npm - nodebb-plugin-calendar-onekite - Versions diffs - 1.3.9 → 1.4.2 - Mend

nodebb-plugin-calendar-onekite 1.3.9 → 1.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/library.js +856 -758
package/package.json +1 -1
package/plugin.json +1 -1
package/static/js/admin.js +68 -59
package/templates/admin/calendar-planning.tpl +30 -0
package/templates/admin/plugins/calendar-onekite.tpl +8 -2
package/templates/admin/plugins/calendar-planning.tpl +3 -3

package/library.js CHANGED Viewed

@@ -1,758 +1,856 @@
-'use strict';
-const db = require.main.require('./src/database');
-const user = require.main.require('./src/user');
-const meta = require.main.require('./src/meta');
-const emailer = require.main.require('./src/emailer');
-const Settings = meta.settings;
-const helloAsso = require('./helloasso');
-const Plugin = {};
-let appRef = null;
-const EVENTS_SET_KEY = 'calendar:events:start';
-const EVENT_KEY_PREFIX = 'calendar:event:';
-function getEventKey(eid) {
-  return EVENT_KEY_PREFIX + eid;
-}
-async function nextReservationId() {
-  const rid = await db.incrObjectField('global', 'nextCalendarRid');
-  return String(rid);
-}
-// nombre de jours entre deux dates (inclus)
-function daysBetween(start, end) {
-  const d1 = new Date(start);
-  const d2 = new Date(end);
-  if (isNaN(d1.getTime()) || isNaN(d2.getTime())) return 1;
-  const t1 = Date.UTC(d1.getFullYear(), d1.getMonth(), d1.getDate());
-  const t2 = Date.UTC(d2.getFullYear(), d2.getMonth(), d2.getDate());
-  const diff = Math.round((t2 - t1) / (1000 * 60 * 60 * 24));
-  return Math.max(1, diff + 1);
-}
-/* ********* EVENTS ********* */
-async function createEvent(data, uid) {
-  const eid = await db.incrObjectField('global', 'nextCalendarEid');
-  const key = getEventKey(eid);
-  const now = Date.now();
-  const startTs = Number(new Date(data.start).getTime()) || now;
-  const endTs = Number(new Date(data.end).getTime()) || startTs;
-  const bookingItems = Array.isArray(data.bookingItems) ? data.bookingItems : [];
-  const eventObj = {
-    eid: String(eid),
-    title: String(data.title || ''),
-    description: String(data.description || ''),
-    start: new Date(startTs).toISOString(),
-    end: new Date(endTs).toISOString(),
-    allDay: data.allDay ? 1 : 0,
-    location: String(data.location || ''),
-    createdByUid: String(uid || 0),
-    createdAt: String(now),
-    updatedAt: String(now),
-    rsvpYes: '[]',
-    rsvpMaybe: '[]',
-    rsvpNo: '[]',
-    visibility: String(data.visibility || 'public'),
-    bookingEnabled: data.bookingEnabled ? 1 : 0,
-    bookingItems: JSON.stringify(bookingItems),
-    reservations: JSON.stringify([]),
-  };
-  await db.setObject(key, eventObj);
-  await db.sortedSetAdd(EVENTS_SET_KEY, startTs, eid);
-  return eventObj;
-}
-async function getEvent(eid) {
-  return db.getObject(getEventKey(eid));
-}
-async function updateEvent(eid, data) {
-  const key = getEventKey(eid);
-  const existing = await db.getObject(key);
-  if (!existing) throw new Error('Event not found');
-  const startTs = data.start ? new Date(data.start).getTime() : new Date(existing.start).getTime();
-  const endTs = data.end ? new Date(data.end).getTime() : new Date(existing.end).getTime();
-  const bookingItems = Array.isArray(data.bookingItems)
-    ? data.bookingItems
-    : JSON.parse(existing.bookingItems || '[]');
-  const updated = {
-    ...existing,
-    title: data.title !== undefined ? String(data.title) : existing.title,
-    description: data.description !== undefined ? String(data.description) : existing.description,
-    start: new Date(startTs).toISOString(),
-    end: new Date(endTs).toISOString(),
-    allDay: data.allDay !== undefined ? (data.allDay ? 1 : 0) : existing.allDay,
-    location: data.location !== undefined ? String(data.location) : existing.location,
-    visibility: data.visibility !== undefined ? String(data.visibility) : existing.visibility,
-    bookingEnabled:
-      data.bookingEnabled !== undefined ? (data.bookingEnabled ? 1 : 0) : (existing.bookingEnabled || 0),
-    bookingItems: JSON.stringify(bookingItems),
-    updatedAt: String(Date.now()),
-  };
-  await db.setObject(key, updated);
-  await db.sortedSetAdd(EVENTS_SET_KEY, startTs, eid);
-  return updated;
-}
-async function deleteEvent(eid) {
-  await db.sortedSetRemove(EVENTS_SET_KEY, eid);
-  await db.delete(getEventKey(eid));
-}
-async function getEventsBetween(start, end) {
-  const startTs = new Date(start).getTime();
-  const endTs = new Date(end).getTime();
-  const eids = await db.getSortedSetRangeByScore(EVENTS_SET_KEY, 0, -1, startTs, endTs);
-  if (!eids || !eids.length) return [];
-  const keys = eids.map(eid => getEventKey(eid));
-  const events = await db.getObjects(keys);
-  return (events || []).filter(Boolean).map(ev => ({
-    ...ev,
-    bookingItems: JSON.parse(ev.bookingItems || '[]'),
-  }));
-}
-async function getUpcomingEvents(limit = 5) {
-  const now = Date.now();
-  const eids = await db.getSortedSetRangeByScore(EVENTS_SET_KEY, 0, limit - 1, now, '+inf');
-  if (!eids || !eids.length) return [];
-  const keys = eids.map(eid => getEventKey(eid));
-  const events = await db.getObjects(keys);
-  return (events || []).filter(Boolean);
-}
-/* ********* PERMISSIONS ********* */
-async function userCanCreate(uid) {
-  if (!uid || uid === 0) return false;
-  const settings = await Settings.get('calendar-onekite');
-  if (!settings || !settings.allowedGroups) return false;
-  const allowedSet = new Set(
-    settings.allowedGroups
-      .split(',')
-      .map(g => g.trim().toLowerCase())
-      .filter(Boolean)
-  );
-  if (!allowedSet.size) return false;
-  const userGroupsArr = await user.getUserGroups([uid]);
-  const groups = (userGroupsArr[0] || []).map(g => g.name.toLowerCase());
-  return groups.some(g => allowedSet.has(g));
-}
-async function userCanBook(uid) {
-  if (!uid || uid === 0) return false;
-  const settings = await Settings.get('calendar-onekite');
-  // Si pas configuré, on permet à tout le monde connecté
-  if (!settings || !settings.allowedBookingGroups) return true;
-  const allowedSet = new Set(
-    settings.allowedBookingGroups
-      .split(',')
-      .map(g => g.trim().toLowerCase())
-      .filter(Boolean)
-  );
-  if (!allowedSet.size) return true;
-  const userGroupsArr = await user.getUserGroups([uid]);
-  const groups = (userGroupsArr[0] || []).map(g => g.name.toLowerCase());
-  return groups.some(g => allowedSet.has(g));
-}
-/* ********* RSVP ********* */
-async function setRsvp(eid, uid, status) {
-  const key = getEventKey(eid);
-  const event = await db.getObject(key);
-  if (!event) throw new Error('Event not found');
