nodebb-plugin-equipment-calendar 0.5.0 → 0.6.1

package/library.js

@@ -1,5 +1,9 @@
 'use strict';
 
+// Node 18+ has global fetch; fallback to undici if needed
+let fetchFn = global.fetch;
+try { if (!fetchFn) { fetchFn = require('undici').fetch; } } catch (e) {}
+
 const db = require.main.require('./src/database');
 const meta = require.main.require('./src/meta');
 const groups = require.main.require('./src/groups');
@@ -29,6 +33,8 @@ const DEFAULT_SETTINGS = {
   ha_itemsFormType: '',
   ha_itemsFormSlug: '',
   ha_locationMapJson: '{}',
+  ha_calendarItemNamePrefix: 'Location matériel',
+  paymentTimeoutMinutes: 10,
   // HelloAsso
   ha_clientId: '',
   ha_clientSecret: '',
@@ -80,7 +86,7 @@ async function getHelloAssoAccessToken(settings) {
     formBody.set('client_secret', String(settings.ha_clientSecret || ''));
   }
 
-  const resp = await fetch('https://api.helloasso.com/oauth2/token', {
+  const resp = await fetchFn('https://api.helloasso.com/oauth2/token', {
     method: 'POST',
     headers: { 'content-type': 'application/x-www-form-urlencoded' },
     body: formBody.toString(),
@@ -111,6 +117,93 @@ async function getHelloAssoAccessToken(settings) {
   return accessToken;
 }
 
+
+async function createHelloAssoCheckoutIntent(settings, bookingId, reservations) {
+  const org = String(settings.ha_organizationSlug || '').trim();
+  if (!org) throw new Error('HelloAsso organization slug missing');
+
+  const baseUrl = (meta && meta.config && meta.config.url) ? meta.config.url.replace(/\/$/, '') : '';
+  const backUrl = baseUrl + '/equipment/calendar';
+  const returnUrl = baseUrl + `/equipment/helloasso/callback?type=return&bookingId=${encodeURIComponent(bookingId)}`;
+  const errorUrl = baseUrl + `/equipment/helloasso/callback?type=error&bookingId=${encodeURIComponent(bookingId)}`;
+
+  const items = await getActiveItems(settings);
+  const byId = {};
+  items.forEach(i => { byId[i.id] = i; });
+
+  const names = reservations.map(r => (byId[r.itemId] && byId[r.itemId].name) || r.itemId);
+  const totalAmount = reservations.reduce((sum, r) => {
+    const price = (byId[r.itemId] && parseInt(byId[r.itemId].priceCents, 10)) || 0;
+    return sum + (Number.isFinite(price) ? price : 0);
+  }, 0);
+
+  if (!totalAmount || totalAmount <= 0) {
+    throw new Error('Montant total invalide (prix manquant sur les items).');
+  }
+
+  const body = {
+    totalAmount,
+    initialAmount: totalAmount,
+    itemName: `${String(settings.ha_calendarItemNamePrefix || 'Location matériel')}: ${names.join(', ')}`.slice(0, 250),
+    backUrl,
+    errorUrl,
+    returnUrl,
+    containsDonation: false,
+    metadata: {
+      bookingId,
+      rids: reservations.map(r => r.rid || r.id),
+      uid: reservations[0] && reservations[0].uid,
+      startMs: reservations[0] && reservations[0].startMs,
+      endMs: reservations[0] && reservations[0].endMs,
+    },
+  };
+
+  const token = await getHelloAssoAccessToken(settings);
+  const url = `https://api.helloasso.com/v5/organizations/${encodeURIComponent(org)}/checkout-intents`;
+  const resp = await fetchFn(url, {
+    method: 'POST',
+    headers: {
+      accept: 'application/json',
+      'content-type': 'application/json',
+      authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify(body),
+  });
+
+  if (!resp.ok) {
+    const t = await resp.text();
+    throw new Error(`HelloAsso checkout-intents error: ${resp.status} ${t}`);
+  }
+  return await resp.json();
+}
+
+async function fetchHelloAssoCheckoutIntent(settings, checkoutIntentId) {
+  const org = String(settings.ha_organizationSlug || '').trim();
+  const token = await getHelloAssoAccessToken(settings);
+  const url = `https://api.helloasso.com/v5/organizations/${encodeURIComponent(org)}/checkout-intents/${encodeURIComponent(checkoutIntentId)}`;
+  const resp = await fetchFn(url, { headers: { authorization: `Bearer ${token}`, accept: 'application/json' } });
+  if (!resp.ok) {
+    const t = await resp.text();
+    throw new Error(`HelloAsso checkout-intents GET error: ${resp.status} ${t}`);
+  }
+  return await resp.json();
+}
+
+function isCheckoutPaid(checkout) {
+  const payments = (checkout && (checkout.payments || (checkout.order && checkout.order.payments))) || [];
+  const list = Array.isArray(payments) ? payments : [];
+  const states = list.map(p => String(p.state || p.status || p.paymentState || '').toLowerCase());
+  if (states.some(s => ['authorized', 'paid', 'succeeded', 'success'].includes(s))) return true;
+
+  const op = String(checkout && (checkout.state || checkout.operationState || '')).toLowerCase();
+  if (['authorized', 'paid', 'succeeded'].includes(op)) return true;
+
+  if (checkout && (checkout.order || checkout.orderId)) {
+    if (list.length) return true;
+  }
+  return false;
+}
+
 async function fetchHelloAssoItems(settings) {
   const org = String(settings.ha_organizationSlug || '').trim();
   const formType = String(settings.ha_itemsFormType || '').trim();
@@ -128,7 +221,7 @@ async function fetchHelloAssoItems(settings) {
 
