Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: re-secure fp-patch
All checks were successful
Build pitch-deck / build-push-deploy (push) Successful in 1m1s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
CI / test-go-consent (push) Successful in 27s
Details
CI / test-python-voice (push) Successful in 32s
Details
CI / test-bqas (push) Successful in 30s
Details

Browse Source
This commit is contained in:
Benjamin Admin
2026-04-22 16:13:03 +02:00
parent 78788a89ba
commit f94974c438
2 changed files with 11 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
pitch-deck/app/api/admin/fp-patch/route.ts
View File

@@ -1,39 +1,17 @@
import { NextResponse } from 'next/server'
import { NextRequest, NextResponse } from 'next/server'
import { requireAdmin } from '@/lib/admin-auth'
import pool from '@/lib/db'
import { computeFinanzplan } from '@/lib/finanzplan/engine'
export async function POST() {
const WD = 'c0000000-0000-0000-0000-000000000200'
const results: string[] = []
/** Admin-only: recompute a Finanzplan scenario. */
export async function POST(request: NextRequest) {
const guard = await requireAdmin(request)
if (guard.kind === 'response') return guard.response
// Re-add KFZ-Steuern and KFZ-Versicherung with values from m25 only
const steuern = Object.fromEntries(Array.from({length:36},(_,i)=>[`m${i+25}`,45]))
const versicherung = Object.fromEntries(Array.from({length:36},(_,i)=>[`m${i+25}`,300]))
const body = await request.json().catch(() => ({}))
const scenarioId = body.scenarioId || (await pool.query("SELECT id FROM fp_scenarios WHERE is_default = true LIMIT 1")).rows[0]?.id
if (!scenarioId) return NextResponse.json({ error: 'No scenario found' }, { status: 404 })
for (const [label, vals] of [['KFZ-Steuern', steuern], ['KFZ-Versicherung', versicherung]] as [string, Record<string,number>][]) {
const { rows } = await pool.query(`SELECT id FROM fp_betriebliche_aufwendungen WHERE scenario_id=$1 AND row_label=$2`, [WD, label])
if (rows.length === 0) {
await pool.query(`INSERT INTO fp_betriebliche_aufwendungen (scenario_id, category, row_label, row_index, is_editable, is_sum_row, values, sort_order) VALUES ($1, 'fahrzeug', $2, 25, true, false, $3, 25)`, [WD, label, JSON.stringify(vals)])
results.push(`ADDED ${label}`)
} else {
await pool.query(`UPDATE fp_betriebliche_aufwendungen SET values=$1 WHERE id=$2`, [JSON.stringify(vals), rows[0].id])
results.push(`UPDATED ${label}`)
}
}
// Also delete any leftover old formula rows
const { rowCount } = await pool.query(`DELETE FROM fp_betriebliche_aufwendungen WHERE scenario_id=$1 AND row_label IN ('KFZ-Steuern (F)', 'KFZ-Versicherung (F)', 'Fahrzeugkosten (F)')`, [WD])
if (rowCount && rowCount > 0) results.push(`DELETED ${rowCount} old formula rows`)
// Add Fahrzeugkosten header if missing
const { rows: hdr } = await pool.query(`SELECT id FROM fp_betriebliche_aufwendungen WHERE scenario_id=$1 AND category='fahrzeug' AND is_sum_row=true`, [WD])
if (hdr.length === 0) {
await pool.query(`INSERT INTO fp_betriebliche_aufwendungen (scenario_id, category, row_label, row_index, is_editable, is_sum_row, values, sort_order) VALUES ($1, 'fahrzeug', 'Fahrzeugkosten', 20, false, true, '{}', 20)`, [WD])
results.push('ADDED Fahrzeugkosten header')
}
const r = await computeFinanzplan(pool, WD)
results.push(`cash_m60=${r.liquiditaet?.endstand?.m60}`)
return NextResponse.json({ ok: true, results })
const result = await computeFinanzplan(pool, scenarioId)
return NextResponse.json({ success: true, scenarioId, cash_m60: result.liquiditaet?.endstand?.m60 })
}

1
pitch-deck/middleware.ts
View File

@@ -6,7 +6,6 @@ const PUBLIC_PATHS = [
'/auth', // investor login pages
'/api/auth', // investor auth API
'/api/health',
'/api/admin/fp-patch',
'/api/admin-auth', // admin login API
'/pitch-admin/login', // admin login page
'/_next',