feat: handle google stale oauth

[mikeallisonJS]

Summary by CodeRabbit

• New Features

  • Stale Google OAuth detection with in-app warning
  • "Reconnect with Google" button to re-authenticate expired accounts
  • Email notifications prompting users to reconnect Google accounts
  • Google Sheets sync management UI: active syncs, history, and deletion
  • Added localization strings for Google integration flows and messages

• Tests

  • Updated and added tests/mocks to cover Google reconnection scenarios

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 7c699b6d-e4ea-46b7-876d-6c10e3e530b7

📥 Commits

Reviewing files that changed from the base of the PR and between f829bf0 and fbd9ea2.

⛔ Files ignored due to path filters (19)

• apis/api-journeys/src/__generated__/graphql.ts is excluded by !**/__generated__/**
• apis/api-journeys/src/app/__generated__/graphql.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/CreateJourney.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetAdminJourney.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetAdminJourneyWithPlausibleToken.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetAdminJourneys.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetCurrentUser.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetIntegration.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetJourney.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetJourneyWithPermissions.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetJourneyWithUserRoles.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetJourneys.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetMe.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetPublisherTemplate.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/GetUserTeamsAndInvites.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/JourneyFields.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/TeamCreate.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/UserTeamUpdate.ts is excluded by !**/__generated__/**
• apps/journeys-admin/__generated__/globalTypes.ts is excluded by !**/__generated__/**

📒 Files selected for processing (2)

• apis/api-gateway/schema.graphql
• apis/api-journeys-modern/schema.graphql

🚧 Files skipped from review as they are similar to previous changes (1)

• apis/api-journeys-modern/schema.graphql

---

Walkthrough

Adds oauthStale to Google integration schemas, implements stale-OAuth detection in token refresh, queues a google-reconnect email, adds an email template and worker to send reconnect emails, and surfaces staleness + reconnect controls in the admin UI with updated queries, mocks, translations, and tests.

Changes

Cohort / File(s)	Summary
GraphQL Schema Updates apis/api-gateway/schema.graphql, apis/api-journeys-modern/schema.graphql, apis/api-journeys/src/app/modules/integration/google/google.graphql	Added oauthStale: Boolean! to IntegrationGoogle in API schemas.
Prisma / Server Schema apis/api-journeys-modern/src/schema/integration/google/google.ts	Exposed oauthStale on IntegrationGoogleRef (non-nullable boolean).
Google Auth & Stale Detection apis/api-journeys-modern/src/lib/google/googleAuth.ts, apis/api-journeys-modern/src/lib/google/googleAuth.spec.ts	Added handling for failed token refreshes: mark integration oauthStale, include teamId in lookups, conditionally initialize email queue, and tests updated to include teamId.
Email Template & Re-exports apis/api-journeys-modern/src/emails/templates/GoogleReconnect/GoogleReconnect.tsx, .../index.ts	New GoogleReconnectEmail component, preview props, and index re-export.
Email Worker Types & Service apis/api-journeys-modern/src/workers/email/service/prisma.types.ts, .../service.ts	New GoogleReconnectJob type added to ApiJourneysJob union; worker googleReconnectEmail implemented to render and send reconnect emails, respecting user prefs.
Admin UI & Queries apps/journeys-admin/src/components/Google/GoogleIntegrationDetails/GoogleIntegrationDetails.tsx, apps/journeys-admin/src/libs/useIntegrationQuery/useIntegrationQuery.ts, .../useIntegrationQuery.mock.ts	Added oauthStale to GetIntegration query, new INTEGRATION_GOOGLE_UPDATE mutation, UI shows stale-warning and Reconnect button, plus mocks for stale/non-stale states.
Locales & Tests libs/locales/en/apps-journeys-admin.json, apps/journeys-admin/src/.../GoogleIntegrationDetails.spec.tsx	Added/adjusted locale keys for reconnect flow and Google Sheets sync UI; tests updated to include __typename, oauthStale, and ownership scenarios.

