feat: add Eversense Now CGM connector

nocturne.sln

@@ -146,6 +146,10 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{15AD23A6-2AE
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "NightscoutFoundation.Nocturne", "sdk\csharp\out\src\NightscoutFoundation.Nocturne\NightscoutFoundation.Nocturne.csproj", "{4E7462A7-89D6-44FD-8B40-4DE8BDD12543}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Nocturne.Connectors.Eversense.Tests", "tests\Unit\Nocturne.Connectors.Eversense.Tests\Nocturne.Connectors.Eversense.Tests.csproj", "{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Nocturne.Connectors.Eversense", "src\Connectors\Nocturne.Connectors.Eversense\Nocturne.Connectors.Eversense.csproj", "{A79F4737-785F-4D54-A4C3-73CFA477C9D8}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -660,6 +664,30 @@ Global
 		{4E7462A7-89D6-44FD-8B40-4DE8BDD12543}.Release|x64.Build.0 = Release|Any CPU
 		{4E7462A7-89D6-44FD-8B40-4DE8BDD12543}.Release|x86.ActiveCfg = Release|Any CPU
 		{4E7462A7-89D6-44FD-8B40-4DE8BDD12543}.Release|x86.Build.0 = Release|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Debug|x64.Build.0 = Debug|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Debug|x86.Build.0 = Debug|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Release|Any CPU.Build.0 = Release|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Release|x64.ActiveCfg = Release|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Release|x64.Build.0 = Release|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Release|x86.ActiveCfg = Release|Any CPU
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65}.Release|x86.Build.0 = Release|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Debug|x64.ActiveCfg = Debug|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Debug|x64.Build.0 = Debug|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Debug|x86.ActiveCfg = Debug|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Debug|x86.Build.0 = Debug|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Release|Any CPU.Build.0 = Release|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Release|x64.ActiveCfg = Release|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Release|x64.Build.0 = Release|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Release|x86.ActiveCfg = Release|Any CPU
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8}.Release|x86.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -721,5 +749,7 @@ Global
 		{DEFF1846-EDA4-2FF5-6B67-8F8E44E83984} = {455910FC-CC9B-244E-E3A8-78E8113461FC}
 		{15AD23A6-2AE8-6CCD-98A8-B9F72FE1F2E0} = {DEFF1846-EDA4-2FF5-6B67-8F8E44E83984}
 		{4E7462A7-89D6-44FD-8B40-4DE8BDD12543} = {15AD23A6-2AE8-6CCD-98A8-B9F72FE1F2E0}
+		{66546F32-B3E7-4FEB-B3B3-979C2F14CC65} = {F25A9213-C080-46DC-93A8-09D96E2C55A1}
+		{A79F4737-785F-4D54-A4C3-73CFA477C9D8} = {237CDB4C-E7C4-795B-969A-4CCB7C8B335B}
 	EndGlobalSection
 EndGlobal

src/API/Nocturne.API/Authorization/AllowDuringSetupAttribute.cs

@@ -2,10 +2,9 @@ namespace Nocturne.API.Authorization;
 
 /// <summary>
 /// Marks a controller or action as safe to invoke while the current tenant has not
-/// yet completed first-time setup (no passkey credentials) or is in recovery mode.
+/// yet completed first-time setup (no passkey credentials).
 /// <para>
-/// <see cref="Middleware.TenantSetupMiddleware"/> and
-/// <see cref="Middleware.RecoveryModeMiddleware"/> use endpoint metadata to
+/// <see cref="Middleware.TenantSetupMiddleware"/> uses endpoint metadata to
 /// short-circuit blocking behavior when this attribute is present.
 /// </para>
 /// <para>

