bug: wallet zap API returns 500 on malformed JSON

[morganschp]

Bug description

POST /api/wallet/zap parses the request body with await request.json() after authentication, then validates it with Zod. If an authenticated client sends malformed JSON, the parse exception falls through the outer catch block and the route returns 500 { "error": "An unexpected error occurred" }.

This is a client input error and should not reach wallet lookup, Lightning balance checks, transfer logic, zap persistence, notifications, or reputation hooks.

Steps to reproduce

1. Authenticate as a user.
2. Send POST /api/wallet/zap with Content-Type: application/json and malformed JSON such as {not valid json.
3. The route returns 500 instead of 400.

Expected behavior

Malformed or non-object JSON request bodies should return 400 { "error": "Invalid request body" }. Valid JSON with missing or invalid zap fields should continue through the existing Zod validation path.

Fix direction

Parse the zap request body defensively, reject non-object bodies before Zod validation, and add route regression coverage proving malformed bodies stop before wallet or transfer logic.

Filed for the active uGig repo testing task: https://ugig.net/gigs/4741218f-a723-46bb-82cb-6516120331ae

[morganschp]

Submitted PR #189 for this bug: https://github.com/profullstack/ugig.net/pull/189\n\nThe fix returns 400 for malformed or non-object zap request bodies and adds route coverage proving wallet/transfer work is not reached for invalid JSON.