Redesigned API URL structure. Updated ts_api to implement this.

Implemented ts_api:list_timelines/2.
Adjusted ts_timeline:list/3 to be 0-indexed.
Changed ts_user password hash to use a random salt + SHA1
Added some skeleton testing code.

src/ts_user.erl

@@ -1,5 +1,6 @@
 -module(ts_user).
--export([create_table/1, new/1, update/1, lookup/1, list/2]).
+%-export([create_table/1, new/1, update/1, lookup/1, list/2]).
+-compile(export_all).
 
 -include("ts_db_records.hrl").
 -include_lib("stdlib/include/qlc.hrl").
@@ -30,17 +31,13 @@ lookup(Username) ->
 list(Start, Length) -> ts_common:list(ts_user, Start, Length).
 
 hash_input_record(User=#ts_user{}) ->
-    % generate the password salt
-    Salt = generate_salt(),
-    % hash the password
-    HashedPwd = hash_pwd(User#ts_user.username, Salt),
     % create a new User record
+    {HashedPwd, Salt} = hash_pwd(User#ts_user.pwd),
     User#ts_user{pwd = HashedPwd, pwd_salt = Salt}.
     
-generate_salt() ->
-    "This is a worthless salt value only suitable for testing.".
+generate_salt() -> crypto:rand_bytes(36).
 
-hash_pwd(Password, Salt) -> do_hash(Password ++ Salt, []).
-
-do_hash([], Hashed) -> Hashed;
-do_hash([Char|Pwd], Hashed) -> do_hash(Pwd, [Char + 13 | Hashed]).
+hash_pwd(Password) -> 
+    Salt = generate_salt(),
+    Hashed = crypto:sha(Password ++ Salt),
+    {Hashed, Salt}.