From a91e83bf5c575a4dd537adfe9f8d708dde52e389 Mon Sep 17 00:00:00 2001 From: posimai Date: Wed, 1 Apr 2026 07:57:27 +0900 Subject: [PATCH] fix: restrict session API to Tailscale network, clarify uptime label --- posimai-dev/server.js | 12 ++++++++++-- posimai-dev/station.html | 2 +- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/posimai-dev/server.js b/posimai-dev/server.js index 0a2e2f1a..36651273 100644 --- a/posimai-dev/server.js +++ b/posimai-dev/server.js @@ -19,8 +19,16 @@ if (!fs.existsSync(SESSIONS_DIR)) fs.mkdirSync(SESSIONS_DIR, { recursive: true } app.use(express.json()); app.use(express.static(path.join(__dirname))); +// セッション API 用ミドルウェア(Tailscale ネットワーク外からのアクセスを拒否) +function requireLocal(req, res, next) { + const ip = req.ip || req.connection.remoteAddress || ''; + const allowed = ip === '::1' || ip === '127.0.0.1' || ip.startsWith('100.'); + if (!allowed) return res.status(403).json({ error: 'forbidden' }); + next(); +} + // セッション一覧 API -app.get('/api/sessions', (req, res) => { +app.get('/api/sessions', requireLocal, (req, res) => { const files = fs.readdirSync(SESSIONS_DIR) .filter((f) => f.endsWith('.log')) .map((f) => { @@ -32,7 +40,7 @@ app.get('/api/sessions', (req, res) => { }); // セッション内容 API -app.get('/api/sessions/:id', (req, res) => { +app.get('/api/sessions/:id', requireLocal, (req, res) => { const file = path.join(SESSIONS_DIR, req.params.id + '.log'); if (!fs.existsSync(file)) return res.status(404).json({ error: 'not found' }); res.type('text/plain').send(fs.readFileSync(file, 'utf8')); diff --git a/posimai-dev/station.html b/posimai-dev/station.html index ee91d702..2c1ffd3e 100644 --- a/posimai-dev/station.html +++ b/posimai-dev/station.html @@ -508,7 +508,7 @@ function pushSvcHistory(id,ok){ const uptEl=document.getElementById(`upt-${id}`); if(uptEl&&h.length>0){ const pct=Math.round(h.filter(Boolean).length/h.length*100); - uptEl.textContent=`${pct}%`; + uptEl.textContent=`UP:${pct}%`; uptEl.className='service-uptime '+(pct===100?'full':pct>=60?'partial':'down'); } }