1. Flow Register
1.1. Mandatory field
1.1.1. First & Last Name Email Password & re-type password
1.1.2. Link for Sign up
1.2. Validation
1.2.1. Hidden password character
1.2.2. Email already registered
1.2.3. Can't left blank
1.2.4. Invalid character
1.2.5. Password didn't match
1.3. Redirection
1.3.1. Resend Email
1.3.2. Back to Home
2. Flow Login
2.1. Element Design
2.1.1. Email & Password
2.1.2. Link for Forget Password
2.1.3. Link for Register
2.2. Test Case
2.2.1. Wrong Email or Password Can't left blank
2.2.2. Email/Account is inactive
2.2.3. Hidden password character
2.3. Flow
2.3.1. Login Action
2.3.1.1. 1. Input Username/Email and password 2. Validate input 3. Submit to API 4. If credential is not valid, then display the error messages 5. If credential is valid, then redirect to profile page
2.3.2. Redirection
2.3.2.1. OTP (Fresh account/if applicable)
2.3.2.2. Home
3. Flow Social Login
3.1. Element Design
3.1.1. provider_type provider_id provider_token
3.2. Test Case
3.2.1. provider_type can't be blank provider_id can't be blank provider_token can't be blank
3.2.2. Registered User using social login, can't change the password
3.3. Flow
3.3.1. If user is not exist, create the user
3.3.2. If user is exist, login the user
4. Flow Create Data
4.1. Test Case
4.1.1. Duplicate data
4.1.2. Allow emoji
4.1.3. ACL / Permissions
5. Flow Delete Data
5.1. Rule
5.1.1. Avoid hard delete
5.1.2. Change the status of data to disabled
6. Flow Update Data
6.1. Test Case
6.1.1. Data not exist
6.1.2. Partial update
6.1.3. Allow emoji
6.1.4. ACL / Permissions
7. Flow Search
7.1. Rule
7.1.1. Partial Text or Full Text Search
7.1.2. Search URL must be copied
7.1.3. Pager should be exist if data is more than 1 page
7.1.4. Page count should be exist if data is exist
7.1.5. Display the search query information
8. Flow Payment
8.1. Test Case
8.1.1. Data must be synchronized between payment gateway and local db
8.1.2. Payment notification (email, sms) etc)
8.1.3. Amount mest be same
8.1.4. OTP/3d secure
8.1.5. Payment Failed (Fraud, expired, limit, etc)
9. Flow Coupon
9.1. Test Case
9.1.1. Coupon Expiry
9.1.2. Max Usage
9.1.3. Platform based (web, mobile app, etc)
9.1.4. Unique user
9.1.5. Minimum amount
9.1.6. Specific product / product type
10. Flow Multi Currency
10.1. Source
10.1.1. Use 3rd Party to get today currencies
10.2. Backend
10.2.1. Use cron to update daily currencies
10.2.2. Calculate the price as today currencies
10.2.3. Recomended to save the base price in 1 currency
10.2.4. Should use 1 currency as base price
11. Flow Multi Language
11.1. Backend
11.1.1. Source
11.1.1.1. XLS
11.1.1.2. Google Spreadsheet
11.1.2. Return message code
11.1.3. Language ID must be provided when request notification API
11.1.4. Provide the dictionary as .json file
11.2. Frontend
11.2.1. Parse the .json file as dictionary and translate to selected language
11.2.2. Translate the message code into string
12. Flow Third Party
12.1. Provide key - secret
12.2. env dev & prod
12.3. save the data to local?
13. Flow Admin
13.1. Display data list
13.2. Create data
13.3. Update data
13.4. Delete data
13.5. ACL / permissions
14. Flow Error Message
14.1. error field and message must be shown
14.2. inline in field or alert
15. Flow Order
15.1. Anonymous Checkout
15.2. Need Cart?
15.3. Save user address?
16. Project Management
16.1. Initiation
16.1.1. Flow business process
16.1.2. Design
16.1.3. Database / source data
16.1.4. Backend (API)
16.1.5. Third party
16.1.6. Define project team (internal & client)
16.2. Kick Off
16.2.1. Mapping documentation
16.2.2. QA business process
16.2.2.1. QA design
16.2.2.1.1. QA automation unit testing
16.2.3. Client confirmation
16.3. Development
16.3.1. Create communication channel
16.3.2. Create Zoho project
16.3.3. Split task for each team member (designer, slicer, backend, frontend)
16.3.4. Request testing to QA when flow is completed
16.4. Monitoring
16.4.1. Developer have to update To-Do Today
16.4.2. Developer have to start the log hours and update task status into "on progress" when task is going on
16.4.3. Developer have to posting comment on the related task when the task is completed
16.4.4. Project Manager control developer about task progress or if any blocking happen
16.4.5. Daily scrum meeting if needed
16.4.6. Review and filter any feedback from client according to mapping document
16.5. Reporting
16.5.1. Weekly report
16.5.2. Send the application under testing (apk or url)
16.5.3. Report task list of the week
16.5.4. Report project progress in percentage
16.5.5. Report task status
16.5.6. Report known/happening issue
16.5.7. Report if any blocking
16.6. Deployment
16.6.1. Deployment documentation
16.6.2. Final flow testing according to UAT
16.7. Closing & Delivery
16.7.1. Berita acara serah terima (BAST)
16.7.2. Business process document
16.7.3. Deployment document
16.7.4. API document
16.7.5. UAT from the client side
17. Server
17.1. Development
17.1.1. Auto deploy on git push
17.1.2. Logging
17.1.3. Auto restart container on crash
17.2. Production
17.2.1. Run as non root user
17.2.2. PM2 run as systemd daemon
17.2.3. Bind service to localhost
