nodebb-plugin-calendar-onekite 11.1.0 → 11.1.1

package/README.md

@@ -1,42 +1,38 @@
 # nodebb-plugin-calendar-onekite
 
-Plugin NodeBB (testé avec NodeBB v4.x) qui ajoute un calendrier de réservation de matériel basé sur FullCalendar.
-
-## Fonctionnalités
-
-- Page publique: `/calendar`
-- Création de demandes de réservation (clic ou sélection de plage)
-- Blocage temporaire des demandes en attente (expiration automatique)
-- Validation/refus via l'ACP
-- Synchronisation des items (matériel + prix) depuis HelloAsso
-- Création de checkout-intents HelloAsso lors de la validation
-- Purge du calendrier par année
+Plugin NodeBB (v4.7.x) : calendrier de réservation de matériel basé sur FullCalendar, workflow de validation via ACP, et génération de lien de paiement HelloAsso.
 
 ## Installation
 
-Dans le dossier NodeBB:
+Dans le dossier NodeBB :
 
 ```bash
 npm install /path/to/nodebb-plugin-calendar-onekite
+# ou si vous avez un zip, dézippez dans node_modules puis :
 ./nodebb build
 ./nodebb restart
 ```
 
-Activez le plugin dans l'ACP.
+Activez ensuite le plugin dans l’ACP.
 
-## Configuration (ACP)
+## Page
 
-ACP → Plugins → Calendar (OneKite)
+- URL : `/calendar` (ex: https://www.onekite.com/calendar)
 
-- Groupes autorisés à demander une réservation (CSV)
-- Groupes notifiés par email (CSV)
-- Durée de blocage en attente (minutes)
-- Paramètres HelloAsso (sandbox/prod, clientId/secret, organizationSlug, formType, formSlug, returnURL, ...)
+## Paramètres ACP
 
-## Webhook HelloAsso
+ACP → Plugins → Calendar OneKite
 
-Endpoint: `/api/calendar-onekite/helloasso/webhook`
+- `allowedGroups` : groupes autorisés à créer une demande (séparés par virgules)
+- `notifyGroups` : groupes notifiés par email
+- `pendingHoldMinutes` : durée de blocage d’une demande en attente
+- HelloAsso :
+  - `helloassoEnv` : sandbox/prod
+  - `helloassoClientId` / `helloassoClientSecret`
+  - `helloassoOrganizationSlug` / `helloassoFormType` / `helloassoFormSlug`
+  - `helloassoReturnUrl` (optionnel)
 
-> Le plugin fournit un endpoint minimal pour marquer une réservation comme payée à partir d'un `checkoutIntentId`.
-> Adaptez-le selon votre stratégie (notification HelloAsso / polling / etc.).
+## Notes
 
+- Les demandes sont créées en statut `pending` puis expirent automatiquement après `pendingHoldMinutes`.
+- La validation admin crée un checkout-intent HelloAsso et envoie le lien de paiement au demandeur.

