From e1e348acb6e2ef095d064cfef818854fd2aa2c38 Mon Sep 17 00:00:00 2001
From: Dominik Stahl <dominik@samdj.de>
Date: Mon, 16 Jun 2025 10:07:17 +0200
Subject: [PATCH] fix(api): validate timestamps when creating events and allow
 setting a location

---
 src/app/api/event/[eventID]/route.ts |  6 ++++++
 src/app/api/event/route.ts           | 26 +++++++++++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/app/api/event/[eventID]/route.ts b/src/app/api/event/[eventID]/route.ts
index 81bd863..a5bb40c 100644
--- a/src/app/api/event/[eventID]/route.ts
+++ b/src/app/api/event/[eventID]/route.ts
@@ -397,6 +397,12 @@ export const PATCH = auth(async (req, { params }) => {
     }
     updateData.end_time = endTimeValidation.getTime().toString();
   }
+  if (new Date(start_time) >= new Date(end_time)) {
+    return NextResponse.json(
+      { success: false, message: 'start_time must be before end_time' },
+      { status: 400 },
+    );
+  }
   if (location) updateData.location = location;
   if (status) {
     const validStatuses = ['TENTATIVE', 'CONFIRMED', 'CANCELLED'];
diff --git a/src/app/api/event/route.ts b/src/app/api/event/route.ts
index a70f022..734ab1c 100644
--- a/src/app/api/event/route.ts
+++ b/src/app/api/event/route.ts
@@ -131,6 +131,8 @@ export const GET = auth(async (req) => {
  *               end_time:
  *                 type: string
  *                 format: date-time
+ *               location:
+ *                 type: string
  *     responses:
  *       200:
  *         description: Event created successfully.
@@ -184,7 +186,7 @@ export const POST = auth(async (req) => {
     );
 
   const body = await req.json();
-  const { title, description, start_time, end_time } = body;
+  const { title, description, start_time, end_time, location } = body;
 
   if (!title || !start_time || !end_time) {
     return NextResponse.json(
@@ -193,12 +195,34 @@ export const POST = auth(async (req) => {
     );
   }
 
+  if (isNaN(new Date(start_time).getTime())) {
+    return NextResponse.json(
+      { success: false, message: 'Invalid start_time' },
+      { status: 400 },
+    );
+  }
+
+  if (isNaN(new Date(end_time).getTime())) {
+    return NextResponse.json(
+      { success: false, message: 'Invalid end_time' },
+      { status: 400 },
+    );
+  }
+
+  if (new Date(start_time) >= new Date(end_time)) {
+    return NextResponse.json(
+      { success: false, message: 'start_time must be before end_time' },
+      { status: 400 },
+    );
+  }
+
   const newEvent = await prisma.meeting.create({
     data: {
       title,
       description,
       start_time,
       end_time,
+      location: location || '',
       organizer_id: req.auth.user.id,
     },
   });