SECURITY BUG: Debug Logging Exposed in Production

[Aayuiiitmg]

Description
The application logs sensitive debug information (user IDs, request details, database queries) directly to console in production environment.

Current Issue
Files like db.js, server.js, and aiController.js use console.log() without checking environment. This exposes authentication tokens, user data, and system internals.

Proposed Improvement

Implement structured logging with Winston logger (already in dependencies)
Add environment-based logging levels (debug for development, error/warn for production)
Remove all direct console.log statements
Implement log rotation and centralized logging (e.g., to file or monitoring service)

Expected Outcomes

Improved security with no sensitive data leakage
Better debugging capability in production via structured logs
Compliance with security best practices

Please assign me under Gssoc'26

[AA1-34-Ganesh]

Are you working on this issue under GSSoC'26? If yes, please comment “assign me” under the GSSoC'26 to receive the points.

[Aayuiiitmg]

Are you working on this issue under GSSoC'26? If yes, please comment “assign me” under the GSSoC'26 to receive the points.

Yes please assign me this issue under Gssoc'26

[Jameers-code]

"Hi, I'd like to work on this issue as part of GSSoC 26. Can a maintainer assign it to me?"

[AA1-34-Ganesh]

@Aayuiiitmg any update.

[Aayuiiitmg]

@Aayuiiitmg any update.

Yes i will raise a PR today for all issues related to this repo ...please dont unassign me

[AA1-34-Ganesh]

@Aayuiiitmg raise the PR only for the issue assigned to you.Once it is merged, you can request another issue.

[Aayuiiitmg]

@Aayuiiitmg raise the PR only for the issue assigned to you.Once it is merged, you can request another issue.

Sure