To do:

• Create a calendar at the top
• Create a list view to show events
• For every occupied date, change background color
• Design calendar

• New design
• Get user from SP
• Populate the TextViews and ImageView

• Make icon animations on item click

First security layer:

• In middleware: Check if API_KEY == (any) Object._id
  that means the user requesting exists in the database.

Second security layer:

• For each route check if the user have sufficient permissions!

all API routes will go through /api
therefore the route will be: http://serverIP:serverPORT/api

Events

• Create a new event
• Remove event
• Update event
• Get events

Classes

• Add new class
• Remove class
• Get classes
• Update class

User

• Add new user
• Update user
• Remove user
• Get user

ContactList

• Add new contact (through registration)
• Remove contact (through user delete)
• Get contact list

Ref:

for 'Routes' use: #26

Updates from Nanny - Fix second help picture (Problem: Text isn't visible enough!)
Maybe change text color...

1. Only a 'nanny-user' from the specific daycare can access that!
2. Don't forget to the remove the user from list and from contact_list fields

• Add a doc
• Get all docs
• Remove a doc

Contact list should have more fields such as:

• Mother name
• Father name
• More than one phone number

• Change contact list to card view
• Check if the user is 'male' or 'female' - Male card background should be blue, Female card background should be pink

https://api.imgur.com/

Activity needs the following EditText fields:

Daycare
• name – name of the daycare
• phone – daycare's phone number
• address – daycare's location (address)

User
• password – nanny password
• name – nanny's name
• phone – nanny's phone
• userID – nanny's id

The registration also create a new user for the nanny

uid – unique id for the daycare. (will be generated automatically in the server).

• Create one activity
• Swipe between fragments
• Add 'info' icon
• set onClick for info
• When click on info open dialog with info about the selected class
• Add pictures for chosen classes
• Add mock objects including picutres, info and title

Note: Work with fragments!

DB will be created using 'mongodb' and 'mongoose'.

DB will be consisted of 2 collections:

1. user

    /* login credentials: */
    userID: {type: String, required: true },
    hashed_password: {type: String, required: true},       // hashed_password = the password after using digestion
    salt: {type: String, required: true},                  // salt = random string; added to the password when digestion happens

    /* Personal details */
    profile_picture: {type: String, trim: true},
    name: {type: String, required: true},
    birthdate:  {type: Date, required: true},
    father_name:  {type: String, required: true},
    mother_name:  {type: String, required: true},
    phone_numbers : [
        {
            parent: String,
            phone: Number
        }
    ],
    address: String,

    /* Matching between a user and his daycare */
    daycareID: String,

    /* Permissions */
    permissionLevel: { type: Number, required: true },            //permissionLevel is a must! Determines who's the user (Nanny or Parents)

    /* Logging */
    created_at: {type: Date, default: Date.now()},
    last_login: {type: Date, default: Date.now()}

2. daycare

  name: {type: String, required: true},                                 //  name            =   name of the daycare
    uid: {type: Number, unique: true, required: true},                      //  uid             =   unique id for each daycare
    phone: {type: Number, required: true},                                  //  phone           =   phone number of the daycare
    address: {type: String, required: true},                                //  address         =   daycare's city and address
    pictures: [{type: String}],                                             //  pictures        =   Array of URL links to pictures
    videos: [{type: String}],                                               //  videos          =   Array of URL links to videos
    created_at: {type: Date, required: true, default: Date.now()},          //  created_at      =   Date the daycare (model) created
    list: [{type: Schema.Types.ObjectId, ref: 'User'}],                     //  list            =   list of all users (kids) in the daycare
    global_messages: [                                                      //  global_messages =   Messages from the daycare / nanny.
        {
            message: {type: String, trim: true},
            date: {type: Date, default: Date.now()}
        }
    ],
    events: [                                                               //  events          =   Calendar events.
        {
            title: {type: String, trim: true, required: true},
            date: {type: Date, default: Date.now()},
            content: {type: String, trim: true},
            event_type: {type: String, trim: true} //event_type = birthday, party, day-off...
        }
    ],
    classes: [
        {
            title: {type: String, trim: true, required: true},
            info: {type: String, trim: true, required: true},
            picture_url: {type: String, trim: true}
        }
    ],
    contact_list: [
        {
            user: {type: Schema.Types.ObjectId, ref: 'User'},
            name: {type: String}, //name  = name of the kid
            profile_picture: {type: String},
            phone_numbers: [
                {
                    parent: String, //parent = 'Mother' or 'Father'
                    phone: Number
                }
            ],
            father_name: {type: String},
            mother_name: {type: String}
        }
    ]

• Create a list view (Maybe with RecyclerView)
• Populate a sample list / Mock Objects (prototype purpose)
• Research about onClickListener with Adapter
• Long click opens dialog to dial or sms
• When dialog opens - First option calls the person
• When dialog opens - Second option send an sms

To do:

• Make a card view
• Swipe left (or right) cards to delete
• 1st line is the message; 2nd line is date sent
• Add 'Show Help' to actionbar

Date is not showing properly!!
Date.now() is not giving the right time! for some reason the time is not advancing!!

