Add maintenance snapshot workflow and timeline updates

Author: JoyinJoester

Monica for Android/app/src/main/java/takagi/ru/monica/MainActivity.kt

@@ -559,16 +559,17 @@ fun MonicaContent(
         }
     }
 
+    // Emergency safe mode: disable global shared transition lookahead to avoid
+    // "Placement happened before lookahead" crashes on affected devices/builds.
     @OptIn(androidx.compose.animation.ExperimentalSharedTransitionApi::class)
-    androidx.compose.animation.SharedTransitionLayout {
-        androidx.compose.runtime.CompositionLocalProvider(
-            takagi.ru.monica.ui.LocalSharedTransitionScope provides this,
-            takagi.ru.monica.ui.LocalReduceAnimations provides settings.reduceAnimations
+    androidx.compose.runtime.CompositionLocalProvider(
+        takagi.ru.monica.ui.LocalSharedTransitionScope provides null,
+        takagi.ru.monica.ui.LocalReduceAnimations provides true
+    ) {
+        NavHost(
+            navController = navController,
+            startDestination = fixedStartDestination
         ) {
-            NavHost(
-                navController = navController,
-                startDestination = fixedStartDestination
-            ) {
         composable(Screen.Login.route) {
             LoginScreen(
                 viewModel = viewModel,
@@ -2131,17 +2132,20 @@ fun MonicaContent(
             val quickMaintenanceViewModel: takagi.ru.monica.viewmodel.QuickDatabaseMaintenanceViewModel = viewModel {
                 takagi.ru.monica.viewmodel.QuickDatabaseMaintenanceViewModel(
                     takagi.ru.monica.data.maintenance.createQuickDatabaseMaintenanceEngine(
+                        database = database,
                         passwordRepository = repository,
                         secureItemRepository = secureItemRepository,
                         passkeyRepository = passkeyRepository,
                         localKeePassDatabaseDao = database.localKeePassDatabaseDao(),
+                        bitwardenFolderDao = database.bitwardenFolderDao(),
                         bitwardenVaultDao = database.bitwardenVaultDao(),
                         securityManager = securityManager,
                         workspaceRepository = takagi.ru.monica.repository.KeePassWorkspaceRepository(
                             context = context.applicationContext,
                             dao = database.localKeePassDatabaseDao(),
                             securityManager = securityManager
-                        )
+                        ),
+                        operationLogRepository = takagi.ru.monica.repository.OperationLogRepository(database.operationLogDao())
                     )
                 )
             }
@@ -2156,9 +2160,13 @@ fun MonicaContent(
                 onIncludeAuthenticatorsChange = quickMaintenanceViewModel::updateIncludeAuthenticators,
                 onIncludeBankCardsChange = quickMaintenanceViewModel::updateIncludeBankCards,
                 onIncludePasskeysChange = quickMaintenanceViewModel::updateIncludePasskeys,
+                onModeChange = quickMaintenanceViewModel::updateMode,
+                onTargetSourceChange = quickMaintenanceViewModel::updateTargetSource,
                 onRun = {
                     quickMaintenanceViewModel.runMaintenance()
-                }
+                },
+                onConfirmRun = quickMaintenanceViewModel::confirmAndRunMaintenance,
+                onDismissPlan = quickMaintenanceViewModel::dismissPlan
             )
         }
 
@@ -2373,8 +2381,8 @@ fun MonicaContent(
             )
         }
     }
-        }
-    }
+}
+
 }
 
 @Composable

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/repository/BitwardenRepository.kt

@@ -45,6 +45,10 @@ class BitwardenRepository(private val context: Context) {
         private const val KEY_SYNC_ON_WIFI_ONLY = "sync_on_wifi_only"
         private const val KEY_LAST_SYNC_TIME = "last_sync_time"
         private const val KEY_NEVER_LOCK_BITWARDEN = "never_lock_bitwarden"
+        private const val PBKDF2_DEFAULT_ITERATIONS = 600000
+        private const val ARGON2_DEFAULT_ITERATIONS = 3
+        private const val ARGON2_DEFAULT_MEMORY_MB = 64
+        private const val ARGON2_DEFAULT_PARALLELISM = 4
         private val syncMutex = Mutex()
 
