+// Package fitbit implements functions to interact with the Fitbit API.
package fitbit
import (
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
+ "encoding/hex"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
+ "strings"
"time"
"github.com/octo/kraftakt/app"
"golang.org/x/oauth2"
oauth2fitbit "golang.org/x/oauth2/fitbit"
+ "google.golang.org/appengine"
"google.golang.org/appengine/log"
)
-var oauth2Config = &oauth2.Config{
- ClientID: app.Config.FitbitClientID,
- ClientSecret: app.Config.FitbitClientSecret,
- Endpoint: oauth2fitbit.Endpoint,
- RedirectURL: "https://kraftakt.octo.it/fitbit/grant",
- Scopes: []string{
- "activity",
- "heartrate",
- "profile",
- "sleep",
- },
+func oauthConfig() *oauth2.Config {
+ return &oauth2.Config{
+ ClientID: app.Config.FitbitClientID,
+ ClientSecret: app.Config.FitbitClientSecret,
+ Endpoint: oauth2fitbit.Endpoint,
+ RedirectURL: "https://kraftakt.octo.it/fitbit/grant",
+ Scopes: []string{
+ "activity",
+ "heartrate",
+ "profile",
+ "sleep",
+ },
+ }
}
-const csrfToken = "@CSRFTOKEN@"
-
-func AuthURL() string {
- return oauth2Config.AuthCodeURL(csrfToken, oauth2.AccessTypeOffline)
+// AuthURL returns the URL of the Fitbit consent screen. Users are redirected
+// there to approve Fitbit minting an OAuth2 token for us.
+func AuthURL(ctx context.Context, u *app.User) string {
+ return oauthConfig().AuthCodeURL(u.Sign("Fitbit"), oauth2.AccessTypeOffline)
}
+// ParseToken parses the request of the user being redirected back from the
+// consent screen. The parsed token is stored in u using SetToken().
func ParseToken(ctx context.Context, r *http.Request, u *app.User) error {
- if state := r.FormValue("state"); state != csrfToken {
+ if state := r.FormValue("state"); state != u.Sign("Fitbit") {
return fmt.Errorf("invalid state parameter: %q", state)
}
- tok, err := oauth2Config.Exchange(ctx, r.FormValue("code"))
+ tok, err := oauthConfig().Exchange(ctx, r.FormValue("code"))
if err != nil {
return err
}
return u.SetToken(ctx, "Fitbit", tok)
}
+// CheckSignature validates that rawSig is a valid signature of payload. This
+// is used by the Fitbit API to ansure that the receiver can verify that the
+// sender has access to the OAuth2 client secret.
func CheckSignature(ctx context.Context, payload []byte, rawSig string) bool {
signatureGot, err := base64.StdEncoding.DecodeString(rawSig)
if err != nil {
return false
}
- mac := hmac.New(sha1.New, []byte(oauth2Config.ClientSecret+"&"))
+ mac := hmac.New(sha1.New, []byte(oauthConfig().ClientSecret+"&"))
mac.Write(payload)
signatureWant := mac.Sum(nil)
+ if !hmac.Equal(signatureGot, signatureWant) {
+ log.Debugf(ctx, "CheckSignature(): got %q, want %q",
+ hex.EncodeToString(signatureGot),
+ hex.EncodeToString(signatureWant))
+ }
+
return hmac.Equal(signatureGot, signatureWant)
}
SubscriptionID string `json:"subscriptionId"`
}
+func (s Subscription) String() string {
+ return fmt.Sprintf("https://api.fitbit.com/1/%s/%s/%s/apiSubscriptions/%s.json",
+ s.OwnerType, s.OwnerID, s.CollectionType, s.SubscriptionID)
+}
+
type Client struct {
fitbitUserID string
appUser *app.User
fitbitUserID = "-"
}
- c, err := u.OAuthClient(ctx, "Fitbit", oauth2Config)
+ c, err := u.OAuthClient(ctx, "Fitbit", oauthConfig())
if err != nil {
- return nil, err
+ return nil, fmt.Errorf("OAuthClient(%q) = %v", "Fitbit", err)
}
return &Client{
}, nil
}
+// ActivitySummary returns the daily activity summary.
+//
+// See https://dev.fitbit.com/build/reference/web-api/activity/#get-daily-activity-summary for details.
func (c *Client) ActivitySummary(ctx context.Context, date string) (*ActivitySummary, error) {
url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/activities/date/%s.json",
c.fitbitUserID, date)
}
defer res.Body.Close()
- data, _ := ioutil.ReadAll(res.Body)
+ data, err := ioutil.ReadAll(res.Body)
+ if err != nil {
+ return nil, err
+ }
log.Debugf(ctx, "GET %s -> %s", url, data)
var summary ActivitySummary
return &summary, nil
}
+func (c *Client) subscriberID(collection string) string {
+ return fmt.Sprintf("%s:%s", c.appUser.ID, collection)
+}
+
+// UserFromSubscriberID parses the user ID from the subscriber ID and calls
+// app.UserByID() with the user ID.
+func UserFromSubscriberID(ctx context.Context, subscriberID string) (*app.User, error) {
+ uid := strings.Split(subscriberID, ":")[0]
+ return app.UserByID(ctx, uid)
+}
+
+// Subscribe subscribes to one collection of the user. It uses a per-collection
+// subscription ID so that we can subscribe to more than one collection.
