fix(backend): sync config tests with new prod-required fields

Three test failures triggered by changes in 73eca4f6a: 1. TestGetCORSOrigins_EnvironmentDefaults expected dev/staging origins on :8080 but cors.go now generates :18080 (matching the actual backend port from Dockerfile EXPOSE). Test was the stale side. 2. TestLoadConfig_ProdValid and TestValidateForEnvironment_ClamAVRequiredInProduction built a Config literal missing fields that ValidateForEnvironment now requires in production: ChatJWTSecret (must differ from JWTSecret), OAuthEncryptionKey (≥32 bytes), JWTIssuer, JWTAudience. Also explicitly set CLAMAV_REQUIRED=true so validation order is deterministic.
2026-04-14 11:41:54 +02:00 · 2026-04-14 11:41:54 +02:00 · 0d971cc97e
commit 0d971cc97e
parent f54cbd71f4
2 changed files with 36 additions and 21 deletions
--- a/veza-backend-api/internal/config/config_test.go
+++ b/veza-backend-api/internal/config/config_test.go
@ -637,6 +637,7 @@ func TestLoadConfig_ProdValid(t *testing.T) {
 	// Sauvegarder les valeurs originales
 	originalEnv := os.Getenv("APP_ENV")
 	originalCORSOrigins := os.Getenv("CORS_ALLOWED_ORIGINS")
+	originalClamAV := os.Getenv("CLAMAV_REQUIRED")

 	// Nettoyer après le test
 	defer func() {
@ -650,22 +651,32 @@ func TestLoadConfig_ProdValid(t *testing.T) {
 		} else {
 			os.Unsetenv("CORS_ALLOWED_ORIGINS")
 		}
+		if originalClamAV != "" {
+			os.Setenv("CLAMAV_REQUIRED", originalClamAV)
+		} else {
+			os.Unsetenv("CLAMAV_REQUIRED")
+		}
 	}()

 	// Configuration pour production valide
 	os.Setenv("APP_ENV", "production")
+	os.Setenv("CLAMAV_REQUIRED", "true")

-	// Créer une config minimale valide
+	// Créer une config minimale valide (tous les champs requis en prod)
 	cfg := &Config{
-		Env:             "production",
-		JWTSecret:       "test-jwt-secret-key-minimum-32-characters-long",
-		DatabaseURL:     "postgresql://test:test@localhost:5432/test_db",
-		RedisURL:        "redis://localhost:6379",
-		AppPort:         8080,
-		LogLevel:        "INFO",
-		RateLimitLimit:  100,                                                      // Valeur valide pour passer Validate()
-		RateLimitWindow: 60,                                                       // Valeur valide pour passer Validate()
-		CORSOrigins:     []string{"https://app.veza.com", "https://www.veza.com"}, // Valide - pas de wildcard
+		Env:                "production",
+		JWTSecret:          "test-jwt-secret-key-minimum-32-characters-long",
+		ChatJWTSecret:      "test-chat-jwt-secret-distinct-from-jwt-secret-key",
+		OAuthEncryptionKey: "test-oauth-encryption-key-32bytes!",
+		JWTIssuer:          "veza-api",
+		JWTAudience:        "veza-platform",
+		DatabaseURL:        "postgresql://test:test@localhost:5432/test_db",
+		RedisURL:           "redis://localhost:6379",
+		AppPort:            8080,
+		LogLevel:           "INFO",
+		RateLimitLimit:     100,                                                      // Valeur valide pour passer Validate()
+		RateLimitWindow:    60,                                                       // Valeur valide pour passer Validate()
+		CORSOrigins:        []string{"https://app.veza.com", "https://www.veza.com"}, // Valide - pas de wildcard
 	}

 	// Créer un logger minimal pour la config
@ -687,12 +698,12 @@ func TestGetCORSOrigins_EnvironmentDefaults(t *testing.T) {
 		{
 			name:     "development defaults",
 			env:      "development",
-			expected: []string{"http://veza.fr", "http://veza.fr:3000", "http://veza.fr:5173", "http://veza.fr:8080"},
+			expected: []string{"http://veza.fr", "http://veza.fr:3000", "http://veza.fr:5173", "http://veza.fr:18080"},
 		},
 		{
 			name:     "staging defaults",
 			env:      "staging",
-			expected: []string{"http://veza.fr", "http://veza.fr:3000", "http://veza.fr:5173", "http://veza.fr:8080"},
+			expected: []string{"http://veza.fr", "http://veza.fr:3000", "http://veza.fr:5173", "http://veza.fr:18080"},
 		},
 		{
 			name:     "production no defaults",
--- a/veza-backend-api/internal/config/validation_test.go
+++ b/veza-backend-api/internal/config/validation_test.go
@ -399,15 +399,19 @@ func TestValidateForEnvironment_ClamAVRequiredInProduction(t *testing.T) {
 	}()

 	cfg := &Config{
-		Env:             EnvProduction,
-		AppPort:         8080,
-		JWTSecret:       strings.Repeat("a", 32),
-		DatabaseURL:     "postgresql://user:pass@localhost:5432/db",
-		RedisURL:        "redis://localhost:6379",
-		RateLimitLimit:  100,
-		RateLimitWindow: 60,
-		CORSOrigins:     []string{"https://example.com"},
-		LogLevel:        "INFO",
+		Env:                EnvProduction,
+		AppPort:            8080,
+		JWTSecret:          strings.Repeat("a", 32),
+		ChatJWTSecret:      strings.Repeat("b", 32), // ≠ JWTSecret (required in prod)
+		OAuthEncryptionKey: strings.Repeat("c", 32),
+		JWTIssuer:          "veza-api",
+		JWTAudience:        "veza-platform",
+		DatabaseURL:        "postgresql://user:pass@localhost:5432/db",
+		RedisURL:           "redis://localhost:6379",
+		RateLimitLimit:     100,
+		RateLimitWindow:    60,
+		CORSOrigins:        []string{"https://example.com"},
+		LogLevel:           "INFO",
 	}
 	logger, _ := zap.NewDevelopment()
 	cfg.Logger = logger