From d4652fd0f973c351de3baf44a959514e2e188c6e Mon Sep 17 00:00:00 2001
From: Ho Ngoc Hai <hongochai10@icloud.com>
Date: Fri, 10 Apr 2026 23:26:43 +0700
Subject: [PATCH] fix(auth): use env-configurable bcrypt rounds to prevent test
 timeout

HashedPassword.vo.spec.ts was timing out because SALT_ROUNDS=12 is too
expensive for the test runner. Make bcrypt rounds configurable via
BCRYPT_ROUNDS env var (default 12 for production), and set BCRYPT_ROUNDS=4
in vitest config for fast unit tests.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 .env.test                                     | 23 ++++++++++++++++---
 .../value-objects/hashed-password.vo.ts       |  5 +++-
 apps/api/vitest.config.ts                     |  3 +++
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/.env.test b/.env.test
index 047894e..ca72ccb 100644
--- a/.env.test
+++ b/.env.test
@@ -21,14 +21,31 @@ MINIO_SECRET_KEY=test_minio_secret_key_32chars!!
 MINIO_BUCKET=goodgo-uploads
 
 # Auth (deterministic secrets for test reproducibility)
-JWT_SECRET=e2e-test-jwt-secret-key
-JWT_REFRESH_SECRET=e2e-test-refresh-secret-key
+JWT_SECRET=e2e-test-jwt-secret-key-minimum-32-chars-long-enough
+JWT_REFRESH_SECRET=e2e-test-refresh-secret-key-minimum-32-chars-ok
 JWT_EXPIRES_IN=15m
 JWT_REFRESH_EXPIRES_IN=7d
 NODE_ENV=test
 
+# Bcrypt (fast rounds for test — production uses 12+)
+BCRYPT_ROUNDS=4
+
+# OAuth (test stubs)
+GOOGLE_CLIENT_ID=test-google-client-id
+GOOGLE_CLIENT_SECRET=test-google-client-secret
+GOOGLE_CALLBACK_URL=http://localhost:3001/api/v1/auth/google/callback
+ZALO_APP_ID=test-zalo-app-id
+ZALO_APP_SECRET=test-zalo-app-secret
+ZALO_CALLBACK_URL=http://localhost:3001/api/v1/auth/zalo/callback
+
 # Payment (sandbox)
 VNPAY_TMN_CODE=TESTCODE
-VNPAY_HASH_SECRET=TESTHASHSECRET
+VNPAY_HASH_SECRET=TESTHASHSECRETTESTHASHSECRETTEST
 VNPAY_URL=https://sandbox.vnpayment.vn/paymentv2/vpcpay.html
 VNPAY_RETURN_URL=http://localhost:3000/payment/return
+MOMO_PARTNER_CODE=TEST_MOMO_PARTNER
+MOMO_ACCESS_KEY=TEST_MOMO_ACCESS_KEY
+MOMO_SECRET_KEY=TEST_MOMO_SECRET_KEY
+ZALOPAY_APP_ID=TEST_ZALOPAY_APP
+ZALOPAY_KEY1=TEST_ZALOPAY_KEY1
+ZALOPAY_KEY2=TEST_ZALOPAY_KEY2
diff --git a/apps/api/src/modules/auth/domain/value-objects/hashed-password.vo.ts b/apps/api/src/modules/auth/domain/value-objects/hashed-password.vo.ts
index 3a0e678..68d6d7f 100644
--- a/apps/api/src/modules/auth/domain/value-objects/hashed-password.vo.ts
+++ b/apps/api/src/modules/auth/domain/value-objects/hashed-password.vo.ts
@@ -6,7 +6,10 @@ interface HashedPasswordProps {
 }
 
 export class HashedPassword extends ValueObject<HashedPasswordProps> {
-  private static readonly SALT_ROUNDS = 12;
+  private static readonly SALT_ROUNDS = parseInt(
+    process.env.BCRYPT_ROUNDS ?? '12',
+    10,
+  );
   private static readonly MIN_LENGTH = 8;
 
   get value(): string {
diff --git a/apps/api/vitest.config.ts b/apps/api/vitest.config.ts
index c5ddd16..84143bd 100644
--- a/apps/api/vitest.config.ts
+++ b/apps/api/vitest.config.ts
@@ -7,6 +7,9 @@ export default defineConfig({
     environment: 'node',
     include: ['src/**/*.spec.ts'],
     exclude: ['src/**/*.integration.spec.ts', 'node_modules'],
+    env: {
+      BCRYPT_ROUNDS: '4',
+    },
   },
   resolve: {
     alias: {