nodebb-plugin-calendar-onekite 11.1.33 → 11.1.34

package/lib/admin.js

@@ -1,135 +1,249 @@
-
 'use strict';
 
 const meta = require.main.require('./src/meta');
-const User = require.main.require('./src/user');
+const user = require.main.require('./src/user');
+const emailer = require.main.require('./src/emailer');
+
+const dbLayer = require('./db');
 const helloasso = require('./helloasso');
-const reservationDb = require('./db');
-const { csvToList, toDateOnlyISO } = require('./utils');
 
-async function getSettings(req, res) {
-  const s = await meta.settings.get('calendar-onekite');
-  if (s && s.helloassoClientSecret) {
-    s.helloassoClientSecret = '***';
-  }
-  res.json({ ok:true, settings: s || {} });
-}
-
-async function saveSettings(req, res) {
-  const payload = req.body || {};
-  const normalizeCsv = (v) => String(v || '').split(',').map(s => s.trim()).filter(Boolean).join(',');
-
-  const current = await meta.settings.get('calendar-onekite') || {};
-  const toSave = {
-    helloassoEnv: payload.helloassoEnv || current.helloassoEnv || 'sandbox',
-    helloassoClientId: payload.helloassoClientId ?? current.helloassoClientId ?? '',
-    helloassoOrganizationSlug: payload.helloassoOrganizationSlug ?? current.helloassoOrganizationSlug ?? '',
-    helloassoFormType: payload.helloassoFormType || current.helloassoFormType || 'shop',
-    helloassoFormSlug: payload.helloassoFormSlug ?? current.helloassoFormSlug ?? '',
-
-    creatorGroups: normalizeCsv(payload.creatorGroups ?? current.creatorGroups),
-    validatorGroups: normalizeCsv(payload.validatorGroups ?? current.validatorGroups),
-    notifyGroups: normalizeCsv(payload.notifyGroups ?? current.notifyGroups),
-
-    holdMinutes: Math.max(1, parseInt(payload.holdMinutes ?? current.holdMinutes, 10) || 5),
-  };
+const ADMIN_PRIV = 'admin:settings';
 
-  // secret only if provided and not masked
-  if (payload.helloassoClientSecret && payload.helloassoClientSecret !== '***') {
-    toSave.helloassoClientSecret = payload.helloassoClientSecret;
-  } else if (current.helloassoClientSecret) {
-    toSave.helloassoClientSecret = current.helloassoClientSecret;
-  }
+const admin = {};
+
+admin.renderAdmin = async function (req, res) {
+  res.render('admin/plugins/calendar-onekite', {
+    title: 'Calendar OneKite',
+  });
+};
 
-  await meta.settings.set('calendar-onekite', toSave);
-  res.json({ ok:true });
-}
+admin.getSettings = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
+  res.json(settings || {});
+};
 
