nodebb-plugin-onekite-calendar 2.0.11 → 2.0.13

package/pkg/package/lib/helloasso.js

@@ -0,0 +1,352 @@
+'use strict';
+
+const https = require('https');
+
+function requestJson(method, url, headers = {}, bodyObj = null) {
+  return new Promise((resolve) => {
+    const u = new URL(url);
+    const body = bodyObj ? JSON.stringify(bodyObj) : null;
+
+    const req = https.request(
+      {
+        method,
+        hostname: u.hostname,
+        port: u.port || 443,
+        path: u.pathname + u.search,
+        headers: {
+          Accept: 'application/json',
+          'Content-Type': 'application/json',
+          ...(body ? { 'Content-Length': Buffer.byteLength(body) } : {}),
+          ...headers,
+        },
+      },
+      (resp) => {
+        let data = '';
+        resp.setEncoding('utf8');
+        resp.on('data', (chunk) => { data += chunk; });
+        resp.on('end', () => {
+          const status = resp.statusCode || 0;
+
+          // Try JSON first, but never throw from here (avoid crashing NodeBB).
+          try {
+            const json = data ? JSON.parse(data) : null;
+            return resolve({ status, json });
+          } catch (e) {
+            // Non-JSON response (HTML/proxy error/etc.)
+            const snippet = String(data || '').slice(0, 500);
+            return resolve({ status, json: null, raw: snippet });
+          }
+        });
+      }
+    );
+
+    req.on('error', (err) => {
+      resolve({ status: 0, json: null, error: err && err.message ? err.message : String(err) });
+    });
+    if (body) req.write(body);
+    req.end();
+  });
+}
+
+function baseUrl(env) {
+  return env === 'sandbox'
+    ? 'https://api.helloasso-sandbox.com'
+    : 'https://api.helloasso.com';
+}
+
+// In-memory access token cache (per NodeBB process)
+let _tokenCache = { token: null, expiresAt: 0 };
+let _tokenInFlight = null;
+
+function _sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+function _tokenLooksValid() {
+  // Refresh 60s before expiration to avoid edge cases
+  return !!(_tokenCache.token && Date.now() < (_tokenCache.expiresAt - 60_000));
+}
+
+function _isRateLimited(status, parsedJson, bodySnippet) {
+  if (status === 429) return true;
+  const snip = String(bodySnippet || '').toLowerCase();
+  if (snip.includes('1015')) return true; // Cloudflare rate limited
+  if (parsedJson && typeof parsedJson === 'object') {
+    const j = JSON.stringify(parsedJson).toLowerCase();
+    if (j.includes('1015')) return true;
+    if (j.includes('rate') && j.includes('limit')) return true;
+  }
+  return false;
+}
+
+function _retryAfterMs(headers) {
+  if (!headers) return 0;
+  const ra = headers['retry-after'] || headers['Retry-After'];
+  if (!ra) return 0;
+  const n = parseInt(Array.isArray(ra) ? ra[0] : String(ra), 10);
+  if (!Number.isFinite(n) || n <= 0) return 0;
+  return Math.min(120_000, n * 1000);
+}
+
+function _requestAccessTokenRaw({ env, clientId, clientSecret }) {
+  const url = `${baseUrl(env)}/oauth2/token`;
+  const body = new URLSearchParams({
+    grant_type: 'client_credentials',
+    client_id: clientId,
+    client_secret: clientSecret,
+  }).toString();
+
+  return new Promise((resolve) => {
+    try {
+      const u = new URL(url);
+      const req = https.request(
+        {
+          method: 'POST',
+          hostname: u.hostname,
+          port: u.port || 443,
+          path: u.pathname + u.search,
+          headers: {
+            'Accept': 'application/json',
+            'Content-Type': 'application/x-www-form-urlencoded',
+            'Content-Length': Buffer.byteLength(body),
+          },
+        },
+        (res) => {
+          let data = '';
+          res.setEncoding('utf8');
+          res.on('data', (chunk) => (data += chunk));
+          res.on('end', () => {
+            const status = res.statusCode || 0;
+            const headers = res.headers || {};
+            const snippet = String(data || '').slice(0, 1000);
+            resolve({ status, headers, bodyText: data || '', snippet });
+          });
+        }
+      );
+      req.on('error', (err) => {
+        resolve({ status: 0, headers: {}, bodyText: '', snippet: err && err.message ? String(err.message) : String(err) });
