Update limit (#83)

* Update setting file structure

* Fix critical rename operation bugs (Phase 1A)

Bug #1: Fix revision increment gap in mysql.rs
- Changed revision increment logic to prevent gaps
- Both tombstone and active rows now use same revision (current+1)
- Maintains sequential revision tracking without N+2 jumps

Bug #2: Fix cross-watcher MOVE broadcast in rename.rs
- Use server IDs instead of client IDs for cross-watcher moves
- Ensures other devices can properly locate moved files
- Fixes synchronization failure across devices

All tests passing (17/17). Ready for production deployment.

* Remove unwrap() in encryption migration path

- Convert String::from_utf8_lossy unwrap to proper error handling
- Return StorageError::Database if plain_path is missing
- Prevents potential production panic during encryption migration

Phase 1B: unwrap removal (1/37)

* Remove unsafe unwrap() calls in file, quota, and service modules

- mysql_file.rs: Use match pattern for row_opt instead of is_none() + unwrap()
- mysql_quota.rs: Replace unwrap() with expect() for valid date calculations
- server/service.rs: Replace unwrap() with expect() for midnight time

Phase 1B: unwrap removal (2-8/37)

* Remove unsafe unwrap() calls in version and usage services

- version_service.rs: Use map_or() instead of is_some()+unwrap() pattern
- usage_service.rs: Use if-let for safe downcast in warning update

Phase 1B: unwrap removal (9-10/37)

* Optimize decrypt_text signature to avoid clone

- Change decrypt_text parameter from Vec<u8> to &[u8]
- Remove 20 unnecessary clone() calls in mysql_file.rs
- Reduces heap allocations during file decryption operations

Phase 3: Clone optimization (1/n)

* Update setting file structure

* Update setting file structure

* Optimize server logging - reduce redundancy and improve efficiency

* Refine log levels: info for requests, debug for internal operations

* Add encryption key invalidation feature

- Add InvalidateKeyId RPC for key lifecycle management
- Block downloads for files with invalidated keys (KEY_INVALIDATED error)
- Add error_code field to DownloadFileResponse
- Add mysql_key.rs storage layer with idempotent invalidation

* Update cloud_test env

* Add soft delete feature with multi-device LWW sync support

---------

Co-authored-by: Claude Opus 4.5 <[email protected]>

Author: zephyranthes03

.env.cloud_test

@@ -0,0 +1,47 @@
+# Temporary cloud DB configuration for migration testing
+DB_USER="genesis76"
+DB_PASS="VC1OGzY4ukM5DaCrVZJb6832XWYc08U072k4yp0bZ"
+DB_NAME="cosmic_sync"
+DB_HOST="127.0.0.1"
+DB_PORT=63306
+DB_POOL=5
+
+SERVER_HOST=0.0.0.0
+SERVER_PORT=50051
+WORKER_THREADS=4
+HEARTBEAT_INTERVAL_SECS=30
+AUTH_TOKEN_EXPIRY_HOURS=24
+
+OAUTH_CLIENT_ID=cosmic-sync
+OAUTH_CLIENT_SECRET=cosmicsecretsocmicsecret
+OAUTH_REDIRECT_URI=http://10.241.62.167:8080/oauth/callback
+OAUTH_AUTH_URL=http://10.241.62.167:4000/oauth/authorize
+OAUTH_TOKEN_URL=http://10.241.62.167:4000/oauth/token
+OAUTH_USER_INFO_URL=http://10.241.62.167:4000/api/settings
+OAUTH_SCOPE=profile:read
+
+MAX_CONCURRENT_REQUESTS=100
+MAX_FILE_SIZE=52428800
+
+RUST_LOG=cosmic_sync_server=debug,info
+LOG_LEVEL=debug
+LOG_TO_FILE=false
+
+STORAGE_TYPE="s3"
+AWS_REGION="us-east-2"
+S3_BUCKET="cosmic-sync-files"
+S3_KEY_PREFIX="files/"
+AWS_ACCESS_KEY_ID="minioadmin"
+AWS_SECRET_ACCESS_KEY="minioadmin"
+S3_ENDPOINT_URL="http://127.0.0.1:9000"
+S3_FORCE_PATH_STYLE="true"
+S3_TIMEOUT_SECONDS="30"
+S3_MAX_RETRIES="3"
+
+COSMIC_SYNC_DEV_MODE="1"
+COSMIC_SYNC_TEST_MODE="1"
+COSMIC_SYNC_DEBUG_MODE="1"
+
+SERVER_ENCODE_KEY=c3e15e2f727cf777380f23a9f9fa8156c5f4f7f3e697f6dc95a47372e76ac6bf
+
+RABBITMQ_ENABLED=false

env_home.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# Switch to home network (192.168.50.100)
+
+sed -i 's/10.17.89.63/192.168.50.100/g' .env
+
+mysql -h 127.0.0.1 -P 3306 -u root -precognizer --ssl-mode=DISABLED recognizer_dev -e \
+  "UPDATE oauth_applications SET redirect_uri = 'http://192.168.50.100:8080/oauth/callback' WHERE redirect_uri LIKE '%/oauth/callback';"
+
+echo "Switched to home network (192.168.50.100)"

env_office.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+# Switch to office network (10.17.89.63)
+
+sed -i 's/192.168.50.100/10.17.89.63/g' .env
+
+mysql -h 127.0.0.1 -P 3306 -u root -precognizer --ssl-mode=DISABLED recognizer_dev -e \
+  "UPDATE oauth_applications SET redirect_uri = 'http://10.17.89.63:8080/oauth/callback' WHERE redirect_uri LIKE '%/oauth/callback';"
+
+echo "Switched to office network (10.17.89.63)"

migrations/add_key_status_table.sql

@@ -0,0 +1,15 @@
+-- Migration: Add key_status table for encryption key invalidation feature
+-- Date: 2025-12-12
+
+CREATE TABLE IF NOT EXISTS key_status (
+    id BIGINT AUTO_INCREMENT PRIMARY KEY,
+    account_hash VARCHAR(64) NOT NULL,
+    key_id VARCHAR(32) NOT NULL,
+    status VARCHAR(20) NOT NULL DEFAULT 'active',
+    reason VARCHAR(50),
+    invalidated_at TIMESTAMP NULL,
+    invalidated_by_device VARCHAR(64),
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    UNIQUE INDEX idx_key_status_account_key (account_hash, key_id),
+    INDEX idx_key_status_account (account_hash)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

migrations/add_soft_delete.sql

@@ -0,0 +1,64 @@
+-- Soft Delete Migration for Watcher Sync
+-- This migration adds is_deleted and deleted_at columns to support soft delete functionality
+-- for watchers, watcher_groups, and files tables.
+
+-- ============================================================================
+-- 1. watcher_groups 테이블 수정
+-- ============================================================================
+ALTER TABLE watcher_groups
+  ADD COLUMN is_deleted BOOLEAN NOT NULL DEFAULT FALSE,
+  ADD COLUMN deleted_at TIMESTAMP NULL;
+
+-- ============================================================================
+-- 2. watchers 테이블 수정
+-- ============================================================================
+ALTER TABLE watchers
+  ADD COLUMN is_deleted BOOLEAN NOT NULL DEFAULT FALSE,
+  ADD COLUMN deleted_at TIMESTAMP NULL;
+
+-- ============================================================================
+-- 3. files 테이블 수정
+-- ============================================================================
+ALTER TABLE files
+  ADD COLUMN is_deleted BOOLEAN NOT NULL DEFAULT FALSE,
+  ADD COLUMN deleted_at TIMESTAMP NULL;
+
+-- ============================================================================
+-- 4. 성능 인덱스 추가 (조회 최적화)
+-- ============================================================================
+
+-- watcher_groups: account별 활성 그룹 조회용
+CREATE INDEX idx_watcher_groups_account_active
+  ON watcher_groups(account_hash, is_deleted);
+
+-- watchers: account별 활성 watcher 조회용
+CREATE INDEX idx_watchers_account_active
+  ON watchers(account_hash, is_deleted);
+
+-- watchers: group별 활성 watcher 조회용
+CREATE INDEX idx_watchers_group_active
+  ON watchers(group_id, is_deleted);
+
+-- files: watcher별 활성 파일 조회용
+CREATE INDEX idx_files_watcher_active
+  ON files(server_watcher_id, is_deleted);
+
+-- files: account별 활성 파일 조회용
+CREATE INDEX idx_files_account_active
+  ON files(account_hash, is_deleted);
+
+-- ============================================================================
+-- 5. Cleanup job용 인덱스 (삭제 대상 조회 최적화)
+-- ============================================================================
+
+-- watcher_groups: 삭제 대상 조회용
+CREATE INDEX idx_watcher_groups_deleted_at
+  ON watcher_groups(deleted_at);
+
+-- watchers: 삭제 대상 조회용
+CREATE INDEX idx_watchers_deleted_at
+  ON watchers(deleted_at);
+
+-- files: 삭제 대상 조회용
+CREATE INDEX idx_files_deleted_at
+  ON files(deleted_at);

proto/sync.proto

@@ -864,6 +864,7 @@ message SyncConfigurationRequest {
     bool incremental = 6;                         // Incremental sync vs full sync
     bool force_update = 7;                        // Force update flag
     int64 client_timestamp = 8;                   // Client timestamp
+    int64 last_sync_timestamp = 9;                // Last successful sync timestamp (for Item-level LWW)
 }
 
 message SyncConfigurationResponse {
@@ -877,16 +878,37 @@ message SyncConfigurationResponse {
     repeated string conflict_details = 8;         // Conflict details
     ActionTaken action_taken = 9;                 // Action taken during synchronization
     bool is_new_account = 10;                     // Whether this is a new account setup
+    int32 retention_days = 11;                    // Soft-deleted items retention period (days)
+    repeated DeletedItemInfo deleted_items = 12;  // Items soft-deleted in this sync
+    repeated WatcherGroupData recently_added = 13;      // Items added by other devices (client should merge)
+    repeated DeletedItemInfo recently_deleted = 14;     // Items deleted by other devices (client should remove)
+}
+
+// Information about a soft-deleted item
+message DeletedItemInfo {
+    enum ItemType {
+        GROUP = 0;
+        WATCHER = 1;
+    }
+    ItemType type = 1;                            // Type of deleted item
+    int32 group_id = 2;                           // Deleted group_id (or parent group_id for watcher)
+    int32 watcher_id = 3;                         // Deleted watcher_id (0 if type is GROUP)
+    string title = 4;                             // Name of the deleted item
+    int32 affected_files = 5;                     // Number of files affected by deletion
 }
 
 message SyncStats {
     int32 groups_updated = 1;                     // Number of updated groups
     int32 groups_created = 2;                     // Number of created groups
-    int32 groups_deleted = 3;                     // Number of deleted groups
+    int32 groups_deleted = 3;                     // Number of deleted groups (soft delete)
     int32 presets_updated = 4;                    // Number of updated presets
     int64 sync_timestamp = 5;                     // Synchronization timestamp
     int32 total_operations = 6;                   // Total number of operations
     double sync_duration_ms = 7;                  // Synchronization duration (milliseconds)
+    int32 watchers_created = 8;                   // Number of created watchers
+    int32 watchers_updated = 9;                   // Number of updated watchers
+    int32 watchers_deleted = 10;                  // Number of deleted watchers (soft delete)
+    int32 files_soft_deleted = 11;                // Number of files soft-deleted due to watcher deletion
 }
 
 // File history lookup request

src/handlers/admin_handler.rs

@@ -0,0 +1,101 @@
+//! Admin API handlers for maintenance operations
+
+use actix_web::{web, HttpResponse, Result as ActixResult};
+use serde::Serialize;
+use std::sync::Arc;
+use tracing::{error, info};
+
+use crate::server::app_state::AppState;
+use crate::storage::CleanupStats;
+
+/// Default retention period for soft-deleted items (in days)
+const DEFAULT_RETENTION_DAYS: i32 = 30;
+
+/// Response for cleanup operation
+#[derive(Debug, Serialize)]
+pub struct CleanupResponse {
+    pub success: bool,
+    pub message: String,
+    pub retention_days: i32,
+    pub stats: CleanupStats,
+}
+
+/// Run cleanup job to permanently delete soft-deleted records older than retention period
+///
+/// This endpoint permanently deletes:
+/// - Files (including S3 objects)
+/// - Watchers
+/// - Watcher groups
+///
+/// that have been soft-deleted for longer than the retention period (default 30 days).
+///
+/// # Request
+/// POST /admin/cleanup
+///
+/// # Response
+/// ```json
+/// {
+///     "success": true,
+///     "message": "Cleanup completed successfully",
+///     "retention_days": 30,
+///     "stats": {
+///         "files_deleted": 10,
+///         "watchers_deleted": 5,
+///         "groups_deleted": 2,
+///         "s3_objects_deleted": 10,
+///         "errors": []
+///     }
+/// }
+/// ```
+pub async fn run_cleanup(app_state: web::Data<Arc<AppState>>) -> ActixResult<HttpResponse> {
+    info!("Admin cleanup job started");
+
+    match app_state
+        .storage
+        .cleanup_soft_deleted(DEFAULT_RETENTION_DAYS)
+        .await
+    {
+        Ok(stats) => {
+            info!(
+                "Cleanup completed: {} files, {} watchers, {} groups deleted",
+                stats.files_deleted, stats.watchers_deleted, stats.groups_deleted
+            );
+
+            Ok(HttpResponse::Ok().json(CleanupResponse {
+                success: true,
+                message: "Cleanup completed successfully".to_string(),
+                retention_days: DEFAULT_RETENTION_DAYS,
+                stats,
+            }))
+        }
+        Err(e) => {
+            error!("Cleanup failed: {}", e);
+
+            Ok(HttpResponse::InternalServerError().json(CleanupResponse {
+                success: false,
+                message: format!("Cleanup failed: {}", e),
+                retention_days: DEFAULT_RETENTION_DAYS,
+                stats: CleanupStats::default(),
+            }))
+        }
+    }
+}
+
+/// Get cleanup status and statistics (read-only, no actual cleanup)
+///
+/// # Request
+/// GET /admin/cleanup/status
+///
+/// # Response
+/// Returns information about pending cleanup items
+pub async fn cleanup_status(app_state: web::Data<Arc<AppState>>) -> ActixResult<HttpResponse> {
+    // For now, just return the retention configuration
+    // In the future, could query counts of items pending cleanup
+    let _ = app_state; // Will be used when we add pending count queries
+
+    Ok(HttpResponse::Ok().json(serde_json::json!({
+        "retention_days": DEFAULT_RETENTION_DAYS,
+        "description": "Items soft-deleted more than 30 days ago will be permanently deleted on cleanup",
+        "trigger_endpoint": "POST /admin/cleanup"
+    })))
+}

src/handlers/mod.rs

@@ -29,6 +29,9 @@ pub mod metrics;
 // Usage tracking handlers
 pub mod usage_handler;
 
+// Admin handlers (cleanup, maintenance)
+pub mod admin_handler;
+
 use crate::sync::HealthCheckRequest;
 use crate::sync::HealthCheckResponse;
 use tonic::{Request, Response, Status};