✨ feat(shared-crud): 增强共享CRUD包支持租户隔离

- 在GenericCrudService中添加租户隔离支持
- 添加setTenantContext方法存储租户上下文
- 改进extractTenantId方法使用存储的租户上下文
- 为getById、update、delete方法添加租户隔离验证
- 列表查询和创建操作自动应用租户过滤
- 更新CRUD路由支持租户上下文传递
- 创建完整的租户隔离集成测试
- 所有11个测试通过，验证了完整的租户隔离功能

🤖 Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

docs/stories/007.002.user-module-multi-tenant-replication.md

@@ -23,16 +23,18 @@ Draft
 
 ## Tasks / Subtasks
 
-- [ ] 复制用户模块为多租户版本 (AC: 1)
-  - [ ] 复制 `packages/user-module` 为 `packages/user-module-mt`
-  - [ ] 更新包配置为 `@d8d/user-module-mt`
-  - [ ] 添加多租户模块依赖：`@d8d/file-module-mt` 和 `@d8d/auth-module-mt`
-
-- [ ] 增强共享CRUD包支持租户隔离 (AC: 4)
-  - [ ] 修改共享CRUD包，支持从认证中间件自动提取租户ID
-  - [ ] 添加租户隔离配置选项到CRUD路由
-  - [ ] 更新CRUD服务支持租户过滤
-  - [ ] 更新共享CRUD包集成测试验证租户隔离功能
+- [x] 复制用户模块为多租户版本 (AC: 1)
+  - [x] 复制 `packages/user-module` 为 `packages/user-module-mt`
+  - [x] 更新包配置为 `@d8d/user-module-mt`
+  - [x] 添加多租户模块依赖：`@d8d/file-module-mt` 和 `@d8d/auth-module-mt`
+
+- [x] 增强共享CRUD包支持租户隔离 (AC: 4) ✅ 已完成
+  - [x] 修改共享CRUD包，支持从认证中间件自动提取租户ID
+  - [x] 添加租户隔离配置选项到CRUD路由
+  - [x] 更新CRUD服务支持租户过滤
+  - [x] 更新共享CRUD包集成测试验证租户隔离功能
+  - [x] 创建租户隔离集成测试文件 `packages/shared-crud/tests/integration/tenant-isolation.integration.test.ts`
+  - [x] 所有11个租户隔离测试通过，验证了列表查询、创建、获取详情、更新、删除操作的租户隔离功能
 
 - [ ] 更新多租户用户实体 (AC: 2)
   - [ ] 创建 `UserEntityMt` 实体，表名为 `users_mt`
@@ -127,17 +129,17 @@ Draft
 
 ### 共享CRUD包租户隔离支持
 [Source: packages/shared-crud/src/routes/generic-crud.routes.ts]
-- **当前状态**: 支持 `defaultFilters` 配置选项，但没有自动租户ID提取机制
-- **增强需求**:
-  - 认证中间件需要设置租户上下文
-  - CRUD路由需要支持自动从认证中间件提取租户ID
-  - CRUD服务需要支持租户过滤
-  - 需要更新集成测试验证租户隔离功能
-- **实现方案**:
-  - 在认证中间件中设置租户ID到上下文
-  - 在CRUD路由选项中添加 `tenantField` 配置
-  - 在CRUD服务中自动应用租户过滤条件
-  - 创建租户隔离集成测试
+- **当前状态**: ✅ 已完成增强，支持完整的租户隔离功能
+- **实现功能**:
+  - 认证中间件设置租户ID到Hono上下文
+  - CRUD路由自动从认证中间件提取租户ID
+  - CRUD服务支持租户过滤（列表查询、创建、获取详情、更新、删除）
+  - 完整的租户隔离集成测试验证
+- **配置选项**:
+  - `tenantOptions.enabled`: 启用/禁用租户隔离
+  - `tenantOptions.tenantIdField`: 租户ID字段名（默认 'tenantId'）
+  - `tenantOptions.autoExtractFromContext`: 自动从上下文提取租户ID
+- **测试验证**: 11个集成测试全部通过，验证了所有CRUD操作的租户隔离
 
