question 1:

how does nodejs implement restful api authentication?

1. has tried jwt, but cannot expire actively after token is signed. That is to say, for example, if a user logs in and issues a two-hour token, the token is valid within two hours. Then, how to log out and log in? In other words, if you let the token expire; the method I currently implement is for the user to log in and issue a 2-hour token, to store the user information and token in the redis, client request to carry the token,. First verify the token, carried by the client. If the verification is successful, then query it from the redis for verification. If you log out, empty the user information of redis directly. Do you have any more reasonable way to share? thank you;
2. oauth2.0, this frankly has not been used, found some information to see in the cloud, it does not seem to be suitable for my scene. I completely separate the front and rear ends and share the api interface, and the background is also a pure static html to adjust the interface. The front desk also adjusts the same interface. So how to use oauth2.0 to achieve login, exit login and authority verification? please give us your advice.

there are other good api verification schemes, please let me know, thank you

question 2
how to restrict a user"s api access frequency is judged by the user"s token, user device or the user"s ip. Asked the java classmate whether to say redis and servlet filter to achieve, really do not understand. Please let me know if there are any good solutions; it is better to combine with redis,ngnix,express; Thank you;