nodebb-plugin-calendar-onekite 11.1.43 → 11.1.45

package/lib/admin.js

@@ -84,35 +84,52 @@ admin.approveReservation = async function (req, res) {
   // Create HelloAsso payment link if configured
   const settings = await meta.settings.get('calendar-onekite');
   const env = settings.helloassoEnv || 'prod';
-  const token = await helloasso.getAccessToken({
-    env,
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-
   let paymentUrl = null;
-  if (token) {
-    const requester = await user.getUserFields(r.uid, ['username', 'email']);
-    // r.total is stored as an estimated total in euros; HelloAsso expects cents.
-    const totalAmount = Math.max(0, Math.round((Number(r.total) || 0) * 100));
-    paymentUrl = await helloasso.createCheckoutIntent({
-      env,
-      token,
-      organizationSlug: settings.helloassoOrganizationSlug,
-      formType: settings.helloassoFormType,
-      formSlug: settings.helloassoFormSlug,
-      totalAmount,
-      payerEmail: requester && requester.email,
-      callbackUrl: 'https://api.onekite.com/helloasso',
-      itemName: 'Réservation matériel OneKite',
-      containsDonation: false,
-      metadata: { reservationId: String(rid) },
-    });
+  try {
+    const hasHelloAssoConfig = !!(
+      settings &&
+      settings.helloassoClientId &&
+      settings.helloassoClientSecret &&
+      settings.helloassoOrganizationSlug
+    );
+    if (hasHelloAssoConfig) {
+      const token = await helloasso.getAccessToken({
+        env,
+        clientId: settings.helloassoClientId,
+        clientSecret: settings.helloassoClientSecret,
+      });
+
+      if (token) {
+        const requester = await user.getUserFields(r.uid, ['username', 'email']);
+        // r.total is stored as an estimated total in euros; HelloAsso expects cents.
+        const totalAmount = Math.max(0, Math.round((Number(r.total) || 0) * 100));
+        // Default callback: forum base url if available, otherwise empty.
+        const callbackUrl =
+          (settings.helloassoCallbackUrl || (meta.config && meta.config.url ? `${meta.config.url}/helloasso` : ''));
+        paymentUrl = await helloasso.createCheckoutIntent({
+          env,
+          token,
+          organizationSlug: settings.helloassoOrganizationSlug,
+          formType: settings.helloassoFormType,
+          formSlug: settings.helloassoFormSlug,
+          totalAmount,
+          payerEmail: requester && requester.email,
+          callbackUrl,
+          itemName: 'Réservation matériel OneKite',
+          containsDonation: false,
+          metadata: { reservationId: String(rid) },
+        });
+      }
+    }
+  } catch (e) {
+    // Do not block approval if HelloAsso is not configured or temporarily unavailable.
+    console.warn('[calendar-onekite] HelloAsso error during approval (ACP)', { rid, err: String(e && e.message || e) });
   }
 
   if (paymentUrl) {
     r.paymentUrl = paymentUrl;
   } else {
+    // This is expected when HelloAsso is not configured.
     console.warn('[calendar-onekite] HelloAsso payment link not created (approve ACP)', { rid });
   }
 

package/lib/api.js

@@ -41,23 +41,6 @@ async function sendEmail(template, toEmail, subject, data) {
   }
 }
 
-async function getGroupEmails(groupNamesCsv) {
-  const names = String(groupNamesCsv || '').split(',').map(s => s.trim()).filter(Boolean);
-  if (!names.length) return [];
-  const emails = new Set();
-  for (const g of names) {
-    try {
-      const members = await groups.getMembers(g, 0, -1);
-      for (const memberUid of (members || [])) {
-        const md = await user.getUserFields(memberUid, ['email']);
-        if (md && md.email) emails.add(md.email);
-      }
-    } catch (e) {}
-  }
-  return Array.from(emails);
-}
-
-
 function overlap(aStart, aEnd, bStart, bEnd) {
   return aStart < bEnd && bStart < aEnd;
 }
@@ -88,6 +71,15 @@ async function canRequest(uid, settings) {
 }
 
