refactor: consolidate Pub/Sub code and reduce duplication

Move transient network error codes to shared TRANSIENT_NETWORK_CODES
set in lib/consts.js, replacing 4 local copies. Extract
setMetaFireAndForget and tryEnsurePubsub helpers in oauth2-apps.js.
Extract getPubSubAppsForSelect helper in routes-ui.js. Simplify
message processing loop in google.js with try/catch+continue flow.
Simplify subscription settings POST with nullish coalescing.

Author: andris9

lib/consts.js

@@ -205,6 +205,18 @@ module.exports = {
     OUTLOOK_RETRY_BASE_DELAY: 30, // seconds - base delay for exponential backoff
     OUTLOOK_RETRY_MAX_DELAY: 120, // seconds - maximum delay between retries
 
+    // Transient network error codes that indicate a retry-worthy connection failure
+    TRANSIENT_NETWORK_CODES: new Set([
+        'ENOTFOUND',
+        'EAI_AGAIN',
+        'ETIMEDOUT',
+        'ECONNRESET',
+        'ECONNREFUSED',
+        'UND_ERR_SOCKET',
+        'UND_ERR_CONNECT_TIMEOUT',
+        'UND_ERR_HEADERS_TIMEOUT'
+    ]),
+
     generateWebhookTable() {
         let entries = [];
 

lib/email-client/gmail/gmail-api.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const { metricsMeta } = require('../base-client');
+const { TRANSIENT_NETWORK_CODES } = require('../../consts');
 
 // Gmail API configuration
 const GMAIL_API_BASE = 'https://gmail.googleapis.com';
@@ -12,18 +13,6 @@ const LIST_BATCH_SIZE = 10;
 const MAX_RETRY_ATTEMPTS = 3;
 const RETRY_BASE_DELAY = 1000; // 1 second base delay
 
-// Network-level errors that are transient and should be retried
-const TRANSIENT_NETWORK_CODES = new Set([
-    'ENOTFOUND',
-    'EAI_AGAIN',
-    'ETIMEDOUT',
-    'ECONNRESET',
-    'ECONNREFUSED',
-    'UND_ERR_SOCKET',
-    'UND_ERR_CONNECT_TIMEOUT',
-    'UND_ERR_HEADERS_TIMEOUT'
-]);
-
 // Gmail API error code mapping to internal error codes
 // https://developers.google.com/gmail/api/reference/rest#error-codes
 const GMAIL_ERROR_MAP = {

lib/email-client/outlook/graph-api.js

@@ -2,23 +2,17 @@
 
 const { metricsMeta } = require('../base-client');
 
-const { OUTLOOK_MAX_BATCH_SIZE, OUTLOOK_MAX_RETRY_ATTEMPTS, OUTLOOK_RETRY_BASE_DELAY, OUTLOOK_RETRY_MAX_DELAY } = require('../../consts');
+const {
+    OUTLOOK_MAX_BATCH_SIZE,
+    OUTLOOK_MAX_RETRY_ATTEMPTS,
+    OUTLOOK_RETRY_BASE_DELAY,
+    OUTLOOK_RETRY_MAX_DELAY,
+    TRANSIENT_NETWORK_CODES
+} = require('../../consts');
 
 // Maximum number of operations in a single batch request to Microsoft Graph API
 const MAX_BATCH_SIZE = OUTLOOK_MAX_BATCH_SIZE;
 
-// Network-level errors that are transient and should be retried
-const TRANSIENT_NETWORK_CODES = new Set([
-    'ENOTFOUND',
-    'EAI_AGAIN',
-    'ETIMEDOUT',
-    'ECONNRESET',
-    'ECONNREFUSED',
-    'UND_ERR_SOCKET',
-    'UND_ERR_CONNECT_TIMEOUT',
-    'UND_ERR_HEADERS_TIMEOUT'
-]);
-
 // MS Graph API error code mapping to internal error codes
 // https://learn.microsoft.com/en-us/graph/errors
 const GRAPH_ERROR_MAP = {

lib/oauth/pubsub/google.js

@@ -1,7 +1,7 @@
 'use strict';
 
