Fundmate SRS - HackMD

Software Requirements Specification (SRS) **Course:** CSE 3411 -- SAD Lab **Project Title:** FundMate - Collaborative Payment Platform **Team Members:** - Noboni Ahasan (011221305) - Abdul Taha Mahmud (011221311) - Umme Qulsum Afifa (011221582) - Baijid Salah Monmoy (011221596) **Team Name:** Vino Rosso **Submission Date:** September 20, 2025 --- ## Table of Contents 1. [Introduction](#1-introduction) - 1.1 Purpose - 1.2 Intended Audience - 1.3 Scope of the System - 1.4 Definitions, Acronyms, and Abbreviations - 1.5 References 2. [System Overview](#2-system-overview) - 2.1 Product Perspective - 2.2 Product Functions - 2.3 User Classes and Characteristics - 2.4 Operating Environment - 2.5 Design and Implementation Constraints - 2.6 Assumptions and Dependencies - 2.7 SDLC Approach 3. [Requirements Elicitation & Analysis](#3-requirements-elicitation--analysis) - 3.1 Benchmark Analysis - 3.2 Requirements Analysis - 3.3 Gap Analysis - 3.4 Feature List Fixation 4. [Functional Requirements](#4-functional-requirements) - 4.1 User Management System - 4.2 Workspace Management System - 4.3 Expense Management System - 4.4 Payment Processing System - 4.5 Collaboration System - 4.6 Analytics and Reporting System - 4.7 API and Integration System 5. [External & Non-Functional Requirements](#5-external--non-functional-requirements) - 5.1 User Interfaces - 5.2 Software Interfaces - 5.3 Performance Requirements - 5.4 Security Requirements - 5.5 Maintainability 6. [Feasibility & Project Management Analysis](#6-feasibility--project-management-analysis) - 6.1 Feasibility Analysis - 6.2 SWOT Analysis 7. [System Design (Diagrams)](#7-system-design-diagrams) - 7.1 Context Diagram - 7.2 Data Flow Diagram (Level 0) - 7.3 Data Flow Diagram (Level 1) - 7.4 Use Case Diagram - 7.5 Activity Diagram - 7.6 State Diagram - 7.7 Sequence Diagram - 7.8 Entity Relationship Diagram 8. [Prototype Design](#8-prototype-design) - 8.1 Web Prototypes - 8.2 Mobile Prototypes - 8.3 UI Design Principles 9. [Conclusion](#9-conclusion) 10. [References](#10-references) 11. [Appendices](#11-appendices) - Appendix A: Glossary - Appendix B: System Architecture - Appendix C: Risk Analysis - Appendix D: Testing Strategy --- ## 1. Introduction ### 1.1 Purpose This Software Requirements Specification (SRS) document comprehensively describes the functional and non-functional requirements for FundMate, a Collaborative Payment Platform designed to revolutionize group financial management. The system addresses the growing need for seamless expense sharing, payment tracking, and collaborative financial management among families, teams, roommates, clubs, and small businesses. The primary objectives of FundMate are to: - Eliminate the complexity of manual expense tracking and settlement calculations - Provide real-time visibility into group financial transactions - Enable secure, transparent payment processing with multiple gateway support - Foster financial accountability through comprehensive audit trails - Simplify multi-party financial interactions through intelligent automation ### 1.2 Intended Audience This document serves multiple stakeholders throughout the development lifecycle: **Development Team:** Backend developers implementing Laravel PHP services and API endpoints, frontend developers building React.js/Next.js user interfaces, and database administrators managing PostgreSQL and MongoDB instances. **Project Stakeholders:** Product managers defining feature priorities and business requirements, business analysts translating user needs into technical specifications, and project sponsors overseeing budget and timeline. **Quality Assurance Team:** Testing engineers validating functional requirements, security specialists conducting vulnerability assessments, and performance testers ensuring scalability targets are met. **System Architects:** Technical architects designing system infrastructure, DevOps engineers managing deployment pipelines, and solution architects integrating third-party services. **End Users:** Workspace owners managing collaborative groups, administrators handling member permissions, regular members tracking expenses, and API developers building integrations. ### 1.3 Scope of the System **System Boundaries:** FundMate operates as a web-based collaborative payment platform with clearly defined boundaries. The system manages expense tracking, bill splitting, payment