LastVerificationSentAt is updated before than expected

[ErikPelli]

I use pocketbase (latest, v0.17.4) as a framework for a test project and I'm trying to rate limit the verification email send.

I actually have this simple code:

// Send verification email every 30 minutes
app.OnRecordBeforeRequestVerificationRequest().Add(func(e *core.RecordRequestVerificationEvent) error {
    lastTime := e.Record.LastVerificationSentAt()
    if !lastTime.IsZero() {
	    if time.Now().Before(lastTime.Time().Add(30 * time.Minute)) {
		    return errors.New("you must wait 30 minutes for another mail verification")
	    }
    }
    return nil
})

Actually, value of e.Record.LastVerificationSentAt() is updated before entering this function. In my mind, this function is executed before sending verification email (and it is, effectively).

Its value should be updated when sending the email (so after the execution of this OnRecordBeforeRequestVerificationRequest function).

This code should work, but actually this function always return the error, even for the verification of a new user during the sign up and, if i stop pocketbase and check sqlite, the value in the column is an empty string.
So actually the lastVerificationAt is updated in memory before this function but not persisted.

[ganigeorgiev]

Hm, this was done for consistency as usually the form data are loaded in the record before the hook interceptors, but I agree in this specific case is kindof strange.

I've added it in the roadmap and will consider updating it for v0.18.0 after the ongoing JS SDK refactoring.

As a workaround, you should be able to retrieve the original LastVerificationSentAt() value by calling e.Record.OriginalCopy().LastVerificationSentAt().

[ganigeorgiev]

Side-note: internally we have a similar check to the above one but it is for 2 mins, which should be OK for most applications.