nodebb-plugin-calendar-onekite 12.0.23 → 12.0.25

package/CHANGELOG.md

@@ -1,15 +1,8 @@
-## 1.3.1
-- Hotfix: fix duplicate `const supd` declaration causing startup crash.
-
-## 1.3.0
-### Optimisations / robustesse
-- Scheduler : lecture des réservations en batch (suppression du N+1 DB) + envoi email factorisé.
-- Settings : cache mémoire court (TTL) pour réduire les `meta.settings.get` répétitifs.
-- API events : pagination interne (évite la troncature silencieuse > 5000) + ETag optimisé pour gros payloads.
-- Dates allDay : formatage en **Europe/Paris** pour éviter les décalages UTC.
-- Widget : titre simplifié (suppression de “2 semaines”).
-
 ## 1.1.0
+
+## 1.3.4
+- Fix: HelloAsso OAuth token rate-limit (429/1015) by caching token, de-duplicating requests, and adding backoff retries (no extra logs).
+- Discord: add ⏳/💳 icons in embed titles.
 ### Perf / prod (NodeBB v4)
 - FullCalendar : passage au CDN **@latest** et utilisation de `main.min.css` (supprime l’erreur 404 `index.global.min.css`).
 - API `events` : payload allégé (les détails sont chargés à la demande), tri stable.
@@ -26,6 +19,11 @@
 
 # Changelog
 
+## 1.3.2
+
+- Discord : notifications envoyées en **embed** (plus lisible) pour les demandes et paiements.
+- Discord : contenu texte désactivé (embed only) pour éviter le bruit.
+
 ## 1.0.0
 
 ### ACP

package/lib/admin.js

@@ -149,7 +149,7 @@ admin.approveReservation = async function (req, res) {
     clientSecret: settings.helloassoClientSecret,
   });
         if (!token) {
-          console.warn('[calendar-onekite] HelloAsso access token not obtained (approve ACP)', { rid: r && r.rid });
+
         }
 
   let paymentUrl = null;

package/lib/api.js

@@ -3,6 +3,7 @@
 const crypto = require('crypto');
 
 const meta = require.main.require('./src/meta');
+const emailer = require.main.require('./src/emailer');
 const nconf = require.main.require('nconf');
 const user = require.main.require('./src/user');
 const groups = require.main.require('./src/groups');
@@ -10,8 +11,6 @@ const db = require.main.require('./src/database');
 const logger = require.main.require('./src/logger');
 
 const dbLayer = require('./db');
-const { getSettingsCached } = require('./settings');
-const { sendEmail } = require('./email');
 
 // Fast membership check without N calls to groups.isMember.
 // NodeBB's groups.getUserGroups([uid]) returns an array (per uid) of group objects.
@@ -53,22 +52,37 @@ function normalizeAllowedGroups(raw) {
 const helloasso = require('./helloasso');
 const discord = require('./discord');
 
-// Format yyyy-mm-dd in Europe/Paris to avoid UTC day-shifts for allDay events.
-const PARIS_DATE_FMT = new Intl.DateTimeFormat('en-CA', {
-  timeZone: 'Europe/Paris',
-  year: 'numeric',
-  month: '2-digit',
-  day: '2-digit',
-});
-
-function toParisIsoDate(ts) {
-  const n = parseInt(ts, 10);
-  if (!n) return '';
-  return PARIS_DATE_FMT.format(new Date(n)); // en-CA => YYYY-MM-DD
+// Email helper: NodeBB's Emailer signature differs across versions.
+// We try the common forms. Any failure is logged for debugging.
+async function sendEmail(template, toEmail, subject, data) {
+  if (!toEmail) return;
+  try {
+    // NodeBB core signature (historically):
+    //   Emailer.sendToEmail(template, email, language, params[, callback])
+    // Subject is not a positional arg; it must be injected (either by NodeBB itself
+    // or via filter:email.modify). We always pass it in params.subject.
+    const language = (meta && meta.config && (meta.config.defaultLang || meta.config.defaultLanguage)) || 'fr';
+    const params = Object.assign({}, data || {}, subject ? { subject } : {});
+    if (typeof emailer.sendToEmail === 'function') {
+      await emailer.sendToEmail(template, toEmail, language, params);
+      return;
+    }
+    // Fallback for older/unusual builds (rare)
+    if (typeof emailer.send === 'function') {
+      // Some builds accept (template, email, language, params)
+      if (emailer.send.length >= 4) {
+        await emailer.send(template, toEmail, language, params);
+        return;
+      }
+      // Some builds accept (template, email, params)
+      await emailer.send(template, toEmail, params);
+    }
+  } catch (err) {
+    // eslint-disable-next-line no-console
+    console.warn('[calendar-onekite] Failed to send email', { template, toEmail, err: String(err) });
+  }
 }
 
-// sendEmail is provided by ./email
-
 function normalizeBaseUrl(meta) {
   // Prefer meta.config.url, fallback to nconf.get('url')
   let base = (meta && meta.config && (meta.config.url || meta.config['url'])) ? (meta.config.url || meta.config['url']) : '';
@@ -236,8 +250,8 @@ function eventsFor(resv) {
   const status = resv.status;
   const icons = { pending: '⏳', awaiting_payment: '💳', paid: '✅' };
   const colors = { pending: '#f39c12', awaiting_payment: '#d35400', paid: '#27ae60' };
-  const startIsoDate = toParisIsoDate(resv.start);
-  const endIsoDate = toParisIsoDate(resv.end);
+  const startIsoDate = new Date(parseInt(resv.start, 10)).toISOString().slice(0, 10);
+  const endIsoDate = new Date(parseInt(resv.end, 10)).toISOString().slice(0, 10);
 
   const itemIds = Array.isArray(resv.itemIds) ? resv.itemIds : (resv.itemId ? [resv.itemId] : []);
   const itemNames = Array.isArray(resv.itemNames) ? resv.itemNames : (resv.itemName ? [resv.itemName] : []);
@@ -304,11 +318,9 @@ function eventsForSpecial(ev) {
 
 const api = {};
 
-function computeEtag(payload, metaSig) {
+function computeEtag(payload) {
   // Weak ETag is fine here: it is only used to skip identical JSON payloads.
-  // For large payloads, hashing a short signature is cheaper than JSON.stringify(...).
-  const input = metaSig ? String(metaSig) : JSON.stringify(payload);
-  const hash = crypto.createHash('sha1').update(input).digest('hex');
+  const hash = crypto.createHash('sha1').update(JSON.stringify(payload)).digest('hex');
   return `W/"${hash}"`;
 }
 
@@ -316,7 +328,7 @@ api.getEvents = async function (req, res) {
   const startTs = toTs(req.query.start) || 0;
   const endTs = toTs(req.query.end) || (Date.now() + 365 * 24 * 3600 * 1000);
 
