Merge pull request #5526 from nightscout/dev

Release 14.0.0

.github/workflows/main.yml

@@ -1,6 +1,6 @@
 name: CI test
 
-on: [push]
+on: [push, pull_request]
 
 jobs:
   build:
@@ -9,7 +9,7 @@ jobs:
 
     strategy:
       matrix:
-        node-version: [10.x, 12.x]
+        node-version: [12.x]
 
     steps:
     - uses: actions/checkout@v1
@@ -21,12 +21,14 @@ jobs:
       run: npm install
     - name: Install MongoDB
       run: |
-        wget -qO - https://www.mongodb.org/static/pgp/server-3.6.asc | sudo apt-key add -
-        echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.6 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-3.6.list
+        wget -qO - https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
+        echo "deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.4 multiverse" | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
         sudo apt-get update
         sudo apt-get install -y mongodb-org
-        sudo apt-get install -y --allow-downgrades mongodb-org=3.6.14 mongodb-org-server=3.6.14 mongodb-org-shell=3.6.14 mongodb-org-mongos=3.6.14 mongodb-org-tools=3.6.14
+        sudo apt-get install -y --allow-downgrades mongodb-org=4.4.0 mongodb-org-server=4.4.0 mongodb-org-shell=4.4.0 mongodb-org-mongos=4.4.0 mongodb-org-tools=4.4.0
     - name: Start MongoDB
       run: sudo systemctl start mongod
-    - name: Run tests
+    - name: Run Tests
       run: npm run-script test-ci
+    - name: Send Coverage
+      run: npm run-script coverage

CONTRIBUTING.md

@@ -34,7 +34,7 @@
 [coverage-img]: https://img.shields.io/coveralls/nightscout/cgm-remote-monitor/master.svg
 [coverage-url]: https://coveralls.io/r/nightscout/cgm-remote-monitor?branch=master
 [discord-img]: https://img.shields.io/discord/629952586895851530?label=discord%20chat
-[discord-url]: https://discordapp.com/channels/629952586895851530/629952669967974410
+[discord-url]: https://discord.gg/rTKhrqz
 
 ## Installation for development
 
@@ -181,6 +181,7 @@ Also if you can't code, it's possible to contribute by improving the documentati
 [@unsoluble]: https://github.com/unsoluble
 [@viderehh]: https://github.com/viderehh
 [@OpossumGit]: https://github.com/OpossumGit
+[@Bartlomiejsz]: https://github.com/Bartlomiejsz
 
 | Contribution area                     | List of contributors |
 | ------------------------------------- | ---------------------------------- |
@@ -252,7 +253,7 @@ Languages with less than 90% coverage will be removed in a future Nightscout ver
 | 한국어 (`ko`)|Please volunteer|Needs attention: 80.6%|
 | Norsk (Bokmål) (`nb`)|Please volunteer|OK|
 | Nederlands (`nl`)|[@PieterGit]|OK|
-| Polski (`pl`)|Please volunteer|OK|
+| Polski (`pl`)|[@Bartlomiejsz]|OK|
 | Português (Brasil) (`pt`)|Please volunteer|OK|
 | Română (`ro`)|Please volunteer|OK|
 | Русский (`ru`)|[@apanasef]|OK|

app.js

@@ -7,6 +7,7 @@ const bodyParser = require('body-parser');
 
 const path = require('path');
 const fs = require('fs');
+const ejs = require('ejs');
 
