nodebb-plugin-onekite-calendar 2.0.31 → 2.0.33

package/pkg/package/lib/admin.js

@@ -1,698 +0,0 @@
-'use strict';
-
-const meta = require.main.require('./src/meta');
-const user = require.main.require('./src/user');
-const emailer = require.main.require('./src/emailer');
-const nconf = require.main.require('nconf');
-
-function forumBaseUrl() {
-  const base = String(nconf.get('url') || '').trim().replace(/\/$/, '');
-  return base;
-}
-
-function formatFR(tsOrIso) {
-  const d = new Date(typeof tsOrIso === 'string' && /^[0-9]+$/.test(tsOrIso) ? parseInt(tsOrIso, 10) : tsOrIso);
-  const dd = String(d.getDate()).padStart(2, '0');
-  const mm = String(d.getMonth() + 1).padStart(2, '0');
-  const yyyy = d.getFullYear();
-  return `${dd}/${mm}/${yyyy}`;
-}
-
-function buildHelloAssoItemName(baseLabel, itemNames, start, end) {
-  const base = String(baseLabel || 'Réservation matériel Onekite').trim();
-  const items = Array.isArray(itemNames) ? itemNames.map((s) => String(s || '').trim()).filter(Boolean) : [];
-  const range = (start && end) ? `Du ${formatFR(start)} au ${formatFR(end)}` : '';
-  const lines = [base];
-  items.forEach((it) => lines.push(`• ${it}`));
-  if (range) lines.push(range);
-  let out = lines.join('\n').trim();
-  if (out.length > 250) {
-    out = out.slice(0, 249).trimEnd() + '…';
-  }
-  return out;
-}
-
-async function sendEmail(template, uid, subject, data) {
-  const toUid = Number.isInteger(uid) ? uid : (uid ? parseInt(uid, 10) : NaN);
-  if (!Number.isInteger(toUid) || toUid <= 0) return;
-
-  const params = Object.assign({}, data || {}, subject ? { subject } : {});
-
-  try {
-    if (typeof emailer.send !== 'function') return;
-    // NodeBB 4.x: send(template, uid, params)
-    // Do NOT branch on function.length (unreliable once wrapped/bound).
-    await emailer.send(template, toUid, params);
-  } catch (err) {
-    console.warn('[calendar-onekite] Failed to send email', {
-      template,
-      uid: toUid,
-      err: err && err.message ? err.message : String(err),
-    });
-  }
-}
-
-function normalizeCallbackUrl(configured, meta) {
-  const base = (meta && meta.config && (meta.config.url || meta.config['url'])) ? (meta.config.url || meta.config['url']) : '';
-  let url = (configured || '').trim();
-  if (!url) {
-    url = base ? `${base}/helloasso` : '';
-  }
-  if (url && url.startsWith('/') && base) {
-    url = `${base}${url}`;
-  }
-  return url;
-}
-
-function normalizeReturnUrl(meta) {
-  const base = (meta && meta.config && (meta.config.url || meta.config['url'])) ? (meta.config.url || meta.config['url']) : '';
-  const b = String(base || '').trim().replace(/\/$/, '');
-  if (!b) return '';
-  return `${b}/calendar`;
-}
-
-
-const dbLayer = require('./db');
-const helloasso = require('./helloasso');
-
-const ADMIN_PRIV = 'admin:settings';
-
-const admin = {};
-
-admin.renderAdmin = async function (req, res) {
-  res.render('admin/plugins/calendar-onekite', {
-    title: 'Calendar Onekite',
-  });
-};
-
-admin.getSettings = async function (req, res) {
-  const settings = await meta.settings.get('calendar-onekite');
-  res.json(settings || {});
-};
-
-admin.saveSettings = async function (req, res) {
-  await meta.settings.set('calendar-onekite', req.body || {});
-  res.json({ ok: true });
-};
-
-admin.listPending = async function (req, res) {
-  const ids = await dbLayer.listAllReservationIds(5000);
-  // Batch fetch to avoid N DB round-trips.
