From a0a0635ddd5fad4abe252a0461864648405af57f Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Fri, 17 Apr 2026 13:14:18 +0200
Subject: [PATCH] fix(api): malformed ?from/?to returns 400 instead of 500

Extends the existing ApiExceptionHandler @RestControllerAdvice to map
DateTimeParseException and IllegalArgumentException to 400 Bad Request.
Logs and agent-events endpoints both parse ISO-8601 query params and
previously leaked parse failures as internal server errors. All
IllegalArgumentException throw sites in production code are
input-validation usages (slug validation, containerConfig validation,
cursor decoding), so mapping to 400 is correct across the board.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../server/app/controller/ApiExceptionHandler.java       | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ApiExceptionHandler.java b/cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ApiExceptionHandler.java
index aba52b29..9bbc6884 100644
--- a/cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ApiExceptionHandler.java
+++ b/cameleer-server-app/src/main/java/com/cameleer/server/app/controller/ApiExceptionHandler.java
@@ -6,6 +6,8 @@ import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 import org.springframework.web.server.ResponseStatusException;
 
+import java.time.format.DateTimeParseException;
+
 /**
  * Global exception handler that ensures error responses use the typed {@link ErrorResponse} schema.
  */
@@ -18,4 +20,11 @@ public class ApiExceptionHandler {
         return ResponseEntity.status(ex.getStatusCode())
                 .body(new ErrorResponse(reason != null ? reason : "Unknown error"));
     }
+
+    @ExceptionHandler({DateTimeParseException.class, IllegalArgumentException.class})
+    public ResponseEntity<ErrorResponse> handleBadRequest(Exception ex) {
+        String msg = ex.getMessage();
+        return ResponseEntity.badRequest()
+                .body(new ErrorResponse(msg != null ? msg : "Bad request"));
+    }
 }