Loss of access to a channel happening rarely

I’m putting this out there to see if anyone else has seen this or can suggest ideas. I’ve been staring at this and running experiments for a while, and am completely stumped.

This involves my app (mac, iOS) and sync gateway - and what I see is that “access()” to channels is being (very very rarely) removed.

Documents are grouped into “books”. Each book has a channel (same as doc.id), and all documents in that book belong to the channel. Each book also has an encryption key that is used to encrypt all documents associated with that book.

Now multiple users can access/sync a book and its documents by being given the encryption key. When that key is stored (in a doctype == "BookKey”), we grant access via the sync function.

if (!isDelete() && doc.type == "BookKey") {
	    //	give the user access to this book when a BookKey record is created
		// Note that "owner" here refers to the owner of THIS book key record, not
		// necessarily the owner of the book who has shared the book with this user.
		// So this next line grants the user (doc.owner) access to the channel (doc.book_id) 
		access(doc.owner, doc.book_id);

Books are created (along with their keys). Books are shared, which means I give you the book id and key, which you save in a BookKey document, which causes the access to be granted, and enables you to decrypt the contents.

The Problem
This works… but very very rarely, the access rights get removed to some or all books for a user. Using the sync_gateway REST interface to query the user record, I can see “all_channels” become nearly empty, when it should list all the books they created or that have been shared with them. That is - the “all_channels” list should at least contain the channels from the BookKey type records in the database at all times. Checking the database, the BookKey records are definitely there, so they haven’t been deleted.

In theory access to a channel is removed only when the document that caused that access is removed (at least that is my understanding). So the fact that those BookKey documents still exist implies the access to the channel should still be there. It isn’t. The BookKey records aren’t tombstones.

There’s no other place I know about where access channels get changed. And there is no other way to revoke access().

Has anyone else seen values in all_channels go away?

p.s. CBLite 2.8.6, Mac and iOS.
SyncGateway 2.8.3 on Ubuntu.

Many thanks for any ideas as to where I could look.

I’ve got a possible avenue of investigation here. All data is modified via sync (changed locally, synced to server and other endpoints). However some rare changes are done via the sync REST interface, and some very rare changes are done via the sync admin REST interface - but never via N1QL. Is it possible that those changes via REST are causing conflicts with syncing?

I’m wondering if I should set enable_shared_bucket_access to true (its currently defaulting to false).

This was a red herring… enable_shared_bucket_access was already true.

Hi Paul, can you provide some info to better understand the context:

  • When you say “become nearly empty” - what were the contents of all_channels at that point?
  • At that time, what documents did you expect to be granting channel access to that user? Did the current revision of those documents still result in the sync function issuing the access grant?

Hi Bruno. Thanks for getting back to me.

Contents Of all_channels
I use channels for grouping data for syncing.
So imagine a user with id = ABC" and access to the books “123”, “456”.

All of a user’s data is added to a channel who the same id as the user id.
Books group all their data in a channel with the same id as their book id.
So user “ABC” has all_channels: “ABC”, “123”, “456”.

What I saw was that admin channels disappeared. For two different users I saw:

  • one had all_channels = “ABC”. This user only had access to their own user info channel. But the BookKey records still exist.
  • one had all_channels = “ABC”, “123”. This user had access to their own channel and 1 book, but lost the rest. But the

Document Granting Channel Access
A user is sent a record that holds keys for a book via an encrypted message. That record includes a book_id and the encryption key for all data related to the book.
The user then inserts a document:

  • type = BookKey
  • book_id = the id
  • key = the encryption key

As you can see from the sync_gateway.json above - inserting the BookKey document grants access to that book.

Am I correct in understanding that deletion of the BookKey document is the proper way to remove access to the channel? Because it seems to work 99.9% of the time.


Hi Paul,

  • Does the app allow for updates on BookKey docs?
  • For the users missing channels, are you able to verify the BookKeys still have the intended owner, type, and book_id?
  • And can you post the actual document contents (redacting sensitive data of course)?


Hi Bruno.

To your questions:

  • no updates. Insert and delete only.
  • Yes, ownership was still correct.

I can’t post data - I decided that s clean start would make sense (I haven’t blown the dev image away for a while). So I deleted everything and am now waiting for the issue to reoccur. Its pretty rare so it might take a while - or perhaps it was some remnant of some bad data? I’m not sure so I’ll be in touch if it does.