-  const parseList = (str) => {
-    try { return JSON.parse(str || '[]'); } catch (e) { return []; }
-  };
-  let yes = parseList(event.rsvpYes);
-  let maybe = parseList(event.rsvpMaybe);
-  let no = parseList(event.rsvpNo);
-  const u = String(uid);
-  yes = yes.filter(id => id !== u);
-  maybe = maybe.filter(id => id !== u);
-  no = no.filter(id => id !== u);
-  if (status === 'yes') yes.push(u);
-  if (status === 'maybe') maybe.push(u);
-  if (status === 'no') no.push(u);
-  const updated = {
-    ...event,
-    rsvpYes: JSON.stringify(yes),
-    rsvpMaybe: JSON.stringify(maybe),
-    rsvpNo: JSON.stringify(no),
-    updatedAt: String(Date.now()),
-  };
-  await db.setObject(key, updated);
-  return updated;
-}
-/* ********* PRIX ********* */
-function computePrice(event, reservation) {
-  const items = JSON.parse(event.bookingItems || '[]');
-  const item = items.find(i => i.id === reservation.itemId);
-  if (!item) return 0;
-  const unit = Number(item.price || 0);
-  const days = reservation.days || 1;
-  return unit * reservation.quantity * days;
-}
-/* ********* ADMIN PAGE (AJOUTÉ) ********* */
-async function renderAdminPage(req, res) {
-  try {
-    const settings = (await Settings.get('calendar-onekite')) || {};
-    res.render('admin/plugins/calendar-onekite', {
-      title: 'Calendar OneKite',
-      settings,
-    });
-  } catch (err) {
-    if (req.path && req.path.startsWith('/api/')) {
-      return res.status(500).json({ error: err.message });
-    }
-    res.status(500).send(err.message);
-  }
-}
-/* ********* INIT ********* */
-Plugin.init = async function (params) {
-  const { router, middleware } = params;
-  appRef = params.app;
-  /* PAGES */
-  router.get('/calendar', middleware.buildHeader, renderCalendarPage);
-  router.get('/api/calendar', renderCalendarPage);
-  router.get('/calendar/my-reservations', middleware.buildHeader, renderMyReservationsPage);
-  router.get('/api/calendar/my-reservations/page', renderMyReservationsPage);
-  // admin planning
-  router.get('/admin/calendar/planning', middleware.admin.buildHeader, renderPlanningPage);
-  router.get('/api/admin/calendar/planning/page', renderPlanningPage);
-  /* API EVENTS */
-  router.get('/api/calendar/events', async (req, res) => {
-    try {
-      const { start, end } = req.query;
-      if (!start || !end) return res.status(400).json({ error: 'Missing start/end' });
-      const events = await getEventsBetween(start, end);
-      res.json(events);
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  router.post('/api/calendar/event', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = req.user?.uid || 0;
-      if (!await userCanCreate(uid)) return res.status(403).json({ error: 'Permission refusée' });
-      const event = await createEvent(req.body, uid);
-      res.json(event);
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  router.put('/api/calendar/event/:eid', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = req.user?.uid || 0;
-      if (!await userCanCreate(uid)) return res.status(403).json({ error: 'Permission refusée' });
-      const eid = req.params.eid;
-      const event = await updateEvent(eid, req.body);
-      res.json(event);
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  router.delete('/api/calendar/event/:eid', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = req.user?.uid || 0;
-      if (!await userCanCreate(uid)) return res.status(403).json({ error: 'Permission refusée' });
-      const eid = req.params.eid;
-      await deleteEvent(eid);
-      res.json({ status: 'ok' });
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  router.get('/api/calendar/event/:eid', async (req, res) => {
-    try {
-      const eid = req.params.eid;
-      const event = await getEvent(eid);
-      if (!event) return res.status(404).json({ error: 'Événement introuvable' });
-      const items = JSON.parse(event.bookingItems || '[]');
-      const reservations = JSON.parse(event.reservations || '[]');
-      res.json({ ...event, bookingItems: items, reservations });
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* RSVP */
-  router.post('/api/calendar/event/:eid/rsvp', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const eid = req.params.eid;
-      const uid = req.user?.uid || 0;
-      const status = req.body.status;
-      const event = await setRsvp(eid, uid, status);
-      res.json(event);
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* PERMISSIONS CLIENT */
-  router.get('/api/calendar/permissions/create', async (req, res) => {
-    const uid = req.user?.uid || 0;
-    const allow = await userCanCreate(uid);
-    res.json({ allow });
-  });
-  router.get('/api/calendar/permissions/book', async (req, res) => {
-    const uid = req.user?.uid || 0;
-    const allow = await userCanBook(uid);
-    res.json({ allow });
-  });
-  /* RÉSERVATION MULTI-JOURS */
-  router.post('/api/calendar/event/:eid/book', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = req.user?.uid || 0;
-      const eid = req.params.eid;
-      const { itemId, quantity, dateStart, dateEnd } = req.body;
-      if (!await userCanBook(uid)) {
-        return res.status(403).json({ error: 'Vous n’êtes pas autorisé à réserver du matériel.' });
-      }
-      if (!dateStart || !dateEnd) {
-        return res.status(400).json({ error: 'Dates de début et de fin obligatoires.' });
-      }
-      const event = await getEvent(eid);
-      if (!event) return res.status(404).json({ error: 'Événement introuvable' });
-      if (!Number(event.bookingEnabled)) return res.status(400).json({ error: 'Réservation désactivée' });
-      const items = JSON.parse(event.bookingItems || '[]');
-      const item = items.find(i => i.id === itemId);
-      if (!item) return res.status(400).json({ error: 'Matériel introuvable' });
-      const q = Number(quantity);
-      if (!q || q <= 0) return res.status(400).json({ error: 'Quantité invalide' });
-      const allRes = JSON.parse(event.reservations || '[]');
-      const overlapping = allRes.filter(r => {
-        if (r.itemId !== itemId) return false;
-        if (r.status === 'cancelled') return false;
-        const startR = new Date(r.dateStart);
-        const endR = new Date(r.dateEnd);
-        const startN = new Date(dateStart);
-        const endN = new Date(dateEnd);
-        return !(endN < startR || startN > endR);
-      });
-      const used = overlapping.reduce((sum, r) => sum + r.quantity, 0);
-      const available = item.total - used;
-      if (q > available) return res.status(400).json({ error: 'Matériel indisponible pour ces dates.' });