 function create (env, ctx) {
   var app = express();
@@ -25,6 +26,9 @@ function create (env, ctx) {
       }
     });
     if (secureHstsHeader) { // Add HSTS (HTTP Strict Transport Security) header
+
+      const enableCSP = env.secureCsp ? true : false;
+
       console.info('Enabled SECURE_HSTS_HEADER (HTTP Strict Transport Security)');
       const helmet = require('helmet');
       var includeSubDomainsValue = env.secureHstsHeaderIncludeSubdomains;
@@ -36,39 +40,52 @@ function create (env, ctx) {
           , preload: preloadValue
         }
         , frameguard: false
+        , contentSecurityPolicy: enableCSP
       }));
-      if (env.secureCsp) {
+
+      if (enableCSP) {
         var secureCspReportOnly = env.secureCspReportOnly;
         if (secureCspReportOnly) {
           console.info('Enabled SECURE_CSP (Content Security Policy header). Not enforcing. Report only.');
         } else {
           console.info('Enabled SECURE_CSP (Content Security Policy header). Enforcing.');
         }
+
+        let frameAncestors = ["'self'"];
+
+        for (let i = 0; i <= 8; i++) {
+          let u = env.settings['frameUrl' + i];
+          if (u) {
+            frameAncestors.push(u);
+          }
+        }
+
         app.use(helmet.contentSecurityPolicy({ //TODO make NS work without 'unsafe-inline'
           directives: {
             defaultSrc: ["'self'"]
-            , styleSrc: ["'self'", 'https://fonts.googleapis.com/', "'unsafe-inline'"]
+            , styleSrc: ["'self'", 'https://fonts.googleapis.com/', 'https://fonts.gstatic.com/', "'unsafe-inline'"]
             , scriptSrc: ["'self'", "'unsafe-inline'"]
-            , fontSrc: ["'self'", 'https://fonts.gstatic.com/', 'data:']
+            , fontSrc: ["'self'", 'https://fonts.googleapis.com/', 'https://fonts.gstatic.com/', 'data:']
             , imgSrc: ["'self'", 'data:']
-            , objectSrc: ["'none'"], // Restricts <object>, <embed>, and <applet> elements
-            reportUri: '/report-violation'
-            , frameAncestors: ["'none'"], // Clickjacking protection, using frame-ancestors
-            baseUri: ["'none'"], // Restricts use of the <base> tag
-            formAction: ["'self'"], // Restricts where <form> contents may be submitted
+            , objectSrc: ["'none'"] // Restricts <object>, <embed>, and <applet> elements
+            , reportUri: '/report-violation'
+            , baseUri: ["'none'"] // Restricts use of the <base> tag
+            , formAction: ["'self'"] // Restricts where <form> contents may be submitted
+            , connectSrc: ["'self'", "ws:", "wss:", 'https://fonts.googleapis.com/', 'https://fonts.gstatic.com/']
+            , frameSrc: ["'self'"]
+            , frameAncestors: frameAncestors
           }
           , reportOnly: secureCspReportOnly
         }));
         app.use(helmet.referrerPolicy({ policy: 'no-referrer' }));
-        app.use(helmet.featurePolicy({ features: { payment: ["'none'"], } }));
         app.use(bodyParser.json({ type: ['json', 'application/csp-report'] }));
         app.post('/report-violation', (req, res) => {
           if (req.body) {
-            console.log('CSP Violation: ', req.body)
+            console.log('CSP Violation: ', req.body);
           } else {
-            console.log('CSP Violation: No data received!')
+            console.log('CSP Violation: No data received!');
           }
-          res.status(204).end()
+          res.status(204).end();
         })
       }
     }
@@ -92,6 +109,20 @@ function create (env, ctx) {
   }
   app.locals.cachebuster = cacheBuster;
 
+  app.get("/robots.txt", (req, res) => {
+    res.setHeader('Content-Type', 'text/plain');
+    res.send(['User-agent: *','Disallow: /'].join('\n'));
+  });
+
+  app.get("/sw.js", (req, res) => {
+    res.setHeader('Content-Type', 'application/javascript');
+    res.send(ejs.render(fs.readFileSync(
+      require.resolve(`${__dirname}/views/service-worker.js`),
+      { encoding: 'utf-8' }),
+      { locals: app.locals}
+     ));
+  });
+
   if (ctx.bootErrors && ctx.bootErrors.length > 0) {
     app.get('*', require('./lib/server/booterror')(ctx));
     return app;
@@ -131,41 +162,58 @@ function create (env, ctx) {
     }
   }));
 
