From 53f70196d48502012fefbfcf74885ad38194c5a9 Mon Sep 17 00:00:00 2001
From: 6figpsolseeker <6figpsolseeker@gmail.com>
Date: Thu, 9 Apr 2026 16:47:09 -0400
Subject: [PATCH] fix(routes): truncate error details in non-production
 responses

insurance.ts, open-interest.ts, and stats.ts exposed untruncated error
messages in non-production 500 responses via the `details` field. While
gated on NODE_ENV !== "production", raw error messages can contain
internal file paths, DB connection strings, or stack traces that aid
reconnaissance in staging/dev environments shared with external testers.

Wrap with truncateErrorMessage(..., 200) to match the pattern already
used by funding.ts and the logger calls in the same catch blocks.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 src/routes/insurance.ts     | 2 +-
 src/routes/open-interest.ts | 2 +-
 src/routes/stats.ts         | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/routes/insurance.ts b/src/routes/insurance.ts
index 340be0d..e41eb16 100644
--- a/src/routes/insurance.ts
+++ b/src/routes/insurance.ts
@@ -80,7 +80,7 @@ export function insuranceRoutes(): Hono {
       logger.error("Error fetching insurance data", { slab, error: truncateErrorMessage(err instanceof Error ? err.message : String(err), 120) });
       return c.json({ 
         error: "Failed to fetch insurance data",
-        ...(process.env.NODE_ENV !== "production" && { details: err instanceof Error ? err.message : String(err) })
+        ...(process.env.NODE_ENV !== "production" && { details: truncateErrorMessage(err instanceof Error ? err.message : String(err), 200) })
       }, 500);
     }
   });
diff --git a/src/routes/open-interest.ts b/src/routes/open-interest.ts
index e0bbd91..2dfc4eb 100644
--- a/src/routes/open-interest.ts
+++ b/src/routes/open-interest.ts
@@ -112,7 +112,7 @@ export function openInterestRoutes(): Hono {
       logger.error("Error fetching OI data", { slab, error: truncateErrorMessage(err instanceof Error ? err.message : String(err), 120) });
       return c.json({ 
         error: "Failed to fetch open interest data",
-        ...(process.env.NODE_ENV !== "production" && { details: err instanceof Error ? err.message : String(err) })
+        ...(process.env.NODE_ENV !== "production" && { details: truncateErrorMessage(err instanceof Error ? err.message : String(err), 200) })
       }, 500);
     }
   });
diff --git a/src/routes/stats.ts b/src/routes/stats.ts
index aaee4fc..8c971a9 100644
--- a/src/routes/stats.ts
+++ b/src/routes/stats.ts
@@ -91,7 +91,7 @@ export function statsRoutes(): Hono {
       logger.error("Error fetching platform stats", { error: truncateErrorMessage(err instanceof Error ? err.message : String(err), 120) });
       return c.json({ 
         error: "Failed to fetch platform statistics",
-        ...(process.env.NODE_ENV !== "production" && { details: err instanceof Error ? err.message : String(err) })
+        ...(process.env.NODE_ENV !== "production" && { details: truncateErrorMessage(err instanceof Error ? err.message : String(err), 200) })
       }, 500);
     }
   });