nodebb-plugin-onekite-calendar 1.0.0

package/lib/widgets.js

@@ -0,0 +1,177 @@
+'use strict';
+
+const nconf = require.main.require('nconf');
+
+function forumBaseUrl() {
+  return String(nconf.get('url') || '').trim().replace(/\/$/, '');
+}
+
+function escapeHtml(s) {
+  return String(s || '')
+    .replace(/&/g, '&')
+    .replace(/</g, '&lt;')
+    .replace(/>/g, '&gt;')
+    .replace(/"/g, '&quot;')
+    .replace(/'/g, '&#39;');
+}
+
+function makeDomId() {
+  const r = Math.floor(Math.random() * 1e9);
+  return `onekite-twoweeks-${Date.now()}-${r}`;
+}
+
+function widgetCalendarUrl() {
+  // Per request, keep the public URL fixed (even if forum base differs)
+  return 'https://www.onekite.com/calendar';
+}
+
+const widgets = {};
+
+widgets.defineWidgets = async function (widgetData) {
+  // NodeBB versions differ:
+  // - Some pass an object: { widgets: [...] }
+  // - Others pass the array directly
+  const list = Array.isArray(widgetData)
+    ? widgetData
+    : (widgetData && Array.isArray(widgetData.widgets) ? widgetData.widgets : null);
+
+  if (!list) {
+    return widgetData;
+  }
+
+  list.push({
+    widget: 'calendar-onekite-twoweeks',
+    name: 'Calendrier OneKite (2 semaines)',
+    description: 'Affiche la semaine courante + la semaine suivante (FullCalendar via CDN).',
+    content: '',
+  });
+
+  return widgetData;
+};
+
+widgets.renderTwoWeeksWidget = async function (data) {
+  // data: { widget, ... }
+  const id = makeDomId();
+  const calUrl = widgetCalendarUrl();
+  const apiBase = forumBaseUrl();
+  const eventsEndpoint = `${apiBase}/api/v3/plugins/calendar-onekite/events`;
+
+  const idJson = JSON.stringify(id);
+  const calUrlJson = JSON.stringify(calUrl);
+  const eventsEndpointJson = JSON.stringify(eventsEndpoint);
+
+  const html = `
+<div class="onekite-twoweeks">
+  <div class="d-flex justify-content-between align-items-center mb-1">
+    <div style="font-weight: 600;">Calendrier</div>
+    <a href="${escapeHtml(calUrl)}" class="btn btn-sm btn-outline-secondary" style="line-height: 1.1;">Ouvrir</a>
+  </div>
+  <div id="${escapeHtml(id)}"></div>
+</div>
+
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/fullcalendar@latest/main.min.css" />
+<script>
+(function(){
+  const containerId = ${idJson};
+  const calUrl = ${calUrlJson};
+  const eventsEndpoint = ${eventsEndpointJson};
+
+  function loadOnce(tag, attrs) {
+    return new Promise((resolve, reject) => {
+      try {
+        const key = attrs && (attrs.id || attrs.href || attrs.src);
+        if (key && document.querySelector((attrs.id ? ('#' + attrs.id) : (attrs.href ? ('link[href="' + attrs.href + '"]') : ('script[src="' + attrs.src + '"]'))))) {
+          resolve();
+          return;
+        }
+        const el = document.createElement(tag);
+        Object.keys(attrs || {}).forEach((k) => el.setAttribute(k, attrs[k]));
+        el.onload = () => resolve();
+        el.onerror = () => reject(new Error('load-failed'));
+        document.head.appendChild(el);
+      } catch (e) {
+        reject(e);
+      }
+    });
+  }
+
+  async function ensureFullCalendar() {
+    if (window.FullCalendar && window.FullCalendar.Calendar) {
+      return;
+    }
+    await loadOnce('script', {
+      id: 'onekite-fullcalendar-global',
+      src: 'https://cdn.jsdelivr.net/npm/fullcalendar@latest/index.global.min.js',
+      async: 'true'
+    });
+    await loadOnce('script', {
+      id: 'onekite-fullcalendar-locales',
+      src: 'https://cdn.jsdelivr.net/npm/@fullcalendar/core@latest/locales-all.global.min.js',
+      async: 'true'
+    });
+  }
+
+  async function init() {
+    const el = document.getElementById(containerId);
+    if (!el) return;
+
+    await ensureFullCalendar();
+
+    // Define a 2-week dayGrid view
+    const calendar = new window.FullCalendar.Calendar(el, {
+      initialView: 'dayGridTwoWeek',
+      views: {
+        dayGridTwoWeek: {
+          type: 'dayGrid',
+          duration: { weeks: 2 },
+          buttonText: '2 semaines',
+        },
+      },
+      locale: 'fr',
+      firstDay: 1,
+      height: 'auto',
+      headerToolbar: {
+        left: 'prev,next',
+        center: 'title',
+        right: '',
+      },
+      navLinks: false,
+      eventTimeFormat: { hour: '2-digit', minute: '2-digit', hour12: false },
+      events: function(info, successCallback, failureCallback) {
+        const qs = new URLSearchParams({ start: info.startStr, end: info.endStr });
+        fetch(eventsEndpoint + '?' + qs.toString(), { credentials: 'same-origin' })
+          .then((r) => r.json())
+          .then((json) => successCallback(json || []))
+          .catch((e) => failureCallback(e));
+      },
+      dateClick: function() {
+        window.location.href = calUrl;
+      },
+      eventClick: function() {
+        window.location.href = calUrl;
+      },
+    });
+
+    calendar.render();
+  }
+
+  // Widgets can be rendered after ajaxify; delay a tick.
+  setTimeout(() => init().catch(() => {}), 0);
+})();
+</script>
+
+<style>
+  .onekite-twoweeks .fc .fc-toolbar-title { font-size: 1rem; }
+  .onekite-twoweeks .fc .fc-button { padding: .2rem .35rem; font-size: .75rem; }
+  .onekite-twoweeks .fc .fc-daygrid-day-number { font-size: .75rem; padding: 2px; }
+  .onekite-twoweeks .fc .fc-col-header-cell-cushion { font-size: .75rem; }
+  .onekite-twoweeks .fc .fc-event-title { font-size: .72rem; }
+</style>
+  `;
+
+  data = data || {};
+  data.html = html;
+  return data;
+};
+
+module.exports = widgets;

