臺灣博碩士論文加值系統

高雄市特搜中隊為我國重大災害發生時重要救援主力，然而中隊執行救災任務
時經常因消防器材數量短缺或是異常損壞等情形，造成救援任務被嚴重耽誤，消防
器材管理因此成為中隊日常訓練中不可忽視的環節，該中隊目前使用紙本清單勾選
方式進行管理，為了提升中隊在「消防安全器材管理」工作執行效率，本論文以中
隊「每日消防車器材盤點」與「器材盤點紀錄維護」兩項需求性最高之工作為首要
目的，提出一套數位管理系統，並且依照中隊需求提出「器材狀態異動」、「器材資
訊編輯」和「新增器材」等輔助管理功能。
本論文於使用者端開發 Flutter 跨平台行動 APP 並結合低功耗藍牙(BLE)一對多
連線方式輸入，伺服器端開發使用 ASP.NET Core 結合實作物件關聯對映
(ORM/Object Relational Mapping)技術的框架 Entity Framework Core 與資料庫溝通，
同時利用實作 OAuth2.0 授權和 OpenID Connect 身分認證協議的套件 IdentityServer4
來提供隊員登入驗證以及伺服器防護，中隊實際使用約兩個月後，經意見回饋調查，
「每日消防車器材盤點」工作時間得以由 20~30 分鐘降低至 10 分鐘內，在紀錄調閱
方面也更加快速且明確，而本論文設計的輔助管理功能也讓中隊能夠更有效管理器
材的狀態、基本資訊以及數量。

The Kaohsiung Search and Rescue Team is the main rescuing force on the
occurrenceof severe disasters in Taiwan. However, the rescue mission is sometimes
delayed due to the shortage or abnormal damage of their equipment. Therefore, the
management of fire equipment has become a link that cannot be ignored in the
squadron's daily training. The squadron currently uses paper checklist to carry out
management, in order to improve the efficiency in "fire safety equipment management",
this paper takes the two most demanding tasks of the squadron, "daily fire truck
equipment inventory" and "inventory record maintenance" as the primary
purpose,proposes a set of digital Management system, and auxiliary management
functions such as "status change", "information editing" and "add equipment" to the
needs of the squadron.
This paper develops a cross-platform mobile APP by using "Flutter" on the user
side and uses Bluetooth Low Energy (BLE) one-to-many connection for input. The
server development uses "ASP.NET Core" combined with ORM(Object Relational
Mapping) technology framework "Entity Framework Core" communicates with the
database, and uses "IdentityServer4",a suite that implements OAuth2.0 and OpenID
Connect protocol, to provide team member identity verification and server protection.
After the use of the squadron for two months, according to their feedback, the cost of
"daily inventory of fire truck equipment" can be reduced from 30 minutes to within 10
minutes, and the record review is also faster and explicit. The designed of auxiliary
function also allows the squadron manages the status, basic information and quantity of
equipment more effectively.

摘要 v
Abstract vi
誌謝 vii
目錄 viii
圖目錄 xi
表目錄 xv
英文縮寫檢索表 xvi
第一章 緒論 1
1.1研究背景與動機 1
1.2問題描述 2
1.3論文架構 7
第二章 背景技術與相關研究 8
2.1 ASP.NET Core 8
2.2 MVC 8
2.3 Web API 9
2.4物件關係對映(ORM /Object Relational Mapping) 9
2.4.1 Entity Framework Core 10
2.5 OAuth2.0 11
2.5.1 OpenID Connect 13
2.5.2 IdentityServer4 15
2.6 Flutter 15
2.7 低功耗藍牙BLE 15
2.7.1 BLE關鍵術語和概念 16
第三章 系統架構規劃與設計 17
3.1系統架構說明 17
3.2資料庫設計 20
3.2.1 關聯式資料表設計 20
3.2.2 Entity Framework Core模型設計 23
3.3消防器材管理流程說明 25
3.3.1器材盤點流程 25
3.3.2器材狀態異動流程 26
