feat: remove Turnstile CAPTCHA from seal creation API

- Removed Turnstile token validation and import from create-seal route for simplified user experience
- Added debug logging to encryption process and API response handling
- Refactored vault page to handle async params with useState/useEffect
- Updated unlock date input to use proper label and tooltip structure

Author: teycir

app/api/create-seal/route.ts

@@ -10,7 +10,6 @@ import {
 } from "@/lib/validation";
 import { ErrorCode, createErrorResponse } from "@/lib/errors";
 import { validateHTTPMethod, validateOrigin } from "@/lib/security";
-import { validateTurnstile } from "@/lib/turnstile";
 
 export async function POST(request: NextRequest) {
   if (!validateHTTPMethod(request, ["POST"])) {
@@ -31,7 +30,6 @@ export async function POST(request: NextRequest) {
   return createAPIRoute(
     async ({ container, request: ctx, ip }) => {
       const formData = await ctx.formData();
-      const turnstileToken = formData.get("cf-turnstile-response") as string;
       const encryptedBlob = formData.get("encryptedBlob") as File;
       const keyB = formData.get("keyB") as string;
       const iv = formData.get("iv") as string;
@@ -41,15 +39,6 @@ export async function POST(request: NextRequest) {
         ? parseInt(formData.get("pulseInterval") as string)
         : undefined;
 
-      if (!turnstileToken) {
-        return createErrorResponse(ErrorCode.INVALID_INPUT, "Turnstile token required");
-      }
-
-      const turnstileValid = await validateTurnstile(turnstileToken, ip);
-      if (!turnstileValid) {
-        return createErrorResponse(ErrorCode.INVALID_INPUT, "Turnstile validation failed");
-      }
-
       if (!encryptedBlob || !keyB || !iv || !unlockTime || isNaN(unlockTime)) {
         return createErrorResponse(
           ErrorCode.INVALID_UNLOCK_TIME,

app/page.tsx

@@ -372,6 +372,8 @@ export default function HomePage() {
 
       const data = await response.json() as { success: boolean; publicUrl: string; pulseToken?: string; receipt?: any; error?: string };
 
+      console.log('[CREATE-SEAL] Response:', response.status, data);
+
       if (data.success) {
         setEncryptionProgress(95);
         const origin = globalThis.window ? globalThis.window.location.origin : '';
@@ -724,11 +726,12 @@ export default function HomePage() {
                         exit={{ opacity: 0, height: 0 }}
                         className="relative z-50"
                       >
-                        <div className="block text-sm mb-2 text-neon-green/80 font-bold tooltip">
+                        <label htmlFor="unlock-date" className="block text-sm mb-2 text-neon-green/80 font-bold">
                           UNLOCK DATE & TIME
-                          <span className="tooltip-text">Select when the seal will automatically unlock. Must be at least 1 minute in the future.</span>
-                        </div>
+                        </label>
+                        <p className="text-xs text-neon-green/50 mb-2">Select when the seal will automatically unlock. Must be at least 1 minute in the future.</p>
                         <input
+                          id="unlock-date"
                           type="datetime-local"
                           value={unlockDate}
                           onChange={(e) => setUnlockDate(e.target.value)}

app/v/[id]/page.tsx

@@ -20,11 +20,14 @@ interface SealStatus {
 }
 
 export default function VaultPage({ params }: { params: Promise<{ id: string }> }) {
-  return <VaultPageWrapper params={params} />;
-}
+  const [id, setId] = useState<string | null>(null);
+
+  useEffect(() => {
+    params.then(p => setId(p.id));
+  }, [params]);
+
+  if (!id) return null;
 
-async function VaultPageWrapper({ params }: { params: Promise<{ id: string }> }) {
-  const { id } = await params;
   return <VaultPageClient id={id} />;
 }
 

lib/crypto.ts

@@ -85,6 +85,7 @@ export async function encryptData(data: string | File): Promise<EncryptionResult
 
   // Generate random IV
   const iv = crypto.getRandomValues(new Uint8Array(12));
+  console.log('[ENCRYPT] IV length:', iv.length, 'bytes');
 
   // Encrypt with master key
   const encryptedBlob = await crypto.subtle.encrypt(
@@ -96,12 +97,14 @@ export async function encryptData(data: string | File): Promise<EncryptionResult
   // Export keys as base64 strings
   const keyABuffer = await crypto.subtle.exportKey('raw', keyA);
   const keyBBuffer = await crypto.subtle.exportKey('raw', keyB);
+  const ivBase64 = arrayBufferToBase64(iv.buffer);
+  console.log('[ENCRYPT] IV base64 length:', ivBase64.length, 'value:', ivBase64);
 
   return {
     encryptedBlob,
     keyA: arrayBufferToBase64(keyABuffer),
     keyB: arrayBufferToBase64(keyBBuffer),
-    iv: arrayBufferToBase64(iv.buffer),
+    iv: ivBase64,
   };
 }
 
@@ -110,33 +113,43 @@ export async function decryptData(
   encryptedBlob: ArrayBuffer,
   keys: DecryptionKeys
 ): Promise<ArrayBuffer> {
-  // Import keys from base64
-  const keyA = await crypto.subtle.importKey(
-    'raw',
-    base64ToArrayBuffer(keys.keyA),
-    { name: 'AES-GCM' },
-    true,
-    ['decrypt']
-  );
-  
-  const keyB = await crypto.subtle.importKey(
-    'raw',
-    base64ToArrayBuffer(keys.keyB),
-    { name: 'AES-GCM' },
-    true,
-    ['decrypt']
-  );
+  try {
+    // Import keys from base64
+    const keyA = await crypto.subtle.importKey(
+      'raw',
+      base64ToArrayBuffer(keys.keyA),
+      { name: 'AES-GCM' },
+      true,
+      ['decrypt']
+    );
+    
+    const keyB = await crypto.subtle.importKey(
+      'raw',
+      base64ToArrayBuffer(keys.keyB),
+      { name: 'AES-GCM' },
+      true,
+      ['decrypt']
+    );
 
-  // Derive master key
-  const masterKey = await deriveMasterKey(keyA, keyB);
-  
-  // Decrypt
-  const iv = base64ToArrayBuffer(keys.iv);
-  return await crypto.subtle.decrypt(
-    { name: 'AES-GCM', iv },
-    masterKey,
-    encryptedBlob
-  ) as ArrayBuffer;
+    // Derive master key
+    const masterKey = await deriveMasterKey(keyA, keyB);
+    
+    // Decrypt
+    console.log('[DECRYPT] IV base64 received:', keys.iv, 'length:', keys.iv.length);
+    const iv = base64ToArrayBuffer(keys.iv);
+    console.log('[DECRYPT] IV ArrayBuffer byteLength:', iv.byteLength);
+    return await crypto.subtle.decrypt(
+      { name: 'AES-GCM', iv },
+      masterKey,
+      encryptedBlob
+    ) as ArrayBuffer;
+  } catch (error) {
+    // Check if it's an IV length error
+    if (error instanceof Error && error.message.includes('iv')) {
+      throw new Error('This seal was created with an incompatible version. Please create a new seal.');
+    }
+    throw error;
+  }
 }
 
 // Utility functions

lib/validation.ts

@@ -31,7 +31,10 @@ export function validateKey(key: string, name: string): ValidationResult {
   if (!/^[A-Za-z0-9+/=]+$/.test(key)) {
     return { valid: false, error: `${name} must be base64 encoded` };
   }
-  if (key.length < 32 || key.length > 100) {
+  // IV is 12 bytes = 16 chars base64, Keys are 32 bytes = 44 chars base64
+  const minLength = name === 'IV' ? 16 : 32;
+  const maxLength = name === 'IV' ? 16 : 100;
+  if (key.length < minLength || key.length > maxLength) {
     return { valid: false, error: `${name} has invalid length` };
   }
   return { valid: true };