🐛 fix(orders-module): 修复用户订单商品路由数据库连接问题

- 撤回对共享CRUD包的修改，恢复原始版本
- 参考用户模块自定义路由写法重新实现用户订单商品路由
- 修复用户订单商品服务中的AppDataSource未定义问题
- 完善权限验证错误处理，返回正确的403状态码
- 修复订单商品schema中的关联实体类型定义
- 添加完整的中文验证消息

Generated with [Claude Code](https://claude.ai/code)
via [Happy](https://happy.engineering)

Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Happy <yesreply@happy.engineering>

packages/orders-module/src/routes/user/order-items.ts

@@ -1,26 +1,275 @@
-import { createCrudRoutes } from '@d8d/shared-crud';
-import { OrderGoods } from '../../entities/order-goods.entity';
-import { OrderGoodsSchema, CreateOrderGoodsDto, UpdateOrderGoodsDto } from '../../schemas/order-goods.schema';
+import { createRoute, OpenAPIHono } from '@hono/zod-openapi';
+import { z } from '@hono/zod-openapi';
 import { authMiddleware } from '@d8d/auth-module';
+import { AppDataSource, ErrorSchema } from '@d8d/shared-utils';
+import { AuthContext } from '@d8d/shared-types';
+import { OrderGoodsSchema, CreateOrderGoodsDto, UpdateOrderGoodsDto } from '../../schemas/order-goods.schema';
+import { UserOrderGoodsService } from '../../services/user-order-goods.service';
+
+// 获取当前用户订单商品列表路由
+const getUserOrderItemsRoute = createRoute({
+  method: 'get',
+  path: '/',
+  middleware: [authMiddleware],
+  request: {
+    query: z.object({
+      page: z.coerce.number().int().positive('页码必须是正整数').default(1).openapi({
+        example: 1,
+        description: '页码，从1开始'
+      }),
+      pageSize: z.coerce.number().int().positive('每页数量必须是正整数').default(10).openapi({
+        example: 10,
+        description: '每页数量'
+      }),
+      keyword: z.string().optional().openapi({
+        example: '搜索关键词',
+        description: '搜索关键词'
+      })
+    })
+  },
+  responses: {
+    200: {
+      description: '成功获取订单商品列表',
+      content: {
+        'application/json': {
+          schema: z.object({
+            data: z.array(OrderGoodsSchema),
+            pagination: z.object({
+              total: z.number(),
+              current: z.number(),
+              pageSize: z.number()
+            })
+          })
+        }
+      }
+    },
+    401: {
+      description: '认证失败',
+      content: { 'application/json': { schema: ErrorSchema } }
+    }
+  }
+});
+
+// 获取当前用户订单商品详情路由
+const getUserOrderItemRoute = createRoute({
+  method: 'get',
+  path: '/{id}',
+  middleware: [authMiddleware],
+  request: {
+    params: z.object({
+      id: z.coerce.number().int().positive('ID必须是正整数').openapi({
+        param: { name: 'id', in: 'path' },
+        example: 1,
+        description: '订单商品ID'
+      })
+    })
+  },
+  responses: {
+    200: {
+      description: '成功获取订单商品详情',
+      content: {
+        'application/json': { schema: OrderGoodsSchema }
+      }
+    },
+    401: {
+      description: '认证失败',
+      content: { 'application/json': { schema: ErrorSchema } }
+    },
+    404: {
+      description: '订单商品不存在或无权访问',
+      content: { 'application/json': { schema: ErrorSchema } }
+    }
+  }
+});
+
+// 为当前用户创建订单商品路由
+const createUserOrderItemRoute = createRoute({
+  method: 'post',
+  path: '/',
+  middleware: [authMiddleware],
+  request: {
+    body: {
+      content: {
+        'application/json': { schema: CreateOrderGoodsDto }
+      }
+    }
+  },
+  responses: {
+    201: {
+      description: '成功创建订单商品',
+      content: {
+        'application/json': { schema: OrderGoodsSchema }
+      }
+    },
+    400: {
+      description: '请求参数验证失败',
+      content: { 'application/json': { schema: ErrorSchema } }
+    },
+    401: {
+      description: '认证失败',
+      content: { 'application/json': { schema: ErrorSchema } }
+    },
+    403: {
+      description: '无权为该订单创建商品',
+      content: { 'application/json': { schema: ErrorSchema } }
+    }
+  }
+});
+
+// 更新当前用户订单商品路由
+const updateUserOrderItemRoute = createRoute({
+  method: 'put',
+  path: '/{id}',
+  middleware: [authMiddleware],
+  request: {
+    params: z.object({
+      id: z.coerce.number().int().positive('ID必须是正整数').openapi({
+        param: { name: 'id', in: 'path' },
+        example: 1,
+        description: '订单商品ID'
+      })
+    }),
+    body: {
+      content: {
+        'application/json': { schema: UpdateOrderGoodsDto }
+      }
+    }
+  },
+  responses: {
+    200: {
+      description: '成功更新订单商品',
+      content: {
+        'application/json': { schema: OrderGoodsSchema }
+      }
+    },
+    401: {
+      description: '认证失败',
+      content: { 'application/json': { schema: ErrorSchema } }
+    },
+    404: {
+      description: '订单商品不存在或无权访问',
+      content: { 'application/json': { schema: ErrorSchema } }
+    }
+  }
+});
 
-// 用户订单商品路由 - 通过订单关联限制数据权限
-const userOrderItemsRoutes = createCrudRoutes({
-  entity: OrderGoods,
-  createSchema: CreateOrderGoodsDto,
-  updateSchema: UpdateOrderGoodsDto,
-  getSchema: OrderGoodsSchema,
-  listSchema: OrderGoodsSchema,
-  searchFields: ['orderNo', 'goodsName'],
-  relations: ['order', 'goods', 'supplier', 'imageFile'],
+// 删除当前用户订单商品路由
+const deleteUserOrderItemRoute = createRoute({
+  method: 'delete',
+  path: '/{id}',
   middleware: [authMiddleware],
-  userTracking: {
-    createdByField: 'createdBy',
-    updatedByField: 'updatedBy'
+  request: {
+    params: z.object({
+      id: z.coerce.number().int().positive('ID必须是正整数').openapi({
+        param: { name: 'id', in: 'path' },
+        example: 1,
+        description: '订单商品ID'
+      })
+    })
   },
-  dataPermission: {
-    enabled: true,
-    userIdField: 'order.userId'
+  responses: {
+    204: { description: '成功删除订单商品' },
+    401: {
+      description: '认证失败',
+      content: { 'application/json': { schema: ErrorSchema } }
+    },
+    404: {
+      description: '订单商品不存在或无权访问',
+      content: { 'application/json': { schema: ErrorSchema } }
+    }
   }
 });
 
