✅ test(orders-module): 添加完整的集成测试套件

- 创建7个集成测试文件，覆盖所有订单模块功能
- 用户订单、订单商品、退款管理API测试
- 管理员订单、订单商品、退款管理API测试
- 订单创建路由集成测试
- 修复实体依赖配置，添加geo-areas包依赖
- 验证数据权限配置和认证中间件集成

🤖 Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

packages/orders-module/package.json

@@ -61,6 +61,7 @@
     "@d8d/merchant-module": "workspace:*",
     "@d8d/supplier-module": "workspace:*",
     "@d8d/file-module": "workspace:*",
+    "@d8d/geo-areas": "workspace:*",
     "@hono/zod-openapi": "^1.0.2",
     "typeorm": "^0.3.20",
     "zod": "^4.1.12"

packages/orders-module/tests/integration/admin-order-items.integration.test.ts

@@ -0,0 +1,456 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { UserEntity, Role } from '@d8d/user-module';
+import { File } from '@d8d/file-module';
+import { Goods, GoodsCategory } from '@d8d/goods-module';
+import { Supplier } from '@d8d/supplier-module';
+import { Merchant } from '@d8d/merchant-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { adminOrderItemsRoutes } from '../../src/routes/admin/order-items';
+import { Order, OrderGoods } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, OrderGoods, Goods, GoodsCategory, File, Supplier, Merchant, DeliveryAddress, AreaEntity
+])
+
+describe('管理员订单商品管理API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof adminOrderItemsRoutes>>;
+  let adminToken: string;
+  let testUser: UserEntity;
+  let testAdmin: UserEntity;
+  let testOrder: Order;
+  let otherUserOrder: Order;
+  let testGoods: Goods;
+  let testSupplier: Supplier;
+  let testFile: File;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(adminOrderItemsRoutes);
+
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 创建测试用户
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testUser);
+
+    // 创建测试管理员用户
+    testAdmin = userRepository.create({
+      username: `test_admin_${Math.floor(Math.random() * 100000)}`,
+      password: 'admin_password',
+      nickname: '测试管理员',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testAdmin);
+
+    // 生成测试管理员的token
+    adminToken = JWTUtil.generateToken({
+      id: testAdmin.id,
+      username: testAdmin.username,
+      roles: [{name:'admin'}]
+    });
+
+    // 创建测试商品
+    const goodsRepository = dataSource.getRepository(Goods);
+    testGoods = goodsRepository.create({
+      name: '测试商品',
+      price: 100.00,
+      costPrice: 80.00,
+      categoryId1: 1,
+      categoryId2: 1,
+      categoryId3: 1,
+      goodsType: 1,
+      supplierId: 1,
+      state: 1,
+      stock: 100,
+      lowestBuy: 1,
+      createdBy: testUser.id
+    });
+    await goodsRepository.save(testGoods);
+
+    // 创建测试供应商
+    const supplierRepository = dataSource.getRepository(Supplier);
+    testSupplier = supplierRepository.create({
+      name: '测试供应商',
+      username: `test_supplier_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138000',
+      realname: '测试供应商',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await supplierRepository.save(testSupplier);
+
+    // 创建测试文件
+    const fileRepository = dataSource.getRepository(File);
+    testFile = fileRepository.create({
+      name: 'test_image.jpg',
+      type: 'image/jpeg',
+      size: 102400,
+      path: 'images/test_image.jpg',
+      uploadUserId: testUser.id,
+      uploadTime: new Date(),
+      createdAt: new Date(),
+      updatedAt: new Date()
+    });
+    await fileRepository.save(testFile);
+
+    // 创建测试用户的订单
+    const orderRepository = dataSource.getRepository(Order);
+    testOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: testUser.id,
+      amount: 100.00,
+      costAmount: 80.00,
+      payAmount: 100.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: testUser.id
+    });
+    await orderRepository.save(testOrder);
+
+    // 创建其他用户的订单
+    otherUserOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: testAdmin.id,
+      amount: 200.00,
+      costAmount: 160.00,
+      payAmount: 200.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: testAdmin.id
+    });
+    await orderRepository.save(otherUserOrder);
+  });
+
+  describe('GET /order-items', () => {
+    it('应该返回所有订单的商品列表', async () => {
+      // 为不同用户的订单创建商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+
+      const userOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试用户商品',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(userOrderGoods);
+
+      const adminOrderGoods = orderGoodsRepository.create({
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '管理员用户商品',
+        price: 100.00,
+        num: 1,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testAdmin.id
+      });
+      await orderGoodsRepository.save(adminOrderGoods);
+
+      const response = await client.index.$get({
+        query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员订单商品列表响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data).toHaveProperty('data');
+        expect(Array.isArray(data.data)).toBe(true);
+
+        // 验证返回所有用户的订单商品（管理员可以访问所有数据）
+        const userOrderGoodsCount = data.data.filter((orderGoods: any) =>
+          orderGoods.order && orderGoods.order.userId === testUser.id
+        ).length;
+        const adminOrderGoodsCount = data.data.filter((orderGoods: any) =>
+          orderGoods.order && orderGoods.order.userId === testAdmin.id
+        ).length;
+
+        expect(userOrderGoodsCount).toBeGreaterThan(0);
+        expect(adminOrderGoodsCount).toBeGreaterThan(0);
+      }
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const response = await client.index.$get({
+        query: {}
+      });
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST /order-items', () => {
+    it('应该成功创建订单商品并可以指定权限', async () => {
+      const createData = {
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '管理员创建商品',
+        price: 75.00,
+        num: 3,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testAdmin.id // 管理员可以指定创建人
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员创建订单商品响应状态:', response.status);
+      if (response.status !== 201) {
+        const errorData = await response.json();
+        console.debug('管理员创建订单商品错误响应:', errorData);
+      }
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.goodsName).toBe(createData.goodsName);
+        expect(parseFloat(data.price)).toBe(createData.price);
+        expect(data.num).toBe(createData.num);
+        expect(data.createdBy).toBe(testAdmin.id); // 验证可以指定创建人
+      }
+    });
+
+    it('应该验证创建订单商品的必填字段', async () => {
+      const invalidData = {
+        // 缺少必填字段
+        price: -1,
+        num: -1
+      };
+
+      const response = await client.index.$post({
+        json: invalidData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+  });
+
+  describe('GET /order-items/:id', () => {
+    it('应该返回指定订单商品的详情', async () => {
+      // 先为测试用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const testOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试订单商品详情',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(testOrderGoods);
+
+      const response = await client[':id'].$get({
+        param: { id: testOrderGoods.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员订单商品详情响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testOrderGoods.id);
+        expect(data.goodsName).toBe(testOrderGoods.goodsName);
+        expect(data.order.userId).toBe(testUser.id); // 验证可以访问其他用户的订单商品
+      }
+    });
+
+    it('应该处理不存在的订单商品', async () => {
+      const response = await client[':id'].$get({
+        param: { id: 999999 }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(404);
+    });
+  });
+
+  describe('PUT /order-items/:id', () => {
+    it('应该成功更新任何订单商品', async () => {
+      // 先为测试用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const testOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试更新订单商品',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(testOrderGoods);
+
+      const updateData = {
+        num: 5,
+        state: 1,
+        updatedBy: testAdmin.id // 管理员可以指定更新人
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: testOrderGoods.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员更新订单商品响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.num).toBe(updateData.num);
+        expect(data.state).toBe(updateData.state);
+        expect(data.updatedBy).toBe(testAdmin.id); // 验证可以指定更新人
+      }
+    });
+  });
+
+  describe('DELETE /order-items/:id', () => {
+    it('应该成功删除任何订单商品', async () => {
+      // 先为测试用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const testOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试删除订单商品',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(testOrderGoods);
+
+      const response = await client[':id'].$delete({
+        param: { id: testOrderGoods.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员删除订单商品响应状态:', response.status);
+      expect(response.status).toBe(204);
+    });
+  });
+
+  describe('管理员权限验证测试', () => {
+    it('应该验证管理员可以访问所有数据', async () => {
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+
+      // 创建不同用户的订单商品
+      const userOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '用户订单商品',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(userOrderGoods);
+
+      const adminOrderGoods = orderGoodsRepository.create({
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '管理员订单商品',
+        price: 100.00,
+        num: 1,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testAdmin.id
+      });
+      await orderGoodsRepository.save(adminOrderGoods);
+
+      // 使用管理员token获取列表
+      const response = await client.index.$get({
+        query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 验证返回所有用户的订单商品
+        const userOrderGoodsInResponse = data.data.filter((orderGoods: any) =>
+          orderGoods.order && orderGoods.order.userId === testUser.id
+        );
+        const adminOrderGoodsInResponse = data.data.filter((orderGoods: any) =>
+          orderGoods.order && orderGoods.order.userId === testAdmin.id
+        );
+
+        expect(userOrderGoodsInResponse.length).toBeGreaterThan(0);
+        expect(adminOrderGoodsInResponse.length).toBeGreaterThan(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+});

