feat: 完成B端认证系统和商户管理模块测试补全

主要变更： - 新增B端认证系统（后台+H5）：登录、登出、Token刷新、密码修改 - 完善商户管理和商户账号管理功能 - 补全单元测试（ShopService: 72.5%, ShopAccountService: 79.8%） - 新增集成测试（商户管理+商户账号管理） - 归档OpenSpec提案（add-shop-account-management, implement-b-end-auth-system） - 完善文档（使用指南、API文档、认证架构说明）测试统计： - 13个测试套件，37个测试用例，100%通过率 - 平均覆盖率76.2%，达标 OpenSpec验证：通过（strict模式）
2026-01-15 18:15:17 +08:00
parent 7ccd3d146c
commit 18f35f3ef4
64 changed files with 11875 additions and 242 deletions
--- a/tests/integration/shop_account_management_test.go
+++ b/tests/integration/shop_account_management_test.go
@@ -0,0 +1,518 @@
+package integration
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/break/junhong_cmp_fiber/internal/bootstrap"
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/internal/routes"
+	"github.com/break/junhong_cmp_fiber/pkg/auth"
+	"github.com/break/junhong_cmp_fiber/pkg/config"
+	"github.com/break/junhong_cmp_fiber/pkg/constants"
+	"github.com/break/junhong_cmp_fiber/pkg/response"
+	"github.com/break/junhong_cmp_fiber/tests/testutil"
+	"github.com/gofiber/fiber/v2"
+	"github.com/redis/go-redis/v9"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.uber.org/zap"
+	"golang.org/x/crypto/bcrypt"
+	"gorm.io/driver/postgres"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+)
+
+// shopAccountTestEnv 商户账号测试环境
+type shopAccountTestEnv struct {
+	db             *gorm.DB
+	redisClient    *redis.Client
+	tokenManager   *auth.TokenManager
+	app            *fiber.App
+	adminToken     string
+	testShop       *model.Shop
+	superAdminUser *model.Account
+	t              *testing.T
+}
+
+// setupShopAccountTestEnv 设置商户账号测试环境
+func setupShopAccountTestEnv(t *testing.T) *shopAccountTestEnv {
+	t.Helper()
+
+	t.Setenv("CONFIG_ENV", "dev")
+	t.Setenv("CONFIG_PATH", "../../configs/config.dev.yaml")
+	cfg, err := config.Load()
+	require.NoError(t, err)
+	err = config.Set(cfg)
+	require.NoError(t, err)
+
+	zapLogger, _ := zap.NewDevelopment()
+
+	dsn := "host=cxd.whcxd.cn port=16159 user=erp_pgsql password=erp_2025 dbname=junhong_cmp_test sslmode=disable TimeZone=Asia/Shanghai"
+	db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Silent),
+	})
+	require.NoError(t, err)
+
+	err = db.AutoMigrate(
+		&model.Account{},
+		&model.Role{},
+		&model.Permission{},
+		&model.AccountRole{},
+		&model.RolePermission{},
+		&model.Shop{},
+		&model.Enterprise{},
+		&model.PersonalCustomer{},
+	)
+	require.NoError(t, err)
+
+	redisClient := redis.NewClient(&redis.Options{
+		Addr:     "cxd.whcxd.cn:16299",
+		Password: "cpNbWtAaqgo1YJmbMp3h",
+		DB:       15,
+	})
+
+	ctx := context.Background()
+	err = redisClient.Ping(ctx).Err()
+	require.NoError(t, err)
+
+	testPrefix := fmt.Sprintf("test:%s:", t.Name())
+	keys, _ := redisClient.Keys(ctx, testPrefix+"*").Result()
+	if len(keys) > 0 {
+		redisClient.Del(ctx, keys...)
