nodebb-plugin-calendar-onekite 11.1.11 → 11.1.12

package/lib/admin.js

@@ -1,130 +1,137 @@
 'use strict';
 
+const meta = require.main.require('./src/meta');
+const user = require.main.require('./src/user');
 const emailer = require.main.require('./src/emailer');
-const users = require.main.require('./src/user');
-const { settings, defaults } = require('./settings');
-const db = require('./db');
+
+const dbLayer = require('./db');
 const helloasso = require('./helloasso');
-const { parseGroups, sendEmailToGroups } = require('./api');
 
-async function renderAdmin(req, res) {
+const ADMIN_PRIV = 'admin:settings';
+
+const admin = {};
+
+admin.renderAdmin = async function (req, res) {
   res.render('admin/plugins/calendar-onekite', {
     title: 'Calendar OneKite',
   });
-}
-
-async function getSettings(req, res) {
-  const s = await settings.get();
-  res.json({ settings: { ...defaults, ...s } });
-}
-
-async function saveSettings(req, res) {
-  const body = req.body || {};
-  // Basic sanitization
-  const clean = {
-    allowedGroups: String(body.allowedGroups || '').trim(),
-    notifyGroups: String(body.notifyGroups || '').trim(),
-    pendingHoldMinutes: Math.max(1, parseInt(body.pendingHoldMinutes, 10) || 5),
-    cleanupIntervalSeconds: Math.max(10, parseInt(body.cleanupIntervalSeconds, 10) || 60),
-
-    helloassoEnv: (body.helloassoEnv === 'prod') ? 'prod' : 'sandbox',
-    helloassoClientId: String(body.helloassoClientId || '').trim(),
-    helloassoClientSecret: String(body.helloassoClientSecret || '').trim(),
-    helloassoOrganizationSlug: String(body.helloassoOrganizationSlug || '').trim(),
-    helloassoFormType: String(body.helloassoFormType || 'event').trim(),
-    helloassoFormSlug: String(body.helloassoFormSlug || '').trim(),
-    helloassoReturnUrl: String(body.helloassoReturnUrl || '').trim(),
-
-    showUsernamesOnCalendar: !!body.showUsernamesOnCalendar,
-  };
-
-  await settings.set(clean);
-  res.json({ ok: true, settings: clean });
-}
-
-async function listPending(req, res) {
-  const pending = await db.listPending(200);
-  res.json({ pending });
-}
-
-async function approveReservation(req, res) {
-  const rid = req.params.rid;
-  const reservation = await db.getReservation(rid);
-  if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
-  if (reservation.status !== 'pending') return res.status(400).json({ error: 'Statut incompatible' });
+};
 
-  const buyer = await users.getUserFields(reservation.uid, ['username', 'email', 'fullname']);
-  let paymentUrl = '';
-  try {
-    const checkout = await helloasso.createCheckoutIntent(reservation, {
-      username: buyer.username,
-      email: buyer.email,
-    });
-    paymentUrl = checkout.paymentUrl;
-  } catch (e) {
-    return res.status(500).json({ error: `HelloAsso: ${e.message}` });
+admin.getSettings = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
+  res.json(settings || {});
+};
+
+admin.saveSettings = async function (req, res) {
+  await meta.settings.set('calendar-onekite', req.body || {});
+  res.json({ ok: true });
+};
+
+admin.listPending = async function (req, res) {
+  const ids = await dbLayer.listAllReservationIds(5000);
+  const pending = [];
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (r && r.status === 'pending') {
+      pending.push(r);
+    }
   }
+  pending.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
+  res.json(pending);
+};
 
-  const updated = await db.updateReservation(rid, {
-    status: 'approved',
-    paymentUrl,
-    adminUid: String(req.uid),
-    adminActionAt: String(Date.now()),
+admin.approveReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'approved';
+
+  // Create HelloAsso payment link if configured
+  const settings = await meta.settings.get('calendar-onekite');
+  const env = settings.helloassoEnv || 'prod';
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
   });
 
-  try {
-    await emailer.send('calendar-onekite-approved', reservation.uid, {
-      subject: `[NodeBB] Réservation validée — paiement`,
-      reservation: updated,
-      paymentUrl,
-      url: paymentUrl,
-      site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
+  let paymentUrl = null;
+  if (token) {
+    const requester = await user.getUserData(r.uid);
+    paymentUrl = await helloasso.createCheckoutIntent({
+      env,
+      token,
+      organizationSlug: settings.helloassoOrganizationSlug,
+      formType: settings.helloassoFormType,
+      formSlug: settings.helloassoFormSlug,
+      totalAmount: parseInt(settings.defaultAmount || '0', 10) || 0,
+      payerEmail: requester && requester.email,
     });
-  } catch (e) { /* ignore */ }
+  }
 