   const token = await getHelloAssoAccessToken(settings);
   const url = `https://api.helloasso.com/v5/organizations/${encodeURIComponent(org)}/forms/${encodeURIComponent(formType)}/${encodeURIComponent(formSlug)}/items`;
-  const resp = await fetch(url, { headers: { authorization: `Bearer ${token}` } });
+  const resp = await fetchFn(url, { headers: { authorization: `Bearer ${token}` } });
   if (!resp.ok) {
     const t = await resp.text();
     throw new Error(`HelloAsso items error: ${resp.status} ${t}`);
@@ -207,11 +300,30 @@ function resKey(id) { return `equipmentCalendar:res:${id}`; }
 function itemIndexKey(itemId) { return `equipmentCalendar:item:${itemId}:res`; }
 
 function statusBlocksItem(status) {
-  // statuses that block availability
-  return ['pending', 'approved_waiting_payment', 'paid_validated'].includes(status);
+  const s = String(status || '');
+  if (s === 'rejected' || s === 'cancelled') return false;
+  return (s === 'pending' || s === 'approved' || s === 'payment_pending' || s === 'paid');
+}
+
+
+
+
+async function saveBooking(booking) {
+  const bid = booking.bookingId;
+  await db.setObject(`equipmentCalendar:booking:${bid}`, booking);
+}
+
+async function getBooking(bookingId) {
+  return await db.getObject(`equipmentCalendar:booking:${bookingId}`);
 }
 
+async function addReservationToBooking(bookingId, rid) {
+  await db.setAdd(`equipmentCalendar:booking:${bookingId}:rids`, rid);
+}
 
+async function getBookingRids(bookingId) {
+  return await db.getSetMembers(`equipmentCalendar:booking:${bookingId}:rids`) || [];
+}
 
 async function saveReservation(res) {
   await db.setObject(resKey(res.id), res);
@@ -684,6 +796,65 @@ async function renderAdminPage(req, res) {
 }
 
