nodebb-plugin-calendar-onekite 11.1.26 → 11.1.28

package/lib/admin.js

@@ -1,159 +1,87 @@
 'use strict';
 
 const meta = require.main.require('./src/meta');
-const api = require('./api');
-const store = require('./db');
-const helloasso = require('./helloasso');
+const User = require.main.require('./src/user');
+
+const HelloAsso = require('./helloasso');
+const Store = require('./db');
 
 const PLUGIN_ID = 'calendar-onekite';
 
 function normalizeCsv(v) {
-  return String(v || '')
-    .split(',')
-    .map(s => s.trim())
-    .filter(Boolean)
-    .join(',');
+  return String(v || '').split(',').map(s => s.trim()).filter(Boolean).join(',');
 }
 
-async function getSettings(req, res) {
+exports.getSettings = async (req, res) => {
   const settings = await meta.settings.get(PLUGIN_ID) || {};
-  if (settings.helloassoClientSecret) settings.helloassoClientSecret = '***';
-  res.json({ ok: true, settings });
-}
+  // never expose secret
+  const safe = { ...settings };
+  if (safe.helloassoClientSecret) safe.helloassoClientSecret = '***';
+  res.json({ ok: true, settings: safe });
+};
 
-async function saveSettings(req, res) {
+exports.putSettings = async (req, res) => {
   const body = req.body || {};
-  const current = await meta.settings.get(PLUGIN_ID) || {};
+  const existing = await meta.settings.get(PLUGIN_ID) || {};
+
   const toSave = {
-    helloassoEnv: body.helloassoEnv || current.helloassoEnv || 'sandbox',
-    helloassoClientId: body.helloassoClientId || '',
-    helloassoClientSecret: body.helloassoClientSecret && body.helloassoClientSecret !== '***'
-      ? body.helloassoClientSecret
-      : (current.helloassoClientSecret || ''),
-    helloassoOrganizationSlug: body.helloassoOrganizationSlug || '',
-    helloassoFormType: body.helloassoFormType || 'shop',
-    helloassoFormSlug: body.helloassoFormSlug || '',
-
-    creatorGroups: normalizeCsv(body.creatorGroups),
-    validatorGroups: normalizeCsv(body.validatorGroups),
-    notifyGroups: normalizeCsv(body.notifyGroups),
-
-    holdMinutes: parseInt(body.holdMinutes, 10) || 5,
+    helloassoEnv: body.helloassoEnv || existing.helloassoEnv || 'sandbox',
+    helloassoClientId: body.helloassoClientId ?? existing.helloassoClientId ?? '',
+    // allow setting secret only if provided and not "***"
+    helloassoClientSecret: (body.helloassoClientSecret && body.helloassoClientSecret !== '***') ? body.helloassoClientSecret : (existing.helloassoClientSecret || ''),
+    helloassoOrganizationSlug: body.helloassoOrganizationSlug ?? existing.helloassoOrganizationSlug ?? '',
+    helloassoFormType: body.helloassoFormType || existing.helloassoFormType || 'shop',
+    helloassoFormSlug: body.helloassoFormSlug ?? existing.helloassoFormSlug ?? '',
+
+    creatorGroups: normalizeCsv(body.creatorGroups ?? existing.creatorGroups),
+    validatorGroups: normalizeCsv(body.validatorGroups ?? existing.validatorGroups),
+    notifyGroups: normalizeCsv(body.notifyGroups ?? existing.notifyGroups),
+
+    holdMinutes: parseInt(body.holdMinutes, 10) || parseInt(existing.holdMinutes, 10) || 5,
   };
 
   await meta.settings.set(PLUGIN_ID, toSave);
   res.json({ ok: true });
-}
+};
 
-async function listPending(req, res) {
-  await api.sweepExpired();
-  const now = Date.now();
-  const ids = await store.listIdsByStartMax(now + 365 * 24 * 3600 * 1000, 5000);
-  const pending = [];
-  for (const rid of ids) {
-    // eslint-disable-next-line no-await-in-loop
-    const r = await store.getReservation(rid);
-    if (r && String(r.status) === 'pending') pending.push(r);
-  }
-  pending.sort((a, b) => Number(b.createdAt || 0) - Number(a.createdAt || 0));
+exports.getPending = async (req, res) => {
+  const pending = await Store.listPending();
   res.json({ ok: true, pending });
-}
+};
 
-async function purgeByYear(req, res) {
-  const year = String((req.body && req.body.year) || '').trim();
-  if (!/^\d{4}$/.test(year)) return res.status(400).json({ ok: false, error: 'invalid-year' });
-
-  const y = Number(year);
-  const start = Date.UTC(y, 0, 1, 0, 0, 0, 0);
-  const end = Date.UTC(y + 1, 0, 1, 0, 0, 0, 0);
-
-  const ids = await store.listIdsByStartMax(end, 100000);
-  let purged = 0;
-  for (const rid of ids) {
-    // eslint-disable-next-line no-await-in-loop
-    const r = await store.getReservation(rid);
-    if (!r || !r.startTs) continue;
-    const s = Number(r.startTs);
-    if (s >= start && s < end) {
-      // eslint-disable-next-line no-await-in-loop
-      await store.deleteReservation(rid);
-      purged++;
-    }
+exports.purge = async (req, res) => {
+  const year = String((req.body || {}).year || '').trim();
+  if (!/^\d{4}$/.test(year)) {
+    return res.status(400).json({ ok: false, error: 'invalid-year' });
   }
-  res.json({ ok: true, purged });
-}
+  const removed = await Store.purgeByYear(parseInt(year, 10));
+  res.json({ ok: true, removed });
+};
 
-async function debugHelloAsso(req, res) {
+exports.debugHelloAsso = async (req, res) => {
   const settings = await meta.settings.get(PLUGIN_ID) || {};
   const safe = { ...settings };
   if (safe.helloassoClientSecret) safe.helloassoClientSecret = '***';
 
-  const out = {
-    ok: true,
-    settings: safe,
-    token: { ok: false },
-    catalog: { ok: false, count: 0, sample: [] },
-    soldItems: { ok: false, count: 0, sample: [] },
-  };
-
-  if (!settings.helloassoClientId || !settings.helloassoClientSecret) {
-    return res.json(out);
-  }
+  const out = { ok: true, settings: safe, token: { ok: false }, catalog: { ok: false, count: 0, sample: [] } };
 
-  const tok = await helloasso.getToken(settings);
-  out.token = { ok: tok.ok };
-  if (!tok.ok) {
-    out.token.error = tok.error;
-    return res.json(out);
-  }
-
-  const pub = await helloasso.getPublicForm(settings, tok.token);
-  if (!pub.error) {
-    const items = helloasso.extractCatalogItems(pub.body);
-    out.catalog = { ok: true, count: items.length, sample: items.slice(0, 10) };
-  } else {
-    out.catalog = { ok: false, error: pub.body || pub.raw };
+  try {
+    const token = await HelloAsso.getToken(settings);
+    out.token.ok = !!token;
+  } catch (e) {
+    out.token.ok = false;
+    out.token.error = e.message;
   }
 
