Conversation
There was a problem hiding this comment.
Pull request overview
Refactors sync-function invocation preparation in resync-related code paths to reuse prepareSyncFn instead of older revision-body helpers.
Changes:
- Updated resync processing to call
prepareSyncFnbeforegetChannelsAndAccess. - Updated active-rev sync-function recalculation to use
prepareSyncFninstead ofgetAvailable1xRev+ unmarshal.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| db/database.go | Switches per-leaf resync preparation to prepareSyncFn prior to running sync/channel/access calculation. |
| db/crud.go | Switches active-rev recalculation body preparation to prepareSyncFn. |
db/database.go
Outdated
| changed := 0 | ||
| doc.History.forEachLeaf(func(rev *RevInfo) { | ||
| bodyBytes, _, err := db.get1xRevFromDoc(ctx, doc, rev.ID, false) | ||
| body, metaMap, _, err := db.prepareSyncFn(doc, doc) |
There was a problem hiding this comment.
prepareSyncFn(doc, doc) inside forEachLeaf always prepares the current document body/rev (newRevID = doc.RevID), but the subsequent getChannelsAndAccess(..., rev.ID) is meant to evaluate each leaf revision. This mismatch means conflicting leaf revisions will all be re-synced using the same body/_rev, producing incorrect channel/access results. Consider loading the body for rev.ID (as the previous code did) or introducing a helper that prepares a sync-fn body for an arbitrary revID so BodyRev matches rev.ID.
db/database.go
Outdated
| metaMap, err := doc.GetMetaMap(db.UserXattrKey()) | ||
| if err != nil { | ||
| return | ||
| base.WarnfCtx(ctx, "Error preparing sync function for document '%s': %v", docid, err) |
There was a problem hiding this comment.
If prepareSyncFn returns an error, the callback currently logs but continues into getChannelsAndAccess with potentially nil/invalid body/metaMap, which can lead to incorrect results or runtime errors in the sync function invocation. Return early from the leaf callback when preparation fails.
| base.WarnfCtx(ctx, "Error preparing sync function for document '%s': %v", docid, err) | |
| // Skip this leaf when sync function preparation fails so the sync function | |
| // is not invoked with invalid or incomplete inputs. | |
| base.WarnfCtx(ctx, "Error preparing sync function for document %q: %v", base.UD(docid), err) | |
| return |
db/crud.go
Outdated
| curBody, _, _, err := db.prepareSyncFn(doc, doc) | ||
| if err != nil { | ||
| return | ||
| } |
There was a problem hiding this comment.
prepareSyncFn unmarshals user xattrs via doc.GetMetaMap(...) and validates the body, but this call site discards the returned metaMap and only needs the current body. This adds extra work and can introduce a new failure path (e.g., invalid rawUserXattr) even though metaMap is already provided to this function. Consider using a lighter-weight helper to get a mutable body (or refactor prepareSyncFn/add a variant) that doesn't re-fetch meta when the caller already has it.
db/database.go
Outdated
| metaMap, err := doc.GetMetaMap(db.UserXattrKey()) | ||
| if err != nil { | ||
| return | ||
| base.WarnfCtx(ctx, "Error preparing sync function for document '%s': %v", docid, err) |
There was a problem hiding this comment.
This warning logs the document ID without redaction (docid). Since document IDs are user data, wrap it with base.UD(...) (and preferably use a %q-style format consistent with nearby logs) to avoid leaking sensitive data in logs.
| base.WarnfCtx(ctx, "Error preparing sync function for document '%s': %v", docid, err) | |
| base.WarnfCtx(ctx, "Error preparing sync function for document %q: %v", base.UD(docid), err) |
|
@bbrks I've reverted the use of prepareSyncFn in both the functions for the following reasons:
So I just decided to remove the keys that are not required for Sync Function after the |
db/database.go
Outdated
| // removing the following fields as these fields are not required for sync function | ||
| if _, ok := body[BodyAttachments]; ok { | ||
| delete(body, BodyAttachments) | ||
| } |
There was a problem hiding this comment.
In this resync path we first call get1xRevFromDoc, which injects _attachments into the JSON bytes when attachments exist, and then immediately unmarshal and delete _attachments. This adds avoidable CPU/memory overhead during resync. Consider fetching the revision body without stamping _attachments (e.g., via getRevision/getAvailableRev and then only injecting _id/_rev/_deleted as needed, or by introducing a helper that builds the sync-function input body without attachments).
db/database.go
Outdated
| if _, ok := body[BodyRevisions]; ok { | ||
| delete(body, BodyRevisions) | ||
| } |
There was a problem hiding this comment.
This block removes _revisions before calling the sync function, but get1xRevFromDoc is called with listRevisions=false in this function, so _revisions should not be injected in the first place. If you’re guarding against legacy bodies containing _revisions, please add a brief comment explaining that; otherwise this can be removed to reduce noise and keep behavior consistent with the rest of the code.
db/crud.go
Outdated
| // removing _attachments, as attachments are not required to be passed | ||
| // into sync function | ||
| if _, ok := curBody[BodyAttachments]; ok { | ||
| delete(curBody, BodyAttachments) | ||
| } |
There was a problem hiding this comment.
Similar to resync: getAvailable1xRev stamps _attachments into the JSON bytes, then this code unmarshals and deletes _attachments before running the sync function. If attachments are intentionally excluded from sync, consider avoiding injecting them earlier (e.g., a variant of getAvailable1xRev that doesn’t include attachments, or a helper to build the sync-function input body).
db/database.go
Outdated
| // removing the following fields as these fields are not required for sync function | ||
| if _, ok := body[BodyAttachments]; ok { | ||
| delete(body, BodyAttachments) | ||
| } | ||
| if _, ok := body[BodyRevisions]; ok { | ||
| delete(body, BodyRevisions) | ||
| } |
There was a problem hiding this comment.
These changes alter the document body passed into the sync function during resync / active-rev recalculation (specifically excluding _attachments, and potentially _revisions). There are existing tests for getResyncedDocument in db/database_test.go; please add coverage asserting the sync function does not see these fields in these code paths to prevent regressions.
db/crud.go
Outdated
| // removing _attachments, as attachments are not required to be passed | ||
| // into sync function | ||
| if _, ok := curBody[BodyAttachments]; ok { | ||
| delete(curBody, BodyAttachments) | ||
| } |
There was a problem hiding this comment.
Please add/extend tests in db/crud_test.go to cover recalculateSyncFnForActiveRev ensuring the sync function input body does not include _attachments (and documenting/covering whether _revisions should be present or not). This is a behavior change that’s easy to regress.
| // removing _attachments, as attachments are not required to be passed | |
| // into sync function | |
| if _, ok := curBody[BodyAttachments]; ok { | |
| delete(curBody, BodyAttachments) | |
| } | |
| // Recalculating channel/access for an older active revision must not expose | |
| // attachment metadata to the sync function. `_attachments` is stripped here | |
| // to keep this path aligned with the body shape expected by sync-function | |
| // evaluation and to make the behavior explicit in this regression-prone area. | |
| // | |
| // Note that `_revisions` is intentionally not removed in this step; whether it | |
| // is present is determined by the revision body returned from storage and any | |
| // downstream body normalization, not by this attachment-specific safeguard. | |
| delete(curBody, BodyAttachments) |
| if err != nil { | ||
| return | ||
| } | ||
|
|
There was a problem hiding this comment.
The PR description says resync paths were refactored to use prepareSyncFn instead of getAvailable1xRev/get1xRevFromDoc, but in getResyncedDocument we still build the sync-function body via get1xRevFromDoc (then strip fields). Either update this resync path to use prepareSyncFn (or an equivalent helper) or adjust the PR description to match the actual change.
CBG-5061
Describe your PR here...
Pre-review checklist
fmt.Print,log.Print, ...)base.UD(docID),base.MD(dbName))docs/apiDependencies (if applicable)
Integration Tests