nodebb-plugin-onekite-calendar 2.0.90 → 2.0.92

package/lib/admin.js

@@ -11,9 +11,6 @@ const {
   formatFR,
   sendEmail,
   buildCalendarLinks,
-  buildHelloAssoItemName,
-  normalizeCallbackUrl,
-  normalizeReturnUrl,
   calendarDaysExclusiveYmd,
   yearFromTs,
   autoFormSlugForYear,
@@ -22,6 +19,7 @@ const {
 
 const dbLayer = require('./db');
 const helloasso = require('./helloasso');
+const { buildCheckoutIntent } = require('./checkout');
 
 const ADMIN_PRIV = 'admin:settings';
 
@@ -45,10 +43,16 @@ admin.saveSettings = async function (req, res) {
 };
 
 admin.listPending = async function (req, res) {
+  // Accept ?status=pending or ?status=pending,awaiting_payment (default: both)
+  const rawStatus = (req.query && req.query.status) ? String(req.query.status) : '';
+  const statusFilter = rawStatus
+    ? rawStatus.split(',').map((s) => s.trim()).filter(Boolean)
+    : ['pending', 'awaiting_payment'];
+
   const ids = await dbLayer.listAllReservationIds(5000);
   // Batch fetch to avoid N DB round-trips.
   const rows = await dbLayer.getReservations(ids);
-  const pending = (rows || []).filter(r => r && r.status === 'pending');
+  const pending = (rows || []).filter(r => r && statusFilter.includes(r.status));
   pending.sort((a, b) => parseInt(a.start, 10) - parseInt(b.start, 10));
 
   // Enrich with user info for ACP display (username + userslug)
@@ -99,84 +103,21 @@ admin.approveReservation = async function (req, res) {
     r.approvedByUsername = '';
   }
 
-  // Create HelloAsso payment link if configured
+  // Create HelloAsso payment link
   const settings = await getSettings();
-  const env = settings.helloassoEnv || 'prod';
-  const token = await helloasso.getAccessToken({
-    env,
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-
   let paymentUrl = null;
-  if (token) {
-    const requester = await user.getUserFields(r.uid, ['username', 'email']);
-    const year = new Date(Number(r.start)).getFullYear();
-    const formSlug = autoFormSlugForYear(year);
-
-    // Recompute total from HelloAsso catalog (same logic as api.js approve path)
-    // to ensure the checkout amount is always up-to-date with actual item prices.
-    let recomputedTotalCents = null;
-    try {
-      const { items: catalog } = await helloasso.listCatalogItems({
-        env,
-        token,
-        organizationSlug: settings.helloassoOrganizationSlug,
-        formType: settings.helloassoFormType,
-        formSlug,
-      });
-      const byId = new Map((catalog || []).map((it) => [String(it.id), (typeof it.price === 'number' ? it.price : 0)]));
-      const ids = (Array.isArray(r.itemIds) ? r.itemIds : (r.itemId ? [r.itemId] : [])).map(String);
-      const days = calendarDaysExclusiveYmd(r.startDate, r.endDate) || 1;
-      const sumCentsPerDay = ids.reduce((acc, id) => acc + (byId.get(id) || 0), 0);
-      if (sumCentsPerDay > 0) {
-        recomputedTotalCents = Math.max(0, Math.round(sumCentsPerDay * days));
-        r.total = recomputedTotalCents / 100;
-      }
-    } catch (e) {
-      // ignore recompute failures; fallback to stored total
-    }
-
-    const totalAmount = (typeof recomputedTotalCents === 'number')
-      ? recomputedTotalCents
-      : Math.max(0, Math.round((Number(r.total) || 0) * 100));
-
-    if (!totalAmount) {
-      console.warn('[calendar-onekite] HelloAsso totalAmount is 0 (approve ACP) — skipping checkout intent', { rid, total: r.total });
+  try {
+    const checkoutResult = await buildCheckoutIntent({ r, settings });
+    if (checkoutResult) {
+      paymentUrl = checkoutResult.paymentUrl;
+      r.paymentUrl = checkoutResult.paymentUrl;
+      if (checkoutResult.checkoutIntentId) r.checkoutIntentId = checkoutResult.checkoutIntentId;
+      if (checkoutResult.catalogTotalCents !== null) r.total = checkoutResult.catalogTotalCents / 100;
     } else {
-      const returnUrl = normalizeReturnUrl();
-      const webhookUrl = normalizeCallbackUrl(settings.helloassoCallbackUrl);
-      const intent = await helloasso.createCheckoutIntent({
-        env,
-        token,
-        organizationSlug: settings.helloassoOrganizationSlug,
-        formType: settings.helloassoFormType,
-        formSlug,
-        totalAmount,
-        payerEmail: requester && requester.email,
-        callbackUrl: returnUrl,
-        webhookUrl: webhookUrl,
-        itemName: buildHelloAssoItemName('Réservation matériel Onekite', r.itemNames || (r.itemName ? [r.itemName] : []), r.start, r.end),
-        containsDonation: false,
-        metadata: {
-          reservationId: String(rid),
-          items: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])).filter(Boolean),
-          dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-        },
-      });
-      paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl)
-        ? (intent.paymentUrl || intent.redirectUrl)
-        : (typeof intent === 'string' ? intent : null);
-      if (intent && intent.checkoutIntentId) {
-        r.checkoutIntentId = intent.checkoutIntentId;
-      }
+      console.warn('[calendar-onekite] HelloAsso payment link not created (approve ACP)', { rid });
     }
-  }
-
-  if (paymentUrl) {
-    r.paymentUrl = paymentUrl;
-  } else {
-    console.warn('[calendar-onekite] HelloAsso payment link not created (approve ACP)', { rid });
+  } catch (e) {
+    console.warn('[calendar-onekite] HelloAsso payment link error (approve ACP)', e && e.message ? e.message : e);
   }
 
   await dbLayer.saveReservation(r);
@@ -508,44 +449,6 @@ admin.debugHelloAsso = async function (req, res) {
       out.soldItems = { ok: false, error: String(e && e.message ? e.message : e), count: 0, sample: [] };
     }
 
-    // Test checkout intent creation with a 1-cent amount to validate URL format.
-    // This creates a real (but minimal) intent — it will expire quickly and can be ignored.
-    out.checkoutIntentTest = { ok: false };
-    try {
-      const callbackUrl = normalizeReturnUrl();
-      const webhookUrl = normalizeCallbackUrl(settings.helloassoCallbackUrl);
-      if (!callbackUrl) {
-        out.checkoutIntentTest = { ok: false, error: 'callbackUrl empty — forum base URL not configured' };
-      } else {
-        const intent = await helloasso.createCheckoutIntent({
-          env,
-          token,
-          organizationSlug: settings.helloassoOrganizationSlug,
-          formType: settings.helloassoFormType,
-          formSlug: `locations-materiel-${new Date().getFullYear()}`,
-          totalAmount: 100,
-          payerEmail: '',
-          callbackUrl,
-          webhookUrl,
-          itemName: '[TEST] Vérification lien paiement',
-          containsDonation: false,
-          metadata: { debug: 'true' },
-        });
-        if (intent && intent.paymentUrl) {
-          out.checkoutIntentTest = {
-            ok: true,
-            checkoutIntentId: intent.checkoutIntentId,
-            paymentUrl: intent.paymentUrl,
-            note: 'Cet intent de test (1 cent) peut être ignoré — il expirera automatiquement',
-          };
-        } else {
-          out.checkoutIntentTest = { ok: false, error: 'no paymentUrl in response', raw: intent };
-        }
-      }
-    } catch (e) {
-      out.checkoutIntentTest = { ok: false, error: String(e && e.message ? e.message : e) };
-    }
-
     return res.json(out);
   } catch (e) {
     out.ok = false;

package/lib/api.js

@@ -24,21 +24,16 @@ const {
   yearFromTs,
   autoCreatorGroupForYear,
   autoFormSlugForYear,
-  normalizeCallbackUrl,
-  normalizeReturnUrl,
-  buildHelloAssoItemName,
   buildCalendarLinks,
   signCalendarLink,
   ymdToCompact,
-  dtToGCalUtc,
   getSetting,
 } = shared;
 
 const helloasso = require('./helloasso');
 const discord = require('./discord');
 const realtime = require('./realtime');
-
-// normalizeCallbackUrl and normalizeReturnUrl are imported from shared.js
+const { buildCheckoutIntent } = require('./checkout');
 
 
 function overlap(aStart, aEnd, bStart, bEnd) {
@@ -46,8 +41,6 @@ function overlap(aStart, aEnd, bStart, bEnd) {
 }
 
 
-// buildHelloAssoItemName is imported from shared.js
-
 function toTs(v) {
   if (v === undefined || v === null || v === '') return NaN;
   // Accept milliseconds timestamps passed as strings or numbers.
@@ -647,82 +640,18 @@ api.getFreshPaymentUrl = async function (req, res) {
     return res.status(409).json({ error: 'wrong-status', status: r.status });
   }
 
