refactor: move business logic out of presentation — ReadAssetFile, checksum, auth checks, MetadataValue conversions

2026-05-31 06:10:07 +02:00
parent 0f003a3bd6
commit 34b231a8f6
18 changed files with 256 additions and 43 deletions
--- a/crates/application/tests/catalog/queries/get_asset.rs
+++ b/crates/application/tests/catalog/queries/get_asset.rs
@@ -16,12 +16,13 @@ async fn returns_asset_with_resolved_metadata() {
        relative_path: "photos/img.jpg".into(),
        checksum: Checksum::new("a".repeat(64)).unwrap(),
    };
+    let owner = SystemId::new();
    let asset = Asset::new(
        source,
        AssetType::Image,
        "image/jpeg",
        1024,
-        SystemId::new(),
+        owner,
    );
    asset_repo.save(&asset).await.unwrap();

@@ -42,6 +43,7 @@ async fn returns_asset_with_resolved_metadata() {
    let (returned, resolved) = handler
        .execute(GetAssetQuery {
            asset_id: asset.asset_id,
+            user_id: owner,
        })
        .await
        .unwrap();
@@ -62,8 +64,35 @@ async fn rejects_nonexistent() {
    let result = handler
        .execute(GetAssetQuery {
            asset_id: SystemId::new(),
+            user_id: SystemId::new(),
        })
        .await;

    assert!(matches!(result, Err(DomainError::NotFound(_))));
 }
+
+#[tokio::test]
+async fn rejects_forbidden_access() {
+    let asset_repo = Arc::new(InMemoryAssetRepository::new());
+    let meta_repo = Arc::new(InMemoryAssetMetadataRepository::new());
+
+    let source = SourceReference {
+        volume_id: SystemId::new(),
+        relative_path: "photos/img.jpg".into(),
+        checksum: Checksum::new("a".repeat(64)).unwrap(),
+    };
+    let owner = SystemId::new();
+    let asset = Asset::new(source, AssetType::Image, "image/jpeg", 1024, owner);
+    asset_repo.save(&asset).await.unwrap();
+
+    let handler = GetAssetHandler::new(asset_repo, meta_repo);
+    let other_user = SystemId::new();
+    let result = handler
+        .execute(GetAssetQuery {
+            asset_id: asset.asset_id,
+            user_id: other_user,
+        })
+        .await;
+
+    assert!(matches!(result, Err(DomainError::Forbidden(_))));
+}
--- a/crates/application/tests/catalog/queries/mod.rs
+++ b/crates/application/tests/catalog/queries/mod.rs
@@ -1,2 +1,3 @@
 mod get_asset;
 mod get_timeline;
+mod read_asset_file;
--- a/crates/application/tests/catalog/queries/read_asset_file.rs
+++ b/crates/application/tests/catalog/queries/read_asset_file.rs
@@ -0,0 +1,55 @@
+use application::catalog::{ReadAssetFileHandler, ReadAssetFileQuery};
+use application::testing::{InMemoryAssetRepository, InMemoryFileStorage};
+use bytes::Bytes;
+use domain::catalog::entities::{Asset, AssetType, SourceReference};
+use domain::errors::DomainError;
+use domain::ports::{AssetRepository, FileStoragePort};
+use domain::value_objects::{Checksum, SystemId};
+use std::sync::Arc;
+
+#[tokio::test]
+async fn reads_file_successfully() {
+    let asset_repo = Arc::new(InMemoryAssetRepository::new());
+    let file_storage = Arc::new(InMemoryFileStorage::new());
+
+    let source = SourceReference {
+        volume_id: SystemId::new(),
+        relative_path: "photos/inbox/cat.jpg".into(),
+        checksum: Checksum::new("a".repeat(64)).unwrap(),
+    };
+    let asset = Asset::new(source, AssetType::Image, "image/jpeg", 512, SystemId::new());
+    asset_repo.save(&asset).await.unwrap();
+
+    let file_data = Bytes::from(vec![0xFFu8; 512]);
+    file_storage
+        .store_file("photos/inbox/cat.jpg", file_data.clone())
+        .await
+        .unwrap();
+
+    let handler = ReadAssetFileHandler::new(asset_repo, file_storage);
+    let result = handler
+        .execute(ReadAssetFileQuery {
+            asset_id: asset.asset_id,
+        })
+        .await
+        .unwrap();
+
+    assert_eq!(result.data, file_data);
+    assert_eq!(result.mime_type, "image/jpeg");
+    assert_eq!(result.filename, "cat.jpg");
+}
+
+#[tokio::test]
+async fn rejects_nonexistent_asset() {
+    let asset_repo = Arc::new(InMemoryAssetRepository::new());
+    let file_storage = Arc::new(InMemoryFileStorage::new());
+
+    let handler = ReadAssetFileHandler::new(asset_repo, file_storage);
+    let result = handler
+        .execute(ReadAssetFileQuery {
+            asset_id: SystemId::new(),
+        })
+        .await;
+
+    assert!(matches!(result, Err(DomainError::NotFound(_))));
+}
--- a/crates/application/tests/organization/commands/manage_album_entries.rs
+++ b/crates/application/tests/organization/commands/manage_album_entries.rs
@@ -111,3 +111,23 @@ async fn rejects_duplicate_add() {
        .await;
    assert!(matches!(result, Err(DomainError::Conflict(_))));
 }
+
+#[tokio::test]
+async fn rejects_forbidden_access() {
+    let repo = Arc::new(InMemoryAlbumRepository::new());
+    let creator = SystemId::new();
+    let album_id = setup_album(&repo, creator).await;
+
+    let handler = ManageAlbumEntriesHandler::new(repo);
+    let other_user = SystemId::new();
+    let result = handler
+        .execute(ManageAlbumEntriesCommand {
+            album_id,
+            action: AlbumAction::Add {
+                asset_id: SystemId::new(),
+            },
+            user_id: other_user,
+        })
+        .await;
+    assert!(matches!(result, Err(DomainError::Forbidden(_))));
+}
--- a/crates/application/tests/organization/queries/get_album.rs
+++ b/crates/application/tests/organization/queries/get_album.rs
@@ -24,6 +24,7 @@ async fn returns_album() {
    let found = query_handler
        .execute(GetAlbumQuery {
            album_id: album.album_id,
+            user_id: creator,
        })
        .await
        .unwrap();
@@ -39,7 +40,33 @@ async fn rejects_nonexistent() {
    let result = handler
        .execute(GetAlbumQuery {
            album_id: SystemId::new(),
+            user_id: SystemId::new(),
        })
        .await;
    assert!(matches!(result, Err(DomainError::NotFound(_))));
 }
+
+#[tokio::test]
+async fn rejects_forbidden_access() {
+    let repo = Arc::new(InMemoryAlbumRepository::new());
+    let creator = SystemId::new();
+
+    let create_handler = CreateAlbumHandler::new(repo.clone());
+    let album = create_handler
+        .execute(CreateAlbumCommand {
+            title: "Private Album".into(),
+            creator_id: creator,
+        })
+        .await
+        .unwrap();
+
+    let query_handler = GetAlbumHandler::new(repo);
+    let other_user = SystemId::new();
+    let result = query_handler
+        .execute(GetAlbumQuery {
+            album_id: album.album_id,
+            user_id: other_user,
+        })
+        .await;
+    assert!(matches!(result, Err(DomainError::Forbidden(_))));
+}
--- a/crates/application/tests/storage/commands/ingest_asset.rs
+++ b/crates/application/tests/storage/commands/ingest_asset.rs
@@ -77,9 +77,6 @@ impl Harness {
    }
 }

