save changes

Author: JoyinJoester

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/repository/BitwardenRepository.kt

@@ -3,6 +3,7 @@ package takagi.ru.monica.bitwarden.repository
 import android.content.Context
 import android.util.Base64
 import android.util.Log
+import androidx.room.withTransaction
 import androidx.security.crypto.EncryptedSharedPreferences
 import androidx.security.crypto.MasterKey
 import kotlinx.coroutines.Dispatchers
@@ -130,6 +131,8 @@ class BitwardenRepository(private val context: Context) {
     private val conflictDao = database.bitwardenConflictBackupDao()
     private val pendingOpDao = database.bitwardenPendingOperationDao()
     private val passwordEntryDao = database.passwordEntryDao()
+    private val secureItemDao = database.secureItemDao()
+    private val passkeyDao = database.passkeyDao()
     private val categoryDao = database.categoryDao()
 
     // Services
@@ -164,6 +167,8 @@ class BitwardenRepository(private val context: Context) {
     suspend fun getAllVaults(): List<BitwardenVault> = withContext(Dispatchers.IO) {
         vaultDao.getAllVaults()
     }
+
+    fun getAllVaultsFlow(): Flow<List<BitwardenVault>> = vaultDao.getAllVaultsFlow()
 
     /**
      * 获取活跃的 Vault
@@ -517,19 +522,24 @@ class BitwardenRepository(private val context: Context) {
             // 清除缓存
             symmetricKeyCache.remove(vaultId)
             accessTokenCache.remove(vaultId)
-            
-            // 删除该 Vault 的所有密码条目
-            passwordEntryDao.deleteAllByBitwardenVaultId(vaultId)
-            
-            // 删除文件夹
-            folderDao.deleteByVault(vaultId)
 
-            // 删除 Send 缓存
-            sendDao.deleteByVault(vaultId)
-            
-            // 删除 Vault
-            vaultDao.deleteById(vaultId)
-            
+            database.withTransaction {
+                // 先清理所有引用 vault_id 的表，避免外键约束导致登出失败。
+                pendingOpDao.deleteByVault(vaultId)
+                conflictDao.deleteByVault(vaultId)
+                sendDao.deleteByVault(vaultId)
+                folderDao.deleteByVault(vaultId)
+
+                // 清理本地业务数据
+                passwordEntryDao.deleteAllByBitwardenVaultId(vaultId)
+                secureItemDao.deleteAllByBitwardenVaultId(vaultId)
+                passkeyDao.deleteAllByBitwardenVaultId(vaultId)
+                categoryDao.unlinkByVaultId(vaultId)
+
+                // 最后删除 Vault 本体
+                vaultDao.deleteById(vaultId)
+            }
+
             // 重置活跃 Vault
             if (securePrefs.getLong(KEY_ACTIVE_VAULT_ID, -1) == vaultId) {
                 securePrefs.edit().remove(KEY_ACTIVE_VAULT_ID).apply()
@@ -1189,7 +1199,7 @@ class BitwardenRepository(private val context: Context) {
 
             // 获取对应的密码条目
             val cipherId = conflict.bitwardenCipherId ?: return@withContext false
-            val entry = passwordEntryDao.getByBitwardenCipherId(cipherId)
+            val entry = passwordEntryDao.getByBitwardenCipherIdInVault(conflict.vaultId, cipherId)
 
             if (entry != null) {
                 // 使用备份的服务器数据更新本地条目

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/service/BitwardenSyncService.kt

@@ -325,7 +325,7 @@ class BitwardenSyncService(
         }
 
         // 查找本地是否存在此 Cipher
-        val existingEntry = passwordEntryDao.getByBitwardenCipherId(cipherApi.id)
+        val existingEntry = passwordEntryDao.getByBitwardenCipherIdInVault(vault.id, cipherApi.id)
 
         if (existingEntry == null) {
             // 新建条目

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/service/CipherSyncProcessor.kt

@@ -109,7 +109,7 @@ class CipherSyncProcessor(
         val login = cipher.login ?: return CipherSyncResult.Skipped("No login data")
 
         // 先按 cipherId 收敛历史重复副本，避免“同一条目异常膨胀”。
-        val existing = resolveCanonicalPasswordEntry(cipher.id)
+        val existing = resolveCanonicalPasswordEntry(vault.id, cipher.id)
         val hasPendingDelete = pendingOpDao.hasActiveDeleteByCipher(vault.id, cipher.id)
 
