awsl-project
diff --git a/‎.gitignore‎
Lines changed: 4 additions & 0 deletions b/‎.gitignore‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎cmd/maxx/main.go‎
Lines changed: 14 additions & 2 deletions b/‎cmd/maxx/main.go‎
Lines changed: 14 additions & 2 deletions
diff --git a/‎internal/core/database.go‎
Lines changed: 18 additions & 2 deletions b/‎internal/core/database.go‎
Lines changed: 18 additions & 2 deletions
diff --git a/‎internal/domain/errors.go‎
Lines changed: 42 additions & 36 deletions b/‎internal/domain/errors.go‎
Lines changed: 42 additions & 36 deletions
diff --git a/‎internal/domain/invite_code.go‎
Lines changed: 121 additions & 0 deletions b/‎internal/domain/invite_code.go‎
Lines changed: 121 additions & 0 deletions
@@ -45,3 +45,7 @@ Thumbs.db
 
 .claude/
 wailsjs/
+
+AGENTS.md
+
+.logs/
@@ -10,8 +10,8 @@ import (
 	"os/exec"
 	"os/signal"
 	"path/filepath"
-	"syscall"
 	"sync/atomic"
+	"syscall"
 	"time"
 
 	"github.com/awsl-project/maxx/internal/adapter/client"
@@ -113,6 +113,8 @@ func main() {
 	modelPriceRepo := sqlite.NewModelPriceRepository(db)
 	tenantRepo := sqlite.NewTenantRepository(db)
 	userRepo := sqlite.NewUserRepository(db)
+	inviteCodeRepo := sqlite.NewInviteCodeRepository(db)
+	inviteCodeUsageRepo := sqlite.NewInviteCodeUsageRepository(db)
 
 	// Initialize cooldown manager with database persistence
 	cooldown.Default().SetRepository(cooldownRepo)
@@ -295,6 +297,8 @@ func main() {
 		attemptRepo,
 		settingRepo,
 		cachedAPITokenRepo,
+		inviteCodeRepo,
+		inviteCodeUsageRepo,
 		cachedModelMappingRepo,
 		usageStatsRepo,
 		responseModelRepo,
@@ -353,7 +357,15 @@ func main() {
 	proxyHandler.SetRequestTracker(requestTracker)
 	adminHandler := handler.NewAdminHandler(adminService, backupService, logPath)
 	adminHandler.SetUserRepo(userRepo)
-	authHandler := handler.NewAuthHandler(authMiddleware, userRepo, tenantRepo, authEnabled)
+	adminHandler.SetAuthEnabled(authEnabled)
+	authHandler := handler.NewAuthHandler(
+		authMiddleware,
+		userRepo,
+		tenantRepo,
+		inviteCodeRepo,
+		inviteCodeUsageRepo,
+		authEnabled,
+	)
 	antigravityHandler := handler.NewAntigravityHandler(adminService, antigravityQuotaRepo, wsHub)
 	antigravityHandler.SetTaskService(antigravityTaskSvc)
 	kiroHandler := handler.NewKiroHandler(adminService)
 
@@ -8,7 +8,6 @@ import (
 	"time"
 
 	"github.com/awsl-project/maxx/internal/adapter/client"
-	"golang.org/x/crypto/bcrypt"
 	_ "github.com/awsl-project/maxx/internal/adapter/provider/claude" // Register claude adapter
 	_ "github.com/awsl-project/maxx/internal/adapter/provider/codex"
 	_ "github.com/awsl-project/maxx/internal/adapter/provider/custom"
@@ -26,6 +25,7 @@ import (
 	"github.com/awsl-project/maxx/internal/service"
 	"github.com/awsl-project/maxx/internal/stats"
 	"github.com/awsl-project/maxx/internal/waiter"
+	"golang.org/x/crypto/bcrypt"
 )
 
 // DatabaseConfig 数据库配置
@@ -67,6 +67,8 @@ type DatabaseRepos struct {
 	ModelPriceRepo            repository.ModelPriceRepository
 	TenantRepo                repository.TenantRepository
 	UserRepo                  repository.UserRepository
+	InviteCodeRepo            repository.InviteCodeRepository
+	InviteCodeUsageRepo       repository.InviteCodeUsageRepository
 }
 
