sync: encrypted cloud backup for portfolios + settings UX rework

Adds opt-in client-side-encrypted portfolio sync (paid). Browser PBKDF2(PIN) → AES-GCM, server HKDF(pepper, user_id) outer wrap; server stores opaque bytes only. Sliding-window rate limit on GET. - new portfolio_sync table (migration 0015) - POST/GET/DELETE /api/portfolio/sync + /status - app/services/portfolio_sync.py crypto + rate limit - app/routers/sync.py paid-gated - app/static/js/portfolio-sync.js WebCrypto wrapper - settings page: enable/disable + PIN modal - PORTFOLIO_SYNC_PEPPER setting (warn on startup if missing) Settings + import rework: - /upload merged into /settings#import (legacy route 302s) - drop CSV → auto-parse → preview → Import only / Import & sync - nav slimmed to Dashboard / News / Log - Settings + Logout moved to a user dropdown - brand logo links to / Collateral fixes: - settings 500: re-fetch User in current session before mutating referral_code (assign_code_if_missing was refreshing a User loaded in the auth dep's now-closed session) - csv_import: distinct error for unfunded T212 pies (all qty=0) - db.py: drop pool_pre_ping (aiomysql 0.3.2 incompat); pin isolation_level=READ COMMITTED to avoid gap-lock deadlocks - alembic env: disable_existing_loggers=False so in-process migrations don't silence uvicorn's loggers - docker-compose.override.yml: dev-only volume mount + --reload Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-23 16:15:54 +02:00 · 2026-05-23 16:15:54 +02:00 · f326b41a08
commit f326b41a08
parent 89632e9937
23 changed files with 1637 additions and 95 deletions
--- a/app/templates/upload.html
+++ b/app/templates/upload.html
@ -5,7 +5,7 @@
 <section class="panel" style="grid-column: 1 / -1; max-width: 760px; margin: 0 auto;">
  <div class="panel-header">
    <span class="title">Import portfolio (Trading 212 CSV)</span>
-    <span class="meta">stays in your browser · never persists server-side</span>
+    <span class="meta">held locally · optional encrypted cloud sync (paid)</span>
  </div>

  <div class="panel-body" style="padding: 18px clamp(16px, 4vw, 32px) 24px;">
@ -13,9 +13,11 @@
      Export your pie from the T212 web app
      (<span class="neu">Trading 212 → Investing → Your Pie → ⋯ → Export</span>)
      and drop the CSV here. Each Slice is resolved to its Yahoo ticker;
-      the parsed pie is kept in <em>this browser's localStorage</em> only.
-      The server learns just which tickers exist (anonymously) so it can
-      fetch their prices.
+      the parsed pie is kept in <em>this browser's localStorage</em>.
+      The server learns only which tickers exist (anonymously) so it can
+      fetch their prices. If you have <a href="/settings">cloud sync</a>
+      enabled, an <strong>encrypted</strong> copy is also pushed to the
+      server &mdash; only your PIN can decrypt it.
    </p>

    <form id="upload-form" autocomplete="off">
@ -34,6 +36,7 @@
  </div>
 </section>

+<script src="{{ url_for('static', path='/js/portfolio-sync.js') }}" defer></script>
 <script src="{{ url_for('static', path='/js/portfolio.js') }}" defer></script>
 <script>
 (function () {