I am currently working on the frontend of one of our company's products, built in AngularJS.
Up until now the software was written specifically for one client, but now we have to make changes to accommodate change requests for a different client.
To do so we need to split the core functionality of the product and the changes each client needs. In other words we need to split the software into a main product and then each client has their own sub-project.
The main product will cover 95%+ of the functionality each client requires. The per client (project) changes will be fairly small overall.
Example:
The product has 5 different components.
Client 1 needs a component added (in addition to the 5 mentioned) and the new component needs to be reflected in the menu.
Client 2 needs the software to support RTL and also needs to make changes to one of the existing components.
How can I split up the existing codebase to, in essence create slightly different versions of the software for each client?
The catch is that the code for all clients has to be stored in the same GIT repository. The deployment process however can be on a per client basis.
Any suggestions on what I can do to make the split as painless and as maintainable as possible?
You can modularise these components and make them load via a setting file, therefore each client can have separate variations of functionality enabled.
Are these frontend clients going to talk with your company's core API or are you going to deploy those separately too? I mean if there's a core API you can authenticate requests on client basis and restrict/enable functionality easily. You could store these configurations on the database level in this case.
Related
In a nutshell, my project consists of:
A secure RESTful API web service (hosted on Heroku), handling requests/responses for a database. It accepts & returns JSON data
A Unity desktop application, which doubles as a Twitch API chat bot, and communicates with the webservice to update the state of the game, as well as the state of the database.
IMPORTANT: This game is meant to be run by Twitch streamers, and played by users in Twitch chat
So my question is... Even though my web service is secure, what can I do to ensure that someone won't simply reverse engineer my Unity application to figure out how to properly communicate with my web server?
Encrypted HTTP traffic stops packet sniffing, but is a moot service if you can still use the same methods the application uses to interact with the data. Perhaps I'm being too paranoid, but there are plenty of tools out there that specifically target Unity & C# projects, so it really wouldn't take much effort.
One idea I had was to use the Twitch API to check if the user is actively streaming the game, and only allow them to start the game if the web service can't find a duplicate IP address in the database with an "isStreaming" flag set. This works in theory... but in practice, anyone can set up a fake Twitch account and a fake or "blank" stream on their machine, and then run some reverse-engineered code from the game.
Is there anything else I could do to minimize a hacker's ability to interact with my database?
The Simple Answer
Unity-compatible Code Obfuscation
Thanks to Unity's plugin system, there are actually some decent options for this. Some are paid options that exist in the Asset Store, as well as some 3rd party paid/free options that are simply unrelated to Unity (but could still work). Some of the free options, such as ConfuserEx, are also open source, allowing you to make custom code changes to how your work can be obfuscated.
The More Complex Answer
I made a simple C# Class Library and filled it with some pointless functionality (for testing)
I compiled a release build of the library
I obfuscated it through ConfuserEx using Aggressive settings (Maximum settings had Unity spitting out Invalid IL code errors)
I added an Assets/Plugins folder to my Unity project, and placed the compiled library there
I created a new C# script to test the library from within Unity
... And although the decompiled code was unintelligible, it still worked as expected within Unity. I used an IL/C# decompiler tool (such as JustDecompile) to compare the differences between the obfuscated binary and the original binary.
So if I really wanted to, I could follow these very same steps for all of my important bits of code (or even for the majority of my client project), as well as implementing any aforementioned security measures... And so hopefully, it's now going to be too much of a chore for anyone to understand the inner-workings of my project.
Problem to Solve
At work, I inherited ownership of a (legacy) very large web application (that spans multiple scrum teams and dev teams). One constant pain-point of the current large app, is that whenever one of the scrum teams updates their respective area of the application, that team has to deploy the entire app. One thing we started doing to alleviate this, is having teams create their new functionality outside of the large app, and then, just have a page inside the large app that makes an ajax call to the new app and simply injects the HTML into the large app. That way the team can just deploy the new smaller app when making changes without having to deploy the entire large application (that spans other teams).
The Good news
We currently thinking about re-writing/redesigning the large application, and one of my goals from a development perspective, is to organize it into smaller applications/code-bases, so that each team can deploy their code without having to deploy a large app that spans multiple teams. One way I plan to achieve this is to leverage multiple services to fetch data. So that would introduce one layer of separation.
