npm - nodebb-plugin-onekite-calendar - Versions diffs - 2.0.95 → 2.0.96 - Mend

nodebb-plugin-onekite-calendar 2.0.95 → 2.0.96

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/lib/admin.js +7 -116
package/lib/api.js +18 -0
package/lib/helloassoWebhook.js +99 -17
package/lib/syncPayment.js +141 -0
package/library.js +1 -0
package/package.json +1 -1
package/public/client.js +51 -2
package/templates/emails/calendar-onekite_approved.tpl +1 -4
package/templates/emails/calendar-onekite_reminder.tpl +1 -4

package/lib/admin.js CHANGED Viewed

@@ -23,6 +23,7 @@ const dbLayer = require('./db');
 const helloasso = require('./helloasso');
 const discord = require('./discord');
 const { buildCheckoutIntent } = require('./checkout');
+const { syncPayment: syncPaymentHelper } = require('./syncPayment');
 const ADMIN_PRIV = 'admin:settings';
@@ -166,10 +167,9 @@ admin.approveReservation = async function (req, res) {
         pickupLon: r.pickupLon || '',
         mapUrl,
         ...(buildCalendarLinks({
-          rid: String(r.rid),
-          uid: requesterUid,
+          type: 'reservation', id: String(r.rid || ''), uid: requesterUid,
           itemNames: arrayifyNames(r),
-          pickupAddress: r.pickupAddress || '',
+          pickupAddress: r.pickupAddress || '', allDay: true,
           startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate))) ? String(r.startDate) : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
           endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
         })),
@@ -690,126 +690,17 @@ admin.exportAccountingCsv = async function (req, res) {
 // Sync payment status from HelloAsso for a reservation stuck in awaiting_payment.
 // Uses the stored checkoutIntentId to query HelloAsso's API directly.
 admin.syncPaymentFromHelloAsso = async function (req, res) {
+  if (!req.uid) return res.status(401).json({ error: 'not-logged-in' });
   const rid = String(req.params.rid || '').trim();
   if (!rid) return res.status(400).json({ error: 'missing-rid' });
   const r = await dbLayer.getReservation(rid);
   if (!r) return res.status(404).json({ error: 'not-found' });
-  if (r.status === 'paid') {
-    return res.json({ ok: true, alreadyPaid: true, status: r.status });
-  }
-  const checkoutIntentId = r.checkoutIntentId ? String(r.checkoutIntentId) : null;
-  if (!checkoutIntentId) {
-    return res.json({ ok: false, reason: 'no-checkout-intent-id', status: r.status });
-  }
   const settings = await getSettings();
-  const token = await helloasso.getAccessToken({
-    env: settings.helloassoEnv || 'prod',
-    clientId: settings.helloassoClientId,
-    clientSecret: settings.helloassoClientSecret,
-  });
-  if (!token) {
-    return res.json({ ok: false, reason: 'helloasso-auth-failed' });
-  }
-  const details = await helloasso.getCheckoutIntentDetails({
-    env: settings.helloassoEnv || 'prod',
-    token,
-    organizationSlug: settings.helloassoOrganizationSlug,
-    checkoutIntentId,
-  });
-  if (!details) {
-    return res.json({ ok: false, reason: 'checkout-intent-not-found', checkoutIntentId });
-  }
-  // Determine payment state from checkout intent details
-  const order = (details && details.order) ? details.order : details;
-  const orderState = String((order && (order.state || order.status)) || '').toLowerCase();
-  const paymentsArr = (order && Array.isArray(order.payments)) ? order.payments : [];
-  const paymentState = paymentsArr.length
-    ? String((paymentsArr[0].state || paymentsArr[0].status) || '').toLowerCase()
-    : '';
