@luckydye/calendar 1.3.2 → 1.4.0

package/src/InhouseBookingSource.ts

@@ -1,50 +1,53 @@
+import type {
+	CalendarCredentials,
+	CalendarSource,
+} from "./CalendarIntegration.js";
 import type { CalendarEvent } from "./CalendarInternal.js";
-import type { CalendarSource, CalendarCredentials } from "./CalendarIntegration.js";
 
 /**
  * Inhouse Booking System credentials.
  */
 export interface InhouseCredentials extends CalendarCredentials {
-  /**
-   * Session cookie for authentication (e.g., "XSRF-TOKEN=xxx; laravel_session=yyy")
-   */
-  sessionCookie: string;
-  /**
-   * Employee ID to filter bookings for
-   */
-  employeeId: string;
-  /**
-   * Unit ID (optional, for filtering by unit/location)
-   */
-  unitId?: string;
-  /**
-   * Hour at which bookings start (9 or 10, defaults to 9)
-   */
-  startHour?: 9 | 10;
+	/**
+	 * Session cookie for authentication (e.g., "XSRF-TOKEN=xxx; laravel_session=yyy")
+	 */
+	sessionCookie: string;
+	/**
+	 * Employee ID to filter bookings for
+	 */
+	employeeId: string;
+	/**
+	 * Unit ID (optional, for filtering by unit/location)
+	 */
+	unitId?: string;
+	/**
+	 * Hour at which bookings start (9 or 10, defaults to 9)
+	 */
+	startHour?: 9 | 10;
 }
 
 /**
  * Inhouse Booking System API response structure.
  */
 interface InhouseBooking {
-  id: number;
-  date: string;
-  description: string;
-  duration: string;
-  project_id: number;
-  employee_id: number;
-  booking_id: number;
-  closing_id: number | null;
-  project: Array<{
-    id: number;
-    name: string;
-    report: number;
-  }>;
-  account: Array<{
-    id: number;
-    name: string;
-  }>;
-  optional?: number;
+	id: number;
+	date: string;
+	description: string;
+	duration: string;
+	project_id: number;
+	employee_id: number;
+	booking_id: number;
+	closing_id: number | null;
+	project: Array<{
+		id: number;
+		name: string;
+		report: number;
+	}>;
+	account: Array<{
+		id: number;
+		name: string;
+	}>;
+	optional?: number;
 }
 
 /**
@@ -65,492 +68,580 @@ interface InhouseBooking {
  * const events = await source.fetchEvents();
  */
 export class InhouseBookingSource implements CalendarSource {
-  readonly type = 'inhouse';
-  credentials: InhouseCredentials;
-  enabled: boolean;
-
-  constructor(
-    public id: string,
-    public name: string,
-    public color: string,
-    credentials: InhouseCredentials,
-    enabled = true
-  ) {
-    this.credentials = credentials;
-    this.enabled = enabled;
-  }
-
-  /**
-   * Make an authenticated request to the Inhouse Booking API via the proxy.
-   * The proxy will inject the session cookie.
-   */
-  private async apiRequest<T>(endpoint: string, searchParams?: URLSearchParams): Promise<T> {
-    const url = searchParams ? `${endpoint}?${searchParams.toString()}` : endpoint;
-    
-    const response = await fetch(url, {
-      headers: {
-        'X-Session-Cookie': this.credentials.sessionCookie,
-      },
-    });
-
-    if (!response.ok) {
-      if (response.status === 401) {
-        throw new Error('Inhouse Booking System authentication failed. Please check your session cookie.');
-      }
-      throw new Error(`Inhouse Booking API error: ${response.status} ${response.statusText}`);
-    }
-
-    return response.json() as Promise<T>;
-  }
-
-  /**
-   * Convert an Inhouse booking to internal CalendarEvent format.
-   * Bookings use date + duration (format "HH:MM").
-   * Bookings are ordered by their position in the day (first booking = starts at 09:00).
-   */
-  private mapBookingToEvent(
-    booking: InhouseBooking,
-    startTime: Date
-  ): CalendarEvent | null {
-    if (!booking.date || !booking.duration) return null;
-
-    // Parse duration string "HH:MM" to hours
-    const [hours, minutes] = booking.duration.split(':').map(Number);
-    if (hours === undefined || minutes === undefined) return null;
-
-    const durationMs = (hours * 60 + minutes) * 60 * 1000;
-    const endTime = new Date(startTime.getTime() + durationMs);
-
-    if (Number.isNaN(startTime.getTime()) || Number.isNaN(endTime.getTime())) return null;
-
-    const projectName = booking.project[0]?.name || '';
-    const eventId = `${booking.id}:${booking.booking_id}:${booking.project_id}`;
-
-    // Events with id <= 0 are raw bookings (no timetrack record yet); render as TENTATIVE.