src/API/Nocturne.API/Controllers/Authentication/PasskeyController.cs

@@ -471,20 +471,25 @@
     }
 
     /// <summary>
-    /// Returns whether the current tenant is in recovery mode.
-    /// In multi-tenant mode, queries the database for orphaned subjects.
-    /// In single-tenant mode, reads from the global RecoveryModeState.
+    /// Returns tenant auth status: whether setup is required or recovery mode is active.
+    /// Queries the database for passkey credentials and orphaned subjects.
     /// </summary>
-    [HttpGet("recovery-mode-status")]
+    [HttpGet("status")]
     [AllowAnonymous]
     [RemoteQuery]
-    [ProducesResponseType(StatusCodes.Status200OK)]
-    public async Task<IActionResult> GetRecoveryModeStatus([FromServices] RecoveryModeState state)
+    [ProducesResponseType(typeof(AuthStatusResponse), StatusCodes.Status200OK)]
+    public async Task<IActionResult> GetAuthStatus()
     {
+        var tenantId = _tenantAccessor.TenantId;
+
+        var hasCredentials = await _dbContext.TenantMembers
+            .Where(m => m.TenantId == tenantId)
+            .AnyAsync(m => _dbContext.PasskeyCredentials.Any(c => c.SubjectId == m.SubjectId));
+        var setupRequired = !hasCredentials;
+
         bool recoveryMode;
-        if (_tenantAccessor.IsResolved)
+        if (hasCredentials)
         {
-            var tenantId = _tenantAccessor.TenantId;
             recoveryMode = await _dbContext.TenantMembers
                 .Where(tm => tm.TenantId == tenantId)
                 .Join(
@@ -499,61 +504,10 @@
         }
         else
         {
-            recoveryMode = state.IsEnabled;
-        }
-
-        return Ok(new { recoveryMode });
-    }
-
-    /// <summary>
-    /// Returns tenant auth status: whether setup is required or recovery mode is active.
-    /// In multi-tenant mode, queries the database. In single-tenant mode, reads global state.
-    /// </summary>
-    [HttpGet("status")]
-    [AllowAnonymous]
-    [RemoteQuery]
-    [ProducesResponseType(typeof(AuthStatusResponse), StatusCodes.Status200OK)]
-    public async Task<IActionResult> GetAuthStatus([FromServices] RecoveryModeState state)
-    {
-        bool setupRequired;
-        bool recoveryMode;
-
-        if (_tenantAccessor.IsResolved)
-        {
-            var tenantId = _tenantAccessor.TenantId;
-            var hasCredentials = await _dbContext.TenantMembers
-                .Where(m => m.TenantId == tenantId)
-                .AnyAsync(m => _dbContext.PasskeyCredentials.Any(c => c.SubjectId == m.SubjectId));
-            setupRequired = !hasCredentials;
-
-            if (hasCredentials)
-            {
-                recoveryMode = await _dbContext.TenantMembers
-                    .Where(tm => tm.TenantId == tenantId)
-                    .Join(
-                        _dbContext.Subjects.Where(s => s.IsActive && !s.IsSystemSubject),
-                        tm => tm.SubjectId,
-                        s => s.Id,
-                        (tm, s) => s)
-                    .Where(s =>
-                        !_dbContext.SubjectOidcIdentities.Any(i => i.SubjectId == s.Id) &&
-                        !_dbContext.PasskeyCredentials.Any(p => p.SubjectId == s.Id))
-                    .AnyAsync();
-            }
-            else
-            {
-                recoveryMode = false;
-            }
-        }
-        else
-        {
-            setupRequired = state.IsSetupRequired;
-            recoveryMode = state.IsEnabled;
+            recoveryMode = false;
         }
 
-        var tenant = _tenantAccessor.IsResolved
-            ? await _dbContext.Tenants.FirstOrDefaultAsync(t => t.Id == _tenantAccessor.TenantId)
-            : await _dbContext.Tenants.IgnoreQueryFilters().FirstOrDefaultAsync(t => t.IsDefault);
+        var tenant = await _dbContext.Tenants.FirstOrDefaultAsync(t => t.Id == tenantId);
 
