A production-ready, enterprise-grade chatbot application built with Spring Boot and React, featuring advanced security, admin management, and AI integration with Llama3.
Inspired by MCP-Server
- Features
- Architecture
- Tech Stack
- Project Structure
- Getting Started
- API Documentation
- Security Features
- Admin Panel
- Contributing
- License
- π¬ AI-Powered Chat - Integration with Llama3 via Ollama for intelligent conversations
- π Secure Authentication - JWT-based auth with email verification and password reset
- π Session Management - Create, update, delete, and organize chat sessions
- π Search Functionality - Search chat sessions by title
- π Public Chat Sharing - Share chat sessions publicly and copy others' conversations
- πΎ Complete Message CRUD - Edit, delete, and regenerate AI responses
- π₯ User Profiles - Profile management with password change functionality
- π Project Organization - Group chat sessions into customizable projects with colors/icons
- π‘οΈ Prompt Injection Protection - Multi-layer security with input/output filtering and pattern detection
- β‘ Rate Limiting - Email verification and API endpoint protection
- π Admin Dashboard - Comprehensive admin panel with activity logging
- π Role-Based Access Control - Multi-level admin hierarchy (Level 0-2)
- π§ Email Notifications - Security alerts and verification emails
- π Message Regeneration - Re-generate AI responses with different models
- π― Context Management - Smart context window limiting (last 20 messages)
- π¨ Auth Error Logging - Track failed authentication attempts with IP and user agent
- π Two-Factor Authentication - TOTP-based 2FA for admin accounts
- π Argon2 Password Hashing - Industry-standard password security
- π¨ Security Event Logging - Track prompt injection attempts with email alerts
- π Admin Activity Logging - 38 operations logged across 6 services
- π Token Management - Secure handling of verification and reset tokens
- π CORS Configuration - Secure cross-origin resource sharing
- π‘οΈ Output Filtering - Validates AI responses to prevent system prompt leakage
- π Auth Error Tracking - Monitor and manage failed authentication attempts
- πΎ Database Backup - Automated daily backups with email notifications
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend β
β React + Vite + Context API β
β (Protected Routes, Admin Panel, Streaming) β
βββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β HTTP/REST API
βββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββββ
β Spring Boot Backend β
β ββββββββββββββββ¬βββββββββββββββ¬βββββββββββββββββββββββββββ β
β β Controllers β Services β Security Layer β β
β β (17 REST) β (26 Svc) β (JWT, 2FA, Filters) β β
β ββββββββββββββββ΄βββββββββββββββ΄βββββββββββββββββββββββββββ β
βββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββΌββββββββββββββββ
β β β
βββββββββΌβββββββ ββββββββΌβββββββ βββββββΌβββββββ
β MySQL β β Redis β β Ollama β
β (Database) β β (Cache) β β (Llama3) β
ββββββββββββββββ βββββββββββββββ ββββββββββββββ
- Framework: Spring Boot 3.4.4
- Language: Java 17
- Security: Spring Security + JWT + 2FA (TOTP)
- Database: MySQL 8.0
- Cache: Redis
- ORM: Spring Data JPA
- Validation: Jakarta Validation
- Password: Argon2 (Bouncy Castle)
- Email: Spring Mail (Gmail SMTP)
- AI Integration: Ollama (Llama3)
- Framework: React 18+
- Build Tool: Vite 5.0
- HTTP Client: Axios
- State Management: Context API (Auth, Chat, Admin)
- Routing: React Router 6
- Markdown: react-markdown + remark-gfm
- Code Highlighting: react-syntax-highlighter
- Containerization: Docker + Docker Compose
- API Testing: Postman Collections (8 collections included)
- Documentation: Comprehensive Markdown docs
chatbot/
βββ backend/ # Spring Boot Backend
β βββ src/main/java/com/g4/chatbot/
β β βββ config/ # Security, CORS, Email, 2FA configs (11 files)
β β βββ controllers/ # REST API endpoints (17 controllers)
β β βββ dto/ # Data Transfer Objects (64 files)
β β βββ exception/ # Custom exceptions (6 files)
β β βββ models/ # JPA entities (11 entities)
β β βββ repos/ # JPA repositories (11 repos)
β β βββ security/ # Security utilities (4 files)
β β βββ services/ # Business logic (26 services)
β βββ docs/ # API documentation (31 files)
β βββ postman_files/ # Postman collections (8 files)
β βββ pom.xml # Maven dependencies
β
βββ frontend/ # React Frontend
β βββ src/
β β βββ components/ # React components (19 components)
