SecretDrop is a modern, anonymous messaging platform built with Next.js 15 that allows users to receive honest feedback and messages without revealing the sender's identity. Perfect for creating a safe space for anonymous communication, feedback collection, and honest conversations.
Honest feedback is rare because people hold back when their names are attached β fear of awkwardness, backlash, or consequences. Many βanonymousβ tools promise secrecy but leak metadata, allow deanonymization, or turn into noisy, hostile forums. I built SecretDrop to be radically simple and reliable: a shareable public link that only delivers messages β no sender details, no unmasking, no guessing. The recipient can share their public link on there bio, profile, etc. and can get the honest feedbacks from people. The recipientβs can control toggle: turn message receiving on or off. If your profile is open, senders can send anonymous notes; if itβs closed, they canβt.
To help senders phrase useful feedback (without revealing who they are), the public message page includes optional AI-powered suggestions and conversation starters. This helps people write clearer, kinder, or more constructive messages while keeping their identity completely hidden β SecretDrop never exposes sender metadata. Combined with secure account practices (OTP email verification, hashed passwords, session tokens), SecretDrop gives creators, teachers, teams, and anyone who wants candid input a quiet, dependable channel for unfiltered feedback.
- Secure User Authentication with NextAuth.js and JWT
- Email Verification system with OTP codes
- Password Hashing using bcryptjs
- Username Uniqueness validation
- Session Management with secure tokens
- Anonymous Message Sending - Users can send messages without revealing identity
- Message Management - Mark messages as read/unread
- Message Deletion - Users can delete received messages
- Real-time Message Status - Track message delivery and read status
- AI Message Suggestions using Google Gemini AI
- Smart Conversation Starters to encourage meaningful communication
- Dynamic Content Generation for better user engagement
- Public Profile Pages - Shareable links for receiving anonymous messages
- Dashboard with message overview and management
- Message Acceptance Toggle - Control when can receive messages
- Responsive Design - Works seamlessly on all devices
- Beautiful Animations with custom CSS animations
- Gradient Themes and modern design patterns
- Component-based UI using Radix UI and shadcn/ui
- Form Validation with Zod schemas
- Toast Notifications for user feedback
- Environment-based Configuration - Easy setup with
.env.exampletemplate - Customizable Email Branding - Personalize sender name and subject lines
- Flexible App Branding - White-label ready with configurable app name
- Production-ready Deployment - Optimized for Vercel with proper environment handling
- Next.js 15 - React framework with App Router
- React 19 - Latest React with modern features
- TypeScript - Type-safe development
- Tailwind CSS 4 - Utility-first CSS framework
- shadcn/ui - Modern component library
- Radix UI - Accessible component primitives
- Next.js API Routes - Serverless API endpoints
- MongoDB - NoSQL database with Mongoose ODM
- NextAuth.js - Authentication library
- Zod - Schema validation
- Google Gemini AI - AI-powered message suggestions
- Resend - Email delivery service
- React Email - Email template system
- ESLint - Code linting
- TypeScript - Static type checking
- Turbopack - Fast bundler for development
- Node.js 18+ installed
- MongoDB database (local or cloud)
- Email service account (Resend)
- Google AI API key (for suggestions feature)
- Clone the repository
git clone https://github.com/swayamyadav05/SecretDrop.git
cd SecretDrop- Install dependencies
npm install-
Set up environment variables Copy the example file and configure your values:
cp .env.example .env.local
Or create a
.env.localfile manually with the following configuration:
# Database
MONGODB_URI=mongodb://localhost:27017/secretdrop
# or for MongoDB Atlas:
# MONGODB_URI=mongodb+srv://username:password@cluster.mongodb.net/secretdrop
# NextAuth Configuration
NEXTAUTH_SECRET=your-secret-key-here
NEXTAUTH_URL=http://localhost:3000
# Email Service (Resend)
RESEND_API_KEY=your-resend-api-key
# Email Configuration (Optional - will use defaults if not set)
EMAIL_FROM="SecretDrop <noreply@your-domain.com>"
EMAIL_SUBJECT="SecretDrop Verification Code"
# AI Service (Google Gemini)
GOOGLE_GENERATIVE_AI_API_KEY=your-google-ai-api-key
# Application Branding (Optional)
APP_NAME="SecretDrop"- Run the development server
npm run dev- Open your browser Navigate to http://localhost:3000
mystery-message/
βββ src/
β βββ app/ # Next.js App Router
β β βββ (app)/ # Main app routes
β β β βββ dashboard/ # User dashboard
β β β βββ page.tsx # Landing page
β β βββ (auth)/ # Authentication routes
β β β βββ sign-in/ # Login page
β β β βββ sign-up/ # Registration page
β β β βββ verify/ # Email verification
β β βββ api/ # API routes
β β β βββ auth/ # NextAuth configuration
β β β βββ send-message/ # Message sending
β β β βββ get-messages/ # Message retrieval
β β β βββ suggest-messages/ # AI suggestions
β β β βββ ... # Other API endpoints
β β βββ u/[username]/ # Public profile pages
β βββ components/ # Reusable UI components
β β βββ ui/ # shadcn/ui components
β β βββ MessageCard.tsx # Message display component
β β βββ Navbar.tsx # Navigation component
β β βββ ...
