nodebb-plugin-onekite-calendar 2.0.92 → 2.0.94

package/lib/admin.js

@@ -15,10 +15,13 @@ const {
   yearFromTs,
   autoFormSlugForYear,
   forumBaseUrl,
+  arrayifyIds,
+  arrayifyNames,
 } = shared;
 
 const dbLayer = require('./db');
 const helloasso = require('./helloasso');
+const discord = require('./discord');
 const { buildCheckoutIntent } = require('./checkout');
 
 const ADMIN_PRIV = 'admin:settings';
@@ -151,8 +154,8 @@ admin.approveReservation = async function (req, res) {
       await sendEmail('calendar-onekite_approved', requesterUid, 'Location matériel - Réservation validée', {
         uid: requesterUid,
         username: requester && requester.username ? requester.username : '',
-        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
         dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
         paymentUrl: paymentUrl || '',
         calendarUrl: `${forumBaseUrl()}/calendar`,
@@ -165,13 +168,13 @@ admin.approveReservation = async function (req, res) {
         ...(buildCalendarLinks({
           rid: String(r.rid),
           uid: requesterUid,
-          itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+          itemNames: arrayifyNames(r),
           pickupAddress: r.pickupAddress || '',
           startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate))) ? String(r.startDate) : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
           endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
         })),
         validatedBy: r.approvedByUsername || '',
-        validatedByUrl: (r.approvedByUsername ? `https://www.onekite.com/user/${encodeURIComponent(String(r.approvedByUsername))}` : ''),
+        validatedByUrl: (r.approvedByUsername ? `${forumBaseUrl()}/user/${encodeURIComponent(String(r.approvedByUsername))}` : ''),
       });
     }
   } catch (e) {}
@@ -218,8 +221,8 @@ admin.markReservationPaid = async function (req, res) {
       await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
         uid: requesterUid,
         username: requester && requester.username ? requester.username : '',
-        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
         dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
         paymentReceiptUrl: '',
         pickupTime: r.pickupTime || '',
@@ -227,7 +230,7 @@ admin.markReservationPaid = async function (req, res) {
         mapUrl: '',
         ...(buildCalendarLinks({
           type: 'reservation', id: String(r.rid || ''), uid: Number(r.uid) || 0,
-          itemNames: Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : []),
+          itemNames: arrayifyNames(r),
           pickupAddress: r.pickupAddress || '', allDay: true,
           startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate))) ? String(r.startDate) : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
           endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
@@ -272,8 +275,8 @@ admin.refuseReservation = async function (req, res) {
       await sendEmail('calendar-onekite_refused', requesterUid, 'Location matériel - Réservation refusée', {
         uid: requesterUid,
         username: requester && requester.username ? requester.username : '',
-        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
         dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
         start: formatFR(r.start),
         end: formatFR(r.end),
@@ -684,6 +687,131 @@ admin.exportAccountingCsv = async function (req, res) {
 };
 