-  const clockviews = require('./lib/server/clocks.js')(env, ctx);
-  clockviews.setLocals(app.locals);
-
-  app.use("/clock", clockviews);
-
-  app.get("/", (req, res) => {
-    res.render("index.html", {
-      locals: app.locals
-    });
-  });
-
   var appPages = {
-    "/clock-color.html": "clock-color.html"
-    , "/admin": "adminindex.html"
-    , "/profile": "profileindex.html"
-    , "/food": "foodindex.html"
-    , "/bgclock.html": "bgclock.html"
-    , "/report": "reportindex.html"
-    , "/translations": "translationsindex.html"
-    , "/clock.html": "clock.html"
+    "/": {
+      file: "index.html"
+      , type: "index"
+    }
+    , "/admin": {
+      file: "adminindex.html"
+      , title: 'Admin Tools'
+      , type: 'admin'
+    }
+    , "/food": {
+      file: "foodindex.html"
+      , title: 'Food Editor'
+      , type: 'food'
+    }
+    , "/profile": {
+      file: "profileindex.html"
+      , title: 'Profile Editor'
+      , type: 'profile'
+    }
+    , "/report": {
+      file: "reportindex.html"
+      , title: 'Nightscout reporting'
+      , type: 'report'
+    }
+    , "/translations": {
+      file: "translationsindex.html"
+      , title: 'Nightscout translations'
+      , type: 'translations'
+    }
+    , "/split": {
+      file: "frame.html"
+      , title: '8-user view'
+      , type: 'index'
+    }
   };
 
   Object.keys(appPages).forEach(function(page) {
     app.get(page, (req, res) => {
-      res.render(appPages[page], {
-        locals: app.locals
+      res.render(appPages[page].file, {
+        locals: app.locals,
+        title: appPages[page].title ? appPages[page].title : '',
+        type: appPages[page].type ? appPages[page].type : '',
+        settings: env.settings
       });
     });
   });
 
-  app.get("/appcache/*", (req, res) => {
-    res.render("nightscout.appcache", {
-      locals: app.locals
-    });
-  });
+  const clockviews = require('./lib/server/clocks.js')(env, ctx);
+  clockviews.setLocals(app.locals);
+
+  app.use("/clock", clockviews);
 
   app.use('/api', bodyParser({
     limit: 1048576 * 50
@@ -199,6 +247,7 @@ function create (env, ctx) {
     res.sendFile(__dirname + '/swagger.yaml');
   });
 
+  /* // FOR DEBUGGING MEMORY LEEAKS
   if (env.settings.isEnabled('dumps')) {
     var heapdump = require('heapdump');
     app.get('/api/v2/dumps/start', function(req, res) {
@@ -209,6 +258,7 @@ function create (env, ctx) {
       res.send('wrote dump to ' + path);
     });
   }
+  */
 
   // app.get('/package.json', software);
 

app.json

@@ -72,6 +72,11 @@
       "value": "180",
       "required": false
     },
+    "BOLUS_RENDER_OVER": {
+      "description": "U value over which the bolus values are rendered on the chart if the 'x U and Over' option is selected.",
+      "value": "1",
+      "required": false
+    },
     "BRIDGE_PASSWORD": {
       "description": "Your Dexcom account password, to receive CGM data from the Dexcom Share service. Also make sure to include 'bridge' in your ENABLE line.",
       "value": "",
@@ -99,7 +104,7 @@
     },
     "ENABLE": {
       "description": "Plugins to enable for your site. Must be a space-delimited, lower-case list. Include the word 'bridge' here if you are receiving data from the Dexcom Share service. Include 'mmconnect' if you are bridging from the MiniMed CareLink service.",
-      "value": "careportal basal",
+      "value": "careportal basal dbsize",
       "required": false
     },
     "MMCONNECT_USER_NAME": {
@@ -117,6 +122,11 @@
       "value": "US",
       "required": false
     },
+    "MONGODB_URI": {
+      "description": "The MongoDB Connection String to connect to your MongoDB cluster",
+      "value": "",
+      "required": true
+    },
     "MONGO_COLLECTION": {
       "description": "The Mongo collection where CGM data is stored.",
       "value": "entries",
@@ -129,7 +139,7 @@
     },
     "SHOW_PLUGINS": {
       "description": "Default setting for whether or not these plugins are checked (active) by default, not merely enabled. Include plugins here as in the ENABLE line; space-separated and lower-case.",
-      "value": "careportal",
+      "value": "careportal dbsize",
       "required": false
     },
     "SHOW_RAWBG": {
@@ -149,7 +159,6 @@
     }
   },
   "addons": [
-    "mongolab:sandbox",
     "papertrail"
   ]
 }