186-template-175
/
mini-starter
a fost obținut din 155-template-138/mini-starter


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369
							import { describe, it, expect, beforeEach } from 'vitest';
import { testClient } from 'hono/testing';
import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { JWTUtil } from '@d8d/shared-utils';
import { UserEntityMt, RoleMt } from '@d8d/user-module-mt';
import { DeliveryAddressMt } from '@d8d/delivery-address-module-mt';
import { AreaEntityMt } from '@d8d/geo-areas-mt';
import { MerchantMt } from '@d8d/merchant-module-mt';
import { SupplierMt } from '@d8d/supplier-module-mt';
import { FileMt } from '@d8d/file-module-mt';
import userOrderRoutes from '../../src/routes/user/orders.mt';
import { OrderMt } from '../../src/entities';
import { OrdersTestFactory } from '../factories/orders-test-factory';

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([
  UserEntityMt, RoleMt, OrderMt, DeliveryAddressMt, MerchantMt, SupplierMt, FileMt, AreaEntityMt
])

describe('多租户用户订单管理API集成测试', () => {
  let client: ReturnType<typeof testClient<typeof userOrderRoutes>>;
  let testFactory: OrdersTestFactory;
  let userToken: string;
  let otherUserToken: string;
  let otherTenantUserToken: string;
  let testUser: UserEntityMt;
  let otherUser: UserEntityMt;
  let otherTenantUser: UserEntityMt;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(userOrderRoutes);

    // 获取数据源并创建测试工厂
    const dataSource = await IntegrationTestDatabase.getDataSource();
    testFactory = new OrdersTestFactory(dataSource);

    // 创建测试用户
    testUser = await testFactory.createTestUser(1);
    otherUser = await testFactory.createTestUser(1);
    otherTenantUser = await testFactory.createTestUser(2);

    // 生成JWT令牌
    userToken = JWTUtil.generateToken({ id: testUser.id, username: testUser.username, tenantId: 1 });
    otherUserToken = JWTUtil.generateToken({ id: otherUser.id, username: otherUser.username, tenantId: 1 });
    otherTenantUserToken = JWTUtil.generateToken({ id: otherTenantUser.id, username: otherTenantUser.username, tenantId: 2 });
  });

  describe('租户数据隔离验证', () => {
    it('应该只能访问自己租户的订单', async () => {
      // 创建租户1的订单
      const tenant1Order = await testFactory.createTestOrder(testUser.id, { tenantId: 1 });

      // 创建租户2的订单
      const tenant2Order = await testFactory.createTestOrder(otherTenantUser.id, { tenantId: 2 });

      // 使用租户1的用户查询订单列表
      const response = await client.index.$get({}, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });


      expect(response.status).toBe(200);
      const data = await response.json();

      // 应该只返回租户1的订单
      expect(data.data).toHaveLength(1);
      expect(data.data[0].tenantId).toBe(1);
      expect(data.data[0].id).toBe(tenant1Order.id);
    });

    it('不应该访问其他租户的订单详情', async () => {
      // 创建租户2的订单
      const otherTenantOrder = await testFactory.createTestOrder(otherTenantUser.id, { tenantId: 2 });

      // 使用租户1的用户尝试访问租户2的订单
      const response = await client.orders[':id'].$get({
        param: { id: otherTenantOrder.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      // 应该返回404，因为订单不在当前租户
      expect(response.status).toBe(404);
    });

    it('应该正确过滤跨租户订单访问', async () => {
      // 创建租户1的订单
      const tenant1Order = await testFactory.createTestOrder(testUser.id, { tenantId: 1 });

      // 使用租户2的用户尝试访问租户1的订单
      const response = await client.orders[':id'].$get({
        param: { id: tenant1Order.id }
      }, {
        headers: {
          'Authorization': `Bearer ${otherTenantUserToken}`
        }
      });

      // 应该返回404，因为订单不在当前租户
      expect(response.status).toBe(404);
    });
  });

  describe('用户数据权限验证', () => {
    it('应该只能访问自己的订单', async () => {
      // 创建当前用户的订单
      const myOrder = await testFactory.createTestOrder(testUser.id, { tenantId: 1 });

      // 创建其他用户的订单（同一租户）
      const otherUserOrder = await testFactory.createTestOrder(otherUser.id, { tenantId: 1 });

      // 使用当前用户查询订单列表
      const response = await client.index.$get({}, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();

      // 应该只返回当前用户的订单
      expect(data.data).toHaveLength(1);
      expect(data.data[0].userId).toBe(testUser.id);
      expect(data.data[0].id).toBe(myOrder.id);
    });

    it('不应该访问其他用户的订单详情', async () => {
      // 创建其他用户的订单
      const otherUserOrder = await testFactory.createTestOrder(otherUser.id, { tenantId: 1 });

