Unified Next.js + TypeScript + Prisma + PostgreSQL chatbot platform with multi-tenant bot management and embeddable widget.
- Next.js App Router (UI + API Route Handlers)
- Prisma ORM + PostgreSQL
- JWT auth
- AES-256-GCM encryption for per-bot AI keys
- In-memory rate limit
- Vanilla JS widget (
public/widget.js) with Shadow DOM
- Default model:
gemini-2.5-flash - Default provider base URL:
https://generativelanguage.googleapis.com/v1beta/models - API key header to provider:
x-goog-api-key
/login/dashboard/bots/bots/[id]/edit/bots/[id]/style/bots/[id]/knowledge
POST /api/auth/registerPOST /api/auth/login
GET /api/botsPOST /api/botsGET /api/bots/[id]PATCH /api/bots/[id]GET /api/bots/[id]/models(checks available Gemini models using this bot's API key)
GET /api/bots/[id]/knowledgePOST /api/bots/[id]/knowledgePOST /api/bots/[id]/knowledge/import(upload PDF/Excel and convert into knowledge entries)PATCH /api/bots/[id]/knowledge/[knowledgeId]DELETE /api/bots/[id]/knowledge/[knowledgeId]
GET /api/widget/config/[id]POST /api/chatOPTIONS /api/chat(CORS preflight)OPTIONS /api/widget/config/[id](CORS preflight)
- Install dependencies:
npm install- Create env file:
cp .env.example .env- Start PostgreSQL:
docker compose up -d- Run migrations:
npx prisma migrate dev --name init- Run app:
npm run dev<script src="https://your-domain.com/widget.js" data-bot-id="YOUR_BOT_ID" data-api-base-url="https://your-domain.com"></script>- Encrypted API keys at rest
- Domain whitelist check for widget config and chat
- Per-bot rate limiting in memory
- Prompt scope control with role + topics + knowledge
- Upload PDF or Excel (
.xlsx,.xls,.csv) in/bots/[id]/knowledge - Excel is generally better for structured store data (products, prices, inventory)
- PDF is useful for long-form descriptions, policies, and personal site context
- Imported content is chunked into multiple knowledge rows automatically