Authenticating the User

const { SignJWT } = require("jose");

app.post("/referral-program/generate-token", async (req, res) => {
  const SECRET = "YOUR_PRODUCT_SECRET";
  const PRODUCT_ID = "YOUR_PRODUCT_ID";
  const userId = req.body.userId; // e.g., from request payload

  try {
    const secretKey = new TextEncoder().encode(SECRET);
    const token = await new SignJWT({
      ProductId: PRODUCT_ID,
      UserId: userId,
      iat: Math.floor(Date.now() / 1000),
    })
      .setProtectedHeader({ alg: "HS512", typ: "JWT" })
      .sign(secretKey);

    return res.json({ token });
  } catch (error) {
    return res.status(500).json({ error: "Token generation failed" });
  }
});