β βββ lib/ # Utility libraries
β β βββ dbConnect.ts # Database connection
β β βββ resend.ts # Email service
β β βββ utils.ts # Helper functions
β βββ model/ # Database models
β β βββ User.ts # User and Message schemas
β βββ schemas/ # Zod validation schemas
β βββ types/ # TypeScript type definitions
β βββ helpers/ # Helper functions
βββ emails/ # Email templates
βββ public/ # Static assets
βββ .env.example # Environment variables template
βββ vercel.json # Vercel deployment configuration
- MongoDB Local: Install MongoDB locally and use
mongodb://localhost:27017/secretdrop - MongoDB Atlas: Create a cluster and use the connection string
- Models: User model includes username, email, password, verification, and messages
- Sign up for Resend
- Get your API key
- Configure the sender domain
- Add API key to environment variables
- Customize email appearance (Optional)
Note: You can use any display name with your verified domain. The domain must be verified in Resend, but the display name and email prefix can be customized.
- Get Google AI API key from Google AI Studio
- Add to environment variables
- Configure in
src/app/api/suggest-messages/route.ts
POST /api/sign-up- User registrationPOST /api/verify-code- Email verificationPOST /api/auth/signin- User loginGET /api/check-username-unique- Username availability
POST /api/send-message- Send anonymous messageGET /api/get-messages- Retrieve user messagesDELETE /api/delete-message/[id]- Delete messagePATCH /api/messages/[id]/read- Mark message as read
POST /api/suggest-messages- Get AI message suggestionsPOST /api/accept-message- Toggle message acceptanceGET /api/accept-message- Get acceptance status
- MessageCard - Display individual messages with actions
- ShareLinkCard - Share profile link component
- Navbar - Navigation with authentication state
- Brand - Logo and branding component
- Input - Styled input fields with validation
- Textarea - Multi-line text input
- Button - Various button styles and states
- InputOTP - One-time password input
- JWT-based session management
- Secure password hashing with bcryptjs
- Email verification requirement
- Protected API routes
- Input validation with Zod schemas
- SQL injection prevention with Mongoose
- XSS protection with proper sanitization
- CSRF protection with NextAuth
- API endpoint protection (configurable)
- Message sending limits
- Account creation limits
- Connect your GitHub repository to Vercel
- Add environment variables in Vercel dashboard
- Deploy automatically on push
FROM node:18-alpine
WORKDIR /app
COPY package*.json ./
RUN npm install
COPY . .
RUN npm run build
EXPOSE 3000
CMD ["npm", "start"]# Core Configuration
MONGODB_URI=your-production-mongodb-uri
NEXTAUTH_SECRET=your-production-secret
NEXTAUTH_URL=https://your-domain.com
# Email Service
RESEND_API_KEY=your-resend-api-key
EMAIL_FROM="SecretDrop <noreply@your-domain.com>"
EMAIL_SUBJECT="SecretDrop Verification Code"
# AI Service
GOOGLE_GENERATIVE_AI_API_KEY=your-google-ai-api-key
# Branding (Optional)
APP_NAME="SecretDrop"π‘ Pro Tips for Production:
- Use a strong, unique
NEXTAUTH_SECRET(32+ characters) - Set
EMAIL_FROMto match your verified domain in Resend - Customize
EMAIL_SUBJECTfor better user experience - Consider different
APP_NAMEfor white-labeling
# Run development server
npm run dev
# Lint code
npm run lint
# Type checking
npx tsc --noEmitUse tools like Postman or Thunder Client to test API endpoints:
- Authentication flows
- Message operations
- AI suggestions
- User management
- Fork the repository
- Create a feature branch:
git checkout -b feature-name - Commit changes:
git commit -m 'Add amazing feature' - Push to branch:
git push origin feature-name - Submit a pull request
- Follow TypeScript best practices
- Use Zod for all data validation
- Implement proper error handling
- Add comments for complex logic
- Maintain responsive design
This project is licensed under the MIT License - see the LICENSE file for details.
- Next.js Team for the amazing framework
- shadcn for the beautiful UI components
- Vercel for hosting and deployment
- Resend for email delivery service
- Google for AI capabilities
- Documentation: Check this README
- Issues: Create an issue on GitHub for bugs or feature requests
- Email: Contact the maintainer for support
Built with β€οΈ using Next.js and modern web technologies
β Star this repository if you found it helpful!