// Fitbit recommendation: "If signature verification fails, you should
// respond with a 404"
if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) {
- log.Warningf(ctx, "signature mismatch")
- w.WriteHeader(http.StatusNotFound)
- return nil
+ /*
+ log.Errorf(ctx, "signature mismatch")
+ w.WriteHeader(http.StatusNotFound)
+ return nil
+ */
+ } else {
+ log.Warningf(ctx, "TODO(octo): re-enable signature checking, see https://community.fitbit.com/t5/Web-API-Development/Push-notification-signatures-are-currently-invalid/m-p/2496159")
}
if err := delayedHandleNotifications.Call(ctx, data); err != nil {
switch s.CollectionType {
case "activities":
wg.Add(1)
- go func() {
+ go func(s fitbit.Subscription) {
defer wg.Done()
if err := activitiesNotification(ctx, &s); err != nil {
log.Warningf(ctx, "activitiesNotification() = %v", err)
}
- }()
+ }(s) // copies s
case "sleep":
wg.Add(1)
- go func() {
+ go func(s fitbit.Subscription) {
defer wg.Done()
if err := sleepNotification(ctx, &s); err != nil {
log.Warningf(ctx, "sleepNotification() = %v", err)
}
- }()
+ }(s) // copies s
default:
log.Warningf(ctx, "ignoring collection type %q", s.CollectionType)