import { describe, it, expect, beforeEach } from 'vitest'; import { testClient } from 'hono/testing'; import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util'; import { JWTUtil } from '@d8d/shared-utils'; import { UserEntityMt, RoleMt } from '@d8d/user-module-mt'; import { FileMt } from '@d8d/file-module-mt'; import { SupplierMt } from '@d8d/supplier-module-mt'; import { MerchantMt } from '@d8d/merchant-module-mt'; import { userGoodsRoutesMt } from '../../src/routes/index.mt'; import { GoodsMt, GoodsCategoryMt } from '../../src/entities/index.mt'; import { GoodsTestFactory } from '../factories/goods-test-factory'; // 设置集成测试钩子 setupIntegrationDatabaseHooksWithEntities([ UserEntityMt, RoleMt, GoodsMt, GoodsCategoryMt, FileMt, SupplierMt, MerchantMt ]) describe('用户商品管理API集成测试', () => { let client: ReturnType>; let userToken: string; let otherUserToken: string; let testUser: UserEntityMt; let otherUser: UserEntityMt; let testCategory: GoodsCategoryMt; let testSupplier: SupplierMt; let testMerchant: MerchantMt; let testFile: FileMt; let testFactory: GoodsTestFactory; beforeEach(async () => { // 创建测试客户端 client = testClient(userGoodsRoutesMt); // 获取数据源并创建测试工厂 const dataSource = await IntegrationTestDatabase.getDataSource(); testFactory = new GoodsTestFactory(dataSource); // 使用测试工厂创建测试数据 testUser = await testFactory.createTestUser(); otherUser = await testFactory.createTestUser(1, { nickname: '其他用户' }); testCategory = await testFactory.createTestCategory(testUser.id); testSupplier = await testFactory.createTestSupplier(testUser.id); testMerchant = await testFactory.createTestMerchant(testUser.id); // 生成测试用户的token userToken = JWTUtil.generateToken({ id: testUser.id, username: testUser.username, roles: [{name:'user'}] }); // 生成其他用户的token otherUserToken = JWTUtil.generateToken({ id: otherUser.id, username: otherUser.username, roles: [{name:'user'}] }); // 创建测试文件 testFile = await testFactory.createTestFile(testUser.id); }); describe('GET /goods', () => { it('应该返回当前用户的商品列表', async () => { // 为测试用户创建一些商品 const userGoods1 = await testFactory.createTestGoods(testUser.id, { name: '用户商品1', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, imageFileId: testFile.id, state: 1, stock: 100, lowestBuy: 1 }); const userGoods2 = await testFactory.createTestGoods(testUser.id, { name: '用户商品2', price: 200.00, costPrice: 160.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, imageFileId: testFile.id, state: 1, stock: 50, lowestBuy: 1 }); // 为其他用户创建一个商品,确保不会返回 const otherUserGoods = await testFactory.createTestGoods(otherUser.id, { name: '其他用户商品', price: 300.00, costPrice: 240.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, imageFileId: testFile.id, state: 1, stock: 30, lowestBuy: 1 }); const response = await client.index.$get({ query: { page: 1, pageSize: 10 } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户商品列表响应状态:', response.status); if (response.status !== 200) { const errorData = await response.json(); console.debug('用户商品列表错误响应:', errorData); } expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data).toHaveProperty('data'); expect(Array.isArray(data.data)).toBe(true); // 验证只返回当前用户的商品 data.data.forEach((goods: any) => { expect(goods.createdBy).toBe(testUser.id); }); // 验证不包含其他用户的商品 const otherUserGoodsInResponse = data.data.find((goods: any) => goods.createdBy === otherUser.id); expect(otherUserGoodsInResponse).toBeUndefined(); } }); it('应该拒绝未认证用户的访问', async () => { const response = await client.index.$get({ query: { page: 1, pageSize: 10 } }); expect(response.status).toBe(401); }); }); describe('POST /goods', () => { it('应该成功创建商品并自动设置当前用户权限', async () => { const createData = { name: '用户创建商品', price: 150.00, costPrice: 120.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 80, lowestBuy: 1 }; const response = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户创建商品响应状态:', response.status); if (response.status !