-  const rows = await dbLayer.getReservations(ids);
-  const pending = (rows || []).filter(r => r && r.status === 'pending');
-  pending.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
-
-  // Enrich with user info for ACP display (username + userslug)
-  try {
-    const uids = Array.from(new Set(pending
-      .map(r => r && r.uid)
-      .map(v => (v ? parseInt(v, 10) : NaN))
-      .filter(v => Number.isInteger(v) && v > 0)));
-
-    if (uids.length) {
-      // user.getUsersFields exists in NodeBB 4.x
-      const users = await user.getUsersFields(uids, ['uid', 'username', 'userslug']);
-      const byUid = new Map((users || []).filter(Boolean).map(u => [String(u.uid), u]));
-      for (const r of pending) {
-        const u = byUid.get(String(r.uid));
-        if (u) {
-          r.username = u.username || r.username || '';
-          r.userslug = u.userslug || r.userslug || '';
-        }
-      }
-    }
-  } catch (e) {
-    // Best-effort only; keep API working even if user lookups fail
-  }
-
-  res.json(pending);
-};
-
-admin.approveReservation = async function (req, res) {
-  const rid = req.params.rid;
-  const r = await dbLayer.getReservation(rid);
-  if (!r) return res.status(404).json({ error: 'not-found' });
-
-  r.status = 'awaiting_payment';
-  r.pickupAddress = String((req.body && (req.body.pickupAddress || req.body.adminNote || req.body.note)) || '').trim();
-  r.notes = String((req.body && req.body.notes) || '').trim();
-  r.pickupTime = String((req.body && (req.body.pickupTime || req.body.pickup)) || '').trim();
-  r.pickupLat = String((req.body && req.body.pickupLat) || '').trim();
-  r.pickupLon = String((req.body && req.body.pickupLon) || '').trim();
-  r.approvedAt = Date.now();
-
-  try {
-    const approver = await user.getUserFields(req.uid, ['username']);
-    r.approvedBy = req.uid;
-    r.approvedByUsername = approver && approver.username ? approver.username : '';
-  } catch (e) {
-    r.approvedBy = req.uid;
-    r.approvedByUsername = '';
-  }
-
-  // Create HelloAsso payment link if configured
-  const settings = await meta.settings.get('calendar-onekite');
-  const env = settings.helloassoEnv || 'prod';
-  const token = await helloasso.getAccessToken({
-    env,
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-        if (!token) {
-
-        }
-
-  let paymentUrl = null;
-  if (token) {
-    const requester = await user.getUserFields(r.uid, ['username', 'email']);
-    // r.total is stored as an estimated total in euros; HelloAsso expects cents.
-    const totalAmount = Math.max(0, Math.round((Number(r.total) || 0) * 100));
-    const base = forumBaseUrl();
-    const returnUrl = base ? `${base}/calendar` : '';
-    const webhookUrl = base ? `${base}/plugins/calendar-onekite/helloasso` : '';
-    const year = new Date(Number(r.start)).getFullYear();
-    const intent = await helloasso.createCheckoutIntent({
-      env,
-      token,
-      organizationSlug: settings.helloassoOrganizationSlug,
-      formType: settings.helloassoFormType,
-      // Form slug is derived from the year
-      formSlug: `locations-materiel-${year}`,
-      totalAmount,
-      payerEmail: requester && requester.email,
-      // User return/back/error URLs must be real pages; webhook uses the plugin endpoint.
