1. Introduction and Goals
RTVE wants to offer a web application based on the famous Spanish TV show "Saber y Ganar" to its users in commemoration of the 28th anniversary of the show. This show consists on answering a number of questions with different types and subjects obtaining a prize for each question well answered.
The expected goal is to offer a well-designed game that maintains all the quality standards that the company offers like maintainability, security, etc…; while trying to fulfill the user’s needs to provide a positive UX.
1.1. Requirements Overview
The web application must meet the following requirements:
| Requirement | Description |
|---|---|
User Registration and Login |
Users must be able to register into game or login into the game. |
WikiData |
The questions and answer options (a correct one and three distractors) must be generated using the WikiData API. |
Timer |
All the questions must have a time to answer. |
APIs |
The game must expose two APIs that retrieves information about 1. Users and 2. Questions generated. |
User History |
Maintain a record of users' participation in the game, including the number of games played, questions passed and failed, and times played. |
1.2. Quality Goals
The top three (max five) quality goals for the architecture whose fulfillment is of highest importance to the major stakeholders. We really mean quality goals for the architecture. Don’t confuse them with project goals. They are not necessarily identical.
Consider this overview of potential topics (based upon the ISO 25010 standard):
You should know the quality goals of your most important stakeholders, since they will influence fundamental architectural decisions. Make sure to be very concrete about these qualities, avoid buzzwords. If you as an architect do not know how the quality of your work will be judged…
A table with quality goals and concrete scenarios, ordered by priorities
| Priority | Quality Goal | Description | Considerations |
|---|---|---|---|
1 |
Usability |
As with any application, response time, learning curve, and navigability of the application should meet standards and expected minimums. The system should be easy to use and not require specific or complex knowledge. |
Consider incorporating user feedback and usability testing to refine the user interface. |
2 |
Accessibility |
Any user must be able to enjoy playing with our application despite any disability they could have. |
HTML standards must be followed to try to minimize the lack of Accessibility of our Application. Another important feature is the contrast of our web. All of these can be tested with Accessibility tools available on Internet. |
3 |
Performance |
The software should have acceptable response time to provide a smooth user experience. |
Basic optimization techniques can improve performance. |
4 |
Security |
The application should stick to industry best practices for security to protect against unauthorized access, data breaches, and other threats. |
Regular security audits and implementing basic security controls are essential. |
5 |
Availability |
Minimizing downtime and making interruptions imperceptible to users is desirable, however, it is difficult to achieve and not a strict requirement. For a game application, continuous availability is not crucial. |
Implementing redundancy and failover mechanisms can enhance availability. |
1.3. Stakeholders
| Role/Name | Contact | Expectations |
|---|---|---|
RTVE |
A web application that emulates the functionality of the famous Spanish TV show "Saber y Ganar". |
|
HappySw |
An application that meets all the requirements asked by RTVE maintaining the quality that offers the company. |
|
Professors |
|
A well-designed web application that fulfills the functional requirements for the game to work, as well as, the quality requirements. |
Users |
A quiz game to test their knowledge on different fields. The game must be easy to use and must record all of their past games. |
|
Development team |
|
A good documented and clean code that fulfills the expected requirements. Also, a well implemented System that makes it easier for maintenance and extension. |
2. Architecture Constraints
The development of the application has several architectural constraints that must be addressed.
2.1. Technical constraints
| Constraint | Explanation |
|---|---|
Web front-end |
The application must be accessible through a web interface to interact with the game. |
Data storage |
The application must be able to store historical data from users (number of games, questions, etc.) and allow them to register. |
Wikidata |
Wikidata will be used to generate the questions, so the application must implement mechanisms to fetch information from it. |
Deployment |
The application will be deployable on a Linux server. |
2.2. Organizational constraints
| Constraint | Explanation |
|---|---|
Team members |
The team is composed of 7 members from the same lab group. |
Time |
The application is developed in a limited time (the semester). |
Meetings |
At least one meeting per week will have place in order to discuss what needs to be done next. |
Git |
The development team must use git for version control management. |
2.3. Conventions
| Constraint | Explanation |
|---|---|
Language |
All the project must be developed in English. |
ARC42 |
The documentation of the project must use the ARC42 template. |
GitHub conventions |
Changes in the project must be carried out by using different branches. Issues are used as official communication means. |
OpenAPI |
The APIs documentation will follow OpenAPI specification to have an standardized way of documenting and make it easier for the users consulting it. |
JSend |
All services must follow the JSend specification for each JSON response. |
3. System Scope and Context
3.1. Introduction
The KaW project aims to develop a new experimental version of the "Saber y Ganar" quiz show for RTVE that involves creating a web application where users can register, log in, and participate in quiz games. Questions for the quiz will be automatically generated from data available in Wikidata.
