feature: API Secret Auth

This may solve a problem where you're force to use API-SECRET authentication. Or it should at least allow the API to use it :)

src/electron-app/components/nightscout-api.ts

@@ -5,11 +5,19 @@ import { API_PATH, Unit, MGDL_TO_MMOLL } from "../../shared/constants";
 
 export default class NightscoutAPI {
   private url: URL;
+  private apiSecret?: string;
   constructor(
     _url: string,
     private unit: Unit,
   ) {
     this.url = new URL(_url);
+    // If url has a username, we're using api-secret auth
+    if (this.url.username) {
+      const decoded = decodeURIComponent(this.url.username);
+      const authSecret = require("crypto").createHash("sha1").update(decoded).digest("hex");
+      this.apiSecret = authSecret
+      this.url.username = "";
+    }
     this.url.pathname = API_PATH;
   }
 
@@ -20,6 +28,8 @@ export default class NightscoutAPI {
         httpsAgent: new https.Agent({
           rejectUnauthorized: false,
         }),
+        // If we have an api secret, use it as a header
+        headers: this.apiSecret ? { 'api-secret': this.apiSecret } : {},
       });
     } catch (error) {
       console.error("Error fetching current glucose", error);

src/web-app/App.tsx

@@ -76,7 +76,14 @@ const App = () => {
             ></Splash>
           );
         } else {
-          window.location.href = settings.nsUrl;
+          // Remove username (api secret) from URL before redirecting
+          let href = settings.nsUrl;
+          if (href.includes("@")) {
+            const url = new URL(href);
+            url.username = "";
+            href = url.toString();
+          }
+          window.location.href = href;
           return <p>Getting Nightscout ...</p>;
         }
       }}