-      callbackUrl: returnUrl,
-      webhookUrl: webhookUrl,
-      itemName: buildHelloAssoItemName('Réservation matériel Onekite', r.itemNames || (r.itemName ? [r.itemName] : []), r.start, r.end),
-      containsDonation: false,
-      metadata: {
-        reservationId: String(rid),
-        items: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])).filter(Boolean),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-      },
-    });
-    paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl)
-      ? (intent.paymentUrl || intent.redirectUrl)
-      : (typeof intent === 'string' ? intent : null);
-    if (intent && intent.checkoutIntentId) {
-      r.checkoutIntentId = intent.checkoutIntentId;
-    }
-    }
-
-  if (paymentUrl) {
-    r.paymentUrl = paymentUrl;
-  } else {
-    console.warn('[calendar-onekite] HelloAsso payment link not created (approve ACP)', { rid });
-  }
-
-  await dbLayer.saveReservation(r);
-
-  // Email requester
-  try {
-    const requesterUid = parseInt(r.uid, 10);
-    const requester = await user.getUserFields(requesterUid, ['username']);
-    if (requesterUid) {
-      const latNum = Number(r.pickupLat);
-      const lonNum = Number(r.pickupLon);
-      const mapUrl = (Number.isFinite(latNum) && Number.isFinite(lonNum))
-        ? `https://www.openstreetmap.org/?mlat=${encodeURIComponent(String(latNum))}&mlon=${encodeURIComponent(String(lonNum))}#map=18/${encodeURIComponent(String(latNum))}/${encodeURIComponent(String(lonNum))}`
-        : '';
-      await sendEmail('calendar-onekite_approved', requesterUid, 'Location matériel - Réservation validée', {
-        uid: requesterUid,
-        username: requester && requester.username ? requester.username : '',
-        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-        paymentUrl: paymentUrl || '',
-        pickupAddress: r.pickupAddress || '',
-        notes: r.notes || '',
-        pickupTime: r.pickupTime || '',
-        pickupLat: r.pickupLat || '',
-        pickupLon: r.pickupLon || '',
-        mapUrl,
-        validatedBy: r.approvedByUsername || '',
-        validatedByUrl: (r.approvedByUsername ? `https://www.onekite.com/user/${encodeURIComponent(String(r.approvedByUsername))}` : ''),
-      });
-    }
-  } catch (e) {}
-
-  res.json({ ok: true, paymentUrl: paymentUrl || null });
-};
-
-admin.refuseReservation = async function (req, res) {
-  const rid = req.params.rid;
-  const r = await dbLayer.getReservation(rid);
-  if (!r) return res.status(404).json({ error: 'not-found' });
-
-  r.status = 'refused';
-  r.refusedAt = Date.now();
-  r.refusedReason = String((req.body && (req.body.reason || req.body.refusedReason || req.body.refuseReason)) || '').trim();
-  await dbLayer.saveReservation(r);
-
-  try {
-    const requesterUid = parseInt(r.uid, 10);
-    const requester = await user.getUserFields(requesterUid, ['username']);
-    if (requesterUid) {
-      await sendEmail('calendar-onekite_refused', requesterUid, 'Location matériel - Réservation refusée', {
-        uid: requesterUid,
-        username: requester && requester.username ? requester.username : '',
-        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-        start: formatFR(r.start),
-        end: formatFR(r.end),
-        refusedReason: r.refusedReason || '',
-      });
-    }
-  } catch (e) {}
-
-  res.json({ ok: true });
-};
-
-admin.purgeByYear = async function (req, res) {
-  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
-  if (!/^\d{4}$/.test(year)) {
-    return res.status(400).json({ error: 'invalid-year' });
-  }
-  const y = parseInt(year, 10);
-  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
-  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
-
-  const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 100000);
-  let removed = 0;
-  for (const rid of ids) {
-    const r = await dbLayer.getReservation(rid);
-    if (!r) continue;
-
-    await dbLayer.removeReservation(rid);
-    removed++;
-  }
-  res.json({ ok: true, removed });
-};
-
-admin.purgeSpecialEventsByYear = async function (req, res) {