 
+// Sync payment status from HelloAsso for a reservation stuck in awaiting_payment.
+// Uses the stored checkoutIntentId to query HelloAsso's API directly.
+admin.syncPaymentFromHelloAsso = async function (req, res) {
+  const rid = String(req.params.rid || '').trim();
+  if (!rid) return res.status(400).json({ error: 'missing-rid' });
+
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+
+  if (r.status === 'paid') {
+    return res.json({ ok: true, alreadyPaid: true, status: r.status });
+  }
+
+  const checkoutIntentId = r.checkoutIntentId ? String(r.checkoutIntentId) : null;
+  if (!checkoutIntentId) {
+    return res.json({ ok: false, reason: 'no-checkout-intent-id', status: r.status });
+  }
+
+  const settings = await getSettings();
+  const token = await helloasso.getAccessToken({
+    env: settings.helloassoEnv || 'prod',
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+  if (!token) {
+    return res.json({ ok: false, reason: 'helloasso-auth-failed' });
+  }
+
+  const details = await helloasso.getCheckoutIntentDetails({
+    env: settings.helloassoEnv || 'prod',
+    token,
+    organizationSlug: settings.helloassoOrganizationSlug,
+    checkoutIntentId,
+  });
+
+  if (!details) {
+    return res.json({ ok: false, reason: 'checkout-intent-not-found', checkoutIntentId });
+  }
+
+  // Determine payment state from checkout intent details
+  const order = (details && details.order) ? details.order : details;
+  const orderState = String((order && (order.state || order.status)) || '').toLowerCase();
+  const paymentsArr = (order && Array.isArray(order.payments)) ? order.payments : [];
+  const paymentState = paymentsArr.length
+    ? String((paymentsArr[0].state || paymentsArr[0].status) || '').toLowerCase()
+    : '';
+  const okStates = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'];
+  const isPaid = okStates.includes(orderState) || okStates.includes(paymentState);
+
+  if (!isPaid) {
+    return res.json({ ok: false, reason: 'not-paid-on-helloasso', orderState, paymentState });
+  }
+
+  // Mark as paid
+  const prevStatus = r.status;
+  r.status = 'paid';
+  r.paidAt = Date.now();
+  r.syncedFromHelloAsso = true;
+  r.syncedBy = req.uid;
+  const paymentId = paymentsArr.length ? String(paymentsArr[0].id || '') : '';
+  const paymentReceiptUrl = paymentsArr.length
+    ? String(paymentsArr[0].paymentReceiptUrl || paymentsArr[0].receiptUrl || '')
+    : '';
+  if (paymentId) r.paymentId = paymentId;
+  if (paymentReceiptUrl) r.paymentReceiptUrl = paymentReceiptUrl;
+  await dbLayer.saveReservation(r);
+
+  try {
+    await dbLayer.addAuditEntry({
+      ts: Date.now(), year: new Date().getFullYear(),
+      action: 'reservation_sync_paid',
+      targetType: 'reservation', targetId: String(r.rid),
+      reservationUid: Number(r.uid) || 0,
+      reservationUsername: String(r.username || ''),
+      actorUid: req.uid || 0,
+      prevStatus,
+    });
+  } catch (e) {}
+
+  realtime.emitCalendarUpdated({ kind: 'reservation', action: 'paid', rid: String(r.rid), status: 'paid' });
+
+  try {
+    const requesterUid = parseInt(r.uid, 10);
+    if (requesterUid) {
+      const requester = await user.getUserFields(requesterUid, ['username']);
+      const latNum = Number(r.pickupLat);
+      const lonNum = Number(r.pickupLon);
+      const mapUrl = (Number.isFinite(latNum) && Number.isFinite(lonNum))
+        ? `https://www.openstreetmap.org/?mlat=${encodeURIComponent(String(latNum))}&mlon=${encodeURIComponent(String(lonNum))}#map=18/${encodeURIComponent(String(latNum))}/${encodeURIComponent(String(lonNum))}`
+        : '';
+      await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
+        uid: requesterUid,
+        username: requester && requester.username ? requester.username : '',
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
+        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+        paymentReceiptUrl: r.paymentReceiptUrl || '',
+        pickupTime: r.pickupTime || '',
+        pickupAddress: r.pickupAddress || '',
+        mapUrl,
+        ...(buildCalendarLinks({
+          type: 'reservation', id: String(r.rid || ''), uid: requesterUid,
+          itemNames: arrayifyNames(r),
+          pickupAddress: r.pickupAddress || '', allDay: true,
+          startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate))) ? String(r.startDate) : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
+          endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
+        })),
+      });
+    }
+  } catch (e) {}
+
+  try {
+    const requester = await user.getUserFields(parseInt(r.uid, 10), ['username']);
+    await discord.notifyPaymentReceived(settings, {
+      rid: r.rid, uid: r.uid,
+      username: (requester && requester.username) ? requester.username : (r.username || ''),
+      itemIds: arrayifyIds(r),
+      itemNames: arrayifyNames(r),
+      start: r.start, end: r.end, status: r.status,
+    });
+  } catch (e) {}
+
+  return res.json({ ok: true, synced: true, prevStatus, paymentId: r.paymentId || '' });
+};
+
 admin.purgeAccounting = async function (req, res) {
   const qFrom = String((req.query && req.query.from) || '').trim();
   const qTo = String((req.query && req.query.to) || '').trim();

