ericahan22
diff --git a/‎.github/workflows/send-newsletter.yml‎
Lines changed: 67 additions & 0 deletions b/‎.github/workflows/send-newsletter.yml‎
Lines changed: 67 additions & 0 deletions
diff --git a/‎.github/workflows/update-events-data.yml‎
Lines changed: 2 additions & 12 deletions b/‎.github/workflows/update-events-data.yml‎
Lines changed: 2 additions & 12 deletions
diff --git a/‎.github/workflows/validate-event-sources.yml‎
Lines changed: 103 additions & 0 deletions b/‎.github/workflows/validate-event-sources.yml‎
Lines changed: 103 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 0 deletions b/‎README.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎backend/apps/core/auth.py‎
Lines changed: 27 additions & 53 deletions b/‎backend/apps/core/auth.py‎
Lines changed: 27 additions & 53 deletions
@@ -0,0 +1,67 @@
+name: Send Newsletter
+
+on:
+  schedule:
+    - cron: '0 19 * * *'  # 2pm EST (7pm UTC)
+  workflow_dispatch:      # Optional manual trigger
+
+jobs:
+  send_newsletter:
+    runs-on: ubuntu-latest
+    env:
+      PRODUCTION: '1'
+      DJANGO_SETTINGS_MODULE: 'config.settings.development'
+      DATABASE_URL: ${{ secrets.SUPABASE_DB_URL }}
+      SUPABASE_DB_URL: ${{ secrets.SUPABASE_DB_URL }}
+      POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
+      POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
+      POSTGRES_PORT: ${{ secrets.POSTGRES_PORT }}
+      RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
+      RESEND_FROM_EMAIL: ${{ secrets.RESEND_FROM_EMAIL }}
+      EMAIL_ENCRYPTION_KEY: ${{ secrets.EMAIL_ENCRYPTION_KEY }}
+      EMAIL_HASH_KEY: ${{ secrets.EMAIL_HASH_KEY }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      AWS_S3_BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET_NAME }}
+      AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+      
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Cache pip
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('backend/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        working-directory: backend
+        run: |
+          pip install --upgrade pip setuptools wheel
+          pip install --prefer-binary -r requirements.txt
+
+      - name: Send newsletter to subscribers
+        working-directory: backend/scripts
+        run: python send_newsletter.py
+        continue-on-error: true
+
+      - name: Upload logs as artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: newsletter-logs-${{ github.run_number }}
+          path: |
+            backend/scripts/logs/
+            backend/scripts/*.log
+          retention-days: 30
+
@@ -1,4 +1,4 @@
-name: Scrape Instagram, Update Events DB, Send Newsletter, Update Static Data
+name: Scrape Instagram, Update Events DB, Update Static Data
 
 on:
   schedule:
@@ -9,10 +9,6 @@ on:
         required: true
         type: boolean
         default: false
-      send_newsletter:
-        required: true
-        type: boolean
-        default: false
       MAX_POSTS:
         required: false
         type: number
@@ -125,10 +121,4 @@ jobs:
           git config --global user.email 'github-actions[bot]@users.noreply.github.com'
           git add frontend/src/data/staticData.ts frontend/public/rss.xml
           git commit -m "chore: update static data from DB" || echo "No changes to commit"
-          git pull --rebase && git push --force
-
-      - name: Send newsletter to subscribers
-        if: github.event_name == 'schedule' || github.event.inputs.send_newsletter == 'true'
-        working-directory: backend/scripts
-        run: python send_newsletter.py
-        continue-on-error: true
+          git pull --rebase && git push --force
@@ -0,0 +1,103 @@
+name: Validate Event Sources
+
+on:
+  schedule:
+    - cron: '0 5,13,17,21 * * *'  # 12am, 8am, 12pm, 4pm EST (5am, 1pm, 5pm, 9pm UTC)
+  workflow_dispatch:      # Manual trigger
+    inputs:
+      limit:
+        description: 'Limit number of events to check (for testing)'
+        required: false
+        type: number
+      school:
+        description: 'Filter by school name'
+        required: false
