Fixes five bugs flagged in CEO code review (GitHub issues #18–22):
- #18: Wrap conflict check + insert/update in a DB transaction to
prevent double-booking race conditions under concurrent load.
- #19: PATCH conflict detection now falls back to the existing
appointment's staffId when staffId is omitted from the request body,
so rescheduling always checks for conflicts.
- #20: DELETE endpoint now soft-deletes (status = 'cancelled') instead
of hard-deleting, preserving audit trail and financial records.
- #21: Staff DELETE checks for existing non-cancelled appointments
before deleting and returns 409 if any are found, preventing orphaned
references.
- #22: AUTH_DISABLED=true now logs a startup warning in development and
calls process.exit(1) in production, preventing accidental auth
bypass in deployed environments.
Co-Authored-By: Paperclip <noreply@paperclip.ing>
Groom Book CTO
f13ec89beb