adapt readme to new repository

Co-authored-by: Loic B. <lbndev@yahoo.fr>

.github/workflows/release.yaml

@@ -28,7 +28,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: '>=1.23.6'
+          go-version: '>=1.24.8'
 
       # This step usually is not needed because the /ui/dist is pregenerated locally
       # but its here to ensure that each release embeds the latest admin ui artifacts.

.goreleaser.yaml

@@ -13,7 +13,7 @@ builds:
     main: ./examples/base
     binary: pocketbase
     ldflags:
-      - -s -w -X github.com/pocketbase/pocketbase.Version={{ .Version }}
+      - -s -w -X github.com/tabshift-gh/pocketbase.Version={{ .Version }}
     env:
       - CGO_ENABLED=0
     goos:

CHANGELOG.md

@@ -1,3 +1,154 @@
+## v0.30.2
+
+- Bumped min Go GitHub action version to 1.24.8 since it comes with some [minor security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.24.8+label%3ACherryPickApproved).
+
+
+## v0.30.1
+
+- ⚠️ Excluded the `lost+found` directory from the backups ([#7208](https://github.com/pocketbase/pocketbase/pull/7208); thanks @lbndev).
+    _If for some reason you want to keep it, you can restore it by editing the `e.Exclude` list of the `OnBackupCreate` and `OnBackupRestore` hooks._
+
+- Minor tests improvements (disabled initial superuser creation for the test app to avoid cluttering the std output, added more tests for the `s3.Uploader.MaxConcurrency`, etc.).
+
+- Updated `modernc.org/sqlite` and other Go dependencies.
+
+
+## v0.30.0
+
+- Eagerly escape the S3 request path following the same rules as in the S3 signing header ([#7153](https://github.com/pocketbase/pocketbase/issues/7153)).
+
+- Added Lark OAuth2 provider ([#7130](https://github.com/pocketbase/pocketbase/pull/7130); thanks @mashizora).
+
+- Increased test tokens `exp` claim to minimize eventual issues with reproducible builds ([#7123](https://github.com/pocketbase/pocketbase/issues/7123)).
+
+- Added `os.Root` bindings to the JSVM ([`$os.openRoot`](https://pocketbase.io/jsvm/functions/_os.openRoot.html), [`$os.openInRoot`](https://pocketbase.io/jsvm/functions/_os.openInRoot.html)).
+
+- Added `osutils.IsProbablyGoRun()` helper to loosely check if the program was started using `go run`.
+
+- Various minor UI improvements (updated collections indexes UI, enabled seconds in the datepicker, updated helper texts, etc.).
+
+- ⚠️ Updated the minimum package Go version to 1.24.0 and bumped Go dependencies.
+
+
+## v0.29.3
+
+- Try to forward Apple OAuth2 POST redirect user's name so that it can be returned (and eventually assigned) with the success response of the all-in-one auth call ([#7090](https://github.com/pocketbase/pocketbase/issues/7090)).
+
+- Fixed `RateLimitRule.Audience` code comment ([#7098](https://github.com/pocketbase/pocketbase/pull/7098); thanks @iustin05).
+
+- Mocked `syscall.Exec` when building for WASM ([#7116](https://github.com/pocketbase/pocketbase/pull/7116); thanks @joas8211).
+    _Note that WASM is not officially supported PocketBase build target and many things may not work as expected._
+
+- Registered missing `$filesystem`, `$mails`, `$template` and `__hooks` bindings in the JSVM migrations ([#7125](https://github.com/pocketbase/pocketbase/issues/7125)).
+
+- Regenerated JSVM types to include methods from structs with single generic parameter.
+
+- Updated Go dependencies.
+
+
+## v0.29.2
+
+- Bumped min Go GitHub action version to 1.23.12 since it comes with some [minor fixes for the runtime and `database/sql` package](https://github.com/golang/go/issues?q=milestone%3AGo1.23.12+label%3ACherryPickApproved).
+
+
+## v0.29.1
+
+- Updated the X/Twitter provider to return the `confirmed_email` field and to use the `x.com` domain ([#7035](https://github.com/pocketbase/pocketbase/issues/7035)).
+
+- Added Box.com OAuth2 provider ([#7056](https://github.com/pocketbase/pocketbase/pull/7056); thanks @blakepatteson).
+
+- Updated `modernc.org/sqlite` to 1.38.2 (SQLite 3.50.3).
+
+- Fixed example List API response ([#7049](https://github.com/pocketbase/pocketbase/pull/7049); thanks @williamtguerra).
+
+
+## v0.29.0
+
+- Enabled calling the `/auth-refresh` endpoint with nonrenewable tokens.
+    _When used with nonrenewable tokens (e.g. impersonate) the endpoint will simply return the same token with the up-to-date user data associated with it._
+
+- Added the triggered rate rimit rule in the error log `details`.
+
+- Added optional `ServeEvent.Listener` field to initialize a custom network listener (e.g. `unix`) instead of the default `tcp` ([#3233](https://github.com/pocketbase/pocketbase/discussions/3233)).
+
+- Fixed request data unmarshalization for the `DynamicModel` array/object fields ([#7022](https://github.com/pocketbase/pocketbase/discussions/7022)).
+
+- Fixed Dashboard page title `-` escaping ([#6982](https://github.com/pocketbase/pocketbase/issues/6982)).
+
+- Other minor improvements (updated first superuser console text when running with `go run`, clarified trusted IP proxy header label, wrapped the backup restore in a transaction as an extra precaution, updated deps, etc.).
+
+
+## v0.28.4
+
+- Added global JSVM `toBytes()` helper to return the bytes slice representation of a value such as io.Reader or string, _other types are first serialized to Go string_ ([#6935](https://github.com/pocketbase/pocketbase/issues/6935)).
+
+- Fixed `security.RandomStringByRegex` random distribution ([#6947](https://github.com/pocketbase/pocketbase/pull/6947); thanks @yerTools).
+
+- Minor docs and typos fixes.
+
+
+## v0.28.3
+
+- Skip sending empty `Range` header when fetching blobs from S3 ([#6914](https://github.com/pocketbase/pocketbase/pull/6914)).
+
+- Updated Go deps and particularly `modernc.org/sqlite` to 1.38.0 (SQLite 3.50.1).
+
+- Bumped GitHub action min Go version to 1.23.10 as it comes with some [minor security `net/http` fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.23.10+label%3ACherryPickApproved).
+
+
+## v0.28.2
+
+- Loaded latin-ext charset for the default text fonts ([#6869](https://github.com/pocketbase/pocketbase/issues/6869)).
+
+- Updated view query CAST regex to properly recognize multiline expressions ([#6860](https://github.com/pocketbase/pocketbase/pull/6860); thanks @azat-ismagilov).
+
+- Updated Go and npm dependencies.
+
+
+## v0.28.1
+
+- Fixed `json_each`/`json_array_length` normalizations to properly check for array values ([#6835](https://github.com/pocketbase/pocketbase/issues/6835)).
+
+
+## v0.28.0
+
+- Write the default response body of `*Request` hooks that are wrapped in a transaction after the related transaction completes to allow propagating the transaction error ([#6462](https://github.com/pocketbase/pocketbase/discussions/6462#discussioncomment-12207818)).
+
+- Updated `app.DB()` to automatically routes raw write SQL statements to the nonconcurrent db pool ([#6689](https://github.com/pocketbase/pocketbase/discussions/6689)).
+    _For the rare cases when it is needed users still have the option to explicitly target the specific pool they want using `app.ConcurrentDB()`/`app.NonconcurrentDB()`._
+
+- ⚠️ Changed the default `json` field max size to 1MB.
+    _Users still have the option to adjust the default limit from the collection field options but keep in mind that storing large strings/blobs in the database is known to cause performance issues and should be avoided when possible._
+
+- ⚠️ Soft-deprecated and replaced `filesystem.System.GetFile(fileKey)` with `filesystem.System.GetReader(fileKey)` to avoid the confusion with `filesystem.File`.
+    _The old method will still continue to work for at least until v0.29.0 but you'll get a console warning to replace it with `GetReader`._
+
+- Added new `filesystem.System.GetReuploadableFile(fileKey, preserveName)` method to return an existing blob as a `*filesystem.File` value ([#6792](https://github.com/pocketbase/pocketbase/discussions/6792)).
+    _This method could be useful in case you want to clone an existing Record file and assign it to a new Record (e.g. in a Record duplicate action)._
+
+- Other minor improvements (updated the GitHub release min Go version to 1.23.9, updated npm and Go deps, etc.)
+
+
+## v0.27.2
+
+- Added workers pool when cascade deleting record files to minimize _"thread exhaustion"_ errors ([#6780](https://github.com/pocketbase/pocketbase/discussions/6780)).
+
+- Updated the `:excerpt` fields modifier to properly account for multibyte characters ([#6778](https://github.com/pocketbase/pocketbase/issues/6778)).
+
+- Use `rowid` as count column for non-view collections to minimize the need of having the id field in a covering index ([#6739](https://github.com/pocketbase/pocketbase/discussions/6739))
+
+
+## v0.27.1
+
+- Updated example `geoPoint` API preview body data.
+
+- Added JSVM `new GeoPointField({ ... })` constructor.
+
+- Added _partial_ WebP thumbs generation (_the thumbs will be stored as PNG_; [#6744](https://github.com/pocketbase/pocketbase/pull/6744)).
+
+- Updated npm dev dependencies.
+
+
 ## v0.27.0
 
 - ⚠️ Moved the Create and Manage API rule checks out of the `OnRecordCreateRequest` hook finalizer, **aka. now all CRUD API rules are checked BEFORE triggering their corresponding `*Request` hook**.
@@ -424,7 +575,7 @@ There are a lot of changes but to highlight some of the most notable ones:
 - Admins are now system `_superusers` auth records.
 - Builtin rate limiter (_supports tags, wildcards and exact routes matching_).
 - Batch/transactional Web API endpoint.
-- Impersonate Web API endpoint (_it could be also used for generating fixed/non-refreshable superuser tokens, aka. "API keys"_).
+- Impersonate Web API endpoint (_it could be also used for generating fixed/nonrenewable superuser tokens, aka. "API keys"_).
 - Support for custom user request activity log attributes.
 - One-Time Password (OTP) auth method (_via email code_).
 - Multi-Factor Authentication (MFA) support (_currently requires any 2 different auth methods to be used_).

CHANGELOG_16_22.md

@@ -2,6 +2,16 @@
 > For the most recent versions, please refer to [CHANGELOG.md](./CHANGELOG.md)
 ---
 
+## v0.22.36
+
+- (_Backported from v0.30.2_) Bumped min Go GitHub action version to 1.24.8 since it comes with some [minor security fixes](https://github.com/golang/go/issues?q=milestone%3AGo1.24.8+label%3ACherryPickApproved).
+
+
+## v0.22.35
+
+- (_Backported from v0.29.2_) Bumped min Go GitHub action version to 1.23.12 since it comes with some [minor fixes for the runtime and `database/sql` package](https://github.com/golang/go/issues?q=milestone%3AGo1.23.12+label%3ACherryPickApproved).
+
+
 ## v0.22.34
 
 - (_Backported from v0.26.6_) Allow OIDC `email_verified` to be int or boolean string since some OIDC providers like AWS Cognito has non-standard userinfo response ([#6657](https://github.com/pocketbase/pocketbase/pull/6657)).

README.md

@@ -5,9 +5,9 @@
 </p>
 
 <p align="center">
-    <a href="https://github.com/pocketbase/pocketbase/actions/workflows/release.yaml" target="_blank" rel="noopener"><img src="https://github.com/pocketbase/pocketbase/actions/workflows/release.yaml/badge.svg" alt="build" /></a>
-    <a href="https://github.com/pocketbase/pocketbase/releases" target="_blank" rel="noopener"><img src="https://img.shields.io/github/release/pocketbase/pocketbase.svg" alt="Latest releases" /></a>
-    <a href="https://pkg.go.dev/github.com/pocketbase/pocketbase" target="_blank" rel="noopener"><img src="https://godoc.org/github.com/pocketbase/pocketbase?status.svg" alt="Go package documentation" /></a>
+    <a href="https://github.com/pocketbase/pocketbase/actions/workflows/release.yaml" target="_blank" rel="noopener"><img src="https://github.com/tabshift-gh/pocketbase/actions/workflows/release.yaml/badge.svg" alt="build" /></a>
+    <a href="https://github.com/tabshift-gh/pocketbase/releases" target="_blank" rel="noopener"><img src="https://img.shields.io/github/release/tabshift-gh/pocketbase.svg" alt="Latest releases" /></a>
+    <a href="https://pkg.go.dev/github.com/pocketbase/pocketbase" target="_blank" rel="noopener"><img src="https://godoc.org/github.com/tabshift-gh/pocketbase?status.svg" alt="Go package documentation" /></a>
 </p>
 
 [PocketBase](https://pocketbase.io) is an open source Go backend that includes:
@@ -17,6 +17,12 @@
 - convenient **Admin dashboard UI**
 - and simple **REST-ish API**
 
+> [!NOTE]
+> This is a fork of the great [pocketbase/pocketbase][] repository adapted for
+> Tabshift's purposes.
+
+[pocketbase/pocketbase]: https://github.com/pocketbase/pocketbase
+
 **For documentation and examples, please visit https://pocketbase.io/docs.**
 
 > [!WARNING]
@@ -32,7 +38,6 @@ The easiest way to interact with the PocketBase Web APIs is to use one of the of
 
 You could also check the recommendations in https://pocketbase.io/docs/how-to-use/.
 
-
 ## Overview
 
 ### Use as standalone app
@@ -52,33 +57,34 @@ Here is a minimal example:
 0. [Install Go 1.23+](https://go.dev/doc/install) (_if you haven't already_)
 
 1. Create a new project directory with the following `main.go` file inside it:
-    ```go
-    package main
 
-    import (
-        "log"
+   ```go
+   package main
 
-        "github.com/pocketbase/pocketbase"
-        "github.com/pocketbase/pocketbase/core"
-    )
+   import (
+       "log"
 
-    func main() {
-        app := pocketbase.New()
+       "github.com/pocketbase/pocketbase"
+       "github.com/pocketbase/pocketbase/core"
+   )
 
-        app.OnServe().BindFunc(func(se *core.ServeEvent) error {
-            // registers new "GET /hello" route
-            se.Router.GET("/hello", func(re *core.RequestEvent) error {
-                return re.String(200, "Hello world!")
-            })
+   func main() {
+       app := pocketbase.New()
 
-            return se.Next()
-        })
+       app.OnServe().BindFunc(func(se *core.ServeEvent) error {
+           // registers new "GET /hello" route
+           se.Router.GET("/hello", func(re *core.RequestEvent) error {
+               return re.String(200, "Hello world!")
+           })
 
-        if err := app.Start(); err != nil {
-            log.Fatal(err)
-        }
-    }
-    ```
+           return se.Next()
+       })
+
+       if err := app.Start(); err != nil {
+           log.Fatal(err)
+       }
+   }
+   ```
 