From client-side perspective, one of the technologies that I am leaning heavily towards is Angular 2, especially for the separation of concerns that Angular 2 offers (components, templates, directives, etc.). I understand that I can break up an Angular 2 application into features, components, etc., but, I believe, in the end all of those still have to live within one application/code-base that all get deployed out together. Is there a way in Angular 2 to breakup a large portal/suite into smaller apps, and have the apps interact with one another. For example, maybe one shell app can be shared (for layout and navigation), but, each area of the portal/suite can be broken up into smaller apps?
Any thoughts on best ways to approach/structure this from an Angular 2 perspective are greatly appreciated. Also, if this is definitively, not possible from an Angular 2, perspective, that would also be helpful information.
Thanks in advance!
I'll try to help from multiple point of views.
Think about using Angular components as Custom Elements with “Angular Elements” - check this out: https://medium.com/vincent-ogloblinsky/export-angular-components-as-custom-elements-with-angular-elements-a2a0bfcd7f8a
If this approach doesn't fit your needs and you can only serve only one angular application, try:
If some of the application pages can be open in a different tab and leave independently there - think about splitting this huge app into smaller, modular angular application. The user doesn't have to notice the differences. if you want to use the same url for all tabs - serve the application from a reverse proxy.
If no external tabs in the flow, then you probably cant split the angular application into smaller apps, but you can build the app in a modular structure so each team takes a different application context (separate feature file) and one team will take the "shared" and "core" entities. Each team can have a separate branch with a team only privileges, and only the FE Lead can approve the PR into the master.
Another option which i haven't tried, is to split the features code into different repos - but in this way you'll have to invest in some pre-compiling scripts that can pull the code from each repo before starting the app.
If there is some server side logic in here - export to different microservices.
I see that you mentioned some HTML injection - i'm not sure how you plan to do it, but consider using a template engine.
I want to start an information provider service. It works this way:
Some employees will find the information needed and fill a database manually.
Users will request data they need on their client side apps on their own platforms. Some of the project specifications is as follows: 1) Data that will go between database server and clients is really small(Suppose some ordinary images). 2) The client side apps don't need to be kept updated. Once the user of app clicks update button(for example) the app will request the server to send required information. 3)It's important to run client side apps on several platforms like: windows, windows phone, android, ios,... 4) Database doesn't need to be vary fast or vary big.
Note: And It's important to note that I'm not expert and I have some limitations. I know java and html, css, javascript. But I think those are enough for this project. (Am I right?)
So I decided to design this development architecture:
1)Using hibernate and provide a layer for server which stands above hibernate and is used to do database-specific tasks. This layer provides some protocols for client side apps to communicate with server. It enables me to change database later without changing client side apps. 2)Using PhoneGap which is a framework that uses html, css, javascript and produces apps for many platforms.
I really appreciate any suggestion, comment,... Thanks!
The fastest way in Java world would be spring boot. Basically you can configure whole application: datasource, orm, persistance layer and rest services just by adding proper annotations. There are many examples of how to do it. Basically with current implementation of spring jpa and web services you can bind mapped resources to rest services. Also current JPA can generate SQL for you using DAO method name. SO e.g. findPersonByName will generate proper sql for you (of course you need to map your db model in entities but this is also simply done with annotations).
Yes, this is a sufficient tech stack to accomplish your goal. You will have to decide how much logic to implement server-side vs app-side.
Pick a java framework for providing an API so that you can expose a restful API to your apps.
Here are a couple of comparisons from stack overflow:
Which is the best Java REST API?
Easiest frameworks to implement Java REST web services
no! for database you need server side scripting language, like php or perl, java-script is client side and will only work on browser. i recommend first learning mysql database, just the basics how to create Db, table, insert and fetch. then some PHP. i think these will set the ground for your project. '
for development environment : download XAAMP! it comes complete with Sql-database base and PHP.
I am interesting in hearing if others have addressed release management for Silverlight applications.
I have a business application that is to be released shortly andam concerned about how to "release" updates to this application. Typically this application's users will leave the application open all day (and potentially all night) without reloading it.
What if there is is need to release an change that includes an web service interface change? How can this be deployed w/o causing errors on the client side?
We have grown so used to deploying ASP.Net apps by just dropping the latest code on the server. My only idea currently involves a client version number and a periodic timer on to check for updates.
I would love to know what others have done before implementing this.
Thanks,
Mike
I just answered a question on how to make sure that .xap files are not cached by the browser, which might be of some help:
Prevent Silverlight xap from being cached by proxy server
But that's no use if the users never reload your application. In my own application this is not a problem since users will be automatically thrown out whenever we deploy an update to the web service. But I like your idea with the timer, I would go with that.
