/Web_Shop

Primary LanguageHTML

Final Submission

Final report here: Final Report

Links

Link to the webstore: http://melon-webstore.herokuapp.com/

Link to admin site: http://melon-webstore.herokuapp.com/admin/

Link to trello: https://trello.com/b/MdkXr2R7/melon-version-1

Some accounts

  • username: developer_l
  • password: admin123

#############################

  • username: notAdmin
  • password: admin123

Project Plan

Version Date Notice
0.1 21.12.2017 First version
0.2 31.1.2018 Cart functionality

1. Team

  • Linming Pan
  • Yi Zhang
  • Xiaopu Li

2. Goal

In this project, we will build a online game store. In the game store, new user can create new account and buy games. User can also create Developer account and publish his own game in the store.

3. Plans

Our Plan is add features to our game store iteratively. We will build version 1.0 where all mandatory features are added to web site. We are not familiar to Django and we do not know how much time will be need in each feature, so we decided to do this way (in verions). We will use Trello to manage Tasks.

In section 4, we shows how features will be implemented in not very techical details. We use User Case Descriptions to show how function will work in not technical deatils. The User Case Descriptions shows what are required, what are out come and so on. It also shows the basic sequence how the function will progress.

In next version, we plan to implement

  • Save/load and resolution feature
  • Own game
  • 3rd party login

We will plan structure of new features later.

4. Features

Following are features we plan to implement in first version. Person in figure 1 indicates actor. Actor is linked to functions that it can interact with.

Feature division to Apps

  • Account
    • Login
    • Logout
    • Registration
    • Email Confirmation
  • Home
    • Home
  • Payment
    • Payment Cart
    • Payment Result
  • Game
    • Search
    • Game Detaild
    • Play Game
    • Edit Game
  • Game Data
    • Save Game
    • Load Game
    • Score
  • Collection
    • Collection
    • Inventory

