security: strip Axios config/request objects from serialized error re…

[Nareshkumawat-star]

✦ Description

Fixes a security concern where sensitive credentials (such as the server-side GROQ_API_KEY) were leaked inside Axios error objects/stack traces when the Express server encountered an HTTP error during requests to third-party endpoints (e.g. Groq AI API) in development mode (NODE_ENV=development).

**##Fixes #652 **

Cause:

When Axios requests fail, they throw an AxiosError containing config and request properties. If NODE_ENV=development is active, the centralized error handler would return the error, exposing config.headers.Authorization containing the raw API key in the response body.

Fix:

Updated the error handler middleware in server/middleware/errorHandler.js to explicitly strip err.config and err.request from the error object before serializing or logging:

  // Strip sensitive request config and request objects from Axios/HTTP errors to prevent leaking keys/headers
  if (err.config) {
    delete err.config;
  }
  if (err.request) {
    delete err.request;
  }
Fixes # [Insert Issue Number Here]

⟡ Type of Change
 Bug fix (non-breaking change which fixes an issue)
✦ Checklist
 My code follows the style guidelines of this project.
 I have performed a self-review of my code.
 My changes generate no new warnings or console errors.

[vercel]

Someone is attempting to deploy a commit to the omkh4242g-1671's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Hi @Nareshkumawat-star, thanks for contributing to Debugra! 🎉

I have automatically:

• 👤 Assigned this PR to you.
• 🏷️ Applied the gssoc:approved label.

Our workflows will now analyze your changes to classify:

• 📈 PR Difficulty: level:*
• 🧩 PR Type: type:*
• 🌟 PR Quality: quality:*

Tip

Ensure your PR description references the issue it resolves (e.g. Closes #123). This allows the bot to inherit any additional labels from that issue!

Happy coding! 🚀