feat: Add CI/CD setup guide with Gitea Actions for trading analysis application

feat: Implement multi-user support with separate brokerage accounts and user authentication

feat: Configure SSO authentication setup using Google OAuth 2.0 for secure access

refactor: Update index page to reflect new Trading Analysis Dashboard features and descriptions

docs: Enhance quickstart guide for deploying Trading Analysis Dashboard with detailed steps

chore: Add runner configuration for Gitea Actions with logging and container settings

guides/setup/sso.mdx

@@ -0,0 +1,234 @@
+---
+title: 'SSO Authentication Setup'
+description: 'Configure Google OAuth 2.0 authentication for your Trading Analysis Dashboard'
+---
+
+## Overview
+
+This guide will help you configure Google OAuth 2.0 authentication for secure access to your Trading Analysis Dashboard.
+
+## Step 1: Create Google OAuth Application
+
+<Steps>
+  <Step title="Access Google Cloud Console">
+    Visit [Google Cloud Console](https://console.cloud.google.com/) and sign in with your Google account
+  </Step>
+  
+  <Step title="Create a New Project">
+    - Click "Select a project" → "New Project"
+    - Name: "Trading Dashboard"
+    - Click "Create"
+  </Step>
+  
+  <Step title="Enable Google+ API">
+    - Go to "APIs & Services" → "Library"
+    - Search for "Google+ API" and enable it
+    - Also enable "Google Identity" if available
+  </Step>
+  
+  <Step title="Create OAuth 2.0 Credentials">
+    - Go to "APIs & Services" → "Credentials"
+    - Click "Create Credentials" → "OAuth 2.0 Client IDs"
+    - Choose "Web application"
+    - Name: "Trading Dashboard Auth"
+  </Step>
+  
+  <Step title="Configure Authorized URLs">
+    Add the following URLs:
+    
+    **Authorized JavaScript origins:**
+    - `https://performance.miningwood.com`
+    - `http://localhost:8080` (for testing)
+    
+    **Authorized redirect URIs:**
+    - `https://performance.miningwood.com/auth/callback`
+    - `http://localhost:8080/auth/callback` (for testing)
+  </Step>
+  
+  <Step title="Copy Credentials">
+    Copy the "Client ID" and "Client Secret" for the next step
+  </Step>
+</Steps>
+
+## Step 2: Configure Environment Variables
+
+Update your `.env.docker` file with the OAuth credentials:
+
+```bash .env.docker
+# OAuth Configuration
+GOOGLE_CLIENT_ID=your-actual-client-id.apps.googleusercontent.com
+GOOGLE_CLIENT_SECRET=your-actual-client-secret
+
+# Authorized Users (your email addresses)
+AUTHORIZED_USERS=your-email@gmail.com,admin@company.com
+```
+
+<Warning>
+  Never commit your `.env` files to version control. Keep them secure and out of your repository.
+</Warning>
+
+## Step 3: Update and Deploy
+
+### Rebuild the application
+
+```bash
+docker compose build trading_app
+docker compose restart trading_app
+```
+
+### Test the authentication
+
+<Steps>
+  <Step title="Visit your application">
+    Navigate to `https://performance.miningwood.com`
+  </Step>
+  
+  <Step title="Login">
+    You should be redirected to the login page. Click "Sign in with Google"
+  </Step>
+  
+  <Step title="Authorize">
+    Authorize the application when prompted by Google
+  </Step>
+  
+  <Step title="Access granted">
+    You should be redirected back and logged in successfully
+  </Step>
+</Steps>
+
+## Security Features
+
+<CardGroup cols={2}>
+  <Card title="OAuth 2.0 with Google" icon="shield-check">
+    Industry standard authentication protocol
+  </Card>
+  <Card title="User Authorization" icon="users">
+    Only specific email addresses can access
