Add rpc whitelist

examples/testnet4.sh

@@ -5,6 +5,8 @@ docker run -d \
   -e CHAIN=testnet4 \
   -e RPC_USER=default \
   -e RPC_PASSWORD=default \
+  -e ADMIN_RPC_USER=admin \
+  -e ADMIN_RPC_PASSWORD=admin \
   -e WALLET_NAME=default \
   -e WALLET_ADDRESS=tb1qfm8a8pxer0kmfa4xlk34e44xpr8g46ae0v04dw \
-  bitcoin-core-docker /opt/wallet.sh
+  bitcoin-core-docker /opt/wallet.sh

wallet.sh

@@ -3,11 +3,32 @@
 # set default config
 # this makes running bitcoin-cli interactively much easier
 
+generate_rpcauth_entry() {
+  local user="$1"
+  local password="$2"
+
+  if [[ -z "$user" || -z "$password" ]]; then
+      echo "Usage: generate_rpcauth_entry <user> <password>"
+      return 1
+  fi
+
+  local salt
+  local hashed_password
+  salt=$(head -c 16 /dev/urandom | xxd -ps | tr -d '\n')
+  hashed_password=$(echo -n "${password}${salt}" | sha256sum | awk '{print $1}')
+
+  echo "rpcauth=${user}:${salt}$${hashed_password}"
+}
+
 echo "
 chain=${CHAIN}
-rpcuser=${RPC_USER}
-rpcpassword=${RPC_PASSWORD}
+rpcuser=${ADMIN_RPC_USER}
+rpcpassword=${ADMIN_RPC_PASSWORD}
 rpcallowip=0.0.0.0/0
+$(generate_rpcauth_entry $ADMIN_RPC_USER $ADMIN_RPC_PASSWORD)
+$(generate_rpcauth_entry $RPC_USER $RPC_PASSWORD)
+rpcwhitelist=${RPC_USER}:getnetworkinfo,getbalance,sendrawtransaction,listunspent,listunspentminmaxaddresses,estimatesmartfee,gettransaction,getrawtransaction,getrawtransactionverbose,getblockcount,getblockhash,getblockverbose,getblockverbosetx,getblockheader
+rpcwhitelist=0
 
 [${CHAIN}]
 rpcbind=0.0.0.0