Tip of the day: The Security article gives hands-on tips on how to deal with drone attacks, flooding, spammers, (D)DoS and more.

Rpc-class block

From UnrealIRCd documentation wiki
Jump to navigation Jump to search

The rpc-class block decides which API calls can be made via JSON-RPC for an account. It works similar to the Operclass block block but then with RPC names.

We ship with two build-in rpc classes:

  • full: access to all JSON-RPC Methods
  • readonly: only access to like user.list, channel.list, server_ban.list, but not changing things like user.set_nick or server_ban.add.

Syntax

rpc-class <name> {
    permissions {
        /* ...all the permissions here... */
    }
    parent xyz; /* OPTIONAL: can be used to inherit permissions from another rpc-class block */
}

Each rpc-class has a name. You define the permissions in rpc-class::permissions. Optionally, you can use rpc-class::parent to have this inherit all permissions from another rpc-class.

The permissions are based on the JSON methods as mentioned in the JSON-RPC:Technical documentation. On the right there you can see the navigation with items like: rpc: set_issuer, info, add_timer, etc.

Example

This limits the JSON-RPC calls to just server.list, server.get, channel.list, channel.get, user.list, user.get: 

rpc-class limited {
    permissions {
        server { list; get; }
        channel { list; get; }
        user { list; get; }
    }
}

And then to actually use this restricted block you have a Rpc-user block with rpc-user::rpc-class set to this, like: 

rpc-user apiuser {
    match { ip 127.0.0.1; }
    password "test";
    rpc-class limited;
}
Retrieved from "https://www.unrealircd.org/docwiki/index.php?title=Rpc-class_block&oldid=14232"