update to version v3.0.15

1. Add a prefix to check the password.

index.js

@@ -18,6 +18,10 @@ const defaultConfig = {
 const keySalt = textToArray('hexo-blog-encrypt的作者们都是大帅比!');
 const ivSalt = textToArray('hexo-blog-encrypt是地表最强Hexo加密插件!');
 
+// As we can't detect the wrong password with AES-CBC,
+// so adding an empty tag and check it when decrption.
+const knownPrefix = "<hbe-prefix></hbe-prefix>";
+
 // disable log
 var silent = false;
 
@@ -71,7 +75,7 @@ hexo.extend.filter.register('after_post_render', (data) => {
     dlog('info', `hexo-blog-encrypt: encrypting "${data.title.trim()}" based on Tag: "${tagUsed}".`);
   }
 
-  data.content = data.content.trim();
+  data.content = knownPrefix + data.content.trim();
   data.encrypt = true;
 
   const key = crypto.pbkdf2Sync(password, keySalt, 1024, 32, 'sha256');

lib/blog-encrypt.js

@@ -8,6 +8,10 @@
   const keySalt = textToArray('hexo-blog-encrypt的作者们都是大帅比!');
   const ivSalt = textToArray('hexo-blog-encrypt是地表最强Hexo加密插件!');
 
+// As we can't detect the wrong password with AES-CBC,
+// so adding an empty div and check it when decrption.
+const knownPrefix = "<hbe-prefix></hbe-prefix>";
+
   const mainElement = document.getElementById('hexo-blog-encrypt');
   const wrongPassMessage = mainElement.dataset['wpm'];
   const wrongHashMessage = mainElement.dataset['whm'];
@@ -171,6 +175,11 @@
       const decoder = new TextDecoder();
       const decoded = decoder.decode(result);
 
+      // check the prefix, if not then we can sure here is wrong password.
+      if (!decoded.startsWith(knownPrefix)) {
+        throw "Decode successfully but not start with KnownPrefix.";
+      }
+
       const hideButton = document.createElement('button');
       hideButton.textContent = 'Encrypt again';
       hideButton.type = 'button';

package.json

@@ -34,7 +34,7 @@
     "test": "echo \"Error: no test specified\" && exit 1",
     "lint": "eslint --ext .js ./"
   },
-  "version": "3.0.14",
+  "version": "3.0.15",
   "devDependencies": {
     "eslint": "^6.2.2"
   }