fix(numpad): 全部按键 @click 换 @pointerdown.left，零延迟

第一阶段（touch-action: manipulation）只解了浏览器双击缩放延迟，但 F7 内部 tap 合成 + active-state 检测仍让 @click 比 pointerdown 慢一拍。完全弃用 @click： - 16 个按键（数字 0-9、运算 ×−+、C 清空、小数点/双零、OK 确认）改 @pointerdown.left - 触屏 button=0 始终满足 .left 修饰符 - 桌面右键 button=2 不会误触发 - F7 active-state 视觉反馈基于独立 touchstart/touchend 监听，按下效果保留 - 退格键的 pointer 事件方案在上个 commit 已实现，本次不动 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
fix(numpad): 退格键按下零延迟 + 500ms 长按清空
2026-05-08 11:24:16 +08:00 · 2026-05-08 11:14:11 +08:00 · 2026-05-07 15:47:00 +08:00 · 2026-05-07 15:32:24 +08:00 · 2026-05-05 18:57:09 +08:00 · 2026-05-05 18:20:30 +08:00
678 changed files with 135264 additions and 22607 deletions
@@ -0,0 +1,167 @@
+name: Build Docker Image
+
+on:
+  # 自动触发：push 到 custom 分支时跑（force-push 后的 rebase 也会触发，可接受）
+  # paths-ignore：纯文档/配置改动跳过，避免浪费 ~10 分钟构建
+  # ⚠️ 已知 quirk（2026-05-02 验证）：empty commit（git commit --allow-empty）
+  # 不会触发 paths-ignore 过滤的 workflow，Gitea 把 zero-paths-changed 当作
+  # "vacuously matches ignore list" 跳过。要强制触发必须至少改一个非 ignore 路径
+  # 的真实文件（改这个 yml 自己最稳）。
+  push:
+    branches: [custom]
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+      - 'LICENSE'
+      - 'screenshot/**'
+      # sync-upstream.yml 改的是 main reset 逻辑，跟 build 无关
+      # build-image.yml 自己留着会触发，作为 workflow 改动的 self-test
+      - '.gitea/workflows/sync-upstream.yml'
+  # 手动触发：保留作为应急通道（重新打包旧 commit、用自定义 tag 等等）
+  # 注意：手动触发也会跑 deploy job —— 如果只想 build 不部署，临时把 deploy
+  # job 注释掉或在 deploy 里加 if 条件
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: '要打包的分支（仅手动触发生效）'
+        required: true
+        default: 'custom'
+      tag:
+        description: '镜像 tag（留空则用 commit short hash）'
+        required: false
+        default: ''
+
+# 并发控制：同一分支的连续 push 只跑最新的，旧 in-progress run 会被取消
+# 例：连续 3 次 push，第 1 次 build 跑了 30s，第 2 次开始 → 取消第 1，第 2 跑；
+# 期间第 3 次又来 → 取消第 2，第 3 跑。最后只构建+部署最新代码，省 CI 时间。
+# group 包含 ref 是为了不同分支的 build 互不干扰（虽然当前只有 custom 用）
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout target branch
+        uses: actions/checkout@v4
+        with:
+          # workflow_dispatch 时用用户填的 branch；push 触发时 inputs.branch 为空，
+          # fallback 到 github.ref_name（即触发的分支名，push 到 custom 时就是 custom）
+          ref: ${{ inputs.branch || github.ref_name }}
+          fetch-depth: 0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          # 钉到 v0.13.2（自带 runc 1.1.x），避免 runc 1.2+ 的 procfs 安全检查
+          # 在 DSM 老内核（4.4.x）上撞 openat2/fsmount 不存在导致 build 失败
+          driver-opts: |
+            image=moby/buildkit:v0.13.2
+
+      - name: Login to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.zhengchentao.win
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGES_TOKEN }}
+
+      - name: Determine image tag and revision
+        id: meta
+        run: |
+          if [ -n "${{ inputs.tag }}" ]; then
+            IMAGE_TAG="${{ inputs.tag }}"
+          else
+            IMAGE_TAG="$(git rev-parse --short HEAD)"
+          fi
+          echo "image_tag=$IMAGE_TAG" >> $GITHUB_OUTPUT
+          echo "full_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+          echo "==> Image tag: $IMAGE_TAG"
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          # 上游 Dockerfile 用 BUILD_PIPELINE 作为 CI 跳过开关：
+          # 设为 "1" 时 pkg/exchangerates 跳过依赖第三方 API 的活测试
+          # （加拿大银行/乌兹别克央行 API 国内不稳，跑就超时）
+          # CHECK_3RD_API 留空 → 三方 API 测试不跑；想跑设 "1"
+          build-args: |
+            BUILD_PIPELINE=1
+          # OCI 标签：
+          # - source 让 Gitea 收包时自动把镜像关联到对应 repo（不再需要手动去
+          #   "包设置 → 链接到仓库"）
+          # - revision 把构建时的 commit full SHA 烙进镜像 manifest，
+          #   docker inspect 能反推回源码版本
+          labels: |
+            org.opencontainers.image.source=https://git.zhengchentao.win/zhengchen.tao/ezbookkeeping
+            org.opencontainers.image.revision=${{ steps.meta.outputs.full_sha }}
+          tags: |
+            git.zhengchentao.win/zhengchen.tao/ezbookkeeping:${{ steps.meta.outputs.image_tag }}
+            git.zhengchentao.win/zhengchen.tao/ezbookkeeping:latest
+
+      - name: Build summary
+        # 把构建出的镜像 tag 与源 commit 显式列在 Action run summary 区，
+        # 方便从 UI 一眼看到本次 build 产出。always() 保证 build 失败也输出。
+        if: always()
+        run: |
+          {
+            echo "## Build Summary"
+            echo ""
+            echo "| 项 | 值 |"
+            echo "|---|---|"
+            echo "| 触发方式 | \`${{ github.event_name }}\` |"
+            echo "| 源分支 | \`${{ inputs.branch || github.ref_name }}\` |"
+            echo "| 源 commit (full) | \`${{ steps.meta.outputs.full_sha }}\` |"
+            echo "| 源 commit (short) | \`${{ steps.meta.outputs.image_tag }}\` |"
+            echo "| 镜像 tag | \`git.zhengchentao.win/zhengchen.tao/ezbookkeeping:${{ steps.meta.outputs.image_tag }}\` + \`:latest\` |"
+          } >> "$GITHUB_STEP_SUMMARY"
+
+  deploy:
+    # needs: build 串起来 —— build 失败 deploy 自动跳过，无需 if 条件
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      # 登录 Gitea Container Registry，否则 docker compose pull 私有镜像 401。
+      # 跟 build job 那步是同一个 PACKAGES_TOKEN，但每个 job 跑在独立 runner 上，
+      # 凭据不会从 build job 继承，必须在这里再登一次。
+      - name: Login to Gitea Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: git.zhengchentao.win
+          username: ${{ gitea.actor }}
+          password: ${{ secrets.PACKAGES_TOKEN }}
+
+      - name: Pull and restart ezbookkeeping
+        # 部署逻辑直接内联在这。runner 容器挂了 host docker.sock，
+        # 所以这里 docker 命令直接操作的是宿主机 docker daemon，
+        # 容器层面相当于 "ssh 到 NAS 跑 docker compose"。
+        #
+        # NAS_INFRA_TOKEN secret 仅在 nas-infra 是私有仓库时需要；
+        # 公开仓库不设这个 secret 也能拉。
+        env:
+          NAS_INFRA_TOKEN: ${{ secrets.NAS_INFRA_TOKEN }}
+        run: |
+          set -e
+
+          TMPDIR=$(mktemp -d)
+          trap 'rm -rf "$TMPDIR"' EXIT
+
+          # 决定 clone URL：有 token 用 token（私有），没有用裸 URL（公开）
+          if [ -n "$NAS_INFRA_TOKEN" ]; then
+            CLONE_URL="https://x-access-token:${NAS_INFRA_TOKEN}@git.zhengchentao.win/dev/nas-infra.git"
+          else
+            CLONE_URL="https://git.zhengchentao.win/dev/nas-infra.git"
+          fi
+
+          git clone --depth 1 "$CLONE_URL" "$TMPDIR/nas-infra"
+          cd "$TMPDIR/nas-infra/ezbookkeeping"
+
+          docker compose pull
+          docker compose up -d
+
+          # 简单 health：列容器状态 + 输出最近日志
+          sleep 3
+          docker compose ps
+          docker compose logs --tail=30 ezbookkeeping
@@ -1,17 +0,0 @@
-name: Deploy Docker Image
-
-on:
-  workflow_dispatch
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Execute custom script
-        run: |
-          cat >> deploy.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_DEPLOY_SCRIPTS }}
-          EOF
-          chmod +x deploy.sh
-          ./deploy.sh
@@ -1,61 +0,0 @@
-name: Docker Release
-
-on:
-  push:
-    tags:
-      - v*
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ secrets.DOCKER_REPO }}/mayswind/ezbookkeeping
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          image: tonistiigi/binfmt:qemu-v8.1.5
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Set up the environment
-        run: |
-          sed -r -i 's#FROM( --.*)? (.*:.*)?#FROM\1 ${{ secrets.DOCKER_REPO }}/mirrors/\2#g' Dockerfile
-          cat >> docker/custom-backend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_BACKEND_PRE_SETUP }}
-          EOF
-          cat >> docker/custom-frontend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_FRONTEND_PRE_SETUP }}
-          EOF
-          chmod +x docker/custom-backend-pre-setup.sh
-          chmod +x docker/custom-frontend-pre-setup.sh
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          file: Dockerfile
-          context: .
-          platforms: ${{ vars.BUILD_RELEASE_PLATFORMS }}
-          push: true
-          build-args: |
-            RELEASE_BUILD=1
-            BUILD_PIPELINE=1
-            CHECK_3RD_API=${{ vars.CHECK_3RD_API }}
-            SKIP_TESTS=${{ vars.SKIP_TESTS }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,60 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ secrets.DOCKER_REPO }}/mayswind/ezbookkeeping
-          tags: |
-            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
-            type=raw,value=latest-snapshot
-            type=sha,format=short,prefix=SNAPSHOT-
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          image: tonistiigi/binfmt:qemu-v8.1.5
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Set up the environment
-        run: |
-          sed -r -i 's#FROM( --.*)? (.*:.*)?#FROM\1 ${{ secrets.DOCKER_REPO }}/mirrors/\2#g' Dockerfile
-          cat >> docker/custom-backend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_BACKEND_PRE_SETUP }}
-          EOF
-          cat >> docker/custom-frontend-pre-setup.sh <<EOF
-          #!/bin/sh
-          ${{ vars.CUSTOM_FRONTEND_PRE_SETUP }}
-          EOF
-          chmod +x docker/custom-backend-pre-setup.sh
-          chmod +x docker/custom-frontend-pre-setup.sh
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          file: Dockerfile
-          context: .
-          platforms: ${{ vars.BUILD_SNAPSHOT_PLATFORMS }}
-          push: true
-          build-args: |
-            BUILD_PIPELINE=1
-            CHECK_3RD_API=${{ vars.CHECK_3RD_API }}
-            SKIP_TESTS=${{ vars.SKIP_TESTS }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -0,0 +1,39 @@
+name: Sync from upstream
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: '要同步的 release tag（留空则同步到 upstream/main 的最新 tag）'
+        required: false
+        default: ''
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          token: ${{ secrets.SYNC_TOKEN }}
+
+      - name: Sync main to release tag
+        run: |
+          git config user.name "gitea-actions"
+          git config user.email "actions@gitea.local"
+          git remote add upstream https://git.zhengchentao.win/mirror/ezbookkeeping.git
+          git fetch upstream --tags
+
+          if [ -n "${{ inputs.tag }}" ]; then
+            TARGET="${{ inputs.tag }}"
+          else
+            TARGET=$(git tag -l --sort=-v:refname | head -n 1)
+          fi
+
+          echo "==> Syncing main to $TARGET"
+          git rev-parse "$TARGET" || { echo "❌ Tag $TARGET not found"; exit 1; }
+
+          git checkout -B main origin/main
+          git reset --hard "$TARGET"
+          git push origin main --force-with-lease
+          git push origin --tags
@@ -0,0 +1,69 @@
+name: Bug Report
+description: Report a bug in ezBookkeeping
+body:
+  - type: checkboxes
+    id: checkboxes
+    attributes:
+      label: Before You Submit
+      description: Please check whether the following items have been completed.
+      options:
+        - label: I've already checked this bug hasn't been raised in [issues](https://github.com/mayswind/ezbookkeeping/issues)
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Description
+      description: Please provide a brief description of this bug.
+    validations:
+      required: true
+
+  - type: textarea
+    id: reproduction-steps
+    attributes:
+      label: Steps to reproduce
+      description: Please describe the steps to reproduce this bug.
+      placeholder: |
+        1.
+        2.
+        3.
+    validations:
+      required: true
+
+  - type: input
+    id: ezbookkeeping-version
+    attributes:
+      label: ezBookkeeping Version
+      description: ezBookkeeping version and commit hash of your instance, e.g. "v1.0.0 (20e2444)"
+    validations:
+      required: true
+
+  - type: input
+    id: server-os
+    attributes:
+      label: Server Operating System
+      description: The operating system information you are using to deploy ezBookkeeping, e.g "Debian GNU/Linux 11 amd64"
+
+  - type: input
+    id: server-database
+    attributes:
+      label: Database
+      description: The database system you are using, e.g. "MariaDB v11.7.2"
+
+  - type: dropdown
+    id: reproduce-on-demo-site
+    attributes:
+      label: Can you reproduce this bug on the ezBookkeeping demo site?
+      description: |
+        ezBookkeeping demo site: https://ezbookkeeping-demo.mayswind.net/
+      options:
+        - "No"
+        - "Yes"
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional information
+      description: If you can, provide any related screenshots or logs here.
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Frequently Asked Questions
+    url: https://ezbookkeeping.mayswind.net/faq
+    about: Please check whether your question has already been mentioned here.
+  - name: Usage Questions
+    url: https://github.com/mayswind/ezbookkeeping/discussions/categories/q-a
+    about: Questions about using ezBookkeeping can be discussed in GitHub Discussions.
@@ -0,0 +1,25 @@
+name: Feature Request
+description: Request a feature or enhancement for ezBookkeeping
+body:
+  - type: checkboxes
+    id: checkboxes
+    attributes:
+      label: Before You Submit
+      description: Please check whether the following items have been completed.
+      options:
+        - label: I've already checked this request hasn't been raised in [issues](https://github.com/mayswind/ezbookkeeping/issues)
+          required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: Feature Description
+      description: Please describe your feature request.
+    validations:
+      required: true
+
+  - type: textarea
+    id: additional-context
+    attributes:
+      label: Additional information
+      description: If you can, provide any other context or screenshots about this feature request here.
@@ -0,0 +1,124 @@
+name: Build docker image and package for linux
+
+inputs:
+  release-build:
+    required: false
+    type: string
+  build-unix-time:
+    required: false
+    type: string
+  build-date:
+    required: false
+    type: string
+  check-3rd-api:
+    required: false
+    type: string
+  skip-tests:
+    required: false
+    type: string
+  platform:
+    required: true
+    type: string
+  platform-name:
+    required: true
+    type: string
+  docker-push:
+    required: true
+    type: boolean
+  docker-image-name:
+    required: true
+    type: string
+  docker-username:
+    required: false
+    type: string
+  docker-password:
+    required: false
+    type: string
+  docker-bake-meta-file-path:
+    required: true
+    type: string
+  docker-bake-meta-artifact-name:
+    required: true
+    type: string
+  docker-bake-digests-file-path:
+    required: true
+    type: string
+  docker-bake-digests-artifact-name-prefix:
+    required: true
+    type: string
+  package-file-name-prefix:
+    required: true
+    type: string
+  package-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v3
+
+    - name: Download docker bake meta artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-meta-artifact-name }}
+        path: ${{ runner.temp }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      if: ${{ inputs.docker-username != '' && inputs.docker-password != '' }}
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.docker-username }}
+        password: ${{ inputs.docker-password }}
+
+    - name: Build docker for ${{ inputs.platform-name }}
+      id: bake
+      uses: docker/bake-action@v6
+      with:
+        files: |
+          ./docker-bake.hcl
+          cwd://${{ inputs.docker-bake-meta-file-path }}
+        source: .
+        targets: image
+        set: |
+          *.tags=${{ inputs.docker-image-name }}
+          *.platform=${{ inputs.platform }}
+          *.args.RELEASE_BUILD=${{ inputs.release-build }}
+          *.args.BUILD_PIPELINE=1
+          *.args.BUILD_UNIXTIME=${{ inputs.build-unix-time }}
+          *.args.BUILD_DATE=${{ inputs.build-date }}
+          *.args.CHECK_3RD_API=${{ inputs.check-3rd-api }}
+          *.args.SKIP_TESTS=${{ inputs.skip-tests }}
+          *.output=type=image,push-by-digest=true,name-canonical=true,push=${{ inputs.docker-push }}
+          *.output+=type=local,dest=${{ runner.temp }}/package
+
+    - name: Export digests file for ${{ inputs.platform-name }}
+      shell: bash
+      run: |
+        digest="${{ fromJSON(steps.bake.outputs.metadata).image['containerimage.digest'] }}"
+        mkdir -p ${{ inputs.docker-bake-digests-file-path }}
+        touch "${{ inputs.docker-bake-digests-file-path }}/${digest#sha256:}"
+
+    - name: Build package file for ${{ inputs.platform-name }}
+      shell: bash
+      run: |
+        cd ${{ runner.temp }}/package/ezbookkeeping
+        tar -czf ${{ runner.temp }}/${{ inputs.package-file-name-prefix }}-${{ inputs.platform-name }}.tar.gz *
+
+    - name: Upload ${{ inputs.platform-name }} digests artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-digests-artifact-name-prefix }}-${{ inputs.platform-name }}
+        path: ${{ inputs.docker-bake-digests-file-path }}/*
+        if-no-files-found: error
+
+    - name: Upload artifact for ${{ inputs.platform-name }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-${{ inputs.platform-name }}
+        path: ${{ runner.temp }}/${{ inputs.package-file-name-prefix }}-${{ inputs.platform-name }}.tar.gz
+        if-no-files-found: error
@@ -0,0 +1,76 @@
+name: Build backend file for windows
+
+inputs:
+  go-version:
+    required: false
+    default: "1.25.7"
+  mingw-version:
+    required: false
+    default: "15.2.0"
+  mingw-revison:
+    required: false
+    default: "v13-rev1"
+  release-build:
+    required: false
+    type: string
+  build-unix-time:
+    required: false
+    type: string
+  build-date:
+    required: false
+    type: string
+  check-3rd-api:
+    required: false
+    type: string
+  skip-tests:
+    required: false
+    type: string
+  backend-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set up Go
+      uses: actions/setup-go@v6
+      with:
+        go-version: ${{ inputs.go-version }}
+
+    - name: Install MinGW
+      shell: pwsh
+      run: |
+        $mingwVersion = "${{ inputs.mingw-version }}"
+        $mingwRevision = "${{ inputs.mingw-revison }}"
+        $url = "https://github.com/niXman/mingw-builds-binaries/releases/download/${mingwVersion}-rt_${mingwRevision}/x86_64-${mingwVersion}-release-posix-seh-ucrt-rt_${mingwRevision}.7z"
+        $archive = "C:\mingw.7z"
+        $mingwDir = "C:\mingw64"
+
+        Write-Host "Downloading MinGW from ${url}"
+        Invoke-WebRequest -Uri ${url} -OutFile ${archive}
+
+        Remove-Item -Recurse -Force ${mingwDir}
+        New-Item -ItemType Directory -Path ${mingwDir}
+
+        Write-Host "Extracting MinGW to ${mingwDir}"
+        7z x ${archive} -oC:\
+        "${mingwDir}\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
+
+    - name: Build backend for windows-x64
+      shell: pwsh
+      env:
+        RELEASE_BUILD: "${{ inputs.release-build }}"
+        BUILD_PIPELINE: "1"
+        BUILD_UNIXTIME: "${{ inputs.build-unix-time }}"
+        BUILD_DATE: "${{ inputs.build-date }}"
+        CHECK_3RD_API: "${{ inputs.check-3rd-api }}"
+        SKIP_TESTS: "${{ inputs.skip-tests }}"
+      run: |
+        .\build.ps1 backend
+
+    - name: Upload windows backend artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.backend-artifact-name-prefix }}-windows-x64
+        path: ezbookkeeping.exe
+        if-no-files-found: error
@@ -0,0 +1,57 @@
+name: Build packages for windows
+
+inputs:
+  package-file-name-prefix:
+    required: true
+    type: string
+  package-artifact-name-prefix:
+    required: true
+    type: string
+  backend-artifact-name-prefix:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download windows-x64 backend file
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.backend-artifact-name-prefix }}-windows-x64
+        path: ${{ runner.temp }}\backend
+
+    - name: Download linux-amd64 packaged files
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-linux-amd64
+        path: ${{ runner.temp }}\package
+
+    - name: Extract frontend files from linux-amd64 package
+      shell: pwsh
+      run: |
+        New-Item -ItemType Directory -Path package
+        tar -xzf (Get-ChildItem ${{ runner.temp }}\package\${{ inputs.package-file-name-prefix }}-linux-amd64.tar.gz) -C package
+
+    - name: Package windows-x64 package
+      shell: pwsh
+      run: |
+        New-Item -ItemType Directory -Path "ezbookkeeping"
+        New-Item -ItemType Directory -Path "ezbookkeeping\data"
+        New-Item -ItemType Directory -Path "ezbookkeeping\storage"
+        New-Item -ItemType Directory -Path "ezbookkeeping\log"
+        Copy-Item ${{ runner.temp }}\backend\ezbookkeeping.exe -Destination ezbookkeeping\
+        Copy-Item -Recurse -Force package\public -Destination ezbookkeeping\public
+        Copy-Item -Recurse -Force conf -Destination ezbookkeeping\conf
+        Copy-Item -Recurse -Force templates -Destination ezbookkeeping\templates
+        Copy-Item .\LICENSE -Destination ezbookkeeping\
+        Push-Location ezbookkeeping
+        7z a -r -tzip -mx9 ..\${{ inputs.package-file-name-prefix }}-windows-x64.zip *
+        Pop-Location
+        Remove-Item -Recurse -Force ezbookkeeping
+
+    - name: Upload windows artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.package-artifact-name-prefix }}-windows-x64
+        path: ${{ inputs.package-file-name-prefix }}-windows-x64.zip
+        if-no-files-found: error
@@ -0,0 +1,58 @@
+name: Push linux docker multi-arch image to registry
+
+inputs:
+  docker-image-name:
+    required: true
+    type: string
+  docker-username:
+    required: true
+    type: string
+  docker-password:
+    required: true
+    type: string
+  docker-bake-meta-file-path:
+    required: true
+    type: string
+  docker-bake-meta-artifact-name:
+    required: true
+    type: string
+  docker-bake-digests-file-path:
+    required: true
+    type: string
+  docker-bake-digests-artifact-name-prefix:
+    required: true
+    type: string
+  docker-image-tags:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Download docker bake meta artifact
+      uses: actions/download-artifact@v4
+      with:
+        name: ${{ inputs.docker-bake-meta-artifact-name }}
+        path: ${{ runner.temp }}
+
+    - name: Download digests artifact
+      uses: actions/download-artifact@v4
+      with:
+        pattern: ${{ inputs.docker-bake-digests-artifact-name-prefix }}-*
+        merge-multiple: true
+        path: ${{ inputs.docker-bake-digests-file-path }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Login to DockerHub
+      uses: docker/login-action@v3
+      with:
+        username: ${{ inputs.docker-username }}
+        password: ${{ inputs.docker-password }}
+
+    - name: Create manifest and push
+      shell: bash
+      working-directory: ${{ inputs.docker-bake-digests-file-path }}
+      run: |
+        docker buildx imagetools create $(echo "${{ inputs.docker-image-tags }}" | xargs -I {} echo -n " -t {}") $(printf '${{ inputs.docker-image-name }}@sha256:%s ' *)
@@ -0,0 +1,352 @@
+const fs = require('fs');
+const path = require('path');
+
+const FRONTEND_LOCALES_DIR = path.join(__dirname, '..', '..', 'src', 'locales');
+const BACKEND_LOCALES_DIR = path.join(__dirname, '..', '..', 'pkg', 'locales');
+const OUTPUT_DIR = process.argv[2] || path.join(__dirname, '..', '..', 'i18n-badge');
+
+const DEFAULT_LANGUAGE_TAG = 'en';
+
+const BACKEND_SKIP_STRUCTS = new Set([
+    'GlobalTextItems',
+    'DefaultTypes',
+    'DataConverterTextItems',
+]);
+
+function discoverFrontendLanguages() {
+    const indexPath = path.join(FRONTEND_LOCALES_DIR, 'index.ts');
+    const content = fs.readFileSync(indexPath, 'utf-8');
+
+    const importMap = {};
+    const importRegex = /import\s+(\w+)\s+from\s+['"]\.\/([\w_]+\.json)['"]/g;
+    let match;
+
+    while ((match = importRegex.exec(content)) !== null) {
+        importMap[match[1]] = match[2];
+    }
+
+    const result = {};
+    const langRegex = /['"]([^'"]+)['"]\s*:\s*\{[^}]*content\s*:\s*(\w+)/g;
+
+    while ((match = langRegex.exec(content)) !== null) {
+        const tag = match[1];
+        const varName = match[2];
+
+        if (importMap[varName]) {
+            result[tag] = importMap[varName];
+        }
+    }
+
+    return result;
+}
+
+function discoverBackendLanguages() {
+    const allLocalesPath = path.join(BACKEND_LOCALES_DIR, 'all_locales.go');
+    const content = fs.readFileSync(allLocalesPath, 'utf-8');
+
+    const result = {};
+    const entryRegex = /"([^"]+)"\s*:\s*\{[^}]*Content\s*:\s*(\w+)/g;
+    let match;
+
+    while ((match = entryRegex.exec(content)) !== null) {
+        const tag = match[1];
+        const fileName = tag.toLowerCase().replace(/-/g, '_') + '.go';
+        const filePath = path.join(BACKEND_LOCALES_DIR, fileName);
+
+        if (fs.existsSync(filePath)) {
+            result[tag] = fileName;
+        }
+    }
+
+    return result;
+}
+
+function flattenJSON(obj, prefix) {
+    const result = {};
+
+    for (const key of Object.keys(obj)) {
+        const fullKey = prefix ? prefix + '.' + key : key;
+
+        if (typeof obj[key] === 'object' && obj[key] !== null) {
+            Object.assign(result, flattenJSON(obj[key], fullKey));
+        } else {
+            result[fullKey] = obj[key];
+        }
+    }
+
+    return result;
+}
+
+function shouldSkipFrontendKey(key) {
+    if (key.startsWith('global.')) {
+        return true;
+    } else if (key.startsWith('default.')) {
+        return true;
+    } else if (key.startsWith('currency.')) {
+        if (key.startsWith('currency.unit.')) {
+            return true;
+        } else {
+            return false;
+        }
+    } else if (key.startsWith('mapprovider.')) {
+        return true;
+    } else if (key.startsWith('encoding.')) {
+        return true;
+    } else if (key.startsWith('document.')) {
+        if (key.startsWith('document.anchor.')) {
+            return true;
+        } else {
+            return false;
+        }
+    } else {
+        return false;
+    }
+}
+
+function isFrontendAlwaysTranslatedKey(key) {
+    if (key.startsWith('language.')) {
+        return true;
+    } else if (key.startsWith('format.')) {
+        if (key.startsWith('format.misc.')) {
+            if (key === 'format.misc.multiTextJoinSeparator') {
+                return true;
+            } else if (key === 'format.misc.eachMonthDayInMonthDays') {
+                return true;
+            } else {
+                return false;
+            }
+        } else {
+            return true;
+        }
+    } else if (key.startsWith('datetime.')) {
+        return true;
+    } else if (key.startsWith('timezone.')) {
+        return true;
+    } else if (key.startsWith('currency.')) {
+        if (key === 'currency.name.EUR') {
+            return true;
+        } else {
+            return false;
+        }
+    } else if (key.startsWith('parameter.')) {
+        if (key === 'parameter.id') {
+            return true;
+        } else {
+            return false;
+        }
+    } else {
+        if (key === 'OK') {
+            return true;
+        } else {
+            return false;
+        }
+    }
+}
+
+function extractGoStringFields(content) {
+    const fields = [];
+    const structBlockRegex = /(\w+):\s*&\w+\{([^}]*)\}/gs;
+    let blockMatch;
+
+    while ((blockMatch = structBlockRegex.exec(content)) !== null) {
+        const structName = blockMatch[1];
+        const blockBody = blockMatch[2];
+        const fieldRegex = /(\w+):\s+"((?:[^"\\]|\\.)*)"/g;
+        let fieldMatch;
+
+        while ((fieldMatch = fieldRegex.exec(blockBody)) !== null) {
+            fields.push({
+                struct: structName,
+                name: fieldMatch[1],
+                value: fieldMatch[2],
+            });
+        }
+    }
+
+    return fields;
+}
+
+function getProgressColor(progress) {
+    if (progress >= 95) {
+        return 'brightgreen';
+    } else if (progress >= 90) {
+        return 'green';
+    } else if (progress >= 70) {
+        return 'yellowgreen';
+    } else if (progress >= 50) {
+        return 'yellow';
+    } else if (progress >= 20) {
+        return 'orange';
+    } else {
+        return 'red';
+    }
+}
+
+function main() {
+    const frontendLangs = discoverFrontendLanguages();
+    const backendLangs = discoverBackendLanguages();
+    const allTags = new Set([...Object.keys(frontendLangs), ...Object.keys(backendLangs)]);
+
+    console.log('Discovered ' + allTags.size + ' languages: ' + [...allTags].sort().join(', '));
+
+    const defaultFrontendJSON = JSON.parse(fs.readFileSync(path.join(FRONTEND_LOCALES_DIR, `${DEFAULT_LANGUAGE_TAG}.json`), 'utf-8'));
+    const defaultFrontendItemsMap = flattenJSON(defaultFrontendJSON, '');
+    const defaultFrontendKeys = Object.keys(defaultFrontendItemsMap);
+    const frontendTranslatableKeys = defaultFrontendKeys.filter(function (k) {
+        return !shouldSkipFrontendKey(k);
+    });
+    const frontendSkippedCount = defaultFrontendKeys.length - frontendTranslatableKeys.length;
+    const frontendTotal = frontendTranslatableKeys.length;
+
+    const defaultBackendContent = fs.readFileSync(path.join(BACKEND_LOCALES_DIR, `${DEFAULT_LANGUAGE_TAG}.go`), 'utf-8');
+    const defaultBackendItems = extractGoStringFields(defaultBackendContent);
+    const defaultBackendTranslatableItems = defaultBackendItems.filter(function (f) {
+        return !BACKEND_SKIP_STRUCTS.has(f.struct);
+    });
+    const backendSkippedCount = defaultBackendItems.length - defaultBackendTranslatableItems.length;
+    const backendTotal = defaultBackendTranslatableItems.length;
+
+    console.log('Frontend: ' + frontendTotal + ' translatable keys (' + frontendSkippedCount + ' excluded)');
+    console.log('Backend: ' + backendTotal + ' translatable fields (' + backendSkippedCount + ' excluded)');
+
+    const results = {};
+    const untranslatedKeys = {};
+
+    for (const tag of allTags) {
+        results[tag] = {
+            languageTag: tag,
+            frontendTranslated: 0,
+            frontendTotal: frontendTotal,
+            backendTranslated: 0,
+            backendTotal: backendTotal
+        };
+        untranslatedKeys[tag] = [];
+    }
+
+    for (const tag of Object.keys(frontendLangs)) {
+        if (tag === DEFAULT_LANGUAGE_TAG) {
+            results[tag].frontendTranslated = frontendTotal;
+            continue;
+        }
+
+        const file = frontendLangs[tag];
+        const filePath = path.join(FRONTEND_LOCALES_DIR, file);
+
+        if (!fs.existsSync(filePath)) {
+            continue;
+        }
+
+        const json = JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+        const kv = flattenJSON(json, '');
+        let translated = 0;
+
+        for (const key of frontendTranslatableKeys) {
+            if (kv[key] !== undefined && kv[key] !== '' && (kv[key] !== defaultFrontendItemsMap[key] || isFrontendAlwaysTranslatedKey(key))) {
+                translated++;
+            } else {
+                untranslatedKeys[tag].push({ source: path.join('src', 'locales', file), key: key, defaultValue: defaultFrontendItemsMap[key], value: kv[key] });
+            }
+        }
+
+        results[tag].frontendTranslated = translated;
+    }
+
+    for (const tag of Object.keys(backendLangs)) {
+        if (tag === DEFAULT_LANGUAGE_TAG) {
+            results[tag].backendTranslated = backendTotal;
+            continue;
+        }
+
+        const file = backendLangs[tag];
+        const filePath = path.join(BACKEND_LOCALES_DIR, file);
+
+        if (!fs.existsSync(filePath)) {
+            continue;
+        }
+
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const fields = extractGoStringFields(content).filter(function (f) {
+            return !BACKEND_SKIP_STRUCTS.has(f.struct);
+        });
+        let translated = 0;
+
+        for (let i = 0; i < defaultBackendTranslatableItems.length; i++) {
+            if (i < fields.length && fields[i].value !== defaultBackendTranslatableItems[i].value) {
+                translated++;
+            } else {
+                untranslatedKeys[tag].push({ source: path.join('pkg', 'locales', file), key: defaultBackendTranslatableItems[i].struct + '.' + defaultBackendTranslatableItems[i].name, defaultValue: defaultBackendTranslatableItems[i].value, value: (i < fields.length) ? fields[i].value : null });
+            }
+        }
+
+        results[tag].backendTranslated = translated;
+    }
+
+    for (const tag of Object.keys(results)) {
+        const r = results[tag];
+        const totalTranslated = r.frontendTranslated + r.backendTranslated;
+        const totalItems = r.frontendTotal + r.backendTotal;
+        r.totalProgress = Math.round((totalTranslated / totalItems) * 10000) / 100;
+    }
+
+    const sortedResults = {};
+    var sortedTags = Object.keys(results).sort();
+
+    for (const tag of sortedTags) {
+        sortedResults[tag] = results[tag];
+    }
+
+    if (!fs.existsSync(OUTPUT_DIR)) {
+        fs.mkdirSync(OUTPUT_DIR, { recursive: true });
+    }
+
+    var badgesDir = path.join(OUTPUT_DIR, 'badges');
+
+    if (!fs.existsSync(badgesDir)) {
+        fs.mkdirSync(badgesDir, { recursive: true });
+    }
+
+    fs.writeFileSync(
+        path.join(OUTPUT_DIR, 'i18n-progress.json'),
+        JSON.stringify(sortedResults, null, 4) + '\n'
+    );
+
+    for (const tag of sortedTags) {
+        const data = sortedResults[tag];
+        const badge = {
+            schemaVersion: 1,
+            label: 'translation',
+            message: data.totalProgress + '%',
+            color: getProgressColor(data.totalProgress)
+        };
+
+        fs.writeFileSync(
+            path.join(badgesDir, tag + '.json'),
+            JSON.stringify(badge, null, 4) + '\n'
+        );
+    }
+
+    var untranslatedDir = path.join(OUTPUT_DIR, 'untranslated');
+
+    if (!fs.existsSync(untranslatedDir)) {
+        fs.mkdirSync(untranslatedDir, { recursive: true });
+    }
+
+    for (const tag of sortedTags) {
+        const items = untranslatedKeys[tag] || [];
+
+        fs.writeFileSync(
+            path.join(untranslatedDir, tag + '.json'),
+            JSON.stringify(items, null, 4) + '\n'
+        );
+    }
+
+    for (const tag of sortedTags) {
+        const data = sortedResults[tag];
+        const missingCount = (untranslatedKeys[tag] || []).length;
+        console.log(tag + ': ' + data.totalProgress + '% (frontend: ' + data.frontendTranslated + '/' + data.frontendTotal + ', backend: ' + data.backendTranslated + '/' + data.backendTotal + ', untranslated: ' + missingCount + ')');
+    }
+
+    console.log('\nResults written to ' + OUTPUT_DIR);
+}
+
+main();
@@ -0,0 +1,39 @@
+name: Build and Push Docker Image
+
+on:
+  push:
+    branches:
+      - myrequirement
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Log in to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Set lowercase image name
+        run: echo "IMAGE_NAME=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ghcr.io/${{ env.IMAGE_NAME }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
@@ -0,0 +1,150 @@
+name: Build for Non-Main Branches
+
+on:
+  push:
+    branches-ignore:
+      - main
+      - myrequirement
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=dev-${{ github.run_id }}
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-dev-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-dev-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-dev-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: false
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: false
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
@@ -0,0 +1,204 @@
+name: Build Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-version: ${{ steps.meta.outputs.version }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-release-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-release-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-${{ github.ref_name }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-release-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-release-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  push-linux-docker:
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/push-linux-docker
+        with:
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          docker-image-tags: ${{ needs.setup.outputs.docker-tags }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          release-build: 1
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  publish-release:
+    runs-on: ubuntu-latest
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+      - build-windows-package
+      - push-linux-docker
+    steps:
+      - name: Download all packaged files
+        uses: actions/download-artifact@v4
+        with:
+          pattern: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}-*
+          merge-multiple: true
+          path: release-files
+
+      - name: Publish Release ${{ github.ref_name }}
+        uses: softprops/action-gh-release@v2
+        with:
+          name: ${{ github.ref_name }}
+          tag_name: ${{ github.ref_name }}
+          files: ./release-files/*
+          draft: true
@@ -0,0 +1,177 @@
+name: Build Snapshot
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  setup:
+    runs-on: ubuntu-latest
+    outputs:
+      build-unix-time: ${{ steps.variable.outputs.build_unix_time }}
+      build-date: ${{ steps.variable.outputs.build_date }}
+      docker-version: ${{ steps.meta.outputs.version }}
+      docker-tags: ${{ steps.meta.outputs.tags }}
+      docker-labels: ${{ steps.meta.outputs.labels }}
+      ezbookkeeping-docker-bake-meta-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+      ezbookkeeping-docker-bake-meta-artifact-name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+      ezbookkeeping-docker-digests-file-path: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_file_path }}
+      ezbookkeeping-docker-digests-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_docker_digests_artifact_name_prefix }}
+      ezbookkeeping-package-file-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_file_name_prefix }}
+      ezbookkeeping-package-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_package_artifact_name_prefix }}
+      ezbookkeeping-backend-artifact-name-prefix: ${{ steps.variable.outputs.ezbookkeeping_backend_artifact_name_prefix }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ vars.DOCKER_IMAGE_NAME }}
+          tags: |
+            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}-${{ github.run_id }}
+            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
+            type=raw,value=latest-snapshot
+
+      - name: Set up variables
+        id: variable
+        run: |
+          echo "build_unix_time=$(date '+%s')" >> "$GITHUB_OUTPUT"
+          echo "build_date=$(date '+%Y%m%d')" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_file_path=${{ runner.temp }}/bake-meta.json" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_bake_meta_artifact_name=ezbookkeeping-build-dev-docker-bake-meta-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_file_path=${{ runner.temp }}/digests" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_docker_digests_artifact_name_prefix=ezbookkeeping-build-dev-digests-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_file_name_prefix=ezbookkeeping-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_package_artifact_name_prefix=ezbookkeeping-build-dev-package-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+          echo "ezbookkeeping_backend_artifact_name_prefix=ezbookkeeping-build-dev-backend-${{ github.run_id }}" >> "$GITHUB_OUTPUT"
+
+      - name: Rename docker bake meta file
+        run: |
+          mv "${{ steps.meta.outputs.bake-file }}" "${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}"
+
+      - name: Upload docker bake meta artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_artifact_name }}
+          path: ${{ steps.variable.outputs.ezbookkeeping_docker_bake_meta_file_path }}
+          if-no-files-found: error
+
+  build-linux-docker-and-package-x86:
+    runs-on: ubuntu-24.04
+    needs:
+      - setup
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: linux/amd64
+          platform-name: linux-amd64
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  build-linux-docker-and-package-arm:
+    runs-on: ubuntu-24.04-arm
+    needs:
+      - setup
+    strategy:
+      matrix:
+        include:
+          - platform: linux/arm64/v8
+            platform-name: linux-arm64
+          - platform: linux/arm/v7
+            platform-name: linux-armv7
+          - platform: linux/arm/v6
+            platform-name: linux-armv6
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-linux-docker-and-package
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          platform: ${{ matrix.platform }}
+          platform-name: ${{ matrix.platform-name }}
+          docker-push: true
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+
+  push-linux-docker:
+    needs:
+      - setup
+      - build-linux-docker-and-package-x86
+      - build-linux-docker-and-package-arm
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/push-linux-docker
+        with:
+          docker-image-name: ${{ vars.DOCKER_IMAGE_NAME }}
+          docker-username: ${{ vars.DOCKER_USERNAME }}
+          docker-password: ${{ secrets.DOCKER_PASSWORD }}
+          docker-bake-meta-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-file-path }}
+          docker-bake-meta-artifact-name: ${{ needs.setup.outputs.ezbookkeeping-docker-bake-meta-artifact-name }}
+          docker-bake-digests-file-path: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-file-path }}
+          docker-bake-digests-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-docker-digests-artifact-name-prefix }}
+          docker-image-tags: ${{ needs.setup.outputs.docker-tags }}
+
+  build-windows-backend:
+    needs:
+      - setup
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-backend
+        with:
+          build-unix-time: ${{ needs.setup.outputs.build-unix-time }}
+          build-date: ${{ needs.setup.outputs.build-date }}
+          check-3rd-api: ${{ vars.CHECK_3RD_API }}
+          skip-tests: ${{ vars.SKIP_TESTS }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
+
+  build-windows-package:
+    needs:
+      - setup
+      - build-windows-backend
+      - build-linux-docker-and-package-x86
+    runs-on: windows-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - uses: ./.github/actions/build-windows-package
+        with:
+          package-file-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-file-name-prefix }}
+          package-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-package-artifact-name-prefix }}
+          backend-artifact-name-prefix: ${{ needs.setup.outputs.ezbookkeeping-backend-artifact-name-prefix }}
@@ -1,57 +0,0 @@
-name: Docker Release
-
-on:
-  push:
-    tags:
-      - v*
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ secrets.DOCKER_USERNAME }}/ezbookkeeping
-          tags: |
-            type=semver,pattern={{version}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=raw,value=latest
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          image: tonistiigi/binfmt:qemu-v8.1.5
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          file: Dockerfile
-          context: .
-          platforms: |
-            linux/amd64
-            linux/arm64/v8
-            linux/arm/v7
-            linux/arm/v6
-          push: true
-          build-args: |
-            RELEASE_BUILD=1
-            BUILD_PIPELINE=1
-            CHECK_3RD_API=${{ vars.CHECK_3RD_API }}
-            SKIP_TESTS=${{ vars.SKIP_TESTS }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,55 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Docker meta
-        id: meta
-        uses: docker/metadata-action@v5
-        with:
-          images: |
-            ${{ secrets.DOCKER_USERNAME }}/ezbookkeeping
-          tags: |
-            type=raw,value=SNAPSHOT-{{date 'YYYYMMDD'}}
-            type=raw,value=latest-snapshot
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-        with:
-          image: tonistiigi/binfmt:qemu-v8.1.5
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
-        with:
-          file: Dockerfile
-          context: .
-          platforms: |
-            linux/amd64
-            linux/arm64/v8
-            linux/arm/v7
-            linux/arm/v6
-          push: true
-          build-args: |
-            BUILD_PIPELINE=1
-            CHECK_3RD_API=${{ vars.CHECK_3RD_API }}
-            SKIP_TESTS=${{ vars.SKIP_TESTS }}
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
@@ -1,32 +0,0 @@
-name: Docker Snapshot
-
-on:
-  push:
-    branches-ignore:
-      - main
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      -
-        name: Checkout
-        uses: actions/checkout@v4
-      -
-        name: Login to DockerHub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      -
-        name: Build
-        uses: docker/build-push-action@v6
-        with:
-          file: Dockerfile
-          context: .
-          platforms: linux/amd64
-          push: false
-          build-args: |
-            BUILD_PIPELINE=1
-            CHECK_3RD_API=${{ vars.CHECK_3RD_API }}
-            SKIP_TESTS=${{ vars.SKIP_TESTS }}
@@ -0,0 +1,76 @@
+name: Update i18n Translation Progress Badges
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'src/locales/**'
+      - 'pkg/locales/**'
+  workflow_dispatch:
+
+jobs:
+  update-i18n-progress:
+    if: vars.UPDATE_I18N_BADGE_REPO == 'true'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+
+      - name: Update translation progress data
+        run: |
+          node .github/scripts/update-i18n-progress.js ${{ runner.temp }}/i18n-badge
+
+      - name: Checkout badge repository
+        uses: actions/checkout@v5
+        with:
+          repository: mayswind/ezbookkeeping-i18n-badge
+          token: ${{ secrets.I18N_BADGE_REPO_TOKEN }}
+          path: ezbookkeeping-i18n-badge
+
+      - name: Update badge data
+        run: |
+          rm -rf ezbookkeeping-i18n-badge/i18n-progress.json
+          cp ${{ runner.temp }}/i18n-badge/i18n-progress.json ezbookkeeping-i18n-badge/
+          mkdir -p ezbookkeeping-i18n-badge/badges
+          rm -rf ezbookkeeping-i18n-badge/badges/*
+          cp ${{ runner.temp }}/i18n-badge/badges/*.json ezbookkeeping-i18n-badge/badges/
+          mkdir -p ezbookkeeping-i18n-badge/untranslated
+          rm -rf ezbookkeeping-i18n-badge/untranslated/*
+          cp ${{ runner.temp }}/i18n-badge/untranslated/*.json ezbookkeeping-i18n-badge/untranslated/
+
+      - name: Commit and push
+        run: |
+          cd ezbookkeeping-i18n-badge
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add -A
+          if git diff --cached --quiet; then
+            echo "No changes to commit"
+          else
+            git commit -m "Update i18n progress data (${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }})"
+            git push
+          fi
+
+      - name: Purge GitHub camo image cache
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          CAMO_URLS=$(curl -s -H "Accept: application/vnd.github.html+json" -H "Authorization: token $GITHUB_TOKEN" "https://api.github.com/repos/${{ github.repository }}/readme" | grep -oP 'https://camo\.githubusercontent\.com/[^"]+' | sort -u)
+
+          if [ -z "$CAMO_URLS" ]; then
+            echo "No camo URLs found, skipping cache purge"
+            exit 0
+          fi
+
+          for url in $CAMO_URLS; do
+            echo "Purging: $url"
+            curl -s -X PURGE "$url" > /dev/null
+          done
+
+          echo "Purged $(echo "$CAMO_URLS" | wc -l) camo URLs"
@@ -147,3 +147,19 @@ dist/

