mohd
d40bb10876
Implemented localization foundations across backend and frontend (locale settings/middleware, preferred language, i18n wiring, RTL support, minimal Arabic UI strings, Accept-Language). Added targeted backend and frontend tests plus a risks note for pending full translation coverage.
32 lines
1.3 KiB
Markdown
32 lines
1.3 KiB
Markdown
# Risks And Gaps
|
|
|
|
This file tracks known gaps and risks to address in future iterations.
|
|
|
|
## Security And Auth
|
|
- Phone normalization is KSA-focused and minimal; broaden for multi-country use.
|
|
- OTP protections are basic; add device fingerprinting and IP throttling if needed.
|
|
- OTP provider adapters (Twilio/Unifonic) are scaffolds only; no real SMS/WhatsApp delivery yet.
|
|
- Social login is a placeholder.
|
|
- USERNAME_FIELD is still `email` while email can be null; verify admin/login flows.
|
|
|
|
## Booking Integrity
|
|
- No availability checks or overlap prevention for staff/salon schedules.
|
|
- No timezone handling or business hours enforcement.
|
|
- No cancellation rules or refund logic.
|
|
|
|
## Payments
|
|
- Payment integration is not implemented. Current API only stores records and a Moyasar scaffold exists.
|
|
- Webhook handling and payment status reconciliation missing.
|
|
- Idempotency handling for payment creation missing.
|
|
|
|
## Data And UX
|
|
- Ratings are not recalculated from reviews.
|
|
- No image upload or storage strategy for photos.
|
|
- No notifications (email/SMS) beyond OTP scaffolding.
|
|
- Localization foundations are in progress; full Arabic translation coverage and RTL QA are still pending.
|
|
|
|
## Ops And Compliance
|
|
- No audit logs for admin actions.
|
|
- No multi-tenant isolation or data export tooling.
|
|
- No GDPR/PDPL data retention policies defined.
|