mini-starter/packages/file-module-mt/tests/integration/file.routes.integration.test.ts

import { describe, it, expect, beforeEach, vi } from 'vitest';
import { testClient } from 'hono/testing';
import {
  IntegrationTestDatabase,
  setupIntegrationDatabaseHooksWithEntities
} from '@d8d/shared-test-util';
import {
  IntegrationTestAssertions
} from '../utils/integration-test-utils';
import fileRoutes from '../../src/routes/index.mt';
import { FileMt } from '../../src/entities';
import { UserEntityMt, RoleMt } from '@d8d/user-module-mt';
import { TestDataFactory } from '../utils/integration-test-db';
import { AuthService } from '@d8d/auth-module-mt';
import { UserServiceMt } from '@d8d/user-module-mt';
import { MinioService } from '../../src/services/minio.service';

// Mock MinIO service to avoid real connections in tests
vi.mock('../../src/services/minio.service', () => {
  const MockMinioService = vi.fn(() => ({
    bucketName: 'test-bucket',
    ensureBucketExists: vi.fn().mockResolvedValue(true),
    objectExists: vi.fn().mockResolvedValue(false), // Assume files don't exist in MinIO for tests
    deleteObject: vi.fn().mockResolvedValue(undefined),
    generateUploadPolicy: vi.fn().mockResolvedValue({
      'x-amz-algorithm': 'AWS4-HMAC-SHA256',
      'x-amz-credential': 'test-credential',
      'x-amz-date': '20230101T000000Z',
      policy: 'test-policy',
      'x-amz-signature': 'test-signature',
      host: 'http://localhost:9000',
      key: 'test-key',
      bucket: 'test-bucket'
    }),
    getPresignedFileUrl: vi.fn().mockResolvedValue('http://localhost:9000/test-bucket/test-file'),
    getPresignedFileDownloadUrl: vi.fn().mockResolvedValue('http://localhost:9000/test-bucket/test-file?download=true'),
    createMultipartUpload: vi.fn().mockResolvedValue('test-upload-id'),
    generateMultipartUploadUrls: vi.fn().mockResolvedValue(['http://localhost:9000/part1', 'http://localhost:9000/part2']),
    completeMultipartUpload: vi.fn().mockResolvedValue({ size: 1024 }),
    createObject: vi.fn().mockResolvedValue('http://localhost:9000/test-bucket/test-file'),
    getFileUrl: vi.fn().mockReturnValue('http://localhost:9000/test-bucket/test-file')
  }));
  return { MinioService: MockMinioService };
});

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([FileMt, UserEntityMt, RoleMt])

describe('文件路由API集成测试 (使用hono/testing)', () => {
  let client: ReturnType<typeof testClient<typeof fileRoutes>>;
  let authService: AuthService;
  let userService: UserServiceMt;
  let testToken: string;
  let testUser: any;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(fileRoutes);

    // 获取数据源
    const dataSource = await IntegrationTestDatabase.getDataSource();
    if (!dataSource) throw new Error('Database not initialized');

    // 初始化服务
    userService = new UserServiceMt(dataSource);
    authService = new AuthService(userService);

    // 创建测试用户并生成token
    testUser = await TestDataFactory.createTestUser(dataSource, {
      username: 'testuser_file',
      password: 'TestPassword123!',
      email: 'testuser_file@example.com'
    });

    // 生成测试用户的token
    testToken = authService.generateToken(testUser);
  });

  describe('文件创建路由测试', () => {
    it('应该拒绝无认证令牌的文件创建请求', async () => {
      const fileData = {
        name: 'test.txt',
        type: 'text/plain',
        size: 1024,
        path: '/uploads/test.txt',
        description: 'Test file'
      };

      const response = await client['upload-policy'].$post({
        json: fileData
      });