 // --- Calendar page ---
+
+async function handleHelloAssoCallback(req, res) {
+  const settings = await getSettings();
+
+  const bookingId = String(req.query.bookingId || '').trim();
+  const checkoutIntentId = String(req.query.checkoutIntentId || '').trim();
+  const code = String(req.query.code || '').trim();
+  const type = String(req.query.type || '').trim();
+
+  let status = 'pending';
+  let message = 'Retour paiement reçu. Vérification en cours…';
+
+  try {
+    if (!checkoutIntentId) throw new Error('checkoutIntentId manquant');
+    const checkout = await fetchHelloAssoCheckoutIntent(settings, checkoutIntentId);
+
+    const paid = isCheckoutPaid(checkout);
+    if (paid) {
+      status = 'paid';
+      message = 'Paiement confirmé. Merci !';
+
+      if (bookingId) {
+        const rids = await getBookingRids(bookingId);
+        for (const rid of rids) {
+          // eslint-disable-next-line no-await-in-loop
+          const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
+          if (!r || !r.rid) continue;
+          r.status = 'paid';
+          r.paidAt = Date.now();
+          r.checkoutIntentId = checkoutIntentId;
+          // eslint-disable-next-line no-await-in-loop
+          await db.setObject(`equipmentCalendar:reservation:${rid}`, r);
+        }
+        try {
+          const b = (await getBooking(bookingId)) || { bookingId };
+          b.status = 'paid';
+          b.checkoutIntentId = checkoutIntentId;
+          b.paidAt = Date.now();
+          await saveBooking(b);
+        } catch (e) {}
+      }
+    } else {
+      status = (type === 'error' || code) ? 'error' : 'pending';
+      message = 'Paiement non confirmé. Si vous venez de payer, réessayez dans quelques instants.';
+    }
+  } catch (e) {
+    status = 'error';
+    message = e.message || 'Erreur de vérification paiement';
+  }
+
+  res.render('equipment-calendar/payment-return', {
+    title: 'Retour paiement',
+    status,
+    statusError: status === 'error',
+    statusPaid: status === 'paid',
+    message,
+  });
+}
+
 async function renderCalendarPage(req, res) {
   const settings = await getSettings();
   const items = await getActiveItems(settings);
@@ -889,7 +1060,7 @@ async function renderApprovalsPage(req, res) {
 
 // --- Actions ---
 
-async function createReservationForItem(req, res, settings, itemId, startMs, endMs, notesUser) {
+async function createReservationForItem(req, res, settings, itemId, startMs, endMs, notesUser, bookingId) {
   const items = await getActiveItems(settings);
   const item = items.find(i => i.id === itemId);
   if (!item) {
@@ -912,9 +1083,13 @@ async function createReservationForItem(req, res, settings, itemId, startMs, end
     endMs,
     status: 'pending',
     notesUser: notesUser || '',
+    bookingId: bookingId || '',
     createdAt: Date.now(),
   };
   await saveReservation(data);
+  if (bookingId) {
+    await addReservationToBooking(bookingId, rid);
+  }
   return data;
 }
 
@@ -1165,6 +1340,7 @@ async function handleAdminSave(req, res) {
       ha_webhookSecret: String(req.body.ha_webhookSecret || ''),
       defaultView: String(req.body.defaultView || DEFAULT_SETTINGS.defaultView),
       timezone: String(req.body.timezone || DEFAULT_SETTINGS.timezone),
+      paymentTimeoutMinutes: String(req.body.paymentTimeoutMinutes || DEFAULT_SETTINGS.paymentTimeoutMinutes),
       showRequesterToAll: (req.body.showRequesterToAll === '1' || req.body.showRequesterToAll === 'on') ? '1' : '0',
     };
 
