mini-starter/packages/goods-module-mt/tests/integration/user-goods-routes.integration.test.ts

import { describe, it, expect, beforeEach } from 'vitest';
import { testClient } from 'hono/testing';
import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { JWTUtil } from '@d8d/shared-utils';
import { UserEntityMt, RoleMt } from '@d8d/user-module-mt';
import { FileMt } from '@d8d/file-module-mt';
import { SupplierMt } from '@d8d/supplier-module-mt';
import { MerchantMt } from '@d8d/merchant-module-mt';
import { userGoodsRoutesMt } from '../../src/routes/index.mt';
import { GoodsMt, GoodsCategoryMt } from '../../src/entities/index.mt';
import { GoodsTestFactory } from '../factories/goods-test-factory';

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([
  UserEntityMt, RoleMt, GoodsMt, GoodsCategoryMt, FileMt, SupplierMt, MerchantMt
])

describe('用户商品管理API集成测试', () => {
  let client: ReturnType<typeof testClient<typeof userGoodsRoutesMt>>;
  let userToken: string;
  let otherUserToken: string;
  let testUser: UserEntityMt;
  let otherUser: UserEntityMt;
  let testCategory: GoodsCategoryMt;
  let testSupplier: SupplierMt;
  let testMerchant: MerchantMt;
  let testFile: FileMt;
  let testFactory: GoodsTestFactory;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(userGoodsRoutesMt);

    // 获取数据源并创建测试工厂
    const dataSource = await IntegrationTestDatabase.getDataSource();
    testFactory = new GoodsTestFactory(dataSource);

    // 使用测试工厂创建测试数据
    testUser = await testFactory.createTestUser();
    otherUser = await testFactory.createTestUser(1, { nickname: '其他用户' });
    testCategory = await testFactory.createTestCategory(testUser.id);
    testSupplier = await testFactory.createTestSupplier(testUser.id);
    testMerchant = await testFactory.createTestMerchant(testUser.id);

    // 生成测试用户的token
    userToken = JWTUtil.generateToken({
      id: testUser.id,
      username: testUser.username,
      roles: [{name:'user'}]
    });

    // 生成其他用户的token
    otherUserToken = JWTUtil.generateToken({
      id: otherUser.id,
      username: otherUser.username,
      roles: [{name:'user'}]
    });

    // 创建测试文件
    testFile = await testFactory.createTestFile(testUser.id);
  });

  describe('GET /goods', () => {
    it('应该返回当前用户的商品列表', async () => {
      // 为测试用户创建一些商品
      const userGoods1 = await testFactory.createTestGoods(testUser.id, {
        name: '用户商品1',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        imageFileId: testFile.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const userGoods2 = await testFactory.createTestGoods(testUser.id, {
        name: '用户商品2',
        price: 200.00,
        costPrice: 160.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        imageFileId: testFile.id,
        state: 1,
        stock: 50,
        lowestBuy: 1
      });

      // 为其他用户创建一个商品，确保不会返回
      const otherUserGoods = await testFactory.createTestGoods(otherUser.id, {
        name: '其他用户商品',
        price: 300.00,
        costPrice: 240.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        imageFileId: testFile.id,
        state: 1,
        stock: 30,
        lowestBuy: 1
      });

      const response = await client.index.$get({
        query: {
          page: 1,
          pageSize: 10
        }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户商品列表响应状态:', response.status);
      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('用户商品列表错误响应:', errorData);
      }
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data).toHaveProperty('data');
        expect(Array.isArray(data.data)).toBe(true);

        // 验证只返回当前用户的商品
        data.data.forEach((goods: any) => {
          expect(goods.createdBy).toBe(testUser.id);
        });

        // 验证不包含其他用户的商品
        const otherUserGoodsInResponse = data.data.find((goods: any) => goods.createdBy === otherUser.id);
        expect(otherUserGoodsInResponse).toBeUndefined();
      }
    });

    it('应该拒绝未认证用户的访问', async () => {
      const response = await client.index.$get({
        query: {
          page: 1,
          pageSize: 10
        }
      });
      expect(response.status).toBe(401);
    });
  });

  describe('POST /goods', () => {
    it('应该成功创建商品并自动设置当前用户权限', async () => {
      const createData = {
        name: '用户创建商品',
        price: 150.00,
        costPrice: 120.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 80,
        lowestBuy: 1
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户创建商品响应状态:', response.status);
      if (response.status !== 201) {
        const errorData = await response.json();
        console.debug('用户创建商品错误响应:', errorData);
      }
      expect(response.status).toBe(201);

      if (response.status === 201) {
        const data = await response.json();
        expect(data).toHaveProperty('id');
        expect(data.name).toBe(createData.name);
        expect(data.price).toBe(Number(createData.price));
        expect(data.createdBy).toBe(testUser.id); // 验证自动设置当前用户权限
      }
    });

