hcb icon indicating copy to clipboard operation
hcb copied to clipboard
verified publisher icon hackclub

[Admin] Move Airtable configurations to database

Open garyhtou opened this issue 11 months ago • 4 comments

We don't want this in the code: https://github.com/hackclub/hcb/blob/1acca430d656e4304e0178045b14497dfbe41096/app/helpers/static_pages_helper.rb#L39-L150

Move it to the database. Use JSONB for the query. Add a string name column with a unique index. that's now we'll easily look up these configurations during runtime.

garyhtou avatar Mar 20 '25 10:03 garyhtou

Umm - I think this is massively over complicating this. I think it's fine that these are defined in code. They should also work out of the box in development if you have an Airtable key with access.

sampoder avatar Mar 20 '25 17:03 sampoder

I do agree this complicates things. See this for security implications. Any thoughts on other solutions?

garyhtou avatar Mar 20 '25 19:03 garyhtou

Alternatively, we could move these URLs to credentials, but that's quite a few env vars we'd be adding.

garyhtou avatar Mar 20 '25 19:03 garyhtou

It's pretty standard for Airtable links to be committed in Hack Club's codebases. They aren't a security concern as long as everyone knows those emails should be ignored; and they would remain a concern even if we made this change because they're listed in other places.

Honestly, a bit confused about why people with seemingly good intentions are making these requests? Didn't expect that.

sampoder avatar Mar 20 '25 21:03 sampoder