3.3.3器材資訊編輯流程 27
3.3.4新增器材和地點流程 29
3.4 API函數設計 30
3.5 IdentityServer4服務建立 32
3.5.1 IdentityServer4資料表遷移 32
3.5.2 服務資料、 Client和使用者身分建立 33
3.5.3登入函數設計 35
3.5.4 API保護 36
3.6 Client端Flutter APP設計 38
3.6.1 Flutter AppAuth 38
3.6.2 HTTP請求-以器材盤點為例 39
3.6.3 BLE連線設計 42
第四章 系統結果展示與討論 49
4.1硬體設備與開發環境 49
4.2 Flutter AppAuth功能驗證 50
4.2.1使用者身分認證與授權 50
4.2.2 AccessToken及User Info獲取驗證 52
4.2.3 APP介面展示 53
4.3 APP器材管理功能展示 54
4.3.1 器材盤點展示 54
4.3.2 器材狀態異動展示 60
4.3.3 器材資訊編輯展示 61
4.3.4 新增器材展示 63
4.3.5 新增地點功能展示 64
4.4 器材管理紀錄展示 65
4.4.1 器材盤點紀錄 65
4.4.2 器材狀態異動紀錄 67
4.4.3 器材資訊編輯紀錄 68
4.4.4 寄送器材條碼 69
4.5 中隊操作與討論 70
第五章 結論與貢獻 74
參考文獻 76
附錄一 系統APP展示影片 80
附錄二 個人聯絡資訊 80
附錄三 Barcode掃描器購買及改造資訊 80

[1]內政部消防署,“消防車輛裝備器材管理維護作業規範”，[Online],Available: https://law.nfa.gov.tw/MOBILE/law.aspx?LSID=FL035030(Accessed: Mar. 24, 2022).
[2]徐偉哲,“支援EMM之消防設備管理系統—以高雄市特種搜救隊為例”， 國立高雄應用科技大學電機工程系碩士班碩士論文,民國107年。
[3]曹立章，“基於ASP.NET與易移植性的消防安全設備 管理系統之研製－應用於高雄市特搜中隊”，國立高雄科技大學電機工程系碩士班碩士論文,民國109年。
[4]維基百科，“SQL注入” ,[Online],Available: https://zh.wikipedia.org/zh-tw/SQL注入(Accessed: Mar. 24, 2022).
[5]林佾憲，“基於 MVC 架構與物件關聯對映方法與REST架構的ASP.NET Web開發框 架之設計與實作”，高雄第一科技大學資通訊服務創新產業碩士專班碩士論文，民國105年。
[6]Fielding, Roy Thomas (2000). "Chapter 5: Representational State Transfer (REST)". Architectural Styles and the Design of Network-based Software Architectures (Ph.D.). University of California, Irvine.
[7]Schwichtenberg, Holger. "Modern Data Access with Entity Framework Core." Apress, Essen, Germany (2018).
[8]Microsoft, , [Online],Available:https://docs.microsoft.com/zh-tw/ef/core/(Accessed: Mar. 24, 2022).
[9]OAuth2,“OAuth2.0”,[Online],Available：https://oauth.net/2/(Accessed:Mar.20,2022).
[10]Sakimura, Nat, John Bradley, and Naveen Agarwal, “Proof Key for Code Exchange by OAuth Public Clients”, [Online],Available: https://datatracker.ietf.org/doc/html/rfc7636(Accessed: May.17, 2022).
[11]OktaDev,“What's the difference between Confidential and Public clients? - OAuth in Five Minutes”, [Online],Available: https://www.youtube.com/watch?v=5cQNwifDq1U&ab_channel=OktaDev(Accessed: May.17, 2022).
[12]Hardt, Dick. “The OAuth 2.0” ,[Online],Available：https://www.rfc-editor.org/rfc/rfc6749.html (Accessed:Mar.20,2022).
[13]OpenID,“OpenID Connect”,[Online],Available:https://openid.net/connect/(Accessed:Mar.20,2022).
[14]維基百科,“JSON” ,[Online],Available: https://zh.wikipedia.org/zh-tw/JSON(Accessed: Mar. 24, 2022).
[15]Jones, Michael, John Bradley, and Nat Sakimura. “Json web token (jwt) ”, [Online],Available：https://www.rfc-editor.org/rfc/rfc7519 (Accessed:Mar.20,2022).
[16]One Identity, “How To Develop OpenID Connect Apps” ,[Online],Available：https://support.oneidentity.com/zh-cn/technical-documents/cloud-access-manager/8.1.4/how-to-develop-openid-connect-apps/2#TOPIC-1028674(Accessed:Mar.20,2022).
