Use env vars for all HCB credentials

- HCB_CLIENT_ID - HCB_CLIENT_SECRET - HCB_RECIPIENT_ORG_ID - HCB_API_BASE (optional, defaults to https://hcb.hackclub.com)
2026-04-19 16:38:18 +00:00 · 2025-12-18 14:55:40 -05:00 · 2025-12-18 14:55:40 -05:00 · 9aea7b8ec8
commit 9aea7b8ec8
parent 36355e931e
3 changed files with 5 additions and 5 deletions
--- a/app/controllers/hcb/oauth_connections_controller.rb
+++ b/app/controllers/hcb/oauth_connections_controller.rb
@ -36,8 +36,8 @@ class HCB::OauthConnectionsController < ApplicationController

  def hcb_oauth_client
    @hcb_oauth_client ||= OAuth2::Client.new(
-      Rails.application.credentials.dig(:hcb, :client_id),
-      Rails.application.credentials.dig(:hcb, :client_secret),
+      ENV.fetch("HCB_CLIENT_ID"),
+      ENV.fetch("HCB_CLIENT_SECRET"),
      site: "#{hcb_api_base}/api/v4/",
      authorize_url: "oauth/authorize",
      token_url: "oauth/token",
--- a/app/models/hcb/oauth_connection.rb
+++ b/app/models/hcb/oauth_connection.rb
@ -28,8 +28,8 @@ class HCB::OauthConnection < ApplicationRecord

  def client
    @client ||= HCBV4::Client.from_credentials(
-      client_id: Rails.application.credentials.dig(:hcb, :client_id),
-      client_secret: Rails.application.credentials.dig(:hcb, :client_secret),
+      client_id: ENV.fetch("HCB_CLIENT_ID"),
+      client_secret: ENV.fetch("HCB_CLIENT_SECRET"),
      access_token: access_token,
      refresh_token: refresh_token,
      expires_at: expires_at&.to_i,
--- a/app/models/hcb/payment_account.rb
+++ b/app/models/hcb/payment_account.rb
@ -38,7 +38,7 @@ class HCB::PaymentAccount < ApplicationRecord
  def create_disbursement!(amount_cents:, memo:)
    result = client.create_disbursement(
      event_id: organization_id,
-      to_organization_id: Rails.application.credentials.dig(:hcb, :recipient_org_id),
+      to_organization_id: ENV.fetch("HCB_RECIPIENT_ORG_ID"),
      amount_cents: amount_cents,
      name: memo,
    )