nodebb-plugin-onekite-calendar 1.0.0

package/CHANGELOG.md

@@ -0,0 +1,45 @@
+## 1.1.0
+
+## 1.3.4
+- Fix: HelloAsso OAuth token rate-limit (429/1015) by caching token, de-duplicating requests, and adding backoff retries (no extra logs).
+- Discord: add ⏳/💳 icons in embed titles.
+### Perf / prod (NodeBB v4)
+- FullCalendar : passage au CDN **@latest** et utilisation de `main.min.css` (supprime l’erreur 404 `index.global.min.css`).
+- API `events` : payload allégé (les détails sont chargés à la demande), tri stable.
+- Cache intelligent : support **ETag** côté serveur + requêtes conditionnelles côté client (réduit les transferts lors des refetch).
+- Prefetch : préchargement du mois précédent/suivant (si l’utilisateur navigue, la vue est instantanée).
+- Robustesse : anti double-refetch (debounce sur les updates socket) et annulation des fetch concurrents.
+
+
+## 1.0.1.1
+- ACP (NodeBB v4) : empêche l’affichage multiple des popups de succès lors de l’enregistrement (déduplication des alerts).
+
+## 1.0.1
+- Correctif : après validation d'une réservation depuis l’ACP, le lien HelloAsso (paymentUrl) est maintenant bien enregistré et transmis au calendrier (bouton **Payer maintenant** visible dans la modale).
+
+# Changelog
+
+## 1.3.2
+
+- Discord : notifications envoyées en **embed** (plus lisible) pour les demandes et paiements.
+- Discord : contenu texte désactivé (embed only) pour éviter le bruit.
+
+## 1.0.0
+
+### ACP
+- Locations en attente : validation/refus avec les **mêmes modales** que côté calendrier (adresse + carte + notes + heure / raison de refus) et **suppression de la ligne** après action.
+- Réglages : correction de l’enregistrement des **groupes** dans l’onglet Évènements (form + payload), et correction du décalage d’affichage des onglets.
+
+### Calendrier (front)
+- Évènements : suppression de l’icône « pin-it ».
+- Évènements : alignement de l’horloge identique aux icônes des réservations (rendu sans colonne de temps FullCalendar).
+- Création d’évènement : clic sur un jour = valeur par défaut **07:00 → 07:00** (gestion robuste de l’`end` exclusif FullCalendar).
+- Modales : correction d’un cas où, après annulation (ESC/clic extérieur), les modales ne réapparaissaient plus.
+- **Nouveau** : conservation du dernier mode sélectionné (**Location** / **Évènement**) même après création/annulation/refetch (persisté par utilisateur via `localStorage`).
+
+### Emails
+- Template relance : ajout du même bloc de paiement que dans pending (bouton + lien de secours).
+
+### Maintenance
+- Nettoyage des CSS/handlers devenus inutiles suite aux corrections d’alignement.
+- Harmonisation des versions (`package.json` + `plugin.json`) en `1.0.0`.

package/lib/admin.js

@@ -0,0 +1,562 @@
+'use strict';
+
+const meta = require.main.require('./src/meta');
+const user = require.main.require('./src/user');
+const emailer = require.main.require('./src/emailer');
+const nconf = require.main.require('nconf');
+
+function forumBaseUrl() {
+  const base = String(nconf.get('url') || '').trim().replace(/\/$/, '');
+  return base;
+}
+
+function formatFR(tsOrIso) {
+  const d = new Date(typeof tsOrIso === 'string' && /^[0-9]+$/.test(tsOrIso) ? parseInt(tsOrIso, 10) : tsOrIso);
+  const dd = String(d.getDate()).padStart(2, '0');
+  const mm = String(d.getMonth() + 1).padStart(2, '0');
+  const yyyy = d.getFullYear();
+  return `${dd}/${mm}/${yyyy}`;
+}
+
+async function sendEmail(template, toEmail, subject, data) {
+  // Prefer sending by uid (NodeBB core expects uid in various places)
+  const uid = data && Number.isInteger(data.uid) ? data.uid : null;
+  if (!toEmail && !uid) return;
+
+  const settings = await meta.settings.get('calendar-onekite').catch(() => ({}));
+  const lang = (settings && settings.defaultLang) || (meta && meta.config && meta.config.defaultLang) || 'fr';
+  const params = Object.assign({}, data || {}, subject ? { subject } : {});
+
+  // If we have a uid, use the native uid-based sender first.
+  try {
+    if (uid && typeof emailer.send === 'function') {
+      // NodeBB: send(template, uid, params)
+      if (emailer.send.length >= 3) {
+        await emailer.send(template, uid, params);
+      } else {
+        await emailer.send(template, uid, params);
+      }
+      return;
+    }
+  } catch (err) {
+    console.warn('[calendar-onekite] Failed to send email', {
+      template,
+      toEmail,
+      err: err && err.message ? err.message : String(err),
+    });
+  }
+
+  try {
+    if (typeof emailer.sendToEmail === 'function') {
+      // NodeBB: sendToEmail(template, email, language, params)
+      if (emailer.sendToEmail.length >= 4) {
+        await emailer.sendToEmail(template, toEmail, lang, params);
+      } else {
+        // Older signature: sendToEmail(template, email, params)
+        await emailer.sendToEmail(template, toEmail, params);
+      }
+      return;
+    }
+  } catch (err) {
+    console.warn('[calendar-onekite] Failed to send email', {
+      template,
+      toEmail,
+      err: err && err.message ? err.message : String(err),
+    });
+  }
+}
+
+function normalizeCallbackUrl(configured, meta) {
+  const base = (meta && meta.config && (meta.config.url || meta.config['url'])) ? (meta.config.url || meta.config['url']) : '';
+  let url = (configured || '').trim();
+  if (!url) {
+    url = base ? `${base}/helloasso` : '';
+  }
+  if (url && url.startsWith('/') && base) {
+    url = `${base}${url}`;
+  }
+  return url;
+}
+
+function normalizeReturnUrl(meta) {
+  const base = (meta && meta.config && (meta.config.url || meta.config['url'])) ? (meta.config.url || meta.config['url']) : '';
+  const b = String(base || '').trim().replace(/\/$/, '');
+  if (!b) return '';
+  return `${b}/calendar`;
+}
+
+
+const dbLayer = require('./db');
+const helloasso = require('./helloasso');
+
+const ADMIN_PRIV = 'admin:settings';
+
+const admin = {};
+
+admin.renderAdmin = async function (req, res) {
+  res.render('admin/plugins/calendar-onekite', {
+    title: 'Calendar OneKite',
+  });
+};
+
+admin.getSettings = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
+  res.json(settings || {});
+};
+
+admin.saveSettings = async function (req, res) {
+  await meta.settings.set('calendar-onekite', req.body || {});
+  res.json({ ok: true });
+};
+
+admin.listPending = async function (req, res) {
+  const ids = await dbLayer.listAllReservationIds(5000);
+  // Batch fetch to avoid N DB round-trips.
+  const rows = await dbLayer.getReservations(ids);
+  const pending = (rows || []).filter(r => r && r.status === 'pending');
+  pending.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
+  res.json(pending);
+};
+
+admin.approveReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'awaiting_payment';
+  r.pickupAddress = String((req.body && (req.body.pickupAddress || req.body.adminNote || req.body.note)) || '').trim();
+  r.notes = String((req.body && req.body.notes) || '').trim();
+  r.pickupTime = String((req.body && (req.body.pickupTime || req.body.pickup)) || '').trim();
+  r.pickupLat = String((req.body && req.body.pickupLat) || '').trim();
+  r.pickupLon = String((req.body && req.body.pickupLon) || '').trim();
+  r.approvedAt = Date.now();
+
+  try {
+    const approver = await user.getUserFields(req.uid, ['username']);
+    r.approvedBy = req.uid;
+    r.approvedByUsername = approver && approver.username ? approver.username : '';
+  } catch (e) {
+    r.approvedBy = req.uid;
+    r.approvedByUsername = '';
+  }
+
+  // Create HelloAsso payment link if configured
+  const settings = await meta.settings.get('calendar-onekite');
+  const env = settings.helloassoEnv || 'prod';
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+        if (!token) {
+
+        }
+
+  let paymentUrl = null;
+  if (token) {
+    const requester = await user.getUserFields(r.uid, ['username', 'email']);
+    // r.total is stored as an estimated total in euros; HelloAsso expects cents.