-  // Build a fresh checkout intent
-  const env = settings.helloassoEnv || 'prod';
-  const token = await helloasso.getAccessToken({
-    env,
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-
-  if (!token) {
-    return res.status(503).json({ error: 'helloasso-unavailable' });
-  }
-
-  const requester = await user.getUserFields(r.uid, ['email']);
-  const year = yearFromTs(Number(r.start));
-  const formSlug = autoFormSlugForYear(year);
-
-  // Recompute total from HelloAsso catalog to always use up-to-date prices.
-  let recomputedTotalCents = null;
-  try {
-    const { items: catalog } = await helloasso.listCatalogItems({
-      env,
-      token,
-      organizationSlug: settings.helloassoOrganizationSlug,
-      formType: settings.helloassoFormType,
-      formSlug,
-    });
-    const byId = new Map((catalog || []).map((it) => [String(it.id), (typeof it.price === 'number' ? it.price : 0)]));
-    const ids = (Array.isArray(r.itemIds) ? r.itemIds : (r.itemId ? [r.itemId] : [])).map(String);
-    const days = calendarDaysExclusiveYmd(r.startDate, r.endDate) || 1;
-    const sumCentsPerDay = ids.reduce((acc, id) => acc + (byId.get(id) || 0), 0);
-    if (sumCentsPerDay > 0) {
-      recomputedTotalCents = Math.max(0, Math.round(sumCentsPerDay * days));
-    }
-  } catch (e) { /* fallback to stored total */ }
-
-  const totalAmount = (typeof recomputedTotalCents === 'number')
-    ? recomputedTotalCents
-    : Math.max(0, Math.round((Number(r.total) || 0) * 100));
-
-  if (!totalAmount) {
-    return res.status(422).json({ error: 'zero-amount' });
-  }
-
-  const intent = await helloasso.createCheckoutIntent({
-    env,
-    token,
-    organizationSlug: settings.helloassoOrganizationSlug,
-    formType: settings.helloassoFormType,
-    formSlug,
-    totalAmount,
-    payerEmail: requester && requester.email ? requester.email : '',
-    callbackUrl: normalizeReturnUrl(),
-    webhookUrl: normalizeCallbackUrl(settings.helloassoCallbackUrl),
-    itemName: buildHelloAssoItemName('Réservation matériel Onekite', r.itemNames || (r.itemName ? [r.itemName] : []), r.start, r.end),
-    containsDonation: false,
-    metadata: {
-      reservationId: String(rid),
-      items: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])).filter(Boolean),
-      dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-    },
-  });
-
-  const paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl)
-    ? (intent.paymentUrl || intent.redirectUrl)
-    : (typeof intent === 'string' ? intent : null);
-
-  if (!paymentUrl) {
+  // Build a fresh checkout intent (handles token, catalog recompute, intent creation)
+  const checkoutResult = await buildCheckoutIntent({ r, settings });
+  if (!checkoutResult) {
     return res.status(502).json({ error: 'intent-creation-failed' });
   }
 
-  // Persist the fresh URL so subsequent requests can also renew from DB.
-  r.paymentUrl = paymentUrl;
-  if (intent && intent.checkoutIntentId) r.checkoutIntentId = intent.checkoutIntentId;
+  r.paymentUrl = checkoutResult.paymentUrl;
+  if (checkoutResult.checkoutIntentId) r.checkoutIntentId = checkoutResult.checkoutIntentId;
+  if (checkoutResult.catalogTotalCents !== null) r.total = checkoutResult.catalogTotalCents / 100;
   await dbLayer.saveReservation(r);
 
-  return res.json({ ok: true, paymentUrl });
+  return res.json({ ok: true, paymentUrl: checkoutResult.paymentUrl });
 };
 
