From 7651d64b5e837e8a82a6d4312ded610dd8295fdd Mon Sep 17 00:00:00 2001
From: David Inostroza <deivid@deivid.xyz>
Date: Thu, 23 Apr 2026 16:12:16 -0400
Subject: [PATCH] elimina HTTPS: servidor corre en HTTP puro

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Dockerfile    |  3 ---
 entrypoint.sh | 15 +--------------
 gen_cert.py   | 42 ------------------------------------------
 3 files changed, 1 insertion(+), 59 deletions(-)
 delete mode 100644 gen_cert.py

diff --git a/Dockerfile b/Dockerfile
index 81c8875..c176958 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,9 +2,6 @@ FROM python:3.12-slim
 
 WORKDIR /app
 
-RUN apt-get update \
-    && apt-get install -y --no-install-recommends openssl \
-    && rm -rf /var/lib/apt/lists/*
 
 COPY requirements.txt .
 RUN pip install --no-cache-dir -r requirements.txt
diff --git a/entrypoint.sh b/entrypoint.sh
index 3680266..5477b6d 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -4,19 +4,6 @@ set -e
 # Archivos de datos — crearlos si no existen para que los bind mounts funcionen
 touch cantina.db .spotify_cache
 
-# Certificado SSL autofirmado — solo se genera una vez
-if [ ! -f cert.pem ] || [ ! -f key.pem ]; then
-    echo "Generando certificado SSL autofirmado..."
-    openssl req -x509 -newkey rsa:2048 \
-        -keyout key.pem -out cert.pem \
-        -days 365 -nodes \
-        -subj "/CN=localhost" \
-        -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" \
-        2>/dev/null
-fi
-
 exec uvicorn app.main:app \
     --host 0.0.0.0 \
-    --port 8000 \
-    --ssl-keyfile key.pem \
-    --ssl-certfile cert.pem
+    --port 8000
diff --git a/gen_cert.py b/gen_cert.py
deleted file mode 100644
index 657bed5..0000000
--- a/gen_cert.py
+++ /dev/null
@@ -1,42 +0,0 @@
-"""Genera un certificado SSL autofirmado para localhost."""
-import datetime
-from cryptography import x509
-from cryptography.x509.oid import NameOID
-from cryptography.hazmat.primitives import hashes, serialization
-from cryptography.hazmat.primitives.asymmetric import rsa
-
-key = rsa.generate_private_key(public_exponent=65537, key_size=2048)
-
-subject = issuer = x509.Name([
-    x509.NameAttribute(NameOID.COMMON_NAME, "localhost"),
-])
-
-cert = (
-    x509.CertificateBuilder()
-    .subject_name(subject)
-    .issuer_name(issuer)
-    .public_key(key.public_key())
-    .serial_number(x509.random_serial_number())
-    .not_valid_before(datetime.datetime.utcnow())
-    .not_valid_after(datetime.datetime.utcnow() + datetime.timedelta(days=365))
-    .add_extension(
-        x509.SubjectAlternativeName([
-            x509.DNSName("localhost"),
-            x509.IPAddress(__import__("ipaddress").IPv4Address("127.0.0.1")),
-        ]),
-        critical=False,
-    )
-    .sign(key, hashes.SHA256())
-)
-
-with open("cert.pem", "wb") as f:
-    f.write(cert.public_bytes(serialization.Encoding.PEM))
-
-with open("key.pem", "wb") as f:
-    f.write(key.private_bytes(
-        serialization.Encoding.PEM,
-        serialization.PrivateFormat.TraditionalOpenSSL,
-        serialization.NoEncryption(),
-    ))
-
-print("Certificados generados: cert.pem y key.pem")