Skip to content

[BUG] Deadline conflict detection runs client-side only, allowing the server API to accept overlapping task deadlines without validation #1200

Description

@anshul23102

Problem

The frontend JavaScript detects and warns about overlapping or conflicting task deadlines before the user submits a new task. However, the server-side API endpoint that creates tasks performs no equivalent validation. A user who bypasses the UI (by sending a direct POST request, using browser DevTools, or disabling JavaScript) can insert tasks with deadlines that conflict with existing ones. The conflict detection is therefore purely cosmetic and does not protect data integrity.

Steps to Reproduce

curl -X POST http://localhost:3000/api/tasks \
  -H 'Content-Type: application/json' \
  -d '{"title":"Math exam","deadline":"2026-07-15T09:00","duration":120}'
curl -X POST http://localhost:3000/api/tasks \
  -H 'Content-Type: application/json' \
  -d '{"title":"Physics exam","deadline":"2026-07-15T09:00","duration":120}'

Both tasks are created with identical deadlines, bypassing client-side conflict checks.

Proposed Fix

Add server-side overlap detection before inserting a new task:

const conflicting = await db.get(
  `SELECT id FROM tasks WHERE user_id = ? AND deadline BETWEEN ? AND ?`,
  [userId, windowStart, windowEnd]
);
if (conflicting) {
  return res.status(409).json({ error: "A task already exists in this time window." });
}

Complexity: Level 2 | Program: GSSOC '26

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions