mai
/
posimai-root
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Root repo: CLAUDE.md, _template, server.js, scripts, deploy scripts
95 Commits 1 Branch 0 Tags 3.9 GiB
HTML 42.6%
JavaScript 36.8%
TypeScript 8.4%
Shell 5.7%
PowerShell 5.3%
Other 1.2%
Go to file
posimai 9e6a2987ed fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 
- server.js: add escapeHtml() and apply to meta.title / error messages (XSS)
- server.js: add startup error log when JWT_SECRET uses insecure default
- posimai-dev/server.js: add URL validation to /api/check to block SSRF
  (blocks cloud metadata IPs, non-http/https protocols)
- ponshu_room_lite/tools/proxy/server.js: remove auth bypass when
  PROXY_AUTH_TOKEN is unset; server now exits on startup if token missing
- .gitignore: add *.sync-conflict-* to prevent Syncthing conflict files
- .stignore: create Syncthing ignore file to exclude .git, node_modules,
  .env from sync (fixes root cause of .git directory sync-conflict files)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 		2026-04-03 08:15:45 +09:00
_template chore: initial backup of root config, templates, and server source 2026-03-17 17:19:20 +09:00
_template-minimal feat: add posimai-ui design system, update template and docs 2026-03-19 10:10:11 +09:00
docs docs: update Chronicle data sources, add Ubuntu PC to architecture 2026-03-31 14:15:26 +09:00
posimai-dev fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 2026-04-03 08:15:45 +09:00
scripts feat: add deploy-dev.sh — scp + restart bypasses Syncthing lag 2026-04-02 19:34:51 +09:00
.gitignore fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 2026-04-03 08:15:45 +09:00
.stignore fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 2026-04-03 08:15:45 +09:00
AGENTS.md docs: restore disaster recovery guide, add to CLAUDE.md and AGENTS.md 2026-03-29 22:30:39 +09:00
APP_IDEAS.md docs: add APP_IDEAS.md, reference in CLAUDE/AGENTS, fix ponshu APK link 2026-03-22 13:27:56 +09:00
CLAUDE.md feat: vercel deploy status in ecosystem bar, deploy rule in CLAUDE.md 2026-04-02 20:04:39 +09:00
claude-settings.json chore: allow Write and Edit tools in settings 2026-03-19 10:02:47 +09:00
create-app.sh feat: add create-app.sh, _template-minimal, update deploy-server.sh (passwordless), update CLAUDE.md 2026-03-17 22:13:39 +09:00
deploy-server.sh fix: update deploy-server.sh to target VPS instead of Synology 2026-03-25 23:23:31 +09:00
package.json feat: add deploy-dev.sh — scp + restart bypasses Syncthing lag 2026-04-02 19:34:51 +09:00
server.js fix: security hardening - XSS, SSRF, proxy auth, Syncthing config 2026-04-03 08:15:45 +09:00