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const canMod = req.uid ? await canValidate(req.uid, settings) : false;
   const canSpecialCreate = req.uid ? await canCreateSpecial(req.uid, settings) : false;
   const canSpecialDelete = req.uid ? await canDeleteSpecial(req.uid, settings) : false;
@@ -324,27 +336,8 @@ api.getEvents = async function (req, res) {
   // Fetch a wider window because an event can start before the query range
   // and still overlap.
   const wideStart = Math.max(0, startTs - 366 * 24 * 3600 * 1000);
-  // Avoid silent truncation if there are >5000 matches.
-  const CHUNK = 5000;
-  let offset = 0;
-  const ids = [];
-  while (true) {
-    const part = await dbLayer.listReservationIdsByStartRangePaged(wideStart, endTs, offset, CHUNK);
-    if (!part || !part.length) break;
-    ids.push(...part);
-    if (part.length < CHUNK) break;
-    offset += CHUNK;
-    // Safety to avoid unbounded loops on pathological datasets.
-    if (offset > 200000) {
-      logger.warn('[calendar-onekite] getEvents exceeded 200k ids; truncating response', {
-        wideStart,
-        endTs,
-      });
-      break;
-    }
-  }
+  const ids = await dbLayer.listReservationIdsByStartRange(wideStart, endTs, 5000);
   const out = [];
-  let maxUpdated = 0;
   // Batch fetch = major perf win when there are many reservations.
   const reservations = await dbLayer.getReservations(ids);
   for (const r of (reservations || [])) {
@@ -356,8 +349,6 @@ api.getEvents = async function (req, res) {
     const rStart = parseInt(r.start, 10);
     const rEnd = parseInt(r.end, 10);
     if (!(rStart < endTs && startTs < rEnd)) continue; // overlap check
-    const upd = parseInt(r.updatedAt || r.modifiedAt || r.approvedAt || r.validatedAt || r.createdAt || 0, 10) || 0;
-    if (upd > maxUpdated) maxUpdated = upd;
     const evs = eventsFor(r);
     for (const ev of evs) {
       const p = ev.extendedProps || {};
@@ -395,17 +386,12 @@ api.getEvents = async function (req, res) {
   // Special events
   try {
     const specialIds = await dbLayer.listSpecialIdsByStartRange(wideStart, endTs, 5000);
-    if (Array.isArray(specialIds) && specialIds.length === 5000) {
-      logger.warn('[calendar-onekite] getEvents special list may be truncated at 5000', { wideStart, endTs });
-    }
     const specials = await dbLayer.getSpecialEvents(specialIds);
     for (const sev of (specials || [])) {
       if (!sev) continue;
       const sStart = parseInt(sev.start, 10);
       const sEnd = parseInt(sev.end, 10);
       if (!(sStart < endTs && startTs < sEnd)) continue;
-      const supd = parseInt(sev.updatedAt || sev.modifiedAt || sev.createdAt || 0, 10) || 0;
-      if (supd > maxUpdated) maxUpdated = supd;
       const full = eventsForSpecial(sev);
       const minimal = {
         id: full.id,
@@ -442,11 +428,7 @@ api.getEvents = async function (req, res) {
     return ai < bi ? -1 : ai > bi ? 1 : 0;
   });
 
-  // For large payloads, avoid hashing the full JSON string.
-  const metaSig = out.length > 2000
-    ? `start:${startTs};end:${endTs};wide:${wideStart};len:${out.length};maxUpdated:${maxUpdated};mod:${canMod?1:0};sc:${canSpecialCreate?1:0};sd:${canSpecialDelete?1:0}`
-    : null;
-  const etag = computeEtag(out, metaSig);
+  const etag = computeEtag(out);
   res.setHeader('ETag', etag);
   res.setHeader('Cache-Control', 'private, max-age=0, must-revalidate');
   if (String(req.headers['if-none-match'] || '') === etag) {
@@ -460,7 +442,7 @@ api.getReservationDetails = async function (req, res) {
   const uid = req.uid;
   if (!uid) return res.status(401).json({ error: 'not-logged-in' });
 
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const canMod = await canValidate(uid, settings);
 
   const rid = String(req.params.rid || '').trim();
@@ -502,7 +484,7 @@ api.getSpecialEventDetails = async function (req, res) {
   const uid = req.uid;
   if (!uid) return res.status(401).json({ error: 'not-logged-in' });
 
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const canMod = await canValidate(uid, settings);
   const canSpecialDelete = await canDeleteSpecial(uid, settings);
 
@@ -531,7 +513,7 @@ api.getSpecialEventDetails = async function (req, res) {
 };
 
 api.getCapabilities = async function (req, res) {
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const uid = req.uid || 0;
   const canMod = uid ? await canValidate(uid, settings) : false;
   res.json({
@@ -542,7 +524,7 @@ api.getCapabilities = async function (req, res) {
 };
 
 api.createSpecialEvent = async function (req, res) {
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   if (!req.uid) return res.status(401).json({ error: 'not-logged-in' });
   const ok = await canCreateSpecial(req.uid, settings);
   if (!ok) return res.status(403).json({ error: 'not-allowed' });
@@ -578,7 +560,7 @@ api.createSpecialEvent = async function (req, res) {
 };
 
 api.deleteSpecialEvent = async function (req, res) {
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   if (!req.uid) return res.status(401).json({ error: 'not-logged-in' });
   const ok = await canDeleteSpecial(req.uid, settings);
   if (!ok) return res.status(403).json({ error: 'not-allowed' });
@@ -589,7 +571,7 @@ api.deleteSpecialEvent = async function (req, res) {
 };
 
 api.getItems = async function (req, res) {
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
 
   const env = settings.helloassoEnv || 'prod';
   const token = await helloasso.getAccessToken({
@@ -598,7 +580,7 @@ api.getItems = async function (req, res) {
     clientSecret: settings.helloassoClientSecret,
   });
     if (!token) {
-      console.warn('[calendar-onekite] HelloAsso access token not obtained (items API)', { uid: req.uid || 0 });
+
     }
 
   if (!token) {
@@ -630,7 +612,7 @@ api.createReservation = async function (req, res) {
   const uid = req.uid;
   if (!uid) return res.status(401).json({ error: 'not-logged-in' });
 