β β β βββ admin/ # Admin panel components
β β β βββ auth/ # Auth components
β β β βββ chat/ # Chat components
β β βββ context/ # Context providers (Auth, Chat, Admin)
β β βββ hooks/ # Custom hooks
β β βββ pages/ # Page components (17 pages - 8 admin + 9 user)
β β βββ services/ # API services (api.js, adminApi.js)
β βββ package.json # npm dependencies
β βββ vite.config.js # Vite configuration
β
βββ docs/ # Project documentation
βββ tools/ # Utility scripts
βββ docker-compose.yml # Docker configuration
βββ README.md # This file
- Java 17+ - Download
- Maven 3.8+ - Download
- Node.js 18+ - Download
- MySQL 8.0 - Download
- Redis - Download
- Ollama - Download
- Docker (Optional) - Download
# Clone the repository
git clone https://github.com/g4stlyx/chatbot.git
cd chatbot
# Start all services with Docker Compose
docker-compose up -d
# The application will be available at:
# Backend: http://localhost:8080
# Frontend: http://localhost:3000cd backend
# Configure environment variables
cp .env.example .env
# Edit .env with your database credentials
# Install dependencies and run
mvn clean install
mvn spring-boot:run
# Backend will start at http://localhost:8080-- Create database
CREATE DATABASE chatbot_db;
-- Tables are auto-created by JPA# Install Ollama (if not installed)
# Visit https://ollama.ai/
# Pull Llama3 model
ollama pull llama3
# Verify Ollama is running
curl http://localhost:11434/api/tagscd frontend
# Install dependencies
npm install
# Start development server
npm run dev
# Frontend will start at http://localhost:3000After first run, create an admin account:
# Use the registration endpoint with admin flag
# Or seed the database with admin credentialsThe project includes 8 comprehensive Postman collections in backend/postman_files/:
- 0auth.postman_collection.json - Authentication endpoints
- 1chat_sessions.postman_collection.json - Chat session management (15 requests)
- 2chatbot(llama)_api_phase1.postman_collection.json - Chat API
- 3messages_phase2.postman_collection.json - Message CRUD operations (6 requests)
- 4profiles.postman_collection.json - User profile management
- 5admin_panel_api.postman_collection.json - Admin operations
- 6projects.postman_collection.json - Project management
- 7database_backup.postman_collection.json - Database backup
POST /api/v1/auth/register # Register new user
POST /api/v1/auth/login # Login user/admin
POST /api/v1/auth/verify-email # Verify email
POST /api/v1/auth/request-reset # Request password reset
POST /api/v1/auth/reset-password # Reset password
GET /api/v1/sessions # Get user's sessions
POST /api/v1/sessions # Create session
GET /api/v1/sessions/{id} # Get session
PUT /api/v1/sessions/{id} # Update session
DELETE /api/v1/sessions/{id} # Delete session
GET /api/v1/sessions/search?q={term} # Search sessions
PATCH /api/v1/sessions/{id}/visibility # Toggle public/private
GET /api/v1/sessions/public # Get public sessions
POST /api/v1/sessions/public/{id}/copy # Copy public session
GET /api/v1/projects # Get user's projects
POST /api/v1/projects # Create project
GET /api/v1/projects/{id} # Get project
PUT /api/v1/projects/{id} # Update project
DELETE /api/v1/projects/{id} # Delete project
GET /api/v1/projects/search?q={term} # Search projects
POST /api/v1/projects/{id}/archive # Archive project
POST /api/v1/projects/{id}/unarchive # Unarchive project
POST /api/v1/projects/{id}/sessions/{sid} # Add session to project
DELETE /api/v1/projects/{id}/sessions/{sid} # Remove session from project
GET /api/v1/sessions/{id}/messages # Get messages
GET /api/v1/messages/{id} # Get single message
PUT /api/v1/messages/{id} # Edit message
DELETE /api/v1/messages/{id} # Delete message
POST /api/v1/sessions/{id}/regenerate # Regenerate response
GET /api/v1/sessions/public/{id}/messages # Get public session messages
POST /api/v1/chat/send # Send message (non-streaming)
POST /api/v1/chat/stream # Send message (streaming)
POST /api/v1/admin/2fa/setup # Setup 2FA
POST /api/v1/admin/2fa/verify # Verify and enable
POST /api/v1/admin/2fa/disable # Disable 2FA
GET /api/v1/admin/2fa/status # Check status
POST /api/v1/admin/2fa/verify-login # Verify during login
Multi-layered defense system with input and output filtering:
- β System prompt enforcement (role and purpose definition)
- β Input validation and sanitization
- β Pattern detection (malicious keywords/phrases)
- β Output filtering (prevents system prompt leakage and character breaking)