package/lib/admin.js

@@ -0,0 +1,130 @@
+'use strict';
+
+const emailer = require.main.require('./src/emailer');
+const users = require.main.require('./src/user');
+const { settings, defaults } = require('./settings');
+const db = require('./db');
+const helloasso = require('./helloasso');
+const { parseGroups, sendEmailToGroups } = require('./api');
+
+async function renderAdmin(req, res) {
+  res.render('admin/plugins/calendar-onekite', {
+    title: 'Calendar OneKite',
+  });
+}
+
+async function getSettings(req, res) {
+  const s = await settings.get();
+  res.json({ settings: { ...defaults, ...s } });
+}
+
+async function saveSettings(req, res) {
+  const body = req.body || {};
+  // Basic sanitization
+  const clean = {
+    allowedGroups: String(body.allowedGroups || '').trim(),
+    notifyGroups: String(body.notifyGroups || '').trim(),
+    pendingHoldMinutes: Math.max(1, parseInt(body.pendingHoldMinutes, 10) || 5),
+    cleanupIntervalSeconds: Math.max(10, parseInt(body.cleanupIntervalSeconds, 10) || 60),
+
+    helloassoEnv: (body.helloassoEnv === 'prod') ? 'prod' : 'sandbox',
+    helloassoClientId: String(body.helloassoClientId || '').trim(),
+    helloassoClientSecret: String(body.helloassoClientSecret || '').trim(),
+    helloassoOrganizationSlug: String(body.helloassoOrganizationSlug || '').trim(),
+    helloassoFormType: String(body.helloassoFormType || 'event').trim(),
+    helloassoFormSlug: String(body.helloassoFormSlug || '').trim(),
+    helloassoReturnUrl: String(body.helloassoReturnUrl || '').trim(),
+
+    showUsernamesOnCalendar: !!body.showUsernamesOnCalendar,
+  };
+
+  await settings.set(clean);
+  res.json({ ok: true, settings: clean });
+}
+
+async function listPending(req, res) {
+  const pending = await db.listPending(200);
+  res.json({ pending });
+}
+
+async function approveReservation(req, res) {
+  const rid = req.params.rid;
+  const reservation = await db.getReservation(rid);
+  if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
+  if (reservation.status !== 'pending') return res.status(400).json({ error: 'Statut incompatible' });
+
+  const buyer = await users.getUserFields(reservation.uid, ['username', 'email', 'fullname']);
+  let paymentUrl = '';
+  try {
+    const checkout = await helloasso.createCheckoutIntent(reservation, {
+      username: buyer.username,
+      email: buyer.email,
+    });
+    paymentUrl = checkout.paymentUrl;
+  } catch (e) {
+    return res.status(500).json({ error: `HelloAsso: ${e.message}` });
+  }
+
+  const updated = await db.updateReservation(rid, {
+    status: 'approved',
+    paymentUrl,
+    adminUid: String(req.uid),
+    adminActionAt: String(Date.now()),
+  });
+
+  try {
+    await emailer.send('calendar-onekite-approved', reservation.uid, {
+      subject: `[NodeBB] Réservation validée — paiement`,
+      reservation: updated,
+      paymentUrl,
+      url: paymentUrl,
+      site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
+    });
+  } catch (e) { /* ignore */ }
+
+  res.json({ ok: true, reservation: updated });
+}
+
+async function refuseReservation(req, res) {
+  const rid = req.params.rid;
+  const note = String((req.body && req.body.note) || '').trim();
+
+  const reservation = await db.getReservation(rid);
+  if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
+  if (reservation.status !== 'pending') return res.status(400).json({ error: 'Statut incompatible' });
+
+  const updated = await db.updateReservation(rid, {
+    status: 'refused',
+    adminUid: String(req.uid),
+    adminActionAt: String(Date.now()),
+    adminNote: note,
+  });
+
+  try {
+    await emailer.send('calendar-onekite-refused', reservation.uid, {
+      subject: `[NodeBB] Réservation refusée`,
+      reservation: updated,
+      note,
+      site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
+    });
+  } catch (e) { /* ignore */ }
+
+  res.json({ ok: true, reservation: updated });
+}
+
+async function purgeByYear(req, res) {
+  const year = String((req.body && req.body.year) || '').trim();
+  if (!/^\d{4}$/.test(year)) return res.status(400).json({ error: 'Année invalide (YYYY)' });
+  const result = await db.purgeYear(year);
+  res.json({ ok: true, result });
+}
+
+module.exports = {
+  renderAdmin,
+  getSettings,
+  saveSettings,
+  listPending,
+  approveReservation,
+  refuseReservation,
+  purgeByYear,
+};