+        type: string
+        default: 'University of Waterloo'
+      workers:
+        description: 'Max concurrent requests (default: 10)'
+        required: false
+        type: number
+        default: 10
+
+jobs:
+  validate_sources:
+    runs-on: ubuntu-latest
+    env:
+      PRODUCTION: '1'
+      DJANGO_SETTINGS_MODULE: 'config.settings.development'
+      DATABASE_URL: ${{ secrets.SUPABASE_DB_URL }}
+      SUPABASE_DB_URL: ${{ secrets.SUPABASE_DB_URL }}
+      POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
+      POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
+      POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
+      POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
+      POSTGRES_PORT: ${{ secrets.POSTGRES_PORT }}
+      SECRET_KEY: ${{ secrets.SECRET_KEY }}
+      
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Create logs directory
+        working-directory: backend/scripts
+        run: mkdir -p logs
+
+      - name: Cache pip
+        uses: actions/cache@v4
+        with:
+          path: ~/.cache/pip
+          key: ${{ runner.os }}-pip-${{ hashFiles('backend/requirements.txt') }}
+          restore-keys: |
+            ${{ runner.os }}-pip-
+
+      - name: Install dependencies
+        working-directory: backend
+        run: |
+          pip install --upgrade pip setuptools wheel
+          pip install --prefer-binary -r requirements.txt
+
+      - name: Run validation script (scheduled)
+        if: github.event_name == 'schedule'
+        working-directory: backend/scripts
+        run: |
+          python validate_event_sources.py --school "University of Waterloo" --workers 10 2>&1 | tee logs/validation.log
+        continue-on-error: false
+
+      - name: Run validation script (manual)
+        if: github.event_name == 'workflow_dispatch'
+        working-directory: backend/scripts
+        run: |
+          ARGS="--school '${{ github.event.inputs.school }}'"
+          if [ ! -z "${{ github.event.inputs.limit }}" ]; then
+            ARGS="$ARGS --limit ${{ github.event.inputs.limit }}"
+          fi
+          if [ ! -z "${{ github.event.inputs.workers }}" ]; then
+            ARGS="$ARGS --workers ${{ github.event.inputs.workers }}"
+          fi
+          python validate_event_sources.py $ARGS 2>&1 | tee logs/validation.log
+        continue-on-error: false
+
+      - name: Upload logs as artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: validation-logs-${{ github.run_number }}
+          path: |
+            backend/scripts/logs/
+            backend/scripts/*.log
+          retention-days: 30
+
+      - name: Check for deleted events
+        if: always()
+        working-directory: backend/scripts
+        run: |
+          if grep -q "Events deleted:" logs/validation.log; then
+            DELETED=$(grep "Events deleted:" logs/validation.log | awk '{print $NF}')
+            echo "::notice::Deleted $DELETED invalid events"
+          fi
+
@@ -43,6 +43,7 @@ python manage.py makemigrations
 python manage.py migrate
 # PRODUCTION=1 python manage.py migrate
 python scripts/populate-local-db-with-prod-data.py 
+python manage.py fix_sequences
 python manage.py runserver 8000
 ```
 
 
@@ -1,96 +1,70 @@
-from functools import wraps, lru_cache
+from functools import wraps
 import logging
 
-from clerk_backend_api import authenticate_request, AuthenticateRequestOptions, Clerk
+from clerk_backend_api import authenticate_request, AuthenticateRequestOptions
 from django.contrib.auth import authenticate
 from django.contrib.auth.backends import BaseBackend
-from django.contrib.auth.models import User
+from django.contrib.auth.models import AnonymousUser, User
 from django.http import JsonResponse
 
 from config.settings.base import CLERK_SECRET_KEY, CLERK_AUTHORIZED_PARTIES
 
 logger = logging.getLogger(__name__)
 
-# Create a single Clerk instance to reuse across requests
-_clerk_client = Clerk(bearer_auth=CLERK_SECRET_KEY)
-
 
 class JwtAuthBackend(BaseBackend):
     def authenticate(self, request, **kwargs):
-        if 'Authorization' not in request.headers:
