POST /v1/holders accepts invalid type value — missing enum validation

## Description

The `POST /v1/holders` endpoint accepts any string for the `type` field, including invalid values like `"INVALID"`. A holder is created successfully (201) even though the type should be restricted to `NATURAL_PERSON` or `LEGAL_PERSON`.

## Root Cause

In `pkg/mmodel/holder.go`, the `CreateHolderInput.Type` field uses:

```go
Type *string `json:"type" validate:"required" example:"NATURAL_PERSON" enums:"NATURAL_PERSON,LEGAL_PERSON"`
```

The `enums` tag is a Swagger/documentation annotation only — it does not trigger validation. The `validate` tag only checks `required`, not the allowed values.

For comparison, `alias.go` correctly uses `oneof` in the validate tag:

```go
Role string `json:"role" validate:"required,oneof=PRIMARY_HOLDER LEGAL_REPRESENTATIVE RESPONSIBLE_PARTY"`
```

## Expected Behavior

When `type` is not one of `NATURAL_PERSON` or `LEGAL_PERSON`, the API should return:
- **HTTP 400**
- A structured error indicating the invalid field value

## Suggested Fix

Add `oneof` to the validate tag:

```go
Type *string `json:"type" validate:"required,oneof=NATURAL_PERSON LEGAL_PERSON" example:"NATURAL_PERSON" enums:"NATURAL_PERSON,LEGAL_PERSON"`
```


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

POST /v1/holders accepts invalid type value — missing enum validation #2011

Description

Root Cause

Expected Behavior

Suggested Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

POST /v1/holders accepts invalid type value — missing enum validation #2011

Description

Description

Root Cause

Expected Behavior

Suggested Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions