auth::login now emites a url safe api session key

models::_USER_ONLINE updated to suppress unused var warnings

server/src/auth.rs

@@ -145,12 +145,13 @@ pub fn login(conn: DBConn, api_key: Form<AuthKey>) -> AuthResult<JsonValue, Auth
      * Session Tokens are used to key into a subset of online users
      * This is what should make queries faster per instance as we'll have less data to sift through w/ diesel
     */
+    use utils::encode_param;
 
     if confirm_user_api_access(&conn.0, api_key.id, &api_key.secret) {
         blind_remove_session(&conn.0, &api_key.secret);
         let key = create_new_session_key(&conn.0);
         match key {
-            Some(data) => Ok(json!({"key": data})),
+            Some(data) => Ok(json!({"key": encode_param(&data)})),
             None => Err(AuthErr {
                 msg: "Could not create session",
                 status: 500

server/src/models.rs

@@ -30,7 +30,7 @@ pub struct User {
 }
 
 pub const USER_OFFLINE: i32 = 1;
-pub const USER_ONLINE: i32 = 2;
+pub const _USER_ONLINE: i32 = 2;
 pub const _USER_AWAY: i32 = 3;
 pub const _USER_DO_NOT_DISTRUB: i32 = 4;