-    const isRawBooking = booking.id <= 0;
-
-    return {
-      id: eventId,
-      title: projectName,
-      start: startTime,
-      end: endTime,
-      color: this.color,
-      calendar: this.name,
-      calendarId: this.id,
-      sourceId: this.id,
-      description: booking.description || '',
-      readOnly: false,
-      status: (booking.optional === 1 || isRawBooking) ? 'TENTATIVE' : undefined,
-    };
-  }
-
-  /**
-   * Process bookings and calculate their timestamps based on order.
-   * Bookings are stacked chronologically within a 9-hour workday starting at 09:00,
-   * split into a morning and afternoon session by a 1-hour lunch break.
-   *
-   * The split is determined by the midpoint of total work duration:
-   * bookings are greedily assigned to the morning until adding the next one
-   * would exceed half the day's total duration. The remaining bookings are
-   * placed after the 1-hour lunch break.
-   *
-   * Example: 3.5h + 4.5h = 8h total → lunch after first (3.5h ≤ 4h),
-   * result: 09:00-12:30, lunch 12:30-13:30, 13:30-18:00.
-   */
-  private processBookings(bookings: InhouseBooking[]): CalendarEvent[] {
-    const bookingsByDate = new Map<string, InhouseBooking[]>();
-
-    for (const booking of bookings) {
-      if (!booking.date) continue;
-      const list = bookingsByDate.get(booking.date) || [];
-      list.push(booking);
-      bookingsByDate.set(booking.date, list);
-    }
-
-    const events: CalendarEvent[] = [];
-
-    for (const [dateStr, dateBookings] of bookingsByDate) {
-      const [year, month, day] = dateStr.split('-').map(Number);
-      if (!year || !month || !day) continue;
-
-      const durations = dateBookings.map(b => {
-        if (!b.duration) return 0;
-        const [h, m] = b.duration.split(':').map(Number);
-        if (h === undefined || m === undefined) return 0;
-        return (h * 60 + m) * 60 * 1000;
-      });
-
-      const halfMs = durations.reduce((a, b) => a + b, 0) / 2;
-
-      // Greedy split: assign bookings to morning until the next one would exceed half
-      let morningMs = 0;
-      let splitIndex = 0;
-      for (let i = 0; i < dateBookings.length; i++) {
-        if (morningMs + (durations[i] ?? 0) <= halfMs) {
-          morningMs += durations[i] ?? 0;
-          splitIndex = i + 1;
-        } else {
-          break;
-        }
-      }
-
-      const LUNCH_MS = 60 * 60 * 1000;
-      let currentTime = new Date(year, month - 1, day, this.credentials.startHour ?? 9, 0);
-
-      for (let i = 0; i < dateBookings.length; i++) {
-        // Insert 1-hour lunch break between morning and afternoon sessions
-        if (i === splitIndex && splitIndex > 0) {
-          currentTime = new Date(currentTime.getTime() + LUNCH_MS);
-        }
-
-        const event = this.mapBookingToEvent(dateBookings[i] as InhouseBooking, currentTime);
-        if (event) {
-          events.push(event);
-          currentTime = event.end;
-        }
-      }
-    }
-
-    return events;
-  }
-
-  /**
-   * Fetch bookings from the Inhouse Booking System.
-   * Fetches bookings from 1 year ago to 1 year in the future.
-   */
-  async fetchEvents(): Promise<CalendarEvent[]> {
-    if (!this.enabled) return [];
-
-    const now = new Date();
-    const oneYearAgo = new Date(now.getTime() - 365 * 24 * 60 * 60 * 1000);
-    const oneYearFuture = new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000);
-
-    const formatDate = (date: Date): string => date.toISOString().split('T')[0];
-
-    const dateFilter = {
-      '>=': formatDate(oneYearAgo),
-      '<=': formatDate(oneYearFuture),
-    };
-
-    const employeeFilter = {
-      '=': Number.parseInt(this.credentials.employeeId, 10),
-    };
-
-    const params = new URLSearchParams({
-      date: JSON.stringify(dateFilter),
-      employee_id: JSON.stringify(employeeFilter),
-    });
-
-    const bookings = await this.apiRequest<InhouseBooking[]>('/timetracks/with_bookings', params);
-
-    if (!Array.isArray(bookings)) return [];
-
-    return this.processBookings(bookings);
-  }
-
-  /**
-   * Fetch the list of active projects.
-   * Returns projects as {id, name} pairs for use in the project picker.
-   */
-  async fetchProjects(): Promise<Array<{ id: number; name: string }>> {
-    const params = new URLSearchParams({
-      archived: JSON.stringify({ '=': 0 }),
-    });
-    const projects = await this.apiRequest<Array<{ id: number; name: string }>>('/projects', params);
-    if (!Array.isArray(projects)) return [];
-    return projects;
-  }
-
-  /**
-   * Extract XSRF-TOKEN value from session cookie.
