An AI-powered academic research platform for BSIT students to upload, discover, and analyze thesis papers.
The Smart Thesis Repository is a full-stack SaaS platform built for BSIT students and faculty. Students upload PDF thesis papers that are automatically indexed for full-text search and analyzed with AI. Advisers leave structured feedback. Admins manage submissions and users through a dedicated dashboard.
Landing Page
Thesis Repository with Search & Filters
AI Research Tools
Admin Dashboard
- PDF Upload — Drag-and-drop upload to Cloudinary with automatic text extraction via
pdf-parse - Full-Text Search — PostgreSQL
to_tsvector/plainto_tsqueryacross title, abstract, and extracted content - AI Research Tools — 5 Gemini-powered tools: summary, abstract, title suggestions, APA citation, related studies
- Daily Rate Limiting — Max 10 AI requests per user per day, tracked in the database
- Role-Based Access — Student · Admin · Adviser with distinct permission sets
- Bookmarks — Save and revisit any thesis with an optimistic-UI toggle
- Comments — Advisers and Admins leave structured feedback on thesis pages
- Admin Panel — Approve/reject submissions, manage users, platform-wide statistics
- Dark Mode — System-preference aware, persistent via
next-themes - JWT Auth — Stored in httpOnly cookies — not accessible to JavaScript
- Responsive — Mobile-first Tailwind layout throughout
| Role | Permissions |
|---|---|
| STUDENT | Register, upload theses, use AI tools, search, bookmark |
| ADMIN | All student permissions + approve/reject theses, manage users, view platform stats |
| ADVISER | View theses, post comments on student papers |
| Technology | Purpose |
|---|---|
| Next.js 14 (App Router) | React framework with server/client component model |
| TypeScript | Full type safety across all components and hooks |
| Tailwind CSS | Utility-first styling with dark mode support |
| next-themes | System-aware dark/light mode with persistence |
| shadcn/ui | Accessible component primitives |
| Axios | HTTP client with httpOnly cookie support |
| lucide-react | Icon library |
| Technology | Purpose |
|---|---|
| Node.js + Express.js | REST API server |
| TypeScript | Typed controllers, services, and middleware |
| Prisma ORM | Type-safe database access |
| Zod | Runtime validation on all request bodies |
| Multer | PDF file handling (memory storage) |
| pdf-parse | Text extraction from uploaded PDFs |
| Technology | Purpose |
|---|---|
| PostgreSQL via Supabase | Primary database (free tier) |
| Cloudinary | PDF file storage and delivery (free tier) |
| Technology | Purpose |
|---|---|
| Google Gemini 1.5 Flash | AI text generation (free tier) |
| jsonwebtoken | JWT — 7-day expiry, httpOnly cookie |
| bcryptjs | Password hashing (12 salt rounds) |
Smart_Thesis_Repository/
├── backend/
│ ├── prisma/schema.prisma # 7 Prisma models
│ ├── src/
│ │ ├── config/ # Prisma client singleton, Cloudinary
│ │ ├── controllers/ # auth, thesis, ai, bookmark, comment, admin
│ │ ├── services/ # Business logic + DB queries
│ │ ├── middleware/ # auth, role, upload
│ │ ├── routes/ # All Express routers
│ │ └── utils/ # JWT, response helpers, pdf extractor
│ ├── server.ts
│ └── render.yaml # Render deployment config
│
├── frontend/
│ ├── app/
│ │ ├── (auth)/login, register
│ │ ├── (dashboard)/
│ │ │ ├── dashboard/ # Role-aware stats
│ │ │ ├── thesis/ # Listing, upload, detail
│ │ │ ├── ai-tools/ # 5 Gemini tools
│ │ │ ├── bookmarks/
│ │ │ └── admin/ # Stats + user management
│ │ └── providers.tsx # ThemeProvider + AuthProvider
│ ├── components/
│ │ ├── ai/ # AiToolPanel, AiOutput
│ │ ├── layout/ # DashboardLayout (sidebar + dark toggle)
│ │ ├── shared/ # LoadingSkeleton, EmptyState, ErrorBanner,
│ │ │ # SearchBar, FilterBar, FileUpload
│ │ └── thesis/ # ThesisCard, ThesisDetail, BookmarkButton,
│ │ # CommentSection
│ ├── hooks/ # useAuth, useThesis
│ ├── lib/api.ts # Axios instance
│ ├── types/index.ts # All TypeScript interfaces
│ └── vercel.json # Vercel deployment config
│
├── DEPLOYMENT.md # Step-by-step production deployment guide
