nodebb-plugin-calendar-onekite 11.2.13 → 11.2.14

package/pkg/package/lib/controllers.js

@@ -0,0 +1,11 @@
+'use strict';
+
+const controllers = {};
+
+controllers.renderCalendar = async function (req, res) {
+  res.render('calendar-onekite', {
+    title: 'Calendar',
+  });
+};
+
+module.exports = controllers;

package/pkg/package/lib/db.js

@@ -0,0 +1,72 @@
+'use strict';
+
+const db = require.main.require('./src/database');
+
+const KEY_ZSET = 'calendar-onekite:reservations';
+const KEY_OBJ = (rid) => `calendar-onekite:reservation:${rid}`;
+const KEY_CHECKOUT_INTENT_TO_RID = 'calendar-onekite:helloasso:checkoutIntentToRid';
+
+// Special events (non-reservation events shown in a different colour)
+const KEY_SPECIAL_ZSET = 'calendar-onekite:special';
+const KEY_SPECIAL_OBJ = (eid) => `calendar-onekite:special:${eid}`;
+
+async function getReservation(rid) {
+  return await db.getObject(KEY_OBJ(rid));
+}
+
+async function saveReservation(resv) {
+  await db.setObject(KEY_OBJ(resv.rid), resv);
+  // score = start timestamp
+  await db.sortedSetAdd(KEY_ZSET, resv.start, resv.rid);
+  // Optional mapping to help reconcile HelloAsso webhooks that don't include metadata
+  if (resv.checkoutIntentId) {
+    try {
+      await db.setObjectField(KEY_CHECKOUT_INTENT_TO_RID, String(resv.checkoutIntentId), String(resv.rid));
+    } catch (e) {
+      // ignore
+    }
+  }
+}
+
+async function removeReservation(rid) {
+  await db.sortedSetRemove(KEY_ZSET, rid);
+  await db.delete(KEY_OBJ(rid));
+}
+
+async function listReservationIdsByStartRange(startTs, endTs, limit = 1000) {
+  // NodeBB db method name is getSortedSetRangeByScore(set, start, stop, min, max)
+  // (start/stop are index offsets, min/max are score range)
+  const start = 0;
+  const stop = Math.max(0, (parseInt(limit, 10) || 1000) - 1);
+  return await db.getSortedSetRangeByScore(KEY_ZSET, start, stop, startTs, endTs);
+}
+
+async function listAllReservationIds(limit = 5000) {
+  return await db.getSortedSetRange(KEY_ZSET, 0, limit - 1);
+}
+
+module.exports = {
+  KEY_ZSET,
+  KEY_SPECIAL_ZSET,
+  KEY_CHECKOUT_INTENT_TO_RID,
+  getReservation,
+  saveReservation,
+  removeReservation,
+  // Special events
+  getSpecialEvent: async (eid) => await db.getObject(KEY_SPECIAL_OBJ(eid)),
+  saveSpecialEvent: async (ev) => {
+    await db.setObject(KEY_SPECIAL_OBJ(ev.eid), ev);
+    await db.sortedSetAdd(KEY_SPECIAL_ZSET, ev.start, ev.eid);
+  },
+  removeSpecialEvent: async (eid) => {
+    await db.sortedSetRemove(KEY_SPECIAL_ZSET, eid);
+    await db.delete(KEY_SPECIAL_OBJ(eid));
+  },
+  listSpecialIdsByStartRange: async (startTs, endTs, limit = 2000) => {
+    const start = 0;
+    const stop = Math.max(0, (parseInt(limit, 10) || 2000) - 1);
+    return await db.getSortedSetRangeByScore(KEY_SPECIAL_ZSET, start, stop, startTs, endTs);
+  },
+  listReservationIdsByStartRange,
+  listAllReservationIds,
+};