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const startPreview = toTs(req.body.start);
   const ok = await canRequest(uid, settings, startPreview);
   if (!ok) return res.status(403).json({ error: 'not-allowed' });
@@ -766,7 +748,7 @@ api.createReservation = async function (req, res) {
 api.approveReservation = async function (req, res) {
   const uid = req.uid;
   if (!uid) return res.status(401).json({ error: 'not-logged-in' });
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const ok = await canValidate(uid, settings);
   if (!ok) return res.status(403).json({ error: 'not-allowed' });
 
@@ -793,7 +775,7 @@ api.approveReservation = async function (req, res) {
   }
   // Create HelloAsso payment link on validation
   try {
-    const settings2 = await getSettingsCached('calendar-onekite');
+    const settings2 = await meta.settings.get('calendar-onekite');
     const token = await helloasso.getAccessToken({ env: settings2.helloassoEnv || 'prod', clientId: settings2.helloassoClientId, clientSecret: settings2.helloassoClientSecret });
     const payer = await user.getUserFields(r.uid, ['email']);
     const year = yearFromTs(r.start);
@@ -869,7 +851,7 @@ api.approveReservation = async function (req, res) {
 api.refuseReservation = async function (req, res) {
   const uid = req.uid;
   if (!uid) return res.status(401).json({ error: 'not-logged-in' });
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const ok = await canValidate(uid, settings);
   if (!ok) return res.status(403).json({ error: 'not-allowed' });
 
@@ -904,7 +886,7 @@ api.cancelReservation = async function (req, res) {
   const uid = req.uid;
   if (!uid) return res.status(401).json({ error: 'not-logged-in' });
 
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const rid = String(req.params.rid || '').trim();
   if (!rid) return res.status(400).json({ error: 'missing-rid' });
 

package/lib/db.js

@@ -67,12 +67,6 @@ async function listReservationIdsByStartRange(startTs, endTs, limit = 1000) {
   return await db.getSortedSetRangeByScore(KEY_ZSET, start, stop, startTs, endTs);
 }
 
-async function listReservationIdsByStartRangePaged(startTs, endTs, offset = 0, limit = 1000) {
-  const start = Math.max(0, parseInt(offset, 10) || 0);
-  const stop = start + Math.max(0, (parseInt(limit, 10) || 1000) - 1);
-  return await db.getSortedSetRangeByScore(KEY_ZSET, start, stop, startTs, endTs);
-}
-
 async function listAllReservationIds(limit = 5000) {
   return await db.getSortedSetRange(KEY_ZSET, 0, limit - 1);
 }
@@ -112,6 +106,5 @@ module.exports = {
     return await db.getSortedSetRangeByScore(KEY_SPECIAL_ZSET, start, stop, startTs, endTs);
   },
   listReservationIdsByStartRange,
-  listReservationIdsByStartRangePaged,
   listAllReservationIds,
 };