 /**
@@ -1398,9 +1327,9 @@ api.createReservation = async function (req, res) {
       if (!(exStart < end && start < exEnd)) continue;
     }
     const exItemIds = Array.isArray(existing.itemIds) ? existing.itemIds : (existing.itemId ? [existing.itemId] : []);
-    const shared = exItemIds.filter(x => itemIds.includes(String(x)));
-    if (shared.length) {
-      conflicts.push({ rid: existing.rid, itemIds: shared, status: existing.status });
+    const conflictingItemIds = exItemIds.filter(x => itemIds.includes(String(x)));
+    if (conflictingItemIds.length) {
+      conflicts.push({ rid: existing.rid, itemIds: conflictingItemIds, status: existing.status });
     }
   }
   if (conflicts.length) {
@@ -1491,63 +1420,16 @@ api.createReservation = async function (req, res) {
   // create the HelloAsso checkout intent immediately so the user has a payment link right away.
   if (isRegularizationOther) {
     try {
-      const token = await helloasso.getAccessToken({ env: settings.helloassoEnv || 'prod', clientId: settings.helloassoClientId, clientSecret: settings.helloassoClientSecret });
-      const payer = await user.getUserFields(targetUid, ['email']);
-      const year = yearFromTs(resv.start);
-      const days = (startDate && endDate) ? (calendarDaysExclusiveYmd(startDate, endDate) || 1) : nbDays;
-
-      let recomputedTotalCents = null;
-      try {
-        const { items: catalog } = await helloasso.listCatalogItems({
-          env: settings.helloassoEnv,
-          token,
-          organizationSlug: settings.helloassoOrganizationSlug,
-          formType: settings.helloassoFormType,
-          formSlug: autoFormSlugForYear(year),
-        });
-        const byId = new Map((catalog || []).map((it) => [String(it.id), (typeof it.price === 'number' ? it.price : 0)]));
-        const ids = itemIds.map(String);
-        const sumCentsPerDay = ids.reduce((acc, id) => acc + (byId.get(id) || 0), 0);
-        if (sumCentsPerDay > 0) {
-          recomputedTotalCents = Math.max(0, Math.round(sumCentsPerDay * days));
-          resv.total = recomputedTotalCents / 100;
-        }
-      } catch (e) {}
-
-      const intent = await helloasso.createCheckoutIntent({
-        env: settings.helloassoEnv,
-        token,
-        organizationSlug: settings.helloassoOrganizationSlug,
-        formType: settings.helloassoFormType,
-        formSlug: autoFormSlugForYear(year),
-        totalAmount: (() => {
-          const cents = (typeof recomputedTotalCents === 'number')
-            ? recomputedTotalCents
-            : Math.max(0, Math.round((Number(resv.total) || 0) * 100));
-          if (!cents) console.warn('[calendar-onekite] HelloAsso totalAmount is 0 (regularizationOther)', { rid });
-          return cents;
-        })(),
-        payerEmail: payer && payer.email ? payer.email : '',
-        callbackUrl: normalizeReturnUrl(),
-        webhookUrl: normalizeCallbackUrl(settings.helloassoCallbackUrl),
-        itemName: buildHelloAssoItemName('', resv.itemNames || [], resv.start, resv.end),
-        containsDonation: false,
-        metadata: {
-          reservationId: String(rid),
-          items: resv.itemNames || [],
-          dateRange: `Du ${formatFR(resv.start)} au ${formatFR(resv.end)}`,
-        },
-      });
-      const intentPaymentUrl = intent && (intent.paymentUrl || intent.redirectUrl) ? (intent.paymentUrl || intent.redirectUrl) : (typeof intent === 'string' ? intent : null);
-      const intentCheckoutId = intent && intent.checkoutIntentId ? String(intent.checkoutIntentId) : null;
-      if (intentPaymentUrl) {
-        resv.paymentUrl = intentPaymentUrl;
-        if (intentCheckoutId) resv.checkoutIntentId = intentCheckoutId;
+      const checkoutResult = await buildCheckoutIntent({ r: resv, settings });
+      if (checkoutResult) {
+        resv.paymentUrl = checkoutResult.paymentUrl;
+        if (checkoutResult.checkoutIntentId) resv.checkoutIntentId = checkoutResult.checkoutIntentId;
+        if (checkoutResult.catalogTotalCents !== null) resv.total = checkoutResult.catalogTotalCents / 100;
       } else {
         console.warn('[calendar-onekite] HelloAsso payment link not created (regularizationOther)', { rid });
       }
     } catch (e) {
-      console.warn('[calendar-onekite] Failed to create HelloAsso checkout for regularizationOther', e && e.message ? e.message : e);
+      console.warn('[calendar-onekite] Failed to create HelloAsso checkout (regularizationOther)', e && e.message ? e.message : e);
     }
   }
 
