npm - nodebb-plugin-equipment-calendar - Versions diffs - 9.0.15 → 9.1.4 - Mend

nodebb-plugin-equipment-calendar 9.0.15 → 9.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/library.js +65 -1538
package/package.json +6 -16
package/plugin.json +8 -19
package/public/js/acp.js +44 -0
package/public/js/client.js +66 -206
package/scripts/postinstall.js +25 -0
package/templates/admin/plugins/equipment-calendar.tpl +32 -21
package/templates/equipment-calendar/calendar.tpl +21 -64

package/library.js CHANGED Viewed

@@ -1,1593 +1,120 @@
 'use strict';
-// Node 18+ has global fetch; fallback to undici if needed
-let fetchFn = global.fetch;
-try { if (!fetchFn) { fetchFn = require('undici').fetch; } } catch (e) {}
-const db = require.main.require('./src/database');
 const meta = require.main.require('./src/meta');
+const db = require.main.require('./src/database');
 const groups = require.main.require('./src/groups');
-const user = require.main.require('./src/user');
-const notifications = require.main.require('./src/notifications');
-const Emailer = require.main.require('./src/emailer');
-const routeHelpers = require.main.require('./src/routes/helpers');
-const middleware = require.main.require('./src/middleware');
-const helpers = require.main.require('./src/controllers/helpers');
-const nconf = require.main.require('nconf');
 const winston = require.main.require('winston');
-function generateId() {
-  try {
-    // Node 14+ / modern: crypto.randomUUID
-    const crypto = require('crypto');
-    if (crypto.randomUUID) return crypto.randomUUID();
-    return crypto.randomBytes(16).toString('hex');
-  } catch (e) {
-    return String(Date.now()) + '-' + Math.random().toString(16).slice(2);
-  }
-}
-function normalizeItemIds(itemIdsRaw) {
-  if (!itemIdsRaw) return [];
-  if (Array.isArray(itemIdsRaw)) {
-    return itemIdsRaw.map(String).flatMap((v) => String(v).split(',')).map(s => s.trim()).filter(Boolean);
-  }
-  if (typeof itemIdsRaw === 'string') {
-    return itemIdsRaw.split(',').map(s => s.trim()).filter(Boolean);
-  }
-  // fallback: single value (number/object/etc.)
-  try {
-    return [String(itemIdsRaw).trim()].filter(Boolean);
-  } catch (e) {
-    return [];
-  }
-}
-function parseDateInput(v) {
-  if (v === null || v === undefined) return null;
-  if (typeof v === 'number' || (typeof v === 'string' && v.trim() && /^\d+$/.test(v.trim()))) {
-    const ms = typeof v === 'number' ? v : parseInt(v.trim(), 10);
-    const d = new Date(ms);
-    return Number.isNaN(d.getTime()) ? null : d;
-  }
-  if (typeof v === 'string') {
-    const s = v.trim();
-    if (!s) return null;
-    if (/^\d{4}-\d{2}-\d{2}$/.test(s)) {
-      const d = new Date(s + 'T00:00:00Z');
-      return Number.isNaN(d.getTime()) ? null : d;
-    }
-    const d = new Date(s);
-    return Number.isNaN(d.getTime()) ? null : d;
-  }
-  try {
-    const d = new Date(String(v));
-    return Number.isNaN(d.getTime()) ? null : d;
-  } catch (e) {
-    return null;
-  }
-}
-function tzOffsetMs(date, timeZone) {
-  const asTz = new Date(date.toLocaleString('en-US', { timeZone }));
-  return asTz.getTime() - date.getTime();
-}
-function tzMidnightMsFromIso(iso, timeZone) {
-  const m = String(iso || '').match(/^(\d{4})-(\d{2})-(\d{2})$/);
-  if (!m) return null;
-  const y = parseInt(m[1], 10);
-  const mo = parseInt(m[2], 10) - 1;
-  const d = parseInt(m[3], 10);
-  const utcMidnight = new Date(Date.UTC(y, mo, d, 0, 0, 0));
-  const offset = tzOffsetMs(utcMidnight, timeZone);
-  return utcMidnight.getTime() - offset;
-}
-function addDaysIso(iso, days) {
-  const m = String(iso || '').match(/^(\d{4})-(\d{2})-(\d{2})$/);
-  if (!m) return iso;
-  const y = parseInt(m[1], 10);
-  const mo = parseInt(m[2], 10) - 1;
-  const d = parseInt(m[3], 10);
-  const dt = new Date(Date.UTC(y, mo, d));
-  dt.setUTCDate(dt.getUTCDate() + (days || 0));
-  const pad = (x) => String(x).padStart(2, '0');
-  return dt.getUTCFullYear() + '-' + pad(dt.getUTCMonth() + 1) + '-' + pad(dt.getUTCDate());
-}
-function formatDateTimeFR(ms) {
-  const n = Number(ms || 0);
-  if (!n) return '';
-  try {
-    const parts = new Intl.DateTimeFormat('fr-FR', {
-      timeZone: 'Europe/Paris',
-      year: 'numeric',
-      month: '2-digit',
-      day: '2-digit',
-      hour: '2-digit',
-      minute: '2-digit',
-      hour12: false,
-    }).formatToParts(new Date(n));
-    const get = (t) => (parts.find(p => p.type === t) || {}).value || '';
-    return `${get('day')}/${get('month')}/${get('year')} ${get('hour')}:${get('minute')}`;
-  } catch (e) {
-    const d = new Date(n);
-    const pad = (x) => String(x).padStart(2,'0');
-    return `${pad(d.getDate())}/${pad(d.getMonth()+1)}/${d.getFullYear()} ${pad(d.getHours())}:${pad(d.getMinutes())}`;
-  }
-}
-const axios = require('axios');
-const { DateTime } = require('luxon');
-const { v4: uuidv4 } = require('uuid');
-const crypto = require('crypto');
 const plugin = {};
 const SETTINGS_KEY = 'equipmentCalendar';
 const DEFAULT_SETTINGS = {
-  creatorGroups: 'registered-users',
+  creatorGroups: '',
   approverGroup: 'administrators',
   notifyGroup: 'administrators',
-  // JSON array of items: [{ "id": "cam1", "name": "Caméra A", "priceCents": 5000, "location": "Stock A", "active": true }]
-  itemsJson: '[]',
-  itemsSource: 'manual',
-  ha_itemsFormType: '',
-  ha_itemsFormSlug: '',
-  ha_locationMapJson: '{}',
-  ha_calendarItemNamePrefix: 'Location matériel',
-  paymentTimeoutMinutes: 10,
-  // HelloAsso
+  ha_apiBaseUrl: 'https://api.helloasso.com',
+  ha_organizationSlug: '',
   ha_clientId: '',
   ha_clientSecret: '',
-  ha_organizationSlug: '',
+  ha_itemsFormType: 'shop',
+  ha_itemsFormSlug: '',
   ha_returnUrl: '',
-  ha_webhookSecret: '',
-  // calendar
+  paymentTimeoutMinutes: 10,
   defaultView: 'dayGridMonth',
-  timezone: 'Europe/Paris',
-  // privacy
-  showRequesterToAll: '0', // 0/1
 };
-function normalizeSettings(raw) {
-  const out = {};
-  const keys = Object.keys(DEFAULT_SETTINGS);
-  keys.forEach((k) => {
-    const def = DEFAULT_SETTINGS[k];
-    const str = raw && raw[k];
-    if (typeof str !== 'string') {
-      out[k] = def;
-      return;
-    }
-    try {
-      const v = JSON.parse(str);
-      out[k] = (typeof v === typeof def) ? v : def;
-    } catch (e) {
-      out[k] = def;
-    }
-  });
-  return out;
-}
 async function getSettings() {
-  const raw = await meta.settings.get('equipmentCalendar');
-  const merged = Object.assign({}, DEFAULT_SETTINGS, raw || {});
-  // coerce
-  merged.paymentTimeoutMinutes = parseInt(merged.paymentTimeoutMinutes, 10) || DEFAULT_SETTINGS.paymentTimeoutMinutes;
-  return merged;
-}
-async function setSettings(payload) {
-  const sets = {};
-  Object.keys(payload || {}).forEach((k) => {
-    sets[k] = JSON.stringify(payload[k]);
-  });
-  if (!resp.ok) {
-    const t = await resp.text();
-    throw new Error(`HelloAsso token error: ${resp.status} ${t}`);
-  }
-  const json = await resp.json();
-  const accessToken = json.access_token;
-  const refreshToken = json.refresh_token;
