mini-starter/packages/orders-module/tests/integration/user-refunds.integration.test.ts

import { describe, it, expect, beforeEach } from 'vitest';
import { testClient } from 'hono/testing';
import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { JWTUtil } from '@d8d/shared-utils';
import { UserEntity, Role } from '@d8d/user-module';
import { File } from '@d8d/file-module';
import { Merchant } from '@d8d/merchant-module';
import { DeliveryAddress } from '@d8d/delivery-address-module';
import { AreaEntity } from '@d8d/geo-areas';
import { Supplier } from '@d8d/supplier-module';
import { userRefundsRoutes } from '../../src/routes/user/refunds';
import { Order, OrderRefund } from '../../src/entities';

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([
  UserEntity, Role, Order, OrderRefund, File, Merchant, DeliveryAddress, AreaEntity, Supplier
])

describe('用户退款管理API集成测试', () => {
  let client: ReturnType<typeof testClient<typeof userRefundsRoutes>>;
  let userToken: string;
  let otherUserToken: string;
  let testUser: UserEntity;
  let otherUser: UserEntity;
  let testOrder: Order;
  let otherUserOrder: Order;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(userRefundsRoutes);

    // 获取数据源
    const dataSource = await IntegrationTestDatabase.getDataSource();

    // 创建测试用户
    const userRepository = dataSource.getRepository(UserEntity);
    testUser = userRepository.create({
      username: `test_user_${Math.floor(Math.random() * 100000)}`,
      password: 'test_password',
      nickname: '测试用户',
      registrationSource: 'web'
    });
    await userRepository.save(testUser);

    // 创建其他用户
    otherUser = userRepository.create({
      username: `other_user_${Math.floor(Math.random() * 100000)}`,
      password: 'other_password',
      nickname: '其他用户',
      registrationSource: 'web'
    });
    await userRepository.save(otherUser);

    // 生成测试用户的token
    userToken = JWTUtil.generateToken({
      id: testUser.id,
      username: testUser.username,
      roles: [{name:'user'}]
    });

    // 生成其他用户的token
    otherUserToken = JWTUtil.generateToken({
      id: otherUser.id,
      username: otherUser.username,
      roles: [{name:'user'}]
    });

    // 创建测试用户的订单
    const orderRepository = dataSource.getRepository(Order);
    testOrder = orderRepository.create({
      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
      userId: testUser.id,
      amount: 100.00,
      costAmount: 80.00,
      payAmount: 100.00,
      orderType: 1,
      payType: 1,
      payState: 2,
      state: 0,
      createdBy: testUser.id
    });
    await orderRepository.save(testOrder);

    // 创建其他用户的订单
    otherUserOrder = orderRepository.create({
      orderNo: `ORDER_${Math.floor(Math.random() * 100000)}`,
      userId: otherUser.id,
      amount: 200.00,
      costAmount: 160.00,
      payAmount: 200.00,
      orderType: 1,
      payType: 1,
      payState: 2,
      state: 0,
      createdBy: otherUser.id
    });
    await orderRepository.save(otherUserOrder);
  });

  describe('GET /refunds', () => {
    it('应该返回当前用户订单的退款列表', async () => {
      // 为测试用户的订单创建一些退款
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);

      const userRefund1 = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 50.00,
        state: 0,
        createdBy: testUser.id
      });
      await orderRefundRepository.save(userRefund1);

      const userRefund2 = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 25.00,
        state: 1,
        createdBy: testUser.id
      });
      await orderRefundRepository.save(userRefund2);

      // 为其他用户的订单创建一个退款，确保不会返回
      const otherUserRefund = orderRefundRepository.create({
        orderNo: otherUserOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 100.00,
        state: 0,
        createdBy: otherUser.id
      });
      await orderRefundRepository.save(otherUserRefund);

      const response = await client.index.$get({
        query: {
          page: 1,
          pageSize: 10
        }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户退款列表响应状态:', response.status);
      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('用户退款列表错误响应:', errorData);
      }
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data).toHaveProperty('data');
        expect(Array.isArray(data.data)).toBe(true);

