fix: 修复 Gemini 账户 refreshToken 解密错误

- 修复 updateAccount 中对已解密数据的二次解密问题
- 改进解密函数，使用固定长度的 IV 避免冒号分隔符问题
- 确保 refreshToken 能正确存储和使用

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

src/services/geminiAccountService.js

@@ -50,9 +50,12 @@ function decrypt(text) {
   if (!text) return '';
   try {
     const key = generateEncryptionKey();
-    const textParts = text.split(':');
-    const iv = Buffer.from(textParts.shift(), 'hex');
-    const encryptedText = Buffer.from(textParts.join(':'), 'hex');
+    // IV 是固定长度的 32 个十六进制字符（16 字节）
+    const ivHex = text.substring(0, 32);
+    const encryptedHex = text.substring(33); // 跳过冒号
+    
+    const iv = Buffer.from(ivHex, 'hex');
+    const encryptedText = Buffer.from(encryptedHex, 'hex');
     const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
     let decrypted = decipher.update(encryptedText);
     decrypted = Buffer.concat([decrypted, decipher.final()]);
@@ -325,7 +328,8 @@ async function updateAccount(accountId, updates) {
   updates.updatedAt = now;
   
   // 检查是否新增了 refresh token
-  const oldRefreshToken = existingAccount.refreshToken ? decrypt(existingAccount.refreshToken) : '';
+  // existingAccount.refreshToken 已经是解密后的值了（从 getAccount 返回）
+  const oldRefreshToken = existingAccount.refreshToken || '';
   let needUpdateExpiry = false;
   
   // 加密敏感字段