added safe guards to submitted events

Author: tonyqiu123

backend/apps/core/middleware.py

@@ -0,0 +1,10 @@
+from django.http import HttpResponse
+
+class HealthCheckMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+
+    def __call__(self, request):
+        if request.path_info == '/health':
+            return HttpResponse("OK")
+        return self.get_response(request)

backend/apps/events/views.py

@@ -449,7 +449,7 @@ def rss_feed(request):
 
 
 @api_view(["POST"])
-@permission_classes([ClerkAuthenticated])
+@permission_classes([AllowAny])
 @ratelimit(key="ip", rate="5/hr", block=True)
 def submit_event(request):
     """Submit event for review - accepts screenshot file and source URL, runs extraction, creates Event and links submission"""
@@ -487,13 +487,37 @@ def submit_event(request):
             event_data = {"source_url": source_url, "source_image_url": screenshot_url}
 
         # Create Event immediately and link submission
-        event = Events.objects.create(**{k: v for k, v in event_data.items() if k in {f.name for f in Events._meta.get_fields()}})
+        allowed_fields = {f.name for f in Events._meta.get_fields()}
+        cleaned = {
+            k: v
+            for k, v in (event_data or {}).items()
+            if k in allowed_fields
+            and not (isinstance(v, str) and v.strip() in {"", "\"\"", "''", "“”"})
+        }
+
+        # Basic guard: require at least a title and a start datetime to consider it an event
+        if not cleaned.get("title") or not cleaned.get("dtstart"):
+            return Response(
+                {"error": "Submission does not appear to be an event."},
+                status=status.HTTP_400_BAD_REQUEST,
+            )
+
+        event = Events.objects.create(**cleaned)
+
+        # Attempt to capture submitting user if available (optional for anonymous)
+        clerk_user_id = None
+        try:
+            clerk_user_id = (
+                getattr(request, "clerk_user", None) or {}
+            ).get("id")
+        except Exception:
+            clerk_user_id = None
 
         submission = EventSubmission.objects.create(
             screenshot_url=screenshot_url,
             source_url=source_url,
             status="pending",
-            submitted_by=request.clerk_user.get('id'),
+            submitted_by=clerk_user_id,
             created_event=event,
             extracted_data=event_data,
         )

backend/config/settings/base.py

@@ -54,6 +54,7 @@
 ]
 
 MIDDLEWARE = [
+    "apps.core.middleware.HealthCheckMiddleware",
     "corsheaders.middleware.CorsMiddleware",
     "django.middleware.security.SecurityMiddleware",
     "django.contrib.sessions.middleware.SessionMiddleware",

backend/services/openai_service.py

@@ -122,6 +122,11 @@ def extract_events_from_caption(
     
     Caption: {caption_text}
     
+    STRICT CONTENT POLICY:
+    - If the content is NOT actually trying to announce or describe a real-world event (e.g., a meme, personal photo dump, random advertisement, generic brand post with no time/place), DO NOT extract an event. Return an object with empty strings/nulls as specified below.
+    - If the content is inappropriate (nudity, explicit sexual content, or graphic violence), DO NOT extract an event. Return an object with empty strings/nulls as specified below.
+    - If there is no specific start time, DO NOT extract an event.
+    
     Do NOT extract events that only mention a date without a specific start time. Only include an event if a specific start time is mentioned in the caption or image.
     
     Return ONE JSON object (not an array). The object must have ALL of the following fields:
@@ -158,6 +163,7 @@ def extract_events_from_caption(
     - For all_day: true only if no specific time is mentioned.
     - For tz mappings, default to "America/Toronto" for {school}.
     - For rrule: only when recurring is mentioned; otherwise empty string.
+    - If the content violates the STRICT CONTENT POLICY or is not an event, set title to "" and leave the rest of the fields empty as per defaults below. Do not fabricate an event.
     - If information is not available, use empty string for strings, null for price/coordinates, and false for booleans.
     - Return ONLY the JSON object text, no extra commentary.
         {f"- An image is provided at: {source_image_url}. If there are conflicts between caption and image information, prioritize the caption text." if source_image_url else ""}