packages/orders-module/tests/integration/admin-orders.integration.test.ts

@@ -0,0 +1,615 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { UserEntity, Role } from '@d8d/user-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { Merchant } from '@d8d/merchant-module';
+import { Supplier } from '@d8d/supplier-module';
+import { File } from '@d8d/file-module';
+import { adminOrderRoutes } from '../../src/routes/admin/orders';
+import { Order } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, DeliveryAddress, Merchant, Supplier, File, AreaEntity
+])
+
+describe('管理员订单管理API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof adminOrderRoutes>>;
+  let adminToken: string;
+  let testUser: UserEntity;
+  let testAdmin: UserEntity;
+  let testDeliveryAddress: DeliveryAddress;
+  let testMerchant: Merchant;
+  let testSupplier: Supplier;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(adminOrderRoutes);
+
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 创建测试用户
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testUser);
+
+    // 创建测试管理员用户
+    testAdmin = userRepository.create({
+      username: `test_admin_${Math.floor(Math.random() * 100000)}`,
+      password: 'admin_password',
+      nickname: '测试管理员',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testAdmin);
+
+    // 生成测试管理员的token
+    adminToken = JWTUtil.generateToken({
+      id: testAdmin.id,
+      username: testAdmin.username,
+      roles: [{name:'admin'}]
+    });
+
+    // 创建测试配送地址
+    const deliveryAddressRepository = dataSource.getRepository(DeliveryAddress);
+    testDeliveryAddress = deliveryAddressRepository.create({
+      userId: testUser.id,
+      name: '收货人姓名',
+      phone: '13800138000',
+      province: '广东省',
+      city: '深圳市',
+      district: '南山区',
+      address: '测试地址',
+      isDefault: 1,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await deliveryAddressRepository.save(testDeliveryAddress);
+
+    // 创建测试商户
+    const merchantRepository = dataSource.getRepository(Merchant);
+    testMerchant = merchantRepository.create({
+      name: '测试商户',
+      username: `test_merchant_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138001',
+      realname: '测试商户',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await merchantRepository.save(testMerchant);
+
+    // 创建测试供应商
+    const supplierRepository = dataSource.getRepository(Supplier);
+    testSupplier = supplierRepository.create({
+      name: '测试供应商',
+      username: `test_supplier_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138002',
+      realname: '测试供应商',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await supplierRepository.save(testSupplier);
+  });
+
+  describe('GET /orders', () => {
+    it('应该返回所有订单列表', async () => {
+      // 创建多个用户的订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+
+      const userOrder1 = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(userOrder1);
+
+      const userOrder2 = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testAdmin.id,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 1,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testAdmin.id
+      });
+      await orderRepository.save(userOrder2);
+
+      const response = await client.index.$get({
+        query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员订单列表响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data).toHaveProperty('data');
+        expect(Array.isArray(data.data)).toBe(true);
+
+        // 验证返回所有用户的订单（管理员可以访问所有数据）
+        const userOrderCount = data.data.filter((order: any) => order.userId === testUser.id).length;
+        const adminOrderCount = data.data.filter((order: any) => order.userId === testAdmin.id).length;
+
+        expect(userOrderCount).toBeGreaterThan(0);
+        expect(adminOrderCount).toBeGreaterThan(0);
+      }
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const response = await client.index.$get({
+        query: {}
+      });
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST /orders', () => {
+    it('应该成功创建订单并可以指定权限', async () => {
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 150.00,
+        costAmount: 120.00,
+        payAmount: 150.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id // 管理员可以指定创建人
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员创建订单响应状态:', response.status);
+      if (response.status !== 201) {
+        const errorData = await response.json();
+        console.debug('管理员创建订单错误响应:', errorData);
+      }
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.orderNo).toBe(createData.orderNo);
+        expect(parseFloat(data.amount)).toBe(createData.amount);
+        expect(data.userId).toBe(createData.userId); // 验证可以指定用户
+        expect(data.createdBy).toBe(testUser.id); // 验证可以指定创建人
+      }
+    });
+
+    it('应该验证创建订单的必填字段', async () => {
+      const invalidData = {
+        // 缺少必填字段
+        amount: -1,
+        orderType: -1
+      };
+
+      const response = await client.index.$post({
+        json: invalidData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+  });
+
+  describe('GET /orders/:id', () => {
+    it('应该返回指定订单的详情', async () => {
+      // 先创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const testOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(testOrder);
+
+      const response = await client[':id'].$get({
+        param: { id: testOrder.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员订单详情响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testOrder.id);
+        expect(data.orderNo).toBe(testOrder.orderNo);
+        expect(data.userId).toBe(testUser.id);
+      }
+    });
+
+    it('应该处理不存在的订单', async () => {
+      const response = await client[':id'].$get({
+        param: { id: 999999 }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(404);
+    });
+  });
+
+  describe('PUT /orders/:id', () => {
+    it('应该成功更新任何订单', async () => {
+      // 先创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const testOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(testOrder);
+
+      const updateData = {
+        state: 1,
+        payState: 1,
+        updatedBy: testAdmin.id // 管理员可以指定更新人
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: testOrder.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员更新订单响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.state).toBe(updateData.state);
+        expect(data.payState).toBe(updateData.payState);
+        expect(data.updatedBy).toBe(testAdmin.id); // 验证可以指定更新人
+      }
+    });
+  });
+
+  describe('DELETE /orders/:id', () => {
+    it('应该成功删除任何订单', async () => {
+      // 先创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const testOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(testOrder);
+
+      const response = await client[':id'].$delete({
+        param: { id: testOrder.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员删除订单响应状态:', response.status);
+      expect(response.status).toBe(204);
+    });
+  });
+
+  describe('订单状态管理测试', () => {
+    it('应该正确处理订单状态变更', async () => {
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+
+      // 创建不同状态的订单
+      const pendingOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0, // 未发货
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(pendingOrder);
+
+      const shippedOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 1, // 已发货
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(shippedOrder);
+
+      const completedOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 300.00,
+        costAmount: 240.00,
+        payAmount: 300.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 2, // 收货成功
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(completedOrder);
+
+      // 验证状态过滤
+      const response = await client.index.$get({
+        query: { filters: JSON.stringify({ state: 1 }) }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 应该只返回已发货状态的订单
+        const pendingOrdersInResponse = data.data.filter((order: any) => order.state === 0);
+        const shippedOrdersInResponse = data.data.filter((order: any) => order.state === 1);
+        const completedOrdersInResponse = data.data.filter((order: any) => order.state === 2);
+
+        expect(pendingOrdersInResponse.length).toBe(0);
+        expect(shippedOrdersInResponse.length).toBeGreaterThan(0);
+        expect(completedOrdersInResponse.length).toBe(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+
+  describe('支付状态管理测试', () => {
+    it('应该正确处理支付状态变更', async () => {
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+
+      // 创建不同支付状态的订单
+      const unpaidOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0, // 未支付
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(unpaidOrder);
+
+      const payingOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 1, // 支付中
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(payingOrder);
+
+      const paidOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 300.00,
+        costAmount: 240.00,
+        payAmount: 300.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2, // 支付成功
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(paidOrder);
+
+      // 验证支付状态过滤
+      const response = await client.index.$get({
+        query: { filters: JSON.stringify({ payState: 2 }) }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 应该只返回支付成功状态的订单
+        const unpaidOrdersInResponse = data.data.filter((order: any) => order.payState === 0);
+        const payingOrdersInResponse = data.data.filter((order: any) => order.payState === 1);
+        const paidOrdersInResponse = data.data.filter((order: any) => order.payState === 2);
+
+        expect(unpaidOrdersInResponse.length).toBe(0);
+        expect(payingOrdersInResponse.length).toBe(0);
+        expect(paidOrdersInResponse.length).toBeGreaterThan(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+
+  describe('管理员权限验证测试', () => {
+    it('应该验证管理员可以访问所有数据', async () => {
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+
+      // 创建多个用户的订单
+      const userOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(userOrder);
+
+      const adminOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testAdmin.id,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testAdmin.id
+      });
+      await orderRepository.save(adminOrder);
+
+      // 使用管理员token获取列表
+      const response = await client.index.$get({
+        query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 验证返回所有用户的订单
+        const userOrdersInResponse = data.data.filter((order: any) => order.userId === testUser.id);
+        const adminOrdersInResponse = data.data.filter((order: any) => order.userId === testAdmin.id);
+
+        expect(userOrdersInResponse.length).toBeGreaterThan(0);
+        expect(adminOrdersInResponse.length).toBeGreaterThan(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+});