[17]張大偉，“藉由Google Flutter打造一款線上服務”，朝陽科技大學資訊管理系碩士論文，民國109年。
[18]徐偉哲、黃暉智、王伯仁、陳勇君、賴俊如, “支援企業行動管理(EMM)之消防裝備管理系統設計與雛型實作－以高雄市特種搜救中隊為例,” TANET 2018 (台灣網際網路研討會), Taichung, Taiwan, Oct. 24—26, 2018.
[19]曹⽴章、鄭⽂帥、賴俊如, “高雄市特搜中隊消防安全設備管理系統之實作－搭配ASP.NET使用三層式架構開發與行動應用App基本資安檢測,” TANET 2021 (台灣網際網路研討會), Taichung, Taiwan, Dec. 10—12, 2021.
[20]Pub.dev, “flutter_appauth” ,[Online],Available: https://pub.dev/packages/flutter_appauth (Accessed: Mar. 24, 2022).
[21]Ruch, Willibald, et al. "The Character Strengths Rating Form (CSRF): Development and initial assessment of a 24-item rating scale to assess character strengths." Personality and Individual Differences 68 (2014): 53-58.
[22]OktaDev, “OAuth 2.0 Auth Code Injection Attack in Action” ,[Online],Available: https://www.youtube.com/watch?v=1ot45WwQWJE&ab_channel=OktaDev (Accessed: Mar. 24, 2022).
[23]Melton, Jim, and Alan R. Simon. Understanding the new SQL: a complete guide. Morgan Kaufmann, 1993.
[24]Gubbi, Jayavardhana, et al. "Internet of Things (IoT): A vision, architectural elements, and future directions." Future generation computer systems 29.7 (2013): 1645-1660.
[25]黃彥熹，“公有零售市場、臨時攤販集中場消防設備管理創新服務之研究”，東南科技大學營建與空間設計系碩士班碩士論文,民國109年。
[26]李瀟瀟，“RFID 技術應用於消防安全設備維護資訊管理之研究 ”，臺北科技大學土木與防災研究所碩士論文,民國97 年。
[27]沈旻翰，“建構消防安全檢查資訊系統以便分析及查詢-以106年臺中市政府消 防局第二救災救護大隊轄區為例”，朝陽科技大學資訊管理系碩士論文，民國108年。
[28]倪瑋鴻, “行動條碼應用於圖書館行動服務之研究”，國立臺灣師範大學圖書資訊研究所碩士論文, 民國101年。
[29]鍾子毅，“基於條碼辨識的圖書館藏書盤點系統”，國立臺灣海洋大學電機工程學系碩士論文,民國102年。
[30]魏源槿，“以GCP雲端服務建置跨域訊息整合中心之研究”，國立臺北科技大學資訊工程系碩士班碩士學位論文，民國107年。
[31]陳冠廷，“基於Web開發框架探討TypeScript及Webapi設計與實作”，國立高雄科技大學電腦與通訊工程系碩士論文，民國108年。
[32]周崇浩，“使用MVC開發執行於雲端運算的進銷存系統之研究”，國立台灣科技大學資訊管理系EMBA碩士在職專班碩士學位論文，民國108年。
[33]葉宗霖，“WEB 安全程式開發工具之研究”，國立中正大學資訊管理研究所碩士論文，民國108年。
[34]詹雅鈞，“雲端單一登入機制 OpenID Connect 的分析與改善”，明新科技大學資訊管理系碩士班碩士學位論文，民國105年。
[35]鄒北辰，“基於以太坊憑證暨網路用戶身份驗證之OAuth兼容服務”，國立中央大學資訊工程學系軟體工程碩士班碩士論文，民國108年。
[36]陳盈蓉，“一次密碼架構之OpenId認證”，國立中正大學電機工程研究所碩士論文，民國104年。
[37]張德泰，“雲端和行動通訊系統聯盟的透明第三方認證”， 國立交通大學電機資訊國際學位學程碩士論文，民國109年。
[38]邱川柔，“雲端身份授權之網站單一登入研究”，臺北市立大學資訊科學系研究所碩士論文，民國105年。
[39]黃韋智，“應用OAuth2.0於校園資訊系統”，大同大學資訊經營研究所碩士論文，民國103年。
[40]蔡柏毅，“低功耗防遺失裝置之Android藍牙4.0一對多連線監控”，崑山科技大學電機工程系碩士班碩士論文，民國104年。
[41]許盛傑，“Android 手機藍牙一對多通訊之程式開發”，義守大學電機工程學系碩士班碩士論文，民國102年。
[42]林羿列，“結合行動裝置之分散式智慧插座研製”， 高雄科技大學電機工程系碩士班碩士論文，民國108年。
[43]李東儒，“踏步機運動 App 開發”，國立高雄科技大學電機工程系碩士班碩士論文，民國110年。
[44]黃子嘉，“在Android平台上具擴充性的低功率藍牙遠端程序呼叫服務之設計與實作”，國立台灣科技大學資訊管理系碩士學位論文，民國107年。
[45]K. Bounnady, K. Phanthavong, S. Pathoumvanh and K. Sihalath, "Comparison the processing speed between PHP and ASP.NET," 2016 13th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2016, pp. 1-5, doi: 10.1109/ECTICon.2016.7561484.
