Much base work started

app/controllers/admin/storage_locations_controller.rb

@@ -0,0 +1,62 @@
+module Admin
+  class StorageLocationsController < ApplicationController
+    before_action :set_storage_location, only: [:show, :edit, :update, :destroy]
+
+    def index
+      @storage_locations = StorageLocation.all
+    end
+
+    def show
+    end
+
+    def new
+      @storage_location = StorageLocation.new
+    end
+
+    def create
+      @storage_location = StorageLocation.new(storage_location_params)
+
+      if @storage_location.save
+        redirect_to [:admin, @storage_location], notice: "Storage location was successfully created."
+      else
+        render :new, status: :unprocessable_entity
+      end
+    end
+
+    def edit
+    end
+
+    def update
+      if @storage_location.update(storage_location_params)
+        redirect_to [:admin, @storage_location], notice: "Storage location was successfully updated."
+      else
+        render :edit, status: :unprocessable_entity
+      end
+    end
+
+    def destroy
+      @storage_location.destroy
+      redirect_to admin_storage_locations_url, notice: "Storage location was successfully destroyed."
+    end
+
+    def scan
+      # Placeholder for scan functionality
+      redirect_to [:admin, @storage_location], notice: "Scan functionality will be implemented."
+    end
+
+    def scan_status
+      # Placeholder for scan status
+      render json: { status: "idle" }
+    end
+
+    private
+
+    def set_storage_location
+      @storage_location = StorageLocation.find(params[:id])
+    end
+
+    def storage_location_params
+      params.require(:storage_location).permit(:name, :path, :location_type, :writable, :enabled, :scan_subdirectories, :priority, :settings)
+    end
+  end
+end

app/controllers/application_controller.rb

@@ -1,4 +1,5 @@
 class ApplicationController < ActionController::Base
+  include Authentication
   # Only allow modern browsers supporting webp images, web push, badges, import maps, CSS nesting, and CSS :has.
   allow_browser versions: :modern
 

app/controllers/concerns/authentication.rb

@@ -0,0 +1,52 @@
+module Authentication
+  extend ActiveSupport::Concern
+
+  included do
+    before_action :require_authentication
+    helper_method :authenticated?
+  end
+
+  class_methods do
+    def allow_unauthenticated_access(**options)
+      skip_before_action :require_authentication, **options
+    end
+  end
+
+  private
+    def authenticated?
+      resume_session
+    end
+
+    def require_authentication
+      resume_session || request_authentication
+    end
+
+    def resume_session
+      Current.session ||= find_session_by_cookie
+    end
+
+    def find_session_by_cookie
+      Session.find_by(id: cookies.signed[:session_id]) if cookies.signed[:session_id]
+    end
+
+    def request_authentication
+      session[:return_to_after_authenticating] = request.url
+      redirect_to new_session_path
+    end
+
+    def after_authentication_url
+      session.delete(:return_to_after_authenticating) || root_url
+    end
+
+    def start_new_session_for(user)
+      user.sessions.create!(user_agent: request.user_agent, ip_address: request.remote_ip).tap do |session|
+        Current.session = session
+        cookies.signed.permanent[:session_id] = { value: session.id, httponly: true, same_site: :lax }
+      end
+    end
+
+    def terminate_session
+      Current.session.destroy
+      cookies.delete(:session_id)
+    end
+end

app/controllers/passwords_controller.rb

@@ -0,0 +1,35 @@
+class PasswordsController < ApplicationController
+  allow_unauthenticated_access
+  before_action :set_user_by_token, only: %i[ edit update ]
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_password_path, alert: "Try again later." }
+
+  def new
+  end
+
+  def create
+    if user = User.find_by(email_address: params[:email_address])
+      PasswordsMailer.reset(user).deliver_later
+    end
+
+    redirect_to new_session_path, notice: "Password reset instructions sent (if user with that email address exists)."
+  end
+
+  def edit
+  end
+
+  def update
+    if @user.update(params.permit(:password, :password_confirmation))
+      @user.sessions.destroy_all
+      redirect_to new_session_path, notice: "Password has been reset."
+    else
+      redirect_to edit_password_path(params[:token]), alert: "Passwords did not match."
+    end
+  end
+
+  private
+    def set_user_by_token
+      @user = User.find_by_password_reset_token!(params[:token])
+    rescue ActiveSupport::MessageVerifier::InvalidSignature
+      redirect_to new_password_path, alert: "Password reset link is invalid or has expired."
+    end
+end

