chore: 2026-03-30 后端备份

- server/index.js: 日常更新
- server/routes/vehicles.js: 日常更新

server/index.js

@@ -65,6 +65,17 @@ mongoose.connect(process.env.MONGODB_URI || 'mongodb://localhost:27017/e-scooter
 // ─── 路由（统一加 authMiddleware，按角色分级授权） ────────────
 //
 /// 管理后台 API（admin only）
+// 公开车辆列表（无需登录，供小程序/官网使用）
+const Vehicle = require('./models/Vehicle');
+app.get('/api/public/vehicles', async (req, res) => {
+  try {
+    const vehicles = await Vehicle.find({}).populate('currentOrderId');
+    res.json({ success: true, data: vehicles });
+  } catch (err) {
+    res.status(500).json({ success: false, message: '服务器错误' });
+  }
+});
+
 app.use('/api/vehicles',     rbacAuth('vehicles:read', 'vehicles:write'), require('./routes/vehicles'));
 app.use('/api/customers',    rbacAuth('customers:read', 'customers:write'), require('./routes/customers'));
 app.use('/api/finance',       rbacAuth('finance:read'), require('./routes/finance'));

server/routes/vehicles.js

@@ -6,8 +6,8 @@ const { authMiddleware, requireRole } = require('../middleware/auth');
 const { validate } = require('../middleware/validate');
 const { schemas } = require('../middleware/validate');
 
-// 获取所有车辆（公开，仅需登录）
-router.get('/', authMiddleware, async (req, res) => {
+// 获取所有车辆（公开，无需登录）
+router.get('/', async (req, res) => {
   try {
     const filter = {};
     // store 角色查询时校验 storeId 归属（只能看自己关联的门店）
@@ -25,8 +25,8 @@ router.get('/', authMiddleware, async (req, res) => {
   }
 });
 
-// 获取单个车辆（公开）
-router.get('/:id', authMiddleware, async (req, res) => {
+// 获取单个车辆（公开，无需登录）
+router.get('/:id', async (req, res) => {
   try {
     const vehicle = await Vehicle.findById(req.params.id).populate('currentOrderId');
     if (!vehicle) return res.status(404).json({ success: false, message: '车辆不存在' });