chore: condense all docs and markdown files
This commit is contained in:
+18
-33
@@ -1,41 +1,26 @@
|
||||
# Risks And Gaps
|
||||
|
||||
This file tracks known gaps and risks to address in future iterations.
|
||||
Open items only; remove resolved duplicates.
|
||||
|
||||
## Security And Auth
|
||||
- Phone normalization is KSA-focused and minimal; broaden for multi-country use.
|
||||
- OTP protections now include per-phone limits plus `/phone/request` IP/device window controls; thresholds still need production tuning.
|
||||
- Authentica OTP provider is implemented (SMS + WhatsApp via Authentica OTP).
|
||||
- Social login is a placeholder.
|
||||
- `USERNAME_FIELD` is now `"phone_number"`; `REQUIRED_FIELDS = []`; `create_superuser` accepts `phone_number`. Admin and `createsuperuser` work correctly for phone-only users.
|
||||
- Password token obtain endpoint (`/api/auth/token/`) is deprecated (`410 Gone`); phone OTP flow is the login source of truth.
|
||||
- OTP purpose isolation is enforced at verification endpoint boundaries (`/otp/verify` accepts only `verify`, `/phone/verify` accepts only `auth`).
|
||||
- Django admin user configuration now orders by `phone_number` and requests it on add forms to reduce friction for phone-only accounts.
|
||||
- Phone auth request now creates the customer record before issuing OTPs and marks `is_phone_verified` once `/api/auth/phone/verify/` succeeds, so phone numbers remain first-class during onboarding.
|
||||
## Auth
|
||||
- KSA-focused phone normalization; multi-country strategy pending.
|
||||
- Phone auth abuse controls need production tuning (IP/device thresholds).
|
||||
- Social login/OAuth linking policy still undefined (collision/merge rules).
|
||||
- JWT test warning exists for short test signing key (`InsecureKeyLengthWarning`).
|
||||
|
||||
## Next Auth Review Points
|
||||
- DB-level guardrails for `accounts_user.phone_number` are now enforced (`NOT NULL`, `UNIQUE`, E.164 check constraint).
|
||||
- Abuse-control implementation for `/api/auth/phone/request/` is in place (IP throttling + persisted device signal); next step is monitor false positives and tune limits.
|
||||
- Define OAuth account-linking policy (phone/email conflicts, merge rules, trust source).
|
||||
- Add explicit tests for remaining phone-first invariants (verified-phone guards and any legacy-path regressions).
|
||||
|
||||
## Booking Integrity
|
||||
- Availability checks and overlap prevention are now enforced for staff bookings.
|
||||
- **Race condition — fixed:** `BookingCreateSerializer.create()` now locks the staff row with `select_for_update()` inside `transaction.atomic()` and re-runs the overlap check before inserting. Concurrent requests for the same staff slot are serialized at the DB level. Requires PostgreSQL in production (SQLite ignores `FOR UPDATE` but still serializes writes).
|
||||
- No timezone handling or business hours enforcement.
|
||||
- No cancellation rules or refund logic.
|
||||
## Booking
|
||||
- No explicit timezone/business-hours policy beyond current availability checks.
|
||||
- Cancellation policy and refund policy not finalized.
|
||||
|
||||
## Payments
|
||||
- Moyasar payment creation, webhook reconciliation, and idempotency are implemented.
|
||||
- Moyasar capture and refund are implemented in the gateway; API endpoints for admin-initiated capture/refund can be added when needed.
|
||||
- Core Moyasar flow works; admin capture/refund endpoints not exposed yet.
|
||||
- Monitoring/alerting for webhook failures is still basic.
|
||||
|
||||
## Data And UX
|
||||
- Ratings are not recalculated from reviews.
|
||||
- No image upload or storage strategy for photos.
|
||||
- Booking lifecycle notifications are implemented; Authentica can deliver SMS when NOTIFICATION_PROVIDER=authentica.
|
||||
- Localization foundations are in progress; full Arabic translation coverage and RTL QA are still pending.
|
||||
## Localization
|
||||
- Foundations exist (`en`, `ar-sa`, RTL), but translation coverage is incomplete.
|
||||
- RTL QA across all future pages still pending.
|
||||
|
||||
## Ops And Compliance
|
||||
- No audit logs for admin actions.
|
||||
- No multi-tenant isolation or data export tooling.
|
||||
- No GDPR/PDPL data retention policies defined.
|
||||
## Ops/Compliance
|
||||
- No full audit log strategy for privileged actions.
|
||||
- No PDPL/GDPR retention policy or data export workflow.
|
||||
- No formal observability baseline (metrics/SLO dashboards).
|
||||
|
||||
Reference in New Issue
Block a user