nodebb-plugin-calendar-onekite 11.1.31 → 11.1.32

package/lib/admin.js

@@ -1,76 +1,249 @@
 'use strict';
 
 const meta = require.main.require('./src/meta');
-const dbi = require('./db');
-const api = require('./api');
+const user = require.main.require('./src/user');
+const emailer = require.main.require('./src/emailer');
 
-async function getSettings(req, res) {
+const dbLayer = require('./db');
+const helloasso = require('./helloasso');
+
+const ADMIN_PRIV = 'admin:settings';
+
+const admin = {};
+
+admin.renderAdmin = async function (req, res) {
+  res.render('admin/plugins/calendar-onekite', {
+    title: 'Calendar OneKite',
+  });
+};
+
+admin.getSettings = async function (req, res) {
   const settings = await meta.settings.get('calendar-onekite');
-  // mask secret
-  if (settings && settings.helloassoClientSecret) settings.helloassoClientSecret = '***';
-  res.json({ ok: true, settings: settings || {} });
-}
-
-async function saveSettings(req, res) {
-  const body = req.body || {};
-  // If secret is '***', do not overwrite.
-  const current = await meta.settings.get('calendar-onekite') || {};
-  const next = { ...current, ...body };
-  if (body.helloassoClientSecret === '***') {
-    next.helloassoClientSecret = current.helloassoClientSecret;
+  res.json(settings || {});
+};
+
+admin.saveSettings = async function (req, res) {
+  await meta.settings.set('calendar-onekite', req.body || {});
+  res.json({ ok: true });
+};
+
+admin.listPending = async function (req, res) {
+  const ids = await dbLayer.listAllReservationIds(5000);
+  const pending = [];
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (r && r.status === 'pending') {
+      pending.push(r);
+    }
   }
-  await meta.settings.set('calendar-onekite', next);
-  // invalidate catalog cache
+  pending.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
+  res.json(pending);
+};
+
+admin.approveReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'approved';
+
+  // Create HelloAsso payment link if configured
+  const settings = await meta.settings.get('calendar-onekite');
+  const env = settings.helloassoEnv || 'prod';
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+
+  let paymentUrl = null;
+  if (token) {
+    const requester = await user.getUserData(r.uid);
+    // Determine amount from HelloAsso items (pricing comes from HelloAsso)
+    let totalAmount = 0;
+    try {
+      const items = await helloasso.listItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: settings.helloassoFormSlug,
+      });
+      const normalized = (items || []).map((it) => ({
+        id: String(it.id || it.itemId || it.reference || it.name),
+        price: it.price || it.amount || it.unitPrice || 0,
+      })).filter(it => it.id);
+      const match = normalized.find(it => it.id === String(r.itemId));
+      totalAmount = match ? parseInt(match.price, 10) || 0 : 0;
+    } catch (e) {
+      totalAmount = 0;
+    }
+
+    if (!totalAmount) {
+      return res.status(400).json({ error: 'item-price-not-found' });
+    }
+    paymentUrl = await helloasso.createCheckoutIntent({
+      env,
+      token,
+      organizationSlug: settings.helloassoOrganizationSlug,
+      formType: settings.helloassoFormType,
+      formSlug: settings.helloassoFormSlug,
+      totalAmount,
+      payerEmail: requester && requester.email,
+    });
+  }
+
+  if (paymentUrl) {
+    r.paymentUrl = paymentUrl;
+  }
+
+  await dbLayer.saveReservation(r);
+
+  // Email requester
+  try {
+    const requester = await user.getUserData(r.uid);
+    if (requester && requester.email) {
+      await emailer.send('calendar-onekite_approved', requester.email, {
+        username: requester.username,
+        itemName: r.itemName,
+        start: new Date(parseInt(r.start, 10)).toISOString(),
+        end: new Date(parseInt(r.end, 10)).toISOString(),
+        paymentUrl: paymentUrl || '',
+      });
+    }
+  } catch (e) {}
+
+  res.json({ ok: true, paymentUrl: paymentUrl || null });
+};
+
+admin.refuseReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'refused';
+  await dbLayer.saveReservation(r);
+
+  try {
+    const requester = await user.getUserData(r.uid);
+    if (requester && requester.email) {
+      await emailer.send('calendar-onekite_refused', requester.email, {
+        username: requester.username,
+        itemName: r.itemName,
+        start: new Date(parseInt(r.start, 10)).toISOString(),
+        end: new Date(parseInt(r.end, 10)).toISOString(),
+      });
+    }
+  } catch (e) {}
+
   res.json({ ok: true });
-}
-
-async function getPending(req, res) {
-  const ids = await dbi.listAllIds(5000);
-  const rows = await dbi.getReservations(ids);
-  const pending = rows.filter(r => (r.status || 'pending') === 'pending')
-    .sort((a,b)=> (b.createdAt||0)-(a.createdAt||0))
-    .slice(0, 200);
-  res.json({ ok: true, pending });
-}
-
-async function purgeByYear(req, res) {
-  const year = String((req.body||{}).year || '').trim();
