diff options
| author |  jesopo | 2019-09-13 11:37:53 +0100 |
|---|---|---|
| committer | jesopo | 2019-09-13 11:37:53 +0100 |
| commit | fac0f569b8b45f0c1f44780a5ada8a42647dd0fe (patch) | |
| tree | 0a7f6694eb5261197fe1f7a045dbce15e6cbfa20 | |
| parent | _parse_flags() should always return 2 objects (diff) | |
| signature | ||
remove TLS code from rest_api.py and force it to listen on localhost.
this is to force people to put something like nginx proxy_pass between the wider
internet and bitbot's rest api as the python stdlib http.server is not
production-secure.
| -rw-r--r-- | modules/rest_api.py | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/modules/rest_api.py b/modules/rest_api.py index 33701abd..0d3b408d 100644 --- a/modules/rest_api.py +++ b/modules/rest_api.py @@ -1,8 +1,6 @@ #--depends-on commands #--depends-on config #--depends-on permissions -#--require-config tls-api-key -#--require-config tls-api-certificate import http.server, json, socket, ssl, threading, uuid, urllib.parse from src import ModuleManager, utils @@ -177,12 +175,7 @@ class Module(ModuleManager.BaseModule): self.httpd = None if self.bot.get_setting("rest-api", False): port = int(self.bot.config.get("api-port", "5000")) - self.httpd = BitBotIPv6HTTPd(("", port), Handler) - - self.httpd.socket = utils.security.ssl_wrap(self.httpd.socket, - cert=self.bot.config["tls-api-certificate"], - key=self.bot.config["tls-api-key"], - server_side=True, verify=False) + self.httpd = BitBotIPv6HTTPd(("::1", port), Handler) self.thread = threading.Thread(target=self.httpd.serve_forever) self.thread.daemon = True |