      // 应该返回401状态码，因为缺少认证
      expect(response.status).toBe(401);
      if (response.status === 401) {
        const responseData = await response.json();
        expect(responseData.message).toContain('Authorization header missing');
      }
    });

    it('应该拒绝无效认证令牌的文件创建请求', async () => {
      const fileData = {
        name: 'test.txt',
        type: 'text/plain',
        size: 1024,
        path: '/uploads/test.txt',
        description: 'Test file'
      };

      const response = await client['upload-policy'].$post({
        json: fileData
      }, {
        headers: {
          'Authorization': 'Bearer invalid.token.here'
        }
      });

      // 应该返回401状态码，因为令牌无效
      expect(response.status).toBe(401);
      if (response.status === 401) {
        const responseData = await response.json();
        expect(responseData.message).toContain('Invalid token');
      }
    });

    it('应该成功创建文件上传策略（使用有效认证令牌）', async () => {
      const fileData = {
        name: 'test.txt',
        type: 'text/plain',
        size: 1024,
        path: '/uploads/test.txt',
        description: 'Test file'
      };

      const response = await client['upload-policy'].$post({
        json: fileData
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      // 断言响应
      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('File creation error:', JSON.stringify(errorData, null, 2));
      }
      expect(response.status).toBe(200);
      if (response.status === 200) {
        const responseData = await response.json();
        expect(responseData).toHaveProperty('file');
        expect(responseData).toHaveProperty('uploadPolicy');
        expect(responseData.file.name).toBe(fileData.name);
        expect(responseData.file.type).toBe(fileData.type);
        expect(responseData.file.size).toBe(fileData.size);
        expect(responseData.file.uploadUserId).toBe(testUser.id);

        // 断言数据库中存在文件记录
        const dataSource = await IntegrationTestDatabase.getDataSource();
        if (!dataSource) throw new Error('Database not initialized');

        const fileRepository = dataSource.getRepository(FileMt);
        const savedFile = await fileRepository.findOne({
          where: { name: fileData.name }
        });
        expect(savedFile).toBeTruthy();
        expect(savedFile?.uploadUserId).toBe(testUser.id);
      }
    });

    it('应该拒绝创建无效文件数据的请求', async () => {
      const invalidFileData = {
        name: '', // 空文件名
        type: 'text/plain',
        path: 'test/path.txt'
      };

      const response = await client['upload-policy'].$post({
        json: invalidFileData
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      // 应该返回验证错误
      expect([400, 500]).toContain(response.status);
    });
  });

  describe('文件读取路由测试', () => {
    it('应该成功获取文件列表', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      // 创建几个测试文件
      await TestDataFactory.createTestFile(dataSource, {
        name: 'file1.txt',
        uploadUserId: testUser.id
      });
      await TestDataFactory.createTestFile(dataSource, {
        name: 'file2.txt',
        uploadUserId: testUser.id
      });

      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });


      expect(response.status).toBe(200);
      if (response.status === 200) {
        const responseData = await response.json();
        expect(Array.isArray(responseData.data)).toBe(true);
        expect(responseData.data.length).toBeGreaterThanOrEqual(2);
      }
    });

    it('应该成功获取单个文件详情', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      const testFile = await TestDataFactory.createTestFile(dataSource, {
        name: 'testfile_detail',
        uploadUserId: testUser.id
      });

      const response = await client[':id'].$get({
        param: { id: testFile.id }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(200);
      if (response.status === 200) {
        const responseData = await response.json();
        expect(responseData.id).toBe(testFile.id);
        expect(responseData.name).toBe(testFile.name);
        expect(responseData.type).toBe(testFile.type);
      }
    });

    it('应该返回404当文件不存在时', async () => {
      const response = await client[':id'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(404);
      if (response.status === 404) {
        const responseData = await response.json();
        expect(responseData.message).toContain('资源不存在');
      }
    });
  });

  describe('文件URL生成路由测试', () => {
    it('应该成功生成文件访问URL', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      const testFile = await TestDataFactory.createTestFile(dataSource, {
        name: 'testfile_url',
        uploadUserId: testUser.id
      });