 const { redis } = require('../../db');
-const { REDIS_PREFIX } = require('../../consts');
+const { REDIS_PREFIX, TRANSIENT_NETWORK_CODES } = require('../../consts');
 const logger = require('../../logger').child({
     component: 'google-subscriber'
 });
@@ -74,7 +74,7 @@ class PubSubInstance {
     async checkSchemaVersions() {
         let subscriberApps = await redis.smembers(this.getPubsubAppKey());
         let currentSchemaId = 3;
-        for (let subscriberApp of subscriberApps || []) {
+        for (let subscriberApp of subscriberApps) {
             let schemaVersion = Number(await redis.hget(`${REDIS_PREFIX}oapp:h:${subscriberApp}`, '__schemaVersion')) || 0;
             if (schemaVersion < currentSchemaId) {
                 // migrate
@@ -111,7 +111,7 @@ class PubSubInstance {
 
         let subscriberApps = await redis.smembers(this.getPubsubAppKey());
         let accountIds = new Set();
-        for (let subscriberApp of subscriberApps || []) {
+        for (let subscriberApp of subscriberApps) {
             let accountId = await redis.hget(`${REDIS_PREFIX}oapp:h:${subscriberApp}`, payload.emailAddress?.toLowerCase());
             if (accountId) {
                 accountIds.add(accountId);
@@ -194,50 +194,27 @@ class PubSubInstance {
                     return;
                 }
 
-                let processingSuccess = false;
+                let messageId = receivedMessage?.message?.messageId;
+
                 try {
-                    await this.processPulledMessage(
-                        receivedMessage?.message?.messageId,
-                        Buffer.from(receivedMessage?.message?.data || '', 'base64').toString()
-                    );
-                    processingSuccess = true;
+                    await this.processPulledMessage(messageId, Buffer.from(receivedMessage?.message?.data || '', 'base64').toString());
                 } catch (err) {
-                    // Processing failed - don't ACK so message will be redelivered
-                    logger.error({
-                        msg: 'Failed to process subscription message',
-                        app: this.app,
-                        messageId: receivedMessage?.message?.messageId,
-                        err
-                    });
+                    // Processing failed - skip ACK so message will be redelivered
+                    logger.error({ msg: 'Failed to process subscription message', app: this.app, messageId, err });
+                    continue;
                 }
 
-                // Only ACK after successful processing
-                if (processingSuccess) {
-                    try {
-                        accessToken = await this.getAccessToken();
-                        if (!accessToken) {
-                            logger.error({
-                                msg: 'Failed to ack subscription message. No access token',
-                                app: this.app,
-                                messageId: receivedMessage?.message?.messageId
-                            });
-                        } else {
-                            await this.client.request(accessToken, acknowledgeUrl, 'POST', { ackIds: [receivedMessage?.ackId] }, { returnText: true });
-                            logger.debug({
-                                msg: 'Acked subscription message',
-                                app: this.app,
-                                messageId: receivedMessage?.message?.messageId
-                            });
-                        }
-                    } catch (err) {
-                        // failed to ack
-                        logger.error({
-                            msg: 'Failed to ack subscription message',
-                            app: this.app,
-                            messageId: receivedMessage?.message?.messageId,
-                            err
-                        });
+                // ACK after successful processing
+                try {
+                    accessToken = await this.getAccessToken();
+                    if (!accessToken) {
+                        logger.error({ msg: 'Failed to ack subscription message. No access token', app: this.app, messageId });
+                    } else {
+                        await this.client.request(accessToken, acknowledgeUrl, 'POST', { ackIds: [receivedMessage?.ackId] }, { returnText: true });
+                        logger.debug({ msg: 'Acked subscription message', app: this.app, messageId });
                     }
+                } catch (err) {
+                    logger.error({ msg: 'Failed to ack subscription message', app: this.app, messageId, err });
                 }
             }
 