 2. To init the dependencies, run `go mod init myapp && go mod tidy`.
 
@@ -110,9 +116,11 @@ linux   386
 linux   amd64
 linux   arm
 linux   arm64
+linux   loong64
 linux   ppc64le
 linux   riscv64
 linux   s390x
+windows 386
 windows amd64
 windows arm64
 ```

apis/api_error_aliases.go

@@ -1,6 +1,6 @@
 package apis
 
-import "github.com/pocketbase/pocketbase/tools/router"
+import "github.com/tabshift-gh/pocketbase/tools/router"
 
 // ApiError aliases to minimize the breaking changes with earlier versions
 // and for consistency with the JSVM binds.

apis/backup.go

@@ -6,10 +6,10 @@ import (
 	"path/filepath"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/routine"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 	"github.com/spf13/cast"
 )
 

apis/backup_create.go

@@ -6,7 +6,7 @@ import (
 	"regexp"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/core"
 )
 
 func backupCreate(e *core.RequestEvent) error {

apis/backup_test.go

@@ -10,10 +10,10 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/filesystem/blob"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem/blob"
 )
 
 func TestBackupsList(t *testing.T) {

apis/backup_upload.go

@@ -4,9 +4,9 @@ import (
 	"net/http"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/core/validators"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/core/validators"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
 )
 
 func backupUpload(e *core.RequestEvent) error {

apis/base.go

@@ -8,8 +8,8 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 // StaticWildcardParam is the name of Static handler wildcard parameter.

apis/base_test.go

@@ -8,10 +8,10 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 func TestWrapStdHandler(t *testing.T) {

apis/batch.go

@@ -15,10 +15,10 @@ import (
 	"time"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 	"github.com/spf13/cast"
 )
 
@@ -49,7 +49,7 @@ var ValidBatchActions = map[*regexp.Regexp]BatchActionHandlerFunc{
 				params["id"] = id // required for the path value
 				ir.Method = "PATCH"
 				ir.URL = "/api/collections/" + params["collection"] + "/records/" + id + params["query"]
-				return recordUpdate(next)
+				return recordUpdate(false, next)
 			}
 		}
 
@@ -57,16 +57,16 @@ var ValidBatchActions = map[*regexp.Regexp]BatchActionHandlerFunc{
 		// ---
 		ir.Method = "POST"
 		ir.URL = "/api/collections/" + params["collection"] + "/records" + params["query"]
-		return recordCreate(next)
+		return recordCreate(false, next)
 	},
 	regexp.MustCompile(`^POST /api/collections/(?P<collection>[^\/\?]+)/records(\?.*)?$`): func(app core.App, ir *core.InternalRequest, params map[string]string, next func(any) error) HandleFunc {
-		return recordCreate(next)
+		return recordCreate(false, next)
 	},
 	regexp.MustCompile(`^PATCH /api/collections/(?P<collection>[^\/\?]+)/records/(?P<id>[^\/\?]+)(\?.*)?$`): func(app core.App, ir *core.InternalRequest, params map[string]string, next func(any) error) HandleFunc {
-		return recordUpdate(next)
+		return recordUpdate(false, next)
 	},
 	regexp.MustCompile(`^DELETE /api/collections/(?P<collection>[^\/\?]+)/records/(?P<id>[^\/\?]+)(\?.*)?$`): func(app core.App, ir *core.InternalRequest, params map[string]string, next func(any) error) HandleFunc {
-		return recordDelete(next)
+		return recordDelete(false, next)
 	},
 }
 

apis/batch_test.go

@@ -6,9 +6,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 func TestBatchRequest(t *testing.T) {

apis/collection.go

@@ -6,9 +6,10 @@ import (
 	"strings"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/search"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/search"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 )
 
 // bindCollectionApi registers the collection api endpoints and the corresponding handlers.
@@ -45,7 +46,9 @@ func collectionsList(e *core.RequestEvent) error {
 	event.Result = result
 
 	return event.App.OnCollectionsListRequest().Trigger(event, func(e *core.CollectionsListRequestEvent) error {
-		return e.JSON(http.StatusOK, e.Result)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, e.Result)
+		})
 	})
 }
 
@@ -60,7 +63,9 @@ func collectionView(e *core.RequestEvent) error {
 	event.Collection = collection
 
 	return e.App.OnCollectionViewRequest().Trigger(event, func(e *core.CollectionRequestEvent) error {
-		return e.JSON(http.StatusOK, e.Collection)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, e.Collection)
+		})
 	})
 }
 
@@ -98,7 +103,9 @@ func collectionCreate(e *core.RequestEvent) error {
 			return e.BadRequestError("Failed to create collection. Raw error: \n"+err.Error(), nil)
 		}
 
-		return e.JSON(http.StatusOK, e.Collection)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, e.Collection)
+		})
 	})
 }
 
@@ -128,7 +135,9 @@ func collectionUpdate(e *core.RequestEvent) error {
 			return e.BadRequestError("Failed to update collection. Raw error: \n"+err.Error(), nil)
 		}
 
-		return e.JSON(http.StatusOK, e.Collection)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, e.Collection)
+		})
 	})
 }
 
@@ -159,7 +168,9 @@ func collectionDelete(e *core.RequestEvent) error {
 			return e.BadRequestError(msg, err)
 		}
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 
@@ -182,14 +193,16 @@ func collectionTruncate(e *core.RequestEvent) error {
 }
 
 func collectionScaffolds(e *core.RequestEvent) error {
+	randomId := security.RandomStringWithAlphabet(10, core.DefaultIdAlphabet) // could be used as part of the default indexes name
+
 	collections := map[string]*core.Collection{
-		core.CollectionTypeBase: core.NewBaseCollection(""),
-		core.CollectionTypeAuth: core.NewAuthCollection(""),
-		core.CollectionTypeView: core.NewViewCollection(""),
+		core.CollectionTypeBase: core.NewBaseCollection("", randomId),
+		core.CollectionTypeAuth: core.NewAuthCollection("", randomId),
+		core.CollectionTypeView: core.NewViewCollection("", randomId),
 	}
 
 	for _, c := range collections {
-		c.Id = "" // clear autogenerated id
+		c.Id = "" // clear random id
 	}
 
 	return e.JSON(http.StatusOK, collections)

apis/collection_import.go

@@ -5,7 +5,7 @@ import (
 	"net/http"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/core"
 )
 
 func collectionsImport(e *core.RequestEvent) error {
@@ -29,7 +29,9 @@ func collectionsImport(e *core.RequestEvent) error {
 	return event.App.OnCollectionsImportRequest().Trigger(event, func(e *core.CollectionsImportRequestEvent) error {
 		importErr := e.App.ImportCollections(e.CollectionsData, form.DeleteMissing)
 		if importErr == nil {
-			return e.NoContent(http.StatusNoContent)
+			return execAfterSuccessTx(true, e.App, func() error {
+				return e.NoContent(http.StatusNoContent)
+			})
 		}
 
 		// validation failure

apis/collection_import_test.go

@@ -6,8 +6,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestCollectionsImport(t *testing.T) {
@@ -316,6 +316,51 @@ func TestCollectionsImport(t *testing.T) {
 				}
 			},
 		},
+		{
+			Name:   "OnCollectionsImportRequest tx body write check",
+			Method: http.MethodPut,
+			URL:    "/api/collections/import",
+			Body: strings.NewReader(`{
+				"deleteMissing": true,
+				"collections":[
+					{"name": "test123"},
+					{
+						"id":"wsmn24bux7wo113",
+						"name":"demo1",
+						"fields":[
+							{
+								"id":"_2hlxbmp",
+								"name":"title",
+								"type":"text",
+								"required":true
+							}
+						],
+						"indexes": []
+					}
+				]
+			}`),
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnCollectionsImportRequest().BindFunc(func(e *core.CollectionsImportRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnCollectionsImportRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 	}
 
 	for _, scenario := range scenarios {

apis/collection_test.go

@@ -1,7 +1,6 @@
 package apis_test
 
 import (
-	"errors"
 	"net/http"
 	"os"
 	"path/filepath"
@@ -9,9 +8,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/list"
 )
 
 func TestCollectionsList(t *testing.T) {
@@ -130,6 +129,32 @@ func TestCollectionsList(t *testing.T) {
 				"OnCollectionsListRequest": 1,
 			},
 		},
+		{
+			Name:   "OnCollectionsListRequest tx body write check",
+			Method: http.MethodGet,
+			URL:    "/api/collections",
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnCollectionsListRequest().BindFunc(func(e *core.CollectionsListRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnCollectionsListRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 	}
 
 	for _, scenario := range scenarios {
@@ -205,6 +230,32 @@ func TestCollectionView(t *testing.T) {
 				"OnCollectionViewRequest": 1,
 			},
 		},
+		{
+			Name:   "OnCollectionViewRequest tx body write check",
+			Method: http.MethodGet,
+			URL:    "/api/collections/wsmn24bux7wo113",
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnCollectionViewRequest().BindFunc(func(e *core.CollectionRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnCollectionViewRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 	}
 
 	for _, scenario := range scenarios {
@@ -361,7 +412,7 @@ func TestCollectionDelete(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnCollectionAfterDeleteSuccessRequest error response",
+			Name:   "OnCollectionDeleteRequest tx body write check",
 			Method: http.MethodDelete,
 			URL:    "/api/collections/view2",
 			Headers: map[string]string{
@@ -369,15 +420,22 @@ func TestCollectionDelete(t *testing.T) {
 			},
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnCollectionDeleteRequest().BindFunc(func(e *core.CollectionRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                         0,
-				"OnCollectionDeleteRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnCollectionDeleteRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 	}
 
@@ -656,7 +714,7 @@ func TestCollectionCreate(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnCollectionCreateRequest error response",
+			Name:   "OnCollectionCreateRequest tx body write check",
 			Method: http.MethodPost,
 			URL:    "/api/collections",
 			Body:   strings.NewReader(`{"name":"new","type":"base"}`),
@@ -665,15 +723,22 @@ func TestCollectionCreate(t *testing.T) {
 			},
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnCollectionCreateRequest().BindFunc(func(e *core.CollectionRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                         0,
-				"OnCollectionCreateRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnCollectionCreateRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 
 		// view
@@ -978,7 +1043,7 @@ func TestCollectionUpdate(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnCollectionAfterUpdateSuccessRequest error response",
+			Name:   "OnCollectionUpdateRequest tx body write check",
 			Method: http.MethodPatch,
 			URL:    "/api/collections/demo1",
 			Body:   strings.NewReader(`{}`),
@@ -987,15 +1052,22 @@ func TestCollectionUpdate(t *testing.T) {
 			},
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnCollectionUpdateRequest().BindFunc(func(e *core.CollectionRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                         0,
-				"OnCollectionUpdateRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnCollectionUpdateRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 		{
 			Name:   "authorized as superuser + invalid data (eg. existing name)",

apis/cron.go

@@ -5,10 +5,10 @@ import (
 	"slices"
 	"strings"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/cron"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/cron"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
 )
 
 // bindCronApi registers the crons api endpoint.

apis/cron_test.go

@@ -5,8 +5,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 	"github.com/spf13/cast"
 )
 

apis/file.go

@@ -10,16 +10,16 @@ import (
 	"runtime"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
-	"github.com/pocketbase/pocketbase/tools/list"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 	"github.com/spf13/cast"
 	"golang.org/x/sync/semaphore"
 	"golang.org/x/sync/singleflight"
 )
 
-var imageContentTypes = []string{"image/png", "image/jpg", "image/jpeg", "image/gif"}
+var imageContentTypes = []string{"image/png", "image/jpg", "image/jpeg", "image/gif", "image/webp"}
 var defaultThumbSizes = []string{"100x100"}
 
 // bindFileApi registers the file api endpoints and the corresponding handlers.
@@ -75,8 +75,8 @@ func (api *fileApi) fileToken(e *core.RequestEvent) error {
 	event.Record = e.Auth
 
 	return e.App.OnFileTokenRequest().Trigger(event, func(e *core.FileTokenRequestEvent) error {
-		return e.JSON(http.StatusOK, map[string]string{
-			"token": e.Token,
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, map[string]string{"token": e.Token})
 		})
 	})
 }
@@ -192,7 +192,10 @@ func (api *fileApi) download(e *core.RequestEvent) error {
 	e.Response.Header().Del("X-Frame-Options")
 
 	return e.App.OnFileDownloadRequest().Trigger(event, func(e *core.FileDownloadRequestEvent) error {
-		if err := fsys.Serve(e.Response, e.Request, e.ServedPath, e.ServedName); err != nil {
+		err = execAfterSuccessTx(true, e.App, func() error {
+			return fsys.Serve(e.Response, e.Request, e.ServedPath, e.ServedName)
+		})
+		if err != nil {
 			return e.NotFoundError("", err)
 		}
 

apis/file_test.go

@@ -10,10 +10,10 @@ import (
 	"sync"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestFileToken(t *testing.T) {

apis/health.go

@@ -4,8 +4,8 @@ import (
 	"net/http"
 	"slices"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 // bindHealthApi registers the health api endpoint.

apis/health_test.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestHealthAPI(t *testing.T) {

apis/installer.go

@@ -10,8 +10,8 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/osutils"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/osutils"
 )
 
 // DefaultInstallerFunc is the default PocketBase installer function.
@@ -20,7 +20,7 @@ import (
 // token for the systemSuperuser) to the installer UI so that users can
 // create their own custom superuser record.
 //
-// See https://github.com/pocketbase/pocketbase/discussions/5814.
+// See https://github.com/tabshift-gh/pocketbase/discussions/5814.
 func DefaultInstallerFunc(app core.App, systemSuperuser *core.Record, baseURL string) error {
 	token, err := systemSuperuser.NewStaticAuthToken(30 * time.Minute)
 	if err != nil {
@@ -32,7 +32,7 @@ func DefaultInstallerFunc(app core.App, systemSuperuser *core.Record, baseURL st
 	_ = osutils.LaunchURL(url)
 	color.Magenta("\n(!) Launch the URL below in the browser if it hasn't been open already to create your first superuser account:")
 	color.New(color.Bold).Add(color.FgCyan).Println(url)
-	color.New(color.FgHiBlack, color.Italic).Printf("(you can also create your first superuser by running: %s superuser upsert EMAIL PASS)\n\n", os.Args[0])
+	color.New(color.FgHiBlack, color.Italic).Printf("(you can also create your first superuser by running: %s superuser upsert EMAIL PASS)\n\n", executablePath())
 
 	return nil
 }
@@ -86,3 +86,11 @@ func findOrCreateInstallerSuperuser(app core.App) (*core.Record, error) {
 
 	return record, nil
 }
+
+func executablePath() string {
+	if osutils.IsProbablyGoRun() {
+		return "go run ."
+	}
+
+	return os.Args[0]
+}

apis/logs.go

@@ -4,9 +4,9 @@ import (
 	"net/http"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/search"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/search"
 )
 
 // bindLogsApi registers the request logs api endpoints.

apis/logs_test.go

@@ -4,8 +4,8 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestLogsList(t *testing.T) {

apis/middlewares.go

@@ -11,11 +11,11 @@ import (
 	"strings"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/list"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
 	"github.com/spf13/cast"
 )
 
@@ -365,11 +365,25 @@ func logRequest(event *core.RequestEvent, err error) {
 
 	// parse the request error
 	if err != nil {
-		if apiErr, ok := err.(*router.ApiError); ok {
-			status = apiErr.Status
+		apiErr, isPlainApiError := err.(*router.ApiError)
