nodebb-plugin-facebook-post 1.0.15 → 1.0.17

package/CLAUDE.md

@@ -0,0 +1,69 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+NodeBB 4.x plugin that automatically publishes new forum topics to a fixed Facebook Page (association page). Only the first post of a topic is ever published, and only when the user opts in via a composer checkbox.
+
+## Installation & Deployment
+
+There is no build step for this plugin. NodeBB handles asset bundling.
+
+```bash
+# After modifying the plugin, copy it into the NodeBB instance and rebuild:
+./nodebb build
+./nodebb restart
+
+# Activate via: ACP → Plugins → Facebook Post
+```
+
+**Environment variables (required at NodeBB startup):**
+- `NODEBB_FB_PAGE_ID` – Facebook Page ID
+- `NODEBB_FB_PAGE_ACCESS_TOKEN` – Page access token
+- `NODEBB_FB_GRAPH_VERSION` – optional, defaults to `v25.0`
+- `NODEBB_FB_ALLOWED_GROUPS` – comma-separated NodeBB group names allowed to use the feature (e.g. `Staff,Communication`); empty = nobody
+
+## Architecture
+
+### File Map
+
+| File | Role |
+|------|------|
+| `library.js` | Server-side plugin entry point (Node.js) |
+| `plugin.json` | NodeBB manifest: hooks, static dirs, client scripts |
+| `static/lib/composer.js` | Client JS injected into the NodeBB post composer |
+| `static/lib/admin.js` | Client JS for the ACP settings page |
+| `static/templates/admin/facebook-post.tpl` | NodeBB Benchpress template for ACP page |
+
+### Hook Flow
+
+1. **`static:app.load` → `Plugin.init`**
+   Loads settings, registers Express routes on the NodeBB router:
+   - `GET /admin/plugins/facebook-post` – ACP page (HTML)
+   - `GET /api/admin/plugins/facebook-post` – ACP page (JSON, for ajaxify)
+   - `GET /api/facebook-post/can-post` – called by composer.js to check if the logged-in user may see the Facebook UI
+
+2. **`filter:post.create` → `Plugin.onPostCreate`**
+   Copies `fbPostEnabled` and `fbPlaceId` from the composer submit payload into the post object so they survive into the next hook.
+
+3. **`action:post.save` → `Plugin.onPostSave`**
+   Main publication logic: validates guards, calls Facebook Graph API via `postToFacebook()`. Stores `fbPostedId` and `fbPostedAt` on the post to prevent double-posting.
+
+### Settings Split
+
+- **Sensitive** (env vars, never stored in DB): `fbPageId`, `fbPageAccessToken`, `fbGraphVersion`, `allowedGroups`
+- **Non-sensitive** (stored in NodeBB DB via `meta.settings` with key `facebook-post`): `enabled`, `includeExcerpt`, `excerptMaxLen`, `categoriesWhitelist`, `minimumReputation`, `maxImages`, `enablePlaceTagging`
+
+Both are merged in `loadSettings()`, which is called on each relevant request to pick up live DB changes without restart.
+
+### Facebook Publication Flow (`postToFacebook`)
+
+1. Extract image URLs from post content (Markdown `![]()`, HTML `<img>`, bare URLs) — only forum-hosted images pass the `isForumHosted()` filter.
+2. Upload each image to `/{pageId}/photos` with `published=false` to get photo IDs.
+3. POST to `/{pageId}/feed` with `attached_media[]`, optional `place`, and `link`.
+
+### Client-Side (composer.js)
+
+Listens to `action:composer.loaded`. Calls `/api/facebook-post/can-post`; if allowed, injects a checkbox and optional Place ID field into the composer. Hooks into `filter:composer.submit.fbpost` to append `fbPostEnabled` and `fbPlaceId` to the submit payload.
+

package/library.js

@@ -4,26 +4,16 @@ const axios = require('axios');
 
 let meta = {};
 let settings = {};
-let appRef;
 
 const SETTINGS_KEY = 'facebook-post';
 
-// Non-sensitive settings kept in ACP DB
 const DEFAULT_SETTINGS = {
   enabled: false,
-
-  // Behaviour
   includeExcerpt: true,
   excerptMaxLen: 220,
-
-  // Filters
-  categoriesWhitelist: '', // comma-separated cids, empty = all
+  categoriesWhitelist: '',
   minimumReputation: 0,
-
-  // Image handling
   maxImages: 4,
-
-  // Location
   enablePlaceTagging: true,
 };
 