-      const rid = await nextReservationId();
-      const now = Date.now();
-      const nbDays = daysBetween(dateStart, dateEnd);
-      const reservation = {
-        rid,
-        eid: String(eid),
-        uid: String(uid),
-        itemId: String(itemId),
-        quantity: q,
-        dateStart,
-        dateEnd,
-        days: nbDays,
-        status: 'pending_admin',
-        helloAssoOrderId: null,
-        createdAt: now,
-        pickupLocation: item.pickupLocation || '',
-      };
-      allRes.push(reservation);
-      event.bookingItems = JSON.stringify(items);
-      event.reservations = JSON.stringify(allRes);
-      await db.setObject(getEventKey(eid), event);
-      try {
-        await emailer.send('calendar-reservation-created', uid, {
-          subject: 'Votre demande de réservation a été envoyée',
-          eventTitle: event.title,
-          item: item.name,
-          quantity: reservation.quantity,
-          date: new Date().toLocaleString('fr-FR'),
-          dateStart,
-          dateEnd,
-          days: nbDays,
-          pickupLocation: reservation.pickupLocation || 'Non précisé',
-        });
-      } catch (e) {
-        console.warn('[calendar-onekite] email reservation-created error:', e.message);
-      }
-      res.json({
-        success: true,
-        status: 'pending_admin',
-        message: 'Votre demande de réservation a été envoyée. Elle doit être validée par un administrateur.',
-      });
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* ADMIN : LISTE PENDING */
-  router.get('/api/admin/calendar/pending', middleware.admin.checkPrivileges, async (req, res) => {
-    try {
-      const result = [];
-      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
-      for (const eid of eids) {
-        const event = await getEvent(eid);
-        if (!event) continue;
-        const reservations = JSON.parse(event.reservations || '[]');
-        const pending = reservations.filter(r => r.status === 'pending_admin');
-        if (pending.length) result.push({ event, reservations: pending });
-      }
-      res.json(result);
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* ADMIN : VALIDATION */
-  router.post('/api/admin/calendar/reservation/:rid/validate', middleware.admin.checkPrivileges, async (req, res) => {
-    try {
-      const rid = req.params.rid;
-      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
-      let targetEvent = null;
-      let reservation = null;
-      for (const eid of eids) {
-        const event = await getEvent(eid);
-        if (!event) continue;
-        const reservations = JSON.parse(event.reservations || '[]');
-        const r = reservations.find(rr => rr.rid === rid);
-        if (r) {
-          targetEvent = event;
-          reservation = r;
-          break;
-        }
-      }
-      if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
-      if (reservation.status !== 'pending_admin') return res.status(400).json({ error: 'Réservation déjà traitée' });
-      reservation.status = 'awaiting_payment';
-      const resList = JSON.parse(targetEvent.reservations || '[]');
-      const idx = resList.findIndex(r => r.rid === rid);
-      resList[idx] = reservation;
-      targetEvent.reservations = JSON.stringify(resList);
-      await db.setObject(getEventKey(targetEvent.eid), targetEvent);
-      const amount = computePrice(targetEvent, reservation);
-      const checkoutUrl = await helloAsso.createHelloAssoCheckoutIntent({
-        eid: reservation.eid,
-        rid,
-        uid: reservation.uid,
-        itemId: reservation.itemId,
-        quantity: reservation.quantity,
-        amount,
-      });
-      try {
-        await emailer.send('calendar-reservation-approved', reservation.uid, {
-          subject: 'Votre réservation a été validée',
-          eventTitle: targetEvent.title,
-          itemName: reservation.itemId,
-          quantity: reservation.quantity,
-          checkoutUrl,
-          pickupLocation: reservation.pickupLocation || 'Non précisé',
-          dateStart: reservation.dateStart,
-          dateEnd: reservation.dateEnd,
-          days: reservation.days || 1,
-        });
-      } catch (e) {
-        console.warn('[calendar-onekite] email reservation-approved error:', e.message);
-      }
-      res.json({ success: true, checkoutUrl });
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* ADMIN : ANNULATION */
-  router.post('/api/admin/calendar/reservation/:rid/cancel', middleware.admin.checkPrivileges, async (req, res) => {
-    try {
-      const rid = req.params.rid;
-      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
-      let reservation = null;
-      for (const eid of eids) {
-        const event = await getEvent(eid);
-        if (!event) continue;
-        const reservations = JSON.parse(event.reservations || '[]');
-        const rIndex = reservations.findIndex(rr => rr.rid === rid);
-        if (rIndex !== -1) {
-          reservation = reservations[rIndex];
-          reservation.status = 'cancelled';
-          reservations[rIndex] = reservation;
-          event.reservations = JSON.stringify(reservations);
-          await db.setObject(getEventKey(event.eid), event);
-          break;
-        }
-      }
-      if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
-      res.json({ success: true });
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* WEBHOOK HELLOASSO */
-  router.post('/api/calendar/helloasso/webhook', async (req, res) => {
-    try {
-      const payload = req.body;
-      const order = payload.order || payload;
-      const orderId = String(order.id);
-      const state = order.state || order.status || '';
-      if (state !== 'Paid') return res.json({ ignored: true });
-      const custom = order.customFields || {};
-      const eid = String(custom.eid);
-      const rid = String(custom.rid);
-      const event = await getEvent(eid);
-      if (!event) throw new Error('Event not found');
-      let reservations = JSON.parse(event.reservations || '[]');
-      const rIndex = reservations.findIndex(r => r.rid === rid);
-      if (rIndex === -1) throw new Error('Reservation not found');
-      const reservation = reservations[rIndex];
-      if (reservation.status === 'paid') return res.json({ ok: true });
-      const items = JSON.parse(event.bookingItems || '[]');
-      const itemIndex = items.findIndex(i => i.id === reservation.itemId);
-      if (itemIndex !== -1) {
-        const item = items[itemIndex];
-        item.reserved = (item.reserved || 0) + reservation.quantity;
-        items[itemIndex] = item;
-      }