        // 验证只返回当前用户订单的退款
        data.data.forEach((refund: any) => {
          expect(refund.order.userId).toBe(testUser.id);
        });

        // 验证不包含其他用户订单的退款
        const otherUserRefundInResponse = data.data.find((refund: any) =>
          refund.order && refund.order.userId === otherUser.id
        );
        expect(otherUserRefundInResponse).toBeUndefined();
      }
    });

    it('应该拒绝未认证用户的访问', async () => {
      const response = await client.index.$get({
        query: {
          page: 1,
          pageSize: 10
        }
      });
      expect(response.status).toBe(401);
    });
  });

  describe('POST /refunds', () => {
    it('应该成功创建退款申请并自动设置当前用户权限', async () => {
      const createData = {
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 75.00,
        state: 0
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户创建退款申请响应状态:', response.status);
      if (response.status !== 201) {
        const errorData = await response.json();
        console.debug('用户创建退款申请错误响应:', errorData);
      }
      expect(response.status).toBe(201);

      if (response.status === 201) {
        const data = await response.json();
        expect(data).toHaveProperty('id');
        expect(data.refundOrderNo).toBe(createData.refundOrderNo);
        expect(parseFloat(data.refundAmount)).toBe(createData.refundAmount);
        expect(data.state).toBe(createData.state);
        expect(data.createdBy).toBe(testUser.id); // 验证自动设置创建用户
      }
    });

    it('应该验证创建退款申请的必填字段', async () => {
      const invalidData = {
        // 缺少必填字段
        refundAmount: -1
      };

      const response = await client.index.$post({
        json: invalidData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(400);
    });

    it('应该拒绝为其他用户的订单创建退款申请', async () => {
      const createData = {
        orderNo: otherUserOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 75.00,
        state: 0
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(403); // 数据权限控制返回403
    });
  });

  describe('GET /refunds/:id', () => {
    it('应该返回当前用户订单的退款详情', async () => {
      // 先为测试用户的订单创建一个退款
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);
      const testRefund = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 50.00,
        state: 0,
        createdBy: testUser.id
      });
      await orderRefundRepository.save(testRefund);

      const response = await client[':id'].$get({
        param: { id: testRefund.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户退款详情响应状态:', response.status);
      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('用户退款详情错误响应:', errorData);
      }
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.id).toBe(testRefund.id);
        expect(data.refundOrderNo).toBe(testRefund.refundOrderNo);
        expect(data.order.userId).toBe(testUser.id); // 验证订单属于当前用户
      }
    });

    it('应该拒绝访问其他用户订单的退款', async () => {
      // 为其他用户的订单创建一个退款
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);
      const otherUserRefund = orderRefundRepository.create({
        orderNo: otherUserOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 100.00,
        state: 0,
        createdBy: otherUser.id
      });
      await orderRefundRepository.save(otherUserRefund);

      const response = await client[':id'].$get({
        param: { id: otherUserRefund.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(403); // 数据权限控制返回403（权限不足）
    });

    it('应该处理不存在的退款', async () => {
      const response = await client[':id'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(404);
    });
  });

  describe('PUT /refunds/:id', () => {
    it('应该成功更新当前用户订单的退款', async () => {
      // 先为测试用户的订单创建一个退款
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);
      const testRefund = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 50.00,
        state: 0,
        createdBy: testUser.id
      });
      await orderRefundRepository.save(testRefund);

      const updateData = {
        state: 1
      };

      const response = await client[':id'].$put({
        param: { id: testRefund.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户更新退款响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.state).toBe(updateData.state);
        expect(data.updatedBy).toBe(testUser.id); // 验证自动设置更新用户
      }
    });

    it('应该拒绝更新其他用户订单的退款', async () => {
      // 为其他用户的订单创建一个退款
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);
      const otherUserRefund = orderRefundRepository.create({
        orderNo: otherUserOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 100.00,
        state: 0,
        createdBy: otherUser.id
      });
      await orderRefundRepository.save(otherUserRefund);

      const updateData = {
        state: 1
      };

      const response = await client[':id'].$put({
        param: { id: otherUserRefund.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(403); // 数据权限控制返回403
    });
  });

