Merge branch 'nightscout:master' into master

.deployment

@@ -1,2 +1,2 @@
 [config]
-command = bash deploy.sh
+command = bash bin/azure-deploy.sh

.github/workflows/main.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [12.x, 14.x]
+        node-version: [12.x, 14.x, 16.x]
         mongodb-version: [4.2, 4.4]
 
     steps:
@@ -40,14 +40,19 @@ jobs:
       - name: Send Coverage
         run: npm run-script coverage
 
-  publish_dev:
-    name: Publish dev branch to Docker Hub
+  publish:
+    name: Publish to Docker Hub
     needs: test
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/dev' && github.repository_owner == 'nightscout'
+    if: (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev') && github.repository_owner == 'nightscout'
     env:
       DOCKER_IMAGE: nightscout/cgm-remote-monitor
+      PLATFORMS: linux/amd64,linux/arm64
     steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
       - name: Login to Docker Hub
         uses: docker/login-action@v1
         with:
@@ -57,37 +62,29 @@ jobs:
         if: success()
         uses: actions/checkout@v2
       - name: Build, tag and push the dev Docker image
-        if: success()
-        run: |
-          docker build --no-cache=true -t ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }} .
-          docker image push ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }}
-          docker tag ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }} ${{ env.DOCKER_IMAGE }}:latest_dev
-          docker image push ${{ env.DOCKER_IMAGE }}:latest_dev
-
-  publish_master:
-    name: Publish master branch to Docker Hub
-    needs: test
-    runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/master' && github.repository_owner == 'nightscout'
-    env:
-      DOCKER_IMAGE: nightscout/cgm-remote-monitor
-    steps:
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        if: success() && github.ref == 'refs/heads/dev'
+        uses: docker/build-push-action@v2
         with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_PASS }}
-      - name: Clean git Checkout
-        if: success()
-        uses: actions/checkout@v2
-      - name: get-npm-version
-        if: success()
+          context: .
+          push: true
+          no-cache: true
+          platforms: ${{ env.PLATFORMS }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }}
+            ${{ env.DOCKER_IMAGE }}:latest_dev
+
+      - name: Get Nightscout release version
+        if: success() && github.ref == 'refs/heads/master'
         id: package-version
         uses: martinbeentjes/npm-get-version-action@master
       - name: Build, tag and push the master Docker image
-        if: success()
-        run: |
-          docker build --no-cache=true -t ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }} .
-          docker image push ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }}
-          docker tag ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }} ${{ env.DOCKER_IMAGE }}:latest
-          docker image push ${{ env.DOCKER_IMAGE }}:latest
+        if: success() && github.ref == 'refs/heads/master'
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          no-cache: true
+          platforms: ${{ env.PLATFORMS }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }}
+            ${{ env.DOCKER_IMAGE }}:latest

.gitignore

@@ -30,3 +30,7 @@ npm-debug.log
 /cgm-remote-monitor.sln
 /obj/Debug
 /*.bat
+
+# directories created by docker-compose.yml
+mongo-data/
+letsencrypt/

CONTRIBUTING.md

@@ -34,6 +34,7 @@
 [coverage-url]: https://coveralls.io/r/nightscout/cgm-remote-monitor?branch=master
 [discord-img]: https://img.shields.io/discord/629952586895851530?label=discord%20chat
 [discord-url]: https://discord.gg/rTKhrqz
+[example-env-template]: docs/example-template.env
 
 ## Translations
 
@@ -49,15 +50,15 @@ Nightscout is a Node.js application. The basic installation of the software for
    dependency installation has to be done using a non-root user - _do not use root_ for development and hosting
    the software!
 3. Get a Mongo database by either installing Mongo locally, or get a free cloud account from mLab or MongoDB Atlas.
-4. Configure Nightscout by copying `my.env.template` to `my.env` and run it - see the next chapter in the instructions
+4. Configure Nightscout by copying [`docs/example-template.env`][example-env-template] to `my.env` and run it - see the next chapter in the instructions
 
 ## Develop on `dev`
 
 We develop on the `dev` branch. All new pull requests should be targeted to `dev`. The `master` branch is only used for distributing the latest version of the tested sources.
 
