RocketChat
diff --git a/‎ee/apps/ddp-streamer/src/Client.spec.ts‎
Lines changed: 154 additions & 0 deletions b/‎ee/apps/ddp-streamer/src/Client.spec.ts‎
Lines changed: 154 additions & 0 deletions
diff --git a/‎ee/apps/ddp-streamer/src/Client.ts‎
Lines changed: 57 additions & 14 deletions b/‎ee/apps/ddp-streamer/src/Client.ts‎
Lines changed: 57 additions & 14 deletions
diff --git a/‎ee/apps/ddp-streamer/src/DDPStreamer.ts‎
Lines changed: 38 additions & 1 deletion b/‎ee/apps/ddp-streamer/src/DDPStreamer.ts‎
Lines changed: 38 additions & 1 deletion
@@ -0,0 +1,154 @@
+import { EventEmitter } from 'events';
+import type { IncomingMessage } from 'http';
+
+import type WebSocket from 'ws';
+
+import { Client } from './Client';
+import { DDP_EVENTS, MAX_BUFFERED_BYTES, TIMEOUT, WS_ERRORS } from './constants';
+
+jest.mock('./Server', () => ({ SERVER_ID: '{"msg":"server_id","server_id":"0"}' }));
+
+jest.mock('./configureServer', () => {
+	const realEvents: typeof import('events') = jest.requireActual('events');
+	class FakeServer extends realEvents.EventEmitter {
+		id = 'fake-server';
+
+		serialize = (obj: unknown) => JSON.stringify(obj);
+
+		parse = (data: any) => JSON.parse(data.toString());
+
+		call = jest.fn().mockResolvedValue(undefined);
+
+		subscribe = jest.fn().mockResolvedValue(undefined);
+	}
+	return { server: new FakeServer(), events: new realEvents.EventEmitter() };
+});
+
+jest.mock('@rocket.chat/core-services', () => ({
+	Presence: { updateConnection: jest.fn().mockResolvedValue(undefined) },
+}));
+
+class FakeWebSocket extends EventEmitter {
+	public bufferedAmount = 0;
+
+	public readyState = 1;
+
+	public send = jest.fn();
+
+	public close = jest.fn((_code?: number, _reason?: string) => {
+		this.readyState = 3;
+	});
+}
+
+const makeReq = (): IncomingMessage => ({ socket: { remoteAddress: '127.0.0.1' }, headers: {} }) as unknown as IncomingMessage;
+
+const asWs = (ws: FakeWebSocket): WebSocket => ws as unknown as WebSocket;
+
+describe('Client.send backpressure', () => {
+	let ws: FakeWebSocket;
+	let client: any;
+
+	beforeEach(() => {
+		jest.useFakeTimers();
+		ws = new FakeWebSocket();
+		client = new Client(asWs(ws), false, makeReq());
+		ws.send.mockClear();
+		ws.close.mockClear();
+	});
+
+	afterEach(() => {
+		jest.clearAllTimers();
+		jest.useRealTimers();
+	});
+
+	it('closes with code 1013 when bufferedAmount exceeds the threshold', () => {
+		ws.bufferedAmount = MAX_BUFFERED_BYTES + 1;
+		client.send('hello');
+		expect(ws.close).toHaveBeenCalledWith(WS_ERRORS.SLOW_CONSUMER, expect.any(String));
+		expect(ws.send).not.toHaveBeenCalled();
+	});
+
+	it('forwards to ws.send when bufferedAmount is below the threshold', () => {
+		ws.bufferedAmount = 1024;
+		client.send('hello');
+		expect(ws.send).toHaveBeenCalledWith('hello');
+		expect(ws.close).not.toHaveBeenCalled();
+	});
+
+	it('encodes payloads for meteor clients with the SockJS array wrapper', () => {