• Add Logo
• Clicking outside of EditText closes keyboard
• Make register looks like a link
• On "register" click: open WebView to display registration address

GridView should be replaced with RecyclerView for better performance.
Consider removing animations.

Route definition takes the following structure:

app.METHOD(PATH, HANDLER)

Where:

• app is an instance of express.
• METHOD is an HTTP request method.
• PATH is a path on the server.
• HANDLER is the function executed when the route is matched.

The following examples illustrate defining simple routes.
Respond with Hello World! on the homepage:
app.get('/', function (req, res) { res.send('Hello World!'); });

Respond to POST request on the root route (/), the application’s home page:
app.post('/', function (req, res) { res.send('Got a POST request'); });

Respond to a PUT request to the /user route:
app.put('/user', function (req, res) { res.send('Got a PUT request at /user'); });

Respond to a DELETE request to the /user route:
app.delete('/user', function (req, res) { res.send('Got a DELETE request at /user'); });

Reference: http://expressjs.com/en/starter/basic-routing.html

Add: static final String TAG_NAME = " tag "

"salt" is a random string used to improve security.

The general workflow for account registration and authentication in a hash-based account system is as follows:

1. The user creates an account.
2. Their password is hashed and stored in the database. At no point is the plain-text (unencrypted) password ever written to the hard drive.
3. When the user attempts to login, the hash of the password they entered is checked against the hash of their real password (retrieved from the database).
4. If the hashes match, the user is granted access. If not, the user is told they entered invalid login credentials.
5. Steps 3 and 4 repeat everytime someone tries to login to their account.

And in details:
To Store a Password:

1. Generate a long random salt using a CSPRNG (generates a random string) & crypto (encryption)
2. Prepend the salt to the password and hash it with a standard cryptographic hash function such as SHA512.
3. Save both the salt and the hash in the user's database record.

Example:

var crypto = require('crypto'); 
var rand = require('csprng'); 

var x = email; 
var temp =rand(160, 36); 
var newpass = temp + password; 
var token = crypto.createHash('sha512').update(email +rand).digest("hex"); 
var hashed_password = crypto.createHash('sha512').update(newpass).digest("hex");

To Validate a Password:

1. Retrieve the user's salt and hash from the database.
2. Prepend the salt to the given password and hash it using the same hash function.
3. Compare the hash of the given password with the hash from the database. If they match, the password is correct. Otherwise, the password is incorrect.

NOTES:

ALWAYS HASH IN THE SERVER -- NEVER HASH IN CLIENT!
Salt should be different and unique for every user

Reference: Salted Password Hashing - Doing it Right

Create DB using MongoDB & mongoose

Mongoose is a Node.js library that provides MongoDB object mapping similar to ORM (Object-relational mapping) with a familiar interface within Node.js

DB Structure: Issue #29

• Add CardView for messages
• Each card should have text
• Each card should have a date and time
• Each card should have a special 'label' that indicates the message type ('Request', etc...)

Change main activity background to be more visible and distract less; Emphasize the buttons more than background.

1. Add a status icon in-app that indicates if the server is available.
2. Run a thread that checks connectivity every few mins (CHECK BATTERY CONSUMPTION!)
3. Let the thread sleep after the connectivity check complete.

To do:

• Create help activity
• Create help pictures for certain activities
• Set help pictures
• Show help pictures only at the first time (Save a flag at sharedPref)

• Add a check box to "Remember Me" (saves the user password)
• Save last time logged in.
• Check last time login and if under 1 hour -- SKIP splash activity.

check for security while using API. ( at "middleware"? )
consider generating some sort of an API_KEY. (auth?)

NOT EVERYONE CAN REQUEST ANY DATA!

Note - Route will be: ip:port/registration

• Create a registration page for daycares
• Change registration URL at Login Activity to the above path.

also, split the date received from server

• Create a DAL (Data Access Layer) class that will pull data from the API server.

Nanny updates:

• Create a getNannyUpdates function to get new updates
• Create a removeNannyUpdates function to delete an update (Used by Nanny only)
• Create a AddNannyUpdates function to add a new update (Used by Nanny only)

Classes:

• Create a getClasses function to get the daycare's classes
• Create a addNewClass function to add a new class (Used by Nanny only)
• Create a removeClass function to delete a class from daycare (Used by Nanny only)

Login:

• Add a Login function
• Create a User class to save all the data.
• After login save all user's data as a GSON object and into a SharedPreferences file.

Events:

• Create a getEvents function to receive all daycare's events
• Create a removeEvent function to delete a specific event from the daycare (Used by Nanny only)
• Create a addEvent function to add new events to the daycare (Used by Nanny only)

Media:

• Create a getMedia function to receive all daycare's media
• Create a removeMedia function to delete a specific media from the daycare (Used by Nanny only)
• Create a addMedia function to add new media (url) to the daycare (Used by Nanny only)

Private Messages:

• Create a getPrivateMessages function
• Create a removePrivateMessages function
• Create a addPrivateMessages function

Registration:

• Create a register function