Bringing security in FitRadar solution

Posted on by dzidai

In this article it is time to talk about how we secure our mobile application and our back-end API. Most of the information displayed in Fitradar mobile application is user dependent. Starting with user profile that has unique information for each user and can be changed or deleted only by the owner of the profile and ending with sport events map and timeline where information is built based on user preferences. And we have to provide access to third party integration services like Firebase Storage and payment gateway. As you can imagine in order to allow our application users to store and access personal information in a secure way we needed to implement user authentication and authorization.

It was clear from the very beginning that we are not going to develop our own authentication service but instead we will use third party solution. And before we started to explore available solutions we laid down following requirements:

  • the access to Fitradar Web API should be granted only to authenticated users
  • the access to Fitradar mobile application should be granted only to authenticated users
  • the access to Fitradar Web API should have different privilege levels
  • the access to third party resources like Firebase storage should be granted from the same authorization service
  • the sign up and sign in pages should be part of the Fitradar app

After some investigation we came to conclusion that combination of OAuth2 and OpenID Connect protocols is the best solution for our needs since it:

  • provide a mechanism for our resource and third party resource protection
  • authenticate users using local or remote account store

Once we were clear about the authentication flow and protocols we started to look for the OAuth2 and OpenID Connect protocol implementation providers. First we wanted to have as much as possible control over authorization service, because we didn’t want to land in situation where authorization service would restrict our application look and functionality. For example RFC8252 (OAuth 2.0 for Native Apps) states that: “OAuth 2.0 authorization requests from native apps should only be made through external user-agents, primarily the user’s browser.” And that might enforce our app to use authorization server sign in and sign up user interface. And since on our back-end we are using ASP.NET Core we decided to use IdentityServer. For a while it worked quite well, but then we started to noticed that there are few aspects of the OAuth2 protocol that we have to implement by ourselves, like Access token lifetime in our mobile app. So we started to feel that we are spending too much time on implementing and maintaining the protocol features that we were quite sure should be working out of the box. Although IdentityServer offers full fledge OAuth 2.0 and OpenID Connect implementation but we still had to host it on our environment and maintain it by ourselves. And the maintenance question bothered us the most. For the startup company with limited human resources to have a solution that might require an administration seemed for us a high risk. If something goes wrong with authentication we will have to put all our effort to fix it, which means the other work will suffer from it. So we decided to look for a cloud solution that would free us from the maintenance burden. And once again we searched for available authentication and authorization providers but this time on a cloud. And after a while we came up with two potential providers: Firebase Authentication and Azure Active Directory. First Active Directory seemed a good solution for our needs:

  • very well established user management system (although we just needed a tiny portion of all available feature)
  • good documentation and code samples
  • very easy integration with .Net Core
  • possibility to use custom sign up and sign in pages

Although Azure AD integrated very well with our Web API and there are good sample projects how to use it with Android and iOS applications we were not sure how well it will integrate with Firabase Storage that we are using to store user images. It turns out we can grant the access to the Firebase storage resources only to Firabase users. To integrate with other OAuth providers Firabase creates a new user account after user has signed in for the first time and links it to the credentials. The fact that we would have user accounts on two authorization servers that we have control over really held us back from integrating Azure Active Directory B2C in our solution. From the other hand we were hesitant to start to use Firebase Authentication service in our ASP.NET Core solution as well, since we were not sure how much time and effort it will require from our team. But after all the Firebase Authentication is just another OAuth 2.0 and OpenID Connect provider that issues identity and access tokens and Jwt bearer authentication middleware in ASP.NET Core application can validate those tokens and authenticate a request. So we decided to spend some time to create a proof of concept project that would show us how much time we will have to invest in order to integrate Firebase Authentication in our Web API authentication solution. And it turns out that requires just a few lines of code in Startup.cs file:

services
    .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options => {
        options.Authority = "https://securetoken.google.com/fitradar-firebase-project";
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidIssuer = "https://securetoken.google.com/fitradar-firebase-project",
            ValidateAudience = true,
            ValidAudience = "fitradar-firebase-project",
            ValidateLifetime = true
        };
});

And bellow is the final solution we are using to secure our and third party resources and authenticate a user

Please visit our website and join the mailing list. Our app is coming soon:

http://fitradar.me/

50 Great Reasons To Exercise

Posted on by Andris Z
  1. Lifts your mood
  2. Improves learning abilities
  3. Builds self-esteem
  4. Keeps your brain fit
  5. Keeps your body fit & able
  6. Boosts mental health
  7. Boosts your immune system
  8. Reduces stress
  9. Makes you feel happier
  10. Has anti-aging effects
  11. Improves skin tone and colour
  12. Improves sleeping patterns
  13. Helps prevent strokes
  14. Improves join function
  15. Improves muscle strength
  16. Alleviates anxiety
  17. Sharpens memory
  18. Helps to control addictions
  19. Boosts productivity
  20. Boosts creative thinking
  21. Improves body image
  22. Gives you confidence
  23. Helps you keep focused in life
  24. Improves eating habits
  25. Increases longevity
  26. Strengthens your bones
  27. Strengthens your heart
  28. Improves posture
  29. Prevents colds
  30. Improves appetite
  31. Improves cholesterol levels
  32. Lowers risk of (certain) cancers
  33. Lowers high blood pressure
  34. Lowers risk of diabetes
  35. Fights dementia
  36. Eases back pain
  37. Decreases osteoporosis risk
  38. Reduces feelings of depression
  39. Prevents muscle loss
  40. Increases energy and endurance
  41. Increases sports performance
  42. Increases pain resistance
  43. Improves balance and coordination
  44. Improves oxygen supply to cells
  45. Improves concentration
  46. Helps with self-control
  47. Lessens fatigue
  48. Increases sex drive & satisfaction
  49. Makes life more exciting
  50. Improves Quality of Life

Visit our website and join the waiting list. Our app is coming soon:

http://fitradar.me/

Bringing order in files

Posted on by dzidai

One of the main paradigm we followed during Fitradar application development was Object Oriented Programming paradigm. And the main objectives of OOP are:

  • to organize the code in such a way that data and functions using its data stick together in one entity (class),
  • to extract reusable parts in separate entities (classes interfaces).

And as we followed the OOP principles and patterns our big code evolved in to many small files, each representing one or sometimes several entities. Each file contained clean and well organized code that was easy to maintain. From one hand we reduced the size of the files and such improved the navigation within a file but increased the number of files. And the more files we produced the more harder it became to navigate between the files. And very quickly it became clear that we need a new way how to organize our code-base files that anyone could quickly find a needed file. And since there are several ways how to organize the files in packages and the source code packaging really depends on the project, in this article I wanted to share our teams experience on how we found a way that helped us to find file quicker in our code base.

The goal of organizing files in packages is to allow a developer or any other person who is working with a source code easily find a needed data type. In order to achieve this we had to introduce particular principles on how to organize files within a packages. And once a person learns these principles it should be a breeze for him to find a necessary type. When we thought about it, we came to conclusion that these principles should act like search algorithm but for human. The basic partition of our source code in separate projects was predefined by Clean Architecture. It gave us a basic understanding where to put files on the high level. In our first attempt we tried to put the same type data under the same package. For example all the repositories definitions we kept in package com.fitradarlab.fitradar.domain.repository, all the retrofit endpoint definitions we kept in package com.fitradarlab.fitradar.data.net.endpoints and so on. This kind of approach introduced by Clean Architecture worked well in data and domain projects, but when we tied to apply it to the UI project it didn’t really helped us. And the reason was the way how we worked with UI part of the project. Our work was organized around the use cases. And to implement a use case on the UI level we had to work simultaneously on Activity, Fragment, ViewModel, Dagger dependency Module, layout and navigation. All these types were located in different packages and under each package there were already quite a few other files and therefore it was hard to find a needed file fast. First to mitigate the problem we tried to keep all the files of a use case opened, but we realized quickly that the more files we open in Android Studio the less we see of a file name in a tab because it shrinks. So even on our big screens we could have only 5-7 files opened, but in many cases we needed more than that. It was not right away that we noticed that the files we try to keep opened belong to one use case, but once we realized that it became clear that we need to put those files under the same package. Once this discovery was made the new packaging structure for UI project was born. We completely refactored UI project by introducing packages that reassemble the names of our use cases. And thanks to Android Studio refactoring tools it took only a few hours, and after that we really felt comfortable with the new packaging structure. Now we didn’t have to keep the bunch of file opened because all the files we needed to work with were visible under the single package in Project window.

New UI project package structure

But there was still one problem left – the resources files. Contrary to source code where developer can create a hierarchy of packages the resources have only several predefined folders and the most used resource types like layouts and drawables usually have long list of files. And once again we applied the use case approach and came up with following naming convention for our layout files: the layout file starts with the type – fragment, activity, row or view, then we mimic the name of the package and the name ends with unique name of the layout. For example the layout for our timeline page has the name fragment_sport_event_timeline.xml. Unfortunately we still can’t find a good naming strategy for drawables and other shared resources that are not bind to particular use case, but already now with these new naming conventions we see a noticeable improvement in our source code maintenance.

Visit our website and join the mailing list. Our app is coming soon:

http://fitradar.me/

10 Things Your Personal Trainer Won’t Tell You

Posted on by Andris Z

Sometimes it can feel nearly impossible to get yourself in shape, which is why personal trainers are so helpful. Not only do they give you that extra push, but you also get the benefits of their expert knowledge and experience. Even with their guidance, however, your efforts will be in vain if you aren’t following the right diet and fitness regimen for you. To find out exactly how you can improve your fitness routine, WD spoke with top-notch personal trainers for their secrets to getting the most out of your workout and living an overall healthier life.