+      });
+      req.write(body);
+      req.end();
+    } catch (e) {
+      resolve({ status: 0, headers: {}, bodyText: '', snippet: e && e.message ? String(e.message) : String(e) });
+    }
+  });
+}
+
+async function _fetchAccessTokenWithRetry(params) {
+  // 3 attempts max with exponential backoff on rate-limit/network
+  for (let attempt = 0; attempt < 3; attempt++) {
+    const { status, headers, bodyText, snippet } = await _requestAccessTokenRaw(params);
+
+    // 2xx: parse and return token (+ cache expiry)
+    if (status >= 200 && status < 300) {
+      try {
+        const json = JSON.parse(bodyText || '{}');
+        const token = json && json.access_token ? String(json.access_token) : null;
+        const expiresIn = parseInt(json && json.expires_in ? String(json.expires_in) : '3600', 10) || 3600;
+        if (token) {
+          const expiresAt = Date.now() + Math.max(60, expiresIn) * 1000;
+          return { token, expiresAt };
+        }
+        return { token: null, expiresAt: 0 };
+      } catch (e) {
+        return { token: null, expiresAt: 0 };
+      }
+    }
+
+    // Non-2xx: decide whether to retry
+    let parsed = null;
+    try { parsed = bodyText ? JSON.parse(bodyText) : null; } catch (e) { /* ignore */ }
+
+    const rateLimited = _isRateLimited(status, parsed, snippet);
+    const networkish = status === 0;
+
+    if ((rateLimited || networkish) && attempt < 2) {
+      const base = 1500 * (2 ** attempt);
+      const ra = _retryAfterMs(headers);
+      const jitter = Math.floor(Math.random() * 250);
+      const waitMs = Math.min(60_000, Math.max(base, ra) + jitter);
+      await _sleep(waitMs);
+      continue;
+    }
+
+    return { token: null, expiresAt: 0 };
+  }
+
+  return { token: null, expiresAt: 0 };
+}
+
+async function getAccessToken({ env, clientId, clientSecret }) {
+  if (!clientId || !clientSecret) return null;
+
+  if (_tokenLooksValid()) return _tokenCache.token;
+
+  // De-duplicate concurrent token requests (prevents bursts -> 429/1015)
+  if (_tokenInFlight) return _tokenInFlight;
+
+  _tokenInFlight = (async () => {
+    const { token, expiresAt } = await _fetchAccessTokenWithRetry({ env, clientId, clientSecret });
+    if (token) {
+      _tokenCache = { token, expiresAt };
+    }
+    return token || null;
+  })();
+
+  try {
+    return await _tokenInFlight;
+  } finally {
+    _tokenInFlight = null;
+  }
+}
+
+async function listItems({ env, token, organizationSlug, formType, formSlug }) {
+  if (!token || !organizationSlug || !formType || !formSlug) return [];
+  // This endpoint returns *sold items* (i.e., items present in orders). If your shop has
+  // no sales yet, it will legitimately return an empty list.
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(organizationSlug)}/forms/${encodeURIComponent(formType)}/${encodeURIComponent(formSlug)}/items?pageIndex=1&pageSize=200`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300 && json) {
+    return json.data || json.items || [];
+  }
+  return [];
+}
+
+async function getFormPublic({ env, token, organizationSlug, formType, formSlug }) {
+  if (!token || !organizationSlug || !formType || !formSlug) return null;
+  // Public form details contains extraOptions/customFields and (for Shop) usually the catalog structure.
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(organizationSlug)}/forms/${encodeURIComponent(formType)}/${encodeURIComponent(formSlug)}/public`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300) {
+    return json || null;
+  }
+  return null;
+}
+
+function extractCatalogItems(publicFormJson) {
+  if (!publicFormJson || typeof publicFormJson !== 'object') return [];
+
+  // Try a few common shapes used in HelloAsso "public" form responses.
+  const candidates = [];
+  const pushArr = (arr) => {
+    if (Array.isArray(arr)) candidates.push(...arr);
+  };
+
+  pushArr(publicFormJson.items);
+  pushArr(publicFormJson.tiers);
+  pushArr(publicFormJson.products);
+  pushArr(publicFormJson.data);
+  if (publicFormJson.form) {
+    pushArr(publicFormJson.form.items);
+    pushArr(publicFormJson.form.tiers);
+    pushArr(publicFormJson.form.products);
+  }
+
+  // Some responses nest in "campaign" or "publicForm".
