nodebb-plugin-onekite-calendar 2.0.93 → 2.0.95

package/lib/api.js

@@ -793,8 +793,6 @@ api.leaveSpecialEvent = async function (req, res) {
 api.getCapabilities = async function (req, res) {
   const settings = await getSettings();
   const uid = req.uid || 0;
-  const pendingHoldMinutes = parseInt(getSetting(settings, 'pendingHoldMinutes', '5'), 10) || 5;
-  const paymentHoldMinutes = parseInt(getSetting(settings, 'paymentHoldMinutes', getSetting(settings, 'holdMinutes', '60')), 10) || 60;
   if (!uid) {
     return res.json({
       canModerate: false,
@@ -803,8 +801,6 @@ api.getCapabilities = async function (req, res) {
       canCreateOuting: false,
       canCreateReservation: false,
       specialEventCategoryCid: 0,
-      pendingHoldMinutes,
-      paymentHoldMinutes,
     });
   }
   const [canMod, canSpecialC, canSpecialD, canReq] = await Promise.all([
@@ -821,8 +817,6 @@ api.getCapabilities = async function (req, res) {
     canCreateOuting: canMod || canReq,
     canCreateReservation: canReq,
     specialEventCategoryCid: parseInt(settings && settings.specialEventCategoryId, 10) || 0,
-    pendingHoldMinutes,
-    paymentHoldMinutes,
   });
 };
 

package/lib/scheduler.js

@@ -1,338 +1,9 @@
 'use strict';
 
 const nconf = require.main.require('nconf');
-const db = require.main.require('./src/database');
-const user = require.main.require('./src/user');
-const dbLayer = require('./db');
-const discord = require('./discord');
-const realtime = require('./realtime');
-const { getSettings } = require('./settings');
 
-const shared = require('./shared');
-const {
-  getSetting,
-  formatFR,
-  arrayifyNames,
-  forumBaseUrl,
-  normalizeAllowedGroups,
-  normalizeUids,
-  getMembersByGroupIdentifier,
-  sendEmail,
-} = shared;
 let timer = null;
 
