Merge pull request #6445 from nightscout/dev

Release 14.0.7

Author: sulkaharo

README.md

@@ -305,7 +305,7 @@ To learn more about the Nightscout API, visit https://YOUR-SITE.com/api-docs/ or
   * `SHOW_PLUGINS` - enabled plugins that should have their visualizations shown, defaults to all enabled
   * `SHOW_FORECAST` (`ar2`) - plugin forecasts that should be shown by default, supports space delimited values such as `"ar2 openaps"`
   * `LANGUAGE` (`en`) - language of Nightscout. If not available english is used
-    * Currently supported language codes are: bg (Български), cs (Čeština), de (Deutsch), dk (Dansk), el (Ελληνικά), en (English), es (Español), fi (Suomi), fr (Français), he (עברית), hr (Hrvatski), it (Italiano), ko (한국어), nb (Norsk (Bokmål)), nl (Nederlands), pl (Polski), pt (Português (Brasil)), ro (Română), ru (Русский), sk (Slovenčina), sv (Svenska), tr (Turkish), zh_cn (中文（简体)), zh_tw (中文（繁體))
+    * Currently supported language codes are: bg (Български), cs (Čeština), de (Deutsch), dk (Dansk), el (Ελληνικά), en (English), es (Español), fi (Suomi), fr (Français), he (עברית), hr (Hrvatski), hu (magyar), it (Italiano), ko (한국어), nb (Norsk (Bokmål)), nl (Nederlands), pl (Polski), pt (Português (Brasil)), ro (Română), ru (Русский), sk (Slovenčina), sv (Svenska), tr (Turkish), zh_cn (中文（简体)), zh_tw (中文（繁體))
   * `SCALE_Y` (`log`) - The type of scaling used for the Y axis of the charts system wide.
     * The default `log` (logarithmic) option will let you see more detail towards the lower range, while still showing the full CGM range.
     * The `linear` option has equidistant tick marks; the range used is dynamic so that space at the top of chart isn't wasted.

app.js

@@ -29,19 +29,7 @@ function create (env, ctx) {
 
       const enableCSP = env.secureCsp ? true : false;
 
-      console.info('Enabled SECURE_HSTS_HEADER (HTTP Strict Transport Security)');
-      const helmet = require('helmet');
-      var includeSubDomainsValue = env.secureHstsHeaderIncludeSubdomains;
-      var preloadValue = env.secureHstsHeaderPreload;
-      app.use(helmet({
-        hsts: {
-          maxAge: 31536000
-          , includeSubDomains: includeSubDomainsValue
-          , preload: preloadValue
-        }
-        , frameguard: false
-        , contentSecurityPolicy: enableCSP
-      }));
+      let cspPolicy = false;
 
       if (enableCSP) {
         var secureCspReportOnly = env.secureCspReportOnly;
@@ -60,7 +48,7 @@ function create (env, ctx) {
           }
         }
 
-        app.use(helmet.contentSecurityPolicy({ //TODO make NS work without 'unsafe-inline'
+        cspPolicy = { //TODO make NS work without 'unsafe-inline'
           directives: {
             defaultSrc: ["'self'"]
             , styleSrc: ["'self'", 'https://fonts.googleapis.com/', 'https://fonts.gstatic.com/', "'unsafe-inline'"]
@@ -76,7 +64,26 @@ function create (env, ctx) {
             , frameAncestors: frameAncestors
           }
           , reportOnly: secureCspReportOnly
-        }));
+        };
+      }
+      
+
+      console.info('Enabled SECURE_HSTS_HEADER (HTTP Strict Transport Security)');
+      const helmet = require('helmet');
+      var includeSubDomainsValue = env.secureHstsHeaderIncludeSubdomains;
+      var preloadValue = env.secureHstsHeaderPreload;
+      app.use(helmet({
+        hsts: {
+          maxAge: 31536000
+          , includeSubDomains: includeSubDomainsValue
+          , preload: preloadValue
+        }
+        , frameguard: false
+        , contentSecurityPolicy: cspPolicy
+      }));
+
+      if (enableCSP) {
+
         app.use(helmet.referrerPolicy({ policy: 'no-referrer' }));
         app.use(bodyParser.json({ type: ['json', 'application/csp-report'] }));
         app.post('/report-violation', (req, res) => {
@@ -276,9 +283,12 @@ function create (env, ctx) {
   // API docs
 
   const swaggerUi = require('swagger-ui-express');
+  const swaggerUseSchema = schema => (...args) => swaggerUi.setup(schema)(...args);
   const swaggerDocument = require('./swagger.json');
+  const swaggerDocumentApiV3 = require('./lib/api3/swagger.json');
 
