feat: unified photo provider abstraction layer (#584)

Introduce trek_photos as central photo registry. Frontend uses /api/photos/:id/:kind instead of provider-specific URLs. Adding a new photo provider is now backend-only work. - New trek_photos table (migration 98) with photo_id FK in trip_photos and journey_photos - Unified /api/photos/:id/thumbnail|original|info endpoint - photoResolverService for central resolution and streaming - ProviderPicker: add "All Photos" tab, rename tabs, fix i18n - Localize all hardcoded strings in JourneyDetailPage (14 langs) - Fix date formatting to use browser locale instead of hardcoded 'en' - Journey stats as styled tile cards
2026-06-19 13:21:46 +00:00 · 2026-04-13 20:08:31 +02:00
parent e629548a42
commit c0c59b6d80
34 changed files with 883 additions and 198 deletions
@@ -36,6 +36,7 @@ import { oauthPublicRouter, oauthApiRouter } from './routes/oauth';
 import vacayRoutes from './routes/vacay';
 import atlasRoutes from './routes/atlas';
 import memoriesRoutes from './routes/memories/unified';
+import photoRoutes from './routes/photos';
 import notificationRoutes from './routes/notifications';
 import shareRoutes from './routes/share';
 import journeyRoutes from './routes/journey';
@@ -265,6 +266,7 @@ export function createApp(): express.Application {
  app.use('/api/journeys', journeyRoutes);
  app.use('/api/public/journey', journeyPublicRoutes);
  app.use('/api/integrations/memories', memoriesRoutes);
+  app.use('/api/photos', photoRoutes);
  app.use('/api/maps', mapsRoutes);
  app.use('/api/weather', weatherRoutes);
  app.use('/api/settings', settingsRoutes);
@@ -1435,6 +1435,115 @@ function runMigrations(db: Database.Database): void {
    () => {
      try { db.exec("ALTER TABLE vacay_plans ADD COLUMN week_start INTEGER NOT NULL DEFAULT 1"); } catch {}
    },
+    // Migration: Unified Photo Provider Abstraction Layer (#584)
+    // Central trek_photos registry; trip_photos + journey_photos reference via photo_id
+    () => {
+      // 1. Create the central photo registry
+      db.exec(`
+        CREATE TABLE IF NOT EXISTS trek_photos (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          provider TEXT NOT NULL,
+          asset_id TEXT,
+          owner_id INTEGER REFERENCES users(id) ON DELETE SET NULL,
+          file_path TEXT,
+          thumbnail_path TEXT,
+          width INTEGER,
+          height INTEGER,
+          created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+        )
+      `);
+      db.exec('CREATE UNIQUE INDEX IF NOT EXISTS idx_trek_photos_provider_asset ON trek_photos(provider, asset_id, owner_id) WHERE asset_id IS NOT NULL');
+      db.exec('CREATE INDEX IF NOT EXISTS idx_trek_photos_owner ON trek_photos(owner_id)');
+
+      // 2. Migrate trip_photos → trek_photos + photo_id FK
+      const tripPhotosExists = db.prepare("SELECT 1 FROM sqlite_master WHERE type = 'table' AND name = 'trip_photos'").get();
+      if (tripPhotosExists) {
+        // Insert existing trip photo references into trek_photos (deduplicate by provider+asset_id+owner)
+        db.exec(`
+          INSERT OR IGNORE INTO trek_photos (provider, asset_id, owner_id, created_at)
+          SELECT DISTINCT provider, asset_id, user_id, COALESCE(added_at, CURRENT_TIMESTAMP)
+          FROM trip_photos
+          WHERE asset_id IS NOT NULL AND TRIM(asset_id) != ''
+        `);
+
+        // Recreate trip_photos with photo_id FK
+        db.exec(`
+          CREATE TABLE trip_photos_new (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            trip_id INTEGER NOT NULL REFERENCES trips(id) ON DELETE CASCADE,
+            user_id INTEGER NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+            photo_id INTEGER NOT NULL REFERENCES trek_photos(id) ON DELETE CASCADE,
+            shared INTEGER NOT NULL DEFAULT 1,
+            album_link_id INTEGER REFERENCES trip_album_links(id) ON DELETE SET NULL,
+            added_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+            UNIQUE(trip_id, user_id, photo_id)
+          )
+        `);
+        db.exec(`
+          INSERT OR IGNORE INTO trip_photos_new (trip_id, user_id, photo_id, shared, album_link_id, added_at)
+          SELECT tp.trip_id, tp.user_id, tkp.id, tp.shared, tp.album_link_id, tp.added_at
+          FROM trip_photos tp
+          JOIN trek_photos tkp ON tkp.provider = tp.provider AND tkp.asset_id = tp.asset_id AND tkp.owner_id = tp.user_id
+        `);
+        db.exec('DROP TABLE trip_photos');
+        db.exec('ALTER TABLE trip_photos_new RENAME TO trip_photos');
+        db.exec('CREATE INDEX IF NOT EXISTS idx_trip_photos_trip ON trip_photos(trip_id)');
+        db.exec('CREATE INDEX IF NOT EXISTS idx_trip_photos_photo ON trip_photos(photo_id)');
+      }
+
+      // 3. Migrate journey_photos → trek_photos + photo_id FK
+      const journeyPhotosExists = db.prepare("SELECT 1 FROM sqlite_master WHERE type = 'table' AND name = 'journey_photos'").get();
+      if (journeyPhotosExists) {
+        // Insert provider-based journey photos into trek_photos
+        db.exec(`
+          INSERT OR IGNORE INTO trek_photos (provider, asset_id, owner_id, width, height, created_at)
+          SELECT DISTINCT provider, asset_id, owner_id, width, height, created_at
+          FROM journey_photos
+          WHERE provider != 'local' AND asset_id IS NOT NULL AND TRIM(asset_id) != ''
+        `);
+        // Insert local journey photos into trek_photos (each is unique)
+        db.exec(`
+          INSERT INTO trek_photos (provider, file_path, thumbnail_path, width, height, created_at)
+          SELECT 'local', file_path, thumbnail_path, width, height, created_at
+          FROM journey_photos
+          WHERE provider = 'local' AND file_path IS NOT NULL
+        `);
+
+        // Recreate journey_photos with photo_id FK
+        db.exec(`
+          CREATE TABLE journey_photos_new (
+            id INTEGER PRIMARY KEY AUTOINCREMENT,
+            entry_id INTEGER NOT NULL,
+            photo_id INTEGER NOT NULL REFERENCES trek_photos(id) ON DELETE CASCADE,
+            caption TEXT,
+            sort_order INTEGER DEFAULT 0,
+            shared INTEGER NOT NULL DEFAULT 1,
+            created_at INTEGER NOT NULL,
+            FOREIGN KEY (entry_id) REFERENCES journey_entries(id) ON DELETE CASCADE
+          )
+        `);
+        // Migrate provider photos
+        db.exec(`
+          INSERT INTO journey_photos_new (entry_id, photo_id, caption, sort_order, shared, created_at)
+          SELECT jp.entry_id, tkp.id, jp.caption, jp.sort_order, jp.shared, jp.created_at
+          FROM journey_photos jp
+          JOIN trek_photos tkp ON tkp.provider = jp.provider AND tkp.asset_id = jp.asset_id AND tkp.owner_id = jp.owner_id
+          WHERE jp.provider != 'local' AND jp.asset_id IS NOT NULL
+        `);
+        // Migrate local photos (match by file_path)
+        db.exec(`
+          INSERT INTO journey_photos_new (entry_id, photo_id, caption, sort_order, shared, created_at)
+          SELECT jp.entry_id, tkp.id, jp.caption, jp.sort_order, jp.shared, jp.created_at
+          FROM journey_photos jp
+          JOIN trek_photos tkp ON tkp.provider = 'local' AND tkp.file_path = jp.file_path
+          WHERE jp.provider = 'local' AND jp.file_path IS NOT NULL
+        `);
+        db.exec('DROP TABLE journey_photos');
+        db.exec('ALTER TABLE journey_photos_new RENAME TO journey_photos');
+        db.exec('CREATE INDEX IF NOT EXISTS idx_journey_photos_entry ON journey_photos(entry_id)');
+        db.exec('CREATE INDEX IF NOT EXISTS idx_journey_photos_photo ON journey_photos(photo_id)');
+      }
+    },
  ];

