fix: replace error.message with generic "Internal server error" in all API catch blocks

Prevents leaking internal error details to clients across 7 route files: health, candles, annotations, annotations/[id], upload, export, span-annotations/export. Server-side console.error logging preserved for debugging. Closes task 4.6. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-18 11:16:02 +01:00 · 2026-02-18 11:16:02 +01:00 · aace19b7f4
commit aace19b7f4
parent 81e3554d82
8 changed files with 28 additions and 16 deletions
--- a/src/app/api/upload/route.ts
+++ b/src/app/api/upload/route.ts
@ -168,27 +168,30 @@ export async function POST(request: NextRequest): Promise<NextResponse> {
              })
            );
          } catch (error: any) {
+            console.error(error);
            resolve(
              NextResponse.json(
-                { error: error.message || 'Failed to process CSV data' },
-                { status: 400 }
+                { error: 'Internal server error' },
+                { status: 500 }
              )
            );
          }
        },
        error: (error: any) => {
+          console.error(error);
          resolve(
            NextResponse.json(
-              { error: `CSV parsing error: ${error.message}` },
-              { status: 400 }
+              { error: 'Internal server error' },
+              { status: 500 }
            )
          );
        },
      });
    });
  } catch (error: any) {
+    console.error(error);
    return NextResponse.json(
-      { error: error.message || 'Internal server error' },
+      { error: 'Internal server error' },
      { status: 500 }
    );
  }