[46]W. Wiphusitphunpol and T. Lertrusdachakul, "Fetch performance comparison of object relational mapper in .NET platform," 2017 14th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2017, pp. 423-426, doi: 10.1109/ECTICon.2017.8096264.
[47]R. Sheth, M. Vora, R. Sharma, M. Thaker and P. Bhavathankar, "A Proficient Process for Systematic Inventory Management," 2020 International Conference for Emerging Technology (INCET), 2020, pp. 1-5, doi: 10.1109/INCET49848.2020.9154038.
[48]Smith, Jon.Entity Framework core in action. Simon and Schuster, 2021.
[49]H. Bagheri, C. Tang and K. Sullivan, "Automated Synthesis and Dynamic Analysis of Tradeoff Spaces for Object-Relational Mapping," in IEEE Transactions on Software Engineering, vol. 43, no. 2, pp. 145-163, 1 Feb. 2017, doi: 10.1109/TSE.2016.2587646.
[50]T. -H. Chen, W. Shang, Z. M. Jiang, A. E. Hassan, M. Nasser and P. Flora, "Finding and Evaluating the Performance Impact of Redundant Data Access for Applications that are Developed Using Object-Relational Mapping Frameworks," in IEEE Transactions on Software Engineering, vol. 42, no. 12, pp. 1148-1161, 1 Dec. 2016, doi: 10.1109/TSE.2016.2553039.
[51]S. L. Fong, D. Wui Yung Chin, R. A. Abbas, A. Jamal and F. Y. H. Ahmed, "Smart City Bus Application With QR Code: A Review," 2019 IEEE International Conference on Automatic Control and Intelligent Systems (I2CACIS), Selangor, Malaysia, 2019, pp. 34-39, doi: 10.1109/I2CACIS.2019.8825047.
[52]Gadge, Sanjay, and Vijaya Kotwani. "Microservice architecture: API gateway considerations." GlobalLogic Organisations, Aug-2017 (2018).
[53]Shabani, Isak, et al. "Design of modern distributed systems based on microservices architecture." vol 12 (2021): 153-159.
[54]Yang, Ronghai, Wing Cheong Lau, and Shangcheng Shi. "Breaking and fixing mobile app authentication with OAuth2. 0-based protocols." International Conference on Applied Cryptography and Network Security. Springer, Cham, 2017.
[55]Yang, Ronghai, Wing Cheong Lau, and Tianyu Liu. "Signing into one billion mobile app accounts effortlessly with oauth2. 0." Black Hat Europe (2016).
[56]Lodderstedt, Torsten, et al. "OAuth 2.0 security best current practice." IETF Web Authorization Protocol, Tech. Rep. draft-ietf-oauth-security-topics-16 (2020).
[57]Shurdi, Olimpion, et al. "OAuth2. 0 in Securing APIs." (2020).
[58]Navas, Jorge, and Marta Beltrán. "Understanding and mitigating OpenID Connect threats." Computers & Security 84 (2019): 1-16.
[59]Oh, Se-Ra, Jahoon Koo, and Young-Gab Kim. "Security interoperability in heterogeneous IoT platforms: threat model of the interoperable OAuth 2.0 framework." Proceedings of the 37th ACM/SIGAPP Symposium on Applied Computing. 2022.
