WIP: Next Prod Release Candidate#779
Draft
prathieshna wants to merge 296 commits intonextfrom
Draft
Conversation
added 30 commits
September 22, 2025 02:08
- Refactored `StorachaAccountDetailsFragment` to display detailed plan information (name, storage limit, cost) and a sortable list of spaces with their usage. - Added loading indicators with appropriate messages to `StorachaAccountDetailsFragment` and `StorachaViewAccountsFragment`. - Implemented retry logic with token regeneration in `BridgeUploader` for `store/add`, `upload/add`, and S3 uploads to handle token expirations and temporary network issues. - Improved error handling in `StorachaMediaFragment` to show user-friendly dialogs for upload failures, with an option to retry the last failed upload. - Added `PlanInfo.kt` model to manage and format storage plan details. - Introduced `SpacesUsageAdapter.kt` to display and sort space usage in `StorachaAccountDetailsFragment`. - Updated layouts and string resources to support these changes.
This reverts commit 04262ba.
storacha: adjust grid item layout
Added `SwipeRefreshLayout` to `StorachaMediaFragment` and `StorachaBrowseSpacesFragment`. Updated `StorachaMediaViewModel` to support refreshing media list from the start. Modified loading indicators to avoid dual display during pull-to-refresh.
… fix - Integrated `isAdmin` flag throughout Storacha upload process in BridgeUploader and related ViewModels/Fragments. - Updated Storacha service base URL. - Corrected pagination logic in `StorachaMediaViewModel` to properly handle refresh, first load, and prevent duplicate entries. - Adjusted scroll listener threshold in `StorachaMediaFragment` for earlier pagination trigger. - Minor UI tweaks in Storacha account details screen.
App version bump to 4.0.4
- Improved Storacha disclaimer with a link to learn more. - Refined various UI text and labels for clarity and consistency. - Added user-friendly error messages for upload failures. - Renamed "Manage DIDs" to "Manage Accounts" for better user understanding.
Expanded file type support to include PDFs and various other document formats (doc, docx, txt, etc.). Refactored the file selection handling in `StorachaMediaFragment` to use a single, unified `handleMedia` function for all file types, removing redundant type-specific handlers.
- Implemented back press blocking during file uploads. - Fixed an issue causing upload success/error dialogs to reappear. - Added cleanup for temporary and CAR files after successful uploads. - Refined the upload retry logic to regenerate CAR files. - The "Manage Access" menu item is now disabled during uploads.
The login button is now disabled by default. It becomes enabled only when the user enters a valid email format in the email field. The error message on the email field is cleared as the user starts typing.
Storacha Login: - Added a loading indicator for the login process. - Disabled the login button while authentication is in progress. Storacha DID Management: - Implemented validation for DID format (`did:key:z...`) on the DID Access screen. - Added checks to prevent adding duplicate DIDs for a space. - The DID scanner now validates the format and checks for duplicates. - Added extensive unit tests for `Ed25519Utils.isValidDid`.
Introduced `StorachaHelper` to centralize logic for determining user access to Storacha features. This helper checks if a user has logged-in accounts or has joined any spaces. Key changes: - Replaced direct `DidManager` checks in `MainActivity` and `StorachaFragment` with the new `StorachaHelper.shouldEnableStorachaAccess()` method. - Added logic in `StorachaBrowseSpacesFragment` to count and store the number of joined spaces using `StorachaHelper`. - The "My Spaces" button and the Storacha service in the space list are now enabled if the user is logged in or has joined at least one space.
- Replaced the legacy `Picker.takePhoto` with `Picker.takePhotoModern`. - Enabled camera permission check before launching the camera in `MainActivity` and `PreviewActivity`.
Updated version to 4.0.6
Refactored button bars and layouts for consistency in: - StorachaLoginFragment - StorachaClientQRFragment - StorachaAccountDetailsFragment - StorachaDIDAccessFragment Moved `StorachaAccount.kt` to a new `model` subpackage.
