fix: CORS/API 500 issues, switch to native tabbar, restore quick-actions

- Backend: guest UUID format fix, /auth/me guest branch, UUID validation in deps.py, CORS config fix
- Frontend: switch to native tabbar (custom: false), cleanup App.vue, redesign quick-actions with colored icons, conditional wechat login, proxy API requests via Vite

backend/app/api/v1/auth.py

@@ -82,7 +82,7 @@ async def login(
 
 @router.post("/login/guest")
 async def guest_login():
-    guest_id = f"guest_{uuid.uuid4().hex[:12]}"
+    guest_id = str(uuid.uuid4())
     access_token = create_access_token(
         {"sub": guest_id, "tier": "guest", "role": "guest", "is_guest": True},
         expires_delta=timedelta(hours=24)
@@ -109,8 +109,18 @@ async def refresh(data: RefreshRequest):
     if not payload or payload.get("type") != "refresh":
         raise HTTPException(status_code=401, detail="Invalid refresh token")
 
+    # 保留游客/角色等信息
+    extra = {}
+    if payload.get("is_guest"):
+        extra = {"is_guest": True, "tier": "guest", "role": "guest"}
+    else:
+        extra = {
+            "tier": payload.get("tier", "free"),
+            "role": payload.get("role", "user"),
+        }
+
     return {
-        "access_token": create_access_token({"sub": payload["sub"]}),
+        "access_token": create_access_token({"sub": payload["sub"], **extra}),
         "token_type": "bearer",
     }
 
@@ -127,6 +137,18 @@ async def get_me(
     if not payload:
         raise HTTPException(status_code=401, detail="Invalid token")
 
+    if payload.get("is_guest"):
+        return {
+            "id": payload["sub"],
+            "phone": None,
+            "username": "游客用户",
+            "tier": "guest",
+            "role": "guest",
+            "is_guest": True,
+            "settings": {},
+            "created_at": None,
+        }
+
     result = await db.execute(select(User).where(User.id == payload["sub"]))
     user = result.scalar_one_or_none()
     if not user:

backend/app/api/v1/deps.py

@@ -2,6 +2,7 @@ from fastapi import HTTPException, Depends, Header
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from app.core.security import decode_token
 from typing import Optional
+import uuid
 
 security = HTTPBearer(auto_error=False)
 
@@ -23,7 +24,16 @@ async def get_current_user_id(
     if not payload:
         raise HTTPException(status_code=401, detail="Invalid or expired token")
 
-    return payload.get("sub")
+    user_id = payload.get("sub")
+    if not user_id:
+        raise HTTPException(status_code=401, detail="Invalid token payload")
+
+    try:
+        uuid.UUID(user_id)
+    except (ValueError, AttributeError):
+        raise HTTPException(status_code=401, detail="Token expired, please login again")
+
+    return user_id
 
 
 async def get_current_user(

backend/app/main.py

@@ -31,11 +31,12 @@ app = FastAPI(
     version="1.0.0",
     docs_url="/docs",
     redoc_url="/redoc",
+    debug=settings.DEBUG,
 )
 
 app.add_middleware(
     CORSMiddleware,
-    allow_origins=[settings.FRONTEND_URL, "*"],
+    allow_origins=[settings.FRONTEND_URL],
     allow_credentials=True,
     allow_methods=["*"],
     allow_headers=["*"],