Me?*zLMl
zQaQ<D^t+XI2l2&Sp0SD7v)u=x+7H+vSb(>RJyw)&K@cqLk`;>BGuMI60t$s{Nuu)X
zxQkG~_g5>^T%gDU;FDW2Y%)HAeVBMicAcyhSQ#S-%511(NrUkCKV30WWV!MLBR$P7
zY9coLVIK7|+4o5#y}U)tq-u!WIYpvOd)aDCmB=cIn4TKuWrGmVDlXSioN^h@FHW5|
z;A^6wC)@AInQX3#tVMs}6)wNXbxLr_BT_8f!Xu>_W3yMD2Y~{ywb`2p*qhs7KsO=T
z&&!Tu69tOG!0)}$;xFzgnv5oIT4e9=w0m8m3l~(IjAqe^;+Gog9}05+PQ^~hvC%@=
zVLdIAEOl`%GMvENSxN$A%w<5iCU^%r<#RuXYuPxI*nmrO+`hM{0B%;WtZf>;JJhVW
z{v;7BO-1y|rNS;+?swvf9_)H&i;M>^(CSl3dtOsZVy{_pPo+wvk3bY&KJu4r67INy
z9r)GGszOnG8$EQlh|qaa<IdBvBzS1dhOxn@gvN-#e(6wa1BF~fujZXsniou4@vRF{
zM|OT)H+i}GAqZU(ND4*=Z3k|kwr$#FV#|2<E`-3_Jpn>5woFW*xULnV1g^Hu1R7fY
z*#s(Ai{j@vn-^x&(>y%56zgR9bj_7zNlg+x`hniHzxSoQun#^oN*|KMm6CANG6rgA
z#&1XVNEe*Wb|3zwrk2>QEN9)wqGkC$J4u=Y${KOw8dWT4Nq`-66IE4ZTkUf8Fz@Rn
zieR4Dtg)@~^GJ)n0T#iR(08_?Pcg>ULR9kf!2SV9BluS;CWno~5|f<-j125$G0m_4
z;P~3Ik<TtbUe<c!)lRk>wkUB%bO|LOvb_^&8c}U8-U*okhy{`)#5@EtxF=Uwn#jpO
z%4Cw#q%24vwMVZdn^UF<7-Q9l<q-8~%CeI^*sf>3EHO>#R6c*EbOYu+@6$P*2liK8
zjfZXH*ku=c1z_&1;u1OMmBV3@N8S5{>Arx3{f@?hZvjBAj(9d{8f)US0NTVc`JzDq
zuOxF%`_JbcYW6MhpSV%5U`c`jjaAWX5r|%~H>f13$ECuV&VAa~$v|yi6svi5l29?3
zp9|H)fz6`{^Cuu4VYAM>*+)yWZqrW3n`NdH2`Sh&cIT?1fPItkT$o9KY^pnN*qoQL
z+4?zwR|y;nlK?Jg-Ql0MdZakHyf7So+2lO~r(!6Qpb4SMhmz%f)EsV}eIPZdG1JrX
z1wbSck^oWl<U5w%FJbM@;&*<tP;x8&&?<~i`#D<TNu8<cYC~_*<V9GNrn#<2g6TPw
zxnaMm`6>@`0)F#?4$0mEdD@+x!efqNQFxxhrXQCT>pH{xxrYN#+jE`+L6(HnC97=%
z%!y_>G9vb+W?G?Y#QU2XuV&@-l<TFA)J|UEtiNm==Qoj9doM#N-UQy115_vAL<Q#(
z*`C#<81#gKPEW=kJlk_#qG_LWmT!{U>?EflZ4(*#YnJheMC)gco9VJgQ`>8|M3?s@
zVehDTKR(nXsHDFNa$Et3NWJ4Kit1r?c@BWjNAZ~|$#UxK{%MODb8!?K^S&d~2wna~
z)F|0&^ht~owot;hobOO6&8JPcKh4g${%9UzkBK3hL%cOoxY<F~(?&2;F@GPg-c}+D
zODUk)qn8!@+(blp1&E-pe1P1K<CGc4@}jq3V$C3Rt2aPCjX)GP%NDEDWN*9?0l@Ff
zg@M(P+4)E^oZ5gM8Lpg@Xo(f6KHd<^J{b;;a-j5(={@L9kLxc_N^i$<0r~jsxR8#C
zJZDzoNxubLH0Jr4O-bn-yDAI-C3|wRK;rghtHeo?Svf>$W-<ga2bzlG`aD)=?!A$<
z>mUF-q(3em#SR7Fcsv0tJXAmuP>~g&t%Q+|10r}A+V&w)ahiq_Pc~1ubBf0Sc@EXF
za_2emumjLCk9$}(7q^Ba<INy1vbluy$$R(E8bY;T=Tx1@d-+kuvKQ@GdC;Fm#q7>W
zy})v^#m&)ydjJTqEf&Zb2L%T5^}!}b*D?oC{B8u}q8phRociQRzMe+zZgL9r{ii7r
zjea%3jbv134?7>Br$XdQGTUOGcs5_NsTU-UEngRC%+*&V1ObRjR0tKIu2YW+vN}^`
z0YEIfs>GL^XJmyWt}2YYSOUm0u1t`!k+cd$2BwDh5iTLBINuTla1**Rr$IIf*4x?E
zULLsOtrnkt$()S+azgEmA5rP2k9%wVKF{&)uzXuH==c|k5MrPeh0zGP@%$%PVScM|
z_DP7HHAo0ZA8TcO47K*^lP-7;?l<@yWSw0mxcr7qnPvky)oHO<KxI=N?F(sr)w#?<
z7dSn*&RLMQ+^Jd)Y0dgFmDX;vDG1$cYu2hy%XYdq&(lwmKYvc{IH!RSnY83~ApVVA
zc$whlvm^L3I~S}834&#iWJOF)nhoj6k}_v>?$*8<Yu_hz^c9`^GkoBZ0Mohh4OwOL
zcNePoZ@-Xx{V8`14WhY7EYT-F)xB&<JK`KI{Pqphc=YPW2!}F_9kPugUzohj)=f|T
zE86Y=w`|Mziwhi;(TbZ@AcDY-qvdAIii(DXoXqD<>y)j6HHWCVUfs2~EiLu<;MZ8#
zX;`MwYB#XIL**n$_>PA5+Pm@3;|?ZseH`qrPi&34U!8@~Ztc97Ie+B{K;ifPR$Y4G
zt@l!IHQhD<oP!>%6I&fMd_n_?Tq_yyY?U0xWQw!l$`vEXh2?0?sq1#@t!MLKVRVG_
z0|oF366_ZmE0q`9bJxuY39h)ZH*PI7H3fub0gGq_UXX`8eh_-~XtXaU;d(3SgCeA8
zLtKm+3+;==IYI81f)IN`#m&L#SF`|gf%khQRcJ(nc35OTXc0)dymq`43(9@ChcX!-
zzovKQp)*p;f@BBcTmvne#nK7TGO}C|B+Qb9RFWO+ks?E>jI>gM*t7+m3=LdpjXFG?
z%=#|bn2I}v1|4Q0@ic;trIO-*J5_`N<&%RO>_H@7$l&R~p^xI^jhJhvQ4yS}33LQ_
z_E>7xT+CR+sjG^oA60^i;{ts}g03m1(otYHpFj;#$gQ$-6A@{rl>F;2%hXeC3pS!7
zg%WTAq2tFgBv%R5PcnvjGkAdkEnFdYNtv|#%;C1o(Yeg=t;|Vi*0grktaH`_Qr294
M);u*62n6W;7oLyL2><{9

