mai
/
posimai-root
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
202 Commits 1 Branch 0 Tags 3.9 GiB
Commit Graph

202 Commits

Author SHA1 Message Date
posimai 9e6178791f feat: VS Code拡張 posimai-guard-ext v0.1.0 を追加 
Gemini直接呼び出し(Vercel経由なし)でAIコードセキュリティスキャンを実行。
APIキーはOS keychain(SecretStorage)に安全保存。Claudeオプション対応。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-12 17:46:00 +09:00
posimai 6d0df5faae docs: update lucide-react version rule for React 19 projects 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-12 17:09:02 +09:00
posimai 75e34733a8 chore(station-b): remove dead renderBinBar function 
Made-with: Cursor
 2026-04-12 13:10:08 +09:00
posimai 4110de7239 fix(station): real monitoring for Vercel/GitHub via proxy, fix ok logic, health content check 
Made-with: Cursor
 2026-04-12 13:07:23 +09:00
posimai 65c358c58d fix(station): dead code cleanup, 0pct ring bug, Syncthing removal, SRI, canvas pause 
Made-with: Cursor
 2026-04-12 10:43:17 +09:00
posimai 7aa79f4a7d fix: station VPS Users/Node ハイフン・CPU リング 0% 表示修正 
Made-with: Cursor
 2026-04-12 08:13:58 +09:00
posimai b8b8cf9c52 docs: update DESIGN.md based on Claude Code feedback 
Made-with: Cursor
 2026-04-12 06:46:31 +09:00
posimai c4d7a1d787 docs: add DESIGN.md and update AI rules to reference it 
Made-with: Cursor
 2026-04-12 00:54:59 +09:00
posimai b2a8f60cc0 chore: STATUS.md 更新(セッション3 セキュリティ修正記録) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 23:05:28 +09:00
posimai 47c75cae4f fix: Together API に投稿前グループメンバー確認を追加 
/together/share, /together/react, /together/comments の各書き込みエンドポイントに
together_members テーブルでのメンバーチェックを追加。
非メンバーによる投稿・リアクション・コメントを 403 で拒否する。

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 23:03:49 +09:00
posimai 10402464c5 feat: 購入後マジックリンクメール自動送信 + TTS に purchaseMiddleware 接続 
Made-with: Cursor
 2026-04-11 15:05:23 +09:00
posimai 5f371c3eee chore: STATUS.md 更新(認証統一・Eiji テスト準備完了) 
Made-with: Cursor
 2026-04-11 14:54:28 +09:00
posimai 85bd0cc879 fix: store URL を store.posimai.soar-enrich.com に統一 
Made-with: Cursor
 2026-04-11 14:36:33 +09:00
posimai 1d9c2b5f3d docs: new-app-guide.md を現行状態に全面更新 
- create-app.sh の Step 8(ダッシュボード自動更新)を反映
- テンプレートを _template-minimal 一本化に変更
- Alpine.js をパターンBとして追加(ビルド不要・reactive state)
- SW キャッシュ更新タイミングの方針を明記
- 実装チェックリストを追加
- 旧手動ステップ(自動化済み)を削除・整理

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 12:05:03 +09:00
posimai 5538cde753 chore: _template-minimal 現行化 + create-app.sh ダッシュボード自動更新 
- _template-minimal/sw.js: skipWaiting() 追加(デプロイ後の旧キャッシュ残留防止)
- _template-minimal/index.html: JWT token handoff 追加(ダッシュボードからのSSO対応)
- create-app.sh: コピー元を _template → _template-minimal に変更
- create-app.sh: Step 8 追加 — projects.json / timeline / roadmap を自動更新してデプロイまで完結

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 11:44:15 +09:00
posimai ee7b3053e2 fix: 初回アクティベートのレースコンディションを修正 
WHERE device_id IS NULL を追加してアトミックにし、
競合した場合は再取得して照合する