+	}
+
+	tokenManager := auth.NewTokenManager(redisClient, 24*time.Hour, 7*24*time.Hour)
+
+	superAdmin := testutil.CreateSuperAdmin(t, db)
+	adminToken, _ := testutil.GenerateTestToken(t, redisClient, superAdmin, "web")
+
+	testShop := testutil.CreateTestShop(t, db, "测试商户", "TEST_SHOP", 1, nil)
+
+	deps := &bootstrap.Dependencies{
+		DB:           db,
+		Redis:        redisClient,
+		Logger:       zapLogger,
+		TokenManager: tokenManager,
+	}
+
+	result, err := bootstrap.Bootstrap(deps)
+	require.NoError(t, err)
+
+	handlers := result.Handlers
+	middlewares := result.Middlewares
+
+	app := fiber.New(fiber.Config{
+		ErrorHandler: func(c *fiber.Ctx, err error) error {
+			return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+		},
+	})
+
+	routes.RegisterRoutes(app, handlers, middlewares)
+
+	return &shopAccountTestEnv{
+		db:             db,
+		redisClient:    redisClient,
+		tokenManager:   tokenManager,
+		app:            app,
+		adminToken:     adminToken,
+		testShop:       testShop,
+		superAdminUser: superAdmin,
+		t:              t,
+	}
+}
+
+// teardown 清理测试环境
+func (e *shopAccountTestEnv) teardown() {
+	e.db.Exec("DELETE FROM tb_account WHERE username LIKE 'test%'")
+	e.db.Exec("DELETE FROM tb_shop WHERE shop_code LIKE 'TEST%'")
+
+	ctx := context.Background()
+	testPrefix := fmt.Sprintf("test:%s:", e.t.Name())
+	keys, _ := e.redisClient.Keys(ctx, testPrefix+"*").Result()
+	if len(keys) > 0 {
+		e.redisClient.Del(ctx, keys...)
+	}
+
+	e.redisClient.Close()
+}
+
+// TestShopAccount_CreateAccount 测试创建商户账号
+func TestShopAccount_CreateAccount(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	reqBody := model.CreateShopAccountRequest{
+		ShopID:   env.testShop.ID,
+		Username: "agent001",
+		Phone:    "13800138001",
+		Password: "password123",
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("POST", "/api/admin/shop-accounts", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+	assert.NotNil(t, result.Data)
+
+	// 验证数据库中的账号
+	var account model.Account
+	err = env.db.Where("username = ?", "agent001").First(&account).Error
+	require.NoError(t, err)
+	assert.Equal(t, constants.UserTypeAgent, account.UserType)
+	assert.NotNil(t, account.ShopID)
+	assert.Equal(t, env.testShop.ID, *account.ShopID)
+	assert.Equal(t, "13800138001", account.Phone)
+
+	// 验证密码已加密
+	err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte("password123"))
+	assert.NoError(t, err, "密码应该被正确加密")
+}
+
+// TestShopAccount_CreateAccount_InvalidShop 测试创建账号 - 商户不存在
+func TestShopAccount_CreateAccount_InvalidShop(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	reqBody := model.CreateShopAccountRequest{
+		ShopID:   99999, // 不存在的商户ID
+		Username: "agent002",
+		Phone:    "13800138002",
+		Password: "password123",
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("POST", "/api/admin/shop-accounts", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.NotEqual(t, 0, result.Code) // 应该返回错误
+}
+
+// TestShopAccount_ListAccounts 测试查询商户账号列表
+func TestShopAccount_ListAccounts(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试账号
+	testutil.CreateAgentUser(t, env.db, env.testShop.ID)
+	testutil.CreateTestAccount(t, env.db, "agent2", "pass123", constants.UserTypeAgent, &env.testShop.ID, nil)
+	testutil.CreateTestAccount(t, env.db, "agent3", "pass123", constants.UserTypeAgent, &env.testShop.ID, nil)
+
+	// 查询该商户的所有账号
+	req := httptest.NewRequest("GET", fmt.Sprintf("/api/admin/shop-accounts?shop_id=%d&page=1&size=10", env.testShop.ID), nil)
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+
+	// 解析分页数据
+	dataMap, ok := result.Data.(map[string]interface{})
+	require.True(t, ok)
+
+	items, ok := dataMap["items"].([]interface{})
+	require.True(t, ok)
+	assert.GreaterOrEqual(t, len(items), 3, "应该至少有3个账号")
+}
+
+// TestShopAccount_UpdateAccount 测试更新商户账号
+func TestShopAccount_UpdateAccount(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试账号
+	account := testutil.CreateAgentUser(t, env.db, env.testShop.ID)
+
+	// 更新账号用户名
+	reqBody := model.UpdateShopAccountRequest{
