Jumbo Eats

1. What I learned technically

As the person who mostly interfaced with Android Studio and Java for this project, I got a little bit of a grip on Java as a language (but by no means feel proficient in it). I have sort of a love hate relationship with Android Studio, as it seems to give you errors for just about everything you try to do, but also is extremely helpful in giving you templates for everything you need, and finishing your lines if you begin typing them correctly.

2. What I Learned Professionally

My belief that everything can be found online if your searches are smart enough and you spend enough time looking was reinforced throughout this project. I also found the benefit in working quite separately with a partner. Zach and I would meet rarely, and converse quickly at the end of class to update each other on where we were. We were both doing our own completely separate things: I was working in Android Studio and he was working on the backend. This worked super well for us. However, I will mention the cons of this in an answer to a later question.

3. What Ming could have done differently

Not much, I think Ming ran the class pretty well. I really enjoyed the guest speakers, definitely keep those!

4. What would I do differently

Though the way Zach and I split the work worked very well for us, I didn’t see much of what he was doing. This means I didn’t get any better at back end development, which is a skill I should develop. If I always sign up to do the things I like, and avoid doing the things I don’t like, I will never get better at those things, and lose the opportunity to learn to like them. I would have forced myself to do more in the backend.

5. Changes to Mobile Dev

Post screen for free food events now more closely matches the color scheme of the app

Made all screens scalable

App now scrapes data from Finding Free Food at Tufts Facebook page (https://www.facebook.com/groups/884846861623513/)

Added in time and date parsing for Facebook group data to conform to app standards. Dates are shown in “Month Day” format, and times are shown in 12 hour clock format. Food from Facebook posts appears as each food item mentioned in the post separated by a comma and a space

This has been a turbulent semester for many people around the world. Election-induced uncertainty, geopolitical instability, and a continuously-threatened natural environment. Yet, I still managed to enjoy and get a lot out of developing this app. Mobile Development (COMP 150) 

What did you earn technically?

As the backend lead for this project, I learned a lot about Node.js and the extensive libraries available for it. I really enjoyed exploring security measures such as rate limiting, authentication, and session management. Modules like Helmet and ratelimiter simplify a lot of these tasks and allow developers to configure specific security settings to best suit their needs. I also found cron scheduling really interesting. I’m sure my experience with cron will be very useful for future projects. Most of my programming experience has the past has created actions that are instantaneous or event-triggered. However, many tasks require time-based scheduling, especially for server-side functionality.

While I would have liked more experience on the client-side, I still feel like I gained a working knowledge of Android Studio. I was particularly involved in testing the app using services like Lint and Crashlytics. I also really enjoyed writing up a user-test plan for my app. User-centered design is a significant part of engineering psychology, which I’m majoring in at Tufts. It was a great experience being able to see the intersection of two of my academic interests in a single project.

What did you learn professionally?

The speakers all reinforced the importance of professional networks. Most of them had found their jobs or other opportunities through networking. Also, I explored Chrysanthi Chaleva’s website and found that she’s an organizer for a group called PyLadies Boston. This is a professional group that brings women who currently or are learning to code in Python together. Networking is often perceived as working relentlessly to connect yourself with those more qualified or of a higher position that yourself. However, just as important is working to empower those who need it. You never know who will end up where and great achievements like empowering people often get recognized.

What do you wish I could have done differently?

I was extremely satisfied with the course and can’t think of much that could have been done differently. I learned a lot about a wide range of topics and got a feel for the app development process as a whole. The guest speakers were especially interesting. I learned a lot from all of them.

If you were to do this all over again, what would you do differently?

If I were to do the project all over again I would try to get more involved with the front-end side of things. Kate and I had a great working relationship. We balanced our responsibilities very well in order to deliver a working app. However, I would have liked to get more experience in Android Studio. Also, it would have been cool to experiment with spoken inputs for various text fields.

If you could make one change to this Mobile Development course, what would it be and why?

Week 11 was Thanksgiving break, and both creators of JumboEats were busy eating turkey.

Kate

This past week I have been working on updating the listview on the main screen. As it is now, all posts are shown together, even posts that are over a month old. Ideally, we would like some separation, with the upcoming or current events of that day at the top (this will probably only be one at the most at any given time). The past events will still be shown, however they will be in a separate list, so the user knows they can be ignored. Having two list adapters on one page is proving tricky however, and we need to evaluate what it is we really want it to look like. Do we want separate scrolling lists? Or one big list with a text break in the middle to indicate where the past events begin?

I also updated the icon of our app (so it is no longer the lovable little green android man when downloaded).

As we come down to the end of the semester, we are coming to terms with the fact that natural language processing is HARD. Therefore, we might change our approach, and have Facebook posts shown in their full text as a list item, alongside user inputted items. More to come on that.

Zach

This was an interesting week on the back end side of things. Spoonacular, one of our main data providers, sent out an email regarding new API endpoints. They now have an endpoint that returns a list of words present in a string of text. This fits our needs perfectly. While it's a little disappointing to scrap a substantial amount of code, this will make parsing Facebook posts for food much simpler. 

Now that our app is on the Android Store we want people to actually use it. Up to this point we have relied on word of mouth. We have been telling our friends about our app and what it is capable of doing. Our next step is to post on the free food Facebook pages about our apps since everyone belonging to these groups is clearly interested in finding free food at Tufts. After this, we could write posts advertising our app in the various Tufts computer science and entrepreneurism Facebook pages.

I have been asking friends to give me their impressions on the app, but to get a larger pool of opinions we could prompt users to rate the app. Chrysanthi Chaleva’s talk in class taught me a lot about best practices for getting users to rate an app. I’m thinking that we have a prompt that comes up a week after downloading the app. The language obviously should be very courteous and easy to dismiss. We think our app stands out in its simplicity. However, our review prompt could be phrased to encourage users to provide ideas for new features they would enjoy.

This week we updated the app in the app store. This update was necessary because the layout was not responsive to certain phone sizes. Now the layout is more universal to all screen sizes, although it still doesn’t look that great on some of the smaller android phones. The update also included a better UI for posting food. 

Now that we have a stable version of our app up on the store, our next focus will be on integrating the Facebook data scraping we have been playing around with on the backend, and testing in javascript. We also have some decisions left to make about what format to present information like date and time in on the main screen of the app, and what events we want to show (ones that have already passed, or only ones in the future...?)

We are also excited to test out everyone else’s apps!

Accomplished:

App updated on google play store with better responsive layout and UI

Next Steps:

Finalizing and integrating Facebook group data scraping

Kate

This week we uploaded our app to the google play store. It is an MVP, but still needs a lot of fixes, as well as the Facebook data integration. 

We are working on getting the layout of the app to be responsive on all devices, as well as the post screen to be more intuitive for users (some of our users who tested it were a bit confused on that screen). We will also need to test our app on an android device. Neither of us own one, so it has been hard to get one for testing, but we are working on it. 

We are also continuing to work on test parsing the data from Facebook, and will soon be integrating that into our node server.

What was accomplished:

App is on the play store!

Next Steps:

Responsive layout

Better post screen

More data parsing

Zach

This week I started to implement the language parsing script into the server. This is relatively straightforward, yet still presents a few challenges. First, I used jQuery to implement HTTP requests in the scripts. To make these requests work on the server I am hesitant to use jQuery since using this framework on node seems more geared towards sending web content than accessing APIs. I am using the request npm module. It’s supposed to be the simplest available HTTP module and I’ve found it quite intuitive. Next, I need to figure out exactly how the server will store the parsed posts. When writing the original scripts I just put all of the stored words in a list. Adding them to our database. 

 This coming week I want to figure out how to manage dates so we can start effectively filtering out food events that have already occurred.

I also designed the logo for our app!

Kate

This week I took a break from Android Studio and moved over to Javascript to dive into the natural language parsing from the Facebook posts. We have been using Javascript to test our parsing strategies before we move them over to our server code. I started looking at how to parse times mentioned in the post, and read up on RegEx in Javascript. It was fairly straightforward to catch most normal time expressions such as 5:30 or 4pm or noon. However there may be some phrases that we are missing, like “during the Tufts Friday on a Tuesday”. These kinds of phrases would be nearly impossible to capture.

I will look into date parsing next. I found a Javascript library called Sugar that seems to do exactly what we want, so we will probably just feed the posts through that to get out the date information.

https://sugarjs.com/

At this point, we have been focusing on parsing the plain text of the Facebook posts, however we also would like to look into extracting the data from the events posted on the page. The Facebook graph API has an easy way to do this for events created by the group itself, however we need to look into how to do this for events that are just posted in the group. More to come on that.

