mai
/
posimai-root
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
165 Commits 1 Branch 0 Tags 3.9 GiB
Commit Graph

165 Commits

Author SHA1 Message Date
posimai 3a1b6cff1e chore: add Uptime Kuma to station services, 3-col grid 2026-04-05 22:19:22 +09:00
posimai 2e326605cb feat: include plan in JWT, update session/verify to use plan column 2026-04-05 15:03:04 +09:00
posimai 8fdcb65f4b fix: skip express.json for stripe webhook to preserve raw body 2026-04-05 14:54:39 +09:00
posimai 955da8899b fix: allow server-to-server requests to /health without CORS block 2026-04-05 14:02:55 +09:00
posimai 8e9f232dba feat: stripe webhook plan upgrade/downgrade, add plan/subscription columns 2026-04-05 14:01:41 +09:00
posimai c7b6d0b2d3 feat: add Feed background RSS fetch job and /feed/articles endpoint 2026-04-05 12:29:48 +09:00
posimai ac8cc6db81 fix: security hardening round 2 
- CORS: origin=null now rejected (was: allowed as same-origin)
- CORS: regex tightened to [\w-]+ to prevent subdomain bypass
- CORS: add *.posimai.soar-enrich.com and posimai.soar-enrich.com explicitly
- Stripe webhook: fix regex capture groups + add uppercase hex support

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-05 03:01:06 +09:00
posimai 0590d0995d feat: Stripe Webhook + purchase gate 
- Add POST /api/stripe/webhook (signature verification, no stripe SDK)
- Add purchased_at + stripe_session_id columns to users table (migration)
- Add purchaseMiddleware (apikey users bypass, JWT users check purchased_at)
- Update /auth/session/verify to return purchased status

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-05 02:22:18 +09:00
posimai c53abecbca redesign: posimai-store index-c dark theme, minimal layout 
- Dark theme (#0D0D0D) aligned with all Posimai apps
- Single clear CTA: Posimai Pass 500yen buy-once
- 3-step flow (Stripe to login to use)
- 6 Phase1 apps listed
- Removed Ponshu Room as featured (separate LP later)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-05 02:18:47 +09:00
posimai d6f7b487d0 fix: security hardening for commercial release 
- Fix OAuth (Google/GitHub) DB column bug: SELECT id → SELECT user_id
- Add OAuth CSRF protection via state parameter (Google + GitHub)
- Restrict /health endpoint: detailed info requires authentication
- Add in-memory rate limiter utility (checkRateLimit)
- Add rate limit to passkey login/begin: 10 req/min per IP
- Add rate limit to Gemini AI analysis: 50 articles/hour per user
- Add rate limit to journal suggest-tags: 10 req/hour per user
- Update posimai-dev /api/vps-health proxy to send VPS_API_KEY header

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 23:04:20 +09:00
posimai e4ec2c1226 fix: add --no-verify-jwt to together-archive deploy for Database Webhook auth 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 21:05:46 +09:00
posimai 09ebd18b1e feat: add Google and GitHub OAuth login endpoints 2026-04-04 17:25:26 +09:00
posimai 1f5ae79f11 docs: compress CLAUDE.md/AGENTS.md — remove redundancy, ~40% token reduction 
- 散文説明をコード内コメントに統合
- セクション5を3箇条→1文に圧縮
- 重複する注意書き削除
- 両ファイルを同一内容に統一

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 16:36:38 +09:00
posimai 3551070812 docs: add meta-rule — new behavior rules must be written to CLAUDE.md immediately 
セッション中に決まったルールを memory のみに書いて CLAUDE.md に反映されない問題を防ぐ。
AI が行動ルールを memory に書く際は同時に CLAUDE.md/AGENTS.md にも追記することを義務化。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 16:29:27 +09:00
posimai b502ea8906 docs: add Gitea auto-create rule to CLAUDE.md and AGENTS.md 
Gitea リポジトリ自律作成(手動案内禁止)を禁止事項テーブルに追加。
memory のみ記録だったため他 AI ツールに引き継がれていなかった問題を修正。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 14:29:42 +09:00
posimai 7a12d520a7 docs: add deploy-edge.sh rule to CLAUDE.md and AGENTS.md, sync both files 
- Edge Function デプロイ手順(bash deploy-edge.sh)を両ファイルに追記
- AGENTS.md に posimai-dev の deploy:dev ルールを追加(CLAUDE.md と同期)
- AGENTS.md の末尾注意書きを CLAUDE.md と統一

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 14:28:23 +09:00
posimai 256d8b0ea4 fix: deploy-edge.sh handle UTF-16 encoded token file 
Windows で保存された UTF-16 ファイルの null バイト・BOM を除去して正しくトークンを読み込む

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 14:25:27 +09:00
posimai 9b1334747b feat: add deploy-edge.sh for Supabase Edge Function auto-deploy 
~/.supabase-token からトークンを読み込み自律デプロイ可能に。
初回のみユーザーがトークンをファイルに書く必要あり。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 14:22:55 +09:00
posimai 3ecdb23a29 feat: diary VPS cloud sync — generate-post fetches from VPS, memory-push.sh HOME fix 2026-04-03 15:53:26 +09:00
posimai 0540e24e67 feat: diary offline reconnect button + start-diary-server.bat 2026-04-03 13:15:27 +09:00
posimai 9e6a2987ed fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 
- server.js: add escapeHtml() and apply to meta.title / error messages (XSS)
- server.js: add startup error log when JWT_SECRET uses insecure default
- posimai-dev/server.js: add URL validation to /api/check to block SSRF
  (blocks cloud metadata IPs, non-http/https protocols)
- ponshu_room_lite/tools/proxy/server.js: remove auth bypass when
  PROXY_AUTH_TOKEN is unset; server now exits on startup if token missing
- .gitignore: add *.sync-conflict-* to prevent Syncthing conflict files
- .stignore: create Syncthing ignore file to exclude .git, node_modules,
  .env from sync (fixes root cause of .git directory sync-conflict files)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-03 08:15:45 +09:00
posimai 4bd098251f fix: remove ubuntu pc binbars, reduce machines gap to 8px 2026-04-03 00:56:32 +09:00
posimai 772de39ce8 fix: machines no scroll - remove margin-top:auto, 320px, 3-col statgrid 2026-04-03 00:12:16 +09:00
posimai 55f36f5ad5 fix: services fixed 460px, vitals 1fr for wider layout 2026-04-03 00:03:58 +09:00
posimai 74959df0e8 fix: service cards fill height, unify cpu labels 2026-04-02 21:14:53 +09:00
posimai 32038e2e0c fix: services 2-col 3-row, vitals wider 300px, rings larger 2026-04-02 21:06:32 +09:00
posimai 6c3f4b7e07 fix: load .env at startup, fix vercel created field, services 3-col, vps no binbar 2026-04-02 20:40:15 +09:00
posimai 3d1d599fd6 fix: merge machines panel 4-col layout, fix vps-health ok field 2026-04-02 20:33:21 +09:00
posimai f5817eb156 feat: vercel deploy status in ecosystem bar, deploy rule in CLAUDE.md 2026-04-02 20:04:39 +09:00
posimai 90ac87db41 fix: Posimai API check via /api/vps-health proxy, add favicon 2026-04-02 19:36:18 +09:00
posimai 759915eb01 feat: add deploy-dev.sh — scp + restart bypasses Syncthing lag 2026-04-02 19:34:51 +09:00
posimai f2ef81fb7b fix: proxy VPS health via /api/vps-health to avoid browser cert errors 2026-04-02 19:28:19 +09:00
posimai 5cbf66d613 feat: add VPS panel (5-column layout), real-time VPS metrics from api.soar-enrich.com 2026-04-02 19:20:05 +09:00
posimai 8d9f4e22b0 feat: extend /health endpoint with OS metrics for Station cockpit 2026-04-02 19:18:14 +09:00
posimai 465c943e0a feat: Phase 1 cockpit — net I/O, CPU temp, Gitea commit, keyboard shortcuts, CRIT aurora shift 
server.js: add net delta (rx/tx KB/s), CPU temp, /api/gitea-commit proxy.
station-b: net/temp in Ubuntu PC panel, ecosystem bar with latest Gitea
commit, CRIT aurora hue shift (gradual 3s transition to red, then back),
keyboard shortcuts R=refresh B=Design-A F=fullscreen.
station-a: same additions except canvas CRIT effect.
 2026-04-02 16:45:45 +09:00
posimai f726b4b9af fix: rebuild station-b from station.html base, only canvas background differs 2026-04-02 14:14:50 +09:00
posimai 70c983f1e7 fix: remove binary footer tape from station-b, restore bottom flex row 2026-04-02 14:09:39 +09:00
