BarCheck App

Version 1.0

March 8, 2019

Prepared By:
JR Alvarez
Signatory Parties
Provider Vendor
Revision Charts

Version Primary Author Description of Version Date Completed

1.0 JR Alvarez Initial Documentation 3-8-2019

Table of Contents
Signatory Parties 2

Revision Charts 3

1 - Introduction 6
1.1 - Background 6
1.2 - References 6

2 - Definition of Terms 7

3 - Overall Production Description 8

3.1 - Product Perspective 8
3.2 - Design Considerations 8
3.2.1 - Assumptions 9
3.2.2 - Constraints 9

4 - Alternative Solutions and Selections Criteria 10

5 - High Level Design 12

5.1 - Overview of Design Solution 12
5.2 - High Level Architecture 13
5.2.1 - Data Validation 16
5.2.2 - Network Diagram 16
5.3 - Tools and Technologies 16
5.3.1 - Technologies 16
Microsoft .Standards 2.0 16
Microsoft ASP.Net Core 2.2 17
Azure SQL Server 18
Azure Blob Storage 18
Azure App Services 18
Angular Error! Bookmark not defined.
Log4Net Error! Bookmark not defined.
Microsoft Xamarin 3.3 18
5.3.2 - Tools 18
Microsoft Visual Studio Community 2017 18
SQL Server Management Studio 17 18
Team Foundation Server 19
Postman Client 19
5.4 - Security 19
5.5 - Software and Cloud Requirements 19
6 - Annexes 20
1 - Introduction
Base on the presented documentation(References 1.2.1) and as per our understanding we
where task to deliver an application for the BarCheck Tool. This tool is designed to
test the pouring skills of a bartender with the defined volume for each test. From
there supervisor/examiner can record test result from the tool via manual entry of
photo image recognition taken after the examination. This will then be presented as
a statistical graph to the users to define bartender's performance.

1.1 - Background
Überbartools is a company that creates innovative designs for bar tools that provides
stunning experience for the bar drinkers. BarCheck is one of the tools that make sure
bartenders pour the right amount of volume for different mixes into the drinkers
concoction. Test is executed by the supervisor for all his bartenders and making sure
that everyone is within range of the defined volume for each cocktails. A bartender
that fails the test will have a chance to redo the test or continue service with the help
of a jigger.

As part of the BarCheck tool, Überbartools has an idea to develop an application to

record the results of the examination from the tool. Managers and Owners alike can
view the performance of their bartenders individually or as the whole bar station.
Records can also be shared to other bar owners to see an individual bartender’s skill
and competence on providing stunning cocktail drinks. Likewise with the bartenders
they can measure their own performance and compare it with their peers.

The application to be provided is to be build for both mobile and web platform. A
mobile application that requires a credential to be operated and is linked to a cloud
hosted Web API(definition) that is running under a robotic process automation from
which a web application viewable via internet browsers can also access. These
applications will be built under the Microsoft’s latest technologies to provide umple
support and brand integrity to the application being provided.

1.2 - References
1.2.1. Email received from Ian Peter Tecuico <dev@codetecuico.com> regarding
Überbartools Barcheck, March 4, 2019 9:19AM Manila.
1.2.2. BarCheck in Action, https://www.youtube.com/watch?v=cnpeO6ulJtA
1.2.3. ASP.Net Core Features - https://stackify.com/asp-net-core-features/
2 - Definition of Terms
Stakeholders - owners or stakeholders of an establishment
Manager - one that manage the day to day operation of the establishment
Supervisor - one the oversee the team's activity to provide seamless operation.
Examiner - one that provides examination to the bartenders, usually the supervisor.
BarCheck - a tool to measure the bartender’s ability to pour the right amount of liquid on a defined
volume..
UI/UX - User Interface/User Experience
Web API - Web Application Programming Interface
UI/UX - User Interface/User Experience
PowerBI - Power Business Intelligence, a business analytical tool built by Microsoft.
3 - Overall Production Description

3.1 - Product Perspective

Überbartools is looking for a way to record results from the BarCheck tool so that
bartenders can monitor their progress and then can be shared with his other peers to
be compared. However this is just one of the issue to be address. Manager also needs
to view his staffs performance, by providing collective insights of the bartenders
compliance so he can have a big picture of how everyone is performing.

However, as of the moment these application has limitations:

1. The application cannot identify or read results via photos of BarCheck tool that
is taken by the examiner to be recorded autonomously to the application. As
we are still looking into a new technology by Microsoft that uses cognitive
recognition, we might need ample time to master this technology but
nonetheless we can apply this new technology in the BarCheck App with the
help of taking photo on each result and manually entering the result reading
to the system and aiding our Machine Learning Application the ability to
identify measurement volume via photo image in the next iteration of the
application.
2. <thing of something else>

3.2 - Design Considerations

In designing this application, despite having time constraint and technology gap with
what is expected to be delivered we have identified to take priority of the following.
First and foremost the correctness of the application base on the given requirements.
The application should be working as expected and we have considered our
developers skill in order to deliver the expected application.

