Upgrade to Pro — share decks privately, control downloads, hide ads and more …

KhunThong From Zero To One

KhunThong From Zero To One


LINE Developers Thailand

September 13, 2020


  1. KhunThong From Zero to One ex-Delivery Manager & ex-Advanced Innovation

    Engineer, KBTG Chayakorn Pamonratthanakul Worakrit Louwitawas Advanced Innovation Product Manger, KBTG Kannapon Pakdeewattanakul Advanced Innovation Engineer, KBTG
  2. From Zero to One KHUNTHONG DEVELOPMENT by

  3. The social chatbot that helps friends settle expenses in a

  4. From Garage to Production KHUNTHONG

  5. Our First Version!

  6. POC Within 2 Weeks and Zero Budget

  7. Actualize with Customers

  8. Alpha Phase Beta Phase Public Launch Now 3.5K 34K 380K

    1K KHUNTHONG USERS #Number of Members in All Groups
  9. KHUNTHONG STATS 4M Messages Monthly 190k Added Friends 70k Groups

  10. AGENDA • Why LINE APIs? • Architecture Design • OCR

    Technique • Security Practices • KhunThong 2.0
  11. LINE LOGIN 3 GREAT THINGS Enhanced by LINE APIs Instant

    Onboard Zero-Baht Initial Cost
  12. REQUESTER: Create Bill Reading Receipt (OCR) Daily Auto-Reminder Create Scheduled

  13. KHUNTHONG FEATURES PAYER: E-Slip Verified with QR Link Acc. with

  14. #Medal Campaign Center KHUNTHONG FEATURES

  15. #Covid19 Donate with Share Target Picker KHUNTHONG FEATURES

  16. LINE API REFERENCE - Token Verify - Push/Reply Message -

    Get Group Members - Get Member Profile - Get Image - Leave Group - LINE Login - Open/Close Window - Get AccessToken - Send Message - Get OS - Get Context - Share TargetPicker(#Covid19) #LINE FrontEnd Framework (LIFF V2) and LINE Login #LINE Messaging API

    ANALYTICS SUPPORT SERVICES • ReactJS + LIFFv2 • OATH2.0 • Encrypt + Decrypt Request And Response WEB • GIN Gonic framework • ECHO Labstack framework • CI/CD deployment • OCR Formatter engine. APP • NO-SQL Database Structure • Encrypt/Decrypt DB DATABASE Bot and OCR Engine
  18. DB Replicas EC2 Medium MQM EC2 Large OCR/Formatter AWS EKS

    Cluster SYSTEM ARCHITECTURE K8S Pods Bot LINE Application K8S Pods Web K8S Pods OCR K8S Pods api-service Cloudfront ELB VPC Network KBank OpenAPI
  19. OCR Technique KHUNTHONG

  20. OCR Working with Customized Formatter

  21. OCR Working with Customized Formatter

  22. OCR Working with Customized Formatter

  23. OCR X CUSTOMIZED FORMATTER 2. Run in the OCR Engine

    3. Return Array of Items and Prices 1. Get Message ID (Image) Google Vision S3 Image Extract the data Template Matcher
  24. Security Practices in LIFF KHUNTHONG

  25. 2. Encryption / Decryption 3. Local Storage in Device SECURITY

    PRACTICES IN LIFF 1. LINE Login and OAuth2.0
  26. SECURITY PRACTICES IN LIFF var token string if strings.HasPrefix(c.Request.Header.Get("Authorization"), "Bearer")

    { //Handle Permission Denied return } //Send Request to Validate token With LINE OATH2.0 LINE Login and OAuth
  27. KHUNTHONG ENCRYPT/DECRYPT DIAGRAM Start Session - Verify Token by OAUTH2

    - Generate Dynamic ShareKey and Salt - Verify Token by OAUTH2 - Validate HMAC - AES Decrypt request data - AES Encrypt (ShareKey + request data) - HMAC(AES + SALT) - Send Request
  28. SECURITY PRACTICES IN LIFF Encryption / Decryption //update every time

    when open LIFF bodyEncryptString := string(req.Data) decodedMsgWithHmac, err := base64.StdEncoding.DecodeString(bodyEncryptString) //Handle error hMacCli := decodedMsgWithHmac[:BlockSizeHmac] decodedMsg := decodedMsgWithHmac[BlockSizeHmac:] statusHMac := ValidMAC(decodedMsg, hMacCli, []byte(salt)) //Validate HMAC iv := decodedMsg[:NONCESIZE] msg := decodedMsg[NONCESIZE:] //decrypt Body bodyDecryptString, err := DecryptAES([]byte(key), msg, iv)
  29. SECURITY PRACTICES IN LINE Local Storage in Device LINE Device#1

    With Authenticated Local Key Storage Validate pass LINE Device#2 (New) Without Authenticated Local Key Storage *Require New Authentication with K PLUS
  30. Scheduled Bill Multiple Bill Trip Mode Let’s Split the Bill!

    LINE OA: @Khunthong