# Change: Add Input Validation and Security Enhancements

## Why
Current API endpoints lack comprehensive input validation, exposing the system to potential DoS attacks, database overflow errors, and security vulnerabilities. Additionally, WebSocket authentication tokens are exposed in query parameters which may be logged.

## What Changes
- Add length validation to all Pydantic schema string fields
- Add numeric range validation for decimal/integer fields
- Enhance WebSocket token handling to avoid query parameter exposure
- Strengthen file path traversal protection in file storage service

## Impact
- Affected specs: user-auth
- Affected code:
  - `backend/app/schemas/*.py` - All schema files
  - `backend/app/api/websocket/router.py` - WebSocket authentication
  - `backend/app/services/file_storage_service.py` - Path validation