schematics

Figure 1

4.1 Use Case Descriptions

User = Developer or Player

Create Account
User Case Desc Create Account
Summary New user can register.
Actor Any user
Precondition User do not have account yet.
View register view.
Basic Seq
  1. Select player or developer
  2. Type username
  3. Type email
  4. Type password
  5. Confirm password
  6. Click Register-button
  7. Redirect to Confirm Email-view
Exception 2.Username taken<br>5. Password not same<br>
Postcondition New User created
Login
User Case Desc Login
Summary User can login
Actor User
Precondition User have not logged in
View Login View
Basic Seq
  1. Type Username
  2. Type password
  3. Click login-button
  4. Redirect to Main-view
Exception 3. Username/password not correct
Postcondition User have logged in
Logout
User Case Desc Logout
Summary User can logout when Usen want
Actor User
Precondition User have logged in
View Any view
Basic Seq
  1. Click Logout-button
  2. Confirmation message shows up
  3. Click Ok-button
  4. Redirect to Main-view
  5. Show Logout Success-message
Exception 3. User Click Cancel-button
Postcondition User have logged out
Buy Game
User Case Desc Buy Game
Summary When Player finds intresting game and he want to buy it. Player uses "Simple Payments" to pay.
Actor Player
Precondition Player have logged in, Player do not have the game
View Game Details-view
Basic Seq
  1. Click Buy-button
  2. Redirect to "Simple Payments"
  3. Confirm payment
  4. Redirect back to Game Detial-view
  5. Shows Game Bought-message
Exception 3. Payment failed
Postcondition Player have the game in this collection
Search Game
User Case Desc Search Game
Summary Using this functionality User can search different games.
Actor User
Precondition
View Search Game-view
Basic Seq
  1. Type keywords
  2. Click Search-button
  3. List of mached games shows up
Exception
Postcondition List of matched games
See Collection
User Case Desc See Collection
Summary This functionality shows Player what game he have. And can choose game to play.
Actor Player
Precondition Player have logged in, Player are able to click Show Collection-button
View Any view, where show Show Collection-button exist
Basic Seq
  1. Click Show Collection-button
  2. Redirect to See Colletion-view
  3. Player see only games he owns
Exception
Postcondition Player sees games he owns.
Play Game
User Case Desc Play Game
Summary This functionality gives Player play games that he have bought. Developer can use this functionality too to test his own games.
Actor User
Precondition User have logged in, User owns the game. And he is in See Game-view or Game Details-view
View See Game-view or Game Details-view
Basic Seq
  1. Click Play Game-button
  2. Redirect to Play Game-view
  3. Game is loaded
Exception 1. Player do not own the game
Postcondition Game is loaded to browser and User can play
Save game
User Case Desc Save Game
Summary This functionality available user to save his progress in the game. Not all game have this functionality
Actor User
Precondition Player have logged in, The game is loaded
View Play Game-view
Basic Seq
  1. Click Save-button
  2. Saved-Message show up
Exception 1. The game do not have this button <br> 2. Save failed, Error-message
Postcondition Save data is stored to Users account
Load Game
User Case Desc Load Game
Summary This functionality available user to load his progress in the game. Not all game have this functionality
Actor User
Precondition Player have logged in, the game is loaded
View Play Game-view
Basic Seq
  1. Click Load-button
  2. Loaded-Message show up
Exception 1. The game do not have this button <br> 2. Load failed, Error-message
Postcondition The save is loaded and User can continue his game
Submit Score
User Case Desc Submit Score
Summary User can submit his score to Score Board where he can see his score and ranking.
Actor User
Precondition User have logged in, User have got some score in the game
View Play Game-view
Basic Seq
  1. Click Submit-button
  2. Update Score Board
  3. See new Score Board
Exception 1. The game do not have this button <br> 1. Submit failed, show error-message
Postcondition User can see his ranking in the Score Board.
Add Game
User Case Desc Add Game
Summary Developer can add games
Actor Developer
Precondition Logged in as Developer User, The Game is not added before
View Inventory view
Basic Seq
  1. Click Add New Game-button
  2. Redirect to add new game-view
  3. Type Game Name
  4. Type Game Descriptionc
  5. Type Url
  6. Add image
  7. Type Price
  8. Click Save-button
  9. Shows Success-message
Exception 4.Url used
5. add format not correct
6. Some input field empty
Postcondition New game added to game store
Notice Only Developer can access this.
See Inventory
User Case Desc See Inventory
Summary Developer can see all game he owns.
Actor Developer
Precondition Logged in as Developer User
View Any view, where show Show Inventory-button exist
Basic Seq
  1. Click Show Inventory-button
  2. Redirect to Inventory-view
  3. Developer see list of Games he owns
Exception
Postcondition Developer see Games he owns
Edit Game
User Case Desc Edit Game
Summary Developer can edit Games he owns. eg. change price.
Actor Developer
Precondition Developer have logged in and owns the game
View Inventory-view
Basic Seq
  1. Click Edit-button of the Game
  2. Redirect to Edit Game-view
  3. Edit Fields
  4. Click Save
Exception 3. Click Cancel-button
Postcondition Game data is edited
See Statistic
User Case Desc See Statistic
Summary Developer can see statistic of all of game he owns.
Actor Developer
Precondition Logged in as Developer
View
Basic Seq
  1. Click Show Statistic-button
  2. Redirect to Statistic-view
  3. See list of statistic of games
Exception
Postcondition Developer can see list of statistic of games he owns. Data he can see:
  • name of the game
  • number of game sold
  • total sale
  • date of last sold game
Confirm Email
User Case Desc Confirm Email
Summary When User creates new account, he have to confirm his email. Web site will send an email, where the User have to click a link.
Actor User
Precondition User have created new account
View Confirm Email-view
Basic Seq
  1. Website sends an email to user
  2. User clicks link in the email
  3. Link redrect User back to website main-view with message showing "email confirmed"
Exception 1. User wrote wrong email, and never recieve it
2. User clicks outdated link
2. User clicks already used link
Postcondition Email of the User is confirmed
See Score
User Case Desc See Score
Summary User can see top score of the game
Actor User
Precondition Game Details-view or Play Game-view
View Score Board -block
Basic Seq
  1. Request update Score board
  2. Update Score Board
Exception
Postcondition Score Board Updates
Template
User Case Desc Template
Summary
Actor
Precondition
View
Basic Seq
  1. A
  2. B
  3. C
Exception
Postcondition

4.2 DataBase Models

Here we show how we plan to implement models in our project. We use some base models provided by Django, eg User and Authentication.

Account User (Auth User)

We will extend Auth User model to have activation field.

Field type other comment example
activation bit if accout is activited

Payment Cart

We will extend Auth User model to have activation field.

