chore: improve the way we send DDP connection data to hooks

[nazabucciarelli]

Proposed changes (including videos or screenshots)

After some investigation, context gathering, and a discussion with Diego Sampaio, we aligned on the scope of this task.

The goal is to improve how DDP connection headers are handled in sauMonitorHooks.ts.
While the broader issue involves multiple places where the full connection object is passed downstream instead of only the required data, addressing all of those cases is outside the scope of this task.

To make the change safer and more explicit, I will introduce dedicated types for the event payloads instead of passing the entire connection object.

Issue(s)

Steps to test or reproduce

Further comments

Doubt:
Are the new types (DeviceLoginPayload, LoginSessionPayload, LogoutSessionPayload) and the util function (getHeader) properly located in the directory tree?

Summary by CodeRabbit

• Refactor

  • Restructured session tracking to use enriched event payloads instead of connection objects, now capturing user agent, client address, and host information for improved session data collection.
  • Updated login and logout event handling with new payload structures.

• Chores

  • Added new helper utilities and type definitions to support enhanced session payload handling.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[dionisio-bot]

Looks like this PR is not ready to merge, because of the following issues:

• This PR is missing the 'stat: QA assured' label
• This PR is missing the required milestone or project

Please fix the issues and try again

If you have any trouble, please check the PR guidelines

[changeset-bot]

⚠️ No Changeset found

Latest commit: d02ff34

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Walkthrough

This PR refactors the account session and device login event system by replacing connection-object-based payloads with structured, explicit payload types. Login and logout handlers now emit events with computed metadata (userAgent, clientAddress, instanceId, loginToken) as separate payload fields, and consumers adapt to these new payload shapes while maintaining existing functionality.

Changes

Cohort / File(s)	Summary
New Type Definitions packages/core-typings/src/LoginSessionPayload.ts, packages/core-typings/src/LogoutSessionPayload.ts, packages/core-typings/src/DeviceLoginPayload.ts, packages/core-typings/src/index.ts	Introduces three new structured payload types: LoginSessionPayload (userId, instanceId, userAgent, connectionId, clientAddress, host, optional loginToken), LogoutSessionPayload (optional userId, sessionId), and DeviceLoginPayload (userId, userAgent, optional loginToken, clientAddress). Types are exported from core-typings index.
Event System Refactoring apps/meteor/server/services/sauMonitor/events.ts, apps/meteor/server/services/device-management/events.ts	Updated event emitter type definitions: sauEvents renames accounts.login/logout to sau.accounts.login/logout with new payload types; deviceManagementEvents replaces ISocketConnectionLogged with DeviceLoginPayload for device-login event.
Event Emission Logic apps/meteor/server/services/sauMonitor/service.ts, apps/meteor/server/services/device-management/service.ts	Refactored handlers to compute metadata (userAgent, clientAddress, instanceId, loginToken, host) from connection objects and emit new structured payloads instead of forwarding raw connection objects.
Hook-level Payload Construction apps/meteor/server/hooks/sauMonitorHooks.ts	Reworked login/logout hooks to extract connection metadata, compute additional fields (instanceId via InstanceStatus, userAgent via getHeader), construct LoginSessionPayload and LogoutSessionPayload objects, and emit both sau.accounts and device-login events with explicit payloads.
SAUMonitor Consumer Updates apps/meteor/app/statistics/server/lib/SAUMonitor.ts	Updated event listeners to subscribe to new sau.accounts.login/logout events; refactored private _handleSession signature from accepting connection object to accepting destructured LoginSessionPayload fields; replaced _getConnectionInfo helper with _getUserAgentInfo(uaString); removed ISocketConnectionLogged import.
Device Management Consumer apps/meteor/ee/server/lib/deviceManagement/session.ts	Updated device-login listener to destructure new payload fields (userId, userAgent, loginToken, clientAddress) and use them directly instead of deriving from connection object properties.
Utility Function apps/meteor/server/lib/getHeader.ts	New exported helper function to normalize header access, supporting both Headers interface (with get method) and plain object record patterns.

