Академический Документы
Профессиональный Документы
Культура Документы
Version 1.0
March 8, 2019
Prepared By:
JR Alvarez
Signatory Parties
Provider Vendor
Revision Charts
Revision Charts 3
1 - Introduction 6
1.1 - Background 6
1.2 - References 6
2 - Definition of Terms 7
1.1 - Background
Überbartools is a company that creates innovative designs for bar tools that provides
stunning experience for the bar drinkers. BarCheck is one of the tools that make sure
bartenders pour the right amount of volume for different mixes into the drinkers
concoction. Test is executed by the supervisor for all his bartenders and making sure
that everyone is within range of the defined volume for each cocktails. A bartender
that fails the test will have a chance to redo the test or continue service with the help
of a jigger.
The application to be provided is to be build for both mobile and web platform. A
mobile application that requires a credential to be operated and is linked to a cloud
hosted Web API(definition) that is running under a robotic process automation from
which a web application viewable via internet browsers can also access. These
applications will be built under the Microsoft’s latest technologies to provide umple
support and brand integrity to the application being provided.
1.2 - References
1.2.1. Email received from Ian Peter Tecuico <dev@codetecuico.com> regarding
Überbartools Barcheck, March 4, 2019 9:19AM Manila.
1.2.2. BarCheck in Action, https://www.youtube.com/watch?v=cnpeO6ulJtA
1.2.3. ASP.Net Core Features - https://stackify.com/asp-net-core-features/
2 - Definition of Terms
Stakeholders - owners or stakeholders of an establishment
Manager - one that manage the day to day operation of the establishment
Supervisor - one the oversee the team's activity to provide seamless operation.
Examiner - one that provides examination to the bartenders, usually the supervisor.
BarCheck - a tool to measure the bartender’s ability to pour the right amount of liquid on a defined
volume..
UI/UX - User Interface/User Experience
Web API - Web Application Programming Interface
UI/UX - User Interface/User Experience
PowerBI - Power Business Intelligence, a business analytical tool built by Microsoft.
3 - Overall Production Description
As part of our consideration we also have to bear in mind the response time of the
application to the user whether may it be via mobile or web application. Speed of the
application and the UI/UX intuitive design is also considered in building this
application.
As for the backend process, we have considered using a cloud platform as our base of
operation. This gives the user the liberty to access the application with high
availability and stable connection. We also consider the cost of co-hosting or hosting
the application via rack servers but this will definitely cost higher in a long run.
3.2.1 - Assumptions
As part of the development we have some assumptions as our reservation.
1. This application will be use for Bar, Pubs or others alike.
2. This application is a multi-tenant application meaning data is stored on one
repository but separated by access roles.
3. This application is limited only for taking results from the BarCheck tool, other
performance evaluations are course through other application.
4. Test will be done on a operational sequence to be entered by bartenders. Commented [1]: Revise
5. Uberbarstools will provide Sub-domain and SSL
3.2.2 - Constraints
As most of the development projects for an application is concern. Everybody has
constraints on his application. In our case here are the identified constraints we have:
1. Our developers will be working on this application not in full time but output
is monitored via Azure DevOps.
2. For the web application, we can only support the following web browsers as of
the moment.
a. Google Chrome Version 62.0.3202.94 or higher
b. Microsoft Edge Version 41.16299.15.0 or higher
3. Input of the result will be done manually however, we have a functionality
from which we can accept images of the BarCheck Tool with the result of the
exam tag to it. This way, we can feed our Machine Learning Application and
aid our Cognitive Service for the future enhancements.
4. There will be no provision on the Web API for 3rd Party access of other
peripheral access to the application’s backend processes.
4 - Alternative Solutions and Selections Criteria
The application technology has come up with the collective knowledge and skills of
the developers that will be working on this project as well as our understanding of the
provided requirements. For additional information about the technology we are
going to implement, please refer to Section 5.3 - Tools and Technologies. Albeit, we
have also considered the following technologies.
Aside from our developers expertise with the technologies here are the advantages of
using Microsoft Framework.
Along this document we will explain how we can achieve these factors along with the
technologies we have identified to use for this design.
5.2 - High Level Architecture
To make sure that the code we are introducing is maintainable and testable, we have
been looking into ways on how we can achieve it in such a way that it would not be
spiralling out of control. We have come up with an coding architecture that is defined
as Clean Architecture. It is design in which dependency is moving away from as the
process got deepen into the circle. To align these factors we have design the system
to implement the following:
1. A mobile based native application for the user to be develop under Microsoft
Xamarin.Forms 3.3 that would require authentication to access the information
and display the user’s progress from previous test results.
2. A mobile based native application for the supervisor to be develop under
Microsoft Xamarin.Forms 3.3 that would require authentication to access the
information, conduct test scenarios, input test result and photo of the
BarCheck tool. Display of bartenders result via graph.
3. A web based application that is build under Microsoft ASP.Net Core 2.2 that
would require authentication and can be access by any user who is by then
authorized by his role provided on the application. He can, View all staffs’ test
result via graph. Can generate report filtered via query provided on the report.
Monitor staffs progress and can be shared to other users.
From the Mobile App, it will connect to a centralized API Gateway where in every
request will be passing on this layer for validation that includes user authentication.
The API Gateway will then connect into the main processing library to perform task
given. Those processes will then connect to Azure SQL Database for information
storage and on the Azure Blob Storage for the images taken. The mobile app that will
be develop, has two features; one for the user itself which is the bartender to view his
progress, and two; for the examiner or the supervisor that has additional features that
can record the result of the test via manual input and photo upload. Viewing
statistical result on these mobile application will be limited to maximize the use our
resources.
From the Web App, viewed via internet browser. It will integrate with the centralized
API Gateway where request will be passing through that includes the validations and
user authentications. The Web App has tons of features not like on the Mobile App.
User can maintain the list of his staff and users even assign who are the examiners.
User can view reports more granularly provided with his criteria on how reports is
going to be shown, which includes graphical representation of progress from each
staff. Which then can be use to cause the staffs performance. User also has the liberty
to set the test type to be done and the measurement result expected for that type of
test. Test varies from user to user that is why it is configurable. With the same process
on the mobile app, the Web App will also follow to connect via API Gateway which in
turn connects to the backend process and thru the Azure SQL Server for information
storage and image repository.
All applications are deployed on Azure Cloud Platform except for the Mobile App
which are installable on the user’s phone and is then available via Google Play or iOS
App Store.
Concept Diagram Model for BarCheck App
Concept Diagram Model defines the process and roles of each entities on the
application.
Admin - maintains the users domain and roles to the application; and an Admin is
also a user. As you can see Admin has a limited power to just maintain User and other
site stuffs but has no visibility or power to the day to day operation thus giving us the
ability to separate concerns of each roles.
Manager - he has the sole ability to configure Test Configurations and Test
Measurements to be done for the periodical test given to the Bartenders. He also can
view results of all staff undergoing the test evaluation.
Proctor - he has the ability to provide test to be given to the Bartender, he also has
the ability to choose which Test Configuration will be conducted and after which can
upload the result via manual entry and photo taken of the BarCheck tool. He can also
view reports of test conducted for the staffs.
Bartender - he is the one being tested; can view his individual process.
5.2.1 - Data Validation
Data validation will be done on 2 separate stages:
1. Validation on the Client Side - that means validation during the time it was
entered will be conducted prior to calling the API Gateway. Limited to required
fields, invalid formats, missing parameters and other alike that doesn’t require
database connection.
2. Validation on the Server Side - that means validation that includes the same
validation on the client side will be performed in addition to token
authentication and user authentication and other validation that requires call
to other services of the database.
The application will be accessible to all users that has internet connection via the
uberbartools.com domain.
5.3.1 - Technologies
For us to be able to provide the application provided on the requirements we have
come up with the list of technologies to be use during and after the development of
this project.
Also ASP.Net Core has these key features that set it ahead of others:
1. Cross Platform and Container Support, in the advent of ASP.Net it was only
available to be deployed on a Windows Server. Now with the coming of
ASP.Net Core, it can be deployed on Linux and Mac servers as well with the help
of Microsoft .Net Standards in tow.
2. High Performance, some say that performance or speed of an application is a
critical feature. With ASP.Net Core that utilize asynchronous processes it can
cater on millions of concurrent request with ease.
5.3.2 - Tools
Postman Client
Postman is a powerful HTTP client for testing web services. Postman makes it easy to
test, develop and document APIs by allowing users to quickly put together both
simple and complex HTTP requests.
5.4 - Security
As part of the security compliance we will address the top 10 most common
vulnerability of a web-base application. Aside from user authentication using Azure
Identity, we will apply prevention methods to secure the applications information.
1. Security Miscommunication
2. Cross Site Request Forgery (CSRF)
3. Cross Site Scripting Attach (XSS)
4. Malicious File Upload
5. Version Disclosure
6. SQL Injection Attacks
7. Sensitive Data Exposure
8. Less Informative Audit Trail
9. Broken Authentication and Session Management
10. Unvalidated Request and Redirects