Field type other comment example
id (pk) int 1
user ForeignKey 1
activity bit indicate if is in use 1
total_price number total price 49.300
total_qty int total quantity 12

Payment Cart Item

Field type other comment example
cart ForeignKey Cart id 12
game ForeignKey game id 23
qty ForeignKey default=1 quantity of item 1
subtotal number 9.900

Group (Auth Group)

Django model

User Group (Auth User Group)

Django model

Game Game

This model is used to save data about games.

Field type other comment example
owner ForeignKey owner of the game 3
name char 255 name of the game Snake 2
description text description of the game Snake 2, a classic game played...
url url unique url to the game www.something.fi/somthing/game
image url FileField nullable Path to image loaded by developer games/images/snake2.png
price number default=0 peicw of the game 4.900
available bit default=0 if game is available in store 1

Collection Collection

This model is for data to save games that Player Group Users have.

Field type other comment example
owner ForeignKey
game ForeignKey

Payment Transaction

This model is for saving all transactions that Player User Group have made. This is also where Developer User Group can see their statistic about sales.

Field type other comment example
buyer ForeignKey owner of the game 12
game char 255 name of the game 4
price number category of the game 9.900
date dateTime buy date 2017-12-11

Game Save

This model is to save Player User Groups game save data.

Field type other comment example
user ForeignKey
game ForeignKey
data text save data in json {data:"something"}

Game Category

This model if for categories of games. Only category name.

Field type other comment example
id int pk
name char255 unique name of category action

Game Game Category

This model is for connecting game to categories.

Field type other comment example
game ForeignKey
category ForeignKey

Account Email Confirmation

This model contains all email confirmation sent to User

Field type other comment example
user ForeignKey 12
email emailField teemu.teekkari@tkk.fi
code char255 code that is in link sent to user x93kdmfjke2ow3m4tc833mfieki29kdurmc829pfr
expire datetime date when code will expire 20-02-2018:20:20
used bit default=0 Tells if code is used 0

4.3 Structure

Account Control System

schematics

Inventory System

schematics

Collection and Play Game System

schematics

5 Views

5.1 Views

Main page view (index)

schematics

Register view

schematics

Confirm Email view

schematics

Login view

schematics

Collection view

schematics

Inventory view (Developer User Group)

schematics

Edit Game view (Developer User group)

schematics

Statistic view (Developer User Group)

schematics

Buy Game view

schematics

Search Game view

schematics

Game Details view

schematics

Play Game view

schematics

5.2 Blocks

schematics

Header
Navigation Bar
Footer
Score Board

6. Process and Time Schedule

6.1 Process

1.Project management and responsibilities

Project manager : Linming Pan. Project manager is responsible for that everything is done by due dates set by course staff. Manager is also responsible for making decisions when there is no mutual agreement about some issue.

Project Management Tool: Trello

2.Project Meetings

At least, once a week.

3.Communication plan

Communication Tools : Wechat, SLACK.

6.2 Schedule

Week 51: Plan

Week 52: Vacation

Week 1: Login, Logout, Comfirm Email, Create Account

Week 2: Navigation footer and layout

Week 3: Buy Game, Add Game, Edit Game, See inventory, Show Game details

Week 4: Play Game, Save game, Submit Score

Week 5: Testing

Week 6: Testing

Week 7: Planning and Implementing of Version 2

Week 8: Test Version 2

7. Testing

We use User Case Description to test each functionality. We have provided exceprions and post conditions in Use Case Description.

8. Risk Analysis

We have to analyse risks that may occur to our website, especially since we are building a web store. Here are our plan to deal with common vulnerabilities. Fortunately Django have protection against most of attacks.

User Input

The most common way to attack website is throught user input. The user input should never be trusted. We have to validate all user input fields.

Cross-site Scripting

Preventing XSS attack, basic defense is input validation. Which we plan do to all input fields. Django templates also protects against the majority of XSS attacks

Session hacking

For session hacking, Django do not have full protection. Django have different session types: database-backed session, cached session, file-based session and cookie-based session. We plan to use database-backed session first, since it is safest for Django beginner. At the starting of the game store, there will not be much user. So we can assume there will not be performance problems in django sessions. The second plan is using cookie-based session. This have better performance only in very large scale.

Cross Site Request Forgery

Django have protection against CSRF.

SQL Injection

We plan to do input validation. So this is protected. Django ORM also protects this, so we have double protection.

Clickjacking Protection

Django also have this protection

Security in Django

Security in Django