npm - nodebb-plugin-calendar-onekite - Versions diffs - 11.1.60 → 11.1.62 - Mend

nodebb-plugin-calendar-onekite 11.1.60 → 11.1.62

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/lib/admin.js CHANGED Viewed

@@ -124,10 +124,23 @@ admin.approveReservation = async function (req, res) {
         }
   let paymentUrl = null;
-  if (token) {
-    const requester = await user.getUserFields(r.uid, ['username', 'email']);
-    // r.total is stored as an estimated total in euros; HelloAsso expects cents.
-    const totalAmount = Math.max(0, Math.round((Number(r.total) || 0) * 100));
+  const requester = await user.getUserFields(r.uid, ['username', 'email']);
+  // Persist payer email so we can reconcile shop payments when HelloAsso does not provide metadata.
+  if (requester && requester.email) {
+    r.payerEmail = requester.email;
+  }
+  // r.total is stored as an estimated total in euros; store expected total in cents as well.
+  const expectedTotalAmount = Math.max(0, Math.round((Number(r.total) || 0) * 100));
+  r.expectedTotalAmount = expectedTotalAmount;
+  // If admin configured a Shop form, we can't create a cart programmatically with the standard Checkout API.
+  // We therefore redirect the user to the shop page so the transaction is recorded in the Shop form.
+  if (String(settings.helloassoFormType || '').toLowerCase() === 'shop' && settings.helloassoOrganizationSlug && settings.helloassoFormSlug) {
+    const frontBase = (env === 'sandbox') ? 'https://www.helloasso-sandbox.com' : 'https://www.helloasso.com';
+    // Add rid as UTM for easier manual reconciliation on HelloAsso side (may not be returned in webhooks).
+    paymentUrl = `${frontBase}/associations/${encodeURIComponent(settings.helloassoOrganizationSlug)}/boutiques/${encodeURIComponent(settings.helloassoFormSlug)}?utm_source=nodebb&utm_medium=calendar&utm_campaign=location&utm_content=${encodeURIComponent(String(rid))}`;
+  } else if (token) {
+    const totalAmount = expectedTotalAmount;
     const base = forumBaseUrl();
     const returnUrl = base ? `${base}/calendar` : '';
     const webhookUrl = base ? `${base}/plugins/calendar-onekite/helloasso` : '';