-  const expiresIn = parseInt(json.expires_in, 10) || 0;
-  const expMs = now + (expiresIn * 1000);
-  // Per docs, refresh token is valid ~30 days and rotates; keep a conservative expiry (29 days)
-  const refreshExpMs = now + (29 * 24 * 60 * 60 * 1000);
-  haTokenCache = { accessToken, refreshToken, expMs };
-  try {
-    await db.setObject(tokenKey, {
-      refresh_token: refreshToken || stored && stored.refresh_token || '',
-      refresh_expires_at: String(refreshExpMs),
-    });
-  } catch (e) {}
-  return accessToken;
-}
-async function createHelloAssoCheckoutIntent(settings, bookingId, reservations) {
-  const org = String(settings.ha_organizationSlug || '').trim();
-  if (!org) throw new Error('HelloAsso organization slug missing');
-  const baseUrl = (meta && meta.config && meta.config.url) ? meta.config.url.replace(/\/$/, '') : '';
-  const backUrl = baseUrl + '/equipment/calendar';
-  const returnUrl = baseUrl + `/equipment/helloasso/callback?type=return&bookingId=${encodeURIComponent(bookingId)}`;
-  const errorUrl = baseUrl + `/equipment/helloasso/callback?type=error&bookingId=${encodeURIComponent(bookingId)}`;
-  const items = await getActiveItems(settings);
-  const byId = {};
-  items.forEach(i => { byId[i.id] = i; });
-  const names = reservations.map(r => (byId[r.itemId] && byId[r.itemId].name) || r.itemId);
-  const totalAmount = reservations.reduce((sum, r) => {
-    const price = (byId[r.itemId] && parseInt(byId[r.itemId].priceCents, 10)) || 0;
-    return sum + (Number.isFinite(price) ? price : 0);
-  }, 0);
-  if (!totalAmount || totalAmount <= 0) {
-    throw new Error('Montant total invalide (prix manquant sur les items).');
-  }
-  const body = {
-    totalAmount,
-    initialAmount: totalAmount,
-    itemName: `${String(settings.ha_calendarItemNamePrefix || 'Location matériel')}: ${names.join(', ')}`.slice(0, 250),
-    backUrl,
-    errorUrl,
-    returnUrl,
-    containsDonation: false,
-    metadata: {
-      bookingId,
-      rids: reservations.map(r => r.rid || r.id),
-      uid: reservations[0] && reservations[0].uid,
-      startMs: reservations[0] && reservations[0].startMs,
-      endMs: reservations[0] && reservations[0].endMs,
-    },
-  };
-  const token = await getHelloAssoAccessToken(settings);
-  const url = `https://api.helloasso.com/v5/organizations/${encodeURIComponent(org)}/checkout-intents`;
-  const resp = await fetchFn(url, {
-    method: 'POST',
-    headers: {
-      accept: 'application/json',
-      'content-type': 'application/json',
-      authorization: `Bearer ${token}`,
-    },
-    body: JSON.stringify(body),
-  });
-  if (!resp.ok) {
-    const t = await resp.text();
-    throw new Error(`HelloAsso checkout-intents error: ${resp.status} ${t}`);
-  }
-  return await resp.json();
-}
-async function fetchHelloAssoCheckoutIntent(settings, checkoutIntentId) {
-  const org = String(settings.ha_organizationSlug || '').trim();
-  const token = await getHelloAssoAccessToken(settings);
-  const url = `https://api.helloasso.com/v5/organizations/${encodeURIComponent(org)}/checkout-intents/${encodeURIComponent(checkoutIntentId)}`;
-  const resp = await fetchFn(url, { headers: { authorization: `Bearer ${token}`, accept: 'application/json' } });
-  if (!resp.ok) {
-    const t = await resp.text();
-    throw new Error(`HelloAsso checkout-intents GET error: ${resp.status} ${t}`);
-  }
-  return await resp.json();
+  const raw = await meta.settings.get(SETTINGS_KEY);
+  const s = Object.assign({}, DEFAULT_SETTINGS, raw || {});
+  s.paymentTimeoutMinutes = parseInt(s.paymentTimeoutMinutes, 10) || DEFAULT_SETTINGS.paymentTimeoutMinutes;
+  return s;
 }
-function isCheckoutPaid(checkout) {
-  const payments = (checkout && (checkout.payments || (checkout.order && checkout.order.payments))) || [];
-  const list = Array.isArray(payments) ? payments : [];
-  const states = list.map(p => String(p.state || p.status || p.paymentState || '').toLowerCase());
-  if (states.some(s => ['authorized', 'paid', 'succeeded', 'success'].includes(s))) return true;
-  const op = String(checkout && (checkout.state || checkout.operationState || '')).toLowerCase();
-  if (['authorized', 'paid', 'succeeded'].includes(op)) return true;
-  if (checkout && (checkout.order || checkout.orderId)) {
-    if (list.length) return true;
+async function isUserInAnyGroups(uid, groupCsv) {
+  if (!uid || !groupCsv) return false;
+  const names = String(groupCsv).split(',').map(s => s.trim()).filter(Boolean);
+  for (const name of names) {
+    if (await groups.isMember(uid, name)) return true;
   }
   return false;
 }
-async function fetchHelloAssoItems(settings) {
-  const org = String(settings.ha_organizationSlug || '').trim();
-  const formType = String(settings.ha_itemsFormType || '').trim();
-  const formSlug = String(settings.ha_itemsFormSlug || '').trim();
-  if (!org || !formType || !formSlug) return [];
-  const token = await getHelloAssoAccessToken(settings);
-  const base = (String(settings.ha_apiBaseUrl || '').trim() || 'https://api.helloasso.com').replace(/\/$/, '');
-  const cacheKey = `equipmentCalendar:ha:items:${org}:${formType}:${formSlug}`;
-  // Cache 10 minutes
-  const cached = await db.getObject(cacheKey);
-  const now = Date.now();
-  if (cached && cached.itemsJson && cached.expMs && now < parseInt(cached.expMs, 10)) {
-    try { return JSON.parse(cached.itemsJson); } catch (e) {}
-  }
-  // IMPORTANT:
-  // - /forms/.../items = "articles vendus" (liés aux commandes) => peut renvoyer 0 si aucune commande
-  // - /forms/.../public = données publiques détaillées => contient la structure (tiers / products) du formulaire
-  const publicUrl = `${base}/v5/organizations/${encodeURIComponent(org)}/forms/${encodeURIComponent(formType)}/${encodeURIComponent(formSlug)}/public`;
-  const resp = await fetchFn(publicUrl, { headers: { authorization: `Bearer ${token}`, accept: 'application/json' } });
-  if (!resp.ok) {
-    const t = await resp.text();
-    throw new Error(`HelloAsso public form error: ${resp.status} ${t}`);
-  }
-  const data = await resp.json();
-  // Extract catalog items:
-  // structure differs by formType; common pattern: data.tiers[] or data.tiers[].products[] / items[]
-  const out = [];
-  const tiers = (data && (data.tiers || data.tiersList || data.prices || data.priceCategories)) || [];
-  const tierArr = Array.isArray(tiers) ? tiers : [];
-  function pushItem(it, tierName) {
-    if (!it) return;
-    const id = String(it.id || it.itemId || it.reference || it.slug || it.code || it.name || '').trim();
-    const name = String(it.name || it.label || it.title || '').trim() || (tierName ? String(tierName) : id);
-    if (!id || !name) return;
-    const amount = it.amount || it.price || it.unitPrice || it.totalAmount || it.initialAmount;
-    const priceCents = (typeof amount === 'number' ? amount : parseInt(amount, 10)) || 0;
-    const raw = (typeof priceCents === 'number' ? priceCents : parseInt(priceCents, 10)) || 0;
-    // Heuristic: HelloAsso amounts are often in cents; convert when it looks like cents.