package/library.js

@@ -0,0 +1,157 @@
+'use strict';
+
+// We use NodeBB's route helpers for page routes so the rendered page includes
+// the normal client bundle (ajaxify/requirejs). The helper signatures differ
+// across NodeBB versions, but for NodeBB v4.x the order is:
+//   setupPageRoute(router, path, middlewaresArray, handler)
+//   setupAdminPageRoute(router, path, middlewaresArray, handler)
+const routeHelpers = require.main.require('./src/routes/helpers');
+
+const controllers = require('./lib/controllers.js');
+const api = require('./lib/api');
+const admin = require('./lib/admin');
+const scheduler = require('./lib/scheduler');
+const helloassoWebhook = require('./lib/helloassoWebhook');
+const widgets = require('./lib/widgets');
+const bodyParser = require('body-parser');
+
+const Plugin = {};
+
+const isFn = (fn) => typeof fn === 'function';
+const mw = (...fns) => fns.filter(isFn);
+
+Plugin.init = async function (params) {
+  const { router, middleware } = params;
+
+  // Build middleware arrays safely and always spread them into Express route methods.
+  // Express will throw if any callback is undefined, so we filter strictly.
+  // Auth middlewares differ slightly depending on NodeBB configuration.
+  // In v4, some installs rely on middleware.authenticate rather than exposeUid.
+  const baseExpose = mw(middleware && (middleware.authenticate || middleware.exposeUid));
+  const publicExpose = baseExpose;
+  const publicAuth = mw(middleware && (middleware.authenticate || middleware.exposeUid), middleware && middleware.ensureLoggedIn);
+
+  // Robust admin guard: avoid middleware.admin.checkPrivileges() signature differences
+  // across NodeBB versions. We treat membership in the 'administrators' group as admin.
+  const Groups = require.main.require('./src/groups');
+  async function adminOnly(req, res, next) {
+    try {
+      const uid = req.uid || (req.user && req.user.uid) || (req.session && req.session.uid);
+      if (!uid) {
+        return res.status(401).json({ status: { code: 'not-authorized', message: 'Not logged in' } });
+      }
+      const isAdmin = await Groups.isMember(uid, 'administrators');
+      if (!isAdmin) {
+        return res.status(403).json({ status: { code: 'not-authorized', message: 'Not allowed' } });
+      }
+      return next();
+    } catch (err) {
+      return next(err);
+    }
+  }
+  const adminMws = mw(
+    middleware && (middleware.authenticate || middleware.exposeUid),
+    middleware && middleware.ensureLoggedIn,
+    adminOnly
+  );
+
+  // Page routes (HTML)
+  // IMPORTANT: pass an ARRAY for middlewares (even if empty), otherwise
+  // setupPageRoute will throw "middlewares is not iterable".
+  routeHelpers.setupPageRoute(router, '/calendar', mw(), controllers.renderCalendar);
+  routeHelpers.setupAdminPageRoute(router, '/admin/plugins/calendar-onekite', mw(), admin.renderAdmin);
+
+  // Public API (JSON) — NodeBB 4.x only (v3 API)
+  router.get('/api/v3/plugins/calendar-onekite/events', ...publicExpose, api.getEvents);
+  router.get('/api/v3/plugins/calendar-onekite/items', ...publicExpose, api.getItems);
+  router.get('/api/v3/plugins/calendar-onekite/capabilities', ...publicExpose, api.getCapabilities);
+
+  router.post('/api/v3/plugins/calendar-onekite/reservations', ...publicExpose, api.createReservation);
+  router.get('/api/v3/plugins/calendar-onekite/reservations/:rid', ...publicExpose, api.getReservationDetails);
+  router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/approve', ...publicExpose, api.approveReservation);
+  router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/refuse', ...publicExpose, api.refuseReservation);