3.2. Business Context
Communication partner |
Inputs |
Outputs |
User |
Interacts with WebApp by putting user credentials and answering to questions. |
Receives question status (correct/incorrect) and history information about past games. |
WebApp |
User interaction by means of a graphical interface. This includes accepting the answers of questions. |
Provides user information and question data including text, options and the correct answer. |
Question Service |
Accepts queries for generating questions based on size, type and language. |
Generates the question data (text, options, images and correct answer). |
Wikidata |
Receives queries from the Question Service in order to generate the data of the question. |
Responds to the queries with all the data of the generated question. |
3.3. Technical Context
Component |
Description |
WebApp |
Accessible via the internet, allowing users to interact with the KaW application. |
Services |
Provide access to user information and generated questions, enabling integration with external systems. Also, provides an API interface for consulting certain information. |
Database |
Stores and retrieves user data, including registration information and participation history. Also, questions can be stored for caching purposes. |
Wikidata |
Accepts SPARQL queries and returns the requested data about questions. |
4. Solution Strategy
4.1. Technologies
-
React : React will simplify the task build reusable and modular UI elements for our application thanks to its component-based structure. It also allows us to use JSX, which is a syntax extension for JavaScript that allows us to write HTML elements inside our JavaScript code. This will make our code more readable and easier to debug.
-
Express : Web application framework for Node.js which will simplify development on the server side. There is also available a wide range of third-party middlewares that we could include on our application.
-
TypeScript : Since we will be using JavaScript and are more familiar with statically typed languages we will use TypeScript for the services of our application. This will also reduce the likelihood of some unexpected errors at runtime.
-
MongoDB : We chose MongoDB since we consider we could take advantage of it’s flexible schema. Its native support for JSON and its simple query language also influenced our decision. We also consider this a valuable opportunity to learn and work with a document database.
-
Docker: To deploy our project, Docker was chosen due to its handy portability and its perfect integration with microservices applications.
4.2. Decomposition of the System
4.2.1. Architectural patterns
-
Microservices: As the main architecture for the whole project. The system is divided into several modules representing a functional requirement like question generation. Each of these modules will be independent from each other and have its own database.
-
RESTful APIs: The main architecture for our Services to function as an API. Clients can communicate through over HTTPS using standard methods, such as GET to consult information like history data or generate questions using Wikidata. All these services are "masked" through a middleware so clients do not have to access different endpoints.
-
Gateway A middleware that acts as an API-frontend for clients to access various services within our system. This component can be also seen as a "Controller" since it receives petitions from outside, calls the corresponding service that answers that petition and returns its value.
4.3. Decisions to Achieve Quality Goals
| Quality goal | Scenario | Approach |
|---|---|---|
Security |
Ensuring secure methods of authentication, such as login credentials (username and password), to protect user accounts from unauthorized access. |
Implementation of secure authentication mechanisms with mechanisms such as JWT, encryption for data in transit using HTTPS, and security enforcement automation with tools such as SonarCloud. |
Performance |
Web-app should work smoothly and respond quickly. |
Implementing caching mechanisms for Question generation. |
Usability |
The application aims for user-friendly accessibility with an intuitive design. |
Different web tools can be used to test accessibility and responsive design such as Google LightHouse, Contrast Checker or Wave. |
4.4. Organization and management
The team will follow an agile methodology to focus on continuous delivering of products with value to the stakeholders as well as improving the quality of the whole project in each delivery.
Each week the team will have a meeting to discuss the work performed through the week, the tasks not done and all the decisions taken for next weeks, which will be recorded on the Wiki of the GitHub repository. All the work performed and its progress is going to be tracked by means of the Kanban and the issues. Any unforeseen issue that may arise during development will be discussed in the issue itself or via our WhatsApp group if of low relevance or importance.
In the end, agile methodologies promotes the continuous collaboration of the team to ship quality products that stakeholders can really make value of, which is one of the objectives from the team.
