From ff00ec122682f2ef884124f38cfba28a0ebe4ec1 Mon Sep 17 00:00:00 2001
From: jesopo <github@lolnerd.net>
Date: Fri, 5 Oct 2018 23:16:34 +0100
Subject: [PATCH] Require modules/rest_api.py has tls cert/key

---
 bot.conf.example    | 4 +++-
 modules/rest_api.py | 9 ++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/bot.conf.example b/bot.conf.example
index 6eed060d..5914d822 100644
--- a/bot.conf.example
+++ b/bot.conf.example
@@ -1,6 +1,8 @@
 [bot]
-tls-certificate          =
 tls-key                  =
+tls-certificate          =
+tls-api-key              =
+tls-api-certificate      =
 # https://openweathermap.org/api
 openweathermap-api-key   =
 # https://products.wolframalpha.com/api/
diff --git a/modules/rest_api.py b/modules/rest_api.py
index dafb74e8..3b6d515a 100644
--- a/modules/rest_api.py
+++ b/modules/rest_api.py
@@ -1,4 +1,7 @@
-import http.server, json, threading, uuid, urllib.parse
+#--require-config tls-api-key
+#--require-config tls-api-certificate
+
+import http.server, json, ssl, threading, uuid, urllib.parse
 import flask
 from src import utils
 
@@ -76,6 +79,10 @@ class Module(object):
 
         if bot.get_setting("rest-api", False):
             self.httpd = http.server.HTTPServer(("", 5000), Handler)
+            self.httpd.socket = ssl.wrap_socket(self.httpd.socket,
+                keyfile=self.bot.config["tls-api-key"],
+                certfile=self.bot.config["tls-api-certificate"],
+                server_side=True)
             self.thread = threading.Thread(target=self.httpd.serve_forever)
             self.thread.daemon = True
             self.thread.start()