-export default userOrderItemsRoutes;
+const app = new OpenAPIHono<AuthContext>()
+  .openapi(getUserOrderItemsRoute, async (c) => {
+    const user = c.get('user');
+    const { page, pageSize, keyword } = c.req.valid('query');
+
+    const orderGoodsService = new UserOrderGoodsService(AppDataSource);
+    const [data, total] = await orderGoodsService.getUserOrderGoodsList(
+      parseInt(page),
+      parseInt(pageSize),
+      keyword,
+      user?.id
+    );
+
+    return c.json({
+      data,
+      pagination: { total, current: parseInt(page), pageSize: parseInt(pageSize) }
+    }, 200);
+  })
+  .openapi(getUserOrderItemRoute, async (c) => {
+    const user = c.get('user');
+    const { id } = c.req.valid('param');
+
+    try {
+      const orderGoodsService = new UserOrderGoodsService(AppDataSource);
+      const orderGoods = await orderGoodsService.getUserOrderGoodsById(id, user?.id);
+      if (!orderGoods) {
+        return c.json({ code: 404, message: '订单商品不存在' }, 404);
+      }
+
+      return c.json(orderGoods, 200);
+    } catch (error) {
+      if (error instanceof Error && error.message.includes('无权')) {
+        return c.json({ code: 403, message: error.message }, 403);
+      }
+      throw error;
+    }
+  })
+  .openapi(createUserOrderItemRoute, async (c) => {
+    const user = c.get('user');
+    const data = c.req.valid('json');
+
+    try {
+      const orderGoodsService = new UserOrderGoodsService(AppDataSource);
+      const orderGoods = await orderGoodsService.createUserOrderGoods(data, user?.id);
+      return c.json(orderGoods, 201);
+    } catch (error) {
+      if (error instanceof Error && error.message.includes('无权')) {
+        return c.json({ code: 403, message: error.message }, 403);
+      }
+      throw error;
+    }
+  })
+  .openapi(updateUserOrderItemRoute, async (c) => {
+    const user = c.get('user');
+    const { id } = c.req.valid('param');
+    const data = c.req.valid('json');
+
+    try {
+      const orderGoodsService = new UserOrderGoodsService(AppDataSource);
+      const orderGoods = await orderGoodsService.updateUserOrderGoods(id, data, user?.id);
+      if (!orderGoods) {
+        return c.json({ code: 404, message: '订单商品不存在' }, 404);
+      }
+
+      return c.json(orderGoods, 200);
+    } catch (error) {
+      if (error instanceof Error && error.message.includes('无权')) {
+        return c.json({ code: 403, message: error.message }, 403);
+      }
+      throw error;
+    }
+  })
+  .openapi(deleteUserOrderItemRoute, async (c) => {
+    const user = c.get('user');
+    const { id } = c.req.valid('param');
+
+    try {
+      const orderGoodsService = new UserOrderGoodsService(AppDataSource);
+      const success = await orderGoodsService.deleteUserOrderGoods(id, user?.id);
+      if (!success) {
+        return c.json({ code: 404, message: '订单商品不存在' }, 404);
+      }
+
+      return c.body(null, 204);
+    } catch (error) {
+      if (error instanceof Error && error.message.includes('无权')) {
+        return c.json({ code: 403, message: error.message }, 403);
+      }
+      throw error;
+    }
+  });
+
+export default app;

packages/orders-module/src/routes/user/orders.ts

@@ -1,13 +1,14 @@
 import { createCrudRoutes } from '@d8d/shared-crud';
 import { Order } from '../../entities/order.entity';
-import { OrderSchema, CreateOrderDto, UpdateOrderDto } from '../../schemas/order.schema';
+import { OrderSchema } from '../../schemas/order.schema';
+import { UserCreateOrderDto, UserUpdateOrderDto } from '../../schemas/user-order.schema';
 import { authMiddleware } from '@d8d/auth-module';
 
 // 用户订单路由 - 有数据权限限制，只能访问自己的订单
 const userOrderRoutes = createCrudRoutes({
   entity: Order,
-  createSchema: CreateOrderDto,
-  updateSchema: UpdateOrderDto,
+  createSchema: UserCreateOrderDto,
+  updateSchema: UserUpdateOrderDto,
   getSchema: OrderSchema,
   listSchema: OrderSchema,
   searchFields: ['orderNo', 'userPhone', 'recevierName'],