+		const meteorWs = new FakeWebSocket();
+		const meteorClient = new Client(asWs(meteorWs), true, makeReq());
+		meteorWs.send.mockClear();
+		meteorClient.send('payload');
+		expect(meteorWs.send).toHaveBeenCalledWith('a["payload"]');
+	});
+});
+
+describe('Client heartbeat', () => {
+	let ws: FakeWebSocket;
+
+	const handshake = async (): Promise<void> => {
+		ws.emit('message', Buffer.from(JSON.stringify({ msg: DDP_EVENTS.CONNECT, version: '1' })), false);
+		await flushAsync();
+	};
+
+	const flushAsync = async (): Promise<void> => {
+		// `Client.handler` is async — yield twice so server.parse, the internal emit, and
+		// the once('message') listener all complete before the test inspects state.
+		await Promise.resolve();
+		await Promise.resolve();
+	};
+
+	beforeEach(() => {
+		jest.useFakeTimers();
+		ws = new FakeWebSocket();
+		// Client wires itself into the ws via constructor side effects; we don't need the ref.
+		void new Client(asWs(ws), false, makeReq());
+		ws.send.mockClear();
+		ws.close.mockClear();
+	});
+
+	afterEach(() => {
+		jest.clearAllTimers();
+		jest.useRealTimers();
+	});
+
+	const lastSent = (): string | undefined => ws.send.mock.calls.at(-1)?.[0];
+
+	it('sends PING after the idle window expires', () => {
+		jest.advanceTimersByTime(TIMEOUT);
+		expect(lastSent()).toContain(`"${DDP_EVENTS.PING}"`);
+	});
+
+	it('closes with code 4000 when no PONG arrives within the pong window', () => {
+		jest.advanceTimersByTime(TIMEOUT); // PING sent, pong window starts
+		jest.advanceTimersByTime(TIMEOUT); // pong window expires
+		expect(ws.close).toHaveBeenCalledWith(WS_ERRORS.TIMEOUT, expect.any(String));
+	});
+
+	it('does not extend the pong window when non-PONG traffic arrives', async () => {
+		await handshake();
+		ws.close.mockClear();
+		jest.advanceTimersByTime(TIMEOUT); // PING sent
+		ws.emit('message', Buffer.from(JSON.stringify({ msg: DDP_EVENTS.METHOD, method: 'foo', id: '1' })), false);
+		await flushAsync();
+		jest.advanceTimersByTime(TIMEOUT - 1);
+		expect(ws.close).not.toHaveBeenCalled();
+		jest.advanceTimersByTime(2);
+		expect(ws.close).toHaveBeenCalledWith(WS_ERRORS.TIMEOUT, expect.any(String));
+	});
+
+	it('cancels the pong window and resumes the idle cycle when PONG arrives', async () => {
+		await handshake();
+		ws.close.mockClear();
+		jest.advanceTimersByTime(TIMEOUT); // PING #1 sent, pong window armed
+		ws.send.mockClear();
+		ws.emit('message', Buffer.from(JSON.stringify({ msg: DDP_EVENTS.PONG })), false);
+		await flushAsync();
+		// Past the original pong deadline — we should still be alive.
+		jest.advanceTimersByTime(TIMEOUT);
+		expect(ws.close).not.toHaveBeenCalled();
+		// And the next idle window should have produced a fresh PING.
+		expect(lastSent()).toContain(`"${DDP_EVENTS.PING}"`);
+	});
+});
@@ -3,15 +3,18 @@ import type { IncomingMessage } from 'http';
 