-  const year = (req.body && req.body.year ? String(req.body.year) : '').trim();
-  if (!/^\d{4}$/.test(year)) {
-    return res.status(400).json({ error: 'invalid-year' });
-  }
-  const y = parseInt(year, 10);
-  const startTs = new Date(Date.UTC(y, 0, 1)).getTime();
-  const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
-
-  const ids = await dbLayer.listSpecialIdsByStartRange(startTs, endTs, 100000);
-  let count = 0;
-  for (const eid of ids) {
-    await dbLayer.removeSpecialEvent(eid);
-    count++;
-  }
-  return res.json({ ok: true, removed: count });
-};
-
-// Debug endpoint to validate HelloAsso connectivity and item loading
-
-
-admin.debugHelloAsso = async function (req, res) {
-  const settings = await meta.settings.get('calendar-onekite');
-  const env = (settings && settings.helloassoEnv) || 'prod';
-
-  // Never expose secrets in debug output
-  const safeSettings = {
-    helloassoEnv: env,
-    helloassoClientId: settings && settings.helloassoClientId ? String(settings.helloassoClientId) : '',
-    helloassoClientSecret: settings && settings.helloassoClientSecret ? '***' : '',
-    helloassoOrganizationSlug: settings && settings.helloassoOrganizationSlug ? String(settings.helloassoOrganizationSlug) : '',
-    helloassoFormType: settings && settings.helloassoFormType ? String(settings.helloassoFormType) : '',
-    helloassoFormSlug: settings && settings.helloassoFormSlug ? String(settings.helloassoFormSlug) : '',
-  };
-
-  const out = {
-    ok: true,
-    settings: safeSettings,
-    token: { ok: false },
-    // Catalog = what you actually want for a shop (available products/material)
-    catalog: { ok: false, count: 0, sample: [], keys: [] },
-    // Sold items = items present in orders (can be 0 if no sales yet)
-    soldItems: { ok: false, count: 0, sample: [] },
-  };
-
-  try {
-    const token = await helloasso.getAccessToken({
-      env,
-      clientId: settings.helloassoClientId,
-      clientSecret: settings.helloassoClientSecret,
-    });
-    if (!token) {
-      out.token = { ok: false, error: 'token-null' };
-      return res.json(out);
-    }
-    out.token = { ok: true };
-
-    // Catalog items (via /public)
-    try {
-      const y = new Date().getFullYear();
-      const { publicForm, items } = await helloasso.listCatalogItems({
-        env,
-        token,
-        organizationSlug: settings.helloassoOrganizationSlug,
-        formType: settings.helloassoFormType,
-        formSlug: `locations-materiel-${y}`,
-      });
-
-      const arr = Array.isArray(items) ? items : [];
-      out.catalog.ok = true;
-      out.catalog.count = arr.length;
-      out.catalog.keys = publicForm && typeof publicForm === 'object' ? Object.keys(publicForm) : [];
-      out.catalog.sample = arr.slice(0, 10).map((it) => ({
-        id: it.id,
-        name: it.name,
-        price: it.price ?? null,
-      }));
-    } catch (e) {
-      out.catalog = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [], keys: [] };
-    }
-
-    // Sold items
-    try {
-      const y2 = new Date().getFullYear();
-      const items = await helloasso.listItems({
-        env,
-        token,
-        organizationSlug: settings.helloassoOrganizationSlug,
-        formType: settings.helloassoFormType,
-        formSlug: `locations-materiel-${y2}`,
-      });
-      const arr = Array.isArray(items) ? items : [];
-      out.soldItems.ok = true;
-      out.soldItems.count = arr.length;
-      out.soldItems.sample = arr.slice(0, 10).map((it) => ({
-        id: it.id || it.itemId || it.reference || it.name,
-        name: it.name || it.label || it.itemName,
-        price: it.price || it.amount || it.unitPrice || null,
-      }));
-    } catch (e) {
-      out.soldItems = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [] };
-    }
-
-    return res.json(out);
-  } catch (e) {
-    out.ok = false;
-    out.token = { ok: false, error: String(e && e.message ? e.message : e) };
-    return res.json(out);
-  }
-};
-
-// Accounting endpoint: aggregates paid reservations so you can contabilize what was rented.
