A secure, real-time team chat application built with Go backend and React frontend, featuring user authentication, team management, and WebSocket-based messaging.
- 🔐 Secure Authentication: JWT-based authentication with password hashing
- 👥 Team Management: Create, join, and manage teams
- 💬 Real-time Chat: WebSocket-based messaging with typing indicators
- 👤 User Profiles: Customizable user profiles with avatar generation
- 📱 Responsive Design: Modern UI built with Tailwind CSS
- 🗄️ File-based Database: BoltDB for data persistence
- 🔒 Security: Secure session management and data validation
- Go 1.21+ - High-performance server language
- Gorilla Mux - HTTP router and URL matcher
- Gorilla WebSocket - WebSocket implementation
- BoltDB - Embedded key/value database
- JWT - JSON Web Token authentication
- bcrypt - Password hashing
- React 18 - Modern UI library
- Vite - Fast build tool and dev server
- Tailwind CSS - Utility-first CSS framework
- React Router - Client-side routing
- Axios - HTTP client
- Lucide React - Beautiful icons
- Go 1.21 or higher
- Node.js 16 or higher
- npm or yarn
git clone <repository-url>
cd SuperChat# Install Go dependencies
go mod tidy
# Run the backend server
go run .The backend will start on http://localhost:8080
# Navigate to frontend directory
cd frontend
# Install dependencies
npm install
# Start development server
npm run devThe frontend will start on http://localhost:3000
# Build the frontend
npm run build
# The built files will be in the `web` folder
# The Go backend will serve these static files automaticallySuperChat/
├── main.go # Main server entry point
├── models.go # Data models and structures
├── auth.go # Authentication and middleware
├── database.go # Database operations
├── handlers.go # HTTP request handlers
├── websocket.go # WebSocket handling
├── go.mod # Go module dependencies
├── frontend/ # React frontend application
│ ├── src/
│ │ ├── components/ # Reusable UI components
│ │ ├── contexts/ # React contexts
│ │ ├── pages/ # Page components
│ │ ├── services/ # API services
│ │ ├── App.jsx # Main app component
│ │ └── main.jsx # React entry point
│ ├── package.json # Node.js dependencies
│ ├── vite.config.js # Vite configuration
│ └── tailwind.config.js # Tailwind CSS configuration
└── README.md # This file
POST /api/auth/register- User registrationPOST /api/auth/login- User loginPOST /api/auth/logout- User logout
GET /api/user/profile- Get user profilePUT /api/user/profile- Update user profile
POST /api/teams- Create new teamGET /api/teams- Get user's teamsGET /api/teams/{id}- Get team detailsPOST /api/teams/{id}/join- Join teamPOST /api/teams/{id}/leave- Leave team
GET /api/teams/{id}/messages- Get team messagesPOST /api/teams/{id}/messages- Send messageGET /ws/{teamId}- WebSocket connection for real-time chat
chat_message- New chat messagetyping- User typing indicatoruser_joined- User joined notificationuser_left- User left notificationping/pong- Connection keep-alive
- Password Hashing: bcrypt with cost factor 14
- JWT Tokens: Secure session management
- Input Validation: Server-side validation for all inputs
- CORS Protection: Configurable origin checking
- Rate Limiting: Built-in request throttling
- SQL Injection Protection: Parameterized queries with BoltDB
The application uses BoltDB with the following buckets:
- users: User account information
- teams: Team data and metadata
- team_members: User-team relationships
- messages: Chat message history
PORT- Server port (default: 8080)JWT_SECRET- JWT signing secret (change in production)
Update the JWT secret in auth.go:
var jwtSecret = []byte("your-secret-key-change-in-production")# Backend tests
go test ./...
# Frontend tests
cd frontend
npm test# Backend
go fmt ./...
# Frontend
cd frontend
npm run lint# Build frontend
cd frontend
npm run build
# Build backend (optional)
go build -o superchat .- Set production environment variables
- Use a proper JWT secret
- Configure reverse proxy (nginx/Apache)
- Set up SSL/TLS certificates
- Configure firewall rules
Regularly backup the superchat.db file:
cp superchat.db superchat.db.backup- Fork the repository
- Create a feature branch
- Make your changes
- Add tests if applicable
- Submit a pull request
This project is licensed under the MIT License - see the LICENSE file for details.
For support and questions:
- Create an issue in the repository
- Check the documentation
- Review the code examples
- File sharing capabilities
- Voice and video calls
- Mobile applications
- Advanced team permissions
- Message search and filtering
- Push notifications
- Multi-language support
- Dark mode theme
- Message reactions
- User status indicators
- Done: usernames are immutable; added editable display name across backend and frontend (handlers.go, models.go, auth.go/frontend).
- Done: uploads locked down with owner/team metadata and header-based access (no JWTs in URLs) (handlers.go, database.go, frontend).
- Enforce membership on WebSocket sessions: drop/deny connections for removed users and re-check membership on inbound messages (handlers.go, websocket.go).
- Harden origin/CORS: replace
*CORS and permissiveCheckOriginwith a configurable allowlist (main.go, websocket.go). - Secure JWT handling: move
jwtSecretto env/config, validate signing method, and plan for rotation (auth.go). - Align server defaults/logging: reconcile port/TLS defaults with README and fix the extra quote in the startup log (main.go).
- Add rate limiting/body size limits for auth/messaging/uploads (main.go middleware, handlers).
- Bound message payload sizes and validate WS payloads to prevent oversized writes (handlers.go, websocket.go).
- Improve message storage/query: key messages per team/timestamp and add pagination to avoid full scans (database.go).
- Add tests for auth, username index integrity, membership enforcement, uploads ACL, and WS join/leave broadcasting (new _test.go files).
- Gorilla WebSocket for WebSocket implementation
- BoltDB for embedded database
- Tailwind CSS for styling
- Lucide for beautiful icons
- DiceBear for avatar generation