nodebb-plugin-calendar-onekite 11.1.23 → 11.1.25

package/lib/admin.js

@@ -1,76 +1,159 @@
 'use strict';
 
 const meta = require.main.require('./src/meta');
-const dbi = require('./db');
 const api = require('./api');
+const store = require('./db');
+const helloasso = require('./helloasso');
+
+const PLUGIN_ID = 'calendar-onekite';
+
+function normalizeCsv(v) {
+  return String(v || '')
+    .split(',')
+    .map(s => s.trim())
+    .filter(Boolean)
+    .join(',');
+}
 
 async function getSettings(req, res) {
-  const settings = await meta.settings.get('calendar-onekite');
-  // mask secret
-  if (settings && settings.helloassoClientSecret) settings.helloassoClientSecret = '***';
-  res.json({ ok: true, settings: settings || {} });
+  const settings = await meta.settings.get(PLUGIN_ID) || {};
+  if (settings.helloassoClientSecret) settings.helloassoClientSecret = '***';
+  res.json({ ok: true, settings });
 }
 
 async function saveSettings(req, res) {
   const body = req.body || {};
-  // If secret is '***', do not overwrite.
-  const current = await meta.settings.get('calendar-onekite') || {};
-  const next = { ...current, ...body };
-  if (body.helloassoClientSecret === '***') {
-    next.helloassoClientSecret = current.helloassoClientSecret;
-  }
-  await meta.settings.set('calendar-onekite', next);
-  // invalidate catalog cache
+  const current = await meta.settings.get(PLUGIN_ID) || {};
+  const toSave = {
+    helloassoEnv: body.helloassoEnv || current.helloassoEnv || 'sandbox',
+    helloassoClientId: body.helloassoClientId || '',
+    helloassoClientSecret: body.helloassoClientSecret && body.helloassoClientSecret !== '***'
+      ? body.helloassoClientSecret
+      : (current.helloassoClientSecret || ''),
+    helloassoOrganizationSlug: body.helloassoOrganizationSlug || '',
+    helloassoFormType: body.helloassoFormType || 'shop',
+    helloassoFormSlug: body.helloassoFormSlug || '',
+
+    creatorGroups: normalizeCsv(body.creatorGroups),
+    validatorGroups: normalizeCsv(body.validatorGroups),
+    notifyGroups: normalizeCsv(body.notifyGroups),
+
+    holdMinutes: parseInt(body.holdMinutes, 10) || 5,
+  };
+
+  await meta.settings.set(PLUGIN_ID, toSave);
   res.json({ ok: true });
 }
 
-async function getPending(req, res) {
-  const ids = await dbi.listAllIds(5000);
-  const rows = await dbi.getReservations(ids);
-  const pending = rows.filter(r => (r.status || 'pending') === 'pending')
-    .sort((a,b)=> (b.createdAt||0)-(a.createdAt||0))
-    .slice(0, 200);
+async function listPending(req, res) {
+  await api.sweepExpired();
+  const now = Date.now();
+  const ids = await store.listIdsByStartMax(now + 365 * 24 * 3600 * 1000, 5000);
+  const pending = [];
+  for (const rid of ids) {
+    // eslint-disable-next-line no-await-in-loop
+    const r = await store.getReservation(rid);
+    if (r && String(r.status) === 'pending') pending.push(r);
+  }
+  pending.sort((a, b) => Number(b.createdAt || 0) - Number(a.createdAt || 0));
   res.json({ ok: true, pending });
 }
 
 async function purgeByYear(req, res) {
-  const year = String((req.body||{}).year || '').trim();
-  if (!/^\d{4}$/.test(year)) return res.status(400).json({ status: { code: 'bad-request', message: 'Année invalide (YYYY)' } });
+  const year = String((req.body && req.body.year) || '').trim();
+  if (!/^\d{4}$/.test(year)) return res.status(400).json({ ok: false, error: 'invalid-year' });
+
   const y = Number(year);
-  const startTs = Date.UTC(y,0,1,0,0,0);
-  const endTs = Date.UTC(y+1,0,1,0,0,0);
+  const start = Date.UTC(y, 0, 1, 0, 0, 0, 0);
+  const end = Date.UTC(y + 1, 0, 1, 0, 0, 0, 0);
 
-  const ids = await dbi.listReservationIdsByStartRange(startTs, endTs, 100000);
-  for (const id of ids) {
-    await dbi.deleteReservation(id);
+  const ids = await store.listIdsByStartMax(end, 100000);
+  let purged = 0;
+  for (const rid of ids) {
+    // eslint-disable-next-line no-await-in-loop
+    const r = await store.getReservation(rid);
+    if (!r || !r.startTs) continue;
+    const s = Number(r.startTs);
+    if (s >= start && s < end) {
+      // eslint-disable-next-line no-await-in-loop
+      await store.deleteReservation(rid);
+      purged++;
+    }
   }
-  res.json({ ok: true, deleted: ids.length });
+  res.json({ ok: true, purged });
 }
 
 async function debugHelloAsso(req, res) {
-  const settings = await meta.settings.get('calendar-onekite') || {};
-  const masked = { ...settings };
-  if (masked.helloassoClientSecret) masked.helloassoClientSecret = '***';
-  const out = { ok: true, settings: masked };
-  try {
-    // token + catalog
-    const items = await api._getCatalogItems();
-    out.token = { ok: true };
+  const settings = await meta.settings.get(PLUGIN_ID) || {};
+  const safe = { ...settings };
+  if (safe.helloassoClientSecret) safe.helloassoClientSecret = '***';
+
+  const out = {
+    ok: true,
+    settings: safe,
+    token: { ok: false },
+    catalog: { ok: false, count: 0, sample: [] },
+    soldItems: { ok: false, count: 0, sample: [] },
+  };
+
+  if (!settings.helloassoClientId || !settings.helloassoClientSecret) {
+    return res.json(out);
+  }
+
+  const tok = await helloasso.getToken(settings);
+  out.token = { ok: tok.ok };
+  if (!tok.ok) {
+    out.token.error = tok.error;
+    return res.json(out);
+  }
+
+  const pub = await helloasso.getPublicForm(settings, tok.token);
+  if (!pub.error) {
+    const items = helloasso.extractCatalogItems(pub.body);
     out.catalog = { ok: true, count: items.length, sample: items.slice(0, 10) };
-    // also expose cache error if any
-    const cache = api._catalogCache();
-    if (cache && cache.err) out.catalog.err = cache.err;
+  } else {
+    out.catalog = { ok: false, error: pub.body || pub.raw };
+  }
+
+  // optional "items" endpoint (may be empty without sales)
+  try {
+    const https = require('https');
+    const host = (settings.helloassoEnv === 'sandbox') ? 'api.helloasso-sandbox.com' : 'api.helloasso.com';
+    const path = `/v5/organizations/${encodeURIComponent(settings.helloassoOrganizationSlug)}/forms/${encodeURIComponent(settings.helloassoFormType)}/${encodeURIComponent(settings.helloassoFormSlug)}/items?pageIndex=1&pageSize=50`;
+    const r = await new Promise((resolve) => {
+      const req2 = https.request({ method: 'GET', host, path, headers: { Authorization: `Bearer ${tok.token}` } }, (resp) => {
+        let data = '';
+        resp.on('data', (d) => { data += d; });
+        resp.on('end', () => {
+          let parsed = null;
+          try { parsed = data ? JSON.parse(data) : null; } catch (e) { /* ignore */ }
+          resolve({ statusCode: resp.statusCode, body: parsed });
+        });
+      });
+      req2.on('error', () => resolve({ statusCode: 0, body: null }));
+      req2.end();
+    });
+
+    if (r.statusCode >= 200 && r.statusCode < 300 && r.body) {
+      const arr = Array.isArray(r.body.data) ? r.body.data : (Array.isArray(r.body) ? r.body : []);
+      const sample = arr.slice(0, 10).map(x => ({
+        id: String(x.id || x.itemId || ''),
+        name: x.name || x.label || '',
+        priceCents: x.price || x.amount || 0,
+      }));
+      out.soldItems = { ok: true, count: arr.length, sample };
+    }
   } catch (e) {
-    out.token = { ok: false, message: e.message };
-    out.catalog = { ok: false, count: 0, sample: [], message: e.message };
+    // ignore
   }
-  res.json(out);
+
+  return res.json(out);
 }
 
 module.exports = {
   getSettings,
   saveSettings,
-  getPending,
+  listPending,
   purgeByYear,
   debugHelloAsso,
 };

package/lib/api.js

@@ -1,152 +1,323 @@
 'use strict';
 
 const meta = require.main.require('./src/meta');
-const dbi = require('./db');
-const hello = require('./helloasso');
-
-function parseDateParam(s) {
-  // FullCalendar sends ISO date/time. Accept 'YYYY-MM-DD' too.
-  const d = new Date(s);
-  if (!s || Number.isNaN(d.getTime())) return null;
-  return d;
+const User = (() => { try { return require.main.require('./src/user'); } catch (e) { return null; }})();
+const { isInAnyGroup } = require('./middlewares');
+const store = require('./db');
+const helloasso = require('./helloasso');
+const mailer = require('./mailer');
+
+const PLUGIN_ID = 'calendar-onekite';
+
+let sweeperStarted = false;
+let cachedCatalog = { ts: 0, items: [] };
+
+function parseIntSafe(v, def) {
+  const n = parseInt(v, 10);
+  return Number.isFinite(n) ? n : def;
 }
 
 function toYMD(ts) {
   const d = new Date(Number(ts));
   const y = d.getUTCFullYear();
-  const m = String(d.getUTCMonth()+1).padStart(2,'0');
-  const da = String(d.getUTCDate()).padStart(2,'0');
-  return `${y}-${m}-${da}`;
+  const m = String(d.getUTCMonth() + 1).padStart(2, '0');
+  const day = String(d.getUTCDate()).padStart(2, '0');
+  return `${y}-${m}-${day}`;
 }
 
-function daysBetweenInclusive(startYMD, endYMDExclusive) {
-  // FullCalendar selection end is exclusive. We compute number of days selected.
-  const s = new Date(startYMD + 'T00:00:00Z');
-  const e = new Date(endYMDExclusive + 'T00:00:00Z');
-  const diff = Math.max(0, Math.round((e - s) / 86400000));
-  return diff || 1;
+function overlap(aStart, aEnd, bStart, bEnd) {
+  return aStart < bEnd && bStart < aEnd;
 }
 
-let catalogCache = { at: 0, items: [], raw: null, ok: false, err: null };
-
-async function getSettings() {
-  const settings = await meta.settings.get('calendar-onekite');
-  return settings || {};
+async function loadSettings() {
+  return await meta.settings.get(PLUGIN_ID) || {};
 }
 
-async function getCatalogItems() {
-  const settings = await getSettings();
+async function refreshCatalog(settings) {
   const now = Date.now();
-  if (catalogCache.ok && (now - catalogCache.at) < 5*60*1000) {
-    return catalogCache.items;
+  if (cachedCatalog.items.length && (now - cachedCatalog.ts) < 5 * 60 * 1000) {
+    return cachedCatalog.items;
   }
-  if (!settings.helloassoClientId || !settings.helloassoClientSecret || !settings.helloassoOrganizationSlug || !settings.helloassoFormSlug || !settings.helloassoFormType) {
-    catalogCache = { at: now, items: [], raw: null, ok: true, err: null };
+  if (!settings.helloassoClientId || !settings.helloassoClientSecret || !settings.helloassoOrganizationSlug || !settings.helloassoFormSlug) {
+    cachedCatalog = { ts: now, items: [] };
     return [];
   }
-  try {
-    const pub = await hello.getShopCatalog(settings);
-    const items = hello.extractItemsFromPublic(pub);
-    catalogCache = { at: now, items, raw: pub, ok: true, err: null };
-    return items;
-  } catch (err) {
-    catalogCache = { at: now, items: [], raw: null, ok: false, err: { message: err.message, statusCode: err.statusCode, body: err.body } };
+  const tok = await helloasso.getToken(settings);
+  if (!tok.ok) {
+    cachedCatalog = { ts: now, items: [] };
+    return [];
+  }
+  const pub = await helloasso.getPublicForm(settings, tok.token);
+  if (pub.error) {
+    cachedCatalog = { ts: now, items: [] };
     return [];
   }
+  const items = helloasso.extractCatalogItems(pub.body);
+  cachedCatalog = { ts: now, items };
+  return items;
 }
 
-async function getCatalog(req, res) {
-  const items = await getCatalogItems();
-  res.json({ ok: true, count: items.length, items });
+async function sweepExpired() {
+  const settings = await loadSettings();
+  const now = Date.now();
+  const ids = await store.listExpiredIds(now, 5000);
+  for (const ridStr of ids) {
+    // eslint-disable-next-line no-await-in-loop
+    const resv = await store.getReservation(ridStr);
+    if (!resv || !resv.status) {
+      // eslint-disable-next-line no-await-in-loop
+      await store.removeFromAllIndexes(ridStr);
+      continue;
+    }
+    const status = String(resv.status);
+    if (['pending', 'awaiting_payment'].includes(status)) {
+      resv.status = 'expired';
+      // eslint-disable-next-line no-await-in-loop
+      await store.setReservation(ridStr, resv);
+      // stop blocking
+      // eslint-disable-next-line no-await-in-loop
+      await store.removeFromAllIndexes(ridStr);
+    } else {
+      // eslint-disable-next-line no-await-in-loop
+      await store.removeFromAllIndexes(ridStr);
+    }
+  }
+}
+
+function startSweeper() {
+  if (sweeperStarted) return;
+  sweeperStarted = true;
+  setInterval(() => {
+    sweepExpired().catch(() => {});
+  }, 60 * 1000).unref();
 }
 
 async function getEvents(req, res) {
-  const start = parseDateParam(req.query.start);
-  const end = parseDateParam(req.query.end);
-  const startTs = start ? start.getTime() : Date.now() - 365*86400000;
-  const endTs = end ? end.getTime() : Date.now() + 365*86400000;
-
-  const ids = await dbi.listReservationIdsByStartRange(startTs, endTs, 5000);
-  const rows = await dbi.getReservations(ids);
-
-  const events = rows.map(r => {
-    const itemNames = (r.items || []).map(it => it.name).join(', ');
-    const title = itemNames || 'Réservation';
-    const status = r.status || 'pending';
-    const icon = status === 'approved' ? '✅' : status === 'refused' ? '⛔' : '⏳';
-    return {
-      id: r.id,
-      title: `${icon} ${title}`,
-      start: toYMD(r.startTs),
-      end: toYMD(r.endTs), // end exclusive works for allDay
-      allDay: true,
-      extendedProps: {
-        status,
-        requesterUid: r.uid,
-        items: r.items || [],
-        totalCents: r.totalCents || 0,
-        days: r.days || 1,
+  try {
+    await sweepExpired();
+    const start = parseIntSafe(req.query.startTs, 0);
+    const end = parseIntSafe(req.query.endTs, Date.now() + 365 * 24 * 3600 * 1000);
+
+    const ids = await store.listIdsByStartMax(end, 5000);
+    const events = [];
+    for (const rid of ids) {
+      // eslint-disable-next-line no-await-in-loop
+      const r = await store.getReservation(rid);
+      if (!r || !r.startTs || !r.endTs) continue;
+      if (!overlap(Number(r.startTs), Number(r.endTs), start, end)) continue;
+
+      const status = String(r.status || 'pending');
+      const title = (Array.isArray(r.items) ? r.items.map(it => it.name).join(', ') : (r.itemName || 'Réservation'));
+      events.push({
+        id: String(r.rid),
+        title,
+        start: toYMD(r.startTs),
+        end: toYMD(r.endTs), // end is exclusive, ok for allDay
+        allDay: true,
+        extendedProps: {
+          status,
+          items: r.items || [],
+          requestedByUid: r.uid,
+          totalCents: r.totalCents || 0,
