Login/password for API (wallet) about hornet-playbook HOT 5 CLOSED

The /api paths used for wallet connections are not protected with login password.

Is that what you mean?

from hornet-playbook.

Yes I know, question was how to protect with login/password.
I want to chose who can connect.

from hornet-playbook.

You'd have to remove the wallet paths from permitted routes in the config.json
The best way of doing that is by overwriting the hornet config
The only thing you need to overwrite is the hornet_config_restAPI_permittedRoutes variable.
Maybe to something like this in the override file:

hornet_config_restAPI_permittedRoutes:
  - "/health"
  - "/api/v1/info"

from hornet-playbook.

This will disable access to /api for everyone
I want to be able to connect my wallet, but just me

from hornet-playbook.

I don't think this is possible, if I understand you correctly.
Which paths/access do you want to keep available for everyone?

By default the config has these permittedRoutes:

jq .restAPI.permittedRoutes <  /var/lib/hornet/config.json
[
  "/health",
  "/mqtt",
  "/api/v1/info",
  "/api/v1/tips",
  "/api/v1/messages/:messageID",
  "/api/v1/messages/:messageID/metadata",
  "/api/v1/messages/:messageID/raw",
  "/api/v1/messages/:messageID/children",
  "/api/v1/messages",
  "/api/v1/transactions/:transactionID/included-message",
  "/api/v1/milestones/:milestoneIndex",
  "/api/v1/milestones/:milestoneIndex/utxo-changes",
  "/api/v1/outputs/:outputID",
  "/api/v1/addresses/:address",
  "/api/v1/addresses/:address/outputs",
  "/api/v1/addresses/ed25519/:address",
  "/api/v1/addresses/ed25519/:address/outputs",
  "/api/v1/treasury"
]

These allow access to the wallet. By limiting only to /health and /api/v1/info people can view the node's health and basic information.

from hornet-playbook.