自动提交

Author: JoyinJoester

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/repository/BitwardenRepository.kt

@@ -519,9 +519,10 @@ class BitwardenRepository(private val context: Context) {
      * 执行完整同步
      * 
      * 同步流程：
-     * 1. 从服务器拉取最新数据
-     * 2. 上传本地创建的条目到服务器
-     * 3. 上传本地修改的条目到服务器
+     * 1. 先处理本地待删除操作（delete）
+     * 2. 上传本地创建的条目到服务器（create）
+     * 3. 上传本地修改的条目到服务器（update）
+     * 4. 从服务器拉取最新数据（pull）
      */
     suspend fun sync(vaultId: Long): SyncResult = withContext(Dispatchers.IO) {
         syncMutex.withLock {
@@ -547,21 +548,24 @@ class BitwardenRepository(private val context: Context) {
                     }
                 }
 
-                // 1. 先上传本地创建的条目到服务器
+                // 1. 先处理本地待删除操作（delete）
+                val processedDeleteCount = syncService.processPendingOperations(vault, accessToken, symmetricKey)
+
+                // 2. 再上传本地创建的条目到服务器（create）
                 val uploadResult = syncService.uploadLocalEntries(vault, accessToken, symmetricKey)
                 val uploadedCount = when (uploadResult) {
                     is takagi.ru.monica.bitwarden.service.UploadResult.Success -> uploadResult.uploaded
                     else -> 0
                 }
 
-                // 2. 再上传本地已修改的条目到服务器
+                // 3. 上传本地已修改的条目到服务器（update）
                 val modifiedUploadResult = syncService.uploadModifiedEntries(vault, accessToken, symmetricKey)
                 val modifiedUploadedCount = when (modifiedUploadResult) {
                     is takagi.ru.monica.bitwarden.service.UploadResult.Success -> modifiedUploadResult.uploaded
                     else -> 0
                 }
 
-                // 3. 执行同步（从服务器拉取）
+                // 4. 执行同步（pull）
                 val result = syncService.fullSync(vault, accessToken, symmetricKey)
 
                 // 更新最后同步时间
@@ -570,7 +574,7 @@ class BitwardenRepository(private val context: Context) {
                 when (result) {
                     is ServiceSyncResult.Success -> {
                         SyncResult.Success(
-                            syncedCount = result.ciphersAdded + result.ciphersUpdated + uploadedCount + modifiedUploadedCount,
+                            syncedCount = result.ciphersAdded + result.ciphersUpdated + uploadedCount + modifiedUploadedCount + processedDeleteCount,
                             conflictCount = result.conflictsDetected
                         )
                     }
@@ -777,6 +781,103 @@ class BitwardenRepository(private val context: Context) {
         }
     }
 
