npm - nodebb-plugin-calendar-onekite - Versions diffs - 11.1.6 → 11.1.7 - Mend

nodebb-plugin-calendar-onekite 11.1.6 → 11.1.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (19) hide show

package/README.md +36 -1
package/lib/admin.js +89 -56
package/lib/api.js +132 -64
package/lib/controllers.js +7 -5
package/lib/db.js +99 -38
package/lib/helloasso.js +86 -133
package/lib/scheduler.js +23 -15
package/lib/settings.js +23 -21
package/library.js +26 -40
package/package.json +12 -5
package/plugin.json +14 -7
package/public/admin.js +181 -78
package/public/calendar-onekite.scss +8 -2
package/public/client.js +162 -59
package/templates/admin/plugins/calendar-onekite.tpl +100 -71
package/templates/calendar-onekite/calendar.tpl +23 -10
package/templates/emails/calendar-onekite-approved.tpl +8 -7
package/templates/emails/calendar-onekite-pending.tpl +9 -7
package/templates/emails/calendar-onekite-refused.tpl +9 -6

package/README.md CHANGED Viewed

@@ -1,3 +1,38 @@
 # nodebb-plugin-calendar-onekite
-Calendar reservations with admin validation.
+Plugin NodeBB (v4.7.x) : calendrier de réservation de matériel basé sur FullCalendar, workflow de validation via ACP, et génération de lien de paiement HelloAsso.
+## Installation
+Dans le dossier NodeBB :
+```bash
+npm install /path/to/nodebb-plugin-calendar-onekite
+# ou si vous avez un zip, dézippez dans node_modules puis :
+./nodebb build
+./nodebb restart
+```
+Activez ensuite le plugin dans l’ACP.
+## Page
+- URL : `/calendar` (ex: https://www.onekite.com/calendar)
+## Paramètres ACP
+ACP → Plugins → Calendar OneKite
+- `allowedGroups` : groupes autorisés à créer une demande (séparés par virgules)
+- `notifyGroups` : groupes notifiés par email
+- `pendingHoldMinutes` : durée de blocage d’une demande en attente
+- HelloAsso :
+  - `helloassoEnv` : sandbox/prod
+  - `helloassoClientId` / `helloassoClientSecret`
+  - `helloassoOrganizationSlug` / `helloassoFormType` / `helloassoFormSlug`
+  - `helloassoReturnUrl` (optionnel)
+## Notes
+- Les demandes sont créées en statut `pending` puis expirent automatiquement après `pendingHoldMinutes`.
+- La validation admin crée un checkout-intent HelloAsso et envoie le lien de paiement au demandeur.

