fix: add validation when creating facility for timezone field per ticket ID 648

[carddev81]

Pre-Submission PR Checklist

• No debug/console/fmt.Println statements
• Unnecessary development comments removed
• All acceptance criteria verified
• Functions according to ticket specifications
• Tested manually where applicable
• Branch rebased with latest main
• No business logic exists within the database layer

Description of the change

Add timezone validation when creating facilities. Specifically for when adding SuperAdmin to system...it creates an initial facility.

• Related issues: Link to related Asana ticket that this closes: Need To Add Timezone Validation on initial login

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 6a53fba6-6ce6-4526-b284-ca8e62fe82c9

📥 Commits

Reviewing files that changed from the base of the PR and between 4d8c68b and 3af0b42.

📒 Files selected for processing (1)

• frontend/src/components/forms/ChangePasswordForm.tsx

---

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes

  • Stronger timezone validation when creating or updating facilities and during password reset; invalid or missing timezones now return clear errors and abort changes.
  • Validation is performed earlier to prevent saving invalid facility data.

• New Features

  • On first login, the app auto-detects your browser timezone and requires confirmation to ensure accurate scheduling.

Walkthrough

This PR enforces timezone as a required field across the facility management system. The model adds a required validation tag to timezone, the database layer validates before saving, the authentication handler validates on password reset, and the frontend form detects browser timezone as default and enforces validation for first-login flows with error display.

Changes

Timezone Validation Enforcement

Layer / File(s)	Summary
Facility timezone validation contract backend/src/models/facilities.go	Facility.Timezone struct tag now requires a valid timezone via validate:"required,timezone" instead of only validate:"timezone".
Database persistence validation backend/src/database/facilities.go	UpdateFacility validates the facility object (Validate().Struct(facility)) before saving and returns a NewDBError with "facilities" context on validation failure.
Request handler timezone checks backend/src/handlers/auth.go	handleResetPassword validates that form.Timezone is present and can be loaded via time.LoadLocation, rolling back the transaction and returning a 400 error if validation fails before any facility update is attempted.
Frontend form timezone handling frontend/src/components/forms/ChangePasswordForm.tsx	Form detects browser timezone and sets it as a default value, makes timezone required for first-login scenarios via field watching, renders a hidden registered input with required validation, updates timezone via setValue with validation, and displays timezone validation error messages.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly describes the main change: adding timezone validation for facility creation, with specific reference to the ticket ID.
Description check	✅ Passed	The description is directly related to the changeset, explaining the purpose of adding timezone validation during facility creation for the SuperAdmin initial facility setup.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@frontend/src/components/forms/ChangePasswordForm.tsx`:
- Around line 27-31: Wrap the timezone detection in getDefaultTimezone with a
try-catch and defensive checks: call
Intl.DateTimeFormat().resolvedOptions().timeZone inside the try, ensure the
result is a non-empty string, and return it only if allowed.includes(browserTz);
on any exception or invalid value fall back to Timezones.CST. Keep the function
signature and use the existing Timezones and allowed variables
(getDefaultTimezone, Timezones.CST) so behavior is unchanged except for safe
error handling.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: e14522b2-70d5-4980-8676-f960cc707b8a

📥 Commits

Reviewing files that changed from the base of the PR and between edf64e4 and 4d8c68b.

📒 Files selected for processing (4)

• backend/src/database/facilities.go
• backend/src/handlers/auth.go
• backend/src/models/facilities.go
• frontend/src/components/forms/ChangePasswordForm.tsx

[CK-7vn]

Good work man! If you want to fix the nit, cool, i only even bothered posting it because i figured next junior we get may come across it and be like "Wait a second...", but thats low likelihood anyways.

[CK-7vn]

Nit: probably just use timezone here instead of negating the negation, but, its the same thing so really doesn't matter either way.