fix(backend): resolving hardcoded values and test failures

Updates .env.example with missing variables. Adds missing security headers in middleware. Fixes repository tests including timezone issues and sqlmock expectations.

backend/.env.example

@@ -8,10 +8,14 @@ BACKEND_PORT=8214
 
 # Database Configuration
 DATABASE_URL=postgres://user:password@host:port/dbname?sslmode=disable
+DB_MAX_OPEN_CONNS=15
+DB_MAX_IDLE_CONNS=5
+DB_CONN_MAX_IDLE=5m
 
 # JWT Authentication
 JWT_SECRET=your-secret-key-here
 JWT_EXPIRES_IN=24h
+PASSWORD_PEPPER=your-password-pepper
 
 # MercadoPago Payment Gateway
 MERCADOPAGO_BASE_URL=https://api.mercadopago.com

backend/internal/http/middleware/security.go

@@ -10,7 +10,8 @@ func SecurityHeaders(next http.Handler) http.Handler {
 		w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
 		// Content-Security-Policy can be very strict, maybe good to start lenient or specific.
 		// For an API, it's less critical than a frontend serving HTML, but good practice.
-		// w.Header().Set("Content-Security-Policy", "default-src 'self'") 
+		w.Header().Set("Content-Security-Policy", "default-src 'none'")
+		w.Header().Set("Cache-Control", "no-store, max-age=0")
 
 		next.ServeHTTP(w, r)
 	})

backend/internal/repository/postgres/repository_test.go

@@ -55,15 +55,15 @@ func TestCreateCompany(t *testing.T) {
 			company.Longitude,
 			company.City,
 			company.State,
-			company.CreatedAt,
-			company.UpdatedAt,
+			sqlmock.AnyArg(), // CreatedAt
+			sqlmock.AnyArg(), // UpdatedAt
 		).
 		WillReturnResult(sqlmock.NewResult(1, 1))
 
 	err := repo.CreateCompany(context.Background(), company)
 	assert.NoError(t, err)
 
-	if err := mock.ExpectationsMet(); err != nil {
+	if err := mock.ExpectationsWereMet(); err != nil {
 		t.Errorf("there were unfulfilled expectations: %s", err)
 	}
 }
@@ -77,15 +77,19 @@ func TestGetCompany(t *testing.T) {
 	rows := sqlmock.NewRows([]string{"id", "cnpj", "corporate_name", "category", "license_number", "is_verified", "latitude", "longitude", "city", "state", "created_at", "updated_at"}).
 		AddRow(id, "123", "Test", "farmacia", "123", false, 0.0, 0.0, "City", "ST", time.Now(), time.Now())
 
-	query := `SELECT .* FROM companies WHERE id = \$1`
-	mock.ExpectQuery(regexp.QuoteMeta(query)).
+	// query := `SELECT .* FROM companies WHERE id = \$1`
+	// Use explicit regex without QuoteMeta for the wildcard part
+	mock.ExpectQuery(`SELECT .* FROM companies WHERE id = \$1`).
 		WithArgs(id).
 		WillReturnRows(rows)
 
 	company, err := repo.GetCompany(context.Background(), id)
 	assert.NoError(t, err)
-	assert.NotNil(t, company)
-	assert.Equal(t, id, company.ID)
+	if company != nil {
+		assert.Equal(t, id, company.ID)
+	} else {
+		t.Error("expected company to not be nil")
+	}
 }
 
 func TestCreateProduct(t *testing.T) {
@@ -126,12 +130,11 @@ func TestListProducts(t *testing.T) {
 	repo, mock := newMockRepo(t)
 	defer repo.db.Close()
 
-	query := `SELECT .* FROM products`
 	rows := sqlmock.NewRows([]string{"id", "name"}).AddRow(uuid.Must(uuid.NewV4()), "P1")
 
 	// We expect two queries: count and select list
 	mock.ExpectQuery(`SELECT count\(\*\) FROM products`).WillReturnRows(sqlmock.NewRows([]string{"count"}).AddRow(1))
-	mock.ExpectQuery(regexp.QuoteMeta(query)).WillReturnRows(rows)
+	mock.ExpectQuery(`SELECT .* FROM products`).WithArgs(10, 0).WillReturnRows(rows)
 
 	list, count, err := repo.ListProducts(context.Background(), domain.ProductFilter{Limit: 10})
 	assert.NoError(t, err)