 You can get the `dev` branch checked out using `git checkout dev`.
 
-Once checked out, install the dependencies using `npm install`, then copy the included `my.env.template`file to `my.env` and edit the file to include your settings (like the Mongo URL). Leave the `NODE_ENV=development` line intact. Once set, run the site using `npm run dev`. This will start Nightscout in the development mode, with different code packaging rules and automatic restarting of the server using nodemon, when you save changed files on disk. The client also hot-reloads new code in, but it's recommended to reload the website after changes due to the way the plugin sandbox works.
+Once checked out, install the dependencies using `npm install`, then copy the included  [`docs/example-template.env`][example-env-template] to `my.env` file to `my.env` and edit the file to include your settings (like the Mongo URL). Leave the `NODE_ENV=development` line intact. Once set, run the site using `npm run dev`. This will start Nightscout in the development mode, with different code packaging rules and automatic restarting of the server using nodemon, when you save changed files on disk. The client also hot-reloads new code in, but it's recommended to reload the website after changes due to the way the plugin sandbox works.
 
 Note the template sets `INSECURE_USE_HTTP` to `true` to enable the site to work over HTTP in local development.
 

Dockerfile

@@ -2,17 +2,22 @@ FROM node:14.15.3-alpine
 
 LABEL maintainer="Nightscout Contributors"
 
-RUN mkdir -p /opt/app
-ADD . /opt/app
 WORKDIR /opt/app
-RUN chown -R node:node /opt/app
-USER node
+ADD . /opt/app
 
-RUN npm install && \
+# TODO: We should be able to do `RUN npm install --only=production`.
+# For this to work, we need to copy only package.json and things needed for `npm`'s to succeed.
+# TODO: Do we need to re-add `npm audit fix`? Or should that be part of a development process/stage?
+RUN npm install --cache /tmp/empty-cache && \
   npm run postinstall && \
   npm run env && \
-  npm audit fix
+  rm -rf /tmp/*
+  # TODO: These should be added in the future to correctly cache express-minify content to disk
+  # Currently, doing this breaks the browser cache.
+  # mkdir /tmp/public && \
+  # chown node:node /tmp/public
 
+USER node
 EXPOSE 1337
 
 CMD ["node", "lib/server/server.js"]

README.md

@@ -50,7 +50,7 @@ See [CONTRIBUTING.md](CONTRIBUTING.md)
 [discord-url]: https://discord.gg/rTKhrqz
 [heroku-img]: https://www.herokucdn.com/deploy/button.png
 [heroku-url]: https://heroku.com/deploy?template=https://github.com/nightscout/cgm-remote-monitor
-[update-img]: update.png
+[update-img]: docs/update.png
 [update-fork]: http://nightscout.github.io/pages/update-fork/
 [original]: https://github.com/rnpenguin/cgm-remote-monitor
 
@@ -164,7 +164,7 @@ Some features may not work with devices/browsers on the older end of these requi
 
 ## Windows installation software requirements:
 
-- [Node.js](http://nodejs.org/) Latest Node 12 LTS. Node versions that do not have the latest security patches will not work. Use [Install instructions for Node](https://nodejs.org/en/download/package-manager/) or use `setup.sh`)
+- [Node.js](http://nodejs.org/) Latest Node 12 LTS. Node versions that do not have the latest security patches will not work. Use [Install instructions for Node](https://nodejs.org/en/download/package-manager/) or use `bin/setup.sh`)
 - [MongoDB](https://www.mongodb.com/download-center?jmp=nav#community) 3.x or later. MongoDB 2.4 is only supported for Raspberry Pi.
 
 As a non-root user clone this repo then install dependencies into the root of the project:
@@ -670,7 +670,7 @@ For remote overrides, the following extended settings must be configured:
   * `target_high` - Upper target for correction boluses.
   * `target_low` - Lower target for correction boluses.
 
-  Some example profiles are [here](example-profiles.md).
+  Some example profiles are [here](docs/plugins/example-profiles.md).
 