+    const totalAmount = Math.max(0, Math.round((Number(r.total) || 0) * 100));
+    const base = forumBaseUrl();
+    const returnUrl = base ? `${base}/calendar` : '';
+    const webhookUrl = base ? `${base}/plugins/calendar-onekite/helloasso` : '';
+    const year = new Date(Number(r.start)).getFullYear();
+    const intent = await helloasso.createCheckoutIntent({
+      env,
+      token,
+      organizationSlug: settings.helloassoOrganizationSlug,
+      formType: settings.helloassoFormType,
+      // Form slug is derived from the year
+      formSlug: `locations-materiel-${year}`,
+      totalAmount,
+      payerEmail: requester && requester.email,
+      // User return/back/error URLs must be real pages; webhook uses the plugin endpoint.
+      callbackUrl: returnUrl,
+      webhookUrl: webhookUrl,
+      itemName: 'Réservation matériel OneKite',
+      containsDonation: false,
+      metadata: { reservationId: String(rid) },
+    });
+    paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl)
+      ? (intent.paymentUrl || intent.redirectUrl)
+      : (typeof intent === 'string' ? intent : null);
+    if (intent && intent.checkoutIntentId) {
+      r.checkoutIntentId = intent.checkoutIntentId;
+    }
+    }
+
+  if (paymentUrl) {
+    r.paymentUrl = paymentUrl;
+  } else {
+    console.warn('[calendar-onekite] HelloAsso payment link not created (approve ACP)', { rid });
+  }
+
+  await dbLayer.saveReservation(r);
+
+  // Email requester
+  try {
+    const requester = await user.getUserFields(r.uid, ['username', 'email']);
+    if (requester && requester.email) {
+      const latNum = Number(r.pickupLat);
+      const lonNum = Number(r.pickupLon);
+      const mapUrl = (Number.isFinite(latNum) && Number.isFinite(lonNum))
+        ? `https://www.openstreetmap.org/?mlat=${encodeURIComponent(String(latNum))}&mlon=${encodeURIComponent(String(lonNum))}#map=18/${encodeURIComponent(String(latNum))}/${encodeURIComponent(String(lonNum))}`
+        : '';
+      await sendEmail('calendar-onekite_approved', requester.email, 'Location matériel - Réservation validée', {
+        uid: parseInt(r.uid, 10),
+        username: requester.username,
+        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
+        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+        paymentUrl: paymentUrl || '',
+        pickupAddress: r.pickupAddress || '',
+        notes: r.notes || '',
+        pickupTime: r.pickupTime || '',
+        pickupLat: r.pickupLat || '',
+        pickupLon: r.pickupLon || '',
+        mapUrl,
+        validatedBy: r.approvedByUsername || '',
+        validatedByUrl: (r.approvedByUsername ? `https://www.onekite.com/user/${encodeURIComponent(String(r.approvedByUsername))}` : ''),
+      });
+    }
+  } catch (e) {}
+
+  res.json({ ok: true, paymentUrl: paymentUrl || null });
+};
+
+admin.refuseReservation = async function (req, res) {
+  const rid = req.params.rid;
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  r.status = 'refused';
+  r.refusedAt = Date.now();
+  r.refusedReason = String((req.body && (req.body.reason || req.body.refusedReason || req.body.refuseReason)) || '').trim();
+  await dbLayer.saveReservation(r);
+
+  try {
+    const requester = await user.getUserFields(r.uid, ['username', 'email']);
+    if (requester && requester.email) {
+      await sendEmail('calendar-onekite_refused', requester.email, 'Location matériel - Réservation refusée', {
+        uid: parseInt(r.uid, 10),
+        username: requester.username,
+        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
+        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+        start: formatFR(r.start),
+        end: formatFR(r.end),
+        refusedReason: r.refusedReason || '',
+      });
+    }
+  } catch (e) {}
+
+  res.json({ ok: true });
+};
+
+admin.purgeByYear = async function (req, res) {
+  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
+  if (!/^\d{4}$/.test(year)) {
+    return res.status(400).json({ error: 'invalid-year' });
+  }
+  const y = parseInt(year, 10);
+  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
+  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
+
+  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 100000);
+  let removed = 0;
+  let archivedForAccounting = 0;
+  const ts = Date.now();
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (!r) continue;
+
+    // Keep paid reservations for accounting; just hide them from the calendar.