-  const okStates = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'];
-  const isPaid = okStates.includes(orderState) || okStates.includes(paymentState);
-  if (!isPaid) {
-    return res.json({ ok: false, reason: 'not-paid-on-helloasso', orderState, paymentState });
-  }
-  // Mark as paid
-  const prevStatus = r.status;
-  r.status = 'paid';
-  r.paidAt = Date.now();
-  r.syncedFromHelloAsso = true;
-  r.syncedBy = req.uid;
-  const paymentId = paymentsArr.length ? String(paymentsArr[0].id || '') : '';
-  const paymentReceiptUrl = paymentsArr.length
-    ? String(paymentsArr[0].paymentReceiptUrl || paymentsArr[0].receiptUrl || '')
-    : '';
-  if (paymentId) r.paymentId = paymentId;
-  if (paymentReceiptUrl) r.paymentReceiptUrl = paymentReceiptUrl;
-  await dbLayer.saveReservation(r);
-  try {
-    await dbLayer.addAuditEntry({
-      ts: Date.now(), year: new Date().getFullYear(),
-      action: 'reservation_sync_paid',
-      targetType: 'reservation', targetId: String(r.rid),
-      reservationUid: Number(r.uid) || 0,
-      reservationUsername: String(r.username || ''),
-      actorUid: req.uid || 0,
-      prevStatus,
-    });
-  } catch (e) {}
-  realtime.emitCalendarUpdated({ kind: 'reservation', action: 'paid', rid: String(r.rid), status: 'paid' });
-  try {
-    const requesterUid = parseInt(r.uid, 10);
-    if (requesterUid) {
-      const requester = await user.getUserFields(requesterUid, ['username']);
-      const latNum = Number(r.pickupLat);
-      const lonNum = Number(r.pickupLon);
-      const mapUrl = (Number.isFinite(latNum) && Number.isFinite(lonNum))
-        ? `https://www.openstreetmap.org/?mlat=${encodeURIComponent(String(latNum))}&mlon=${encodeURIComponent(String(lonNum))}#map=18/${encodeURIComponent(String(latNum))}/${encodeURIComponent(String(lonNum))}`
-        : '';
-      await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
-        uid: requesterUid,
-        username: requester && requester.username ? requester.username : '',
-        itemName: arrayifyNames(r).join(', '),
-        itemNames: arrayifyNames(r),
-        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
-        paymentReceiptUrl: r.paymentReceiptUrl || '',
-        pickupTime: r.pickupTime || '',
-        pickupAddress: r.pickupAddress || '',
-        mapUrl,
-        ...(buildCalendarLinks({
-          type: 'reservation', id: String(r.rid || ''), uid: requesterUid,
-          itemNames: arrayifyNames(r),
-          pickupAddress: r.pickupAddress || '', allDay: true,
-          startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate))) ? String(r.startDate) : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
-          endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate))) ? String(r.endDate) : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
-        })),
-      });
-    }
-  } catch (e) {}
-  try {
-    const requester = await user.getUserFields(parseInt(r.uid, 10), ['username']);
-    await discord.notifyPaymentReceived(settings, {
-      rid: r.rid, uid: r.uid,
-      username: (requester && requester.username) ? requester.username : (r.username || ''),
-      itemIds: arrayifyIds(r),
-      itemNames: arrayifyNames(r),
-      start: r.start, end: r.end, status: r.status,
-    });
-  } catch (e) {}
-  return res.json({ ok: true, synced: true, prevStatus, paymentId: r.paymentId || '' });
+  const result = await syncPaymentHelper({ r, settings, actorUid: req.uid });
+  return res.json(result);
 };
 admin.purgeAccounting = async function (req, res) {

package/lib/api.js CHANGED Viewed

@@ -36,6 +36,7 @@ const helloasso = require('./helloasso');
 const discord = require('./discord');
 const realtime = require('./realtime');
 const { buildCheckoutIntent } = require('./checkout');
+const { syncPayment: syncPaymentHelper } = require('./syncPayment');
 function overlap(aStart, aEnd, bStart, bEnd) {
@@ -1873,6 +1874,23 @@ api.cancelReservation = async function (req, res) {
   return res.json({ ok: true, status: 'cancelled' });
 };
+// Validator: sync payment status from HelloAsso (fallback when webhook fails).
+api.syncPaymentFromHelloAsso = async function (req, res) {
+  const uid = req.uid;
+  if (!uid) return res.status(401).json({ error: 'not-logged-in' });
+  const settings = await getSettings();
+  if (!(await canValidate(uid, settings))) return res.status(403).json({ error: 'not-allowed' });
+  const rid = String(req.params.rid || '').trim();
+  if (!rid) return res.status(400).json({ error: 'missing-rid' });
+  const r = await dbLayer.getReservation(rid);
+  if (!r) return res.status(404).json({ error: 'not-found' });
+  const result = await syncPaymentHelper({ r, settings, actorUid: uid });
+  return res.json(result);
+};
 // --------------------
 // Maintenance (simple ON/OFF)
 // --------------------