-// Query params:
-//   from=YYYY-MM-DD (inclusive, based on reservation.start)
-//   to=YYYY-MM-DD (exclusive, based on reservation.start)
-admin.getAccounting = async function (req, res) {
-  const qFrom = String((req.query && req.query.from) || '').trim();
-  const qTo = String((req.query && req.query.to) || '').trim();
-  const parseDay = (s) => {
-    if (!/^\d{4}-\d{2}-\d{2}$/.test(s)) return null;
-    const [y, m, d] = s.split('-').map((x) => parseInt(x, 10));
-    const dt = new Date(Date.UTC(y, m - 1, d));
-    const ts = dt.getTime();
-    return Number.isFinite(ts) ? ts : null;
-  };
-  const fromTs = parseDay(qFrom);
-  const toTs = parseDay(qTo);
-
-  // Default: last 12 months (UTC)
-  const now = new Date();
-  const defaultTo = Date.UTC(now.getUTCFullYear(), now.getUTCMonth() + 1, 1);
-  const defaultFrom = Date.UTC(now.getUTCFullYear() - 1, now.getUTCMonth() + 1, 1);
-  const minTs = fromTs ?? defaultFrom;
-  const maxTs = toTs ?? defaultTo;
-
-  const ids = await dbLayer.listAllReservationIds(100000);
-  const rows = [];
-  const byItem = new Map();
-  let freeCount = 0;
-  let paidCount = 0;
-  let grandTotal = 0;
-
-  // Helper: calendar-day difference (end exclusive) from YYYY-MM-DD strings (UTC midnights).
-  const calendarDaysExclusiveYmd = (startYmd, endYmd) => {
-    try {
-      const s = String(startYmd || '').trim();
-      const e = String(endYmd || '').trim();
-      if (!/^\d{4}-\d{2}-\d{2}$/.test(s) || !/^\d{4}-\d{2}-\d{2}$/.test(e)) return null;
-      const [sy, sm, sd] = s.split('-').map((x) => parseInt(x, 10));
-      const [ey, em, ed] = e.split('-').map((x) => parseInt(x, 10));
-      const sUtc = Date.UTC(sy, sm - 1, sd);
-      const eUtc = Date.UTC(ey, em - 1, ed);
-      const diff = Math.floor((eUtc - sUtc) / (24 * 60 * 60 * 1000));
-      return Math.max(1, diff);
-    } catch (e) {
-      return null;
-    }
-  };
-
-  const yearFromTs = (ts) => {
-    const d = new Date(Number(ts));
-    return Number.isFinite(d.getTime()) ? d.getFullYear() : new Date().getFullYear();
-  };
-  const formSlugForYear = (y) => `locations-materiel-${y}`;
-
-  // Cache HelloAsso catalog price lookups by year to compute *per-item* totals.
-  // This prevents a bug where the full reservation total was previously counted on every item line.
-  let settingsCache = null;
-  let tokenCache = null;
-  const catalogByYear = new Map(); // year -> Map(itemId -> priceCents)
-  const getCatalogPriceMapForYear = async (year) => {
-    const y = Number(year);
-    if (!Number.isFinite(y)) return null;
-    if (catalogByYear.has(y)) return catalogByYear.get(y);
-    try {
-      if (!settingsCache) settingsCache = await meta.settings.get('calendar-onekite');
-      if (!settingsCache || !settingsCache.helloassoClientId || !settingsCache.helloassoClientSecret || !settingsCache.helloassoOrganizationSlug || !settingsCache.helloassoFormType) {
-        catalogByYear.set(y, null);
-        return null;
-      }
-      if (!tokenCache) {
-        tokenCache = await helloasso.getAccessToken({
-          env: settingsCache.helloassoEnv || 'prod',
-          clientId: settingsCache.helloassoClientId,
-          clientSecret: settingsCache.helloassoClientSecret,
-        });
-      }
-      if (!tokenCache) {
-        catalogByYear.set(y, null);
-        return null;
-      }
-
-      const { items: catalog } = await helloasso.listCatalogItems({
-        env: settingsCache.helloassoEnv,
-        token: tokenCache,
-        organizationSlug: settingsCache.helloassoOrganizationSlug,
-        formType: settingsCache.helloassoFormType,
-        formSlug: formSlugForYear(y),
-      });
-      const byId = new Map((catalog || []).map((it) => [String(it.id), (typeof it.price === 'number' ? it.price : 0)]));
-      catalogByYear.set(y, byId);
-      return byId;
-    } catch (e) {
-      catalogByYear.set(y, null);
-      return null;
-    }
-  };
-
-  for (const rid of ids) {
-    const r = await dbLayer.getReservation(rid);
-    if (!r) continue;
-    if (String(r.status) !== 'paid') continue;
-    // Defensive: if a reservation was cancelled but its status remained 'paid'
-    // (legacy data / edge cases), never count it in accounting.