 # Roo Code
 .roo/
+
+# Binary and build files
+ezbookkeeping
+!**/ezbookkeeping/
+package/
+
+# Environment variable files
+.env
+**/.env
+
+# Other directories
+data/
+storage/
+log/
+
+.claude/
@@ -0,0 +1,127 @@
+# CLAUDE.md
+
+本项目是 [mayswind/ezbookkeeping](https://github.com/mayswind/ezbookkeeping) 的个人 fork。
+
+> **本文件**：仓库分支模型、上游同步流程、CI 故障排查 —— meta 层
+> **[`FORK.md`](FORK.md)**：fork 相对上游的具体改动清单（feature 维度 + 进度状态）
+> **个人笔记**：通用 fork 工作流决策框架在 `fork-工作流决策框架.md`（不入库）
+
+本文件只记录**这个仓库的具体事实**，避免 Claude 会话误判。
+
+---
+
+## 仓库拓扑
+
+```
+github.com/mayswind/ezbookkeeping       （上游）
+        │  Gitea pull mirror（后台异步）
+        ▼
+git.zhengchentao.win/mirror/ezbookkeeping   （只读镜像）
+        │  CI workflow 拉过来
+        ▼
+git.zhengchentao.win/dev/ezbookkeeping     （origin，本地唯一 remote）
+```
+
+本地 `git remote -v` 只有 origin 一项，**没有手工配 upstream**。上游同步通过 custom 分支上的 workflow 在服务端完成，不是本地操作。
+
+---
+
+## 两个分支的职责（必须先理解，否则会改错地方）
+
+| 分支 | 职责 | force push? |
+|---|---|---|
+| `main` | **锚定上游 release tag**（当前 v1.4.0）。被 `.gitea/workflows/sync-upstream.yml` `git reset --hard <tag>` 覆写。**别在 main 上做任何改动** | 是（由 CI 做） |
+| `custom` | **所有个人改动 + workflow 文件都在这**：信用额度功能、UI 调整、个人需求清单、`.gitea/workflows/*.yml` 等。具体改动清单见 [`FORK.md`](FORK.md)。日常开发分支，**default branch** | 是（rebase 后人工做） |
+
+⚠️ **default branch 是 `custom`**。`git clone` 默认 checkout custom，直接是开发分支。
+
+### 历史：曾经存在过的 ci 分支（已退役）
+
+2026-05-02 之前曾经有第三个分支 `ci`，最初设计是把 `.gitea/workflows/*.yml` 单独放它上面以"meta/code 分离"。两周后发现 Gitea Actions runs 列表显示的 commit 是 workflow 文件所在 commit（即 ci 的 HEAD），不是被构建的代码 commit，UX 误导性强。
+
+把 workflow 挪回 custom 之后：
+- runs 列表 commit = 真实代码 commit ✅
+- `git clone` 默认落 custom 直接是开发分支 ✅
+- rebase 上游时 workflow 跟 custom 一起平移 ✅
+- 代价：失去"workflow 与代码完全独立"的设计美感 —— 这个分离原本就是过度设计
+
+**ci 分支于 2026-05-02 删除**，仅保留这段说明给后续 Claude 会话理解 git log 里"workflow 文件迁到 custom"这条提交（commit `555ecc1a`）的来龙去脉。**workflow 改动直接在 custom 上做**。
+
+---
+
+## custom 分支 workflow 清单
+
+`.gitea/workflows/` 当前有 2 个 workflow（2026-05-04 起 build+deploy 合并为单 workflow 双 job）：
+
+| 文件 | 触发 | 干什么 | 状态 |
+|---|---|---|---|
+| `sync-upstream.yml` | 手动（`workflow_dispatch`，可填 tag） | 服务端把 `dev/main` 强制 reset 到 mirror 上的指定 release tag（默认最新），然后 `push --force-with-lease` + 推 tags | ✅ 在用 |
+| `build-image.yml` | **自动**（push 到 custom 触发，`paths-ignore` 屏蔽 `**.md` / `.gitignore` / `LICENSE` / `screenshot/**` / `sync-upstream.yml`）+ 手动备选 | **两个 job 串联在同一 run 里**：①`build` job 装 buildkit v0.13.2 → 登录 Gitea registry → 构建镜像（带 OCI 标签 source/revision，Gitea 自动关联包到 repo）→ push 到 `git.zhengchentao.win/dev/ezbookkeeping:<hash>` 与 `:latest`，`build-args: BUILD_PIPELINE=1` 跳过活 API 测试。②`deploy` job (`needs: build`) 登录 registry → clone nas-infra → `docker compose pull && up -d` 重启 ezbookkeeping。私有 nas-infra 需要 `secrets.NAS_INFRA_TOKEN`，公开仓库不需要。UI 上 Actions 列表显示一条 run，run 详情里 dependency graph 显示 build → deploy | ✅ 日常发布通道 + 自动 CD |
+
+**已删**：
+- `docker-snapshot.yml` / `docker-release.yml`（2026-05-02，依赖未配的 `secrets.DOCKER_REPO`，永远失败）
+- `deploy.yml`（2026-05-04，合并进 `build-image.yml` 作为第二个 job，理由：原先 `workflow_run` 链触发会在 Actions 列表产生两条独立 run，UX 割裂；合并后单 run + dependency graph 看 build/deploy 状态一目了然）
+
+需要时再从 git 历史 cherry-pick 回来。
+
+---
+
+## 同步发布流程（rebase 模型）
+
+1. 上游出新 release（如 v1.4.0）→ Gitea pull mirror 自动把 tag 同步到 mirror
+2. 人工触发 `Sync from upstream` workflow → 服务端把 dev/main reset 到该 tag
+3. 本地 `git fetch && git checkout custom && git rebase origin/main`
+4. 解冲突（如有）→ 验证 → `git push --force-with-lease origin custom`
+5. **build-image workflow 自动触发**（force-push 也算 push 事件），构建新镜像；不需要手动点
+
+日常 feature commit 流程（全自动 CD）：
+
+1. 在 custom 上改代码 → commit → push
+2. **自动触发 build job**（除非只改了 `**.md` / `.gitignore` / `LICENSE` / `screenshot/**` / `sync-upstream.yml`）
+3. build 成功 → **同 run 内 deploy job 接力跑**（`needs: build` 串联）：clone nas-infra → docker compose pull → up -d
+4. 整条 push → build → deploy 链路无人工介入，UI 上是单条 run
+
+**并发取消策略**：`build-image.yml` 设了 `concurrency.cancel-in-progress: true`，连续多次 push 时**只构建+部署最新那一次**（同 run 里 build/deploy 是原子单元，一起取消）。例：连续 3 次 push 间隔 30 秒，第 1 次 build 跑到 30%、第 2 次到来取消它、第 3 次又取消第 2，最终只 build + deploy 第 3 次的代码。省 CI 时间又保证最终一致性。
+
+如果想跳过 build/deploy（例如手动多次 push 调试），commit 时只改文档相关文件即可（落在 paths-ignore 范围内）。如果想强制重打某个旧 commit，去 Actions UI 手动触发 `Build Docker Image`，填要打包的 branch / tag —— 注意手动触发也会跑 deploy job，**没有"只重新部署不重新 build"的单点入口了**（合并的代价，原 `deploy.yml` 那条路径已废）。临时只想重启容器：直接到 NAS 上 `docker compose up -d` 或在 Actions UI 临时禁用 deploy job。
+
+**为什么 rebase 不 merge**：个人项目，无团队协作语义要保留，线性历史更清爽。
+
+---
+
+## 给后续 Claude 会话的明确提示
+
+- 用户说"我的分支" / "切换到我的分支" → 指 `custom`
+- 用户说"rebase main" → 指 `git rebase origin/main`，目标是把 custom 的改动叠到最新上游 tag 之上
+- **不要在 `main` 分支上提交任何东西**（会被 CI 覆写）
+- **workflow 文件改动直接在 custom 上做**（2026-05-02 起，不再是 ci 分支）
+- force-push custom 是常规操作，但每次用 `--force-with-lease`，不直接 `--force`
+- 如果发现本地配了 upstream remote，那是历史遗留，不要依赖；以 origin/main 为准
+- `.claude/` 在 `.gitignore` 里（个人本地配置不入库），但 `CLAUDE.md` 本身入库
+
+---
+
+## 同步历史
+
+- **2026-05-01**：rebase custom → origin/main (v1.4.0)。22 个 custom-only 提交（含一个旧的 `Merge branch 'main' into myrequirement` commit）压平为 21 个线性提交。已 force-push origin/custom（`08c69042` → `fe265259`）。
+- **2026-05-02**：修 Gitea Actions `Build Docker Image` 工作流。三层故障，全部不在本仓库代码里：
+  - **TLS 雷**：`docker login` 走 host 进程不命中 PREROUTING REDIRECT，且 v6 撞 DSM nginx 的 CF Origin Cert。NAS 侧修：iptables 补 OUTPUT 对称规则 + `/etc/hosts` 显式 v4 兜底。详见 obsidian vault [[NAS/notes/内网证书路径]] §三.5/§三.6
+  - **buildkit 内核兼容**：runc 1.2+ 撞 DSM 4.4 内核。`.gitea/workflows/build-image.yml` 钉 `moby/buildkit:v0.13.2`（commit `acdbb5bf`）
+  - **backend 单元测试撞活 API**：`pkg/exchangerates/` 的 `TestExchangeRatesApiLatestExchangeRateHandler_*` 跑活 API（加拿大银行 / 乌兹别克央行），国内访问超时。upstream Dockerfile 已设 `ARG BUILD_PIPELINE`，测试代码看到 `BUILD_PIPELINE=1 && CHECK_3RD_API!=1` 时早退。修：workflow 加 `build-args: BUILD_PIPELINE=1`（commit `2dd8f099`），对齐上游 GH Actions
+- **2026-05-02 (后续)**：workflow 文件从 ci 分支迁到 custom，default branch 切到 custom（commit `555ecc1a`），随后**删掉 ci 分支**。原因：Gitea Actions runs 列表的 commit 字段一直显示 ci 的 workflow commit，不是被构建的代码 commit，UX 误导性强。挪到 custom 后列表直接显示真实代码 commit。同时清理上游残留的 `docker-release.yml` / `docker-snapshot.yml`（依赖未配的 `secrets.DOCKER_REPO`，永远失败）。仓库回到朴素的 main + custom 双分支模型
+- **2026-05-02 (numpad fix)**：FORK.md #11 定位 + 修复。小键盘点击卡顿真因是 `.numpad-button` 的 `touch-action: none`（上游 e178a079 引入）与 F7 tap 处理叠加，改为 `touch-action: manipulation`（commit `75b4d78d`）
+- **2026-05-04**：把 `deploy.yml` 合并进 `build-image.yml` 作为第二个 job（`needs: build`），删除 `deploy.yml`。原先 `workflow_run` 链路会在 Actions 列表产生两条独立 run（build 完一条、deploy 又一条），用户视角割裂；合并后 UI 列表单条 run，run 详情里 dependency graph 显示 build → deploy 串联。代价：失去"不 rebuild 只 redeploy"的 UI 单点触发，临时只想重启容器需直接 ssh NAS 跑 compose。`paths-ignore` 移除已不存在的 `deploy.yml` 项
+
+## 给后续 Claude 会话：CI 故障排查路径
+
+如果 Gitea Actions build 又炸，按 NAS 域问题 vs 仓库代码问题分别排查：
+
+| 现象 | 大概率位置 | 文档 |
+|---|---|---|
+| `Login to Gitea Container Registry` 步骤报 `x509: certificate signed by unknown authority` | NAS 网络层（iptables / dnsmasq / DSM nginx 占 443） | obsidian vault `NAS/notes/内网证书路径.md` + `NAS/notes/IPv6 设计.md` |
+| `Build and push` 步骤里 `RUN ...` 在第二条之内就炸 `unsafe procfs detected` 之类 | buildkit/runc 与 DSM 内核版本 | `.gitea/workflows/build-image.yml` 的 `driver-opts` |
+| `Failed to pass unit testing` / `Failed to pass lint checking`（build.sh 报） | **先看 Dockerfile 顶部 `ARG`**，多半是 CI 跳过开关没传（如 `BUILD_PIPELINE` / `CHECK_3RD_API` / `SKIP_TESTS`）。**不要先去改测试代码** | `Dockerfile` 顶部 ARG + `.gitea/workflows/build-image.yml` 的 `build-args` |
+| `actions/checkout` 报 fetch 失败 | Gitea SSH/HTTPS 路径或 token 权限 | gitea-runner 的 `GITEA_RUNNER_REGISTRATION_TOKEN` + NPM `git.zhengchentao.win` 的 Advanced 配置 |
+| Dockerfile 里某条指令业务逻辑报错 | 真正的代码问题 | 本仓库 `Dockerfile` |
+
+**通用排查原则**：build.sh 报的"测试失败 / lint 失败"先看是不是上游已经设计了 CI 跳过路径。Dockerfile 的 `ARG` + `build.sh` 内的 `os.Getenv()` 检查通常成对出现（如 `BUILD_PIPELINE=1` → 跳过 3rd API 测试，`SKIP_TESTS=...` → 跳过指定测试名）。对齐上游 `.github/actions/` 下的传参，绝大多数情况能直接对齐。
@@ -1,11 +1,15 @@
 # Build backend binary file
-FROM golang:1.24.4-alpine3.22 AS be-builder
+FROM golang:1.25.7-alpine3.23 AS be-builder
 ARG RELEASE_BUILD
 ARG BUILD_PIPELINE
+ARG BUILD_UNIXTIME
+ARG BUILD_DATE
 ARG CHECK_3RD_API
 ARG SKIP_TESTS
 ENV RELEASE_BUILD=$RELEASE_BUILD
 ENV BUILD_PIPELINE=$BUILD_PIPELINE
+ENV BUILD_UNIXTIME=$BUILD_UNIXTIME
+ENV BUILD_DATE=$BUILD_DATE
 ENV CHECK_3RD_API=$CHECK_3RD_API
 ENV SKIP_TESTS=$SKIP_TESTS
 WORKDIR /go/src/github.com/mayswind/ezbookkeeping
@@ -15,11 +19,15 @@ RUN apk add git gcc g++ libc-dev
 RUN ./build.sh backend

 # Build frontend files
-FROM --platform=$BUILDPLATFORM node:22.16.0-alpine3.22 AS fe-builder
+FROM --platform=$BUILDPLATFORM node:24.14.0-alpine3.23 AS fe-builder
 ARG RELEASE_BUILD
 ARG BUILD_PIPELINE
+ARG BUILD_UNIXTIME
+ARG BUILD_DATE
 ENV RELEASE_BUILD=$RELEASE_BUILD
 ENV BUILD_PIPELINE=$BUILD_PIPELINE
+ENV BUILD_UNIXTIME=$BUILD_UNIXTIME
+ENV BUILD_DATE=$BUILD_DATE
 WORKDIR /go/src/github.com/mayswind/ezbookkeeping
 COPY . .
 RUN docker/frontend-build-pre-setup.sh
@@ -27,7 +35,7 @@ RUN apk add git
 RUN ./build.sh frontend

 # Package docker image
-FROM alpine:3.22.0
+FROM alpine:3.23.3
 LABEL maintainer="MaysWind <i@mayswind.net>"
 RUN addgroup -S -g 1000 ezbookkeeping && adduser -S -G ezbookkeeping -u 1000 ezbookkeeping
 RUN apk --no-cache add tzdata
@@ -0,0 +1,190 @@
+# ezBookkeeping 个人 fork 改动清单
+
+> 本文件记录这个 fork 相对上游 [mayswind/ezbookkeeping](https://github.com/mayswind/ezbookkeeping) 的所有定制改动 + 进度状态。
+
+> 关联文档：
+> - [`CLAUDE.md`](CLAUDE.md) —— 仓库分支模型 / 上游同步流程 / CI 排查路径（meta 层）
+> - 部署：见自家 NAS infra repo `git.zhengchentao.win/dev/nas-infra` 的 README（compose-level）
+>
+> 标注：❌ 难/暂缓 | ❓ 待定 | 🔍 调查中 | 🟢 已完成
+
+---
+
+## 一、账户功能
+
+### 1. 🟢 信用卡账户：额度与可用额度
+**描述：** 为信用卡类型账户新增「信用额度」字段，在账户列表显示可用额度。
+
+**已完成：**
+- 后端：`AccountExtend` JSON blob 新增 `CreditLimit` 字段（无需数据库迁移）
+- API：`AccountCreateRequest` / `AccountModifyRequest` / `AccountInfoResponse` 增加 `creditLimit`
+- 前端 model：`Account` 类增加 `creditLimit` 字段，同步序列化/反序列化
+- 移动端 EditPage：CreditCard 分类时显示信用额度输入项（数字键盘）
+- 桌面端 EditDialog：CreditCard 分类时显示信用额度输入框（`amount-input`）
+- 移动端 ListPage：账户名下方显示「可用额度: ¥xxx」（= `creditLimit + balance`）
+- 桌面端 ListPage：账户卡片余额旁显示「Available: ¥xxx」
+- 语言包：中英繁均已添加 `"Credit Limit"` / `"Available"`
+
+### 2. 🟢 按账户筛选交易时顶部显示账户信息卡
+**描述：** 在按单个账户筛选的交易列表顶部，显示账户图标、名称和余额/可用额度。
+
+**已完成：**
+- 仅单账户筛选时（`queryAllFilterAccountIdsCount === 1`）显示，多账户/全量时隐藏
+- 信用卡账户显示「欠款 · 可用 ¥xxx」，普通账户显示余额
+- 移动端：toolbar 下方插入账户信息卡片；桌面端：日期范围行下方插入 tonal 样式账户卡片
+- 多子账户（`MultiSubAccounts`）一级账户：使用 `getAccountSubAccountBalance` 获取汇总余额及正确币种，修复 `currency = '---'` 导致货币符号不显示的问题
+- 涉及文件：`src/views/mobile/transactions/ListPage.vue`、`src/views/desktop/transactions/ListPage.vue`
+
+### 3. 🟢 账户编辑页直接修改余额（自动插入调整记录）
+**描述：** 在账户编辑页修改余额字段，保存时自动计算差值并插入一条「余额调整」类型交易。
+
+**已完成：**
+- 后端：移除「账户已有交易时不允许添加 ModifyBalance」的限制
+- 后端：`Amount` 与 `RelatedAccountAmount` 均存储 delta；创建时 `balance += delta`，删除时 `balance -= delta`，修改时 `balance = balance - oldDelta + newDelta`
+- 后端响应：`ToTransactionInfoResponse` 对 ModifyBalance 类型返回 `RelatedAccountAmount` 作为 `sourceAmount`
+- 前端 store：新增 `adjustAccountBalance({ accountId, targetBalance, currentBalance })` 函数，发送 `sourceAmount = delta`
+- 移动端 EditPage：余额字段对已有账户解除只读；保存时若余额变化先调 `adjustAccountBalance`；捕获 `NothingWillBeUpdated (200004)` 视为成功
+- 桌面端 EditDialog：同上逻辑，支持多子账户逐一调整
+- 「调整余额」入口仅在账户编辑页，已从账户列表「更多」菜单移除
+- 涉及文件：`pkg/services/transactions.go`、`pkg/models/transaction.go`、`src/stores/transaction.ts`、`src/views/mobile/accounts/EditPage.vue`、`src/views/desktop/accounts/list/dialogs/EditDialog.vue`
+
+---
+
+## 二、记账页面
+
+### 4. 🟢 记账页选择账户后显示余额/可用额度
+**描述：** 在记账页面选择账户后，在账户行显示该账户的当前余额或信用卡可用额度。
+
+**已完成：**
+- 信用卡账户（有 `creditLimit`）：显示「欠款金额 · 可用 ¥xxx」
+- 普通负债账户：显示欠款正数；普通资产账户：显示余额
+- 转账类型时源账户和目标账户均显示
+- 移动端：账户列表项 `footer` 字段；桌面端：`two-column-select` 的 `custom-selection-secondary-text`
+- 涉及文件：`src/views/mobile/transactions/EditPage.vue`、`src/views/desktop/transactions/list/dialogs/EditDialog.vue`
+
+### 5. ❓ 记录上次选择的账户（待定）
+**描述：** 新建交易时，默认选中上次使用的账户。
+
+**实现思路：**
+- 保存账户 ID 到 `localStorage`，打开记账页时读取并预选
+- 涉及文件：`src/views/mobile/transactions/EditPage.vue`、`src/lib/settings.ts`
+
+---
+
+## 三、小键盘
+
+### 6. 🟢 小键盘布局调整
+**描述：** 调整数字键盘布局。
+
+**已完成：**
+```
+[数值显示区              ] [ ⌫ ]
+  7     8     9      ×
+  4     5     6      −
+  1     2     3      +
+  C     0     .     OK
+```
+- ⌫ 单击退格；按住不放先删一位、约 500ms 后清空全部（长按响应细节见 #11 第二阶段）
+- C 一键清除全部
+- 涉及文件：`src/components/mobile/NumberPadSheet.vue`
+
+---
+
+## 四、交易详情
+
+### 7. 🟢 交易详情页增加「编辑」和「删除」入口（仅移动端）
+**描述：** 移动端交易详情页三点菜单中增加编辑和删除操作。PC 端详情直接在编辑弹窗中展示，无需额外入口。
+
+**已完成：**
+- 三点菜单：第一项「Edit」跳转编辑页，最后一项红色「Delete」确认后删除并返回
+- 从详情返回编辑页后自动刷新数据
+- 涉及文件：`src/views/mobile/transactions/EditPage.vue`
+
+---
+
+## 五、交易时间选择
+
+### 8. ❌ 点击交易时间标题默认打开日期选择（已回滚）
+**描述：** 原想让点击「Transaction Time」标题行时默认弹日期选择器。
+
+**为何回滚：** 改动改的是 `template #header` 那行 label 的点击 handler（`'time'` → `'date'`），实际操作中用户点的是 `template #title` 里的日期/时间文本。上游早在 commit `368322f9` 已实现"点哪走哪"的智能路由——点日期开日期选择器、点时间开时间选择器。所以这条改动**用户视角无可见差异**，纯空改，回滚到上游行为。
+
+**留档教训：** 改 UI 行为前先把"用户实际点哪个元素"摸清楚，别只看着 DOM 结构想当然。`#header` slot 只是上方的 label 行，正常用户极少触发。
+
+---
+
+## 六、分类选择
+
+### 9. 🟢 分类选择默认全部展开（仅移动端）
+**描述：** 在移动端记账页选择分类时，默认展开所有一级分类。PC 端使用不同的分类选择组件，无需此设置。
+
+**已完成：**
+- 设置存 localStorage（字段 `expandCategoryTreeByDefault`，默认 `false`），即时生效无需 reload；已加入云同步白名单（`ALL_ALLOWED_CLOUD_SYNC_APP_SETTING_KEY_TYPES`），可跨设备同步
+- `TreeViewSelectionSheet` 新增可选 prop `defaultExpanded`，`:opened` 改为 `props.defaultExpanded || isPrimaryItemHasSecondaryValue(item)`
+- 移动端 EditPage 三个分类 sheet（支出/收入/转账）均传入 `:default-expanded`
+- 设置仅在移动端设置页显示，PC 端无对应入口
+- 涉及文件：`src/components/mobile/TreeViewSelectionSheet.vue`、`src/views/mobile/transactions/EditPage.vue`、`src/views/mobile/SettingsPage.vue`
+
+---
+
+## 七、性能与动画
+
+### 10. 🟢 全局动画加速（仅移动端）
+**描述：** 移动端全局页面跳转及各类弹层动画加速。
+
+**已完成：**
+- 页面跳转、Sheet、ActionSheet、Popup、Dialog、Popover 动画时长从 300ms → 150ms
+- Tab 切换动画保持原样（设置中已有开关可控制）
+- 涉及文件：`src/styles/mobile/global.scss`
+
+### 11. 🟢 小键盘点击卡顿（三次修正）
+**描述：** 移动端小键盘点击有延迟感。
+
+**第一阶段（2026-05-02）`touch-action: none` 引发的 300ms 双击延迟：** 上游在 `.numpad-button` 上设了 `touch-action: none`（commit `e178a079` "code refactor" by MaysWind），与浏览器双击缩放检测叠加后保留了老式 300ms 点击延迟。
+- 修复：`.numpad-button` 的 `touch-action: none` 改为 `touch-action: manipulation`（W3C 标准"快速点击"值，禁双击缩放）
+
+**第二阶段（2026-05-08）退格键 `@taphold` 等待 750ms：** backspace 单点仍可感知延迟。根因是 `@click` + `@taphold` 让 F7 必须等 ~750ms 判别 tap vs hold，期间 click 被抑制。
+- 修复：弃用 `@click="backspace" @taphold="clear()"`，改为原生 `pointerdown`/`pointerup`/`pointercancel`/`pointerleave` + 自管定时器
+- 行为：单击立即删一位；按住不放先删一位、约 500ms 后清空全部
+
+**第三阶段（2026-05-08）所有数字/运算键也延迟：** 第一阶段修完后用户反馈数字键仍有"等一拍"感。怀疑 F7 整套 tap 处理（含 active-state 检测、`fastClicks` 兼容代码、tap-hold 全局监听）即便不显式声明 `@taphold` 也会给 `@click` 加上判别期。
+- 修复：把所有按键（数字 0-9、运算 ×−+、C 清空、小数点/双零、OK 确认）的 `@click` 全部换成 `@pointerdown.left`
+- 原理：`pointerdown` 在按下瞬间触发，绕开 F7 的 tap 合成路径。`.left` 修饰符限制只响应主键（触屏 button=0 始终满足，桌面右键不会误触发）
+- F7 的 `.active-state` 视觉反馈基于独立的 touchstart/touchend 监听，不依赖 `@click`，按下视觉效果保留
+
+涉及文件：`src/components/mobile/NumberPadSheet.vue`
+
+**附带认知：** 原 #11 假设是"全局点击响应慢"或"接口慢"，与 #12 离线缓存挂钩调研。实际诊断后跟那两条都无关——纯 F7 框架 tap 合成 + 双击缩放 + taphold 检测三者叠加。最终通过完全弃用 `@click` 改 pointer 事件解决。该认知值得记录避免后续误诊路径。
+
+---
+
+## 八、离线 / 缓存
+
+### 12. ❌ 本地优先 / 离线数据缓存（暂缓）
+**描述：** 交易数据本地缓存，优先展示缓存数据，后台静默拉取更新。
+
+**现状：** Service Worker 已实现静态资源缓存，但交易业务数据目前不做本地缓存。
+
+**为何难：**
+- 需引入 IndexedDB 存储交易/账户/分类数据
+- 需处理本地与服务端的数据同步、冲突解决
+- 属于架构级改动，工作量较大
+
+---
+
+## 进度总览
+
+| # | 需求 | 状态 |
+|---|------|------|
+| 1 | 信用卡额度 | 🟢 已完成 |
+| 2 | 账户信息卡片 | 🟢 已完成 |
+| 3 | 调整余额入口 | 🟢 已完成 |
+| 4 | 记账页显示余额 | 🟢 已完成 |
+| 5 | 记住上次账户 | ❓ 待定 |
+| 6 | 小键盘布局 | 🟢 已完成 |
+| 7 | 详情编辑/删除 | 🟢 已完成 |
+| 8 | 点击时间默认日期 | ❌ 已回滚（无效改动） |
+| 9 | 分类默认展开 | 🟢 已完成 |
+| 10 | 全局动画加速 | 🟢 已完成 |
+| 11 | 小键盘点击卡顿（touch-action 修复） | 🟢 已完成 |
+| 12 | 离线缓存 | ❌ 暂缓 |
@@ -1,6 +1,7 @@
 MIT License

-Copyright (c) 2020-2025 MaysWind (i@mayswind.net)
+Copyright (c) 2020-2026 MaysWind (i@mayswind.net)
+Copyright (c) 2026 Zhengchen Tao (fork modifications)

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -1,14 +1,44 @@
 # ezBookkeeping
+
+> ## Personal fork notice
+>
+> This repository is a personal fork of [mayswind/ezbookkeeping](https://github.com/mayswind/ezbookkeeping) (MIT) with the following custom additions on top of upstream releases:
+>
+> - **Credit card accounts**: credit-limit field; account list shows available credit
+> - **Account-filtered transactions**: when filtering by a single account, show an account info card on top (icon / name / balance / available credit)
+> - **Account editing**: edit the balance field directly; a "balance adjustment" transaction is generated automatically
+> - **Add-transaction page**: live display of balance or available credit after selecting an account
+> - **Numpad**: custom layout (4-column calculator style) + `touch-action` fix for tap latency
+> - **Mobile animations**: generic transitions 300ms → 150ms
+> - **Transaction detail**: edit / delete entries added to the mobile three-dot menu
+> - **Category picker**: optional "expand all by default" on mobile (cloud-sync allowlisted)
+>
+> Full list with implementation details: [`FORK.md`](FORK.md)
+> Branch model / upstream sync / CI troubleshooting: [`CLAUDE.md`](CLAUDE.md)
+>
+> All modifications are released under the same MIT License as upstream — see [`LICENSE`](LICENSE).
+>
+> ---
+>
+> Upstream README content follows below.
+
+---
+
 [![License](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/mayswind/ezbookkeeping/blob/master/LICENSE)
-[![Latest Build](https://img.shields.io/github/actions/workflow/status/mayswind/ezbookkeeping/docker-snapshot.yml?branch=main)](https://github.com/mayswind/ezbookkeeping/actions)
 [![Go Report](https://goreportcard.com/badge/github.com/mayswind/ezbookkeeping)](https://goreportcard.com/report/github.com/mayswind/ezbookkeeping)
-[![Latest Docker Image Size](https://img.shields.io/docker/image-size/mayswind/ezbookkeeping.svg?style=flat)](https://hub.docker.com/r/mayswind/ezbookkeeping)
 [![Latest Release](https://img.shields.io/github/release/mayswind/ezbookkeeping.svg?style=flat)](https://github.com/mayswind/ezbookkeeping/releases)
+[![Latest Build](https://img.shields.io/github/actions/workflow/status/mayswind/ezbookkeeping/build-snapshot.yml?branch=main)](https://github.com/mayswind/ezbookkeeping/actions)
+[![Latest Docker Image Size](https://img.shields.io/docker/image-size/mayswind/ezbookkeeping.svg?style=flat)](https://hub.docker.com/r/mayswind/ezbookkeeping)
+[![Docker Pulls](https://img.shields.io/docker/pulls/mayswind/ezbookkeeping)](https://hub.docker.com/r/mayswind/ezbookkeeping)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/mayswind/ezbookkeeping)
+
+[![Recommend By HelloGitHub](https://api.hellogithub.com/v1/widgets/recommend.svg?rid=ded5af09da574ec1811ddb154f1b2093&claim_uid=LT7EZxeBukCnh0K)](https://hellogithub.com/en/repository/mayswind/ezbookkeeping)
+[![Trending](https://trendshift.io/api/badge/repositories/12917)](https://trendshift.io/repositories/12917)

 ## Introduction
-ezBookkeeping is a lightweight, self-hosted personal finance app with a sleek, user-friendly interface and powerful bookkeeping features. Built with simplicity and portability in mind, it's easy to deploy, easy to use, and requires minimal system resources — perfect for microservers, NAS devices, and even Raspberry Pi.
+ezBookkeeping is a lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features. It helps you record daily transactions, import data from various sources, and quickly search and filter your bills. You can analyze historical data using built-in charts or perform custom queries with your own chart dimensions to better understand spending patterns and financial trends. ezBookkeeping is easy to deploy, and you can start it with just one single Docker command. Designed to be resource-efficient, it runs smoothly on devices such as Raspberry Pi, NAS, and MicroServers.

-The app is fully cross-platform and device-friendly — you can use it seamlessly on **mobile, tablet, and desktop devices**. With support for PWA (Progressive Web Apps), you can even [add it to your mobile home screen](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/add_to_home_screen.gif) and use it like a native app.
+ezBookkeeping offers tailored interfaces for both mobile and desktop devices. With support for PWA (Progressive Web Apps), you can even [add it to your mobile home screen](https://raw.githubusercontent.com/wiki/mayswind/ezbookkeeping/img/mobile/add_to_home_screen.gif) and use it like a native app.

 Live Demo: [https://ezbookkeeping-demo.mayswind.net](https://ezbookkeeping-demo.mayswind.net)

@@ -16,9 +46,9 @@ Live Demo: [https://ezbookkeeping-demo.mayswind.net](https://ezbookkeeping-demo.
 - **Open Source & Self-Hosted**
    - Built for privacy and control
 - **Lightweight & Fast**
-    - Optimized for performance, runs smoothly even on low-resource environments
+    - Minimal resource usage, runs smoothly even on low-resource devices
 - **Easy Installation**
-    - Docker-ready
+    - Docker support
    - Supports SQLite, MySQL, PostgreSQL
    - Cross-platform (Windows, macOS, Linux)
    - Works on x86, amd64, ARM architectures
@@ -27,24 +57,29 @@ Live Demo: [https://ezbookkeeping-demo.mayswind.net](https://ezbookkeeping-demo.
    - PWA support for native-like mobile experience
    - Dark mode
 - **AI-Powered Features**
-    - Supports MCP (Model Context Protocol) for AI integration
+    - Receipt image recognition
+    - MCP (Model Context Protocol) support for AI integration
+    - Agent Skill and API command-line script tools support for AI integration
 - **Powerful Bookkeeping**
    - Two-level accounts and categories
-    - Attach images to transactions
+    - Image attachments for transactions
    - Location tracking with maps
-    - Recurring transactions
-    - Advanced filtering, search, visualization, and analysis
- **Localization & Globalization**
+    - Scheduled transactions
+    - Advanced filtering, search, visualization and analysis
+- **Localization & Internationalization**
    - Multi-language and multi-currency support
-    - Automatic exchange rates
-    - Multi-timezone awareness
-    - Custom formats for dates, numbers, and currencies
+    - Multiple exchange rate sources with automatic updates
+    - Multi-timezone support
+    - Custom formats for dates, numbers and currencies
 - **Security**
    - Two-factor authentication (2FA)
+    - OIDC external authentication
    - Login rate limiting
    - Application lock (PIN code / WebAuthn)
- **Data Import/Export**
-    - Supports CSV, OFX, QFX, QIF, IIF, Camt.053, MT940, GnuCash, Firefly III, Beancount, and more
+- **Data Import & Export**
+    - Supports CSV, OFX, QFX, QIF, IIF, Camt.052, Camt.053, MT940, GnuCash, Firefly III, Beancount and more
+
+For a full list of features, visit the [Full Feature List](https://ezbookkeeping.mayswind.net/comparison/).

 ## Screenshots
 ### Desktop Version
@@ -79,7 +114,7 @@ Download the latest release: [https://github.com/mayswind/ezbookkeeping/releases
 By default, ezBookkeeping listens on port 8080. You can then visit `http://{YOUR_HOST_ADDRESS}:8080/` .

 ### Build from Source
-Make sure you have [Golang](https://golang.org/), [GCC](http://gcc.gnu.org/), [Node.js](https://nodejs.org/) and [NPM](https://www.npmjs.com/) installed. Then download the source code, and follow these steps:
+Make sure you have [Golang](https://golang.org/), [GCC](https://gcc.gnu.org/), [Node.js](https://nodejs.org/) and [NPM](https://www.npmjs.com/) installed. Then download the source code, and follow these steps:

 **Linux / macOS**

@@ -91,6 +126,10 @@ All the files will be packaged in `ezbookkeeping.tar.gz`.

    > .\build.bat package -o ezbookkeeping.zip

+or
+
+    PS > .\build.ps1 package -Output ezbookkeeping.zip
+
 All the files will be packaged in `ezbookkeeping.zip`.

 You can also build a Docker image. Make sure you have [Docker](https://www.docker.com/) installed, then follow these steps:
@@ -100,40 +139,46 @@ You can also build a Docker image. Make sure you have [Docker](https://www.docke
    $ ./build.sh docker

 ## Contributing
-We welcome contributions of all kinds!
+We welcome contributions of all kinds.

-Found a bug? [Submit an issue](https://github.com/mayswind/ezbookkeeping/issues)
+If you find a bug, please [submit an issue](https://github.com/mayswind/ezbookkeeping/issues) on GitHub.

-Want to contribute code? Feel free to fork and send a pull request.
+If you would like to contribute code, you can fork the repository and open a pull request.

-Contributions of all kinds — bug reports, feature suggestions, documentation improvements, or code — are highly appreciated.
+Improvements to documentation, feature suggestions, and other forms of feedback are also appreciated.

-Check out our [Contributor Graph](https://github.com/mayswind/ezbookkeeping/graphs/contributors) to see the amazing people who’ve already helped.
+You can view existing contributors on the [Contributor Graph](https://github.com/mayswind/ezbookkeeping/graphs/contributors).

 ## Translating
-Help make ezBookkeeping accessible to users around the world! If you want to contribute a translation, please refer to our [translation guide](https://ezbookkeeping.mayswind.net/translating).
+Help make ezBookkeeping accessible to users around the world. We welcome help to improve existing translations or add new ones. If you would like to contribute a translation, please refer to the [translation guide](https://ezbookkeeping.mayswind.net/translating).

 Currently available translations:

-| Tag | Language | Contributors |
-| --- | --- | --- |
-| de | Deutsch | [@chrgm](https://github.com/chrgm) |
-| en | English | / |
-| es | Español | [@Miguelonlonlon](https://github.com/Miguelonlonlon) |
-| it | Italiano | [@waron97](https://github.com/waron97) |
-| ja | 日本語 | [@tkymmm](https://github.com/tkymmm) |
-| pt-BR | Português (Brasil) | [@thecodergus](https://github.com/thecodergus) |
-| ru | Русский | [@artegoser](https://github.com/artegoser) |
-| uk | Українська | [@nktlitvinenko](https://github.com/nktlitvinenko) |
-| vi | Tiếng Việt | [@f97](https://github.com/f97) |
-| zh-Hans | 中文 (简体) | / |
-| zh-Hant | 中文 (繁體) | / |
-
-Don't see your language? Help us add it!
+| Tag | Language | Progress | Contributors |
+| --- | --- | --- | --- |
+| de | Deutsch | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fde.json) | [@chrgm](https://github.com/chrgm), [@1270o1](https://github.com/1270o1) |
+| en | English | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fen.json) | / |
+| es | Español | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fes.json) | [@Miguelonlonlon](https://github.com/Miguelonlonlon), [@abrugues](https://github.com/abrugues), [@AndresTeller](https://github.com/AndresTeller), [@diegofercri](https://github.com/diegofercri) |
+| fr | Français | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Ffr.json) | [@brieucdlf](https://github.com/brieucdlf) |
+| it | Italiano | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fit.json) | [@waron97](https://github.com/waron97) |
+| ja | 日本語 | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fja.json) | [@tkymmm](https://github.com/tkymmm) |
+| kn | ಕನ್ನಡ | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fkn.json) | [@Darshanbm05](https://github.com/Darshanbm05) |
+| ko | 한국어 | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fko.json) | [@overworks](https://github.com/overworks) |
+| nl | Nederlands | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fnl.json) | [@automagics](https://github.com/automagics) |
+| pt-BR | Português (Brasil) | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fpt-BR.json) | [@thecodergus](https://github.com/thecodergus), [@balaios](https://github.com/balaios) |
+| ru | Русский | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fru.json) | [@artegoser](https://github.com/artegoser), [@dshemin](https://github.com/dshemin) |
+| sl | Slovenščina | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fsl.json) | [@thehijacker](https://github.com/thehijacker) |
+| ta | தமிழ் | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fta.json) | [@hhharsha36](https://github.com/hhharsha36) |
+| th | ไทย | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fth.json) | [@natthavat28](https://github.com/natthavat28) |
+| tr | Türkçe | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Ftr.json) | [@aydnykn](https://github.com/aydnykn) |
+| uk | Українська | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fuk.json) | [@nktlitvinenko](https://github.com/nktlitvinenko) |
+| vi | Tiếng Việt | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fvi.json) | [@f97](https://github.com/f97) |
+| zh-Hans | 中文 (简体) | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fzh-Hans.json) | / |
+| zh-Hant | 中文 (繁體) | ![Translation Progress](https://img.shields.io/endpoint?url=https%3A%2F%2Fraw.githubusercontent.com%2Fmayswind%2FezBookkeeping-i18n-badge%2Fmain%2Fbadges%2Fzh-Hant.json) | / |

 ## Documentation
-1. [English](http://ezbookkeeping.mayswind.net)
-1. [中文 (简体)](http://ezbookkeeping.mayswind.net/zh_Hans)
+1. [English](https://ezbookkeeping.mayswind.net)
+1. [中文 (简体)](https://ezbookkeeping.mayswind.net/zh_Hans)

 ## License
 [MIT](https://github.com/mayswind/ezbookkeeping/blob/master/LICENSE)
@@ -8,8 +8,8 @@ set "RELEASE=%RELEASE_BUILD%"
 set "RELEASE_TYPE=unknown"
 set "VERSION="
 set "COMMIT_HASH="
-set "BUILD_UNIXTIME="
-set "BUILD_DATE="
+set "BUILD_UNIXTIME=%BUILD_UNIXTIME%"
+set "BUILD_DATE=%BUILD_DATE%"
 set "PACKAGE_FILENAME="
 for /f %%a in ('"prompt $E$S & echo on & for %%b in (1) do rem"') do set "ESC=%%a"

@@ -112,9 +112,15 @@ goto :pre_parse_args
    set VERSION=%VERSION: =%
    set VERSION=%VERSION:,=%
    set VERSION=%VERSION:"=%
-    for /f %%x in ('git rev-parse --short HEAD') do set "COMMIT_HASH=%%x"
-    call :set_unixtime BUILD_UNIXTIME
-    call :set_date BUILD_DATE
+    for /f %%x in ('git rev-parse --short^=7 HEAD') do set "COMMIT_HASH=%%x"
+
+    if "%BUILD_UNIXTIME%"=="" (
+        call :set_unixtime BUILD_UNIXTIME
+    )
+
+    if "%BUILD_DATE%"=="" (
+        call :set_date BUILD_DATE
+    )

 :main
    if "%TYPE%"=="backend"  call :build_backend & goto :end
@@ -261,7 +267,7 @@ goto :pre_parse_args
        goto :end
    )

-    call 7z a -r -tzip -mx9 ..\%package_file_name% package *
+    call 7z a -r -tzip -mx9 ..\%package_file_name% *

    cd ..
    endlocal
@@ -0,0 +1,237 @@
+param(
+    [string]$Type,
+    [switch]$NoLint,
+    [switch]$NoTest,
+    [string]$Output,
+    [switch]$Release,
+    [switch]$Help
+)
+
+$script:SkipTests = $env:SKIP_TESTS
+$script:ReleaseType = "unknown"
+$script:Version = ""
+$script:CommitHash = ""
+$script:BuildUnixTime = $env:BUILD_UNIXTIME
+$script:BuildDate = $env:BUILD_DATE
+
+function Write-Red($msg) {
+    Write-Host $msg -ForegroundColor Red
+}
+
+function Check-Dependency {
+    param([string[]]$commands)
+    foreach ($cmd in $commands) {
+        if (-not (Get-Command $cmd -ErrorAction SilentlyContinue)) {
+            Write-Red "Error: `"$cmd`" is required."
+            exit 127
+        }
+    }
+}
+
+function Show-Help {
+    Write-Host "ezBookkeeping build script for Windows PowerShell"
+    Write-Host ""
+    Write-Host "Usage:"
+    Write-Host "    build.ps1 type [options]"
+    Write-Host ""
+    Write-Host "Types:"
+    Write-Host "    backend            Build backend binary file"
+    Write-Host "    frontend           Build frontend files"
+    Write-Host "    package            Build package archive"
+    Write-Host ""
+    Write-Host "Options:"
+    Write-Host "    -Release           Build release (The script will use environment variable `"RELEASE_BUILD`" to detect whether this is release building by default)"
+    Write-Host "    -Output <filename> Package file name (for `"package`" type only)"
+    Write-Host "    -NoLint            Do not execute lint check before building"
+    Write-Host "    -NoTest            Do not execute unit testing before building (You can use environment variable `"SKIP_TESTS`" to skip specified tests)"
+    Write-Host "    -Help              Show help"
+}
+
+function Parse-Args {
+    if (-not $Type) {
+        Show-Help
+        exit 0
+    }
+
+    if ($Release -or $env:RELEASE_BUILD) {
+        $script:ReleaseType = "release"
+    } else {
+        $script:ReleaseType = "snapshot"
+    }
+}
+
+function Check-Type-Dependencies {
+    Check-Dependency "git"
+
+    switch ($Type.ToLower()) {
+        "backend"  {
+            Check-Dependency "go","gcc"
+        }
+        "frontend" {
+            Check-Dependency "node","npm"
+        }
+        "package"  {
+            Check-Dependency "go","gcc","node","npm","7z"
+        }
+    }
+}
+
+function Set-Build-Parameters {
+    $script:Version = (Get-Content package.json | ConvertFrom-Json).version
+    $script:CommitHash = git rev-parse --short=7 HEAD
+
+    if (-not $BuildUnixTime) {
+        $script:BuildUnixTime = [int][double]::Parse((Get-Date -UFormat %s))
+    }
+
+    if (-not $BuildDate) {
+        $script:BuildDate = Get-Date -Format "yyyyMMdd"
+    }
+}
+
+function Build-Backend {
+    Write-Host "Pulling backend dependencies..."
+    go get .
+
+    if (-not $NoLint) {
+        Write-Host "Executing backend lint checking..."
+        go vet -v .\...
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass lint checking"
+            exit 1
+        }
+    }
+
+    if (-not $NoTest) {
+        Write-Host "Executing backend unit testing..."
+        go clean -cache
+
+        if (-not $SkipTests) {
+            go test .\... -v
+        } else {
+            Write-Host "(Skip unit test `"$SkipTests`")"
+            go test .\... -v -skip "$SkipTests"
+        }
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass unit testing"
+            exit 1
+        }
+    }
+
+    $backend_build_extra_arguments = "-X main.Version=$Version "
+    $backend_build_extra_arguments = "$backend_build_extra_arguments -X main.CommitHash=$CommitHash"
+
+    if (-not $Release) {
+        $backend_build_extra_arguments += " -X main.BuildUnixTime=$BuildUnixTime"
+    }
+
+    Write-Host "Building backend binary file ($ReleaseType)..."
+
+    $env:CGO_ENABLED = 1
+    go build -a -v -trimpath -tags timetzdata -ldflags "-w -s -linkmode external -extldflags '-static' $backend_build_extra_arguments" -o ezbookkeeping.exe ezbookkeeping.go
+
+    Remove-Item Env:\CGO_ENABLED -ErrorAction SilentlyContinue
+}
+
+function Build-Frontend {
+    Write-Host "Pulling frontend dependencies..."
+    npm install
+
+    if (-not $NoLint) {
+        Write-Host "Executing frontend lint checking..."
+        npm run lint
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass lint checking"
+            exit 1
+        }
+    }
+
+    if (-not $NoTest) {
+        Write-Host "Executing frontend unit testing..."
+
+        npm run test
+
+        if ($LASTEXITCODE -ne 0) {
+            Write-Red "Error: Failed to pass unit testing"
+            exit 1
+        }
+    }
+
+    Write-Host "Building frontend files ($ReleaseType)..."
+
+    if (-not $Release) {
+        $env:buildUnixTime = $BuildUnixTime
+        npm run build
+        Remove-Item Env:\buildUnixTime -ErrorAction SilentlyContinue
+    } else {
+        npm run build
+    }
+}
+
+function Build-Package {
+    $packageFileName = "ezbookkeeping-$Version"
+
+    if (-not $Release) {
+        $packageFileName = "$packageFileName-$BuildDate"
+    }
+
+    $packageFileName = "$packageFileName-windows.zip"
+
+    if ($Output) {
+        $packageFileName = $Output
+    }
+
+    Write-Host "Building package archive '$packageFileName' ($ReleaseType)..."
+
+    Build-Backend
+    Build-Frontend
+
+    Remove-Item package -Recurse -Force -ErrorAction SilentlyContinue
+    New-Item -ItemType Directory -Path "package"
+    New-Item -ItemType Directory -Path "package\data"
+    New-Item -ItemType Directory -Path "package\storage"
+    New-Item -ItemType Directory -Path "package\log"
+
+    Copy-Item ezbookkeeping.exe package\
+    Copy-Item dist package\public -Recurse
+    Copy-Item conf package\conf -Recurse
+    Copy-Item templates package\templates -Recurse
+    Copy-Item LICENSE package\
+
+    Push-Location package
+    7z a -r -tzip -mx9 "..\$packageFileName" *
+    Pop-Location
+}
+
+function Main {
+    if ($Help) {
+        Show-Help
+        exit 0
+    }
+
+    Parse-Args
+    Check-Type-Dependencies
+    Set-Build-Parameters
+
+    switch ($Type) {
+        "backend"  {
+            Build-Backend
+        }
+        "frontend" {
+            Build-Frontend
+        }
+        "package"  {
+            Build-Package
+        }
+        default    {
+            Write-Red "Invalid type: $Type"
+            Show-Help
+            exit 2
+        }
+    }
+}
+
+Main
@@ -8,7 +8,8 @@ RELEASE=${RELEASE_BUILD:-"0"}
 RELEASE_TYPE="unknown"
 VERSION=""
 COMMIT_HASH=""
-BUILD_UNIXTIME=""
+BUILD_UNIXTIME="${BUILD_UNIXTIME}"
+BUILD_DATE="${BUILD_DATE}"
 PACKAGE_FILENAME=""
 DOCKER_TAG=""

@@ -117,8 +118,15 @@ check_type_dependencies() {

 set_build_parameters() {
    VERSION="$(grep '"version": ' package.json | awk -F ':' '{print $2}' | tr -d ' ' | tr -d ',' | tr -d '"')"
-    COMMIT_HASH="$(git rev-parse --short HEAD)"
-    BUILD_UNIXTIME="$(date '+%s')"
+    COMMIT_HASH="$(git rev-parse --short=7 HEAD)"
+
+    if [ -z "$BUILD_UNIXTIME" ]; then
+        BUILD_UNIXTIME="$(date '+%s')"
+    fi
+
+    if [ -z "$BUILD_DATE" ]; then
+        BUILD_DATE="$(date '+%Y%m%d')"
+    fi
 }

 build_backend() {
@@ -203,7 +211,7 @@ build_package() {
    package_file_name="$VERSION";

    if [ "$RELEASE" = "0" ]; then
-        package_file_name="$package_file_name-$(date '+%Y%m%d')"
+        package_file_name="$package_file_name-$BUILD_DATE"
    fi

    package_file_name="ezbookkeeping-$package_file_name-$(arch).tar.gz"
@@ -237,7 +245,7 @@ build_docker() {
    docker_tag="$VERSION"

    if [ "$RELEASE" = "0" ]; then
-        docker_tag="SNAPSHOT-$(date '+%Y%m%d')";
+        docker_tag="SNAPSHOT-$BUILD_DATE";
    fi

    docker_tag="ezbookkeeping:$docker_tag"
@@ -101,6 +101,14 @@ func updateAllDatabaseTablesStructure(c *core.CliContext) error {

 	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction category table maintained successfully")

+	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTagGroup))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] transaction tag group table maintained successfully")
+
 	err = datastore.Container.UserDataStore.SyncStructs(new(models.TransactionTag))

 	if err != nil {
@@ -149,5 +157,21 @@ func updateAllDatabaseTablesStructure(c *core.CliContext) error {

 	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user application cloud settings table maintained successfully")

+	err = datastore.Container.UserDataStore.SyncStructs(new(models.UserExternalAuth))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] user external auth table maintained successfully")
+
+	err = datastore.Container.UserDataStore.SyncStructs(new(models.InsightsExplorer))
+
+	if err != nil {
+		return err
+	}
+
+	log.BootInfof(c, "[database.updateAllDatabaseTablesStructure] insights explorer table maintained successfully")
+
 	return nil
 }
@@ -9,6 +9,7 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/datastore"
 	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/exchangerates"
+	"github.com/mayswind/ezbookkeeping/pkg/llm"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/mail"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
@@ -90,6 +91,15 @@ func initializeSystem(c *core.CliContext) (*settings.Config, error) {
 		return nil, err
 	}

+	err = llm.InitializeLargeLanguageModelProvider(config)
+
+	if err != nil {
+		if !isDisableBootLog {
+			log.BootErrorf(c, "[initializer.initializeSystem] initializes large language model provider failed, because %s", err.Error())
+		}
+		return nil, err
+	}
+
 	err = uuid.InitializeUuidGenerator(config)

 	if err != nil {
@@ -152,11 +162,63 @@ func getConfigWithoutSensitiveData(config *settings.Config) *settings.Config {
 		return config
 	}

-	clonedConfig.DatabaseConfig.DatabasePassword = "****"
-	clonedConfig.SMTPConfig.SMTPPasswd = "****"
-	clonedConfig.MinIOConfig.SecretAccessKey = "****"
-	clonedConfig.SecretKey = "****"
-	clonedConfig.AmapApplicationSecret = "****"
+	if clonedConfig.DatabaseConfig.DatabasePassword != "" {
+		clonedConfig.DatabaseConfig.DatabasePassword = "****"
+	}
+
+	if clonedConfig.SMTPConfig.SMTPPasswd != "" {
+		clonedConfig.SMTPConfig.SMTPPasswd = "****"
+	}
+
+	if clonedConfig.MinIOConfig.SecretAccessKey != "" {
+		clonedConfig.MinIOConfig.SecretAccessKey = "****"
+	}
+
+	if clonedConfig.SecretKey != "" {
+		clonedConfig.SecretKey = "****"
+	}
+
+	if clonedConfig.AmapApplicationSecret != "" {
+		clonedConfig.AmapApplicationSecret = "****"
+	}
+
+	if clonedConfig.WebDAVConfig != nil && clonedConfig.WebDAVConfig.Password != "" {
+		clonedConfig.WebDAVConfig.Password = "****"
+	}
+
+	if clonedConfig.ReceiptImageRecognitionLLMConfig != nil {
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAIAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAIAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAICompatibleAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenAICompatibleAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicCompatibleAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicCompatibleAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.AnthropicAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.OpenRouterAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.OpenRouterAPIKey = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.LMStudioToken != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.LMStudioToken = "****"
+		}
+
+		if clonedConfig.ReceiptImageRecognitionLLMConfig.GoogleAIAPIKey != "" {
+			clonedConfig.ReceiptImageRecognitionLLMConfig.GoogleAIAPIKey = "****"
+		}
+	}
+
+	if clonedConfig.OAuth2ClientSecret != "" {
+		clonedConfig.OAuth2ClientSecret = "****"
+	}

 	return clonedConfig
 }
@@ -264,7 +264,26 @@ var UserData = &cli.Command{
 					Name:     "type",
 					Aliases:  []string{"t"},
 					Required: false,
-					Usage:    "Specific token type, supports \"normal\" and \"mcp\", default is \"normal\"",
+					Usage:    "Specific token type, supports \"api\" and \"mcp\", default is \"api\"",
+				},
+				&cli.Int64Flag{
+					Name:     "expiresInSeconds",
+					Aliases:  []string{"e"},
+					Required: true,
+					Usage:    "Token expiration time in seconds (0 - 4294967295, 0 means no expiration).",
+				},
+			},
+		},
+		{
+			Name:   "user-session-revoke",
+			Usage:  "Revoke the specified user session",
+			Action: bindAction(revokeUserToken),
+			Flags: []cli.Flag{
+				&cli.StringFlag{
+					Name:     "token",
+					Aliases:  []string{"t"},
+					Required: false,
+					Usage:    "Specific token content",
 				},
 			},
 		},
@@ -709,17 +728,23 @@ func createNewUserToken(c *core.CliContext) error {

 	username := c.String("username")
 	tokenType := c.String("type")
+	expiresInSeconds := c.Int64("expiresInSeconds")

 	if tokenType == "" {
-		tokenType = "normal"
+		tokenType = "api"
 	}

-	if tokenType != "normal" && tokenType != "mcp" {
+	if tokenType != "api" && tokenType != "mcp" {
 		log.CliErrorf(c, "[user_data.createNewUserToken] token type is invalid")
 		return nil
 	}

