2 files changed, 35 insertions, 18 deletions
diff --git a/modern.go b/modern.go
index 83feb5d..47b3a1d 100644
--- a/modern.go
+++ b/modern.go
@@ -1,6 +1,7 @@
 package main
 
 import (
+	"database/sql"
 	"database/sql/driver"
 	"encoding/json"
 	"encoding/xml"
@@ -34,10 +35,10 @@ type Name struct {
 }
 
 type Token struct {
-	XMLName xml.Name  `xml:"token" json:"-"`
-	Val     string    `xml:",innerxml" json:"token"`
-	Created time.Time `xml:"-" json:"-"`
-	UserId  int       `xml:"-" json:"-"`
+	XMLName xml.Name      `xml:"token" json:"-"`
+	Val     string        `xml:",innerxml" json:"token"`
+	Created time.Time     `xml:"-" json:"-"`
+	UserId  sql.NullInt64 `xml:"-" json:"-"`
 }
 
 type LFMResponse struct {
@@ -120,8 +121,8 @@ func (store *SqlStore) AuthGetSession(r *http.Request) (ApiResponse, error) {
 				// FIXME: error 15
 				return nil, errors.New("This token has expired")
 			} else {
-				if token.UserId != 0 {
-					user := &User{Id: token.UserId}
+				if token.UserId.Valid {
+					user := &User{Id: int(token.UserId.Int64)}
 					if err := store.GetUser(user); err != nil {
 						return nil, err
 					} else {
diff --git a/web.go b/web.go
index 1646b31..ea9e5cd 100644
--- a/web.go
+++ b/web.go
@@ -1,12 +1,14 @@
 package main
 
 import (
+	"database/sql"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"log"
 	"net/http"
+	"net/url"
 	"time"
 
 	_ "github.com/lib/pq"
@@ -96,12 +98,18 @@ func (app *App) callback(w http.ResponseWriter, r *http.Request) {
 	s.UserName = user.Name
 	app.InsertUserSession(s)
 	app.SetCookie(w, "session", s, 86400*30)
-	var lfmtoken string
-	app.GetCookie(r, "lfmtoken", &lfmtoken)
-	if lfmtoken != "" {
-		http.Redirect(w, r, "api/auth", http.StatusTemporaryRedirect)
+
+	var lfmauth struct {
+		Token  string
+		ApiKey string
 	}
-	if newUser {
+
+	if err := app.GetCookie(r, "lfmauth", &lfmauth); err == nil {
+		v := url.Values{}
+		v.Set("token", lfmauth.Token)
+		v.Add("api_key", lfmauth.ApiKey)
+		http.Redirect(w, r, "api/auth/?"+v.Encode(), http.StatusTemporaryRedirect)
+	} else if newUser {
 		http.Redirect(w, r, "/settings", http.StatusTemporaryRedirect)
 	} else {
 		http.Redirect(w, r, "/", http.StatusFound)
@@ -112,19 +120,27 @@ func (app *App) auth(w http.ResponseWriter, r *http.Request) {
 	se := new(UserSession)
 	err := app.GetCookie(r, "session", se)
 	if err != nil {
-		app.SetCookie(w, "lfmtoken", r.FormValue("token"), 120)
-		app.SetCookie(w, "lfmkey", r.FormValue("api_key"), 120)
+		app.SetCookie(w, "lfmauth",
+			struct {
+				Token  string
+				ApiKey string
+			}{r.FormValue("token"),
+				r.FormValue("api_key")}, 120)
 		http.Redirect(w, r, "/login", http.StatusFound)
 		return
 	}
-	key := r.FormValue("api_key")
-	if c, err := app.GetClient(key); err != nil {
-		fmt.Printf("%v\n", err)
+	if r.FormValue("api_key") == "" || r.FormValue("token") == "" {
+		log.Println("Invalid parameters")
+		return
+	}
+	if c, err := app.GetClient(r.FormValue("api_key")); err != nil {
+		log.Println(err)
 	} else {
 		if token, err := app.GetToken(r.FormValue("token")); err != nil {
-			return
+			log.Println(err)
 		} else {
-			token.UserId = se.UserId
+			token.UserId = sql.NullInt64{Int64: int64(se.UserId),
+				Valid: true}
 			app.PutToken(token)
 			app.Template.ExecuteTemplate(w, "auth.tmpl", c.Name)
 		}