@@ -1774,74 +1656,11 @@ api.approveReservation = async function (req, res) {
   }
   // Create HelloAsso payment link on validation
   try {
-    const settings2 = await getSettings();
-    const token = await helloasso.getAccessToken({ env: settings2.helloassoEnv || 'prod', clientId: settings2.helloassoClientId, clientSecret: settings2.helloassoClientSecret });
-    const payer = await user.getUserFields(r.uid, ['email']);
-    const year = yearFromTs(r.start);
-
-    // Reliable calendar-day count (end is EXCLUSIVE, FullCalendar rule)
-    const days = calendarDaysExclusiveYmd(r.startDate, r.endDate) || 1;
-
-    // Recompute total from HelloAsso catalog to avoid any dependency on hours/DST
-    // and to ensure checkout amount is always consistent.
-    let recomputedTotalCents = null;
-    try {
-      const { items: catalog } = await helloasso.listCatalogItems({
-        env: settings2.helloassoEnv,
-        token,
-        organizationSlug: settings2.helloassoOrganizationSlug,
-        formType: settings2.helloassoFormType,
-        formSlug: autoFormSlugForYear(year),
-      });
-      const byId = new Map((catalog || []).map((it) => [String(it.id), (typeof it.price === 'number' ? it.price : 0)]));
-      const ids = (Array.isArray(r.itemIds) ? r.itemIds : (r.itemId ? [r.itemId] : [])).map(String);
-      const sumCentsPerDay = ids.reduce((acc, id) => acc + (byId.get(String(id)) || 0), 0);
-      if (sumCentsPerDay > 0) {
-        recomputedTotalCents = Math.max(0, Math.round(sumCentsPerDay * days));
-        // Keep stored total in sync (euros) for emails/UX.
-        r.total = recomputedTotalCents / 100;
-      }
-    } catch (e) {
-      // ignore recompute failures; fallback to stored total
-    }
-
-    const intent = await helloasso.createCheckoutIntent({
-      env: settings2.helloassoEnv,
-      token,
-      organizationSlug: settings2.helloassoOrganizationSlug,
-      formType: settings2.helloassoFormType,
-      // Form slug is derived from the year of the reservation start date
-      formSlug: autoFormSlugForYear(year),
-      // r.total is stored as an estimated total in euros; HelloAsso expects cents.
-      totalAmount: (() => {
-        const cents = (typeof recomputedTotalCents === 'number')
-          ? recomputedTotalCents
-          : Math.max(0, Math.round((Number(r.total) || 0) * 100));
-        if (!cents) {
-          console.warn('[calendar-onekite] HelloAsso totalAmount is 0 (approve API)', { rid, total: r.total });
-        }
-        return cents;
-      })(),
-      payerEmail: payer && payer.email ? payer.email : '',
-      // By default, point to the forum base url so the webhook hits this NodeBB instance.
-      // Can be overridden via ACP setting `helloassoCallbackUrl`.
-      callbackUrl: normalizeReturnUrl(),
-      webhookUrl: normalizeCallbackUrl(settings2.helloassoCallbackUrl),
-      itemName: buildHelloAssoItemName('', r.itemNames || (r.itemName ? [r.itemName] : []), r.start, r.end),
-      containsDonation: false,
-      metadata: {
-        reservationId: String(rid),
-        items: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])).filter(Boolean),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-      },
-    });
-    const paymentUrl = intent && (intent.paymentUrl || intent.redirectUrl) ? (intent.paymentUrl || intent.redirectUrl) : (typeof intent === 'string' ? intent : null);
-    const checkoutIntentId = intent && intent.checkoutIntentId ? String(intent.checkoutIntentId) : null;
-    if (paymentUrl) {
-      r.paymentUrl = paymentUrl;
-      if (checkoutIntentId) {
-        r.checkoutIntentId = checkoutIntentId;
-      }
+    const checkoutResult = await buildCheckoutIntent({ r, settings });
+    if (checkoutResult) {
+      r.paymentUrl = checkoutResult.paymentUrl;
+      if (checkoutResult.checkoutIntentId) r.checkoutIntentId = checkoutResult.checkoutIntentId;
+      if (checkoutResult.catalogTotalCents !== null) r.total = checkoutResult.catalogTotalCents / 100;
     } else {
       console.warn('[calendar-onekite] HelloAsso payment link not created (approve API)', { rid });
     }
@@ -1879,8 +1698,8 @@ api.approveReservation = async function (req, res) {
       uid: requesterUid,
       username: requester && requester.username ? requester.username : '',
       itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+      itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+      dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
       start: formatFR(r.start),
       end: formatFR(r.end),
       pickupAddress: r.pickupAddress || '',
@@ -1955,8 +1774,8 @@ api.refuseReservation = async function (req, res) {
       uid: requesterUid2,
       username: requester && requester.username ? requester.username : '',
       itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+      itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+      dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
       start: formatFR(r.start),
       end: formatFR(r.end),
       refusedReason: r.refusedReason || '',

