These are chat archives for nightscout/beta

19th
Feb 2015
XiTatiON
@xitation
Feb 19 2015 01:25
Howdie
are there any plans to allow for authentication on the NS website, and I suppose if that's implemented then also the phone upload app needs a field to auth to the API?
I know it's just my sugar levels floating around on a page, But I work in IT security and I don't like un-authenticated access to things that hold my data.
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:27
we haven't been using this room for a while, most of the activity is in the /public room
XiTatiON
@xitation
Feb 19 2015 01:27
people could also screw around with your site settings, which is also not the end of the world, but you know :)
As righto, might paste in there then.
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:27
there is simple auth for the rest api upload
XiTatiON
@xitation
Feb 19 2015 01:27
the api key?
sure that's fine
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:27
yeah
XiTatiON
@xitation
Feb 19 2015 01:27
I'm talking like basic http auth
to access the page
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:27
if it's over ssl it should be ok
XiTatiON
@xitation
Feb 19 2015 01:28
api key over https is sufficent for the app I suppose.
does mean that you need to leave the api component of the site hanging out in the wind though.
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:28
there is a branch that does a lot more, but need to keep it simple uses
XiTatiON
@xitation
Feb 19 2015 01:28
Sure understand that.
which is the "advanced" branch?
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:29
it was an integration with a tool called drywall
allow authentication via oauth from google, github, fb, etc
so we don't need to do that part
Ben West
@bewest
Feb 19 2015 01:30
mm?
thought we need that part, but not the admin part... yet ;-)
XiTatiON
@xitation
Feb 19 2015 01:30
ah yeh
Ben West
@bewest
Feb 19 2015 01:30
the api secret works pretty much like http bearer
XiTatiON
@xitation
Feb 19 2015 01:31
oauth would be neat.
Ben West
@bewest
Feb 19 2015 01:31
drywall has bunch of boilerplate for simply dealing with oauth
XiTatiON
@xitation
Feb 19 2015 01:31
simple http auth would be sufficient too.
Ben West
@bewest
Feb 19 2015 01:31
which frankly I prefer to people maintaining their own user dbs
but if people want custom user db, they can do that out of the box too
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:32
I'd be happy with a env var with key values
Ben West
@bewest
Feb 19 2015 01:32
warning it's pretty messy
XiTatiON
@xitation
Feb 19 2015 01:32
that would be ideal.
Ben West
@bewest
Feb 19 2015 01:32
yeah, api-secret will be kept always
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:32
and hasn't been updated in a long time
XiTatiON
@xitation
Feb 19 2015 01:32
I'm not after high security here... just wanna stop driveby connections to site.
Ben West
@bewest
Feb 19 2015 01:32
if you don't set api secret
you can read-only
you want to blacklist default, and auth reads also?
XiTatiON
@xitation
Feb 19 2015 01:33
sure but if you hit my site url, you can access the site, access the settings right?
I'd like to auth to see site
Ben West
@bewest
Feb 19 2015 01:33
would be nice to maybe get passport with http-bearer to do that
no
XiTatiON
@xitation
Feb 19 2015 01:33
or at least have an option to allow that mode of opperation
Ben West
@bewest
Feb 19 2015 01:33
well yess
currently public can read
but not the config values
XiTatiON
@xitation
Feb 19 2015 01:33
Yeh
Ben West
@bewest
Feb 19 2015 01:33
just the data and the basic site
XiTatiON
@xitation
Feb 19 2015 01:33
I don't want that :)
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:34
support will get much harder when we extend auth
Ben West
@bewest
Feb 19 2015 01:34
gotcha
right
XiTatiON
@xitation
Feb 19 2015 01:34
it could be optional though right?