package/lib/api.js

@@ -28,6 +28,8 @@ const {
   signCalendarLink,
   ymdToCompact,
   getSetting,
+  arrayifyIds,
+  arrayifyNames,
 } = shared;
 
 const helloasso = require('./helloasso');
@@ -220,8 +222,8 @@ function eventsFor(resv) {
     ? String(resv.endDate)
     : new Date(parseInt(resv.end, 10)).toISOString().slice(0, 10);
 
-  const itemIds = Array.isArray(resv.itemIds) ? resv.itemIds : (resv.itemId ? [resv.itemId] : []);
-  const itemNames = Array.isArray(resv.itemNames) ? resv.itemNames : (resv.itemName ? [resv.itemName] : []);
+  const itemIds = arrayifyIds(resv);
+  const itemNames = arrayifyNames(resv);
 
   // Calendar export links (only really useful to the reservation creator, but
   // harmless to include for everyone; access is protected by signature).
@@ -592,8 +594,8 @@ api.getReservationDetails = async function (req, res) {
     status: r.status,
     uid: r.uid,
     username: r.username || '',
-    itemNames: Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : []),
-    itemIds: Array.isArray(r.itemIds) ? r.itemIds : (r.itemId ? [r.itemId] : []),
+    itemNames: arrayifyNames(r),
+    itemIds: arrayifyIds(r),
     start: r.start,
     end: r.end,
     approvedByUsername: r.approvedByUsername || '',
@@ -1326,7 +1328,7 @@ api.createReservation = async function (req, res) {
       const exEnd = parseInt(existing.end, 10);
       if (!(exStart < end && start < exEnd)) continue;
     }
-    const exItemIds = Array.isArray(existing.itemIds) ? existing.itemIds : (existing.itemId ? [existing.itemId] : []);
+    const exItemIds = arrayifyIds(existing);
     const conflictingItemIds = exItemIds.filter(x => itemIds.includes(String(x)));
     if (conflictingItemIds.length) {
       conflicts.push({ rid: existing.rid, itemIds: conflictingItemIds, status: existing.status });
@@ -1678,8 +1680,8 @@ api.approveReservation = async function (req, res) {
     targetId: String(rid),
     reservationUid: Number(r.uid) || 0,
     reservationUsername: String(r.username || ''),
-    itemIds: r.itemIds || (r.itemId ? [r.itemId] : []),
-    itemNames: r.itemNames || (r.itemName ? [r.itemName] : []),
+    itemIds: arrayifyIds(r),
+    itemNames: arrayifyNames(r),
     startDate: r.startDate || '',
     endDate: r.endDate || '',
     status: r.status,
@@ -1697,8 +1699,8 @@ api.approveReservation = async function (req, res) {
     await sendEmail('calendar-onekite_approved', requesterUid, 'Location matériel - Réservation validée', {
       uid: requesterUid,
       username: requester && requester.username ? requester.username : '',
-      itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-      itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+      itemName: arrayifyNames(r).join(', '),
+      itemNames: arrayifyNames(r),
       dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
       start: formatFR(r.start),
       end: formatFR(r.end),
@@ -1722,7 +1724,7 @@ api.approveReservation = async function (req, res) {
         endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
       }),
       validatedBy: r.approvedByUsername || '',
-      validatedByUrl: (r.approvedByUsername ? `https://www.onekite.com/user/${encodeURIComponent(String(r.approvedByUsername))}` : ''),
+      validatedByUrl: (r.approvedByUsername ? `${forumBaseUrl()}/user/${encodeURIComponent(String(r.approvedByUsername))}` : ''),
     });
   }
   return res.json({ ok: true });
@@ -1759,8 +1761,8 @@ api.refuseReservation = async function (req, res) {
     targetId: String(rid),
     reservationUid: Number(r.uid) || 0,
     reservationUsername: String(r.username || ''),
