nodebb-plugin-calendar-onekite 11.1.21 → 11.1.23

package/lib/admin.js

@@ -1,222 +1,76 @@
 'use strict';
 
 const meta = require.main.require('./src/meta');
-const user = require.main.require('./src/user');
-const emailer = require.main.require('./src/emailer');
+const dbi = require('./db');
+const api = require('./api');
 
-const dbLayer = require('./db');
-const helloasso = require('./helloasso');
-
-const ADMIN_PRIV = 'admin:settings';
-
-const admin = {};
-
-admin.renderAdmin = async function (req, res) {
-  res.render('admin/plugins/calendar-onekite', {
-    title: 'Calendar OneKite',
-  });
-};
-
-admin.getSettings = async function (req, res) {
-  const settings = await meta.settings.get('calendar-onekite');
-  res.json(settings || {});
-};
-
-admin.saveSettings = async function (req, res) {
-  await meta.settings.set('calendar-onekite', req.body || {});
-  res.json({ ok: true });
-};
-
-admin.listPending = async function (req, res) {
-  const ids = await dbLayer.listAllReservationIds(5000);
-  const pending = [];
-  for (const rid of ids) {
-    const r = await dbLayer.getReservation(rid);
-    if (r && r.status === 'pending') {
-      pending.push(r);
-    }
-  }
-  pending.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
-  res.json(pending);
-};
-
-admin.approveReservation = async function (req, res) {
-  const rid = req.params.rid;
-  const r = await dbLayer.getReservation(rid);
-  if (!r) return res.status(404).json({ error: 'not-found' });
-
-  r.status = 'approved';
-
-  // Create HelloAsso payment link if configured
+async function getSettings(req, res) {
   const settings = await meta.settings.get('calendar-onekite');
-  const env = settings.helloassoEnv || 'prod';
-  const token = await helloasso.getAccessToken({
-    env,
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-
-  let paymentUrl = null;
-  if (token) {
-    const requester = await user.getUserData(r.uid);
-    // Determine amount from HelloAsso items (pricing comes from HelloAsso)
-    let totalAmount = 0;
-    try {
-      const items = await helloasso.listItems({
-        env,
-        token,
-        organizationSlug: settings.helloassoOrganizationSlug,
-        formType: settings.helloassoFormType,
-        formSlug: settings.helloassoFormSlug,
-      });
-      const normalized = (items || []).map((it) => ({
-        id: String(it.id || it.itemId || it.reference || it.name),
-        price: it.price || it.amount || it.unitPrice || 0,
-      })).filter(it => it.id);
-      const match = normalized.find(it => it.id === String(r.itemId));
-      totalAmount = match ? parseInt(match.price, 10) || 0 : 0;
-    } catch (e) {
-      totalAmount = 0;
-    }
-
-    if (!totalAmount) {
-      return res.status(400).json({ error: 'item-price-not-found' });
-    }
-    paymentUrl = await helloasso.createCheckoutIntent({
-      env,
-      token,
-      organizationSlug: settings.helloassoOrganizationSlug,
-      formType: settings.helloassoFormType,
-      formSlug: settings.helloassoFormSlug,
-      totalAmount,
-      payerEmail: requester && requester.email,
-    });
-  }
-
-  if (paymentUrl) {
-    r.paymentUrl = paymentUrl;
+  // mask secret
+  if (settings && settings.helloassoClientSecret) settings.helloassoClientSecret = '***';
+  res.json({ ok: true, settings: settings || {} });
+}
+
+async function saveSettings(req, res) {
+  const body = req.body || {};
+  // If secret is '***', do not overwrite.
+  const current = await meta.settings.get('calendar-onekite') || {};
+  const next = { ...current, ...body };
+  if (body.helloassoClientSecret === '***') {
+    next.helloassoClientSecret = current.helloassoClientSecret;
   }
-
-  await dbLayer.saveReservation(r);
-
-  // Email requester
-  try {
-    const requester = await user.getUserData(r.uid);
-    if (requester && requester.email) {
-      await emailer.send('calendar-onekite_approved', requester.email, {
-        username: requester.username,
-        itemName: r.itemName,
-        start: new Date(parseInt(r.start, 10)).toISOString(),
-        end: new Date(parseInt(r.end, 10)).toISOString(),
-        paymentUrl: paymentUrl || '',
-      });
-    }
-  } catch (e) {}
-
-  res.json({ ok: true, paymentUrl: paymentUrl || null });
-};
-
-admin.refuseReservation = async function (req, res) {
-  const rid = req.params.rid;
-  const r = await dbLayer.getReservation(rid);
-  if (!r) return res.status(404).json({ error: 'not-found' });
-
-  r.status = 'refused';
-  await dbLayer.saveReservation(r);
-
-  try {
-    const requester = await user.getUserData(r.uid);
-    if (requester && requester.email) {
-      await emailer.send('calendar-onekite_refused', requester.email, {
-        username: requester.username,
-        itemName: r.itemName,
