1. Introduction and Goals

Describes the relevant requirements and the driving forces that software architects and development team must consider. These include

  • underlying business goals,

  • essential features,

  • essential functional requirements,

  • quality goals for the architecture and

  • relevant stakeholders and their expectations

RTVE wants to offer a web application based on the famous Spanish TV show "Saber y Ganar" to its users in commemoration of the 28th anniversary of the show. This show consists on answering a number of questions with different types and subjects obtaining a prize for each question well answered.

The expected goal is to offer a well-designed game that maintains all the quality standards that the company offers like maintainability, security, etc…​; while trying to fulfill the user’s needs to provide a positive UX.

1.1. Requirements Overview

Contents

Short description of the functional requirements, driving forces, extract (or abstract) of requirements. Link to (hopefully existing) requirements documents (with version number and information where to find it).

Motivation

From the point of view of the end users a system is created or modified to improve support of a business activity and/or improve the quality.

Form

Short textual description, probably in tabular use-case format. If requirements documents exist this overview should refer to these documents.

Keep these excerpts as short as possible. Balance readability of this document with potential redundancy w.r.t to requirements documents.

Further Information

See Introduction and Goals in the arc42 documentation.

The web application must meet the following requirements:

Requirement Description

User Registration and Login

Users must be able to register into game or login into the game.

WikiData

The questions and answer options (a correct one and three distractors) must be generated using the WikiData API.

Timer

All the questions must have a time to answer.

APIs

The game must expose two APIs that retrieves information about 1. Users and 2. Questions generated.

User History

Maintain a record of users' participation in the game, including the number of games played, questions passed and failed, and times played.

1.2. Quality Goals

Contents

The top three (max five) quality goals for the architecture whose fulfillment is of highest importance to the major stakeholders. We really mean quality goals for the architecture. Don’t confuse them with project goals. They are not necessarily identical.

Consider this overview of potential topics (based upon the ISO 25010 standard):

Categories of Quality Requirements
Motivation

You should know the quality goals of your most important stakeholders, since they will influence fundamental architectural decisions. Make sure to be very concrete about these qualities, avoid buzzwords. If you as an architect do not know how the quality of your work will be judged…​

Form

A table with quality goals and concrete scenarios, ordered by priorities

Priority Quality Goal Description Considerations

1

Usability

As with any application, response time, learning curve, and navigability of the application should meet standards and expected minimums. The system should be easy to use and not require specific or complex knowledge.

Consider incorporating user feedback and usability testing to refine the user interface.

2

Accessibility

Any user must be able to enjoy playing with our application despite any disability they could have.

HTML standards must be followed to try to minimize the lack of Accessibility of our Application. Another important feature is the contrast of our web. All of these can be tested with Accessibility tools available on Internet.

3

Performance

The software should have acceptable response time to provide a smooth user experience.

Basic optimization techniques can improve performance.

4

Security

The application should stick to industry best practices for security to protect against unauthorized access, data breaches, and other threats.

Regular security audits and implementing basic security controls are essential.

5

Availability

Minimizing downtime and making interruptions imperceptible to users is desirable, however, it is difficult to achieve and not a strict requirement. For a game application, continuous availability is not crucial.

Implementing redundancy and failover mechanisms can enhance availability.

1.3. Stakeholders

Contents

Explicit overview of stakeholders of the system, i.e. all person, roles or organizations that

  • should know the architecture

  • have to be convinced of the architecture

  • have to work with the architecture or with code

  • need the documentation of the architecture for their work

  • have to come up with decisions about the system or its development

Motivation

You should know all parties involved in development of the system or affected by the system. Otherwise, you may get nasty surprises later in the development process. These stakeholders determine the extent and the level of detail of your work and its results.

Form

Table with role names, person names, and their expectations with respect to the architecture and its documentation.

Role/Name Contact Expectations

RTVE

A web application that emulates the functionality of the famous Spanish TV show "Saber y Ganar".

HappySw

An application that meets all the requirements asked by RTVE maintaining the quality that offers the company.

Professors

A well-designed web application that fulfills the functional requirements for the game to work, as well as, the quality requirements.

Users

A quiz game to test their knowledge on different fields. The game must be easy to use and must record all of their past games.

Development team

A good documented and clean code that fulfills the expected requirements. Also, a well implemented System that makes it easier for maintenance and extension.

2. Architecture Constraints

Contents

Any requirement that constraints software architects in their freedom of design and implementation decisions or decision about the development process. These constraints sometimes go beyond individual systems and are valid for whole organizations and companies.

Motivation

Architects should know exactly where they are free in their design decisions and where they must adhere to constraints. Constraints must always be dealt with; they may be negotiable, though.

Form

Simple tables of constraints with explanations. If needed you can subdivide them into technical constraints, organizational and political constraints and conventions (e.g. programming or versioning guidelines, documentation or naming conventions)

Further Information

See Architecture Constraints in the arc42 documentation.

The development of the application has several architectural constraints that must be addressed.

2.1. Technical constraints

Constraint Explanation

Web front-end

The application must be accessible through a web interface to interact with the game.

Data storage

The application must be able to store historical data from users (number of games, questions, etc.) and allow them to register.

Wikidata

Wikidata will be used to generate the questions, so the application must implement mechanisms to fetch information from it.

Deployment

The application will be deployable on a Linux server.

2.2. Organizational constraints

Constraint Explanation

Team members

The team is composed of 7 members from the same lab group.

Time

The application is developed in a limited time (the semester).

Meetings

At least one meeting per week will have place in order to discuss what needs to be done next.

Git

The development team must use git for version control management.

