14 lines
1.1 KiB
Markdown
14 lines
1.1 KiB
Markdown
# Backend Notes (MVP Readiness)
|
|
|
|
## High-Level Takeaways
|
|
- Authentica OTP integration is implemented; Moyasar capture/refund are TODOs.
|
|
- External calls (OTP, notifications, payment gateway) run synchronously in request/response paths, increasing latency risk.
|
|
- Cross-app coupling (bookings ↔ notifications ↔ accounts/payments) will get harder to evolve without clearer service boundaries.
|
|
- Phone-first auth is in place with `USERNAME_FIELD = "phone_number"`, but endpoint/admin/domain alignment is still incomplete and needs hardening.
|
|
- Phone auth now pre-creates customers when `/api/auth/phone/request/` runs (keeping `is_phone_verified=False`) and `/api/auth/phone/verify/` hands out JWTs; `/api/auth/register/` stays available for optional profile data while `/api/auth/token/` returns `410 Gone` and `/api/auth/social/<provider>/` remains a `501 Not Implemented` placeholder to keep the phone OTP contract explicit.
|
|
|
|
## Near-Term Focus
|
|
- finalize otp testing
|
|
- work on authentication and complete it
|
|
- align admin + serializers to favor phone-over-email display names so phone-only accounts stay readable everywhere
|