-        start: new Date(parseInt(r.start, 10)).toISOString(),
-        end: new Date(parseInt(r.end, 10)).toISOString(),
-      });
-    }
-  } catch (e) {}
-
+  await meta.settings.set('calendar-onekite', next);
+  // invalidate catalog cache
   res.json({ ok: true });
-};
-
-admin.purgeByYear = async function (req, res) {
-  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
-  if (!/^\d{4}$/.test(year)) {
-    return res.status(400).json({ error: 'invalid-year' });
+}
+
+async function getPending(req, res) {
+  const ids = await dbi.listAllIds(5000);
+  const rows = await dbi.getReservations(ids);
+  const pending = rows.filter(r => (r.status || 'pending') === 'pending')
+    .sort((a,b)=> (b.createdAt||0)-(a.createdAt||0))
+    .slice(0, 200);
+  res.json({ ok: true, pending });
+}
+
+async function purgeByYear(req, res) {
+  const year = String((req.body||{}).year || '').trim();
+  if (!/^\d{4}$/.test(year)) return res.status(400).json({ status: { code: 'bad-request', message: 'Année invalide (YYYY)' } });
+  const y = Number(year);
+  const startTs = Date.UTC(y,0,1,0,0,0);
+  const endTs = Date.UTC(y+1,0,1,0,0,0);
+
+  const ids = await dbi.listReservationIdsByStartRange(startTs, endTs, 100000);
+  for (const id of ids) {
+    await dbi.deleteReservation(id);
   }
-  const y = parseInt(year, 10);
-  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
-  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
-
-  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 100000);
-  let count = 0;
-  for (const rid of ids) {
-    await dbLayer.removeReservation(rid);
-    count++;
-  }
-  res.json({ ok: true, removed: count });
-};
-
-// Debug endpoint to validate HelloAsso connectivity and item loading
-admin.debugHelloAsso = async function (req, res) {
-  const settings = await meta.settings.get('calendar-onekite');
-  const env = (settings && settings.helloassoEnv) || 'prod';
-
-  // Never expose secrets in debug output
-  const safeSettings = {
-    helloassoEnv: env,
-    helloassoClientId: settings && settings.helloassoClientId ? String(settings.helloassoClientId) : '',
-    helloassoClientSecret: settings && settings.helloassoClientSecret ? '***' : '',
-    helloassoOrganizationSlug: settings && settings.helloassoOrganizationSlug ? String(settings.helloassoOrganizationSlug) : '',
-    helloassoFormType: settings && settings.helloassoFormType ? String(settings.helloassoFormType) : '',
-    helloassoFormSlug: settings && settings.helloassoFormSlug ? String(settings.helloassoFormSlug) : '',
-  };
-
-  const out = {
-    ok: true,
-    settings: safeSettings,
-    token: { ok: false },
-    items: { ok: false, count: 0, sample: [] },
-  };
-
+  res.json({ ok: true, deleted: ids.length });
+}
+
+async function debugHelloAsso(req, res) {
+  const settings = await meta.settings.get('calendar-onekite') || {};
+  const masked = { ...settings };
+  if (masked.helloassoClientSecret) masked.helloassoClientSecret = '***';
+  const out = { ok: true, settings: masked };
   try {
-    const token = await helloasso.getAccessToken({
-      env,
-      clientId: settings.helloassoClientId,
-      clientSecret: settings.helloassoClientSecret,
-    });
-    if (!token) {
-      out.token = { ok: false, error: 'token-null' };
-      return res.json(out);
-    }
+    // token + catalog
+    const items = await api._getCatalogItems();
     out.token = { ok: true };
-
-    try {
-      const items = await helloasso.listItems({
-        env,
-        token,
-        organizationSlug: settings.helloassoOrganizationSlug,
-        formType: settings.helloassoFormType,
-        formSlug: settings.helloassoFormSlug,
-      });
-      const arr = Array.isArray(items) ? items : [];
-      out.items.ok = true;
-      out.items.count = arr.length;
-      out.items.sample = arr.slice(0, 10).map((it) => ({
-        id: it.id || it.itemId || it.reference || it.name,
-        name: it.name || it.label || it.itemName,
-        price: it.price || it.amount || it.unitPrice || null,
-      }));
-    } catch (e) {
-      out.items = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [] };
-    }
-
-    return res.json(out);
+    out.catalog = { ok: true, count: items.length, sample: items.slice(0, 10) };
+    // also expose cache error if any
+    const cache = api._catalogCache();
+    if (cache && cache.err) out.catalog.err = cache.err;
   } catch (e) {
-    out.ok = false;
-    out.token = { ok: false, error: String(e && e.message ? e.message : e) };
-    return res.json(out);
+    out.token = { ok: false, message: e.message };
+    out.catalog = { ok: false, count: 0, sample: [], message: e.message };
   }
+  res.json(out);
+}
+
+module.exports = {
+  getSettings,
+  saveSettings,
+  getPending,
+  purgeByYear,
+  debugHelloAsso,
 };
-
-module.exports = admin;