2.3. Conventions

Constraint Explanation

Language

All the project must be developed in English.

ARC42

The documentation of the project must use the ARC42 template.

GitHub conventions

Changes in the project must be carried out by using different branches. Issues are used as official communication means.

OpenAPI

The APIs documentation will follow OpenAPI specification to have an standardized way of documenting and make it easier for the users consulting it.

JSend

All services must follow the JSend specification for each JSON response.

3. System Scope and Context

Contents

System scope and context - as the name suggests - delimits your system (i.e. your scope) from all its communication partners (neighboring systems and users, i.e. the context of your system). It thereby specifies the external interfaces.

If necessary, differentiate the business context (domain specific inputs and outputs) from the technical context (channels, protocols, hardware).

Motivation

The domain interfaces and technical interfaces to communication partners are among your system’s most critical aspects. Make sure that you completely understand them.

Form

Various options:

  • Context diagrams

  • Lists of communication partners and their interfaces.

Further Information

See Context and Scope in the arc42 documentation.

3.1. Introduction

The KaW project aims to develop a new experimental version of the "Saber y Ganar" quiz show for RTVE that involves creating a web application where users can register, log in, and participate in quiz games. Questions for the quiz will be automatically generated from data available in Wikidata.

3.2. Business Context

Contents

Specification of all communication partners (users, IT-systems, …​) with explanations of domain specific inputs and outputs or interfaces. Optionally you can add domain specific formats or communication protocols.

Motivation

All stakeholders should understand which data are exchanged with the environment of the system.

Form

All kinds of diagrams that show the system as a black box and specify the domain interfaces to communication partners.

Alternatively (or additionally) you can use a table. The title of the table is the name of your system, the three columns contain the name of the communication partner, the inputs, and the outputs.

Business Context

Communication partner

Inputs

Outputs

User

Interacts with WebApp by putting user credentials and answering to questions.

Receives question status (correct/incorrect) and history information about past games.

WebApp

User interaction by means of a graphical interface. This includes accepting the answers of questions.

Provides user information and question data including text, options and the correct answer.

Question Service

Accepts queries for generating questions based on size, type and language.

Generates the question data (text, options, images and correct answer).

Wikidata

Receives queries from the Question Service in order to generate the data of the question.

Responds to the queries with all the data of the generated question.

3.3. Technical Context

Contents

Technical interfaces (channels and transmission media) linking your system to its environment. In addition a mapping of domain specific input/output to the channels, i.e. an explanation which I/O uses which channel.

Motivation

Many stakeholders make architectural decision based on the technical interfaces between the system and its context. Especially infrastructure or hardware designers decide these technical interfaces.

Form

E.g. UML deployment diagram describing channels to neighboring systems, together with a mapping table showing the relationships between channels and input/output.

Technical Context

Component

Description

WebApp

Accessible via the internet, allowing users to interact with the KaW application.

Services

Provide access to user information and generated questions, enabling integration with external systems. Also, provides an API interface for consulting certain information.

Database

Stores and retrieves user data, including registration information and participation history. Also, questions can be stored for caching purposes.

Wikidata

Accepts SPARQL queries and returns the requested data about questions.

4. Solution Strategy

Contents

A short summary and explanation of the fundamental decisions and solution strategies, that shape system architecture. It includes

  • technology decisions

  • decisions about the top-level decomposition of the system, e.g. usage of an architectural pattern or design pattern

  • decisions on how to achieve key quality goals

  • relevant organizational decisions, e.g. selecting a development process or delegating certain tasks to third parties.

Motivation

These decisions form the cornerstones for your architecture. They are the foundation for many other detailed decisions or implementation rules.

Form

Keep the explanations of such key decisions short.

Motivate what was decided and why it was decided that way, based upon problem statement, quality goals and key constraints. Refer to details in the following sections.

Further Information

See Solution Strategy in the arc42 documentation.

4.1. Technologies

  • React : React will simplify the task build reusable and modular UI elements for our application thanks to its component-based structure. It also allows us to use JSX, which is a syntax extension for JavaScript that allows us to write HTML elements inside our JavaScript code. This will make our code more readable and easier to debug.

  • Express : Web application framework for Node.js which will simplify development on the server side. There is also available a wide range of third-party middlewares that we could include on our application.

  • TypeScript : Since we will be using JavaScript and are more familiar with statically typed languages we will use TypeScript for the services of our application. This will also reduce the likelihood of some unexpected errors at runtime.

  • MongoDB : We chose MongoDB since we consider we could take advantage of it’s flexible schema. Its native support for JSON and its simple query language also influenced our decision. We also consider this a valuable opportunity to learn and work with a document database.

  • Docker: To deploy our project, Docker was chosen due to its handy portability and its perfect integration with microservices applications.

4.2. Decomposition of the System

4.2.1. Architectural patterns

  • Microservices: As the main architecture for the whole project. The system is divided into several modules representing a functional requirement like question generation. Each of these modules will be independent from each other and have its own database.

  • RESTful APIs: The main architecture for our Services to function as an API. Clients can communicate through over HTTPS using standard methods, such as GET to consult information like history data or generate questions using Wikidata. All these services are "masked" through a middleware so clients do not have to access different endpoints.

  • Gateway A middleware that acts as an API-frontend for clients to access various services within our system. This component can be also seen as a "Controller" since it receives petitions from outside, calls the corresponding service that answers that petition and returns its value.

4.3. Decisions to Achieve Quality Goals

Quality goal Scenario Approach

Security

Ensuring secure methods of authentication, such as login credentials (username and password), to protect user accounts from unauthorized access.

Implementation of secure authentication mechanisms with mechanisms such as JWT, encryption for data in transit using HTTPS, and security enforcement automation with tools such as SonarCloud.

Performance

Web-app should work smoothly and respond quickly.

Implementing caching mechanisms for Question generation.

Usability

The application aims for user-friendly accessibility with an intuitive design.

Different web tools can be used to test accessibility and responsive design such as Google LightHouse, Contrast Checker or Wave.

4.4. Organization and management

The team will follow an agile methodology to focus on continuous delivering of products with value to the stakeholders as well as improving the quality of the whole project in each delivery.

Each week the team will have a meeting to discuss the work performed through the week, the tasks not done and all the decisions taken for next weeks, which will be recorded on the Wiki of the GitHub repository. All the work performed and its progress is going to be tracked by means of the Kanban and the issues. Any unforeseen issue that may arise during development will be discussed in the issue itself or via our WhatsApp group if of low relevance or importance.

In the end, agile methodologies promotes the continuous collaboration of the team to ship quality products that stakeholders can really make value of, which is one of the objectives from the team.

5. Building Block View

Content

The building block view shows the static decomposition of the system into building blocks (modules, components, subsystems, classes, interfaces, packages, libraries, frameworks, layers, partitions, tiers, functions, macros, operations, data structures, …​) as well as their dependencies (relationships, associations, …​)

This view is mandatory for every architecture documentation. In analogy to a house this is the floor plan.

Motivation

Maintain an overview of your source code by making its structure understandable through abstraction.

This allows you to communicate with your stakeholder on an abstract level without disclosing implementation details.

Form

The building block view is a hierarchical collection of black boxes and white boxes (see figure below) and their descriptions.

Hierarchy of building blocks

Level 1 is the white box description of the overall system together with black box descriptions of all contained building blocks.

Level 2 zooms into some building blocks of level 1. Thus it contains the white box description of selected building blocks of level 1, together with black box descriptions of their internal building blocks.

Level 3 zooms into selected building blocks of level 2, and so on.

Further Information

See Building Block View in the arc42 documentation.

5.1. Scope and Context

Diagram
Motivation

The diagram above shows the high-level abstraction of the functionality of the system. As it can be seen, there are two main components: Users and Application; and one External service: Wikidata. The general workflow consists on a series of interactions done by the users through the different components exposed by the Application. During the game, the application will require the help of the external service to generate the different questions and answers that the user will have to choose. Also, users can communicate with our API to retrieve or generate information to be used in other applications.

Contained Building Blocks
Building block Description 

KaW Application

 The core block that manages the game itself, the visuals of it and the API interface.

WikiData

API that offers the Application an easy-to-use interface to perform queries for the question and answer generation.

5.2. Level 1

Diagram
Motivation

In this level of decomposition, we illustrate the primary services of our system. The Frontend service serves as the entry point for user interactions with the KaW game, directing them to the Gateway. The Gateway then routes these interactions to the appropriate microservices for processing. The users can also make direct requests to the Gateway to communicate with our API instead that playing the game. This diagram emphasizes the flow of interactions through the system’s components.

Contained Building Blocks

Building block

Description

Frontend

Service responsible for collecting user interactions and routing them to the Gateway.

Gateway

Middleware component that routes user interactions or API requests to the appropriate microservices.

Microservices

Collection of smaller services responsible for handling various functionalities of the application.

5.3. Level 2

Diagram
Motivation

This diagram shows a more detailed view of the functionality of the system, showing the gateway and the different microservices. The user interacts with the WebApp, which sends requests to the Gateway. The Gateway then communicates with the different microservices to perform various operations. The QuestionService also interacts with the Wikidata API to generate questions and answers. The results are then sent back to the user through the same path. This architecture allows for a separation of concerns, where each component has a specific role and responsibility.

If users decide to use the API, they must always connect through our Gateway and never directly to the services itself. Having this in mind, users can make requests to generate questions (the same way as we use for our game) for its own purposes and also, consult a series of historical records of the game itself such as games played, questions failed, etc.

Contained Building Blocks
Building block Description 

WebApp

 Component that Users interact with. It represents all the visuals and interactivity of the Web Application.

Gateway

MiddleWare that connects the WebApplication with the different MicroServices of the Application and serves as an API entrance point.

AuthService

It manages all the actions referred to the authentication of a user into the system. Also, the different registration of them.

UserService

It manages all the actions referred to the users such as retrieval of game history.

QuestionService

Handles the Question and Answers generation. This action is complemented with the use of Wikidata API.

6. Runtime View

Contents

The runtime view describes concrete behavior and interactions of the system’s building blocks in form of scenarios from the following areas:

  • important use cases or features: how do building blocks execute them?

  • interactions at critical external interfaces: how do building blocks cooperate with users and neighboring systems?

  • operation and administration: launch, start-up, stop

  • error and exception scenarios

Remark: The main criterion for the choice of possible scenarios (sequences, workflows) is their architectural relevance. It is not important to describe a large number of scenarios. You should rather document a representative selection.

Motivation

You should understand how (instances of) building blocks of your system perform their job and communicate at runtime. You will mainly capture scenarios in your documentation to communicate your architecture to stakeholders that are less willing or able to read and understand the static models (building block view, deployment view).

Form

There are many notations for describing scenarios, e.g.

  • numbered list of steps (in natural language)

  • activity diagrams or flow charts

  • sequence diagrams

  • BPMN or EPCs (event process chains)

  • state machines

  • …​

Further Information

See Runtime View in the arc42 documentation.

6.1. Login scenario

When the user wants to login into the application (KaW), the user navigates to the login page. The WebApp will show a form that allows the user to enter their details (username and password), which are then sent to the User Service by means of the Gateway in order to be verified.

Then, the User Service asks the Database for the password given the username. The Database will return an encrypted password. The User Service will encrypt the password provided by the user and then compare it with the one from the database. If the passwords do not match, an error message showing "Invalid credentials" will appear to the user, and if they are correct, a valid JSON response is created together with the creation of a session token that allows the user to stay authenticated for a period of time. Finally the user will be able to access the application.

This case scenario is also represented on the following diagram (split in two for better readability):

Diagram
Diagram

6.2. Question Generation

When a user starts a game through the WebApp, it triggers a request for generating questions to the Gateway. The Gateway works with the QS (Question Service) to generate questions. To improve performance a simple cache system is implemented.

First, half of questions to generate are actually generated using Wikidata Service: QS requests a question template from the Database, which is then filled with relevant data from the WQS (Wikidata Query Service). After filling the template, QS uses the previous data, obtained from WQS, to also generate answers and distractors. If WQS gets timed out (e.g. waiting more than 5 sec to retrieve the data to fill template), it is chosen an already generated question from cache to always try to return the exact number of questions requested.

Second, the other half are simply retrieved from previously wikidata generated questions which are stored in DB. Then, both array of questions are combined to return the n questions requested.

Optionally, if questions are required in a certain language. The QS queries a translation Service (TS) to perform the translation. For that, the whole array of questions is transformed into a suitable string format to avoid constraints by TS (e.g. translating question by question and answer by answer). Then, TS is used and translates the string. Once this is done, QS is in charge of reformatting the translated string into questions array.

Finally, QS sends them back to the Gateway, so again the response can then be redirected towards the WebApp. Finally, the WebApp displays the questions of the game.

This case scenario is also represented with the following diagrams (split for better understanding).

Overview of Question Generation workflow:

Diagram

The Question Generation phase consists of:

Diagram

The caching retrieval phase:

Diagram

If a language has been selected, the translation phase will be as follows:

Diagram

6.3. User statistics recording scenario

When a user answers the final question, the WebApp determines if the answer was correct or not. Then, all the data collected from the current game (the WebApp is collecting infromation while playing) is sent to the Gateway and then forwarded to the User Service, which is in charge of updating the Database with the updated user history.

This case scenario is also represented on the following diagram:

Diagram

7. Deployment View

Content

The deployment view describes:

  1. technical infrastructure used to execute your system, with infrastructure elements like geographical locations, environments, computers, processors, channels and net topologies as well as other infrastructure elements and

  2. mapping of (software) building blocks to that infrastructure elements.

Often systems are executed in different environments, e.g. development environment, test environment, production environment. In such cases you should document all relevant environments.

Especially document a deployment view if your software is executed as distributed system with more than one computer, processor, server or container or when you design and construct your own hardware processors and chips.

From a software perspective it is sufficient to capture only those elements of an infrastructure that are needed to show a deployment of your building blocks. Hardware architects can go beyond that and describe an infrastructure to any level of detail they need to capture.

Motivation

Software does not run without hardware. This underlying infrastructure can and will influence a system and/or some cross-cutting concepts. Therefore, there is a need to know the infrastructure.

Form

Maybe a highest level deployment diagram is already contained in section 3.2. as technical context with your own infrastructure as ONE black box. In this section one can zoom into this black box using additional deployment diagrams:

  • UML offers deployment diagrams to express that view. Use it, probably with nested diagrams, when your infrastructure is more complex.

  • When your (hardware) stakeholders prefer other kinds of diagrams rather than a deployment diagram, let them use any kind that is able to show nodes and channels of the infrastructure.

Further Information

See Deployment View in the arc42 documentation.

Our project is configured using GitHub actions so that every release triggers unit and end-to-end tests, as well as an attempt to deploy the application to a server. This setup enables our team to achieve continuous deployment and delivery (CD) together with continuous integration (CI).

Just for record, a guide followed by the team to deploy our application can be found here.

7.1. Infrastructure Level 1

Describe (usually in a combination of diagrams, tables, and text):

  • distribution of a system to multiple locations, environments, computers, processors, .., as well as physical connections between them

  • important justifications or motivations for this deployment structure

  • quality and/or performance features of this infrastructure

  • mapping of software artifacts to elements of this infrastructure

For multiple environments or alternative deployments please copy and adapt this section of arc42 for all relevant environments.

Diagram
Motivation
  • The diagram above illustrates the initial version of our architecture and the delineation among its components. Our approach adopts a straightforward client-server architecture, where the server interacts with Wikidata to retrieve questions. This division enforces a clear separation between the client/frontend and the server/backend. Such separation benefits the entire system by ensuring that as long as the common API is implemented, the specific implementations can remain interchangeable.

  • Utilizing an Ubuntu server on Azure provides us with an isolated environment equipped with the essential configurations and installations necessary for running our services. By hosting our server on Azure, we can minimize costs associated with machine uptime while alleviating responsibilities such as security, availability, and maintenance.

  • We use Docker as it is a containerization platform that allows us to package our application and its dependencies into a standardized unit for software development. This approach ensures that our application will run consistently on any environment, regardless of the machine’s configuration. We’ve opted for a microservices architecture using Docker containers instead of a monolithic setup. Docker allows us to isolate each service, tailoring resources efficiently and preventing conflicts between services. Services operate independently within their containers, promoting scalability and resilience. Each service has its Docker image, enabling flexibility in development and deployment. Currently, our project includes various services, such as web application, gateway, user authentication, and MongoDB server. This Docker-based approach streamlines deployment, management, and resource utilization while enhancing the overall flexibility and scalability of our system.