+		if isPlainApiError || errors.As(err, &apiErr) {
+			// the status header wasn't written yet
+			if status == 0 {
+				status = apiErr.Status
+			}
+
+			var errMsg string
+			if isPlainApiError {
+				errMsg = apiErr.Message
+			} else {
+				// wrapped ApiError -> add the full serialized version
+				// of the original error since it could contain more information
+				errMsg = err.Error()
+			}
+
 			attrs = append(
 				attrs,
-				slog.String("error", apiErr.Message),
+				slog.String("error", errMsg),
 				slog.Any("details", apiErr.RawData()),
 			)
 		} else {

apis/middlewares_body_limit.go

@@ -4,9 +4,9 @@ import (
 	"io"
 	"net/http"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 var ErrRequestEntityTooLarge = router.NewApiError(http.StatusRequestEntityTooLarge, "Request entity too large", nil)

apis/middlewares_body_limit_test.go

@@ -6,9 +6,9 @@ import (
 	"net/http/httptest"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestBodyLimitMiddleware(t *testing.T) {

apis/middlewares_cors.go

@@ -19,8 +19,8 @@ import (
 	"strconv"
 	"strings"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
 )
 
 const (

apis/middlewares_gzip.go

@@ -17,9 +17,9 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 const (

apis/middlewares_rate_limit.go

@@ -1,12 +1,13 @@
 package apis
 
 import (
+	"errors"
 	"sync"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/store"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/store"
 )
 
 const (
@@ -167,7 +168,7 @@ func checkRateLimit(e *core.RequestEvent, rtId string, rule core.RateLimitRule)
 	}
 
 	if !rt.isAllowed(key) {
-		return e.TooManyRequestsError("", nil)
+		return e.TooManyRequestsError("", errors.New("triggered rate limit rule: "+rule.String()))
 	}
 
 	return nil

apis/middlewares_rate_limit_test.go

@@ -5,9 +5,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestDefaultRateLimitMiddleware(t *testing.T) {
@@ -118,7 +118,7 @@ func TestDefaultRateLimitMiddleware(t *testing.T) {
 		{"/rate/guest", 0, false, 429},
 
 		// "guest" rule with regular user (should fallback to the /rate/ rule)
-		{"/rate/guest", 1, true, 200},
+		{"/rate/guest", 1.1, true, 200},
 		{"/rate/guest", 0, true, 200},
 		{"/rate/guest", 0, true, 429},
 		{"/rate/guest", 0, true, 429},

apis/middlewares_test.go

@@ -4,9 +4,9 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestPanicRecover(t *testing.T) {

apis/realtime.go

@@ -12,13 +12,13 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/picker"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/routine"
-	"github.com/pocketbase/pocketbase/tools/search"
-	"github.com/pocketbase/pocketbase/tools/subscriptions"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/picker"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/tools/search"
+	"github.com/tabshift-gh/pocketbase/tools/subscriptions"
 	"golang.org/x/sync/errgroup"
 )
 
@@ -57,7 +57,7 @@ func realtimeConnect(e *core.RequestEvent) error {
 
 	e.Response.Header().Set("Content-Type", "text/event-stream")
 	e.Response.Header().Set("Cache-Control", "no-store")
-	// https://github.com/pocketbase/pocketbase/discussions/480#discussioncomment-3657640
+	// https://github.com/tabshift-gh/pocketbase/discussions/480#discussioncomment-3657640
 	// https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering
 	e.Response.Header().Set("X-Accel-Buffering", "no")
 
@@ -213,7 +213,9 @@ func realtimeSetSubscriptions(e *core.RequestEvent) error {
 			slog.Any("subscriptions", e.Subscriptions),
 		)
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 
@@ -756,7 +758,7 @@ func realtimeCanAccessRecord(
 
 	var exists int
 
-	q := app.DB().Select("(1)").
+	q := app.ConcurrentDB().Select("(1)").
 		From(record.Collection().Name).
 		AndWhere(dbx.HashExp{record.Collection().Name + ".id": record.Id})
 

apis/realtime_test.go

@@ -13,11 +13,11 @@ import (
 	"time"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/subscriptions"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/subscriptions"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestRealtimeConnect(t *testing.T) {

apis/record_auth.go

@@ -1,8 +1,8 @@
 package apis
 
 import (
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 // bindRecordAuthApi registers the auth record api endpoints and

apis/record_auth_email_change_confirm.go

@@ -4,8 +4,8 @@ import (
 	"net/http"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 )
 
 func recordConfirmEmailChange(e *core.RequestEvent) error {
@@ -45,7 +45,9 @@ func recordConfirmEmailChange(e *core.RequestEvent) error {
 			return firstApiError(err, e.BadRequestError("Failed to confirm email change.", err))
 		}
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 

apis/record_auth_email_change_confirm_test.go

@@ -1,13 +1,12 @@
 package apis_test
 
 import (
-	"errors"
 	"net/http"
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordConfirmEmailChange(t *testing.T) {
@@ -136,7 +135,7 @@ func TestRecordConfirmEmailChange(t *testing.T) {
 			ExpectedEvents: map[string]int{"*": 0},
 		},
 		{
-			Name:   "OnRecordAfterConfirmEmailChangeRequest error response",
+			Name:   "OnRecordConfirmEmailChangeRequest tx body write check",
 			Method: http.MethodPost,
 			URL:    "/api/collections/users/confirm-email-change",
 			Body: strings.NewReader(`{
@@ -145,15 +144,22 @@ func TestRecordConfirmEmailChange(t *testing.T) {
 			}`),
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordConfirmEmailChangeRequest().BindFunc(func(e *core.RecordConfirmEmailChangeRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                                 0,
-				"OnRecordConfirmEmailChangeRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordConfirmEmailChangeRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 
 		// rate limit checks

apis/record_auth_email_change_request.go

@@ -5,8 +5,8 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/mails"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/mails"
 )
 
 func recordRequestEmailChange(e *core.RequestEvent) error {
@@ -43,7 +43,9 @@ func recordRequestEmailChange(e *core.RequestEvent) error {
 			return firstApiError(err, e.BadRequestError("Failed to request email change.", err))
 		}
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 

apis/record_auth_email_change_request_test.go

@@ -5,8 +5,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordRequestEmailChange(t *testing.T) {
@@ -118,6 +118,33 @@ func TestRecordRequestEmailChange(t *testing.T) {
 				}
 			},
 		},
+		{
+			Name:   "OnRecordRequestEmailChangeRequest tx body write check",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/request-email-change",
+			Body:   strings.NewReader(`{"newEmail":"change@example.com"}`),
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnRecordRequestEmailChangeRequest().BindFunc(func(e *core.RecordRequestEmailChangeRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordRequestEmailChangeRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 
 		// rate limit checks
 		// -----------------------------------------------------------

apis/record_auth_impersonate.go

@@ -4,7 +4,7 @@ import (
 	"time"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/core"
 )
 
 // note: for now allow superusers but it may change in the future to allow access
@@ -26,10 +26,10 @@ func recordAuthImpersonate(e *core.RequestEvent) error {
 
 	form := &impersonateForm{}
 	if err = e.BindBody(form); err != nil {
-		return firstApiError(err, e.BadRequestError("An error occurred while loading the submitted data.", err))
+		return e.BadRequestError("An error occurred while loading the submitted data.", err)
 	}
 	if err = form.validate(); err != nil {
-		return firstApiError(err, e.BadRequestError("An error occurred while validating the submitted data.", err))
+		return e.BadRequestError("An error occurred while validating the submitted data.", err)
 	}
 
 	token, err := record.NewStaticAuthToken(time.Duration(form.Duration) * time.Second)

apis/record_auth_impersonate_test.go

@@ -5,7 +5,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordAuthImpersonate(t *testing.T) {

apis/record_auth_methods.go

@@ -5,9 +5,9 @@ import (
 	"net/http"
 	"slices"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/auth"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/auth"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 	"golang.org/x/oauth2"
 )
 

apis/record_auth_methods_test.go

@@ -4,8 +4,8 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordAuthMethodsList(t *testing.T) {

apis/record_auth_otp_request.go

@@ -8,10 +8,10 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/mails"
-	"github.com/pocketbase/pocketbase/tools/routine"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/mails"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 )
 
 func recordRequestOTP(e *core.RequestEvent) error {
@@ -108,8 +108,8 @@ func recordRequestOTP(e *core.RequestEvent) error {
 			})
 		}
 
-		return e.JSON(http.StatusOK, map[string]string{
-			"otpId": otp.Id,
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, map[string]string{"otpId": otp.Id})
 		})
 	})
 }

apis/record_auth_otp_request_test.go

@@ -7,9 +7,9 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestRecordRequestOTP(t *testing.T) {
@@ -247,6 +247,31 @@ func TestRecordRequestOTP(t *testing.T) {
 				}
 			},
 		},
+		{
+			Name:   "OnRecordRequestOTPRequest tx body write check",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/request-otp",
+			Body:   strings.NewReader(`{"email":"test@example.com"}`),
+			Delay:  100 * time.Millisecond,
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnRecordRequestOTPRequest().BindFunc(func(e *core.RecordCreateOTPRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordRequestOTPRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 
 		// rate limit checks
 		// -----------------------------------------------------------

apis/record_auth_password_reset_confirm.go

@@ -4,9 +4,9 @@ import (
 	"net/http"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/core/validators"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/core/validators"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 	"github.com/spf13/cast"
 )
 
@@ -54,7 +54,9 @@ func recordConfirmPasswordReset(e *core.RequestEvent) error {
 
 		e.App.Store().Remove(getPasswordResetResendKey(authRecord))
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 

apis/record_auth_password_reset_confirm_test.go

@@ -1,13 +1,12 @@
 package apis_test
 
 import (
-	"errors"
 	"net/http"
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordConfirmPasswordReset(t *testing.T) {
@@ -282,7 +281,7 @@ func TestRecordConfirmPasswordReset(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnRecordAfterConfirmPasswordResetRequest error response",
+			Name:   "OnRecordConfirmPasswordResetRequest tx body write check",
 			Method: http.MethodPost,
 			URL:    "/api/collections/users/confirm-password-reset",
 			Body: strings.NewReader(`{
@@ -292,15 +291,22 @@ func TestRecordConfirmPasswordReset(t *testing.T) {
 			}`),
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordConfirmPasswordResetRequest().BindFunc(func(e *core.RecordConfirmPasswordResetRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                                   0,
-				"OnRecordConfirmPasswordResetRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordConfirmPasswordResetRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 
 		// rate limit checks

apis/record_auth_password_reset_request.go

@@ -8,9 +8,9 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/mails"
-	"github.com/pocketbase/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/mails"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
 )
 
 func recordRequestPasswordReset(e *core.RequestEvent) error {
@@ -65,7 +65,9 @@ func recordRequestPasswordReset(e *core.RequestEvent) error {
 			})
 		})
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 

apis/record_auth_password_reset_request_test.go

@@ -6,8 +6,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordRequestPasswordReset(t *testing.T) {
@@ -101,6 +101,30 @@ func TestRecordRequestPasswordReset(t *testing.T) {
 				app.Store().Set(resendKey, struct{}{})
 			},
 		},
+		{
+			Name:   "OnRecordRequestPasswordResetRequest tx body write check",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/request-password-reset",
+			Body:   strings.NewReader(`{"email":"test@example.com"}`),
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnRecordRequestPasswordResetRequest().BindFunc(func(e *core.RecordRequestPasswordResetRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordRequestPasswordResetRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 
 		// rate limit checks
 		// -----------------------------------------------------------

apis/record_auth_refresh.go

@@ -1,8 +1,8 @@
 package apis
 
 import (
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 	"github.com/spf13/cast"
 )
 
@@ -12,18 +12,24 @@ func recordAuthRefresh(e *core.RequestEvent) error {
 		return e.NotFoundError("Missing auth record context.", nil)
 	}
 
-	currentToken := getAuthTokenFromRequest(e)
-	claims, _ := security.ParseUnverifiedJWT(currentToken)
-	if v, ok := claims[core.TokenClaimRefreshable]; !ok || !cast.ToBool(v) {
-		return e.ForbiddenError("The current auth token is not refreshable.", nil)
-	}
-
 	event := new(core.RecordAuthRefreshRequestEvent)
 	event.RequestEvent = e
 	event.Collection = record.Collection()
 	event.Record = record
 
 	return e.App.OnRecordAuthRefreshRequest().Trigger(event, func(e *core.RecordAuthRefreshRequestEvent) error {
-		return RecordAuthResponse(e.RequestEvent, e.Record, "", nil)
+		token := getAuthTokenFromRequest(e.RequestEvent)
+
+		// skip token renewal if the token's payload doesn't explicitly allow it (e.g. impersonate tokens)
+		claims, _ := security.ParseUnverifiedJWT(token) //
+		if v, ok := claims[core.TokenClaimRefreshable]; ok && cast.ToBool(v) {
+			var tokenErr error
+			token, tokenErr = e.Record.NewAuthToken()
+			if tokenErr != nil {
+				return e.InternalServerError("Failed to refresh auth token.", tokenErr)
+			}
+		}
+
+		return recordAuthResponse(e.RequestEvent, e.Record, token, "", nil)
 	})
 }

apis/record_auth_refresh_test.go

@@ -1,12 +1,11 @@
 package apis_test
 
 import (
-	"errors"
 	"net/http"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordAuthRefresh(t *testing.T) {
@@ -74,6 +73,8 @@ func TestRecordAuthRefresh(t *testing.T) {
 			},
 			NotExpectedContent: []string{
 				`"missing":`,
+				// should return a different token
+				"eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo",
 			},
 			ExpectedEvents: map[string]int{
 				"*":                          0,
@@ -89,9 +90,21 @@ func TestRecordAuthRefresh(t *testing.T) {
 			Headers: map[string]string{
 				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6ZmFsc2V9.4IsO6YMsR19crhwl_YWzvRH8pfq2Ri4Gv2dzGyneLak",
 			},
-			ExpectedStatus:  403,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents:  map[string]int{"*": 0},
+			ExpectedStatus: 200,
+			ExpectedContent: []string{
+				// should return the same token
+				`"token":"eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6ZmFsc2V9.4IsO6YMsR19crhwl_YWzvRH8pfq2Ri4Gv2dzGyneLak"`,
+				`"record":`,
+				`"id":"4q1xlclmfloku33"`,
+				`"emailVisibility":false`,
+				`"email":"test@example.com"`, // the owner can always view their email address
+			},
+			ExpectedEvents: map[string]int{
+				"*":                          0,
+				"OnRecordAuthRefreshRequest": 1,
+				"OnRecordAuthRequest":        1,
+				"OnRecordEnrich":             1,
+			},
 		},
 		{
 			Name:   "unverified auth record in onlyVerified collection",
@@ -130,23 +143,30 @@ func TestRecordAuthRefresh(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnRecordAfterAuthRefreshRequest error response",
+			Name:   "OnRecordAuthRefreshRequest tx body write check",
 			Method: http.MethodPost,
-			URL:    "/api/collections/users/auth-refresh?expand=rel,missing",
+			URL:    "/api/collections/users/auth-refresh",