package/lib/api.js

@@ -1,158 +1,152 @@
 'use strict';
 
-const crypto = require('crypto');
-
 const meta = require.main.require('./src/meta');
-const user = require.main.require('./src/user');
-const groups = require.main.require('./src/groups');
-
-const dbLayer = require('./db');
-const helloasso = require('./helloasso');
-
-function toTs(v) {
-  if (!v) return NaN;
-  const d = new Date(v);
-  return d.getTime();
+const dbi = require('./db');
+const hello = require('./helloasso');
+
+function parseDateParam(s) {
+  // FullCalendar sends ISO date/time. Accept 'YYYY-MM-DD' too.
+  const d = new Date(s);
+  if (!s || Number.isNaN(d.getTime())) return null;
+  return d;
 }
 
-async function canRequest(uid, settings) {
-  const allowed = (settings.allowedGroups || '').split(',').map(s => s.trim()).filter(Boolean);
-  if (!allowed.length) return true; // if empty, allow all logged in users
-  for (const g of allowed) {
-    const isMember = await groups.isMember(uid, g);
-    if (isMember) return true;
-  }
-  return false;
+function toYMD(ts) {
+  const d = new Date(Number(ts));
+  const y = d.getUTCFullYear();
+  const m = String(d.getUTCMonth()+1).padStart(2,'0');
+  const da = String(d.getUTCDate()).padStart(2,'0');
+  return `${y}-${m}-${da}`;
 }
 