-      reservation.status = 'paid';
-      reservation.helloAssoOrderId = orderId;
-      reservations[rIndex] = reservation;
-      event.bookingItems = JSON.stringify(items);
-      event.reservations = JSON.stringify(reservations);
-      await db.setObject(getEventKey(eid), event);
-      try {
-        await emailer.send('calendar-payment-confirmed', reservation.uid, {
-          subject: 'Votre paiement a été confirmé',
-          eventTitle: event.title,
-          itemName: reservation.itemId,
-          quantity: reservation.quantity,
-          pickupLocation: reservation.pickupLocation || 'Non précisé',
-          dateStart: reservation.dateStart,
-          dateEnd: reservation.dateEnd,
-          days: reservation.days || 1,
-        });
-      } catch (e) {
-        console.warn('[calendar-onekite] email payment-confirmed error:', e.message);
-      }
-      res.json({ ok: true });
-    } catch (err) {
-      console.error('[calendar-onekite] HelloAsso webhook error:', err);
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* PAGE ADMIN PLUGIN (CORRIGÉ) */
-  router.get('/admin/plugins/nodebb-calendar-onekite', middleware.admin.buildHeader, renderAdminPage);
-  router.get('/api/admin/plugins/nodebb-calendar-onekite', renderAdminPage);
-  router.put('/api/admin/plugins/nodebb-calendar-onekite', middleware.admin.checkPrivileges, async (req, res) => {
-    try {
-      await Settings.set('calendar-onekite', req.body);
-      res.json({ status: 'ok' });
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* PAGE "MES RÉSERVATIONS" */
-  router.get('/api/calendar/my-reservations', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      const uid = String(req.user?.uid || 0);
-      if (!uid || uid === '0') return res.status(403).json({ error: 'Non connecté' });
-      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
-      const result = [];
-      for (const eid of eids) {
-        const event = await getEvent(eid);
-        if (!event) continue;
-        const items = JSON.parse(event.bookingItems || '[]');
-        const reservations = JSON.parse(event.reservations || '[]');
-        reservations
-          .filter(r => r.uid === uid)
-          .forEach(r => {
-            const item = items.find(i => i.id === r.itemId);
-            result.push({
-              ...r,
-              eventTitle: event.title,
-              eventStart: event.start,
-              eventEnd: event.end,
-              itemName: item ? item.name : r.itemId,
-            });
-          });
-      }
-      result.sort((a, b) => new Date(a.dateStart) - new Date(b.dateStart));
-      res.json(result);
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-  /* PAGE ADMIN PLANNING : liste toutes les résas futures */
-  router.get('/api/admin/calendar/planning', middleware.admin.checkPrivileges, async (req, res) => {
-    try {
-      const now = new Date();
-      const eids = await db.getSortedSetRangeByScore(EVENTS_SET_KEY, 0, -1, now.getTime(), '+inf');
-      const rows = [];
-      for (const eid of eids) {
-        const event = await getEvent(eid);
-        if (!event) continue;
-        const items = JSON.parse(event.bookingItems || '[]');
-        const reservations = JSON.parse(event.reservations || '[]');
-        reservations
-          .filter(r => r.status === 'pending_admin' || r.status === 'awaiting_payment' || r.status === 'paid')
-          .forEach(r => {
-            const item = items.find(i => i.id === r.itemId);
-            rows.push({
-              eid: event.eid,
-              eventTitle: event.title,
-              itemId: r.itemId,
-              itemName: item ? item.name : r.itemId,
-              uid: r.uid,
-              quantity: r.quantity,
-              dateStart: r.dateStart,
-              dateEnd: r.dateEnd,
-              days: r.days || daysBetween(r.dateStart, r.dateEnd),
-              status: r.status,
-              pickupLocation: r.pickupLocation || 'Non précisé',
-            });
-          });
-      }
-      rows.sort((a, b) => new Date(a.dateStart) - new Date(b.dateStart));
-      res.json(rows);
-    } catch (err) {
-      res.status(500).json({ error: err.message });
-    }
-  });
-};
-function renderCalendarPage(req, res) {
-  res.render('calendar', { title: 'Calendrier' });
-}
-function renderMyReservationsPage(req, res) {
-  res.render('calendar-my-reservations', { title: 'Mes réservations' });
-}
-function renderPlanningPage(req, res) {
-  res.render('admin/calendar-planning', { title: 'Planning des réservations' });
-}
-Plugin.addAdminNavigation = function (header) {
-  header.plugins.push({
-    route: '/plugins/calendar-onekite',
-    icon: 'fa fa-calendar',
-    name: 'Calendar OneKite',
-  });
-  return header;
-};
-Plugin.defineWidgets = async function (widgets) {
-  widgets.push({
-    widget: 'calendarUpcoming',
-    name: 'Prochains événements',
-    description: 'Affiche la liste des prochains événements du calendrier.',
-    content: '',
-  });
-  return widgets;
-};
-Plugin.renderUpcomingWidget = async function (widget, callback) {
-  try {
-    const settings = (await Settings.get('calendar-onekite')) || {};
-    const limit = Number(widget.data.limit || settings.limit || 5);
-    const events = await getUpcomingEvents(limit);
-    const html = await appRef.renderAsync('widgets/calendar-upcoming', { events });
-    widget.html = html;
-    callback(null, widget);
-  } catch (err) {
-    callback(err);
-  }
-};
-module.exports = Plugin;
+'use strict';
+/**
+ * NodeBB v4 plugin: Calendar OneKite
+ * - Events + booking items (with pickupLocation per item)
+ * - Multi-day reservations
+ * - Admin validation -> HelloAsso checkout link -> payment webhook -> mark paid
+ * - Admin planning view + "My reservations" page
+ * - Settings:
+ *   - Settings key: "calendar-onekite"
+ *   - Admin page: /admin/plugins/calendar-onekite
+ *   - Admin API:  /api/admin/plugins/calendar-onekite
+ *
+ * Templates expected:
+ * - templates/calendar.tpl
+ * - templates/calendar-my-reservations.tpl
+ * - templates/admin/plugins/calendar-onekite.tpl
+ * - templates/admin/calendar-planning.tpl
+ * - templates/widgets/calendar-upcoming.tpl
+ * - templates/emails/calendar-reservation-created.tpl
+ * - templates/emails/calendar-reservation-approved.tpl
+ * - templates/emails/calendar-payment-confirmed.tpl
+ */
+const db = require.main.require('./src/database');
+const user = require.main.require('./src/user');
+const meta = require.main.require('./src/meta');
+const emailer = require.main.require('./src/emailer');
+const Settings = meta.settings;
+const helloAsso = require('./helloasso');