5. Building Block View
The building block view shows the static decomposition of the system into building blocks (modules, components, subsystems, classes, interfaces, packages, libraries, frameworks, layers, partitions, tiers, functions, macros, operations, data structures, …) as well as their dependencies (relationships, associations, …)
This view is mandatory for every architecture documentation. In analogy to a house this is the floor plan.
Maintain an overview of your source code by making its structure understandable through abstraction.
This allows you to communicate with your stakeholder on an abstract level without disclosing implementation details.
The building block view is a hierarchical collection of black boxes and white boxes (see figure below) and their descriptions.
Level 1 is the white box description of the overall system together with black box descriptions of all contained building blocks.
Level 2 zooms into some building blocks of level 1. Thus it contains the white box description of selected building blocks of level 1, together with black box descriptions of their internal building blocks.
Level 3 zooms into selected building blocks of level 2, and so on.
See Building Block View in the arc42 documentation.
5.1. Scope and Context
- Motivation
-
The diagram above shows the high-level abstraction of the functionality of the system. As it can be seen, there are two main components: Users and Application; and one External service: Wikidata. The general workflow consists on a series of interactions done by the users through the different components exposed by the Application. During the game, the application will require the help of the external service to generate the different questions and answers that the user will have to choose. Also, users can communicate with our API to retrieve or generate information to be used in other applications.
- Contained Building Blocks
| Building block | Description |
|---|---|
KaW Application |
The core block that manages the game itself, the visuals of it and the API interface. |
WikiData |
API that offers the Application an easy-to-use interface to perform queries for the question and answer generation. |
5.2. Level 1
- Motivation
-
In this level of decomposition, we illustrate the primary services of our system. The Frontend service serves as the entry point for user interactions with the KaW game, directing them to the Gateway. The Gateway then routes these interactions to the appropriate microservices for processing. The users can also make direct requests to the Gateway to communicate with our API instead that playing the game. This diagram emphasizes the flow of interactions through the system’s components.
- Contained Building Blocks
Building block |
Description |
Frontend |
Service responsible for collecting user interactions and routing them to the Gateway. |
Gateway |
Middleware component that routes user interactions or API requests to the appropriate microservices. |
Microservices |
Collection of smaller services responsible for handling various functionalities of the application. |
5.3. Level 2
- Motivation
-
This diagram shows a more detailed view of the functionality of the system, showing the gateway and the different microservices. The user interacts with the WebApp, which sends requests to the Gateway. The Gateway then communicates with the different microservices to perform various operations. The QuestionService also interacts with the Wikidata API to generate questions and answers. The results are then sent back to the user through the same path. This architecture allows for a separation of concerns, where each component has a specific role and responsibility.
If users decide to use the API, they must always connect through our Gateway and never directly to the services itself. Having this in mind, users can make requests to generate questions (the same way as we use for our game) for its own purposes and also, consult a series of historical records of the game itself such as games played, questions failed, etc.
- Contained Building Blocks
| Building block | Description |
|---|---|
WebApp |
Component that Users interact with. It represents all the visuals and interactivity of the Web Application. |
Gateway |
MiddleWare that connects the WebApplication with the different MicroServices of the Application and serves as an API entrance point. |
AuthService |
It manages all the actions referred to the authentication of a user into the system. Also, the different registration of them. |
UserService |
It manages all the actions referred to the users such as retrieval of game history. |
QuestionService |
Handles the Question and Answers generation. This action is complemented with the use of Wikidata API. |
6. Runtime View
6.1. Login scenario
When the user wants to login into the application (KaW), the user navigates to the login page. The WebApp will show a form that allows the user to enter their details (username and password), which are then sent to the User Service by means of the Gateway in order to be verified.
Then, the User Service asks the Database for the password given the username. The Database will return an encrypted password. The User Service will encrypt the password provided by the user and then compare it with the one from the database. If the passwords do not match, an error message showing "Invalid credentials" will appear to the user, and if they are correct, a valid JSON response is created together with the creation of a session token that allows the user to stay authenticated for a period of time. Finally the user will be able to access the application.
This case scenario is also represented on the following diagram (split in two for better readability):
6.2. Question Generation
When a user starts a game through the WebApp, it triggers a request for generating questions to the Gateway. The Gateway works with the QS (Question Service) to generate questions. To improve performance a simple cache system is implemented.
First, half of questions to generate are actually generated using Wikidata Service: QS requests a question template from the Database, which is then filled with relevant data from the WQS (Wikidata Query Service). After filling the template, QS uses the previous data, obtained from WQS, to also generate answers and distractors. If WQS gets timed out (e.g. waiting more than 5 sec to retrieve the data to fill template), it is chosen an already generated question from cache to always try to return the exact number of questions requested.