package/lib/admin.js CHANGED Viewed

@@ -1,97 +1,130 @@
 'use strict';
-const Settings = require('./settings');
-const DB = require('./db');
-const HelloAsso = require('./helloasso');
-const user = require.main.require('./src/user');
 const emailer = require.main.require('./src/emailer');
+const users = require.main.require('./src/user');
+const { settings, defaults } = require('./settings');
+const db = require('./db');
+const helloasso = require('./helloasso');
+const { parseGroups, sendEmailToGroups } = require('./api');
 async function renderAdmin(req, res) {
-  const settings = await Settings.get();
   res.render('admin/plugins/calendar-onekite', {
     title: 'Calendar OneKite',
-    settings,
   });
 }
 async function getSettings(req, res) {
-  const s = await Settings.get();
-  res.json({ settings: s });
+  const s = await settings.get();
+  res.json({ settings: { ...defaults, ...s } });
 }
 async function saveSettings(req, res) {
-  const saved = await Settings.set(req.body || {});
-  res.json({ settings: saved });
+  const body = req.body || {};
+  // Basic sanitization
+  const clean = {
+    allowedGroups: String(body.allowedGroups || '').trim(),
+    notifyGroups: String(body.notifyGroups || '').trim(),
+    pendingHoldMinutes: Math.max(1, parseInt(body.pendingHoldMinutes, 10) || 5),
+    cleanupIntervalSeconds: Math.max(10, parseInt(body.cleanupIntervalSeconds, 10) || 60),
+    helloassoEnv: (body.helloassoEnv === 'prod') ? 'prod' : 'sandbox',
+    helloassoClientId: String(body.helloassoClientId || '').trim(),
+    helloassoClientSecret: String(body.helloassoClientSecret || '').trim(),
+    helloassoOrganizationSlug: String(body.helloassoOrganizationSlug || '').trim(),
+    helloassoFormType: String(body.helloassoFormType || 'event').trim(),
+    helloassoFormSlug: String(body.helloassoFormSlug || '').trim(),
+    helloassoReturnUrl: String(body.helloassoReturnUrl || '').trim(),
+    showUsernamesOnCalendar: !!body.showUsernamesOnCalendar,
+  };
+  await settings.set(clean);
+  res.json({ ok: true, settings: clean });
 }
-async function listRequests(req, res) {
-  const events = await DB.getEventsAll();
-  const pending = events.filter(e => e.status === 'pending');
-  res.json({ requests: pending });
+async function listPending(req, res) {
+  const pending = await db.listPending(200);
+  res.json({ pending });
 }
-async function approveRequest(req, res) {
-  const id = req.params.id;
-  const ev = await DB.getEvent(id);
-  if (!ev) return res.status(404).json({ error: 'not-found' });
-  ev.status = 'approved';
+async function approveReservation(req, res) {
+  const rid = req.params.rid;
+  const reservation = await db.getReservation(rid);
+  if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
+  if (reservation.status !== 'pending') return res.status(400).json({ error: 'Statut incompatible' });
-  // Try create payment url
-  const payUrl = await HelloAsso.createCheckoutIntent(Number(ev.amountCents || 0), {
-    eventId: ev.id,
+  const buyer = await users.getUserFields(reservation.uid, ['username', 'email', 'fullname']);
+  let paymentUrl = '';
+  try {
+    const checkout = await helloasso.createCheckoutIntent(reservation, {
+      username: buyer.username,
+      email: buyer.email,
+    });
+    paymentUrl = checkout.paymentUrl;
+  } catch (e) {
+    return res.status(500).json({ error: `HelloAsso: ${e.message}` });
+  }
+  const updated = await db.updateReservation(rid, {
+    status: 'approved',
+    paymentUrl,
+    adminUid: String(req.uid),
+    adminActionAt: String(Date.now()),
   });
-  ev.paymentUrl = payUrl || '';
-  await DB.saveEvent(ev);
-  // email requester
   try {
-    const u = await user.getUserFields(ev.uid, ['username', 'email']);
-    await emailer.send('calendar-onekite-approved', u.email, {
-      username: u.username,
-      paymentUrl: payUrl || '',
-      start: new Date(Number(ev.start)).toISOString(),
-      end: new Date(Number(ev.end)).toISOString(),
+    await emailer.send('calendar-onekite-approved', reservation.uid, {
+      subject: `[NodeBB] Réservation validée — paiement`,
+      reservation: updated,
+      paymentUrl,
+      url: paymentUrl,
+      site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
     });
-  } catch (e) {}
+  } catch (e) { /* ignore */ }
-  res.json({ ok: true, paymentUrl: payUrl || '' });
+  res.json({ ok: true, reservation: updated });
 }
-async function refuseRequest(req, res) {
-  const id = req.params.id;
-  const ev = await DB.getEvent(id);
-  if (!ev) return res.status(404).json({ error: 'not-found' });
-  ev.status = 'refused';
-  await DB.saveEvent(ev);
+async function refuseReservation(req, res) {
+  const rid = req.params.rid;
+  const note = String((req.body && req.body.note) || '').trim();
+  const reservation = await db.getReservation(rid);
+  if (!reservation) return res.status(404).json({ error: 'Réservation introuvable' });
+  if (reservation.status !== 'pending') return res.status(400).json({ error: 'Statut incompatible' });
+  const updated = await db.updateReservation(rid, {
+    status: 'refused',
+    adminUid: String(req.uid),
+    adminActionAt: String(Date.now()),
+    adminNote: note,
+  });
   try {
-    const u = await user.getUserFields(ev.uid, ['username', 'email']);
-    await emailer.send('calendar-onekite-refused', u.email, {
-      username: u.username,
-      start: new Date(Number(ev.start)).toISOString(),
-      end: new Date(Number(ev.end)).toISOString(),
+    await emailer.send('calendar-onekite-refused', reservation.uid, {
+      subject: `[NodeBB] Réservation refusée`,
+      reservation: updated,
+      note,
+      site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
     });
-  } catch (e) {}
+  } catch (e) { /* ignore */ }
-  res.json({ ok: true });
+  res.json({ ok: true, reservation: updated });
 }
 async function purgeByYear(req, res) {
-  const year = req.body && req.body.year;
-  if (!year || !/^\d{4}$/.test(String(year))) return res.status(400).json({ error: 'bad-year' });
-  const n = await DB.purgeYear(year);
-  res.json({ ok: true, deleted: n });
+  const year = String((req.body && req.body.year) || '').trim();
+  if (!/^\d{4}$/.test(year)) return res.status(400).json({ error: 'Année invalide (YYYY)' });
+  const result = await db.purgeYear(year);
+  res.json({ ok: true, result });
 }
 module.exports = {
   renderAdmin,
   getSettings,
   saveSettings,
-  listRequests,
-  approveRequest,
-  refuseRequest,
+  listPending,
+  approveReservation,
+  refuseReservation,
   purgeByYear,
 };

