feat: add presentation layer + bootstrap wiring for vertical slice

2026-05-31 05:51:09 +02:00
parent 8c1a0e4519
commit 201eff717d
21 changed files with 726 additions and 51 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,65 +1,42 @@
 # ============================================================================
-# K-Template Configuration
+# K-Photos Configuration
 # ============================================================================
 # Copy this file to .env and adjust values for your environment.

 # ============================================================================
 # Server
 # ============================================================================
-HOST=127.0.0.1
+HOST=0.0.0.0
 PORT=3000

 # ============================================================================
 # Database
 # ============================================================================
-# SQLite (default)
-DATABASE_URL=sqlite:data.db?mode=rwc
-
-# PostgreSQL (requires postgres feature flag)
-# DATABASE_URL=postgres://user:password@localhost:5432/mydb
+DATABASE_URL=postgres://kphotos:kphotos@localhost:5432/kphotos

 DB_MAX_CONNECTIONS=5
 DB_MIN_CONNECTIONS=1

-# ============================================================================
-# Cookie Secret
-# ============================================================================
-# Used to encrypt the OIDC state cookie (CSRF token, PKCE verifier, nonce).
-# Must be at least 64 characters in production.
-COOKIE_SECRET=your-cookie-secret-key-must-be-at-least-64-characters-long-for-security!!
-
-# Set to true when serving over HTTPS
-SECURE_COOKIE=false
-
 # ============================================================================
 # JWT
 # ============================================================================
-# Must be at least 32 characters in production.
-JWT_SECRET=your-jwt-secret-key-at-least-32-chars
-
-# Optional: embed issuer/audience claims in tokens
-# JWT_ISSUER=your-app-name
-# JWT_AUDIENCE=your-app-audience
+JWT_SECRET=change-me-in-production-at-least-32-characters

 # Token lifetime in hours (default: 24)
 JWT_EXPIRY_HOURS=24

-# ============================================================================
-# OIDC (optional — requires auth-oidc feature flag)
-# ============================================================================
-# OIDC_ISSUER=https://your-oidc-provider.com
-# OIDC_CLIENT_ID=your-client-id
-# OIDC_CLIENT_SECRET=your-client-secret
-# OIDC_REDIRECT_URL=http://localhost:3000/api/v1/auth/callback
-# OIDC_RESOURCE_ID=your-resource-id   # optional audience claim to verify
-
 # ============================================================================
 # CORS
 # ============================================================================
-CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
+CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173
+
+# ============================================================================
+# Storage
+# ============================================================================
+STORAGE_BACKEND=local
+STORAGE_PATH=./data/media

 # ============================================================================
 # Production Mode
 # ============================================================================
-# Set to true/production/1 to enforce minimum secret lengths and other checks.
 PRODUCTION=false
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -81,6 +81,7 @@ dependencies = [
 "chrono",
 "domain",
 "serde",
+ "serde_json",
 "utoipa",
 "uuid",
 ]
@@ -154,6 +155,7 @@ dependencies = [
 "matchit",
 "memchr",
 "mime",
+ "multer",
 "percent-encoding",
 "pin-project-lite",
 "serde_core",
@@ -260,6 +262,7 @@ dependencies = [
 "adapters-storage",
 "anyhow",
 "application",
+ "async-trait",
 "axum",
 "domain",
 "dotenvy",
@@ -486,6 +489,15 @@ dependencies = [
 "serde",
 ]

+[[package]]
+name = "encoding_rs"
+version = "0.8.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "75030f3c4f45dafd7586dd6780965a8c7e8e285a5ecb86713e63a79c5b2766f3"
+dependencies = [
+ "cfg-if",
+]
+
 [[package]]
 name = "equivalent"
 version = "1.0.2"
@@ -1195,6 +1207,23 @@ dependencies = [
 "windows-sys 0.61.2",
 ]

+[[package]]
+name = "multer"
+version = "3.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "83e87776546dc87511aa5ee218730c92b666d7264ab6ed41f9d215af9cd5224b"
+dependencies = [
+ "bytes",
+ "encoding_rs",
+ "futures-util",
+ "http",
+ "httparse",
+ "memchr",
+ "mime",
+ "spin",
+ "version_check",
+]
+
 [[package]]
 name = "nu-ansi-term"
 version = "0.50.3"
@@ -1434,10 +1463,12 @@ dependencies = [
 "application",
 "async-trait",
 "axum",
+ "bytes",
 "chrono",
 "domain",
 "serde",
 "serde_json",
+ "sha2",
 "tower-http",
 "tracing",
 "utoipa",
--- a/compose.yml
+++ b/compose.yml
@@ -0,0 +1,14 @@
+services:
+  postgres:
+    image: postgres:17-alpine
+    environment:
+      POSTGRES_USER: kphotos
+      POSTGRES_PASSWORD: kphotos
+      POSTGRES_DB: kphotos
+    ports:
+      - "5432:5432"
+    volumes:
+      - pgdata:/var/lib/postgresql/data
+
+volumes:
+  pgdata:
--- a/crates/adapters/storage/Cargo.toml
+++ b/crates/adapters/storage/Cargo.toml
@@ -15,6 +15,7 @@ anyhow      = { workspace = true }
 tracing     = { workspace = true }
 bytes       = { workspace = true }
 futures     = { workspace = true }
+tokio       = { workspace = true, features = ["fs"] }
 object_store = { version = "0.11" }