         // 解密字段
@@ -235,8 +235,8 @@ class CipherSyncProcessor(
         }
     }
 
-    private suspend fun resolveCanonicalPasswordEntry(cipherId: String): PasswordEntry? {
-        val allEntries = passwordEntryDao.getAllByBitwardenCipherId(cipherId)
+    private suspend fun resolveCanonicalPasswordEntry(vaultId: Long, cipherId: String): PasswordEntry? {
+        val allEntries = passwordEntryDao.getAllByBitwardenCipherIdInVault(vaultId, cipherId)
         if (allEntries.isEmpty()) return null
 
         val canonical = allEntries.maxWithOrNull(
@@ -290,7 +290,7 @@ class CipherSyncProcessor(
         val account = decryptString(login.username, symmetricKey) ?: ""
 
         // 查找本地是否存在
-        val existing = secureItemDao.getByBitwardenCipherId(cipher.id)
+        val existing = secureItemDao.getByBitwardenCipherIdInVault(vault.id, cipher.id)
 
         // 构建 TOTP 数据
         val totpData = TotpData(
@@ -367,7 +367,7 @@ class CipherSyncProcessor(
         val name = decryptString(cipher.name, symmetricKey) ?: "Note"
         val notes = decryptString(cipher.notes, symmetricKey) ?: ""
 
-        val existing = secureItemDao.getByBitwardenCipherId(cipher.id)
+        val existing = secureItemDao.getByBitwardenCipherIdInVault(vault.id, cipher.id)
 
         // 构建笔记数据
         val noteData = NoteData(content = notes)
@@ -445,7 +445,7 @@ class CipherSyncProcessor(
         val cvv = decryptString(card.code, symmetricKey) ?: ""
         val brand = decryptString(card.brand, symmetricKey) ?: ""
 
-        val existing = secureItemDao.getByBitwardenCipherId(cipher.id)
+        val existing = secureItemDao.getByBitwardenCipherIdInVault(vault.id, cipher.id)
 
         // 构建银行卡数据（使用 CardMapper.kt 中的 CardItemData 结构）
         val cardData = BankCardData(
@@ -544,7 +544,7 @@ class CipherSyncProcessor(
             }
         }
 
-        val existing = secureItemDao.getByBitwardenCipherId(cipher.id)
+        val existing = secureItemDao.getByBitwardenCipherIdInVault(vault.id, cipher.id)
 
         // 构建证件数据（使用 IdentityMapper.kt 中的 DocumentItemData 结构）
         val docData = DocumentData(
@@ -642,7 +642,7 @@ class CipherSyncProcessor(
         if (decodedCredentials.isEmpty()) {
             // 兼容历史 Monica marker-only passkey：至少落一个引用记录
             val referenceId = buildReferenceCredentialId(cipher.id, 0)
-            val existing = passkeyDao.getByBitwardenCipherId(cipher.id)
+            val existing = passkeyDao.getByBitwardenCipherIdInVault(vault.id, cipher.id)
                 ?: passkeyDao.getPasskeyById(referenceId)
 
             val rpId = fallbackRpId
@@ -774,7 +774,7 @@ class CipherSyncProcessor(
             }
         }
 
-        val staleEntries = passkeyDao.getAllByBitwardenCipherId(cipher.id)
+        val staleEntries = passkeyDao.getAllByBitwardenCipherIdInVault(vault.id, cipher.id)
             .filterNot { keepCredentialIds.contains(it.credentialId) }
         staleEntries.forEach { passkeyDao.delete(it) }
 

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/ui/BitwardenSettingsScreen.kt

@@ -1,5 +1,6 @@
 package takagi.ru.monica.bitwarden.ui
 
+import android.widget.Toast
 import androidx.compose.animation.AnimatedVisibility
 import androidx.compose.animation.core.animateFloatAsState
 import androidx.compose.foundation.clickable
@@ -11,6 +12,7 @@ import androidx.compose.material.icons.filled.*
 import androidx.compose.material.icons.outlined.*
 import androidx.compose.material3.*
 import androidx.compose.runtime.*
+import androidx.compose.ui.platform.LocalContext
 import androidx.compose.ui.Alignment
 import androidx.compose.ui.Modifier
 import androidx.compose.ui.draw.clip
@@ -53,6 +55,7 @@ fun BitwardenSettingsScreen(
     val isSyncOnWifiOnly by viewModel.isSyncOnWifiOnlyFlow.collectAsState()
     val pendingCount by viewModel.pendingSyncCount.collectAsState()
     val failedCount by viewModel.failedSyncCount.collectAsState()
+    val context = LocalContext.current
 
     // 对话框状态
     var showLogoutConfirmDialog by remember { mutableStateOf(false) }
@@ -69,6 +72,12 @@ fun BitwardenSettingsScreen(
                 is BitwardenViewModel.BitwardenEvent.NavigateToLogin -> {
                     onNavigateToLogin()
                 }
+                is BitwardenViewModel.BitwardenEvent.ShowSuccess -> {
+                    Toast.makeText(context, event.message, Toast.LENGTH_SHORT).show()
+                }
+                is BitwardenViewModel.BitwardenEvent.ShowError -> {
+                    Toast.makeText(context, event.message, Toast.LENGTH_SHORT).show()
+                }
                 else -> {}
             }
         }