+//
+// See https://dev.fitbit.com/build/reference/web-api/subscriptions/#adding-a-subscription for details.
func (c *Client) Subscribe(ctx context.Context, collection string) error {
- subscriberID, err := c.appUser.ID(ctx)
+ url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions/%s.json",
+ c.fitbitUserID, collection, c.subscriberID(collection))
+ res, err := c.client.Post(url, "", nil)
if err != nil {
return err
}
+ defer res.Body.Close()
+
+ if res.StatusCode >= 400 && res.StatusCode != http.StatusConflict {
+ data, _ := ioutil.ReadAll(res.Body)
+ return fmt.Errorf("creating %q subscription failed: status %d %q", collection, res.StatusCode, data)
+ }
+ if res.StatusCode == http.StatusConflict {
+ log.Infof(ctx, "creating %q subscription: already exists", collection)
+ }
+
+ return nil
+}
+
+func (c *Client) unsubscribe(ctx context.Context, userID, collection, subscriptionID string) error {
+ if userID == "" {
+ userID = c.fitbitUserID
+ }
url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions/%s.json",
- c.fitbitUserID, collection, subscriberID)
- res, err := c.client.Post(url, "", nil)
+ userID, collection, subscriptionID)
+ req, err := http.NewRequest(http.MethodDelete, url, nil)
+ if err != nil {
+ return err
+ }
+
+ res, err := c.client.Do(req.WithContext(ctx))
if err != nil {
return err
}
defer res.Body.Close()
- if res.StatusCode >= 400 && res.StatusCode != http.StatusConflict {
+ if res.StatusCode >= 400 && res.StatusCode != http.StatusNotFound {
data, _ := ioutil.ReadAll(res.Body)
- log.Errorf(ctx, "creating subscription failed: status %d %q", res.StatusCode, data)
- return fmt.Errorf("creating subscription failed")
+ return fmt.Errorf("deleting %q subscription failed: status %d %q", collection, res.StatusCode, data)
+ }
+ if res.StatusCode == http.StatusNotFound {
+ log.Infof(ctx, "deleting %q subscription: not found", collection)
}
return nil
}
+// UnsubscribeAll gets a list of all subscriptions we have with the user's
+// account and deletes all found subscriptions.
+//
+// See https://dev.fitbit.com/build/reference/web-api/subscriptions/#deleting-a-subscription for details.
+func (c *Client) UnsubscribeAll(ctx context.Context) error {
+ var errs appengine.MultiError
+
+ for _, collection := range []string{"activities", "sleep"} {
+ subs, err := c.ListSubscriptions(ctx, collection)
+ if err != nil {
+ errs = append(errs, err)
+ continue
+ }
+
+ for _, sub := range subs {
+ if err := c.unsubscribe(ctx, sub.OwnerID, sub.CollectionType, sub.SubscriptionID); err != nil {
+ errs = append(errs, err)
+ }
+ }
+ }
+ if len(errs) != 0 {
+ return errs
+ }
+
+ return nil
+}
+
+// ListSubscriptions returns a list of all subscriptions for a given collection
+// the OAuth2 client has to a user's account.
+func (c *Client) ListSubscriptions(ctx context.Context, collection string) ([]Subscription, error) {
+ url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions.json", c.fitbitUserID, collection)
+ res, err := c.client.Get(url)
+ if err != nil {
+ return nil, fmt.Errorf("Get(%q) = %v", url, err)
+ }
+ defer res.Body.Close()
+
+ if res.StatusCode == http.StatusNotFound {
+ log.Infof(ctx, "get %q subscription: not found", collection)
+ return nil, nil
+ }
+
+ data, err := ioutil.ReadAll(res.Body)
+ if err != nil {
+ return nil, err
+ }
+ log.Debugf(ctx, "GET %s -> %s", url, data)
+
+ if res.StatusCode >= 400 {
+ return nil, fmt.Errorf("Get(%q) = %d", url, res.StatusCode)
+ }
+
+ var parsed struct {
+ Subscriptions []Subscription `json:"apiSubscriptions"`
+ }
+ if err := json.Unmarshal(data, &parsed); err != nil {
+ return nil, err
+ }
+
+ var errs appengine.MultiError
+ var ret []Subscription
+ for _, sub := range parsed.Subscriptions {
+ if sub.CollectionType != collection {
+ errs = append(errs, fmt.Errorf("unexpected collection type: got %q, want %q", sub.CollectionType, collection))
+ continue
+ }
+ if sub.SubscriptionID == "" {
+ errs = append(errs, fmt.Errorf("missing subscription ID: %+v", sub))
+ continue
+ }
+ if sub.OwnerID == "" {
+ sub.OwnerID = c.fitbitUserID
+ }
+ ret = append(ret, sub)
+ }
+
+ if len(ret) == 0 && len(errs) != 0 {
+ return nil, errs
+ }
+
+ for _, err := range errs {
+ log.Warningf(ctx, "%v", err)
+ }
+
+ return ret, nil
+}
+
+// DeleteToken deletes the Fitbit OAuth2 token.
+func (c *Client) DeleteToken(ctx context.Context) error {
+ return c.appUser.DeleteToken(ctx, "Fitbit")
+}
+
+// Provile contains data about the user.
+// It only contains the subset of fields required by Kraftakt.
type Profile struct {
Name string
Timezone *time.Location
}
+// Profile returns the profile information of the user.
func (c *Client) Profile(ctx context.Context) (*Profile, error) {
res, err := c.client.Get("https://api.fitbit.com/1/user/-/profile.json")
if err != nil {
if res.StatusCode >= 400 {
data, _ := ioutil.ReadAll(res.Body)
- log.Errorf(ctx, "reading profile failed: %s", data)
- return nil, fmt.Errorf("HTTP %d error", res.StatusCode)
+ return nil, fmt.Errorf("reading profile failed: %s", data)
}
var data struct {