From 7c6a9a26c156e4599508993f7453cc15fc886ea9 Mon Sep 17 00:00:00 2001 From: oib Date: Sat, 7 Mar 2026 13:00:19 +0100 Subject: [PATCH] feat: add comprehensive input validation for GPU booking - Add validation for negative and zero booking hours - Add maximum booking duration limit (8760 hours = 1 year) - Add validation to ensure booking end time is in future - Prevent negative costs and invalid booking periods - Improve error messages with detailed validation feedback Fixes edge cases where users could book GPUs with invalid parameters leading to negative costs and impossible booking periods. --- .../src/app/routers/marketplace_gpu.py | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/apps/coordinator-api/src/app/routers/marketplace_gpu.py b/apps/coordinator-api/src/app/routers/marketplace_gpu.py index 2e03b3fa..76d23608 100755 --- a/apps/coordinator-api/src/app/routers/marketplace_gpu.py +++ b/apps/coordinator-api/src/app/routers/marketplace_gpu.py @@ -229,9 +229,29 @@ async def book_gpu( detail=f"GPU {gpu_id} is not available", ) + # Input validation for booking duration + if request.duration_hours <= 0: + raise HTTPException( + status_code=http_status.HTTP_400_BAD_REQUEST, + detail="Booking duration must be greater than 0 hours" + ) + + if request.duration_hours > 8760: # 1 year maximum + raise HTTPException( + status_code=http_status.HTTP_400_BAD_REQUEST, + detail="Booking duration cannot exceed 8760 hours (1 year)" + ) + start_time = datetime.utcnow() end_time = start_time + timedelta(hours=request.duration_hours) + # Validate booking end time is in the future + if end_time <= start_time: + raise HTTPException( + status_code=http_status.HTTP_400_BAD_REQUEST, + detail="Booking end time must be in the future" + ) + # Calculate dynamic price at booking time try: dynamic_result = await engine.calculate_dynamic_price(