changing routes and hierarchy of files for memories

server/src/routes/memories/immich.ts

@@ -0,0 +1,147 @@
+import express, { Request, Response, NextFunction } from 'express';
+import { db, canAccessTrip } from '../../db/database';
+import { authenticate } from '../../middleware/auth';
+import { broadcast } from '../../websocket';
+import { AuthRequest } from '../../types';
+import { consumeEphemeralToken } from '../../services/ephemeralTokens';
+import { getClientIp } from '../../services/auditLog';
+import {
+  getConnectionSettings,
+  saveImmichSettings,
+  testConnection,
+  getConnectionStatus,
+  browseTimeline,
+  searchPhotos,
+  proxyThumbnail,
+  proxyOriginal,
+  listAlbums,
+  syncAlbumAssets,
+  getAssetInfo,
+} from '../../services/memories/immichService';
+import { canAccessUserPhoto } from '../../services/memories/helpersService';
+
+const router = express.Router();
+
+// ── Dual auth middleware (JWT or ephemeral token for <img> src) ─────────────
+function authFromQuery(req: Request, res: Response, next: NextFunction) {
+  const queryToken = req.query.token as string | undefined;
+  if (queryToken) {
+    const userId = consumeEphemeralToken(queryToken, 'immich');
+    if (!userId) return res.status(401).send('Invalid or expired token');
+    const user = db.prepare('SELECT id, username, email, role, mfa_enabled FROM users WHERE id = ?').get(userId) as any;
+    if (!user) return res.status(401).send('User not found');
+    (req as AuthRequest).user = user;
+    return next();
+  }
+  return (authenticate as any)(req, res, next);
+}
+
+// ── Immich Connection Settings ─────────────────────────────────────────────
+
+router.get('/settings', authenticate, (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  res.json(getConnectionSettings(authReq.user.id));
+});
+
+router.put('/settings', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const { immich_url, immich_api_key } = req.body;
+  const result = await saveImmichSettings(authReq.user.id, immich_url, immich_api_key, getClientIp(req));
+  if (!result.success) return res.status(400).json({ error: result.error });
+  if (result.warning) return res.json({ success: true, warning: result.warning });
+  res.json({ success: true });
+});
+
+router.get('/status', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  res.json(await getConnectionStatus(authReq.user.id));
+});
+
+router.post('/test', authenticate, async (req: Request, res: Response) => {
+  const { immich_url, immich_api_key } = req.body;
+  if (!immich_url || !immich_api_key) return res.json({ connected: false, error: 'URL and API key required' });
+  res.json(await testConnection(immich_url, immich_api_key));
+});
+
+// ── Browse Immich Library (for photo picker) ───────────────────────────────
+
+router.get('/browse', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const result = await browseTimeline(authReq.user.id);
+  if (result.error) return res.status(result.status!).json({ error: result.error });
+  res.json({ buckets: result.buckets });
+});
+
+router.post('/search', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const { from, to } = req.body;
+  const result = await searchPhotos(authReq.user.id, from, to);
+  if (result.error) return res.status(result.status!).json({ error: result.error });
+  res.json({ assets: result.assets });
+});
+
+// ── Asset Details ──────────────────────────────────────────────────────────
+
+router.get('/assets/:tripId/:assetId/:ownerId/info', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const { tripId, assetId, ownerId } = req.params;
+
+  if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, assetId, 'immich')) {
+    return res.status(403).json({ error: 'Forbidden' });
+  }
+  const result = await getAssetInfo(authReq.user.id, assetId, Number(ownerId));
+  if (result.error) return res.status(result.status!).json({ error: result.error });
+  res.json(result.data);
+});
+
+// ── Proxy Immich Assets ────────────────────────────────────────────────────
+
+router.get('/assets/:tripId/:assetId/:ownerId/thumbnail', authFromQuery, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const { tripId, assetId, ownerId } = req.params;
+
+  if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, assetId, 'immich')) {
+    return res.status(403).json({ error: 'Forbidden' });
+  }
+  const result = await proxyThumbnail(authReq.user.id, assetId, Number(ownerId));
+  if (result.error) return res.status(result.status!).send(result.error);
+  res.set('Content-Type', result.contentType!);
+  res.set('Cache-Control', 'public, max-age=86400');
+  res.send(result.buffer);
+});
+
+router.get('/assets/:tripId/:assetId/:ownerId/original', authFromQuery, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const { tripId, assetId, ownerId } = req.params;
+
+  if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, assetId, 'immich')) {
+    return res.status(403).json({ error: 'Forbidden' });
+  }
+  const result = await proxyOriginal(authReq.user.id, assetId, Number(ownerId));
+  if (result.error) return res.status(result.status!).send(result.error);
+  res.set('Content-Type', result.contentType!);
+  res.set('Cache-Control', 'public, max-age=86400');
+  res.send(result.buffer);
+});
+
+// ── Album Linking ──────────────────────────────────────────────────────────
+
+router.get('/albums', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const result = await listAlbums(authReq.user.id);
+  if (result.error) return res.status(result.status!).json({ error: result.error });
+  res.json({ albums: result.albums });
+});
+
+router.post('/trips/:tripId/album-links/:linkId/sync', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const { tripId, linkId } = req.params;
+  const result = await syncAlbumAssets(tripId, linkId, authReq.user.id);
+  if (result.error) return res.status(result.status!).json({ error: result.error });
+  res.json({ success: true, added: result.added, total: result.total });
+  if (result.added! > 0) {
+    broadcast(tripId, 'memories:updated', { userId: authReq.user.id }, req.headers['x-socket-id'] as string);
+  }
+});
+
+export default router;