+  router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/cancel', ...publicExpose, api.cancelReservation);
+
+  router.post('/api/v3/plugins/calendar-onekite/special-events', ...publicExpose, api.createSpecialEvent);
+  router.get('/api/v3/plugins/calendar-onekite/special-events/:eid', ...publicExpose, api.getSpecialEventDetails);
+  router.delete('/api/v3/plugins/calendar-onekite/special-events/:eid', ...publicExpose, api.deleteSpecialEvent);
+
+  // Admin API (JSON)
+  const adminBases = ['/api/v3/admin/plugins/calendar-onekite'];
+
+  adminBases.forEach((base) => {
+    router.get(`${base}/settings`, ...adminMws, admin.getSettings);
+    router.put(`${base}/settings`, ...adminMws, admin.saveSettings);
+
+    router.get(`${base}/pending`, ...adminMws, admin.listPending);
+    router.put(`${base}/reservations/:rid/approve`, ...adminMws, admin.approveReservation);
+    router.put(`${base}/reservations/:rid/refuse`, ...adminMws, admin.refuseReservation);
+
+    router.post(`${base}/purge`, ...adminMws, admin.purgeByYear);
+    router.get(`${base}/debug`, ...adminMws, admin.debugHelloAsso);
+    // Accounting / exports
+    router.get(`${base}/accounting`, ...adminMws, admin.getAccounting);
+    router.get(`${base}/accounting.csv`, ...adminMws, admin.exportAccountingCsv);
+    router.post(`${base}/accounting/purge`, ...adminMws, admin.purgeAccounting);
+
+    // Purge special events by year
+    router.post(`${base}/special-events/purge`, ...adminMws, admin.purgeSpecialEventsByYear);
+  });
+
+  // HelloAsso callback endpoint (hardened)
+  // - Only accepts POST
+  // - Verifies x-ha-signature (HMAC SHA-256) using the configured client secret
+  // - Basic replay protection
+  // NOTE: we capture the raw body for signature verification.
+  const helloassoJson = bodyParser.json({
+    verify: (req, _res, buf) => {
+      req.rawBody = buf;
+    },
+    type: ['application/json', 'application/*+json'],
+  });
+  // Accept webhook on both legacy root path and namespaced plugin path.
+  // Some reverse proxies block unknown root paths, so /plugins/... is recommended.
+  router.post('/helloasso', helloassoJson, helloassoWebhook.handler);
+  router.post('/plugins/calendar-onekite/helloasso', helloassoJson, helloassoWebhook.handler);
+
+  // Optional: health checks
+  router.get('/helloasso', (req, res) => res.json({ ok: true }));
+  router.get('/plugins/calendar-onekite/helloasso', (req, res) => res.json({ ok: true }));
+
+  scheduler.start();
+};
+
+Plugin.addAdminNavigation = async function (header) {
+  header.plugins = header.plugins || [];
+  header.plugins.push({
+    route: '/plugins/calendar-onekite',
+    icon: 'fa-calendar',
+    name: 'Calendar OneKite',
+  });
+  return header;
+};
+
+
+// Ensure our transactional emails always get a subject.
+// NodeBB's Emailer.sendToEmail signature expects (template, email, language, params),
+// so plugins typically inject/modify the subject via this hook.
+Plugin.emailModify = async function (data) {
+  try {
+    if (!data || !data.template) return data;
+    const tpl = String(data.template);
+    if (!tpl.startsWith('calendar-onekite_')) return data;
+
+    // If the caller provided a subject (we pass it in params.subject), copy it to data.subject.
+    const provided = data.params && data.params.subject ? String(data.params.subject) : '';
+    if (provided && (!data.subject || !String(data.subject).trim())) {
+      data.subject = provided;
+    }
+  } catch (e) {}
+  return data;
+};
+
+// Widgets
+Plugin.defineWidgets = widgets.defineWidgets;
+Plugin.renderTwoWeeksWidget = widgets.renderTwoWeeksWidget;
+
+module.exports = Plugin;

