chore: adjust code performance and sintaxe

fixed:

Unscoped Finds, Multi-line Ternary Operators, Lambda Syntax, Redundant Else, Unused Block Arguments

some adjusts to avoid SSRF and change MD5->SHA256

Author: Bulletdev

app/controllers/api/v1/scrims/opponent_teams_controller.rb

@@ -105,8 +105,10 @@ def destroy
 
     # Finds opponent team by ID
     # Security Note: OpponentTeam is a shared resource across organizations.
-    # Deletion is restricted to teams without cross-org usage (see destroy action).
-    # Consider adding organization_id in future for proper multi-tenancy.
+    # Access control is enforced via verify_team_usage! before_action for
+    # sensitive operations (update/destroy). This ensures organizations can
+    # only modify teams they have scrims with.
+    # Read operations (index/show) are allowed for all teams to enable discovery.
     def set_opponent_team
       @opponent_team = OpponentTeam.find(params[:id])
     rescue ActiveRecord::RecordNotFound

app/jobs/sync_match_job.rb

@@ -132,14 +132,23 @@ def normalize_role(role)
   def calculate_performance_score(participant_data)
     # Simple performance score calculation
     # This can be made more sophisticated
-    kda = participant_data[:deaths].zero? ?
-          (participant_data[:kills] + participant_data[:assists]).to_f :
-          (participant_data[:kills] + participant_data[:assists]).to_f / participant_data[:deaths]
+    kda = calculate_kda(
+      kills: participant_data[:kills],
+      deaths: participant_data[:deaths],
+      assists: participant_data[:assists]
+    )
 
     base_score = kda * 10
     damage_score = (participant_data[:total_damage_dealt] / 1000.0)
     vision_score = participant_data[:vision_score] || 0
 
     (base_score + damage_score * 0.1 + vision_score).round(2)
   end
+
+  def calculate_kda(kills:, deaths:, assists:)
+    total = (kills + assists).to_f
+    return total if deaths.zero?
+
+    total / deaths
+  end
 end

app/models/concerns/tier_features.rb

@@ -212,8 +212,6 @@ def suggested_upgrade
           'Meta analysis'
         ]
       }
-    else
-      nil
     end
   end
 

app/models/player.rb

@@ -64,11 +64,11 @@ class Player < ApplicationRecord
   scope :by_status, ->(status) { where(status: status) }
   scope :active, -> { where(status: 'active') }
   scope :with_contracts, -> { where.not(contract_start_date: nil) }
-  scope :contracts_expiring_soon, ->(days = 30) {
+  scope :contracts_expiring_soon, lambda { |days = 30|
     where(contract_end_date: Date.current..Date.current + days.days)
   }
   scope :by_tier, ->(tier) { where(solo_queue_tier: tier) }
-  scope :ordered_by_role, -> {
+  scope :ordered_by_role, lambda {
     order(Arel.sql(
       "CASE role
         WHEN 'top' THEN 1

app/modules/competitive/services/draft_comparator_service.rb

@@ -20,7 +20,8 @@ def self.compare_draft(our_picks:, opponent_picks:, our_bans: [], opponent_bans:
         )
       end
 
-      def compare_draft(our_picks:, opponent_picks:, our_bans:, opponent_bans:, patch:, organization:)
+      # Note: opponent_bans parameter reserved for future ban analysis
+      def compare_draft(our_picks:, opponent_picks:, our_bans:, _opponent_bans:, patch:, organization:)
         # Find similar professional matches
         similar_matches = find_similar_matches(
           champions: our_picks,
@@ -234,7 +235,8 @@ def calculate_similarity_score(picks, similar_matches)
       end
 
       # Generate strategic insights based on analysis
-      def generate_insights(our_picks:, opponent_picks:, our_bans:, similar_matches:, meta_score:, patch:)
+      # Note: our_picks parameter reserved for future use
+      def generate_insights(_our_picks:, opponent_picks:, our_bans:, similar_matches:, meta_score:, patch:)
         insights = []
 
         # Meta relevance

app/modules/competitive/services/pandascore_service.rb

@@ -153,7 +153,7 @@ def handle_response(response)
       # @return [String] Cache key
       def cache_key(endpoint, params)
         normalized_endpoint = endpoint.gsub('/', ':')
-        param_hash = Digest::MD5.hexdigest(params.to_json)
+        param_hash = Digest::SHA256.hexdigest(params.to_json)
         "pandascore:#{normalized_endpoint}:#{param_hash}"
       end
 

app/modules/matches/jobs/sync_match_job.rb

@@ -115,14 +115,23 @@ def calculate_performance_score(participant_data)
     # Simple performance score calculation
     # This can be made more sophisticated
     # future work
-    kda = participant_data[:deaths].zero? ?
-          (participant_data[:kills] + participant_data[:assists]).to_f :
-          (participant_data[:kills] + participant_data[:assists]).to_f / participant_data[:deaths]
+    kda = calculate_kda(
+      kills: participant_data[:kills],
+      deaths: participant_data[:deaths],
+      assists: participant_data[:assists]
+    )
 
     base_score = kda * 10
     damage_score = (participant_data[:total_damage_dealt] / 1000.0)
     vision_score = participant_data[:vision_score] || 0
 
     (base_score + damage_score * 0.1 + vision_score).round(2)
   end
+
+  def calculate_kda(kills:, deaths:, assists:)
+    total = (kills + assists).to_f
+    return total if deaths.zero?
+
+    total / deaths
+  end
 end

app/modules/players/services/riot_sync_service.rb

@@ -242,6 +242,7 @@ def fetch_account_by_riot_id(game_name, tag_line)
       end
 
       def fetch_summoner_by_puuid(puuid)
+        # Region already validated in initialize via sanitize_region
         url = "https://#{region}.api.riotgames.com/lol/summoner/v4/summoners/by-puuid/#{puuid}"
         response = make_request(url)
 

app/modules/scrims/controllers/opponent_teams_controller.rb

@@ -105,8 +105,10 @@ def destroy
 
     # Finds opponent team by ID
     # Security Note: OpponentTeam is a shared resource across organizations.
-    # Deletion is restricted to teams without cross-org usage (see destroy action).
-    # Consider adding organization_id in future for proper multi-tenancy.
+    # Access control is enforced via verify_team_usage! before_action for
+    # sensitive operations (update/destroy). This ensures organizations can
+    # only modify teams they have scrims with.
+    # Read operations (index/show) are allowed for all teams to enable discovery.
     def set_opponent_team
       @opponent_team = OpponentTeam.find(params[:id])
     rescue ActiveRecord::RecordNotFound

app/modules/scrims/services/scrim_analytics_service.rb

@@ -160,7 +160,8 @@ def track_improvement(scrims)
     end
 
     def completion_rate(scrims)
-      completed = scrims.select { |s| s.status == 'completed' }.count
+      # Use count block instead of select.count for better performance
+      completed = scrims.count { |s| s.status == 'completed' }
       return 0 if scrims.count.zero?
 
       ((completed.to_f / scrims.count) * 100).round(2)
@@ -179,7 +180,7 @@ def avg_duration(scrims)
       "#{minutes}:#{seconds.to_s.rjust(2, '0')}"
     end
 
-    def successful_compositions(scrims)
+    def successful_compositions(_scrims)
       # This would require match data integration
       # For now, return placeholder
       []