-  res.json({ ok: true, reservation: updated });
-}
+  if (paymentUrl) {
+    r.paymentUrl = paymentUrl;
+  }
 
-async function refuseReservation(req, res) {
-  const rid = req.params.rid;
-  const note = String((req.body && req.body.note) || '').trim();
+  await dbLayer.saveReservation(r);
 
-  const reservation = await db.getReservation(rid);
-  if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
-  if (reservation.status !== 'pending') return res.status(400).json({ error: 'Statut incompatible' });
+  // Email requester
+  try {
+    const requester = await user.getUserData(r.uid);
+    if (requester && requester.email) {
+      await emailer.send('calendar-onekite_approved', requester.email, {
+        username: requester.username,
+        itemName: r.itemName,
+        start: new Date(parseInt(r.start, 10)).toISOString(),
+        end: new Date(parseInt(r.end, 10)).toISOString(),
+        paymentUrl: paymentUrl || '',
+      });
+    }
+  } catch (e) {}
+
+  res.json({ ok: true, paymentUrl: paymentUrl || null });
+};
 
-  const updated = await db.updateReservation(rid, {
-    status: 'refused',
-    adminUid: String(req.uid),
-    adminActionAt: String(Date.now()),
-    adminNote: note,
-  });
+admin.refuseReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'refused';
+  await dbLayer.saveReservation(r);
 
   try {
-    await emailer.send('calendar-onekite-refused', reservation.uid, {
-      subject: `[NodeBB] Réservation refusée`,
-      reservation: updated,
-      note,
-      site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
-    });
-  } catch (e) { /* ignore */ }
-
-  res.json({ ok: true, reservation: updated });
-}
-
-async function purgeByYear(req, res) {
-  const year = String((req.body && req.body.year) || '').trim();
-  if (!/^\d{4}$/.test(year)) return res.status(400).json({ error: 'Année invalide (YYYY)' });
-  const result = await db.purgeYear(year);
-  res.json({ ok: true, result });
-}
-
-module.exports = {
-  renderAdmin,
-  getSettings,
-  saveSettings,
-  listPending,
-  approveReservation,
-  refuseReservation,
-  purgeByYear,
+    const requester = await user.getUserData(r.uid);
+    if (requester && requester.email) {
+      await emailer.send('calendar-onekite_refused', requester.email, {
+        username: requester.username,
+        itemName: r.itemName,
+        start: new Date(parseInt(r.start, 10)).toISOString(),
+        end: new Date(parseInt(r.end, 10)).toISOString(),
+      });
+    }
+  } catch (e) {}
+
+  res.json({ ok: true });
 };
+
+admin.purgeByYear = async function (req, res) {
+  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
+  if (!/^\d{4}$/.test(year)) {
+    return res.status(400).json({ error: 'invalid-year' });
+  }
+  const y = parseInt(year, 10);
+  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
+  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
+
+  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 100000);
+  let count = 0;
+  for (const rid of ids) {
+    await dbLayer.removeReservation(rid);
+    count++;
+  }
+  res.json({ ok: true, removed: count });
+};
+
+module.exports = admin;

package/lib/api.js

@@ -1,154 +1,158 @@
 'use strict';
 
+const crypto = require('crypto');
+
+const meta = require.main.require('./src/meta');
+const user = require.main.require('./src/user');
 const groups = require.main.require('./src/groups');
-const users = require.main.require('./src/user');
-const emailer = require.main.require('./src/emailer');
-const { settings } = require('./settings');
-const db = require('./db');
+
+const dbLayer = require('./db');
 const helloasso = require('./helloasso');
 
-function parseGroups(str) {
-  return String(str || '')
-    .split(',')
-    .map(s => s.trim())
-    .filter(Boolean);
+function toTs(v) {
+  if (!v) return NaN;
+  const d = new Date(v);
+  return d.getTime();
 }
 