 ## Setting environment variables
 Easy to emulate on the commandline:
@@ -690,13 +690,13 @@ Your hosting provider probably has a way to set these through their GUI.
 ### Vagrant install
 
 Optionally, use [Vagrant](https://www.vagrantup.com/) with the
-included `Vagrantfile` and `setup.sh` to install OS and node packages to
+included `Vagrantfile` and `bin/setup.sh` to install OS and node packages to
 a virtual machine.
 
 ```bash
 host$ vagrant up
 host$ vagrant ssh
-vm$ setup.sh
+vm$ ./bin/setup.sh
 ```
 
 The setup script will install OS packages then run `npm install`.

deploy.sh → bin/azure-deploy.sh

@@ -103,7 +103,7 @@ echo "\"$SCM_COMMIT_ID\"" > $DEPLOYMENT_SOURCE/scm-commit-id.json
 
 # 1. KuduSync
 if [[ "$IN_PLACE_DEPLOYMENT" -ne "1" ]]; then
-  "$KUDU_SYNC_CMD" -v 50 -f "$DEPLOYMENT_SOURCE" -t "$DEPLOYMENT_TARGET" -n "$NEXT_MANIFEST_PATH" -p "$PREVIOUS_MANIFEST_PATH" -i ".git;.hg;.deployment;deploy.sh"
+  "$KUDU_SYNC_CMD" -v 50 -f "$DEPLOYMENT_SOURCE" -t "$DEPLOYMENT_TARGET" -n "$NEXT_MANIFEST_PATH" -p "$PREVIOUS_MANIFEST_PATH" -i ".git;.hg;.deployment;bin/azure-deploy.sh"
   exitWithMessageOnError "Kudu Sync failed"
 fi
 

docker-compose.yml

@@ -0,0 +1,76 @@
+version: '3'
+
+services:
+  mongo:
+    image: mongo:4.4
+    volumes:
+      - ${NS_MONGO_DATA_DIR:-./mongo-data}:/data/db:cached
+
+  nightscout:
+    image: nightscout/cgm-remote-monitor:latest
+    container_name: nightscout
+    restart: always
+    depends_on:
+      - mongo
+    labels:
+      - 'traefik.enable=true'
+      # Change the below Host from `localhost` to be the web address where Nightscout is running.
+      # Also change the email address in the `traefik` service below.
+      - 'traefik.http.routers.nightscout.rule=Host(`localhost`)'
+      - 'traefik.http.routers.nightscout.entrypoints=websecure'
+      - 'traefik.http.routers.nightscout.tls.certresolver=le'
+    environment:
+      ### Variables for the container
+      NODE_ENV: production
+      TZ: Etc/UTC
+
+      ### Overridden variables for Docker Compose setup
+      # The `nightscout` service can use HTTP, because we use `traefik` to serve the HTTPS
+      # and manage TLS certificates
+      INSECURE_USE_HTTP: 'true'
+
+      # For all other settings, please refer to the Environment section of the README
+      ### Required variables
+      # MONGO_CONNECTION - The connection string for your Mongo database.
+      # Something like mongodb://sally:[email protected]:99999/nightscout
+      # The default connects to the `mongo` included in this docker-compose file.
+      # If you change it, you probably also want to comment out the entire `mongo` service block
+      # and `depends_on` block above.
+      MONGO_CONNECTION: mongodb://mongo:27017/nightscout
+
+      # API_SECRET - A secret passphrase that must be at least 12 characters long.
+      API_SECRET: change_me
+
+      ### Features
+      # ENABLE - Used to enable optional features, expects a space delimited list, such as: careportal rawbg iob
+      # See https://github.com/nightscout/cgm-remote-monitor#plugins for details
+      ENABLE: careportal rawbg iob
+
+      # AUTH_DEFAULT_ROLES (readable) - possible values readable, denied, or any valid role name.
+      # When readable, anyone can view Nightscout without a token. Setting it to denied will require
+      # a token from every visit, using status-only will enable api-secret based login.
+      AUTH_DEFAULT_ROLES: denied
+
+      # For all other settings, please refer to the Environment section of the README
+      # https://github.com/nightscout/cgm-remote-monitor#environment
+
+  traefik:
+    image: traefik:latest
+    container_name: 'traefik'
+    command:
+      - '--providers.docker=true'
+      - '--providers.docker.exposedbydefault=false'
+      - '--entrypoints.web.address=:80'
+      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
+      - '--entrypoints.websecure.address=:443'
+      - "--certificatesresolvers.le.acme.httpchallenge=true"
+      - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
+      - '--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json'
+      # Change the below to match your email address
+      - '[email protected]'
+    ports:
+      - '443:443'
+      - '80:80'
+    volumes:
+      - './letsencrypt:/letsencrypt'
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'