What was accomplished:

Time parsing of fb post

Little progress on fb event extraction

Next steps:

Integrating Sugar library for date parsing

Responsive layout for the UI

Event scraping from fb posts

Zach

This week we gave a tech talk in class about natural language processing and how we are identifying what words are foods, locations, and times. The class seemed impressed and daunted by the idea of meticulously looking through string example and hoping it would work. I did not think we were taking on such a herculean task until a room full of CS majors couldn’t think of a better way to do the language parsing.

I also performed a static analysis for security on the server. I used the article Node.js Security Checklist by Gergely Nemeth to help identify vulnerabilities of my server. I implemented recommended security modules such as Helmet and ratelimiter to help protect these weak points.

In terms of updates to the app, I started integrating the JavaScript modules I’ve been writing into the server. I added the Facebook Graph API implementation to the server so it can now check the free food Facebook pages for updates. This is working quite well and the server stores new posts in a separate mongoDB collection. Once we have the language parsing scripts implemented our backend will be close to completion.

To test the JumboEats app we used two automated testing tools: Lint and Crashlytics. These tools allowed us to identify and correct issues, inconsistencies, and deprecated methods used in our front-end. We also conducted usability to gauge impressions of our app from a user’s perspective. To evaluate the security of our backend server and database we found a checklist on an engineering blog. This checklist laid out best practices and tools to promote security for users and our own systems.

1. Lint

We started out with a lot of errors and went through them one at a time. Most of them could be solved easily (ie: unused import statements), some of them required a little bit of code restructuring (ie: layout redundancies), and some of them had to be suppressed for our code to function the way we wanted. The linting tool for android has a little bit more involved than a linter for javascript, and less intuitive, but still helpful to make sure we are following good coding practices.

2. Crashlytics

We installed Fabric in Android Studio and walked through their “crash button” tutorial where we forced our app to crash and then looked at the output on our Fabric Dashboard. We then added in Crashlytics log statements to all of our catch statements in our Get and Post requests. This testing software was helpful when we found a bug in our app right after installing Crashlytics. While trying to solve the bug, things we did to try to fix it kept crashing the app. Our Fabric Dashboard told us what line our app had crashed on and why it had crashed. Thanks Crashlytics!

3. Usability Testing

We walked through the app with three testers (A, B and C):

1. First we asked a series of preliminary questions about their app usage and comfort level with the android OS:

A used 9 apps a day and did not have an android phone

B used 5 apps a day and did not have an android phone

C used 15 apps a day and did have an android phone

All three had push notifications enabled on their phones for certain apps

None of the three used food related apps

2. Then they opened the app on the emulator and we asked what their eye was drawn to first and second:

A saw a food item first, and the add button in the corner second

B saw a food item first, and then another food item below it

C saw a time, and then another time below it

3. We then asked them to find which field held the food type in each entry:

All three quickly identified the correct field.

4. We then pointed to the field that contained the group/organization sponsoring the event and asked them to identify the piece of information being conveyed:

They took a little time to scroll and look at different entries before each answering correctly.

5. We asked the same question about the location field:

All three answered correctly.

6. We then asked them to pretend they had a free food event they wanted others to know about, and post it:

All three correctly went to the add button in the corner.

A completed the task with no difficulty.

B did not know that the add form was scrollable, so couldn’t add more information or click the post button, until we told her.

C had the same problem as B, but figured it out within a reasonable amount of time.

7. The next step was to add a free food event happening at that moment. We wanted to make sure it was obvious that the date and time fields did not have to be edited if the event was current.

All three participants understood this when posting their event.

8. The last question asked if the users had any suggestions:

A said the font on the main screen was too small

B said there should be pictures of the food

C said the add button in the corner looked bad, and that the scrolling capabilities of the main screen aren’t obvious

Conclusion from usability testing:

Information location and how to post a free food event seems to be straightforward, however, the post screen needs definite work to be more user friendly (we especially need to work on making the scrolling capabilities of the post screen more obvious). 

