nightscout-librelink-up
nightscout-librelink-up copied to clipboard
timoschlueter
Better documentation for NIGHTSCOUT_API_TOKEN
I just finished setting up my first Nightscout server and then adding on nightscout-librelink-up. Thanks for creating it!
I did run into some confusion while getting nightscout-librelink-up connected and I think some documentation tweaks could make things easier for other brand-new users.
The documentation about setting up the NIGHTSCOUT_API_TOKEN is confusing. In the main “Configuration” table, it mentions that the environment variable should be set to the SHA1 hash of “Nightscout access token”. But the variable is named “API token” and had me thinking in terms of the main API_SECRET for Nightscout.
Under “Variant 1: On Heroku”, there’s a note “Important: make sure that your Nightscout API token is hashed with SHA1”. Nothing more detailed than that.
Under “Variant 2: Local”, there’s a bash script that includes a command that can hash your token, including a helpful note about the right command to use on Macs.
For the last two variants, the Docker environment variables show an un-hashed example of the access token.
I was left wondering if I should be using the API_SECRET from Nightscout or if I should create an access token. And, if so, what should the role(s) should the access token have? And did I need to SHA1 hash it, or not?
I found a good description of creating a new access token in https://github.com/timoschlueter/nightscout-librelink-up/issues/64#issuecomment-1252018083. But it only showed using the ‘admin’ role and I’d prefer not to create too many tokens with that much access. After looking around your code and doing some web searches about Nightscout, I figured out that I could create a new role, with more limited permissions.
In Nighthawk, I created a Role called cgm-upload and gave it the permissions “api:entries:create api:entries:read”. I then created a new Subject and used my new role. Finally, I did a SHA1 hash of the resulting access token and plugged that into my Docker compose file. It appears to work fine and give the uploader everything that it needs.