 async function canValidate(uid, settings) {
+  // Always allow forum administrators (and global moderators) to validate,
+  // even if validatorGroups is empty.
+  try {
+    const isAdmin = await groups.isMember(uid, 'administrators');
+    if (isAdmin) return true;
+    const isGlobalMod = await groups.isMember(uid, 'Global Moderators');
+    if (isGlobalMod) return true;
+  } catch (e) {}
+
   const allowed = (settings.validatorGroups || '').split(',').map(s => s.trim()).filter(Boolean);
   if (!allowed.length) return false;
   for (const g of allowed) {
@@ -161,8 +153,6 @@ api.getEvents = async function (req, res) {
       ev.extendedProps.canModerate = canMod;
       ev.extendedProps.total = r.total || 0;
       ev.extendedProps.createdAt = r.createdAt || null;
-      ev.extendedProps.canCancel = !!req.uid && String(req.uid) === String(r.uid) && r.status !== 'paid';
-
       out.push(ev);
     }
   }
@@ -224,7 +214,7 @@ api.createReservation = async function (req, res) {
   }
 
   // Prevent double booking: block if any selected item overlaps with an active reservation
-  const blocking = new Set(['pending', 'awaiting_payment', 'approved', 'paid']);
+  const blocking = new Set(['pending', 'awaiting_payment', 'paid']);
   const wideStart2 = Math.max(0, start - 366 * 24 * 3600 * 1000);
   const candidateIds = await dbLayer.listReservationIdsByStartRange(wideStart2, end, 5000);
   const conflicts = [];
@@ -299,49 +289,6 @@ api.createReservation = async function (req, res) {
   res.json({ ok: true, rid });
 };
 
-api.cancelReservationByUser = async function (req, res) {
-  const uid = req.uid;
-  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
-
-  const rid = req.params.rid;
-  if (!rid) return res.status(400).json({ error: 'missing-rid' });
-
-  const r = await dbLayer.getReservation(rid);
-  if (!r) return res.status(404).json({ error: 'not-found' });
-
-  if (String(r.uid) !== String(uid)) return res.status(403).json({ error: 'forbidden' });
-  if (r.status === 'paid') return res.status(400).json({ error: 'already-paid' });
-
-  const settings = await meta.settings.get('calendar-onekite');
-  await dbLayer.removeReservation(rid);
-
-  try {
-    const requester = await user.getUserFields(uid, ['username', 'email']);
-    const itemsLabel = (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])).join(', ');
-    const validatorEmails = await getGroupEmails(settings.validatorGroups);
-
-    const data = {
-      username: requester?.username || 'Utilisateur',
-      startDate: formatFR(r.start),
-      endDate: formatFR(r.end),
-      itemsLabel,
-    };
-
-    const subject = 'Annulation de réservation de matériel';
-
-    if (requester?.email) {
-      await sendEmail('calendar-onekite_cancelled', requester.email, subject, data);
-    }
-    for (const email of validatorEmails) {
-      await sendEmail('calendar-onekite_cancelled', email, subject, data);
-    }
-  } catch (e) {
-    console.warn('[calendar-onekite] Failed to send cancellation email', e?.message || e);
-  }
-
-  return res.json({ ok: true });
-};
-
 // Validator actions (from calendar popup)
 api.approveReservation = async function (req, res) {
   const uid = req.uid;
@@ -373,7 +320,9 @@ api.approveReservation = async function (req, res) {
       // r.total is stored as an estimated total in euros; HelloAsso expects cents.
       totalAmount: Math.max(0, Math.round((Number(r.total) || 0) * 100)),
       payerEmail: payer && payer.email ? payer.email : '',
-      callbackUrl: 'https://api.onekite.com/helloasso',
+      // By default, point to the forum base url so the webhook hits this NodeBB instance.
+      // Can be overridden via ACP setting `helloassoCallbackUrl`.
+      callbackUrl: (settings2.helloassoCallbackUrl || (meta.config && meta.config.url ? `${meta.config.url}/helloasso` : '')),
       itemName: 'Réservation matériel OneKite',
       containsDonation: false,
       metadata: { reservationId: String(rid) },
@@ -422,7 +371,7 @@ api.refuseReservation = async function (req, res) {
 