packages/orders-module/tests/integration/admin-refunds.integration.test.ts

@@ -0,0 +1,434 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { UserEntity, Role } from '@d8d/user-module';
+import { File } from '@d8d/file-module';
+import { Merchant } from '@d8d/merchant-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { Supplier } from '@d8d/supplier-module';
+import { adminRefundsRoutes } from '../../src/routes/admin/refunds';
+import { Order, OrderRefund } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, OrderRefund, File, Merchant, DeliveryAddress, AreaEntity, Supplier
+])
+
+describe('管理员退款管理API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof adminRefundsRoutes>>;
+  let adminToken: string;
+  let testUser: UserEntity;
+  let testAdmin: UserEntity;
+  let testOrder: Order;
+  let otherUserOrder: Order;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(adminRefundsRoutes);
+
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 创建测试用户
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testUser);
+
+    // 创建测试管理员用户
+    testAdmin = userRepository.create({
+      username: `test_admin_${Math.floor(Math.random() * 100000)}`,
+      password: 'admin_password',
+      nickname: '测试管理员',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testAdmin);
+
+    // 生成测试管理员的token
+    adminToken = JWTUtil.generateToken({
+      id: testAdmin.id,
+      username: testAdmin.username,
+      roles: [{name:'admin'}]
+    });
+
+    // 创建测试用户的订单
+    const orderRepository = dataSource.getRepository(Order);
+    testOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: testUser.id,
+      amount: 100.00,
+      costAmount: 80.00,
+      payAmount: 100.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: testUser.id
+    });
+    await orderRepository.save(testOrder);
+
+    // 创建其他用户的订单
+    otherUserOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: testAdmin.id,
+      amount: 200.00,
+      costAmount: 160.00,
+      payAmount: 200.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: testAdmin.id
+    });
+    await orderRepository.save(otherUserOrder);
+  });
+
+  describe('GET /refunds', () => {
+    it('应该返回所有订单的退款列表', async () => {
+      // 为不同用户的订单创建退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+
+      const userRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(userRefund);
+
+      const adminRefund = orderRefundRepository.create({
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 100.00,
+        state: 1,
+        createdBy: testAdmin.id
+      });
+      await orderRefundRepository.save(adminRefund);
+
+      const response = await client.index.$get({
+        query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员退款列表响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data).toHaveProperty('data');
+        expect(Array.isArray(data.data)).toBe(true);
+
+        // 验证返回所有用户的退款（管理员可以访问所有数据）
+        const userRefundCount = data.data.filter((refund: any) =>
+          refund.order && refund.order.userId === testUser.id
+        ).length;
+        const adminRefundCount = data.data.filter((refund: any) =>
+          refund.order && refund.order.userId === testAdmin.id
+        ).length;
+
+        expect(userRefundCount).toBeGreaterThan(0);
+        expect(adminRefundCount).toBeGreaterThan(0);
+      }
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const response = await client.index.$get({
+        query: {}
+      });
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST /refunds', () => {
+    it('应该成功创建退款申请并可以指定权限', async () => {
+      const createData = {
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 75.00,
+        state: 0,
+        createdBy: testAdmin.id // 管理员可以指定创建人
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员创建退款申请响应状态:', response.status);
+      if (response.status !== 201) {
+        const errorData = await response.json();
+        console.debug('管理员创建退款申请错误响应:', errorData);
+      }
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.refundOrderNo).toBe(createData.refundOrderNo);
+        expect(parseFloat(data.refundAmount)).toBe(createData.refundAmount);
+        expect(data.state).toBe(createData.state);
+        expect(data.createdBy).toBe(testAdmin.id); // 验证可以指定创建人
+      }
+    });
+
+    it('应该验证创建退款申请的必填字段', async () => {
+      const invalidData = {
+        // 缺少必填字段
+        refundAmount: -1
+      };
+
+      const response = await client.index.$post({
+        json: invalidData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+  });
+
+  describe('GET /refunds/:id', () => {
+    it('应该返回指定退款的详情', async () => {
+      // 先为测试用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const testRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(testRefund);
+
+      const response = await client[':id'].$get({
+        param: { id: testRefund.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员退款详情响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testRefund.id);
+        expect(data.refundOrderNo).toBe(testRefund.refundOrderNo);
+        expect(data.order.userId).toBe(testUser.id); // 验证可以访问其他用户的退款
+      }
+    });
+
+    it('应该处理不存在的退款', async () => {
+      const response = await client[':id'].$get({
+        param: { id: 999999 }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(404);
+    });
+  });
+
+  describe('PUT /refunds/:id', () => {
+    it('应该成功更新任何退款', async () => {
+      // 先为测试用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const testRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(testRefund);
+
+      const updateData = {
+        state: 1,
+        updatedBy: testAdmin.id // 管理员可以指定更新人
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: testRefund.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员更新退款响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.state).toBe(updateData.state);
+        expect(data.updatedBy).toBe(testAdmin.id); // 验证可以指定更新人
+      }
+    });
+  });
+
+  describe('DELETE /refunds/:id', () => {
+    it('应该成功删除任何退款', async () => {
+      // 先为测试用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const testRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(testRefund);
+
+      const response = await client[':id'].$delete({
+        param: { id: testRefund.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      console.debug('管理员删除退款响应状态:', response.status);
+      expect(response.status).toBe(204);
+    });
+  });
+
+  describe('管理员权限验证测试', () => {
+    it('应该验证管理员可以访问所有数据', async () => {
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+
+      // 创建不同用户的退款
+      const userRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(userRefund);
+
+      const adminRefund = orderRefundRepository.create({
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 100.00,
+        state: 0,
+        createdBy: testAdmin.id
+      });
+      await orderRefundRepository.save(adminRefund);
+
+      // 使用管理员token获取列表
+      const response = await client.index.$get({
+        query: {}
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 验证返回所有用户的退款
+        const userRefundInResponse = data.data.filter((refund: any) =>
+          refund.order && refund.order.userId === testUser.id
+        );
+        const adminRefundInResponse = data.data.filter((refund: any) =>
+          refund.order && refund.order.userId === testAdmin.id
+        );
+
+        expect(userRefundInResponse.length).toBeGreaterThan(0);
+        expect(adminRefundInResponse.length).toBeGreaterThan(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+
+  describe('退款状态管理测试', () => {
+    it('应该正确处理退款状态变更', async () => {
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+
+      // 创建不同状态的退款
+      const pendingRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0, // 未退款
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(pendingRefund);
+
+      const processingRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 25.00,
+        state: 1, // 退款中
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(processingRefund);
+
+      const completedRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 75.00,
+        state: 2, // 退款成功
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(completedRefund);
+
+      // 验证状态过滤
+      const response = await client.index.$get({
+        query: { filters: JSON.stringify({ state: 0 }) }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${adminToken}`
+        }
+      });
+
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 应该只返回未退款状态的退款
+        const pendingRefundsInResponse = data.data.filter((refund: any) => refund.state === 0);
+        const processingRefundsInResponse = data.data.filter((refund: any) => refund.state === 1);
+        const completedRefundsInResponse = data.data.filter((refund: any) => refund.state === 2);
+
+        expect(pendingRefundsInResponse.length).toBeGreaterThan(0);
+        expect(processingRefundsInResponse.length).toBe(0);
+        expect(completedRefundsInResponse.length).toBe(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+});