+    if (String(r.status) === 'paid') {
+      if (!r.calendarPurgedAt) {
+        r.calendarPurgedAt = ts;
+        await dbLayer.saveReservation(r);
+      }
+      archivedForAccounting++;
+      continue;
+    }
+
+    await dbLayer.removeReservation(rid);
+    removed++;
+  }
+  res.json({ ok: true, removed, archivedForAccounting });
+};
+
+admin.purgeSpecialEventsByYear = async function (req, res) {
+  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
+  if (!/^\d{4}$/.test(year)) {
+    return res.status(400).json({ error: 'invalid-year' });
+  }
+  const y = parseInt(year, 10);
+  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
+  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
+
+  const ids = await dbLayer.listSpecialIdsByStartRange(startTs, endTs, 100000);
+  let count = 0;
+  for (const eid of ids) {
+    await dbLayer.removeSpecialEvent(eid);
+    count++;
+  }
+  return res.json({ ok: true, removed: count });
+};
+
+// Debug endpoint to validate HelloAsso connectivity and item loading
+
+
+admin.debugHelloAsso = async function (req, res) {
+  const settings = await meta.settings.get('calendar-onekite');
+  const env = (settings && settings.helloassoEnv) || 'prod';
+
+  // Never expose secrets in debug output
+  const safeSettings = {
+    helloassoEnv: env,
+    helloassoClientId: settings && settings.helloassoClientId ? String(settings.helloassoClientId) : '',
+    helloassoClientSecret: settings && settings.helloassoClientSecret ? '***' : '',
+    helloassoOrganizationSlug: settings && settings.helloassoOrganizationSlug ? String(settings.helloassoOrganizationSlug) : '',
+    helloassoFormType: settings && settings.helloassoFormType ? String(settings.helloassoFormType) : '',
+    helloassoFormSlug: settings && settings.helloassoFormSlug ? String(settings.helloassoFormSlug) : '',
+  };
+
+  const out = {
+    ok: true,
+    settings: safeSettings,
+    token: { ok: false },
+    // Catalog = what you actually want for a shop (available products/material)
+    catalog: { ok: false, count: 0, sample: [], keys: [] },
+    // Sold items = items present in orders (can be 0 if no sales yet)
+    soldItems: { ok: false, count: 0, sample: [] },
+  };
+
+  try {
+    const token = await helloasso.getAccessToken({
+      env,
+      clientId: settings.helloassoClientId,
+      clientSecret: settings.helloassoClientSecret,
+    });
+    if (!token) {
+      out.token = { ok: false, error: 'token-null' };
+      return res.json(out);
+    }
+    out.token = { ok: true };
+
+    // Catalog items (via /public)
+    try {
+      const y = new Date().getFullYear();
+      const { publicForm, items } = await helloasso.listCatalogItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: `locations-materiel-${y}`,
+      });
+
+      const arr = Array.isArray(items) ? items : [];
+      out.catalog.ok = true;
+      out.catalog.count = arr.length;
+      out.catalog.keys = publicForm && typeof publicForm === 'object' ? Object.keys(publicForm) : [];
+      out.catalog.sample = arr.slice(0, 10).map((it) => ({
+        id: it.id,
+        name: it.name,
+        price: it.price ?? null,
+      }));
+    } catch (e) {
+      out.catalog = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [], keys: [] };
+    }
+
+    // Sold items
+    try {
+      const y2 = new Date().getFullYear();
+      const items = await helloasso.listItems({
+        env,
+        token,
+        organizationSlug: settings.helloassoOrganizationSlug,