+  if (publicFormJson.publicForm) {
+    pushArr(publicFormJson.publicForm.items);
+    pushArr(publicFormJson.publicForm.tiers);
+    pushArr(publicFormJson.publicForm.products);
+  }
+  if (publicFormJson.campaign) {
+    pushArr(publicFormJson.campaign.items);
+    pushArr(publicFormJson.campaign.tiers);
+    pushArr(publicFormJson.campaign.products);
+  }
+
+  // Normalize to { id, name, price }
+  return candidates
+    .map((it) => {
+      if (!it || typeof it !== 'object') return null;
+      const id = it.id ?? it.itemId ?? it.tierId;
+      const name = it.name ?? it.label ?? it.title;
+      const price =
+        (it.amount && (it.amount.total ?? it.amount.value)) ??
+        it.price ??
+        it.unitPrice ??
+        it.totalAmount ??
+        it.initialAmount;
+      if (!id || !name) return null;
+      return { id, name, price: typeof price === 'number' ? price : 0, raw: it };
+    })
+    .filter(Boolean);
+}
+
+async function listCatalogItems({ env, token, organizationSlug, formType, formSlug }) {
+  const publicForm = await getFormPublic({ env, token, organizationSlug, formType, formSlug });
+  const extracted = extractCatalogItems(publicForm);
+  return {
+    publicForm,
+    items: extracted.map(({ id, name, price, raw }) => ({ id, name, price, raw })),
+  };
+}
+
+async function createCheckoutIntent({ env, token, organizationSlug, formType, formSlug, totalAmount, payerEmail, callbackUrl, webhookUrl, itemName, containsDonation, metadata }) {
+  if (!token || !organizationSlug) return null;
+  if (!callbackUrl || !/^https?:\/\//i.test(String(callbackUrl))) {
+    console.warn('[calendar-onekite] HelloAsso invalid return/back/error URL', { callbackUrl });
+    return null;
+  }
+  if (webhookUrl && !/^https?:\/\//i.test(String(webhookUrl))) {
+    console.warn('[calendar-onekite] HelloAsso invalid webhook URL', { webhookUrl });
+  }
+  // Checkout intents are created at organization level.
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(organizationSlug)}/checkout-intents`;
+  const payload = {
+    totalAmount: totalAmount,
+    initialAmount: totalAmount,
+    itemName: itemName || 'Réservation matériel',
+    containsDonation: (typeof containsDonation === 'boolean' ? containsDonation : false),
+    payer: payerEmail ? { email: payerEmail } : undefined,
+    metadata: metadata || undefined,
+    backUrl: callbackUrl || '',
+    errorUrl: callbackUrl || '',
+    returnUrl: callbackUrl || '',
+    notificationUrl: webhookUrl || callbackUrl || '',
+  };
+  const { status, json } = await requestJson('POST', url, { Authorization: `Bearer ${token}` }, payload);
+  if (status >= 200 && status < 300 && json) {
+    return { paymentUrl: (json.redirectUrl || json.checkoutUrl || json.url || null), checkoutIntentId: (json.id || json.checkoutIntentId || null), raw: json };
+  }
+  // Log the error payload to help diagnose configuration issues (slug, env, urls, amount, etc.)
+  try {
+    // eslint-disable-next-line no-console
+    console.warn('[calendar-onekite] HelloAsso checkout-intent failed', { status, json });
+  } catch (e) { /* ignore */ }
+  return null;
+}
+
+// Fetch detailed payment information (used to recover metadata when webhook payload is incomplete)
+// HelloAsso exposes GET /payments/{paymentId} in its v5 API.
+async function getPaymentDetails({ env, token, paymentId }) {
+  if (!token || !paymentId) return null;
+  const url = `${baseUrl(env)}/v5/payments/${encodeURIComponent(String(paymentId))}`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300) {
+    return json || null;
+  }
+  return null;
+}
+
+
+
+async function getCheckoutIntentDetails({ env, token, organizationSlug, checkoutIntentId }) {
+  if (!token || !organizationSlug || !checkoutIntentId) return null;
+  const url = `${baseUrl(env)}/v5/organizations/${encodeURIComponent(String(organizationSlug))}/checkout-intents/${encodeURIComponent(String(checkoutIntentId))}`;
+  const { status, json } = await requestJson('GET', url, { Authorization: `Bearer ${token}` });
+  if (status >= 200 && status < 300) {
+    return json || null;
+  }
+  return null;
+}
+
+module.exports = {
+  getAccessToken,
+  listItems,
+  getFormPublic,
+  extractCatalogItems,
+  listCatalogItems,
+  createCheckoutIntent,
+  getPaymentDetails,
+  getCheckoutIntentDetails,
+};