+const Plugin = {};
+let appRef = null;
+const SETTINGS_KEY = 'calendar-onekite';
+const EVENTS_SET_KEY = 'calendar:events:start';
+const EVENT_KEY_PREFIX = 'calendar:event:';
+function getEventKey(eid) {
+  return EVENT_KEY_PREFIX + eid;
+}
+async function nextReservationId() {
+  const rid = await db.incrObjectField('global', 'nextCalendarRid');
+  return String(rid);
+}
+// number of days between two yyyy-mm-dd dates (inclusive)
+function daysBetween(start, end) {
+  const d1 = new Date(start);
+  const d2 = new Date(end);
+  if (isNaN(d1.getTime()) || isNaN(d2.getTime())) return 1;
+  const t1 = Date.UTC(d1.getFullYear(), d1.getMonth(), d1.getDate());
+  const t2 = Date.UTC(d2.getFullYear(), d2.getMonth(), d2.getDate());
+  const diff = Math.round((t2 - t1) / (1000 * 60 * 60 * 24));
+  return Math.max(1, diff + 1);
+}
+/* -----------------------------
+ * Events
+ * ---------------------------- */
+async function createEvent(data, uid) {
+  const eid = await db.incrObjectField('global', 'nextCalendarEid');
+  const key = getEventKey(eid);
+  const now = Date.now();
+  const startTs = Number(new Date(data.start).getTime()) || now;
+  const endTs = Number(new Date(data.end).getTime()) || startTs;
+  const bookingItems = Array.isArray(data.bookingItems) ? data.bookingItems : [];
+  const eventObj = {
+    eid: String(eid),
+    title: String(data.title || ''),
+    description: String(data.description || ''),
+    start: new Date(startTs).toISOString(),
+    end: new Date(endTs).toISOString(),
+    allDay: data.allDay ? 1 : 0,
+    location: String(data.location || ''),
+    createdByUid: String(uid || 0),
+    createdAt: String(now),
+    updatedAt: String(now),
+    rsvpYes: '[]',
+    rsvpMaybe: '[]',
+    rsvpNo: '[]',
+    visibility: String(data.visibility || 'public'),
+    bookingEnabled: data.bookingEnabled ? 1 : 0,
+    bookingItems: JSON.stringify(bookingItems),
+    reservations: JSON.stringify([]),
+  };
+  await db.setObject(key, eventObj);
+  await db.sortedSetAdd(EVENTS_SET_KEY, startTs, eid);
+  return eventObj;
+}
+async function getEvent(eid) {
+  return db.getObject(getEventKey(eid));
+}
+async function updateEvent(eid, data) {
+  const key = getEventKey(eid);
+  const existing = await db.getObject(key);
+  if (!existing) throw new Error('Event not found');
+  const startTs = data.start ? new Date(data.start).getTime() : new Date(existing.start).getTime();
+  const endTs = data.end ? new Date(data.end).getTime() : new Date(existing.end).getTime();
+  const bookingItems = Array.isArray(data.bookingItems)
+    ? data.bookingItems
+    : JSON.parse(existing.bookingItems || '[]');
+  const updated = {
+    ...existing,
+    title: data.title !== undefined ? String(data.title) : existing.title,
+    description: data.description !== undefined ? String(data.description) : existing.description,
+    start: new Date(startTs).toISOString(),
+    end: new Date(endTs).toISOString(),
+    allDay: data.allDay !== undefined ? (data.allDay ? 1 : 0) : existing.allDay,
+    location: data.location !== undefined ? String(data.location) : existing.location,
+    visibility: data.visibility !== undefined ? String(data.visibility) : existing.visibility,
+    bookingEnabled: data.bookingEnabled !== undefined ? (data.bookingEnabled ? 1 : 0) : (existing.bookingEnabled || 0),
+    bookingItems: JSON.stringify(bookingItems),
+    updatedAt: String(Date.now()),
+  };
+  await db.setObject(key, updated);
+  await db.sortedSetAdd(EVENTS_SET_KEY, startTs, eid);
+  return updated;
+}
+async function deleteEvent(eid) {
+  await db.sortedSetRemove(EVENTS_SET_KEY, eid);
+  await db.delete(getEventKey(eid));
+}
+async function getEventsBetween(start, end) {
+  const startTs = new Date(start).getTime();
+  const endTs = new Date(end).getTime();
+  const eids = await db.getSortedSetRangeByScore(EVENTS_SET_KEY, 0, -1, startTs, endTs);
+  if (!eids || !eids.length) return [];
+  const keys = eids.map(eid => getEventKey(eid));
+  const events = await db.getObjects(keys);
+  return (events || []).filter(Boolean).map(ev => ({
+    ...ev,
+    bookingItems: JSON.parse(ev.bookingItems || '[]'),
+  }));
+}
+async function getUpcomingEvents(limit = 5) {
+  const now = Date.now();
+  const eids = await db.getSortedSetRangeByScore(EVENTS_SET_KEY, 0, limit - 1, now, '+inf');
+  if (!eids || !eids.length) return [];
+  const keys = eids.map(eid => getEventKey(eid));
+  const events = await db.getObjects(keys);
+  return (events || []).filter(Boolean);
+}
+/* -----------------------------
+ * Permissions
+ * ---------------------------- */
+async function userCanCreate(uid) {
+  if (!uid || uid === 0) return false;
+  const settings = await Settings.get(SETTINGS_KEY);
+  if (!settings || !settings.allowedGroups) return false;
+  const allowedSet = new Set(
+    settings.allowedGroups
+      .split(',')
+      .map(g => g.trim().toLowerCase())
+      .filter(Boolean)
+  );
+  if (!allowedSet.size) return false;
+  const userGroupsArr = await user.getUserGroups([uid]);
+  const groups = (userGroupsArr[0] || []).map(g => (g.name || '').toLowerCase());
+  return groups.some(g => allowedSet.has(g));
+}
+async function userCanBook(uid) {
+  if (!uid || uid === 0) return false;
+  const settings = await Settings.get(SETTINGS_KEY);
+  // if not configured -> allow any logged-in user
+  if (!settings || !settings.allowedBookingGroups) return true;
+  const allowedSet = new Set(
+    settings.allowedBookingGroups
+      .split(',')
+      .map(g => g.trim().toLowerCase())
+      .filter(Boolean)
+  );
+  if (!allowedSet.size) return true;
+  const userGroupsArr = await user.getUserGroups([uid]);
+  const groups = (userGroupsArr[0] || []).map(g => (g.name || '').toLowerCase());
+  return groups.some(g => allowedSet.has(g));
+}
+/* -----------------------------
+ * RSVP
+ * ---------------------------- */
+async function setRsvp(eid, uid, status) {
+  const key = getEventKey(eid);
+  const event = await db.getObject(key);
+  if (!event) throw new Error('Event not found');
+  const parseList = (str) => {
+    try { return JSON.parse(str || '[]'); } catch (e) { return []; }
+  };
+  let yes = parseList(event.rsvpYes);
+  let maybe = parseList(event.rsvpMaybe);
+  let no = parseList(event.rsvpNo);
+  const u = String(uid);
+  yes = yes.filter(id => id !== u);
+  maybe = maybe.filter(id => id !== u);
+  no = no.filter(id => id !== u);
+  if (status === 'yes') yes.push(u);
+  if (status === 'maybe') maybe.push(u);
+  if (status === 'no') no.push(u);
+  const updated = {
+    ...event,
+    rsvpYes: JSON.stringify(yes),
+    rsvpMaybe: JSON.stringify(maybe),