Quality and/or Performance Features

As mentioned earlier, the primary advantage of this architecture lies in the interchangeability of its components.

Mapping of Building Blocks to Infrastructure

The Web App, gateway, and services are all contained within Docker containers, which are hosted on a server. The server is responsible for hosting the Docker containers and communicating with Wikidata to retrieve questions. The gateway is responsible for interfacing with the web app and the services, while the services are responsible for managing the user’s data and generating questions.

Blocks Description

Web App

User interface to interact with the rest of the application.

Gateway

Interface that communicates the web app with the different services.

Auth Service

Service for the authentication of the users.

User Service

Service in charge of managing the users and its history. Some functions can be found for our API consumers.

Users Database

Database to save the user’s data as well as the history of the games.

QuestionService

Service that generates questions with WikiData. The same function can be found for our API consumers.

Question Database

Database to save the templates and queries for WikiData.

WikiData

The API used to get information from WikiData.

8. Cross-cutting Concepts

Content

This section describes overall, principal regulations and solution ideas that are relevant in multiple parts (= cross-cutting) of your system. Such concepts are often related to multiple building blocks. They can include many different topics, such as

  • models, especially domain models

  • architecture or design patterns

  • rules for using specific technology

  • principal, often technical decisions of an overarching (= cross-cutting) nature

  • implementation rules

Motivation

Concepts form the basis for conceptual integrity (consistency, homogeneity) of the architecture. Thus, they are an important contribution to achieve inner qualities of your system.

Some of these concepts cannot be assigned to individual building blocks, e.g. security or safety.

Form

The form can be varied:

  • concept papers with any kind of structure

  • cross-cutting model excerpts or scenarios using notations of the architecture views

  • sample implementations, especially for technical concepts

  • reference to typical usage of standard frameworks (e.g. using Hibernate for object/relational mapping)

Structure

A potential (but not mandatory) structure for this section could be:

  • Domain concepts

  • User Experience concepts (UX)

  • Safety and security concepts

  • Architecture and design patterns

  • "Under-the-hood"

  • development concepts

  • operational concepts

Note: it might be difficult to assign individual concepts to one specific topic on this list.

Possible topics for crosscutting concepts
Further Information

See Concepts in the arc42 documentation.

8.1. User Experience (UX)

8.1.1. Internationalization

One of the things to increase accessibility is giving our application the capability of being in various languages so people around the world can play our game. Obviously, internationalization is more than just changing the language of the Application but due to time constraints we will just offer Spanish, English, Ukrainian and French languages ( although, our API can generate questions in other languages different from described, to see the whole list, refer to our API documentation ).

The library used for language translation in our KaW game is called react-i18next. For simplicity (and due to just only having three languages), all of the translations of messages are stored locally in properties files. Eventually, if the Application grows and we wanted to have more than 4 languages the best approach is to store those properties in a server and let the application to request those on the fly. Again, for simplicity the option of having all bundle together in the Frontend just fits.

The translation of questions is a bit different from the frontend part since it is done "on the fly" by using the Microsoft translation API . This change has been done since the questions are not fully known until they are generated so storing the translation locally does not provide any benefit. Also, one advantage of it, is its simplicity and ease to use. To meet the restrictions impose by the Free version of this API a series of formatting rules are carried out into the question generation phase to minimize the usage of it and avoid getting suspended.

8.2. Security

8.2.1. Bcrypt

Keeping a secure website for our users is one of our main quality goals. For that, all the passwords stored in MongoDB are simply hashes so attackers cannot decipher them easily. The library used in the AuthService and UserService to store or compare passwords is called bcrypt. This library provides with an easy way to hash passwords and keep user’s data secured.

Also, all users are enforced to have a password with at least 8 characters. This security measure makes a lot of sense if we want to really ensure the security of our users. Although sometimes it could be a bit cumbersome for some, the introduction of this measure make security to grow exponentially.

8.2.2. Authentication

To keep our users' data secure an authentication mechanism has been developed with the use of JSON Web Tokens (JWT). If someone tries to access historical game records for certain users, our KaW application enforces to pass a valid token through the header of the message request.

In this way, only authenticated users are able to consult the different data that our application enforces.

8.2.3. Other security aspects

As stated in the quality goals, the security plays a crucial role in our application to prevent any attacks from external users or any potential backdoors that we could have in our code.

For that, a Static Application Security Testing (known also as SAST) tool is included into our project. This tool scans the source code of our application for security weaknesses, potential vulnerabilities, and coding patterns that could lead to security breaches. One famous service that implements a SAST is SonarCloud, so the team has decided to use this tool in our CI and CD environment so each time a change is uploaded, the security scanner checks for any issue.

8.3. Development concepts

8.3.1. Test

Testing is one important feature when development comes to the table. To keep a good CI and CD environment a series of tests are enforced before submitting any new change into our main pipeline project. GithubActions help us to achieve this goal where different workflows have been built to ensure a project with the highest quality standards.

There are many different types of tests and the team has decided to enforce the following ones:

  • Unitary Testing (included on CI/CD):

Each new code is tested independently to ensure its correct functionality and not breaking the main project. The testing framework used both for Backend and Frontend is Jest due to its simplicity and its great bound with Javascript files.

Also, the usage of SonarCloud gives us more than security checking, it also enforces each member of the team to have a good coverage on our code to meet the quality standards we are required.

  • End-to-End Testing (included on CI/CD):

Apart from testing functionality, all our code must also meet the required domain functionality such as registration, login, etc. For that, Jest is used in combination with puppeteer which provides a High-level API to control browsers and simulate our different User Stories (domain functionality) that the project requires.

The following functional requirements have been tested:

  • LOGIN-1: Registered user logs in successfully

  • LOGIN-2: Registered user logs in with incorrect password

  • PROFILEMGT-1: User updates profile information (profile picture and bio)

  • REGISTER-1: The user is not registered in the site

  • REGISTER-2: The user is already registered in the site

  • GAME-1: The user wants to go to the game menu

  • GAME-2: The user wants to start an easy game

  • GAME-3: The user wants to start a medium game

  • GAME-4: The user wants to start a hard game

The combination of both Unitary and End-to-End tests gives our Application with enough robustness to meet the expectations of delivering high quality code.

  • Load Testing:

Although our application may not have a huge load of users, one of the quality goals is the performance of the application. With load testing, the team will be able to identify certain aspects or cases in which code takes too long to execute things. For example, having a lot of users playing the game and making a lot of requests to generate questions.

For that, Gatling was chosen as our main load testing framework. Although, it is not written in Javascript which could facilitate the configuration, Gatling offers a light and simple framework to build these kind of tests. Also,the files generated by it are Java files which eases the tasks due to the vast knowledge of the team on this programming language.

To see a real workload and how our application behaves to it, it has been carried two different tests per each case scenario. The first one could be consider a "considerable" amount of users where 20 users arrive to the application per second during 60 seconds. The second one is a type of load testing called Stress testing where the Application is put at its maximum capacity so it breaks. The following results are provided below:

As it can be seen, the Application runs smoothly with 1200 concurrent users and it is more than enough to meet the quality requirements and taking in mind where the Application is hosted. On the other hand, it is currently impossible to achieve availiability and performance if 3000 users use our Application.

If more information is needed on how to run those tests, please go here.

  • Usability testing

Finally, another crucial part to be tested in our application are usability ones. With these test, the team tries to deliver high quality functionality to the users by simply testing with them and examine its behaviour.

The team will select different people to try our application to get Information on how to improve it, at the end, this application is for them!

  • Home page: As stated by many users, they were a little bit lost when logging in directly into the application since they have to "guess" where the play button was (it was in navbar). For that, the team decided to include a direct play button that takes the user to the Game Page. Also, after checking with contrast tools, the name displayed on the Home Page was not readable enough, so it was also changed.

OldHomePage
NewHomePage
  • Game modes: Another thing the team noticed is the difficulty of users to select one game mode from our Game since they did not what did it mean "Easy", "Medium", …​ So the team decided to put a descriptive text in each of the game modes so the user can truly understand what challengue is facing.

OldGamePage
NewGamePage
  • Password fields Some users have been very frustated when registering/logging into our Application since there was no "See password" button to correct their mistakes when typing. Since this is a simple yet powerful change to improve the User Experience, the team has decided to also support that capability.

OldPasswordPage
NewPasswordPage

Usability testing does not ends here since it is needed a real one with lots of users of different ages and also, taking into account its timing on completing certain tasks. Although, taking already care of these details makes really the difference.

  • Accesibility, color checker and more

Google’s automated tool LightHouse is used to perform several of "cross-cutting" tests to improve the performance and correctness of our web Application.

It has been tested each page of our Application against this tool to see any flaw into our application, and, as it can be seen, our game has a very good mark on each one: GamePage, HomePage, LeaderboardPage, LoginPage, ProfilePage, RegisterPage.

Lighthouse_Result

8.3.2. Code generation

JSend

To have an standardized way of responses for the different Microservices that our application have, the JSend specification has been chosen. This specification allows the team to have uniform JSON responses so other parts of the system such as Frontend, always know what to expect from these services.

8.4. Architecture and design patterns

8.4.1. MicroServices

The reason behind, is that with Microservices architecture we can forget about dealing with a single complex application. Instead, we make a "Divide and Conquer" approach by identifying those modules that made up our system and making it independently deployable services, each serving a specific business function.

8.4.2. Gateway and REST

This architectural pattern makes it easier for the Frontend subsystem to communicate with the different MicroServices that composes our Application since it has to focus on a single entry point instead of knowing which service to consult. It also help us to tackle the requirement of APIs by using this pattern since it acts like a REST API where other users (not our Application) can make petitions to it to retrieve some data using a uniform interface.

Diagram

8.5. "Under-the-hood" concepts

8.5.1. Persistence

As stated in point 4.1, the chosen database for the project is MongoDB which offers us a document-oriented schema. This type of database fits perfectly with our services since the mainly work with JSON-formatted data.

ER model - QuestionDatabase
Diagram

Document

Description

QUESTION_TEMPLATE

Holds the template needed to query the WikiData API for the Question generation. It has a relation with ONE QUESTION_TYPE document.

QUESTION_TYPE

Represents a category for a question (e.g. Capitals) together with its SPARQL query. Also, several entities are provided so prior to send SPARQL query into Wikidata Service, it can be selected one entity to change the whole query (e.g. Capitals of Europe or Capitals of Asia)

QUESTION

Holds document of already generated questions. This schema is used for performance enhancements (for a simple yet powerful cache)

ER model - UserDatabase
Diagram

Document

Description

USER

Holds all the data related to a user registered into our game. It has a relation with ONE USER_HISTORY and ONE USER_PROFILE document

USER_HISTORY

Holds all the records/statistics of a single user through all played games.

USER_PROFILE

Holds specific customization of the profile of a user.

Connection to MongoDB

To make it easier the connection from Services (using ExpressJS) to MongoDB, the usage of Mongoose has been chosen. This is a JS library that help us to create these connections.

