feat: upgrade content encryption with verification prefix and shared constants

- Add MIZUKI-VERIFY: prefix before encryption for fast wrong-password detection
- Centralize crypto constants in exported CRYPTO_CONSTANTS object
- Add verification prefix check in client-side decrypt
- Remove broken import from non-existent types/auth module
- Add pure Node.js encryption round-trip tests (8 cases)

Author: matsuzaka-yuki

src/components/features/auth/PasswordProtection.astro

@@ -97,6 +97,7 @@ const i18nPasswordDecryptRetry = i18n(I18nKey.passwordDecryptRetry);
 	var SALT_LENGTH = 16;
 	var IV_LENGTH = 12;
 	var AUTH_TAG_LENGTH = 16;
+	var VERIFY_PREFIX = "MIZUKI-VERIFY:";
 
 	function base64ToUint8Array(b64) {
 		var bin = atob(b64);
@@ -136,7 +137,11 @@ const i18nPasswordDecryptRetry = i18n(I18nKey.passwordDecryptRetry);
 		var decrypted = await crypto.subtle.decrypt(
 			{ name: "AES-GCM", iv: iv }, aesKey, combined
 		);
-		return new TextDecoder().decode(decrypted);
+		var decoded = new TextDecoder().decode(decrypted);
+		if (!decoded.startsWith(VERIFY_PREFIX)) {
+			throw new Error("Verification prefix mismatch");
+		}
+		return decoded.substring(VERIFY_PREFIX.length);
 	}
 
 	async function attemptUnlock(inputPassword) {

src/components/features/auth/index.ts

@@ -4,9 +4,3 @@
 export { default as Encryptor } from "./Encryptor.astro";
 export { default as PasswordProtection } from "./PasswordProtection.astro";
 export type { EncryptorProps, PasswordProtectionProps } from "./types";
-export type {
-	CopyCodeOptions,
-	DecryptResult,
-	UnlockCallbacks,
-	ValidationMessages,
-} from "./types/auth";

src/utils/crypto-utils.ts

@@ -1,26 +1,49 @@
 import { createCipheriv, createHmac, pbkdf2Sync } from "node:crypto";
 
-const PBKDF2_ITERATIONS = 100000;
-const SALT_LENGTH = 16;
-const IV_LENGTH = 12;
-const KEY_LENGTH = 32;
+// 共享加密常量 — 客户端 PasswordProtection.astro 中的内联脚本必须保持同步
+export const CRYPTO_CONSTANTS = {
+	PBKDF2_ITERATIONS: 100000,
+	SALT_LENGTH: 16,
+	IV_LENGTH: 12,
+	AUTH_TAG_LENGTH: 16,
+	KEY_LENGTH: 32,
+	VERIFY_PREFIX: "MIZUKI-VERIFY:", // 验证前缀：正确解密后内容以此开头
+} as const;
 
+/**
+ * 使用 HMAC-SHA256 派生确定性字节
+ */
 function deriveBytes(key: string, context: string, length: number): Buffer {
-	return createHmac("sha256", key).update(context).digest().subarray(0, length);
+	return createHmac("sha256", key)
+		.update(context)
+		.digest()
+		.subarray(0, length);
 }
 
 /**
- * Encrypt HTML content with AES-256-GCM using PBKDF2-derived key.
- * Salt and IV are deterministic (derived from password + slug) so the same
- * inputs always produce the same ciphertext, enabling sessionStorage caching.
+ * 加密 HTML 内容
  *
- * Output format: base64(salt[16] + iv[12] + authTag[16] + ciphertext)
+ * 协议 v2：在明文前添加验证前缀，使客户端可以快速验证密码是否正确，
+ * 无需等待完整 AES-GCM 解密失败。
+ *
+ * 输出格式：base64(salt[16] + iv[12] + authTag[16] + ciphertext)
+ * 其中 ciphertext = AES-256-GCM-encrypt("MIZUKI-VERIFY:" + html)
  */
 export function encryptContent(
 	html: string,
 	password: string,
 	slug: string,
 ): string {
+	const {
+		PBKDF2_ITERATIONS,
+		SALT_LENGTH,
+		IV_LENGTH,
+		KEY_LENGTH,
+		VERIFY_PREFIX,
+	} = CRYPTO_CONSTANTS;
+
+	const plaintext = VERIFY_PREFIX + html;
+
 	const salt = deriveBytes(password, `salt:${slug}`, SALT_LENGTH);
 	const iv = deriveBytes(password, `iv:${slug}`, IV_LENGTH);
 	const key = pbkdf2Sync(
@@ -33,11 +56,10 @@ export function encryptContent(
 