-            logger.warning(f"JWT auth: Missing Authorization header on {request.method} {request.path}")
-            return None
-
         try:
-            auth_header = request.headers.get('Authorization')
-            if not auth_header.startswith('Bearer '):
-                logger.warning(f"JWT auth: Authorization header not Bearer on {request.method} {request.path}")
-                return None
-
-            logger.debug(
-                f"JWT auth: attempting Clerk auth (aud={CLERK_AUTHORIZED_PARTIES}) on {request.method} {request.path}"
-            )
-            request_state = authenticate_request(
+            state = authenticate_request(
                 request,
                 AuthenticateRequestOptions(
                     secret_key=CLERK_SECRET_KEY,
                     authorized_parties=CLERK_AUTHORIZED_PARTIES,
                 ),
             )
-            if not request_state.is_signed_in:
-                request.error_message = request_state.message
-                logger.warning(f"JWT auth: Clerk rejected token: {request_state.message}")
+
+            if not state.is_signed_in:
+                request.error_message = getattr(state, "message", "Not signed in")
+                logger.warning("JWT auth: Clerk rejected token: %s", request.error_message)
                 return None
-            print(request_state.payload, 'request_state.payload')
-            # Ideally at this point user object must be fetched from DB and returned, but we will just return a dummy
-            # user object
-            user = User(username=request_state.payload.get("sub", "unknown"), password="None")
-            # Attach payload for downstream usage
-            try:
-                request.auth_payload = request_state.payload
-            except Exception:
-                pass
-            return user
 
-        except Exception as e:
+            request.auth_payload = state.payload
+            
+            django_user = AnonymousUser()
+            django_user.username = state.payload.get("sub") or "clerk_user"
+            return django_user
+
+
+        except Exception:
             request.error_message = "Unable to authenticate user"
             logger.exception("JWT auth: exception during authentication")
             return None
 
     def get_user(self, user_id):
-        return User(username=user_id, password="None")
+        try:
+            return User.objects.get(pk=user_id)
+        except Exception:
+            return None
 
 
 def jwt_required(view_func):
     @wraps(view_func)
     def _wrapped_view(request, *args, **kwargs):
-        user = authenticate(request)
+        user = authenticate(request)  # triggers JwtAuthBackend.authenticate
         if not user:
-            error = getattr(request, 'error_message', 'User not authenticated')
-            return JsonResponse({'detail': error}, status=401)
+            error = getattr(request, "error_message", "User not authenticated")
+            return JsonResponse({"detail": error}, status=401)
         request.user = user
         return view_func(request, *args, **kwargs)
-
     return _wrapped_view
 
 
-@lru_cache(maxsize=100)
-def _get_user_metadata(user_id: str) -> dict:
-    """Fetch user public_metadata from Clerk API."""
-    try:
-        user = _clerk_client.users.get(user_id=user_id)
-        return getattr(user, "public_metadata", None) or getattr(user, "publicMetadata", None) or {}
-    except Exception:
-        return {}
-
-
 def admin_required(view_func):
     @wraps(view_func)
     @jwt_required
     def _wrapped_view(request, *args, **kwargs):
-        user_id = getattr(request, "auth_payload", {}).get("sub")
-        if not user_id or _get_user_metadata(user_id).get("role") != "admin":
-            return JsonResponse({'detail': 'Admin only'}, status=403)
+        role = request.auth_payload.get("role")
+        if role != "admin":
+            return JsonResponse({"message": "Admin only"}, status=403)
         return view_func(request, *args, **kwargs)
-
-    return _wrapped_view
+    return _wrapped_view