Lack of primary storage, LLM parsing, and missing key security features

[divgunjan]

Key Backend Issues

• Mixed datastores (Postgres + MongoDB) present with no clear ownership. Decide primary store or document entity split.
• Rate limiter fails open when Redis is down. Add a conservative in-memory fallback or block critical routes until Redis recovers.
• AI integration parses raw LLM text with regex/JSON.parse — brittle and unsafe. Use structured responses, schema validation, retries and a circuit-breaker.
• Insecure defaults in env.ts and no .env.example. Require/validate secrets at startup; supply .env.example.
• Missing basic security hardening: add helmet, secure cookie flags, and tighten CORS for production.

Quick checklist

1. Add server/.env.example and validate required env vars on boot.
2. Replace fail-open Redis behavior with an in-process limiter for degraded mode.
3. Wrap AI calls in an adapter with schema validation + retries.
4. Add helmet and secure cookie settings; restrict CORS to exact origins.
5. Add minimal tests for auth and a CI job to run them.

Files referenced: server/src/config/env.ts, server/src/config/database.ts, server/src/middleware/rateLimiter.ts, server/src/services/ai.service.ts, server/src/models/index.ts

• Fix: remove embedded defaults for secrets and ship a .env.example file listing required vars. Validate required env vars at startup (fail fast) and provide guidance for secret management (Vault/Secrets Manager).

@Areeb-coder considering these viable issues, kindly assign this issue to me under GSSoC' 26 since I have already started looking into these vulnerabilities/issues.

[Areeb-coder]

Hi @divgunjan ,

Thanks for the detailed breakdown of these backend vulnerabilities and architectural issues! This is exactly what the repository needs right now.

You have been assigned to this issue for GSSoC '26. Since you mentioned you've already started looking into it, feel free to open a draft PR when you are ready so we can track your progress.

Looking forward to your contribution!