-    itemIds: r.itemIds || (r.itemId ? [r.itemId] : []),
-    itemNames: r.itemNames || (r.itemName ? [r.itemName] : []),
+    itemIds: arrayifyIds(r),
+    itemNames: arrayifyNames(r),
     startDate: r.startDate || '',
     endDate: r.endDate || '',
     reason: r.refusedReason || '',
@@ -1773,8 +1775,8 @@ api.refuseReservation = async function (req, res) {
     await sendEmail('calendar-onekite_refused', requesterUid2, 'Location matériel - Demande de réservation', {
       uid: requesterUid2,
       username: requester && requester.username ? requester.username : '',
-      itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-      itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+      itemName: arrayifyNames(r).join(', '),
+      itemNames: arrayifyNames(r),
       dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
       start: formatFR(r.start),
       end: formatFR(r.end),
@@ -1831,8 +1833,8 @@ api.cancelReservation = async function (req, res) {
     targetId: String(rid),
     reservationUid: Number(r.uid) || 0,
     reservationUsername: String(r.username || ''),
-    itemIds: r.itemIds || (r.itemId ? [r.itemId] : []),
-    itemNames: r.itemNames || (r.itemName ? [r.itemName] : []),
+    itemIds: arrayifyIds(r),
+    itemNames: arrayifyNames(r),
     startDate: r.startDate || '',
     endDate: r.endDate || '',
     status: r.status,
@@ -1844,8 +1846,8 @@ api.cancelReservation = async function (req, res) {
       rid: r.rid,
       uid: r.uid,
       username: r.username || '',
-      itemIds: r.itemIds || [],
-      itemNames: r.itemNames || [],
+      itemIds: arrayifyIds(r),
+      itemNames: arrayifyNames(r),
       start: r.start,
       end: r.end,
       status: r.status,
@@ -1865,8 +1867,8 @@ api.cancelReservation = async function (req, res) {
       await sendEmail('calendar-onekite_cancelled', requesterUid, 'Location matériel - Réservation annulée', {
         uid: requesterUid,
         username: requester && requester.username ? requester.username : '',
-        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
         dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
         cancelledBy: (r.cancelledByUsername || (canceller && canceller.username) || ''),
         cancelledByUrl: ((r.cancelledByUsername || (canceller && canceller.username)) ? `${forumBaseUrl()}/user/${encodeURIComponent(String(r.cancelledByUsername || canceller.username))}` : ''),
@@ -2065,7 +2067,7 @@ api.getIcs = async function (req, res) {
         ? String(r.endDate)
         : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10);
 
-      const itemNames = Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : []);
+      const itemNames = arrayifyNames(r);
       const summary = itemNames.length ? `Location - ${itemNames.join(', ')}` : 'Location matériel';
       const description = [
         itemNames.length ? `Matériel: ${itemNames.join(', ')}` : '',

package/lib/checkout.js

@@ -23,6 +23,8 @@ const {
   normalizeCallbackUrl,
   normalizeReturnUrl,
   formatFR,
+  arrayifyIds,
+  arrayifyNames,
 } = require('./shared');
 
 /**
@@ -56,8 +58,8 @@ async function buildCheckoutIntent({ r, settings }) {
 
   const year = yearFromTs(Number(r.start));
   const formSlug = autoFormSlugForYear(year);
-  const itemIds = (Array.isArray(r.itemIds) ? r.itemIds : (r.itemId ? [r.itemId] : [])).map(String);
-  const itemNames = Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : []);
+  const itemIds = arrayifyIds(r).map(String);
+  const itemNames = arrayifyNames(r);
   const days = calendarDaysExclusiveYmd(r.startDate, r.endDate) || 1;
 