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 06:42:42 +09:00
posimai 04b40a5b67 chore: deploy-server.shにroutes/ディレクトリの転送を追加 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 00:19:05 +09:00
posimai 2cd7795202 feat: Ponshu Room Proライセンス管理をserver.jsへ統合 
- routes/ponshu.js: ライセンス検証・失効エンドポイントを新規追加
  POST /api/ponshu/license/validate (認証不要、モバイルから直接呼ぶ)
  POST /api/ponshu/admin/license/revoke (APIキー認証必須)
- routes/stripe.js: 既存のStripe Webhookハンドラーを抽出し拡張
  metadata.product === 'ponshu_room_pro' の場合にライセンスキーを発行
  Stripe Webhook 冪等性チェック (stripe_session_id) を追加
  Resend でライセンスキーをメール送信
- server.js: ponshu_licenses テーブルをスキーマに追加
  インラインのhandleStripeWebhook関数を routes/stripe.js に置き換え
  ponshuRouterとstripeRouterをマウント

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 00:16:57 +09:00
posimai ada6eba333 fix: security — invite_code leakage, Atlas token in URL, RSS err.message exposure 
- GET /together/groups/🆔 SELECT * -> SELECT id, name, created_at (invite_code 除外)
- Atlas github/vercel/tailscale-scan: token を query param から Authorization header へ移行
- /events/rss: err.message をクライアント返却しないよう固定メッセージに置換

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-11 00:05:18 +09:00
posimai dbc30494bd fix: emoji violation in shadow-logger, SW lifecycle fix in veil, doc analytics exception 2026-04-10 21:34:44 +09:00
posimai 8007371daa docs: update STATUS.md with 2026-04-10 session work and clarify deferred tasks 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 17:11:58 +09:00
posimai 5b17d9215c docs: merge security fixes and next steps into server-refactor-plan 
- Add section 6: 7 security/reliability fixes applied 2026-04-10
  (SSRF guard, size limits, pool config, error handler)
- Add section 7: POST /save async pattern documentation
- Add section 10: prioritized next steps (commercialization + refactor tracks)
- Add completion history table
- Update line number estimates to reflect additions
- Update current line count to ~3130

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 14:00:15 +09:00
posimai 8fdc047b7f docs: add server.js refactor plan for shared AI context 
- 現状構造・セクション別行数・共有変数依存マップを記録
- 目標構造(lib/ + routes/ 分割案)を設計
- 実施タイミング判断基準・フェーズ別手順を記載
- CLAUDE.md / AGENTS.md の参照ドキュメントリストに追加

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 08:25:43 +09:00
posimai e3e6ebca7d docs: update design-system font to Geist + fix create-app.sh Gitea auth 
- design-system.md: Inter → Geist
- create-app.sh: GITEA_TOKEN fallback → git credential store

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 08:13:04 +09:00
posimai 7cf305fdc0 chore: update templates — Geist font, Lucide integrity, JWT token handoff 
- Inter → Geist font
- Lucide SRI integrity hash added
- init_key (legacy API key) → token (JWT) cross-domain handoff

