BillTracker/services
null 1457de487f feat(security): show a key fingerprint (not the key) in the encryption status
The encryption key must never be retrievable through the app (that would undo
the whole point of TOKEN_ENCRYPTION_KEY — a stolen session/XSS could then read
the master key). Instead surface a non-reversible fingerprint so operators can:
- verify which key is currently active,
- confirm a running instance matches the key they backed up, and
- spot an accidental key change (which would make existing secrets unrecoverable).

- encryptionService.keyFingerprint(): domain-separated SHA-256 prefix of the
  active key (env if set, else the stored DB key); never force-creates a key
  (returns null when none exists), shares nothing with the cipher derivation.
- admin bank-sync-config exposes key_fingerprint alongside encryption_key_source.
- Admin Bank Sync card renders it with backup guidance.
- Test: stable per key, differs by key, not reversible / not the raw key.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-05 19:15:32 -05:00
..
advisoryFilterService.js feat: advisory non-bill transaction filter system (batch 0.33.8.0) 2026-05-29 18:06:12 -05:00
amountSuggestionService.js feat(server-ts): migrate the money boundary to TypeScript on Node's native runtime (Phase 2) 2026-07-05 13:44:04 -05:00
analyticsService.js feat(server-ts): migrate the money boundary to TypeScript on Node's native runtime (Phase 2) 2026-07-05 13:44:04 -05:00
aprService.js feat(server-ts): migrate the money boundary to TypeScript on Node's native runtime (Phase 2) 2026-07-05 13:44:04 -05:00
auditService.js v0.20.6: Audit logging for critical operations 2026-05-10 00:03:12 -05:00
authService.js feat(server): add trust proxy, CSRF HTTPS detection, error formatting, dates util (batch 0.38.0) 2026-06-10 19:37:19 -05:00
backupScheduler.js feat(roadmap): size grid from populated lanes + db cleanup fixes 2026-05-30 13:04:27 -05:00
backupService.js feat: Payoff Custom mode, Summary reordering, unifed billing schedule, SimpleFIN + backup fixes (batch v0.34.1.3) 2026-05-30 21:20:51 -05:00
bankSyncConfigService.js fix(bank-sync): admin config, matching, and worker updates 2026-06-07 19:41:17 -05:00
bankSyncService.js perf(simplefin): batch sync writes in a transaction + align dedup key 2026-07-05 18:54:34 -05:00
bankSyncWorker.js fix(bank-sync): transaction matching, services, and worker updates 2026-06-07 20:07:27 -05:00
billMerchantRuleService.js feat(server-ts): utils/dates → TypeScript (.mts); utils/ dir now TS (Phase 2) 2026-07-05 13:48:44 -05:00
billsService.js feat(server-ts): utils/dates → TypeScript (.mts); utils/ dir now TS (Phase 2) 2026-07-05 13:48:44 -05:00
calendarFeedService.js feat(server-ts): migrate the money boundary to TypeScript on Node's native runtime (Phase 2) 2026-07-05 13:44:04 -05:00
cleanupService.js fix(qa): retention GC orphaned matched transactions on bill purge (QA-B5-04) 2026-07-03 11:04:59 -05:00
csvTransactionImportService.js feat(import): OFX/QFX transaction import (Batch 3) 2026-07-03 15:11:59 -05:00
driftService.js feat(server-ts): utils/dates → TypeScript (.mts); utils/ dir now TS (Phase 2) 2026-07-05 13:48:44 -05:00
encryptionService.js feat(security): show a key fingerprint (not the key) in the encryption status 2026-07-05 19:15:32 -05:00
loginFingerprint.js v0.28.0 2026-05-15 22:45:38 -05:00
matchSuggestionService.js feat(server-ts): migrate the money boundary to TypeScript on Node's native runtime (Phase 2) 2026-07-05 13:44:04 -05:00
merchantStoreMatchService.js feat(banking): bank transactions page with merchant/store matching, transaction matching refactor, bank sync improvements (batch 0.40.0) 2026-06-14 15:15:31 -05:00
notificationService.js feat(server-ts): utils/dates → TypeScript (.mts); utils/ dir now TS (Phase 2) 2026-07-05 13:48:44 -05:00
ofxImportService.js feat(import): OFX/QFX transaction import (Batch 3) 2026-07-03 15:11:59 -05:00
oidcService.js fix(auth): oidc service updates 2026-06-07 18:05:09 -05:00
paymentAccountingService.js feat(money): cents migration stage 2 — schema flip to integer cents (batch 0.38.4) 2026-06-11 20:12:31 -05:00
paymentValidation.cts feat(server-ts): paymentValidation → .cts, proving the CJS-module path (Phase 2) 2026-07-05 13:51:37 -05:00
simplefinService.js feat(auth): add per-username rate limiter, migrate dates to local-time utils (batch 0.38.1) 2026-06-10 19:42:51 -05:00
snowballService.js feat(server-ts): migrate the money boundary to TypeScript on Node's native runtime (Phase 2) 2026-07-05 13:44:04 -05:00
spendingService.js feat(server-ts): utils/dates → TypeScript (.mts); utils/ dir now TS (Phase 2) 2026-07-05 13:48:44 -05:00
spreadsheetImportService.js feat(server-ts): migrate the money boundary to TypeScript on Node's native runtime (Phase 2) 2026-07-05 13:44:04 -05:00
statusRuntime.js perf: worker N+1 batching, status runtime DB persistence, 'use strict' 2026-06-04 21:32:28 -05:00
statusService.js feat(settings): configurable "Due soon" window (plan Tier 4) 2026-07-05 16:00:32 -05:00
subscriptionService.js feat(server-ts): utils/dates → TypeScript (.mts); utils/ dir now TS (Phase 2) 2026-07-05 13:48:44 -05:00
totpService.js refactor: otplib named imports, cleanup totpService internal naming 2026-06-04 04:16:20 -05:00
trackerService.js feat(settings): configurable "Due soon" window (plan Tier 4) 2026-07-05 16:00:32 -05:00
transactionMatchService.js feat(server-ts): paymentValidation → .cts, proving the CJS-module path (Phase 2) 2026-07-05 13:51:37 -05:00
transactionMatchState.js refactor(match): one canonical writer for transaction match state (IMP-CODE-03) 2026-07-03 13:02:10 -05:00
transactionService.js fix(bank-sync): transaction matching, services, and worker updates 2026-06-07 20:07:27 -05:00
updateCheckService.js fix(qa): version check is opt-out-able (QA-B16-01) 2026-07-03 10:05:37 -05:00
userDataService.js feat(data): "Erase my data" danger zone (Batch 5) 2026-07-03 15:21:07 -05:00
userDbImportService.js fix(brand): finish the "BillTracker" → "Bill Tracker" rename (display copy) 2026-07-05 17:31:14 -05:00
userSettings.js feat(settings): default landing page (plan Tier 6) 2026-07-05 16:03:01 -05:00
webauthnService.js security: WebAuthn / FIDO2 hardware security key 2FA 2026-06-05 22:05:23 -05:00