-  // optional "items" endpoint (may be empty without sales)
   try {
-    const https = require('https');
-    const host = (settings.helloassoEnv === 'sandbox') ? 'api.helloasso-sandbox.com' : 'api.helloasso.com';
-    const path = `/v5/organizations/${encodeURIComponent(settings.helloassoOrganizationSlug)}/forms/${encodeURIComponent(settings.helloassoFormType)}/${encodeURIComponent(settings.helloassoFormSlug)}/items?pageIndex=1&pageSize=50`;
-    const r = await new Promise((resolve) => {
-      const req2 = https.request({ method: 'GET', host, path, headers: { Authorization: `Bearer ${tok.token}` } }, (resp) => {
-        let data = '';
-        resp.on('data', (d) => { data += d; });
-        resp.on('end', () => {
-          let parsed = null;
-          try { parsed = data ? JSON.parse(data) : null; } catch (e) { /* ignore */ }
-          resolve({ statusCode: resp.statusCode, body: parsed });
-        });
-      });
-      req2.on('error', () => resolve({ statusCode: 0, body: null }));
-      req2.end();
-    });
-
-    if (r.statusCode >= 200 && r.statusCode < 300 && r.body) {
-      const arr = Array.isArray(r.body.data) ? r.body.data : (Array.isArray(r.body) ? r.body : []);
-      const sample = arr.slice(0, 10).map(x => ({
-        id: String(x.id || x.itemId || ''),
-        name: x.name || x.label || '',
-        priceCents: x.price || x.amount || 0,
-      }));
-      out.soldItems = { ok: true, count: arr.length, sample };
-    }
+    const catalog = await HelloAsso.getCatalog(settings);
+    out.catalog.ok = true;
+    out.catalog.count = catalog.length;
+    out.catalog.sample = catalog.slice(0, 10);
   } catch (e) {
-    // ignore
+    out.catalog.ok = false;
+    out.catalog.error = e.message;
   }
 
-  return res.json(out);
-}
-
-module.exports = {
-  getSettings,
-  saveSettings,
-  listPending,
-  purgeByYear,
-  debugHelloAsso,
+  res.json(out);
 };

package/lib/api.js

@@ -1,323 +1,60 @@
 'use strict';
 
 const meta = require.main.require('./src/meta');
-const User = (() => { try { return require.main.require('./src/user'); } catch (e) { return null; }})();
-const { isInAnyGroup } = require('./middlewares');
-const store = require('./db');
-const helloasso = require('./helloasso');
-const mailer = require('./mailer');
+const groups = require.main.require('./src/groups');
 
-const PLUGIN_ID = 'calendar-onekite';
-
-let sweeperStarted = false;
-let cachedCatalog = { ts: 0, items: [] };
-
-function parseIntSafe(v, def) {
-  const n = parseInt(v, 10);
-  return Number.isFinite(n) ? n : def;
-}
+const HelloAsso = require('./helloasso');
+const Store = require('./db');
 