posimai a30beab925 fix: revert station to a91e83b baseline, restore layout integrity 
station.html: reverted to last known-good state (a91e83b), with only
two minimal changes: bit-0 color tweak and Design B link in footer.
Binary footer tape removed as it caused #bottom height expansion that
crushed #middle grid row.
station-b.html: restore service-grid to auto-fill, reduce app padding
to give #middle more room.
 2026-04-02 14:02:00 +09:00
posimai 790bdd6a9b fix: service-grid repeat(3) fixed columns, clock weight/color explicit 
service-grid: auto-fill was creating 6 columns at wide viewports (1920px+)
putting all cards in one row. Changed to repeat(3,1fr) for always 3-column
2-row layout regardless of screen width.
station.html clock: font-weight 300→400, explicit color:var(--text) to
ensure visibility against dark background.
 2026-04-02 11:33:58 +09:00
posimai c2c70b35e5 fix: restore service-grid auto-fill columns, station-b header backdrop 
Both station.html and station-b.html: restore .service-grid to
display:grid with repeat(auto-fill,minmax(168px,1fr)) — the multi-column
layout that was incorrectly changed to flex-column in the previous fix.
station-b.html: add dark backdrop-filter panel to #top so clock and
hostname text are readable over the binary rain canvas background.
 2026-04-02 11:20:21 +09:00
posimai 9a37540857 fix: service-grid flex layout and station-b forEach arrow syntax error 
station.html: revert .service-grid to flex-column (was accidentally set
to grid auto-fill causing horizontal card layout and missing clock).
station-b.html: add missing => in cols.forEach callback that crashed
the entire script, preventing data load and canvas aurora animation.
 2026-04-02 10:20:53 +09:00
posimai b355e23b63 feat: station full-width binary footer, colored 0, Design B binary curtain aurora 2026-04-02 09:36:08 +09:00
posimai 1aede6418d fix: add /station and /sessions route aliases 2026-04-01 14:59:04 +09:00
posimai a91e83bf5c fix: restrict session API to Tailscale network, clarify uptime label 2026-04-01 07:57:27 +09:00
posimai 34f5acbbc9 fix: resolve loadAvg is not defined ReferenceError in updateStream 2026-03-31 22:13:01 +09:00
posimai 0113a5d777 feat: binary bars, sparkline, full-metrics binary ticker 
- CPU/MEM/DISK bars replaced with 20-cell binary bars (1=filled, 0=empty)
- Service cards: latency bar removed, mini sparkline with gradient area added
- Footer ticker: all metrics as binary tape (CPU/MEM/DISK/LOAD/UP/SESSION/TIME/IP/HOST)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 22:03:13 +09:00
posimai df1a41560b feat: add binary representation of CPU/MEM/DISK metrics under progress bars 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 21:48:09 +09:00
posimai eb2d8877c5 fix: atlas mixed-content, station footer URL, service card uptime+latency bar 
- atlas: skip http:// health_url from https context
- station: dashboard footer link → posimai.soar-enrich.com
- station: service cards add uptime %, latency bar, updateLatencyBar fn

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 21:42:58 +09:00
posimai 0bd747ebd2 chore: increase station font sizes for HDMI monitor readability 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 21:32:47 +09:00
posimai 15b87f3722 fix: proxy HTTP health checks via server to avoid mixed-content block 
- Add /api/check?url= endpoint to server.js for server-side HTTP checks
- Gitea and Syncthing use proxy:true to route through this endpoint
- Fixes Gitea/Syncthing showing DOWN due to https→http mixed content

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-31 21:24:13 +09:00