186-template-175
/
mini-starter
ответвлено от 155-template-138/mini-starter


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336
							import { describe, it, expect, beforeEach, afterEach } from 'vitest';
import { OpenAPIHono } from '@hono/zod-openapi';
import { AppDataSource } from '@d8d/shared-utils';
import { setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { TestUserEntityMt } from '../entities/test-user.entity';
import { RoleMt } from '../../src/entities/role.entity';
import testUserRoutesMt from '../routes/test-user.routes.mt';

// 测试数据
const testToken1 = 'tenant1-token';
const testToken2 = 'tenant2-token';
const invalidToken = 'invalid-token';

// 创建测试应用
const createTestApp = () => {
  const app = new OpenAPIHono();

  // 添加认证中间件（简化版本，仅用于测试）
  app.use('*', async (c, next) => {
    const authHeader = c.req.header('Authorization');
    if (!authHeader || !authHeader.startsWith('Bearer ')) {
      return c.json({ code: 401, message: '未授权' }, 401);
    }

    const token = authHeader.substring(7);

    // 根据token确定租户ID
    let tenantId: number | undefined;
    if (token === testToken1) {
      tenantId = 1;
    } else if (token === testToken2) {
      tenantId = 2;
    } else {
      return c.json({ code: 401, message: '无效token' }, 401);
    }

    // 设置用户和租户上下文
    const payload = {
      id: 1,
      username: `tenant${tenantId}_user`,
      roles: ['user'],
      iat: Math.floor(Date.now() / 1000),
      exp: Math.floor(Date.now() / 1000) + 3600
    };

    // 确保用户对象包含tenantId
    const userWithTenant = { ...payload, tenantId };
    c.set('user', userWithTenant);
    // 设置租户上下文
    c.set('tenantId', tenantId);

    await next();
  });

  app.route('/', testUserRoutesMt);
  return app;
};

describe('多租户用户模块租户隔离集成测试', () => {
  const app = createTestApp();

  // 设置数据库钩子
  setupIntegrationDatabaseHooksWithEntities([TestUserEntityMt, RoleMt]);

  beforeEach(async () => {
    // 创建测试数据
    const userRepository = AppDataSource.getRepository(TestUserEntityMt);
    const roleRepository = AppDataSource.getRepository(RoleMt);

    // 创建租户1的角色
    const role1 = roleRepository.create({
      name: 'admin',
      description: '管理员角色',
      permissions: ['user:create', 'user:delete'],
      tenantId: 1
    });
    await roleRepository.save(role1);

    // 创建租户2的角色
    const role2 = roleRepository.create({
      name: 'admin',
      description: '管理员角色',
      permissions: ['user:create', 'user:delete'],
      tenantId: 2
    });
    await roleRepository.save(role2);

    // 创建租户1的用户
    const user1 = userRepository.create({
      username: 'tenant1_user',
      password: 'password123',
      nickname: '租户1用户',
      tenantId: 1,
      roles: [role1]
    });
    await userRepository.save(user1);

    // 创建租户2的用户
    const user2 = userRepository.create({
      username: 'tenant2_user',
      password: 'password123',
      nickname: '租户2用户',
      tenantId: 2,
      roles: [role2]
    });
    await userRepository.save(user2);
  });

  describe('GET / - 列表查询租户隔离', () => {
    it('应该只返回当前租户的数据', async () => {
      const response = await app.request('/', {
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      console.log('GET列表响应状态:', response.status);
      if (response.status !== 200) {
        const errorResult = await response.json();
        console.log('GET列表错误响应:', errorResult);
      }
      expect(response.status).toBe(200);
      const result = await response.json();

      // 验证只返回租户1的数据
      expect(result.data).toHaveLength(1);
      expect(result.data[0].tenantId).toBe(1);
      expect(result.data[0].username).toBe('tenant1_user');
    });

    it('应该拒绝未认证用户的访问', async () => {
      const response = await app.request('/');

      expect(response.status).toBe(401);
    });
  });

  describe('POST / - 创建操作租户验证', () => {
    it('应该成功创建属于当前租户的数据', async () => {
      const newUser = {
        username: 'new_tenant1_user',
        password: 'newpassword123',
        nickname: '新租户1用户'
      };

      const response = await app.request('/', {
        method: 'POST',
        headers: {
          'Authorization': `Bearer ${testToken1}`,
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(newUser)
      });

      console.log('POST创建响应状态:', response.status);
      if (response.status !== 201) {
        const errorResult = await response.json();
        console.log('POST创建错误响应:', errorResult);
      }
      expect(response.status).toBe(201);
      const result = await response.json();

