Merge branch 'main' of github.com:ghostfolio/ghostfolio

* Rename AuthDevice to authDevices in User database schema

* Update changelog

.env.dev

@@ -0,0 +1,24 @@
+COMPOSE_PROJECT_NAME=ghostfolio-development
+
+# CACHE
+REDIS_HOST=localhost
+REDIS_PORT=6379
+REDIS_PASSWORD=<INSERT_REDIS_PASSWORD>
+
+# POSTGRES
+POSTGRES_DB=ghostfolio-db
+POSTGRES_USER=user
+POSTGRES_PASSWORD=<INSERT_POSTGRES_PASSWORD>
+
+# VARIOUS
+ACCESS_TOKEN_SALT=<INSERT_RANDOM_STRING>
+DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer
+JWT_SECRET_KEY=<INSERT_RANDOM_STRING>
+
+# DEVELOPMENT
+
+# Nx 18 enables using plugins to infer targets by default
+# This is disabled for existing workspaces to maintain compatibility
+# For more info, see: https://nx.dev/concepts/inferred-tasks
+NX_ADD_PLUGINS=false
+

.env.example

@@ -1,7 +1,7 @@
-COMPOSE_PROJECT_NAME=ghostfolio-development
+COMPOSE_PROJECT_NAME=ghostfolio
 
 # CACHE
-REDIS_HOST=localhost
+REDIS_HOST=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=<INSERT_REDIS_PASSWORD>
 
@@ -10,6 +10,7 @@ POSTGRES_DB=ghostfolio-db
 POSTGRES_USER=user
 POSTGRES_PASSWORD=<INSERT_POSTGRES_PASSWORD>
 
+# VARIOUS
 ACCESS_TOKEN_SALT=<INSERT_RANDOM_STRING>
-DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer
+DATABASE_URL=postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/${POSTGRES_DB}?connect_timeout=300&sslmode=prefer
 JWT_SECRET_KEY=<INSERT_RANDOM_STRING>

.eslintrc.json

@@ -1,118 +0,0 @@
-{
-  "root": true,
-  "ignorePatterns": ["**/*"],
-  "plugins": ["@nx"],
-  "overrides": [
-    {
-      "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
-      "rules": {
-        "@nx/enforce-module-boundaries": [
-          "error",
-          {
-            "enforceBuildableLibDependency": true,
-            "allow": [],
-            "depConstraints": [
-              {
-                "sourceTag": "*",
-                "onlyDependOnLibsWithTags": ["*"]
-              }
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "files": ["*.ts", "*.tsx"],
-      "extends": ["plugin:@nx/typescript"],
-      "rules": {}
-    },
-    {
-      "files": ["*.js", "*.jsx"],
-      "extends": ["plugin:@nx/javascript"],
-      "rules": {}
-    },
-    {
-      "files": ["*.ts"],
-      "plugins": ["eslint-plugin-import", "@typescript-eslint"],
-      "rules": {
-        "@typescript-eslint/consistent-type-definitions": "error",
-        "@typescript-eslint/dot-notation": "off",
-        "@typescript-eslint/explicit-member-accessibility": [
-          "off",
-          {
-            "accessibility": "explicit"
-          }
-        ],
-        "@typescript-eslint/member-ordering": "error",
-        "@typescript-eslint/naming-convention": "off",
-        "@typescript-eslint/no-empty-function": "off",
-        "@typescript-eslint/no-empty-interface": "error",
-        "@typescript-eslint/no-inferrable-types": [
-          "error",
-          {
-            "ignoreParameters": true
-          }
-        ],
-        "@typescript-eslint/no-misused-new": "error",
-        "@typescript-eslint/no-non-null-assertion": "error",
-        "@typescript-eslint/no-shadow": [
-          "error",
-          {
-            "hoist": "all"
-          }
-        ],
-        "@typescript-eslint/no-unused-expressions": "error",
-        "@typescript-eslint/prefer-function-type": "error",
-        "@typescript-eslint/unified-signatures": "error",
-        "arrow-body-style": "off",
-        "constructor-super": "error",
-        "eqeqeq": ["error", "smart"],
-        "guard-for-in": "error",
-        "id-blacklist": "off",
-        "id-match": "off",
-        "import/no-deprecated": "warn",
-        "no-bitwise": "error",
-        "no-caller": "error",
-        "no-console": [
-          "error",
-          {
-            "allow": [
-              "log",
-              "warn",
-              "dir",
-              "timeLog",
-              "assert",
-              "clear",
-              "count",
-              "countReset",
-              "group",
-              "groupEnd",
-              "table",
-              "dirxml",
-              "error",
-              "groupCollapsed",
-              "Console",
-              "profile",
-              "profileEnd",
-              "timeStamp",
-              "context"
-            ]
-          }
-        ],
-        "no-debugger": "error",
-        "no-empty": "off",
-        "no-eval": "error",
-        "no-fallthrough": "error",
-        "no-new-wrappers": "error",
-        "no-restricted-imports": ["error", "rxjs/Rx"],
-        "no-throw-literal": "error",
-        "no-undef-init": "error",
-        "no-underscore-dangle": "off",
-        "no-var": "error",
-        "prefer-const": "error",
-        "radix": "error"
-      }
-    }
-  ],
-  "extends": [null, "plugin:storybook/recommended"]
-}

.github/ISSUE_TEMPLATE/bug_report.md

@@ -6,7 +6,13 @@ labels: ''
 assignees: ''
 ---
 
-The Issue tracker is **ONLY** used for reporting bugs. New features should be discussed in our [Slack](https://join.slack.com/t/ghostfolio/shared_invite/zt-vsaan64h-F_I0fEo5M0P88lP9ibCxFg) community or in [Discussions](https://github.com/ghostfolio/ghostfolio/discussions).
+**Important Notice**
+
+The issue tracker is **ONLY** used for reporting bugs. New features should be discussed in our [Slack](https://join.slack.com/t/ghostfolio/shared_invite/zt-vsaan64h-F_I0fEo5M0P88lP9ibCxFg) community or in [Discussions](https://github.com/ghostfolio/ghostfolio/discussions).
+
+Incomplete or non-reproducible issues may be closed, but we are here to help! If you encounter difficulties reproducing the bug or need assistance, please reach out to our community channels mentioned above.
+
+Thank you for your understanding and cooperation!
 
 **Bug Description**
 
@@ -20,7 +26,7 @@ The Issue tracker is **ONLY** used for reporting bugs. New features should be di
 2.
 3.
 
-**Expected behavior**
+**Expected Behavior**
 
 <!-- A clear and concise description of what you expected to happen. -->
 
@@ -36,11 +42,12 @@ The Issue tracker is **ONLY** used for reporting bugs. New features should be di
 
 <!-- Please complete the following information -->
 
-- Cloud or Self-hosted
 - Ghostfolio Version X.Y.Z
+- Cloud or Self-hosted
+- Experimental Features enabled or disabled
 - Browser
 - OS
 
-**Additional context**
+**Additional Context**
 
 <!-- Add any other context about the problem here. -->

.github/workflows/build-code.yml

@@ -13,7 +13,7 @@ jobs:
     strategy:
       matrix:
         node_version:
-          - 18
+          - 22
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -24,16 +24,19 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version: ${{ matrix.node_version }}
-          cache: 'yarn'
+          cache: 'npm'
 
       - name: Install dependencies
-        run: yarn install --frozen-lockfile
+        run: npm ci
+
+      - name: Check code style
+        run: npm run lint
 
       - name: Check formatting
-        run: yarn format:check
+        run: npm run format:check
 
       - name: Execute tests
-        run: yarn test
+        run: npm test
 
       - name: Build application
-        run: yarn build:production
+        run: npm run build:production

.github/workflows/docker-image.yml

@@ -4,9 +4,12 @@ on:
   push:
     tags:
       - '*.*.*'
+    branches:
+      - 'main'
   pull_request:
     branches:
       - 'main'
+  workflow_dispatch:
 
 jobs:
   build_and_push:
@@ -15,14 +18,11 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Docker metadata
+      - name: Get Meta
         id: meta
-        uses: docker/metadata-action@v4
-        with:
-          images: ghostfolio/ghostfolio
-          tags: |
-            type=semver,pattern={{major}}
-            type=semver,pattern={{version}}
+        run: |
+          echo REPO_NAME=$(echo ${GITHUB_REPOSITORY} | awk -F"/" '{print $2}') >> $GITHUB_OUTPUT
+          echo REPO_VERSION=$(git describe --tags --always | sed 's/^v//') >> $GITHUB_OUTPUT
 
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
@@ -35,16 +35,36 @@ jobs:
         if: github.event_name != 'pull_request'
         uses: docker/login-action@v2
         with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
+          registry: gitea.suda.codes
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
 
       - name: Build and push
         uses: docker/build-push-action@v3
         with:
           context: .
-          platforms: linux/amd64,linux/arm/v7,linux/arm64
+          # platforms: linux/amd64,linux/arm/v7,linux/arm64
+          platforms: linux/amd64
           push: ${{ github.event_name != 'pull_request' }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.output.labels }}
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
+          tags: |
+            gitea.suda.codes/sudacode/${{ steps.meta.outputs.REPO_NAME }}:${{ steps.meta.outputs.REPO_VERSION }}
+            gitea.suda.codes/sudacode/${{ steps.meta.outputs.REPO_NAME }}:latest
+          cache-from: type=local,src=${{ runner.temp }}/.buildx-cache
+          cache-to: type=local,dest=${{ runner.temp }}/.buildx-cache-new,mode=max
+
+      - # Temp fix
+        # https://github.com/docker/build-push-action/issues/252
+        # https://github.com/moby/buildkit/issues/1896
+        name: Move cache
+        run: |
+          rm -rf ${{ runner.temp }}/.buildx-cache
+          mv ${{ runner.temp }}/.buildx-cache-new ${{ runner.temp }}/.buildx-cache
+
+      - name: Invoke deployment hook
+        uses: distributhor/workflow-webhook@v3
+        with:
+          webhook_url: ${{ secrets.WEBHOOK_URL }}
+          webhook_auth: ${{ secrets.WEBHOOK_AUTH }}
+          webhook_secret: ${{ secrets.WEBHOOK_SECRET }}
+          webhook_auth_type: bearer
+

.gitignore

@@ -1,12 +1,14 @@
 # See http://help.github.com/ignore-files/ for more about ignoring files.
 
+scripts/*
+
 # compiled output
 /out-tsc
 /tmp
 
 # dependencies
-/.yarn
 /node_modules
+npm-debug.log
 
 # IDEs and editors
 /.idea
@@ -25,18 +27,19 @@
 
 # misc
 /.angular/cache
+.cursor/rules/nx-rules.mdc
 .env
 .env.prod
+.github/instructions/nx.instructions.md
 .nx/cache
+.nx/workspace-data
 /.sass-cache
 /connect.lock
 /coverage
 /dist
 /libpeerconnection.log
-npm-debug.log
 testem.log
 /typings
-yarn-error.log
 
 # System Files
 .DS_Store

.husky/pre-commit

@@ -0,0 +1,6 @@
+# Run linting and stop the commit process if any errors are found
+# --quiet suppresses warnings (temporary until all warnings are fixed)
+npm run affected:lint --base=main --head=HEAD --parallel=2 --quiet || exit 1
+
+# Check formatting on modified and uncommitted files, stop the commit if issues are found
+npm run format:check --uncommitted || exit 1

.nvmrc

@@ -1 +1 @@
-v18
+v22

.prettierignore

@@ -1,3 +1,5 @@
 /.nx/cache
+/.nx/workspace-data
+/apps/client/src/polyfills.ts
 /dist
 /test/import

.prettierrc

@@ -9,7 +9,26 @@
   ],
   "attributeSort": "ASC",
   "endOfLine": "auto",
-  "plugins": ["prettier-plugin-organize-attributes"],
+  "importOrder": ["^@ghostfolio/(.*)$", "<THIRD_PARTY_MODULES>", "^[./]"],
+  "importOrderSeparation": true,
+  "overrides": [
+    {
+      "files": "*.html",
+      "options": {
+        "parser": "angular"
+      }
+    },
+    {
+      "files": "*.ts",
+      "options": {
+        "importOrderParserPlugins": ["decorators-legacy", "typescript"]
+      }
+    }
+  ],
+  "plugins": [
+    "prettier-plugin-organize-attributes",
+    "@trivago/prettier-plugin-sort-imports"
+  ],
   "printWidth": 80,
   "singleQuote": true,
   "tabWidth": 2,

.vscode/settings.json

@@ -1,4 +1,7 @@
 {
   "editor.defaultFormatter": "esbenp.prettier-vscode",
-  "editor.formatOnSave": true
+  "editor.formatOnSave": true,
+  "vim.highlightedyank.enable": true,
+  "vim.hlsearch": true,
+  "vim.leader": "<space>", 
 }

.yarnrc

@@ -1 +0,0 @@
-network-timeout 600000

DEVELOPMENT.md

@@ -1,5 +1,59 @@
 # Ghostfolio Development Guide
 
+## Development Environment
+
+### Prerequisites
+
+- [Docker](https://www.docker.com/products/docker-desktop)
+- [Node.js](https://nodejs.org/en/download) (version 22+)
+- Create a local copy of this Git repository (clone)
+- Copy the file `.env.dev` to `.env` and populate it with your data (`cp .env.dev .env`)
+
+### Setup
+
+1. Run `npm install`
+1. Run `docker compose -f docker/docker-compose.dev.yml up -d` to start [PostgreSQL](https://www.postgresql.org) and [Redis](https://redis.io)
+1. Run `npm run database:setup` to initialize the database schema
+1. Start the [server](#start-server) and the [client](#start-client)
+1. Open https://localhost:4200/en in your browser
+1. Create a new user via _Get Started_ (this first user will get the role `ADMIN`)
+
+### Start Server
+
+#### Debug
+
+Run `npm run watch:server` and click _Debug API_ in [Visual Studio Code](https://code.visualstudio.com)
+
+#### Serve
+
+Run `npm run start:server`
+
+### Start Client
+
+#### English (Default)
+
+Run `npm run start:client` and open https://localhost:4200/en in your browser.
+
+#### Other Languages
+
+To start the client in a different language, such as German (`de`), adapt the `start:client` script in the `package.json` file by changing `--configuration=development-en` to `--configuration=development-de`. Then, run `npm run start:client` and open https://localhost:4200/de in your browser.
+
+### Start _Storybook_
+
+Run `npm run start:storybook`
+
+### Migrate Database
+
+With the following command you can keep your database schema in sync:
+
+```bash
+npm run database:push
+```
+
+## Testing
+
+Run `npm test`
+
 ## Experimental Features
 
 New functionality can be enabled using a feature flag switch from the user settings.
@@ -10,7 +64,11 @@ Remove permission in `UserService` using `without()`
 
 ### Frontend
 
-Use `*ngIf="user?.settings?.isExperimentalFeatures"` in HTML template
+Use `@if (user?.settings?.isExperimentalFeatures) {}` in HTML template
+
+## Component Library (_Storybook_)
+
+https://ghostfol.io/development/storybook
 
 ## Git
 
@@ -30,26 +88,35 @@ Use `*ngIf="user?.settings?.isExperimentalFeatures"` in HTML template
 
 #### Upgrade
 
-1. Run `yarn nx migrate latest`
-1. Make sure `package.json` changes make sense and then run `yarn install`
-1. Run `yarn nx migrate --run-migrations` (Run `YARN_NODE_LINKER="node-modules" NX_MIGRATE_SKIP_INSTALL=1 yarn nx migrate --run-migrations` due to https://github.com/nrwl/nx/issues/16338)
+1. Run `npx nx migrate latest`
+1. Make sure `package.json` changes make sense and then run `npm install`
+1. Run `npx nx migrate --run-migrations`
 
 ### Prisma
 
 #### Access database via GUI
 
-Run `yarn database:gui`
+Run `npm run database:gui`
 
 https://www.prisma.io/studio
 
 #### Synchronize schema with database for prototyping
 
-Run `yarn database:push`
+Run `npm run database:push`
 
 https://www.prisma.io/docs/concepts/components/prisma-migrate/db-push
 
 #### Create schema migration
 
-Run `yarn prisma migrate dev --name added_job_title`
+Run `npm run prisma migrate dev --name added_job_title`
 
 https://www.prisma.io/docs/concepts/components/prisma-migrate#getting-started-with-prisma-migrate
+
+## SSL
+
+Generate `localhost.cert` and `localhost.pem` files.
+
+```
+openssl req -x509 -newkey rsa:2048 -nodes -keyout apps/client/localhost.pem -out apps/client/localhost.cert -days 365 \
+  -subj "/C=CH/ST=State/L=City/O=Organization/OU=Unit/CN=localhost"
+```

Dockerfile

@@ -1,61 +1,68 @@
-FROM --platform=$BUILDPLATFORM node:18-slim as builder
+FROM --platform=$BUILDPLATFORM node:22-slim AS builder
 
 # Build application and add additional files
 WORKDIR /ghostfolio
 
+RUN apt-get update && apt-get install -y --no-install-suggests \
+  g++ \
+  git \
+  make \
+  openssl \
+  python3 \
+  && rm -rf /var/lib/apt/lists/*
+
 # Only add basic files without the application itself to avoid rebuilding
 # layers when files (package.json etc.) have not changed
 COPY ./CHANGELOG.md CHANGELOG.md
 COPY ./LICENSE LICENSE
 COPY ./package.json package.json
-COPY ./yarn.lock yarn.lock
-COPY ./.yarnrc .yarnrc
+COPY ./package-lock.json package-lock.json
 COPY ./prisma/schema.prisma prisma/schema.prisma
 
-RUN apt update && apt install -y \
-    git \
-    g++ \
-    make \
-    openssl \
-    python3 \
-    && rm -rf /var/lib/apt/lists/*
-RUN yarn install
+RUN npm install
 
 # See https://github.com/nrwl/nx/issues/6586 for further details
 COPY ./decorate-angular-cli.js decorate-angular-cli.js
 RUN node decorate-angular-cli.js
 
-COPY ./nx.json nx.json
-COPY ./replace.build.js replace.build.js
-COPY ./jest.preset.js jest.preset.js
-COPY ./jest.config.ts jest.config.ts
-COPY ./tsconfig.base.json tsconfig.base.json
-COPY ./libs libs
 COPY ./apps apps
+COPY ./libs libs
+COPY ./jest.config.ts jest.config.ts
+COPY ./jest.preset.js jest.preset.js
+COPY ./nx.json nx.json
+COPY ./replace.build.mjs replace.build.mjs
+COPY ./tsconfig.base.json tsconfig.base.json
 
-RUN yarn build:production
+ENV NX_DAEMON=false
+RUN npm run build:production
 
 # Prepare the dist image with additional node_modules
 WORKDIR /ghostfolio/dist/apps/api
 # package.json was generated by the build process, however the original
-# yarn.lock needs to be used to ensure the same versions
-COPY ./yarn.lock /ghostfolio/dist/apps/api/yarn.lock
+# package-lock.json needs to be used to ensure the same versions
+COPY ./package-lock.json /ghostfolio/dist/apps/api/package-lock.json
 
-RUN yarn
+RUN npm install
 COPY prisma /ghostfolio/dist/apps/api/prisma
 
 # Overwrite the generated package.json with the original one to ensure having
-# all the scripts
+# all the scripts
 COPY package.json /ghostfolio/dist/apps/api
-RUN yarn database:generate-typings
+RUN npm run database:generate-typings
 
 # Image to run, copy everything needed from builder
-FROM node:18-slim
-RUN apt update && apt install -y \
+FROM node:22-slim
+LABEL org.opencontainers.image.source="https://github.com/ghostfolio/ghostfolio"
+ENV NODE_ENV=production
+
+RUN apt-get update && apt-get install -y --no-install-suggests \
+  curl \
   openssl \
   && rm -rf /var/lib/apt/lists/*
 
-COPY --from=builder /ghostfolio/dist/apps /ghostfolio/apps
+COPY --chown=node:node --from=builder /ghostfolio/dist/apps /ghostfolio/apps
+COPY --chown=node:node ./docker/entrypoint.sh /ghostfolio/entrypoint.sh
 WORKDIR /ghostfolio/apps/api
 EXPOSE ${PORT:-3333}
-CMD [ "yarn", "start:production" ]
+USER node
+CMD [ "/ghostfolio/entrypoint.sh" ]

README.md

@@ -7,13 +7,11 @@
 **Open Source Wealth Management Software**
 
 [**Ghostfol.io**](https://ghostfol.io) | [**Live Demo**](https://ghostfol.io/en/demo) | [**Ghostfolio Premium**](https://ghostfol.io/en/pricing) | [**FAQ**](https://ghostfol.io/en/faq) |
-[**Blog**](https://ghostfol.io/en/blog) | [**Slack**](https://join.slack.com/t/ghostfolio/shared_invite/zt-vsaan64h-F_I0fEo5M0P88lP9ibCxFg) | [**Twitter**](https://twitter.com/ghostfolio_)
+[**Blog**](https://ghostfol.io/en/blog) | [**LinkedIn**](https://www.linkedin.com/company/ghostfolio) | [**Slack**](https://join.slack.com/t/ghostfolio/shared_invite/zt-vsaan64h-F_I0fEo5M0P88lP9ibCxFg) | [**X**](https://x.com/ghostfolio_)
 
 [![Shield: Buy me a coffee](https://img.shields.io/badge/Buy%20me%20a%20coffee-Support-yellow?logo=buymeacoffee)](https://www.buymeacoffee.com/ghostfolio)
-[![Shield: Contributions Welcome](https://img.shields.io/badge/Contributions-Welcome-orange.svg)](#contributing)
-[![Shield: License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-blue.svg)](https://www.gnu.org/licenses/agpl-3.0)
-
-New: [Ghostfolio 2.0](https://ghostfol.io/en/blog/2023/09/ghostfolio-2)
+[![Shield: Contributions Welcome](https://img.shields.io/badge/Contributions-Welcome-limegreen.svg)](#contributing) [![Shield: Docker Pulls](https://img.shields.io/docker/pulls/ghostfolio/ghostfolio?label=Docker%20Pulls)](https://hub.docker.com/r/ghostfolio/ghostfolio)
+[![Shield: License: AGPL v3](https://img.shields.io/badge/License-AGPL%20v3-orange.svg)](https://www.gnu.org/licenses/agpl-3.0)
 
 </div>
 
@@ -49,7 +47,7 @@ Ghostfolio is for you if you are...
 
 - ✅ Create, update and delete transactions
 - ✅ Multi account management
-- ✅ Portfolio performance for `Today`, `YTD`, `1Y`, `5Y`, `Max`
+- ✅ Portfolio performance: Return on Average Investment (ROAI) for `Today`, `WTD`, `MTD`, `YTD`, `1Y`, `5Y`, `Max`
 - ✅ Various charts
 - ✅ Static analysis to identify potential risks in your portfolio
 - ✅ Import and export transactions
@@ -73,7 +71,7 @@ The backend is based on [NestJS](https://nestjs.com) using [PostgreSQL](https://
 
 ### Frontend
 
-The frontend is built with [Angular](https://angular.io) and uses [Angular Material](https://material.angular.io) with utility classes from [Bootstrap](https://getbootstrap.com).
+The frontend is built with [Angular](https://angular.dev) and uses [Angular Material](https://material.angular.io) with utility classes from [Bootstrap](https://getbootstrap.com).
 
 ## Self-hosting
 
@@ -87,19 +85,24 @@ We provide official container images hosted on [Docker Hub](https://hub.docker.c
 
 ### Supported Environment Variables
 
-| Name                | Default Value | Description                                                                                                                         |
-| ------------------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
-| `ACCESS_TOKEN_SALT` |               | A random string used as salt for access tokens                                                                                      |
-| `DATABASE_URL`      |               | The database connection URL, e.g. `postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}?sslmode=prefer` |
-| `HOST`              | `0.0.0.0`     | The host where the Ghostfolio application will run on                                                                               |
-| `JWT_SECRET_KEY`    |               | A random string used for _JSON Web Tokens_ (JWT)                                                                                    |
-| `PORT`              | `3333`        | The port where the Ghostfolio application will run on                                                                               |
-| `POSTGRES_DB`       |               | The name of the _PostgreSQL_ database                                                                                               |
-| `POSTGRES_PASSWORD` |               | The password of the _PostgreSQL_ database                                                                                           |
-| `POSTGRES_USER`     |               | The user of the _PostgreSQL_ database                                                                                               |
-| `REDIS_HOST`        |               | The host where _Redis_ is running                                                                                                   |
-| `REDIS_PASSWORD`    |               | The password of _Redis_                                                                                                             |
-| `REDIS_PORT`        |               | The port where _Redis_ is running                                                                                                   |
+| Name                     | Type                  | Default Value | Description                                                                                                                         |
+| ------------------------ | --------------------- | ------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| `ACCESS_TOKEN_SALT`      | `string`              |               | A random string used as salt for access tokens                                                                                      |
+| `API_KEY_COINGECKO_DEMO` | `string` (optional)   |               | The _CoinGecko_ Demo API key                                                                                                        |
+| `API_KEY_COINGECKO_PRO`  | `string` (optional)   |               | The _CoinGecko_ Pro API key                                                                                                         |
+| `DATABASE_URL`           | `string`              |               | The database connection URL, e.g. `postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:5432/${POSTGRES_DB}?sslmode=prefer` |
+| `HOST`                   | `string` (optional)   | `0.0.0.0`     | The host where the Ghostfolio application will run on                                                                               |
+| `JWT_SECRET_KEY`         | `string`              |               | A random string used for _JSON Web Tokens_ (JWT)                                                                                    |
+| `LOG_LEVELS`             | `string[]` (optional) |               | The logging levels for the Ghostfolio application, e.g. `["debug","error","log","warn"]`                                            |
+| `PORT`                   | `number` (optional)   | `3333`        | The port where the Ghostfolio application will run on                                                                               |
+| `POSTGRES_DB`            | `string`              |               | The name of the _PostgreSQL_ database                                                                                               |
+| `POSTGRES_PASSWORD`      | `string`              |               | The password of the _PostgreSQL_ database                                                                                           |
+| `POSTGRES_USER`          | `string`              |               | The user of the _PostgreSQL_ database                                                                                               |
+| `REDIS_DB`               | `number` (optional)   | `0`           | The database index of _Redis_                                                                                                       |
+| `REDIS_HOST`             | `string`              |               | The host where _Redis_ is running                                                                                                   |
+| `REDIS_PASSWORD`         | `string`              |               | The password of _Redis_                                                                                                             |
+| `REDIS_PORT`             | `number`              |               | The port where _Redis_ is running                                                                                                   |
+| `REQUEST_TIMEOUT`        | `number` (optional)   | `2000`        | The timeout of network requests to data providers in milliseconds                                                                   |
 
 ### Run with Docker Compose
 
@@ -115,7 +118,7 @@ We provide official container images hosted on [Docker Hub](https://hub.docker.c
 Run the following command to start the Docker images from [Docker Hub](https://hub.docker.com/r/ghostfolio/ghostfolio):
 
 ```bash
-docker-compose --env-file ./.env -f docker/docker-compose.yml up -d
+docker compose -f docker/docker-compose.yml up -d
 ```
 
 #### b. Build and run environment
@@ -123,8 +126,8 @@ docker-compose --env-file ./.env -f docker/docker-compose.yml up -d
 Run the following commands to build and start the Docker images:
 
 ```bash
-docker-compose --env-file ./.env -f docker/docker-compose.build.yml build
-docker-compose --env-file ./.env -f docker/docker-compose.build.yml up -d
+docker compose -f docker/docker-compose.build.yml build
+docker compose -f docker/docker-compose.build.yml up -d
 ```
 
 #### Setup
@@ -134,62 +137,27 @@ docker-compose --env-file ./.env -f docker/docker-compose.build.yml up -d
 
 #### Upgrade Version
 
-1. Increase the version of the `ghostfolio/ghostfolio` Docker image in `docker/docker-compose.yml`
-1. Run the following command to start the new Docker image: `docker-compose --env-file ./.env -f docker/docker-compose.yml up -d`  
-   At each start, the container will automatically apply the database schema migrations if needed.
+1. Update the _Ghostfolio_ Docker image
+
+   - Increase the version of the `ghostfolio/ghostfolio` Docker image in `docker/docker-compose.yml`
+   - Run the following command if `ghostfolio:latest` is set:
+     ```bash
+     docker compose -f docker/docker-compose.yml pull
+     ```
+
+1. Run the following command to start the new Docker image:
+   ```bash
+   docker compose -f docker/docker-compose.yml up -d
+   ```
+   The container will automatically apply any required database schema migrations during startup.
 
 ### Home Server Systems (Community)
 
-Ghostfolio is available for various home server systems, including [Runtipi](https://www.runtipi.io/docs/apps-available), [TrueCharts](https://truecharts.org/charts/stable/ghostfolio), [Umbrel](https://apps.umbrel.com/app/ghostfolio), and [Unraid](https://unraid.net/community/apps?q=ghostfolio).
+Ghostfolio is available for various home server systems, including [CasaOS](https://github.com/bigbeartechworld/big-bear-casaos), [Home Assistant](https://github.com/lildude/ha-addon-ghostfolio), [Runtipi](https://www.runtipi.io/docs/apps-available), [TrueCharts](https://truecharts.org/charts/stable/ghostfolio), [Umbrel](https://apps.umbrel.com/app/ghostfolio), and [Unraid](https://unraid.net/community/apps?q=ghostfolio).
 