package/lib/api.js

@@ -0,0 +1,154 @@
+'use strict';
+
+const groups = require.main.require('./src/groups');
+const users = require.main.require('./src/user');
+const emailer = require.main.require('./src/emailer');
+const { settings } = require('./settings');
+const db = require('./db');
+const helloasso = require('./helloasso');
+
+function parseGroups(str) {
+  return String(str || '')
+    .split(',')
+    .map(s => s.trim())
+    .filter(Boolean);
+}
+
+async function isUserInAnyGroup(uid, groupNames) {
+  if (!uid || !groupNames.length) return false;
+  // groups.isMember exists in core; fall back to getUserGroups if needed
+  for (const g of groupNames) {
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      const ok = await groups.isMember(uid, g);
+      if (ok) return true;
+    } catch (e) { /* ignore */ }
+  }
+  // fallback
+  try {
+    const ug = await groups.getUserGroups([uid]);
+    const names = (ug && ug[uid] || []).map(x => x && (x.name || x.displayName)).filter(Boolean);
+    return names.some(n => groupNames.includes(n));
+  } catch (e) {
+    return false;
+  }
+}
+
+async function sendEmailToGroups(groupNames, template, data) {
+  const memberUids = new Set();
+  for (const g of groupNames) {
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      const uids = await groups.getMembers(g, 0, -1);
+      (uids || []).forEach(uid => memberUids.add(uid));
+    } catch (e) { /* ignore */ }
+  }
+  const uids = Array.from(memberUids);
+  if (!uids.length) return;
+
+  // Send one email per user (NodeBB emailer is per-uid)
+  // If emailer signature changes, this is the only place to adjust.
+  for (const uid of uids) {
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      await emailer.send(template, uid, data);
+    } catch (e) {
+      // ignore individual failures
+    }
+  }
+}
+
+async function getEvents(req, res) {
+  const start = Date.parse(req.query.start);
+  const end = Date.parse(req.query.end);
+  const startMs = Number.isFinite(start) ? start : (Date.now() - 30 * 86400 * 1000);
+  const endMs = Number.isFinite(end) ? end : (Date.now() + 365 * 86400 * 1000);
+
+  const list = await db.getReservationsBetween(startMs, endMs);
+
+  const events = list.map(r => {
+    const status = r.status || 'pending';
+    const icon = status === 'approved' ? '✅' : status === 'refused' ? '⛔' : status === 'expired' ? '⌛' : '⏳';
+    const title = `${icon} ${r.itemName || 'Matériel'}${r.username ? ` — ${r.username}` : ''}`;
+    return {
+      id: r.rid,
+      title,
+      start: new Date(Number(r.start)).toISOString(),
+      end: new Date(Number(r.end)).toISOString(),
+      extendedProps: {
+        status,
+        itemId: r.itemId,
+        itemName: r.itemName,
+        paymentUrl: r.paymentUrl || '',
+      },
+    };
+  });
+
+  res.json(events);
+}
+
+async function getItems(req, res) {
+  try {
+    const items = await helloasso.listFormItems();
+    res.json({ items });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+}
+
+async function createReservation(req, res) {
+  const uid = req.uid;
+  const s = await settings.get();
+  const allowedGroups = parseGroups(s.allowedGroups);
+  const notifyGroups = parseGroups(s.notifyGroups);
+
+  const can = await isUserInAnyGroup(uid, allowedGroups);
+  if (!can) {
+    return res.status(403).json({ error: 'Vous n’êtes pas autorisé à réserver du matériel.' });
+  }
+
+  const body = req.body || {};
+  const start = Date.parse(body.start);
+  const end = Date.parse(body.end);
+
+  if (!Number.isFinite(start) || !Number.isFinite(end) || end <= start) {
+    return res.status(400).json({ error: 'Plage de dates invalide.' });
+  }
+
+  const holdMin = Math.max(1, parseInt(s.pendingHoldMinutes, 10) || 5);
+  const expiresAt = Date.now() + holdMin * 60 * 1000;
+
+  const user = await users.getUserFields(uid, ['username', 'email', 'fullname']);
+  const reservation = await db.createReservation({
+    uid,
+    username: user.username,
+    itemId: body.itemId,
+    itemName: body.itemName,
+    itemPrice: body.itemPrice,
+    start,
+    end,
+    status: 'pending',
+    expiresAt,
+  });
+
+  // Notify admin group by email (pending)
+  await sendEmailToGroups(notifyGroups, 'calendar-onekite-pending', {
+    subject: `[NodeBB] Nouvelle demande de réservation`,
+    reservation,
+    user,
+    url: `${req.protocol}://${req.get('host')}/admin/plugins/calendar-onekite`,
+    site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
+  });
+
+  res.json({ reservation });
+}
+
+module.exports = {
+  getEvents,
+  getItems,
+  createReservation,
+  // exported for admin module reuse
+  parseGroups,
+  isUserInAnyGroup,
+  sendEmailToGroups,
+};