-   * Returns the encrypted token value that Laravel can decrypt.
-   */
-  private getXsrfToken(): string | undefined {
-    const match = this.credentials.sessionCookie.match(/XSRF-TOKEN=([^;]+)/);
-    return match ? decodeURIComponent(match[1]) : undefined;
-  }
-
-  /**
-   * Make an authenticated write request to the Inhouse Booking API via the proxy.
-   * Uses X-XSRF-TOKEN header with the encrypted token (Laravel decrypts this automatically).
-   */
-  private async apiWriteRequest<T>(endpoint: string, method: string, body: URLSearchParams): Promise<T> {
-    const xsrfToken = this.getXsrfToken();
-    
-    if (!xsrfToken) {
-      throw new Error('XSRF-TOKEN not found in session cookie. Please check your credentials.');
-    }
-    
-    const headers: Record<string, string> = {
-      'X-Session-Cookie': this.credentials.sessionCookie,
-      'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
-      'X-Requested-With': 'XMLHttpRequest',
-      'X-XSRF-TOKEN': xsrfToken,
-    };
-
-    const response = await fetch(endpoint, {
-      method,
-      headers,
-      body: body.toString(),
-    });
-
-    if (!response.ok) {
-      if (response.status === 401) {
-        throw new Error('Inhouse Booking System authentication failed. Please check your session cookie.');
-      }
-      if (response.status === 403) {
-        throw new Error('Inhouse Booking System CSRF token invalid or missing.');
-      }
-      throw new Error(`Inhouse Booking API error: ${response.status} ${response.statusText}`);
-    }
-
-    const text = await response.text();
-    if (!text) return {} as T;
-
-    try {
-      return JSON.parse(text) as T;
-    } catch {
-      return {} as T;
-    }
-  }
-
-  /**
-   * Make an authenticated write request with params as query string and empty body.
-   * This matches the Inhouse API format used by the browser client for creating bookings.
-   */
-  private async apiQueryRequest<T>(endpoint: string, method: string, params: URLSearchParams): Promise<T> {
-    const xsrfToken = this.getXsrfToken();
-
-    if (!xsrfToken) {
-      throw new Error('XSRF-TOKEN not found in session cookie. Please check your credentials.');
-    }
-
-    const url = `${endpoint}/?${params.toString()}`;
-
-    const response = await fetch(url, {
-      method,
-      headers: {
-        'X-Session-Cookie': this.credentials.sessionCookie,
-        'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
-        'X-Requested-With': 'XMLHttpRequest',
-        'X-XSRF-TOKEN': xsrfToken,
-      },
-    });
-
-    if (!response.ok) {
-      if (response.status === 401) {
-        throw new Error('Inhouse Booking System authentication failed. Please check your session cookie.');
-      }
-      if (response.status === 403) {
-        throw new Error('Inhouse Booking System CSRF token invalid or missing.');
-      }
-      throw new Error(`Inhouse Booking API error: ${response.status} ${response.statusText}`);
-    }
-
-    const text = await response.text();
-    if (!text) return {} as T;
-
-    try {
-      return JSON.parse(text) as T;
-    } catch {
-      return {} as T;
-    }
-  }
-
-  /**
-   * Format duration from milliseconds to "HH:MM" format.
-   */
-  private formatDuration(durationMs: number): string {
-    const totalMinutes = Math.round(durationMs / (60 * 1000));
-    const hours = Math.floor(totalMinutes / 60);
-    const minutes = totalMinutes % 60;
-    return `${String(hours).padStart(2, '0')}:${String(minutes).padStart(2, '0')}`;
-  }
-
-  /**
-   * Parse event ID in format "{id}:{booking_id}:{project_id}".
-   * The API resource ID is bookingId when id is unavailable (< 0).
-   */
-  private parseEventId(eventId: string): { id: number; bookingId: number; projectId: number; resourceId: number } | null {
-    const parts = eventId.split(':');
-    if (parts.length !== 3) return null;
-    const id = Number.parseInt(parts[0], 10);
-    const bookingId = Number.parseInt(parts[1], 10);
-    const projectId = Number.parseInt(parts[2], 10);
-    if (Number.isNaN(id) || Number.isNaN(bookingId) || Number.isNaN(projectId)) return null;
-    const resourceId = id > 0 ? id : bookingId;
-    return { id, bookingId, projectId, resourceId };
-  }
-
-  /**
-   * Create a new booking in the Inhouse Booking System.
-   * Params are sent as query string with empty body, matching the Inhouse API format.