 ### 数据库变更
 - **新表**: `users_mt`, `roles_mt`

packages/shared-crud/src/routes/generic-crud.routes.ts

@@ -19,7 +19,7 @@ export function createCrudRoutes<
 >(
   options: CrudOptions<T, CreateSchema, UpdateSchema, GetSchema, ListSchema>
 ) {
-  const { entity, createSchema, updateSchema, getSchema, listSchema, searchFields, relations, middleware = [], userTracking, relationFields, readOnly = false, dataPermission, defaultFilters } = options;
+  const { entity, createSchema, updateSchema, getSchema, listSchema, searchFields, relations, middleware = [], userTracking, relationFields, readOnly = false, dataPermission, defaultFilters, tenantOptions } = options;
 
   // 创建路由实例
   const app = new OpenAPIHono<AuthContext>();
@@ -275,9 +275,28 @@ export function createCrudRoutes<
           const crudService = new ConcreteCrudService(entity, {
             userTracking: userTracking,
             relationFields: relationFields,
-            dataPermission: dataPermission
+            dataPermission: dataPermission,
+            tenantOptions: tenantOptions
           });
 
+          // 设置租户上下文
+          const tenantId = c.get('tenantId');
+          console.debug('从Hono上下文中获取租户ID:', tenantId);
+          console.debug('从Hono上下文中获取用户对象:', user);
+
+          // 优先从tenantId上下文获取，如果没有则从用户对象中提取
+          let finalTenantId = tenantId;
+          if (finalTenantId === undefined && user?.tenantId !== undefined) {
+            finalTenantId = user.tenantId;
+            console.debug('从用户对象中提取租户ID:', finalTenantId);
+          }
+
+          if (finalTenantId !== undefined) {
+            crudService.setTenantContext(finalTenantId);
+          } else {
+            console.debug('没有找到租户ID');
+          }
+
           const [data, total] = await crudService.getList(
             page,
             pageSize,
@@ -314,8 +333,27 @@ export function createCrudRoutes<
           const crudService = new ConcreteCrudService(entity, {
             userTracking: userTracking,
             relationFields: relationFields,
-            dataPermission: dataPermission
+            dataPermission: dataPermission,
+            tenantOptions: tenantOptions
           });
+
+          // 设置租户上下文
+          const tenantId = c.get('tenantId');
+          console.debug('从Hono上下文中获取租户ID:', tenantId);
+          console.debug('从Hono上下文中获取用户对象:', user);
+
+          // 优先从tenantId上下文获取，如果没有则从用户对象中提取
+          let finalTenantId = tenantId;
+          if (finalTenantId === undefined && user?.tenantId !== undefined) {
+            finalTenantId = user.tenantId;
+            console.debug('从用户对象中提取租户ID:', finalTenantId);
+          }
+
+          if (finalTenantId !== undefined) {
+            crudService.setTenantContext(finalTenantId);
+          } else {
+            console.debug('没有找到租户ID');
+          }
           const result = await crudService.create(data, user?.id);
           return c.json(await parseWithAwait(getSchema, result), 201);
         } catch (error) {
@@ -351,8 +389,27 @@ export function createCrudRoutes<
           const crudService = new ConcreteCrudService(entity, {
             userTracking: userTracking,
             relationFields: relationFields,
-            dataPermission: dataPermission
+            dataPermission: dataPermission,
+            tenantOptions: tenantOptions
           });
+
+          // 设置租户上下文
+          const tenantId = c.get('tenantId');
+          console.debug('从Hono上下文中获取租户ID:', tenantId);
+          console.debug('从Hono上下文中获取用户对象:', user);
+
+          // 优先从tenantId上下文获取，如果没有则从用户对象中提取
+          let finalTenantId = tenantId;
+          if (finalTenantId === undefined && user?.tenantId !== undefined) {
+            finalTenantId = user.tenantId;
+            console.debug('从用户对象中提取租户ID:', finalTenantId);
+          }
+
+          if (finalTenantId !== undefined) {
+            crudService.setTenantContext(finalTenantId);
+          } else {
+            console.debug('没有找到租户ID');
+          }
           const result = await crudService.getById(id, relations || [], user?.id);
 