Sequence Diagram

sequenceDiagram
    participant Client as Admin UI
    participant Backend as Backend (Auth)
    participant DB as Database
    participant Worker as Email Worker
    participant User as Email Recipient

    Backend->>Backend: Attempt token refresh
    alt Refresh fails
        Backend->>DB: update integration.oauthStale = true
        Backend->>Backend: handleStaleOAuth()
        Backend->>Worker: enqueue 'google-reconnect' job (userId, teamId, integrationId, accountEmail)
    end

    Worker->>DB: fetch user and prefs
    alt prefs allow
        Worker->>Worker: render GoogleReconnectEmail (HTML + text)
        Worker->>User: send reconnect email
    end

    Client->>DB: query integration (includes oauthStale)
    Client->>Client: show stale warning + "Reconnect with Google" button
    Client->>Backend: INTEGRATION_GOOGLE_UPDATE mutation (on reconnect)
    Backend->>DB: update tokens, set oauthStale = false

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~50 minutes

Possibly related PRs

• feat: google integration front end #8379: Modifies Google integration frontend and GraphQL queries; closely related to admin UI and query changes.
• feat: add google auth integration to backend  #8310: Changes Google auth/token refresh and integration fields; related to backend auth and schema edits.

Suggested reviewers

• tanflem
• csiyang

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 10.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: handle google stale oauth' clearly and concisely summarizes the main feature being added: handling stale Google OAuth credentials. It directly aligns with the core changes throughout the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch 00-00-MA-feat-google-stale

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit fbd9ea2

Command	Status	Duration	Result
nx run journeys-admin-e2e:e2e	✅ Succeeded	1m 39s	View ↗
nx run journeys-e2e:e2e	✅ Succeeded	1m 28s	View ↗
nx run videos-admin-e2e:e2e	✅ Succeeded	5s	View ↗
nx run watch-e2e:e2e	✅ Succeeded	34s	View ↗
nx run resources-e2e:e2e	✅ Succeeded	29s	View ↗
nx run short-links-e2e:e2e	✅ Succeeded	8s	View ↗
nx run watch-modern-e2e:e2e	✅ Succeeded	4s	View ↗
nx run player-e2e:e2e	✅ Succeeded	3s	View ↗
Additional runs (24)	✅ Succeeded	...	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-03-04 19:20:26 UTC

[nx-cloud]

View your CI Pipeline Execution ↗ for commit a2ee020

Command	Status	Duration	Result
nx run-many --target=vercel-alias --projects=jo...	✅ Succeeded	2s	View ↗
nx run-many --target=deploy --projects=videos-a...	✅ Succeeded	1m 27s	View ↗
nx run-many --target=upload-sourcemaps --projec...	✅ Succeeded	6s	View ↗
nx run-many --target=deploy --projects=journeys	✅ Succeeded	1m 12s	View ↗
nx run-many --target=vercel-alias --projects=pl...	✅ Succeeded	2s	View ↗
nx run-many --target=upload-sourcemaps --projec...	✅ Succeeded	8s	View ↗
nx run-many --target=vercel-alias --projects=sh...	✅ Succeeded	2s	View ↗
nx run-many --target=vercel-alias --projects=wa...	✅ Succeeded	2s	View ↗
Additional runs (5)	✅ Succeeded	...	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-01-20 01:07:16 UTC

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
journeys	✅ Ready	journeys preview	Thu Mar 5 08:14:39 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
videos-admin	✅ Ready	videos-admin preview	Thu Mar 5 08:14:58 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
player	✅ Ready	player preview	Thu Mar 5 08:14:16 NZDT 2026

[github-actions]

The latest updates on your projects.

