Fix recorder finalize path and add invite-gated login

server/routers.ts

@@ -1,4 +1,5 @@
 import { COOKIE_NAME, ONE_YEAR_MS } from "@shared/const";
+import { TRPCError } from "@trpc/server";
 import { getSessionCookieOptions } from "./_core/cookies";
 import { systemRouter } from "./_core/systemRouter";
 import { adminProcedure, publicProcedure, protectedProcedure, router } from "./_core/trpc";
@@ -48,11 +49,20 @@ export const appRouter = router({
 
     // Username-based login
     loginWithUsername: publicProcedure
-      .input(z.object({ username: z.string().min(1).max(64) }))
+      .input(z.object({
+        username: z.string().trim().min(1).max(64),
+        inviteCode: z.string().trim().max(64).optional(),
+      }))
       .mutation(async ({ ctx, input }) => {
-        const { user, isNew } = await db.createUsernameAccount(input.username);
+        const username = input.username.trim();
+        const existingUser = await db.getUserByUsername(username);
+        if (!existingUser && !db.isValidRegistrationInvite(input.inviteCode)) {
+          throw new TRPCError({ code: "FORBIDDEN", message: "新用户注册需要正确的邀请码" });
+        }
+
+        const { user, isNew } = await db.createUsernameAccount(username, input.inviteCode);
         const sessionToken = await sdk.createSessionToken(user.openId, {
-          name: user.name || input.username,
+          name: user.name || username,
           expiresInMs: ONE_YEAR_MS,
         });
         const cookieOptions = getSessionCookieOptions(ctx.req);