 [dev-dependencies]
--- a/crates/adapters/storage/src/lib.rs
+++ b/crates/adapters/storage/src/lib.rs
@@ -1,5 +1,7 @@
 pub mod adapter;
 pub mod config;
+pub mod local_file_storage;

 pub use adapter::ObjectStorageAdapter;
 pub use config::{StorageConfig, build_store};
+pub use local_file_storage::LocalFileStorage;
--- a/crates/adapters/storage/src/local_file_storage.rs
+++ b/crates/adapters/storage/src/local_file_storage.rs
@@ -0,0 +1,101 @@
+use async_trait::async_trait;
+use bytes::Bytes;
+use domain::errors::DomainError;
+use domain::ports::{FileEntry, FileStoragePort};
+use std::path::PathBuf;
+
+pub struct LocalFileStorage {
+    base_path: PathBuf,
+}
+
+impl LocalFileStorage {
+    pub fn new(base_path: impl Into<PathBuf>) -> Self {
+        Self {
+            base_path: base_path.into(),
+        }
+    }
+
+    fn resolve(&self, path: &str) -> Result<PathBuf, DomainError> {
+        let full = self.base_path.join(path);
+        // Prevent path traversal
+        if !full.starts_with(&self.base_path) {
+            return Err(DomainError::Validation(
+                "Path traversal not allowed".to_string(),
+            ));
+        }
+        Ok(full)
+    }
+}
+
+#[async_trait]
+impl FileStoragePort for LocalFileStorage {
+    async fn store_file(&self, path: &str, data: Bytes) -> Result<(), DomainError> {
+        let full = self.resolve(path)?;
+        if let Some(parent) = full.parent() {
+            tokio::fs::create_dir_all(parent)
+                .await
+                .map_err(|e| DomainError::Internal(format!("Failed to create dirs: {e}")))?;
+        }
+        tokio::fs::write(&full, &data)
+            .await
+            .map_err(|e| DomainError::Internal(format!("Failed to write file: {e}")))?;
+        Ok(())
+    }
+
+    async fn read_file(&self, path: &str) -> Result<Bytes, DomainError> {
+        let full = self.resolve(path)?;
+        let data = tokio::fs::read(&full)
+            .await
+            .map_err(|e| match e.kind() {
+                std::io::ErrorKind::NotFound => DomainError::NotFound(path.to_string()),
+                _ => DomainError::Internal(format!("Failed to read file: {e}")),
+            })?;
+        Ok(Bytes::from(data))
+    }
+
+    async fn delete_file(&self, path: &str) -> Result<(), DomainError> {
+        let full = self.resolve(path)?;
+        match tokio::fs::remove_file(&full).await {
+            Ok(()) => Ok(()),
+            Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(()),
+            Err(e) => Err(DomainError::Internal(format!("Failed to delete file: {e}"))),
+        }
+    }
+
+    async fn list_directory(&self, path: &str) -> Result<Vec<FileEntry>, DomainError> {
+        let full = self.resolve(path)?;
+        let mut entries = Vec::new();
+        let mut read_dir = tokio::fs::read_dir(&full)
+            .await
+            .map_err(|e| match e.kind() {
+                std::io::ErrorKind::NotFound => DomainError::NotFound(path.to_string()),
+                _ => DomainError::Internal(format!("Failed to read dir: {e}")),
+            })?;
+        while let Some(entry) = read_dir
+            .next_entry()
+            .await
+            .map_err(|e| DomainError::Internal(e.to_string()))?
+        {
+            let meta = entry
+                .metadata()
+                .await
+                .map_err(|e| DomainError::Internal(e.to_string()))?;
+            entries.push(FileEntry {
+                path: entry.file_name().to_string_lossy().to_string(),
+                size_bytes: meta.len(),
+                is_directory: meta.is_dir(),
+            });
+        }
+        Ok(entries)
+    }
+
+    async fn file_exists(&self, path: &str) -> Result<bool, DomainError> {
+        let full = self.resolve(path)?;
+        Ok(full.exists())
+    }
+
+    async fn available_space(&self) -> Result<u64, DomainError> {
+        // Simple stub: return a large number
+        Ok(u64::MAX)
+    }
+}
--- a/crates/api-types/Cargo.toml
+++ b/crates/api-types/Cargo.toml
@@ -4,8 +4,9 @@ version = "0.1.0"
 edition = "2024"

 [dependencies]
-domain  = { workspace = true }
-serde   = { workspace = true }
-uuid    = { workspace = true }
-chrono  = { workspace = true }
-utoipa  = { workspace = true }
+domain     = { workspace = true }
+serde      = { workspace = true }
+serde_json = { workspace = true }
+uuid       = { workspace = true }
+chrono     = { workspace = true }
+utoipa     = { workspace = true }
--- a/crates/api-types/src/requests.rs
+++ b/crates/api-types/src/requests.rs
@@ -15,3 +15,28 @@ pub struct LoginRequest {
 pub struct CreateAlbumRequest {
    pub title: String,
 }
+
+#[derive(Debug, serde::Deserialize, utoipa::ToSchema)]
+pub struct AlbumEntryRequest {
+    pub asset_id: uuid::Uuid,
+}
+
+#[derive(Debug, serde::Deserialize, utoipa::ToSchema)]
+pub struct RegisterVolumeRequest {
+    pub volume_name: String,
+    pub uri_prefix: String,
+    pub is_writable: bool,
+}
+
+#[derive(Debug, serde::Deserialize, utoipa::ToSchema)]
+pub struct RegisterLibraryPathRequest {
+    pub volume_id: uuid::Uuid,
+    pub relative_path: String,
+    pub owner_id: uuid::Uuid,
+    pub is_ingest_destination: bool,
+}
+
+#[derive(Debug, serde::Deserialize, utoipa::ToSchema)]
+pub struct UpdateMetadataRequest {
+    pub data: std::collections::HashMap<String, serde_json::Value>,
+}
--- a/crates/api-types/src/responses.rs
+++ b/crates/api-types/src/responses.rs
@@ -32,6 +32,7 @@ pub struct AlbumResponse {
    pub title: String,
    pub description: String,
    pub creator_id: Uuid,
+    pub asset_count: usize,
    pub created_at: DateTime<Utc>,
 }

@@ -42,7 +43,109 @@ impl AlbumResponse {
            title: album.title.clone(),
            description: album.description.clone(),
            creator_id: *album.creator_user_id.as_uuid(),
+            asset_count: album.asset_count(),
            created_at: *album.created_at.as_datetime(),
        }
    }
 }
+
+#[derive(Debug, serde::Serialize, utoipa::ToSchema)]
+pub struct AssetResponse {
+    pub id: Uuid,
+    pub asset_type: String,
+    pub mime_type: String,
+    pub file_size: u64,
+    pub is_processed: bool,
+    pub created_at: DateTime<Utc>,
+    pub metadata: std::collections::HashMap<String, serde_json::Value>,
+}
+
+impl AssetResponse {
+    pub fn from_domain(
+        asset: &domain::entities::Asset,
+        metadata: &domain::value_objects::StructuredData,
+    ) -> Self {
+        let meta_map = metadata
+            .inner()
+            .iter()
+            .map(|(k, v)| {
+                let json_val = match v {
+                    domain::value_objects::MetadataValue::String(s) => {
+                        serde_json::Value::String(s.clone())
+                    }
+                    domain::value_objects::MetadataValue::Integer(i) => {
+                        serde_json::json!(*i)
+                    }
+                    domain::value_objects::MetadataValue::Float(f) => {
+                        serde_json::json!(*f)
+                    }
+                    domain::value_objects::MetadataValue::Boolean(b) => {
+                        serde_json::Value::Bool(*b)
+                    }
+                    domain::value_objects::MetadataValue::Null => serde_json::Value::Null,
+                };
+                (k.clone(), json_val)
+            })
+            .collect();
+
+        Self {
+            id: *asset.asset_id.as_uuid(),
+            asset_type: format!("{:?}", asset.asset_type),
+            mime_type: asset.mime_type.clone(),
+            file_size: asset.file_size,
+            is_processed: asset.is_processed,
+            created_at: *asset.created_at.as_datetime(),
+            metadata: meta_map,
+        }
+    }
+}
+
+#[derive(Debug, serde::Serialize, utoipa::ToSchema)]
+pub struct TimelineResponse {
+    pub assets: Vec<AssetResponse>,
+    pub total: usize,
+}
+
+#[derive(Debug, serde::Serialize, utoipa::ToSchema)]
+pub struct VolumeResponse {
+    pub id: Uuid,
+    pub volume_name: String,
+    pub uri_prefix: String,
+    pub is_writable: bool,
+}
+
+impl VolumeResponse {
+    pub fn from_domain(volume: &domain::entities::StorageVolume) -> Self {
+        Self {
+            id: *volume.volume_id.as_uuid(),
+            volume_name: volume.volume_name.clone(),
+            uri_prefix: volume.uri_prefix.clone(),
+            is_writable: volume.is_writable,
+        }
+    }
+}
+
+#[derive(Debug, serde::Serialize, utoipa::ToSchema)]
+pub struct LibraryPathResponse {
+    pub id: Uuid,
+    pub volume_id: Uuid,
+    pub relative_path: String,
+    pub is_ingest_destination: bool,
+}
+
+impl LibraryPathResponse {
+    pub fn from_domain(path: &domain::entities::LibraryPath) -> Self {
+        Self {
+            id: *path.path_id.as_uuid(),
+            volume_id: *path.volume_id.as_uuid(),
+            relative_path: path.relative_path.clone(),
+            is_ingest_destination: path.is_ingest_destination,
+        }
+    }
+}
+
+#[derive(Debug, serde::Serialize, utoipa::ToSchema)]
+pub struct IngestResponse {
+    pub asset: AssetResponse,
+    pub session_id: Uuid,
+}
--- a/crates/bootstrap/Cargo.toml
+++ b/crates/bootstrap/Cargo.toml
@@ -21,6 +21,7 @@ adapters-postgres = { path = "../adapters/postgres" }

 tokio             = { workspace = true }
 anyhow            = { workspace = true }
+async-trait       = { workspace = true }
 tracing           = { workspace = true }
 tracing-subscriber = { workspace = true }
 dotenvy           = { workspace = true }
--- a/crates/bootstrap/src/factory.rs
+++ b/crates/bootstrap/src/factory.rs
@@ -9,21 +9,32 @@ use tower_http::{

 use adapters_auth::{BcryptPasswordHasher, JwtTokenIssuer};

-use adapters_postgres::{PostgresUserRepository, connect, run_migrations};
+use adapters_postgres::{
+    PostgresAlbumRepository, PostgresAssetMetadataRepository, PostgresAssetRepository,
+    PostgresIngestSessionRepository, PostgresLibraryPathRepository, PostgresQuotaRepository,
+    PostgresStorageVolumeRepository, PostgresUsageLedgerRepository, PostgresUserRepository,
+    connect, run_migrations,
+};

-use adapters_storage::{ObjectStorageAdapter, StorageConfig, build_store};
+use adapters_storage::{LocalFileStorage, ObjectStorageAdapter, StorageConfig, build_store};

-use application::identity::{GetProfileHandler, LoginUserHandler, RegisterUserHandler};
+use application::{
+    catalog::{GetAssetHandler, GetTimelineHandler, UpdateMetadataHandler},
+    identity::{GetProfileHandler, LoginUserHandler, RegisterUserHandler},
+    organization::{CreateAlbumHandler, GetAlbumHandler, ManageAlbumEntriesHandler},
+    storage::{IngestAssetHandler, RegisterLibraryPathHandler, RegisterVolumeHandler},
+};
 use presentation::{routes::app_router, state::AppState};

 use crate::config::Config;
+use crate::log_event_publisher::LogEventPublisher;

 pub async fn build_app(config: &Config) -> Result<Router> {
    let pool = connect(&config.database_url).await?;
    run_migrations(&pool).await?;

-    let user_repo = Arc::new(PostgresUserRepository::new(pool));
-
+    // Identity
+    let user_repo = Arc::new(PostgresUserRepository::new(pool.clone()));
    let hasher = Arc::new(BcryptPasswordHasher);
    let issuer = Arc::new(JwtTokenIssuer::new(&config.jwt_secret));

@@ -35,16 +46,75 @@ pub async fn build_app(config: &Config) -> Result<Router> {
    ));
    let get_profile_handler = Arc::new(GetProfileHandler::new(user_repo));

+    // Object storage
    let storage_cfg = StorageConfig::from_env()?;
    let store = build_store(&storage_cfg)?;
    let storage = Arc::new(ObjectStorageAdapter::new(store, &storage_cfg.prefix)?);

+    // Repos
+    let album_repo = Arc::new(PostgresAlbumRepository::new(pool.clone()));
+    let asset_repo = Arc::new(PostgresAssetRepository::new(pool.clone()));
+    let metadata_repo = Arc::new(PostgresAssetMetadataRepository::new(pool.clone()));
+    let volume_repo = Arc::new(PostgresStorageVolumeRepository::new(pool.clone()));
+    let path_repo = Arc::new(PostgresLibraryPathRepository::new(pool.clone()));
+    let session_repo = Arc::new(PostgresIngestSessionRepository::new(pool.clone()));
+    let quota_repo = Arc::new(PostgresQuotaRepository::new(pool.clone()));
+    let ledger_repo = Arc::new(PostgresUsageLedgerRepository::new(pool.clone()));
+    let event_publisher: Arc<LogEventPublisher> = Arc::new(LogEventPublisher);
+
+    // File storage for ingest
+    let storage_path = std::env::var("STORAGE_PATH").unwrap_or_else(|_| "./data/media".to_string());
+    let file_storage = Arc::new(LocalFileStorage::new(&storage_path));
+
+    // Album handlers
+    let create_album_handler = Arc::new(CreateAlbumHandler::new(album_repo.clone()));
+    let get_album_handler = Arc::new(GetAlbumHandler::new(album_repo.clone()));
+    let manage_album_entries_handler = Arc::new(ManageAlbumEntriesHandler::new(album_repo));
+
+    // Asset handlers
+    let ingest_asset_handler = Arc::new(IngestAssetHandler::new(
+        session_repo,
+        path_repo.clone(),
+        quota_repo,
+        ledger_repo,
+        asset_repo.clone(),
+        file_storage,
+        event_publisher.clone(),
+    ));
+    let get_asset_handler = Arc::new(GetAssetHandler::new(
+        asset_repo.clone(),
+        metadata_repo.clone(),
+    ));
+    let get_timeline_handler = Arc::new(GetTimelineHandler::new(
+        asset_repo.clone(),
+        metadata_repo.clone(),
+    ));
+    let update_metadata_handler = Arc::new(UpdateMetadataHandler::new(
+        asset_repo,
+        metadata_repo,
+        event_publisher,
+    ));
+
+    // Storage handlers
+    let register_volume_handler = Arc::new(RegisterVolumeHandler::new(volume_repo.clone()));
+    let register_library_path_handler =
+        Arc::new(RegisterLibraryPathHandler::new(volume_repo, path_repo));
+
    let state = AppState::new(
        register_handler,
        login_handler,
        get_profile_handler,
        issuer,
        storage,
+        create_album_handler,
+        get_album_handler,
+        manage_album_entries_handler,
+        ingest_asset_handler,
+        get_asset_handler,
+        get_timeline_handler,
+        update_metadata_handler,
+        register_volume_handler,
+        register_library_path_handler,
    );

