fix(security): Sanitize AI route error messages and delete debug endpoint

Stop leaking internal details (provider names, error.message) in API
responses. Provider-not-configured errors now return 503 with a generic
message and log details server-side via captureException. Catch-all
blocks return generic 500s. Handler throw messages are also sanitized
since they surface via job status polling. Deleted the temporary
/api/debug/env diagnostic endpoint.

Author: rajiv_rago

app/api/courses/ai/[courseId]/generate-all/route.ts

@@ -102,9 +102,12 @@ export async function POST(
         course.aiPreferences?.defaultProvider ||
         process.env.AI_PROVIDER ||
         "openai";
+      captureException(new Error(`Provider not configured: ${requestedProvider}`), {
+        operation: "resolve-provider",
+      });
       return NextResponse.json(
-        { error: `API key not configured for provider: ${requestedProvider}` },
-        { status: 500 }
+        { error: "AI service is temporarily unavailable. Please try again later." },
+        { status: 503 }
       );
     }
 
@@ -136,9 +139,7 @@ export async function POST(
   } catch (error) {
     captureException(error, { operation: "Generate all modules content error" });
     return NextResponse.json(
-      {
-        error: `Failed to generate content: ${error instanceof Error ? error.message : "Unknown error"}`,
-      },
+      { error: "Something went wrong. Please try again later." },
       { status: 500 }
     );
   }

app/api/courses/ai/[courseId]/lessons/[lessonId]/generate/route.ts

@@ -103,9 +103,12 @@ export async function POST(
         course.aiPreferences?.defaultProvider ||
         process.env.AI_PROVIDER ||
         "openai";
+      captureException(new Error(`Provider not configured: ${requestedProvider}`), {
+        operation: "resolve-provider",
+      });
       return NextResponse.json(
-        { error: `API key not configured for provider: ${requestedProvider}` },
-        { status: 500 }
+        { error: "AI service is temporarily unavailable. Please try again later." },
+        { status: 503 }
       );
     }
 
@@ -128,9 +131,7 @@ export async function POST(
   } catch (error) {
     captureException(error, { operation: "Generate lesson content error" });
     return NextResponse.json(
-      {
-        error: `Failed to generate content: ${error instanceof Error ? error.message : "Unknown error"}`,
-      },
+      { error: "Something went wrong. Please try again later." },
       { status: 500 }
     );
   }

app/api/courses/ai/[courseId]/modules/[moduleId]/generate/route.ts

@@ -98,9 +98,12 @@ export async function POST(
         course.aiPreferences?.defaultProvider ||
         process.env.AI_PROVIDER ||
         "openai";
+      captureException(new Error(`Provider not configured: ${requestedProvider}`), {
+        operation: "resolve-provider",
+      });
       return NextResponse.json(
-        { error: `API key not configured for provider: ${requestedProvider}` },
-        { status: 500 }
+        { error: "AI service is temporarily unavailable. Please try again later." },
+        { status: 503 }
       );
     }
 
@@ -122,9 +125,7 @@ export async function POST(
   } catch (error) {
     captureException(error, { operation: "Generate module content error" });
     return NextResponse.json(
-      {
-        error: `Failed to generate content: ${error instanceof Error ? error.message : "Unknown error"}`,
-      },
+      { error: "Something went wrong. Please try again later." },
       { status: 500 }
     );
   }

app/api/courses/ai/syllabus/route.ts

@@ -64,10 +64,13 @@ export async function POST(request: NextRequest) {
     });
 
     if (!resolved) {
-      const selectedProvider = provider || process.env.AI_PROVIDER || "openai";
+      const requestedProvider = provider || process.env.AI_PROVIDER || "openai";
+      captureException(new Error(`Provider not configured: ${requestedProvider}`), {
+        operation: "resolve-provider",
+      });
       return NextResponse.json(
-        { error: `API key not configured for provider: ${selectedProvider}` },
-        { status: 500 }
+        { error: "AI service is temporarily unavailable. Please try again later." },
+        { status: 503 }
       );
     }
 