  if (currentVersion < migrations.length) {
@@ -1,5 +1,6 @@
 import express, { Request, Response } from 'express';
-import { getPublicJourney, validateShareTokenForAsset } from '../services/journeyShareService';
+import { getPublicJourney, validateShareTokenForAsset, validateShareTokenForPhoto } from '../services/journeyShareService';
+import { streamPhoto } from '../services/memories/photoResolverService';
 import { streamImmichAsset } from '../services/memories/immichService';
 import path from 'node:path';
 import fs from 'node:fs';
@@ -12,16 +13,23 @@ router.get('/:token', (req: Request, res: Response) => {
  res.json(data);
 });

-// Public photo proxy — validates share token instead of auth
+// Unified public photo proxy — uses trek_photo_id
+router.get('/:token/photos/:photoId/:kind', async (req: Request, res: Response) => {
+  const { token, photoId, kind } = req.params;
+  const valid = validateShareTokenForPhoto(token, Number(photoId));
+  if (!valid) return res.status(404).json({ error: 'Not found' });
+
+  await streamPhoto(res, valid.ownerId, Number(photoId), kind === 'thumbnail' ? 'thumbnail' : 'original');
+});
+
+// Legacy public photo proxy — validates share token instead of auth
 router.get('/:token/photo/:provider/:assetId/:ownerId/:kind', async (req: Request, res: Response) => {
  const { token, provider, assetId, ownerId, kind } = req.params;

-  // Validate token and that this asset belongs to the shared journey
  const valid = validateShareTokenForAsset(token, assetId);
  if (!valid) return res.status(404).json({ error: 'Not found' });

  if (provider === 'local') {
-    // Local file — assetId is the file_path
    const filePath = path.join(__dirname, '../../uploads/journey', assetId);
    const resolved = path.resolve(filePath);
    const uploadsDir = path.resolve(__dirname, '../../uploads');
@@ -32,12 +40,10 @@ router.get('/:token/photo/:provider/:assetId/:ownerId/:kind', async (req: Reques
    return res.sendFile(resolved);
  }

