From 9aea7b8ec895b90e00a70cd7dddfb75c6d9a6df5 Mon Sep 17 00:00:00 2001
From: 24c02 <163450896+24c02@users.noreply.github.com>
Date: Thu, 18 Dec 2025 14:55:40 -0500
Subject: [PATCH] Use env vars for all HCB credentials

- HCB_CLIENT_ID
- HCB_CLIENT_SECRET
- HCB_RECIPIENT_ORG_ID
- HCB_API_BASE (optional, defaults to https://hcb.hackclub.com)
---
 app/controllers/hcb/oauth_connections_controller.rb | 4 ++--
 app/models/hcb/oauth_connection.rb                  | 4 ++--
 app/models/hcb/payment_account.rb                   | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/app/controllers/hcb/oauth_connections_controller.rb b/app/controllers/hcb/oauth_connections_controller.rb
index 7107590..55df7ec 100644
--- a/app/controllers/hcb/oauth_connections_controller.rb
+++ b/app/controllers/hcb/oauth_connections_controller.rb
@@ -36,8 +36,8 @@ class HCB::OauthConnectionsController < ApplicationController
 
   def hcb_oauth_client
     @hcb_oauth_client ||= OAuth2::Client.new(
-      Rails.application.credentials.dig(:hcb, :client_id),
-      Rails.application.credentials.dig(:hcb, :client_secret),
+      ENV.fetch("HCB_CLIENT_ID"),
+      ENV.fetch("HCB_CLIENT_SECRET"),
       site: "#{hcb_api_base}/api/v4/",
       authorize_url: "oauth/authorize",
       token_url: "oauth/token",
diff --git a/app/models/hcb/oauth_connection.rb b/app/models/hcb/oauth_connection.rb
index 66a96a9..016c983 100644
--- a/app/models/hcb/oauth_connection.rb
+++ b/app/models/hcb/oauth_connection.rb
@@ -28,8 +28,8 @@ class HCB::OauthConnection < ApplicationRecord
 
   def client
     @client ||= HCBV4::Client.from_credentials(
-      client_id: Rails.application.credentials.dig(:hcb, :client_id),
-      client_secret: Rails.application.credentials.dig(:hcb, :client_secret),
+      client_id: ENV.fetch("HCB_CLIENT_ID"),
+      client_secret: ENV.fetch("HCB_CLIENT_SECRET"),
       access_token: access_token,
       refresh_token: refresh_token,
       expires_at: expires_at&.to_i,
diff --git a/app/models/hcb/payment_account.rb b/app/models/hcb/payment_account.rb
index 297d41d..65548d4 100644
--- a/app/models/hcb/payment_account.rb
+++ b/app/models/hcb/payment_account.rb
@@ -38,7 +38,7 @@ class HCB::PaymentAccount < ApplicationRecord
   def create_disbursement!(amount_cents:, memo:)
     result = client.create_disbursement(
       event_id: organization_id,
-      to_organization_id: Rails.application.credentials.dig(:hcb, :recipient_org_id),
+      to_organization_id: ENV.fetch("HCB_RECIPIENT_ORG_ID"),
       amount_cents: amount_cents,
       name: memo,
     )