      const response = await client[':id']['url'].$get({
        param: { id: testFile.id }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(200);
      if (response.status === 200) {
        const responseData = await response.json();
        expect(responseData).toHaveProperty('url');
        expect(typeof responseData.url).toBe('string');
        expect(responseData.url.length).toBeGreaterThan(0);
      }
    });

    it('应该返回404当为不存在的文件生成URL时', async () => {
      const response = await client[':id']['url'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(404);
      if (response.status === 404) {
        const responseData = await response.json();
        expect(responseData.message).toContain('文件不存在');
      }
    });
  });

  describe('文件下载路由测试', () => {
    it('应该成功生成文件下载URL', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      const testFile = await TestDataFactory.createTestFile(dataSource, {
        name: 'testfile_download.txt',
        uploadUserId: testUser.id
      });

      const response = await client[':id']['download'].$get({
        param: { id: testFile.id }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(200);
      if (response.status === 200) {
        const responseData = await response.json();
        expect(responseData).toHaveProperty('url');
        expect(responseData).toHaveProperty('filename');
        expect(typeof responseData.url).toBe('string');
        expect(responseData.filename).toBe(testFile.name);
      }
    });

    it('应该返回404当为不存在的文件生成下载URL时', async () => {
      const response = await client[':id']['download'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      expect(response.status).toBe(404);
      if (response.status === 404) {
        const responseData = await response.json();
        expect(responseData.message).toContain('文件不存在');
      }
    });
  });

  describe('文件删除路由测试', () => {
    it('应该拒绝无认证令牌的文件删除请求', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      const testFile = await TestDataFactory.createTestFile(dataSource, {
        name: 'testfile_delete_no_auth',
        uploadUserId: testUser.id
      });

      const response = await client[':id'].$delete({
        param: { id: testFile.id }
      });

      // 应该返回401状态码，因为缺少认证
      expect(response.status).toBe(401);
      if (response.status === 401) {
        const responseData = await response.json();
        expect(responseData.message).toContain('Authorization header missing');
      }
    });

    it('应该成功删除文件（使用有效认证令牌）', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      const testFile = await TestDataFactory.createTestFile(dataSource, {
        name: 'testfile_delete',
        uploadUserId: testUser.id
      });

      const response = await client[':id'].$delete({
        param: { id: testFile.id }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      IntegrationTestAssertions.expectStatus(response, 200);

      // 验证文件已从数据库中删除
      const fileRepository = dataSource.getRepository(FileMt);
      const deletedFile = await fileRepository.findOne({
        where: { id: testFile.id }
      });
      expect(deletedFile).toBeNull();

      // 验证再次获取文件返回404
      const getResponse = await client[':id'].$get({
        param: { id: testFile.id }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });
      IntegrationTestAssertions.expectStatus(getResponse, 404);
    });

    it('应该返回404当删除不存在的文件时', async () => {
      const response = await client[':id'].$delete({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      IntegrationTestAssertions.expectStatus(response, 404);
      if (response.status === 404) {
        const responseData = await response.json();
        expect(responseData.message).toContain('文件不存在');
      }
    });
  });

  describe('文件搜索路由测试', () => {
    it('应该能够按文件名搜索文件', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      await TestDataFactory.createTestFile(dataSource, {
        name: 'search_file_1.txt',
        uploadUserId: testUser.id
      });
      await TestDataFactory.createTestFile(dataSource, {
        name: 'search_file_2.txt',
        uploadUserId: testUser.id
      });
      await TestDataFactory.createTestFile(dataSource, {
        name: 'other_file.txt',
        uploadUserId: testUser.id
      });

      const response = await client.index.$get({
        query: { keyword: 'search_file' }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      IntegrationTestAssertions.expectStatus(response, 200);
      if (response.status === 200) {
        const responseData = await response.json();
        expect(Array.isArray(responseData.data)).toBe(true);
        expect(responseData.data.length).toBe(2);

