feat(pitch-deck): admin UI for investor + financial-model management (#3)

Adds /pitch-admin dashboard with real bcrypt admin accounts and full audit attribution for every state-changing action. - pitch_admins + pitch_admin_sessions tables (migration 002) - pitch_audit_logs.admin_id + target_investor_id columns - lib/admin-auth.ts: bcryptjs, single-session, jose JWT with audience claim - middleware.ts: two-cookie gating with bearer-secret CLI fallback - 14 new API routes (admin-auth, dashboard, investor detail/edit/resend, admins CRUD, fm scenarios + assumptions PATCH) - 9 admin pages: login, dashboard, investors list/new/[id], audit, financial-model list/[id], admins - Bootstrap CLI: npm run admin:create - 36 vitest tests covering auth, admin-auth, rate-limit primitives Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 10:36:16 +00:00
parent 645973141c
commit c7ab569b2b
41 changed files with 4850 additions and 69 deletions
--- a/pitch-deck/app/pitch-admin/(authed)/layout.tsx
+++ b/pitch-deck/app/pitch-admin/(authed)/layout.tsx
@@ -0,0 +1,18 @@
+import { redirect } from 'next/navigation'
+import { getAdminFromCookie } from '@/lib/admin-auth'
+import AdminShell from '@/components/pitch-admin/AdminShell'
+
+export const dynamic = 'force-dynamic'
+
+export default async function AuthedAdminLayout({ children }: { children: React.ReactNode }) {
+  const admin = await getAdminFromCookie()
+  if (!admin) {
+    redirect('/pitch-admin/login')
+  }
+
+  return (
+    <AdminShell admin={{ id: admin.id, email: admin.email, name: admin.name }}>
+      {children}
+    </AdminShell>
+  )
+}