processing, and group financial collaboration within secure workspaces. It integrates with external payment gateways (SSLCommerz), notification services (email, SMS), and OCR services for receipt processing. **Out of Scope:** The system does not provide accounting software functionality, tax calculation services, investment management, cryptocurrency transactions, or standalone mobile native applications (PWA approach instead). **Major System Goals:** 1. **Collaborative Expense Management:** Enable groups to track, split, and manage shared expenses with real-time synchronization across all members 2. **Secure Payment Processing:** Facilitate safe, PCI DSS compliant payment transactions with multiple gateway support and fraud detection 3. **Intelligent Settlement:** Calculate optimal payment paths to minimize transaction counts and simplify debt resolution 4. **Comprehensive Audit Trail:** Maintain detailed activity logs for transparency, dispute resolution, and financial accountability 5. **Scalable Architecture:** Support thousands of concurrent users with 99.9% uptime and sub-2-second response times **Key Features:** - Multi-workspace support with customizable permissions - Flexible expense splitting (equal, custom, percentage-based) - Receipt OCR for automated data extraction - Real-time notifications and activity feeds - Advanced analytics and reporting dashboards - RESTful API for third-party integrations - Mobile-responsive Progressive Web Application ### 1.4 Definitions, Acronyms, and Abbreviations **Key Terms:** - **Workspace:** A shared collaborative environment where users manage group finances, expenses, and payments - **Admin:** User with elevated privileges to manage workspace members, settings, and financial operations - **Shared Wallet:** Linked payment source accessible by authorized workspace members for group payments - **Settlement:** Process of resolving outstanding balances between workspace members through payments - **Split:** Division of an expense amount among multiple participants using defined allocation rules - **OCR (Optical Character Recognition):** Technology extracting structured data from receipt images - **API (Application Programming Interface):** Programmatic interface enabling third-party system integration **Acronyms:** | Acronym | Full Form | |---------|-----------| | **CPP** | Collaborative Payment Platform | | **2FA** | Two-Factor Authentication | | **GDPR** | General Data Protection Regulation | | **PCI DSS** | Payment Card Industry Data Security Standard | | **PWA** | Progressive Web Application | | **REST** | Representational State Transfer | | **JWT** | JSON Web Token | | **RBAC** | Role-Based Access Control | | **SSLCommerz** | Secure Sockets Layer Commerce (Payment Gateway) | ### 1.5 References - IEEE Std 830-1998: IEEE Recommended Practice for Software Requirements Specifications - PCI DSS v3.2.1: Payment Card Industry Data Security Standard - GDPR Compliance Documentation: General Data Protection Regulation Requirements - WCAG 2.1: Web Content Accessibility Guidelines - OWASP Top 10: Web Application Security Risks - Laravel 9.x Documentation: PHP Framework Reference - React 18 Documentation: Frontend Framework Reference - PostgreSQL 13 Documentation: Database Management System - SSLCommerz API Documentation: Payment Gateway Integration Guide --- ## 2. System Overview ### 2.1 Product Perspective FundMate is designed as a standalone, cloud-native web application that seamlessly integrates with external services to provide comprehensive collaborative payment functionality. The system architecture follows a microservices approach with clear separation of concerns. **System Context:** The platform operates within a larger ecosystem of financial and communication services. It receives user inputs through web browsers and mobile PWA clients, processes financial transactions through SSLCommerz payment gateway, sends notifications via email (SMTP) and SMS services, extracts receipt data using OCR APIs, and stores files in AWS S3 cloud storage. **Relationship with Other Products:** - **Payment Gateways:** Integrates with SSLCommerz as primary gateway, with architecture supporting multiple gateway providers for redundancy - **Banking Systems:** Connects to mobile banking services (bKash, Nagad) for direct transfers - **Accounting Software:** Provides API endpoints for integration with QuickBooks, Xero, and