Add Zod validation to all API endpoints and remove debug test route

Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.

server/api/helcim/create-plan.post.js

@@ -3,16 +3,9 @@ const HELCIM_API_BASE = 'https://api.helcim.com/v2'
 
 export default defineEventHandler(async (event) => {
   try {
+    await requireAdmin(event)
     const config = useRuntimeConfig(event)
-    const body = await readBody(event)
-
-    // Validate required fields
-    if (!body.name || !body.amount || !body.frequency) {
-      throw createError({
-        statusCode: 400,
-        statusMessage: 'Name, amount, and frequency are required'
-      })
-    }
+    const body = await validateBody(event, helcimCreatePlanSchema)
 
     const helcimToken = config.public.helcimToken || process.env.NUXT_PUBLIC_HELCIM_TOKEN
 
@@ -38,7 +31,7 @@ export default defineEventHandler(async (event) => {
 
       throw createError({
         statusCode: response.status,
-        statusMessage: `Failed to create payment plan: ${errorText}`
+        statusMessage: 'Payment plan creation failed'
       })
     }
 
@@ -50,10 +43,11 @@ export default defineEventHandler(async (event) => {
     }
 
   } catch (error) {
+    if (error.statusCode) throw error
     console.error('Error creating Helcim payment plan:', error)
     throw createError({
-      statusCode: error.statusCode || 500,
-      statusMessage: error.message || 'Failed to create payment plan'
+      statusCode: 500,
+      statusMessage: 'An unexpected error occurred'
     })
   }
 })