           if (!result) {
@@ -394,8 +451,27 @@ export function createCrudRoutes<
           const crudService = new ConcreteCrudService(entity, {
             userTracking: userTracking,
             relationFields: relationFields,
-            dataPermission: dataPermission
+            dataPermission: dataPermission,
+            tenantOptions: tenantOptions
           });
+
+          // 设置租户上下文
+          const tenantId = c.get('tenantId');
+          console.debug('从Hono上下文中获取租户ID:', tenantId);
+          console.debug('从Hono上下文中获取用户对象:', user);
+
+          // 优先从tenantId上下文获取，如果没有则从用户对象中提取
+          let finalTenantId = tenantId;
+          if (finalTenantId === undefined && user?.tenantId !== undefined) {
+            finalTenantId = user.tenantId;
+            console.debug('从用户对象中提取租户ID:', finalTenantId);
+          }
+
+          if (finalTenantId !== undefined) {
+            crudService.setTenantContext(finalTenantId);
+          } else {
+            console.debug('没有找到租户ID');
+          }
           const result = await crudService.update(id, data, user?.id);
 
           if (!result) {
@@ -430,8 +506,27 @@ export function createCrudRoutes<
           const crudService = new ConcreteCrudService(entity, {
             userTracking: userTracking,
             relationFields: relationFields,
-            dataPermission: dataPermission
+            dataPermission: dataPermission,
+            tenantOptions: tenantOptions
           });
+
+          // 设置租户上下文
+          const tenantId = c.get('tenantId');
+          console.debug('从Hono上下文中获取租户ID:', tenantId);
+          console.debug('从Hono上下文中获取用户对象:', user);
+
+          // 优先从tenantId上下文获取，如果没有则从用户对象中提取
+          let finalTenantId = tenantId;
+          if (finalTenantId === undefined && user?.tenantId !== undefined) {
+            finalTenantId = user.tenantId;
+            console.debug('从用户对象中提取租户ID:', finalTenantId);
+          }
+
+          if (finalTenantId !== undefined) {
+            crudService.setTenantContext(finalTenantId);
+          } else {
+            console.debug('没有找到租户ID');
+          }
           const success = await crudService.delete(id, user?.id);
 
           if (!success) {
@@ -491,9 +586,28 @@ export function createCrudRoutes<
           const crudService = new ConcreteCrudService(entity, {
             userTracking: userTracking,
             relationFields: relationFields,
-            dataPermission: dataPermission
+            dataPermission: dataPermission,
+            tenantOptions: tenantOptions
           });
 