== 201) { const errorData = await response.json(); console.debug('用户创建商品错误响应:', errorData); } expect(response.status).toBe(201); if (response.status === 201) { const data = await response.json(); expect(data).toHaveProperty('id'); expect(data.name).toBe(createData.name); expect(data.price).toBe(Number(createData.price)); expect(data.createdBy).toBe(testUser.id); // 验证自动设置当前用户权限 } }); it('应该验证创建商品的必填字段', async () => { const invalidData = { // 缺少必填字段 name: '', price: -1, categoryId1: -1 }; const response = await client.index.$post({ json: invalidData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(400); }); }); describe('GET /goods/:id', () => { it('应该返回当前用户的商品详情', async () => { // 先为测试用户创建一个商品 const testGoods = await testFactory.createTestGoods(testUser.id, { name: '测试用户商品详情', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); const response = await client[':id'].$get({ param: { id: testGoods.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户商品详情响应状态:', response.status); if (response.status !== 200) { const errorData = await response.json(); console.debug('用户商品详情错误响应:', errorData); } expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.id).toBe(testGoods.id); expect(data.name).toBe(testGoods.name); expect(data.createdBy).toBe(testUser.id); } }); it('应该拒绝访问其他用户的商品', async () => { // 为其他用户创建一个商品 const otherUserGoods = await testFactory.createTestGoods(otherUser.id, { name: '其他用户商品', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); const response = await client[':id'].$get({ param: { id: otherUserGoods.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(404); // 数据权限控制返回404(未找到,安全考虑) }); it('应该处理不存在的商品', async () => { const response = await client[':id'].$get({ param: { id: 999999 } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(404); }); }); describe('PUT /goods/:id', () => { it('应该成功更新当前用户的商品', async () => { // 先为测试用户创建一个商品 const testGoods = await testFactory.createTestGoods(testUser.id, { name: '测试更新商品', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); const updateData = { name: '更新后的商品名称', price: 120.00, state: 2 }; const response = await client[':id'].$put({ param: { id: testGoods.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户更新商品响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.name).toBe(updateData.name); expect(data.price).toBe(Number(updateData.price)); expect(data.state).toBe(updateData.state); expect(data.updatedBy).toBe(testUser.id); // 验证自动设置更新用户 } }); it('应该拒绝更新其他用户的商品', async () => { // 为其他用户创建一个商品 const otherUserGoods = await testFactory.createTestGoods(otherUser.id, { name: '其他用户商品', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); const updateData = { name: '尝试更新其他用户商品' }; const response = await client[':id'].$put({ param: { id: otherUserGoods.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(403); // 数据权限控制返回403 }); }); describe('DELETE /goods/:id', () => { it('应该成功删除当前用户的商品', async () => { // 先为测试用户创建一个商品 const testGoods = await testFactory.createTestGoods(testUser.id, { name: '测试删除商品', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); const response = await client[':id'].$delete({ param: { id: testGoods.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); console.debug('用户删除商品响应状态:', response.status); expect(response.status).toBe(204); }); it('应该拒绝删除其他用户的商品', async () => { // 为其他用户创建一个商品 const otherUserGoods = await testFactory.createTestGoods(otherUser.id, { name: '其他用户商品', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); const response = await client[':id'].$delete({ param: { id: otherUserGoods.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); expect(response.status).toBe(403); // 数据权限控制返回403 }); }); describe('数据权限配置测试', () => { it('应该验证dataPermission配置正确工作', async () => { // 这个测试验证数据权限配置是否正常工作 // 用户只能访问自己创建的商品 // 创建测试用户和其他用户的商品 const userGoods = await testFactory.createTestGoods(testUser.id, { name: '用户商品', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); const otherUserGoods = await testFactory.createTestGoods(otherUser.id, { name: '其他用户商品', price: 200.00, costPrice: 160.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 50, lowestBuy: 1 }); // 使用测试用户token获取列表 const response = await client.index.$get({ query: { page: 1, pageSize: 10 } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); if (response.status !== 200) { const errorData = await response.json(); console.debug('数据权限配置测试错误响应:', errorData); } expect(response.status).toBe(200); const data = await response.json(); // 类型检查确保data属性存在 if ('data' in data && Array.isArray(data.data)) { // 验证只返回测试用户的商品 const userGoodsInResponse = data.data.filter((goods: any) => goods.createdBy === testUser.id); const otherUserGoodsInResponse = data.data.filter((goods: any) => goods.createdBy === otherUser.id); expect(userGoodsInResponse.length).toBeGreaterThan(0); expect(otherUserGoodsInResponse.length).toBe(0); } else { // 如果响应是错误格式,应该失败 expect(data).toHaveProperty('data'); } }); }); describe('多租户数据隔离测试', () => { it('应该验证不同租户间的数据完全隔离', async () => { // 创建租户2的用户和商品 const tenant2User = await testFactory.createTestUser(2, { username: 'tenant2_user', nickname: '租户2用户' }); // 为租户2创建分类、供应商、商户 const tenant2Category = await testFactory.createTestCategory(tenant2User.id, { tenantId: 2, name: '租户2分类' }); const tenant2Supplier = await testFactory.createTestSupplier(tenant2User.id, { tenantId: 2, name: '租户2供应商', username: 'tenant2_supplier' }); const tenant2Merchant = await testFactory.createTestMerchant(tenant2User.id, { tenantId: 2, name: '租户2商户' }); const tenant2Goods = await testFactory.createTestGoods(tenant2User.id, { tenantId: 2, name: '租户2商品', price: 300.00, costPrice: 240.00, categoryId1: tenant2Category.id, categoryId2: tenant2Category.id, categoryId3: tenant2Category.id, goodsType: 1, supplierId: tenant2Supplier.id, merchantId: tenant2Merchant.id, state: 1, stock: 50, lowestBuy: 1 }); // 验证租户1用户无法访问租户2数据 const response = await client[':id'].$get({ param: { id: tenant2Goods.id } }, { headers: { 'Authorization': `Bearer ${userToken}` } }); // 租户1用户应该无法访问租户2的商品 expect(response.status).toBe(404); // 或者403,取决于实现 }); it('应该验证租户1用户只能看到租户1的商品', async () => { // 创建租户1的商品 const tenant1Goods = await testFactory.createTestGoods(testUser.id, { tenantId: 1, name: '租户1商品', price: 100.00, costPrice: 80.00, categoryId1: testCategory.id, categoryId2: testCategory.id, categoryId3: testCategory.id, goodsType: 1, supplierId: testSupplier.id, merchantId: testMerchant.id, state: 1, stock: 100, lowestBuy: 1 }); // 创建租户2的商品 const tenant2User = await testFactory.createTestUser(2, { username: 'tenant2_user_2', nickname: '租户2用户2' }); const tenant2Category = await testFactory.createTestCategory(tenant2User.id, { tenantId: 2, name: '租户2分类2' }); const tenant2Supplier = await testFactory.createTestSupplier(tenant2User.id, { tenantId: 2, name: '租户2供应商2', username: 'tenant2_supplier_2' }); const tenant2Merchant = await testFactory.createTestMerchant(tenant2User.id, { tenantId: 2, name: '租户2商户2' }); const tenant2Goods = await testFactory.createTestGoods(tenant2User.id, { tenantId: 2, name: '租户2商品2', price: 400.00, costPrice: 320.00, categoryId1: tenant2Category.id, categoryId2: tenant2Category.id, categoryId3: tenant2Category.id, goodsType: 1, supplierId: tenant2Supplier.id, merchantId: tenant2Merchant.id, state: 1, stock: 75, lowestBuy: 1 }); console.debug('租户2商品创建成功:', tenant2Goods); // 重新生成租户1用户的token,确保认证信息正确 const currentUserToken = JWTUtil.generateToken({ id: testUser.id, username: testUser.username, roles: [{name:'user'}], tenantId: 1 }); console.debug('生成的token:', currentUserToken); console.debug('Authorization头:', `Bearer ${currentUserToken}`); // 获取租户1用户的商品列表 const response = await client.index.$get({}, { headers: { 'Authorization': `Bearer ${currentUserToken}` } }); console.debug('响应状态码:', response.status); if (response.status !== 200) { console.debug('响应内容:', await response.text()); } expect(response.status).toBe(200); const data = await response.json(); console.debug('API返回的商品数据:', data.data); // 验证返回的商品都属于租户1 if (data.data && Array.isArray(data.data)) { const allGoodsBelongToTenant1 = data.data.every((goods: any) => goods.tenantId === 1); console.debug('所有商品都属于租户1:', allGoodsBelongToTenant1); console.debug('商品租户ID列表:', data.data.map((g: any) => g.tenantId)); expect(allGoodsBelongToTenant1).toBe(true); // 验证没有租户2的商品 const tenant2GoodsInResponse = data.data.filter((goods: any) => goods.tenantId === 2); console.debug('租户2商品在响应中的数量:', tenant2GoodsInResponse.length); expect(tenant2GoodsInResponse.length).toBe(0); } }); }); });