Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
645973141cc8f3f88af3150e87aabc355ff54cec
breakpilot-core/pitch-deck/app/api/snapshots/route.ts
Sharang Parnerkar 645973141c
All checks were successful
CI / test-go-consent (push) Successful in 27s
Details
CI / test-python-voice (push) Successful in 25s
Details
CI / test-bqas (push) Successful in 27s
Details
CI / Deploy (push) Successful in 6s
Details
CI / go-lint (push) Has been skipped
Details
CI / python-lint (push) Has been skipped
Details
CI / nodejs-lint (push) Has been skipped
Details
feat(pitch-deck): passwordless investor auth, audit logs, snapshots & PWA (#2) 
Adds investor-facing access controls, persistence, and PWA support to the pitch deck:

- Passwordless magic-link auth (jose JWT + nodemailer SMTP)
- Per-investor audit logging (logins, slide views, assumption changes, chat)
- Financial model snapshot persistence (auto-save/restore per investor)
- PWA support (manifest, service worker, offline caching, branded icons)
- Safeguards: email watermark overlay, security headers, content protection,
  rate limiting, IP/new-IP detection, single active session per investor
- Admin API: invite, list investors, revoke, query audit logs
- pitch-deck service added to docker-compose.coolify.yml

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-07 08:48:38 +00:00

73 lines
2.1 KiB
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server'
import pool from '@/lib/db'
import { getSessionFromCookie } from '@/lib/auth'
export async function GET() {
const session = await getSessionFromCookie()
if (!session) {
return NextResponse.json({ error: 'Not authenticated' }, { status: 401 })
}
const { rows } = await pool.query(
`SELECT id, scenario_id, assumptions, label, is_latest, created_at
FROM pitch_investor_snapshots
WHERE investor_id = $1 AND is_latest = true
ORDER BY created_at DESC`,
[session.sub]
)
return NextResponse.json({ snapshots: rows })
}
export async function POST(request: NextRequest) {
const session = await getSessionFromCookie()
if (!session) {
return NextResponse.json({ error: 'Not authenticated' }, { status: 401 })
}
const body = await request.json()
const { scenario_id, assumptions, label } = body
if (!scenario_id || !assumptions) {
return NextResponse.json({ error: 'scenario_id and assumptions required' }, { status: 400 })
}
// Mark previous latest as not latest
await pool.query(
`UPDATE pitch_investor_snapshots SET is_latest = false
WHERE investor_id = $1 AND scenario_id = $2 AND is_latest = true`,
[session.sub, scenario_id]
)
// Insert new snapshot
const { rows } = await pool.query(
`INSERT INTO pitch_investor_snapshots (investor_id, scenario_id, assumptions, label, is_latest)
VALUES ($1, $2, $3, $4, true)
RETURNING id, created_at`,
[session.sub, scenario_id, JSON.stringify(assumptions), label || null]
)
return NextResponse.json({ snapshot: rows[0] })
}
export async function DELETE(request: NextRequest) {
const session = await getSessionFromCookie()
if (!session) {
return NextResponse.json({ error: 'Not authenticated' }, { status: 401 })
}
const { searchParams } = new URL(request.url)
const id = searchParams.get('id')
if (!id) {
return NextResponse.json({ error: 'Snapshot id required' }, { status: 400 })
}
await pool.query(
`DELETE FROM pitch_investor_snapshots WHERE id = $1 AND investor_id = $2`,
[id, session.sub]
)
return NextResponse.json({ success: true })
}
Reference in New Issue View Git Blame Copy Permalink