mohd/Salon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
229975c612468868347844f4de4ad00202f7aaae
Salon/docs/risks.md
T
mohd 229975c612 docs: revise ADR 0001, risks, and architecture for accuracy 
- ADR 0001: distinguish payment/OTP (sync by design) from notifications
  (fire-and-forget); correct misleading claim that notification failures
  surface to clients — they are silently absorbed as FAILED status
- risks.md: upgrade USERNAME_FIELD entry with concrete breakage (admin,
  create_superuser, JWT lookup); add booking overlap race condition with
  root cause and fix (select_for_update)
- architecture.md: document notification/OTP provider coupling as an MVP
  shortcut and note the Phase 2 fix (dedicated NotificationProvider)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-01 23:30:04 +03:00

2.1 KiB
Raw Blame History

Risks And Gaps

This file tracks known gaps and risks to address in future iterations.

Security And Auth

  • Phone normalization is KSA-focused and minimal; broaden for multi-country use.
  • OTP protections are basic; add device fingerprinting and IP throttling if needed.
  • Authentica OTP provider is implemented (SMS + WhatsApp via Authentica OTP); Unifonic remains a scaffold.
  • Social login is a placeholder.
  • USERNAME_FIELD = "email" while email is nullable — concrete impact: Django admin user list shows blank for most customers (phone-only users); create_superuser requires email by default; DRF Simple JWT uses email as the lookup field. Fix: change USERNAME_FIELD to "phone_number" and update UserManager.create_superuser accordingly.

Booking Integrity

  • Availability checks and overlap prevention are now enforced for staff bookings.
  • Race condition — booking overlap check is not atomic: validate_booking_request runs the overlap query and returns; the view then calls serializer.save() in a separate step with no lock held. Two concurrent POST /api/bookings/ requests for the same staff slot will both pass validation and both commit. Fix: wrap the overlap check and booking insert in a select_for_update() query (or use serializable transaction isolation) so only one request can hold the lock at a time.
  • No timezone handling or business hours enforcement.
  • No cancellation rules or refund logic.

Payments

  • Moyasar payment creation, webhook reconciliation, and idempotency are implemented.
  • Moyasar capture and refund are implemented in the gateway; API endpoints for admin-initiated capture/refund can be added when needed.

Data And UX

  • Ratings are not recalculated from reviews.
  • No image upload or storage strategy for photos.
  • Booking lifecycle notifications are implemented; Authentica can deliver SMS when NOTIFICATION_PROVIDER=authentica.
  • Localization foundations are in progress; full Arabic translation coverage and RTL QA are still pending.

Ops And Compliance

  • No audit logs for admin actions.
  • No multi-tenant isolation or data export tooling.
  • No GDPR/PDPL data retention policies defined.
Reference in New Issue View Git Blame Copy Permalink