From 9c394756ccc0746c5e25ffd66a5916a5f77607b7 Mon Sep 17 00:00:00 2001
From: RJ <rj@metabrew.com>
Date: Mon, 8 Jun 2009 16:37:07 +0100
Subject: [PATCH] schema bump to version 2, auth codes now stored alongside the
 browser user-agent that authed them. addresses issue #6

---
 .../moost_http/include/moost/http/request.hpp | 13 ++++++++++
 etc/schema.sql                                |  4 +++-
 includes/playdar/auth.hpp                     | 14 ++++++-----
 includes/playdar/playdar_request.h            |  3 ++-
 resolvers/local/library.cpp                   |  5 +++-
 resolvers/local/library_sql.h                 | 24 ++++---------------
 src/playdar_request.cpp                       |  2 ++
 src/playdar_request_handler.cpp               |  7 +++---
 8 files changed, 40 insertions(+), 32 deletions(-)

diff --git a/deps/moost_http/include/moost/http/request.hpp b/deps/moost_http/include/moost/http/request.hpp
index d395982..d90e74f 100644
--- a/deps/moost_http/include/moost/http/request.hpp
+++ b/deps/moost_http/include/moost/http/request.hpp
@@ -30,6 +30,19 @@ struct request
     }
     return result;
   }
+  
+  /// we need a const way to grab headers too:
+  const std::string header_value(const std::string & header_name) const
+  {
+    std::vector<header>::const_iterator result;
+    for (result = headers.begin(); result != headers.end(); ++result)
+    {
+      if (boost::algorithm::iequals(result->name, header_name)) return result->value;
+    }
+    return "";  
+  }
+  
+  
 };
 
 }} // moost::http
diff --git a/etc/schema.sql b/etc/schema.sql
index 43d9768..1139569 100644
--- a/etc/schema.sql
+++ b/etc/schema.sql
@@ -78,10 +78,12 @@ CREATE INDEX file_join_track ON file_join(track);
 
 -- HTTP Authentication 
 
+DROP TABLE IF EXISTS playdar_auth;
 CREATE TABLE IF NOT EXISTS playdar_auth (
     token TEXT NOT NULL PRIMARY KEY,
     website TEXT NOT NULL,
     name TEXT NOT NULL,
+    ua TEXT NOT NULL,
     mtime INTEGER NOT NULL,
     permissions TEXT NOT NULL
 );
@@ -92,7 +94,7 @@ CREATE TABLE IF NOT EXISTS playdar_system (
     key TEXT NOT NULL PRIMARY KEY,
     value TEXT NOT NULL DEFAULT ''
 );
-INSERT INTO playdar_system(key,value) VALUES('schema_version', '1');
+INSERT INTO playdar_system(key,value) VALUES('schema_version', '2');
 
 -- Settings NOT USED
 
diff --git a/includes/playdar/auth.hpp b/includes/playdar/auth.hpp
index 5c67240..8a117f4 100644
--- a/includes/playdar/auth.hpp
+++ b/includes/playdar/auth.hpp
@@ -53,12 +53,13 @@ class auth
     {
         boost::mutex::scoped_lock lock(m_mut);
         std::vector< std::map<std::string,std::string> > ret;
-        sqlite3pp::query qry(m_db, "SELECT token, website, name FROM playdar_auth ORDER BY mtime DESC");
+        sqlite3pp::query qry(m_db, "SELECT token, website, name, ua FROM playdar_auth ORDER BY mtime DESC");
         for(sqlite3pp::query::iterator i = qry.begin(); i!=qry.end(); ++i){
             std::map<std::string,std::string> m;
             m["token"]   = std::string((*i).get<const char *>(0));
             m["website"] = std::string((*i).get<const char *>(1));
             m["name"]    = std::string((*i).get<const char *>(2));
+            m["ua"]    = std::string((*i).get<const char *>(3));
             ret.push_back( m );
         }
         return ret;
@@ -74,18 +75,19 @@ class auth
         cmd.execute();
     }
     
-    void create_new(std::string token, std::string website, std::string name)
+    void create_new(const std::string &token, const std::string &website, const std::string &name, const std::string &ua )
     {
         boost::mutex::scoped_lock lock(m_mut);
         std::string sql = "INSERT INTO playdar_auth "
-                     "(token, website, name, mtime, permissions) "
-                     "VALUES(?, ?, ?, ?, ?)";
+                     "(token, website, name, ua, mtime, permissions) "
+                     "VALUES(?, ?, ?, ?, ?, ?)";
         sqlite3pp::command cmd(m_db, sql.c_str());
         cmd.bind(1, token.c_str(), true);
         cmd.bind(2, website.c_str(), true);
         cmd.bind(3, name.c_str(), true);
-        cmd.bind(4, 0);
-        cmd.bind(5, "*", true);
+        cmd.bind(4, ua.c_str(), true);
+        cmd.bind(5, 0);
+        cmd.bind(6, "*", true);
         cmd.execute();
     }
     
diff --git a/includes/playdar/playdar_request.h b/includes/playdar/playdar_request.h
index 903e07b..46f31a8 100644
--- a/includes/playdar/playdar_request.h
+++ b/includes/playdar/playdar_request.h
@@ -41,13 +41,14 @@ class playdar_request {
     const std::string getvar( const std::string& s ) const{ return m_getvars.find(s)->second; }
     const std::string postvar( const std::string& s ) const{ return m_postvars.find(s)->second; }
     const std::vector<std::string>& parts() const{ return m_parts; }
-    
+    const std::string& useragent() const { return m_useragent; }
 private:
     
