
1. Project Management
1.1. Initiation
1.1.1. Flow business process
1.1.2. Design
1.1.3. Database / source data
1.1.4. Backend (API)
1.1.5. Third party
1.1.6. Define project team (internal & client)
1.2. Kick Off
1.2.1. Mapping documentation
1.2.2. QA business process
1.2.2.1. QA design
1.2.2.1.1. QA automation unit testing
1.2.3. Client confirmation
1.3. Development
1.3.1. Create communication channel
1.3.2. Create Zoho project
1.3.3. Split task for each team member (designer, slicer, backend, frontend)
1.3.4. Request testing to QA when flow is completed
1.4. Monitoring
1.4.1. Developer have to update To-Do Today
1.4.2. Developer have to start the log hours and update task status into "on progress" when task is going on
1.4.3. Developer have to posting comment on the related task when the task is completed
1.4.4. Project Manager control developer about task progress or if any blocking happen
1.4.5. Daily scrum meeting if needed
1.4.6. Review and filter any feedback from client according to mapping document
1.5. Reporting
1.5.1. Weekly report
1.5.2. Send the application under testing (apk or url)
1.5.3. Report task list of the week
1.5.4. Report project progress in percentage
1.5.5. Report task status
1.5.6. Report known/happening issue
1.5.7. Report if any blocking
1.6. Deployment
1.6.1. Deployment documentation
1.6.2. Final flow testing according to UAT
1.7. Closing & Delivery
1.7.1. Berita acara serah terima (BAST)
1.7.2. Business process document
1.7.3. Deployment document
1.7.4. API document
1.7.5. UAT from the client side
2. Server
2.1. Development
2.1.1. Auto deploy on git push
2.1.2. Logging
2.1.3. Auto restart container on crash
2.2. Production
2.2.1. Run as non root user
2.2.2. PM2 run as systemd daemon
2.2.3. Bind service to localhost
2.2.4. Use special key for deployment
2.2.5. Use ecosystem.js for Nodejs project
2.2.6. Use HTTPS for every domain
2.2.7. Logging
2.2.8. Setup utility script (cron, backup) if necessary
2.2.9. Monitoring
2.2.10. Firewall
3. Design
3.1. Text & Localization
3.1.1. All sentences must be end with proper punctuation mark
3.1.2. No grammatical/spelling errors
3.1.3. All label written with Upper case in first letter
3.1.4. Text must be fit the screen
3.1.5. All text must be readable
3.1.6. Consistency Text, Alignment, Margin and Font
3.2. Field & Button
3.2.1. Add placeholder for ease of use
3.2.2. Button is touchable friendly
3.2.3. Inactive button/linktext that can't be clicked should be grayed out
3.3. Screen
3.3.1. There must be feedback for empty state of function Search, List, Retrieve Detail
3.3.2. Make sure all design mock ups is retrieved for potrait/landscape or both
4. Mobile
4.1. App
4.1.1. Write code as simple as possible to make app size is not big
4.1.2. Keep all label text in dictionary
4.1.3. Use readable variabel and name function
4.1.4. Give comment to each function for future use
4.1.5. Make reusable component / class
4.1.6. Keep all configuration variable in one file / class (ex: baseURL)
4.1.7. Handling when app is loading, empty state, if data not found or failed
4.1.8. Delete console log on release version
4.1.9. Camera should have resize & rotate feature
4.1.10. keystore should be uploaded into git
4.2. Error Pages
4.2.1. Should handle every possible error that happened in the app
4.3. Form
4.3.1. Validate inputs on submit
4.3.2. Should consider to disable whole page / part based on requirement
4.4. 3rd Party Library
4.4.1. Check the best library that will be used among the other library and make sure it still supported
4.5. Privacy Data
4.5.1. Only save token / other general setting, don't save user privacy data on the app
5. Backend
5.1. Database
5.1.1. Table name must plural
5.1.2. Table name should be snake case
5.1.3. Foreign key must have table prefix
5.1.4. Avoid subquery
5.1.5. Avoid SUM in query
5.1.6. Implement COUNT in query, rather than code level
5.1.7. Avoid using select *, all columns must be written explicitly
5.1.8. Index should be added
5.1.9. Avoid big query, separate the query using code
5.2. Authentication
5.2.1. JWT
5.2.2. Secret must be different for production and development
5.2.3. Use Header to send the Authorization
5.3. API Response
5.3.1. Single data must be an object
5.3.2. Multiple data, must be an array
5.3.3. HTTP status must be 200 for success
5.3.4. Output field must be same with input field
5.3.5. Response time should be 200-300ms
5.3.6. Error message should contain the invalid field name and message
5.4. API endpoint
5.4.1. Path must be plural
5.4.2. Path must use dash if needed
5.5. App
5.5.1. Cron is separated from main app
5.5.2. Enable Log
5.5.2.1. Log request client, response server, and execution time
5.5.3. Do not use STATIC files on node.js, use CDN instead
5.5.4. Use config file or .env
5.5.5. Monitor the app status (using statuscake, etc)
5.6. Promise
5.6.1. Avoid async/await in model
5.6.2. Implement async/await in controller level
5.6.3. Wrap all independent promise in Promise.all
5.6.4. Add promise timeout if possible
5.7. 3rd Party