Name	Status	Preview	Updated (UTC)
short-links	✅ Ready	short-links preview	Thu Mar 5 08:14:01 NZDT 2026

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@apis/api-gateway/schema.graphql`:
- Around line 1769-1771: The gateway schema declares the oauthStale field with
`@join__field`(graph: API_JOURNEYS) and `@join__field`(graph: API_JOURNEYS_MODERN)
which will route queries to the legacy subgraph incorrectly; update the
oauthStale field declaration so it is routed to the modern subgraph only by
keeping the `@join__field`(graph: API_JOURNEYS_MODERN) and add `@override`(from:
"api-journeys") to indicate the modern subgraph owns the field (locate the
oauthStale field declaration in the schema and replace the dual join__field
directives with the single modern join__field plus the `@override`(from:
"api-journeys") directive).

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for oauthStale in legacy and modern schemas
echo "=== Searching in api-journeys schema ==="
rg -n "oauthStale" apis/api-journeys/schema.graphql

echo ""
echo "=== Searching in api-journeys-modern schema ==="
rg -n "oauthStale" apis/api-journeys-modern/schema.graphql

echo ""
echo "=== Searching in api-journeys resolvers ==="
fd -e ts -e js . apis/api-journeys --type f | head -20 | xargs -I {} rg -l "oauthStale" {}

echo ""
echo "=== Searching in api-journeys-modern resolvers ==="
fd -e ts -e js . apis/api-journeys-modern --type f | head -20 | xargs -I {} rg -l "oauthStale" {}

Repository: JesusFilm/core

Length of output: 425

---

🏁 Script executed:

#!/bin/bash
# Get context around oauthStale in modern schema
echo "=== Context around oauthStale in api-journeys-modern ==="
sed -n '695,705p' apis/api-journeys-modern/schema.graphql

echo ""
echo "=== Check if this is in a type that appears in both schemas ==="
sed -n '690,705p' apis/api-journeys-modern/schema.graphql

echo ""
echo "=== Look for override directive examples in gateway schema ==="
rg -n "@override" apis/api-gateway/schema.graphql | head -10

echo ""
echo "=== Check what type oauthStale is part of in gateway ==="
sed -n '1760,1775p' apis/api-gateway/schema.graphql

Repository: JesusFilm/core

Length of output: 1486

---

Add @override directive to route oauthStale to the modern subgraph.

The oauthStale field exists only in api-journeys-modern but is declared in the gateway with @join__field(graph: API_JOURNEYS) @join__field(graph: API_JOURNEYS_MODERN). This will cause supergraph composition or runtime failures when querying the field through the legacy subgraph. Route it to the modern service using:

oauthStale: Boolean! `@join__field`(graph: API_JOURNEYS_MODERN) `@override`(from: "api-journeys")

🤖 Prompt for AI Agents

In `@apis/api-gateway/schema.graphql` around lines 1769 - 1771, The gateway schema
declares the oauthStale field with `@join__field`(graph: API_JOURNEYS) and
`@join__field`(graph: API_JOURNEYS_MODERN) which will route queries to the legacy
subgraph incorrectly; update the oauthStale field declaration so it is routed to
the modern subgraph only by keeping the `@join__field`(graph: API_JOURNEYS_MODERN)
and add `@override`(from: "api-journeys") to indicate the modern subgraph owns the
field (locate the oauthStale field declaration in the schema and replace the
dual join__field directives with the single modern join__field plus the
`@override`(from: "api-journeys") directive).

[github-actions]

This pull request has been marked stale due to 28 days without activity. It will be closed in 14 days unless updated.

[github-actions]

	Warnings
⚠️	❗ Big PR (841 changes)

(change count - 841): Pull Request size seems relatively large. If Pull Request contains multiple changes, split each into separate PR will helps faster, easier review.

Generated by 🚫 dangerJS against fbd9ea2

[github-actions]

This pull request has been marked stale due to 28 days without activity. It will be closed in 14 days unless updated.

[github-actions]

This pull request was automatically closed after remaining stale for 14 days.