soeren/fotospiel-app
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

feat: implement AI styling foundation and billing scope rework
Some checks failed
linter / quality (push) Has been cancelled
Details
tests / ci (push) Has been cancelled
Details
tests / ui (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Codex Agent
2026-02-06 20:01:58 +01:00
parent df00deb0df
commit 36bed12ff9
80 changed files with 8944 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

488
app/Http/Controllers/Api/Tenant/AiEditController.php Normal file
View File

@@ -0,0 +1,488 @@
<?php
namespace App\Http\Controllers\Api\Tenant;
use App\Http\Controllers\Controller;
use App\Http\Requests\Tenant\AiEditIndexRequest;
use App\Http\Requests\Tenant\AiEditStoreRequest;
use App\Jobs\ProcessAiEditRequest;
use App\Models\AiEditRequest;
use App\Models\AiStyle;
use App\Models\Event;
use App\Models\Photo;
use App\Services\AiEditing\AiEditingRuntimeConfig;
use App\Services\AiEditing\AiStyleAccessService;
use App\Services\AiEditing\AiStylingEntitlementService;
use App\Services\AiEditing\EventAiEditingPolicyService;
use App\Services\AiEditing\Safety\AiSafetyPolicyService;
use App\Support\ApiError;
use App\Support\TenantMemberPermissions;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Str;
use Symfony\Component\HttpFoundation\Response;
class AiEditController extends Controller
{
public function __construct(
private readonly AiSafetyPolicyService $safetyPolicy,
private readonly AiEditingRuntimeConfig $runtimeConfig,
private readonly AiStylingEntitlementService $entitlements,
private readonly EventAiEditingPolicyService $eventPolicy,
private readonly AiStyleAccessService $styleAccess,
) {}
public function index(AiEditIndexRequest $request, string $eventSlug): JsonResponse
{
$event = $this->resolveTenantEventOrFail($request, $eventSlug);
TenantMemberPermissions::ensureEventPermission($request, $event, 'photos:upload');
$perPage = (int) $request->input('per_page', 20);
$status = (string) $request->input('status', '');
$safetyState = (string) $request->input('safety_state', '');
$query = AiEditRequest::query()
->with(['style', 'outputs'])
->where('event_id', $event->id)
->orderByDesc('created_at');
if ($status !== '') {
$query->where('status', $status);
}
if ($safetyState !== '') {
$query->where('safety_state', $safetyState);
}
$requests = $query->paginate($perPage);
return response()->json([
'data' => collect($requests->items())->map(fn (AiEditRequest $item) => $this->serializeRequest($item))->values(),
'meta' => [
'current_page' => $requests->currentPage(),
'per_page' => $requests->perPage(),
'total' => $requests->total(),
'last_page' => $requests->lastPage(),
],
]);
}
public function styles(Request $request, string $eventSlug): JsonResponse
{
$event = $this->resolveTenantEventOrFail($request, $eventSlug);
TenantMemberPermissions::ensureEventPermission($request, $event, 'photos:upload');
if (! $this->runtimeConfig->isEnabled()) {
return ApiError::response(
'feature_disabled',
'Feature disabled',
$this->runtimeConfig->statusMessage() ?: 'AI editing is currently disabled by platform policy.',
Response::HTTP_FORBIDDEN
);
}
$entitlement = $this->entitlements->resolveForEvent($event);
if (! $entitlement['allowed']) {
return ApiError::response(
'feature_locked',
'Feature locked',
$this->entitlements->lockedMessage(),
Response::HTTP_FORBIDDEN,
[
'required_feature' => $entitlement['required_feature'],
'addon_keys' => $entitlement['addon_keys'],
]
);
}
$styles = AiStyle::query()
->where('is_active', true)
->orderBy('sort')
->orderBy('id')
->get();
$policy = $this->eventPolicy->resolve($event);
$styles = $this->eventPolicy->filterStyles($event, $styles);
$styles = $this->styleAccess->filterStylesForEvent($event, $styles);
return response()->json([
'data' => $styles->map(fn (AiStyle $style) => $this->serializeStyle($style))->values(),
'meta' => [
'required_feature' => $entitlement['required_feature'],
'addon_keys' => $entitlement['addon_keys'],
'event_enabled' => $policy['enabled'],
'allow_custom_prompt' => $policy['allow_custom_prompt'],
'allowed_style_keys' => $policy['allowed_style_keys'],
'policy_message' => $policy['policy_message'],
],
]);
}
public function summary(Request $request, string $eventSlug): JsonResponse
{
$event = $this->resolveTenantEventOrFail($request, $eventSlug);
TenantMemberPermissions::ensureEventPermission($request, $event, 'photos:upload');
$baseQuery = AiEditRequest::query()->where('event_id', $event->id);
$statusCounts = (clone $baseQuery)
->select('status', DB::raw('count(*) as aggregate'))
->groupBy('status')
->pluck('aggregate', 'status')
->map(fn (mixed $value): int => (int) $value)
->all();
$safetyCounts = (clone $baseQuery)
->select('safety_state', DB::raw('count(*) as aggregate'))
->groupBy('safety_state')
->pluck('aggregate', 'safety_state')
->map(fn (mixed $value): int => (int) $value)
->all();
$lastRequestedAt = (clone $baseQuery)->max('created_at');
$total = array_sum($statusCounts);
return response()->json([
'data' => [
'event_id' => $event->id,
'total' => $total,
'status_counts' => $statusCounts,
'safety_counts' => $safetyCounts,
'failed_total' => (int) (($statusCounts[AiEditRequest::STATUS_FAILED] ?? 0) + ($statusCounts[AiEditRequest::STATUS_BLOCKED] ?? 0)),
'last_requested_at' => $lastRequestedAt ? (string) \Illuminate\Support\Carbon::parse($lastRequestedAt)->toIso8601String() : null,
],
]);
}
public function store(AiEditStoreRequest $request, string $eventSlug): JsonResponse
{
$event = $this->resolveTenantEventOrFail($request, $eventSlug);
TenantMemberPermissions::ensureEventPermission($request, $event, 'photos:upload');
$photo = Photo::query()
->whereKey((int) $request->input('photo_id'))
->where('event_id', $event->id)
->first();
if (! $photo) {
return ApiError::response(
'photo_not_found',
'Photo not found',
'The specified photo could not be located for this event.',
Response::HTTP_NOT_FOUND
);
}
$style = $this->resolveStyle($request->input('style_id'), $request->input('style_key'));
if (! $style) {
return ApiError::response(
'style_not_found',
'Style not found',
'The selected style is not available.',
Response::HTTP_UNPROCESSABLE_ENTITY
);
}
if (! $this->runtimeConfig->isEnabled()) {
return ApiError::response(
'feature_disabled',
'Feature disabled',
$this->runtimeConfig->statusMessage() ?: 'AI editing is currently disabled by platform policy.',
Response::HTTP_FORBIDDEN
);
}
$entitlement = $this->entitlements->resolveForEvent($event);
if (! $entitlement['allowed']) {
return ApiError::response(
'feature_locked',
'Feature locked',
$this->entitlements->lockedMessage(),
Response::HTTP_FORBIDDEN,
[
'required_feature' => $entitlement['required_feature'],
'addon_keys' => $entitlement['addon_keys'],
]
);
}
$policy = $this->eventPolicy->resolve($event);
if (! $policy['enabled']) {
return ApiError::response(
'event_feature_disabled',
'Feature disabled for this event',
$policy['policy_message'] ?? 'AI editing is disabled for this event.',
Response::HTTP_FORBIDDEN
);
}
if (! $this->eventPolicy->isStyleAllowed($event, $style) || ! $this->styleAccess->canUseStyle($event, $style)) {
return ApiError::response(
'style_not_allowed',
'Style not allowed',
$policy['policy_message'] ?? 'This style is not allowed for this event.',
Response::HTTP_UNPROCESSABLE_ENTITY,
[
'allowed_style_keys' => $policy['allowed_style_keys'],
]
);
}
$prompt = (string) ($request->input('prompt') ?: $style->prompt_template ?: '');
$negativePrompt = (string) ($request->input('negative_prompt') ?: $style->negative_prompt_template ?: '');
$providerModel = $request->input('provider_model') ?: $style->provider_model;
$safetyDecision = $this->safetyPolicy->evaluatePrompt($prompt, $negativePrompt);
$requestedByUserId = $request->user()?->id;
$idempotencyKey = $this->resolveIdempotencyKey(
$request->input('idempotency_key'),
$request->header('X-Idempotency-Key'),
$event,
$photo,
$style,
$prompt,
$requestedByUserId
);
$editRequest = AiEditRequest::query()->firstOrCreate(
['tenant_id' => $event->tenant_id, 'idempotency_key' => $idempotencyKey],
[
'event_id' => $event->id,
'photo_id' => $photo->id,
'style_id' => $style->id,
'requested_by_user_id' => $requestedByUserId,
'provider' => $this->runtimeConfig->defaultProvider(),
'provider_model' => $providerModel,
'status' => $safetyDecision->blocked ? AiEditRequest::STATUS_BLOCKED : AiEditRequest::STATUS_QUEUED,
'safety_state' => $safetyDecision->state,
'prompt' => $prompt,
'negative_prompt' => $negativePrompt,
'input_image_path' => $photo->file_path,
'idempotency_key' => $idempotencyKey,
'safety_reasons' => $safetyDecision->reasonCodes,
'failure_code' => $safetyDecision->failureCode,
'failure_message' => $safetyDecision->failureMessage,
'queued_at' => now(),
'completed_at' => $safetyDecision->blocked ? now() : null,
'metadata' => $request->input('metadata', []),
]
);
if (! $editRequest->wasRecentlyCreated && $this->isIdempotencyConflict(
$editRequest,
$event,
$photo,
$style,
$prompt,
$negativePrompt,
$providerModel,
$requestedByUserId
)) {
return ApiError::response(
'idempotency_conflict',
'Idempotency conflict',
'The provided idempotency key is already in use for another request.',
Response::HTTP_CONFLICT
);
}
if (
$editRequest->wasRecentlyCreated
&& ! $safetyDecision->blocked
&& $this->runtimeConfig->queueAutoDispatch()
) {
ProcessAiEditRequest::dispatch($editRequest->id)
->onQueue($this->runtimeConfig->queueName());
}
return response()->json([
'message' => $editRequest->wasRecentlyCreated ? 'AI edit request queued' : 'AI edit request already exists',
'duplicate' => ! $editRequest->wasRecentlyCreated,
'data' => $this->serializeRequest($editRequest->fresh(['style', 'outputs'])),
], $editRequest->wasRecentlyCreated ? Response::HTTP_CREATED : Response::HTTP_OK);
}
public function show(Request $request, string $eventSlug, int $aiEditRequest): JsonResponse
{
$event = $this->resolveTenantEventOrFail($request, $eventSlug);
TenantMemberPermissions::ensureEventPermission($request, $event, 'photos:upload');
$editRequest = AiEditRequest::query()
->with(['style', 'outputs'])
->whereKey($aiEditRequest)
->where('event_id', $event->id)
->first();
if (! $editRequest) {
return ApiError::response(
'edit_request_not_found',
'Edit request not found',
'The specified AI edit request could not be located for this event.',
Response::HTTP_NOT_FOUND
);
}
return response()->json([
'data' => $this->serializeRequest($editRequest),
]);
}
private function resolveTenantEventOrFail(Request $request, string $eventSlug): Event
{
$tenantId = $request->attributes->get('tenant_id');
return Event::query()
->where('slug', $eventSlug)
->where('tenant_id', $tenantId)
->firstOrFail();
}
private function resolveStyle(mixed $styleId, mixed $styleKey): ?AiStyle
{
if ($styleId !== null) {
return AiStyle::query()
->whereKey((int) $styleId)