package/lib/discord.js

@@ -88,10 +88,46 @@ function buildReservationMessage(kind, reservation) {
 function buildWebhookPayload(kind, reservation) {
   // Discord "regroupe" visuellement les messages consécutifs d'un même auteur.
   // En utilisant un username différent par action, on obtient un message bien distinct.
-  const username = kind === 'paid' ? 'OneKite • Paiement' : 'OneKite • Réservation';
+  const webhookUsername = kind === 'paid' ? 'OneKite • Paiement' : 'OneKite • Réservation';
+
+  const calUrl = 'https://www.onekite.com/calendar';
+  const username = reservation && reservation.username ? String(reservation.username) : '';
+  const items = (reservation && Array.isArray(reservation.itemNames) && reservation.itemNames.length)
+    ? reservation.itemNames.map(String)
+    : (reservation && Array.isArray(reservation.itemIds) ? reservation.itemIds.map(String) : []);
+  const start = reservation && reservation.start ? Number(reservation.start) : NaN;
+  const end = reservation && reservation.end ? Number(reservation.end) : NaN;
+
+  const title = kind === 'paid' ? '💳 Paiement reçu' : '⏳ Demande de réservation';
+
+  const fields = [];
+  if (username) {
+    fields.push({ name: 'Membre', value: username, inline: true });
+  }
+  if (items.length) {
+    const label = kind === 'paid' ? 'Matériel' : 'Matériel demandé';
+    fields.push({ name: label, value: items.map((it) => `• ${it}`).join('\n'), inline: false });
+  }
+  if (Number.isFinite(start) && Number.isFinite(end)) {
+    fields.push({ name: 'Période', value: `Du ${formatFRShort(start)} au ${formatFRShort(end)}`, inline: false });
+  }
+
   return {
-    username,
-    content: buildReservationMessage(kind, reservation),
+    username: webhookUsername,
+    // On laisse "content" vide pour privilégier l'embed (plus lisible sur Discord)
+    content: '',
+    embeds: [
+      {
+        title,
+        url: calUrl,
+        description: kind === 'paid'
+          ? 'Un paiement a été reçu pour une réservation.'
+          : 'Une nouvelle demande de réservation a été créée.',
+        fields,
+        footer: { text: 'OneKite • Calendrier' },
+        timestamp: new Date().toISOString(),
+      },
+    ],
   };
 }
 

package/lib/helloasso.js

@@ -54,8 +54,41 @@ function baseUrl(env) {
     : 'https://api.helloasso.com';
 }
 
-async function getAccessToken({ env, clientId, clientSecret }) {
-  if (!clientId || !clientSecret) return null;
+// In-memory access token cache (per NodeBB process)
+let _tokenCache = { token: null, expiresAt: 0 };
+let _tokenInFlight = null;
+
+function _sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+function _tokenLooksValid() {
+  // Refresh 60s before expiration to avoid edge cases
+  return !!(_tokenCache.token && Date.now() < (_tokenCache.expiresAt - 60_000));
+}
+
+function _isRateLimited(status, parsedJson, bodySnippet) {
+  if (status === 429) return true;
+  const snip = String(bodySnippet || '').toLowerCase();
+  if (snip.includes('1015')) return true; // Cloudflare rate limited
+  if (parsedJson && typeof parsedJson === 'object') {
+    const j = JSON.stringify(parsedJson).toLowerCase();
+    if (j.includes('1015')) return true;
+    if (j.includes('rate') && j.includes('limit')) return true;
+  }
+  return false;
+}
+
+function _retryAfterMs(headers) {
+  if (!headers) return 0;
+  const ra = headers['retry-after'] || headers['Retry-After'];
+  if (!ra) return 0;
+  const n = parseInt(Array.isArray(ra) ? ra[0] : String(ra), 10);
+  if (!Number.isFinite(n) || n <= 0) return 0;
+  return Math.min(120_000, n * 1000);
+}
+
+function _requestAccessTokenRaw({ env, clientId, clientSecret }) {
   const url = `${baseUrl(env)}/oauth2/token`;
   const body = new URLSearchParams({
     grant_type: 'client_credentials',
@@ -63,67 +96,108 @@ async function getAccessToken({ env, clientId, clientSecret }) {
     client_secret: clientSecret,
   }).toString();
 
-  // Be very defensive here: HelloAsso may return HTML (proxy/CDN error pages)
-  // or empty bodies on failure. This function must never crash the process.
-  return new Promise((resolve, reject) => {
-    const u = new URL(url);
-    const req = https.request(
-      {
-        method: 'POST',
-        hostname: u.hostname,
-        port: u.port || 443,
-        path: u.pathname + u.search,
-        headers: {
-          'Accept': 'application/json',
-          'Content-Type': 'application/x-www-form-urlencoded',
-          'Content-Length': Buffer.byteLength(body),
+  return new Promise((resolve) => {
+    try {
+      const u = new URL(url);
+      const req = https.request(
+        {
+          method: 'POST',
+          hostname: u.hostname,
+          port: u.port || 443,
+          path: u.pathname + u.search,
+          headers: {
+            'Accept': 'application/json',
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'Content-Length': Buffer.byteLength(body),
+          },
         },
-      },
-      (res) => {
-        let data = '';
-        res.setEncoding('utf8');
-        res.on('data', (chunk) => (data += chunk));
-        res.on('end', () => {
-          const status = res.statusCode || 0;
-          const snippet = String(data || '').slice(0, 500);
-
-          // If non-2xx, still try to parse JSON to log a meaningful error.
-          if (status < 200 || status >= 300) {
-            let parsed = null;
-            try {
-              parsed = data ? JSON.parse(data) : null;
-            } catch (e) {
-              // ignore
-            }
-            console.warn('[calendar-onekite] HelloAsso token request failed', {
-              status,
-              body: parsed || snippet,
-            });
-            return resolve(null);
-          }
+        (res) => {
+          let data = '';
+          res.setEncoding('utf8');
+          res.on('data', (chunk) => (data += chunk));
+          res.on('end', () => {
+            const status = res.statusCode || 0;
+            const headers = res.headers || {};
+            const snippet = String(data || '').slice(0, 1000);
+            resolve({ status, headers, bodyText: data || '', snippet });
+          });
+        }
+      );
+      req.on('error', (err) => {
+        resolve({ status: 0, headers: {}, bodyText: '', snippet: err && err.message ? String(err.message) : String(err) });
+      });
+      req.write(body);
+      req.end();
+    } catch (e) {
+      resolve({ status: 0, headers: {}, bodyText: '', snippet: e && e.message ? String(e.message) : String(e) });
+    }
+  });
+}
 
-          // 2xx: must be JSON with access_token
-          try {
-            const json = JSON.parse(data || '{}');
-            const token = json && json.access_token ? String(json.access_token) : null;
-            if (!token) {
-              console.warn('[calendar-onekite] HelloAsso token missing in response', { status, body: json || snippet });
-            }
-            return resolve(token);
-          } catch (e) {
-            console.warn('[calendar-onekite] HelloAsso token parse error', { status, body: snippet });
-            return resolve(null);
-          }
-        });
+async function _fetchAccessTokenWithRetry(params) {
+  // 3 attempts max with exponential backoff on rate-limit/network
+  for (let attempt = 0; attempt < 3; attempt++) {
+    const { status, headers, bodyText, snippet } = await _requestAccessTokenRaw(params);
+
+    // 2xx: parse and return token (+ cache expiry)
+    if (status >= 200 && status < 300) {
+      try {
+        const json = JSON.parse(bodyText || '{}');
+        const token = json && json.access_token ? String(json.access_token) : null;
+        const expiresIn = parseInt(json && json.expires_in ? String(json.expires_in) : '3600', 10) || 3600;
+        if (token) {
+          const expiresAt = Date.now() + Math.max(60, expiresIn) * 1000;
+          return { token, expiresAt };
+        }
+        return { token: null, expiresAt: 0 };
+      } catch (e) {
+        return { token: null, expiresAt: 0 };
       }
-    );
-    req.on('error', (err) => {
-      console.warn('[calendar-onekite] HelloAsso token network error', { message: err && err.message ? err.message : String(err) });
-      resolve(null);
-    });
-    req.write(body);
-    req.end();
-  });
+    }
+
+    // Non-2xx: decide whether to retry
+    let parsed = null;
+    try { parsed = bodyText ? JSON.parse(bodyText) : null; } catch (e) { /* ignore */ }
+
+    const rateLimited = _isRateLimited(status, parsed, snippet);
+    const networkish = status === 0;
+
+    if ((rateLimited || networkish) && attempt < 2) {
+      const base = 1500 * (2 ** attempt);
+      const ra = _retryAfterMs(headers);
+      const jitter = Math.floor(Math.random() * 250);
+      const waitMs = Math.min(60_000, Math.max(base, ra) + jitter);
+      await _sleep(waitMs);
+      continue;
+    }
+
+    return { token: null, expiresAt: 0 };
+  }
+
+  return { token: null, expiresAt: 0 };
+}
+
+async function getAccessToken({ env, clientId, clientSecret }) {
+  if (!clientId || !clientSecret) return null;
+
+  if (_tokenLooksValid()) return _tokenCache.token;
+
+  // De-duplicate concurrent token requests (prevents bursts -> 429/1015)
+  if (_tokenInFlight) return _tokenInFlight;
+
+  _tokenInFlight = (async () => {
+    const { token, expiresAt } = await _fetchAccessTokenWithRetry({ env, clientId, clientSecret });
+    if (token) {
+      _tokenCache = { token, expiresAt };
+    }
+    return token || null;
+  })();
+
+  try {
+    return await _tokenInFlight;
+  } finally {
+    _tokenInFlight = null;
+  }
 }
 
