| # Production Readiness Audit |
|
|
| Scope: frontend, database, features, and user experience. |
|
|
| ## High Priority Gaps |
| - Auth is not secure or enforced: APIs accept `user_id` from client and return user history without verifying identity. Any client can access other users' data. Implement token-based auth and derive user_id server-side. |
| - Passwords stored insecurely: client stores plaintext password in SharedPreferences; server allows plaintext fallback and uses unsalted SHA-256. Use bcrypt/argon2; remove plaintext fallback; store tokens in secure storage only. |
| - Check-ins not persisted in DB: daily check-ins stored locally only. Add a `checkins` table and persist via API. |
| - Database schema incomplete for core features: missing tables for check-ins, goals, sessions, etc. Add required tables and foreign keys. |
| |
| ## Medium Priority Gaps |
| - Hardcoded API base URL: no staging/production environment separation. Move to environment config. |
| - Logout does not clear stored user state: it navigates without clearing saved data. Call a clear/reset routine on logout. |
| - DASS scale mismatch risk: UI uses 0-4 while DASS-42 is typically 0-3. Align scale or adjust scoring logic. |
| - Error handling is weak: network failures often return empty lists or generic errors. Add timeouts, retries, and user-friendly error states. |
| |
| ## UX and Feature Completeness |
| - Auto-login missing: splash always routes to onboarding even if user is logged in. Route based on `AppState.isLoggedIn`. |
| - Placeholder actions: "Forgot Password", social login, profile edits are non-functional. Implement or remove until ready. |
| |
| ## Data and Analytics Limitations |
| - Analyses not fully stored: minimal fields saved; missing detailed scores/recommendations and client timestamps. Persist full output fields for analytics and debugging. |
| - Indexing missing: no indexes on `created_at`/`user_id` for history queries. Add indexes for performance. |
| |
| ## Backend Gaps |
| - No auth enforcement: endpoints accept user_id from clients and return data without verifying identity. Add JWT/session auth and authorization checks. |
| - Password handling is weak: unsalted SHA-256 and plaintext fallback. Move to bcrypt/argon2 and remove plaintext path. |
| - CORS is wide open: `allow_origins=["*"]` with credentials. Restrict origins and limit credentials. |
| - No rate limiting or abuse protection: add per-IP/user throttling on auth and analysis endpoints. |
| - Error handling leaks details: raw exceptions are returned. Normalize error responses and hide internals. |
| - No database migrations: relies on `create_all`. Introduce Alembic migrations and schema versioning. |
| - Missing structured logging/monitoring: add request logs, tracing, and health checks. |
|
|