Instead of loading the entire CAR file into a `ByteArray` in memory, this change modifies the upload process to stream the file directly from disk. This significantly reduces memory usage, especially for large files. The `CarFileCreator` now writes the generated CAR file directly to a temporary file instead of returning a byte array. `BridgeUploader` and `StorachaMediaViewModel` have been updated to work with this new `File`-based approach. Additionally, temporary CAR files are now cleaned up after a successful upload, on retry, or when the view is destroyed.
- Optimized CAR file creation to stream large files and write blocks directly to a temporary file, significantly reducing memory usage. - Introduced a separate OkHttpClient for S3 uploads without logging to prevent OutOfMemoryError on large file uploads. - Increased S3 client timeouts to 5 minutes to better handle large file transmissions.
Cleans up any temporary or CAR files from a previously failed upload before starting a new one in `StorachaMediaFragment`.
updated backgroundTint to use button_color
This commit introduces a comprehensive session management system for Storacha to handle expired or invalid sessions gracefully. Key changes include: * Added a centralized `SessionManager` to validate sessions and automatically remove invalid accounts. * Implemented an `AuthInterceptor` to catch 401/403 errors and trigger session expiration flows. * Introduced common `showSessionExpiredDialog()` methods in `BaseFragment` for consistent user feedback. * In ViewModels, added `sessionExpired` LiveData to notify fragments of authentication failures, allowing them to display the appropriate dialog. * Updated the "Browse Spaces" screen to allow users to continue browsing delegated spaces even after their session expires. * Minor code cleanup and version bump to 4.0.7.
- Added real-time DID format validation on the input field. - The "Next" button is now enabled/disabled based on the validity of the DID format. - A loading indicator with the text "Adding DID…" is now displayed while the DID is being processed.
- Change `PasscodeGate` registration from Activity lifecycle to `ProcessLifecycleOwner` to prevent accidental locking during Activity transitions. - Update `to_get_started_more_hint` string to remove Filecoin reference and simplify wording. - Customize `Switch` colors in `C2paScreen` to use white thumbs and tertiary track colors when enabled.
…service handling - Handle `ForegroundServiceStartNotAllowedException` on Android 12+ by deferring Tor service startup until the app enters the foreground. - Implement a workaround for a bug in `tor-android` 0.4.9.5.1 where the library fails to subscribe to `NOTICE` events, preventing "Bootstrapped 100%" status broadcasts. - Update `TorForegroundService` to manually subscribe to `NOTICE` events and verify bootstrap status via the control port. - Modify `SnowbirdService` to wait for Tor to reach a ready state before initializing the Rust bridge to prevent resource contention and connection failures. - Adjust `HomeActivity` startup sequence to ensure `SnowbirdService` starts after intent handling.
- Add `strings.xml` for Central Kurdish (ckb) localization. - Fix logic in `SettingsScreen.kt` to prevent premature passcode state updates before setup completion.
- Implement a two-step project picker bottom sheet for media imported via the Android share-sheet, allowing users to select a specific server and folder for the upload. - Introduce `SharedImportState` to manage pending URIs across the import lifecycle. - Refactor `HomeActivity` to handle intent-based imports using an explicit list of supported MIME types instead of wildcards. - Update `HomeViewModel` and `HomeState` to support the new shared import workflow and UI states. - Set `HomeActivity` to `singleTask` launch mode for better intent handling. - Ensure `ResultEventBus` creates channels eagerly to prevent missed events. - Add debug logging for the share-sheet import process.
