mini-starter/packages/merchant-module/tests/integration/user-routes.integration.test.ts

import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
import { testClient } from 'hono/testing';
import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { JWTUtil } from '@d8d/shared-utils';
import { UserEntity, Role } from '@d8d/user-module';
import { File } from '@d8d/file-module';
import { userMerchantRoutes } from '../../src/routes';
import { Merchant } from '../../src/entities';

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([UserEntity, Role, Merchant, File])

describe('用户商户管理API集成测试', () => {
  let client: ReturnType<typeof testClient<typeof userMerchantRoutes>>;
  let userToken: string;
  let otherUserToken: string;
  let testUser: UserEntity;
  let otherUser: UserEntity;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(userMerchantRoutes);

    // 获取数据源
    const dataSource = await IntegrationTestDatabase.getDataSource();

    // 创建测试用户
    const userRepository = dataSource.getRepository(UserEntity);
    testUser = userRepository.create({
      username: `test_user_${Date.now()}`,
      password: 'test_password',
      nickname: '测试用户',
      registrationSource: 'web'
    });
    await userRepository.save(testUser);

    // 创建其他用户
    otherUser = userRepository.create({
      username: `other_user_${Date.now()}`,
      password: 'other_password',
      nickname: '其他用户',
      registrationSource: 'web'
    });
    await userRepository.save(otherUser);

    // 生成测试用户的token
    userToken = JWTUtil.generateToken({
      id: testUser.id,
      username: testUser.username,
      roles: [{name:'user'}]
    });

    // 生成其他用户的token
    otherUserToken = JWTUtil.generateToken({
      id: otherUser.id,
      username: otherUser.username,
      roles: [{name:'user'}]
    });
  });

  describe('GET /merchants', () => {
    it('应该返回当前用户的商户列表', async () => {
      // 为测试用户创建一些商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);

      const userMerchant1 = merchantRepository.create({
        name: '用户商户1',
        username: `u1_${Date.now()}`,
        password: 'password123',
        phone: '13800138001',
        realname: '张三',
        state: 1,
        createdBy: testUser.id
      });
      await merchantRepository.save(userMerchant1);

      const userMerchant2 = merchantRepository.create({
        name: '用户商户2',
        username: `u2_${Date.now()}`,
        password: 'password123',
        phone: '13800138002',
        realname: '李四',
        state: 1,
        createdBy: testUser.id
      });
      await merchantRepository.save(userMerchant2);

      // 为其他用户创建一个商户，确保不会返回
      const otherUserMerchant = merchantRepository.create({
        name: '其他用户商户',
        username: `o_${Date.now()}`,
        password: 'password123',
        phone: '13800138003',
        realname: '王五',
        state: 1,
        createdBy: otherUser.id
      });
      await merchantRepository.save(otherUserMerchant);

      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户商户列表响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        if (data && 'data' in data) {
          expect(Array.isArray(data.data)).toBe(true);
          // 应该只返回当前用户的商户
          data.data.forEach((merchant: any) => {
            expect(merchant.createdBy).toBe(testUser.id);
          });
        }
      }
    });

    it('应该拒绝未认证用户的访问', async () => {
      const response = await client.index.$get({
        query: {}
      });
      expect(response.status).toBe(401);
    });
  });

  describe('POST /merchants', () => {
    it('应该成功创建商户并自动使用当前用户ID', async () => {
      const createData = {
        name: '新商户',
        username: `new_${Date.now()}`,
        password: 'password123',
        phone: '13800138000',
        realname: '张三',
        state: 1
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户创建商户响应状态:', response.status);
      expect(response.status).toBe(201);

      if (response.status === 201) {
        const data = await response.json();
        console.debug('用户创建商户响应数据:', JSON.stringify(data, null, 2));
        expect(data).toHaveProperty('id');
        expect(data.createdBy).toBe(testUser.id); // 自动使用当前用户ID
        expect(data.name).toBe(createData.name);
        expect(data.username).toBe(createData.username);
        expect(data.phone).toBe(createData.phone);
        expect(data.realname).toBe(createData.realname);
      }
    });

    it('应该验证创建商户的必填字段', async () => {
      const invalidData = {
        // 缺少必填字段
        name: '',
        username: '',
        password: ''
      };

      const response = await client.index.$post({
        json: invalidData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(400);
    });
  });