4. Server Checklist

To review our Node.js server’s security we followed a series of guidelines laid out in the article Node.js Security Checklist written by Gergely Nemeth (https://blog.risingstack.com/node-js-security-checklist/). The guidelines are extensive and while not all of them are relevant to our server and application, they provide a solid framework for identifying potential vulnerabilities. We updated our server to include the most practical and effective security measures described in the RisingStack article.

Security HTTP Headers - To handle security HTTP headers I used the Helmet npm module. This automatically sets several HTTP headers to hide information from suspicious sources trying to access the server. Examples include automatically setting the user to HTTPS and concealing the server’s MIME type. Users can select various security options using Helmet, though I stuck with the default settings.

Sensitive Data on the Client Side - The best way to mitigate exposing sensitive client data is by regularly reviewing code to ensure this data is hidden or encrypted. We accomplish this by only using hard-coded API keys on the server and not in the application itself.

Authentication/Brute Force Protection - The author prescribes the use of rate limiting to protect against brute force attacks. I implemented rate limiting using the express-rate-limit npm module. This is a basic system that allows for limiting the rate uniformly on all server paths or with different rules for each path.

Data Validation - Our server uses a series of conditional statements ensuring the proper type and length of inputted data to defend against reflected cross site scripting and stored cross site scripting. We do not have to worry so much about users receiving executable JavaScript code since their application is running on Android and not a web browser; however, our server can still be taken advantage of by such attacks. Also, protecting users is arguably a developer’s greatest responsibility even if the risk of danger is low. Our server will also remove food events that are in the past so any item in the database for more than a few days will become suspect. A multipronged approach is most effective for ensuring data is valid. Data filtering also helps prevent database and command injections.

Kate:

I took this week to start focusing on the UI. I used the newer wireframe we had as a model, and worked with the list_item_view to make the main screen look a little more like it is supposed to. I also added the functionality to the datePicker and timePicker for the post activity screen. I am still not happy with how that screen looks, however - it will take more work. But the functionality of the UI is all in place now : all necessary actions for using the app can be executed.

I am having trouble with making the layout responsive to different screen sizes, and will have to look into that more. I also am slowly relearning my Comp 15 data structures knowledge of how classes and public and private data work (I’ve been working with javascript too long!)

What was accomplished:

UI in its 1st stage

List populates from newest to oldest

List re-populates automatically when returning from post activity

Can post all elements of an event to the server

Next steps:

Make the UI better overall, especially the post event activity

Test on an actual android phone

Zach:

Now that we are able to pull Facebook posts through our server we need to be able to extract and categorize the relevant information. I do this by first sending post string to the Zomato API, which searches the post for restaurants near Tufts. This is so we can identify food from a particular restaurant. If someone posts that their organization is providing food from Danish Pastry House or Pizza Days we can catch this. After searching for restaurants, we break the string into a list containing each word. We then search the list for composite food terms like “ice cream,” “ice cream sandwiches,” or “hot dogs.” This is because the spoonacular API we use to identify individual food items only accepts single strings and an organization serving ice and cream is very different than an organization serving ice cream. 

 As of now these methods are in an independent JavaScript test script. However, once it is as effective as we want it to be it will be easy to port it over to our Node.js server by installing the jQuery node library via npm. 

Kate

I’m working on putting functionality into the pop up form where users can submit free food events and have that post to the server and show up on the main screen. This weekend I will be working on more of that. The presentation on Volley was really interesting and I might try to look into that a little more and check out the pros and cons of using it for our app.

Zach

This week I implemented cron scheduling using the npm cron library. This allows me to call the Facebook API at regular intervals. For testing, I have been calling the API every two minutes to get results in a reasonable amount of time. For our actual implementation we plan on calling the Facebook Graph API somewhere between every five and every twenty minutes. This will allow us keep the database updated without putting any excessive strains on our Heroku or Facebook Graph API privileges. Our implementation is shown below. As I began to understand the cron timing syntax more it suddenly became very intuitive. I want to experiment more with scheduling on future products. I believe this could be a very powerful feature when combined with push notifications.

