Syntiox Ideas is a secure, full-stack feedback collection portal where users can submit ideas, bug reports, feedback, Q&A and general messages to the Syntiox team.
- π Frontend β Pure HTML, CSS, JavaScript (no frameworks)
- β‘ Backend β Vercel Serverless Functions (Node.js)
- ποΈ Database β MongoDB Atlas (with local file fallback for development)
- π Security β AES-256-GCM field encryption + JWT authentication
| Feature | Details |
|---|---|
| π‘ Idea Submission | Share feature ideas with the team |
| π Bug Reports | Report bugs with optional screenshots |
| π¬ Feedback | General product feedback |
| β Q&A | Ask questions |
| π General | Anything else |
| Submit with Telegram username | |
| π¬ WhatsApp | Submit with WhatsApp number |
| π Phone | Submit with phone number |
| π Anonymous | Submit without any contact info |
| πΌοΈ Photo Upload | Drag & drop screenshots (up to 5MB) |
| Feature | Details |
|---|---|
| π Secure Login | JWT-based session (8h expiry) |
| π Stats Cards | Count by category at a glance |
| π Search | Search by name, message, or contact |
| ποΈ Filter | Filter by category |
| π Live Clock | Real-time date & time display |
| πΌοΈ Photo Lightbox | Click photos for full-screen view |
| ποΈ Delete | Remove submissions with confirmation |
| π Decryption | Contact details shown decrypted (admins only) |
| β±οΈ Auto Logout | Automatically logs out after 8 hours |
syntiox idias/
βββ π index.html # Public feedback portal
βββ π login.html # Admin login page
βββ π admin.html # Admin dashboard
βββ π¨ style.css # Premium dark glassmorphism CSS
βββ βοΈ app.js # Public portal JavaScript
βββ βοΈ admin-app.js # Admin dashboard JavaScript
βββ π¦ package.json # Node.js dependencies
βββ β² vercel.json # Vercel routing & build config
βββ π .env.example # Environment variables template
βββ π« .gitignore # Git ignore rules
βββ api/
βββ ποΈ db.js # MongoDB + local file fallback
βββ π crypto.js # AES-256-GCM encrypt/decrypt
βββ π¨ submit.js # POST /api/submit
βββ π login.js # POST /api/login
βββ π submissions.js # GET + DELETE /api/submissions
- Go to vercel.com β Add New Project
- Upload the
syntiox idiasfolder - Set Framework Preset to
Other - Add Environment Variables (see below)
- Click Deploy π
# Install Vercel CLI globally
npm install -g vercel
# Navigate to project folder and deploy
vercel
# For production deployment
vercel --prodCopy .env.example to .env.local and fill in your values:
# MongoDB Atlas connection string (optional β falls back to local file if missing)
MONGODB_URI=mongodb+srv://user:pass@cluster.mongodb.net/syntiox
# Admin panel password
ADMIN_PASSWORD=YourStrongPasswordHere!
# JWT signing secret (any long random string, min 32 chars)
JWT_SECRET=your-super-secret-jwt-key-minimum-32-characters
# AES-256 encryption key (MUST be exactly 64 hex characters)
ENCRYPTION_KEY=generate_with_command_belowGenerate ENCRYPTION_KEY:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"Generate JWT_SECRET:
node -e "console.log(require('crypto').randomBytes(48).toString('base64'))"
β οΈ Never commit.env.localto Git! It's already in.gitignore.
- Go to mongodb.com/atlas β Create a Free Cluster
- Create a database user with a strong password
- Whitelist IP
0.0.0.0/0(for Vercel serverless) - Click Connect β Drivers β copy the connection string
- Replace
<password>with your password and paste intoMONGODB_URI
If MONGODB_URI is not set, the app automatically uses a local JSON file (.local-db.json) for storage. Perfect for testing without any cloud setup.
User submits form
β
βΌ
[api/submit.js]
βββ Validates input (server-side)
βββ Encrypts contact info β AES-256-GCM ciphertext
βββ Saves to MongoDB/LocalDB
β
βΌ
π¦ Database
{
name: "John",
contactEncrypted: { iv: "...", authTag: "...", data: "..." }, β π
category: "bug",
message: "...",
photo: "data:image/png;base64,..."
}
β
βΌ
[api/submissions.js] (Admin only β JWT required)
βββ Verifies JWT token
βββ Decrypts contactEncrypted β plaintext
βββ Returns decrypted data to admin only
| Layer | Protection |
|---|---|
| Contact Data | AES-256-GCM encryption at rest |
| Admin Session | JWT (HS256, 8h expiry) |
| Password | Direct comparison (serverless-safe) |
| XSS | escapeHtml() on all admin-rendered content |
| CSRF | Stateless JWT β no cookies |
| Photo | 5MB limit, image/* type validation |
# 1. Install Vercel CLI
npm install -g vercel
# 2. Install project dependencies
npm install
# 3. Set up environment variables
copy .env.example .env.local
# Edit .env.local with your values
# 4. Start local dev server (supports Serverless Functions)
vercel devOpen http://localhost:3000 in your browser.
Default dev credentials (when env vars not set):
- Admin Password:
admin123- Encryption: Dev fallback key (not secure β set
ENCRYPTION_KEYfor production!)
Submit user feedback.
Request Body:
{
"name": "John Doe",
"contactType": "telegram",
"contactValue": "@johndoe",
"category": "idea",
"message": "It would be great if...",
"photo": "data:image/png;base64,..."
}Categories: idea | bug | feedback | qa | general
Contact Types: telegram | whatsapp | number | none
Admin login.
Request Body:
{ "password": "your_admin_password" }Response:
{ "success": true, "token": "eyJ...", "expiresIn": "8h" }Get all submissions. Requires Authorization: Bearer <token> header.
Query Params: ?category=bug&search=crash&page=1&limit=50
Delete a submission. Requires auth header.
- Theme: Dark Glassmorphism
- Fonts: Inter + Space Grotesk (Google Fonts)
- Colors: Purple β Blue β Cyan gradient
- Animations: Floating orbs, fade-in-up, spring transitions
- Responsive: Mobile-first, works on all screen sizes
Private β Syntiox Team use only.
Made with β€οΈ by the Syntiox Team
All submissions are encrypted and stored securely.
All submissions are encrypted and stored securely.