Monica for Android/app/src/main/java/takagi/ru/monica/data/CategoryDao.kt

@@ -57,7 +57,10 @@ interface CategoryDao {
      */
     @Query("UPDATE categories SET bitwarden_vault_id = NULL, bitwarden_folder_id = NULL, sync_item_types = NULL WHERE bitwarden_folder_id = :folderId")
     suspend fun unlinkByFolderId(folderId: String)
-    
+
+    @Query("UPDATE categories SET bitwarden_vault_id = NULL, bitwarden_folder_id = NULL, sync_item_types = NULL WHERE bitwarden_vault_id = :vaultId")
+    suspend fun unlinkByVaultId(vaultId: Long)
+
     /**
      * 更新同步类型
      */

Monica for Android/app/src/main/java/takagi/ru/monica/data/PasskeyDao.kt

@@ -179,11 +179,30 @@ interface PasskeyDao {
     @Query("SELECT * FROM passkeys WHERE bitwarden_cipher_id = :cipherId LIMIT 1")
     suspend fun getByBitwardenCipherId(cipherId: String): PasskeyEntry?
 
+    @Query(
+        """
+        SELECT * FROM passkeys
+        WHERE bitwarden_vault_id = :vaultId
+          AND bitwarden_cipher_id = :cipherId
+        LIMIT 1
+        """
+    )
+    suspend fun getByBitwardenCipherIdInVault(vaultId: Long, cipherId: String): PasskeyEntry?
+
     /**
      * 根据 Bitwarden Cipher ID 获取所有 Passkey
      */
     @Query("SELECT * FROM passkeys WHERE bitwarden_cipher_id = :cipherId")
     suspend fun getAllByBitwardenCipherId(cipherId: String): List<PasskeyEntry>
+
+    @Query(
+        """
+        SELECT * FROM passkeys
+        WHERE bitwarden_vault_id = :vaultId
+          AND bitwarden_cipher_id = :cipherId
+        """
+    )
+    suspend fun getAllByBitwardenCipherIdInVault(vaultId: Long, cipherId: String): List<PasskeyEntry>
 
     /**
      * 获取指定 Vault 的所有 Passkeys

Monica for Android/app/src/main/java/takagi/ru/monica/data/PasskeyEntry.kt

@@ -36,7 +36,11 @@ import androidx.room.PrimaryKey
     tableName = "passkeys",
     indices = [
         Index(value = ["rp_id"], name = "index_passkeys_rp_id"),
-        Index(value = ["user_name"], name = "index_passkeys_user_name")
+        Index(value = ["user_name"], name = "index_passkeys_user_name"),
+        Index(
+            value = ["bitwarden_vault_id", "bitwarden_cipher_id"],
+            name = "index_passkeys_bitwarden_vault_cipher"
+        )
     ]
 )
 data class PasskeyEntry(

Monica for Android/app/src/main/java/takagi/ru/monica/data/PasswordDatabase.kt

@@ -27,7 +27,7 @@ import takagi.ru.monica.data.bitwarden.*
         BitwardenConflictBackup::class,
         BitwardenPendingOperation::class
     ],
-    version = 43,
+    version = 44,
     exportSchema = false
 )
 @TypeConverters(Converters::class)
@@ -1103,6 +1103,64 @@ abstract class PasswordDatabase : RoomDatabase() {
             }
         }
 
