From 59838a016933fe7c68570439a96f475044f28eb6 Mon Sep 17 00:00:00 2001
From: "jaeseung.bae" <jaeseung.bae@linecorp.com>
Date: Tue, 8 Aug 2023 18:04:59 +0900
Subject: [PATCH] fix: side-effect for testing by allowing any connection if
 remote address is empty

---
 cmd/ostracon/commands/show_validator_test.go |  2 ++
 privval/signer_listener_endpoint.go          | 25 ++++++++++++--------
 privval/signer_listener_endpoint_test.go     |  4 ++--
 3 files changed, 19 insertions(+), 12 deletions(-)

diff --git a/cmd/ostracon/commands/show_validator_test.go b/cmd/ostracon/commands/show_validator_test.go
index 9b4c43bf7..5f708d428 100644
--- a/cmd/ostracon/commands/show_validator_test.go
+++ b/cmd/ostracon/commands/show_validator_test.go
@@ -3,6 +3,7 @@ package commands
 import (
 	"bytes"
 	"os"
+	"strings"
 	"sync"
 	"testing"
 
@@ -79,6 +80,7 @@ func TestShowValidatorWithKMS(t *testing.T) {
 	}
 	privval.WithMockKMS(t, dir, chainID, func(addr string, privKey crypto.PrivKey) {
 		config.PrivValidatorListenAddr = addr
+		config.PrivValidatorRemoteAddr = addr[:strings.Index(addr, ":")]
 		require.NoFileExists(t, config.PrivValidatorKeyFile())
 		output, err := captureStdout(func() {
 			err := showValidator(ShowValidatorCmd, nil, config)
diff --git a/privval/signer_listener_endpoint.go b/privval/signer_listener_endpoint.go
index c9f06fa3d..981cdaedb 100644
--- a/privval/signer_listener_endpoint.go
+++ b/privval/signer_listener_endpoint.go
@@ -50,7 +50,7 @@ type SignerListenerEndpoint struct {
 
 	instanceMtx tmsync.Mutex // Ensures instance public methods access, i.e. SendRequest
 
-	allowAddr string
+	allowAddr string // empty value allows all
 }
 
 // NewSignerListenerEndpoint returns an instance of SignerListenerEndpoint.
@@ -195,14 +195,13 @@ func (sl *SignerListenerEndpoint) serviceLoop() {
 		case <-sl.connectRequestCh:
 			{
 				conn, err := sl.acceptNewConnection()
-				remoteAddr := conn.RemoteAddr()
-				if !sl.isAllowedAddr(remoteAddr) {
-					sl.Logger.Info(fmt.Sprintf("deny a connection request from remote address=%s", remoteAddr))
-					conn.Close()
-					continue
-				}
-
 				if err == nil {
+					remoteAddr := conn.RemoteAddr()
+					if !sl.isAllowedAddr(remoteAddr) {
+						sl.Logger.Info(fmt.Sprintf("deny a connection request from remote address=%s", remoteAddr))
+						conn.Close()
+						continue
+					}
 					sl.Logger.Info("SignerListener: Connected")
 
 					// We have a good connection, wait for someone that needs one otherwise cancellation
@@ -225,8 +224,14 @@ func (sl *SignerListenerEndpoint) serviceLoop() {
 }
 
 func (sl *SignerListenerEndpoint) isAllowedAddr(addr net.Addr) bool {
-	addrOnly := addr.String()[:strings.Index(addr.String(), ":")]
-	return sl.allowAddr == addrOnly
+	if len(sl.allowAddr) == 0 {
+		return true
+	}
+	if strings.Contains(addr.String(), ":") {
+		addrOnly := addr.String()[:strings.Index(addr.String(), ":")]
+		return sl.allowAddr == addrOnly
+	}
+	return sl.allowAddr == addr.String()
 }
 
 func (sl *SignerListenerEndpoint) pingLoop() {
diff --git a/privval/signer_listener_endpoint_test.go b/privval/signer_listener_endpoint_test.go
index dcadaa320..4bd620898 100644
--- a/privval/signer_listener_endpoint_test.go
+++ b/privval/signer_listener_endpoint_test.go
@@ -184,12 +184,12 @@ func TestFilterRemoteConnectionByIP(t *testing.T) {
 			}{"127.0.0.1", addrStub{"10.0.0.2:45678"}, false},
 		},
 		{
-			"empty allowIP should deny all",
+			"empty allowIP should allow all",
 			struct {
 				allowIP    string
 				remoteAddr net.Addr
 				expected   bool
-			}{"", addrStub{"127.0.0.1:45678"}, false},
+			}{"", addrStub{"127.0.0.1:45678"}, true},
 		},
 	}
 	for _, tt := range tests {