 	const cipher = createCipheriv("aes-256-gcm", key, iv);
 	const encrypted = Buffer.concat([
-		cipher.update(html, "utf8"),
+		cipher.update(plaintext, "utf8"),
 		cipher.final(),
 	]);
 	const authTag = cipher.getAuthTag();
 
-	const result = Buffer.concat([salt, iv, authTag, encrypted]);
-	return result.toString("base64");
+	return Buffer.concat([salt, iv, authTag, encrypted]).toString("base64");
 }

tests/crypto.test.mjs

@@ -0,0 +1,147 @@
+/**
+ * 加密系统端到端测试
+ * 运行方式: node tests/crypto.test.mjs
+ * 无需任何测试框架依赖
+ */
+import { createCipheriv, createHmac, pbkdf2Sync } from "node:crypto";
+
+// 从源文件复制的常量（必须与 crypto-utils.ts 保持同步）
+const CRYPTO_CONSTANTS = {
+	PBKDF2_ITERATIONS: 100000,
+	SALT_LENGTH: 16,
+	IV_LENGTH: 12,
+	AUTH_TAG_LENGTH: 16,
+	KEY_LENGTH: 32,
+	VERIFY_PREFIX: "MIZUKI-VERIFY:",
+};
+
+// === 服务端加密（复刻 crypto-utils.ts） ===
+function deriveBytes(key, context, length) {
+	return createHmac("sha256", key).update(context).digest().subarray(0, length);
+}
+
+function encryptContent(html, password, slug) {
+	const { PBKDF2_ITERATIONS, SALT_LENGTH, IV_LENGTH, KEY_LENGTH, VERIFY_PREFIX } = CRYPTO_CONSTANTS;
+	const plaintext = VERIFY_PREFIX + html;
+	const salt = deriveBytes(password, `salt:${slug}`, SALT_LENGTH);
+	const iv = deriveBytes(password, `iv:${slug}`, IV_LENGTH);
+	const key = pbkdf2Sync(password, salt, PBKDF2_ITERATIONS, KEY_LENGTH, "sha256");
+	const cipher = createCipheriv("aes-256-gcm", key, iv);
+	const encrypted = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+	const authTag = cipher.getAuthTag();
+	return Buffer.concat([salt, iv, authTag, encrypted]).toString("base64");
+}
+
+// === 客户端解密（复刻 PasswordProtection.astro inline script） ===
+async function clientDecrypt(encData, password) {
+	const { PBKDF2_ITERATIONS, SALT_LENGTH, IV_LENGTH, AUTH_TAG_LENGTH, VERIFY_PREFIX } = CRYPTO_CONSTANTS;
+	const raw = Buffer.from(encData, "base64");
+	const salt = raw.subarray(0, SALT_LENGTH);
+	const iv = raw.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
+	const authTag = raw.subarray(SALT_LENGTH + IV_LENGTH, SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+	const ciphertext = raw.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+
+	const combined = Buffer.concat([ciphertext, authTag]);
+
+	const enc = new TextEncoder();
+	const keyMaterial = await crypto.subtle.importKey("raw", enc.encode(password), "PBKDF2", false, ["deriveKey"]);
+	const aesKey = await crypto.subtle.deriveKey(
+		{ name: "PBKDF2", salt, iterations: PBKDF2_ITERATIONS, hash: "SHA-256" },
+		keyMaterial, { name: "AES-GCM", length: 256 }, false, ["decrypt"],
+	);
+	const decrypted = await crypto.subtle.decrypt({ name: "AES-GCM", iv }, aesKey, combined);
+	const decoded = new TextDecoder().decode(decrypted);
+
+	if (!decoded.startsWith(VERIFY_PREFIX)) {
+		throw new Error("Verification prefix mismatch");
+	}
+	return decoded.substring(VERIFY_PREFIX.length);
+}
+
+// === 测试用例 ===
+const testHtml = "<h1>Hello World</h1><p>这是一篇加密文章的内容</p>";
+const testPassword = "test-password-123";
+const testSlug = "encrypted-test-post";