-    const price = (raw >= 1000 && raw % 100 === 0) ? (raw / 100) : raw;
-    out.push({ id, name, price, priceRaw: raw });
-  }
-  // Try a few known layouts
-  for (const t of tierArr) {
-    const tierName = t && (t.name || t.label || t.title);
-    const products = (t && (t.items || t.products || t.prices || t.options)) || [];
-    const arr = Array.isArray(products) ? products : [];
-    if (arr.length) {
-      arr.forEach(p => pushItem(p, tierName));
-    } else {
-      // sometimes tier itself is the product
-      pushItem(t, tierName);
-    }
-  }
-  // Fallback: some forms expose items directly
-  if (!out.length && data && Array.isArray(data.items)) {
-    data.items.forEach(p => pushItem(p, ''));
-  }
-  await db.setObject(cacheKey, {
-    itemsJson: JSON.stringify(out),
-    expMs: String(Date.now() + 10 * 60 * 1000),
+function genRid() {
+  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+    const r = Math.random() * 16 | 0;
+    const v = c === 'x' ? r : (r & 0x3 | 0x8);
+    return v.toString(16);
   });
-  return out;
-}
-async function getActiveItems() {
-  const settings = await getSettings();
-  const rawItems = await fetchHelloAssoItems(settings);
-  const items = (Array.isArray(rawItems) ? rawItems : []).map((it) => ({
-    id: String(it.id || '').trim(),
-    name: String(it.name || '').trim(),
-    price: (Number(it.price || 0) || ((Number(it.priceCents || 0) || 0) >= 1000 && (Number(it.priceCents||0)%100===0) ? (Number(it.priceCents||0)/100) : (Number(it.priceCents||0)||0)) || 0),
-    active: true,
-  })).filter(it => it.id && it.name);
-  return items;
 }
-// --- Data layer ---
-// Keys:
-// item hash: equipmentCalendar:items (stored in settings as JSON)
-// reservations stored as objects in db, indexed by id, and by itemId
-// reservation object key: equipmentCalendar:reservation:<rid>
-// index by item: equipmentCalendar:item:<itemId>:res (sorted set score=startMillis, value=resId)
-function resKey(rid) { return `equipmentCalendar:reservation:${rid}`; }
-function itemIndexKey(itemId) { return `equipmentCalendar:item:${itemId}:res`; }
-function statusBlocksItem(status) {
-  const s = String(status || '');
-  if (s === 'rejected' || s === 'cancelled') return false;
-  return (s === 'pending' || s === 'approved' || s === 'payment_pending' || s === 'paid');
-}
-async function saveBooking(booking) {
-  const bid = booking.bookingId;
-  await db.setObject(`equipmentCalendar:booking:${bid}`, booking);
-}
-async function getBooking(bookingId) {
-  return await db.getObject(`equipmentCalendar:booking:${bookingId}`);
-}
-async function addReservationToBooking(bookingId, rid) {
-  await db.setAdd(`equipmentCalendar:booking:${bookingId}:rids`, rid);
-}
-async function getBookingRids(bookingId) {
-  return await db.getSetMembers(`equipmentCalendar:booking:${bookingId}:rids`) || [];
-}
+function reservationKey(rid) { return `equipmentCalendar:reservation:${rid}`; }
+const reservationsZset = 'equipmentCalendar:reservations';
 async function saveReservation(r) {
-  const rid = String(r.rid || r.id || '');
-  if (!rid) throw new Error('missing rid');
-  r.rid = rid;
-  await db.setObject(resKey(rid), r);
-  await db.sortedSetAdd(itemIndexKey(r.itemId), r.startMs, rid);
-  await db.sortedSetAdd('equipmentCalendar:reservations', r.startMs, rid);
+  await db.setObject(reservationKey(r.rid), r);
+  await db.sortedSetAdd(reservationsZset, r.createdAt || Date.now(), r.rid);
 }
-async function getReservation(rid) {
-  const id = String(rid || '');
-  if (!id) return null;
-  return await db.getObject(resKey(id));
+async function listReservations(limit=1000) {
+  const rids = await db.getSortedSetRevRange(reservationsZset, 0, limit - 1);
+  const objs = await Promise.all(rids.map(id => db.getObject(reservationKey(id))));
+  return objs.filter(Boolean);
 }
-async function setReservationStatus(rid, status) {
-  const r = await getReservation(rid);
-  if (!r) throw new Error('not_found');
-  r.status = status;
-  await db.setObject(resKey(rid), r);
-}
+function toEvent(r) {
+  const start = String(r.startIso).slice(0,10);
+  const end = new Date(String(r.endIso).slice(0,10) + 'T00:00:00Z');
+  end.setUTCDate(end.getUTCDate() + 1);
+  const endExcl = end.toISOString().slice(0,10);
-async function deleteReservation(rid) {
-  const r = await getReservation(rid);
-  if (!r) return;
-  // remove from global index
-  try { await db.sortedSetRemove('equipmentCalendar:reservations', rid); } catch (e) {}
-  // remove from item index
-  try { await db.sortedSetRemove(itemIndexKey(r.itemId), rid); } catch (e) {}
-  // delete object
-  await db.delete(resKey(rid));
+  const status = r.status || 'pending';
+  const title = status === 'paid' ? '[PAID] Reservation' : (status === 'approved' ? '[APPROVED] Reservation' : '[PENDING] Reservation');
+  return { id: r.rid, title, start, end: endExcl, allDay: true };
 }
-function normalizeReservation(obj) {
-  const startMs = Number(obj.startMs);
-  const endMs = Number(obj.endMs);
-  return {
-    id: obj.id,
-    itemId: obj.itemId,
-    uid: Number(obj.uid),
-    startMs,
-    endMs,
-    status: obj.status,
-    createdAtMs: Number(obj.createdAtMs || 0),
-    updatedAtMs: Number(obj.updatedAtMs || 0),
-    validatorUid: obj.validatorUid ? Number(obj.validatorUid) : 0,
-    notesUser: obj.notesUser || '',
-    notesAdmin: obj.notesAdmin || '',
-    ha_checkoutIntentId: obj.ha_checkoutIntentId || '',
-    ha_paymentUrl: obj.ha_paymentUrl || '',
-    ha_paymentStatus: obj.ha_paymentStatus || '',
-    ha_paidAtMs: Number(obj.ha_paidAtMs || 0),
-  };
-}
+plugin.init = async function (params) {
+  const { router, middleware } = params;
-async function listReservationsForRange(itemId, startMs, endMs) {
-  // fetch candidates by score range with some padding
-  const ids = await db.getSortedSetRangeByScore(itemIndexKey(itemId), 0, -1, startMs - 86400000, endMs + 86400000);
-  if (!ids || !ids.length) return [];
-  const objs = await db.getObjects(ids.map(resKey));
-  return (objs || []).filter(Boolean).map(normalizeReservation).filter(r => {
-    // overlap check
-    return r.startMs < endMs && r.endMs > startMs;
+  router.get('/admin/plugins/equipment-calendar', middleware.admin.buildHeader, async (req, res) => {
+    res.render('admin/plugins/equipment-calendar', {});
   });
-}
-async function hasOverlap(itemId, startMs, endMs) {
-  const existing = await listReservationsForRange(itemId, startMs, endMs);
-  return existing.some(r => statusBlocksItem(r.status) && r.startMs < endMs && r.endMs > startMs);
-}
-// --- Permissions helpers ---
-async function isInAnyGroup(uid, groupNamesCsv) {
-  if (!uid) return false;
-  const groupNames = String(groupNamesCsv || '').split(',').map(s => s.trim()).filter(Boolean);
-  if (!groupNames.length) return false;
-  for (const g of groupNames) {
-    const isMember = await groups.isMember(uid, g);
-    if (isMember) return true;
-  }
-  return false;
-}
-async function canCreate(uid, settings) {
-  return isInAnyGroup(uid, settings.creatorGroups);
-}
-async function canApprove(uid, settings) {
-  return groups.isMember(uid, settings.approverGroup);
-}
-async function listGroupUids(groupName) {
-  try {
-    const members = await groups.getMembers(groupName, 0, 9999);
-    return (members && members.users) ? members.users.map(u => u.uid) : [];
-  } catch (e) {
-    return [];
-  }
-}
-async function sendGroupNotificationAndEmail(groupName, notifTitle, notifBody, link) {
-  const uids = await listGroupUids(groupName);
-  if (!uids.length) return;
+  router.get('/api/admin/plugins/equipment-calendar', async (req, res) => res.json({}));
-  // NodeBB notifications
-  try {
-    await notifications.create({
-      bodyShort: notifTitle,
-      bodyLong: notifBody,
-      nid: `equipmentCalendar:${uuidv4()}`,
-      from: 0,
-      path: link,
-    });
-  } catch (e) { /* ignore */ }
-  try {
-    // push notification to each user
-    for (const uid of uids) {
-      try {
-        await notifications.push({
-          uid,
-          bodyShort: notifTitle,
-          bodyLong: notifBody,
-          nid: `equipmentCalendar:${uuidv4()}`,
-          from: 0,
-          path: link,
-        });
-      } catch (e) { /* ignore per user */ }
-    }
-  } catch (e) { /* ignore */ }
-  // Emails (best-effort)
-  try {
-    const users = await user.getUsersData(uids);
-    const emails = (users || []).map(u => u.email).filter(Boolean);
-    if (emails.length) {
-      await Emailer.send('equipmentCalendar', {
-        // Emailer templates: we provide a minimal HTML via meta.template? NodeBB typically uses email templates
-        // Here we rely on Emailer plugin config; this is best-effort and may vary per installation.