[60]Li, Wanpeng, and Chris J. Mitchell. "Analysing the Security of Google’s implementation of OpenID Connect." International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment. Springer, Cham, 2016.
[61]Mainka, Christian, et al. "Sok: Single sign-on security—an evaluation of openid connect." 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 2017. 
[62]Fett, Daniel, Ralf Küsters, and Guido Schmitz. "The web sso standard openid connect: In-depth formal security analysis and security guidelines." 2017 IEEE 30th Computer Security Foundations Symposium (CSF). IEEE, 2017.
[63]Muyumba, Thomas, and Jackson Phiri. "A Web based Inventory Control System using Cloud Architecture and Barcode Technology for Zambia Air Force." International Journal of Advanced Computer Science and Applications 8.11 (2017).
[64]Blazquez, Alberto, Vlasios Tsiatsis, and Konstantinos Vandikas. "Performance evaluation of openid connect for an iot information marketplace." 2015 IEEE 81st Vehicular Technology Conference (VTC Spring). IEEE, 2015.
[65]S. Hong-ying, "The Application of Barcode Technology in Logistics and Warehouse Management," 2009 First International Workshop on Education Technology and Computer Science, 2009, pp. 732-735, doi: 10.1109/ETCS.2009.698.
[66]Vamsi, A. Madhu, et al. "IOT based autonomous inventory management for warehouses." EAI International Conference on Big Data Innovation for Sustainable Cognitive Computing. Springer, Cham, 2020.
[67]Atieh, Anas M., et al. "Performance improvement of inventory management system processes by an automated warehouse management system." Procedia Cirp 41 (2016): 568-572.
[68]Thanapal, P., J. Prabhu, and Mridula Jakhar. "A survey on barcode RFID and NFC." IOP Conference Series: Materials Science and Engineering. Vol. 263. No. 4. IOP Publishing, 2017.
[69]J. Armas, P. Navas, T. Mayorga, P. Rengifo and B. Arévalo, "Optimization of code lines and time of access to information through object-relational mapping (ORM) using alternative tools of connection to database management systems (DBMS)," 2017 2nd International Conference on System Reliability and Safety (ICSRS), 2017, pp. 500-504, doi: 10.1109/ICSRS.2017.8272872.
[70]Y. Wang and Y. Xu, "Research of Solutions of Object-Relational Mapping in JAVA Platform," 2011 International Conference on Control, Automation and Systems Engineering (CASE), 2011, pp. 1-3, doi: 10.1109/ICCASE.2011.5997578.
[71]C. Ireland, D. Bowers, M. Newton and K. Waugh, "A Classification of Object-Relational Impedance Mismatch," 2009 First International Confernce on Advances in Databases, Knowledge, and Data Applications, 2009, pp. 36-43, doi: 10.1109/DBKDA.2009.11.
[72]Chen, Tse-Hsun, et al. "Finding and evaluating the performance impact of redundant data access for applications that are developed using object-relational mapping frameworks." IEEE Transactions on Software Engineering 42.12 (2016): 1148-1161.
[73]Meijer, Erik. "The world according to LINQ." Communications of the ACM 54.10 (2011): 45-51.
[74]Procaccianti, Giuseppe, Patricia Lago, and Wouter Diesveld. "Energy efficiency of orm approaches: an empirical evaluation." Proceedings of the 10th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement. 2016.
[75]Kronis, Kristians, and Marina Uhanova. "Performance Comparison of Java EE and ASP. NET Core Technologies for Web API Development." Appl. Comput. Syst. 23.1 (2018): 37-44.
[76]Troelsen, Andrew, and Philip Japikse. Pro C# 7: With. net and. net Core. Vol. 1328. Apress, 2017.
[77]Duende Software,“IdentityServer4”,[Online]，Available：https://identityserver4.readthedocs.io/en/latest/(Accessed:Mar.16,2022).
[78]Microsoft, “Introduction to Identity on ASP.NET Core”, [Online],Available: https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity?view=aspnetcore-7.0&tabs=visual-studio(Accessed: May.17, 2022).
[79]IdentityServer, “How to Setup the KeyManagement Component for IdentityServer4”, [Online],Available:https://www.youtube.com/watch?v=EaeLdHhZR3g&ab_channel=IdentityServer(Accessed: May.17, 2022).