  describe('GET /merchants/:id', () => {
    it('应该返回当前用户的商户详情', async () => {
      // 先为当前用户创建一个商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);
      const testMerchant = merchantRepository.create({
        name: '测试商户',
        username: `tm_${Date.now()}`,
        password: 'password123',
        phone: '13800138000',
        realname: '张三',
        state: 1,
        createdBy: testUser.id
      });
      await merchantRepository.save(testMerchant);

      const response = await client[':id'].$get({
        param: { id: testMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户商户详情响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.id).toBe(testMerchant.id);
        expect(data.createdBy).toBe(testUser.id);
        expect(data.name).toBe(testMerchant.name);
        expect(data.username).toBe(testMerchant.username);
        expect(data.phone).toBe(testMerchant.phone);
        expect(data.realname).toBe(testMerchant.realname);
      }
    });

    it('应该拒绝访问其他用户的商户', async () => {
      // 为其他用户创建一个商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);
      const otherUserMerchant = merchantRepository.create({
        name: '其他用户商户',
        username: `om_${Date.now()}`,
        password: 'password123',
        phone: '13800138001',
        realname: '李四',
        state: 1,
        createdBy: otherUser.id
      });
      await merchantRepository.save(otherUserMerchant);

      // 当前用户尝试访问其他用户的商户
      const response = await client[':id'].$get({
        param: { id: otherUserMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户访问其他用户商户响应状态:', response.status);
      expect(response.status).toBe(404); // 应该返回404，而不是403
    });

    it('应该处理不存在的商户', async () => {
      const response = await client[':id'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(404);
    });
  });

  describe('PUT /merchants/:id', () => {
    it('应该成功更新当前用户的商户', async () => {
      // 先为当前用户创建一个商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);
      const testMerchant = merchantRepository.create({
        name: '原始商户',
        username: `om_${Date.now()}`,
        password: 'password123',
        phone: '13800138000',
        realname: '原始姓名',
        state: 1,
        createdBy: testUser.id
      });
      await merchantRepository.save(testMerchant);

      const updateData = {
        name: '更新后的商户',
        phone: '13900139000',
        realname: '更新后的姓名',
        state: 2
      };

      const response = await client[':id'].$put({
        param: { id: testMerchant.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户更新商户响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.name).toBe(updateData.name);
        expect(data.phone).toBe(updateData.phone);
        expect(data.realname).toBe(updateData.realname);
        expect(data.state).toBe(updateData.state);
      }
    });

    it('应该拒绝更新其他用户的商户', async () => {
      // 为其他用户创建一个商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);
      const otherUserMerchant = merchantRepository.create({
        name: '其他用户商户',
        username: `om_${Date.now()}`,
        password: 'password123',
        phone: '13800138001',
        realname: '李四',
        state: 1,
        createdBy: otherUser.id
      });
      await merchantRepository.save(otherUserMerchant);

      const updateData = {
        name: '尝试更新的商户',
        phone: '13900139001',
        realname: '尝试更新的姓名'
      };

      // 当前用户尝试更新其他用户的商户
      const response = await client[':id'].$put({
        param: { id: otherUserMerchant.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户更新其他用户商户响应状态:', response.status);
      expect(response.status).toBe(403); // 数据权限控制返回403
    });
  });

  describe('DELETE /merchants/:id', () => {
    it('应该成功删除当前用户的商户', async () => {
      // 先为当前用户创建一个商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);
      const testMerchant = merchantRepository.create({
        name: '待删除商户',
        username: `dm_${Date.now()}`,
        password: 'password123',
        phone: '13800138000',
        realname: '张三',
        state: 1,
        createdBy: testUser.id
      });
      await merchantRepository.save(testMerchant);

      const response = await client[':id'].$delete({
        param: { id: testMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户删除商户响应状态:', response.status);
      expect(response.status).toBe(204);

      // 验证商户确实被删除
      const deletedMerchant = await merchantRepository.findOne({
        where: { id: testMerchant.id }
      });
      expect(deletedMerchant).toBeNull();
    });

    it('应该拒绝删除其他用户的商户', async () => {
      // 为其他用户创建一个商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);
      const otherUserMerchant = merchantRepository.create({
        name: '其他用户商户',
        username: `om_${Date.now()}`,
        password: 'password123',
        phone: '13800138001',
        realname: '李四',
        state: 1,
        createdBy: otherUser.id
      });
      await merchantRepository.save(otherUserMerchant);

