aKinderWellness Testing and Quality analysis

The API lacks proper input validation and accepts invalid, malformed, and inappropriate data across multiple fields in the product creation endpoint.

Steps to Reproduce:

1. Send a POST request to /api/products/add
2. Provide invalid, blank, or malformed values in the request body fields (as shown in the request)
3. Observe that the API accepts the request without returning validation errors

ACTUAL RESULT
The API does not enforce proper validation on several fields. Below are the identified validation issues:

name: Accepts invalid minimal input such as a single character (e.g., .)
description: Accepts blank and special character-only values (e.g., .)
service_line: No validation against valid database values (accepts arbitrary non-existing MongoDB ObjectId)
unit: No validation against valid database values (accepts arbitrary non-existing MongoDB ObjectId)
size: Accepts special character-only values (e.g., .)
color: Accepts special character-only values (e.g., .)
brand: Accepts special character-only values (e.g., .)
model: Accepts special character-only values (e.g., .)
warrantyPeriod: Accepts special character-only values (e.g., .)

Expected Result
The API must validate all the fields and their format.
Enforce proper length and meaningful input for text fields
Reject blank or special character-only values where not allowed
Validate ObjectId fields against existing database records
Enforce limits and correct data types for numeric and string inputs
Reject malformed or unrealistic values across all fields