package/lib/api.js CHANGED Viewed

@@ -389,40 +389,45 @@ api.approveReservation = async function (req, res) {
   // Create HelloAsso payment link on validation
   try {
     const settings2 = await meta.settings.get('calendar-onekite');
-    const token = await helloasso.getAccessToken({ env: settings2.helloassoEnv || 'prod', clientId: settings2.helloassoClientId, clientSecret: settings2.helloassoClientSecret });
+    const env2 = settings2.helloassoEnv || 'prod';
     const payer = await user.getUserFields(r.uid, ['email']);
-    const intent = await helloasso.createCheckoutIntent({
-      env: settings2.helloassoEnv,
-      token,
-      organizationSlug: settings2.helloassoOrganizationSlug,
-      formType: settings2.helloassoFormType,
-      formSlug: settings2.helloassoFormSlug,
-      // r.total is stored as an estimated total in euros; HelloAsso expects cents.
-      totalAmount: (() => {
-        const cents = Math.max(0, Math.round((Number(r.total) || 0) * 100));
-        if (!cents) {
-          console.warn('[calendar-onekite] HelloAsso totalAmount is 0 (approve API)', { rid, total: r.total });
+    if (payer && payer.email) {
+      r.payerEmail = payer.email;
+    }
+    const cents = Math.max(0, Math.round((Number(r.total) || 0) * 100));
+    r.expectedTotalAmount = cents;
+    // If a Shop form is configured, redirect to the Shop page so the payment is recorded in the shop.
+    // The stored value can vary in casing depending on the ACP select.
+    if (String(settings2.helloassoFormType || '').toLowerCase() === 'shop' && settings2.helloassoOrganizationSlug && settings2.helloassoFormSlug) {
+      const frontBase = (env2 === 'sandbox') ? 'https://www.helloasso-sandbox.com' : 'https://www.helloasso.com';
+      r.paymentUrl = `${frontBase}/associations/${encodeURIComponent(settings2.helloassoOrganizationSlug)}/boutiques/${encodeURIComponent(settings2.helloassoFormSlug)}?utm_source=nodebb&utm_medium=calendar&utm_campaign=location&utm_content=${encodeURIComponent(String(rid))}`;
+    } else {
+      const token = await helloasso.getAccessToken({ env: env2, clientId: settings2.helloassoClientId, clientSecret: settings2.helloassoClientSecret });
+      const intent = await helloasso.createCheckoutIntent({
+        env: env2,
+        token,
+        organizationSlug: settings2.helloassoOrganizationSlug,
+        formType: settings2.helloassoFormType,
+        formSlug: settings2.helloassoFormSlug,
+        totalAmount: cents,
+        payerEmail: payer && payer.email ? payer.email : '',
+        callbackUrl: normalizeReturnUrl(meta),
+        webhookUrl: normalizeCallbackUrl(settings2.helloassoCallbackUrl, meta),
+        itemName: 'Réservation matériel OneKite',
+        containsDonation: false,
+        metadata: { reservationId: String(rid) },
+      });
+      const paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl) ? (intent.paymentUrl || intent.redirectUrl) : (typeof intent === 'string' ? intent : null);
+      const checkoutIntentId = intent && intent.checkoutIntentId ? String(intent.checkoutIntentId) : null;
+      if (paymentUrl) {
+        r.paymentUrl = paymentUrl;
+        if (checkoutIntentId) {
+          r.checkoutIntentId = checkoutIntentId;
         }
-        return cents;
-      })(),
-      payerEmail: payer && payer.email ? payer.email : '',
-      // By default, point to the forum base url so the webhook hits this NodeBB instance.
-      // Can be overridden via ACP setting `helloassoCallbackUrl`.
-      callbackUrl: normalizeReturnUrl(meta),
-      webhookUrl: normalizeCallbackUrl(settings2.helloassoCallbackUrl, meta),
-      itemName: 'Réservation matériel OneKite',
-      containsDonation: false,
-      metadata: { reservationId: String(rid) },
-    });
-    const paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl) ? (intent.paymentUrl || intent.redirectUrl) : (typeof intent === 'string' ? intent : null);
-    const checkoutIntentId = intent && intent.checkoutIntentId ? String(intent.checkoutIntentId) : null;
-    if (paymentUrl) {
-      r.paymentUrl = paymentUrl;
-      if (checkoutIntentId) {
-        r.checkoutIntentId = checkoutIntentId;
+      } else {
+        console.warn('[calendar-onekite] HelloAsso payment link not created (approve API)', { rid });
       }
-    } else {
-      console.warn('[calendar-onekite] HelloAsso payment link not created (approve API)', { rid });
     }
   } catch (e) {
     // ignore payment link errors, admin can retry

