aKinderWellness Testing and Quality analysis

The API fails to enforce proper validation and referential integrity across multiple input fields in the outlet creation endpoint.
Several fields accept invalid data types, excessive lengths, malformed values, and even non-existent database references — yet the server responds with a success response.

Steps To Reproduce:

• Send a POST request to POST https://api.akinderwellness.com:4001/api/outlets/add
• Provide invalid, malformed, or excessively long values in multiple fields according to below validation issues
• Use a non-existing MongoDB ObjectID in the organization field
• Observe that the API accepts the request without validation errors

ACTUAL RESULT
The fields don't have proper validation in API. Below are the validation issues:

• organization: Accepts non-existing MongoDB ObjectIDs (no referential integrity validation)
• name: Accepts excessively long input without any maximum length restriction
• address: Accepts excessively long input without validation or length limits
• address2: Accepts excessively long input without validation or length limits
• city: Accepts excessively long input
• state: Accepts excessively long input
• zip: Accepts non-numeric and invalid formats instead of enforcing proper postal code format
• status: Does not enforce predefined values (enum), accepts arbitrary input
• email:

Does not enforce valid email format
Accepts excessively long input without restriction

• phone: Accepts non-numeric string values instead of enforcing numeric format

Expected Result
The API must validate all input fields for correct format, type, and length.
It should enforce referential integrity for database IDs like organization.
Fields like email, phone, zip, and status should follow strict validation rules.
The system should reject malformed or excessive input with appropriate error responses.