-  if (!/^\d{4}$/.test(year)) return res.status(400).json({ status: { code: 'bad-request', message: 'Année invalide (YYYY)' } });
-  const y = Number(year);
-  const startTs = Date.UTC(y,0,1,0,0,0);
-  const endTs = Date.UTC(y+1,0,1,0,0,0);
-
-  const ids = await dbi.listReservationIdsByStartRange(startTs, endTs, 100000);
-  for (const id of ids) {
-    await dbi.deleteReservation(id);
+};
+
+admin.purgeByYear = async function (req, res) {
+  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
+  if (!/^\d{4}$/.test(year)) {
+    return res.status(400).json({ error: 'invalid-year' });
+  }
+  const y = parseInt(year, 10);
+  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
+  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
+
+  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 100000);
+  let count = 0;
+  for (const rid of ids) {
+    await dbLayer.removeReservation(rid);
+    count++;
   }
-  res.json({ ok: true, deleted: ids.length });
-}
-
-async function debugHelloAsso(req, res) {
-  const settings = await meta.settings.get('calendar-onekite') || {};
-  const masked = { ...settings };
-  if (masked.helloassoClientSecret) masked.helloassoClientSecret = '***';
-  const out = { ok: true, settings: masked };
+  res.json({ ok: true, removed: count });
+};
+
+// Debug endpoint to validate HelloAsso connectivity and item loading
+admin.debugHelloAsso = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
+  const env = (settings && settings.helloassoEnv) || 'prod';
+
+  // Never expose secrets in debug output
+  const safeSettings = {
+    helloassoEnv: env,
+    helloassoClientId: settings && settings.helloassoClientId ? String(settings.helloassoClientId) : '',
+    helloassoClientSecret: settings && settings.helloassoClientSecret ? '***' : '',
+    helloassoOrganizationSlug: settings && settings.helloassoOrganizationSlug ? String(settings.helloassoOrganizationSlug) : '',
+    helloassoFormType: settings && settings.helloassoFormType ? String(settings.helloassoFormType) : '',
+    helloassoFormSlug: settings && settings.helloassoFormSlug ? String(settings.helloassoFormSlug) : '',
+  };
+
+  const out = {
+    ok: true,
+    settings: safeSettings,
+    token: { ok: false },
+    // Catalog = what you actually want for a shop (available products/material)
+    catalog: { ok: false, count: 0, sample: [], keys: [] },
+    // Sold items = items present in orders (can be 0 if no sales yet)
+    soldItems: { ok: false, count: 0, sample: [] },
+  };
+
   try {
-    // token + catalog
-    const items = await api._getCatalogItems();
+    const token = await helloasso.getAccessToken({
+      env,
+      clientId: settings.helloassoClientId,
+      clientSecret: settings.helloassoClientSecret,
+    });
+    if (!token) {
+      out.token = { ok: false, error: 'token-null' };
+      return res.json(out);
+    }
     out.token = { ok: true };
-    out.catalog = { ok: true, count: items.length, sample: items.slice(0, 10) };
-    // also expose cache error if any
-    const cache = api._catalogCache();
-    if (cache && cache.err) out.catalog.err = cache.err;
+
+    // Catalog items (via /public)
+    try {
+      const { publicForm, items } = await helloasso.listCatalogItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: settings.helloassoFormSlug,
+      });
+
+      const arr = Array.isArray(items) ? items : [];
+      out.catalog.ok = true;
+      out.catalog.count = arr.length;
+      out.catalog.keys = publicForm && typeof publicForm === 'object' ? Object.keys(publicForm) : [];
+      out.catalog.sample = arr.slice(0, 10).map((it) => ({
+        id: it.id,
+        name: it.name,
+        price: it.price ?? null,
+      }));
+    } catch (e) {
+      out.catalog = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [], keys: [] };
+    }
+
+    // Sold items
+    try {
+      const items = await helloasso.listItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: settings.helloassoFormSlug,
+      });
+      const arr = Array.isArray(items) ? items : [];
+      out.soldItems.ok = true;
+      out.soldItems.count = arr.length;
+      out.soldItems.sample = arr.slice(0, 10).map((it) => ({
+        id: it.id || it.itemId || it.reference || it.name,
+        name: it.name || it.label || it.itemName,
+        price: it.price || it.amount || it.unitPrice || null,
+      }));
+    } catch (e) {
+      out.soldItems = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [] };
+    }
+
+    return res.json(out);
   } catch (e) {
-    out.token = { ok: false, message: e.message };
-    out.catalog = { ok: false, count: 0, sample: [], message: e.message };
+    out.ok = false;
+    out.token = { ok: false, error: String(e && e.message ? e.message : e) };
+    return res.json(out);
   }
-  res.json(out);
-}
-
-module.exports = {
-  getSettings,
-  saveSettings,
-  getPending,
-  purgeByYear,
-  debugHelloAsso,
 };
+
+module.exports = admin;