package/lib/helloassoWebhook.js CHANGED Viewed

@@ -220,11 +220,111 @@ function formatFR(tsOrIso) {
 function getReservationIdFromPayload(payload) {
   try {
-    const m = payload && payload.data ? payload.data.meta : null;
-    if (!m) return null;
-    if (typeof m === 'object' && m.reservationId) return String(m.reservationId);
-    if (typeof m === 'object' && m.reservationID) return String(m.reservationID);
+    const data = payload && payload.data ? payload.data : null;
+    if (!data) return null;
+    // Prefer meta/metadata when present (Checkout-intents).
+    const candidates = [
+      data.meta,
+      data.metadata,
+      data.order && (data.order.meta || data.order.metadata),
+      data.checkoutIntent && (data.checkoutIntent.meta || data.checkoutIntent.metadata),
+    ].filter(Boolean);
+    for (const m of candidates) {
+      if (m && typeof m === 'object' && !Array.isArray(m)) {
+        if (m.reservationId) return String(m.reservationId);
+        if (m.reservationID) return String(m.reservationID);
+      }
+      if (Array.isArray(m)) {
+        const found = m.find((x) => x && (x.key === 'reservationId' || x.name === 'reservationId'));
+        if (found && (found.value || found.val)) return String(found.value || found.val);
+      }
+    }
+    return null;
+  } catch (e) {
+    return null;
+  }
+}
+function getFormTypeFromPayload(payload) {
+  try {
+    const data = payload && payload.data ? payload.data : null;
+    const order = data && data.order ? data.order : null;
+    return String((order && order.formType) || data.formType || '').trim();
+  } catch (e) {
+    return '';
+  }
+}
+function getFormSlugFromPayload(payload) {
+  try {
+    const data = payload && payload.data ? payload.data : null;
+    const order = data && data.order ? data.order : null;
+    return String((order && order.formSlug) || data.formSlug || '').trim();
+  } catch (e) {
+    return '';
+  }
+}
+function getPayerEmailFromPayload(payload) {
+  try {
+    const data = payload && payload.data ? payload.data : null;
+    if (!data) return '';
+    const payer = data.payer || data.user || null;
+    return String((payer && payer.email) || data.payerEmail || '').trim().toLowerCase();
+  } catch (e) {
+    return '';
+  }
+}
+function getTotalAmountCentsFromPayload(payload) {
+  try {
+    const data = payload && payload.data ? payload.data : null;
+    if (!data) return null;
+    const amountObj = data.amount || data.totalAmount || data.amountTotal || null;
+    if (typeof amountObj === 'number') return Math.round(amountObj);
+    if (amountObj && typeof amountObj === 'object') {
+      const v = amountObj.total ?? amountObj.value ?? amountObj.amount;
+      if (typeof v === 'number') return Math.round(v);
+    }
+    // Fallback: sum items amounts when provided.
+    const items = Array.isArray(data.items) ? data.items : null;
+    if (items && items.length) {
+      const sum = items.reduce((acc, it) => acc + (Number(it.amount || it.totalAmount || 0) || 0), 0);
+      if (sum) return Math.round(sum);
+    }
+    return null;
+  } catch (e) {
     return null;
+  }
+}
+async function tryMatchShopOrderToReservation(payload) {
+  try {
+    const payerEmail = getPayerEmailFromPayload(payload);
+    if (!payerEmail) return null;
+    const total = getTotalAmountCentsFromPayload(payload);
+    const latest = await dbLayer.getLatestReservations(200);
+    const candidates = (latest || []).filter((r) => {
+      if (!r || r.status !== 'awaiting_payment') return false;
+      if (!r.payerEmail) return false;
+      if (String(r.payerEmail).trim().toLowerCase() !== payerEmail) return false;
+      // When we know the expected total, require match.
+      if (typeof total === 'number' && Number.isFinite(total)) {
+        const exp = Number(r.expectedTotalAmount);
+        if (Number.isFinite(exp) && exp > 0) {
+          return exp === total;
+        }
+      }
+      return true;
+    });
+    if (!candidates.length) return null;
+    candidates.sort((a, b) => (Number(b.approvedAt || 0) - Number(a.approvedAt || 0)));
+    return String(candidates[0].rid);
   } catch (e) {
     return null;
   }
@@ -295,8 +395,11 @@ async function handler(req, res, next) {
       return res.json({ ok: true, ignored: true });
     }
-    const paymentId = payload && payload.data ? (payload.data.id || payload.data.paymentId) : null;
-    if (await alreadyProcessed(paymentId)) {
+    // PaymentId may be absent on Order events; fall back to order id for replay protection.
+    const orderId = payload && payload.data && payload.data.order ? payload.data.order.id : null;
+    const paymentId = payload && payload.data ? (payload.data.id || payload.data.paymentId || (payload.data.payment && payload.data.payment.id)) : null;
+    const processedKey = paymentId || orderId;
+    if (await alreadyProcessed(processedKey)) {
       return res.json({ ok: true, duplicate: true });
     }
@@ -311,6 +414,19 @@ async function handler(req, res, next) {
       // Some webhook payloads omit metadata; try to fetch the payment details.
       resolvedRid = await tryRecoverReservationIdFromPayment(settings, paymentId);
     }
+    // For Shop forms, HelloAsso often does not include metadata/checkoutIntentId.
+    // As a last resort, reconcile by payer email (+ expected amount when available).
+    if (!resolvedRid) {
+      const formType = getFormTypeFromPayload(payload).toLowerCase();
+      const formSlug = getFormSlugFromPayload(payload);
+      if (formType === 'shop' && String(settings.helloassoFormType || '').toLowerCase() === 'shop') {
+        // If a specific shop slug is configured, require it when the payload provides it.
+        // Some webhook payloads (notably Payment) may omit the formSlug.
+        if (!settings.helloassoFormSlug || !formSlug || String(settings.helloassoFormSlug) === String(formSlug)) {
+          resolvedRid = await tryMatchShopOrderToReservation(payload);
+        }
+      }
+    }
     if (!resolvedRid) {
       // eslint-disable-next-line no-console
       console.warn('[calendar-onekite] HelloAsso webhook missing reservationId in metadata', { eventType: payload && payload.eventType, paymentId, checkoutIntentId });
@@ -320,7 +436,7 @@ async function handler(req, res, next) {
     const r = await dbLayer.getReservation(resolvedRid);
     if (!r) {
-      await markProcessed(paymentId);
+      await markProcessed(processedKey);
       return res.json({ ok: true, processed: true, reservationNotFound: true });
     }
@@ -352,7 +468,7 @@ async function handler(req, res, next) {
       });
     }
-    await markProcessed(paymentId);
+    await markProcessed(processedKey);
     return res.json({ ok: true, processed: true });
   } catch (err) {
     return next(err);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-calendar-onekite",
-  "version":"11.1.60",
+  "version":"11.1.62",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",