+        /**
+         * Migration 43 -> 44:
+         * 1. 清理 Bitwarden 多库场景下遗留的重复映射数据（按 vault+cipher 收敛）。
+         * 2. 为 password_entries / secure_items 添加 vault+cipher 唯一索引，防止重复插入。
+         * 3. 为 passkeys 添加 vault+cipher 查询索引（非唯一，兼容一个 cipher 多凭据）。
+         */
+        private val MIGRATION_43_44 = object : androidx.room.migration.Migration(43, 44) {
+            override fun migrate(database: androidx.sqlite.db.SupportSQLiteDatabase) {
+                try {
+                    android.util.Log.i("PasswordDatabase", "Starting migration 43→44: bitwarden vault+cipher uniqueness hardening")
+
+                    database.execSQL(
+                        """
+                        DELETE FROM password_entries
+                        WHERE bitwarden_vault_id IS NOT NULL
+                          AND bitwarden_cipher_id IS NOT NULL
+                          AND id NOT IN (
+                              SELECT MAX(id)
+                              FROM password_entries
+                              WHERE bitwarden_vault_id IS NOT NULL
+                                AND bitwarden_cipher_id IS NOT NULL
+                              GROUP BY bitwarden_vault_id, bitwarden_cipher_id
+                          )
+                        """.trimIndent()
+                    )
+
+                    database.execSQL(
+                        """
+                        DELETE FROM secure_items
+                        WHERE bitwarden_vault_id IS NOT NULL
+                          AND bitwarden_cipher_id IS NOT NULL
+                          AND id NOT IN (
+                              SELECT MAX(id)
+                              FROM secure_items
+                              WHERE bitwarden_vault_id IS NOT NULL
+                                AND bitwarden_cipher_id IS NOT NULL
+                              GROUP BY bitwarden_vault_id, bitwarden_cipher_id
+                          )
+                        """.trimIndent()
+                    )
+
+                    database.execSQL(
+                        "CREATE UNIQUE INDEX IF NOT EXISTS index_password_entries_bitwarden_vault_cipher_unique ON password_entries(bitwarden_vault_id, bitwarden_cipher_id)"
+                    )
+                    database.execSQL(
+                        "CREATE UNIQUE INDEX IF NOT EXISTS index_secure_items_bitwarden_vault_cipher_unique ON secure_items(bitwarden_vault_id, bitwarden_cipher_id)"
+                    )
+                    database.execSQL(
+                        "CREATE INDEX IF NOT EXISTS index_passkeys_bitwarden_vault_cipher ON passkeys(bitwarden_vault_id, bitwarden_cipher_id)"
+                    )
+
+                    android.util.Log.i("PasswordDatabase", "Migration 43→44 completed successfully")
+                } catch (e: Exception) {
+                    android.util.Log.e("PasswordDatabase", "Migration 43→44 failed: ${e.message}")
+                }
+            }
+        }
+
         fun getDatabase(context: Context): PasswordDatabase {
             return INSTANCE ?: synchronized(this) {
                 val instance = Room.databaseBuilder(
@@ -1152,7 +1210,8 @@ abstract class PasswordDatabase : RoomDatabase() {
                         MIGRATION_39_40,  // Passkey 模式字段
                         MIGRATION_40_41,  // 密码归档字段
                         MIGRATION_41_42,  // Passkey 文件夹/分组字段
-                        MIGRATION_42_43   // 清理 legacy KeePass WebDAV 残余
+                        MIGRATION_42_43,  // 清理 legacy KeePass WebDAV 残余
+                        MIGRATION_43_44   // Bitwarden 多库去重与唯一约束
                     )
                     .build()
                 INSTANCE = instance

Monica for Android/app/src/main/java/takagi/ru/monica/data/PasswordEntry.kt

@@ -14,7 +14,15 @@ import java.util.Date
 @Parcelize
 @Entity(
     tableName = "password_entries",
-    indices = [Index(value = ["isDeleted"]), Index(value = ["isArchived"])]
+    indices = [
+        Index(value = ["isDeleted"]),
+        Index(value = ["isArchived"]),
+        Index(
+            value = ["bitwarden_vault_id", "bitwarden_cipher_id"],
+            unique = true,
+            name = "index_password_entries_bitwarden_vault_cipher_unique"
+        )
+    ]
 )
 data class PasswordEntry(
     @PrimaryKey(autoGenerate = true)

Monica for Android/app/src/main/java/takagi/ru/monica/data/PasswordEntryDao.kt

@@ -377,12 +377,31 @@ interface PasswordEntryDao {
     @Query("SELECT * FROM password_entries WHERE bitwarden_cipher_id = :cipherId LIMIT 1")
     suspend fun getByBitwardenCipherId(cipherId: String): PasswordEntry?
 
+    @Query(
+        """
+        SELECT * FROM password_entries
+        WHERE bitwarden_vault_id = :vaultId
+          AND bitwarden_cipher_id = :cipherId
+        LIMIT 1
+        """
+    )
+    suspend fun getByBitwardenCipherIdInVault(vaultId: Long, cipherId: String): PasswordEntry?
+
     /**
      * 根据 Bitwarden Cipher ID 获取所有条目（用于清理历史重复数据）
      */
     @Query("SELECT * FROM password_entries WHERE bitwarden_cipher_id = :cipherId")
     suspend fun getAllByBitwardenCipherId(cipherId: String): List<PasswordEntry>
 
+    @Query(
+        """
+        SELECT * FROM password_entries
+        WHERE bitwarden_vault_id = :vaultId
+          AND bitwarden_cipher_id = :cipherId
+        """
+    )
+    suspend fun getAllByBitwardenCipherIdInVault(vaultId: Long, cipherId: String): List<PasswordEntry>
+
     /**
      * 删除指定 Vault 下所有已同步的 Bitwarden 密码条目。
      * 仅删除未进入回收站的条目，避免覆盖本地删除墓碑。