fix(security): add input validation for POST/PATCH endpoints
- Install express-validator package
- Add validation to beneficiaries.js:
- POST /: name (string 1-200), phone (optional), address (optional)
- PATCH /🆔 name (string 1-200), phone, address, customName (max 100)
- Add validation to stripe.js:
- create-checkout-session: userId, beneficiaryName, beneficiaryAddress, email
- create-portal-session: customerId (string)
- create-payment-sheet: email (valid email), amount (positive int)
- create-subscription: beneficiaryId (int), paymentMethodId (string)
- cancel-subscription: beneficiaryId (int)
- reactivate-subscription: beneficiaryId (int)
- create-subscription-payment-sheet: beneficiaryId (int)
- confirm-subscription-payment: subscriptionId (string)
- Add validation to invitations.js:
- POST /: beneficiaryId (int), role (enum: caretaker/guardian), email (valid)
- POST /accept: code (string)
- POST /accept-public: code (string)
- PATCH /🆔 role (enum: caretaker/guardian)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <noreply@anthropic.com>
4a4fc5c077