WellNuo

History

Sergei 4a4fc5c077 fix(security): add input validation for POST/PATCH endpoints

- Install express-validator package
- Add validation to beneficiaries.js:
  - POST /: name (string 1-200), phone (optional), address (optional)
  - PATCH /🆔 name (string 1-200), phone, address, customName (max 100)
- Add validation to stripe.js:
  - create-checkout-session: userId, beneficiaryName, beneficiaryAddress, email
  - create-portal-session: customerId (string)
  - create-payment-sheet: email (valid email), amount (positive int)
  - create-subscription: beneficiaryId (int), paymentMethodId (string)
  - cancel-subscription: beneficiaryId (int)
  - reactivate-subscription: beneficiaryId (int)
  - create-subscription-payment-sheet: beneficiaryId (int)
  - confirm-subscription-payment: subscriptionId (string)
- Add validation to invitations.js:
  - POST /: beneficiaryId (int), role (enum: caretaker/guardian), email (valid)
  - POST /accept: code (string)
  - POST /accept-public: code (string)
  - PATCH /🆔 role (enum: caretaker/guardian)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2026-01-26 16:47:35 -08:00

migrations

feat(api): Add custom_name field to user_access table

2026-01-22 12:34:38 -08:00

public

Stable Light version - App Store submission

2026-01-12 20:28:18 -08:00

scripts

Update Stripe integration, API services, and purchase screens

2026-01-12 21:44:57 -08:00

src

fix(security): add input validation for POST/PATCH endpoints