server/src/routes/memories/synology.ts

@@ -0,0 +1,178 @@
+import express, { Request, Response } from 'express';
+import { authenticate } from '../../middleware/auth';
+import { broadcast } from '../../websocket';
+import { AuthRequest } from '../../types';
+import {
+    getSynologySettings,
+    updateSynologySettings,
+    getSynologyStatus,
+    testSynologyConnection,
+    listSynologyAlbums,
+    syncSynologyAlbumLink,
+    searchSynologyPhotos,
+    getSynologyAssetInfo,
+    pipeSynologyProxy,
+    streamSynologyAsset,
+    handleSynologyError,
+    SynologyServiceError,
+} from '../../services/memories/synologyService';
+import { canAccessUserPhoto } from '../../services/memories/helpersService';
+
+const router = express.Router();
+
+function parseStringBodyField(value: unknown): string {
+    return String(value ?? '').trim();
+}
+
+function parseNumberBodyField(value: unknown, fallback: number): number {
+    const parsed = Number(value);
+    return Number.isFinite(parsed) ? parsed : fallback;
+}
+
+router.get('/settings', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    try {
+        res.json(await getSynologySettings(authReq.user.id));
+    } catch (err: unknown) {
+        handleSynologyError(res, err, 'Failed to load settings');
+    }
+});
+
+router.put('/settings', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const body = req.body as Record<string, unknown>;
+    const synology_url = parseStringBodyField(body.synology_url);
+    const synology_username = parseStringBodyField(body.synology_username);
+    const synology_password = parseStringBodyField(body.synology_password);
+
+    if (!synology_url || !synology_username) {
+        return handleSynologyError(res, new SynologyServiceError(400, 'URL and username are required'), 'Missing required fields');
+    }
+
+    try {
+        await updateSynologySettings(authReq.user.id, synology_url, synology_username, synology_password);
+        res.json({ success: true });
+    } catch (err: unknown) {
+        handleSynologyError(res, err, 'Failed to save settings');
+    }
+});
+
+router.get('/status', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    res.json(await getSynologyStatus(authReq.user.id));
+});
+
+router.post('/test', authenticate, async (req: Request, res: Response) => {
+    const body = req.body as Record<string, unknown>;
+    const synology_url = parseStringBodyField(body.synology_url);
+    const synology_username = parseStringBodyField(body.synology_username);
+    const synology_password = parseStringBodyField(body.synology_password);
+
+    if (!synology_url || !synology_username || !synology_password) {
+        return handleSynologyError(res, new SynologyServiceError(400, 'URL, username and password are required'), 'Missing required fields');
+    }
+
+    res.json(await testSynologyConnection(synology_url, synology_username, synology_password));
+});
+
+router.get('/albums', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    try {
+        res.json(await listSynologyAlbums(authReq.user.id));
+    } catch (err: unknown) {
+        handleSynologyError(res, err, 'Could not reach Synology');
+    }
+});
+
+router.post('/trips/:tripId/album-links/:linkId/sync', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId, linkId } = req.params;
+
+    try {
+        const result = await syncSynologyAlbumLink(authReq.user.id, tripId, linkId);
+        res.json({ success: true, ...result });
+        if (result.added > 0) {
+            broadcast(tripId, 'memories:updated', { userId: authReq.user.id }, req.headers['x-socket-id'] as string);
+        }
+    } catch (err: unknown) {
+        handleSynologyError(res, err, 'Could not reach Synology');
+    }
+});
+
+router.post('/search', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const body = req.body as Record<string, unknown>;
+    const from = parseStringBodyField(body.from);
+    const to = parseStringBodyField(body.to);
+    const offset = parseNumberBodyField(body.offset, 0);
+    const limit = parseNumberBodyField(body.limit, 300);
+
+    try {
+        const result = await searchSynologyPhotos(
+            authReq.user.id,
+            from || undefined,
+            to || undefined,
+            offset,
+            limit,
+        );
+        res.json(result);
+    } catch (err: unknown) {
+        handleSynologyError(res, err, 'Could not reach Synology');
+    }
+});
+
+router.get('/assets/:tripId/:photoId/:ownerId/info', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId, photoId, ownerId } = req.params;
+
+    if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, photoId, 'synologyphotos')) {
+        return handleSynologyError(res, new SynologyServiceError(403, 'You don\'t have access to this photo'), 'Access denied');
+    }
+
+    try {
+        res.json(await getSynologyAssetInfo(authReq.user.id, photoId, Number(ownerId)));
+    } catch (err: unknown) {
+        handleSynologyError(res, err, 'Could not reach Synology');
+    }
+});
+
+router.get('/assets/:tripId/:photoId/:ownerId/thumbnail', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId, photoId, ownerId } = req.params;
+    const { size = 'sm' } = req.query;
+
+    if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, photoId, 'synologyphotos')) {
+        return handleSynologyError(res, new SynologyServiceError(403, 'You don\'t have access to this photo'), 'Access denied');
+    }
+
+    try {
+        const proxy = await streamSynologyAsset(authReq.user.id, Number(ownerId), photoId, 'thumbnail', String(size));
+        await pipeSynologyProxy(res, proxy);
+    } catch (err: unknown) {
+        if (res.headersSent) {
+            return;
+        }
+        handleSynologyError(res, err, 'Proxy error');
+    }
+});
+
+router.get('/assets/:tripId/:photoId/:ownerId/original', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId, photoId, ownerId } = req.params;
+    
+    if (!canAccessUserPhoto(authReq.user.id, Number(ownerId), tripId, photoId, 'synologyphotos')) {
+        return handleSynologyError(res, new SynologyServiceError(403, 'You don\'t have access to this photo'), 'Access denied');
+    }
+
+    try {
+        const proxy = await streamSynologyAsset(authReq.user.id, Number(ownerId), photoId, 'original');
+        await pipeSynologyProxy(res, proxy);
+    } catch (err: unknown) {
+        if (res.headersSent) {
+            return;
+        }
+        handleSynologyError(res, err, 'Proxy error');
+    }
+});
+
+export default router;

