Beginning og LastFM support: one can link an account

db.py

@@ -54,6 +54,8 @@ class User(Base):
 	password = Column(String(40))
 	salt = Column(String(6))
 	admin = Column(Boolean, default = False)
+	lastfm_session = Column(String(32), nullable = True)
+	lastfm_status = Column(Boolean, default = True) # True: ok/unlinked, False: invalid session
 
 class Folder(Base):
 	__tablename__ = 'folder'

templates/profile.html

@@ -4,7 +4,18 @@
 <ul>
 	{% if user.admin %}<li>You're an admin!</li>{% endif %}
 	<li><strong>Email</strong>: {{ user.mail }} - <a href="{{ url_for('change_mail') }}">Change</a></li>
-	<li><strong>LastFM status</strong>: Unavailable</li>
+	<li>
+		<strong>LastFM status</strong>:
+		{% if api_key %}
+			{% if user.lastfm_session %}
+				{% if user.lastfm_status %}Linked{% else %}Invalid session{% endif %} - <a href="{{ url_for('lastfm_unreg') }}">Unlink</a>
+			{% else %}
+				Unlinked - <a href="http://www.last.fm/api/auth/?api_key={{ api_key }}&cb={{ request.url_root[:-(request.script_root|length+1)] + url_for('lastfm_reg') }}">Link</a>
+			{% endif %}
+		{% else %}
+			Unavailable
+		{% endif %}
+	</li>
 	<li><a href="{{ url_for('change_password') }}">Change password</a></li>
 </ul>
 {% endblock %}

user.py

@@ -1,10 +1,12 @@
 # coding: utf-8
 
 from flask import request, session, flash, render_template, redirect, url_for
+import requests, hashlib
 
 from web import app
 from user_manager import UserManager
 from db import User, session as db_sess
+import config
 
 @app.before_request
 def check_admin():
@@ -23,7 +25,7 @@ def user_index():
 
 @app.route('/user/me')
 def user_profile():
-	return render_template('profile.html', user = UserManager.get(session.get('userid'))[1])
+	return render_template('profile.html', user = UserManager.get(session.get('userid'))[1], api_key = config.get('LASTFM_KEY'))
 
 @app.route('/user/changemail', methods = [ 'GET', 'POST' ])
 def change_mail():
@@ -105,6 +107,47 @@ def del_user(uid):
 
 	return redirect(url_for('user_index'))
 
+@app.route('/user/lastfm/link')
+def lastfm_reg():
+	token = request.args.get('token')
+	if token in ('', None):
+		flash('Missing LastFM auth token')
+		return redirect(url_for('user_profile'))
+
+	p = {
+		'api_key': config.get('LASTFM_KEY'),
+		'method': 'auth.getSession',
+		'token': token
+	}
+	sig_str = ''
+	for k, v in sorted(p.iteritems()):
+		sig_str += k + v
+	sig = hashlib.md5(sig_str + config.get('LASTFM_SECRET')).hexdigest()
+
+	p['api_sig'] = sig
+	p['format'] = 'json'
+
+	r = requests.get('http://ws.audioscrobbler.com/2.0/', params = p)
+	if 'error' in r.json:
+		flash('Error %i: %s' % (r.json['error'], r.json['message']))
+	else:
+		user = UserManager.get(session.get('userid'))[1]
+		user.lastfm_session = r.json['session']['key']
+		user.lastfm_status = True
+		db_sess.commit()
+		flash('Successfully linked LastFM account')
+
+	return redirect(url_for('user_profile'))
+
+@app.route('/user/lastfm/unlink')
+def lastfm_unreg():
+	user = UserManager.get(session.get('userid'))[1]
+	user.lastfm_session = None
+	user.lastfm_status = True
+	db_sess.commit()
+	flash('Unliked LastFM account')
+	return redirect(url_for('user_profile'))
+
 @app.route('/user/login', methods = [ 'GET', 'POST'])
 def login():
 	return_url = request.args.get('returnUrl') or url_for('index')