*fix: strengthen backend reliability, validation and security safeguards**

[saidai-bhuvanesh]

📝 Summary

This PR improves backend reliability, security, and maintainability by strengthening API validation, improving error handling, adding defensive checks, and expanding automated test coverage to prevent NoSQL injections and brute-force attacks.

✨ Key Changes

• Duplicate Order Protection: Added an idempotency-like check to prevent identical orders from being rapidly submitted within a 2-minute window.
• OTP Brute-Force & Spam Protection: Added a 3-attempt lockout for OTP verification and DB-level rate limiting to stop SMS spamming on the /send-otp route.
• Centralized API Validation: Created new zod schemas for OTP workflows and Admin authentication to strictly type-check inputs and block NoSQL injections.
• Order Status Fix: Resolved a critical ReferenceError inside updateOrderStatus where the status was being validated but never extracted from the request body.
• JWT Hardening: Explicitly enforced the HS256 algorithm during both token signing and verification to stop algorithm-substitution vulnerabilities.
• Error Handling Standardization: Updated the global error handler to safely suppress server stack traces in production environments.

🧪 Testing & Verification

• Verified order workflows (creation, duplicate prevention, and status updates).
• Verified authentication flows (admin login and OTP).
• Verified NoSQL injection protections.
• Added and successfully ran regression tests.
• Verified backward compatibility with existing frontends.

[vercel]

Someone is attempting to deploy a commit to the adithyansubramani1-1657's projects Team on Vercel.

A member of the Team first needs to authorize it.