Allow api3 behind reverse proxy (nightscout#5631)

* Allow api3 behind reverse proxy

* fix test

Co-authored-by: Sulka Haro <sulka@sulka.net>

lib/api3/security.js

@@ -56,10 +56,10 @@ function authenticate (opCtx) {
       return resolve({ shiros: [ adminShiro ] });
     }
 
-    if (req.protocol !== 'https') {
-      return reject(
-        opTools.sendJSONStatus(res, apiConst.HTTP.FORBIDDEN, apiConst.MSG.HTTP_403_NOT_USING_HTTPS));
-    }
+//    if (req.protocol !== 'https') {
+//      return reject(
+//        opTools.sendJSONStatus(res, apiConst.HTTP.FORBIDDEN, apiConst.MSG.HTTP_403_NOT_USING_HTTPS));
+//    }
 
     const checkDateResult = checkDateHeader(opCtx);
     if (checkDateResult !== true) {
@@ -123,4 +123,4 @@ module.exports = {
   authenticate,
   checkPermission,
   demandPermission
-};
+};

tests/api3.security.test.js

@@ -33,16 +33,16 @@ describe('Security of REST API3', function() {
   });
 
 
-  it('should require HTTPS', async () => {
-    if (semver.gte(process.version, '10.0.0')) {
-      let res = await request(self.http.baseUrl)  // hangs on 8.x.x (no reason why)
-        .get('/api/v3/test')
-        .expect(403);
-
-      res.body.status.should.equal(403);
-      res.body.message.should.equal(apiConst.MSG.HTTP_403_NOT_USING_HTTPS);
-    }
-  });
+//  it('should require HTTPS', async () => {
+//    if (semver.gte(process.version, '10.0.0')) {
+//      let res = await request(self.http.baseUrl)  // hangs on 8.x.x (no reason why)
+//        .get('/api/v3/test')
+//        .expect(403);
+//
+//      res.body.status.should.equal(403);
+//      res.body.message.should.equal(apiConst.MSG.HTTP_403_NOT_USING_HTTPS);
+//    }
+//  });
 
 
   it('should require Date header', async () => {
@@ -186,4 +186,4 @@ describe('Security of REST API3', function() {
       .expect(200);
   });
 
-});
+});