 			Headers: map[string]string{
 				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6IjRxMXhsY2xtZmxva3UzMyIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoiX3BiX3VzZXJzX2F1dGhfIiwiZXhwIjoyNTI0NjA0NDYxLCJyZWZyZXNoYWJsZSI6dHJ1ZX0.ZT3F0Z3iM-xbGgSG3LEKiEzHrPHr8t8IuHLZGGNuxLo",
 			},
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordAuthRefreshRequest().BindFunc(func(e *core.RecordAuthRefreshRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                          0,
-				"OnRecordAuthRefreshRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordAuthRefreshRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 
 		// rate limit checks

apis/record_auth_verification_confirm.go

@@ -4,8 +4,8 @@ import (
 	"net/http"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 	"github.com/spf13/cast"
 )
 
@@ -42,19 +42,19 @@ func recordConfirmVerification(e *core.RequestEvent) error {
 	event.Record = record
 
 	return e.App.OnRecordConfirmVerificationRequest().Trigger(event, func(e *core.RecordConfirmVerificationRequestEvent) error {
-		if wasVerified {
-			return e.NoContent(http.StatusNoContent)
-		}
+		if !wasVerified {
+			e.Record.SetVerified(true)
 
-		e.Record.SetVerified(true)
-
-		if err := e.App.Save(e.Record); err != nil {
-			return firstApiError(err, e.BadRequestError("An error occurred while saving the verified state.", err))
+			if err := e.App.Save(e.Record); err != nil {
+				return firstApiError(err, e.BadRequestError("An error occurred while saving the verified state.", err))
+			}
 		}
 
 		e.App.Store().Remove(getVerificationResendKey(e.Record))
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 

apis/record_auth_verification_confirm_test.go

@@ -1,13 +1,12 @@
 package apis_test
 
 import (
-	"errors"
 	"net/http"
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordConfirmVerification(t *testing.T) {
@@ -144,7 +143,7 @@ func TestRecordConfirmVerification(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnRecordAfterConfirmVerificationRequest error response",
+			Name:   "OnRecordConfirmVerificationRequest tx body write check",
 			Method: http.MethodPost,
 			URL:    "/api/collections/users/confirm-verification",
 			Body: strings.NewReader(`{
@@ -152,15 +151,22 @@ func TestRecordConfirmVerification(t *testing.T) {
 			}`),
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordConfirmVerificationRequest().BindFunc(func(e *core.RecordConfirmVerificationRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                                  0,
-				"OnRecordConfirmVerificationRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordConfirmVerificationRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 
 		// rate limit checks

apis/record_auth_verification_request.go

@@ -8,9 +8,9 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/mails"
-	"github.com/pocketbase/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/mails"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
 )
 
 func recordRequestVerification(e *core.RequestEvent) error {
@@ -68,7 +68,9 @@ func recordRequestVerification(e *core.RequestEvent) error {
 			})
 		})
 
-		return e.NoContent(http.StatusNoContent)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.NoContent(http.StatusNoContent)
+		})
 	})
 }
 

apis/record_auth_verification_request_test.go

@@ -6,8 +6,8 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordRequestVerification(t *testing.T) {
@@ -118,6 +118,30 @@ func TestRecordRequestVerification(t *testing.T) {
 				}
 			},
 		},
+		{
+			Name:   "OnRecordRequestVerificationRequest tx body write check",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/request-verification",
+			Body:   strings.NewReader(`{"email":"test@example.com"}`),
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnRecordRequestVerificationRequest().BindFunc(func(e *core.RecordRequestVerificationRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordRequestVerificationRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 
 		// rate limit checks
 		// -----------------------------------------------------------

apis/record_auth_with_oauth2.go

@@ -14,9 +14,10 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/auth"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
 	"golang.org/x/oauth2"
 )
 
@@ -90,6 +91,19 @@ func recordAuthWithOAuth2(e *core.RequestEvent) error {
 		return firstApiError(err, e.BadRequestError("Failed to fetch OAuth2 user.", err))
 	}
 
+	// Apple currently returns the user's name only as part of the first redirect data response
+	// so we try to assign the [apis.oauth2SubscriptionRedirect] forwarded name.
+	if form.Provider == auth.NameApple && authUser.Name == "" {
+		nameKey := oauth2RedirectAppleNameStoreKeyPrefix + form.Code
+		name, ok := e.App.Store().Get(nameKey).(string)
+		if ok {
+			e.App.Store().Remove(nameKey)
+			authUser.Name = name
+		} else {
+			e.App.Logger().Debug("Missing or already removed Apple user's name")
+		}
+	}
+
 	var authRecord *core.Record
 
 	// check for existing relation with the auth collection

apis/record_auth_with_oauth2_redirect.go

@@ -2,22 +2,29 @@ package apis
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
+	"strings"
+	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/subscriptions"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/subscriptions"
 )
 
 const (
-	oauth2SubscriptionTopic   string = "@oauth2"
-	oauth2RedirectFailurePath string = "../_/#/auth/oauth2-redirect-failure"
-	oauth2RedirectSuccessPath string = "../_/#/auth/oauth2-redirect-success"
+	oauth2SubscriptionTopic               string = "@oauth2"
+	oauth2RedirectFailurePath             string = "../_/#/auth/oauth2-redirect-failure"
+	oauth2RedirectSuccessPath             string = "../_/#/auth/oauth2-redirect-success"
+	oauth2RedirectAppleNameStoreKeyPrefix string = "@redirect_name_"
 )
 
 type oauth2RedirectData struct {
 	State string `form:"state" json:"state"`
 	Code  string `form:"code" json:"code"`
 	Error string `form:"error" json:"error,omitempty"`
+
+	// returned by Apple only
+	AppleUser string `form:"user" json:"-"`
 }
 
 func oauth2SubscriptionRedirect(e *core.RequestEvent) error {
@@ -52,6 +59,20 @@ func oauth2SubscriptionRedirect(e *core.RequestEvent) error {
 	}
 	defer client.Unsubscribe(oauth2SubscriptionTopic)
 
+	// temporary store the Apple user's name so that it can be later retrieved with the authWithOAuth2 call
+	// (see https://github.com/tabshift-gh/pocketbase/issues/7090)
+	if data.AppleUser != "" && data.Error == "" && data.Code != "" {
+		nameErr := parseAndStoreAppleRedirectName(
+			e.App,
+			oauth2RedirectAppleNameStoreKeyPrefix+data.Code,
+			data.AppleUser,
+		)
+		if nameErr != nil {
+			// non-critical error
+			e.App.Logger().Debug("Failed to parse and load Apple Redirect name data", "error", nameErr)
+		}
+	}
+
 	encodedData, err := json.Marshal(data)
 	if err != nil {
 		e.App.Logger().Debug("Failed to marshalize OAuth2 redirect data", "error", err)
@@ -72,3 +93,56 @@ func oauth2SubscriptionRedirect(e *core.RequestEvent) error {
 
 	return e.Redirect(redirectStatusCode, oauth2RedirectSuccessPath)
 }
+
+// parseAndStoreAppleRedirectName extracts the first and last name
+// from serializedNameData and temporary store them in the app.Store.
+//
+// This is hacky workaround to forward safely and seamlessly the Apple
+// redirect user's name back to the OAuth2 auth handler.
+//
+// Note that currently Apple is the only provider that behaves like this and
+// for now it is unnecessary to check whether the redirect is coming from Apple or not.
+//
+// Ideally this shouldn't be needed and will be removed in the future
+// once Apple adds a dedicated userinfo endpoint.
+func parseAndStoreAppleRedirectName(app core.App, nameKey string, serializedNameData string) error {
+	if serializedNameData == "" {
+		return nil
+	}
+
+	// just in case to prevent storing large strings in memory
+	if len(nameKey) > 1000 {
+		return errors.New("nameKey is too large")
+	}
+
+	// https://developer.apple.com/documentation/signinwithapple/incorporating-sign-in-with-apple-into-other-platforms#Handle-the-response
+	extracted := struct {
+		Name struct {
+			FirstName string `json:"firstName"`
+			LastName  string `json:"lastName"`
+		} `json:"name"`
+	}{}
+	if err := json.Unmarshal([]byte(serializedNameData), &extracted); err != nil {
+		return err
+	}
+
+	fullName := extracted.Name.FirstName + " " + extracted.Name.LastName
+
+	// truncate just in case to prevent storing large strings in memory
+	if len(fullName) > 150 {
+		fullName = fullName[:150]
+	}
+
+	fullName = strings.TrimSpace(fullName)
+	if fullName == "" {
+		return nil
+	}
+
+	// store (and remove)
+	app.Store().Set(nameKey, fullName)
+	time.AfterFunc(1*time.Minute, func() {
+		app.Store().Remove(nameKey)
+	})
+
+	return nil
+}

apis/record_auth_with_oauth2_redirect_test.go

@@ -3,13 +3,14 @@ package apis_test
 import (
 	"context"
 	"net/http"
+	"net/url"
 	"strings"
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/subscriptions"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/subscriptions"
 )
 
 func TestRecordAuthWithOAuth2Redirect(t *testing.T) {
@@ -266,6 +267,74 @@ func TestRecordAuthWithOAuth2Redirect(t *testing.T) {
 				}
 			},
 		},
+		{
+			Name:   "(POST) Apple user's name json (nameKey error)",
+			Method: http.MethodPost,
+			URL:    "/api/oauth2-redirect",
+			Body: strings.NewReader(url.Values{
+				"code":  []string{strings.Repeat("a", 986)},
+				"state": []string{clientStubs[8]["c3"].Id()},
+				"user": []string{
+					`{"name":{"firstName":"aaa","lastName":"` + strings.Repeat("b", 200) + `"}}`,
+				},
+			}.Encode()),
+			Headers: map[string]string{
+				"content-type": "application/x-www-form-urlencoded",
+			},
+			BeforeTestFunc: beforeTestFunc(clientStubs[8], map[string][]string{
+				"c3": {`"state":"` + clientStubs[8]["c3"].Id(), `"code":"` + strings.Repeat("a", 986) + `"`},
+			}),
+			ExpectedStatus: http.StatusSeeOther,
+			ExpectedEvents: map[string]int{"*": 0},
+			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
+				app.Store().Get("cancelFunc").(context.CancelFunc)()
+
+				checkSuccessRedirect(t, app, res)
+
+				if clientStubs[8]["c3"].HasSubscription("@oauth2") {
+					t.Fatalf("Expected oauth2 subscription to be removed")
+				}
+
+				if storedName := app.Store().Get("@redirect_name_" + strings.Repeat("a", 986)); storedName != nil {
+					t.Fatalf("Didn't expect stored name, got %q", storedName)
+				}
+			},
+		},
+		{
+			Name:   "(POST) Apple user's name json",
+			Method: http.MethodPost,
+			URL:    "/api/oauth2-redirect",
+			Body: strings.NewReader(url.Values{
+				"code":  []string{strings.Repeat("a", 985)},
+				"state": []string{clientStubs[9]["c3"].Id()},
+				"user": []string{
+					`{"name":{"firstName":"aaa","lastName":"` + strings.Repeat("b", 200) + `"}}`,
+				},
+			}.Encode()),
+			Headers: map[string]string{
+				"content-type": "application/x-www-form-urlencoded",
+			},
+			BeforeTestFunc: beforeTestFunc(clientStubs[9], map[string][]string{
+				"c3": {`"state":"` + clientStubs[9]["c3"].Id(), `"code":"` + strings.Repeat("a", 985) + `"`},
+			}),
+			ExpectedStatus: http.StatusSeeOther,
+			ExpectedEvents: map[string]int{"*": 0},
+			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
+				app.Store().Get("cancelFunc").(context.CancelFunc)()
+
+				checkSuccessRedirect(t, app, res)
+
+				if clientStubs[9]["c3"].HasSubscription("@oauth2") {
+					t.Fatalf("Expected oauth2 subscription to be removed")
+				}
+
+				storedName, _ := app.Store().Get("@redirect_name_" + strings.Repeat("a", 985)).(string)
+				expectedName := "aaa " + strings.Repeat("b", 146)
+				if storedName != expectedName {
+					t.Fatalf("Expected stored name\n%q\ngot\n%q", expectedName, storedName)
+				}
+			},
+		},
 	}
 
 	for _, scenario := range scenarios {

apis/record_auth_with_oauth2_test.go

@@ -11,10 +11,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/auth"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/auth"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
 	"golang.org/x/oauth2"
 )
 
@@ -1577,6 +1577,167 @@ func TestRecordAuthWithOAuth2(t *testing.T) {
 				"OnRecordValidate": 4,
 			},
 		},
+		{
+			Name:   "OnRecordAuthWithOAuth2Request tx body write check",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/auth-with-oauth2",
+			Body: strings.NewReader(`{
+				"provider": "test",
+				"code":"123",
+				"redirectURL": "https://example.com"
+			}`),
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				user, err := app.FindAuthRecordByEmail("users", "test@example.com")
+				if err != nil {
+					t.Fatal(err)
+				}
+
+				// register the test provider
+				auth.Providers["test"] = func() auth.Provider {
+					return &oauth2MockProvider{
+						AuthUser: &auth.AuthUser{Id: "test_id"},
+						Token:    &oauth2.Token{AccessToken: "abc"},
+					}
+				}
+
+				// add the test provider in the collection
+				user.Collection().MFA.Enabled = false
+				user.Collection().OAuth2.Enabled = true
+				user.Collection().OAuth2.Providers = []core.OAuth2ProviderConfig{{
+					Name:         "test",
+					ClientId:     "123",
+					ClientSecret: "456",
+				}}
+				if err := app.Save(user.Collection()); err != nil {
+					t.Fatal(err)
+				}
+
+				// stub linked provider
+				ea := core.NewExternalAuth(app)
+				ea.SetCollectionRef(user.Collection().Id)
+				ea.SetRecordRef(user.Id)
+				ea.SetProvider("test")
+				ea.SetProviderId("test_id")
+				if err := app.Save(ea); err != nil {
+					t.Fatal(err)
+				}
+
+				app.OnRecordAuthWithOAuth2Request().BindFunc(func(e *core.RecordAuthWithOAuth2RequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordAuthWithOAuth2Request": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
+
+		// Apple AuthUser.Name assign checks
+		// -----------------------------------------------------------
+		{
+			Name:   "store name with Apple provider",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/auth-with-oauth2",
+			Body: strings.NewReader(`{
+				"provider": "apple",
+				"code":"test_code",
+				"redirectURL": "https://example.com"
+			}`),
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				users, err := app.FindCollectionByNameOrId("users")
+				if err != nil {
+					t.Fatal(err)
+				}
+
+				// register the test provider
+				auth.Providers[auth.NameApple] = func() auth.Provider {
+					return &oauth2MockProvider{
+						AuthUser: &auth.AuthUser{Id: "test_id"},
+						Token:    &oauth2.Token{AccessToken: "abc"},
+					}
+				}
+
+				app.Store().Set("@redirect_name_test_code", "test_store_name")
+
+				// add the test provider in the collection
+				users.MFA.Enabled = false
+				users.OAuth2.Enabled = true
+				users.OAuth2.Providers = []core.OAuth2ProviderConfig{{
+					Name:         auth.NameApple,
+					ClientId:     "123",
+					ClientSecret: "456",
+				}}
+				if err := app.Save(users); err != nil {
+					t.Fatal(err)
+				}
+			},
+			ExpectedStatus: 200,
+			ExpectedContent: []string{
+				`"meta":{`,
+				`"name":"test_store_name"`,
+			},
+			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
+				if app.Store().Has("@redirect_name_test_code") {
+					t.Fatal("Expected @redirect_name_test_code store key to be removed")
+				}
+			},
+		},
+		{
+			Name:   "store name with non-Apple provider",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/auth-with-oauth2",
+			Body: strings.NewReader(`{
+				"provider": "test",
+				"code":"test_code",
+				"redirectURL": "https://example.com"
+			}`),
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				users, err := app.FindCollectionByNameOrId("users")
+				if err != nil {
+					t.Fatal(err)
+				}
+
+				// register the test provider
+				auth.Providers["test"] = func() auth.Provider {
+					return &oauth2MockProvider{
+						AuthUser: &auth.AuthUser{Id: "test_id"},
+						Token:    &oauth2.Token{AccessToken: "abc"},
+					}
+				}
+
+				app.Store().Set("@redirect_name_test_code", "test_store_name")
+
+				// add the test provider in the collection
