fix(api): validate timestamps when creating events and allow setting a location

2025-06-16 10:07:17 +02:00 · 2025-06-16 10:07:17 +02:00 · 51d02324bd
commit 51d02324bd
parent 76e52d53f4
2 changed files with 31 additions and 1 deletions
--- a/src/app/api/event/[eventID]/route.ts
+++ b/src/app/api/event/[eventID]/route.ts
@ -397,6 +397,12 @@ export const PATCH = auth(async (req, { params }) => {
    }
    updateData.end_time = endTimeValidation.getTime().toString();
  }
+  if (new Date(start_time) >= new Date(end_time)) {
+    return NextResponse.json(
+      { success: false, message: 'start_time must be before end_time' },
+      { status: 400 },
+    );
+  }
  if (location) updateData.location = location;
  if (status) {
    const validStatuses = ['TENTATIVE', 'CONFIRMED', 'CANCELLED'];
--- a/src/app/api/event/route.ts
+++ b/src/app/api/event/route.ts
@ -131,6 +131,8 @@ export const GET = auth(async (req) => {
 *               end_time:
 *                 type: string
 *                 format: date-time
+ *               location:
+ *                 type: string
 *     responses:
 *       200:
 *         description: Event created successfully.
@ -184,7 +186,7 @@ export const POST = auth(async (req) => {
    );

  const body = await req.json();
-  const { title, description, start_time, end_time } = body;
+  const { title, description, start_time, end_time, location } = body;

  if (!title || !start_time || !end_time) {
    return NextResponse.json(
@ -193,12 +195,34 @@ export const POST = auth(async (req) => {
    );
  }

+  if (isNaN(new Date(start_time).getTime())) {
+    return NextResponse.json(
+      { success: false, message: 'Invalid start_time' },
+      { status: 400 },
+    );
+  }
+
+  if (isNaN(new Date(end_time).getTime())) {
+    return NextResponse.json(
+      { success: false, message: 'Invalid end_time' },
+      { status: 400 },
+    );
+  }
+
+  if (new Date(start_time) >= new Date(end_time)) {
+    return NextResponse.json(
+      { success: false, message: 'start_time must be before end_time' },
+      { status: 400 },
+    );
+  }
+
  const newEvent = await prisma.meeting.create({
    data: {
      title,
      description,
      start_time,
      end_time,
+      location: location || '',
      organizer_id: req.auth.user.id,
    },
  });