In addition to the cron scheduling, I started looking into ways of identifying food items from a list. This will allow us to identify which foods are in each Facebook post. I have been browsing the internet to find APIs or other web tools that would do this for me. I am currently in communication with Crystal Schlegelmilch from spoonacular about using their API to identify foods. Spoonacular.com is a website that allows users to manage different recipes and and meals for easy reference. I sent Crystal a description of our app and what we want to use her API for. She seemed really nice and hopefully we can nurture a positive relationship with her if she lets us integrate her API. I am also compiling a list of foods that would likely show up in a free food at Tufts post so we could handle food identification on our own. Having the spoonacular API would be helpful and allow our app to be more flexible, but our own list is already pretty comprehensive.

Kate:

This week I worked on capturing user input and posting it to the server. I also made a wireframe mockup of the main screen of our app to work off of as we start to implement the UI. This weekend I will hopefully have it so users can post data to the server that shows up on the app. After that, the next step will be fleshing out the UI.

Zach:

This week I figured out how to use the Facebook Graph API. The key is to use the Graph API Explorer tool to generate a short-term, two-hour access token. Once you have that access token, you can make a GET request to the API using your app ID, app secret (a password-like app identifier), and the short-term access token to generate a long term access token that doesn’t expire. Facebook’s documentation and various forums are a bit confusing and often conflicting since Facebook changes the access system with most updates. The API is on version 2.8. Some resources indicated that the second access token received only lasts 60 days and needs to be used to generate ANOTHER access token that doesn’t expire. However, when I checked the Access Token Tool it said my second access token never expires. 

 Once I validated my access token I found it very easy to pull the Finding Free Food at Tufts group feed into my scripts. Using Node.js has made it very easy to move my code from a test script to the server. All I had to do was install the “fb” (Facebook Graph API) library via npm, require it in the server file, and list it in my package.json dependencies. 

 We are still working out the details of the server architecture. We need to figure out a way to parse each post to identify relevant information (food, location, time, date, etc.) before we can actually use the data. For now, I created a new path that simply gets and prints all of the posts from the group. This coming week I want to determine the best way to parse and store each post. I also want to use the “cron” library to make calls to the Facebook Graph API at a timed interval. This will ensure that our database and app always have the most up to date free food events. I need to do research to figure out the best rate to make calls. Factors I will need to consider include Heroku limits and potential Facebook Graph API limits.

Kate

This week I delved into getting the JSON data from the server. Our app now updates a list view from with the data. I learned a lot about how AsyncTask works. At first I was struggling with how to return something from my class that extended AsynTask to the MainActivity, but after reading enough stack overflow posts, I finally realized that whatever is returned in doInBackground actually goes to onPostExecute. Once I figured this out, printing the data to the screen was easy. I then started researching how to create a list view that can be dynamically updating from JSON data pulled from an API. I found a very good tutorial (that also helped me with the previous step, pulling the JSON data) here: https://www.learn2crack.com/2013/11/listview-from-json-example.html

The next steps will be making the UI look like our wireframes, implementing the HTTP Post protocol so users can add their own free food events from the add page, and parsing from the Facebook API into the server.

Zach

The server is officially up and running via Heroku. Now that we have figured out how to make asynchronous requests from the app, we are able to get data from the server. We are still working on posting data to the server from our app.

I started working with the Facebook Graph API this week. I registered my Facebook account as a developer account and created an app called JumboEats. Facebook has a tool called Graph API Explorer that allows developers to try out different requests and see what data they return. This has been really helpful in learning how to use the API. I’m having some trouble figuring out how to access all of the groups that a user (i.e., me) is a member of. The YouTube videos “Getting Started with the Graph API” from the Facebook Developers account (https://www.youtube.com/watch?v=WteK95AppF4) and ”RESTful Web API Design with Node.js: Facebook Graph API | packtpub.com" from Packt Video (https://www.youtube.com/watch?v=_F9cLrI_thg) have been really helpful. They breakdown the API’s overall structure and give examples of how to use it.

Kate:

I continued working with Android Studio to create a pop up window for user input. I learned how to create a new class/activity and link it to a button click, as well as more formatting elements in the layout files. I am slowly understanding more about how the files in android studio connect together and create one continuous app. The next things I want to focus on are 1. using data from the populated user input form to update the events in the main activity screen and 2. getting and parsing JSON data from Zach’s sever.