-// Some NodeBB database adapters don't expose setAdd/setRemove helpers.
-// Use a safe "add once" guard to avoid crashing the scheduler.
-async function addOnce(key, value) {
-  const v = String(value);
-  if (!v) return false;
-
-  // Best-effort atomic guard across multi-process / multi-instance.
-  // incrObjectField is implemented by most NodeBB DB adapters (Redis/Mongo).
-  // If it exists, it gives us a reliable "first winner" (value === 1).
-  if (typeof db.incrObjectField === 'function') {
-    try {
-      const n = await db.incrObjectField(key, v);
-      return Number(n) === 1;
-    } catch (e) {
-      // fall through
-    }
-  }
-
-  // Preferred atomic helper (Redis + some adapters)
-  if (typeof db.setAdd === 'function') {
-    try {
-      return !!(await db.setAdd(key, v));
-    } catch (e) {
-      // fall through
-    }
-  }
-
-  // Fallback: store a marker in an object map.
-  // Not perfectly atomic across clustered processes, but avoids a hard failure.
-  try {
-    const existing = await db.getObjectField(key, v);
-    if (existing) return false;
-    await db.setObjectField(key, v, 1);
-    return true;
-  } catch (e) {
-    // Last resort: allow sending rather than silently doing nothing.
-    // This may duplicate emails in edge cases, but avoids "expires with no email".
-    return true;
-  }
-}
-
-// Helpers imported from shared.js above
-async function getValidatorUids(settings) {
-  const out = new Set();
-  // Always include administrators
-  try {
-    const admins = await getMembersByGroupIdentifier('administrators');
-    normalizeUids(admins).forEach((u) => out.add(u));
-  } catch (e) {}
-
-  const groupsCsv = normalizeAllowedGroups(settings && settings.validatorGroups);
-  for (const g of groupsCsv) {
-    try {
-      const members = await getMembersByGroupIdentifier(g);
-      normalizeUids(members).forEach((u) => out.add(u));
-    } catch (e) {}
-  }
-  return Array.from(out);
-}
-
-
-async function getNotifyUids(settings) {
-  const out = new Set();
-  const groupsCsv = normalizeAllowedGroups(settings && settings.notifyGroups);
-  for (const g of groupsCsv) {
-    try {
-      const members = await getMembersByGroupIdentifier(g);
-      normalizeUids(members).forEach((u) => out.add(u));
-    } catch (e) {}
-  }
-  return Array.from(out);
-}
-
-async function getNotifiedValidatorUids(settings) {
-  const [validators, notified] = await Promise.all([
-    getValidatorUids(settings),
-    getNotifyUids(settings),
-  ]);
-  const notifiedSet = new Set((notified || []).map((u) => parseInt(u, 10)).filter(Number.isFinite));
-  return (validators || []).filter((u) => notifiedSet.has(parseInt(u, 10)));
-}
-
-// Pending holds: short lock after a user creates a request (defaults to 5 minutes)
-async function expirePending(preIds, preReservations) {
-  const settings = await getSettings();
-  const holdMins = parseInt(getSetting(settings, 'pendingHoldMinutes', '5'), 10) || 5;
-  const validatorReminderMins = parseInt(getSetting(settings, 'validatorReminderMinutesPending', '0'), 10) || 0;
-  const now = Date.now();
-
-  const adminUrl = (() => {
-    const base = forumBaseUrl();
-    return base ? `${base}/admin/plugins/calendar-onekite` : '/admin/plugins/calendar-onekite';
-  })();
-
-  const validatorUids = validatorReminderMins > 0 ? await getNotifiedValidatorUids(settings) : [];
-
-  const ids = preIds || await dbLayer.listAllReservationIds(5000);
-  if (!ids || !ids.length) return;
-
-  const reservations = preReservations || await dbLayer.getReservations(ids);
-
-  for (let i = 0; i < ids.length; i += 1) {
-    const rid = ids[i];
-    const resv = reservations[i];
-    if (!resv || resv.status !== 'pending') {
-      continue;
-    }
-    const createdAt = parseInt(resv.createdAt, 10) || 0;
-    const expiresAt = createdAt + holdMins * 60 * 1000;
-
-    // Reminder to validators while still pending
-    if (validatorReminderMins > 0 && createdAt && now >= (createdAt + validatorReminderMins * 60 * 1000) && now < expiresAt) {
-      const reminderKey = 'calendar-onekite:email:validatorReminder:pending';
-      const first = await addOnce(reminderKey, rid);
-      if (first && validatorUids.length) {
-        const requesterUid = parseInt(resv.uid, 10) || 0;
-        const requester = requesterUid ? await user.getUserFields(requesterUid, ['username']) : null;
-        const requesterUsername = requester && requester.username ? requester.username : (resv.username || '');
-        for (const vuid of validatorUids) {
-          await sendEmail('calendar-onekite_validator_reminder', vuid, 'Location matériel - Demande en attente', {
-            rid,
-            requesterUsername,
-            itemNames: arrayifyNames(resv),
-            dateRange: `Du ${formatFR(resv.start)} au ${formatFR(resv.end)}`,
-            adminUrl,
-            kind: 'pending',
-            delayMinutes: validatorReminderMins,
-          });
-        }
-      }
-    }
-
-    if (now > expiresAt) {
-      // Expire (remove from calendar) + notify requester + validators
-      const expiredKey = 'calendar-onekite:email:expiredSent:pending';
-      const firstExpired = await addOnce(expiredKey, rid);
-
-      const requesterUid = parseInt(resv.uid, 10) || 0;
-      const requester = requesterUid ? await user.getUserFields(requesterUid, ['username']) : null;
-      const requesterUsername = requester && requester.username ? requester.username : (resv.username || '');
-
-      const reason = 'Demande non prise en charge dans le temps imparti.';
-
-      if (firstExpired && requesterUid) {
-        await sendEmail('calendar-onekite_expired', requesterUid, 'Location matériel - Demande expirée', {
-          uid: requesterUid,
-          username: requesterUsername,
-          itemNames: arrayifyNames(resv),
-          dateRange: `Du ${formatFR(resv.start)} au ${formatFR(resv.end)}`,
-          delayMinutes: holdMins,
-          reason,
-        });
-      }
-
-      // Validators info email (best-effort)
-      if (firstExpired) {
-        const validators = await getNotifiedValidatorUids(settings);
-        for (const vuid of validators) {
-          await sendEmail('calendar-onekite_validator_expired', vuid, 'Location matériel - Demande expirée', {
-            rid,
-            requesterUsername,
-            itemNames: arrayifyNames(resv),
-            dateRange: `Du ${formatFR(resv.start)} au ${formatFR(resv.end)}`,
-            adminUrl,
-            reason,
-          });
-        }
-      }
-
-      await dbLayer.removeReservation(rid);
-
-      // Real-time refresh for all viewers