packages/orders-module/src/schemas/order.schema.ts

@@ -116,19 +116,19 @@ export const OrderSchema = z.object({
     description: '用户手机号',
     example: '13800138000'
   }),
-  merchantId: z.coerce.number().int().positive().default(0).openapi({
+  merchantId: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '商户id',
     example: 1
   }),
-  merchantNo: z.coerce.number().int().positive().nullable().optional().openapi({
+  merchantNo: z.coerce.number().int().min(0, '不能小于0').nullable().optional().openapi({
     description: '商户号',
     example: 1001
   }),
-  supplierId: z.coerce.number().int().positive().default(0).openapi({
+  supplierId: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '供货商id',
     example: 1
   }),
-  addressId: z.coerce.number().int().positive().default(0).openapi({
+  addressId: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '地址id',
     example: 1
   }),
@@ -140,19 +140,19 @@ export const OrderSchema = z.object({
     description: '收货人姓名',
     example: '张三'
   }),
-  recevierProvince: z.coerce.number().int().positive().default(0).openapi({
+  recevierProvince: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在省',
     example: 110000
   }),
-  recevierCity: z.coerce.number().int().positive().default(0).openapi({
+  recevierCity: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在市',
     example: 110100
   }),
-  recevierDistrict: z.coerce.number().int().positive().default(0).openapi({
+  recevierDistrict: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在区',
     example: 110105
   }),
-  recevierTown: z.coerce.number().int().positive().default(0).openapi({
+  recevierTown: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在街道',
     example: 110105001
   }),
@@ -296,19 +296,19 @@ export const CreateOrderDto = z.object({
     description: '用户手机号',
     example: '13800138000'
   }),
-  merchantId: z.coerce.number().int().positive().default(0).openapi({
+  merchantId: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '商户id',
     example: 1
   }),
-  merchantNo: z.coerce.number().int().positive().nullable().optional().openapi({
+  merchantNo: z.coerce.number().int().min(0, '不能小于0').nullable().optional().openapi({
     description: '商户号',
     example: 1001
   }),
-  supplierId: z.coerce.number().int().positive().default(0).openapi({
+  supplierId: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '供货商id',
     example: 1
   }),
-  addressId: z.coerce.number().int().positive().default(0).openapi({
+  addressId: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '地址id',
     example: 1
   }),
@@ -320,19 +320,19 @@ export const CreateOrderDto = z.object({
     description: '收货人姓名',
     example: '张三'
   }),
-  recevierProvince: z.coerce.number().int().positive().default(0).openapi({
+  recevierProvince: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在省',
     example: 110000
   }),
-  recevierCity: z.coerce.number().int().positive().default(0).openapi({
+  recevierCity: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在市',
     example: 110100
   }),
-  recevierDistrict: z.coerce.number().int().positive().default(0).openapi({
+  recevierDistrict: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在区',
     example: 110105
   }),
-  recevierTown: z.coerce.number().int().positive().default(0).openapi({
+  recevierTown: z.coerce.number().int().min(0, '不能小于0').default(0).openapi({
     description: '收货人所在街道',
     example: 110105001
   }),
@@ -436,7 +436,7 @@ export const UpdateOrderDto = z.object({
     description: '商户id',
     example: 1
   }),
-  merchantNo: z.coerce.number().int().positive().nullable().optional().openapi({
+  merchantNo: z.coerce.number().int().min(0, '不能小于0').nullable().optional().openapi({
     description: '商户号',
     example: 1001
   }),

