import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest'; import { testClient } from 'hono/testing'; import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util'; import { JWTUtil } from '@d8d/shared-utils'; import { UserEntityMt, RoleMt } from '@d8d/user-module-mt'; import { FileMt } from '@d8d/file-module-mt'; import { adminMerchantRoutes } from '../../src/routes/admin-routes.mt'; import { MerchantMt } from '../../src/entities/merchant.mt.entity'; import { MerchantTestUtils } from '../utils/test-utils'; // 设置集成测试钩子 setupIntegrationDatabaseHooksWithEntities([UserEntityMt, RoleMt, MerchantMt, FileMt]) describe('管理员商户管理API集成测试', () => { let client: ReturnType>; let adminToken: string; let testUser: UserEntityMt; let testAdmin: UserEntityMt; beforeEach(async () => { // 创建测试客户端 client = testClient(adminMerchantRoutes); // 获取数据源 const dataSource = await IntegrationTestDatabase.getDataSource(); // 创建测试用户 testUser = await MerchantTestUtils.createTestUser({ tenantId: 1 }); // 创建测试管理员用户 testAdmin = await MerchantTestUtils.createTestUser({ username: `test_admin_${Date.now()}`, nickname: '测试管理员', tenantId: 1 }); // 生成测试管理员的token adminToken = JWTUtil.generateToken({ id: testAdmin.id, username: testAdmin.username, roles: [{name:'admin'}], tenantId: 1 }); }); describe('GET /merchants', () => { it('应该返回商户列表', async () => { // 创建一些测试商户 await MerchantTestUtils.createTestMerchants(testUser.id, 3, 1); const response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('商户列表响应状态:', response.status); if (response.status !== 200) { const errorData = await response.json(); console.debug('商户列表错误响应:', JSON.stringify(errorData, null, 2)); } expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data).toHaveProperty('data'); expect(Array.isArray(data.data)).toBe(true); } }); it('应该拒绝未认证用户的访问', async () => { const response = await client.index.$get({ query: {} }); expect(response.status).toBe(401); }); }); describe('POST /merchants', () => { it('应该成功创建商户', async () => { const createData = { name: '新商户', username: `new_${Date.now()}`, password: 'password123', phone: '13800138000', realname: '张三', state: 1, tenantId: 1 }; const response = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('创建商户响应状态:', response.status); if (response.status !== 201) { const errorData = await response.json(); console.debug('创建商户错误响应:', errorData); } expect(response.status).toBe(201); if (response.status === 201) { const data = await response.json(); expect(data).toHaveProperty('id'); expect(data.name).toBe(createData.name); expect(data.username).toBe(createData.username); expect(data.phone).toBe(createData.phone); expect(data.realname).toBe(createData.realname); expect(data.state).toBe(createData.state); expect(data.tenantId).toBe(1); // 自动使用租户ID } }); it('应该验证创建商户的必填字段', async () => { const invalidData = { // 缺少必填字段 name: '', username: '', password: '' }; const response = await client.index.$post({ json: invalidData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(response.status).toBe(400); }); }); describe('GET /merchants/:id', () => { it('应该返回指定商户的详情', async () => { // 使用测试工具创建商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const response = await client[':id'].$get({ param: { id: testMerchant.id } }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('商户详情响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.id).toBe(testMerchant.id); expect(data.name).toBe(testMerchant.name); expect(data.username).toBe(testMerchant.username); expect(data.phone).toBe(testMerchant.phone); expect(data.realname).toBe(testMerchant.realname); expect(data.tenantId).toBe(1); } }); it('应该处理不存在的商户', async () => { const response = await client[':id'].$get({ param: { id: 999999 } }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(response.status).toBe(404); }); }); describe('PUT /merchants/:id', () => { it('应该成功更新商户', async () => { // 使用测试工具创建商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const updateData = { name: '更新后的商户', phone: '13900139000', realname: '更新后的姓名', state: 2 }; const response = await client[':id'].