From 99476db668bab4b6e06965957c3fd4e4dea5f875 Mon Sep 17 00:00:00 2001
From: Sarah Roberts <sonoran.sarah@gmail.com>
Date: Wed, 30 Oct 2024 11:38:28 -0700
Subject: [PATCH] CORE-2016: added request body validation to the `POST
 /v1/plans/:plan-id/rates` endpoint

---
 internal/controllers/plans.go  | 3 +++
 internal/httpmodel/new_plan.go | 9 +++++++++
 2 files changed, 12 insertions(+)

diff --git a/internal/controllers/plans.go b/internal/controllers/plans.go
index 9c0d2f8..766e4f4 100644
--- a/internal/controllers/plans.go
+++ b/internal/controllers/plans.go
@@ -431,6 +431,9 @@ func (s Server) AddPlanRates(ctx echo.Context) error {
 	if err = ctx.Bind(&planRateList); err != nil {
 		return model.Error(ctx, err.Error(), http.StatusBadRequest)
 	}
+	if err = planRateList.Validate(); err != nil {
+		return model.Error(ctx, err.Error(), http.StatusBadRequest)
+	}
 
 	// Begin a transaction.
 	return s.GORMDB.Transaction(func(tx *gorm.DB) error {
diff --git a/internal/httpmodel/new_plan.go b/internal/httpmodel/new_plan.go
index 95e83ff..611f2ec 100644
--- a/internal/httpmodel/new_plan.go
+++ b/internal/httpmodel/new_plan.go
@@ -315,6 +315,15 @@ func (prl *NewPlanRateList) Validate() error {
 		}
 	}
 
+	// Check for multiple plan rates with the same effective date.
+	uniquePlanRates := make(map[int64]bool)
+	for _, pr := range prl.PlanRates {
+		if uniquePlanRates[pr.EffectiveDate.UnixMilli()] {
+			return fmt.Errorf("multiple plan rates found with the same effective date")
+		}
+		uniquePlanRates[pr.EffectiveDate.UnixMilli()] = true
+	}
+
 	return nil
 }