   const requester = await user.getUserFields(r.uid, ['username', 'email']);
   if (requester && requester.email) {
-    await sendEmail('calendar-onekite_refused', requester.email, 'Demande de réservation matériel - Supprimée', {
+    await sendEmail('calendar-onekite_refused', requester.email, 'Demande de réservation de matériel', {
       username: requester.username,
       itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
       start: formatFR(r.start),

package/lib/helloasso.js

@@ -188,6 +188,7 @@ async function createCheckoutIntent({ env, token, organizationSlug, formType, fo
     backUrl: callbackUrl || '',
     errorUrl: callbackUrl || '',
     returnUrl: callbackUrl || '',
+    notificationUrl: callbackUrl || '',
   };
   const { status, json } = await requestJson('POST', url, { Authorization: `Bearer ${token}` }, payload);
   if (status >= 200 && status < 300 && json) {

package/lib/helloassoWebhook.js

@@ -4,12 +4,64 @@ const crypto = require('crypto');
 
 const db = require.main.require('./src/database');
 const meta = require.main.require('./src/meta');
+const user = require.main.require('./src/user');
+
+const dbLayer = require('./db');
 
 const SETTINGS_KEY = 'calendar-onekite';
 
 // Replay protection: store processed payment ids.
 const PROCESSED_KEY = 'calendar-onekite:helloasso:processedPayments';
 
+async function sendEmail(template, toEmail, subject, data) {
+  if (!toEmail) return;
+  const emailer = require.main.require('./src/emailer');
+  try {
+    if (typeof emailer.sendToEmail === 'function') {
+      await emailer.sendToEmail(template, toEmail, subject, data);
+      return;
+    }
+    if (typeof emailer.send === 'function') {
+      if (emailer.send.length >= 4) {
+        await emailer.send(template, toEmail, subject, data);
+        return;
+      }
+      if (emailer.send.length === 3) {
+        await emailer.send(template, toEmail, data);
+        return;
+      }
+      await emailer.send(template, toEmail, subject, data);
+    }
+  } catch (err) {
+    // eslint-disable-next-line no-console
+    console.warn('[calendar-onekite] Failed to send email (webhook)', { template, toEmail, err: String(err && err.message || err) });
+  }
+}
+
+function formatFR(tsOrIso) {
+  const d = new Date(tsOrIso);
+  const dd = String(d.getDate()).padStart(2, '0');
+  const mm = String(d.getMonth() + 1).padStart(2, '0');
+  const yyyy = d.getFullYear();
+  return `${dd}/${mm}/${yyyy}`;
+}
+
+function getReservationIdFromPayload(payload) {
+  try {
+    const metaObj = payload && payload.data ? payload.data.meta : null;
+    if (!metaObj) return null;
+    if (typeof metaObj === 'object' && metaObj.reservationId) return String(metaObj.reservationId);
+    // Some systems send meta as array of key/value pairs
+    if (Array.isArray(metaObj)) {
+      const found = metaObj.find((x) => x && (x.key === 'reservationId' || x.name === 'reservationId'));
+      if (found && (found.value || found.val)) return String(found.value || found.val);
+    }
+  } catch (e) {
+    // ignore
+  }
+  return null;
+}
+
 function timingSafeHexEqual(aHex, bHex) {
   if (!aHex || !bHex) return false;
   try {
@@ -121,6 +173,51 @@ function isConfirmedPayment(payload) {
   }
 }
 