         @Volatile
@@ -66,7 +70,7 @@ class BitwardenRepository(private val context: Context) {
                 // 账号密码错误
                 rawError.contains("invalid_username_or_password", ignoreCase = true) ||
                 rawError.contains("Username or password is incorrect", ignoreCase = true) ->
-                    "邮箱或主密码错误，请检查后重试"
+                    "登录失败：账号凭据无效，或服务器区域/地址不匹配（.com/.eu/自建），请确认后重试"
 
                 // 验证码错误
                 rawError.contains("Invalid New Device OTP", ignoreCase = true) ||
@@ -108,7 +112,7 @@ class BitwardenRepository(private val context: Context) {
 
                 // 其他 400 错误
                 rawError.contains("400") && rawError.contains("invalid_grant") ->
-                    "认证失败，可能是两步验证未完成或验证码无效，请重试"
+                    "认证失败：可能是服务器区域或自建地址不匹配、SSO 账户限制、或验证流程未完成，请重试"
 
                 // 默认返回原始错误（截断过长内容）
                 else -> {
@@ -388,22 +392,37 @@ class BitwardenRepository(private val context: Context) {
     suspend fun unlock(vaultId: Long, masterPassword: String): UnlockResult = withContext(Dispatchers.IO) {
         try {
             val vault = vaultDao.getVaultById(vaultId) ?: return@withContext UnlockResult.Error("Vault 不存在")
+            val normalizedIterations = when (vault.kdfType) {
+                BitwardenVault.KDF_TYPE_PBKDF2 -> vault.kdfIterations.takeIf { it > 0 } ?: PBKDF2_DEFAULT_ITERATIONS
+                BitwardenVault.KDF_TYPE_ARGON2ID -> vault.kdfIterations.takeIf { it > 0 } ?: ARGON2_DEFAULT_ITERATIONS
+                else -> vault.kdfIterations
+            }
+            val normalizedMemory = vault.kdfMemory.takeIf { it != null && it > 0 } ?: ARGON2_DEFAULT_MEMORY_MB
+            val normalizedParallelism = vault.kdfParallelism.takeIf { it != null && it > 0 } ?: ARGON2_DEFAULT_PARALLELISM
 
             // 派生主密钥
-            val masterKey = if (vault.kdfType == BitwardenVault.KDF_TYPE_ARGON2ID) {
-                BitwardenCrypto.deriveMasterKeyArgon2(
-                    password = masterPassword,
-                    salt = vault.email,
-                    iterations = vault.kdfIterations,
-                    memory = vault.kdfMemory ?: 64,
-                    parallelism = vault.kdfParallelism ?: 4
-                )
-            } else {
-                BitwardenCrypto.deriveMasterKeyPbkdf2(
-                    password = masterPassword,
-                    salt = vault.email,
-                    iterations = vault.kdfIterations
-                )
+            val masterKey = when (vault.kdfType) {
+                BitwardenVault.KDF_TYPE_ARGON2ID -> {
+                    BitwardenCrypto.deriveMasterKeyArgon2(
+                        password = masterPassword,
+                        salt = vault.email,
+                        iterations = normalizedIterations,
+                        memory = normalizedMemory,
+                        parallelism = normalizedParallelism
+                    )
+                }
+
+                BitwardenVault.KDF_TYPE_PBKDF2 -> {
+                    BitwardenCrypto.deriveMasterKeyPbkdf2(
+                        password = masterPassword,
+                        salt = vault.email,
+                        iterations = normalizedIterations
+                    )
+                }
+
+                else -> {
+                    return@withContext UnlockResult.Error("不支持的 KDF 类型: ${vault.kdfType}，请重新登录")
+                }
             }
 
             try {

Monica for Android/app/src/main/java/takagi/ru/monica/bitwarden/service/BitwardenAuthService.kt