-  app.use('/api-docs', swaggerUi.serve, swaggerUi.setup(swaggerDocument));
+  app.use('/api-docs', swaggerUi.serve, swaggerUseSchema(swaggerDocument));
+  app.use('/api3-docs', swaggerUi.serve, swaggerUseSchema(swaggerDocumentApiV3));
 
   app.use('/swagger-ui-dist', (req, res) => {
     res.redirect(307, '/api-docs');

docs/plugins/add-virtual-assistant-support-to-plugin.md

@@ -36,9 +36,8 @@ There are 2 types of handlers that you can supply:
 
 A plugin can expose multiple intent handlers (e.g. useful when it can supply multiple kinds of metrics). Each intent handler should be structured as follows:
 + `intent` - This is the intent this handler is built for. Right now, the templates used by both Alexa and Google Home use only the `"MetricNow"` intent (used for getting the present value of the requested metric)
-+ `metrics` - An array of metric name(s) the handler will supply. e.g. "What is my `metric`" - iob, bg, cob, etc. Make sure to add the metric name and its synonyms to the list of metrics used by the virtual assistant(s).
-    - **IMPORTANT NOTE:** There is no protection against overlapping metric names, so PLEASE make sure your metric name is unique! 
-    - Note: Although this value *is* an array, you really should only supply one (unique) value, and then add aliases or synonyms to that value in the list of metrics for the virtual assistant. We keep this value as an array for backwards compatibility.
++ `metrics` - An array of metric name(s) the handler will supply. e.g. "What is my `metric`" - iob, bg, cob, etc. Although this value *is* an array, you really should only supply one (unique) value, and then add aliases or synonyms to that value in the list of metrics for the virtual assistant. We keep this value as an array for backwards compatibility.
+    - **IMPORTANT NOTE:** There is no protection against overlapping metric names, so PLEASE make sure your metric name is unique!
 + `intenthandler` - This is a callback function that receives 3 arguments:
     - `callback` Call this at the end of your function. It requires 2 arguments:
         - `title` - Title of the handler. This is the value that will be displayed on the Alexa card (for devices with a screen). The Google Home response doesn't currently display a card, so it doesn't use this value.

docs/plugins/alexa-templates/en-us.json

@@ -68,6 +68,14 @@
                 {
                     "name": "AMAZON.StopIntent",
                     "samples": []
+                },
+                {
+                    "name": "AMAZON.CancelIntent",
+                    "samples": []
+                },
+                {
+                    "name": "AMAZON.HelpIntent",
+                    "samples": []
                 }
             ],
             "types": [
@@ -233,6 +241,16 @@
                             "name": {
                                 "value": "cgm mode"
                             }
+                        },
+                        {
+                            "name": {
+                                "value": "db size",
+                                "synonyms": [
+                                    "database size",
+                                    "data size",
+                                    "file size"
+                                ]
+                            }
                         }
                     ]
                 }

docs/plugins/google-home-templates/en-us.zip

@@ -41,7 +41,8 @@ To add Google Home support for your Nightscout site, here's what you need to do:
 1. Click on the "New Project" button.
 1. If prompted, agree to the Terms of Service.
 1. Give your project a name (e.g. "Nightscout") and then click "Create project".
-1. For the "development experience", select "Conversational" at the bottom of the list.
+1. When asked what kind of Action you want to build, select "Custom" and then click the "Next" button.
+1. When selecting how you want to build the project, scroll down to the bottom of the screen and click the link to build it using DialogFlow.
 1. Click on the "Develop" tab at the top of the sreen.
 1. Click on "Invocation" in the left navigation pane.
 1. Set the display name (e.g. "Night Scout") of your Action and set your Google Assistant voice.

docs/plugins/googlehome-plugin.md

@@ -1,5 +1,6 @@
 'use strict';
 
