projects / kraftakt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Replace CSRF token with tokens based on the user's ID.
[kraftakt.git] / fitbit / fitbit.go
diff --git a/fitbit/fitbit.go b/fitbit/fitbit.go
index d7a885d..36242d1 100644 (file)
--- a/fitbit/fitbit.go
+++ b/fitbit/fitbit.go
@@ -32,14 +32,8 @@ func oauthConfig() *oauth2.Config {
        }
 }
 
-const csrfToken = "@CSRFTOKEN@"
-
-func AuthURL() string {
-       return oauthConfig().AuthCodeURL(csrfToken, oauth2.AccessTypeOffline)
-}
-
 func ParseToken(ctx context.Context, r *http.Request, u *app.User) error {
-       if state := r.FormValue("state"); state != csrfToken {
+       if state := r.FormValue("state"); state != u.Sign("Fitbit") {
                return fmt.Errorf("invalid state parameter: %q", state)
        }
 
@@ -155,6 +149,10 @@ func NewClient(ctx context.Context, fitbitUserID string, u *app.User) (*Client,
        }, nil
 }
 
+func (c *Client) AuthURL(ctx context.Context) string {
+       return oauthConfig().AuthCodeURL(c.appUser.Sign("Fitbit"), oauth2.AccessTypeOffline)
+}
+
 func (c *Client) ActivitySummary(ctx context.Context, date string) (*ActivitySummary, error) {
        url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/activities/date/%s.json",
                c.fitbitUserID, date)
Unnamed repository; edit this file 'description' to name the repository.