Second, the other half are simply retrieved from previously wikidata generated questions which are stored in DB. Then, both array of questions are combined to return the n questions requested.
Optionally, if questions are required in a certain language. The QS queries a translation Service (TS) to perform the translation. For that, the whole array of questions is transformed into a suitable string format to avoid constraints by TS (e.g. translating question by question and answer by answer). Then, TS is used and translates the string. Once this is done, QS is in charge of reformatting the translated string into questions array.
Finally, QS sends them back to the Gateway, so again the response can then be redirected towards the WebApp. Finally, the WebApp displays the questions of the game.
This case scenario is also represented with the following diagrams (split for better understanding).
Overview of Question Generation workflow:
The Question Generation phase consists of:
The caching retrieval phase:
If a language has been selected, the translation phase will be as follows:
6.3. User statistics recording scenario
When a user answers the final question, the WebApp determines if the answer was correct or not. Then, all the data collected from the current game (the WebApp is collecting infromation while playing) is sent to the Gateway and then forwarded to the User Service, which is in charge of updating the Database with the updated user history.
This case scenario is also represented on the following diagram:
7. Deployment View
Our project is configured using GitHub actions so that every release triggers unit and end-to-end tests, as well as an attempt to deploy the application to a server. This setup enables our team to achieve continuous deployment and delivery (CD) together with continuous integration (CI).
Just for record, a guide followed by the team to deploy our application can be found here.
7.1. Infrastructure Level 1
- Motivation
-
-
The diagram above illustrates the initial version of our architecture and the delineation among its components. Our approach adopts a straightforward client-server architecture, where the server interacts with Wikidata to retrieve questions. This division enforces a clear separation between the client/frontend and the server/backend. Such separation benefits the entire system by ensuring that as long as the common API is implemented, the specific implementations can remain interchangeable.
-
Utilizing an Ubuntu server on Azure provides us with an isolated environment equipped with the essential configurations and installations necessary for running our services. By hosting our server on Azure, we can minimize costs associated with machine uptime while alleviating responsibilities such as security, availability, and maintenance.
-
We use Docker as it is a containerization platform that allows us to package our application and its dependencies into a standardized unit for software development. This approach ensures that our application will run consistently on any environment, regardless of the machine’s configuration. We’ve opted for a microservices architecture using Docker containers instead of a monolithic setup. Docker allows us to isolate each service, tailoring resources efficiently and preventing conflicts between services. Services operate independently within their containers, promoting scalability and resilience. Each service has its Docker image, enabling flexibility in development and deployment. Currently, our project includes various services, such as web application, gateway, user authentication, and MongoDB server. This Docker-based approach streamlines deployment, management, and resource utilization while enhancing the overall flexibility and scalability of our system.
-
- Quality and/or Performance Features
-
As mentioned earlier, the primary advantage of this architecture lies in the interchangeability of its components.
- Mapping of Building Blocks to Infrastructure
-
The Web App, gateway, and services are all contained within Docker containers, which are hosted on a server. The server is responsible for hosting the Docker containers and communicating with Wikidata to retrieve questions. The gateway is responsible for interfacing with the web app and the services, while the services are responsible for managing the user’s data and generating questions.
| Blocks | Description |
|---|---|
Web App |
User interface to interact with the rest of the application. |
Gateway |
Interface that communicates the web app with the different services. |
Auth Service |
Service for the authentication of the users. |
User Service |
Service in charge of managing the users and its history. Some functions can be found for our API consumers. |
Users Database |
Database to save the user’s data as well as the history of the games. |
QuestionService |
Service that generates questions with WikiData. The same function can be found for our API consumers. |
Question Database |
Database to save the templates and queries for WikiData. |
WikiData |
The API used to get information from WikiData. |
8. Cross-cutting Concepts
This section describes overall, principal regulations and solution ideas that are relevant in multiple parts (= cross-cutting) of your system. Such concepts are often related to multiple building blocks. They can include many different topics, such as
-
models, especially domain models
-
architecture or design patterns
-
rules for using specific technology
-
principal, often technical decisions of an overarching (= cross-cutting) nature
-
implementation rules
Concepts form the basis for conceptual integrity (consistency, homogeneity) of the architecture. Thus, they are an important contribution to achieve inner qualities of your system.