17.2.4. Use special key for deployment
17.2.5. Use ecosystem.js for Nodejs project
17.2.6. Use HTTPS for every domain
17.2.7. Logging
17.2.8. Setup utility script (cron, backup) if necessary
17.2.9. Monitoring
17.2.10. Firewall
18. Design
18.1. Text & Localization
18.1.1. All sentences must be end with proper punctuation mark
18.1.2. No grammatical/spelling errors
18.1.3. All label written with Upper case in first letter
18.1.4. Text must be fit the screen
18.1.5. All text must be readable
18.1.6. Consistency Text, Alignment, Margin and Font
18.2. Field & Button
18.2.1. Add placeholder for ease of use
18.2.2. Button is touchable friendly
18.2.3. Inactive button/linktext that can't be clicked should be grayed out
18.3. Screen
18.3.1. There must be feedback for empty state of function Search, List, Retrieve Detail
18.3.2. Make sure all design mock ups is retrieved for potrait/landscape or both
19. Mobile
19.1. App
19.1.1. Write code as simple as possible to make app size is not big
19.1.2. Keep all label text in dictionary
19.1.3. Use readable variabel and name function
19.1.4. Give comment to each function for future use
19.1.5. Make reusable component / class
19.1.6. Keep all configuration variable in one file / class (ex: baseURL)
19.1.7. Handling when app is loading, empty state, if data not found or failed
19.1.8. Delete console log on release version
19.1.9. Camera should have resize & rotate feature
19.1.10. keystore should be uploaded into git
19.2. Error Pages
19.2.1. Should handle every possible error that happened in the app
19.3. Form
19.3.1. Validate inputs on submit
19.3.2. Should consider to disable whole page / part based on requirement
19.4. 3rd Party Library
19.4.1. Check the best library that will be used among the other library and make sure it still supported
19.5. Privacy Data
19.5.1. Only save token / other general setting, don't save user privacy data on the app
20. Backend
20.1. Database
20.1.1. Table name must plural
20.1.2. Table name should be snake case
20.1.3. Foreign key must have table prefix
20.1.4. Avoid subquery
20.1.5. Avoid SUM in query
20.1.6. Implement COUNT in query, rather than code level
20.1.7. Avoid using select *, all columns must be written explicitly
20.1.8. Index should be added
20.1.9. Avoid big query, separate the query using code
20.2. Authentication
20.2.1. JWT
20.2.2. Secret must be different for production and development
20.2.3. Use Header to send the Authorization
20.3. API Response
20.3.1. Single data must be an object
20.3.2. Multiple data, must be an array
20.3.3. HTTP status must be 200 for success
20.3.4. Output field must be same with input field
20.3.5. Response time should be 200-300ms
20.3.6. Error message should contain the invalid field name and message
20.4. API endpoint
20.4.1. Path must be plural
20.4.2. Path must use dash if needed
20.5. App
20.5.1. Cron is separated from main app
20.5.2. Enable Log
20.5.2.1. Log request client, response server, and execution time
20.5.3. Do not use STATIC files on node.js, use CDN instead
20.5.4. Use config file or .env
20.5.5. Monitor the app status (using statuscake, etc)
20.6. Promise
20.6.1. Avoid async/await in model
20.6.2. Implement async/await in controller level
20.6.3. Wrap all independent promise in Promise.all
20.6.4. Add promise timeout if possible
20.7. 3rd Party
20.7.1. All requests must implement timeout
20.7.2. Should check the timezone for 3rd party
20.7.3. All request and response from 3rd party should be recorded to log
20.8. Image Processing
20.8.1. Avoid Base64, use form-data instead
20.8.2. Recommended to use cloud CDN (AWS, etc)
20.8.3. Should have image resize from backend to optimize mobile image?
20.9. PM2
20.9.1. Should implement cluster mode
21. Frontend
21.1. App
21.1.1. Use single config file or .env if supported, Do not hardcode.
21.1.2. Log the error (using sentry or bugnsag)
21.1.3. Do not use STATIC files on node.js, use CDN instead
21.1.4. Do not forget to delete console.log on production
21.1.5. Handle difference between loading and empty state
21.2. Error Pages
21.2.1. Should handle every error status on specific page
21.3. Form
21.3.1. Validate on form submit
21.3.2. Should disable whole page actions
21.4. 3rd Party Library
21.4.1. Use single coding rules, and linter
21.4.2. Check the github repo first if it still supported or not
21.4.3. Determine if it really used for one function or benefit the whole project
21.5. Privacy Data
21.5.1. Don't save anything beside token on cookie
22. QA
22.1. Kick Off
22.1.1. Checking Flow Business process
22.1.2. Checking Design
22.2. Test Execution
22.2.1. Functionality
22.2.1.1. UAT
22.2.1.1.1. Test Case (Positive)
22.2.1.1.2. Test Case (Negative)
22.2.1.1.3. Test Case (Destructive)
22.2.1.1.4. Test Scenario
22.2.1.2. Localization
22.2.1.3. Third Party
22.2.1.4. Unit Test
22.2.2. Non- Functionality
22.2.2.1. Perfomance/Load Test
22.2.2.2. Stress Test
22.3. Defect Reporting
22.3.1. Record defect
22.3.2. Follow up old defect in next version
22.3.3. Verify defect list from client
23. Monitoring
23.1. database
23.2. Status Cake
23.2.1. third party
23.2.2. server
23.2.3. api
23.2.4. web