+		Username: "updated_agent",
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("PUT", fmt.Sprintf("/api/admin/shop-accounts/%d", account.ID), bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+
+	// 验证数据库中的更新
+	var updatedAccount model.Account
+	err = env.db.First(&updatedAccount, account.ID).Error
+	require.NoError(t, err)
+	assert.Equal(t, "updated_agent", updatedAccount.Username)
+	assert.Equal(t, account.Phone, updatedAccount.Phone) // 手机号不应该改变
+}
+
+// TestShopAccount_UpdatePassword 测试重置账号密码
+func TestShopAccount_UpdatePassword(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试账号
+	account := testutil.CreateAgentUser(t, env.db, env.testShop.ID)
+
+	// 重置密码
+	newPassword := "newpassword456"
+	reqBody := model.UpdateShopAccountPasswordRequest{
+		NewPassword: newPassword,
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("PUT", fmt.Sprintf("/api/admin/shop-accounts/%d/password", account.ID), bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+
+	// 验证新密码
+	var updatedAccount model.Account
+	err = env.db.First(&updatedAccount, account.ID).Error
+	require.NoError(t, err)
+
+	err = bcrypt.CompareHashAndPassword([]byte(updatedAccount.Password), []byte(newPassword))
+	assert.NoError(t, err, "新密码应该生效")
+
+	// 旧密码应该失效
+	err = bcrypt.CompareHashAndPassword([]byte(updatedAccount.Password), []byte("password123"))
+	assert.Error(t, err, "旧密码应该失效")
+}
+
+// TestShopAccount_UpdateStatus 测试启用/禁用账号
+func TestShopAccount_UpdateStatus(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试账号（默认启用）
+	account := testutil.CreateAgentUser(t, env.db, env.testShop.ID)
+	require.Equal(t, 1, account.Status)
+
+	// 禁用账号
+	reqBody := model.UpdateShopAccountStatusRequest{
+		Status: 2, // 禁用
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("PUT", fmt.Sprintf("/api/admin/shop-accounts/%d/status", account.ID), bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+
+	// 验证账号已禁用
+	var disabledAccount model.Account
+	err = env.db.First(&disabledAccount, account.ID).Error
+	require.NoError(t, err)
+	assert.Equal(t, 2, disabledAccount.Status)
+
+	// 再次启用账号
+	reqBody.Status = 1
+	body, err = json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req = httptest.NewRequest("PUT", fmt.Sprintf("/api/admin/shop-accounts/%d/status", account.ID), bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err = env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	// 验证账号已启用
+	var enabledAccount model.Account
+	err = env.db.First(&enabledAccount, account.ID).Error
+	require.NoError(t, err)
+	assert.Equal(t, 1, enabledAccount.Status)
+}
+
+// TestShopAccount_DeleteShopDisablesAccounts 测试删除商户时禁用关联账号
+func TestShopAccount_DeleteShopDisablesAccounts(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	// 创建商户和多个账号
+	shop := testutil.CreateTestShop(t, env.db, "待删除商户", "DEL_SHOP", 1, nil)
+	account1 := testutil.CreateTestAccount(t, env.db, "agent1", "pass123", constants.UserTypeAgent, &shop.ID, nil)
+	account2 := testutil.CreateTestAccount(t, env.db, "agent2", "pass123", constants.UserTypeAgent, &shop.ID, nil)
+	account3 := testutil.CreateTestAccount(t, env.db, "agent3", "pass123", constants.UserTypeAgent, &shop.ID, nil)
+
+	// 删除商户
+	req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/admin/shops/%d", shop.ID), nil)
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	// 验证所有账号都被禁用
+	accounts := []*model.Account{account1, account2, account3}
+	for _, acc := range accounts {
+		var disabledAccount model.Account
+		err = env.db.First(&disabledAccount, acc.ID).Error
+		require.NoError(t, err)
+		assert.Equal(t, 2, disabledAccount.Status, "账号 %s 应该被禁用", acc.Username)
+	}
+
+	// 验证商户已软删除
+	var deletedShop model.Shop
+	err = env.db.Unscoped().First(&deletedShop, shop.ID).Error
+	require.NoError(t, err)
+	assert.NotNil(t, deletedShop.DeletedAt)
+}
+
+// TestShopAccount_Unauthorized 测试未认证访问
+func TestShopAccount_Unauthorized(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	// 不提供 token
+	req := httptest.NewRequest("GET", "/api/admin/shop-accounts", nil)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	// 应该返回 401 未授权