-function eventFor(resv) {
-  const status = resv.status;
-  const icons = { pending: '⏳', approved: '✅', refused: '⛔' };
-  return {
-    id: resv.rid,
-    title: `${icons[status] || ''} ${resv.itemName || resv.itemId}`.trim(),
-    start: new Date(parseInt(resv.start, 10)).toISOString(),
-    end: new Date(parseInt(resv.end, 10)).toISOString(),
-    extendedProps: {
-      status,
-      uid: resv.uid,
-      itemId: resv.itemId,
-    },
-  };
+function daysBetweenInclusive(startYMD, endYMDExclusive) {
+  // FullCalendar selection end is exclusive. We compute number of days selected.
+  const s = new Date(startYMD + 'T00:00:00Z');
+  const e = new Date(endYMDExclusive + 'T00:00:00Z');
+  const diff = Math.max(0, Math.round((e - s) / 86400000));
+  return diff || 1;
 }
 
-const api = {};
-
-api.getEvents = async function (req, res) {
-  const startTs = toTs(req.query.start) || 0;
-  const endTs = toTs(req.query.end) || (Date.now() + 365 * 24 * 3600 * 1000);
-
-  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 2000);
-  const out = [];
-  for (const rid of ids) {
-    const r = await dbLayer.getReservation(rid);
-    if (!r) continue;
-    if (r.status !== 'pending' && r.status !== 'approved') continue;
-    out.push(eventFor(r));
-  }
-  res.json(out);
-};
+let catalogCache = { at: 0, items: [], raw: null, ok: false, err: null };
 
-api.getItems = async function (req, res) {
+async function getSettings() {
   const settings = await meta.settings.get('calendar-onekite');
+  return settings || {};
+}
 
-  const env = settings.helloassoEnv || 'prod';
-  const token = await helloasso.getAccessToken({
-    env,
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-
-  if (!token) {
-    return res.json([]);
+async function getCatalogItems() {
+  const settings = await getSettings();
+  const now = Date.now();
+  if (catalogCache.ok && (now - catalogCache.at) < 5*60*1000) {
+    return catalogCache.items;
+  }
+  if (!settings.helloassoClientId || !settings.helloassoClientSecret || !settings.helloassoOrganizationSlug || !settings.helloassoFormSlug || !settings.helloassoFormType) {
+    catalogCache = { at: now, items: [], raw: null, ok: true, err: null };
+    return [];
   }
+  try {
+    const pub = await hello.getShopCatalog(settings);
+    const items = hello.extractItemsFromPublic(pub);
+    catalogCache = { at: now, items, raw: pub, ok: true, err: null };
+    return items;
+  } catch (err) {
+    catalogCache = { at: now, items: [], raw: null, ok: false, err: { message: err.message, statusCode: err.statusCode, body: err.body } };
+    return [];
+  }
+}
 
-  const items = await helloasso.listItems({
-    env,
-    token,
-    organizationSlug: settings.helloassoOrganizationSlug,
-    formType: settings.helloassoFormType,
-    formSlug: settings.helloassoFormSlug,
-  });
+async function getCatalog(req, res) {
+  const items = await getCatalogItems();
+  res.json({ ok: true, count: items.length, items });
+}
 
-  // Normalize minimal fields for client
-  const normalized = (items || []).map((it) => ({
-    id: it.id || it.itemId || it.reference || it.name,
-    name: it.name || it.label || `Item ${it.id || ''}`,
-    price: it.price || it.amount || it.unitPrice || 0,
-  })).filter(it => it.id && it.name);
+async function getEvents(req, res) {
+  const start = parseDateParam(req.query.start);
+  const end = parseDateParam(req.query.end);
+  const startTs = start ? start.getTime() : Date.now() - 365*86400000;
+  const endTs = end ? end.getTime() : Date.now() + 365*86400000;
+
+  const ids = await dbi.listReservationIdsByStartRange(startTs, endTs, 5000);
+  const rows = await dbi.getReservations(ids);
+
+  const events = rows.map(r => {
+    const itemNames = (r.items || []).map(it => it.name).join(', ');
+    const title = itemNames || 'Réservation';
+    const status = r.status || 'pending';
+    const icon = status === 'approved' ? '✅' : status === 'refused' ? '⛔' : '⏳';
+    return {
+      id: r.id,
+      title: `${icon} ${title}`,
+      start: toYMD(r.startTs),
+      end: toYMD(r.endTs), // end exclusive works for allDay
+      allDay: true,
+      extendedProps: {
+        status,
+        requesterUid: r.uid,
+        items: r.items || [],
+        totalCents: r.totalCents || 0,
+        days: r.days || 1,
+      }
+    };
+  });
 