@@ -42,6 +42,10 @@ class BitwardenAuthService(
         private const val TAG = "BitwardenAuthService"
         private const val DIAG_PREFIX = "[BW_DIAG]"
         private const val ERROR_BODY_SNIPPET_LIMIT = 240
+        private const val PBKDF2_DEFAULT_ITERATIONS = 600000
+        private const val ARGON2_DEFAULT_ITERATIONS = 3
+        private const val ARGON2_DEFAULT_MEMORY_MB = 64
+        private const val ARGON2_DEFAULT_PARALLELISM = 4
 
         // 两步验证类型
         const val TWO_FACTOR_AUTHENTICATOR = 0
@@ -106,11 +110,12 @@ class BitwardenAuthService(
                 }
 
                 Result.success(
-                    PreLoginResult(
+                    normalizePreLoginResult(
                         kdfType = body.kdf,
                         kdfIterations = body.kdfIterations,
                         kdfMemory = body.kdfMemory,
-                        kdfParallelism = body.kdfParallelism
+                        kdfParallelism = body.kdfParallelism,
+                        diagnosticAttemptId = diagnosticAttemptId
                     )
                 )
             } else {
@@ -210,20 +215,38 @@ class BitwardenAuthService(
             val emailLower = normalizedEmail.lowercase(Locale.ENGLISH)
 
             // 2. 派生 Master Key
-            masterKey = if (preLoginResult.kdfType == BitwardenVault.KDF_TYPE_ARGON2ID) {
-                BitwardenCrypto.deriveMasterKeyArgon2(
-                    password = password,
-                    salt = emailLower,  // 使用小写邮箱作为盐
-                    iterations = preLoginResult.kdfIterations,
-                    memory = preLoginResult.kdfMemory ?: 64,
-                    parallelism = preLoginResult.kdfParallelism ?: 4
-                )
-            } else {
-                BitwardenCrypto.deriveMasterKeyPbkdf2(
-                    password = password,
-                    salt = emailLower,  // 使用小写邮箱作为盐
-                    iterations = preLoginResult.kdfIterations
-                )
+            masterKey = when (preLoginResult.kdfType) {
+                BitwardenVault.KDF_TYPE_ARGON2ID -> {
+                    BitwardenCrypto.deriveMasterKeyArgon2(
+                        password = password,
+                        salt = emailLower,  // 使用小写邮箱作为盐
+                        iterations = preLoginResult.kdfIterations,
+                        memory = preLoginResult.kdfMemory ?: ARGON2_DEFAULT_MEMORY_MB,
+                        parallelism = preLoginResult.kdfParallelism ?: ARGON2_DEFAULT_PARALLELISM
+                    )
+                }
+
+                BitwardenVault.KDF_TYPE_PBKDF2 -> {
+                    BitwardenCrypto.deriveMasterKeyPbkdf2(
+                        password = password,
+                        salt = emailLower,  // 使用小写邮箱作为盐
+                        iterations = preLoginResult.kdfIterations
+                    )
+                }
+
+                else -> {
+                    logDiag(
+                        flow = "primary",
+                        attemptId = attemptId,
+                        stage = "stop_unsupported_kdf",
+                        message =
+                            "kdf=${preLoginResult.kdfType}, iter=${preLoginResult.kdfIterations}, " +
+                                "mem=${preLoginResult.kdfMemory}, parallelism=${preLoginResult.kdfParallelism}"
+                    )
+                    return@withContext Result.failure(
+                        IllegalArgumentException("Unsupported KDF type: ${preLoginResult.kdfType}")
+                    )
+                }
             }
 
             // 3. 派生 Master Password Hash (用于服务器认证)
@@ -1018,6 +1041,61 @@ class BitwardenAuthService(
         return isInvalidGrant && (isInvalidCredDescription || isInvalidCredBody)
     }
 
