From a3462e21bc6b36a6e4529c6a84643dc407301be4 Mon Sep 17 00:00:00 2001
From: nai-degen <khoners@protonmail.com>
Date: Sun, 19 May 2024 15:17:25 -0500
Subject: [PATCH] adds config setting for PoW verification timeout

---
 src/config.ts                                 | 10 +++++++
 src/info-page.ts                              | 18 +++++++-----
 src/shared/views/partials/shared_header.ejs   |  3 --
 src/user/web/pow-captcha.ts                   |  6 ++--
 .../views/partials/user_challenge_widget.ejs  | 29 ++++++++++++-------
 src/user/web/views/user_request_token.ejs     |  9 ++----
 6 files changed, 43 insertions(+), 32 deletions(-)

diff --git a/src/config.ts b/src/config.ts
index ed835b2..7d63094 100644
--- a/src/config.ts
+++ b/src/config.ts
@@ -127,6 +127,15 @@ type Config = {
    * details on the available modes.
    */
   powDifficultyLevel: "low" | "medium" | "high" | "extreme";
+  /**
+   * Duration in minutes before a PoW challenge expires. Users' browsers must
+   * solve the challenge within this time frame or it will be rejected.
+   * Defaults to 30 minutes. It should be kept somewhat low to prevent abusive
+   * clients from working on many challenges in parallel, but you may need to
+   * increase this value for higher difficulty levels or older devices will not
+   * be able to solve the challenge in time.
+   */
+  powChallengeTimeout: number;
   /** Per-user limit for requests per minute to text and chat models. */
   textModelRateLimit: number;
   /** Per-user limit for requests per minute to image generation models. */
@@ -322,6 +331,7 @@ export const config: Config = {
   powTokenHours: getEnvWithDefault("POW_TOKEN_HOURS", 24),
   powTokenMaxIps: getEnvWithDefault("POW_TOKEN_MAX_IPS", 2),
   powDifficultyLevel: getEnvWithDefault("POW_DIFFICULTY_LEVEL", "low"),
+  powChallengeTimeout: getEnvWithDefault("POW_CHALLENGE_TIMEOUT", 30),
   firebaseRtdbUrl: getEnvWithDefault("FIREBASE_RTDB_URL", undefined),
   firebaseKey: getEnvWithDefault("FIREBASE_KEY", undefined),
   textModelRateLimit: getEnvWithDefault("TEXT_MODEL_RATE_LIMIT", 4),
diff --git a/src/info-page.ts b/src/info-page.ts
index 12c076c..711ccd5 100644
--- a/src/info-page.ts
+++ b/src/info-page.ts
@@ -16,7 +16,7 @@ const MODEL_FAMILY_FRIENDLY_NAME: { [f in ModelFamily]: string } = {
   gpt4: "GPT-4",
   "gpt4-32k": "GPT-4 32k",
   "gpt4-turbo": "GPT-4 Turbo",
-  "gpt4o": "GPT-4o",
+  gpt4o: "GPT-4o",
   "dall-e": "DALL-E",
   claude: "Claude (Sonnet)",
   "claude-opus": "Claude (Opus)",
@@ -146,11 +146,15 @@ This proxy keeps full logs of all prompts and AI responses. Prompt logs are anon
 
 function getSelfServiceLinks() {
   if (config.gatekeeper !== "user_token") return "";
-  const links = [
-    ["Request a user token", "/user/captcha",],
-    ["Check your user token", "/user/lookup",]
-  ]
-  return `<div style="font-size: 0.8em;">${links.map(([text, link]) => `<a target="_blank" href="${link}">${text}</a>`).join(" / ")}</div><hr />`;
+
+  const links = [["Check your user token", "/user/lookup"]];
+  if (config.captchaMode !== "none") {
+    links.unshift(["Request a user token", "/user/captcha"]);
+  }
+
+  return `<div style="font-size: 0.8em;">${links
+    .map(([text, link]) => `<a target="_blank" href="${link}">${text}</a>`)
+    .join(" / ")}</div><hr />`;
 }
 
 function getServerTitle() {
@@ -262,7 +266,7 @@ if (config.serviceInfoPassword?.length) {
   });
   infoPageRouter.use(checkIfUnlocked);
 }
-infoPageRouter.get("/", handleInfoPage);
+infoPageRouter.get("/", (req, res) => res.sendStatus(204));
 infoPageRouter.get("/status", (req, res) => {
   res.json(buildInfo(req.protocol + "://" + req.get("host"), false));
 });
diff --git a/src/shared/views/partials/shared_header.ejs b/src/shared/views/partials/shared_header.ejs
index bb0d86a..0726364 100644
--- a/src/shared/views/partials/shared_header.ejs
+++ b/src/shared/views/partials/shared_header.ejs
@@ -3,7 +3,6 @@
   <head>
     <meta charset="utf-8" />
     <meta name="csrf-token" content="<%= csrfToken %>" />
-    <!-- prettier-ignore -->
     <title><%= title %></title>
     <style>
       body {
@@ -112,5 +111,3 @@
   </head>
   <body>
     <%- include("partials/shared_flash", { flashData: flash }) %>
-  </body>
-</html>
diff --git a/src/user/web/pow-captcha.ts b/src/user/web/pow-captcha.ts
index 7b26afe..21db1ba 100644
--- a/src/user/web/pow-captcha.ts
+++ b/src/user/web/pow-captcha.ts
@@ -7,8 +7,6 @@ import { config } from "../../config";
 
 /** HMAC key for signing challenges; regenerated on startup */
 const HMAC_KEY = crypto.randomBytes(32).toString("hex");
-/** Expiry time for a challenge in milliseconds */
-const POW_EXPIRY = 1000 * 60 * 30; // 30 minutes
 /** Lockout time after verification in milliseconds */
 const LOCKOUT_TIME = 1000 * 60; // 60 seconds
 
@@ -95,7 +93,7 @@ setInterval(() => {
   }
 
   for (const [key, timestamp] of solves) {
-    if (now - timestamp > POW_EXPIRY) {
+    if (now - timestamp > config.powChallengeTimeout * 1000 * 60) {
       solves.delete(key);
     }
   }
@@ -118,7 +116,7 @@ function generateChallenge(clientIp?: string, token?: string): Challenge {
     m: argon2Params.ARGON2_MEMORY_KB,
     p: argon2Params.ARGON2_PARALLELISM,
     d: targetValue.toString() + "n",
-    e: Date.now() + POW_EXPIRY,
+    e: Date.now() + config.powChallengeTimeout * 1000 * 60,
     ip: clientIp,
     token,
   };
diff --git a/src/user/web/views/partials/user_challenge_widget.ejs b/src/user/web/views/partials/user_challenge_widget.ejs
index f52f797..4770141 100644
--- a/src/user/web/views/partials/user_challenge_widget.ejs
+++ b/src/user/web/views/partials/user_challenge_widget.ejs
@@ -71,25 +71,21 @@
 </style>
 <div style="display: none" id="captcha-container">
   <p>
-    Your device needs to perform a verification task before a user token will be issued. This verification might take
-    anywhere from a few seconds to a few minutes, depending on your device and the proxy's security settings.
+    Your device needs to perform a verification task before you can receive access. This might take anywhere from a few
+    seconds to a few minutes, depending on your device and the proxy's security settings.
   </p>
   <p>Click the button below to start.</p>
   <details>
     <summary>What is this?</summary>
     <p>
-      This is an anti-abuse measure to slow down automated requests. It requires your device's CPU to find a solution to
-      a cryptographic puzzle, after which a user token will be issued.
-    </p>
-    <p>
-      Your browser may slow down during the verification process. If you want to do something else while waiting, reduce
-      the number of workers to reduce the load on your device's CPU.
+      This is an anti-abuse measure designed to slow down automated requests. It requires your device's CPU to find a
+      solution to a cryptographic puzzle, after which a user token will be issued.
     </p>
   </details>
   <details>
     <summary>How long does verification take?</summary>
     <p>
-      The exact time depends on the device you're using and the server's difficulty setting (currently
+      It on the device you're using and the verification task's difficulty level (currently
       <strong><%= difficultyLevel %></strong>). It could take anywhere from a few seconds to a few minutes.
     </p>
   </details>
@@ -97,8 +93,19 @@
     <summary>How often do I need to do this?</summary>
     <p>Once you've earned a user token, you can use it for <%= tokenLifetime %> hours before it expires.</p>
     <p>
-      You can refresh an expired token by returning to this page and completing the verification again, which will be
-      faster than the first time.
+      You can refresh an expired token by returning to this page and verifying again. Subsequent verifications will go
+      faster than the first one.
+    </p>
+  </details>
+  <details>
+    <summary>What is the "Workers" setting?</summary>
+    <p>
+      This controls how many CPU cores will be used to solve the verification task. By default, all of your device's
+      cores will be used to solve the task as quickly as possible.
+    </p>
+    <p>
+      If your device gets too hot or you want to use it for other tasks while verification is in progress, reduce the
+      number of workers to lower the CPU load at the cost of slower verification.
     </p>
   </details>
   <details>
diff --git a/src/user/web/views/user_request_token.ejs b/src/user/web/views/user_request_token.ejs
index 1384aa0..30b0b7a 100644
--- a/src/user/web/views/user_request_token.ejs
+++ b/src/user/web/views/user_request_token.ejs
@@ -18,9 +18,7 @@
 </style>
 
 <h1>Request User Token</h1>
-<p>
-  You can request a temporary user token to use this proxy. The token will be valid for <%= tokenLifetime %> hours.
-</p>
+<p>You can request a temporary user token to use this proxy. The token will be valid for <%= tokenLifetime %> hours.</p>
 <% if (keyRequired) { %>
 <div>
   <p>You need to supply the proxy password to request or refresh a token.</p>
@@ -31,10 +29,7 @@
 </div>
 <% } %>
 <div id="existing-token" style="display: none">
-  <p>
-    It looks like you might have an older temporary user token. You can refresh its expiration by completing a
-    faster verification challenge.
-  </p>
+  <p>It looks like you might have an older temporary user token. If it has expired, you can try to refresh it.</p>
   <strong id="existing-token-value">Existing token:</strong>
 </div>
 <div id="request-buttons">