-async function listPending(req, res) {
-  // Fetch by broad range (last 2 years) and filter pending
-  const now = Date.now();
-  const ids = await reservationDb.listReservationIdsByStartRange(now - 86400000*365*2, now + 86400000*365*2);
+admin.saveSettings = async function (req, res) {
+  await meta.settings.set('calendar-onekite', req.body || {});
+  res.json({ ok: true });
+};
+
+admin.listPending = async function (req, res) {
+  const ids = await dbLayer.listAllReservationIds(5000);
   const pending = [];
   for (const rid of ids) {
-    const r = await reservationDb.getReservation(rid);
-    if (!r) continue;
-    if (r.status !== 'pending') continue;
-    const user = await User.getUserFields(Number(r.uid), ['username']);
-    pending.push({
-      rid,
-      username: user?.username || '',
-      itemName: r.itemName,
-      startDate: toDateOnlyISO(Number(r.startTs)),
-      endDate: toDateOnlyISO(Number(r.endTs)),
-      status: r.status,
+    const r = await dbLayer.getReservation(rid);
+    if (r && r.status === 'pending') {
+      pending.push(r);
+    }
+  }
+  pending.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
+  res.json(pending);
+};
+
+admin.approveReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'approved';
+
+  // Create HelloAsso payment link if configured
+  const settings = await meta.settings.get('calendar-onekite');
+  const env = settings.helloassoEnv || 'prod';
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+
+  let paymentUrl = null;
+  if (token) {
+    const requester = await user.getUserData(r.uid);
+    // Determine amount from HelloAsso items (pricing comes from HelloAsso)
+    let totalAmount = 0;
+    try {
+      const items = await helloasso.listItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: settings.helloassoFormSlug,
+      });
+      const normalized = (items || []).map((it) => ({
+        id: String(it.id || it.itemId || it.reference || it.name),
+        price: it.price || it.amount || it.unitPrice || 0,
+      })).filter(it => it.id);
+      const match = normalized.find(it => it.id === String(r.itemId));
+      totalAmount = match ? parseInt(match.price, 10) || 0 : 0;
+    } catch (e) {
+      totalAmount = 0;
+    }
+
+    if (!totalAmount) {
+      return res.status(400).json({ error: 'item-price-not-found' });
+    }
+    paymentUrl = await helloasso.createCheckoutIntent({
+      env,
+      token,
+      organizationSlug: settings.helloassoOrganizationSlug,
+      formType: settings.helloassoFormType,
+      formSlug: settings.helloassoFormSlug,
+      totalAmount,
+      payerEmail: requester && requester.email,
     });
   }
-  res.json({ ok:true, pending });
-}
 
-async function approveReservation(req, res) {
-  const api = require('./api');
-  return api.approveReservation(req, res);
-}
+  if (paymentUrl) {
+    r.paymentUrl = paymentUrl;
+  }
 
-async function refuseReservation(req, res) {
-  const api = require('./api');
-  return api.refuseReservation(req, res);
-}
+  await dbLayer.saveReservation(r);
 
-async function purgeByYear(req, res) {
-  const year = String(req.body.year || '').trim();
+  // Email requester
+  try {
+    const requester = await user.getUserData(r.uid);
+    if (requester && requester.email) {
+      await emailer.send('calendar-onekite_approved', requester.email, {
+        username: requester.username,
+        itemName: r.itemName,
+        start: new Date(parseInt(r.start, 10)).toISOString(),
+        end: new Date(parseInt(r.end, 10)).toISOString(),
+        paymentUrl: paymentUrl || '',
+      });
+    }
+  } catch (e) {}
+
+  res.json({ ok: true, paymentUrl: paymentUrl || null });
+};
+
+admin.refuseReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'refused';
+  await dbLayer.saveReservation(r);
+
+  try {
+    const requester = await user.getUserData(r.uid);
+    if (requester && requester.email) {
+      await emailer.send('calendar-onekite_refused', requester.email, {
+        username: requester.username,
+        itemName: r.itemName,
+        start: new Date(parseInt(r.start, 10)).toISOString(),
+        end: new Date(parseInt(r.end, 10)).toISOString(),
+      });
+    }
+  } catch (e) {}
+
+  res.json({ ok: true });
+};
+
+admin.purgeByYear = async function (req, res) {
+  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
   if (!/^\d{4}$/.test(year)) {
-    return res.status(400).json({ ok:false, error:'invalid-year' });
+    return res.status(400).json({ error: 'invalid-year' });
   }
   const y = parseInt(year, 10);
-  const start = Date.UTC(y,0,1,0,0,0,0);
-  const end = Date.UTC(y+1,0,1,0,0,0,0);
+  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
+  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
 
