Add Zod validation to all API endpoints and remove debug test route

Adds schema-based input validation across helcim, events, members,
series, admin, and updates API endpoints. Removes the peer-support
debug test endpoint. Adds validation test coverage.

server/api/helcim/customer.post.js

@@ -9,15 +9,7 @@ export default defineEventHandler(async (event) => {
   try {
     await connectDB()
     const config = useRuntimeConfig(event)
-    const body = await readBody(event)
-    
-    // Validate required fields
-    if (!body.name || !body.email) {
-      throw createError({
-        statusCode: 400,
-        statusMessage: 'Name and email are required'
-      })
-    }
+    const body = await validateBody(event, helcimCustomerSchema)
 
     // Check if member already exists
     const existingMember = await Member.findOne({ email: body.email })
@@ -58,7 +50,7 @@ export default defineEventHandler(async (event) => {
       console.error('Connection test failed:', testError)
       throw createError({
         statusCode: 401,
-        statusMessage: `Helcim API connection failed: ${testError.message}`
+        statusMessage: 'Payment service unavailable'
       })
     }
 
@@ -82,7 +74,7 @@ export default defineEventHandler(async (event) => {
       console.error('Customer creation failed:', customerResponse.status, errorText)
       throw createError({
         statusCode: customerResponse.status,
-        statusMessage: `Failed to create customer: ${errorText}`
+        statusMessage: 'Customer creation failed'
       })
     }
     
@@ -133,10 +125,11 @@ export default defineEventHandler(async (event) => {
       }
     }
   } catch (error) {
+    if (error.statusCode) throw error
     console.error('Error creating Helcim customer:', error)
     throw createError({
-      statusCode: error.statusCode || 500,
-      statusMessage: error.message || 'Failed to create customer'
+      statusCode: 500,
+      statusMessage: 'An unexpected error occurred'
     })
   }
 })