+    rsvpNo: JSON.stringify(no),
+    updatedAt: String(Date.now()),
+  };
+  await db.setObject(key, updated);
+  return updated;
+}
+/* -----------------------------
+ * Pricing
+ * ---------------------------- */
+function computePrice(event, reservation) {
+  const items = JSON.parse(event.bookingItems || '[]');
+  const item = items.find(i => i.id === reservation.itemId);
+  if (!item) return 0;
+  const unit = Number(item.price || 0);
+  const days = Number(reservation.days || 1);
+  return unit * Number(reservation.quantity || 0) * days;
+}
+/* -----------------------------
+ * Renderers (pages)
+ * ---------------------------- */
+function renderCalendarPage(req, res) {
+  res.render('calendar', { title: 'Calendrier' });
+}
+function renderMyReservationsPage(req, res) {
+  res.render('calendar-my-reservations', { title: 'Mes réservations' });
+}
+function renderPlanningPage(req, res) {
+  res.render('admin/calendar-planning', { title: 'Planning des réservations' });
+}
+async function renderAdminPage(req, res) {
+  try {
+    const settings = (await Settings.get(SETTINGS_KEY)) || {};
+    res.render('admin/plugins/calendar-onekite', {
+      title: 'Calendar OneKite',
+      settings,
+    });
+  } catch (err) {
+    if (req.path && req.path.startsWith('/api/')) {
+      return res.status(500).json({ error: err.message });
+    }
+    res.status(500).send(err.message);
+  }
+}
+/* -----------------------------
+ * Plugin init
+ * ---------------------------- */
+Plugin.init = async function (params) {
+  const { router, middleware } = params;
+  appRef = params.app;
+  // Public pages
+  router.get('/calendar', middleware.buildHeader, renderCalendarPage);
+  router.get('/api/calendar', renderCalendarPage);
+  router.get('/calendar/my-reservations', middleware.buildHeader, renderMyReservationsPage);
+  router.get('/api/calendar/my-reservations/page', renderMyReservationsPage);
+  // Admin planning page
+  router.get('/admin/calendar/planning', middleware.admin.buildHeader, renderPlanningPage);
+  router.get('/api/admin/calendar/planning/page', renderPlanningPage);
+  /* -----------------------------
+   * Events API
+   * ---------------------------- */
+  router.get('/api/calendar/events', async (req, res) => {
+    try {
+      const { start, end } = req.query;
+      if (!start || !end) return res.status(400).json({ error: 'Missing start/end' });
+      const events = await getEventsBetween(start, end);
+      res.json(events);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  router.post('/api/calendar/event', middleware.ensureLoggedIn, async (req, res) => {
+    try {
+      const uid = req.user?.uid || 0;
+      if (!await userCanCreate(uid)) return res.status(403).json({ error: 'Permission refusée' });
+      const event = await createEvent(req.body, uid);
+      res.json(event);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  router.put('/api/calendar/event/:eid', middleware.ensureLoggedIn, async (req, res) => {
+    try {
+      const uid = req.user?.uid || 0;
+      if (!await userCanCreate(uid)) return res.status(403).json({ error: 'Permission refusée' });
+      const eid = req.params.eid;
+      const event = await updateEvent(eid, req.body);
+      res.json(event);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  router.delete('/api/calendar/event/:eid', middleware.ensureLoggedIn, async (req, res) => {
+    try {
+      const uid = req.user?.uid || 0;
+      if (!await userCanCreate(uid)) return res.status(403).json({ error: 'Permission refusée' });
+      const eid = req.params.eid;
+      await deleteEvent(eid);
+      res.json({ status: 'ok' });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  router.get('/api/calendar/event/:eid', async (req, res) => {
+    try {
+      const eid = req.params.eid;
+      const event = await getEvent(eid);
+      if (!event) return res.status(404).json({ error: 'Événement introuvable' });
+      const items = JSON.parse(event.bookingItems || '[]');
+      const reservations = JSON.parse(event.reservations || '[]');
+      res.json({ ...event, bookingItems: items, reservations });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * RSVP
+   * ---------------------------- */
+  router.post('/api/calendar/event/:eid/rsvp', middleware.ensureLoggedIn, async (req, res) => {
+    try {
+      const eid = req.params.eid;
+      const uid = req.user?.uid || 0;
+      const status = req.body.status;
+      const event = await setRsvp(eid, uid, status);
+      res.json(event);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * Client permissions endpoints
+   * ---------------------------- */
+  router.get('/api/calendar/permissions/create', async (req, res) => {
+    const uid = req.user?.uid || 0;
+    const allow = await userCanCreate(uid);
+    res.json({ allow });
+  });
+  router.get('/api/calendar/permissions/book', async (req, res) => {
+    const uid = req.user?.uid || 0;
+    const allow = await userCanBook(uid);
+    res.json({ allow });
+  });
+  /* -----------------------------
+   * Multi-day reservation request
+   * ---------------------------- */
+  router.post('/api/calendar/event/:eid/book', middleware.ensureLoggedIn, async (req, res) => {
+    try {
+      const uid = req.user?.uid || 0;
+      const eid = req.params.eid;
+      const { itemId, quantity, dateStart, dateEnd } = req.body;
+      if (!await userCanBook(uid)) {
+        return res.status(403).json({ error: 'Vous n’êtes pas autorisé à réserver du matériel.' });
+      }
+      if (!dateStart || !dateEnd) {
+        return res.status(400).json({ error: 'Dates de début et de fin obligatoires.' });
+      }
+      if (String(dateEnd) < String(dateStart)) {
+        return res.status(400).json({ error: 'La date de fin doit être ≥ la date de début.' });
+      }
+      const event = await getEvent(eid);
+      if (!event) return res.status(404).json({ error: 'Événement introuvable' });
+      if (!Number(event.bookingEnabled)) return res.status(400).json({ error: 'Réservation désactivée' });
+      const items = JSON.parse(event.bookingItems || '[]');
+      const item = items.find(i => i.id === itemId);
+      if (!item) return res.status(400).json({ error: 'Matériel introuvable' });
+      const q = Number(quantity);
+      if (!q || q <= 0) return res.status(400).json({ error: 'Quantité invalide' });
+      const allRes = JSON.parse(event.reservations || '[]');
+      // Stock check: sum overlapping reservations (pending_admin/awaiting_payment/paid) for the same item
+      const overlapping = allRes.filter(r => {
+        if (r.itemId !== itemId) return false;