+var _ = require('lodash');
 var moment = require('moment');
 
 function configure (app, wares, ctx, env) {
@@ -18,7 +19,7 @@ function configure (app, wares, ctx, env) {
 
   api.post('/alexa', ctx.authorization.isPermitted('api:*:read'), function (req, res, next) {
     console.log('Incoming request from Alexa');
-    var locale = req.body.request.locale;
+    var locale = _.get(req, 'body.request.locale');
     if(locale){
       if(locale.length > 2) {
         locale = locale.substr(0, 2);
@@ -78,19 +79,10 @@ function configure (app, wares, ctx, env) {
   function handleIntent(intentName, slots, next) {
     var metric;
     if (slots) {
-      if (slots.metric
-        && slots.metric.resolutions
-        && slots.metric.resolutions.resolutionsPerAuthority
-        && slots.metric.resolutions.resolutionsPerAuthority.length
-        && slots.metric.resolutions.resolutionsPerAuthority[0].status
-        && slots.metric.resolutions.resolutionsPerAuthority[0].status.code
-        && slots.metric.resolutions.resolutionsPerAuthority[0].status.code == "ER_SUCCESS_MATCH"
-        && slots.metric.resolutions.resolutionsPerAuthority[0].values
-        && slots.metric.resolutions.resolutionsPerAuthority[0].values.length
-        && slots.metric.resolutions.resolutionsPerAuthority[0].values[0].value
-        && slots.metric.resolutions.resolutionsPerAuthority[0].values[0].value.name
-      ){
-        metric = slots.metric.resolutions.resolutionsPerAuthority[0].values[0].value.name;
+      var slotStatus = _.get(slots, 'metric.resolutions.resolutionsPerAuthority[0].status.code');
+      var slotName = _.get(slots, 'metric.resolutions.resolutionsPerAuthority[0].values[0].value.name');
+      if (slotStatus == "ER_SUCCESS_MATCH" && slotName) {
+        metric = slotName;
       } else {
         next(translate('virtAsstUnknownIntentTitle'), translate('virtAsstUnknownIntentText'));
         return;

lib/api/alexa/index.js

@@ -1,5 +1,6 @@
 'use strict';
 
+var _ = require('lodash');
 var moment = require('moment');
 
 function configure (app, wares, ctx, env) {
@@ -18,7 +19,7 @@ function configure (app, wares, ctx, env) {
 
   api.post('/googlehome', ctx.authorization.isPermitted('api:*:read'), function (req, res, next) {
     console.log('Incoming request from Google Home');
-    var locale = req.body.queryResult.languageCode;
+    var locale = _.get(req, 'body.queryResult.languageCode');
     if(locale){
       if(locale.length > 2) {
         locale = locale.substr(0, 2);

lib/api/googlehome/index.js

@@ -32,6 +32,7 @@ function configure (app, wares, env, ctx) {
       , settings: settings
       , extendedSettings: extended
       , authorized: ctx.authorization.authorize(authToken)
+      , runtimeState: ctx.runtimeState
     };
 
     var badge = 'http://img.shields.io/badge/Nightscout-OK-green';

lib/api/status.js

@@ -11,7 +11,7 @@ Each NS instance with API v3 contains self-included OpenAPI specification at [/a
 ---
 ###  VERSION
 
-[VERSION](https://nsapiv3.herokuapp.com/api/v3/swagger-ui-dist/#/other/get_version) operation gets you basic information about software packages versions.
+[VERSION](https://nsapiv3.herokuapp.com/api3-docs/#/other/get_version) operation gets you basic information about software packages versions.
 It is public (there is no need to add authorization parameters/headers).
 
 Sample GET `/version` client code (to get actual versions):
@@ -38,7 +38,7 @@ Sample result:
 ---
 ###  STATUS
 
-[STATUS](https://nsapiv3.herokuapp.com/api/v3/swagger-ui-dist/#/other/get_status) operation gets you basic information about software packages versions.
+[STATUS](https://nsapiv3.herokuapp.com/api3-docs/#/other/get_status) operation gets you basic information about software packages versions.
 It is public (there is no need to add authorization parameters/headers).
 
 Sample GET `/status` client code (to get my actual permissions):
@@ -75,7 +75,7 @@ Sample result:
 ---
 ###  SEARCH
 
-[SEARCH](https://nsapiv3insecure.herokuapp.com/api/v3/swagger-ui-dist/index.html#/generic/SEARCH) operation filters, sorts, paginates and projects documents from the collection.
+[SEARCH](https://nsapiv3insecure.herokuapp.com/api3-docs/#/generic/SEARCH) operation filters, sorts, paginates and projects documents from the collection.
 