        // 验证搜索结果包含正确的文件
        const filenames = responseData.data.map((file: any) => file.name);
        expect(filenames).toContain('search_file_1.txt');
        expect(filenames).toContain('search_file_2.txt');
        expect(filenames).not.toContain('other_file.txt');
      }
    });

    it('应该能够按文件类型搜索文件', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      await TestDataFactory.createTestFile(dataSource, {
        name: 'image1.jpg',
        type: 'image/jpeg',
        uploadUserId: testUser.id
      });
      await TestDataFactory.createTestFile(dataSource, {
        name: 'image2.png',
        type: 'image/png',
        uploadUserId: testUser.id
      });

      const response = await client.index.$get({
        query: { keyword: 'image' }
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });

      IntegrationTestAssertions.expectStatus(response, 200);
      if (response.status === 200) {
        const responseData = await response.json();
        expect(responseData.data.length).toBe(2);

        const types = responseData.data.map((file: any) => file.type);
        expect(types).toContain('image/jpeg');
        expect(types).toContain('image/png');
      }
    });
  });

  describe('性能测试', () => {
    it('文件列表查询响应时间应小于200ms', async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      // 创建一些测试数据
      for (let i = 0; i < 10; i++) {
        await TestDataFactory.createTestFile(dataSource, {
          name: `perf_file_${i}.txt`,
          uploadUserId: testUser.id
        });
      }

      const startTime = Date.now();
      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${testToken}`
        }
      });
      const endTime = Date.now();
      const responseTime = endTime - startTime;

      IntegrationTestAssertions.expectStatus(response, 200);
      expect(responseTime).toBeLessThan(200); // 响应时间应小于200ms
    });
  });

  describe('认证令牌测试', () => {
    it('应该拒绝过期令牌的文件请求', async () => {
      // 创建立即过期的令牌
      const expiredToken = authService.generateToken(testUser, '1ms');

      // 等待令牌过期
      await new Promise(resolve => setTimeout(resolve, 10));

      const response = await client['upload-policy'].$post({
        json: {
          name: 'test_expired_token.txt',
          type: 'text/plain',
          size: 1024,
          path: 'test/expired_token.txt'
        }
      }, {
        headers: {
          'Authorization': `Bearer ${expiredToken}`
        }
      });

      // 应该返回401状态码，因为令牌过期
      expect(response.status).toBe(401);
      if (response.status === 401) {
        const responseData = await response.json();
        expect(responseData.message).toContain('Invalid token');
      }
    });

    it('应该拒绝格式错误的认证头', async () => {
      const response = await client['upload-policy'].$post({
        json: {
          name: 'test_bad_auth_header.txt',
          type: 'text/plain',
          size: 1024,
          path: 'test/bad_auth_header.txt'
        }
      }, {
        headers: {
          'Authorization': 'Basic invalid_format'
        }
      });

      // 应该返回401状态码，因为认证头格式错误
      expect(response.status).toBe(401);
      if (response.status === 401) {
        const responseData = await response.json();
        expect(responseData.message).toContain('Authorization header missing');
      }
    });
  });

  describe('多租户数据隔离测试', () => {
    let tenant1User: any;
    let tenant2User: any;
    let tenant1Token: string;
    let tenant2Token: string;

    beforeEach(async () => {
      const dataSource = await IntegrationTestDatabase.getDataSource();
      if (!dataSource) throw new Error('Database not initialized');

      // 创建租户1的用户
      tenant1User = await TestDataFactory.createTestUser(dataSource, {
        username: 'tenant1_user',
        password: 'TestPassword123!',
        email: 'tenant1@example.com',
        tenantId: 1
      });

      // 创建租户2的用户
      tenant2User = await TestDataFactory.createTestUser(dataSource, {
        username: 'tenant2_user',
        password: 'TestPassword123!',
        email: 'tenant2@example.com',
        tenantId: 2
      });

      // 生成租户用户的token
      tenant1Token = authService.generateToken(tenant1User);
      tenant2Token = authService.generateToken(tenant2User);