Some of these concepts cannot be assigned to individual building blocks, e.g. security or safety.
The form can be varied:
-
concept papers with any kind of structure
-
cross-cutting model excerpts or scenarios using notations of the architecture views
-
sample implementations, especially for technical concepts
-
reference to typical usage of standard frameworks (e.g. using Hibernate for object/relational mapping)
A potential (but not mandatory) structure for this section could be:
-
Domain concepts
-
User Experience concepts (UX)
-
Safety and security concepts
-
Architecture and design patterns
-
"Under-the-hood"
-
development concepts
-
operational concepts
Note: it might be difficult to assign individual concepts to one specific topic on this list.
See Concepts in the arc42 documentation.
8.1. User Experience (UX)
8.1.1. Internationalization
One of the things to increase accessibility is giving our application the capability of being in various languages so people around the world can play our game. Obviously, internationalization is more than just changing the language of the Application but due to time constraints we will just offer Spanish, English, Ukrainian and French languages ( although, our API can generate questions in other languages different from described, to see the whole list, refer to our API documentation ).
The library used for language translation in our KaW game is called react-i18next. For simplicity (and due to just only having three languages), all of the translations of messages are stored locally in properties files. Eventually, if the Application grows and we wanted to have more than 4 languages the best approach is to store those properties in a server and let the application to request those on the fly. Again, for simplicity the option of having all bundle together in the Frontend just fits.
The translation of questions is a bit different from the frontend part since it is done "on the fly" by using the Microsoft translation API . This change has been done since the questions are not fully known until they are generated so storing the translation locally does not provide any benefit. Also, one advantage of it, is its simplicity and ease to use. To meet the restrictions impose by the Free version of this API a series of formatting rules are carried out into the question generation phase to minimize the usage of it and avoid getting suspended.
8.2. Security
8.2.1. Bcrypt
Keeping a secure website for our users is one of our main quality goals. For that, all the passwords stored in MongoDB are simply hashes so attackers cannot decipher them easily. The library used in the AuthService and UserService to store or compare passwords is called bcrypt. This library provides with an easy way to hash passwords and keep user’s data secured.
Also, all users are enforced to have a password with at least 8 characters. This security measure makes a lot of sense if we want to really ensure the security of our users. Although sometimes it could be a bit cumbersome for some, the introduction of this measure make security to grow exponentially.
8.2.2. Authentication
To keep our users' data secure an authentication mechanism has been developed with the use of JSON Web Tokens (JWT). If someone tries to access historical game records for certain users, our KaW application enforces to pass a valid token through the header of the message request.
In this way, only authenticated users are able to consult the different data that our application enforces.
8.2.3. Other security aspects
As stated in the quality goals, the security plays a crucial role in our application to prevent any attacks from external users or any potential backdoors that we could have in our code.
For that, a Static Application Security Testing (known also as SAST) tool is included into our project. This tool scans the source code of our application for security weaknesses, potential vulnerabilities, and coding patterns that could lead to security breaches. One famous service that implements a SAST is SonarCloud, so the team has decided to use this tool in our CI and CD environment so each time a change is uploaded, the security scanner checks for any issue.
8.3. Development concepts
8.3.1. Test
Testing is one important feature when development comes to the table. To keep a good CI and CD environment a series of tests are enforced before submitting any new change into our main pipeline project. GithubActions help us to achieve this goal where different workflows have been built to ensure a project with the highest quality standards.
There are many different types of tests and the team has decided to enforce the following ones:
-
Unitary Testing (included on CI/CD):
Each new code is tested independently to ensure its correct functionality and not breaking the main project. The testing framework used both for Backend and Frontend is Jest due to its simplicity and its great bound with Javascript files.
Also, the usage of SonarCloud gives us more than security checking, it also enforces each member of the team to have a good coverage on our code to meet the quality standards we are required.
-
End-to-End Testing (included on CI/CD):
Apart from testing functionality, all our code must also meet the required domain functionality such as registration, login, etc. For that, Jest is used in combination with puppeteer which provides a High-level API to control browsers and simulate our different User Stories (domain functionality) that the project requires.