@@ -247,18 +224,7 @@ class PubSubInstance {
             }
         } catch (err) {
             // Transient network errors are expected for long-polling connections
-            if (
-                [
-                    'ENOTFOUND',
-                    'EAI_AGAIN',
-                    'ETIMEDOUT',
-                    'ECONNRESET',
-                    'ECONNREFUSED',
-                    'UND_ERR_SOCKET',
-                    'UND_ERR_CONNECT_TIMEOUT',
-                    'UND_ERR_HEADERS_TIMEOUT'
-                ].includes(err.code)
-            ) {
+            if (TRANSIENT_NETWORK_CODES.has(err.code)) {
                 logger.warn({ msg: 'Transient error pulling subscription messages', app: this.app, code: err.code });
                 return;
             }

lib/oauth2-apps.js

@@ -3,25 +3,14 @@
 const { redis } = require('./db');
 const msgpack = require('msgpack5')();
 const logger = require('./logger');
-const { REDIS_PREFIX } = require('./consts');
+const { REDIS_PREFIX, TRANSIENT_NETWORK_CODES } = require('./consts');
 const { encrypt, decrypt } = require('./encrypt');
 const Boom = require('@hapi/boom');
 const settings = require('./settings');
 const Lock = require('ioredfour');
 const getSecret = require('./get-secret');
 const { parentPort } = require('worker_threads');
 
-const TRANSIENT_NETWORK_CODES = new Set([
-    'ENOTFOUND',
-    'EAI_AGAIN',
-    'ETIMEDOUT',
-    'ECONNRESET',
-    'ECONNREFUSED',
-    'UND_ERR_SOCKET',
-    'UND_ERR_CONNECT_TIMEOUT',
-    'UND_ERR_HEADERS_TIMEOUT'
-]);
-
 /**
  * Record metrics for OAuth2 token operations
  * Works in both main thread and worker threads
@@ -706,17 +695,7 @@ class OAuth2AppsHandler {
             created: true
         };
 
-        try {
-            let appData = await this.get(id);
-            if (appData.baseScopes === 'pubsub') {
-                let pubsubUpdates = await this.ensurePubsub(appData);
-                if (Object.keys(pubsubUpdates || {}).length) {
-                    result.pubsubUpdates = pubsubUpdates;
-                }
-            }
-        } catch (err) {
-            logger.error({ msg: 'Failed to set up pubsub', app: id, err });
-        }
+        await this.tryEnsurePubsub(id, result);
 
         return result;
     }
@@ -790,17 +769,7 @@ class OAuth2AppsHandler {
             updated: true
         };
 
-        try {
-            let appData = await this.get(id);
-            if (appData.baseScopes === 'pubsub') {
-                let pubsubUpdates = await this.ensurePubsub(appData);
-                if (Object.keys(pubsubUpdates || {}).length) {
-                    result.pubsubUpdates = pubsubUpdates;
-                }
-            }
-        } catch (err) {
-            logger.error({ msg: 'Failed to set up pubsub', app: id, err });
-        }
+        await this.tryEnsurePubsub(id, result);
 
         return result;
     }
@@ -876,6 +845,35 @@ class OAuth2AppsHandler {
         };
     }
 
+    /**
+     * Fire-and-forget setMeta call that logs errors instead of throwing.
+     * Used in ensurePubsub error handlers where we want to record a flag
+     * but must not block or alter the original error flow.
+     */
+    setMetaFireAndForget(appId, meta) {
+        this.setMeta(appId, meta).catch(metaErr => {
+            logger.error({ msg: 'Failed to set metadata', app: appId, err: metaErr });
+        });
+    }
+
+    /**
+     * Try to set up Pub/Sub for the given app and attach results to the result object.
+     * Errors are logged but not thrown so they do not prevent create/update from succeeding.
+     */
+    async tryEnsurePubsub(id, result) {
+        try {
+            let appData = await this.get(id);
+            if (appData.baseScopes === 'pubsub') {
+                let pubsubUpdates = await this.ensurePubsub(appData);
+                if (Object.keys(pubsubUpdates || {}).length) {
+                    result.pubsubUpdates = pubsubUpdates;
+                }
+            }
+        } catch (err) {
+            logger.error({ msg: 'Failed to set up pubsub', app: id, err });
+        }
+    }
+
     async deleteTopic(appData) {
         let topicName = appData.pubSubTopic;
         let topicUrl = `https://pubsub.googleapis.com/v1/${topicName}`;
@@ -1008,22 +1006,18 @@ class OAuth2AppsHandler {
                 case 403:
                     // no permissions
                     if (/Cloud Pub\/Sub API has not been used in project/.test(err?.oauthRequest?.response?.error?.message)) {
-                        this.setMeta(appData.id, {
+                        this.setMetaFireAndForget(appData.id, {
                             authFlag: {
                                 message:
                                     'Enable the Cloud Pub/Sub API for your project before using the service client. Check the server response below for details.',
                                 description: err?.oauthRequest?.response?.error?.message
                             }
-                        }).catch(metaErr => {
-                            logger.error({ msg: 'Failed to set authFlag metadata', app: appData.id, err: metaErr });
                         });
                     } else {
-                        this.setMeta(appData.id, {
+                        this.setMetaFireAndForget(appData.id, {
                             authFlag: {
                                 message: 'Service client does not have permission to manage Pub/Sub topics. Grant the service user the "Pub/Sub Admin" role.'
                             }
-                        }).catch(metaErr => {
-                            logger.error({ msg: 'Failed to set authFlag metadata', app: appData.id, err: metaErr });
                         });
                     }
 
