X-Git-Url: https://git.octo.it/?p=kraftakt.git;a=blobdiff_plain;f=fitbit%2Ffitbit.go;h=9466b12f9de0edf8d326705a5a51b8587f3db5d9;hp=4ba42e4e18f06e01e4c92a2da0e2f38b28deb3a8;hb=b0b4324f51ba7658e5e97b294ebd8ab7008d8f2a;hpb=d941e307d9f8c3175e2ceb9f29395e56759d757c diff --git a/fitbit/fitbit.go b/fitbit/fitbit.go index 4ba42e4..9466b12 100644 --- a/fitbit/fitbit.go +++ b/fitbit/fitbit.go @@ -1,3 +1,4 @@ +// Package fitbit implements functions to interact with the Fitbit API. package fitbit import ( @@ -5,38 +6,50 @@ import ( "crypto/hmac" "crypto/sha1" "encoding/base64" + "encoding/hex" "encoding/json" "fmt" "io/ioutil" "net/http" + "strings" "time" - "github.com/octo/gfitsync/app" + "github.com/octo/kraftakt/app" "golang.org/x/oauth2" oauth2fitbit "golang.org/x/oauth2/fitbit" + "google.golang.org/appengine" "google.golang.org/appengine/log" ) -var oauth2Config = &oauth2.Config{ - ClientID: "@FITBIT_CLIENT_ID@", - ClientSecret: "@FITBIT_CLIENT_SECRET@", - Endpoint: oauth2fitbit.Endpoint, - RedirectURL: "https://kraftakt.octo.it/fitbit/grant", - Scopes: []string{"activity", "heartrate", "profile"}, +func oauthConfig() *oauth2.Config { + return &oauth2.Config{ + ClientID: app.Config.FitbitClientID, + ClientSecret: app.Config.FitbitClientSecret, + Endpoint: oauth2fitbit.Endpoint, + RedirectURL: "https://kraftakt.octo.it/fitbit/grant", + Scopes: []string{ + "activity", + "heartrate", + "profile", + "sleep", + }, + } } -const csrfToken = "@CSRFTOKEN@" - -func AuthURL() string { - return oauth2Config.AuthCodeURL(csrfToken, oauth2.AccessTypeOffline) +// AuthURL returns the URL of the Fitbit consent screen. Users are redirected +// there to approve Fitbit minting an OAuth2 token for us. +func AuthURL(ctx context.Context, u *app.User) string { + return oauthConfig().AuthCodeURL(u.Sign("Fitbit"), oauth2.AccessTypeOffline) } +// ParseToken parses the request of the user being redirected back from the +// consent screen. The parsed token is stored in u using SetToken(). func ParseToken(ctx context.Context, r *http.Request, u *app.User) error { - if state := r.FormValue("state"); state != csrfToken { + if state := r.FormValue("state"); state != u.Sign("Fitbit") { return fmt.Errorf("invalid state parameter: %q", state) } - tok, err := oauth2Config.Exchange(ctx, r.FormValue("code")) + tok, err := oauthConfig().Exchange(ctx, r.FormValue("code")) if err != nil { return err } @@ -44,6 +57,9 @@ func ParseToken(ctx context.Context, r *http.Request, u *app.User) error { return u.SetToken(ctx, "Fitbit", tok) } +// CheckSignature validates that rawSig is a valid signature of payload. This +// is used by the Fitbit API to ansure that the receiver can verify that the +// sender has access to the OAuth2 client secret. func CheckSignature(ctx context.Context, payload []byte, rawSig string) bool { signatureGot, err := base64.StdEncoding.DecodeString(rawSig) if err != nil { @@ -51,26 +67,35 @@ func CheckSignature(ctx context.Context, payload []byte, rawSig string) bool { return false } - mac := hmac.New(sha1.New, []byte(oauth2Config.ClientSecret+"&")) + mac := hmac.New(sha1.New, []byte(oauthConfig().ClientSecret+"&")) mac.Write(payload) signatureWant := mac.Sum(nil) + if !hmac.Equal(signatureGot, signatureWant) { + log.Debugf(ctx, "CheckSignature(): got %q, want %q", + hex.EncodeToString(signatureGot), + hex.EncodeToString(signatureWant)) + } + return hmac.Equal(signatureGot, signatureWant) } type Activity struct { - ActivityID int `json:"activityId"` - ActivityParentID int `json:"activityParentId"` - Calories int `json:"calories"` - Description string `json:"description"` - Distance float64 `json:"distance"` - Duration int `json:"duration"` - HasStartTime bool `json:"hasStartTime"` - IsFavorite bool `json:"isFavorite"` - LogID int `json:"logId"` - Name string `json:"name"` - StartTime string `json:"startTime"` - Steps int `json:"steps"` + ActivityID int `json:"activityId"` + ActivityParentID int `json:"activityParentId"` + ActivityParentName string `json:"activityParentName"` + Calories int `json:"calories"` + Description string `json:"description"` + Distance float64 `json:"distance"` + Duration int `json:"duration"` + HasStartTime bool `json:"hasStartTime"` + IsFavorite bool `json:"isFavorite"` + LastModified time.Time `json:"lastModified"` + LogID int `json:"logId"` + Name string `json:"name"` + StartTime string `json:"startTime"` + StartDate string `json:"startDate"` + Steps int `json:"steps"` } type Distance struct { @@ -122,6 +147,11 @@ type Subscription struct { SubscriptionID string `json:"subscriptionId"` } +func (s Subscription) String() string { + return fmt.Sprintf("https://api.fitbit.com/1/%s/%s/%s/apiSubscriptions/%s.json", + s.OwnerType, s.OwnerID, s.CollectionType, s.SubscriptionID) +} + type Client struct { fitbitUserID string appUser *app.User @@ -133,9 +163,9 @@ func NewClient(ctx context.Context, fitbitUserID string, u *app.User) (*Client, fitbitUserID = "-" } - c, err := u.OAuthClient(ctx, "Fitbit", oauth2Config) + c, err := u.OAuthClient(ctx, "Fitbit", oauthConfig()) if err != nil { - return nil, err + return nil, fmt.Errorf("OAuthClient(%q) = %v", "Fitbit", err) } return &Client{ @@ -145,6 +175,9 @@ func NewClient(ctx context.Context, fitbitUserID string, u *app.User) (*Client, }, nil } +// ActivitySummary returns the daily activity summary. +// +// See https://dev.fitbit.com/build/reference/web-api/activity/#get-daily-activity-summary for details. func (c *Client) ActivitySummary(ctx context.Context, date string) (*ActivitySummary, error) { url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/activities/date/%s.json", c.fitbitUserID, date) @@ -155,7 +188,10 @@ func (c *Client) ActivitySummary(ctx context.Context, date string) (*ActivitySum } defer res.Body.Close() - data, _ := ioutil.ReadAll(res.Body) + data, err := ioutil.ReadAll(res.Body) + if err != nil { + return nil, err + } log.Debugf(ctx, "GET %s -> %s", url, data) var summary ActivitySummary @@ -166,34 +202,172 @@ func (c *Client) ActivitySummary(ctx context.Context, date string) (*ActivitySum return &summary, nil } +func (c *Client) subscriberID(collection string) string { + return fmt.Sprintf("%s:%s", c.appUser.ID, collection) +} + +// UserFromSubscriberID parses the user ID from the subscriber ID and calls +// app.UserByID() with the user ID. +func UserFromSubscriberID(ctx context.Context, subscriberID string) (*app.User, error) { + uid := strings.Split(subscriberID, ":")[0] + return app.UserByID(ctx, uid) +} + +// Subscribe subscribes to one collection of the user. It uses a per-collection +// subscription ID so that we can subscribe to more than one collection. +// +// See https://dev.fitbit.com/build/reference/web-api/subscriptions/#adding-a-subscription for details. func (c *Client) Subscribe(ctx context.Context, collection string) error { - subscriberID, err := c.appUser.ID(ctx) + url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions/%s.json", + c.fitbitUserID, collection, c.subscriberID(collection)) + res, err := c.client.Post(url, "", nil) if err != nil { return err } + defer res.Body.Close() + + if res.StatusCode >= 400 && res.StatusCode != http.StatusConflict { + data, _ := ioutil.ReadAll(res.Body) + log.Errorf(ctx, "creating %q subscription failed: status %d %q", collection, res.StatusCode, data) + return fmt.Errorf("creating %q subscription failed", collection) + } + if res.StatusCode == http.StatusConflict { + log.Infof(ctx, "creating %q subscription: already exists", collection) + } + + return nil +} + +func (c *Client) unsubscribe(ctx context.Context, userID, collection, subscriptionID string) error { + if userID == "" { + userID = c.fitbitUserID + } url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions/%s.json", - c.fitbitUserID, collection, subscriberID) - res, err := c.client.Post(url, "", nil) + userID, collection, subscriptionID) + req, err := http.NewRequest(http.MethodDelete, url, nil) + if err != nil { + return err + } + + res, err := c.client.Do(req.WithContext(ctx)) if err != nil { return err } defer res.Body.Close() - if res.StatusCode >= 400 { + if res.StatusCode >= 400 && res.StatusCode != http.StatusNotFound { data, _ := ioutil.ReadAll(res.Body) - log.Errorf(ctx, "creating subscription failed: status %d %q", res.StatusCode, data) - return fmt.Errorf("creating subscription failed") + log.Errorf(ctx, "deleting %q subscription failed: status %d %q", collection, res.StatusCode, data) + return fmt.Errorf("deleting %q subscription failed", collection) + } + if res.StatusCode == http.StatusNotFound { + log.Infof(ctx, "deleting %q subscription: not found", collection) + } + + return nil +} + +// UnsubscribeAll gets a list of all subscriptions we have with the user's +// account and deletes all found subscriptions. +// +// See https://dev.fitbit.com/build/reference/web-api/subscriptions/#deleting-a-subscription for details. +func (c *Client) UnsubscribeAll(ctx context.Context) error { + var errs appengine.MultiError + + for _, collection := range []string{"activities", "sleep"} { + subs, err := c.ListSubscriptions(ctx, collection) + if err != nil { + errs = append(errs, err) + continue + } + + for _, sub := range subs { + if err := c.unsubscribe(ctx, sub.OwnerID, sub.CollectionType, sub.SubscriptionID); err != nil { + errs = append(errs, err) + } + } + } + if len(errs) != 0 { + return errs } return nil } +// ListSubscriptions returns a list of all subscriptions for a given collection +// the OAuth2 client has to a user's account. +func (c *Client) ListSubscriptions(ctx context.Context, collection string) ([]Subscription, error) { + url := fmt.Sprintf("https://api.fitbit.com/1/user/%s/%s/apiSubscriptions.json", c.fitbitUserID, collection) + res, err := c.client.Get(url) + if err != nil { + return nil, fmt.Errorf("Get(%q) = %v", url, err) + } + defer res.Body.Close() + + if res.StatusCode == http.StatusNotFound { + log.Infof(ctx, "get %q subscription: not found", collection) + return nil, nil + } + + data, err := ioutil.ReadAll(res.Body) + if err != nil { + return nil, err + } + log.Debugf(ctx, "GET %s -> %s", url, data) + + if res.StatusCode >= 400 { + return nil, fmt.Errorf("Get(%q) = %d", url, res.StatusCode) + } + + var parsed struct { + Subscriptions []Subscription `json:"apiSubscriptions"` + } + if err := json.Unmarshal(data, &parsed); err != nil { + return nil, err + } + + var errs appengine.MultiError + var ret []Subscription + for _, sub := range parsed.Subscriptions { + if sub.CollectionType != collection { + errs = append(errs, fmt.Errorf("unexpected collection type: got %q, want %q", sub.CollectionType, collection)) + continue + } + if sub.SubscriptionID == "" { + errs = append(errs, fmt.Errorf("missing subscription ID: %+v", sub)) + continue + } + if sub.OwnerID == "" { + sub.OwnerID = c.fitbitUserID + } + ret = append(ret, sub) + } + + if len(ret) == 0 && len(errs) != 0 { + return nil, errs + } + + for _, err := range errs { + log.Warningf(ctx, "%v", err) + } + + return ret, nil +} + +// DeleteToken deletes the Fitbit OAuth2 token. +func (c *Client) DeleteToken(ctx context.Context) error { + return c.appUser.DeleteToken(ctx, "Fitbit") +} + +// Provile contains data about the user. +// It only contains the subset of fields required by Kraftakt. type Profile struct { Name string Timezone *time.Location } +// Profile returns the profile information of the user. func (c *Client) Profile(ctx context.Context) (*Profile, error) { res, err := c.client.Get("https://api.fitbit.com/1/user/-/profile.json") if err != nil {