+    private fun normalizePreLoginResult(
+        kdfType: Int,
+        kdfIterations: Int,
+        kdfMemory: Int?,
+        kdfParallelism: Int?,
+        diagnosticAttemptId: String?
+    ): PreLoginResult {
+        val normalized = when (kdfType) {
+            BitwardenVault.KDF_TYPE_PBKDF2 -> PreLoginResult(
+                kdfType = kdfType,
+                kdfIterations = kdfIterations.takePositiveOrDefault(PBKDF2_DEFAULT_ITERATIONS),
+                kdfMemory = null,
+                kdfParallelism = null
+            )
+
+            BitwardenVault.KDF_TYPE_ARGON2ID -> PreLoginResult(
+                kdfType = kdfType,
+                kdfIterations = kdfIterations.takePositiveOrDefault(ARGON2_DEFAULT_ITERATIONS),
+                kdfMemory = kdfMemory.takePositiveOrDefault(ARGON2_DEFAULT_MEMORY_MB),
+                kdfParallelism = kdfParallelism.takePositiveOrDefault(ARGON2_DEFAULT_PARALLELISM)
+            )
+
+            else -> PreLoginResult(
+                kdfType = kdfType,
+                kdfIterations = kdfIterations,
+                kdfMemory = kdfMemory,
+                kdfParallelism = kdfParallelism
+            )
+        }
+
+        if (
+            normalized.kdfIterations != kdfIterations ||
+            normalized.kdfMemory != kdfMemory ||
+            normalized.kdfParallelism != kdfParallelism
+        ) {
+            diagnosticAttemptId?.let { attemptId ->
+                logDiag(
+                    flow = "primary",
+                    attemptId = attemptId,
+                    stage = "prelogin_normalized",
+                    message =
+                        "kdf=$kdfType, iter:$kdfIterations->${normalized.kdfIterations}, " +
+                            "mem:$kdfMemory->${normalized.kdfMemory}, " +
+                            "parallelism:$kdfParallelism->${normalized.kdfParallelism}"
+                )
+            }
+        }
+
+        return normalized
+    }
+
+    private fun Int?.takePositiveOrDefault(default: Int): Int {
+        return this?.takeIf { it > 0 } ?: default
+    }
+
     private fun newAttemptId(): String = UUID.randomUUID().toString().substring(0, 8)
 
     private fun classifyServer(vaultUrl: String): String {

Monica for Android/app/src/main/java/takagi/ru/monica/data/OperationLogDao.kt

@@ -80,6 +80,12 @@ interface OperationLogDao {
      */
     @Query("DELETE FROM operation_logs WHERE timestamp < :cutoffTime")
     suspend fun deleteOldLogs(cutoffTime: Long)
+
+    /**
+     * 删除超过指定天数的维护快照日志
+     */
+    @Query("DELETE FROM operation_logs WHERE timestamp < :cutoffTime AND changesJson LIKE '%' || :snapshotFieldName || '%'")
+    suspend fun deleteOldMaintenanceSnapshotLogs(cutoffTime: Long, snapshotFieldName: String)
 
     /**
      * 更新日志的恢复状态

Monica for Android/app/src/main/java/takagi/ru/monica/data/PasswordEntryDao.kt

@@ -54,6 +54,9 @@ interface PasswordEntryDao {
 
     @Query("SELECT * FROM password_entries WHERE id IN (:ids)")
     suspend fun getPasswordsByIds(ids: List<Long>): List<PasswordEntry>
+
+    @Query("SELECT * FROM password_entries WHERE id IN (:ids) AND isDeleted = 0 AND isArchived = 0")
+    suspend fun getActivePasswordsByIds(ids: List<Long>): List<PasswordEntry>
 
     @Insert(onConflict = OnConflictStrategy.REPLACE)
     suspend fun insertPasswordEntry(entry: PasswordEntry): Long