      // 清理文件数据
      const fileRepository = dataSource.getRepository(FileMt);
      await fileRepository.delete({ tenantId: 1 });
    });

    describe('文件创建租户隔离', () => {
      it('应该为租户1创建文件并设置正确的租户ID', async () => {
        const fileData = {
          name: 'tenant1_file.pdf',
          type: 'application/pdf',
          size: 1024,
          path: 'test/path',
          description: '租户1的文件'
        };

        const response = await client['upload-policy'].$post({
          json: fileData
        }, {
          headers: {
            'Authorization': `Bearer ${tenant1Token}`
          }
        });

        expect(response.status).toBe(200);
        if (response.status === 200) {
          const responseData = await response.json();
          expect(responseData.file.name).toBe('tenant1_file.pdf');
          expect(responseData.file.uploadUserId).toBe(tenant1User.id);

          // 验证数据库中的租户ID
          const dataSource = await IntegrationTestDatabase.getDataSource();
          if (!dataSource) throw new Error('Database not initialized');
          const fileRepository = dataSource.getRepository(FileMt);
          const savedFile = await fileRepository.findOne({
            where: { name: fileData.name }
          });
          expect(savedFile?.tenantId).toBe(1);
        }
      });

      it('应该为租户2创建文件并设置正确的租户ID', async () => {
        const fileData = {
          name: 'tenant2_file.pdf',
          type: 'application/pdf',
          size: 2048,
          path: 'test/path',
          description: '租户2的文件'
        };

        const response = await client['upload-policy'].$post({
          json: fileData
        }, {
          headers: {
            'Authorization': `Bearer ${tenant2Token}`
          }
        });

        expect(response.status).toBe(200);
        if (response.status === 200) {
          const responseData = await response.json();
          expect(responseData.file.name).toBe('tenant2_file.pdf');
          expect(responseData.file.uploadUserId).toBe(tenant2User.id);

          // 验证数据库中的租户ID
          const dataSource = await IntegrationTestDatabase.getDataSource();
          if (!dataSource) throw new Error('Database not initialized');
          const fileRepository = dataSource.getRepository(FileMt);
          const savedFile = await fileRepository.findOne({
            where: { name: fileData.name }
          });
          expect(savedFile?.tenantId).toBe(2);
        }
      });
    });

    describe('文件查询租户隔离', () => {
      beforeEach(async () => {
        const dataSource = await IntegrationTestDatabase.getDataSource();
        if (!dataSource) throw new Error('Database not initialized');

        const fileRepository = dataSource.getRepository(FileMt);

        // 创建租户1的文件
        await fileRepository.save([
          fileRepository.create({
            name: 'tenant1_file1.pdf',
            type: 'application/pdf',
            size: 1024,
            path: 'tenant1/path1',
            uploadUserId: tenant1User.id,
            tenantId: 1,
            uploadTime: new Date()
          }),
          fileRepository.create({
            name: 'tenant1_file2.jpg',
            type: 'image/jpeg',
            size: 2048,
            path: 'tenant1/path2',
            uploadUserId: tenant1User.id,
            tenantId: 1,
            uploadTime: new Date()
          })
        ]);

        // 创建租户2的文件
        await fileRepository.save([
          fileRepository.create({
            name: 'tenant2_file1.pdf',
            type: 'application/pdf',
            size: 3072,
            path: 'tenant2/path1',
            uploadUserId: tenant2User.id,
            tenantId: 2,
            uploadTime: new Date()
          })
        ]);
      });

      it('应该只返回租户1的文件列表', async () => {
        const response = await client.index.$get({
          query: {}
        }, {
          headers: {
            'Authorization': `Bearer ${tenant1Token}`
          }
        });

        expect(response.status).toBe(200);
        if (response.status === 200) {
          const responseData = await response.json();
          expect(Array.isArray(responseData.data)).toBe(true);
          expect(responseData.data).toHaveLength(2);
          expect(responseData.data.every((file: any) => file.tenantId === 1)).toBe(true);
          expect(responseData.data.some((file: any) => file.name === 'tenant1_file1.pdf')).toBe(true);
          expect(responseData.data.some((file: any) => file.name === 'tenant1_file2.jpg')).toBe(true);
        }
      });