-        // Fallback: send each email individually with raw subject/text if supported.
-        subject: notifTitle,
-        body: `${notifBody}\n\n${link}`,
-        to: emails.join(','),
-      });
-    }
-  } catch (e) {
-    // Many NodeBB installs do not support ad-hoc Emailer.send signatures; ignore gracefully.
-  }
-}
-// --- HelloAsso helpers ---
-// This is a minimal integration skeleton.
-// See HelloAsso API v5 docs for exact endpoints and payloads.
-async function helloAssoGetAccessToken(settings) {
-  // HelloAsso uses OAuth2 client credentials.
-  // Endpoint: https://api.helloasso.com/oauth2/token
-  const url = 'https://api.helloasso.com/oauth2/token';
-  const params = new URLSearchParams();
-  params.append('grant_type', 'client_credentials');
-  params.append('client_id', settings.ha_clientId);
-  params.append('client_secret', settings.ha_clientSecret);
-  const resp = await axios.post(url, params.toString(), {
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    timeout: 15000,
+  router.get('/equipment/calendar', middleware.buildHeader, async (req, res) => {
+    res.render('equipment-calendar/calendar', {});
   });
-  return resp.data.access_token;
-}
-async function helloAssoCreateCheckout(settings, token, reservation, item) {
-  // Minimal: create a checkout intent and return redirectUrl
-  // This endpoint/payload may need adaptation depending on your HelloAsso setup.
-  const org = settings.ha_organizationSlug;
-  if (!org) throw new Error('HelloAsso organizationSlug missing');
-  const url = `https://api.helloasso.com/v5/organizations/${encodeURIComponent(org)}/checkout-intents`;
-  const amountCents = Math.max(0, Number(item.priceCents || 0));
+  router.get('/api/equipment/calendar', async (req, res) => res.json({}));
-  const payload = {
-    totalAmount: amountCents,
-    initialAmount: amountCents,
-    itemName: item.name,
-    backUrl: settings.ha_returnUrl || `${nconf.get('url')}/equipment/payment/return?rid=${encodeURIComponent(reservation.id)}`,
-    errorUrl: settings.ha_returnUrl || `${nconf.get('url')}/equipment/payment/return?rid=${encodeURIComponent(reservation.id)}&status=error`,
-    metadata: {
-      reservationId: reservation.id,
-      itemId: reservation.itemId,
-      uid: String(reservation.uid),
-    },
-  };
-  const resp = await axios.post(url, payload, {
-    headers: { Authorization: `Bearer ${token}` },
-    timeout: 15000,
+  router.get('/api/plugins/equipment-calendar/events', async (req, res) => {
+    const list = await listReservations(1000);
+    res.json({ events: list.map(toEvent) });
   });
-  // Typical response fields (may vary): id, redirectUrl
-  return {
-    checkoutIntentId: resp.data.id || resp.data.checkoutIntentId || '',
-    paymentUrl: resp.data.redirectUrl || resp.data.paymentUrl || '',
-  };
-}
-// Webhook signature check (simple HMAC SHA256 over raw body)
-function verifyWebhook(req, secret) {
-  if (!secret) return true;
-  const sig = req.headers['x-helloasso-signature'] || req.headers['x-helloasso-signature-hmac-sha256'];
-  if (!sig) return false;
-  const raw = req.rawBody || '';
-  const expected = crypto.createHmac('sha256', secret).update(raw).digest('hex');
-  // Some providers prefix, some base64; accept hex only in this skeleton
-  return String(sig).toLowerCase() === expected.toLowerCase();
-}
-// --- Rendering helpers ---
-function toEvent(res, item, requesterName, canSeeRequester) {
-  const start = DateTime.fromMillis(res.startMs).toISO();
-  const end = DateTime.fromMillis(res.endMs).toISO();
-  let icon = '⏳';
-  let className = 'ec-status-pending';
-  if (res.status === 'approved_waiting_payment') { icon = '💳'; className = 'ec-status-awaitpay'; }
-  if (res.status === 'paid_validated') { icon = '✅'; className = 'ec-status-valid'; }
-  if (res.status === 'rejected' || res.status === 'cancelled') { icon = '❌'; className = 'ec-status-cancel'; }
-  const titleParts = [icon, item ? item.name : res.itemId];
-  if (canSeeRequester && requesterName) titleParts.push(`- ${requesterName}`);
-  return {
-    id: res.id,
-    title: titleParts.join(' '),
-    start,
-    end,
-    allDay: true,
-    className,
-    extendedProps: {
-      status: res.status,
-      itemId: res.itemId,
-    },
-  };
-}
-function clampRange(startStr, endStr, tz) {
-  const start = DateTime.fromISO(startStr, { zone: tz }).isValid ? DateTime.fromISO(startStr, { zone: tz }) : DateTime.now().setZone(tz).startOf('month');
-  const end = DateTime.fromISO(endStr, { zone: tz }).isValid ? DateTime.fromISO(endStr, { zone: tz }) : start.plus({ months: 1 });
-  // prevent crazy ranges
-  const maxDays = 62;
-  const diffDays = Math.abs(end.diff(start, 'days').days);
-  const safeEnd = diffDays > maxDays ? start.plus({ days: maxDays }) : end;
-  return { start, end: safeEnd };
-}
-// --- Routes ---
-plugin.init = async function (params) {
-    const { router } = params;
-  const mid = params.middleware;
-  // Admin (ACP) routes
-  if (mid && mid.admin) {
-router.get('/admin/plugins/equipment-calendar', middleware.applyCSRF, mid.admin.buildHeader, renderAdminPage);
-    router.get('/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, mid.admin.buildHeader, renderAdminReservationsPage);
-    router.get('/admin/plugins/equipment-calendar/helloasso-test', middleware.applyCSRF, mid.admin.buildHeader, handleHelloAssoTest);
-    router.get('/api/admin/plugins/equipment-calendar/helloasso-test', middleware.applyCSRF, handleHelloAssoTest);
-    router.get('/api/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, renderAdminReservationsPage);
-    router.get('/api/admin/plugins/equipment-calendar', middleware.applyCSRF, renderAdminPage);
-        router.post('/admin/plugins/equipment-calendar/purge', middleware.applyCSRF, handleAdminPurge);
-    router.post('/admin/plugins/equipment-calendar/reservations/:rid/approve', middleware.applyCSRF, handleAdminApprove);
-    router.post('/admin/plugins/equipment-calendar/reservations/:rid/reject', middleware.applyCSRF, handleAdminReject);
-    router.post('/admin/plugins/equipment-calendar/reservations/:rid/delete', middleware.applyCSRF, handleAdminDelete);
-  }
-  // Convenience alias (optional): /calendar -> /equipment/calendar
-  router.get('/calendar', (req, res) => res.redirect('/equipment/calendar'));
-  // To verify webhook signature we need raw body; add a rawBody collector for this route only
-  router.post('/equipment/webhook/helloasso',
-    require.main.require('body-parser').text({ type: '*/*' }),
-    async (req, res) => {
-      req.rawBody = req.body || '';
-      let json;
-      try { json = JSON.parse(req.rawBody || '{}'); } catch (e) { json = {}; }
-      const settings = await getSettings();
-      if (!verifyWebhook(req, settings.ha_webhookSecret)) {
-        return res.status(401).json({ ok: false, error: 'invalid signature' });
-      }
+  router.post('/api/plugins/equipment-calendar/reservations', middleware.applyCSRF, async (req, res) => {
+    const uid = req.uid;
+    if (!uid) return res.status(403).json({ message: 'forbidden' });
-      // Minimal mapping: expect metadata.reservationId and event indicating payment succeeded.
