mohd/Salon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

I proceeded with Phase 1 step 1 (phone-first auth + OTP hardening) and updated the plan context. Here’s the current state and the next steps.

Browse Source 
What I implemented

Phone-first auth endpoints with OTP → JWT issuance.
views.py
urls.py
Phone normalization (KSA-focused, E.164 or Saudi mobile) and validation.
phone.py
serializers.py
OTP protections: rate limit, resend cooldown, attempt counting.
otp.py
models.py
Email is now optional to allow phone-only users.
models.py
0002_phone_auth_fields.py
Admin OTP visibility improved.
admin.py
Risks updated.
risks.md
This commit is contained in:
mohammad
2026-02-27 15:57:09 +03:00
parent dc68ecfe4c
commit 46af911a06
12 changed files with 292 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/.env.example
+3
View File
@@ -5,6 +5,9 @@ DATABASE_URL=postgres://postgres:postgres@localhost:5432/salon
CORS_ALLOWED_ORIGINS=http://localhost:5173
OTP_PROVIDER=console
OTP_EXPIRY_MINUTES=5
OTP_MAX_PER_WINDOW=5
OTP_WINDOW_MINUTES=15
OTP_RESEND_COOLDOWN_SECONDS=60
DEFAULT_CURRENCY=SAR
TWILIO_ACCOUNT_SID=
TWILIO_AUTH_TOKEN=