packages/orders-module/tests/integration/create-order.integration.test.ts

@@ -0,0 +1,468 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { UserEntity, Role } from '@d8d/user-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { Goods, GoodsCategory } from '@d8d/goods-module';
+import { Supplier } from '@d8d/supplier-module';
+import { File } from '@d8d/file-module';
+import { Merchant } from '@d8d/merchant-module';
+import { createOrderRoutes } from '../../src/routes/create-order';
+import { Order, OrderGoods } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, OrderGoods, Goods, GoodsCategory, File, Supplier, DeliveryAddress, Merchant, AreaEntity
+])
+
+describe('订单创建API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof createOrderRoutes>>;
+  let userToken: string;
+  let testUser: UserEntity;
+  let testGoods: Goods;
+  let testSupplier: Supplier;
+  let testFile: File;
+  let testDeliveryAddress: DeliveryAddress;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(createOrderRoutes);
+
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 创建测试用户
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testUser);
+
+    // 生成测试用户的token
+    userToken = JWTUtil.generateToken({
+      id: testUser.id,
+      username: testUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 创建测试商品
+    const goodsRepository = dataSource.getRepository(Goods);
+    testGoods = goodsRepository.create({
+      name: '测试商品',
+      price: 100.00,
+      costPrice: 80.00,
+      categoryId1: 1,
+      categoryId2: 1,
+      categoryId3: 1,
+      goodsType: 1,
+      supplierId: 1,
+      state: 1,
+      stock: 100,
+      lowestBuy: 1,
+      createdBy: testUser.id
+    });
+    await goodsRepository.save(testGoods);
+
+    // 创建测试供应商
+    const supplierRepository = dataSource.getRepository(Supplier);
+    testSupplier = supplierRepository.create({
+      name: '测试供应商',
+      username: `test_supplier_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138000',
+      realname: '测试供应商',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await supplierRepository.save(testSupplier);
+
+    // 创建测试文件
+    const fileRepository = dataSource.getRepository(File);
+    testFile = fileRepository.create({
+      name: 'test_image.jpg',
+      type: 'image/jpeg',
+      size: 102400,
+      path: 'images/test_image.jpg',
+      uploadUserId: testUser.id,
+      uploadTime: new Date(),
+      createdAt: new Date(),
+      updatedAt: new Date()
+    });
+    await fileRepository.save(testFile);
+
+    // 创建测试配送地址
+    const deliveryAddressRepository = dataSource.getRepository(DeliveryAddress);
+    testDeliveryAddress = deliveryAddressRepository.create({
+      userId: testUser.id,
+      name: '收货人姓名',
+      phone: '13800138000',
+      province: '广东省',
+      city: '深圳市',
+      district: '南山区',
+      address: '测试地址',
+      isDefault: 1,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await deliveryAddressRepository.save(testDeliveryAddress);
+  });
+
+  describe('POST /create-order', () => {
+    it('应该成功创建订单并关联商品', async () => {
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        amount: 150.00,
+        costAmount: 120.00,
+        payAmount: 150.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: 1,
+        supplierId: testSupplier.id,
+        orderGoods: [
+          {
+            goodsId: testGoods.id,
+            goodsName: '测试商品1',
+            price: 50.00,
+            num: 2,
+            state: 0,
+            supplierId: testSupplier.id,
+            imageFileId: testFile.id
+          },
+          {
+            goodsId: testGoods.id,
+            goodsName: '测试商品2',
+            price: 25.00,
+            num: 2,
+            state: 0,
+            supplierId: testSupplier.id,
+            imageFileId: testFile.id
+          }
+        ]
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('订单创建响应状态:', response.status);
+      if (response.status !== 201) {
+        const errorData = await response.json();
+        console.debug('订单创建错误响应:', errorData);
+      }
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.orderNo).toBe(createData.orderNo);
+        expect(parseFloat(data.amount)).toBe(createData.amount);
+        expect(data.userId).toBe(testUser.id); // 验证自动设置当前用户权限
+        expect(data.createdBy).toBe(testUser.id); // 验证自动设置创建用户
+
+        // 验证订单商品被正确创建
+        expect(data.orderGoods).toBeDefined();
+        expect(Array.isArray(data.orderGoods)).toBe(true);
+        expect(data.orderGoods.length).toBe(2);
+
+        // 验证商品信息
+        data.orderGoods.forEach((orderGoods: any, index: number) => {
+          expect(orderGoods.goodsName).toBe(createData.orderGoods[index].goodsName);
+          expect(parseFloat(orderGoods.price)).toBe(createData.orderGoods[index].price);
+          expect(orderGoods.num).toBe(createData.orderGoods[index].num);
+          expect(orderGoods.createdBy).toBe(testUser.id); // 验证商品创建用户
+        });
+      }
+    });
+
+    it('应该验证创建订单的必填字段', async () => {
+      const invalidData = {
+        // 缺少必填字段
+        amount: -1,
+        orderType: -1
+      };
+
+      const response = await client.index.$post({
+        json: invalidData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+
+    it('应该处理商品库存不足的情况', async () => {
+      // 创建一个库存为0的商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const goodsRepository = dataSource.getRepository(Goods);
+      const outOfStockGoods = goodsRepository.create({
+        name: '库存不足商品',
+        price: 100.00,
+        costPrice: 80.00,
+        categoryId1: 1,
+        categoryId2: 1,
+        categoryId3: 1,
+        goodsType: 1,
+        supplierId: 1,
+        state: 1,
+        stock: 0, // 库存为0
+        lowestBuy: 1,
+        createdBy: testUser.id
+      });
+      await goodsRepository.save(outOfStockGoods);
+
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: 1,
+        supplierId: testSupplier.id,
+        orderGoods: [
+          {
+            goodsId: outOfStockGoods.id,
+            goodsName: '库存不足商品',
+            price: 100.00,
+            num: 1,
+            state: 0,
+            supplierId: testSupplier.id,
+            imageFileId: testFile.id
+          }
+        ]
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      // 应该返回错误状态（库存不足）
+      expect(response.status).toBe(400);
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        amount: 150.00,
+        costAmount: 120.00,
+        payAmount: 150.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: 1,
+        supplierId: testSupplier.id,
+        orderGoods: [
+          {
+            goodsId: testGoods.id,
+            goodsName: '测试商品',
+            price: 50.00,
+            num: 3,
+            state: 0,
+            supplierId: testSupplier.id,
+            imageFileId: testFile.id
+          }
+        ]
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      });
+
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('事务性测试', () => {
+    it('应该确保订单和商品创建的事务一致性', async () => {
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: 1,
+        supplierId: testSupplier.id,
+        orderGoods: [
+          {
+            goodsId: testGoods.id,
+            goodsName: '测试商品1',
+            price: 100.00,
+            num: 2,
+            state: 0,
+            supplierId: testSupplier.id,
+            imageFileId: testFile.id
+          }
+        ]
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+
+        // 验证订单和商品都被正确创建
+        const dataSource = await IntegrationTestDatabase.getDataSource();
+        const orderRepository = dataSource.getRepository(Order);
+        const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+
+        // 验证订单存在
+        const createdOrder = await orderRepository.findOne({
+          where: { id: data.id },
+          relations: ['orderGoods']
+        });
+
+        expect(createdOrder).toBeDefined();
+        expect(createdOrder?.orderNo).toBe(createData.orderNo);
+        expect(createdOrder?.userId).toBe(testUser.id);
+
+        // 验证订单商品存在
+        const createdOrderGoods = await orderGoodsRepository.find({
+          where: { orderId: data.id }
+        });
+
+        expect(createdOrderGoods.length).toBe(1);
+        expect(createdOrderGoods[0].goodsName).toBe(createData.orderGoods[0].goodsName);
+        expect(createdOrderGoods[0].num).toBe(createData.orderGoods[0].num);
+      }
+    });
+
+    it('应该验证库存更新功能', async () => {
+      const initialStock = testGoods.stock;
+      const purchaseQuantity = 2;
+
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: 1,
+        supplierId: testSupplier.id,
+        orderGoods: [
+          {
+            goodsId: testGoods.id,
+            goodsName: '测试商品',
+            price: 100.00,
+            num: purchaseQuantity,
+            state: 0,
+            supplierId: testSupplier.id,
+            imageFileId: testFile.id
+          }
+        ]
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        // 验证商品库存被正确更新
+        const dataSource = await IntegrationTestDatabase.getDataSource();
+        const goodsRepository = dataSource.getRepository(Goods);
+        const updatedGoods = await goodsRepository.findOne({
+          where: { id: testGoods.id }
+        });
+
+        expect(updatedGoods).toBeDefined();
+        expect(updatedGoods?.stock).toBe(initialStock - purchaseQuantity);
+      }
+    });
+  });
+
+  describe('数据权限测试', () => {
+    it('应该自动设置当前用户权限', async () => {
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: 1,
+        supplierId: testSupplier.id,
+        orderGoods: [
+          {
+            goodsId: testGoods.id,
+            goodsName: '测试商品',
+            price: 100.00,
+            num: 1,
+            state: 0,
+            supplierId: testSupplier.id,
+            imageFileId: testFile.id
+          }
+        ]
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+
+        // 验证订单和商品都设置了正确的用户权限
+        expect(data.userId).toBe(testUser.id);
+        expect(data.createdBy).toBe(testUser.id);
+
+        // 验证订单商品也设置了正确的用户权限
+        data.orderGoods.forEach((orderGoods: any) => {
+          expect(orderGoods.createdBy).toBe(testUser.id);
+        });
+      }
+    });
+  });
+});

packages/orders-module/tests/integration/simple-test.test.ts

@@ -0,0 +1,36 @@
+import { describe, it, expect } from 'vitest';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { UserEntity, Role } from '@d8d/user-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { Merchant } from '@d8d/merchant-module';
+import { Supplier } from '@d8d/supplier-module';
+import { File } from '@d8d/file-module';
+import { Order } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, DeliveryAddress, Merchant, Supplier, File, AreaEntity
+])
+
+describe('简单实体配置测试', () => {
+  it('应该能够正确初始化所有实体', async () => {
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 验证数据源已正确初始化
+    expect(dataSource).toBeDefined();
+
+    // 验证所有实体都已正确注册
+    const entityMetadatas = dataSource.entityMetadatas;
+    const entityNames = entityMetadatas.map(metadata => metadata.name);
+
+    expect(entityNames).toContain('Order');
+    expect(entityNames).toContain('UserEntity');
+    expect(entityNames).toContain('DeliveryAddress');
+    expect(entityNames).toContain('AreaEntity');
+    expect(entityNames).toContain('Merchant');
+    expect(entityNames).toContain('Supplier');
+
+    console.log('所有实体已正确注册:', entityNames);
+  });
+});

packages/orders-module/tests/integration/user-order-items.integration.test.ts

@@ -0,0 +1,612 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { UserEntity, Role } from '@d8d/user-module';
+import { File } from '@d8d/file-module';
+import { Goods, GoodsCategory } from '@d8d/goods-module';
+import { Supplier } from '@d8d/supplier-module';
+import { Merchant } from '@d8d/merchant-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { userOrderItemsRoutes } from '../../src/routes/user/order-items';
+import { Order, OrderGoods } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, OrderGoods, Goods, GoodsCategory, File, Supplier, Merchant, DeliveryAddress, AreaEntity
+])
+
+describe('用户订单商品管理API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof userOrderItemsRoutes>>;
+  let userToken: string;
+  let otherUserToken: string;
+  let testUser: UserEntity;
+  let otherUser: UserEntity;
+  let testOrder: Order;
+  let otherUserOrder: Order;
+  let testGoods: Goods;
+  let testSupplier: Supplier;
+  let testFile: File;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(userOrderItemsRoutes);
+
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 创建测试用户
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testUser);
+
+    // 创建其他用户
+    otherUser = userRepository.create({
+      username: `other_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'other_password',
+      nickname: '其他用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(otherUser);
+
+    // 生成测试用户的token
+    userToken = JWTUtil.generateToken({
+      id: testUser.id,
+      username: testUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 生成其他用户的token
+    otherUserToken = JWTUtil.generateToken({
+      id: otherUser.id,
+      username: otherUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 创建测试商品
+    const goodsRepository = dataSource.getRepository(Goods);
+    testGoods = goodsRepository.create({
+      name: '测试商品',
+      price: 100.00,
+      costPrice: 80.00,
+      categoryId1: 1,
+      categoryId2: 1,
+      categoryId3: 1,
+      goodsType: 1,
+      supplierId: 1,
+      state: 1,
+      stock: 100,
+      lowestBuy: 1,
+      createdBy: testUser.id
+    });
+    await goodsRepository.save(testGoods);
+
+    // 创建测试供应商
+    const supplierRepository = dataSource.getRepository(Supplier);
+    testSupplier = supplierRepository.create({
+      name: '测试供应商',
+      username: `test_supplier_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138000',
+      realname: '测试供应商',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await supplierRepository.save(testSupplier);
+
+    // 创建测试文件
+    const fileRepository = dataSource.getRepository(File);
+    testFile = fileRepository.create({
+      name: 'test_image.jpg',
+      type: 'image/jpeg',
+      size: 102400,
+      path: 'images/test_image.jpg',
+      uploadUserId: testUser.id,
+      uploadTime: new Date(),
+      createdAt: new Date(),
+      updatedAt: new Date()
+    });
+    await fileRepository.save(testFile);
+
+    // 创建测试用户的订单
+    const orderRepository = dataSource.getRepository(Order);
+    testOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: testUser.id,
+      amount: 100.00,
+      costAmount: 80.00,
+      payAmount: 100.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: testUser.id
+    });
+    await orderRepository.save(testOrder);
+
+    // 创建其他用户的订单
+    otherUserOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: otherUser.id,
+      amount: 200.00,
+      costAmount: 160.00,
+      payAmount: 200.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: otherUser.id
+    });
+    await orderRepository.save(otherUserOrder);
+  });
+
+  describe('GET /order-items', () => {
+    it('应该返回当前用户订单的商品列表', async () => {
+      // 为测试用户的订单创建一些商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+
+      const userOrderGoods1 = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试商品1',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(userOrderGoods1);
+
+      const userOrderGoods2 = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试商品2',
+        price: 25.00,
+        num: 4,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(userOrderGoods2);
+
+      // 为其他用户的订单创建一个商品，确保不会返回
+      const otherUserOrderGoods = orderGoodsRepository.create({
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '其他用户商品',
+        price: 100.00,
+        num: 1,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: otherUser.id
+      });
+      await orderGoodsRepository.save(otherUserOrderGoods);
+
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户订单商品列表响应状态:', response.status);
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('用户订单商品列表错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data).toHaveProperty('data');
+        expect(Array.isArray(data.data)).toBe(true);
+
+        // 验证只返回当前用户订单的商品
+        data.data.forEach((orderGoods: any) => {
+          expect(orderGoods.order.userId).toBe(testUser.id);
+        });
+
+        // 验证不包含其他用户订单的商品
+        const otherUserOrderGoodsInResponse = data.data.find((orderGoods: any) =>
+          orderGoods.order && orderGoods.order.userId === otherUser.id
+        );
+        expect(otherUserOrderGoodsInResponse).toBeUndefined();
+      }
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      });
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST /order-items', () => {
+    it('应该成功创建订单商品并自动设置当前用户权限', async () => {
+      const createData = {
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '用户创建商品',
+        price: 75.00,
+        num: 3,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户创建订单商品响应状态:', response.status);
+      if (response.status !== 201) {
+        const errorData = await response.json();
+        console.debug('用户创建订单商品错误响应:', errorData);
+      }
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.goodsName).toBe(createData.goodsName);
+        expect(parseFloat(data.price)).toBe(createData.price);
+        expect(data.num).toBe(createData.num);
+        expect(data.createdBy).toBe(testUser.id); // 验证自动设置创建用户
+      }
+    });
+
+    it('应该验证创建订单商品的必填字段', async () => {
+      const invalidData = {
+        // 缺少必填字段
+        price: -1,
+        num: -1
+      };
+
+      const response = await client.index.$post({
+        json: invalidData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+
+    it('应该拒绝为其他用户的订单创建商品', async () => {
+      const createData = {
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '尝试为其他用户订单创建商品',
+        price: 75.00,
+        num: 3,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('GET /order-items/:id', () => {
+    it('应该返回当前用户订单的商品详情', async () => {
+      // 先为测试用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const testOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试订单商品详情',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(testOrderGoods);
+
+      const response = await client[':id'].$get({
+        param: { id: testOrderGoods.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户订单商品详情响应状态:', response.status);
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('用户订单商品详情错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testOrderGoods.id);
+        expect(data.goodsName).toBe(testOrderGoods.goodsName);
+        expect(data.order.userId).toBe(testUser.id); // 验证订单属于当前用户
+      }
+    });
+
+    it('应该拒绝访问其他用户订单的商品', async () => {
+      // 为其他用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const otherUserOrderGoods = orderGoodsRepository.create({
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '其他用户订单商品',
+        price: 100.00,
+        num: 1,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: otherUser.id
+      });
+      await orderGoodsRepository.save(otherUserOrderGoods);
+
+      const response = await client[':id'].$get({
+        param: { id: otherUserOrderGoods.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403（权限不足）
+    });
+
+    it('应该处理不存在的订单商品', async () => {
+      const response = await client[':id'].$get({
+        param: { id: 999999 }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(404);
+    });
+  });
+
+  describe('PUT /order-items/:id', () => {
+    it('应该成功更新当前用户订单的商品', async () => {
+      // 先为测试用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const testOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试更新订单商品',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(testOrderGoods);
+
+      const updateData = {
+        num: 5,
+        state: 1
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: testOrderGoods.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户更新订单商品响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.num).toBe(updateData.num);
+        expect(data.state).toBe(updateData.state);
+        expect(data.updatedBy).toBe(testUser.id); // 验证自动设置更新用户
+      }
+    });
+
+    it('应该拒绝更新其他用户订单的商品', async () => {
+      // 为其他用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const otherUserOrderGoods = orderGoodsRepository.create({
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '其他用户订单商品',
+        price: 100.00,
+        num: 1,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: otherUser.id
+      });
+      await orderGoodsRepository.save(otherUserOrderGoods);
+
+      const updateData = {
+        num: 2
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: otherUserOrderGoods.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('DELETE /order-items/:id', () => {
+    it('应该成功删除当前用户订单的商品', async () => {
+      // 先为测试用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const testOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '测试删除订单商品',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(testOrderGoods);
+
+      const response = await client[':id'].$delete({
+        param: { id: testOrderGoods.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户删除订单商品响应状态:', response.status);
+      expect(response.status).toBe(204);
+    });
+
+    it('应该拒绝删除其他用户订单的商品', async () => {
+      // 为其他用户的订单创建一个商品
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+      const otherUserOrderGoods = orderGoodsRepository.create({
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '其他用户订单商品',
+        price: 100.00,
+        num: 1,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: otherUser.id
+      });
+      await orderGoodsRepository.save(otherUserOrderGoods);
+
+      const response = await client[':id'].$delete({
+        param: { id: otherUserOrderGoods.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('数据权限配置测试', () => {
+    it('应该验证dataPermission配置正确工作', async () => {
+      // 这个测试验证数据权限配置是否正常工作
+      // 用户只能访问自己订单的商品
+
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderGoodsRepository = dataSource.getRepository(OrderGoods);
+
+      // 创建测试用户和其他用户订单的商品
+      const userOrderGoods = orderGoodsRepository.create({
+        orderId: testOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '用户订单商品',
+        price: 50.00,
+        num: 2,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: testUser.id
+      });
+      await orderGoodsRepository.save(userOrderGoods);
+
+      const otherUserOrderGoods = orderGoodsRepository.create({
+        orderId: otherUserOrder.id,
+        goodsId: testGoods.id,
+        goodsName: '其他用户订单商品',
+        price: 100.00,
+        num: 1,
+        state: 0,
+        supplierId: testSupplier.id,
+        imageFileId: testFile.id,
+        createdBy: otherUser.id
+      });
+      await orderGoodsRepository.save(otherUserOrderGoods);
+
+      // 使用测试用户token获取列表
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('数据权限配置测试错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 验证只返回测试用户订单的商品
+        const userOrderGoodsInResponse = data.data.filter((orderGoods: any) =>
+          orderGoods.order && orderGoods.order.userId === testUser.id
+        );
+        const otherUserOrderGoodsInResponse = data.data.filter((orderGoods: any) =>
+          orderGoods.order && orderGoods.order.userId === otherUser.id
+        );
+
+        expect(userOrderGoodsInResponse.length).toBeGreaterThan(0);
+        expect(otherUserOrderGoodsInResponse.length).toBe(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+});

