import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest'; import { testClient } from 'hono/testing'; import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util'; import { JWTUtil } from '@d8d/shared-utils'; import { UserEntity, Role } from '@d8d/user-module'; import { File } from '@d8d/file-module'; import { userMerchantRoutes } from '../../src/routes'; import { Merchant } from '../../src/entities'; // 设置集成测试钩子 setupIntegrationDatabaseHooksWithEntities([UserEntity, Role, Merchant, File]) describe('用户商户管理API集成测试', () => { let client: ReturnType>; let userToken: string; let otherUserToken: string; let testUser: UserEntity; let otherUser: UserEntity; beforeEach(async () => { // 创建测试客户端 client = testClient(userMerchantRoutes); // 获取数据源 const dataSource = await IntegrationTestDatabase.getDataSource(); // 创建测试用户 const userRepository = dataSource.getRepository(UserEntity); testUser = userRepository.create({ username: `test_user_${Date.now()}`, password: 'test_password', nickname: '测试用户', registrationSource: 'web' }); await userRepository.save(testUser); // 创建其他用户 otherUser = userRepository.create({ username: `other_user_${Date.now()}`, password: 'other_password', nickname: '其他用户', registrationSource: 'web' }); await userRepository.save(otherUser); // 生成测试用户的token userToken = JWTUtil.generateToken({ id: testUser.id, username: testUser.username, roles: [{name:'user'}] }); // 生成其他用户的token otherUserToken = JWTUtil.generateToken({ id: otherUser.id, username: otherUser.username, roles: [{name:'user'}] }); }); describe('GET /merchants', () => { it('应该返回当前用户的商户列表', async () => { // 为测试用户创建一些商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const userMerchant1 = merchantRepository.create({ name: '用户商户1', username: `u1_${Date.now()}`, password: 'password123', phone: '13800138001', realname: '张三', state: 1, createdBy: testUser.id }); await merchantRepository.save(userMerchant1); const userMerchant2 = merchantRepository.create({ name: '用户商户2', username: `u2_${Date.now()}`, password: 'password123', phone: '13800138002', realname: '李四', state: 1, createdBy: testUser.id }); await merchantRepository.save(userMerchant2); // 为其他用户创建一个商户,确保不会返回 const otherUserMerchant = merchantRepository.create({ name: '其他用户商户', username: `o_${Date.now()}`, password: 'password123', phone: '13800138003', realname: '王五', state: 1, createdBy: otherUser.id }); await merchantRepository.save(otherUserMerchant); const response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户商户列表响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); if (data && 'data' in data) { expect(Array.isArray(data.data)).toBe(true); // 应该只返回当前用户的商户 data.data.forEach((merchant: any) => { expect(merchant.createdBy).toBe(testUser.id); }); } } }); it('应该拒绝未认证用户的访问', async () => { const response = await client.index.$get({ query: {} }); expect(response.status).toBe(401); }); }); describe('POST /merchants', () => { it('应该成功创建商户并自动使用当前用户ID', async () => { const createData = { name: '新商户', username: `new_${Date.now()}`, password: 'password123', phone: '13800138000', realname: '张三', state: 1 }; const response = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户创建商户响应状态:', response.status); expect(response.status).toBe(201); if (response.status === 201) { const data = await response.json(); console.debug('用户创建商户响应数据:', JSON.stringify(data, null, 2)); expect(data).toHaveProperty('id'); expect(data.createdBy).toBe(testUser.id); // 自动使用当前用户ID expect(data.name).toBe(createData.name); expect(data.username).toBe(createData.username); expect(data.phone).toBe(createData.phone); expect(data.realname).toBe(createData.realname); } }); it('应该验证创建商户的必填字段', async () => { const invalidData = { // 缺少必填字段 name: '', username: '', password: '' }; const response = await client.index.$post({ json: invalidData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(400); }); }); describe('GET /merchants/:id', () => { it('应该返回当前用户的商户详情', async () => { // 先为当前用户创建一个商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const testMerchant = merchantRepository.create({ name: '测试商户', username: `tm_${Date.now()}`, password: 'password123', phone: '13800138000', realname: '张三', state: 1, createdBy: testUser.id }); await merchantRepository.save(testMerchant); const response = await client[':id'].$get({ param: { id: testMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户商户详情响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.id).toBe(testMerchant.id); expect(data.createdBy).toBe(testUser.id); expect(data.name).toBe(testMerchant.name); expect(data.username).toBe(testMerchant.username); expect(data.phone).toBe(testMerchant.phone); expect(data.realname).toBe(testMerchant.realname); } }); it('应该拒绝访问其他用户的商户', async () => { // 为其他用户创建一个商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const otherUserMerchant = merchantRepository.create({ name: '其他用户商户', username: `om_${Date.now()}`, password: 'password123', phone: '13800138001', realname: '李四', state: 1, createdBy: otherUser.id }); await merchantRepository.save(otherUserMerchant); // 当前用户尝试访问其他用户的商户 const response = await client[':id'].$get({ param: { id: otherUserMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户访问其他用户商户响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); it('应该处理不存在的商户', async () => { const response = await client[':id'].$get({ param: { id: 999999 } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(404); }); }); describe('PUT /merchants/:id', () => { it('应该成功更新当前用户的商户', async () => { // 先为当前用户创建一个商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const testMerchant = merchantRepository.create({ name: '原始商户', username: `om_${Date.now()}`, password: 'password123', phone: '13800138000', realname: '原始姓名', state: 1, createdBy: testUser.id }); await merchantRepository.save(testMerchant); const updateData = { name: '更新后的商户', phone: '13900139000', realname: '更新后的姓名', state: 2 }; const response = await client[':id'].$put({ param: { id: testMerchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户更新商户响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.name).toBe(updateData.name); expect(data.phone).toBe(updateData.phone); expect(data.realname).toBe(updateData.realname); expect(data.state).toBe(updateData.state); } }); it('应该拒绝更新其他用户的商户', async () => { // 为其他用户创建一个商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const otherUserMerchant = merchantRepository.create({ name: '其他用户商户', username: `om_${Date.now()}`, password: 'password123', phone: '13800138001', realname: '李四', state: 1, createdBy: otherUser.id }); await merchantRepository.save(otherUserMerchant); const updateData = { name: '尝试更新的商户', phone: '13900139001', realname: '尝试更新的姓名' }; // 当前用户尝试更新其他用户的商户 const response = await client[':id'].$put({ param: { id: otherUserMerchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户更新其他用户商户响应状态:', response.status); expect(response.status).toBe(403); // 数据权限控制返回403 }); }); describe('DELETE /merchants/:id', () => { it('应该成功删除当前用户的商户', async () => { // 先为当前用户创建一个商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const testMerchant = merchantRepository.create({ name: '待删除商户', username: `dm_${Date.now()}`, password: 'password123', phone: '13800138000', realname: '张三', state: 1, createdBy: testUser.id }); await merchantRepository.save(testMerchant); const response = await client[':id'].$delete({ param: { id: testMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户删除商户响应状态:', response.status); expect(response.status).toBe(204); // 验证商户确实被删除 const deletedMerchant = await merchantRepository.findOne({ where: { id: testMerchant.id } }); expect(deletedMerchant).toBeNull(); }); it('应该拒绝删除其他用户的商户', async () => { // 为其他用户创建一个商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const otherUserMerchant = merchantRepository.create({ name: '其他用户商户', username: `om_${Date.now()}`, password: 'password123', phone: '13800138001', realname: '李四', state: 1, createdBy: otherUser.id }); await merchantRepository.save(otherUserMerchant); // 当前用户尝试删除其他用户的商户 const response = await client[':id'].$delete({ param: { id: otherUserMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户删除其他用户商户响应状态:', response.status); expect(response.status).toBe(403); // 数据权限控制返回403 }); }); describe('数据权限验证', () => { it('用户应该只能访问和操作自己的数据', async () => { // 为两个用户都创建商户 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(Merchant); const userMerchant = merchantRepository.create({ name: '用户商户', username: `um_${Date.now()}`, password: 'password123', phone: '13800138004', realname: '张三', state: 1, createdBy: testUser.id }); await merchantRepository.save(userMerchant); const otherUserMerchant = merchantRepository.create({ name: '其他用户商户', username: `om_${Date.now()}`, password: 'password123', phone: '13800138005', realname: '李四', state: 1, createdBy: otherUser.id }); await merchantRepository.save(otherUserMerchant); // 当前用户应该只能看到自己的商户 const listResponse = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(listResponse.status).toBe(200); const listData = await listResponse.json(); if (listData && 'data' in listData) { expect(Array.isArray(listData.data)).toBe(true); // 应该只包含当前用户的商户 listData.data.forEach((merchant: any) => { expect(merchant.createdBy).toBe(testUser.id); }); } // 当前用户应该无法访问其他用户的商户详情 const getResponse = await client[':id'].$get({ param: { id: otherUserMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(getResponse.status).toBe(404); // 当前用户应该无法更新其他用户的商户 const updateResponse = await client[':id'].$put({ param: { id: otherUserMerchant.id }, json: { name: '尝试更新' } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(updateResponse.status).toBe(403); // 当前用户应该无法删除其他用户的商户 const deleteResponse = await client[':id'].$delete({ param: { id: otherUserMerchant.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(deleteResponse.status).toBe(403); }); }); describe('商户状态管理测试', () => { it('应该支持商户状态管理', async () => { // 创建启用状态的商户 const createData = { name: '状态测试商户', username: `stm_${Date.now()}`, password: 'password123', phone: '13800138006', realname: '状态测试', state: 1 // 启用 }; const createResponse = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(createResponse.status).toBe(201); const createdMerchant = await createResponse.json(); // 检查响应是否为错误对象 if ('code' in createdMerchant && 'message' in createdMerchant) { throw new Error(`创建商户失败: ${createdMerchant.message}`); } expect(createdMerchant.state).toBe(1); // 更新为禁用状态 const updateResponse = await client[':id'].$put({ param: { id: createdMerchant.id }, json: { state: 2 } // 禁用 }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(updateResponse.status).toBe(200); const updatedMerchant = await updateResponse.json(); // 检查响应是否为错误对象 if ('code' in updatedMerchant && 'message' in updatedMerchant) { throw new Error(`更新商户失败: ${updatedMerchant.message}`); } expect(updatedMerchant.state).toBe(2); }); }); describe('商户登录统计功能测试', () => { it('应该支持商户登录统计字段', async () => { // 创建商户 const createData = { name: '登录统计商户', username: `lsm_${Date.now()}`, password: 'password123', phone: '13800138007', realname: '登录统计', state: 1 }; const createResponse = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(createResponse.status).toBe(201); const createdMerchant = await createResponse.json(); // 检查响应是否为错误对象 if ('code' in createdMerchant && 'message' in createdMerchant) { throw new Error(`创建商户失败: ${createdMerchant.message}`); } // 验证登录统计字段存在 expect(createdMerchant).toHaveProperty('loginNum'); expect(createdMerchant).toHaveProperty('loginTime'); expect(createdMerchant).toHaveProperty('loginIp'); expect(createdMerchant).toHaveProperty('lastLoginTime'); expect(createdMerchant).toHaveProperty('lastLoginIp'); // 初始值应该为0或null expect(createdMerchant.loginNum).toBe(0); expect(createdMerchant.loginTime).toBe(0); expect(createdMerchant.lastLoginTime).toBe(0); }); }); });