-  // Immich/Synology — proxy through
  const effectiveOwnerId = valid.ownerId || Number(ownerId);
  if (provider === 'immich') {
    await streamImmichAsset(res, effectiveOwnerId, assetId, kind === 'thumbnail' ? 'thumbnail' : 'original', effectiveOwnerId);
  } else {
-    // Synology or other providers — try dynamic import
    try {
      const { streamSynologyAsset } = await import('../services/memories/synologyService');
      await streamSynologyAsset(res, effectiveOwnerId, effectiveOwnerId, assetId, kind === 'thumbnail' ? 'thumbnail' : 'original');
@@ -55,8 +55,7 @@ router.put('/unified/trips/:tripId/photos/sharing', authenticate, async (req: Re
    const result = await setTripPhotoSharing(
        tripId,
        authReq.user.id,
-        req.body?.provider,
-        req.body?.asset_id,
+        Number(req.body?.photo_id),
        req.body?.shared,
    );
    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
@@ -66,7 +65,7 @@ router.put('/unified/trips/:tripId/photos/sharing', authenticate, async (req: Re
 router.delete('/unified/trips/:tripId/photos', authenticate, async (req: Request, res: Response) => {
    const authReq = req as AuthRequest;
    const { tripId } = req.params;
-    const result = await removeTripPhoto(tripId, authReq.user.id, req.body?.provider, req.body?.asset_id);
+    const result = removeTripPhoto(tripId, authReq.user.id, Number(req.body?.photo_id));
    if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
    res.json({ success: true });
 });
@@ -0,0 +1,47 @@
+import express, { Request, Response } from 'express';
+import { authenticate } from '../middleware/auth';
+import { AuthRequest } from '../types';
+import { streamPhoto, getPhotoInfo, resolveTrekPhoto } from '../services/memories/photoResolverService';
+import { canAccessTrekPhoto } from '../services/memories/helpersService';
+
+const router = express.Router();
+
+router.get('/:id/thumbnail', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const photoId = Number(req.params.id);
+  if (!Number.isFinite(photoId)) return res.status(400).json({ error: 'Invalid photo ID' });
+
+  if (!canAccessTrekPhoto(authReq.user.id, photoId)) {
+    return res.status(403).json({ error: 'Forbidden' });
+  }
+
+  await streamPhoto(res, authReq.user.id, photoId, 'thumbnail');
+});
+
+router.get('/:id/original', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const photoId = Number(req.params.id);
+  if (!Number.isFinite(photoId)) return res.status(400).json({ error: 'Invalid photo ID' });
+
+  if (!canAccessTrekPhoto(authReq.user.id, photoId)) {
+    return res.status(403).json({ error: 'Forbidden' });
+  }
+
+  await streamPhoto(res, authReq.user.id, photoId, 'original');
+});
+
+router.get('/:id/info', authenticate, async (req: Request, res: Response) => {
+  const authReq = req as AuthRequest;
+  const photoId = Number(req.params.id);
+  if (!Number.isFinite(photoId)) return res.status(400).json({ error: 'Invalid photo ID' });
+
+  if (!canAccessTrekPhoto(authReq.user.id, photoId)) {
+    return res.status(403).json({ error: 'Forbidden' });
+  }
+
+  const result = await getPhotoInfo(authReq.user.id, photoId);
+  if ('error' in result) return res.status(result.error.status).json({ error: result.error.message });
+  res.json(result.data);
+});
+
+export default router;
@@ -1,11 +1,19 @@
 import { db } from '../db/database';
 import { broadcastToUser } from '../websocket';
 import type { Journey, JourneyEntry, JourneyPhoto, JourneyContributor } from '../types';
+import { getOrCreateTrekPhoto, getOrCreateLocalTrekPhoto, setTrekPhotoProvider } from './memories/photoResolverService';

 function ts(): number {
  return Date.now();
 }

+// Joined SELECT for journey_photos + trek_photos — returns fields matching JourneyPhoto interface
+const JP_SELECT = `
+  jp.id, jp.entry_id, jp.photo_id, jp.caption, jp.sort_order, jp.shared, jp.created_at,
+  tkp.provider, tkp.asset_id, tkp.owner_id, tkp.file_path, tkp.thumbnail_path, tkp.width, tkp.height
+`;
+const JP_JOIN = 'journey_photos jp JOIN trek_photos tkp ON tkp.id = jp.photo_id';
+
 function broadcastJourneyEvent(journeyId: number, event: string, data: Record<string, unknown>, excludeUserId?: number) {
  const contributors = db.prepare(
    'SELECT user_id FROM journey_contributors WHERE journey_id = ?'
@@ -105,7 +113,7 @@ export function getJourneyFull(journeyId: number, userId: number) {
  ).all(journeyId) as JourneyEntry[];

  const photos = db.prepare(
-    'SELECT * FROM journey_photos WHERE entry_id IN (SELECT id FROM journey_entries WHERE journey_id = ?) ORDER BY sort_order ASC'
+    `SELECT ${JP_SELECT} FROM ${JP_JOIN} WHERE jp.entry_id IN (SELECT id FROM journey_entries WHERE journey_id = ?) ORDER BY jp.sort_order ASC`
  ).all(journeyId) as JourneyPhoto[];