5.7.1. All requests must implement timeout
5.7.2. Should check the timezone for 3rd party
5.7.3. All request and response from 3rd party should be recorded to log
5.8. Image Processing
5.8.1. Avoid Base64, use form-data instead
5.8.2. Recommended to use cloud CDN (AWS, etc)
5.8.3. Should have image resize from backend to optimize mobile image?
5.9. PM2
5.9.1. Should implement cluster mode
6. Frontend
6.1. App
6.1.1. Use single config file or .env if supported, Do not hardcode.
6.1.2. Log the error (using sentry or bugnsag)
6.1.3. Do not use STATIC files on node.js, use CDN instead
6.1.4. Do not forget to delete console.log on production
6.1.5. Handle difference between loading and empty state
6.2. Error Pages
6.2.1. Should handle every error status on specific page
6.3. Form
6.3.1. Validate on form submit
6.3.2. Should disable whole page actions
6.4. 3rd Party Library
6.4.1. Use single coding rules, and linter
6.4.2. Check the github repo first if it still supported or not
6.4.3. Determine if it really used for one function or benefit the whole project
6.5. Privacy Data
6.5.1. Don't save anything beside token on cookie
7. Flow Register
7.1. Mandatory field
7.1.1. First & Last Name Email Password & re-type password
7.1.2. Link for Sign up
7.2. Validation
7.2.1. Hidden password character
7.2.2. Email already registered
7.2.3. Can't left blank
7.2.4. Invalid character
7.2.5. Password didn't match
7.3. Redirection
7.3.1. Resend Email
7.3.2. Back to Home
8. Flow Login
8.1. Element Design
8.1.1. Email & Password
8.1.2. Link for Forget Password
8.1.3. Link for Register
8.2. Test Case
8.2.1. Wrong Email or Password Can't left blank
8.2.2. Email/Account is inactive
8.2.3. Hidden password character
8.3. Flow
8.3.1. Login Action
8.3.1.1. 1. Input Username/Email and password 2. Validate input 3. Submit to API 4. If credential is not valid, then display the error messages 5. If credential is valid, then redirect to profile page
8.3.2. Redirection
8.3.2.1. OTP (Fresh account/if applicable)
8.3.2.2. Home
9. Flow Social Login
9.1. Element Design
9.1.1. provider_type provider_id provider_token
9.2. Test Case
9.2.1. provider_type can't be blank provider_id can't be blank provider_token can't be blank
9.2.2. Registered User using social login, can't change the password
9.3. Flow
9.3.1. If user is not exist, create the user
9.3.2. If user is exist, login the user
10. Flow Create Data
10.1. Test Case
10.1.1. Duplicate data
10.1.2. Allow emoji
10.1.3. ACL / Permissions
11. Flow Delete Data
11.1. Rule
11.1.1. Avoid hard delete
11.1.2. Change the status of data to disabled
12. Flow Update Data
12.1. Test Case
12.1.1. Data not exist
12.1.2. Partial update
12.1.3. Allow emoji
12.1.4. ACL / Permissions
13. Flow Search
13.1. Rule
13.1.1. Partial Text or Full Text Search
13.1.2. Search URL must be copied
13.1.3. Pager should be exist if data is more than 1 page
13.1.4. Page count should be exist if data is exist
13.1.5. Display the search query information
14. Flow Payment
14.1. Test Case
14.1.1. Data must be synchronized between payment gateway and local db
14.1.2. Payment notification (email, sms) etc)
14.1.3. Amount mest be same
14.1.4. OTP/3d secure
14.1.5. Payment Failed (Fraud, expired, limit, etc)
15. Flow Coupon
15.1. Test Case
15.1.1. Coupon Expiry
15.1.2. Max Usage
15.1.3. Platform based (web, mobile app, etc)
15.1.4. Unique user
15.1.5. Minimum amount
15.1.6. Specific product / product type
16. Flow Multi Currency
16.1. Source
16.1.1. Use 3rd Party to get today currencies
16.2. Backend
16.2.1. Use cron to update daily currencies
16.2.2. Calculate the price as today currencies
16.2.3. Recomended to save the base price in 1 currency
16.2.4. Should use 1 currency as base price
17. Flow Multi Language
17.1. Backend
17.1.1. Source
17.1.1.1. XLS
17.1.1.2. Google Spreadsheet
17.1.2. Return message code
17.1.3. Language ID must be provided when request notification API
17.1.4. Provide the dictionary as .json file
17.2. Frontend
17.2.1. Parse the .json file as dictionary and translate to selected language
17.2.2. Translate the message code into string
18. Flow Third Party
18.1. Provide key - secret
18.2. env dev & prod
18.3. save the data to local?
19. Flow Admin
19.1. Display data list
19.2. Create data
19.3. Update data
19.4. Delete data
19.5. ACL / permissions
20. Flow Error Message
20.1. error field and message must be shown
20.2. inline in field or alert
21. QA
21.1. Kick Off
21.1.1. Checking Flow Business process
21.1.2. Checking Design
21.2. Test Execution
21.2.1. Functionality
21.2.1.1. UAT
21.2.1.1.1. Test Case (Positive)
21.2.1.1.2. Test Case (Negative)
21.2.1.1.3. Test Case (Destructive)
21.2.1.1.4. Test Scenario
21.2.1.2. Localization
21.2.1.3. Third Party
21.2.1.4. Unit Test
21.2.2. Non- Functionality
21.2.2.1. Perfomance/Load Test
21.2.2.2. Stress Test
21.3. Defect Reporting
21.3.1. Record defect
21.3.2. Follow up old defect in next version
21.3.3. Verify defect list from client
22. Monitoring
22.1. database
22.2. Status Cake
22.2.1. third party
22.2.2. server
22.2.3. api
22.2.4. web