Benjamin_Boenisch/breakpilot-core
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f565dfdb1574539989edfd21d2811ad110cfad23
breakpilot-core/pitch-deck/app/api/audit/route.ts
Sharang Parnerkar f565dfdb15
Some checks failed
CI / go-lint (pull_request) Failing after 17s
Details
CI / python-lint (pull_request) Failing after 12s
Details
CI / nodejs-lint (pull_request) Failing after 7s
Details
CI / test-go-consent (pull_request) Failing after 11s
Details
CI / test-python-voice (pull_request) Failing after 11s
Details
CI / test-bqas (pull_request) Failing after 11s
Details
CI / Deploy (pull_request) Has been skipped
Details
feat(pitch-deck): add passwordless investor auth, audit logs, snapshots & PWA 
Implement a complete investor access system for the pitch deck:

- Passwordless magic link auth (jose JWT + nodemailer SMTP)
- Per-investor audit logging (slide views, assumption changes, chat)
- Financial model snapshot persistence (auto-save/restore per investor)
- PWA support (manifest, service worker, offline caching, icons)
- Security safeguards (watermark overlay, rate limiting, anti-scraping
  headers, content protection, single-session enforcement)
- Admin API for invite/revoke/audit-log management
- Integrated into docker-compose.coolify.yml for production deployment

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-05 09:37:50 +02:00

27 lines
954 B
TypeScript
Raw Blame History

import { NextRequest, NextResponse } from 'next/server'
import { getSessionFromCookie, logAudit } from '@/lib/auth'
export async function POST(request: NextRequest) {
const session = await getSessionFromCookie()
if (!session) {
return NextResponse.json({ error: 'Not authenticated' }, { status: 401 })
}
const body = await request.json()
const { action, details, slide_id } = body
if (!action || typeof action !== 'string') {
return NextResponse.json({ error: 'action required' }, { status: 400 })
}
// Only allow known client-side actions
const allowedActions = ['slide_viewed', 'assumption_changed', 'chat_message_sent', 'snapshot_saved', 'snapshot_restored']
if (!allowedActions.includes(action)) {
return NextResponse.json({ error: 'Invalid action' }, { status: 400 })
}
await logAudit(session.sub, action, details || {}, request, slide_id, session.sessionId)
return NextResponse.json({ success: true })
}
Reference in New Issue View Git Blame Copy Permalink