+	assert.Equal(t, 401, resp.StatusCode)
+}
+
+// TestShopAccount_FilterByStatus 测试按状态筛选账号
+func TestShopAccount_FilterByStatus(t *testing.T) {
+	env := setupShopAccountTestEnv(t)
+	defer env.teardown()
+
+	// 创建启用和禁用的账号
+	_ = testutil.CreateTestAccount(t, env.db, "enabled_agent", "pass123", constants.UserTypeAgent, &env.testShop.ID, nil)
+	disabledAccount := testutil.CreateTestAccount(t, env.db, "disabled_agent", "pass123", constants.UserTypeAgent, &env.testShop.ID, nil)
+
+	// 禁用第二个账号
+	env.db.Model(&disabledAccount).Update("status", 2)
+
+	// 查询只包含启用的账号
+	req := httptest.NewRequest("GET", fmt.Sprintf("/api/admin/shop-accounts?shop_id=%d&status=1", env.testShop.ID), nil)
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+
+	// 解析数据
+	dataMap, ok := result.Data.(map[string]interface{})
+	require.True(t, ok)
+
+	items, ok := dataMap["items"].([]interface{})
+	require.True(t, ok)
+
+	// 验证所有返回的账号都是启用状态
+	for _, item := range items {
+		itemMap := item.(map[string]interface{})
+		status := int(itemMap["status"].(float64))
+		assert.Equal(t, 1, status, "应该只返回启用的账号")
+	}
+
+	// 查询只包含禁用的账号
+	req = httptest.NewRequest("GET", fmt.Sprintf("/api/admin/shop-accounts?shop_id=%d&status=2", env.testShop.ID), nil)
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err = env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	dataMap = result.Data.(map[string]interface{})
+	items = dataMap["items"].([]interface{})
+
+	// 验证所有返回的账号都是禁用状态
+	for _, item := range items {
+		itemMap := item.(map[string]interface{})
+		status := int(itemMap["status"].(float64))
+		assert.Equal(t, 2, status, "应该只返回禁用的账号")
+	}
+}
--- a/tests/integration/shop_management_test.go
+++ b/tests/integration/shop_management_test.go
@@ -0,0 +1,395 @@
+package integration
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"fmt"
+	"net/http/httptest"
+	"testing"
+	"time"
+
+	"github.com/break/junhong_cmp_fiber/internal/bootstrap"
+	"github.com/break/junhong_cmp_fiber/internal/model"
+	"github.com/break/junhong_cmp_fiber/internal/routes"
+	"github.com/break/junhong_cmp_fiber/pkg/auth"
+	"github.com/break/junhong_cmp_fiber/pkg/config"
+	"github.com/break/junhong_cmp_fiber/pkg/response"
+	"github.com/break/junhong_cmp_fiber/tests/testutil"
+	"github.com/gofiber/fiber/v2"
+	"github.com/redis/go-redis/v9"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.uber.org/zap"
+	"gorm.io/driver/postgres"
+	"gorm.io/gorm"
+	"gorm.io/gorm/logger"
+)
+
+// shopManagementTestEnv 商户管理测试环境
+type shopManagementTestEnv struct {
+	db             *gorm.DB
+	redisClient    *redis.Client
+	tokenManager   *auth.TokenManager
+	app            *fiber.App
+	adminToken     string
+	superAdminUser *model.Account
+	t              *testing.T
+}
+
+// setupShopManagementTestEnv 设置商户管理测试环境
+func setupShopManagementTestEnv(t *testing.T) *shopManagementTestEnv {
+	t.Helper()
+
+	t.Setenv("CONFIG_ENV", "dev")
+	t.Setenv("CONFIG_PATH", "../../configs/config.dev.yaml")
+	cfg, err := config.Load()
+	require.NoError(t, err)
+	err = config.Set(cfg)
+	require.NoError(t, err)
+
+	zapLogger, _ := zap.NewDevelopment()
+
+	dsn := "host=cxd.whcxd.cn port=16159 user=erp_pgsql password=erp_2025 dbname=junhong_cmp_test sslmode=disable TimeZone=Asia/Shanghai"
+	db, err := gorm.Open(postgres.Open(dsn), &gorm.Config{
+		Logger: logger.Default.LogMode(logger.Silent),
+	})
+	require.NoError(t, err)
+
+	err = db.AutoMigrate(
+		&model.Account{},
+		&model.Role{},
+		&model.Permission{},
+		&model.AccountRole{},
+		&model.RolePermission{},
+		&model.Shop{},
+		&model.Enterprise{},
+		&model.PersonalCustomer{},
+	)
+	require.NoError(t, err)
+
+	redisClient := redis.NewClient(&redis.Options{
+		Addr:     "cxd.whcxd.cn:16299",
+		Password: "cpNbWtAaqgo1YJmbMp3h",
+		DB:       15,
+	})
+
+	ctx := context.Background()
+	err = redisClient.Ping(ctx).Err()
+	require.NoError(t, err)
+
+	testPrefix := fmt.Sprintf("test:%s:", t.Name())
+	keys, _ := redisClient.Keys(ctx, testPrefix+"*").Result()
+	if len(keys) > 0 {
+		redisClient.Del(ctx, keys...)