package/lib/helloassoWebhook.js CHANGED Viewed

@@ -1,5 +1,7 @@
 'use strict';
+const crypto = require('crypto');
 const db = require.main.require('./src/database');
 const meta = require.main.require('./src/meta');
 const user = require.main.require('./src/user');
@@ -62,11 +64,32 @@ function getClientIp(req) {
   return String(req.ip || '').trim();
 }
+// HelloAsso sends two distinct webhook formats:
+//   Format A – global webhook:     { eventType: "Payment", data: { id, state, checkoutIntentId, ... } }
+//   Format B – notificationUrl:    checkout intent object directly: { id, state, metadata, order: { payments } }
+//
+// All extraction helpers normalise both by using `payload.data` when present,
+// falling back to `payload` itself (Format B).
+function _payloadData(payload) {
+  if (!payload) return null;
+  // Format A: wrapped under .data
+  if (payload.data && typeof payload.data === 'object') return payload.data;
+  // Format B: direct checkout intent object from notificationUrl.
+  // Require BOTH a numeric/string id AND (state OR order) to avoid misidentifying
+  // arbitrary JSON (e.g. health-check responses, error objects) as valid intents.
+  if (!payload.eventType && payload.id !== undefined &&
+      (payload.state !== undefined || (payload.order && typeof payload.order === 'object'))) {
+    return payload;
+  }
+  return null;
+}
 // Extract reservationId from the metadata field of a webhook payload.
 // HelloAsso uses several payload shapes depending on event type and API version.
 function getReservationIdFromPayload(payload) {
   try {
-    const data = payload && payload.data ? payload.data : null;
+    const data = _payloadData(payload);
     if (!data) return null;
     const metaCandidates = [
@@ -96,10 +119,12 @@ function getReservationIdFromPayload(payload) {
 function getCheckoutIntentIdFromPayload(payload) {
   try {
-    const data = payload && payload.data ? payload.data : null;
+    const data = _payloadData(payload);
     if (!data) return null;
     const candidates = [
       data.checkoutIntentId,
+      // Format B: the top-level .id is the checkout intent ID
+      (!payload.data && data.id) ? data.id : undefined,
       data.checkoutIntent && (data.checkoutIntent.id || data.checkoutIntent.checkoutIntentId),
       data.order && (data.order.checkoutIntentId || (data.order.checkoutIntent && data.order.checkoutIntent.id)),
     ].filter(Boolean);
@@ -111,17 +136,30 @@ function getCheckoutIntentIdFromPayload(payload) {
 // Returns true for event types and states that represent a completed payment.
 function isConfirmedPayment(payload) {
   try {
-    if (!payload || !payload.data) return false;
+    if (!payload) return false;
+    const data = _payloadData(payload);
+    if (!data) return false;
     const eventType = String(payload.eventType || '').toLowerCase();
-    const state = String(payload.data.state || payload.data.status || payload.data.paymentState || '').toLowerCase();
+    // For Format B (direct checkout intent): state is at data.state or nested in order/payments.
+    const orderPayments = (data.order && Array.isArray(data.order.payments)) ? data.order.payments : [];
+    const state = String(
+      data.state || data.status || data.paymentState ||
+      (orderPayments.length ? (orderPayments[0].state || orderPayments[0].status) : '') ||
+      (data.order && (data.order.state || data.order.status)) ||
+      ''
+    ).toLowerCase();
     const okState = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'].includes(state);
+    // Format A – wrapped event types
     if (eventType === 'payment') return okState;
     if (eventType === 'order' || eventType === 'checkout') {
       // Order/Checkout payloads sometimes omit the state field; accept when missing.
       return !state || okState;
     }
-    // For any other event type, accept if state is clearly positive.
+    // Format B – no eventType: direct checkout intent object from notificationUrl
+    if (!eventType) return okState;
+    // Any other event type: accept if state is clearly positive.
     if (okState) return true;
     return false;
   } catch (e) {
@@ -233,12 +271,39 @@ async function handler(req, res, next) {
       }
     }
+    // Verify HelloAsso HMAC-SHA256 signature when the header is present.
+    // HelloAsso signs with the client secret; header format: x-ha-signature: sha256=<hex>
+    const sigHeader = String(req.headers && req.headers['x-ha-signature'] || '').trim();
+    if (sigHeader) {
+      const clientSecret = String((settings && settings.helloassoClientSecret) || '').trim();
+      if (!clientSecret) {
+        // eslint-disable-next-line no-console
+        console.warn('[calendar-onekite] HelloAsso webhook: x-ha-signature present but helloassoClientSecret not configured — rejecting');
+        return res.status(401).json({ ok: false, error: 'signature-config-missing' });
+      }
+      const rawBody = req.rawBody ? req.rawBody : Buffer.from(JSON.stringify(payload || {}));
+      const expected = `sha256=${crypto.createHmac('sha256', clientSecret).update(rawBody).digest('hex')}`;
+      const isValid = crypto.timingSafeEqual(
+        Buffer.from(expected, 'utf8'),