+          days: r.days || 0,
+        },
+      });
+    }
+
+    res.json({ ok: true, events });
+  } catch (e) {
+    res.status(500).json({ ok: false, error: 'events-error' });
+  }
+}
+
+async function getCatalogItems(req, res) {
+  try {
+    const settings = await loadSettings();
+    const items = await refreshCatalog(settings);
+    res.json({ ok: true, items });
+  } catch (e) {
+    res.status(500).json({ ok: false, error: 'items-error' });
+  }
+}
+
+async function createReservation(req, res) {
+  try {
+    await sweepExpired();
+    const settings = await loadSettings();
+    const uid = Number(req.uid) || 0;
+
+    // Check creator group
+    const creatorGroups = settings.creatorGroups || '';
+    if (creatorGroups) {
+      const ok = await isInAnyGroup(uid, creatorGroups);
+      if (!ok) return res.status(403).json({ ok: false, error: 'not-allowed-to-create' });
+    }
+
+    const body = req.body || {};
+    const startTs = parseIntSafe(body.startTs, 0);
+    const endTs = parseIntSafe(body.endTs, 0);
+    const itemIds = Array.isArray(body.itemIds) ? body.itemIds.map(String).filter(Boolean) : [];
+    if (!startTs || !endTs || endTs <= startTs) return res.status(400).json({ ok: false, error: 'invalid-dates' });
+    if (!itemIds.length) return res.status(400).json({ ok: false, error: 'no-items' });
+
+    const dayMs = 24 * 3600 * 1000;
+    const days = Math.max(1, Math.round((endTs - startTs) / dayMs));
+    const catalog = await refreshCatalog(settings);
+    if (!catalog.length) return res.status(400).json({ ok: false, error: 'no-catalog' });
+
+    const selected = catalog.filter(it => itemIds.includes(String(it.id)));
+    if (!selected.length) return res.status(400).json({ ok: false, error: 'items-not-found' });
+
+    // Conflict check: fetch all reservations starting before endTs and check overlap + item intersection
+    const ids = await store.listIdsByStartMax(endTs, 5000);
+    const blockingStatuses = new Set(['pending', 'awaiting_payment', 'approved', 'paid']);
+    const conflicts = [];
+    for (const rid of ids) {
+      // eslint-disable-next-line no-await-in-loop
+      const r = await store.getReservation(rid);
+      if (!r || !r.startTs || !r.endTs) continue;
+      if (!blockingStatuses.has(String(r.status))) continue;
+      if (!overlap(Number(r.startTs), Number(r.endTs), startTs, endTs)) continue;
+      const rItemIds = (Array.isArray(r.items) ? r.items.map(x => String(x.id)) : (r.itemId ? [String(r.itemId)] : []));
+      const overlapItems = rItemIds.filter(id => itemIds.includes(id));
+      if (overlapItems.length) {
+        conflicts.push({ rid: r.rid, itemIds: overlapItems, startTs: r.startTs, endTs: r.endTs, status: r.status });
       }
+    }
+    if (conflicts.length) {
+      return res.status(409).json({ ok: false, error: 'conflict', conflicts });
+    }
+
+    const totalPerDay = selected.reduce((s, it) => s + Number(it.priceCents || 0), 0);
+    const totalCents = totalPerDay * days;
+
+    const holdMinutes = parseIntSafe(settings.holdMinutes, 5);
+    const expiresAt = Date.now() + (holdMinutes * 60 * 1000);
+
+    const resv = {
+      uid,
+      startTs,
+      endTs,
+      days,
+      items: selected,
+      totalCents,
+      status: 'pending',
+      createdAt: Date.now(),
+      expiresAt,
     };
-  });
 