+async function sendEmail(template, toEmail, subject, data) {
+  if (!toEmail) return;
+  const emailer = require.main.require('./src/emailer');
+  try {
+    if (typeof emailer.sendToEmail === 'function') {
+      await emailer.sendToEmail(template, toEmail, subject, data);
+      return;
+    }
+    if (typeof emailer.send === 'function') {
+      if (emailer.send.length >= 4) {
+        await emailer.send(template, toEmail, subject, data);
+        return;
+      }
+      if (emailer.send.length === 3) {
+        await emailer.send(template, toEmail, data);
+        return;
+      }
+      await emailer.send(template, toEmail, subject, data);
+    }
+  } catch (err) {
+    // eslint-disable-next-line no-console
+    console.warn('[calendar-onekite] Failed to send email (webhook)', { template, toEmail, err: String(err && err.message || err) });
+  }
+}
+
+function formatFR(tsOrIso) {
+  const d = new Date(tsOrIso);
+  const dd = String(d.getDate()).padStart(2, '0');
+  const mm = String(d.getMonth() + 1).padStart(2, '0');
+  const yyyy = d.getFullYear();
+  return `${dd}/${mm}/${yyyy}`;
+}
+
+function getReservationIdFromPayload(payload) {
+  try {
+    const m = payload && payload.data ? payload.data.meta : null;
+    if (!m) return null;
+    if (typeof m === 'object' && m.reservationId) return String(m.reservationId);
+    if (typeof m === 'object' && m.reservationID) return String(m.reservationID);
+    return null;
+  } catch (e) {
+    return null;
+  }
+}
+
 /**
  * Hardened HelloAsso webhook handler.
  * - Requires x-ha-signature (HMAC SHA-256) verification.
@@ -154,10 +251,40 @@ async function handler(req, res, next) {
       return res.json({ ok: true, duplicate: true });
     }
 
-    // We don't process reservation state updates here in this zip yet.
-    // We only harden the webhook and prevent duplicates.
-    await markProcessed(paymentId);
+    const rid = getReservationIdFromPayload(payload);
+    if (!rid) {
+      await markProcessed(paymentId);
+      return res.json({ ok: true, processed: true, missingReservationId: true });
+    }
+
+    const r = await dbLayer.getReservation(rid);
+    if (!r) {
+      await markProcessed(paymentId);
+      return res.json({ ok: true, processed: true, reservationNotFound: true });
+    }
 
+    // Mark as paid and persist payment metadata.
+    r.status = 'paid';
+    r.paidAt = Date.now();
+    r.paymentId = paymentId ? String(paymentId) : '';
+    if (payload.data && payload.data.paymentReceiptUrl) {
+      r.paymentReceiptUrl = String(payload.data.paymentReceiptUrl);
+    }
+    await dbLayer.saveReservation(r);
+
+    // Notify requester
+    const requester = await user.getUserFields(r.uid, ['username', 'email']);
+    if (requester && requester.email) {
+      await sendEmail('calendar-onekite_paid', requester.email, 'Demande de réservation de matériel', {
+        username: requester.username,
+        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
+        start: formatFR(r.start),
+        end: formatFR(r.end),
+        paymentReceiptUrl: r.paymentReceiptUrl || '',
+      });
+    }
+
+    await markProcessed(paymentId);
     return res.json({ ok: true, processed: true });
   } catch (err) {
     return next(err);

package/lib/scheduler.js

@@ -5,9 +5,10 @@ const dbLayer = require('./db');
 
 let timer = null;
 
+// Pending holds: short lock after a user creates a request (defaults to 5 minutes)
 async function expirePending() {
   const settings = await meta.settings.get('calendar-onekite');
-  const holdMins = parseInt(settings.pendingHoldMinutes || settings.holdMinutes || '5', 10) || 5;
+  const holdMins = parseInt(settings.pendingHoldMinutes || '5', 10) || 5;
   const now = Date.now();
 
   const ids = await dbLayer.listAllReservationIds(5000);
@@ -29,10 +30,105 @@ async function expirePending() {
   }
 }
 
