feat(pitch-deck): passwordless investor auth, audit logs, snapshots & PWA (#2)

Adds investor-facing access controls, persistence, and PWA support to the pitch deck: - Passwordless magic-link auth (jose JWT + nodemailer SMTP) - Per-investor audit logging (logins, slide views, assumption changes, chat) - Financial model snapshot persistence (auto-save/restore per investor) - PWA support (manifest, service worker, offline caching, branded icons) - Safeguards: email watermark overlay, security headers, content protection, rate limiting, IP/new-IP detection, single active session per investor - Admin API: invite, list investors, revoke, query audit logs - pitch-deck service added to docker-compose.coolify.yml Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 08:48:38 +00:00
parent 3a2567b44d
commit 645973141c
35 changed files with 4232 additions and 14 deletions
--- a/pitch-deck/lib/hooks/useAuth.ts
+++ b/pitch-deck/lib/hooks/useAuth.ts
@@ -0,0 +1,43 @@
+'use client'
+
+import { useState, useEffect, useCallback } from 'react'
+
+export interface Investor {
+  id: string
+  email: string
+  name: string | null
+  company: string | null
+  status: string
+  last_login_at: string | null
+  login_count: number
+  created_at: string
+}
+
+export function useAuth() {
+  const [investor, setInvestor] = useState<Investor | null>(null)
+  const [loading, setLoading] = useState(true)
+
+  useEffect(() => {
+    async function fetchMe() {
+      try {
+        const res = await fetch('/api/auth/me')
+        if (res.ok) {
+          const data = await res.json()
+          setInvestor(data.investor)
+        }
+      } catch {
+        // Not authenticated
+      } finally {
+        setLoading(false)
+      }
+    }
+    fetchMe()
+  }, [])
+
+  const logout = useCallback(async () => {
+    await fetch('/api/auth/logout', { method: 'POST' })
+    window.location.href = '/auth'
+  }, [])
+
+  return { investor, loading, logout }
+}