    it('应该验证创建商品的必填字段', async () => {
      const invalidData = {
        // 缺少必填字段
        name: '',
        price: -1,
        categoryId1: -1
      };

      const response = await client.index.$post({
        json: invalidData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(400);
    });
  });

  describe('GET /goods/:id', () => {
    it('应该返回当前用户的商品详情', async () => {
      // 先为测试用户创建一个商品
      const testGoods = await testFactory.createTestGoods(testUser.id, {
        name: '测试用户商品详情',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const response = await client[':id'].$get({
        param: { id: testGoods.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户商品详情响应状态:', response.status);
      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('用户商品详情错误响应:', errorData);
      }
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.id).toBe(testGoods.id);
        expect(data.name).toBe(testGoods.name);
        expect(data.createdBy).toBe(testUser.id);
      }
    });

    it('应该拒绝访问其他用户的商品', async () => {
      // 为其他用户创建一个商品
      const otherUserGoods = await testFactory.createTestGoods(otherUser.id, {
        name: '其他用户商品',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const response = await client[':id'].$get({
        param: { id: otherUserGoods.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(404); // 数据权限控制返回404（未找到，安全考虑）
    });

    it('应该处理不存在的商品', async () => {
      const response = await client[':id'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(404);
    });
  });

  describe('PUT /goods/:id', () => {
    it('应该成功更新当前用户的商品', async () => {
      // 先为测试用户创建一个商品
      const testGoods = await testFactory.createTestGoods(testUser.id, {
        name: '测试更新商品',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const updateData = {
        name: '更新后的商品名称',
        price: 120.00,
        state: 2
      };

      const response = await client[':id'].$put({
        param: { id: testGoods.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户更新商品响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.name).toBe(updateData.name);
        expect(data.price).toBe(Number(updateData.price));
        expect(data.state).toBe(updateData.state);
        expect(data.updatedBy).toBe(testUser.id); // 验证自动设置更新用户
      }
    });

    it('应该拒绝更新其他用户的商品', async () => {
      // 为其他用户创建一个商品
      const otherUserGoods = await testFactory.createTestGoods(otherUser.id, {
        name: '其他用户商品',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const updateData = {
        name: '尝试更新其他用户商品'
      };

      const response = await client[':id'].$put({
        param: { id: otherUserGoods.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(403); // 数据权限控制返回403
    });
  });

  describe('DELETE /goods/:id', () => {
    it('应该成功删除当前用户的商品', async () => {
      // 先为测试用户创建一个商品
      const testGoods = await testFactory.createTestGoods(testUser.id, {
        name: '测试删除商品',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const response = await client[':id'].$delete({
        param: { id: testGoods.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      console.debug('用户删除商品响应状态:', response.status);
      expect(response.status).toBe(204);
    });

    it('应该拒绝删除其他用户的商品', async () => {
      // 为其他用户创建一个商品
      const otherUserGoods = await testFactory.createTestGoods(otherUser.id, {
        name: '其他用户商品',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const response = await client[':id'].$delete({
        param: { id: otherUserGoods.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      expect(response.status).toBe(403); // 数据权限控制返回403
    });
  });

  describe('数据权限配置测试', () => {
    it('应该验证dataPermission配置正确工作', async () => {
      // 这个测试验证数据权限配置是否正常工作
      // 用户只能访问自己创建的商品

      // 创建测试用户和其他用户的商品
      const userGoods = await testFactory.createTestGoods(testUser.id, {
        name: '用户商品',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      const otherUserGoods = await testFactory.createTestGoods(otherUser.id, {
        name: '其他用户商品',
        price: 200.00,
        costPrice: 160.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 50,
        lowestBuy: 1
      });

      // 使用测试用户token获取列表
      const response = await client.index.$get({
        query: {
          page: 1,
          pageSize: 10
        }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('数据权限配置测试错误响应:', errorData);
      }
      expect(response.status).toBe(200);
      const data = await response.json();

      // 类型检查确保data属性存在
      if ('data' in data && Array.isArray(data.data)) {
        // 验证只返回测试用户的商品
        const userGoodsInResponse = data.data.filter((goods: any) => goods.createdBy === testUser.id);
        const otherUserGoodsInResponse = data.data.filter((goods: any) => goods.createdBy === otherUser.id);

        expect(userGoodsInResponse.length).toBeGreaterThan(0);
        expect(otherUserGoodsInResponse.length).toBe(0);
      } else {
        // 如果响应是错误格式，应该失败
        expect(data).toHaveProperty('data');
      }
    });
  });

  describe('多租户数据隔离测试', () => {
    it('应该验证不同租户间的数据完全隔离', async () => {
      // 创建租户2的用户和商品
      const tenant2User = await testFactory.createTestUser(2, {
        username: 'tenant2_user',
        nickname: '租户2用户'
      });