literal 0
HcmV?d00001

diff --git a/resources.qrc b/resources.qrc
index e1bc45cf5..ea5df7969 100644
--- a/resources.qrc
+++ b/resources.qrc
@@ -80,5 +80,7 @@
 <file>./data/icons/audio-x-generic-22x22.png</file>
 <file>./data/icons/audio-x-generic-32x32.png</file>
 <file>./data/icons/audio-x-generic-16x16.png</file>
+<file>./data/www/auth.html</file>
+<file>./data/www/auth.na.html</file>
 </qresource>
 </RCC>
diff --git a/src/libtomahawk/CMakeLists.txt b/src/libtomahawk/CMakeLists.txt
index 84afbc167..6465a3ec6 100644
--- a/src/libtomahawk/CMakeLists.txt
+++ b/src/libtomahawk/CMakeLists.txt
@@ -68,6 +68,8 @@ set( libSources
     database/databasecommand_loaddynamicplaylist.cpp
     database/databasecommand_loadalldynamicplaylists.cpp
     database/databasecommand_deletedynamicplaylist.cpp
+    database/databasecommand_addclientauth.cpp
+    database/databasecommand_clientauthvalid.cpp
     database/database.cpp
 
     playlist/collectionmodel.cpp
@@ -207,6 +209,8 @@ set( libHeaders
     database/databasecommand_loaddynamicplaylist.h
     database/databasecommand_deletedynamicplaylist.h
     database/databasecommand_loadalldynamicplaylists.h
+    database/databasecommand_addclientauth.h
+    database/databasecommand_clientauthvalid.h
 