Diagram

8.5.2. Session handling

To handle the different sessions of our different users, JWT are also used for this purpose. For each logged in user, a token will be generated for authenticating them as stated previously, and also, for maintaining a session and hold the necessary information without having to reenter the users' credentials. In this way, the user will have to keep on its browser this token to maintain alive the session.

8.6. Operation concepts

8.6.1. Monitoring with Grafana & Prometheus

To provide with quality to the Application, a monitoring system has been applied using Grafana and Prometheus,to always keep track of how the application is performing. The work is simple, it has been added Prometheus to "scrap" information from the Gateway Service like all the petitions it is asked to it.

This information is available at kawgame.xyz:8000/metrics and the Prometheus application, that manages it, at kawgame.xyz:9091. Although, this is retrieval is good, for the "humans" is not so comfortable to the "eye". For that, Grafana has been set up.

This application help us to see in a graphical way all the load that our Application is having and how it responds to it. As this is "developers" information, a login has been set up to prevent other people from knowing this information.

In that way, we would have the following:

Diagram

8.6.2. Persisting the Persistence

As requested by our shareholders, the application needed to keep all data from previous deployments. For that, the team has decided to have a simple yet powerful solution with the usage of Volumes of Docker.

With this approach, each container from the Infrastructure shown before has its own data stored in those Volumes and it is also independent from it, so any new release will use the previous data and "persist the persistence".

9. Architecture Decisions

Contents

Important, expensive, large scale or risky architecture decisions including rationales. With "decisions" we mean selecting one alternative based on given criteria.

Please use your judgement to decide whether an architectural decision should be documented here in this central section or whether you better document it locally (e.g. within the white box template of one building block).

Avoid redundancy. Refer to section 4, where you already captured the most important decisions of your architecture.

Motivation

Stakeholders of your system should be able to comprehend and retrace your decisions.

Form

Various options:

  • ADR (Documenting Architecture Decisions) for every important decision

  • List or table, ordered by importance and consequences or:

  • more detailed in form of separate sections per decision

Further Information

See Architecture Decisions in the arc42 documentation. There you will find links and examples about ADR.

9.1. Using microservices and gateway

Alternatives considered

One possible alternative to microservices could be monolithic architecture for simplicity but potential scalability and maintenance challenges. We didn’t choose this approach because we think that the code would become unmaintainable quite fast. Also, the alternative to the gateway would be to have direct connections between the client and the services.

Goals of this decision

We have chosen the microservice architecture mainly for it’s better maintainability since the different microservices are isolated. They also have more flexibility and scalability. The gateway allows us to handle errors more easily and it also allows clients to use the API as a whole.

9.2. Creating a RESTful API

Alternatives considered

An alternative could be SOAP (Simple Object Access Protocol), which offers features like built-in security and reliability but tends to be more heavyweight and less scalable compared to REST.

Goals of this decision

Our main reason for choosing REST is for simplicity, since they are easier to develop. Using RESTful principles promotes a uniform interface, making it easier to understand and consume the API.

9.3. Using NoSQL

Alternatives considered

An alternative could be traditional SQL databases like MySQL or PostgreSQL, which offer strong ACID compliance and are well-suited for structured data with complex relationships. We didn’t choose SQL because we are not dealing with complex relationships between entities.

Goals of this decision

We chose MongoDB mainly for it’s great flexibility, since it allows handling unstructured data. That also makes it simpler to use.

9.4. User authentication

Alternatives considered

Authentication with Google was initially considered to leverage its OAuth 2.0 authentication mechanism for user authentication and authorization, this would improve security. However, it was ultimately not implemented due to several requirements imposed by Google in order to apply and be able to use it.

Goals of this decision

In the end we are using just a token system for it’s simplicity and because we couldn’t include OAuth 2.0.

Some of these decisions are also documented in our Wiki

10. Quality Requirements

Content

This section contains all quality requirements as quality tree with scenarios. The most important ones have already been described in section 1.2. (quality goals)

Here you can also capture quality requirements with lesser priority, which will not create high risks when they are not fully achieved.

Motivation

Since quality requirements will have a lot of influence on architectural decisions you should know for every stakeholder what is really important to them, concrete and measurable.

Further Information

See Quality Requirements in the arc42 documentation.

10.1. Quality Tree

Content

The quality tree (as defined in ATAM – Architecture Tradeoff Analysis Method) with quality/evaluation scenarios as leafs.

Motivation

The tree structure with priorities provides an overview for a sometimes large number of quality requirements.

Form

The quality tree is a high-level overview of the quality goals and requirements:

  • tree-like refinement of the term "quality". Use "quality" or "usefulness" as a root

  • a mind map with quality categories as main branches

In any case the tree should include links to the scenarios of the following section.

Diagram

10.2. Quality Scenarios

Contents

Concretization of (sometimes vague or implicit) quality requirements using (quality) scenarios.

These scenarios describe what should happen when a stimulus arrives at the system.

For architects, two kinds of scenarios are important:

  • Usage scenarios (also called application scenarios or use case scenarios) describe the system’s runtime reaction to a certain stimulus. This also includes scenarios that describe the system’s efficiency or performance. Example: The system reacts to a user’s request within one second.

  • Change scenarios describe a modification of the system or of its immediate environment. Example: Additional functionality is implemented or requirements for a quality attribute change.

Motivation

Scenarios make quality requirements concrete and allow to more easily measure or decide whether they are fulfilled.

Especially when you want to assess your architecture using methods like ATAM you need to describe your quality goals (from section 1.2) more precisely down to a level of scenarios that can be discussed and evaluated.