@@ -1057,13 +1051,11 @@ class OAuth2AppsHandler {
                         switch (err?.oauthRequest?.response?.error?.code) {
                             case 403:
                                 // no permissions
-                                this.setMeta(appData.id, {
+                                this.setMetaFireAndForget(appData.id, {
                                     authFlag: {
                                         message:
                                             'Service client does not have permission to manage Pub/Sub topics. Grant the service user the "Pub/Sub Admin" role.'
                                     }
-                                }).catch(metaErr => {
-                                    logger.error({ msg: 'Failed to set authFlag metadata', app: appData.id, err: metaErr });
                                 });
                                 throw err;
                             case 409:
@@ -1132,12 +1124,10 @@ class OAuth2AppsHandler {
             switch (err?.oauthRequest?.response?.error?.code) {
                 case 403:
                     // no permissions
-                    this.setMeta(appData.id, {
+                    this.setMetaFireAndForget(appData.id, {
                         authFlag: {
                             message: 'Service client does not have permission to view Pub/Sub topics. Grant the service user the "Pub/Sub Admin" role.'
                         }
-                    }).catch(metaErr => {
-                        logger.error({ msg: 'Failed to set authFlag metadata', app: appData.id, err: metaErr });
                     });
                     throw err;
                 case 404: {
@@ -1190,13 +1180,11 @@ class OAuth2AppsHandler {
                         switch (err?.oauthRequest?.response?.error?.code) {
                             case 403:
                                 // no permissions
-                                this.setMeta(appData.id, {
+                                this.setMetaFireAndForget(appData.id, {
                                     authFlag: {
                                         message:
                                             'Service client does not have permission to manage Pub/Sub topics. Grant the service user the "Pub/Sub Admin" role.'
                                     }
-                                }).catch(metaErr => {
-                                    logger.error({ msg: 'Failed to set authFlag metadata', app: appData.id, err: metaErr });
                                 });
                                 throw err;
                             case 409:
@@ -1241,12 +1229,10 @@ class OAuth2AppsHandler {
             switch (err?.oauthRequest?.response?.error?.code) {
                 case 403:
                     // no permissions
-                    this.setMeta(appData.id, {
+                    this.setMetaFireAndForget(appData.id, {
                         authFlag: {
                             message: 'Service client does not have permission to view Pub/Sub topics. Grant the service user the "Pub/Sub Admin" role.'
                         }
-                    }).catch(metaErr => {
-                        logger.error({ msg: 'Failed to set authFlag metadata', app: appData.id, err: metaErr });
                     });
                     throw err;
                 default:
@@ -1290,12 +1276,10 @@ class OAuth2AppsHandler {
                 switch (err?.oauthRequest?.response?.error?.code) {
                     case 403:
                         // no permissions
-                        this.setMeta(appData.id, {
+                        this.setMetaFireAndForget(appData.id, {
                             authFlag: {
                                 message: 'Service client does not have permission to manage Pub/Sub topics. Grant the service user the "Pub/Sub Admin" role.'
                             }
-                        }).catch(metaErr => {
-                            logger.error({ msg: 'Failed to set authFlag metadata', app: appData.id, err: metaErr });
                         });
                         throw err;
                     default: