projects / kraftakt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e4ad49d)
Package fitbit: Log signatures on failure.
authorFlorian Forster <ff@octo.it>
Thu, 1 Feb 2018 07:07:28 +0000 (08:07 +0100)
committerFlorian Forster <ff@octo.it>
Thu, 1 Feb 2018 07:07:28 +0000 (08:07 +0100)
Also promote "signature mismatch" from warning to error.

fitbit/fitbit.go patch | blob | history
kraftakt.go patch | blob | history

diff --git a/fitbit/fitbit.go b/fitbit/fitbit.go
index 33f2ccd..9466b12 100644 (file)
--- a/fitbit/fitbit.go
+++ b/fitbit/fitbit.go
@@ -6,6 +6,7 @@ import (
        "crypto/hmac"
        "crypto/sha1"
        "encoding/base64"
+       "encoding/hex"
        "encoding/json"
        "fmt"
        "io/ioutil"
@@ -70,6 +71,12 @@ func CheckSignature(ctx context.Context, payload []byte, rawSig string) bool {
        mac.Write(payload)
        signatureWant := mac.Sum(nil)
 
+       if !hmac.Equal(signatureGot, signatureWant) {
+               log.Debugf(ctx, "CheckSignature(): got %q, want %q",
+                       hex.EncodeToString(signatureGot),
+                       hex.EncodeToString(signatureWant))
+       }
+
        return hmac.Equal(signatureGot, signatureWant)
 }
 
diff --git a/kraftakt.go b/kraftakt.go
index da10c62..d53a3a3 100644 (file)
--- a/kraftakt.go
+++ b/kraftakt.go
@@ -258,7 +258,7 @@ func fitbitNotifyHandler(ctx context.Context, w http.ResponseWriter, r *http.Req
        // Fitbit recommendation: "If signature verification fails, you should
        // respond with a 404"
        if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) {
-               log.Warningf(ctx, "signature mismatch")
+               log.Errorf(ctx, "signature mismatch")
                w.WriteHeader(http.StatusNotFound)
                return nil
        }
Unnamed repository; edit this file 'description' to name the repository.