     void collect_parts( const std::string & url, std::vector<std::string>& parts );
     int collect_params(const std::string & url, std::map<std::string,std::string> & vars);
     
     std::string m_url;
+    std::string m_useragent;
     std::vector<std::string> m_parts;
     std::map<std::string, std::string> m_getvars;
     std::map<std::string, std::string> m_postvars;    
diff --git a/resolvers/local/library.cpp b/resolvers/local/library.cpp
index 57712b3..3d829f7 100644
--- a/resolvers/local/library.cpp
+++ b/resolvers/local/library.cpp
@@ -66,9 +66,12 @@ Library::check_db()
       cout << "Database schema detected as version " << val << endl;
       // check the schema version is what we expect
       // TODO auto-upgrade to newest schema version as needed.
-      if( val != "1" )
+      if( val != "2" )
       {
         cerr << "Schema version too old. TODO handle auto-upgrades" << endl;
+        cerr << "To upgrade from 1->2, run this: alter table playdar_auth add column ua text not null default \"\"; update playdar_system set value=\"2\" where key=\"schema_version\";"
+        << endl;
+
         throw; // not caught here
       }
       // OK.
diff --git a/resolvers/local/library_sql.h b/resolvers/local/library_sql.h
index 4319ebb..a190238 100644
--- a/resolvers/local/library_sql.h
+++ b/resolvers/local/library_sql.h
@@ -1,23 +1,5 @@
 /*
-    Playdar - music content resolver
-    Copyright (C) 2009  Richard Jones
-    Copyright (C) 2009  Last.fm Ltd.
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-*/
-/*
-    This file was automatically generated from schema.sql on Fri May 29 11:06:27 GMTDT 2009.
+    This file was automatically generated from ./schema.sql on Mon Jun  8 15:53:47 BST 2009.
 */
 namespace playdar {
 
@@ -78,10 +60,12 @@ static const char * playdar_schema_sql =
 "    album INTEGER REFERENCES album(id) ON DELETE CASCADE ON UPDATE CASCADE"
 ");"
 "CREATE INDEX file_join_track ON file_join(track);"
+"DROP TABLE IF EXISTS playdar_auth;"
 "CREATE TABLE IF NOT EXISTS playdar_auth ("
 "    token TEXT NOT NULL PRIMARY KEY,"
 "    website TEXT NOT NULL,"
 "    name TEXT NOT NULL,"
+"    ua TEXT NOT NULL,"
 "    mtime INTEGER NOT NULL,"
 "    permissions TEXT NOT NULL"
 ");"
@@ -89,7 +73,7 @@ static const char * playdar_schema_sql =
 "    key TEXT NOT NULL PRIMARY KEY,"
 "    value TEXT NOT NULL DEFAULT ''"
 ");"
-"INSERT INTO playdar_system(key,value) VALUES('schema_version', '1');"
+"INSERT INTO playdar_system(key,value) VALUES('schema_version', '2');"
     ;
 
 const char * get_playdar_sql()
diff --git a/src/playdar_request.cpp b/src/playdar_request.cpp
index 3b7b9fc..a4a8bae 100644
--- a/src/playdar_request.cpp
+++ b/src/playdar_request.cpp
@@ -46,6 +46,8 @@ playdar_request::playdar_request( const moost::http::request& req )
     
     collect_parts( m_url, m_parts );
     
+    m_useragent = req.header_value("User-Agent");
+    
     // get rid of cruft from leading/trailing "/" and split:
     if(m_parts.size() && m_parts[0]=="") m_parts.erase(m_parts.begin());
 }
diff --git a/src/playdar_request_handler.cpp b/src/playdar_request_handler.cpp
index 6d64989..32b5a61 100644
--- a/src/playdar_request_handler.cpp
+++ b/src/playdar_request_handler.cpp
@@ -175,7 +175,7 @@ playdar_request_handler::handle_auth2( const playdar_request& req, moost::http::
     if(m_pauth->consume_formtoken(req.postvar("formtoken")))
     {
         string tok = app()->resolver()->gen_uuid(); 
-        m_pauth->create_new(tok, req.postvar("website"), req.postvar("name"));
+        m_pauth->create_new(tok, req.postvar("website"), req.postvar("name"), req.useragent() );
         if( !req.postvar_exists("receiverurl") ||
             req.postvar("receiverurl")=="" )
         {
@@ -416,7 +416,7 @@ playdar_request_handler::handle_settings( const playdar_request& req,
             <<  "<tr style=\"font-weight:bold;\">"
             <<   "<td>Name</td>"
             <<   "<td>Website</td>"
-            <<   "<td>Auth Code</td>"
+            <<   "<td>Auth Code / User-Agent</td>"
             <<   "<td>Options</td>"
             <<  "</tr>"
             << endl;
@@ -428,7 +428,8 @@ playdar_request_handler::handle_settings( const playdar_request& req,
             os  << "<tr style=\"background-color:" << ((i++%2==0)?"#ccc":"") << ";\">"
                 <<  "<td>" << m["name"] << "</td>"
                 <<  "<td>" << m["website"] << "</td>"
-                <<  "<td>" << m["token"] << "</td>"
+                <<  "<td>" << m["token"] << "<br/><small>"
+                <<  m["ua"] << "</small></td>"
                 <<  "<td><a href=\"/settings/auth/?revoke="  
                 << m["token"] <<"\">Revoke</a>"
                 <<  "</td>"