Upgrade to Pro — share decks privately, control downloads, hide ads and more …

KhunThong From Zero To One

KhunThong From Zero To One

LINE Developers Thailand

September 13, 2020
Tweet

More Decks by LINE Developers Thailand

Other Decks in Technology

Transcript

  1. KhunThong From Zero to One ex-Delivery Manager & ex-Advanced Innovation

    Engineer, KBTG Chayakorn Pamonratthanakul Worakrit Louwitawas Advanced Innovation Product Manger, KBTG Kannapon Pakdeewattanakul Advanced Innovation Engineer, KBTG
  2. Alpha Phase Beta Phase Public Launch Now 3.5K 34K 380K

    1K KHUNTHONG USERS #Number of Members in All Groups
  3. AGENDA • Why LINE APIs? • Architecture Design • OCR

    Technique • Security Practices • KhunThong 2.0
  4. LINE API REFERENCE - Token Verify - Push/Reply Message -

    Get Group Members - Get Member Profile - Get Image - Leave Group - LINE Login - Open/Close Window - Get AccessToken - Send Message - Get OS - Get Context - Share TargetPicker(#Covid19) #LINE FrontEnd Framework (LIFF V2) and LINE Login #LINE Messaging API
  5. KHUNTHONG TECHSTACK LINE API PROGRAMING LANGUAGE CLOUD & SERVICES DEPLOYMENT

    ANALYTICS SUPPORT SERVICES • ReactJS + LIFFv2 • OATH2.0 • Encrypt + Decrypt Request And Response WEB • GIN Gonic framework • ECHO Labstack framework • CI/CD deployment • OCR Formatter engine. APP • NO-SQL Database Structure • Encrypt/Decrypt DB DATABASE Bot and OCR Engine
  6. DB Replicas EC2 Medium MQM EC2 Large OCR/Formatter AWS EKS

    Cluster SYSTEM ARCHITECTURE K8S Pods Bot LINE Application K8S Pods Web K8S Pods OCR K8S Pods api-service Cloudfront ELB VPC Network KBank OpenAPI
  7. OCR X CUSTOMIZED FORMATTER 2. Run in the OCR Engine

    3. Return Array of Items and Prices 1. Get Message ID (Image) Google Vision S3 Image Extract the data Template Matcher
  8. 2. Encryption / Decryption 3. Local Storage in Device SECURITY

    PRACTICES IN LIFF 1. LINE Login and OAuth2.0
  9. SECURITY PRACTICES IN LIFF var token string if strings.HasPrefix(c.Request.Header.Get("Authorization"), "Bearer")

    { //Handle Permission Denied return } //Send Request to Validate token With LINE OATH2.0 LINE Login and OAuth
  10. KHUNTHONG ENCRYPT/DECRYPT DIAGRAM Start Session - Verify Token by OAUTH2

    - Generate Dynamic ShareKey and Salt - Verify Token by OAUTH2 - Validate HMAC - AES Decrypt request data - AES Encrypt (ShareKey + request data) - HMAC(AES + SALT) - Send Request
  11. SECURITY PRACTICES IN LIFF Encryption / Decryption //update every time

    when open LIFF bodyEncryptString := string(req.Data) decodedMsgWithHmac, err := base64.StdEncoding.DecodeString(bodyEncryptString) //Handle error hMacCli := decodedMsgWithHmac[:BlockSizeHmac] decodedMsg := decodedMsgWithHmac[BlockSizeHmac:] statusHMac := ValidMAC(decodedMsg, hMacCli, []byte(salt)) //Validate HMAC iv := decodedMsg[:NONCESIZE] msg := decodedMsg[NONCESIZE:] //decrypt Body bodyDecryptString, err := DecryptAES([]byte(key), msg, iv)
  12. SECURITY PRACTICES IN LINE Local Storage in Device LINE Device#1

    With Authenticated Local Key Storage Validate pass LINE Device#2 (New) Without Authenticated Local Key Storage *Require New Authentication with K PLUS