Problem
The frontend JavaScript detects and warns about overlapping or conflicting task deadlines before the user submits a new task. However, the server-side API endpoint that creates tasks performs no equivalent validation. A user who bypasses the UI (by sending a direct POST request, using browser DevTools, or disabling JavaScript) can insert tasks with deadlines that conflict with existing ones. The conflict detection is therefore purely cosmetic and does not protect data integrity.
Steps to Reproduce
curl -X POST http://localhost:3000/api/tasks \
-H 'Content-Type: application/json' \
-d '{"title":"Math exam","deadline":"2026-07-15T09:00","duration":120}'
curl -X POST http://localhost:3000/api/tasks \
-H 'Content-Type: application/json' \
-d '{"title":"Physics exam","deadline":"2026-07-15T09:00","duration":120}'
Both tasks are created with identical deadlines, bypassing client-side conflict checks.
Proposed Fix
Add server-side overlap detection before inserting a new task:
const conflicting = await db.get(
`SELECT id FROM tasks WHERE user_id = ? AND deadline BETWEEN ? AND ?`,
[userId, windowStart, windowEnd]
);
if (conflicting) {
return res.status(409).json({ error: "A task already exists in this time window." });
}
Complexity: Level 2 | Program: GSSOC '26
Problem
The frontend JavaScript detects and warns about overlapping or conflicting task deadlines before the user submits a new task. However, the server-side API endpoint that creates tasks performs no equivalent validation. A user who bypasses the UI (by sending a direct
POSTrequest, using browser DevTools, or disabling JavaScript) can insert tasks with deadlines that conflict with existing ones. The conflict detection is therefore purely cosmetic and does not protect data integrity.Steps to Reproduce
Both tasks are created with identical deadlines, bypassing client-side conflict checks.
Proposed Fix
Add server-side overlap detection before inserting a new task:
Complexity: Level 2 | Program: GSSOC '26