Warn users if their instance is world readable

lib/server/bootevent.js

@@ -15,23 +15,14 @@ function boot (env, language) {
     if (env.notifies) {
       ctx.adminnotifies.addNotify(env.notifies[0]); // TODO iterate all
     }
+
     next();
   }
 
   //////////////////////////////////////////////////
   // Check Node version.
-  // Latest Node 8 LTS and Latest Node 10 LTS are recommended and supported.
-  // Latest Node version on Azure is tolerated, but not recommended
-  // Latest Node (non LTS) version works, but is not recommended
+  // Latest Node 10 to 14 LTS are recommended and supported.
   // Older Node versions or Node versions with known security issues will not work.
-  // More explicit:
-  // < 8        does not work, not supported
-  // >= 8.15.1  works, supported and recommended
-  // == 9.x     does not work, not supported
-  // == 10.15.2 works, not fully supported and not recommended (Azure version)
-  // >= 10.16.0 works, supported and recommended
-  // == 11.x    does not work, not supported
-  // >= 12.6.0  does work, not recommended, will not be supported. We only support Node LTS releases
   ///////////////////////////////////////////////////
   function checkNodeVersion (ctx, next) {
 
@@ -125,6 +116,15 @@ function boot (env, language) {
       err: 'API_SECRET setting is missing, cannot enable REST API'});
     }
 
+    if (env.settings.authDefaultRoles == 'readable') {
+      const message = {
+        title: "Nightscout readable by world"
+        ,message: "Your Nightscout installation is readable by anyone who knows the web page URL. Please consider closing access to the site by following the instructions in the <a href=\"http://nightscout.github.io/nightscout/admin_tools/#turn-off-unauthorized-access\" target=\"_new\">Nightscout documentation</a>."
+        ,persistent: true
+      };
+      ctx.adminnotifies.addNotify(message);
+    }
+
     next();
   }