         return Ok(new AuthStatusResponse
         {
@@ -575,29 +529,15 @@
     [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status403Forbidden)]
     [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
     public async Task<ActionResult<PasskeyOptionsResponse>> SetupOptions(
-        [FromBody] SetupOptionsRequest request,
-        [FromServices] RecoveryModeState state)
+        [FromBody] SetupOptionsRequest request)
     {
-        // Use the resolved tenant (multi-tenant) or fall back to the default tenant (single-tenant)
-        var tenantId = _tenantAccessor.IsResolved
-            ? _tenantAccessor.TenantId
-            : (await _dbContext.Tenants.IgnoreQueryFilters().FirstOrDefaultAsync(t => t.IsDefault))?.Id
-                ?? Guid.Empty;
-
-        if (tenantId == Guid.Empty)
-        {
-            return Problem(detail: "Tenant not found — restart the application", statusCode: 500, title: "Server Error");
-        }
+        var tenantId = _tenantAccessor.TenantId;
 
-        // Single-tenant: RecoveryModeState.IsSetupRequired is set at startup
-        // Multi-tenant: no tenant members have passkey credentials yet
-        var tenantHasPasskeys = _tenantAccessor.IsResolved &&
-            await _dbContext.TenantMembers
-                .Where(m => m.TenantId == tenantId)
-                .AnyAsync(m => _dbContext.PasskeyCredentials.Any(c => c.SubjectId == m.SubjectId));
-        var tenantNeedsSetup = state.IsSetupRequired ||
-            (_tenantAccessor.IsResolved && !tenantHasPasskeys);
-        if (!tenantNeedsSetup)
+        // Check whether any tenant member already has a passkey credential
+        var tenantHasPasskeys = await _dbContext.TenantMembers
+            .Where(m => m.TenantId == tenantId)
+            .AnyAsync(m => _dbContext.PasskeyCredentials.Any(c => c.SubjectId == m.SubjectId));
+        if (tenantHasPasskeys)
         {
             return Problem(detail: "Setup mode is not active", statusCode: 403, title: "Forbidden");
         }
@@ -675,26 +615,15 @@
     [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status403Forbidden)]
     [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
     public async Task<ActionResult<SetupCompleteResponse>> SetupComplete(
-        [FromBody] SetupCompleteRequest request,
-        [FromServices] RecoveryModeState state)
+        [FromBody] SetupCompleteRequest request)
     {
-        var tenantId = _tenantAccessor.IsResolved
-            ? _tenantAccessor.TenantId
-            : (await _dbContext.Tenants.IgnoreQueryFilters().FirstOrDefaultAsync(t => t.IsDefault))?.Id
-                ?? Guid.Empty;
-
-        if (tenantId == Guid.Empty)
-        {
-            return Problem(detail: "Tenant not found", statusCode: 500, title: "Server Error");
-        }
+        var tenantId = _tenantAccessor.TenantId;
 
-        var tenantHasPasskeys = _tenantAccessor.IsResolved &&
-            await _dbContext.TenantMembers
-                .Where(m => m.TenantId == tenantId)
-                .AnyAsync(m => _dbContext.PasskeyCredentials.Any(c => c.SubjectId == m.SubjectId));
-        var tenantNeedsSetup = state.IsSetupRequired ||
-            (_tenantAccessor.IsResolved && !tenantHasPasskeys);
-        if (!tenantNeedsSetup)
+        // Check whether any tenant member already has a passkey credential
+        var tenantHasPasskeys = await _dbContext.TenantMembers
+            .Where(m => m.TenantId == tenantId)
+            .AnyAsync(m => _dbContext.PasskeyCredentials.Any(c => c.SubjectId == m.SubjectId));
+        if (tenantHasPasskeys)
         {
             return Problem(detail: "Setup mode is not active", statusCode: 403, title: "Forbidden");
         }
@@ -720,7 +649,7 @@
             }
 
             var roles = await _subjectService.GetSubjectRolesAsync(credResult.SubjectId);
             var permissions = await _subjectService.GetSubjectPermissionsAsync(credResult.SubjectId);
 
             // Issue session
             var subjectInfo = new SubjectInfo
@@ -740,9 +669,6 @@
 
             SetSessionCookies(accessToken, refreshToken);
 
-            // Exit setup mode
-            state.IsSetupRequired = false;
-
             _logger.LogInformation(
                 "Setup complete: first user {SubjectId} registered with passkey",
                 credResult.SubjectId);
@@ -780,9 +706,9 @@
     public async Task<ActionResult<PasskeyOptionsResponse>> AccessRequestOptions(
         [FromBody] AccessRequestOptionsRequest request)
     {
+        var tenantId = _tenantAccessor.TenantId;
         var tenant = await _dbContext.Tenants
-            .IgnoreQueryFilters()
-            .FirstOrDefaultAsync(t => t.IsDefault);
+            .FirstOrDefaultAsync(t => t.Id == tenantId);
 
         if (tenant == null || !tenant.AllowAccessRequests)
             return NotFound();
@@ -847,9 +773,9 @@
         [FromBody] AccessRequestCompleteRequest request,
         [FromServices] IInAppNotificationService notificationService)
     {
+        var tenantId = _tenantAccessor.TenantId;
         var tenant = await _dbContext.Tenants
-            .IgnoreQueryFilters()
-            .FirstOrDefaultAsync(t => t.IsDefault);
+            .FirstOrDefaultAsync(t => t.Id == tenantId);
 
         if (tenant == null || !tenant.AllowAccessRequests)
             return NotFound();
@@ -929,12 +855,7 @@
         if (invite == null || !invite.IsValid)
             return NotFound();
 
-        var tenant = await _dbContext.Tenants
-            .IgnoreQueryFilters()
-            .FirstOrDefaultAsync(t => t.IsDefault);
-
-        if (tenant == null)
-            return Problem(detail: "Default tenant not found", statusCode: 500, title: "Server Error");
+        var tenantId = _tenantAccessor.TenantId;
 
         // Create the subject
         var subjectId = Guid.CreateVersion7();
@@ -957,7 +878,7 @@
 
         // Generate passkey registration options
         var result = await _passkeyService.GenerateRegistrationOptionsAsync(
-            subjectId, username, tenant.Id);
+            subjectId, username, tenantId);
 
         return Ok(new PasskeyOptionsResponse
         {
@@ -985,17 +906,12 @@
             return Problem(detail: "Challenge token and invite token are required", statusCode: 400, title: "Bad Request");
         }
 
-        var tenant = await _dbContext.Tenants
-            .IgnoreQueryFilters()
-            .FirstOrDefaultAsync(t => t.IsDefault);
-
-        if (tenant == null)
-            return Problem(detail: "Default tenant not found", statusCode: 500, title: "Server Error");
+        var tenantId = _tenantAccessor.TenantId;
 
         try
         {
             var credResult = await _passkeyService.CompleteRegistrationAsync(
-                request.AttestationResponseJson, request.ChallengeToken, tenant.Id);
+                request.AttestationResponseJson, request.ChallengeToken, tenantId);
 
             // Accept the invite
             var acceptResult = await memberInviteService.AcceptInviteAsync(request.Token, credResult.SubjectId);

src/API/Nocturne.API/Controllers/MetadataController.cs

@@ -195,8 +195,7 @@ public ActionResult<MultitenancyInfo> GetMultitenancyInfo(
         return Ok(new MultitenancyInfo
         {
             BaseDomain = config.Value.BaseDomain,
-            DefaultTenantSlug = config.Value.DefaultTenantSlug,
-            SubdomainResolution = !string.IsNullOrEmpty(config.Value.BaseDomain),
+            SubdomainResolution = true,
             AllowSelfServiceCreation = config.Value.AllowSelfServiceCreation,
             CurrentTenantSlug = tenantContext?.Slug,
             CurrentTenantId = tenantContext?.TenantId,
@@ -571,11 +570,6 @@ public class MultitenancyInfo
     /// </summary>
     public string? BaseDomain { get; set; }
 
-    /// <summary>
-    /// Slug of the auto-created default tenant
-    /// </summary>
-    public string DefaultTenantSlug { get; set; } = "default";
-
     /// <summary>
     /// Whether subdomain-based tenant resolution is active
     /// </summary>