Hack by the Beach in Jakarta

Posted on

On the past weekend, we participated in the BCA Finhacks 2016 Hackathon. It was a hackathon event at the Segarra in Jakarta Ancol beach.
There atmosphere was very very hot and humid at the day time, but they prepared for a free flow food and drinks for every participants.

Anyway.. we were creating an App called AngpaO. It’s basically an app similar to eventbrite, but 2 extra main feature which is “live streaming” of the event and a “donation” feature using BCA E-Wallet integration. If you would like to know more about the app we have our presentation slide deck uploaded here.

Our team were called “Opcode” and consisted by 3 people:
Ihsan Fauzi Rahman (Cermati.com)
Firman Gautama (ADSKOM)
Supardi (Lippo X)

What our team have done in 24 hours time frame.

1. Reverse Engineered the PHP BCA Finhacks SDK.
– Extract bca (composer phar) file into raw php.
– Implement code hook to cache ‘access_token’ from Oauth2 class from bca sdk.
— Why? Because on the briefing yesterday morning (the 1st day), we only have limit to 5 access_token request/min, and the bca sdk didn’t cache it. We were worry that during the development we could be throttled.

2. Created PHP http Wrapper for BCA API.
– Our main apps is written in NodeJS, at the present time, bca only provide sdk for php and java, so that’s why we created an internal http wrapper for our NodeJS apps.
– We implemented these following bca api on our php http wrapper:
— User Registration
— User Update
— Topup
— Payment
— History Transaction

3. Created NodeJS Frontend + API for our Web and Android App.

– We implemented these following features:
— login & register for web (+integrated with facebook account)
— user profile update
— implemented feature to create new AngpaO event.
— implemented feature to list events for other users/guest.
— implemented feature of “donation” history for event owner.
– for this, we didn’t just use bca api, because the bca api have limitation up to the last 10 transaction only. So we re-implement our own transaction history.

4. Created Android Apps (Native)

– We created a smartphone as AngpaO wallet in mind. (So every transaction should only happen via a smartphone)
– We implemented these following features:
— login & register feature from android that integrated with Facebook account
— Implemented Angpao feed events list
— Implemented Angpao event view with video live stream
— Implemented Top-up feature.
— Implemented Donate feature.
— Implemented QR code read for AngpaO event.
— Import user profile from facebook.

5. Created live streaming video+audio for our AngpaO event.
– backend: Using Wowza with RTMP & HLS protocol.
– frontend: Using jwplayer to play on the browser (we also embed this on our android apps)
– broadcaster : Using Open Broadcaster Studio and the webcam as video and audio source (for demo)


BONUS Thoughts 😀

1. The first version of BCA PHP SDK was broken. (On 18th April 2016 they gave everyone the SDK to download and test)
– How it broke? After we “reverse engineered the sdk” we found out that there are no getter for OAuth2Client dan JsonParser in their sdk main class loader.
(This was fixed at 23 April 2016 by BCA) (but to be prepared, we also have fixed the sdk our self, but at the 1st day of hackathon they told us if there is a new version of the sdk).
2. BCA API untuk fungsi payment-nya sempat error?
– format tanggal dibilang salah, padahal udah pake seperti yg di contoh: https://finhacks.id/api/?php#payment. (Fixed?)
–> Seems (some) of bca api server/endpoint have different timezone (GMT+5 instead of GMT+7) (how do we know this? we looked at the transaction date from bca server response)
–> We use a work around:
– Untuk payment, make sure ‘request date’ yg dikirimkan ke server < dari current datetime di server api bca, or else bakal dianggap invalid request.
– Jadinya kita sengaja mengirimkan waktu ‘request date’ yg beberapa waktu lebih lambat untuk menghindari race condition yang menyebabkan gagal nya request ‘payment’.
3. Access point wifi nya overloaded. Karena mungkin banyak-nya device peserta yang connect ke sana. Jadinya koneksi internet nya kurang stabil.
4. The bca api sandbox suddenly disappear like 12 hours before the event start 😦
5. Not every team treated equally. 
I don’t want to point out who is who, but you can ask many other people/team that participated in the event to confirm  🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s