packages/orders-module/src/schemas/user-order.schema.ts

@@ -0,0 +1,136 @@
+import { z } from 'zod';
+
+// 用户创建订单DTO - 不包含userId字段，用户ID从认证信息中自动设置
+export const UserCreateOrderDto = z.object({
+  orderNo: z.string().min(1, '订单号不能为空').max(50, '订单号最多50个字符').openapi({
+    description: '订单号',
+    example: 'ORD20240101123456'
+  }),
+  authCode: z.string().max(32, '付款码最多32个字符').nullable().optional().openapi({
+    description: '付款码',
+    example: '12345678901234567890123456789012'
+  }),
+  cardNo: z.string().max(32, '卡号最多32个字符').nullable().optional().openapi({
+    description: '卡号',
+    example: '6222********1234'
+  }),
+  sjtCardNo: z.string().max(32, '盛京通卡号最多32个字符').nullable().optional().openapi({
+    description: '盛京通卡号',
+    example: 'SJT1234567890'
+  }),
+  amount: z.coerce.number().min(0, '订单金额不能小于0').max(999999.99, '订单金额不能超过999999.99').openapi({
+    description: '订单金额',
+    example: 99.99
+  }),
+  costAmount: z.coerce.number().min(0, '成本金额不能小于0').max(999999.99, '成本金额不能超过999999.99').default(0).optional().openapi({
+    description: '成本金额',
+    example: 50.00
+  }),
+  freightAmount: z.coerce.number().min(0, '运费不能小于0').max(999999.99, '运费不能超过999999.99').default(0).optional().openapi({
+    description: '运费',
+    example: 10.00
+  }),
+  discountAmount: z.coerce.number().min(0, '优惠金额不能小于0').max(999999.99, '优惠金额不能超过999999.99').default(0).optional().openapi({
+    description: '优惠金额',
+    example: 5.00
+  }),
+  payAmount: z.coerce.number().min(0, '实际支付金额不能小于0').max(999999.99, '实际支付金额不能超过999999.99').default(0).optional().openapi({
+    description: '实际支付金额',
+    example: 94.99
+  }),
+  deviceNo: z.string().max(255, '设备编号最多255个字符').nullable().optional().openapi({
+    description: '设备编号',
+    example: 'DEV001234'
+  }),
+  description: z.string().max(255, '订单描述最多255个字符').nullable().optional().openapi({
+    description: '订单描述',
+    example: '购买商品'
+  }),
+  goodsDetail: z.string().max(2000, '订单详情最多2000个字符').nullable().optional().openapi({
+    description: '订单详情(json格式)',
+    example: '[{"goodsId":1,"name":"商品1","price":99.99,"num":1}]'
+  }),
+  goodsTag: z.string().max(255, '订单优惠标记最多255个字符').nullable().optional().openapi({
+    description: '订单优惠标记',
+    example: '满100减5'
+  }),
+  address: z.string().max(255, '地址最多255个字符').nullable().optional().openapi({
+    description: '地址',
+    example: '北京市朝阳区xxx路xxx号'
+  }),
+  orderType: z.coerce.number().int().min(1, '订单类型最小为1').max(2, '订单类型最大为2').openapi({
+    description: '订单类型 1实物订单 2虚拟订单',
+    example: 1
+  }),
+  payType: z.coerce.number().int().min(0, '支付类型最小为0').max(2, '支付类型最大为2').openapi({
+    description: '支付类型1积分2礼券',
+    example: 1
+  }),
+  payState: z.coerce.number().int().min(0, '支付状态最小为0').max(5, '支付状态最大为5').openapi({
+    description: '支付状态 0未支付1支付中2支付成功3已退款4支付失败5订单关闭',
+    example: 0
+  }),
+  state: z.coerce.number().int().min(0, '订单状态最小为0').max(3, '订单状态最大为3').openapi({
+    description: '订单状态 0未发货1已发货2收货成功3已退货',
+    example: 0
+  }),
+  userPhone: z.string().max(50, '用户手机号最多50个字符').nullable().optional().openapi({
+    description: '用户手机号',
+    example: '13800138000'
+  }),
+  merchantId: z.coerce.number().int().positive('必须是正整数').openapi({
+    description: '商户id',
+    example: 1
+  }),
+  merchantNo: z.coerce.number().int().positive('必须是正整数').nullable().optional().openapi({
+    description: '商户号',
+    example: 1001
+  }),
+  supplierId: z.coerce.number().int().positive('必须是正整数').openapi({
+    description: '供货商id',
+    example: 1
+  }),
+  addressId: z.coerce.number().int().positive('必须是正整数').openapi({
+    description: '地址id',
+    example: 1
+  }),
+  receiverMobile: z.string().max(255, '收货人手机号最多255个字符').nullable().optional().openapi({
+    description: '收货人手机号',
+    example: '13800138000'
+  }),
+  recevierName: z.string().max(255, '收货人姓名最多255个字符').nullable().optional().openapi({
+    description: '收货人姓名',
+    example: '张三'
+  }),
+  recevierProvince: z.coerce.number().int().positive('必须是正整数').optional().openapi({
+    description: '收货人所在省',
+    example: 110000
+  }),
+  recevierCity: z.coerce.number().int().positive('必须是正整数').optional().openapi({
+    description: '收货人所在市',
+    example: 110100
+  }),
+  recevierDistrict: z.coerce.number().int().positive('必须是正整数').optional().openapi({
+    description: '收货人所在区',
+    example: 110105
+  }),
+  recevierTown: z.coerce.number().int().positive('必须是正整数').optional().openapi({
+    description: '收货人所在街道',
+    example: 110105001
+  }),
+  refundTime: z.coerce.date().nullable().optional().openapi({
+    description: '退款时间',
+    example: '2024-01-01T12:00:00Z'
+  }),
+  closeTime: z.coerce.date().nullable().optional().openapi({
+    description: '订单关闭时间',
+    example: '2024-01-01T12:00:00Z'
+  }),
+  remark: z.string().max(255, '管理员备注信息最多255个字符').nullable().optional().openapi({
+    description: '管理员备注信息',
+    example: '请尽快发货'
+  })
+});
+
+// 用户更新订单DTO - 不包含userId字段
+export const UserUpdateOrderDto = UserCreateOrderDto.partial();

