Skip to content

Releases: ZoneMix/actual-budget-rest-api

v2.1.0

28 Dec 03:15
@ZoneMix ZoneMix
v2.1.0
be4aefa

Choose a tag to compare

View all tags
v2.1.0 Latest
Latest

Breaking Changes

  • v2.1.0 introduces the /v2 prefix to the endpoints which works with the v1.0.0 release of the n8n node, please be sure to update n8n node if using this version

Full Changelog: v2.0.4...v2.1.0

Assets 2
Loading

v2.0.4

27 Dec 02:04
@ZoneMix ZoneMix
v2.0.4
8b712d6

Choose a tag to compare

View all tags
v2.0.4
  • Fix oauth2 refresh token validation failure from unsupported grant type error.
  • Add example docker compose with actual server and variables for stored secrets.

Full Changelog: v2.0.3...v2.0.4

Loading

v2.0.3

26 Dec 22:21
@ZoneMix ZoneMix
v2.0.3
11e5481

Choose a tag to compare

View all tags
v2.0.3

What's Changed

  • Add GitHub Actions workflow for building and pushing Docker images by @ZoneMix in #7
  • Fixed an issue with creating transactions in the validation schema

Full Changelog: v2.0.2...v2.0.3

Contributors

ZoneMix
Loading

v2.0.2

23 Dec 03:08
@ZoneMix ZoneMix
v2.0.2
e5754b0

Choose a tag to compare

View all tags
v2.0.2

Full Changelog: v2.0.1...v2.0.2

Loading

v2.0.1

23 Dec 02:31
@ZoneMix ZoneMix
v2.0.1
87e7ae0

Choose a tag to compare

View all tags
v2.0.1

fix(auth): update authentication middleware to use async database queries

  • Changed authenticateAdminDashboard and authenticateAdminAPI to async functions for improved database interaction.
  • Replaced getDb with getRow for fetching user roles and details.
  • Updated routes to handle async middleware with asyncHandler for better error management.
  • Enhanced listClients to utilize getAllRows for fetching client data.
Loading

v2.0.0

22 Dec 21:15
@ZoneMix ZoneMix
v2.0.0
d1961bb

Choose a tag to compare

View all tags
v2.0.0

Release v2.0.0

🎉 Major Release - PostgreSQL Support & Admin API

Version 2.0.0 introduces PostgreSQL database support, a comprehensive Admin API for OAuth client management, enhanced monitoring capabilities, and significant improvements to authentication and documentation.

🚀 New Features

PostgreSQL Database Support

  • Full PostgreSQL support as an alternative to SQLite for authentication storage
  • Automatic database initialization and schema migrations
  • Configurable via DB_TYPE environment variable (postgres or sqlite)
  • Support for both connection URL (POSTGRES_URL) and individual connection parameters
  • Production-ready with connection pooling and error handling
  • Migration path: Existing SQLite databases continue to work seamlessly

Configuration:

DB_TYPE=postgres
POSTGRES_URL=postgresql://user:password@host:5432/database
# OR use individual parameters:
POSTGRES_HOST=localhost
POSTGRES_PORT=5432
POSTGRES_DB=postgres
POSTGRES_USER=postgres
POSTGRES_PASSWORD=password

Admin API

  • Complete OAuth client management via REST API endpoints
  • Web-based admin dashboard at /admin for managing OAuth clients
  • Secure secret hashing with bcrypt for all client credentials
  • Role-based access control (requires admin role and admin scope)

New Endpoints:

  • GET /admin/oauth-clients - List all OAuth clients
  • POST /admin/oauth-clients - Create new OAuth client
  • GET /admin/oauth-clients/:clientId - Get specific client details
  • PUT /admin/oauth-clients/:clientId - Update client configuration
  • DELETE /admin/oauth-clients/:clientId - Delete client

Features:

  • Automatic secret generation if not provided
  • Secure secret hashing (bcrypt) before storage
  • Client secrets only returned once on creation
  • Full CRUD operations with validation
  • Protected by admin authentication middleware

Enhanced Monitoring

  • Pre-configured Grafana dashboards with comprehensive metrics visualization
  • Prometheus metrics endpoint integration
  • Real-time monitoring of API performance, error rates, and request patterns
  • Development monitoring stack included in docker-compose.dev.yml

Files Added:

  • monitoring/grafana/dashboards/actual-budget-api-dashboard.json
  • monitoring/prometheus.yml
  • monitoring/README.md - Complete monitoring setup guide

Token Revocation Script

  • New CLI script for manually revoking tokens: scripts/revoke-tokens.mjs
  • Useful for security incidents and manual token management
  • Supports revoking both access and refresh tokens

✨ Enhancements

Authentication & Security

  • Proper logout session revocation - Tokens are now properly revoked on logout
  • Enhanced role-based access control with granular permissions
  • Improved JWT token validation and error handling
  • Better session management for documentation access

Documentation

  • Complete README rewrite with improved structure and clarity
  • Enhanced production deployment guides
  • Comprehensive environment variable documentation
  • Clear migration paths between SQLite and PostgreSQL
  • Secrets management best practices (GitHub Secrets, AWS Secrets Manager, Kubernetes)
  • Updated architecture documentation

Database Layer

  • Improved database initialization with better error handling
  • Automatic schema migrations on startup
  • Enhanced database connection management
  • Better support for both SQLite and PostgreSQL query syntax

Docker & Deployment

  • Updated production Docker Compose files
  • Separate configurations for PostgreSQL and SQLite deployments
  • Improved development stack with monitoring integration
  • Enhanced environment variable handling

Developer Experience

  • Updated pre-commit hook documentation
  • Improved error messages and logging
  • Better validation error reporting
  • Enhanced OpenAPI documentation with admin endpoints

🐛 Bug Fixes

  • Fixed OAuth2 workflow issues with proper error handling
  • Fixed logout token revocation to properly invalidate sessions
  • Improved authentication error messages
  • Fixed database initialization edge cases
  • Enhanced error handling in OAuth2 flow

📋 Breaking Changes

Environment Variables

  • Database Configuration: New DB_TYPE environment variable required to specify database type
    • Set DB_TYPE=postgres for PostgreSQL (recommended for production)
    • Set DB_TYPE=sqlite for SQLite (default, simpler setup)
  • PostgreSQL Configuration: New environment variables for PostgreSQL connection
    • POSTGRES_URL or individual POSTGRES_HOST, POSTGRES_PORT, POSTGRES_DB, POSTGRES_USER, POSTGRES_PASSWORD

API Changes

  • Admin Endpoints: New /admin/* endpoints require admin role and scope
    • Ensure your JWT tokens include role: "admin" and scopes: ["admin"]
  • Logout Behavior: Logout now properly revokes tokens (may affect clients relying on token lifetime)

Docker Compose

  • Updated production Docker Compose files with new naming conventions
  • docker-compose.prod.yml renamed to docker-compose.prod.sqlite.yml
  • New docker-compose.prod.postgres.yml for PostgreSQL deployments

🔄 Migration Guide

Upgrading from v1.x

  1. Update Dependencies:

    npm install

  2. Database Migration (SQLite → PostgreSQL, Optional):

    • If staying with SQLite: No changes needed, DB_TYPE=sqlite is default
    • If migrating to PostgreSQL: 
      DB_TYPE=postgres
POSTGRES_URL=postgresql://user:password@host:5432/database
    • Schema migrations run automatically on startup

  3. Update Docker Compose:

    # For SQLite (existing behavior)
docker compose -f docker-compose.prod.sqlite.yml up -d --build

# For PostgreSQL (new, recommended)
docker compose -f docker-compose.prod.postgres.yml up -d --build

  4. Environment Variables:

    • Review .env.example for new variables
    • Add DB_TYPE if using PostgreSQL
    • Configure PostgreSQL connection parameters if applicable

  5. Access Control:

    • Admin API endpoints require admin role
    • Ensure JWT tokens include appropriate roles and scopes for admin access

📦 Dependencies

  • Updated @actual-app/api to ^25.12.0
  • Added pg (PostgreSQL driver) ^8.16.3
  • Updated various security dependencies

🔗 Related Resources

Loading

v1.1.1

19 Dec 20:57
@ZoneMix ZoneMix
v1.1.1
055ef95

Choose a tag to compare

View all tags
v1.1.1

release: v1.1.0 - Enhanced security, monitoring, and configuration management
Major Features:

  • Add comprehensive architecture documentation (ARCHITECTURE.md)
  • Implement centralized environment variable validation (src/config/env.js)
  • Add Redis support for distributed rate limiting (src/config/redis.js)
  • Add metrics collection endpoint and middleware (src/routes/metrics.js, src/middleware/metrics.js)
  • Implement query security middleware to prevent SQL injection (src/middleware/querySecurity.js)
  • Add structured error handling system (src/errors/index.js)
  • Add body parser middleware for request validation (src/middleware/bodyParser.js)

Infrastructure & Testing:

  • Add Jest testing framework with test setup and initial test suites
  • Add test coverage for error handling and validation middleware
  • Add authentication route tests
  • Update Docker Compose configurations for development and production

Security & Performance:

  • Enhance OAuth2 client implementation
  • Improve rate limiting with Redis fallback support
  • Strengthen query endpoint security
  • Update authentication and health check endpoints

Documentation & Configuration:

  • Update README with new features and improved setup instructions
  • Enhance OpenAPI documentation with new endpoints and schemas
  • Update .env.example with new configuration options
  • Improve .gitignore for better security

Dependencies:

  • Add ioredis for Redis connectivity
  • Add rate-limit-redis for distributed rate limiting
  • Remove passport dependencies in favor of custom OAuth2 implementation
  • Update all dependencies to latest compatible versions

This release significantly improves the API's security posture, observability,
and developer experience while maintaining backward compatibility.

Loading