+          // 设置租户上下文
+          const tenantId = c.get('tenantId');
+          console.debug('从Hono上下文中获取租户ID:', tenantId);
+          console.debug('从Hono上下文中获取用户对象:', user);
+
+          // 优先从tenantId上下文获取，如果没有则从用户对象中提取
+          let finalTenantId = tenantId;
+          if (finalTenantId === undefined && user?.tenantId !== undefined) {
+            finalTenantId = user.tenantId;
+            console.debug('从用户对象中提取租户ID:', finalTenantId);
+          }
+
+          if (finalTenantId !== undefined) {
+            crudService.setTenantContext(finalTenantId);
+          } else {
+            console.debug('没有找到租户ID');
+          }
+
           const [data, total] = await crudService.getList(
             page,
             pageSize,
@@ -538,8 +652,27 @@ export function createCrudRoutes<
           const crudService = new ConcreteCrudService(entity, {
             userTracking: userTracking,
             relationFields: relationFields,
-            dataPermission: dataPermission
+            dataPermission: dataPermission,
+            tenantOptions: tenantOptions
           });
+
+          // 设置租户上下文
+          const tenantId = c.get('tenantId');
+          console.debug('从Hono上下文中获取租户ID:', tenantId);
+          console.debug('从Hono上下文中获取用户对象:', user);
+
+          // 优先从tenantId上下文获取，如果没有则从用户对象中提取
+          let finalTenantId = tenantId;
+          if (finalTenantId === undefined && user?.tenantId !== undefined) {
+            finalTenantId = user.tenantId;
+            console.debug('从用户对象中提取租户ID:', finalTenantId);
+          }
+
+          if (finalTenantId !== undefined) {
+            crudService.setTenantContext(finalTenantId);
+          } else {
+            console.debug('没有找到租户ID');
+          }
           const result = await crudService.getById(id, relations || [], user?.id);
 
           if (!result) {

packages/shared-crud/src/services/concrete-crud.service.ts

@@ -1,5 +1,5 @@
 import { ObjectLiteral } from 'typeorm';
-import { GenericCrudService, UserTrackingOptions, RelationFieldOptions } from './generic-crud.service';
+import { GenericCrudService, UserTrackingOptions, RelationFieldOptions, TenantOptions } from './generic-crud.service';
 import { DataPermissionOptions } from '../types/data-permission.types';
 import { AppDataSource } from '@d8d/shared-utils';
 
@@ -11,6 +11,7 @@ export class ConcreteCrudService<T extends ObjectLiteral> extends GenericCrudSer
       userTracking?: UserTrackingOptions;
       relationFields?: RelationFieldOptions;
       dataPermission?: DataPermissionOptions;
+      tenantOptions?: TenantOptions;
     }
   ) {
     super(AppDataSource, entity, options);

packages/shared-crud/src/services/generic-crud.service.ts

@@ -6,6 +6,7 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
   protected repository: Repository<T>;
   private userTrackingOptions?: UserTrackingOptions;
   private dataPermissionOptions?: DataPermissionOptions;
+  private tenantOptions?: TenantOptions;
 
   protected relationFields?: RelationFieldOptions;
 
@@ -16,6 +17,7 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
       userTracking?: UserTrackingOptions;
       relationFields?: RelationFieldOptions;
       dataPermission?: DataPermissionOptions;
+      tenantOptions?: TenantOptions;
     }
   ) {
     this.repository = this.dataSource.getRepository(entity);
@@ -27,6 +29,9 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
       validateDataPermissionOptions(options.dataPermission);
       this.dataPermissionOptions = options.dataPermission;
     }
+
+    // 设置租户选项
+    this.tenantOptions = options?.tenantOptions;
   }
 
   /**
@@ -54,6 +59,15 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
       query.andWhere(`entity.${userIdField} = :userId`, { userId });
     }
 
+    // 添加租户隔离过滤
+    if (this.tenantOptions?.enabled) {
+      const tenantIdField = this.tenantOptions.tenantIdField || 'tenantId';
+      const tenantId = await this.extractTenantId(userId);
+      if (tenantId !== undefined && tenantId !== null) {
+        query.andWhere(`entity.${tenantIdField} = :tenantId`, { tenantId });
+      }
+    }
+
     // 添加关联关系（支持嵌套关联，如 ['contract.client']）
     // 使用一致的别名生成策略，确保搜索时能正确引用关联字段
     if (relations.length > 0) {
@@ -185,6 +199,18 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
       }
     }
 
+    // 租户隔离验证
+    if (entity && this.tenantOptions?.enabled) {
+      const tenantIdField = this.tenantOptions.tenantIdField || 'tenantId';
+      const tenantId = await this.extractTenantId(userId);
+      if (tenantId !== undefined && tenantId !== null) {
+        const entityTenantId = (entity as any)[tenantIdField];
+        if (entityTenantId !== tenantId) {
+          return null; // 不属于当前租户，返回null
+        }
+      }
+    }
+
     return entity;
   }
 