  // group photos by entry
@@ -272,8 +280,8 @@ export function syncTripPlaces(journeyId: number, tripId: number, authorId: numb
 // import trip_photos into journey when a trip is linked
 function syncTripPhotos(journeyId: number, tripId: number) {
  const tripPhotos = db.prepare(
-    'SELECT * FROM trip_photos WHERE trip_id = ?'
-  ).all(tripId) as { id: number; trip_id: number; user_id: number; asset_id: string; provider: string; shared: number }[];
+    'SELECT tp.photo_id, tp.user_id, tp.shared FROM trip_photos tp WHERE tp.trip_id = ?'
+  ).all(tripId) as { photo_id: number; user_id: number; shared: number }[];
  if (!tripPhotos.length) return;

  const now = ts();
@@ -285,7 +293,6 @@ function syncTripPhotos(journeyId: number, tripId: number) {
  `).get(journeyId, tripId) as { id: number } | undefined;

  if (!photoEntry) {
-    // get trip date for the entry
    const trip = db.prepare('SELECT start_date FROM trips WHERE id = ?').get(tripId) as { start_date: string } | undefined;
    const entryDate = trip?.start_date || new Date().toISOString().split('T')[0];
    const owner = db.prepare('SELECT user_id FROM journeys WHERE id = ?').get(journeyId) as { user_id: number };
@@ -297,19 +304,19 @@ function syncTripPhotos(journeyId: number, tripId: number) {
    photoEntry = { id: Number(res.lastInsertRowid) };
  }

-  // import each trip photo, skip duplicates
+  // import each trip photo, skip duplicates (by photo_id)
  for (const tp of tripPhotos) {
    const exists = db.prepare(
-      'SELECT 1 FROM journey_photos WHERE entry_id = ? AND provider = ? AND asset_id = ?'
-    ).get(photoEntry.id, tp.provider, tp.asset_id);
+      'SELECT 1 FROM journey_photos WHERE entry_id = ? AND photo_id = ?'
+    ).get(photoEntry.id, tp.photo_id);
    if (exists) continue;

    const maxOrder = db.prepare('SELECT MAX(sort_order) as m FROM journey_photos WHERE entry_id = ?').get(photoEntry.id) as { m: number | null };

    db.prepare(`
-      INSERT INTO journey_photos (entry_id, provider, asset_id, owner_id, shared, sort_order, created_at)
-      VALUES (?, ?, ?, ?, ?, ?, ?)
-    `).run(photoEntry.id, tp.provider, tp.asset_id, tp.user_id, tp.shared, (maxOrder?.m ?? -1) + 1, now);
+      INSERT INTO journey_photos (entry_id, photo_id, shared, sort_order, created_at)
+      VALUES (?, ?, ?, ?, ?)
+    `).run(photoEntry.id, tp.photo_id, tp.shared, (maxOrder?.m ?? -1) + 1, now);
  }
 }

@@ -424,7 +431,7 @@ export function listEntries(journeyId: number, userId: number) {
  ).all(journeyId) as JourneyEntry[];

  const photos = db.prepare(
-    'SELECT * FROM journey_photos WHERE entry_id IN (SELECT id FROM journey_entries WHERE journey_id = ?) ORDER BY sort_order ASC'
+    `SELECT ${JP_SELECT} FROM ${JP_JOIN} WHERE jp.entry_id IN (SELECT id FROM journey_entries WHERE journey_id = ?) ORDER BY jp.sort_order ASC`
  ).all(journeyId) as JourneyPhoto[];

  const photosByEntry: Record<number, JourneyPhoto[]> = {};
@@ -579,15 +586,16 @@ export function addPhoto(entryId: number, userId: number, filePath: string, thum
  if (!entry) return null;
  if (!canEdit(entry.journey_id, userId)) return null;

+  const trekPhotoId = getOrCreateLocalTrekPhoto(filePath, thumbnailPath);
  const maxOrder = db.prepare('SELECT MAX(sort_order) as m FROM journey_photos WHERE entry_id = ?').get(entryId) as { m: number | null };
  const now = ts();

  const res = db.prepare(`
-    INSERT INTO journey_photos (entry_id, provider, file_path, thumbnail_path, caption, sort_order, created_at)
-    VALUES (?, 'local', ?, ?, ?, ?, ?)
-  `).run(entryId, filePath, thumbnailPath || null, caption || null, (maxOrder?.m ?? -1) + 1, now);
+    INSERT INTO journey_photos (entry_id, photo_id, caption, sort_order, created_at)
+    VALUES (?, ?, ?, ?, ?)
+  `).run(entryId, trekPhotoId, caption || null, (maxOrder?.m ?? -1) + 1, now);

-  return db.prepare('SELECT * FROM journey_photos WHERE id = ?').get(Number(res.lastInsertRowid)) as JourneyPhoto;
+  return db.prepare(`SELECT ${JP_SELECT} FROM ${JP_JOIN} WHERE jp.id = ?`).get(Number(res.lastInsertRowid)) as JourneyPhoto;
 }

 export function addProviderPhoto(entryId: number, userId: number, provider: string, assetId: string, caption?: string): JourneyPhoto | null {
@@ -595,19 +603,21 @@ export function addProviderPhoto(entryId: number, userId: number, provider: stri
  if (!entry) return null;
  if (!canEdit(entry.journey_id, userId)) return null;