-    if (r.cancelledAt) continue;
-    if (r.accPurgedAt) continue;
-    const start = parseInt(r.start, 10);
-    if (!Number.isFinite(start)) continue;
-    if (start < minTs || start >= maxTs) continue;
-
-    const itemNames = Array.isArray(r.itemNames) && r.itemNames.length
-      ? r.itemNames
-      : (r.itemName ? [r.itemName] : []);
-
-    const isFree = !!r.isFree;
-    const total = isFree ? 0 : (Number(r.total) || 0);
-    const startDate = formatFR(r.start);
-    const endDate = formatFR(r.end);
-
-    if (isFree) {
-      freeCount += 1;
-    } else {
-      paidCount += 1;
-      grandTotal += total;
-    }
-
-    rows.push({
-      rid: r.rid,
-      uid: r.uid,
-      username: r.username || '',
-      start: r.start,
-      end: r.end,
-      startDate,
-      endDate,
-      items: itemNames,
-      total,
-      paidAt: r.paidAt || '',
-      isFree,
-    });
-
-    // Only count paid (non-free) reservations into revenue by item.
-    if (!isFree) {
-      // Compute per-item totals (price_per_day * calendar_days) when possible.
-      // Fallback: split reservation total equally across items.
-      const idsForRes = (Array.isArray(r.itemIds) && r.itemIds.length) ? r.itemIds.map(String) : (r.itemId ? [String(r.itemId)] : []);
-      const days = calendarDaysExclusiveYmd(r.startDate, r.endDate) || 1;
-      const year = yearFromTs(start);
-
-      let perItemTotals = null; // Map(itemId -> euros)
-      const priceMap = await getCatalogPriceMapForYear(year);
-      if (priceMap && idsForRes.length) {
-        const m = new Map();
-        for (const id of idsForRes) {
-          const cents = priceMap.get(String(id)) || 0;
-          if (cents > 0) {
-            m.set(String(id), (cents * days) / 100);
-          }
-        }
-        // Use catalog-based totals only if we got at least one valid price.
-        if (m.size) perItemTotals = m;
-      }
-
-      const nItems = Math.max(1, itemNames.length || idsForRes.length || 1);
-      const fallbackEach = (Number(total) || 0) / nItems;
-
-      // Aggregate by *display name* (stable for admins), using the computed per-item totals.
-      // If we have ids and names, we try to align by index; otherwise we apply fallback.
-      for (let i = 0; i < itemNames.length; i++) {
-        const name = itemNames[i];
-        const key = String(name || '').trim();
-        if (!key) continue;
-        const id = idsForRes[i] != null ? String(idsForRes[i]) : null;
-        const per = (id && perItemTotals && perItemTotals.has(String(id))) ? perItemTotals.get(String(id)) : fallbackEach;
-        const cur = byItem.get(key) || { item: key, count: 0, total: 0 };
-        cur.count += 1;
-        cur.total += (Number(per) || 0);
-        byItem.set(key, cur);
-      }
-
-      // If we have ids but no names (edge cases), keep a reasonable summary by id.