+        if (r.status === 'cancelled') return false;
+        const startR = new Date(r.dateStart);
+        const endR = new Date(r.dateEnd);
+        const startN = new Date(dateStart);
+        const endN = new Date(dateEnd);
+        return !(endN < startR || startN > endR);
+      });
+      const used = overlapping.reduce((sum, r) => sum + Number(r.quantity || 0), 0);
+      const available = Number(item.total || 0) - used;
+      if (q > available) return res.status(400).json({ error: 'Matériel indisponible pour ces dates.' });
+      const rid = await nextReservationId();
+      const now = Date.now();
+      const nbDays = daysBetween(dateStart, dateEnd);
+      const reservation = {
+        rid,
+        eid: String(eid),
+        uid: String(uid),
+        itemId: String(itemId),
+        quantity: q,
+        dateStart,
+        dateEnd,
+        days: nbDays,
+        status: 'pending_admin',
+        helloAssoOrderId: null,
+        createdAt: now,
+        pickupLocation: String(item.pickupLocation || ''),
+      };
+      allRes.push(reservation);
+      event.bookingItems = JSON.stringify(items);
+      event.reservations = JSON.stringify(allRes);
+      await db.setObject(getEventKey(eid), event);
+      // Email: request created
+      try {
+        await emailer.send('calendar-reservation-created', uid, {
+          subject: 'Votre demande de réservation a été envoyée',
+          eventTitle: event.title,
+          item: item.name,
+          quantity: reservation.quantity,
+          date: new Date().toLocaleString('fr-FR'),
+          dateStart,
+          dateEnd,
+          days: nbDays,
+          pickupLocation: reservation.pickupLocation || 'Non précisé',
+        });
+      } catch (e) {
+        console.warn('[calendar-onekite] email reservation-created error:', e.message);
+      }
+      res.json({
+        success: true,
+        status: 'pending_admin',
+        message: 'Votre demande de réservation a été envoyée. Elle doit être validée par un administrateur.',
+      });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * Admin: pending list
+   * ---------------------------- */
+  router.get('/api/admin/calendar/pending', middleware.admin.checkPrivileges, async (req, res) => {
+    try {
+      const result = [];
+      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
+      for (const eid of eids) {
+        const event = await getEvent(eid);
+        if (!event) continue;
+        const reservations = JSON.parse(event.reservations || '[]');
+        const pending = reservations.filter(r => r.status === 'pending_admin');
+        if (pending.length) result.push({ event, reservations: pending });
+      }
+      res.json(result);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * Admin: validate reservation -> awaiting_payment + HelloAsso checkout
+   * ---------------------------- */
+  router.post('/api/admin/calendar/reservation/:rid/validate', middleware.admin.checkPrivileges, async (req, res) => {
+    try {
+      const rid = req.params.rid;
+      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
+      let targetEvent = null;
+      let reservation = null;
+      for (const eid of eids) {
+        const event = await getEvent(eid);
+        if (!event) continue;
+        const reservations = JSON.parse(event.reservations || '[]');
+        const r = reservations.find(rr => rr.rid === rid);
+        if (r) {
+          targetEvent = event;
+          reservation = r;
+          break;
+        }
+      }
+      if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
+      if (reservation.status !== 'pending_admin') return res.status(400).json({ error: 'Réservation déjà traitée' });
+      reservation.status = 'awaiting_payment';
+      const resList = JSON.parse(targetEvent.reservations || '[]');
+      const idx = resList.findIndex(r => r.rid === rid);
+      resList[idx] = reservation;
+      targetEvent.reservations = JSON.stringify(resList);
+      await db.setObject(getEventKey(targetEvent.eid), targetEvent);
+      const amount = computePrice(targetEvent, reservation);
+      const checkoutUrl = await helloAsso.createHelloAssoCheckoutIntent({
+        eid: reservation.eid,
+        rid,
+        uid: reservation.uid,
+        itemId: reservation.itemId,
+        quantity: reservation.quantity,
+        amount,
+      });
+      try {
+        await emailer.send('calendar-reservation-approved', reservation.uid, {
+          subject: 'Votre réservation a été validée',
+          eventTitle: targetEvent.title,
+          itemName: reservation.itemId,
+          quantity: reservation.quantity,
+          checkoutUrl,
+          pickupLocation: reservation.pickupLocation || 'Non précisé',
+          dateStart: reservation.dateStart,
+          dateEnd: reservation.dateEnd,
+          days: reservation.days || 1,
+        });
+      } catch (e) {
+        console.warn('[calendar-onekite] email reservation-approved error:', e.message);
+      }
+      res.json({ success: true, checkoutUrl });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * Admin: cancel reservation
+   * ---------------------------- */
+  router.post('/api/admin/calendar/reservation/:rid/cancel', middleware.admin.checkPrivileges, async (req, res) => {
+    try {
+      const rid = req.params.rid;
+      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
+      let found = false;
+      for (const eid of eids) {
+        const event = await getEvent(eid);
+        if (!event) continue;
+        const reservations = JSON.parse(event.reservations || '[]');
+        const rIndex = reservations.findIndex(rr => rr.rid === rid);
+        if (rIndex !== -1) {
+          reservations[rIndex].status = 'cancelled';
+          event.reservations = JSON.stringify(reservations);
+          await db.setObject(getEventKey(event.eid), event);
+          found = true;
+          break;
+        }
+      }
+      if (!found) return res.status(404).json({ error: 'Réservation introuvable' });
+      res.json({ success: true });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * HelloAsso webhook (marks reservation paid)
+   * ---------------------------- */
+  router.post('/api/calendar/helloasso/webhook', async (req, res) => {
+    try {
+      const payload = req.body;
+      const order = payload.order || payload;
+      const orderId = String(order.id || '');
+      const state = order.state || order.status || '';
+      if (state !== 'Paid') return res.json({ ignored: true });
+      const custom = order.customFields || {};
+      const eid = String(custom.eid || '');
+      const rid = String(custom.rid || '');