 async function listItems({ env, token, organizationSlug, formType, formSlug }) {

package/lib/scheduler.js

@@ -1,11 +1,9 @@
 'use strict';
 
+const meta = require.main.require('./src/meta');
 const db = require.main.require('./src/database');
 const dbLayer = require('./db');
 
-const { getSettingsCached } = require('./settings');
-const { sendEmail } = require('./email');
-
 let timer = null;
 
 function getSetting(settings, key, fallback) {
@@ -17,7 +15,7 @@ function getSetting(settings, key, fallback) {
 
 // Pending holds: short lock after a user creates a request (defaults to 5 minutes)
 async function expirePending() {
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const holdMins = parseInt(getSetting(settings, 'pendingHoldMinutes', '5'), 10) || 5;
   const now = Date.now();
 
@@ -26,10 +24,8 @@ async function expirePending() {
     return;
   }
 
-  const reservations = await dbLayer.getReservations(ids);
-  for (let i = 0; i < ids.length; i++) {
-    const rid = ids[i];
-    const resv = reservations[i];
+  for (const rid of ids) {
+    const resv = await dbLayer.getReservation(rid);
     if (!resv || resv.status !== 'pending') {
       continue;
     }
@@ -47,7 +43,7 @@ async function expirePending() {
 // - We send a reminder after `paymentHoldMinutes` (default 60)
 // - We expire (and remove) after `2 * paymentHoldMinutes`
 async function processAwaitingPayment() {
-  const settings = await getSettingsCached('calendar-onekite');
+  const settings = await meta.settings.get('calendar-onekite');
   const holdMins = parseInt(
     getSetting(settings, 'paymentHoldMinutes', getSetting(settings, 'holdMinutes', '60')),
     10
@@ -57,8 +53,44 @@ async function processAwaitingPayment() {
   const ids = await dbLayer.listAllReservationIds(5000);
   if (!ids || !ids.length) return;
 
+  const emailer = require.main.require('./src/emailer');
   const user = require.main.require('./src/user');
 
+  async function sendEmail(template, toEmail, subject, data) {
+    if (!toEmail) return;
+    try {
+      // NodeBB core signature:
+      //   Emailer.sendToEmail(template, email, language, params[, callback])
+      // Subject is NOT a positional argument; it must be provided in params.subject
+      // and optionally copied into the final email by filter:email.modify.
+      const language = (meta && meta.config && (meta.config.defaultLang || meta.config.defaultLanguage)) || 'fr';
+      const params = Object.assign({}, data || {}, subject ? { subject } : {});
+
+      if (typeof emailer.sendToEmail === 'function') {
+        await emailer.sendToEmail(template, toEmail, language, params);
+        return;
+      }
+
+      // Fallbacks for older/unusual builds
+      if (typeof emailer.send === 'function') {
+        // Some builds accept (template, email, language, params)
+        if (emailer.send.length >= 4) {
+          await emailer.send(template, toEmail, language, params);
+          return;
+        }
+        // Some builds accept (template, email, params)
+        await emailer.send(template, toEmail, params);
+      }
+    } catch (err) {
+      // eslint-disable-next-line no-console
+      console.warn('[calendar-onekite] Failed to send email (scheduler)', {
+        template,
+        toEmail,
+        err: String((err && err.message) || err),
+      });
+    }
+  }
+
   function formatFR(ts) {
     const d = new Date(ts);
     const dd = String(d.getDate()).padStart(2, '0');
@@ -67,10 +99,8 @@ async function processAwaitingPayment() {
     return `${dd}/${mm}/${yyyy}`;
   }
 