package/lib/checkout.js

@@ -0,0 +1,126 @@
+'use strict';
+
+/**
+ * Shared checkout intent builder for HelloAsso reservations.
+ *
+ * Extracted from api.js and admin.js to eliminate the four identical copies
+ * of the same pattern:
+ *   - api.approveReservation
+ *   - api.getFreshPaymentUrl
+ *   - api.createReservation (regularizationOther path)
+ *   - admin.approveReservation
+ *
+ * Does NOT persist anything — callers are responsible for saving the reservation.
+ */
+
+const user = require.main.require('./src/user');
+const helloasso = require('./helloasso');
+const {
+  yearFromTs,
+  autoFormSlugForYear,
+  calendarDaysExclusiveYmd,
+  buildHelloAssoItemName,
+  normalizeCallbackUrl,
+  normalizeReturnUrl,
+  formatFR,
+} = require('./shared');
+
+/**
+ * Create a HelloAsso checkout intent for a reservation.
+ *
+ * @param {object}  opts
+ * @param {object}  opts.r        Reservation object (not mutated here)
+ * @param {object}  opts.settings Plugin settings (from getSettings())
+ * @returns {Promise<{
+ *   paymentUrl:        string,
+ *   checkoutIntentId:  string | null,
+ *   totalCents:        number,
+ *   catalogTotalCents: number | null,
+ * } | null>}
+ *   null when: token unavailable, amount is 0, or intent creation failed.
+ *   catalogTotalCents is non-null only when the catalog lookup succeeded with
+ *   positive prices; callers should update r.total only in that case.
+ */
+async function buildCheckoutIntent({ r, settings }) {
+  const env = settings.helloassoEnv || 'prod';
+
+  const token = await helloasso.getAccessToken({
+    env,
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+  if (!token) return null;
+
+  const payerData = await user.getUserFields(r.uid, ['email']).catch(() => null);
+  const payerEmail = (payerData && payerData.email) ? String(payerData.email) : '';
+
+  const year = yearFromTs(Number(r.start));
+  const formSlug = autoFormSlugForYear(year);
+  const itemIds = (Array.isArray(r.itemIds) ? r.itemIds : (r.itemId ? [r.itemId] : [])).map(String);
+  const itemNames = Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : []);
+  const days = calendarDaysExclusiveYmd(r.startDate, r.endDate) || 1;
+
+  // Recompute total from HelloAsso catalog to always use up-to-date prices.
+  let catalogTotalCents = null;
+  try {
+    const { items: catalog } = await helloasso.listCatalogItems({
+      env,
+      token,
+      organizationSlug: settings.helloassoOrganizationSlug,
+      formType: settings.helloassoFormType,
+      formSlug,
+    });
+    const byId = new Map(
+      (catalog || []).map((it) => [String(it.id), (typeof it.price === 'number' ? it.price : 0)])
+    );
+    const sumCentsPerDay = itemIds.reduce((acc, id) => acc + (byId.get(id) || 0), 0);
+    if (sumCentsPerDay > 0) {
+      catalogTotalCents = Math.max(0, Math.round(sumCentsPerDay * days));
+    }
+  } catch (e) {
+    // Catalog unavailable — fall back to stored total below.
+  }
+
+  const totalCents = (catalogTotalCents !== null)
+    ? catalogTotalCents
+    : Math.max(0, Math.round((Number(r.total) || 0) * 100));
+
+  if (!totalCents) {
+    console.warn('[calendar-onekite] checkout intent skipped: totalAmount is 0', { rid: r.rid });
+    return null;
+  }
+
+  const intent = await helloasso.createCheckoutIntent({
+    env,
+    token,
+    organizationSlug: settings.helloassoOrganizationSlug,
+    formType: settings.helloassoFormType,
+    formSlug,
+    totalAmount: totalCents,
+    payerEmail,
+    callbackUrl: normalizeReturnUrl(),
+    webhookUrl: normalizeCallbackUrl(settings.helloassoCallbackUrl),
+    itemName: buildHelloAssoItemName('Réservation matériel Onekite', itemNames, r.start, r.end),
+    containsDonation: false,
+    metadata: {
+      reservationId: String(r.rid),
+      items: itemNames.filter(Boolean),
+      dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+    },
+  });
+
+  const paymentUrl = (intent && (intent.paymentUrl || intent.redirectUrl))
+    ? (intent.paymentUrl || intent.redirectUrl)
+    : (typeof intent === 'string' ? intent : null);
+
+  if (!paymentUrl) return null;
+
+  return {
+    paymentUrl,
+    checkoutIntentId: (intent && intent.checkoutIntentId) ? String(intent.checkoutIntentId) : null,
+    totalCents,
+    catalogTotalCents,
+  };
+}
+
+module.exports = { buildCheckoutIntent };

package/lib/helloasso.js

@@ -307,15 +307,6 @@ async function createCheckoutIntent({ env, token, organizationSlug, formType, fo
   const { status, json } = await requestJson('POST', url, { Authorization: `Bearer ${token}` }, payload);
   if (status >= 200 && status < 300 && json) {
     const redirectUrl = json.redirectUrl || json.checkoutUrl || json.url || null;
-    // Always log so the URL format is visible in NodeBB logs (helps diagnose 404s).
-    // eslint-disable-next-line no-console
-    console.log('[calendar-onekite] HelloAsso checkout-intent created', {
-      status,
-      checkoutIntentId: json.id || json.checkoutIntentId || null,
-      redirectUrl,
-      env,
-      organizationSlug,
-    });
     return { paymentUrl: redirectUrl, checkoutIntentId: (json.id || json.checkoutIntentId || null), raw: json };
   }
   // Log the error payload to help diagnose configuration issues (slug, env, urls, amount, etc.)

