calcomblock/booking_errors.go
Alex Dunmow 18b7825592 Extract calcomblock into a standalone wasm plugin repo
Convert the bundled backend/internal/plugins/calcomblock package into a
standalone reactor-mode wasm plugin, dropping every git.dev.alexdunmow.com/block/cms
import (forbidden in standalone plugins):

- package calcomblock -> package main; add wasip1 main.go with
  wasmguest.Serve(Registration). go.mod module
  git.dev.alexdunmow.com/block/calcomblock, block/core v0.18.2, no replace
  directives.
- Settings persistence: replace the pool-backed poolQuerier (direct SQL against
  the public-schema `settings` table, which a sandboxed plugin role cannot read)
  with capabilityQuerier over the SDK settings.Settings / settings.Updater
  capabilities. GetSiteTimezone now resolves via GetSiteSettings host-side.
- Vendor the small CMS-internal helpers the plugin used into internal/helpers
  (GetRealIP, StartCleanupLoop, MaskSecret, GetStringOr, the PluginSettingsQuerier
  settings helpers, PluginCrypto for tests) and internal/db (minimal Setting /
  UpsertSettingParams), each with a provenance header.
- Inline the captcha widget: vendor blocks.CaptchaWidget as a local
  CaptchaWidget templ (captcha_widget.templ) and regenerate templ; drop the
  block/cms/blocks import from booking.templ.
- blockConfig (server-authoritative captcha requirement via a
  page_block_snapshots scan) has no wasm-ABI capability, so it is left nil:
  honeypot + per-IP rate limit still apply. Documented as a follow-up.
- web: @block-ninja/ui workspace:* -> ^0.1.0 registry version; eslint.config.js
  repointed at ../../../cms/web/eslint.config.js; rebuild web/dist.
- Rewrite CLAUDE.md for the standalone wasm reality; add .gitignore.

Full test suite preserved and passing; builds to calcomblock-2.0.0.bnp;
check-safety passes.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-07-05 03:04:18 +08:00

116 lines
5.2 KiB
Go

package main
import (
"errors"
"strings"
)
// DefaultUnavailableMessage is the Tier-2 fallback shown when an online booking
// can't be completed for a reason the visitor can't fix (our auth/config, a
// Cal.com 5xx, a network timeout, or anything we don't recognise). It is the
// default both for the admin-authored block field (booking.templ / the editor's
// textarea default) AND for the handler's fallback when that field is left
// blank, so the two never drift. Admins can override it per block.
const DefaultUnavailableMessage = "Sorry — we couldn't complete your booking online. Please use our contact form and we'll get you booked in."
// Tier-1 curated, user-actionable booking-error copy. Each names the actual
// problem the visitor can act on. The raw Cal.com message is NEVER surfaced —
// these strings are all the visitor ever sees. canRetry decides whether the
// error renders with the "Try again" reset control (true only when picking a
// different slot/time is the fix).
const (
msgSlotUnavailable = "Sorry, that time isn't available anymore. Please choose another slot."
msgEventFullyBooked = "This event is fully booked right now. Please try a different time."
msgInvalidPhone = "That phone number doesn't look valid — please check it and try again."
msgInvalidGuestEmail = "One or more guest email addresses are invalid — please check them."
msgRejectedAnswer = "One of your answers wasn't accepted — please review the form and try again."
)
// bookingErrorResult is the curated, visitor-facing outcome of classifying a
// CreateBooking failure: the message to render and whether to offer the
// retry/reset control.
type bookingErrorResult struct {
message string
canRetry bool
}
// classifyBookingError maps a CreateBooking failure to curated visitor copy.
//
// Tier 1 (user-fixable) → a specific, actionable message, with canRetry=true
// where re-picking a slot/time is the fix. Tier 2 (our-side / non-fixable:
// auth/config 401-403, Cal.com 5xx, network/timeout, or anything unrecognised)
// → the admin-authored adminMessage (already defaulted to
// DefaultUnavailableMessage by the caller when blank).
//
// Cal.com's booking endpoint does NOT return a discriminating error.code — live
// probing (2026-06-21) showed every 400 carrying a generic "BadRequestException"
// or "BAD_REQUEST". The real signal is the message text, so classification is
// driven by case-insensitive substring matching on Status + Message, with Code
// only as a coarse gate. The raw Cal.com message never reaches the visitor.
func classifyBookingError(err error, adminMessage string) bookingErrorResult {
tier2 := bookingErrorResult{message: adminMessage, canRetry: false}
var apiErr *CalcomAPIError
if !errors.As(err, &apiErr) {
// Network/transport error (DNS, timeout, connection reset) — no HTTP
// response came back. Not the visitor's to fix.
return tier2
}
// 401/403/5xx are our side (bad/expired API key, Cal.com outage). Anything
// outside the user-error band (HTTP 400 / 409 / 422) is Tier 2 too.
switch {
case apiErr.Status == 401 || apiErr.Status == 403:
return tier2
case apiErr.Status >= 500:
return tier2
case apiErr.Status != 400 && apiErr.Status != 409 && apiErr.Status != 422:
return tier2
}
msg := strings.ToLower(apiErr.Message)
switch {
// Slot gone: in the past, already taken, host no longer available. All
// recoverable by choosing another slot → render WITH the reset control.
case containsAny(msg, "in the past", "not available", "no longer available",
"already has booking", "already booked", "slot", "no_available_users",
"already_booked", "booking_seats_full_error", "host"):
return bookingErrorResult{message: msgSlotUnavailable, canRetry: true}
// Event-level capacity exhausted (distinct copy; still time-recoverable).
case containsAny(msg, "booking_limit", "fully booked", "no more slots",
"limit reached", "exceeded", "sold out"):
return bookingErrorResult{message: msgEventFullyBooked, canRetry: true}
// Bad attendee phone number (Cal.com: "{attendeePhoneNumber} invalid_number").
case containsAny(msg, "invalid_number", "phone"):
return bookingErrorResult{message: msgInvalidPhone, canRetry: false}
// Invalid guest email(s). Live probe: "responses - {guests}email_validation_error".
case strings.Contains(msg, "guest"):
return bookingErrorResult{message: msgInvalidGuestEmail, canRetry: false}
// A rejected custom-field answer. "responses" / "bookingfields" signal a
// per-field validation rejection; render generic-but-actionable copy.
// (We do not echo Cal.com's field token — it isn't safe curated text.)
case containsAny(msg, "responses", "bookingfields", "booking field",
"required", "email_validation_error", "validation"):
return bookingErrorResult{message: msgRejectedAnswer, canRetry: false}
}
// Recognised as a 400-class API error but no signal we can map to specific,
// safe copy → admin-authored message (never Cal.com's raw text).
return tier2
}
// containsAny reports whether s contains any of the given (already
// lower-cased) substrings.
func containsAny(s string, subs ...string) bool {
for _, sub := range subs {
if strings.Contains(s, sub) {
return true
}
}
return false
}