Merge branch 'nightscout:master' into master

inventor96 · Aug 16, 2023 · fcd7f3b · fcd7f3b
2 parents 2320cf3 + a09e586
commit fcd7f3b
Show file tree

Hide file tree

Showing 59 changed files with 4,074 additions and 2,871 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -17,7 +17,7 @@ on:
     branches: [ dev ]
   pull_request:
     # The branches below must be a subset of the branches above
-    branches: [ master ]
+    branches: [ dev ]
   schedule:
     - cron: '43 23 * * 3'
 

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        node-version: [12.x, 14.x]
+        node-version: [12.x, 14.x, 16.x]
         mongodb-version: [4.2, 4.4]
 
     steps:
@@ -40,14 +40,19 @@ jobs:
       - name: Send Coverage
         run: npm run-script coverage
 
-  publish_dev:
-    name: Publish dev branch to Docker Hub
+  publish:
+    name: Publish to Docker Hub
     needs: test
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/dev' && github.repository_owner == 'nightscout'
+    if: (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/dev') && github.repository_owner == 'nightscout'
     env:
       DOCKER_IMAGE: nightscout/cgm-remote-monitor
+      PLATFORMS: linux/amd64,linux/arm64
     steps:
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
       - name: Login to Docker Hub
         uses: docker/login-action@v1
         with:
@@ -57,37 +62,29 @@ jobs:
         if: success()
         uses: actions/checkout@v2
       - name: Build, tag and push the dev Docker image
-        if: success()
-        run: |
-          docker build --no-cache=true -t ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }} .
-          docker image push ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }}
-          docker tag ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }} ${{ env.DOCKER_IMAGE }}:latest_dev
-          docker image push ${{ env.DOCKER_IMAGE }}:latest_dev
-
-  publish_master:
-    name: Publish master branch to Docker Hub
-    needs: test
-    runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/master' && github.repository_owner == 'nightscout'
-    env:
-      DOCKER_IMAGE: nightscout/cgm-remote-monitor
-    steps:
-      - name: Login to Docker Hub
-        uses: docker/login-action@v1
+        if: success() && github.ref == 'refs/heads/dev'
+        uses: docker/build-push-action@v2
         with:
-          username: ${{ secrets.DOCKER_USER }}
-          password: ${{ secrets.DOCKER_PASS }}
-      - name: Clean git Checkout
-        if: success()
-        uses: actions/checkout@v2
-      - name: get-npm-version
-        if: success()
+          context: .
+          push: true
+          no-cache: true
+          platforms: ${{ env.PLATFORMS }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:dev_${{ github.sha }}
+            ${{ env.DOCKER_IMAGE }}:latest_dev
+
+      - name: Get Nightscout release version
+        if: success() && github.ref == 'refs/heads/master'
         id: package-version
         uses: martinbeentjes/npm-get-version-action@master
       - name: Build, tag and push the master Docker image
-        if: success()
-        run: |
-          docker build --no-cache=true -t ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }} .
-          docker image push ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }}
-          docker tag ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }} ${{ env.DOCKER_IMAGE }}:latest
-          docker image push ${{ env.DOCKER_IMAGE }}:latest
+        if: success() && github.ref == 'refs/heads/master'
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          no-cache: true
+          platforms: ${{ env.PLATFORMS }}
+          tags: |
+            ${{ env.DOCKER_IMAGE }}:${{ steps.package-version.outputs.current-version }}
+            ${{ env.DOCKER_IMAGE }}:latest
diff --git a/.gitignore b/.gitignore
@@ -30,3 +30,7 @@ npm-debug.log
 /cgm-remote-monitor.sln
 /obj/Debug
 /*.bat
+
+# directories created by docker-compose.yml
+mongo-data/
+letsencrypt/
diff --git a/Dockerfile b/Dockerfile
@@ -2,17 +2,22 @@ FROM node:14.15.3-alpine
 
