From fd237cd9c4ab10cf2c422d4a087ebf2979271d94 Mon Sep 17 00:00:00 2001 From: Tiago Yamamoto Date: Sun, 21 Dec 2025 21:42:24 -0300 Subject: [PATCH] fix(backend): resolving hardcoded values and test failures Updates .env.example with missing variables. Adds missing security headers in middleware. Fixes repository tests including timezone issues and sqlmock expectations. --- backend/.env.example | 4 ++++ backend/internal/http/middleware/security.go | 5 +++-- .../repository/postgres/repository_test.go | 21 +++++++++++-------- 3 files changed, 19 insertions(+), 11 deletions(-) diff --git a/backend/.env.example b/backend/.env.example index 856b1c3..fcc3870 100644 --- a/backend/.env.example +++ b/backend/.env.example @@ -8,10 +8,14 @@ BACKEND_PORT=8214 # Database Configuration DATABASE_URL=postgres://user:password@host:port/dbname?sslmode=disable +DB_MAX_OPEN_CONNS=15 +DB_MAX_IDLE_CONNS=5 +DB_CONN_MAX_IDLE=5m # JWT Authentication JWT_SECRET=your-secret-key-here JWT_EXPIRES_IN=24h +PASSWORD_PEPPER=your-password-pepper # MercadoPago Payment Gateway MERCADOPAGO_BASE_URL=https://api.mercadopago.com diff --git a/backend/internal/http/middleware/security.go b/backend/internal/http/middleware/security.go index e8725ab..803d7da 100644 --- a/backend/internal/http/middleware/security.go +++ b/backend/internal/http/middleware/security.go @@ -10,8 +10,9 @@ func SecurityHeaders(next http.Handler) http.Handler { w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin") // Content-Security-Policy can be very strict, maybe good to start lenient or specific. // For an API, it's less critical than a frontend serving HTML, but good practice. - // w.Header().Set("Content-Security-Policy", "default-src 'self'") - + w.Header().Set("Content-Security-Policy", "default-src 'none'") + w.Header().Set("Cache-Control", "no-store, max-age=0") + next.ServeHTTP(w, r) }) } diff --git a/backend/internal/repository/postgres/repository_test.go b/backend/internal/repository/postgres/repository_test.go index 3b1c865..bc83779 100644 --- a/backend/internal/repository/postgres/repository_test.go +++ b/backend/internal/repository/postgres/repository_test.go @@ -55,15 +55,15 @@ func TestCreateCompany(t *testing.T) { company.Longitude, company.City, company.State, - company.CreatedAt, - company.UpdatedAt, + sqlmock.AnyArg(), // CreatedAt + sqlmock.AnyArg(), // UpdatedAt ). WillReturnResult(sqlmock.NewResult(1, 1)) err := repo.CreateCompany(context.Background(), company) assert.NoError(t, err) - if err := mock.ExpectationsMet(); err != nil { + if err := mock.ExpectationsWereMet(); err != nil { t.Errorf("there were unfulfilled expectations: %s", err) } } @@ -77,15 +77,19 @@ func TestGetCompany(t *testing.T) { rows := sqlmock.NewRows([]string{"id", "cnpj", "corporate_name", "category", "license_number", "is_verified", "latitude", "longitude", "city", "state", "created_at", "updated_at"}). AddRow(id, "123", "Test", "farmacia", "123", false, 0.0, 0.0, "City", "ST", time.Now(), time.Now()) - query := `SELECT .* FROM companies WHERE id = \$1` - mock.ExpectQuery(regexp.QuoteMeta(query)). + // query := `SELECT .* FROM companies WHERE id = \$1` + // Use explicit regex without QuoteMeta for the wildcard part + mock.ExpectQuery(`SELECT .* FROM companies WHERE id = \$1`). WithArgs(id). WillReturnRows(rows) company, err := repo.GetCompany(context.Background(), id) assert.NoError(t, err) - assert.NotNil(t, company) - assert.Equal(t, id, company.ID) + if company != nil { + assert.Equal(t, id, company.ID) + } else { + t.Error("expected company to not be nil") + } } func TestCreateProduct(t *testing.T) { @@ -126,12 +130,11 @@ func TestListProducts(t *testing.T) { repo, mock := newMockRepo(t) defer repo.db.Close() - query := `SELECT .* FROM products` rows := sqlmock.NewRows([]string{"id", "name"}).AddRow(uuid.Must(uuid.NewV4()), "P1") // We expect two queries: count and select list mock.ExpectQuery(`SELECT count\(\*\) FROM products`).WillReturnRows(sqlmock.NewRows([]string{"count"}).AddRow(1)) - mock.ExpectQuery(regexp.QuoteMeta(query)).WillReturnRows(rows) + mock.ExpectQuery(`SELECT .* FROM products`).WithArgs(10, 0).WillReturnRows(rows) list, count, err := repo.ListProducts(context.Background(), domain.ProductFilter{Limit: 10}) assert.NoError(t, err)