+
+let passed = 0;
+let failed = 0;
+
+function assert(condition, message) {
+	if (!condition) throw new Error(`Assertion failed: ${message}`);
+}
+
+async function test(name, fn) {
+	try {
+		await fn();
+		console.log(`  ✓ ${name}`);
+		passed++;
+	} catch (err) {
+		console.log(`  ✗ ${name}`);
+		console.log(`    ${err.message}`);
+		failed++;
+	}
+}
+
+console.log("Encryption System Tests\n");
+
+await test("encrypt and decrypt with correct password", async () => {
+	const encrypted = encryptContent(testHtml, testPassword, testSlug);
+	assert(encrypted.length > 0, "ciphertext should not be empty");
+	const decrypted = await clientDecrypt(encrypted, testPassword);
+	assert(decrypted === testHtml, `decrypted content mismatch: got "${decrypted.slice(0, 30)}..."`);
+});
+
+await test("deterministic ciphertext for same inputs", () => {
+	const a = encryptContent(testHtml, testPassword, testSlug);
+	const b = encryptContent(testHtml, testPassword, testSlug);
+	assert(a === b, "same inputs should produce same ciphertext");
+});
+
+await test("reject wrong password", async () => {
+	const encrypted = encryptContent(testHtml, testPassword, testSlug);
+	let threw = false;
+	try {
+		await clientDecrypt(encrypted, "wrong-password");
+	} catch {
+		threw = true;
+	}
+	assert(threw, "wrong password should throw");
+});
+
+await test("different slugs produce different ciphertext", () => {
+	const a = encryptContent(testHtml, testPassword, "slug-a");
+	const b = encryptContent(testHtml, testPassword, "slug-b");
+	assert(a !== b, "different slugs should produce different ciphertext");
+});
+
+await test("CJK content round-trip", async () => {
+	const cjk = "<p>日本語テスト 中文测试 한국어 테스트</p>";
+	const encrypted = encryptContent(cjk, testPassword, testSlug);
+	const decrypted = await clientDecrypt(encrypted, testPassword);
+	assert(decrypted === cjk, "CJK content mismatch");
+});
+
+await test("empty content round-trip", async () => {
+	const encrypted = encryptContent("", testPassword, testSlug);
+	const decrypted = await clientDecrypt(encrypted, testPassword);
+	assert(decrypted === "", "empty content mismatch");
+});
+
+await test("special HTML characters round-trip", async () => {
+	const special = '<div class="test">&amp; &lt; &gt; "quotes" \'single\'</div>';
+	const encrypted = encryptContent(special, testPassword, testSlug);
+	const decrypted = await clientDecrypt(encrypted, testPassword);
+	assert(decrypted === special, "special HTML mismatch");
+});
+
+await test("CRYPTO_CONSTANTS have required fields", () => {
+	assert(CRYPTO_CONSTANTS.PBKDF2_ITERATIONS === 100000, "PBKDF2_ITERATIONS");
+	assert(CRYPTO_CONSTANTS.SALT_LENGTH === 16, "SALT_LENGTH");
+	assert(CRYPTO_CONSTANTS.IV_LENGTH === 12, "IV_LENGTH");
+	assert(CRYPTO_CONSTANTS.AUTH_TAG_LENGTH === 16, "AUTH_TAG_LENGTH");
+	assert(CRYPTO_CONSTANTS.KEY_LENGTH === 32, "KEY_LENGTH");
+	assert(CRYPTO_CONSTANTS.VERIFY_PREFIX === "MIZUKI-VERIFY:", "VERIFY_PREFIX");
+});
+
+console.log(`\nResults: ${passed} passed, ${failed} failed`);
+process.exit(failed > 0 ? 1 : 0);