+    suspend fun queueCipherDelete(
+        vaultId: Long,
+        cipherId: String,
+        entryId: Long? = null,
+        itemType: String = BitwardenPendingOperation.ITEM_TYPE_PASSWORD
+    ): Result<Unit> = withContext(Dispatchers.IO) {
+        try {
+            val vault = vaultDao.getVaultById(vaultId)
+                ?: return@withContext Result.failure(IllegalStateException("Vault 不存在"))
+
+            // 已有待删除操作时直接复用，保证幂等。
+            val existingDelete = pendingOpDao.findActiveDeleteByCipher(vaultId, cipherId)
+            if (existingDelete != null) {
+                return@withContext Result.success(Unit)
+            }
+
+            pendingOpDao.cancelActiveRestoreByCipher(vaultId, cipherId)
+
+            entryId?.let { id ->
+                pendingOpDao.deletePendingForEntryAndType(id, itemType)
+            }
+
+            pendingOpDao.insert(
+                BitwardenPendingOperation(
+                    vaultId = vault.id,
+                    entryId = entryId,
+                    bitwardenCipherId = cipherId,
+                    itemType = itemType,
+                    operationType = BitwardenPendingOperation.OP_DELETE,
+                    targetType = BitwardenPendingOperation.TARGET_CIPHER,
+                    payloadJson = "{}",
+                    status = BitwardenPendingOperation.STATUS_PENDING
+                )
+            )
+
+            Result.success(Unit)
+        } catch (e: Exception) {
+            Log.e(TAG, "加入 Bitwarden 删除队列失败", e)
+            Result.failure(e)
+        }
+    }
+
+    suspend fun queueCipherRestore(
+        vaultId: Long,
+        cipherId: String,
+        entryId: Long? = null,
+        itemType: String = BitwardenPendingOperation.ITEM_TYPE_PASSWORD
+    ): Result<Unit> = withContext(Dispatchers.IO) {
+        try {
+            val vault = vaultDao.getVaultById(vaultId)
+                ?: return@withContext Result.failure(IllegalStateException("Vault 不存在"))
+
+            val existingRestore = pendingOpDao.findActiveRestoreByCipher(vaultId, cipherId)
+            if (existingRestore != null) {
+                return@withContext Result.success(Unit)
+            }
+
+            val existingDelete = pendingOpDao.findActiveDeleteByCipher(vaultId, cipherId)
+            if (existingDelete != null) {
+                pendingOpDao.cancelActiveDeleteByCipher(vaultId, cipherId)
+                return@withContext Result.success(Unit)
+            }
+
+            entryId?.let { id ->
+                pendingOpDao.deletePendingForEntryAndType(id, itemType)
+            }
+
+            pendingOpDao.insert(
+                BitwardenPendingOperation(
+                    vaultId = vault.id,
+                    entryId = entryId,
+                    bitwardenCipherId = cipherId,
+                    itemType = itemType,
+                    operationType = BitwardenPendingOperation.OP_RESTORE,
+                    targetType = BitwardenPendingOperation.TARGET_CIPHER,
+                    payloadJson = "{}",
+                    status = BitwardenPendingOperation.STATUS_PENDING
+                )
+            )
+
+            Result.success(Unit)
+        } catch (e: Exception) {
+            Log.e(TAG, "加入 Bitwarden 恢复队列失败", e)
+            Result.failure(e)
+        }
+    }
+
+    suspend fun cancelPendingCipherDelete(vaultId: Long, cipherId: String): Result<Unit> = withContext(Dispatchers.IO) {
+        try {
+            pendingOpDao.cancelActiveDeleteByCipher(vaultId, cipherId)
+            Result.success(Unit)
+        } catch (e: Exception) {
+            Log.e(TAG, "取消 Bitwarden 删除队列失败", e)
+            Result.failure(e)
+        }
+    }
+
     suspend fun deleteCipher(vaultId: Long, cipherId: String): Result<Unit> = withContext(Dispatchers.IO) {
         try {
             val vault = vaultDao.getVaultById(vaultId)
@@ -815,6 +916,44 @@ class BitwardenRepository(private val context: Context) {
         }
     }
 
+    suspend fun permanentDeleteCipher(vaultId: Long, cipherId: String): Result<Unit> = withContext(Dispatchers.IO) {
+        try {
+            val vault = vaultDao.getVaultById(vaultId)
+                ?: return@withContext Result.failure(IllegalStateException("Vault 不存在"))
+
+            if (!isVaultUnlocked(vaultId)) {
+                return@withContext Result.failure(IllegalStateException("Vault 未解锁"))
+            }
+
+            var accessToken = accessTokenCache[vaultId]
+                ?: return@withContext Result.failure(IllegalStateException("令牌不可用"))
+
+            val expiresAt = vault.accessTokenExpiresAt ?: 0
+            if (expiresAt <= System.currentTimeMillis() + 60000) {
+                val refreshed = refreshToken(vault)
+                if (refreshed != null) {
+                    accessToken = refreshed
+                    accessTokenCache[vaultId] = refreshed
+                } else {
+                    return@withContext Result.failure(IllegalStateException("Token 刷新失败，请重新登录"))
+                }
+            }
+
+            val vaultApi = apiManager.getVaultApi(vault.apiUrl)
+            val response = vaultApi.permanentDeleteCipher("Bearer $accessToken", cipherId)
+            if (!response.isSuccessful && response.code() != 404) {
+                return@withContext Result.failure(
+                    IllegalStateException("永久删除失败: ${response.code()} ${response.message()}")
+                )
+            }
+
+            Result.success(Unit)
+        } catch (e: Exception) {
+            Log.e(TAG, "永久删除 Bitwarden Cipher 失败", e)
+            Result.failure(e)
+        }
+    }
+
     suspend fun getSends(vaultId: Long): List<BitwardenSend> = withContext(Dispatchers.IO) {
         sendDao.getSendsByVault(vaultId)
     }

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/service/BitwardenSyncService.kt