+        Buffer.from(sigHeader, 'utf8')
+      );
+      if (!isValid) {
+        // eslint-disable-next-line no-console
+        console.warn('[calendar-onekite] HelloAsso webhook: invalid x-ha-signature — rejected');
+        return res.status(401).json({ ok: false, error: 'invalid-signature' });
+      }
+    }
+    const _d = _payloadData(payload);
+    const _isFormatB = !!payload && !payload.eventType && !!_d;
     // eslint-disable-next-line no-console
     console.info('[calendar-onekite] HelloAsso webhook received', {
+      format: _isFormatB ? 'direct-checkoutIntent' : 'wrapped-event',
       eventType: payload && payload.eventType,
-      state: payload && payload.data && (payload.data.state || payload.data.status || payload.data.paymentState),
-      paymentId: payload && payload.data && (payload.data.id || payload.data.paymentId),
-      checkoutIntentId: payload && payload.data && (payload.data.checkoutIntentId || (payload.data.order && payload.data.order.checkoutIntentId)),
+      state: _d && (_d.state || _d.status || _d.paymentState || (_d.order && (_d.order.state || _d.order.status))),
+      paymentId: _d && (_d.id || _d.paymentId || (_d.order && Array.isArray(_d.order.payments) && _d.order.payments[0] && _d.order.payments[0].id)),
+      checkoutIntentId: _d && (_d.checkoutIntentId || (_isFormatB ? _d.id : undefined) || (_d.order && _d.order.checkoutIntentId)),
+      hasMetadata: !!(_d && (_d.metadata || _d.meta)),
       hasBody: !!payload,
       contentType: req.headers && req.headers['content-type'],
     });
@@ -246,9 +311,10 @@ async function handler(req, res, next) {
     if (!isConfirmedPayment(payload)) {
       // eslint-disable-next-line no-console
       console.warn('[calendar-onekite] HelloAsso webhook: payment not confirmed — ignored', {
+        format: _isFormatB ? 'direct-checkoutIntent' : 'wrapped-event',
         eventType: payload && payload.eventType,
-        state: payload && payload.data && (payload.data.state || payload.data.status || payload.data.paymentState),
-        hasData: !!(payload && payload.data),
+        state: _d && (_d.state || _d.status || _d.paymentState || (_d.order && (_d.order.state || _d.order.status))),
+        hasBody: !!payload,
       });
       return res.json({ ok: true, ignored: true });
     }
@@ -261,16 +327,22 @@ async function handler(req, res, next) {
     if (eventType === 'payment' && !rid && !checkoutIntentId) {
       // eslint-disable-next-line no-console
       console.warn('[calendar-onekite] HelloAsso webhook: Payment event has no metadata.reservationId and no checkoutIntentId', {
-        paymentId: payload && payload.data && payload.data.id,
-        dataKeys: payload && payload.data ? Object.keys(payload.data) : [],
+        paymentId: _d && _d.id,
+        dataKeys: _d ? Object.keys(_d) : [],
       });
       return res.json({ ok: true, ignored: true, incompletePayment: true });
     }
-    const paymentId = payload && payload.data ? (payload.data.id || payload.data.paymentId) : null;
+    // Extract paymentId.
+    // Format A: data.id is the payment ID.
+    // Format B: order.payments[0].id is the payment ID (data.id is the checkout intent ID).
+    const _payments = (_d && _d.order && Array.isArray(_d.order.payments)) ? _d.order.payments : [];
+    const paymentId = payload.data
+      ? (_d.id || _d.paymentId)
+      : (_payments.length ? _payments[0].id : null);
     if (!paymentId) {
       // eslint-disable-next-line no-console
-      console.warn('[calendar-onekite] HelloAsso webhook: missing payment id', { eventType, dataKeys: payload && payload.data ? Object.keys(payload.data) : [] });
+      console.warn('[calendar-onekite] HelloAsso webhook: missing payment id', { eventType, dataKeys: _d ? Object.keys(_d) : [] });
       return res.json({ ok: true, ignored: true, missingPaymentId: true });
     }
@@ -301,15 +373,25 @@ async function handler(req, res, next) {
       return res.json({ ok: true, processed: true, reservationNotFound: true });
     }
+    // Idempotency: already paid → just mark as processed and return.
+    if (r.status === 'paid') {
+      await markProcessed(paymentId);
+      return res.json({ ok: true, processed: true, alreadyPaid: true });
+    }
     // eslint-disable-next-line no-console
     console.info('[calendar-onekite] HelloAsso webhook: marking reservation paid', { rid: resolvedRid, prevStatus: r.status, paymentId });
     r.status = 'paid';
     r.paidAt = Date.now();
     r.paymentId = String(paymentId);
-    if (payload.data && payload.data.paymentReceiptUrl) {
-      r.paymentReceiptUrl = String(payload.data.paymentReceiptUrl);
-    }
+    // paymentReceiptUrl: Format A = data.paymentReceiptUrl, Format B = order.payments[0].paymentReceiptUrl
+    const _receiptUrl = (payload.data && payload.data.paymentReceiptUrl)
+      ? String(payload.data.paymentReceiptUrl)
+      : (_payments.length && (_payments[0].paymentReceiptUrl || _payments[0].receiptUrl))
+        ? String(_payments[0].paymentReceiptUrl || _payments[0].receiptUrl)
+        : '';
+    if (_receiptUrl) r.paymentReceiptUrl = _receiptUrl;
     await dbLayer.saveReservation(r);
     await auditLog('reservation_paid', 0, {