 LABEL maintainer="Nightscout Contributors"
 
-RUN mkdir -p /opt/app
-ADD . /opt/app
 WORKDIR /opt/app
-RUN chown -R node:node /opt/app
-USER node
+ADD . /opt/app
 
-RUN npm install && \
+# TODO: We should be able to do `RUN npm install --only=production`.
+# For this to work, we need to copy only package.json and things needed for `npm`'s to succeed.
+# TODO: Do we need to re-add `npm audit fix`? Or should that be part of a development process/stage?
+RUN npm install --cache /tmp/empty-cache && \
   npm run postinstall && \
   npm run env && \
-  npm audit fix
+  rm -rf /tmp/*
+  # TODO: These should be added in the future to correctly cache express-minify content to disk
+  # Currently, doing this breaks the browser cache.
+  # mkdir /tmp/public && \
+  # chown node:node /tmp/public
 
+USER node
 EXPOSE 1337
 
 CMD ["node", "lib/server/server.js"]
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,76 @@
+version: '3'
+
+services:
+  mongo:
+    image: mongo:4.4
+    volumes:
+      - ${NS_MONGO_DATA_DIR:-./mongo-data}:/data/db:cached
+
+  nightscout:
+    image: nightscout/cgm-remote-monitor:latest
+    container_name: nightscout
+    restart: always
+    depends_on:
+      - mongo
+    labels:
+      - 'traefik.enable=true'
+      # Change the below Host from `localhost` to be the web address where Nightscout is running.
+      # Also change the email address in the `traefik` service below.
+      - 'traefik.http.routers.nightscout.rule=Host(`localhost`)'
+      - 'traefik.http.routers.nightscout.entrypoints=websecure'
+      - 'traefik.http.routers.nightscout.tls.certresolver=le'
+    environment:
+      ### Variables for the container
+      NODE_ENV: production
+      TZ: Etc/UTC
+
+      ### Overridden variables for Docker Compose setup
+      # The `nightscout` service can use HTTP, because we use `traefik` to serve the HTTPS
+      # and manage TLS certificates
+      INSECURE_USE_HTTP: 'true'
+
+      # For all other settings, please refer to the Environment section of the README
+      ### Required variables
+      # MONGO_CONNECTION - The connection string for your Mongo database.
+      # Something like mongodb://sally:[email protected]:99999/nightscout
+      # The default connects to the `mongo` included in this docker-compose file.
+      # If you change it, you probably also want to comment out the entire `mongo` service block
+      # and `depends_on` block above.
+      MONGO_CONNECTION: mongodb://mongo:27017/nightscout
+
+      # API_SECRET - A secret passphrase that must be at least 12 characters long.
+      API_SECRET: change_me
+
+      ### Features
+      # ENABLE - Used to enable optional features, expects a space delimited list, such as: careportal rawbg iob
+      # See https://github.com/nightscout/cgm-remote-monitor#plugins for details
+      ENABLE: careportal rawbg iob
+
+      # AUTH_DEFAULT_ROLES (readable) - possible values readable, denied, or any valid role name.
+      # When readable, anyone can view Nightscout without a token. Setting it to denied will require
+      # a token from every visit, using status-only will enable api-secret based login.
+      AUTH_DEFAULT_ROLES: denied
+
+      # For all other settings, please refer to the Environment section of the README
+      # https://github.com/nightscout/cgm-remote-monitor#environment
+
+  traefik:
+    image: traefik:latest
+    container_name: 'traefik'
+    command:
+      - '--providers.docker=true'
+      - '--providers.docker.exposedbydefault=false'
+      - '--entrypoints.web.address=:80'
+      - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
+      - '--entrypoints.websecure.address=:443'
+      - "--certificatesresolvers.le.acme.httpchallenge=true"
+      - "--certificatesresolvers.le.acme.httpchallenge.entrypoint=web"
+      - '--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json'
+      # Change the below to match your email address
+      - '[email protected]'
+    ports:
+      - '443:443'
+      - '80:80'
+    volumes:
+      - './letsencrypt:/letsencrypt'
+      - '/var/run/docker.sock:/var/run/docker.sock:ro'
diff --git a/lib/api/activity/index.js b/lib/api/activity/index.js
@@ -12,23 +12,14 @@ function configure(app, wares, ctx) {
         , api = express.Router();
 