+  const trekPhotoId = getOrCreateTrekPhoto(provider, assetId, userId);
+
  // skip if already added
-  const exists = db.prepare('SELECT 1 FROM journey_photos WHERE entry_id = ? AND provider = ? AND asset_id = ?').get(entryId, provider, assetId);
+  const exists = db.prepare('SELECT 1 FROM journey_photos WHERE entry_id = ? AND photo_id = ?').get(entryId, trekPhotoId);
  if (exists) return null;

  const maxOrder = db.prepare('SELECT MAX(sort_order) as m FROM journey_photos WHERE entry_id = ?').get(entryId) as { m: number | null };
  const now = ts();

  const res = db.prepare(`
-    INSERT INTO journey_photos (entry_id, provider, asset_id, owner_id, caption, sort_order, created_at)
-    VALUES (?, ?, ?, ?, ?, ?, ?)
-  `).run(entryId, provider, assetId, userId, caption || null, (maxOrder?.m ?? -1) + 1, now);
+    INSERT INTO journey_photos (entry_id, photo_id, caption, sort_order, created_at)
+    VALUES (?, ?, ?, ?, ?)
+  `).run(entryId, trekPhotoId, caption || null, (maxOrder?.m ?? -1) + 1, now);

-  return db.prepare('SELECT * FROM journey_photos WHERE id = ?').get(Number(res.lastInsertRowid)) as JourneyPhoto;
+  return db.prepare(`SELECT ${JP_SELECT} FROM ${JP_JOIN} WHERE jp.id = ?`).get(Number(res.lastInsertRowid)) as JourneyPhoto;
 }

 export function linkPhotoToEntry(entryId: number, photoId: number, userId: number): JourneyPhoto | null {
@@ -615,7 +625,7 @@ export function linkPhotoToEntry(entryId: number, photoId: number, userId: numbe
  if (!entry) return null;
  if (!canEdit(entry.journey_id, userId)) return null;

-  const source = db.prepare('SELECT * FROM journey_photos WHERE id = ?').get(photoId) as JourneyPhoto | undefined;
+  const source = db.prepare(`SELECT ${JP_SELECT} FROM ${JP_JOIN} WHERE jp.id = ?`).get(photoId) as JourneyPhoto | undefined;
  if (!source) return null;

  if (source.entry_id === entryId) return source;
@@ -634,16 +644,19 @@ export function linkPhotoToEntry(entryId: number, photoId: number, userId: numbe
    }
  }

-  return db.prepare('SELECT * FROM journey_photos WHERE id = ?').get(photoId) as JourneyPhoto;
+  return db.prepare(`SELECT ${JP_SELECT} FROM ${JP_JOIN} WHERE jp.id = ?`).get(photoId) as JourneyPhoto;
 }

 export function setPhotoProvider(photoId: number, provider: string, assetId: string, ownerId: number) {
-  db.prepare('UPDATE journey_photos SET provider = ?, asset_id = ?, owner_id = ? WHERE id = ?').run(provider, assetId, ownerId, photoId);
+  // Get the trek_photo_id from the journey_photo, then update the central registry
+  const jp = db.prepare('SELECT photo_id FROM journey_photos WHERE id = ?').get(photoId) as { photo_id: number } | undefined;
+  if (!jp) return;
+  setTrekPhotoProvider(jp.photo_id, provider, assetId, ownerId);
 }

 export function updatePhoto(photoId: number, userId: number, data: { caption?: string; sort_order?: number }): JourneyPhoto | null {
  const photo = db.prepare(`
-    SELECT jp.*, je.journey_id FROM journey_photos jp
+    SELECT ${JP_SELECT}, je.journey_id FROM ${JP_JOIN}
    JOIN journey_entries je ON jp.entry_id = je.id
    WHERE jp.id = ?
  `).get(photoId) as (JourneyPhoto & { journey_id: number }) | undefined;
@@ -658,12 +671,12 @@ export function updatePhoto(photoId: number, userId: number, data: { caption?: s

  values.push(photoId);
  db.prepare(`UPDATE journey_photos SET ${fields.join(', ')} WHERE id = ?`).run(...values);
-  return db.prepare('SELECT * FROM journey_photos WHERE id = ?').get(photoId) as JourneyPhoto;
+  return db.prepare(`SELECT ${JP_SELECT} FROM ${JP_JOIN} WHERE jp.id = ?`).get(photoId) as JourneyPhoto;
 }

