Chore/image moderation

.gitignore

@@ -459,4 +459,6 @@ src/emailpaywall.client/.svelte-kit
 
 # Include example tfvars files
 !**/*.tfvars.example
-!**/terraform.tfvars.example
+!**/terraform.tfvars.example
+
+**/appsettings.Development.json

deploy/Terraform/container-app.tf

@@ -82,7 +82,7 @@ resource "azurerm_container_app" "app" {
     server   = azurerm_container_registry.acr.login_server
     identity = azurerm_user_assigned_identity.uami.id
   }
-  
+
   depends_on = [azurerm_role_assignment.acr_pull, azurerm_mssql_database.db]
 
   # needed for container app to access other Microsoft Entra protected resources
@@ -179,6 +179,16 @@ resource "azurerm_container_app" "app" {
         name  = "ASPNETCORE_ENVIRONMENT"
         value = "Production"
       }
+
+      env {
+        name        = "AzureAIFoundry__ContentSafetyKey"
+        secret_name = "content-safety-key"
+      }
+
+      env {
+        name  = "AzureAIFoundry__ContentSafetyEndpoint"
+        value = var.content_safety_api
+      }
     }
   }
 
@@ -216,4 +226,9 @@ resource "azurerm_container_app" "app" {
     value = var.smtp_password
   }
 
+  secret {
+    name  = "content-safety-key"
+    value = var.content_safety_key
+  }
+
 }

deploy/Terraform/variables.tf

@@ -35,3 +35,14 @@ variable "smtp_password" {
   type        = string
   sensitive   = true
 }
+
+variable "content_safety_key" {
+  description = "Azure AI foundry content safety key"
+  type        = string
+  sensitive   = true
+}
+
+variable "content_safety_api" {
+  description = "Azure AI foundry content safety api endpoint"
+  type        = string
+}

src/Evently.Server/Common/Domains/Interfaces/IObjectStorageService.cs

@@ -10,4 +10,5 @@ public interface IObjectStorageService {
 	Task<Uri> GetFileUri(string containerName, string fileName);
 	Task<BinaryData> GetFile(string containerName, string fileName);
 	Task<bool> IsFileExists(string containerName, string fileName);
+	Task<bool> PassesContentModeration(BinaryData binaryData);
 }

src/Evently.Server/Common/Domains/Models/Settings.cs

@@ -9,6 +9,7 @@ public sealed class Settings {
 	[NotMapped] public AuthSetting Authentication { get; init; } = new();
 
 	[NotMapped] public EmailSettings EmailSettings { get; init; } = new();
+	[NotMapped] public AzureAIFoundry AzureAiFoundry { get; init; } = new();
 }
 
 [SuppressMessage("ReSharper", "AutoPropertyCanBeMadeGetOnly.Global")]
@@ -32,4 +33,9 @@ public sealed class OAuthSetting {
 public sealed class EmailSettings {
 	public string ActualFrom { get; init; } = string.Empty;
 	public string SmtpPassword { get; init; } = string.Empty;
+}
+
+public sealed class AzureAIFoundry {
+	public string ContentSafetyKey { get; init; } = string.Empty;
+	public string ContentSafetyEndpoint { get; init; } = string.Empty;
 }

src/Evently.Server/Common/Extensions/LoggerExtension.cs

@@ -28,4 +28,12 @@ public static partial void LogSuccessEmail(
 		Message = "Error occurred at {context}: {errorMsg}")]
 	public static partial void LogErrorContext(
 		this ILogger logger, string context, string errorMsg);
+
+	[LoggerMessage(
+		EventId = 5,
+		Level = LogLevel.Error,
+		Message = "Analyze image failed. Status code: {statusCode}, Error code: {errorCode}, Error message: {errMsg}")]
+	public static partial void LogContentModerationError(
+		this ILogger logger, string statusCode, string errorCode, string errMsg);
+	//
 }

src/Evently.Server/Evently.Server.csproj

@@ -12,6 +12,7 @@
     </PropertyGroup>
 
     <ItemGroup>
+        <PackageReference Include="Azure.AI.ContentSafety" Version="1.0.0"/>
         <PackageReference Include="Azure.Storage.Blobs" Version="12.25.0"/>
         <PackageReference Include="FluentValidation" Version="12.0.0"/>
         <PackageReference Include="HtmlRenderer.PdfSharp" Version="1.5.0.6"/>

src/Evently.Server/Features/Files/Services/ObjectStorageService.cs

@@ -1,8 +1,10 @@
 using Azure;
+using Azure.AI.ContentSafety;
 using Azure.Storage.Blobs;
 using Azure.Storage.Blobs.Models;
 using Evently.Server.Common.Domains.Interfaces;
 using Evently.Server.Common.Domains.Models;
+using Evently.Server.Common.Extensions;
 using Microsoft.Extensions.Options;
 
 namespace Evently.Server.Features.Files.Services;
@@ -11,6 +13,9 @@ namespace Evently.Server.Features.Files.Services;
 public sealed class ObjectStorageService(IOptions<Settings> settings, ILogger<ObjectStorageService> logger) : IObjectStorageService {
 	private readonly BlobServiceClient _blobServiceClient =
 		new(settings.Value.StorageAccount.AzureStorageConnectionString);
+	private readonly ContentSafetyClient _contentSafetyClient = new(
+		endpoint: new Uri(settings.Value.AzureAiFoundry.ContentSafetyEndpoint),
+		credential: new AzureKeyCredential(settings.Value.AzureAiFoundry.ContentSafetyKey));
 
 	public async Task<Uri> UploadFile(string containerName, string fileName, BinaryData binaryData,
 		string mimeType = "application/octet-stream") {
@@ -65,4 +70,23 @@ public async Task<BinaryData> GetFile(string containerName, string fileName) {
 		BinaryData data = BinaryData.FromBytes(bytes);
 		return data;
 	}
+
+	public async Task<bool> PassesContentModeration(BinaryData binaryData) {
+		ContentSafetyImageData image = new(binaryData);
+		AnalyzeImageOptions request = new(image);
+		Response<AnalyzeImageResult> response;
+		try {
+			response = await _contentSafetyClient.AnalyzeImageAsync(request);
+		} catch (RequestFailedException ex) {
+			logger.LogContentModerationError(ex.Status.ToString(), ex.ErrorCode ?? "", ex.Message);
+			throw;
+		}
+
+		AnalyzeImageResult result = response.Value;
+		int? score = result.CategoriesAnalysis
+			             .Select(v => v.Severity)
+			             .Aggregate((a, b) => a + b)
+		             ?? 0;
+		return score == 0;
+	}
 }

src/Evently.Server/Features/Gatherings/Controllers/GatheringsController.cs

@@ -68,8 +68,8 @@ public async Task<ActionResult<Gathering>> CreateGathering([FromForm] GatheringR
 		}
 
 		if (coverImg != null) {
-			Uri uri = await UploadCoverImage(gatheringReqDto.GatheringId, coverImg: coverImg ?? throw new ArgumentNullException(nameof(coverImg)));
-			gatheringReqDto = gatheringReqDto with { CoverSrc = uri.AbsoluteUri };
+			string uri = await UploadCoverImage(gatheringReqDto.GatheringId, coverImg);
+			gatheringReqDto = gatheringReqDto with { CoverSrc = uri };
 		}
 
 		Gathering gathering = await gatheringService.CreateGathering(gatheringReqDto);
@@ -88,9 +88,8 @@ public async Task<ActionResult> UpdateGathering(long gatheringId, [FromForm] Gat
 		}
 
 		if (coverImg != null) {
-			Uri uri = await UploadCoverImage(gatheringReqDto.GatheringId, coverImg);
-			gathering.CoverSrc = uri.AbsoluteUri;
-			gatheringReqDto = gatheringReqDto with { CoverSrc = uri.AbsoluteUri };
+			string uri = await UploadCoverImage(gatheringReqDto.GatheringId, coverImg);
+			gatheringReqDto = gatheringReqDto with { CoverSrc = uri };
 		}
 
 		gathering = await gatheringService.UpdateGathering(gatheringId, gatheringReqDto);
@@ -112,12 +111,17 @@ public async Task<ActionResult<Gathering>> DeleteGathering(long gatheringId) {
 		return NoContent();
 	}
 