+// Payment window logic:
+// - When a reservation is validated it becomes awaiting_payment
+// - We send a reminder after `paymentHoldMinutes` (default 60)
+// - We expire (and remove) after `2 * paymentHoldMinutes`
+async function processAwaitingPayment() {
+  const settings = await meta.settings.get('calendar-onekite');
+  const holdMins = parseInt(settings.paymentHoldMinutes || settings.holdMinutes || '60', 10) || 60;
+  const now = Date.now();
+
+  const ids = await dbLayer.listAllReservationIds(5000);
+  if (!ids || !ids.length) return;
+
+  const emailer = require.main.require('./src/emailer');
+  const user = require.main.require('./src/user');
+
+  async function sendEmail(template, toEmail, subject, data) {
+    if (!toEmail) return;
+    try {
+      if (typeof emailer.sendToEmail === 'function') {
+        await emailer.sendToEmail(template, toEmail, subject, data);
+        return;
+      }
+      if (typeof emailer.send === 'function') {
+        if (emailer.send.length >= 4) {
+          await emailer.send(template, toEmail, subject, data);
+          return;
+        }
+        if (emailer.send.length === 3) {
+          await emailer.send(template, toEmail, data);
+          return;
+        }
+        await emailer.send(template, toEmail, subject, data);
+      }
+    } catch (err) {
+      // eslint-disable-next-line no-console
+      console.warn('[calendar-onekite] Failed to send email (scheduler)', { template, toEmail, err: String(err && err.message || err) });
+    }
+  }
+
+  function formatFR(ts) {
+    const d = new Date(ts);
+    const dd = String(d.getDate()).padStart(2, '0');
+    const mm = String(d.getMonth() + 1).padStart(2, '0');
+    const yyyy = d.getFullYear();
+    return `${dd}/${mm}/${yyyy}`;
+  }
+
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (!r || r.status !== 'awaiting_payment') continue;
+
+    const approvedAt = parseInt(r.approvedAt || r.validatedAt || 0, 10) || 0;
+    if (!approvedAt) continue;
+
+    const reminderAt = approvedAt + holdMins * 60 * 1000;
+    const expireAt = approvedAt + 2 * holdMins * 60 * 1000;
+
+    if (!r.reminderSent && now >= reminderAt && now < expireAt) {
+      // Send reminder once
+      const u = await user.getUserFields(r.uid, ['username', 'email']);
+      if (u && u.email) {
+        await sendEmail('calendar-onekite_reminder', u.email, 'Demande de réservation de matériel', {
+          username: u.username,
+          itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
+          start: formatFR(r.start),
+          end: formatFR(r.end),
+          paymentUrl: r.paymentUrl || '',
+          delayMinutes: holdMins,
+          pickupLine: r.pickupTime ? (r.adminNote ? `${r.pickupTime} à ${r.adminNote}` : r.pickupTime) : '',
+        });
+      }
+      r.reminderSent = true;
+      r.reminderAt = now;
+      await dbLayer.saveReservation(r);
+      continue;
+    }
+
+    if (now >= expireAt) {
+      // Expire: remove reservation so it disappears from calendar and frees items
+      const u = await user.getUserFields(r.uid, ['username', 'email']);
+      if (u && u.email) {
+        await sendEmail('calendar-onekite_expired', u.email, 'Demande de réservation de matériel', {
+          username: u.username,
+          itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
+          start: formatFR(r.start),
+          end: formatFR(r.end),
+          delayMinutes: holdMins,
+        });
+      }
+      await dbLayer.removeReservation(rid);
+    }
+  }
+}
+
 function start() {
   if (timer) return;
   timer = setInterval(() => {
     expirePending().catch(() => {});
+    processAwaitingPayment().catch(() => {});
   }, 60 * 1000);
 }
 
@@ -47,4 +143,5 @@ module.exports = {
   start,
   stop,
   expirePending,
+  processAwaitingPayment,
 };

package/library.js

@@ -12,13 +12,13 @@ const api = require('./lib/api');
 const admin = require('./lib/admin');
 const scheduler = require('./lib/scheduler');
 const helloassoWebhook = require('./lib/helloassoWebhook');
+const bodyParser = require('body-parser');
 
 const Plugin = {};
 
 const isFn = (fn) => typeof fn === 'function';
 const mw = (...fns) => fns.filter(isFn);
 