-  res.json(normalized);
-};
+  res.json(events);
+}
 
-api.createReservation = async function (req, res) {
+async function createReservation(req, res) {
   const uid = req.uid;
-  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
-
-  const settings = await meta.settings.get('calendar-onekite');
-  const ok = await canRequest(uid, settings);
-  if (!ok) return res.status(403).json({ error: 'not-allowed' });
-
-  const start = parseInt(toTs(req.body.start), 10);
-  const end = parseInt(toTs(req.body.end), 10);
-  const itemId = (req.body.itemId || '').toString();
-  const itemName = (req.body.itemName || '').toString();
-
-  if (!start || !end || !itemId) {
-    return res.status(400).json({ error: 'missing-fields' });
+  if (!uid) return res.status(403).json({ status: { code: 'forbidden', message: 'Not logged in' } });
+
+  const body = req.body || {};
+  const startYMD = body.start;
+  const endYMD = body.end;
+  const itemIds = Array.isArray(body.itemIds) ? body.itemIds.map(String) : [];
+  if (!startYMD || !endYMD) return res.status(400).json({ status: { code: 'bad-request', message: 'Missing dates' } });
+  if (!itemIds.length) return res.status(400).json({ status: { code: 'bad-request', message: 'Missing itemIds' } });
+
+  const days = daysBetweenInclusive(startYMD, endYMD);
+
+  const catalog = await getCatalogItems();
+  const chosen = [];
+  let sumPerDay = 0;
+  for (const id of itemIds) {
+    const it = catalog.find(x => x.id === id);
+    if (it) {
+      chosen.push(it);
+      sumPerDay += Number(it.priceCents || 0);
+    } else {
+      // keep unknown item with 0 price to avoid hard fail
+      chosen.push({ id, name: `Item ${id}`, priceCents: 0 });
+    }
   }
+  const totalCents = sumPerDay * days;
 
-  const now = Date.now();
-  const rid = crypto.randomUUID();
+  const id = await dbi.nextId();
+  const startTs = new Date(startYMD + 'T00:00:00Z').getTime();
+  const endTs = new Date(endYMD + 'T00:00:00Z').getTime();
 
   const resv = {
-    rid,
-    uid,
-    itemId,
-    itemName: itemName || itemId,
-    start,
-    end,
+    id,
+    uid: String(uid),
+    startTs,
+    endTs,
+    startYMD,
+    endYMD,
+    items: chosen,
+    days,
+    totalCents,
     status: 'pending',
-    createdAt: now,
+    createdAt: Date.now(),
   };
+  await dbi.saveReservation(resv);
 
-  // Save
-  await dbLayer.saveReservation(resv);
-
-  // Notify groups by email
-  try {
-    const notifyGroups = (settings.notifyGroups || '').split(',').map(s => s.trim()).filter(Boolean);
-    if (notifyGroups.length) {
-      const emailer = require.main.require('./src/emailer');
-      const u = await user.getUserData(uid);
-      for (const g of notifyGroups) {
-        const members = await groups.getMembers(g, 0, -1);
-        for (const m of members) {
-          const memberUid = typeof m === 'object' && m ? (m.uid || m.userId) : m;
-          const md = await user.getUserData(memberUid);
-          if (md && md.email) {
-            await emailer.send('calendar-onekite_pending', md.email, {
-              username: md.username,
-              requester: u.username,
-              itemName: resv.itemName,
-              start: new Date(start).toISOString(),
-              end: new Date(end).toISOString(),
-              rid,
-            });
-          }
-        }
-      }
-    }
-  } catch (e) {
-    // ignore email errors
-  }
+  res.json({ ok: true, reservation: resv });
+}
 
-  res.json({ ok: true, rid });
+module.exports = {
+  getEvents,
+  getCatalog,
+  createReservation,
+  _getCatalogItems: getCatalogItems,
+  _catalogCache: () => catalogCache,
 };
-
-module.exports = api;

package/lib/db.js

@@ -2,41 +2,55 @@
 
 const db = require.main.require('./src/database');
 
-const KEY_ZSET = 'calendar-onekite:reservations';
-const KEY_OBJ = (rid) => `calendar-onekite:reservation:${rid}`;
+const KEYS = {
+  Z_BY_START: 'calendar-onekite:reservations:byStart',
+  HASH: (id) => `calendar-onekite:reservation:${id}`,
+  NEXT_ID: 'calendar-onekite:reservation:nextId',
+};
 
-async function getReservation(rid) {
-  return await db.getObject(KEY_OBJ(rid));
+async function nextId() {
+  const id = await db.incrObjectField('calendar-onekite:meta', 'nextId');
+  return String(id);
 }
 
 async function saveReservation(resv) {
-  await db.setObject(KEY_OBJ(resv.rid), resv);
-  // score = start timestamp
-  await db.sortedSetAdd(KEY_ZSET, resv.start, resv.rid);
+  await db.setObject(KEYS.HASH(resv.id), resv);
+  await db.sortedSetAdd(KEYS.Z_BY_START, resv.startTs, resv.id);
+}
+
+async function getReservation(id) {
+  return await db.getObject(KEYS.HASH(id));
 }
 
-async function removeReservation(rid) {
-  await db.sortedSetRemove(KEY_ZSET, rid);
-  await db.delete(KEY_OBJ(rid));
+async function getReservations(ids) {
+  if (!ids.length) return [];
+  const keys = ids.map(KEYS.HASH);
+  const objects = await db.getObjects(keys);
+  return objects.filter(Boolean);
 }
 
-async function listReservationIdsByStartRange(startTs, endTs, limit = 1000) {
-  // NodeBB db method name is getSortedSetRangeByScore(set, start, stop, min, max)
-  // (start/stop are index offsets, min/max are score range)
-  const start = 0;
-  const stop = Math.max(0, (parseInt(limit, 10) || 1000) - 1);
-  return await db.getSortedSetRangeByScore(KEY_ZSET, start, stop, startTs, endTs);
+async function listReservationIdsByStartRange(startTs, endTs, limit = 2000) {
+  // NodeBB db API: getSortedSetRangeByScore(set, start, stop, min, max)
+  const ids = await db.getSortedSetRangeByScore(KEYS.Z_BY_START, 0, limit - 1, startTs, endTs);
+  return ids || [];
 }
 
-async function listAllReservationIds(limit = 5000) {
-  return await db.getSortedSetRange(KEY_ZSET, 0, limit - 1);
+async function deleteReservation(id) {
+  await db.delete(KEYS.HASH(id));
+  await db.sortedSetRemove(KEYS.Z_BY_START, id);
+}
+
+async function listAllIds(limit=100000) {
+  return await db.getSortedSetRange(KEYS.Z_BY_START, 0, limit-1);
 }
 
 module.exports = {
-  KEY_ZSET,
-  getReservation,
+  KEYS,
+  nextId,
   saveReservation,
-  removeReservation,
+  getReservation,
+  getReservations,
   listReservationIdsByStartRange,
-  listAllReservationIds,
+  deleteReservation,
+  listAllIds,
 };