1. Set realistic goals and be confident.
Before starting your path to a healthier lifestyle, it’s important to be realistic about how much time you have for the results you want, and how you can achieve them. Colleen Faltus, private trainer at The Sports Club/LA in Boston, suggests compiling “a list of both short- and long-term goals. This will keep you motivated to accomplish and surpass them; it will give you focus and add some variety to your workout.” Another trick to staying focused? Be confident! Trainer Bill Trimble, founder of the workout program Extreme Bill Trimble, says, “if you’re not confident and determined you can achieve your goals, you won’t. Make sure you try to stay positive and keep your head up, even on those rough days.”

2. Get specific about what you want to achieve.
Although you may think your trainer will automatically know what you want, that isn’t the case. Trimble says telling your trainer exactly what your goals are is the key to success. A weight-loss plan, for instance, will be different from a plan for someone trying to build muscle. Your trainer will design a routine based on your individual needs and lifestyle, so letting him or her know exactly what you want up front will help you get the most out of the experience.

3. Have fun!
“Working out should be enjoyable. Your personal trainer is there to push you a little bit, but not intimidate,” says Trimble. During your initial consultation, talk with your trainer about activities you enjoy, your schedule and exercises you don’t particularly like. This way, he or she can devise a routine you’ll love. Another key factor to having fun is variation. “Incorporating other elements of fitness besides cardio will increase the likelihood of faster and more efficient weight loss,” explains Faltus. Another plus? You’re less likely to become bored if you try new things.

4. Performing each exercise correctly is imperative, so watch your form.
To achieve the best possible results and stay injury-free, follow your trainer’s instructions about proper form. This is especially important if you’re doing an at-home workout on your own. “Model the video or demonstration exactly, paying special attention to the trainer’s breathing technique and form,” Trimble urges.

5. You should begin to see results within 12 weeks.
Depending on your workout plan, the three-month mark can be a good indicator of how you’re doing. “In about 90 days, you should be able to notice results—whether it be that your jeans are a little looser, your quality of sleep is better or you just feel good all around,” Trimble says. Many people lose motivation if they don’t see results sooner, but you’re changing your physique, so 12 weeks is about how long it will take before your workouts begin building lean muscle.

6. Communication is the key to success.
As with any relationship, communication is vital when it comes to a healthy and happy experience. Faltus recommends giving your trainer feedback about how you are or aren’t liking the exercises, what is or isn’t working and anything else that’s on your mind. Most often, your trainer will check in with you before and after the workout. So use the opportunity to talk! “You know your body better than anyone else, so speak up at each session and your experience will be that much more enjoyable and exciting,” Faltus says.

7. You’re going to have bad days.
“You’re going to fall off the wagon and have off days at some point,” says Trimble. “But get right back up and begin again without getting discouraged.” The biggest problem trainers see in their clients is that their emotional confidence starts to dwindle when something goes wrong. “You have to believe in yourself and [believe] you can do it,” Trimble says. So, if you splurge on your eating one weekend, don’t beat yourself up—just give it your all during your Monday workout session.

8. If you don’t have a trainer, you can still stay motivated.
On those mornings when you just can’t get yourself out of bed, it’d be pretty nice to have a trainer waiting for you at the gym. But you don’t need a trainer if you know how to find motivation elsewhere. For one thing, Trimble recommends working out with a partner for extra encouragement. He also suggests choosing a fun workout so you’ll look forward to it. “These days, so many programs are easily accessible, such as at-home boot camp workouts, circuit training, online videos and specific plans such as the P90X workout.” And perhaps most important, be consistent. If you exercise on the same days every week, not only can you schedule around your workout, but you’ll be more likely not to miss it.

9. You have to eat right, too.
Personal trainers aren’t miracle workers, so after you leave the gym, make sure you follow the diet plan you’ve established for yourself (or with the help of a dietician). One way Trimble helps his clients eat right is by encouraging them to keep a food journal. “Nutrition can be a problem, so writing it down and being able to look at it with my clients is helpful,” he says. Not only will you be able to discuss what you’re eating with your trainer, but you’ll also become more aware of your food choices—and rethink that second piece of cake! One way Faltus suggests you start a good nutrition plan? Let yourself cheat. “Eating balanced meals filled with fruits, vegetables, grains and protein will prove successful in the long run. But remember to give yourself a ‘cheat’ nutrition day on the weekends.”

10. You’re probably not getting enough sleep.
“Lack of sleep causes a decrease in energy and motivation to accomplish both short- and long-term goals.” Not only are proper sleeping habits important for you mentally, but if you don’t rest your muscles properly before and after a good workout, you risk injury. Faltus says to “adjust your sleep schedule and get both quality sleep and a decent quantity of sleep. You’ll notice the difference in your overall performance, and your muscles will thank you too.” For some tips on how you can destress and unwind before bed to sleep better, click here.

Source: https://bit.ly/35QuewC

Please visit our website and join the waiting list. Our app is coming soon: http://fitradar.me/