From 3be4f71e22ee8561f677f07c389a3d8a40c962e5 Mon Sep 17 00:00:00 2001
From: Cal Corum <calcorum@users.noreply.github.com>
Date: Thu, 26 Mar 2026 23:15:21 -0500
Subject: [PATCH 1/2] fix: move hardcoded Discord webhook URL to environment
 variable

Replace inline webhook URL+token with DISCORD_WEBHOOK_URL env var.
Logs a warning and returns False gracefully if the var is unset.

The exposed webhook token should be rotated in Discord.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 app/dependencies.py | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/dependencies.py b/app/dependencies.py
index 6441155..fe78a00 100644
--- a/app/dependencies.py
+++ b/app/dependencies.py
@@ -503,6 +503,9 @@ def update_season_pitching_stats(player_ids, season, db_connection):
         raise
 
 
+DISCORD_WEBHOOK_URL = os.environ.get("DISCORD_WEBHOOK_URL")
+
+
 def send_webhook_message(message: str) -> bool:
     """
     Send a message to Discord via webhook.
@@ -513,7 +516,12 @@ def send_webhook_message(message: str) -> bool:
     Returns:
         bool: True if successful, False otherwise
     """
-    webhook_url = "https://discord.com/api/webhooks/1408811717424840876/7RXG_D5IqovA3Jwa9YOobUjVcVMuLc6cQyezABcWuXaHo5Fvz1en10M7J43o3OJ3bzGW"
+    webhook_url = DISCORD_WEBHOOK_URL
+    if not webhook_url:
+        logger.warning(
+            "DISCORD_WEBHOOK_URL env var is not set — skipping webhook message"
+        )
+        return False
 
     try:
         payload = {"content": message}
-- 
2.25.1


From 1bcde424c6ecfd58781dadd4efecc2082e1d7c36 Mon Sep 17 00:00:00 2001
From: Cal Corum <calcorum@users.noreply.github.com>
Date: Thu, 26 Mar 2026 23:23:26 -0500
Subject: [PATCH 2/2] Address PR review feedback for DISCORD_WEBHOOK_URL env
 var

- Add DISCORD_WEBHOOK_URL to docker-compose.yml api service environment block
- Add empty placeholder entry in .env for discoverability
- Move DISCORD_WEBHOOK_URL constant to the env-var constants section at top of dependencies.py

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .env                | 3 +++
 app/dependencies.py | 6 +++---
 docker-compose.yml  | 1 +
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/.env b/.env
index 7e04bd4..30dde8f 100644
--- a/.env
+++ b/.env
@@ -6,6 +6,9 @@ SBA_DB_USER_PASSWORD=your_production_password
 # SBa API
 API_TOKEN=Tp3aO3jhYve5NJF1IqOmJTmk
 
+# Integrations
+DISCORD_WEBHOOK_URL=
+
 # Universal
 TZ=America/Chicago
 LOG_LEVEL=INFO
\ No newline at end of file
diff --git a/app/dependencies.py b/app/dependencies.py
index fe78a00..04ee702 100644
--- a/app/dependencies.py
+++ b/app/dependencies.py
@@ -22,6 +22,9 @@ logger = logging.getLogger("discord_app")
 #     level=log_level
 # )
 
+# Discord integration
+DISCORD_WEBHOOK_URL = os.environ.get("DISCORD_WEBHOOK_URL")
+
 # Redis configuration
 REDIS_HOST = os.environ.get("REDIS_HOST", "localhost")
 REDIS_PORT = int(os.environ.get("REDIS_PORT", "6379"))
@@ -503,9 +506,6 @@ def update_season_pitching_stats(player_ids, season, db_connection):
         raise
 
 
-DISCORD_WEBHOOK_URL = os.environ.get("DISCORD_WEBHOOK_URL")
-
-
 def send_webhook_message(message: str) -> bool:
     """
     Send a message to Discord via webhook.
diff --git a/docker-compose.yml b/docker-compose.yml
index 84f0b68..05a6304 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -34,6 +34,7 @@ services:
       - REDIS_HOST=sba_redis
       - REDIS_PORT=6379
       - REDIS_DB=0
+      - DISCORD_WEBHOOK_URL=${DISCORD_WEBHOOK_URL}
     depends_on:
       - postgres
       - redis
-- 
2.25.1