The following functional requirements have been tested:
-
LOGIN-1: Registered user logs in successfully
-
LOGIN-2: Registered user logs in with incorrect password
-
PROFILEMGT-1: User updates profile information (profile picture and bio)
-
REGISTER-1: The user is not registered in the site
-
REGISTER-2: The user is already registered in the site
-
GAME-1: The user wants to go to the game menu
-
GAME-2: The user wants to start an easy game
-
GAME-3: The user wants to start a medium game
-
GAME-4: The user wants to start a hard game
The combination of both Unitary and End-to-End tests gives our Application with enough robustness to meet the expectations of delivering high quality code.
-
Load Testing:
Although our application may not have a huge load of users, one of the quality goals is the performance of the application. With load testing, the team will be able to identify certain aspects or cases in which code takes too long to execute things. For example, having a lot of users playing the game and making a lot of requests to generate questions.
For that, Gatling was chosen as our main load testing framework. Although, it is not written in Javascript which could facilitate the configuration, Gatling offers a light and simple framework to build these kind of tests. Also,the files generated by it are Java files which eases the tasks due to the vast knowledge of the team on this programming language.
To see a real workload and how our application behaves to it, it has been carried two different tests per each case scenario. The first one could be consider a "considerable" amount of users where 20 users arrive to the application per second during 60 seconds. The second one is a type of load testing called Stress testing where the Application is put at its maximum capacity so it breaks. The following results are provided below:
-
LOGIN:
-
REGISTER:
-
PROFILECHANGES:
-
HARDGAME:
As it can be seen, the Application runs smoothly with 1200 concurrent users and it is more than enough to meet the quality requirements and taking in mind where the Application is hosted. On the other hand, it is currently impossible to achieve availiability and performance if 3000 users use our Application.
If more information is needed on how to run those tests, please go here.
-
Usability testing
Finally, another crucial part to be tested in our application are usability ones. With these test, the team tries to deliver high quality functionality to the users by simply testing with them and examine its behaviour.
The team will select different people to try our application to get Information on how to improve it, at the end, this application is for them!
-
Home page: As stated by many users, they were a little bit lost when logging in directly into the application since they have to "guess" where the play button was (it was in navbar). For that, the team decided to include a direct play button that takes the user to the Game Page. Also, after checking with contrast tools, the name displayed on the Home Page was not readable enough, so it was also changed.
-
Game modes: Another thing the team noticed is the difficulty of users to select one game mode from our Game since they did not what did it mean "Easy", "Medium", … So the team decided to put a descriptive text in each of the game modes so the user can truly understand what challengue is facing.
-
Password fields Some users have been very frustated when registering/logging into our Application since there was no "See password" button to correct their mistakes when typing. Since this is a simple yet powerful change to improve the User Experience, the team has decided to also support that capability.
Usability testing does not ends here since it is needed a real one with lots of users of different ages and also, taking into account its timing on completing certain tasks. Although, taking already care of these details makes really the difference.
-
Accesibility, color checker and more
Google’s automated tool LightHouse is used to perform several of "cross-cutting" tests to improve the performance and correctness of our web Application.
It has been tested each page of our Application against this tool to see any flaw into our application, and, as it can be seen, our game has a very good mark on each one: GamePage, HomePage, LeaderboardPage, LoginPage, ProfilePage, RegisterPage.
8.3.2. Code generation
JSend
To have an standardized way of responses for the different Microservices that our application have, the JSend specification has been chosen. This specification allows the team to have uniform JSON responses so other parts of the system such as Frontend, always know what to expect from these services.
8.4. Architecture and design patterns
8.4.1. MicroServices
The reason behind, is that with Microservices architecture we can forget about dealing with a single complex application. Instead, we make a "Divide and Conquer" approach by identifying those modules that made up our system and making it independently deployable services, each serving a specific business function.
8.4.2. Gateway and REST
This architectural pattern makes it easier for the Frontend subsystem to communicate with the different MicroServices that composes our Application since it has to focus on a single entry point instead of knowing which service to consult. It also help us to tackle the requirement of APIs by using this pattern since it acts like a REST API where other users (not our Application) can make petitions to it to retrieve some data using a uniform interface.
8.5. "Under-the-hood" concepts
8.5.1. Persistence
As stated in point 4.1, the chosen database for the project is MongoDB which offers us a document-oriented schema. This type of database fits perfectly with our services since the mainly work with JSON-formatted data.