-   */
-  async createEvent(event: Omit<CalendarEvent, 'calendar' | 'color'>): Promise<CalendarEvent> {
-    if (!this.enabled) {
-      throw new Error('Inhouse Booking System source is disabled');
-    }
-
-    const parsed = this.parseEventId(event.id);
-    if (!parsed) {
-      throw new Error(`Creating bookings requires an event ID in format "{id}-{bookingId}-{projectId}", got: ${event.id}`);
-    }
-
-    const durationMs = event.end.getTime() - event.start.getTime();
-    const duration = this.formatDuration(durationMs);
-    const date = event.start.toISOString().split('T')[0];
-    const description = event.description || '';
-
-    const params = new URLSearchParams({
-      employee_id: this.credentials.employeeId,
-      unit_id: this.credentials.unitId || '',
-      date,
-      description,
-      project_id: parsed.projectId.toString(),
-      duration,
-      create: '',
-    });
-
-    const result = await this.apiQueryRequest<{ id: number }>('/timetracks', 'POST', params);
-
-    if (!result.id) {
-      throw new Error('Failed to create booking: invalid response from server');
-    }
-
-    const newEventId = `${result.id}:0:${parsed.projectId}`;
-
-    return {
-      ...event,
-      id: newEventId,
-      calendar: this.name,
-      color: this.color,
-      sourceId: this.id,
-      readOnly: false,
-    };
-  }
-
-  /**
-   * Update an existing booking in the Inhouse Booking System.
-   */
-  async updateEvent(event: CalendarEvent, updates: Partial<CalendarEvent>): Promise<CalendarEvent> {
-    if (!this.enabled) {
-      throw new Error('Inhouse Booking System source is disabled');
-    }
-
-    const id = event.id;
-    const parsedId = this.parseEventId(id);
-    if (!parsedId) {
-      throw new Error(`Invalid event ID format: ${id}`);
-    }
-
-    // Fetch existing booking to get current values (match by API id, first segment)
-    const existingBookings = await this.fetchEvents();
-    const existing = existingBookings.find(e => e.id.startsWith(`${parsedId.id}:`));
-    if (!existing) {
-      throw new Error(`Booking not found: ${id}`);
-    }
-
-    // Use current values or fall back to existing
-    const start = updates.start ?? existing.start;
-    const end = updates.end ?? existing.end;
-    const durationMs = end.getTime() - start.getTime();
-    const duration = this.formatDuration(durationMs);
-    const date = start.toISOString().split('T')[0];
-    const description = updates.description ?? existing.description ?? '';
-
-    const body = new URLSearchParams({
-      id: parsedId.resourceId.toString(),
-      unit_id: this.credentials.unitId || '',
-      employee_id: this.credentials.employeeId,
-      booking_id: parsedId.bookingId.toString(),
-      date,
-      description,
-      project_id: parsedId.projectId.toString(),
-      duration,
-      update: '',
-    });
-
-    await this.apiWriteRequest<unknown>(`/timetracks/${parsedId.resourceId}`, 'PUT', body);
-
-    return {
-      ...existing,
-      ...updates,
-      id,
-      calendar: this.name,
-      color: this.color,
-      sourceId: this.id,
-      readOnly: false,
-    };
-  }
-
-  /**
-   * Delete a booking from the Inhouse Booking System.
-   * - Confirmed timetracks (id > 0): DELETE /timetracks/{id}?id=...&date=...&duration=...etc
-   * - Raw bookings (id <= 0): DELETE /timetracks/delete_bookings/{bookingId}
-   */
-  async deleteEvent(id: string): Promise<void> {
-    if (!this.enabled) {
-      throw new Error('Inhouse Booking System source is disabled');
-    }
-
-    const parsedId = this.parseEventId(id);
-    if (!parsedId) {
-      throw new Error(`Invalid event ID format: ${id}`);
-    }
-
-    if (parsedId.id <= 0) {
-      await this.apiQueryRequest<unknown>(`/timetracks/delete_bookings/${parsedId.bookingId}`, 'DELETE', new URLSearchParams());
-      return;
-    }
-
-    const existingBookings = await this.fetchEvents();
-    const existing = existingBookings.find(e => e.id === id);
-    if (!existing) {
-      throw new Error(`Booking not found: ${id}`);
-    }
-
-    const durationMs = existing.end.getTime() - existing.start.getTime();
-    const duration = this.formatDuration(durationMs);
-    const date = existing.start.toISOString().split('T')[0];
-    const description = existing.description ?? '';
-
-    const params = new URLSearchParams({
-      id: parsedId.id.toString(),
-      unit_id: this.credentials.unitId || '',
-      employee_id: this.credentials.employeeId,
-      booking_id: parsedId.bookingId.toString(),
-      date,
-      description,
-      project_id: parsedId.projectId.toString(),
-      duration,
-    });
-
-    await this.apiQueryRequest<unknown>(`/timetracks/${parsedId.id}`, 'DELETE', params);
-  }
-
-  /**
-   * Test the connection to the Inhouse Booking System.
-   * Returns true if the credentials are valid.
-   */
-  async testConnection(): Promise<boolean> {
-    try {
-      const now = new Date();
-      const dateFilter = {
-        '>=': now.toISOString().split('T')[0],
-        '<=': now.toISOString().split('T')[0],
-      };
-      const employeeFilter = { '=': Number.parseInt(this.credentials.employeeId, 10) };
-
-      const params = new URLSearchParams({
-        date: JSON.stringify(dateFilter),
-        employee_id: JSON.stringify(employeeFilter),
-        limit: '1',
-      });
-
-      await this.apiRequest<InhouseBooking[]>('/timetracks/with_bookings', params);
-      return true;
-    } catch {
-      return false;
-    }
-  }
+	readonly type = "inhouse";
+	credentials: InhouseCredentials;
+	enabled: boolean;
+
+	constructor(
+		public id: string,
+		public name: string,
+		public color: string,
+		credentials: InhouseCredentials,
+		enabled = true,
+	) {
+		this.credentials = credentials;
+		this.enabled = enabled;
+	}
+
+	/**
+	 * Make an authenticated request to the Inhouse Booking API via the proxy.
+	 * The proxy will inject the session cookie.
+	 */
+	private async apiRequest<T>(
+		endpoint: string,
+		searchParams?: URLSearchParams,
+	): Promise<T> {
+		const url = searchParams
+			? `${endpoint}?${searchParams.toString()}`
+			: endpoint;
+
+		const response = await fetch(url, {
+			headers: {
+				"X-Session-Cookie": this.credentials.sessionCookie,
+			},
+		});
+
+		if (!response.ok) {
+			if (response.status === 401) {
+				throw new Error(
+					"Inhouse Booking System authentication failed. Please check your session cookie.",
+				);
+			}
+			throw new Error(
+				`Inhouse Booking API error: ${response.status} ${response.statusText}`,
+			);
+		}
+
+		return response.json() as Promise<T>;
+	}
+
+	/**
+	 * Convert an Inhouse booking to internal CalendarEvent format.
+	 * Bookings use date + duration (format "HH:MM").
+	 * Bookings are ordered by their position in the day (first booking = starts at 09:00).
+	 */
+	private mapBookingToEvent(
+		booking: InhouseBooking,
+		startTime: Date,
+	): CalendarEvent | null {
+		if (!booking.date || !booking.duration) return null;
+
+		// Parse duration string "HH:MM" to hours
+		const [hours, minutes] = booking.duration.split(":").map(Number);
+		if (hours === undefined || minutes === undefined) return null;
+
+		const durationMs = (hours * 60 + minutes) * 60 * 1000;
+		const endTime = new Date(startTime.getTime() + durationMs);
+
+		if (Number.isNaN(startTime.getTime()) || Number.isNaN(endTime.getTime()))
+			return null;
+
+		const projectName = booking.project[0]?.name || "";
+		const eventId = `${booking.id}:${booking.booking_id}:${booking.project_id}`;
+
+		// Events with id <= 0 are raw bookings (no timetrack record yet); render as TENTATIVE.
+		const isRawBooking = booking.id <= 0;
+
+		return {
+			id: eventId,
+			title: projectName,
+			start: startTime,
+			end: endTime,
+			color: this.color,
+			calendar: this.name,
+			calendarId: this.id,
+			sourceId: this.id,
+			description: booking.description || "",
+			readOnly: false,
+			status: booking.optional === 1 || isRawBooking ? "TENTATIVE" : undefined,
+		};
+	}
+
+	/**
+	 * Process bookings and calculate their timestamps based on order.
+	 * Bookings are stacked chronologically within a 9-hour workday starting at 09:00,
+	 * split into a morning and afternoon session by a 1-hour lunch break.
+	 *
+	 * The split is determined by the midpoint of total work duration:
+	 * bookings are greedily assigned to the morning until adding the next one
+	 * would exceed half the day's total duration. The remaining bookings are
+	 * placed after the 1-hour lunch break.
+	 *
+	 * Example: 3.5h + 4.5h = 8h total → lunch after first (3.5h ≤ 4h),
+	 * result: 09:00-12:30, lunch 12:30-13:30, 13:30-18:00.
