diff --git a/client/src/App.tsx b/client/src/App.tsx
index c2f6937..dfa2e5e 100644
--- a/client/src/App.tsx
+++ b/client/src/App.tsx
@@ -21,23 +21,6 @@ import Loader from './components/Loader';
 
 const EVENT_CONNECT = "connect"
 
-// TODO tohle má být kvůli bezpečnosti na serveru
-const DEPARTURE_TIMES = [
-  "10:00",
-  "10:15",
-  "10:30",
-  "10:45",
-  "11:00",
-  "11:15",
-  "11:30",
-  "11:45",
-  "12:00",
-  "12:15",
-  "12:30",
-  "12:45",
-  "13:00",
-]
-
 function App() {
   const auth = useAuth();
   const bank = useBank();
@@ -369,6 +352,7 @@ function App() {
             Poslední změny:
             <ul>
               <li>Oprava generování QR kódů pro Pizza day</li>
+              <li>Serverová validace času odchodu</li>
             </ul>
           </Alert>
           {dayIndex != null &&
@@ -413,7 +397,7 @@ function App() {
                   <p style={{ marginTop: "10px" }}>V kolik hodin preferuješ odchod?</p>
                   <Form.Select ref={departureChoiceRef} onChange={handleChangeDepartureTime}>
                     <option></option>
-                    {DEPARTURE_TIMES.map(time => <option key={time} value={time}>{time}</option>)}
+                    {data.departureTimes.map(time => <option key={time} value={time}>{time}</option>)}
                   </Form.Select>
                 </>}
               </>}
diff --git a/server/src/index.ts b/server/src/index.ts
index d23ce63..a013c22 100644
--- a/server/src/index.ts
+++ b/server/src/index.ts
@@ -293,7 +293,7 @@ app.post("/api/updatePizzaDayNote", async (req, res) => {
     res.status(200).json(data);
 });
 
-app.post("/api/changeDepartureTime", async (req, res) => {
+app.post("/api/changeDepartureTime", async (req, res, next) => {
     const login = getLogin(parseToken(req));
     let date = undefined;
     if (req.body.dayIndex != null) {
@@ -305,9 +305,11 @@ app.post("/api/changeDepartureTime", async (req, res) => {
         }
         date = getDateForWeekIndex(dayIndex);
     }
-    const data = await updateDepartureTime(login, req.body?.time, date);
-    io.emit("message", data);
-    res.status(200).json(data);
+    try {
+        const data = await updateDepartureTime(login, req.body?.time, date);
+        io.emit("message", data);
+        res.status(200).json(data);
+    } catch (e: any) { next(e) }
 });
 
 // Middleware pro zpracování chyb
diff --git a/server/src/service.ts b/server/src/service.ts
index e79bcaa..2881e3c 100644
--- a/server/src/service.ts
+++ b/server/src/service.ts
@@ -1,5 +1,5 @@
 import { InsufficientPermissions, formatDate, getDayOfWeekIndex, getHumanDate, getHumanTime, getIsWeekend } from "./utils";
-import { ClientData, Locations, Restaurants, Menu } from "../../types";
+import { ClientData, Locations, Restaurants, Menu, DepartureTime } from "../../types";
 import getStorage from "./storage";
 import { getMenuSladovnicka, getMenuTechTower, getMenuUMotliku } from "./restaurants";
 import { getTodayMock } from "./mock";
@@ -29,7 +29,14 @@ export const getDateForWeekIndex = (index: number) => {
 /** Vrátí "prázdná" (implicitní) data pro předaný den. */
 function getEmptyData(date?: Date): ClientData {
     const usedDate = date || getToday();
-    return { date: getHumanDate(usedDate), isWeekend: getIsWeekend(usedDate), weekIndex: getDayOfWeekIndex(usedDate), todayWeekIndex: getDayOfWeekIndex(getToday()), choices: {} };
+    return {
+        date: getHumanDate(usedDate),
+        isWeekend: getIsWeekend(usedDate),
+        weekIndex: getDayOfWeekIndex(usedDate),
+        todayWeekIndex: getDayOfWeekIndex(getToday()),
+        choices: {},
+        departureTimes: Object.values(DepartureTime),
+    };
 }
 
 /**
@@ -246,6 +253,9 @@ export async function updateDepartureTime(login: string, time?: string, date?: D
         if (!time?.length) {
             delete found[login].departureTime;
         } else {
+            if (!Object.values<string>(DepartureTime).includes(time)) {
+                throw Error(`Neplatný čas odchodu ${time}`);
+            }
             found[login].departureTime = time;
         }
         await storage.setData(selectedDate, clientData);
diff --git a/types/Types.ts b/types/Types.ts
index 5a00cda..29dc8f3 100644
--- a/types/Types.ts
+++ b/types/Types.ts
@@ -73,6 +73,7 @@ export interface ClientData {
     weekIndex: number, // index zvoleného dne v týdnu (0-6)
     todayWeekIndex: number, // index dnešního dne v týdnu (0-6)
     choices: Choices, // seznam voleb
+    departureTimes: DepartureTime[], // seznam možných časů odchodu
     menus?: { [restaurant in Restaurants]?: Menu }, // menu jednotlivých restaurací
     pizzaDay?: PizzaDay, // pizza day pro dnešní den, pokud existuje
     pizzaList?: Pizza[], // seznam dostupných pizz pro dnešní den
@@ -124,4 +125,21 @@ export interface NotifikaceData {
 export interface GotifyServer {
     server: string;
     api_keys: string[];
+}
+
+/** Čas preferovaného odchodu na oběd. */
+export enum DepartureTime {
+    T10_00 = "10:00",
+    T10_15 = "10:15",
+    T10_30 = "10:30",
+    T10_45 = "10:45",
+    T11_00 = "11:00",
+    T11_15 = "11:15",
+    T11_30 = "11:30",
+    T11_45 = "11:45",
+    T12_00 = "12:00",
+    T12_15 = "12:15",
+    T12_30 = "12:30",
+    T12_45 = "12:45",
+    T13_00 = "13:00",
 }
\ No newline at end of file