 import { Presence } from '@rocket.chat/core-services';
 import type { ISocketConnection } from '@rocket.chat/core-typings';
+import { Logger } from '@rocket.chat/logger';
 import { throttle } from 'underscore';
 import { v1 as uuidv1 } from 'uuid';
 import type WebSocket from 'ws';
 
 import { SERVER_ID } from './Server';
 import { server } from './configureServer';
-import { DDP_EVENTS, WS_ERRORS, WS_ERRORS_MESSAGES, TIMEOUT } from './constants';
+import { DDP_EVENTS, WS_ERRORS, WS_ERRORS_MESSAGES, TIMEOUT, MAX_BUFFERED_BYTES } from './constants';
 import type { IPacket } from './types/IPacket';
 
+const logger = new Logger('DDP-Streamer-Client');
+
 // TODO why localhost not as 127.0.0.1?
 // based on Meteor's implementation (link)
 const getClientAddress = (req: IncomingMessage): string | undefined => {
@@ -61,7 +64,9 @@ export const clientMap = new WeakMap<WebSocket, Client>();
 export class Client extends EventEmitter {
 	private chain = Promise.resolve();
 
-	protected timeout: NodeJS.Timeout;
+	protected idleTimer?: NodeJS.Timeout;
+
+	protected pongTimer?: NodeJS.Timeout;
 
 	public readonly session = uuidv1();
 
@@ -75,11 +80,13 @@ export class Client extends EventEmitter {
 
 	public userToken?: string;
 
+	public closeCode?: number;
+
 	private updatePresence = throttle(
 		() => {
 			if (this.userId) {
 				void Presence.updateConnection(this.userId, this.connection.id).catch((err) => {
-					console.error('Error updating connection presence:', err);
+					logger.error({ msg: 'Error updating connection presence', err });
 				});
 			}
 		},
@@ -104,17 +111,18 @@ export class Client extends EventEmitter {
 			httpHeaders: req.headers,
 		};
 
-		this.renewTimeout(TIMEOUT / 1000);
+		this.armIdleTimer();
 		this.ws.on('message', this.handler);
-		this.ws.on('close', (...args) => {
+		this.ws.on('close', (code: number, ...rest: unknown[]) => {
+			this.closeCode = code;
 			server.emit(DDP_EVENTS.DISCONNECTED, this);
-			this.emit('close', ...args);
+			this.emit('close', code, ...rest);
 			this.subscriptions.clear();
-			clearTimeout(this.timeout);
+			this.clearTimers();
 		});
 
 		this.ws.on('error', (err) => {
-			console.error('Unexpected error:', err);
+			logger.error({ msg: 'Unexpected WebSocket error', err });
 			this.ws.close(WS_ERRORS.CLOSE_PROTOCOL_ERROR, WS_ERRORS_MESSAGES.CLOSE_PROTOCOL_ERROR);
 		});
 
@@ -124,7 +132,9 @@ export class Client extends EventEmitter {
 
 		server.emit(DDP_EVENTS.CONNECTED, this);
 
-		this.ws.on('message', () => this.renewTimeout(TIMEOUT));
+		// Any inbound traffic resets the idle window. The pong timer, when armed, is only
+		// cleared by an actual PONG (handled in `process`).
+		this.ws.on('message', () => this.armIdleTimer());
 
 		this.once('message', ({ msg }) => {
 			if (msg !== DDP_EVENTS.CONNECT) {
@@ -158,6 +168,9 @@ export class Client extends EventEmitter {
 			case DDP_EVENTS.PING:
 				this.pong(packet.id);
 				break;
+			case DDP_EVENTS.PONG:
+				this.handlePong();
+				break;
 			case DDP_EVENTS.METHOD:
 				if (!packet.method) {
 					return this.ws.close(WS_ERRORS.CLOSE_PROTOCOL_ERROR);
@@ -203,12 +216,35 @@ export class Client extends EventEmitter {
 
 	handleIdle = (): void => {
 		this.ping();
-		this.timeout = setTimeout(this.closeTimeout, TIMEOUT);
+		// Only the actual PONG clears this; other inbound messages do NOT.
+		clearTimeout(this.pongTimer);
+		this.pongTimer = setTimeout(this.closeTimeout, TIMEOUT);
 	};
 
-	renewTimeout(timeout = TIMEOUT): void {
-		clearTimeout(this.timeout);
-		this.timeout = setTimeout(this.handleIdle, timeout);
+	handlePong(): void {
+		clearTimeout(this.pongTimer);
+		this.pongTimer = undefined;
+		// Resume the normal idle cycle. The 'message' listener that runs alongside us is
+		// guarded by `pongTimer`, so it skipped re-arming while we were awaiting PONG.
+		this.armIdleTimer();
+	}
+
+	armIdleTimer(timeout = TIMEOUT): void {
+		// Liveness during the PING/PONG window is governed strictly by `pongTimer`.
+		// Other inbound traffic must NOT extend the deadline — that would mask a broken
+		// client that keeps sending data but never replies to PING.
+		if (this.pongTimer) {
+			return;
+		}
+		clearTimeout(this.idleTimer);
+		this.idleTimer = setTimeout(this.handleIdle, timeout);
+	}
+
+	clearTimers(): void {
+		clearTimeout(this.idleTimer);
+		clearTimeout(this.pongTimer);
+		this.idleTimer = undefined;
+		this.pongTimer = undefined;
 	}
 