 export function deletePhoto(photoId: number, userId: number): (JourneyPhoto & { journey_id: number }) | null {
  const photo = db.prepare(`
-    SELECT jp.*, je.journey_id FROM journey_photos jp
+    SELECT ${JP_SELECT}, je.journey_id FROM ${JP_JOIN}
    JOIN journey_entries je ON jp.entry_id = je.id
    WHERE jp.id = ?
  `).get(photoId) as (JourneyPhoto & { journey_id: number }) | undefined;
@@ -59,7 +59,9 @@ export function validateShareTokenForPhoto(token: string, photoId: number): { jo
  const row = db.prepare('SELECT journey_id FROM journey_share_tokens WHERE token = ?').get(token) as any;
  if (!row) return null;
  const photo = db.prepare(`
-    SELECT jp.*, je.journey_id FROM journey_photos jp
+    SELECT jp.photo_id, tkp.owner_id, je.journey_id
+    FROM journey_photos jp
+    JOIN trek_photos tkp ON tkp.id = jp.photo_id
    JOIN journey_entries je ON jp.entry_id = je.id
    WHERE jp.id = ? AND je.journey_id = ?
  `).get(photoId, row.journey_id) as any;
@@ -71,14 +73,13 @@ export function validateShareTokenForPhoto(token: string, photoId: number): { jo
 export function validateShareTokenForAsset(token: string, assetId: string): { ownerId: number } | null {
  const row = db.prepare('SELECT journey_id FROM journey_share_tokens WHERE token = ?').get(token) as any;
  if (!row) return null;
-  // Check if this asset belongs to any photo in the shared journey
  const photo = db.prepare(`
-    SELECT jp.owner_id FROM journey_photos jp
+    SELECT tkp.owner_id FROM journey_photos jp
+    JOIN trek_photos tkp ON tkp.id = jp.photo_id
    JOIN journey_entries je ON jp.entry_id = je.id
-    WHERE jp.asset_id = ? AND je.journey_id = ?
+    WHERE tkp.asset_id = ? AND je.journey_id = ?
  `).get(assetId, row.journey_id) as any;
  if (!photo) {
-    // Fallback: get journey owner
    const journey = db.prepare('SELECT user_id FROM journeys WHERE id = ?').get(row.journey_id) as any;
    return journey ? { ownerId: journey.user_id } : null;
  }
@@ -100,7 +101,10 @@ export function getPublicJourney(token: string) {
  `).all(row.journey_id) as any[];

  const photos = db.prepare(`
-    SELECT jp.* FROM journey_photos jp
+    SELECT jp.id, jp.entry_id, jp.photo_id, jp.caption, jp.sort_order, jp.shared, jp.created_at,
+           tkp.provider, tkp.asset_id, tkp.owner_id, tkp.file_path, tkp.thumbnail_path, tkp.width, tkp.height
+    FROM journey_photos jp
+    JOIN trek_photos tkp ON tkp.id = jp.photo_id
    JOIN journey_entries je ON jp.entry_id = je.id
    WHERE je.journey_id = ?
    ORDER BY jp.sort_order
@@ -129,15 +129,15 @@ export function canAccessUserPhoto(requestingUserId: number, ownerUserId: number
        const journeyPhoto = db.prepare(`
            SELECT jp.entry_id, je.journey_id
            FROM journey_photos jp
+            JOIN trek_photos tkp ON tkp.id = jp.photo_id
            JOIN journey_entries je ON je.id = jp.entry_id
-            WHERE jp.asset_id = ?
-              AND jp.provider = ?
-              AND jp.owner_id = ?
+            WHERE tkp.asset_id = ?
+              AND tkp.provider = ?
+              AND tkp.owner_id = ?
            LIMIT 1
        `).get(assetId, provider, ownerUserId) as { entry_id: number; journey_id: number } | undefined;
        if (!journeyPhoto) return false;

-        // Check if requesting user is the journey owner or a contributor
        const access = db.prepare(`
            SELECT 1 FROM journeys WHERE id = ? AND user_id = ?
            UNION ALL
@@ -147,15 +147,16 @@ export function canAccessUserPhoto(requestingUserId: number, ownerUserId: number
        return !!access;
    }

-    // Regular trip photos
+    // Regular trip photos — join through trek_photos
    const sharedAsset = db.prepare(`
    SELECT 1
-    FROM trip_photos
-    WHERE user_id = ?
-      AND asset_id = ?
-      AND provider = ?
-      AND trip_id = ?
-      AND shared = 1
+    FROM trip_photos tp
+    JOIN trek_photos tkp ON tkp.id = tp.photo_id
+    WHERE tp.user_id = ?
+      AND tkp.asset_id = ?
+      AND tkp.provider = ?
+      AND tp.trip_id = ?
+      AND tp.shared = 1
    LIMIT 1
    `).get(ownerUserId, assetId, provider, tripId);

@@ -166,6 +167,52 @@ export function canAccessUserPhoto(requestingUserId: number, ownerUserId: number
 }


+// ── Unified photo access check (trek_photos based) ──────────────────────
+
+export function canAccessTrekPhoto(requestingUserId: number, trekPhotoId: number): boolean {
+    const photo = db.prepare('SELECT * FROM trek_photos WHERE id = ?').get(trekPhotoId) as { id: number; provider: string; owner_id: number | null } | undefined;
+    if (!photo) return false;
+
+    // Owner always has access
+    if (photo.owner_id === requestingUserId) return true;
+
+    // Check trip_photos — is this photo shared in a trip the user has access to?
+    const tripAccess = db.prepare(`
+        SELECT 1 FROM trip_photos tp
+        WHERE tp.photo_id = ?
+          AND tp.shared = 1
+          AND EXISTS (
+            SELECT 1 FROM trip_members tm WHERE tm.trip_id = tp.trip_id AND tm.user_id = ?
+            UNION ALL
+            SELECT 1 FROM trips t WHERE t.id = tp.trip_id AND t.user_id = ?
+          )
+        LIMIT 1
+    `).get(trekPhotoId, requestingUserId, requestingUserId);
+    if (tripAccess) return true;
+
+    // Check journey_photos — is this photo in a journey the user can access?
+    const journeyAccess = db.prepare(`
+        SELECT 1 FROM journey_photos jp
+        JOIN journey_entries je ON je.id = jp.entry_id
+        WHERE jp.photo_id = ?
+          AND EXISTS (
+            SELECT 1 FROM journeys j WHERE j.id = je.journey_id AND j.user_id = ?
+            UNION ALL
+            SELECT 1 FROM journey_contributors jc WHERE jc.journey_id = je.journey_id AND jc.user_id = ?
+          )
+        LIMIT 1
+    `).get(trekPhotoId, requestingUserId, requestingUserId);
+    if (journeyAccess) return true;
+
+    // Local photos without owner (uploaded files) — check if user has journey access
+    if (photo.provider === 'local' && !photo.owner_id) {
+        return !!journeyAccess;
+    }
+
+    return false;
+}
+
+
 // ----------------------------------------------
 //helpers for album link syncing