Stating the obvious but don't do anything to annoy your users. E.g. could they spend twenty minutes entering data, nip off to the coffee machine and return to click Submit to find the timer has expired, noticed an update and their work is lost due to a forced restart?
If so, and I admit this hasn't had a lot of thought, if e.g. you have to make changes to the web service that break the current release, could you have the new web service version side-by-side such that users don't get thrown out until the timer has expired and the unit of work is complete? Or is this also stating the obvious?
For server code, i.e. endpoints just do as per normal. for the xap's I think you have a few options depending upon how you handle communications. You could have request contain a version number and if the server has been updated then force some code to reload the client, bit lame, messy but do-able. Perhaps a cleaner solution would be to control the clients session, which presumably is part and parcel with requests to the backedn. When you deploy a new version you could invalidate the client session, perhaps forcing a page refresh with custom logic. If your protocol is push base you could send a command to the client to do what ever you want, for many systems that are on all day its likely that this infrastructure would exist (if u've build it nicely :)). For instance our service layer is abstracted away from the repositories models and view models, in our case we'd could send a logout or perhaps a specific command to kick in some custom logic on the client informing the application is being updated and to refresh your browser when done. Our shell is light weight so our modules (basically other xap's) can be updated in time for the refresh.
I would recommend you to use a solution like mentioned in App Arch Guide:
The Guide Chapter I mean see Deployment considerations.
Divide the application into logical
modules that can be cached
separately, and that can be replaced
easily without requiring the user to
download the entire application
again.
Version your components.
Have you considered keeping a WCF polling duplex channel going that alerts the app when it needs to reload? In addition, you can have your WCF calls direct to a virtual directory that contains 'interfaced' calls. For example:
Silverlight app hosted at "x.x.x.x\Default.aspx"
Silverlight talks to WCF at "x.x.x.x\Version2\DataPortal.svc"
DataPortal.svc talks to a GAC (or otherwise base) assembly that can identify what version can handle what calls.
This way, if you upgrade to "x.x.x.x\Version3\DataPortal.svc", you can still make calls against Version2, assuming those calls have code to convert them to a Version3 concept.
This helps in cases where your line of business app has dynamic xap downloading ('main', 'customer', 'inventory', etc.) and you want to release them independently.
Is there any utility that will copy the "official" build of a windows forms app from a central network share and launch it (from a client desktop)? I want to make sure users get the latest version when I update the binaries on the central network share.
ClickOnce is user un-friendly so I'm looking for something else...
Is it possible you could revise your question to describe what it is you find unfriendly about ClickOnce? In my office we have found ClickOnce to be the most efficient and user-friendly way of updating and distributing applications desktop business apps that we have ever had. I'm wondering if the best way to resolve your question might be to address the issues you have with ClickOnce, rather than integrating/rolling another solution.
I've done this before by the following method:
1 - Keep the "official" build at a specific network location
2 - User launches program from their local machine
3 - At launch, program compares its' own file version # to the one on the server.
4 - If the two versions are different, copy the new version down from the server and relaunch.
Pretty simple, and it works as long as you are in an intranet environment.
Step 4 is the only tricky part. You can't replace a file while it's in use, so you have to either
1 - first rename the current (in-use) file and then copy down the new one. Since you will be updating many times, you'll also want to delete any existing renamed copies that are hanging around.
or
2 - Have the user launch a "helper" application that does the version check, updates if necessary, and then launches the real app. Of course then you have to deal with updating the helper app.
We have a tool that would do that, which has been in use before there was such a thing as Windows Update (or any other update.)
The problem with any sort of update of this fashion is the security level of the user. Many times you need to be administrator to perform certain functions.
Our solution is two part/one executable: 1. a service mode that runs local system or admin to perform such operations. 2. an executable which can be called by an app to fetch via UNC, HTTP, FTP the updates for an application and apply them.
The basic process is this:
1. Application checks its version number; we use a central database to list all applications and their version numbers.
2. If the application is a minor revision we give the user an opt out on the install; if it is a major revision we require an install.
3. Once the update is confirmed, we call the updater executable which in concert with its service mode product, retrieves the updates, installs them, and relaunches the application.
If you are interested, go to the website listed in my profile and send us a support request address to me and I will give you more details and the codebase if desired.
Check out this one:
.NET Client Applications: .NET Application Updater Component
It is a white paper which discuses in detail on what it takes to make an application auto-updatable.