@@ -45,6 +45,7 @@ class BitwardenSyncService(
     private val conflictDao = database.bitwardenConflictBackupDao()
     private val pendingOpDao = database.bitwardenPendingOperationDao()
     private val passwordEntryDao = database.passwordEntryDao()
+    private val secureItemDao = database.secureItemDao()
     private val securityManager = SecurityManager(context)
 
     // 多类型 Cipher 同步处理器
@@ -161,6 +162,11 @@ class BitwardenSyncService(
         var ciphersUpdated = 0
         var conflictsDetected = 0
         var sendsSynced = 0
+        val activeServerCipherIds = response.ciphers
+            .asSequence()
+            .filter { it.deletedDate == null }
+            .map { it.id }
+            .toList()
 
         // 1. 同步文件夹
         response.folders.forEach { folderApi ->
@@ -214,7 +220,16 @@ class BitwardenSyncService(
                 android.util.Log.w(TAG, "Failed to sync cipher ${cipherApi.id}: ${e.message}")
             }
         }
-        
+
+        // 2.1 清理服务器已不存在的本地 Cipher（delete-wins）
+        if (activeServerCipherIds.isEmpty()) {
+            passwordEntryDao.deleteAllSyncedBitwardenEntries(vault.id)
+            secureItemDao.deleteAllSyncedBitwardenEntries(vault.id)
+        } else {
+            passwordEntryDao.deleteBitwardenEntriesNotIn(vault.id, activeServerCipherIds)
+            secureItemDao.deleteBitwardenEntriesNotIn(vault.id, activeServerCipherIds)
+        }
+
         // 3. 清理已删除的文件夹 (服务器上不存在的)
         val serverFolderIds = response.folders.map { it.id }
         folderDao.deleteNotIn(vault.id, serverFolderIds)
@@ -516,7 +531,7 @@ class BitwardenSyncService(
         accessToken: String,
         symmetricKey: SymmetricCryptoKey
     ): Int = withContext(Dispatchers.IO) {
-        val pendingOps = pendingOpDao.getPendingOperationsByVault(vault.id)
+        val pendingOps = pendingOpDao.getRunnableOperationsByVault(vault.id)
         var processed = 0
 
         for (op in pendingOps) {
@@ -525,6 +540,7 @@ class BitwardenSyncService(
                     BitwardenPendingOperation.OP_CREATE -> processCreateOperation(vault, op, accessToken, symmetricKey)
                     BitwardenPendingOperation.OP_UPDATE -> processUpdateOperation(vault, op, accessToken, symmetricKey)
                     BitwardenPendingOperation.OP_DELETE -> processDeleteOperation(vault, op, accessToken)
+                    BitwardenPendingOperation.OP_RESTORE -> processRestoreOperation(vault, op, accessToken)
                     else -> false
                 }
 
@@ -578,6 +594,15 @@ class BitwardenSyncService(
         val cipherId = op.bitwardenCipherId ?: return false
         return deleteRemoteCipher(vault, cipherId, accessToken)
     }
+
+    private suspend fun processRestoreOperation(
+        vault: BitwardenVault,
+        op: BitwardenPendingOperation,
+        accessToken: String
+    ): Boolean {
+        val cipherId = op.bitwardenCipherId ?: return false
+        return restoreRemoteCipher(vault, cipherId, accessToken)
+    }
 
     // ========== 上传本地条目到 Bitwarden ==========
 
@@ -782,13 +807,32 @@ class BitwardenSyncService(
                 authorization = "Bearer $accessToken",
                 cipherId = cipherId
             )
-            
-            return response.isSuccessful
+             
+            return response.isSuccessful || response.code() == 404
         } catch (e: Exception) {
             android.util.Log.e(TAG, "Delete remote cipher failed: ${e.message}", e)
             return false
         }
     }
+
+    private suspend fun restoreRemoteCipher(
+        vault: BitwardenVault,
+        cipherId: String,
+        accessToken: String
+    ): Boolean {
+        try {
+            val vaultApi = apiManager.getVaultApi(vault.apiUrl)
+            val response = vaultApi.restoreCipher(
+                authorization = "Bearer $accessToken",
+                cipherId = cipherId
+            )
+
+            return response.isSuccessful || response.code() == 400 || response.code() == 404
+        } catch (e: Exception) {
+            android.util.Log.e(TAG, "Restore remote cipher failed: ${e.message}", e)
+            return false
+        }
+    }
 
     /**
      * 将 PasswordEntry 转换为加密的 CipherCreateRequest

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/service/CipherSyncProcessor.kt