Ben West
@bewest
Feb 19 2015 01:34
that's one reason I like the admin interface
and oauth
XiTatiON
@xitation
Feb 19 2015 01:34
from what i can tell, if you put auth in front of the site
Ben West
@bewest
Feb 19 2015 01:34
so you can oauth a friend to admin your site through FB/github
XiTatiON
@xitation
Feb 19 2015 01:34
the android app would need to know the creds
Ben West
@bewest
Feb 19 2015 01:34
android app already uses the api secret
to auth writes
android app doesn't care about reads
XiTatiON
@xitation
Feb 19 2015 01:35
yeh but the whole site would be behind an auth gateway.
so no api access would be allowed without creds.
that being said I suppose you can allow api access without auth
Ben West
@bewest
Feb 19 2015 01:35
currently only read access is available without auth
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:35
whats the auth situation with mqtt
XiTatiON
@xitation
Feb 19 2015 01:35
and require auth to the basic site.
Ben West
@bewest
Feb 19 2015 01:35
similar to mogo
mongo
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:35
so clear text floating around the net
Ben West
@bewest
Feb 19 2015 01:35
I was thinking api-secret will become classic http-bearer
and android-uploader can continue using it
adding another auth layer shouldn't affect it
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:36
no ssl/mqtt
right?
Ben West
@bewest
Feb 19 2015 01:36
there is ssl
XiTatiON
@xitation
Feb 19 2015 01:36
I know not everyone would want to force user login to the site to view data... but I feel some people might like it.
Ben West
@bewest
Feb 19 2015 01:36
yes, some do
XiTatiON
@xitation
Feb 19 2015 01:36
also means you can move the site behind reverse authenticating proxies.
if you so wished.
Ben West
@bewest
Feb 19 2015 01:39
right now everyone self-deploys diy to azure, heroku or similar
XiTatiON
@xitation
Feb 19 2015 01:39
Anyway, understandably this isn't a high priority, but is my one feature request :)
Ben West
@bewest
Feb 19 2015 01:40
so blocking people without having a way to share maintenance burden is going to strand some people
it is a priority
it's a common request
we would accept patches :-)
XiTatiON
@xitation
Feb 19 2015 01:40
Yeh I'd say this mod wouldn't be for everyone.
Unless you can figure out a way to make it really simple.
Ben West
@bewest
Feb 19 2015 01:40
right, so my thought there
was make it easy to do oauth with an admin role
that way once they are set up, if they run into trouble they can invite a friend to help
XiTatiON
@xitation
Feb 19 2015 01:41
neat idea
Ben West
@bewest
Feb 19 2015 01:41
so that was thought behind drywall... it's got all the options and is made for hacking
prepares way for nice things
XiTatiON
@xitation
Feb 19 2015 01:41
I'll have to have a poke at drywall
Ben West
@bewest
Feb 19 2015 01:42
I modified it to bolt it ontop of nightscout
so it's a relatively simple process to enable it
XiTatiON
@xitation
Feb 19 2015 01:42
Are you aware of anyone hosting this on their own kit? e.g. not azure?
Ben West
@bewest
Feb 19 2015 01:42
sure
XiTatiON
@xitation
Feb 19 2015 01:42
Apache + Node.js
Ben West
@bewest
Feb 19 2015 01:42
several people do that
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:42
I do that
XiTatiON
@xitation
Feb 19 2015 01:42
I'm looking into it.
Ben West
@bewest
Feb 19 2015 01:42
I run on custom dokku/docker container
XiTatiON
@xitation
Feb 19 2015 01:42
havn't pulled the trigger yet.
Oh yeh
I'm new to node.js
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:43
local nginx, node, and mongo
Ben West
@bewest
Feb 19 2015 01:43
I use nginx to reverse proxy
XiTatiON
@xitation
Feb 19 2015 01:43
to gotta work out what's involved in configuring that on debian.
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:43
on digitalocean
Ben West
@bewest
Feb 19 2015 01:43
for about dozen people
XiTatiON
@xitation
Feb 19 2015 01:43
yeh they have some great deals up there.
no pre-auth on the proxy though right?
