Re-enable signature checking.
authorFlorian Forster <ff@octo.it>
Wed, 7 Feb 2018 12:25:28 +0000 (13:25 +0100)
committerFlorian Forster <ff@octo.it>
Wed, 7 Feb 2018 12:25:28 +0000 (13:25 +0100)
Reverts: bb0ee5050d834e438b67306c8e98d810478b3a08

kraftakt.go

index 40f0546..72389bd 100644 (file)
@@ -258,13 +258,9 @@ func fitbitNotifyHandler(ctx context.Context, w http.ResponseWriter, r *http.Req
        // Fitbit recommendation: "If signature verification fails, you should
        // respond with a 404"
        if !fitbit.CheckSignature(ctx, data, r.Header.Get("X-Fitbit-Signature")) {
-               /*
-                       log.Errorf(ctx, "signature mismatch")
-                       w.WriteHeader(http.StatusNotFound)
-                       return nil
-               */
-       } else {
-               log.Warningf(ctx, "TODO(octo): re-enable signature checking, see https://community.fitbit.com/t5/Web-API-Development/Push-notification-signatures-are-currently-invalid/m-p/2496159")
+               log.Errorf(ctx, "signature mismatch")
+               w.WriteHeader(http.StatusNotFound)
+               return nil
        }
 
        if err := delayedHandleNotifications.Call(ctx, data); err != nil {