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 08:09:36 +09:00
posimai 82a094f2f2 fix: refuse to start if JWT_SECRET is not set in environment 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-10 07:55:08 +09:00
posimai 5de1174363 fix: Together/Jina に SSRF ガード + Jina レスポンスサイズ上限 1MB 2026-04-09 23:49:25 +09:00
posimai 5a3a510331 fix: SSRF blocklist + レスポンスサイズ制限 + DB pool max 15 + pool.on(error) 2026-04-09 23:45:55 +09:00
posimai 1336b20c90 fix: POST /save と quick-save を即時保存に変更 — fetchMeta/Jina/AI をバックグラウンドへ移動してラグ解消 2026-04-09 20:48:17 +09:00
posimai e4bd0a1901 docs: update master-architecture to 2026-04-06 — Supabase撤退・DNS確定・残タスク整理 
- Together VPS移行完了・Supabase撤退を反映
- ワイルドカードDNS確認済み・reading_history VPS修正済みを記録
- セキュリティ修正(WebSocket/SSRF/e.message)をdecision logに追加
- STATUS.md を 2026-04-06 版に更新
 2026-04-06 17:05:47 +09:00
posimai d65ccba724 chore: remove stale Supabase Edge Function deploy reference 2026-04-06 16:54:01 +09:00
posimai 3cd8ebd0b6 fix: Feed API POST auth gate + sanitize e.message in error responses 2026-04-06 09:09:26 +09:00
posimai 9e90008575 fix: WebSocket auth gate + SSRF private IP blocklist in posimai-dev 2026-04-06 00:39:18 +09:00
posimai c24c710f33 chore: add STATUS.md, AI execution permissions, code source-of-truth to CLAUDE.md/AGENTS.md 2026-04-05 23:25:19 +09:00
posimai 225fa7b8f7 docs: update master-architecture to 2026-04-05 — OAuth/Stripe/VOICEVOX/Uptime Kuma port 2026-04-05 23:19:58 +09:00
posimai 7580c79f05 fix: Uptime Kuma port 3001→3002 2026-04-05 22:44:25 +09:00
posimai fc00b16a13 chore: remove Syncthing from station, revert to 2-col services grid 2026-04-05 22:36:54 +09:00
posimai 3a1b6cff1e chore: add Uptime Kuma to station services, 3-col grid 2026-04-05 22:19:22 +09:00
posimai 2e326605cb feat: include plan in JWT, update session/verify to use plan column 2026-04-05 15:03:04 +09:00
posimai 8fdcb65f4b fix: skip express.json for stripe webhook to preserve raw body 2026-04-05 14:54:39 +09:00
posimai 955da8899b fix: allow server-to-server requests to /health without CORS block 2026-04-05 14:02:55 +09:00
posimai 8e9f232dba feat: stripe webhook plan upgrade/downgrade, add plan/subscription columns 2026-04-05 14:01:41 +09:00
posimai c7b6d0b2d3 feat: add Feed background RSS fetch job and /feed/articles endpoint 2026-04-05 12:29:48 +09:00
posimai ac8cc6db81 fix: security hardening round 2 
- CORS: origin=null now rejected (was: allowed as same-origin)
- CORS: regex tightened to [\w-]+ to prevent subdomain bypass
- CORS: add *.posimai.soar-enrich.com and posimai.soar-enrich.com explicitly
- Stripe webhook: fix regex capture groups + add uppercase hex support

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-05 03:01:06 +09:00
posimai 0590d0995d feat: Stripe Webhook + purchase gate 
- Add POST /api/stripe/webhook (signature verification, no stripe SDK)
- Add purchased_at + stripe_session_id columns to users table (migration)
- Add purchaseMiddleware (apikey users bypass, JWT users check purchased_at)
- Update /auth/session/verify to return purchased status

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-05 02:22:18 +09:00
posimai c53abecbca redesign: posimai-store index-c dark theme, minimal layout 
- Dark theme (#0D0D0D) aligned with all Posimai apps
- Single clear CTA: Posimai Pass 500yen buy-once
- 3-step flow (Stripe to login to use)
- 6 Phase1 apps listed
- Removed Ponshu Room as featured (separate LP later)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-05 02:18:47 +09:00
posimai d6f7b487d0 fix: security hardening for commercial release 
- Fix OAuth (Google/GitHub) DB column bug: SELECT id → SELECT user_id
- Add OAuth CSRF protection via state parameter (Google + GitHub)
- Restrict /health endpoint: detailed info requires authentication
- Add in-memory rate limiter utility (checkRateLimit)
- Add rate limit to passkey login/begin: 10 req/min per IP
- Add rate limit to Gemini AI analysis: 50 articles/hour per user
- Add rate limit to journal suggest-tags: 10 req/hour per user
- Update posimai-dev /api/vps-health proxy to send VPS_API_KEY header

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 23:04:20 +09:00
posimai e4ec2c1226 fix: add --no-verify-jwt to together-archive deploy for Database Webhook auth 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 21:05:46 +09:00
posimai 09ebd18b1e feat: add Google and GitHub OAuth login endpoints 2026-04-04 17:25:26 +09:00
posimai 1f5ae79f11 docs: compress CLAUDE.md/AGENTS.md — remove redundancy, ~40% token reduction 
- 散文説明をコード内コメントに統合
- セクション5を3箇条→1文に圧縮
- 重複する注意書き削除
- 両ファイルを同一内容に統一

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-04 16:36:38 +09:00