Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(pitch-deck): admin UI for investor + financial-model management
Some checks failed
CI / Deploy (pull_request) Has been skipped
Details
CI / go-lint (pull_request) Failing after 2s
Details
CI / python-lint (pull_request) Failing after 11s
Details
CI / nodejs-lint (pull_request) Failing after 2s
Details
CI / test-go-consent (pull_request) Failing after 2s
Details
CI / test-python-voice (pull_request) Failing after 9s
Details
CI / test-bqas (pull_request) Failing after 8s
Details

Browse Source 
Adds /pitch-admin dashboard with real admin accounts (bcrypt) and full
audit attribution for every state-changing action.

Backend:
- pitch_admins + pitch_admin_sessions tables (migration 002)
- pitch_audit_logs.admin_id + target_investor_id columns
- lib/admin-auth.ts: bcryptjs hashing, single-session enforcement,
  jose JWT with 'pitch-admin' audience claim, requireAdmin guard
- logAudit extended to accept admin_id and target_investor_id
- middleware.ts: gates /pitch-admin/* and /api/admin/* on the admin
  cookie (with bearer-secret fallback for CLI compatibility)
- 14 API routes under /api/admin-auth and /api/admin (login, logout,
  me, dashboard, investors[id] CRUD + resend, admins CRUD,
  fm scenarios + assumptions PATCH)
- Existing /api/admin/{invite,investors,revoke,audit-logs} migrated
  to requireAdmin and now log with admin_id + target_investor_id
- scripts/create-admin.ts CLI bootstrap (npm run admin:create)

Frontend:
- /pitch-admin/login + /pitch-admin/(authed) route group
- AdminShell with sidebar nav + StatCard + AuditLogTable components
- Dashboard with KPIs, recent logins, recent activity
- Investors list with search/filter + resend/revoke inline actions
- Investor detail with inline edit + per-investor audit timeline
- Audit log viewer with actor/action/date filters + pagination
- Financial model scenario list + per-scenario assumption editor
  (categorized, inline edit, before/after diff in audit)
- Admins management (add, deactivate, reset password)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Sharang Parnerkar
2026-04-07 11:27:18 +02:00
parent 645973141c
commit fc71439011
36 changed files with 3424 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
pitch-deck/app/api/admin/revoke/route.ts
View File

@@ -1,26 +1,32 @@
import { NextRequest, NextResponse } from 'next/server'
import pool from '@/lib/db'
import { validateAdminSecret, revokeAllSessions, logAudit } from '@/lib/auth'
import { revokeAllSessions } from '@/lib/auth'
import { requireAdmin, logAdminAudit } from '@/lib/admin-auth'
export async function POST(request: NextRequest) {
if (!validateAdminSecret(request)) {
return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
}
const guard = await requireAdmin(request)
if (guard.kind === 'response') return guard.response
const adminId = guard.kind === 'admin' ? guard.admin.id : null
const body = await request.json()
const body = await request.json().catch(() => ({}))
const { investor_id } = body
if (!investor_id) {
return NextResponse.json({ error: 'investor_id required' }, { status: 400 })
}
await pool.query(
`UPDATE pitch_investors SET status = 'revoked', updated_at = NOW() WHERE id = $1`,
[investor_id]
const { rows } = await pool.query(
`UPDATE pitch_investors SET status = 'revoked', updated_at = NOW()
WHERE id = $1 RETURNING email`,
[investor_id],
)
if (rows.length === 0) {
return NextResponse.json({ error: 'Investor not found' }, { status: 404 })
}
await revokeAllSessions(investor_id)
await logAudit(investor_id, 'investor_revoked', {}, request)
await logAdminAudit(adminId, 'investor_revoked', { email: rows[0].email }, request, investor_id)
return NextResponse.json({ success: true })
}