     network/bufferiodevice.h
     network/msgprocessor.h
diff --git a/src/libtomahawk/database/databasecommand_addclientauth.cpp b/src/libtomahawk/database/databasecommand_addclientauth.cpp
new file mode 100644
index 000000000..d8e705952
--- /dev/null
+++ b/src/libtomahawk/database/databasecommand_addclientauth.cpp
@@ -0,0 +1,46 @@
+/****************************************************************************************
+ * Copyright (c) 2011 Leo Franchi <lfranchi@kde.org>                                    *
+ *                                                                                      *
+ * This program is free software; you can redistribute it and/or modify it under        *
+ * the terms of the GNU General Public License as published by the Free Software        *
+ * Foundation; either version 2 of the License, or (at your option) any later           *
+ * version.                                                                             *
+ *                                                                                      *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY      *
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A      *
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.             *
+ *                                                                                      *
+ * You should have received a copy of the GNU General Public License along with         *
+ * this program.  If not, see <http://www.gnu.org/licenses/>.                           *
+ ****************************************************************************************/
+
+#include "databasecommand_addclientauth.h"
+
+DatabaseCommand_AddClientAuth::DatabaseCommand_AddClientAuth( const QString& clientToken, 
+                                                              const QString& website, 
+                                                              const QString& name, 
+                                                              const QString& userAgent,
+                                                              QObject* parent )
+    : DatabaseCommand( parent )
+    , m_clientToken( clientToken )
+    , m_website( website )
+    , m_name( name )
+    , m_userAgent( userAgent )
+{
+}
+
+void DatabaseCommand_AddClientAuth::exec(DatabaseImpl* lib)
+{
+    TomahawkSqlQuery q = lib->newquery();
+    q.prepare( "INSERT INTO http_client_auth (token, website, name, ua, mtime, permissions) VALUES (?, ?, ?, ?, ?, ?)" );
+    q.addBindValue( m_clientToken );
+    q.addBindValue( m_website );
+    q.addBindValue( m_name );
+    q.addBindValue( m_userAgent );
+    q.addBindValue( 0 );
+    q.addBindValue( "*" );
+    
+    if( !q.exec() ) {
+        qWarning() << "Failed to insert http client into auth table!";
+    }
+}
diff --git a/src/libtomahawk/database/databasecommand_addclientauth.h b/src/libtomahawk/database/databasecommand_addclientauth.h
new file mode 100644
index 000000000..fccec5947
--- /dev/null
+++ b/src/libtomahawk/database/databasecommand_addclientauth.h
@@ -0,0 +1,45 @@
+/****************************************************************************************
+ * Copyright (c) 2011 Leo Franchi <lfranchi@kde.org>                                    *
+ *                                                                                      *
+ * This program is free software; you can redistribute it and/or modify it under        *
+ * the terms of the GNU General Public License as published by the Free Software        *
+ * Foundation; either version 2 of the License, or (at your option) any later           *
+ * version.                                                                             *
+ *                                                                                      *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY      *
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A      *
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.             *
+ *                                                                                      *
+ * You should have received a copy of the GNU General Public License along with         *
+ * this program.  If not, see <http://www.gnu.org/licenses/>.                           *
+ ****************************************************************************************/
+
+#ifndef DATABASECOMMAND_ADDCLIENTAUTH_H
+#define DATABASECOMMAND_ADDCLIENTAUTH_H
+
+#include "databaseimpl.h"
+#include "databasecommand.h"
+#include "dllmacro.h"
+
+#include <QObject>
+
+class DLLEXPORT DatabaseCommand_AddClientAuth : public DatabaseCommand
+{
+    Q_OBJECT
+public:
+    explicit DatabaseCommand_AddClientAuth( QObject* parent = 0 )
+            : DatabaseCommand( parent )
+    {}
+
+    explicit DatabaseCommand_AddClientAuth( const QString& clientToken, const QString& website, const QString& name, const QString& userAgent, QObject* parent = 0 );
+
+    QString commandname() const { return "addclientauth"; }
+
+    virtual void exec( DatabaseImpl* lib );
+    virtual bool doesMutates() const { return true; }
+    
+private:
+    QString m_clientToken, m_website, m_name, m_userAgent;
+};
+
+#endif // DATABASECOMMAND_ADDCLIENTAUTH_H
