auto(agent): improved input validation with Zod schemas and enhanced error details in offers.js

backend/src/routes/offers.js

@@ -5,6 +5,18 @@ import { requireAuth } from '../middleware/auth.js';
 
 const router = Router();
 
+// Zod schema for offer creation validation
+const createOfferSchema = z.object({
+  amountChf: z.number().positive(),
+  message: z.string().max(2000).optional()
+});
+
+// Zod schema for negotiation validation
+const negotiateSchema = z.object({
+  amountChf: z.number().positive(),
+  message: z.string().max(2000).optional()
+});
+
 router.post('/:requestId', requireAuth, async (req, res) => {
   try {
     const requestId = Number(req.params.requestId);
@@ -12,13 +24,10 @@ router.post('/:requestId', requireAuth, async (req, res) => {
       return res.status(400).json({ error: 'Invalid requestId' });
     }
 
-    const parsed = z.object({
+    const parsed = createOfferSchema.safeParse(req.body);
-      amountChf: z.number().positive(),
-      message: z.string().max(2000).optional()
-    }).safeParse(req.body);
 
     if (!parsed.success) {
-      return res.status(400).json({ error: 'Invalid payload' });
+      return res.status(400).json({ error: 'Invalid payload', details: parsed.error.flatten() });
     }
 
     const { amountChf, message } = parsed.data;
@@ -44,13 +53,10 @@ router.post('/negotiation/:offerId', requireAuth, async (req, res) => {
       return res.status(400).json({ error: 'Invalid offerId' });
     }
 
-    const parsed = z.object({
+    const parsed = negotiateSchema.safeParse(req.body);
-      amountChf: z.number().positive(),
-      message: z.string().max(2000).optional()
-    }).safeParse(req.body);
 
     if (!parsed.success) {
-      return res.status(400).json({ error: 'Invalid payload' });
+      return res.status(400).json({ error: 'Invalid payload', details: parsed.error.flatten() });
     }
 
     const { amountChf, message } = parsed.data;