 	handler = async (payload: WebSocket.Data, isBinary: boolean): Promise<void> => {
@@ -221,7 +257,7 @@ export class Client extends EventEmitter {
 			}
 			this.process(packet.msg, packet);
 		} catch (err) {
-			console.error(err);
+			logger.error({ msg: 'Failed to handle inbound DDP frame', err });
 			return this.ws.close(WS_ERRORS.UNSUPPORTED_DATA, WS_ERRORS_MESSAGES.UNSUPPORTED_DATA);
 		}
 	};
@@ -234,6 +270,13 @@ export class Client extends EventEmitter {
 	}
 
 	send(payload: string): void {
+		// Drop slow consumers deterministically: if the OS-level write buffer is past the
+		// configured threshold the client cannot keep up. Closing here prevents heap blow-up
+		// on the streamer pod when a single peer stalls.
+		if (this.ws.bufferedAmount > MAX_BUFFERED_BYTES) {
+			this.ws.close(WS_ERRORS.SLOW_CONSUMER, WS_ERRORS_MESSAGES.SLOW_CONSUMER);
+			return;
+		}
 		return this.ws.send(this.encodePayload(payload));
 	}
 }
@@ -113,6 +113,27 @@ export class DDPStreamer extends ServiceClass {
 			description: 'Users logged by streamer',
 		});
 
+		metrics.register({
+			name: 'ddp_method_total',
+			type: 'counter',
+			labelNames: ['namespace', 'status'],
+			description: 'DDP method calls by namespace and outcome',
+		});
+
+		metrics.register({
+			name: 'ddp_close_total',
+			type: 'counter',
+			labelNames: ['code'],
+			description: 'DDP WebSocket close events by code',
+		});
+
+		metrics.register({
+			name: 'ddp_send_buffer_bytes',
+			type: 'gauge',
+			labelNames: ['nodeID'],
+			description: 'Maximum WebSocket send buffer size across connected clients (bytes)',
+		});
+
 		server.setMetrics(metrics);
 
 		server.on(DDP_EVENTS.CONNECTED, () => {
@@ -123,13 +144,29 @@ export class DDPStreamer extends ServiceClass {
 			metrics.increment('users_logged', { nodeID }, 1);
 		});
 
-		server.on(DDP_EVENTS.DISCONNECTED, ({ userId }) => {
+		server.on(DDP_EVENTS.DISCONNECTED, ({ userId, closeCode }: Client) => {
 			metrics.decrement('users_connected', { nodeID }, 1);
 			if (userId) {
 				metrics.decrement('users_logged', { nodeID }, 1);
 			}
+			metrics.increment('ddp_close_total', { code: String(closeCode ?? 'unknown') }, 1);
 		});
 
+		// Periodically sample the maximum send-buffer depth across all live connections.
+		// Exposes when a single peer is starting to fall behind before we hit the 1013 kick.
+		const sampleSendBuffer = (): void => {
+			let max = 0;
+			this.wss?.clients.forEach((ws) => {
+				if (ws.bufferedAmount > max) {
+					max = ws.bufferedAmount;
+				}
+			});
+			metrics.set('ddp_send_buffer_bytes', max, { nodeID });
+		};
+		const sampleInterval = setInterval(sampleSendBuffer, 5000);
+		// `unref` avoids holding the event loop open during shutdown.
+		sampleInterval.unref?.();
+
 		async function sendUserData(client: Client, userId: string) {
 			// TODO figure out what fields to send. maybe to to export function getBaseUserFields to a package
 			const loggedUser = await Users.findOneById(userId, {