disables per-user IP limit by default

src/config.ts

@@ -49,7 +49,11 @@ type Config = {
   firebaseRtdbUrl?: string;
   /** Base64-encoded Firebase service account key if using the Firebase RTDB store. */
   firebaseKey?: string;
-  /** Maximum number of IPs per user, after which their token is disabled. */
+  /**
+   * Maximum number of IPs per user, after which their token is disabled.
+   * Users with the manually-assigned `special` role are exempt from this limit.
+   * By default, this is 0, meaning that users are not IP-limited.
+   */
   maxIpsPerUser: number;
   /** Per-IP limit for requests per minute to OpenAI's completions endpoint. */
   modelRateLimit: number;
@@ -102,7 +106,7 @@ export const config: Config = {
   adminKey: getEnvWithDefault("ADMIN_KEY", ""),
   gatekeeper: getEnvWithDefault("GATEKEEPER", "none"),
   gatekeeperStore: getEnvWithDefault("GATEKEEPER_STORE", "memory"),
-  maxIpsPerUser: getEnvWithDefault("MAX_IPS_PER_USER", 20),
+  maxIpsPerUser: getEnvWithDefault("MAX_IPS_PER_USER", 0),
   firebaseRtdbUrl: getEnvWithDefault("FIREBASE_RTDB_URL", undefined),
   firebaseKey: getEnvWithDefault("FIREBASE_KEY", undefined),
   modelRateLimit: getEnvWithDefault("MODEL_RATE_LIMIT", 4),

src/proxy/auth/user-store.ts

@@ -136,7 +136,9 @@ export function authenticate(token: string, ip: string) {
   if (!user.ip.includes(ip)) user.ip.push(ip);
 
   // If too many IPs are associated with the user, disable the account.
-  if (user.ip.length > MAX_IPS_PER_USER && user.type !== "special") {
+  const ipLimit =
+    user.type === "special" || !MAX_IPS_PER_USER ? Infinity : MAX_IPS_PER_USER;
+  if (user.ip.length > ipLimit) {
     disableUser(token, "Too many IP addresses associated with this token.");
     return;
   }
@@ -200,7 +202,7 @@ async function flushUsers() {
   if (numUpdates === 0) {
     return;
   }
-  
+
   await usersRef.update(updates);
   logger.info(
     { users: Object.keys(updates).length },