-	private async Task<Uri> UploadCoverImage(long gatheringId, IFormFile coverImg) {
+	private async Task<string> UploadCoverImage(long gatheringId, IFormFile coverImg) {
 		string fileName = $"gatherings/{gatheringId}/cover-image{Path.GetExtension(coverImg.FileName)}";
 		BinaryData binaryData = await coverImg.ToBinaryData();
-		return await objectStorageService.UploadFile(_containerName,
+		bool isContentSafe = await objectStorageService.PassesContentModeration(binaryData);
+		if (!isContentSafe) {
+			return string.Empty;
+		}
+		Uri uri = await objectStorageService.UploadFile(_containerName,
 			fileName,
 			binaryData,
 			mimeType: MimeTypes.GetMimeType(coverImg.FileName));
+		return uri.AbsoluteUri;
 	}
 }

src/Evently.Server/appsettings.json

@@ -5,5 +5,26 @@
       "Microsoft.AspNetCore": "Warning"
     }
   },
-  "AllowedHosts": "*"
+  "AllowedHosts": "*",
+  "ConnectionStrings": {
+    "WebApiDatabase": "Data Source=(localdb)\\MSSQLLocalDB;Database=evently;Integrated Security=True;Persist Security Info=False;Pooling=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Application Name=\"SQL Server Management Studio\";Command Timeout=0;"
+  },
+  "StorageAccount": {
+    "AccountName": "evently-dev-images",
+    "AzureStorageConnectionString": "DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;QueueEndpoint=http://127.0.0.1:10001/devstoreaccount1;TableEndpoint=http://127.0.0.1:10002/devstoreaccount1;"
+  },
+  "AzureAIFoundry": {
+    "ContentSafetyKey": "<ai-foundry-content-safety-key>",
+    "ContentSafetyEndpoint": "<ai-foundry-content-safety-api>"
+  },
+  "Authentication": {
+    "Google": {
+      "ClientId": "<your-google-client-id>",
+      "ClientSecret": "<your-google-client-secret>"
+    }
+  },
+  "EmailSettings": {
+    "ActualFrom": "<your-email@example.com>",
+    "SmtpPassword": "<your-app-password>"
+  }
 }

src/evently.client/src/lib/components/card.tsx

@@ -18,9 +18,10 @@ export function Card({ gathering, accountId }: CardProps): JSX.Element {
 		(detail) => detail.category
 	);
 
-	// ignore img-src for now
-	const hash: number = hashString(gathering.name);
-	imgSrc = hash % 2 === 0 ? Placeholder1 : Placeholder2;
+	if (imgSrc == null || imgSrc.length === 0) {
+		const hash: number = hashString(gathering.name);
+		imgSrc = hash % 2 === 0 ? Placeholder1 : Placeholder2;
+	}
 
 	if (title.length > 30) {
 		title = title.substring(0, 30) + "...";

src/evently.client/src/lib/services/gathering-service.ts

@@ -75,7 +75,11 @@ function toFormData(gatheringDto: GatheringReqDto, coverImg?: File | null): Form
 			formData.set(key, value);
 		}
 	}
+
 	formData.delete("gatheringCategoryDetails");
+	if (gatheringDto.gatheringCategoryDetails.length === 0) {
+		formData.set("gatheringCategoryDetails", "[]");
+	}
 
 	for (let i = 0; i < gatheringDto.gatheringCategoryDetails.length; i++) {
 		const detail: GatheringCategoryDetailReqDto = gatheringDto.gatheringCategoryDetails[i];