-function toYMD(ts) {
-  const d = new Date(Number(ts));
-  const y = d.getUTCFullYear();
-  const m = String(d.getUTCMonth() + 1).padStart(2, '0');
-  const day = String(d.getUTCDate()).padStart(2, '0');
-  return `${y}-${m}-${day}`;
-}
-
-function overlap(aStart, aEnd, bStart, bEnd) {
-  return aStart < bEnd && bStart < aEnd;
-}
-
-async function loadSettings() {
-  return await meta.settings.get(PLUGIN_ID) || {};
-}
-
-async function refreshCatalog(settings) {
-  const now = Date.now();
-  if (cachedCatalog.items.length && (now - cachedCatalog.ts) < 5 * 60 * 1000) {
-    return cachedCatalog.items;
-  }
-  if (!settings.helloassoClientId || !settings.helloassoClientSecret || !settings.helloassoOrganizationSlug || !settings.helloassoFormSlug) {
-    cachedCatalog = { ts: now, items: [] };
-    return [];
-  }
-  const tok = await helloasso.getToken(settings);
-  if (!tok.ok) {
-    cachedCatalog = { ts: now, items: [] };
-    return [];
-  }
-  const pub = await helloasso.getPublicForm(settings, tok.token);
-  if (pub.error) {
-    cachedCatalog = { ts: now, items: [] };
-    return [];
-  }
-  const items = helloasso.extractCatalogItems(pub.body);
-  cachedCatalog = { ts: now, items };
-  return items;
-}
-
-async function sweepExpired() {
-  const settings = await loadSettings();
-  const now = Date.now();
-  const ids = await store.listExpiredIds(now, 5000);
-  for (const ridStr of ids) {
-    // eslint-disable-next-line no-await-in-loop
-    const resv = await store.getReservation(ridStr);
-    if (!resv || !resv.status) {
-      // eslint-disable-next-line no-await-in-loop
-      await store.removeFromAllIndexes(ridStr);
-      continue;
-    }
-    const status = String(resv.status);
-    if (['pending', 'awaiting_payment'].includes(status)) {
-      resv.status = 'expired';
-      // eslint-disable-next-line no-await-in-loop
-      await store.setReservation(ridStr, resv);
-      // stop blocking
-      // eslint-disable-next-line no-await-in-loop
-      await store.removeFromAllIndexes(ridStr);
-    } else {
-      // eslint-disable-next-line no-await-in-loop
-      await store.removeFromAllIndexes(ridStr);
-    }
-  }
-}
-
-function startSweeper() {
-  if (sweeperStarted) return;
-  sweeperStarted = true;
-  setInterval(() => {
-    sweepExpired().catch(() => {});
-  }, 60 * 1000).unref();
-}
-
-async function getEvents(req, res) {
-  try {
-    await sweepExpired();
-    const start = parseIntSafe(req.query.startTs, 0);
-    const end = parseIntSafe(req.query.endTs, Date.now() + 365 * 24 * 3600 * 1000);
-
-    const ids = await store.listIdsByStartMax(end, 5000);
-    const events = [];
-    for (const rid of ids) {
-      // eslint-disable-next-line no-await-in-loop
-      const r = await store.getReservation(rid);
-      if (!r || !r.startTs || !r.endTs) continue;
-      if (!overlap(Number(r.startTs), Number(r.endTs), start, end)) continue;
-
-      const status = String(r.status || 'pending');
-      const title = (Array.isArray(r.items) ? r.items.map(it => it.name).join(', ') : (r.itemName || 'Réservation'));
-      events.push({
-        id: String(r.rid),
-        title,
-        start: toYMD(r.startTs),
-        end: toYMD(r.endTs), // end is exclusive, ok for allDay
-        allDay: true,
-        extendedProps: {
-          status,
-          items: r.items || [],
-          requestedByUid: r.uid,
-          totalCents: r.totalCents || 0,
-          days: r.days || 0,
-        },
-      });
-    }
-
-    res.json({ ok: true, events });
-  } catch (e) {
-    res.status(500).json({ ok: false, error: 'events-error' });
-  }
-}
+const PLUGIN_ID = 'calendar-onekite';
 
-async function getCatalogItems(req, res) {
-  try {
-    const settings = await loadSettings();
-    const items = await refreshCatalog(settings);
-    res.json({ ok: true, items });
-  } catch (e) {
-    res.status(500).json({ ok: false, error: 'items-error' });
-  }
+function csvToSet(v) {
+  return new Set(String(v || '').split(',').map(s => s.trim()).filter(Boolean));
 }
 
