How can I authenticate a token_uri before mint?

Hey, i'm tinkering with a concept for NFT minting with generative music and art and trying to work out the best way to make sure that people can only mint essentially ‘approved’ content. I.e from the generative tools that I’d provide and that it can’t just have anything added to the token_uri on mint. The image and audio would be generated client side, uploaded to IPFS and then with other relevant attributes get added to token_uri json which is then also uploaded to IPFS and then sent to the contract with the mint transaction.

With ready access to the contract on Etherscan now and a token_uri needing to be generated-off chain it would be easy for someone to put something stupid in and spoil the collection. I guess a minting fee would be something of a deterrent but doesn't actually solve the issue.

What would be a good way to prevent this being possible? Some kind of way of verifying the token_uri being submitted was legit? Looked at doing it with a murkle proof but that relies on knowing all the token_uri s upfront. Maybe I am overthinking something that isn't really an issue? Any help / suggestions greatly appreciated. Thanks