-async function isUserInAnyGroup(uid, groupNames) {
-  if (!uid || !groupNames.length) return false;
-  // groups.isMember exists in core; fall back to getUserGroups if needed
-  for (const g of groupNames) {
-    try {
-      // eslint-disable-next-line no-await-in-loop
-      const ok = await groups.isMember(uid, g);
-      if (ok) return true;
-    } catch (e) { /* ignore */ }
-  }
-  // fallback
-  try {
-    const ug = await groups.getUserGroups([uid]);
-    const names = (ug && ug[uid] || []).map(x => x && (x.name || x.displayName)).filter(Boolean);
-    return names.some(n => groupNames.includes(n));
-  } catch (e) {
-    return false;
+async function canRequest(uid, settings) {
+  const allowed = (settings.allowedGroups || '').split(',').map(s => s.trim()).filter(Boolean);
+  if (!allowed.length) return true; // if empty, allow all logged in users
+  for (const g of allowed) {
+    const isMember = await groups.isMember(uid, g);
+    if (isMember) return true;
   }
+  return false;
+}
+
+function eventFor(resv) {
+  const status = resv.status;
+  const icons = { pending: '⏳', approved: '✅', refused: '⛔' };
+  return {
+    id: resv.rid,
+    title: `${icons[status] || ''} ${resv.itemName || resv.itemId}`.trim(),
+    start: new Date(parseInt(resv.start, 10)).toISOString(),
+    end: new Date(parseInt(resv.end, 10)).toISOString(),
+    extendedProps: {
+      status,
+      uid: resv.uid,
+      itemId: resv.itemId,
+    },
+  };
 }
 
-async function sendEmailToGroups(groupNames, template, data) {
-  const memberUids = new Set();
-  for (const g of groupNames) {
-    try {
-      // eslint-disable-next-line no-await-in-loop
-      const uids = await groups.getMembers(g, 0, -1);
-      (uids || []).forEach(uid => memberUids.add(uid));
-    } catch (e) { /* ignore */ }
+const api = {};
+
+api.getEvents = async function (req, res) {
+  const startTs = toTs(req.query.start) || 0;
+  const endTs = toTs(req.query.end) || (Date.now() + 365 * 24 * 3600 * 1000);
+
+  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 2000);
+  const out = [];
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (!r) continue;
+    if (r.status !== 'pending' && r.status !== 'approved') continue;
+    out.push(eventFor(r));
   }
-  const uids = Array.from(memberUids);
-  if (!uids.length) return;
-
-  // Send one email per user (NodeBB emailer is per-uid)
-  // If emailer signature changes, this is the only place to adjust.
-  for (const uid of uids) {
-    try {
-      // eslint-disable-next-line no-await-in-loop
-      await emailer.send(template, uid, data);
-    } catch (e) {
-      // ignore individual failures
-    }
+  res.json(out);
+};
+
+api.getItems = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
+
+  const env = settings.helloassoEnv || 'prod';
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+
+  if (!token) {
+    return res.json([]);
   }
-}
 
-async function getEvents(req, res) {
-  const start = Date.parse(req.query.start);
-  const end = Date.parse(req.query.end);
-  const startMs = Number.isFinite(start) ? start : (Date.now() - 30 * 86400 * 1000);
-  const endMs = Number.isFinite(end) ? end : (Date.now() + 365 * 86400 * 1000);
-
-  const list = await db.getReservationsBetween(startMs, endMs);
-
-  const events = list.map(r => {
-    const status = r.status || 'pending';
-    const icon = status === 'approved' ? '✅' : status === 'refused' ? '⛔' : status === 'expired' ? '⌛' : '⏳';
-    const title = `${icon} ${r.itemName || 'Matériel'}${r.username ? ` — ${r.username}` : ''}`;
-    return {
-      id: r.rid,
-      title,
-      start: new Date(Number(r.start)).toISOString(),
-      end: new Date(Number(r.end)).toISOString(),
-      extendedProps: {
-        status,
-        itemId: r.itemId,
-        itemName: r.itemName,
-        paymentUrl: r.paymentUrl || '',
-      },
-    };
+  const items = await helloasso.listItems({
+    env,
+    token,
+    organizationSlug: settings.helloassoOrganizationSlug,
+    formType: settings.helloassoFormType,
+    formSlug: settings.helloassoFormSlug,
   });
 
-  res.json(events);
-}
+  // Normalize minimal fields for client
+  const normalized = (items || []).map((it) => ({
+    id: it.id || it.itemId || it.reference || it.name,
+    name: it.name || it.label || `Item ${it.id || ''}`,
+    price: it.price || it.amount || it.unitPrice || 0,
+  })).filter(it => it.id && it.name);
 
-async function getItems(req, res) {
-  try {
-    const items = await helloasso.listFormItems();
-    res.json({ items });
-  } catch (e) {
-    res.status(500).json({ error: e.message });
-  }
-}
+  res.json(normalized);
+};
 