  describe('DELETE /refunds/:id', () => {
    it('应该成功删除当前用户订单的退款', async () => {
      // 先为测试用户的订单创建一个退款
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);
      const testRefund = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 50.00,
        state: 0,
        createdBy: testUser.id
      });
      await orderRefundRepository.save(testRefund);

      const response = await client[':id'].$delete({
        param: { id: testRefund.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户删除退款响应状态:', response.status);
      expect(response.status).toBe(204);
    });

    it('应该拒绝删除其他用户订单的退款', async () => {
      // 为其他用户的订单创建一个退款
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);
      const otherUserRefund = orderRefundRepository.create({
        orderNo: otherUserOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 100.00,
        state: 0,
        createdBy: otherUser.id
      });
      await orderRefundRepository.save(otherUserRefund);

      const response = await client[':id'].$delete({
        param: { id: otherUserRefund.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(403); // 数据权限控制返回403
    });
  });

  describe('数据权限配置测试', () => {
    it('应该验证dataPermission配置正确工作', async () => {
      // 这个测试验证数据权限配置是否正常工作
      // 用户只能访问自己订单的退款

      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);

      // 创建测试用户和其他用户订单的退款
      const userRefund = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 50.00,
        state: 0,
        createdBy: testUser.id
      });
      await orderRefundRepository.save(userRefund);

      const otherUserRefund = orderRefundRepository.create({
        orderNo: otherUserOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 100.00,
        state: 0,
        createdBy: otherUser.id
      });
      await orderRefundRepository.save(otherUserRefund);

      // 使用测试用户token获取列表
      const response = await client.index.$get({
        query: {
          page: 1,
          pageSize: 10
        }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('数据权限配置测试错误响应:', errorData);
      }
      expect(response.status).toBe(200);
      const data = await response.json();

      // 类型检查确保data属性存在
      if ('data' in data && Array.isArray(data.data)) {
        // 验证只返回测试用户订单的退款
        const userRefundInResponse = data.data.filter((refund: any) =>
          refund.order && refund.order.userId === testUser.id
        );
        const otherUserRefundInResponse = data.data.filter((refund: any) =>
          refund.order && refund.order.userId === otherUser.id
        );

        expect(userRefundInResponse.length).toBeGreaterThan(0);
        expect(otherUserRefundInResponse.length).toBe(0);
      } else {
        // 如果响应是错误格式，应该失败
        expect(data).toHaveProperty('data');
      }
    });
  });

  describe('退款状态管理测试', () => {
    it('应该正确处理退款状态变更', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const orderRefundRepository = dataSource.getRepository(OrderRefund);

      // 创建不同状态的退款
      const pendingRefund = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 50.00,
        state: 0, // 未退款
        createdBy: testUser.id
      });
      await orderRefundRepository.save(pendingRefund);

      const processingRefund = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 25.00,
        state: 1, // 退款中
        createdBy: testUser.id
      });
      await orderRefundRepository.save(processingRefund);

      const completedRefund = orderRefundRepository.create({
        orderNo: testOrder.orderNo,
        refundOrderNo: `REFUND_${Math.floor(Math.random() * 100000)}`,
        refundAmount: 75.00,
        state: 2, // 退款成功
        createdBy: testUser.id
      });
      await orderRefundRepository.save(completedRefund);

      // 验证状态过滤
      const response = await client.index.$get({
        query: { filters: JSON.stringify({ state: 0 }) }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();

      // 类型检查确保data属性存在
      if ('data' in data && Array.isArray(data.data)) {
        // 应该只返回未退款状态的退款
        const pendingRefundsInResponse = data.data.filter((refund: any) => refund.state === 0);
        const processingRefundsInResponse = data.data.filter((refund: any) => refund.state === 1);
        const completedRefundsInResponse = data.data.filter((refund: any) => refund.state === 2);

        expect(pendingRefundsInResponse.length).toBeGreaterThan(0);
        expect(processingRefundsInResponse.length).toBe(0);
        expect(completedRefundsInResponse.length).toBe(0);
      } else {
        // 如果响应是错误格式，应该失败
        expect(data).toHaveProperty('data');
      }
    });
  });
});