 Sample GET `/entries` client code (to retrieve last 3 BG values):
 ```javascript
@@ -110,7 +110,7 @@ Sample result:
 ---
 ###  CREATE
 
-[CREATE](https://nsapiv3.herokuapp.com/api/v3/swagger-ui-dist/#/generic/post__collection_) operation inserts a new document into the collection.
+[CREATE](https://nsapiv3.herokuapp.com/api3-docs/#/generic/post__collection_) operation inserts a new document into the collection.
 
 Sample POST `/treatments` client code:
 ```javascript
@@ -140,7 +140,7 @@ Sample result:
 ---
 ###  READ
 
-[READ](https://nsapiv3.herokuapp.com/api/v3/swagger-ui-dist/#/generic/get__collection___identifier_) operation retrieves you a single document from the collection by its identifier.
+[READ](https://nsapiv3.herokuapp.com/api3-docs/#/generic/get__collection___identifier_) operation retrieves you a single document from the collection by its identifier.
 
 Sample GET `/treatments/{identifier}` client code:
 ```javascript
@@ -172,7 +172,7 @@ Sample result:
 ---
 ###  LAST MODIFIED
 
-[LAST MODIFIED](https://nsapiv3insecure.herokuapp.com/api/v3/swagger-ui-dist/index.html#/other/LAST-MODIFIED) operation finds the date of last modification for each collection.
+[LAST MODIFIED](https://nsapiv3insecure.herokuapp.com/api3-docs/#/other/LAST-MODIFIED) operation finds the date of last modification for each collection.
 
 Sample GET `/lastModified` client code (to get latest modification dates):
 ```javascript
@@ -199,7 +199,7 @@ Sample result:
 ---
 ###  UPDATE
 
-[UPDATE](https://nsapiv3insecure.herokuapp.com/api/v3/swagger-ui-dist/index.html#/generic/put__collection___identifier_) operation updates existing document in the collection.
+[UPDATE](https://nsapiv3insecure.herokuapp.com/api3-docs/#/generic/put__collection___identifier_) operation updates existing document in the collection.
 
 Sample PUT `/treatments/{identifier}` client code (to update `insulin` from 0.3 to 0.4):
 ```javascript
@@ -231,7 +231,7 @@ Sample result:
 ---
 ###  PATCH
 
-[PATCH](https://nsapiv3insecure.herokuapp.com/api/v3/swagger-ui-dist/index.html#/generic/patch__collection___identifier_) operation partially updates existing document in the collection.
+[PATCH](https://nsapiv3insecure.herokuapp.com/api3-docs/#/generic/patch__collection___identifier_) operation partially updates existing document in the collection.
 
 Sample PATCH `/treatments/{identifier}` client code (to update `insulin` from 0.4 to 0.5):
 ```javascript
@@ -259,7 +259,7 @@ Sample result:
 ---
 ###  DELETE
 
-[DELETE](https://nsapiv3insecure.herokuapp.com/api/v3/swagger-ui-dist/index.html#/generic/delete__collection___identifier_) operation deletes existing document from the collection.
+[DELETE](https://nsapiv3insecure.herokuapp.com/api3-docs/#/generic/delete__collection___identifier_) operation deletes existing document from the collection.
 
 Sample DELETE `/treatments/{identifier}` client code (to update `insulin` from 0.4 to 0.5):
 ```javascript
@@ -282,7 +282,7 @@ Sample result:
 ---
 ###  HISTORY
 
-[HISTORY](https://nsapiv3insecure.herokuapp.com/api/v3/swagger-ui-dist/index.html#/generic/HISTORY2) operation queries all changes since the timestamp.
+[HISTORY](https://nsapiv3insecure.herokuapp.com/api3-docs/#/generic/HISTORY2) operation queries all changes since the timestamp.
 
 Sample HISTORY `/treatments/history/{lastModified}` client code:
 ```javascript
@@ -326,4 +326,4 @@ Sample result:
   }
 ]
 ```
-Notice the `"isValid":false` field marking the deletion of the document.
+Notice the `"isValid":false` field marking the deletion of the document.