      // 使用当前用户尝试访问其他用户的订单
      const response = await client.orders[':id'].$get({
        param: { id: otherUserOrder.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      // 应该返回404，因为无权访问其他用户的订单（安全考虑，不暴露存在性）
      expect(response.status).toBe(404);
    });
  });

  describe('订单创建验证', () => {
    it('应该自动设置租户ID', async () => {
      // 创建必要的关联实体
      const testSupplier = await testFactory.createTestSupplier(testUser.id, { tenantId: 1 });
      const testMerchant = await testFactory.createTestMerchant(testUser.id, { tenantId: 1 });
      const testDeliveryAddress = await testFactory.createTestDeliveryAddress(testUser.id, { tenantId: 1 });

      const orderData = {
        orderNo: `ORD_${Date.now()}`,
        amount: 100.00,
        payAmount: 95.00,
        discountAmount: 5.00,
        merchantId: testMerchant.id,
        supplierId: testSupplier.id,
        addressId: testDeliveryAddress.id,
        orderType: 1,
        payType: 1,
        payState: 0,
        state: 0
      };

      const response = await client.index.$post({
        json: orderData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(201);
      const createdOrder = await response.json();

      // 验证租户ID已正确设置
      expect(createdOrder.tenantId).toBe(1);
      expect(createdOrder.userId).toBe(testUser.id);
    });
  });

  describe('取消订单功能验证', () => {
    it('应该成功取消未支付订单', async () => {
      // 创建未支付订单
      const order = await testFactory.createTestOrder(testUser.id, {
        tenantId: 1,
        payState: 0, // 未支付
        state: 0
      });

      const cancelData = {
        orderId: order.id,
        reason: '用户主动取消'
      };

      const response = await client.cancelOrder.$post({
        json: cancelData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(200);
      const result = await response.json();

      expect(result.success).toBe(true);
      expect(result.message).toBe('订单取消成功');

      // 验证订单状态已更新
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const updatedOrder = await dataSource.getRepository(OrderMt).findOne({
        where: { id: order.id, tenantId: 1 }
      });

      expect(updatedOrder?.payState).toBe(5); // 订单关闭
      expect(updatedOrder?.cancelReason).toBe('用户主动取消');
      expect(updatedOrder?.cancelTime).toBeInstanceOf(Date);
    });

    it('应该成功取消已支付订单', async () => {
      // 创建已支付订单
      const order = await testFactory.createTestOrder(testUser.id, {
        tenantId: 1,
        payState: 2, // 支付成功
        state: 0
      });

      const cancelData = {
        orderId: order.id,
        reason: '用户主动取消（已支付）'
      };

      const response = await client.cancelOrder.$post({
        json: cancelData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(200);
      const result = await response.json();

      expect(result.success).toBe(true);
      expect(result.message).toBe('订单取消成功');

      // 验证订单状态已更新
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const updatedOrder = await dataSource.getRepository(OrderMt).findOne({
        where: { id: order.id, tenantId: 1 }
      });

      expect(updatedOrder?.payState).toBe(5); // 订单关闭
      expect(updatedOrder?.cancelReason).toBe('用户主动取消（已支付）');
      expect(updatedOrder?.cancelTime).toBeInstanceOf(Date);
    });

    it('应该拒绝取消不允许的订单状态', async () => {
      // 创建已发货订单（支付状态=2，订单状态=1）
      const order = await testFactory.createTestOrder(testUser.id, {
        tenantId: 1,
        payState: 2, // 支付成功
        state: 1 // 已发货
      });

      const cancelData = {
        orderId: order.id,
        reason: '尝试取消已发货订单'
      };

      const response = await client.cancelOrder.$post({
        json: cancelData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      // 应该返回403，因为已发货订单不允许取消
      expect(response.status).toBe(403);
      const result = await response.json();

      expect(result.error).toBe('当前订单状态不允许取消');
    });

    it('应该拒绝取消不存在的订单', async () => {
      const cancelData = {
        orderId: 99999, // 不存在的订单ID
        reason: '取消不存在的订单'
      };

      const response = await client.cancelOrder.$post({
        json: cancelData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      // 应该返回404
      expect(response.status).toBe(404);
      const result = await response.json();

      expect(result.error).toBe('订单不存在');
    });

    it('应该拒绝跨租户取消订单', async () => {
      // 创建租户2的订单
      const otherTenantOrder = await testFactory.createTestOrder(otherTenantUser.id, {
        tenantId: 2,
        payState: 0
      });

      const cancelData = {
        orderId: otherTenantOrder.id,
        reason: '跨租户取消尝试'
      };

      const response = await client.cancelOrder.$post({
        json: cancelData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      // 应该返回404，因为订单不在当前租户
      expect(response.status).toBe(404);
      const result = await response.json();

      expect(result.error).toBe('订单不存在');
    });

    it('应该拒绝跨用户取消订单', async () => {
      // 创建其他用户的订单（同一租户）
      const otherUserOrder = await testFactory.createTestOrder(otherUser.id, {
        tenantId: 1,
        payState: 0
      });

      const cancelData = {
        orderId: otherUserOrder.id,
        reason: '跨用户取消尝试'
      };

      const response = await client.cancelOrder.$post({
        json: cancelData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      // 应该返回404，因为无权访问其他用户的订单
      expect(response.status).toBe(404);
      const result = await response.json();

      expect(result.error).toBe('订单不存在');
    });
  });
});