      // 验证创建的用户的租户ID正确
      expect(result.tenantId).toBe(1);
      expect(result.username).toBe('new_tenant1_user');
    });
  });

  describe('GET /:id - 获取详情租户验证', () => {
    it('应该成功获取属于当前租户的数据详情', async () => {
      // 先获取租户1的用户列表
      const listResponse = await app.request('/', {
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      const listResult = await listResponse.json();
      const tenant1UserId = listResult.data[0].id;

      // 获取用户详情
      const response = await app.request(`/${tenant1UserId}`, {
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      expect(response.status).toBe(200);
      const result = await response.json();

      expect(result.tenantId).toBe(1);
      expect(result.username).toBe('tenant1_user');
    });

    it('应该拒绝获取不属于当前租户的数据详情', async () => {
      // 先获取租户2的用户列表
      const listResponse = await app.request('/', {
        headers: {
          'Authorization': `Bearer ${testToken2}`
        }
      });

      const listResult = await listResponse.json();
      const tenant2UserId = listResult.data[0].id;

      // 尝试用租户1的token获取租户2的用户详情
      const response = await app.request(`/${tenant2UserId}`, {
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      expect(response.status).toBe(404);
    });
  });

  describe('PUT /:id - 更新操作租户验证', () => {
    it('应该成功更新属于当前租户的数据', async () => {
      // 先获取租户1的用户列表
      const listResponse = await app.request('/', {
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      const listResult = await listResponse.json();
      const tenant1UserId = listResult.data[0].id;

      const updateData = {
        nickname: '更新后的租户1用户'
      };

      const response = await app.request(`/${tenant1UserId}`, {
        method: 'PUT',
        headers: {
          'Authorization': `Bearer ${testToken1}`,
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(updateData)
      });

      expect(response.status).toBe(200);
      const result = await response.json();

      expect(result.tenantId).toBe(1);
      expect(result.nickname).toBe('更新后的租户1用户');
    });

    it('应该拒绝更新不属于当前租户的数据', async () => {
      // 先获取租户2的用户列表
      const listResponse = await app.request('/', {
        headers: {
          'Authorization': `Bearer ${testToken2}`
        }
      });

      const listResult = await listResponse.json();
      const tenant2UserId = listResult.data[0].id;

      const updateData = {
        nickname: '尝试跨租户更新'
      };

      // 尝试用租户1的token更新租户2的用户
      const response = await app.request(`/${tenant2UserId}`, {
        method: 'PUT',
        headers: {
          'Authorization': `Bearer ${testToken1}`,
          'Content-Type': 'application/json'
        },
        body: JSON.stringify(updateData)
      });

      expect(response.status).toBe(404);
    });
  });

  describe('DELETE /:id - 删除操作租户验证', () => {
    it('应该成功删除属于当前租户的数据', async () => {
      // 先获取租户1的用户列表
      const listResponse = await app.request('/', {
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      const listResult = await listResponse.json();
      const tenant1UserId = listResult.data[0].id;

      const response = await app.request(`/${tenant1UserId}`, {
        method: 'DELETE',
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      expect(response.status).toBe(204);
    });

    it('应该拒绝删除不属于当前租户的数据', async () => {
      // 先获取租户2的用户列表
      const listResponse = await app.request('/', {
        headers: {
          'Authorization': `Bearer ${testToken2}`
        }
      });

      const listResult = await listResponse.json();
      const tenant2UserId = listResult.data[0].id;

      // 尝试用租户1的token删除租户2的用户
      const response = await app.request(`/${tenant2UserId}`, {
        method: 'DELETE',
        headers: {
          'Authorization': `Bearer ${testToken1}`
        }
      });

      expect(response.status).toBe(404);
    });
  });

  describe('禁用租户隔离的情况', () => {
    it('当租户隔离禁用时应该允许跨租户访问', async () => {
      // 注意：这个测试需要修改路由配置，暂时跳过
      // 在实际实现中，可以通过设置 tenantOptions.enabled = false 来测试
      expect(true).toBe(true);
    });

    it('当不传递tenantOptions配置时应该允许跨租户访问', async () => {
      // 注意：这个测试需要修改路由配置，暂时跳过
      // 在实际实现中，可以通过不传递 tenantOptions 来测试
      expect(true).toBe(true);
    });
  });
});