local accounting systems - **Communication Platforms:** Interfaces with email providers, SMS gateways, and push notification services - **Cloud Infrastructure:** Deployed on AWS platform leveraging EC2, RDS, S3, CloudFront, and other managed services **System Architecture Components:** - **Frontend Layer:** React.js with TypeScript and Next.js framework, providing server-side rendering and optimal performance - **API Gateway:** NGINX-based load balancer with rate limiting, authentication, and request routing - **Application Layer:** Laravel PHP microservices handling business logic for users, workspaces, expenses, payments, and analytics - **Data Layer:** PostgreSQL for transactional data, MongoDB for audit logs, Redis for session caching - **External Services:** SSLCommerz payments, AWS S3 storage, SendGrid email, Twilio SMS, OCR processing ### 2.2 Product Functions **High-Level Feature Summary:** **1. User Management** - Secure registration and authentication with email/password and optional 2FA - Profile customization with personal information, photos, and preferences - Account security features including password reset, session management, and activity monitoring - Privacy controls for data visibility and communication preferences **2. Workspace Administration** - Unlimited workspace creation with custom names, descriptions, and settings - Role-based member management (Owner, Admin, Member, Viewer) - Invitation system with email-based onboarding - Workspace settings including currency, categories, and notification rules **3. Expense Management** - Quick expense entry with amount, description, category, and date - Receipt upload with automatic OCR data extraction - Flexible splitting methods: equal division, custom amounts, percentage-based - Expense editing and deletion with audit trail maintenance **4. Payment Processing** - Secure payment processing through SSLCommerz gateway - Multiple payment methods: credit/debit cards, mobile banking, digital wallets - Settlement calculation with optimal payment path suggestions - Recurring payment scheduling and automation **5. Collaboration Tools** - Real-time activity feeds showing all workspace actions - Comment threads on expenses and payments with @mentions - Multi-channel notifications: email, SMS, push notifications - File sharing for receipts, invoices, and related documents **6. Analytics and Reporting** - Visual dashboards with spending trends and patterns - Customizable reports by date range, category, and member - Budget tracking with alerts for overspending - Data export in CSV, Excel, and PDF formats **7. API Integration** - RESTful API with comprehensive documentation - OAuth 2.0 authentication for third-party applications - Webhook support for real-time event notifications - SDK availability for popular programming languages ### 2.3 User Classes and Characteristics **Primary User Classes:** **Workspace Owner** - **Characteristics:** Creates workspace, highest authority, manages all aspects - **Technical Expertise:** Basic to intermediate computer skills - **Frequency of Use:** Daily to weekly depending on group activity - **Key Responsibilities:** Workspace creation, ownership transfer, member management, financial oversight - **Privileges:** Full access to all features, deletion rights, settings configuration **Administrator** - **Characteristics:** Designated by owner to manage operations - **Technical Expertise:** Basic computer literacy sufficient - **Frequency of Use:** Daily for active workspaces - **Key Responsibilities:** Member invitation/removal, expense approval, payment verification, dispute resolution - **Privileges:** Most permissions except ownership transfer and workspace deletion **Member** - **Characteristics:** Regular participant in expense sharing - **Technical Expertise:** Minimal technical knowledge required - **Frequency of Use:** Several times per week for active groups - **Key Responsibilities:** Adding expenses, making payments, commenting on transactions - **Privileges:** Add/edit own expenses, view workspace data, participate in payments **Viewer** - **Characteristics:** Read-only participant, often external stakeholders - **Technical Expertise:** Basic browsing capability - **Frequency of Use:** Occasional access for review purposes - **Key Responsibilities:** Monitor expenses and payments, view reports - **Privileges:** Read-only access to workspace