+	}
+
+	tokenManager := auth.NewTokenManager(redisClient, 24*time.Hour, 7*24*time.Hour)
+
+	superAdmin := testutil.CreateSuperAdmin(t, db)
+	adminToken, _ := testutil.GenerateTestToken(t, redisClient, superAdmin, "web")
+
+	deps := &bootstrap.Dependencies{
+		DB:           db,
+		Redis:        redisClient,
+		Logger:       zapLogger,
+		TokenManager: tokenManager,
+	}
+
+	result, err := bootstrap.Bootstrap(deps)
+	require.NoError(t, err)
+
+	handlers := result.Handlers
+	middlewares := result.Middlewares
+
+	app := fiber.New(fiber.Config{
+		ErrorHandler: func(c *fiber.Ctx, err error) error {
+			return c.Status(fiber.StatusInternalServerError).JSON(fiber.Map{"error": err.Error()})
+		},
+	})
+
+	routes.RegisterRoutes(app, handlers, middlewares)
+
+	return &shopManagementTestEnv{
+		db:             db,
+		redisClient:    redisClient,
+		tokenManager:   tokenManager,
+		app:            app,
+		adminToken:     adminToken,
+		superAdminUser: superAdmin,
+		t:              t,
+	}
+}
+
+// teardown 清理测试环境
+func (e *shopManagementTestEnv) teardown() {
+	e.db.Exec("DELETE FROM tb_account WHERE username LIKE 'test%' OR username LIKE 'agent%' OR username LIKE 'superadmin%'")
+	e.db.Exec("DELETE FROM tb_shop WHERE shop_code LIKE 'TEST%' OR shop_code LIKE 'DUP%' OR shop_code LIKE 'SHOP_%' OR shop_code LIKE 'ORIG%' OR shop_code LIKE 'DEL%' OR shop_code LIKE 'MULTI%'")
+
+	ctx := context.Background()
+	testPrefix := fmt.Sprintf("test:%s:", e.t.Name())
+	keys, _ := e.redisClient.Keys(ctx, testPrefix+"*").Result()
+	if len(keys) > 0 {
+		e.redisClient.Del(ctx, keys...)
+	}
+
+	e.redisClient.Close()
+}
+
+// TestShopManagement_CreateShop 测试创建商户
+func TestShopManagement_CreateShop(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	reqBody := model.CreateShopRequest{
+		ShopName:     "测试商户",
+		ShopCode:     "TEST001",
+		InitUsername: "testuser",
+		InitPhone:    "13800138000",
+		InitPassword: "password123",
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("POST", "/api/admin/shops", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	t.Logf("HTTP 状态码: %d", resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	t.Logf("响应 Code: %d, Message: %s", result.Code, result.Message)
+	t.Logf("响应 Data: %+v", result.Data)
+
+	if result.Code != 0 {
+		t.Fatalf("API 返回错误: %s", result.Message)
+	}
+
+	assert.Equal(t, 200, resp.StatusCode)
+	assert.Equal(t, 0, result.Code)
+	assert.NotNil(t, result.Data)
+
+	shopData, ok := result.Data.(map[string]interface{})
+	require.True(t, ok)
+	assert.Equal(t, "测试商户", shopData["shop_name"])
+	assert.Equal(t, "TEST001", shopData["shop_code"])
+	assert.Equal(t, float64(1), shopData["level"])
+	assert.Equal(t, float64(1), shopData["status"])
+}
+
+// TestShopManagement_CreateShop_DuplicateCode 测试创建商户 - 商户编码重复
+func TestShopManagement_CreateShop_DuplicateCode(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	// 通过 API 创建第一个商户
+	firstReq := model.CreateShopRequest{
+		ShopName:     "商户1",
+		ShopCode:     "DUP001",
+		InitUsername: "dupuser1",
+		InitPhone:    "13800138101",
+		InitPassword: "password123",
+	}
+	firstBody, _ := json.Marshal(firstReq)
+	firstHttpReq := httptest.NewRequest("POST", "/api/admin/shops", bytes.NewReader(firstBody))
+	firstHttpReq.Header.Set("Content-Type", "application/json")
+	firstHttpReq.Header.Set("Authorization", "Bearer "+env.adminToken)
+	firstResp, _ := env.app.Test(firstHttpReq, -1)
+	var firstResult response.Response
+	json.NewDecoder(firstResp.Body).Decode(&firstResult)
+	firstResp.Body.Close()
+
+	require.Equal(t, 0, firstResult.Code, "第一个商户应该创建成功")
+
+	// 尝试创建编码重复的商户
+	reqBody := model.CreateShopRequest{