+  </Card>
+  <Card title="Session Management" icon="clock">
+    Secure server-side sessions with expiration
+  </Card>
+  <Card title="HTTPS Enforcement" icon="lock">
+    All authentication over encrypted connections
+  </Card>
+</CardGroup>
+
+## User Management
+
+### Add Users
+
+Add email addresses to `AUTHORIZED_USERS` in `.env.docker`, separated by commas:
+
+```bash
+AUTHORIZED_USERS=user1@example.com,user2@example.com,user3@example.com
+```
+
+Then restart the application:
+
+```bash
+docker compose restart trading_app
+```
+
+### Remove Users
+
+Remove email addresses from `AUTHORIZED_USERS` and restart the application.
+
+<Note>
+  Leave `AUTHORIZED_USERS` empty to allow all users (not recommended for production)
+</Note>
+
+## Troubleshooting
+
+<AccordionGroup>
+  <Accordion title="Authentication failed">
+    - Check that Client ID and Secret are correct in `.env.docker`
+    - Verify redirect URLs match exactly in Google Cloud Console
+    - Ensure Google+ API is enabled
+    - Check application logs: `docker compose logs trading_app`
+  </Accordion>
+  
+  <Accordion title="Access denied">
+    - Verify your email is in `AUTHORIZED_USERS`
+    - Ensure email case matches exactly
+    - Check for extra spaces in the email list
+  </Accordion>
+  
+  <Accordion title="Login loop">
+    - Clear browser cookies for your domain
+    - Verify Flask secret key is set in `.env.docker`
+    - Check session configuration in application logs
+  </Accordion>
+  
+  <Accordion title="Callback URL mismatch">
+    Ensure the redirect URIs in Google Cloud Console match your deployment:
+    - Use `https://` for production
+    - Include the exact domain and path
+    - No trailing slashes
+  </Accordion>
+</AccordionGroup>
+
+## Alternative OAuth Providers
+
+You can also configure other OAuth providers:
+
+<Tabs>
+  <Tab title="GitHub OAuth">
+    ```bash .env.docker
+    GITHUB_CLIENT_ID=your-github-client-id
+    GITHUB_CLIENT_SECRET=your-github-client-secret
+    ```
+    
+    1. Create OAuth App at https://github.com/settings/developers
+    2. Set Authorization callback URL to `https://your-domain.com/auth/callback`
+  </Tab>
+  
+  <Tab title="Microsoft OAuth">
+    ```bash .env.docker
+    MICROSOFT_CLIENT_ID=your-microsoft-client-id
+    MICROSOFT_CLIENT_SECRET=your-microsoft-client-secret
+    ```
+    
+    1. Register app at https://portal.azure.com
+    2. Add redirect URI in Authentication settings
+  </Tab>
+</Tabs>
+
+<Info>
+  Contact your administrator if you need help configuring alternative providers.
+</Info>
+
+## Testing OAuth Configuration
+
+To test your OAuth setup locally:
+
+```bash
+# Start the application locally
+docker compose up -d
+
+# Check logs for any OAuth errors
+docker compose logs -f trading_app
+
+# Visit localhost
+open http://localhost:8080
+```
+
+## Security Checklist
+
+- [ ] OAuth credentials are stored in `.env` files, not in code
+- [ ] `.env` files are in `.gitignore`
+- [ ] `AUTHORIZED_USERS` list is properly configured
+- [ ] HTTPS is enabled in production
+- [ ] Strong `FLASK_SECRET_KEY` is set
+- [ ] Redirect URIs are exact matches in Google Cloud Console
+- [ ] Google+ API is enabled
+
+## Next Steps
+
+<CardGroup cols={2}>
+  <Card title="Multi-User Setup" icon="users" href="/guides/setup/multi-user">
+    Configure multi-user support with brokerage accounts
+  </Card>
+  <Card title="Deployment" icon="rocket" href="/guides/deployment/docker">
+    Deploy your application to production
+  </Card>
+</CardGroup>