package/lib/syncPayment.js ADDED Viewed

@@ -0,0 +1,141 @@
+'use strict';
+/**
+ * Shared helper: verify payment status from HelloAsso for a reservation
+ * stuck in awaiting_payment, and mark it as paid if confirmed.
+ *
+ * Used by both api.syncPaymentFromHelloAsso (validator-level) and
+ * admin.syncPaymentFromHelloAsso (admin-level). Auth checks are the
+ * caller's responsibility.
+ *
+ * @param {object} opts
+ * @param {object} opts.r          Reservation object (mutated and saved on success)
+ * @param {object} opts.settings   Plugin settings
+ * @param {number} opts.actorUid   UID of the user triggering the sync (for audit)
+ * @returns {Promise<{ok: boolean, synced?: boolean, alreadyPaid?: boolean,
+ *   reason?: string, prevStatus?: string, paymentId?: string,
+ *   orderState?: string, paymentState?: string}>}
+ */
+const user = require.main.require('./src/user');
+const dbLayer = require('./db');
+const helloasso = require('./helloasso');
+const discord = require('./discord');
+const realtime = require('./realtime');
+const shared = require('./shared');
+const { formatFR, sendEmail, buildCalendarLinks, arrayifyIds, arrayifyNames } = shared;
+const OK_STATES = ['confirmed', 'authorized', 'paid', 'processed', 'succeeded', 'success'];
+async function syncPayment({ r, settings, actorUid }) {
+  if (r.status === 'paid') return { ok: true, alreadyPaid: true, status: r.status };
+  if (r.status !== 'awaiting_payment') return { ok: false, reason: 'wrong-status', status: r.status };
+  const checkoutIntentId = r.checkoutIntentId ? String(r.checkoutIntentId) : null;
+  if (!checkoutIntentId) return { ok: false, reason: 'no-checkout-intent-id' };
+  const token = await helloasso.getAccessToken({
+    env: settings.helloassoEnv || 'prod',
+    clientId: settings.helloassoClientId,
+    clientSecret: settings.helloassoClientSecret,
+  });
+  if (!token) return { ok: false, reason: 'helloasso-auth-failed' };
+  const details = await helloasso.getCheckoutIntentDetails({
+    env: settings.helloassoEnv || 'prod',
+    token,
+    organizationSlug: settings.helloassoOrganizationSlug,
+    checkoutIntentId,
+  });
+  if (!details) return { ok: false, reason: 'checkout-intent-not-found' };
+  const order = details.order ? details.order : details;
+  const orderState = String((order.state || order.status) || '').toLowerCase();
+  const paymentsArr = Array.isArray(order.payments) ? order.payments : [];
+  const paymentState = paymentsArr.length
+    ? String((paymentsArr[0].state || paymentsArr[0].status) || '').toLowerCase()
+    : '';
+  if (!OK_STATES.includes(orderState) && !OK_STATES.includes(paymentState)) {
+    return { ok: false, reason: 'not-paid-on-helloasso', orderState, paymentState };
+  }
+  const prevStatus = r.status;
+  const paymentId = paymentsArr.length ? String(paymentsArr[0].id || '') : '';
+  const paymentReceiptUrl = paymentsArr.length
+    ? String(paymentsArr[0].paymentReceiptUrl || paymentsArr[0].receiptUrl || '')
+    : '';
+  r.status = 'paid';
+  r.paidAt = Date.now();
+  r.syncedFromHelloAsso = true;