->where('is_active', true)
->first();
}
$key = trim((string) ($styleKey ?? ''));
if ($key === '') {
return null;
}
return AiStyle::query()
->where('key', $key)
->where('is_active', true)
->first();
}
private function resolveIdempotencyKey(
mixed $bodyKey,
mixed $headerKey,
Event $event,
Photo $photo,
AiStyle $style,
string $prompt,
mixed $requestedByUserId
): string {
$candidate = trim((string) ($bodyKey ?: $headerKey ?: ''));
if ($candidate !== '') {
return Str::limit($candidate, 120, '');
}
return substr(hash('sha256', implode('|', [
(string) $event->id,
(string) $photo->id,
(string) $style->id,
trim($prompt),
(string) ($this->normalizeUserId($requestedByUserId)),
])), 0, 120);
}
private function normalizeUserId(mixed $userId): ?string
{
if (! is_int($userId) && ! is_string($userId)) {
return null;
}
$value = trim((string) $userId);
return $value !== '' ? $value : null;
}
private function normalizeOptionalString(?string $value): ?string
{
if ($value === null) {
return null;
}
$trimmed = trim($value);
return $trimmed !== '' ? $trimmed : null;
}
private function isIdempotencyConflict(
AiEditRequest $request,
Event $event,
Photo $photo,
AiStyle $style,
string $prompt,
string $negativePrompt,
?string $providerModel,
mixed $requestedByUserId
): bool {
if ($request->event_id !== $event->id || $request->photo_id !== $photo->id) {
return true;
}
if ((int) ($request->style_id ?? 0) !== (int) $style->id) {
return true;
}
if ($this->normalizeOptionalString($request->prompt) !== $this->normalizeOptionalString($prompt)) {
return true;
}
if ($this->normalizeOptionalString($request->negative_prompt) !== $this->normalizeOptionalString($negativePrompt)) {
return true;
}
if ($this->normalizeOptionalString($request->provider_model) !== $this->normalizeOptionalString($providerModel)) {
return true;
}
return $this->normalizeUserId($request->requested_by_user_id) !== $this->normalizeUserId($requestedByUserId);
}
private function serializeStyle(AiStyle $style): array
{
return [
'id' => $style->id,
'key' => $style->key,
'name' => $style->name,
'category' => $style->category,
'description' => $style->description,
'provider' => $style->provider,
'provider_model' => $style->provider_model,
'requires_source_image' => $style->requires_source_image,
'is_premium' => $style->is_premium,
'metadata' => $style->metadata ?? [],
];
}
private function serializeRequest(AiEditRequest $request): array
{
return [
'id' => $request->id,
'event_id' => $request->event_id,
'photo_id' => $request->photo_id,
'style' => $request->style ? [
'id' => $request->style->id,
'key' => $request->style->key,
'name' => $request->style->name,
] : null,
'provider' => $request->provider,
'provider_model' => $request->provider_model,
'status' => $request->status,
'safety_state' => $request->safety_state,
'safety_reasons' => $request->safety_reasons ?? [],
'failure_code' => $request->failure_code,
'failure_message' => $request->failure_message,
'queued_at' => $request->queued_at?->toIso8601String(),
'started_at' => $request->started_at?->toIso8601String(),
'completed_at' => $request->completed_at?->toIso8601String(),
'outputs' => $request->outputs->map(fn ($output) => [
'id' => $output->id,
'storage_disk' => $output->storage_disk,
'storage_path' => $output->storage_path,
'provider_url' => $output->provider_url,
'mime_type' => $output->mime_type,
'width' => $output->width,
'height' => $output->height,
'is_primary' => $output->is_primary,
'safety_state' => $output->safety_state,
'safety_reasons' => $output->safety_reasons ?? [],
'generated_at' => $output->generated_at?->toIso8601String(),
])->values(),
];
}
}