deprecate TREATMENTS_AUTH; for backwards compat setting TREATMENTS_AU…

…TH=off will cause the careportal role to be added to AUTH_DEFAULT_ROLES
dallascyclist · Aug 6, 2016 · 8b86bfa · 8b86bfa
1 parent b44780c
commit 8b86bfa
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 11 deletions.
diff --git a/README.md b/README.md
@@ -171,10 +171,10 @@ To learn more about the Nightscout API, visit https://YOUR-SITE.com/api-docs.htm
   * `ENABLE` - Used to enable optional features, expects a space delimited list, such as: `careportal rawbg iob`, see [plugins](#plugins) below
   * `DISABLE` - Used to disable default features, expects a space delimited list, such as: `direction upbat`, see [plugins](#plugins) below
   * `API_SECRET` - A secret passphrase that must be at least 12 characters long, required to enable `POST` and `PUT`; also required for the Care Portal
-  * `TREATMENTS_AUTH` (`on`) - possible values `on` or `off`. When on device must be authenticated by entering `API_SECRET` to create treatments
   * `AUTH_DEFAULT_ROLES` (`readable`) - possible values `readable`, `denied`, or any valid role
     name.  When `readable`, anyone can view Nightscout without a token.
     Setting it to `denied` will require a token from every visit, using `status-only` will enable api-secret based login.
+  * `TREATMENTS_AUTH` (`on`) - possible values `on` or `off`. Deprecated, if set to `off` the `careportal` role will be added to `AUTH_DEFAULT_ROLES`
 
 
 ### Alarms

diff --git a/env.js b/env.js
@@ -29,9 +29,6 @@ function config ( ) {
   setMongo();
   updateSettings();
 
-  // require authorization for entering treatments
-  env.treatments_auth = readENV('TREATMENTS_AUTH', true);
-
   return env;
 }
 
@@ -65,6 +62,12 @@ function setAPISecret() {
       var shasum = crypto.createHash('sha1');
       shasum.update(readENV('API_SECRET'));
       env.api_secret = shasum.digest('hex');
+
+      if (!readENV('TREATMENTS_AUTH', true)) {
+
+      }
+
+
     }
   }
 }
@@ -132,6 +135,16 @@ function updateSettings() {
 
   //should always find extended settings last
   env.extendedSettings = findExtendedSettings(process.env);
+
+  console.info('>>>authDefaultRoles', env.settings.authDefaultRoles);
+  if (!readENV('TREATMENTS_AUTH', true)) {
+    env.settings.authDefaultRoles = env.settings.authDefaultRoles || [ ];
+    env.settings.authDefaultRoles += ' careportal';
+
+    console.info('>>>added careportal to authDefaultRoles', env.settings.authDefaultRoles);
+  }
+
+
 }
 
 function readENV(varName, defaultValue) {

diff --git a/lib/api/index.js b/lib/api/index.js
@@ -34,8 +34,6 @@ function create (env, ctx) {
 
   app.set('title', [app.get('name'),  'API', app.get('version')].join(' '));
 
-  app.set('treatments_auth', env.treatments_auth);
-
  // Start setting up routes
   if (app.enabled('api')) {
     // experiments

diff --git a/lib/api/treatments/index.js b/lib/api/treatments/index.js
@@ -40,11 +40,7 @@ function configure (app, wares, ctx) {
         }
       });
     }
-    if (app.settings.treatments_auth) {
-      api.post('/treatments/', wares.bodyParser({limit: 1048576 * 50 }), ctx.authorization.isPermitted('api:treatments:create'), post_response);
-    } else  {
-      api.post('/treatments/', wares.bodyParser({limit: 1048576 * 50 }), post_response);
-    }
+    api.post('/treatments/', wares.bodyParser({limit: 1048576 * 50 }), ctx.authorization.isPermitted('api:treatments:create'), post_response);
     api.delete('/treatments/:_id', ctx.authorization.isPermitted('api:treatments:delete'), function(req, res) {
       ctx.treatments.remove(req.params._id, function ( ) {
         res.json({ });