@@ -44,15 +34,11 @@ function parseCsvInts(csv) {
 }
 
 function readEnv() {
-  const env = process.env || {};
-  // Fixed Facebook page target (association page)
+  const env = process.env;
   return {
     fbGraphVersion: trimStr(env.NODEBB_FB_GRAPH_VERSION) || 'v25.0',
     fbPageId: trimStr(env.NODEBB_FB_PAGE_ID),
     fbPageAccessToken: trimStr(env.NODEBB_FB_PAGE_ACCESS_TOKEN),
-
-    // Restrict availability to NodeBB groups (comma-separated)
-    // If empty => nobody can use Facebook posting
     allowedGroups: trimStr(env.NODEBB_FB_ALLOWED_GROUPS || ''),
   };
 }
@@ -62,17 +48,13 @@ async function loadSettings() {
   settings = Object.assign({}, DEFAULT_SETTINGS, raw || {});
 
   settings.enabled = bool(settings.enabled);
-
   settings.includeExcerpt = bool(settings.includeExcerpt);
   settings.excerptMaxLen = int(settings.excerptMaxLen, DEFAULT_SETTINGS.excerptMaxLen);
-
   settings.minimumReputation = int(settings.minimumReputation, 0);
   settings.maxImages = int(settings.maxImages, DEFAULT_SETTINGS.maxImages);
   settings.enablePlaceTagging = bool(settings.enablePlaceTagging);
-
   settings.categoriesWhitelist = trimStr(settings.categoriesWhitelist);
 
-  // ENV overrides / secrets
   const env = readEnv();
   settings.fbGraphVersion = env.fbGraphVersion;
   settings.fbPageId = env.fbPageId;
@@ -84,6 +66,7 @@ function getForumBaseUrl() {
   const nconf = require.main.require('nconf');
   return trimStr(nconf.get('url')) || '';
 }
+
 function absolutizeUrl(url) {
   const base = getForumBaseUrl();
   if (!url) return '';
@@ -91,8 +74,9 @@ function absolutizeUrl(url) {
   if (url.startsWith('//')) return `https:${url}`;
   if (!base) return url;
   if (url.startsWith('/')) return base + url;
-  return base + '/' + url;
+  return `${base}/${url}`;
 }
+
 function isForumHosted(urlAbs) {
   const base = getForumBaseUrl();
   if (!base) return false;
@@ -107,12 +91,10 @@ function extractImageUrlsFromContent(rawContent) {
   const urls = new Set();
   if (!rawContent) return [];
 
-  // Markdown images
   const mdImg = /!\[[^\]]*]\(([^)\s]+)(?:\s+"[^"]*")?\)/g;
   let m;
   while ((m = mdImg.exec(rawContent)) !== null) urls.add(m[1]);
 
-  // HTML images
   const htmlImg = /<img[^>]+src=["']([^"']+)["'][^>]*>/gi;
   while ((m = htmlImg.exec(rawContent)) !== null) urls.add(m[1]);
 
@@ -132,25 +114,7 @@ function sanitizeExcerpt(text, maxLen) {
     .replace(/<[^>]*>/g, '');
   if (!s) return '';
   if (s.length <= maxLen) return s;
-  return s.slice(0, Math.max(0, maxLen - 1)).trimEnd() + '…';
-}
-
-function normalizeAllowedGroupsValue(value) {
-  if (!value) return '';
-  if (Array.isArray(value)) {
-    return value.map(String).map(v => v.trim()).filter(Boolean).join(',');
-  }
-  const s = String(value).trim();
-  if (!s) return '';
-  if (s.startsWith('[')) {
-    try {
-      const parsed = JSON.parse(s);
-      if (Array.isArray(parsed)) {
-        return parsed.map(String).map(v => v.trim()).filter(Boolean).join(',');
-      }
-    } catch (_) {}
-  }
-  return s;
+  return s.slice(0, maxLen - 1).trimEnd() + '\u2026';
 }
 
 function parseAllowedGroupsList() {
@@ -159,7 +123,6 @@ function parseAllowedGroupsList() {
   return s.split(',').map(v => v.trim()).filter(Boolean);
 }
 
-
 function getUidFromReq(req) {
   return req && (req.uid || (req.user && req.user.uid) || (req.session && req.session.uid));
 }
@@ -170,9 +133,6 @@ async function userIsAllowed(uid) {
 
   const Groups = require.main.require('./src/groups');
   for (const groupName of allowed) {
-    // Group names are case-sensitive in NodeBB
-    // If any match => allowed
-    // groups.isMember(uid, groupName) returns boolean
     try {
       // eslint-disable-next-line no-await-in-loop
       const ok = await Groups.isMember(uid, groupName);
@@ -207,36 +167,23 @@ async function getPostContext(postData) {
 
 function shouldProcessPost(ctx) {
   if (!ctx || !ctx.post || !ctx.topic || !ctx.user) return false;
-
-  // Plugin enabled
   if (!settings.enabled) return false;
-
-  // Secrets set
   if (!settings.fbPageId || !settings.fbPageAccessToken) return false;
 