    let cors = CorsLayer::new()
--- a/crates/bootstrap/src/lib.rs
+++ b/crates/bootstrap/src/lib.rs
@@ -1 +1,3 @@
-
+pub mod config;
+pub mod factory;
+pub mod log_event_publisher;
--- a/crates/bootstrap/src/log_event_publisher.rs
+++ b/crates/bootstrap/src/log_event_publisher.rs
@@ -0,0 +1,12 @@
+use async_trait::async_trait;
+use domain::{errors::DomainError, events::DomainEvent, ports::EventPublisher};
+
+pub struct LogEventPublisher;
+
+#[async_trait]
+impl EventPublisher for LogEventPublisher {
+    async fn publish(&self, event: DomainEvent) -> Result<(), DomainError> {
+        tracing::info!(?event, "domain event published");
+        Ok(())
+    }
+}
--- a/crates/bootstrap/src/main.rs
+++ b/crates/bootstrap/src/main.rs
@@ -3,6 +3,7 @@ use tracing::info;

 mod config;
 mod factory;
+mod log_event_publisher;

 #[tokio::main]
 async fn main() -> anyhow::Result<()> {
@@ -20,8 +21,8 @@ async fn main() -> anyhow::Result<()> {
    let addr: SocketAddr = format!("{}:{}", config.host, config.port).parse()?;
    let listener = tokio::net::TcpListener::bind(addr).await?;

-    info!("🚀 Server running at http://{addr}");
-    info!("📖 Scalar docs at http://{addr}/scalar");
+    info!("Server running at http://{addr}");
+    info!("Scalar docs at http://{addr}/scalar");