-      if (!itemNames.length && idsForRes.length) {
-        for (const id of idsForRes) {
-          const key = String(id || '').trim();
-          if (!key) continue;
-          const per = (perItemTotals && perItemTotals.has(String(id))) ? perItemTotals.get(String(id)) : fallbackEach;
-          const cur = byItem.get(key) || { item: key, count: 0, total: 0 };
-          cur.count += 1;
-          cur.total += (Number(per) || 0);
-          byItem.set(key, cur);
-        }
-      }
-    }
-  }
-
-  const summary = Array.from(byItem.values()).sort((a, b) => b.count - a.count);
-  if (freeCount > 0) {
-    summary.push({ item: 'Sorties gratuites', count: freeCount, total: 0, isFree: true });
-  }
-  rows.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
-
-  return res.json({
-    ok: true,
-    from: new Date(minTs).toISOString().slice(0, 10),
-    to: new Date(maxTs).toISOString().slice(0, 10),
-    paidCount,
-    freeCount,
-    grandTotal,
-    summary,
-    rows,
-  });
-};
-
-admin.exportAccountingCsv = async function (req, res) {
-  // Reuse the same logic and emit a CSV.
-  const fakeRes = { json: (x) => x };
-  const data = await admin.getAccounting(req, fakeRes);
-  // If getAccounting returned via res.json, data is undefined; rebuild by calling logic directly.
-  // Easiest: call getAccounting's internals by fetching the endpoint logic via HTTP is not possible here.
-  // So we re-run getAccounting but capture output by monkeypatching.
-  let payload;
-  await admin.getAccounting(req, { json: (x) => { payload = x; return x; } });
-  if (!payload || !payload.ok) {
-    return res.status(500).send('error');
-  }
-  const escape = (v) => {
-    const s = String(v ?? '');
-    if (/[\n\r,\"]/g.test(s)) {
-      return '"' + s.replace(/"/g, '""') + '"';
-    }
-    return s;
-  };
-  const lines = [];
-  lines.push(['rid', 'username', 'uid', 'start', 'end', 'items', 'total', 'paidAt', 'isFree'].map(escape).join(','));
-  for (const r of payload.rows || []) {
-    lines.push([
-      r.rid,
-      r.username,
-      r.uid,
-      r.startDate,
-      r.endDate,
-      (Array.isArray(r.items) ? r.items.join(' | ') : ''),
-      (Number(r.total) || 0).toFixed(2),
-      r.paidAt ? new Date(parseInt(r.paidAt, 10)).toISOString() : '',
-      r.isFree ? '1' : '0',
-    ].map(escape).join(','));
-  }
-  const csv = lines.join('\n');
-  res.setHeader('Content-Type', 'text/csv; charset=utf-8');
-  res.setHeader('Content-Disposition', 'attachment; filename="calendar-onekite-accounting.csv"');
-  return res.send(csv);
-};
-
-
-admin.purgeAccounting = async function (req, res) {
-  const qFrom = String((req.query && req.query.from) || '').trim();
-  const qTo = String((req.query && req.query.to) || '').trim();
-  const parseDay = (s) => {
-    if (!/^\d{4}-\d{2}-\d{2}$/.test(s)) return null;
-    const [y, m, d] = s.split('-').map((x) => parseInt(x, 10));
-    const dt = new Date(Date.UTC(y, m - 1, d));
-    const ts = dt.getTime();
-    return Number.isFinite(ts) ? ts : null;
-  };
-  const fromTs = parseDay(qFrom);
-  const toTs = parseDay(qTo);
-
-  const now = new Date();
-  const defaultTo = Date.UTC(now.getUTCFullYear() + 100, 0, 1); // far future
-  const defaultFrom = Date.UTC(1970, 0, 1);
-  const minTs = fromTs ?? defaultFrom;
-  const maxTs = toTs ?? defaultTo;
-
-  const ids = await dbLayer.listAllReservationIds(200000);
-  let purged = 0;
-  const ts = Date.now();
-
-  for (const rid of ids) {
-    const r = await dbLayer.getReservation(rid);
-    if (!r) continue;
-    if (String(r.status) !== 'paid') continue;
-    // Already purged from accounting
-    if (r.accPurgedAt) continue;
-    const start = parseInt(r.start, 10);
-    if (!Number.isFinite(start)) continue;
-    if (start < minTs || start >= maxTs) continue;
-
-    r.accPurgedAt = ts;
-    await dbLayer.saveReservation(r);
-    purged++;
-  }
-
-  return res.json({ ok: true, purged });
-};
-
-
-module.exports = admin;