+	 */
+	private processBookings(bookings: InhouseBooking[]): CalendarEvent[] {
+		const bookingsByDate = new Map<string, InhouseBooking[]>();
+
+		for (const booking of bookings) {
+			if (!booking.date) continue;
+			const list = bookingsByDate.get(booking.date) || [];
+			list.push(booking);
+			bookingsByDate.set(booking.date, list);
+		}
+
+		const events: CalendarEvent[] = [];
+
+		for (const [dateStr, dateBookings] of bookingsByDate) {
+			const [year, month, day] = dateStr.split("-").map(Number);
+			if (!year || !month || !day) continue;
+
+			const durations = dateBookings.map((b) => {
+				if (!b.duration) return 0;
+				const [h, m] = b.duration.split(":").map(Number);
+				if (h === undefined || m === undefined) return 0;
+				return (h * 60 + m) * 60 * 1000;
+			});
+
+			const halfMs = durations.reduce((a, b) => a + b, 0) / 2;
+
+			// Greedy split: assign bookings to morning until the next one would exceed half
+			let morningMs = 0;
+			let splitIndex = 0;
+			for (let i = 0; i < dateBookings.length; i++) {
+				if (morningMs + (durations[i] ?? 0) <= halfMs) {
+					morningMs += durations[i] ?? 0;
+					splitIndex = i + 1;
+				} else {
+					break;
+				}
+			}
+
+			const LUNCH_MS = 60 * 60 * 1000;
+			let currentTime = new Date(
+				year,
+				month - 1,
+				day,
+				this.credentials.startHour ?? 9,
+				0,
+			);
+
+			for (let i = 0; i < dateBookings.length; i++) {
+				// Insert 1-hour lunch break between morning and afternoon sessions
+				if (i === splitIndex && splitIndex > 0) {
+					currentTime = new Date(currentTime.getTime() + LUNCH_MS);
+				}
+
+				const event = this.mapBookingToEvent(
+					dateBookings[i] as InhouseBooking,
+					currentTime,
+				);
+				if (event) {
+					events.push(event);
+					currentTime = event.end;
+				}
+			}
+		}
+
+		return events;
+	}
+
+	/**
+	 * Fetch bookings from the Inhouse Booking System.
+	 * Fetches bookings from 1 year ago to 1 year in the future.
+	 */
+	async fetchEvents(): Promise<CalendarEvent[]> {
+		if (!this.enabled) return [];
+
+		const now = new Date();
+		const oneYearAgo = new Date(now.getTime() - 365 * 24 * 60 * 60 * 1000);
+		const oneYearFuture = new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000);
+
+		const formatDate = (date: Date): string => date.toISOString().split("T")[0];
+
+		const dateFilter = {
+			">=": formatDate(oneYearAgo),
+			"<=": formatDate(oneYearFuture),
+		};
+
+		const employeeFilter = {
+			"=": Number.parseInt(this.credentials.employeeId, 10),
+		};
+
+		const params = new URLSearchParams({
+			date: JSON.stringify(dateFilter),
+			employee_id: JSON.stringify(employeeFilter),
+		});
+
+		const bookings = await this.apiRequest<InhouseBooking[]>(
+			"/timetracks/with_bookings",
+			params,
+		);
+
+		if (!Array.isArray(bookings)) return [];
+
+		return this.processBookings(bookings);
+	}
+
+	/**
+	 * Fetch the list of active projects.
+	 * Returns projects as {id, name} pairs for use in the project picker.
+	 */
+	async fetchProjects(): Promise<Array<{ id: number; name: string }>> {
+		const params = new URLSearchParams({
+			archived: JSON.stringify({ "=": 0 }),
+		});
+		const projects = await this.apiRequest<Array<{ id: number; name: string }>>(
+			"/projects",
+			params,
+		);
+		if (!Array.isArray(projects)) return [];
+		return projects;
+	}
+
+	/**
+	 * Extract XSRF-TOKEN value from session cookie.
+	 * Returns the encrypted token value that Laravel can decrypt.
+	 */
+	private getXsrfToken(): string | undefined {
+		const match = this.credentials.sessionCookie.match(/XSRF-TOKEN=([^;]+)/);
+		return match ? decodeURIComponent(match[1]) : undefined;
+	}
+
+	/**
+	 * Make an authenticated write request to the Inhouse Booking API via the proxy.
+	 * Uses X-XSRF-TOKEN header with the encrypted token (Laravel decrypts this automatically).
+	 */
+	private async apiWriteRequest<T>(
+		endpoint: string,
+		method: string,
+		body: URLSearchParams,
+	): Promise<T> {
+		const xsrfToken = this.getXsrfToken();
+
+		if (!xsrfToken) {
+			throw new Error(
+				"XSRF-TOKEN not found in session cookie. Please check your credentials.",
+			);
+		}
+
+		const headers: Record<string, string> = {
+			"X-Session-Cookie": this.credentials.sessionCookie,
+			"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
+			"X-Requested-With": "XMLHttpRequest",
+			"X-XSRF-TOKEN": xsrfToken,
+		};
+
+		const response = await fetch(endpoint, {
+			method,
+			headers,
+			body: body.toString(),
+		});
+
+		if (!response.ok) {
+			if (response.status === 401) {
+				throw new Error(
+					"Inhouse Booking System authentication failed. Please check your session cookie.",
+				);
+			}
+			if (response.status === 403) {
+				throw new Error(
+					"Inhouse Booking System CSRF token invalid or missing.",
+				);
+			}
+			throw new Error(
+				`Inhouse Booking API error: ${response.status} ${response.statusText}`,
+			);
+		}
+
+		const text = await response.text();
+		if (!text) return {} as T;
+
+		try {
+			return JSON.parse(text) as T;
+		} catch {
+			return {} as T;
+		}
+	}
+
+	/**
+	 * Make an authenticated write request with params as query string and empty body.