package/lib/api.js CHANGED Viewed

@@ -1,86 +1,154 @@
 'use strict';
-const DB = require('./db');
-const Settings = require('./settings');
-const Scheduler = require('./scheduler');
 const groups = require.main.require('./src/groups');
-const user = require.main.require('./src/user');
+const users = require.main.require('./src/user');
 const emailer = require.main.require('./src/emailer');
+const { settings } = require('./settings');
+const db = require('./db');
+const helloasso = require('./helloasso');
-function isInGroup(uid, groupNamesCsv) {
-  const list = String(groupNamesCsv || '').split(',').map(s => s.trim()).filter(Boolean);
-  if (!list.length) return Promise.resolve(false);
-  return Promise.all(list.map(g => groups.isMember(uid, g))).then(arr => arr.some(Boolean));
+function parseGroups(str) {
+  return String(str || '')
+    .split(',')
+    .map(s => s.trim())
+    .filter(Boolean);
 }
-async function getEvents(req, res) {
-  await Scheduler.expirePending();
-  const settings = await Settings.get();
-  const visibleMs = Number(settings.pendingVisibleMinutes || 60) * 60 * 1000;
-  const now = Date.now();
-  const events = await DB.getEventsAll();
-  const filtered = events.filter(ev => {
-    if (ev.status === 'expired') return false;
-    if (ev.status === 'pending') {
-      return (now - Number(ev.createdAt || 0)) <= visibleMs;
+async function isUserInAnyGroup(uid, groupNames) {
+  if (!uid || !groupNames.length) return false;
+  // groups.isMember exists in core; fall back to getUserGroups if needed
+  for (const g of groupNames) {
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      const ok = await groups.isMember(uid, g);
+      if (ok) return true;
+    } catch (e) { /* ignore */ }
+  }
+  // fallback
+  try {
+    const ug = await groups.getUserGroups([uid]);
+    const names = (ug && ug[uid] || []).map(x => x && (x.name || x.displayName)).filter(Boolean);
+    return names.some(n => groupNames.includes(n));
+  } catch (e) {
+    return false;
+  }
+}
+async function sendEmailToGroups(groupNames, template, data) {
+  const memberUids = new Set();
+  for (const g of groupNames) {
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      const uids = await groups.getMembers(g, 0, -1);
+      (uids || []).forEach(uid => memberUids.add(uid));
+    } catch (e) { /* ignore */ }
+  }
+  const uids = Array.from(memberUids);
+  if (!uids.length) return;
+  // Send one email per user (NodeBB emailer is per-uid)
+  // If emailer signature changes, this is the only place to adjust.
+  for (const uid of uids) {
+    try {
+      // eslint-disable-next-line no-await-in-loop
+      await emailer.send(template, uid, data);
+    } catch (e) {
+      // ignore individual failures
     }
-    return true;
-  }).map(ev => ({
-    id: ev.id,
-    title: ev.title || ev.itemName || 'Réservation',
-    start: new Date(Number(ev.start)).toISOString(),
-    end: new Date(Number(ev.end)).toISOString(),
-    extendedProps: {
-      status: ev.status,
-    },
-  }));
-  res.json({ events: filtered });
+  }
+}
+async function getEvents(req, res) {
+  const start = Date.parse(req.query.start);
+  const end = Date.parse(req.query.end);
+  const startMs = Number.isFinite(start) ? start : (Date.now() - 30 * 86400 * 1000);
+  const endMs = Number.isFinite(end) ? end : (Date.now() + 365 * 86400 * 1000);
+  const list = await db.getReservationsBetween(startMs, endMs);
+  const events = list.map(r => {
+    const status = r.status || 'pending';
+    const icon = status === 'approved' ? '✅' : status === 'refused' ? '⛔' : status === 'expired' ? '⌛' : '⏳';
+    const title = `${icon} ${r.itemName || 'Matériel'}${r.username ? ` — ${r.username}` : ''}`;
+    return {
+      id: r.rid,
+      title,
+      start: new Date(Number(r.start)).toISOString(),
+      end: new Date(Number(r.end)).toISOString(),
+      extendedProps: {
+        status,
+        itemId: r.itemId,
+        itemName: r.itemName,
+        paymentUrl: r.paymentUrl || '',
+      },
+    };
+  });
+  res.json(events);
 }
-async function createRequest(req, res) {
+async function getItems(req, res) {
+  try {
+    const items = await helloasso.listFormItems();
+    res.json({ items });
+  } catch (e) {
+    res.status(500).json({ error: e.message });
+  }
+}
+async function createReservation(req, res) {
   const uid = req.uid;
-  if (!uid) return res.status(401).json({ error: 'not-authorized' });
+  const s = await settings.get();
+  const allowedGroups = parseGroups(s.allowedGroups);
+  const notifyGroups = parseGroups(s.notifyGroups);
-  const settings = await Settings.get();
-  const allowed = await isInGroup(uid, settings.allowedGroups);
-  if (!allowed) return res.status(403).json({ error: 'not-allowed' });
+  const can = await isUserInAnyGroup(uid, allowedGroups);
+  if (!can) {
+    return res.status(403).json({ error: 'Vous n’êtes pas autorisé à réserver du matériel.' });
+  }
   const body = req.body || {};
-  const start = Number(new Date(body.start).getTime());
-  const end = Number(new Date(body.end).getTime());
-  if (!start || !end || end <= start) return res.status(400).json({ error: 'bad-range' });
+  const start = Date.parse(body.start);
+  const end = Date.parse(body.end);
-  const ev = await DB.saveEvent({
-    status: 'pending',
+  if (!Number.isFinite(start) || !Number.isFinite(end) || end <= start) {
+    return res.status(400).json({ error: 'Plage de dates invalide.' });
+  }
+  const holdMin = Math.max(1, parseInt(s.pendingHoldMinutes, 10) || 5);
+  const expiresAt = Date.now() + holdMin * 60 * 1000;
+  const user = await users.getUserFields(uid, ['username', 'email', 'fullname']);
+  const reservation = await db.createReservation({
+    uid,
+    username: user.username,
+    itemId: body.itemId,
+    itemName: body.itemName,
+    itemPrice: body.itemPrice,
     start,
     end,
-    createdAt: Date.now(),
-    uid,
-    title: body.title || 'Réservation',
-    itemId: body.itemId || '',
-    itemName: body.itemName || '',
-    amountCents: Number(body.amountCents || 0),
+    status: 'pending',
+    expiresAt,
   });
-  // Email notify groups (best-effort)
-  try {
-    const notifyGroups = String(settings.notifyGroups || '').split(',').map(s => s.trim()).filter(Boolean);
-    const uids = (await Promise.all(notifyGroups.map(g => groups.getMembers(g, 0, -1)))).flat();
-    const unique = Array.from(new Set(uids.map(Number))).filter(n => n && n !== uid);
-    if (unique.length) {
-      const fromUser = await user.getUserFields(uid, ['username', 'userslug']);
-      await emailer.sendToUids('calendar-onekite-pending', unique, {
-        username: fromUser && fromUser.username,
-        start: new Date(start).toISOString(),
-        end: new Date(end).toISOString(),
-        adminUrl: (process.env.NODEBB_URL || '') + '/admin/plugins/calendar-onekite',
-      });
-    }
-  } catch (e) {}
+  // Notify admin group by email (pending)
+  await sendEmailToGroups(notifyGroups, 'calendar-onekite-pending', {
+    subject: `[NodeBB] Nouvelle demande de réservation`,
+    reservation,
+    user,
+    url: `${req.protocol}://${req.get('host')}/admin/plugins/calendar-onekite`,
+    site_title: (req.app && req.app.locals && req.app.locals.config && req.app.locals.config.title) || 'NodeBB',
+  });
-  res.json({ event: { id: ev.id } });
+  res.json({ reservation });
 }
-module.exports = { getEvents, createRequest };
+module.exports = {
+  getEvents,
+  getItems,
+  createReservation,
+  // exported for admin module reuse
+  parseGroups,
+  isUserInAnyGroup,
+  sendEmailToGroups,
+};