@@ -0,0 +1,141 @@
+import { Response } from 'express';
+import path from 'path';
+import fs from 'fs';
+import { db } from '../../db/database';
+import type { TrekPhoto } from '../../types';
+import { streamImmichAsset, getAssetInfo as getImmichAssetInfo } from './immichService';
+import { streamSynologyAsset, getSynologyAssetInfo } from './synologyService';
+import type { ServiceResult, AssetInfo } from './helpersService';
+import { fail, success } from './helpersService';
+
+// ── Lookup / Register ────────────────────────────────────────────────────
+
+export function getOrCreateTrekPhoto(
+  provider: string,
+  assetId: string,
+  ownerId: number,
+): number {
+  const existing = db.prepare(
+    'SELECT id FROM trek_photos WHERE provider = ? AND asset_id = ? AND owner_id = ?'
+  ).get(provider, assetId, ownerId) as { id: number } | undefined;
+  if (existing) return existing.id;
+
+  const res = db.prepare(
+    'INSERT INTO trek_photos (provider, asset_id, owner_id) VALUES (?, ?, ?)'
+  ).run(provider, assetId, ownerId);
+  return Number(res.lastInsertRowid);
+}
+
+export function getOrCreateLocalTrekPhoto(
+  filePath: string,
+  thumbnailPath?: string | null,
+  width?: number | null,
+  height?: number | null,
+): number {
+  const existing = db.prepare(
+    "SELECT id FROM trek_photos WHERE provider = 'local' AND file_path = ?"
+  ).get(filePath) as { id: number } | undefined;
+  if (existing) return existing.id;
+
+  const res = db.prepare(
+    'INSERT INTO trek_photos (provider, file_path, thumbnail_path, width, height) VALUES (?, ?, ?, ?, ?)'
+  ).run('local', filePath, thumbnailPath || null, width || null, height || null);
+  return Number(res.lastInsertRowid);
+}
+
+export function resolveTrekPhoto(photoId: number): TrekPhoto | null {
+  return db.prepare('SELECT * FROM trek_photos WHERE id = ?').get(photoId) as TrekPhoto | undefined || null;
+}
+
+// ── Streaming ────────────────────────────────────────────────────────────
+
+export async function streamPhoto(
+  res: Response,
+  userId: number,
+  photoId: number,
+  kind: 'thumbnail' | 'original',
+): Promise<void> {
+  const photo = resolveTrekPhoto(photoId);
+  if (!photo) {
+    res.status(404).json({ error: 'Photo not found' });
+    return;
+  }
+
+  switch (photo.provider) {
+    case 'local': {
+      const filePath = path.join(__dirname, '../../../uploads', photo.file_path!);
+      if (!fs.existsSync(filePath)) {
+        res.status(404).json({ error: 'File not found' });
+        return;
+      }
+      res.set('Cache-Control', 'public, max-age=86400');
+      res.sendFile(filePath);
+      return;
+    }
+    case 'immich': {
+      await streamImmichAsset(res, userId, photo.asset_id!, kind, photo.owner_id!);
+      return;
+    }
+    case 'synologyphotos': {
+      await streamSynologyAsset(res, userId, photo.owner_id!, photo.asset_id!, kind);
+      return;
+    }
+    default:
+      res.status(400).json({ error: `Unknown provider: ${photo.provider}` });
+  }
+}
+
+// ── Asset Info ────────────────────────────────────────────────────────────
+
+export async function getPhotoInfo(
+  userId: number,
+  photoId: number,
+): Promise<ServiceResult<AssetInfo>> {
+  const photo = resolveTrekPhoto(photoId);
+  if (!photo) return fail('Photo not found', 404);
+
+  switch (photo.provider) {
+    case 'local': {
+      return success({
+        id: String(photo.id),
+        takenAt: photo.created_at,
+        city: null,
+        country: null,
+        width: photo.width,
+        height: photo.height,
+        fileName: photo.file_path?.split('/').pop() || null,
+      } as AssetInfo);
+    }
+    case 'immich': {
+      const result = await getImmichAssetInfo(userId, photo.asset_id!, photo.owner_id!);
+      if (result.error) return fail(result.error, result.status || 500);
+      return success(result.data as AssetInfo);
+    }
+    case 'synologyphotos': {
+      return getSynologyAssetInfo(userId, photo.asset_id!, photo.owner_id!);
+    }
+    default:
+      return fail(`Unknown provider: ${photo.provider}`, 400);
+  }
+}
+
+// ── Update provider on existing trek_photo (for Immich upload sync) ─────
+
+export function setTrekPhotoProvider(
+  trekPhotoId: number,
+  provider: string,
+  assetId: string,
+  ownerId: number,
+): void {
+  db.prepare(
+    'UPDATE trek_photos SET provider = ?, asset_id = ?, owner_id = ? WHERE id = ?'
+  ).run(provider, assetId, ownerId, trekPhotoId);
+}
+
+// ── Delete local file for a trek_photo ──────────────────────────────────
+
+export function getTrekPhotoFilePath(photoId: number): string | null {
+  const photo = resolveTrekPhoto(photoId);
+  if (!photo || photo.provider !== 'local' || !photo.file_path) return null;
+  return path.join(__dirname, '../../../uploads', photo.file_path);
+}
@@ -8,6 +8,7 @@ import {
  mapDbError,
  Selection,
 } from './helpersService';
+import { getOrCreateTrekPhoto } from './photoResolverService';


