import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest'; import { testClient } from 'hono/testing'; import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util'; import { JWTUtil } from '@d8d/shared-utils'; import { UserEntityMt, RoleMt } from '@d8d/user-module-mt'; import { FileMt } from '@d8d/file-module-mt'; import { userMerchantRoutes } from '../../src/routes/user-routes.mt'; import { MerchantMt } from '../../src/entities/merchant.mt.entity'; import { MerchantTestUtils } from '../utils/test-utils'; // 设置集成测试钩子 setupIntegrationDatabaseHooksWithEntities([UserEntityMt, RoleMt, MerchantMt, FileMt]) describe('用户商户管理API集成测试', () => { let client: ReturnType>; let userToken: string; let otherUserToken: string; let testUser: UserEntityMt; let otherUser: UserEntityMt; beforeEach(async () => { // 创建测试客户端 client = testClient(userMerchantRoutes); // 创建测试用户 testUser = await MerchantTestUtils.createTestUser({ tenantId: 1 }); otherUser = await MerchantTestUtils.createTestUser({ username: `other_user_${Date.now()}`, nickname: '其他用户', tenantId: 1 }); // 生成测试用户的token userToken = JWTUtil.generateToken({ id: testUser.id, username: testUser.username, roles: [{name:'user'}], tenantId: 1 }); // 生成其他用户的token otherUserToken = JWTUtil.generateToken({ id: otherUser.id, username: otherUser.username, roles: [{name:'user'}], tenantId: 1 }); }); describe('GET /merchants', () => { it('应该返回当前用户的商户列表', async () => { // 使用测试工具创建商户数据 const { userMerchants, otherUserMerchants } = await MerchantTestUtils.createTestMerchantDataSet( testUser.id, otherUser.id, 1 ); const response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户商户列表响应状态:', response.status); if (response.status !== 200) { const errorData = await response.json(); console.debug('用户商户列表错误响应:', errorData); } expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); if (data && 'data' in data) { expect(Array.isArray(data.data)).toBe(true); // 应该只返回当前用户的商户 data.data.forEach((merchant: any) => { expect(merchant.createdBy).toBe(testUser.id); expect(merchant.tenantId).toBe(1); }); } } }); it('应该拒绝未认证用户的访问', async () => { const response = await client.index.$get({ query: {} }); expect(response.status).toBe(401); }); }); describe('POST /merchants', () => { it('应该成功创建商户并自动使用当前用户ID', async () => { const createData = { name: '新商户', username: `new_${Date.now()}`, password: 'password123', phone: '13800138000', realname: '张三', state: 1, tenantId: 1 }; const response = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户创建商户响应状态:', response.status); expect(response.status).toBe(201); if (response.status === 201) { const data = await response.json(); console.debug('用户创建商户响应数据:', JSON.stringify(data, null, 2)); expect(data).toHaveProperty('id'); expect(data.createdBy).toBe(testUser.id); // 自动使用当前用户ID expect(data.tenantId).toBe(1); // 自动使用租户ID expect(data.name).toBe(createData.name); expect(data.username).toBe(createData.username); expect(data.phone).toBe(createData.phone); expect(data.realname).toBe(createData.realname); } }); it('应该验证创建商户的必填字段', async () => { const invalidData = { // 缺少必填字段 name: '', username: '', password: '' }; const response = await client.index.$post({ json: invalidData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(400); }); }); describe('GET /merchants/:id', () => { it('应该返回当前用户的商户详情', async () => { // 使用测试工具创建商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const response = await client[':id'].$get({ param: { id: testMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户商户详情响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.id).toBe(testMerchant.id); expect(data.createdBy).toBe(testUser.id); expect(data.tenantId).toBe(1); expect(data.name).toBe(testMerchant.name); expect(data.username).toBe(testMerchant.username); expect(data.phone).toBe(testMerchant.phone); expect(data.realname).toBe(testMerchant.realname); } }); it('应该拒绝访问其他用户的商户', async () => { // 为其他用户创建商户 const otherUserMerchant = await MerchantTestUtils.createTestMerchant(otherUser.id, 1); // 当前用户尝试访问其他用户的商户 const response = await client[':id'].