test

services/gmail.js

@@ -6,6 +6,7 @@ const { CONFIG } = require('../config');
 const { extractRawEmail, escapeHtml } = require('../utils');
 const { getStaffSignatureBlocks } = require('./staffSignature');
 const { logError } = require('./debugLog');
+const { readEnvFile } = require('./configPersistence');
 
 function sanitizeHeaderValue(v) { return String(v || '').replace(/[\r\n]+/g, ' ').trim(); }
 const EMAIL_RE = /^[^@\s]+@[^@\s]+$/;
@@ -19,6 +20,31 @@ function getGmailClient() {
   return google.gmail({ version: 'v1', auth });
 }
 
+/**
+ * Re-read REFRESH_TOKEN from .env, update in-memory config, and probe Google.
+ * Used by the internal /gmail/reload endpoint so the weekly reauth chore does
+ * not require a full container restart.
+ *
+ * Throws if the env file is missing the token, or if the probe call (getProfile)
+ * fails — the caller surfaces the error so the UI can see why.
+ *
+ * @returns {Promise<{emailAddress: string}>}
+ */
+async function reloadGmailClient() {
+  const envMap = readEnvFile();
+  const newToken = envMap.get('REFRESH_TOKEN');
+  if (!newToken) {
+    const err = new Error('REFRESH_TOKEN not set in .env');
+    err.code = 'ENOTOKEN';
+    throw err;
+  }
+  process.env.REFRESH_TOKEN = newToken;
+  CONFIG.REFRESH_TOKEN = newToken;
+  const gmail = getGmailClient();
+  const profile = await gmail.users.getProfile({ userId: 'me' });
+  return { emailAddress: profile.data.emailAddress };
+}
+
 async function sendTicketClosedEmail(ticket, discordDisplayName) {
   try {
     const gmail = getGmailClient();
@@ -318,6 +344,7 @@ async function sendGmailReply(
 
 module.exports = {
   getGmailClient,
+  reloadGmailClient,
   sendGmailReply,
   sendTicketClosedEmail,
   sendTicketNotificationEmail