 // ServerComponents 包含服务器运行所需的所有组件
@@ -131,6 +133,8 @@ func InitializeDatabase(config *DatabaseConfig) (*DatabaseRepos, error) {
 	modelPriceRepo := sqlite.NewModelPriceRepository(db)
 	tenantRepo := sqlite.NewTenantRepository(db)
 	userRepo := sqlite.NewUserRepository(db)
+	inviteCodeRepo := sqlite.NewInviteCodeRepository(db)
+	inviteCodeUsageRepo := sqlite.NewInviteCodeUsageRepository(db)
 
 	log.Printf("[Core] Creating cached repositories")
 
@@ -173,6 +177,8 @@ func InitializeDatabase(config *DatabaseConfig) (*DatabaseRepos, error) {
 		ModelPriceRepo:            modelPriceRepo,
 		TenantRepo:                tenantRepo,
 		UserRepo:                  userRepo,
+		InviteCodeRepo:            inviteCodeRepo,
+		InviteCodeUsageRepo:       inviteCodeUsageRepo,
 	}
 
 	log.Printf("[Core] Database initialized successfully")
@@ -336,6 +342,8 @@ func InitializeServerComponents(
 		repos.AttemptRepo,
 		repos.SettingRepo,
 		repos.CachedAPITokenRepo,
+		repos.InviteCodeRepo,
+		repos.InviteCodeUsageRepo,
 		repos.CachedModelMappingRepo,
 		repos.UsageStatsRepo,
 		repos.ResponseModelRepo,
@@ -372,7 +380,14 @@ func InitializeServerComponents(
 	} else {
 		log.Println("Admin API authentication is disabled (no MAXX_ADMIN_PASSWORD set)")
 	}
-	authHandler := handler.NewAuthHandler(authMiddleware, repos.UserRepo, repos.TenantRepo, authEnabled)
+	authHandler := handler.NewAuthHandler(
+		authMiddleware,
+		repos.UserRepo,
+		repos.TenantRepo,
+		repos.InviteCodeRepo,
+		repos.InviteCodeUsageRepo,
+		authEnabled,
+	)
 
 	log.Printf("[Core] Creating handlers")
 	tokenAuthMiddleware := handler.NewTokenAuthMiddleware(repos.CachedAPITokenRepo, repos.SettingRepo)
@@ -384,6 +399,7 @@ func InitializeServerComponents(
 	)
 	adminHandler := handler.NewAdminHandler(adminService, backupService, logPath)
 	adminHandler.SetUserRepo(repos.UserRepo)
+	adminHandler.SetAuthEnabled(authEnabled)
 	antigravityHandler := handler.NewAntigravityHandler(adminService, repos.AntigravityQuotaRepo, wailsBroadcaster)
 	kiroHandler := handler.NewKiroHandler(adminService)
 	codexHandler := handler.NewCodexHandler(adminService, repos.CodexQuotaRepo, wailsBroadcaster)
 
@@ -1,63 +1,69 @@
 package domain
 
 import (
-    "errors"
-    "fmt"
-    "time"
+	"errors"
+	"fmt"
+	"time"
 )
 
 var (
-    ErrNotFound          = errors.New("not found")
-    ErrAlreadyExists     = errors.New("already exists")
-    ErrSlugExists        = errors.New("slug already exists")
-    ErrInvalidInput      = errors.New("invalid input")
-    ErrNoRoutes          = errors.New("no routes available")
-    ErrAllRoutesFailed   = errors.New("all routes failed")
-    ErrFirstByteTimeout  = errors.New("first byte timeout")
-    ErrStreamIdleTimeout = errors.New("stream idle timeout")
-    ErrUpstreamError     = errors.New("upstream error")
-    ErrFormatConversion  = errors.New("format conversion error")
-    ErrUnsupportedFormat = errors.New("unsupported format")
+	ErrNotFound            = errors.New("not found")
+	ErrAlreadyExists       = errors.New("already exists")
+	ErrSlugExists          = errors.New("slug already exists")
+	ErrInvalidInput        = errors.New("invalid input")
+	ErrInvalidState        = errors.New("invalid state")
+	ErrNoRoutes            = errors.New("no routes available")
+	ErrAllRoutesFailed     = errors.New("all routes failed")
+	ErrFirstByteTimeout    = errors.New("first byte timeout")
+	ErrStreamIdleTimeout   = errors.New("stream idle timeout")
+	ErrUpstreamError       = errors.New("upstream error")
+	ErrFormatConversion    = errors.New("format conversion error")
+	ErrUnsupportedFormat   = errors.New("unsupported format")
+	ErrInviteCodeRequired  = errors.New("invite code required")
+	ErrInviteCodeInvalid   = errors.New("invite code invalid")
+	ErrInviteCodeExpired   = errors.New("invite code expired")
+	ErrInviteCodeExhausted = errors.New("invite code exhausted")
+	ErrInviteCodeDisabled  = errors.New("invite code disabled")
 )
 
 // ProxyError represents an error during proxy execution
 type ProxyError struct {
-    Err                error
-    Retryable          bool
-    Message            string
-    RetryAfter         time.Duration // Suggested retry delay (from 429 responses)
-    CooldownUntil      *time.Time    // Absolute cooldown end time
-    CooldownClientType string        // ClientType for cooldown (empty = all client types)
-    CooldownUpdateChan chan time.Time // Channel for async cooldown updates (optional)
-    RateLimitInfo      *RateLimitInfo // Additional rate limit information
-    IsServerError      bool          // True for 5xx errors (triggers incremental cooldown)
-    IsNetworkError     bool          // True for network errors (connection timeout, DNS failure, etc.)
-    HTTPStatusCode     int           // HTTP status code (for logging and error handling)
+	Err                error
+	Retryable          bool
+	Message            string
+	RetryAfter         time.Duration  // Suggested retry delay (from 429 responses)
+	CooldownUntil      *time.Time     // Absolute cooldown end time
+	CooldownClientType string         // ClientType for cooldown (empty = all client types)
+	CooldownUpdateChan chan time.Time // Channel for async cooldown updates (optional)
+	RateLimitInfo      *RateLimitInfo // Additional rate limit information
+	IsServerError      bool           // True for 5xx errors (triggers incremental cooldown)
+	IsNetworkError     bool           // True for network errors (connection timeout, DNS failure, etc.)
+	HTTPStatusCode     int            // HTTP status code (for logging and error handling)
 }
 
 // RateLimitInfo contains detailed rate limit information from providers
 type RateLimitInfo struct {
-    Type             string    // Type of rate limit: "quota_exhausted", "rate_limit_exceeded", "concurrent", etc.
-    QuotaResetTime   time.Time // When quota resets (for quota exhaustion)
-    RetryHintMessage string    // Original error message with retry hints
-    ClientType       string    // Affected client type (empty = all)
+	Type             string    // Type of rate limit: "quota_exhausted", "rate_limit_exceeded", "concurrent", etc.
+	QuotaResetTime   time.Time // When quota resets (for quota exhaustion)
+	RetryHintMessage string    // Original error message with retry hints
+	ClientType       string    // Affected client type (empty = all)
 }
 
 func (e *ProxyError) Error() string {
-    if e.Message != "" {
-        return fmt.Sprintf("%s: %v", e.Message, e.Err)
-    }
-    return e.Err.Error()
+	if e.Message != "" {
+		return fmt.Sprintf("%s: %v", e.Message, e.Err)
+	}
+	return e.Err.Error()
 }
 
 func (e *ProxyError) Unwrap() error {
-    return e.Err
+	return e.Err
 }
 
 func NewProxyError(err error, retryable bool) *ProxyError {
-    return &ProxyError{Err: err, Retryable: retryable}
+	return &ProxyError{Err: err, Retryable: retryable}
 }
 
 func NewProxyErrorWithMessage(err error, retryable bool, msg string) *ProxyError {
-    return &ProxyError{Err: err, Retryable: retryable, Message: msg}
+	return &ProxyError{Err: err, Retryable: retryable, Message: msg}
 }
@@ -0,0 +1,121 @@
+package domain
+
+import (
+	"crypto/sha256"
+	"encoding/hex"
+	"strings"
+	"time"
+	"unicode"
+)
+
+// InviteCodeStatus represents the status of an invite code.
+type InviteCodeStatus string
+
+const (
+	InviteCodeStatusActive   InviteCodeStatus = "active"
+	InviteCodeStatusDisabled InviteCodeStatus = "disabled"
+)
+
+// InviteCodeInvalidPrefix is returned when a code cannot be normalized.
+const InviteCodeInvalidPrefix = "<invalid-invite>"
+
+// InviteCode represents an invitation code used for registration.
+type InviteCode struct {
+	ID        uint64     `json:"id"`
+	CreatedAt time.Time  `json:"createdAt"`
+	UpdatedAt time.Time  `json:"updatedAt"`
+	DeletedAt *time.Time `json:"deletedAt,omitempty"`
+
+	TenantID uint64 `json:"tenantID"`
+
+	CodeHash   string           `json:"-"`
+	CodePrefix string           `json:"codePrefix"`
+	Status     InviteCodeStatus `json:"status"`
+
+	MaxUses   uint64 `json:"maxUses"`
+	UsedCount uint64 `json:"usedCount"`
+
+	ExpiresAt *time.Time `json:"expiresAt,omitempty"`
+
+	CreatedByUserID uint64 `json:"createdByUserID"`
+	Note            string `json:"note,omitempty"`
+}
+
+// InviteCodeUsage records a usage event for an invite code.
+type InviteCodeUsage struct {
+	ID        uint64    `json:"id"`
+	CreatedAt time.Time `json:"createdAt"`
+	UpdatedAt time.Time `json:"updatedAt"`
+
+	TenantID     uint64    `json:"tenantID"`
+	InviteCodeID uint64    `json:"inviteCodeID"`
+	UserID       uint64    `json:"userID"`
+	Username     string    `json:"username"`
+	UsedAt       time.Time `json:"usedAt"`
+
+	IP        string `json:"ip"`
+	UserAgent string `json:"userAgent"`
+
+	Result     string `json:"result"`
+	Reason     string `json:"reason,omitempty"`
+	RolledBack bool   `json:"rolledBack,omitempty"`
+}
+
+// InviteCodeCreateItem contains a newly created invite code and its plain text.
+type InviteCodeCreateItem struct {
+	Code       string      `json:"code"`
+	InviteCode *InviteCode `json:"inviteCode"`
+}
+
+// InviteCodeCreateResult is returned when creating invite codes.
+type InviteCodeCreateResult struct {
+	Items []InviteCodeCreateItem `json:"items"`
+}
+
+// NormalizeInviteCode trims and normalizes an invite code for hashing.
+func NormalizeInviteCode(code string) string {
+	var b strings.Builder
+	b.Grow(len(code))
+	for _, r := range code {
+		if unicode.IsSpace(r) {
+			continue
+		}
+		if isDashRune(r) {
+			continue
+		}
+		b.WriteRune(r)
+	}
+	return strings.ToUpper(b.String())
+}
+
+func isDashRune(r rune) bool {
+	switch {
+	case r == '-':
+		return true
+	case r >= 0x2010 && r <= 0x2015:
+		return true
+	case r == 0x2212, r == 0xFE58, r == 0xFE63, r == 0xFF0D:
+		return true
+	default:
+		return false
+	}
+}
+
+// HashInviteCode returns a SHA-256 hex hash for the given invite code.
+func HashInviteCode(code string) string {
+	normalized := NormalizeInviteCode(code)
+	sum := sha256.Sum256([]byte(normalized))
+	return hex.EncodeToString(sum[:])
+}
+
+// InviteCodePrefix returns a short prefix for display.
+func InviteCodePrefix(code string) string {
+	normalized := NormalizeInviteCode(code)
+	if normalized == "" {
+		return InviteCodeInvalidPrefix
+	}
+	if len(normalized) <= 8 {
+		return normalized
+	}
+	return normalized[:8]
+}