**Core & Repository** - Added `updatePriorities` to `MediaRepository` and implementations to allow batch updating of media queue priorities. - Fixed a bug in `HomeActivity` where shared media was re-imported on configuration changes by checking `savedInstanceState`. - Improved file name resolution in `MediaPicker` to handle URIs without display names. **Feature Improvements** - **Home:** Added a snackbar warning if a user attempts to add media without an active folder. Enabled auto-scrolling to the top when refreshing media. - **Media Review:** Added a "Done" action button to the top bar for saving and finishing. Improved layout handling by adding `imePadding` and using fixed height ratios for previews to prevent keyboard overlap. - **UI/UX:** Added title overlays to media thumbnails in the main grid. Refined typography and spacing across `FoldersScreen`, `FolderDetailScreen`, and `MainMediaScreen`. - **Upload Manager:** Optimized reordering performance using batch priority updates and improved drag-handle touch targets. **Services & Integration** - **Internet Archive:** Modified `IaConduit` to handle `file://` URIs directly, bypassing `ContentResolver` for local files. Made metadata and C2PA manifest uploads non-fatal. - **WebDAV:** Wrapped the upload process in a try-catch block for better error reporting and updated `WebDavDetailScreen` to mask passwords. - **C2PA:** Refactored `C2paScreen` to use `HtmlText` for "Learn More" links and updated the linked URL. **Bug Fixes & Localization** - Fixed `HtmlText` styling where the default text color was overriding link styles. - Added "Folder renamed" string and confirmation message. - Adjusted UI spacing in license setup and secure field components.
Bugfix/bugfixes testing cycle 2
…ES-256-GCM
- Refactor `TinkVaultCredentialStore` and `PasscodeRepository` to use native `AndroidKeyStore` and `Cipher` (AES/GCM/NoPadding) for encryption, removing the Google Tink dependency.
- Remove `ScryptHashingStrategy` and associated Bouncy Castle dependencies.
- Replace ML Kit barcode scanning with ZXing in `QRImageAnalyzer` to reduce binary size (~20MB saving).
- Update `app/proguard-rules.pro` with comprehensive rules for Room, Koin, Retrofit, Serialization, and native JNI bridges.
- Update `app/build.gradle.kts`:
- Enable ProGuard minification and resource shrinking for release builds.
- Restrict NDK ABIs to `arm64-v8a` and `armeabi-v7a`.
- Apply locale filters to strip unused resources.
- Remove several unused dependencies (Guava, Picasso, ML Kit, Bouncy Castle, etc.).
- Modify `IaConduit` to stop uploading C2PA manifests to Internet Archive and update `MediaPicker` to only generate C2PA manifests for in-app camera captures.
- Improve `FolderBar` UI with updated typography and error colors for destructive actions.
- Bump `versionCode` to 30031 and `versionName` to 4.0.10.
[SECURITY] Replace Tink and Scrypt with native Android Keystore and A…
…tivity checks before starting uploads. ### Core Changes - **New `UploadGate` Utility**: Introduced a central component to validate network conditions (Wi-Fi requirement) and Tor status before proceeding with uploads. It includes specific logic to skip Tor checks for DWeb (Snowbird) storage. - **Improved Background Resumption**: Added `checkIfQueued` to `UploadGate` to prevent spurious connectivity dialogs when the app resumes if the upload queue is empty. - **Enhanced Error Handling in `WebDavConduit`**: Added explicit checks for file existence (ENOENT) before upload. If a file is missing, the evidence record is now deleted to prevent the queue from getting stuck in a permanent error state. - **Upload Cancellation Fix**: Updated `Conduit` to reset cancelled uploads to a `QUEUED` status and clear transient UI progress, ensuring they can be retried in the next session. - **ProGuard Optimization**: Added `-optimizations !class/merging/*` to prevent R8 from merging `CleanInsights` configuration classes, which previously caused Moshi serialization failures. ### UI and Integration - Integrated `UploadGate` into `HomeActivity`, `HomeViewModel`, `UploadManagerViewModel`, and `PreviewMediaViewModel` to wrap upload triggers. - Added `NetworkUtils.isOnWifi` helper. - Added localized strings for Wi-Fi and Tor connectivity warnings. - Registered `UploadGate` in `TorModule` for dependency injection.
- Add `REVIEW_MEDIA_SAVED` constant to `NavigationResultKeys`. - Trigger `REVIEW_MEDIA_SAVED` event in `ReviewMediaViewModel` after successfully saving media. - Observe `REVIEW_MEDIA_SAVED` in `PreviewMediaViewModel` to reset selection state (clear `selectedIds` and `selectionCount`) when media is saved.
Updated and synchronized `strings.xml` for multiple languages: - Added new translations and corrected existing strings for Arabic, Spanish, Farsi, French, Russian, Turkish, and Ukrainian. - Added comprehensive new localization support for Belarusian, Kurdish, Polish, Portuguese (Brazil), Chinese (Simplified), Chinese (Traditional), and Chinese (Hong Kong). - Synchronized Transifex metadata and formatting across resource files.
* Removed redundant locale directories `values-pt_BR`, `values-zh-Hans`, `values-zh_HK`, and `values-zh_TW`. * Added and synchronized translation files for `values-pt-rBR`, `values-uk`, `values-zh-rHK`, `values-zh-rTW`, and `values-b+zh+Hans`. * Updated `IaConduit.kt` to include exponential backoff retries for 503 errors during Internet Archive uploads. * Refactored `WebDavConduit.kt` to improve chunked upload reliability and metadata sequencing. * Integrated C2pa provenance and metadata collection into `CameraViewModel` for camera captures. * Updated `UploadGate` and `UploadService` to better respect TOR connectivity and WiFi-only settings. * Improved error handling and retry logic in `UploadManagerViewModel`. * Cleaned up `provider_paths.xml` to limit FileProvider exposure to specific app directories. * Passed `VaultType` through navigation and picker components to conditionally apply provenance.
…cycle management - Include file name as `title` and resolve `mimeType` from file extension in `CameraViewModel` metadata. - Ensure `jobSucceeded` is called in `WebDavConduit` only after both media and metadata upload attempts complete. - Update `Conduit` to cancel the coroutine scope when jobs succeed, fail, or are cancelled to prevent leaks. - Fix file length detection in `Conduit.sanitize()` to support `content://` URIs via `ContentResolver`. - Remove redundant database updates for `UPLOADING` status in `UploadService`.
- **Process Management**: Implement `isMainProcess` check in `SaveApp` to prevent initialization of WorkManager, Koin, and TOR in the ACRA secondary process.
- **Upload Reliability**:
- Add retry logic for transient network errors in `IaConduit`.
- Increase IA upload read timeout to 5 minutes to accommodate large files/TOR overhead.
- Implement automatic pausing and re-queuing of uploads when TOR connection drops.
- **Upload Gate & Scheduling**:
- Enhance `UploadGate` with "Wait for Wi-Fi" and "Wait for Tor" options using `JobScheduler` and status watchers for auto-resume.
- Update `UploadJobScheduler` to respect the `uploadWifiOnly` preference in system job constraints.
- **Database Migration**:
- Add robust error handling to `MigrationWorker` stages to prevent migration blocks on partial failures.
- Ensure the legacy Sugar ORM database is deleted upon successful Room migration.
- Map `Uploading` status to `QUEUED` during migration to ensure clean resume of interrupted tasks.
- **Networking**: Fix a resource leak in `SaveClient` by ensuring WebDAV response bodies are buffered and closed.
- **UX/Strings**: Update connectivity dialogs and strings to clarify TOR and Wi-Fi wait/override behaviors.
- **Version**: Bump `versionCode` to 30033 and `versionName` to 4.0.12.
…WebDAV.
- **Internet Archive**: Added `x-archive-queue-derive: 0` header to defer post-processing until all files are uploaded, reducing server-side resource competition.
- **WebDAV**:
- Optimized chunked uploads by performing a single initial check to detect resume status, skipping redundant existence checks for subsequent chunks.
- Increased `CHUNK_SIZE` to 10MB and `CHUNK_FILESIZE_THRESHOLD` to 20MB to reduce HTTP round-trip overhead.
