fix: restrict session API to Tailscale network, clarify uptime label

posimai-dev/server.js

@@ -19,8 +19,16 @@ if (!fs.existsSync(SESSIONS_DIR)) fs.mkdirSync(SESSIONS_DIR, { recursive: true }
 app.use(express.json());
 app.use(express.static(path.join(__dirname)));
 
+// セッション API 用ミドルウェア（Tailscale ネットワーク外からのアクセスを拒否）
+function requireLocal(req, res, next) {
+  const ip = req.ip || req.connection.remoteAddress || '';
+  const allowed = ip === '::1' || ip === '127.0.0.1' || ip.startsWith('100.');
+  if (!allowed) return res.status(403).json({ error: 'forbidden' });
+  next();
+}
+
 // セッション一覧 API
-app.get('/api/sessions', (req, res) => {
+app.get('/api/sessions', requireLocal, (req, res) => {
   const files = fs.readdirSync(SESSIONS_DIR)
     .filter((f) => f.endsWith('.log'))
     .map((f) => {
@@ -32,7 +40,7 @@ app.get('/api/sessions', (req, res) => {
 });
 
 // セッション内容 API
-app.get('/api/sessions/:id', (req, res) => {
+app.get('/api/sessions/:id', requireLocal, (req, res) => {
   const file = path.join(SESSIONS_DIR, req.params.id + '.log');
   if (!fs.existsSync(file)) return res.status(404).json({ error: 'not found' });
   res.type('text/plain').send(fs.readFileSync(file, 'utf8'));

posimai-dev/station.html

@@ -508,7 +508,7 @@ function pushSvcHistory(id,ok){
     const uptEl=document.getElementById(`upt-${id}`);
     if(uptEl&&h.length>0){
         const pct=Math.round(h.filter(Boolean).length/h.length*100);
-        uptEl.textContent=`${pct}%`;
+        uptEl.textContent=`UP:${pct}%`;
         uptEl.className='service-uptime '+(pct===100?'full':pct>=60?'partial':'down');
     }
 }