From fac0f569b8b45f0c1f44780a5ada8a42647dd0fe Mon Sep 17 00:00:00 2001
From: jesopo <github@lolnerd.net>
Date: Fri, 13 Sep 2019 11:37:53 +0100
Subject: [PATCH] remove TLS code from rest_api.py and force it to listen on
 localhost.

this is to force people to put something like nginx proxy_pass between the wider
internet and bitbot's rest api as the python stdlib http.server is not
production-secure.
---
 modules/rest_api.py | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/modules/rest_api.py b/modules/rest_api.py
index 33701abd..0d3b408d 100644
--- a/modules/rest_api.py
+++ b/modules/rest_api.py
@@ -1,8 +1,6 @@
 #--depends-on commands
 #--depends-on config
 #--depends-on permissions
-#--require-config tls-api-key
-#--require-config tls-api-certificate
 
 import http.server, json, socket, ssl, threading, uuid, urllib.parse
 from src import ModuleManager, utils
@@ -177,12 +175,7 @@ class Module(ModuleManager.BaseModule):
         self.httpd = None
         if self.bot.get_setting("rest-api", False):
             port = int(self.bot.config.get("api-port", "5000"))
-            self.httpd = BitBotIPv6HTTPd(("", port), Handler)
-
-            self.httpd.socket = utils.security.ssl_wrap(self.httpd.socket,
-                cert=self.bot.config["tls-api-certificate"],
-                key=self.bot.config["tls-api-key"],
-                server_side=True, verify=False)
+            self.httpd = BitBotIPv6HTTPd(("::1", port), Handler)
 
             self.thread = threading.Thread(target=self.httpd.serve_forever)
             self.thread.daemon = True