Fair! But I think that it'll raise a HTTP 400 error which is exactly the error to send to the frontend to handle. It even tells the frontend which field needs to be fixed and the specific error on that field. Django does some great work here.
Agreed it could use some more robust error handling, but the several places that call update_metadata do have try except blocks around them to process any errors and re-raise if appropriate.
Totally, I am using env variables the defaults there are just the values that are used in development (they match how the db is set up via docker-compose). The only one I see that's set that could be an issue is the Django Secret Key, which is only important for encrypted fields which I don't think there are any in this data model.
I'll definitely be making improvements but thanks for taking the time to look through it!
update_metadatado have try except blocks around them to process any errors and re-raise if appropriate.