server/src/routes/memories/unified.ts

@@ -0,0 +1,102 @@
+import express, { Request, Response } from 'express';
+import { authenticate } from '../../middleware/auth';
+import { AuthRequest } from '../../types';
+import {
+    listTripPhotos,
+    listTripAlbumLinks,
+    createTripAlbumLink,
+    removeAlbumLink,
+    addTripPhotos,
+    removeTripPhoto,
+    setTripPhotoSharing,
+} from '../../services/memories/unifiedService';
+import immichRouter from './immich';
+import synologyRouter from './synology';
+
+const router = express.Router();
+
+router.use('/immich', immichRouter);
+router.use('/synologyphotos', synologyRouter);
+
+//------------------------------------------------
+// routes for managing photos linked to trip
+
+router.get('/unified/trips/:tripId/photos', authenticate, (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId } = req.params;
+        const result = listTripPhotos(tripId, authReq.user.id);
+        if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+        res.json({ photos: result.data });
+});
+
+router.post('/unified/trips/:tripId/photos', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId } = req.params;
+    const sid = req.headers['x-socket-id'] as string;
+    
+    const shared = req.body?.shared === undefined ? true : !!req.body?.shared;
+    const result = await addTripPhotos(
+        tripId,
+        authReq.user.id,
+        shared,
+        req.body?.selections || [],
+        sid,
+    );
+    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+
+    res.json({ success: true, added: result.data.added });
+});
+
+router.put('/unified/trips/:tripId/photos/sharing', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId } = req.params;
+    const result = await setTripPhotoSharing(
+        tripId,
+        authReq.user.id,
+        req.body?.provider,
+        req.body?.asset_id,
+        req.body?.shared,
+    );
+    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+    res.json({ success: true });
+});
+
+router.delete('/unified/trips/:tripId/photos', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId } = req.params;
+    const result = await removeTripPhoto(tripId, authReq.user.id, req.body?.provider, req.body?.asset_id);
+    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+    res.json({ success: true });
+});
+
+//------------------------------
+// routes for managing album links
+
+router.get('/unified/trips/:tripId/album-links', authenticate, (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId } = req.params;
+    const result = listTripAlbumLinks(tripId, authReq.user.id);
+    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+    res.json({ links: result.data });
+});
+
+router.post('/unified/trips/:tripId/album-links', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId } = req.params;
+    const result = createTripAlbumLink(tripId, authReq.user.id, req.body?.provider, req.body?.album_id, req.body?.album_name);
+    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+    res.json({ success: true });
+});
+
+router.delete('/unified/trips/:tripId/album-links/:linkId', authenticate, async (req: Request, res: Response) => {
+    const authReq = req as AuthRequest;
+    const { tripId, linkId } = req.params;
+    const result = removeAlbumLink(tripId, linkId, authReq.user.id);
+    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+    res.json({ success: true });
+});
+
+
+
+
+export default router;