feat: add Zod validation schemas for all domain routes

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

src/routes/admin/trips.ts

@@ -4,6 +4,8 @@ import { requireAuth, requirePermission } from '../../middleware/auth';
 import { logAudit } from '../../services/audit';
 import { success, error } from '../../utils/response';
 import { parsePagination, buildPaginationMeta } from '../../utils/pagination';
+import { parseBody } from '../../schemas/common';
+import { CreateTripSchema, UpdateTripSchema } from '../../schemas/trips.schema';
 
 export default async function tripsRoutes(fastify: FastifyInstance): Promise<void> {
   fastify.get('/', { preHandler: requireAuth }, async (request, reply) => {
@@ -118,7 +120,9 @@ export default async function tripsRoutes(fastify: FastifyInstance): Promise<voi
   });
 
   fastify.post('/', { preHandler: requireAuth }, async (request, reply) => {
-    const body = request.body as Record<string, unknown>;
+    const parsed = parseBody(CreateTripSchema, request.body);
+    if ('error' in parsed) return error(reply, parsed.error, 400);
+    const body = parsed.data;
     const authData = request.authData!;
 
     const trip = await prisma.trips.create({
@@ -148,7 +152,9 @@ export default async function tripsRoutes(fastify: FastifyInstance): Promise<voi
   fastify.put<{ Params: { id: string } }>('/:id', { preHandler: requireAuth }, async (request, reply) => {
     const id = parseInt(request.params.id, 10);
     if (isNaN(id)) return error(reply, 'Neplatné ID', 400);
-    const body = request.body as Record<string, unknown>;
+    const parsed = parseBody(UpdateTripSchema, request.body);
+    if ('error' in parsed) return error(reply, parsed.error, 400);
+    const body = parsed.data;
     const authData = request.authData!;
 
     const existing = await prisma.trips.findUnique({ where: { id } });