1  const express = require("express");
 2  const jwt = require("jsonwebtoken");
 3  const path = require("path");
 4  
 5  const app = express();
 6  app.use(express.json());
 7  app.use(express.urlencoded({ extended: true }));
 8  app.use(express.static(path.join(__dirname, "public")));
 9  
10  // POST /token — generate a signed JWT context token
11  app.post("/token", (req, res) => {
12    const { secret, claims, ttl } = req.body;
13  
14    if (!secret) return res.status(400).json({ error: "secret is required" });
15    if (!claims || typeof claims !== "object") {
16      return res.status(400).json({ error: "claims must be a JSON object" });
17    }
18  
19    const ttlSeconds = parseInt(ttl, 10) || 3600;
20    const now = Math.floor(Date.now() / 1000);
21  
22    const payload = {
23      ...claims,
24      iat: now,
25      exp: now + ttlSeconds,
26    };
27  
28    try {
29      const token = jwt.sign(payload, secret, { algorithm: "HS256" });
30      res.json({ token, payload });
31    } catch (err) {
32      res.status(500).json({ error: err.message });
33    }
34  });
35  
36  const PORT = process.env.PORT || 3333;
37  app.listen(PORT, () => {
38    console.log(`Widget context test server running at http://localhost:${PORT}`);
39  });