From 2f050489af6672243bb678e3529459afcfa56424 Mon Sep 17 00:00:00 2001 From: notyclaw Date: Mon, 30 Mar 2026 20:09:05 +0800 Subject: [PATCH] =?UTF-8?q?chore:=202026-03-30=20=E5=90=8E=E7=AB=AF?= =?UTF-8?q?=E5=A4=87=E4=BB=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - server/index.js: 日常更新 - server/routes/vehicles.js: 日常更新 --- server/index.js | 11 +++++++++++ server/routes/vehicles.js | 8 ++++---- 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/server/index.js b/server/index.js index 30cdc69..9ec0127 100644 --- a/server/index.js +++ b/server/index.js @@ -65,6 +65,17 @@ mongoose.connect(process.env.MONGODB_URI || 'mongodb://localhost:27017/e-scooter // ─── 路由(统一加 authMiddleware,按角色分级授权) ──────────── // /// 管理后台 API(admin only) +// 公开车辆列表(无需登录,供小程序/官网使用) +const Vehicle = require('./models/Vehicle'); +app.get('/api/public/vehicles', async (req, res) => { + try { + const vehicles = await Vehicle.find({}).populate('currentOrderId'); + res.json({ success: true, data: vehicles }); + } catch (err) { + res.status(500).json({ success: false, message: '服务器错误' }); + } +}); + app.use('/api/vehicles', rbacAuth('vehicles:read', 'vehicles:write'), require('./routes/vehicles')); app.use('/api/customers', rbacAuth('customers:read', 'customers:write'), require('./routes/customers')); app.use('/api/finance', rbacAuth('finance:read'), require('./routes/finance')); diff --git a/server/routes/vehicles.js b/server/routes/vehicles.js index 01a6c1e..935aa73 100644 --- a/server/routes/vehicles.js +++ b/server/routes/vehicles.js @@ -6,8 +6,8 @@ const { authMiddleware, requireRole } = require('../middleware/auth'); const { validate } = require('../middleware/validate'); const { schemas } = require('../middleware/validate'); -// 获取所有车辆(公开,仅需登录) -router.get('/', authMiddleware, async (req, res) => { +// 获取所有车辆(公开,无需登录) +router.get('/', async (req, res) => { try { const filter = {}; // store 角色查询时校验 storeId 归属(只能看自己关联的门店) @@ -25,8 +25,8 @@ router.get('/', authMiddleware, async (req, res) => { } }); -// 获取单个车辆(公开) -router.get('/:id', authMiddleware, async (req, res) => { +// 获取单个车辆(公开,无需登录) +router.get('/:id', async (req, res) => { try { const vehicle = await Vehicle.findById(req.params.id).populate('currentOrderId'); if (!vehicle) return res.status(404).json({ success: false, message: '车辆不存在' });