// Package fitbit implements functions to interact with the Fitbit API. package fitbit import ( "context" "crypto/hmac" "crypto/sha1" "encoding/base64" "encoding/hex" "encoding/json" "fmt" "io/ioutil" "net/http" "net/url" "strings" "time" "github.com/octo/kraftakt/app" "github.com/octo/retry" "golang.org/x/oauth2" oauth2fitbit "golang.org/x/oauth2/fitbit" "google.golang.org/appengine" "google.golang.org/appengine/log" "google.golang.org/appengine/urlfetch" ) func oauthConfig() *oauth2.Config { return &oauth2.Config{ ClientID: app.Config.FitbitClientID, ClientSecret: app.Config.FitbitClientSecret, Endpoint: oauth2fitbit.Endpoint, RedirectURL: "https://kraftakt.octo.it/fitbit/grant", Scopes: []string{ "activity", "heartrate", "profile", "sleep", }, } } // AuthURL returns the URL of the Fitbit consent screen. Users are redirected // there to approve Fitbit minting an OAuth2 token for us. func AuthURL(ctx context.Context, u *app.User) string { return oauthConfig().AuthCodeURL(u.Sign("Fitbit"), oauth2.AccessTypeOffline) } // ParseToken parses the request of the user being redirected back from the // consent screen. The parsed token is stored in u using SetToken(). func ParseToken(ctx context.Context, r *http.Request, u *app.User) error { if state := r.FormValue("state"); state != u.Sign("Fitbit") { return fmt.Errorf("invalid state parameter: %q", state) } tok, err := oauthConfig().Exchange(ctx, r.FormValue("code")) if err != nil { return err } return u.SetToken(ctx, "Fitbit", tok) } // CheckSignature validates that rawSig is a valid signature of payload. This // is used by the Fitbit API to ansure that the receiver can verify that the // sender has access to the OAuth2 client secret. func CheckSignature(ctx context.Context, payload []byte, rawSig string) bool { signatureGot, err := base64.StdEncoding.DecodeString(rawSig) if err != nil { log.Errorf(ctx, "base64.StdEncoding.DecodeString(%q) = %v", rawSig, err) return false } mac := hmac.New(sha1.New, []byte(oauthConfig().ClientSecret+"&")) mac.Write(payload) signatureWant := mac.Sum(nil) if !hmac.Equal(signatureGot, signatureWant) { log.Debugf(ctx, "CheckSignature(): got %q, want %q", hex.EncodeToString(signatureGot), hex.EncodeToString(signatureWant)) } return hmac.Equal(signatureGot, signatureWant) } type Activity struct { ActivityID int `json:"activityId"` ActivityParentID int `json:"activityParentId"` ActivityParentName string `json:"activityParentName"` Calories int `json:"calories"` Description string `json:"description"` Distance float64 `json:"distance"` Duration int `json:"duration"` HasStartTime bool `json:"hasStartTime"` IsFavorite bool `json:"isFavorite"` LastModified time.Time `json:"lastModified"` LogID int `json:"logId"` Name string `json:"name"` StartTime string `json:"startTime"` StartDate string `json:"startDate"` Steps int `json:"steps"` } type Distance struct { Activity string `json:"activity"` Distance float64 `json:"distance"` } type HeartRateZone struct { Name string `json:"name"` Min int `json:"min"` Max int `json:"max"` Minutes int `json:"minutes"` CaloriesOut float64 `json:"caloriesOut"` } type ActivitySummary struct { Activities []Activity `json:"activities"` Goals struct { CaloriesOut int `json:"caloriesOut"` Distance float64 `json:"distance"` Floors int `json:"floors"` Steps int `json:"steps"` } `json:"goals"` Summary struct { ActiveScore int `json:"activeScore"` ActivityCalories int `json:"activityCalories"` CaloriesBMR int `json:"caloriesBMR"` CaloriesOut float64 `json:"caloriesOut"` Distances []Distance `json:"distances"` Elevation float64 `json:"elevation"` Floors int `json:"floors"` HeartRateZones []HeartRateZone `json:"heartRateZones"` CustomHeartRateZones []HeartRateZone `json:"customHeartRateZones"` MarginalCalories int `json:"marginalCalories"` RestingHeartRate int `json:"restingHeartRate"` Steps int `json:"steps"` SedentaryMinutes int `json:"sedentaryMinutes"` LightlyActiveMinutes int `json:"lightlyActiveMinutes"` FairlyActiveMinutes int `json:"fairlyActiveMinutes"` VeryActiveMinutes int `json:"veryActiveMinutes"` } `json:"summary"` } type Subscription struct { CollectionType string `json:"collectionType"` Date string `json:"date"` OwnerID string `json:"ownerId"` OwnerType string `json:"ownerType"` SubscriptionID string `json:"subscriptionId"` } func (s Subscription) String() string { return fmt.Sprintf("https://api.fitbit.com/1/%s/%s/%s/apiSubscriptions/%s.json", s.OwnerType, s.OwnerID, s.CollectionType, s.SubscriptionID) } type Client struct { fitbitUserID string appUser *app.User client *http.Client } func NewClient(ctx context.Context, fitbitUserID string, u *app.User) (*Client, error) { if fitbitUserID == "" { fitbitUserID = "-" } c, err := u.OAuthClient(ctx, "Fitbit", oauthConfig()) if err != nil { return nil, fmt.Errorf("OAuthClient(%q) = %v", "Fitbit", err) } return &Client{ fitbitUserID: fitbitUserID, appUser: u, client: c, }, nil } // ActivitySummary returns the daily activity summary. // // See https://dev.fitbit.com/build/reference/web-api/activity/#get-daily-activity-summary for details. func (c *Client) ActivitySummary(ctx context.Context, date string) (*ActivitySummary, error) { url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/activities/date/%s.json", c.fitbitUserID, date) res, err := c.client.Get(url) if err != nil { return nil, err } defer res.Body.Close() data, err := ioutil.ReadAll(res.Body) if err != nil { return nil, err } log.Debugf(ctx, "GET %s -> %s", url, data) var summary ActivitySummary if err := json.Unmarshal(data, &summary); err != nil { return nil, err } return &summary, nil } func (c *Client) subscriberID(collection string) string { return fmt.Sprintf("%s:%s", c.appUser.ID, collection) } // UserFromSubscriberID parses the user ID from the subscriber ID and calls // app.UserByID() with the user ID. func UserFromSubscriberID(ctx context.Context, subscriberID string) (*app.User, error) { uid := strings.Split(subscriberID, ":")[0] return app.UserByID(ctx, uid) } // Subscribe subscribes to one collection of the user. It uses a per-collection // subscription ID so that we can subscribe to more than one collection. // // See https://dev.fitbit.com/build/reference/web-api/subscriptions/#adding-a-subscription for details. func (c *Client) Subscribe(ctx context.Context, collection string) error { url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions/%s.json", c.fitbitUserID, collection, c.subscriberID(collection)) res, err := c.client.Post(url, "", nil) if err != nil { return err } defer res.Body.Close() if res.StatusCode >= 400 && res.StatusCode != http.StatusConflict { data, _ := ioutil.ReadAll(res.Body) return fmt.Errorf("creating %q subscription failed: status %d %q", collection, res.StatusCode, data) } if res.StatusCode == http.StatusConflict { log.Infof(ctx, "creating %q subscription: already exists", collection) } return nil } func (c *Client) unsubscribe(ctx context.Context, userID, collection, subscriptionID string) error { if userID == "" { userID = c.fitbitUserID } url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions/%s.json", userID, collection, subscriptionID) req, err := http.NewRequest(http.MethodDelete, url, nil) if err != nil { return err } res, err := c.client.Do(req.WithContext(ctx)) if err != nil { return err } defer res.Body.Close() if res.StatusCode >= 400 && res.StatusCode != http.StatusNotFound { data, _ := ioutil.ReadAll(res.Body) return fmt.Errorf("deleting %q subscription failed: status %d %q", collection, res.StatusCode, data) } if res.StatusCode == http.StatusNotFound { log.Infof(ctx, "deleting %q subscription: not found", collection) } return nil } // UnsubscribeAll gets a list of all subscriptions we have with the user's // account and deletes all found subscriptions. // // See https://dev.fitbit.com/build/reference/web-api/subscriptions/#deleting-a-subscription for details. func (c *Client) UnsubscribeAll(ctx