feat(pitch-deck): add passwordless investor auth, audit logs, snapshots & PWA

Implement a complete investor access system for the pitch deck: - Passwordless magic link auth (jose JWT + nodemailer SMTP) - Per-investor audit logging (slide views, assumption changes, chat) - Financial model snapshot persistence (auto-save/restore per investor) - PWA support (manifest, service worker, offline caching, icons) - Security safeguards (watermark overlay, rate limiting, anti-scraping headers, content protection, single-session enforcement) - Admin API for invite/revoke/audit-log management - Integrated into docker-compose.coolify.yml for production deployment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 09:37:50 +02:00
parent c433bc021e
commit f565dfdb15
35 changed files with 4232 additions and 14 deletions
--- a/pitch-deck/app/api/auth/logout/route.ts
+++ b/pitch-deck/app/api/auth/logout/route.ts
@@ -0,0 +1,14 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { getSessionFromCookie, revokeSession, clearSessionCookie, logAudit } from '@/lib/auth'
+
+export async function POST(request: NextRequest) {
+  const session = await getSessionFromCookie()
+
+  if (session) {
+    await revokeSession(session.sessionId)
+    await logAudit(session.sub, 'logout', {}, request, undefined, session.sessionId)
+  }
+
+  await clearSessionCookie()
+  return NextResponse.json({ success: true })
+}