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:43
just an apt get, clone, and npm install
Ben West
@bewest
Feb 19 2015 01:43
with dokku, I installed dokku and use most defaults
and just git push to each site
they have a template that nicely assigns and maps ports correctly programmatically
XiTatiON
@xitation
Feb 19 2015 01:44
nice
Ideally I'd like it to be implemented like this (reverse auth proxy tier) -> (app tier) -> (db tier)
nothing can hit app tier without having first authenticated
only app tier can hit db tier
Ben West
@bewest
Feb 19 2015 01:45
actually that might be nice
so you set up public ns
just leave it
XiTatiON
@xitation
Feb 19 2015 01:46
We do that in our DC's at work
3 tiers
nothing can go from DMZ to anything.
Ben West
@bewest
Feb 19 2015 01:46
then you can launch a second thing, simple config: auth prefs, and address of source
XiTatiON
@xitation
Feb 19 2015 01:46
Pre authed traffic in DMZ can then pass to trusted
Ben West
@bewest
Feb 19 2015 01:46
share that thing
XiTatiON
@xitation
Feb 19 2015 01:46
and only trusted can hold data
trusted can connect to data tier once again with auth.
Ben West
@bewest
Feb 19 2015 01:47
in short term, second app could be developed quickly
and we can tell people, just keep your NS private
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:47
uploader would need to work with it
XiTatiON
@xitation
Feb 19 2015 01:47
Well TBH the proxy tier can be apache, squid or ngix
Ben West
@bewest
Feb 19 2015 01:47
it could support http-bearer still
hmm
XiTatiON
@xitation
Feb 19 2015 01:47
which is why the upladed needs to know how to preauth.
Ben West
@bewest
Feb 19 2015 01:47
yeah, medium term we would have to coordinate a bit
but that might be fast path to getting it done
XiTatiON
@xitation
Feb 19 2015 01:48
the app tier can be the node.js
and the db tier can be mongo
Ben West
@bewest
Feb 19 2015 01:48
like over medium term, we could add authed hook to exchange how to do uploader auth
kevin and I were talking about ways to reduce config that way anyway
XiTatiON
@xitation
Feb 19 2015 01:48
Just a though anyways.
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:48
uploader already expects https://secret@site/ap/v1 uri config, could extend that with https://name:pass@site/ap/v1
XiTatiON
@xitation
Feb 19 2015 01:48
It minimises your security risk too
Ben West
@bewest
Feb 19 2015 01:49
and then finally just add a relatively simple mode to NS that acts as private only
XiTatiON
@xitation
Feb 19 2015 01:49
incase lets say you have some nasty bug in your node.js app.
Ben West
@bewest
Feb 19 2015 01:49
and it's assumed you have one of these other apps running alongside
XiTatiON
@xitation
Feb 19 2015 01:49
it's less of a risk, as without auth you can't hit it to poke around.
Ben West
@bewest
Feb 19 2015 01:49
putting all auth in standalone application sounds nice
easier to test against
easier to maintain
does not rely on app dev to be perfect, etc
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:50
how would it work for azure/heroku
XiTatiON
@xitation
Feb 19 2015 01:50
that's what we do in Telco land :)
indeed
we don't trust vendors
Ben West
@bewest
Feb 19 2015 01:50
it's a phased approach
so eventually, at the end of this
XiTatiON
@xitation
Feb 19 2015 01:50
well... in azure i guess there is no proxy tier.
Ben West
@bewest
Feb 19 2015 01:50
there are two apps
NS, which you configure to be in "private mode"
XiTatiON
@xitation
Feb 19 2015 01:50
so you apply the auth to the app tier.
but in a similar way.
