Complete setup instructions for the Drawdown Portfolio Tracker.
- Node.js 18+ installed
- npm or yarn package manager
- Google Cloud Console account
- Microsoft Azure account (optional, for Microsoft login)
git clone https://github.com/ric-v/drawdown.git
cd drawdown
npm installCreate a .env.local file in the root directory:
# Next Auth
AUTH_SECRET="your-random-secret-key-at-least-32-chars" # Run: openssl rand -base64 32
AUTH_URL="http://localhost:3000" # Or your production URL
# Google OAuth
AUTH_GOOGLE_ID="your-google-client-id"
AUTH_GOOGLE_SECRET="your-google-client-secret"
# Microsoft Entra ID (Azure AD) - Optional
AUTH_MICROSOFT_ENTRA_ID_ID="your-application-client-id"
AUTH_MICROSOFT_ENTRA_ID_SECRET="your-client-secret-value"
AUTH_MICROSOFT_ENTRA_ID_TENANT_ID="common" # Use 'common' for multi-tenantopenssl rand -base64 32- Go to Google Cloud Console
- Create a new project (e.g., "Daily Portfolio Tracker")
- Navigate to APIs & Services > Credentials
- Click Create Credentials > OAuth client ID
- Select Web application
- Set Authorized redirect URIs:
- Development:
http://localhost:3000/api/auth/callback/google - Production:
https://your-domain.com/api/auth/callback/google
- Development:
- Copy Client ID and Client Secret to
.env.local
- Go to APIs & Services > Library
- Search for "Google Drive API"
- Click Enable
Why: The application uses Google Drive to store trade data files.
- Go to Azure Portal
- Search for App registrations
- Click New registration
- Name: Drawdown
- Supported account types: Accounts in any organizational directory and personal Microsoft accounts
- Redirect URI: Web →
http://localhost:3000/api/auth/callback/microsoft-entra-id
- Click Register
- Copy Application (client) ID to
.env.localasAUTH_MICROSOFT_ENTRA_ID_ID
- Go to Certificates & secrets (sidebar)
- Click New client secret
- Add description and expiry period
- Copy the Value immediately to
.env.localasAUTH_MICROSOFT_ENTRA_ID_SECRET⚠️ The secret value is only shown once!
- Go to API Permissions (sidebar)
- Click Add a permission > Microsoft Graph > Delegated permissions
- Add these permissions:
User.Read(should be there by default)Files.ReadWrite(for OneDrive storage)
- Click Add permissions
Start the development server:
npm run devOpen http://localhost:3000 in your browser.
- ✅ Application loads without errors
- ✅ Login with Google works
- ✅ Login with Microsoft works (if configured)
- ✅ User profile displays after login
- ✅ Can add daily P&L entries
- ✅ Dashboard shows portfolio metrics
Solution: Ensure all required variables in .env.local are set:
AUTH_SECRETAUTH_URLAUTH_GOOGLE_IDAUTH_GOOGLE_SECRET
Restart the development server after adding variables.
Solution: Check that redirect URIs in Google/Microsoft console exactly match:
- Development:
http://localhost:3000/api/auth/callback/{provider} - Production:
https://your-domain.com/api/auth/callback/{provider}
Solution: Enable Google Drive API in Google Cloud Console:
- APIs & Services > Library
- Search "Google Drive API"
- Click Enable
- AUTH_SECRET: Generate with
openssl rand -base64 32. Change for each deployment. - OAuth Tokens: Automatically refreshed every hour. Access tokens expire after 1 hour, refresh tokens are longer-lived.
- Session: JWT-based, expires after 30 days of inactivity.
- Environment Variables: Never commit
.env.localto version control. - Production: Always use HTTPS for production deployments.