    axum::serve(listener, app).await?;
    Ok(())
--- a/crates/presentation/Cargo.toml
+++ b/crates/presentation/Cargo.toml
@@ -7,13 +7,15 @@ edition = "2024"
 domain        = { workspace = true }
 application   = { workspace = true }
 api-types     = { path = "../api-types" }
-axum          = { workspace = true }
+axum          = { workspace = true, features = ["multipart"] }
 tower-http    = { workspace = true }
 serde         = { workspace = true }
 serde_json    = { workspace = true }
 uuid          = { workspace = true }
 chrono        = { workspace = true }
+bytes         = { workspace = true }
 tracing       = { workspace = true }
 async-trait   = { workspace = true }
+sha2          = { workspace = true }
 utoipa        = { workspace = true }
 utoipa-scalar = { workspace = true }
--- a/crates/presentation/src/handlers/albums.rs
+++ b/crates/presentation/src/handlers/albums.rs
@@ -0,0 +1,72 @@
+use crate::{errors::AppError, extractors::JwtClaims, state::AppState};
+use api_types::{
+    requests::{AlbumEntryRequest, CreateAlbumRequest},
+    responses::AlbumResponse,
+};
+use application::organization::{
+    AlbumAction, CreateAlbumCommand, GetAlbumQuery, ManageAlbumEntriesCommand,
+};
+use axum::{
+    Json,
+    extract::{Path, State},
+    http::StatusCode,
+};
+use domain::value_objects::SystemId;
+
+pub async fn create_album(
+    State(state): State<AppState>,
+    claims: JwtClaims,
+    Json(req): Json<CreateAlbumRequest>,
+) -> Result<(StatusCode, Json<AlbumResponse>), AppError> {
+    let cmd = CreateAlbumCommand {
+        title: req.title,
+        creator_id: claims.user_id,
+    };
+    let album = state.create_album_handler.execute(cmd).await?;
+    Ok((StatusCode::CREATED, Json(AlbumResponse::from_domain(&album))))
+}
+
+pub async fn get_album(
+    State(state): State<AppState>,
+    _claims: JwtClaims,
+    Path((album_id,)): Path<(uuid::Uuid,)>,
+) -> Result<Json<AlbumResponse>, AppError> {
+    let query = GetAlbumQuery {
+        album_id: SystemId::from_uuid(album_id),
+    };
+    let album = state.get_album_handler.execute(query).await?;
+    Ok(Json(AlbumResponse::from_domain(&album)))
+}
+
+pub async fn add_entry(
+    State(state): State<AppState>,
+    claims: JwtClaims,
+    Path((album_id,)): Path<(uuid::Uuid,)>,
+    Json(req): Json<AlbumEntryRequest>,
+) -> Result<(StatusCode, Json<AlbumResponse>), AppError> {
+    let cmd = ManageAlbumEntriesCommand {
+        album_id: SystemId::from_uuid(album_id),
+        action: AlbumAction::Add {
+            asset_id: SystemId::from_uuid(req.asset_id),
+        },
+        user_id: claims.user_id,
+    };
+    let album = state.manage_album_entries_handler.execute(cmd).await?;
+    Ok((StatusCode::OK, Json(AlbumResponse::from_domain(&album))))
+}
+
+pub async fn remove_entry(
+    State(state): State<AppState>,
+    claims: JwtClaims,
+    Path((album_id, asset_id)): Path<(uuid::Uuid, uuid::Uuid)>,
+) -> Result<Json<AlbumResponse>, AppError> {
+    let cmd = ManageAlbumEntriesCommand {
+        album_id: SystemId::from_uuid(album_id),
+        action: AlbumAction::Remove {
+            asset_id: SystemId::from_uuid(asset_id),
+        },
+        user_id: claims.user_id,
+    };
+    let album = state.manage_album_entries_handler.execute(cmd).await?;
+    Ok(Json(AlbumResponse::from_domain(&album)))
+}
--- a/crates/presentation/src/handlers/assets.rs
+++ b/crates/presentation/src/handlers/assets.rs
@@ -0,0 +1,173 @@
+use crate::{errors::AppError, extractors::JwtClaims, state::AppState};
+use api_types::{
+    requests::UpdateMetadataRequest,
+    responses::{AssetResponse, IngestResponse, TimelineResponse},
+};
+use application::{
+    catalog::{GetAssetQuery, GetTimelineQuery, UpdateMetadataCommand},
+    storage::IngestAssetCommand,
+};
+use axum::{
+    Json,
+    extract::{Multipart, Path, Query, State},
+    http::StatusCode,
+};
+use domain::value_objects::{MetadataValue, StructuredData, SystemId};
+use sha2::{Digest, Sha256};
+
+#[derive(Debug, serde::Deserialize)]
+pub struct TimelineParams {
+    pub limit: Option<u32>,
+    pub offset: Option<u32>,
+}
+
+pub async fn ingest(
+    State(state): State<AppState>,
+    claims: JwtClaims,
+    mut multipart: Multipart,
+) -> Result<(StatusCode, Json<IngestResponse>), AppError> {
+    let mut file_data: Option<bytes::Bytes> = None;
+    let mut filename: Option<String> = None;
+    let mut target_path_id: Option<uuid::Uuid> = None;
+    let mut client_device_id = "web".to_string();
+
+    while let Some(field) = multipart
+        .next_field()
+        .await
+        .map_err(|e| AppError::from(domain::errors::DomainError::Validation(e.to_string())))?
+    {
+        let name = field.name().unwrap_or("").to_string();
+        match name.as_str() {
+            "file" => {
+                filename = field.file_name().map(|s| s.to_string());
+                let data = field
+                    .bytes()
+                    .await
+                    .map_err(|e| {
+                        AppError::from(domain::errors::DomainError::Internal(e.to_string()))
+                    })?;
+                file_data = Some(data);
+            }
+            "target_path_id" => {
+                let text = field
+                    .text()
+                    .await
+                    .map_err(|e| {
+                        AppError::from(domain::errors::DomainError::Validation(e.to_string()))
+                    })?;
+                target_path_id = Some(text.parse::<uuid::Uuid>().map_err(|e| {
+                    AppError::from(domain::errors::DomainError::Validation(e.to_string()))
+                })?);
+            }
+            "client_device_id" => {
+                client_device_id = field
+                    .text()
+                    .await
+                    .map_err(|e| {