$put({ param: { id: testMerchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('更新商户响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.name).toBe(updateData.name); expect(data.phone).toBe(updateData.phone); expect(data.realname).toBe(updateData.realname); expect(data.state).toBe(updateData.state); } }); }); describe('DELETE /merchants/:id', () => { it('应该成功删除商户', async () => { // 使用测试工具创建商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const response = await client[':id'].$delete({ param: { id: testMerchant.id } }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('删除商户响应状态:', response.status); expect(response.status).toBe(204); // 验证商户确实被删除 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(MerchantMt); const deletedMerchant = await merchantRepository.findOne({ where: { id: testMerchant.id } }); expect(deletedMerchant).toBeNull(); }); }); describe('管理员权限测试', () => { it('管理员应该可以为其他用户创建商户', async () => { const createData = { name: '其他用户商户', username: `oum_${Date.now()}`, password: 'password123', phone: '13800138001', realname: '李四', state: 1, tenantId: 1 }; const response = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('管理员为其他用户创建商户响应状态:', response.status); expect(response.status).toBe(201); if (response.status === 201) { const data = await response.json(); expect(data.createdBy).toBe(testAdmin.id); // 管理员创建商户时使用管理员自己的ID expect(data.name).toBe(createData.name); expect(data.tenantId).toBe(1); } }); it('管理员应该可以访问所有用户的商户', async () => { // 为测试用户创建一些商户 await MerchantTestUtils.createTestMerchants(testUser.id, 2, 1); // 管理员应该能看到所有商户 const response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(response.status).toBe(200); const data = await response.json(); if (data && 'data' in data) { expect(Array.isArray(data.data)).toBe(true); expect(data.data.length).toBeGreaterThanOrEqual(2); // 至少包含我们创建的两个商户 } }); it('管理员应该可以更新其他用户的商户', async () => { // 先为测试用户创建一个商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const updateData = { name: '管理员更新的商户', phone: '13900139000', realname: '管理员更新的姓名' }; const response = await client[':id'].$put({ param: { id: testMerchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('管理员更新其他用户商户响应状态:', response.status); expect(response.status).toBe(200); if (response.status === 200) { const data = await response.json(); expect(data.name).toBe(updateData.name); expect(data.phone).toBe(updateData.phone); expect(data.realname).toBe(updateData.realname); } }); it('管理员应该可以删除其他用户的商户', async () => { // 先为测试用户创建一个商户 const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const response = await client[':id'].$delete({ param: { id: testMerchant.id } }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('管理员删除其他用户商户响应状态:', response.status); expect(response.status).toBe(204); // 验证商户确实被删除 const dataSource = await IntegrationTestDatabase.getDataSource(); const merchantRepository = dataSource.getRepository(MerchantMt); const deletedMerchant = await merchantRepository.findOne({ where: { id: testMerchant.id } }); expect(deletedMerchant).toBeNull(); }); it('管理员应该可以查询指定用户的商户', async () => { // 为测试用户创建一些商户 const userMerchants = await MerchantTestUtils.createTestMerchants(testUser.id, 2, 1); // 管理员可以查询指定用户的商户 const response = await client.index.$get({ query: { filters: JSON.stringify({ createdBy: testUser.id }) } }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(response.status).toBe(200); const data = await response.json(); if (data && 'data' in data) { expect(Array.isArray(data.data)).toBe(true); // 验证返回的商户都属于指定用户 if (data.data.length > 0) { data.data.forEach((merchant: any) => { expect(merchant.createdBy).toBe(testUser.id); expect(merchant.tenantId).toBe(1); }); } } }); }); describe('商户状态管理测试', () => { it('应该支持商户状态管理', async () => { // 创建启用状态的商户 const createData = { name: '状态测试商户', username: `stm_${Date.now()}`, password: 'password123', phone: '13800138007', realname: '状态测试', state: 1, // 启用 tenantId: 1 }; const createResponse = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(createResponse.status).toBe(201); if (createResponse.status === 201) { const createdMerchant = await createResponse.json(); expect(createdMerchant.state).toBe(1); // 更新为禁用状态 const updateResponse = await client[':id'].