└── README.md
- Node.js 18+
- Supabase project (free tier)
- Cloudinary account (free tier)
- Google AI Studio API key (free tier)
cd backend
npm install
# Copy and fill in environment variables
cp .env.example .env
# Generate Prisma client and run migration
npx prisma generate
npx prisma migrate dev --name init
# Start development server (http://localhost:5000)
npm run devcd frontend
npm install
# Create environment file
echo "NEXT_PUBLIC_API_URL=http://localhost:5000" > .env.local
# Initialize shadcn/ui (first time only)
npx shadcn@latest init
# Start development server (http://localhost:3000)
npm run dev| Variable | Description |
|---|---|
DATABASE_URL |
PostgreSQL connection string from Supabase |
JWT_SECRET |
Long random string (openssl rand -base64 64) |
CLOUDINARY_CLOUD_NAME |
From Cloudinary dashboard |
CLOUDINARY_API_KEY |
From Cloudinary dashboard |
CLOUDINARY_API_SECRET |
From Cloudinary dashboard |
GEMINI_API_KEY |
From aistudio.google.com |
CLIENT_URL |
Frontend URL (e.g. http://localhost:3000) |
PORT |
Server port (default: 5000) |
NODE_ENV |
development or production |
| Variable | Description |
|---|---|
NEXT_PUBLIC_API_URL |
Backend URL (e.g. http://localhost:5000) |
| Method | Endpoint | Auth | Description |
|---|---|---|---|
POST |
/api/auth/register |
Public | Create account |
POST |
/api/auth/login |
Public | Login, set JWT cookie |
POST |
/api/auth/logout |
Public | Clear JWT cookie |
GET |
/api/auth/me |
Required | Get current user |
GET |
/api/theses |
Public | Paginated listing with search & filters |
GET |
/api/theses/mine |
Required | Current user's own theses |
GET |
/api/theses/:id |
Public | Full thesis with AI outputs & comments |
POST |
/api/theses |
Required | Upload PDF thesis |
PATCH |
/api/theses/:id/status |
Admin | Approve or reject |
POST |
/api/ai/summarize/:id |
Required | Generate 3-paragraph summary |
POST |
/api/ai/abstract/:id |
Required | Generate formal abstract |
POST |
/api/ai/titles/:id |
Required | Suggest 5 alternative titles |
POST |
/api/ai/citation/:id |
Required | Format APA 7th edition citation |
POST |
/api/ai/related/:id |
Required | Suggest related research topics |
GET |
/api/ai/outputs/:id |
Required | Saved AI outputs for thesis |
GET |
/api/ai/usage |
Required | Today's AI request count |
POST |
/api/bookmarks/:id |
Required | Toggle bookmark |
GET |
/api/bookmarks |
Required | All bookmarked theses |
GET |
/api/bookmarks/:id/status |
Required | Check if bookmarked |
GET |
/api/comments/:id |
Required | Get comments on a thesis |
POST |
/api/comments/:id |
Admin/Adviser | Post a comment |
GET |
/api/admin/stats |
Admin | Platform statistics |
GET |
/api/admin/theses |
Admin | All theses (no status filter) |
GET |
/api/admin/users |
Admin | Paginated user list |
DELETE |
/api/admin/users/:id |
Admin | Delete user + cascade |
| Measure | Implementation |
|---|---|
| Password hashing | bcrypt, 12 salt rounds |
| Authentication | JWT (7-day expiry), httpOnly cookie |
| CORS | CLIENT_URL whitelist, credentials: true |
| Input validation | Zod on every request body |
| Role enforcement | requireRole() middleware on all protected routes |
| File validation | PDF mime check + 10 MB limit via Multer |
| AI rate limiting | Max 10 Gemini requests/user/day (DB-tracked) |
| Timing-safe login | bcrypt always runs even for non-existent emails |
| Cloudinary rollback | Uploaded file deleted if DB write fails |
See DEPLOYMENT.md for the full step-by-step guide.
Quick summary:
- Supabase — copy the PostgreSQL connection string
- Render — connect GitHub repo, set env vars, deploy backend
- Vercel — connect GitHub repo, set
NEXT_PUBLIC_API_URL, deploy frontend - Migrations — run
npx prisma migrate deployin Render shell
This project is licensed under the MIT License.
MIT License — Copyright (c) 2025 Smart Thesis Repository
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software to deal in the Software without restriction, including without
limitation the rights to use, copy, modify, merge, publish, distribute,
sublicense, and/or sell copies of the Software.