-      realtime.emitCalendarUpdated({ kind: 'reservation', action: 'expired', rid: String(rid), status: 'expired' });
-    }
-  }
-}
-
-// Payment window logic:
-// - When a reservation is validated it becomes awaiting_payment
-// - We send a reminder after `paymentHoldMinutes` (default 60)
-// - We expire (and remove) after `2 * paymentHoldMinutes`
-async function processAwaitingPayment(preIds, preReservations) {
-  const settings = await getSettings();
-  const holdMins = parseInt(
-    getSetting(settings, 'paymentHoldMinutes', getSetting(settings, 'holdMinutes', '60')),
-    10
-  ) || 60;
-  const now = Date.now();
-
-  const ids = preIds || await dbLayer.listAllReservationIds(5000);
-  if (!ids || !ids.length) return;
-
-  const adminUrl = (() => {
-    const base = forumBaseUrl();
-    return base ? `${base}/admin/plugins/calendar-onekite` : '/admin/plugins/calendar-onekite';
-  })();
-
-  const reservations = preReservations || await dbLayer.getReservations(ids);
-
-  for (let i = 0; i < ids.length; i += 1) {
-    const rid = ids[i];
-    const r = reservations[i];
-    if (!r || r.status !== 'awaiting_payment') continue;
-
-    const approvedAt = parseInt(r.approvedAt || r.validatedAt || 0, 10) || 0;
-    if (!approvedAt) continue;
-
-    const reminderAt = approvedAt + holdMins * 60 * 1000;
-    const expireAt = approvedAt + 2 * holdMins * 60 * 1000;
-
-    if (!r.reminderSent && now >= reminderAt && now < expireAt) {
-      // Send reminder once (guarded across clustered NodeBB processes)
-      const reminderKey = 'calendar-onekite:email:reminderSent';
-      const first = await addOnce(reminderKey, rid);
-      if (!first) {
-        // another process already sent it
-        r.reminderSent = true;
-        r.reminderAt = now;
-        await dbLayer.saveReservation(r);
-        continue;
-      }
-
-      const toUid = parseInt(r.uid, 10);
-      const u = await user.getUserFields(toUid, ['username']);
-      if (toUid) {
-        await sendEmail('calendar-onekite_reminder', toUid, 'Location matériel - Rappel', {
-          uid: toUid,
-          username: (u && u.username) ? u.username : '',
-          itemName: arrayifyNames(r).join(', '),
-          itemNames: arrayifyNames(r),
-          dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-          paymentUrl: r.paymentUrl || '',
-          calendarUrl: `${forumBaseUrl()}/calendar`,
-          delayMinutes: holdMins,
-          pickupLine: r.pickupTime ? (r.adminNote ? `${r.pickupTime} à ${r.adminNote}` : r.pickupTime) : '',
-        });
-      }
-
-      r.reminderSent = true;
-      r.reminderAt = now;
-      await dbLayer.saveReservation(r);
-      continue;
-    }
-
-    if (now >= expireAt) {
-      // Expire: remove reservation so it disappears from calendar and frees items
-      // Guard email send across clustered NodeBB processes
-      const expiredKey = 'calendar-onekite:email:expiredSent';
-      const firstExpired = await addOnce(expiredKey, rid);
-      const shouldEmail = !!firstExpired;
-
-      // Guard Discord notification across clustered NodeBB processes
-      const discordKey = 'calendar-onekite:discord:cancelledSent';
-      const firstDiscord = await addOnce(discordKey, rid);
-      const shouldDiscord = !!firstDiscord;
-
-      const toUid = parseInt(r.uid, 10);
-      const u = await user.getUserFields(toUid, ['username']);
-
-      if (shouldEmail && toUid) {
-        await sendEmail('calendar-onekite_expired', toUid, 'Location matériel - Demande expirée', {
-          uid: toUid,
-          username: (u && u.username) ? u.username : '',
-          itemName: arrayifyNames(r).join(', '),
-          itemNames: arrayifyNames(r),
-          dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-          delayMinutes: holdMins,
-          reason: 'Paiement non reçu dans le temps imparti.',
-        });
-      }
-
-      // Validators info email (best-effort)
-      if (shouldEmail) {
-        const validators = await getNotifiedValidatorUids(settings);
-        for (const vuid of validators) {
-          await sendEmail('calendar-onekite_validator_expired', vuid, 'Location matériel - Demande expirée', {
-            rid: r.rid || rid,
-            requesterUsername: (u && u.username) ? u.username : (r.username || ''),
-            itemNames: arrayifyNames(r),
-            dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-            adminUrl,
-            reason: 'Paiement non reçu dans le temps imparti.',
-            paymentUrl: r.paymentUrl || '',
-          });
-        }
-      }
-
-      if (shouldDiscord) {
-        try {
-          await discord.notifyReservationCancelled(settings, {
-            rid: r.rid || rid,
-            uid: r.uid,
-            username: (u && u.username) ? u.username : (r.username || ''),
-            itemIds: r.itemIds || [],
-            itemNames: r.itemNames || [],
-            start: r.start,
-            end: r.end,
-            status: 'cancelled',
-            cancelledAt: now,
-            cancelledBy: 'system',
-          });
-        } catch (e) {}
-      }
-
-      await dbLayer.removeReservation(rid);
-
-      // Real-time refresh for all viewers
-      realtime.emitCalendarUpdated({ kind: 'reservation', action: 'expired', rid: String(rid), status: 'expired' });
-    }
-  }
-}
-
 function start() {
   const runJobs = nconf.get('runJobs');
   if (runJobs === false || runJobs === 'false' || runJobs === 0 || runJobs === '0') {
@@ -340,24 +11,8 @@ function start() {
     console.info('[calendar-onekite] Scheduler disabled (runJobs=false)');
     return;
   }
-  if (timer) return;
   // eslint-disable-next-line no-console
-  console.info('[calendar-onekite] Scheduler enabled');
-  timer = setInterval(async () => {
-    try {
-      // Single DB fetch shared between both jobs (avoids duplicate listAll + getReservations)
-      const ids = await dbLayer.listAllReservationIds(5000);
-      const reservations = ids && ids.length ? await dbLayer.getReservations(ids) : [];
-      await expirePending(ids, reservations).catch((err) => {
-        console.warn('[calendar-onekite] Scheduler error in expirePending', err && err.message ? err.message : err);
-      });
-      await processAwaitingPayment(ids, reservations).catch((err) => {
-        console.warn('[calendar-onekite] Scheduler error in processAwaitingPayment', err && err.message ? err.message : err);
-      });
-    } catch (err) {
-      console.warn('[calendar-onekite] Scheduler tick error', err && err.message ? err.message : err);
-    }
-  }, 60 * 1000);
+  console.info('[calendar-onekite] Scheduler started (no expiry timers configured)');
 }
 