package/pkg/package/lib/helloasso.js

@@ -0,0 +1,278 @@
+'use strict';
+
+const https = require('https');
+
+function requestJson(method, url, headers = {}, bodyObj = null) {
+  return new Promise((resolve) => {
+    const u = new URL(url);
+    const body = bodyObj ? JSON.stringify(bodyObj) : null;
+
+    const req = https.request(
+      {
+        method,
+        hostname: u.hostname,
+        port: u.port || 443,
+        path: u.pathname + u.search,
+        headers: {
+          Accept: 'application/json',
+          'Content-Type': 'application/json',
+          ...(body ? { 'Content-Length': Buffer.byteLength(body) } : {}),
+          ...headers,
+        },
+      },
+      (resp) => {
+        let data = '';
+        resp.setEncoding('utf8');
+        resp.on('data', (chunk) => { data += chunk; });
+        resp.on('end', () => {
+          const status = resp.statusCode || 0;
+
+          // Try JSON first, but never throw from here (avoid crashing NodeBB).
+          try {
+            const json = data ? JSON.parse(data) : null;
+            return resolve({ status, json });
+          } catch (e) {
+            // Non-JSON response (HTML/proxy error/etc.)
+            const snippet = String(data || '').slice(0, 500);
+            return resolve({ status, json: null, raw: snippet });
+          }
+        });
+      }
+    );
+
+    req.on('error', (err) => {
+      resolve({ status: 0, json: null, error: err && err.message ? err.message : String(err) });
+    });
+    if (body) req.write(body);
+    req.end();
+  });
+}
+
+function baseUrl(env) {
+  return env === 'sandbox'
+    ? 'https://api.helloasso-sandbox.com'
+    : 'https://api.helloasso.com';
+}
+
+async function getAccessToken({ env, clientId, clientSecret }) {
+  if (!clientId || !clientSecret) return null;
+  const url = `${baseUrl(env)}/oauth2/token`;
+  const body = new URLSearchParams({
+    grant_type: 'client_credentials',
+    client_id: clientId,
+    client_secret: clientSecret,
+  }).toString();
+
+  // Be very defensive here: HelloAsso may return HTML (proxy/CDN error pages)
+  // or empty bodies on failure. This function must never crash the process.
+  return new Promise((resolve, reject) => {
+    const u = new URL(url);
+    const req = https.request(
+      {
+        method: 'POST',
+        hostname: u.hostname,
+        port: u.port || 443,
+        path: u.pathname + u.search,
+        headers: {
+          'Accept': 'application/json',
+          'Content-Type': 'application/x-www-form-urlencoded',
+          'Content-Length': Buffer.byteLength(body),
+        },
+      },
+      (res) => {
+        let data = '';
+        res.setEncoding('utf8');
+        res.on('data', (chunk) => (data += chunk));
+        res.on('end', () => {
+          const status = res.statusCode || 0;
+          const snippet = String(data || '').slice(0, 500);
+
+          // If non-2xx, still try to parse JSON to log a meaningful error.
+          if (status < 200 || status >= 300) {
+            let parsed = null;
+            try {
+              parsed = data ? JSON.parse(data) : null;
+            } catch (e) {
+              // ignore
+            }
+            console.warn('[calendar-onekite] HelloAsso token request failed', {
+              status,
+              body: parsed || snippet,
+            });
+            return resolve(null);
+          }
+
+          // 2xx: must be JSON with access_token
+          try {
+            const json = JSON.parse(data || '{}');
+            const token = json && json.access_token ? String(json.access_token) : null;
+            if (!token) {
+              console.warn('[calendar-onekite] HelloAsso token missing in response', { status, body: json || snippet });
+            }
+            return resolve(token);
+          } catch (e) {
+            console.warn('[calendar-onekite] HelloAsso token parse error', { status, body: snippet });
+            return resolve(null);
+          }
+        });
+      }
+    );
+    req.on('error', (err) => {
+      console.warn('[calendar-onekite] HelloAsso token network error', { message: err && err.message ? err.message : String(err) });
+      resolve(null);
+    });
+    req.write(body);
+    req.end();
+  });
+}
+
+async function listItems({ env, token, organizationSlug, formType, formSlug }) {
+  if (!token || !organizationSlug || !formType || !formSlug) return [];
+  // This endpoint returns *sold items* (i.e., items present in orders). If your shop has
+  // no sales yet, it will legitimately return an empty list.
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(organizationSlug)}/forms/${encodeURIComponent(formType)}/${encodeURIComponent(formSlug)}/items?pageIndex=1&pageSize=200`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300 && json) {
+    return json.data || json.items || [];
+  }
+  return [];
+}
+
+async function getFormPublic({ env, token, organizationSlug, formType, formSlug }) {
+  if (!token || !organizationSlug || !formType || !formSlug) return null;
+  // Public form details contains extraOptions/customFields and (for Shop) usually the catalog structure.
