32 lines
1.4 KiB
Markdown
32 lines
1.4 KiB
Markdown
# Backend Notes (MVP Readiness)
|
|
|
|
## High-Level Takeaways
|
|
- Authentica OTP integration is implemented; Moyasar capture/refund are TODOs.
|
|
- External calls (OTP, notifications, payment gateway) run synchronously in request/response paths, increasing latency risk.
|
|
- Cross-app coupling (bookings ↔ notifications ↔ accounts/payments) will get harder to evolve without clearer service boundaries.
|
|
- Phone-first auth works, but `USERNAME_FIELD` is email; align identifier strategy to avoid future auth confusion.
|
|
|
|
## Near-Term Focus
|
|
- Hardening Authentica integration (timeouts, retries, async delivery) and aligning notification provider choices.
|
|
|
|
**Authentica E2E**
|
|
Run the real Authentica OTP flow only when explicitly enabled.
|
|
|
|
Env vars (in `backend/.env` or shell):
|
|
- `AUTHENTICA_E2E=1`
|
|
- `AUTHENTICA_API_KEY=...`
|
|
- `AUTHENTICA_E2E_PHONE=...` (must receive OTP)
|
|
- `AUTHENTICA_E2E_CODE=...` (required; no interactive prompt)
|
|
|
|
Command:
|
|
```bash
|
|
cd backend
|
|
PYTEST_ADDOPTS='' python3 -m pytest apps/accounts/tests -m external
|
|
```
|
|
|
|
Suggested flow:
|
|
1. Trigger the E2E test to send the OTP, then set `AUTHENTICA_E2E_CODE` and re-run if needed.
|
|
- Decide and document payment lifecycle scope (capture/refund supported vs explicitly out of scope).
|
|
- Add timeouts/logging for external calls or introduce minimal async jobs for OTP/notifications.
|
|
- Keep booking, payment, and notification orchestration in service layers, not views.
|