+		ShopName:     "商户2",
+		ShopCode:     "DUP001", // 使用相同编码
+		InitUsername: "dupuser2",
+		InitPhone:    "13800138102",
+		InitPassword: "password123",
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("POST", "/api/admin/shops", bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	// 应该返回错误
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.NotEqual(t, 0, result.Code)        // 非成功状态
+	assert.Contains(t, result.Message, "已存在") // 错误消息应包含"已存在"
+}
+
+// TestShopManagement_ListShops 测试查询商户列表
+func TestShopManagement_ListShops(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试数据
+	testutil.CreateTestShop(t, env.db, "商户A", "SHOP_A", 1, nil)
+	testutil.CreateTestShop(t, env.db, "商户B", "SHOP_B", 1, nil)
+	testutil.CreateTestShop(t, env.db, "商户C", "SHOP_C", 2, nil)
+
+	req := httptest.NewRequest("GET", "/api/admin/shops?page=1&size=10", nil)
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+
+	// 解析分页数据
+	dataMap, ok := result.Data.(map[string]interface{})
+	require.True(t, ok)
+
+	items, ok := dataMap["items"].([]interface{})
+	require.True(t, ok)
+	assert.GreaterOrEqual(t, len(items), 3)
+}
+
+// TestShopManagement_UpdateShop 测试更新商户
+func TestShopManagement_UpdateShop(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试商户
+	shop := testutil.CreateTestShop(t, env.db, "原始商户", "ORIG001", 1, nil)
+
+	// 更新商户
+	reqBody := model.UpdateShopRequest{
+		ShopName: "更新后的商户",
+		Status:   1,
+	}
+
+	body, err := json.Marshal(reqBody)
+	require.NoError(t, err)
+
+	req := httptest.NewRequest("PUT", fmt.Sprintf("/api/admin/shops/%d", shop.ID), bytes.NewReader(body))
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+	assert.NotNil(t, result.Data)
+
+	shopData, ok := result.Data.(map[string]interface{})
+	require.True(t, ok)
+	assert.Equal(t, "更新后的商户", shopData["shop_name"])
+}
+
+// TestShopManagement_DeleteShop 测试删除商户
+func TestShopManagement_DeleteShop(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试商户
+	shop := testutil.CreateTestShop(t, env.db, "待删除商户", "DEL001", 1, nil)
+
+	// 删除商户
+	req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/admin/shops/%d", shop.ID), nil)
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+}
+
+// TestShopManagement_DeleteShop_WithMultipleAccounts 测试删除商户 - 多个关联账号
+func TestShopManagement_DeleteShop_WithMultipleAccounts(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	// 创建测试商户
+	shop := testutil.CreateTestShop(t, env.db, "多账号商户", "MULTI001", 1, nil)
+
+	// 删除商户
+	req := httptest.NewRequest("DELETE", fmt.Sprintf("/api/admin/shops/%d", shop.ID), nil)
+	req.Header.Set("Authorization", "Bearer "+env.adminToken)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	assert.Equal(t, 200, resp.StatusCode)
+
+	var result response.Response
+	err = json.NewDecoder(resp.Body).Decode(&result)
+	require.NoError(t, err)
+
+	assert.Equal(t, 0, result.Code)
+}
+
+// TestShopManagement_Unauthorized 测试未认证访问
+func TestShopManagement_Unauthorized(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	// 不提供 token
+	req := httptest.NewRequest("GET", "/api/admin/shops", nil)
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	// 应该返回 401 未授权
+	assert.Equal(t, 401, resp.StatusCode)
+}
+
+// TestShopManagement_InvalidToken 测试无效 token
+func TestShopManagement_InvalidToken(t *testing.T) {
+	env := setupShopManagementTestEnv(t)
+	defer env.teardown()
+
+	// 提供无效 token
+	req := httptest.NewRequest("GET", "/api/admin/shops", nil)
+	req.Header.Set("Authorization", "Bearer invalid-token-12345")
+
+	resp, err := env.app.Test(req, -1)
+	require.NoError(t, err)
+	defer resp.Body.Close()
+
+	// 应该返回 401 未授权
+	assert.Equal(t, 401, resp.StatusCode)
+}