Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Toggle option to Disable Fetching of Nightscout Carbs in Trio #198

Closed
Sjoerd-Bo3 opened this issue May 16, 2024 · 2 comments · Fixed by #221
Closed

Toggle option to Disable Fetching of Nightscout Carbs in Trio #198

Sjoerd-Bo3 opened this issue May 16, 2024 · 2 comments · Fixed by #221
Assignees
@dsnallfot
Labels
enhancement New feature or request

Comments

@Sjoerd-Bo3
Copy link
Contributor

Is your feature request related to a problem? Please describe.
Currently, even if remote commands are disabled in Trio, carbs saved to Nightscout by anyone with Careportal access are still pulled into Trio and used in dosing decisions. This creates a security vulnerability, as it is not possible to fully disable remote control over carb data input. This issue was highlighted by Dylan Sutton, who noted that simply disabling remote commands does not prevent carb data from being fetched and used, making the system potentially unsafe.

Describe the solution you'd like
Introduce a toggle option in Trio settings to enable or disable the fetching of carb data from Nightscout. This setting should default to not allow fetching treatments to ensure better security. This would involve adding a basic toggle and the necessary logic to respect this setting, ensuring that when disabled, Trio does not fetch carb data from Nightscout.

Describe alternatives you've considered

  • Disabling the Careportal in Nightscout as a security measure. However, this does not fully solve the problem as treatments can still be added through the API.
  • Commenting out the Nightscout fetch code entirely in a custom build, but this approach is not user-friendly and lacks flexibility.

Additional context
This issue was discussed in detail, and it was noted that the most dangerous remote command is the announcement for bolusing, which can be disabled with the remote control toggle. However, to completely block unwanted entries and ensure higher security, a specific setting to disable fetching treatments from Nightscout is necessary. Daniel provided a temporary solution by commenting out the fetch code, and Sjoerd offered to implement the toggle feature, seeking guidance from Daniel's commit.

Note: This request aligns with the need to enhance the security of Trio by giving users more control over the data inputs used in dosing decisions, ultimately making the system safer and more reliable.
@Sjoerd-Bo3 Sjoerd-Bo3 added the enhancement New feature or request label May 16, 2024
@Sjoerd-Bo3 Sjoerd-Bo3 self-assigned this May 16, 2024
@Sjoerd-Bo3
Copy link
Contributor Author

Comment from Daniel:
I added an "allow NS download toggle" to my personal iAPS build a couple of weeks ago. Just made a commit to a fresh Trio dev testing branch with the same changes. Feel free to use and improve this as you like (Super simple code implementation, but it works)
dsnallfot@b8d9a31

@dsnallfot
Copy link
Contributor

I will make a PR based on the commit posted

@Sjoerd-Bo3 Sjoerd-Bo3 assigned dsnallfot and unassigned Sjoerd-Bo3 May 20, 2024
@dsnallfot dsnallfot mentioned this issue May 20, 2024
Merged
@bjornoleh bjornoleh linked a pull request May 22, 2024 that will close this issue
Add toggle to allow downloads from Nightscout (And improve NS Config UI) #221
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dsnallfot dsnallfot

Labels
enhancement New feature or request
Projects
Trio
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add toggle to allow downloads from Nightscout (And improve NS Config UI) dsnallfot/Trio
2 participants
@Sjoerd-Bo3 @dsnallfot