packages/orders-module/tests/integration/user-orders.integration.test.ts

@@ -0,0 +1,628 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { UserEntity, Role } from '@d8d/user-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { Merchant } from '@d8d/merchant-module';
+import { Supplier } from '@d8d/supplier-module';
+import { File } from '@d8d/file-module';
+import { userOrderRoutes } from '../../src/routes/user/orders';
+import { Order } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, DeliveryAddress, Merchant, Supplier, File, AreaEntity
+])
+
+describe('用户订单管理API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof userOrderRoutes>>;
+  let userToken: string;
+  let otherUserToken: string;
+  let testUser: UserEntity;
+  let otherUser: UserEntity;
+  let testDeliveryAddress: DeliveryAddress;
+  let testMerchant: Merchant;
+  let testSupplier: Supplier;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(userOrderRoutes);
+
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 创建测试用户
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testUser);
+
+    // 创建其他用户
+    otherUser = userRepository.create({
+      username: `other_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'other_password',
+      nickname: '其他用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(otherUser);
+
+    // 生成测试用户的token
+    userToken = JWTUtil.generateToken({
+      id: testUser.id,
+      username: testUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 生成其他用户的token
+    otherUserToken = JWTUtil.generateToken({
+      id: otherUser.id,
+      username: otherUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 创建测试区域数据
+    const areaRepository = dataSource.getRepository(AreaEntity);
+    const testProvince = areaRepository.create({
+      name: '广东省',
+      code: '440000',
+      level: 1,
+      parentId: null
+    });
+    await areaRepository.save(testProvince);
+
+    const testCity = areaRepository.create({
+      name: '深圳市',
+      code: '440300',
+      level: 2,
+      parentId: testProvince.id
+    });
+    await areaRepository.save(testCity);
+
+    const testDistrict = areaRepository.create({
+      name: '南山区',
+      code: '440305',
+      level: 3,
+      parentId: testCity.id
+    });
+    await areaRepository.save(testDistrict);
+
+    const testTown = areaRepository.create({
+      name: '粤海街道',
+      code: '440305001',
+      level: 3,
+      parentId: testDistrict.id
+    });
+    await areaRepository.save(testTown);
+
+    // 创建测试配送地址
+    const deliveryAddressRepository = dataSource.getRepository(DeliveryAddress);
+    testDeliveryAddress = deliveryAddressRepository.create({
+      userId: testUser.id,
+      name: '收货人姓名',
+      phone: '13800138000',
+      address: '测试地址',
+      receiverProvince: testProvince.id,
+      receiverCity: testCity.id,
+      receiverDistrict: testDistrict.id,
+      receiverTown: testTown.id,
+      isDefault: 1,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await deliveryAddressRepository.save(testDeliveryAddress);
+
+    // 创建测试商户
+    const merchantRepository = dataSource.getRepository(Merchant);
+    testMerchant = merchantRepository.create({
+      name: '测试商户',
+      username: `test_merchant_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138001',
+      realname: '测试商户',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await merchantRepository.save(testMerchant);
+
+    // 创建测试供应商
+    const supplierRepository = dataSource.getRepository(Supplier);
+    testSupplier = supplierRepository.create({
+      name: '测试供应商',
+      username: `test_supplier_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138002',
+      realname: '测试供应商',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await supplierRepository.save(testSupplier);
+  });
+
+  describe('GET /orders', () => {
+    it('应该返回当前用户的订单列表', async () => {
+      // 为测试用户创建一些订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+
+      const userOrder1 = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(userOrder1);
+
+      const userOrder2 = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 1,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(userOrder2);
+
+      // 为其他用户创建一个订单，确保不会返回
+      const otherUserOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: otherUser.id,
+        amount: 300.00,
+        costAmount: 240.00,
+        payAmount: 300.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: otherUser.id
+      });
+      await orderRepository.save(otherUserOrder);
+
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户订单列表响应状态:', response.status);
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('用户订单列表错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data).toHaveProperty('data');
+        expect(Array.isArray(data.data)).toBe(true);
+
+        // 验证只返回当前用户的订单
+        data.data.forEach((order: any) => {
+          expect(order.userId).toBe(testUser.id);
+        });
+
+        // 验证不包含其他用户的订单
+        const otherUserOrderInResponse = data.data.find((order: any) => order.userId === otherUser.id);
+        expect(otherUserOrderInResponse).toBeUndefined();
+      }
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      });
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST /orders', () => {
+    it('应该成功创建订单并自动设置当前用户权限', async () => {
+      const createData = {
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        amount: 150.00,
+        costAmount: 120.00,
+        payAmount: 150.00,
+        orderType: 1,
+        payType: 1,
+        payState: 0,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户创建订单响应状态:', response.status);
+      if (response.status !== 201) {
+        const errorData = await response.json();
+        console.debug('用户创建订单错误响应:', errorData);
+      }
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.orderNo).toBe(createData.orderNo);
+        expect(parseFloat(data.amount)).toBe(createData.amount);
+        expect(data.userId).toBe(testUser.id); // 验证自动设置当前用户权限
+        expect(data.createdBy).toBe(testUser.id); // 验证自动设置创建用户
+      }
+    });
+
+    it('应该验证创建订单的必填字段', async () => {
+      const invalidData = {
+        // 缺少必填字段
+        amount: -1,
+        orderType: -1
+      };
+
+      const response = await client.index.$post({
+        json: invalidData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+  });
+
+  describe('GET /orders/:id', () => {
+    it('应该返回当前用户的订单详情', async () => {
+      // 先为测试用户创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const testOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(testOrder);
+
+      const response = await client[':id'].$get({
+        param: { id: testOrder.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户订单详情响应状态:', response.status);
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('用户订单详情错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testOrder.id);
+        expect(data.orderNo).toBe(testOrder.orderNo);
+        expect(data.userId).toBe(testUser.id);
+      }
+    });
+
+    it('应该拒绝访问其他用户的订单', async () => {
+      // 为其他用户创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const otherUserOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: otherUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: otherUser.id
+      });
+      await orderRepository.save(otherUserOrder);
+
+      const response = await client[':id'].$get({
+        param: { id: otherUserOrder.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403（权限不足）
+    });
+
+    it('应该处理不存在的订单', async () => {
+      const response = await client[':id'].$get({
+        param: { id: 999999 }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(404);
+    });
+  });
+
+  describe('PUT /orders/:id', () => {
+    it('应该成功更新当前用户的订单', async () => {
+      // 先为测试用户创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const testOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(testOrder);
+
+      const updateData = {
+        state: 1,
+        payState: 1
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: testOrder.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户更新订单响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.state).toBe(updateData.state);
+        expect(data.payState).toBe(updateData.payState);
+        expect(data.updatedBy).toBe(testUser.id); // 验证自动设置更新用户
+      }
+    });
+
+    it('应该拒绝更新其他用户的订单', async () => {
+      // 为其他用户创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const otherUserOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: otherUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: otherUser.id
+      });
+      await orderRepository.save(otherUserOrder);
+
+      const updateData = {
+        state: 1
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: otherUserOrder.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('DELETE /orders/:id', () => {
+    it('应该成功删除当前用户的订单', async () => {
+      // 先为测试用户创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const testOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(testOrder);
+
+      const response = await client[':id'].$delete({
+        param: { id: testOrder.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户删除订单响应状态:', response.status);
+      expect(response.status).toBe(204);
+    });
+
+    it('应该拒绝删除其他用户的订单', async () => {
+      // 为其他用户创建一个订单
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+      const otherUserOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: otherUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: otherUser.id
+      });
+      await orderRepository.save(otherUserOrder);
+
+      const response = await client[':id'].$delete({
+        param: { id: otherUserOrder.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('数据权限配置测试', () => {
+    it('应该验证dataPermission配置正确工作', async () => {
+      // 这个测试验证数据权限配置是否正常工作
+      // 用户只能访问自己创建的订单
+
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRepository = dataSource.getRepository(Order);
+
+      // 创建测试用户和其他用户的订单
+      const userOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: testUser.id,
+        amount: 100.00,
+        costAmount: 80.00,
+        payAmount: 100.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: testUser.id
+      });
+      await orderRepository.save(userOrder);
+
+      const otherUserOrder = orderRepository.create({
+        orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+        userId: otherUser.id,
+        amount: 200.00,
+        costAmount: 160.00,
+        payAmount: 200.00,
+        orderType: 1,
+        payType: 1,
+        payState: 2,
+        state: 0,
+        deliveryAddressId: testDeliveryAddress.id,
+        merchantId: testMerchant.id,
+        supplierId: testSupplier.id,
+        createdBy: otherUser.id
+      });
+      await orderRepository.save(otherUserOrder);
+
+      // 使用测试用户token获取列表
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('数据权限配置测试错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 验证只返回测试用户的订单
+        const userOrderInResponse = data.data.filter((order: any) => order.userId === testUser.id);
+        const otherUserOrderInResponse = data.data.filter((order: any) => order.userId === otherUser.id);
+
+        expect(userOrderInResponse.length).toBeGreaterThan(0);
+        expect(otherUserOrderInResponse.length).toBe(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+});

packages/orders-module/tests/integration/user-refunds.integration.test.ts

@@ -0,0 +1,570 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { testClient } from 'hono/testing';
+import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
+import { JWTUtil } from '@d8d/shared-utils';
+import { UserEntity, Role } from '@d8d/user-module';
+import { File } from '@d8d/file-module';
+import { Merchant } from '@d8d/merchant-module';
+import { DeliveryAddress } from '@d8d/delivery-address-module';
+import { AreaEntity } from '@d8d/geo-areas';
+import { Supplier } from '@d8d/supplier-module';
+import { userRefundsRoutes } from '../../src/routes/user/refunds';
+import { Order, OrderRefund } from '../../src/entities';
+
+// 设置集成测试钩子
+setupIntegrationDatabaseHooksWithEntities([
+  UserEntity, Role, Order, OrderRefund, File, Merchant, DeliveryAddress, AreaEntity, Supplier
+])
+
+describe('用户退款管理API集成测试', () => {
+  let client: ReturnType<typeof testClient<typeof userRefundsRoutes>>;
+  let userToken: string;
+  let otherUserToken: string;
+  let testUser: UserEntity;
+  let otherUser: UserEntity;
+  let testOrder: Order;
+  let otherUserOrder: Order;
+
+  beforeEach(async () => {
+    // 创建测试客户端
+    client = testClient(userRefundsRoutes);
+
+    // 获取数据源
+    const dataSource = await IntegrationTestDatabase.getDataSource();
+
+    // 创建测试用户
+    const userRepository = dataSource.getRepository(UserEntity);
+    testUser = userRepository.create({
+      username: `test_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'test_password',
+      nickname: '测试用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(testUser);
+
+    // 创建其他用户
+    otherUser = userRepository.create({
+      username: `other_user_${Math.floor(Math.random() * 100000)}`,
+      password: 'other_password',
+      nickname: '其他用户',
+      registrationSource: 'web'
+    });
+    await userRepository.save(otherUser);
+
+    // 生成测试用户的token
+    userToken = JWTUtil.generateToken({
+      id: testUser.id,
+      username: testUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 生成其他用户的token
+    otherUserToken = JWTUtil.generateToken({
+      id: otherUser.id,
+      username: otherUser.username,
+      roles: [{name:'user'}]
+    });
+
+    // 创建测试用户的订单
+    const orderRepository = dataSource.getRepository(Order);
+    testOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: testUser.id,
+      amount: 100.00,
+      costAmount: 80.00,
+      payAmount: 100.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: testUser.id
+    });
+    await orderRepository.save(testOrder);
+
+    // 创建其他用户的订单
+    otherUserOrder = orderRepository.create({
+      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
+      userId: otherUser.id,
+      amount: 200.00,
+      costAmount: 160.00,
+      payAmount: 200.00,
+      orderType: 1,
+      payType: 1,
+      payState: 2,
+      state: 0,
+      createdBy: otherUser.id
+    });
+    await orderRepository.save(otherUserOrder);
+  });
+
+  describe('GET /refunds', () => {
+    it('应该返回当前用户订单的退款列表', async () => {
+      // 为测试用户的订单创建一些退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+
+      const userRefund1 = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(userRefund1);
+
+      const userRefund2 = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 25.00,
+        state: 1,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(userRefund2);
+
+      // 为其他用户的订单创建一个退款，确保不会返回
+      const otherUserRefund = orderRefundRepository.create({
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 100.00,
+        state: 0,
+        createdBy: otherUser.id
+      });
+      await orderRefundRepository.save(otherUserRefund);
+
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户退款列表响应状态:', response.status);
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('用户退款列表错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data).toHaveProperty('data');
+        expect(Array.isArray(data.data)).toBe(true);
+
+        // 验证只返回当前用户订单的退款
+        data.data.forEach((refund: any) => {
+          expect(refund.order.userId).toBe(testUser.id);
+        });
+
+        // 验证不包含其他用户订单的退款
+        const otherUserRefundInResponse = data.data.find((refund: any) =>
+          refund.order && refund.order.userId === otherUser.id
+        );
+        expect(otherUserRefundInResponse).toBeUndefined();
+      }
+    });
+
+    it('应该拒绝未认证用户的访问', async () => {
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      });
+      expect(response.status).toBe(401);
+    });
+  });
+
+  describe('POST /refunds', () => {
+    it('应该成功创建退款申请并自动设置当前用户权限', async () => {
+      const createData = {
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 75.00,
+        state: 0
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户创建退款申请响应状态:', response.status);
+      if (response.status !== 201) {
+        const errorData = await response.json();
+        console.debug('用户创建退款申请错误响应:', errorData);
+      }
+      expect(response.status).toBe(201);
+
+      if (response.status === 201) {
+        const data = await response.json();
+        expect(data).toHaveProperty('id');
+        expect(data.refundOrderNo).toBe(createData.refundOrderNo);
+        expect(parseFloat(data.refundAmount)).toBe(createData.refundAmount);
+        expect(data.state).toBe(createData.state);
+        expect(data.createdBy).toBe(testUser.id); // 验证自动设置创建用户
+      }
+    });
+
+    it('应该验证创建退款申请的必填字段', async () => {
+      const invalidData = {
+        // 缺少必填字段
+        refundAmount: -1
+      };
+
+      const response = await client.index.$post({
+        json: invalidData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(400);
+    });
+
+    it('应该拒绝为其他用户的订单创建退款申请', async () => {
+      const createData = {
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 75.00,
+        state: 0
+      };
+
+      const response = await client.index.$post({
+        json: createData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('GET /refunds/:id', () => {
+    it('应该返回当前用户订单的退款详情', async () => {
+      // 先为测试用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const testRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(testRefund);
+
+      const response = await client[':id'].$get({
+        param: { id: testRefund.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户退款详情响应状态:', response.status);
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('用户退款详情错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.id).toBe(testRefund.id);
+        expect(data.refundOrderNo).toBe(testRefund.refundOrderNo);
+        expect(data.order.userId).toBe(testUser.id); // 验证订单属于当前用户
+      }
+    });
+
+    it('应该拒绝访问其他用户订单的退款', async () => {