-      const reservationId = json?.metadata?.reservationId || json?.data?.metadata?.reservationId || '';
-      const paymentStatus = json?.eventType || json?.type || json?.status || 'unknown';
-      if (reservationId) {
-        const reservation = await getReservation(reservationId);
-        if (reservation) {
-          reservation.ha_paymentStatus = String(paymentStatus);
-          // Heuristic: if payload includes "OrderPaid" or "Payment" success
-          const isPaid = /paid|success|payment/i.test(String(paymentStatus)) || json?.data?.state === 'Paid';
-          if (isPaid) {
-            reservation.status = 'paid_validated';
-            reservation.ha_paidAtMs = Date.now();
-          }
-          reservation.updatedAtMs = Date.now();
-          await saveReservation(reservation);
-        }
-      }
-      return res.json({ ok: true });
-    }
-  );
-  // Return endpoint (optional)
-  router.get('/equipment/payment/return', middleware.buildHeader, async (req, res) => {
-    res.render('equipment-calendar/payment-return', {
-      title: 'Paiement',
-      rid: req.query.rid || '',
-      status: req.query.status || 'ok',
-      statusError: String(req.query.status || '') === 'error',
-    });
-  });
-  // Page routes are attached via filter:router.page as well, but we also add directly to be safe:
-  // Calendar inline actions (approve/reject/delete) via API
-  router.post('/api/equipment/reservations/:rid/action', middleware.applyCSRF, async (req, res) => {
-    try {
-      const settings = await getSettings();
-      const rid = String(req.params.rid || '').trim();
-      const action = String(req.body.action || '').trim();
-      if (!rid || !action) return res.status(400).json({ error: 'missing' });
+    const settings = await getSettings();
+    const canCreate = await isUserInAnyGroups(uid, settings.creatorGroups) || await groups.isMember(uid, 'administrators');
+    if (!canCreate) return res.status(403).json({ message: 'forbidden' });
-      // Only approvers/admins can moderate
-      const allowed = await isApprover(req.uid, settings);
-      if (!allowed) return res.status(403).json({ error: 'forbidden' });
+    const startIso = String(req.body.startIso || '').slice(0,10);
+    const endIso = String(req.body.endIso || '').slice(0,10);
+    const itemIds = Array.isArray(req.body.itemIds) ? req.body.itemIds : [];
+    if (!startIso || !endIso) return res.status(400).json({ message: 'dates required' });
+    if (!itemIds.length) return res.status(400).json({ message: 'items required' });
-      if (action === 'approve') {
-        await setReservationStatus(rid, 'approved');
-      } else if (action === 'reject') {
-        await setReservationStatus(rid, 'rejected');
-      } else if (action === 'delete') {
-        await deleteReservation(rid);
-      } else {
-        return res.status(400).json({ error: 'bad_action' });
-      }
-      return res.json({ ok: true });
-    } catch (e) {
-      winston.error('[equipment-calendar] api action error', e);
-      return res.status(500).json({ error: 'server' });
-    }
+    const r = { rid: genRid(), uid, startIso, endIso, itemIds: itemIds.map(String), status: 'pending', createdAt: Date.now() };
+    await saveReservation(r);
+    res.json({ ok: true, rid: r.rid });
   });
-router.get('/equipment/calendar', middleware.buildHeader, renderCalendarPage);
-  router.get('/equipment/approvals', middleware.buildHeader, renderApprovalsPage);
-  router.post('/equipment/reservations/create', middleware.applyCSRF, handleCreateReservation);
-  router.post('/equipment/reservations/:id/approve', middleware.applyCSRF, handleApproveReservation);
-  router.post('/equipment/reservations/:id/reject', middleware.applyCSRF, handleRejectReservation);
-};
-plugin.addPageRoutes = async function (data) {
-  // Ensure routes are treated as "page" routes by NodeBB router filter
-  // Not strictly necessary when using router.get with buildHeader, but kept for compatibility.
-  return data;
+  winston.info('[equipment-calendar] loaded (official4x standard bundle)');
 };
-plugin.addAdminNavigation = async function (header) {
-  header.plugins.push({
-    route: '/plugins/equipment-calendar',
-    icon: 'fa-calendar',
-    name: 'Equipment Calendar',
-  });
+plugin.addAdminMenu = async function (header) {
+  header.plugins.push({ route: '/plugins/equipment-calendar', icon: 'fa-calendar', name: 'Equipment Calendar' });
   return header;
 };
-// --- Admin page routes (ACP) ---
-plugin.addAdminRoutes = async function (params) {
-  const { router, middleware: mid } = params;
-  router.get('/admin/plugins/equipment-calendar', middleware.applyCSRF, mid.admin.buildHeader, renderAdminPage);
-    router.get('/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, mid.admin.buildHeader, renderAdminReservationsPage);
-    router.get('/admin/plugins/equipment-calendar/helloasso-test', middleware.applyCSRF, mid.admin.buildHeader, handleHelloAssoTest);
-    router.get('/api/admin/plugins/equipment-calendar/helloasso-test', middleware.applyCSRF, handleHelloAssoTest);
-    router.get('/api/admin/plugins/equipment-calendar/reservations', middleware.applyCSRF, renderAdminReservationsPage);
-  router.get('/api/admin/plugins/equipment-calendar', middleware.applyCSRF, renderAdminPage);
-};
-async function renderAdminReservationsPage(req, res) {
-  if (!(await ensureIsAdmin(req, res))) return;
-  const settings = await getSettings();
-  const items = await getActiveItems(settings);
-  const itemById = {};
-  items.forEach(it => { itemById[it.id] = it; });
-  const status = String(req.query.status || ''); // optional filter
-  const itemId = String(req.query.itemId || ''); // optional filter
-  const q = String(req.query.q || '').trim();    // search rid/user/notes
-  const page = Math.max(1, parseInt(req.query.page, 10) || 1);
-  const perPage = Math.min(100, Math.max(10, parseInt(req.query.perPage, 10) || 50));
-  const allRids = await db.getSortedSetRevRange('equipmentCalendar:reservations', 0, -1);
-  const totalAll = allRids.length;
-  const rows = [];
-  for (const rid of allRids) {
-    // eslint-disable-next-line no-await-in-loop
-    const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
-    if (!r || !r.rid) continue;
-    if (status && String(r.status) !== status) continue;
-    if (itemId && String(r.itemId) !== itemId) continue;
-    const notes = String(r.notesUser || '');
-    const ridStr = String(r.rid || rid);
-    if (q) {
-      const hay = (ridStr + ' ' + String(r.uid || '') + ' ' + notes).toLowerCase();
-      if (!hay.includes(q.toLowerCase())) continue;
-    }
-    const startMs = parseInt(r.startMs, 10) || 0;
-    const endMs = parseInt(r.endMs, 10) || 0;
-    const createdAt = parseInt(r.createdAt, 10) || 0;
-    rows.push({
-      rid: ridStr,
-      itemId: String(r.itemId || ''),
-      itemName: (itemById[String(r.itemId || '')] && itemById[String(r.itemId || '')].name) || String(r.itemId || ''),
-      uid: String(r.uid || ''),
-      status: String(r.status || ''),
-      start: r.startIso,
-      end: addDaysIso(r.endIso, 1),
-      createdAt: formatDateTimeFR(r.createdAt || 0),
-      notesUser: notes,
-    });
-  }
-  const total = rows.length;
-  const totalPages = Math.max(1, Math.ceil(total / perPage));
-  const safePage = Math.min(page, totalPages);
-  const startIndex = (safePage - 1) * perPage;
-  const pageRows = rows.slice(startIndex, startIndex + perPage);
-  const itemOptions = [{ id: '', name: 'Tous' }].concat(items.map(i => ({ id: i.id, name: i.name })));
-  const statusOptions = [
-    { id: '', name: 'Tous' },
-    { id: 'pending', name: 'pending' },
-    { id: 'approved', name: 'approved' },
-    { id: 'paid', name: 'paid' },
-    { id: 'rejected', name: 'rejected' },
-    { id: 'cancelled', name: 'cancelled' },
-  ];
-  res.render('admin/plugins/equipment-calendar-reservations', {
-    title: 'Equipment Calendar - Réservations',
-    settings,
-    rows: pageRows,
-    hasRows: pageRows.length > 0,
-    itemOptions: itemOptions.map(o => ({ ...o, selected: o.id === itemId })),
-    statusOptions: statusOptions.map(o => ({ ...o, selected: o.id === status })),
-    q,
-    page: safePage,
-    perPage,
-    total,
-    totalAll,
-    totalPages,
-    prevPage: safePage > 1 ? safePage - 1 : 0,
-    nextPage: safePage < totalPages ? safePage + 1 : 0,
-    actionBase: '/admin/plugins/equipment-calendar/reservations',
-  });
-}
-async function handleAdminApprove(req, res) {
-  if (!(await ensureIsAdmin(req, res))) return;
-  const rid = String(req.params.rid || '').trim();
-  if (!rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
-  const key = `equipmentCalendar:reservation:${rid}`;
-  const r = await db.getObject(key);
-  if (!r || !r.rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
-  r.status = 'approved';
-  await db.setObject(key, r);
-  return res.redirect('/admin/plugins/equipment-calendar/reservations?updated=1');
-}
-async function handleAdminReject(req, res) {
-  if (!(await ensureIsAdmin(req, res))) return;
-  const rid = String(req.params.rid || '').trim();
-  if (!rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
-  const key = `equipmentCalendar:reservation:${rid}`;
-  const r = await db.getObject(key);
-  if (!r || !r.rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
-  r.status = 'rejected';
-  await db.setObject(key, r);