+	 * This matches the Inhouse API format used by the browser client for creating bookings.
+	 */
+	private async apiQueryRequest<T>(
+		endpoint: string,
+		method: string,
+		params: URLSearchParams,
+	): Promise<T> {
+		const xsrfToken = this.getXsrfToken();
+
+		if (!xsrfToken) {
+			throw new Error(
+				"XSRF-TOKEN not found in session cookie. Please check your credentials.",
+			);
+		}
+
+		const url = `${endpoint}/?${params.toString()}`;
+
+		const response = await fetch(url, {
+			method,
+			headers: {
+				"X-Session-Cookie": this.credentials.sessionCookie,
+				"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
+				"X-Requested-With": "XMLHttpRequest",
+				"X-XSRF-TOKEN": xsrfToken,
+			},
+		});
+
+		if (!response.ok) {
+			if (response.status === 401) {
+				throw new Error(
+					"Inhouse Booking System authentication failed. Please check your session cookie.",
+				);
+			}
+			if (response.status === 403) {
+				throw new Error(
+					"Inhouse Booking System CSRF token invalid or missing.",
+				);
+			}
+			throw new Error(
+				`Inhouse Booking API error: ${response.status} ${response.statusText}`,
+			);
+		}
+
+		const text = await response.text();
+		if (!text) return {} as T;
+
+		try {
+			return JSON.parse(text) as T;
+		} catch {
+			return {} as T;
+		}
+	}
+
+	/**
+	 * Format duration from milliseconds to "HH:MM" format.
+	 */
+	private formatDuration(durationMs: number): string {
+		const totalMinutes = Math.round(durationMs / (60 * 1000));
+		const hours = Math.floor(totalMinutes / 60);
+		const minutes = totalMinutes % 60;
+		return `${String(hours).padStart(2, "0")}:${String(minutes).padStart(
+			2,
+			"0",
+		)}`;
+	}
+
+	/**
+	 * Parse event ID in format "{id}:{booking_id}:{project_id}".
+	 * The API resource ID is bookingId when id is unavailable (< 0).
+	 */
+	private parseEventId(eventId: string): {
+		id: number;
+		bookingId: number;
+		projectId: number;
+		resourceId: number;
+	} | null {
+		const parts = eventId.split(":");
+		if (parts.length !== 3) return null;
+		const id = Number.parseInt(parts[0], 10);
+		const bookingId = Number.parseInt(parts[1], 10);
+		const projectId = Number.parseInt(parts[2], 10);
+		if (Number.isNaN(id) || Number.isNaN(bookingId) || Number.isNaN(projectId))
+			return null;
+		const resourceId = id > 0 ? id : bookingId;
+		return { id, bookingId, projectId, resourceId };
+	}
+
+	/**
+	 * Create a new booking in the Inhouse Booking System.
+	 * Params are sent as query string with empty body, matching the Inhouse API format.
+	 */
+	async createEvent(
+		event: Omit<CalendarEvent, "calendar" | "color">,
+	): Promise<CalendarEvent> {
+		if (!this.enabled) {
+			throw new Error("Inhouse Booking System source is disabled");
+		}
+
+		const parsed = this.parseEventId(event.id);
+		if (!parsed) {
+			throw new Error(
+				`Creating bookings requires an event ID in format "{id}-{bookingId}-{projectId}", got: ${event.id}`,
+			);
+		}
+
+		const durationMs = event.end.getTime() - event.start.getTime();
+		const duration = this.formatDuration(durationMs);
+		const date = event.start.toISOString().split("T")[0];
+		const description = event.description || "";
+
+		const params = new URLSearchParams({
+			employee_id: this.credentials.employeeId,
+			unit_id: this.credentials.unitId || "",
+			date,
+			description,
+			project_id: parsed.projectId.toString(),
+			duration,
+			create: "",
+		});
+
+		const result = await this.apiQueryRequest<{ id: number }>(
+			"/timetracks",
+			"POST",
+			params,
+		);
+
+		if (!result.id) {
+			throw new Error("Failed to create booking: invalid response from server");
+		}
+
+		const newEventId = `${result.id}:0:${parsed.projectId}`;
+
+		return {
+			...event,
+			id: newEventId,
+			calendar: this.name,
+			color: this.color,
+			sourceId: this.id,
+			readOnly: false,
+		};
+	}
+
+	/**
+	 * Update an existing booking in the Inhouse Booking System.
