auth: Update docs

api/permissioned.go

@@ -12,6 +12,8 @@ type permKey int
 var permCtxKey permKey
 
 const (
+	// When changing these, update docs/API.md too
+
 	PermRead  = "read" // default
 	PermWrite = "write"
 	PermSign  = "sign"  // Use wallet keys for signing

api/struct.go

@@ -37,10 +37,10 @@ type Struct struct {
 		MinerCreateBlock func(context.Context, address.Address, *chain.TipSet, []chain.Ticket, chain.ElectionProof, []*chain.SignedMessage) (*chain.BlockMsg, error) `perm:"write"`
 
 		WalletNew            func(context.Context, string) (address.Address, error)                   `perm:"write"`
-		WalletList           func(context.Context) ([]address.Address, error)                         `perm:"read"`
+		WalletList           func(context.Context) ([]address.Address, error)                         `perm:"write"`
 		WalletBalance        func(context.Context, address.Address) (types.BigInt, error)             `perm:"read"`
 		WalletSign           func(context.Context, address.Address, []byte) (*chain.Signature, error) `perm:"sign"`
-		WalletDefaultAddress func(context.Context) (address.Address, error)                           `perm:"read"` // todo: this reveals owner identity, should be write?
+		WalletDefaultAddress func(context.Context) (address.Address, error)                           `perm:"write"`
 		MpoolGetNonce        func(context.Context, address.Address) (uint64, error)                   `perm:"read"`
 
 		ClientImport      func(ctx context.Context, path string) (cid.Cid, error) `perm:"write"`

docs/API.md

@@ -12,8 +12,10 @@ By default `127.0.0.1:1234` - daemon stores the api endpoint multiaddr in `~/.lo
 JWT in the `Authorization: Bearer <token>` http header
 
 Permissions:
-* `read` - read node state, no private data
-* `write` - basically root access, for now
+* `read` - Read node state, no private data
+* `write` - Write to local store / chain, read private data
+* `sign` - Use private keys stored in wallet for signing
+* `admin` - Manage permissions
 
 Payload:
 ```json