 function stop() {
@@ -367,9 +22,4 @@ function stop() {
   }
 }
 
-module.exports = {
-  start,
-  stop,
-  expirePending,
-  processAwaitingPayment,
-};
+module.exports = { start, stop };

package/lib/shared.js

@@ -399,7 +399,6 @@ module.exports = {
   autoCreatorGroupForYear,
 
   // HMAC / signing
-  hmacSecret,
   signCalendarLink,
 
   // Dates

package/library.js

@@ -127,24 +127,16 @@ Plugin.init = async function (params) {
   // Purge outings by year
   router.post(`${adminBase}/outings/purge`, ...adminMws, admin.purgeOutingsByYear);
 
-  // HelloAsso callback endpoint (hardened)
-  // - Only accepts POST
+  // HelloAsso webhook endpoint (hardened)
   // - Verifies x-ha-signature (HMAC SHA-256) using the configured client secret
-  // - Basic replay protection
-  // NOTE: we capture the raw body for signature verification.
+  // - Basic replay protection; raw body captured for signature verification
   const helloassoJson = bodyParser.json({
     verify: (req, _res, buf) => {
       req.rawBody = buf;
     },
     type: ['application/json', 'application/*+json'],
   });
-  // Accept webhook on both legacy root path and namespaced plugin path.
-  // Some reverse proxies block unknown root paths, so /plugins/... is recommended.
-  router.post('/helloasso', helloassoJson, helloassoWebhook.handler);
   router.post('/plugins/calendar-onekite/helloasso', helloassoJson, helloassoWebhook.handler);
-
-  // Optional: health checks
-  router.get('/helloasso', (req, res) => res.json({ ok: true }));
   router.get('/plugins/calendar-onekite/helloasso', (req, res) => res.json({ ok: true }));
 
   scheduler.start();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-onekite-calendar",
-  "version": "2.0.93",
+  "version": "2.0.95",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/public/client.js

@@ -1244,14 +1244,6 @@ function toDatetimeLocalValue(date) {
       </div>
     ` : '';
 
