Inputvaledierung für die Projektnummern

routes/timesheet-routes.js

@@ -6,6 +6,29 @@ const { generatePDF } = require('../services/pdf-service');
 const { getHolidaysForDateRange } = require('../services/feiertage-service');
 const { hasRole } = require('../helpers/utils');
 
+/** Plausibilitätsprüfung Projektnummer: 7 Ziffern, beginnt mit 5, dann YY (Jahr), dann 4 freie Ziffern (z.B. 5260001). */
+function isValidProjectNumber(value) {
+  if (value === null || value === undefined || String(value).trim() === '') return true;
+  const s = String(value).trim();
+  return /^5\d{6}$/.test(s);
+}
+
+function validateProjectNumbers(body) {
+  const numbers = [
+    body.activity1_project_number,
+    body.activity2_project_number,
+    body.activity3_project_number,
+    body.activity4_project_number,
+    body.activity5_project_number
+  ];
+  for (let i = 0; i < numbers.length; i++) {
+    if (!isValidProjectNumber(numbers[i])) {
+      return { valid: false, activityIndex: i + 1, value: numbers[i] };
+    }
+  }
+  return { valid: true };
+}
+
 // Routes registrieren
 function registerTimesheetRoutes(app) {
   // API: Stundenerfassung speichern
@@ -20,6 +43,13 @@ function registerTimesheetRoutes(app) {
       overtime_taken_hours, vacation_type, sick_status, weekend_travel
     } = req.body;
     const userId = req.session.userId;
+
+    const projectNumberCheck = validateProjectNumbers(req.body);
+    if (!projectNumberCheck.valid) {
+      return res.status(400).json({
+        error: `Ungültige Projektnummer in Tätigkeit ${projectNumberCheck.activityIndex}: Die Projektnummer muss 7 Ziffern haben, mit 5 beginnen, gefolgt vom Jahr (YY) und 4 Ziffern (z.B. 5260001).`
+      });
+    }
     const hasExplicitBreakMinutes = break_minutes !== undefined && break_minutes !== null && break_minutes !== '';
     const parsedRequestedBreakMinutes = hasExplicitBreakMinutes ? parseInt(break_minutes, 10) : null;
     const requestedBreakMinutes = Number.isFinite(parsedRequestedBreakMinutes) && parsedRequestedBreakMinutes >= 0