diff --git a/src/libtomahawk/database/databasecommand_clientauthvalid.cpp b/src/libtomahawk/database/databasecommand_clientauthvalid.cpp
new file mode 100644
index 000000000..e751748bf
--- /dev/null
+++ b/src/libtomahawk/database/databasecommand_clientauthvalid.cpp
@@ -0,0 +1,42 @@
+/****************************************************************************************
+ * Copyright (c) 2011 Leo Franchi <lfranchi@kde.org>                                    *
+ *                                                                                      *
+ * This program is free software; you can redistribute it and/or modify it under        *
+ * the terms of the GNU General Public License as published by the Free Software        *
+ * Foundation; either version 2 of the License, or (at your option) any later           *
+ * version.                                                                             *
+ *                                                                                      *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY      *
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A      *
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.             *
+ *                                                                                      *
+ * You should have received a copy of the GNU General Public License along with         *
+ * this program.  If not, see <http://www.gnu.org/licenses/>.                           *
+ ****************************************************************************************/
+
+#include "databasecommand_clientauthvalid.h"
+
+DatabaseCommand_ClientAuthValid::DatabaseCommand_ClientAuthValid( const QString& clientToken, QObject* parent )
+    : DatabaseCommand( parent )
+    , m_clientToken( clientToken )
+{
+
+}
+
+void DatabaseCommand_ClientAuthValid::exec(DatabaseImpl* lib)
+{
+    TomahawkSqlQuery q = lib->newquery();
+    q.prepare(  "SELECT name FROM http_client_auth WHERE token = ?" );
+    q.addBindValue( m_clientToken );
+    
+    if( q.exec() ) {
+        if( q.next() ) {
+            QString name = q.value( 0 ).toString();
+            emit authValid( m_clientToken, name, true );
+        } else {
+            emit authValid( m_clientToken, QString(), false );
+        }
+    } else {
+        qWarning() << "Failed to query http auth table for client:" << m_clientToken;
+    }
+}
diff --git a/src/libtomahawk/database/databasecommand_clientauthvalid.h b/src/libtomahawk/database/databasecommand_clientauthvalid.h
new file mode 100644
index 000000000..efb3c7bb1
--- /dev/null
+++ b/src/libtomahawk/database/databasecommand_clientauthvalid.h
@@ -0,0 +1,49 @@
+/****************************************************************************************
+ * Copyright (c) 2011 Leo Franchi <lfranchi@kde.org>                                    *
+ *                                                                                      *
+ * This program is free software; you can redistribute it and/or modify it under        *
+ * the terms of the GNU General Public License as published by the Free Software        *
+ * Foundation; either version 2 of the License, or (at your option) any later           *
+ * version.                                                                             *
+ *                                                                                      *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY      *
+ * WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A      *
+ * PARTICULAR PURPOSE. See the GNU General Public License for more details.             *
+ *                                                                                      *
+ * You should have received a copy of the GNU General Public License along with         *
+ * this program.  If not, see <http://www.gnu.org/licenses/>.                           *
+ ****************************************************************************************/
+
+#ifndef DATABASECOMMAND_CLIENTAUTHVALID_H
+#define DATABASECOMMAND_CLIENTAUTHVALID_H
+
+#include "databaseimpl.h"
+#include "databasecommand.h"
+#include "dllmacro.h"
+
+#include <QObject>
+
+class DLLEXPORT DatabaseCommand_ClientAuthValid : public DatabaseCommand
+{
+    Q_OBJECT
+public:
+    explicit DatabaseCommand_ClientAuthValid( QObject* parent = 0 )
+            : DatabaseCommand( parent )
+    {}
+
+    explicit DatabaseCommand_ClientAuthValid( const QString& clientToken, QObject* parent = 0 );
+
+    QString commandname() const { return "clientauthvalid"; }
+
+    virtual void exec( DatabaseImpl* lib );
+    virtual bool doesMutates() const { return false; }
+    
+signals:
+    // if auth is invalid name is empty
+    void authValid( const QString& clientToken, const QString& name, bool valid );
+    
+private:
+    QString m_clientToken;
+};
+
+#endif // DATABASECOMMAND_CLIENTAUTHVALID_H
diff --git a/src/libtomahawk/database/databaseimpl.cpp b/src/libtomahawk/database/databaseimpl.cpp
index 7746f8a0f..5652dfae8 100644
--- a/src/libtomahawk/database/databaseimpl.cpp
+++ b/src/libtomahawk/database/databaseimpl.cpp
@@ -16,8 +16,7 @@
 */
 #include "schema.sql.h"
 
-#define CURRENT_SCHEMA_VERSION 20
-
+#define CURRENT_SCHEMA_VERSION 21
 
 DatabaseImpl::DatabaseImpl( const QString& dbname, Database* parent )
     : QObject( (QObject*) parent )
diff --git a/src/libtomahawk/database/schema.sql b/src/libtomahawk/database/schema.sql
index ad8b000d1..c30132ab9 100644
--- a/src/libtomahawk/database/schema.sql
+++ b/src/libtomahawk/database/schema.sql
@@ -241,6 +241,16 @@ CREATE TABLE IF NOT EXISTS playback_log (
 CREATE INDEX playback_log_source ON playback_log(source);
 CREATE INDEX playback_log_track ON playback_log(track);
 
+-- auth information for http clients
+
+CREATE TABLE IF NOT EXISTS http_client_auth (
+    token TEXT NOT NULL PRIMARY KEY,
+    website TEXT NOT NULL,
+    name TEXT NOT NULL,
+    ua TEXT,
+    mtime INTEGER,
+    permissions TEXT NOT NULL
+);
 
 
 -- Schema version, and misc tomahawk settings relating to the collection db
@@ -250,4 +260,4 @@ CREATE TABLE IF NOT EXISTS settings (
     v TEXT NOT NULL DEFAULT ''
 );
 
-INSERT INTO settings(k,v) VALUES('schema_version', '20');
+INSERT INTO settings(k,v) VALUES('schema_version', '21');
diff --git a/src/libtomahawk/database/schema.sql.h b/src/libtomahawk/database/schema.sql.h
index a580c1851..9283091f3 100644
--- a/src/libtomahawk/database/schema.sql.h
+++ b/src/libtomahawk/database/schema.sql.h
@@ -1,5 +1,5 @@
 /*
-    This file was automatically generated from ./schema.sql on Wed Feb 23 12:39:07 CET 2011.
+    This file was automatically generated from schema.sql on Thu Feb 24 19:05:46 EST 2011.
 */
 
 static const char * tomahawk_schema_sql = 
@@ -161,11 +161,19 @@ static const char * tomahawk_schema_sql =
 ");"
 "CREATE INDEX playback_log_source ON playback_log(source);"
 "CREATE INDEX playback_log_track ON playback_log(track);"
+"CREATE TABLE IF NOT EXISTS http_client_auth ("
+"    token TEXT NOT NULL PRIMARY KEY,"
+"    website TEXT NOT NULL,"
+"    name TEXT NOT NULL,"
+"    ua TEXT,"
+"    mtime INTEGER,"
+"    permissions TEXT NOT NULL"
+");"
 "CREATE TABLE IF NOT EXISTS settings ("
 "    k TEXT NOT NULL PRIMARY KEY,"
 "    v TEXT NOT NULL DEFAULT ''"
 ");"
-"INSERT INTO settings(k,v) VALUES('schema_version', '20');"
+"INSERT INTO settings(k,v) VALUES('schema_version', '21');"
     ;
 
 const char * get_tomahawk_sql()
diff --git a/src/tomahawk.protocol b/src/tomahawk.protocol
new file mode 100644
index 000000000..3a393aa61
--- /dev/null
+++ b/src/tomahawk.protocol
@@ -0,0 +1,12 @@
+[Protocol]
+exec=/home/leo/kde/tomahawk/build/tomahawk "%u"
+protocol=tomahawk
+input=none
+output=none
+helper=true
+listing=
+reading=false
+writing=false
+makedir=false
+deleting=false
+
diff --git a/src/web/api_v1.h b/src/web/api_v1.h
index 6d89beddd..daaacc4fb 100644
--- a/src/web/api_v1.h
+++ b/src/web/api_v1.h
@@ -17,8 +17,15 @@
 