+      if (!eid || !rid) return res.status(400).json({ error: 'Missing eid/rid in customFields' });
+      const event = await getEvent(eid);
+      if (!event) throw new Error('Event not found');
+      let reservations = JSON.parse(event.reservations || '[]');
+      const rIndex = reservations.findIndex(r => r.rid === rid);
+      if (rIndex === -1) throw new Error('Reservation not found');
+      const reservation = reservations[rIndex];
+      if (reservation.status === 'paid') return res.json({ ok: true });
+      // Update optional aggregate reserved count
+      const items = JSON.parse(event.bookingItems || '[]');
+      const itemIndex = items.findIndex(i => i.id === reservation.itemId);
+      if (itemIndex !== -1) {
+        const it = items[itemIndex];
+        it.reserved = (Number(it.reserved || 0) + Number(reservation.quantity || 0));
+        items[itemIndex] = it;
+      }
+      reservation.status = 'paid';
+      reservation.helloAssoOrderId = orderId;
+      reservations[rIndex] = reservation;
+      event.bookingItems = JSON.stringify(items);
+      event.reservations = JSON.stringify(reservations);
+      await db.setObject(getEventKey(eid), event);
+      try {
+        await emailer.send('calendar-payment-confirmed', reservation.uid, {
+          subject: 'Votre paiement a été confirmé',
+          eventTitle: event.title,
+          itemName: reservation.itemId,
+          quantity: reservation.quantity,
+          pickupLocation: reservation.pickupLocation || 'Non précisé',
+          dateStart: reservation.dateStart,
+          dateEnd: reservation.dateEnd,
+          days: reservation.days || 1,
+        });
+      } catch (e) {
+        console.warn('[calendar-onekite] email payment-confirmed error:', e.message);
+      }
+      res.json({ ok: true });
+    } catch (err) {
+      console.error('[calendar-onekite] HelloAsso webhook error:', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * Admin plugin page + settings API
+   * IMPORTANT: keep these routes EXACTLY aligned with your admin.js
+   * ---------------------------- */
+  router.get('/admin/plugins/calendar-onekite', middleware.admin.buildHeader, renderAdminPage);
+  router.get('/api/admin/plugins/calendar-onekite', renderAdminPage);
+  router.put('/api/admin/plugins/calendar-onekite', middleware.admin.checkPrivileges, async (req, res) => {
+    try {
+      await Settings.set(SETTINGS_KEY, req.body);
+      res.json({ status: 'ok' });
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * My reservations API
+   * ---------------------------- */
+  router.get('/api/calendar/my-reservations', middleware.ensureLoggedIn, async (req, res) => {
+    try {
+      const uid = String(req.user?.uid || 0);
+      if (!uid || uid === '0') return res.status(403).json({ error: 'Non connecté' });
+      const eids = await db.getSortedSetRange(EVENTS_SET_KEY, 0, -1);
+      const result = [];
+      for (const eid of eids) {
+        const event = await getEvent(eid);
+        if (!event) continue;
+        const items = JSON.parse(event.bookingItems || '[]');
+        const reservations = JSON.parse(event.reservations || '[]');
+        reservations
+          .filter(r => String(r.uid) === uid)
+          .forEach(r => {
+            const item = items.find(i => i.id === r.itemId);
+            result.push({
+              ...r,
+              eventTitle: event.title,
+              eventStart: event.start,
+              eventEnd: event.end,
+              itemName: item ? item.name : r.itemId,
+            });
+          });
+      }
+      result.sort((a, b) => new Date(a.dateStart) - new Date(b.dateStart));
+      res.json(result);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+  /* -----------------------------
+   * Admin planning API (future reservations)
+   * ---------------------------- */
+  router.get('/api/admin/calendar/planning', middleware.admin.checkPrivileges, async (req, res) => {
+    try {
+      const now = new Date();
+      const eids = await db.getSortedSetRangeByScore(EVENTS_SET_KEY, 0, -1, now.getTime(), '+inf');
+      const rows = [];
+      for (const eid of eids) {
+        const event = await getEvent(eid);
+        if (!event) continue;
+        const items = JSON.parse(event.bookingItems || '[]');
+        const reservations = JSON.parse(event.reservations || '[]');
+        reservations
+          .filter(r => r.status === 'pending_admin' || r.status === 'awaiting_payment' || r.status === 'paid')
+          .forEach(r => {
+            const item = items.find(i => i.id === r.itemId);
+            rows.push({
+              eid: event.eid,
+              eventTitle: event.title,
+              itemId: r.itemId,
+              itemName: item ? item.name : r.itemId,
+              uid: r.uid,
+              quantity: r.quantity,
+              dateStart: r.dateStart,
+              dateEnd: r.dateEnd,
+              days: r.days || daysBetween(r.dateStart, r.dateEnd),
+              status: r.status,
+              pickupLocation: r.pickupLocation || 'Non précisé',
+            });
+          });
+      }
+      rows.sort((a, b) => new Date(a.dateStart) - new Date(b.dateStart));
+      res.json(rows);
+    } catch (err) {
+      res.status(500).json({ error: err.message });
+    }
+  });
+};
+/* -----------------------------
+ * ACP nav entry
+ * ---------------------------- */
+Plugin.addAdminNavigation = function (header) {
+  header.plugins.push({
+    // NodeBB ACP will resolve this under /admin
+    route: '/plugins/calendar-onekite',
+    icon: 'fa fa-calendar',
+    name: 'Calendar OneKite',
+  });
+  return header;
+};
+/* -----------------------------
+ * Widget
+ * ---------------------------- */
+Plugin.defineWidgets = async function (widgets) {
+  widgets.push({
+    widget: 'calendarUpcoming',
+    name: 'Prochains événements',
+    description: 'Affiche la liste des prochains événements du calendrier.',
+    content: '',
+  });
+  return widgets;
+};
+Plugin.renderUpcomingWidget = async function (widget, callback) {
+  try {
+    const settings = (await Settings.get(SETTINGS_KEY)) || {};
+    const limit = Number((widget && widget.data && widget.data.limit) || settings.limit || 5);
+    const events = await getUpcomingEvents(limit);
+    const html = await appRef.renderAsync('widgets/calendar-upcoming', { events });
+    widget.html = html;
+    if (typeof callback === 'function') {
+      return callback(null, widget);
+    }
+    return widget;
+  } catch (err) {
+    if (typeof callback === 'function') {
+      return callback(err);
+    }
+    throw err;
+  }
+};
+module.exports = Plugin;