package/lib/api.js

@@ -1,152 +1,163 @@
 'use strict';
 
+const crypto = require('crypto');
+
 const meta = require.main.require('./src/meta');
-const dbi = require('./db');
-const hello = require('./helloasso');
-
-function parseDateParam(s) {
-  // FullCalendar sends ISO date/time. Accept 'YYYY-MM-DD' too.
-  const d = new Date(s);
-  if (!s || Number.isNaN(d.getTime())) return null;
-  return d;
+const user = require.main.require('./src/user');
+const groups = require.main.require('./src/groups');
+
+const dbLayer = require('./db');
+const helloasso = require('./helloasso');
+
+function toTs(v) {
+  if (!v) return NaN;
+  const d = new Date(v);
+  return d.getTime();
 }
 
-function toYMD(ts) {
-  const d = new Date(Number(ts));
-  const y = d.getUTCFullYear();
-  const m = String(d.getUTCMonth()+1).padStart(2,'0');
-  const da = String(d.getUTCDate()).padStart(2,'0');
-  return `${y}-${m}-${da}`;
+async function canRequest(uid, settings) {
+  const allowed = (settings.allowedGroups || '').split(',').map(s => s.trim()).filter(Boolean);
+  if (!allowed.length) return true; // if empty, allow all logged in users
+  for (const g of allowed) {
+    const isMember = await groups.isMember(uid, g);
+    if (isMember) return true;
+  }
+  return false;
 }
 
-function daysBetweenInclusive(startYMD, endYMDExclusive) {
-  // FullCalendar selection end is exclusive. We compute number of days selected.
-  const s = new Date(startYMD + 'T00:00:00Z');
-  const e = new Date(endYMDExclusive + 'T00:00:00Z');
-  const diff = Math.max(0, Math.round((e - s) / 86400000));
-  return diff || 1;
+function eventFor(resv) {
+  const status = resv.status;
+  const icons = { pending: '⏳', approved: '✅', refused: '⛔' };
+  const startIsoDate = new Date(parseInt(resv.start, 10)).toISOString().slice(0, 10);
+  const endIsoDate = new Date(parseInt(resv.end, 10)).toISOString().slice(0, 10);
+  return {
+    id: resv.rid,
+    title: `${icons[status] || ''} ${resv.itemName || resv.itemId}`.trim(),
+    // Day-based calendar: no hours
+    allDay: true,
+    start: startIsoDate,
+    end: endIsoDate,
+    extendedProps: {
+      status,
+      uid: resv.uid,
+      itemId: resv.itemId,
+    },
+  };
 }
 