      // 为租户2创建分类、供应商、商户
      const tenant2Category = await testFactory.createTestCategory(tenant2User.id, {
        tenantId: 2,
        name: '租户2分类'
      });
      const tenant2Supplier = await testFactory.createTestSupplier(tenant2User.id, {
        tenantId: 2,
        name: '租户2供应商',
        username: 'tenant2_supplier'
      });
      const tenant2Merchant = await testFactory.createTestMerchant(tenant2User.id, {
        tenantId: 2,
        name: '租户2商户'
      });

      const tenant2Goods = await testFactory.createTestGoods(tenant2User.id, {
        tenantId: 2,
        name: '租户2商品',
        price: 300.00,
        costPrice: 240.00,
        categoryId1: tenant2Category.id,
        categoryId2: tenant2Category.id,
        categoryId3: tenant2Category.id,
        goodsType: 1,
        supplierId: tenant2Supplier.id,
        merchantId: tenant2Merchant.id,
        state: 1,
        stock: 50,
        lowestBuy: 1
      });

      // 验证租户1用户无法访问租户2数据
      const response = await client[':id'].$get({
        param: { id: tenant2Goods.id }
      }, {
        headers: {
          'Authorization': `Bearer ${userToken}`
        }
      });

      // 租户1用户应该无法访问租户2的商品
      expect(response.status).toBe(404); // 或者403，取决于实现
    });

    it('应该验证租户1用户只能看到租户1的商品', async () => {
      // 创建租户1的商品
      const tenant1Goods = await testFactory.createTestGoods(testUser.id, {
        tenantId: 1,
        name: '租户1商品',
        price: 100.00,
        costPrice: 80.00,
        categoryId1: testCategory.id,
        categoryId2: testCategory.id,
        categoryId3: testCategory.id,
        goodsType: 1,
        supplierId: testSupplier.id,
        merchantId: testMerchant.id,
        state: 1,
        stock: 100,
        lowestBuy: 1
      });

      // 创建租户2的商品
      const tenant2User = await testFactory.createTestUser(2, {
        username: 'tenant2_user_2',
        nickname: '租户2用户2'
      });
      const tenant2Category = await testFactory.createTestCategory(tenant2User.id, {
        tenantId: 2,
        name: '租户2分类2'
      });
      const tenant2Supplier = await testFactory.createTestSupplier(tenant2User.id, {
        tenantId: 2,
        name: '租户2供应商2',
        username: 'tenant2_supplier_2'
      });
      const tenant2Merchant = await testFactory.createTestMerchant(tenant2User.id, {
        tenantId: 2,
        name: '租户2商户2'
      });

      const tenant2Goods = await testFactory.createTestGoods(tenant2User.id, {
        tenantId: 2,
        name: '租户2商品2',
        price: 400.00,
        costPrice: 320.00,
        categoryId1: tenant2Category.id,
        categoryId2: tenant2Category.id,
        categoryId3: tenant2Category.id,
        goodsType: 1,
        supplierId: tenant2Supplier.id,
        merchantId: tenant2Merchant.id,
        state: 1,
        stock: 75,
        lowestBuy: 1
      });

      console.debug('租户2商品创建成功:', tenant2Goods);

      // 重新生成租户1用户的token，确保认证信息正确
      const currentUserToken = JWTUtil.generateToken({
        id: testUser.id,
        username: testUser.username,
        roles: [{name:'user'}],
        tenantId: 1
      });

      console.debug('生成的token:', currentUserToken);
      console.debug('Authorization头:', `Bearer ${currentUserToken}`);

      // 获取租户1用户的商品列表
      const response = await client.index.$get({}, {
        headers: {
          'Authorization': `Bearer ${currentUserToken}`
        }
      });

      console.debug('响应状态码:', response.status);
      if (response.status !== 200) {
        console.debug('响应内容:', await response.text());
      }

      expect(response.status).toBe(200);
      const data = await response.json();

      console.debug('API返回的商品数据:', data.data);

      // 验证返回的商品都属于租户1
      if (data.data && Array.isArray(data.data)) {
        const allGoodsBelongToTenant1 = data.data.every((goods: any) => goods.tenantId === 1);
        console.debug('所有商品都属于租户1:', allGoodsBelongToTenant1);
        console.debug('商品租户ID列表:', data.data.map((g: any) => g.tenantId));
        expect(allGoodsBelongToTenant1).toBe(true);

        // 验证没有租户2的商品
        const tenant2GoodsInResponse = data.data.filter((goods: any) => goods.tenantId === 2);
        console.debug('租户2商品在响应中的数量:', tenant2GoodsInResponse.length);
        expect(tenant2GoodsInResponse.length).toBe(0);
      }
    });
  });
});