| Which course does this assignment belong to | Spring 2020 | W Class |
|---|---|
| Where is this job request | Team work for the fourth time-project system design and database design |
| Team Name | Happy team |
| The goal of this assignment | System design and database design of team project |
| Homework | Happy team-project system design and database design |
| Other references | The Law of Construction |
1. Team project development plan and milestones
Because the development plan and milestones formulated in the previous operation have been more detailed, and the development progress is proceeding in an orderly manner, the plan made before the execution continues unchanged.
Second, the specific division of work of the team project
3. Design drawings and design ideas
1. Functional block diagram
2. Class diagram
3. Use case diagram
4.ER diagram
5. Database topology
4. System Security and Authority Design
1. User login authentication
When a user logs in to the system, the system calculates the hash value using the MD5 algorithm of the user password, and then compares it with the MD5 encrypted ciphertext in the database. If the result is consistent and the user's login account matches, the authentication is successful.
2. Cross-site request forgery (CSRF)
In order to prevent cross-site request forgery attacks, the CSRF protection built in Spring Security is used to resist CSRF by cooperating with the front end. For each HTTP request, in addition to the session cookie, a secure, randomly generated value must be included in the HTTP request, called the CSRF token. The back-end response body for each HTTP request contains a cookie that sets the CSRF token. When the front end submits an HTTP request, the back end looks up the expected CSRF token and compares it with the actual CSRF token in the HTTP request. If the values do not match, the HTTP request should be rejected. At the same time, providing the CSRF token in the cookie does not work, because the browser will automatically include the cookie in the HTTP request. Therefore, when the front end sends another HTTP request, the CSRF token should be set in the request header, and the CSRF token should be up-to-date.
3. Permission control
The system uses role-based authorization verification. A user can have multiple roles, and roles can belong to different users; a role has multiple permissions, and permissions can belong to different roles. Permission is to control access to specific resources. For the back end of the system, resources are reflected in access permissions for different URL addresses. Because the system only has logged-in users and non-logged-in users, the logged-in users can access and use all the functional rights provided by the system, while non-logged-in users only have the rights to log in and register. Therefore, there is no specific role division, but the system has role-based permission verification capabilities to provide the basis for permission control in the future.
5. Q & A and improvement of the last operation
1.Q&A
2. Improvement
- The use case diagram was missing from the last assignment, which was added in this assignment blog.
- According to the teacher's suggestion, after discussion and analysis by the team, the relationship between the subscriber, publisher, and user classes was changed from inheritance to composition.
6. Division and contribution of this operation
Seven, GitHub repository and document link
Team GitHub repository
Click to visit the team project GitHub repository
Download related documents for this assignment
Link: https://pan.baidu.com/s/1rBzZuTqjEPh_mCZmmQDmbw Password: mma1