ui redesign, markdown fix + metadata and auth header

backend/src/error.rs

@@ -3,6 +3,7 @@ use axum::{
     http::StatusCode,
     response::{IntoResponse, Response},
 };
+use tracing::error;
 
 use crate::models::ErrorResponse;
 
@@ -10,21 +11,28 @@ pub enum AppError {
     Unauthorized,
     NotFound(String),
     BadRequest(String),
+    /// (public_message, internal_details) — details are logged but not returned.
     Internal(String, Option<String>),
 }
 
 impl IntoResponse for AppError {
     fn into_response(self) -> Response {
-        let (status, error_message, details) = match self {
-            AppError::Unauthorized => (StatusCode::UNAUTHORIZED, "Unauthorized".to_string(), None),
-            AppError::NotFound(msg) => (StatusCode::NOT_FOUND, msg, None),
-            AppError::BadRequest(msg) => (StatusCode::BAD_REQUEST, msg, None),
-            AppError::Internal(msg, details) => (StatusCode::INTERNAL_SERVER_ERROR, msg, details),
+        let (status, error_message) = match self {
+            AppError::Unauthorized => (StatusCode::UNAUTHORIZED, "Unauthorized".to_string()),
+            AppError::NotFound(msg) => (StatusCode::NOT_FOUND, msg),
+            AppError::BadRequest(msg) => (StatusCode::BAD_REQUEST, msg),
+            AppError::Internal(msg, details) => {
+                if let Some(d) = details {
+                    error!("Internal error: {} — {}", msg, d);
+                } else {
+                    error!("Internal error: {}", msg);
+                }
+                (StatusCode::INTERNAL_SERVER_ERROR, "Internal error".to_string())
+            }
         };
 
         let body = Json(ErrorResponse {
             error: error_message,
-            details,
         });
 
         (status, body).into_response()