npm - nodebb-plugin-onekite-calendar - Versions diffs - 2.0.87 → 2.0.89 - Mend

nodebb-plugin-onekite-calendar 2.0.87 → 2.0.89

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/lib/admin.js CHANGED Viewed

@@ -180,6 +180,19 @@ admin.approveReservation = async function (req, res) {
   await dbLayer.saveReservation(r);
+  // Audit
+  try {
+    const year = new Date().getFullYear();
+    await dbLayer.addAuditEntry({
+      ts: Date.now(), year, action: 'reservation_approved',
+      targetType: 'reservation', targetId: String(rid),
+      reservationUid: Number(r.uid) || 0,
+      reservationUsername: String(r.username || ''),
+      actorUid: req.uid || 0,
+      actorUsername: r.approvedByUsername || '',
+    });
+  } catch (e) {}
   // Real-time refresh for all viewers
   realtime.emitCalendarUpdated({ kind: 'reservation', action: 'approved', rid: String(rid), status: r.status });
@@ -259,7 +272,6 @@ admin.markReservationPaid = async function (req, res) {
     const requesterUid = parseInt(r.uid, 10);
     const requester = await user.getUserFields(requesterUid, ['username']);
     if (requesterUid) {
-      const { sendEmail, formatFR, buildCalendarLinks } = shared;
       await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
         uid: requesterUid,
         username: requester && requester.username ? requester.username : '',
@@ -294,6 +306,19 @@ admin.refuseReservation = async function (req, res) {
   r.refusedReason = String((req.body && (req.body.reason || req.body.refusedReason || req.body.refuseReason)) || '').trim();
   await dbLayer.saveReservation(r);
+  // Audit
+  try {
+    const year = new Date().getFullYear();
+    await dbLayer.addAuditEntry({
+      ts: Date.now(), year, action: 'reservation_refused',
+      targetType: 'reservation', targetId: String(rid),
+      reservationUid: Number(r.uid) || 0,
+      reservationUsername: String(r.username || ''),
+      actorUid: req.uid || 0,
+      refusedReason: r.refusedReason || '',
+    });
+  } catch (e) {}
   // Real-time refresh for all viewers
   realtime.emitCalendarUpdated({ kind: 'reservation', action: 'refused', rid: String(rid), status: r.status });
@@ -327,12 +352,11 @@ admin.purgeByYear = async function (req, res) {
   const endTs = new Date(Date.UTC(y + 1, 0, 1)).getTime() - 1;
   const ids = await dbLayer.listReservationIdsByStartRange(startTs, endTs, 100000);
+  const rows = ids && ids.length ? await dbLayer.getReservations(ids) : [];
   let removed = 0;
-  for (const rid of ids) {
-    const r = await dbLayer.getReservation(rid);
-    if (!r) continue;
-    await dbLayer.removeReservation(rid);
+  for (let i = 0; i < ids.length; i++) {
+    if (!rows[i]) continue;
+    await dbLayer.removeReservation(ids[i]);
     removed++;
   }
   try {