$get({ param: { id: otherUserMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户访问其他用户商户响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); it('应该处理不存在的商户', async () => { const response = await client[':id'].$get({ param: { id: 999999 } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(404); }); }); describe('PUT /merchants/:id', () => { it('应该成功更新当前用户的商户', async () => { // 使用测试工具创建商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const updateData = { name: '更新后的商户', phone: '13900139000', realname: '更新后的姓名', state: 2 }; const response = await client[':id'].$put({ param: { id: testMerchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户更新商户响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.name).toBe(updateData.name); expect(data.phone).toBe(updateData.phone); expect(data.realname).toBe(updateData.realname); expect(data.state).toBe(updateData.state); } }); it('应该拒绝更新其他用户的商户', async () => { // 为其他用户创建商户 const otherUserMerchant = await MerchantTestUtils.createTestMerchant(otherUser.id, 1); const updateData = { name: '尝试更新的商户', phone: '13900139001', realname: '尝试更新的姓名' }; // 当前用户尝试更新其他用户的商户 const response = await client[':id'].$put({ param: { id: otherUserMerchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户更新其他用户商户响应状态:', response.status); expect(response.status).toBe(403); // 数据权限控制返回403 }); }); describe('DELETE /merchants/:id', () => { it('应该成功删除当前用户的商户', async () => { // 使用测试工具创建商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const response = await client[':id'].$delete({ param: { id: testMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户删除商户响应状态:', response.status); expect(response.status).toBe(204); // 验证商户确实被删除 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(MerchantMt); const deletedMerchant = await merchantRepository.findOne({ where: { id: testMerchant.id } }); expect(deletedMerchant).toBeNull(); }); it('应该拒绝删除其他用户的商户', async () => { // 为其他用户创建商户 const otherUserMerchant = await MerchantTestUtils.createTestMerchant(otherUser.id, 1); // 当前用户尝试删除其他用户的商户 const response = await client[':id'].$delete({ param: { id: otherUserMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户删除其他用户商户响应状态:', response.status); expect(response.status).toBe(403); // 数据权限控制返回403 }); }); describe('数据权限验证', () => { it('用户应该只能访问和操作自己的数据', async () => { // 使用测试工具创建商户数据集 const { userMerchants, otherUserMerchants } = await MerchantTestUtils.createTestMerchantDataSet( testUser.id, otherUser.id, 1 ); // 当前用户应该只能看到自己的商户 const listResponse = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(listResponse.status).toBe(200); const listData = await listResponse.json(); if (listData && 'data' in listData) { expect(Array.isArray(listData.data)).toBe(true); // 应该只包含当前用户的商户 listData.data.forEach((merchant: any) => { expect(merchant.createdBy).toBe(testUser.id); }); } // 当前用户应该无法访问其他用户的商户详情 const getResponse = await client[':id'].$get({ param: { id: otherUserMerchants[0].id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(getResponse.status).toBe(404); // 当前用户应该无法更新其他用户的商户 const updateResponse = await client[':id'].$put({ param: { id: otherUserMerchants[0].id }, json: { name: '尝试更新' } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(updateResponse.status).toBe(403); // 当前用户应该无法删除其他用户的商户 const deleteResponse = await client[':id'].$delete({ param: { id: otherUserMerchants[0].id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(deleteResponse.status).toBe(403); }); }); describe('商户状态管理测试', () => { it('应该支持商户状态管理', async () => { // 创建启用状态的商户 const createData = { name: '状态测试商户', username: `stm_${Date.now()}`, password: 'password123', phone: '13800138006', realname: '状态测试', state: 1, // 启用 tenantId: 1 }; const createResponse = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(createResponse.status).toBe(201); const createdMerchant = await createResponse.json(); // 检查响应是否为错误对象 if ('code' in createdMerchant && 'message' in createdMerchant) { throw new Error(`创建商户失败: ${createdMerchant.message}`); } expect(createdMerchant.state).toBe(1); // 更新为禁用状态 const updateResponse = await client[':id'].$put({ param: { id: createdMerchant.id }, json: { state: 2 } // 禁用 }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(updateResponse.status).toBe(200); const updatedMerchant = await updateResponse.json(); // 检查响应是否为错误对象 if ('code' in updatedMerchant && 'message' in updatedMerchant) { throw new Error(`更新商户失败: ${updatedMerchant.message}`); } expect(updatedMerchant.state).toBe(2); }); }); describe('商户登录统计功能测试', () => { it('应该支持商户登录统计字段', async () => { // 创建商户 const createData = { name: '登录统计商户', username: `lsm_${Date.now()}`, password: 'password123', phone: '13800138007', realname: '登录统计', state: 1, tenantId: 1 }; const createResponse = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(createResponse.status).toBe(201); const createdMerchant = await createResponse.json(); // 检查响应是否为错误对象 if ('code' in createdMerchant && 'message' in createdMerchant) { throw new Error(`创建商户失败: ${createdMerchant.message}`); } // 验证登录统计字段存在 expect(createdMerchant).toHaveProperty('loginNum'); expect(createdMerchant).toHaveProperty('loginTime'); expect(createdMerchant).toHaveProperty('loginIp'); expect(createdMerchant).toHaveProperty('lastLoginTime'); expect(createdMerchant).toHaveProperty('lastLoginIp'); // 初始值应该为0或null expect(createdMerchant.loginNum).toBe(0); expect(createdMerchant.loginTime).toBe(0); expect(createdMerchant.lastLoginTime).toBe(0); }); }); describe('租户隔离测试', () => { let tenant2UserToken: string; let tenant2User: UserEntityMt; beforeEach(async () => { // 创建租户2的用户 tenant2User = await MerchantTestUtils.createTestUser({ username: `tenant2_user_${Date.now()}`, nickname: '租户2用户', tenantId: 2 }); // 生成租户2用户的token tenant2UserToken = JWTUtil.generateToken({ id: tenant2User.id, username: tenant2User.username, roles: [{name:'user'}], tenantId: 2 }); }); it('应该隔离不同租户的商户数据', async () => { // 为两个租户创建商户 const tenant1Merchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); // 租户1用户应该只能看到租户1的商户 const tenant1Response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(tenant1Response.status).toBe(200); const tenant1Data = await tenant1Response.json(); if (tenant1Data && 'data' in tenant1Data) { expect(Array.isArray(tenant1Data.data)).toBe(true); // 应该只包含租户1的商户 tenant1Data.data.forEach((merchant: any) => { expect(merchant.tenantId).toBe(1); }); } // 租户2用户应该只能看到租户2的商户 const tenant2Response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${tenant2UserToken}` } }); expect(tenant2Response.status).toBe(200); const tenant2Data = await tenant2Response.json(); if (tenant2Data && 'data' in tenant2Data) { expect(Array.isArray(tenant2Data.data)).toBe(true); // 应该只包含租户2的商户 tenant2Data.data.forEach((merchant: any) => { expect(merchant.tenantId).toBe(2); }); } }); it('应该拒绝跨租户访问商户详情', async () => { // 为租户2创建商户 const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); // 租户1用户尝试访问租户2的商户 const response = await client[':id'].$get({ param: { id: tenant2Merchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('跨租户访问商户详情响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); it('应该拒绝跨租户更新商户', async () => { // 为租户2创建商户 const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); const updateData = { name: '尝试跨租户更新', phone: '13900139011', realname: '尝试跨租户更新' }; // 租户1用户尝试更新租户2的商户 const response = await client[':id'].$put({ param: { id: tenant2Merchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('跨租户更新商户响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); it('应该拒绝跨租户删除商户', async () => { // 为租户2创建商户 const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); // 租户1用户尝试删除租户2的商户 const response = await client[':id'].$delete({ param: { id: tenant2Merchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('跨租户删除商户响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); }); });