feat(pitch-deck): admin UI for investor + financial-model management

Adds /pitch-admin dashboard with real admin accounts (bcrypt) and full audit attribution for every state-changing action. Backend: - pitch_admins + pitch_admin_sessions tables (migration 002) - pitch_audit_logs.admin_id + target_investor_id columns - lib/admin-auth.ts: bcryptjs hashing, single-session enforcement, jose JWT with 'pitch-admin' audience claim, requireAdmin guard - logAudit extended to accept admin_id and target_investor_id - middleware.ts: gates /pitch-admin/* and /api/admin/* on the admin cookie (with bearer-secret fallback for CLI compatibility) - 14 API routes under /api/admin-auth and /api/admin (login, logout, me, dashboard, investors[id] CRUD + resend, admins CRUD, fm scenarios + assumptions PATCH) - Existing /api/admin/{invite,investors,revoke,audit-logs} migrated to requireAdmin and now log with admin_id + target_investor_id - scripts/create-admin.ts CLI bootstrap (npm run admin:create) Frontend: - /pitch-admin/login + /pitch-admin/(authed) route group - AdminShell with sidebar nav + StatCard + AuditLogTable components - Dashboard with KPIs, recent logins, recent activity - Investors list with search/filter + resend/revoke inline actions - Investor detail with inline edit + per-investor audit timeline - Audit log viewer with actor/action/date filters + pagination - Financial model scenario list + per-scenario assumption editor (categorized, inline edit, before/after diff in audit) - Admins management (add, deactivate, reset password) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 11:27:18 +02:00
parent 645973141c
commit fc71439011
36 changed files with 3424 additions and 66 deletions
--- a/pitch-deck/app/api/admin-auth/login/route.ts
+++ b/pitch-deck/app/api/admin-auth/login/route.ts
@@ -0,0 +1,62 @@
+import { NextRequest, NextResponse } from 'next/server'
+import pool from '@/lib/db'
+import { verifyPassword, createAdminSession, setAdminCookie, logAdminAudit } from '@/lib/admin-auth'
+import { getClientIp } from '@/lib/auth'
+import { checkRateLimit, RATE_LIMITS } from '@/lib/rate-limit'
+
+export async function POST(request: NextRequest) {
+  const ip = getClientIp(request) || 'unknown'
+
+  // Reuse the auth-verify rate limit (10/IP/15min)
+  const rl = checkRateLimit(`admin-login:${ip}`, RATE_LIMITS.authVerify)
+  if (!rl.allowed) {
+    return NextResponse.json({ error: 'Too many attempts. Try again later.' }, { status: 429 })
+  }
+
+  const body = await request.json().catch(() => ({}))
+  const email = (body.email || '').trim().toLowerCase()
+  const password = body.password || ''
+
+  if (!email || !password) {
+    return NextResponse.json({ error: 'Email and password required' }, { status: 400 })
+  }
+
+  const { rows } = await pool.query(
+    `SELECT id, email, name, password_hash, is_active FROM pitch_admins WHERE email = $1`,
+    [email],
+  )
+
+  if (rows.length === 0) {
+    await logAdminAudit(null, 'admin_login_failed', { email, reason: 'unknown_email' }, request)
+    return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 })
+  }
+
+  const admin = rows[0]
+
+  if (!admin.is_active) {
+    await logAdminAudit(admin.id, 'admin_login_failed', { reason: 'inactive' }, request)
+    return NextResponse.json({ error: 'Account disabled' }, { status: 403 })
+  }
+
+  const ok = await verifyPassword(password, admin.password_hash)
+  if (!ok) {
+    await logAdminAudit(admin.id, 'admin_login_failed', { reason: 'wrong_password' }, request)
+    return NextResponse.json({ error: 'Invalid credentials' }, { status: 401 })
+  }
+
+  const ua = request.headers.get('user-agent')
+  const { jwt } = await createAdminSession(admin.id, ip, ua)
+  await setAdminCookie(jwt)
+
+  await pool.query(
+    `UPDATE pitch_admins SET last_login_at = NOW(), updated_at = NOW() WHERE id = $1`,
+    [admin.id],
+  )
+
+  await logAdminAudit(admin.id, 'admin_login_success', { email }, request)
+
+  return NextResponse.json({
+    success: true,
+    admin: { id: admin.id, email: admin.email, name: admin.name },
+  })
+}
--- a/pitch-deck/app/api/admin-auth/logout/route.ts
+++ b/pitch-deck/app/api/admin-auth/logout/route.ts
@@ -0,0 +1,17 @@
+import { NextRequest, NextResponse } from 'next/server'
+import {
+  getAdminPayloadFromCookie,
+  revokeAdminSession,
+  clearAdminCookie,
+  logAdminAudit,
+} from '@/lib/admin-auth'
+
+export async function POST(request: NextRequest) {
+  const payload = await getAdminPayloadFromCookie()
+  if (payload) {
+    await revokeAdminSession(payload.sessionId)
+    await logAdminAudit(payload.sub, 'admin_logout', {}, request)
+  }
+  await clearAdminCookie()
+  return NextResponse.json({ success: true })
+}
--- a/pitch-deck/app/api/admin-auth/me/route.ts
+++ b/pitch-deck/app/api/admin-auth/me/route.ts
@@ -0,0 +1,10 @@
+import { NextResponse } from 'next/server'
+import { getAdminFromCookie } from '@/lib/admin-auth'
+
+export async function GET() {
+  const admin = await getAdminFromCookie()
+  if (!admin) {
+    return NextResponse.json({ error: 'Not authenticated' }, { status: 401 })
+  }
+  return NextResponse.json({ admin })
+}