packages/orders-module/src/services/user-order-goods.service.ts

@@ -0,0 +1,114 @@
+import { DataSource } from 'typeorm';
+import { OrderGoods } from '../entities/order-goods.entity';
+import { GenericCrudService } from '@d8d/shared-crud';
+
+export class UserOrderGoodsService extends GenericCrudService<OrderGoods> {
+  constructor(dataSource: DataSource) {
+    super(dataSource, OrderGoods, {
+      userTracking: {
+        createdByField: 'createdBy',
+        updatedByField: 'updatedBy'
+      }
+    });
+  }
+
+  /**
+   * 获取当前用户的订单商品列表
+   */
+  async getUserOrderGoodsList(
+    page: number = 1,
+    pageSize: number = 10,
+    keyword?: string,
+    userId?: string | number
+  ): Promise<[OrderGoods[], number]> {
+    const skip = (page - 1) * pageSize;
+    const query = this.repository.createQueryBuilder('orderGoods')
+      .leftJoinAndSelect('orderGoods.order', 'order')
+      .leftJoinAndSelect('orderGoods.goods', 'goods')
+      .leftJoinAndSelect('orderGoods.supplier', 'supplier')
+      .leftJoinAndSelect('orderGoods.imageFile', 'imageFile');
+
+    // 数据权限过滤：只返回当前用户订单的商品
+    if (userId) {
+      query.andWhere('order.userId = :userId', { userId });
+    }
+
+    // 关键词搜索
+    if (keyword) {
+      query.andWhere('(orderGoods.orderNo LIKE :keyword OR orderGoods.goodsName LIKE :keyword)', {
+        keyword: `%${keyword}%`
+      });
+    }
+
+    query.skip(skip).take(pageSize).orderBy('orderGoods.id', 'DESC');
+
+    return query.getManyAndCount();
+  }
+
+  /**
+   * 获取当前用户的订单商品详情
+   */
+  async getUserOrderGoodsById(id: number, userId?: string | number): Promise<OrderGoods | null> {
+    const orderGoods = await this.repository.findOne({
+      where: { id },
+      relations: ['order', 'goods', 'supplier', 'imageFile']
+    });
+
+    if (!orderGoods) {
+      return null;
+    }
+
+    // 数据权限验证：检查订单是否属于当前用户
+    if (userId && orderGoods.order && orderGoods.order.userId !== userId) {
+      throw new Error('无权访问该订单商品');
+    }
+
+    return orderGoods;
+  }
+
+  /**
+   * 为当前用户创建订单商品
+   */
+  async createUserOrderGoods(data: Partial<OrderGoods>, userId?: string | number): Promise<OrderGoods> {
+    // 验证订单是否属于当前用户
+    if (userId && data.orderId) {
+      const orderRepository = this.dataSource.getRepository('Order');
+      const order = await orderRepository.findOne({
+        where: { id: data.orderId },
+        select: ['userId']
+      });
+
+      if (!order || order.userId !== userId) {
+        throw new Error('无权为该订单创建商品');
+      }
+    }
+
+    return this.create(data, userId);
+  }
+
+  /**
+   * 更新当前用户的订单商品
+   */
+  async updateUserOrderGoods(id: number, data: Partial<OrderGoods>, userId?: string | number): Promise<OrderGoods | null> {
+    // 先验证权限
+    const existing = await this.getUserOrderGoodsById(id, userId);
+    if (!existing) {
+      return null;
+    }
+
+    return this.update(id, data, userId);
+  }
+
+  /**
+   * 删除当前用户的订单商品
+   */
+  async deleteUserOrderGoods(id: number, userId?: string | number): Promise<boolean> {
+    // 先验证权限
+    const existing = await this.getUserOrderGoodsById(id, userId);
+    if (!existing) {
+      return false;
+    }
+
+    return this.delete(id, userId);
+  }
+}