-	token, tokenString, err := clis.UserData.CreateNewUserToken(c, username, tokenType)
+	if expiresInSeconds < 0 || expiresInSeconds > 4294967295 {
+		log.CliErrorf(c, "[user_data.createNewUserToken] expiresInSeconds is out of range (0 - 4294967295)")
+		return nil
+	}
+
+	token, tokenString, err := clis.UserData.CreateNewUserToken(c, username, tokenType, expiresInSeconds)

 	if err != nil {
 		log.CliErrorf(c, "[user_data.createNewUserToken] error occurs when creating user token")
@@ -732,6 +757,26 @@ func createNewUserToken(c *core.CliContext) error {
 	return nil
 }

+func revokeUserToken(c *core.CliContext) error {
+	_, err := initializeSystem(c)
+
+	if err != nil {
+		return err
+	}
+
+	token := c.String("token")
+	err = clis.UserData.RevokeUserToken(c, token)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.revokeUserToken] error occurs when revoking user token")
+		return err
+	}
+
+	log.CliInfof(c, "[user_data.revokeUserToken] the specified user token has been revoked successfully")
+
+	return nil
+}
+
 func clearUserTokens(c *core.CliContext) error {
 	_, err := initializeSystem(c)

@@ -913,15 +958,18 @@ func printUserInfo(user *models.User) {
 	fmt.Printf("[DefaultCurrency] %s\n", user.DefaultCurrency)
 	fmt.Printf("[FirstDayOfWeek] %s (%d)\n", user.FirstDayOfWeek, user.FirstDayOfWeek)
 	fmt.Printf("[FiscalYearStart] %s (%d)\n", user.FiscalYearStart, user.FiscalYearStart)
+	fmt.Printf("[CalendarDisplayType] %s (%d)\n", user.CalendarDisplayType, user.CalendarDisplayType)
+	fmt.Printf("[DateDisplayType] %s (%d)\n", user.DateDisplayType, user.DateDisplayType)
 	fmt.Printf("[LongDateFormat] %s (%d)\n", user.LongDateFormat, user.LongDateFormat)
 	fmt.Printf("[ShortDateFormat] %s (%d)\n", user.ShortDateFormat, user.ShortDateFormat)
 	fmt.Printf("[LongTimeFormat] %s (%d)\n", user.LongTimeFormat, user.LongTimeFormat)
 	fmt.Printf("[ShortTimeFormat] %s (%d)\n", user.ShortTimeFormat, user.ShortTimeFormat)
 	fmt.Printf("[FiscalYearFormat] %s (%d)\n", user.FiscalYearFormat, user.FiscalYearFormat)
+	fmt.Printf("[CurrencyDisplayType] %s (%d)\n", user.CurrencyDisplayType, user.CurrencyDisplayType)
+	fmt.Printf("[NumeralSystem] %s (%d)\n", user.NumeralSystem, user.NumeralSystem)
 	fmt.Printf("[DecimalSeparator] %s (%d)\n", user.DecimalSeparator, user.DecimalSeparator)
 	fmt.Printf("[DigitGroupingSymbol] %s (%d)\n", user.DigitGroupingSymbol, user.DigitGroupingSymbol)
 	fmt.Printf("[DigitGrouping] %s (%d)\n", user.DigitGrouping, user.DigitGrouping)
-	fmt.Printf("[CurrencyDisplayType] %s (%d)\n", user.CurrencyDisplayType, user.CurrencyDisplayType)
 	fmt.Printf("[CoordinateDisplayType] %s (%d)\n", user.CoordinateDisplayType, user.CoordinateDisplayType)
 	fmt.Printf("[ExpenseAmountColor] %s (%d)\n", user.ExpenseAmountColor, user.ExpenseAmountColor)
 	fmt.Printf("[IncomeAmountColor] %s (%d)\n", user.IncomeAmountColor, user.IncomeAmountColor)
@@ -81,13 +81,13 @@ func sendTestMail(c *core.CliContext) error {
 		return err
 	}

-	if !config.EnableSMTP || mail.Container.Current == nil {
+	if !config.EnableSMTP {
 		return errs.ErrSMTPServerNotEnabled
 	}

 	toAddress := c.String("to")

-	err = mail.Container.Current.SendMail(&mail.MailMessage{
+	err = mail.Container.SendMail(&mail.MailMessage{
 		To:      toAddress,
 		Subject: "ezBookkeeping test e-mail",
 		Body:    "This is a test e-mail",
@@ -15,6 +15,7 @@ import (
 	"github.com/urfave/cli/v3"

 	"github.com/mayswind/ezbookkeeping/pkg/api"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/cron"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
@@ -72,6 +73,13 @@ func startWebServer(c *core.CliContext) error {
 		return err
 	}

+	err = oauth2.InitializeOAuth2Provider(config)
+
+	if err != nil {
+		log.BootErrorf(c, "[webserver.startWebServer] initializes oauth 2.0 provider failed, because %s", err.Error())
+		return err
+	}
+
 	err = cron.InitializeCronJobSchedulerContainer(c, config, true)

 	if err != nil {
@@ -79,7 +87,7 @@ func startWebServer(c *core.CliContext) error {
 		return err
 	}

-	serverInfo := fmt.Sprintf("current server id is %d, current instance id is %d", requestid.Container.Current.GetCurrentServerUniqId(), requestid.Container.Current.GetCurrentInstanceUniqId())
+	serverInfo := fmt.Sprintf("current server id is %d, current instance id is %d", requestid.Container.GetCurrentServerUniqId(), requestid.Container.GetCurrentInstanceUniqId())
 	uuidServerInfo := ""
 	if config.UuidGeneratorType == settings.InternalUuidGeneratorType {
 		uuidServerInfo = fmt.Sprintf(", current uuid server id is %d", config.UuidServerId)
@@ -104,9 +112,11 @@ func startWebServer(c *core.CliContext) error {
 		_ = v.RegisterValidation("notBlank", validators.NotBlank)
 		_ = v.RegisterValidation("validUsername", validators.ValidUsername)
 		_ = v.RegisterValidation("validEmail", validators.ValidEmail)
+		_ = v.RegisterValidation("validNickname", validators.ValidNickname)
 		_ = v.RegisterValidation("validCurrency", validators.ValidCurrency)
 		_ = v.RegisterValidation("validHexRGBColor", validators.ValidHexRGBColor)
 		_ = v.RegisterValidation("validAmountFilter", validators.ValidAmountFilter)
+		_ = v.RegisterValidation("validTagFilter", validators.ValidTagFilter)
 		_ = v.RegisterValidation("validFiscalYearStart", validators.ValidateFiscalYearStart)
 	}

@@ -167,7 +177,7 @@ func startWebServer(c *core.CliContext) error {

 	if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
 		avatarRoute := router.Group("/avatar")
-		avatarRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString))
+		avatarRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
 		{
 			avatarRoute.GET("/:fileName", bindImage(api.Users.UserGetAvatarHandler))
 		}
@@ -175,7 +185,7 @@ func startWebServer(c *core.CliContext) error {

 	if config.EnableTransactionPictures {
 		pictureRoute := router.Group("/pictures")
-		pictureRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString))
+		pictureRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
 		{
 			pictureRoute.GET("/:fileName", bindImage(api.TransactionPictures.TransactionPictureGetHandler))
 		}
@@ -184,7 +194,7 @@ func startWebServer(c *core.CliContext) error {
 	router.GET("/healthz.json", bindApi(api.Healths.HealthStatusHandler))

 	proxyRoute := router.Group("/proxy")
-	proxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString))
+	proxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByQueryString(config)))
 	{
 		if config.EnableMapDataFetchProxy {
 			if config.MapProvider == settings.OpenStreetMapProvider ||
@@ -208,7 +218,7 @@ func startWebServer(c *core.CliContext) error {

 	if config.MapProvider == settings.AmapProvider && config.AmapSecurityVerificationMethod == settings.AmapSecurityVerificationInternalProxyMethod {
 		amapApiProxyRoute := router.Group("/_AMapService")
-		amapApiProxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByCookie))
+		amapApiProxyRoute.Use(bindMiddleware(middlewares.JWTAuthorizationByCookie(config)))
 		{
 			amapApiProxyRoute.GET("/*action", bindProxy(api.AmapApis.AmapApiProxyHandler))
 		}
@@ -226,7 +236,7 @@ func startWebServer(c *core.CliContext) error {
 		mcpRoute.Use(bindMiddleware(middlewares.RequestId(config)))
 		mcpRoute.Use(bindMiddleware(middlewares.RequestLog))
 		mcpRoute.Use(bindMiddleware(middlewares.MCPServerIpLimit(config)))
-		mcpRoute.Use(bindMiddleware(middlewares.JWTMCPAuthorization))
+		mcpRoute.Use(bindMiddleware(middlewares.JWTMCPAuthorization(config)))
 		{
 			mcpRoute.POST("", bindJSONRPCApi(map[string]core.JSONRPCApiHandlerFunc{
 				"initialize":     api.ModelContextProtocols.InitializeHandler,
@@ -242,23 +252,43 @@ func startWebServer(c *core.CliContext) error {
 		}
 	}

+	if config.EnableOAuth2Login {
+		oauth2Route := router.Group("/oauth2")
+		oauth2Route.Use(bindMiddleware(middlewares.RequestId(config)))
+		oauth2Route.Use(bindMiddleware(middlewares.RequestLog))
+		{
+			oauth2Route.GET("/login", bindRedirect(api.OAuth2Authentications.LoginHandler))
+			oauth2Route.GET("/callback", bindRedirect(api.OAuth2Authentications.CallbackHandler))
+		}
+	}
+
 	apiRoute := router.Group("/api")

 	apiRoute.Use(bindMiddleware(middlewares.RequestId(config)))
 	apiRoute.Use(bindMiddleware(middlewares.RequestLog))
 	{
-		apiRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.AuthorizeHandler, config))
+		if config.EnableInternalAuth {
+			apiRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.AuthorizeHandler, config))
+		}

-		if config.EnableTwoFactor {
+		if config.EnableInternalAuth && config.EnableTwoFactor {
 			twoFactorRoute := apiRoute.Group("/2fa")
-			twoFactorRoute.Use(bindMiddleware(middlewares.JWTTwoFactorAuthorization))
+			twoFactorRoute.Use(bindMiddleware(middlewares.JWTTwoFactorAuthorization(config)))
 			{
 				twoFactorRoute.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.TwoFactorAuthorizeHandler, config))
 				twoFactorRoute.POST("/recovery.json", bindApiWithTokenUpdate(api.Authorizations.TwoFactorAuthorizeByRecoveryCodeHandler, config))
 			}
 		}

-		if config.EnableUserRegister {
+		if config.EnableOAuth2Login {
+			oauth2Route := apiRoute.Group("/oauth2")
+			oauth2Route.Use(bindMiddleware(middlewares.JWTOAuth2CallbackAuthorization(config)))
+			{
+				oauth2Route.POST("/authorize.json", bindApiWithTokenUpdate(api.Authorizations.OAuth2CallbackAuthorizeHandler, config))
+			}
+		}
+
+		if config.EnableInternalAuth && config.EnableUserRegister {
 			apiRoute.POST("/register.json", bindApiWithTokenUpdate(api.Users.UserRegisterHandler, config))
 		}

@@ -266,17 +296,17 @@ func startWebServer(c *core.CliContext) error {
 			apiRoute.POST("/verify_email/resend.json", bindApi(api.Users.UserSendVerifyEmailByUnloginUserHandler))

 			emailVerifyRoute := apiRoute.Group("/verify_email")
-			emailVerifyRoute.Use(bindMiddleware(middlewares.JWTEmailVerifyAuthorization))
+			emailVerifyRoute.Use(bindMiddleware(middlewares.JWTEmailVerifyAuthorization(config)))
 			{
 				emailVerifyRoute.POST("/by_token.json", bindApi(api.Users.UserEmailVerifyHandler))
 			}
 		}

-		if config.EnableUserForgetPassword {
+		if config.EnableInternalAuth && config.EnableUserForgetPassword {
 			apiRoute.POST("/forget_password/request.json", bindApi(api.ForgetPasswords.UserForgetPasswordRequestHandler))

 			resetPasswordRoute := apiRoute.Group("/forget_password/reset")
-			resetPasswordRoute.Use(bindMiddleware(middlewares.JWTResetPasswordAuthorization))
+			resetPasswordRoute.Use(bindMiddleware(middlewares.JWTResetPasswordAuthorization(config)))
 			{
 				resetPasswordRoute.POST("/by_token.json", bindApi(api.ForgetPasswords.UserResetPasswordHandler))
 			}
@@ -285,10 +315,12 @@ func startWebServer(c *core.CliContext) error {
 		apiRoute.GET("/logout.json", bindApiWithTokenUpdate(api.Tokens.TokenRevokeCurrentHandler, config))

 		apiV1Route := apiRoute.Group("/v1")
-		apiV1Route.Use(bindMiddleware(middlewares.JWTAuthorization))
+		apiV1Route.Use(bindMiddleware(middlewares.JWTAuthorization(config)))
+		apiV1Route.Use(bindMiddleware(middlewares.APITokenIpLimit(config)))
 		{
 			// Tokens
 			apiV1Route.GET("/tokens/list.json", bindApi(api.Tokens.TokenListHandler))
+			apiV1Route.POST("/tokens/generate/api.json", bindApi(api.Tokens.TokenGenerateAPIHandler))
 			apiV1Route.POST("/tokens/generate/mcp.json", bindApi(api.Tokens.TokenGenerateMCPHandler))
 			apiV1Route.POST("/tokens/revoke.json", bindApi(api.Tokens.TokenRevokeHandler))
 			apiV1Route.POST("/tokens/revoke_all.json", bindApi(api.Tokens.TokenRevokeAllHandler))
@@ -307,6 +339,12 @@ func startWebServer(c *core.CliContext) error {
 				apiV1Route.POST("/users/verify_email/resend.json", bindApi(api.Users.UserSendVerifyEmailByLoginedUserHandler))
 			}

+			// External Authentications
+			if config.EnableOAuth2Login {
+				apiV1Route.GET("/users/external_auth/list.json", bindApi(api.UserExternalAuths.ExternalAuthListHanlder))
+				apiV1Route.POST("/users/external_auth/unlink.json", bindApi(api.UserExternalAuths.UnlinkExternalAuthHandler))
+			}
+
 			// Application Cloud Settings
 			apiV1Route.GET("/users/settings/cloud/get.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsGetHandler))
 			apiV1Route.POST("/users/settings/cloud/update.json", bindApi(api.UserApplicationCloudSettings.ApplicationSettingsUpdateHandler))
@@ -323,7 +361,9 @@ func startWebServer(c *core.CliContext) error {

 			// Data
 			apiV1Route.GET("/data/statistics.json", bindApi(api.DataManagements.DataStatisticsHandler))
-			apiV1Route.POST("/data/clear.json", bindApi(api.DataManagements.ClearDataHandler))
+			apiV1Route.POST("/data/clear/all.json", bindApi(api.DataManagements.ClearAllDataHandler))
+			apiV1Route.POST("/data/clear/transactions.json", bindApi(api.DataManagements.ClearAllTransactionsHandler))
+			apiV1Route.POST("/data/clear/transactions/by_account.json", bindApi(api.DataManagements.ClearAllTransactionsByAccountHandler))

 			if config.EnableDataExport {
 				apiV1Route.GET("/data/export.csv", bindCsv(api.DataManagements.ExportDataToEzbookkeepingCSVHandler))
@@ -344,16 +384,20 @@ func startWebServer(c *core.CliContext) error {
 			apiV1Route.GET("/transactions/count.json", bindApi(api.Transactions.TransactionCountHandler))
 			apiV1Route.GET("/transactions/list.json", bindApi(api.Transactions.TransactionListHandler))
 			apiV1Route.GET("/transactions/list/by_month.json", bindApi(api.Transactions.TransactionMonthListHandler))
+			apiV1Route.GET("/transactions/list/all.json", bindApi(api.Transactions.TransactionListAllHandler))
+			apiV1Route.GET("/transactions/reconciliation_statements.json", bindApi(api.Transactions.TransactionReconciliationStatementHandler))
 			apiV1Route.GET("/transactions/statistics.json", bindApi(api.Transactions.TransactionStatisticsHandler))
 			apiV1Route.GET("/transactions/statistics/trends.json", bindApi(api.Transactions.TransactionStatisticsTrendsHandler))
+			apiV1Route.GET("/transactions/statistics/asset_trends.json", bindApi(api.Transactions.TransactionStatisticsAssetTrendsHandler))
 			apiV1Route.GET("/transactions/amounts.json", bindApi(api.Transactions.TransactionAmountsHandler))
 			apiV1Route.GET("/transactions/get.json", bindApi(api.Transactions.TransactionGetHandler))
 			apiV1Route.POST("/transactions/add.json", bindApi(api.Transactions.TransactionCreateHandler))
 			apiV1Route.POST("/transactions/modify.json", bindApi(api.Transactions.TransactionModifyHandler))
+			apiV1Route.POST("/transactions/move/all.json", bindApi(api.Transactions.TransactionMoveAllBetweenAccountsHandler))
 			apiV1Route.POST("/transactions/delete.json", bindApi(api.Transactions.TransactionDeleteHandler))

 			if config.EnableDataImport {
-				apiV1Route.POST("/transactions/parse_dsv_file.json", bindApi(api.Transactions.TransactionParseImportDsvFileDataHandler))
+				apiV1Route.POST("/transactions/parse_custom_file.json", bindApi(api.Transactions.TransactionParseImportCustomFileDataHandler))
 				apiV1Route.POST("/transactions/parse_import.json", bindApi(api.Transactions.TransactionParseImportFileHandler))
 				apiV1Route.POST("/transactions/import.json", bindApi(api.Transactions.TransactionImportHandler))
 				apiV1Route.GET("/transactions/import/process.json", bindApi(api.Transactions.TransactionImportProcessHandler))
@@ -375,6 +419,14 @@ func startWebServer(c *core.CliContext) error {
 			apiV1Route.POST("/transaction/categories/move.json", bindApi(api.TransactionCategories.CategoryMoveHandler))
 			apiV1Route.POST("/transaction/categories/delete.json", bindApi(api.TransactionCategories.CategoryDeleteHandler))

+			// Transaction Tag Groups
+			apiV1Route.GET("/transaction/tags/groups/list.json", bindApi(api.TransactionTagGroups.TagGroupListHandler))
+			apiV1Route.GET("/transaction/tags/groups/get.json", bindApi(api.TransactionTagGroups.TagGroupGetHandler))
+			apiV1Route.POST("/transaction/tags/groups/add.json", bindApi(api.TransactionTagGroups.TagGroupCreateHandler))
+			apiV1Route.POST("/transaction/tags/groups/modify.json", bindApi(api.TransactionTagGroups.TagGroupModifyHandler))
+			apiV1Route.POST("/transaction/tags/groups/move.json", bindApi(api.TransactionTagGroups.TagGroupMoveHandler))
+			apiV1Route.POST("/transaction/tags/groups/delete.json", bindApi(api.TransactionTagGroups.TagGroupDeleteHandler))
+
 			// Transaction Tags
 			apiV1Route.GET("/transaction/tags/list.json", bindApi(api.TransactionTags.TagListHandler))
 			apiV1Route.GET("/transaction/tags/get.json", bindApi(api.TransactionTags.TagGetHandler))
@@ -394,6 +446,22 @@ func startWebServer(c *core.CliContext) error {
 			apiV1Route.POST("/transaction/templates/move.json", bindApi(api.TransactionTemplates.TemplateMoveHandler))
 			apiV1Route.POST("/transaction/templates/delete.json", bindApi(api.TransactionTemplates.TemplateDeleteHandler))

+			// Insights Explorers
+			apiV1Route.GET("/insights/explorers/list.json", bindApi(api.InsightsExplorers.InsightsExplorerListHandler))
+			apiV1Route.GET("/insights/explorers/get.json", bindApi(api.InsightsExplorers.InsightsExplorerGetHandler))
+			apiV1Route.POST("/insights/explorers/add.json", bindApi(api.InsightsExplorers.InsightsExplorerCreateHandler))
+			apiV1Route.POST("/insights/explorers/modify.json", bindApi(api.InsightsExplorers.InsightsExplorerModifyHandler))
+			apiV1Route.POST("/insights/explorers/hide.json", bindApi(api.InsightsExplorers.InsightsExplorerHideHandler))
+			apiV1Route.POST("/insights/explorers/move.json", bindApi(api.InsightsExplorers.InsightsExplorerMoveHandler))
+			apiV1Route.POST("/insights/explorers/delete.json", bindApi(api.InsightsExplorers.InsightsExplorerDeleteHandler))
+
+			// Large Language Models
+			if config.ReceiptImageRecognitionLLMConfig != nil && config.ReceiptImageRecognitionLLMConfig.LLMProvider != "" {
+				if config.TransactionFromAIImageRecognition {
+					apiV1Route.POST("/llm/transactions/recognize_receipt_image.json", bindApi(api.LargeLanguageModels.RecognizeReceiptImageHandler))
+				}
+			}
+
 			// Exchange Rates
 			apiV1Route.GET("/exchange_rates/latest.json", bindApi(api.ExchangeRates.LatestExchangeRateHandler))
 			apiV1Route.POST("/exchange_rates/user_custom/update.json", bindApi(api.ExchangeRates.UserCustomExchangeRateUpdateHandler))
@@ -433,6 +501,19 @@ func bindMiddleware(fn core.MiddlewareHandlerFunc) gin.HandlerFunc {
 	}
 }

+func bindRedirect(fn core.RedirectHandlerFunc) gin.HandlerFunc {
+	return func(ginCtx *gin.Context) {
+		c := core.WrapWebContext(ginCtx)
+		url, err := fn(c)
+
+		if err != nil {
+			utils.PrintJsonErrorResult(c, err)
+		} else {
+			c.Redirect(http.StatusFound, url)
+		}
+	}
+}
+
 func bindApi(fn core.ApiHandlerFunc) gin.HandlerFunc {
 	return func(ginCtx *gin.Context) {
 		c := core.WrapWebContext(ginCtx)
@@ -521,7 +602,7 @@ func bindCachedJs(fn core.DataHandlerFunc, store persistence.CacheStore) gin.Han
 		if err != nil {
 			utils.PrintDataErrorResult(c, "text/javascript", err)
 		} else {
-			utils.PrintDataSuccessResult(c, "text/javascript", "", result)
+			utils.PrintDataSuccessResult(c, "text/javascript; charset=utf-8", "", result)
 		}
 	})
 }
@@ -534,7 +615,7 @@ func bindCsv(fn core.DataHandlerFunc) gin.HandlerFunc {
 		if err != nil {
 			utils.PrintDataErrorResult(c, "text/text", err)
 		} else {
-			utils.PrintDataSuccessResult(c, "text/csv", fileName, result)
+			utils.PrintDataSuccessResult(c, "text/csv; charset=utf-8", fileName, result)
 		}
 	}
 }
@@ -547,7 +628,7 @@ func bindTsv(fn core.DataHandlerFunc) gin.HandlerFunc {
 		if err != nil {
 			utils.PrintDataErrorResult(c, "text/text", err)
 		} else {
-			utils.PrintDataSuccessResult(c, "text/tab-separated-values", fileName, result)
+			utils.PrintDataSuccessResult(c, "text/tab-separated-values; charset=utf-8", fileName, result)
 		}
 	}
 }
@@ -1,7 +1,4 @@
 [global]
-# Application instance name
-app_name = ezBookkeeping
-
 # Either "production", "development"
 mode = production

@@ -18,7 +15,7 @@ http_port = 8080
 # The domain name used to access ezBookkeeping
 domain = localhost

-# The full url used to access ezBookkeeping in browser
+# The full url used to access ezBookkeeping in browser, supports placeholders: %(protocol)s, %(domain)s, %(http_port)s
 root_url = %(protocol)s://%(domain)s:%(http_port)s/

 # https certification and its key file
@@ -37,6 +34,9 @@ enable_gzip = false
 # Set to true to log each request and execution time
 log_request = true

+# Add X-Request-Id header to response to track user request or error, default is true
+request_id_header = true
+
 [mcp]
 # Set to true to enable MCP (Model Context Protocol) server (via http / https web server) for AI/LLM access
 enable_mcp = false
@@ -115,7 +115,7 @@ log_file_max_size = 104857600
 log_file_max_days = 7

 [storage]
-# Object storage type, supports "local_filesystem" and "minio" currently
+# Object storage type, supports "local_filesystem", "minio" and "webdav" currently
 type = local_filesystem

 # For "local_filesystem" storage only, the storage root path (relative or absolute path)
@@ -139,6 +139,115 @@ minio_bucket = ezbookkeeping
 # For "minio" storage only, the root path to store files in minio
 minio_root_path = /

+# For "webdav" storage only, the webdav url
+webdav_url =
+
+# For "webdav" storage only, the webdav username
+webdav_username =
+
+# For "webdav" storage only, the webdav password
+webdav_password =
+
+# For "webdav" storage only, the webdav root path to store files
+webdav_root_path = /
+
+# For "webdav" storage only, requesting webdav url timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting webdav url, default is 10000 (10 seconds)
+webdav_request_timeout = 10000
+
+# For "webdav" storage only, proxy for requesting webdav url, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+webdav_proxy = system
+
+# For "webdav" storage only, set to true to skip tls verification when connect webdav
+webdav_skip_tls_verify = false
+
+[llm]
+# Set to true to enable creating transactions from AI image recognition results, requires "llm_provider" and its related model id to be configured properly in "llm_image_recognition" section
+transaction_from_ai_image_recognition = false
+
+# Maximum allowed AI recognition picture file size (1 - 4294967295 bytes)
+max_ai_recognition_picture_size = 10485760
+
+[llm_image_recognition]
+# Large Language Model (LLM) provider for receipt image recognition, supports the following types: "openai", "openai_compatible", "anthropic", "anthropic_compatible", "openrouter", "ollama", "lm_studio", "google_ai"
+llm_provider =
+
+# For "openai" llm provider only, OpenAI API secret key, please visit https://platform.openai.com/api-keys for more information
+openai_api_key =
+
+# For "openai" llm provider only, receipt image recognition model for creating transactions from images
+openai_model_id =
+
+# For "openai_compatible" llm provider only, OpenAI compatible API base url, e.g. "https://api.openai.com/v1/"
+openai_compatible_base_url =
+
+# For "openai_compatible" llm provider only, OpenAI compatible API secret key
+openai_compatible_api_key =
+
+# For "openai_compatible" llm provider only, receipt image recognition model for creating transactions from images
+openai_compatible_model_id =
+
+# For "anthropic" llm provider only, Anthropic API key, please visit https://platform.claude.com/settings/keys for more information
+anthropic_api_key =
+
+# For "anthropic" llm provider only, receipt image recognition model for creating transactions from images
+anthropic_model_id =
+
+# For "anthropic" llm provider only, maximum allowed number of generated tokens for creating transactions from images, default is 1024
+anthropic_max_tokens = 1024
+
+# For "anthropic_compatible" llm provider only, Anthropic compatible API base url, e.g. "https://api.anthropic.com/v1/"
+anthropic_compatible_base_url =
+
+# For "anthropic_compatible" llm provider only, Anthropic compatible API version, e.g. "2023-06-01". If the LLM service does not require API versioning, leave it blank
+anthropic_compatible_api_version =
+
+# For "anthropic_compatible" llm provider only, Anthropic compatible API secret key
+anthropic_compatible_api_key =
+
+# For "anthropic_compatible" llm provider only, receipt image recognition model for creating transactions from images
+anthropic_compatible_model_id =
+
+# For "anthropic_compatible" llm provider only, maximum allowed number of generated tokens for creating transactions from images, default is 1024
+anthropic_compatible_max_tokens = 1024
+
+# For "openrouter" llm provider only, OpenRouter API key, please visit https://openrouter.ai/settings/keys for more information
+openrouter_api_key =
+
+# For "openrouter" llm provider only, receipt image recognition model for creating transactions from images
+openrouter_model_id =
+
+# For "ollama" llm provider only, Ollama server url, e.g. "http://127.0.0.1:11434/"
+ollama_server_url =
+
+# For "ollama" llm provider only, receipt image recognition model for creating transactions from images
+ollama_model_id =
+
+# For "lm_studio" llm provider only, LM Studio server url, e.g. "http://127.0.0.1:1234/"
+lm_studio_server_url =
+
+# For "lm_studio" llm provider only, LM Studio API token, if "require authentication" is not enabled in LM Studio, leave it blank
+lm_studio_token =
+
+# For "lm_studio" llm provider only, receipt image recognition model for creating transactions from images
+lm_studio_model_id =
+
+# For "google_ai" llm provider only, Google AI Studio API key, please visit https://aistudio.google.com/apikey for more information
+google_ai_api_key =
+
+# For "google_ai" llm provider only, receipt image recognition model for creating transactions from images
+google_ai_model_id =
+
+# Requesting large language model api timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting large language model api, default is 60000 (60 seconds)
+request_timeout = 60000
+
+# Proxy for ezbookkeeping server requesting large language model api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+proxy = system
+
+# Set to true to skip tls verification when request large language model api
+skip_tls_verify = false
+
 [uuid]
 # Uuid generator type, supports "internal" currently
 generator_type = internal
@@ -168,9 +277,6 @@ enable_create_scheduled_transaction = true
 # Used for signing, you must change it to keep your user data safe before you first run ezBookkeeping
 secret_key =

-# Set to true to enable two-factor authorization
-enable_two_factor = true
-
 # Token expired seconds (60 - 4294967295), default is 2592000 (30 days)
 token_expired_time = 2592000

@@ -187,14 +293,84 @@ email_verify_token_expired_time = 3600
 # Password reset token expired seconds (60 - 4294967295), default is 3600 (60 minutes)
 password_reset_token_expired_time = 3600

+# Set to true to enable API token generation
+enable_api_token = false
+
+# Allowed remote IPs for using the API token, a comma-separated list of allowed remote IPs (asterisk * for any addresses, e.g. 192.168.1.* means any IPs in the 192.168.1.x subnet), leave blank to allow all remote IPs
+api_token_allowed_remote_ips =
+
 # Maximum count of password / token check failures (0 - 4294967295) per IP per minute (use the above duplicate checker), default is 5, set to 0 to disable
 max_failures_per_ip_per_minute = 5

 # Maximum count of password / token check failures (0 - 4294967295) per user per minute (use the above duplicate checker), default is 5, set to 0 to disable
 max_failures_per_user_per_minute = 5

-# Add X-Request-Id header to response to track user request or error, default is true
-request_id_header = true
+[auth]
+# Set to true to enable internal authentication
+enable_internal_auth = true
+
+# Set to true to enable OAuth 2.0 authentication
+enable_oauth2_auth = false
+
+# For "internal" authentication only, set to true to enable two-factor authorization
+enable_two_factor = true
+
+# For "internal" authentication only, set to true to allow users to reset password
+enable_forget_password = true
+
+# For "internal" authentication only, set to true to require email must be verified when use forget password
+forget_password_require_email_verify = false
+
+# For "oauth2" authentication only, OAuth 2.0 provider, supports "oidc", "nextcloud", "gitea" and "github" currently
+oauth2_provider =
+
+# For "oauth2" authentication only, OAuth 2.0 client ID
+oauth2_client_id =
+
+# For "oauth2" authentication only, OAuth 2.0 client secret
+oauth2_client_secret =
+
+# For "oauth2" authentication only, OAuth 2.0 provider user identifier claim name, supports "email" and "username", default is "email"
+oauth2_user_identifier = email
+
+# For "oauth2" authentication only, set to true to use PKCE
+oauth2_use_pkce = false
+
+# For "oauth2" authentication only, if the user returned by OAuth 2.0 is not registered, automatically create a new user (requires "enable_register" to be set to true)
+oauth2_auto_register = true
+
+# For "oauth2" authentication only, OAuth 2.0 state expired seconds (60 - 4294967295), default is 300 (5 minutes)
+oauth2_state_expired_time = 300
+
+# For "oauth2" authentication only, requesting OAuth 2.0 api timeout (0 - 4294967295 milliseconds)
+# Set to 0 to disable timeout for requesting OAuth 2.0 api, default is 10000 (10 seconds)
+oauth2_request_timeout = 10000
+
+# For "oauth2" authentication only, proxy for ezbookkeeping server requesting OAuth 2.0 api, supports "system" (use system proxy), "none" (do not use proxy), or proxy URL which starts with "http://", "https://" or "socks5://", default is "system"
+oauth2_proxy = system
+
+# For "oauth2" authentication only, set to true to skip tls verification when request OAuth 2.0 api
+oauth2_skip_tls_verify = false
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, OIDC provider issuer url. Make sure the ".well-known" directory is available under this path. For example, if it's set to "https://auth.example.com", the discovery URL should be "https://auth.example.com/.well-known/openid-configuration".
+oidc_provider_base_url =
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to check whether the issuer url in the discovery response matches the above "oidc_provider_base_url"
+oidc_provider_check_issuer_url = true
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, set to true to replace the text "Connect ID" in the "Log in with Connect ID" button with the below custom provider name
+enable_oidc_display_name = false
+
+# For "oauth2" authentication and "oidc" OAuth 2.0 provider only, the custom provider name to replace the text in the "Log in with Connect ID" button, it supports multi-language configuration
+# Add an underscore and a language tag after the setting key to configure the display name in that language
+# For example, oidc_custom_display_name_zh_hans means the display name in Chinese (Simplified)
+oidc_custom_display_name =
+
+# For "oauth2" authentication and "nextcloud" OAuth 2.0 provider only, Nextcloud base url, e.g. "https://cloud.example.org/"
+nextcloud_base_url =
+
+# For "oauth2" authentication and "gitea" OAuth 2.0 provider only, Gitea base url, e.g. "https://git.example.com/"
+gitea_base_url =

 [user]
 # Set to true to allow users to register account by themselves
@@ -206,12 +382,6 @@ enable_email_verify = false
 # Set to true to require email must be verified when login
 enable_force_email_verify = false

-# Set to true to allow users to reset password
-enable_forget_password = true
-
-# Set to true to require email must be verified when use forget password
-forget_password_require_email_verify = false
-
 # Set to true to allow users to upload transaction pictures
 enable_transaction_picture = true

@@ -245,6 +415,10 @@ max_user_avatar_size = 1048576
 # 11: Clear All Data
 # 12: Sync Application Settings
 # 13: MCP (Model Context Protocol) Access
+# 14: Create Transactions from AI Image Recognition
+# 15: OAuth 2.0 Login
+# 16: Unlink Third-party Login
+# 17: Generate API Token
 default_feature_restrictions =

 [data]
@@ -355,7 +529,6 @@ custom_map_tile_server_default_zoom_level = 14

 [exchange_rates]
 # Exchange rates data source, supports the following types:
-# "reserve_bank_of_australia": https://www.rba.gov.au/statistics/frequency/exchange-rates.html
 # "bank_of_canada": https://www.bankofcanada.ca/rates/exchange/daily-exchange-rates/
 # "czech_national_bank": https://www.cnb.cz/en/financial-markets/foreign-exchange-market/central-bank-exchange-rate-fixing/central-bank-exchange-rate-fixing/
 # "danmarks_national_bank": https://www.nationalbanken.dk/en/what-we-do/stable-prices-monetary-policy-and-the-danish-economy/exchange-rates
@@ -371,7 +544,6 @@ custom_map_tile_server_default_zoom_level = 14
 # "swiss_national_bank": https://www.snb.ch/en/the-snb/mandates-goals/statistics/statistics-pub/current_interest_exchange_rates
 # "national_bank_of_ukraine": https://bank.gov.ua/ua/markets/exchangerates
 # "central_bank_of_uzbekistan": https://cbu.uz/en/arkhiv-kursov-valyut/
-# "international_monetary_fund": https://www.imf.org/external/np/fin/data/param_rms_mth.aspx
 # "user_custom": users set their own exchange rates data in the UI
 data_source = euro_central_bank

@@ -0,0 +1,74 @@
+{
+    "code": [
+        "jiangshengwu",
+        "vigdail",
+        "f97",
+        "Miguelonlonlon",
+        "seb26",
+        "nktlitvinenko",
+        "lvdou-bing",
+        "dshemin",
+        "lucdsouza",
+        "OuIChien",
+        "RasterCrow"
+    ],
+    "translators": {
+        "de": [
+            "chrgm",
+            "1270o1"
+        ],
+        "en": [],
+        "es": [
+            "Miguelonlonlon",
+            "abrugues",
+            "AndresTeller",
+            "diegofercri"
+        ],
+        "fr": [
+            "brieucdlf"
+        ],
+        "it": [
+            "waron97"
+        ],
+        "ja": [
+            "tkymmm"
+        ],
+        "kn": [
+            "Darshanbm05"
+        ],
+        "ko": [
+            "overworks"
+        ],
+        "nl": [
+            "automagics"
+        ],
+        "pt-BR": [
+            "thecodergus",
+            "balaios"
+        ],
+        "ru": [
+            "artegoser",
+            "dshemin"
+        ],
+        "sl": [
+            "thehijacker"
+        ],
+        "ta": [
+            "hhharsha36"
+        ],
+        "th": [
+            "natthavat28"
+        ],
+        "tr": [
+            "aydnykn"
+        ],
+        "uk": [
+            "nktlitvinenko"
+        ],
+        "vi": [
+            "f97"
+        ],
+        "zh-Hans": [],
+        "zh-Hant": []
+    }
+}
@@ -0,0 +1,34 @@
+variable "DEFAULT_TAG" {
+  default = "ezbookkeeping:local"
+}
+
+// Special target: https://github.com/docker/metadata-action#bake-definition
+target "docker-metadata-action" {
+  tags = ["${DEFAULT_TAG}"]
+}
+
+// Default target if none specified
+group "default" {
+  targets = ["image-local"]
+}
+
+target "image" {
+  inherits = ["docker-metadata-action"]
+  context = "./"
+  dockerfile = "Dockerfile"
+}
+
+target "image-local" {
+  inherits = ["image"]
+  output = ["type=docker"]
+}
+
+target "image-all" {
+  inherits = ["image"]
+  platforms = [
+    "linux/amd64",
+    "linux/arm64",
+    "linux/arm/v7",
+    "linux/arm/v6"
+  ]
+}
@@ -1,5 +1,5 @@
 [Unit]
-Description=ezBookkeeping, a lightweight, self-hosted personal finance app with a sleek, user-friendly interface and powerful bookkeeping features.
+Description=ezBookkeeping, a lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features.
 After=syslog.target
 After=network.target
 After=mariadb.service mysqld.service postgresql.service
@@ -10,7 +10,7 @@ import (
 	"github.com/urfave/cli/v3"

 	"github.com/mayswind/ezbookkeeping/cmd"
-	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

@@ -26,13 +26,13 @@ var (
 )

 func main() {
-	settings.Version = Version
-	settings.CommitHash = CommitHash
-	settings.BuildTime = BuildUnixTime
+	core.Version = Version
+	core.CommitHash = CommitHash
+	core.BuildTime = BuildUnixTime

 	cmd := &cli.Command{
 		Name:    "ezBookkeeping",
-		Usage:   "A lightweight, self-hosted personal finance app with a sleek, user-friendly interface and powerful bookkeeping features.",
+		Usage:   "A lightweight, self-hosted personal finance app with a user-friendly interface and powerful bookkeeping features.",
 		Version: GetFullVersion(),
 		Commands: []*cli.Command{
 			cmd.WebServer,
@@ -1,34 +1,37 @@
 module github.com/mayswind/ezbookkeeping

-go 1.24
+go 1.25.0

 require (
-	github.com/boombuler/barcode v1.0.2
+	github.com/boombuler/barcode v1.1.0
+	github.com/coreos/go-oidc/v3 v3.17.0
 	github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b
-	github.com/gin-contrib/cache v1.4.0
-	github.com/gin-contrib/gzip v1.2.3
-	github.com/gin-gonic/gin v1.10.1
-	github.com/go-co-op/gocron/v2 v2.16.2
-	github.com/go-playground/validator/v10 v10.26.0
-	github.com/go-sql-driver/mysql v1.9.2
-	github.com/golang-jwt/jwt/v5 v5.2.2
-	github.com/lib/pq v1.10.9
-	github.com/mattn/go-sqlite3 v1.14.28
-	github.com/minio/minio-go/v7 v7.0.92
+	github.com/gin-contrib/cache v1.4.3
+	github.com/gin-contrib/gzip v1.2.6
+	github.com/gin-gonic/gin v1.12.0
+	github.com/go-co-op/gocron/v2 v2.19.1
+	github.com/go-playground/validator/v10 v10.30.2
+	github.com/go-sql-driver/mysql v1.9.3
+	github.com/golang-jwt/jwt/v5 v5.3.1
+	github.com/invopop/jsonschema v0.13.0
+	github.com/lib/pq v1.12.1
+	github.com/mattn/go-sqlite3 v1.14.38
+	github.com/minio/minio-go/v7 v7.0.99
 	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pquerna/otp v1.5.0
-	github.com/sirupsen/logrus v1.9.3
-	github.com/stretchr/testify v1.10.0
-	github.com/urfave/cli/v3 v3.3.3
+	github.com/sirupsen/logrus v1.9.4
+	github.com/stretchr/testify v1.11.1
+	github.com/urfave/cli/v3 v3.8.0
 	github.com/wk8/go-ordered-map/v2 v2.1.8
-	github.com/xuri/excelize/v2 v2.9.0
-	golang.org/x/crypto v0.38.0
-	golang.org/x/net v0.40.0
-	golang.org/x/text v0.25.0
-	gopkg.in/ini.v1 v1.67.0
+	github.com/xuri/excelize/v2 v2.10.1
+	golang.org/x/crypto v0.49.0
+	golang.org/x/net v0.52.0
+	golang.org/x/oauth2 v0.36.0
+	golang.org/x/text v0.35.0
+	gopkg.in/ini.v1 v1.67.1
 	gopkg.in/mail.v2 v2.3.1
 	xorm.io/builder v0.3.13
-	xorm.io/xorm v1.3.9
+	xorm.io/xorm v1.3.11
 )