-  // Only first post of topic
   const isFirstPost = (ctx.post.isMainPost === true) || (ctx.post.index === 0);
   if (!isFirstPost) return false;
 
-  // User opted-in on composer checkbox
   if (!bool(ctx.post.fbPostEnabled)) return false;
-
-  // reputation filter
   if ((ctx.user.reputation || 0) < settings.minimumReputation) return false;
 
-  // category whitelist
   const whitelist = parseCsvInts(settings.categoriesWhitelist);
-  if (whitelist.length > 0) {
-    const cid = parseInt(ctx.topic.cid, 10);
-    if (!whitelist.includes(cid)) return false;
-  }
+  if (whitelist.length > 0 && !whitelist.includes(parseInt(ctx.topic.cid, 10))) return false;
 
   return true;
 }
 
 async function uploadPhotoToFacebook(urlAbs) {
   const endpoint = `https://graph.facebook.com/${settings.fbGraphVersion}/${settings.fbPageId}/photos`;
-
   const resp = await axios.post(endpoint, null, {
     params: {
       url: urlAbs,
@@ -245,7 +192,6 @@ async function uploadPhotoToFacebook(urlAbs) {
     },
     timeout: 20000,
   });
-
   return resp.data && resp.data.id;
 }
 
@@ -255,10 +201,8 @@ async function publishFeedPost({ message, link, photoIds, placeId }) {
   const form = new URLSearchParams();
   form.append('message', String(message || ''));
   form.append('access_token', String(settings.fbPageAccessToken));
-
   if (link) form.append('link', String(link));
   if (placeId) form.append('place', String(placeId));
-
   if (Array.isArray(photoIds) && photoIds.length) {
     photoIds.forEach((id, idx) => {
       form.append(`attached_media[${idx}]`, JSON.stringify({ media_fbid: id }));
@@ -269,42 +213,28 @@ async function publishFeedPost({ message, link, photoIds, placeId }) {
     headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
     timeout: 20000,
   });
-
   return resp.data && resp.data.id;
 }
 
 async function postToFacebook(ctx) {
   const rawContent = ctx.post.content || '';
   const topicTitle = ctx.topic.title || 'Nouveau sujet';
-  const author = ctx.user.username || 'Quelqu’un';
+  const author = ctx.user.username || 'Quelqu\u2019un';
   const link = ctx.topicUrlAbs;
 
   const excerpt = settings.includeExcerpt ? sanitizeExcerpt(rawContent, settings.excerptMaxLen) : '';
 
-  // Images: user said uploads NodeBB => enforce forum-hosted only
-  let imageUrls = extractImageUrlsFromContent(rawContent)
-    .map(absolutizeUrl)
-    .filter(isForumHosted);
-
-  imageUrls = imageUrls.slice(0, Math.max(0, settings.maxImages));
+  const imageUrls = extractImageUrlsFromContent(rawContent)
+    .filter(isForumHosted)
+    .slice(0, Math.max(0, settings.maxImages));
 
-  // Place tagging
-  let placeId = null;
-  if (settings.enablePlaceTagging) {
-    const pid = trimStr(ctx.post.fbPlaceId);
-    if (pid) placeId = pid;
-  }
-
-  const lines = [];
-  lines.push(`📝 ${topicTitle}`);
-  if (excerpt) lines.push(`\n${excerpt}`);
-  lines.push(`\n🔗 ${link}`);
-  lines.push(`\n— ${author}`);
-  const message = lines.join('\n');
+  const placeId = (settings.enablePlaceTagging && trimStr(ctx.post.fbPlaceId)) || null;
 
-  if (!imageUrls.length) {
-    return await publishFeedPost({ message, link, photoIds: [], placeId });
-  }
+  const lines = [`\uD83D\uDCDD ${topicTitle}`];
+  if (excerpt) lines.push(excerpt);
+  lines.push(`\uD83D\uDD17 ${link}`);
+  lines.push(`\u2014 ${author}`);
+  const message = lines.join('\n\n');
 
   const photoIds = [];
   for (const urlAbs of imageUrls) {
@@ -313,18 +243,16 @@ async function postToFacebook(ctx) {
     if (id) photoIds.push(id);
   }
 
-  return await publishFeedPost({ message, link, photoIds, placeId });
+  return publishFeedPost({ message, link, photoIds, placeId });
 }
 
 const Plugin = {};
 
 Plugin.init = async function (params) {
-  // NodeBB v4.9.x: params provides { router, middleware, meta, ... }
   const { router, middleware } = params;
 
   meta = (params && params.meta) ? params.meta : require.main.require('./src/meta');
 