-  res.json(events);
+    const rid = await store.createReservation(resv);
+
+    // Notify validators/admins group(s) by email
+    await mailer.notifyGroups('calendar-onekite-pending', settings.notifyGroups || '', {
+      rid,
+      start: toYMD(startTs),
+      end: toYMD(endTs),
+      items: selected.map(i => i.name).join(', '),
+      total: (totalCents / 100).toFixed(2),
+    });
+
+    res.json({ ok: true, rid });
+  } catch (e) {
+    res.status(500).json({ ok: false, error: 'create-error' });
+  }
 }
 
-async function createReservation(req, res) {
-  const uid = req.uid;
-  if (!uid) return res.status(403).json({ status: { code: 'forbidden', message: 'Not logged in' } });
-
-  const body = req.body || {};
-  const startYMD = body.start;
-  const endYMD = body.end;
-  const itemIds = Array.isArray(body.itemIds) ? body.itemIds.map(String) : [];
-  if (!startYMD || !endYMD) return res.status(400).json({ status: { code: 'bad-request', message: 'Missing dates' } });
-  if (!itemIds.length) return res.status(400).json({ status: { code: 'bad-request', message: 'Missing itemIds' } });
-
-  const days = daysBetweenInclusive(startYMD, endYMD);
-
-  const catalog = await getCatalogItems();
-  const chosen = [];
-  let sumPerDay = 0;
-  for (const id of itemIds) {
-    const it = catalog.find(x => x.id === id);
-    if (it) {
-      chosen.push(it);
-      sumPerDay += Number(it.priceCents || 0);
-    } else {
-      // keep unknown item with 0 price to avoid hard fail
-      chosen.push({ id, name: `Item ${id}`, priceCents: 0 });
+async function approveReservation(req, res) {
+  try {
+    await sweepExpired();
+    const settings = await loadSettings();
+    const rid = String(req.params.rid);
+    const resv = await store.getReservation(rid);
+    if (!resv || String(resv.status) !== 'pending') return res.status(404).json({ ok: false, error: 'not-found' });
+
+    // Create payment link via HelloAsso
+    let paymentUrl = '';
+    const catalog = await refreshCatalog(settings);
+    // ensure items have latest price
+    const map = new Map(catalog.map(i => [String(i.id), i]));
+    const selected = (resv.items || []).map(it => map.get(String(it.id)) || it);
+    const totalPerDay = selected.reduce((s, it) => s + Number(it.priceCents || 0), 0);
+    const totalCents = totalPerDay * Number(resv.days || 1);
+    resv.items = selected;
+    resv.totalCents = totalCents;
+
+    if (settings.helloassoClientId && settings.helloassoClientSecret) {
+      const tok = await helloasso.getToken(settings);
+      if (tok.ok) {
+        const payer = {};
+        if (User && typeof User.getUserField === 'function') {
+          try {
+            const email = await User.getUserField(resv.uid, 'email');
+            if (email) payer.email = email;
+          } catch (e) { /* ignore */ }
+        }
+        const checkout = await helloasso.createCheckoutIntent(settings, tok.token, resv, payer);
+        if (!checkout.error && checkout.body) {
+          paymentUrl = checkout.body.redirectUrl || checkout.body.checkoutUrl || '';
+        }
+      }
     }
+
+    resv.status = paymentUrl ? 'awaiting_payment' : 'approved';
+    resv.paymentUrl = paymentUrl;
+    resv.approvedAt = Date.now();
+    resv.expiresAt = 0;
+    await store.setReservation(rid, resv);
+    await store.clearExpireIndex(rid);
+    await store.ensureStartIndex(rid, resv.startTs);
+
+    // Email requester
+    await mailer.notifyUser('calendar-onekite-approved', Number(resv.uid), {
+      rid,
+      start: toYMD(resv.startTs),
+      end: toYMD(resv.endTs),
+      items: (resv.items || []).map(i => i.name).join(', '),
+      total: (resv.totalCents / 100).toFixed(2),
+      paymentUrl: paymentUrl || '',
+    });
+
+    res.json({ ok: true, paymentUrl });
+  } catch (e) {
+    res.status(500).json({ ok: false, error: 'approve-error' });
+  }
+}
+
+async function refuseReservation(req, res) {
+  try {
+    await sweepExpired();
+    const rid = String(req.params.rid);
+    const resv = await store.getReservation(rid);
+    if (!resv || String(resv.status) !== 'pending') return res.status(404).json({ ok: false, error: 'not-found' });
+
+    resv.status = 'refused';
+    resv.refusedAt = Date.now();
+    resv.expiresAt = 0;
+    await store.setReservation(rid, resv);
+    await store.removeFromAllIndexes(rid);
+
+    await mailer.notifyUser('calendar-onekite-refused', Number(resv.uid), {
+      rid,
+      start: toYMD(resv.startTs),
+      end: toYMD(resv.endTs),
+      items: (resv.items || []).map(i => i.name).join(', '),
+    });
+
+    res.json({ ok: true });
+  } catch (e) {
+    res.status(500).json({ ok: false, error: 'refuse-error' });
   }
-  const totalCents = sumPerDay * days;
-
-  const id = await dbi.nextId();
-  const startTs = new Date(startYMD + 'T00:00:00Z').getTime();
-  const endTs = new Date(endYMD + 'T00:00:00Z').getTime();
-
-  const resv = {
-    id,
-    uid: String(uid),
-    startTs,
-    endTs,
-    startYMD,
-    endYMD,
-    items: chosen,
-    days,
-    totalCents,
-    status: 'pending',
-    createdAt: Date.now(),
-  };
-  await dbi.saveReservation(resv);
-
-  res.json({ ok: true, reservation: resv });
 }
 
 module.exports = {
+  startSweeper,
   getEvents,
-  getCatalog,
+  getCatalogItems,
   createReservation,
-  _getCatalogItems: getCatalogItems,
-  _catalogCache: () => catalogCache,
+  approveReservation,
+  refuseReservation,
+  // exported for admin uses
+  sweepExpired,
+  refreshCatalog,
+  toYMD,
 };