Temporary usertokens via proof-of-work challenge (khanon/oai-reverse-proxy!68)

.env.example

@@ -46,6 +46,8 @@ NODE_ENV=production
 # 'azure-dall-e' to the list of allowed model families.
 # ALLOWED_MODEL_FAMILIES=turbo,gpt4,gpt4-32k,gpt4-turbo,gpt4o,claude,claude-opus,gemini-pro,mistral-tiny,mistral-small,mistral-medium,mistral-large,aws-claude,aws-claude-opus,azure-turbo,azure-gpt4,azure-gpt4-32k,azure-gpt4-turbo,azure-gpt4o
 
+# IP addresses or CIDR blocks from which requests will be blocked.
+# IP_BLACKLIST=10.0.0.1/24
 # URLs from which requests will be blocked.
 # BLOCKED_ORIGINS=reddit.com,9gag.com
 # Message to show when requests are blocked.
@@ -74,6 +76,12 @@ NODE_ENV=production
 # Detail level of logging. (trace | debug | info | warn | error)
 # LOG_LEVEL=info
 
+# Captcha verification settings. Refer to docs/pow-captcha.md for guidance.
+# CAPTCHA_MODE=none
+# POW_TOKEN_HOURS=24
+# POW_TOKEN_MAX_IPS=2
+# POW-DIFFICULTY_LEVEL=low
+
 # ------------------------------------------------------------------------------
 # Optional settings for user management, access control, and quota enforcement:
 # See `docs/user-management.md` for more information and setup instructions.
@@ -136,6 +144,10 @@ AZURE_CREDENTIALS=azure-resource-name:deployment-id:api-key,another-azure-resour
 
 # With user_token gatekeeper, the admin password used to manage users.
 # ADMIN_KEY=your-very-secret-key
+# To restrict access to the admin interface to specific IP addresses, set the
+# ADMIN_WHITELIST environment variable to a comma-separated list of CIDR blocks.
+# ADMIN_WHITELIST=0.0.0.0/0
+
 
 # With firebase_rtdb gatekeeper storage, the Firebase project credentials.
 # FIREBASE_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx