mini-starter/packages/supplier-module-mt/tests/integration/admin-routes.integration.test.ts

import { describe, it, expect, beforeEach } from 'vitest';
import { testClient } from 'hono/testing';
import { IntegrationTestDatabase, setupIntegrationDatabaseHooksWithEntities } from '@d8d/shared-test-util';
import { JWTUtil } from '@d8d/shared-utils';
import { UserEntityMt, RoleMt } from '@d8d/user-module-mt';
import { FileMt } from '@d8d/file-module-mt';
import { adminSupplierRoutes } from '../../src/routes';
import { SupplierMt } from '../../src/entities';

// 设置集成测试钩子
setupIntegrationDatabaseHooksWithEntities([UserEntityMt, RoleMt, SupplierMt, FileMt])

describe('管理员供应商管理API集成测试', () => {
  let client: ReturnType<typeof testClient<typeof adminSupplierRoutes>>;
  let adminToken: string;
  let testUser: UserEntityMt;
  let testAdmin: UserEntityMt;

  beforeEach(async () => {
    // 创建测试客户端
    client = testClient(adminSupplierRoutes);

    // 获取数据源
    const dataSource = await IntegrationTestDatabase.getDataSource();

    // 创建测试用户
    const userRepository = dataSource.getRepository(UserEntityMt);
    testUser = userRepository.create({
      username: `test_user_${Math.floor(Math.random() * 100000)}`,
      password: 'test_password',
      nickname: '测试用户',
      registrationSource: 'web',
      tenantId: 1
    });
    await userRepository.save(testUser);

    // 创建测试管理员用户
    testAdmin = userRepository.create({
      username: `test_admin_${Math.floor(Math.random() * 100000)}`,
      password: 'admin_password',
      nickname: '测试管理员',
      registrationSource: 'web',
      tenantId: 1
    });
    await userRepository.save(testAdmin);

    // 生成测试管理员的token
    adminToken = JWTUtil.generateToken({
      id: testAdmin.id,
      username: testAdmin.username,
      roles: [{name:'admin'}],
      tenantId: testAdmin.tenantId
    });
  });

  describe('GET /suppliers', () => {
    it('应该返回供应商列表', async () => {
      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('供应商列表响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data).toHaveProperty('data');
        expect(Array.isArray(data.data)).toBe(true);
      }
    });

    it('应该拒绝未认证用户的访问', async () => {
      const response = await client.index.$get({
        query: {}
      });
      expect(response.status).toBe(401);
    });
  });

  describe('POST /suppliers', () => {
    it('应该成功创建供应商', async () => {
      const createData = {
        name: '管理员创建供应商',
        username: `admin_created_supplier_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138000',
        realname: '管理员创建供应商',
        state: 1
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('创建供应商响应状态:', response.status);
      if (response.status !== 201) {
        const errorData = await response.json();
        console.debug('创建供应商错误响应:', errorData);
      }
      expect(response.status).toBe(201);

      if (response.status === 201) {
        const data = await response.json();
        expect(data).toHaveProperty('id');
        expect(data.name).toBe(createData.name);
        expect(data.username).toBe(createData.username);
        expect(data.phone).toBe(createData.phone);
        expect(data.realname).toBe(createData.realname);
        expect(data.state).toBe(createData.state);
      }
    });

    it('应该验证创建供应商的必填字段', async () => {
      const invalidData = {
        // 缺少必填字段
        name: '',
        username: '',
        password: '',
        phone: '',
        realname: ''
      };

      const response = await client.index.$post({
        json: invalidData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(400);
    });
  });

  describe('GET /suppliers/:id', () => {
    it('应该返回指定供应商的详情', async () => {
      // 先创建一个供应商
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const supplierRepository = dataSource.getRepository(SupplierMt);
      const testSupplier = supplierRepository.create({
        tenantId: 1,
        name: '测试供应商详情',
        username: `test_supplier_detail_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13600136000',
        realname: '测试供应商详情',
        loginNum: 5,
        loginTime: new Date('2024-01-01T12:00:00Z'),
        loginIp: '192.168.1.1',
        lastLoginTime: new Date('2024-01-01T12:00:00Z'),
        lastLoginIp: '192.168.1.1',
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(testSupplier);

      const response = await client[':id'].$get({
        param: { id: testSupplier.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('供应商详情响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.id).toBe(testSupplier.id);
        expect(data.name).toBe(testSupplier.name);
        expect(data.username).toBe(testSupplier.username);
        expect(data.phone).toBe(testSupplier.phone);
        expect(data.realname).toBe(testSupplier.realname);
      }
    });

    it('应该处理不存在的供应商', async () => {
      const response = await client[':id'].$get({
        param: { id: 999999 }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(404);
    });
  });

  describe('PUT /suppliers/:id', () => {
    it('应该成功更新供应商', async () => {
      // 先创建一个供应商
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const supplierRepository = dataSource.getRepository(SupplierMt);
      const testSupplier = supplierRepository.create({
        tenantId: 1,
        name: '原始供应商',
        username: `original_supplier_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13500135000',
        realname: '原始供应商',
        loginNum: 0,
        loginTime: null,
        loginIp: null,
        lastLoginTime: null,
        lastLoginIp: null,
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(testSupplier);

      const updateData = {
        name: '更新后的供应商',
        phone: '13700137000',
        realname: '更新后的供应商',
        state: 2
      };

      const response = await client[':id'].$put({
        param: { id: testSupplier.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('更新供应商响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.name).toBe(updateData.name);
        expect(data.phone).toBe(updateData.phone);
        expect(data.realname).toBe(updateData.realname);
        expect(data.state).toBe(updateData.state);
      }
    });
  });

  describe('DELETE /suppliers/:id', () => {
    it('应该成功删除供应商', async () => {
      // 先创建一个供应商
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const supplierRepository = dataSource.getRepository(SupplierMt);
      const testSupplier = supplierRepository.create({
        tenantId: 1,
        name: '待删除供应商',
        username: `delete_supplier_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13400134000',
        realname: '待删除供应商',
        loginNum: 0,
        loginTime: null,
        loginIp: null,
        lastLoginTime: null,
        lastLoginIp: null,
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(testSupplier);

      const response = await client[':id'].$delete({
        param: { id: testSupplier.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('删除供应商响应状态:', response.status);
      expect(response.status).toBe(204);

      // 验证供应商确实被删除
      const deletedSupplier = await supplierRepository.findOne({
        where: { id: testSupplier.id }
      });
      expect(deletedSupplier).toBeNull();
    });
  });

  describe('管理员权限测试', () => {
    it('管理员应该可以为其他用户创建供应商', async () => {
      const createData = {
        name: '为其他用户创建供应商',
        username: `other_user_supplier_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138001',
        realname: '为其他用户创建供应商',
        state: 1,
        createdBy: testUser.id // 管理员可以指定创建者
      };

      const response = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('管理员为其他用户创建供应商响应状态:', response.status);
      expect(response.status).toBe(201);

      if (response.status === 201) {
        const data = await response.json();
        expect(data.createdBy).toBe(testUser.id); // 验证供应商确实属于其他用户
        expect(data.name).toBe(createData.name);
      }
    });

    it('管理员应该可以访问所有用户的供应商', async () => {
      // 为测试用户创建一些供应商
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const supplierRepository = dataSource.getRepository(SupplierMt);

      const userSupplier1 = supplierRepository.create({
        tenantId: 1,
        name: '用户供应商1',
        username: `user_supplier1_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138002',
        realname: '用户供应商1',
        loginNum: 0,
        loginTime: null,
        loginIp: null,
        lastLoginTime: null,
        lastLoginIp: null,
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(userSupplier1);

      const userSupplier2 = supplierRepository.create({
        tenantId: 1,
        name: '用户供应商2',
        username: `user_supplier2_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138003',
        realname: '用户供应商2',
        loginNum: 0,
        loginTime: null,
        loginIp: null,
        lastLoginTime: null,
        lastLoginIp: null,
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(userSupplier2);

      // 管理员应该能看到所有供应商
      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();
      if (data && 'data' in data) {
        expect(Array.isArray(data.data)).toBe(true);
        expect(data.data.length).toBeGreaterThanOrEqual(2); // 至少包含我们创建的两个供应商
      }
    });

    it('管理员应该可以更新其他用户的供应商', async () => {
      // 先为测试用户创建一个供应商
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const supplierRepository = dataSource.getRepository(SupplierMt);
      const testSupplier = supplierRepository.create({
        tenantId: 1,
        name: '原始供应商',
        username: `original_supplier_admin_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138004',
        realname: '原始供应商',
        loginNum: 0,
        loginTime: null,
        loginIp: null,
        lastLoginTime: null,
        lastLoginIp: null,
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(testSupplier);

      const updateData = {
        name: '管理员更新的供应商',
        phone: '13900139000',
        realname: '管理员更新的供应商'
      };

      const response = await client[':id'].$put({
        param: { id: testSupplier.id },
        json: updateData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('管理员更新其他用户供应商响应状态:', response.status);
      expect(response.status).toBe(200);

      if (response.status === 200) {
        const data = await response.json();
        expect(data.name).toBe(updateData.name);
        expect(data.phone).toBe(updateData.phone);
        expect(data.realname).toBe(updateData.realname);
      }
    });

    it('管理员应该可以删除其他用户的供应商', async () => {
      // 先为测试用户创建一个供应商
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const supplierRepository = dataSource.getRepository(SupplierMt);
      const testSupplier = supplierRepository.create({
        tenantId: 1,
        name: '待删除供应商',
        username: `delete_supplier_admin_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138005',
        realname: '待删除供应商',
        loginNum: 0,
        loginTime: null,
        loginIp: null,
        lastLoginTime: null,
        lastLoginIp: null,
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(testSupplier);

      const response = await client[':id'].$delete({
        param: { id: testSupplier.id }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      console.debug('管理员删除其他用户供应商响应状态:', response.status);
      expect(response.status).toBe(204);

      // 验证供应商确实被删除
      const deletedSupplier = await supplierRepository.findOne({
        where: { id: testSupplier.id }
      });
      expect(deletedSupplier).toBeNull();
    });

    it('管理员应该可以查询指定用户的供应商', async () => {
      // 为测试用户创建一些供应商
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const supplierRepository = dataSource.getRepository(SupplierMt);

      const userSupplier = supplierRepository.create({
        tenantId: 1,
        name: '指定用户供应商',
        username: `specified_user_supplier_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138006',
        realname: '指定用户供应商',
        loginNum: 0,
        loginTime: null,
        loginIp: null,
        lastLoginTime: null,
        lastLoginIp: null,
        state: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(userSupplier);

      // 管理员可以查询指定用户的供应商
      const response = await client.index.$get({
        query: { filters: JSON.stringify({ createdBy: testUser.id }) }
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();
      if (data && 'data' in data) {
        expect(Array.isArray(data.data)).toBe(true);

        // 验证返回的供应商都属于指定用户
        if (data.data.length > 0) {
          data.data.forEach((supplier: any) => {
            expect(supplier.createdBy).toBe(testUser.id);
          });
        }
      }
    });
  });

  describe('供应商状态管理', () => {
    it('应该支持供应商状态管理', async () => {
      // 创建启用状态的供应商
      const createData = {
        name: '状态测试供应商',
        username: `status_test_supplier_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138007',
        realname: '状态测试供应商',
        state: 1 // 启用状态
      };

      const createResponse = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(createResponse.status).toBe(201);
      const createdData = await createResponse.json();

      // 更新为禁用状态
      if (typeof createdData === 'object' && createdData !== null && 'id' in createdData) {
        const updateResponse = await client[':id'].$put({
          param: { id: createdData.id },
          json: { state: 2 } // 禁用状态
        }, {
          headers: {
            'Authorization': `Bearer ${adminToken}`
          }
        });

        expect(updateResponse.status).toBe(200);
        const updatedData = await updateResponse.json();
        if (typeof updatedData === 'object' && updatedData !== null && 'state' in updatedData) {
          expect(updatedData.state).toBe(2);
        }
      }
    });
  });

  describe('供应商登录统计', () => {
    it('应该支持供应商登录统计功能', async () => {
      // 创建供应商
      const createData = {
        name: '登录统计供应商',
        username: `login_stat_supplier_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138008',
        realname: '登录统计供应商',
        state: 1
      };

      const createResponse = await client.index.$post({
        json: createData
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(createResponse.status).toBe(201);
      const createdData = await createResponse.json();

      // 验证初始登录统计
      if (typeof createdData === 'object' && createdData !== null) {
        if ('loginNum' in createdData) expect(createdData.loginNum).toBe(0);
        if ('loginTime' in createdData) expect(createdData.loginTime).toBeNull();
        if ('lastLoginTime' in createdData) expect(createdData.lastLoginTime).toBeNull();
        if ('loginIp' in createdData) expect(createdData.loginIp).toBeNull();
        if ('lastLoginIp' in createdData) expect(createdData.lastLoginIp).toBeNull();
      }

      // 获取供应商详情验证字段存在
      if (typeof createdData === 'object' && createdData !== null && 'id' in createdData) {
        const getResponse = await client[':id'].$get({
          param: { id: createdData.id }
        }, {
          headers: {
            'Authorization': `Bearer ${adminToken}`
          }
        });

        expect(getResponse.status).toBe(200);
        const supplierData = await getResponse.json();
        if (typeof supplierData === 'object' && supplierData !== null) {
          expect(supplierData).toHaveProperty('loginNum');
          expect(supplierData).toHaveProperty('loginTime');
          expect(supplierData).toHaveProperty('lastLoginTime');
          expect(supplierData).toHaveProperty('loginIp');
          expect(supplierData).toHaveProperty('lastLoginIp');
        }
      }
    });
  });

  describe('跨租户数据隔离', () => {
    let tenant2AdminToken: string;
    let tenant2Admin: UserEntityMt;

    beforeEach(async () => {
      // 获取数据源
      const dataSource = await IntegrationTestDatabase.getDataSource();
      const userRepository = dataSource.getRepository(UserEntityMt);

      // 创建租户2的管理员
      tenant2Admin = userRepository.create({
        username: `tenant2_admin_${Math.floor(Math.random() * 100000)}`,
        password: 'admin_password',
        nickname: '租户2管理员',
        registrationSource: 'web',
        tenantId: 2
      });
      await userRepository.save(tenant2Admin);

      // 生成租户2管理员的token
      tenant2AdminToken = JWTUtil.generateToken({
        id: tenant2Admin.id,
        username: tenant2Admin.username,
        roles: [{name:'admin'}],
        tenantId: tenant2Admin.tenantId
      });

      // 为租户1创建一些供应商
      const supplierRepository = dataSource.getRepository(SupplierMt);
      const tenant1Supplier1 = supplierRepository.create({
        name: '租户1供应商1',
        username: `tenant1_supplier1_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138009',
        realname: '租户1供应商1',
        state: 1,
        tenantId: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(tenant1Supplier1);

      const tenant1Supplier2 = supplierRepository.create({
        name: '租户1供应商2',
        username: `tenant1_supplier2_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138010',
        realname: '租户1供应商2',
        state: 1,
        tenantId: 1,
        createdBy: testUser.id
      });
      await supplierRepository.save(tenant1Supplier2);

      // 为租户2创建一些供应商
      const tenant2Supplier1 = supplierRepository.create({
        name: '租户2供应商1',
        username: `tenant2_supplier1_${Math.floor(Math.random() * 100000)}`,
        password: 'password123',
        phone: '13800138011',
        realname: '租户2供应商1',
        state: 1,
        tenantId: 2,
        createdBy: tenant2Admin.id
      });
      await supplierRepository.save(tenant2Supplier1);
    });

    it('应该实现租户数据隔离 - 租户1管理员只能看到租户1的供应商', async () => {
      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();

      // 验证租户1管理员只能看到租户1的供应商
      if (data.data && Array.isArray(data.data)) {
        data.data.forEach((supplier: any) => {
          expect(supplier.tenantId).toBe(1);
        });
      }
    });

    it('应该实现租户数据隔离 - 租户2管理员只能看到租户2的供应商', async () => {
      const response = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${tenant2AdminToken}`
        }
      });

      expect(response.status).toBe(200);
      const data = await response.json();

      // 验证租户2管理员只能看到租户2的供应商
      if (data.data && Array.isArray(data.data)) {
        data.data.forEach((supplier: any) => {
          expect(supplier.tenantId).toBe(2);
        });
      }
    });

    it('应该阻止跨租户访问供应商详情', async () => {
      // 获取租户1的供应商列表
      const listResponse = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(listResponse.status).toBe(200);
      const listData = await listResponse.json();

      if (listData.data && Array.isArray(listData.data) && listData.data.length > 0) {
        const tenant1SupplierId = listData.data[0].id;

        // 租户2管理员尝试访问租户1的供应商
        const getResponse = await client[':id'].$get({
          param: { id: tenant1SupplierId }
        }, {
          headers: {
            'Authorization': `Bearer ${tenant2AdminToken}`
          }
        });

        // 跨租户访问应该返回404
        expect(getResponse.status).toBe(404);
      }
    });

    it('应该阻止跨租户更新供应商', async () => {
      // 获取租户1的供应商列表
      const listResponse = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(listResponse.status).toBe(200);
      const listData = await listResponse.json();

      if (listData.data && Array.isArray(listData.data) && listData.data.length > 0) {
        const tenant1SupplierId = listData.data[0].id;

        // 租户2管理员尝试更新租户1的供应商
        const updateResponse = await client[':id'].$put({
          param: { id: tenant1SupplierId },
          json: { name: '跨租户更新测试' }
        }, {
          headers: {
            'Authorization': `Bearer ${tenant2AdminToken}`
          }
        });

        // 跨租户更新应该返回404
        expect(updateResponse.status).toBe(404);
      }
    });

    it('应该阻止跨租户删除供应商', async () => {
      // 获取租户1的供应商列表
      const listResponse = await client.index.$get({
        query: {}
      }, {
        headers: {
          'Authorization': `Bearer ${adminToken}`
        }
      });

      expect(listResponse.status).toBe(200);
      const listData = await listResponse.json();

      if (listData.data && Array.isArray(listData.data) && listData.data.length > 0) {
        const tenant1SupplierId = listData.data[0].id;

        // 租户2管理员尝试删除租户1的供应商
        const deleteResponse = await client[':id'].$delete({
          param: { id: tenant1SupplierId }
        }, {
          headers: {
            'Authorization': `Bearer ${tenant2AdminToken}`
          }
        });

        // 跨租户删除应该返回404
        expect(deleteResponse.status).toBe(404);
      }
    });
  });
});