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(organizationSlug)}/forms/${encodeURIComponent(formType)}/${encodeURIComponent(formSlug)}/public`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300) {
+    return json || null;
+  }
+  return null;
+}
+
+function extractCatalogItems(publicFormJson) {
+  if (!publicFormJson || typeof publicFormJson !== 'object') return [];
+
+  // Try a few common shapes used in HelloAsso "public" form responses.
+  const candidates = [];
+  const pushArr = (arr) => {
+    if (Array.isArray(arr)) candidates.push(...arr);
+  };
+
+  pushArr(publicFormJson.items);
+  pushArr(publicFormJson.tiers);
+  pushArr(publicFormJson.products);
+  pushArr(publicFormJson.data);
+  if (publicFormJson.form) {
+    pushArr(publicFormJson.form.items);
+    pushArr(publicFormJson.form.tiers);
+    pushArr(publicFormJson.form.products);
+  }
+
+  // Some responses nest in "campaign" or "publicForm".
+  if (publicFormJson.publicForm) {
+    pushArr(publicFormJson.publicForm.items);
+    pushArr(publicFormJson.publicForm.tiers);
+    pushArr(publicFormJson.publicForm.products);
+  }
+  if (publicFormJson.campaign) {
+    pushArr(publicFormJson.campaign.items);
+    pushArr(publicFormJson.campaign.tiers);
+    pushArr(publicFormJson.campaign.products);
+  }
+
+  // Normalize to { id, name, price }
+  return candidates
+    .map((it) => {
+      if (!it || typeof it !== 'object') return null;
+      const id = it.id ?? it.itemId ?? it.tierId;
+      const name = it.name ?? it.label ?? it.title;
+      const price =
+        (it.amount && (it.amount.total ?? it.amount.value)) ??
+        it.price ??
+        it.unitPrice ??
+        it.totalAmount ??
+        it.initialAmount;
+      if (!id || !name) return null;
+      return { id, name, price: typeof price === 'number' ? price : 0, raw: it };
+    })
+    .filter(Boolean);
+}
+
+async function listCatalogItems({ env, token, organizationSlug, formType, formSlug }) {
+  const publicForm = await getFormPublic({ env, token, organizationSlug, formType, formSlug });
+  const extracted = extractCatalogItems(publicForm);
+  return {
+    publicForm,
+    items: extracted.map(({ id, name, price, raw }) => ({ id, name, price, raw })),
+  };
+}
+
+async function createCheckoutIntent({ env, token, organizationSlug, formType, formSlug, totalAmount, payerEmail, callbackUrl, webhookUrl, itemName, containsDonation, metadata }) {
+  if (!token || !organizationSlug) return null;
+  if (!callbackUrl || !/^https?:\/\//i.test(String(callbackUrl))) {
+    console.warn('[calendar-onekite] HelloAsso invalid return/back/error URL', { callbackUrl });
+    return null;
+  }
+  if (webhookUrl && !/^https?:\/\//i.test(String(webhookUrl))) {
+    console.warn('[calendar-onekite] HelloAsso invalid webhook URL', { webhookUrl });
+  }
+  // Checkout intents are created at organization level.
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(organizationSlug)}/checkout-intents`;
+  const payload = {
+    totalAmount: totalAmount,
+    initialAmount: totalAmount,
+    itemName: itemName || 'Réservation matériel',
+    containsDonation: (typeof containsDonation === 'boolean' ? containsDonation : false),
+    payer: payerEmail ? { email: payerEmail } : undefined,
+    metadata: metadata || undefined,
+    backUrl: callbackUrl || '',
+    errorUrl: callbackUrl || '',
+    returnUrl: callbackUrl || '',
+    notificationUrl: webhookUrl || callbackUrl || '',
+  };
+  const { status, json } = await requestJson('POST', url, { Authorization: `Bearer ${token}` }, payload);
+  if (status >= 200 && status < 300 && json) {
+    return { paymentUrl: (json.redirectUrl || json.checkoutUrl || json.url || null), checkoutIntentId: (json.id || json.checkoutIntentId || null), raw: json };
+  }
+  // Log the error payload to help diagnose configuration issues (slug, env, urls, amount, etc.)
+  try {
+    // eslint-disable-next-line no-console
+    console.warn('[calendar-onekite] HelloAsso checkout-intent failed', { status, json });
+  } catch (e) { /* ignore */ }
+  return null;
+}
+
+// Fetch detailed payment information (used to recover metadata when webhook payload is incomplete)
+// HelloAsso exposes GET /payments/{paymentId} in its v5 API.
+async function getPaymentDetails({ env, token, paymentId }) {
+  if (!token || !paymentId) return null;
+  const url = `${baseUrl(env)}/v5/payments/${encodeURIComponent(String(paymentId))}`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300) {
+    return json || null;
+  }
+  return null;
+}
+
+
+
+async function getCheckoutIntentDetails({ env, token, organizationSlug, checkoutIntentId }) {
+  if (!token || !organizationSlug || !checkoutIntentId) return null;
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(String(organizationSlug))}/checkout-intents/${encodeURIComponent(String(checkoutIntentId))}`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300) {
+    return json || null;
+  }
+  return null;
+}
+
+module.exports = {
+  getAccessToken,
+  listItems,
+  getFormPublic,
+  extractCatalogItems,
+  listCatalogItems,
+  createCheckoutIntent,
+  getPaymentDetails,
+  getCheckoutIntentDetails,
+};