Support nightscout authentication, AUTH_DEFAULT_ROLES=denied configuration

[becksen]

I've downloaded nightwar form PlayStore. Configuring watchface I got the error "Invalid URL" although the URL is abolutely correct. Have confirmed it multiple times.

My NS URL is secured via token or secred. What is the correct syntax for the URL?

XDrip: @domain.herokuapp.com Nightguard: domain.herokuapp.com?=token

Please let me know what the correct syntax is for nightwear.

Thanks.

[rahim]

Nightwear expects the default AUTH_DEFAULT_ROLES=readonly nightscout config, there's currently no support for auth to support AUTH_DEFAULT_ROLES=denied (described in https://github.com/nightscout/cgm-remote-monitor#features)

It feels like an entirely sensible thing to add, but this is actually the first request I've had for it, it seems that most users run with that default.

[butzifutz]

Hi, I can upvote the request. Support for tokens would be really nessesary. I donn't want the cgm data to be readably to the world.

[rahim]

Nightscout's own secure your site documentation show the site URL with token as

https://yoursitename.herokuapp.com/?token=school-a595d5f0aeff64c0

Because we're doing all input on a watch we have a fairly funky approach to entering the URL (to try to minimise pain) split across multiple UI controls, constructing the URL from various pieces after the fact. We'll need a new field for the token.

BloodGlucoseService will need to know to append the token as query param to all requests (or if it's supported it would be preferable to send as an HTTP header, but that will require some investigation).

[rahim]

Reading a little further, there are separate docs for API authentication, which suggest we should be able to send the token in a custom API-SECRET HTTP header.

[becksen]

Nightscout's own secure your site documentation show the site URL with token as

https://yoursitename.herokuapp.com/?token=school-a595d5f0aeff64c0

Because we're doing all input on a watch we have a fairly funky approach to entering the URL (to try to minimise pain) split across multiple UI controls, constructing the URL from various pieces after the fact. We'll need a new field for the token.

BloodGlucoseService will need to know to append the token as query param to all requests (or if it's supported it would be preferable to send as an HTTP header, but that will require some investigation).

Hi @rahim ,

yes it's on the watch but it is a onetime setup. Please loose the restrictions and the check behind the field being able to enter the tokens.

Regards, becksen

[Arakon]

I'd also greatly appreciate this feature. Also, if I select an "other" URL (self-hosted), it automatically attaches the herokuapp.com anyways, making the URL invalid.

[Loquacity]

I've just moved away from Heroku, due to the changes to their free tier, and I'm managing my site on GCP with a URL provided by FreeDNS (using these instructions: https://navid200.github.io/xDrip/docs/Nightscout/GoogleCloud.html). This means instead of having a URL like mysite.herokuapp.com, it is mysite.randomthing.com. This means that my Nightwear watchface/complication will no longer accept my URL as valid. Do you have plans to change the validation on the URL to account for the Heroku changes at all? Thanks!

[rahim]

Hi @Loquacity - the experience is a bit awkward but you should be able to use arbitrary URLs with the existing version of the Nightwear. I think in the dropdown you'll need to switch "Heroku" to "[Other]" and then where you previously had mysite in the text field you instead need mysite.randomthing.com (which will be painful to enter on the watch, but should be possible).

I've started work on supporting the API key for the issue here and as part of that work have added a couple of the more common extensions for heroku alternatives like fly.dev.

[rahim]

I seem to have acknowledged @Arakon's message, but don't remember doing so. Sorry!

That sounds buggy in a way that I've not observed and sounds like @Loquacity might be reporting the same problem? I'll open another issue.

[Loquacity]

Hi @Loquacity - the experience is a bit awkward but you should be able to use arbitrary URLs with the existing version of the Nightwear. I think in the dropdown you'll need to switch "Heroku" to "[Other]" and then where you previously had mysite in the text field you instead need mysite.randomthing.com (which will be painful to enter on the watch, but should be possible).

Thanks for getting back to me, that's exactly what I've done, and I'm getting an "invalid URL" response. When I include an API token, it accepts the URL (as other), but then it appends the herokuapp.com regardless, which then means it can't resolve it (as @Arakon reported above). I'll update the new issue with pictures.

[rahim]

I've pushed a beta release that I hope should address the custom domain issue (#38) along with adding support for providing a secret. To opt in to the beta channel please follow Google's instructions here. Please let me know how you get on and I'll promote to general release.

[rahim]

If you need it, the NightWear play store URL is https://play.google.com/store/apps/details?id=im.rah.nightwear

[rahim]

Better still from a web browser a direct link to join the beta - https://play.google.com/apps/testing/im.rah.nightwear