package/lib/helloassoWebhook.js

@@ -76,7 +76,11 @@ function getReservationIdFromPayload(payload) {
       data.order && (data.order.meta || data.order.metadata),
     ].filter(Boolean);
 
-    for (const metaObj of metaCandidates) {
+    for (let metaObj of metaCandidates) {
+      // HelloAsso sometimes sends metadata as a JSON-encoded string — parse it first.
+      if (typeof metaObj === 'string') {
+        try { metaObj = JSON.parse(metaObj); } catch (e) { continue; }
+      }
       if (typeof metaObj === 'object' && !Array.isArray(metaObj) && metaObj.reservationId) {
         return String(metaObj.reservationId);
       }
@@ -215,9 +219,35 @@ async function handler(req, res, next) {
       }
     }
 
-    const payload = req.body;
+    // Parse body — req.body is set by our bodyParser middleware, but if NodeBB's
+    // global body parser consumed the stream first, fall back to req.rawBody.
+    let payload = req.body;
+    if (!payload && req.rawBody) {
+      try {
+        payload = JSON.parse(req.rawBody.toString('utf8'));
+      } catch (e) {
+        // eslint-disable-next-line no-console
+        console.warn('[calendar-onekite] HelloAsso webhook: failed to parse rawBody', { err: e && e.message });
+      }
+    }
+
+    // eslint-disable-next-line no-console
+    console.info('[calendar-onekite] HelloAsso webhook received', {
+      eventType: payload && payload.eventType,
+      state: payload && payload.data && (payload.data.state || payload.data.status || payload.data.paymentState),
+      paymentId: payload && payload.data && (payload.data.id || payload.data.paymentId),
+      checkoutIntentId: payload && payload.data && (payload.data.checkoutIntentId || (payload.data.order && payload.data.order.checkoutIntentId)),
+      hasBody: !!payload,
+      contentType: req.headers && req.headers['content-type'],
+    });
 
     if (!isConfirmedPayment(payload)) {
+      // eslint-disable-next-line no-console
+      console.warn('[calendar-onekite] HelloAsso webhook: payment not confirmed — ignored', {
+        eventType: payload && payload.eventType,
+        state: payload && payload.data && (payload.data.state || payload.data.status || payload.data.paymentState),
+        hasData: !!(payload && payload.data),
+      });
       return res.json({ ok: true, ignored: true });
     }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-onekite-calendar",
-  "version": "2.0.90",
+  "version": "2.0.92",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/public/admin.js