lib/adminnotifies.js

@@ -7,6 +7,11 @@ function init (ctx) {
   const adminnotifies = {};
 
   adminnotifies.addNotify = function addnotify (notify) {
+    if (!ctx.settings.adminNotifiesEnabled) {
+      console.log('Admin notifies disabled, skipping notify', notify);
+      return;
+    }
+
     if (!notify) return;
 
     notify.title = notify.title || 'No title';

lib/api/activity/index.js

@@ -12,23 +12,14 @@ function configure(app, wares, ctx) {
         , api = express.Router();
 
     api.use(wares.compression());
-    api.use(wares.bodyParser({
-        limit: 1048576 * 50
-    }));
     // text body types get handled as raw buffer stream
-    api.use(wares.bodyParser.raw({
-        limit: 1048576
-    }));
+    api.use(wares.rawParser);
     // json body types get handled as parsed json
     api.use(wares.bodyParser.json({
-        limit: 1048576
-        , extended: true
+      limit: '50Mb'
     }));
     // also support url-encoded content-type
-    api.use(wares.bodyParser.urlencoded({
-        limit: 1048576
-        , extended: true
-    }));
+    api.use(wares.urlencodedParser);
     // invoke common middleware
     api.use(wares.sendJSONStatus);
 
@@ -94,9 +85,7 @@ function configure(app, wares, ctx) {
             });
         }
 
-        api.post('/activity/', wares.bodyParser({
-            limit: 1048576 * 50
-        }), ctx.authorization.isPermitted('api:activity:create'), post_response);
+        api.post('/activity/', ctx.authorization.isPermitted('api:activity:create'), post_response);
 
         api.delete('/activity/:_id', ctx.authorization.isPermitted('api:activity:delete'), function(req, res) {
             ctx.activity.remove(req.params._id, function() {

lib/api/alexa/index.js

@@ -11,12 +11,12 @@ function configure (app, wares, ctx, env) {
   // invoke common middleware
   api.use(wares.sendJSONStatus);
   // text body types get handled as raw buffer stream
-  api.use(wares.bodyParser.raw());
+  api.use(wares.rawParser);
   // json body types get handled as parsed json
-  api.use(wares.bodyParser.json({
-    limit: 1048576
-    , extended: true
-  }));
+  api.use(wares.jsonParser);
+  // also support url-encoded content-type
+  api.use(wares.urlencodedParser);
+  // text body types get handled as raw buffer stream
 
   ctx.virtAsstBase.setupVirtAsstHandlers(ctx.alexa);
 

lib/api/devicestatus/index.js

@@ -13,14 +13,12 @@ function configure (app, wares, ctx, env) {
   // invoke common middleware
   api.use(wares.sendJSONStatus);
   // text body types get handled as raw buffer stream
-  api.use(wares.bodyParser.raw());
+  api.use(wares.rawParser);
   // json body types get handled as parsed json
-  api.use(wares.bodyParser.json({
-    limit: 1048576
-    , extended: true
-  }));
+  api.use(wares.jsonParser);
   // also support url-encoded content-type
-  api.use(wares.bodyParser.urlencoded({ extended: true }));
+  api.use(wares.urlencodedParser);
+  // text body types get handled as raw buffer stream
 
   api.use(ctx.authorization.isPermitted('api:devicestatus:read'));