Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: re-secure fp-patch
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m11s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-consent (push) Successful in 36s
Details
CI / test-python-voice (push) Successful in 36s
Details
CI / test-bqas (push) Successful in 36s
Details

Browse Source
This commit is contained in:
Benjamin Admin
2026-04-23 10:26:16 +02:00
parent 4151098c12
commit 3eacb7e580
2 changed files with 11 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
pitch-deck/app/api/admin/fp-patch/route.ts
View File

@@ -1,27 +1,17 @@
import { NextResponse } from 'next/server'
import { NextRequest, NextResponse } from 'next/server'
import { requireAdmin } from '@/lib/admin-auth'
import pool from '@/lib/db'
import { computeFinanzplan } from '@/lib/finanzplan/engine'
export async function POST() {
const VER = 'b7204781-aba0-45cc-a655-a0ff88d1173a'
const BASE_ID = '4b8a6fac-0105-499e-8946-80bc4e3c2476'
/** Admin-only: recompute a Finanzplan scenario. */
export async function POST(request: NextRequest) {
const guard = await requireAdmin(request)
if (guard.kind === 'response') return guard.response
// Update version's fm_scenarios to point to the correct Base Case ID
const newScenarios = [
{ id: BASE_ID, name: 'Base Case', color: '#6366f1', is_default: true, description: 'Konservative Schätzung mit realistischen Wachstumsraten' },
{ id: 'd0000000-0000-0000-0000-000000000301', name: '1 Mio Bear', color: '#ef4444', is_default: false, description: 'Pessimistisches Szenario' },
{ id: 'd0000000-0000-0000-0000-000000000302', name: '1 Mio Bull', color: '#22c55e', is_default: false, description: 'Optimistisches Szenario' },
]
const body = await request.json().catch(() => ({}))
const scenarioId = body.scenarioId || (await pool.query("SELECT id FROM fp_scenarios WHERE is_default = true LIMIT 1")).rows[0]?.id
if (!scenarioId) return NextResponse.json({ error: 'No scenario found' }, { status: 404 })
await pool.query(
`UPDATE pitch_version_data SET data=$1 WHERE version_id=$2 AND table_name='fm_scenarios'`,
[JSON.stringify(newScenarios), VER]
)
// Recompute Base Case
const r = await computeFinanzplan(pool, BASE_ID)
const { rows: liq } = await pool.query(
`SELECT (values->>'m24')::numeric as dec27, (values->>'m36')::numeric as dec28, (values->>'m60')::numeric as dec30 FROM fp_liquiditaet WHERE scenario_id=$1 AND row_label='LIQUIDITÄT'`, [BASE_ID])
return NextResponse.json({ ok: true, fixed: true, liq: liq[0], cash_m60: r.liquiditaet?.endstand?.m60 })
const result = await computeFinanzplan(pool, scenarioId)
return NextResponse.json({ success: true, scenarioId, cash_m60: result.liquiditaet?.endstand?.m60 })
}

1
pitch-deck/middleware.ts
View File

@@ -6,7 +6,6 @@ const PUBLIC_PATHS = [
'/auth', // investor login pages
'/api/auth', // investor auth API
'/api/health',
'/api/admin/fp-patch',
'/api/admin-auth', // admin login API
'/pitch-admin/login', // admin login page
'/_next',