      it('应该只返回租户2的文件列表', async () => {
        const response = await client.index.$get({
          query: {}
        }, {
          headers: {
            'Authorization': `Bearer ${tenant2Token}`
          }
        });

        expect(response.status).toBe(200);
        if (response.status === 200) {
          const responseData = await response.json();
          expect(Array.isArray(responseData.data)).toBe(true);
          expect(responseData.data).toHaveLength(1);
          expect(responseData.data[0].tenantId).toBe(2);
          expect(responseData.data[0].name).toBe('tenant2_file1.pdf');
        }
      });

      it('租户1不应该访问租户2的文件', async () => {
        const dataSource = await IntegrationTestDatabase.getDataSource();
        if (!dataSource) throw new Error('Database not initialized');
        const fileRepository = dataSource.getRepository(FileMt);
        const tenant2File = await fileRepository.findOneBy({ tenantId: 2, name: 'tenant2_file1.pdf' });

        if (tenant2File) {
          const response = await client[':id'].$get({
            param: { id: tenant2File.id }
          }, {
            headers: {
              'Authorization': `Bearer ${tenant1Token}`
            }
          });

          // 应该返回404，因为租户1不能访问租户2的文件
          expect(response.status).toBe(404);
        }
      });
    });

    describe('文件删除租户隔离', () => {
      let tenant1File: FileMt;
      let tenant2File: FileMt;

      beforeEach(async () => {
        const dataSource = await IntegrationTestDatabase.getDataSource();
        if (!dataSource) throw new Error('Database not initialized');
        const fileRepository = dataSource.getRepository(FileMt);

        // 创建租户1的文件
        tenant1File = fileRepository.create({
          name: 'tenant1_delete_test.pdf',
          type: 'application/pdf',
          size: 1024,
          path: 'tenant1/delete_test',
          uploadUserId: tenant1User.id,
          tenantId: 1,
          uploadTime: new Date()
        });

        // 创建租户2的文件
        tenant2File = fileRepository.create({
          name: 'tenant2_delete_test.pdf',
          type: 'application/pdf',
          size: 2048,
          path: 'tenant2/delete_test',
          uploadUserId: tenant2User.id,
          tenantId: 2,
          uploadTime: new Date()
        });

        await fileRepository.save([tenant1File, tenant2File]);
      });

      it('应该允许租户1删除自己的文件', async () => {
        const response = await client[':id'].$delete({
          param: { id: tenant1File.id }
        }, {
          headers: {
            'Authorization': `Bearer ${tenant1Token}`
          }
        });

        expect(response.status).toBe(200);

        // 验证文件已被删除
        const dataSource = await IntegrationTestDatabase.getDataSource();
        if (!dataSource) throw new Error('Database not initialized');
        const fileRepository = dataSource.getRepository(FileMt);
        const deletedFile = await fileRepository.findOneBy({ id: tenant1File.id });
        expect(deletedFile).toBeNull();
      });

      it('不应该允许租户2删除租户1的文件', async () => {
        const response = await client[':id'].$delete({
          param: { id: tenant1File.id }
        }, {
          headers: {
            'Authorization': `Bearer ${tenant2Token}`
          }
        });

        // 调试输出
        console.debug(`租户2删除租户1文件响应状态: ${response.status}`);
        if (response.status as number !== 200) {
          const responseData = await response.json();
          console.debug(`响应数据:`, responseData);
        }

        // 应该返回404或403，因为租户2不能删除租户1的文件
        expect([404, 403]).toContain(response.status);

        // 验证文件仍然存在
        const dataSource = await IntegrationTestDatabase.getDataSource();
        if (!dataSource) throw new Error('Database not initialized');
        const fileRepository = dataSource.getRepository(FileMt);
        const existingFile = await fileRepository.findOneBy({ id: tenant1File.id });
        expect(existingFile).toBeDefined();
      });
    });
  });
});