+      // 为其他用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const otherUserRefund = orderRefundRepository.create({
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 100.00,
+        state: 0,
+        createdBy: otherUser.id
+      });
+      await orderRefundRepository.save(otherUserRefund);
+
+      const response = await client[':id'].$get({
+        param: { id: otherUserRefund.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403（权限不足）
+    });
+
+    it('应该处理不存在的退款', async () => {
+      const response = await client[':id'].$get({
+        param: { id: 999999 }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(404);
+    });
+  });
+
+  describe('PUT /refunds/:id', () => {
+    it('应该成功更新当前用户订单的退款', async () => {
+      // 先为测试用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const testRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(testRefund);
+
+      const updateData = {
+        state: 1
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: testRefund.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户更新退款响应状态:', response.status);
+      expect(response.status).toBe(200);
+
+      if (response.status === 200) {
+        const data = await response.json();
+        expect(data.state).toBe(updateData.state);
+        expect(data.updatedBy).toBe(testUser.id); // 验证自动设置更新用户
+      }
+    });
+
+    it('应该拒绝更新其他用户订单的退款', async () => {
+      // 为其他用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const otherUserRefund = orderRefundRepository.create({
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 100.00,
+        state: 0,
+        createdBy: otherUser.id
+      });
+      await orderRefundRepository.save(otherUserRefund);
+
+      const updateData = {
+        state: 1
+      };
+
+      const response = await client[':id'].$put({
+        param: { id: otherUserRefund.id },
+        json: updateData
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('DELETE /refunds/:id', () => {
+    it('应该成功删除当前用户订单的退款', async () => {
+      // 先为测试用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const testRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(testRefund);
+
+      const response = await client[':id'].$delete({
+        param: { id: testRefund.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      console.debug('用户删除退款响应状态:', response.status);
+      expect(response.status).toBe(204);
+    });
+
+    it('应该拒绝删除其他用户订单的退款', async () => {
+      // 为其他用户的订单创建一个退款
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+      const otherUserRefund = orderRefundRepository.create({
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 100.00,
+        state: 0,
+        createdBy: otherUser.id
+      });
+      await orderRefundRepository.save(otherUserRefund);
+
+      const response = await client[':id'].$delete({
+        param: { id: otherUserRefund.id }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(403); // 数据权限控制返回403
+    });
+  });
+
+  describe('数据权限配置测试', () => {
+    it('应该验证dataPermission配置正确工作', async () => {
+      // 这个测试验证数据权限配置是否正常工作
+      // 用户只能访问自己订单的退款
+
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+
+      // 创建测试用户和其他用户订单的退款
+      const userRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0,
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(userRefund);
+
+      const otherUserRefund = orderRefundRepository.create({
+        orderNo: otherUserOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 100.00,
+        state: 0,
+        createdBy: otherUser.id
+      });
+      await orderRefundRepository.save(otherUserRefund);
+
+      // 使用测试用户token获取列表
+      const response = await client.index.$get({
+        query: {
+          page: 1,
+          pageSize: 10
+        }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      if (response.status !== 200) {
+        const errorData = await response.json();
+        console.debug('数据权限配置测试错误响应:', errorData);
+      }
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 验证只返回测试用户订单的退款
+        const userRefundInResponse = data.data.filter((refund: any) =>
+          refund.order && refund.order.userId === testUser.id
+        );
+        const otherUserRefundInResponse = data.data.filter((refund: any) =>
+          refund.order && refund.order.userId === otherUser.id
+        );
+
+        expect(userRefundInResponse.length).toBeGreaterThan(0);
+        expect(otherUserRefundInResponse.length).toBe(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+
+  describe('退款状态管理测试', () => {
+    it('应该正确处理退款状态变更', async () => {
+      const dataSource = await IntegrationTestDatabase.getDataSource();
+      const orderRefundRepository = dataSource.getRepository(OrderRefund);
+
+      // 创建不同状态的退款
+      const pendingRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 50.00,
+        state: 0, // 未退款
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(pendingRefund);
+
+      const processingRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 25.00,
+        state: 1, // 退款中
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(processingRefund);
+
+      const completedRefund = orderRefundRepository.create({
+        orderNo: testOrder.orderNo,
+        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
+        refundAmount: 75.00,
+        state: 2, // 退款成功
+        createdBy: testUser.id
+      });
+      await orderRefundRepository.save(completedRefund);
+
+      // 验证状态过滤
+      const response = await client.index.$get({
+        query: { filters: JSON.stringify({ state: 0 }) }
+      }, {
+        headers: {
+          'Authorization': `Bearer ${userToken}`
+        }
+      });
+
+      expect(response.status).toBe(200);
+      const data = await response.json();
+
+      // 类型检查确保data属性存在
+      if ('data' in data && Array.isArray(data.data)) {
+        // 应该只返回未退款状态的退款
+        const pendingRefundsInResponse = data.data.filter((refund: any) => refund.state === 0);
+        const processingRefundsInResponse = data.data.filter((refund: any) => refund.state === 1);
+        const completedRefundsInResponse = data.data.filter((refund: any) => refund.state === 2);
+
+        expect(pendingRefundsInResponse.length).toBeGreaterThan(0);
+        expect(processingRefundsInResponse.length).toBe(0);
+        expect(completedRefundsInResponse.length).toBe(0);
+      } else {
+        // 如果响应是错误格式，应该失败
+        expect(data).toHaveProperty('data');
+      }
+    });
+  });
+});

pnpm-lock.yaml

@@ -668,6 +668,9 @@ importers:
       '@d8d/file-module':
         specifier: workspace:*
         version: link:../file-module
+      '@d8d/geo-areas':
+        specifier: workspace:*
+        version: link:../geo-areas
       '@d8d/goods-module':
         specifier: workspace:*
         version: link:../goods-module