feat(pitch-deck): admin UI for investor + financial-model management (#3)

Adds /pitch-admin dashboard with real bcrypt admin accounts and full audit attribution for every state-changing action. - pitch_admins + pitch_admin_sessions tables (migration 002) - pitch_audit_logs.admin_id + target_investor_id columns - lib/admin-auth.ts: bcryptjs, single-session, jose JWT with audience claim - middleware.ts: two-cookie gating with bearer-secret CLI fallback - 14 new API routes (admin-auth, dashboard, investor detail/edit/resend, admins CRUD, fm scenarios + assumptions PATCH) - 9 admin pages: login, dashboard, investors list/new/[id], audit, financial-model list/[id], admins - Bootstrap CLI: npm run admin:create - 36 vitest tests covering auth, admin-auth, rate-limit primitives Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 10:36:16 +00:00
parent 645973141c
commit c7ab569b2b
41 changed files with 4850 additions and 69 deletions
--- a/pitch-deck/app/api/admin-auth/logout/route.ts
+++ b/pitch-deck/app/api/admin-auth/logout/route.ts
@@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from 'next/server'
+import {
+  getAdminPayloadFromCookie,
+  revokeAdminSession,
+  clearAdminCookie,
+  logAdminAudit,
+} from '@/lib/admin-auth'
+
+export async function POST(request: NextRequest) {
+  const payload = await getAdminPayloadFromCookie()
+  if (payload) {
+    await revokeAdminSession(payload.sessionId)
+    await logAdminAudit(payload.sub, 'admin_logout', {}, request)
+  }
+  await clearAdminCookie()
+  return NextResponse.json({ success: true })
+}