As part of our consideration we also have to bear in mind the response time of the
application to the user whether may it be via mobile or web application. Speed of the
application and the UI/UX intuitive design is also considered in building this
application.

As for the backend process, we have considered using a cloud platform as our base of
operation. This gives the user the liberty to access the application with high
availability and stable connection. We also consider the cost of co-hosting or hosting
the application via rack servers but this will definitely cost higher in a long run.
3.2.1 - Assumptions
As part of the development we have some assumptions as our reservation.
1. This application will be use for Bar, Pubs or others alike.
2. This application is a multi-tenant application meaning data is stored on one
repository but separated by access roles.
3. This application is limited only for taking results from the BarCheck tool, other
performance evaluations are course through other application.
4. Test will be done on a operational sequence to be entered by bartenders. Commented [1]: Revise
5. Uberbarstools will provide Sub-domain and SSL

3.2.2 - Constraints
As most of the development projects for an application is concern. Everybody has
constraints on his application. In our case here are the identified constraints we have:
1. Our developers will be working on this application not in full time but output
is monitored via Azure DevOps.
2. For the web application, we can only support the following web browsers as of
the moment.
a. Google Chrome Version 62.0.3202.94 or higher
b. Microsoft Edge Version 41.16299.15.0 or higher
3. Input of the result will be done manually however, we have a functionality
from which we can accept images of the BarCheck Tool with the result of the
exam tag to it. This way, we can feed our Machine Learning Application and
aid our Cognitive Service for the future enhancements.
4. There will be no provision on the Web API for 3rd Party access of other
peripheral access to the application’s backend processes.
4 - Alternative Solutions and Selections Criteria
The application technology has come up with the collective knowledge and skills of
the developers that will be working on this project as well as our understanding of the
provided requirements. For additional information about the technology we are
going to implement, please refer to Section 5.3 - Tools and Technologies. Albeit, we
have also considered the following technologies.

Database - we have considered on using NoSQL Database, MongoDB in particular, as

our information repository as it was lightweight and easy to handle and could cost
less. However, we might encounter a slightly issue on providing statistical reports as
it was schemaless and could take time to execute. This can be aided with the use of
Azure Insights or PowerBI but this will add up on the operation cost as the information
is not that huge as of the moment. And so, we decided to use Azure SQL Server as it
has on top feature aside from information storage that can aid our graphical reports.
To add to that, we are well verse on providing top grade schema designs that can
cater with the challenges usually encountered during the product development.

Framework - as you might have know, we are a Microsoft proponent developers.

Meaning we are very well inclined and our expertise are with the Microsoft
development platforms. And since Microsoft launches the Visual Studio Code and
developer base tool we are heading into an Open-Source kind of mentality where in
codes and solutions are shared within the Microsoft Community. That being said,
future enhancements on this application are not far from fruitrition.

Aside from our developers expertise with the technologies here are the advantages of
using Microsoft Framework.

● Versatility, similar to other web application platform, that produces Web

standard-base codes. Microsoft Framework lessen the effort of the developer
to tweak the code or provide solution using the existing libraries that can be
harbour from Nuget. In the same manner it provides high quality codes.
● Stability, support to the framework by Microsoft and its community is
continuous and they release version every now and then to provide a bug-free
much stable framework to work on the solution.
● Support, aside from Microsoft’s exclusive support. There are tons of information
on forums, guides and “How To”s all over the web that provides practical
solution on any specific problems that a developer might encounter. This are
shared by MVPs, solutions architects, experience developers and others alike.
Deployment - also part of our development we have looked into where it should be
hosted. And since this will need high availability and high reliability he have selected
to use the Azure App Service deployment. That being said, scaling the resources base
on the utilization of the application can be done in a jiffy without deep knowledge on
the application. In layman's term, you just have to pay for whatever you have
consumed. We chose Azure as the cloud platform so that we can have the best of
both worlds since our applications will be also develop under Microsoft technologies.
5 - High Level Design
The main goal of this project is for us to be able to develop an application that can
record test results from the BarCheck tool that is viewable via mobile or web platform
from which we can provide statistical result via collective information to be use for
performance evaluation and self monitoring. The project shall implement the
industry’s best practises in architectural areas of design that provides optimized,
secure and reliable application.