package/lib/controllers.js CHANGED Viewed

@@ -1,15 +1,17 @@
 'use strict';
-const Settings = require('./settings');
+const { settings } = require('./settings');
 async function renderCalendar(req, res) {
-  const settings = await Settings.get();
+  const s = await settings.get();
   res.render('calendar-onekite/calendar', {
     title: 'Calendrier',
-    calendarOneKite: {
-      pendingVisibleMinutes: settings.pendingVisibleMinutes,
+    calendarOnekite: {
+      showUsernamesOnCalendar: !!s.showUsernamesOnCalendar,
     },
   });
 }
-module.exports = { renderCalendar };
+module.exports = {
+  renderCalendar,
+};

package/lib/db.js CHANGED Viewed

@@ -1,59 +1,120 @@
 'use strict';
 const db = require.main.require('./src/database');
+const { v4: uuidv4 } = require('uuid');
-const KEY_NEXT = 'calendar-onekite:nextId';
-const ZSET_ALL = 'calendar-onekite:events'; // score = start timestamp
-const HASH_PREFIX = 'calendar-onekite:event:'; // + id
+const KEY_PREFIX = 'calendar-onekite';
+const RES_KEY = rid => `${KEY_PREFIX}:reservation:${rid}`;
+const ZSET_BY_START = `${KEY_PREFIX}:reservations:byStart`;
+const ZSET_PENDING_BY_EXPIRES = `${KEY_PREFIX}:reservations:pendingByExpires`;
+const YEAR_SET = y => `${KEY_PREFIX}:reservations:year:${y}`;
-async function nextId() {
-  const id = await db.incrObjectField(KEY_NEXT, 'id');
-  return String(id);
+function yearFromMs(ms) {
+  const d = new Date(Number(ms));
+  return String(d.getUTCFullYear());
 }
-async function saveEvent(ev) {
-  const id = ev.id || await nextId();
-  ev.id = String(id);
-  const hashKey = HASH_PREFIX + ev.id;
-  await db.setObject(hashKey, ev);
-  await db.sortedSetAdd(ZSET_ALL, ev.start, ev.id);
-  return ev;
+async function createReservation(data) {
+  const rid = uuidv4();
+  const now = Date.now();
+  const reservation = {
+    rid,
+    uid: String(data.uid),
+    username: data.username || '',
+    itemId: String(data.itemId || ''),
+    itemName: String(data.itemName || ''),
+    itemPrice: String(data.itemPrice || ''),
+    start: String(data.start),
+    end: String(data.end),
+    status: data.status || 'pending', // pending | approved | refused | expired
+    createdAt: String(now),
+    expiresAt: String(data.expiresAt || (now + 5 * 60 * 1000)),
+    paymentUrl: data.paymentUrl || '',
+    adminUid: '',
+    adminActionAt: '',
+    adminNote: '',
+  };
+  const y = yearFromMs(reservation.start);
+  await db.setObject(RES_KEY(rid), reservation);
+  await db.sortedSetAdd(ZSET_BY_START, Number(reservation.start), rid);
+  await db.setAdd(YEAR_SET(y), rid);
+  if (reservation.status === 'pending') {
+    await db.sortedSetAdd(ZSET_PENDING_BY_EXPIRES, Number(reservation.expiresAt), rid);
+  }
+  return reservation;
+}
+async function getReservation(rid) {
+  const obj = await db.getObject(RES_KEY(rid));
+  return obj && obj.rid ? obj : null;
+}
+async function updateReservation(rid, patch) {
+  await db.setObject(RES_KEY(rid), patch);
+  const res = await getReservation(rid);
+  // Maintain pending index
+  if (patch.status || patch.expiresAt) {
+    const score = Number(res.expiresAt || 0);
+    if (res.status === 'pending') {
+      await db.sortedSetAdd(ZSET_PENDING_BY_EXPIRES, score, rid);
+    } else {
+      await db.sortedSetRemove(ZSET_PENDING_BY_EXPIRES, rid);
+    }
+  }
+  return res;
 }
-async function getEvent(id) {
-  return await db.getObject(HASH_PREFIX + id);
+async function getReservationsBetween(startMs, endMs) {
+  const rids = await db.getSortedSetRangeByScore(ZSET_BY_START, 0, -1, startMs, endMs);
+  if (!rids || !rids.length) return [];
+  const keys = rids.map(RES_KEY);
+  const objs = await db.getObjects(keys);
+  return (objs || []).filter(Boolean).filter(o => o && o.rid);
 }
-async function getEventsAll() {
-  const ids = await db.getSortedSetRange(ZSET_ALL, 0, -1);
-  if (!ids.length) return [];
-  const keys = ids.map(id => HASH_PREFIX + id);
-  const events = await db.getObjects(keys);
-  return (events || []).filter(Boolean);
+async function getPendingExpired(nowMs, limit = 100) {
+  const rids = await db.getSortedSetRangeByScore(ZSET_PENDING_BY_EXPIRES, 0, limit - 1, 0, nowMs);
+  return rids || [];
 }
-async function deleteEvent(id) {
-  await db.sortedSetRemove(ZSET_ALL, id);
-  await db.delete(HASH_PREFIX + id);
+async function listPending(limit = 200) {
+  const now = Date.now();
+  // pendingByExpires is sorted by expiresAt; use that as list, but include not yet expired
+  const rids = await db.getSortedSetRange(ZSET_PENDING_BY_EXPIRES, 0, limit - 1);
+  const keys = (rids || []).map(RES_KEY);
+  const objs = await db.getObjects(keys);
+  return (objs || []).filter(Boolean).filter(o => o.status === 'pending' && Number(o.expiresAt) > now);
 }
 async function purgeYear(year) {
-  const events = await getEventsAll();
-  const y = Number(year);
-  const toDelete = events.filter(ev => {
-    const d = new Date(Number(ev.start));
-    return d.getUTCFullYear() === y;
-  });
-  for (const ev of toDelete) {
-    await deleteEvent(ev.id);
-  }
-  return toDelete.length;
+  const ykey = YEAR_SET(year);
+  const rids = await db.getSetMembers(ykey);
+  if (!rids || !rids.length) return { year, purged: 0 };
+  // remove from indexes
+  await db.sortedSetRemove(ZSET_BY_START, rids);
+  await db.sortedSetRemove(ZSET_PENDING_BY_EXPIRES, rids);
+  // delete objects
+  await db.deleteAll(rids.map(RES_KEY));
+  // delete year set
+  await db.delete(ykey);
+  return { year, purged: rids.length };
 }
 module.exports = {
-  saveEvent,
-  getEvent,
-  getEventsAll,
-  deleteEvent,
+  createReservation,
+  getReservation,
+  updateReservation,
+  getReservationsBetween,
+  getPendingExpired,
+  listPending,
   purgeYear,
 };