-let catalogCache = { at: 0, items: [], raw: null, ok: false, err: null };
+const api = {};
 
-async function getSettings() {
-  const settings = await meta.settings.get('calendar-onekite');
-  return settings || {};
-}
+api.getEvents = async function (req, res) {
+  const startTs = toTs(req.query.start) || 0;
+  const endTs = toTs(req.query.end) || (Date.now() + 365 * 24 * 3600 * 1000);
 
-async function getCatalogItems() {
-  const settings = await getSettings();
-  const now = Date.now();
-  if (catalogCache.ok && (now - catalogCache.at) < 5*60*1000) {
-    return catalogCache.items;
-  }
-  if (!settings.helloassoClientId || !settings.helloassoClientSecret || !settings.helloassoOrganizationSlug || !settings.helloassoFormSlug || !settings.helloassoFormType) {
-    catalogCache = { at: now, items: [], raw: null, ok: true, err: null };
-    return [];
+  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 2000);
+  const out = [];
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (!r) continue;
+    if (r.status !== 'pending' && r.status !== 'approved') continue;
+    out.push(eventFor(r));
   }
-  try {
-    const pub = await hello.getShopCatalog(settings);
-    const items = hello.extractItemsFromPublic(pub);
-    catalogCache = { at: now, items, raw: pub, ok: true, err: null };
-    return items;
-  } catch (err) {
-    catalogCache = { at: now, items: [], raw: null, ok: false, err: { message: err.message, statusCode: err.statusCode, body: err.body } };
-    return [];
-  }
-}
+  res.json(out);
+};
 
-async function getCatalog(req, res) {
-  const items = await getCatalogItems();
-  res.json({ ok: true, count: items.length, items });
-}
+api.getItems = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
 
-async function getEvents(req, res) {
-  const start = parseDateParam(req.query.start);
-  const end = parseDateParam(req.query.end);
-  const startTs = start ? start.getTime() : Date.now() - 365*86400000;
-  const endTs = end ? end.getTime() : Date.now() + 365*86400000;
-
-  const ids = await dbi.listReservationIdsByStartRange(startTs, endTs, 5000);
-  const rows = await dbi.getReservations(ids);
-
-  const events = rows.map(r => {
-    const itemNames = (r.items || []).map(it => it.name).join(', ');
-    const title = itemNames || 'Réservation';
-    const status = r.status || 'pending';
-    const icon = status === 'approved' ? '✅' : status === 'refused' ? '⛔' : '⏳';
-    return {
-      id: r.id,
-      title: `${icon} ${title}`,
-      start: toYMD(r.startTs),
-      end: toYMD(r.endTs), // end exclusive works for allDay
-      allDay: true,
-      extendedProps: {
-        status,
-        requesterUid: r.uid,
-        items: r.items || [],
-        totalCents: r.totalCents || 0,
-        days: r.days || 1,
-      }
-    };
+  const env = settings.helloassoEnv || 'prod';
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
   });
 