 #include <QFile>
 #include <QSharedPointer>
+#include <QStringList>
 
 #include "network/servent.h"
+#include "tomahawkutils.h"
+#include "tomahawk/tomahawkapp.h"
+#include <database/databasecommand_addclientauth.h>
+#include <qxtwebcontent.h>
+#include <database/database.h>
+#include <database/databasecommand_clientauthvalid.h>
 
 class Api_v1 : public QxtWebSlotService
 {
@@ -32,7 +39,81 @@ public:
     }
 
 public slots:
+    
+    // authenticating uses /auth_1
+    // we redirect to /auth_2 for the callback
+    void auth_1( QxtWebRequestEvent* event ) {
+        qDebug() << "AUTH_1 HTTP" << event->url.toString();
+        
+        if( !event->url.hasQueryItem( "website" ) || !event->url.hasQueryItem( "name" ) ) {   
+            qDebug() << "Malformed HTTP resolve request";
+            send404( event );
+        }
+        
+        QString formToken = uuid();
+        
+        if( event->url.hasQueryItem( "json" ) ) { // JSON response
+            QVariantMap m;
+            m[ "formtoken" ] = formToken;
+            sendJSON( m, event );
+        } else { // webpage request
+            QString authPage = RESPATH "www/auth.html";
+            QHash< QString, QString > args;
+            if( event->url.hasQueryItem( "receiverurl" ) )
+                args[ "url" ] = QUrl::fromPercentEncoding( event->url.queryItemValue( "receiverurl" ).toUtf8() );
+            args[ "formtoken" ] = formToken;
+            args[ "website" ] = QUrl::fromPercentEncoding( event->url.queryItemValue( "website" ).toUtf8() );
+            args[ "name" ] = QUrl::fromPercentEncoding( event->url.queryItemValue( "name" ).toUtf8() );
+            sendWebpageWithArgs( event, authPage, args );
+        }
+    }
+    
+    void auth_2( QxtWebRequestEvent* event ) {
+        
+        qDebug() << "AUTH_2 HTTP" << event->url.toString();
+        QUrl url = event->url;
+        url.setEncodedQuery( event->content->readAll() );
 
+        if( !url.hasQueryItem( "website" ) || !url.hasQueryItem( "name" ) || !url.hasQueryItem( "formtoken" ) ) {   
+            qDebug() << "Malformed HTTP resolve request";
+            qDebug() << url.hasQueryItem( "website" )  << url.hasQueryItem( "name" )  << url.hasQueryItem( "formtoken" );
+            send404( event );
+            return;
+        }
+        
+        QString website = QUrl::fromPercentEncoding( url.queryItemValue( "website" ).toUtf8() );
+        QString name  = QUrl::fromPercentEncoding( url.queryItemValue( "name" ).toUtf8() );
+        QByteArray authtoken = uuid().toLatin1();
+        qDebug() << "HEADERS:" << event->headers; 
+        if( !url.hasQueryItem( "receiverurl" ) && url.queryItemValue( "receiverurl" ).isEmpty() ) { //no receiver url, so do it ourselves 
+            QString receiverUrl = QUrl::fromPercentEncoding( url.queryItemValue( "receiverurl" ).toUtf8() );
+            if( url.hasQueryItem( "json" ) ) {
+                QVariantMap m;
+                m[ "authtoken" ] = authtoken;
+                
+                sendJSON( m, event );
+            } else {
+                QString authPage = RESPATH "www/auth.na.html";
+                QHash< QString, QString > args;
+                args[ "authcode" ] = authPage;
+                args[ "website" ] = QUrl::fromPercentEncoding( url.queryItemValue( "website" ).toUtf8() );
+                args[ "name" ] = QUrl::fromPercentEncoding( url.queryItemValue( "name" ).toUtf8() );
+                sendWebpageWithArgs( event, authPage, args );
+            }
+        } else { // do what the client wants
+            QUrl receiverurl = QUrl( url.queryItemValue( "receiverurl" ).toUtf8(), QUrl::TolerantMode );
+            receiverurl.addEncodedQueryItem( "authtoken", "#" + authtoken );
+            qDebug() << "Got receiver url:" << receiverurl.toString();
+            
+            QxtWebRedirectEvent* e = new QxtWebRedirectEvent( event->sessionID, event->requestID, receiverurl.toString() );
+            postEvent( e );
+            // TODO validation of receiverurl?
+        }
+        
+        DatabaseCommand_AddClientAuth* dbcmd = new DatabaseCommand_AddClientAuth( authtoken, website, name, event->headers.key( "ua" ) );
+        Database::instance()->enqueue( QSharedPointer<DatabaseCommand>(dbcmd) );
+    }
+        
     // all v1 api calls go to /api/
     void api(QxtWebRequestEvent* event)
     {
@@ -80,18 +161,35 @@ public slots:
         qDebug() << "404" << event->url.toString();
         QxtWebPageEvent* wpe = new QxtWebPageEvent(event->sessionID, event->requestID, "<h1>Not Found</h1>");
         wpe->status = 404;
-        wpe->statusMessage = "not found";
+        wpe->statusMessage = "not feventound";
         postEvent( wpe );
     }
 
