🚨 fix: Redis CA file handling (#9692)

* 🚨 fix: Critical Redis CA file handling bug that could crash app

🔧 Added safe error handling for Redis CA certificate file reading in cacheConfig.js

## 🐛 Problem
- fs.readFileSync() was called directly without error handling
- Missing or inaccessible REDIS_CA files would throw unhandled exceptions
- 💥 Application would crash during startup with cryptic filesystem errors
- ❌ No validation of file existence before attempting to read

## ✅ Solution
- ➕ Added getRedisCA() helper function with comprehensive error handling
- 🔍 Implemented fs.existsSync() check before file reading attempts
- 🛡️ Added try-catch block to handle filesystem errors gracefully
- 📝 Added informative warning/error logging for troubleshooting
- 🔄 Function returns null safely on any error condition

## 🎯 Benefits
- 🚫 Prevents application crashes from misconfigured CA certificate paths
- 🔍 Provides clear error messages for debugging certificate issues
- ✅ Maintains backward compatibility for valid certificate configurations
- 🚀 Improves production stability and deployment reliability

## 🧪 Testing Results
- ✅ Verified handling of missing REDIS_CA environment variable
- ✅ Tested with non-existent file paths (returns null with warning)
- ✅ Confirmed valid certificate files are read correctly
- ✅ Validated error handling for permission/access issues

🎉 This fix ensures LibreChat continues running regardless of Redis CA
certificate configuration problems, improving overall system reliability.

🏷️ Type: 🐛 Bug Fix
📊 Impact: 🔴 High (prevents application crashes)
🎯 Area: Cache Configuration, Redis Integration

* chore: Redis CA certificate handling with proper logging + JSDocs

* chore: Improve error logging for Redis CA certificate file read failure

---------

Co-authored-by: Danny Avila <danny@librechat.ai>

api/cache/cacheConfig.js

@@ -1,4 +1,5 @@
 const fs = require('fs');
+const { logger } = require('@librechat/data-schemas');
 const { math, isEnabled } = require('@librechat/api');
 const { CacheKeys } = require('librechat-data-provider');
 
@@ -34,13 +35,35 @@ if (FORCED_IN_MEMORY_CACHE_NAMESPACES.length > 0) {
   }
 }
 
+/** Helper function to safely read Redis CA certificate from file
+ * @returns {string|null} The contents of the CA certificate file, or null if not set or on error
+ */
+const getRedisCA = () => {
+  const caPath = process.env.REDIS_CA;
+  if (!caPath) {
+    return null;
+  }
+
+  try {
+    if (fs.existsSync(caPath)) {
+      return fs.readFileSync(caPath, 'utf8');
+    } else {
+      logger.warn(`Redis CA certificate file not found: ${caPath}`);
+      return null;
+    }
+  } catch (error) {
+    logger.error(`Failed to read Redis CA certificate file '${caPath}':`, error);
+    return null;
+  }
+};
+
 const cacheConfig = {
   FORCED_IN_MEMORY_CACHE_NAMESPACES,
   USE_REDIS,
   REDIS_URI: process.env.REDIS_URI,
   REDIS_USERNAME: process.env.REDIS_USERNAME,
   REDIS_PASSWORD: process.env.REDIS_PASSWORD,
-  REDIS_CA: process.env.REDIS_CA ? fs.readFileSync(process.env.REDIS_CA, 'utf8') : null,
+  REDIS_CA: getRedisCA(),
   REDIS_KEY_PREFIX: process.env[REDIS_KEY_PREFIX_VAR] || REDIS_KEY_PREFIX || '',
   REDIS_MAX_LISTENERS: math(process.env.REDIS_MAX_LISTENERS, 40),
   REDIS_PING_INTERVAL: math(process.env.REDIS_PING_INTERVAL, 0),