Rpc-user block

Via the rpc-user block you tell who is authorized to use JSON-RPC. This is not meant to allow end-users (real people) direct API access, but to allow software like the webpanel.

Syntax
rpc-user { match ; password ; }

Every RPC user authenticates with a name and password:
 * name: the name of the rpc-user block designates the username used for JSON-RPC logins
 * password: this is the password, it can be an hashed instead of using plaintext.

Every block also has a match which is a Mask item. It is highly recommended to use strict filter on IP addresses, because:
 * API access is very powerful: you can grab a lot of (sensitive) information very fast, and also change and set things, wreak havoc very fast, when abused.
 * The UnrealIRCd webserver and JSON-RPC functionality is quite new. When a connection is made on the RPC server port, we first check if any of the rpc-user::match match. If not, we immediately reject the connection without even reading or parsing the request. Thus, with a strict rpc-user::match you limit the attack surface of all the JSON-RPC components a lot.

Example
rpc-user apiuser { match { ip 127.0.0.1; } password "test"; }