+				users.MFA.Enabled = false
+				users.OAuth2.Enabled = true
+				users.OAuth2.Providers = []core.OAuth2ProviderConfig{{
+					Name:         "test",
+					ClientId:     "123",
+					ClientSecret: "456",
+				}}
+				if err := app.Save(users); err != nil {
+					t.Fatal(err)
+				}
+			},
+			ExpectedStatus: 200,
+			NotExpectedContent: []string{
+				`"name":"test_store_name"`,
+			},
+			AfterTestFunc: func(t testing.TB, app *tests.TestApp, res *http.Response) {
+				if !app.Store().Has("@redirect_name_test_code") {
+					t.Fatal("Expected @redirect_name_test_code store key to NOT be deleted")
+				}
+			},
+		},
 
 		// rate limit checks
 		// -----------------------------------------------------------

apis/record_auth_with_otp.go

@@ -5,7 +5,7 @@ import (
 	"fmt"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/core"
 )
 
 func recordAuthWithOTP(e *core.RequestEvent) error {

apis/record_auth_with_otp_test.go

@@ -5,9 +5,9 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestRecordAuthWithOTP(t *testing.T) {
@@ -419,6 +419,53 @@ func TestRecordAuthWithOTP(t *testing.T) {
 				}
 			},
 		},
+		{
+			Name:   "OnRecordAuthWithOTPRequest tx body write check",
+			Method: http.MethodPost,
+			URL:    "/api/collections/users/auth-with-otp",
+			Body: strings.NewReader(`{
+				"otpId":"` + strings.Repeat("a", 15) + `",
+				"password":"123456"
+			}`),
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				user, err := app.FindAuthRecordByEmail("users", "test@example.com")
+				if err != nil {
+					t.Fatal(err)
+				}
+
+				// disable MFA
+				user.Collection().MFA.Enabled = false
+				if err = app.Save(user.Collection()); err != nil {
+					t.Fatal(err)
+				}
+
+				otp := core.NewOTP(app)
+				otp.Id = strings.Repeat("a", 15)
+				otp.SetCollectionRef(user.Collection().Id)
+				otp.SetRecordRef(user.Id)
+				otp.SetPassword("123456")
+				if err := app.Save(otp); err != nil {
+					t.Fatal(err)
+				}
+
+				app.OnRecordAuthWithOTPRequest().BindFunc(func(e *core.RecordAuthWithOTPRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordAuthWithOTPRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 
 		// rate limit checks
 		// -----------------------------------------------------------

apis/record_auth_with_password.go

@@ -9,9 +9,9 @@ import (
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
-	"github.com/pocketbase/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/tools/list"
 )
 
 func recordAuthWithPassword(e *core.RequestEvent) error {

apis/record_auth_with_password_test.go

@@ -1,14 +1,13 @@
 package apis_test
 
 import (
-	"errors"
 	"net/http"
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
 )
 
 func TestRecordAuthWithPassword(t *testing.T) {
@@ -82,7 +81,7 @@ func TestRecordAuthWithPassword(t *testing.T) {
 			ExpectedEvents: map[string]int{"*": 0},
 		},
 		{
-			Name:   "OnRecordAuthWithPasswordRequest error response",
+			Name:   "OnRecordAuthWithPasswordRequest tx body write check",
 			Method: http.MethodPost,
 			URL:    "/api/collections/clients/auth-with-password",
 			Body: strings.NewReader(`{
@@ -91,15 +90,22 @@ func TestRecordAuthWithPassword(t *testing.T) {
 			}`),
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordAuthWithPasswordRequest().BindFunc(func(e *core.RecordAuthWithPasswordRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                               0,
-				"OnRecordAuthWithPasswordRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordAuthWithPasswordRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 		{
 			Name:   "valid identity field and invalid password",

apis/record_crud.go

@@ -10,14 +10,14 @@ import (
 	"time"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/forms"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
-	"github.com/pocketbase/pocketbase/tools/inflector"
-	"github.com/pocketbase/pocketbase/tools/list"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/search"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/forms"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/tools/inflector"
+	"github.com/tabshift-gh/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/search"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 )
 
 // bindRecordCrudApi registers the record crud api endpoints and
@@ -28,9 +28,9 @@ func bindRecordCrudApi(app core.App, rg *router.RouterGroup[*core.RequestEvent])
 	subGroup := rg.Group("/collections/{collection}/records").Unbind(DefaultRateLimitMiddlewareId)
 	subGroup.GET("", recordsList)
 	subGroup.GET("/{id}", recordView)
-	subGroup.POST("", recordCreate(nil)).Bind(dynamicCollectionBodyLimit(""))
-	subGroup.PATCH("/{id}", recordUpdate(nil)).Bind(dynamicCollectionBodyLimit(""))
-	subGroup.DELETE("/{id}", recordDelete(nil))
+	subGroup.POST("", recordCreate(true, nil)).Bind(dynamicCollectionBodyLimit(""))
+	subGroup.PATCH("/{id}", recordUpdate(true, nil)).Bind(dynamicCollectionBodyLimit(""))
+	subGroup.DELETE("/{id}", recordDelete(true, nil))
 }
 
 func recordsList(e *core.RequestEvent) error {
@@ -79,6 +79,11 @@ func recordsList(e *core.RequestEvent) error {
 
 	searchProvider := search.NewProvider(fieldsResolver).Query(query)
 
+	// use rowid when available to minimize the need of a covering index with the "id" field
+	if !collection.IsView() {
+		searchProvider.CountCol("_rowid_")
+	}
+
 	records := []*core.Record{}
 	result, err := searchProvider.ParseAndExec(e.Request.URL.Query().Encode(), &records)
 	if err != nil {
@@ -116,7 +121,9 @@ func recordsList(e *core.RequestEvent) error {
 			randomizedThrottle(150)
 		}
 
-		return e.JSON(http.StatusOK, e.Result)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, e.Result)
+		})
 	})
 }
 
@@ -187,11 +194,13 @@ func recordView(e *core.RequestEvent) error {
 			return firstApiError(err, e.InternalServerError("Failed to enrich record", err))
 		}
 
-		return e.JSON(http.StatusOK, e.Record)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, e.Record)
+		})
 	})
 }
 
-func recordCreate(optFinalizer func(data any) error) func(e *core.RequestEvent) error {
+func recordCreate(responseWriteAfterTx bool, optFinalizer func(data any) error) func(e *core.RequestEvent) error {
 	return func(e *core.RequestEvent) error {
 		collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection"))
 		if err != nil || collection == nil {
@@ -291,7 +300,7 @@ func recordCreate(optFinalizer func(data any) error) func(e *core.RequestEvent)
 
 			// check non-empty create rule
 			if *dummyCollection.CreateRule != "" {
-				ruleQuery := e.App.DB().Select("(1)").PreFragment(withFrom).From(dummyCollection.Name).AndBind(dummyParams)
+				ruleQuery := e.App.ConcurrentDB().Select("(1)").PreFragment(withFrom).From(dummyCollection.Name).AndBind(dummyParams)
 
 				resolver := core.NewRecordFieldResolver(e.App, &dummyCollection, requestInfo, true)
 
@@ -311,7 +320,7 @@ func recordCreate(optFinalizer func(data any) error) func(e *core.RequestEvent)
 			}
 
 			// check for manage rule access
-			manageRuleQuery := e.App.DB().Select("(1)").PreFragment(withFrom).From(dummyCollection.Name).AndBind(dummyParams)
+			manageRuleQuery := e.App.ConcurrentDB().Select("(1)").PreFragment(withFrom).From(dummyCollection.Name).AndBind(dummyParams)
 			if !form.HasManageAccess() &&
 				hasAuthManageAccess(e.App, requestInfo, &dummyCollection, manageRuleQuery) {
 				form.GrantManagerAccess()
@@ -339,7 +348,9 @@ func recordCreate(optFinalizer func(data any) error) func(e *core.RequestEvent)
 				return firstApiError(err, e.InternalServerError("Failed to enrich record", err))
 			}
 
-			err = e.JSON(http.StatusOK, e.Record)
+			err = execAfterSuccessTx(responseWriteAfterTx, e.App, func() error {
+				return e.JSON(http.StatusOK, e.Record)
+			})
 			if err != nil {
 				return err
 			}
@@ -369,7 +380,7 @@ func recordCreate(optFinalizer func(data any) error) func(e *core.RequestEvent)
 	}
 }
 
-func recordUpdate(optFinalizer func(data any) error) func(e *core.RequestEvent) error {
+func recordUpdate(responseWriteAfterTx bool, optFinalizer func(data any) error) func(e *core.RequestEvent) error {
 	return func(e *core.RequestEvent) error {
 		collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection"))
 		if err != nil || collection == nil {
@@ -441,7 +452,7 @@ func recordUpdate(optFinalizer func(data any) error) func(e *core.RequestEvent)
 		}
 		form.Load(data)
 
-		manageRuleQuery := e.App.DB().Select("(1)").From(collection.Name).AndWhere(dbx.HashExp{
+		manageRuleQuery := e.App.ConcurrentDB().Select("(1)").From(collection.Name).AndWhere(dbx.HashExp{
 			collection.Name + ".id": record.Id,
 		})
 		if !form.HasManageAccess() &&
@@ -470,7 +481,9 @@ func recordUpdate(optFinalizer func(data any) error) func(e *core.RequestEvent)
 				return firstApiError(err, e.InternalServerError("Failed to enrich record", err))
 			}
 
-			err = e.JSON(http.StatusOK, e.Record)
+			err = execAfterSuccessTx(responseWriteAfterTx, e.App, func() error {
+				return e.JSON(http.StatusOK, e.Record)
+			})
 			if err != nil {
 				return err
 			}
@@ -500,7 +513,7 @@ func recordUpdate(optFinalizer func(data any) error) func(e *core.RequestEvent)
 	}
 }
 
-func recordDelete(optFinalizer func(data any) error) func(e *core.RequestEvent) error {
+func recordDelete(responseWriteAfterTx bool, optFinalizer func(data any) error) func(e *core.RequestEvent) error {
 	return func(e *core.RequestEvent) error {
 		collection, err := e.App.FindCachedCollectionByNameOrId(e.Request.PathValue("collection"))
 		if err != nil || collection == nil {
@@ -560,7 +573,9 @@ func recordDelete(optFinalizer func(data any) error) func(e *core.RequestEvent)
 				return firstApiError(err, e.BadRequestError("Failed to delete record. Make sure that the record is not part of a required relation reference.", err))
 			}
 
-			err = e.NoContent(http.StatusNoContent)
+			err = execAfterSuccessTx(responseWriteAfterTx, e.App, func() error {
+				return e.NoContent(http.StatusNoContent)
+			})
 			if err != nil {
 				return err
 			}

apis/record_crud_auth_origin_test.go

@@ -5,8 +5,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordCrudAuthOriginList(t *testing.T) {

apis/record_crud_external_auth_test.go

@@ -5,8 +5,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordCrudExternalAuthList(t *testing.T) {

apis/record_crud_mfa_test.go

@@ -5,8 +5,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordCrudMFAList(t *testing.T) {

apis/record_crud_otp_test.go

@@ -5,8 +5,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordCrudOTPList(t *testing.T) {

apis/record_crud_superuser_test.go

@@ -6,8 +6,8 @@ import (
 	"testing"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestRecordCrudSuperuserList(t *testing.T) {

apis/record_crud_test.go

@@ -2,7 +2,6 @@ package apis_test
 
 import (
 	"bytes"
-	"errors"
 	"net/http"
 	"net/url"
 	"os"
@@ -12,11 +11,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestRecordCrudList(t *testing.T) {
@@ -418,6 +417,32 @@ func TestRecordCrudList(t *testing.T) {
 				"OnRecordsListRequest": 1,
 			},
 		},
+		{
+			Name:   "OnRecordsListRequest tx body write check",
+			Method: http.MethodGet,
+			URL:    "/api/collections/demo4/records",
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnRecordsListRequest().BindFunc(func(e *core.RecordsListRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordsListRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 
 		// auth collection
 		// -----------------------------------------------------------
@@ -862,6 +887,32 @@ func TestRecordCrudView(t *testing.T) {
 				"OnRecordEnrich":      7,
 			},
 		},
+		{
+			Name:   "OnRecordViewRequest tx body write check",
+			Method: http.MethodGet,
+			URL:    "/api/collections/demo1/records/al1h9ijdeojtsjy",
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnRecordViewRequest().BindFunc(func(e *core.RecordRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnRecordViewRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 
 		// auth collection
 		// -----------------------------------------------------------
@@ -1209,7 +1260,7 @@ func TestRecordCrudDelete(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnRecordAfterDeleteSuccessRequest error response",
+			Name:   "OnRecordDeleteRequest tx body write check",
 			Method: http.MethodDelete,
 			URL:    "/api/collections/clients/records/o1y0dd0spd786md",
 			Headers: map[string]string{
@@ -1217,15 +1268,22 @@ func TestRecordCrudDelete(t *testing.T) {
 			},
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordDeleteRequest().BindFunc(func(e *core.RecordRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                     0,
-				"OnRecordDeleteRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordDeleteRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 		{
 			Name:   "authenticated record that match the collection delete rule",
@@ -1792,21 +1850,31 @@ func TestRecordCrudCreate(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnRecordAfterCreateSuccessRequest error response",
+			Name:   "OnRecordCreateRequest tx body write check",
 			Method: http.MethodPost,
 			URL:    "/api/collections/demo2/records",
 			Body:   strings.NewReader(`{"title":"new"}`),
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordCreateRequest().BindFunc(func(e *core.RecordRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                     0,
-				"OnRecordCreateRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordCreateRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 
 		// ID checks
@@ -2799,21 +2867,31 @@ func TestRecordCrudUpdate(t *testing.T) {
 			},
 		},
 		{
-			Name:   "OnRecordAfterUpdateSuccessRequest error response",
+			Name:   "OnRecordUpdateRequest tx body write check",
 			Method: http.MethodPatch,
 			URL:    "/api/collections/demo2/records/0yxhwia2amd8gec",
 			Body:   strings.NewReader(`{"title":"new"}`),
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
 			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
 				app.OnRecordUpdateRequest().BindFunc(func(e *core.RecordRequestEvent) error {
-					return errors.New("error")
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
 				})
 			},
 			ExpectedStatus:  400,
-			ExpectedContent: []string{`"data":{}`},
-			ExpectedEvents: map[string]int{
-				"*":                     0,
-				"OnRecordUpdateRequest": 1,
-			},
+			ExpectedEvents:  map[string]int{"OnRecordUpdateRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
 		},
 		{
 			Name:   "try to change the id of an existing record",

apis/record_helpers.go

@@ -9,12 +9,12 @@ import (
 	"time"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/mails"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/routine"
-	"github.com/pocketbase/pocketbase/tools/search"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/mails"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/tools/search"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 )
 
 const (
@@ -129,7 +129,9 @@ func recordAuthResponse(e *core.RequestEvent, authRecord *core.Record, token str
 			result.Meta = e.Meta
 		}
 
-		return e.JSON(http.StatusOK, result)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, result)
+		})
 	})
 }
 
@@ -455,8 +457,8 @@ func autoResolveRecordsFlags(app core.App, records []*core.Record, requestInfo *
 	managedIds := []string{}
 
 	query := app.RecordQuery(collection).
-		Select(app.DB().QuoteSimpleColumnName(collection.Name) + ".id").
-		AndWhere(dbx.In(app.DB().QuoteSimpleColumnName(collection.Name)+".id", recordIds...))
+		Select(app.ConcurrentDB().QuoteSimpleColumnName(collection.Name) + ".id").
+		AndWhere(dbx.In(app.ConcurrentDB().QuoteSimpleColumnName(collection.Name)+".id", recordIds...))
 
 	resolver := core.NewRecordFieldResolver(app, collection, requestInfo, true)
 	expr, err := search.FilterData(*collection.ManageRule).BuildExpr(resolver)
@@ -535,6 +537,27 @@ func firstApiError(errs ...error) *router.ApiError {
 	return router.NewInternalServerError("", errors.Join(errs...))
 }
 
+// execAfterSuccessTx ensures that fn is executed only after a succesul transaction.