+	 */
+	async updateEvent(
+		event: CalendarEvent,
+		updates: Partial<CalendarEvent>,
+	): Promise<CalendarEvent> {
+		if (!this.enabled) {
+			throw new Error("Inhouse Booking System source is disabled");
+		}
+
+		const id = event.id;
+		const parsedId = this.parseEventId(id);
+		if (!parsedId) {
+			throw new Error(`Invalid event ID format: ${id}`);
+		}
+
+		// Fetch existing booking to get current values (match by API id, first segment)
+		const existingBookings = await this.fetchEvents();
+		const existing = existingBookings.find((e) =>
+			e.id.startsWith(`${parsedId.id}:`),
+		);
+		if (!existing) {
+			throw new Error(`Booking not found: ${id}`);
+		}
+
+		// Use current values or fall back to existing
+		const start = updates.start ?? existing.start;
+		const end = updates.end ?? existing.end;
+		const durationMs = end.getTime() - start.getTime();
+		const duration = this.formatDuration(durationMs);
+		const date = start.toISOString().split("T")[0];
+		const description = updates.description ?? existing.description ?? "";
+
+		const body = new URLSearchParams({
+			id: parsedId.resourceId.toString(),
+			unit_id: this.credentials.unitId || "",
+			employee_id: this.credentials.employeeId,
+			booking_id: parsedId.bookingId.toString(),
+			date,
+			description,
+			project_id: parsedId.projectId.toString(),
+			duration,
+			update: "",
+		});
+
+		await this.apiWriteRequest<unknown>(
+			`/timetracks/${parsedId.resourceId}`,
+			"PUT",
+			body,
+		);
+
+		return {
+			...existing,
+			...updates,
+			id,
+			calendar: this.name,
+			color: this.color,
+			sourceId: this.id,
+			readOnly: false,
+		};
+	}
+
+	/**
+	 * Delete a booking from the Inhouse Booking System.
+	 * - Confirmed timetracks (id > 0): DELETE /timetracks/{id}?id=...&date=...&duration=...etc
+	 * - Raw bookings (id <= 0): DELETE /timetracks/delete_bookings/{bookingId}
+	 */
+	async deleteEvent(id: string): Promise<void> {
+		if (!this.enabled) {
+			throw new Error("Inhouse Booking System source is disabled");
+		}
+
+		const parsedId = this.parseEventId(id);
+		if (!parsedId) {
+			throw new Error(`Invalid event ID format: ${id}`);
+		}
+
+		if (parsedId.id <= 0) {
+			await this.apiQueryRequest<unknown>(
+				`/timetracks/delete_bookings/${parsedId.bookingId}`,
+				"DELETE",
+				new URLSearchParams(),
+			);
+			return;
+		}
+
+		const existingBookings = await this.fetchEvents();
+		const existing = existingBookings.find((e) => e.id === id);
+		if (!existing) {
+			throw new Error(`Booking not found: ${id}`);
+		}
+
+		const durationMs = existing.end.getTime() - existing.start.getTime();
+		const duration = this.formatDuration(durationMs);
+		const date = existing.start.toISOString().split("T")[0];
+		const description = existing.description ?? "";
+
+		const params = new URLSearchParams({
+			id: parsedId.id.toString(),
+			unit_id: this.credentials.unitId || "",
+			employee_id: this.credentials.employeeId,
+			booking_id: parsedId.bookingId.toString(),
+			date,
+			description,
+			project_id: parsedId.projectId.toString(),
+			duration,
+		});
+
+		await this.apiQueryRequest<unknown>(
+			`/timetracks/${parsedId.id}`,
+			"DELETE",
+			params,
+		);
+	}
+
+	/**
+	 * Test the connection to the Inhouse Booking System.
+	 * Returns true if the credentials are valid.
+	 */
+	async testConnection(): Promise<boolean> {
+		try {
+			const now = new Date();
+			const dateFilter = {
+				">=": now.toISOString().split("T")[0],
+				"<=": now.toISOString().split("T")[0],
+			};
+			const employeeFilter = {
+				"=": Number.parseInt(this.credentials.employeeId, 10),
+			};
+
+			const params = new URLSearchParams({
+				date: JSON.stringify(dateFilter),
+				employee_id: JSON.stringify(employeeFilter),
+				limit: "1",
+			});
+
+			await this.apiRequest<InhouseBooking[]>(
+				"/timetracks/with_bookings",
+				params,
+			);
+			return true;
+		} catch {
+			return false;
+		}
+	}
 }