     api.use(wares.compression());
-    api.use(wares.bodyParser({
-        limit: 1048576 * 50
-    }));
     // text body types get handled as raw buffer stream
-    api.use(wares.bodyParser.raw({
-        limit: 1048576
-    }));
+    api.use(wares.rawParser);
     // json body types get handled as parsed json
     api.use(wares.bodyParser.json({
-        limit: 1048576
-        , extended: true
+      limit: '50Mb'
     }));
     // also support url-encoded content-type
-    api.use(wares.bodyParser.urlencoded({
-        limit: 1048576
-        , extended: true
-    }));
+    api.use(wares.urlencodedParser);
     // invoke common middleware
     api.use(wares.sendJSONStatus);
 
@@ -94,9 +85,7 @@ function configure(app, wares, ctx) {
             });
         }
 
-        api.post('/activity/', wares.bodyParser({
-            limit: 1048576 * 50
-        }), ctx.authorization.isPermitted('api:activity:create'), post_response);
+        api.post('/activity/', ctx.authorization.isPermitted('api:activity:create'), post_response);
 
         api.delete('/activity/:_id', ctx.authorization.isPermitted('api:activity:delete'), function(req, res) {
             ctx.activity.remove(req.params._id, function() {

diff --git a/lib/api/alexa/index.js b/lib/api/alexa/index.js
@@ -11,12 +11,12 @@ function configure (app, wares, ctx, env) {
   // invoke common middleware
   api.use(wares.sendJSONStatus);
   // text body types get handled as raw buffer stream
-  api.use(wares.bodyParser.raw());
+  api.use(wares.rawParser);
   // json body types get handled as parsed json
-  api.use(wares.bodyParser.json({
-    limit: 1048576
-    , extended: true
-  }));
+  api.use(wares.jsonParser);
+  // also support url-encoded content-type
+  api.use(wares.urlencodedParser);
+  // text body types get handled as raw buffer stream
 
   ctx.virtAsstBase.setupVirtAsstHandlers(ctx.alexa);
 

diff --git a/lib/api/devicestatus/index.js b/lib/api/devicestatus/index.js
@@ -13,14 +13,12 @@ function configure (app, wares, ctx, env) {
   // invoke common middleware
   api.use(wares.sendJSONStatus);
   // text body types get handled as raw buffer stream
-  api.use(wares.bodyParser.raw());
+  api.use(wares.rawParser);
   // json body types get handled as parsed json
-  api.use(wares.bodyParser.json({
-    limit: 1048576
-    , extended: true
-  }));
+  api.use(wares.jsonParser);
   // also support url-encoded content-type
-  api.use(wares.bodyParser.urlencoded({ extended: true }));
+  api.use(wares.urlencodedParser);
+  // text body types get handled as raw buffer stream
 
   api.use(ctx.authorization.isPermitted('api:devicestatus:read'));
 

diff --git a/lib/api/entries/index.js b/lib/api/entries/index.js
@@ -41,20 +41,18 @@ function configure (app, wares, ctx, env) {
   // invoke common middleware
   api.use(wares.sendJSONStatus);
   // text body types get handled as raw buffer stream
-  api.use(wares.bodyParser.raw());
+  api.use(wares.rawParser);
   // json body types get handled as parsed json
   api.use(wares.bodyParser.json({
-    limit: 1048576
-    , extended: true
+    limit: '50Mb'
   }));
+  // also support url-encoded content-type
+  api.use(wares.urlencodedParser);
+  // text body types get handled as raw buffer stream
   // shortcut to use extension to specify output content-type
   api.use(wares.extensions([
         'json', 'svg', 'csv', 'txt', 'png', 'html', 'tsv'
     ]));
-  // also support url-encoded content-type
-  api.use(wares.bodyParser.urlencoded({
-    extended: true
-  }));
 
   api.use(ctx.authorization.isPermitted('api:entries:read'));
   /**
@@ -357,7 +355,7 @@ function configure (app, wares, ctx, env) {
       res.entries_err = err;
       return next();
     });
-  }, format_entries);
+  }, wares.obscure_device, format_entries);
 