-  res.json(events);
-}
+  if (!token) {
+    return res.json([]);
+  }
 
-async function createReservation(req, res) {
+  // Important: the /items endpoint on HelloAsso lists *sold items*.
+  // For a shop catalog, use the /public form endpoint and extract the catalog.
+  const { items: catalog } = await helloasso.listCatalogItems({
+    env,
+    token,
+    organizationSlug: settings.helloassoOrganizationSlug,
+    formType: settings.helloassoFormType,
+    formSlug: settings.helloassoFormSlug,
+  });
+
+  const normalized = (catalog || []).map((it) => ({
+    id: it.id,
+    name: it.name,
+    price: typeof it.price === 'number' ? it.price : 0,
+  })).filter(it => it.id && it.name);
+
+  res.json(normalized);
+};
+
+api.createReservation = async function (req, res) {
   const uid = req.uid;
-  if (!uid) return res.status(403).json({ status: { code: 'forbidden', message: 'Not logged in' } });
-
-  const body = req.body || {};
-  const startYMD = body.start;
-  const endYMD = body.end;
-  const itemIds = Array.isArray(body.itemIds) ? body.itemIds.map(String) : [];
-  if (!startYMD || !endYMD) return res.status(400).json({ status: { code: 'bad-request', message: 'Missing dates' } });
-  if (!itemIds.length) return res.status(400).json({ status: { code: 'bad-request', message: 'Missing itemIds' } });
-
-  const days = daysBetweenInclusive(startYMD, endYMD);
-
-  const catalog = await getCatalogItems();
-  const chosen = [];
-  let sumPerDay = 0;
-  for (const id of itemIds) {
-    const it = catalog.find(x => x.id === id);
-    if (it) {
-      chosen.push(it);
-      sumPerDay += Number(it.priceCents || 0);
-    } else {
-      // keep unknown item with 0 price to avoid hard fail
-      chosen.push({ id, name: `Item ${id}`, priceCents: 0 });
-    }
+  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
+
+  const settings = await meta.settings.get('calendar-onekite');
+  const ok = await canRequest(uid, settings);
+  if (!ok) return res.status(403).json({ error: 'not-allowed' });
+
+  const start = parseInt(toTs(req.body.start), 10);
+  const end = parseInt(toTs(req.body.end), 10);
+  const itemId = (req.body.itemId || '').toString();
+  const itemName = (req.body.itemName || '').toString();
+
+  if (!start || !end || !itemId) {
+    return res.status(400).json({ error: 'missing-fields' });
   }
-  const totalCents = sumPerDay * days;
 
-  const id = await dbi.nextId();
-  const startTs = new Date(startYMD + 'T00:00:00Z').getTime();
-  const endTs = new Date(endYMD + 'T00:00:00Z').getTime();
+  const now = Date.now();
+  const rid = crypto.randomUUID();
 
   const resv = {
-    id,
-    uid: String(uid),
-    startTs,
-    endTs,
-    startYMD,
-    endYMD,
-    items: chosen,
-    days,
-    totalCents,
+    rid,
+    uid,
+    itemId,
+    itemName: itemName || itemId,
+    start,
+    end,
     status: 'pending',
-    createdAt: Date.now(),
+    createdAt: now,
   };
-  await dbi.saveReservation(resv);
 
-  res.json({ ok: true, reservation: resv });
-}
+  // Save
+  await dbLayer.saveReservation(resv);
 
-module.exports = {
-  getEvents,
-  getCatalog,
-  createReservation,
-  _getCatalogItems: getCatalogItems,
-  _catalogCache: () => catalogCache,
+  // Notify groups by email
+  try {
+    const notifyGroups = (settings.notifyGroups || '').split(',').map(s => s.trim()).filter(Boolean);
+    if (notifyGroups.length) {
+      const emailer = require.main.require('./src/emailer');
+      const u = await user.getUserData(uid);
+      for (const g of notifyGroups) {
+        const members = await groups.getMembers(g, 0, -1);
+        for (const m of members) {
+          const memberUid = typeof m === 'object' && m ? (m.uid || m.userId) : m;
+          const md = await user.getUserData(memberUid);
+          if (md && md.email) {
+            await emailer.send('calendar-onekite_pending', md.email, {
+              username: md.username,
+              requester: u.username,
+              itemName: resv.itemName,
+              start: new Date(start).toISOString(),
+              end: new Date(end).toISOString(),
+              rid,
+            });
+          }
+        }
+      }
+    }
+  } catch (e) {
+    // ignore email errors
+  }
+
+  res.json({ ok: true, rid });
 };
+
+module.exports = api;

package/lib/controllers.js

@@ -0,0 +1,11 @@
+'use strict';
+
+const controllers = {};
+
+controllers.renderCalendar = async function (req, res) {
+  res.render('calendar-onekite', {
+    title: 'Calendar',
+  });
+};
+
+module.exports = controllers;