   // Recompute total from HelloAsso catalog to always use up-to-date prices.

package/lib/helloassoWebhook.js

@@ -9,7 +9,7 @@ const helloasso = require('./helloasso');
 const discord = require('./discord');
 const realtime = require('./realtime');
 const shared = require('./shared');
-const { formatFR, sendEmail, buildCalendarLinks } = shared;
+const { formatFR, sendEmail, buildCalendarLinks, arrayifyIds, arrayifyNames } = shared;
 
 const SETTINGS_KEY = 'calendar-onekite';
 const PROCESSED_KEY = 'calendar-onekite:helloasso:processedPayments';
@@ -25,7 +25,7 @@ function buildReservationCalendarLinks(r) {
   const endYmd = (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate)))
     ? String(r.endDate)
     : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10);
-  const itemNames = Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : []);
+  const itemNames = arrayifyNames(r);
   return buildCalendarLinks({
     type: 'reservation',
     id: String(r.rid || ''),
@@ -117,10 +117,12 @@ function isConfirmedPayment(payload) {
     const okState = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'].includes(state);
 
     if (eventType === 'payment') return okState;
-    if (eventType === 'order') {
-      // Order payloads sometimes omit the state field; accept when missing.
+    if (eventType === 'order' || eventType === 'checkout') {
+      // Order/Checkout payloads sometimes omit the state field; accept when missing.
       return !state || okState;
     }
+    // For any other event type, accept if state is clearly positive.
+    if (okState) return true;
     return false;
   } catch (e) {
     return false;
@@ -315,8 +317,8 @@ async function handler(req, res, next) {
       targetId: String(r.rid),
       reservationUid: Number(r.uid) || 0,
       reservationUsername: String(r.username || ''),
-      itemIds: r.itemIds || (r.itemId ? [r.itemId] : []),
-      itemNames: r.itemNames || (r.itemName ? [r.itemName] : []),
+      itemIds: arrayifyIds(r),
+      itemNames: arrayifyNames(r),
       startDate: r.startDate || '',
       endDate: r.endDate || '',
       paymentId: r.paymentId,
@@ -336,8 +338,8 @@ async function handler(req, res, next) {
       await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
         uid: requesterUid,
         username: requester && requester.username ? requester.username : '',
-        itemName: (Array.isArray(r.itemNames) ? r.itemNames.join(', ') : (r.itemName || '')),
-        itemNames: (Array.isArray(r.itemNames) ? r.itemNames : (r.itemName ? [r.itemName] : [])),
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
         dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
         paymentReceiptUrl: r.paymentReceiptUrl || '',
         pickupTime: r.pickupTime || '',
@@ -352,8 +354,8 @@ async function handler(req, res, next) {
         rid: r.rid,
         uid: r.uid,
         username: (requester && requester.username) ? requester.username : (r.username || ''),
-        itemIds: r.itemIds || (r.itemId ? [r.itemId] : []),
-        itemNames: r.itemNames || (r.itemName ? [r.itemName] : []),
+        itemIds: arrayifyIds(r),
+        itemNames: arrayifyNames(r),
         start: r.start,
         end: r.end,
         status: r.status,

package/lib/shared.js

@@ -374,6 +374,13 @@ function arrayifyNames(obj) {
   ).filter(Boolean);
 }
 
+function arrayifyIds(obj) {
+  return (Array.isArray(obj && obj.itemIds)
+    ? obj.itemIds
+    : (obj && obj.itemId ? [obj.itemId] : [])
+  ).filter(Boolean);
+}
+
 function getSetting(settings, key, fallback) {
   const v = settings && Object.prototype.hasOwnProperty.call(settings, key) ? settings[key] : undefined;
   if (v == null || v === '') return fallback;
@@ -392,7 +399,6 @@ module.exports = {
   autoCreatorGroupForYear,
 