+                        AppError::from(domain::errors::DomainError::Validation(e.to_string()))
+                    })?;
+            }
+            _ => {}
+        }
+    }
+
+    let data = file_data
+        .ok_or_else(|| AppError::from(domain::errors::DomainError::Validation("Missing file field".to_string())))?;
+    let fname = filename
+        .ok_or_else(|| AppError::from(domain::errors::DomainError::Validation("Missing filename".to_string())))?;
+    let path_id = target_path_id
+        .ok_or_else(|| AppError::from(domain::errors::DomainError::Validation("Missing target_path_id".to_string())))?;
+
+    let mut hasher = Sha256::new();
+    hasher.update(&data);
+    let checksum = format!("{:x}", hasher.finalize());
+
+    let file_size = data.len() as u64;
+
+    let cmd = IngestAssetCommand {
+        uploader_id: claims.user_id,
+        client_device_id,
+        filename: fname,
+        checksum,
+        target_path_id: SystemId::from_uuid(path_id),
+        file_size,
+        data,
+    };
+
+    let (asset, session) = state.ingest_asset_handler.execute(cmd).await?;
+    let empty_meta = StructuredData::new();
+
+    Ok((
+        StatusCode::CREATED,
+        Json(IngestResponse {
+            asset: AssetResponse::from_domain(&asset, &empty_meta),
+            session_id: *session.session_id.as_uuid(),
+        }),
+    ))
+}
+
+pub async fn get_asset(
+    State(state): State<AppState>,
+    _claims: JwtClaims,
+    Path((asset_id,)): Path<(uuid::Uuid,)>,
+) -> Result<Json<AssetResponse>, AppError> {
+    let query = GetAssetQuery {
+        asset_id: SystemId::from_uuid(asset_id),
+    };
+    let (asset, metadata) = state.get_asset_handler.execute(query).await?;
+    Ok(Json(AssetResponse::from_domain(&asset, &metadata)))
+}
+
+pub async fn timeline(
+    State(state): State<AppState>,
+    claims: JwtClaims,
+    Query(params): Query<TimelineParams>,
+) -> Result<Json<TimelineResponse>, AppError> {
+    let query = GetTimelineQuery {
+        owner_id: claims.user_id,
+        limit: params.limit.unwrap_or(50),
+        offset: params.offset.unwrap_or(0),
+    };
+    let results = state.get_timeline_handler.execute(query).await?;
+    let total = results.len();
+    let assets = results
+        .iter()
+        .map(|(asset, meta)| AssetResponse::from_domain(asset, meta))
+        .collect();
+    Ok(Json(TimelineResponse { assets, total }))
+}
+
+pub async fn update_metadata(
+    State(state): State<AppState>,
+    claims: JwtClaims,
+    Path((asset_id,)): Path<(uuid::Uuid,)>,
+    Json(req): Json<UpdateMetadataRequest>,
+) -> Result<Json<serde_json::Value>, AppError> {
+    let mut data = StructuredData::new();
+    for (k, v) in req.data {
+        let mv = match v {
+            serde_json::Value::String(s) => MetadataValue::String(s),
+            serde_json::Value::Number(n) => {
+                if let Some(i) = n.as_i64() {
+                    MetadataValue::Integer(i)
+                } else if let Some(f) = n.as_f64() {
+                    MetadataValue::Float(f)
+                } else {
+                    MetadataValue::Null
+                }
+            }
+            serde_json::Value::Bool(b) => MetadataValue::Boolean(b),
+            serde_json::Value::Null => MetadataValue::Null,
+            _ => MetadataValue::String(v.to_string()),
+        };
+        data.insert(k, mv);
+    }
+
+    let cmd = UpdateMetadataCommand {
+        asset_id: SystemId::from_uuid(asset_id),
+        user_id: claims.user_id,
+        data,
+    };
+    state.update_metadata_handler.execute(cmd).await?;
+    Ok(Json(serde_json::json!({ "status": "updated" })))
+}
--- a/crates/presentation/src/handlers/mod.rs
+++ b/crates/presentation/src/handlers/mod.rs
@@ -1,2 +1,5 @@
+pub mod albums;
+pub mod assets;
 pub mod auth;
 pub mod health;
+pub mod storage;
--- a/crates/presentation/src/handlers/storage.rs
+++ b/crates/presentation/src/handlers/storage.rs
@@ -0,0 +1,37 @@
+use crate::{errors::AppError, extractors::JwtClaims, state::AppState};
+use api_types::{
+    requests::{RegisterLibraryPathRequest, RegisterVolumeRequest},
+    responses::{LibraryPathResponse, VolumeResponse},
+};
+use application::storage::{RegisterLibraryPathCommand, RegisterVolumeCommand};
+use axum::{Json, extract::State, http::StatusCode};
+use domain::value_objects::SystemId;
+
+pub async fn register_volume(
+    State(state): State<AppState>,
+    _claims: JwtClaims,
+    Json(req): Json<RegisterVolumeRequest>,
+) -> Result<(StatusCode, Json<VolumeResponse>), AppError> {
+    let cmd = RegisterVolumeCommand {
+        volume_name: req.volume_name,
+        uri_prefix: req.uri_prefix,
+        is_writable: req.is_writable,
+    };
+    let volume = state.register_volume_handler.execute(cmd).await?;
+    Ok((StatusCode::CREATED, Json(VolumeResponse::from_domain(&volume))))
+}
+
+pub async fn register_library_path(
+    State(state): State<AppState>,
+    _claims: JwtClaims,
+    Json(req): Json<RegisterLibraryPathRequest>,
+) -> Result<(StatusCode, Json<LibraryPathResponse>), AppError> {
+    let cmd = RegisterLibraryPathCommand {
+        volume_id: SystemId::from_uuid(req.volume_id),
+        relative_path: req.relative_path,
+        owner_id: SystemId::from_uuid(req.owner_id),
+        is_ingest_destination: req.is_ingest_destination,
+    };
+    let path = state.register_library_path_handler.execute(cmd).await?;
+    Ok((StatusCode::CREATED, Json(LibraryPathResponse::from_domain(&path))))
+}
--- a/crates/presentation/src/routes.rs
+++ b/crates/presentation/src/routes.rs
@@ -1,18 +1,32 @@
 use crate::{
-    handlers::{auth, health},
+    handlers::{albums, assets, auth, health, storage},
    openapi::openapi_router,
    state::AppState,
 };
 use axum::{
    Router,
-    routing::{get, post},
+    routing::{delete, get, post, put},
 };

 pub fn api_v1_router() -> Router<AppState> {
    Router::new()
+        // auth
        .route("/auth/register", post(auth::register))
        .route("/auth/login", post(auth::login))
        .route("/auth/me", get(auth::me))
+        // albums
+        .route("/albums", post(albums::create_album))
+        .route("/albums/:id", get(albums::get_album))
+        .route("/albums/:id/entries", post(albums::add_entry))
+        .route("/albums/:id/entries/:asset_id", delete(albums::remove_entry))
+        // assets
+        .route("/assets/ingest", post(assets::ingest))
+        .route("/assets/timeline", get(assets::timeline))
+        .route("/assets/:id", get(assets::get_asset))
+        .route("/assets/:id/metadata", put(assets::update_metadata))
+        // storage
+        .route("/storage/volumes", post(storage::register_volume))
+        .route("/storage/library-paths", post(storage::register_library_path))
 }

 pub fn app_router() -> Router<AppState> {
--- a/crates/presentation/src/state.rs
+++ b/crates/presentation/src/state.rs
@@ -1,4 +1,9 @@
-use application::identity::{GetProfileHandler, LoginUserHandler, RegisterUserHandler};
+use application::{
+    catalog::{GetAssetHandler, GetTimelineHandler, UpdateMetadataHandler},
+    identity::{GetProfileHandler, LoginUserHandler, RegisterUserHandler},
+    organization::{CreateAlbumHandler, GetAlbumHandler, ManageAlbumEntriesHandler},
+    storage::{IngestAssetHandler, RegisterLibraryPathHandler, RegisterVolumeHandler},
+};
 use std::sync::Arc;

 use domain::ports::{StoragePort, TokenIssuer};
@@ -10,15 +15,34 @@ pub struct AppState {
    pub get_profile_handler: Arc<GetProfileHandler>,
    pub token_issuer: Arc<dyn TokenIssuer>,
    pub storage: Arc<dyn StoragePort>,
+    pub create_album_handler: Arc<CreateAlbumHandler>,
+    pub get_album_handler: Arc<GetAlbumHandler>,
+    pub manage_album_entries_handler: Arc<ManageAlbumEntriesHandler>,
+    pub ingest_asset_handler: Arc<IngestAssetHandler>,
+    pub get_asset_handler: Arc<GetAssetHandler>,
+    pub get_timeline_handler: Arc<GetTimelineHandler>,
+    pub update_metadata_handler: Arc<UpdateMetadataHandler>,
+    pub register_volume_handler: Arc<RegisterVolumeHandler>,
+    pub register_library_path_handler: Arc<RegisterLibraryPathHandler>,
 }

 impl AppState {
+    #[allow(clippy::too_many_arguments)]
    pub fn new(
        register_handler: Arc<RegisterUserHandler>,
        login_handler: Arc<LoginUserHandler>,
        get_profile_handler: Arc<GetProfileHandler>,
        token_issuer: Arc<dyn TokenIssuer>,
        storage: Arc<dyn StoragePort>,
+        create_album_handler: Arc<CreateAlbumHandler>,
+        get_album_handler: Arc<GetAlbumHandler>,
+        manage_album_entries_handler: Arc<ManageAlbumEntriesHandler>,
+        ingest_asset_handler: Arc<IngestAssetHandler>,
+        get_asset_handler: Arc<GetAssetHandler>,
+        get_timeline_handler: Arc<GetTimelineHandler>,
+        update_metadata_handler: Arc<UpdateMetadataHandler>,
+        register_volume_handler: Arc<RegisterVolumeHandler>,
+        register_library_path_handler: Arc<RegisterLibraryPathHandler>,
    ) -> Self {
        Self {
            register_handler,
@@ -26,6 +50,15 @@ impl AppState {
            get_profile_handler,
            token_issuer,
            storage,
+            create_album_handler,
+            get_album_handler,
+            manage_album_entries_handler,
+            ingest_asset_handler,
+            get_asset_handler,
+            get_timeline_handler,
+            update_metadata_handler,
+            register_volume_handler,
+            register_library_path_handler,
        }
    }
 }