fix: make third-party token encryption fail closed

[Krishnx21]

Summary

• remove the public hardcoded fallback encryption key
• require ENCRYPTION_KEY with at least 32 characters
• introduce a strict versioned authenticated ciphertext format
• reject plaintext and malformed ciphertext instead of returning it unchanged
• validate IV, authentication tag, and ciphertext encoding before decrypting
• document the required encryption key and add security regression tests

Security impact

Previously, deployments missing ENCRYPTION_KEY encrypted sensitive tokens with a publicly known key. decryptToken also silently accepted plaintext values as if they had been decrypted successfully.

Encryption and decryption now fail closed when configuration or ciphertext is invalid.

Verification

• npm run test -- utils/encryption.test.ts utils (29 files, 217 tests passed)
• npm run typecheck
• focused ESLint and git diff --check

npm run build could not start compilation because Windows/OneDrive denied Next.js permission to remove the pre-existing generated .next/diagnostics directory (EPERM).

Fixes #5222

[vercel]

@Krishnx21 is attempting to deploy a commit to the jhasourav07's projects Team on Vercel.

A member of the Team first needs to authorize it.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 41872aeb5b

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Aamod-Dev]

Thanks for putting this together. The code looks clean and solves the issue effectively.

I'm happy to approve this. Great job!

[Aamod-Dev]

Thanks for the contribution. I went through the changes and everything looks solid. The code is readable, well-structured, and aligns with the project conventions.

I'll go ahead and approve this PR. Thanks again for the contribution!

[Aamod-Dev]

Thanks for the contribution. I went through the changes and the overall approach looks good, but there are a few issues that should be addressed before this can be merged. Most of the concerns are related to correctness and maintainability.

• There are merge conflicts with the base branch. Please resolve them to ensure existing functionality isn't broken.

Once these issues are addressed, I'll be happy to take another look. Thanks again for the contribution.

[Aamod-Dev]

Thanks for the contribution. It looks like there are merge conflicts with the base branch. Please rebase and resolve the conflicts so we can proceed with testing and merging. Thanks!

[Krishnx21]

@Aamod007 yeah got it i m working on it .

[Krishnx21]

Rebased and resolved the base-branch conflict. The branch is now based on the latest main (755daa39), and GitHub reports the PR as mergeable.

[github-actions]

🚨 Hey @Krishnx21, the CI Pipeline is failing on this PR and it has been marked as status:blocked.

Please fix the issues before this can be reviewed. Here's how:

1. Run checks locally before pushing:

npm run format:check   # Check Prettier formatting
npm run lint           # Run ESLint
npm run typecheck      # TypeScript type check
npm run test           # Run unit tests (Vitest)
npm run build          # Verify production build passes

2. Auto-fix common issues:

npm run format         # Auto-fix formatting with Prettier
npm run lint -- --fix  # Auto-fix lint errors where possible

3. Check the full failure log here:
👉 View CI Run

Once you push a fix and the CI passes, the status:blocked label will be removed automatically. 💪

[Krishnx21]

@Aamod007 how can i fix this ci issue ?? guide me

[Aamod-Dev]

Thanks for resolving the merge conflicts! Approving.

[github-actions]

🎉 Congratulations @Krishnx21! Your PR has been successfully merged. 🚀

Thank you for contributing to CommitPulse. Your work helps us build a better tool for the community.

⚠️ Important for GSSoC Contributors:
You are strictly advised to join our Discord Server as it is mandatory for all GSSoC participants. All important announcements, point claims, and community discussions happen there.

Keep building! 💻✨