masaruk Logo

Functional & Non-Functional Requirements

Complete FRs and NFRs for the MASARUK platform

1. Purpose

This document defines the Functional Requirements (FRs) and the Non-Functional Requirements (NFRs) for the MASARUK platform.

Derived from:

  • UI flows (Web/Mobile/Admin/Provider)
  • Domain Entities & Business Rules
  • API architecture
  • Payment flows
  • Booking lifecycle
  • Rating flows
  • Reports & Financials
  • RBAC matrix

2.1 Authentication & User Accounts

FR-Auth-01

The system shall allow users to create an account using: Full name, Email, Phone number, Password

FR-Auth-02

The system shall support login using email or phone

FR-Auth-03

The system shall support social authentication: Google, Facebook

FR-Auth-04

Passwords must be validated and hashed (bcrypt/argon2)

FR-Auth-05

The system shall issue a JWT token upon successful login

2.3 Trip Browsing (B2C)

FR-Trips-01

Display paginated list of trips with: Name, City, Duration, Price, Image, Type

FR-Trips-02

Filter trips by: Type, Duration, Price range, City

FR-Trips-03

View detailed trip page: Overview, Itinerary, Hotel, Bus, Rest stops, Services, Terms

FR-Trips-04

Trip availability must reflect active status from Admin/Provider

2.6 Booking Flow

FR-Booking-01

Users shall be able to start a booking from trip details page

FR-Booking-02

Users shall enter passenger data: Name, ID, Nationality, Emergency contact

FR-Booking-03

System shall validate seat availability before payment

FR-Booking-04

System shall generate a unique booking reference on success

FR-Booking-05

Users shall receive email/SMS confirmation after booking

2.7 Payment

FR-Pay-01

System shall support: HyperPay, STC Pay, Mada, Apple Pay, SADAD

FR-Pay-02

System shall create payment transaction record before gateway redirect

FR-Pay-03

System shall handle payment callbacks for success/failure

FR-Pay-04

System shall update booking status upon payment confirmation

FR-Pay-05

All amounts in SAR with VAT per platformSettings (SSOT: platform-settings-module.md)

3. Non-Functional Requirements (NFR)

3.1 Performance

NFR-Perf-01API response time < 500ms for 95th percentile
NFR-Perf-02Web page load < 3s on 4G connection
NFR-Perf-03Mobile app launch < 2s
NFR-Perf-04Database queries < 100ms
NFR-Perf-05Support 1000+ concurrent users

3.2 Security

NFR-Sec-01HTTPS enforced everywhere
NFR-Sec-02Token-based authentication (JWT)
NFR-Sec-03RBAC for all protected resources
NFR-Sec-04No sensitive data in logs
NFR-Sec-05Payment data handled only by gateway
NFR-Sec-06Rate limiting on all public endpoints

3.3 Availability

NFR-Avail-0199.9% uptime SLA
NFR-Avail-02Automatic failover for critical services
NFR-Avail-03Daily automated backups
NFR-Avail-04PITR enabled for database

3.4 Localization

NFR-L10n-01Full Arabic RTL support
NFR-L10n-02English as secondary language
NFR-L10n-03Currency: SAR only
NFR-L10n-04Arabic text labels preserved exactly