mini-starter/packages/merchant-module-mt/tests/integration/admin-routes.integration.test.ts

import { describe, it, expect, beforeEach, vi, afterEach } from 'vitest';
import { testClient } from 'hono/testing';
import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { JWTUtil } from '@d8d/shared-utils';
import { UserEntityMt, RoleMt } from '@d8d/user-module-mt';
import { FileMt } from '@d8d/file-module-mt';
import { adminMerchantRoutes } from '../../src/routes/admin-routes.mt';
import { MerchantMt } from '../../src/entities/merchant.mt.entity';
import { MerchantTestUtils } from '../utils/test-utils';

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([UserEntityMt, RoleMt, MerchantMt, FileMt])

describe('管理员商户管理API集成测试', () => {
  let client: ReturnType<typeof testClient<typeof adminMerchantRoutes>>;
  let adminToken: string;
  let testUser: UserEntityMt;
  let testAdmin: UserEntityMt;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(adminMerchantRoutes);

    // 获取数据源
    const dataSource = await IntegrationTestDatabase.getDataSource();

    // 创建测试用户
    testUser = await MerchantTestUtils.createTestUser({ tenantId: 1 });

    // 创建测试管理员用户
    testAdmin = await MerchantTestUtils.createTestUser({
      username: `test_admin_${Date.now()}`,
      nickname: '测试管理员',
      tenantId: 1
    });

    // 生成测试管理员的token
    adminToken = JWTUtil.generateToken({
      id: testAdmin.id,
      username: testAdmin.username,
      roles: [{name:'admin'}],
      tenantId: 1
    });
  });

  describe('GET /merchants', () => {
    it('应该返回商户列表', async () => {
      // 创建一些测试商户
      await MerchantTestUtils.createTestMerchants(testUser.id, 3, 1);

      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('商户列表响应状态:', response.status);

      if (response.status !== 200) {
        const errorData = await response.json();
        console.debug('商户列表错误响应:', JSON.stringify(errorData, null, 2));
      }

      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data).toHaveProperty('data');
        expect(Array.isArray(data.data)).toBe(true);
      }
    });

    it('应该拒绝未认证用户的访问', async () => {
      const response = await client.index.$get({
        query: {}
      });
      expect(response.status).toBe(401);
    });
  });

  describe('POST /merchants', () => {
    it('应该成功创建商户', async () => {
      const createData = {
        name: '新商户',
        username: `new_${Date.now()}`,
        password: 'password123',
        phone: '13800138000',
        realname: '张三',
        state: 1,
        tenantId: 1
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('创建商户响应状态:', response.status);
      if (response.status !== 201) {
        const errorData = await response.json();
        console.debug('创建商户错误响应:', errorData);
      }
      expect(response.status).toBe(201);

      if (response.status === 201) {
        const data = await response.json();
        expect(data).toHaveProperty('id');
        expect(data.name).toBe(createData.name);
        expect(data.username).toBe(createData.username);
        expect(data.phone).toBe(createData.phone);
        expect(data.realname).toBe(createData.realname);
        expect(data.state).toBe(createData.state);
        expect(data.tenantId).toBe(1); // 自动使用租户ID
      }
    });

    it('应该验证创建商户的必填字段', async () => {
      const invalidData = {
        // 缺少必填字段
        name: '',
        username: '',
        password: ''
      };

      const response = await client.index.$post({
        json: invalidData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(400);
    });
  });

  describe('GET /merchants/:id', () => {
    it('应该返回指定商户的详情', async () => {
      // 使用测试工具创建商户
      const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1);

      const response = await client[':id'].$get({
        param: { id: testMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('商户详情响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.id).toBe(testMerchant.id);
        expect(data.name).toBe(testMerchant.name);
        expect(data.username).toBe(testMerchant.username);
        expect(data.phone).toBe(testMerchant.phone);
        expect(data.realname).toBe(testMerchant.realname);
        expect(data.tenantId).toBe(1);
      }
    });

    it('应该处理不存在的商户', async () => {
      const response = await client[':id'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(404);
    });
  });

  describe('PUT /merchants/:id', () => {
    it('应该成功更新商户', async () => {
      // 使用测试工具创建商户
      const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1);

      const updateData = {
        name: '更新后的商户',
        phone: '13900139000',
        realname: '更新后的姓名',
        state: 2
      };

      const response = await client[':id'].$put({
        param: { id: testMerchant.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('更新商户响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.name).toBe(updateData.name);
        expect(data.phone).toBe(updateData.phone);
        expect(data.realname).toBe(updateData.realname);
        expect(data.state).toBe(updateData.state);
      }
    });
  });

  describe('DELETE /merchants/:id', () => {
    it('应该成功删除商户', async () => {
      // 使用测试工具创建商户
      const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1);

      const response = await client[':id'].$delete({
        param: { id: testMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('删除商户响应状态:', response.status);
      expect(response.status).toBe(204);

      // 验证商户确实被删除
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(MerchantMt);
      const deletedMerchant = await merchantRepository.findOne({
        where: { id: testMerchant.id }
      });
      expect(deletedMerchant).toBeNull();
    });
  });

  describe('管理员权限测试', () => {
    it('管理员应该可以为其他用户创建商户', async () => {
      const createData = {
        name: '其他用户商户',
        username: `oum_${Date.now()}`,
        password: 'password123',
        phone: '13800138001',
        realname: '李四',
        state: 1,
        tenantId: 1
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('管理员为其他用户创建商户响应状态:', response.status);
      expect(response.status).toBe(201);

      if (response.status === 201) {
        const data = await response.json();
        expect(data.createdBy).toBe(testAdmin.id); // 管理员创建商户时使用管理员自己的ID
        expect(data.name).toBe(createData.name);
        expect(data.tenantId).toBe(1);
      }
    });

    it('管理员应该可以访问所有用户的商户', async () => {
      // 为测试用户创建一些商户
      await MerchantTestUtils.createTestMerchants(testUser.id, 2, 1);

      // 管理员应该能看到所有商户
      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();
      if (data && 'data' in data) {
        expect(Array.isArray(data.data)).toBe(true);
        expect(data.data.length).toBeGreaterThanOrEqual(2); // 至少包含我们创建的两个商户
      }
    });

    it('管理员应该可以更新其他用户的商户', async () => {
      // 先为测试用户创建一个商户
      const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1);

      const updateData = {
        name: '管理员更新的商户',
        phone: '13900139000',
        realname: '管理员更新的姓名'
      };

      const response = await client[':id'].$put({
        param: { id: testMerchant.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('管理员更新其他用户商户响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.name).toBe(updateData.name);
        expect(data.phone).toBe(updateData.phone);
        expect(data.realname).toBe(updateData.realname);
      }
    });

    it('管理员应该可以删除其他用户的商户', async () => {
      // 先为测试用户创建一个商户
      const testMerchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1);

      const response = await client[':id'].$delete({
        param: { id: testMerchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('管理员删除其他用户商户响应状态:', response.status);
      expect(response.status).toBe(204);

      // 验证商户确实被删除
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const merchantRepository = dataSource.getRepository(MerchantMt);
      const deletedMerchant = await merchantRepository.findOne({
        where: { id: testMerchant.id }
      });
      expect(deletedMerchant).toBeNull();
    });

    it('管理员应该可以查询指定用户的商户', async () => {
      // 为测试用户创建一些商户
      const userMerchants = await MerchantTestUtils.createTestMerchants(testUser.id, 2, 1);

      // 管理员可以查询指定用户的商户
      const response = await client.index.$get({
        query: { filters: JSON.stringify({ createdBy: testUser.id }) }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();
      if (data && 'data' in data) {
        expect(Array.isArray(data.data)).toBe(true);

        // 验证返回的商户都属于指定用户
        if (data.data.length > 0) {
          data.data.forEach((merchant: any) => {
            expect(merchant.createdBy).toBe(testUser.id);
            expect(merchant.tenantId).toBe(1);
          });
        }
      }
    });
  });

  describe('商户状态管理测试', () => {
    it('应该支持商户状态管理', async () => {
      // 创建启用状态的商户
      const createData = {
        name: '状态测试商户',
        username: `stm_${Date.now()}`,
        password: 'password123',
        phone: '13800138007',
        realname: '状态测试',
        state: 1, // 启用
        tenantId: 1
      };

      const createResponse = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(createResponse.status).toBe(201);
      if (createResponse.status === 201) {
        const createdMerchant = await createResponse.json();
        expect(createdMerchant.state).toBe(1);

        // 更新为禁用状态
        const updateResponse = await client[':id'].$put({
          param: { id: createdMerchant.id },
          json: { state: 2 } // 禁用
        }, {
          headers: {
            'Authorization': `Bearer ${adminToken}`
          }
        });

        expect(updateResponse.status).toBe(200);
        if (updateResponse.status === 200) {
          const updatedMerchant = await updateResponse.json();
          expect(updatedMerchant.state).toBe(2);
        }
      }
    });
  });

  describe('商户登录统计功能测试', () => {
    it('应该支持商户登录统计字段', async () => {
      // 创建商户
      const createData = {
        name: '登录统计商户',
        username: `lsm_${Date.now()}`,
        password: 'password123',
        phone: '13800138008',
        realname: '登录统计',
        state: 1,
        tenantId: 1
      };

      const createResponse = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(createResponse.status).toBe(201);
      if (createResponse.status === 201) {
        const createdMerchant = await createResponse.json();

        // 验证登录统计字段存在
        expect(createdMerchant).toHaveProperty('loginNum');
        expect(createdMerchant).toHaveProperty('loginTime');
        expect(createdMerchant).toHaveProperty('loginIp');
        expect(createdMerchant).toHaveProperty('lastLoginTime');
        expect(createdMerchant).toHaveProperty('lastLoginIp');

        // 初始值应该为0或null
        expect(createdMerchant.loginNum).toBe(0);
        expect(createdMerchant.loginTime).toBe(0);
        expect(createdMerchant.lastLoginTime).toBe(0);
      }
    });
  });

  describe('跨租户商户访问安全验证', () => {
    let tenant2User: UserEntityMt;
    let tenant2AdminToken: string;

    beforeEach(async () => {
      // 创建租户2的用户
      tenant2User = await MerchantTestUtils.createTestUser({
        username: `tenant2_user_${Date.now()}`,
        nickname: '租户2用户',
        tenantId: 2
      });

      // 生成租户2管理员的token
      tenant2AdminToken = JWTUtil.generateToken({
        id: tenant2User.id,
        username: tenant2User.username,
        roles: [{name:'admin'}],
        tenantId: 2
      });
    });

    it('管理员应该只能访问自己租户的商户', async () => {
      // 为两个租户创建商户
      const tenant1Merchant = await MerchantTestUtils.createTestMerchant(testUser.id, 1);
      const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2);

      // 租户1管理员应该只能看到租户1的商户
      const tenant1Response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(tenant1Response.status).toBe(200);
      const tenant1Data = await tenant1Response.json();
      if (tenant1Data && 'data' in tenant1Data) {
        expect(Array.isArray(tenant1Data.data)).toBe(true);
        // 应该只包含租户1的商户
        tenant1Data.data.forEach((merchant: any) => {
          expect(merchant.tenantId).toBe(1);
        });
      }

      // 租户2管理员应该只能看到租户2的商户
      const tenant2Response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${tenant2AdminToken}`
        }
      });

      expect(tenant2Response.status).toBe(200);
      const tenant2Data = await tenant2Response.json();
      if (tenant2Data && 'data' in tenant2Data) {
        expect(Array.isArray(tenant2Data.data)).toBe(true);
        // 应该只包含租户2的商户
        tenant2Data.data.forEach((merchant: any) => {
          expect(merchant.tenantId).toBe(2);
        });
      }
    });

    it('管理员应该无法访问其他租户的商户详情', async () => {
      // 为租户2创建商户
      const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2);

      // 租户1管理员尝试访问租户2的商户
      const response = await client[':id'].$get({
        param: { id: tenant2Merchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('跨租户管理员访问商户详情响应状态:', response.status);
      expect(response.status).toBe(404); // 应该返回404，而不是403
    });

    it('管理员应该无法更新其他租户的商户', async () => {
      // 为租户2创建商户
      const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2);

      const updateData = {
        name: '尝试跨租户更新',
        phone: '13900139011',
        realname: '尝试跨租户更新'
      };

      // 租户1管理员尝试更新租户2的商户
      const response = await client[':id'].$put({
        param: { id: tenant2Merchant.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('跨租户管理员更新商户响应状态:', response.status);
      expect(response.status).toBe(404); // 应该返回404，而不是403
    });

    it('管理员应该无法删除其他租户的商户', async () => {
      // 为租户2创建商户
      const tenant2Merchant = await MerchantTestUtils.createTestMerchant(tenant2User.id, 2);

      // 租户1管理员尝试删除租户2的商户
      const response = await client[':id'].$delete({
        param: { id: tenant2Merchant.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('跨租户管理员删除商户响应状态:', response.status);
      expect(response.status).toBe(404); // 应该返回404，而不是403
    });
  });
});