From b03264ceb16174790e838c6d205d2ec0b11a1f84 Mon Sep 17 00:00:00 2001 From: null Date: Fri, 29 May 2026 00:04:28 -0500 Subject: [PATCH] feat: zero-config encryption + SimpleFIN Bridge links MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - encryptionService.js: getKey() tries TOKEN_ENCRYPTION_KEY env first, then auto-generates a random 48-byte key on first startup, persists to settings as _auto_encryption_key. assertEncryptionReady() is now a no-op. - bankSyncConfigService.js: removed encryption_key_set response and encryptionKeyReady() helper. No env config required. - .env.example: TOKEN_ENCRYPTION_KEY removed. Comment says enable from Admin panel, no env config required. - BankSyncSection.jsx: added SimpleFIN Bridge links — 'Open SimpleFIN Bridge' for first-time setup, 'Get a SimpleFIN token' for existing connections --- .env.example | 16 +---- client/components/data/BankSyncSection.jsx | 72 +++++++++++++++++++--- package.json | 2 +- services/bankSyncConfigService.js | 6 -- services/encryptionService.js | 36 +++++++---- 5 files changed, 91 insertions(+), 41 deletions(-) diff --git a/.env.example b/.env.example index 98c11c8..7bc6639 100644 --- a/.env.example +++ b/.env.example @@ -38,20 +38,8 @@ NODE_ENV=production # BACKUP_PATH=/opt/bill-tracker/data/backups # ── Bank Sync (SimpleFIN) ───────────────────────────────────────────────────── -# Optional. Disabled by default. Requires a SimpleFIN Bridge account. -# Users connect their own SimpleFIN Bridge — BillTracker never stores bank credentials. -# -# BANK_SYNC_ENABLED=false -# -# Required when BANK_SYNC_ENABLED=true. Must be at least 32 characters. -# Used to encrypt the SimpleFIN Access URL at rest. -# TOKEN_ENCRYPTION_KEY=replace-with-a-long-random-secret-at-least-32-chars -# -# How many days back to fetch transactions on first sync (default: 90). -# SIMPLEFIN_SYNC_DAYS=90 -# -# How often the background auto-sync worker runs (default: 4 hours, minimum: 0.5). -# SIMPLEFIN_SYNC_INTERVAL_HOURS=4 +# Enable/disable bank sync from the Admin panel. Users connect their own +# SimpleFIN Bridge from the Data page. No environment config required. # ── First-run admin account ──────────────────────────────────────────────────── # Set BOTH on first start to create the admin account automatically. diff --git a/client/components/data/BankSyncSection.jsx b/client/components/data/BankSyncSection.jsx index d325134..7ecce95 100644 --- a/client/components/data/BankSyncSection.jsx +++ b/client/components/data/BankSyncSection.jsx @@ -1,6 +1,6 @@ import React, { useState, useEffect, useCallback } from 'react'; import { toast } from 'sonner'; -import { Building2, Link2Off, Loader2, RefreshCw } from 'lucide-react'; +import { Building2, Eye, EyeOff, ExternalLink, Link2Off, Loader2, RefreshCw } from 'lucide-react'; import { api } from '@/api'; import { cn } from '@/lib/utils'; import { Button } from '@/components/ui/button'; @@ -11,6 +11,41 @@ import { } from '@/components/ui/alert-dialog'; import { SectionCard } from './dataShared'; +function TokenInput({ value, onChange, disabled }) { + const [show, setShow] = useState(false); + const tail = value.slice(-4); + return ( +
+
+ + {value && ( + + )} +
+ {value && !show && ( +

+ ···{tail} +

+ )} +
+ ); +} + export default function BankSyncSection({ onConnectionChange }) { const [enabled, setEnabled] = useState(null); const [connections, setConnections] = useState([]); @@ -172,13 +207,24 @@ export default function BankSyncSection({ onConnectionChange }) {

Connect a SimpleFIN Bridge account

Paste your SimpleFIN setup token below. BillTracker only stores an encrypted access URL — no bank credentials are saved.

+

+ Need a token?{' '} + + Open SimpleFIN Bridge + + +

- setSetupToken(e.target.value)} - placeholder="Paste SimpleFIN setup token…" - className="flex-1 font-mono text-xs" + disabled={connecting} />