-fn valid_checksum() -> String {
-    "a".repeat(64)
-}

 #[tokio::test]
 async fn ingests_successfully() {
@@ -93,7 +90,6 @@ async fn ingests_successfully() {
            uploader_id: user,
            client_device_id: "iphone-1".into(),
            filename: "photo.jpg".into(),
-            checksum: valid_checksum(),
            target_path_id: path_id,
            file_size: 1024,
            data: Bytes::from(vec![0u8; 1024]),
@@ -124,7 +120,6 @@ async fn rejects_quota_exceeded() {
            uploader_id: user,
            client_device_id: "iphone-1".into(),
            filename: "big.jpg".into(),
-            checksum: valid_checksum(),
            target_path_id: path_id,
            file_size: 1024,
            data: Bytes::from(vec![0u8; 1024]),
@@ -134,28 +129,6 @@ async fn rejects_quota_exceeded() {
    assert!(matches!(result, Err(DomainError::QuotaExceeded(_))));
 }

-#[tokio::test]
-async fn rejects_invalid_checksum() {
-    let h = Harness::new();
-    let user = SystemId::new();
-    let path_id = h.setup_volume_and_path(user).await;
-
-    let handler = h.ingest_handler();
-    let result = handler
-        .execute(IngestAssetCommand {
-            uploader_id: user,
-            client_device_id: "iphone-1".into(),
-            filename: "photo.jpg".into(),
-            checksum: "tooshort".into(),
-            target_path_id: path_id,
-            file_size: 1024,
-            data: Bytes::from(vec![0u8; 1024]),
-        })
-        .await;
-
-    assert!(matches!(result, Err(DomainError::Validation(_))));
-}
-
 #[tokio::test]
 async fn rejects_non_ingest_path() {
    let h = Harness::new();
@@ -187,7 +160,6 @@ async fn rejects_non_ingest_path() {
            uploader_id: user,
            client_device_id: "iphone-1".into(),
            filename: "photo.jpg".into(),
-            checksum: valid_checksum(),
            target_path_id: path.path_id,
            file_size: 1024,
            data: Bytes::from(vec![0u8; 1024]),