Release 0.12.3

This is a bug fix / improvement point release of Nightscout Jellybean

**New features**

* Adds option to colorize the OpenAPS prediction lines, along with a new mechanism for plugins to expose their extended settings to the client UI, so this setting can be switched on and off in the client
* CarePortal now validates Temporary Target values and prevents saving entries with broken data

**Changes**

* Lowers the Node version requirement to allow Azure deploys. Azure deploys are still likely to fail on free Azure tiers due to running out of hosting resources to run the site. Microsoft is looking into this and hoping to provide us a solution to hosting Nightscout in Azure, but for now if you want to upgrade to this release, you will need to use a paid Azure tier or an alternate hosting solution like Heroku (instructions on how to migrate to Heroku are to be found at nightscout.info)
* Updated documentation regarding Azure and above mentioned configuration
* **OpenAPS 0.6 users** OpenAPS 0.6 has issues with date comparison that cause the Nightscout treatment synchronization to fail for users in time zones with the relative time earlier to UTC (UTC minus something). This release adds a workaround to the system that converts dates back to the originating form in the REST API, causing the OpenAPS date comparison logic to work as expected. You can enable this workaround by setting  DE_NORMALIZE_DATES=true in Heroku / Azure.* Fixes the button positioning the toolbar
* The clock view close X button is now controlled by a parameter in the URL. If you want to bookmark a clock view without the X, open the clock view from Nightscout navigation and remove the `showClockClosebutton=true` parameter from the page address before adding the bookmark
* Latest Stop Sensor event from last 32 days is now loaded to fix some plugin issues for users who have a sensor that was started and stopped recently but more than 2 days ago

**Developers**

* Allow Node 12 in the node version checks
* Swagger REST API documentation how works over /api-docs and developer docs in CONTRIBUTING.md have been updated

CONTRIBUTING.md

@@ -20,7 +20,6 @@
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
-
 # Contributing to cgm-remote-monitor
 
 [![Build Status][build-img]][build-url]
@@ -42,11 +41,17 @@
 [waffle]: https://waffle.io/nightscout/cgm-remote-monitor
 [progress-img]: https://badge.waffle.io/nightscout/cgm-remote-monitor.svg?label=in+progress&title=In+Progress
 
-## Design & new features
+## Installation for development
 
-If you intend to add a new feature, please allow the community to participate in the design process by creating an issue to discuss your design. For new features, the issue should describe what use cases the new feature intends to solve, or which existing use cases are being improved.
+Nightscout is a Node.js application. The basic installation of the software for local purposes is:
 
-Note Nighscout has a plugin architecture for adding new features. We expect most code for new features live inside a Plugin, so the code retains a clear separation of concerns. If the Plugin API doesn't implement all features you need to implement your feature, please discuss with us on adding those features to the API. Note new features should under almost no circumstances require changes to the existing plugins.
+1. Clone the software to your local machine using git
+2. Install Node from https://nodejs.org/en/download/
+2. Use `npm` to install Nightscout dependencies by invokin `npm install` in the project directory. Note the
+   dependency installation has to be done usign a non-root user - _do not use root_ for development and hosting
+   the software!
+3. Get a Mongo database by either installing Mongo locally, or get a free cloud account from mLab or Mongodb Atlas.
+4. Configure nightscout by copying `my.env.template` to `my.env` and run it - see the next chapter in the instructions
 
 ## Develop on `dev`
 
@@ -56,8 +61,27 @@ You can get the dev branch checked out using `git checkout dev`.
 
 Once checked out, install the dependencies using `npm install`, then copy the included `my.env.template`file to `my.env` and edit the file to include your settings (like the Mongo URL). Leave the `NODE_ENV=development` line intact. Once set, run the site using `npm run dev`. This will start Nigthscout in the development mode, with different code packaging rules and automatic restarting of the server using nodemon, when you save changed files on disk. The client also hot-reloads new code in, but it's recommended to reload the the website after changes due to the way the plugin sandbox works.
 