information, no modification rights **Secondary User Classes:** **API Developer** - **Characteristics:** Technical users building integrations - **Technical Expertise:** Advanced programming knowledge - **Frequency of Use:** During development and maintenance phases - **Key Responsibilities:** Building third-party integrations, automating workflows - **Privileges:** API access with rate limits, webhook configuration **System Administrator** - **Characteristics:** Platform technical support personnel - **Technical Expertise:** Advanced system administration skills - **Frequency of Use:** Continuous monitoring and maintenance - **Key Responsibilities:** Platform monitoring, performance optimization, security management - **Privileges:** Backend access for system maintenance and troubleshooting ### 2.4 Operating Environment **Hardware Platform:** **Client Requirements:** - **Desktop/Laptop:** Any device with modern web browser, minimum 2GB RAM, 1280x720 resolution recommended - **Mobile Devices:** Smartphones and tablets with minimum 4" screen, 1GB RAM, iOS 12+ or Android 8+ - **Network:** Broadband internet connection (minimum 1 Mbps, 5+ Mbps recommended) - **Input Devices:** Keyboard, mouse/touchpad for desktop; touchscreen for mobile **Server Infrastructure (AWS):** - **Compute:** EC2 instances (t3.medium minimum) with auto-scaling groups - **Database:** RDS PostgreSQL (db.t3.large), DocumentDB for MongoDB compatibility - **Cache:** ElastiCache Redis clusters for session management - **Storage:** S3 buckets for file storage with CloudFront CDN - **Load Balancing:** Application Load Balancers with SSL termination **Software Platform:** **Client Software:** - **Supported Browsers:** Chrome 90+, Firefox 88+, Safari 14+, Edge 90+ - **JavaScript:** ES6+ support required - **Storage:** LocalStorage and SessionStorage for offline capability - **Media:** Camera access for receipt capture on mobile devices **Server Software:** - **Operating System:** Ubuntu 20.04 LTS or Amazon Linux 2 - **Web Server:** NGINX 1.18+ for reverse proxy and load balancing - **Application Server:** PHP 8.1+ with Laravel 9.x framework - **Database:** PostgreSQL 13+ for primary data, MongoDB 5+ for audit logs - **Cache:** Redis 6+ for session and application caching - **Container:** Docker 20+ with Kubernetes orchestration **Third-Party Services:** - **Payment Processing:** SSLCommerz payment gateway API - **Email Delivery:** SendGrid or AWS SES for transactional emails - **SMS Gateway:** Twilio or local SMS providers for notifications - **OCR Service:** Google Cloud Vision API or AWS Textract - **Monitoring:** AWS CloudWatch, New Relic for application performance ### 2.5 Design and Implementation Constraints **Regulatory Constraints:** **Data Protection:** - GDPR compliance mandatory for handling European user data - Right to data portability requiring export functionality - Right to erasure (deletion) with 30-day compliance window - Privacy by design principles throughout architecture **Payment Processing:** - PCI DSS Level 1 compliance for payment card data handling - No storage of full card numbers, CVV, or magnetic stripe data - Tokenization required for recurring payment instruments - Regular security assessments and penetration testing **Financial Regulations:** - Bangladesh Bank payment service provider regulations compliance - Anti-Money Laundering (AML) transaction monitoring above thresholds - Know Your Customer (KYC) requirements for business accounts - Transaction reporting for amounts exceeding regulatory limits **Technical Constraints:** **Architecture Limitations:** - RESTful API design principles for all endpoints - Stateless authentication using JWT tokens - Microservices communication via HTTP/HTTPS only - No synchronous inter-service calls to prevent cascading failures **Technology Stack:** - Frontend limited to React.js ecosystem (no Angular or Vue.js) - Backend exclusively Laravel PHP framework - PostgreSQL as primary database (no MySQL or other RDBMS) - AWS as exclusive cloud provider for initial release **Performance Constraints:** - Maximum 2-second page load time for 95th percentile - API response time under 500ms for standard operations - Support for 1,000 concurrent users per workspace minimum - Database query optimization mandatory for sub-100ms response **Security Constraints:** - TLS 1.3 mandatory for all client communications - AES-256 encryption