Add admin password check (#847)

Fixes #846
2025-11-04 11:55:51 +00:00 · 2023-10-03 17:22:37 +01:00
parent e2cc56d25a
commit 0818b6ce5b
22 changed files with 478 additions and 117 deletions
--- a/README.md
+++ b/README.md
@@ -237,6 +237,19 @@ Clio will fallback to hardcoded defaults when not specified in the config file o
 of the minimum and maximum supported versions hardcoded in `src/rpc/common/APIVersion.h`.
 > **Note:** See `example-config.json` for more details. 

+## Admin rights for requests
+
+By default clio checks admin privileges by IP address from request (only `127.0.0.1` is considered to be an admin).
+It is not very secure because the IP could be spoofed.
+For a better security `admin_password` could be provided in the `server` section of clio's config:
+```json
+"server": {
+    "admin_password": "secret"
+}
+```
+If the password is presented in the config, clio will check the Authorization header (if any) in each request for the password.
+Exactly equal password gains admin rights for the request or a websocket connection.
+
 ## Using clang-tidy for static analysis

 Minimum clang-tidy version required is 16.0.