-async function createReservation(req, res) {
+api.createReservation = async function (req, res) {
   const uid = req.uid;
-  const s = await settings.get();
-  const allowedGroups = parseGroups(s.allowedGroups);
-  const notifyGroups = parseGroups(s.notifyGroups);
+  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
 
-  const can = await isUserInAnyGroup(uid, allowedGroups);
-  if (!can) {
-    return res.status(403).json({ error: 'Vous n’êtes pas autorisé à réserver du matériel.' });
-  }
+  const settings = await meta.settings.get('calendar-onekite');
+  const ok = await canRequest(uid, settings);
+  if (!ok) return res.status(403).json({ error: 'not-allowed' });
 
-  const body = req.body || {};
-  const start = Date.parse(body.start);
-  const end = Date.parse(body.end);
+  const start = parseInt(toTs(req.body.start), 10);
+  const end = parseInt(toTs(req.body.end), 10);
+  const itemId = (req.body.itemId || '').toString();
+  const itemName = (req.body.itemName || '').toString();
 
-  if (!Number.isFinite(start) || !Number.isFinite(end) || end <= start) {
-    return res.status(400).json({ error: 'Plage de dates invalide.' });
+  if (!start || !end || !itemId) {
+    return res.status(400).json({ error: 'missing-fields' });
   }
 
-  const holdMin = Math.max(1, parseInt(s.pendingHoldMinutes, 10) || 5);
-  const expiresAt = Date.now() + holdMin * 60 * 1000;
+  const now = Date.now();
+  const rid = crypto.randomUUID();
 
-  const user = await users.getUserFields(uid, ['username', 'email', 'fullname']);
-  const reservation = await db.createReservation({
+  const resv = {
+    rid,
     uid,
-    username: user.username,
-    itemId: body.itemId,
-    itemName: body.itemName,
-    itemPrice: body.itemPrice,
+    itemId,
+    itemName: itemName || itemId,
     start,
     end,
     status: 'pending',
-    expiresAt,
-  });
+    createdAt: now,
+  };
 
-  // Notify admin group by email (pending)
-  await sendEmailToGroups(notifyGroups, 'calendar-onekite-pending', {
-    subject: `[NodeBB] Nouvelle demande de réservation`,
-    reservation,
-    user,
-    url: `${req.protocol}://${req.get('host')}/admin/plugins/calendar-onekite`,
-    site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
-  });
+  // Save
+  await dbLayer.saveReservation(resv);
 
-  res.json({ reservation });
-}
+  // Notify groups by email
+  try {
+    const notifyGroups = (settings.notifyGroups || '').split(',').map(s => s.trim()).filter(Boolean);
+    if (notifyGroups.length) {
+      const emailer = require.main.require('./src/emailer');
+      const u = await user.getUserData(uid);
+      for (const g of notifyGroups) {
+        const members = await groups.getMembers(g, 0, -1);
+        for (const m of members) {
+          const memberUid = typeof m === 'object' && m ? (m.uid || m.userId) : m;
+          const md = await user.getUserData(memberUid);
+          if (md && md.email) {
+            await emailer.send('calendar-onekite_pending', md.email, {
+              username: md.username,
+              requester: u.username,
+              itemName: resv.itemName,
+              start: new Date(start).toISOString(),
+              end: new Date(end).toISOString(),
+              rid,
+            });
+          }
+        }
+      }
+    }
+  } catch (e) {
+    // ignore email errors
+  }
 
-module.exports = {
-  getEvents,
-  getItems,
-  createReservation,
-  // exported for admin module reuse
-  parseGroups,
-  isUserInAnyGroup,
-  sendEmailToGroups,
+  res.json({ ok: true, rid });
 };
+
+module.exports = api;

package/lib/controllers.js

@@ -1,17 +1,11 @@
 'use strict';
 
-const { settings } = require('./settings');
+const controllers = {};
 
-async function renderCalendar(req, res) {
-  const s = await settings.get();
-  res.render('calendar-onekite/calendar', {
-    title: 'Calendrier',
-    calendarOnekite: {
-      showUsernamesOnCalendar: !!s.showUsernamesOnCalendar,
-    },
+controllers.renderCalendar = async function (req, res) {
+  res.render('calendar-onekite', {
+    title: 'Calendar',
   });
-}
-
-module.exports = {
-  renderCalendar,
 };
+
+module.exports = controllers;