-async function createReservation(req, res) {
-  try {
-    await sweepExpired();
-    const settings = await loadSettings();
-    const uid = Number(req.uid) || 0;
-
-    // Check creator group
-    const creatorGroups = settings.creatorGroups || '';
-    if (creatorGroups) {
-      const ok = await isInAnyGroup(uid, creatorGroups);
-      if (!ok) return res.status(403).json({ ok: false, error: 'not-allowed-to-create' });
-    }
-
-    const body = req.body || {};
-    const startTs = parseIntSafe(body.startTs, 0);
-    const endTs = parseIntSafe(body.endTs, 0);
-    const itemIds = Array.isArray(body.itemIds) ? body.itemIds.map(String).filter(Boolean) : [];
-    if (!startTs || !endTs || endTs <= startTs) return res.status(400).json({ ok: false, error: 'invalid-dates' });
-    if (!itemIds.length) return res.status(400).json({ ok: false, error: 'no-items' });
-
-    const dayMs = 24 * 3600 * 1000;
-    const days = Math.max(1, Math.round((endTs - startTs) / dayMs));
-    const catalog = await refreshCatalog(settings);
-    if (!catalog.length) return res.status(400).json({ ok: false, error: 'no-catalog' });
-
-    const selected = catalog.filter(it => itemIds.includes(String(it.id)));
-    if (!selected.length) return res.status(400).json({ ok: false, error: 'items-not-found' });
-
-    // Conflict check: fetch all reservations starting before endTs and check overlap + item intersection
-    const ids = await store.listIdsByStartMax(endTs, 5000);
-    const blockingStatuses = new Set(['pending', 'awaiting_payment', 'approved', 'paid']);
-    const conflicts = [];
-    for (const rid of ids) {
-      // eslint-disable-next-line no-await-in-loop
-      const r = await store.getReservation(rid);
-      if (!r || !r.startTs || !r.endTs) continue;
-      if (!blockingStatuses.has(String(r.status))) continue;
-      if (!overlap(Number(r.startTs), Number(r.endTs), startTs, endTs)) continue;
-      const rItemIds = (Array.isArray(r.items) ? r.items.map(x => String(x.id)) : (r.itemId ? [String(r.itemId)] : []));
-      const overlapItems = rItemIds.filter(id => itemIds.includes(id));
-      if (overlapItems.length) {
-        conflicts.push({ rid: r.rid, itemIds: overlapItems, startTs: r.startTs, endTs: r.endTs, status: r.status });
-      }
-    }
-    if (conflicts.length) {
-      return res.status(409).json({ ok: false, error: 'conflict', conflicts });
-    }
-
-    const totalPerDay = selected.reduce((s, it) => s + Number(it.priceCents || 0), 0);
-    const totalCents = totalPerDay * days;
-
-    const holdMinutes = parseIntSafe(settings.holdMinutes, 5);
-    const expiresAt = Date.now() + (holdMinutes * 60 * 1000);
-
-    const resv = {
-      uid,
-      startTs,
-      endTs,
-      days,
-      items: selected,
-      totalCents,
-      status: 'pending',
-      createdAt: Date.now(),
-      expiresAt,
-    };
-
-    const rid = await store.createReservation(resv);
-
-    // Notify validators/admins group(s) by email
-    await mailer.notifyGroups('calendar-onekite-pending', settings.notifyGroups || '', {
-      rid,
-      start: toYMD(startTs),
-      end: toYMD(endTs),
-      items: selected.map(i => i.name).join(', '),
-      total: (totalCents / 100).toFixed(2),
-    });
-
-    res.json({ ok: true, rid });
-  } catch (e) {
-    res.status(500).json({ ok: false, error: 'create-error' });
+async function isMemberOfAny(uid, csv) {
+  const set = csvToSet(csv);
+  if (!uid || set.size === 0) return true; // if empty => allow
+  for (const g of set) {
+    try {
+      const ok = await groups.isMember(uid, g);
+      if (ok) return true;
+    } catch {}
   }
+  return false;
 }
 