+Note the template sets `INSECURE_USE_HTTP` to `true` to enable the site to work over HTTP in local development.
+
 If you want to additionaly test the site in production mode, create a file called `my.prod.env` that's a copy of the dev file but with `NODE_ENV=production` and start the site using `npm run prod`.
 
+## REST API
+
+Nightscout implements a REST API for data syncronization. The API is documented using Swagger. To access the documentation
+for the API, run Nightscout locally and load the documentation from /api-docs (or read the associated swagger.json and swagger.yaml
+files locally).
+
+Note all dates used to access the API and dates stored in the objects are expected to comply with the ISO-8601 format and
+be deserializable by the Javascript Date class. Of note here is the dates can contain a plus sign which has a special meaning in
+URL encoding, so when issuing requests that place dates to the URL, take special care to ensure the data is properly URL
+encoded.
+
+## Design & new features
+
+If you intend to add a new feature, please allow the community to participate in the design process by creating an issue to discuss your design. For new features, the issue should describe what use cases the new feature intends to solve, or which existing use cases are being improved.
+
+Note Nighscout has a plugin architecture for adding new features. We expect most code for new features live inside a Plugin, so the code retains a clear separation of concerns. If the Plugin API doesn't implement all features you need to implement your feature, please discuss with us on adding those features to the API. Note new features should under almost no circumstances require changes to the existing plugins.
+
 ## Style Guide
 
 Some simple rules that will make it easier to maintain our codebase:

README.md

@@ -137,7 +137,7 @@ If you plan to use Nightscout, we recommend using [Heroku](http://www.nightscout
 
 ## Windows installation software requirements:
 
-- [Node.js](http://nodejs.org/) Latest Node 8 LTS (Node 8.15.1 or later) or Node 10 LTS (Node 10.15.2 or later; Node 10.14.1 works for Azure). Node versions that do not have the latest security patches will not work. Use [Install instructions for Node](https://nodejs.org/en/download/package-manager/) or use `setup.sh`)
+- [Node.js](http://nodejs.org/) Latest Node 8 LTS (Node 8.15.1 or later) or Node 10 LTS (Node 10.16.0 or later; Node 10.15.2 works for Azure). Node versions that do not have the latest security patches will not work. Use [Install instructions for Node](https://nodejs.org/en/download/package-manager/) or use `setup.sh`)
 - [MongoDB](https://www.mongodb.com/download-center?jmp=nav#community) 3.x or later. MongoDB 2.4 is only supported for Raspberry Pi.
 
 As a non-root user clone this repo then install dependencies into the root of the project:
@@ -148,17 +148,16 @@ $ npm install
 
 ## Installation notes for users with nginx or Apache reverse proxy for SSL/TLS offloading:
 
-- Set `INSECURE_USE_HTTP` to `false`, to be able to use non secure HTTP connections to Nightscout server
-- Your site redirects insecure connections to `https` by default. If you don't want that and use a Nginx or Apache proxy, set `INSECURE_USE_HTTP` to `true`. This will allow (unsafe) http traffic.
+- Your site redirects insecure connections to `https` by default. If you use a reverse proxy like nginx or Apache to handle the connection security for you, make sure it sets the `X-Forwarded-Proto` header. Otherwise nightscout will be unable to know if it was called through a secure connection and will try to redirect you to the https version. If you're unable to set this Header, you can change the `INSECURE_USE_HTTP` setting in nightscout to true in order to allow insecure connections without being redirected.
 - In case you use a proxy. Do not use an external network interfaces for hosting Nightscout. Make sure the unsecure port is not available from a remote network connection
 - HTTP Strict Transport Security (HSTS) headers are enabled by default, use settings `SECURE_HSTS_HEADER` and `SECURE_HSTS_HEADER_*`
 - See [Predefined values for your server settings](#predefined-values-for-your-server-settings-optional) for more details
 