+  r.syncedBy = actorUid || 0;
+  if (paymentId) r.paymentId = paymentId;
+  if (paymentReceiptUrl) r.paymentReceiptUrl = paymentReceiptUrl;
+  await dbLayer.saveReservation(r);
+  try {
+    await dbLayer.addAuditEntry({
+      ts: Date.now(), year: new Date().getFullYear(),
+      action: 'reservation_sync_paid',
+      targetType: 'reservation', targetId: String(r.rid),
+      reservationUid: Number(r.uid) || 0,
+      reservationUsername: String(r.username || ''),
+      actorUid: actorUid || 0,
+      itemIds: arrayifyIds(r), itemNames: arrayifyNames(r),
+      startDate: r.startDate || '', endDate: r.endDate || '',
+      prevStatus,
+    });
+  } catch (e) {}
+  realtime.emitCalendarUpdated({ kind: 'reservation', action: 'paid', rid: String(r.rid), status: 'paid' });
+  try {
+    const requesterUid = parseInt(r.uid, 10);
+    if (requesterUid) {
+      const requester = await user.getUserFields(requesterUid, ['username']);
+      const latNum = Number(r.pickupLat);
+      const lonNum = Number(r.pickupLon);
+      const mapUrl = (Number.isFinite(latNum) && Number.isFinite(lonNum))
+        ? `https://www.openstreetmap.org/?mlat=${encodeURIComponent(String(latNum))}&mlon=${encodeURIComponent(String(lonNum))}#map=18/${encodeURIComponent(String(latNum))}/${encodeURIComponent(String(lonNum))}`
+        : '';
+      await sendEmail('calendar-onekite_paid', requesterUid, 'Location matériel - Paiement reçu', {
+        uid: requesterUid,
+        username: requester && requester.username ? requester.username : '',
+        itemName: arrayifyNames(r).join(', '),
+        itemNames: arrayifyNames(r),
+        dateRange: `Du ${formatFR(r.start)} au ${formatFR(r.end)}`,
+        paymentReceiptUrl: r.paymentReceiptUrl || '',
+        pickupTime: r.pickupTime || '',
+        pickupAddress: r.pickupAddress || '',
+        mapUrl,
+        ...(buildCalendarLinks({
+          type: 'reservation', id: String(r.rid || ''), uid: requesterUid,
+          itemNames: arrayifyNames(r),
+          pickupAddress: r.pickupAddress || '', allDay: true,
+          startYmd: (r.startDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.startDate)))
+            ? String(r.startDate)
+            : new Date(parseInt(r.start, 10)).toISOString().slice(0, 10),
+          endYmd: (r.endDate && /^\d{4}-\d{2}-\d{2}$/.test(String(r.endDate)))
+            ? String(r.endDate)
+            : new Date(parseInt(r.end, 10)).toISOString().slice(0, 10),
+        })),
+      });
+    }
+  } catch (e) {}
+  try {
+    const requester2 = await user.getUserFields(parseInt(r.uid, 10), ['username']);
+    await discord.notifyPaymentReceived(settings, {
+      rid: r.rid, uid: r.uid,
+      username: (requester2 && requester2.username) ? requester2.username : (r.username || ''),
+      itemIds: arrayifyIds(r), itemNames: arrayifyNames(r),
+      start: r.start, end: r.end, status: r.status,
+    });
+  } catch (e) {}
+  return { ok: true, synced: true, prevStatus, paymentId: r.paymentId || '' };
+}
+module.exports = { syncPayment };