Ben West
@bewest
Feb 19 2015 01:50
and only accepts http-bearer from the env var
XiTatiON
@xitation
Feb 19 2015 01:51
e.g you can't hit site without user:password@site.url/bla
Ben West
@bewest
Feb 19 2015 01:51
if you visit it in private mode, it just shuts you out
there's no UI for auth
you run a second app
this second app has UI for logging in, etc
XiTatiON
@xitation
Feb 19 2015 01:51
Yeh I guess ideally you want a nice landy auth page right
with password re-set features
Ben West
@bewest
Feb 19 2015 01:51
you deploy/config same way as NS, but the only detail you need is the target URI ofyour protect NS and the api secret
so NS right now is just raw UI/api stuff
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:52
an extra point of failure
Ben West
@bewest
Feb 19 2015 01:52
it can continue to expose everything
continue to develop, just put everything in there
XiTatiON
@xitation
Feb 19 2015 01:52
Hmm, i'll be back in 15 need to eat lunch
Ben West
@bewest
Feb 19 2015 01:52
then the auth logic actually sits in this app to control who gets access to what
XiTatiON
@xitation
Feb 19 2015 01:53
That would be best way to do it I think
allows for flexible deployment
Ben West
@bewest
Feb 19 2015 01:53
I like it
XiTatiON
@xitation
Feb 19 2015 01:53
mean the proxy tier is dumb
Ben West
@bewest
Feb 19 2015 01:53
lot easier than introducing auth all over NS code
XiTatiON
@xitation
Feb 19 2015 01:53
it just passes auth to app teir.
Ben West
@bewest
Feb 19 2015 01:53
simple new app does one thing
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:53
for my needs, I just want to protect put/post
XiTatiON
@xitation
Feb 19 2015 01:54
could almost build it out as CGM as a service :)
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:54
for care portal, upload, etc
Ben West
@bewest
Feb 19 2015 01:54
yeah, so you would use classic NS
you don't need the new thing
XiTatiON
@xitation
Feb 19 2015 01:54
I don't think so.
current NS could be modified to support this?
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:54
need to add the same auth to the treatment put/post and entries
Ben West
@bewest
Feb 19 2015 01:54
yeah, current NS could supprt this I think
Nightscout should have three modes of operation (wrt security/auth):
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:55
need to set the secret hash in the browser
Ben West
@bewest
Feb 19 2015 01:55
1.) public SSL, read-only
XiTatiON
@xitation
Feb 19 2015 01:55
Some on of the things that worries me about leaving it all hanging out in the open is what if an "insurance" company finds a way to get access to your data, and then uses it to somehow say you are not looking after yourself or something along those lines.
Ben West
@bewest
Feb 19 2015 01:55
2.) SSL, public, POST and PUT/DELETE modifiers protected by http-bearer
3.) SSL blacklist everything, protected by http-bearer
XiTatiON
@xitation
Feb 19 2015 01:56
the public / readonly thing should be optional too.
e.g. if you want it all locked up, no one but you should be able to get into it.
Ben West
@bewest
Feb 19 2015 01:56
@xitation that may be a risk, but pales in comparison to not having this thing at all
XiTatiON
@xitation
Feb 19 2015 01:56
Indeed :0
Ben West
@bewest
Feb 19 2015 01:56
my insurance company can't figure out I'm type 1 yet
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:56
and lets us keep the defaults the same
XiTatiON
@xitation
Feb 19 2015 01:56
baby steps.
Ben West
@bewest
Feb 19 2015 01:56
yeah, defaults same
and do it in three stages
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:58
I like that
for care portal we currently allow un-auth'd posts
for puts I'd really want auth
Ben West
@bewest
Feb 19 2015 01:59
ah, so you do need a.) the UI to sign in
well, you need that
Jason Calabrese
@jasoncalabrese
Feb 19 2015 01:59
I get notifications for puts, so if someone is screwing around I'd see it
but want to be extra careful with updates
Ben West
@bewest
Feb 19 2015 02:00
but point is, that can be in a simpler app, eg for the school nurse that then auths to NS
Jason Calabrese
@jasoncalabrese
Feb 19 2015 02:00
for them I think I need to include the key in the url
like gdocs
even that would be hard to get them to switch to
Ben West
@bewest
Feb 19 2015 02:01
right, so we can make an app just to generate secret urls
that way they can't guess your real url
they can't just chop off the end and get there
XiTatiON
@xitation
Feb 19 2015 02:01
So what if... we turned this into a service.
where we host it, and make it a pay by donation thing.
