mai
/
posimai-root
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
108 Commits 1 Branch 0 Tags 3.9 GiB
Commit Graph

18 Commits

Author SHA1 Message Date
posimai d6f7b487d0 fix: security hardening for commercial release 
- Fix OAuth (Google/GitHub) DB column bug: SELECT id → SELECT user_id
- Add OAuth CSRF protection via state parameter (Google + GitHub)
- Restrict /health endpoint: detailed info requires authentication
- Add in-memory rate limiter utility (checkRateLimit)
- Add rate limit to passkey login/begin: 10 req/min per IP
- Add rate limit to Gemini AI analysis: 50 articles/hour per user
- Add rate limit to journal suggest-tags: 10 req/hour per user
- Update posimai-dev /api/vps-health proxy to send VPS_API_KEY header

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 23:04:20 +09:00
posimai 9e6a2987ed fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 
- server.js: add escapeHtml() and apply to meta.title / error messages (XSS)
- server.js: add startup error log when JWT_SECRET uses insecure default
- posimai-dev/server.js: add URL validation to /api/check to block SSRF
  (blocks cloud metadata IPs, non-http/https protocols)
- ponshu_room_lite/tools/proxy/server.js: remove auth bypass when
  PROXY_AUTH_TOKEN is unset; server now exits on startup if token missing
- .gitignore: add *.sync-conflict-* to prevent Syncthing conflict files
- .stignore: create Syncthing ignore file to exclude .git, node_modules,
  .env from sync (fixes root cause of .git directory sync-conflict files)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 08:15:45 +09:00
posimai 6c3f4b7e07 fix: load .env at startup, fix vercel created field, services 3-col, vps no binbar 2026-04-02 20:40:15 +09:00
posimai 3d1d599fd6 fix: merge machines panel 4-col layout, fix vps-health ok field 2026-04-02 20:33:21 +09:00
posimai f5817eb156 feat: vercel deploy status in ecosystem bar, deploy rule in CLAUDE.md 2026-04-02 20:04:39 +09:00
posimai f2ef81fb7b fix: proxy VPS health via /api/vps-health to avoid browser cert errors 2026-04-02 19:28:19 +09:00
posimai 465c943e0a feat: Phase 1 cockpit — net I/O, CPU temp, Gitea commit, keyboard shortcuts, CRIT aurora shift 
server.js: add net delta (rx/tx KB/s), CPU temp, /api/gitea-commit proxy.
station-b: net/temp in Ubuntu PC panel, ecosystem bar with latest Gitea
commit, CRIT aurora hue shift (gradual 3s transition to red, then back),
keyboard shortcuts R=refresh B=Design-A F=fullscreen.
station-a: same additions except canvas CRIT effect.
 2026-04-02 16:45:45 +09:00
posimai b355e23b63 feat: station full-width binary footer, colored 0, Design B binary curtain aurora 2026-04-02 09:36:08 +09:00
posimai 1aede6418d fix: add /station and /sessions route aliases 2026-04-01 14:59:04 +09:00
posimai a91e83bf5c fix: restrict session API to Tailscale network, clarify uptime label 2026-04-01 07:57:27 +09:00
posimai 15b87f3722 fix: proxy HTTP health checks via server to avoid mixed-content block 
- Add /api/check?url= endpoint to server.js for server-side HTTP checks
- Gitea and Syncthing use proxy:true to route through this endpoint
- Fixes Gitea/Syncthing showing DOWN due to https→http mixed content

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 21:24:13 +09:00
posimai e5f9c30d1e fix: handle destroyed logStream in pty, update kiosk URL to https:3333 2026-03-31 13:37:38 +09:00
posimai af8707644f feat(station): add disk, load average, alert banner to system monitor 
server.js: /api/health now includes disk usage (df -B1 /) and load_avg
(os.loadavg) + cpu_count. station.html: disk bar, load average chips
with warn/crit coloring vs cpu count, alert banner highlights issues.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 10:02:55 +09:00
posimai 6c138981a7 fix(posimai-dev): accurate cpu_pct via 100ms dual-sample diff 
Single snapshot returns lifetime average (near 0 on idle systems).
Two samples 100ms apart gives real-time cpu usage per core, then averaged.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 07:50:16 +09:00
posimai c09d5defd3 feat(posimai-dev): add /api/health endpoint with CORS 
Returns cpu_pct, mem_used_mb, mem_total_mb, uptime_s, active_sessions, hostname, node_version, platform, timestamp.
Enables Atlas and other Tailscale-accessible clients to pull realtime Ubuntu PC metrics.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 07:48:01 +09:00
posimai 1a00108255 feat(posimai-dev): add sessions viewer, chat bar, Claude button, session logging 
- sessions.html: ANSI-stripped log viewer with card list, clickable to expand
- index.html: chat input bar (mobile-friendly), Claude 開始 button, session badge, glassmorphism header
- server.js: session logging to ~/posimai-dev-sessions/, auto-cd to posimai-project, sessions REST API

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 00:42:16 +09:00
posimai f38b76a9e9 feat: auto-detect Tailscale cert for HTTPS 2026-03-30 23:45:25 +09:00
posimai 6f58397f89 feat: add posimai-dev — self-hosted terminal portal with xterm.js 2026-03-30 23:23:28 +09:00