-  return res.redirect('/admin/plugins/equipment-calendar/reservations?updated=1');
-}
-async function handleAdminDelete(req, res) {
-  if (!(await ensureIsAdmin(req, res))) return;
-  const rid = String(req.params.rid || '').trim();
-  if (!rid) return res.redirect('/admin/plugins/equipment-calendar/reservations');
-  await deleteReservation(rid);
-  return res.redirect('/admin/plugins/equipment-calendar/reservations?updated=1');
-}
-async function handleHelloAssoTest(req, res) {
-  const isAdmin = req.uid ? await groups.isMember(req.uid, 'administrators') : false;
-  if (!isAdmin) return helpers.notAllowed(req, res);
-  const settings = await getSettings();
-  let sampleItems = [];
-  let hasSampleItems = false;
-  let ok = false;
-  let message = '';
-  let count = 0;
-  try {
-    const force = String(req.query.force || '') === '1';
-    const clear = String(req.query.clear || '') === '1';
-    // force=1 skips in-memory cache and refresh_token; clear=1 wipes stored refresh token
-    haTokenCache = null;
-    await getHelloAssoAccessToken(settings, { force, clearStored: clear });
-    const items = await fetchHelloAssoItems(settings);
-    const list = Array.isArray(items) ? items : (Array.isArray(items.data) ? items.data : []);
-    count = list.length;
-    sampleItems = list.slice(0, 10).map(it => ({
-      id: String(it.id || it.itemId || it.reference || it.slug || it.name || '').trim(),
-      name: String(it.name || it.label || it.title || '').trim(),
-      rawName: String(it.name || it.label || it.title || it.id || '').trim(),
-    }));
-    hasSampleItems = sampleItems && sampleItems.length > 0;
-    ok = true;
-    message = `OK: token valide. Catalogue récupéré via /public : ${count} item(s).`;
-  } catch (e) {
-    ok = false;
-    message = (e && e.message) ? e.message : String(e);
-  }
-  res.render('admin/plugins/equipment-calendar-helloasso-test', {
-    title: 'Equipment Calendar - Test HelloAsso',
-    ok,
-    message,
-    count,
-    settings,
-    sampleItems,
-    hasSampleItems,
-    hasSampleItems: sampleItems && sampleItems.length > 0,
-  });
-}
-async function renderAdminPage(req, res) {
-  const settings = await getSettings();
-  res.render('admin/plugins/equipment-calendar', {
-    title: 'Equipment Calendar',
-    settings,
-    saved: req.query && String(req.query.saved || '') === '1',
-    purged: req.query && parseInt(req.query.purged, 10) || 0,
-    view_dayGridMonth: (settings.defaultView || 'dayGridMonth') === 'dayGridMonth',
-    view_timeGridWeek: (settings.defaultView || '') === 'timeGridWeek',
-    view_timeGridDay: (settings.defaultView || '') === 'timeGridDay',
-    view_showRequesterToAll: String(settings.showRequesterToAll || '0') === '1',
-  });
-}
-// --- Calendar page ---
-async function handleHelloAssoCallback(req, res) {
-  const settings = await getSettings();
-  const bookingId = String(req.query.bookingId || '').trim();
-  const checkoutIntentId = String(req.query.checkoutIntentId || '').trim();
-  const code = String(req.query.code || '').trim();
-  const type = String(req.query.type || '').trim();
-  let status = 'pending';
-  let message = 'Retour paiement reçu. Vérification en cours…';
-  try {
-    if (!checkoutIntentId) throw new Error('checkoutIntentId manquant');
-    const checkout = await fetchHelloAssoCheckoutIntent(settings, checkoutIntentId);
-    const paid = isCheckoutPaid(checkout);
-    if (paid) {
-      status = 'paid';
-      message = 'Paiement confirmé. Merci !';
-      if (bookingId) {
-        const rids = await getBookingRids(bookingId);
-        for (const rid of rids) {
-          // eslint-disable-next-line no-await-in-loop
-          const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
-          if (!r || !r.rid) continue;
-          r.status = 'paid';
-          r.paidAt = Date.now();
-          r.checkoutIntentId = checkoutIntentId;
-          // eslint-disable-next-line no-await-in-loop
-          await db.setObject(`equipmentCalendar:reservation:${rid}`, r);
-        }
-        try {
-          const b = (await getBooking(bookingId)) || { bookingId };
-          b.status = 'paid';
-          b.checkoutIntentId = checkoutIntentId;
-          b.paidAt = Date.now();
-          await saveBooking(b);
-        } catch (e) {}
-      }
-    } else {
-      status = (type === 'error' || code) ? 'error' : 'pending';
-      message = 'Paiement non confirmé. Si vous venez de payer, réessayez dans quelques instants.';
-    }
-  } catch (e) {
-    status = 'error';
-    message = e.message || 'Erreur de vérification paiement';
-  }
-  res.render('equipment-calendar/payment-return', {
-    title: 'Retour paiement',
-    status,
-    statusError: status === 'error',
-    statusPaid: status === 'paid',
-    message,
-  });
-}
-async function renderCalendarPage(req, res) {
-  const settings = await getSettings();
-  const items = await getActiveItems(settings);
-  const tz = settings.timezone || 'Europe/Paris';
-  // Determine range to render
-  const now = DateTime.now().setZone(tz);
-  const view = String(req.query.view || settings.defaultView || 'dayGridMonth');
-  const startQ = req.query.start;
-  const endQ = req.query.end;
-  let start, end;
-  if (startQ && endQ) {
-    const r = clampRange(String(startQ), String(endQ), tz);
-    start = r.start;
-    end = r.end;
-  } else {
-    // Default to current month range
-    start = now.startOf('month');
-    end = now.endOf('month').plus({ days: 1 });
-  }
-  // Load reservations for ALL items within range (so we can build availability client-side without extra requests)
-  const allReservations = [];
-  for (const it of items) {
-    // eslint-disable-next-line no-await-in-loop
-    const resForItem = await listReservationsForRange(it.id, start.toMillis(), end.toMillis());
-    for (const r of resForItem) allReservations.push(r);
-  }
-  const showRequesterToAll = String(settings.showRequesterToAll) === '1';
-  const isApprover = req.uid ? await canApprove(req.uid, settings) : false;
-  const requesterUids = Array.from(new Set(allReservations.map(r => r.uid))).filter(Boolean);
-  const users = requesterUids.length ? await user.getUsersData(requesterUids) : [];
-  const nameByUid = {};
-  (users || []).forEach(u => { nameByUid[u.uid] = u.username || ''; });
-  const itemById = {};
-  items.forEach(it => { itemById[it.id] = it; });
-  const events = allReservations
-    .filter(r => r.status !== 'rejected' && r.status !== 'cancelled')
-    .map(r => {
-      const item = itemById[r.itemId];
-      // Include item name in title so "all items" view is readable
-      const requesterName = nameByUid[r.uid] || '';
-      return toEvent(r, item, requesterName, isApprover || showRequesterToAll);
-    });
-  const canUserCreate = req.uid ? await canCreate(req.uid, settings) : false;
-  // We expose minimal reservation data for availability checks in the modal
-  const blocks = allReservations
-    .filter(r => statusBlocksItem(r.status))
-    .map(r => ({
-      itemId: r.itemId,
-      startMs: r.startMs,
-      endMs: r.endMs,
-      status: r.status,
-    }));
-  res.render('equipment-calendar/calendar', {
-    title: 'Réservation de matériel',
-    items,
-    view,
-    tz,
-    startISO: start.toISO(),
-    endISO: end.toISO(),
-    initialDateISO: start.toISODate(),
-    canCreate: canUserCreate,
-    canCreateJs: canUserCreate ? 'true' : 'false',
-    isApprover,
-    // events are base64 encoded to avoid template escaping issues
-    eventsB64: Buffer.from(JSON.stringify(events), 'utf8').toString('base64'),
-    blocksB64: Buffer.from(JSON.stringify(blocks), 'utf8').toString('base64'),
-    itemsB64: Buffer.from(JSON.stringify(items.map(i => ({ id: i.id, name: i.name, location: i.location }))), 'utf8').toString('base64'),
-  });
-}
-// --- Approvals page ---
-async function notifyApprovers(reservations, settings) {
-  const groupName = (settings.notifyGroup || settings.approverGroup || 'administrators').trim();
-  if (!groupName) return;
-  const rid = reservations[0] && (reservations[0].rid || reservations[0].id) || '';
-  const path = '/equipment/approvals';
-  // In-app notification (NodeBB notifications)
-  try {
-    const Notifications = require.main.require('./src/notifications');
-    const notif = await Notifications.create({
-      bodyShort: 'Nouvelle demande de réservation',
-      bodyLong: 'Une nouvelle demande de réservation est en attente de validation.',
-      nid: 'equipment-calendar:' + rid,
-      path,
-    });
-    if (Notifications.pushGroup) {
-      await Notifications.pushGroup(notif, groupName);
-    }
-  } catch (e) {
-    // ignore
-  }
-  // Direct email to members of notifyGroup (uses NodeBB Emailer + your SMTP/emailer plugin)
-  try {
-    const Emailer = require.main.require('./src/emailer');
-    const uids = await groups.getMembers(groupName, 0, -1);
-    if (!uids || !uids.length) return;
-    // Build a short summary
-    const items = await getActiveItems(await getSettings());
-    const nameById = {};
-    items.forEach(i => { nameById[i.id] = i.name; });
-    const start = new Date(reservations[0].startMs).toISOString();
-    const end = new Date(reservations[0].endMs).toISOString();
-    const itemList = reservations.map(r => nameById[r.itemId] || r.itemId).join(', ');
-    // Use a core template ('notification') that exists in NodeBB installs
-    // Params vary a bit by version; we provide common fields.
