fix(#218)

[anshul23102]

Summary

Returns a generic HTTP 500 response when a webhook INSERT fails instead of forwarding the raw Supabase error object to the caller.

Related Issue

Closes #218

Type of Change

• Security fix

Root Cause

The webhook INSERT failure path returned the raw `PostgrestError` object (including `code`, `details`, and `hint` fields) directly in the HTTP 500 response body. Internal Postgres constraint names, table schema hints, and error codes were visible to any caller that could trigger a failed insertion.

What Changed

• `src/app/api/webhooks/github/route.ts`: replaced the raw error forward with a `console.error` log (operator-visible in Vercel logs) and a generic `"Internal server error"` client response.

Testing

• Triggering a duplicate INSERT now returns a generic 500 with no internal details
• Server logs contain the full Supabase error for debugging
• Existing CI checks pass

Checklist

• No hardcoded secrets or credentials
• Single focused change
• No merge conflicts with main

[vercel]

@anshul23102 is attempting to deploy a commit to the codersogs-3057's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

Hey @anshul23102

You have 4 open PRs right now. The limit is 3 at a time.

Please get your existing PRs merged or closed before opening new ones:

• fix(#205) #247 - fix(Bug: TOCTOU race condition in claimRecommendation allows bypassing the 3-active-claim limit #205)
• fix(#215) #246 - fix([Bug] MemoryBackend silently selected when Redis is unconfigured, making all rate limiting per-Lambda-invocation and effectively disabled in production #215)
• fix(#237): log OAuth callback error server-side, use opaque code in redirect URL #239 - fix(Auth callback URL leaks raw Supabase error message in query string #237): log OAuth callback error server-side, use opaque code in redirect URL

This PR will remain open but won't be reviewed until you're under the limit. See our Contributing Guidelines for details.