package/lib/api.js CHANGED Viewed

@@ -621,6 +621,110 @@ api.getReservationDetails = async function (req, res) {
   return res.json(out);
 };
+/**
+ * Return a fresh HelloAsso payment URL for a reservation in awaiting_payment status.
+ * HelloAsso checkout intents expire after ~30 minutes, so stored URLs become stale.
+ * This endpoint regenerates a new intent on demand and persists the fresh URL.
+ *
+ * @route GET /api/v3/plugins/calendar-onekite/reservations/:rid/payment-url
+ */
+api.getFreshPaymentUrl = async function (req, res) {
+  const uid = req.uid;
+  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
+  const settings = await getSettings();
+  const rid = String(req.params.rid || '').trim();
+  if (!rid) return res.status(400).json({ error: 'missing-rid' });
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+  const isOwner = String(r.uid) === String(uid);
+  const isMod = await canValidate(uid, settings);
+  if (!isOwner && !isMod) return res.status(403).json({ error: 'not-allowed' });
+  if (r.status !== 'awaiting_payment') {
+    return res.status(409).json({ error: 'wrong-status', status: r.status });
+  }
+  // Build a fresh checkout intent
+  const env = settings.helloassoEnv || 'prod';
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+  if (!token) {
+    return res.status(503).json({ error: 'helloasso-unavailable' });
+  }
+  const requester = await user.getUserFields(r.uid, ['email']);
+  const year = yearFromTs(Number(r.start));
+  const formSlug = autoFormSlugForYear(year);
+  // Recompute total from HelloAsso catalog to always use up-to-date prices.
+  let recomputedTotalCents = null;
+  try {
+    const { items: catalog } = await helloasso.listCatalogItems({
+      env,
+      token,
+      organizationSlug: settings.helloassoOrganizationSlug,
+      formType: settings.helloassoFormType,
+      formSlug,
+    });
+    const byId = new Map((catalog || []).map((it) => [String(it.id), (typeof it.price === 'number' ? it.price : 0)]));
+    const ids = (Array.isArray(r.itemIds) ? r.itemIds : (r.itemId ? [r.itemId] : [])).map(String);
+    const days = calendarDaysExclusiveYmd(r.startDate, r.endDate) || 1;
+    const sumCentsPerDay = ids.reduce((acc, id) => acc + (byId.get(id) || 0), 0);
+    if (sumCentsPerDay > 0) {
+      recomputedTotalCents = Math.max(0, Math.round(sumCentsPerDay * days));
+    }
+  } catch (e) { /* fallback to stored total */ }
+  const totalAmount = (typeof recomputedTotalCents === 'number')
+    ? recomputedTotalCents
+    : Math.max(0, Math.round((Number(r.total) || 0) * 100));
+  if (!totalAmount) {
+    return res.status(422).json({ error: 'zero-amount' });
+  }
+  const intent = await helloasso.createCheckoutIntent({
+    env,
+    token,
+    organizationSlug: settings.helloassoOrganizationSlug,
+    formType: settings.helloassoFormType,
+    formSlug,
+    totalAmount,
+    payerEmail: requester && requester.email ? requester.email : '',
+    callbackUrl: normalizeReturnUrl(),
+    webhookUrl: normalizeCallbackUrl(settings.helloassoCallbackUrl),
+    itemName: buildHelloAssoItemName('Réservation matériel Onekite', r.itemNames || (r.itemName ? [r.itemName] : []), r.start, r.end),
+    containsDonation: false,
+    metadata: {
+      reservationId: String(rid),
+      items: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])).filter(Boolean),
+      dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+    },
+  });
+  const paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl)
+    ? (intent.paymentUrl || intent.redirectUrl)
+    : (typeof intent === 'string' ? intent : null);
+  if (!paymentUrl) {
+    return res.status(502).json({ error: 'intent-creation-failed' });
+  }
+  // Persist the fresh URL so subsequent requests can also renew from DB.
+  r.paymentUrl = paymentUrl;
+  if (intent && intent.checkoutIntentId) r.checkoutIntentId = intent.checkoutIntentId;
+  await dbLayer.saveReservation(r);
+  return res.json({ ok: true, paymentUrl });
+};
 /**
  * Get detailed information about a special event.
  *

package/library.js CHANGED Viewed

@@ -76,6 +76,7 @@ Plugin.init = async function (params) {
   router.post('/api/v3/plugins/calendar-onekite/reservations', ...publicExpose, api.createReservation);
   router.get('/api/v3/plugins/calendar-onekite/reservations/:rid', ...publicExpose, api.getReservationDetails);
+  router.get('/api/v3/plugins/calendar-onekite/reservations/:rid/payment-url', ...publicExpose, api.getFreshPaymentUrl);
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/approve', ...publicExpose, api.approveReservation);
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/refuse', ...publicExpose, api.refuseReservation);
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/cancel', ...publicExpose, api.cancelReservation);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-onekite-calendar",
-  "version": "2.0.87",
+  "version": "2.0.89",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/public/client.js CHANGED Viewed

@@ -2403,9 +2403,22 @@ function toDatetimeLocalValue(date) {
             label: 'Payer maintenant',
             className: 'btn-primary',
             callback: () => {
-              try {
-                window.open(paymentUrl, '_blank', 'noopener');
-              } catch (e) {}
+              (async () => {
+                try {
+                  // Always fetch a fresh checkout intent — HelloAsso URLs expire after ~30 min.
+                  const resp = await fetchJson(
+                    `/api/v3/plugins/calendar-onekite/reservations/${encodeURIComponent(String(rid))}/payment-url`
+                  );
+                  const freshUrl = resp && resp.paymentUrl ? String(resp.paymentUrl) : '';
+                  if (freshUrl && /^https?:\/\//i.test(freshUrl)) {
+                    window.open(freshUrl, '_blank', 'noopener');
+                  } else {
+                    showAlert('error', 'Impossible de générer le lien de paiement. Veuillez réessayer.');
+                  }
+                } catch (e) {
+                  showAlert('error', 'Erreur lors de la génération du lien de paiement.');
+                }
+              })();
               return false;
             },
           };