ER model - QuestionDatabase
Document |
Description |
QUESTION_TEMPLATE |
Holds the template needed to query the WikiData API for the Question generation. It has a relation with ONE QUESTION_TYPE document. |
QUESTION_TYPE |
Represents a category for a question (e.g. Capitals) together with its SPARQL query. Also, several entities are provided so prior to send SPARQL query into Wikidata Service, it can be selected one entity to change the whole query (e.g. Capitals of Europe or Capitals of Asia) |
QUESTION |
Holds document of already generated questions. This schema is used for performance enhancements (for a simple yet powerful cache) |
ER model - UserDatabase
Document |
Description |
USER |
Holds all the data related to a user registered into our game. It has a relation with ONE USER_HISTORY and ONE USER_PROFILE document |
USER_HISTORY |
Holds all the records/statistics of a single user through all played games. |
USER_PROFILE |
Holds specific customization of the profile of a user. |
Connection to MongoDB
To make it easier the connection from Services (using ExpressJS) to MongoDB, the usage of Mongoose has been chosen. This is a JS library that help us to create these connections.
8.5.2. Session handling
To handle the different sessions of our different users, JWT are also used for this purpose. For each logged in user, a token will be generated for authenticating them as stated previously, and also, for maintaining a session and hold the necessary information without having to reenter the users' credentials. In this way, the user will have to keep on its browser this token to maintain alive the session.
8.6. Operation concepts
8.6.1. Monitoring with Grafana & Prometheus
To provide with quality to the Application, a monitoring system has been applied using Grafana and Prometheus,to always keep track of how the application is performing. The work is simple, it has been added Prometheus to "scrap" information from the Gateway Service like all the petitions it is asked to it.
This information is available at kawgame.xyz:8000/metrics and the Prometheus application, that manages it, at kawgame.xyz:9091. Although, this is retrieval is good, for the "humans" is not so comfortable to the "eye". For that, Grafana has been set up.
This application help us to see in a graphical way all the load that our Application is having and how it responds to it. As this is "developers" information, a login has been set up to prevent other people from knowing this information.
In that way, we would have the following:
8.6.2. Persisting the Persistence
As requested by our shareholders, the application needed to keep all data from previous deployments. For that, the team has decided to have a simple yet powerful solution with the usage of Volumes of Docker.
With this approach, each container from the Infrastructure shown before has its own data stored in those Volumes and it is also independent from it, so any new release will use the previous data and "persist the persistence".
9. Architecture Decisions
9.1. Using microservices and gateway
One possible alternative to microservices could be monolithic architecture for simplicity but potential scalability and maintenance challenges. We didn’t choose this approach because we think that the code would become unmaintainable quite fast. Also, the alternative to the gateway would be to have direct connections between the client and the services.
We have chosen the microservice architecture mainly for it’s better maintainability since the different microservices are isolated. They also have more flexibility and scalability. The gateway allows us to handle errors more easily and it also allows clients to use the API as a whole.
9.2. Creating a RESTful API
An alternative could be SOAP (Simple Object Access Protocol), which offers features like built-in security and reliability but tends to be more heavyweight and less scalable compared to REST.
Our main reason for choosing REST is for simplicity, since they are easier to develop. Using RESTful principles promotes a uniform interface, making it easier to understand and consume the API.
9.3. Using NoSQL
An alternative could be traditional SQL databases like MySQL or PostgreSQL, which offer strong ACID compliance and are well-suited for structured data with complex relationships. We didn’t choose SQL because we are not dealing with complex relationships between entities.
We chose MongoDB mainly for it’s great flexibility, since it allows handling unstructured data. That also makes it simpler to use.
9.4. User authentication
Authentication with Google was initially considered to leverage its OAuth 2.0 authentication mechanism for user authentication and authorization, this would improve security. However, it was ultimately not implemented due to several requirements imposed by Google in order to apply and be able to use it.
In the end we are using just a token system for it’s simplicity and because we couldn’t include OAuth 2.0.