for sensitive data at rest - Password hashing using bcrypt with minimum cost factor 12 - API rate limiting at 1,000 requests per hour per key **Business Constraints:** **Budget Limitations:** - Development timeline: 12 months for MVP release - Infrastructure budget: $50,000 annually for cloud services - Third-party service costs must not exceed 15% of revenue - Open-source solutions preferred where feasible **Resource Constraints:** - Development team size: 4 developers (2 frontend, 2 backend) - Single DevOps engineer for deployment and monitoring - Limited QA resources requiring automation focus - Part-time UI/UX designer for interface design **Market Constraints:** - Primary market: Bangladesh with English and Bengali support - Competition from established platforms (Splitwise, Venmo, Settle Up) - Freemium model required for user acquisition - Premium features needed for revenue generation **Integration Requirements:** - SSLCommerz as mandatory payment gateway for Bangladesh - Mobile banking integration (bKash, Nagad) for local adoption - WhatsApp notification integration highly requested - Facebook/Google social login for easier onboarding ### 2.6 Assumptions and Dependencies **Assumptions:** **User Behavior:** - Users have reliable internet connectivity for real-time features - Users possess basic computer and financial literacy - Workspace members trust each other for expense sharing accuracy - Users prefer digital payments over manual cash settlement - Mobile device camera quality sufficient for receipt scanning **Technical Environment:** - AWS services maintain 99.9% availability SLA - Third-party APIs remain stable with backward compatibility - Modern browsers continue supporting PWA standards - SSL certificates remain affordable and accessible - Container orchestration platforms mature and stable **Business Environment:** - Payment gateway fees remain economically viable - Regulatory environment supports fintech innovation - Digital payment adoption continues growing in target market - Competition does not introduce disruptive pricing - User privacy concerns addressed through compliance **Dependencies:** **External Service Dependencies:** - **SSLCommerz Gateway:** Payment processing depends on gateway availability, affecting all transactions - **Email Service Providers:** Notification delivery relies on SMTP/API service uptime - **SMS Gateway:** Mobile notifications require SMS provider connectivity - **OCR Service:** Receipt processing depends on Google Cloud Vision or AWS Textract - **AWS Infrastructure:** Entire platform operation depends on AWS service availability **Technology Dependencies:** - **Laravel Framework:** Security patches and updates from Laravel community - **React.js Library:** Frontend functionality depends on React ecosystem stability - **PostgreSQL Database:** Data integrity relies on database engine reliability - **Docker Platform:** Containerization depends on Docker compatibility - **NPM/Composer:** Package management for frontend and backend dependencies **Third-Party Integration Dependencies:** - **Payment Methods:** Card networks (Visa, Mastercard) operational status - **Mobile Banking:** bKash, Nagad API availability for local payments - **Social Login:** Facebook, Google OAuth services for authentication - **Cloud Storage:** AWS S3 for receipt and document storage - **CDN Services:** CloudFront for global content delivery **Regulatory Dependencies:** - **Compliance Changes:** Modifications required if PCI DSS or GDPR updated - **Banking Regulations:** Bangladesh Bank policy changes affecting payment services - **Tax Requirements:** Changes in financial reporting or tax calculation rules - **Data Localization:** Potential requirements for local data storage **Mitigation Strategies:** - Service redundancy for critical dependencies (multiple payment gateways) - Regular dependency updates and security patching - Fallback mechanisms for external service failures - Compliance monitoring and rapid response processes - Technology stack evaluation and upgrade planning ### 2.7 SDLC Approach **Development Methodology: Agile Scrum with DevOps Integration** FundMate development follows an Agile Scrum methodology with two-week sprints, emphasizing iterative development, continuous feedback, and rapid delivery of functional increments. The approach integrates DevOps practices for continuous integration and deployment.