$put({ param: { id: createdMerchant.id }, json: { state: 2 } // 禁用 }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(updateResponse.status).toBe(200); if (updateResponse.status === 200) { const updatedMerchant = await updateResponse.json(); expect(updatedMerchant.state).toBe(2); } } }); }); describe('商户登录统计功能测试', () => { it('应该支持商户登录统计字段', async () => { // 创建商户 const createData = { name: '登录统计商户', username: `lsm_${Date.now()}`, password: 'password123', phone: '13800138008', realname: '登录统计', state: 1, tenantId: 1 }; const createResponse = await client.index.$post({ json: createData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(createResponse.status).toBe(201); if (createResponse.status === 201) { const createdMerchant = await createResponse.json(); // 验证登录统计字段存在 expect(createdMerchant).toHaveProperty('loginNum'); expect(createdMerchant).toHaveProperty('loginTime'); expect(createdMerchant).toHaveProperty('loginIp'); expect(createdMerchant).toHaveProperty('lastLoginTime'); expect(createdMerchant).toHaveProperty('lastLoginIp'); // 初始值应该为0或null expect(createdMerchant.loginNum).toBe(0); expect(createdMerchant.loginTime).toBe(0); expect(createdMerchant.lastLoginTime).toBe(0); } }); }); describe('跨租户商户访问安全验证', () => { let tenant2User: UserEntityMt; let tenant2AdminToken: string; beforeEach(async () => { // 创建租户2的用户 tenant2User = await MerchantTestUtils.createTestUser({ username: `tenant2_user_${Date.now()}`, nickname: '租户2用户', tenantId: 2 }); // 生成租户2管理员的token tenant2AdminToken = JWTUtil.generateToken({ id: tenant2User.id, username: tenant2User.username, roles: [{name:'admin'}], tenantId: 2 }); }); it('管理员应该只能访问自己租户的商户', async () => { // 为两个租户创建商户 const tenant1Merchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1); const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); // 租户1管理员应该只能看到租户1的商户 const tenant1Response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); expect(tenant1Response.status).toBe(200); const tenant1Data = await tenant1Response.json(); if (tenant1Data && 'data' in tenant1Data) { expect(Array.isArray(tenant1Data.data)).toBe(true); // 应该只包含租户1的商户 tenant1Data.data.forEach((merchant: any) => { expect(merchant.tenantId).toBe(1); }); } // 租户2管理员应该只能看到租户2的商户 const tenant2Response = await client.index.$get({ query: {} }, { headers: { 'Authorization': `Bearer ${tenant2AdminToken}` } }); expect(tenant2Response.status).toBe(200); const tenant2Data = await tenant2Response.json(); if (tenant2Data && 'data' in tenant2Data) { expect(Array.isArray(tenant2Data.data)).toBe(true); // 应该只包含租户2的商户 tenant2Data.data.forEach((merchant: any) => { expect(merchant.tenantId).toBe(2); }); } }); it('管理员应该无法访问其他租户的商户详情', async () => { // 为租户2创建商户 const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); // 租户1管理员尝试访问租户2的商户 const response = await client[':id'].$get({ param: { id: tenant2Merchant.id } }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('跨租户管理员访问商户详情响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); it('管理员应该无法更新其他租户的商户', async () => { // 为租户2创建商户 const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); const updateData = { name: '尝试跨租户更新', phone: '13900139011', realname: '尝试跨租户更新' }; // 租户1管理员尝试更新租户2的商户 const response = await client[':id'].$put({ param: { id: tenant2Merchant.id }, json: updateData }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('跨租户管理员更新商户响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); it('管理员应该无法删除其他租户的商户', async () => { // 为租户2创建商户 const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2); // 租户1管理员尝试删除租户2的商户 const response = await client[':id'].$delete({ param: { id: tenant2Merchant.id } }, { headers: { 'Authorization': `Bearer ${adminToken}` } }); console.debug('跨租户管理员删除商户响应状态:', response.status); expect(response.status).toBe(404); // 应该返回404,而不是403 }); }); });