frontend/src/app/App.tsx

@@ -29,14 +29,7 @@ function App() {
           <Route path="/" element={<EventsPage />} />
           <Route path="/events" element={<EventsPage />} />
           <Route path="/events/:eventId" element={<EventDetailPage />} />
-          <Route
-            path="/submit"
-            element={
-              <ProtectedRoute>
-                <SubmitEventPage />
-              </ProtectedRoute>
-            }
-          />
+          <Route path="/submit" element={<SubmitEventPage />} />
           <Route path="/clubs" element={<ClubsPage />} />
           <Route path="/about" element={<AboutPage />} />
           <Route path="/contact" element={<ContactPage />} />

frontend/src/features/events/pages/SubmitEventPage.tsx

@@ -13,6 +13,7 @@ import { CheckCircle, Calendar, Link, Upload, Image as ImageIcon } from 'lucide-
 export function SubmitEventPage() {
   const [preview, setPreview] = useState<string | null>(null);
   const [success, setSuccess] = useState(false);
+  const [errorMsg, setErrorMsg] = useState<string | null>(null);
   const { submitEvent, isLoading } = useEventSubmission();
 
   const {
@@ -37,19 +38,23 @@ export function SubmitEventPage() {
 
   const onSubmit = async (data: SubmissionFormData) => {
     try {
+      setErrorMsg(null);
       submitEvent(data, {
         onSuccess: () => {
           setSuccess(true);
+          setErrorMsg(null);
           reset();
           setPreview(null);
           setTimeout(() => setSuccess(false), 5000);
         },
         onError: (error) => {
-          console.error('Submission error:', error);
+          const msg = error instanceof Error && error.message ? error.message : 'We could not process this submission. Please ensure it clearly describes an event with a specific start time and is appropriate.';
+          setErrorMsg(msg);
         }
       });
     } catch (error) {
-      console.error('Submission error:', error);
+      const msg = error instanceof Error && error.message ? error.message : 'Submission failed. Please try again.';
+      setErrorMsg(msg);
     }
   };
 
@@ -76,6 +81,11 @@ export function SubmitEventPage() {
             </CardTitle>
           </CardHeader>
           <CardContent>
+            {errorMsg && (
+              <div className="mb-6 rounded-md border border-red-200 bg-red-50 text-red-700 dark:border-red-900/50 dark:bg-red-900/20 dark:text-red-200 p-4 text-sm">
+                {errorMsg}
+              </div>
+            )}
             {success ? (
               <div className="text-center py-8">
                 <div className="inline-flex items-center justify-center w-16 h-16 bg-green-100 rounded-full mb-4">

frontend/src/shared/api/EventsAPIClient.ts

@@ -102,7 +102,18 @@ class EventsAPIClient {
     });
 
     if (!response.ok) {
-      throw new Error(`HTTP error! status: ${response.status}`);
+      let message = `Submission failed (status ${response.status})`;
+      try {
+        const errBody = await response.json();
+        if (typeof errBody?.error === 'string' && errBody.error.trim()) {
+          message = errBody.error;
+        } else if (typeof errBody?.message === 'string' && errBody.message.trim()) {
+          message = errBody.message;
+        }
+      } catch (_) {
+        // ignore JSON parse errors
+      }
+      throw new Error(message);
     }
 
     return response.json();

frontend/src/shared/components/layout/Navbar.tsx

@@ -40,6 +40,17 @@ function Navbar() {
               >
                 Events
               </Button>
+              <Button
+                variant="link"
+                onMouseDown={() => navigate("/submit")}
+                className={`text-sm font-medium ${
+                  isActive("/submit")
+                    ? "text-gray-900 dark:text-white"
+                    : "text-gray-600 dark:text-gray-300 hover:text-gray-900 dark:hover:text-white"
+                }`}
+              >
+                Submit
+              </Button>
               <Button
                 variant="link"
                 onMouseDown={() => navigate("/clubs")}
@@ -152,6 +163,13 @@ function Navbar() {
               >
                 Events
               </Button>
+              <Button
+                variant="ghost"
+                className="w-full justify-start text-sm font-medium text-gray-600 dark:text-gray-300 hover:text-gray-900 dark:hover:text-white"
+                onMouseDown={() => navigate("/submit")}
+              >
+                Submit
+              </Button>
               <Button
                 variant="ghost"
                 className="w-full justify-start text-sm font-medium text-gray-600 dark:text-gray-300 hover:text-gray-900 dark:hover:text-white"