-    const holdPending = parseInt((opts && opts.pendingHoldMinutes), 10) || 5;
-    const holdPayment = parseInt((opts && opts.paymentHoldMinutes), 10) || 60;
-    const delayBannerHtml = `
-      <div class="mt-2 p-2 rounded" style="font-size: 12px; background: var(--bs-info-bg-subtle, #cff4fc); border: 1px solid var(--bs-info-border-subtle, #9eeaf9); color: var(--bs-info-text-emphasis, #055160);">
-        <strong>Délais :</strong>
-        validation sous <strong>${fmtDuration(holdPending)}</strong> · paiement sous <strong>${fmtDuration(holdPayment)}</strong> après validation
-      </div>
-    `;
 
     const messageHtml = `
       <div class="mb-2" id="onekite-period"><strong>Période</strong><br>${formatDt(start)} → ${formatDt(endDisplay)} <span class="text-muted" id="onekite-days">(${days} jour${days > 1 ? 's' : ''})</span></div>
@@ -1269,7 +1261,6 @@ function toDatetimeLocalValue(date) {
         <div id="onekite-total" style="font-size: 18px;"><strong>0,00 €</strong></div>
       </div>
       <div class="text-muted" style="font-size: 12px;">Les matériels grisés sont déjà réservés ou en attente.</div>
-      ${delayBannerHtml}
     `;
 
     return new Promise((resolve) => {
@@ -1446,9 +1437,6 @@ function toDatetimeLocalValue(date) {
     const canCreateReservation = !!caps.canCreateReservation;
     const isValidator = !!caps.isValidator;
     const specialEventCategoryCid = parseInt(caps.specialEventCategoryCid, 10) || 0;
-    const pendingHoldMinutes = parseInt(caps.pendingHoldMinutes, 10) || 5;
-    const paymentHoldMinutes = parseInt(caps.paymentHoldMinutes, 10) || 60;
-
     // Creation chooser: Location / Prévision de sortie / Évènement (si autorisé).
 
     // Inject lightweight responsive CSS once.
@@ -1596,7 +1584,7 @@ function toDatetimeLocalValue(date) {
               showAlert('error', 'Aucun matériel disponible (items HelloAsso non chargés).');
               return;
             }
-            const chosen = await openReservationDialog(sel, items, { isValidator, pendingHoldMinutes, paymentHoldMinutes });
+            const chosen = await openReservationDialog(sel, items, { isValidator });
             if (!chosen || !chosen.itemIds || !chosen.itemIds.length) return;
             const startDate = toLocalYmd(sel.start);
             const endDate = (chosen && chosen.endDate) ? String(chosen.endDate) : toLocalYmd(sel.end);
@@ -1688,7 +1676,7 @@ function toDatetimeLocalValue(date) {
               showAlert('error', 'Aucun matériel disponible (items HelloAsso non chargés).');
               return;
             }
-            const chosen = await openReservationDialog(sel, items, { isValidator, pendingHoldMinutes, paymentHoldMinutes });
+            const chosen = await openReservationDialog(sel, items, { isValidator });
             if (!chosen || !chosen.itemIds || !chosen.itemIds.length) return;
             const startDate = toLocalYmd(sel.start);
             const endDate = (chosen && chosen.endDate) ? String(chosen.endDate) : toLocalYmd(sel.end);

package/templates/admin/plugins/calendar-onekite.tpl

@@ -51,23 +51,6 @@
             <input class="form-control" name="notifyGroups" placeholder="ex: administrators">
           </div>
 
-          <div class="mb-3">
-            <label class="form-label">Durée de blocage en attente (minutes)</label>
-            <input class="form-control" name="pendingHoldMinutes" placeholder="5">
-          </div>
-
-          <div class="mb-3">
-            <label class="form-label">Rappel validateurs (demande en attente) après (minutes)</label>
-            <input class="form-control" name="validatorReminderMinutesPending" placeholder="0">
-            <div class="form-text">Si &gt; 0, un email de rappel est envoyé aux validateurs après ce délai tant que la demande est toujours en attente.</div>
-          </div>
-
-          <div class="mb-3">
-            <label class="form-label">Délai rappel paiement (minutes)</label>
-            <input class="form-control" name="paymentHoldMinutes" placeholder="60">
-            <div class="form-text">Après validation (statut <code>paiement en attente</code>), un rappel est envoyé après ce délai. La réservation est ensuite expirée après <strong>2×</strong> ce délai.</div>
-          </div>
-
           <div class="mb-3">
             <label class="form-label">Location longue durée (jours) pour validateurs</label>
             <input class="form-control" name="validatorFreeMaxDays" placeholder="0">