diff --git a/app/static/js/settings-import.js b/app/static/js/settings-import.js
new file mode 100644
index 0000000..6ec4692
--- /dev/null
+++ b/app/static/js/settings-import.js
@@ -0,0 +1,245 @@
+(function () {
+ 'use strict';
+
+ // Server-side hint: did the user have paid privileges when the page
+ // rendered? Used to decide whether to offer the 'Import & sync' button.
+ // We still call CassandraSync.getStatus() at click time as the source
+ // of truth, but this lets us skip rendering a button we know is dead.
+ // Value is passed via data-paid attribute on #drop-zone.
+
+ function ready(fn) {
+ if (document.readyState === 'loading') {
+ document.addEventListener('DOMContentLoaded', fn);
+ } else { fn(); }
+ }
+
+ ready(function () {
+ var P = window.CassandraPortfolio;
+ if (!P) return;
+ var esc = P.esc, fmt = P.fmt, signed = P.signed, cls = P.cls;
+
+ var dropZone = document.getElementById('drop-zone');
+ var fileInput = document.getElementById('file-input');
+ var browseLink = document.getElementById('browse-link');
+ var filenameEl = document.getElementById('dz-filename');
+ var previewEl = document.getElementById('import-preview');
+ var resultEl = document.getElementById('import-result');
+ if (!dropZone) return;
+
+ var IS_PAID = dropZone.dataset.paid === 'true';
+
+ var currentPie = null; // most recently parsed pie, awaiting commit
+
+ function showError(msg) {
+ previewEl.hidden = true;
+ resultEl.className = 'result result--err';
+ resultEl.innerHTML =
+ '✕ Import failed
' +
+ '' + esc(msg) + '
';
+ resultEl.hidden = false;
+ }
+
+ function showSuccess(headline, sub) {
+ previewEl.hidden = true;
+ resultEl.className = 'result result--ok';
+ resultEl.innerHTML =
+ '' + esc(headline) + '
' +
+ (sub ? '' + sub + '
' : '') +
+ '';
+ resultEl.hidden = false;
+ }
+
+ function renderPreview(pie) {
+ currentPie = pie;
+ resultEl.hidden = true;
+
+ var t = pie.totals || {};
+ var rows = (pie.positions || []).map(function (p) {
+ var invested = (p.avg_cost != null && p.qty != null) ? p.avg_cost * p.qty : null;
+ return '' +
+ '' + esc(p.yahoo_ticker || p.t212_slice || '') + ' ' +
+ '' + esc(p.name || '') + ' ' +
+ '' + fmt(p.qty, { maximumFractionDigits: 6 }) + ' ' +
+ '' + fmt(p.avg_cost) + ' ' +
+ '' + fmt(invested) + ' ' +
+ ' ';
+ }).join('');
+
+ var warnings = (pie.warnings || []).map(function (w) {
+ return '' + esc(w) + '
';
+ }).join('');
+
+ var syncBtn = IS_PAID
+ ? ('' +
+ '
Import & sync to cloud ' +
+ '
' +
+ 'Also stores an encrypted copy on the server, ' +
+ 'restorable on any device with your PIN. Only you can decrypt ' +
+ 'it — losing the PIN means losing the backup.' +
+ '
' +
+ '
' +
+ '
Import & sync to cloud ' +
+ '
' +
+ 'Encrypted cloud backup is available on the paid tier.' +
+ '
' +
+ '
' +
+ '
' +
+ '▸ Preview: ' + esc(pie.pie_name || 'pie') + ' ' +
+ '
' +
+ '
' +
+ '
Positions
' + (pie.positions || []).length + '
' +
+ '
Invested
' + fmt(t.invested) + '
' +
+ '
Value
' + fmt(t.value) + '
' +
+ '
Result
' + signed(t.result) + '
' +
+ '
' +
+ warnings +
+ (rows
+ ? '
' +
+ '
' +
+ '' +
+ 'Ticker Name ' +
+ 'Qty ' +
+ 'Avg ' +
+ 'Invested ' +
+ ' ' + rows + ' ' +
+ '
' +
+ '
'
+ : ''
+ ) +
+ '
' +
+ '
' +
+ '
Import to this browser ' +
+ '
' +
+ 'Saved to this browser only. No server-side copy of your holdings.' +
+ '
' +
+ '
' +
+ syncBtn +
+ '
' +
+ '' +
+ 'Cancel ' +
+ '
' +
+ '
' +
+ '
' + esc(e.message || 'status check failed') + ' ';
+ return;
+ }
+ const valueEl = statusEl.querySelector('.settings-row__value');
+ actionsEl.innerHTML = '';
+ if (status.exists && status.orphaned) {
+ // The stored blob can no longer be decrypted (server key rotated
+ // since it was written). The data is permanently unrecoverable,
+ // so silently clean up the dead row and re-render in the
+ // standard "off" state — leaving a soft one-liner so the user
+ // knows why they need to re-import.
+ try { await window.CassandraSync.disableSync(); }
+ catch (e) { console.warn('auto-clear stale sync failed', e); }
+ setFeedback('Your previous cloud backup couldn’t be restored. Re-import your portfolio to enable cloud sync again.', true);
+ await refresh();
+ return;
+ } else if (status.exists) {
+ const when = status.updated_at
+ ? new Date(status.updated_at).toISOString().replace('T', ' ').slice(0, 16) + ' UTC'
+ : '—';
+ valueEl.innerHTML =
+ 'On ' +
+ 'last synced ' + esc(when) + ' ';
+
+ const disable = document.createElement('button');
+ disable.type = 'button';
+ disable.className = 'pf-secondary';
+ disable.textContent = 'Disable sync';
+ disable.addEventListener('click', async function () {
+ if (!confirm('Remove your encrypted portfolio from the server? Your local copy is untouched.')) return;
+ try {
+ await window.CassandraSync.disableSync();
+ await refresh();
+ setFeedback('Cloud sync disabled. Server copy removed.', true);
+ } catch (e) { setFeedback(e.message || 'Disable failed.', false); }
+ });
+ actionsEl.appendChild(disable);
+ } else {
+ valueEl.innerHTML = 'Off ';
+ // Only offer 'Enable' when there's actually a pie to encrypt;
+ // otherwise the user would hit a dead-end at the modal.
+ const hasPie = !!localStorage.getItem('cassandra.pie');
+ if (!hasPie) {
+ const hint = document.createElement('span');
+ hint.className = 'settings-row__hint';
+ hint.innerHTML =
+ 'Nothing to sync yet — ' +
+ 'import a portfolio first, then come back to enable cloud sync.';
+ actionsEl.appendChild(hint);
+ return;
+ }
+ const enable = document.createElement('button');
+ enable.type = 'button';
+ enable.textContent = 'Enable cloud sync';
+ enable.addEventListener('click', openModal);
+ actionsEl.appendChild(enable);
+ }
+ }
+
+ // Hooks for the Import section to drive this modal + status row.
+ window.cassandraOpenSyncModal = openModal;
+ window.cassandraRefreshSyncStatus = refresh;
+
+ refresh();
+ });
+})();
diff --git a/app/templates/settings.html b/app/templates/settings.html
index 98dccd9..95edef8 100644
--- a/app/templates/settings.html
+++ b/app/templates/settings.html
@@ -106,7 +106,7 @@
Investing → Your Pie → ··· → Export .
-
+
▱
Drop your broker's portfolio CSV here
@@ -332,161 +332,8 @@