feat(pitch-deck): admin UI for investor + financial-model management (#3)

Adds /pitch-admin dashboard with real bcrypt admin accounts and full audit attribution for every state-changing action. - pitch_admins + pitch_admin_sessions tables (migration 002) - pitch_audit_logs.admin_id + target_investor_id columns - lib/admin-auth.ts: bcryptjs, single-session, jose JWT with audience claim - middleware.ts: two-cookie gating with bearer-secret CLI fallback - 14 new API routes (admin-auth, dashboard, investor detail/edit/resend, admins CRUD, fm scenarios + assumptions PATCH) - 9 admin pages: login, dashboard, investors list/new/[id], audit, financial-model list/[id], admins - Bootstrap CLI: npm run admin:create - 36 vitest tests covering auth, admin-auth, rate-limit primitives Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 10:36:16 +00:00
parent 645973141c
commit c7ab569b2b
41 changed files with 4850 additions and 69 deletions
--- a/pitch-deck/lib/auth.ts
+++ b/pitch-deck/lib/auth.ts
@@ -148,13 +148,16 @@ export async function logAudit(
  details: Record<string, unknown> = {},
  request?: Request,
  slideId?: string,
-  sessionId?: string
+  sessionId?: string,
+  adminId?: string | null,
+  targetInvestorId?: string | null,
 ): Promise<void> {
  const ip = request ? getClientIp(request) : null
  const ua = request ? request.headers.get('user-agent') : null
  await pool.query(
-    `INSERT INTO pitch_audit_logs (investor_id, action, details, ip_address, user_agent, slide_id, session_id)
-     VALUES ($1, $2, $3, $4, $5, $6, $7)`,
-    [investorId, action, JSON.stringify(details), ip, ua, slideId, sessionId]
+    `INSERT INTO pitch_audit_logs
+       (investor_id, action, details, ip_address, user_agent, slide_id, session_id, admin_id, target_investor_id)
+     VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)`,
+    [investorId, action, JSON.stringify(details), ip, ua, slideId, sessionId, adminId ?? null, targetInvestorId ?? null]
  )
 }