package/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "nodebb-plugin-onekite-calendar",
+  "version": "1.0.0",
+  "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
+  "main": "library.js",
+  "license": "MIT",
+  "engines": {
+    "node": ">=18"
+  },
+  "dependencies": {},
+  "nbbpm": {
+    "compatibility": "^4.0.0"
+  }
+}

package/plugin.json

@@ -0,0 +1,43 @@
+{
+  "id": "nodebb-plugin-calendar-onekite",
+  "name": "Calendar OneKite",
+  "description": "Equipment reservation calendar (FullCalendar) with admin approval & HelloAsso checkout",
+  "url": "https://www.onekite.com/calendar",
+  "hooks": [
+    {
+      "hook": "static:app.load",
+      "method": "init"
+    },
+    {
+      "hook": "filter:admin.header.build",
+      "method": "addAdminNavigation"
+    },
+    {
+      "hook": "filter:email.modify",
+      "method": "emailModify"
+    },
+    {
+      "hook": "filter:widgets.getWidgets",
+      "method": "defineWidgets"
+    },
+    {
+      "hook": "filter:widget.render:calendar-onekite-twoweeks",
+      "method": "renderTwoWeeksWidget"
+    }
+  ],
+  "staticDirs": {
+    "public": "./public"
+  },
+  "templates": "./templates",
+  "modules": {
+    "../admin/plugins/calendar-onekite.js": "./public/admin.js",
+    "admin/plugins/calendar-onekite": "./public/admin.js"
+  },
+  "scripts": [
+    "public/client.js"
+  ],
+  "acpScripts": [
+    "public/admin.js"
+  ],
+  "version": "1.3.5"
+}