Backend Notes (MVP Readiness)
High-Level Takeaways
- Authentica OTP integration is implemented; Moyasar capture/refund are TODOs.
- External calls (OTP, notifications, payment gateway) run synchronously in request/response paths, increasing latency risk.
- Cross-app coupling (bookings ↔ notifications ↔ accounts/payments) will get harder to evolve without clearer service boundaries.
- Phone-first auth is in place with
USERNAME_FIELD = "phone_number", but endpoint/admin/domain alignment is still incomplete and needs hardening. - Phone auth now pre-creates customers when
/api/auth/phone/request/runs (keepingis_phone_verified=False) and/api/auth/phone/verify/hands out JWTs;/api/auth/register/stays available for optional profile data while/api/auth/token/returns410 Goneand/api/auth/social/<provider>/remains a501 Not Implementedplaceholder to keep the phone OTP contract explicit.
Near-Term Focus
- finalize otp testing
- work on authentication and complete it
- align admin + serializers to favor phone-over-email display names so phone-only accounts stay readable everywhere