@@ -82,11 +85,8 @@ export async function POST(request: NextRequest) {
     return jsonResponse;
   } catch (error) {
     captureException(error, { operation: "Create syllabus error" });
-
-    const errorMessage = error instanceof Error ? error.message : "Unknown error";
-
     return NextResponse.json(
-      { error: `Failed to generate syllabus: ${errorMessage}` },
+      { error: "Something went wrong. Please try again later." },
       { status: 500 }
     );
   }

app/api/courses/youtube/generate/route.ts

@@ -56,10 +56,13 @@ export async function POST(request: NextRequest) {
     });
 
     if (!resolved) {
-      const selectedProvider = provider || process.env.AI_PROVIDER || "openai";
+      const requestedProvider = provider || process.env.AI_PROVIDER || "openai";
+      captureException(new Error(`Provider not configured: ${requestedProvider}`), {
+        operation: "resolve-provider",
+      });
       return NextResponse.json(
-        { error: `API key not configured for provider: ${selectedProvider}` },
-        { status: 500 }
+        { error: "AI service is temporarily unavailable. Please try again later." },
+        { status: 503 }
       );
     }
 
@@ -74,11 +77,8 @@ export async function POST(request: NextRequest) {
     return jsonResponse;
   } catch (error) {
     captureException(error, { operation: "Generate YouTube path error" });
-
-    const errorMessage = error instanceof Error ? error.message : "Unknown error";
-
     return NextResponse.json(
-      { error: `Failed to generate YouTube path: ${errorMessage}` },
+      { error: "Something went wrong. Please try again later." },
       { status: 500 }
     );
   }

app/api/debug/env/route.ts

@@ -56,9 +56,11 @@ registerHandler(
     });
 
     if (!resolved) {
-      throw new Error(
-        `API key not configured for provider: ${provider || process.env.AI_PROVIDER || "openai"}`
-      );
+      captureException(new Error(`Provider not configured: ${provider || process.env.AI_PROVIDER || "openai"}`), {
+        operation: "resolve-provider",
+        jobType: "ai.generate-syllabus",
+      });
+      throw new Error("AI service is temporarily unavailable");
     }
 
     await dbConnect();
@@ -195,7 +197,13 @@ registerHandler(
       userPreferences,
     });
 
-    if (!resolved) throw new Error("API key not configured");
+    if (!resolved) {
+      captureException(new Error(`Provider not configured: ${provider || "default"}`), {
+        operation: "resolve-provider",
+        jobType: "ai.generate-module-content",
+      });
+      throw new Error("AI service is temporarily unavailable");
+    }
 
     const courseModule = await Module.findOne({
       _id: moduleId,
@@ -378,7 +386,13 @@ registerHandler(
       userPreferences,
     });
 
-    if (!resolved) throw new Error("API key not configured");
+    if (!resolved) {
+      captureException(new Error(`Provider not configured: ${provider || "default"}`), {
+        operation: "resolve-provider",
+        jobType: "ai.generate-lesson-content",
+      });
+      throw new Error("AI service is temporarily unavailable");
+    }
 
     const lessonService = new LessonContentGeneratorService({
       provider: resolved.provider,

lib/queue/handlers/aiGeneration.ts

@@ -7,6 +7,7 @@ import { YouTubePathService } from "@/lib/youtube";
 import type { YouTubePathFormData } from "@/lib/youtube";
 import { logAIGeneration } from "@/lib/utils/aiGenerationLogger";
 import { sendNotification } from "@/lib/notifications";
+import { captureException } from "@/lib/logger";
 import { env } from "@/lib/env";
 import { registerHandler } from "./index";
 
@@ -52,9 +53,11 @@ registerHandler(
     });
 
     if (!resolved) {
-      throw new Error(
-        `API key not configured for provider: ${provider || process.env.AI_PROVIDER || "openai"}`
-      );
+      captureException(new Error(`Provider not configured: ${provider || process.env.AI_PROVIDER || "openai"}`), {
+        operation: "resolve-provider",
+        jobType: "ai.generate-youtube-path",
+      });
+      throw new Error("AI service is temporarily unavailable");
     }
 
     await dbConnect();