fix: replace error.message with generic "Internal server error" in all API catch blocks

Prevents leaking internal error details to clients across 7 route files: health, candles, annotations, annotations/[id], upload, export, span-annotations/export. Server-side console.error logging preserved for debugging. Closes task 4.6. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 11:16:02 +01:00 · 2026-02-18 11:16:02 +01:00 · aace19b7f4
commit aace19b7f4
parent 81e3554d82
8 changed files with 28 additions and 16 deletions
--- a/src/app/api/candles/route.ts
+++ b/src/app/api/candles/route.ts
@ -36,8 +36,9 @@ export async function GET(request: NextRequest) {

    return NextResponse.json(normalized);
  } catch (error: any) {
+    console.error(error);
    return NextResponse.json(
-      { error: error.message || 'Failed to fetch candles' },
+      { error: 'Internal server error' },
      { status: 500 }
    );
  }