feat(pitch-deck): add passwordless investor auth, audit logs, snapshots & PWA

Implement a complete investor access system for the pitch deck: - Passwordless magic link auth (jose JWT + nodemailer SMTP) - Per-investor audit logging (slide views, assumption changes, chat) - Financial model snapshot persistence (auto-save/restore per investor) - PWA support (manifest, service worker, offline caching, icons) - Security safeguards (watermark overlay, rate limiting, anti-scraping headers, content protection, single-session enforcement) - Admin API for invite/revoke/audit-log management - Integrated into docker-compose.coolify.yml for production deployment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 09:37:50 +02:00
parent c433bc021e
commit f565dfdb15
35 changed files with 4232 additions and 14 deletions
--- a/pitch-deck/app/api/admin/invite/route.ts
+++ b/pitch-deck/app/api/admin/invite/route.ts
@@ -0,0 +1,68 @@
+import { NextRequest, NextResponse } from 'next/server'
+import pool from '@/lib/db'
+import { validateAdminSecret, generateToken, logAudit, getClientIp } from '@/lib/auth'
+import { sendMagicLinkEmail } from '@/lib/email'
+import { checkRateLimit, RATE_LIMITS } from '@/lib/rate-limit'
+
+export async function POST(request: NextRequest) {
+  if (!validateAdminSecret(request)) {
+    return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+  }
+
+  const body = await request.json()
+  const { email, name, company } = body
+
+  if (!email || typeof email !== 'string') {
+    return NextResponse.json({ error: 'Email required' }, { status: 400 })
+  }
+
+  // Rate limit by email
+  const rl = checkRateLimit(`magic-link:${email.toLowerCase()}`, RATE_LIMITS.magicLink)
+  if (!rl.allowed) {
+    return NextResponse.json({ error: 'Too many invites for this email. Try again later.' }, { status: 429 })
+  }
+
+  const normalizedEmail = email.toLowerCase().trim()
+
+  // Upsert investor
+  const { rows } = await pool.query(
+    `INSERT INTO pitch_investors (email, name, company)
+     VALUES ($1, $2, $3)
+     ON CONFLICT (email) DO UPDATE SET
+       name = COALESCE(EXCLUDED.name, pitch_investors.name),
+       company = COALESCE(EXCLUDED.company, pitch_investors.company),
+       status = CASE WHEN pitch_investors.status = 'revoked' THEN 'invited' ELSE pitch_investors.status END,
+       updated_at = NOW()
+     RETURNING id, status`,
+    [normalizedEmail, name || null, company || null]
+  )
+
+  const investor = rows[0]
+
+  // Generate magic link
+  const token = generateToken()
+  const ttlHours = parseInt(process.env.MAGIC_LINK_TTL_HOURS || '72')
+  const expiresAt = new Date(Date.now() + ttlHours * 60 * 60 * 1000)
+
+  await pool.query(
+    `INSERT INTO pitch_magic_links (investor_id, token, expires_at)
+     VALUES ($1, $2, $3)`,
+    [investor.id, token, expiresAt]
+  )
+
+  // Build magic link URL
+  const baseUrl = process.env.PITCH_BASE_URL || 'https://pitch.breakpilot.ai'
+  const magicLinkUrl = `${baseUrl}/auth/verify?token=${token}`
+
+  // Send email
+  await sendMagicLinkEmail(normalizedEmail, name || null, magicLinkUrl)
+
+  await logAudit(investor.id, 'magic_link_sent', { email: normalizedEmail }, request)
+
+  return NextResponse.json({
+    success: true,
+    investor_id: investor.id,
+    email: normalizedEmail,
+    expires_at: expiresAt.toISOString(),
+  })
+}