+//
+// If the current app instance is not a transactional or checkTx is false,
+// then fn is directly executed.
+//
+// It could be usually used to allow propagating an error or writing
+// custom response from within the wrapped transaction block.
+func execAfterSuccessTx(checkTx bool, app core.App, fn func() error) error {
+	if txInfo := app.TxInfo(); txInfo != nil && checkTx {
+		txInfo.OnComplete(func(txErr error) error {
+			if txErr == nil {
+				return fn()
+			}
+			return nil
+		})
+		return nil
+	}
+
+	return fn()
+}
+
 // -------------------------------------------------------------------
 
 const maxAuthOrigins = 5

apis/record_helpers_test.go

@@ -9,11 +9,11 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/router"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestEnrichRecords(t *testing.T) {

apis/serve.go

@@ -13,11 +13,11 @@ import (
 	"time"
 
 	"github.com/fatih/color"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/list"
-	"github.com/pocketbase/pocketbase/tools/routine"
-	"github.com/pocketbase/pocketbase/ui"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/ui"
 	"golang.org/x/crypto/acme"
 	"golang.org/x/crypto/acme/autocert"
 )
@@ -153,13 +153,6 @@ func Serve(app core.App, config ServeConfig) error {
 		ErrorLog: log.New(&serverErrorLogWriter{app: app}, "", 0),
 	}
 
-	serveEvent := new(core.ServeEvent)
-	serveEvent.App = app
-	serveEvent.Router = pbRouter
-	serveEvent.Server = server
-	serveEvent.CertManager = certManager
-	serveEvent.InstallerFunc = DefaultInstallerFunc
-
 	var listener net.Listener
 
 	// graceful shutdown
@@ -207,6 +200,13 @@ func Serve(app core.App, config ServeConfig) error {
 
 	var baseURL string
 
+	serveEvent := new(core.ServeEvent)
+	serveEvent.App = app
+	serveEvent.Router = pbRouter
+	serveEvent.Server = server
+	serveEvent.CertManager = certManager
+	serveEvent.InstallerFunc = DefaultInstallerFunc
+
 	// trigger the OnServe hook and start the tcp listener
 	serveHookErr := app.OnServe().Trigger(serveEvent, func(e *core.ServeEvent) error {
 		handler, err := e.Router.BuildMux()
@@ -237,9 +237,13 @@ func Serve(app core.App, config ServeConfig) error {
 			}
 		}
 
-		listener, err = net.Listen("tcp", addr)
-		if err != nil {
-			return err
+		if e.Listener == nil {
+			listener, err = net.Listen("tcp", addr)
+			if err != nil {
+				return err
+			}
+		} else {
+			listener = e.Listener
 		}
 
 		if e.InstallerFunc != nil {
@@ -260,7 +264,7 @@ func Serve(app core.App, config ServeConfig) error {
 
 	if listener == nil {
 		//nolint:staticcheck
-		return errors.New("The OnServe finalizer wasn't invoked. Did you forget to call the ServeEvent.Next() method?")
+		return errors.New("The OnServe listener was not initialized. Did you forget to call the ServeEvent.Next() method?")
 	}
 
 	if config.ShowStartBanner {

apis/settings.go

@@ -4,9 +4,9 @@ import (
 	"net/http"
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/forms"
-	"github.com/pocketbase/pocketbase/tools/router"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/forms"
+	"github.com/tabshift-gh/pocketbase/tools/router"
 )
 
 // bindSettingsApi registers the settings api endpoints.
@@ -30,7 +30,9 @@ func settingsList(e *core.RequestEvent) error {
 	event.Settings = clone
 
 	return e.App.OnSettingsListRequest().Trigger(event, func(e *core.SettingsListRequestEvent) error {
-		return e.JSON(http.StatusOK, e.Settings)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, e.Settings)
+		})
 	})
 }
 
@@ -65,7 +67,9 @@ func settingsSet(e *core.RequestEvent) error {
 			return e.InternalServerError("Failed to clone app settings.", err)
 		}
 
-		return e.JSON(http.StatusOK, appSettings)
+		return execAfterSuccessTx(true, e.App, func() error {
+			return e.JSON(http.StatusOK, appSettings)
+		})
 	})
 }
 

apis/settings_test.go

@@ -11,7 +11,8 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestSettingsList(t *testing.T) {
@@ -58,6 +59,32 @@ func TestSettingsList(t *testing.T) {
 				"OnSettingsListRequest": 1,
 			},
 		},
+		{
+			Name:   "OnSettingsListRequest tx body write check",
+			Method: http.MethodGet,
+			URL:    "/api/settings",
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnSettingsListRequest().BindFunc(func(e *core.SettingsListRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnSettingsListRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 	}
 
 	for _, scenario := range scenarios {
@@ -176,6 +203,33 @@ func TestSettingsSet(t *testing.T) {
 				"OnSettingsReload":          1,
 			},
 		},
+		{
+			Name:   "OnSettingsUpdateRequest tx body write check",
+			Method: http.MethodPatch,
+			URL:    "/api/settings",
+			Body:   strings.NewReader(validData),
+			Headers: map[string]string{
+				"Authorization": "eyJhbGciOiJIUzI1NiJ9.eyJpZCI6InN5d2JoZWNuaDQ2cmhtMCIsInR5cGUiOiJhdXRoIiwiY29sbGVjdGlvbklkIjoicGJjXzMxNDI2MzU4MjMiLCJleHAiOjI1MjQ2MDQ0NjEsInJlZnJlc2hhYmxlIjp0cnVlfQ.UXgO3j-0BumcugrFjbd7j0M4MQvbrLggLlcu_YNGjoY",
+			},
+			BeforeTestFunc: func(t testing.TB, app *tests.TestApp, e *core.ServeEvent) {
+				app.OnSettingsUpdateRequest().BindFunc(func(e *core.SettingsUpdateRequestEvent) error {
+					original := e.App
+					return e.App.RunInTransaction(func(txApp core.App) error {
+						e.App = txApp
+						defer func() { e.App = original }()
+
+						if err := e.Next(); err != nil {
+							return err
+						}
+
+						return e.BadRequestError("TX_ERROR", nil)
+					})
+				})
+			},
+			ExpectedStatus:  400,
+			ExpectedEvents:  map[string]int{"OnSettingsUpdateRequest": 1},
+			ExpectedContent: []string{"TX_ERROR"},
+		},
 	}
 
 	for _, scenario := range scenarios {

cmd/serve.go

@@ -4,8 +4,8 @@ import (
 	"errors"
 	"net/http"
 
-	"github.com/pocketbase/pocketbase/apis"
-	"github.com/pocketbase/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/apis"
+	"github.com/tabshift-gh/pocketbase/core"
 	"github.com/spf13/cobra"
 )
 

cmd/superuser.go

@@ -6,8 +6,8 @@ import (
 
 	"github.com/fatih/color"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 	"github.com/spf13/cobra"
 )
 

cmd/superuser_test.go

@@ -3,9 +3,9 @@ package cmd_test
 import (
 	"testing"
 
-	"github.com/pocketbase/pocketbase/cmd"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/cmd"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestSuperuserUpsertCommand(t *testing.T) {

core/app.go

@@ -9,12 +9,12 @@ import (
 	"time"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/tools/cron"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/mailer"
-	"github.com/pocketbase/pocketbase/tools/store"
-	"github.com/pocketbase/pocketbase/tools/subscriptions"
+	"github.com/tabshift-gh/pocketbase/tools/cron"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/mailer"
+	"github.com/tabshift-gh/pocketbase/tools/store"
+	"github.com/tabshift-gh/pocketbase/tools/subscriptions"
 )
 
 // App defines the main PocketBase app interface.
@@ -45,6 +45,12 @@ type App interface {
 	// IsTransactional checks if the current app instance is part of a transaction.
 	IsTransactional() bool
 
+	// TxInfo returns the transaction associated with the current app instance (if any).
+	//
+	// Could be used if you want to execute indirectly a function after
+	// the related app transaction completes using `app.TxInfo().OnAfterFunc(callback)`.
+	TxInfo() *TxAppInfo
+
 	// Bootstrap initializes the application
 	// (aka. create data dir, open db connections, load settings, etc.).
 	//
@@ -140,46 +146,82 @@ type App interface {
 	// DB methods
 	// ---------------------------------------------------------------
 
-	// DB returns the default app data db instance (pb_data/data.db).
+	// DB returns the default app data.db builder instance.
+	//
+	// To minimize SQLITE_BUSY errors, it automatically routes the
+	// SELECT queries to the underlying concurrent db pool and everything else
+	// to the nonconcurrent one.
+	//
+	// For more finer control over the used connections pools you can
+	// call directly ConcurrentDB() or NonconcurrentDB().
 	DB() dbx.Builder
 
-	// NonconcurrentDB returns the nonconcurrent app data db instance (pb_data/data.db).
+	// ConcurrentDB returns the concurrent app data.db builder instance.
+	//
+	// This method is used mainly internally for executing db read
+	// operations in a concurrent/non-blocking manner.
+	//
+	// Most users should use simply DB() as it will automatically
+	// route the query execution to ConcurrentDB() or NonconcurrentDB().
+	//
+	// In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance.
+	ConcurrentDB() dbx.Builder
+
+	// NonconcurrentDB returns the nonconcurrent app data.db builder instance.
 	//
 	// The returned db instance is limited only to a single open connection,
-	// meaning that it can process only 1 db operation at a time (other operations will be queued up).
+	// meaning that it can process only 1 db operation at a time (other queries queue up).
 	//
 	// This method is used mainly internally and in the tests to execute write
 	// (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors.
 	//
-	// For the majority of cases you would want to use the regular DB() method
-	// since it allows concurrent db read operations.
+	// Most users should use simply DB() as it will automatically
+	// route the query execution to ConcurrentDB() or NonconcurrentDB().
 	//
 	// In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance.
 	NonconcurrentDB() dbx.Builder
 
-	// AuxDB returns the default app auxiliary db instance (pb_data/auxiliary.db).
+	// AuxDB returns the app auxiliary.db builder instance.
+	//
+	// To minimize SQLITE_BUSY errors, it automatically routes the
+	// SELECT queries to the underlying concurrent db pool and everything else
+	// to the nonconcurrent one.
+	//
+	// For more finer control over the used connections pools you can
+	// call directly AuxConcurrentDB() or AuxNonconcurrentDB().
 	AuxDB() dbx.Builder
 
-	// AuxNonconcurrentDB returns the nonconcurrent app auxiliary db instance (pb_data/auxiliary.db)..
+	// AuxConcurrentDB returns the concurrent app auxiliary.db builder instance.
+	//
+	// This method is used mainly internally for executing db read
+	// operations in a concurrent/non-blocking manner.
+	//
+	// Most users should use simply AuxDB() as it will automatically
+	// route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB().
+	//
+	// In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance.
+	AuxConcurrentDB() dbx.Builder
+
+	// AuxNonconcurrentDB returns the nonconcurrent app auxiliary.db builder instance.
 	//
 	// The returned db instance is limited only to a single open connection,
-	// meaning that it can process only 1 db operation at a time (other operations will be queued up).
+	// meaning that it can process only 1 db operation at a time (other queries queue up).
 	//
 	// This method is used mainly internally and in the tests to execute write
 	// (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors.
 	//
-	// For the majority of cases you would want to use the regular DB() method
-	// since it allows concurrent db read operations.
+	// Most users should use simply AuxDB() as it will automatically
+	// route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB().
 	//
-	// In a transaction the AuxNonconcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance.
+	// In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance.
 	AuxNonconcurrentDB() dbx.Builder
 
 	// HasTable checks if a table (or view) with the provided name exists (case insensitive).
-	// in the current app.DB() instance.
+	// in the data.db.
 	HasTable(tableName string) bool
 
 	// AuxHasTable checks if a table (or view) with the provided name exists (case insensitive)
-	// in the current app.AuxDB() instance.
+	// in the auxiliary.db.
 	AuxHasTable(tableName string) bool
 
 	// TableColumns returns all column names of a single table by its name.
@@ -225,21 +267,19 @@ type App interface {
 	// FindRecordByViewFile returns the original Record of the provided view collection file.
 	FindRecordByViewFile(viewCollectionModelOrIdentifier any, fileFieldName string, filename string) (*Record, error)
 
-	// Vacuum executes VACUUM on the current app.DB() instance
-	// in order to reclaim unused data db disk space.
+	// Vacuum executes VACUUM on the data.db in order to reclaim unused data db disk space.
 	Vacuum() error
 
-	// AuxVacuum executes VACUUM on the current app.AuxDB() instance
-	// in order to reclaim unused auxiliary db disk space.
+	// AuxVacuum executes VACUUM on the auxiliary.db in order to reclaim unused auxiliary db disk space.
 	AuxVacuum() error
 
 	// ---------------------------------------------------------------
 
-	// ModelQuery creates a new preconfigured select app.DB() query with preset
+	// ModelQuery creates a new preconfigured select data.db query with preset
 	// SELECT, FROM and other common fields based on the provided model.
 	ModelQuery(model Model) *dbx.SelectQuery
 
-	// AuxModelQuery creates a new preconfigured select app.AuxDB() query with preset
+	// AuxModelQuery creates a new preconfigured select auxiliary.db query with preset
 	// SELECT, FROM and other common fields based on the provided model.
 	AuxModelQuery(model Model) *dbx.SelectQuery
 

core/auth_origin_model.go

@@ -7,8 +7,8 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 const CollectionNameAuthOrigins = "_authOrigins"

core/auth_origin_model_test.go

@@ -5,9 +5,9 @@ import (
 	"slices"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestNewAuthOrigin(t *testing.T) {

core/auth_origin_query_test.go

@@ -5,8 +5,8 @@ import (
 	"slices"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestFindAllAuthOriginsByRecord(t *testing.T) {

core/base.go

@@ -12,20 +12,21 @@ import (
 	"regexp"
 	"runtime"
 	"strings"
-	"syscall"
 	"time"
 
 	"github.com/fatih/color"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/tools/cron"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/logger"
-	"github.com/pocketbase/pocketbase/tools/mailer"
-	"github.com/pocketbase/pocketbase/tools/routine"
-	"github.com/pocketbase/pocketbase/tools/store"
-	"github.com/pocketbase/pocketbase/tools/subscriptions"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/tools/cron"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/logger"
+	"github.com/tabshift-gh/pocketbase/tools/mailer"
+	"github.com/tabshift-gh/pocketbase/tools/routine"
+	"github.com/tabshift-gh/pocketbase/tools/store"
+	"github.com/tabshift-gh/pocketbase/tools/subscriptions"
+	"github.com/tabshift-gh/pocketbase/tools/types"
+	"github.com/spf13/cast"
+	"golang.org/x/sync/semaphore"
 )
 
 const (
@@ -39,6 +40,9 @@ const (
 	LocalBackupsDirName       string = "backups"
 	LocalTempDirName          string = ".pb_temp_to_delete" // temp pb_data sub directory that will be deleted on each app.Bootstrap()
 	LocalAutocertCacheDirName string = ".autocert_cache"
+
+	// @todo consider removing after backups refactoring
+	lostFoundDirName string = "lost+found"
 )
 
 // FilesManager defines an interface with common methods that files manager models should implement.
@@ -69,7 +73,7 @@ var _ App = (*BaseApp)(nil)
 // BaseApp implements core.App and defines the base PocketBase app structure.
 type BaseApp struct {
 	config              *BaseAppConfig
-	txInfo              *txAppInfo
+	txInfo              *TxAppInfo
 	store               *store.Store[string, any]
 	cron                *cron.Cron
 	settings            *Settings
@@ -360,9 +364,17 @@ func (app *BaseApp) Logger() *slog.Logger {
 	return app.logger
 }
 
+// TxInfo returns the transaction associated with the current app instance (if any).
+//
+// Could be used if you want to execute indirectly a function after
+// the related app transaction completes using `app.TxInfo().OnAfterFunc(callback)`.
+func (app *BaseApp) TxInfo() *TxAppInfo {
+	return app.txInfo
+}
+
 // IsTransactional checks if the current app instance is part of a transaction.
 func (app *BaseApp) IsTransactional() bool {
-	return app.txInfo != nil
+	return app.TxInfo() != nil
 }
 