 ## Development
 
-### Prerequisites
-
-- [Docker](https://www.docker.com/products/docker-desktop)
-- [Node.js](https://nodejs.org/en/download) (version 18+)
-- [Yarn](https://yarnpkg.com/en/docs/install)
-- Create a local copy of this Git repository (clone)
-- Copy the file `.env.example` to `.env` and populate it with your data (`cp .env.example .env`)
-
-### Setup
-
-1. Run `yarn install`
-1. Run `docker-compose --env-file ./.env -f docker/docker-compose.dev.yml up -d` to start [PostgreSQL](https://www.postgresql.org) and [Redis](https://redis.io)
-1. Run `yarn database:setup` to initialize the database schema
-1. Start the server and the client (see [_Development_](#Development))
-1. Open http://localhost:4200/en in your browser
-1. Create a new user via _Get Started_ (this first user will get the role `ADMIN`)
-
-### Start Server
-
-#### Debug
-
-Run `yarn watch:server` and click _Launch Program_ in [Visual Studio Code](https://code.visualstudio.com)
-
-#### Serve
-
-Run `yarn start:server`
-
-### Start Client
-
-Run `yarn start:client` and open http://localhost:4200/en in your browser
-
-### Start _Storybook_
-
-Run `yarn start:storybook`
-
-### Migrate Database
-
-With the following command you can keep your database schema in sync:
-
-```bash
-yarn database:push
-```
-
-## Testing
-
-Run `yarn test`
+For detailed information on the environment setup and development process, please refer to [DEVELOPMENT.md](./DEVELOPMENT.md).
 
 ## Public API
 
@@ -201,12 +169,36 @@ Set the header for each request as follows:
 "Authorization": "Bearer eyJh..."
 ```
 
-You can get the _Bearer Token_ via `POST http://localhost:3333/api/v1/auth/anonymous` (Body: `{ accessToken: <INSERT_SECURITY_TOKEN_OF_ACCOUNT> }`)
+You can get the _Bearer Token_ via `POST http://localhost:3333/api/v1/auth/anonymous` (Body: `{ "accessToken": "<INSERT_SECURITY_TOKEN_OF_ACCOUNT>" }`)
 
 Deprecated: `GET http://localhost:3333/api/v1/auth/anonymous/<INSERT_SECURITY_TOKEN_OF_ACCOUNT>` or `curl -s http://localhost:3333/api/v1/auth/anonymous/<INSERT_SECURITY_TOKEN_OF_ACCOUNT>`.
 
+### Health Check (experimental)
+
+#### Request
+
+`GET http://localhost:3333/api/v1/health`
+
+**Info:** No Bearer Token is required for health check
+
+#### Response
+
+##### Success
+
+`200 OK`
+
+```
+{
+  "status": "OK"
+}
+```
+
 ### Import Activities
 
+#### Prerequisites
+
+[Bearer Token](#authorization-bearer-token) for authorization
+
 #### Request
 
 `POST http://localhost:3333/api/v1/import`
@@ -231,17 +223,17 @@ Deprecated: `GET http://localhost:3333/api/v1/auth/anonymous/<INSERT_SECURITY_TO
 ```
 
 | Field        | Type                | Description                                                                   |
-| ---------- | ------------------- | ----------------------------------------------------------------------------- |
-| accountId  | string (`optional`) | Id of the account                                                             |
-| comment    | string (`optional`) | Comment of the activity                                                       |
-| currency   | string              | `CHF` \| `EUR` \| `USD` etc.                                                  |
-| dataSource | string              | `COINGECKO` \| `MANUAL` (for type `ITEM`) \| `YAHOO`                          |
-| date       | string              | Date in the format `ISO-8601`                                                 |
-| fee        | number              | Fee of the activity                                                           |
-| quantity   | number              | Quantity of the activity                                                      |
-| symbol     | string              | Symbol of the activity (suitable for `dataSource`)                            |
-| type       | string              | `BUY` \| `DIVIDEND` \| `FEE` \| `INTEREST` \| `ITEM` \| `LIABILITY` \| `SELL` |
-| unitPrice  | number              | Price per unit of the activity                                                |
+| ------------ | ------------------- | ----------------------------------------------------------------------------- |
+| `accountId`  | `string` (optional) | Id of the account                                                             |
+| `comment`    | `string` (optional) | Comment of the activity                                                       |
+| `currency`   | `string`            | `CHF` \| `EUR` \| `USD` etc.                                                  |
+| `dataSource` | `string`            | `COINGECKO` \| `MANUAL` (for type `ITEM`) \| `YAHOO`                          |
+| `date`       | `string`            | Date in the format `ISO-8601`                                                 |
+| `fee`        | `number`            | Fee of the activity                                                           |
+| `quantity`   | `number`            | Quantity of the activity                                                      |
+| `symbol`     | `string`            | Symbol of the activity (suitable for `dataSource`)                            |
+| `type`       | `string`            | `BUY` \| `DIVIDEND` \| `FEE` \| `INTEREST` \| `ITEM` \| `LIABILITY` \| `SELL` |
+| `unitPrice`  | `number`            | Price per unit of the activity                                                |
 
 #### Response
 
@@ -262,6 +254,38 @@ Deprecated: `GET http://localhost:3333/api/v1/auth/anonymous/<INSERT_SECURITY_TO
 }
 ```
 
+### Portfolio (experimental)
+
+#### Prerequisites
+
+Grant access of type _Public_ in the _Access_ tab of _My Ghostfolio_.
+
+#### Request
+
+`GET http://localhost:3333/api/v1/public/<INSERT_ACCESS_ID>/portfolio`
+
+**Info:** No Bearer Token is required for authorization
+
+#### Response
+
+##### Success
+
+```
+{
+  "performance": {
+    "1d": {
+      "relativeChange": 0 // normalized from -1 to 1
+    };
+    "ytd": {
+      "relativeChange": 0 // normalized from -1 to 1
+    },
+    "max": {
+      "relativeChange": 0 // normalized from -1 to 1
+    }
+  }
+}
+```
+
 ## Community Projects
 
 Discover a variety of community projects for Ghostfolio: https://github.com/topics/ghostfolio
@@ -272,12 +296,16 @@ Are you building your own project? Add the `ghostfolio` topic to your _GitHub_ r
 
 Ghostfolio is **100% free** and **open source**. We encourage and support an active and healthy community that accepts contributions from the public - including you.
 
-Not sure what to work on? We have got some ideas. Please join the Ghostfolio [Slack](https://join.slack.com/t/ghostfolio/shared_invite/zt-vsaan64h-F_I0fEo5M0P88lP9ibCxFg) channel or post to [@ghostfolio\_](https://twitter.com/ghostfolio_) on _X_. We would love to hear from you.
+Not sure what to work on? We have [some ideas](https://github.com/ghostfolio/ghostfolio/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22), even for [newcomers](https://github.com/ghostfolio/ghostfolio/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22). Please join the Ghostfolio [Slack](https://join.slack.com/t/ghostfolio/shared_invite/zt-vsaan64h-F_I0fEo5M0P88lP9ibCxFg) channel or post to [@ghostfolio\_](https://x.com/ghostfolio_) on _X_. We would love to hear from you.
 
 If you like to support this project, get [**Ghostfolio Premium**](https://ghostfol.io/en/pricing) or [**Buy me a coffee**](https://www.buymeacoffee.com/ghostfolio).
 
+## Analytics
+
+![Alt](https://repobeats.axiom.co/api/embed/281a80b2d0c4af1162866c24c803f1f18e5ed60e.svg 'Repobeats analytics image')
+
 ## License
 
-© 2021 - 2023 [Ghostfolio](https://ghostfol.io)
+© 2021 - 2025 [Ghostfolio](https://ghostfol.io)
 
 Licensed under the [AGPLv3 License](https://www.gnu.org/licenses/agpl-3.0.html).

SECURITY.md

@@ -0,0 +1,13 @@
+# Security Policy
+
+## Reporting Security Issues
+
+If you discover a security vulnerability in this repository, please report it to security[at]ghostfol.io. We will acknowledge your report and provide guidance on the next steps.
+
+To help us resolve the issue, please include the following details:
+
+- A description of the vulnerability
+- Steps to reproduce the vulnerability
+- Affected versions of the software
+
+We appreciate your responsible disclosure and will work to address the issue promptly.

apps/api/.eslintrc.json

@@ -1,22 +0,0 @@
-{
-  "extends": "../../.eslintrc.json",
-  "ignorePatterns": ["!**/*"],
-  "rules": {},
-  "overrides": [
-    {
-      "files": ["*.ts", "*.tsx", "*.js", "*.jsx"],
-      "parserOptions": {
-        "project": ["apps/api/tsconfig.*?.json"]
-      },
-      "rules": {}
-    },
-    {
-      "files": ["*.ts", "*.tsx"],
-      "rules": {}
-    },
-    {
-      "files": ["*.js", "*.jsx"],
-      "rules": {}
-    }
-  ]
-}

apps/api/eslint.config.cjs

@@ -0,0 +1,31 @@
+const baseConfig = require('../../eslint.config.cjs');
+
+module.exports = [
+  {
+    ignores: ['**/dist']
+  },
+  ...baseConfig,
+  {
+    rules: {}
+  },
+  {
+    files: ['**/*.ts', '**/*.tsx', '**/*.js', '**/*.jsx'],
+    // Override or add rules here
+    rules: {},
+    languageOptions: {
+      parserOptions: {
+        project: ['apps/api/tsconfig.*?.json']
+      }
+    }
+  },
+  {
+    files: ['**/*.ts', '**/*.tsx'],
+    // Override or add rules here
+    rules: {}
+  },
+  {
+    files: ['**/*.js', '**/*.jsx'],
+    // Override or add rules here
+    rules: {}
+  }
+];

apps/api/jest.config.ts

@@ -13,7 +13,6 @@ export default {
   },
   moduleFileExtensions: ['ts', 'js', 'html'],
   coverageDirectory: '../../coverage/apps/api',
-  testTimeout: 10000,
   testEnvironment: 'node',
   preset: '../../jest.preset.js'
 };

apps/api/project.json

@@ -7,14 +7,16 @@
   "generators": {},
   "targets": {
     "build": {
-      "executor": "@nrwl/webpack:webpack",
+      "executor": "@nx/webpack:webpack",
       "options": {
-        "outputPath": "dist/apps/api",
+        "compiler": "tsc",
+        "deleteOutputPath": false,
         "main": "apps/api/src/main.ts",
-        "tsConfig": "apps/api/tsconfig.app.json",
-        "assets": ["apps/api/src/assets"],
+        "outputPath": "dist/apps/api",
+        "sourceMap": true,
         "target": "node",
-        "compiler": "tsc"
+        "tsConfig": "apps/api/tsconfig.app.json",
+        "webpackConfig": "apps/api/webpack.config.js"
       },
       "configurations": {
         "production": {
@@ -32,6 +34,26 @@
       },
       "outputs": ["{options.outputPath}"]
     },
+    "copy-assets": {
+      "executor": "nx:run-commands",
+      "options": {
+        "commands": [
+          {
+            "command": "shx rm -rf dist/apps/api"
+          },
+          {
+            "command": "shx mkdir -p dist/apps/api/assets/locales"
+          },
+          {
+            "command": "shx cp -r apps/api/src/assets/* dist/apps/api/assets"
+          },
+          {
+            "command": "shx cp -r apps/client/src/locales/* dist/apps/api/assets/locales"
+          }
+        ],
+        "parallel": false
+      }
+    },
     "serve": {
       "executor": "@nx/js:node",
       "options": {
@@ -39,7 +61,7 @@
       }
     },
     "lint": {
-      "executor": "@nrwl/linter:eslint",
+      "executor": "@nx/eslint:lint",
       "options": {
         "lintFilePatterns": ["apps/api/**/*.ts"]
       }

apps/api/src/app/access/access.controller.ts

@@ -1,6 +1,10 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { Access } from '@ghostfolio/common/interfaces';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
+import { permissions } from '@ghostfolio/common/permissions';
 import type { RequestWithUser } from '@ghostfolio/common/types';
+
 import {
   Body,
   Controller,
@@ -17,7 +21,6 @@ import { AuthGuard } from '@nestjs/passport';
 import { Access as AccessModel } from '@prisma/client';
 import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 
-import { AccessModule } from './access.module';
 import { AccessService } from './access.service';
 import { CreateAccessDto } from './create-access.dto';
 
@@ -25,46 +28,53 @@ import { CreateAccessDto } from './create-access.dto';
 export class AccessController {
   public constructor(
     private readonly accessService: AccessService,
+    private readonly configurationService: ConfigurationService,
     @Inject(REQUEST) private readonly request: RequestWithUser
   ) {}
 
   @Get()
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async getAllAccesses(): Promise<Access[]> {
     const accessesWithGranteeUser = await this.accessService.accesses({
       include: {
-        GranteeUser: true
+        granteeUser: true
       },
       orderBy: { granteeUserId: 'asc' },
       where: { userId: this.request.user.id }
     });
 
-    return accessesWithGranteeUser.map((access) => {
-      if (access.GranteeUser) {
+    return accessesWithGranteeUser.map(
+      ({ alias, granteeUser, id, permissions }) => {
+        if (granteeUser) {
           return {
-          alias: access.alias,
-          grantee: access.GranteeUser?.id,
-          id: access.id,
-          type: 'RESTRICTED_VIEW'
+            alias,
+            id,
+            permissions,
+            grantee: granteeUser?.id,
+            type: 'PRIVATE'
           };
         }
 
         return {
-        alias: access.alias,
+          alias,
+          id,
+          permissions,
           grantee: 'Public',
-        id: access.id,
           type: 'PUBLIC'
         };
-    });
+      }
+    );
   }
 
+  @HasPermission(permissions.createAccess)
   @Post()
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async createAccess(
     @Body() data: CreateAccessDto
   ): Promise<AccessModel> {
     if (
-      !hasPermission(this.request.user.permissions, permissions.createAccess)
+      this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION') &&
+      this.request.user.subscription.type === 'Basic'
     ) {
       throw new HttpException(
         getReasonPhrase(StatusCodes.FORBIDDEN),
@@ -72,25 +82,30 @@ export class AccessController {
       );
     }
 
+    try {
       return this.accessService.createAccess({
         alias: data.alias || undefined,
-      GranteeUser: data.granteeUserId
+        granteeUser: data.granteeUserId
           ? { connect: { id: data.granteeUserId } }
           : undefined,
-      User: { connect: { id: this.request.user.id } }
+        permissions: data.permissions,
+        user: { connect: { id: this.request.user.id } }
       });
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.BAD_REQUEST),
+        StatusCodes.BAD_REQUEST
+      );
+    }
   }
 
   @Delete(':id')
-  @UseGuards(AuthGuard('jwt'))
-  public async deleteAccess(@Param('id') id: string): Promise<AccessModule> {
+  @HasPermission(permissions.deleteAccess)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async deleteAccess(@Param('id') id: string): Promise<AccessModel> {
     const access = await this.accessService.access({ id });
 
-    if (
-      !hasPermission(this.request.user.permissions, permissions.deleteAccess) ||
-      !access ||
-      access.userId !== this.request.user.id
-    ) {
+    if (!access || access.userId !== this.request.user.id) {
       throw new HttpException(
         getReasonPhrase(StatusCodes.FORBIDDEN),
         StatusCodes.FORBIDDEN

apps/api/src/app/access/access.module.ts

@@ -1,4 +1,6 @@
+import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+
 import { Module } from '@nestjs/common';
 
 import { AccessController } from './access.controller';
@@ -7,7 +9,7 @@ import { AccessService } from './access.service';
 @Module({
   controllers: [AccessController],
   exports: [AccessService],
-  imports: [PrismaModule],
+  imports: [ConfigurationModule, PrismaModule],
   providers: [AccessService]
 })
 export class AccessModule {}

apps/api/src/app/access/access.service.ts

@@ -1,5 +1,6 @@
 import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
 import { AccessWithGranteeUser } from '@ghostfolio/common/types';
+
 import { Injectable } from '@nestjs/common';
 import { Access, Prisma } from '@prisma/client';
 
@@ -12,7 +13,7 @@ export class AccessService {
   ): Promise<AccessWithGranteeUser | null> {
     return this.prismaService.access.findFirst({
       include: {
-        GranteeUser: true
+        granteeUser: true
       },
       where: accessWhereInput
     });

apps/api/src/app/access/create-access.dto.ts

@@ -1,4 +1,5 @@
-import { IsOptional, IsString } from 'class-validator';
+import { AccessPermission } from '@prisma/client';
+import { IsEnum, IsOptional, IsString, IsUUID } from 'class-validator';
 
 export class CreateAccessDto {
   @IsOptional()
@@ -6,10 +7,10 @@ export class CreateAccessDto {
   alias?: string;
 
   @IsOptional()
-  @IsString()
+  @IsUUID()
   granteeUserId?: string;
 
+  @IsEnum(AccessPermission, { each: true })
   @IsOptional()
-  @IsString()
-  type?: 'PUBLIC';
+  permissions?: AccessPermission[];
 }

apps/api/src/app/account-balance/account-balance.controller.ts

@@ -1,6 +1,13 @@
+import { AccountService } from '@ghostfolio/api/app/account/account.service';
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { permissions } from '@ghostfolio/common/permissions';
 import type { RequestWithUser } from '@ghostfolio/common/types';
+
 import {
   Controller,
+  Body,
+  Post,
   Delete,
   HttpException,
   Inject,
@@ -8,36 +15,61 @@ import {
   UseGuards
 } from '@nestjs/common';
 import { REQUEST } from '@nestjs/core';
-import { AccountBalanceService } from './account-balance.service';
 import { AuthGuard } from '@nestjs/passport';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
-import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { AccountBalance } from '@prisma/client';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
+
+import { AccountBalanceService } from './account-balance.service';
+import { CreateAccountBalanceDto } from './create-account-balance.dto';
 
 @Controller('account-balance')
 export class AccountBalanceController {
   public constructor(
     private readonly accountBalanceService: AccountBalanceService,
+    private readonly accountService: AccountService,
     @Inject(REQUEST) private readonly request: RequestWithUser
   ) {}
 
+  @HasPermission(permissions.createAccountBalance)
+  @Post()
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async createAccountBalance(
+    @Body() data: CreateAccountBalanceDto
+  ): Promise<AccountBalance> {
+    const account = await this.accountService.account({
+      id_userId: {
+        id: data.accountId,
+        userId: this.request.user.id
+      }
+    });
+
+    if (!account) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.FORBIDDEN),
+        StatusCodes.FORBIDDEN
+      );
+    }
+
+    return this.accountBalanceService.createOrUpdateAccountBalance({
+      accountId: account.id,
+      balance: data.balance,
+      date: data.date,
+      userId: account.userId
+    });
+  }
+
+  @HasPermission(permissions.deleteAccountBalance)
   @Delete(':id')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async deleteAccountBalance(
     @Param('id') id: string
   ): Promise<AccountBalance> {
     const accountBalance = await this.accountBalanceService.accountBalance({
-      id
+      id,
+      userId: this.request.user.id
     });
 
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.deleteAccountBalance
-      ) ||
-      !accountBalance ||
-      accountBalance.userId !== this.request.user.id
-    ) {
+    if (!accountBalance) {
       throw new HttpException(
         getReasonPhrase(StatusCodes.FORBIDDEN),
         StatusCodes.FORBIDDEN
@@ -45,7 +77,8 @@ export class AccountBalanceController {
     }
 
     return this.accountBalanceService.deleteAccountBalance({
-      id
+      id: accountBalance.id,
+      userId: accountBalance.userId
     });
   }
 }

apps/api/src/app/account-balance/account-balance.module.ts

@@ -1,5 +1,7 @@
+import { AccountService } from '@ghostfolio/api/app/account/account.service';
 import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+
 import { Module } from '@nestjs/common';
 
 import { AccountBalanceController } from './account-balance.controller';
@@ -9,6 +11,6 @@ import { AccountBalanceService } from './account-balance.service';
   controllers: [AccountBalanceController],
   exports: [AccountBalanceService],
   imports: [ExchangeRateDataModule, PrismaModule],
-  providers: [AccountBalanceService]
+  providers: [AccountBalanceService, AccountService]
 })
 export class AccountBalanceModule {}

apps/api/src/app/account-balance/account-balance.service.ts

@@ -1,13 +1,26 @@
+import { PortfolioChangedEvent } from '@ghostfolio/api/events/portfolio-changed.event';
+import { LogPerformance } from '@ghostfolio/api/interceptors/performance-logging/performance-logging.interceptor';
 import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.service';
 import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
-import { AccountBalancesResponse, Filter } from '@ghostfolio/common/interfaces';
-import { UserWithSettings } from '@ghostfolio/common/types';
+import { DATE_FORMAT, getSum, resetHours } from '@ghostfolio/common/helper';
+import {
+  AccountBalancesResponse,
+  Filter,
+  HistoricalDataItem
+} from '@ghostfolio/common/interfaces';
+
 import { Injectable } from '@nestjs/common';
+import { EventEmitter2 } from '@nestjs/event-emitter';
 import { AccountBalance, Prisma } from '@prisma/client';
+import { Big } from 'big.js';
+import { format, parseISO } from 'date-fns';
+
+import { CreateAccountBalanceDto } from './create-account-balance.dto';
 
 @Injectable()
 export class AccountBalanceService {
   public constructor(
+    private readonly eventEmitter: EventEmitter2,
     private readonly exchangeRateDataService: ExchangeRateDataService,
     private readonly prismaService: PrismaService
   ) {}
@@ -17,38 +30,120 @@ export class AccountBalanceService {
   ): Promise<AccountBalance | null> {
     return this.prismaService.accountBalance.findFirst({
       include: {
-        Account: true
+        account: true
       },
       where: accountBalanceWhereInput
     });
   }
 
-  public async createAccountBalance(
-    data: Prisma.AccountBalanceCreateInput
-  ): Promise<AccountBalance> {
-    return this.prismaService.accountBalance.create({
-      data
+  public async createOrUpdateAccountBalance({
+    accountId,
+    balance,
+    date,
+    userId
+  }: CreateAccountBalanceDto & {
+    userId: string;
+  }): Promise<AccountBalance> {
+    const accountBalance = await this.prismaService.accountBalance.upsert({
+      create: {
+        account: {
+          connect: {
+            id_userId: {
+              userId,
+              id: accountId
+            }
+          }
+        },
+        date: resetHours(parseISO(date)),
+        value: balance
+      },
+      update: {
+        value: balance
+      },
+      where: {
+        accountId_date: {
+          accountId,
+          date: resetHours(parseISO(date))
+        }
+      }
     });
+
+    this.eventEmitter.emit(
+      PortfolioChangedEvent.getName(),
+      new PortfolioChangedEvent({
+        userId
+      })
+    );
+
+    return accountBalance;
   }
 
   public async deleteAccountBalance(
     where: Prisma.AccountBalanceWhereUniqueInput
   ): Promise<AccountBalance> {
-    return this.prismaService.accountBalance.delete({
+    const accountBalance = await this.prismaService.accountBalance.delete({
       where
     });
+
+    this.eventEmitter.emit(
+      PortfolioChangedEvent.getName(),
+      new PortfolioChangedEvent({
+        userId: where.userId as string
+      })
+    );
+
+    return accountBalance;
   }
 
+  public async getAccountBalanceItems({
+    filters,
+    userCurrency,
+    userId
+  }: {
+    filters?: Filter[];
+    userCurrency: string;
+    userId: string;
+  }): Promise<HistoricalDataItem[]> {
+    const { balances } = await this.getAccountBalances({
+      filters,
+      userCurrency,
+      userId,
+      withExcludedAccounts: false // TODO
+    });
+    const accumulatedBalancesByDate: { [date: string]: HistoricalDataItem } =
+      {};
+    const lastBalancesByAccount: { [accountId: string]: Big } = {};
+
+    for (const { accountId, date, valueInBaseCurrency } of balances) {
+      const formattedDate = format(date, DATE_FORMAT);
+
+      lastBalancesByAccount[accountId] = new Big(valueInBaseCurrency);
+
+      const totalBalance = getSum(Object.values(lastBalancesByAccount));
+
+      // Add or update the accumulated balance for this date
+      accumulatedBalancesByDate[formattedDate] = {
+        date: formattedDate,
+        value: totalBalance.toNumber()
+      };
+    }
+
+    return Object.values(accumulatedBalancesByDate);
+  }
+
+  @LogPerformance
   public async getAccountBalances({
     filters,
-    user,
+    userCurrency,
+    userId,
     withExcludedAccounts
   }: {
     filters?: Filter[];
-    user: UserWithSettings;
+    userCurrency: string;
+    userId: string;
     withExcludedAccounts?: boolean;
   }): Promise<AccountBalancesResponse> {
-    const where: Prisma.AccountBalanceWhereInput = { userId: user.id };
+    const where: Prisma.AccountBalanceWhereInput = { userId };
 
     const accountFilter = filters?.find(({ type }) => {
       return type === 'ACCOUNT';
@@ -59,7 +154,7 @@ export class AccountBalanceService {
     }
 
     if (withExcludedAccounts === false) {
-      where.Account = { isExcluded: false };
+      where.account = { isExcluded: false };
     }
 
     const balances = await this.prismaService.accountBalance.findMany({
@@ -68,7 +163,7 @@ export class AccountBalanceService {
         date: 'asc'
       },
       select: {
-        Account: true,
+        account: true,
         date: true,
         id: true,
         value: true
@@ -79,10 +174,11 @@ export class AccountBalanceService {
       balances: balances.map((balance) => {
         return {
           ...balance,
+          accountId: balance.account.id,
           valueInBaseCurrency: this.exchangeRateDataService.toCurrency(
             balance.value,
-            balance.Account.currency,
-            user.Settings.settings.baseCurrency
+            balance.account.currency,
+            userCurrency
           )
         };
       })

apps/api/src/app/account-balance/create-account-balance.dto.ts

@@ -0,0 +1,12 @@
+import { IsISO8601, IsNumber, IsUUID } from 'class-validator';
+
+export class CreateAccountBalanceDto {
+  @IsUUID()
+  accountId: string;
+
+  @IsNumber()
+  balance: number;
+
+  @IsISO8601()
+  date: string;
+}

apps/api/src/app/account/account.controller.ts

@@ -1,17 +1,22 @@
 import { AccountBalanceService } from '@ghostfolio/api/app/account-balance/account-balance.service';
 import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
-import { RedactValuesInResponseInterceptor } from '@ghostfolio/api/interceptors/redact-values-in-response.interceptor';
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { RedactValuesInResponseInterceptor } from '@ghostfolio/api/interceptors/redact-values-in-response/redact-values-in-response.interceptor';
+import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor';
+import { ApiService } from '@ghostfolio/api/services/api/api.service';
 import { ImpersonationService } from '@ghostfolio/api/services/impersonation/impersonation.service';
 import { HEADER_KEY_IMPERSONATION } from '@ghostfolio/common/config';
 import {
   AccountBalancesResponse,
-  Accounts
+  AccountsResponse
 } from '@ghostfolio/common/interfaces';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
+import { permissions } from '@ghostfolio/common/permissions';
 import type {
   AccountWithValue,
   RequestWithUser
 } from '@ghostfolio/common/types';
+
 import {
   Body,
   Controller,
@@ -23,6 +28,7 @@ import {
   Param,
   Post,
   Put,
+  Query,
   UseGuards,
   UseInterceptors
 } from '@nestjs/common';
@@ -41,71 +47,70 @@ export class AccountController {
   public constructor(
     private readonly accountBalanceService: AccountBalanceService,
     private readonly accountService: AccountService,
+    private readonly apiService: ApiService,
     private readonly impersonationService: ImpersonationService,
     private readonly portfolioService: PortfolioService,
     @Inject(REQUEST) private readonly request: RequestWithUser
   ) {}
 
   @Delete(':id')
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.deleteAccount)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async deleteAccount(@Param('id') id: string): Promise<AccountModel> {
-    if (
-      !hasPermission(this.request.user.permissions, permissions.deleteAccount)
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const account = await this.accountService.accountWithOrders(
+    const account = await this.accountService.accountWithActivities(
       {
         id_userId: {
           id,
           userId: this.request.user.id
         }
       },
-      { Order: true }
+      { activities: true }
     );
 
-    if (account?.isDefault || account?.Order.length > 0) {
+    if (!account || account?.activities.length > 0) {
       throw new HttpException(
         getReasonPhrase(StatusCodes.FORBIDDEN),
         StatusCodes.FORBIDDEN
       );
     }
 
-    return this.accountService.deleteAccount(
-      {
+    return this.accountService.deleteAccount({
       id_userId: {
         id,
         userId: this.request.user.id
       }
-      },
-      this.request.user.id
-    );
+    });
   }
 
   @Get()
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   @UseInterceptors(RedactValuesInResponseInterceptor)
+  @UseInterceptors(TransformDataSourceInRequestInterceptor)
   public async getAllAccounts(
-    @Headers(HEADER_KEY_IMPERSONATION.toLowerCase()) impersonationId
-  ): Promise<Accounts> {
+    @Headers(HEADER_KEY_IMPERSONATION.toLowerCase()) impersonationId: string,
+    @Query('dataSource') filterByDataSource?: string,
+    @Query('symbol') filterBySymbol?: string
+  ): Promise<AccountsResponse> {
     const impersonationUserId =
       await this.impersonationService.validateImpersonationId(impersonationId);
 
+    const filters = this.apiService.buildFiltersFromQueryParams({
+      filterByDataSource,
+      filterBySymbol
+    });
+
     return this.portfolioService.getAccountsWithAggregations({
+      filters,
       userId: impersonationUserId || this.request.user.id,
       withExcludedAccounts: true
     });
   }
 
   @Get(':id')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   @UseInterceptors(RedactValuesInResponseInterceptor)
   public async getAccountById(
-    @Headers(HEADER_KEY_IMPERSONATION.toLowerCase()) impersonationId,
+    @Headers(HEADER_KEY_IMPERSONATION.toLowerCase()) impersonationId: string,
     @Param('id') id: string
   ): Promise<AccountWithValue> {
     const impersonationUserId =
@@ -122,31 +127,24 @@ export class AccountController {
   }
 
   @Get(':id/balances')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   @UseInterceptors(RedactValuesInResponseInterceptor)
   public async getAccountBalancesById(
     @Param('id') id: string
   ): Promise<AccountBalancesResponse> {
     return this.accountBalanceService.getAccountBalances({
       filters: [{ id, type: 'ACCOUNT' }],
-      user: this.request.user
+      userCurrency: this.request.user.Settings.settings.baseCurrency,
+      userId: this.request.user.id
     });
   }
 
+  @HasPermission(permissions.createAccount)
   @Post()
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async createAccount(
     @Body() data: CreateAccountDto
   ): Promise<AccountModel> {
-    if (
-      !hasPermission(this.request.user.permissions, permissions.createAccount)
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     if (data.platformId) {
       const platformId = data.platformId;
       delete data.platformId;
@@ -154,8 +152,8 @@ export class AccountController {
       return this.accountService.createAccount(
         {
           ...data,
-          Platform: { connect: { id: platformId } },
-          User: { connect: { id: this.request.user.id } }
+          platform: { connect: { id: platformId } },
+          user: { connect: { id: this.request.user.id } }
         },
         this.request.user.id
       );
@@ -165,27 +163,19 @@ export class AccountController {
       return this.accountService.createAccount(
         {
           ...data,
-          User: { connect: { id: this.request.user.id } }
+          user: { connect: { id: this.request.user.id } }
         },
         this.request.user.id
       );
     }
   }
 
+  @HasPermission(permissions.updateAccount)
   @Post('transfer-balance')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async transferAccountBalance(
     @Body() { accountIdFrom, accountIdTo, balance }: TransferBalanceDto
   ) {
-    if (
-      !hasPermission(this.request.user.permissions, permissions.updateAccount)
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     const accountsOfUser = await this.accountService.getAccounts(
       this.request.user.id
     );
@@ -234,18 +224,10 @@ export class AccountController {
     });
   }
 
+  @HasPermission(permissions.updateAccount)
   @Put(':id')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async update(@Param('id') id: string, @Body() data: UpdateAccountDto) {
-    if (
-      !hasPermission(this.request.user.permissions, permissions.updateAccount)
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     const originalAccount = await this.accountService.account({
       id_userId: {
         id,
@@ -268,8 +250,8 @@ export class AccountController {
         {
           data: {
             ...data,
-            Platform: { connect: { id: platformId } },
-            User: { connect: { id: this.request.user.id } }
+            platform: { connect: { id: platformId } },
+            user: { connect: { id: this.request.user.id } }
           },
           where: {
             id_userId: {
@@ -288,10 +270,10 @@ export class AccountController {
         {
           data: {
             ...data,
-            Platform: originalAccount.platformId
+            platform: originalAccount.platformId
               ? { disconnect: true }
               : undefined,
-            User: { connect: { id: this.request.user.id } }
+            user: { connect: { id: this.request.user.id } }
           },
           where: {
             id_userId: {

apps/api/src/app/account/account.module.ts

@@ -1,12 +1,12 @@
 import { AccountBalanceModule } from '@ghostfolio/api/app/account-balance/account-balance.module';
 import { PortfolioModule } from '@ghostfolio/api/app/portfolio/portfolio.module';
-import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
-import { UserModule } from '@ghostfolio/api/app/user/user.module';
+import { RedactValuesInResponseModule } from '@ghostfolio/api/interceptors/redact-values-in-response/redact-values-in-response.module';
+import { ApiModule } from '@ghostfolio/api/services/api/api.module';
 import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
-import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
 import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
 import { ImpersonationModule } from '@ghostfolio/api/services/impersonation/impersonation.module';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+
 import { Module } from '@nestjs/common';
 
 import { AccountController } from './account.controller';
@@ -17,14 +17,13 @@ import { AccountService } from './account.service';
   exports: [AccountService],
   imports: [
     AccountBalanceModule,
+    ApiModule,
     ConfigurationModule,
-    DataProviderModule,
     ExchangeRateDataModule,
     ImpersonationModule,
     PortfolioModule,
     PrismaModule,
-    RedisCacheModule,
-    UserModule
+    RedactValuesInResponseModule
   ],
   providers: [AccountService]
 })

apps/api/src/app/account/account.service.ts

@@ -1,10 +1,21 @@
 import { AccountBalanceService } from '@ghostfolio/api/app/account-balance/account-balance.service';
+import { PortfolioChangedEvent } from '@ghostfolio/api/events/portfolio-changed.event';
 import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.service';
 import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
+import { DATE_FORMAT } from '@ghostfolio/common/helper';
 import { Filter } from '@ghostfolio/common/interfaces';
+
 import { Injectable } from '@nestjs/common';
-import { Account, Order, Platform, Prisma } from '@prisma/client';
-import Big from 'big.js';
+import { EventEmitter2 } from '@nestjs/event-emitter';
+import {
+  Account,
+  AccountBalance,
+  Order,
+  Platform,
+  Prisma
+} from '@prisma/client';
+import { Big } from 'big.js';
+import { format } from 'date-fns';
 import { groupBy } from 'lodash';
 
 import { CashDetails } from './interfaces/cash-details.interface';
@@ -13,6 +24,7 @@ import { CashDetails } from './interfaces/cash-details.interface';
 export class AccountService {
   public constructor(
     private readonly accountBalanceService: AccountBalanceService,
+    private readonly eventEmitter: EventEmitter2,
     private readonly exchangeRateDataService: ExchangeRateDataService,
     private readonly prismaService: PrismaService
   ) {}
@@ -20,21 +32,19 @@ export class AccountService {
   public async account({
     id_userId
   }: Prisma.AccountWhereUniqueInput): Promise<Account | null> {
-    const { id, userId } = id_userId;
-
     const [account] = await this.accounts({
-      where: { id, userId }
+      where: id_userId
     });
 
     return account;
   }
 
-  public async accountWithOrders(
+  public async accountWithActivities(
     accountWhereUniqueInput: Prisma.AccountWhereUniqueInput,
     accountInclude: Prisma.AccountInclude
   ): Promise<
     Account & {
-      Order?: Order[];
+      activities?: Order[];
     }
   > {
     return this.prismaService.account.findUnique({
@@ -52,13 +62,19 @@ export class AccountService {
     orderBy?: Prisma.AccountOrderByWithRelationInput;
   }): Promise<
     (Account & {
-      Order?: Order[];
-      Platform?: Platform;
+      activities?: Order[];
+      balances?: AccountBalance[];
+      platform?: Platform;
     })[]
   > {
     const { include = {}, skip, take, cursor, where, orderBy } = params;
 
-    include.balances = { orderBy: { date: 'desc' }, take: 1 };
+    const isBalancesIncluded = !!include.balances;
+
+    include.balances = {
+      orderBy: { date: 'desc' },
+      ...(isBalancesIncluded ? {} : { take: 1 })
+    };
 
     const accounts = await this.prismaService.account.findMany({
       cursor,
@@ -72,7 +88,9 @@ export class AccountService {
     return accounts.map((account) => {
       account = { ...account, balance: account.balances[0]?.value ?? 0 };
 
+      if (!isBalancesIncluded) {
         delete account.balances;
+      }
 
       return account;
     });
@@ -86,32 +104,46 @@ export class AccountService {
       data
     });
 
-    await this.prismaService.accountBalance.create({
-      data: {
-        Account: {
-          connect: {
-            id_userId: { id: account.id, userId: aUserId }
-          }
-        },
-        value: data.balance
-      }
+    await this.accountBalanceService.createOrUpdateAccountBalance({
+      accountId: account.id,
+      balance: data.balance,
+      date: format(new Date(), DATE_FORMAT),
+      userId: aUserId
     });
 
+    this.eventEmitter.emit(
+      PortfolioChangedEvent.getName(),
+      new PortfolioChangedEvent({
+        userId: account.userId
+      })
+    );
+
     return account;
   }
 
   public async deleteAccount(
-    where: Prisma.AccountWhereUniqueInput,
-    aUserId: string
+    where: Prisma.AccountWhereUniqueInput
   ): Promise<Account> {
-    return this.prismaService.account.delete({
+    const account = await this.prismaService.account.delete({
       where
     });
+
+    this.eventEmitter.emit(
+      PortfolioChangedEvent.getName(),
+      new PortfolioChangedEvent({
+        userId: account.userId
+      })
+    );
+
+    return account;
   }
 
   public async getAccounts(aUserId: string): Promise<Account[]> {
     const accounts = await this.accounts({
-      include: { Order: true, Platform: true },
+      include: {
+        activities: true,
+        platform: true
+      },
       orderBy: { name: 'asc' },
       where: { userId: aUserId }
     });
@@ -119,15 +151,15 @@ export class AccountService {
     return accounts.map((account) => {
       let transactionCount = 0;
 
-      for (const order of account.Order) {
-        if (!order.isDraft) {
+      for (const { isDraft } of account.activities) {
+        if (!isDraft) {
           transactionCount += 1;
         }
       }
 
       const result = { ...account, transactionCount };
 
-      delete result.Order;
+      delete result.activities;
 
       return result;
     });
@@ -154,12 +186,8 @@ export class AccountService {
       where.isExcluded = false;
     }
 
-    const {
-      ACCOUNT: filtersByAccount,
-      ASSET_CLASS: filtersByAssetClass,
-      TAG: filtersByTag
-    } = groupBy(filters, (filter) => {
-      return filter.type;
+    const { ACCOUNT: filtersByAccount } = groupBy(filters, ({ type }) => {
+      return type;
     });
 
     if (filtersByAccount?.length > 0) {
@@ -197,21 +225,26 @@ export class AccountService {
   ): Promise<Account> {
     const { data, where } = params;
 
-    await this.prismaService.accountBalance.create({
-      data: {
-        Account: {
-          connect: {
-            id_userId: where.id_userId
-          }
-        },
-        value: <number>data.balance
-      }
+    await this.accountBalanceService.createOrUpdateAccountBalance({
+      accountId: data.id as string,
+      balance: data.balance as number,
+      date: format(new Date(), DATE_FORMAT),
+      userId: aUserId
     });
 
-    return this.prismaService.account.update({
+    const account = await this.prismaService.account.update({
       data,
       where
     });
+
+    this.eventEmitter.emit(
+      PortfolioChangedEvent.getName(),
+      new PortfolioChangedEvent({
+        userId: account.userId
+      })
+    );
+
+    return account;
   }
 
   public async updateAccountBalance({
@@ -243,17 +276,11 @@ export class AccountService {
       );
 
     if (amountInCurrencyOfAccount) {
-      await this.accountBalanceService.createAccountBalance({
-        date,
-        Account: {
-          connect: {
-            id_userId: {
+      await this.accountBalanceService.createOrUpdateAccountBalance({
+        accountId,
         userId,
-              id: accountId
-            }
-          }
-        },
-        value: new Big(balance).plus(amountInCurrencyOfAccount).toNumber()
+        balance: new Big(balance).plus(amountInCurrencyOfAccount).toNumber(),
+        date: date.toISOString()
       });
     }
   }

apps/api/src/app/account/create-account.dto.ts

@@ -1,3 +1,5 @@
+import { IsCurrencyCode } from '@ghostfolio/api/validators/is-currency-code';
+
 import { Transform, TransformFnParams } from 'class-transformer';
 import {
   IsBoolean,
@@ -19,7 +21,7 @@ export class CreateAccountDto {
   )
   comment?: string;
 
-  @IsString()
+  @IsCurrencyCode()
   currency: string;
 
   @IsOptional()
@@ -34,6 +36,6 @@ export class CreateAccountDto {
   name: string;
 
   @IsString()
-  @ValidateIf((object, value) => value !== null)
+  @ValidateIf((_object, value) => value !== null)
   platformId: string | null;
 }

apps/api/src/app/account/update-account.dto.ts

@@ -1,3 +1,5 @@
+import { IsCurrencyCode } from '@ghostfolio/api/validators/is-currency-code';
+
 import { Transform, TransformFnParams } from 'class-transformer';
 import {
   IsBoolean,
@@ -19,7 +21,7 @@ export class UpdateAccountDto {
   )
   comment?: string;
 
-  @IsString()
+  @IsCurrencyCode()
   currency: string;
 
   @IsString()
@@ -33,6 +35,6 @@ export class UpdateAccountDto {
   name: string;
 
   @IsString()
-  @ValidateIf((object, value) => value !== null)
+  @ValidateIf((_object, value) => value !== null)
   platformId: string | null;
 }

apps/api/src/app/admin/admin.controller.ts

@@ -1,27 +1,31 @@
-import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor';
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor';
 import { ApiService } from '@ghostfolio/api/services/api/api.service';
-import { DataGatheringService } from '@ghostfolio/api/services/data-gathering/data-gathering.service';
-import { MarketDataService } from '@ghostfolio/api/services/market-data/market-data.service';
+import { ManualService } from '@ghostfolio/api/services/data-provider/manual/manual.service';
+import { DemoService } from '@ghostfolio/api/services/demo/demo.service';
 import { PropertyDto } from '@ghostfolio/api/services/property/property.dto';
+import { DataGatheringService } from '@ghostfolio/api/services/queues/data-gathering/data-gathering.service';
 import {
-  GATHER_ASSET_PROFILE_PROCESS,
-  GATHER_ASSET_PROFILE_PROCESS_OPTIONS
+  DATA_GATHERING_QUEUE_PRIORITY_HIGH,
+  DATA_GATHERING_QUEUE_PRIORITY_MEDIUM,
+  GATHER_ASSET_PROFILE_PROCESS_JOB_NAME,
+  GATHER_ASSET_PROFILE_PROCESS_JOB_OPTIONS
 } from '@ghostfolio/common/config';
-import {
-  getAssetProfileIdentifier,
-  resetHours
-} from '@ghostfolio/common/helper';
+import { getAssetProfileIdentifier } from '@ghostfolio/common/helper';
 import {
   AdminData,
   AdminMarketData,
-  AdminMarketDataDetails,
-  EnhancedSymbolProfile
+  AdminUsers,
+  EnhancedSymbolProfile,
+  ScraperConfiguration
 } from '@ghostfolio/common/interfaces';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
+import { permissions } from '@ghostfolio/common/permissions';
 import type {
   MarketDataPreset,
   RequestWithUser
 } from '@ghostfolio/common/types';
+
 import {
   Body,
   Controller,
@@ -29,6 +33,7 @@ import {
   Get,
   HttpException,
   Inject,
+  Logger,
   Param,
   Patch,
   Post,
@@ -45,8 +50,6 @@ import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 
 import { AdminService } from './admin.service';
 import { UpdateAssetProfileDto } from './update-asset-profile.dto';
-import { UpdateBulkMarketDataDto } from './update-bulk-market-data.dto';
-import { UpdateMarketDataDto } from './update-market-data.dto';
 
 @Controller('admin')
 export class AdminController {
@@ -54,74 +57,51 @@ export class AdminController {
     private readonly adminService: AdminService,
     private readonly apiService: ApiService,
     private readonly dataGatheringService: DataGatheringService,
-    private readonly marketDataService: MarketDataService,
+    private readonly demoService: DemoService,
+    private readonly manualService: ManualService,
     @Inject(REQUEST) private readonly request: RequestWithUser
   ) {}
 
   @Get()
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async getAdminData(): Promise<AdminData> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
+    return this.adminService.get({ user: this.request.user });
   }
 
-    return this.adminService.get();
+  @Get('demo-user/sync')
+  @HasPermission(permissions.syncDemoUserAccount)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async syncDemoUserAccount(): Promise<Prisma.BatchPayload> {
+    return this.demoService.syncDemoUserAccount();
   }
 
+  @HasPermission(permissions.accessAdminControl)
   @Post('gather')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async gather7Days(): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     this.dataGatheringService.gather7Days();
   }
 
+  @HasPermission(permissions.accessAdminControl)
   @Post('gather/max')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async gatherMax(): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const uniqueAssets = await this.dataGatheringService.getUniqueAssets();
+    const assetProfileIdentifiers =
+      await this.dataGatheringService.getAllActiveAssetProfileIdentifiers();
 
     await this.dataGatheringService.addJobsToQueue(
-      uniqueAssets.map(({ dataSource, symbol }) => {
+      assetProfileIdentifiers.map(({ dataSource, symbol }) => {
         return {
           data: {
             dataSource,
             symbol
           },
-          name: GATHER_ASSET_PROFILE_PROCESS,
+          name: GATHER_ASSET_PROFILE_PROCESS_JOB_NAME,
           opts: {
-            ...GATHER_ASSET_PROFILE_PROCESS_OPTIONS,
-            jobId: getAssetProfileIdentifier({ dataSource, symbol })
+            ...GATHER_ASSET_PROFILE_PROCESS_JOB_OPTIONS,
+            jobId: getAssetProfileIdentifier({ dataSource, symbol }),
+            priority: DATA_GATHERING_QUEUE_PRIORITY_MEDIUM
           }
         };
       })
@@ -130,113 +110,72 @@ export class AdminController {
     this.dataGatheringService.gatherMax();
   }
 
+  @HasPermission(permissions.accessAdminControl)
   @Post('gather/profile-data')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async gatherProfileData(): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const uniqueAssets = await this.dataGatheringService.getUniqueAssets();
+    const assetProfileIdentifiers =
+      await this.dataGatheringService.getAllActiveAssetProfileIdentifiers();
 
     await this.dataGatheringService.addJobsToQueue(
-      uniqueAssets.map(({ dataSource, symbol }) => {
+      assetProfileIdentifiers.map(({ dataSource, symbol }) => {
         return {
           data: {
             dataSource,
             symbol
           },
-          name: GATHER_ASSET_PROFILE_PROCESS,
+          name: GATHER_ASSET_PROFILE_PROCESS_JOB_NAME,
           opts: {
-            ...GATHER_ASSET_PROFILE_PROCESS_OPTIONS,
-            jobId: getAssetProfileIdentifier({ dataSource, symbol })
+            ...GATHER_ASSET_PROFILE_PROCESS_JOB_OPTIONS,
+            jobId: getAssetProfileIdentifier({ dataSource, symbol }),
+            priority: DATA_GATHERING_QUEUE_PRIORITY_MEDIUM
           }
         };
       })
     );
   }
 
+  @HasPermission(permissions.accessAdminControl)
   @Post('gather/profile-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async gatherProfileDataForSymbol(
     @Param('dataSource') dataSource: DataSource,
     @Param('symbol') symbol: string
   ): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     await this.dataGatheringService.addJobToQueue({
       data: {
         dataSource,
         symbol
       },
-      name: GATHER_ASSET_PROFILE_PROCESS,
+      name: GATHER_ASSET_PROFILE_PROCESS_JOB_NAME,
       opts: {
-        ...GATHER_ASSET_PROFILE_PROCESS_OPTIONS,
-        jobId: getAssetProfileIdentifier({ dataSource, symbol })
+        ...GATHER_ASSET_PROFILE_PROCESS_JOB_OPTIONS,
+        jobId: getAssetProfileIdentifier({ dataSource, symbol }),
+        priority: DATA_GATHERING_QUEUE_PRIORITY_HIGH
       }
     });
   }
 
   @Post('gather/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  @HasPermission(permissions.accessAdminControl)
   public async gatherSymbol(
     @Param('dataSource') dataSource: DataSource,
     @Param('symbol') symbol: string
   ): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     this.dataGatheringService.gatherSymbol({ dataSource, symbol });
 
     return;
   }
 
+  @HasPermission(permissions.accessAdminControl)
   @Post('gather/:dataSource/:symbol/:dateString')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async gatherSymbolForDate(
     @Param('dataSource') dataSource: DataSource,
     @Param('dateString') dateString: string,
     @Param('symbol') symbol: string
   ): Promise<MarketData> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     const date = parseISO(dateString);
 
     if (!isDate(date)) {
@@ -254,7 +193,8 @@ export class AdminController {
   }
 
   @Get('market-data')
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async getMarketData(
     @Query('assetSubClasses') filterByAssetSubClasses?: string,
     @Query('presetId') presetId?: MarketDataPreset,
@@ -264,18 +204,6 @@ export class AdminController {
     @Query('sortDirection') sortDirection?: Prisma.SortOrder,
     @Query('take') take?: number
   ): Promise<AdminMarketData> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     const filters = this.apiService.buildFiltersFromQueryParams({
       filterByAssetSubClasses,
       filterBySearchQuery
@@ -291,116 +219,39 @@ export class AdminController {
     });
   }
 
-  @Get('market-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
-  public async getMarketDataBySymbol(
+  @HasPermission(permissions.accessAdminControl)
+  @Post('market-data/:dataSource/:symbol/test')
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async testMarketData(
+    @Body() data: { scraperConfiguration: ScraperConfiguration },
     @Param('dataSource') dataSource: DataSource,
     @Param('symbol') symbol: string
-  ): Promise<AdminMarketDataDetails> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
+  ): Promise<{ price: number }> {
+    try {
+      const price = await this.manualService.test(data.scraperConfiguration);
+
+      if (price) {
+        return { price };
+      }
+
+      throw new Error(
+        `Could not parse the current market price for ${symbol} (${dataSource})`
       );
-    }
+    } catch (error) {
+      Logger.error(error, 'AdminController');
 
-    return this.adminService.getMarketDataBySymbol({ dataSource, symbol });
-  }
-
-  @Post('market-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
-  public async updateMarketData(
-    @Body() data: UpdateBulkMarketDataDto,
-    @Param('dataSource') dataSource: DataSource,
-    @Param('symbol') symbol: string
-  ) {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const dataBulkUpdate: Prisma.MarketDataUpdateInput[] = data.marketData.map(
-      ({ date, marketPrice }) => ({
-        dataSource,
-        marketPrice,
-        symbol,
-        date: resetHours(parseISO(date)),
-        state: 'CLOSE'
-      })
-    );
-
-    return this.marketDataService.updateMany({
-      data: dataBulkUpdate
-    });
-  }
-
-  /**
-   * @deprecated
-   */
-  @Put('market-data/:dataSource/:symbol/:dateString')
-  @UseGuards(AuthGuard('jwt'))
-  public async update(
-    @Param('dataSource') dataSource: DataSource,
-    @Param('dateString') dateString: string,
-    @Param('symbol') symbol: string,
-    @Body() data: UpdateMarketDataDto
-  ) {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const date = parseISO(dateString);
-
-    return this.marketDataService.updateMarketData({
-      data: { marketPrice: data.marketPrice, state: 'CLOSE' },
-      where: {
-        dataSource_date_symbol: {
-          dataSource,
-          date,
-          symbol
+      throw new HttpException(error.message, StatusCodes.BAD_REQUEST);
     }
   }
-    });
-  }
 
+  @HasPermission(permissions.accessAdminControl)
   @Post('profile-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   @UseInterceptors(TransformDataSourceInRequestInterceptor)
   public async addProfileData(
     @Param('dataSource') dataSource: DataSource,
     @Param('symbol') symbol: string
   ): Promise<SymbolProfile | never> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
     return this.adminService.addAssetProfile({
       dataSource,
       symbol,
@@ -409,70 +260,49 @@ export class AdminController {
   }
 
   @Delete('profile-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async deleteProfileData(
     @Param('dataSource') dataSource: DataSource,
     @Param('symbol') symbol: string
   ): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     return this.adminService.deleteProfileData({ dataSource, symbol });
   }
 
+  @HasPermission(permissions.accessAdminControl)
   @Patch('profile-data/:dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async patchAssetProfileData(
-    @Body() assetProfileData: UpdateAssetProfileDto,
+    @Body() assetProfile: UpdateAssetProfileDto,
     @Param('dataSource') dataSource: DataSource,
     @Param('symbol') symbol: string
   ): Promise<EnhancedSymbolProfile> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
+    return this.adminService.patchAssetProfileData(
+      { dataSource, symbol },
+      assetProfile
     );
   }
 
-    return this.adminService.patchAssetProfileData({
-      ...assetProfileData,
-      dataSource,
-      symbol
-    });
-  }
-
+  @HasPermission(permissions.accessAdminControl)
   @Put('settings/:key')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async updateProperty(
     @Param('key') key: string,
     @Body() data: PropertyDto
   ) {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
+    return this.adminService.putSetting(key, data.value);
   }
 
-    return await this.adminService.putSetting(key, data.value);
+  @Get('user')
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async getUsers(
+    @Query('skip') skip?: number,
+    @Query('take') take?: number
+  ): Promise<AdminUsers> {
+    return this.adminService.getUsers({
+      skip: isNaN(skip) ? undefined : skip,
+      take: isNaN(take) ? undefined : take
+    });
   }
 }

apps/api/src/app/admin/admin.module.ts

@@ -1,13 +1,17 @@
-import { SubscriptionModule } from '@ghostfolio/api/app/subscription/subscription.module';
+import { OrderModule } from '@ghostfolio/api/app/order/order.module';
+import { TransformDataSourceInRequestModule } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.module';
 import { ApiModule } from '@ghostfolio/api/services/api/api.module';
+import { BenchmarkModule } from '@ghostfolio/api/services/benchmark/benchmark.module';
 import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
-import { DataGatheringModule } from '@ghostfolio/api/services/data-gathering/data-gathering.module';
 import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
+import { DemoModule } from '@ghostfolio/api/services/demo/demo.module';
 import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
 import { MarketDataModule } from '@ghostfolio/api/services/market-data/market-data.module';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
 import { PropertyModule } from '@ghostfolio/api/services/property/property.module';
+import { DataGatheringModule } from '@ghostfolio/api/services/queues/data-gathering/data-gathering.module';
 import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
 import { Module } from '@nestjs/common';
 
 import { AdminController } from './admin.controller';
@@ -17,16 +21,19 @@ import { QueueModule } from './queue/queue.module';
 @Module({
   imports: [
     ApiModule,
+    BenchmarkModule,
     ConfigurationModule,
     DataGatheringModule,
     DataProviderModule,
+    DemoModule,
     ExchangeRateDataModule,
     MarketDataModule,
+    OrderModule,
     PrismaModule,
     PropertyModule,
     QueueModule,
-    SubscriptionModule,
-    SymbolProfileModule
+    SymbolProfileModule,
+    TransformDataSourceInRequestModule
   ],
   controllers: [AdminController],
   providers: [AdminService],

apps/api/src/app/admin/admin.service.ts

@@ -1,5 +1,6 @@
-import { SubscriptionService } from '@ghostfolio/api/app/subscription/subscription.service';
+import { OrderService } from '@ghostfolio/api/app/order/order.service';
 import { environment } from '@ghostfolio/api/environments/environment';
+import { BenchmarkService } from '@ghostfolio/api/services/benchmark/benchmark.service';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { DataProviderService } from '@ghostfolio/api/services/data-provider/data-provider.service';
 import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.service';
@@ -8,41 +9,58 @@ import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
 import { PropertyService } from '@ghostfolio/api/services/property/property.service';
 import { SymbolProfileService } from '@ghostfolio/api/services/symbol-profile/symbol-profile.service';
 import {
-  DEFAULT_CURRENCY,
   PROPERTY_CURRENCIES,
   PROPERTY_IS_READ_ONLY_MODE,
   PROPERTY_IS_USER_SIGNUP_ENABLED
 } from '@ghostfolio/common/config';
+import {
+  getAssetProfileIdentifier,
+  getCurrencyFromSymbol,
+  isCurrency
+} from '@ghostfolio/common/helper';
 import {
   AdminData,
   AdminMarketData,
   AdminMarketDataDetails,
   AdminMarketDataItem,
-  Filter,
-  UniqueAsset
+  AdminUsers,
+  AssetProfileIdentifier,
+  EnhancedSymbolProfile,
+  Filter
 } from '@ghostfolio/common/interfaces';
-import { MarketDataPreset } from '@ghostfolio/common/types';
-import { BadRequestException, Injectable } from '@nestjs/common';
+import { Sector } from '@ghostfolio/common/interfaces/sector.interface';
+import { MarketDataPreset, UserWithSettings } from '@ghostfolio/common/types';
+
 import {
+  BadRequestException,
+  HttpException,
+  Injectable,
+  Logger
+} from '@nestjs/common';
+import {
+  AssetClass,
   AssetSubClass,
   DataSource,
   Prisma,
+  PrismaClient,
   Property,
   SymbolProfile
 } from '@prisma/client';
 import { differenceInDays } from 'date-fns';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { groupBy } from 'lodash';
 
 @Injectable()
 export class AdminService {
   public constructor(
+    private readonly benchmarkService: BenchmarkService,
     private readonly configurationService: ConfigurationService,
     private readonly dataProviderService: DataProviderService,
     private readonly exchangeRateDataService: ExchangeRateDataService,
     private readonly marketDataService: MarketDataService,
+    private readonly orderService: OrderService,
     private readonly prismaService: PrismaService,
     private readonly propertyService: PropertyService,
-    private readonly subscriptionService: SubscriptionService,
     private readonly symbolProfileService: SymbolProfileService
   ) {}
 
@@ -50,7 +68,9 @@ export class AdminService {
     currency,
     dataSource,
     symbol
-  }: UniqueAsset & { currency?: string }): Promise<SymbolProfile | never> {
+  }: AssetProfileIdentifier & { currency?: string }): Promise<
+    SymbolProfile | never
+  > {
     try {
       if (dataSource === 'MANUAL') {
         return this.symbolProfileService.add({
@@ -70,7 +90,7 @@ export class AdminService {
         );
       }
 
-      return await this.symbolProfileService.add(
+      return this.symbolProfileService.add(
         assetProfiles[symbol] as Prisma.SymbolProfileCreateInput
       );
     } catch (error) {
@@ -87,41 +107,68 @@ export class AdminService {
     }
   }
 
-  public async deleteProfileData({ dataSource, symbol }: UniqueAsset) {
+  public async deleteProfileData({
+    dataSource,
+    symbol
+  }: AssetProfileIdentifier) {
     await this.marketDataService.deleteMany({ dataSource, symbol });
+
+    const currency = getCurrencyFromSymbol(symbol);
+    const customCurrencies =
+      await this.propertyService.getByKey<string[]>(PROPERTY_CURRENCIES);
+
+    if (customCurrencies.includes(currency)) {
+      const updatedCustomCurrencies = customCurrencies.filter(
+        (customCurrency) => {
+          return customCurrency !== currency;
+        }
+      );
+
+      await this.putSetting(
+        PROPERTY_CURRENCIES,
+        JSON.stringify(updatedCustomCurrencies)
+      );
+    } else {
       await this.symbolProfileService.delete({ dataSource, symbol });
     }
+  }
 
-  public async get(): Promise<AdminData> {
-    return {
-      exchangeRates: this.exchangeRateDataService
-        .getCurrencies()
-        .filter((currency) => {
-          return currency !== DEFAULT_CURRENCY;
-        })
-        .map((currency) => {
-          const label1 = DEFAULT_CURRENCY;
-          const label2 = currency;
+  public async get({ user }: { user: UserWithSettings }): Promise<AdminData> {
+    const dataSources = await this.dataProviderService.getDataSources({
+      user,
+      includeGhostfolio: true
+    });
+
+    const [settings, transactionCount, userCount] = await Promise.all([
+      this.propertyService.get(),
+      this.prismaService.order.count(),
+      this.countUsersWithAnalytics()
+    ]);
+
+    const dataProviders = await Promise.all(
+      dataSources.map(async (dataSource) => {
+        const dataProviderInfo = this.dataProviderService
+          .getDataProvider(dataSource)
+          .getDataProviderInfo();
+
+        const assetProfileCount = await this.prismaService.symbolProfile.count({
+          where: {
+            dataSource
+          }
+        });
 
         return {
-            label1,
-            label2,
-            dataSource:
-              DataSource[
-                this.configurationService.get('DATA_SOURCE_EXCHANGE_RATES')
-              ],
-            symbol: `${label1}${label2}`,
-            value: this.exchangeRateDataService.toCurrency(
-              1,
-              DEFAULT_CURRENCY,
-              currency
-            )
+          ...dataProviderInfo,
+          assetProfileCount
         };
-        }),
-      settings: await this.propertyService.get(),
-      transactionCount: await this.prismaService.order.count(),
-      userCount: await this.prismaService.user.count(),
-      users: await this.getUsersWithAnalytics(),
+      })
+    );
+
+    return {
+      dataProviders,
+      settings,
+      transactionCount,
+      userCount,
       version: environment.version
     };
   }
@@ -145,7 +192,16 @@ export class AdminService {
       [{ symbol: 'asc' }];
     const where: Prisma.SymbolProfileWhereInput = {};
 
-    if (presetId === 'CURRENCIES') {
+    if (presetId === 'BENCHMARKS') {
+      const benchmarkAssetProfiles =
+        await this.benchmarkService.getBenchmarkAssetProfiles();
+
+      where.id = {
+        in: benchmarkAssetProfiles.map(({ id }) => {
+          return id;
+        })
+      };
+    } else if (presetId === 'CURRENCIES') {
       return this.getMarketDataForCurrencies();
     } else if (
       presetId === 'ETF_WITHOUT_COUNTRIES' ||
@@ -176,6 +232,7 @@ export class AdminService {
 
     if (searchQuery) {
       where.OR = [
+        { id: { mode: 'insensitive', startsWith: searchQuery } },
         { isin: { mode: 'insensitive', startsWith: searchQuery } },
         { name: { mode: 'insensitive', startsWith: searchQuery } },
         { symbol: { mode: 'insensitive', startsWith: searchQuery } }
@@ -187,22 +244,33 @@ export class AdminService {
 
       if (sortColumn === 'activitiesCount') {
         orderBy = {
-          Order: {
+          activities: {
             _count: sortDirection
           }
         };
       }
     }
 
-    let [assetProfiles, count] = await Promise.all([
-      this.prismaService.symbolProfile.findMany({
+    const extendedPrismaClient = this.getExtendedPrismaClient();
+
+    try {
+      const symbolProfileResult = await Promise.all([
+        extendedPrismaClient.symbolProfile.findMany({
           orderBy,
           skip,
           take,
           where,
           select: {
             _count: {
-            select: { Order: true }
+              select: {
+                activities: true,
+                watchedBy: true
+              }
+            },
+            activities: {
+              orderBy: [{ date: 'asc' }],
+              select: { date: true },
+              take: 1
             },
             assetClass: true,
             assetSubClass: true,
@@ -210,35 +278,77 @@ export class AdminService {
             countries: true,
             currency: true,
             dataSource: true,
+            id: true,
+            isActive: true,
+            isUsedByUsersWithSubscription: true,
             name: true,
-          Order: {
-            orderBy: [{ date: 'asc' }],
-            select: { date: true },
-            take: 1
-          },
             scraperConfiguration: true,
             sectors: true,
-          symbol: true
+            symbol: true,
+            SymbolProfileOverrides: true
           }
         }),
         this.prismaService.symbolProfile.count({ where })
       ]);
+      const assetProfiles = symbolProfileResult[0];
+      let count = symbolProfileResult[1];
 
-    let marketData = assetProfiles.map(
-      ({
+      const lastMarketPrices = await this.prismaService.marketData.findMany({
+        distinct: ['dataSource', 'symbol'],
+        orderBy: { date: 'desc' },
+        select: {
+          dataSource: true,
+          marketPrice: true,
+          symbol: true
+        },
+        where: {
+          dataSource: {
+            in: assetProfiles.map(({ dataSource }) => {
+              return dataSource;
+            })
+          },
+          symbol: {
+            in: assetProfiles.map(({ symbol }) => {
+              return symbol;
+            })
+          }
+        }
+      });
+
+      const lastMarketPriceMap = new Map<string, number>();
+
+      for (const { dataSource, marketPrice, symbol } of lastMarketPrices) {
+        lastMarketPriceMap.set(
+          getAssetProfileIdentifier({ dataSource, symbol }),
+          marketPrice
+        );
+      }
+
+      let marketData: AdminMarketDataItem[] = await Promise.all(
+        assetProfiles.map(
+          async ({
             _count,
+            activities,
             assetClass,
             assetSubClass,
             comment,
             countries,
             currency,
             dataSource,
+            id,
+            isActive,
+            isUsedByUsersWithSubscription,
             name,
-        Order,
             sectors,
-        symbol
+            symbol,
+            SymbolProfileOverrides
           }) => {
-        const countriesCount = countries ? Object.keys(countries).length : 0;
+            let countriesCount = countries ? Object.keys(countries).length : 0;
+
+            const lastMarketPrice = lastMarketPriceMap.get(
+              getAssetProfileIdentifier({ dataSource, symbol })
+            );
+
             const marketDataItemCount =
               marketDataItems.find((marketDataItem) => {
                 return (
@@ -246,7 +356,35 @@ export class AdminService {
                   marketDataItem.symbol === symbol
                 );
               })?._count ?? 0;
-        const sectorsCount = sectors ? Object.keys(sectors).length : 0;
+
+            let sectorsCount = sectors ? Object.keys(sectors).length : 0;
+
+            if (SymbolProfileOverrides) {
+              assetClass = SymbolProfileOverrides.assetClass ?? assetClass;
+              assetSubClass =
+                SymbolProfileOverrides.assetSubClass ?? assetSubClass;
+
+              if (
+                (
+                  SymbolProfileOverrides.countries as unknown as Prisma.JsonArray
+                )?.length > 0
+              ) {
+                countriesCount = (
+                  SymbolProfileOverrides.countries as unknown as Prisma.JsonArray
+                ).length;
+              }
+
+              name = SymbolProfileOverrides.name ?? name;
+
+              if (
+                (SymbolProfileOverrides.sectors as unknown as Sector[])
+                  ?.length > 0
+              ) {
+                sectorsCount = (
+                  SymbolProfileOverrides.sectors as unknown as Prisma.JsonArray
+                ).length;
+              }
+            }
 
             return {
               assetClass,
@@ -255,14 +393,21 @@ export class AdminService {
               currency,
               countriesCount,
               dataSource,
+              id,
+              isActive,
+              lastMarketPrice,
               name,
               symbol,
               marketDataItemCount,
               sectorsCount,
-          activitiesCount: _count.Order,
-          date: Order?.[0]?.date
+              activitiesCount: _count.activities,
+              date: activities?.[0]?.date,
+              isUsedByUsersWithSubscription:
+                await isUsedByUsersWithSubscription,
+              watchedByCount: _count.watchedBy
             };
           }
+        )
       );
 
       if (presetId) {
@@ -283,12 +428,27 @@ export class AdminService {
         count,
         marketData
       };
+    } finally {
+      await extendedPrismaClient.$disconnect();
+
+      Logger.debug('Disconnect extended prisma client', 'AdminService');
+    }
   }
 
   public async getMarketDataBySymbol({
     dataSource,
     symbol
-  }: UniqueAsset): Promise<AdminMarketDataDetails> {
+  }: AssetProfileIdentifier): Promise<AdminMarketDataDetails> {
+    let activitiesCount: EnhancedSymbolProfile['activitiesCount'] = 0;
+    let currency: EnhancedSymbolProfile['currency'] = '-';
+    let dateOfFirstActivity: EnhancedSymbolProfile['dateOfFirstActivity'];
+
+    if (isCurrency(getCurrencyFromSymbol(symbol))) {
+      currency = getCurrencyFromSymbol(symbol);
+      ({ activitiesCount, dateOfFirstActivity } =
+        await this.orderService.getStatisticsByCurrency(currency));
+    }
+
     const [[assetProfile], marketData] = await Promise.all([
       this.symbolProfileService.getSymbolProfiles([
         {
@@ -307,44 +467,160 @@ export class AdminService {
       })
     ]);
 
+    if (assetProfile) {
+      assetProfile.dataProviderInfo = this.dataProviderService
+        .getDataProvider(assetProfile.dataSource)
+        .getDataProviderInfo();
+    }
+
     return {
       marketData,
       assetProfile: assetProfile ?? {
+        activitiesCount,
+        currency,
+        dataSource,
+        dateOfFirstActivity,
         symbol,
-        currency: '-'
+        isActive: true
       }
     };
   }
 
-  public async patchAssetProfileData({
-    assetClass,
-    assetSubClass,
-    comment,
-    dataSource,
-    name,
-    scraperConfiguration,
-    symbol,
-    symbolMapping
-  }: Prisma.SymbolProfileUpdateInput & UniqueAsset) {
-    await this.symbolProfileService.updateSymbolProfile({
-      assetClass,
-      assetSubClass,
-      comment,
-      dataSource,
-      name,
-      scraperConfiguration,
-      symbol,
-      symbolMapping
-    });
+  public async getUsers({
+    skip,
+    take = Number.MAX_SAFE_INTEGER
+  }: {
+    skip?: number;
+    take?: number;
+  }): Promise<AdminUsers> {
+    const [count, users] = await Promise.all([
+      this.countUsersWithAnalytics(),
+      this.getUsersWithAnalytics({ skip, take })
+    ]);
 
-    const [symbolProfile] = await this.symbolProfileService.getSymbolProfiles([
+    return { count, users };
+  }
+
+  public async patchAssetProfileData(
+    { dataSource, symbol }: AssetProfileIdentifier,
     {
-        dataSource,
-        symbol
+      assetClass,
+      assetSubClass,
+      comment,
+      countries,
+      currency,
+      dataSource: newDataSource,
+      holdings,
+      isActive,
+      name,
+      scraperConfiguration,
+      sectors,
+      symbol: newSymbol,
+      symbolMapping,
+      url
+    }: Prisma.SymbolProfileUpdateInput
+  ) {
+    if (
+      newSymbol &&
+      newDataSource &&
+      (newSymbol !== symbol || newDataSource !== dataSource)
+    ) {
+      const [assetProfile] = await this.symbolProfileService.getSymbolProfiles([
+        {
+          dataSource: DataSource[newDataSource.toString()],
+          symbol: newSymbol as string
         }
       ]);
 
-    return symbolProfile;
+      if (assetProfile) {
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.CONFLICT),
+          StatusCodes.CONFLICT
+        );
+      }
+
+      try {
+        Promise.all([
+          await this.symbolProfileService.updateAssetProfileIdentifier(
+            {
+              dataSource,
+              symbol
+            },
+            {
+              dataSource: DataSource[newDataSource.toString()],
+              symbol: newSymbol as string
+            }
+          ),
+          await this.marketDataService.updateAssetProfileIdentifier(
+            {
+              dataSource,
+              symbol
+            },
+            {
+              dataSource: DataSource[newDataSource.toString()],
+              symbol: newSymbol as string
+            }
+          )
+        ]);
+
+        return this.symbolProfileService.getSymbolProfiles([
+          {
+            dataSource: DataSource[newDataSource.toString()],
+            symbol: newSymbol as string
+          }
+        ])?.[0];
+      } catch {
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.BAD_REQUEST),
+          StatusCodes.BAD_REQUEST
+        );
+      }
+    } else {
+      const symbolProfileOverrides = {
+        assetClass: assetClass as AssetClass,
+        assetSubClass: assetSubClass as AssetSubClass,
+        name: name as string,
+        url: url as string
+      };
+
+      const updatedSymbolProfile: Prisma.SymbolProfileUpdateInput = {
+        comment,
+        countries,
+        currency,
+        dataSource,
+        holdings,
+        isActive,
+        scraperConfiguration,
+        sectors,
+        symbol,
+        symbolMapping,
+        ...(dataSource === 'MANUAL'
+          ? { assetClass, assetSubClass, name, url }
+          : {
+              SymbolProfileOverrides: {
+                upsert: {
+                  create: symbolProfileOverrides,
+                  update: symbolProfileOverrides
+                }
+              }
+            })
+      };
+
+      await this.symbolProfileService.updateSymbolProfile(
+        {
+          dataSource,
+          symbol
+        },
+        updatedSymbolProfile
+      );
+
+      return this.symbolProfileService.getSymbolProfiles([
+        {
+          dataSource: dataSource as DataSource,
+          symbol: symbol as string
+        }
+      ])?.[0];
+    }
   }
 
   public async putSetting(key: string, value: string) {
@@ -365,15 +641,124 @@ export class AdminService {
     return response;
   }
 
-  private async getMarketDataForCurrencies(): Promise<AdminMarketData> {
-    const marketDataItems = await this.prismaService.marketData.groupBy({
-      _count: true,
-      by: ['dataSource', 'symbol']
+  private async countUsersWithAnalytics() {
+    let where: Prisma.UserWhereInput;
+
+    if (this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION')) {
+      where = {
+        NOT: {
+          analytics: null
+        }
+      };
+    }
+
+    return this.prismaService.user.count({
+      where
+    });
+  }
+
+  private getExtendedPrismaClient() {
+    Logger.debug('Connect extended prisma client', 'AdminService');
+
+    const symbolProfileExtension = Prisma.defineExtension((client) => {
+      return client.$extends({
+        result: {
+          symbolProfile: {
+            isUsedByUsersWithSubscription: {
+              compute: async ({ id }) => {
+                const { _count } =
+                  await this.prismaService.symbolProfile.findUnique({
+                    select: {
+                      _count: {
+                        select: {
+                          activities: {
+                            where: {
+                              user: {
+                                subscriptions: {
+                                  some: {
+                                    expiresAt: {
+                                      gt: new Date()
+                                    }
+                                  }
+                                }
+                              }
+                            }
+                          }
+                        }
+                      }
+                    },
+                    where: {
+                      id
+                    }
                   });
 
-    const marketData: AdminMarketDataItem[] = this.exchangeRateDataService
-      .getCurrencyPairs()
-      .map(({ dataSource, symbol }) => {
+                return _count.activities > 0;
+              }
+            }
+          }
+        }
+      });
+    });
+
+    return new PrismaClient().$extends(symbolProfileExtension);
+  }
+
+  private async getMarketDataForCurrencies(): Promise<AdminMarketData> {
+    const currencyPairs = this.exchangeRateDataService.getCurrencyPairs();
+
+    const [lastMarketPrices, marketDataItems] = await Promise.all([
+      this.prismaService.marketData.findMany({
+        distinct: ['dataSource', 'symbol'],
+        orderBy: { date: 'desc' },
+        select: {
+          dataSource: true,
+          marketPrice: true,
+          symbol: true
+        },
+        where: {
+          dataSource: {
+            in: currencyPairs.map(({ dataSource }) => {
+              return dataSource;
+            })
+          },
+          symbol: {
+            in: currencyPairs.map(({ symbol }) => {
+              return symbol;
+            })
+          }
+        }
+      }),
+      this.prismaService.marketData.groupBy({
+        _count: true,
+        by: ['dataSource', 'symbol']
+      })
+    ]);
+
+    const lastMarketPriceMap = new Map<string, number>();
+
+    for (const { dataSource, marketPrice, symbol } of lastMarketPrices) {
+      lastMarketPriceMap.set(
+        getAssetProfileIdentifier({ dataSource, symbol }),
+        marketPrice
+      );
+    }
+
+    const marketDataPromise: Promise<AdminMarketDataItem>[] = currencyPairs.map(
+      async ({ dataSource, symbol }) => {
+        let activitiesCount: EnhancedSymbolProfile['activitiesCount'] = 0;
+        let currency: EnhancedSymbolProfile['currency'] = '-';
+        let dateOfFirstActivity: EnhancedSymbolProfile['dateOfFirstActivity'];
+
+        if (isCurrency(getCurrencyFromSymbol(symbol))) {
+          currency = getCurrencyFromSymbol(symbol);
+          ({ activitiesCount, dateOfFirstActivity } =
+            await this.orderService.getStatisticsByCurrency(currency));
+        }
+
+        const lastMarketPrice = lastMarketPriceMap.get(
+          getAssetProfileIdentifier({ dataSource, symbol })
+        );
+
         const marketDataItemCount =
           marketDataItems.find((marketDataItem) => {
             return (
@@ -383,83 +768,113 @@ export class AdminService {
           })?._count ?? 0;
 
         return {
+          activitiesCount,
+          currency,
           dataSource,
+          lastMarketPrice,
           marketDataItemCount,
           symbol,
-          assetClass: 'CASH',
+          assetClass: AssetClass.LIQUIDITY,
+          assetSubClass: AssetSubClass.CASH,
           countriesCount: 0,
-          currency: symbol.replace(DEFAULT_CURRENCY, ''),
+          date: dateOfFirstActivity,
+          id: undefined,
+          isActive: true,
           name: symbol,
-          sectorsCount: 0
+          sectorsCount: 0,
+          watchedByCount: 0
         };
-      });
+      }
+    );
 
+    const marketData = await Promise.all(marketDataPromise);
     return { marketData, count: marketData.length };
   }
 
-  private async getUsersWithAnalytics(): Promise<AdminData['users']> {
-    let orderBy: any = {
+  private async getUsersWithAnalytics({
+    skip,
+    take
+  }: {
+    skip?: number;
+    take?: number;
+  }): Promise<AdminUsers['users']> {
+    let orderBy: Prisma.UserOrderByWithRelationInput = {
       createdAt: 'desc'
     };
-    let where;
+    let where: Prisma.UserWhereInput;
 
     if (this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION')) {
       orderBy = {
-        Analytics: {
-          updatedAt: 'desc'
+        analytics: {
+          lastRequestAt: 'desc'
         }
       };
       where = {
         NOT: {
-          Analytics: null
+          analytics: null
         }
       };
     }
 
     const usersWithAnalytics = await this.prismaService.user.findMany({
       orderBy,
+      skip,
+      take,
       where,
       select: {
         _count: {
-          select: { Account: true, Order: true }
+          select: { accounts: true, activities: true }
         },
-        Analytics: {
+        analytics: {
           select: {
             activityCount: true,
             country: true,
+            dataProviderGhostfolioDailyRequests: true,
             updatedAt: true
           }
         },
         createdAt: true,
         id: true,
-        Subscription: true
+        role: true,
+        subscriptions: {
+          orderBy: {
+            expiresAt: 'desc'
           },
-      take: 30
+          take: 1,
+          where: {
+            expiresAt: {
+              gt: new Date()
+            }
+          }
+        }
+      }
     });
 
     return usersWithAnalytics.map(
-      ({ _count, Analytics, createdAt, id, Subscription }) => {
+      ({ _count, analytics, createdAt, id, role, subscriptions }) => {
         const daysSinceRegistration =
           differenceInDays(new Date(), createdAt) + 1;
-        const engagement = Analytics
-          ? Analytics.activityCount / daysSinceRegistration
+        const engagement = analytics
+          ? analytics.activityCount / daysSinceRegistration
           : undefined;
 
-        const subscription = this.configurationService.get(
-          'ENABLE_FEATURE_SUBSCRIPTION'
-        )
-          ? this.subscriptionService.getSubscription(Subscription)
+        const subscription =
+          this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION') &&
+          subscriptions?.length > 0
+            ? subscriptions[0]
             : undefined;
 
         return {
           createdAt,
           engagement,
           id,
+          role,
           subscription,
-          accountCount: _count.Account || 0,
-          country: Analytics?.country,
-          lastActivity: Analytics?.updatedAt,
-          transactionCount: _count.Order || 0
+          accountCount: _count.accounts || 0,
+          activityCount: _count.activities || 0,
+          country: analytics?.country,
+          dailyApiRequests: analytics?.dataProviderGhostfolioDailyRequests || 0,
+          lastActivity: analytics?.updatedAt
         };
       }
     );

apps/api/src/app/admin/queue/queue.controller.ts

@@ -1,87 +1,56 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { AdminJobs } from '@ghostfolio/common/interfaces';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
-import type { RequestWithUser } from '@ghostfolio/common/types';
+import { permissions } from '@ghostfolio/common/permissions';
+
 import {
   Controller,
   Delete,
   Get,
-  HttpException,
-  Inject,
   Param,
   Query,
   UseGuards
 } from '@nestjs/common';
-import { REQUEST } from '@nestjs/core';
 import { AuthGuard } from '@nestjs/passport';
 import { JobStatus } from 'bull';
-import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 
 import { QueueService } from './queue.service';
 
 @Controller('admin/queue')
 export class QueueController {
-  public constructor(
-    private readonly queueService: QueueService,
-    @Inject(REQUEST) private readonly request: RequestWithUser
-  ) {}
+  public constructor(private readonly queueService: QueueService) {}
 
   @Delete('job')
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async deleteJobs(
     @Query('status') filterByStatus?: string
   ): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const status = <JobStatus[]>filterByStatus?.split(',') ?? undefined;
+    const status = (filterByStatus?.split(',') as JobStatus[]) ?? undefined;
     return this.queueService.deleteJobs({ status });
   }
 
   @Get('job')
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async getJobs(
     @Query('status') filterByStatus?: string
   ): Promise<AdminJobs> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const status = <JobStatus[]>filterByStatus?.split(',') ?? undefined;
+    const status = (filterByStatus?.split(',') as JobStatus[]) ?? undefined;
     return this.queueService.getJobs({ status });
   }
 
   @Delete('job/:id')
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async deleteJob(@Param('id') id: string): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     return this.queueService.deleteJob(id);
   }
+
+  @Get('job/:id/execute')
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async executeJob(@Param('id') id: string): Promise<void> {
+    return this.queueService.executeJob(id);
+  }
 }

apps/api/src/app/admin/queue/queue.module.ts

@@ -1,4 +1,6 @@
-import { DataGatheringModule } from '@ghostfolio/api/services/data-gathering/data-gathering.module';
+import { DataGatheringModule } from '@ghostfolio/api/services/queues/data-gathering/data-gathering.module';
+import { PortfolioSnapshotQueueModule } from '@ghostfolio/api/services/queues/portfolio-snapshot/portfolio-snapshot.module';
+
 import { Module } from '@nestjs/common';
 
 import { QueueController } from './queue.controller';
@@ -6,7 +8,7 @@ import { QueueService } from './queue.service';
 
 @Module({
   controllers: [QueueController],
-  imports: [DataGatheringModule],
+  imports: [DataGatheringModule, PortfolioSnapshotQueueModule],
   providers: [QueueService]
 })
 export class QueueModule {}

apps/api/src/app/admin/queue/queue.service.ts

@@ -1,8 +1,10 @@
 import {
   DATA_GATHERING_QUEUE,
+  PORTFOLIO_SNAPSHOT_COMPUTATION_QUEUE,
   QUEUE_JOB_STATUS_LIST
 } from '@ghostfolio/common/config';
 import { AdminJobs } from '@ghostfolio/common/interfaces';
+
 import { InjectQueue } from '@nestjs/bull';
 import { Injectable } from '@nestjs/common';
 import { JobStatus, Queue } from 'bull';
@@ -11,11 +13,19 @@ import { JobStatus, Queue } from 'bull';
 export class QueueService {
   public constructor(
     @InjectQueue(DATA_GATHERING_QUEUE)
-    private readonly dataGatheringQueue: Queue
+    private readonly dataGatheringQueue: Queue,
+    @InjectQueue(PORTFOLIO_SNAPSHOT_COMPUTATION_QUEUE)
+    private readonly portfolioSnapshotQueue: Queue
   ) {}
 
   public async deleteJob(aId: string) {
-    return (await this.dataGatheringQueue.getJob(aId))?.remove();
+    let job = await this.dataGatheringQueue.getJob(aId);
+
+    if (!job) {
+      job = await this.portfolioSnapshotQueue.getJob(aId);
+    }
+
+    return job?.remove();
   }
 
   public async deleteJobs({
@@ -24,13 +34,23 @@ export class QueueService {
     status?: JobStatus[];
   }) {
     for (const statusItem of status) {
-      await this.dataGatheringQueue.clean(
-        300,
-        statusItem === 'waiting' ? 'wait' : statusItem
-      );
+      const queueStatus = statusItem === 'waiting' ? 'wait' : statusItem;
+
+      await this.dataGatheringQueue.clean(300, queueStatus);
+      await this.portfolioSnapshotQueue.clean(300, queueStatus);
     }
   }
 
+  public async executeJob(aId: string) {
+    let job = await this.dataGatheringQueue.getJob(aId);
+
+    if (!job) {
+      job = await this.portfolioSnapshotQueue.getJob(aId);
+    }
+
+    return job?.promote();
+  }
+
   public async getJobs({
     limit = 1000,
     status = QUEUE_JOB_STATUS_LIST
@@ -38,10 +58,13 @@ export class QueueService {
     limit?: number;
     status?: JobStatus[];
   }): Promise<AdminJobs> {
-    const jobs = await this.dataGatheringQueue.getJobs(status);
+    const [dataGatheringJobs, portfolioSnapshotJobs] = await Promise.all([
+      this.dataGatheringQueue.getJobs(status),
+      this.portfolioSnapshotQueue.getJobs(status)
+    ]);
 
     const jobsWithState = await Promise.all(
-      jobs
+      [...dataGatheringJobs, ...portfolioSnapshotJobs]
         .filter((job) => {
           return job;
         })
@@ -53,6 +76,7 @@ export class QueueService {
             finishedOn: job.finishedOn,
             id: job.id,
             name: job.name,
+            opts: job.opts,
             stacktrace: job.stacktrace,
             state: await job.getState(),
             timestamp: job.timestamp

apps/api/src/app/admin/update-asset-profile.dto.ts

@@ -1,5 +1,15 @@
-import { AssetClass, AssetSubClass, Prisma } from '@prisma/client';
-import { IsEnum, IsObject, IsOptional, IsString } from 'class-validator';
+import { IsCurrencyCode } from '@ghostfolio/api/validators/is-currency-code';
+
+import { AssetClass, AssetSubClass, DataSource, Prisma } from '@prisma/client';
+import {
+  IsArray,
+  IsBoolean,
+  IsEnum,
+  IsObject,
+  IsOptional,
+  IsString,
+  IsUrl
+} from 'class-validator';
 
 export class UpdateAssetProfileDto {
   @IsEnum(AssetClass, { each: true })
@@ -10,21 +20,52 @@ export class UpdateAssetProfileDto {
   @IsOptional()
   assetSubClass?: AssetSubClass;
 
-  @IsString()
   @IsOptional()
+  @IsString()
   comment?: string;
 
-  @IsString()
+  @IsArray()
   @IsOptional()
+  countries?: Prisma.InputJsonArray;
+
+  @IsCurrencyCode()
+  @IsOptional()
+  currency?: string;
+
+  @IsEnum(DataSource)
+  @IsOptional()
+  dataSource?: DataSource;
+
+  @IsBoolean()
+  @IsOptional()
+  isActive?: boolean;
+
+  @IsOptional()
+  @IsString()
   name?: string;
 
   @IsObject()
   @IsOptional()
   scraperConfiguration?: Prisma.InputJsonObject;
 
+  @IsArray()
+  @IsOptional()
+  sectors?: Prisma.InputJsonArray;
+
+  @IsOptional()
+  @IsString()
+  symbol?: string;
+
   @IsObject()
   @IsOptional()
   symbolMapping?: {
     [dataProvider: string]: string;
   };
+
+  @IsOptional()
+  @IsUrl({
+    protocols: ['https'],
+    require_protocol: true
+  })
+  url?: string;
 }

apps/api/src/app/admin/update-bulk-market-data.dto.ts

@@ -1,5 +1,5 @@
 import { Type } from 'class-transformer';
-import { ArrayNotEmpty, IsArray, isNotEmptyObject } from 'class-validator';
+import { ArrayNotEmpty, IsArray } from 'class-validator';
 
 import { UpdateMarketDataDto } from './update-market-data.dto';
 

apps/api/src/app/app.controller.ts

@@ -1,4 +1,5 @@
 import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.service';
+
 import { Controller } from '@nestjs/common';
 
 @Controller()

apps/api/src/app/app.module.ts

@@ -1,31 +1,46 @@
-import { join } from 'path';
-
+import { EventsModule } from '@ghostfolio/api/events/events.module';
+import { HtmlTemplateMiddleware } from '@ghostfolio/api/middlewares/html-template.middleware';
 import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
-import { CronService } from '@ghostfolio/api/services/cron.service';
-import { DataGatheringModule } from '@ghostfolio/api/services/data-gathering/data-gathering.module';
+import { CronModule } from '@ghostfolio/api/services/cron/cron.module';
 import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
 import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
+import { I18nService } from '@ghostfolio/api/services/i18n/i18n.service';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
-import { TwitterBotModule } from '@ghostfolio/api/services/twitter-bot/twitter-bot.module';
+import { PropertyModule } from '@ghostfolio/api/services/property/property.module';
+import { DataGatheringModule } from '@ghostfolio/api/services/queues/data-gathering/data-gathering.module';
+import { PortfolioSnapshotQueueModule } from '@ghostfolio/api/services/queues/portfolio-snapshot/portfolio-snapshot.module';
 import {
   DEFAULT_LANGUAGE_CODE,
   SUPPORTED_LANGUAGE_CODES
 } from '@ghostfolio/common/config';
+
 import { BullModule } from '@nestjs/bull';
-import { Module } from '@nestjs/common';
+import { MiddlewareConsumer, Module, NestModule } from '@nestjs/common';
 import { ConfigModule } from '@nestjs/config';
+import { EventEmitterModule } from '@nestjs/event-emitter';
 import { ScheduleModule } from '@nestjs/schedule';
 import { ServeStaticModule } from '@nestjs/serve-static';
 import { StatusCodes } from 'http-status-codes';
+import { join } from 'path';
 
 import { AccessModule } from './access/access.module';
 import { AccountModule } from './account/account.module';
 import { AdminModule } from './admin/admin.module';
 import { AppController } from './app.controller';
+import { AssetModule } from './asset/asset.module';
 import { AuthDeviceModule } from './auth-device/auth-device.module';
 import { AuthModule } from './auth/auth.module';
-import { BenchmarkModule } from './benchmark/benchmark.module';
 import { CacheModule } from './cache/cache.module';
+import { AiModule } from './endpoints/ai/ai.module';
+import { ApiKeysModule } from './endpoints/api-keys/api-keys.module';
+import { AssetsModule } from './endpoints/assets/assets.module';
+import { BenchmarksModule } from './endpoints/benchmarks/benchmarks.module';
+import { GhostfolioModule } from './endpoints/data-providers/ghostfolio/ghostfolio.module';
+import { MarketDataModule } from './endpoints/market-data/market-data.module';
+import { PublicModule } from './endpoints/public/public.module';
+import { SitemapModule } from './endpoints/sitemap/sitemap.module';
+import { TagsModule } from './endpoints/tags/tags.module';
+import { WatchlistModule } from './endpoints/watchlist/watchlist.module';
 import { ExchangeRateModule } from './exchange-rate/exchange-rate.module';
 import { ExportModule } from './export/export.module';
 import { HealthModule } from './health/health.module';
@@ -36,22 +51,26 @@ import { OrderModule } from './order/order.module';
 import { PlatformModule } from './platform/platform.module';
 import { PortfolioModule } from './portfolio/portfolio.module';
 import { RedisCacheModule } from './redis-cache/redis-cache.module';
-import { SitemapModule } from './sitemap/sitemap.module';
 import { SubscriptionModule } from './subscription/subscription.module';
 import { SymbolModule } from './symbol/symbol.module';
-import { TagModule } from './tag/tag.module';
 import { UserModule } from './user/user.module';
 
 @Module({
+  controllers: [AppController],
   imports: [
     AdminModule,
     AccessModule,
     AccountModule,
+    AiModule,
+    ApiKeysModule,
+    AssetModule,
+    AssetsModule,
     AuthDeviceModule,
     AuthModule,
-    BenchmarkModule,
+    BenchmarksModule,
     BullModule.forRoot({
       redis: {
+        db: parseInt(process.env.REDIS_DB ?? '0', 10),
         host: process.env.REDIS_HOST,
         port: parseInt(process.env.REDIS_PORT ?? '6379', 10),
         password: process.env.REDIS_PASSWORD
@@ -60,23 +79,31 @@ import { UserModule } from './user/user.module';
     CacheModule,
     ConfigModule.forRoot(),
     ConfigurationModule,
+    CronModule,
     DataGatheringModule,
     DataProviderModule,
+    EventEmitterModule.forRoot(),
+    EventsModule,
     ExchangeRateModule,
     ExchangeRateDataModule,
     ExportModule,
+    GhostfolioModule,
     HealthModule,
     ImportModule,
     InfoModule,
     LogoModule,
+    MarketDataModule,
     OrderModule,
     PlatformModule,
     PortfolioModule,
+    PortfolioSnapshotQueueModule,
     PrismaModule,
+    PropertyModule,
+    PublicModule,
     RedisCacheModule,
     ScheduleModule.forRoot(),
     ServeStaticModule.forRoot({
-      exclude: ['/api*', '/sitemap.xml'],
+      exclude: ['/.well-known/*wildcard', '/api/*wildcard', '/sitemap.xml'],
       rootPath: join(__dirname, '..', 'client'),
       serveStaticOptions: {
         setHeaders: (res) => {
@@ -99,14 +126,21 @@ import { UserModule } from './user/user.module';
         }
       }
     }),
+    ServeStaticModule.forRoot({
+      rootPath: join(__dirname, '..', 'client', '.well-known'),
+      serveRoot: '/.well-known'
+    }),
     SitemapModule,
     SubscriptionModule,
     SymbolModule,
-    TagModule,
-    TwitterBotModule,
-    UserModule
+    TagsModule,
+    UserModule,
+    WatchlistModule
   ],
-  controllers: [AppController],
-  providers: [CronService]
+  providers: [I18nService]
 })
-export class AppModule {}
+export class AppModule implements NestModule {
+  public configure(consumer: MiddlewareConsumer) {
+    consumer.apply(HtmlTemplateMiddleware).forRoutes('*wildcard');
+  }
+}

apps/api/src/app/asset/asset.controller.ts

@@ -0,0 +1,29 @@
+import { AdminService } from '@ghostfolio/api/app/admin/admin.service';
+import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor';
+import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor';
+import type { AdminMarketDataDetails } from '@ghostfolio/common/interfaces';
+
+import { Controller, Get, Param, UseInterceptors } from '@nestjs/common';
+import { DataSource } from '@prisma/client';
+import { pick } from 'lodash';
+
+@Controller('asset')
+export class AssetController {
+  public constructor(private readonly adminService: AdminService) {}
+
+  @Get(':dataSource/:symbol')
+  @UseInterceptors(TransformDataSourceInRequestInterceptor)
+  @UseInterceptors(TransformDataSourceInResponseInterceptor)
+  public async getAsset(
+    @Param('dataSource') dataSource: DataSource,
+    @Param('symbol') symbol: string
+  ): Promise<AdminMarketDataDetails> {
+    const { assetProfile, marketData } =
+      await this.adminService.getMarketDataBySymbol({ dataSource, symbol });
+
+    return {
+      marketData,
+      assetProfile: pick(assetProfile, ['dataSource', 'name', 'symbol'])
+    };
+  }
+}

apps/api/src/app/asset/asset.module.ts

@@ -0,0 +1,17 @@
+import { AdminModule } from '@ghostfolio/api/app/admin/admin.module';
+import { TransformDataSourceInRequestModule } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.module';
+import { TransformDataSourceInResponseModule } from '@ghostfolio/api/interceptors/transform-data-source-in-response/transform-data-source-in-response.module';
+
+import { Module } from '@nestjs/common';
+
+import { AssetController } from './asset.controller';
+
+@Module({
+  controllers: [AssetController],
+  imports: [
+    AdminModule,
+    TransformDataSourceInRequestModule,
+    TransformDataSourceInResponseModule
+  ]
+})
+export class AssetModule {}

apps/api/src/app/auth-device/auth-device.controller.ts

@@ -1,40 +1,19 @@
 import { AuthDeviceService } from '@ghostfolio/api/app/auth-device/auth-device.service';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
-import type { RequestWithUser } from '@ghostfolio/common/types';
-import {
-  Controller,
-  Delete,
-  HttpException,
-  Inject,
-  Param,
-  UseGuards
-} from '@nestjs/common';
-import { REQUEST } from '@nestjs/core';
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { permissions } from '@ghostfolio/common/permissions';
+
+import { Controller, Delete, Param, UseGuards } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
-import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 
 @Controller('auth-device')
 export class AuthDeviceController {
-  public constructor(
-    private readonly authDeviceService: AuthDeviceService,
-    @Inject(REQUEST) private readonly request: RequestWithUser
-  ) {}
+  public constructor(private readonly authDeviceService: AuthDeviceService) {}
 
   @Delete(':id')
-  @UseGuards(AuthGuard('jwt'))
+  @HasPermission(permissions.deleteAuthDevice)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async deleteAuthDevice(@Param('id') id: string): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.deleteAuthDevice
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
     await this.authDeviceService.deleteAuthDevice({ id });
   }
 }

apps/api/src/app/auth-device/auth-device.module.ts

@@ -1,14 +1,13 @@
 import { AuthDeviceController } from '@ghostfolio/api/app/auth-device/auth-device.controller';
 import { AuthDeviceService } from '@ghostfolio/api/app/auth-device/auth-device.service';
-import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+
 import { Module } from '@nestjs/common';
 import { JwtModule } from '@nestjs/jwt';
 
 @Module({
   controllers: [AuthDeviceController],
   imports: [
-    ConfigurationModule,
     JwtModule.register({
       secret: process.env.JWT_SECRET_KEY,
       signOptions: { expiresIn: '180 days' }

apps/api/src/app/auth-device/auth-device.service.ts

@@ -1,14 +1,11 @@
-import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
+
 import { Injectable } from '@nestjs/common';
 import { AuthDevice, Prisma } from '@prisma/client';
 
 @Injectable()
 export class AuthDeviceService {
-  public constructor(
-    private readonly configurationService: ConfigurationService,
-    private readonly prismaService: PrismaService
-  ) {}
+  public constructor(private readonly prismaService: PrismaService) {}
 
   public async authDevice(
     where: Prisma.AuthDeviceWhereUniqueInput

apps/api/src/app/auth/api-key.strategy.ts

@@ -0,0 +1,70 @@
+import { UserService } from '@ghostfolio/api/app/user/user.service';
+import { ApiKeyService } from '@ghostfolio/api/services/api-key/api-key.service';
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
+import { HEADER_KEY_TOKEN } from '@ghostfolio/common/config';
+import { hasRole } from '@ghostfolio/common/permissions';
+
+import { HttpException, Injectable } from '@nestjs/common';
+import { PassportStrategy } from '@nestjs/passport';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
+import { HeaderAPIKeyStrategy } from 'passport-headerapikey';
+
+@Injectable()
+export class ApiKeyStrategy extends PassportStrategy(
+  HeaderAPIKeyStrategy,
+  'api-key'
+) {
+  public constructor(
+    private readonly apiKeyService: ApiKeyService,
+    private readonly configurationService: ConfigurationService,
+    private readonly prismaService: PrismaService,
+    private readonly userService: UserService
+  ) {
+    super({ header: HEADER_KEY_TOKEN, prefix: 'Api-Key ' }, false);
+  }
+
+  public async validate(apiKey: string) {
+    const user = await this.validateApiKey(apiKey);
+
+    if (this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION')) {
+      if (hasRole(user, 'INACTIVE')) {
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.TOO_MANY_REQUESTS),
+          StatusCodes.TOO_MANY_REQUESTS
+        );
+      }
+
+      await this.prismaService.analytics.upsert({
+        create: { user: { connect: { id: user.id } } },
+        update: {
+          activityCount: { increment: 1 },
+          lastRequestAt: new Date()
+        },
+        where: { userId: user.id }
+      });
+    }
+
+    return user;
+  }
+
+  private async validateApiKey(apiKey: string) {
+    if (!apiKey) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.UNAUTHORIZED),
+        StatusCodes.UNAUTHORIZED
+      );
+    }
+
+    try {
+      const { id } = await this.apiKeyService.getUserByApiKey(apiKey);
+
+      return this.userService.user({ id });
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.UNAUTHORIZED),
+        StatusCodes.UNAUTHORIZED
+      );
+    }
+  }
+}

apps/api/src/app/auth/auth.controller.ts

@@ -1,7 +1,9 @@
 import { WebAuthService } from '@ghostfolio/api/app/auth/web-auth.service';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { DEFAULT_LANGUAGE_CODE } from '@ghostfolio/common/config';
 import { OAuthResponse } from '@ghostfolio/common/interfaces';
+
 import {
   Body,
   Controller,
@@ -12,12 +14,12 @@ import {
   Req,
   Res,
   UseGuards,
-  VERSION_NEUTRAL,
-  Version
+  Version,
+  VERSION_NEUTRAL
 } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
 import { Request, Response } from 'express';
-import { StatusCodes, getReasonPhrase } from 'http-status-codes';
+import { getReasonPhrase, StatusCodes } from 'http-status-codes';
 
 import { AuthService } from './auth.service';
 import {
@@ -83,7 +85,7 @@ export class AuthController {
     @Res() response: Response
   ) {
     // Handles the Google OAuth2 callback
-    const jwt: string = (<any>request.user).jwt;
+    const jwt: string = (request.user as any).jwt;
 
     if (jwt) {
       response.redirect(
@@ -118,20 +120,17 @@ export class AuthController {
   }
 
   @Get('webauthn/generate-registration-options')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async generateRegistrationOptions() {
     return this.webAuthService.generateRegistrationOptions();
   }
 
   @Post('webauthn/verify-attestation')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async verifyAttestation(
     @Body() body: { deviceName: string; credential: AttestationCredentialJSON }
   ) {
-    return this.webAuthService.verifyAttestation(
-      body.deviceName,
-      body.credential
-    );
+    return this.webAuthService.verifyAttestation(body.credential);
   }
 
   @Post('webauthn/generate-assertion-options')

apps/api/src/app/auth/auth.module.ts

@@ -2,12 +2,15 @@ import { AuthDeviceService } from '@ghostfolio/api/app/auth-device/auth-device.s
 import { WebAuthService } from '@ghostfolio/api/app/auth/web-auth.service';
 import { SubscriptionModule } from '@ghostfolio/api/app/subscription/subscription.module';
 import { UserModule } from '@ghostfolio/api/app/user/user.module';
+import { ApiKeyService } from '@ghostfolio/api/services/api-key/api-key.service';
 import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
 import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
 import { PropertyModule } from '@ghostfolio/api/services/property/property.module';
+
 import { Module } from '@nestjs/common';
 import { JwtModule } from '@nestjs/jwt';
 
+import { ApiKeyStrategy } from './api-key.strategy';
 import { AuthController } from './auth.controller';
 import { AuthService } from './auth.service';
 import { GoogleStrategy } from './google.strategy';
@@ -27,6 +30,8 @@ import { JwtStrategy } from './jwt.strategy';
     UserModule
   ],
   providers: [
+    ApiKeyService,
+    ApiKeyStrategy,
     AuthDeviceService,
     AuthService,
     GoogleStrategy,

apps/api/src/app/auth/auth.service.ts

@@ -1,6 +1,7 @@
 import { UserService } from '@ghostfolio/api/app/user/user.service';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { PropertyService } from '@ghostfolio/api/services/property/property.service';
+
 import { Injectable, InternalServerErrorException } from '@nestjs/common';
 import { JwtService } from '@nestjs/jwt';
 import { Provider } from '@prisma/client';
@@ -19,10 +20,10 @@ export class AuthService {
   public async validateAnonymousLogin(accessToken: string): Promise<string> {
     return new Promise(async (resolve, reject) => {
       try {
-        const hashedAccessToken = this.userService.createAccessToken(
-          accessToken,
-          this.configurationService.get('ACCESS_TOKEN_SALT')
-        );
+        const hashedAccessToken = this.userService.createAccessToken({
+          password: accessToken,
+          salt: this.configurationService.get('ACCESS_TOKEN_SALT')
+        });
 
         const [user] = await this.userService.users({
           where: { accessToken: hashedAccessToken }

apps/api/src/app/auth/google.strategy.ts

@@ -1,8 +1,9 @@
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+
 import { Injectable, Logger } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { Provider } from '@prisma/client';
-import { Strategy } from 'passport-google-oauth20';
+import { Profile, Strategy } from 'passport-google-oauth20';
 
 import { AuthService } from './auth.service';
 
@@ -10,7 +11,7 @@ import { AuthService } from './auth.service';
 export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
   public constructor(
     private readonly authService: AuthService,
-    readonly configurationService: ConfigurationService
+    configurationService: ConfigurationService
   ) {
     super({
       callbackURL: `${configurationService.get(
@@ -19,28 +20,24 @@ export class GoogleStrategy extends PassportStrategy(Strategy, 'google') {
       clientID: configurationService.get('GOOGLE_CLIENT_ID'),
       clientSecret: configurationService.get('GOOGLE_SECRET'),
       passReqToCallback: true,
-      scope: ['email', 'profile']
+      scope: ['profile']
     });
   }
 
   public async validate(
-    request: any,
-    token: string,
-    refreshToken: string,
-    profile,
-    done: Function,
-    done2: Function
+    _request: any,
+    _token: string,
+    _refreshToken: string,
+    profile: Profile,
+    done: Function
   ) {
     try {
-      const jwt: string = await this.authService.validateOAuthLogin({
+      const jwt = await this.authService.validateOAuthLogin({
         provider: Provider.GOOGLE,
         thirdPartyId: profile.id
       });
-      const user = {
-        jwt
-      };
 
-      done(null, user);
+      done(null, { jwt });
     } catch (error) {
       Logger.error(error, 'GoogleStrategy');
       done(error, false);

apps/api/src/app/auth/interfaces/interfaces.ts

@@ -1,4 +1,5 @@
 import { AuthDeviceDto } from '@ghostfolio/api/app/auth-device/auth-device.dto';
+
 import { Provider } from '@prisma/client';
 
 export interface AuthDeviceDialogParams {

apps/api/src/app/auth/interfaces/simplewebauthn.ts

@@ -198,12 +198,12 @@ export interface AuthenticatorAssertionResponseJSON
 /**
  * A WebAuthn-compatible device and the information needed to verify assertions by it
  */
-export declare type AuthenticatorDevice = {
+export declare interface AuthenticatorDevice {
   credentialPublicKey: Buffer;
   credentialID: Buffer;
   counter: number;
   transports?: AuthenticatorTransport[];
-};
+}
 /**
  * An attempt to communicate that this isn't just any string, but a Base64URL-encoded string
  */

apps/api/src/app/auth/jwt.strategy.ts

@@ -1,10 +1,17 @@
 import { UserService } from '@ghostfolio/api/app/user/user.service';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
-import { HEADER_KEY_TIMEZONE } from '@ghostfolio/common/config';
-import { Injectable, UnauthorizedException } from '@nestjs/common';
+import {
+  DEFAULT_CURRENCY,
+  DEFAULT_LANGUAGE_CODE,
+  HEADER_KEY_TIMEZONE
+} from '@ghostfolio/common/config';
+import { hasRole } from '@ghostfolio/common/permissions';
+
+import { HttpException, Injectable } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import * as countriesAndTimezones from 'countries-and-timezones';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 import { ExtractJwt, Strategy } from 'passport-jwt';
 
 @Injectable()
@@ -28,26 +35,51 @@ export class JwtStrategy extends PassportStrategy(Strategy, 'jwt') {
 
       if (user) {
         if (this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION')) {
+          if (hasRole(user, 'INACTIVE')) {
+            throw new HttpException(
+              getReasonPhrase(StatusCodes.TOO_MANY_REQUESTS),
+              StatusCodes.TOO_MANY_REQUESTS
+            );
+          }
+
           const country =
             countriesAndTimezones.getCountryForTimezone(timezone)?.id;
 
           await this.prismaService.analytics.upsert({
-            create: { country, User: { connect: { id: user.id } } },
+            create: { country, user: { connect: { id: user.id } } },
             update: {
               country,
               activityCount: { increment: 1 },
-              updatedAt: new Date()
+              lastRequestAt: new Date()
             },
             where: { userId: user.id }
           });
         }
 
+        if (!user.Settings.settings.baseCurrency) {
+          user.Settings.settings.baseCurrency = DEFAULT_CURRENCY;
+        }
+
+        if (!user.Settings.settings.language) {
+          user.Settings.settings.language = DEFAULT_LANGUAGE_CODE;
+        }
+
         return user;
       } else {
-        throw '';
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.NOT_FOUND),
+          StatusCodes.NOT_FOUND
+        );
+      }
+    } catch (error) {
+      if (error?.getStatus?.() === StatusCodes.TOO_MANY_REQUESTS) {
+        throw error;
+      } else {
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.UNAUTHORIZED),
+          StatusCodes.UNAUTHORIZED
+        );
       }
-    } catch (err) {
-      throw new UnauthorizedException('unauthorized', err.message);
     }
   }
 }

apps/api/src/app/auth/web-auth.service.ts

@@ -3,6 +3,7 @@ import { AuthDeviceService } from '@ghostfolio/api/app/auth-device/auth-device.s
 import { UserService } from '@ghostfolio/api/app/user/user.service';
 import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
 import type { RequestWithUser } from '@ghostfolio/common/types';
+
 import {
   Inject,
   Injectable,
@@ -12,17 +13,18 @@ import {
 import { REQUEST } from '@nestjs/core';
 import { JwtService } from '@nestjs/jwt';
 import {
+  generateAuthenticationOptions,
   GenerateAuthenticationOptionsOpts,
+  generateRegistrationOptions,
   GenerateRegistrationOptionsOpts,
   VerifiedAuthenticationResponse,
   VerifiedRegistrationResponse,
-  VerifyAuthenticationResponseOpts,
-  VerifyRegistrationResponseOpts,
-  generateAuthenticationOptions,
-  generateRegistrationOptions,
   verifyAuthenticationResponse,
-  verifyRegistrationResponse
+  VerifyAuthenticationResponseOpts,
+  verifyRegistrationResponse,
+  VerifyRegistrationResponseOpts
 } from '@simplewebauthn/server';
+import { isoBase64URL, isoUint8Array } from '@simplewebauthn/server/helpers';
 
 import {
   AssertionCredentialJSON,
@@ -40,7 +42,7 @@ export class WebAuthService {
   ) {}
 
   get rpID() {
-    return this.configurationService.get('WEB_AUTH_RP_ID');
+    return new URL(this.configurationService.get('ROOT_URL')).hostname;
   }
 
   get expectedOrigin() {
@@ -53,10 +55,9 @@ export class WebAuthService {
     const opts: GenerateRegistrationOptionsOpts = {
       rpName: 'Ghostfolio',
       rpID: this.rpID,
-      userID: user.id,
+      userID: isoUint8Array.fromUTF8String(user.id),
       userName: '',
       timeout: 60000,
-      attestationType: 'indirect',
       authenticatorSelection: {
         authenticatorAttachment: 'platform',
         requireResidentKey: false,
@@ -79,7 +80,6 @@ export class WebAuthService {
   }
 
   public async verifyAttestation(
-    deviceName: string,
     credential: AttestationCredentialJSON
   ): Promise<AuthDeviceDto> {
     const user = this.request.user;
@@ -111,11 +111,17 @@ export class WebAuthService {
       where: { userId: user.id }
     });
     if (registrationInfo && verified) {
-      const { counter, credentialID, credentialPublicKey } = registrationInfo;
+      const {
+        credential: {
+          counter,
+          id: credentialId,
+          publicKey: credentialPublicKey
+        }
+      } = registrationInfo;
 
-      let existingDevice = devices.find(
-        (device) => device.credentialId === credentialID
-      );
+      let existingDevice = devices.find((device) => {
+        return isoBase64URL.fromBuffer(device.credentialId) === credentialId;
+      });
 
       if (!existingDevice) {
         /**
@@ -123,9 +129,9 @@ export class WebAuthService {
          */
         existingDevice = await this.deviceService.createAuthDevice({
           counter,
-          credentialId: Buffer.from(credentialID),
+          credentialId: Buffer.from(credentialId),
           credentialPublicKey: Buffer.from(credentialPublicKey),
-          User: { connect: { id: user.id } }
+          user: { connect: { id: user.id } }
         });
       }
 
@@ -148,9 +154,8 @@ export class WebAuthService {
     const opts: GenerateAuthenticationOptionsOpts = {
       allowCredentials: [
         {
-          id: device.credentialId,
-          transports: ['internal'],
-          type: 'public-key'
+          id: isoBase64URL.fromBuffer(device.credentialId),
+          transports: ['internal']
         }
       ],
       rpID: this.rpID,
@@ -187,10 +192,10 @@ export class WebAuthService {
     let verification: VerifiedAuthenticationResponse;
     try {
       const opts: VerifyAuthenticationResponseOpts = {
-        authenticator: {
-          credentialID: device.credentialId,
-          credentialPublicKey: device.credentialPublicKey,
-          counter: device.counter
+        credential: {
+          counter: device.counter,
+          id: isoBase64URL.fromBuffer(device.credentialId),
+          publicKey: device.credentialPublicKey
         },
         expectedChallenge: `${user.authChallenge}`,
         expectedOrigin: this.expectedOrigin,

apps/api/src/app/benchmark/benchmark.controller.ts

@@ -1,138 +0,0 @@
-import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request.interceptor';
-import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response.interceptor';
-import type {
-  BenchmarkMarketDataDetails,
-  BenchmarkResponse,
-  UniqueAsset
-} from '@ghostfolio/common/interfaces';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
-import type { RequestWithUser } from '@ghostfolio/common/types';
-import {
-  Body,
-  Controller,
-  Delete,
-  Get,
-  HttpException,
-  Inject,
-  Param,
-  Post,
-  UseGuards,
-  UseInterceptors
-} from '@nestjs/common';
-import { REQUEST } from '@nestjs/core';
-import { AuthGuard } from '@nestjs/passport';
-import { DataSource } from '@prisma/client';
-import { StatusCodes, getReasonPhrase } from 'http-status-codes';
-
-import { BenchmarkService } from './benchmark.service';
-
-@Controller('benchmark')
-export class BenchmarkController {
-  public constructor(
-    private readonly benchmarkService: BenchmarkService,
-    @Inject(REQUEST) private readonly request: RequestWithUser
-  ) {}
-
-  @Post()
-  @UseGuards(AuthGuard('jwt'))
-  public async addBenchmark(@Body() { dataSource, symbol }: UniqueAsset) {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    try {
-      const benchmark = await this.benchmarkService.addBenchmark({
-        dataSource,
-        symbol
-      });
-
-      if (!benchmark) {
-        throw new HttpException(
-          getReasonPhrase(StatusCodes.NOT_FOUND),
-          StatusCodes.NOT_FOUND
-        );
-      }
-
-      return benchmark;
-    } catch {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
-        StatusCodes.INTERNAL_SERVER_ERROR
-      );
-    }
-  }
-
-  @Delete(':dataSource/:symbol')
-  @UseGuards(AuthGuard('jwt'))
-  public async deleteBenchmark(
-    @Param('dataSource') dataSource: DataSource,
-    @Param('symbol') symbol: string
-  ) {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    try {
-      const benchmark = await this.benchmarkService.deleteBenchmark({
-        dataSource,
-        symbol
-      });
-
-      if (!benchmark) {
-        throw new HttpException(
-          getReasonPhrase(StatusCodes.NOT_FOUND),
-          StatusCodes.NOT_FOUND
-        );
-      }
-
-      return benchmark;
-    } catch {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
-        StatusCodes.INTERNAL_SERVER_ERROR
-      );
-    }
-  }
-
-  @Get()
-  @UseInterceptors(TransformDataSourceInRequestInterceptor)
-  @UseInterceptors(TransformDataSourceInResponseInterceptor)
-  public async getBenchmark(): Promise<BenchmarkResponse> {
-    return {
-      benchmarks: await this.benchmarkService.getBenchmarks()
-    };
-  }
-
-  @Get(':dataSource/:symbol/:startDateString')
-  @UseGuards(AuthGuard('jwt'))
-  @UseInterceptors(TransformDataSourceInRequestInterceptor)
-  public async getBenchmarkMarketDataBySymbol(
-    @Param('dataSource') dataSource: DataSource,
-    @Param('startDateString') startDateString: string,
-    @Param('symbol') symbol: string
-  ): Promise<BenchmarkMarketDataDetails> {
-    const startDate = new Date(startDateString);
-
-    return this.benchmarkService.getMarketDataBySymbol({
-      dataSource,
-      startDate,
-      symbol
-    });
-  }
-}

apps/api/src/app/cache/cache.controller.ts

@@ -1,39 +1,19 @@
 import { RedisCacheService } from '@ghostfolio/api/app/redis-cache/redis-cache.service';
-import { hasPermission, permissions } from '@ghostfolio/common/permissions';
-import type { RequestWithUser } from '@ghostfolio/common/types';
-import {
-  Controller,
-  HttpException,
-  Inject,
-  Post,
-  UseGuards
-} from '@nestjs/common';
-import { REQUEST } from '@nestjs/core';
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { permissions } from '@ghostfolio/common/permissions';
+
+import { Controller, Post, UseGuards } from '@nestjs/common';
 import { AuthGuard } from '@nestjs/passport';
-import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 
 @Controller('cache')
 export class CacheController {
-  public constructor(
-    private readonly redisCacheService: RedisCacheService,
-    @Inject(REQUEST) private readonly request: RequestWithUser
-  ) {}
+  public constructor(private readonly redisCacheService: RedisCacheService) {}
 
+  @HasPermission(permissions.accessAdminControl)
   @Post('flush')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async flushCache(): Promise<void> {
-    if (
-      !hasPermission(
-        this.request.user.permissions,
-        permissions.accessAdminControl
-      )
-    ) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    return this.redisCacheService.reset();
+    await this.redisCacheService.reset();
   }
 }

apps/api/src/app/cache/cache.module.ts

@@ -1,24 +1,11 @@
 import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
-import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
-import { DataGatheringModule } from '@ghostfolio/api/services/data-gathering/data-gathering.module';
-import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
-import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
-import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
-import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
 import { Module } from '@nestjs/common';
 
 import { CacheController } from './cache.controller';
 
 @Module({
   controllers: [CacheController],
-  imports: [
-    ConfigurationModule,
-    DataGatheringModule,
-    DataProviderModule,
-    ExchangeRateDataModule,
-    PrismaModule,
-    RedisCacheModule,
-    SymbolProfileModule
-  ]
+  imports: [RedisCacheModule]
 })
 export class CacheModule {}

apps/api/src/app/endpoints/ai/ai.controller.ts

@@ -0,0 +1,59 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { ApiService } from '@ghostfolio/api/services/api/api.service';
+import { AiPromptResponse } from '@ghostfolio/common/interfaces';
+import { permissions } from '@ghostfolio/common/permissions';
+import type { AiPromptMode, RequestWithUser } from '@ghostfolio/common/types';
+
+import {
+  Controller,
+  Get,
+  Inject,
+  Param,
+  Query,
+  UseGuards
+} from '@nestjs/common';
+import { REQUEST } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+
+import { AiService } from './ai.service';
+
+@Controller('ai')
+export class AiController {
+  public constructor(
+    private readonly aiService: AiService,
+    private readonly apiService: ApiService,
+    @Inject(REQUEST) private readonly request: RequestWithUser
+  ) {}
+
+  @Get('prompt/:mode')
+  @HasPermission(permissions.readAiPrompt)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async getPrompt(
+    @Param('mode') mode: AiPromptMode,
+    @Query('accounts') filterByAccounts?: string,
+    @Query('assetClasses') filterByAssetClasses?: string,
+    @Query('dataSource') filterByDataSource?: string,
+    @Query('symbol') filterBySymbol?: string,
+    @Query('tags') filterByTags?: string
+  ): Promise<AiPromptResponse> {
+    const filters = this.apiService.buildFiltersFromQueryParams({
+      filterByAccounts,
+      filterByAssetClasses,
+      filterByDataSource,
+      filterBySymbol,
+      filterByTags
+    });
+
+    const prompt = await this.aiService.getPrompt({
+      filters,
+      mode,
+      impersonationId: undefined,
+      languageCode: this.request.user.Settings.settings.language,
+      userCurrency: this.request.user.Settings.settings.baseCurrency,
+      userId: this.request.user.id
+    });
+
+    return { prompt };
+  }
+}

apps/api/src/app/endpoints/ai/ai.module.ts

@@ -0,0 +1,59 @@
+import { AccountBalanceService } from '@ghostfolio/api/app/account-balance/account-balance.service';
+import { AccountService } from '@ghostfolio/api/app/account/account.service';
+import { OrderModule } from '@ghostfolio/api/app/order/order.module';
+import { PortfolioCalculatorFactory } from '@ghostfolio/api/app/portfolio/calculator/portfolio-calculator.factory';
+import { CurrentRateService } from '@ghostfolio/api/app/portfolio/current-rate.service';
+import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
+import { RulesService } from '@ghostfolio/api/app/portfolio/rules.service';
+import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
+import { UserModule } from '@ghostfolio/api/app/user/user.module';
+import { ApiModule } from '@ghostfolio/api/services/api/api.module';
+import { BenchmarkModule } from '@ghostfolio/api/services/benchmark/benchmark.module';
+import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
+import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
+import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
+import { I18nModule } from '@ghostfolio/api/services/i18n/i18n.module';
+import { ImpersonationModule } from '@ghostfolio/api/services/impersonation/impersonation.module';
+import { MarketDataModule } from '@ghostfolio/api/services/market-data/market-data.module';
+import { MarketDataService } from '@ghostfolio/api/services/market-data/market-data.service';
+import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+import { PropertyModule } from '@ghostfolio/api/services/property/property.module';
+import { PortfolioSnapshotQueueModule } from '@ghostfolio/api/services/queues/portfolio-snapshot/portfolio-snapshot.module';
+import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
+import { Module } from '@nestjs/common';
+
+import { AiController } from './ai.controller';
+import { AiService } from './ai.service';
+
+@Module({
+  controllers: [AiController],
+  imports: [
+    ApiModule,
+    BenchmarkModule,
+    ConfigurationModule,
+    DataProviderModule,
+    ExchangeRateDataModule,
+    I18nModule,
+    ImpersonationModule,
+    MarketDataModule,
+    OrderModule,
+    PortfolioSnapshotQueueModule,
+    PrismaModule,
+    PropertyModule,
+    RedisCacheModule,
+    SymbolProfileModule,
+    UserModule
+  ],
+  providers: [
+    AccountBalanceService,
+    AccountService,
+    AiService,
+    CurrentRateService,
+    MarketDataService,
+    PortfolioCalculatorFactory,
+    PortfolioService,
+    RulesService
+  ]
+})
+export class AiModule {}

apps/api/src/app/endpoints/ai/ai.service.ts

@@ -0,0 +1,100 @@
+import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
+import { PropertyService } from '@ghostfolio/api/services/property/property.service';
+import {
+  PROPERTY_API_KEY_OPENROUTER,
+  PROPERTY_OPENROUTER_MODEL
+} from '@ghostfolio/common/config';
+import { Filter } from '@ghostfolio/common/interfaces';
+import type { AiPromptMode } from '@ghostfolio/common/types';
+
+import { Injectable } from '@nestjs/common';
+import { createOpenRouter } from '@openrouter/ai-sdk-provider';
+import { generateText } from 'ai';
+
+@Injectable()
+export class AiService {
+  public constructor(
+    private readonly portfolioService: PortfolioService,
+    private readonly propertyService: PropertyService
+  ) {}
+
+  public async generateText({ prompt }: { prompt: string }) {
+    const openRouterApiKey = await this.propertyService.getByKey<string>(
+      PROPERTY_API_KEY_OPENROUTER
+    );
+
+    const openRouterModel = await this.propertyService.getByKey<string>(
+      PROPERTY_OPENROUTER_MODEL
+    );
+
+    const openRouterService = createOpenRouter({
+      apiKey: openRouterApiKey
+    });
+
+    return generateText({
+      prompt,
+      model: openRouterService.chat(openRouterModel)
+    });
+  }
+
+  public async getPrompt({
+    filters,
+    impersonationId,
+    languageCode,
+    mode,
+    userCurrency,
+    userId
+  }: {
+    filters?: Filter[];
+    impersonationId: string;
+    languageCode: string;
+    mode: AiPromptMode;
+    userCurrency: string;
+    userId: string;
+  }) {
+    const { holdings } = await this.portfolioService.getDetails({
+      filters,
+      impersonationId,
+      userId
+    });
+
+    const holdingsTable = [
+      '| Name | Symbol | Currency | Asset Class | Asset Sub Class | Allocation in Percentage |',
+      '| --- | --- | --- | --- | --- | --- |',
+      ...Object.values(holdings)
+        .sort((a, b) => {
+          return b.allocationInPercentage - a.allocationInPercentage;
+        })
+        .map(
+          ({
+            allocationInPercentage,
+            assetClass,
+            assetSubClass,
+            currency,
+            name,
+            symbol
+          }) => {
+            return `| ${name} | ${symbol} | ${currency} | ${assetClass} | ${assetSubClass} | ${(allocationInPercentage * 100).toFixed(3)}% |`;
+          }
+        )
+    ];
+
+    if (mode === 'portfolio') {
+      return holdingsTable.join('\n');
+    }
+
+    return [
+      `You are a neutral financial assistant. Please analyze the following investment portfolio (base currency being ${userCurrency}) in simple words.`,
+      ...holdingsTable,
+      'Structure your answer with these sections:',
+      'Overview: Briefly summarize the portfolio’s composition and allocation rationale.',
+      'Risk Assessment: Identify potential risks, including market volatility, concentration, and sectoral imbalances.',
+      'Advantages: Highlight strengths, focusing on growth potential, diversification, or other benefits.',
+      'Disadvantages: Point out weaknesses, such as overexposure or lack of defensive assets.',
+      'Target Group: Discuss who this portfolio might suit (e.g., risk tolerance, investment goals, life stages, and experience levels).',
+      'Optimization Ideas: Offer ideas to complement the portfolio, ensuring they are constructive and neutral in tone.',
+      'Conclusion: Provide a concise summary highlighting key insights.',
+      `Provide your answer in the following language: ${languageCode}.`
+    ].join('\n');
+  }
+}

apps/api/src/app/endpoints/api-keys/api-keys.controller.ts

@@ -0,0 +1,25 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { ApiKeyService } from '@ghostfolio/api/services/api-key/api-key.service';
+import { ApiKeyResponse } from '@ghostfolio/common/interfaces';
+import { permissions } from '@ghostfolio/common/permissions';
+import type { RequestWithUser } from '@ghostfolio/common/types';
+
+import { Controller, Inject, Post, UseGuards } from '@nestjs/common';
+import { REQUEST } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+
+@Controller('api-keys')
+export class ApiKeysController {
+  public constructor(
+    private readonly apiKeyService: ApiKeyService,
+    @Inject(REQUEST) private readonly request: RequestWithUser
+  ) {}
+
+  @HasPermission(permissions.createApiKey)
+  @Post()
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async createApiKey(): Promise<ApiKeyResponse> {
+    return this.apiKeyService.create({ userId: this.request.user.id });
+  }
+}

apps/api/src/app/endpoints/api-keys/api-keys.module.ts

@@ -0,0 +1,11 @@
+import { ApiKeyModule } from '@ghostfolio/api/services/api-key/api-key.module';
+
+import { Module } from '@nestjs/common';
+
+import { ApiKeysController } from './api-keys.controller';
+
+@Module({
+  controllers: [ApiKeysController],
+  imports: [ApiKeyModule]
+})
+export class ApiKeysModule {}

apps/api/src/app/endpoints/assets/assets.controller.ts

@@ -0,0 +1,46 @@
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+import { interpolate } from '@ghostfolio/common/helper';
+
+import {
+  Controller,
+  Get,
+  Param,
+  Res,
+  Version,
+  VERSION_NEUTRAL
+} from '@nestjs/common';
+import { Response } from 'express';
+import { readFileSync } from 'fs';
+import { join } from 'path';
+
+@Controller('assets')
+export class AssetsController {
+  private webManifest = '';
+
+  public constructor(
+    public readonly configurationService: ConfigurationService
+  ) {
+    try {
+      this.webManifest = readFileSync(
+        join(__dirname, 'assets', 'site.webmanifest'),
+        'utf8'
+      );
+    } catch {}
+  }
+
+  @Get('/:languageCode/site.webmanifest')
+  @Version(VERSION_NEUTRAL)
+  public getWebManifest(
+    @Param('languageCode') languageCode: string,
+    @Res() response: Response
+  ): void {
+    const rootUrl = this.configurationService.get('ROOT_URL');
+    const webManifest = interpolate(this.webManifest, {
+      languageCode,
+      rootUrl
+    });
+
+    response.setHeader('Content-Type', 'application/json');
+    response.send(webManifest);
+  }
+}

apps/api/src/app/endpoints/assets/assets.module.ts

@@ -0,0 +1,11 @@
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+
+import { Module } from '@nestjs/common';
+
+import { AssetsController } from './assets.controller';
+
+@Module({
+  controllers: [AssetsController],
+  providers: [ConfigurationService]
+})
+export class AssetsModule {}

apps/api/src/app/endpoints/benchmarks/benchmarks.controller.ts

@@ -0,0 +1,156 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor';
+import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor';
+import { ApiService } from '@ghostfolio/api/services/api/api.service';
+import { BenchmarkService } from '@ghostfolio/api/services/benchmark/benchmark.service';
+import { getIntervalFromDateRange } from '@ghostfolio/common/calculation-helper';
+import { HEADER_KEY_IMPERSONATION } from '@ghostfolio/common/config';
+import type {
+  AssetProfileIdentifier,
+  BenchmarkMarketDataDetails,
+  BenchmarkResponse
+} from '@ghostfolio/common/interfaces';
+import { permissions } from '@ghostfolio/common/permissions';
+import type { DateRange, RequestWithUser } from '@ghostfolio/common/types';
+
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Headers,
+  HttpException,
+  Inject,
+  Param,
+  Post,
+  Query,
+  UseGuards,
+  UseInterceptors
+} from '@nestjs/common';
+import { REQUEST } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+import { DataSource } from '@prisma/client';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
+
+import { BenchmarksService } from './benchmarks.service';
+
+@Controller('benchmarks')
+export class BenchmarksController {
+  public constructor(
+    private readonly apiService: ApiService,
+    private readonly benchmarkService: BenchmarkService,
+    private readonly benchmarksService: BenchmarksService,
+    @Inject(REQUEST) private readonly request: RequestWithUser
+  ) {}
+
+  @HasPermission(permissions.accessAdminControl)
+  @Post()
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async addBenchmark(
+    @Body() { dataSource, symbol }: AssetProfileIdentifier
+  ) {
+    try {
+      const benchmark = await this.benchmarkService.addBenchmark({
+        dataSource,
+        symbol
+      });
+
+      if (!benchmark) {
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.NOT_FOUND),
+          StatusCodes.NOT_FOUND
+        );
+      }
+
+      return benchmark;
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
+        StatusCodes.INTERNAL_SERVER_ERROR
+      );
+    }
+  }
+
+  @Delete(':dataSource/:symbol')
+  @HasPermission(permissions.accessAdminControl)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async deleteBenchmark(
+    @Param('dataSource') dataSource: DataSource,
+    @Param('symbol') symbol: string
+  ) {
+    try {
+      const benchmark = await this.benchmarkService.deleteBenchmark({
+        dataSource,
+        symbol
+      });
+
+      if (!benchmark) {
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.NOT_FOUND),
+          StatusCodes.NOT_FOUND
+        );
+      }
+
+      return benchmark;
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
+        StatusCodes.INTERNAL_SERVER_ERROR
+      );
+    }
+  }
+
+  @Get()
+  @UseInterceptors(TransformDataSourceInRequestInterceptor)
+  @UseInterceptors(TransformDataSourceInResponseInterceptor)
+  public async getBenchmark(): Promise<BenchmarkResponse> {
+    return {
+      benchmarks: await this.benchmarkService.getBenchmarks()
+    };
+  }
+
+  @Get(':dataSource/:symbol/:startDateString')
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  @UseInterceptors(TransformDataSourceInRequestInterceptor)
+  public async getBenchmarkMarketDataForUser(
+    @Headers(HEADER_KEY_IMPERSONATION.toLowerCase()) impersonationId: string,
+    @Param('dataSource') dataSource: DataSource,
+    @Param('startDateString') startDateString: string,
+    @Param('symbol') symbol: string,
+    @Query('range') dateRange: DateRange = 'max',
+    @Query('accounts') filterByAccounts?: string,
+    @Query('assetClasses') filterByAssetClasses?: string,
+    @Query('dataSource') filterByDataSource?: string,
+    @Query('symbol') filterBySymbol?: string,
+    @Query('tags') filterByTags?: string,
+    @Query('withExcludedAccounts') withExcludedAccountsParam = 'false'
+  ): Promise<BenchmarkMarketDataDetails> {
+    const { endDate, startDate } = getIntervalFromDateRange(
+      dateRange,
+      new Date(startDateString)
+    );
+
+    const filters = this.apiService.buildFiltersFromQueryParams({
+      filterByAccounts,
+      filterByAssetClasses,
+      filterByDataSource,
+      filterBySymbol,
+      filterByTags
+    });
+
+    const withExcludedAccounts = withExcludedAccountsParam === 'true';
+
+    return this.benchmarksService.getMarketDataForUser({
+      dataSource,
+      dateRange,
+      endDate,
+      filters,
+      impersonationId,
+      startDate,
+      symbol,
+      withExcludedAccounts,
+      user: this.request.user
+    });
+  }
+}

apps/api/src/app/endpoints/benchmarks/benchmarks.module.ts

@@ -0,0 +1,65 @@
+import { AccountBalanceService } from '@ghostfolio/api/app/account-balance/account-balance.service';
+import { AccountService } from '@ghostfolio/api/app/account/account.service';
+import { OrderModule } from '@ghostfolio/api/app/order/order.module';
+import { PortfolioCalculatorFactory } from '@ghostfolio/api/app/portfolio/calculator/portfolio-calculator.factory';
+import { CurrentRateService } from '@ghostfolio/api/app/portfolio/current-rate.service';
+import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
+import { RulesService } from '@ghostfolio/api/app/portfolio/rules.service';
+import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
+import { SymbolModule } from '@ghostfolio/api/app/symbol/symbol.module';
+import { UserModule } from '@ghostfolio/api/app/user/user.module';
+import { TransformDataSourceInRequestModule } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.module';
+import { TransformDataSourceInResponseModule } from '@ghostfolio/api/interceptors/transform-data-source-in-response/transform-data-source-in-response.module';
+import { ApiModule } from '@ghostfolio/api/services/api/api.module';
+import { BenchmarkService } from '@ghostfolio/api/services/benchmark/benchmark.service';
+import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
+import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
+import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
+import { I18nModule } from '@ghostfolio/api/services/i18n/i18n.module';
+import { ImpersonationModule } from '@ghostfolio/api/services/impersonation/impersonation.module';
+import { MarketDataModule } from '@ghostfolio/api/services/market-data/market-data.module';
+import { MarketDataService } from '@ghostfolio/api/services/market-data/market-data.service';
+import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+import { PropertyModule } from '@ghostfolio/api/services/property/property.module';
+import { PortfolioSnapshotQueueModule } from '@ghostfolio/api/services/queues/portfolio-snapshot/portfolio-snapshot.module';
+import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
+import { Module } from '@nestjs/common';
+
+import { BenchmarksController } from './benchmarks.controller';
+import { BenchmarksService } from './benchmarks.service';
+
+@Module({
+  controllers: [BenchmarksController],
+  imports: [
+    ApiModule,
+    ConfigurationModule,
+    DataProviderModule,
+    ExchangeRateDataModule,
+    I18nModule,
+    ImpersonationModule,
+    MarketDataModule,
+    OrderModule,
+    PortfolioSnapshotQueueModule,
+    PrismaModule,
+    PropertyModule,
+    RedisCacheModule,
+    SymbolModule,
+    SymbolProfileModule,
+    TransformDataSourceInRequestModule,
+    TransformDataSourceInResponseModule,
+    UserModule
+  ],
+  providers: [
+    AccountBalanceService,
+    AccountService,
+    BenchmarkService,
+    BenchmarksService,
+    CurrentRateService,
+    MarketDataService,
+    PortfolioCalculatorFactory,
+    PortfolioService,
+    RulesService
+  ]
+})
+export class BenchmarksModule {}

apps/api/src/app/endpoints/benchmarks/benchmarks.service.ts

@@ -0,0 +1,163 @@
+import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
+import { SymbolService } from '@ghostfolio/api/app/symbol/symbol.service';
+import { BenchmarkService } from '@ghostfolio/api/services/benchmark/benchmark.service';
+import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.service';
+import { MarketDataService } from '@ghostfolio/api/services/market-data/market-data.service';
+import { DATE_FORMAT, parseDate, resetHours } from '@ghostfolio/common/helper';
+import {
+  AssetProfileIdentifier,
+  BenchmarkMarketDataDetails,
+  Filter
+} from '@ghostfolio/common/interfaces';
+import { DateRange, UserWithSettings } from '@ghostfolio/common/types';
+
+import { Injectable, Logger } from '@nestjs/common';
+import { format, isSameDay } from 'date-fns';
+import { isNumber } from 'lodash';
+
+@Injectable()
+export class BenchmarksService {
+  public constructor(
+    private readonly benchmarkService: BenchmarkService,
+    private readonly exchangeRateDataService: ExchangeRateDataService,
+    private readonly marketDataService: MarketDataService,
+    private readonly portfolioService: PortfolioService,
+    private readonly symbolService: SymbolService
+  ) {}
+
+  public async getMarketDataForUser({
+    dataSource,
+    dateRange,
+    endDate = new Date(),
+    filters,
+    impersonationId,
+    startDate,
+    symbol,
+    user,
+    withExcludedAccounts
+  }: {
+    dateRange: DateRange;
+    endDate?: Date;
+    filters?: Filter[];
+    impersonationId: string;
+    startDate: Date;
+    user: UserWithSettings;
+    withExcludedAccounts?: boolean;
+  } & AssetProfileIdentifier): Promise<BenchmarkMarketDataDetails> {
+    const marketData: { date: string; value: number }[] = [];
+    const userCurrency = user.Settings.settings.baseCurrency;
+    const userId = user.id;
+
+    const { chart } = await this.portfolioService.getPerformance({
+      dateRange,
+      filters,
+      impersonationId,
+      userId,
+      withExcludedAccounts
+    });
+
+    const [currentSymbolItem, marketDataItems] = await Promise.all([
+      this.symbolService.get({
+        dataGatheringItem: {
+          dataSource,
+          symbol
+        }
+      }),
+      this.marketDataService.marketDataItems({
+        orderBy: {
+          date: 'asc'
+        },
+        where: {
+          dataSource,
+          symbol,
+          date: {
+            in: chart.map(({ date }) => {
+              return resetHours(parseDate(date));
+            })
+          }
+        }
+      })
+    ]);
+
+    const exchangeRates =
+      await this.exchangeRateDataService.getExchangeRatesByCurrency({
+        startDate,
+        currencies: [currentSymbolItem.currency],
+        targetCurrency: userCurrency
+      });
+
+    const exchangeRateAtStartDate =
+      exchangeRates[`${currentSymbolItem.currency}${userCurrency}`]?.[
+        format(startDate, DATE_FORMAT)
+      ];
+
+    const marketPriceAtStartDate = marketDataItems?.find(({ date }) => {
+      return isSameDay(date, startDate);
+    })?.marketPrice;
+
+    if (!marketPriceAtStartDate) {
+      Logger.error(
+        `No historical market data has been found for ${symbol} (${dataSource}) at ${format(
+          startDate,
+          DATE_FORMAT
+        )}`,
+        'BenchmarkService'
+      );
+
+      return { marketData };
+    }
+
+    for (const marketDataItem of marketDataItems) {
+      const exchangeRate =
+        exchangeRates[`${currentSymbolItem.currency}${userCurrency}`]?.[
+          format(marketDataItem.date, DATE_FORMAT)
+        ];
+
+      const exchangeRateFactor =
+        isNumber(exchangeRateAtStartDate) && isNumber(exchangeRate)
+          ? exchangeRate / exchangeRateAtStartDate
+          : 1;
+
+      marketData.push({
+        date: format(marketDataItem.date, DATE_FORMAT),
+        value:
+          marketPriceAtStartDate === 0
+            ? 0
+            : this.benchmarkService.calculateChangeInPercentage(
+                marketPriceAtStartDate,
+                marketDataItem.marketPrice * exchangeRateFactor
+              ) * 100
+      });
+    }
+
+    const includesEndDate = isSameDay(
+      parseDate(marketData.at(-1).date),
+      endDate
+    );
+
+    if (currentSymbolItem?.marketPrice && !includesEndDate) {
+      const exchangeRate =
+        exchangeRates[`${currentSymbolItem.currency}${userCurrency}`]?.[
+          format(endDate, DATE_FORMAT)
+        ];
+
+      const exchangeRateFactor =
+        isNumber(exchangeRateAtStartDate) && isNumber(exchangeRate)
+          ? exchangeRate / exchangeRateAtStartDate
+          : 1;
+
+      marketData.push({
+        date: format(endDate, DATE_FORMAT),
+        value:
+          this.benchmarkService.calculateChangeInPercentage(
+            marketPriceAtStartDate,
+            currentSymbolItem.marketPrice * exchangeRateFactor
+          ) * 100
+      });
+    }
+
+    return {
+      marketData
+    };
+  }
+}

apps/api/src/app/endpoints/data-providers/ghostfolio/get-dividends.dto.ts

@@ -0,0 +1,15 @@
+import { Granularity } from '@ghostfolio/common/types';
+
+import { IsIn, IsISO8601, IsOptional } from 'class-validator';
+
+export class GetDividendsDto {
+  @IsISO8601()
+  from: string;
+
+  @IsIn(['day', 'month'] as Granularity[])
+  @IsOptional()
+  granularity: Granularity;
+
+  @IsISO8601()
+  to: string;
+}

apps/api/src/app/endpoints/data-providers/ghostfolio/get-historical.dto.ts

@@ -0,0 +1,15 @@
+import { Granularity } from '@ghostfolio/common/types';
+
+import { IsIn, IsISO8601, IsOptional } from 'class-validator';
+
+export class GetHistoricalDto {
+  @IsISO8601()
+  from: string;
+
+  @IsIn(['day', 'month'] as Granularity[])
+  @IsOptional()
+  granularity: Granularity;
+
+  @IsISO8601()
+  to: string;
+}

apps/api/src/app/endpoints/data-providers/ghostfolio/get-quotes.dto.ts

@@ -0,0 +1,10 @@
+import { Transform } from 'class-transformer';
+import { IsString } from 'class-validator';
+
+export class GetQuotesDto {
+  @IsString({ each: true })
+  @Transform(({ value }) =>
+    typeof value === 'string' ? value.split(',') : value
+  )
+  symbols: string[];
+}

apps/api/src/app/endpoints/data-providers/ghostfolio/ghostfolio.controller.ts

@@ -0,0 +1,241 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { parseDate } from '@ghostfolio/common/helper';
+import {
+  DataProviderGhostfolioAssetProfileResponse,
+  DataProviderGhostfolioStatusResponse,
+  DividendsResponse,
+  HistoricalResponse,
+  LookupResponse,
+  QuotesResponse
+} from '@ghostfolio/common/interfaces';
+import { permissions } from '@ghostfolio/common/permissions';
+import { RequestWithUser } from '@ghostfolio/common/types';
+
+import {
+  Controller,
+  Get,
+  HttpException,
+  Inject,
+  Param,
+  Query,
+  UseGuards,
+  Version
+} from '@nestjs/common';
+import { REQUEST } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+import { isISIN } from 'class-validator';
+import { getReasonPhrase, StatusCodes } from 'http-status-codes';
+
+import { GetDividendsDto } from './get-dividends.dto';
+import { GetHistoricalDto } from './get-historical.dto';
+import { GetQuotesDto } from './get-quotes.dto';
+import { GhostfolioService } from './ghostfolio.service';
+
+@Controller('data-providers/ghostfolio')
+export class GhostfolioController {
+  public constructor(
+    private readonly ghostfolioService: GhostfolioService,
+    @Inject(REQUEST) private readonly request: RequestWithUser
+  ) {}
+
+  @Get('asset-profile/:symbol')
+  @HasPermission(permissions.enableDataProviderGhostfolio)
+  @UseGuards(AuthGuard('api-key'), HasPermissionGuard)
+  public async getAssetProfile(
+    @Param('symbol') symbol: string
+  ): Promise<DataProviderGhostfolioAssetProfileResponse> {
+    const maxDailyRequests = await this.ghostfolioService.getMaxDailyRequests();
+
+    if (
+      this.request.user.dataProviderGhostfolioDailyRequests > maxDailyRequests
+    ) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.TOO_MANY_REQUESTS),
+        StatusCodes.TOO_MANY_REQUESTS
+      );
+    }
+
+    try {
+      const assetProfile = await this.ghostfolioService.getAssetProfile({
+        symbol
+      });
+
+      await this.ghostfolioService.incrementDailyRequests({
+        userId: this.request.user.id
+      });
+
+      return assetProfile;
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
+        StatusCodes.INTERNAL_SERVER_ERROR
+      );
+    }
+  }
+
+  @Get('dividends/:symbol')
+  @HasPermission(permissions.enableDataProviderGhostfolio)
+  @UseGuards(AuthGuard('api-key'), HasPermissionGuard)
+  @Version('2')
+  public async getDividends(
+    @Param('symbol') symbol: string,
+    @Query() query: GetDividendsDto
+  ): Promise<DividendsResponse> {
+    const maxDailyRequests = await this.ghostfolioService.getMaxDailyRequests();
+
+    if (
+      this.request.user.dataProviderGhostfolioDailyRequests > maxDailyRequests
+    ) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.TOO_MANY_REQUESTS),
+        StatusCodes.TOO_MANY_REQUESTS
+      );
+    }
+
+    try {
+      const dividends = await this.ghostfolioService.getDividends({
+        symbol,
+        from: parseDate(query.from),
+        granularity: query.granularity,
+        to: parseDate(query.to)
+      });
+
+      await this.ghostfolioService.incrementDailyRequests({
+        userId: this.request.user.id
+      });
+
+      return dividends;
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
+        StatusCodes.INTERNAL_SERVER_ERROR
+      );
+    }
+  }
+
+  @Get('historical/:symbol')
+  @HasPermission(permissions.enableDataProviderGhostfolio)
+  @UseGuards(AuthGuard('api-key'), HasPermissionGuard)
+  @Version('2')
+  public async getHistorical(
+    @Param('symbol') symbol: string,
+    @Query() query: GetHistoricalDto
+  ): Promise<HistoricalResponse> {
+    const maxDailyRequests = await this.ghostfolioService.getMaxDailyRequests();
+
+    if (
+      this.request.user.dataProviderGhostfolioDailyRequests > maxDailyRequests
+    ) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.TOO_MANY_REQUESTS),
+        StatusCodes.TOO_MANY_REQUESTS
+      );
+    }
+
+    try {
+      const historicalData = await this.ghostfolioService.getHistorical({
+        symbol,
+        from: parseDate(query.from),
+        granularity: query.granularity,
+        to: parseDate(query.to)
+      });
+
+      await this.ghostfolioService.incrementDailyRequests({
+        userId: this.request.user.id
+      });
+
+      return historicalData;
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
+        StatusCodes.INTERNAL_SERVER_ERROR
+      );
+    }
+  }
+
+  @Get('lookup')
+  @HasPermission(permissions.enableDataProviderGhostfolio)
+  @UseGuards(AuthGuard('api-key'), HasPermissionGuard)
+  @Version('2')
+  public async lookupSymbol(
+    @Query('includeIndices') includeIndicesParam = 'false',
+    @Query('query') query = ''
+  ): Promise<LookupResponse> {
+    const includeIndices = includeIndicesParam === 'true';
+    const maxDailyRequests = await this.ghostfolioService.getMaxDailyRequests();
+
+    if (
+      this.request.user.dataProviderGhostfolioDailyRequests > maxDailyRequests
+    ) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.TOO_MANY_REQUESTS),
+        StatusCodes.TOO_MANY_REQUESTS
+      );
+    }
+
+    try {
+      const result = await this.ghostfolioService.lookup({
+        includeIndices,
+        query: isISIN(query.toUpperCase())
+          ? query.toUpperCase()
+          : query.toLowerCase()
+      });
+
+      await this.ghostfolioService.incrementDailyRequests({
+        userId: this.request.user.id
+      });
+
+      return result;
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
+        StatusCodes.INTERNAL_SERVER_ERROR
+      );
+    }
+  }
+
+  @Get('quotes')
+  @HasPermission(permissions.enableDataProviderGhostfolio)
+  @UseGuards(AuthGuard('api-key'), HasPermissionGuard)
+  @Version('2')
+  public async getQuotes(
+    @Query() query: GetQuotesDto
+  ): Promise<QuotesResponse> {
+    const maxDailyRequests = await this.ghostfolioService.getMaxDailyRequests();
+
+    if (
+      this.request.user.dataProviderGhostfolioDailyRequests > maxDailyRequests
+    ) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.TOO_MANY_REQUESTS),
+        StatusCodes.TOO_MANY_REQUESTS
+      );
+    }
+
+    try {
+      const quotes = await this.ghostfolioService.getQuotes({
+        symbols: query.symbols
+      });
+
+      await this.ghostfolioService.incrementDailyRequests({
+        userId: this.request.user.id
+      });
+
+      return quotes;
+    } catch {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.INTERNAL_SERVER_ERROR),
+        StatusCodes.INTERNAL_SERVER_ERROR
+      );
+    }
+  }
+
+  @Get('status')
+  @HasPermission(permissions.enableDataProviderGhostfolio)
+  @UseGuards(AuthGuard('api-key'), HasPermissionGuard)
+  @Version('2')
+  public async getStatus(): Promise<DataProviderGhostfolioStatusResponse> {
+    return this.ghostfolioService.getStatus({ user: this.request.user });
+  }
+}

apps/api/src/app/endpoints/data-providers/ghostfolio/ghostfolio.module.ts

@@ -0,0 +1,83 @@
+import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+import { CryptocurrencyModule } from '@ghostfolio/api/services/cryptocurrency/cryptocurrency.module';
+import { AlphaVantageService } from '@ghostfolio/api/services/data-provider/alpha-vantage/alpha-vantage.service';
+import { CoinGeckoService } from '@ghostfolio/api/services/data-provider/coingecko/coingecko.service';
+import { YahooFinanceDataEnhancerService } from '@ghostfolio/api/services/data-provider/data-enhancer/yahoo-finance/yahoo-finance.service';
+import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
+import { DataProviderService } from '@ghostfolio/api/services/data-provider/data-provider.service';
+import { EodHistoricalDataService } from '@ghostfolio/api/services/data-provider/eod-historical-data/eod-historical-data.service';
+import { FinancialModelingPrepService } from '@ghostfolio/api/services/data-provider/financial-modeling-prep/financial-modeling-prep.service';
+import { GoogleSheetsService } from '@ghostfolio/api/services/data-provider/google-sheets/google-sheets.service';
+import { ManualService } from '@ghostfolio/api/services/data-provider/manual/manual.service';
+import { RapidApiService } from '@ghostfolio/api/services/data-provider/rapid-api/rapid-api.service';
+import { YahooFinanceService } from '@ghostfolio/api/services/data-provider/yahoo-finance/yahoo-finance.service';
+import { MarketDataModule } from '@ghostfolio/api/services/market-data/market-data.module';
+import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+import { PropertyModule } from '@ghostfolio/api/services/property/property.module';
+import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
+import { Module } from '@nestjs/common';
+
+import { GhostfolioController } from './ghostfolio.controller';
+import { GhostfolioService } from './ghostfolio.service';
+
+@Module({
+  controllers: [GhostfolioController],
+  imports: [
+    CryptocurrencyModule,
+    DataProviderModule,
+    MarketDataModule,
+    PrismaModule,
+    PropertyModule,
+    RedisCacheModule,
+    SymbolProfileModule
+  ],
+  providers: [
+    AlphaVantageService,
+    CoinGeckoService,
+    ConfigurationService,
+    DataProviderService,
+    EodHistoricalDataService,
+    FinancialModelingPrepService,
+    GhostfolioService,
+    GoogleSheetsService,
+    ManualService,
+    RapidApiService,
+    YahooFinanceService,
+    YahooFinanceDataEnhancerService,
+    {
+      inject: [
+        AlphaVantageService,
+        CoinGeckoService,
+        EodHistoricalDataService,
+        FinancialModelingPrepService,
+        GoogleSheetsService,
+        ManualService,
+        RapidApiService,
+        YahooFinanceService
+      ],
+      provide: 'DataProviderInterfaces',
+      useFactory: (
+        alphaVantageService,
+        coinGeckoService,
+        eodHistoricalDataService,
+        financialModelingPrepService,
+        googleSheetsService,
+        manualService,
+        rapidApiService,
+        yahooFinanceService
+      ) => [
+        alphaVantageService,
+        coinGeckoService,
+        eodHistoricalDataService,
+        financialModelingPrepService,
+        googleSheetsService,
+        manualService,
+        rapidApiService,
+        yahooFinanceService
+      ]
+    }
+  ]
+})
+export class GhostfolioModule {}

apps/api/src/app/endpoints/data-providers/ghostfolio/ghostfolio.service.ts

@@ -0,0 +1,350 @@
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+import { DataProviderService } from '@ghostfolio/api/services/data-provider/data-provider.service';
+import { GhostfolioService as GhostfolioDataProviderService } from '@ghostfolio/api/services/data-provider/ghostfolio/ghostfolio.service';
+import {
+  GetAssetProfileParams,
+  GetDividendsParams,
+  GetHistoricalParams,
+  GetQuotesParams,
+  GetSearchParams
+} from '@ghostfolio/api/services/data-provider/interfaces/data-provider.interface';
+import { IDataProviderHistoricalResponse } from '@ghostfolio/api/services/interfaces/interfaces';
+import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
+import { PropertyService } from '@ghostfolio/api/services/property/property.service';
+import {
+  DEFAULT_CURRENCY,
+  DERIVED_CURRENCIES
+} from '@ghostfolio/common/config';
+import { PROPERTY_DATA_SOURCES_GHOSTFOLIO_DATA_PROVIDER_MAX_REQUESTS } from '@ghostfolio/common/config';
+import {
+  DataProviderGhostfolioAssetProfileResponse,
+  DataProviderInfo,
+  DividendsResponse,
+  HistoricalResponse,
+  LookupItem,
+  LookupResponse,
+  QuotesResponse
+} from '@ghostfolio/common/interfaces';
+import { UserWithSettings } from '@ghostfolio/common/types';
+
+import { Injectable, Logger } from '@nestjs/common';
+import { DataSource, SymbolProfile } from '@prisma/client';
+import { Big } from 'big.js';
+
+@Injectable()
+export class GhostfolioService {
+  public constructor(
+    private readonly configurationService: ConfigurationService,
+    private readonly dataProviderService: DataProviderService,
+    private readonly prismaService: PrismaService,
+    private readonly propertyService: PropertyService
+  ) {}
+
+  public async getAssetProfile({
+    requestTimeout = this.configurationService.get('REQUEST_TIMEOUT'),
+    symbol
+  }: GetAssetProfileParams) {
+    let result: DataProviderGhostfolioAssetProfileResponse = {};
+
+    try {
+      const promises: Promise<Partial<SymbolProfile>>[] = [];
+
+      for (const dataProviderService of this.getDataProviderServices()) {
+        promises.push(
+          dataProviderService
+            .getAssetProfile({
+              requestTimeout,
+              symbol
+            })
+            .then((assetProfile) => {
+              result = {
+                ...result,
+                ...assetProfile,
+                dataSource: DataSource.GHOSTFOLIO
+              };
+
+              return assetProfile;
+            })
+        );
+      }
+
+      await Promise.all(promises);
+
+      return result;
+    } catch (error) {
+      Logger.error(error, 'GhostfolioService');
+
+      throw error;
+    }
+  }
+
+  public async getDividends({
+    from,
+    granularity,
+    requestTimeout = this.configurationService.get('REQUEST_TIMEOUT'),
+    symbol,
+    to
+  }: GetDividendsParams) {
+    const result: DividendsResponse = { dividends: {} };
+
+    try {
+      const promises: Promise<{
+        [date: string]: IDataProviderHistoricalResponse;
+      }>[] = [];
+
+      for (const dataProviderService of this.getDataProviderServices()) {
+        promises.push(
+          dataProviderService
+            .getDividends({
+              from,
+              granularity,
+              requestTimeout,
+              symbol,
+              to
+            })
+            .then((dividends) => {
+              result.dividends = dividends;
+
+              return dividends;
+            })
+        );
+      }
+
+      await Promise.all(promises);
+
+      return result;
+    } catch (error) {
+      Logger.error(error, 'GhostfolioService');
+
+      throw error;
+    }
+  }
+
+  public async getHistorical({
+    from,
+    granularity,
+    requestTimeout,
+    to,
+    symbol
+  }: GetHistoricalParams) {
+    const result: HistoricalResponse = { historicalData: {} };
+
+    try {
+      const promises: Promise<{
+        [symbol: string]: { [date: string]: IDataProviderHistoricalResponse };
+      }>[] = [];
+
+      for (const dataProviderService of this.getDataProviderServices()) {
+        promises.push(
+          dataProviderService
+            .getHistorical({
+              from,
+              granularity,
+              requestTimeout,
+              symbol,
+              to
+            })
+            .then((historicalData) => {
+              result.historicalData = historicalData[symbol];
+
+              return historicalData;
+            })
+        );
+      }
+
+      await Promise.all(promises);
+
+      return result;
+    } catch (error) {
+      Logger.error(error, 'GhostfolioService');
+
+      throw error;
+    }
+  }
+
+  public async getMaxDailyRequests() {
+    return parseInt(
+      (await this.propertyService.getByKey<string>(
+        PROPERTY_DATA_SOURCES_GHOSTFOLIO_DATA_PROVIDER_MAX_REQUESTS
+      )) || '0',
+      10
+    );
+  }
+
+  public async getQuotes({ requestTimeout, symbols }: GetQuotesParams) {
+    const results: QuotesResponse = { quotes: {} };
+
+    try {
+      const promises: Promise<any>[] = [];
+
+      for (const dataProvider of this.getDataProviderServices()) {
+        const maximumNumberOfSymbolsPerRequest =
+          dataProvider.getMaxNumberOfSymbolsPerRequest?.() ??
+          Number.MAX_SAFE_INTEGER;
+
+        for (
+          let i = 0;
+          i < symbols.length;
+          i += maximumNumberOfSymbolsPerRequest
+        ) {
+          const symbolsChunk = symbols.slice(
+            i,
+            i + maximumNumberOfSymbolsPerRequest
+          );
+
+          const promise = Promise.resolve(
+            dataProvider.getQuotes({ requestTimeout, symbols: symbolsChunk })
+          );
+
+          promises.push(
+            promise.then(async (result) => {
+              for (const [symbol, dataProviderResponse] of Object.entries(
+                result
+              )) {
+                dataProviderResponse.dataSource = 'GHOSTFOLIO';
+
+                if (
+                  [
+                    ...DERIVED_CURRENCIES.map(({ currency }) => {
+                      return `${DEFAULT_CURRENCY}${currency}`;
+                    }),
+                    `${DEFAULT_CURRENCY}USX`
+                  ].includes(symbol)
+                ) {
+                  continue;
+                }
+
+                results.quotes[symbol] = dataProviderResponse;
+
+                for (const {
+                  currency,
+                  factor,
+                  rootCurrency
+                } of DERIVED_CURRENCIES) {
+                  if (symbol === `${DEFAULT_CURRENCY}${rootCurrency}`) {
+                    results.quotes[`${DEFAULT_CURRENCY}${currency}`] = {
+                      ...dataProviderResponse,
+                      currency,
+                      marketPrice: new Big(
+                        result[`${DEFAULT_CURRENCY}${rootCurrency}`].marketPrice
+                      )
+                        .mul(factor)
+                        .toNumber(),
+                      marketState: 'open'
+                    };
+                  }
+                }
+              }
+            })
+          );
+        }
+
+        await Promise.all(promises);
+      }
+
+      return results;
+    } catch (error) {
+      Logger.error(error, 'GhostfolioService');
+
+      throw error;
+    }
+  }
+
+  public async getStatus({ user }: { user: UserWithSettings }) {
+    return {
+      dailyRequests: user.dataProviderGhostfolioDailyRequests,
+      dailyRequestsMax: await this.getMaxDailyRequests(),
+      subscription: user.subscription
+    };
+  }
+
+  public async incrementDailyRequests({ userId }: { userId: string }) {
+    await this.prismaService.analytics.update({
+      data: {
+        dataProviderGhostfolioDailyRequests: { increment: 1 }
+      },
+      where: { userId }
+    });
+  }
+
+  public async lookup({
+    includeIndices = false,
+    query
+  }: GetSearchParams): Promise<LookupResponse> {
+    const results: LookupResponse = { items: [] };
+
+    if (!query) {
+      return results;
+    }
+
+    try {
+      let lookupItems: LookupItem[] = [];
+      const promises: Promise<{ items: LookupItem[] }>[] = [];
+
+      if (query?.length < 2) {
+        return { items: lookupItems };
+      }
+
+      for (const dataProviderService of this.getDataProviderServices()) {
+        promises.push(
+          dataProviderService.search({
+            includeIndices,
+            query
+          })
+        );
+      }
+
+      const searchResults = await Promise.all(promises);
+
+      for (const { items } of searchResults) {
+        if (items?.length > 0) {
+          lookupItems = lookupItems.concat(items);
+        }
+      }
+
+      const filteredItems = lookupItems
+        .filter(({ currency }) => {
+          // Only allow symbols with supported currency
+          return currency ? true : false;
+        })
+        .sort(({ name: name1 }, { name: name2 }) => {
+          return name1?.toLowerCase().localeCompare(name2?.toLowerCase());
+        })
+        .map((lookupItem) => {
+          lookupItem.dataProviderInfo = this.getDataProviderInfo();
+          lookupItem.dataSource = 'GHOSTFOLIO';
+
+          return lookupItem;
+        });
+
+      results.items = filteredItems;
+
+      return results;
+    } catch (error) {
+      Logger.error(error, 'GhostfolioService');
+
+      throw error;
+    }
+  }
+
+  private getDataProviderInfo(): DataProviderInfo {
+    const ghostfolioDataProviderService = new GhostfolioDataProviderService(
+      this.configurationService,
+      this.propertyService
+    );
+
+    return {
+      ...ghostfolioDataProviderService.getDataProviderInfo(),
+      isPremium: false,
+      name: 'Ghostfolio Premium'
+    };
+  }
+
+  private getDataProviderServices() {
+    return this.configurationService
+      .get('DATA_SOURCES_GHOSTFOLIO_DATA_PROVIDER')
+      .map((dataSource) => {
+        return this.dataProviderService.getDataProvider(DataSource[dataSource]);
+      });
+  }
+}

apps/api/src/app/endpoints/market-data/market-data.controller.ts

@@ -0,0 +1,189 @@
+import { AdminService } from '@ghostfolio/api/app/admin/admin.service';
+import { SymbolService } from '@ghostfolio/api/app/symbol/symbol.service';
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { MarketDataService } from '@ghostfolio/api/services/market-data/market-data.service';
+import { SymbolProfileService } from '@ghostfolio/api/services/symbol-profile/symbol-profile.service';
+import {
+  ghostfolioFearAndGreedIndexDataSourceCryptocurrencies,
+  ghostfolioFearAndGreedIndexDataSourceStocks,
+  ghostfolioFearAndGreedIndexSymbolCryptocurrencies,
+  ghostfolioFearAndGreedIndexSymbolStocks
+} from '@ghostfolio/common/config';
+import { getCurrencyFromSymbol, isCurrency } from '@ghostfolio/common/helper';
+import {
+  MarketDataDetailsResponse,
+  MarketDataOfMarketsResponse
+} from '@ghostfolio/common/interfaces';
+import { hasPermission, permissions } from '@ghostfolio/common/permissions';
+import { RequestWithUser } from '@ghostfolio/common/types';
+
+import {
+  Body,
+  Controller,
+  Get,
+  HttpException,
+  Inject,
+  Param,
+  Post,
+  Query,
+  UseGuards
+} from '@nestjs/common';
+import { REQUEST } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+import { DataSource, Prisma } from '@prisma/client';
+import { parseISO } from 'date-fns';
+import { getReasonPhrase, StatusCodes } from 'http-status-codes';
+
+import { UpdateBulkMarketDataDto } from './update-bulk-market-data.dto';
+
+@Controller('market-data')
+export class MarketDataController {
+  public constructor(
+    private readonly adminService: AdminService,
+    private readonly marketDataService: MarketDataService,
+    @Inject(REQUEST) private readonly request: RequestWithUser,
+    private readonly symbolProfileService: SymbolProfileService,
+    private readonly symbolService: SymbolService
+  ) {}
+
+  @Get('markets')
+  @HasPermission(permissions.readMarketDataOfMarkets)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async getMarketDataOfMarkets(
+    @Query('includeHistoricalData') includeHistoricalData = 0
+  ): Promise<MarketDataOfMarketsResponse> {
+    const [
+      marketDataFearAndGreedIndexCryptocurrencies,
+      marketDataFearAndGreedIndexStocks
+    ] = await Promise.all([
+      this.symbolService.get({
+        includeHistoricalData,
+        dataGatheringItem: {
+          dataSource: ghostfolioFearAndGreedIndexDataSourceCryptocurrencies,
+          symbol: ghostfolioFearAndGreedIndexSymbolCryptocurrencies
+        }
+      }),
+      this.symbolService.get({
+        includeHistoricalData,
+        dataGatheringItem: {
+          dataSource: ghostfolioFearAndGreedIndexDataSourceStocks,
+          symbol: ghostfolioFearAndGreedIndexSymbolStocks
+        }
+      })
+    ]);
+
+    return {
+      fearAndGreedIndex: {
+        CRYPTOCURRENCIES: {
+          ...marketDataFearAndGreedIndexCryptocurrencies
+        },
+        STOCKS: {
+          ...marketDataFearAndGreedIndexStocks
+        }
+      }
+    };
+  }
+
+  @Get(':dataSource/:symbol')
+  @UseGuards(AuthGuard('jwt'))
+  public async getMarketDataBySymbol(
+    @Param('dataSource') dataSource: DataSource,
+    @Param('symbol') symbol: string
+  ): Promise<MarketDataDetailsResponse> {
+    const [assetProfile] = await this.symbolProfileService.getSymbolProfiles([
+      { dataSource, symbol }
+    ]);
+
+    if (!assetProfile && !isCurrency(getCurrencyFromSymbol(symbol))) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.NOT_FOUND),
+        StatusCodes.NOT_FOUND
+      );
+    }
+
+    const canReadAllAssetProfiles = hasPermission(
+      this.request.user.permissions,
+      permissions.readMarketData
+    );
+
+    const canReadOwnAssetProfile =
+      assetProfile?.userId === this.request.user.id &&
+      hasPermission(
+        this.request.user.permissions,
+        permissions.readMarketDataOfOwnAssetProfile
+      );
+
+    if (!canReadAllAssetProfiles && !canReadOwnAssetProfile) {
+      throw new HttpException(
+        assetProfile.userId
+          ? getReasonPhrase(StatusCodes.NOT_FOUND)
+          : getReasonPhrase(StatusCodes.FORBIDDEN),
+        assetProfile.userId ? StatusCodes.NOT_FOUND : StatusCodes.FORBIDDEN
+      );
+    }
+
+    return this.adminService.getMarketDataBySymbol({ dataSource, symbol });
+  }
+
+  @Post(':dataSource/:symbol')
+  @UseGuards(AuthGuard('jwt'))
+  public async updateMarketData(
+    @Body() data: UpdateBulkMarketDataDto,
+    @Param('dataSource') dataSource: DataSource,
+    @Param('symbol') symbol: string
+  ) {
+    const [assetProfile] = await this.symbolProfileService.getSymbolProfiles([
+      { dataSource, symbol }
+    ]);
+
+    if (!assetProfile && !isCurrency(getCurrencyFromSymbol(symbol))) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.NOT_FOUND),
+        StatusCodes.NOT_FOUND
+      );
+    }
+
+    const canUpsertAllAssetProfiles =
+      hasPermission(
+        this.request.user.permissions,
+        permissions.createMarketData
+      ) &&
+      hasPermission(
+        this.request.user.permissions,
+        permissions.updateMarketData
+      );
+
+    const canUpsertOwnAssetProfile =
+      assetProfile?.userId === this.request.user.id &&
+      hasPermission(
+        this.request.user.permissions,
+        permissions.createMarketDataOfOwnAssetProfile
+      ) &&
+      hasPermission(
+        this.request.user.permissions,
+        permissions.updateMarketDataOfOwnAssetProfile
+      );
+
+    if (!canUpsertAllAssetProfiles && !canUpsertOwnAssetProfile) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.FORBIDDEN),
+        StatusCodes.FORBIDDEN
+      );
+    }
+
+    const dataBulkUpdate: Prisma.MarketDataUpdateInput[] = data.marketData.map(
+      ({ date, marketPrice }) => ({
+        dataSource,
+        marketPrice,
+        symbol,
+        date: parseISO(date),
+        state: 'CLOSE'
+      })
+    );
+
+    return this.marketDataService.updateMany({
+      data: dataBulkUpdate
+    });
+  }
+}

apps/api/src/app/endpoints/market-data/market-data.module.ts

@@ -0,0 +1,19 @@
+import { AdminModule } from '@ghostfolio/api/app/admin/admin.module';
+import { SymbolModule } from '@ghostfolio/api/app/symbol/symbol.module';
+import { MarketDataModule as MarketDataServiceModule } from '@ghostfolio/api/services/market-data/market-data.module';
+import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
+import { Module } from '@nestjs/common';
+
+import { MarketDataController } from './market-data.controller';
+
+@Module({
+  controllers: [MarketDataController],
+  imports: [
+    AdminModule,
+    MarketDataServiceModule,
+    SymbolModule,
+    SymbolProfileModule
+  ]
+})
+export class MarketDataModule {}

apps/api/src/app/endpoints/market-data/update-bulk-market-data.dto.ts

@@ -0,0 +1,24 @@
+import { Type } from 'class-transformer';
+import {
+  ArrayNotEmpty,
+  IsArray,
+  IsISO8601,
+  IsNumber,
+  IsOptional
+} from 'class-validator';
+
+export class UpdateBulkMarketDataDto {
+  @ArrayNotEmpty()
+  @IsArray()
+  @Type(() => UpdateMarketDataDto)
+  marketData: UpdateMarketDataDto[];
+}
+
+class UpdateMarketDataDto {
+  @IsISO8601()
+  @IsOptional()
+  date?: string;
+
+  @IsNumber()
+  marketPrice: number;
+}

apps/api/src/app/endpoints/public/public.controller.ts

@@ -0,0 +1,140 @@
+import { AccessService } from '@ghostfolio/api/app/access/access.service';
+import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
+import { UserService } from '@ghostfolio/api/app/user/user.service';
+import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor';
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.service';
+import { DEFAULT_CURRENCY } from '@ghostfolio/common/config';
+import { getSum } from '@ghostfolio/common/helper';
+import { PublicPortfolioResponse } from '@ghostfolio/common/interfaces';
+import type { RequestWithUser } from '@ghostfolio/common/types';
+
+import {
+  Controller,
+  Get,
+  HttpException,
+  Inject,
+  Param,
+  UseInterceptors
+} from '@nestjs/common';
+import { REQUEST } from '@nestjs/core';
+import { Big } from 'big.js';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
+
+@Controller('public')
+export class PublicController {
+  public constructor(
+    private readonly accessService: AccessService,
+    private readonly configurationService: ConfigurationService,
+    private readonly exchangeRateDataService: ExchangeRateDataService,
+    private readonly portfolioService: PortfolioService,
+    @Inject(REQUEST) private readonly request: RequestWithUser,
+    private readonly userService: UserService
+  ) {}
+
+  @Get(':accessId/portfolio')
+  @UseInterceptors(TransformDataSourceInResponseInterceptor)
+  public async getPublicPortfolio(
+    @Param('accessId') accessId
+  ): Promise<PublicPortfolioResponse> {
+    const access = await this.accessService.access({ id: accessId });
+
+    if (!access) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.NOT_FOUND),
+        StatusCodes.NOT_FOUND
+      );
+    }
+
+    let hasDetails = true;
+
+    const user = await this.userService.user({
+      id: access.userId
+    });
+
+    if (this.configurationService.get('ENABLE_FEATURE_SUBSCRIPTION')) {
+      hasDetails = user.subscription.type === 'Premium';
+    }
+
+    const [
+      { createdAt, holdings, markets },
+      { performance: performance1d },
+      { performance: performanceMax },
+      { performance: performanceYtd }
+    ] = await Promise.all([
+      this.portfolioService.getDetails({
+        impersonationId: access.userId,
+        userId: user.id,
+        withMarkets: true
+      }),
+      ...['1d', 'max', 'ytd'].map((dateRange) => {
+        return this.portfolioService.getPerformance({
+          dateRange,
+          impersonationId: undefined,
+          userId: user.id
+        });
+      })
+    ]);
+
+    Object.values(markets ?? {}).forEach((market) => {
+      delete market.valueInBaseCurrency;
+    });
+
+    const publicPortfolioResponse: PublicPortfolioResponse = {
+      createdAt,
+      hasDetails,
+      markets,
+      alias: access.alias,
+      holdings: {},
+      performance: {
+        '1d': {
+          relativeChange:
+            performance1d.netPerformancePercentageWithCurrencyEffect
+        },
+        max: {
+          relativeChange:
+            performanceMax.netPerformancePercentageWithCurrencyEffect
+        },
+        ytd: {
+          relativeChange:
+            performanceYtd.netPerformancePercentageWithCurrencyEffect
+        }
+      }
+    };
+
+    const totalValue = getSum(
+      Object.values(holdings).map(({ currency, marketPrice, quantity }) => {
+        return new Big(
+          this.exchangeRateDataService.toCurrency(
+            quantity * marketPrice,
+            currency,
+            this.request.user?.Settings?.settings.baseCurrency ??
+              DEFAULT_CURRENCY
+          )
+        );
+      })
+    ).toNumber();
+
+    for (const [symbol, portfolioPosition] of Object.entries(holdings)) {
+      publicPortfolioResponse.holdings[symbol] = {
+        allocationInPercentage:
+          portfolioPosition.valueInBaseCurrency / totalValue,
+        assetClass: hasDetails ? portfolioPosition.assetClass : undefined,
+        countries: hasDetails ? portfolioPosition.countries : [],
+        currency: hasDetails ? portfolioPosition.currency : undefined,
+        dataSource: portfolioPosition.dataSource,
+        dateOfFirstActivity: portfolioPosition.dateOfFirstActivity,
+        markets: hasDetails ? portfolioPosition.markets : undefined,
+        name: portfolioPosition.name,
+        netPerformancePercentWithCurrencyEffect:
+          portfolioPosition.netPerformancePercentWithCurrencyEffect,
+        sectors: hasDetails ? portfolioPosition.sectors : [],
+        symbol: portfolioPosition.symbol,
+        url: portfolioPosition.url,
+        valueInPercentage: portfolioPosition.valueInBaseCurrency / totalValue
+      };
+    }
+
+    return publicPortfolioResponse;
+  }
+}

apps/api/src/app/endpoints/public/public.module.ts

@@ -0,0 +1,53 @@
+import { AccessModule } from '@ghostfolio/api/app/access/access.module';
+import { AccountBalanceService } from '@ghostfolio/api/app/account-balance/account-balance.service';
+import { AccountService } from '@ghostfolio/api/app/account/account.service';
+import { OrderModule } from '@ghostfolio/api/app/order/order.module';
+import { PortfolioCalculatorFactory } from '@ghostfolio/api/app/portfolio/calculator/portfolio-calculator.factory';
+import { CurrentRateService } from '@ghostfolio/api/app/portfolio/current-rate.service';
+import { PortfolioService } from '@ghostfolio/api/app/portfolio/portfolio.service';
+import { RulesService } from '@ghostfolio/api/app/portfolio/rules.service';
+import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
+import { UserModule } from '@ghostfolio/api/app/user/user.module';
+import { TransformDataSourceInRequestModule } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.module';
+import { BenchmarkModule } from '@ghostfolio/api/services/benchmark/benchmark.module';
+import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
+import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
+import { I18nModule } from '@ghostfolio/api/services/i18n/i18n.module';
+import { ImpersonationModule } from '@ghostfolio/api/services/impersonation/impersonation.module';
+import { MarketDataModule } from '@ghostfolio/api/services/market-data/market-data.module';
+import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+import { PortfolioSnapshotQueueModule } from '@ghostfolio/api/services/queues/portfolio-snapshot/portfolio-snapshot.module';
+import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
+import { Module } from '@nestjs/common';
+
+import { PublicController } from './public.controller';
+
+@Module({
+  controllers: [PublicController],
+  imports: [
+    AccessModule,
+    BenchmarkModule,
+    DataProviderModule,
+    ExchangeRateDataModule,
+    I18nModule,
+    ImpersonationModule,
+    MarketDataModule,
+    OrderModule,
+    PortfolioSnapshotQueueModule,
+    PrismaModule,
+    RedisCacheModule,
+    SymbolProfileModule,
+    TransformDataSourceInRequestModule,
+    UserModule
+  ],
+  providers: [
+    AccountBalanceService,
+    AccountService,
+    CurrentRateService,
+    PortfolioCalculatorFactory,
+    PortfolioService,
+    RulesService
+  ]
+})
+export class PublicModule {}

apps/api/src/app/endpoints/sitemap/sitemap.controller.ts

@@ -0,0 +1,51 @@
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+import {
+  DATE_FORMAT,
+  getYesterday,
+  interpolate
+} from '@ghostfolio/common/helper';
+
+import { Controller, Get, Res, VERSION_NEUTRAL, Version } from '@nestjs/common';
+import { format } from 'date-fns';
+import { Response } from 'express';
+import { readFileSync } from 'fs';
+import { join } from 'path';
+
+import { SitemapService } from './sitemap.service';
+
+@Controller('sitemap.xml')
+export class SitemapController {
+  public sitemapXml = '';
+
+  public constructor(
+    private readonly configurationService: ConfigurationService,
+    private readonly sitemapService: SitemapService
+  ) {
+    try {
+      this.sitemapXml = readFileSync(
+        join(__dirname, 'assets', 'sitemap.xml'),
+        'utf8'
+      );
+    } catch {}
+  }
+
+  @Get()
+  @Version(VERSION_NEUTRAL)
+  public getSitemapXml(@Res() response: Response) {
+    const currentDate = format(getYesterday(), DATE_FORMAT);
+
+    response.setHeader('content-type', 'application/xml');
+    response.send(
+      interpolate(this.sitemapXml, {
+        personalFinanceTools: this.configurationService.get(
+          'ENABLE_FEATURE_SUBSCRIPTION'
+        )
+          ? this.sitemapService.getPersonalFinanceTools({ currentDate })
+          : '',
+        publicRoutes: this.sitemapService.getPublicRoutes({
+          currentDate
+        })
+      })
+    );
+  }
+}

apps/api/src/app/endpoints/sitemap/sitemap.module.ts

@@ -0,0 +1,14 @@
+import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
+import { I18nModule } from '@ghostfolio/api/services/i18n/i18n.module';
+
+import { Module } from '@nestjs/common';
+
+import { SitemapController } from './sitemap.controller';
+import { SitemapService } from './sitemap.service';
+
+@Module({
+  controllers: [SitemapController],
+  imports: [ConfigurationModule, I18nModule],
+  providers: [SitemapService]
+})
+export class SitemapModule {}

apps/api/src/app/endpoints/sitemap/sitemap.service.ts

@@ -0,0 +1,116 @@
+import { ConfigurationService } from '@ghostfolio/api/services/configuration/configuration.service';
+import { I18nService } from '@ghostfolio/api/services/i18n/i18n.service';
+import { SUPPORTED_LANGUAGE_CODES } from '@ghostfolio/common/config';
+import { personalFinanceTools } from '@ghostfolio/common/personal-finance-tools';
+import { PublicRoute } from '@ghostfolio/common/routes/interfaces/public-route.interface';
+import { publicRoutes } from '@ghostfolio/common/routes/routes';
+
+import { Injectable } from '@nestjs/common';
+
+@Injectable()
+export class SitemapService {
+  private static readonly TRANSLATION_TAGGED_MESSAGE_REGEX =
+    /:.*@@(?<id>[a-zA-Z0-9.]+):(?<message>.+)/;
+
+  public constructor(
+    private readonly configurationService: ConfigurationService,
+    private readonly i18nService: I18nService
+  ) {}
+
+  public getPersonalFinanceTools({ currentDate }: { currentDate: string }) {
+    const rootUrl = this.configurationService.get('ROOT_URL');
+
+    return SUPPORTED_LANGUAGE_CODES.flatMap((languageCode) => {
+      return personalFinanceTools.map(({ alias, key }) => {
+        const route =
+          publicRoutes.resources.subRoutes.personalFinanceTools.subRoutes
+            .product;
+        const params = {
+          currentDate,
+          languageCode,
+          rootUrl,
+          urlPostfix: alias ?? key
+        };
+
+        return this.createRouteSitemapUrl({ ...params, route });
+      });
+    }).join('\n');
+  }
+
+  public getPublicRoutes({ currentDate }: { currentDate: string }) {
+    const rootUrl = this.configurationService.get('ROOT_URL');
+
+    return SUPPORTED_LANGUAGE_CODES.flatMap((languageCode) => {
+      const params = {
+        currentDate,
+        languageCode,
+        rootUrl
+      };
+
+      return [
+        this.createRouteSitemapUrl(params),
+        ...this.createSitemapUrls(params, publicRoutes)
+      ];
+    }).join('\n');
+  }
+
+  private createRouteSitemapUrl({
+    currentDate,
+    languageCode,
+    rootUrl,
+    route,
+    urlPostfix
+  }: {
+    currentDate: string;
+    languageCode: string;
+    rootUrl: string;
+    route?: PublicRoute;
+    urlPostfix?: string;
+  }): string {
+    const segments =
+      route?.routerLink.map((link) => {
+        const match = link.match(
+          SitemapService.TRANSLATION_TAGGED_MESSAGE_REGEX
+        );
+
+        const segment = match
+          ? (this.i18nService.getTranslation({
+              languageCode,
+              id: match.groups.id
+            }) ?? match.groups.message)
+          : link;
+
+        return segment.replace(/^\/+|\/+$/, '');
+      }) ?? [];
+
+    const location =
+      [rootUrl, languageCode, ...segments].join('/') +
+      (urlPostfix ? `-${urlPostfix}` : '');
+
+    return [
+      '  <url>',
+      `    <loc>${location}</loc>`,
+      `    <lastmod>${currentDate}T00:00:00+00:00</lastmod>`,
+      '  </url>'
+    ].join('\n');
+  }
+
+  private createSitemapUrls(
+    params: { currentDate: string; languageCode: string; rootUrl: string },
+    routes: Record<string, PublicRoute>
+  ): string[] {
+    return Object.values(routes).flatMap((route) => {
+      if (route.excludeFromSitemap) {
+        return [];
+      }
+
+      const urls = [this.createRouteSitemapUrl({ ...params, route })];
+
+      if (route.subRoutes) {
+        urls.push(...this.createSitemapUrls(params, route.subRoutes));
+      }
+
+      return urls;
+    });
+  }
+}

apps/api/src/app/endpoints/tags/create-tag.dto.ts

@@ -0,0 +1,10 @@
+import { IsOptional, IsString } from 'class-validator';
+
+export class CreateTagDto {
+  @IsString()
+  name: string;
+
+  @IsOptional()
+  @IsString()
+  userId?: string;
+}

apps/api/src/app/endpoints/tags/tags.controller.ts

@@ -1,5 +1,9 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { TagService } from '@ghostfolio/api/services/tag/tag.service';
 import { hasPermission, permissions } from '@ghostfolio/common/permissions';
-import type { RequestWithUser } from '@ghostfolio/common/types';
+import { RequestWithUser } from '@ghostfolio/common/types';
+
 import {
   Body,
   Controller,
@@ -18,45 +22,76 @@ import { Tag } from '@prisma/client';
 import { StatusCodes, getReasonPhrase } from 'http-status-codes';
 
 import { CreateTagDto } from './create-tag.dto';
-import { TagService } from './tag.service';
 import { UpdateTagDto } from './update-tag.dto';
 
-@Controller('tag')
-export class TagController {
+@Controller('tags')
+export class TagsController {
   public constructor(
     @Inject(REQUEST) private readonly request: RequestWithUser,
     private readonly tagService: TagService
   ) {}
 
-  @Get()
-  @UseGuards(AuthGuard('jwt'))
-  public async getTags() {
-    return this.tagService.getTagsWithActivityCount();
-  }
-
   @Post()
   @UseGuards(AuthGuard('jwt'))
   public async createTag(@Body() data: CreateTagDto): Promise<Tag> {
-    if (!hasPermission(this.request.user.permissions, permissions.createTag)) {
+    const canCreateOwnTag = hasPermission(
+      this.request.user.permissions,
+      permissions.createOwnTag
+    );
+
+    const canCreateTag = hasPermission(
+      this.request.user.permissions,
+      permissions.createTag
+    );
+
+    if (!canCreateOwnTag && !canCreateTag) {
       throw new HttpException(
         getReasonPhrase(StatusCodes.FORBIDDEN),
         StatusCodes.FORBIDDEN
       );
     }
 
+    if (canCreateOwnTag && !canCreateTag) {
+      if (data.userId !== this.request.user.id) {
+        throw new HttpException(
+          getReasonPhrase(StatusCodes.BAD_REQUEST),
+          StatusCodes.BAD_REQUEST
+        );
+      }
+    }
+
     return this.tagService.createTag(data);
   }
 
-  @Put(':id')
-  @UseGuards(AuthGuard('jwt'))
-  public async updateTag(@Param('id') id: string, @Body() data: UpdateTagDto) {
-    if (!hasPermission(this.request.user.permissions, permissions.updateTag)) {
+  @Delete(':id')
+  @HasPermission(permissions.deleteTag)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async deleteTag(@Param('id') id: string) {
+    const originalTag = await this.tagService.getTag({
+      id
+    });
+
+    if (!originalTag) {
       throw new HttpException(
         getReasonPhrase(StatusCodes.FORBIDDEN),
         StatusCodes.FORBIDDEN
       );
     }
 
+    return this.tagService.deleteTag({ id });
+  }
+
+  @Get()
+  @HasPermission(permissions.readTags)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async getTags() {
+    return this.tagService.getTagsWithActivityCount();
+  }
+
+  @HasPermission(permissions.updateTag)
+  @Put(':id')
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  public async updateTag(@Param('id') id: string, @Body() data: UpdateTagDto) {
     const originalTag = await this.tagService.getTag({
       id
     });
@@ -77,28 +112,4 @@ export class TagController {
       }
     });
   }
-
-  @Delete(':id')
-  @UseGuards(AuthGuard('jwt'))
-  public async deleteTag(@Param('id') id: string) {
-    if (!hasPermission(this.request.user.permissions, permissions.deleteTag)) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    const originalTag = await this.tagService.getTag({
-      id
-    });
-
-    if (!originalTag) {
-      throw new HttpException(
-        getReasonPhrase(StatusCodes.FORBIDDEN),
-        StatusCodes.FORBIDDEN
-      );
-    }
-
-    return this.tagService.deleteTag({ id });
-  }
 }

apps/api/src/app/endpoints/tags/tags.module.ts

@@ -0,0 +1,12 @@
+import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+import { TagModule } from '@ghostfolio/api/services/tag/tag.module';
+
+import { Module } from '@nestjs/common';
+
+import { TagsController } from './tags.controller';
+
+@Module({
+  controllers: [TagsController],
+  imports: [PrismaModule, TagModule]
+})
+export class TagsModule {}

apps/api/src/app/endpoints/tags/update-tag.dto.ts

@@ -0,0 +1,13 @@
+import { IsOptional, IsString } from 'class-validator';
+
+export class UpdateTagDto {
+  @IsString()
+  id: string;
+
+  @IsString()
+  name: string;
+
+  @IsOptional()
+  @IsString()
+  userId?: string;
+}

apps/api/src/app/endpoints/watchlist/create-watchlist-item.dto.ts

@@ -0,0 +1,10 @@
+import { DataSource } from '@prisma/client';
+import { IsEnum, IsString } from 'class-validator';
+
+export class CreateWatchlistItemDto {
+  @IsEnum(DataSource)
+  dataSource: DataSource;
+
+  @IsString()
+  symbol: string;
+}

apps/api/src/app/endpoints/watchlist/watchlist.controller.ts

@@ -0,0 +1,100 @@
+import { HasPermission } from '@ghostfolio/api/decorators/has-permission.decorator';
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor';
+import { TransformDataSourceInResponseInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-response/transform-data-source-in-response.interceptor';
+import { ImpersonationService } from '@ghostfolio/api/services/impersonation/impersonation.service';
+import { HEADER_KEY_IMPERSONATION } from '@ghostfolio/common/config';
+import { WatchlistResponse } from '@ghostfolio/common/interfaces';
+import { permissions } from '@ghostfolio/common/permissions';
+import { RequestWithUser } from '@ghostfolio/common/types';
+
+import {
+  Body,
+  Controller,
+  Delete,
+  Get,
+  Headers,
+  HttpException,
+  Inject,
+  Param,
+  Post,
+  UseGuards,
+  UseInterceptors
+} from '@nestjs/common';
+import { REQUEST } from '@nestjs/core';
+import { AuthGuard } from '@nestjs/passport';
+import { DataSource } from '@prisma/client';
+import { StatusCodes, getReasonPhrase } from 'http-status-codes';
+
+import { CreateWatchlistItemDto } from './create-watchlist-item.dto';
+import { WatchlistService } from './watchlist.service';
+
+@Controller('watchlist')
+export class WatchlistController {
+  public constructor(
+    private readonly impersonationService: ImpersonationService,
+    @Inject(REQUEST) private readonly request: RequestWithUser,
+    private readonly watchlistService: WatchlistService
+  ) {}
+
+  @Post()
+  @HasPermission(permissions.createWatchlistItem)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  @UseInterceptors(TransformDataSourceInRequestInterceptor)
+  public async createWatchlistItem(@Body() data: CreateWatchlistItemDto) {
+    return this.watchlistService.createWatchlistItem({
+      dataSource: data.dataSource,
+      symbol: data.symbol,
+      userId: this.request.user.id
+    });
+  }
+
+  @Delete(':dataSource/:symbol')
+  @HasPermission(permissions.deleteWatchlistItem)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  @UseInterceptors(TransformDataSourceInRequestInterceptor)
+  public async deleteWatchlistItem(
+    @Param('dataSource') dataSource: DataSource,
+    @Param('symbol') symbol: string
+  ) {
+    const watchlistItems = await this.watchlistService.getWatchlistItems(
+      this.request.user.id
+    );
+
+    const watchlistItem = watchlistItems.find((item) => {
+      return item.dataSource === dataSource && item.symbol === symbol;
+    });
+
+    if (!watchlistItem) {
+      throw new HttpException(
+        getReasonPhrase(StatusCodes.NOT_FOUND),
+        StatusCodes.NOT_FOUND
+      );
+    }
+
+    return this.watchlistService.deleteWatchlistItem({
+      dataSource,
+      symbol,
+      userId: this.request.user.id
+    });
+  }
+
+  @Get()
+  @HasPermission(permissions.readWatchlist)
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  @UseInterceptors(TransformDataSourceInResponseInterceptor)
+  public async getWatchlistItems(
+    @Headers(HEADER_KEY_IMPERSONATION.toLowerCase()) impersonationId: string
+  ): Promise<WatchlistResponse> {
+    const impersonationUserId =
+      await this.impersonationService.validateImpersonationId(impersonationId);
+
+    const watchlist = await this.watchlistService.getWatchlistItems(
+      impersonationUserId || this.request.user.id
+    );
+
+    return {
+      watchlist
+    };
+  }
+}

apps/api/src/app/endpoints/watchlist/watchlist.module.ts

@@ -0,0 +1,31 @@
+import { TransformDataSourceInRequestModule } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.module';
+import { TransformDataSourceInResponseModule } from '@ghostfolio/api/interceptors/transform-data-source-in-response/transform-data-source-in-response.module';
+import { BenchmarkModule } from '@ghostfolio/api/services/benchmark/benchmark.module';
+import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
+import { ImpersonationModule } from '@ghostfolio/api/services/impersonation/impersonation.module';
+import { MarketDataModule } from '@ghostfolio/api/services/market-data/market-data.module';
+import { PrismaModule } from '@ghostfolio/api/services/prisma/prisma.module';
+import { DataGatheringModule } from '@ghostfolio/api/services/queues/data-gathering/data-gathering.module';
+import { SymbolProfileModule } from '@ghostfolio/api/services/symbol-profile/symbol-profile.module';
+
+import { Module } from '@nestjs/common';
+
+import { WatchlistController } from './watchlist.controller';
+import { WatchlistService } from './watchlist.service';
+
+@Module({
+  controllers: [WatchlistController],
+  imports: [
+    BenchmarkModule,
+    DataGatheringModule,
+    DataProviderModule,
+    ImpersonationModule,
+    MarketDataModule,
+    PrismaModule,
+    SymbolProfileModule,
+    TransformDataSourceInRequestModule,
+    TransformDataSourceInResponseModule
+  ],
+  providers: [WatchlistService]
+})
+export class WatchlistModule {}

apps/api/src/app/endpoints/watchlist/watchlist.service.ts

@@ -0,0 +1,150 @@
+import { BenchmarkService } from '@ghostfolio/api/services/benchmark/benchmark.service';
+import { DataProviderService } from '@ghostfolio/api/services/data-provider/data-provider.service';
+import { MarketDataService } from '@ghostfolio/api/services/market-data/market-data.service';
+import { PrismaService } from '@ghostfolio/api/services/prisma/prisma.service';
+import { DataGatheringService } from '@ghostfolio/api/services/queues/data-gathering/data-gathering.service';
+import { SymbolProfileService } from '@ghostfolio/api/services/symbol-profile/symbol-profile.service';
+import { WatchlistResponse } from '@ghostfolio/common/interfaces';
+
+import { BadRequestException, Injectable } from '@nestjs/common';
+import { DataSource, Prisma } from '@prisma/client';
+
+@Injectable()
+export class WatchlistService {
+  public constructor(
+    private readonly benchmarkService: BenchmarkService,
+    private readonly dataGatheringService: DataGatheringService,
+    private readonly dataProviderService: DataProviderService,
+    private readonly marketDataService: MarketDataService,
+    private readonly prismaService: PrismaService,
+    private readonly symbolProfileService: SymbolProfileService
+  ) {}
+
+  public async createWatchlistItem({
+    dataSource,
+    symbol,
+    userId
+  }: {
+    dataSource: DataSource;
+    symbol: string;
+    userId: string;
+  }): Promise<void> {
+    const symbolProfile = await this.prismaService.symbolProfile.findUnique({
+      where: {
+        dataSource_symbol: { dataSource, symbol }
+      }
+    });
+
+    if (!symbolProfile) {
+      const assetProfiles = await this.dataProviderService.getAssetProfiles([
+        { dataSource, symbol }
+      ]);
+
+      if (!assetProfiles[symbol]?.currency) {
+        throw new BadRequestException(
+          `Asset profile not found for ${symbol} (${dataSource})`
+        );
+      }
+
+      await this.symbolProfileService.add(
+        assetProfiles[symbol] as Prisma.SymbolProfileCreateInput
+      );
+    }
+
+    await this.dataGatheringService.gatherSymbol({
+      dataSource,
+      symbol
+    });
+
+    await this.prismaService.user.update({
+      data: {
+        watchlist: {
+          connect: {
+            dataSource_symbol: { dataSource, symbol }
+          }
+        }
+      },
+      where: { id: userId }
+    });
+  }
+
+  public async deleteWatchlistItem({
+    dataSource,
+    symbol,
+    userId
+  }: {
+    dataSource: DataSource;
+    symbol: string;
+    userId: string;
+  }) {
+    await this.prismaService.user.update({
+      data: {
+        watchlist: {
+          disconnect: {
+            dataSource_symbol: { dataSource, symbol }
+          }
+        }
+      },
+      where: { id: userId }
+    });
+  }
+
+  public async getWatchlistItems(
+    userId: string
+  ): Promise<WatchlistResponse['watchlist']> {
+    const user = await this.prismaService.user.findUnique({
+      select: {
+        watchlist: {
+          select: { dataSource: true, symbol: true }
+        }
+      },
+      where: { id: userId }
+    });
+
+    const [assetProfiles, quotes] = await Promise.all([
+      this.symbolProfileService.getSymbolProfiles(user.watchlist),
+      this.dataProviderService.getQuotes({
+        items: user.watchlist.map(({ dataSource, symbol }) => {
+          return { dataSource, symbol };
+        })
+      })
+    ]);
+
+    const watchlist = await Promise.all(
+      user.watchlist.map(async ({ dataSource, symbol }) => {
+        const assetProfile = assetProfiles.find((profile) => {
+          return profile.dataSource === dataSource && profile.symbol === symbol;
+        });
+
+        const allTimeHigh = await this.marketDataService.getMax({
+          dataSource,
+          symbol
+        });
+
+        const performancePercent =
+          this.benchmarkService.calculateChangeInPercentage(
+            allTimeHigh?.marketPrice,
+            quotes[symbol]?.marketPrice
+          );
+
+        return {
+          dataSource,
+          symbol,
+          marketCondition:
+            this.benchmarkService.getMarketCondition(performancePercent),
+          name: assetProfile?.name,
+          performances: {
+            allTimeHigh: {
+              performancePercent,
+              date: allTimeHigh?.date
+            }
+          }
+        };
+      })
+    );
+
+    return watchlist.sort((a, b) => {
+      return a.name.localeCompare(b.name);
+    });
+  }
+}

apps/api/src/app/exchange-rate/exchange-rate.controller.ts

@@ -1,4 +1,6 @@
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
 import { IDataProviderHistoricalResponse } from '@ghostfolio/api/services/interfaces/interfaces';
+
 import {
   Controller,
   Get,
@@ -19,7 +21,7 @@ export class ExchangeRateController {
   ) {}
 
   @Get(':symbol/:dateString')
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
   public async getExchangeRate(
     @Param('dateString') dateString: string,
     @Param('symbol') symbol: string

apps/api/src/app/exchange-rate/exchange-rate.module.ts

@@ -1,4 +1,5 @@
 import { ExchangeRateDataModule } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.module';
+
 import { Module } from '@nestjs/common';
 
 import { ExchangeRateController } from './exchange-rate.controller';

apps/api/src/app/exchange-rate/exchange-rate.service.ts

@@ -1,4 +1,5 @@
 import { ExchangeRateDataService } from '@ghostfolio/api/services/exchange-rate-data/exchange-rate-data.service';
+
 import { Injectable } from '@nestjs/common';
 
 @Injectable()

apps/api/src/app/export/export.controller.ts

@@ -1,6 +1,17 @@
+import { HasPermissionGuard } from '@ghostfolio/api/guards/has-permission.guard';
+import { TransformDataSourceInRequestInterceptor } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.interceptor';
+import { ApiService } from '@ghostfolio/api/services/api/api.service';
 import { Export } from '@ghostfolio/common/interfaces';
 import type { RequestWithUser } from '@ghostfolio/common/types';
-import { Controller, Get, Inject, Query, UseGuards } from '@nestjs/common';
+
+import {
+  Controller,
+  Get,
+  Inject,
+  Query,
+  UseGuards,
+  UseInterceptors
+} from '@nestjs/common';
 import { REQUEST } from '@nestjs/core';
 import { AuthGuard } from '@nestjs/passport';
 
@@ -9,17 +20,35 @@ import { ExportService } from './export.service';
 @Controller('export')
 export class ExportController {
   public constructor(
+    private readonly apiService: ApiService,
     private readonly exportService: ExportService,
     @Inject(REQUEST) private readonly request: RequestWithUser
   ) {}
 
   @Get()
-  @UseGuards(AuthGuard('jwt'))
+  @UseGuards(AuthGuard('jwt'), HasPermissionGuard)
+  @UseInterceptors(TransformDataSourceInRequestInterceptor)
   public async export(
-    @Query('activityIds') activityIds?: string[]
+    @Query('accounts') filterByAccounts?: string,
+    @Query('activityIds') filterByActivityIds?: string,
+    @Query('assetClasses') filterByAssetClasses?: string,
+    @Query('dataSource') filterByDataSource?: string,
+    @Query('symbol') filterBySymbol?: string,
+    @Query('tags') filterByTags?: string
   ): Promise<Export> {
+    const activityIds = filterByActivityIds?.split(',') ?? [];
+    const filters = this.apiService.buildFiltersFromQueryParams({
+      filterByAccounts,
+      filterByAssetClasses,
+      filterByDataSource,
+      filterBySymbol,
+      filterByTags
+    });
+
     return this.exportService.export({
       activityIds,
+      filters,
+      userCurrency: this.request.user.Settings.settings.baseCurrency,
       userId: this.request.user.id
     });
   }

apps/api/src/app/export/export.module.ts

@@ -1,24 +1,23 @@
 import { AccountModule } from '@ghostfolio/api/app/account/account.module';
 import { OrderModule } from '@ghostfolio/api/app/order/order.module';
-import { RedisCacheModule } from '@ghostfolio/api/app/redis-cache/redis-cache.module';
-import { ConfigurationModule } from '@ghostfolio/api/services/configuration/configuration.module';
-import { DataGatheringModule } from '@ghostfolio/api/services/data-gathering/data-gathering.module';
-import { DataProviderModule } from '@ghostfolio/api/services/data-provider/data-provider.module';
+import { TransformDataSourceInRequestModule } from '@ghostfolio/api/interceptors/transform-data-source-in-request/transform-data-source-in-request.module';
+import { ApiModule } from '@ghostfolio/api/services/api/api.module';
+import { TagModule } from '@ghostfolio/api/services/tag/tag.module';
+
 import { Module } from '@nestjs/common';
 
 import { ExportController } from './export.controller';
 import { ExportService } from './export.service';
 
 @Module({
+  controllers: [ExportController],
   imports: [
     AccountModule,
-    ConfigurationModule,
-    DataGatheringModule,
-    DataProviderModule,
+    ApiModule,
     OrderModule,
-    RedisCacheModule
+    TagModule,
+    TransformDataSourceInRequestModule
   ],
-  controllers: [ExportController],
   providers: [ExportService]
 })
 export class ExportModule {}

apps/api/src/app/export/export.service.ts

@@ -1,34 +1,89 @@
 import { AccountService } from '@ghostfolio/api/app/account/account.service';
 import { OrderService } from '@ghostfolio/api/app/order/order.service';
 import { environment } from '@ghostfolio/api/environments/environment';
-import { Export } from '@ghostfolio/common/interfaces';
+import { TagService } from '@ghostfolio/api/services/tag/tag.service';
+import { Filter, Export } from '@ghostfolio/common/interfaces';
+
 import { Injectable } from '@nestjs/common';
+import { Platform } from '@prisma/client';
 
 @Injectable()
 export class ExportService {
   public constructor(
     private readonly accountService: AccountService,
-    private readonly orderService: OrderService
+    private readonly orderService: OrderService,
+    private readonly tagService: TagService
   ) {}
 
   public async export({
     activityIds,
+    filters,
+    userCurrency,
     userId
   }: {
     activityIds?: string[];
+    filters?: Filter[];
+    userCurrency: string;
     userId: string;
   }): Promise<Export> {
+    const platformsMap: { [platformId: string]: Platform } = {};
+
+    let { activities } = await this.orderService.getOrders({
+      filters,
+      userCurrency,
+      userId,
+      includeDrafts: true,
+      sortColumn: 'date',
+      sortDirection: 'asc',
+      withExcludedAccounts: true
+    });
+
+    if (activityIds?.length > 0) {
+      activities = activities.filter(({ id }) => {
+        return activityIds.includes(id);
+      });
+    }
+
     const accounts = (
       await this.accountService.accounts({
+        include: {
+          balances: true,
+          platform: true
+        },
         orderBy: {
           name: 'asc'
         },
         where: { userId }
       })
-    ).map(
-      ({ balance, comment, currency, id, isExcluded, name, platformId }) => {
+    )
+      .filter(({ id }) => {
+        return activities.length > 0
+          ? activities.some(({ accountId }) => {
+              return accountId === id;
+            })
+          : true;
+      })
+      .map(
+        ({
+          balance,
+          balances,
+          comment,
+          currency,
+          id,
+          isExcluded,
+          name,
+          platform,
+          platformId
+        }) => {
+          if (platformId) {
+            platformsMap[platformId] = platform;
+          }
+
           return {
             balance,
+            balances: balances.map(({ date, value }) => {
+              return { date: date.toISOString(), value };
+            }),
             comment,
             currency,
             id,
@@ -39,30 +94,39 @@ export class ExportService {
         }
       );
 
-    let activities = await this.orderService.orders({
-      include: { SymbolProfile: true },
-      orderBy: { date: 'desc' },
-      where: { userId }
+    const tags = (await this.tagService.getTagsForUser(userId))
+      .filter(
+        ({ id, isUsed }) =>
+          isUsed &&
+          activities.some((activity) => {
+            return activity.tags.some(({ id: tagId }) => {
+              return tagId === id;
             });
-
-    if (activityIds) {
-      activities = activities.filter((activity) => {
-        return activityIds.includes(activity.id);
+          })
+      )
+      .map(({ id, name }) => {
+        return {
+          id,
+          name
+        };
       });
-    }
 
     return {
       meta: { date: new Date().toISOString(), version: environment.version },
       accounts,
+      platforms: Object.values(platformsMap),
+      tags,
       activities: activities.map(
         ({
           accountId,
           comment,
+          currency,
           date,
           fee,
           id,
           quantity,
           SymbolProfile,
+          tags: currentTags,
           type,
           unitPrice
         }) => {
@@ -74,19 +138,21 @@ export class ExportService {
             quantity,
             type,
             unitPrice,
-            currency: SymbolProfile.currency,
+            currency: currency ?? SymbolProfile.currency,
             dataSource: SymbolProfile.dataSource,
             date: date.toISOString(),
-            symbol:
-              type === 'FEE' ||
-              type === 'INTEREST' ||
-              type === 'ITEM' ||
-              type === 'LIABILITY'
+            symbol: ['FEE', 'INTEREST', 'ITEM', 'LIABILITY'].includes(type)
               ? SymbolProfile.name
-                : SymbolProfile.symbol
+              : SymbolProfile.symbol,
+            tags: currentTags.map(({ id: tagId }) => {
+              return tagId;
+            })
           };
         }
-      )
+      ),
+      user: {
+        settings: { currency: userCurrency }
+      }
     };
   }
 }