...
Decision | Description |
|---|---|
Problem/Issue | The passwords can be seen by anyone who has access to the database. This is a huge security risk. |
| Decision | Using Argon2, we can hash the passwords of users, so that a hashed password is stored in the database. This prevents hackers from seeing someone elses else's password. |
| Alternatives | SHA-512, MD5, PBKDF2, BCrypt, and SCrypt (Millington, 2022) |
| Arguments | From a comment in Baeldung (Millington, 2022). Argon2 being suggested. Going to the Supertokens website (Supertokens Team, 2022), There is a tool that detects how safely a password is. With that Supertokens also recommended to use this hashing tool this in march 2022, which is quite recent. It uses more resources from your computer, but it makes a stronger password from it. Regterschot Racing required minimum security, that also includes a hashed password. |
...
The crewmember goes to the rewatch race page where the front-end does a call to the back-end. This activates the getAllRaces method in the RaceResource. The resource is only responsible for returning the response so it gets delegated to the RaceService, because the resource is not allowed to have any logic in it. The RaceService decides the flow, that is why he is the controller. The RaceService delegates this to the raceDAO because getting the data from the database is not the responsibility of the service. In the RaceDAO a database connection is established to get all the data from the database. The benefit of this structure is that you can easily swap the classes which results in low cohesion and high coupling. This structure is based of on the the layer pattern.
Design decision
Decision | Description |
|---|---|
Problem/Issue | The name of the racecar race car is not stored in the database because this is not necessary at the moment |
| Decision | In the constructor of RaceDTO the car get's gets the value "BMW 320 4fl E46" assigned |
| Alternatives | Store it in the database, leave it empty |
| Arguments | The BMW is the only car they intend to use in the near future so it's not necessary to make a new table for racecarrace car. |
table 6: design decision view races
...
figure 7: sequence diagram show sensor.
When a crewmember opens the a tab, the front-end does makes a call to the back-end. It sends a call to SensorWithGraphResource. The SensorWithGraphResource instantly gives it to the SensorService. That is because the SensorWithGraphResource should not contain any logic. The SensorService however is able to make send the call to the SensorWithGraphDAO. The SensorWithGraphDAO creates two DTO's. This is because the DAO uses them to send the data from the database to the resource.
...
We decided that making a sequence diagram is not needed for this user action to the system. The sensors will get loaded in when someone navigates to the website after which the crewmember will click on the desired sensor to view a graph from. After the user clicks on the sensor, it wil will instantly show the types of graph graphs linked to the sensor. This is something that happens on the front-end, thats that's why we decided its it's unnecessary.
Sequence diagram select graph
...
The crewmember adds a graph on the webpage. the The front-end does makes a call to the back-end. The resource is only responsible for returning the response so it gets delegated to GraphService. The GraphService delegates this to the GraphDAO because adding the data to the database is not the responsibility of the service. In the GraphDAO the graph gets added to the database. The benefit of this structure is that you can easily swap the classes which results in low cohesion and high coupling. This structure is based of on the the layer pattern.
Tab CRUD
Delete Tab
...
The crewmember makes a call in the front end to the back-end. The TabResource receives this call and sends it to the service, since the resource should only send something back and should not contain any logic. Tabresource does however receive a username from the clearToken method. This needs to happen, because the service should only delegate the function to the DAO and to succesfully successfully add a tab, an a username is required to see where the tab needs to be added. The TabDAO makes a call to the database to execute the update with a query and parameters set up in de class. This call eventually creates the tab in the database.
...