+        formType: settings.helloassoFormType,
+        formSlug: `locations-materiel-${y2}`,
+      });
+      const arr = Array.isArray(items) ? items : [];
+      out.soldItems.ok = true;
+      out.soldItems.count = arr.length;
+      out.soldItems.sample = arr.slice(0, 10).map((it) => ({
+        id: it.id || it.itemId || it.reference || it.name,
+        name: it.name || it.label || it.itemName,
+        price: it.price || it.amount || it.unitPrice || null,
+      }));
+    } catch (e) {
+      out.soldItems = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [] };
+    }
+
+    return res.json(out);
+  } catch (e) {
+    out.ok = false;
+    out.token = { ok: false, error: String(e && e.message ? e.message : e) };
+    return res.json(out);
+  }
+};
+
+// Accounting endpoint: aggregates paid reservations so you can contabilize what was rented.
+// Query params:
+//   from=YYYY-MM-DD (inclusive, based on reservation.start)
+//   to=YYYY-MM-DD (exclusive, based on reservation.start)
+admin.getAccounting = async function (req, res) {
+  const qFrom = String((req.query && req.query.from) || '').trim();
+  const qTo = String((req.query && req.query.to) || '').trim();
+  const parseDay = (s) => {
+    if (!/^\d{4}-\d{2}-\d{2}$/.test(s)) return null;
+    const [y, m, d] = s.split('-').map((x) => parseInt(x, 10));
+    const dt = new Date(Date.UTC(y, m - 1, d));
+    const ts = dt.getTime();
+    return Number.isFinite(ts) ? ts : null;
+  };
+  const fromTs = parseDay(qFrom);
+  const toTs = parseDay(qTo);
+
+  // Default: last 12 months (UTC)
+  const now = new Date();
+  const defaultTo = Date.UTC(now.getUTCFullYear(), now.getUTCMonth() + 1, 1);
+  const defaultFrom = Date.UTC(now.getUTCFullYear() - 1, now.getUTCMonth() + 1, 1);
+  const minTs = fromTs ?? defaultFrom;
+  const maxTs = toTs ?? defaultTo;
+
+  const ids = await dbLayer.listAllReservationIds(100000);
+  const rows = [];
+  const byItem = new Map();
+
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (!r) continue;
+    if (String(r.status) !== 'paid') continue;
+    if (r.accPurgedAt) continue;
+    const start = parseInt(r.start, 10);
+    if (!Number.isFinite(start)) continue;
+    if (start < minTs || start >= maxTs) continue;
+
+    const itemNames = Array.isArray(r.itemNames) && r.itemNames.length
+      ? r.itemNames
+      : (r.itemName ? [r.itemName] : []);
+
+    const total = Number(r.total) || 0;
+    const startDate = formatFR(r.start);
+    const endDate = formatFR(r.end);
+
+    rows.push({
+      rid: r.rid,
+      uid: r.uid,
+      username: r.username || '',
+      start: r.start,
+      end: r.end,
+      startDate,
+      endDate,
+      items: itemNames,
+      total,
+      paidAt: r.paidAt || '',
+    });
+
+    for (const name of itemNames) {
+      const key = String(name || '').trim();
+      if (!key) continue;
+      const cur = byItem.get(key) || { item: key, count: 0, total: 0 };
+      cur.count += 1;
+      cur.total += total;
+      byItem.set(key, cur);
+    }
+  }
+
+  const summary = Array.from(byItem.values()).sort((a, b) => b.count - a.count);
+  rows.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
+
+  return res.json({
+    ok: true,
+    from: new Date(minTs).toISOString().slice(0, 10),
+    to: new Date(maxTs).toISOString().slice(0, 10),
+    summary,
+    rows,
+  });
+};
+
+admin.exportAccountingCsv = async function (req, res) {
+  // Reuse the same logic and emit a CSV.