@@ -572,6 +572,22 @@ define('admin/plugins/calendar-onekite', ['alerts', 'bootbox'], function (alerts
         : '';
       const itemNames = Array.isArray(r.itemNames) && r.itemNames.length ? r.itemNames : [r.itemName || r.itemId].filter(Boolean);
       const itemsHtml = `<ul style="margin: 0 0 10px 18px;">${itemNames.map(n => `<li>${escapeHtml(String(n))}</li>`).join('')}</ul>`;
+
+      const isAwaitingPayment = r.status === 'awaiting_payment';
+      const statusBadge = isAwaitingPayment
+        ? '<span class="badge bg-warning text-dark ms-1" style="font-size:10px;">En attente de paiement</span>'
+        : '<span class="badge bg-secondary ms-1" style="font-size:10px;">En attente de validation</span>';
+
+      // Buttons differ per status:
+      // - pending        → "Valider" + "Refuser"
+      // - awaiting_payment → "Marquer payée" + "Renouveler lien" + "Refuser"
+      const actionButtons = isAwaitingPayment
+        ? `<button type="button" class="btn btn-outline-danger btn-sm" data-action="refuse" data-rid="${escapeHtml(String(r.rid || ''))}">Refuser</button>
+           <button type="button" class="btn btn-outline-primary btn-sm" data-action="approve" data-rid="${escapeHtml(String(r.rid || ''))}">Renouveler lien</button>
+           <button type="button" class="btn btn-success btn-sm" data-action="mark-paid" data-rid="${escapeHtml(String(r.rid || ''))}">Marquer payée</button>`
+        : `<button type="button" class="btn btn-outline-danger btn-sm" data-action="refuse" data-rid="${escapeHtml(String(r.rid || ''))}">Refuser</button>
+           <button type="button" class="btn btn-success btn-sm" data-action="approve" data-rid="${escapeHtml(String(r.rid || ''))}">Valider</button>`;
+
       const div = document.createElement('div');
       div.className = 'list-group-item onekite-pending-row';
       div.innerHTML = `
@@ -581,16 +597,15 @@ define('admin/plugins/calendar-onekite', ['alerts', 'bootbox'], function (alerts
               <input type="checkbox" class="form-check-input onekite-pending-select" data-rid="${escapeHtml(String(r.rid || ''))}" />
             </div>
             <div style="min-width:0;">
-            <div><strong>${itemsHtml || escapeHtml(r.itemName || '')}</strong></div>
-            <div class="text-muted" style="font-size: 12px;">Créée: ${escapeHtml(created)}</div>
-            ${userLink ? `<div class="text-muted" style="font-size: 12px;">Réservée par: ${userLink}</div>` : ''}
-            <div class="text-muted" style="font-size: 12px;">Période: ${escapeHtml(new Date(parseInt(r.start, 10)).toLocaleDateString('fr-FR'))} → ${escapeHtml(new Date(parseInt(r.end, 10)).toLocaleDateString('fr-FR'))}</div>
+              <div><strong>${itemsHtml || escapeHtml(r.itemName || '')}</strong>${statusBadge}</div>
+              <div class="text-muted" style="font-size: 12px;">Créée: ${escapeHtml(created)}</div>
+              ${userLink ? `<div class="text-muted" style="font-size: 12px;">Réservée par: ${userLink}</div>` : ''}
+              <div class="text-muted" style="font-size: 12px;">Période: ${escapeHtml(new Date(parseInt(r.start, 10)).toLocaleDateString('fr-FR'))} → ${escapeHtml(new Date(parseInt(r.end, 10)).toLocaleDateString('fr-FR'))}</div>
             </div>
           </div>
-          <div class="d-flex gap-2">
-            <!-- IMPORTANT: type="button" to avoid submitting the settings form and resetting ACP tabs -->
-            <button type="button" class="btn btn-outline-danger btn-sm" data-action="refuse" data-rid="${escapeHtml(String(r.rid || ''))}">Refuser</button>
-            <button type="button" class="btn btn-success btn-sm" data-action="approve" data-rid="${escapeHtml(String(r.rid || ''))}">Valider</button>
+          <!-- IMPORTANT: type="button" to avoid submitting the settings form and resetting ACP tabs -->
+          <div class="d-flex gap-2 flex-wrap justify-content-end">
+            ${actionButtons}
           </div>
         </div>
       `;
@@ -862,7 +877,7 @@ define('admin/plugins/calendar-onekite', ['alerts', 'bootbox'], function (alerts
         const rid = btn.getAttribute('data-rid');
 
         // Prevent accidental double-open of modals on mobile/trackpad double taps
-        if (rid && (action === 'approve' || action === 'refuse')) {
+        if (rid && (action === 'approve' || action === 'refuse' || action === 'mark-paid')) {
           const openKey = `open:${action}:${rid}`;
           if (actionLocks.has(openKey)) return;
           actionLocks.add(openKey);
@@ -1044,9 +1059,29 @@ define('admin/plugins/calendar-onekite', ['alerts', 'bootbox'], function (alerts
 
         // Remove the row immediately on success for a snappier UX
         const rowEl = btn.closest('tr') || btn.closest('.onekite-pending-row');
-        const rowBtns = rowEl ? Array.from(rowEl.querySelectorAll('button[data-action="approve"],button[data-action="refuse"]')) : [btn];
+        const rowBtns = rowEl ? Array.from(rowEl.querySelectorAll('button[data-action]')) : [btn];
 
         try {
+          if (action === 'mark-paid') {
+            bootbox.confirm(
+              `Marquer la réservation <strong>${escapeHtml(rid)}</strong> comme payée manuellement ?<br><small class="text-muted">Un email de confirmation sera envoyé à l'adhérent.</small>`,
+              async (ok) => {
+                if (!ok) return;
+                await withLock(`mark-paid:${rid}`, rowBtns, async () => {
+                  try {
+                    await markPaid(rid, { note: 'Paiement validé manuellement depuis ACP' });
+                    if (rowEl && rowEl.parentNode) rowEl.parentNode.removeChild(rowEl);
+                    showAlert('success', `Réservation ${rid} marquée comme payée.`);
+                    await refreshPending();
+                  } catch (e) {
+                    showAlert('error', `Impossible de marquer comme payée : ${e && e.message ? e.message : e}`);
+                  }
+                });
+              }
+            );
+            return;
+          }
+
           if (action === 'refuse') {
             const html = `
               <div class="mb-3">