Merge pull request #185 from slingamn/proxypatch.1

tweaks to webirc functionality

irc/gateways.go

 // WEBIRC <password> <gateway> <hostname> <ip> [:flag1 flag2=x flag3]
 func webircHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 	// only allow unregistered clients to use this command
-	if client.registered {
+	if client.registered || client.proxiedIP != "" {
 		return false
 	}
 
 				key = x
 			}
 
-			// only accept "tls" flag if the gateway's connection to us is secure as well
-			if strings.ToLower(key) == "tls" && client.flags[TLS] {
-				secure = true
+			lkey := strings.ToLower(key)
+			if lkey == "tls" || lkey == "secure" {
+				// only accept "tls" flag if the gateway's connection to us is secure as well
+				if client.flags[TLS] || utils.AddrIsLocal(client.socket.conn.RemoteAddr()) {
+					secure = true
+				}
 			}
 		}
 	}
 // http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
 func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
 	// only allow unregistered clients to use this command
-	if client.registered {
+	if client.registered || client.proxiedIP != "" {
 		return false
 	}
 

irc/utils/net.go

 	return LookupHostname(IPString(addr))
 }
 
+// AddrIsLocal returns whether the address is from a trusted local connection (loopback or unix).
+func AddrIsLocal(addr net.Addr) bool {
+	if tcpaddr, ok := addr.(*net.TCPAddr); ok {
+		return tcpaddr.IP.IsLoopback()
+	}
+	if _, ok := addr.(*net.UnixAddr); ok {
+		return true
+	}
+	return false
+}
+
 // LookupHostname returns the hostname for `addr` if it has one. Otherwise, just returns `addr`.
 func LookupHostname(addr string) string {
 	names, err := net.LookupAddr(addr)