refactor: move business logic out of presentation — ReadAssetFile, checksum, auth checks, MetadataValue conversions

2026-05-31 06:10:07 +02:00
parent 0f003a3bd6
commit 34b231a8f6
18 changed files with 256 additions and 43 deletions
--- a/crates/application/src/catalog/mod.rs
+++ b/crates/application/src/catalog/mod.rs
@@ -5,3 +5,4 @@ pub use commands::register_asset::{RegisterAssetCommand, RegisterAssetHandler};
 pub use commands::update_metadata::{UpdateMetadataCommand, UpdateMetadataHandler};
 pub use queries::get_asset::{GetAssetHandler, GetAssetQuery};
 pub use queries::get_timeline::{GetTimelineHandler, GetTimelineQuery};
+pub use queries::read_asset_file::{AssetFileResult, ReadAssetFileHandler, ReadAssetFileQuery};
--- a/crates/application/src/catalog/queries/get_asset.rs
+++ b/crates/application/src/catalog/queries/get_asset.rs
@@ -10,6 +10,7 @@ use std::sync::Arc;
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
 pub struct GetAssetQuery {
    pub asset_id: SystemId,
+    pub user_id: SystemId,
 }

 pub struct GetAssetHandler {
@@ -38,6 +39,10 @@ impl GetAssetHandler {
            .await?
            .ok_or_else(|| DomainError::NotFound(format!("Asset {} not found", query.asset_id)))?;

+        if asset.owner_user_id != query.user_id {
+            return Err(DomainError::Forbidden("Access denied".to_string()));
+        }
+
        let layers = self.metadata_repo.find_by_asset(&asset.asset_id).await?;
        let resolved = resolve_metadata(&layers);

--- a/crates/application/src/catalog/queries/mod.rs
+++ b/crates/application/src/catalog/queries/mod.rs
@@ -1,2 +1,3 @@
 pub mod get_asset;
 pub mod get_timeline;
+pub mod read_asset_file;
--- a/crates/application/src/catalog/queries/read_asset_file.rs
+++ b/crates/application/src/catalog/queries/read_asset_file.rs
@@ -0,0 +1,62 @@
+use bytes::Bytes;
+use domain::{
+    errors::DomainError,
+    ports::{AssetRepository, FileStoragePort},
+    value_objects::SystemId,
+};
+use std::sync::Arc;
+
+#[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
+pub struct ReadAssetFileQuery {
+    pub asset_id: SystemId,
+}
+
+pub struct AssetFileResult {
+    pub data: Bytes,
+    pub mime_type: String,
+    pub filename: String,
+}
+
+pub struct ReadAssetFileHandler {
+    asset_repo: Arc<dyn AssetRepository>,
+    file_storage: Arc<dyn FileStoragePort>,
+}
+
+impl ReadAssetFileHandler {
+    pub fn new(
+        asset_repo: Arc<dyn AssetRepository>,
+        file_storage: Arc<dyn FileStoragePort>,
+    ) -> Self {
+        Self {
+            asset_repo,
+            file_storage,
+        }
+    }
+
+    pub async fn execute(&self, query: ReadAssetFileQuery) -> Result<AssetFileResult, DomainError> {
+        let asset = self
+            .asset_repo
+            .find_by_id(&query.asset_id)
+            .await?
+            .ok_or_else(|| DomainError::NotFound(format!("Asset {} not found", query.asset_id)))?;
+
+        let data = self
+            .file_storage
+            .read_file(&asset.source_reference.relative_path)
+            .await?;
+
+        let filename = asset
+            .source_reference
+            .relative_path
+            .rsplit('/')
+            .next()
+            .unwrap_or(&asset.source_reference.relative_path)
+            .to_string();
+
+        Ok(AssetFileResult {
+            data,
+            mime_type: asset.mime_type,
+            filename,
+        })
+    }
+}
--- a/crates/application/src/organization/commands/manage_album_entries.rs
+++ b/crates/application/src/organization/commands/manage_album_entries.rs
@@ -32,6 +32,10 @@ impl ManageAlbumEntriesHandler {
            .await?
            .ok_or_else(|| DomainError::NotFound(format!("Album {} not found", cmd.album_id)))?;

+        if album.creator_user_id != cmd.user_id {
+            return Err(DomainError::Forbidden("Access denied".to_string()));
+        }
+
        match cmd.action {
            AlbumAction::Add { asset_id } => album.add_asset(asset_id, cmd.user_id)?,
            AlbumAction::Remove { asset_id } => album.remove_asset(&asset_id)?,
--- a/crates/application/src/organization/queries/get_album.rs
+++ b/crates/application/src/organization/queries/get_album.rs
@@ -6,6 +6,7 @@ use std::sync::Arc;
 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
 pub struct GetAlbumQuery {
    pub album_id: SystemId,
+    pub user_id: SystemId,
 }

 pub struct GetAlbumHandler {
@@ -18,9 +19,16 @@ impl GetAlbumHandler {
    }

    pub async fn execute(&self, query: GetAlbumQuery) -> Result<Album, DomainError> {
-        self.album_repo
+        let album = self
+            .album_repo
            .find_by_id(&query.album_id)
            .await?
-            .ok_or_else(|| DomainError::NotFound(format!("Album {} not found", query.album_id)))
+            .ok_or_else(|| DomainError::NotFound(format!("Album {} not found", query.album_id)))?;
+
+        if album.creator_user_id != query.user_id {
+            return Err(DomainError::Forbidden("Access denied".to_string()));
+        }
+
+        Ok(album)
    }
 }
--- a/crates/application/src/storage/commands/ingest_asset.rs
+++ b/crates/application/src/storage/commands/ingest_asset.rs
@@ -11,6 +11,7 @@ use domain::{
    },
    value_objects::{Checksum, DateTimeStamp, SystemId},
 };
+use sha2::{Digest, Sha256};
 use std::sync::Arc;

 #[derive(Debug, Clone, serde::Serialize, serde::Deserialize)]
@@ -18,7 +19,6 @@ pub struct IngestAssetCommand {
    pub uploader_id: SystemId,
    pub client_device_id: String,
    pub filename: String,
-    pub checksum: String,
    pub target_path_id: SystemId,
    pub file_size: u64,
    #[serde(skip)]
@@ -60,7 +60,10 @@ impl IngestAssetHandler {
        &self,
        cmd: IngestAssetCommand,
    ) -> Result<(Asset, IngestSession), DomainError> {
-        let checksum = Checksum::new(&cmd.checksum)?;
+        let mut hasher = Sha256::new();
+        hasher.update(&cmd.data);
+        let checksum_hex = format!("{:x}", hasher.finalize());
+        let checksum = Checksum::new(checksum_hex)?;

        let path = self
            .path_repo