-    const params = {
-      subject: '[Réservation] Nouvelle demande en attente',
-      intro: 'Une nouvelle demande de réservation a été créée.',
-      body: `Matériel: ${itemList}\nDébut: ${start}\nFin: ${end}\nVoir: ${path}`,
-      notification_url: path,
-      url: path,
-      // Some templates use "site_title" etc but NodeBB will inject globals
-    };
-    for (const uid of uids) {
-      // eslint-disable-next-line no-await-in-loop
-      const email = await user.getUserField(uid, 'email');
-      if (!email) continue;
-      // eslint-disable-next-line no-await-in-loop
-      const lang = (await user.getUserField(uid, 'language')) || 'fr';
-      if (Emailer.sendToEmail) {
-        // eslint-disable-next-line no-await-in-loop
-        await Emailer.sendToEmail('notification', email, lang, params);
-      } else if (Emailer.send) {
-        // Some NodeBB versions use Emailer.send(template, uid/email, params)
-        // eslint-disable-next-line no-await-in-loop
-        await Emailer.send('notification', uid, params);
-      }
-    }
-  } catch (e) {
-    // ignore email errors to not block reservation flow
-  }
-}
-async function renderApprovalsPage(req, res) {
-  const settings = await getSettings();
-  const ok = req.uid ? await canApprove(req.uid, settings) : false;
-  if (!ok) {
-    return helpers.notAllowed(req, res);
-  }
-  const items = parseItems(settings.itemsJson);
-  // naive scan: for a real install, store a global sorted set too; for now list per item and merge
-  // We'll pull recent 200 per item and then filter
-  const pending = [];
-  for (const it of items) {
-    const ids = await db.getSortedSetRevRange(itemIndexKey(it.id), 0, 199);
-    if (!ids || !ids.length) continue;
-    const objs = await db.getObjects(ids.map(resKey));
-    const resArr = (objs || []).filter(Boolean).map(normalizeReservation).filter(r => r.status === 'pending' || r.status === 'approved_waiting_payment');
-    for (const r of resArr) pending.push(r);
-  }
-  // Sort by createdAt desc
-  pending.sort((a, b) => (b.createdAtMs || 0) - (a.createdAtMs || 0));
-  const uids = Array.from(new Set(pending.map(r => r.uid))).filter(Boolean);
-  const users = uids.length ? await user.getUsersData(uids) : [];
-  const nameByUid = {};
-  (users || []).forEach(u => { nameByUid[u.uid] = u.username || ''; });
-  const rows = pending.map(r => {
-    const item = items.find(i => i.id === r.itemId);
-    return {
-      id: r.id,
-      itemName: item ? item.name : r.itemId,
-      requester: nameByUid[r.uid] || `uid:${r.uid}`,
-      start: r.startIso,
-      end: addDaysIso(r.endIso, 1),
-      status: r.status,
-      paymentUrl: r.ha_paymentUrl || '',
-    };
-  });
-  res.render('equipment-calendar/approvals', {
-    title: 'Validation des réservations',
-    rows,
-    hasRows: Array.isArray(rows) && rows.length > 0,
-  });
-}
-// --- Actions ---
-async function createReservationForItem(req, res, settings, itemId, startMs, endMs, notesUser, bookingId) {
-  const items = await getActiveItems(settings);
-  const item = items.find(i => i.id === itemId);
-  if (!item) {
-    throw new Error('Unknown item: ' + itemId);
-  }
-  // Reject if overlaps any blocking reservation
-  const overlapsBlocking = await hasOverlap(itemId, startMs, endMs);
-  if (overlapsBlocking) {
-    const err = new Error('Item not available: ' + itemId);
-    err.code = 'ITEM_UNAVAILABLE';
-    throw err;
-  }
-  const rid = generateId();
-  const data = {
-    id: rid,
-    rid,
-    itemId,
-    uid: req.uid,
-    startMs,
-    endMs,
-    status: 'pending',
-    notesUser: notesUser || '',
-    bookingId: bookingId || '',
-    createdAt: formatDateTimeFR(r.createdAt || 0),
-  };
-  await saveReservation(data);
-  if (bookingId) {
-    await addReservationToBooking(bookingId, rid);
-  }
-  return data;
-}
-async function handleCreateReservation(req, res) {
-  try {
-    const settings = await getSettings();
-    if (!req.uid || !(await canCreate(req.uid, settings))) {
-      return helpers.notAllowed(req, res);
-    }
-    const itemIdsRaw = (req.body.itemIds !== undefined ? req.body.itemIds : req.body.itemId);
-    const itemIds = normalizeItemIds(itemIdsRaw);
-    if (!itemIds.length) return res.status(400).send('itemIds required');
-    // Dates: accept YYYY-MM-DD or ISO-with-time; take first 10 chars
-    let _startIso = String(req.body.start || req.body.startDate || req.body.startIso || req.body.startStr || '').trim().slice(0, 10);
-    let _endIso = String(req.body.end || req.body.endDate || req.body.endIso || req.body.endStr || '').trim().slice(0, 10);
-    // Fallback: timestamps
-    if (!/^\d{4}-\d{2}-\d{2}$/.test(_startIso)) {
-      const ms = Number(req.body.startMs || req.body.startTime || 0);
-      if (ms) _startIso = new Date(ms).toISOString().slice(0, 10);
-    }
-    if (!/^\d{4}-\d{2}-\d{2}$/.test(_endIso)) {
-      const ms = Number(req.body.endMs || req.body.endTime || 0);
-      if (ms) _endIso = new Date(ms).toISOString().slice(0, 10);
-    }
-    if (!/^\d{4}-\d{2}-\d{2}$/.test(_startIso) || !/^\d{4}-\d{2}-\d{2}$/.test(_endIso)) {
-      return res.status(400).send('dates required');
-    }
-    const startMs = Date.parse(_startIso + 'T00:00:00Z');
-    const endMs = Date.parse(addDaysIso(_endIso, 1) + 'T00:00:00Z'); // exclusive end
-    if (!startMs || !endMs || endMs <= startMs) {
-      return res.status(400).send('dates required');
-    }
-    const days = Math.max(1, Math.round((endMs - startMs) / (24 * 60 * 60 * 1000)));
-    const items = await getActiveItems(settings);
-    const byId = {};
-    items.forEach((it) => { byId[String(it.id)] = it; });
-    const validIds = itemIds.map(String).filter((id) => byId[id]);
-    if (!validIds.length) return res.status(400).send('unknown item');
-    const notesUser = String(req.body.notesUser || '').trim();
-    for (const itemId of validIds) {
-      const it = byId[itemId];
-      const unitPrice = Number(it.price || 0) || 0;
-      const total = unitPrice * days;
-      const rid = generateId();
-      const r = {
-        rid,
-        uid: req.uid,
-        itemId,
-        startMs,
-        endMs,
-        startIso: _startIso,
-        endIso: _endIso,
-        days,
-        unitPrice,
-        total,
-        notesUser,
-        status: 'pending',
-        createdAt: Date.now(),
-      };
-      // eslint-disable-next-line no-await-in-loop
-      await saveReservation(r);
-    }
-    return res.redirect(nconf.get('relative_path') + '/calendar?created=1');
-  } catch (err) {
-    winston.error('[equipment-calendar] create error: ' + (err && err.message ? err.message : ''), err);
-    return res.status(500).send('error');
-  }
-}
-async function handleApproveReservation(req, res) {
-  try {
-    const settings = await getSettings();
-    if (!req.uid || !(await canApprove(req.uid, settings))) {
-      return helpers.notAllowed(req, res);
-    }
-    const id = String(req.params.id || '').trim();
-    const reservation = await getReservation(id);
-    if (!reservation) return res.status(404).send('Not found');
-    if (reservation.status !== 'pending' && reservation.status !== 'approved_waiting_payment') {
-      return res.status(409).send('Invalid status');
-    }
-    const items = parseItems(settings.itemsJson);
-    const item = items.find(i => i.id === reservation.itemId);
-    if (!item) return res.status(400).send('Invalid item');
-    // Create HelloAsso checkout
-    if (!reservation.ha_paymentUrl) {
-      if (!settings.ha_clientId || !settings.ha_clientSecret) {
-        return res.status(400).send('HelloAsso not configured');