-  const ids = await reservationDb.listReservationIdsByStartRange(start, end, 100000);
+  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 100000);
+  let count = 0;
   for (const rid of ids) {
-    const r = await reservationDb.getReservation(rid);
-    if (!r) continue;
-    const st = Number(r.startTs);
-    if (st >= start && st < end) await reservationDb.deleteReservation(rid);
+    await dbLayer.removeReservation(rid);
+    count++;
   }
-  res.json({ ok:true, purged: ids.length });
-}
+  res.json({ ok: true, removed: count });
+};
+
+// Debug endpoint to validate HelloAsso connectivity and item loading
+admin.debugHelloAsso = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
+  const env = (settings && settings.helloassoEnv) || 'prod';
+
+  // Never expose secrets in debug output
+  const safeSettings = {
+    helloassoEnv: env,
+    helloassoClientId: settings && settings.helloassoClientId ? String(settings.helloassoClientId) : '',
+    helloassoClientSecret: settings && settings.helloassoClientSecret ? '***' : '',
+    helloassoOrganizationSlug: settings && settings.helloassoOrganizationSlug ? String(settings.helloassoOrganizationSlug) : '',
+    helloassoFormType: settings && settings.helloassoFormType ? String(settings.helloassoFormType) : '',
+    helloassoFormSlug: settings && settings.helloassoFormSlug ? String(settings.helloassoFormSlug) : '',
+  };
+
+  const out = {
+    ok: true,
+    settings: safeSettings,
+    token: { ok: false },
+    // Catalog = what you actually want for a shop (available products/material)
+    catalog: { ok: false, count: 0, sample: [], keys: [] },
+    // Sold items = items present in orders (can be 0 if no sales yet)
+    soldItems: { ok: false, count: 0, sample: [] },
+  };
 
-async function debugHelloAsso(req, res) {
-  const s = await meta.settings.get('calendar-onekite') || {};
-  const safe = { ...s, helloassoClientSecret: s.helloassoClientSecret ? '***' : '' };
   try {
-    const tokenOk = !!(await helloasso.getToken(s));
-    const cat = await helloasso.getCatalog(s);
-    res.json({
-      ok:true,
-      settings: safe,
-      token: { ok: tokenOk },
-      items: { ok:true, count: (cat.items||[]).length, sample: (cat.items||[]).slice(0,10) }
+    const token = await helloasso.getAccessToken({
+      env,
+      clientId: settings.helloassoClientId,
+      clientSecret: settings.helloassoClientSecret,
     });
+    if (!token) {
+      out.token = { ok: false, error: 'token-null' };
+      return res.json(out);
+    }
+    out.token = { ok: true };
+
+    // Catalog items (via /public)
+    try {
+      const { publicForm, items } = await helloasso.listCatalogItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: settings.helloassoFormSlug,
+      });
+
+      const arr = Array.isArray(items) ? items : [];
+      out.catalog.ok = true;
+      out.catalog.count = arr.length;
+      out.catalog.keys = publicForm && typeof publicForm === 'object' ? Object.keys(publicForm) : [];
+      out.catalog.sample = arr.slice(0, 10).map((it) => ({
+        id: it.id,
+        name: it.name,
+        price: it.price ?? null,
+      }));
+    } catch (e) {
+      out.catalog = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [], keys: [] };
+    }
+
+    // Sold items
+    try {
+      const items = await helloasso.listItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: settings.helloassoFormSlug,
+      });
+      const arr = Array.isArray(items) ? items : [];
+      out.soldItems.ok = true;
+      out.soldItems.count = arr.length;
+      out.soldItems.sample = arr.slice(0, 10).map((it) => ({
+        id: it.id || it.itemId || it.reference || it.name,
+        name: it.name || it.label || it.itemName,
+        price: it.price || it.amount || it.unitPrice || null,
+      }));
+    } catch (e) {
+      out.soldItems = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [] };
+    }
+
+    return res.json(out);
   } catch (e) {
-    res.json({
-      ok:true,
-      settings: safe,
-      token: { ok:false },
-      items: { ok:false, count: 0, sample: [] },
-      error: String(e && e.message || e),
-    });
+    out.ok = false;
+    out.token = { ok: false, error: String(e && e.message ? e.message : e) };
+    return res.json(out);
   }
-}
-
-async function renderAdmin(req, res) {
-  res.render('admin/plugins/calendar-onekite', {});
-}
-
-module.exports = {
-  renderAdmin,
-  getSettings,
-  saveSettings,
-  listPending,
-  approveReservation,
-  refuseReservation,
-  purgeByYear,
-  debugHelloAsso,
 };
+
+module.exports = admin;