Add rpc whitelist

zeta-chain · Dec 3, 2024 · ae7bd7d · ae7bd7d
1 parent e31315e
commit ae7bd7d
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 FROM debian:bullseye-slim
 
 RUN apt-get update -y \
-  && apt-get install -y curl procps procps jq \
+  && apt-get install -y curl procps procps jq xxd \
   && apt-get clean \
   && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
@@ -24,4 +24,4 @@ RUN bitcoind -version | grep "Bitcoin Core version v${BITCOIN_VERSION}"
 
 COPY wallet.sh wallet-health.sh /opt/
 
-CMD ["bitcoind"]
+CMD ["bitcoind"]
diff --git a/examples/testnet4.sh b/examples/testnet4.sh
@@ -5,6 +5,8 @@ docker run -d \
   -e CHAIN=testnet4 \
   -e RPC_USER=default \
   -e RPC_PASSWORD=default \
+  -e ADMIN_RPC_USER=admin \
+  -e ADMIN_RPC_PASSWORD=admin \
   -e WALLET_NAME=default \
   -e WALLET_ADDRESS=tb1qfm8a8pxer0kmfa4xlk34e44xpr8g46ae0v04dw \
-  bitcoin-core-docker /opt/wallet.sh
+  bitcoin-core-docker /opt/wallet.sh
diff --git a/wallet.sh b/wallet.sh
@@ -1,13 +1,36 @@
 #!/bin/bash
 
+generate_rpcauth_entry() {
+  local user="$1"
+  local password="$2"
+
+  if [[ -z "$user" || -z "$password" ]]; then
+      echo "Usage: generate_rpcauth_entry <user> <password>"
+      return 1
+  fi
+
+  local salt
+  local hashed_password
+  salt=$(head -c 16 /dev/urandom | xxd -ps | tr -d '\n')
+  hashed_password=$(echo -n "${password}${salt}" | sha256sum | awk '{print $1}')
+
+  echo "rpcauth=${user}:${salt}\$${hashed_password}"
+}
+
 # set default config
 # this makes running bitcoin-cli interactively much easier
+# the admin user is the default user when running commands locally
+# the rpc user is for remote usage
 
 echo "
 chain=${CHAIN}
-rpcuser=${RPC_USER}
-rpcpassword=${RPC_PASSWORD}
+rpcuser=${ADMIN_RPC_USER}
+rpcpassword=${ADMIN_RPC_PASSWORD}
 rpcallowip=0.0.0.0/0
+$(generate_rpcauth_entry $ADMIN_RPC_USER $ADMIN_RPC_PASSWORD)
+$(generate_rpcauth_entry $RPC_USER $RPC_PASSWORD)
+rpcwhitelist=${RPC_USER}:getnetworkinfo,getbalance,sendrawtransaction,listunspent,listunspentminmaxaddresses,estimatesmartfee,gettransaction,getrawtransaction,getrawtransactionverbose,getblockcount,getblockhash,getblockverbose,getblockverbosetx,getblockheader
+rpcwhitelistdefault=0
 
 [${CHAIN}]
 rpcbind=0.0.0.0