feat: complete auth/profile username migration and runtime safeguards

backend/src/v1/profile/schemas.py

@@ -1,18 +1,26 @@
 from __future__ import annotations
 
-from pydantic import AnyHttpUrl, BaseModel, Field, field_validator, model_validator
+from pydantic import (
+    AnyHttpUrl,
+    BaseModel,
+    ConfigDict,
+    Field,
+    field_validator,
+    model_validator,
+)
 
 
 class ProfileResponse(BaseModel):
     id: str
     username: str
-    display_name: str | None = None
     avatar_url: str | None = None
     bio: str | None = None
 
 
 class ProfileUpdateRequest(BaseModel):
-    display_name: str | None = Field(default=None, max_length=50)
+    model_config = ConfigDict(extra="forbid")
+
+    username: str | None = Field(default=None, min_length=3, max_length=30)
     avatar_url: str | None = Field(default=None)
     bio: str | None = Field(default=None, max_length=200)
 
@@ -28,6 +36,6 @@ class ProfileUpdateRequest(BaseModel):
 
     @model_validator(mode="after")
     def require_one_field(self) -> "ProfileUpdateRequest":
-        if self.display_name is None and self.avatar_url is None and self.bio is None:
+        if self.username is None and self.avatar_url is None and self.bio is None:
             raise ValueError("At least one field must be provided")
         return self