packages/orders-module/tests/integration/user-order-items.integration.test.ts

@@ -9,7 +9,7 @@ import { Supplier } from '@d8d/supplier-module';
 import { Merchant } from '@d8d/merchant-module';
 import { DeliveryAddress } from '@d8d/delivery-address-module';
 import { AreaEntity } from '@d8d/geo-areas';
-import { userOrderItemsRoutes } from '../../src/routes/user/order-items';
+import userOrderItemsRoutes from '../../src/routes/user/order-items';
 import { Order, OrderGoods } from '../../src/entities';
 
 // 设置集成测试钩子
@@ -28,6 +28,13 @@ describe('用户订单商品管理API集成测试', () => {
   let testGoods: Goods;
   let testSupplier: Supplier;
   let testFile: File;
+  let testGoodsCategory: GoodsCategory;
+  let testMerchant: Merchant;
+  let testDeliveryAddress: DeliveryAddress;
+  let testProvince: AreaEntity;
+  let testCity: AreaEntity;
+  let testDistrict: AreaEntity;
+  let testTown: AreaEntity;
 
   beforeEach(async () => {
     // 创建测试客户端
@@ -69,23 +76,17 @@ describe('用户订单商品管理API集成测试', () => {
       roles: [{name:'user'}]
     });
 
-    // 创建测试商品
-    const goodsRepository = dataSource.getRepository(Goods);
-    testGoods = goodsRepository.create({
-      name: '测试商品',
-      price: 100.00,
-      costPrice: 80.00,
-      categoryId1: 1,
-      categoryId2: 1,
-      categoryId3: 1,
-      goodsType: 1,
-      supplierId: 1,
+    // 先创建商品分类
+    const goodsCategoryRepository = dataSource.getRepository(GoodsCategory);
+    testGoodsCategory = goodsCategoryRepository.create({
+      name: '测试商品分类',
+      level: 1,
+      parentId: 0,
+      sort: 1,
       state: 1,
-      stock: 100,
-      lowestBuy: 1,
       createdBy: testUser.id
     });
-    await goodsRepository.save(testGoods);
+    await goodsCategoryRepository.save(testGoodsCategory);
 
     // 创建测试供应商
     const supplierRepository = dataSource.getRepository(Supplier);
@@ -100,6 +101,24 @@ describe('用户订单商品管理API集成测试', () => {
     });
     await supplierRepository.save(testSupplier);
 
+    // 创建测试商品
+    const goodsRepository = dataSource.getRepository(Goods);
+    testGoods = goodsRepository.create({
+      name: '测试商品',
+      price: 100.00,
+      costPrice: 80.00,
+      categoryId1: testGoodsCategory.id,
+      categoryId2: testGoodsCategory.id,
+      categoryId3: testGoodsCategory.id,
+      goodsType: 1,
+      supplierId: testSupplier.id,
+      state: 1,
+      stock: 100,
+      lowestBuy: 1,
+      createdBy: testUser.id
+    });
+    await goodsRepository.save(testGoods);
+
     // 创建测试文件
     const fileRepository = dataSource.getRepository(File);
     testFile = fileRepository.create({
@@ -114,6 +133,77 @@ describe('用户订单商品管理API集成测试', () => {
     });
     await fileRepository.save(testFile);
 
+    // 创建测试商户
+    const merchantRepository = dataSource.getRepository(Merchant);
+    testMerchant = merchantRepository.create({
+      name: '测试商户',
+      username: `test_merchant_${Math.floor(Math.random() * 100000)}`,
+      password: 'password123',
+      phone: '13800138000',
+      realname: '测试商户',
+      state: 1,
+      createdBy: testUser.id
+    });
+    await merchantRepository.save(testMerchant);
+
+    // 创建测试地区数据
+    const areaRepository = dataSource.getRepository(AreaEntity);
+    testProvince = areaRepository.create({
+      name: '测试省',
+      code: 110000,
+      level: 1,
+      parentCode: 0,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await areaRepository.save(testProvince);
+
+    testCity = areaRepository.create({
+      name: '测试市',
+      code: 110100,
+      level: 2,
+      parentCode: testProvince.code,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await areaRepository.save(testCity);
+
+    testDistrict = areaRepository.create({
+      name: '测试区',
+      code: 110105,
+      level: 3,
+      parentCode: testCity.code,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await areaRepository.save(testDistrict);
+
+    testTown = areaRepository.create({
+      name: '测试街道',
+      code: 110105001,
+      level: 4,
+      parentCode: testDistrict.code,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await areaRepository.save(testTown);
+
+    // 创建测试配送地址
+    const deliveryAddressRepository = dataSource.getRepository(DeliveryAddress);
+    testDeliveryAddress = deliveryAddressRepository.create({
+      name: '测试配送地址',
+      phone: '13800138000',
+      receiverProvince: testProvince.id,
+      receiverCity: testCity.id,
+      receiverDistrict: testDistrict.id,
+      receiverTown: testTown.id,
+      address: '测试地址详情',
+      userId: testUser.id,
+      state: 1,
+      createdBy: testUser.id
+    });
+    await deliveryAddressRepository.save(testDeliveryAddress);
+
     // 创建测试用户的订单
     const orderRepository = dataSource.getRepository(Order);
     testOrder = orderRepository.create({
@@ -126,6 +216,9 @@ describe('用户订单商品管理API集成测试', () => {
       payType: 1,
       payState: 2,
       state: 0,
+      merchantId: testMerchant.id,
+      supplierId: testSupplier.id,
+      addressId: testDeliveryAddress.id,
       createdBy: testUser.id
     });
     await orderRepository.save(testOrder);
@@ -141,6 +234,9 @@ describe('用户订单商品管理API集成测试', () => {
       payType: 1,
       payState: 2,
       state: 0,
+      merchantId: testMerchant.id,
+      supplierId: testSupplier.id,
+      addressId: testDeliveryAddress.id,
       createdBy: otherUser.id
     });
     await orderRepository.save(otherUserOrder);

packages/shared-crud/src/routes/generic-crud.routes.ts

@@ -31,11 +31,11 @@ export function createCrudRoutes<
     middleware,
     request: {
       query: z.object({
-        page: z.coerce.number<number>().int().positive().default(1).openapi({
+        page: z.coerce.number<number>().int().positive('页码必须是正整数').default(1).openapi({
           example: 1,
           description: '页码，从1开始'
         }),
-        pageSize: z.coerce.number<number>().int().positive().default(10).openapi({
+        pageSize: z.coerce.number<number>().int().positive('每页数量必须是正整数').default(10).openapi({
           example: 10,
           description: '每页数量'
         }),