 // IsBootstrapped checks if the application was initialized
@@ -466,44 +478,100 @@ func (app *BaseApp) ResetBootstrapState() error {
 	return nil
 }
 
-// DB returns the default app data db instance (pb_data/data.db).
+// DB returns the default app data.db builder instance.
+//
+// To minimize SQLITE_BUSY errors, it automatically routes the
+// SELECT queries to the underlying concurrent db pool and everything
+// else to the nonconcurrent one.
+//
+// For more finer control over the used connections pools you can
+// call directly ConcurrentDB() or NonconcurrentDB().
 func (app *BaseApp) DB() dbx.Builder {
+	// transactional or both are nil
+	if app.concurrentDB == app.nonconcurrentDB {
+		return app.concurrentDB
+	}
+
+	return &dualDBBuilder{
+		concurrentDB:    app.concurrentDB,
+		nonconcurrentDB: app.nonconcurrentDB,
+	}
+}
+
+// ConcurrentDB returns the concurrent app data.db builder instance.
+//
+// This method is used mainly internally for executing db read
+// operations in a concurrent/non-blocking manner.
+//
+// Most users should use simply DB() as it will automatically
+// route the query execution to ConcurrentDB() or NonconcurrentDB().
+//
+// In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance.
+func (app *BaseApp) ConcurrentDB() dbx.Builder {
 	return app.concurrentDB
 }
 
-// NonconcurrentDB returns the nonconcurrent app data db instance (pb_data/data.db).
+// NonconcurrentDB returns the nonconcurrent app data.db builder instance.
 //
 // The returned db instance is limited only to a single open connection,
-// meaning that it can process only 1 db operation at a time (other operations will be queued up).
+// meaning that it can process only 1 db operation at a time (other queries queue up).
 //
 // This method is used mainly internally and in the tests to execute write
 // (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors.
 //
-// For the majority of cases you would want to use the regular DB() method
-// since it allows concurrent db read operations.
+// Most users should use simply DB() as it will automatically
+// route the query execution to ConcurrentDB() or NonconcurrentDB().
 //
 // In a transaction the ConcurrentDB() and NonconcurrentDB() refer to the same *dbx.TX instance.
 func (app *BaseApp) NonconcurrentDB() dbx.Builder {
 	return app.nonconcurrentDB
 }
 
-// AuxDB returns the default app auxiliary db instance (pb_data/auxiliary.db).
+// AuxDB returns the app auxiliary.db builder instance.
+//
+// To minimize SQLITE_BUSY errors, it automatically routes the
+// SELECT queries to the underlying concurrent db pool and everything
+// else to the nonconcurrent one.
+//
+// For more finer control over the used connections pools you can
+// call directly AuxConcurrentDB() or AuxNonconcurrentDB().
 func (app *BaseApp) AuxDB() dbx.Builder {
+	// transactional or both are nil
+	if app.auxConcurrentDB == app.auxNonconcurrentDB {
+		return app.auxConcurrentDB
+	}
+
+	return &dualDBBuilder{
+		concurrentDB:    app.auxConcurrentDB,
+		nonconcurrentDB: app.auxNonconcurrentDB,
+	}
+}
+
+// AuxConcurrentDB returns the concurrent app auxiliary.db builder instance.
+//
+// This method is used mainly internally for executing db read
+// operations in a concurrent/non-blocking manner.
+//
+// Most users should use simply AuxDB() as it will automatically
+// route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB().
+//
+// In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance.
+func (app *BaseApp) AuxConcurrentDB() dbx.Builder {
 	return app.auxConcurrentDB
 }
 
-// AuxNonconcurrentDB returns the nonconcurrent app auxiliary db instance (pb_data/auxiliary.db).
+// AuxNonconcurrentDB returns the nonconcurrent app auxiliary.db builder instance.
 //
 // The returned db instance is limited only to a single open connection,
-// meaning that it can process only 1 db operation at a time (other operations will be queued up).
+// meaning that it can process only 1 db operation at a time (other queries queue up).
 //
 // This method is used mainly internally and in the tests to execute write
 // (save/delete) db operations as it helps with minimizing the SQLITE_BUSY errors.
 //
-// For the majority of cases you would want to use the regular DB() method
-// since it allows concurrent db read operations.
+// Most users should use simply AuxDB() as it will automatically
+// route the query execution to AuxConcurrentDB() or AuxNonconcurrentDB().
 //
-// In a transaction the AuxNonconcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance.
+// In a transaction the AuxConcurrentDB() and AuxNonconcurrentDB() refer to the same *dbx.TX instance.
 func (app *BaseApp) AuxNonconcurrentDB() dbx.Builder {
 	return app.auxNonconcurrentDB
 }
@@ -707,7 +775,7 @@ func (app *BaseApp) Restart() error {
 			}
 		}()
 
-		return syscall.Exec(execPath, os.Args, os.Environ())
+		return execve(execPath, os.Args, os.Environ())
 	})
 }
 
@@ -1145,10 +1213,10 @@ var sqlLogReplacements = []struct {
 }{
 	{regexp.MustCompile(`\[\[([^\[\]\{\}\.]+)\.([^\[\]\{\}\.]+)\]\]`), "`$1`.`$2`"},
 	{regexp.MustCompile(`\{\{([^\[\]\{\}\.]+)\.([^\[\]\{\}\.]+)\}\}`), "`$1`.`$2`"},
-	{regexp.MustCompile(`([^'"])\{\{`), "$1`"},
-	{regexp.MustCompile(`\}\}([^'"])`), "`$1"},
-	{regexp.MustCompile(`([^'"])\[\[`), "$1`"},
-	{regexp.MustCompile(`\]\]([^'"])`), "`$1"},
+	{regexp.MustCompile(`([^'"])?\{\{`), "$1`"},
+	{regexp.MustCompile(`\}\}([^'"])?`), "`$1"},
+	{regexp.MustCompile(`([^'"])?\[\[`), "$1`"},
+	{regexp.MustCompile(`\]\]([^'"])?`), "`$1"},
 	{regexp.MustCompile(`<nil>`), "NULL"},
 }
 
@@ -1165,7 +1233,7 @@ func normalizeSQLLog(sql string) string {
 
 func (app *BaseApp) initAuxDB() error {
 	// note: renamed to "auxiliary" because "aux" is a reserved Windows filename
-	// (see https://github.com/pocketbase/pocketbase/issues/5607)
+	// (see https://github.com/tabshift-gh/pocketbase/issues/5607)
 	dbPath := filepath.Join(app.DataDir(), "auxiliary.db")
 
 	concurrentDB, err := app.config.DBConnect(dbPath)
@@ -1190,6 +1258,33 @@ func (app *BaseApp) initAuxDB() error {
 	return nil
 }
 
+// @todo remove after refactoring the FilesManager interface
+func supportFiles(m Model) bool {
+	var collection *Collection
+	switch v := m.(type) {
+	case *Collection:
+		collection = v
+	case *Record:
+		collection = v.Collection()
+	case RecordProxy:
+		if v.ProxyRecord() != nil {
+			collection = v.ProxyRecord().Collection()
+		}
+	}
+
+	if collection == nil {
+		return true
+	}
+
+	for _, f := range collection.Fields {
+		if f.Type() == FieldTypeFile {
+			return true
+		}
+	}
+
+	return false
+}
+
 func (app *BaseApp) registerBaseHooks() {
 	deletePrefix := func(prefix string) error {
 		fs, err := app.NewFilesystem()
@@ -1206,26 +1301,44 @@ func (app *BaseApp) registerBaseHooks() {
 		return nil
 	}
 
+	maxFilesDeleteWorkers := cast.ToInt64(os.Getenv("PB_FILES_DELETE_MAX_WORKERS"))
+	if maxFilesDeleteWorkers <= 0 {
+		maxFilesDeleteWorkers = 2000 // the value is arbitrary chosen and may change in the future
+	}
+
+	deleteSem := semaphore.NewWeighted(maxFilesDeleteWorkers)
+
 	// try to delete the storage files from deleted Collection, Records, etc. model
 	app.OnModelAfterDeleteSuccess().Bind(&hook.Handler[*ModelEvent]{
 		Id: "__pbFilesManagerDelete__",
 		Func: func(e *ModelEvent) error {
-			if m, ok := e.Model.(FilesManager); ok && m.BaseFilesPath() != "" {
+			if m, ok := e.Model.(FilesManager); ok && m.BaseFilesPath() != "" && supportFiles(e.Model) {
 				// ensure that there is a trailing slash so that the list iterator could start walking from the prefix dir
-				// (https://github.com/pocketbase/pocketbase/discussions/5246#discussioncomment-10128955)
+				// (https://github.com/tabshift-gh/pocketbase/discussions/5246#discussioncomment-10128955)
 				prefix := strings.TrimRight(m.BaseFilesPath(), "/") + "/"
 
-				// run in the background for "optimistic" delete to avoid
-				// blocking the delete transaction
-				routine.FireAndForget(func() {
-					if err := deletePrefix(prefix); err != nil {
-						app.Logger().Error(
-							"Failed to delete storage prefix (non critical error; usually could happen because of S3 api limits)",
-							slog.String("prefix", prefix),
-							slog.String("error", err.Error()),
-						)
-					}
-				})
+				// note: for now assume no context cancellation
+				err := deleteSem.Acquire(context.Background(), 1)
+				if err != nil {
+					app.Logger().Error(
+						"Failed to delete storage prefix (couldn't acquire a worker)",
+						slog.String("prefix", prefix),
+						slog.String("error", err.Error()),
+					)
+				} else {
+					// run in the background for "optimistic" delete to avoid blocking the delete transaction
+					routine.FireAndForget(func() {
+						defer deleteSem.Release(1)
+
+						if err := deletePrefix(prefix); err != nil {
+							app.Logger().Error(
+								"Failed to delete storage prefix (non critical error; usually could happen because of S3 api limits)",
+								slog.String("prefix", prefix),
+								slog.String("error", err.Error()),
+							)
+						}
+					})
+				}
 			}
 
 			return e.Next()
@@ -1254,7 +1367,7 @@ func (app *BaseApp) registerBaseHooks() {
 			app.Logger().Warn("Failed to run periodic PRAGMA wal_checkpoint for the auxiliary DB", slog.String("error", execErr.Error()))
 		}
 
-		_, execErr = app.DB().NewQuery("PRAGMA optimize").Execute()
+		_, execErr = app.NonconcurrentDB().NewQuery("PRAGMA optimize").Execute()
 		if execErr != nil {
 			app.Logger().Warn("Failed to run periodic PRAGMA optimize", slog.String("error", execErr.Error()))
 		}

core/base_backup.go

@@ -12,11 +12,11 @@ import (
 	"sort"
 	"time"
 
-	"github.com/pocketbase/pocketbase/tools/archive"
-	"github.com/pocketbase/pocketbase/tools/filesystem"
-	"github.com/pocketbase/pocketbase/tools/inflector"
-	"github.com/pocketbase/pocketbase/tools/osutils"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/tools/archive"
+	"github.com/tabshift-gh/pocketbase/tools/filesystem"
+	"github.com/tabshift-gh/pocketbase/tools/inflector"
+	"github.com/tabshift-gh/pocketbase/tools/osutils"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 )
 
 const (
@@ -54,7 +54,7 @@ func (app *BaseApp) CreateBackup(ctx context.Context, name string) error {
 	event.Context = ctx
 	event.Name = name
 	// default root dir entries to exclude from the backup generation
-	event.Exclude = []string{LocalBackupsDirName, LocalTempDirName, LocalAutocertCacheDirName}
+	event.Exclude = []string{LocalBackupsDirName, LocalTempDirName, LocalAutocertCacheDirName, lostFoundDirName}
 
 	return app.OnBackupCreate().Trigger(event, func(e *BackupEvent) error {
 		// generate a default name if missing
@@ -71,7 +71,7 @@ func (app *BaseApp) CreateBackup(ctx context.Context, name string) error {
 
 		// archive pb_data in a temp directory, exluding the "backups" and the temp dirs
 		//
-		// Run in transaction to temporary block other writes (transactions uses the NonconcurrentDB connection).
+		// run in transaction to temporary block other writes (transactions uses the NonconcurrentDB connection)
 		// ---
 		tempPath := filepath.Join(localTempDir, "pb_backup_"+security.PseudorandomString(6))
 		createErr := e.App.RunInTransaction(func(txApp App) error {
@@ -145,7 +145,7 @@ func (app *BaseApp) CreateBackup(ctx context.Context, name string) error {
 //
 // Note that if your pb_data has custom network mounts as subdirectories, then
 // it is possible the restore to fail during the `os.Rename` operations
-// (see https://github.com/pocketbase/pocketbase/issues/4647).
+// (see https://github.com/tabshift-gh/pocketbase/issues/4647).
 func (app *BaseApp) RestoreBackup(ctx context.Context, name string) error {
 	if app.Store().Has(StoreKeyActiveBackup) {
 		return errors.New("try again later - another backup/restore operation has already been started")
@@ -159,7 +159,7 @@ func (app *BaseApp) RestoreBackup(ctx context.Context, name string) error {
 	event.Context = ctx
 	event.Name = name
 	// default root dir entries to exclude from the backup restore
-	event.Exclude = []string{LocalBackupsDirName, LocalTempDirName, LocalAutocertCacheDirName}
+	event.Exclude = []string{LocalBackupsDirName, LocalTempDirName, LocalAutocertCacheDirName, lostFoundDirName}
 
 	return app.OnBackupRestore().Trigger(event, func(e *BackupEvent) error {
 		if runtime.GOOS == "windows" {
@@ -190,7 +190,7 @@ func (app *BaseApp) RestoreBackup(ctx context.Context, name string) error {
 
 		// extract the zip
 		if e.App.Settings().Backups.S3.Enabled {
-			br, err := fsys.GetFile(name)
+			br, err := fsys.GetReader(name)
 			if err != nil {
 				return err
 			}
@@ -228,7 +228,7 @@ func (app *BaseApp) RestoreBackup(ctx context.Context, name string) error {
 		} else {
 			// manually construct the local path to avoid creating a copy of the zip file
 			// since the blob reader currently doesn't implement ReaderAt
-			zipPath := filepath.Join(app.DataDir(), LocalBackupsDirName, filepath.Base(name))
+			zipPath := filepath.Join(e.App.DataDir(), LocalBackupsDirName, filepath.Base(name))
 
 			err = archive.Extract(zipPath, extractedDataDir)
 			if err != nil {
@@ -242,29 +242,43 @@ func (app *BaseApp) RestoreBackup(ctx context.Context, name string) error {
 			return fmt.Errorf("data.db file is missing or invalid: %w", err)
 		}
 
-		// move the current pb_data content to a special temp location
-		// that will hold the old data between dirs replace
-		// (the temp dir will be automatically removed on the next app start)
 		oldTempDataDir := filepath.Join(localTempDir, "old_pb_data_"+security.PseudorandomString(8))
-		if err := osutils.MoveDirContent(e.App.DataDir(), oldTempDataDir, e.Exclude...); err != nil {
-			return fmt.Errorf("failed to move the current pb_data content to a temp location: %w", err)
-		}
 
-		// move the extracted archive content to the app's pb_data
-		if err := osutils.MoveDirContent(extractedDataDir, e.App.DataDir(), e.Exclude...); err != nil {
-			return fmt.Errorf("failed to move the extracted archive content to pb_data: %w", err)
+		replaceErr := e.App.RunInTransaction(func(txApp App) error {
+			return txApp.AuxRunInTransaction(func(txApp App) error {
+				// move the current pb_data content to a special temp location
+				// that will hold the old data between dirs replace
+				// (the temp dir will be automatically removed on the next app start)
+				if err := osutils.MoveDirContent(txApp.DataDir(), oldTempDataDir, e.Exclude...); err != nil {
+					return fmt.Errorf("failed to move the current pb_data content to a temp location: %w", err)
+				}
+
+				// move the extracted archive content to the app's pb_data
+				if err := osutils.MoveDirContent(extractedDataDir, txApp.DataDir(), e.Exclude...); err != nil {
+					return fmt.Errorf("failed to move the extracted archive content to pb_data: %w", err)
+				}
+
+				return nil
+			})
+		})
+		if replaceErr != nil {
+			return replaceErr
 		}
 
 		revertDataDirChanges := func() error {
-			if err := osutils.MoveDirContent(e.App.DataDir(), extractedDataDir, e.Exclude...); err != nil {
-				return fmt.Errorf("failed to revert the extracted dir change: %w", err)
-			}
+			return e.App.RunInTransaction(func(txApp App) error {
+				return txApp.AuxRunInTransaction(func(txApp App) error {
+					if err := osutils.MoveDirContent(txApp.DataDir(), extractedDataDir, e.Exclude...); err != nil {
+						return fmt.Errorf("failed to revert the extracted dir change: %w", err)
+					}
 
-			if err := osutils.MoveDirContent(oldTempDataDir, e.App.DataDir(), e.Exclude...); err != nil {
-				return fmt.Errorf("failed to revert old pb_data dir change: %w", err)
-			}
+					if err := osutils.MoveDirContent(oldTempDataDir, txApp.DataDir(), e.Exclude...); err != nil {
+						return fmt.Errorf("failed to revert old pb_data dir change: %w", err)
+					}
 
-			return nil
+					return nil
+				})
+			})
 		}
 
 		// restart the app

core/base_backup_test.go

@@ -9,10 +9,10 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/archive"
-	"github.com/pocketbase/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/archive"
