From b2a4c7b34862646d55add7c416362360cf383de5 Mon Sep 17 00:00:00 2001
From: Florian Forster <ff@octo.it>
Date: Wed, 7 Feb 2018 13:25:28 +0100
Subject: [PATCH] Re-enable signature checking.

Reverts: bb0ee5050d834e438b67306c8e98d810478b3a08
---
 kraftakt.go | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/kraftakt.go b/kraftakt.go
index 40f0546..72389bd 100644
--- a/kraftakt.go
+++ b/kraftakt.go
@@ -258,13 +258,9 @@ func fitbitNotifyHandler(ctx context.Context, w http.ResponseWriter, r *http.Req
 	// Fitbit recommendation: "If signature verification fails, you should
 	// respond with a 404"
 	if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) {
-		/*
-			log.Errorf(ctx, "signature mismatch")
-			w.WriteHeader(http.StatusNotFound)
-			return nil
-		*/
-	} else {
-		log.Warningf(ctx, "TODO(octo): re-enable signature checking, see https://community.fitbit.com/t5/Web-API-Development/Push-notification-signatures-are-currently-invalid/m-p/2496159")
+		log.Errorf(ctx, "signature mismatch")
+		w.WriteHeader(http.StatusNotFound)
+		return nil
 	}
 
 	if err := delayedHandleNotifications.Call(ctx, data); err != nil {
-- 
2.11.0