- β Context window management (last 20 messages)
- β Database logging with severity levels
- β Email alerts to admins (threshold: 3+ attempts)
- β Admin panel for viewing injection logs
- Email verification: 1 request per 60 seconds
- Configurable rate limits per endpoint
- JWT-based stateless authentication
- Token expiration and refresh
- Role-based access control (USER, ADMIN levels 0-2)
- Argon2 password hashing
- Two-factor authentication (TOTP) for admins
- Email verification required
- Account locking after failed attempts
- Password reset with secure tokens
- Active/inactive account status
- Authentication error logging
- Level 0 (Super Admin) - Full access including logs and tokens
- Level 1 (Admin) - User and session management
- Level 2 (Moderator) - Limited content moderation
- Create, update, delete users
- Activate/deactivate accounts
- Unlock locked accounts
- Reset user passwords
- Verify user emails
- View user list and details
- View, delete, archive sessions
- Flag/unflag inappropriate sessions
- Toggle public/private visibility
- Access all user sessions
- View, delete messages
- Flag/unflag inappropriate content
- Access message history
- View admin activity logs (38 operations tracked)
- Manage verification tokens
- Manage password reset tokens
- View prompt injection logs
- View authentication error logs (401, 403, 404)
- Monitor failed login attempts
- Bulk token cleanup
- Trigger database backups
All admin operations are logged with:
- Admin ID and username
- Operation type (CREATE, UPDATE, DELETE, READ, etc.)
- IP address and user agent
- Timestamp and detailed context
- Target resource information
Comprehensive documentation available in /backend/docs/:
CHAT_SEARCH_AND_SHARING_FEATURES.md- Search and public sharing featuresADMIN_PANEL_COMPLETE_SUMMARY.md- Complete admin panel documentationADMIN_ACTIVITY_LOGGING_FINAL_SUMMARY.md- Activity logging guideAUTHENTICATION_ERROR_LOGGING.md- Auth error loggingCOMPLETE_ANTI_PROMPT_INJECTION_SYSTEM.md- Security documentationPHASE1_COMPLETE.md- Phase 1 implementation detailsPHASE2_IMPLEMENTATION_SUMMARY.md- Phase 2 features (Message CRUD)PROFILE_FEATURE_README.md- Profile management guideEMAIL_VERIFICATION_RATE_LIMITING.md- Rate limiting implementation- And 20+ more detailed technical guides
cd backend
mvn testcd frontend
npm testImport Postman collections from backend/postman_files/ and test all endpoints.
Key configuration in application.properties:
# Database
spring.datasource.url=jdbc:mysql://localhost:3306/chatbot_db
spring.datasource.username=your_username
spring.datasource.password=your_password
# JWT
jwt.secret=your-secret-key
jwt.expiration=86400000
# Email
spring.mail.host=smtp.gmail.com
spring.mail.username=your-email@gmail.com
spring.mail.password=your-app-password
# Ollama
ollama.base-url=http://localhost:11434Configuration in .env:
VITE_API_BASE_URL=http://localhost:8080
VITE_APP_NAME=Chatbot AIContributions are welcome! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/AmazingFeature) - Commit your changes (
git commit -m 'Add some AmazingFeature') - Push to the branch (
git push origin feature/AmazingFeature) - Open a Pull Request
See backend/TODO.md for the complete task list.
- β Project grouping for chat sessions (with colors/icons)
- β Output filtering for AI responses
- β Authentication error logging (401, 403, 404)
- β Chat search by title
- β Public chat sharing
- β Prompt injection protection (8-layer defense)
- β Two-factor authentication (2FA) for admins
- β Database backup system
- β
Complete frontend admin panel:
- β Admin login, dashboard, profile
- β User management (full CRUD)
- β Session management (list, delete, archive, flag)
- β Message management (list, delete, flag)
- β Admin management (CRUD, Level 0-1 only)
- β Activity logs viewer (Level 0 only)
- β Token management (Level 0 only)
- Ready-made prompt templates (user-created & admin-managed)
- AI persona system (like Gemini Gems)
- OpenAI/Claude/Gemini integration options
- Dark mode in frontend
- Project management UI in frontend
- Toast notification system
This project is licensed under the MIT License - see the LICENSE file for details.
- Inspired by MCP-Server
- Built with Spring Boot and React
- AI powered by Ollama and Llama3
For questions or feedback, please open an issue on GitHub.
β If you find this project helpful, please consider giving it a star!