流程

前端 → 后端 → 拦截器 → 限流 → AOP → Controller → 刷新 → 退出

前端登录并获取双 JWT

1、前端：用户在前端输入用户名和密码，调用 /auth/login 接口。

fetch("/auth/login", {method: "POST",headers: { "Content-Type": "application/json" },body: JSON.stringify({ username: "user1", password: "123456" })
})
.then(res => res.json())
.then(data => {const accessToken = data.accessToken;const refreshToken = data.refreshToken;// 保存到前端存储localStorage.setItem("accessToken", accessToken);localStorage.setItem("refreshToken", refreshToken);
});

2、后端：服务端返回 accessToken 和 refreshToken

@RestController
@RequestMapping("/auth")
public class AuthController {@Autowiredprivate StringRedisTemplate redisTemplate;@PostMapping("/login")public Map<String, String> login(@RequestParam String username, @RequestParam String password) {// 验证用户名密码（示例）String userId = "1001";String accessToken = JwtUtil.generateAccessToken(userId);String refreshToken = JwtUtil.generateRefreshToken(userId);// 保存 refreshToken 到 RedisredisTemplate.opsForValue().set("refresh:" + userId, refreshToken, 7, TimeUnit.DAYS);Map<String, String> result = new HashMap<>