It seems to me there are 3 steps to this second process. First, a JSON object class needs to be created, which makes an HTTP GET request from the url and returns it as a JSON object. Then a JSON parser class uses this object to extract the meaningful data we need (i.e.: event name, food, time, place, etc…). Finally, these pieces of data need to be placed in a ListView that the main activity layout presents to the user. I have found some good walk through tutorials for the first part (ex: https://www.learn2crack.com/2013/10/android-json-parsing-url-example.html ) however, I’m still shaky on how the parsed JSON data gets passed through an adapter to the list view. Also, I know this all has to happen as an AsyncTask so the user experience is not interrupted but I’m not sure how that comes into play.

Side note: I spent half an hour trying to figure out why the app wasn't building because I thought a comma in a tutorial I was following was a period.

Zach:

Kate:

This week I worked on laying out the static main screen, and learning how to work with Android Studio and it’s built in files a little more. I have never worked with Java before, so this was a bit of a struggle. I played out the views on the main screen with colors and sample text, so we now have a good idea of what the app will look like. I also tried to play around with the ListView, but it was causing problems so I stuck with Linear and Horizontal Layouts. In the future, ListView will be something to figure out.

My next step is going to be making the pop up form that the users can fill in with their info about free food events. Then I will connect this to Zach’s server so the database can receive the info and dynamically update the main screen.

Zach:

While Kate was laying out the user interface, I started the back-end side of the app. I am using Node.js for the server and MongoDB for the database. The server will be run on Heroku. I am most familiar with these technologies for creating a web server. Since my research into other server hosting technologies and services (Firebase, Amazon Web Services, etc.) has not found any to be significantly more convenient than the Node.js, MongoDB, Heroku combo it makes the most sense for me to develop using these technologies. It would also make building a web app using the stored food events data easy if we want to build one in conjunction with the Android app.

The server is about 80% complete in its first and most basic iteration. It can add single free food events to the database with relevant information like date, time, location, type of food, etc. It can also return a list of all of the stored food events. Before I push the server to Heroku I want to change the GET / method so that the server only sends free food events from the present day and days to come. Currently, it sends the events from the past, present, and future. This includes a lot of events that have already happened, which is not particularly useful for someone who is hungry.

We at Jumbo Eats [working title] would like to take this opportunity to lay out our rationale for creating this app and lay out some of the key details on how we will do it.

1. The need for the app (the "what")

This app is being built for Tufts students to quickly find free food around the Tufts campus. Going to college is already expensive enough; meal plans and grocery shopping can add up quickly. There are already a few Facebook groups for finding free food, but our app would streamline the posts into an all-inclusive, readable feed.

2. The stakeholders and customers of the apps (the "who")

This app will serve the entire Tufts community. Whether it’s broke students or professors looking for a quick bite to eat before their commute home, everyone stands to benefit from more access to free food. The app could also incentivize more events featuring free food as the platform matures and becomes more widely accepted. The Tufts administration itself may seek to use the app to attract more members of the Tufts community to events.

3. Important views

Main view, what appears when the user opens the app.

Add event view, when the user taps the plus sign in the top right corner this input form appears.

4. Basic architecture

The user-facing side of the application will get information from our database via a server. This relationship will work inversely as well, since users can input new events. This will be sent to our database for storage so other users can see the event. Additionally, the server will get data from the free food finding Facebook groups Tufts students already belong to. This will give our app the most comprehensive list of free food events.

5. Core functionality of the app

The core function of the app will be to display a list of free food events at Tufts. The app will display only the most basic information (time, location, and type of food), with options for more advanced information like event name. Users can enable push notifications so they are automatically made aware of any new event. Users can also add new events that will be stored in a database and set out to all other users.

6. Reach goals

Given enough time and depending on the efficiency of development, Jumbo Eats [working title] will map out locations of free food and tell users how close they are to events. It could also have a review systems of free food events to ensure posts are legitimate. It could also provide additional info about organizations providing the food.

7. Mobile device features

At its most basic level, the application will use push notifications and web connectivity. If we implement the event mapping and proximity feature, the application will use the user’s device’s GPS capabilities. 

8. Potential limitations

Using the Facebook API could be more difficult than we are expecting. The openness of the various Facebook groups may also pose a problem. The Facebook API only allows applications to pull from groups in which the user is a member. Without a Facebook-linked user account that is a member of these groups, our app might not be able to pull the data. It may also be difficult to extract location and time data from text posts pulled from Facebook. 

9. Briefly describe how your team plans to market or advertise the app.