@@ -39,6 +39,7 @@ class CipherSyncProcessor(
     private val passwordEntryDao = database.passwordEntryDao()
     private val secureItemDao = database.secureItemDao()
     private val passkeyDao = database.passkeyDao()
+    private val pendingOpDao = database.bitwardenPendingOperationDao()
     private val securityManager = SecurityManager(context)
     private val json = Json {
         ignoreUnknownKeys = true
@@ -103,6 +104,7 @@ class CipherSyncProcessor(
 
         // 先按 cipherId 收敛历史重复副本，避免“同一条目异常膨胀”。
         val existing = resolveCanonicalPasswordEntry(cipher.id)
+        val hasPendingDelete = pendingOpDao.hasActiveDeleteByCipher(vault.id, cipher.id)
 
         // 解密字段
         val name = decryptString(cipher.name, symmetricKey) ?: "Untitled"
@@ -122,6 +124,9 @@ class CipherSyncProcessor(
         val encryptedPassword = securityManager.encryptData(password)
 
         if (existing == null) {
+            if (hasPendingDelete) {
+                return CipherSyncResult.Skipped("Pending local delete")
+            }
             // 创建新条目（不吞并本地同名条目，保持数据源独立）
             val newEntry = PasswordEntry(
                 title = name,
@@ -143,6 +148,9 @@ class CipherSyncProcessor(
             passwordEntryDao.insert(newEntry)
             return CipherSyncResult.Added
         } else {
+            if (existing.isDeleted || hasPendingDelete) {
+                return CipherSyncResult.Skipped("Local delete wins")
+            }
             // 更新现有条目
             if (existing.bitwardenLocalModified) {
                 if (existing.bitwardenVaultId != vault.id || existing.bitwardenFolderId != cipher.folderId) {
@@ -184,7 +192,7 @@ class CipherSyncProcessor(
         if (allEntries.isEmpty()) return null
 
         val canonical = allEntries.maxWithOrNull(
-            compareBy<PasswordEntry> { if (it.bitwardenLocalModified) 1 else 0 }
+            compareBy<PasswordEntry> { if (it.isDeleted) 2 else if (it.bitwardenLocalModified) 1 else 0 }
                 .thenBy { if (hasLikelyNonBlankPassword(it)) 1 else 0 }
                 .thenBy { it.updatedAt.time }
                 .thenBy { it.id }

Monica for Android/app/src/main/java/takagi/ru/monica/data/PasswordEntryDao.kt

@@ -346,9 +346,41 @@ interface PasswordEntryDao {
     /**
      * 根据 Bitwarden Cipher ID 获取所有条目（用于清理历史重复数据）
      */
-    @Query("SELECT * FROM password_entries WHERE bitwarden_cipher_id = :cipherId AND isDeleted = 0")
+    @Query("SELECT * FROM password_entries WHERE bitwarden_cipher_id = :cipherId")
     suspend fun getAllByBitwardenCipherId(cipherId: String): List<PasswordEntry>
 
+    /**
+     * 删除指定 Vault 下所有已同步的 Bitwarden 密码条目。
+     * 仅删除未进入回收站的条目，避免覆盖本地删除墓碑。
+     */
+    @Query("""
+        DELETE FROM password_entries
+        WHERE bitwarden_vault_id = :vaultId
+          AND bitwarden_cipher_id IS NOT NULL
+          AND isDeleted = 0
+    """)
+    suspend fun deleteAllSyncedBitwardenEntries(vaultId: Long)
+
+    /**
+     * 清理服务器不存在的 Bitwarden 密码条目（delete-wins）。
+     */
+    @Query("""
+        DELETE FROM password_entries
+        WHERE bitwarden_vault_id = :vaultId
+          AND bitwarden_cipher_id IS NOT NULL
+          AND isDeleted = 0
+          AND bitwarden_cipher_id NOT IN (:keepIds)
+          AND NOT EXISTS (
+              SELECT 1
+              FROM bitwarden_pending_operations op
+              WHERE op.vault_id = :vaultId
+                AND op.bitwarden_cipher_id = password_entries.bitwarden_cipher_id
+                AND op.operation_type = 'RESTORE'
+                AND op.status IN ('PENDING', 'IN_PROGRESS', 'FAILED')
+          )
+    """)
+    suspend fun deleteBitwardenEntriesNotIn(vaultId: Long, keepIds: List<String>)
+
         /**
          * 查找本地重复条目（仅本地库）
          * 用于 Bitwarden 同步时合并本地条目，避免重复