PROXY: Update some comments, disallow from registered clients

irc/help.go

@@ -361,8 +361,8 @@ Sends the text to the given targets as a PRIVMSG.`,
 		oper: true, // not really, but it's restricted anyways
 		text: `PROXY TCP4/6 <sourceip> <destip> <sourceport> <destport>
 
-Used by haproxy's PROXY protocol, to allow for alternate TLS support:
-http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt`,
+Used by haproxy's PROXY v1 protocol, to allow for alternate TLS support:
+http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt`,
 	},
 	"rename": {
 		text: `RENAME <channel> <newname> [<reason>]

irc/server.go

@@ -2228,12 +2228,18 @@ func userhostHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool
 }
 
 // PROXY TCP4/6 SOURCEIP DESTIP SOURCEPORT DESTPORT
-// http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
+// http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt
 func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
+	// only allow unregistered clients to use this command
+	if client.registered {
+		return false
+	}
+
 	clientAddress := IPString(client.socket.conn.RemoteAddr())
 	clientHostname := client.hostname
 	for _, address := range server.proxyAllowedFrom {
 		if clientHostname == address || clientAddress == address {
+			//TODO(dan): check DLINEs and connection throttling/limits
 			client.proxiedIP = msg.Params[1]
 			client.hostname = LookupHostname(msg.Params[1])
 			return false

oragono.yaml

@@ -67,7 +67,10 @@ server:
 
     # addresses/hostnames the PROXY command can be used from
     # this should be restricted to 127.0.0.1 and localhost at most
-    proxy-allowed-from: []
+    # you should also add these addresses to the connection limits and throttling exemption lists
+    proxy-allowed-from:
+        # - localhost
+        # - "127.0.0.1"
 
     # maximum length of clients' sendQ in bytes
     # this should be big enough to hold /LIST and HELP replies