Fix/error message disclosure

[buildwithnisha]

Description

Fixes #6175

Description

Sanitized API error responses to prevent leaking sensitive internal information to clients.

Changes Made

• Removed raw error.message exposure from app/api/github/route.ts
• Added server-side logging for detailed error debugging
• Returned a generic error message to clients for unexpected failures

Security Impact

Prevents disclosure of:

• Internal file paths
• Stack traces
• Database/query details
• Environment variable names
• Sensitive implementation details

Testing

• Verified API fallback errors now return:

  {
    "error": "An internal error occurred"
  }
  

Pillar

• 🎨 Pillar 1 — New Theme Design
• 📐 Pillar 2 — Geometric SVG Improvement
• 🕐 Pillar 3 — Timezone Logic Optimization
• 🛠️ Other (Bug fix, refactoring, docs)

Visual Preview

Checklist before requesting a review:

• [ x] I have read the CONTRIBUTING.md file.
• I have tested these changes locally (localhost:3000/api/streak?user=YOUR_USERNAME).
• I have run npm run format and npm run lint locally and resolved all errors (CI will fail otherwise).
• [ x] My commits follow the Conventional Commits format (e.g., feat(themes): ..., fix(calculate): ...).
• [ x] I have updated README.md if I added a new theme or URL parameter.
• [ x] I have started the repo.
• [ x] I have made sure that i have only one commit to merge in this PR.
• [ x] The SVG output matches the CommitPulse "premium quality" aesthetic standard (no raw elements, smooth animations, correct fonts).
• (Recommended) I joined the CommitPulse Discord community for contributor discussions, mentorship, and faster PR support.

[vercel]

@buildwithnisha is attempting to deploy a commit to the jhasourav07's projects Team on Vercel.

A member of the Team first needs to authorize it.

[Aamod-Dev]

Thank you for fixing this error message disclosure vulnerability in app/api/github/route.ts. Raw error messages can expose sensitive information, so returning a generic fallback to the client while logging the detailed error server-side is the correct mitigation. Approved!

[Aamod-Dev]

GSSoC 2025 — @Aamod007 — needs rebase. Code is solid but there's a duplicate vitest import in badgeLabels.accessibility.test.ts (line 4-5) — please clean that up too.