Fix/3.0.4

[afadil]

Description

This pull request delivers a minor version bump to 3.0.4 along with several user experience improvements and new features across the update dialog, device sync UI, and update checking logic. The most notable changes include a more flexible update dialog with snooze support, improved device sync UI, better feedback for AI provider API key management, and backend/API enhancements for session restoration and update checks.

Update Dialog & Update Checking Enhancements

• The update dialog now supports a "Remind me later" (snooze) feature, allowing users to dismiss updates for 3 days, and tracks dismissed versions persistently. The dialog logic and UI have been refactored for improved usability. [1] [2] [3] [4] [5] [6]
• The update check API now accepts a force option, with support in both web and desktop adapters, allowing for forced update checks. [1] [2] [3]

Device Sync & UI Improvements

• The device sync UI has been redesigned for clarity: device cards now feature improved status indicators (online, trusted, untrusted, revoked), a new layout, and better visual cues. [1] [2]
• The "Pair this device" button and E2EE setup button styling have been updated for consistency and accessibility. [1] [2]
• The device pairing flow introduces a new "syncing" step for better progress feedback.

AI Provider API Key Management

• Saving or deleting an AI provider API key now triggers user feedback via toast notifications and logs errors for failures, enhancing the user experience and debuggability. [1] [2] [3]

Session Restoration & API Enhancements

• Added support for restoring sync sessions in both the web and shared adapters, including new API routes and command registration. [1] [2] [3] [4] [5]

Version Bump & Mock Update Data

• Bumped version numbers to 3.0.4 in Cargo.toml and package.json. [1] [2]
• Added a new mock update JSON for testing update flows.

References:

• Update dialog & checking: [1] [2] [3] [4] [5] [6] [7] [8] [9]
• Device sync & UI: [1] [2] [3] [4] [5]
• AI provider API key: [1] [2] [3]
• Session restoration: [1] [2] [3] [4] [5]
• Version bump & mock data: [1] [2] [3]

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: dc520da0a5

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Stop returning refresh tokens from restore endpoint

This new handler returns the raw refresh_token to any caller, which creates an account-takeover path in web mode: connect::router() is mounted without JWT middleware unless WF_AUTH_PASSWORD_HASH is configured (/workspace/wealthfolio/apps/server/src/api.rs), and default CORS allows * (/workspace/wealthfolio/apps/server/src/config.rs), so a malicious website can read /api/v1/connect/session/restore from a victim’s browser and exfiltrate the long-lived token. Please avoid exposing refresh tokens over this unauthenticated API surface.

Useful? React with 👍 / 👎.