-  // Used to render group list in ACP
   const groups = require.main.require('./src/groups');
   const db = require.main.require('./src/database');
 
@@ -335,11 +263,9 @@ Plugin.init = async function (params) {
     if (!names?.length) {
       names = await db.getSortedSetRange('groups:visible:createtime', 0, -1);
     }
-
     const data = await groups.getGroupsData(
       (names || []).filter(name => !groups.isPrivilegeGroup(name))
     );
-
     return (data || [])
       .filter(g => g?.name && g.name.toLowerCase() !== 'guests')
       .sort((a, b) => String(a.name).localeCompare(String(b.name), undefined, { sensitivity: 'base' }));
@@ -370,38 +296,6 @@ Plugin.init = async function (params) {
       return res.json({ allowed: false, reason: 'error' });
     }
   });
-    } catch {
-      return res.json({ allowed: false });
-    }
-  });
-
-  router.post('/api/admin/plugins/facebook-post/mark-posted', middleware.ensureLoggedIn, async (req, res) => {
-    try {
-      await loadSettings();
-
-      const secret = trimStr(req.body && req.body.secret);
-      if (!secret || secret !== settings.workerSecret) {
-        return res.status(403).json({ error: 'bad_secret' });
-      }
-
-      const ok = await ensureAdmin(req);
-      if (!ok) return res.status(403).json({ error: 'forbidden' });
-
-      const pid = parseInt(req.body && req.body.pid, 10);
-      const fbPostedId = trimStr(req.body && req.body.fbPostedId);
-      const fbPostedAt = parseInt(req.body && req.body.fbPostedAt, 10) || Date.now();
-      if (!Number.isFinite(pid) || !fbPostedId) return res.status(400).json({ error: 'bad_payload' });
-
-      const Posts = require.main.require('./src/posts');
-      await Posts.setPostField(pid, 'fbPostedId', fbPostedId);
-      await Posts.setPostField(pid, 'fbPostedAt', fbPostedAt);
-      await Posts.deletePostField(pid, 'fbQueueJobId');
-      await Posts.deletePostField(pid, 'fbQueuedAt');
-      return res.json({ ok: true });
-    } catch {
-      return res.status(500).json({ error: 'failed' });
-    }
-  });
 };
 
 Plugin.addAdminNavigation = async function (header) {
@@ -414,17 +308,13 @@ Plugin.addAdminNavigation = async function (header) {
   return header;
 };
 
-
-// Save custom composer data into post fields
 Plugin.onPostCreate = async function (hookData) {
   try {
     if (!hookData?.post || !hookData?.data) return hookData;
-
     hookData.post.fbPostEnabled = bool(hookData.data.fbPostEnabled);
-
     const fbPlaceId = trimStr(hookData.data.fbPlaceId);
     if (fbPlaceId) hookData.post.fbPlaceId = fbPlaceId;
-  } catch (e) {
+  } catch {
     // swallow
   }
   return hookData;
@@ -439,7 +329,6 @@ Plugin.onPostSave = async function (hookData) {
     const ctx = await getPostContext(hookData && hookData.post ? hookData.post : hookData);
     if (!ctx) return;
 
-    // Allowed group check (server-side enforcement)
     const allowed = await userIsAllowed(ctx.post.uid);
     if (!allowed) return;
 
@@ -447,7 +336,6 @@ Plugin.onPostSave = async function (hookData) {
 
     const Posts = require.main.require('./src/posts');
 
-    // Avoid double-post
     const already = await Posts.getPostField(ctx.post.pid, 'fbPostedId');
     if (already) return;
 
@@ -457,10 +345,9 @@ Plugin.onPostSave = async function (hookData) {
       await Posts.setPostField(ctx.post.pid, 'fbPostedAt', Date.now());
     }
   } catch (e) {
-    const detail = e && (e.response && JSON.stringify(e.response.data) || e.message || e);
+    const detail = e?.response ? JSON.stringify(e.response.data) : (e?.message || e);
     winston.error(`[facebook-post] Failed: ${detail}`);
   }
 };
 
 module.exports = Plugin;
-

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-facebook-post",
-  "version": "1.0.15",
+  "version": "1.0.17",
   "description": "Auto-post new NodeBB topics to a fixed Facebook Page (text + NodeBB uploads + place id).",
   "main": "library.js",
   "dependencies": {

package/static/lib/composer.js

@@ -10,7 +10,7 @@
       });
       if (!res.ok) return { allowed: false };
       return await res.json();
-    } catch {
+    } catch (err) {
       return { allowed: false };
     }
   }
@@ -71,7 +71,7 @@
       if (!perm.allowed) return;
 
       injectUI($composer);
-    } catch {
+    } catch (err) {
       // ignore
     }
   });