      // 当前用户尝试删除其他用户的商户
      const response = await client[':id'].$delete({
        param: { id: otherUserMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户删除其他用户商户响应状态:', response.status);
      expect(response.status).toBe(403); // 数据权限控制返回403
    });
  });

  describe('数据权限验证', () => {
    it('用户应该只能访问和操作自己的数据', async () => {
      // 为两个用户都创建商户
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(Merchant);

      const userMerchant = merchantRepository.create({
        name: '用户商户',
        username: `um_${Date.now()}`,
        password: 'password123',
        phone: '13800138004',
        realname: '张三',
        state: 1,
        createdBy: testUser.id
      });
      await merchantRepository.save(userMerchant);

      const otherUserMerchant = merchantRepository.create({
        name: '其他用户商户',
        username: `om_${Date.now()}`,
        password: 'password123',
        phone: '13800138005',
        realname: '李四',
        state: 1,
        createdBy: otherUser.id
      });
      await merchantRepository.save(otherUserMerchant);

      // 当前用户应该只能看到自己的商户
      const listResponse = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(listResponse.status).toBe(200);
      const listData = await listResponse.json();
      if (listData && 'data' in listData) {
        expect(Array.isArray(listData.data)).toBe(true);
        // 应该只包含当前用户的商户
        listData.data.forEach((merchant: any) => {
          expect(merchant.createdBy).toBe(testUser.id);
        });
      }

      // 当前用户应该无法访问其他用户的商户详情
      const getResponse = await client[':id'].$get({
        param: { id: otherUserMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });
      expect(getResponse.status).toBe(404);

      // 当前用户应该无法更新其他用户的商户
      const updateResponse = await client[':id'].$put({
        param: { id: otherUserMerchant.id },
        json: { name: '尝试更新' }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });
      expect(updateResponse.status).toBe(403);

      // 当前用户应该无法删除其他用户的商户
      const deleteResponse = await client[':id'].$delete({
        param: { id: otherUserMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });
      expect(deleteResponse.status).toBe(403);
    });
  });

  describe('商户状态管理测试', () => {
    it('应该支持商户状态管理', async () => {
      // 创建启用状态的商户
      const createData = {
        name: '状态测试商户',
        username: `stm_${Date.now()}`,
        password: 'password123',
        phone: '13800138006',
        realname: '状态测试',
        state: 1 // 启用
      };

      const createResponse = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(createResponse.status).toBe(201);
      const createdMerchant = await createResponse.json();

      // 检查响应是否为错误对象
      if ('code' in createdMerchant && 'message' in createdMerchant) {
        throw new Error(`创建商户失败: ${createdMerchant.message}`);
      }

      expect(createdMerchant.state).toBe(1);

      // 更新为禁用状态
      const updateResponse = await client[':id'].$put({
        param: { id: createdMerchant.id },
        json: { state: 2 } // 禁用
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(updateResponse.status).toBe(200);
      const updatedMerchant = await updateResponse.json();

      // 检查响应是否为错误对象
      if ('code' in updatedMerchant && 'message' in updatedMerchant) {
        throw new Error(`更新商户失败: ${updatedMerchant.message}`);
      }

      expect(updatedMerchant.state).toBe(2);
    });
  });

  describe('商户登录统计功能测试', () => {
    it('应该支持商户登录统计字段', async () => {
      // 创建商户
      const createData = {
        name: '登录统计商户',
        username: `lsm_${Date.now()}`,
        password: 'password123',
        phone: '13800138007',
        realname: '登录统计',
        state: 1
      };

      const createResponse = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(createResponse.status).toBe(201);
      const createdMerchant = await createResponse.json();

      // 检查响应是否为错误对象
      if ('code' in createdMerchant && 'message' in createdMerchant) {
        throw new Error(`创建商户失败: ${createdMerchant.message}`);
      }

      // 验证登录统计字段存在
      expect(createdMerchant).toHaveProperty('loginNum');
      expect(createdMerchant).toHaveProperty('loginTime');
      expect(createdMerchant).toHaveProperty('loginIp');
      expect(createdMerchant).toHaveProperty('lastLoginTime');
      expect(createdMerchant).toHaveProperty('lastLoginIp');

      // 初始值应该为0或null
      expect(createdMerchant.loginNum).toBe(0);
      expect(createdMerchant.loginTime).toBe(0);
      expect(createdMerchant.lastLoginTime).toBe(0);
    });
  });
});