-
 Plugin.init = async function (params) {
   const { router, middleware } = params;
 
@@ -68,11 +68,6 @@ Plugin.init = async function (params) {
     router.post(p, ...publicAuth, api.createReservation);
   });
 
-  ['/api/v3/plugins/calendar-onekite/reservations/:rid', '/api/plugins/calendar-onekite/reservations/:rid'].forEach((p) => {
-    router.delete(p, ...publicAuth, api.cancelReservationByUser);
-  });
-
-
   // Validator actions from the calendar popup (requires login + validatorGroups)
   ['/api/v3/plugins/calendar-onekite/reservations/:rid/approve', '/api/plugins/calendar-onekite/reservations/:rid/approve'].forEach((p) => {
     router.put(p, ...publicAuth, api.approveReservation);
@@ -100,7 +95,14 @@ Plugin.init = async function (params) {
   // - Only accepts POST
   // - Verifies x-ha-signature (HMAC SHA-256) using the configured client secret
   // - Basic replay protection
-  router.post('/helloasso', helloassoWebhook.handler);
+  // NOTE: we capture the raw body for signature verification.
+  const helloassoJson = bodyParser.json({
+    verify: (req, _res, buf) => {
+      req.rawBody = buf;
+    },
+    type: ['application/json', 'application/*+json'],
+  });
+  router.post('/helloasso', helloassoJson, helloassoWebhook.handler);
 
   // Optional: keep GET for simple health-checks without exposing processing.
   router.get('/helloasso', (req, res) => res.json({ ok: true }));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-calendar-onekite",
-  "version": "11.1.43",
+  "version": "11.1.45",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/plugin.json

@@ -3,7 +3,7 @@
   "name": "Calendar OneKite",
   "description": "Equipment reservation calendar (FullCalendar) with admin approval & HelloAsso checkout",
   "url": "https://www.onekite.com/calendar",
-  "main": "./library.js",
+  "library": "./library.js",
   "hooks": [
     { "hook": "static:app.load", "method": "init" },
     { "hook": "filter:admin.header.build", "method": "addAdminNavigation" }

package/public/admin.js

@@ -106,7 +106,16 @@ define('admin/plugins/calendar-onekite', ['alerts', 'bootbox'], function (alerts
           return out;
         })().map(t => `<option value="${t}">${t}</option>`).join('');
 
+        const itemNames = Array.isArray(r.itemNames) && r.itemNames.length
+          ? r.itemNames
+          : [r.itemName || r.itemId].filter(Boolean);
+        const itemsHtml = itemNames.length
+          ? `<ul class="mb-3">${itemNames.map(n => `<li>${escapeHtml(String(n))}</li>`).join('')}</ul>`
+          : '';
+
         const html = `
+          <div class="mb-2"><strong>Matériels</strong></div>
+          ${itemsHtml}
           <div class="mb-3">
             <label class="form-label">Note (lieu de récupération)</label>
             <textarea class="form-control" id="onekite-admin-note" placeholder="Matériel à récupérer à l'adresse : ..."></textarea>

package/public/client.js

@@ -273,7 +273,6 @@ define('forum/calendar-onekite', ['alerts', 'bootbox', 'hooks'], function (alert
         const period = `${formatDt(ev.start)} → ${formatDt(ev.end)}`;
 
         const canModerate = !!p.canModerate;
-        const canCancel = !!p.canCancel;
         const isPending = status === 'pending';
 
