From 9fac54fe0b8d650afd20fd7817e6b223a697888e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 4 Feb 2026 04:51:31 +0000
Subject: [PATCH] Address code review feedback: use dedicated executor, improve
 logging, add security notes

Co-authored-by: funkemunky <30784509+funkemunky@users.noreply.github.com>
---
 .../src/main/java/dev/brighten/antivpn/api/VPNConfig.java     | 2 ++
 .../java/dev/brighten/antivpn/webhook/WebhookNotifier.java    | 4 ++--
 Common/Source/src/main/resources/config.yml                   | 1 +
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/Common/Source/src/main/java/dev/brighten/antivpn/api/VPNConfig.java b/Common/Source/src/main/java/dev/brighten/antivpn/api/VPNConfig.java
index 8becdd8..a679b09 100644
--- a/Common/Source/src/main/java/dev/brighten/antivpn/api/VPNConfig.java
+++ b/Common/Source/src/main/java/dev/brighten/antivpn/api/VPNConfig.java
@@ -294,6 +294,8 @@ public class VPNConfig {
 
     /**
      * The authentication token to use for webhook requests.
+     * Note: Token is stored in memory as plaintext. Ensure proper file system
+     * permissions are set on config.yml to protect sensitive authentication tokens.
      * @return String
      */
     public String webhookAuthToken() {
diff --git a/Common/Source/src/main/java/dev/brighten/antivpn/webhook/WebhookNotifier.java b/Common/Source/src/main/java/dev/brighten/antivpn/webhook/WebhookNotifier.java
index 05dcd3e..8e3e0df 100644
--- a/Common/Source/src/main/java/dev/brighten/antivpn/webhook/WebhookNotifier.java
+++ b/Common/Source/src/main/java/dev/brighten/antivpn/webhook/WebhookNotifier.java
@@ -44,7 +44,7 @@ public class WebhookNotifier {
             } catch (Exception e) {
                 AntiVPN.getInstance().getExecutor().logException("Failed to send webhook notification", e);
             }
-        });
+        }, dev.brighten.antivpn.api.VPNExecutor.threadExecutor);
     }
 
     /**
@@ -91,7 +91,7 @@ public class WebhookNotifier {
             // Check response
             int responseCode = connection.getResponseCode();
             if (responseCode >= 200 && responseCode < 300) {
-                AntiVPN.getInstance().getExecutor().log(Level.FINE, 
+                AntiVPN.getInstance().getExecutor().log(Level.INFO, 
                     "Successfully sent webhook notification for player %s (response: %d)", 
                     player.getName(), responseCode);
             } else {
diff --git a/Common/Source/src/main/resources/config.yml b/Common/Source/src/main/resources/config.yml
index 2f4e124..9f16093 100644
--- a/Common/Source/src/main/resources/config.yml
+++ b/Common/Source/src/main/resources/config.yml
@@ -49,6 +49,7 @@ webhooks:
   # Optional: Set to true to include authentication header (Authorization: Bearer <token>)
   useAuthentication: false
   # The authentication token to use when useAuthentication is true
+  # Security Note: Token is stored in plaintext. Ensure proper file permissions on this file.
   authToken: ''
   # Timeout in seconds for webhook requests (default: 5)
   timeout: 5