Merge pull request 'Remove hardcoded secrets, load API token from env' (#29) from fix/2-3-security-hardcoded-secrets into main

2026-03-23 03:50:07 +00:00 · 2026-03-23 03:50:07 +00:00 · 602151fb16
commit 602151fb16
parent f1ca14791d 6c20f93901
5 changed files with 24 additions and 81 deletions
--- a/.claude/ops-rework/check_prod_missing_ratings.py
+++ b/.claude/ops-rework/check_prod_missing_ratings.py
@ -1,8 +1,14 @@
 import asyncio
+import sys
+from pathlib import Path
+
 import aiohttp
 import pandas as pd

-AUTH_TOKEN = {"Authorization": "Bearer Tp3aO3jhYve5NJF1IqOmJTmk"}
+# Add project root so we can import db_calls
+sys.path.insert(0, str(Path(__file__).resolve().parents[2]))
+from db_calls import AUTH_TOKEN
+
 PROD_URL = "https://pd.manticorum.com/api"


--- a/.env.example
+++ b/.env.example
@ -0,0 +1,2 @@
+# Paper Dynasty API
+PD_API_TOKEN=your-bearer-token-here
--- a/db_calls.py
+++ b/db_calls.py
@ -1,10 +1,18 @@
+import os
+
 import aiohttp
 import pybaseball as pb
+from dotenv import load_dotenv

 from typing import Literal
 from exceptions import logger

-AUTH_TOKEN = {"Authorization": "Bearer Tp3aO3jhYve5NJF1IqOmJTmk"}
+load_dotenv()
+
+_token = os.environ.get("PD_API_TOKEN")
+if not _token:
+    raise EnvironmentError("PD_API_TOKEN environment variable is required")
+AUTH_TOKEN = {"Authorization": f"Bearer {_token}"}
 DB_URL = "https://pd.manticorum.com/api"
 master_debug = True
 alt_database = None
@ -25,7 +33,7 @@ def param_char(other_params):
 def get_req_url(
    endpoint: str, api_ver: int = 2, object_id: int = None, params: list = None
 ):
-    req_url = f'{DB_URL}/v{api_ver}/{endpoint}{"/" if object_id is not None else ""}{object_id if object_id is not None else ""}'
+    req_url = f"{DB_URL}/v{api_ver}/{endpoint}{'/' if object_id is not None else ''}{object_id if object_id is not None else ''}"

    if params:
        other_params = False
@ -39,11 +47,11 @@ def get_req_url(
 def log_return_value(log_string: str):
    if master_debug:
        logger.info(
-            f'return: {log_string[:1200]}{"  [ S N I P P E D ]" if len(log_string) > 1200 else ""}\n'
+            f"return: {log_string[:1200]}{'  [ S N I P P E D ]' if len(log_string) > 1200 else ''}\n"
        )
    else:
        logger.debug(
-            f'return: {log_string[:1200]}{"  [ S N I P P E D ]" if len(log_string) > 1200 else ""}\n'
+            f"return: {log_string[:1200]}{'  [ S N I P P E D ]' if len(log_string) > 1200 else ''}\n"
        )


@ -183,4 +191,4 @@ def get_player_data(
 def player_desc(this_player) -> str:
    if this_player["p_name"] in this_player["description"]:
        return this_player["description"]
-    return f'{this_player["description"]} {this_player["p_name"]}'
+    return f"{this_player['description']} {this_player['p_name']}"
--- a/pyproject.toml
+++ b/pyproject.toml
@ -23,6 +23,8 @@ dependencies = [
    "pydantic>=2.9.0",
    # AWS
    "boto3>=1.35.0",
+    # Environment
+    "python-dotenv>=1.0.0",
    # Scraping
    "beautifulsoup4>=4.12.0",
    "lxml>=5.0.0",
--- a/scripts/supabase_doodling.py
+++ b/scripts/supabase_doodling.py
@ -1,75 +0,0 @@
-from typing import Literal
-import requests
-from exceptions import logger, log_exception
-
-AUTH_TOKEN = {
-    "Authorization": "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImNucGhwbnV2aGp2cXprY2J3emRrIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTc0NTgxMTc4NCwiZXhwIjoyMDYxMzg3Nzg0fQ.7dG_y2zU2PajBwTD8vut5GcWf3CSaZePkYW_hMf0fVg",
-    "apikey": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImNucGhwbnV2aGp2cXprY2J3emRrIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTc0NTgxMTc4NCwiZXhwIjoyMDYxMzg3Nzg0fQ.7dG_y2zU2PajBwTD8vut5GcWf3CSaZePkYW_hMf0fVg",
-}
-DB_URL = "https://cnphpnuvhjvqzkcbwzdk.supabase.co/rest/v1"
-
-
-def get_req_url(endpoint: str, params: list = None):
-    req_url = f"{DB_URL}/{endpoint}?"
-
-    if params:
-        other_params = False
-        for x in params:
-            req_url += f'{"&" if other_params else "?"}{x[0]}={x[1]}'
-            other_params = True
-
-    return req_url
-
-
-def log_return_value(log_string: str, log_type: Literal["info", "debug"]):
-    if log_type == "info":
-        logger.info(
-            f'return: {log_string[:1200]}{"  [ S N I P P E D ]" if len(log_string) > 1200 else ""}\n'
-        )
-    else:
-        logger.debug(
-            f'return: {log_string[:1200]}{"  [ S N I P P E D ]" if len(log_string) > 1200 else ""}\n'
-        )
-
-
-def db_get(
-    endpoint: str,
-    params: dict = None,
-    limit: int = 1000,
-    offset: int = 0,
-    none_okay: bool = True,
-    timeout: int = 3,
-):
-    req_url = f"{DB_URL}/{endpoint}?limit={limit}&offset={offset}"
-    logger.info(f"HTTP GET: {req_url}, params: {params}")
-
-    response = requests.request("GET", req_url, params=params, headers=AUTH_TOKEN)
-    logger.info(response)
-
-    if response.status_code != requests.codes.ok:
-        log_exception(Exception, response.text)
-
-    data = response.json()
-    if isinstance(data, list) and len(data) == 0:
-        if none_okay:
-            return None
-        else:
-            log_exception(Exception, "Query returned no results and none_okay = False")
-
-    return data
-
-    # async with aiohttp.ClientSession(headers=AUTH_TOKEN) as session:
-    #     async with session.get(req_url) as r:
-    #         logger.info(f'session info: {r}')
-    #         if r.status == 200:
-    #             js = await r.json()
-    #             log_return_value(f'{js}')
-    #             return js
-    #         elif none_okay:
-    #             e = await r.text()
-    #             logger.error(e)
-    #             return None
-    #         else:
-    #             e = await r.text()
-    #             logger.error(e)
-    #             raise ValueError(f'DB: {e}')