   // HMAC / signing
-  hmacSecret,
   signCalendarLink,
 
   // Dates
@@ -424,5 +430,6 @@ module.exports = {
 
   // Misc
   arrayifyNames,
+  arrayifyIds,
   getSetting,
 };

package/library.js

@@ -113,6 +113,7 @@ Plugin.init = async function (params) {
   router.put(`${adminBase}/reservations/:rid/approve`, ...adminMws, admin.approveReservation);
   router.put(`${adminBase}/reservations/:rid/refuse`, ...adminMws, admin.refuseReservation);
   router.put(`${adminBase}/reservations/:rid/mark-paid`, ...adminMws, admin.markReservationPaid);
+  router.post(`${adminBase}/reservations/:rid/sync-payment`, ...adminMws, admin.syncPaymentFromHelloAsso);
 
   router.post(`${adminBase}/purge`, ...adminMws, admin.purgeByYear);
   router.get(`${adminBase}/debug`, ...adminMws, admin.debugHelloAsso);
@@ -126,24 +127,16 @@ Plugin.init = async function (params) {
   // Purge outings by year
   router.post(`${adminBase}/outings/purge`, ...adminMws, admin.purgeOutingsByYear);
 
-  // HelloAsso callback endpoint (hardened)
-  // - Only accepts POST
+  // HelloAsso webhook endpoint (hardened)
   // - Verifies x-ha-signature (HMAC SHA-256) using the configured client secret
-  // - Basic replay protection
-  // NOTE: we capture the raw body for signature verification.
+  // - Basic replay protection; raw body captured for signature verification
   const helloassoJson = bodyParser.json({
     verify: (req, _res, buf) => {
       req.rawBody = buf;
     },
     type: ['application/json', 'application/*+json'],
   });
-  // Accept webhook on both legacy root path and namespaced plugin path.
-  // Some reverse proxies block unknown root paths, so /plugins/... is recommended.
-  router.post('/helloasso', helloassoJson, helloassoWebhook.handler);
   router.post('/plugins/calendar-onekite/helloasso', helloassoJson, helloassoWebhook.handler);
-
-  // Optional: health checks
-  router.get('/helloasso', (req, res) => res.json({ ok: true }));
   router.get('/plugins/calendar-onekite/helloasso', (req, res) => res.json({ ok: true }));
 
   scheduler.start();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-onekite-calendar",
-  "version": "2.0.92",
+  "version": "2.0.94",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/plugin.json

@@ -39,5 +39,5 @@
   "acpScripts": [
     "public/admin.js"
   ],
-  "version": "2.0.70"
+  "version": "2.0.93"
 }

package/lib/nodebb-helpers.js

@@ -1,16 +0,0 @@
-'use strict';
-
-// Thin re-export layer for backward compatibility.
-// All helpers now live in ./shared.js.
-const shared = require('./shared');
-
-module.exports = {
-  normalizeAllowedGroups: shared.normalizeAllowedGroups,
-  normalizeUids: shared.normalizeUids,
-  getMembersByGroupIdentifier: shared.getMembersByGroupIdentifier,
-  userInAnyGroup: shared.userInAnyGroup,
-  forumBaseUrl: shared.forumBaseUrl,
-  sendEmail: shared.sendEmail,
-  normalizeUidList: shared.normalizeUidList,
-  usernamesByUids: shared.usernamesByUids,
-};

package/lib/utils.js

@@ -1,15 +0,0 @@
-'use strict';
-
-// Thin re-export layer for backward compatibility.
-// All helpers now live in ./shared.js.
-const shared = require('./shared');
-
-module.exports = {
-  getSetting: shared.getSetting,
-  formatFR: shared.formatFR,
-  formatFRShort: shared.formatFRShort,
-  forumBaseUrl: shared.forumBaseUrl,
-  normalizeAllowedGroups: shared.normalizeAllowedGroups,
-  normalizeUids: shared.normalizeUids,
-  arrayifyNames: shared.arrayifyNames,
-};