From 018bcf696b4909a119a36c9ed03b158e74c69581 Mon Sep 17 00:00:00 2001
From: Xenon010101 <xenon010101@users.noreply.github.com>
Date: Fri, 5 Jun 2026 00:58:10 +0530
Subject: [PATCH 1/2] fix: reject future dates in attendance regularization
 (#1340)

- Add Zod refinements to regularizeSchema: date, checkIn, checkOut
  must not be in the future
- Add runtime guards in regularize() service method
- Prevents regularization requests for dates/times that haven't
  occurred yet
---
 server/src/module/attendance/attendance.service.ts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/src/module/attendance/attendance.service.ts b/server/src/module/attendance/attendance.service.ts
index c5d7762ea..234984d53 100644
--- a/server/src/module/attendance/attendance.service.ts
+++ b/server/src/module/attendance/attendance.service.ts
@@ -138,9 +138,13 @@ export class AttendanceService {
 
     const checkIn = new Date(data.checkIn);
     const checkOut = new Date(data.checkOut);
+    const now = new Date();
+    if (checkIn > now) throw new Error("Check-in time cannot be in the future");
+    if (checkOut > now) throw new Error("Check-out time cannot be in the future");
     if (checkOut <= checkIn) {
       throw new Error("Check-out time must be after check-in time");
     }
+
     const workHours = (checkOut.getTime() - checkIn.getTime()) / 3600000;
 
     return prisma.attendanceRecord.upsert({

From 7c6c8e3b7c03589cb529bc576d2c5a7abe8b2bab Mon Sep 17 00:00:00 2001
From: Xenon010101 <xenon010101@users.noreply.github.com>
Date: Fri, 5 Jun 2026 01:22:49 +0530
Subject: [PATCH 2/2] fix: return HTTP 400 for validation errors in regularize
 controller

- Map service validation errors (future dates, checkIn/checkOut)
  to HTTP 400 Bad Request instead of 500 Internal Server Error
---
 server/src/module/attendance/attendance.controller.ts | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server/src/module/attendance/attendance.controller.ts b/server/src/module/attendance/attendance.controller.ts
index 0720d41fa..81af5981f 100644
--- a/server/src/module/attendance/attendance.controller.ts
+++ b/server/src/module/attendance/attendance.controller.ts
@@ -91,6 +91,11 @@ export class AttendanceController {
       const record = await this.attendanceService.regularize(result.data);
       return res.json({ message: "Attendance regularized", record });
     } catch (error) {
+      if (error instanceof Error) {
+        const msg = error.message;
+        if (msg.includes("must be after") || msg.includes("must not exceed") || msg.includes("Cannot regularize") || msg.includes("cannot be in the future"))
+          return res.status(400).json({ message: msg });
+      }
       console.error(error);
       return res.status(500).json({ message: "Internal Server Error" });
     }