+	"github.com/tabshift-gh/pocketbase/tools/list"
 )
 
 func TestCreateBackup(t *testing.T) {

core/base_test.go

@@ -5,16 +5,17 @@ import (
 	"database/sql"
 	"log/slog"
 	"os"
+	"slices"
 	"testing"
 	"time"
 
 	_ "unsafe"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/logger"
-	"github.com/pocketbase/pocketbase/tools/mailer"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/logger"
+	"github.com/tabshift-gh/pocketbase/tools/mailer"
 )
 
 func TestNewBaseApp(t *testing.T) {
@@ -99,9 +100,11 @@ func TestBaseAppBootstrap(t *testing.T) {
 	}
 
 	nilChecksBeforeReset := []nilCheck{
-		{"[before] concurrentDB", app.DB(), false},
+		{"[before] db", app.DB(), false},
+		{"[before] concurrentDB", app.ConcurrentDB(), false},
 		{"[before] nonconcurrentDB", app.NonconcurrentDB(), false},
-		{"[before] auxConcurrentDB", app.AuxDB(), false},
+		{"[before] auxDB", app.AuxDB(), false},
+		{"[before] auxConcurrentDB", app.AuxConcurrentDB(), false},
 		{"[before] auxNonconcurrentDB", app.AuxNonconcurrentDB(), false},
 		{"[before] settings", app.Settings(), false},
 		{"[before] logger", app.Logger(), false},
@@ -116,9 +119,11 @@ func TestBaseAppBootstrap(t *testing.T) {
 	}
 
 	nilChecksAfterReset := []nilCheck{
-		{"[after] concurrentDB", app.DB(), true},
+		{"[after] db", app.DB(), true},
+		{"[after] concurrentDB", app.ConcurrentDB(), true},
 		{"[after] nonconcurrentDB", app.NonconcurrentDB(), true},
-		{"[after] auxConcurrentDB", app.AuxDB(), true},
+		{"[after] auxDB", app.AuxDB(), true},
+		{"[after] auxConcurrentDB", app.AuxConcurrentDB(), true},
 		{"[after] auxNonconcurrentDB", app.AuxNonconcurrentDB(), true},
 		{"[after] settings", app.Settings(), false},
 		{"[after] logger", app.Logger(), false},
@@ -128,7 +133,7 @@ func TestBaseAppBootstrap(t *testing.T) {
 	runNilChecks(nilChecksAfterReset)
 }
 
-func TestNewBaseAppIsTransactional(t *testing.T) {
+func TestNewBaseAppTx(t *testing.T) {
 	const testDataDir = "./pb_base_app_test_data_dir/"
 	defer os.RemoveAll(testDataDir)
 
@@ -141,17 +146,34 @@ func TestNewBaseAppIsTransactional(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	if app.IsTransactional() {
-		t.Fatalf("Didn't expect the app to be transactional")
+	mustNotHaveTx := func(app core.App) {
+		if app.IsTransactional() {
+			t.Fatalf("Didn't expect the app to be transactional")
+		}
+
+		if app.TxInfo() != nil {
+			t.Fatalf("Didn't expect the app.txInfo to be loaded")
+		}
 	}
 
-	app.RunInTransaction(func(txApp core.App) error {
-		if !txApp.IsTransactional() {
+	mustHaveTx := func(app core.App) {
+		if !app.IsTransactional() {
 			t.Fatalf("Expected the app to be transactional")
 		}
 
+		if app.TxInfo() == nil {
+			t.Fatalf("Expected the app.txInfo to be loaded")
+		}
+	}
+
+	mustNotHaveTx(app)
+
+	app.RunInTransaction(func(txApp core.App) error {
+		mustHaveTx(txApp)
 		return nil
 	})
+
+	mustNotHaveTx(app)
 }
 
 func TestBaseAppNewMailClient(t *testing.T) {
@@ -354,8 +376,8 @@ func TestBaseAppRefreshSettingsLoggerMinLevelEnabled(t *testing.T) {
 			}
 
 			// silence query logs
-			app.DB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {}
-			app.DB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {}
+			app.ConcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {}
+			app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {}
 			app.NonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {}
 			app.NonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {}
 
@@ -378,3 +400,155 @@ func TestBaseAppRefreshSettingsLoggerMinLevelEnabled(t *testing.T) {
 		})
 	}
 }
+
+func TestBaseAppDBDualBuilder(t *testing.T) {
+	t.Parallel()
+
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	concurrentQueries := []string{}
+	nonconcurrentQueries := []string{}
+	app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
+		concurrentQueries = append(concurrentQueries, sql)
+	}
+	app.ConcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {
+		concurrentQueries = append(concurrentQueries, sql)
+	}
+	app.NonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
+		nonconcurrentQueries = append(nonconcurrentQueries, sql)
+	}
+	app.NonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {
+		nonconcurrentQueries = append(nonconcurrentQueries, sql)
+	}
+
+	type testQuery struct {
+		query        string
+		isConcurrent bool
+	}
+
+	regularTests := []testQuery{
+		{"  \n  sEleCt 1", true},
+		{"With abc(x) AS (select 2) SELECT x FROM abc", true},
+		{"create table t1(x int)", false},
+		{"insert into t1(x) values(1)", false},
+		{"update t1 set x = 2", false},
+		{"delete from t1", false},
+	}
+
+	txTests := []testQuery{
+		{"select 3", false},
+		{" \n WITH abc(x) AS (select 4) SELECT x FROM abc", false},
+		{"create table t2(x int)", false},
+		{"insert into t2(x) values(1)", false},
+		{"update t2 set x = 2", false},
+		{"delete from t2", false},
+	}
+
+	for _, item := range regularTests {
+		_, err := app.DB().NewQuery(item.query).Execute()
+		if err != nil {
+			t.Fatalf("Failed to execute query %q error: %v", item.query, err)
+		}
+	}
+
+	app.RunInTransaction(func(txApp core.App) error {
+		for _, item := range txTests {
+			_, err := txApp.DB().NewQuery(item.query).Execute()
+			if err != nil {
+				t.Fatalf("Failed to execute query %q error: %v", item.query, err)
+			}
+		}
+
+		return nil
+	})
+
+	allTests := append(regularTests, txTests...)
+	for _, item := range allTests {
+		if item.isConcurrent {
+			if !slices.Contains(concurrentQueries, item.query) {
+				t.Fatalf("Expected concurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries)
+			}
+		} else {
+			if !slices.Contains(nonconcurrentQueries, item.query) {
+				t.Fatalf("Expected nonconcurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries)
+			}
+		}
+	}
+}
+
+func TestBaseAppAuxDBDualBuilder(t *testing.T) {
+	t.Parallel()
+
+	app, _ := tests.NewTestApp()
+	defer app.Cleanup()
+
+	concurrentQueries := []string{}
+	nonconcurrentQueries := []string{}
+	app.AuxConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
+		concurrentQueries = append(concurrentQueries, sql)
+	}
+	app.AuxConcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {
+		concurrentQueries = append(concurrentQueries, sql)
+	}
+	app.AuxNonconcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
+		nonconcurrentQueries = append(nonconcurrentQueries, sql)
+	}
+	app.AuxNonconcurrentDB().(*dbx.DB).ExecLogFunc = func(ctx context.Context, t time.Duration, sql string, result sql.Result, err error) {
+		nonconcurrentQueries = append(nonconcurrentQueries, sql)
+	}
+
+	type testQuery struct {
+		query        string
+		isConcurrent bool
+	}
+
+	regularTests := []testQuery{
+		{"  \n  sEleCt 1", true},
+		{"With abc(x) AS (select 2) SELECT x FROM abc", true},
+		{"create table t1(x int)", false},
+		{"insert into t1(x) values(1)", false},
+		{"update t1 set x = 2", false},
+		{"delete from t1", false},
+	}
+
+	txTests := []testQuery{
+		{"select 3", false},
+		{" \n WITH abc(x) AS (select 4) SELECT x FROM abc", false},
+		{"create table t2(x int)", false},
+		{"insert into t2(x) values(1)", false},
+		{"update t2 set x = 2", false},
+		{"delete from t2", false},
+	}
+
+	for _, item := range regularTests {
+		_, err := app.AuxDB().NewQuery(item.query).Execute()
+		if err != nil {
+			t.Fatalf("Failed to execute query %q error: %v", item.query, err)
+		}
+	}
+
+	app.AuxRunInTransaction(func(txApp core.App) error {
+		for _, item := range txTests {
+			_, err := txApp.AuxDB().NewQuery(item.query).Execute()
+			if err != nil {
+				t.Fatalf("Failed to execute query %q error: %v", item.query, err)
+			}
+		}
+
+		return nil
+	})
+
+	allTests := append(regularTests, txTests...)
+	for _, item := range allTests {
+		if item.isConcurrent {
+			if !slices.Contains(concurrentQueries, item.query) {
+				t.Fatalf("Expected concurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries)
+			}
+		} else {
+			if !slices.Contains(nonconcurrentQueries, item.query) {
+				t.Fatalf("Expected nonconcurrent query\n%q\ngot\nconcurrent:%v\nnonconcurrent:%v", item.query, concurrentQueries, nonconcurrentQueries)
+			}
+		}
+	}
+}

core/collection_import_test.go

@@ -6,8 +6,8 @@ import (
 	"testing"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestImportCollections(t *testing.T) {

core/collection_model.go

@@ -7,10 +7,10 @@ import (
 	"strings"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/security"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 	"github.com/spf13/cast"
 )
 
@@ -1062,7 +1062,7 @@ func (c *Collection) fieldIndexName(field string) string {
 	} else if c.Name != "" {
 		name += c.Name
 	} else {
-		name += security.PseudorandomString(10)
+		name += security.PseudorandomStringWithAlphabet(10, DefaultIdAlphabet)
 	}
 
 	if len(name) > 64 {

core/collection_model_auth_options.go

@@ -7,10 +7,10 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/go-ozzo/ozzo-validation/v4/is"
-	"github.com/pocketbase/pocketbase/tools/auth"
-	"github.com/pocketbase/pocketbase/tools/list"
-	"github.com/pocketbase/pocketbase/tools/security"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/tools/auth"
+	"github.com/tabshift-gh/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 	"github.com/spf13/cast"
 )
 
@@ -461,7 +461,7 @@ type OAuth2ProviderConfig struct {
 	//
 	// This usually shouldn't be needed but some OAuth2 vendors, like the LinkedIn OIDC,
 	// may require manual adjustment due to returning error if extra parameters are added to the request
-	// (https://github.com/pocketbase/pocketbase/discussions/3799#discussioncomment-7640312)
+	// (https://github.com/tabshift-gh/pocketbase/discussions/3799#discussioncomment-7640312)
 	PKCE *bool `form:"pkce" json:"pkce"`
 
 	Name         string         `form:"name" json:"name"`

core/collection_model_auth_options_test.go

@@ -8,10 +8,10 @@ import (
 	"testing"
 	"time"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/auth"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/auth"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestCollectionAuthOptionsValidate(t *testing.T) {

core/collection_model_test.go

@@ -11,11 +11,11 @@ import (
 	"testing"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
-	"github.com/pocketbase/pocketbase/tools/hook"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/tools/hook"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestNewCollection(t *testing.T) {
@@ -1623,7 +1623,7 @@ func TestCollectionSaveViewWrapping(t *testing.T) {
 
 			var sql string
 
-			rowErr := app.DB().NewQuery("SELECT sql FROM sqlite_master WHERE type='view' AND name={:name}").
+			rowErr := app.ConcurrentDB().NewQuery("SELECT sql FROM sqlite_master WHERE type='view' AND name={:name}").
 				Bind(dbx.Params{"name": viewName}).
 				Row(&sql)
 			if rowErr != nil {

core/collection_model_view_options_test.go

@@ -3,8 +3,8 @@ package core_test
 import (
 	"testing"
 
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
 )
 
 func TestCollectionViewOptionsValidate(t *testing.T) {

core/collection_query.go

@@ -10,7 +10,7 @@ import (
 	"strings"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/list"
 )
 
 const StoreKeyCachedCollections = "pbAppCachedCollections"
@@ -38,7 +38,7 @@ func (app *BaseApp) FindAllCollections(collectionTypes ...string) ([]*Collection
 		q.AndWhere(dbx.In("type", list.ToInterfaceSlice(types)...))
 	}
 
-	err := q.OrderBy("created ASC").All(&collections)
+	err := q.OrderBy("rowid ASC").All(&collections)
 	if err != nil {
 		return nil, err
 	}
@@ -299,7 +299,7 @@ func saveViewCollection(app App, newCollection, oldCollection *Collection) error
 // normalizeViewQueryId wraps (if necessary) the provided view query
 // with a subselect to ensure that the id column is a text since
 // currently we don't support non-string model ids
-// (see https://github.com/pocketbase/pocketbase/issues/3110).
+// (see https://github.com/tabshift-gh/pocketbase/issues/3110).
 func normalizeViewQueryId(app App, query string) (string, error) {
 	query = strings.Trim(strings.TrimSpace(query), ";")
 

core/collection_query_test.go

@@ -12,9 +12,9 @@ import (
 	"time"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/list"
 )
 
 func TestCollectionQuery(t *testing.T) {
@@ -153,7 +153,7 @@ func TestFindCachedCollectionByNameOrId(t *testing.T) {
 	defer app.Cleanup()
 
 	totalQueries := 0
-	app.DB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
+	app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
 		totalQueries++
 	}
 
@@ -272,7 +272,7 @@ func TestFindCachedCollectionReferences(t *testing.T) {
 	}
 
 	totalQueries := 0
-	app.DB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
+	app.ConcurrentDB().(*dbx.DB).QueryLogFunc = func(ctx context.Context, t time.Duration, sql string, rows *sql.Rows, err error) {
 		totalQueries++
 	}
 

core/collection_record_table_sync.go

@@ -8,8 +8,8 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
-	"github.com/pocketbase/pocketbase/tools/security"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/tools/security"
 )
 
 // SyncRecordTableSchema compares the two provided collections
@@ -144,7 +144,7 @@ func (app *BaseApp) SyncRecordTableSchema(newCollection *Collection, oldCollecti
 
 	// run optimize per the SQLite recommendations
 	// (https://www.sqlite.org/pragma.html#pragma_optimize)
-	_, optimizeErr := app.DB().NewQuery("PRAGMA optimize").Execute()
+	_, optimizeErr := app.NonconcurrentDB().NewQuery("PRAGMA optimize").Execute()
 	if optimizeErr != nil {
 		app.Logger().Warn("Failed to run PRAGMA optimize after record table sync", slog.String("error", optimizeErr.Error()))
 	}
@@ -310,7 +310,8 @@ func dropCollectionIndexes(app App, collection *Collection) error {
 				continue
 			}
 
-			if _, err := app.DB().NewQuery(fmt.Sprintf("DROP INDEX IF EXISTS [[%s]]", parsed.IndexName)).Execute(); err != nil {
+			_, err := txApp.DB().NewQuery(fmt.Sprintf("DROP INDEX IF EXISTS [[%s]]", parsed.IndexName)).Execute()
+			if err != nil {
 				return err
 			}
 		}

core/collection_record_table_sync_test.go

@@ -6,10 +6,10 @@ import (
 	"testing"
 
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core"
-	"github.com/pocketbase/pocketbase/tests"
-	"github.com/pocketbase/pocketbase/tools/list"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core"
+	"github.com/tabshift-gh/pocketbase/tests"
+	"github.com/tabshift-gh/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 func TestSyncRecordTableSchema(t *testing.T) {

core/collection_validate.go

@@ -9,11 +9,11 @@ import (
 
 	validation "github.com/go-ozzo/ozzo-validation/v4"
 	"github.com/pocketbase/dbx"
-	"github.com/pocketbase/pocketbase/core/validators"
-	"github.com/pocketbase/pocketbase/tools/dbutils"
-	"github.com/pocketbase/pocketbase/tools/list"
-	"github.com/pocketbase/pocketbase/tools/search"
-	"github.com/pocketbase/pocketbase/tools/types"
+	"github.com/tabshift-gh/pocketbase/core/validators"
+	"github.com/tabshift-gh/pocketbase/tools/dbutils"
+	"github.com/tabshift-gh/pocketbase/tools/list"
+	"github.com/tabshift-gh/pocketbase/tools/search"
+	"github.com/tabshift-gh/pocketbase/tools/types"
 )
 
 var collectionNameRegex = regexp.MustCompile(`^\w+$`)
@@ -87,7 +87,7 @@ func (validator *collectionValidator) run() error {
 				validator.original.IsNew(),
 				validation.Length(1, 100),
 				validation.Match(DefaultIdRegex),
-				validation.By(validators.UniqueId(validator.app.DB(), validator.new.TableName())),
+				validation.By(validators.UniqueId(validator.app.ConcurrentDB(), validator.new.TableName())),
 			).Else(
 				validation.By(validators.Equal(validator.original.Id)),
 			),
@@ -558,7 +558,7 @@ func (cv *collectionValidator) checkIndexes(value any) error {
 
 		// ensure that the index name is not used in another collection
 		var usedTblName string
-		_ = cv.app.DB().Select("tbl_name").
+		_ = cv.app.ConcurrentDB().Select("tbl_name").
 			From("sqlite_master").
 			AndWhere(dbx.HashExp{"type": "index"}).
 			AndWhere(dbx.NewExp("LOWER([[tbl_name]])!=LOWER({:oldName})", dbx.Params{"oldName": cv.original.Name})).