Sequence Diagram(s)

sequenceDiagram
    participant Conn as Connection Event
    participant Hook as sauMonitorHooks
    participant Emitter as Event Emitters
    participant SAUMon as SAUMonitor
    participant DevMgmt as Device Management
    
    Conn->>Hook: accounts.login fired
    Hook->>Hook: Extract userId, connection
    Hook->>Hook: Compute instanceId, userAgent,<br/>clientAddress, host, loginToken
    Hook->>Hook: Construct LoginSessionPayload
    Hook->>Emitter: emit sau.accounts.login<br/>(LoginSessionPayload)
    Hook->>Emitter: emit device-login<br/>(DeviceLoginPayload)
    
    Emitter->>SAUMon: sau.accounts.login received
    SAUMon->>SAUMon: _handleSession with payload fields
    SAUMon->>SAUMon: Call _getUserAgentInfo(userAgent)
    SAUMon->>SAUMon: Build ISession with computed data
    
    Emitter->>DevMgmt: device-login received
    DevMgmt->>DevMgmt: Destructure userAgent,<br/>clientAddress, loginToken
    DevMgmt->>DevMgmt: Parse userAgent, send notification

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Possibly related PRs

• regression: fixes undefined user-agent on device login detection #37642 – Both PRs modify device-login user-agent handling in apps/meteor/ee/server/lib/deviceManagement/session.ts; related PR normalizes header access while this PR moves to explicit userAgent payload field.
• fix: improves how code access user-agent in the headers #37493 – Both PRs address user-agent/header access normalization and fix device-login user-agent extraction logic.

Suggested reviewers

• sampaiodiego

Poem

🐰 Events flow free with payloads bright,
No more connection objects in sight!
Structured types make the handlers cheer,
userAgent, clientAddress crystal clear—
Sessions simplified, oh what a sight! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: improve the way we send DDP connection data to hooks' accurately describes the main refactoring objective: changing how DDP connection data is passed to hooks through new payload types and utilities.
Linked Issues check	✅ Passed	The PR implements the core objective of CORE-1529 by introducing dedicated payload types (DeviceLoginPayload, LoginSessionPayload, LogoutSessionPayload) and a getHeader utility to extract required header data instead of passing full connection objects to hooks.
Out of Scope Changes check	✅ Passed	All changes are within scope: they focus exclusively on refactoring DDP connection data handling for sauMonitorHooks.ts through new payload types and helper utilities, with no unrelated modifications observed.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch refactor/ddp-headers

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 70.76%. Comparing base (90243eb) to head (d02ff34).
⚠️ Report is 18 commits behind head on develop.

Additional details and impacted files

@@             Coverage Diff             @@
##           develop   #38268      +/-   ##
===========================================
+ Coverage    70.70%   70.76%   +0.05%     
===========================================
  Files         3139     3142       +3     
  Lines       108744   108920     +176     
  Branches     19560    19663     +103     
===========================================
+ Hits         76887    77072     +185     
+ Misses       29856    29841      -15     
- Partials      2001     2007       +6     

Flag	Coverage Δ
unit	71.89% <ø> (+0.07%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

📦 Docker Image Size Report

➡️ Changes

Service	Current	Baseline	Change	Percent
sum of all images	0B	0B	0B
account-service	0B	0B	0B
authorization-service	0B	0B	0B
ddp-streamer-service	0B	0B	0B
omnichannel-transcript-service	0B	0B	0B
presence-service	0B	0B	0B
queue-worker-service	0B	0B	0B
rocketchat	0B	0B	0B

