fixes refreshed PoW tokens not actually being reactivated

src/shared/users/user-store.ts

@@ -299,10 +299,11 @@ export function disableUser(token: string, reason?: string) {
   if (!user) return;
   user.disabledAt = Date.now();
   user.disabledReason = reason;
-  if (user.meta) {
+  if (!user.meta) {
-    // manually banned tokens cannot be refreshed
+    user.meta = {};
-    user.meta.refreshable = false;
   }
+  // manually banned tokens cannot be refreshed
+  user.meta.refreshable = false;
   usersToFlush.add(token);
 }
 
@@ -418,7 +419,8 @@ function getModelFamilyForQuotaUsage(
   // differentiate between Azure and OpenAI variants of the same model.
   if (model.includes("azure")) return getAzureOpenAIModelFamily(model);
   if (model.includes("anthropic.")) return getAwsBedrockModelFamily(model);
-  if (model.startsWith("claude-") && model.includes("@")) return getGcpModelFamily(model);
+  if (model.startsWith("claude-") && model.includes("@"))
+    return getGcpModelFamily(model);
 
   switch (api) {
     case "openai":

src/user/web/pow-captcha.ts

@@ -300,6 +300,8 @@ router.post("/verify", async (req, res) => {
     const user = getUser(challenge.token);
     if (user) {
       user.expiresAt = Date.now() + config.powTokenHours * 60 * 60 * 1000;
+      user.disabledAt = undefined;
+      user.disabledReason = undefined;
       upsertUser(user);
       req.log.info(
         { token: `...${challenge.token.slice(-5)}` },