fix: return null instead of throwing on invalid crypto input

[tmdeveloper007]

Closes #442.

Summary of What Has Been Done:
Updated to return instead of throwing on invalid input, preserving the original return type contract. Also fixed the edge case where empty ciphertext could pass validation by changing to in the length check.

Changes Made:

• File: src/lib/crypto.ts

  • Changed return type from to
  • Validation failures now return instead of throwing errors
  • Changed to

• File: src/lib/github-accounts.ts

  • Added filter to remove null tokens in
  • Added filter to remove invalid accounts in

Impact it Made:

• All call sites continue to work without modification
• Invalid token data returns null consistently across the codebase

[vercel]

@tmdeveloper007 is attempting to deploy a commit to the PRIYANSHU DOSHI's projects Team on Vercel.

A member of the Team first needs to authorize it.

[github-actions]

GSSoC Label Checklist 🏷️

@Priyanshu-byte-coder — please apply the appropriate labels before merging:

Difficulty (pick one):

• level:beginner — 20 pts
• level:intermediate — 35 pts
• level:advanced — 55 pts
• level:critical — 80 pts

Quality (optional):

• quality:clean — ×1.2 multiplier
• quality:exceptional — ×1.5 multiplier

Validation (required to score):

• gssoc:approved — counts for points
• gssoc:invalid / gssoc:spam / gssoc:ai-slop — does not score

Type labels (type:*) are auto-detected from files and title. Review and adjust if needed.
Points formula: (difficulty × quality_multiplier) + type_bonus

[tmdeveloper007]

@Priyanshu-byte-coder
Review requestred.

[Priyanshu-byte-coder]

Two issues to resolve before merge:

1. Return type contract changed without auditing callers. The base decryptToken returns string | null — all call sites in github-accounts.ts handle null correctly. This PR appears to change the return type to string and throws instead of returning null. If the existing try/catch wrapper is still present, the thrown errors are silently caught and the validation is dead code. If the try/catch was removed, all callers now receive uncaught exceptions instead of null. Please clarify: keep returning null on invalid input (consistent with existing contract) rather than throwing, so no call sites need to change.

2. Length check edge case. encrypted.length < AUTH_TAG_LENGTH * 2 (i.e., < 32) allows zero-byte ciphertext (length === 32 = auth tag only, empty plaintext). If empty plaintext tokens should be rejected, use <= AUTH_TAG_LENGTH * 2.

[Priyanshu-byte-coder]

Two issues still not resolved + new merge conflict:

1. Merge conflict — branch needs rebase on main before this can proceed.
2. Return type not fixed — decryptToken still throws instead of returning null. Callers in github-accounts.ts expect null on bad input; they will now receive uncaught exceptions. Keep string | null return type and return null from the guard clauses instead of throwing.
3. Length check — encrypted.length < AUTH_TAG_LENGTH * 2 allows zero-byte ciphertext (32 hex chars = 16-byte auth tag + 0 bytes plaintext). Use <= AUTH_TAG_LENGTH * 2 to reject empty plaintext.

[tmdeveloper007]

Thank you for the review. I have addressed both issues:

1. Return type contract preserved: Changed to return instead of throwing. Added filters in and to handle null values gracefully.

2. Length check edge case fixed: Changed to to reject empty ciphertext.

All tests pass (type-check and lint). Please review the updated changes.