app/controllers/sessions_controller.rb

@@ -0,0 +1,21 @@
+class SessionsController < ApplicationController
+  allow_unauthenticated_access only: %i[ new create ]
+  rate_limit to: 10, within: 3.minutes, only: :create, with: -> { redirect_to new_session_path, alert: "Try again later." }
+
+  def new
+  end
+
+  def create
+    if user = User.authenticate_by(params.permit(:email_address, :password))
+      start_new_session_for user
+      redirect_to after_authentication_url
+    else
+      redirect_to new_session_path, alert: "Try another email address or password."
+    end
+  end
+
+  def destroy
+    terminate_session
+    redirect_to new_session_path, status: :see_other
+  end
+end

app/controllers/storage_locations_controller.rb

@@ -0,0 +1,49 @@
+class StorageLocationsController < ApplicationController
+  before_action :set_storage_location, only: [:show, :destroy, :scan]
+
+  def index
+    @storage_locations = StorageLocation.all
+    # Auto-discover storage locations on index page load
+    StorageDiscoveryService.discover_and_create
+  end
+
+  def show
+    @videos = @storage_location.videos.includes(:work).recent
+  end
+
+  def create
+    @storage_location = StorageLocation.new(storage_location_params)
+
+    if @storage_location.save
+      redirect_to @storage_location, notice: 'Storage location was successfully created.'
+    else
+      render :new, status: :unprocessable_entity
+    end
+  end
+
+  def destroy
+    @storage_location.destroy
+    redirect_to storage_locations_url, notice: 'Storage location was successfully destroyed.'
+  end
+
+  def scan
+    scanner = FileScannerService.new(@storage_location)
+    result = scanner.scan
+
+    if result[:success]
+      redirect_to @storage_location, notice: result[:message]
+    else
+      redirect_to @storage_location, alert: result[:message]
+    end
+  end
+
+  private
+
+  def set_storage_location
+    @storage_location = StorageLocation.find(params[:id])
+  end
+
+  def storage_location_params
+    params.require(:storage_location).permit(:name, :path, :storage_type)
+  end
+end

app/controllers/videos_controller.rb

@@ -0,0 +1,58 @@
+class VideosController < ApplicationController
+  before_action :set_video, only: [:show, :stream, :playback_position, :retry_processing]
+
+  def show
+    @work = @video.work
+    @last_position = get_last_playback_position
+  end
+
+  def stream
+    file_path = @video.web_stream_path
+
+    unless file_path && File.exist?(file_path)
+      head :not_found
+      return
+    end
+
+    send_file file_path,
+              filename: @video.filename,
+              type: 'video/mp4',
+              disposition: 'inline',
+              stream: true,
+              buffer_size: 4096
+  end
+
+  def playback_position
+    position = params[:position].to_i
+    session = get_or_create_playback_session
+    session.update!(position: position, last_played_at: Time.current)
+    head :ok
+  end
+
+  def retry_processing
+    VideoProcessorJob.perform_later(@video.id)
+    redirect_to @video, notice: 'Video processing has been queued.'
+  end
+
+  private
+
+  def set_video
+    @video = Video.find(params[:id])
+  end
+
+  def get_last_playback_position
+    # Get from current user's session or cookie
+    session_key = "video_position_#{@video.id}"
+    session[session_key] || 0
+  end
+
+  def get_or_create_playback_session
+    # For Phase 1, we'll use a simple session-based approach
+    # Phase 2 will use proper user authentication
+    PlaybackSession.find_or_initialize_by(
+      video: @video,
+      session_id: session.id.to_s,
+      user_id: nil  # Will be populated in Phase 2
+    )
+  end
+end

app/controllers/works_controller.rb

@@ -0,0 +1,18 @@
+class WorksController < ApplicationController
+  before_action :set_work, only: [:show]
+
+  def index
+    @works = Work.includes(:videos).recent
+  end
+
+  def show
+    @videos = @work.videos.includes(:storage_location).recent
+    @primary_video = @work.primary_video
+  end
+
+  private
+
+  def set_work
+    @work = Work.find(params[:id])
+  end
+end