feat: add Zod validation schemas for all domain routes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/routes/admin/bank-accounts.ts

@@ -3,6 +3,8 @@ import prisma from '../../config/database';
 import { requirePermission } from '../../middleware/auth';
 import { logAudit } from '../../services/audit';
 import { success, error, parseId } from '../../utils/response';
+import { parseBody } from '../../schemas/common';
+import { CreateBankAccountSchema, UpdateBankAccountSchema } from '../../schemas/bank-accounts.schema';
 
 export default async function bankAccountsRoutes(fastify: FastifyInstance): Promise<void> {
   fastify.get('/', { preHandler: requirePermission('offers.settings') }, async (_request, reply) => {
@@ -11,7 +13,9 @@ export default async function bankAccountsRoutes(fastify: FastifyInstance): Prom
   });
 
   fastify.post('/', { preHandler: requirePermission('offers.settings') }, async (request, reply) => {
-    const body = request.body as Record<string, unknown>;
+    const parsed = parseBody(CreateBankAccountSchema, request.body);
+    if ('error' in parsed) return error(reply, parsed.error, 400);
+    const body = parsed.data;
     const account = await prisma.bank_accounts.create({
       data: {
         account_name: body.account_name ? String(body.account_name) : null,
@@ -32,7 +36,9 @@ export default async function bankAccountsRoutes(fastify: FastifyInstance): Prom
   fastify.put<{ Params: { id: string } }>('/:id', { preHandler: requirePermission('offers.settings') }, async (request, reply) => {
     const id = parseId(request.params.id, reply);
     if (id === null) return;
-    const body = request.body as Record<string, unknown>;
+    const parsed = parseBody(UpdateBankAccountSchema, request.body);
+    if ('error' in parsed) return error(reply, parsed.error, 400);
+    const body = parsed.data;
 
     const existing = await prisma.bank_accounts.findUnique({ where: { id } });
     if (!existing) return error(reply, 'Účet nenalezen', 404);