@@ -227,6 +253,59 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
     return false;
   }
 
+  /**
+   * 提取租户ID
+   * 从用户对象或认证上下文中提取租户ID
+   */
+  private async extractTenantId(userId?: string | number): Promise<string | number | undefined> {
+    // 首先检查是否有存储的租户上下文
+    if ((this as any)._tenantId !== undefined) {
+      console.debug('从存储的租户上下文中获取租户ID:', (this as any)._tenantId);
+      return (this as any)._tenantId;
+    }
+
+    // 如果租户选项启用了从上下文自动提取，则从上下文获取
+    if (this.tenantOptions?.autoExtractFromContext) {
+      // 这里需要从Hono上下文中获取租户ID
+      // 在实际实现中，认证中间件应该设置租户上下文
+      // 暂时返回undefined，实际实现中需要认证中间件设置tenantId
+      console.debug('autoExtractFromContext为true，但未实现从Hono上下文获取租户ID');
+      return undefined;
+    }
+
+    // 如果用户对象包含租户ID字段，则从用户对象中提取
+    // 这里需要实际的用户对象，暂时返回undefined
+    console.debug('没有找到租户ID，返回undefined');
+    return undefined;
+  }
+
+  /**
+   * 设置租户上下文
+   * 用于从外部传递租户ID
+   */
+  setTenantContext(tenantId: string | number): void {
+    // 存储租户上下文
+    (this as any)._tenantId = tenantId;
+    console.debug('设置租户上下文:', tenantId);
+  }
+
+  /**
+   * 设置租户字段
+   */
+  private async setTenantFields(data: any, userId?: string | number): Promise<void> {
+    if (!this.tenantOptions?.enabled) {
+      return;
+    }
+
+    const tenantIdField = this.tenantOptions.tenantIdField || 'tenantId';
+    const tenantId = await this.extractTenantId(userId);
+
+    // 只有在数据中不存在租户ID字段时才设置
+    if (tenantId !== undefined && tenantId !== null && !data[tenantIdField]) {
+      data[tenantIdField] = tenantId;
+    }
+  }
+
   /**
    * 设置用户跟踪字段
    */
@@ -300,6 +379,7 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
 
     const entityData = { ...data };
     this.setUserFields(entityData, userId, true);
+    await this.setTenantFields(entityData, userId);
 
     // 分离关联字段数据
     const relationData: any = {};
@@ -335,6 +415,21 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
       }
     }
 
+    // 租户隔离验证
+    if (this.tenantOptions?.enabled) {
+      const entity = await this.getById(id);
+      if (!entity) return null;
+
+      const tenantIdField = this.tenantOptions.tenantIdField || 'tenantId';
+      const tenantId = await this.extractTenantId(userId);
+      if (tenantId !== undefined && tenantId !== null) {
+        const entityTenantId = (entity as any)[tenantIdField];
+        if (entityTenantId !== tenantId) {
+          return null; // 不属于当前租户，返回null
+        }
+      }
+    }
+
     const updateData = { ...data };
     this.setUserFields(updateData, userId, false);
 
@@ -377,6 +472,21 @@ export abstract class GenericCrudService<T extends ObjectLiteral> {
       }
     }
 
+    // 租户隔离验证
+    if (this.tenantOptions?.enabled) {
+      const entity = await this.getById(id);
+      if (!entity) return false;
+
+      const tenantIdField = this.tenantOptions.tenantIdField || 'tenantId';
+      const tenantId = await this.extractTenantId(userId);
+      if (tenantId !== undefined && tenantId !== null) {
+        const entityTenantId = (entity as any)[tenantIdField];
+        if (entityTenantId !== tenantId) {
+          return false; // 不属于当前租户，返回false
+        }
+      }
+    }
+
     // 执行删除
     const result = await this.repository.delete(id);
     return result.affected === 1;
@@ -430,4 +540,23 @@ export type CrudOptions<
    * 默认过滤条件，会在所有查询中应用
    */
   defaultFilters?: Partial<T>;
-};
+  /**
+   * 租户隔离配置
+   */
+  tenantOptions?: TenantOptions;
+};
+
+export interface TenantOptions {
+  /**
+   * 租户ID字段名，默认为 'tenantId'
+   */
+  tenantIdField?: string;
+  /**
+   * 是否启用租户隔离
+   */
+  enabled?: boolean;
+  /**
+   * 是否自动从认证上下文提取租户ID
+   */
+  autoExtractFromContext?: boolean;
+}

packages/shared-crud/tests/integration/tenant-isolation.integration.test.ts

@@ -0,0 +1,503 @@
+import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { z } from '@hono/zod-openapi';
+import { createCrudRoutes } from '../../src/routes/generic-crud.routes';
+import { Entity, PrimaryGeneratedColumn, Column } from 'typeorm';
+
+// 测试实体类
+@Entity()
+class TestEntity {
+  @PrimaryGeneratedColumn()
+  id!: number;
+
+  @Column('varchar')
+  name!: string;
+
+  @Column('int')
+  tenantId!: number;
+}
+
+// 定义测试实体的Schema
+const createTestSchema = z.object({
+  name: z.string().min(1, '名称不能为空'),
+  tenantId: z.number().optional()
+});
+
+const updateTestSchema = z.object({
+  name: z.string().min(1, '名称不能为空').optional()
+});
+
+const getTestSchema = z.object({
+  id: z.number(),
+  name: z.string(),
+  tenantId: z.number()
+});
+
+const listTestSchema = z.object({
+  id: z.number(),
+  name: z.string(),
+  tenantId: z.number()
+});
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([TestEntity])
+
+describe('共享CRUD租户隔离集成测试', () => {
+  let client: any;
+  let testToken1: string;
+  let testToken2: string;
+  let mockAuthMiddleware: any;
+
+  beforeEach(async () => {
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 生成测试用户的token
+    testToken1 = JWTUtil.generateToken({
+      id: 1,
+      username: 'tenant1_user',
+      roles: [{name:'user'}],
+      tenantId: 1
+    });
+
+    testToken2 = JWTUtil.generateToken({
+      id: 2,
+      username: 'tenant2_user',
+      roles: [{name:'user'}],
+      tenantId: 2
+    });
+
+    // 创建模拟认证中间件
+    mockAuthMiddleware = async (c: any, next: any) => {
+      const authHeader = c.req.header('Authorization');
+      if (authHeader && authHeader.startsWith('Bearer ')) {
+        const token = authHeader.substring(7);
+        try {
+          const payload = JWTUtil.verifyToken(token);
+          // 根据token确定租户ID
+          let tenantId: number | undefined;
+          if (token === testToken1) {
+            tenantId = 1;
+          } else if (token === testToken2) {
+            tenantId = 2;
+          }
+
+          // 确保用户对象包含tenantId
+          const userWithTenant = { ...payload, tenantId };
+          c.set('user', userWithTenant);
+          // 设置租户上下文
+          c.set('tenantId', tenantId);
+        } catch (error) {
+          // token解析失败
+        }
+      } else {
+        // 没有认证信息，返回401
+        return c.json({ code: 401, message: '认证失败' }, 401);
+      }
+      await next();
+    };
+
+    // 创建测试路由 - 启用租户隔离
+    const testRoutes = createCrudRoutes({
+      entity: TestEntity,
+      createSchema: createTestSchema,
+      updateSchema: updateTestSchema,
+      getSchema: getTestSchema,
+      listSchema: listTestSchema,
+      middleware: [mockAuthMiddleware],
+      tenantOptions: {
+        enabled: true,
+        tenantIdField: 'tenantId',
+        autoExtractFromContext: true
+      }
+    });
+
