From f796ea628edb3ccdcc2ebf0f4ecacdcc4b8bc85b Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Mon, 1 Dec 2025 20:37:02 +0100 Subject: [PATCH 01/17] Bugfix/improve search by name in FMP service (#6012) * Improve search by name * Update changelog --- CHANGELOG.md | 1 + .../financial-modeling-prep.service.ts | 28 ++++++++++++++----- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index c4cf9b41b..4bcea795c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,6 +17,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Improved the country weightings in the _Financial Modeling Prep_ service +- Improved the search functionality by name in the _Financial Modeling Prep_ service ## 2.220.0 - 2025-11-29 diff --git a/apps/api/src/services/data-provider/financial-modeling-prep/financial-modeling-prep.service.ts b/apps/api/src/services/data-provider/financial-modeling-prep/financial-modeling-prep.service.ts index 27f462c90..2b4193af5 100644 --- a/apps/api/src/services/data-provider/financial-modeling-prep/financial-modeling-prep.service.ts +++ b/apps/api/src/services/data-provider/financial-modeling-prep/financial-modeling-prep.service.ts @@ -41,6 +41,7 @@ import { isSameDay, parseISO } from 'date-fns'; +import { uniqBy } from 'lodash'; @Injectable() export class FinancialModelingPrepService implements DataProviderInterface { @@ -549,14 +550,27 @@ export class FinancialModelingPrepService implements DataProviderInterface { apikey: this.apiKey }); - const result = await fetch( - `${this.getUrl({ version: 'stable' })}/search-symbol?${queryParams.toString()}`, - { - signal: AbortSignal.timeout( - this.configurationService.get('REQUEST_TIMEOUT') - ) + const [nameResults, symbolResults] = await Promise.all([ + fetch( + `${this.getUrl({ version: 'stable' })}/search-name?${queryParams.toString()}`, + { + signal: AbortSignal.timeout(requestTimeout) + } + ).then((res) => res.json()), + fetch( + `${this.getUrl({ version: 'stable' })}/search-symbol?${queryParams.toString()}`, + { + signal: AbortSignal.timeout(requestTimeout) + } + ).then((res) => res.json()) + ]); + + const result = uniqBy( + [...nameResults, ...symbolResults], + ({ exchange, symbol }) => { + return `${exchange}-${symbol}`; } - ).then((res) => res.json()); + ); items = result .filter(({ exchange, symbol }) => { From d0d1a2ac88738b58f717e7199525621d954a756b Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Mon, 1 Dec 2025 20:38:50 +0100 Subject: [PATCH 02/17] Task/extend subscription offer key type (#6022) * Extend SubscriptionOfferKey --- apps/api/src/app/subscription/subscription.service.ts | 2 ++ libs/common/src/lib/types/subscription-offer-key.type.ts | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/api/src/app/subscription/subscription.service.ts b/apps/api/src/app/subscription/subscription.service.ts index 0458005c9..0fad8c8ac 100644 --- a/apps/api/src/app/subscription/subscription.service.ts +++ b/apps/api/src/app/subscription/subscription.service.ts @@ -179,6 +179,8 @@ export class SubscriptionService { offerKey = 'renewal-early-bird-2023'; } else if (isBefore(createdAt, parseDate('2024-01-01'))) { offerKey = 'renewal-early-bird-2024'; + } else if (isBefore(createdAt, parseDate('2025-12-01'))) { + offerKey = 'renewal-early-bird-2025'; } const offer = await this.getSubscriptionOffer({ diff --git a/libs/common/src/lib/types/subscription-offer-key.type.ts b/libs/common/src/lib/types/subscription-offer-key.type.ts index f6d898a01..89322a400 100644 --- a/libs/common/src/lib/types/subscription-offer-key.type.ts +++ b/libs/common/src/lib/types/subscription-offer-key.type.ts @@ -2,4 +2,5 @@ export type SubscriptionOfferKey = | 'default' | 'renewal' | 'renewal-early-bird-2023' - | 'renewal-early-bird-2024'; + | 'renewal-early-bird-2024' + | 'renewal-early-bird-2025'; From be947f3710d786f491817a26a467ce8e9f951704 Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Mon, 1 Dec 2025 20:50:24 +0100 Subject: [PATCH 03/17] Bugfix/user endpoint of admin control panel (#6021) * Fix user endpoint * Update changelog --- CHANGELOG.md | 1 + apps/api/src/app/admin/admin.service.ts | 21 +++++++++++++++------ 2 files changed, 16 insertions(+), 6 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4bcea795c..be205d877 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Improved the country weightings in the _Financial Modeling Prep_ service - Improved the search functionality by name in the _Financial Modeling Prep_ service +- Resolved an issue in the user endpoint where the list was returning empty in the admin control panel’s users section ## 2.220.0 - 2025-11-29 diff --git a/apps/api/src/app/admin/admin.service.ts b/apps/api/src/app/admin/admin.service.ts index 0a6df7647..705085a48 100644 --- a/apps/api/src/app/admin/admin.service.ts +++ b/apps/api/src/app/admin/admin.service.ts @@ -532,12 +532,7 @@ export class AdminService { this.countUsersWithAnalytics(), this.getUsersWithAnalytics({ skip, - take, - where: { - NOT: { - analytics: null - } - } + take }) ]); @@ -855,6 +850,20 @@ export class AdminService { } } ]; + + const noAnalyticsCondition: Prisma.UserWhereInput['NOT'] = { + analytics: null + }; + + if (where) { + if (where.NOT) { + where.NOT = { ...where.NOT, ...noAnalyticsCondition }; + } else { + where.NOT = noAnalyticsCondition; + } + } else { + where = { NOT: noAnalyticsCondition }; + } } const usersWithAnalytics = await this.prismaService.user.findMany({ From aaa3f93f2265511bb2be1691eb5c41033727157f Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Mon, 1 Dec 2025 20:52:33 +0100 Subject: [PATCH 04/17] Release 2.221.0 (#6024) --- CHANGELOG.md | 2 +- package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be205d877..e2e9a0251 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## Unreleased +## 2.221.0 - 2025-12-01 ### Changed diff --git a/package-lock.json b/package-lock.json index fe1b24c0f..a3428c3e7 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "ghostfolio", - "version": "2.220.0", + "version": "2.221.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "ghostfolio", - "version": "2.220.0", + "version": "2.221.0", "hasInstallScript": true, "license": "AGPL-3.0", "dependencies": { diff --git a/package.json b/package.json index 7fb27c0d9..be31efbe9 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ghostfolio", - "version": "2.220.0", + "version": "2.221.0", "homepage": "https://ghostfol.io", "license": "AGPL-3.0", "repository": "https://github.com/ghostfolio/ghostfolio", From 4d065b5a9284bc97ad2d0ceb4af372571df4e26f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Szymon=20=C5=81=C4=85giewka?= Date: Tue, 2 Dec 2025 12:05:34 +0100 Subject: [PATCH 05/17] Task/upgrade envalid to version 8.1.1 (#6026) * Upgrade envalid to version 8.1.1 * Update changelog --- CHANGELOG.md | 6 ++++++ package-lock.json | 8 ++++---- package.json | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e2e9a0251..5271c3b77 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## Unreleased + +#### Changed + +- Upgraded `envalid` from version `8.1.0` to `8.1.1` + ## 2.221.0 - 2025-12-01 ### Changed diff --git a/package-lock.json b/package-lock.json index a3428c3e7..78ce506d8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -62,7 +62,7 @@ "date-fns": "4.1.0", "dotenv": "17.2.3", "dotenv-expand": "12.0.3", - "envalid": "8.1.0", + "envalid": "8.1.1", "fuse.js": "7.1.0", "google-spreadsheet": "3.2.0", "helmet": "7.0.0", @@ -21332,9 +21332,9 @@ } }, "node_modules/envalid": { - "version": "8.1.0", - "resolved": "https://registry.npmjs.org/envalid/-/envalid-8.1.0.tgz", - "integrity": "sha512-OT6+qVhKVyCidaGoXflb2iK1tC8pd0OV2Q+v9n33wNhUJ+lus+rJobUj4vJaQBPxPZ0vYrPGuxdrenyCAIJcow==", + "version": "8.1.1", + "resolved": "https://registry.npmjs.org/envalid/-/envalid-8.1.1.tgz", + "integrity": "sha512-vOUfHxAFFvkBjbVQbBfgnCO9d3GcNfMMTtVfgqSU2rQGMFEVqWy9GBuoSfHnwGu7EqR0/GeukQcL3KjFBaga9w==", "license": "MIT", "dependencies": { "tslib": "2.8.1" diff --git a/package.json b/package.json index be31efbe9..dee96482a 100644 --- a/package.json +++ b/package.json @@ -106,7 +106,7 @@ "date-fns": "4.1.0", "dotenv": "17.2.3", "dotenv-expand": "12.0.3", - "envalid": "8.1.0", + "envalid": "8.1.1", "fuse.js": "7.1.0", "google-spreadsheet": "3.2.0", "helmet": "7.0.0", From 2a7514c5a94445aac3452fa2a754dfaf72743100 Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Tue, 2 Dec 2025 18:57:39 +0100 Subject: [PATCH 06/17] Bugfix/clean up CHANGELOG.md (#5976) * Clean up --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5271c3b77..52ed65258 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2260,7 +2260,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Fixed an issue in the portfolio summary with the currency conversion of fees -- Fixed an issue in the the search for a holding +- Fixed an issue in the search for a holding - Removed the show condition of the experimental features setting in the user settings ## 2.95.0 - 2024-07-12 From 154dbf37a83711acb414c9baf984c5a7b44437eb Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Wed, 3 Dec 2025 20:25:56 +0100 Subject: [PATCH 07/17] Task/remove return type in parseSector() of YahooFinanceService (#6006) * Remove return type --- .../data-enhancer/yahoo-finance/yahoo-finance.service.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/api/src/services/data-provider/data-enhancer/yahoo-finance/yahoo-finance.service.ts b/apps/api/src/services/data-provider/data-enhancer/yahoo-finance/yahoo-finance.service.ts index ecbc38256..65bcd6c06 100644 --- a/apps/api/src/services/data-provider/data-enhancer/yahoo-finance/yahoo-finance.service.ts +++ b/apps/api/src/services/data-provider/data-enhancer/yahoo-finance/yahoo-finance.service.ts @@ -317,7 +317,7 @@ export class YahooFinanceDataEnhancerService implements DataEnhancerInterface { return { assetClass, assetSubClass }; } - private parseSector(aString: string): string { + private parseSector(aString: string) { let sector = UNKNOWN_KEY; switch (aString) { From a623fbb6cf3fc7f230222b87a9364e2fc03479b4 Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Thu, 4 Dec 2025 20:28:27 +0100 Subject: [PATCH 08/17] Task/upgrade prettier to version 3.7.4 (#6031) * Upgrade prettier to version 3.7.4 * Update changelog --- CHANGELOG.md | 1 + package-lock.json | 8 ++++---- package.json | 2 +- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52ed65258..a2e9f9823 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 #### Changed - Upgraded `envalid` from version `8.1.0` to `8.1.1` +- Upgraded `prettier` from version `3.7.3` to `3.7.4` ## 2.221.0 - 2025-12-01 diff --git a/package-lock.json b/package-lock.json index 78ce506d8..6a3829a1d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -140,7 +140,7 @@ "jest-environment-jsdom": "29.7.0", "jest-preset-angular": "14.6.0", "nx": "21.5.1", - "prettier": "3.7.3", + "prettier": "3.7.4", "prettier-plugin-organize-attributes": "1.0.0", "prisma": "6.19.0", "react": "18.2.0", @@ -35749,9 +35749,9 @@ } }, "node_modules/prettier": { - "version": "3.7.3", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.7.3.tgz", - "integrity": "sha512-QgODejq9K3OzoBbuyobZlUhznP5SKwPqp+6Q6xw6o8gnhr4O85L2U915iM2IDcfF2NPXVaM9zlo9tdwipnYwzg==", + "version": "3.7.4", + "resolved": "https://registry.npmjs.org/prettier/-/prettier-3.7.4.tgz", + "integrity": "sha512-v6UNi1+3hSlVvv8fSaoUbggEM5VErKmmpGA7Pl3HF8V6uKY7rvClBOJlH6yNwQtfTueNkGVpOv/mtWL9L4bgRA==", "dev": true, "license": "MIT", "bin": { diff --git a/package.json b/package.json index dee96482a..5dae615b8 100644 --- a/package.json +++ b/package.json @@ -184,7 +184,7 @@ "jest-environment-jsdom": "29.7.0", "jest-preset-angular": "14.6.0", "nx": "21.5.1", - "prettier": "3.7.3", + "prettier": "3.7.4", "prettier-plugin-organize-attributes": "1.0.0", "prisma": "6.19.0", "react": "18.2.0", From ccea6481abbf7a795477c95aef277286934be039 Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Fri, 5 Dec 2025 19:53:27 +0100 Subject: [PATCH 09/17] Task/prettify files 20251204 (#6033) * Prettify files --- .../redact-values-in-response.interceptor.ts | 7 +- ...form-data-source-in-request.interceptor.ts | 6 +- ...orm-data-source-in-response.interceptor.ts | 6 +- .../src/app/pages/blog/blog-page.routes.ts | 102 +++++++++--------- .../pages/resources/resources-page.routes.ts | 6 +- ...tfolio-asset-profile-response.interface.ts | 3 +- .../interfaces/simplewebauthn.interface.ts | 75 ++++++------- .../src/lib/validators/is-currency-code.ts | 4 +- .../lib/assistant/interfaces/interfaces.ts | 6 +- .../entity-logo/entity-logo.component.html | 2 +- 10 files changed, 106 insertions(+), 111 deletions(-) diff --git a/apps/api/src/interceptors/redact-values-in-response/redact-values-in-response.interceptor.ts b/apps/api/src/interceptors/redact-values-in-response/redact-values-in-response.interceptor.ts index 5e28e1591..5ecf7c48d 100644 --- a/apps/api/src/interceptors/redact-values-in-response/redact-values-in-response.interceptor.ts +++ b/apps/api/src/interceptors/redact-values-in-response/redact-values-in-response.interceptor.ts @@ -16,9 +16,10 @@ import { Observable } from 'rxjs'; import { map } from 'rxjs/operators'; @Injectable() -export class RedactValuesInResponseInterceptor - implements NestInterceptor -{ +export class RedactValuesInResponseInterceptor implements NestInterceptor< + T, + any +> { public intercept( context: ExecutionContext, next: CallHandler diff --git a/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts b/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts index 3931f362c..3bd9c05e7 100644 --- a/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts +++ b/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts @@ -11,9 +11,9 @@ import { DataSource } from '@prisma/client'; import { Observable } from 'rxjs'; @Injectable() -export class TransformDataSourceInRequestInterceptor - implements NestInterceptor -{ +export class TransformDataSourceInRequestInterceptor< + T +> implements NestInterceptor { public constructor( private readonly configurationService: ConfigurationService ) {} diff --git a/apps/api/src/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor.ts b/apps/api/src/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor.ts index fea5d6fe6..9af256671 100644 --- a/apps/api/src/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor.ts +++ b/apps/api/src/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor.ts @@ -13,9 +13,9 @@ import { Observable } from 'rxjs'; import { map } from 'rxjs/operators'; @Injectable() -export class TransformDataSourceInResponseInterceptor - implements NestInterceptor -{ +export class TransformDataSourceInResponseInterceptor< + T +> implements NestInterceptor { private encodedDataSourceMap: { [dataSource: string]: string; } = {}; diff --git a/apps/client/src/app/pages/blog/blog-page.routes.ts b/apps/client/src/app/pages/blog/blog-page.routes.ts index 36d111c19..90d27bdfb 100644 --- a/apps/client/src/app/pages/blog/blog-page.routes.ts +++ b/apps/client/src/app/pages/blog/blog-page.routes.ts @@ -34,117 +34,117 @@ export const routes: Routes = [ canActivate: [AuthGuard], path: '2022/01/ghostfolio-first-months-in-open-source', loadComponent: () => - import( - './2022/01/first-months-in-open-source/first-months-in-open-source-page.component' - ).then((c) => c.FirstMonthsInOpenSourcePageComponent), + import('./2022/01/first-months-in-open-source/first-months-in-open-source-page.component').then( + (c) => c.FirstMonthsInOpenSourcePageComponent + ), title: 'First months in Open Source' }, { canActivate: [AuthGuard], path: '2022/07/ghostfolio-meets-internet-identity', loadComponent: () => - import( - './2022/07/ghostfolio-meets-internet-identity/ghostfolio-meets-internet-identity-page.component' - ).then((c) => c.GhostfolioMeetsInternetIdentityPageComponent), + import('./2022/07/ghostfolio-meets-internet-identity/ghostfolio-meets-internet-identity-page.component').then( + (c) => c.GhostfolioMeetsInternetIdentityPageComponent + ), title: 'Ghostfolio meets Internet Identity' }, { canActivate: [AuthGuard], path: '2022/07/how-do-i-get-my-finances-in-order', loadComponent: () => - import( - './2022/07/how-do-i-get-my-finances-in-order/how-do-i-get-my-finances-in-order-page.component' - ).then((c) => c.HowDoIGetMyFinancesInOrderPageComponent), + import('./2022/07/how-do-i-get-my-finances-in-order/how-do-i-get-my-finances-in-order-page.component').then( + (c) => c.HowDoIGetMyFinancesInOrderPageComponent + ), title: 'How do I get my finances in order?' }, { canActivate: [AuthGuard], path: '2022/08/500-stars-on-github', loadComponent: () => - import( - './2022/08/500-stars-on-github/500-stars-on-github-page.component' - ).then((c) => c.FiveHundredStarsOnGitHubPageComponent), + import('./2022/08/500-stars-on-github/500-stars-on-github-page.component').then( + (c) => c.FiveHundredStarsOnGitHubPageComponent + ), title: '500 Stars on GitHub' }, { canActivate: [AuthGuard], path: '2022/10/hacktoberfest-2022', loadComponent: () => - import( - './2022/10/hacktoberfest-2022/hacktoberfest-2022-page.component' - ).then((c) => c.Hacktoberfest2022PageComponent), + import('./2022/10/hacktoberfest-2022/hacktoberfest-2022-page.component').then( + (c) => c.Hacktoberfest2022PageComponent + ), title: 'Hacktoberfest 2022' }, { canActivate: [AuthGuard], path: '2022/11/black-friday-2022', loadComponent: () => - import( - './2022/11/black-friday-2022/black-friday-2022-page.component' - ).then((c) => c.BlackFriday2022PageComponent), + import('./2022/11/black-friday-2022/black-friday-2022-page.component').then( + (c) => c.BlackFriday2022PageComponent + ), title: 'Black Friday 2022' }, { canActivate: [AuthGuard], path: '2022/12/the-importance-of-tracking-your-personal-finances', loadComponent: () => - import( - './2022/12/the-importance-of-tracking-your-personal-finances/the-importance-of-tracking-your-personal-finances-page.component' - ).then((c) => c.TheImportanceOfTrackingYourPersonalFinancesPageComponent), + import('./2022/12/the-importance-of-tracking-your-personal-finances/the-importance-of-tracking-your-personal-finances-page.component').then( + (c) => c.TheImportanceOfTrackingYourPersonalFinancesPageComponent + ), title: 'The importance of tracking your personal finances' }, { canActivate: [AuthGuard], path: '2023/01/ghostfolio-auf-sackgeld-vorgestellt', loadComponent: () => - import( - './2023/01/ghostfolio-auf-sackgeld-vorgestellt/ghostfolio-auf-sackgeld-vorgestellt-page.component' - ).then((c) => c.GhostfolioAufSackgeldVorgestelltPageComponent), + import('./2023/01/ghostfolio-auf-sackgeld-vorgestellt/ghostfolio-auf-sackgeld-vorgestellt-page.component').then( + (c) => c.GhostfolioAufSackgeldVorgestelltPageComponent + ), title: 'Ghostfolio auf Sackgeld.com vorgestellt' }, { canActivate: [AuthGuard], path: '2023/02/ghostfolio-meets-umbrel', loadComponent: () => - import( - './2023/02/ghostfolio-meets-umbrel/ghostfolio-meets-umbrel-page.component' - ).then((c) => c.GhostfolioMeetsUmbrelPageComponent), + import('./2023/02/ghostfolio-meets-umbrel/ghostfolio-meets-umbrel-page.component').then( + (c) => c.GhostfolioMeetsUmbrelPageComponent + ), title: 'Ghostfolio meets Umbrel' }, { canActivate: [AuthGuard], path: '2023/03/ghostfolio-reaches-1000-stars-on-github', loadComponent: () => - import( - './2023/03/1000-stars-on-github/1000-stars-on-github-page.component' - ).then((c) => c.ThousandStarsOnGitHubPageComponent), + import('./2023/03/1000-stars-on-github/1000-stars-on-github-page.component').then( + (c) => c.ThousandStarsOnGitHubPageComponent + ), title: 'Ghostfolio reaches 1’000 Stars on GitHub' }, { canActivate: [AuthGuard], path: '2023/05/unlock-your-financial-potential-with-ghostfolio', loadComponent: () => - import( - './2023/05/unlock-your-financial-potential-with-ghostfolio/unlock-your-financial-potential-with-ghostfolio-page.component' - ).then((c) => c.UnlockYourFinancialPotentialWithGhostfolioPageComponent), + import('./2023/05/unlock-your-financial-potential-with-ghostfolio/unlock-your-financial-potential-with-ghostfolio-page.component').then( + (c) => c.UnlockYourFinancialPotentialWithGhostfolioPageComponent + ), title: 'Unlock your Financial Potential with Ghostfolio' }, { canActivate: [AuthGuard], path: '2023/07/exploring-the-path-to-fire', loadComponent: () => - import( - './2023/07/exploring-the-path-to-fire/exploring-the-path-to-fire-page.component' - ).then((c) => c.ExploringThePathToFirePageComponent), + import('./2023/07/exploring-the-path-to-fire/exploring-the-path-to-fire-page.component').then( + (c) => c.ExploringThePathToFirePageComponent + ), title: 'Exploring the Path to FIRE' }, { canActivate: [AuthGuard], path: '2023/08/ghostfolio-joins-oss-friends', loadComponent: () => - import( - './2023/08/ghostfolio-joins-oss-friends/ghostfolio-joins-oss-friends-page.component' - ).then((c) => c.GhostfolioJoinsOssFriendsPageComponent), + import('./2023/08/ghostfolio-joins-oss-friends/ghostfolio-joins-oss-friends-page.component').then( + (c) => c.GhostfolioJoinsOssFriendsPageComponent + ), title: 'Ghostfolio joins OSS Friends' }, { @@ -160,9 +160,9 @@ export const routes: Routes = [ canActivate: [AuthGuard], path: '2023/09/hacktoberfest-2023', loadComponent: () => - import( - './2023/09/hacktoberfest-2023/hacktoberfest-2023-page.component' - ).then((c) => c.Hacktoberfest2023PageComponent), + import('./2023/09/hacktoberfest-2023/hacktoberfest-2023-page.component').then( + (c) => c.Hacktoberfest2023PageComponent + ), title: 'Hacktoberfest 2023' }, { @@ -178,18 +178,18 @@ export const routes: Routes = [ canActivate: [AuthGuard], path: '2023/11/hacktoberfest-2023-debriefing', loadComponent: () => - import( - './2023/11/hacktoberfest-2023-debriefing/hacktoberfest-2023-debriefing-page.component' - ).then((c) => c.Hacktoberfest2023DebriefingPageComponent), + import('./2023/11/hacktoberfest-2023-debriefing/hacktoberfest-2023-debriefing-page.component').then( + (c) => c.Hacktoberfest2023DebriefingPageComponent + ), title: 'Hacktoberfest 2023 Debriefing' }, { canActivate: [AuthGuard], path: '2024/09/hacktoberfest-2024', loadComponent: () => - import( - './2024/09/hacktoberfest-2024/hacktoberfest-2024-page.component' - ).then((c) => c.Hacktoberfest2024PageComponent), + import('./2024/09/hacktoberfest-2024/hacktoberfest-2024-page.component').then( + (c) => c.Hacktoberfest2024PageComponent + ), title: 'Hacktoberfest 2024' }, { @@ -205,9 +205,9 @@ export const routes: Routes = [ canActivate: [AuthGuard], path: '2025/09/hacktoberfest-2025', loadComponent: () => - import( - './2025/09/hacktoberfest-2025/hacktoberfest-2025-page.component' - ).then((c) => c.Hacktoberfest2025PageComponent), + import('./2025/09/hacktoberfest-2025/hacktoberfest-2025-page.component').then( + (c) => c.Hacktoberfest2025PageComponent + ), title: 'Hacktoberfest 2025' }, { diff --git a/apps/client/src/app/pages/resources/resources-page.routes.ts b/apps/client/src/app/pages/resources/resources-page.routes.ts index 58cdad4d3..107988238 100644 --- a/apps/client/src/app/pages/resources/resources-page.routes.ts +++ b/apps/client/src/app/pages/resources/resources-page.routes.ts @@ -33,9 +33,9 @@ export const routes: Routes = [ { path: publicRoutes.resources.subRoutes.personalFinanceTools.path, loadChildren: () => - import( - './personal-finance-tools/personal-finance-tools-page.routes' - ).then((m) => m.routes) + import('./personal-finance-tools/personal-finance-tools-page.routes').then( + (m) => m.routes + ) } ], path: '', diff --git a/libs/common/src/lib/interfaces/responses/data-provider-ghostfolio-asset-profile-response.interface.ts b/libs/common/src/lib/interfaces/responses/data-provider-ghostfolio-asset-profile-response.interface.ts index 7fd0314fb..3ea635c6d 100644 --- a/libs/common/src/lib/interfaces/responses/data-provider-ghostfolio-asset-profile-response.interface.ts +++ b/libs/common/src/lib/interfaces/responses/data-provider-ghostfolio-asset-profile-response.interface.ts @@ -1,4 +1,3 @@ import { SymbolProfile } from '@prisma/client'; -export interface DataProviderGhostfolioAssetProfileResponse - extends Partial {} +export interface DataProviderGhostfolioAssetProfileResponse extends Partial {} diff --git a/libs/common/src/lib/interfaces/simplewebauthn.interface.ts b/libs/common/src/lib/interfaces/simplewebauthn.interface.ts index ef0a14ffa..69464b961 100644 --- a/libs/common/src/lib/interfaces/simplewebauthn.interface.ts +++ b/libs/common/src/lib/interfaces/simplewebauthn.interface.ts @@ -3,8 +3,7 @@ export interface AuthenticatorAssertionResponse extends AuthenticatorResponse { readonly signature: ArrayBuffer; readonly userHandle: ArrayBuffer | null; } -export interface AuthenticatorAttestationResponse - extends AuthenticatorResponse { +export interface AuthenticatorAttestationResponse extends AuthenticatorResponse { readonly attestationObject: ArrayBuffer; } export interface AuthenticationExtensionsClientInputs { @@ -57,8 +56,7 @@ export interface PublicKeyCredentialRequestOptions { timeout?: number; userVerification?: UserVerificationRequirement; } -export interface PublicKeyCredentialUserEntity - extends PublicKeyCredentialEntity { +export interface PublicKeyCredentialUserEntity extends PublicKeyCredentialEntity { displayName: string; id: BufferSource; } @@ -99,11 +97,10 @@ export declare type BufferSource = ArrayBufferView | ArrayBuffer; export declare type PublicKeyCredentialType = 'public-key'; export declare type UvmEntry = number[]; -export interface PublicKeyCredentialCreationOptionsJSON - extends Omit< - PublicKeyCredentialCreationOptions, - 'challenge' | 'user' | 'excludeCredentials' - > { +export interface PublicKeyCredentialCreationOptionsJSON extends Omit< + PublicKeyCredentialCreationOptions, + 'challenge' | 'user' | 'excludeCredentials' +> { user: PublicKeyCredentialUserEntityJSON; challenge: Base64URLString; excludeCredentials: PublicKeyCredentialDescriptorJSON[]; @@ -113,21 +110,24 @@ export interface PublicKeyCredentialCreationOptionsJSON * A variant of PublicKeyCredentialRequestOptions suitable for JSON transmission to the browser to * (eventually) get passed into navigator.credentials.get(...) in the browser. */ -export interface PublicKeyCredentialRequestOptionsJSON - extends Omit< - PublicKeyCredentialRequestOptions, - 'challenge' | 'allowCredentials' - > { +export interface PublicKeyCredentialRequestOptionsJSON extends Omit< + PublicKeyCredentialRequestOptions, + 'challenge' | 'allowCredentials' +> { challenge: Base64URLString; allowCredentials?: PublicKeyCredentialDescriptorJSON[]; extensions?: AuthenticationExtensionsClientInputs; } -export interface PublicKeyCredentialDescriptorJSON - extends Omit { +export interface PublicKeyCredentialDescriptorJSON extends Omit< + PublicKeyCredentialDescriptor, + 'id' +> { id: Base64URLString; } -export interface PublicKeyCredentialUserEntityJSON - extends Omit { +export interface PublicKeyCredentialUserEntityJSON extends Omit< + PublicKeyCredentialUserEntity, + 'id' +> { id: string; } /** @@ -140,11 +140,10 @@ export interface AttestationCredential extends PublicKeyCredential { * A slightly-modified AttestationCredential to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. */ -export interface AttestationCredentialJSON - extends Omit< - AttestationCredential, - 'response' | 'rawId' | 'getClientExtensionResults' - > { +export interface AttestationCredentialJSON extends Omit< + AttestationCredential, + 'response' | 'rawId' | 'getClientExtensionResults' +> { rawId: Base64URLString; response: AuthenticatorAttestationResponseJSON; clientExtensionResults: AuthenticationExtensionsClientOutputs; @@ -160,11 +159,10 @@ export interface AssertionCredential extends PublicKeyCredential { * A slightly-modified AssertionCredential to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. */ -export interface AssertionCredentialJSON - extends Omit< - AssertionCredential, - 'response' | 'rawId' | 'getClientExtensionResults' - > { +export interface AssertionCredentialJSON extends Omit< + AssertionCredential, + 'response' | 'rawId' | 'getClientExtensionResults' +> { rawId: Base64URLString; response: AuthenticatorAssertionResponseJSON; clientExtensionResults: AuthenticationExtensionsClientOutputs; @@ -173,11 +171,10 @@ export interface AssertionCredentialJSON * A slightly-modified AuthenticatorAttestationResponse to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. */ -export interface AuthenticatorAttestationResponseJSON - extends Omit< - AuthenticatorAttestationResponseFuture, - 'clientDataJSON' | 'attestationObject' - > { +export interface AuthenticatorAttestationResponseJSON extends Omit< + AuthenticatorAttestationResponseFuture, + 'clientDataJSON' | 'attestationObject' +> { clientDataJSON: Base64URLString; attestationObject: Base64URLString; } @@ -185,11 +182,10 @@ export interface AuthenticatorAttestationResponseJSON * A slightly-modified AuthenticatorAssertionResponse to simplify working with ArrayBuffers that * are Base64URL-encoded in the browser so that they can be sent as JSON to the server. */ -export interface AuthenticatorAssertionResponseJSON - extends Omit< - AuthenticatorAssertionResponse, - 'authenticatorData' | 'clientDataJSON' | 'signature' | 'userHandle' - > { +export interface AuthenticatorAssertionResponseJSON extends Omit< + AuthenticatorAssertionResponse, + 'authenticatorData' | 'clientDataJSON' | 'signature' | 'userHandle' +> { authenticatorData: Base64URLString; clientDataJSON: Base64URLString; signature: Base64URLString; @@ -217,8 +213,7 @@ export declare type Base64URLString = string; * * Properties marked optional are not supported in all browsers. */ -export interface AuthenticatorAttestationResponseFuture - extends AuthenticatorAttestationResponse { +export interface AuthenticatorAttestationResponseFuture extends AuthenticatorAttestationResponse { getTransports?: () => AuthenticatorTransport[]; getAuthenticatorData?: () => ArrayBuffer; getPublicKey?: () => ArrayBuffer; diff --git a/libs/common/src/lib/validators/is-currency-code.ts b/libs/common/src/lib/validators/is-currency-code.ts index 771818b05..76c6f4fe2 100644 --- a/libs/common/src/lib/validators/is-currency-code.ts +++ b/libs/common/src/lib/validators/is-currency-code.ts @@ -21,9 +21,7 @@ export function IsCurrencyCode(validationOptions?: ValidationOptions) { } @ValidatorConstraint({ async: false }) -export class IsExtendedCurrencyConstraint - implements ValidatorConstraintInterface -{ +export class IsExtendedCurrencyConstraint implements ValidatorConstraintInterface { public defaultMessage() { return '$property must be a valid ISO4217 currency code'; } diff --git a/libs/ui/src/lib/assistant/interfaces/interfaces.ts b/libs/ui/src/lib/assistant/interfaces/interfaces.ts index e018e0eb6..c00a2b832 100644 --- a/libs/ui/src/lib/assistant/interfaces/interfaces.ts +++ b/libs/ui/src/lib/assistant/interfaces/interfaces.ts @@ -3,8 +3,10 @@ import { AccountWithValue, DateRange } from '@ghostfolio/common/types'; import { SearchMode } from '../enums/search-mode'; -export interface AccountSearchResultItem - extends Pick { +export interface AccountSearchResultItem extends Pick< + AccountWithValue, + 'id' | 'name' +> { mode: SearchMode.ACCOUNT; routerLink: string[]; } diff --git a/libs/ui/src/lib/entity-logo/entity-logo.component.html b/libs/ui/src/lib/entity-logo/entity-logo.component.html index f0abad285..942ea23e5 100644 --- a/libs/ui/src/lib/entity-logo/entity-logo.component.html +++ b/libs/ui/src/lib/entity-logo/entity-logo.component.html @@ -1,6 +1,6 @@ @if (src) { Date: Sat, 6 Dec 2025 08:47:28 +0100 Subject: [PATCH 10/17] Task/restructure pricing page (#6037) * Restructure pricing page --- .../src/app/pages/pricing/pricing-page.component.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/client/src/app/pages/pricing/pricing-page.component.ts b/apps/client/src/app/pages/pricing/pricing-page.component.ts index 3d8170b06..88958ea0d 100644 --- a/apps/client/src/app/pages/pricing/pricing-page.component.ts +++ b/apps/client/src/app/pages/pricing/pricing-page.component.ts @@ -54,23 +54,30 @@ export class GfPricingPageComponent implements OnDestroy, OnInit { public durationExtension: StringValue; public hasPermissionToCreateUser: boolean; public hasPermissionToUpdateUserSettings: boolean; + public importAndExportTooltipBasic = translate( 'DATA_IMPORT_AND_EXPORT_TOOLTIP_BASIC' ); + public importAndExportTooltipOSS = translate( 'DATA_IMPORT_AND_EXPORT_TOOLTIP_OSS' ); + public importAndExportTooltipPremium = translate( 'DATA_IMPORT_AND_EXPORT_TOOLTIP_PREMIUM' ); + public isLoggedIn: boolean; public label: string; public price: number; public priceId: string; + public professionalDataProviderTooltipPremium = translate( 'PROFESSIONAL_DATA_PROVIDER_TOOLTIP_PREMIUM' ); + public referralBrokers = [ + 'Alpian', 'DEGIRO', 'finpension', 'frankly', @@ -80,6 +87,7 @@ export class GfPricingPageComponent implements OnDestroy, OnInit { 'VIAC', 'Zak' ]; + public routerLinkFeatures = publicRoutes.features.routerLink; public routerLinkRegister = publicRoutes.register.routerLink; public user: User; From bcca6089966f76f807a4b21bccebeff660d38c94 Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Sat, 6 Dec 2025 09:11:48 +0100 Subject: [PATCH 11/17] Task/increase numerical precision for cryptocurrency quantities in holding detail dialog (#6038) * Increase numerical precision for cryptocurrency quantities * Update changelog --- CHANGELOG.md | 1 + .../holding-detail-dialog.component.ts | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a2e9f9823..82e43c554 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 #### Changed +- Increased the numerical precision for cryptocurrency quantities in the holding detail dialog - Upgraded `envalid` from version `8.1.0` to `8.1.1` - Upgraded `prettier` from version `3.7.3` to `3.7.4` diff --git a/apps/client/src/app/components/holding-detail-dialog/holding-detail-dialog.component.ts b/apps/client/src/app/components/holding-detail-dialog/holding-detail-dialog.component.ts index 55574d202..6a7129fec 100644 --- a/apps/client/src/app/components/holding-detail-dialog/holding-detail-dialog.component.ts +++ b/apps/client/src/app/components/holding-detail-dialog/holding-detail-dialog.component.ts @@ -411,10 +411,10 @@ export class GfHoldingDetailDialogComponent implements OnDestroy, OnInit { if (Number.isInteger(this.quantity)) { this.quantityPrecision = 0; } else if (SymbolProfile?.assetSubClass === 'CRYPTOCURRENCY') { - if (this.quantity < 1) { - this.quantityPrecision = 7; + if (this.quantity < 10) { + this.quantityPrecision = 8; } else if (this.quantity < 1000) { - this.quantityPrecision = 5; + this.quantityPrecision = 6; } else if (this.quantity >= 10000000) { this.quantityPrecision = 0; } From 9aa73f74f8cf745b35f37ab1e92ce6657e4a355d Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Sat, 6 Dec 2025 09:48:50 +0100 Subject: [PATCH 12/17] Feature/data source transformation in import for self-hosted environments (#6032) * Introduce data source transformation support for self-hosted environments * Update changelog --- CHANGELOG.md | 4 ++++ .../transform-data-source-in-request.interceptor.ts | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82e43c554..e95b5509b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased +#### Added + +- Introduced data source transformation support in the import functionality for self-hosted environments + #### Changed - Increased the numerical precision for cryptocurrency quantities in the holding detail dialog diff --git a/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts b/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts index 3bd9c05e7..17c5ebe57 100644 --- a/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts +++ b/apps/api/src/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor.ts @@ -69,6 +69,19 @@ export class TransformDataSourceInRequestInterceptor< }); } } + } else { + if (request.body?.activities) { + request.body.activities = request.body.activities.map((activity) => { + if (DataSource[activity.dataSource]) { + return activity; + } else { + return { + ...activity, + dataSource: decodeDataSource(activity.dataSource) + }; + } + }); + } } return next.handle(); From bca5ce3f0414a3dfd6641756086d084e69649020 Mon Sep 17 00:00:00 2001 From: David Requeno <108202767+DavidReque@users.noreply.github.com> Date: Sat, 6 Dec 2025 03:10:38 -0600 Subject: [PATCH 13/17] Feature/add 3D hover effect to membership card component (#5966) * Add 3D hover effect to membership card component * Update changelog --- CHANGELOG.md | 1 + .../membership-card.component.html | 94 +++---- .../membership-card.component.scss | 244 +++++++++++++++--- .../membership-card.component.stories.ts | 5 + .../membership-card.component.ts | 1 + 5 files changed, 258 insertions(+), 87 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e95b5509b..878d90326 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 #### Added - Introduced data source transformation support in the import functionality for self-hosted environments +- Added an optional 3D hover effect to the membership card component #### Changed diff --git a/libs/ui/src/lib/membership-card/membership-card.component.html b/libs/ui/src/lib/membership-card/membership-card.component.html index 1c68f5e3f..9faac0d3d 100644 --- a/libs/ui/src/lib/membership-card/membership-card.component.html +++ b/libs/ui/src/lib/membership-card/membership-card.component.html @@ -1,50 +1,54 @@ -
- -
- -
- @if (hasPermissionToCreateApiKey) { -
-
API Key
-
-
* * * * * * * * *
-
- -
-
-
- } -
-
-
Membership
-
{{ name }}
+
+
+ + @if (hover3d) { + @for (zone of [1, 2, 3, 4, 5, 6, 7, 8, 9]; track zone) { + + } + } +
+
- @if (expiresAt) { -
-
Valid until
-
- {{ expiresAt }} + @if (hasPermissionToCreateApiKey) { +
+
API Key
+
+
* * * * * * * * *
+
+ +
} -
- +
+
+
Membership
+
{{ name }}
+
+ @if (expiresAt) { +
+
Valid until
+
+ {{ expiresAt }} +
+
+ } +
+ +
diff --git a/libs/ui/src/lib/membership-card/membership-card.component.scss b/libs/ui/src/lib/membership-card/membership-card.component.scss index 270adc0f1..fcd923f12 100644 --- a/libs/ui/src/lib/membership-card/membership-card.component.scss +++ b/libs/ui/src/lib/membership-card/membership-card.component.scss @@ -1,71 +1,231 @@ :host { --borderRadius: 1rem; --borderWidth: 2px; + --hover3dSpotlightOpacity: 0.2; display: block; max-width: 25rem; padding-top: calc(1 * var(--borderWidth)); width: 100%; - .card-container { - border-radius: var(--borderRadius); - box-shadow: 0 5px 15px rgba(0, 0, 0, 0.15); + .card-wrapper { + &.hover-3d { + perspective: 1000px; + } - &:after { - animation: animatedborder 7s ease alternate infinite; - background: linear-gradient(60deg, #5073b8, #1098ad, #07b39b, #6fba82); - background-size: 300% 300%; + .card-container { border-radius: var(--borderRadius); - content: ''; - height: calc(100% + var(--borderWidth) * 2); - left: calc(-1 * var(--borderWidth)); - top: calc(-1 * var(--borderWidth)); - position: absolute; - width: calc(100% + var(--borderWidth) * 2); - z-index: -1; - - @keyframes animatedborder { - 0% { - background-position: 0% 50%; + box-shadow: 0 5px 15px rgba(0, 0, 0, 0.15); + + .card-item { + aspect-ratio: 1.586; + background-color: #1d2124; + border-radius: calc(var(--borderRadius) - var(--borderWidth)); + color: rgba(var(--light-primary-text)); + line-height: 1.2; + + button { + color: rgba(var(--light-primary-text)); + height: 1.5rem; + z-index: 3; } - 50% { - background-position: 100% 50%; + + .heading { + font-size: 13px; } - 100% { - background-position: 0% 50%; + + .value { + font-size: 18px; + } + } + + &:not(.premium) { + &::after { + opacity: 0; + } + + .card-item { + background-color: #ffffff; + color: rgba(var(--dark-primary-text)); } } } - .card-item { - aspect-ratio: 1.586; - background-color: #1d2124; - border-radius: calc(var(--borderRadius) - var(--borderWidth)); - color: rgba(var(--light-primary-text)); - line-height: 1.2; + &.hover-3d { + --hover3d-rotate-x: 0; + --hover3d-rotate-y: 0; + --hover3d-shine: 100% 100%; - button { - color: rgba(var(--light-primary-text)); - height: 1.5rem; + .card-container { + overflow: hidden; + position: relative; + scale: 1; + transform: rotate3d( + var(--hover3d-rotate-x), + var(--hover3d-rotate-y), + 0, + 10deg + ); + transform-style: preserve-3d; + transition: + box-shadow 400ms ease-out, + scale 500ms ease-out, + transform 500ms ease-out; + will-change: transform, scale; + + &::before { + background-image: radial-gradient( + circle at 50%, + rgba(255, 255, 255, var(--hover3dSpotlightOpacity)) 10%, + transparent 50% + ); + content: ''; + filter: blur(0.75rem); + height: 33.333%; + opacity: 0; + pointer-events: none; + position: absolute; + scale: 500%; + translate: var(--hover3d-shine); + transition: + opacity 400ms ease-out, + translate 400ms ease-out; + width: 33.333%; + z-index: 1; + } + + .card-item { + position: relative; + + .hover-zone { + height: 33.333%; + width: 33.333%; + z-index: 2; + + &:nth-child(1) { + left: 0; + top: 0; + } + + &:nth-child(2) { + left: 33.333%; + top: 0; + } + + &:nth-child(3) { + right: 0; + top: 0; + } + + &:nth-child(4) { + left: 0; + top: 33.333%; + } + + &:nth-child(5) { + left: 33.333%; + top: 33.333%; + } + + &:nth-child(6) { + right: 0; + top: 33.333%; + } + + &:nth-child(7) { + bottom: 0; + left: 0; + } + + &:nth-child(8) { + bottom: 0; + left: 33.333%; + } + + &:nth-child(9) { + bottom: 0; + right: 0; + } + } + } } - .heading { - font-size: 13px; + &:has(.hover-zone:hover) .card-container { + box-shadow: 0 18px 40px rgba(15, 23, 42, 0.3); + scale: 1.05; + + &::before { + opacity: 1; + } } - .value { - font-size: 18px; + &:has(.hover-zone:nth-child(1):hover) { + --hover3d-rotate-x: 1; + --hover3d-rotate-y: -1; + --hover3d-shine: 0% 0%; } - } - &:not(.premium) { - &:after { - opacity: 0; + &:has(.hover-zone:nth-child(2):hover) { + --hover3d-rotate-x: 1; + --hover3d-rotate-y: 0; + --hover3d-shine: 100% 0%; } - .card-item { - background-color: #ffffff; - color: rgba(var(--dark-primary-text)); + &:has(.hover-zone:nth-child(3):hover) { + --hover3d-rotate-x: 1; + --hover3d-rotate-y: 1; + --hover3d-shine: 200% 0%; + } + + &:has(.hover-zone:nth-child(4):hover) { + --hover3d-rotate-x: 0; + --hover3d-rotate-y: -1; + --hover3d-shine: 0% 100%; + } + + &:has(.hover-zone:nth-child(5):hover) { + --hover3d-rotate-x: 0; + --hover3d-rotate-y: 0; + --hover3d-shine: 100% 100%; + } + + &:has(.hover-zone:nth-child(6):hover) { + --hover3d-rotate-x: 0; + --hover3d-rotate-y: 1; + --hover3d-shine: 200% 100%; + } + + &:has(.hover-zone:nth-child(7):hover) { + --hover3d-rotate-x: -1; + --hover3d-rotate-y: -1; + --hover3d-shine: 0% 200%; + } + + &:has(.hover-zone:nth-child(8):hover) { + --hover3d-rotate-x: -1; + --hover3d-rotate-y: 0; + --hover3d-shine: 100% 200%; + } + + &:has(.hover-zone:nth-child(9):hover) { + --hover3d-rotate-x: -1; + --hover3d-rotate-y: 1; + --hover3d-shine: 200% 200%; + } + } + } + + @media (prefers-reduced-motion: reduce) { + .card-wrapper.hover-3d { + .card-container { + scale: 1 !important; + transform: none !important; + transition: none !important; + + &::before { + opacity: 0 !important; + transition: none !important; + } } } } diff --git a/libs/ui/src/lib/membership-card/membership-card.component.stories.ts b/libs/ui/src/lib/membership-card/membership-card.component.stories.ts index 6b6fbe038..0d475bda7 100644 --- a/libs/ui/src/lib/membership-card/membership-card.component.stories.ts +++ b/libs/ui/src/lib/membership-card/membership-card.component.stories.ts @@ -26,6 +26,9 @@ export default { }) ], argTypes: { + hover3d: { + control: { type: 'boolean' } + }, name: { control: { type: 'select' }, options: ['Basic', 'Premium'] @@ -37,6 +40,7 @@ type Story = StoryObj; export const Basic: Story = { args: { + hover3d: false, name: 'Basic' } }; @@ -45,6 +49,7 @@ export const Premium: Story = { args: { expiresAt: addYears(new Date(), 1).toLocaleDateString(), hasPermissionToCreateApiKey: true, + hover3d: false, name: 'Premium' } }; diff --git a/libs/ui/src/lib/membership-card/membership-card.component.ts b/libs/ui/src/lib/membership-card/membership-card.component.ts index 175a94f42..be223758d 100644 --- a/libs/ui/src/lib/membership-card/membership-card.component.ts +++ b/libs/ui/src/lib/membership-card/membership-card.component.ts @@ -34,6 +34,7 @@ import { GfLogoComponent } from '../logo'; export class GfMembershipCardComponent { @Input() public expiresAt: string; @Input() public hasPermissionToCreateApiKey: boolean; + @Input() public hover3d = false; @Input() public name: string; @Output() generateApiKeyClicked = new EventEmitter(); From 4cd16c33f884a5a9dc2e98e56b85cf83a4b1e7bf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Germ=C3=A1n=20Mart=C3=ADn?= Date: Sun, 7 Dec 2025 10:04:20 +0100 Subject: [PATCH 14/17] Feature/OIDC authentication (#5981) * Set up OIDC authentication * Update changelog --- CHANGELOG.md | 5 +- apps/api/src/app/auth/auth.controller.ts | 48 ++++++-- apps/api/src/app/auth/auth.module.ts | 82 ++++++++++++- apps/api/src/app/auth/auth.service.ts | 36 +++--- .../api/src/app/auth/interfaces/interfaces.ts | 19 +++ apps/api/src/app/auth/oidc-state.store.ts | 114 ++++++++++++++++++ apps/api/src/app/auth/oidc.strategy.ts | 69 +++++++++++ apps/api/src/app/info/info.service.ts | 4 + .../configuration/configuration.service.ts | 26 +++- .../interfaces/environment.interface.ts | 9 ++ .../app/components/header/header.component.ts | 7 ++ .../interfaces/interfaces.ts | 1 + .../login-with-access-token-dialog.html | 11 ++ libs/common/src/lib/permissions.ts | 2 + package-lock.json | 43 +++++++ package.json | 2 + .../migration.sql | 2 + prisma/schema.prisma | 1 + 18 files changed, 447 insertions(+), 34 deletions(-) create mode 100644 apps/api/src/app/auth/oidc-state.store.ts create mode 100644 apps/api/src/app/auth/oidc.strategy.ts create mode 100644 prisma/migrations/20251103162035_added_oidc_to_provider/migration.sql diff --git a/CHANGELOG.md b/CHANGELOG.md index 878d90326..7b3f93910 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,12 +7,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## Unreleased -#### Added +### Added - Introduced data source transformation support in the import functionality for self-hosted environments +- Added _OpenID Connect_ (`OIDC`) as a new login provider for self-hosted environments (experimental) - Added an optional 3D hover effect to the membership card component -#### Changed +### Changed - Increased the numerical precision for cryptocurrency quantities in the holding detail dialog - Upgraded `envalid` from version `8.1.0` to `8.1.1` diff --git a/apps/api/src/app/auth/auth.controller.ts b/apps/api/src/app/auth/auth.controller.ts index b45e7b97b..388f1dbd3 100644 --- a/apps/api/src/app/auth/auth.controller.ts +++ b/apps/api/src/app/auth/auth.controller.ts @@ -84,7 +84,6 @@ export class AuthController { @Req() request: Request, @Res() response: Response ) { - // Handles the Google OAuth2 callback const jwt: string = (request.user as any).jwt; if (jwt) { @@ -102,6 +101,46 @@ export class AuthController { } } + @Get('oidc') + @UseGuards(AuthGuard('oidc')) + @Version(VERSION_NEUTRAL) + public oidcLogin() { + if (!this.configurationService.get('ENABLE_FEATURE_AUTH_OIDC')) { + throw new HttpException( + getReasonPhrase(StatusCodes.FORBIDDEN), + StatusCodes.FORBIDDEN + ); + } + } + + @Get('oidc/callback') + @UseGuards(AuthGuard('oidc')) + @Version(VERSION_NEUTRAL) + public oidcLoginCallback(@Req() request: Request, @Res() response: Response) { + const jwt: string = (request.user as any).jwt; + + if (jwt) { + response.redirect( + `${this.configurationService.get( + 'ROOT_URL' + )}/${DEFAULT_LANGUAGE_CODE}/auth/${jwt}` + ); + } else { + response.redirect( + `${this.configurationService.get( + 'ROOT_URL' + )}/${DEFAULT_LANGUAGE_CODE}/auth` + ); + } + } + + @Post('webauthn/generate-authentication-options') + public async generateAuthenticationOptions( + @Body() body: { deviceId: string } + ) { + return this.webAuthService.generateAuthenticationOptions(body.deviceId); + } + @Get('webauthn/generate-registration-options') @UseGuards(AuthGuard('jwt'), HasPermissionGuard) public async generateRegistrationOptions() { @@ -116,13 +155,6 @@ export class AuthController { return this.webAuthService.verifyAttestation(body.credential); } - @Post('webauthn/generate-authentication-options') - public async generateAuthenticationOptions( - @Body() body: { deviceId: string } - ) { - return this.webAuthService.generateAuthenticationOptions(body.deviceId); - } - @Post('webauthn/verify-authentication') public async verifyAuthentication( @Body() body: { deviceId: string; credential: AssertionCredentialJSON } diff --git a/apps/api/src/app/auth/auth.module.ts b/apps/api/src/app/auth/auth.module.ts index 824c432b1..9fc5d0925 100644 --- a/apps/api/src/app/auth/auth.module.ts +++ b/apps/api/src/app/auth/auth.module.ts @@ -4,17 +4,20 @@ import { SubscriptionModule } from '@ghostfolio/api/app/subscription/subscriptio import { UserModule } from '@ghostfolio/api/app/user/user.module'; import { ApiKeyService } from '@ghostfolio/api/services/api-key/api-key.service'; import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module'; +import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service'; import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module'; import { PropertyModule } from '@ghostfolio/api/services/property/property.module'; -import { Module } from '@nestjs/common'; +import { Logger, Module } from '@nestjs/common'; import { JwtModule } from '@nestjs/jwt'; +import type { StrategyOptions } from 'passport-openidconnect'; import { ApiKeyStrategy } from './api-key.strategy'; import { AuthController } from './auth.controller'; import { AuthService } from './auth.service'; import { GoogleStrategy } from './google.strategy'; import { JwtStrategy } from './jwt.strategy'; +import { OidcStrategy } from './oidc.strategy'; @Module({ controllers: [AuthController], @@ -36,6 +39,83 @@ import { JwtStrategy } from './jwt.strategy'; AuthService, GoogleStrategy, JwtStrategy, + { + inject: [AuthService, ConfigurationService], + provide: OidcStrategy, + useFactory: async ( + authService: AuthService, + configurationService: ConfigurationService + ) => { + const isOidcEnabled = configurationService.get( + 'ENABLE_FEATURE_AUTH_OIDC' + ); + + if (!isOidcEnabled) { + return null; + } + + const issuer = configurationService.get('OIDC_ISSUER'); + const scope = configurationService.get('OIDC_SCOPE'); + + const callbackUrl = + configurationService.get('OIDC_CALLBACK_URL') || + `${configurationService.get('ROOT_URL')}/api/auth/oidc/callback`; + + // Check for manual URL overrides + const manualAuthorizationUrl = configurationService.get( + 'OIDC_AUTHORIZATION_URL' + ); + const manualTokenUrl = configurationService.get('OIDC_TOKEN_URL'); + const manualUserInfoUrl = + configurationService.get('OIDC_USER_INFO_URL'); + + let authorizationURL: string; + let tokenURL: string; + let userInfoURL: string; + + if (manualAuthorizationUrl && manualTokenUrl && manualUserInfoUrl) { + // Use manual URLs + authorizationURL = manualAuthorizationUrl; + tokenURL = manualTokenUrl; + userInfoURL = manualUserInfoUrl; + } else { + // Fetch OIDC configuration from discovery endpoint + try { + const response = await fetch( + `${issuer}/.well-known/openid-configuration` + ); + + const config = (await response.json()) as { + authorization_endpoint: string; + token_endpoint: string; + userinfo_endpoint: string; + }; + + // Manual URLs take priority over discovered ones + authorizationURL = + manualAuthorizationUrl || config.authorization_endpoint; + tokenURL = manualTokenUrl || config.token_endpoint; + userInfoURL = manualUserInfoUrl || config.userinfo_endpoint; + } catch (error) { + Logger.error(error, 'OidcStrategy'); + throw new Error('Failed to fetch OIDC configuration from issuer'); + } + } + + const options: StrategyOptions = { + authorizationURL, + issuer, + scope, + tokenURL, + userInfoURL, + callbackURL: callbackUrl, + clientID: configurationService.get('OIDC_CLIENT_ID'), + clientSecret: configurationService.get('OIDC_CLIENT_SECRET') + }; + + return new OidcStrategy(authService, options); + } + }, WebAuthService ] }) diff --git a/apps/api/src/app/auth/auth.service.ts b/apps/api/src/app/auth/auth.service.ts index a6ee5d260..6fe50dce0 100644 --- a/apps/api/src/app/auth/auth.service.ts +++ b/apps/api/src/app/auth/auth.service.ts @@ -17,30 +17,22 @@ export class AuthService { ) {} public async validateAnonymousLogin(accessToken: string): Promise { - return new Promise(async (resolve, reject) => { - try { - const hashedAccessToken = this.userService.createAccessToken({ - password: accessToken, - salt: this.configurationService.get('ACCESS_TOKEN_SALT') - }); + const hashedAccessToken = this.userService.createAccessToken({ + password: accessToken, + salt: this.configurationService.get('ACCESS_TOKEN_SALT') + }); - const [user] = await this.userService.users({ - where: { accessToken: hashedAccessToken } - }); + const [user] = await this.userService.users({ + where: { accessToken: hashedAccessToken } + }); - if (user) { - const jwt = this.jwtService.sign({ - id: user.id - }); + if (user) { + return this.jwtService.sign({ + id: user.id + }); + } - resolve(jwt); - } else { - throw new Error(); - } - } catch { - reject(); - } - }); + throw new Error(); } public async validateOAuthLogin({ @@ -75,7 +67,7 @@ export class AuthService { } catch (error) { throw new InternalServerErrorException( 'validateOAuthLogin', - error.message + error instanceof Error ? error.message : 'Unknown error' ); } } diff --git a/apps/api/src/app/auth/interfaces/interfaces.ts b/apps/api/src/app/auth/interfaces/interfaces.ts index 4fdcc25b5..7ddfe41d2 100644 --- a/apps/api/src/app/auth/interfaces/interfaces.ts +++ b/apps/api/src/app/auth/interfaces/interfaces.ts @@ -6,6 +6,25 @@ export interface AuthDeviceDialogParams { authDevice: AuthDeviceDto; } +export interface OidcContext { + claims?: { + sub?: string; + }; +} + +export interface OidcIdToken { + sub?: string; +} + +export interface OidcParams { + sub?: string; +} + +export interface OidcProfile { + id?: string; + sub?: string; +} + export interface ValidateOAuthLoginParams { provider: Provider; thirdPartyId: string; diff --git a/apps/api/src/app/auth/oidc-state.store.ts b/apps/api/src/app/auth/oidc-state.store.ts new file mode 100644 index 000000000..653451166 --- /dev/null +++ b/apps/api/src/app/auth/oidc-state.store.ts @@ -0,0 +1,114 @@ +import ms from 'ms'; + +/** + * Custom state store for OIDC authentication that doesn't rely on express-session. + * This store manages OAuth2 state parameters in memory with automatic cleanup. + */ +export class OidcStateStore { + private readonly STATE_EXPIRY_MS = ms('10 minutes'); + + private stateMap = new Map< + string, + { + appState?: unknown; + ctx: { issued?: Date; maxAge?: number; nonce?: string }; + meta?: unknown; + timestamp: number; + } + >(); + + /** + * Store request state. + * Signature matches passport-openidconnect SessionStore + */ + public store( + _req: unknown, + _meta: unknown, + appState: unknown, + ctx: { maxAge?: number; nonce?: string; issued?: Date }, + callback: (err: Error | null, handle?: string) => void + ) { + try { + // Generate a unique handle for this state + const handle = this.generateHandle(); + + this.stateMap.set(handle, { + appState, + ctx, + meta: _meta, + timestamp: Date.now() + }); + + // Clean up expired states + this.cleanup(); + + callback(null, handle); + } catch (error) { + callback(error as Error); + } + } + + /** + * Verify request state. + * Signature matches passport-openidconnect SessionStore + */ + public verify( + _req: unknown, + handle: string, + callback: ( + err: Error | null, + appState?: unknown, + ctx?: { maxAge?: number; nonce?: string; issued?: Date } + ) => void + ) { + try { + const data = this.stateMap.get(handle); + + if (!data) { + return callback(null, undefined, undefined); + } + + if (Date.now() - data.timestamp > this.STATE_EXPIRY_MS) { + // State has expired + this.stateMap.delete(handle); + return callback(null, undefined, undefined); + } + + // Remove state after verification (one-time use) + this.stateMap.delete(handle); + + callback(null, data.ctx, data.appState); + } catch (error) { + callback(error as Error); + } + } + + /** + * Clean up expired states + */ + private cleanup() { + const now = Date.now(); + const expiredKeys: string[] = []; + + for (const [key, value] of this.stateMap.entries()) { + if (now - value.timestamp > this.STATE_EXPIRY_MS) { + expiredKeys.push(key); + } + } + + for (const key of expiredKeys) { + this.stateMap.delete(key); + } + } + + /** + * Generate a cryptographically secure random handle + */ + private generateHandle() { + return ( + Math.random().toString(36).substring(2, 15) + + Math.random().toString(36).substring(2, 15) + + Date.now().toString(36) + ); + } +} diff --git a/apps/api/src/app/auth/oidc.strategy.ts b/apps/api/src/app/auth/oidc.strategy.ts new file mode 100644 index 000000000..96b284121 --- /dev/null +++ b/apps/api/src/app/auth/oidc.strategy.ts @@ -0,0 +1,69 @@ +import { Injectable, Logger } from '@nestjs/common'; +import { PassportStrategy } from '@nestjs/passport'; +import { Provider } from '@prisma/client'; +import { Request } from 'express'; +import { Strategy, type StrategyOptions } from 'passport-openidconnect'; + +import { AuthService } from './auth.service'; +import { + OidcContext, + OidcIdToken, + OidcParams, + OidcProfile +} from './interfaces/interfaces'; +import { OidcStateStore } from './oidc-state.store'; + +@Injectable() +export class OidcStrategy extends PassportStrategy(Strategy, 'oidc') { + private static readonly stateStore = new OidcStateStore(); + + public constructor( + private readonly authService: AuthService, + options: StrategyOptions + ) { + super({ + ...options, + passReqToCallback: true, + store: OidcStrategy.stateStore + }); + } + + public async validate( + _request: Request, + issuer: string, + profile: OidcProfile, + context: OidcContext, + idToken: OidcIdToken, + _accessToken: string, + _refreshToken: string, + params: OidcParams + ) { + try { + const thirdPartyId = + profile?.id ?? + profile?.sub ?? + idToken?.sub ?? + params?.sub ?? + context?.claims?.sub; + + const jwt = await this.authService.validateOAuthLogin({ + thirdPartyId, + provider: Provider.OIDC + }); + + if (!thirdPartyId) { + Logger.error( + `Missing subject identifier in OIDC response from ${issuer}`, + 'OidcStrategy' + ); + + throw new Error('Missing subject identifier in OIDC response'); + } + + return { jwt }; + } catch (error) { + Logger.error(error, 'OidcStrategy'); + throw error; + } + } +} diff --git a/apps/api/src/app/info/info.service.ts b/apps/api/src/app/info/info.service.ts index 634fc959c..3802e3ef4 100644 --- a/apps/api/src/app/info/info.service.ts +++ b/apps/api/src/app/info/info.service.ts @@ -55,6 +55,10 @@ export class InfoService { globalPermissions.push(permissions.enableAuthGoogle); } + if (this.configurationService.get('ENABLE_FEATURE_AUTH_OIDC')) { + globalPermissions.push(permissions.enableAuthOidc); + } + if (this.configurationService.get('ENABLE_FEATURE_AUTH_TOKEN')) { globalPermissions.push(permissions.enableAuthToken); } diff --git a/apps/api/src/services/configuration/configuration.service.ts b/apps/api/src/services/configuration/configuration.service.ts index f37189569..a91aa6e69 100644 --- a/apps/api/src/services/configuration/configuration.service.ts +++ b/apps/api/src/services/configuration/configuration.service.ts @@ -41,6 +41,7 @@ export class ConfigurationService { default: [] }), ENABLE_FEATURE_AUTH_GOOGLE: bool({ default: false }), + ENABLE_FEATURE_AUTH_OIDC: bool({ default: false }), ENABLE_FEATURE_AUTH_TOKEN: bool({ default: true }), ENABLE_FEATURE_FEAR_AND_GREED_INDEX: bool({ default: false }), ENABLE_FEATURE_GATHER_NEW_EXCHANGE_RATES: bool({ default: true }), @@ -54,9 +55,32 @@ export class ConfigurationService { GOOGLE_SHEETS_ID: str({ default: '' }), GOOGLE_SHEETS_PRIVATE_KEY: str({ default: '' }), HOST: host({ default: DEFAULT_HOST }), - JWT_SECRET_KEY: str({}), + JWT_SECRET_KEY: str(), MAX_ACTIVITIES_TO_IMPORT: num({ default: Number.MAX_SAFE_INTEGER }), MAX_CHART_ITEMS: num({ default: 365 }), + OIDC_AUTHORIZATION_URL: str({ default: '' }), + OIDC_CALLBACK_URL: str({ default: '' }), + OIDC_CLIENT_ID: str({ + default: undefined, + requiredWhen: (env) => { + return env.ENABLE_FEATURE_AUTH_OIDC === true; + } + }), + OIDC_CLIENT_SECRET: str({ + default: undefined, + requiredWhen: (env) => { + return env.ENABLE_FEATURE_AUTH_OIDC === true; + } + }), + OIDC_ISSUER: str({ + default: undefined, + requiredWhen: (env) => { + return env.ENABLE_FEATURE_AUTH_OIDC === true; + } + }), + OIDC_SCOPE: json({ default: ['openid'] }), + OIDC_TOKEN_URL: str({ default: '' }), + OIDC_USER_INFO_URL: str({ default: '' }), PORT: port({ default: DEFAULT_PORT }), PROCESSOR_GATHER_ASSET_PROFILE_CONCURRENCY: num({ default: DEFAULT_PROCESSOR_GATHER_ASSET_PROFILE_CONCURRENCY diff --git a/apps/api/src/services/interfaces/environment.interface.ts b/apps/api/src/services/interfaces/environment.interface.ts index 3a2ac687c..3c03744f1 100644 --- a/apps/api/src/services/interfaces/environment.interface.ts +++ b/apps/api/src/services/interfaces/environment.interface.ts @@ -17,6 +17,7 @@ export interface Environment extends CleanedEnvAccessors { DATA_SOURCES: string[]; DATA_SOURCES_GHOSTFOLIO_DATA_PROVIDER: string[]; ENABLE_FEATURE_AUTH_GOOGLE: boolean; + ENABLE_FEATURE_AUTH_OIDC: boolean; ENABLE_FEATURE_AUTH_TOKEN: boolean; ENABLE_FEATURE_FEAR_AND_GREED_INDEX: boolean; ENABLE_FEATURE_GATHER_NEW_EXCHANGE_RATES: boolean; @@ -32,6 +33,14 @@ export interface Environment extends CleanedEnvAccessors { JWT_SECRET_KEY: string; MAX_ACTIVITIES_TO_IMPORT: number; MAX_CHART_ITEMS: number; + OIDC_AUTHORIZATION_URL: string; + OIDC_CALLBACK_URL: string; + OIDC_CLIENT_ID: string; + OIDC_CLIENT_SECRET: string; + OIDC_ISSUER: string; + OIDC_SCOPE: string[]; + OIDC_TOKEN_URL: string; + OIDC_USER_INFO_URL: string; PORT: number; PROCESSOR_GATHER_ASSET_PROFILE_CONCURRENCY: number; PROCESSOR_GATHER_HISTORICAL_MARKET_DATA_CONCURRENCY: number; diff --git a/apps/client/src/app/components/header/header.component.ts b/apps/client/src/app/components/header/header.component.ts index 9fb9a8351..80239d56f 100644 --- a/apps/client/src/app/components/header/header.component.ts +++ b/apps/client/src/app/components/header/header.component.ts @@ -105,6 +105,7 @@ export class GfHeaderComponent implements OnChanges { public hasFilters: boolean; public hasImpersonationId: boolean; public hasPermissionForAuthGoogle: boolean; + public hasPermissionForAuthOidc: boolean; public hasPermissionForAuthToken: boolean; public hasPermissionForSubscription: boolean; public hasPermissionToAccessAdminControl: boolean; @@ -170,6 +171,11 @@ export class GfHeaderComponent implements OnChanges { permissions.enableAuthGoogle ); + this.hasPermissionForAuthOidc = hasPermission( + this.info?.globalPermissions, + permissions.enableAuthOidc + ); + this.hasPermissionForAuthToken = hasPermission( this.info?.globalPermissions, permissions.enableAuthToken @@ -286,6 +292,7 @@ export class GfHeaderComponent implements OnChanges { data: { accessToken: '', hasPermissionToUseAuthGoogle: this.hasPermissionForAuthGoogle, + hasPermissionToUseAuthOidc: this.hasPermissionForAuthOidc, hasPermissionToUseAuthToken: this.hasPermissionForAuthToken, title: $localize`Sign in` }, diff --git a/apps/client/src/app/components/login-with-access-token-dialog/interfaces/interfaces.ts b/apps/client/src/app/components/login-with-access-token-dialog/interfaces/interfaces.ts index c7c4ab3fd..e9222e142 100644 --- a/apps/client/src/app/components/login-with-access-token-dialog/interfaces/interfaces.ts +++ b/apps/client/src/app/components/login-with-access-token-dialog/interfaces/interfaces.ts @@ -1,6 +1,7 @@ export interface LoginWithAccessTokenDialogParams { accessToken: string; hasPermissionToUseAuthGoogle: boolean; + hasPermissionToUseAuthOidc: boolean; hasPermissionToUseAuthToken: boolean; title: string; } diff --git a/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html b/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html index bc232cfb7..cf5611ef7 100644 --- a/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html +++ b/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html @@ -45,6 +45,17 @@ >
} + + @if (data.hasPermissionToUseAuthOidc) { +
+ Sign in with OIDC +
+ }
diff --git a/libs/common/src/lib/permissions.ts b/libs/common/src/lib/permissions.ts index 597c27690..2e244568c 100644 --- a/libs/common/src/lib/permissions.ts +++ b/libs/common/src/lib/permissions.ts @@ -29,6 +29,7 @@ export const permissions = { deleteUser: 'deleteUser', deleteWatchlistItem: 'deleteWatchlistItem', enableAuthGoogle: 'enableAuthGoogle', + enableAuthOidc: 'enableAuthOidc', enableAuthToken: 'enableAuthToken', enableDataProviderGhostfolio: 'enableDataProviderGhostfolio', enableFearAndGreedIndex: 'enableFearAndGreedIndex', @@ -159,6 +160,7 @@ export function filterGlobalPermissions( return globalPermissions.filter((permission) => { return ( permission !== permissions.enableAuthGoogle && + permission !== permissions.enableAuthOidc && permission !== permissions.enableSubscription ); }); diff --git a/package-lock.json b/package-lock.json index 6a3829a1d..faa39e722 100644 --- a/package-lock.json +++ b/package-lock.json @@ -83,6 +83,7 @@ "passport-google-oauth20": "2.0.0", "passport-headerapikey": "1.2.2", "passport-jwt": "4.0.1", + "passport-openidconnect": "0.1.2", "reflect-metadata": "0.2.2", "rxjs": "7.8.1", "stripe": "18.5.0", @@ -129,6 +130,7 @@ "@types/node": "22.15.17", "@types/papaparse": "5.3.7", "@types/passport-google-oauth20": "2.0.16", + "@types/passport-openidconnect": "0.1.3", "@typescript-eslint/eslint-plugin": "8.43.0", "@typescript-eslint/parser": "8.43.0", "eslint": "9.35.0", @@ -14502,6 +14504,30 @@ "@types/passport": "*" } }, + "node_modules/@types/passport-openidconnect": { + "version": "0.1.3", + "resolved": "https://registry.npmjs.org/@types/passport-openidconnect/-/passport-openidconnect-0.1.3.tgz", + "integrity": "sha512-k1Ni7bG/9OZNo2Qpjg2W6GajL+pww6ZPaNWMXfpteCX4dXf4QgaZLt2hjR5IiPrqwBT9+W8KjCTJ/uhGIoBx/g==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/express": "*", + "@types/oauth": "*", + "@types/passport": "*", + "@types/passport-strategy": "*" + } + }, + "node_modules/@types/passport-strategy": { + "version": "0.2.38", + "resolved": "https://registry.npmjs.org/@types/passport-strategy/-/passport-strategy-0.2.38.tgz", + "integrity": "sha512-GC6eMqqojOooq993Tmnmp7AUTbbQSgilyvpCYQjT+H6JfG/g6RGc7nXEniZlp0zyKJ0WUdOiZWLBZft9Yug1uA==", + "dev": true, + "license": "MIT", + "dependencies": { + "@types/express": "*", + "@types/passport": "*" + } + }, "node_modules/@types/qs": { "version": "6.14.0", "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz", @@ -34723,6 +34749,23 @@ "url": "https://github.com/sponsors/jaredhanson" } }, + "node_modules/passport-openidconnect": { + "version": "0.1.2", + "resolved": "https://registry.npmjs.org/passport-openidconnect/-/passport-openidconnect-0.1.2.tgz", + "integrity": "sha512-JX3rTyW+KFZ/E9OF/IpXJPbyLO9vGzcmXB5FgSP2jfL3LGKJPdV7zUE8rWeKeeI/iueQggOeFa3onrCmhxXZTg==", + "license": "MIT", + "dependencies": { + "oauth": "0.10.x", + "passport-strategy": "1.x.x" + }, + "engines": { + "node": ">= 0.6.0" + }, + "funding": { + "type": "github", + "url": "https://github.com/sponsors/jaredhanson" + } + }, "node_modules/passport-strategy": { "version": "1.0.0", "resolved": "https://registry.npmjs.org/passport-strategy/-/passport-strategy-1.0.0.tgz", diff --git a/package.json b/package.json index 5dae615b8..843091424 100644 --- a/package.json +++ b/package.json @@ -127,6 +127,7 @@ "passport-google-oauth20": "2.0.0", "passport-headerapikey": "1.2.2", "passport-jwt": "4.0.1", + "passport-openidconnect": "0.1.2", "reflect-metadata": "0.2.2", "rxjs": "7.8.1", "stripe": "18.5.0", @@ -173,6 +174,7 @@ "@types/node": "22.15.17", "@types/papaparse": "5.3.7", "@types/passport-google-oauth20": "2.0.16", + "@types/passport-openidconnect": "0.1.3", "@typescript-eslint/eslint-plugin": "8.43.0", "@typescript-eslint/parser": "8.43.0", "eslint": "9.35.0", diff --git a/prisma/migrations/20251103162035_added_oidc_to_provider/migration.sql b/prisma/migrations/20251103162035_added_oidc_to_provider/migration.sql new file mode 100644 index 000000000..f71f6eded --- /dev/null +++ b/prisma/migrations/20251103162035_added_oidc_to_provider/migration.sql @@ -0,0 +1,2 @@ +-- AlterEnum +ALTER TYPE "Provider" ADD VALUE 'OIDC'; diff --git a/prisma/schema.prisma b/prisma/schema.prisma index 72ec79008..232dde9ca 100644 --- a/prisma/schema.prisma +++ b/prisma/schema.prisma @@ -335,6 +335,7 @@ enum Provider { ANONYMOUS GOOGLE INTERNET_IDENTITY + OIDC } enum Role { From e20530d5f041061599f63aa0e24d8bee1dd8980e Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:04:53 +0100 Subject: [PATCH 15/17] Task/activate 3d hover effect in account membership overview (#6039) * Activate 3d hover effect --- .../user-account-membership/user-account-membership.html | 1 + 1 file changed, 1 insertion(+) diff --git a/apps/client/src/app/components/user-account-membership/user-account-membership.html b/apps/client/src/app/components/user-account-membership/user-account-membership.html index 351d5608a..31d239215 100644 --- a/apps/client/src/app/components/user-account-membership/user-account-membership.html +++ b/apps/client/src/app/components/user-account-membership/user-account-membership.html @@ -5,6 +5,7 @@ From 5ccfbc31aef808bdd9d41b855963bc4978293c03 Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Sun, 7 Dec 2025 10:07:47 +0100 Subject: [PATCH 16/17] Release 2.222.0 (#6041) --- CHANGELOG.md | 2 +- package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7b3f93910..cf976e909 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## Unreleased +## 2.222.0 - 2025-12-07 ### Added diff --git a/package-lock.json b/package-lock.json index faa39e722..61f38db9f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "ghostfolio", - "version": "2.221.0", + "version": "2.222.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "ghostfolio", - "version": "2.221.0", + "version": "2.222.0", "hasInstallScript": true, "license": "AGPL-3.0", "dependencies": { diff --git a/package.json b/package.json index 843091424..d0ee2c084 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ghostfolio", - "version": "2.221.0", + "version": "2.222.0", "homepage": "https://ghostfol.io", "license": "AGPL-3.0", "repository": "https://github.com/ghostfolio/ghostfolio", From 0f7e5a25042ca85b9ade9d993084c1c2139b166f Mon Sep 17 00:00:00 2001 From: Thomas Kaul <4159106+dtslvr@users.noreply.github.com> Date: Sun, 7 Dec 2025 21:16:44 +0100 Subject: [PATCH 17/17] Task/improve OIDC login button label (#6043) * Improve label --- .../login-with-access-token-dialog.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html b/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html index cf5611ef7..78604456b 100644 --- a/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html +++ b/apps/client/src/app/components/login-with-access-token-dialog/login-with-access-token-dialog.html @@ -52,7 +52,7 @@ class="px-4 rounded-pill" href="../api/auth/oidc" mat-stroked-button - >Sign in with OIDCSign in with OpenID Connect
}