 function _providers(): Array<{id: string; enabled: boolean}> {
@@ -45,13 +46,14 @@ export function listTripPhotos(tripId: string, userId: number): ServiceResult<an
    }

    const photos = db.prepare(`
-      SELECT tp.asset_id, tp.provider, tp.user_id, tp.shared, tp.added_at,
+      SELECT tp.photo_id, tkp.asset_id, tkp.provider, tp.user_id, tp.shared, tp.added_at,
             u.username, u.avatar
      FROM trip_photos tp
+      JOIN trek_photos tkp ON tkp.id = tp.photo_id
      JOIN users u ON tp.user_id = u.id
      WHERE tp.trip_id = ?
        AND (tp.user_id = ? OR tp.shared = 1)
-        AND tp.provider IN (${enabledProviders.map(() => '?').join(',')})
+        AND tkp.provider IN (${enabledProviders.map(() => '?').join(',')})
      ORDER BY tp.added_at ASC
    `).all(tripId, userId, ...enabledProviders);

@@ -108,9 +110,10 @@ function _addTripPhoto(tripId: string, userId: number, provider: string, assetId
    return providerResult as ServiceResult<boolean>;
  }
  try {
+    const photoId = getOrCreateTrekPhoto(provider, assetId, userId);
    const result = db.prepare(
-      'INSERT OR IGNORE INTO trip_photos (trip_id, user_id, asset_id, provider, shared, album_link_id) VALUES (?, ?, ?, ?, ?, ?)'
-    ).run(tripId, userId, assetId, provider, shared ? 1 : 0, albumLinkId || null);
+      'INSERT OR IGNORE INTO trip_photos (trip_id, user_id, photo_id, shared, album_link_id) VALUES (?, ?, ?, ?, ?)'
+    ).run(tripId, userId, photoId, shared ? 1 : 0, albumLinkId || null);
    return success(result.changes > 0);
  }
  catch (error) {
@@ -163,8 +166,7 @@ export async function addTripPhotos(
 export async function setTripPhotoSharing(
  tripId: string,
  userId: number,
-  provider: string,
-  assetId: string,
+  photoId: number,
  shared: boolean,
  sid?: string,
 ): Promise<ServiceResult<true>> {
@@ -179,9 +181,8 @@ export async function setTripPhotoSharing(
      SET shared = ?
      WHERE trip_id = ?
        AND user_id = ?
-        AND asset_id = ?
-        AND provider = ?
-    `).run(shared ? 1 : 0, tripId, userId, assetId, provider);
+        AND photo_id = ?
+    `).run(shared ? 1 : 0, tripId, userId, photoId);

    await _notifySharedTripPhotos(tripId, userId, 1);
    broadcast(tripId, 'memories:updated', { userId }, sid);
@@ -194,8 +195,7 @@ export async function setTripPhotoSharing(
 export function removeTripPhoto(
  tripId: string,
  userId: number,
-  provider: string,
-  assetId: string,
+  photoId: number,
  sid?: string,
 ): ServiceResult<true> {
  const access = canAccessTrip(tripId, userId);
@@ -208,9 +208,8 @@ export function removeTripPhoto(
      DELETE FROM trip_photos
      WHERE trip_id = ?
        AND user_id = ?
-        AND asset_id = ?
-        AND provider = ?
-    `).run(tripId, userId, assetId, provider);
+        AND photo_id = ?
+    `).run(tripId, userId, photoId);

    broadcast(tripId, 'memories:updated', { userId }, sid);

@@ -339,20 +339,34 @@ export interface JourneyEntry {
  updated_at: number;
 }

-export interface JourneyPhoto {
+export interface TrekPhoto {
  id: number;
-  entry_id: number;
-  provider: 'local' | 'immich' | 'synologyphotos';
+  provider: string;
  asset_id?: string | null;
  owner_id?: number | null;
  file_path?: string | null;
  thumbnail_path?: string | null;
-  caption?: string | null;
-  sort_order: number;
  width?: number | null;
  height?: number | null;
+  created_at: string;
+}
+
+export interface JourneyPhoto {
+  id: number;
+  entry_id: number;
+  photo_id: number;
+  caption?: string | null;
+  sort_order: number;
  shared: number;
  created_at: number;
+  // Joined from trek_photos for API responses
+  provider?: string;
+  asset_id?: string | null;
+  owner_id?: number | null;
+  file_path?: string | null;
+  thumbnail_path?: string | null;
+  width?: number | null;
+  height?: number | null;
 }

 export interface JourneyTrip {