   /**
    * @module get#/entries/:spec
@@ -391,7 +389,7 @@ function configure (app, wares, ctx, env) {
       prepReqModel(req, req.params.model);
       query_models(req, res, next);
     }
-  }, format_entries);
+  }, wares.obscure_device, format_entries);
 
   /**
    * @module get#/entries
@@ -402,7 +400,7 @@ function configure (app, wares, ctx, env) {
    * `find[date]`.
    *
    */
-  api.get('/entries', ifModifiedSinceCTX, query_models, format_entries);
+  api.get('/entries', ifModifiedSinceCTX, query_models, wares.obscure_device, format_entries);
 
   /**
    * @function echo_query
@@ -740,7 +738,7 @@ function configure (app, wares, ctx, env) {
         * @routed
         * @response 200 /definitions/Entries
         */
-  api.get('/times/:prefix?/:regex?', prep_storage, prep_pattern_field, prep_patterns, prep_patterns, query_models, format_entries);
+  api.get('/times/:prefix?/:regex?', prep_storage, prep_pattern_field, prep_patterns, prep_patterns, query_models, wares.obscure_device, format_entries);
 
   api.get('/count/:storage/where', prep_storage, count_records, format_results);
 
@@ -755,7 +753,7 @@ function configure (app, wares, ctx, env) {
   /api/v1/slice/entries/dateString/mbg/2015.json
   ```
         */
-  api.get('/slice/:storage/:field/:type?/:prefix?/:regex?', prep_storage, prep_pattern_field, prep_patterns, query_models, format_entries);
+  api.get('/slice/:storage/:field/:type?/:prefix?/:regex?', prep_storage, prep_pattern_field, prep_patterns, query_models, wares.obscure_device, format_entries);
 
   /**
    * @module post#/entries/preview
@@ -767,7 +765,7 @@ function configure (app, wares, ctx, env) {
     // setting this flag tells insert_entries to not actually store the results
     req.persist_entries = false;
     next();
-  }, insert_entries, format_entries);
+  }, insert_entries, wares.obscure_device, format_entries);
 
   // Protect endpoints with authenticated api.
   if (app.enabled('api')) {
@@ -782,7 +780,7 @@ function configure (app, wares, ctx, env) {
       // setting this flag tells insert_entries to store the results
       req.persist_entries = true;
       next();
-    }, insert_entries, format_entries);
+    }, insert_entries, wares.obscure_device, format_entries);
 
     /**
      * @module delete#/entries/:spec

diff --git a/lib/api/food/index.js b/lib/api/food/index.js
@@ -9,14 +9,13 @@ function configure (app, wares, ctx) {
     // invoke common middleware
     api.use(wares.sendJSONStatus);
     // text body types get handled as raw buffer stream
-    api.use(wares.bodyParser.raw( ));
+    api.use(wares.rawParser);
     // json body types get handled as parsed json
-    api.use(wares.bodyParser.json({
-      limit: 1048576
-      , extended: true
-    }));  
+    api.use(wares.jsonParser);
     // also support url-encoded content-type
-    api.use(wares.bodyParser.urlencoded({ extended: true }));
+    api.use(wares.urlencodedParser);
+    // text body types get handled as raw buffer stream
+    // shortcut to use extension to specify output content-type
 
     api.use(ctx.authorization.isPermitted('api:food:read'));