-async function approveReservation(req, res) {
-  try {
-    await sweepExpired();
-    const settings = await loadSettings();
-    const rid = String(req.params.rid);
-    const resv = await store.getReservation(rid);
-    if (!resv || String(resv.status) !== 'pending') return res.status(404).json({ ok: false, error: 'not-found' });
-
-    // Create payment link via HelloAsso
-    let paymentUrl = '';
-    const catalog = await refreshCatalog(settings);
-    // ensure items have latest price
-    const map = new Map(catalog.map(i => [String(i.id), i]));
-    const selected = (resv.items || []).map(it => map.get(String(it.id)) || it);
-    const totalPerDay = selected.reduce((s, it) => s + Number(it.priceCents || 0), 0);
-    const totalCents = totalPerDay * Number(resv.days || 1);
-    resv.items = selected;
-    resv.totalCents = totalCents;
-
-    if (settings.helloassoClientId && settings.helloassoClientSecret) {
-      const tok = await helloasso.getToken(settings);
-      if (tok.ok) {
-        const payer = {};
-        if (User && typeof User.getUserField === 'function') {
-          try {
-            const email = await User.getUserField(resv.uid, 'email');
-            if (email) payer.email = email;
-          } catch (e) { /* ignore */ }
-        }
-        const checkout = await helloasso.createCheckoutIntent(settings, tok.token, resv, payer);
-        if (!checkout.error && checkout.body) {
-          paymentUrl = checkout.body.redirectUrl || checkout.body.checkoutUrl || '';
-        }
-      }
-    }
-
-    resv.status = paymentUrl ? 'awaiting_payment' : 'approved';
-    resv.paymentUrl = paymentUrl;
-    resv.approvedAt = Date.now();
-    resv.expiresAt = 0;
-    await store.setReservation(rid, resv);
-    await store.clearExpireIndex(rid);
-    await store.ensureStartIndex(rid, resv.startTs);
-
-    // Email requester
-    await mailer.notifyUser('calendar-onekite-approved', Number(resv.uid), {
-      rid,
-      start: toYMD(resv.startTs),
-      end: toYMD(resv.endTs),
-      items: (resv.items || []).map(i => i.name).join(', '),
-      total: (resv.totalCents / 100).toFixed(2),
-      paymentUrl: paymentUrl || '',
-    });
-
-    res.json({ ok: true, paymentUrl });
-  } catch (e) {
-    res.status(500).json({ ok: false, error: 'approve-error' });
-  }
-}
+exports.getEvents = async (req, res) => {
+  const start = req.query.start;
+  const end = req.query.end;
+  const events = await Store.listEvents(start, end);
+  res.json(events);
+};
 
-async function refuseReservation(req, res) {
-  try {
-    await sweepExpired();
-    const rid = String(req.params.rid);
-    const resv = await store.getReservation(rid);
-    if (!resv || String(resv.status) !== 'pending') return res.status(404).json({ ok: false, error: 'not-found' });
+exports.getCatalog = async (req, res) => {
+  const settings = await meta.settings.get(PLUGIN_ID) || {};
+  const catalog = await HelloAsso.getCatalog(settings);
+  res.json({ ok: true, catalog });
+};
 
-    resv.status = 'refused';
-    resv.refusedAt = Date.now();
-    resv.expiresAt = 0;
-    await store.setReservation(rid, resv);
-    await store.removeFromAllIndexes(rid);
+exports.createReservation = async (req, res) => {
+  const uid = parseInt(req.uid, 10) || 0;
+  if (!uid) return res.status(401).json({ ok: false, error: 'not-logged-in' });
 
-    await mailer.notifyUser('calendar-onekite-refused', Number(resv.uid), {
-      rid,
-      start: toYMD(resv.startTs),
-      end: toYMD(resv.endTs),
-      items: (resv.items || []).map(i => i.name).join(', '),
-    });
+  const settings = await meta.settings.get(PLUGIN_ID) || {};
+  const canCreate = await isMemberOfAny(uid, settings.creatorGroups);
+  if (!canCreate) return res.status(403).json({ ok: false, error: 'not-allowed' });
 
-    res.json({ ok: true });
-  } catch (e) {
-    res.status(500).json({ ok: false, error: 'refuse-error' });
+  const body = req.body || {};
+  const start = String(body.start || '').slice(0, 10);
+  const end = String(body.end || '').slice(0, 10);
+  const itemIds = Array.isArray(body.itemIds) ? body.itemIds.map(String) : [];
+  if (!/^\d{4}-\d{2}-\d{2}$/.test(start) || !/^\d{4}-\d{2}-\d{2}$/.test(end) || itemIds.length === 0) {
+    return res.status(400).json({ ok: false, error: 'invalid-payload' });
   }
-}
 
-module.exports = {
-  startSweeper,
-  getEvents,
-  getCatalogItems,
-  createReservation,
-  approveReservation,
-  refuseReservation,
-  // exported for admin uses
-  sweepExpired,
-  refreshCatalog,
-  toYMD,
+  // Save as pending with expiration
+  const holdMinutes = parseInt(settings.holdMinutes, 10) || 5;
+  const reservation = await Store.createPending(uid, start, end, itemIds, holdMinutes);
+  res.json({ ok: true, reservation });
 };