5.1 - Overview of Design Solution

In the development of this application we have considered the following factors as
important:
1. Functionality and Correctness – is the conformity of this project being
designed versus the defined requirements and specification duly approved by
the both parties. Functionality is taken into consideration to produce the
desired application and then after we will factor in the quality of the software.
Final requirements are crafted by the development team, and the test plan will
be provided to all concerned parties for testing. Each documents release will
be signed by both parties.
2. Performance and Efficiency – performance is about the accepted turnaround
time by the application given a less expensive resource allocation for every
events; functions; and calculation that the application is performing.
3. Testability and Maintainability – given the functional correctness of the
application comes the quality it will produce. The software must be fully tested
with the most efficient testing methodology and an accepted percentage of
test coverage.
4. Scalability and Availability – the response of the software to the user action in
an acceptable amount of time in order to meet the acceptable performance
need to be computed against the hardware it is being hosted on. Cloud
deployment within the Azure Boundaries means that a baseline of
performance accepted will be provided on this document.
5. Security – nowadays no application is hack proof. Security is the very serious
factor that we’ve taken into consideration in designing the application. It has
an authentication and authorization with access token authentication on each
page and API call. Using SSL or better known as HTTPS that will encrypt calls
on each and every pages of the software. Also vulnerability assessment will be
performed for a certain period of the development prior to the SAT and UAT.

Along this document we will explain how we can achieve these factors along with the
technologies we have identified to use for this design.
5.2 - High Level Architecture
To make sure that the code we are introducing is maintainable and testable, we have
been looking into ways on how we can achieve it in such a way that it would not be
spiralling out of control. We have come up with an coding architecture that is defined
as Clean Architecture. It is design in which dependency is moving away from as the
process got deepen into the circle. To align these factors we have design the system
to implement the following:
1. A mobile based native application for the user to be develop under Microsoft
Xamarin.Forms 3.3 that would require authentication to access the information
and display the user’s progress from previous test results.
2. A mobile based native application for the supervisor to be develop under
Microsoft Xamarin.Forms 3.3 that would require authentication to access the
information, conduct test scenarios, input test result and photo of the
BarCheck tool. Display of bartenders result via graph.
3. A web based application that is build under Microsoft ASP.Net Core 2.2 that
would require authentication and can be access by any user who is by then
authorized by his role provided on the application. He can, View all staffs’ test
result via graph. Can generate report filtered via query provided on the report.
Monitor staffs progress and can be shared to other users.

Barcheck App High Level Architecture

Figure 5.2.1 - High Level Architecture of BarCheck App

To further explain the architecture we have created a simple High Level Diagram from
which components are being stitch together. We have 2 separate entry points for the
Backend System; via Mobile App and via Web App.

From the Mobile App, it will connect to a centralized API Gateway where in every
request will be passing on this layer for validation that includes user authentication.
The API Gateway will then connect into the main processing library to perform task
given. Those processes will then connect to Azure SQL Database for information
storage and on the Azure Blob Storage for the images taken. The mobile app that will
be develop, has two features; one for the user itself which is the bartender to view his
progress, and two; for the examiner or the supervisor that has additional features that
can record the result of the test via manual input and photo upload. Viewing
statistical result on these mobile application will be limited to maximize the use our
resources.

From the Web App, viewed via internet browser. It will integrate with the centralized
API Gateway where request will be passing through that includes the validations and
user authentications. The Web App has tons of features not like on the Mobile App.
User can maintain the list of his staff and users even assign who are the examiners.
User can view reports more granularly provided with his criteria on how reports is
going to be shown, which includes graphical representation of progress from each
staff. Which then can be use to cause the staffs performance. User also has the liberty
to set the test type to be done and the measurement result expected for that type of
test. Test varies from user to user that is why it is configurable. With the same process
on the mobile app, the Web App will also follow to connect via API Gateway which in
turn connects to the backend process and thru the Azure SQL Server for information
storage and image repository.

All applications are deployed on Azure Cloud Platform except for the Mobile App
which are installable on the user’s phone and is then available via Google Play or iOS
App Store.
Concept Diagram Model for BarCheck App

Commented [2]: Change

Figure 5.2.2 - Concept Diagram Model for BarCheck App

Concept Diagram Model defines the process and roles of each entities on the
application.

Admin - maintains the users domain and roles to the application; and an Admin is
also a user. As you can see Admin has a limited power to just maintain User and other
site stuffs but has no visibility or power to the day to day operation thus giving us the
ability to separate concerns of each roles.

User - he can be a Proctor of examiner/supervisor; a Manager; or a Bartender. As you

will notice there is no relational arrow from the User to the Bartender, this is because
Bartender can neither exist or not as a user but still part of the people being tested by
the Proctor.

Manager - he has the sole ability to configure Test Configurations and Test
Measurements to be done for the periodical test given to the Bartenders. He also can
view results of all staff undergoing the test evaluation.

Proctor - he has the ability to provide test to be given to the Bartender, he also has
the ability to choose which Test Configuration will be conducted and after which can
upload the result via manual entry and photo taken of the BarCheck tool. He can also
view reports of test conducted for the staffs.

Bartender - he is the one being tested; can view his individual process.
5.2.1 - Data Validation
Data validation will be done on 2 separate stages:
1. Validation on the Client Side - that means validation during the time it was
entered will be conducted prior to calling the API Gateway. Limited to required
fields, invalid formats, missing parameters and other alike that doesn’t require
database connection.
2. Validation on the Server Side - that means validation that includes the same
validation on the client side will be performed in addition to token
authentication and user authentication and other validation that requires call
to other services of the database.

5.2.2 - Network Diagram

Network diagram is not required on this document as it was a straightforward
application that is deployed on a cloud premises. User can access the application via
a Mobile App or via an internet browser provided it was supported as defined on the
Section 3.2 Design Consideration as a constraints.

The application will be accessible to all users that has internet connection via the
uberbartools.com domain.

5.3 - Tools and Technologies

5.3.1 - Technologies
For us to be able to provide the application provided on the requirements we have
come up with the list of technologies to be use during and after the development of
this project.

Microsoft .Standards 2.0

This framework is chosen because of its flexibility and lightweightness of the library to
be use all throughout the application. This will give developers a freedom to reuse
libraries created for the application to be use on other components of the application.
Microsoft ASP.Net Core 2.2
This technology is chosen because it is the latest of the Microsoft Web-Based
Technologies that provides lightweight solution on for its web application. It provides
an extensible, high-quality programming model that allows you to build
dynamic, data-driven websites, focusing on a cleaner architecture and test-driven
development.

Also ASP.Net Core has these key features that set it ahead of others:
1. Cross Platform and Container Support, in the advent of ASP.Net it was only
available to be deployed on a Windows Server. Now with the coming of
ASP.Net Core, it can be deployed on Linux and Mac servers as well with the help
of Microsoft .Net Standards in tow.
2. High Performance, some say that performance or speed of an application is a
critical feature. With ASP.Net Core that utilize asynchronous processes it can
cater on millions of concurrent request with ease.

3. Asynchronous via async/await, ASP.Net core is excellent in providing

asynchronous programming patterns with the use of MVC and Kestrel
Framework.
4. Unified MVC and Web API Frameworks, before there are 2 separate build for
Web MVC and Web API though both of them have similar task to do,
developers tend to maintain those application. With ASP.Net Core, both
frameworks are merge into one. Meaning developer has less time to develop
an application that provides services on both worlds.
5. Multiple environment and development mode, with the introduction of
ASP.Net Core, developers can now simply identify which stage of development
is part of the code. Meaning they can separate each environment variables
which out messing to much with the code that limits the user defined errors
when deploying into different environment.
Azure SQL Server
As part of the Azure development initiative we have identified Azure SQL Server as our
data repository as it has key features provided by the same Microsoft SQL Enterprise
server version and developer are well verse on using this RDBMS and will not have
major problem dealing with schemas and designs.

Azure Blob Storage

Storage of file attachments or images will be done using the Azure Blob Storage
facility which caters to store, keep and maintain files that are introduced by the
application.

Azure App Services

This service will host our web application and web APIs all throughout the operation
of the application.

Microsoft Xamarin 3.3

Mobile development framework to be use for both iOS and Android application. This
framework is develop under Universal Windows Platform that builds to the native
language of the mobile app it will be deployed. We will utilize MVVM design for fast
and reliable development and operation of the app.

Azure Active Directory B2C

Blah balh Commented [3]: Edit description

5.3.2 - Tools

Microsoft Visual Studio Community 2017

A free, fully-featured, and extensible IDE for creating modern applications for
Windows, Android, and iOS, as well as web applications and cloud services.

SQL Server Management Studio 17

Used for configuring, managing, and administering all components within Microsoft
SQL Server. The tool includes both script editors and graphical tools which work with
objects and features of the server.
Team Foundation Server
A Microsoft product that provides source code management, reporting, requirements
management, project management, testing and release management capabilities.

Postman Client
Postman is a powerful HTTP client for testing web services. Postman makes it easy to
test, develop and document APIs by allowing users to quickly put together both
simple and complex HTTP requests.

5.4 - Security
As part of the security compliance we will address the top 10 most common
vulnerability of a web-base application. Aside from user authentication using Azure
Identity, we will apply prevention methods to secure the applications information.

1. Security Miscommunication
2. Cross Site Request Forgery (CSRF)
3. Cross Site Scripting Attach (XSS)
4. Malicious File Upload
5. Version Disclosure
6. SQL Injection Attacks
7. Sensitive Data Exposure
8. Less Informative Audit Trail
9. Broken Authentication and Session Management
10. Unvalidated Request and Redirects

5.5 - Software and Cloud Requirements

6 - Annexes