+  const fakeRes = { json: (x) => x };
+  const data = await admin.getAccounting(req, fakeRes);
+  // If getAccounting returned via res.json, data is undefined; rebuild by calling logic directly.
+  // Easiest: call getAccounting's internals by fetching the endpoint logic via HTTP is not possible here.
+  // So we re-run getAccounting but capture output by monkeypatching.
+  let payload;
+  await admin.getAccounting(req, { json: (x) => { payload = x; return x; } });
+  if (!payload || !payload.ok) {
+    return res.status(500).send('error');
+  }
+  const escape = (v) => {
+    const s = String(v ?? '');
+    if (/[\n\r,\"]/g.test(s)) {
+      return '"' + s.replace(/"/g, '""') + '"';
+    }
+    return s;
+  };
+  const lines = [];
+  lines.push(['rid', 'username', 'uid', 'start', 'end', 'items', 'total', 'paidAt'].map(escape).join(','));
+  for (const r of payload.rows || []) {
+    lines.push([
+      r.rid,
+      r.username,
+      r.uid,
+      r.startDate,
+      r.endDate,
+      (Array.isArray(r.items) ? r.items.join(' | ') : ''),
+      (Number(r.total) || 0).toFixed(2),
+      r.paidAt ? new Date(parseInt(r.paidAt, 10)).toISOString() : '',
+    ].map(escape).join(','));
+  }
+  const csv = lines.join('\n');
+  res.setHeader('Content-Type', 'text/csv; charset=utf-8');
+  res.setHeader('Content-Disposition', 'attachment; filename="calendar-onekite-accounting.csv"');
+  return res.send(csv);
+};
+
+
+admin.purgeAccounting = async function (req, res) {
+  const qFrom = String((req.query && req.query.from) || '').trim();
+  const qTo = String((req.query && req.query.to) || '').trim();
+  const parseDay = (s) => {
+    if (!/^\d{4}-\d{2}-\d{2}$/.test(s)) return null;
+    const [y, m, d] = s.split('-').map((x) => parseInt(x, 10));
+    const dt = new Date(Date.UTC(y, m - 1, d));
+    const ts = dt.getTime();
+    return Number.isFinite(ts) ? ts : null;
+  };
+  const fromTs = parseDay(qFrom);
+  const toTs = parseDay(qTo);
+
+  const now = new Date();
+  const defaultTo = Date.UTC(now.getUTCFullYear() + 100, 0, 1); // far future
+  const defaultFrom = Date.UTC(1970, 0, 1);
+  const minTs = fromTs ?? defaultFrom;
+  const maxTs = toTs ?? defaultTo;
+
+  const ids = await dbLayer.listAllReservationIds(200000);
+  let purged = 0;
+  const ts = Date.now();
+
+  for (const rid of ids) {
+    const r = await dbLayer.getReservation(rid);
+    if (!r) continue;
+    if (String(r.status) !== 'paid') continue;
+    // Already purged from accounting
+    if (r.accPurgedAt) continue;
+    const start = parseInt(r.start, 10);
+    if (!Number.isFinite(start)) continue;
+    if (start < minTs || start >= maxTs) continue;
+
+    r.accPurgedAt = ts;
+    await dbLayer.saveReservation(r);
+    purged++;
+  }
+
+  return res.json({ ok: true, purged });
+};
+
+
+module.exports = admin;