Ben West
@bewest
Feb 19 2015 02:01
need FDA approval to host a service :-)
XiTatiON
@xitation
Feb 19 2015 02:01
where people can just sign up
Ben West
@bewest
Feb 19 2015 02:01
we did DIY set up for reason
XiTatiON
@xitation
Feb 19 2015 02:01
right.
host it in russia :)
Ben West
@bewest
Feb 19 2015 02:01
I've been working with FDA, so that might be possible shortly
I would have to live in russia too
XiTatiON
@xitation
Feb 19 2015 02:02
hehe yeh there is that.
there must be some way around that though.
Ben West
@bewest
Feb 19 2015 02:02
we've been posting code to internet as an act of free speech
that's our way around it :-)
XiTatiON
@xitation
Feb 19 2015 02:02
Yeh fair enough
Jason Calabrese
@jasoncalabrese
Feb 19 2015 02:03
will be interesting to see what the demand is like after that receiver with share is out
Ben West
@bewest
Feb 19 2015 02:03
lot of things we can automate, specially if there's a healthy suite of tools
XiTatiON
@xitation
Feb 19 2015 02:03
Hopefully it's easy enough to have the share device work with NS.
Jason Calabrese
@jasoncalabrese
Feb 19 2015 02:03
for a lot of people it will be almost good enough, and really easy
XiTatiON
@xitation
Feb 19 2015 02:03
or DexDrip
or whatever.
Ben West
@bewest
Feb 19 2015 02:03
this is all open source, too, that's part of it :-)
Jason Calabrese
@jasoncalabrese
Feb 19 2015 02:03
for us, yes
Ben West
@bewest
Feb 19 2015 02:03
so hosted services often become bloated, hard for people to set up and review and run for themselves
Jason Calabrese
@jasoncalabrese
Feb 19 2015 02:03
but not for the other 11k
Ben West
@bewest
Feb 19 2015 02:04
and then as the liability concentrates, you have to change what/how you are doing
XiTatiON
@xitation
Feb 19 2015 02:04
Yeh true
I see you have considered this already :)
Jason Calabrese
@jasoncalabrese
Feb 19 2015 02:04
and it becomes like real work
Ben West
@bewest
Feb 19 2015 02:05
I've seen it work and seen it not work
XiTatiON
@xitation
Feb 19 2015 02:05
Sure but why not. Subscription based DB management service... I'd pay for it.
making it into a thing would be heaps of work though
Ben West
@bewest
Feb 19 2015 02:05
yup
you need accounting, multi-tenant architecture, etc
all that stuff slows down any org
XiTatiON
@xitation
Feb 19 2015 02:06
Yeh
well, look at Etsy though.
and fb
Ben West
@bewest
Feb 19 2015 02:06
single tenant, DIY does set a high bar... kind of a high pass filter
XiTatiON
@xitation
Feb 19 2015 02:06
running at scale these days is easier than ever
Ben West
@bewest
Feb 19 2015 02:06
they aren't regulated as medical devices
XiTatiON
@xitation
Feb 19 2015 02:06
yeh i know :)
Ben West
@bewest
Feb 19 2015 02:07
the FDA just changed bunch of rules
XiTatiON
@xitation
Feb 19 2015 02:07
just saying the ability to host multi tenancy web apps these days on public clouds has been solved.
Puppet and what not make it pretty easy
Anyways, might spin up a new VM and give a Node.js install a go
Kevin Lee
@ktind
Feb 19 2015 02:56
As long as you keep to standard auth mechanisms, the uploader shouldn't be a problem.
XiTatiON
@xitation
Feb 19 2015 02:56
yeh
2 extra fields a user would need to enter as part of setup
not that hard.
Kevin Lee
@ktind
Feb 19 2015 02:57
And I always recommend SSL for mqtt. I believe it is even set as the template default right now
XiTatiON
@xitation
Feb 19 2015 02:57
yeh the auto build on azure uses https
might throw nessus at the site in a bit see what falls out.
Kevin Lee
@ktind
Feb 19 2015 02:58
Even nonstandard methods can be used but standards are best. Battle tested, robust, ubiquitous, etc...