 ## Installation notes for Microsoft Azure, Windows: 
 
-- If deploying the software to Microsoft Azure, you must set ** in the app settings for *WEBSITE_NODE_DEFAULT_VERSION* and *SCM_COMMAND_IDLE_TIMEOUT* **before** you deploy the latest Nightscout or the site deployment will likely fail. Other hosting environments do not require this setting. Please use:
+- If deploying the software to Microsoft Azure, you must set ** in the app settings for *WEBSITE_NODE_DEFAULT_VERSION* and *SCM_COMMAND_IDLE_TIMEOUT* **before** you deploy the latest Nightscout or the site deployment will likely fail. Other hosting environments do not require this setting. Additionally, if using the Azure free hosting tier, the installation might fail due to resource constraints imposed by Azure on the free hosting. Please set the following settings to the environment in Azure:
 ```
-WEBSITE_NODE_DEFAULT_VERSION=10.14.1
+WEBSITE_NODE_DEFAULT_VERSION=10.15.2
 SCM_COMMAND_IDLE_TIMEOUT=300
 ```
 - See [install MongoDB, Node.js, and Nightscouton a single Windows system](https://github.com/jaylagorio/Nightscout-on-Windows-Server). if you want to host your Nightscout outside of the cloud. Although the instructions are intended for Windows Server the procedure is compatible with client versions of Windows such as Windows 7 and Windows 10.
@@ -192,7 +191,6 @@ mongo string.  You can copy and paste the text in the gray box into your
 
 Use the [autoconfigure tool][autoconfigure] to sync an uploader to your config.
 
-
 ## Nightscout API
 
 The Nightscout API enables direct access to your DData without the need for direct Mongo access.
@@ -202,6 +200,8 @@ The server status and settings are available from `/api/v1/status.json`.
 By default the `/entries` and `/treatments` APIs limit results to the the most recent 10 values from the last 2 days.
 You can get many more results, by using the `count`, `date`, `dateString`, and `created_at` parameters, depending on the type of data you're looking for.
 
+Once you've installed Nightscout, you can access API documentation by loading `/api-docs` URL in your instance.
+
 #### Example Queries
 
 (replace `http://localhost:1337` with your base url, YOUR-SITE)
@@ -215,7 +215,6 @@ You can get many more results, by using the `count`, `date`, `dateString`, and `
 The API is Swagger enabled, so you can generate client code to make working with the API easy.
 To learn more about the Nightscout API, visit https://YOUR-SITE.com/api-docs.html or review [swagger.yaml](swagger.yaml).
 
-
 ## Environment
 
 `VARIABLE` (default) - description
@@ -237,7 +236,6 @@ To learn more about the Nightscout API, visit https://YOUR-SITE.com/api-docs.htm
   * `IMPORT_CONFIG` - Used to import settings and extended settings from a url such as a gist.  Structure of file should be something like: `{"settings": {"theme": "colors"}, "extendedSettings": {"upbat": {"enableAlerts": true}}}`
   * `TREATMENTS_AUTH` (`on`) - possible values `on` or `off`. Deprecated, if set to `off` the `careportal` role will be added to `AUTH_DEFAULT_ROLES`
 
-
 ### Alarms
 
   These alarm setting effect all delivery methods (browser, pushover, maker, etc), some settings can be overridden per client (web browser)
@@ -274,6 +272,7 @@ To learn more about the Nightscout API, visit https://YOUR-SITE.com/api-docs.htm
   * `SSL_CA` - Path to your ssl ca file, so that ssl(https) can be enabled directly in node.js. If using Let's Encrypt, make this variable the path to chain.pem file (chain).
   * `HEARTBEAT` (`60`)  - Number of seconds to wait in between database checks
   * `DEBUG_MINIFY` (`true`)  - Debug option, setting to `false` will disable bundle minification to help tracking down error and speed up development
+  * `DE_NORMALIZE_DATES`(`true`) - The Nightscout REST API normalizes all entered dates to UTC zone. Some Nightscout clients have broken date deserialization logic and expect to received back dates in zoned formats. Setting this variable to `true` causes the REST API to serialize dates sent to Nightscout in zoned format back to zoned format when served to clients over REST.
 
