feat: add Zod validation schemas for all domain routes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/routes/admin/roles.ts

@@ -3,6 +3,8 @@ import prisma from '../../config/database';
 import { requirePermission } from '../../middleware/auth';
 import { logAudit } from '../../services/audit';
 import { success, error, parseId } from '../../utils/response';
+import { parseBody } from '../../schemas/common';
+import { CreateRoleSchema, UpdateRoleSchema } from '../../schemas/roles.schema';
 
 export default async function rolesRoutes(fastify: FastifyInstance): Promise<void> {
   // GET /api/admin/roles
@@ -32,7 +34,9 @@ export default async function rolesRoutes(fastify: FastifyInstance): Promise<voi
 
   // POST /api/admin/roles
   fastify.post('/', { preHandler: requirePermission('settings.roles') }, async (request, reply) => {
-    const body = request.body as Record<string, unknown>;
+    const parsed = parseBody(CreateRoleSchema, request.body);
+    if ('error' in parsed) return error(reply, parsed.error, 400);
+    const body = parsed.data;
 
     const role = await prisma.roles.create({
       data: {
@@ -67,7 +71,9 @@ export default async function rolesRoutes(fastify: FastifyInstance): Promise<voi
   fastify.put<{ Params: { id: string } }>('/:id', { preHandler: requirePermission('settings.roles') }, async (request, reply) => {
     const id = parseId(request.params.id, reply);
     if (id === null) return;
-    const body = request.body as Record<string, unknown>;
+    const parsed = parseBody(UpdateRoleSchema, request.body);
+    if ('error' in parsed) return error(reply, parsed.error, 400);
+    const body = parsed.data;
 
     const existing = await prisma.roles.findUnique({ where: { id } });
     if (!existing) return error(reply, 'Role nenalezena', 404);