     void stat( QxtWebRequestEvent* event )
     {
+        qDebug() << "Got Stat request:" << event->url.toString();
+        m_storedEvent = event;
+        if( !event->content.isNull() )
+            qDebug() << "BODY:" << event->content->readAll();
+        if( event->url.hasQueryItem( "auth" ) ) { // check for auth status
+            DatabaseCommand_ClientAuthValid* dbcmd = new DatabaseCommand_ClientAuthValid( event->url.queryItemValue( "auth" ), this );
+            connect( dbcmd, SIGNAL( authValid( QString, QString, bool ) ), this, SLOT( statResult( QString, QString, bool ) ) );
+            Database::instance()->enqueue( QSharedPointer<DatabaseCommand>(dbcmd) );
+            
+        } else {
+            statResult( QString(), QString(), false );
+        }
+    }
+    
+    void statResult( const QString& clientToken, const QString& name, bool valid ) {
         QVariantMap m;
         m.insert( "name", "playdar" );
         m.insert( "version", "0.1.1" ); // TODO (needs to be >=0.1.1 for JS to work)
-        m.insert( "authenticated", true ); // TODO
+        m.insert( "authenticated", valid ); // TODO
         m.insert( "capabilities", QVariantList() );
-        sendJSON( m, event );
+        sendJSON( m, m_storedEvent );
+        
+        m_storedEvent = 0;
     }
 
     void resolve( QxtWebRequestEvent* event )
@@ -119,6 +217,12 @@ public slots:
         sendJSON( r, event );
     }
 
+    void staticdata( QxtWebRequestEvent* event ) {
+        if( event->url.path().contains( "playdar_auth_logo.gif" ) ) {
+            // TODO handle
+        }
+    }
+
     void get_results( QxtWebRequestEvent* event )
     {
         if( !event->url.hasQueryItem("qid") )
@@ -174,6 +278,23 @@ public slots:
         qDebug() << "JSON response" << event->url.toString() << body;
     }
 
+    // load an html template from a file, replace args from map
+    // then serve
+    void sendWebpageWithArgs( QxtWebRequestEvent* event, const QString& filenameSource, const QHash< QString, QString >& args ) {
+        if( !QFile::exists( filenameSource ) )
+            qWarning() << "Passed invalid file for html source:" << filenameSource;
+        
+        QFile f( filenameSource );
+        f.open( QIODevice::ReadOnly );
+        QByteArray html = f.readAll();
+        
+        foreach( const QString& param, args.keys() ) {
+            html.replace( QString( "<%%1%>" ).arg( param.toUpper() ), args.value( param ).toUtf8() );
+        }
+        
+        QxtWebPageEvent* e = new QxtWebPageEvent( event->sessionID, event->requestID, html );
+        postEvent( e );
+    }
 
     void index(QxtWebRequestEvent* event)
     {
@@ -182,6 +303,8 @@ public slots:
 
     }
 
+private:
+    QxtWebRequestEvent* m_storedEvent;
 };
 
 #endif