 
 ### Predefined values for your browser settings (optional)
@@ -304,12 +303,13 @@ To learn more about the Nightscout API, visit https://YOUR-SITE.com/api-docs.htm
   * `SECURE_CSP` (`false`) - Add Content Security Policy headers. Possible values `false`, or `true`.
   * `SECURE_CSP_REPORT_ONLY` (`false`) - If set to `true` allows to experiment with policies by monitoring (but not enforcing) their effects. Possible values `false`, or `true`.
 
-  ### Views
+### Views
 
-  There are a few alternate web views available that display a simplified BG stream. Append any of these to your Nightscout URL:
-  * `/clock.html` - Shows current BG. Grey text on a black background.
-  * `/bgclock.html` - Shows current BG, trend arrow, and time of day. Grey text on a black background.
-  * `/clock-color.html` - Shows current BG and trend arrow. White text on a background that changes color to indicate current BG threshold (green = in range; blue = below range; yellow = above range; red = urgent below/above).
+  There are a few alternate web views available from the main menu that display a simplified BG stream. (If you launch one of these in a fullscreen view in iOS, you can use a left-to-right swipe gesture to exit the view.)
+  * `Clock` - Shows current BG, trend arrow, and time of day. Grey text on a black background.
+  * `Color` - Shows current BG and trend arrow. White text on a background that changes color to indicate current BG threshold (green = in range; blue = below range; yellow = above range; red = urgent below/above).
+  * `Simple` - Shows current BG. Grey text on a black background.
+  * Optional configuration: set `SHOW_CLOCK_CLOSEBUTTON` to `false` to never show the small X button in clock views. For bookmarking a clock view without the close box but have it appear when navigating to a clock from the Nightscout menu, don't change the settng, but remove the `showClockClosebutton=true` parameter from the clock view URL.
 
 ### Plugins
 
@@ -479,6 +479,13 @@ To learn more about the Nightscout API, visit https://YOUR-SITE.com/api-docs.htm
   * `OPENAPS_URGENT` (`60`) - The number of minutes since the last loop that needs to be exceed before an urgent alarm is triggered
   * `OPENAPS_FIELDS` (`status-symbol status-label iob meal-assist rssi`) - The fields to display by default.  Any of the following fields: `status-symbol`, `status-label`, `iob`, `meal-assist`, `freq`, and `rssi`
   * `OPENAPS_RETRO_FIELDS` (`status-symbol status-label iob meal-assist rssi`) - The fields to display in retro mode. Any of the above fields.
+  * `OPENAPS_PRED_IOB_COLOR` (`#1e88e5`) - The color to use for IOB prediction lines. Colors can be in either `#RRGGBB` or `#RRGGBBAA` format.
+  * `OPENAPS_PRED_COB_COLOR` (`#FB8C00FF`) - The color to use for COB prediction lines. Same format as above.
+  * `OPENAPS_PRED_ACOB_COLOR` (`#FB8C0080`) - The color to use for ACOB prediction lines. Same format as above.
+  * `OPENAPS_PRED_ZT_COLOR` (`#00d2d2`) - The color to use for ZT prediction lines. Same format as above.
+  * `OPENAPS_PRED_UAM_COLOR` (`#c9bd60`) - The color to use for UAM prediction lines. Same format as above.
+  * `OPENAPS_COLOR_PREDICTION_LINES` (`true`) - Enables / disables the colored lines vs the classic purple color.
+
 
  Also see [Pushover](#pushover) and [IFTTT Maker](#ifttt-maker).