Some of these decisions are also documented in our Wiki
10. Quality Requirements
10.1. Quality Tree
10.2. Quality Scenarios
10.2.1. Usage Scenarios
| Quality requirement | Scenario | Priority |
|---|---|---|
Usability |
When new users access the application the design should be intuitive enough, allowing them to navigate through the system and play the game easily. The application should meet usability standards. |
High |
Adaptability |
If a user accesses the application from a different device than a PC, the application should be able to adapt to the different screen size, providing a satisfactory user experience. |
High |
Performance |
When a user interacts with the system it should react within one second to ensure a smooth and responsive user experience. |
High |
Accessibility |
In case a user with a visual impairment interacts with the web application, it should follow HTML standards to ensure accessibility. All interactive elements must be navigable using screen readers, text alternatives should be provided for non-text content. Additionally, the application’s color contrast should be enough for people with color blindness. |
High |
Privacy |
If a user provides personal information during the registration, the application should securely handle and store user-provided personal information. Encryption should be applied for data storage. |
Medium |
Security |
If a malicious user attempts unauthorized access to the application, the application should implement robust authentication mechanisms, including secure password storage to prevent unauthorized access. |
Medium |
Availability |
Users should be able to access the application at any time, with an availability of about 95%. |
Medium |
10.2.2. Change Scenarios
| Quality requirement | Scenario | Priority |
|---|---|---|
Maintainability |
When new functionalities need to be added to the application, they should be easy to integrate. The application should have a good architecture and design that makes the code more modular, allowing easier maintenance. The documentation should also be clear for potential new team members. |
High |
Usability |
New usability improvements should be implemented based on user feedback and usability testing. |
High |
Security |
Different components of the application should be updated frequently to protect against evolving threats and vulnerabilities. |
High |
Testability |
When new features are added to the application, new tests should be performed and they should be easy to add. The application must be designed to facilitate testing across new scenarios. |
High |
11. Risks and Technical Debts
Identifying potential risks helps mitigate the challenges that the project could have. That’s why this analysis is crucial for the project’s success. Other benefits of this recognition are the enhancement of project efficiency, reduce rework, and ensure a good software product for our stakeholders and users.
11.1. Technical risks
| Risk | Description | Mitigation |
|---|---|---|
WikiData Service |
Relying on this external API can cause the QuestionService to stop working and produce our WebApp to not even be playable. |
Introduce a sort of Cache for questions. When questions are generated from this API, try to store them for later usage or even to improve performance. |
Microsoft Translation Service |
Same issue as Wikidata, the failure on this API or the suspension from this API to our Application can make our questions to never be translated, although in the frontend there is a way of changing the language display. |
The team has read all restrictions of its Free tier and made "tricks" to minimize the impact of failure such as transforming question arrays into a single string to avoid the rate limit (1000 requests/hr) |
Inexperience |
The little knowledge about new technologies used in the project like React, Express or Docker; can cause a failure in the implementation of it. |
Research and constant learning through development can lead to better understanding of the technologies. |
11.2. Business risks
| Risk | Description | Mitigation |
|---|---|---|
Response times |
Having to wait for API responses can cause serious Bottlenecks on the WebApp. Users would have to wait a long time for each game they want to play. |
The usage of asynchronous calls can be very beneficial for this risk to be mitigated. |
Deadlines |
Time constraints tied to the constant delivery of features can lead to not ending with the required project features. |
Team must organize itself well to meet all requirements. Also, continuous team meetings will be carried out to keep in touch with each team member work. |
11.3. Technical debts
| Debt | Description |
|---|---|
Azure |
The decision of using this platform is fully based on the team’s knowledge. Although, it could not be the best option/approach since other platforms such as AWS or hosting ones can have other benefits. |
Game Logic |
The decision of having our game logic like controlling the points, time played by player, etc; in the Frontend part may seem a good option when trying to develop a game quickly. Although, it is possible to add to a single user more points than it should be through programs like POSTMAN, so a backend game logic could tackle this issue. |
12. Glossary
| Term | Definition |
|---|---|
Know and Win (KAW) |
The name of our project. |
RTVE |
Radiotelevisión Española, the Spanish public television broadcaster and one of our stakeholders. |
"Saber y Ganar" |
A famous Spanish TV show involving answering questions to win prizes. |
WikiData |
A structured database that provides data to various applications, used here for generating questions and answers. |
SPARQL |
The standard query language and protocol for Linked Open Data on the web or for RDF triplestores. Used to query the Wikidata service for generation of questions. |
API Consumers |
Refers to all users that make use of our API to either generate data or consult it. |
http(s) |
Main communication mechanism used to interconnect the different parts in our system. |
JWT |
Secure authentication mechanisms used to protect user accounts. |
Kanban |
A project management method used to visualize workflow. |
Gatling |
A load testing tool used to simulate a great amount of users accessing and using our system. |
About arc42
This documentation is based on arc42 template for documentation of software and system architecture. Template Version 8.2 EN, January 2023
Created, maintained and © by Dr. Peter Hruschka, Dr. Gernot Starke and contributors. See https://arc42.org.