-  const reservations = await dbLayer.getReservations(ids);
-  for (let i = 0; i < ids.length; i++) {
-    const rid = ids[i];
-    const r = reservations[i];
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
     if (!r || r.status !== 'awaiting_payment') continue;
 
     const approvedAt = parseInt(r.approvedAt || r.validatedAt || 0, 10) || 0;

package/lib/widgets.js

@@ -41,7 +41,7 @@ widgets.defineWidgets = async function (widgetData) {
 
   list.push({
     widget: 'calendar-onekite-twoweeks',
-    name: 'Calendrier OneKite',
+    name: 'Calendrier OneKite (2 semaines)',
     description: 'Affiche la semaine courante + la semaine suivante (FullCalendar via CDN).',
     content: '',
   });
@@ -63,7 +63,7 @@ widgets.renderTwoWeeksWidget = async function (data) {
   const html = `
 <div class="onekite-twoweeks">
   <div class="d-flex justify-content-between align-items-center mb-1">
-    <div style="font-weight: 600;">Calendrier</div>
+    <div style="font-weight: 600;">Calendrier (2 semaines)</div>
     <a href="${escapeHtml(calUrl)}" class="btn btn-sm btn-outline-secondary" style="line-height: 1.1;">Ouvrir</a>
   </div>
   <div id="${escapeHtml(id)}"></div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-calendar-onekite",
-  "version": "12.0.23",
+  "version": "12.0.25",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/plugin.json

@@ -39,5 +39,5 @@
   "acpScripts": [
     "public/admin.js"
   ],
-  "version": "1.3.1"
+  "version": "1.3.2"
 }

package/lib/email.js

@@ -1,51 +0,0 @@
-'use strict';
-
-const meta = require.main.require('./src/meta');
-
-/**
- * Send an email using NodeBB's emailer, supporting common signatures.
- *
- * @param {string} template
- * @param {string} toEmail
- * @param {string} subject
- * @param {object} data
- */
-async function sendEmail(template, toEmail, subject, data) {
-  if (!toEmail) return;
-  const emailer = require.main.require('./src/emailer');
-
-  try {
-    // NodeBB core signature:
-    //   Emailer.sendToEmail(template, email, language, params[, callback])
-    // Subject is not positional; pass it in params so filters can use it.
-    const language = (meta && meta.config && (meta.config.defaultLang || meta.config.defaultLanguage)) || 'fr';
-    const params = Object.assign({}, data || {}, subject ? { subject } : {});
-
-    if (typeof emailer.sendToEmail === 'function') {
-      await emailer.sendToEmail(template, toEmail, language, params);
-      return;
-    }
-
-    // Fallbacks for older/unusual builds
-    if (typeof emailer.send === 'function') {
-      // Some builds accept (template, email, language, params)
-      if (emailer.send.length >= 4) {
-        await emailer.send(template, toEmail, language, params);
-        return;
-      }
-      // Some builds accept (template, email, params)
-      await emailer.send(template, toEmail, params);
-    }
-  } catch (err) {
-    // eslint-disable-next-line no-console
-    console.warn('[calendar-onekite] Failed to send email', {
-      template,
-      toEmail,
-      err: String((err && err.message) || err),
-    });
-  }
-}
-
-module.exports = {
-  sendEmail,
-};

package/lib/settings.js

@@ -1,34 +0,0 @@
-'use strict';
-
-const meta = require.main.require('./src/meta');
-
-// Tiny in-memory cache to avoid repeated meta.settings.get() calls.
-// Safe because NodeBB settings rarely change per-second.
-const cache = new Map();
-
-async function getSettingsCached(namespace, ttlMs = 3000) {
-  const key = String(namespace || '');
-  const now = Date.now();
-  const hit = cache.get(key);
-  if (hit && hit.expiresAt > now) {
-    return hit.value;
-  }
-
-  let value = {};
-  try {
-    value = (await meta.settings.get(key)) || {};
-  } catch (e) {
-    value = {};
-  }
-  cache.set(key, { value, expiresAt: now + (parseInt(ttlMs, 10) || 0) });
-  return value;
-}
-
-function invalidateSettings(namespace) {
-  cache.delete(String(namespace || ''));
-}
-
-module.exports = {
-  getSettingsCached,
-  invalidateSettings,
-};