package/library.js CHANGED Viewed

@@ -80,6 +80,7 @@ Plugin.init = async function (params) {
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/approve', ...publicExpose, api.approveReservation);
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/refuse', ...publicExpose, api.refuseReservation);
   router.put('/api/v3/plugins/calendar-onekite/reservations/:rid/cancel', ...publicExpose, api.cancelReservation);
+  router.post('/api/v3/plugins/calendar-onekite/reservations/:rid/sync-payment', ...publicExpose, api.syncPaymentFromHelloAsso);
   router.post('/api/v3/plugins/calendar-onekite/special-events', ...publicExpose, api.createSpecialEvent);
   router.get('/api/v3/plugins/calendar-onekite/special-events/:eid', ...publicExpose, api.getSpecialEventDetails);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nodebb-plugin-onekite-calendar",
-  "version": "2.0.95",
+  "version": "2.0.96",
   "description": "FullCalendar-based equipment reservation workflow with admin approval & HelloAsso payment for NodeBB",
   "main": "library.js",
   "license": "MIT",

package/public/client.js CHANGED Viewed

@@ -608,10 +608,11 @@ define('forum/calendar-onekite', ['alerts', 'bootbox', 'hooks'], function (alert
   function statusLabel(s) {
     const map = {
-      pending: 'En attente de validation de validation',
+      pending: 'En attente de validation',
       awaiting_payment: 'Validée – paiement en attente',
       paid: 'Payée',
-      rejected: 'Rejetée',
+      refused: 'Rejetée',
+      cancelled: 'Annulée',
       expired: 'Expirée',
     };
     return map[String(s || '')] || String(s || '');
@@ -2411,6 +2412,37 @@ function toDatetimeLocalValue(date) {
             },
           };
         }
+        if (canModerate && status === 'awaiting_payment') {
+          buttons.syncPayment = {
+            label: 'Vérifier paiement',
+            className: 'btn-outline-info',
+            callback: () => {
+              (async () => {
+                try {
+                  const resp = await fetchJson(
+                    `/api/v3/plugins/calendar-onekite/reservations/${encodeURIComponent(String(rid))}/sync-payment`,
+                    { method: 'POST' }
+                  );
+                  if (resp && (resp.alreadyPaid || resp.synced)) {
+                    const msg = resp.alreadyPaid
+                      ? 'Paiement déjà confirmé.'
+                      : 'Paiement confirmé chez HelloAsso — statut mis à jour.';
+                    showAlert('success', msg);
+                    invalidateEventsCache();
+                    scheduleRefetch(calendar);
+                    try { bootbox.hideAll(); } catch (e) {}
+                  } else {
+                    const reason = (resp && resp.reason) || 'inconnu';
+                    showAlert('warning', `Paiement non confirmé chez HelloAsso (${reason}).`);
+                  }
+                } catch (e) {
+                  showAlert('error', 'Erreur lors de la vérification du paiement.');
+                }
+              })();
+              return false;
+            },
+          };
+        }
         if (showModeration) {
           buttons.refuse = {
             label: 'Refuser',
@@ -3142,6 +3174,23 @@ function autoInit(data) {
 // Live refresh when the calendar changes (reservation status, new reservation,
 // new special event, maintenance toggles, webhook payment, etc.)
+// Refresh when returning to the tab after paying on HelloAsso — registered
+// independently of socket so it works even when socket is unavailable.
+try {
+  if (!window.__oneKiteVisibilityBound) {
+    window.__oneKiteVisibilityBound = true;
+    document.addEventListener('visibilitychange', function () {
+      if (document.visibilityState !== 'visible') return;
+      try {
+        const cal = window.oneKiteCalendar;
+        if (!cal) return;
+        invalidateEventsCache();
+        scheduleRefetch(cal);
+      } catch (e) {}
+    });
+  }
+} catch (e) {}
 try {
   if (!window.__oneKiteSocketBound && typeof socket !== 'undefined' && socket && typeof socket.on === 'function') {
     window.__oneKiteSocketBound = true;

package/templates/emails/calendar-onekite_approved.tpl CHANGED Viewed

@@ -43,13 +43,10 @@
 <!-- IF calendarUrl -->
 <p>
   <a href="{calendarUrl}" style="display:inline-block;padding:12px 18px;border-radius:6px;text-decoration:none;border:1px solid #333;">
-    Accéder au calendrier pour payer
+    Accéder au calendrier
   </a>
 </p>
 <p style="font-size: 12px; color: #666;">
   Sur le calendrier, cliquez sur votre réservation puis sur le bouton <strong>« Payer maintenant »</strong>.
-  <!-- IF paymentUrl -->
-  <br>Vous pouvez aussi payer directement via ce lien (valable quelques heures) : <a href="{paymentUrl}">{paymentUrl}</a>
-  <!-- ENDIF paymentUrl -->
 </p>
 <!-- ENDIF calendarUrl -->

package/templates/emails/calendar-onekite_reminder.tpl CHANGED Viewed

@@ -13,13 +13,10 @@
 <!-- IF calendarUrl -->
 <p>
   <a href="{calendarUrl}" style="display:inline-block;padding:12px 18px;border-radius:6px;text-decoration:none;border:1px solid #333;">
-    Accéder au calendrier pour payer
+    Accéder au calendrier
   </a>
 </p>
 <p style="font-size: 12px; color: #666;">
   Sur le calendrier, cliquez sur votre réservation puis sur le bouton <strong>« Payer maintenant »</strong>.
-  <!-- IF paymentUrl -->
-  <br>Vous pouvez aussi payer directement via ce lien (valable quelques heures) : <a href="{paymentUrl}">{paymentUrl}</a>
-  <!-- ENDIF paymentUrl -->
 </p>
 <!-- ENDIF calendarUrl -->