context.Context) error { var errs appengine.MultiError for _, collection := range []string{"activities", "sleep"} { subs, err := c.ListSubscriptions(ctx, collection) if err != nil { errs = append(errs, err) continue } for _, sub := range subs { if err := c.unsubscribe(ctx, sub.OwnerID, sub.CollectionType, sub.SubscriptionID); err != nil { errs = append(errs, err) } } } if len(errs) != 0 { return errs } return nil } // ListSubscriptions returns a list of all subscriptions for a given collection // the OAuth2 client has to a user's account. func (c *Client) ListSubscriptions(ctx context.Context, collection string) ([]Subscription, error) { url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions.json", c.fitbitUserID, collection) res, err := c.client.Get(url) if err != nil { return nil, fmt.Errorf("Get(%q) = %v", url, err) } defer res.Body.Close() if res.StatusCode == http.StatusNotFound { log.Infof(ctx, "get %q subscription: not found", collection) return nil, nil } data, err := ioutil.ReadAll(res.Body) if err != nil { return nil, err } log.Debugf(ctx, "GET %s -> %s", url, data) if res.StatusCode >= 400 { return nil, fmt.Errorf("Get(%q) = %d", url, res.StatusCode) } var parsed struct { Subscriptions []Subscription `json:"apiSubscriptions"` } if err := json.Unmarshal(data, &parsed); err != nil { return nil, err } var errs appengine.MultiError var ret []Subscription for _, sub := range parsed.Subscriptions { if sub.CollectionType != collection { errs = append(errs, fmt.Errorf("unexpected collection type: got %q, want %q", sub.CollectionType, collection)) continue } if sub.SubscriptionID == "" { errs = append(errs, fmt.Errorf("missing subscription ID: %+v", sub)) continue } if sub.OwnerID == "" { sub.OwnerID = c.fitbitUserID } ret = append(ret, sub) } if len(ret) == 0 && len(errs) != 0 { return nil, errs } for _, err := range errs { log.Warningf(ctx, "%v", err) } return ret, nil } func (c *Client) revokeToken(ctx context.Context) error { tok, err := c.appUser.Token(ctx, "Fitbit") if err != nil { return err } httpClient := urlfetch.Client(ctx) httpClient.Transport = retry.NewTransport(httpClient.Transport) url := "https://api.fitbit.com/oauth2/revoke?token=" + url.QueryEscape(tok.AccessToken) req, err := http.NewRequest(http.MethodGet, url, nil) if err != nil { return err } req.Header.Set("Authorization", "Basic "+ base64.StdEncoding.EncodeToString([]byte( app.Config.FitbitClientID+":"+app.Config.FitbitClientSecret))) res, err := httpClient.Do(req) if err != nil { return fmt.Errorf("GET %s: %v", url, err) } defer res.Body.Close() if res.StatusCode != http.StatusOK { if data, err := ioutil.ReadAll(res.Body); err == nil { return fmt.Errorf("GET %s: %s", url, data) } else { return fmt.Errorf("GET %s: %s", url, res.Status) } } return nil } // DeleteToken deletes the Fitbit OAuth2 token. func (c *Client) DeleteToken(ctx context.Context) error { if err := c.revokeToken(ctx); err != nil { log.Warningf(ctx, "revokeToken() = %v", err) } return c.appUser.DeleteToken(ctx, "Fitbit") } // Provile contains data about the user. // It only contains the subset of fields required by Kraftakt. type Profile struct { Name string Timezone *time.Location } // Profile returns the profile information of the user. func (c *Client) Profile(ctx context.Context) (*Profile, error) { res, err := c.client.Get("https://api.fitbit.com/1/user/-/profile.json") if err != nil { return nil, err } defer res.Body.Close() if res.StatusCode >= 400 { data, _ := ioutil.ReadAll(res.Body) return nil, fmt.Errorf("reading profile failed: %s", data) } var data struct { User struct { FullName string OffsetFromUTCMillis int Timezone string } } if err := json.NewDecoder(res.Body).Decode(&data); err != nil { return nil, err } loc, err := time.LoadLocation(data.User.Timezone) if err != nil { loc = time.FixedZone("Fitbit preference", data.User.OffsetFromUTCMillis/1000) } return &Profile{ Name: data.User.FullName, Timezone: loc, }, nil }