前后端分离启用 JWT(JSON Web Token)

之前看了各种关于JWT的讨论，主要集中在 Token 过期的管理、大量并发时 Token 刷新的问题等。想想问题应该不大，因为：

1、一个普通用户的客户端出现大并发应该不多；
2、少数请求前后过期刷新，后面的请求获得的 Token 会在客户端覆盖之前新获得的 Token。

所以就用最简单的办法。
除了单一页面程序 SPA（Single Page Application），小程序、原生客户端等也都适用。

新用户访问+签发JWT流程

老用户 TOKEN 过期更新过程

Client->Server: Unauthed Request Server->Wechat: Auth Redirect Wechat->Server: Code Server->Wechat: requestInfo Note right of Wechat: Verify Code Wechat->Server: userInfo Note right of Server: Generate Token Server->Client: Token Note Left of Client: Save token Client->Server: Authed Request{"theme":"simple","scale":"1,","line-width":2,"line-length":50,"text-margin":10,"font-size":12}Client->Client_HTTP_API: Request Note right of Client: Load token\nfrom store Client_HTTP_API->Router:(Expired) Token Router->MiddleWare: Check token Note right of MiddleWare: Need refresh: \nGenerate Token MiddleWare->Router: New Token Note right of Router: Continue\nprevious\nprocess Router->Client_HTTP_API: Response\nwith new token Client_HTTP_API->Client: Note left of Client: Save\n new token Client->Client_HTTP_API: Note left of Client_HTTP_API: New login\n request Client_HTTP_API->Router:{"theme":"simple","scale":"1,","line-width":2,"line-length":50,"text-margin":10,"font-size":12}