mohd/Salon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
feat/auth
Salon/docs/risks.md
T

1006 B
Raw Permalink Blame History

Risks And Gaps

Open items only; remove resolved duplicates.

Auth

  • KSA-focused phone normalization; multi-country strategy pending.
  • Phone auth abuse controls need production tuning (IP/device thresholds).
  • Social login/OAuth linking policy still undefined (collision/merge rules).
  • JWT test warning exists for short test signing key (InsecureKeyLengthWarning).

Booking

  • No explicit timezone/business-hours policy beyond current availability checks.
  • Cancellation policy and refund policy not finalized.

Payments

  • Core Moyasar flow works; admin capture/refund endpoints not exposed yet.
  • Monitoring/alerting for webhook failures is still basic.

Localization

  • Foundations exist (en, ar-sa, RTL), but translation coverage is incomplete.
  • RTL QA across all future pages still pending.

Ops/Compliance

  • No full audit log strategy for privileged actions.
  • No PDPL/GDPR retention policy or data export workflow.
  • No formal observability baseline (metrics/SLO dashboards).
Reference in New Issue View Git Blame Copy Permalink