 require (
@@ -36,63 +39,73 @@ require (
 	github.com/bahlo/generic-list-go v0.2.0 // indirect
 	github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf // indirect
 	github.com/buger/jsonparser v1.1.1 // indirect
-	github.com/bytedance/sonic v1.13.2 // indirect
-	github.com/bytedance/sonic/loader v0.2.4 // indirect
+	github.com/bytedance/gopkg v0.1.3 // indirect
+	github.com/bytedance/sonic v1.15.0 // indirect
+	github.com/bytedance/sonic/loader v0.5.0 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d // indirect
 	github.com/chenzhuoyu/iasm v0.9.1 // indirect
-	github.com/cloudwego/base64x v0.1.5 // indirect
+	github.com/cloudwego/base64x v0.1.6 // indirect
 	github.com/cloudwego/iasm v0.2.0 // indirect
 	github.com/cpuguy83/go-md2man/v2 v2.0.5 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/extrame/goyymmdd v0.0.0-20210114090516-7cc815f00d1a // indirect
 	github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.9 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.13 // indirect
 	github.com/gin-contrib/sse v1.1.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
+	github.com/go-jose/go-jose/v4 v4.1.3 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
 	github.com/goccy/go-json v0.10.5 // indirect
+	github.com/goccy/go-yaml v1.19.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/gomodule/redigo v1.9.2 // indirect
 	github.com/google/uuid v1.6.0 // indirect
-	github.com/invopop/jsonschema v0.13.0 // indirect
 	github.com/jonboulle/clockwork v0.5.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
-	github.com/klauspost/compress v1.18.0 // indirect
-	github.com/klauspost/cpuid/v2 v2.2.10 // indirect
+	github.com/klauspost/compress v1.18.2 // indirect
+	github.com/klauspost/cpuid/v2 v2.3.0 // indirect
+	github.com/klauspost/crc32 v1.3.0 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/memcachier/mc/v3 v3.0.3 // indirect
-	github.com/minio/crc64nvme v1.0.1 // indirect
+	github.com/minio/crc64nvme v1.1.1 // indirect
 	github.com/minio/md5-simd v1.1.2 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 // indirect
 	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
-	github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c // indirect
+	github.com/philhofer/fwd v1.2.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/richardlehane/mscfb v1.0.4 // indirect
-	github.com/richardlehane/msoleps v1.0.4 // indirect
+	github.com/quic-go/qpack v0.6.0 // indirect
+	github.com/quic-go/quic-go v0.59.0 // indirect
+	github.com/richardlehane/mscfb v1.0.6 // indirect
+	github.com/richardlehane/msoleps v1.0.6 // indirect
 	github.com/robfig/cron/v3 v3.0.1 // indirect
 	github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62 // indirect
 	github.com/rs/xid v1.6.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/syndtr/goleveldb v1.0.0 // indirect
 	github.com/tealeg/xlsx v1.0.5 // indirect
-	github.com/tiendc/go-deepcopy v1.6.0 // indirect
-	github.com/tinylib/msgp v1.3.0 // indirect
+	github.com/tiendc/go-deepcopy v1.7.2 // indirect
+	github.com/tinylib/msgp v1.6.1 // indirect
 	github.com/twitchyliquid64/golang-asm v0.15.1 // indirect
-	github.com/ugorji/go/codec v1.2.12 // indirect
+	github.com/ugorji/go/codec v1.3.1 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	github.com/xuri/efp v0.0.1 // indirect
-	github.com/xuri/nfp v0.0.1 // indirect
-	golang.org/x/arch v0.17.0 // indirect
+	github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9 // indirect
+	go.mongodb.org/mongo-driver/v2 v2.5.0 // indirect
+	go.yaml.in/yaml/v3 v3.0.4 // indirect
+	golang.org/x/arch v0.22.0 // indirect
 	golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect
-	golang.org/x/sys v0.33.0 // indirect
-	google.golang.org/protobuf v1.36.6 // indirect
+	golang.org/x/mod v0.33.0 // indirect
+	golang.org/x/sync v0.20.0 // indirect
+	golang.org/x/sys v0.42.0 // indirect
+	golang.org/x/tools v0.42.0 // indirect
+	google.golang.org/protobuf v1.36.10 // indirect
 	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -4,19 +4,20 @@ gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0p
 github.com/bahlo/generic-list-go v0.2.0 h1:5sz/EEAK+ls5wF+NeqDpk5+iNdMDXrh3z3nPnH1Wvgk=
 github.com/bahlo/generic-list-go v0.2.0/go.mod h1:2KvAjgMlE5NNynlg/5iLrrCCZ2+5xWbdbCW3pNTGyYg=
 github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
-github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/boombuler/barcode v1.1.0 h1:ChaYjBR63fr4LFyGn8E8nt7dBSt3MiU3zMOZqFvVkHo=
+github.com/boombuler/barcode v1.1.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf h1:TqhNAT4zKbTdLa62d2HDBFdvgSbIGB3eJE8HqhgiL9I=
 github.com/bradfitz/gomemcache v0.0.0-20250403215159-8d39553ac7cf/go.mod h1:r5xuitiExdLAJ09PR7vBVENGvp4ZuTBeWTGtxuX3K+c=
 github.com/buger/jsonparser v1.1.1 h1:2PnMjfWD7wBILjqQbt530v576A/cAbQvEW9gGIpYMUs=
 github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
+github.com/bytedance/gopkg v0.1.3 h1:TPBSwH8RsouGCBcMBktLt1AymVo2TVsBVCY4b6TnZ/M=
+github.com/bytedance/gopkg v0.1.3/go.mod h1:576VvJ+eJgyCzdjS+c4+77QF3p7ubbtiKARP3TxducM=
 github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM=
 github.com/bytedance/sonic v1.10.0-rc/go.mod h1:ElCzW+ufi8qKqNW0FY314xriJhyJhuoJ3gFZdAHF7NM=
-github.com/bytedance/sonic v1.13.2 h1:8/H1FempDZqC4VqjptGo14QQlJx8VdZJegxs6wwfqpQ=
-github.com/bytedance/sonic v1.13.2/go.mod h1:o68xyaF9u2gvVBuGHPlUVCy+ZfmNNO5ETf1+KgkJhz4=
-github.com/bytedance/sonic/loader v0.1.1/go.mod h1:ncP89zfokxS5LZrJxl5z0UJcsk4M4yY2JpfqGeCtNLU=
-github.com/bytedance/sonic/loader v0.2.4 h1:ZWCw4stuXUsn1/+zQDqeE7JKP+QO47tz7QCNan80NzY=
-github.com/bytedance/sonic/loader v0.2.4/go.mod h1:N8A3vUdtUebEY2/VQC0MyhYeKUFosQU6FxH2JmUe6VI=
+github.com/bytedance/sonic v1.15.0 h1:/PXeWFaR5ElNcVE84U0dOHjiMHQOwNIx3K4ymzh/uSE=
+github.com/bytedance/sonic v1.15.0/go.mod h1:tFkWrPz0/CUCLEF4ri4UkHekCIcdnkqXw9VduqpJh0k=
+github.com/bytedance/sonic/loader v0.5.0 h1:gXH3KVnatgY7loH5/TkeVyXPfESoqSBSBEiDd5VjlgE=
+github.com/bytedance/sonic/loader v0.5.0/go.mod h1:AR4NYCk5DdzZizZ5djGqQ92eEhCCcdf5x77udYiSJRo=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY=
@@ -24,9 +25,11 @@ github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583j
 github.com/chenzhuoyu/base64x v0.0.0-20230717121745-296ad89f973d/go.mod h1:8EPpVsBuRksnlj1mLy4AWzRNQYxauNi62uWcE3to6eA=
 github.com/chenzhuoyu/iasm v0.9.0/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
 github.com/chenzhuoyu/iasm v0.9.1/go.mod h1:Xjy2NpN3h7aUqeqM+woSuuvxmIe6+DDsiNLIrkAmYog=
-github.com/cloudwego/base64x v0.1.5 h1:XPciSp1xaq2VCSt6lF0phncD4koWyULpl5bUxbfCyP4=
-github.com/cloudwego/base64x v0.1.5/go.mod h1:0zlkT4Wn5C6NdauXdJRhSKRlJvmclQ1hhJgA0rcu/8w=
+github.com/cloudwego/base64x v0.1.6 h1:t11wG9AECkCDk5fMSoxmufanudBtJ+/HemLstXDLI2M=
+github.com/cloudwego/base64x v0.1.6/go.mod h1:OFcloc187FXDaYHvrNIjxSe8ncn0OOM8gEHfghB2IPU=
 github.com/cloudwego/iasm v0.2.0/go.mod h1:8rXZaNYT2n95jn+zTI1sDr+IgcD2GVs0nlbbQPiEFhY=
+github.com/coreos/go-oidc/v3 v3.17.0 h1:hWBGaQfbi0iVviX4ibC7bk8OKT5qNr4klBaCHVNvehc=
+github.com/coreos/go-oidc/v3 v3.17.0/go.mod h1:wqPbKFrVnE90vty060SB40FCJ8fTHTxSwyXJqZH+sI8=
 github.com/cpuguy83/go-md2man/v2 v2.0.5/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -40,32 +43,36 @@ github.com/extrame/ole2 v0.0.0-20160812065207-d69429661ad7/go.mod h1:GPpMrAfHdb8
 github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b h1:jqW/h4gcXYEB6kVf6iuxjU9ONWA0ugUB94TP9UNmgdg=
 github.com/extrame/xls v0.0.2-0.20200426124601-4a6cf263071b/go.mod h1:iACcgahst7BboCpIMSpnFs4SKyU9ZjsvZBfNbUxZOJI=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
-github.com/gabriel-vasile/mimetype v1.4.9 h1:5k+WDwEsD9eTLL8Tz3L0VnmVh9QxGjRmjBvAG7U/oYY=
-github.com/gabriel-vasile/mimetype v1.4.9/go.mod h1:WnSQhFKJuBlRyLiKohA/2DtIlPFAbguNaG7QCHcyGok=
-github.com/gin-contrib/cache v1.4.0 h1:d1FUqCE2+gJQKT0vJjr7jMn1htW9+cypk5oF7aoQcmE=
-github.com/gin-contrib/cache v1.4.0/go.mod h1:6d0UAPedInkublPl/uJUB4bqwsEgJI1y5QGszhqnyxg=
-github.com/gin-contrib/gzip v1.2.3 h1:dAhT722RuEG330ce2agAs75z7yB+NKvX/ZM1r8w0u2U=
-github.com/gin-contrib/gzip v1.2.3/go.mod h1:ad72i4Bzmaypk8M762gNXa2wkxxjbz0icRNnuLJ9a/c=
+github.com/gabriel-vasile/mimetype v1.4.13 h1:46nXokslUBsAJE/wMsp5gtO500a4F3Nkz9Ufpk2AcUM=
+github.com/gabriel-vasile/mimetype v1.4.13/go.mod h1:d+9Oxyo1wTzWdyVUPMmXFvp4F9tea18J8ufA774AB3s=
+github.com/gin-contrib/cache v1.4.3 h1:6rmIlmTf2Vyfd/ue53+BLdTxC7hrQ7FqRgfjz31nEEE=
+github.com/gin-contrib/cache v1.4.3/go.mod h1:Znf5Qa8HTQ+QHku6ODf72WOPnJ2fHUd2nXD6mSi+6+g=
+github.com/gin-contrib/gzip v1.2.6 h1:OtN8DplD5DNZCSLAnQ5HxRkD2qZ5VU+JhOrcfJrcRvg=
+github.com/gin-contrib/gzip v1.2.6/go.mod h1:BQy8/+JApnRjAVUplSGZiVtD2k8GmIE2e9rYu/hLzzU=
 github.com/gin-contrib/sse v1.1.0 h1:n0w2GMuUpWDVp7qSpvze6fAu9iRxJY4Hmj6AmBOU05w=
 github.com/gin-contrib/sse v1.1.0/go.mod h1:hxRZ5gVpWMT7Z0B0gSNYqqsSCNIJMjzvm6fqCz9vjwM=
-github.com/gin-gonic/gin v1.10.1 h1:T0ujvqyCSqRopADpgPgiTT63DUQVSfojyME59Ei63pQ=
-github.com/gin-gonic/gin v1.10.1/go.mod h1:4PMNQiOhvDRa013RKVbsiNwoyezlm2rm0uX/T7kzp5Y=
-github.com/go-co-op/gocron/v2 v2.16.2 h1:r08P663ikXiulLT9XaabkLypL/W9MoCIbqgQoAutyX4=
-github.com/go-co-op/gocron/v2 v2.16.2/go.mod h1:4YTLGCCAH75A5RlQ6q+h+VacO7CgjkgP0EJ+BEOXRSI=
+github.com/gin-gonic/gin v1.12.0 h1:b3YAbrZtnf8N//yjKeU2+MQsh2mY5htkZidOM7O0wG8=
+github.com/gin-gonic/gin v1.12.0/go.mod h1:VxccKfsSllpKshkBWgVgRniFFAzFb9csfngsqANjnLc=
+github.com/go-co-op/gocron/v2 v2.19.1 h1:B4iLeA0NB/2iO3EKQ7NfKn5KsQgZfjb2fkvoZJU3yBI=
+github.com/go-co-op/gocron/v2 v2.19.1/go.mod h1:5lEiCKk1oVJV39Zg7/YG10OnaVrDAV5GGR6O0663k6U=
 github.com/go-ini/ini v1.67.0 h1:z6ZrTEZqSWOTyH2FlglNbNgARyHG8oLW9gMELqKr06A=
 github.com/go-ini/ini v1.67.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-jose/go-jose/v4 v4.1.3 h1:CVLmWDhDVRa6Mi/IgCgaopNosCaHz7zrMeF9MlZRkrs=
+github.com/go-jose/go-jose/v4 v4.1.3/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.26.0 h1:SP05Nqhjcvz81uJaRfEV0YBSSSGMc/iMaVtFbr3Sw2k=
-github.com/go-playground/validator/v10 v10.26.0/go.mod h1:I5QpIEbmr8On7W0TktmJAumgzX4CA1XNl4ZmDuVHKKo=
-github.com/go-sql-driver/mysql v1.9.2 h1:4cNKDYQ1I84SXslGddlsrMhc8k4LeDVj6Ad6WRjiHuU=
-github.com/go-sql-driver/mysql v1.9.2/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
+github.com/go-playground/validator/v10 v10.30.2 h1:JiFIMtSSHb2/XBUbWM4i/MpeQm9ZK2xqPNk8vgvu5JQ=
+github.com/go-playground/validator/v10 v10.30.2/go.mod h1:mAf2pIOVXjTEBrwUMGKkCWKKPs9NheYGabeB04txQSc=
+github.com/go-sql-driver/mysql v1.9.3 h1:U/N249h2WzJ3Ukj8SowVFjdtZKfu9vlLZxjPXV1aweo=
+github.com/go-sql-driver/mysql v1.9.3/go.mod h1:qn46aNg1333BRMNU69Lq93t8du/dwxI64Gl8i5p1WMU=
 github.com/goccy/go-json v0.10.5 h1:Fq85nIqj+gXn/S5ahsiTlK3TmC85qgirsdTP/+DeaC4=
 github.com/goccy/go-json v0.10.5/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
-github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8=
-github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
+github.com/goccy/go-yaml v1.19.2 h1:PmFC1S6h8ljIz6gMRBopkjP1TVT7xuwrButHID66PoM=
+github.com/goccy/go-yaml v1.19.2/go.mod h1:XBurs7gK8ATbW4ZPGKgcbrY1Br56PdM69F7LkFRi1kA=
+github.com/golang-jwt/jwt/v5 v5.3.1 h1:kYf81DTWFe7t+1VvL7eS+jKFVWaUnK9cB1qbwn63YCY=
+github.com/golang-jwt/jwt/v5 v5.3.1/go.mod h1:fxCRLWMO43lRc8nhHWY6LGqRcf+1gQWArsqaEUEa5bE=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM=
@@ -83,40 +90,41 @@ github.com/jonboulle/clockwork v0.5.0/go.mod h1:3mZlmanh0g2NDKO5TWZVJAfofYk64M7X
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
-github.com/klauspost/compress v1.18.0 h1:c/Cqfb0r+Yi+JtIEq73FWXVkRonBlf0CRNYc8Zttxdo=
-github.com/klauspost/compress v1.18.0/go.mod h1:2Pp+KzxcywXVXMr50+X0Q/Lsb43OQHYWRCY2AiWywWQ=
+github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk=
+github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4=
 github.com/klauspost/cpuid/v2 v2.0.1/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
 github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg=
-github.com/klauspost/cpuid/v2 v2.2.10 h1:tBs3QSyvjDyFTq3uoc/9xFpCuOsJQFNPiAhYdw2skhE=
-github.com/klauspost/cpuid/v2 v2.2.10/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y=
+github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0=
+github.com/klauspost/crc32 v1.3.0 h1:sSmTt3gUt81RP655XGZPElI0PelVTZ6YwCRnPSupoFM=
+github.com/klauspost/crc32 v1.3.0/go.mod h1:D7kQaZhnkX/Y0tstFGf8VUzv2UofNGqCjnC3zdHB0Hw=
 github.com/knz/go-libedit v1.10.1/go.mod h1:MZTVkCWyz0oBc7JOWP3wNAzd002ZbM/5hgShxwh4x8M=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
 github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
-github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
-github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
+github.com/lib/pq v1.12.1 h1:x1nbl/338GLqeDJ/FAiILallhAsqubLzEZu/pXtHUow=
+github.com/lib/pq v1.12.1/go.mod h1:/p+8NSbOcwzAEI7wiMXFlgydTwcgTr3OSKMsD2BitpA=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A=
-github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
+github.com/mattn/go-sqlite3 v1.14.38 h1:tDUzL85kMvOrvpCt8P64SbGgVFtJB11GPi2AdmITgb4=
+github.com/mattn/go-sqlite3 v1.14.38/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/memcachier/mc/v3 v3.0.3 h1:qii+lDiPKi36O4Xg+HVKwHu6Oq+Gt17b+uEiA0Drwv4=
 github.com/memcachier/mc/v3 v3.0.3/go.mod h1:GzjocBahcXPxt2cmqzknrgqCOmMxiSzhVKPOe90Tpug=
-github.com/minio/crc64nvme v1.0.1 h1:DHQPrYPdqK7jQG/Ls5CTBZWeex/2FMS3G5XGkycuFrY=
-github.com/minio/crc64nvme v1.0.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
+github.com/minio/crc64nvme v1.1.1 h1:8dwx/Pz49suywbO+auHCBpCtlW1OfpcLN7wYgVR6wAI=
+github.com/minio/crc64nvme v1.1.1/go.mod h1:eVfm2fAzLlxMdUGc0EEBGSMmPwmXD5XiNRpnu9J3bvg=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
 github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM=
-github.com/minio/minio-go/v7 v7.0.92 h1:jpBFWyRS3p8P/9tsRc+NuvqoFi7qAmTCFPoRFmobbVw=
-github.com/minio/minio-go/v7 v7.0.92/go.mod h1:vTIc8DNcnAZIhyFsk8EB90AbPjj3j68aWIEQCiPj7d0=
+github.com/minio/minio-go/v7 v7.0.99 h1:2vH/byrwUkIpFQFOilvTfaUpvAX3fEFhEzO+DR3DlCE=
+github.com/minio/minio-go/v7 v7.0.99/go.mod h1:EtGNKtlX20iL2yaYnxEigaIvj0G0GwSDnifnG8ClIdw=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
-github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=
 github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
@@ -125,17 +133,20 @@ github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaR
 github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
 github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
-github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c h1:dAMKvw0MlJT1GshSTtih8C2gDs04w8dReiOGXrGLNoY=
-github.com/philhofer/fwd v1.1.3-0.20240916144458-20a13a1f6b7c/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
+github.com/philhofer/fwd v1.2.0 h1:e6DnBTl7vGY+Gz322/ASL4Gyp1FspeMvx1RNDoToZuM=
+github.com/philhofer/fwd v1.2.0/go.mod h1:RqIHx9QI14HlwKwm98g9Re5prTQ6LdeRQn+gXJFxsJM=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/pquerna/otp v1.5.0 h1:NMMR+WrmaqXU4EzdGJEE1aUUI0AMRzsp96fFFWNPwxs=
 github.com/pquerna/otp v1.5.0/go.mod h1:dkJfzwRKNiegxyNb54X/3fLwhCynbMspSyWKnvi1AEg=
-github.com/richardlehane/mscfb v1.0.4 h1:WULscsljNPConisD5hR0+OyZjwK46Pfyr6mPu5ZawpM=
-github.com/richardlehane/mscfb v1.0.4/go.mod h1:YzVpcZg9czvAuhk9T+a3avCpcFPMUWm7gK3DypaEsUk=
-github.com/richardlehane/msoleps v1.0.1/go.mod h1:BWev5JBpU9Ko2WAgmZEuiz4/u3ZYTKbjLycmwiWUfWg=
-github.com/richardlehane/msoleps v1.0.4 h1:WuESlvhX3gH2IHcd8UqyCuFY5yiq/GR/yqaSM/9/g00=
-github.com/richardlehane/msoleps v1.0.4/go.mod h1:BWev5JBpU9Ko2WAgmZEuiz4/u3ZYTKbjLycmwiWUfWg=
+github.com/quic-go/qpack v0.6.0 h1:g7W+BMYynC1LbYLSqRt8PBg5Tgwxn214ZZR34VIOjz8=
+github.com/quic-go/qpack v0.6.0/go.mod h1:lUpLKChi8njB4ty2bFLX2x4gzDqXwUpaO1DP9qMDZII=
+github.com/quic-go/quic-go v0.59.0 h1:OLJkp1Mlm/aS7dpKgTc6cnpynnD2Xg7C1pwL6vy/SAw=
+github.com/quic-go/quic-go v0.59.0/go.mod h1:upnsH4Ju1YkqpLXC305eW3yDZ4NfnNbmQRCMWS58IKU=
+github.com/richardlehane/mscfb v1.0.6 h1:eN3bvvZCp00bs7Zf52bxNwAx5lJDBK1tCuH19qq5aC8=
+github.com/richardlehane/mscfb v1.0.6/go.mod h1:pe0+IUIc0AHh0+teNzBlJCtSyZdFOGgV4ZK9bsoV+Jo=
+github.com/richardlehane/msoleps v1.0.6 h1:9BvkpjvD+iUBalUY4esMwv6uBkfOip/Lzvd93jvR9gg=
+github.com/richardlehane/msoleps v1.0.6/go.mod h1:BWev5JBpU9Ko2WAgmZEuiz4/u3ZYTKbjLycmwiWUfWg=
 github.com/robfig/cron/v3 v3.0.1 h1:WdRxkvbJztn8LMz/QEvLN5sBU+xKpSqwwUO1Pjr4qDs=
 github.com/robfig/cron/v3 v3.0.1/go.mod h1:eQICP3HwyT7UooqI/z+Ov+PtYAWygg1TEWWzGIFLtro=
 github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62 h1:pyecQtsPmlkCsMkYhT5iZ+sUXuwee+OvfuJjinEA3ko=
@@ -143,67 +154,79 @@ github.com/robfig/go-cache v0.0.0-20130306151617-9fc39e0dbf62/go.mod h1:65XQgovT
 github.com/rs/xid v1.6.0 h1:fV591PaemRlL6JfRxGDEPl69wICngIQ3shQtzfy2gxU=
 github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
-github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
+github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
+github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
+github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/syndtr/goleveldb v1.0.0 h1:fBdIW9lB4Iz0n9khmH8w27SJ3QEJ7+IgjPEwGSZiFdE=
 github.com/syndtr/goleveldb v1.0.0/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
 github.com/tealeg/xlsx v1.0.5 h1:+f8oFmvY8Gw1iUXzPk+kz+4GpbDZPK1FhPiQRd+ypgE=
 github.com/tealeg/xlsx v1.0.5/go.mod h1:btRS8dz54TDnvKNosuAqxrM1QgN1udgk9O34bDCnORM=
-github.com/tiendc/go-deepcopy v1.6.0/go.mod h1:toXoeQoUqXOOS/X4sKuiAoSk6elIdqc0pN7MTgOOo2I=
-github.com/tinylib/msgp v1.3.0 h1:ULuf7GPooDaIlbyvgAxBV/FI7ynli6LZ1/nVUNu+0ww=
-github.com/tinylib/msgp v1.3.0/go.mod h1:ykjzy2wzgrlvpDCRc4LA8UXy6D8bzMSuAF3WD57Gok0=
+github.com/tiendc/go-deepcopy v1.7.2 h1:Ut2yYR7W9tWjTQitganoIue4UGxZwCcJy3orjrrIj44=
+github.com/tiendc/go-deepcopy v1.7.2/go.mod h1:4bKjNC2r7boYOkD2IOuZpYjmlDdzjbpTRyCx+goBCJQ=
+github.com/tinylib/msgp v1.6.1 h1:ESRv8eL3u+DNHUoSAAQRE50Hm162zqAnBoGv9PzScPY=
+github.com/tinylib/msgp v1.6.1/go.mod h1:RSp0LW9oSxFut3KzESt5Voq4GVWyS+PSulT77roAqEA=
 github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI=
 github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08=
-github.com/ugorji/go/codec v1.2.12 h1:9LC83zGrHhuUA9l16C9AHXAqEV/2wBQ4nkvumAE65EE=
-github.com/ugorji/go/codec v1.2.12/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg=
-github.com/urfave/cli/v3 v3.3.3 h1:byCBaVdIXuLPIDm5CYZRVG6NvT7tv1ECqdU4YzlEa3I=
-github.com/urfave/cli/v3 v3.3.3/go.mod h1:FJSKtM/9AiiTOJL4fJ6TbMUkxBXn7GO9guZqoZtpYpo=
+github.com/ugorji/go/codec v1.3.1 h1:waO7eEiFDwidsBN6agj1vJQ4AG7lh2yqXyOXqhgQuyY=
+github.com/ugorji/go/codec v1.3.1/go.mod h1:pRBVtBSKl77K30Bv8R2P+cLSGaTtex6fsA2Wjqmfxj4=
+github.com/urfave/cli/v3 v3.8.0 h1:XqKPrm0q4P0q5JpoclYoCAv0/MIvH/jZ2umzuf8pNTI=
+github.com/urfave/cli/v3 v3.8.0/go.mod h1:ysVLtOEmg2tOy6PknnYVhDoouyC/6N42TMeoMzskhso=
 github.com/wk8/go-ordered-map/v2 v2.1.8 h1:5h/BUHu93oj4gIdvHHHGsScSTMijfx5PeYkE/fJgbpc=
 github.com/wk8/go-ordered-map/v2 v2.1.8/go.mod h1:5nJHM5DyteebpVlHnWMV0rPz6Zp7+xBAnxjb1X5vnTw=
 github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
 github.com/xuri/efp v0.0.1 h1:fws5Rv3myXyYni8uwj2qKjVaRP30PdjeYe2Y6FDsCL8=
 github.com/xuri/efp v0.0.1/go.mod h1:ybY/Jr0T0GTCnYjKqmdwxyxn2BQf2RcQIIvex5QldPI=
-github.com/xuri/excelize/v2 v2.9.0 h1:1tgOaEq92IOEumR1/JfYS/eR0KHOCsRv/rYXXh6YJQE=
-github.com/xuri/excelize/v2 v2.9.0/go.mod h1:uqey4QBZ9gdMeWApPLdhm9x+9o2lq4iVmjiLfBS5hdE=
-github.com/xuri/nfp v0.0.1 h1:MDamSGatIvp8uOmDP8FnmjuQpu90NzdJxo7242ANR9Q=
-github.com/xuri/nfp v0.0.1/go.mod h1:WwHg+CVyzlv/TX9xqBFXEZAuxOPxn2k1GNHwG41IIUQ=
+github.com/xuri/excelize/v2 v2.10.1 h1:V62UlqopMqha3kOpnlHy2CcRVw1V8E63jFoWUmMzxN0=
+github.com/xuri/excelize/v2 v2.10.1/go.mod h1:iG5tARpgaEeIhTqt3/fgXCGoBRt4hNXgCp3tfXKoOIc=
+github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9 h1:+C0TIdyyYmzadGaL/HBLbf3WdLgC29pgyhTjAT/0nuE=
+github.com/xuri/nfp v0.0.2-0.20250530014748-2ddeb826f9a9/go.mod h1:WwHg+CVyzlv/TX9xqBFXEZAuxOPxn2k1GNHwG41IIUQ=
+go.mongodb.org/mongo-driver/v2 v2.5.0 h1:yXUhImUjjAInNcpTcAlPHiT7bIXhshCTL3jVBkF3xaE=
+go.mongodb.org/mongo-driver/v2 v2.5.0/go.mod h1:yOI9kBsufol30iFsl1slpdq1I0eHPzybRWdyYUs8K/0=
+go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
+go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8=
-golang.org/x/arch v0.17.0 h1:4O3dfLzd+lQewptAHqjewQZQDyEdejz3VwgeYwkZneU=
-golang.org/x/arch v0.17.0/go.mod h1:bdwinDaKcfZUGpH09BB7ZmOfhalA8lQdzl62l8gGWsk=
-golang.org/x/crypto v0.38.0 h1:jt+WWG8IZlBnVbomuhg2Mdq0+BBQaHbtqHEFEigjUV8=
-golang.org/x/crypto v0.38.0/go.mod h1:MvrbAqul58NNYPKnOra203SB9vpuZW0e+RRZV+Ggqjw=
+golang.org/x/arch v0.22.0 h1:c/Zle32i5ttqRXjdLyyHZESLD/bB90DCU1g9l/0YBDI=
+golang.org/x/arch v0.22.0/go.mod h1:dNHoOeKiyja7GTvF9NJS1l3Z2yntpQNzgrjh1cU103A=
+golang.org/x/crypto v0.49.0 h1:+Ng2ULVvLHnJ/ZFEq4KdcDd/cfjrrjjNSXNzxg0Y4U4=
+golang.org/x/crypto v0.49.0/go.mod h1:ErX4dUh2UM+CFYiXZRTcMpEcN8b/1gxEuv3nODoYtCA=
 golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI=
+golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.40.0 h1:79Xs7wF06Gbdcg4kdCCIQArK11Z1hr5POQ6+fIYHNuY=
-golang.org/x/net v0.40.0/go.mod h1:y0hY0exeL2Pku80/zKK7tpntoX23cqL3Oa6njdgRtds=
+golang.org/x/net v0.52.0 h1:He/TN1l0e4mmR3QqHMT2Xab3Aj3L9qjbhRm78/6jrW0=
+golang.org/x/net v0.52.0/go.mod h1:R1MAz7uMZxVMualyPXb+VaqGSa3LIaUqk0eEt3w36Sw=
+golang.org/x/oauth2 v0.36.0 h1:peZ/1z27fi9hUOFCAZaHyrpWG5lwe0RJEEEeH0ThlIs=
+golang.org/x/oauth2 v0.36.0/go.mod h1:YDBUJMTkDnJS+A4BP4eZBjCqtokkg1hODuPjwiGPO7Q=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.33.0 h1:q3i8TbbEz+JRD9ywIRlyRAQbM0qF7hu24q3teo2hbuw=
-golang.org/x/sys v0.33.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/sys v0.42.0 h1:omrd2nAlyT5ESRdCLYdm3+fMfNFE/+Rf4bDIQImRJeo=
+golang.org/x/sys v0.42.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.25.0 h1:qVyWApTSYLk/drJRO5mDlNYskwQznZmkpV2c8q9zls4=
-golang.org/x/text v0.25.0/go.mod h1:WEdwpYrmk1qmdHvhkSTNPm3app7v4rsT8F2UD6+VHIA=
-google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY=
-google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY=
+golang.org/x/text v0.35.0 h1:JOVx6vVDFokkpaq1AEptVzLTpDe9KGpj5tR4/X+ybL8=
+golang.org/x/text v0.35.0/go.mod h1:khi/HExzZJ2pGnjenulevKNX1W67CUy0AsXcNubPGCA=
+golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
+google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE=
+google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
-gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.67.1 h1:tVBILHy0R6e4wkYOn3XmiITt/hEVH4TFMYvAX2Ytz6k=
+gopkg.in/ini.v1 v1.67.1/go.mod h1:x/cyOwCgZqOkJoDIJ3c1KNHMo10+nLGAhh+kn3Zizss=
 gopkg.in/mail.v2 v2.3.1 h1:WYFn/oANrAGP2C0dcV6/pbkPzv8yGzqTjPmTeO7qoXk=
 gopkg.in/mail.v2 v2.3.1/go.mod h1:htwXN1Qh09vZJ1NVKxQqHPBaCBbzKhp5GzuJEA4VJWw=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
@@ -215,5 +238,5 @@ nullprogram.com/x/optparse v1.0.0/go.mod h1:KdyPE+Igbe0jQUrVfMqDMeJQIJZEuyV7pjYm
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 xorm.io/builder v0.3.13 h1:a3jmiVVL19psGeXx8GIurTp7p0IIgqeDmwhcR6BAOAo=
 xorm.io/builder v0.3.13/go.mod h1:aUW0S9eb9VCaPohFCH3j7czOx1PMW3i1HrSzbLYGBSE=
-xorm.io/xorm v1.3.9 h1:TUovzS0ko+IQ1XnNLfs5dqK1cJl1H5uHpWbWqAQ04nU=
-xorm.io/xorm v1.3.9/go.mod h1:LsCCffeeYp63ssk0pKumP6l96WZcHix7ChpurcLNuMw=
+xorm.io/xorm v1.3.11 h1:i4tlVUASogb0ZZFJHA7dZqoRU2pUpUsutnNdaOlFyMI=
+xorm.io/xorm v1.3.11/go.mod h1:cs0ePc8O4a0jD78cNvD+0VFwhqotTvLQZv372QsDw7Q=
@@ -1,6 +1,6 @@
 {
  "name": "ezbookkeeping",
-  "version": "0.10.0",
+  "version": "1.5.0",
  "private": true,
  "repository": {
    "type": "git",
@@ -19,65 +19,73 @@
    "test": "cross-env TS_NODE_PROJECT=\"./tsconfig.jest.json\" jest"
  },
  "dependencies": {
-    "@mdi/js": "^7.4.47",
-    "@vuepic/vue-datepicker": "^11.0.2",
-    "axios": "^1.9.0",
-    "cbor-js": "^0.1.0",
-    "clipboard": "^2.0.11",
-    "crypto-js": "^4.2.0",
-    "dom7": "^4.0.6",
-    "echarts": "^5.6.0",
-    "framework7": "^8.3.4",
-    "framework7-icons": "^5.0.5",
-    "framework7-vue": "^8.3.4",
-    "leaflet": "^1.9.4",
-    "line-awesome": "^1.3.0",
-    "moment": "^2.30.1",
-    "moment-timezone": "^0.6.0",
-    "pinia": "^3.0.2",
-    "register-service-worker": "^1.7.2",
-    "skeleton-elements": "^4.0.1",
-    "swiper": "^10.2.0",
-    "ua-parser-js": "^1.0.39",
-    "vue": "^3.5.16",
-    "vue-echarts": "^7.0.3",
-    "vue-i18n": "^11.1.5",
-    "vue-router": "^4.5.1",
-    "vue3-perfect-scrollbar": "^2.0.0",
-    "vuedraggable": "^4.1.0",
-    "vuetify": "^3.8.7"
+    "@mdi/js": "7.4.47",
+    "@vuepic/vue-datepicker": "12.1.0",
+    "axios": "1.14.0",
+    "cbor-js": "0.1.0",
+    "chardet": "2.1.1",
+    "clipboard": "2.0.11",
+    "crypto-js": "4.2.0",
+    "dom7": "4.0.6",
+    "echarts": "6.0.0",
+    "framework7": "9.0.3",
+    "framework7-icons": "5.0.5",
+    "framework7-vue": "9.0.3",
+    "jalaali-js": "1.2.8",
+    "leaflet": "1.9.4",
+    "line-awesome": "1.3.0",
+    "moment": "2.30.1",
+    "moment-timezone": "0.6.1",
+    "pinia": "3.0.4",
+    "register-service-worker": "1.7.2",
+    "skeleton-elements": "4.0.1",
+    "swiper": "12.1.3",
+    "ua-parser-js": "1.0.39",
+    "vue": "3.5.31",
+    "vue-echarts": "8.0.1",
+    "vue-i18n": "11.3.0",
+    "vue-router": "5.0.4",
+    "vue3-perfect-scrollbar": "2.0.0",
+    "vuedraggable": "4.1.0",
+    "vuetify": "3.12.4"
  },
  "devDependencies": {
-    "@jest/globals": "^29.7.0",
-    "@tsconfig/node22": "^22.0.2",
-    "@types/cbor-js": "^0.1.1",
-    "@types/crypto-js": "^4.2.2",
-    "@types/git-rev-sync": "^2.0.2",
-    "@types/jest": "^29.5.14",
-    "@types/node": "^22.15.29",
-    "@types/ua-parser-js": "^0.7.39",
-    "@vitejs/plugin-vue": "^5.2.4",
-    "@vue/eslint-config-typescript": "^14.5.0",
-    "@vue/tsconfig": "^0.7.0",
-    "cross-env": "^7.0.3",
-    "eslint": "^9.28.0",
-    "eslint-plugin-vue": "^10.1.0",
-    "git-rev-sync": "^3.0.2",
-    "jest": "^29.7.0",
-    "postcss-preset-env": "^10.2.0",
-    "sass": "^1.89.1",
-    "ts-jest": "^29.3.4",
-    "ts-node": "^10.9.2",
-    "typescript": "^5.8.3",
-    "vite": "^6.3.5",
-    "vite-plugin-checker": "^0.9.3",
-    "vite-plugin-pwa": "^1.0.0",
-    "vite-plugin-vuetify": "^2.1.1",
-    "vue-tsc": "^2.2.10"
+    "@jest/globals": "30.3.0",
+    "@tsconfig/node24": "24.0.4",
+    "@types/cbor-js": "0.1.1",
+    "@types/crypto-js": "4.2.2",
+    "@types/git-rev-sync": "2.0.2",
+    "@types/jalaali-js": "1.2.0",
+    "@types/jest": "30.0.0",
+    "@types/node": "25.5.0",
+    "@types/ua-parser-js": "0.7.39",
+    "@vitejs/plugin-vue": "6.0.5",
+    "@vue/eslint-config-typescript": "14.7.0",
+    "@vue/tsconfig": "0.9.1",
+    "cross-env": "10.1.0",
+    "eslint": "10.1.0",
+    "eslint-plugin-vue": "10.8.0",
+    "git-rev-sync": "3.0.2",
+    "jest": "30.3.0",
+    "postcss-preset-env": "11.2.0",
+    "sass": "1.98.0",
+    "ts-jest": "29.4.6",
+    "ts-node": "10.9.2",
+    "typescript": "5.9.3",
+    "vite": "7.3.1",
+    "vite-plugin-checker": "0.12.0",
+    "vite-plugin-pwa": "1.2.0",
+    "vite-plugin-vuetify": "2.1.3",
+    "vue-tsc": "3.2.6"
  },
  "browserslist": [
-    "> 1%",
-    "last 2 versions",
+    "last 5 Chrome versions",
+    "last 5 Firefox versions",
+    "last 5 Safari versions",
+    "last 5 Edge versions",
+    "last 5 ChromeAndroid versions",
+    "last 5 iOS versions",
+    "not IE <= 11",
    "not dead"
  ]
 }
@@ -150,10 +150,10 @@ func (a *AccountsApi) AccountCreateHandler(c *core.WebContext) (any, *errs.Error
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

-	utcOffset, err := c.GetClientTimezoneOffset()
+	clientTimezone, err := c.GetClientTimezone()

 	if err != nil {
-		log.Warnf(c, "[accounts.AccountCreateHandler] cannot get client timezone offset, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountCreateHandler] cannot get client timezone, because %s", err.Error())
 		return nil, errs.ErrClientTimezoneOffsetInvalid
 	}

@@ -278,7 +278,7 @@ func (a *AccountsApi) AccountCreateHandler(c *core.WebContext) (any, *errs.Error
 		}
 	}

-	err = a.accounts.CreateAccounts(c, mainAccount, accountCreateReq.BalanceTime, childrenAccounts, childrenAccountBalanceTimes, utcOffset)
+	err = a.accounts.CreateAccounts(c, mainAccount, accountCreateReq.BalanceTime, childrenAccounts, childrenAccountBalanceTimes, clientTimezone)

 	if err != nil {
 		log.Errorf(c, "[accounts.AccountCreateHandler] failed to create account \"id:%d\" for user \"uid:%d\", because %s", mainAccount.AccountId, uid, err.Error())
@@ -315,10 +315,10 @@ func (a *AccountsApi) AccountModifyHandler(c *core.WebContext) (any, *errs.Error
 		return nil, errs.ErrAccountIdInvalid
 	}

-	utcOffset, err := c.GetClientTimezoneOffset()
+	clientTimezone, err := c.GetClientTimezone()

 	if err != nil {
-		log.Warnf(c, "[accounts.AccountModifyHandler] cannot get client timezone offset, because %s", err.Error())
+		log.Warnf(c, "[accounts.AccountModifyHandler] cannot get client timezone, because %s", err.Error())
 		return nil, errs.ErrClientTimezoneOffsetInvalid
 	}

@@ -437,6 +437,17 @@ func (a *AccountsApi) AccountModifyHandler(c *core.WebContext) (any, *errs.Error
 	toUpdateAccount := a.getToUpdateAccount(uid, &accountModifyReq, mainAccount, false)

 	if toUpdateAccount != nil {
+		if toUpdateAccount.Category != mainAccount.Category {
+			maxOrderId, err := a.accounts.GetMaxDisplayOrder(c, uid, toUpdateAccount.Category)
+
+			if err != nil {
+				log.Errorf(c, "[accounts.AccountModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+				return nil, errs.Or(err, errs.ErrOperationFailed)
+			}
+
+			toUpdateAccount.DisplayOrder = maxOrderId + 1
+		}
+
 		anythingUpdate = true
 		toUpdateAccounts = append(toUpdateAccounts, toUpdateAccount)
 	}
@@ -521,7 +532,7 @@ func (a *AccountsApi) AccountModifyHandler(c *core.WebContext) (any, *errs.Error
 		}
 	}

-	err = a.accounts.ModifyAccounts(c, mainAccount, toUpdateAccounts, toAddAccounts, toAddAccountBalanceTimes, toDeleteAccountIds, utcOffset)
+	err = a.accounts.ModifyAccounts(c, mainAccount, toUpdateAccounts, toAddAccounts, toAddAccountBalanceTimes, toDeleteAccountIds, clientTimezone)

 	if err != nil {
 		log.Errorf(c, "[accounts.AccountModifyHandler] failed to update account \"id:%d\" for user \"uid:%d\", because %s", accountModifyReq.Id, uid, err.Error())
@@ -542,7 +553,6 @@ func (a *AccountsApi) AccountModifyHandler(c *core.WebContext) (any, *errs.Error

 		account.Type = oldAccount.Type
 		account.ParentAccountId = oldAccount.ParentAccountId
-		account.DisplayOrder = oldAccount.DisplayOrder
 		account.Currency = oldAccount.Currency
 		account.Balance = oldAccount.Balance

@@ -703,6 +713,9 @@ func (a *AccountsApi) createNewAccountModel(uid int64, accountCreateReq *models.

 	if !isSubAccount && accountCreateReq.Category == models.ACCOUNT_CATEGORY_CREDIT_CARD {
 		accountExtend.CreditCardStatementDate = &accountCreateReq.CreditCardStatementDate
+		if accountCreateReq.CreditLimit > 0 {
+			accountExtend.CreditLimit = &accountCreateReq.CreditLimit
+		}
 	}

 	return &models.Account{
@@ -759,18 +772,22 @@ func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.Acc

 	if !isSubAccount && accountModifyReq.Category == models.ACCOUNT_CATEGORY_CREDIT_CARD {
 		newAccountExtend.CreditCardStatementDate = &accountModifyReq.CreditCardStatementDate
+		if accountModifyReq.CreditLimit > 0 {
+			newAccountExtend.CreditLimit = &accountModifyReq.CreditLimit
+		}
 	}

 	newAccount := &models.Account{
-		AccountId: oldAccount.AccountId,
-		Uid:       uid,
-		Name:      accountModifyReq.Name,
-		Category:  accountModifyReq.Category,
-		Icon:      accountModifyReq.Icon,
-		Color:     accountModifyReq.Color,
-		Comment:   accountModifyReq.Comment,
-		Extend:    newAccountExtend,
-		Hidden:    accountModifyReq.Hidden,
+		AccountId:    oldAccount.AccountId,
+		Uid:          uid,
+		Name:         accountModifyReq.Name,
+		DisplayOrder: oldAccount.DisplayOrder,
+		Category:     accountModifyReq.Category,
+		Icon:         accountModifyReq.Icon,
+		Color:        accountModifyReq.Color,
+		Comment:      accountModifyReq.Comment,
+		Extend:       newAccountExtend,
+		Hidden:       accountModifyReq.Hidden,
 	}

 	if newAccount.Name != oldAccount.Name ||
@@ -793,6 +810,12 @@ func (a *AccountsApi) getToUpdateAccount(uid int64, accountModifyReq *models.Acc
 		return newAccount
 	}

+	if newAccountExtend.CreditLimit != oldAccountExtend.CreditLimit {
+		if newAccountExtend.CreditLimit == nil || oldAccountExtend.CreditLimit == nil || *newAccountExtend.CreditLimit != *oldAccountExtend.CreditLimit {
+			return newAccount
+		}
+	}
+
 	return nil
 }

@@ -1,6 +1,9 @@
 package api

 import (
+	"encoding/json"
+	"errors"
+
 	"github.com/pquerna/otp/totp"

 	"github.com/mayswind/ezbookkeeping/pkg/avatars"
@@ -22,6 +25,7 @@ type AuthorizationsApi struct {
 	userAppCloudSettings    *services.UserApplicationCloudSettingsService
 	tokens                  *services.TokenService
 	twoFactorAuthorizations *services.TwoFactorAuthorizationService
+	userExternalAuths       *services.UserExternalAuthService
 }

 // Initialize a authorization api singleton instance
@@ -48,11 +52,16 @@ var (
 		userAppCloudSettings:    services.UserApplicationCloudSettings,
 		tokens:                  services.Tokens,
 		twoFactorAuthorizations: services.TwoFactorAuthorizations,
+		userExternalAuths:       services.UserExternalAuths,
 	}
 )

 // AuthorizeHandler verifies and authorizes current login request
 func (a *AuthorizationsApi) AuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.UserLoginRequest
 	err := c.ShouldBindJSON(&credential)

@@ -141,6 +150,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.WebContext) (any, *errs.Err
 	}

 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

 	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
 	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
@@ -151,7 +161,7 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.WebContext) (any, *errs.Err
 		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
 	}

-	log.Infof(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logined, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)
+	log.Infof(c, "[authorizations.AuthorizeHandler] user \"uid:%d\" has logged in, token type is %d, token will be expired at %d", user.Uid, claims.Type, claims.ExpiresAt)

 	authResp := a.getAuthResponse(c, token, twoFactorEnable, user, applicationCloudSettingSlice)
 	return authResp, nil
@@ -159,6 +169,10 @@ func (a *AuthorizationsApi) AuthorizeHandler(c *core.WebContext) (any, *errs.Err

 // TwoFactorAuthorizeHandler verifies and authorizes current 2fa login by passcode
 func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.TwoFactorLoginRequest
 	err := c.ShouldBindJSON(&credential)

@@ -198,7 +212,7 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.WebContext) (any,
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

@@ -228,6 +242,7 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.WebContext) (any,

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

 	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
 	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
@@ -246,6 +261,10 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeHandler(c *core.WebContext) (any,

 // TwoFactorAuthorizeByRecoveryCodeHandler verifies and authorizes current 2fa login by recovery code
 func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableInternalAuth {
+		return nil, errs.ErrCannotLoginByPassword
+	}
+
 	var credential models.TwoFactorRecoveryCodeLoginRequest
 	err := c.ShouldBindJSON(&credential)

@@ -276,7 +295,7 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.WebC
 	user, err := a.users.GetUserById(c, uid)

 	if err != nil {
-		log.Errorf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get user \"uid:%d\" info, because %s", user.Uid, err.Error())
+		log.Errorf(c, "[authorizations.TwoFactorAuthorizeByRecoveryCodeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
 		return nil, errs.ErrUserNotFound
 	}

@@ -322,6 +341,7 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.WebC

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

 	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
 	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
@@ -338,6 +358,184 @@ func (a *AuthorizationsApi) TwoFactorAuthorizeByRecoveryCodeHandler(c *core.WebC
 	return authResp, nil
 }

+// OAuth2CallbackAuthorizeHandler verifies and authorizes current OAuth 2.0 callback login
+func (a *AuthorizationsApi) OAuth2CallbackAuthorizeHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableOAuth2Login {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	var credential models.OAuth2CallbackLoginRequest
+	err := c.ShouldBindJSON(&credential)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	var tokenContext models.OAuth2CallbackTokenContext
+	err = json.Unmarshal([]byte(c.GetTokenContext()), &tokenContext)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] parse token context failed, because %s", err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	if !tokenContext.ExternalAuthType.IsValid() {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] external auth type \"%s\" is invalid", tokenContext.ExternalAuthType)
+		return nil, errs.ErrInvalidOAuth2Provider
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.CheckFailureCount(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.Disabled {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" is disabled", user.Uid)
+		return nil, errs.ErrUserIsDisabled
+	}
+
+	if a.CurrentConfig().EnableUserForceVerifyEmail && !user.EmailVerified {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" has not verified email", user.Uid)
+		return nil, errs.ErrEmailIsNotVerified
+	}
+
+	oldTokenClaims := c.GetTokenClaims()
+
+	if oldTokenClaims.Type == core.USER_TOKEN_TYPE_OAUTH2_CALLBACK_REQUIRE_VERIFY {
+		if credential.Password == "" {
+			return nil, errs.ErrPasswordIsEmpty
+		}
+
+		if !a.users.IsPasswordEqualsUserPassword(credential.Password, user) {
+			failureCheckErr := a.CheckAndIncreaseFailureCount(c, uid)
+
+			if failureCheckErr != nil {
+				log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot login for user \"uid:%d\", because %s", user.Uid, failureCheckErr.Error())
+				return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+			}
+
+			return nil, errs.ErrUserPasswordWrong
+		}
+
+		if a.CurrentConfig().EnableTwoFactor {
+			twoFactorSetting, err := a.twoFactorAuthorizations.GetUserTwoFactorSettingByUid(c, uid)
+
+			if err != nil && !errors.Is(err, errs.ErrTwoFactorIsNotEnabled) {
+				log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to check two-factor setting for user \"uid:%d\", because %s", user.Uid, err.Error())
+				return nil, errs.Or(err, errs.ErrSystemError)
+			}
+
+			if twoFactorSetting != nil {
+				if credential.Passcode == "" {
+					return nil, errs.ErrPasscodeEmpty
+				}
+
+				if !totp.Validate(credential.Passcode, twoFactorSetting.Secret) {
+					log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] passcode is invalid for user \"uid:%d\"", uid)
+
+					err = a.CheckAndIncreaseFailureCount(c, uid)
+
+					if err != nil {
+						log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] cannot auth for user \"uid:%d\", because %s", uid, err.Error())
+						return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+					}
+
+					return nil, errs.ErrPasscodeInvalid
+				}
+			}
+		}
+
+		userExternalAuth := &models.UserExternalAuth{
+			Uid:              user.Uid,
+			ExternalAuthType: tokenContext.ExternalAuthType,
+			ExternalUsername: tokenContext.ExternalUsername,
+			ExternalEmail:    tokenContext.ExternalEmail,
+		}
+
+		err = a.userExternalAuths.CreateUserExternalAuth(c, userExternalAuth)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to create user external auth for user \"uid:%d\", because %s", user.Uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		log.Infof(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user external auth has been created for user \"uid:%d\"", user.Uid)
+	} else if oldTokenClaims.Type == core.USER_TOKEN_TYPE_OAUTH2_CALLBACK {
+		_, err = a.userExternalAuths.GetUserExternalAuthByUid(c, uid, tokenContext.ExternalAuthType)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get user external auth for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrUserExternalAuthNotFound)
+		}
+	} else {
+		return nil, errs.ErrSystemError
+	}
+
+	err = a.tokens.DeleteTokenByClaims(c, oldTokenClaims)
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to revoke temporary token \"utid:%s\" for user \"uid:%d\", because %s", oldTokenClaims.UserTokenId, user.Uid, err.Error())
+	}
+
+	var token string
+	var claims *core.UserTokenClaims
+
+	if credential.Token != "" {
+		_, claims, _, err = a.tokens.ParseToken(c, credential.Token)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to parse token, because %s", err.Error())
+			return nil, errs.ErrInvalidToken
+		}
+
+		if claims.Uid != user.Uid {
+			log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] oauth 2.0 user \"uid:%d\" does not match current user \"uid:%d\"", user.Uid, claims.Uid)
+			token = ""
+			claims = nil
+		} else {
+			token = credential.Token
+		}
+	}
+
+	if token == "" {
+		token, claims, err = a.tokens.CreateToken(c, user)
+
+		if err != nil {
+			log.Errorf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to create token for user \"uid:%d\", because %s", user.Uid, err.Error())
+			return nil, errs.ErrTokenGenerating
+		}
+	}
+
+	c.SetTextualToken(token)
+	c.SetTokenClaims(claims)
+	c.SetTokenContext("")
+
+	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
+	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
+
+	if err != nil {
+		log.Warnf(c, "[authorizations.OAuth2CallbackAuthorizeHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", user.Uid, err.Error())
+	} else if userApplicationCloudSettings != nil && len(userApplicationCloudSettings.Settings) > 0 {
+		applicationCloudSettingSlice = &userApplicationCloudSettings.Settings
+	}
+
+	log.Infof(c, "[authorizations.OAuth2CallbackAuthorizeHandler] user \"uid:%d\" has logged in, token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	authResp := a.getAuthResponse(c, token, false, user, applicationCloudSettingSlice)
+	return authResp, nil
+}
+
 func (a *AuthorizationsApi) getAuthResponse(c *core.WebContext, token string, need2FA bool, user *models.User, applicationCloudSettings *models.ApplicationCloudSettingSlice) *models.AuthResponse {
 	return &models.AuthResponse{
 		Token:                    token,
@@ -3,6 +3,7 @@ package api
 import (
 	"fmt"
 	"sort"
+	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/avatars"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
@@ -23,7 +24,7 @@ type ApiUsingConfig struct {

 // CurrentConfig returns the current config
 func (a *ApiUsingConfig) CurrentConfig() *settings.Config {
-	return a.container.Current
+	return a.container.GetCurrentConfig()
 }

 // GetTransactionPictureInfoResponse returns the view-object of transaction picture basic info according to the transaction picture model
@@ -53,15 +54,15 @@ func (a *ApiUsingConfig) GetAfterRegisterNotificationContent(userLanguage string
 		language = clientLanguage
 	}

-	if !a.container.Current.AfterRegisterNotification.Enabled {
+	if !a.CurrentConfig().AfterRegisterNotification.Enabled {
 		return ""
 	}

-	if multiLanguageContent, exists := a.container.Current.AfterRegisterNotification.MultiLanguageContent[language]; exists {
+	if multiLanguageContent, exists := a.CurrentConfig().AfterRegisterNotification.MultiLanguageContent[language]; exists {
 		return multiLanguageContent
 	}

-	return a.container.Current.AfterRegisterNotification.DefaultContent
+	return a.CurrentConfig().AfterRegisterNotification.DefaultContent
 }

 // GetAfterLoginNotificationContent returns the notification content displayed each time users log in
@@ -72,15 +73,15 @@ func (a *ApiUsingConfig) GetAfterLoginNotificationContent(userLanguage string, c
 		language = clientLanguage
 	}

-	if !a.container.Current.AfterLoginNotification.Enabled {
+	if !a.CurrentConfig().AfterLoginNotification.Enabled {
 		return ""
 	}

-	if multiLanguageContent, exists := a.container.Current.AfterLoginNotification.MultiLanguageContent[language]; exists {
+	if multiLanguageContent, exists := a.CurrentConfig().AfterLoginNotification.MultiLanguageContent[language]; exists {
 		return multiLanguageContent
 	}

-	return a.container.Current.AfterLoginNotification.DefaultContent
+	return a.CurrentConfig().AfterLoginNotification.DefaultContent
 }

 // GetAfterOpenNotificationContent returns the notification content displayed each time users open the app
@@ -91,15 +92,15 @@ func (a *ApiUsingConfig) GetAfterOpenNotificationContent(userLanguage string, cl
 		language = clientLanguage
 	}

-	if !a.container.Current.AfterOpenNotification.Enabled {
+	if !a.CurrentConfig().AfterOpenNotification.Enabled {
 		return ""
 	}

-	if multiLanguageContent, exists := a.container.Current.AfterOpenNotification.MultiLanguageContent[language]; exists {
+	if multiLanguageContent, exists := a.CurrentConfig().AfterOpenNotification.MultiLanguageContent[language]; exists {
 		return multiLanguageContent
 	}

-	return a.container.Current.AfterOpenNotification.DefaultContent
+	return a.CurrentConfig().AfterOpenNotification.DefaultContent
 }

 // ApiUsingDuplicateChecker represents an api that need to use duplicate checker
@@ -113,6 +114,11 @@ func (a *ApiUsingDuplicateChecker) GetSubmissionRemark(checkerType duplicatechec
 	return a.container.GetSubmissionRemark(checkerType, uid, identification)
 }

+// SetSubmissionRemarkWithCustomExpiration saves the identification and remark by the current duplicate checker with custom expiration time
+func (a *ApiUsingDuplicateChecker) SetSubmissionRemarkWithCustomExpiration(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string, remark string, expiration time.Duration) {
+	a.container.SetSubmissionRemarkWithCustomExpiration(checkerType, uid, identification, remark, expiration)
+}
+
 // SetSubmissionRemarkIfEnable saves the identification and remark by the current duplicate checker if the duplicate submission check is enabled
 func (a *ApiUsingDuplicateChecker) SetSubmissionRemarkIfEnable(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string, remark string) {
 	if a.CurrentConfig().EnableDuplicateSubmissionsCheck {
@@ -120,6 +126,11 @@ func (a *ApiUsingDuplicateChecker) SetSubmissionRemarkIfEnable(checkerType dupli
 	}
 }

+// RemoveSubmissionRemark removes the identification and remark by the current duplicate checker
+func (a *ApiUsingDuplicateChecker) RemoveSubmissionRemark(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) {
+	a.container.RemoveSubmissionRemark(checkerType, uid, identification)
+}
+
 // RemoveSubmissionRemarkIfEnable removes the identification and remark by the current duplicate checker if the duplicate submission check is enabled
 func (a *ApiUsingDuplicateChecker) RemoveSubmissionRemarkIfEnable(checkerType duplicatechecker.DuplicateCheckerType, uid int64, identification string) {
 	if a.CurrentConfig().EnableDuplicateSubmissionsCheck {
@@ -2,6 +2,7 @@ package api

 import (
 	"fmt"
+	"math"
 	"strings"
 	"time"

@@ -15,6 +16,7 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

+const pageCountForClearTransactions = 1000
 const pageCountForDataExport = 1000

 // DataManagementsApi represents data management api
@@ -26,9 +28,11 @@ type DataManagementsApi struct {
 	transactions            *services.TransactionService
 	categories              *services.TransactionCategoryService
 	tags                    *services.TransactionTagService
+	tagGroups               *services.TransactionTagGroupService
 	pictures                *services.TransactionPictureService
 	templates               *services.TransactionTemplateService
 	userCustomExchangeRates *services.UserCustomExchangeRatesService
+	insightsExploreres      *services.InsightsExplorerService
 }

 // Initialize a data management api singleton instance
@@ -43,9 +47,11 @@ var (
 		transactions:            services.Transactions,
 		categories:              services.TransactionCategories,
 		tags:                    services.TransactionTags,
+		tagGroups:               services.TransactionTagGroups,
 		pictures:                services.TransactionPictures,
 		templates:               services.TransactionTemplates,
 		userCustomExchangeRates: services.UserCustomExchangeRates,
+		insightsExploreres:      services.InsightsExplorers,
 	}
 )

@@ -97,6 +103,13 @@ func (a *DataManagementsApi) DataStatisticsHandler(c *core.WebContext) (any, *er
 		return nil, errs.ErrOperationFailed
 	}

+	totalInsightsExplorerCount, err := a.insightsExploreres.GetTotalInsightsExplorersCountByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.DataStatisticsHandler] failed to get total insights explorer count for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
 	totalTransactionTemplateCount, err := a.templates.GetTotalNormalTemplateCountByUid(c, uid)

 	if err != nil {
@@ -117,6 +130,7 @@ func (a *DataManagementsApi) DataStatisticsHandler(c *core.WebContext) (any, *er
 		TotalTransactionTagCount:       totalTransactionTagCount,
 		TotalTransactionCount:          totalTransactionCount,
 		TotalTransactionPictureCount:   totalTransactionPictureCount,
+		TotalInsightsExplorerCount:     totalInsightsExplorerCount,
 		TotalTransactionTemplateCount:  totalTransactionTemplateCount,
 		TotalScheduledTransactionCount: totalScheduledTransactionCount,
 	}
@@ -124,13 +138,13 @@ func (a *DataManagementsApi) DataStatisticsHandler(c *core.WebContext) (any, *er
 	return dataStatisticsResp, nil
 }

-// ClearDataHandler deletes all user data
-func (a *DataManagementsApi) ClearDataHandler(c *core.WebContext) (any, *errs.Error) {
+// ClearAllDataHandler deletes all user data
+func (a *DataManagementsApi) ClearAllDataHandler(c *core.WebContext) (any, *errs.Error) {
 	var clearDataReq models.ClearDataRequest
 	err := c.ShouldBindJSON(&clearDataReq)

 	if err != nil {
-		log.Warnf(c, "[data_managements.ClearDataHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[data_managements.ClearAllDataHandler] parse request failed, because %s", err.Error())
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

@@ -139,7 +153,7 @@ func (a *DataManagementsApi) ClearDataHandler(c *core.WebContext) (any, *errs.Er

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.Warnf(c, "[data_managements.ClearDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[data_managements.ClearAllDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, errs.ErrUserNotFound
@@ -156,39 +170,148 @@ func (a *DataManagementsApi) ClearDataHandler(c *core.WebContext) (any, *errs.Er
 	err = a.templates.DeleteAllTemplates(c, uid)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ClearDataHandler] failed to delete all transaction templates, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction templates, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	err = a.transactions.DeleteAllTransactions(c, uid)
+	err = a.transactions.DeleteAllTransactions(c, uid, true)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ClearDataHandler] failed to delete all transactions, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transactions, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.categories.DeleteAllCategories(c, uid)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ClearDataHandler] failed to delete all transaction categories, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction categories, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.tags.DeleteAllTags(c, uid)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ClearDataHandler] failed to delete all transaction tags, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction tags, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	err = a.tagGroups.DeleteAllTagGroups(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all transaction tag groups, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

 	err = a.userCustomExchangeRates.DeleteAllCustomExchangeRates(c, uid)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ClearDataHandler] failed to delete all user custom exchange rates, because %s", err.Error())
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all user custom exchange rates, because %s", err.Error())
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	log.Infof(c, "[data_managements.ClearDataHandler] user \"uid:%d\" has cleared all data", uid)
+	err = a.insightsExploreres.DeleteAllInsightsExplorers(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllDataHandler] failed to delete all insights explorers, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllDataHandler] user \"uid:%d\" has cleared all data", uid)
+	return true, nil
+}
+
+// ClearAllTransactionsHandler deletes all transactions
+func (a *DataManagementsApi) ClearAllTransactionsHandler(c *core.WebContext) (any, *errs.Error) {
+	var clearDataReq models.ClearDataRequest
+	err := c.ShouldBindJSON(&clearDataReq)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.ClearAllTransactionsHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[data_managements.ClearAllTransactionsHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(clearDataReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	err = a.transactions.DeleteAllTransactions(c, uid, false)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsHandler] failed to delete all transactions, because %s", err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllTransactionsHandler] user \"uid:%d\" has cleared all transactions", uid)
+	return true, nil
+}
+
+// ClearAllTransactionsByAccountHandler deletes all transactions of specified account
+func (a *DataManagementsApi) ClearAllTransactionsByAccountHandler(c *core.WebContext) (any, *errs.Error) {
+	var clearDataReq models.ClearAccountTransactionsRequest
+	err := c.ShouldBindJSON(&clearDataReq)
+
+	if err != nil {
+		log.Warnf(c, "[data_managements.ClearAllTransactionsByAccountHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(clearDataReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CLEAR_ALL_DATA) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	account, err := a.accounts.GetAccountByAccountId(c, uid, clearDataReq.AccountId)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to get account \"id:%d\" for user \"uid:%d\", because %s", uid, clearDataReq.AccountId, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if account.Hidden {
+		return nil, errs.ErrCannotDeleteTransactionInHiddenAccount
+	}
+
+	if account.Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+		return nil, errs.ErrCannotDeleteTransactionInParentAccount
+	}
+
+	err = a.transactions.DeleteAllTransactionsOfAccount(c, uid, account.AccountId, pageCountForClearTransactions)
+
+	if err != nil {
+		log.Errorf(c, "[data_managements.ClearAllTransactionsByAccountHandler] failed to delete all transactions in account \"id:%d\", because %s", account.AccountId, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[data_managements.ClearAllTransactionsByAccountHandler] user \"uid:%d\" has cleared all transactions in account \"id:%d\"", uid, account.AccountId)
 	return true, nil
 }

@@ -201,17 +324,15 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType
 	err := c.ShouldBindQuery(&exportTransactionDataReq)

 	if err != nil {
-		log.Warnf(c, "[data_managements.ExportDataHandler] parse request failed, because %s", err.Error())
+		log.Warnf(c, "[data_managements.getExportedFileContent] parse request failed, because %s", err.Error())
 		return nil, "", errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

-	timezone := time.Local
-	utcOffset, err := c.GetClientTimezoneOffset()
+	clientTimezone, err := c.GetClientTimezone()

 	if err != nil {
-		log.Warnf(c, "[data_managements.ExportDataHandler] cannot get client timezone offset, because %s", err.Error())
-	} else {
-		timezone = time.FixedZone("Client Timezone", int(utcOffset)*60)
+		log.Warnf(c, "[data_managements.getExportedFileContent] cannot get client timezone, because %s", err.Error())
+		clientTimezone = time.Local
 	}

 	uid := c.GetCurrentUid()
@@ -219,7 +340,7 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType

 	if err != nil {
 		if !errs.IsCustomError(err) {
-			log.Warnf(c, "[data_managements.ExportDataHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+			log.Warnf(c, "[data_managements.getExportedFileContent] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
 		}

 		return nil, "", errs.ErrUserNotFound
@@ -232,28 +353,28 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType
 	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ExportDataHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

 	categories, err := a.categories.GetAllCategoriesByUid(c, uid, 0, -1)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ExportDataHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

 	tags, err := a.tags.GetAllTagsByUid(c, uid)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ExportDataHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

 	tagIndexes, err := a.tags.GetAllTagIdsMapOfAllTransactions(c, uid)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ExportDataHandler] failed to get tag index for user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get tag index for user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

@@ -264,30 +385,30 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType
 	allAccountIds, err := a.accounts.GetAccountOrSubAccountIds(c, exportTransactionDataReq.AccountIds, uid)

 	if err != nil {
-		log.Warnf(c, "[data_managements.ExportDataHandler] get account error, because %s", err.Error())
+		log.Warnf(c, "[data_managements.getExportedFileContent] get account error, because %s", err.Error())
 		return nil, "", errs.Or(err, errs.ErrOperationFailed)
 	}

 	allCategoryIds, err := a.categories.GetCategoryOrSubCategoryIds(c, exportTransactionDataReq.CategoryIds, uid)

 	if err != nil {
-		log.Warnf(c, "[data_managements.ExportDataHandler] get transaction category error, because %s", err.Error())
+		log.Warnf(c, "[data_managements.getExportedFileContent] get transaction category error, because %s", err.Error())
 		return nil, "", errs.Or(err, errs.ErrOperationFailed)
 	}

-	var allTagIds []int64
-	noTags := exportTransactionDataReq.TagIds == "none"
+	noTags := exportTransactionDataReq.TagFilter == models.TransactionNoTagFilterValue
+	var tagFilters []*models.TransactionTagFilter

 	if !noTags {
-		allTagIds, err = a.tags.GetTagIds(exportTransactionDataReq.TagIds)
+		tagFilters, err = models.ParseTransactionTagFilter(exportTransactionDataReq.TagFilter)

 		if err != nil {
-			log.Warnf(c, "[data_managements.ExportDataHandler] get transaction tag ids error, because %s", err.Error())
+			log.Warnf(c, "[data_managements.getExportedFileContent] parse transaction tag filters error, because %s", err.Error())
 			return nil, "", errs.Or(err, errs.ErrOperationFailed)
 		}
 	}

-	maxTransactionTime := utils.GetMaxTransactionTimeFromUnixTime(time.Now().Unix())
+	maxTransactionTime := int64(math.MaxInt64)
 	minTransactionTime := int64(0)

 	if exportTransactionDataReq.MaxTime > 0 {
@@ -298,10 +419,10 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType
 		minTransactionTime = utils.GetMinTransactionTimeFromUnixTime(exportTransactionDataReq.MinTime)
 	}

-	allTransactions, err := a.transactions.GetAllSpecifiedTransactions(c, uid, maxTransactionTime, minTransactionTime, exportTransactionDataReq.Type, allCategoryIds, allAccountIds, allTagIds, noTags, exportTransactionDataReq.TagFilterType, exportTransactionDataReq.AmountFilter, exportTransactionDataReq.Keyword, pageCountForDataExport, true)
+	allTransactions, err := a.transactions.GetAllSpecifiedTransactions(c, uid, maxTransactionTime, minTransactionTime, exportTransactionDataReq.Type, allCategoryIds, allAccountIds, tagFilters, noTags, exportTransactionDataReq.AmountFilter, exportTransactionDataReq.Keyword, pageCountForDataExport, true)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ExportDataHandler] failed to all transactions user \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to all transactions user \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.ErrOperationFailed
 	}

@@ -314,17 +435,17 @@ func (a *DataManagementsApi) getExportedFileContent(c *core.WebContext, fileType
 	result, err := dataExporter.ToExportedContent(c, uid, allTransactions, accountMap, categoryMap, tagMap, tagIndexes)

 	if err != nil {
-		log.Errorf(c, "[data_managements.ExportDataHandler] failed to get csv format exported data for \"uid:%d\", because %s", uid, err.Error())
+		log.Errorf(c, "[data_managements.getExportedFileContent] failed to get exported data for \"uid:%d\", because %s", uid, err.Error())
 		return nil, "", errs.Or(err, errs.ErrOperationFailed)
 	}

-	fileName := a.getFileName(user, timezone, fileType)
+	fileName := a.getFileName(user, clientTimezone, fileType)

 	return result, fileName, nil
 }

-func (a *DataManagementsApi) getFileName(user *models.User, timezone *time.Location, fileExtension string) string {
-	currentTime := utils.FormatUnixTimeToLongDateTimeWithoutSecond(time.Now().Unix(), timezone)
+func (a *DataManagementsApi) getFileName(user *models.User, clientTimezone *time.Location, fileExtension string) string {
+	currentTime := utils.FormatUnixTimeToLongDateTimeWithoutSecond(time.Now().Unix(), clientTimezone)
 	currentTime = strings.Replace(currentTime, "-", "_", -1)
 	currentTime = strings.Replace(currentTime, " ", "_", -1)
 	currentTime = strings.Replace(currentTime, ":", "_", -1)
@@ -30,13 +30,7 @@ var (

 // LatestExchangeRateHandler returns latest exchange rate data
 func (a *ExchangeRatesApi) LatestExchangeRateHandler(c *core.WebContext) (any, *errs.Error) {
-	dataSource := exchangerates.Container.Current
-
-	if dataSource == nil {
-		return nil, errs.ErrInvalidExchangeRatesDataSource
-	}
-
-	exchangeRateResponse, err := dataSource.GetLatestExchangeRates(c, c.GetCurrentUid(), a.container.Current)
+	exchangeRateResponse, err := exchangerates.Container.GetLatestExchangeRates(c, c.GetCurrentUid(), a.CurrentConfig())

 	if err != nil {
 		return nil, errs.Or(err, errs.ErrOperationFailed)
@@ -0,0 +1,274 @@
+package api
+
+import (
+	"encoding/json"
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// InsightsExplorersApi represents insights explorers api
+type InsightsExplorersApi struct {
+	insightsExploreres *services.InsightsExplorerService
+}
+
+// Initialize a insights explorers api singleton instance
+var (
+	InsightsExplorers = &InsightsExplorersApi{
+		insightsExploreres: services.InsightsExplorers,
+	}
+)
+
+// InsightsExplorerListHandler returns insights explorer list of current user
+func (a *InsightsExplorersApi) InsightsExplorerListHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	explorers, err := a.insightsExploreres.GetAllInsightsExplorerNamesByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerListHandler] failed to get insights explorers for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorerResps := make(models.InsightsExplorerInfoResponseSlice, len(explorers))
+
+	for i := 0; i < len(explorers); i++ {
+		explorerResps[i], err = explorers[i].ToInsightsExplorerInfoResponse()
+
+		if err != nil {
+			log.Errorf(c, "[explorers.InsightsExplorerListHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.ErrInsightsExplorerDataInvalid
+		}
+	}
+
+	sort.Sort(explorerResps)
+
+	return explorerResps, nil
+}
+
+// InsightsExplorerGetHandler returns one specific insights explorer of current user
+func (a *InsightsExplorersApi) InsightsExplorerGetHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerGetReq models.InsightsExplorerGetRequest
+	err := c.ShouldBindQuery(&explorerGetReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerGetHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorer, err := a.insightsExploreres.GetInsightsExplorerByExplorerId(c, uid, explorerGetReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerGetHandler] failed to get insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerGetReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerGetHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerCreateHandler saves a new insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerCreateHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerCreateReq models.InsightsExplorerCreateRequest
+	err := c.ShouldBindJSON(&explorerCreateReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerCreateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.insightsExploreres.GetMaxDisplayOrder(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	explorer, err := a.createNewInsightsExplorerModel(uid, &explorerCreateReq, maxOrderId+1)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to parse insights explorer data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	err = a.insightsExploreres.CreateInsightsExplorer(c, explorer)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to create insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorer.ExplorerId, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerCreateHandler] user \"uid:%d\" has created a new insights explorer \"id:%d\" successfully", uid, explorer.ExplorerId)
+
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerCreateHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerModifyHandler saves an existed insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerModifyHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerModifyReq models.InsightsExplorerModifyRequest
+	err := c.ShouldBindJSON(&explorerModifyReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerModifyHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorer, err := a.insightsExploreres.GetInsightsExplorerByExplorerId(c, uid, explorerModifyReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to get insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	newData, err := json.Marshal(explorerModifyReq.Data)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to parse insights explorer data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	newExplorer := &models.InsightsExplorer{
+		ExplorerId: explorer.ExplorerId,
+		Uid:        uid,
+		Name:       explorerModifyReq.Name,
+		Data:       string(newData),
+	}
+
+	if newExplorer.Name == explorer.Name && newExplorer.Data == explorer.Data {
+		return nil, errs.ErrNothingWillBeUpdated
+	}
+
+	err = a.insightsExploreres.ModifyInsightsExplorer(c, newExplorer)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to update insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerModifyHandler] user \"uid:%d\" has updated insights explorer \"id:%d\" successfully", uid, explorerModifyReq.Id)
+
+	explorer.Name = newExplorer.Name
+	explorer.Data = newExplorer.Data
+	explorerResp, err := explorer.ToInsightsExplorerInfoResponse()
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerModifyHandler] failed to get insights explorer response for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrInsightsExplorerDataInvalid
+	}
+
+	return explorerResp, nil
+}
+
+// InsightsExplorerHideHandler hides a insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerHideHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerHideReq models.InsightsExplorerHideRequest
+	err := c.ShouldBindJSON(&explorerHideReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerHideHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.insightsExploreres.HideInsightsExplorer(c, uid, []int64{explorerHideReq.Id}, explorerHideReq.Hidden)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerHideHandler] failed to hide insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerHideReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerHideHandler] user \"uid:%d\" has hidden insights explorer \"id:%d\"", uid, explorerHideReq.Id)
+	return true, nil
+}
+
+// InsightsExplorerMoveHandler moves display order of existed insights explorers by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerMoveHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerMoveReq models.InsightsExplorerMoveRequest
+	err := c.ShouldBindJSON(&explorerMoveReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerMoveHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	explorers := make([]*models.InsightsExplorer, len(explorerMoveReq.NewDisplayOrders))
+
+	for i := 0; i < len(explorerMoveReq.NewDisplayOrders); i++ {
+		newDisplayOrder := explorerMoveReq.NewDisplayOrders[i]
+		explorer := &models.InsightsExplorer{
+			Uid:          uid,
+			ExplorerId:   newDisplayOrder.Id,
+			DisplayOrder: newDisplayOrder.DisplayOrder,
+		}
+
+		explorers[i] = explorer
+	}
+
+	err = a.insightsExploreres.ModifyInsightsExplorerDisplayOrders(c, uid, explorers)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerMoveHandler] failed to move insights explorers for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerMoveHandler] user \"uid:%d\" has moved insights explorers", uid)
+	return true, nil
+}
+
+// InsightsExplorerDeleteHandler deletes an existed insights explorer by request parameters for current user
+func (a *InsightsExplorersApi) InsightsExplorerDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var explorerDeleteReq models.InsightsExplorerDeleteRequest
+	err := c.ShouldBindJSON(&explorerDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[explorers.InsightsExplorerDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.insightsExploreres.DeleteInsightsExplorer(c, uid, explorerDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[explorers.InsightsExplorerDeleteHandler] failed to delete insights explorer \"id:%d\" for user \"uid:%d\", because %s", explorerDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[explorers.InsightsExplorerDeleteHandler] user \"uid:%d\" has deleted insights explorer \"id:%d\"", uid, explorerDeleteReq.Id)
+	return true, nil
+}
+
+func (a *InsightsExplorersApi) createNewInsightsExplorerModel(uid int64, explorerCreateReq *models.InsightsExplorerCreateRequest, order int32) (*models.InsightsExplorer, error) {
+	data, err := json.Marshal(explorerCreateReq.Data)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &models.InsightsExplorer{
+		Uid:          uid,
+		Name:         explorerCreateReq.Name,
+		Data:         string(data),
+		DisplayOrder: order,
+	}, nil
+}
@@ -4,6 +4,7 @@ import (
 	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -14,6 +15,7 @@ import (
 // ForgetPasswordsApi represents user forget password api
 type ForgetPasswordsApi struct {
 	ApiUsingConfig
+	ApiUsingDuplicateChecker
 	users           *services.UserService
 	tokens          *services.TokenService
 	forgetPasswords *services.ForgetPasswordService
@@ -25,6 +27,12 @@ var (
 		ApiUsingConfig: ApiUsingConfig{
 			container: settings.Container,
 		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
 		users:           services.Users,
 		tokens:          services.Tokens,
 		forgetPasswords: services.ForgetPasswords,
@@ -41,6 +49,13 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.WebContext
 		return nil, errs.ErrEmailIsEmptyOrInvalid
 	}

+	err = a.CheckFailureCount(c, 0)
+
+	if err != nil {
+		log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send forget password mail to \"%s\", because %s", request.Email, err.Error())
+		return nil, errs.Or(err, errs.ErrFailureCountLimitReached)
+	}
+
 	user, err := a.users.GetUserByEmail(c, request.Email)

 	if err != nil {
@@ -48,6 +63,13 @@ func (a *ForgetPasswordsApi) UserForgetPasswordRequestHandler(c *core.WebContext
 			log.Errorf(c, "[forget_passwords.UserForgetPasswordRequestHandler] failed to get user, because %s", err.Error())
 		}

+		failureCheckErr := a.CheckAndIncreaseFailureCount(c, 0)
+
+		if failureCheckErr != nil {
+			log.Warnf(c, "[forget_passwords.UserForgetPasswordRequestHandler] cannot send forget password mail to \"%s\", because %s", request.Email, failureCheckErr.Error())
+			return nil, errs.Or(failureCheckErr, errs.ErrFailureCountLimitReached)
+		}
+
 		return nil, errs.ErrUserNotFound
 	}

@@ -124,7 +146,7 @@ func (a *ForgetPasswordsApi) UserResetPasswordHandler(c *core.WebContext) (any,

 	if user.Email != request.Email {
 		log.Warnf(c, "[forget_passwords.UserResetPasswordHandler] request email not equals the user email")
-		return nil, errs.ErrEmptyIsInvalid
+		return nil, errs.ErrEmailIsInvalid
 	}

 	if a.users.IsPasswordEqualsUserPassword(request.Password, user) {
@@ -3,7 +3,6 @@ package api
 import (
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
-	"github.com/mayswind/ezbookkeeping/pkg/settings"
 )

 // HealthsApi represents health api
@@ -18,8 +17,8 @@ var (
 func (a *HealthsApi) HealthStatusHandler(c *core.WebContext) (any, *errs.Error) {
 	result := make(map[string]string)

-	result["version"] = settings.Version
-	result["commit"] = settings.CommitHash
+	result["version"] = core.Version
+	result["commit"] = core.CommitHash
 	result["status"] = "ok"

 	return result, nil
@@ -0,0 +1,376 @@
+package api
+
+import (
+	"bytes"
+	"encoding/json"
+	"io"
+	"strings"
+	"time"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/llm"
+	"github.com/mayswind/ezbookkeeping/pkg/llm/data"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/templates"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+// LargeLanguageModelsApi represents large language models api
+type LargeLanguageModelsApi struct {
+	ApiUsingConfig
+	transactionCategories *services.TransactionCategoryService
+	transactionTags       *services.TransactionTagService
+	accounts              *services.AccountService
+	users                 *services.UserService
+}
+
+// Initialize a large language models api singleton instance
+var (
+	LargeLanguageModels = &LargeLanguageModelsApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		transactionCategories: services.TransactionCategories,
+		transactionTags:       services.TransactionTags,
+		accounts:              services.Accounts,
+		users:                 services.Users,
+	}
+)
+
+// RecognizeReceiptImageHandler returns the recognized receipt image result
+func (a *LargeLanguageModelsApi) RecognizeReceiptImageHandler(c *core.WebContext) (any, *errs.Error) {
+	if a.CurrentConfig().ReceiptImageRecognitionLLMConfig == nil || a.CurrentConfig().ReceiptImageRecognitionLLMConfig.LLMProvider == "" || !a.CurrentConfig().TransactionFromAIImageRecognition {
+		return nil, errs.ErrLargeLanguageModelProviderNotEnabled
+	}
+
+	clientTimezone, err := c.GetClientTimezone()
+
+	if err != nil {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] cannot get client timezone, because %s", err.Error())
+		return nil, errs.ErrClientTimezoneOffsetInvalid
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return false, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_CREATE_TRANSACTION_FROM_AI_IMAGE_RECOGNITION) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	form, err := c.MultipartForm()
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get multi-part form data for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrParameterInvalid
+	}
+
+	imageFiles := form.File["image"]
+
+	if len(imageFiles) < 1 {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] there is no image in request for user \"uid:%d\"", uid)
+		return nil, errs.ErrNoAIRecognitionImage
+	}
+
+	if imageFiles[0].Size < 1 {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the size of image in request is zero for user \"uid:%d\"", uid)
+		return nil, errs.ErrAIRecognitionImageIsEmpty
+	}
+
+	if imageFiles[0].Size > int64(a.CurrentConfig().MaxAIRecognitionPictureFileSize) {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the upload file size \"%d\" exceeds the maximum size \"%d\" of image for user \"uid:%d\"", imageFiles[0].Size, a.CurrentConfig().MaxAIRecognitionPictureFileSize, uid)
+		return nil, errs.ErrExceedMaxAIRecognitionImageFileSize
+	}
+
+	fileExtension := utils.GetFileNameExtension(imageFiles[0].Filename)
+	contentType := utils.GetImageContentType(fileExtension)
+
+	if contentType == "" {
+		log.Warnf(c, "[large_language_models.RecognizeReceiptImageHandler] the file extension \"%s\" of image in request is not supported for user \"uid:%d\"", fileExtension, uid)
+		return nil, errs.ErrImageTypeNotSupported
+	}
+
+	imageFile, err := imageFiles[0].Open()
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get image file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	defer imageFile.Close()
+
+	imageData, err := io.ReadAll(imageFile)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to read image file from request for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.ErrOperationFailed
+	}
+
+	accounts, err := a.accounts.GetAllAccountsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get all accounts for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	accountMap := a.accounts.GetVisibleAccountNameMapByList(accounts)
+	accountNames := make([]string, 0, len(accounts))
+
+	for i := 0; i < len(accounts); i++ {
+		if accounts[i].Hidden || accounts[i].Type == models.ACCOUNT_TYPE_MULTI_SUB_ACCOUNTS {
+			continue
+		}
+
+		accountNames = append(accountNames, accounts[i].Name)
+	}
+
+	categories, err := a.transactionCategories.GetAllCategoriesByUid(c, uid, 0, -1)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get categories for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	incomeCategoryMap := make(map[string]*models.TransactionCategory)
+	incomeCategoryNames := make([]string, 0)
+
+	expenseCategoryMap := make(map[string]*models.TransactionCategory)
+	expenseCategoryNames := make([]string, 0)
+
+	transferCategoryMap := make(map[string]*models.TransactionCategory)
+	transferCategoryNames := make([]string, 0)
+
+	for i := 0; i < len(categories); i++ {
+		category := categories[i]
+
+		if category.Hidden || category.ParentCategoryId == models.LevelOneTransactionCategoryParentId {
+			continue
+		}
+
+		if category.Type == models.CATEGORY_TYPE_INCOME {
+			incomeCategoryMap[category.Name] = category
+			incomeCategoryNames = append(incomeCategoryNames, category.Name)
+		} else if category.Type == models.CATEGORY_TYPE_EXPENSE {
+			expenseCategoryMap[category.Name] = category
+			expenseCategoryNames = append(expenseCategoryNames, category.Name)
+		} else if category.Type == models.CATEGORY_TYPE_TRANSFER {
+			transferCategoryMap[category.Name] = category
+			transferCategoryNames = append(transferCategoryNames, category.Name)
+		}
+	}
+
+	tags, err := a.transactionTags.GetAllTagsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get tags for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagMap := a.transactionTags.GetVisibleTagNameMapByList(tags)
+	tagNames := make([]string, 0, len(tags))
+
+	for i := 0; i < len(tags); i++ {
+		if tags[i].Hidden {
+			continue
+		}
+
+		tagNames = append(tagNames, tags[i].Name)
+	}
+
+	systemPrompt, err := templates.GetTemplate(templates.SYSTEM_PROMPT_RECEIPT_IMAGE_RECOGNITION)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get system prompt template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	systemPromptParams := map[string]any{
+		"CurrentDateTime":          utils.FormatUnixTimeToLongDateTime(time.Now().Unix(), clientTimezone),
+		"AllExpenseCategoryNames":  strings.Join(expenseCategoryNames, "\n"),
+		"AllIncomeCategoryNames":   strings.Join(incomeCategoryNames, "\n"),
+		"AllTransferCategoryNames": strings.Join(transferCategoryNames, "\n"),
+		"AllAccountNames":          strings.Join(accountNames, "\n"),
+		"AllTagNames":              strings.Join(tagNames, "\n"),
+	}
+
+	var bodyBuffer bytes.Buffer
+	err = systemPrompt.Execute(&bodyBuffer, systemPromptParams)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get final system prompt from template for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	llmRequest := &data.LargeLanguageModelRequest{
+		Stream:                false,
+		SystemPrompt:          strings.ReplaceAll(bodyBuffer.String(), "\r\n", "\n"),
+		UserPrompt:            imageData,
+		UserPromptType:        data.LARGE_LANGUAGE_MODEL_REQUEST_PROMPT_TYPE_IMAGE_URL,
+		UserPromptContentType: contentType,
+	}
+
+	llmResponse, err := llm.Container.GetJsonResponseByReceiptImageRecognitionModel(c, c.GetCurrentUid(), a.CurrentConfig(), llmRequest)
+
+	if err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to get llm response user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	if llmResponse == nil || len(llmResponse.Content) == 0 || strings.HasPrefix(llmResponse.Content, "{}") {
+		return nil, errs.ErrNoTransactionInformationInImage
+	}
+
+	var result *models.RecognizedReceiptImageResult
+
+	if err := json.Unmarshal([]byte(llmResponse.Content), &result); err != nil {
+		log.Errorf(c, "[large_language_models.RecognizeReceiptImageHandler] failed to unmarshal recognized receipt image result from llm response \"%s\" for user \"uid:%d\", because %s", llmResponse.Content, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return a.parseRecognizedReceiptImageResponse(c, uid, clientTimezone, result, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+}
+
+func (a *LargeLanguageModelsApi) parseRecognizedReceiptImageResponse(c *core.WebContext, uid int64, clientTimezone *time.Location, recognizedResult *models.RecognizedReceiptImageResult, accountMap map[string]*models.Account, expenseCategoryMap map[string]*models.TransactionCategory, incomeCategoryMap map[string]*models.TransactionCategory, transferCategoryMap map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (*models.RecognizedReceiptImageResponse, *errs.Error) {
+	recognizedReceiptImageResponse := &models.RecognizedReceiptImageResponse{
+		Type: models.TRANSACTION_TYPE_EXPENSE,
+	}
+
+	if recognizedResult == nil {
+		log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed result is null")
+		return nil, errs.ErrNoTransactionInformationInImage
+	}
+
+	if recognizedResult.Type == "income" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_INCOME
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := incomeCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if recognizedResult.Type == "expense" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_EXPENSE
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := expenseCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if recognizedResult.Type == "transfer" {
+		recognizedReceiptImageResponse.Type = models.TRANSACTION_TYPE_TRANSFER
+
+		if len(recognizedResult.CategoryName) > 0 {
+			category, exists := transferCategoryMap[recognizedResult.CategoryName]
+
+			if exists {
+				recognizedReceiptImageResponse.CategoryId = category.CategoryId
+			}
+		}
+	} else if len(recognizedResult.Type) == 0 {
+		return nil, errs.ErrNoTransactionInformationInImage
+	} else {
+		log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed transaction type \"%s\" is invalid", recognizedResult.Type)
+		return nil, errs.ErrOperationFailed
+	}
+
+	if len(recognizedResult.Time) > 0 {
+		longDateTime := a.getLongDateTime(recognizedResult.Time)
+		timestamp, err := utils.ParseFromLongDateTimeInTimeZone(longDateTime, clientTimezone)
+
+		if err != nil {
+			log.Warnf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed time \"%s\" is invalid", recognizedResult.Time)
+		} else {
+			recognizedReceiptImageResponse.Time = timestamp.Unix()
+		}
+	}
+
+	if len(recognizedResult.Amount) > 0 {
+		amount, err := utils.ParseAmount(recognizedResult.Amount)
+
+		if err != nil {
+			log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed amount \"%s\" is invalid", recognizedResult.Amount)
+			return nil, errs.ErrOperationFailed
+		}
+
+		recognizedReceiptImageResponse.SourceAmount = amount
+
+		if recognizedReceiptImageResponse.Type == models.TRANSACTION_TYPE_TRANSFER && len(recognizedResult.DestinationAmount) > 0 {
+			destinationAmount, err := utils.ParseAmount(recognizedResult.DestinationAmount)
+
+			if err != nil {
+				log.Errorf(c, "[large_language_models.parseRecognizedReceiptImageResponse] recoginzed destination amount \"%s\" is invalid", recognizedResult.DestinationAmount)
+				return nil, errs.ErrOperationFailed
+			}
+
+			recognizedReceiptImageResponse.DestinationAmount = destinationAmount
+		}
+	}
+
+	if len(recognizedResult.AccountName) > 0 {
+		account, exists := accountMap[recognizedResult.AccountName]
+
+		if exists {
+			recognizedReceiptImageResponse.SourceAccountId = account.AccountId
+		}
+	}
+
+	if len(recognizedResult.DestinationAccountName) > 0 {
+		account, exists := accountMap[recognizedResult.DestinationAccountName]
+
+		if exists {
+			recognizedReceiptImageResponse.DestinationAccountId = account.AccountId
+		}
+	}
+
+	if len(recognizedResult.TagNames) > 0 {
+		tagIds := make([]string, 0, len(recognizedResult.TagNames))
+
+		for i := 0; i < len(recognizedResult.TagNames); i++ {
+			tagName := recognizedResult.TagNames[i]
+			tag, exists := tagMap[tagName]
+
+			if exists {
+				tagIds = append(tagIds, utils.Int64ToString(tag.TagId))
+			}
+		}
+
+		recognizedReceiptImageResponse.TagIds = tagIds
+	}
+
+	if len(recognizedResult.Description) > 0 {
+		recognizedReceiptImageResponse.Comment = recognizedResult.Description
+	}
+
+	return recognizedReceiptImageResponse, nil
+}
+
+func (a *LargeLanguageModelsApi) getLongDateTime(dateTime string) string {
+	if utils.IsValidLongDateTimeFormat(dateTime) {
+		return dateTime
+	}
+
+	if utils.IsValidLongDateTimeWithoutSecondFormat(dateTime) {
+		return dateTime + ":00"
+	}
+
+	if utils.IsValidLongDateFormat(dateTime) {
+		return dateTime + " 00:00:00"
+	}
+
+	return dateTime
+}
@@ -5,11 +5,12 @@ import (
 	"net/http/httputil"
 	"net/url"
 	"strings"
+	"sync"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
 	"github.com/mayswind/ezbookkeeping/pkg/settings"
-	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

 const openStreetMapTileImageUrlFormat = "https://tile.openstreetmap.org/{z}/{x}/{y}.png"                                                                                                                              // https://tile.openstreetmap.org/{z}/{x}/{y}.png
@@ -25,6 +26,8 @@ const tianDiTuMapAnnotationUrlFormat = "https://t0.tianditu.gov.cn/cva_w/wmts?SE
 // MapImageProxy represents map image proxy
 type MapImageProxy struct {
 	ApiUsingConfig
+	mutex     sync.Mutex
+	transport *http.Transport
 }

 // Initialize a map image proxy singleton instance
@@ -36,6 +39,18 @@ var (
 	}
 )

+func (p *MapImageProxy) initializeHttpTransport() {
+	p.mutex.Lock()
+	defer p.mutex.Unlock()
+
+	if p.transport != nil {
+		return
+	}
+
+	p.transport = http.DefaultTransport.(*http.Transport).Clone()
+	httpclient.SetProxyUrl(p.transport, p.CurrentConfig().MapProxy)
+}
+
 // MapTileImageProxyHandler returns map tile image
 func (p *MapImageProxy) MapTileImageProxyHandler(c *core.WebContext) (*httputil.ReverseProxy, *errs.Error) {
 	return p.mapImageProxyHandler(c, func(c *core.WebContext, mapProvider string) (string, *errs.Error) {
@@ -109,8 +124,9 @@ func (p *MapImageProxy) mapImageProxyHandler(c *core.WebContext, fn func(c *core
 		return nil, err
 	}

-	transport := http.DefaultTransport.(*http.Transport).Clone()
-	utils.SetProxyUrl(transport, p.CurrentConfig().MapProxy)
+	if p.transport == nil {
+		p.initializeHttpTransport()
+	}

 	director := func(req *http.Request) {
 		imageRawUrl := targetUrl
@@ -126,7 +142,7 @@ func (p *MapImageProxy) mapImageProxyHandler(c *core.WebContext, fn func(c *core
 	}

 	return &httputil.ReverseProxy{
-		Transport: transport,
+		Transport: p.transport,
 		Director:  director,
 	}, nil
 }
@@ -3,8 +3,6 @@ package api
 import (
 	"encoding/json"

-	"github.com/gin-gonic/gin"
-
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
@@ -15,7 +13,7 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

-const mcpServerName = "ezBookkeeping-mcp"
+const mcpServerName = core.ApplicationName + "-mcp"

 // ModelContextProtocolAPI represents model context protocol api
 type ModelContextProtocolAPI struct {
@@ -104,8 +102,8 @@ func (a *ModelContextProtocolAPI) InitializeHandler(c *core.WebContext, jsonRPCR
 		},
 		ServerInfo: &mcp.MCPImplementation{
 			Name:    mcpServerName,
-			Title:   a.CurrentConfig().AppName,
-			Version: settings.Version,
+			Title:   core.ApplicationName,
+			Version: core.Version,
 		},
 	}

@@ -233,7 +231,7 @@ func (a *ModelContextProtocolAPI) CallToolHandler(c *core.WebContext, jsonRPCReq

 // PingHandler return the ping response for model context protocol
 func (a *ModelContextProtocolAPI) PingHandler(c *core.WebContext, jsonRPCRequest *core.JSONRPCRequest) (any, *errs.Error) {
-	return gin.H{}, nil
+	return core.O{}, nil
 }

 // GetTransactionService implements the MCPAvailableServices interface
@@ -0,0 +1,423 @@
+package api
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"net/url"
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/duplicatechecker"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/locales"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+	"github.com/mayswind/ezbookkeeping/pkg/validators"
+)
+
+const oauth2CallbackPageUrlSuccessFormat = "%sdesktop#/oauth2_callback?platform=%s&provider=%s&token=%s"
+const oauth2CallbackPageUrlNeedVerifyFormat = "%sdesktop#/oauth2_callback?platform=%s&provider=%s&userName=%s&token=%s"
+const oauth2CallbackPageUrlFailedFormat = "%sdesktop#/oauth2_callback?errorCode=%d&errorMessage=%s"
+const oauth2CallbackPageUrlErrorMessageFormat = "%sdesktop#/oauth2_callback?errorMessage=%s"
+
+// OAuth2AuthenticationApi represents OAuth 2.0 authorization api
+type OAuth2AuthenticationApi struct {
+	ApiUsingConfig
+	ApiUsingDuplicateChecker
+	users             *services.UserService
+	tokens            *services.TokenService
+	userExternalAuths *services.UserExternalAuthService
+}
+
+// Initialize a OAuth 2.0 authentication api singleton instance
+var (
+	OAuth2Authentications = &OAuth2AuthenticationApi{
+		ApiUsingConfig: ApiUsingConfig{
+			container: settings.Container,
+		},
+		ApiUsingDuplicateChecker: ApiUsingDuplicateChecker{
+			ApiUsingConfig: ApiUsingConfig{
+				container: settings.Container,
+			},
+			container: duplicatechecker.Container,
+		},
+		users:             services.Users,
+		tokens:            services.Tokens,
+		userExternalAuths: services.UserExternalAuths,
+	}
+)
+
+// LoginHandler handles user login request via OAuth 2.0
+func (a *OAuth2AuthenticationApi) LoginHandler(c *core.WebContext) (string, *errs.Error) {
+	var oauth2LoginReq models.OAuth2LoginRequest
+	err := c.ShouldBindQuery(&oauth2LoginReq)
+
+	if err != nil {
+		log.Warnf(c, "[oauth2_authentications.LoginHandler] parse request failed, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.NewIncompleteOrIncorrectSubmissionError(err))
+	}
+
+	if oauth2LoginReq.Platform != "mobile" && oauth2LoginReq.Platform != "desktop" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2LoginRequest)
+	}
+
+	found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, oauth2LoginReq.ClientSessionId)
+
+	if found {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] another oauth 2.0 state \"%s\" has been processing for client session id \"%s\"", remark, oauth2LoginReq.ClientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrRepeatedRequest)
+	}
+
+	uid := int64(0)
+
+	if oauth2LoginReq.Token != "" {
+		_, claims, _, err := a.tokens.ParseToken(c, oauth2LoginReq.Token)
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to parse token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrInvalidToken)
+		}
+
+		uid = claims.Uid
+		user, err := a.users.GetUserById(c, uid)
+
+		if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+			log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to get user by id %d, because %s", uid, err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+		}
+
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+			return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+		}
+	}
+
+	verifier, err := utils.GetRandomNumberOrLowercaseLetter(64)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to generate random string for oauth 2.0 state, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.ErrSystemError)
+	}
+
+	remark = fmt.Sprintf("%s|%s|%d|%s", oauth2LoginReq.Platform, oauth2LoginReq.ClientSessionId, uid, verifier)
+	state := fmt.Sprintf("%s|%s|%s", oauth2LoginReq.Platform, oauth2LoginReq.ClientSessionId, utils.MD5EncodeToString([]byte(remark)))
+
+	redirectUrl, err := oauth2.GetOAuth2AuthUrl(c, state, verifier)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.LoginHandler] failed to get oauth 2.0 auth url, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrSystemError))
+	}
+
+	a.SetSubmissionRemarkWithCustomExpiration(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, oauth2LoginReq.ClientSessionId, remark, a.CurrentConfig().OAuth2StateExpiredTimeDuration)
+
+	return redirectUrl, nil
+}
+
+// CallbackHandler handles OAuth 2.0 callback request
+func (a *OAuth2AuthenticationApi) CallbackHandler(c *core.WebContext) (string, *errs.Error) {
+	var oauth2CallbackReq models.OAuth2CallbackRequest
+	err := c.ShouldBindQuery(&oauth2CallbackReq)
+
+	if err != nil {
+		log.Warnf(c, "[oauth2_authentications.CallbackHandler] parse request failed, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.NewIncompleteOrIncorrectSubmissionError(err))
+	}
+
+	if oauth2CallbackReq.State == "" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrMissingOAuth2State)
+	}
+
+	if oauth2CallbackReq.Code == "" {
+		if oauth2CallbackReq.ErrorDescription != "" {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 provider returned error: %s, description: %s", oauth2CallbackReq.Error, oauth2CallbackReq.ErrorDescription)
+			return a.redirectToErrorMessageCallbackPage(c, oauth2CallbackReq.ErrorDescription)
+		}
+
+		return a.redirectToFailedCallbackPage(c, errs.ErrMissingOAuth2Code)
+	}
+
+	platform := ""
+	clientSessionId := ""
+
+	stateParts := strings.Split(oauth2CallbackReq.State, "|")
+
+	if len(stateParts) == 3 {
+		platform = stateParts[0]
+		clientSessionId = stateParts[1]
+	} else {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	if platform != "mobile" && platform != "desktop" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2LoginRequest)
+	}
+
+	found, remark := a.GetSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, clientSessionId)
+
+	if !found {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] cannot find oauth 2.0 state in duplicate checker for client session id \"%s\"", clientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2Callback)
+	}
+
+	remarkParts := strings.Split(remark, "|")
+
+	if len(remarkParts) != 4 || remarkParts[0] != platform || remarkParts[1] != clientSessionId {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 state \"%s\" in duplicate checker for client session id \"%s\"", remark, clientSessionId)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	uid, err := utils.StringToInt64(remarkParts[2])
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid uid \"%s\" in oauth 2.0 state \"%s\"", remarkParts[2], remark)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	verifier := remarkParts[3]
+	expectedRemark := fmt.Sprintf("%s|%s|%d|%s", platform, clientSessionId, uid, verifier)
+	expectedState := fmt.Sprintf("%s|%s|%s", platform, clientSessionId, utils.MD5EncodeToString([]byte(expectedRemark)))
+
+	if oauth2CallbackReq.State != expectedState {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] mismatched random string in oauth 2.0 state, expected \"%s\", got \"%s\"", expectedState, oauth2CallbackReq.State)
+		return a.redirectToFailedCallbackPage(c, errs.ErrInvalidOAuth2State)
+	}
+
+	a.RemoveSubmissionRemark(duplicatechecker.DUPLICATE_CHECKER_TYPE_OAUTH2_REDIRECT, 0, clientSessionId)
+
+	oauth2Token, err := oauth2.GetOAuth2Token(c, oauth2CallbackReq.Code, verifier)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 token, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrCannotRetrieveOAuth2Token))
+	}
+
+	oauth2UserInfo, err := oauth2.GetOAuth2UserInfo(c, oauth2Token)
+
+	if err != nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 user info, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrInvalidOAuth2Token))
+	}
+
+	if oauth2UserInfo == nil {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to retrieve oauth 2.0 user info, because user info is nil")
+		return a.redirectToFailedCallbackPage(c, errs.ErrCannotRetrieveUserInfo)
+	}
+
+	log.Infof(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 user info, userName: %s, email: %s", oauth2UserInfo.UserName, oauth2UserInfo.Email)
+
+	if oauth2UserInfo.UserName == "" && oauth2UserInfo.Email == "" {
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameAndEmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail && oauth2UserInfo.Email == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, email is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmpty)
+	}
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername && oauth2UserInfo.UserName == "" {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] invalid oauth 2.0 user info, userName is empty")
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmpty)
+	}
+
+	userExternalAuthType := oauth2.GetExternalUserAuthType()
+	var userExternalAuth *models.UserExternalAuth
+
+	if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail {
+		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalEmail(c, oauth2UserInfo.Email, userExternalAuthType)
+	} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
+		userExternalAuth, err = a.userExternalAuths.GetUserExternalAuthByExternalUserName(c, oauth2UserInfo.UserName, userExternalAuthType)
+	} else {
+		return a.redirectToFailedCallbackPage(c, errs.ErrNotSupported)
+	}
+
+	if err != nil && !errors.Is(err, errs.ErrUserExternalAuthNotFound) {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user external auth, because %s", err.Error())
+		return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+	}
+
+	if uid != 0 && userExternalAuth != nil && userExternalAuth.Uid != uid {
+		log.Errorf(c, "[oauth2_authentications.CallbackHandler] oauth 2.0 external auth has been bound to another user \"uid:%d\", current user \"uid:%d\"", userExternalAuth.Uid, uid)
+		return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserAlreadyBoundToAnotherUser)
+	}
+
+	var user *models.User
+
+	if err == nil { // user already bound to external auth, redirect to success page
+		user, err = a.users.GetUserById(c, userExternalAuth.Uid)
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user by id %d, because %s", userExternalAuth.Uid, err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+		}
+	} else { // errors.Is(err, errs.ErrUserExternalAuthNotFound) // user not bound to external auth, try to bind or register new user
+		if uid != 0 {
+			user, err = a.users.GetUserById(c, uid)
+
+			if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user by id %d, because %s", uid, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+		} else {
+			if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierEmail {
+				user, err = a.users.GetUserByEmail(c, oauth2UserInfo.Email)
+			} else if a.CurrentConfig().OAuth2UserIdentifier == settings.OAuth2UserIdentifierUsername {
+				user, err = a.users.GetUserByUsername(c, oauth2UserInfo.UserName)
+			} else {
+				err = errs.ErrNotSupported
+			}
+
+			if err != nil && !errors.Is(err, errs.ErrUserNotFound) {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to get user, because %s", err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+		}
+
+		if user == nil && a.CurrentConfig().EnableUserRegister && a.CurrentConfig().OAuth2AutoRegister {
+			if oauth2UserInfo.UserName == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2UserNameEmptyCannotRegister)
+			}
+
+			if oauth2UserInfo.Email == "" {
+				return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2EmailEmptyCannotRegister)
+			}
+
+			userName := strings.TrimSpace(oauth2UserInfo.UserName)
+			email := strings.TrimSpace(oauth2UserInfo.Email)
+			nickName := strings.TrimSpace(oauth2UserInfo.NickName)
+			languageCode := ""
+			currencyCode := "USD"
+
+			if nickName == "" {
+				nickName = userName
+			}
+
+			if !utils.IsValidUsername(userName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrUserNameIsInvalid)
+			}
+
+			if !utils.IsValidEmail(email) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrEmailIsInvalid)
+			}
+
+			if !utils.IsValidNickName(nickName) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrNickNameIsInvalid)
+			}
+
+			if _, exists := locales.AllLanguages[oauth2UserInfo.LanguageCode]; exists {
+				languageCode = oauth2UserInfo.LanguageCode
+			}
+
+			if _, exists := validators.AllCurrencyNames[oauth2UserInfo.CurrencyCode]; exists {
+				currencyCode = oauth2UserInfo.CurrencyCode
+			}
+
+			user = &models.User{
+				Username:             userName,
+				Email:                email,
+				Nickname:             nickName,
+				Language:             languageCode,
+				DefaultCurrency:      currencyCode,
+				FirstDayOfWeek:       oauth2UserInfo.FirstDayOfWeek,
+				FiscalYearStart:      core.FISCAL_YEAR_START_DEFAULT,
+				TransactionEditScope: models.TRANSACTION_EDIT_SCOPE_ALL,
+				FeatureRestriction:   a.CurrentConfig().DefaultFeatureRestrictions,
+			}
+
+			if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+				return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+			}
+
+			err = a.users.CreateUser(c, user, true)
+
+			if err != nil {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+
+			log.Infof(c, "[oauth2_authentications.CallbackHandler] user \"%s\" has registered successfully, uid is %d", user.Username, user.Uid)
+
+			userExternalAuth = &models.UserExternalAuth{
+				Uid:              user.Uid,
+				ExternalAuthType: userExternalAuthType,
+				ExternalUsername: oauth2UserInfo.UserName,
+				ExternalEmail:    oauth2UserInfo.Email,
+			}
+
+			err = a.userExternalAuths.CreateUserExternalAuth(c, userExternalAuth)
+
+			if err != nil {
+				log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create user external auth for user \"uid:%d\", because %s", user.Uid, err.Error())
+				return a.redirectToFailedCallbackPage(c, errs.Or(err, errs.ErrOperationFailed))
+			}
+
+			log.Infof(c, "[oauth2_authentications.CallbackHandler] user external auth has been created for user \"uid:%d\"", user.Uid)
+		} else if user == nil {
+			return a.redirectToFailedCallbackPage(c, errs.ErrOAuth2AutoRegistrationNotEnabled)
+		}
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_OAUTH2_LOGIN) {
+		return a.redirectToFailedCallbackPage(c, errs.ErrNotPermittedToPerformThisAction)
+	}
+
+	if userExternalAuth == nil {
+		tokenContext, err := json.Marshal(&models.OAuth2CallbackTokenContext{
+			ExternalAuthType: userExternalAuthType,
+			ExternalUsername: oauth2UserInfo.UserName,
+			ExternalEmail:    oauth2UserInfo.Email,
+		})
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to marshal oauth 2.0 callback verify token context, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrOperationFailed)
+		}
+
+		token, _, err := a.tokens.CreateOAuth2CallbackRequireVerifyToken(c, user, string(tokenContext))
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create oauth 2.0 callback verify token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrTokenGenerating)
+		}
+
+		return a.redirectToVerifyCallbackPage(c, platform, userExternalAuthType, user.Username, token)
+	} else {
+		tokenContext, err := json.Marshal(&models.OAuth2CallbackTokenContext{
+			ExternalAuthType: userExternalAuthType,
+		})
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to marshal oauth 2.0 callback token context, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrOperationFailed)
+		}
+
+		token, _, err := a.tokens.CreateOAuth2CallbackToken(c, user, string(tokenContext))
+
+		if err != nil {
+			log.Errorf(c, "[oauth2_authentications.CallbackHandler] failed to create oauth 2.0 callback token, because %s", err.Error())
+			return a.redirectToFailedCallbackPage(c, errs.ErrTokenGenerating)
+		}
+
+		return a.redirectToSuccessCallbackPage(c, platform, userExternalAuthType, token)
+	}
+}
+
+func (a *OAuth2AuthenticationApi) redirectToSuccessCallbackPage(c *core.WebContext, platform string, externalAuthType core.UserExternalAuthType, token string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlSuccessFormat, a.CurrentConfig().RootUrl, platform, externalAuthType, url.QueryEscape(token)), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToVerifyCallbackPage(c *core.WebContext, platform string, externalAuthType core.UserExternalAuthType, userName string, token string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlNeedVerifyFormat, a.CurrentConfig().RootUrl, platform, externalAuthType, userName, url.QueryEscape(token)), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToFailedCallbackPage(c *core.WebContext, err *errs.Error) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlFailedFormat, a.CurrentConfig().RootUrl, err.Code(), url.QueryEscape(utils.GetDisplayErrorMessage(err))), nil
+}
+
+func (a *OAuth2AuthenticationApi) redirectToErrorMessageCallbackPage(c *core.WebContext, message string) (string, *errs.Error) {
+	return fmt.Sprintf(oauth2CallbackPageUrlErrorMessageFormat, a.CurrentConfig().RootUrl, url.QueryEscape(message)), nil
+}
@@ -35,18 +35,33 @@ func (a *ServerSettingsApi) ServerSettingsJavascriptHandler(c *core.WebContext)
 	builder := &strings.Builder{}
 	builder.WriteString(ezbookkeepingServerSettingsJavascriptFileHeader)

-	a.appendBooleanSetting(builder, "r", config.EnableUserRegister)
-	a.appendBooleanSetting(builder, "f", config.EnableUserForgetPassword)
+	a.appendBooleanSetting(builder, "a", config.EnableInternalAuth)
+	a.appendBooleanSetting(builder, "o", config.EnableOAuth2Login)
+	a.appendBooleanSetting(builder, "r", config.EnableInternalAuth && config.EnableUserRegister)
+	a.appendBooleanSetting(builder, "f", config.EnableInternalAuth && config.EnableUserForgetPassword)
+	a.appendBooleanSetting(builder, "t", config.EnableAPIToken)
 	a.appendBooleanSetting(builder, "v", config.EnableUserVerifyEmail)
 	a.appendBooleanSetting(builder, "p", config.EnableTransactionPictures)
 	a.appendBooleanSetting(builder, "s", config.EnableScheduledTransaction)
 	a.appendBooleanSetting(builder, "e", config.EnableDataExport)
 	a.appendBooleanSetting(builder, "i", config.EnableDataImport)

+	a.appendStringSetting(builder, "op", config.OAuth2Provider)
+
+	if config.OAuth2Provider == settings.OAuth2ProviderOIDC && config.OAuth2OIDCCustomDisplayNameConfig.Enabled {
+		a.appendMultiLanguageTipSetting(builder, "ocn", config.OAuth2OIDCCustomDisplayNameConfig)
+	}
+
 	if config.EnableMCPServer {
 		a.appendBooleanSetting(builder, "mcp", config.EnableMCPServer)
 	}

+	if config.ReceiptImageRecognitionLLMConfig != nil && config.ReceiptImageRecognitionLLMConfig.LLMProvider != "" {
+		if config.TransactionFromAIImageRecognition {
+			a.appendBooleanSetting(builder, "llmt", config.TransactionFromAIImageRecognition)
+		}
+	}
+
 	if config.LoginPageTips.Enabled {
 		a.appendMultiLanguageTipSetting(builder, "lpt", config.LoginPageTips)
 	}
@@ -132,7 +147,7 @@ func (a *ServerSettingsApi) appendStringSetting(builder *strings.Builder, key st
 	builder.WriteString(";\n")
 }

-func (a *ServerSettingsApi) appendMultiLanguageTipSetting(builder *strings.Builder, key string, value settings.TipConfig) {
+func (a *ServerSettingsApi) appendMultiLanguageTipSetting(builder *strings.Builder, key string, value settings.MultiLanguageContentConfig) {
 	builder.WriteString(ezbookkeepingServerSettingsGlobalVariableFullName)
 	builder.WriteString("[")
 	a.appendEncodedString(builder, key)
@@ -3,7 +3,6 @@ package api
 import (
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
-	"github.com/mayswind/ezbookkeeping/pkg/settings"
 )

 // SystemsApi represents system api
@@ -18,11 +17,11 @@ var (
 func (a *SystemsApi) VersionHandler(c *core.WebContext) (any, *errs.Error) {
 	result := make(map[string]string)

-	result["version"] = settings.Version
-	result["commitHash"] = settings.CommitHash
+	result["version"] = core.Version
+	result["commitHash"] = core.CommitHash

-	if settings.BuildTime != "" {
-		result["buildTime"] = settings.BuildTime
+	if core.BuildTime != "" {
+		result["buildTime"] = core.BuildTime
 	}

 	return result, nil
@@ -69,8 +69,10 @@ func (a *TokensApi) TokenListHandler(c *core.WebContext) (any, *errs.Error) {
 			tokenResp.IsCurrent = true
 		}

-		if token.TokenType == core.USER_TOKEN_TYPE_MCP && token.UserAgent != services.TokenUserAgentCreatedViaCli {
-			tokenResp.UserAgent = services.TokenUserAgentForMCP
+		if token.TokenType == core.USER_TOKEN_TYPE_API && token.UserAgent != core.TokenUserAgentCreatedViaCli {
+			tokenResp.UserAgent = core.TokenUserAgentForAPI
+		} else if token.TokenType == core.USER_TOKEN_TYPE_MCP && token.UserAgent != core.TokenUserAgentCreatedViaCli {
+			tokenResp.UserAgent = core.TokenUserAgentForMCP
 		}

 		tokenResps[i] = tokenResp
@@ -81,6 +83,53 @@ func (a *TokensApi) TokenListHandler(c *core.WebContext) (any, *errs.Error) {
 	return tokenResps, nil
 }

+// TokenGenerateAPIHandler generates a new API token for current user
+func (a *TokensApi) TokenGenerateAPIHandler(c *core.WebContext) (any, *errs.Error) {
+	if !a.CurrentConfig().EnableAPIToken {
+		return nil, errs.ErrAPITokenNotEnabled
+	}
+
+	var generateAPITokenReq models.TokenGenerateAPIRequest
+	err := c.ShouldBindJSON(&generateAPITokenReq)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateAPIHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		log.Warnf(c, "[tokens.TokenGenerateAPIHandler] failed to get user \"uid:%d\" info, because %s", uid, err.Error())
+		return nil, errs.ErrUserNotFound
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_GENERATE_API_TOKEN) {
+		return false, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(generateAPITokenReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	token, claims, err := a.tokens.CreateAPIToken(c, user, generateAPITokenReq.ExpiredInSeconds)
+
+	if err != nil {
+		log.Errorf(c, "[tokens.TokenGenerateAPIHandler] failed to create api token for user \"uid:%d\", because %s", user.Uid, err.Error())
+		return nil, errs.Or(err, errs.ErrTokenGenerating)
+	}
+
+	log.Infof(c, "[tokens.TokenGenerateAPIHandler] user \"uid:%d\" has generated api token, new token will be expired at %d", user.Uid, claims.ExpiresAt)
+
+	generateAPITokenResp := &models.TokenGenerateAPIResponse{
+		Token:      token,
+		APIBaseUrl: a.CurrentConfig().RootUrl + "api",
+	}
+
+	return generateAPITokenResp, nil
+}
+
 // TokenGenerateMCPHandler generates a new MCP token for current user
 func (a *TokensApi) TokenGenerateMCPHandler(c *core.WebContext) (any, *errs.Error) {
 	if !a.CurrentConfig().EnableMCPServer {
@@ -111,7 +160,7 @@ func (a *TokensApi) TokenGenerateMCPHandler(c *core.WebContext) (any, *errs.Erro
 		return nil, errs.ErrUserPasswordWrong
 	}

-	token, claims, err := a.tokens.CreateMCPToken(c, user)
+	token, claims, err := a.tokens.CreateMCPToken(c, user, generateMCPTokenReq.ExpiredInSeconds)

 	if err != nil {
 		log.Errorf(c, "[tokens.TokenGenerateMCPHandler] failed to create mcp token for user \"uid:%d\", because %s", user.Uid, err.Error())
@@ -130,7 +179,13 @@ func (a *TokensApi) TokenGenerateMCPHandler(c *core.WebContext) (any, *errs.Erro

 // TokenRevokeCurrentHandler revokes current token of current user
 func (a *TokensApi) TokenRevokeCurrentHandler(c *core.WebContext) (any, *errs.Error) {
-	_, claims, err := a.tokens.ParseTokenByHeader(c)
+	tokenString := c.GetTokenStringFromHeader()
+
+	if tokenString == "" {
+		return false, errs.ErrTokenIsEmpty
+	}
+
+	_, claims, _, err := a.tokens.ParseToken(c, tokenString)

 	if err != nil {
 		return nil, errs.Or(err, errs.NewIncompleteOrIncorrectSubmissionError(err))
@@ -338,6 +393,7 @@ func (a *TokensApi) TokenRefreshHandler(c *core.WebContext) (any, *errs.Error) {

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

 	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, user.Uid)
 	var applicationCloudSettingSlice *models.ApplicationCloudSettingSlice = nil
@@ -214,6 +214,7 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.WebContext) (an
 		Uid:              uid,
 		ParentCategoryId: categoryModifyReq.ParentId,
 		Name:             categoryModifyReq.Name,
+		DisplayOrder:     category.DisplayOrder,
 		Icon:             categoryModifyReq.Icon,
 		Color:            categoryModifyReq.Color,
 		Comment:          categoryModifyReq.Comment,
@@ -259,6 +260,15 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.WebContext) (an
 		if toPrimaryCategory.ParentCategoryId != models.LevelOneTransactionCategoryParentId {
 			return nil, errs.Or(err, errs.ErrNotAllowUseSecondaryTransactionAsPrimaryCategory)
 		}
+
+		maxOrderId, err := a.categories.GetMaxSubCategoryDisplayOrder(c, uid, category.Type, newCategory.ParentCategoryId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_categories.CategoryModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		newCategory.DisplayOrder = maxOrderId + 1
 	}

 	err = a.categories.ModifyCategory(c, newCategory)
@@ -271,7 +281,6 @@ func (a *TransactionCategoriesApi) CategoryModifyHandler(c *core.WebContext) (an
 	log.Infof(c, "[transaction_categories.CategoryModifyHandler] user \"uid:%d\" has updated category \"id:%d\" successfully", uid, categoryModifyReq.Id)

 	newCategory.Type = category.Type
-	newCategory.DisplayOrder = category.DisplayOrder
 	categoryResp := newCategory.ToTransactionCategoryInfoResponse()

 	return categoryResp, nil
@@ -0,0 +1,210 @@
+package api
+
+import (
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// TransactionTagGroupsApi represents transaction tag group api
+type TransactionTagGroupsApi struct {
+	tagGroups *services.TransactionTagGroupService
+}
+
+// Initialize a transaction tag group api singleton instance
+var (
+	TransactionTagGroups = &TransactionTagGroupsApi{
+		tagGroups: services.TransactionTagGroups,
+	}
+)
+
+// TagGroupListHandler returns transaction tag group list of current user
+func (a *TransactionTagGroupsApi) TagGroupListHandler(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	tagGroups, err := a.tagGroups.GetAllTagGroupsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupListHandler] failed to get tag groups for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroupResps := make(models.TransactionTagGroupInfoResponseSlice, len(tagGroups))
+
+	for i := 0; i < len(tagGroups); i++ {
+		tagGroupResps[i] = tagGroups[i].ToTransactionTagGroupInfoResponse()
+	}
+
+	sort.Sort(tagGroupResps)
+
+	return tagGroupResps, nil
+}
+
+// TagGroupGetHandler returns one specific transaction tag group of current user
+func (a *TransactionTagGroupsApi) TagGroupGetHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupGetReq models.TransactionTagGroupGetRequest
+	err := c.ShouldBindQuery(&tagGroupGetReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupGetHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagGroupGetReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupGetHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupGetReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupCreateHandler saves a new transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupCreateHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupCreateReq models.TransactionTagGroupCreateRequest
+	err := c.ShouldBindJSON(&tagGroupCreateReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupCreateHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+
+	maxOrderId, err := a.tagGroups.GetMaxDisplayOrder(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	tagGroup := a.createNewTagGroupModel(uid, &tagGroupCreateReq, maxOrderId+1)
+
+	err = a.tagGroups.CreateTagGroup(c, tagGroup)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupCreateHandler] failed to create tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroup.TagGroupId, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupCreateHandler] user \"uid:%d\" has created a new tag group \"id:%d\" successfully", uid, tagGroup.TagGroupId)
+
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupModifyHandler saves an existed transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupModifyHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupModifyReq models.TransactionTagGroupModifyRequest
+	err := c.ShouldBindJSON(&tagGroupModifyReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupModifyHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagGroupModifyReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupModifyHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	newTagGroup := &models.TransactionTagGroup{
+		TagGroupId: tagGroup.TagGroupId,
+		Uid:        uid,
+		Name:       tagGroupModifyReq.Name,
+	}
+
+	if newTagGroup.Name == tagGroup.Name {
+		return nil, errs.ErrNothingWillBeUpdated
+	}
+
+	err = a.tagGroups.ModifyTagGroup(c, newTagGroup)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupModifyHandler] failed to update tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupModifyReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupModifyHandler] user \"uid:%d\" has updated tag group \"id:%d\" successfully", uid, tagGroupModifyReq.Id)
+
+	tagGroup.Name = newTagGroup.Name
+	tagGroupResp := tagGroup.ToTransactionTagGroupInfoResponse()
+
+	return tagGroupResp, nil
+}
+
+// TagGroupMoveHandler moves display order of existed transaction tag groups by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupMoveHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupMoveReq models.TransactionTagGroupMoveRequest
+	err := c.ShouldBindJSON(&tagGroupMoveReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupMoveHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	tagGroups := make([]*models.TransactionTagGroup, len(tagGroupMoveReq.NewDisplayOrders))
+
+	for i := 0; i < len(tagGroupMoveReq.NewDisplayOrders); i++ {
+		newDisplayOrder := tagGroupMoveReq.NewDisplayOrders[i]
+		tagGroup := &models.TransactionTagGroup{
+			Uid:          uid,
+			TagGroupId:   newDisplayOrder.Id,
+			DisplayOrder: newDisplayOrder.DisplayOrder,
+		}
+
+		tagGroups[i] = tagGroup
+	}
+
+	err = a.tagGroups.ModifyTagGroupDisplayOrders(c, uid, tagGroups)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupMoveHandler] failed to move tag groups for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupMoveHandler] user \"uid:%d\" has moved tag groups", uid)
+	return true, nil
+}
+
+// TagGroupDeleteHandler deletes an existed transaction tag group by request parameters for current user
+func (a *TransactionTagGroupsApi) TagGroupDeleteHandler(c *core.WebContext) (any, *errs.Error) {
+	var tagGroupDeleteReq models.TransactionTagGroupDeleteRequest
+	err := c.ShouldBindJSON(&tagGroupDeleteReq)
+
+	if err != nil {
+		log.Warnf(c, "[transaction_tag_groups.TagGroupDeleteHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	err = a.tagGroups.DeleteTagGroup(c, uid, tagGroupDeleteReq.Id)
+
+	if err != nil {
+		log.Errorf(c, "[transaction_tag_groups.TagGroupDeleteHandler] failed to delete tag group \"id:%d\" for user \"uid:%d\", because %s", tagGroupDeleteReq.Id, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	log.Infof(c, "[transaction_tag_groups.TagGroupDeleteHandler] user \"uid:%d\" has deleted tag group \"id:%d\"", uid, tagGroupDeleteReq.Id)
+	return true, nil
+}
+
+func (a *TransactionTagGroupsApi) createNewTagGroupModel(uid int64, tagGroupCreateReq *models.TransactionTagGroupCreateRequest, order int32) *models.TransactionTagGroup {
+	return &models.TransactionTagGroup{
+		Uid:          uid,
+		Name:         tagGroupCreateReq.Name,
+		DisplayOrder: order,
+	}
+}
@@ -12,13 +12,15 @@ import (

 // TransactionTagsApi represents transaction tag api
 type TransactionTagsApi struct {
-	tags *services.TransactionTagService
+	tags      *services.TransactionTagService
+	tagGroups *services.TransactionTagGroupService
 }

 // Initialize a transaction tag api singleton instance
 var (
 	TransactionTags = &TransactionTagsApi{
-		tags: services.TransactionTags,
+		tags:      services.TransactionTags,
+		tagGroups: services.TransactionTagGroups,
 	}
 )

@@ -78,7 +80,21 @@ func (a *TransactionTagsApi) TagCreateHandler(c *core.WebContext) (any, *errs.Er

 	uid := c.GetCurrentUid()

-	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid)
+	if tagCreateReq.GroupId > 0 {
+		tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagCreateReq.GroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagCreateHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagCreateReq.GroupId, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if tagGroup == nil {
+			log.Warnf(c, "[transaction_tags.TagCreateHandler] the tag group \"id:%d\" does not exist for user \"uid:%d\"", tagCreateReq.GroupId, uid)
+			return nil, errs.ErrTransactionTagGroupNotFound
+		}
+	}
+
+	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, tagCreateReq.GroupId)

 	if err != nil {
 		log.Errorf(c, "[transaction_tags.TagCreateHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
@@ -111,9 +127,30 @@ func (a *TransactionTagsApi) TagCreateBatchHandler(c *core.WebContext) (any, *er
 		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
 	}

+	for i := 0; i < len(tagCreateBatchReq.Tags); i++ {
+		if tagCreateBatchReq.Tags[i].GroupId != tagCreateBatchReq.GroupId {
+			log.Warnf(c, "[transaction_tags.TagCreateBatchHandler] the group id \"%d\" of tag#%d is inconsistent with the batch group id \"%d\"", tagCreateBatchReq.Tags[i].GroupId, i, tagCreateBatchReq.GroupId)
+			return nil, errs.ErrTransactionTagGroupIdInvalid
+		}
+	}
+
 	uid := c.GetCurrentUid()

-	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid)
+	if tagCreateBatchReq.GroupId > 0 {
+		tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagCreateBatchReq.GroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagCreateBatchHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagCreateBatchReq.GroupId, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if tagGroup == nil {
+			log.Warnf(c, "[transaction_tags.TagCreateBatchHandler] the tag group \"id:%d\" does not exist for user \"uid:%d\"", tagCreateBatchReq.GroupId, uid)
+			return nil, errs.ErrTransactionTagGroupNotFound
+		}
+	}
+
+	maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, tagCreateBatchReq.GroupId)

 	if err != nil {
 		log.Errorf(c, "[transaction_tags.TagCreateBatchHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
@@ -160,17 +197,46 @@ func (a *TransactionTagsApi) TagModifyHandler(c *core.WebContext) (any, *errs.Er
 		return nil, errs.Or(err, errs.ErrOperationFailed)
 	}

-	newTag := &models.TransactionTag{
-		TagId: tag.TagId,
-		Uid:   uid,
-		Name:  tagModifyReq.Name,
+	if tagModifyReq.GroupId != tag.TagGroupId && tagModifyReq.GroupId > 0 {
+		tagGroup, err := a.tagGroups.GetTagGroupByTagGroupId(c, uid, tagModifyReq.GroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to get tag group \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.GroupId, uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		if tagGroup == nil {
+			log.Warnf(c, "[transaction_tags.TagModifyHandler] the tag group \"id:%d\" does not exist for user \"uid:%d\"", tagModifyReq.GroupId, uid)
+			return nil, errs.ErrTransactionTagGroupNotFound
+		}
 	}

-	if newTag.Name == tag.Name {
+	newTag := &models.TransactionTag{
+		TagId:        tag.TagId,
+		Uid:          uid,
+		Name:         tagModifyReq.Name,
+		TagGroupId:   tagModifyReq.GroupId,
+		DisplayOrder: tag.DisplayOrder,
+	}
+
+	tagNameChanged := newTag.Name != tag.Name
+
+	if !tagNameChanged && newTag.TagGroupId == tag.TagGroupId {
 		return nil, errs.ErrNothingWillBeUpdated
 	}

-	err = a.tags.ModifyTag(c, newTag)
+	if newTag.TagGroupId != tag.TagGroupId {
+		maxOrderId, err := a.tags.GetMaxDisplayOrder(c, uid, newTag.TagGroupId)
+
+		if err != nil {
+			log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to get max display order for user \"uid:%d\", because %s", uid, err.Error())
+			return nil, errs.Or(err, errs.ErrOperationFailed)
+		}
+
+		newTag.DisplayOrder = maxOrderId + 1
+	}
+
+	err = a.tags.ModifyTag(c, newTag, tagNameChanged)

 	if err != nil {
 		log.Errorf(c, "[transaction_tags.TagModifyHandler] failed to update tag \"id:%d\" for user \"uid:%d\", because %s", tagModifyReq.Id, uid, err.Error())
@@ -180,6 +246,8 @@ func (a *TransactionTagsApi) TagModifyHandler(c *core.WebContext) (any, *errs.Er
 	log.Infof(c, "[transaction_tags.TagModifyHandler] user \"uid:%d\" has updated tag \"id:%d\" successfully", uid, tagModifyReq.Id)

 	tag.Name = newTag.Name
+	tag.TagGroupId = newTag.TagGroupId
+	tag.DisplayOrder = newTag.DisplayOrder
 	tagResp := tag.ToTransactionTagInfoResponse()

 	return tagResp, nil
@@ -268,6 +336,7 @@ func (a *TransactionTagsApi) createNewTagModel(uid int64, tagCreateReq *models.T
 	return &models.TransactionTag{
 		Uid:          uid,
 		Name:         tagCreateReq.Name,
+		TagGroupId:   tagCreateReq.GroupId,
 		DisplayOrder: order,
 	}
 }
@@ -278,6 +347,7 @@ func (a *TransactionTagsApi) createNewTagModels(uid int64, tagCreateBatchReq *mo
 	for i := 0; i < len(tagCreateBatchReq.Tags); i++ {
 		tagCreateReq := tagCreateBatchReq.Tags[i]
 		tag := a.createNewTagModel(uid, tagCreateReq, order+int32(i))
+		tag.TagGroupId = tagCreateBatchReq.GroupId
 		tags[i] = tag
 	}

@@ -85,7 +85,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableRequestHandler(c *core.WebCo
 		return nil, errs.ErrNotPermittedToPerformThisAction
 	}

-	key, err := a.twoFactorAuthorizations.GenerateTwoFactorSecret(c, user)
+	key, err := a.twoFactorAuthorizations.GenerateTwoFactorSecret(c, user, c.GetClientLocale())

 	if err != nil {
 		log.Errorf(c, "[twofactor_authorizations.TwoFactorEnableRequestHandler] failed to generate two-factor secret, because %s", err.Error())
@@ -205,6 +205,7 @@ func (a *TwoFactorAuthorizationsApi) TwoFactorEnableConfirmHandler(c *core.WebCo

 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

 	log.Infof(c, "[twofactor_authorizations.TwoFactorEnableConfirmHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

@@ -2,6 +2,7 @@ package api

 import (
 	"encoding/json"
+	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
@@ -74,115 +75,129 @@ func (a *UserApplicationCloudSettingsApi) ApplicationSettingsUpdateHandler(c *co
 		return false, errs.ErrNotPermittedToPerformThisAction
 	}

-	userApplicationCloudSettings, err := a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, uid)
+	var userApplicationCloudSettings *models.UserApplicationCloudSetting

-	if err != nil {
-		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to get latest user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
-		return false, errs.Or(err, errs.ErrOperationFailed)
-	}
+	// Retry up to 3 times
+	for i := 0; i < 3; i++ {
+		userApplicationCloudSettings, err = a.userAppCloudSettings.GetUserApplicationCloudSettingsByUid(c, uid)

-	oldApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
-
-	if userApplicationCloudSettings != nil {
-		for _, setting := range userApplicationCloudSettings.Settings {
-			oldApplicationCloudSettingsMap[setting.SettingKey] = setting
+		if err != nil {
+			log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to get latest user application cloud settings for user \"uid:%d\" (try count %d), because %s", uid, i+1, err.Error())
+			return false, errs.Or(err, errs.ErrOperationFailed)
 		}
-	}

-	// Check if the full update settings are the same as the existing settings
-	if userAppCloudSettingUpdateReq.FullUpdate {
-		if len(userAppCloudSettingUpdateReq.Settings) == len(oldApplicationCloudSettingsMap) {
-			needUpdate := false
+		oldApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
+		lastUpdateTime := int64(0)
+
+		if userApplicationCloudSettings != nil {
+			for _, setting := range userApplicationCloudSettings.Settings {
+				oldApplicationCloudSettingsMap[setting.SettingKey] = setting
+			}
+
+			lastUpdateTime = userApplicationCloudSettings.UpdatedUnixTime
+		}
+
+		// Check if the full update settings are the same as the existing settings
+		if userAppCloudSettingUpdateReq.FullUpdate {
+			if len(userAppCloudSettingUpdateReq.Settings) == len(oldApplicationCloudSettingsMap) {
+				needUpdate := false
+
+				for _, setting := range userAppCloudSettingUpdateReq.Settings {
+					oldSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]
+
+					if !exists || oldSetting.SettingValue != setting.SettingValue {
+						needUpdate = true
+						break
+					}
+				}
+
+				if !needUpdate {
+					return false, errs.ErrNothingWillBeUpdated
+				}
+			}
+		} else { // Check if the partial update settings are the same as the existing settings or the settings to update are not set to sync
+			needUpdate := true

 			for _, setting := range userAppCloudSettingUpdateReq.Settings {
-				oldSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]
+				cloudSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]

-				if !exists || oldSetting.SettingValue != setting.SettingValue {
-					needUpdate = true
-					break
+				if !exists {
+					needUpdate = false
+					log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not set to sync (try count %d)", setting.SettingKey, i+1)
+				} else if cloudSetting.SettingValue == setting.SettingValue {
+					needUpdate = false
+					log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" value \"%s\" is not changed, no need to update (try count %d)", setting.SettingKey, setting.SettingValue, i+1)
 				}
 			}

 			if !needUpdate {
-				return false, errs.ErrNothingWillBeUpdated
+				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] no user application cloud settings need to update for user \"uid:%d\" (try count %d)", uid, i+1)
+				return true, nil
+			}
+		}
+
+		newApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
+		var newApplicationCloudSettingSlice models.ApplicationCloudSettingSlice
+
+		if userAppCloudSettingUpdateReq.FullUpdate {
+			log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings force update, will overwrite all existing settings (try count %d)", uid, i+1)
+		} else {
+			if len(oldApplicationCloudSettingsMap) > 0 {
+				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings exists, try to merge it with request settings (try count %d)", uid, i+1)
+				newApplicationCloudSettingsMap = oldApplicationCloudSettingsMap
 			}
 		}
-	} else { // Check if the partial update settings are the same as the existing settings or the settings to update are not set to sync
-		needUpdate := true

 		for _, setting := range userAppCloudSettingUpdateReq.Settings {
-			cloudSetting, exists := oldApplicationCloudSettingsMap[setting.SettingKey]
+			newApplicationCloudSettingsMap[setting.SettingKey] = setting
+		}
+
+		for settingKey, setting := range newApplicationCloudSettingsMap {
+			settingType, exists := models.ALL_ALLOWED_CLOUD_SYNC_APP_SETTING_KEY_TYPES[settingKey]

 			if !exists {
-				needUpdate = false
-				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not set to sync", setting.SettingKey)
-			} else if cloudSetting.SettingValue == setting.SettingValue {
-				needUpdate = false
-				log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" value \"%s\" is not changed, no need to update", setting.SettingKey, setting.SettingValue)
-			}
-		}
-
-		if !needUpdate {
-			log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] no user application cloud settings need to update for user \"uid:%d\"", uid)
-			return false, nil
-		}
-	}
-
-	newApplicationCloudSettingsMap := make(map[string]models.ApplicationCloudSetting)
-	var newApplicationCloudSettingSlice models.ApplicationCloudSettingSlice
-
-	if userAppCloudSettingUpdateReq.FullUpdate {
-		log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings force update, will overwrite all existing settings", uid)
-	} else {
-		if len(oldApplicationCloudSettingsMap) > 0 {
-			log.Infof(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user \"uid:%d\" application cloud settings exists, try to merge it with request settings", uid)
-			newApplicationCloudSettingsMap = oldApplicationCloudSettingsMap
-		}
-	}
-
-	for _, setting := range userAppCloudSettingUpdateReq.Settings {
-		newApplicationCloudSettingsMap[setting.SettingKey] = setting
-	}
-
-	for settingKey, setting := range newApplicationCloudSettingsMap {
-		settingType, exists := models.ALL_ALLOWED_CLOUD_SYNC_APP_SETTING_KEY_TYPES[settingKey]
-
-		if !exists {
-			log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not supported to sync", settingKey)
-			continue
-		}
-
-		if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING {
-			// Do Nothing
-		} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_NUMBER {
-			_, err := utils.StringToFloat64(setting.SettingValue)
-
-			if err != nil {
-				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid number value \"%s\"", settingKey, setting.SettingValue)
+				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" is not supported to sync (try count %d)", settingKey, i+1)
 				continue
 			}
-		} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_BOOLEAN {
-			if setting.SettingValue != "true" && setting.SettingValue != "false" {
-				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid boolean value \"%s\"", settingKey, setting.SettingValue)
-				continue
-			}
-		} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING_BOOLEAN_MAP {
-			var settingValueMap map[string]bool
-			err := json.Unmarshal([]byte(setting.SettingValue), &settingValueMap)

-			if err != nil {
-				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid map value \"%s\", because %s", settingKey, setting.SettingValue, err.Error())
+			if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING {
+				// Do Nothing
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_NUMBER {
+				_, err := utils.StringToFloat64(setting.SettingValue)
+
+				if err != nil {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid number value \"%s\" (try count %d)", settingKey, setting.SettingValue, i+1)
+					continue
+				}
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_BOOLEAN {
+				if setting.SettingValue != "true" && setting.SettingValue != "false" {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid boolean value \"%s\" (try count %d)", settingKey, setting.SettingValue, i+1)
+					continue
+				}
+			} else if settingType == models.USER_APPLICATION_CLOUD_SETTING_TYPE_STRING_BOOLEAN_MAP {
+				var settingValueMap map[string]bool
+				err := json.Unmarshal([]byte(setting.SettingValue), &settingValueMap)
+
+				if err != nil {
+					log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has invalid map value \"%s\" (try count %d), because %s", settingKey, setting.SettingValue, i+1, err.Error())
+					continue
+				}
+			} else {
+				log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has unknown type \"%s\" (try count %d)", settingKey, settingType, i+1)
 				continue
 			}
-		} else {
-			log.Warnf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] user application cloud setting key \"%s\" has unknown type \"%s\"", settingKey, settingType)
-			continue
+
+			newApplicationCloudSettingSlice = append(newApplicationCloudSettingSlice, setting)
 		}

-		newApplicationCloudSettingSlice = append(newApplicationCloudSettingSlice, setting)
-	}
+		err = a.userAppCloudSettings.UpdateUserApplicationCloudSettings(c, uid, newApplicationCloudSettingSlice, userAppCloudSettingUpdateReq.FullUpdate, lastUpdateTime)

-	err = a.userAppCloudSettings.UpdateUserApplicationCloudSettings(c, uid, newApplicationCloudSettingSlice)
+		if err == nil {
+			break
+		}
+
+		time.Sleep(100 * time.Millisecond) // Wait for 100 milliseconds before retrying
+	}

 	if err != nil {
 		log.Errorf(c, "[user_app_cloud_settings.ApplicationSettingsUpdateHandler] failed to update user application cloud settings for user \"uid:%d\", because %s", uid, err.Error())
@@ -0,0 +1,108 @@
+package api
+
+import (
+	"sort"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/models"
+	"github.com/mayswind/ezbookkeeping/pkg/services"
+)
+
+// UserExternalAuthsApi represents user external auth api
+type UserExternalAuthsApi struct {
+	users             *services.UserService
+	userExternalAuths *services.UserExternalAuthService
+}
+
+// Initialize a user external auth api singleton instance
+var (
+	UserExternalAuths = &UserExternalAuthsApi{
+		users:             services.Users,
+		userExternalAuths: services.UserExternalAuths,
+	}
+)
+
+// ExternalAuthListHanlder returns external authentications list of current user
+func (a *UserExternalAuthsApi) ExternalAuthListHanlder(c *core.WebContext) (any, *errs.Error) {
+	uid := c.GetCurrentUid()
+	userExternalAuths, err := a.userExternalAuths.GetUserAllExternalAuthsByUid(c, uid)
+
+	if err != nil {
+		log.Errorf(c, "[user_external_auths.ExternalAuthListHanlder] failed to get all external authentications for user \"uid:%d\", because %s", uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	userExternalAuthResps := make(models.UserExternalAuthInfoResponsesSlice, 0, len(userExternalAuths)+1)
+	currentExternalAuthType := oauth2.GetExternalUserAuthType()
+	hasCurrentExternalAuth := false
+
+	for i := 0; i < len(userExternalAuths); i++ {
+		userExternalAuth := userExternalAuths[i]
+
+		if userExternalAuth.ExternalAuthType == currentExternalAuthType {
+			hasCurrentExternalAuth = true
+		}
+
+		userExternalAuthResps = append(userExternalAuthResps, userExternalAuth.ToUserExternalAuthInfoResponse())
+	}
+
+	if !hasCurrentExternalAuth {
+		userExternalAuthResps = append(userExternalAuthResps, &models.UserExternalAuthInfoResponse{
+			ExternalAuthCategory: currentExternalAuthType.GetCategory(),
+			ExternalAuthType:     currentExternalAuthType,
+			Linked:               false,
+		})
+	}
+
+	sort.Sort(userExternalAuthResps)
+
+	return userExternalAuthResps, nil
+}
+
+// UnlinkExternalAuthHandler unlinks external authentication for current user
+func (a *UserExternalAuthsApi) UnlinkExternalAuthHandler(c *core.WebContext) (any, *errs.Error) {
+	var externalAuthLinkReq models.UserExternalAuthUnlinkRequest
+	err := c.ShouldBindJSON(&externalAuthLinkReq)
+
+	if err != nil {
+		log.Warnf(c, "[user_external_auths.UnlinkExternalAuthHandler] parse request failed, because %s", err.Error())
+		return nil, errs.NewIncompleteOrIncorrectSubmissionError(err)
+	}
+
+	uid := c.GetCurrentUid()
+	user, err := a.users.GetUserById(c, uid)
+
+	if err != nil {
+		if !errs.IsCustomError(err) {
+			log.Warnf(c, "[user_external_auths.UnlinkExternalAuthHandler] failed to get user for user \"uid:%d\", because %s", uid, err.Error())
+		}
+
+		return nil, errs.ErrUserNotFound
+	}
+
+	if !a.users.IsPasswordEqualsUserPassword(externalAuthLinkReq.Password, user) {
+		return nil, errs.ErrUserPasswordWrong
+	}
+
+	if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_UNLINK_THIRD_PARTY_LOGIN) {
+		return nil, errs.ErrNotPermittedToPerformThisAction
+	}
+
+	externalAuthType := core.UserExternalAuthType(externalAuthLinkReq.ExternalAuthType)
+
+	if !externalAuthType.IsValid() {
+		return nil, errs.ErrUserExternalAuthNotFound
+	}
+
+	err = a.userExternalAuths.DeleteUserExternalAuth(c, uid, externalAuthType)
+
+	if err != nil {
+		log.Errorf(c, "[user_external_auths.UnlinkExternalAuthHandler] failed to unlink external authentication \"%s\" for user \"uid:%d\", because %s", externalAuthLinkReq.ExternalAuthType, uid, err.Error())
+		return nil, errs.Or(err, errs.ErrOperationFailed)
+	}
+
+	return true, nil
+}
@@ -83,7 +83,7 @@ func (a *UsersApi) UserRegisterHandler(c *core.WebContext) (any, *errs.Error) {
 		FeatureRestriction:   a.CurrentConfig().DefaultFeatureRestrictions,
 	}

-	err = a.users.CreateUser(c, user)
+	err = a.users.CreateUser(c, user, false)

 	if err != nil {
 		log.Errorf(c, "[users.UserRegisterHandler] failed to create user \"%s\", because %s", user.Username, err.Error())
@@ -142,8 +142,9 @@ func (a *UsersApi) UserRegisterHandler(c *core.WebContext) (any, *errs.Error) {
 	authResp.Token = token
 	c.SetTextualToken(token)
 	c.SetTokenClaims(claims)
+	c.SetTokenContext("")

-	log.Infof(c, "[users.UserRegisterHandler] user \"uid:%d\" has logined, token will be expired at %d", user.Uid, claims.ExpiresAt)
+	log.Infof(c, "[users.UserRegisterHandler] user \"uid:%d\" has logged in, token will be expired at %d", user.Uid, claims.ExpiresAt)

 	return authResp, nil
 }
@@ -205,6 +206,7 @@ func (a *UsersApi) UserEmailVerifyHandler(c *core.WebContext) (any, *errs.Error)

 		c.SetTextualToken(token)
 		c.SetTokenClaims(claims)
+		c.SetTokenContext("")

 		log.Infof(c, "[users.UserEmailVerifyHandler] user \"uid:%d\" token created, new token will be expired at %d", user.Uid, claims.ExpiresAt)
 	}
@@ -275,7 +277,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.WebContext) (any, *errs.Erro
 			return nil, errs.ErrNotPermittedToPerformThisAction
 		}

-		if !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
+		if user.Password != "" && !a.users.IsPasswordEqualsUserPassword(userUpdateReq.OldPassword, user) {
 			return nil, errs.ErrUserPasswordWrong
 		}

@@ -359,6 +361,24 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.WebContext) (any, *errs.Erro
 		userNew.FiscalYearStart = core.FISCAL_YEAR_START_INVALID
 	}

+	if userUpdateReq.CalendarDisplayType != nil && *userUpdateReq.CalendarDisplayType != user.CalendarDisplayType {
+		user.CalendarDisplayType = *userUpdateReq.CalendarDisplayType
+		userNew.CalendarDisplayType = *userUpdateReq.CalendarDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.CalendarDisplayType = core.CALENDAR_DISPLAY_TYPE_INVALID
+	}
+
+	if userUpdateReq.DateDisplayType != nil && *userUpdateReq.DateDisplayType != user.DateDisplayType {
+		user.DateDisplayType = *userUpdateReq.DateDisplayType
+		userNew.DateDisplayType = *userUpdateReq.DateDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.DateDisplayType = core.DATE_DISPLAY_TYPE_INVALID
+	}
+
 	if userUpdateReq.LongDateFormat != nil && *userUpdateReq.LongDateFormat != user.LongDateFormat {
 		user.LongDateFormat = *userUpdateReq.LongDateFormat
 		userNew.LongDateFormat = *userUpdateReq.LongDateFormat
@@ -404,6 +424,24 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.WebContext) (any, *errs.Erro
 		userNew.FiscalYearFormat = core.FISCAL_YEAR_FORMAT_INVALID
 	}

+	if userUpdateReq.CurrencyDisplayType != nil && *userUpdateReq.CurrencyDisplayType != user.CurrencyDisplayType {
+		user.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
+		userNew.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.CurrencyDisplayType = core.CURRENCY_DISPLAY_TYPE_INVALID
+	}
+
+	if userUpdateReq.NumeralSystem != nil && *userUpdateReq.NumeralSystem != user.NumeralSystem {
+		user.NumeralSystem = *userUpdateReq.NumeralSystem
+		userNew.NumeralSystem = *userUpdateReq.NumeralSystem
+		modifyProfileBasicInfo = true
+		anythingUpdate = true
+	} else {
+		userNew.NumeralSystem = core.NUMERAL_SYSTEM_INVALID
+	}
+
 	if userUpdateReq.DecimalSeparator != nil && *userUpdateReq.DecimalSeparator != user.DecimalSeparator {
 		user.DecimalSeparator = *userUpdateReq.DecimalSeparator
 		userNew.DecimalSeparator = *userUpdateReq.DecimalSeparator
@@ -431,15 +469,6 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.WebContext) (any, *errs.Erro
 		userNew.DigitGrouping = core.DIGIT_GROUPING_TYPE_INVALID
 	}

-	if userUpdateReq.CurrencyDisplayType != nil && *userUpdateReq.CurrencyDisplayType != user.CurrencyDisplayType {
-		user.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
-		userNew.CurrencyDisplayType = *userUpdateReq.CurrencyDisplayType
-		modifyProfileBasicInfo = true
-		anythingUpdate = true
-	} else {
-		userNew.CurrencyDisplayType = core.CURRENCY_DISPLAY_TYPE_INVALID
-	}
-
 	if userUpdateReq.CoordinateDisplayType != nil && *userUpdateReq.CoordinateDisplayType != user.CoordinateDisplayType {
 		user.CoordinateDisplayType = *userUpdateReq.CoordinateDisplayType
 		userNew.CoordinateDisplayType = *userUpdateReq.CoordinateDisplayType
@@ -561,6 +590,7 @@ func (a *UsersApi) UserUpdateProfileHandler(c *core.WebContext) (any, *errs.Erro
 		resp.NewToken = token
 		c.SetTextualToken(token)
 		c.SetTokenClaims(claims)
+		c.SetTokenContext("")

 		log.Infof(c, "[users.UserUpdateProfileHandler] user \"uid:%d\" token refreshed, new token will be expired at %d", user.Uid, claims.ExpiresAt)

@@ -0,0 +1,13 @@
+package data
+
+import "github.com/mayswind/ezbookkeeping/pkg/core"
+
+// OAuth2UserInfo represents the user info retrieved from OAuth 2.0 provider
+type OAuth2UserInfo struct {
+	UserName       string
+	Email          string
+	NickName       string
+	LanguageCode   string
+	CurrencyCode   string
+	FirstDayOfWeek core.WeekDay
+}
@@ -0,0 +1,122 @@
+package oauth2
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/gitea"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/github"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/nextcloud"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/oidc"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// OAuth2Container contains the current OAuth 2.0 authentication provider
+type OAuth2Container struct {
+	current              provider.OAuth2Provider
+	usePKCE              bool
+	oauth2HttpClient     *http.Client
+	externalUserAuthType core.UserExternalAuthType
+}
+
+// Initialize a OAuth 2.0 container singleton instance
+var (
+	Container = &OAuth2Container{}
+)
+
+// InitializeOAuth2Provider initializes the current OAuth 2.0 provider according to the config
+func InitializeOAuth2Provider(config *settings.Config) error {
+	if !config.EnableOAuth2Login {
+		return nil
+	}
+
+	if config.OAuth2ClientID == "" || config.OAuth2ClientSecret == "" || config.OAuth2UserIdentifier == "" || config.OAuth2Provider == "" {
+		return errs.ErrInvalidOAuth2Config
+	}
+
+	var err error
+	var oauth2Provider provider.OAuth2Provider
+	var externalUserAuthType core.UserExternalAuthType
+	redirectUrl := config.RootUrl + "oauth2/callback"
+
+	if config.OAuth2Provider == settings.OAuth2ProviderOIDC {
+		oauth2Provider, err = oidc.NewOIDCProvider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_OIDC
+	} else if config.OAuth2Provider == settings.OAuth2ProviderNextcloud {
+		oauth2Provider, err = nextcloud.NewNextcloudOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_NEXTCLOUD
+	} else if config.OAuth2Provider == settings.OAuth2ProviderGitea {
+		oauth2Provider, err = gitea.NewGiteaOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITEA
+	} else if config.OAuth2Provider == settings.OAuth2ProviderGithub {
+		oauth2Provider, err = github.NewGithubOAuth2Provider(config, redirectUrl)
+		externalUserAuthType = core.USER_EXTERNAL_AUTH_TYPE_OAUTH2_GITHUB
+	} else {
+		return errs.ErrInvalidOAuth2Provider
+	}
+
+	if err != nil {
+		return err
+	}
+
+	Container.current = oauth2Provider
+	Container.usePKCE = config.OAuth2UsePKCE
+	Container.oauth2HttpClient = httpclient.NewHttpClient(config.OAuth2RequestTimeout, config.OAuth2Proxy, config.OAuth2SkipTLSVerify, core.GetOutgoingUserAgent(), config.EnableDebugLog)
+	Container.externalUserAuthType = externalUserAuthType
+
+	return nil
+}
+
+// GetOAuth2AuthUrl returns the OAuth 2.0 authentication url
+func GetOAuth2AuthUrl(c core.Context, state string, verifier string) (string, error) {
+	if Container.current == nil {
+		return "", errs.ErrOAuth2NotEnabled
+	}
+
+	var opts []oauth2.AuthCodeOption
+
+	if Container.usePKCE {
+		opts = append(opts, oauth2.S256ChallengeOption(verifier))
+	}
+
+	return Container.current.GetOAuth2AuthUrl(wrapOAuth2Context(c, Container.oauth2HttpClient), state, opts...)
+}
+
+// GetOAuth2Token exchanges the authorization code for an OAuth 2.0 token
+func GetOAuth2Token(c core.Context, code string, verifier string) (*oauth2.Token, error) {
+	if Container.current == nil || Container.oauth2HttpClient == nil {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	var opts []oauth2.AuthCodeOption
+
+	if Container.usePKCE {
+		opts = append(opts, oauth2.VerifierOption(verifier))
+	}
+
+	return Container.current.GetOAuth2Token(wrapOAuth2Context(c, Container.oauth2HttpClient), code, opts...)
+}
+
+// GetOAuth2UserInfo retrieves the OAuth 2.0 user info using the provided OAuth 2.0 token
+func GetOAuth2UserInfo(c core.Context, token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	if Container.current == nil || Container.oauth2HttpClient == nil {
+		return nil, errs.ErrOAuth2NotEnabled
+	}
+
+	if token == nil {
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	return Container.current.GetUserInfo(wrapOAuth2Context(c, Container.oauth2HttpClient), token)
+}
+
+// GetExternalUserAuthType returns the external user auth type of the current OAuth 2.0 provider
+func GetExternalUserAuthType() core.UserExternalAuthType {
+	return Container.externalUserAuthType
+}
@@ -0,0 +1,31 @@
+package oauth2
+
+import (
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+// OAuth2Context represents the context for OAuth 2.0 operations
+type OAuth2Context struct {
+	core.Context
+	httpClient *http.Client
+}
+
+// Value returns the value associated with key
+func (c *OAuth2Context) Value(key any) any {
+	if key == oauth2.HTTPClient {
+		return c.httpClient
+	}
+
+	return c.Context.Value(key)
+}
+
+func wrapOAuth2Context(ctx core.Context, httpClient *http.Client) core.Context {
+	return &OAuth2Context{
+		Context:    ctx,
+		httpClient: httpClient,
+	}
+}
@@ -0,0 +1,108 @@
+package common
+
+import (
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// CommonOAuth2Provider represents common OAuth 2.0 provider
+type CommonOAuth2Provider struct {
+	provider.OAuth2Provider
+	oauth2Config *oauth2.Config
+	dataSource   CommonOAuth2DataSource
+}
+
+// CommonOAuth2DataSource defines the structure of OAuth 2.0 data source
+type CommonOAuth2DataSource interface {
+	// GetAuthUrl returns the authentication url of the data source
+	GetAuthUrl() string
+
+	// GetTokenUrl returns the token url of the data source
+	GetTokenUrl() string
+
+	// GetUserInfoRequest returns the user info request of the data source
+	GetUserInfoRequest() (*http.Request, error)
+
+	// GetScopes returns the scopes required by the data source
+	GetScopes() []string
+
+	// ParseUserInfo returns the user info by parsing the response body
+	ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error)
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	return p.oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	return p.oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	req, err := p.dataSource.GetUserInfoRequest()
+
+	if err != nil {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	oauth2Client := oauth2.NewClient(c, oauth2.StaticTokenSource(oauth2Token))
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[common_oauth2_provider.GetUserInfo] response is %s", data)
+	}))
+
+	resp, err := oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[common_oauth2_provider.GetUserInfo] failed to get user info response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	return p.dataSource.ParseUserInfo(c, body)
+}
+
+// GetDataSource returns the data source of the common OAuth 2.0 provider
+func (p *CommonOAuth2Provider) GetDataSource() CommonOAuth2DataSource {
+	return p.dataSource
+}
+
+// NewCommonOAuth2Provider returns a new common OAuth 2.0 provider
+func NewCommonOAuth2Provider(config *settings.Config, redirectUrl string, dataSource CommonOAuth2DataSource) *CommonOAuth2Provider {
+	oauth2Config := &oauth2.Config{
+		ClientID:     config.OAuth2ClientID,
+		ClientSecret: config.OAuth2ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  dataSource.GetAuthUrl(),
+			TokenURL: dataSource.GetTokenUrl(),
+		},
+		RedirectURL: redirectUrl,
+		Scopes:      dataSource.GetScopes(),
+	}
+
+	return &CommonOAuth2Provider{
+		oauth2Config: oauth2Config,
+		dataSource:   dataSource,
+	}
+}
@@ -0,0 +1,95 @@
+package gitea
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+type giteaUserInfoResponse struct {
+	Login    string `json:"login"`
+	FullName string `json:"full_name"`
+	Email    string `json:"email"`
+}
+
+// GiteaOAuth2DataSource represents Gitea OAuth 2.0 data source
+type GiteaOAuth2DataSource struct {
+	common.CommonOAuth2DataSource
+	baseUrl string
+}
+
+// GetAuthUrl returns the authentication url of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetAuthUrl() string {
+	// Reference: https://docs.gitea.com/development/oauth2-provider
+	return s.baseUrl + "login/oauth/authorize"
+}
+
+// GetTokenUrl returns the token url of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetTokenUrl() string {
+	// Reference: https://docs.gitea.com/development/oauth2-provider
+	return s.baseUrl + "login/oauth/access_token"
+}
+
+// GetUserInfoRequest returns the user info request of the Gitea data source
+func (s *GiteaOAuth2DataSource) GetUserInfoRequest() (*http.Request, error) {
+	// Reference: https://gitea.com/api/swagger#/user/userGetCurrent
+	req, err := http.NewRequest("GET", s.baseUrl+"api/v1/user", nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	return req, nil
+}
+
+// GetScopes returns the scopes required by the Gitea provider
+func (s *GiteaOAuth2DataSource) GetScopes() []string {
+	return []string{"read:user"}
+}
+
+// ParseUserInfo returns the user info by parsing the response body
+func (s *GiteaOAuth2DataSource) ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error) {
+	userInfoResp := &giteaUserInfoResponse{}
+	err := json.Unmarshal(body, &userInfoResp)
+
+	if err != nil {
+		log.Warnf(c, "[gitea_oauth2_datasource.ParseUserInfo] failed to parse user profile response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.Login == "" {
+		log.Warnf(c, "[gitea_oauth2_datasource.ParseUserInfo] invalid user profile response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userInfoResp.Login,
+		Email:    userInfoResp.Email,
+		NickName: userInfoResp.FullName,
+	}, nil
+}
+
+// NewGiteaOAuth2Provider creates a new Gitea OAuth 2.0 provider instance
+func NewGiteaOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	if len(config.OAuth2GiteaBaseUrl) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	baseUrl := config.OAuth2GiteaBaseUrl
+
+	if baseUrl[len(baseUrl)-1] != '/' {
+		baseUrl += "/"
+	}
+
+	return common.NewCommonOAuth2Provider(config, redirectUrl, &GiteaOAuth2DataSource{
+		baseUrl: baseUrl,
+	}), nil
+}
@@ -0,0 +1,71 @@
+package gitea
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestNewGiteaOAuth2Provider(t *testing.T) {
+	provider, err := NewGiteaOAuth2Provider(&settings.Config{
+		OAuth2GiteaBaseUrl: "https://example.com/",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/login/oauth/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/login/oauth/access_token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewGiteaOAuth2Provider(&settings.Config{
+		OAuth2GiteaBaseUrl: "https://example.com",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/login/oauth/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/login/oauth/access_token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewGiteaOAuth2Provider(&settings.Config{}, "")
+	assert.Equal(t, errs.ErrInvalidOAuth2Config, err)
+}
+
+func TestGiteaOAuth2Datasource_GetUserInfoRequest(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{baseUrl: "https://example.com/"}
+	req, err := datasource.GetUserInfoRequest()
+
+	assert.Nil(t, err)
+	assert.Equal(t, "GET", req.Method)
+	assert.Equal(t, "https://example.com/api/v1/user", req.URL.String())
+	assert.Equal(t, "application/json", req.Header.Get("Accept"))
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_Success(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	responseContent := `{
+		"login": "user1",
+		"full_name": "User",
+		"email": "user1@example.com"
+	}`
+	info, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "user1", info.UserName)
+	assert.Equal(t, "user1@example.com", info.Email)
+	assert.Equal(t, "User", info.NickName)
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_InvalidJson(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte("invalid"))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestGiteaOAuth2Datasource_ParseUserInfo_EmptyLogin(t *testing.T) {
+	datasource := &GiteaOAuth2DataSource{}
+	responseContent := `{"login": ""}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
@@ -0,0 +1,193 @@
+package github
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+const githubOAuth2AuthUrl = "https://github.com/login/oauth/authorize"     // Reference: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
+const githubOAuth2TokenUrl = "https://github.com/login/oauth/access_token" // Reference: https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps
+const githubUserProfileApiUrl = "https://api.github.com/user"              // Reference: https://docs.github.com/en/rest/users/users
+const githubUserEmailApiUrl = "https://api.github.com/user/emails"         // Reference: https://docs.github.com/en/rest/users/emails
+
+var githubOAuth2Scopes = []string{"user:email"}
+
+type githubUserProfileResponse struct {
+	Login string `json:"login"`
+	Name  string `json:"name"`
+	Email string `json:"email"`
+}
+
+type githubUserEmailsResponse struct {
+	Email    string `json:"email"`
+	Primary  bool   `json:"primary"`
+	Verified bool   `json:"verified"`
+}
+
+// GithubOAuth2Provider represents Github OAuth 2.0 provider
+type GithubOAuth2Provider struct {
+	provider.OAuth2Provider
+	oauth2Config *oauth2.Config
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the GitHub OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	return p.oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the GitHub OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	return p.oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the Github OAuth 2.0 provider
+func (p *GithubOAuth2Provider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	// first get user name and nick name from user profile
+	req, err := p.buildAPIRequest(githubUserProfileApiUrl)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	oauth2Client := oauth2.NewClient(c, oauth2.StaticTokenSource(oauth2Token))
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[github_oauth2_provider.GetUserInfo] user profile response is %s", data)
+	}))
+
+	resp, err := oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err := io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user info response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	userProfileResp, err := p.parseUserProfile(c, body)
+
+	if err != nil {
+		return nil, err
+	}
+
+	// then get user primary email
+	req, err = p.buildAPIRequest(githubUserEmailApiUrl)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails request, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	req = req.WithContext(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+		log.Debugf(c, "[github_oauth2_provider.GetUserInfo] user emails response is %s", data)
+	}))
+
+	resp, err = oauth2Client.Do(req)
+
+	if err != nil {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails response, because %s", err.Error())
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	defer resp.Body.Close()
+	body, err = io.ReadAll(resp.Body)
+
+	if resp.StatusCode != 200 {
+		log.Errorf(c, "[github_oauth2_provider.GetUserInfo] failed to get user emails response, because response code is %d", resp.StatusCode)
+		return nil, errs.ErrFailedToRequestRemoteApi
+	}
+
+	email, err := p.parsePrimaryEmail(c, body)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userProfileResp.Login,
+		Email:    email,
+		NickName: userProfileResp.Name,
+	}, nil
+}
+
+func (p *GithubOAuth2Provider) parseUserProfile(c core.Context, body []byte) (*githubUserProfileResponse, error) {
+	userProfileResp := &githubUserProfileResponse{}
+	err := json.Unmarshal(body, &userProfileResp)
+
+	if err != nil {
+		log.Warnf(c, "[github_oauth2_provider.parseUserProfile] failed to parse user profile response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userProfileResp.Login == "" {
+		log.Warnf(c, "[github_oauth2_provider.parseUserProfile] invalid user profile response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return userProfileResp, nil
+}
+
+func (p *GithubOAuth2Provider) parsePrimaryEmail(c core.Context, body []byte) (string, error) {
+	emailsResp := make([]githubUserEmailsResponse, 0)
+	err := json.Unmarshal(body, &emailsResp)
+
+	if err != nil {
+		log.Warnf(c, "[github_oauth2_provider.parsePrimaryEmail] failed to parse user emails response body, because %s", err.Error())
+		return "", errs.ErrCannotRetrieveUserInfo
+	}
+
+	for _, emailEntry := range emailsResp {
+		if emailEntry.Primary && emailEntry.Verified {
+			return emailEntry.Email, nil
+		}
+	}
+
+	return "", nil
+}
+
+func (p *GithubOAuth2Provider) buildAPIRequest(url string) (*http.Request, error) {
+	req, err := http.NewRequest("GET", url, nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/vnd.github+json")
+	return req, nil
+}
+
+// NewGithubOAuth2Provider creates a new Github OAuth 2.0 provider instance
+func NewGithubOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	oauth2Config := &oauth2.Config{
+		ClientID:     config.OAuth2ClientID,
+		ClientSecret: config.OAuth2ClientSecret,
+		Endpoint: oauth2.Endpoint{
+			AuthURL:  githubOAuth2AuthUrl,
+			TokenURL: githubOAuth2TokenUrl,
+		},
+		RedirectURL: redirectUrl,
+		Scopes:      githubOAuth2Scopes,
+	}
+
+	return &GithubOAuth2Provider{
+		oauth2Config: oauth2Config,
+	}, nil
+}
@@ -0,0 +1,95 @@
+package github
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+)
+
+func TestGithubOAuth2Datasource_ParseUserProfile_Success(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `{
+		"login": "octocat",
+		"id": 1,
+		"node_id": "MDQ6VXNlcjE=",
+		"avatar_url": "https://github.com/images/error/octocat_happy.gif",
+		"gravatar_id": "",
+		"url": "https://api.github.com/users/octocat",
+		"html_url": "https://github.com/octocat",
+		"followers_url": "https://api.github.com/users/octocat/followers",
+		"following_url": "https://api.github.com/users/octocat/following{/other_user}",
+		"gists_url": "https://api.github.com/users/octocat/gists{/gist_id}",
+		"starred_url": "https://api.github.com/users/octocat/starred{/owner}{/repo}",
+		"subscriptions_url": "https://api.github.com/users/octocat/subscriptions",
+		"organizations_url": "https://api.github.com/users/octocat/orgs",
+		"repos_url": "https://api.github.com/users/octocat/repos",
+		"events_url": "https://api.github.com/users/octocat/events{/privacy}",
+		"received_events_url": "https://api.github.com/users/octocat/received_events",
+		"type": "User",
+		"site_admin": false,
+		"name": "monalisa octocat",
+		"company": "GitHub",
+		"blog": "https://github.com/blog",
+		"location": "San Francisco",
+		"email": "octocat@github.com",
+		"hireable": false,
+		"bio": "There once was...",
+		"twitter_username": "monatheoctocat",
+		"public_repos": 2,
+		"public_gists": 1,
+		"followers": 20,
+		"following": 0,
+		"created_at": "2008-01-14T04:33:35Z",
+		"updated_at": "2008-01-14T04:33:35Z",
+		"private_gists": 81,
+		"total_private_repos": 100,
+		"owned_private_repos": 100,
+		"disk_usage": 10000,
+		"collaborators": 8,
+		"two_factor_authentication": true,
+		"plan": {
+			"name": "Medium",
+			"space": 400,
+			"private_repos": 20,
+			"collaborators": 0
+		}
+	}`
+	info, err := datasource.parseUserProfile(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "octocat", info.Login)
+	assert.Equal(t, "monalisa octocat", info.Name)
+}
+
+func TestGithubOAuth2Datasource_ParseUserProfile_EmptyLogin(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `{"login": ""}`
+	_, err := datasource.parseUserProfile(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestGithubOAuth2Datasource_ParsePrimaryEmail(t *testing.T) {
+	datasource := &GithubOAuth2Provider{}
+	responseContent := `[
+	    {
+			"email": "foo@bar.com",
+			"primary": false,
+			"verified": true,
+			"visibility": null
+		},
+	    {
+			"email": "octocat@github.com",
+			"primary": true,
+			"verified": true,
+			"visibility": "public"
+	    }
+	]`
+	email, err := datasource.parsePrimaryEmail(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "octocat@github.com", email)
+}
@@ -0,0 +1,114 @@
+package nextcloud
+
+import (
+	"encoding/json"
+	"net/http"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+type nextcloudUserInfoResponse struct {
+	OCS *struct {
+		Meta *struct {
+			Status     string `json:"status"`
+			StatusCode int    `json:"statuscode"`
+		} `json:"meta"`
+		Data *struct {
+			ID          string `json:"id"`
+			Email       string `json:"email"`
+			DisplayName string `json:"display-name"`
+		} `json:"data"`
+	} `json:"ocs"`
+}
+
+// NextcloudOAuth2DataSource represents Nextcloud OAuth 2.0 data source
+type NextcloudOAuth2DataSource struct {
+	common.CommonOAuth2DataSource
+	baseUrl string
+}
+
+// GetAuthUrl returns the authentication url of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetAuthUrl() string {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/oauth2-login_redirector-authorize
+	return s.baseUrl + "apps/oauth2/authorize"
+}
+
+// GetTokenUrl returns the token url of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetTokenUrl() string {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/oauth2-oauth_api-get-token
+	return s.baseUrl + "apps/oauth2/api/v1/token"
+}
+
+// GetUserInfoRequest returns the user info request of the Nextcloud data source
+func (s *NextcloudOAuth2DataSource) GetUserInfoRequest() (*http.Request, error) {
+	// Reference: https://docs.nextcloud.com/server/stable/developer_manual/_static/openapi.html#/operations/provisioning_api-users-get-current-user
+	req, err := http.NewRequest("GET", s.baseUrl+"ocs/v2.php/cloud/user", nil)
+
+	if err != nil {
+		return nil, err
+	}
+
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("OCS-APIRequest", "true")
+	return req, nil
+}
+
+// GetScopes returns the scopes required by the Nextcloud provider
+func (s *NextcloudOAuth2DataSource) GetScopes() []string {
+	return []string{}
+}
+
+// ParseUserInfo returns the user info by parsing the response body
+func (s *NextcloudOAuth2DataSource) ParseUserInfo(c core.Context, body []byte) (*data.OAuth2UserInfo, error) {
+	userInfoResp := &nextcloudUserInfoResponse{}
+	err := json.Unmarshal(body, &userInfoResp)
+
+	if err != nil {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] failed to parse user info response body, because %s", err.Error())
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS == nil || userInfoResp.OCS.Meta == nil || userInfoResp.OCS.Data == nil {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] invalid user info response body")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS.Meta.StatusCode != 200 {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] user info response status code is %d", userInfoResp.OCS.Meta.StatusCode)
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	if userInfoResp.OCS.Data.ID == "" {
+		log.Warnf(c, "[nextcloud_oauth2_datasource.ParseUserInfo] user info id is empty")
+		return nil, errs.ErrCannotRetrieveUserInfo
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userInfoResp.OCS.Data.ID,
+		Email:    userInfoResp.OCS.Data.Email,
+		NickName: userInfoResp.OCS.Data.DisplayName,
+	}, nil
+}
+
+// NewNextcloudOAuth2Provider creates a new Nextcloud OAuth 2.0 provider instance
+func NewNextcloudOAuth2Provider(config *settings.Config, redirectUrl string) (provider.OAuth2Provider, error) {
+	if len(config.OAuth2NextcloudBaseUrl) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	baseUrl := config.OAuth2NextcloudBaseUrl
+
+	if baseUrl[len(baseUrl)-1] != '/' {
+		baseUrl += "/"
+	}
+
+	return common.NewCommonOAuth2Provider(config, redirectUrl, &NextcloudOAuth2DataSource{
+		baseUrl: baseUrl,
+	}), nil
+}
@@ -0,0 +1,116 @@
+package nextcloud
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider/common"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+func TestNewNextcloudOAuth2Provider(t *testing.T) {
+	provider, err := NewNextcloudOAuth2Provider(&settings.Config{
+		OAuth2NextcloudBaseUrl: "https://example.com/",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/apps/oauth2/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/apps/oauth2/api/v1/token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewNextcloudOAuth2Provider(&settings.Config{
+		OAuth2NextcloudBaseUrl: "https://example.com/index.php",
+	}, "")
+	assert.Nil(t, err)
+	assert.Equal(t, "https://example.com/index.php/apps/oauth2/authorize", provider.(*common.CommonOAuth2Provider).GetDataSource().GetAuthUrl())
+	assert.Equal(t, "https://example.com/index.php/apps/oauth2/api/v1/token", provider.(*common.CommonOAuth2Provider).GetDataSource().GetTokenUrl())
+
+	provider, err = NewNextcloudOAuth2Provider(&settings.Config{}, "")
+	assert.Equal(t, errs.ErrInvalidOAuth2Config, err)
+}
+
+func TestNextcloudOAuth2Datasource_GetUserInfoRequest(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{baseUrl: "https://example.com/"}
+	req, err := datasource.GetUserInfoRequest()
+
+	assert.Nil(t, err)
+	assert.Equal(t, "GET", req.Method)
+	assert.Equal(t, "https://example.com/ocs/v2.php/cloud/user", req.URL.String())
+	assert.Equal(t, "application/json", req.Header.Get("Accept"))
+	assert.Equal(t, "true", req.Header.Get("OCS-APIRequest"))
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_Success(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "ok",
+				"statuscode": 200
+			},
+			"data": {
+				"id": "user1",
+				"email": "user1@example.com",
+				"display-name": "User"
+			}
+		}
+	}`
+	info, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Nil(t, err)
+	assert.Equal(t, "user1", info.UserName)
+	assert.Equal(t, "user1@example.com", info.Email)
+	assert.Equal(t, "User", info.NickName)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_InvalidJson(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte("invalid"))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_MissingFields(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{"ocs": {}}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_Non200StatusCode(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "error",
+				"statuscode": 400
+			},
+			"data": {}
+		}
+	}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
+
+func TestNextcloudOAuth2Datasource_ParseUserInfo_EmptyID(t *testing.T) {
+	datasource := &NextcloudOAuth2DataSource{}
+	responseContent := `{
+		"ocs": {
+			"meta": {
+				"status": "ok",
+				"statuscode": 200
+			},
+			"data": {
+				"id": "",
+				"email": "user1@example.com",
+				"display-name": "User One"
+			}
+		}
+	}`
+	_, err := datasource.ParseUserInfo(core.NewNullContext(), []byte(responseContent))
+
+	assert.Equal(t, errs.ErrCannotRetrieveUserInfo, err)
+}
@@ -0,0 +1,20 @@
+package provider
+
+import (
+	"golang.org/x/oauth2"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+)
+
+// OAuth2Provider defines the structure of OAuth 2.0 provider
+type OAuth2Provider interface {
+	// GetOAuth2AuthUrl returns the authentication url of the provider
+	GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error)
+
+	// GetOAuth2Token returns the OAuth 2.0 token of the provider
+	GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error)
+
+	// GetUserInfo returns the user info
+	GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error)
+}
@@ -0,0 +1,188 @@
+package oidc
+
+import (
+	"context"
+
+	"golang.org/x/oauth2"
+
+	"github.com/coreos/go-oidc/v3/oidc"
+
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/data"
+	"github.com/mayswind/ezbookkeeping/pkg/auth/oauth2/provider"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/httpclient"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/settings"
+)
+
+// OIDCClaims represents OIDC claims
+type OIDCClaims struct {
+	PreferredUserName string `json:"preferred_username"`
+	UserName          string `json:"username"`
+	Name              string `json:"name"`
+	Email             string `json:"email"`
+}
+
+// OIDCProvider represents OIDC provider
+type OIDCProvider struct {
+	provider.OAuth2Provider
+	oidcIssuerURL      string
+	oidcCheckIssuerURL bool
+	redirectUrl        string
+	oauth2ClientID     string
+	oauth2ClientSecret string
+	oauth2Config       *oauth2.Config
+	oidcProvider       *oidc.Provider
+	oidcVerifier       *oidc.IDTokenVerifier
+}
+
+// GetOAuth2AuthUrl returns the authentication url of the OIDC provider
+func (p *OIDCProvider) GetOAuth2AuthUrl(c core.Context, state string, opts ...oauth2.AuthCodeOption) (string, error) {
+	oauth2Config, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return "", err
+	}
+
+	return oauth2Config.AuthCodeURL(state, opts...), nil
+}
+
+// GetOAuth2Token returns the OAuth 2.0 token of the OIDC provider
+func (p *OIDCProvider) GetOAuth2Token(c core.Context, code string, opts ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
+	oauth2Config, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return oauth2Config.Exchange(c, code, opts...)
+}
+
+// GetUserInfo returns the user info by the OIDC provider
+func (p *OIDCProvider) GetUserInfo(c core.Context, oauth2Token *oauth2.Token) (*data.OAuth2UserInfo, error) {
+	_, err := p.getOAuth2Config(c)
+
+	if err != nil {
+		return nil, err
+	}
+
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+
+	if !ok {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] missing \"id_token\" field in oauth 2.0 token")
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	idToken, err := p.oidcVerifier.Verify(c, rawIDToken)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] failed to verify \"id_token\" field in oauth 2.0 token, because %s", err.Error())
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	var claims OIDCClaims
+	err = idToken.Claims(&claims)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.GetUserInfo] failed to parse claims in oauth 2.0 token, because %s", err.Error())
+		return nil, errs.ErrInvalidOAuth2Token
+	}
+
+	userName := claims.PreferredUserName
+	email := claims.Email
+	nickName := claims.Name
+
+	if userName == "" || email == "" || nickName == "" {
+		userInfo, err := p.oidcProvider.UserInfo(httpclient.CustomHttpResponseLog(c, func(data []byte) {
+			log.Debugf(c, "[oidc_provider.GetUserInfo] response is %s", data)
+		}), oauth2.StaticTokenSource(oauth2Token))
+
+		if err != nil {
+			log.Errorf(c, "[oidc_provider.GetUserInfo] failed to get user info, because %s", err.Error())
+			return nil, errs.ErrCannotRetrieveUserInfo
+		}
+
+		err = userInfo.Claims(&claims)
+
+		if err != nil {
+			log.Errorf(c, "[oidc_provider.GetUserInfo] failed to parse user info, because %s", err.Error())
+			return nil, errs.ErrCannotRetrieveUserInfo
+		}
+
+		if userName == "" {
+			userName = claims.PreferredUserName
+		}
+
+		if userName == "" {
+			userName = claims.UserName
+		}
+
+		if email == "" {
+			email = claims.Email
+		}
+
+		if nickName == "" {
+			nickName = claims.Name
+		}
+	}
+
+	return &data.OAuth2UserInfo{
+		UserName: userName,
+		Email:    email,
+		NickName: nickName,
+	}, nil
+}
+
+func (p *OIDCProvider) getOAuth2Config(c core.Context) (*oauth2.Config, error) {
+	if p.oauth2Config != nil {
+		return p.oauth2Config, nil
+	}
+
+	var ctx context.Context = c
+
+	if !p.oidcCheckIssuerURL {
+		ctx = oidc.InsecureIssuerURLContext(c, p.oidcIssuerURL)
+	}
+
+	oidcProvider, err := oidc.NewProvider(ctx, p.oidcIssuerURL)
+
+	if err != nil {
+		log.Errorf(c, "[oidc_provider.getOAuth2Config] failed to create oidc provider, because %s", err.Error())
+		return nil, err
+	}
+
+	oidcVerifier := oidcProvider.Verifier(&oidc.Config{
+		ClientID:        p.oauth2ClientID,
+		SkipIssuerCheck: !p.oidcCheckIssuerURL,
+	})
+
+	oauth2Config := &oauth2.Config{
+		ClientID:     p.oauth2ClientID,
+		ClientSecret: p.oauth2ClientSecret,
+		Endpoint:     oidcProvider.Endpoint(),
+		RedirectURL:  p.redirectUrl,
+		Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
+	}
+
+	p.oauth2Config = oauth2Config
+	p.oidcProvider = oidcProvider
+	p.oidcVerifier = oidcVerifier
+	return oauth2Config, nil
+}
+
+// NewOIDCProvider returns a new OIDC provider
+func NewOIDCProvider(config *settings.Config, redirectUrl string) (*OIDCProvider, error) {
+	if len(config.OAuth2OIDCProviderIssuerURL) < 1 {
+		return nil, errs.ErrInvalidOAuth2Config
+	}
+
+	return &OIDCProvider{
+		oidcIssuerURL:      config.OAuth2OIDCProviderIssuerURL,
+		oidcCheckIssuerURL: config.OAuth2OIDCProviderCheckIssuerURL,
+		redirectUrl:        redirectUrl,
+		oauth2ClientID:     config.OAuth2ClientID,
+		oauth2ClientSecret: config.OAuth2ClientSecret,
+		oauth2Config:       nil,
+	}, nil
+}
@@ -9,7 +9,7 @@ import (

 // AvatarProviderContainer contains the current user avatar provider
 type AvatarProviderContainer struct {
-	Current AvatarProvider
+	current AvatarProvider
 }

 // Initialize a user avatar provider container singleton instance
@@ -20,13 +20,13 @@ var (
 // InitializeAvatarProvider initializes the current user avatar provider according to the config
 func InitializeAvatarProvider(config *settings.Config) error {
 	if config.AvatarProvider == core.USER_AVATAR_PROVIDER_INTERNAL {
-		Container.Current = NewInternalStorageAvatarProvider(config)
+		Container.current = NewInternalStorageAvatarProvider(config)
 		return nil
 	} else if config.AvatarProvider == core.USER_AVATAR_PROVIDER_GRAVATAR {
-		Container.Current = NewGravatarAvatarProvider()
+		Container.current = NewGravatarAvatarProvider()
 		return nil
 	} else if config.AvatarProvider == "" {
-		Container.Current = NewNullAvatarProvider()
+		Container.current = NewNullAvatarProvider()
 		return nil
 	}

@@ -35,5 +35,9 @@ func InitializeAvatarProvider(config *settings.Config) error {

 // GetAvatarUrl returns the avatar url by the current user avatar provider
 func (p *AvatarProviderContainer) GetAvatarUrl(user *models.User) string {
-	return p.Current.GetAvatarUrl(user)
+	if p.current == nil {
+		return ""
+	}
+
+	return p.current.GetAvatarUrl(user)
 }
@@ -9,5 +9,5 @@ type CliUsingConfig struct {

 // CurrentConfig returns the current config
 func (l *CliUsingConfig) CurrentConfig() *settings.Config {
-	return l.container.Current
+	return l.container.GetCurrentConfig()
 }
@@ -5,6 +5,7 @@ import (
 	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/converters"
+	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
@@ -91,7 +92,7 @@ func (l *UserDataCli) AddNewUser(c *core.CliContext, username string, email stri
 		FeatureRestriction:   l.CurrentConfig().DefaultFeatureRestrictions,
 	}

-	err := l.users.CreateUser(c, user)
+	err := l.users.CreateUser(c, user, false)

 	if err != nil {
 		log.CliErrorf(c, "[user_data.AddNewUser] failed to create user \"%s\", because %s", user.Username, err.Error())
@@ -149,7 +150,7 @@ func (l *UserDataCli) ModifyUserPassword(c *core.CliContext, username string, pa
 		Password: password,
 	}

-	_, _, err = l.users.UpdateUser(c, userNew, false)
+	err = l.users.UpdateUserPassword(c, userNew)

 	if err != nil {
 		log.CliErrorf(c, "[user_data.ModifyUserPassword] failed to update user \"%s\" password, because %s", user.Username, err.Error())
@@ -405,7 +406,7 @@ func (l *UserDataCli) ListUserTokens(c *core.CliContext, username string) ([]*mo
 }

 // CreateNewUserToken returns a new token for the specified user
-func (l *UserDataCli) CreateNewUserToken(c *core.CliContext, username string, tokenType string) (*models.TokenRecord, string, error) {
+func (l *UserDataCli) CreateNewUserToken(c *core.CliContext, username string, tokenType string, expiresInSeconds int64) (*models.TokenRecord, string, error) {
 	if username == "" {
 		log.CliErrorf(c, "[user_data.CreateNewUserToken] user name is empty")
 		return nil, "", errs.ErrUsernameIsEmpty
@@ -421,7 +422,17 @@ func (l *UserDataCli) CreateNewUserToken(c *core.CliContext, username string, to
 	var token string
 	var tokenRecord *models.TokenRecord

-	if tokenType == "mcp" {
+	if tokenType == "api" {
+		if !l.CurrentConfig().EnableAPIToken {
+			return nil, "", errs.ErrAPITokenNotEnabled
+		}
+
+		if user.FeatureRestriction.Contains(core.USER_FEATURE_RESTRICTION_TYPE_GENERATE_API_TOKEN) {
+			return nil, "", errs.ErrNotPermittedToPerformThisAction
+		}
+
+		token, tokenRecord, err = l.tokens.CreateAPITokenViaCli(c, user, expiresInSeconds)
+	} else if tokenType == "mcp" {
 		if !l.CurrentConfig().EnableMCPServer {
 			return nil, "", errs.ErrMCPServerNotEnabled
 		}
@@ -430,9 +441,7 @@ func (l *UserDataCli) CreateNewUserToken(c *core.CliContext, username string, to
 			return nil, "", errs.ErrNotPermittedToPerformThisAction
 		}

-		token, tokenRecord, err = l.tokens.CreateMCPTokenViaCli(c, user)
-	} else if tokenType == "normal" {
-		token, tokenRecord, err = l.tokens.CreateTokenViaCli(c, user)
+		token, tokenRecord, err = l.tokens.CreateMCPTokenViaCli(c, user, expiresInSeconds)
 	} else {
 		return nil, "", errs.ErrParameterInvalid
 	}
@@ -445,6 +454,39 @@ func (l *UserDataCli) CreateNewUserToken(c *core.CliContext, username string, to
 	return tokenRecord, token, nil
 }

+// RevokeUserToken revokes the specified token of the user
+func (l *UserDataCli) RevokeUserToken(c *core.CliContext, token string) error {
+	_, claims, _, err := l.tokens.ParseToken(c, token)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.RevokeUserToken] failed to parse token, because %s", err.Error())
+		return err
+	}
+
+	userTokenId, err := utils.StringToInt64(claims.UserTokenId)
+
+	if err != nil {
+		log.CliErrorf(c, "[user_data.RevokeUserToken] failed to get user token id, because %s", err.Error())
+		return err
+	}
+
+	tokenRecord := &models.TokenRecord{
+		Uid:             claims.Uid,
+		UserTokenId:     userTokenId,
+		CreatedUnixTime: claims.IssuedAt,
+	}
+
+	tokenId := l.tokens.GenerateTokenId(tokenRecord)
+	err = l.tokens.DeleteToken(c, tokenRecord)
+
+	if err != nil {
+		log.Errorf(c, "[user_data.RevokeUserToken] failed to revoke token \"id:%s\" for user \"uid:%d\", because %s", tokenId, claims.Uid, err.Error())
+		return err
+	}
+
+	return nil
+}
+
 // ClearUserTokens clears all tokens of the specified user
 func (l *UserDataCli) ClearUserTokens(c *core.CliContext, username string) error {
 	if username == "" {
@@ -777,7 +819,7 @@ func (l *UserDataCli) ImportTransaction(c *core.CliContext, username string, fil
 		return err
 	}

-	parsedTransactions, newAccounts, newSubExpenseCategories, newSubIncomeCategories, newSubTransferCategories, newTags, err := dataImporter.ParseImportedData(c, user, data, utils.GetTimezoneOffsetMinutes(time.Local), accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+	parsedTransactions, newAccounts, newSubExpenseCategories, newSubIncomeCategories, newSubTransferCategories, newTags, err := dataImporter.ParseImportedData(c, user, data, time.Local, converter.DefaultImporterOptions, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)

 	if err != nil {
 		log.CliErrorf(c, "[user_data.ImportTransaction] failed to parse imported data for \"%s\", because %s", username, err.Error())
@@ -924,7 +966,7 @@ func (l *UserDataCli) getUserEssentialDataForImport(c *core.CliContext, uid int6
 		return nil, nil, nil, nil, nil, err
 	}

-	tagMap = l.tags.GetTagNameMapByList(tags)
+	tagMap = l.tags.GetVisibleTagNameMapByList(tags)

 	return accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap, nil
 }
@@ -10,7 +10,7 @@ var (
 	AlipayAppTransactionDataCsvFileImporter = &alipayAppTransactionDataCsvFileImporter{
 		alipayTransactionDataCsvFileImporter{
 			fileHeaderLine:         "------------------------------------------------------------------------------------",
-			dataHeaderStartContent: "支付宝（中国）网络技术有限公司  电子客户回单",
+			dataHeaderStartContent: []string{"支付宝（中国）网络技术有限公司  电子客户回单", "支付宝支付科技有限公司  电子客户回单"},
 			originalColumnNames: alipayTransactionColumnNames{
 				timeColumnName:           "交易时间",
 				categoryColumnName:       "交易分类",
@@ -2,21 +2,18 @@ package alipay

 import (
 	"bytes"
-	"encoding/csv"
-	"io"
-	"strings"
+	"time"

 	"golang.org/x/text/encoding/simplifiedchinese"
 	"golang.org/x/text/transform"

 	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
-	csvdatatable "github.com/mayswind/ezbookkeeping/pkg/converters/csv"
+	"github.com/mayswind/ezbookkeeping/pkg/converters/csv"
 	"github.com/mayswind/ezbookkeeping/pkg/converters/datatable"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
-	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

 var alipayTransactionSupportedColumns = map[datatable.TransactionDataTableColumn]bool{
@@ -51,17 +48,23 @@ type alipayTransactionColumnNames struct {
 // alipayTransactionDataCsvFileImporter defines the structure of alipay csv importer for transaction data
 type alipayTransactionDataCsvFileImporter struct {
 	fileHeaderLine         string
-	dataHeaderStartContent string
+	dataHeaderStartContent []string
 	dataBottomEndLineRune  rune
 	originalColumnNames    alipayTransactionColumnNames
 }

 // ParseImportedData returns the imported data by parsing the alipay transaction csv data
-func (c *alipayTransactionDataCsvFileImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezoneOffset int16, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
+func (c *alipayTransactionDataCsvFileImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezone *time.Location, additionalOptions converter.TransactionDataImporterOptions, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
 	enc := simplifiedchinese.GB18030
 	reader := transform.NewReader(bytes.NewReader(data), enc.NewDecoder())

-	dataTable, err := c.createNewAlipayBasicDataTable(ctx, reader, c.fileHeaderLine, c.dataHeaderStartContent, c.dataBottomEndLineRune)
+	csvDataTable, err := csv.CreateNewCsvBasicDataTable(ctx, reader, false)
+
+	if err != nil {
+		return nil, nil, nil, nil, nil, nil, err
+	}
+
+	dataTable, err := createNewAlipayTransactionBasicDataTable(ctx, csvDataTable, c.fileHeaderLine, c.dataHeaderStartContent, c.dataBottomEndLineRune)

 	if err != nil {
 		return nil, nil, nil, nil, nil, nil, err
@@ -81,82 +84,5 @@ func (c *alipayTransactionDataCsvFileImporter) ParseImportedData(ctx core.Contex
 	transactionDataTable := datatable.CreateNewTransactionDataTableFromCommonDataTable(commonDataTable, alipayTransactionSupportedColumns, transactionRowParser)
 	dataTableImporter := converter.CreateNewSimpleImporterWithTypeNameMapping(alipayTransactionTypeNameMapping)

-	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezoneOffset, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
-}
-
-func (c *alipayTransactionDataCsvFileImporter) createNewAlipayBasicDataTable(ctx core.Context, reader io.Reader, fileHeaderLine string, dataHeaderStartContent string, dataBottomEndLineRune rune) (datatable.BasicDataTable, error) {
-	csvReader := csv.NewReader(reader)
-	csvReader.FieldsPerRecord = -1
-
-	allOriginalLines := make([][]string, 0)
-	hasFileHeader := false
-	foundContentBeforeDataHeaderLine := false
-
-	for {
-		items, err := csvReader.Read()
-
-		if err == io.EOF {
-			break
-		}
-
-		if err != nil {
-			log.Errorf(ctx, "[alipay_transaction_data_csv_file_importer.createNewAlipayBasicDataTable] cannot parse alipay csv data, because %s", err.Error())
-			return nil, errs.ErrInvalidCSVFile
-		}
-
-		if !hasFileHeader {
-			if len(items) <= 0 {
-				continue
-			} else if strings.Index(items[0], fileHeaderLine) == 0 {
-				hasFileHeader = true
-				continue
-			} else {
-				log.Warnf(ctx, "[alipay_transaction_data_csv_file_importer.createNewAlipayBasicDataTable] read unexpected line before read file header, line content is %s", strings.Join(items, ","))
-				continue
-			}
-		}
-
-		if !foundContentBeforeDataHeaderLine {
-			if len(items) <= 0 {
-				continue
-			} else if strings.Index(items[0], dataHeaderStartContent) >= 0 {
-				foundContentBeforeDataHeaderLine = true
-				continue
-			} else {
-				continue
-			}
-		}
-
-		if foundContentBeforeDataHeaderLine {
-			if len(items) <= 0 {
-				continue
-			} else if len(items) == 1 && dataBottomEndLineRune > 0 && utils.ContainsOnlyOneRune(items[0], dataBottomEndLineRune) {
-				break
-			}
-
-			for i := 0; i < len(items); i++ {
-				items[i] = strings.Trim(items[i], " ")
-			}
-
-			if len(allOriginalLines) > 0 && len(items) < len(allOriginalLines[0]) {
-				log.Errorf(ctx, "[alipay_transaction_data_csv_file_importer.createNewAlipayBasicDataTable] cannot parse row \"index:%d\", because may missing some columns (column count %d in data row is less than header column count %d)", len(allOriginalLines), len(items), len(allOriginalLines[0]))
-				return nil, errs.ErrFewerFieldsInDataRowThanInHeaderRow
-			}
-
-			allOriginalLines = append(allOriginalLines, items)
-		}
-	}
-
-	if !hasFileHeader || !foundContentBeforeDataHeaderLine {
-		return nil, errs.ErrInvalidFileHeader
-	}
-
-	if len(allOriginalLines) < 2 {
-		log.Errorf(ctx, "[alipay_transaction_data_csv_file_importer.createNewAlipayBasicDataTable] cannot parse import data, because data table row count is less 1")
-		return nil, errs.ErrNotFoundTransactionDataInFile
-	}
-
-	dataTable := csvdatatable.CreateNewCustomCsvBasicDataTable(allOriginalLines)
-
-	return dataTable, nil
+	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezone, additionalOptions, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
 }
@@ -8,6 +8,7 @@ import (

 	"golang.org/x/text/encoding/simplifiedchinese"

+	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -15,7 +16,7 @@ import (
 )

 func TestAlipayCsvFileImporterParseImportedData_MinimumValidData(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -35,7 +36,7 @@ func TestAlipayCsvFileImporterParseImportedData_MinimumValidData(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := converter.ParseImportedData(context, user, []byte(data), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 4, len(allNewTransactions))
@@ -94,7 +95,7 @@ func TestAlipayCsvFileImporterParseImportedData_MinimumValidData(t *testing.T) {
 }

 func TestAlipayCsvFileImporterParseImportedData_ParseRefundTransaction(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -102,6 +103,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseRefundTransaction(t *testin
 		DefaultCurrency: "CNY",
 	}

+	// refund
 	data1, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
 		"账号:[xxx@xxx.xxx]\n" +
 		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
@@ -111,7 +113,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseRefundTransaction(t *testin
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
@@ -121,6 +123,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseRefundTransaction(t *testin
 	assert.Equal(t, "", allNewTransactions[0].OriginalSourceAccountName)
 	assert.Equal(t, "", allNewTransactions[0].OriginalCategoryName)

+	// tax refund
 	data2, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
 		"账号:[xxx@xxx.xxx]\n" +
 		"起始日期:[2024-01-01 00:00:00]    终止日期:[2024-09-01 23:59:59]\n" +
@@ -130,7 +133,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseRefundTransaction(t *testin
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data2), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
@@ -141,8 +144,48 @@ func TestAlipayCsvFileImporterParseImportedData_ParseRefundTransaction(t *testin
 	assert.Equal(t, "", allNewTransactions[0].OriginalCategoryName)
 }

+func TestAlipayCsvFileImporterParseImportedData_ParseInvestmentRefundTransaction(t *testing.T) {
+	importer := AlipayAppTransactionDataCsvFileImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	data1, err := simplifiedchinese.GB18030.NewEncoder().String("------------------------------------------------------------------------------------\n" +
+		"导出信息：\n" +
+		"姓名：xxx\n" +
+		"支付宝账户：xxx@xxx.xxx\n" +
+		"起始时间：[2024-01-01 00:00:00]    终止时间：[2024-09-01 23:59:59]\n" +
+		"导出交易类型：[全部]\n" +
+		"------------------------支付宝（中国）网络技术有限公司  电子客户回单------------------------\n" +
+		"交易时间,交易对方,商品说明,收/支,金额,收/付款方式,交易状态,\n" +
+		"2024-09-01 01:00:00,Test Account2,xxx-买入,不计收支,0.01,Test Account,退款成功,\n" +
+		"2024-09-01 02:00:00,Test Account2,xxx-买入退款,不计收支,0.01,Test Account,退款成功,\n")
+
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+	assert.Nil(t, err)
+
+	assert.Equal(t, 2, len(allNewTransactions))
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[0].Type)
+	assert.Equal(t, "2024-09-01 01:00:00", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[0].TransactionTime), time.UTC))
+	assert.Equal(t, int64(1), allNewTransactions[0].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account2", allNewTransactions[0].OriginalDestinationAccountName)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[1].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[1].Type)
+	assert.Equal(t, "2024-09-01 02:00:00", utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(allNewTransactions[1].TransactionTime), time.UTC))
+	assert.Equal(t, int64(1), allNewTransactions[1].Amount)
+	assert.Equal(t, "Test Account2", allNewTransactions[1].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account", allNewTransactions[1].OriginalDestinationAccountName)
+}
+
 func TestAlipayCsvFileImporterParseImportedData_ParseInvalidTime(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -159,7 +202,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseInvalidTime(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)

 	data2, err := simplifiedchinese.GB18030.NewEncoder().String("支付宝交易记录明细查询\n" +
@@ -171,12 +214,12 @@ func TestAlipayCsvFileImporterParseImportedData_ParseInvalidTime(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data2), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)
 }

 func TestAlipayCsvFileImporterParseImportedData_ParseInvalidType(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -193,12 +236,12 @@ func TestAlipayCsvFileImporterParseImportedData_ParseInvalidType(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
 }

 func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -216,7 +259,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -232,7 +275,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data2), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -248,7 +291,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data3), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data3), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -265,7 +308,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data4), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data4), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -282,7 +325,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data5), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data5), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -299,7 +342,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data6), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data6), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -316,7 +359,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data7), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data7), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -325,7 +368,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseAccountName(t *testing.T) {
 }

 func TestAlipayCsvFileImporterParseImportedData_ParseCategory(t *testing.T) {
-	converter := AlipayAppTransactionDataCsvFileImporter
+	importer := AlipayAppTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -346,7 +389,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseCategory(t *testing.T) {
 		"2024-09-01 23:59:59,Test Category3,充值-普通充值,不计收支,0.05,交易成功,\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, _, err := converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 3, len(allNewTransactions))
@@ -365,7 +408,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseCategory(t *testing.T) {
 }

 func TestAlipayCsvFileImporterParseImportedData_ParseRelatedAccount(t *testing.T) {
-	converter := AlipayAppTransactionDataCsvFileImporter
+	importer := AlipayAppTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -380,42 +423,114 @@ func TestAlipayCsvFileImporterParseImportedData_ParseRelatedAccount(t *testing.T
 		"起始时间：[2024-01-01 00:00:00]    终止时间：[2024-09-01 23:59:59]\n" +
 		"导出交易类型：[全部]\n" +
 		"------------------------支付宝（中国）网络技术有限公司  电子客户回单------------------------\n" +
-		"交易时间,商品说明,收/支,金额,收/付款方式,交易状态,\n" +
-		"2024-09-01 03:45:07,余额宝-单次转入,不计收支,0.01,Test Account,交易成功,\n" +
-		"2024-09-01 05:07:29,信用卡还款,不计收支,0.02,Test Account2,交易成功,\n")
+		"交易时间,交易对方,商品说明,收/支,金额,收/付款方式,交易状态,备注,\n" +
+		"2024-09-01 00:00:00,xxx,xxx-收益发放,不计收支,0.01,Test Account,交易成功,earning,\n" +
+		"2024-09-01 01:00:00,Test Account2,xxx-买入,不计收支,0.01,Test Account,交易成功,purchase investment,\n" +
+		"2024-09-01 02:00:00,Test Account2,xxx-卖出至xxx,不计收支,0.01,Test Account,交易成功,sell investment,\n" +
+		"2024-09-01 03:00:00,xxx,充值-普通充值,不计收支,0.01,Test Account,交易成功,transfer to alipay wallet,\n" +
+		"2024-09-01 04:00:00,Test Account3,提现-实时提现,不计收支,0.01,Test Account,交易成功,transfer from alipay wallet,\n" +
+		"2024-09-01 05:00:00,Test Account3,xxx-单次转入,不计收支,0.01,Test Account,交易成功,transfer in,\n" +
+		"2024-09-01 06:00:00,Test Account3,xxx-转出到银行卡,不计收支,0.01,Test Account,交易成功,transfer out,\n" +
+		"2024-09-01 07:00:00,Test Account3,转账xxx,不计收支,0.01,Test Account,交易成功,transfer,\n" +
+		"2024-09-01 08:00:00,Test Account4,信用卡还款,不计收支,0.01,Test Account,还款成功,repayment,\n")
 	assert.Nil(t, err)

-	allNewTransactions, allNewAccounts, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, allNewAccounts, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

-	assert.Equal(t, 2, len(allNewTransactions))
-	assert.Equal(t, 3, len(allNewAccounts))
+	assert.Equal(t, 9, len(allNewTransactions))
+	assert.Equal(t, 6, len(allNewAccounts))

+	assert.Equal(t, models.TRANSACTION_DB_TYPE_INCOME, allNewTransactions[0].Type)
 	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
 	assert.Equal(t, int64(1), allNewTransactions[0].Amount)
 	assert.Equal(t, "Test Account", allNewTransactions[0].OriginalSourceAccountName)
 	assert.Equal(t, "", allNewTransactions[0].OriginalDestinationAccountName)
+	assert.Equal(t, "earning", allNewTransactions[0].Comment)

+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[1].Type)
 	assert.Equal(t, int64(1234567890), allNewTransactions[1].Uid)
-	assert.Equal(t, int64(2), allNewTransactions[1].Amount)
-	assert.Equal(t, "Test Account2", allNewTransactions[1].OriginalSourceAccountName)
-	assert.Equal(t, "", allNewTransactions[1].OriginalDestinationAccountName)
+	assert.Equal(t, int64(1), allNewTransactions[1].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[1].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account2", allNewTransactions[1].OriginalDestinationAccountName)
+	assert.Equal(t, "purchase investment", allNewTransactions[1].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[2].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[2].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[2].Amount)
+	assert.Equal(t, "Test Account2", allNewTransactions[2].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account", allNewTransactions[2].OriginalDestinationAccountName)
+	assert.Equal(t, "sell investment", allNewTransactions[2].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[3].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[3].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[3].Amount)
+	assert.Equal(t, "", allNewTransactions[3].OriginalSourceAccountName)
+	assert.Equal(t, "Alipay", allNewTransactions[3].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer to alipay wallet", allNewTransactions[3].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[4].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[4].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[4].Amount)
+	assert.Equal(t, "Alipay", allNewTransactions[4].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[4].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer from alipay wallet", allNewTransactions[4].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[5].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[5].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[5].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[5].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[5].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer in", allNewTransactions[5].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[6].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[6].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[6].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[6].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[6].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer out", allNewTransactions[6].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[7].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[7].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[7].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[7].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account3", allNewTransactions[7].OriginalDestinationAccountName)
+	assert.Equal(t, "transfer", allNewTransactions[7].Comment)
+
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_TRANSFER_OUT, allNewTransactions[8].Type)
+	assert.Equal(t, int64(1234567890), allNewTransactions[8].Uid)
+	assert.Equal(t, int64(1), allNewTransactions[8].Amount)
+	assert.Equal(t, "Test Account", allNewTransactions[8].OriginalSourceAccountName)
+	assert.Equal(t, "Test Account4", allNewTransactions[8].OriginalDestinationAccountName)
+	assert.Equal(t, "repayment", allNewTransactions[8].Comment)

 	assert.Equal(t, int64(1234567890), allNewAccounts[0].Uid)
 	assert.Equal(t, "Test Account", allNewAccounts[0].Name)
 	assert.Equal(t, "CNY", allNewAccounts[0].Currency)

 	assert.Equal(t, int64(1234567890), allNewAccounts[1].Uid)
-	assert.Equal(t, "", allNewAccounts[1].Name)
+	assert.Equal(t, "Test Account2", allNewAccounts[1].Name)
 	assert.Equal(t, "CNY", allNewAccounts[1].Currency)

 	assert.Equal(t, int64(1234567890), allNewAccounts[2].Uid)
-	assert.Equal(t, "Test Account2", allNewAccounts[2].Name)
+	assert.Equal(t, "", allNewAccounts[2].Name)
 	assert.Equal(t, "CNY", allNewAccounts[2].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[3].Uid)
+	assert.Equal(t, "Alipay", allNewAccounts[3].Name)
+	assert.Equal(t, "CNY", allNewAccounts[3].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[4].Uid)
+	assert.Equal(t, "Test Account3", allNewAccounts[4].Name)
+	assert.Equal(t, "CNY", allNewAccounts[4].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[5].Uid)
+	assert.Equal(t, "Test Account4", allNewAccounts[5].Name)
+	assert.Equal(t, "CNY", allNewAccounts[5].Currency)
 }

 func TestAlipayCsvFileImporterParseImportedData_ParseDescription(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -432,7 +547,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseDescription(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -447,7 +562,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseDescription(t *testing.T) {
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data2), 0, nil, nil, nil, nil, nil)
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.Nil(t, err)

 	assert.Equal(t, 1, len(allNewTransactions))
@@ -455,7 +570,7 @@ func TestAlipayCsvFileImporterParseImportedData_ParseDescription(t *testing.T) {
 }

 func TestAlipayCsvFileImporterParseImportedData_SkipClosedIncomeOrTransferTransaction(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -472,12 +587,12 @@ func TestAlipayCsvFileImporterParseImportedData_SkipClosedIncomeOrTransferTransa
 		"2024-09-01 23:59:59 ,充值-普通充值             ,0.05   ,不计收支    ,交易关闭    ,\n" +
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
 }

 func TestAlipayCsvFileImporterParseImportedData_SkipUnknownProductTransferTransaction(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -493,12 +608,12 @@ func TestAlipayCsvFileImporterParseImportedData_SkipUnknownProductTransferTransa
 		"2024-09-01 23:59:59 ,xxxx                ,0.05   ,不计收支    ,交易成功    ,\n" +
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
 }

 func TestAlipayCsvFileImporterParseImportedData_SkipUnknownStatusTransaction(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -514,12 +629,12 @@ func TestAlipayCsvFileImporterParseImportedData_SkipUnknownStatusTransaction(t *
 		"2024-09-01 01:23:45 ,xxxx            ,0.12   ,收入      ,xxxx    ,\n" +
 		"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
 }

 func TestAlipayCsvFileImporterParseImportedData_MissingFileHeader(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -533,15 +648,15 @@ func TestAlipayCsvFileImporterParseImportedData_MissingFileHeader(t *testing.T)
 			"------------------------------------------------------------------------------------\n")
 	assert.Nil(t, err)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrInvalidFileHeader.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(""), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(""), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrInvalidFileHeader.Message)
 }

 func TestAlipayCsvFileImporterParseImportedData_MissingRequiredColumn(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -557,7 +672,7 @@ func TestAlipayCsvFileImporterParseImportedData_MissingRequiredColumn(t *testing
 		"金额（元）,收/支     ,交易状态    ,\n" +
 		"0.12   ,收入      ,交易成功    ,\n" +
 		"------------------------------------------------------------------------------------\n")
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)

 	// Missing Amount Column
@@ -568,7 +683,7 @@ func TestAlipayCsvFileImporterParseImportedData_MissingRequiredColumn(t *testing
 		"交易创建时间              ,收/支     ,交易状态    ,\n" +
 		"2024-09-01 12:34:56 ,收入      ,交易成功    ,\n" +
 		"------------------------------------------------------------------------------------\n")
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data2), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data2), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)

 	// Missing Status Column
@@ -579,7 +694,7 @@ func TestAlipayCsvFileImporterParseImportedData_MissingRequiredColumn(t *testing
 		"交易创建时间              ,金额（元）,收/支     ,\n" +
 		"2024-09-01 12:34:56 ,0.12   ,收入      ,\n" +
 		"------------------------------------------------------------------------------------\n")
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data3), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data3), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)

 	// Missing Type Column
@@ -590,12 +705,12 @@ func TestAlipayCsvFileImporterParseImportedData_MissingRequiredColumn(t *testing
 		"交易创建时间              ,金额（元）,交易状态    ,\n" +
 		"2024-09-01 12:34:56 ,0.12   ,交易成功    ,\n" +
 		"------------------------------------------------------------------------------------\n")
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data4), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data4), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrMissingRequiredFieldInHeaderRow.Message)
 }

 func TestAlipayCsvFileImporterParseImportedData_NoTransactionData(t *testing.T) {
-	converter := AlipayWebTransactionDataCsvFileImporter
+	importer := AlipayWebTransactionDataCsvFileImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -609,6 +724,6 @@ func TestAlipayCsvFileImporterParseImportedData_NoTransactionData(t *testing.T)
 		"---------------------------------交易记录明细列表------------------------------------\n" +
 		"交易创建时间              ,金额（元）,收/支     ,交易状态    ,\n" +
 		"------------------------------------------------------------------------------------\n")
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(data1), 0, nil, nil, nil, nil, nil)
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(data1), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
 }
@@ -0,0 +1,78 @@
+package alipay
+
+import (
+	"strings"
+
+	"github.com/mayswind/ezbookkeeping/pkg/converters/csv"
+	"github.com/mayswind/ezbookkeeping/pkg/converters/datatable"
+	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
+	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
+)
+
+func createNewAlipayTransactionBasicDataTable(ctx core.Context, originalDataTable datatable.BasicDataTable, fileHeaderLine string, dataHeaderStartContent []string, dataBottomEndLineRune rune) (datatable.BasicDataTable, error) {
+	iterator := originalDataTable.DataRowIterator()
+	allOriginalLines := make([][]string, 0)
+	hasFileHeader := false
+	foundContentBeforeDataHeaderLine := false
+
+	for iterator.HasNext() {
+		row := iterator.Next()
+
+		if !hasFileHeader {
+			if row.ColumnCount() <= 0 {
+				continue
+			} else if strings.Index(row.GetData(0), fileHeaderLine) == 0 {
+				hasFileHeader = true
+				continue
+			} else {
+				log.Warnf(ctx, "[alipay_transaction_data_extrator.createNewAlipayTransactionBasicDataTable] read unexpected line in row \"%s\" before read file header", iterator.CurrentRowId())
+				continue
+			}
+		}
+
+		if !foundContentBeforeDataHeaderLine {
+			if row.ColumnCount() <= 0 {
+				continue
+			} else if utils.ContainsAnyString(row.GetData(0), dataHeaderStartContent) {
+				foundContentBeforeDataHeaderLine = true
+				continue
+			} else {
+				continue
+			}
+		}
+
+		if foundContentBeforeDataHeaderLine {
+			if row.ColumnCount() <= 0 {
+				continue
+			} else if row.ColumnCount() == 1 && dataBottomEndLineRune > 0 && utils.ContainsOnlyOneRune(row.GetData(0), dataBottomEndLineRune) {
+				break
+			}
+
+			items := make([]string, row.ColumnCount())
+
+			for i := 0; i < row.ColumnCount(); i++ {
+				items[i] = strings.Trim(row.GetData(i), " ")
+			}
+
+			if len(allOriginalLines) > 0 && len(items) < len(allOriginalLines[0]) {
+				log.Errorf(ctx, "[alipay_transaction_data_extrator.createNewAlipayTransactionBasicDataTable] cannot parse row \"%s\", because may missing some columns (column count %d in data row is less than header column count %d)", iterator.CurrentRowId(), len(items), len(allOriginalLines[0]))
+				return nil, errs.ErrFewerFieldsInDataRowThanInHeaderRow
+			}
+
+			allOriginalLines = append(allOriginalLines, items)
+		}
+	}
+
+	if !hasFileHeader || !foundContentBeforeDataHeaderLine {
+		return nil, errs.ErrInvalidFileHeader
+	}
+
+	if len(allOriginalLines) < 2 {
+		log.Errorf(ctx, "[alipay_transaction_data_extrator.createNewAlipayTransactionBasicDataTable] cannot parse import data, because data table row count is less 1")
+		return nil, errs.ErrNotFoundTransactionDataInFile
+	}
+
+	return csv.CreateNewCustomCsvBasicDataTable(allOriginalLines, true), nil
+}
@@ -13,15 +13,21 @@ import (

 const alipayTransactionDataStatusSuccessName = "交易成功"
 const alipayTransactionDataStatusPaymentSuccessName = "支付成功"
+const alipayTransactionDataStatusPendingGoodsReceiptConfirmationName = "等待确认收货"
 const alipayTransactionDataStatusRepaymentSuccessName = "还款成功"
 const alipayTransactionDataStatusClosedName = "交易关闭"
 const alipayTransactionDataStatusRefundSuccessName = "退款成功"
 const alipayTransactionDataStatusTaxRefundSuccessName = "退税成功"

+const alipayTransactionDataProductNameEarningText = "-收益发放"
+const alipayTransactionDataProductNamePurchaseInvestmentText = "-买入"
+const alipayTransactionDataProductNamePurchaseInvestmentRefundText = "-买入退款"
+const alipayTransactionDataProductNameSellInvestmentRefundText = "-卖出"
 const alipayTransactionDataProductNameTransferToAlipayPrefix = "充值-"
 const alipayTransactionDataProductNameTransferFromAlipayPrefix = "提现-"
 const alipayTransactionDataProductNameTransferInText = "转入"
 const alipayTransactionDataProductNameTransferOutText = "转出"
+const alipayTransactionDataProductNameTransferText = "转账"
 const alipayTransactionDataProductNameRepaymentText = "还款"

 // alipayTransactionDataRowParser defines the structure of alipay transaction data row parser
@@ -41,6 +47,7 @@ func (p *alipayTransactionDataRowParser) Parse(ctx core.Context, user *models.Us

 	if dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusSuccessName &&
 		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusPaymentSuccessName &&
+		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusPendingGoodsReceiptConfirmationName &&
 		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusRepaymentSuccessName &&
 		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusClosedName &&
 		dataRow.GetData(p.columns.statusColumnName) != alipayTransactionDataStatusRefundSuccessName &&
@@ -127,11 +134,29 @@ func (p *alipayTransactionDataRowParser) Parse(ctx core.Context, user *models.Us
 			}

 			if statusName == alipayTransactionDataStatusRefundSuccessName {
-				data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME]
-				data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
-				data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = ""
+				if len(productName) > len(alipayTransactionDataProductNamePurchaseInvestmentText) && strings.Index(productName, alipayTransactionDataProductNamePurchaseInvestmentText) == len(productName)-len(alipayTransactionDataProductNamePurchaseInvestmentText) { // purchase investment
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if len(productName) > len(alipayTransactionDataProductNamePurchaseInvestmentRefundText) && strings.Index(productName, alipayTransactionDataProductNamePurchaseInvestmentRefundText) == len(productName)-len(alipayTransactionDataProductNamePurchaseInvestmentRefundText) { // purchase investment refund
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = targetName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = relatedAccountName
+				} else {
+					data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME]
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = ""
+				}
 			} else {
-				if strings.Index(productName, alipayTransactionDataProductNameTransferToAlipayPrefix) == 0 { // transfer to alipay wallet
+				if len(productName) > len(alipayTransactionDataProductNameEarningText) && strings.Index(productName, alipayTransactionDataProductNameEarningText) == len(productName)-len(alipayTransactionDataProductNameEarningText) { // earning
+					data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = alipayTransactionTypeNameMapping[models.TRANSACTION_TYPE_INCOME]
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if len(productName) > len(alipayTransactionDataProductNamePurchaseInvestmentText) && strings.Index(productName, alipayTransactionDataProductNamePurchaseInvestmentText) == len(productName)-len(alipayTransactionDataProductNamePurchaseInvestmentText) { // purchase investment
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if strings.Index(productName, alipayTransactionDataProductNameSellInvestmentRefundText) >= 0 { // sell investment
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = targetName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = relatedAccountName
+				} else if strings.Index(productName, alipayTransactionDataProductNameTransferToAlipayPrefix) == 0 { // transfer to alipay wallet
 					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = ""
 					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = localeTextItems.DataConverterTextItems.Alipay
 				} else if strings.Index(productName, alipayTransactionDataProductNameTransferFromAlipayPrefix) == 0 { // transfer from alipay wallet
@@ -143,6 +168,9 @@ func (p *alipayTransactionDataRowParser) Parse(ctx core.Context, user *models.Us
 				} else if strings.Index(productName, alipayTransactionDataProductNameTransferOutText) >= 0 { // transfer out
 					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
 					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
+				} else if strings.Index(productName, alipayTransactionDataProductNameTransferText) >= 0 { // transfer
+					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
+					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
 				} else if strings.Index(productName, alipayTransactionDataProductNameRepaymentText) >= 0 { // repayment
 					data[datatable.TRANSACTION_DATA_TABLE_ACCOUNT_NAME] = relatedAccountName
 					data[datatable.TRANSACTION_DATA_TABLE_RELATED_ACCOUNT_NAME] = targetName
@@ -10,7 +10,7 @@ var (
 	AlipayWebTransactionDataCsvFileImporter = &alipayWebTransactionDataCsvFileImporter{
 		alipayTransactionDataCsvFileImporter{
 			fileHeaderLine:         "支付宝交易记录明细查询",
-			dataHeaderStartContent: "交易记录明细列表",
+			dataHeaderStartContent: []string{"交易记录明细列表"},
 			dataBottomEndLineRune:  '-',
 			originalColumnNames: alipayTransactionColumnNames{
 				timeColumnName:           "交易创建时间",
@@ -1,15 +1,20 @@
 package beancount

 import (
-	"fmt"
-	"strconv"
+	"math/big"
 	"strings"

 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/log"
+	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

+const maxAllowedDecimalCount = 6
+const normalizeFactor = int64(1000000)
+const normalizedDecimalsMaxZeroString = "000000"
+const normalizedNumberToAmountFactor = int64(10000) // 1000000 / 100
+
 var operatorPriority = map[rune]int{
 	'+': 1,
 	'-': 1,
@@ -17,6 +22,44 @@ var operatorPriority = map[rune]int{
 	'/': 2,
 }

+func normalizeNumber(textualNumber string) (*big.Int, error) {
+	decimalSeparatorPos := strings.Index(textualNumber, ".")
+
+	if decimalSeparatorPos < 0 {
+		result := big.NewInt(0)
+		_, ok := result.SetString(textualNumber+normalizedDecimalsMaxZeroString, 10)
+
+		if !ok {
+			return nil, errs.ErrAmountInvalid
+		}
+
+		return result, nil
+	}
+
+	integer := utils.SubString(textualNumber, 0, decimalSeparatorPos)
+	decimals := utils.SubString(textualNumber, decimalSeparatorPos+1, len(textualNumber))
+
+	if len(decimals) > maxAllowedDecimalCount {
+		return nil, errs.ErrAmountInvalid
+	}
+
+	paddedDecimals := utils.SubString(decimals+normalizedDecimalsMaxZeroString, 0, maxAllowedDecimalCount)
+	result := big.NewInt(0)
+	_, ok := result.SetString(integer+paddedDecimals, 10)
+
+	if !ok {
+		return nil, errs.ErrAmountInvalid
+	}
+
+	return result, nil
+}
+
+func denormalizeNumberToTextualAmount(num *big.Int) string {
+	result := big.NewInt(0).Add(num, big.NewInt(0)) // make a copy of num
+	result = result.Div(result, big.NewInt(normalizedNumberToAmountFactor))
+	return utils.FormatAmount(result.Int64())
+}
+
 func toPostfixExprTokens(ctx core.Context, expr string) ([]string, error) {
 	finalTokens := make([]string, 0)
 	operatorStack := make([]rune, 0)
@@ -117,8 +160,8 @@ func toPostfixExprTokens(ctx core.Context, expr string) ([]string, error) {
 	return finalTokens, nil
 }

-func evaluatePostfixExpr(ctx core.Context, tokens []string) (float64, error) {
-	stack := make([]float64, 0)
+func evaluatePostfixExpr(ctx core.Context, tokens []string) (*big.Int, error) {
+	stack := make([]*big.Int, 0)

 	for i := 0; i < len(tokens); i++ {
 		token := tokens[i]
@@ -127,7 +170,7 @@ func evaluatePostfixExpr(ctx core.Context, tokens []string) (float64, error) {
 		case "+", "-", "*", "/": // operators
 			if len(stack) < 2 {
 				log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because not enough operands", strings.Join(tokens, " "))
-				return 0, errs.ErrInvalidAmountExpression
+				return nil, errs.ErrInvalidAmountExpression
 			}

 			// pop the top two operands
@@ -138,39 +181,41 @@ func evaluatePostfixExpr(ctx core.Context, tokens []string) (float64, error) {
 			stack = stack[:len(stack)-1]

 			// evaluate the operation
-			var result float64
+			result := big.NewInt(0)
 			switch token {
 			case "+":
-				result = a + b
+				result.Add(a, b)
 			case "-":
-				result = a - b
+				result.Sub(a, b)
 			case "*":
-				result = a * b
+				result.Mul(a, b)
+				result.Div(result, big.NewInt(normalizeFactor))
 			case "/":
-				if b == 0 {
+				if b.Int64() == 0 {
 					log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because division by zero", strings.Join(tokens, " "))
-					return 0, errs.ErrInvalidAmountExpression
+					return nil, errs.ErrInvalidAmountExpression
 				}
-				result = a / b
+				result.Mul(a, big.NewInt(normalizeFactor))
+				result.Div(result, b)
 			}

 			// push the result back to the stack
 			stack = append(stack, result)
 		default: // operands
-			num, err := strconv.ParseFloat(token, 64)
+			normalizedNum, err := normalizeNumber(token)

 			if err != nil {
 				log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because containing invalid number", strings.Join(tokens, " "))
-				return 0, errs.ErrInvalidAmountExpression
+				return nil, errs.ErrInvalidAmountExpression
 			}

-			stack = append(stack, num)
+			stack = append(stack, normalizedNum)
 		}
 	}

 	if len(stack) != 1 {
 		log.Warnf(ctx, "[beancount_amount_expression_evaluator.evaluatePostfixExpr] cannot evaluate expression \"%s\", because missing operator", strings.Join(tokens, " "))
-		return 0, errs.ErrInvalidAmountExpression
+		return nil, errs.ErrInvalidAmountExpression
 	}

 	return stack[0], nil
@@ -193,5 +238,5 @@ func evaluateBeancountAmountExpression(ctx core.Context, expr string) (string, e
 		return "", err
 	}

-	return fmt.Sprintf("%.2f", result), nil
+	return denormalizeNumberToTextualAmount(result), nil
 }
@@ -1,6 +1,7 @@
 package beancount

 import (
+	"math/big"
 	"testing"

 	"github.com/stretchr/testify/assert"
@@ -97,23 +98,23 @@ func TestEvaluatePostfixExpr_ValidExpression(t *testing.T) {

 	result, err := evaluatePostfixExpr(context, []string{"1", "2", "+"})
 	assert.Nil(t, err)
-	assert.Equal(t, float64(3), result)
+	assert.Equal(t, big.NewInt(3000000), result)

 	result, err = evaluatePostfixExpr(context, []string{"5", "3", "-"})
 	assert.Nil(t, err)
-	assert.Equal(t, float64(2), result)
+	assert.Equal(t, big.NewInt(2000000), result)

 	result, err = evaluatePostfixExpr(context, []string{"4", "3", "*"})
 	assert.Nil(t, err)
-	assert.Equal(t, float64(12), result)
+	assert.Equal(t, big.NewInt(12000000), result)

 	result, err = evaluatePostfixExpr(context, []string{"6", "2", "/"})
 	assert.Nil(t, err)
-	assert.Equal(t, float64(3), result)
+	assert.Equal(t, big.NewInt(3000000), result)

 	result, err = evaluatePostfixExpr(context, []string{"1", "2", "3", "*", "+", "4", "2", "/", "-"})
 	assert.Nil(t, err)
-	assert.Equal(t, float64(5), result)
+	assert.Equal(t, big.NewInt(5000000), result)
 }

 func TestEvaluatePostfixExpr_InvalidExpression(t *testing.T) {
@@ -179,6 +180,18 @@ func TestEvaluateBeancountAmountExpression_ValidExpression(t *testing.T) {
 	result, err = evaluateBeancountAmountExpression(context, "(((2+3)))*(((((-5+7)))))")
 	assert.Nil(t, err)
 	assert.Equal(t, "10.00", result)
+
+	result, err = evaluateBeancountAmountExpression(context, "3.5+0.1")
+	assert.Nil(t, err)
+	assert.Equal(t, "3.60", result)
+
+	result, err = evaluateBeancountAmountExpression(context, "3.55+0.11")
+	assert.Nil(t, err)
+	assert.Equal(t, "3.66", result)
+
+	result, err = evaluateBeancountAmountExpression(context, "3.555+0.111")
+	assert.Nil(t, err)
+	assert.Equal(t, "3.66", result)
 }

 func TestEvaluateBeancountAmountExpression_InvalidExpression(t *testing.T) {
@@ -213,4 +226,10 @@ func TestEvaluateBeancountAmountExpression_InvalidExpression(t *testing.T) {

 	_, err = evaluateBeancountAmountExpression(context, "1)*(2")
 	assert.Equal(t, errs.ErrInvalidAmountExpression, err)
+
+	_, err = evaluateBeancountAmountExpression(context, "0.abcd+1")
+	assert.Equal(t, errs.ErrInvalidAmountExpression, err)
+
+	_, err = evaluateBeancountAmountExpression(context, "0.1234567+1")
+	assert.Equal(t, errs.ErrInvalidAmountExpression, err)
 }
@@ -1,6 +1,8 @@
 package beancount

 import (
+	"time"
+
 	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -24,7 +26,7 @@ var (
 )

 // ParseImportedData returns the imported data by parsing the Beancount transaction data
-func (c *beancountTransactionDataImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezoneOffset int16, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
+func (c *beancountTransactionDataImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezone *time.Location, additionalOptions converter.TransactionDataImporterOptions, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
 	beancountDataReader, err := createNewBeancountDataReader(ctx, data)

 	if err != nil {
@@ -45,5 +47,5 @@ func (c *beancountTransactionDataImporter) ParseImportedData(ctx core.Context, u

 	dataTableImporter := converter.CreateNewImporterWithTypeNameMapping(beancountTransactionTypeNameMapping, "", "", BEANCOUNT_TRANSACTION_TAG_SEPARATOR)

-	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezoneOffset, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezone, additionalOptions, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
 }
@@ -2,9 +2,11 @@ package beancount

 import (
 	"testing"
+	"time"

 	"github.com/stretchr/testify/assert"

+	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
@@ -12,7 +14,7 @@ import (
 )

 func TestBeancountTransactionDataFileParseImportedData_MinimumValidData(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -20,7 +22,7 @@ func TestBeancountTransactionDataFileParseImportedData_MinimumValidData(t *testi
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 *\n"+
 			"  Equity:Opening-Balances -123.45 CNY\n"+
 			"  Assets:TestAccount 123.45 CNY\n"+
@@ -32,7 +34,7 @@ func TestBeancountTransactionDataFileParseImportedData_MinimumValidData(t *testi
 			"  Expenses:TestCategory2 1.00 CNY\n"+
 			"2024-09-04 *\n"+
 			"  Assets:TestAccount -0.05 CNY\n"+
-			"  Assets:TestAccount2 0.05 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount2 0.05 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)

@@ -91,7 +93,7 @@ func TestBeancountTransactionDataFileParseImportedData_MinimumValidData(t *testi
 }

 func TestBeancountTransactionDataFileParseImportedData_MinimumValidData2(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -99,7 +101,7 @@ func TestBeancountTransactionDataFileParseImportedData_MinimumValidData2(t *test
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 *\n"+
 			"  Assets:TestAccount 123.45 CNY\n"+
 			"  Equity:Opening-Balances -123.45 CNY\n"+
@@ -111,7 +113,7 @@ func TestBeancountTransactionDataFileParseImportedData_MinimumValidData2(t *test
 			"  Assets:TestAccount -1.00 CNY\n"+
 			"2024-09-04 *\n"+
 			"  Assets:TestAccount2 0.05 CNY\n"+
-			"  Assets:TestAccount -0.05 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount -0.05 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)

@@ -170,7 +172,7 @@ func TestBeancountTransactionDataFileParseImportedData_MinimumValidData2(t *test
 }

 func TestBeancountTransactionDataFileParseImportedData_ParseInvalidTime(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -178,15 +180,15 @@ func TestBeancountTransactionDataFileParseImportedData_ParseInvalidTime(t *testi
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		"2024/09/01 *\n"+
 			"  Equity:Opening-Balances -123.45 CNY\n"+
-			"  Assets:TestAccount 123.45 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount 123.45 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)
 }

 func TestBeancountTransactionDataFileParseImportedData_ParseValidCurrency(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -194,10 +196,10 @@ func TestBeancountTransactionDataFileParseImportedData_ParseValidCurrency(t *tes
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, allNewAccounts, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, allNewAccounts, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 * \"Payee Name\" \"Hello\nWorld\"\n"+
 			"  Assets:TestAccount -0.12 USD\n"+
-			"  Assets:TestAccount2 0.84 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount2 0.84 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)

@@ -222,7 +224,7 @@ func TestBeancountTransactionDataFileParseImportedData_ParseValidCurrency(t *tes
 }

 func TestBeancountTransactionDataFileParseImportedData_ParseInvalidAmount(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -230,21 +232,21 @@ func TestBeancountTransactionDataFileParseImportedData_ParseInvalidAmount(t *tes
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 *\n"+
 			"  Equity:Opening-Balances -abc CNY\n"+
-			"  Assets:TestAccount abc CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount abc CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrAmountInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 *\n"+
 			"  Equity:Opening-Balances -1/0 CNY\n"+
-			"  Assets:TestAccount 1/0 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount 1/0 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrAmountInvalid.Message)
 }

 func TestBeancountTransactionDataFileParseImportedData_ParseDescription(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -252,13 +254,13 @@ func TestBeancountTransactionDataFileParseImportedData_ParseDescription(t *testi
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 * \"foo    bar\t#test\n\"\n"+
 			"  Equity:Opening-Balances -123.45 CNY\n"+
 			"  Assets:TestAccount 123.45 CNY\n"+
 			"2024-09-02 * \"Payee Name\" \"Hello\nWorld\"\n"+
 			"  Income:TestCategory -0.12 CNY\n"+
-			"  Assets:TestAccount 0.12 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount 0.12 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)

@@ -269,7 +271,7 @@ func TestBeancountTransactionDataFileParseImportedData_ParseDescription(t *testi
 }

 func TestBeancountTransactionDataFileParseImportedData_InvalidTransaction(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -277,33 +279,33 @@ func TestBeancountTransactionDataFileParseImportedData_InvalidTransaction(t *tes
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		"2024-09-02 * \"Payee Name\" \"Hello\nWorld\"\n"+
 			"  Assets:TestAccount 0.11 CNY\n"+
-			"  Assets:TestAccount2 0.11 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount2 0.11 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrInvalidBeancountFile.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		"2024-09-02 * \"Payee Name\" \"Hello\nWorld\"\n"+
 			"  Expenses:TestCategory -0.11 CNY\n"+
-			"  Expenses:TestCategory2 0.11 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Expenses:TestCategory2 0.11 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrThereAreNotSupportedTransactionType.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		"2024-09-02 * \"Payee Name\" \"Hello\nWorld\"\n"+
 			"  Income:TestCategory -0.11 CNY\n"+
-			"  Income:TestCategory2 0.11 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Income:TestCategory2 0.11 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrThereAreNotSupportedTransactionType.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		"2024-09-02 * \"Payee Name\" \"Hello\nWorld\"\n"+
 			"  Equity:TestCategory -0.11 CNY\n"+
-			"  Equity:TestCategory2 0.11 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Equity:TestCategory2 0.11 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrThereAreNotSupportedTransactionType.Message)
 }

 func TestBeancountTransactionDataFileParseImportedData_NotSupportedToParseSplitTransaction(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -311,16 +313,16 @@ func TestBeancountTransactionDataFileParseImportedData_NotSupportedToParseSplitT
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		"2024-09-02 * \"Payee Name\" \"Hello\nWorld\"\n"+
 			"  Assets:TestAccount -0.23 CNY\n"+
 			"  Assets:TestAccount2 0.11 CNY\n"+
-			"  Assets:TestAccount3 0.12 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount3 0.12 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotSupportedSplitTransactions.Message)
 }

 func TestBeancountTransactionDataFileParseImportedData_MissingTransactionRequiredData(t *testing.T) {
-	converter := BeancountTransactionDataImporter
+	importer := BeancountTransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -329,30 +331,30 @@ func TestBeancountTransactionDataFileParseImportedData_MissingTransactionRequire
 	}

 	// Missing Transaction Time
-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		"* \"narration\"\n"+
 			"  Equity:Opening-Balances -123.45 CNY\n"+
-			"  Assets:TestAccount 123.45 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount 123.45 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrNotFoundTransactionDataInFile.Message)

 	// Missing Account Name
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 * \"narration\"\n"+
 			"  Equity:Opening-Balances -123.45 CNY\n"+
-			"   123.45 CNY\n"), 0, nil, nil, nil, nil, nil)
+			"   123.45 CNY\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrInvalidBeancountFile.Message)

 	// Missing Amount
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 * \"narration\"\n"+
 			"  Equity:Opening-Balances\n"+
-			"  Assets:TestAccount\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrInvalidBeancountFile.Message)

 	// Missing Commodity
-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		"2024-09-01 * \"narration\"\n"+
 			"  Equity:Opening-Balances -123.45\n"+
-			"  Assets:TestAccount 123.45\n"), 0, nil, nil, nil, nil, nil)
+			"  Assets:TestAccount 123.45\n"), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrInvalidBeancountFile.Message)
 }
@@ -9,11 +9,20 @@ const (
 	CAMT_INDICATOR_DEBIT  camtCreditDebitIndicator = "DBIT"
 )

+type camt052File struct {
+	XMLName                     xml.Name                         `xml:"Document"`
+	BankToCustomerAccountReport *camtBankToCustomerAccountReport `xml:"BkToCstmrAcctRpt"`
+}
+
 type camt053File struct {
 	XMLName                 xml.Name                     `xml:"Document"`
 	BankToCustomerStatement *camtBankToCustomerStatement `xml:"BkToCstmrStmt"`
 }

+type camtBankToCustomerAccountReport struct {
+	Statements []*camtStatement `xml:"Rpt"`
+}
+
 type camtBankToCustomerStatement struct {
 	Statements []*camtStatement `xml:"Stmt"`
 }
@@ -10,11 +10,30 @@ import (
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 )

+// camt052FileReader defines the structure of camt.052 file reader
+type camt052FileReader struct {
+	xmlDecoder *xml.Decoder
+}
+
 // camt053FileReader defines the structure of camt.053 file reader
 type camt053FileReader struct {
 	xmlDecoder *xml.Decoder
 }

+// read returns the imported camt.052 data
+// Reference: https://www.iso20022.org/message-set/1196/download
+func (r *camt052FileReader) read(ctx core.Context) (*camt052File, error) {
+	file := &camt052File{}
+
+	err := r.xmlDecoder.Decode(&file)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return file, nil
+}
+
 // read returns the imported camt.053 data
 // Reference: https://www.iso20022.org/message-set/1196/download
 func (r *camt053FileReader) read(ctx core.Context) (*camt053File, error) {
@@ -29,6 +48,19 @@ func (r *camt053FileReader) read(ctx core.Context) (*camt053File, error) {
 	return file, nil
 }

+func createNewCamt052FileReader(data []byte) (*camt052FileReader, error) {
+	if len(data) > 5 && data[0] == 0x3C && data[1] == 0x3F && data[2] == 0x78 && data[3] == 0x6D && data[4] == 0x6C { // <?xml
+		xmlDecoder := xml.NewDecoder(bytes.NewReader(data))
+		xmlDecoder.CharsetReader = charset.NewReaderLabel
+
+		return &camt052FileReader{
+			xmlDecoder: xmlDecoder,
+		}, nil
+	}
+
+	return nil, errs.ErrInvalidXmlFile
+}
+
 func createNewCamt053FileReader(data []byte) (*camt053FileReader, error) {
 	if len(data) > 5 && data[0] == 0x3C && data[1] == 0x3F && data[2] == 0x78 && data[3] == 0x6D && data[4] == 0x6C { // <?xml
 		xmlDecoder := xml.NewDecoder(bytes.NewReader(data))
@@ -231,7 +231,7 @@ func (t *camtStatementTransactionDataRowIterator) parseTransaction(ctx core.Cont
 		}

 		data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME] = utils.FormatUnixTimeToLongDateTime(dateTime.Unix(), dateTime.Location())
-		data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIMEZONE] = utils.FormatTimezoneOffset(dateTime.Location())
+		data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIMEZONE] = utils.FormatTimezoneOffset(dateTime.Unix(), dateTime.Location())
 	} else if entry.BookingDate != nil && entry.BookingDate.Date != "" {
 		data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME] = fmt.Sprintf("%s 00:00:00", entry.BookingDate.Date)
 		data[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIMEZONE] = datatable.TRANSACTION_DATA_TABLE_TIMEZONE_NOT_AVAILABLE
@@ -303,12 +303,12 @@ func (t *camtStatementTransactionDataRowIterator) parseTransaction(ctx core.Cont
 	return data, nil
 }

-func createNewCamtStatementTransactionDataTable(file *camt053File) (*camtStatementTransactionDataTable, error) {
-	if file == nil || file.BankToCustomerStatement == nil || len(file.BankToCustomerStatement.Statements) == 0 {
+func createNewCamtStatementTransactionDataTable(camtStatements []*camtStatement) (*camtStatementTransactionDataTable, error) {
+	if len(camtStatements) == 0 {
 		return nil, errs.ErrNotFoundTransactionDataInFile
 	}

 	return &camtStatementTransactionDataTable{
-		allStatements: file.BankToCustomerStatement.Statements,
+		allStatements: camtStatements,
 	}, nil
 }
@@ -1,8 +1,11 @@
 package camt

 import (
+	"time"
+
 	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
+	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )
@@ -13,17 +16,51 @@ var camtTransactionTypeNameMapping = map[models.TransactionType]string{
 	models.TRANSACTION_TYPE_TRANSFER: utils.IntToString(int(models.TRANSACTION_TYPE_TRANSFER)),
 }

+// camt052TransactionDataImporter defines the structure of camt.052 file importer for transaction data
+type camt052TransactionDataImporter struct {
+}
+
 // camt053TransactionDataImporter defines the structure of camt.053 file importer for transaction data
 type camt053TransactionDataImporter struct {
 }

-// Initialize a camt.053 transaction data importer singleton instance
+// Initialize camt.052 and camt.053 transaction data importer singleton instances
 var (
+	Camt052TransactionDataImporter = &camt052TransactionDataImporter{}
 	Camt053TransactionDataImporter = &camt053TransactionDataImporter{}
 )

+// ParseImportedData returns the imported data by parsing the camt.052 file transaction data
+func (c *camt052TransactionDataImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezone *time.Location, additionalOptions converter.TransactionDataImporterOptions, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
+	camt052DataReader, err := createNewCamt052FileReader(data)
+
+	if err != nil {
+		return nil, nil, nil, nil, nil, nil, err
+	}
+
+	camt052Data, err := camt052DataReader.read(ctx)
+
+	if err != nil {
+		return nil, nil, nil, nil, nil, nil, err
+	}
+
+	if camt052Data.BankToCustomerAccountReport == nil || camt052Data.BankToCustomerAccountReport.Statements == nil {
+		return nil, nil, nil, nil, nil, nil, errs.ErrNotFoundTransactionDataInFile
+	}
+
+	transactionDataTable, err := createNewCamtStatementTransactionDataTable(camt052Data.BankToCustomerAccountReport.Statements)
+
+	if err != nil {
+		return nil, nil, nil, nil, nil, nil, err
+	}
+
+	dataTableImporter := converter.CreateNewSimpleImporterWithTypeNameMapping(camtTransactionTypeNameMapping)
+
+	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezone, additionalOptions, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+}
+
 // ParseImportedData returns the imported data by parsing the camt.053 file transaction data
-func (c *camt053TransactionDataImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezoneOffset int16, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
+func (c *camt053TransactionDataImporter) ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezone *time.Location, additionalOptions converter.TransactionDataImporterOptions, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
 	camt053DataReader, err := createNewCamt053FileReader(data)

 	if err != nil {
@@ -36,7 +73,11 @@ func (c *camt053TransactionDataImporter) ParseImportedData(ctx core.Context, use
 		return nil, nil, nil, nil, nil, nil, err
 	}

-	transactionDataTable, err := createNewCamtStatementTransactionDataTable(camt053Data)
+	if camt053Data.BankToCustomerStatement == nil || camt053Data.BankToCustomerStatement.Statements == nil {
+		return nil, nil, nil, nil, nil, nil, errs.ErrNotFoundTransactionDataInFile
+	}
+
+	transactionDataTable, err := createNewCamtStatementTransactionDataTable(camt053Data.BankToCustomerStatement.Statements)

 	if err != nil {
 		return nil, nil, nil, nil, nil, nil, err
@@ -44,5 +85,5 @@ func (c *camt053TransactionDataImporter) ParseImportedData(ctx core.Context, use

 	dataTableImporter := converter.CreateNewSimpleImporterWithTypeNameMapping(camtTransactionTypeNameMapping)

-	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezoneOffset, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
+	return dataTableImporter.ParseImportedData(ctx, user, transactionDataTable, defaultTimezone, additionalOptions, accountMap, expenseCategoryMap, incomeCategoryMap, transferCategoryMap, tagMap)
 }
@@ -2,17 +2,19 @@ package camt

 import (
 	"testing"
+	"time"

 	"github.com/stretchr/testify/assert"

+	"github.com/mayswind/ezbookkeeping/pkg/converters/converter"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/errs"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 	"github.com/mayswind/ezbookkeeping/pkg/utils"
 )

-func TestCamt053TransactionDataFileParseImportedData_MinimumValidData(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+func TestCamt052TransactionDataFileParseImportedData_MinimumValidData(t *testing.T) {
+	importer := Camt052TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -20,7 +22,110 @@ func TestCamt053TransactionDataFileParseImportedData_MinimumValidData(t *testing
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := importer.ParseImportedData(context, user, []byte(
+		`<?xml version="1.0" encoding="UTF-8"?>
+		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.052.001.02">
+			<BkToCstmrAcctRpt>
+				<Rpt>
+					<Acct>
+						<Id>
+							<IBAN>123</IBAN>
+						</Id>
+						<Ccy>CNY</Ccy>
+					</Acct>
+					<Ntry>
+						<BookgDt>
+							<DtTm>2024-09-01T01:23:45+08:00</DtTm>
+						</BookgDt>
+						<CdtDbtInd>CRDT</CdtDbtInd>
+						<Amt Ccy="CNY">123.45</Amt>
+					</Ntry>
+					<Ntry>
+						<BookgDt>
+							<DtTm>2024-09-01T12:34:56+08:00</DtTm>
+						</BookgDt>
+						<CdtDbtInd>DBIT</CdtDbtInd>
+						<Amt Ccy="CNY">0.12</Amt>
+					</Ntry>
+				</Rpt>
+				<Rpt>
+					<Acct>
+						<Id>
+							<Othr>
+								<Id>456</Id>
+							</Othr>
+						</Id>
+						<Ccy>USD</Ccy>
+					</Acct>
+					<Ntry>
+						<BookgDt>
+							<DtTm>2024-09-01T23:59:59+08:00</DtTm>
+						</BookgDt>
+						<CdtDbtInd>CRDT</CdtDbtInd>
+						<Amt Ccy="USD">1.23</Amt>
+					</Ntry>
+				</Rpt>
+			</BkToCstmrAcctRpt>
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
+
+	assert.Nil(t, err)
+
+	assert.Equal(t, 3, len(allNewTransactions))
+	assert.Equal(t, 2, len(allNewAccounts))
+	assert.Equal(t, 1, len(allNewSubExpenseCategories))
+	assert.Equal(t, 1, len(allNewSubIncomeCategories))
+	assert.Equal(t, 0, len(allNewSubTransferCategories))
+	assert.Equal(t, 0, len(allNewTags))
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[0].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_INCOME, allNewTransactions[0].Type)
+	assert.Equal(t, int64(1725125025), utils.GetUnixTimeFromTransactionTime(allNewTransactions[0].TransactionTime))
+	assert.Equal(t, int64(12345), allNewTransactions[0].Amount)
+	assert.Equal(t, "123", allNewTransactions[0].OriginalSourceAccountName)
+	assert.Equal(t, "CNY", allNewTransactions[0].OriginalSourceAccountCurrency)
+	assert.Equal(t, "", allNewTransactions[0].OriginalCategoryName)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[1].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_EXPENSE, allNewTransactions[1].Type)
+	assert.Equal(t, int64(1725165296), utils.GetUnixTimeFromTransactionTime(allNewTransactions[1].TransactionTime))
+	assert.Equal(t, int64(12), allNewTransactions[1].Amount)
+	assert.Equal(t, "123", allNewTransactions[1].OriginalSourceAccountName)
+	assert.Equal(t, "CNY", allNewTransactions[1].OriginalSourceAccountCurrency)
+	assert.Equal(t, "", allNewTransactions[1].OriginalCategoryName)
+
+	assert.Equal(t, int64(1234567890), allNewTransactions[2].Uid)
+	assert.Equal(t, models.TRANSACTION_DB_TYPE_INCOME, allNewTransactions[2].Type)
+	assert.Equal(t, int64(1725206399), utils.GetUnixTimeFromTransactionTime(allNewTransactions[2].TransactionTime))
+	assert.Equal(t, int64(123), allNewTransactions[2].Amount)
+	assert.Equal(t, "456", allNewTransactions[2].OriginalSourceAccountName)
+	assert.Equal(t, "USD", allNewTransactions[2].OriginalSourceAccountCurrency)
+	assert.Equal(t, "", allNewTransactions[2].OriginalCategoryName)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[0].Uid)
+	assert.Equal(t, "123", allNewAccounts[0].Name)
+	assert.Equal(t, "CNY", allNewAccounts[0].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewAccounts[1].Uid)
+	assert.Equal(t, "456", allNewAccounts[1].Name)
+	assert.Equal(t, "USD", allNewAccounts[1].Currency)
+
+	assert.Equal(t, int64(1234567890), allNewSubExpenseCategories[0].Uid)
+	assert.Equal(t, "", allNewSubExpenseCategories[0].Name)
+
+	assert.Equal(t, int64(1234567890), allNewSubIncomeCategories[0].Uid)
+	assert.Equal(t, "", allNewSubIncomeCategories[0].Name)
+}
+
+func TestCamt053TransactionDataFileParseImportedData_MinimumValidData(t *testing.T) {
+	importer := Camt053TransactionDataImporter
+	context := core.NewNullContext()
+
+	user := &models.User{
+		Uid:             1234567890,
+		DefaultCurrency: "CNY",
+	}
+
+	allNewTransactions, allNewAccounts, allNewSubExpenseCategories, allNewSubIncomeCategories, allNewSubTransferCategories, allNewTags, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -64,7 +169,7 @@ func TestCamt053TransactionDataFileParseImportedData_MinimumValidData(t *testing
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)

@@ -115,7 +220,7 @@ func TestCamt053TransactionDataFileParseImportedData_MinimumValidData(t *testing
 }

 func TestCamt053TransactionDataFileParseImportedData_ParseValidTransactionTime(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+	importer := Camt053TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -123,7 +228,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseValidTransactionTime(t
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -157,7 +262,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseValidTransactionTime(t
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 3, len(allNewTransactions))
@@ -168,7 +273,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseValidTransactionTime(t
 }

 func TestCamt053TransactionDataFileParseImportedData_ParseInvalidTransactionTime(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+	importer := Camt053TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -176,7 +281,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseInvalidTransactionTime
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -196,10 +301,10 @@ func TestCamt053TransactionDataFileParseImportedData_ParseInvalidTransactionTime
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -219,10 +324,10 @@ func TestCamt053TransactionDataFileParseImportedData_ParseInvalidTransactionTime
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -242,10 +347,10 @@ func TestCamt053TransactionDataFileParseImportedData_ParseInvalidTransactionTime
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -265,12 +370,12 @@ func TestCamt053TransactionDataFileParseImportedData_ParseInvalidTransactionTime
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrTransactionTimeInvalid.Message)
 }

 func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmountAndCurrency(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+	importer := Camt053TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -278,7 +383,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -314,7 +419,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 2, len(allNewTransactions))
@@ -323,7 +428,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 	assert.Equal(t, "USD", allNewTransactions[1].OriginalSourceAccountCurrency)
 	assert.Equal(t, int64(10023), allNewTransactions[1].Amount)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -365,7 +470,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 2, len(allNewTransactions))
@@ -374,7 +479,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 	assert.Equal(t, "USD", allNewTransactions[1].OriginalSourceAccountCurrency)
 	assert.Equal(t, int64(9999), allNewTransactions[1].Amount)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -403,14 +508,14 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(allNewTransactions))
 	assert.Equal(t, "USD", allNewTransactions[0].OriginalSourceAccountCurrency)
 	assert.Equal(t, int64(12345), allNewTransactions[0].Amount)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -430,7 +535,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(allNewTransactions))
@@ -439,7 +544,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionValidAmount
 }

 func TestCamt053TransactionDataFileParseImportedData_ParseTransactionInvalidAmountAndCurrency(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+	importer := Camt053TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -447,7 +552,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionInvalidAmou
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -467,10 +572,10 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionInvalidAmou
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrAmountInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -498,10 +603,10 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionInvalidAmou
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrAmountInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -529,12 +634,12 @@ func TestCamt053TransactionDataFileParseImportedData_ParseTransactionInvalidAmou
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrAmountInvalid.Message)
 }

 func TestCamt053TransactionDataFileParseImportedData_ParseDescription(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+	importer := Camt053TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -542,7 +647,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseDescription(t *testing
 		DefaultCurrency: "CNY",
 	}

-	allNewTransactions, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -572,13 +677,13 @@ func TestCamt053TransactionDataFileParseImportedData_ParseDescription(t *testing
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(allNewTransactions))
 	assert.Equal(t, "Test Transaction", allNewTransactions[0].Comment)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -607,13 +712,13 @@ func TestCamt053TransactionDataFileParseImportedData_ParseDescription(t *testing
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(allNewTransactions))
 	assert.Equal(t, "Test Line 1\nTest Line 2", allNewTransactions[0].Comment)

-	allNewTransactions, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	allNewTransactions, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -634,7 +739,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseDescription(t *testing
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)

 	assert.Nil(t, err)
 	assert.Equal(t, 1, len(allNewTransactions))
@@ -642,7 +747,7 @@ func TestCamt053TransactionDataFileParseImportedData_ParseDescription(t *testing
 }

 func TestCamt053TransactionDataFileParseImportedData_MissingAccountNode(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+	importer := Camt053TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -650,7 +755,7 @@ func TestCamt053TransactionDataFileParseImportedData_MissingAccountNode(t *testi
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -664,12 +769,12 @@ func TestCamt053TransactionDataFileParseImportedData_MissingAccountNode(t *testi
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrMissingAccountData.Message)
 }

 func TestCamt053TransactionDataFileParseImportedData_MissingTransactionRequiredNode(t *testing.T) {
-	converter := Camt053TransactionDataImporter
+	importer := Camt053TransactionDataImporter
 	context := core.NewNullContext()

 	user := &models.User{
@@ -677,7 +782,7 @@ func TestCamt053TransactionDataFileParseImportedData_MissingTransactionRequiredN
 		DefaultCurrency: "CNY",
 	}

-	_, _, _, _, _, _, err := converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err := importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -694,10 +799,10 @@ func TestCamt053TransactionDataFileParseImportedData_MissingTransactionRequiredN
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrMissingTransactionTime.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -716,10 +821,10 @@ func TestCamt053TransactionDataFileParseImportedData_MissingTransactionRequiredN
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrTransactionTypeInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -738,10 +843,10 @@ func TestCamt053TransactionDataFileParseImportedData_MissingTransactionRequiredN
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrAmountInvalid.Message)

-	_, _, _, _, _, _, err = converter.ParseImportedData(context, user, []byte(
+	_, _, _, _, _, _, err = importer.ParseImportedData(context, user, []byte(
 		`<?xml version="1.0" encoding="UTF-8"?>
 		<Document xmlns="urn:iso:std:iso:20022:tech:xsd:camt.053.001.02">
 			<BkToCstmrStmt>
@@ -760,6 +865,6 @@ func TestCamt053TransactionDataFileParseImportedData_MissingTransactionRequiredN
 					</Ntry>
 				</Stmt>
 			</BkToCstmrStmt>
-		</Document>`), 0, nil, nil, nil, nil, nil)
+		</Document>`), time.UTC, converter.DefaultImporterOptions, nil, nil, nil, nil, nil)
 	assert.EqualError(t, err, errs.ErrAccountCurrencyInvalid.Message)
 }
@@ -28,10 +28,11 @@ func (c *DataTableTransactionDataExporter) BuildExportedContent(ctx core.Context
 		}

 		dataRowMap := make(map[datatable.TransactionDataTableColumn]string, 15)
+		transactionUnixTime := utils.GetUnixTimeFromTransactionTime(transaction.TransactionTime)
 		transactionTimeZone := time.FixedZone("Transaction Timezone", int(transaction.TimezoneUtcOffset)*60)

-		dataRowMap[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME] = utils.FormatUnixTimeToLongDateTime(utils.GetUnixTimeFromTransactionTime(transaction.TransactionTime), transactionTimeZone)
-		dataRowMap[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIMEZONE] = utils.FormatTimezoneOffset(transactionTimeZone)
+		dataRowMap[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME] = utils.FormatUnixTimeToLongDateTime(transactionUnixTime, transactionTimeZone)
+		dataRowMap[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIMEZONE] = utils.FormatTimezoneOffset(transactionUnixTime, transactionTimeZone)
 		dataRowMap[datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TYPE] = dataTableBuilder.ReplaceDelimiters(c.getDisplayTransactionTypeName(transaction.Type))
 		dataRowMap[datatable.TRANSACTION_DATA_TABLE_CATEGORY] = c.getExportedTransactionCategoryName(dataTableBuilder, transaction.CategoryId, categoryMap)
 		dataRowMap[datatable.TRANSACTION_DATA_TABLE_SUB_CATEGORY] = c.getExportedTransactionSubCategoryName(dataTableBuilder, transaction.CategoryId, categoryMap)
@@ -3,6 +3,7 @@ package converter
 import (
 	"sort"
 	"strings"
+	"time"

 	"github.com/mayswind/ezbookkeeping/pkg/converters/datatable"
 	"github.com/mayswind/ezbookkeeping/pkg/core"
@@ -29,7 +30,7 @@ type DataTableTransactionDataImporter struct {
 }

 // ParseImportedData returns the imported transaction data
-func (c *DataTableTransactionDataImporter) ParseImportedData(ctx core.Context, user *models.User, dataTable datatable.TransactionDataTable, defaultTimezoneOffset int16, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
+func (c *DataTableTransactionDataImporter) ParseImportedData(ctx core.Context, user *models.User, dataTable datatable.TransactionDataTable, defaultTimezone *time.Location, additionalOptions TransactionDataImporterOptions, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error) {
 	if dataTable.TransactionRowCount() < 1 {
 		log.Errorf(ctx, "[data_table_transaction_data_importer.ParseImportedData] cannot parse import data for user \"uid:%d\", because data table row count is less 1", user.Uid)
 		return nil, nil, nil, nil, nil, nil, errs.ErrNotFoundTransactionDataInFile
@@ -94,7 +95,7 @@ func (c *DataTableTransactionDataImporter) ParseImportedData(ctx core.Context, u
 			continue
 		}

-		timezoneOffset := defaultTimezoneOffset
+		timezone := defaultTimezone

 		if dataTable.HasColumn(datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIMEZONE) &&
 			dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIMEZONE) != datatable.TRANSACTION_DATA_TABLE_TIMEZONE_NOT_AVAILABLE {
@@ -105,10 +106,10 @@ func (c *DataTableTransactionDataImporter) ParseImportedData(ctx core.Context, u
 				return nil, nil, nil, nil, nil, nil, errs.ErrTransactionTimeZoneInvalid
 			}

-			timezoneOffset = utils.GetTimezoneOffsetMinutes(transactionTimezone)
+			timezone = transactionTimezone
 		}

-		transactionTime, err := utils.ParseFromLongDateTime(dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME), timezoneOffset)
+		transactionTime, err := utils.ParseFromLongDateTimeInTimeZone(dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME), timezone)

 		if err != nil {
 			log.Errorf(ctx, "[data_table_transaction_data_importer.ParseImportedData] cannot parse time \"%s\" in data row \"index:%d\" for user \"uid:%d\", because %s", dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_TRANSACTION_TIME), dataRowIndex, user.Uid, err.Error())
@@ -303,6 +304,7 @@ func (c *DataTableTransactionDataImporter) ParseImportedData(ctx core.Context, u

 		var tagIds []string
 		var tagNames []string
+		tagNamesMap := make(map[string]bool)

 		if dataTable.HasColumn(datatable.TRANSACTION_DATA_TABLE_TAGS) {
 			var tagNameItems []string
@@ -320,19 +322,39 @@ func (c *DataTableTransactionDataImporter) ParseImportedData(ctx core.Context, u
 					continue
 				}

-				tag, exists := tagMap[tagName]
+				allNewTags, tagIds, tagNames = c.addTag(user, tagName, tagNamesMap, tagMap, allNewTags, tagIds, tagNames)
+			}
+		}

-				if !exists {
-					tag = c.createNewTransactionTagModel(user.Uid, tagName)
-					allNewTags = append(allNewTags, tag)
-					tagMap[tagName] = tag
-				}
+		if dataTable.HasColumn(datatable.TRANSACTION_DATA_TABLE_PAYEE) && additionalOptions.IsPayeeAsTag() {
+			payee := dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_PAYEE)

-				if tag != nil {
-					tagIds = append(tagIds, utils.Int64ToString(tag.TagId))
-				}
+			if payee != "" {
+				allNewTags, tagIds, tagNames = c.addTag(user, payee, tagNamesMap, tagMap, allNewTags, tagIds, tagNames)
+			}
+		}

-				tagNames = append(tagNames, tagName)
+		if dataTable.HasColumn(datatable.TRANSACTION_DATA_TABLE_MEMBER) && additionalOptions.IsMemberAsTag() {
+			member := dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_MEMBER)
+
+			if member != "" {
+				allNewTags, tagIds, tagNames = c.addTag(user, member, tagNamesMap, tagMap, allNewTags, tagIds, tagNames)
+			}
+		}
+
+		if dataTable.HasColumn(datatable.TRANSACTION_DATA_TABLE_PROJECT) && additionalOptions.IsProjectAsTag() {
+			project := dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_PROJECT)
+
+			if project != "" {
+				allNewTags, tagIds, tagNames = c.addTag(user, project, tagNamesMap, tagMap, allNewTags, tagIds, tagNames)
+			}
+		}
+
+		if dataTable.HasColumn(datatable.TRANSACTION_DATA_TABLE_MERCHANT) && additionalOptions.IsMerchantAsTag() {
+			merchant := dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_MERCHANT)
+
+			if merchant != "" {
+				allNewTags, tagIds, tagNames = c.addTag(user, merchant, tagNamesMap, tagMap, allNewTags, tagIds, tagNames)
 			}
 		}

@@ -342,13 +364,17 @@ func (c *DataTableTransactionDataImporter) ParseImportedData(ctx core.Context, u
 			description = dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_DESCRIPTION)
 		}

+		if description == "" && additionalOptions.IsPayeeAsDescription() && dataTable.HasColumn(datatable.TRANSACTION_DATA_TABLE_PAYEE) {
+			description = dataRow.GetData(datatable.TRANSACTION_DATA_TABLE_PAYEE)
+		}
+
 		transaction := &models.ImportTransaction{
 			Transaction: &models.Transaction{
 				Uid:                  user.Uid,
 				Type:                 transactionDbType,
 				CategoryId:           categoryId,
 				TransactionTime:      utils.GetMinTransactionTimeFromUnixTime(transactionTime.Unix()),
-				TimezoneUtcOffset:    timezoneOffset,
+				TimezoneUtcOffset:    utils.GetTimezoneOffsetMinutes(transactionTime.Unix(), timezone),
 				AccountId:            account.AccountId,
 				Amount:               amount,
 				HideAmount:           false,
@@ -459,6 +485,27 @@ func (c *DataTableTransactionDataImporter) getTransactionCategory(categories map
 	return subCategory, exists
 }

+func (c *DataTableTransactionDataImporter) addTag(user *models.User, tagName string, tagNamesMap map[string]bool, tagMap map[string]*models.TransactionTag, allNewTags []*models.TransactionTag, tagIds []string, tagNames []string) ([]*models.TransactionTag, []string, []string) {
+	if tagName != "" && !tagNamesMap[tagName] {
+		tag, exists := tagMap[tagName]
+
+		if !exists {
+			tag = c.createNewTransactionTagModel(user.Uid, tagName)
+			allNewTags = append(allNewTags, tag)
+			tagMap[tagName] = tag
+		}
+
+		if tag != nil {
+			tagIds = append(tagIds, utils.Int64ToString(tag.TagId))
+		}
+
+		tagNames = append(tagNames, tagName)
+		tagNamesMap[tagName] = true
+	}
+
+	return allNewTags, tagIds, tagNames
+}
+
 func (c *DataTableTransactionDataImporter) createNewAccountModel(uid int64, accountName string, currency string) *models.Account {
 	return &models.Account{
 		Uid:      uid,
@@ -1,6 +1,8 @@
 package converter

 import (
+	"time"
+
 	"github.com/mayswind/ezbookkeeping/pkg/core"
 	"github.com/mayswind/ezbookkeeping/pkg/models"
 )
@@ -14,7 +16,7 @@ type TransactionDataExporter interface {
 // TransactionDataImporter defines the structure of transaction data importer
 type TransactionDataImporter interface {
 	// ParseImportedData returns the imported data
-	ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezoneOffset int16, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error)
+	ParseImportedData(ctx core.Context, user *models.User, data []byte, defaultTimezone *time.Location, additionalOptions TransactionDataImporterOptions, accountMap map[string]*models.Account, expenseCategoryMap map[string]map[string]*models.TransactionCategory, incomeCategoryMap map[string]map[string]*models.TransactionCategory, transferCategoryMap map[string]map[string]*models.TransactionCategory, tagMap map[string]*models.TransactionTag) (models.ImportedTransactionSlice, []*models.Account, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionCategory, []*models.TransactionTag, error)
 }

 // TransactionDataConverter defines the structure of transaction data converter
--- a/Show More
+++ b/Show More