mai
/
posimai-root
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
156 Commits 1 Branch 0 Tags 3.9 GiB
Commit Graph

5 Commits

Author SHA1 Message Date
posimai db0fd6a88e chore: *.vsix を .gitignore に追加、バイナリをgit管理外に 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-12 21:02:24 +09:00
posimai 9e6a2987ed fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 
- server.js: add escapeHtml() and apply to meta.title / error messages (XSS)
- server.js: add startup error log when JWT_SECRET uses insecure default
- posimai-dev/server.js: add URL validation to /api/check to block SSRF
  (blocks cloud metadata IPs, non-http/https protocols)
- ponshu_room_lite/tools/proxy/server.js: remove auth bypass when
  PROXY_AUTH_TOKEN is unset; server now exits on startup if token missing
- .gitignore: add *.sync-conflict-* to prevent Syncthing conflict files
- .stignore: create Syncthing ignore file to exclude .git, node_modules,
  .env from sync (fixes root cause of .git directory sync-conflict files)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 08:15:45 +09:00
posimai edea24a903 chore: add posimai-ui to .gitignore (individual repo) 2026-03-19 11:31:00 +09:00
posimai 47e7a2d79d docs: track docs/ in git, add api-key-architecture, remove stale handoffs 2026-03-19 11:07:12 +09:00
posimai 9e1a817ed6 chore: initial backup of root config, templates, and server source 
Backs up CLAUDE.md, _template/, deploy-server.sh, scripts/, server.js
to posimai-root repository for disaster recovery.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-17 17:19:20 +09:00