chore: condense all docs and markdown files

2026-03-14 15:11:40 +03:00
parent f3811b7520
commit 8b626a940e
24 changed files with 483 additions and 1346 deletions
@@ -1,13 +1,21 @@
-# Backend Notes (MVP Readiness)
+# Backend Notes

-## High-Level Takeaways
- Authentica OTP integration is implemented; Moyasar capture/refund are TODOs.
- External calls (OTP, notifications, payment gateway) run synchronously in request/response paths, increasing latency risk.
- Cross-app coupling (bookings ↔ notifications ↔ accounts/payments) will get harder to evolve without clearer service boundaries.
- Phone-first auth is in place with `USERNAME_FIELD = "phone_number"`, but endpoint/admin/domain alignment is still incomplete and needs hardening.
- Phone auth now pre-creates customers when `/api/auth/phone/request/` runs (keeping `is_phone_verified=False`) and `/api/auth/phone/verify/` hands out JWTs; `/api/auth/register/` stays available for optional profile data while `/api/auth/token/` returns `410 Gone` and `/api/auth/social/<provider>/` remains a `501 Not Implemented` placeholder to keep the phone OTP contract explicit.
+## Current state
+- Phone-first auth is canonical (`/api/auth/phone/request`, `/api/auth/phone/verify`).
+- Password token endpoint `/api/auth/token/` is intentionally deprecated (`410`).
+- Moyasar payment create/webhook flow implemented.
+- Booking integrity checks + lifecycle notifications implemented.

-## Near-Term Focus
- finalize otp testing
- work on authentication and complete it
- align admin + serializers to favor phone-over-email display names so phone-only accounts stay readable everywhere
+## Run
+- `cd backend`
+- `python3 manage.py migrate`
+- `python3 manage.py runserver`
+
+## Test
+- `cd backend && python3 -m pytest`
+- external-only: `PYTEST_ADDOPTS='' python3 -m pytest -m external`
+
+## Pointers
+- Architecture: `docs/architecture.md`
+- Active plan: `docs/execplans/auth-phone-first-hardening.md`
+- Risks: `docs/risks.md`