- Fixed a bug where 1 byte was skipped at each chunk boundary.
- Configured `OkHttpClient` to force `Connection: close` and disable HTTP/2 to prevent connection reuse corruption and multiplexing conflicts with Nextcloud.
- Moved credentials to a preemptive interceptor to prevent Sardine from overwriting custom timeouts.
- **General**: Increased network `SEGMENT_SIZE` to 64KB for more efficient I/O.
Remove the `sardine-android` dependency and implement WebDAV functionality (PROPFIND, MKCOL, MOVE, PUT, DELETE) directly using OkHttp and a custom XML parser.
- **WebDavRepository**: Replaced Sardine's `list` with a manual `PROPFIND` request and `XmlPullParser` to fetch folder contents.
- **WebDavConduit**:
- Migrated single and chunked upload logic to use OkHttp `Request` objects.
- Implemented manual WebDAV operations: `headExists`, `headContentLength`, `mkcol`, `move`, and `webdavDelete`.
- Improved chunked upload efficiency by using `HEAD` requests instead of `PROPFIND` to check for existing chunks.
- Added support for cancelling active network calls.
- **Conduit**: Wrapped `jobFailed` logic in `NonCancellable` to ensure database updates and event broadcasts complete during service shutdown.
- **SaveClient**: Removed the `getSardine` helper as it is no longer required.
- **Dependencies**: Removed `guardianproject-sardine` from Gradle configuration and updated app version to 4.0.15.
- Upgrade AGP to 9.1.1, Compose to 1.11.0, Kotlin to 2.3.21, and Koin to 4.2.1. - Update various library versions including Datastore, Firebase Crashlytics, Gson, Material3, Media3, Mixpanel, OkHttp, and Tor-Android. - Remove unused or redundant dependencies and plugins, such as BouncyCastle, Bitcoinj, Guava, Netcipher, and ConstraintLayout. - Clean up unused library definitions for Picasso, Jsoup, and several Google Play/MLKit components.
- Defer Sugar ORM database deletion to next app startup in `SaveApp` to prevent `SQLITE_READONLY_DBMOVED` errors during active sessions. - Fix potential deadlock in `HomeScreen` by launching import failure snackbars in a separate scope, ensuring the manual import state is reset first. - Update `CameraViewModel` to remove confirmed items from the internal capture state so they are not deleted during cleanup. - Enhance `UploadService` to explicitly handle and report "No vault configured" errors when a conduit cannot be established. - Improve `Conduit` resolution by falling back to the project's vault ID if the evidence record contains an invalid ID (0), common in legacy Sugar ORM records. - Clean up unused/commented dependencies in `build.gradle.kts`.
Move the deletion of the legacy Sugar ORM database to before `super.onCreate()` to prevent `SugarApp` from holding an open file descriptor on a deleted file. This prevents `SQLITE_READONLY_DBMOVED (1032)` errors that occurred when attempting to write to the database after it was deleted mid-session. - Read `is_room_migrated` preference directly from `SharedPreferences` before `SugarApp` initialization. - Delete `openarchive.db` immediately if migration is already complete. - Log the deletion status after logger initialization.
…rom SugarORM to Room. Key changes: - **Database Migration**: Added logic in `SaveApp.onCreate` to perform a synchronous migration from SugarORM to Room on the first launch (L1) if a legacy database is detected. - **Deferred Deletion**: Introduced a `sugar_db_delete_pending` flag to defer the deletion of the legacy `openarchive.db` until the subsequent launch (L2), preventing `SQLITE_READONLY_DBMOVED` errors caused by active file descriptors. - **Worker Updates**: Updated `MigrationWorker` to handle delta migrations and set the pending deletion flag upon completion. - **Media UI**: Refactored `MediaThumbnail` and `PdfThumbnailView` to use `SubcomposeAsyncImage` painter states for better error handling, replacing basic error drawables with a consistent `MediaPlaceholderIcon` and updating title visibility accordingly. - **Preferences**: Added `isSugarDbDeletePending` to `Prefs` to track the state of the multi-stage migration and deletion process.
Introduce a standalone `SugarToRoomMigrator` object to facilitate the synchronous migration of records from Sugar ORM to Room. Key changes: - Implement `migrate()` to sequence the migration of Spaces, Projects, Collections, and Media. - Add `migrateSpaces()` to map `SugarSpace` to `VaultEntity` and handle credential storage. - Add `migrateProjects()` to map `SugarProject` to `ArchiveEntity`. - Add `migrateCollections()` to map `SugarCollection` to `SubmissionEntity`. - Add `migrateMedia()` to map `SugarMedia` to `EvidenceEntity`, including status mapping. - Update `MigrationStateEntity` throughout the process to track migration stages.
Introduce a standalone `SugarToRoomMigrator` object to facilitate the synchronous migration of records from Sugar ORM to Room. Key changes: - Implement `migrate()` to sequence the migration of Spaces, Projects, Collections, and Media. - Add `migrateSpaces()` to map `SugarSpace` to `VaultEntity` and handle credential storage. - Add `migrateProjects()` to map `SugarProject` to `ArchiveEntity`. - Add `migrateCollections()` to map `SugarCollection` to `SubmissionEntity`. - Add `migrateMedia()` to map `SugarMedia` to `EvidenceEntity`, including status mapping. - Update `MigrationStateEntity` throughout the process to track migration stages.
…tore Ensures the DataStore is a process-wide singleton for the credential file, preventing conflicts between migration-time and Koin-injected instances. - Implement a thread-safe `getOrCreateDataStore` pattern in the companion object. - Update the `dataStore` property to use the shared singleton instance. - Adjust visibility of internal security constants.
Feature/no sardine
…tore Ensures the DataStore is a process-wide singleton for the credential file, preventing conflicts between migration-time and Koin-injected instances. - Implement a thread-safe `getOrCreateDataStore` pattern in the companion object. - Update the `dataStore` property to use the shared singleton instance. - Adjust visibility of internal security constants.
Update versionCode to 30036 and versionName to 4.0.16 in app/build.gradle.kts.
- Implement pre-flight capacity checks using the Internet Archive `check_limit` API to avoid 503 Slow Down errors. - Add `isAlreadyUploaded` check to skip re-uploading files already present on IA after partial successes. - Improve retry logic with reduced base delays, exponential backoff, and jitter to avoid lockstep retries. - Handle HTTP 307/301/302 redirects manually for PUT requests with streaming bodies. - Introduce `IaSlowDownException` to treat IA server overloads as transient, re-queuing items for later retry instead of failing. - Promote `UploadService` to a foreground service on pre-API 34 devices to prevent process termination during uploads. - Add `FOREGROUND_SERVICE` permission to `AndroidManifest.xml`. - Update version to 4.0.17 (30037).
…ound services. - **Passcode Management**: Move `PasscodeGate` registration from `HomeActivity` to `SaveApp` (Process lifecycle) to prevent auth resets during activity recreation (e.g., theme toggles). - **HomeActivity**: Add state tracking to prevent redundant permission checks and media imports during config changes. Delay upload checks and URI flushing until the app is confirmed unlocked. - **Tor & Snowbird Services**: Ensure `startForeground` is only called once per service lifecycle. Update `TorForegroundService` to use `NotificationManager.notify()` for status updates to avoid notification flashing. - **UI Improvements**: Fix `DropdownMenu` background color in `FolderBar` to correctly support dark mode. - **Cleanup**: Remove unnecessary foreground service behavior flags for Android 12+ and update notification text for clarity.
upulw2020
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
• Bug Fixes Reported by QA
• Security Fixes based on the document
• Storacha Removed
• C2PA chnages with additional data similar to Proofmode Legacy
• TOR - cTOR based