Human Resources · Web Panel + Mobile App
ShiftTracker
The moment your staff walks into the office, a Bluetooth beacon recognises them and logs the entry — automatically. Leave, overtime, meal menus and notifications all live on the same platform.
Project Overview
ShiftTracker is a three-layer HR platform built to replace classic time-and-attendance hardware: an ASP.NET Core 8 admin panel, a RESTful JSON API, and a Flutter iOS/Android employee app. When an employee enters the office, the phone — even in their pocket — uses a BLE beacon to perform an automatic check-in/check-out. No badges, fingerprint readers, or turnstiles required.
The system goes far beyond clocking. On the same database it runs leave management, seniority-based bonus accrual, overtime analytics, late-entry / early-exit reports, daily meal menus and a targeted push notification stack. With 25+ domain entities, 27 EF Core migrations and 17 admin screens, it covers the full operational HR needs of mid-to-large organisations.
Sector
HR · Time & Attendance
Platform
Web (.NET 8) + Flutter
Hardware
BLE Beacon (iBeacon)
Modules
📡
Beacon-Based Auto Attendance
UUID + Major/Minor + RSSI threshold trigger an automatic check-in on entry. Floor and door numbers are stored with every record.
🗓️
Leave Management
Configurable leave types, quotas, document attachments, multi-step approval flow, cancellation and admin notes — end to end.
⏱️
Overtime & Worked Hours
Daily net hours, overtime detection above 9.5h, per-employee totals and weekly leave reconciliation.
⏰
Late / Early Reports
09:00–18:00 / 11:00–20:00 / Sunday 10:00–19:00 shifts with a 15-minute tolerance and average late-by-minutes statistics.
🏆
Seniority Bonus Days
Years-of-service computed from hire date; configurable bonus brackets (e.g. 5–10 years: +2 days) auto-allocated.
🍽️
Meal Menus
Date- and group-targeted menus with soup / main / dessert / drink hierarchy and optional calorie data.
🔔
Targeted Push Notifications
All / group / role / specific-user targeting; shift, leave, announcement and warning categories with delivery reports.
👥
Roles & Groups
Department/branch groups, role-based authorisation, multi-group membership and emergency contacts per user.
🛡️
Bot & Brute-Force Protection
Cloudflare Turnstile guards the login flow against bots, DDoS and credential stuffing — fully GDPR-compliant.
Mobile App Flow
- Auto scanning: Bluetooth and location services are checked at launch; missing permissions deep-link the user straight to system settings.
- Beacon detection: When the target UUID + Major/Minor and RSSI threshold (−90) are met, an entry is logged; a check-out is triggered as soon as the signal is lost.
- Minimum stay duration: A configurable minimum stay (default 5 minutes) prevents accidental records when staff briefly walk past the door.
- Leave requests: Employees pick a leave type, choose a date range, attach documents if required, and track the status (Pending / Approved / Rejected / Cancelled) in real time.
- Leave entitlement view: Remaining annual days, seniority bonus and total days used are displayed in a tabbed UI.
- Meal menus: The daily menu is auto-filtered by the user’s group and shown by category.
- Notification centre: All push messages are stored in-app, with an unread badge surfaced on the home screen.
- Profile management: Photo upload, phone/email update and emergency contact maintenance.
Technical Highlights
- Dual architecture: Razor MVC web admin + a versioned
api/v1/{Attendance,Leave,MealMenu,Notifications,Configuration}RESTful surface, sharing the sameApplicationDbContext. - 25+ entity classes: User, Role, Group, UserGroup, AttendanceRecord, LeaveRequest, LeaveType, LeaveRequestAttachment, SeniorityLeaveBonus, MealMenu, MealMenuItem, Notification, NotificationRecipient, EmergencyContact, Configuration and more.
- 27 EF Core migrations: Every schema change — from
InitialCreatethroughLeaveManagement,AddSeniorityLeaveBonustoAddUserPassword— is versioned and reproducible. - Configurable behaviour: Minimum stay duration, RSSI threshold and shift hours live in the
Configurationtable, tunable without redeploys. - Cookie-based authentication: 8-hour sessions,
[Authorize]filters across controllers, dedicated login/logout paths, HSTS + HTTPS enforcement. - Cloudflare Turnstile: Server-side token verification on the login form — bot, brute-force and DDoS mitigation, GDPR-friendly.
- Firebase Admin SDK 3.4: Token-based single/group push delivery; high-priority Android channels and APNS sound support, with a registered background message handler.
- BLE beacon integration: The mobile side uses
dchs_flutter_beaconwith the iBeacon protocol; Android (BLUETOOTH_SCAN/CONNECT, LOCATION) and iOS (always/whenInUse) permission flows are fully automated. - Manual override: Admins can record manual check-ins/check-outs from the panel, delete records and pull per-user detail reports.
- GUID file management: User photos and leave attachments live in separate folders with collision-free naming.
- Password security: SHA512 hashing; an optional password field for legacy integrations and a dedicated API login endpoint.
- Location metadata: Each attendance record stores a floor (Major) and door (Minor) number, enabling filtering across multi-storey buildings.
Tech Stack
Web Backend
ASP.NET Core 8 · C# 12 · Entity Framework Core 9 · MS SQL Server · Razor Views · Cookie Authentication · Firebase Admin SDK 3.4 · Cloudflare Turnstile · HttpClient Factory · HSTS
Mobile App
Flutter 3.9+ · Dart · dchs_flutter_beacon · Firebase Core / Auth / Messaging · flutter_local_notifications · permission_handler · audioplayers · image_picker · file_picker · shared_preferences · http · intl
Outcomes
25+
Domain entity classes
27
EF Core migrations
3
Surfaces · Web + REST + Mobile
0
Extra hardware required*
*A single BLE beacon transmitter (USB or battery-powered) is enough — no turnstiles, badge readers or fingerprint terminals.