@@ -308,6 +308,7 @@ func (api *API) insightsTemplates(rw http.ResponseWriter, r *http.Request) {
308308// to provide the hour of the day (e.g. 14:00:00).
309309func parseInsightsStartAndEndTime (ctx context.Context ,rw http.ResponseWriter ,startTimeString ,endTimeString string ) (startTime ,endTime time.Time ,ok bool ) {
310310const insightsTimeLayout = time .RFC3339Nano
311+ now := time .Now ()
311312
312313for _ ,qp := range []struct {
313314name ,value string
@@ -329,6 +330,7 @@ func parseInsightsStartAndEndTime(ctx context.Context, rw http.ResponseWriter, s
329330})
330331return time.Time {}, time.Time {},false
331332}
333+
332334if t .IsZero () {
333335httpapi .Write (ctx ,rw ,http .StatusBadRequest , codersdk.Response {
334336Message :"Query parameter has invalid value." ,
@@ -341,10 +343,24 @@ func parseInsightsStartAndEndTime(ctx context.Context, rw http.ResponseWriter, s
341343})
342344return time.Time {}, time.Time {},false
343345}
346+
347+ if t .After (now ) {
348+ httpapi .Write (ctx ,rw ,http .StatusBadRequest , codersdk.Response {
349+ Message :"Query parameter has invalid value." ,
350+ Validations : []codersdk.ValidationError {
351+ {
352+ Field :qp .name ,
353+ Detail :fmt .Sprintf ("Query param %q must not be in the future" ,qp .name ),
354+ },
355+ },
356+ })
357+ return time.Time {}, time.Time {},false
358+ }
359+
344360ensureZeroHour := true
345361if qp .name == "end_time" {
346362ey ,em ,ed := t .Date ()
347- ty ,tm ,td := time . Now () .Date ()
363+ ty ,tm ,td := now .Date ()
348364
349365ensureZeroHour = ey != ty || em != tm || ed != td
350366}