mohd/Salon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ef60218c4c751f356092c5f440a7ac4336f3af07
Salon/backend
T
History
mohd ef60218c4c fix: make booking overlap check atomic with select_for_update 
Wrap the overlap query and Booking.objects.create() in a single
transaction.atomic() block inside BookingCreateSerializer.create().
Lock the StaffProfile row with select_for_update() so concurrent
requests for the same staff slot are serialized at the DB level;
only one writer can hold the lock at a time, eliminating the race
window between validate() and save().

The early check in validate() is kept for fast user feedback in
the common non-concurrent case. The locked re-check in create()
is the correctness guarantee.

On SQLite (dev/tests) FOR UPDATE is silently ignored but writes
are still serialized. PostgreSQL (production) gets row-level locking.

Update docs/risks.md to mark the race condition as fixed.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-02 00:27:04 +03:00
..
apps
fix: make booking overlap check atomic with select_for_update
2026-03-02 00:27:04 +03:00
locale
Updated PLANS.md, AGENTS.md, and arabic-localization.md to reflect the “foundations now, full translations later” approach and marked progress accordingly.
2026-02-28 11:48:58 +03:00
salon_api
Authentica OTP tests
2026-02-28 17:31:03 +03:00
.env.example
Implement Moyasar payments flow with webhooks
2026-02-28 13:01:12 +03:00
manage.py
Initial commit
2026-02-27 15:01:06 +03:00
pytest.ini
Authentica OTP tests
2026-02-28 17:31:03 +03:00
README.md
Authentica OTP tests
2026-02-28 17:31:03 +03:00
requirements-dev.txt
Backend and frontend testing stacks (pytest + vitest) and a few initial tests.
2026-02-27 16:03:06 +03:00
requirements.txt
Enhance documentation, implement Twilio OTP delivery, and update payment gateway methods. Updated AGENTS.md and README.md for clarity on ExecPlans and architecture. Added Twilio as a dependency and implemented capture/refund methods in MoyasarGateway. Improved frontend routing with react-router-dom and added authentication context. Updated styles and localization files for better user experience.
2026-02-28 15:33:50 +03:00

README.md

Backend Notes (MVP Readiness)

High-Level Takeaways

  • Authentica OTP integration is implemented; Moyasar capture/refund are TODOs.
  • External calls (OTP, notifications, payment gateway) run synchronously in request/response paths, increasing latency risk.
  • Cross-app coupling (bookings ↔ notifications ↔ accounts/payments) will get harder to evolve without clearer service boundaries.
  • Phone-first auth works, but USERNAME_FIELD is email; align identifier strategy to avoid future auth confusion.

Near-Term Focus

  • Hardening Authentica integration (timeouts, retries, async delivery) and aligning notification provider choices.

Authentica E2E Run the real Authentica OTP flow only when explicitly enabled.

Env vars (in backend/.env or shell):

  • AUTHENTICA_E2E=1
  • AUTHENTICA_API_KEY=...
  • AUTHENTICA_E2E_PHONE=... (must receive OTP)
  • AUTHENTICA_E2E_CODE=... (required; no interactive prompt)

Command:

cd backend
PYTEST_ADDOPTS='' python3 -m pytest apps/accounts/tests -m external

Suggested flow:

  1. Trigger the E2E test to send the OTP, then set AUTHENTICA_E2E_CODE and re-run if needed.
  • Decide and document payment lifecycle scope (capture/refund supported vs explicitly out of scope).
  • Add timeouts/logging for external calls or introduce minimal async jobs for OTP/notifications.
  • Keep booking, payment, and notification orchestration in service layers, not views.
Reference in New Issue View Git Blame Copy Permalink