         const baseHtml = `
@@ -313,7 +312,16 @@ define('forum/calendar-onekite', ['alerts', 'bootbox', 'hooks'], function (alert
                 }
                 return out;
               })().map(t => `<option value="${t}">${t}</option>`).join('');
+              const items = Array.isArray(p.itemNames) && p.itemNames.length
+                ? p.itemNames
+                : (itemsLabel ? String(itemsLabel).split(',').map(s => s.trim()).filter(Boolean) : []);
+              const itemsHtml = items.length
+                ? `<ul class="mb-3">${items.map(n => `<li>${String(n).replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;')}</li>`).join('')}</ul>`
+                : '';
+
               const html = `
+                <div class="mb-2"><strong>Matériels</strong></div>
+                ${itemsHtml}
                 <div class="mb-3">
                   <label class="form-label">Note (incluse dans l'email)</label>
                   <textarea class="form-control" id="onekite-admin-note" rows="3" placeholder="Matériel à récupérer à l'adresse : ..."></textarea>
@@ -347,21 +355,6 @@ define('forum/calendar-onekite', ['alerts', 'bootbox', 'hooks'], function (alert
               });
             },
           };
-        if (canCancel) {
-          buttons.cancelUser = {
-            label: 'Annuler la réservation',
-            className: 'btn-outline-danger',
-            callback: async () => {
-              const ok = await new Promise((resolve) => bootbox.confirm('Voulez-vous vraiment annuler cette réservation ?', resolve));
-              if (!ok) return;
-
-              await fetchJson(`/api/v3/plugins/calendar-onekite/reservations/${rid}`, { method: 'DELETE' });
-              showAlert('success', 'Réservation annulée.');
-              calendar.refetchEvents();
-            },
-  };
-}
-
         }
 
         bootbox.dialog({

package/templates/emails/calendar-onekite_expired.tpl

@@ -0,0 +1,13 @@
+<p>Bonjour {username},</p>
+
+<p>Paiement non reçu dans le délai de {delayMinutes} minutes après relance.</p>
+
+<p>La réservation a été annulée et le matériel est de nouveau réservable.</p>
+
+<p>
+<strong>Matériel :</strong> {itemName}<br>
+<strong>Du :</strong> {start}<br>
+<strong>Au :</strong> {end}
+</p>
+
+<p>Merci,<br>OneKite</p>

package/templates/emails/calendar-onekite_paid.tpl

@@ -0,0 +1,15 @@
+<p>Bonjour {username},</p>
+
+<p>Votre paiement a bien été reçu. Votre réservation est désormais <strong>payée</strong>.</p>
+
+<p>
+<strong>Matériel :</strong> {itemName}<br>
+<strong>Du :</strong> {start}<br>
+<strong>Au :</strong> {end}
+</p>
+
+<!-- IF paymentReceiptUrl -->
+<p>Reçu de paiement : {paymentReceiptUrl}</p>
+<!-- ENDIF paymentReceiptUrl -->
+
+<p>Merci,<br>OneKite</p>

package/templates/emails/calendar-onekite_reminder.tpl

@@ -0,0 +1,21 @@
+<p>Bonjour {username},</p>
+
+<p>Rappel : votre réservation a été validée mais le paiement n'a pas encore été reçu.</p>
+
+<p>
+<strong>Matériel :</strong> {itemName}<br>
+<strong>Du :</strong> {start}<br>
+<strong>Au :</strong> {end}
+</p>
+
+<!-- IF pickupLine -->
+<p><strong>Heure de récupération :</strong> {pickupLine}</p>
+<!-- ENDIF pickupLine -->
+
+<!-- IF paymentUrl -->
+<p>Lien de paiement : {paymentUrl}</p>
+<!-- ENDIF paymentUrl -->
+
+<p>Merci d'effectuer le paiement sous {delayMinutes} minutes, sinon la réservation sera annulée.</p>
+
+<p>Merci,<br>OneKite</p>

package/templates/emails/calendar-onekite_cancelled.tpl

@@ -1,11 +0,0 @@
-Bonjour {username},
-
-Votre réservation de matériel a été annulée.
-
-Matériel : {itemsLabel}
-Dates : du {startDate} au {endDate}
-
-Le matériel est de nouveau réservable.
-
---
-OneKite