-      }
-      const token = await helloAssoGetAccessToken(settings);
-      const checkout = await helloAssoCreateCheckout(settings, token, reservation, item);
-      reservation.ha_checkoutIntentId = checkout.checkoutIntentId;
-      reservation.ha_paymentUrl = checkout.paymentUrl;
-    }
-    reservation.status = 'approved_waiting_payment';
-    reservation.validatorUid = req.uid;
-    reservation.updatedAtMs = Date.now();
-    await saveReservation(reservation);
-    // Notify requester with payment link (best-effort)
-    try {
-      const u = await user.getUserData(reservation.uid);
-      const subject = 'Réservation approuvée - Paiement requis';
-      const body = `Ta réservation de "${item.name}" a été approuvée.\n\nLien de paiement:\n${reservation.ha_paymentUrl}\n`;
-      // NodeBB Emailer signature may vary; this is best-effort
-      await Emailer.send('equipmentCalendar-payment', {
-        subject,
-        body,
-        to: u.email,
-      });
-    } catch (e) { /* ignore */ }
-    return res.redirect('/equipment/approvals');
-  } catch (e) {
-    return res.status(500).send(e.message || 'error');
-  }
-}
-async function handleRejectReservation(req, res) {
-  try {
-    const settings = await getSettings();
-    if (!req.uid || !(await canApprove(req.uid, settings))) {
-      return helpers.notAllowed(req, res);
-    }
-    const id = String(req.params.id || '').trim();
-    const reservation = await getReservation(id);
-    if (!reservation) return res.status(404).send('Not found');
-    if (reservation.status !== 'pending' && reservation.status !== 'approved_waiting_payment') {
-      return res.status(409).send('Invalid status');
-    }
-    reservation.status = 'rejected';
-    reservation.validatorUid = req.uid;
-    reservation.notesAdmin = String(req.body.notesAdmin || '').slice(0, 2000);
-    reservation.updatedAtMs = Date.now();
-    await saveReservation(reservation);
-    return res.redirect('/equipment/approvals');
-  } catch (e) {
-    return res.status(500).send(e.message || 'error');
-  }
-}
-async function ensureIsAdmin(req, res) {
-  const isAdmin = req.uid ? await groups.isMember(req.uid, 'administrators') : false;
-  if (!isAdmin) {
-    helpers.notAllowed(req, res);
-    return false;
-  }
-  return true;
-}
-async function deleteReservation(rid) {
-  const key = `equipmentCalendar:reservation:${rid}`;
-  const data = await db.getObject(key);
-  if (data && data.itemId) {
-    await db.sortedSetRemove(`equipmentCalendar:item:${data.itemId}:reservations`, rid);
-  }
-  await db.delete(key);
-  await db.sortedSetRemove('equipmentCalendar:reservations', rid);
-}
-async function handleAdminPurge(req, res) {
-  try {
-    const isAdmin = req.uid ? await groups.isMember(req.uid, 'administrators') : false;
-    if (!isAdmin) {
-      return helpers.notAllowed(req, res);
-    }
-    const mode = String(req.body.mode || 'nonblocking'); // nonblocking|olderThan|all
-    const olderThanDays = parseInt(req.body.olderThanDays, 10);
-    // Load all reservation ids
-    const rids = await db.getSortedSetRange('equipmentCalendar:reservations', 0, -1);
-    let deleted = 0;
-    const now = Date.now();
-    for (const rid of rids) {
-      // eslint-disable-next-line no-await-in-loop
-      const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
-      if (!r || !r.rid) {
-        // eslint-disable-next-line no-await-in-loop
-        await db.sortedSetRemove('equipmentCalendar:reservations', rid);
-        continue;
-      }
-      const status = String(r.status || '');
-      const createdAt = parseInt(r.createdAt, 10) || 0;
-      const startMs = parseInt(r.startMs, 10) || 0;
-      const endMs = parseInt(r.endMs, 10) || 0;
-      let shouldDelete = false;
-      if (mode === 'all') {
-        shouldDelete = true;
-      } else if (mode === 'olderThan') {
-        const days = Number.isFinite(olderThanDays) ? olderThanDays : 0;
-        if (days > 0) {
-          const cutoff = now - days * 24 * 60 * 60 * 1000;
-          // use createdAt if present, otherwise startMs
-          const t = createdAt || startMs || endMs;
-          shouldDelete = t > 0 && t < cutoff;
-        }
-      } else {
-        // nonblocking cleanup: delete rejected/cancelled only
-        shouldDelete = (status === 'rejected' || status === 'cancelled');
-      }
-      if (shouldDelete) {
-        // eslint-disable-next-line no-await-in-loop
-        await deleteReservation(rid);
-        deleted++;
-      }
-    }
-    return res.redirect(`/admin/plugins/equipment-calendar?saved=1&purged=${deleted}`);
-  } catch (e) {
-    return res.status(500).send(e.message || 'error');
-  }
-}
-let paymentTimeoutInterval = null;
-function startPaymentTimeoutScheduler() {
-  if (paymentTimeoutInterval) return;
-  // Run every minute
-  paymentTimeoutInterval = setInterval(async () => {
-    try {
-      const settings = await getSettings();
-      const timeoutMin = Math.max(1, parseInt(settings.paymentTimeoutMinutes, 10) || 10);
-      const cutoff = Date.now() - timeoutMin * 60 * 1000;
-      // Scan bookings keys (we keep an index set)
-      const bookingIds = await db.getSetMembers('equipmentCalendar:bookings') || [];
-      for (const bid of bookingIds) {
-        // eslint-disable-next-line no-await-in-loop
-        const b = await getBooking(bid);
-        if (!b || !b.bookingId) continue;
-        const status = String(b.status || '');
-        if (status !== 'payment_pending') continue;
-        const pendingAt = parseInt(b.paymentPendingAt, 10) || parseInt(b.createdAt, 10) || 0;
-        if (!pendingAt || pendingAt > cutoff) continue;
-        // Timeout reached -> cancel booking + all reservations
-        // eslint-disable-next-line no-await-in-loop
-        const rids = await getBookingRids(bid);
-        for (const rid of rids) {
-          // eslint-disable-next-line no-await-in-loop
-          const r = await db.getObject(`equipmentCalendar:reservation:${rid}`);
-          if (!r || !r.rid) continue;
-          if (String(r.status) === 'paid') continue; // safety
-          r.status = 'cancelled';
-          r.cancelledAt = Date.now();
-          r.paymentUrl = '';
-          // eslint-disable-next-line no-await-in-loop
-          await db.setObject(`equipmentCalendar:reservation:${rid}`, r);
-        }
-        b.status = 'cancelled';
-        b.cancelledAt = Date.now();
-        b.paymentUrl = '';
-        await saveBooking(b);
-      }
-    } catch (e) {
-      // ignore to keep scheduler alive
-    }
-  }, 60 * 1000);
-}
 module.exports = plugin;
-async function handleGetReservation(req, res) {
-  if (!req.uid) return res.status(403).json({ error: 'not-logged-in' });
-  const rid = String(req.params.id || '');
-  const r = await db.getObject(resKey(rid));
-  if (!r || !r.id) return res.status(404).json({ error: 'not-found' });
-  const settings = await getSettings();
-  const isAdmin = await user.isAdminOrGlobalMod(req.uid);
-  const isOwner = String(r.uid) === String(req.uid);
-  const canSee = isAdmin || isOwner || String(settings.showRequesterToAll || '0') === '1';
-  if (!canSee) return res.status(403).json({ error: 'forbidden' });
-  res.json({
-    id: r.id,
-    bookingId: r.bookingId || '',
-    itemId: r.itemId,
-    itemName: r.itemName || '',
-    startMs: parseInt(r.startMs, 10) || 0,
-    endMs: parseInt(r.endMs, 10) || 0,
-    days: parseInt(r.days, 10) || 1,
-    status: r.status || 'pending',
-    total: Number(r.total || 0) || 0,
-    unitPrice: Number(r.unitPrice || 0) || 0,
-    notesUser: r.notesUser || '',
-    uid: r.uid,
-  });
-}