const express = require("express"); const cors = require("cors"); const app = express(); const PORT = 5000; app.use( cors({ origin: [ "http://localhost:5173", // dev "https://ai-3d-tutor.vercel.app", // production ], methods: ["GET", "POST"], credentials: false, }), ); app.use(express.json()); const narrations = { 0: "Welcome to the JWT visualizer. JWT stands for JSON Web Token. It is a secure way to share information between a user and a server.", 1: "The process begins with a login request. The user sends their credentials to the authentication server. This is how the server knows who the user is.", 2: "The server verifies the credentials. If they are correct, the server creates a JWT. This token contains user data and a digital signature for security.", 3: "The user receives and stores the token. They can now use this token to access protected areas. They do not need to send their password ever again.", 4: "When the user reaches a protected gate, they show their token. The gate verifies the digital signature. If the signature is valid, access is granted.", 5: "Every token has an expiration time. This improves security by limiting how long a token is valid. If a token expires, the user must log in again.", 6: "A token is invalid if it has been changed or if the signature does not match. The gate rejects modified tokens to keep the system secure.", 100: "Hi there. Have you ever wondered how websites remember who you are without asking for your password every single second? That’s where the JSON Web Token—or JWT—comes in. Let’s follow a simple journey. First, a user sends their login details to an authentication server. If the details are correct, the server doesn't just open a door; instead, it hands the user a digital key—a JWT. This token is special. It’s a compact, secure package that contains a digital signature proving it hasn't been tampered with. Now, the user carries this token to a security gate. They don't need to re-enter their password; they simply show the token. The gate quickly verifies the signature, and once confirmed, it swings open to grant access. It’s a simple, secure, and efficient way to handle identity across the web. With a JWT, the server doesn't need to remember everything about you—it just needs to trust the token you hold.", }; app.get("/api/narration/:step", (req, res) => { const step = parseInt(req.params.step); if (narrations.hasOwnProperty(step)) { res.json({ step, narration: narrations[step] }); } else { res.status(404).json({ error: "Step not found" }); } }); app.post("/api/chat", (req, res) => { const { message } = req.body; const lowerMsg = message ? message.toLowerCase() : ""; let answer = "I'm not sure about that. Try asking 'What is a JWT?' or 'Is it safe?'."; if (lowerMsg.includes("what") && lowerMsg.includes("jwt")) { answer = "A JWT (JSON Web Token) is like a digital ID card. It securely transmits information between parties as a JSON object."; } else if (lowerMsg.includes("why") || lowerMsg.includes("use")) { answer = "We use JWTs because they are compact and self-contained. The server doesn't need to keep a session record in memory."; } else if (lowerMsg.includes("safe") || lowerMsg.includes("secure")) { answer = "JWTs are signed, so they can't be tampered with. However, you should secure them with HTTPS and never put secrets in the payload!"; } else if (lowerMsg.includes("header")) { answer = "The Header tells us the type of token (JWT) and the hashing algorithm used (like HS256)."; } else if (lowerMsg.includes("payload")) { answer = "The Payload contains the claims (data) about the user, like their ID or name. This part is readable by anyone!"; } else if (lowerMsg.includes("signature")) { answer = "The Signature is what makes the token secure. It's created using a secret key to verify the token hasn't been changed."; } res.json({ answer }); }); app.listen(PORT, () => { console.log(`Server running on http://localhost:${PORT}`); });