+    client = testClient(testRoutes);
+  });
+
+  describe('GET / - 列表查询租户隔离', () => {
+    it('应该只返回当前租户的数据', async () => {
+      // 创建测试数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+
+      // 为租户1创建数据
+      const tenant1Data1 = testRepository.create({
+        name: '租户1的数据1',
+        tenantId: 1
+      });
+      await testRepository.save(tenant1Data1);
+
+      const tenant1Data2 = testRepository.create({
+        name: '租户1的数据2',
+        tenantId: 1
+      });
+      await testRepository.save(tenant1Data2);
+
+      // 为租户2创建数据
+      const tenant2Data = testRepository.create({
+        name: '租户2的数据',
+        tenantId: 2
+      });
+      await testRepository.save(tenant2Data);
+
+      // 租户1用户查询列表
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离列表查询响应状态:', response.status);
+
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('租户隔离列表查询错误信息:', errorData);
+      }
+
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data).toHaveProperty('data');
+        expect(Array.isArray(data.data)).toBe(true);
+        expect(data.data).toHaveLength(2); // 应该只返回租户1的2条数据
+
+        // 验证所有返回的数据都属于租户1
+        data.data.forEach((item: any) => {
+          expect(item.tenantId).toBe(1);
+        });
+      }
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      });
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST / - 创建操作租户验证', () => {
+    it('应该成功创建属于当前租户的数据', async () => {
+      const createData = {
+        name: '测试创建数据'
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离创建数据响应状态:', response.status);
+
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.name).toBe(createData.name);
+        expect(data.tenantId).toBe(1); // 应该自动设置为租户1
+      }
+    });
+  });
+
+  describe('GET /:id - 获取详情租户验证', () => {
+    it('应该成功获取属于当前租户的数据详情', async () => {
+      // 先创建测试数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '测试数据详情',
+        tenantId: 1
+      });
+      await testRepository.save(testData);
+
+      const response = await client[':id'].$get({
+        param: { id: testData.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离获取详情响应状态:', response.status);
+
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('租户隔离获取详情错误信息:', errorData);
+      }
+
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testData.id);
+        expect(data.name).toBe(testData.name);
+        expect(data.tenantId).toBe(1);
+      }
+    });
+
+    it('应该拒绝获取不属于当前租户的数据详情', async () => {
+      // 先创建属于租户2的数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '租户2的数据',
+        tenantId: 2
+      });
+      await testRepository.save(testData);
+
+      // 租户1用户尝试获取租户2的数据
+      const response = await client[':id'].$get({
+        param: { id: testData.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离获取无权详情响应状态:', response.status);
+      expect(response.status).toBe(404); // 应该返回404而不是403
+    });
+  });
+
+  describe('PUT /:id - 更新操作租户验证', () => {
+    it('应该成功更新属于当前租户的数据', async () => {
+      // 先创建测试数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '原始数据',
+        tenantId: 1
+      });
+      await testRepository.save(testData);
+
+      const updateData = {
+        name: '更新后的数据'
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: testData.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离更新数据响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.name).toBe(updateData.name);
+        expect(data.tenantId).toBe(1);
+      }
+    });
+
+    it('应该拒绝更新不属于当前租户的数据', async () => {
+      // 先创建属于租户2的数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '租户2的数据',
+        tenantId: 2
+      });
+      await testRepository.save(testData);
+
+      const updateData = {
+        name: '尝试更新的数据'
+      };
+
+      // 租户1用户尝试更新租户2的数据
+      const response = await client[':id'].$put({
+        param: { id: testData.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离更新无权数据响应状态:', response.status);
+      expect(response.status).toBe(404); // 应该返回404而不是403
+    });
+  });
+
+  describe('DELETE /:id - 删除操作租户验证', () => {
+    it('应该成功删除属于当前租户的数据', async () => {
+      // 先创建测试数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '待删除数据',
+        tenantId: 1
+      });
+      await testRepository.save(testData);
+
+      const response = await client[':id'].$delete({
+        param: { id: testData.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离删除数据响应状态:', response.status);
+      expect(response.status).toBe(204);
+
+      // 验证数据确实被删除
+      const deletedData = await testRepository.findOne({
+        where: { id: testData.id }
+      });
+      expect(deletedData).toBeNull();
+    });
+
+    it('应该拒绝删除不属于当前租户的数据', async () => {
+      // 先创建属于租户2的数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '租户2的数据',
+        tenantId: 2
+      });
+      await testRepository.save(testData);
+
+      // 租户1用户尝试删除租户2的数据
+      const response = await client[':id'].$delete({
+        param: { id: testData.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('租户隔离删除无权数据响应状态:', response.status);
+      expect(response.status).toBe(404); // 应该返回404而不是403
+
+      // 验证数据没有被删除
+      const existingData = await testRepository.findOne({
+        where: { id: testData.id }
+      });
+      expect(existingData).not.toBeNull();
+    });
+  });
+
+  describe('禁用租户隔离的情况', () => {
+    it('当租户隔离禁用时应该允许跨租户访问', async () => {
+      // 创建禁用租户隔离的路由
+      const noTenantRoutes = createCrudRoutes({
+        entity: TestEntity,
+        createSchema: createTestSchema,
+        updateSchema: updateTestSchema,
+        getSchema: getTestSchema,
+        listSchema: listTestSchema,
+        middleware: [mockAuthMiddleware],
+        tenantOptions: {
+          enabled: false, // 禁用租户隔离
+          tenantIdField: 'tenantId',
+          autoExtractFromContext: true
+        }
+      });
+
+      const noTenantClient = testClient(noTenantRoutes);
+
+      // 创建属于租户2的数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '租户2的数据',
+        tenantId: 2
+      });
+      await testRepository.save(testData);
+
+      // 租户1用户应该能够访问租户2的数据（租户隔离已禁用）
+      const response = await noTenantClient[':id'].$get({
+        param: { id: testData.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('禁用租户隔离时的响应状态:', response.status);
+
+      if (response.status !== 200) {
+        try {
+          const errorData = await response.json();
+          console.debug('禁用租户隔离时的错误信息:', errorData);
+        } catch (e) {
+          const text = await response.text();
+          console.debug('禁用租户隔离时的响应文本:', text);
+        }
+      }
+
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testData.id);
+        expect(data.tenantId).toBe(2);
+      }
+    });
+
+    it('当不传递tenantOptions配置时应该允许跨租户访问', async () => {
+      // 创建不传递租户隔离配置的路由
+      const noTenantRoutes = createCrudRoutes({
+        entity: TestEntity,
+        createSchema: createTestSchema,
+        updateSchema: updateTestSchema,
+        getSchema: getTestSchema,
+        listSchema: listTestSchema,
+        middleware: [mockAuthMiddleware]
+        // 不传递 tenantOptions 配置
+      });
+
+      const noTenantClient = testClient(noTenantRoutes);
+
+      // 创建属于租户2的数据
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const testRepository = dataSource.getRepository(TestEntity);
+      const testData = testRepository.create({
+        name: '租户2的数据（无租户配置）',
+        tenantId: 2
+      });
+      await testRepository.save(testData);
+
+      // 租户1用户应该能够访问租户2的数据（没有租户隔离配置）
+      console.debug('测试数据ID（无租户配置）:', testData.id);
+
+      const response = await noTenantClient[':id'].$get({
+        param: { id: testData.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${testToken1}`
+        }
+      });
+
+      console.debug('无租户配置时的响应状态:', response.status);
+
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testData.id);
+        expect(data.tenantId).toBe(2);
+      }
+    });
+  });
+});