1.4 KiB
1.4 KiB
Backend Notes (MVP Readiness)
High-Level Takeaways
- Authentica OTP integration is implemented; Moyasar capture/refund are TODOs.
- External calls (OTP, notifications, payment gateway) run synchronously in request/response paths, increasing latency risk.
- Cross-app coupling (bookings ↔ notifications ↔ accounts/payments) will get harder to evolve without clearer service boundaries.
- Phone-first auth works, but
USERNAME_FIELDis email; align identifier strategy to avoid future auth confusion.
Near-Term Focus
- Hardening Authentica integration (timeouts, retries, async delivery) and aligning notification provider choices.
Authentica E2E Run the real Authentica OTP flow only when explicitly enabled.
Env vars (in backend/.env or shell):
AUTHENTICA_E2E=1AUTHENTICA_API_KEY=...AUTHENTICA_E2E_PHONE=...(must receive OTP)AUTHENTICA_E2E_CODE=...(required; no interactive prompt)
Command:
cd backend
PYTEST_ADDOPTS='' python3 -m pytest apps/accounts/tests -m external
Suggested flow:
- Trigger the E2E test to send the OTP, then set
AUTHENTICA_E2E_CODEand re-run if needed.
- Decide and document payment lifecycle scope (capture/refund supported vs explicitly out of scope).
- Add timeouts/logging for external calls or introduce minimal async jobs for OTP/notifications.
- Keep booking, payment, and notification orchestration in service layers, not views.