Form

Tabular or free form text.

10.2.1. Usage Scenarios

Quality requirement Scenario Priority

Usability

When new users access the application the design should be intuitive enough, allowing them to navigate through the system and play the game easily. The application should meet usability standards.

High

Adaptability

If a user accesses the application from a different device than a PC, the application should be able to adapt to the different screen size, providing a satisfactory user experience.

High

Performance

When a user interacts with the system it should react within one second to ensure a smooth and responsive user experience.

High

Accessibility

In case a user with a visual impairment interacts with the web application, it should follow HTML standards to ensure accessibility. All interactive elements must be navigable using screen readers, text alternatives should be provided for non-text content. Additionally, the application’s color contrast should be enough for people with color blindness.

High

Privacy

If a user provides personal information during the registration, the application should securely handle and store user-provided personal information. Encryption should be applied for data storage.

Medium

Security

If a malicious user attempts unauthorized access to the application, the application should implement robust authentication mechanisms, including secure password storage to prevent unauthorized access.

Medium

Availability

Users should be able to access the application at any time, with an availability of about 95%.

Medium

10.2.2. Change Scenarios

Quality requirement Scenario Priority

Maintainability

When new functionalities need to be added to the application, they should be easy to integrate. The application should have a good architecture and design that makes the code more modular, allowing easier maintenance. The documentation should also be clear for potential new team members.

High

Usability

New usability improvements should be implemented based on user feedback and usability testing.

High

Security

Different components of the application should be updated frequently to protect against evolving threats and vulnerabilities.

High

Testability

When new features are added to the application, new tests should be performed and they should be easy to add. The application must be designed to facilitate testing across new scenarios.

High

11. Risks and Technical Debts

Contents

A list of identified technical risks or technical debts, ordered by priority

Motivation

“Risk management is project management for grown-ups” (Tim Lister, Atlantic Systems Guild.)

This should be your motto for systematic detection and evaluation of risks and technical debts in the architecture, which will be needed by management stakeholders (e.g. project managers, product owners) as part of the overall risk analysis and measurement planning.

Form

List of risks and/or technical debts, probably including suggested measures to minimize, mitigate or avoid risks or reduce technical debts.

Further Information

See Risks and Technical Debt in the arc42 documentation.

Identifying potential risks helps mitigate the challenges that the project could have. That’s why this analysis is crucial for the project’s success. Other benefits of this recognition are the enhancement of project efficiency, reduce rework, and ensure a good software product for our stakeholders and users.

11.1. Technical risks

Risk Description Mitigation

WikiData Service

Relying on this external API can cause the QuestionService to stop working and produce our WebApp to not even be playable.

Introduce a sort of Cache for questions. When questions are generated from this API, try to store them for later usage or even to improve performance.

Microsoft Translation Service

Same issue as Wikidata, the failure on this API or the suspension from this API to our Application can make our questions to never be translated, although in the frontend there is a way of changing the language display.

The team has read all restrictions of its Free tier and made "tricks" to minimize the impact of failure such as transforming question arrays into a single string to avoid the rate limit (1000 requests/hr)

Inexperience

The little knowledge about new technologies used in the project like React, Express or Docker; can cause a failure in the implementation of it.

Research and constant learning through development can lead to better understanding of the technologies.

11.2. Business risks

Risk Description Mitigation

Response times

Having to wait for API responses can cause serious Bottlenecks on the WebApp. Users would have to wait a long time for each game they want to play.

The usage of asynchronous calls can be very beneficial for this risk to be mitigated.

Deadlines

Time constraints tied to the constant delivery of features can lead to not ending with the required project features.

Team must organize itself well to meet all requirements. Also, continuous team meetings will be carried out to keep in touch with each team member work.

11.3. Technical debts

Debt Description

Azure

The decision of using this platform is fully based on the team’s knowledge. Although, it could not be the best option/approach since other platforms such as AWS or hosting ones can have other benefits.

Game Logic

The decision of having our game logic like controlling the points, time played by player, etc; in the Frontend part may seem a good option when trying to develop a game quickly. Although, it is possible to add to a single user more points than it should be through programs like POSTMAN, so a backend game logic could tackle this issue.

12. Glossary

Contents

The most important domain and technical terms that your stakeholders use when discussing the system.

You can also see the glossary as source for translations if you work in multi-language teams.

Motivation

You should clearly define your terms, so that all stakeholders

  • have an identical understanding of these terms

  • do not use synonyms and homonyms

Form

A table with columns <Term> and <Definition>.

Potentially more columns in case you need translations.

Further Information

See Glossary in the arc42 documentation.

Term Definition

Know and Win (KAW)

The name of our project.

RTVE

Radiotelevisión Española, the Spanish public television broadcaster and one of our stakeholders.

"Saber y Ganar"

A famous Spanish TV show involving answering questions to win prizes.

WikiData

A structured database that provides data to various applications, used here for generating questions and answers.

SPARQL

The standard query language and protocol for Linked Open Data on the web or for RDF triplestores. Used to query the Wikidata service for generation of questions.

API Consumers

Refers to all users that make use of our API to either generate data or consult it.

http(s)

Main communication mechanism used to interconnect the different parts in our system.

JWT

Secure authentication mechanisms used to protect user accounts.

Kanban

A project management method used to visualize workflow.

Gatling

A load testing tool used to simulate a great amount of users accessing and using our system.


About arc42

This documentation is based on arc42 template for documentation of software and system architecture. Template Version 8.2 EN, January 2023

Created, maintained and © by Dr. Peter Hruschka, Dr. Gernot Starke and contributors. See https://arc42.org.