@@ -1175,4 +1351,54 @@ async function handleAdminSave(req, res) {
   }
 }
 
+
+let paymentTimeoutInterval = null;
+
+function startPaymentTimeoutScheduler() {
+  if (paymentTimeoutInterval) return;
+  // Run every minute
+  paymentTimeoutInterval = setInterval(async () => {
+    try {
+      const settings = await getSettings();
+      const timeoutMin = Math.max(1, parseInt(settings.paymentTimeoutMinutes, 10) || 10);
+      const cutoff = Date.now() - timeoutMin * 60 * 1000;
+
+      // Scan bookings keys (we keep an index set)
+      const bookingIds = await db.getSetMembers('equipmentCalendar:bookings') || [];
+      for (const bid of bookingIds) {
+        // eslint-disable-next-line no-await-in-loop
+        const b = await getBooking(bid);
+        if (!b || !b.bookingId) continue;
+        const status = String(b.status || '');
+        if (status !== 'payment_pending') continue;
+
+        const pendingAt = parseInt(b.paymentPendingAt, 10) || parseInt(b.createdAt, 10) || 0;
+        if (!pendingAt || pendingAt > cutoff) continue;
+
+        // Timeout reached -> cancel booking + all reservations
+        // eslint-disable-next-line no-await-in-loop
+        const rids = await getBookingRids(bid);
+        for (const rid of rids) {
+          // eslint-disable-next-line no-await-in-loop
+          const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
+          if (!r || !r.rid) continue;
+          if (String(r.status) === 'paid') continue; // safety
+          r.status = 'cancelled';
+          r.cancelledAt = Date.now();
+          r.paymentUrl = '';
+          // eslint-disable-next-line no-await-in-loop
+          await db.setObject(`equipmentCalendar:reservation:${rid}`, r);
+        }
+
+        b.status = 'cancelled';
+        b.cancelledAt = Date.now();
+        b.paymentUrl = '';
+        await saveBooking(b);
+      }
+    } catch (e) {
+      // ignore to keep scheduler alive
+    }
+  }, 60 * 1000);
+}
+
 module.exports = plugin;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-equipment-calendar",
-  "version": "0.5.0",
+  "version": "0.6.1",
   "description": "Equipment reservation calendar for NodeBB (FullCalendar, approvals, HelloAsso payments)",
   "main": "library.js",
   "scripts": {

package/plugin.json

@@ -26,6 +26,6 @@
   "scripts": [
     "public/js/client.js"
   ],
-  "version": "0.3.1",
+  "version": "0.4.1",
   "minver": "4.7.1"
 }

package/public/templates/admin/plugins/equipment-calendar.tpl

@@ -95,6 +95,11 @@
 
     <div class="card card-body mb-3">
       <h5>Calendrier</h5>
+      <div class="mb-3">
+        <label class="form-label">Timeout paiement (minutes)</label>
+        <input class="form-control" type="number" min="1" name="paymentTimeoutMinutes" value="{settings.paymentTimeoutMinutes}">
+        <div class="form-text">Après validation, si le paiement n’est pas confirmé dans ce délai, la réservation est annulée et le matériel est débloqué.</div>
+      </div>
       <div class="mb-3">
         <label class="form-label">Vue par défaut</label>
         <select name="defaultView" class="form-select">

package/public/templates/equipment-calendar/payment-return.tpl

@@ -1,9 +1,15 @@
-<div class="equipment-payment-return">
-  <h1>Paiement</h1>
+<div class="card card-body">
+  <h4>Retour paiement</h4>
+
+  {{{ if statusPaid }}}
+    <div class="alert alert-success">✅ Paiement confirmé.</div>
+  {{{ end }}}
+
   {{{ if statusError }}}
-    <div class="alert alert-danger">Le paiement semble avoir échoué. Référence réservation: <code>{rid}</code></div>
-  {{{ else }}}
-    <div class="alert alert-info">Merci. Si le paiement est confirmé, la réservation passera en "validée". Référence: <code>{rid}</code></div>
+    <div class="alert alert-danger">❌ Paiement non confirmé.</div>
   {{{ end }}}
+
+  <p>{message}</p>
+
   <a class="btn btn-primary" href="/equipment/calendar">Retour au calendrier</a>
 </div>