📊 Historical Trend

---
config:
  theme: "dark"
  xyChart:
    width: 900
    height: 400
---
xychart
  title "Image Size Evolution by Service (Last 30 Days + This PR)"
  x-axis ["11/18 22:53", "11/19 23:02", "11/21 16:49", "11/24 17:34", "11/27 22:32", "11/28 19:05", "12/01 23:01", "12/02 21:57", "12/03 21:00", "12/04 18:17", "12/05 21:56", "12/08 20:15", "12/09 22:17", "12/10 23:26", "12/11 21:56", "12/12 22:45", "12/13 01:34", "12/15 22:31", "12/16 22:18", "12/17 21:04", "12/18 23:12", "12/19 23:27", "12/20 21:03", "12/22 18:54", "12/23 16:16", "12/24 19:38", "12/25 17:51", "12/26 13:18", "12/29 19:01", "12/30 20:52", "01/21 22:20 (PR)"]
  y-axis "Size (GB)" 0 --> 0.5
  line "account-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.00]
  line "authorization-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.00]
  line "ddp-streamer-service" [0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.12, 0.00]
  line "omnichannel-transcript-service" [0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.00]
  line "presence-service" [0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.11, 0.00]
  line "queue-worker-service" [0.14, 0.14, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.13, 0.00]
  line "rocketchat" [0.35, 0.35, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.34, 0.00]

Loading

Statistics (last 30 days):

• 📊 Average: 1.5GiB
• ⬇️ Minimum: 1.4GiB
• ⬆️ Maximum: 1.6GiB
• 🎯 Current PR: 0B

ℹ️ About this report

This report compares Docker image sizes from this build against the develop baseline.

• Tag: pr-38268
• Baseline: develop
• Timestamp: 2026-01-21 22:20:17 UTC
• Historical data points: 30

---

Updated: Wed, 21 Jan 2026 22:20:18 GMT

[nazabucciarelli]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apps/meteor/server/hooks/sauMonitorHooks.ts (1)

3-50: Replace empty-string loginToken with undefined to prevent logout failures.

When resume is missing, loginToken defaults to '', which gets stored in the Sessions collection during login. During logout, SAUMonitor checks if (!session?.loginToken) (line 148 of SAUMonitor.ts), and the falsy empty string triggers a logout error. Since LoginSessionPayload marks loginToken as optional, use undefined instead.

🛠️ Suggested adjustment

-	const loginToken = resume ? Accounts._hashLoginToken(resume) : '';
+	const loginToken = resume ? Accounts._hashLoginToken(resume) : undefined;

🤖 Fix all issues with AI agents

In `@apps/meteor/server/services/sauMonitor/events.ts`:
- Around line 1-8: The SAU event keys were renamed to namespaced keys but
SAUMonitorClass._handleOnConnection still subscribes to the old
'socket.disconnected' event; update that listener to use the new
'sau.socket.disconnected' key so it matches the sauEvents emitter (reference the
sauEvents Emitter and the _handleOnConnection method in SAUMonitorClass),
ensuring the handler remains registered and sessions are closed correctly.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Update remaining listeners to sau.socket.disconnected.

Event keys changed here, but SAUMonitorClass._handleOnConnection still listens to socket.disconnected (Line 99 in apps/meteor/app/statistics/server/lib/SAUMonitor.ts). That listener will stop firing, leaving sessions open.

🔧 Suggested fix

-		sauEvents.on('socket.disconnected', async ({ id, instanceId }) => {
+		sauEvents.on('sau.socket.disconnected', async ({ id, instanceId }) => {

🤖 Prompt for AI Agents

In `@apps/meteor/server/services/sauMonitor/events.ts` around lines 1 - 8, The SAU
event keys were renamed to namespaced keys but
SAUMonitorClass._handleOnConnection still subscribes to the old
'socket.disconnected' event; update that listener to use the new
'sau.socket.disconnected' key so it matches the sauEvents emitter (reference the
sauEvents Emitter and the _handleOnConnection method in SAUMonitorClass),
ensuring the handler remains registered and sessions are closed correctly.