CREATE TABLE "accessRequest" (
"id" text PRIMARY KEY NOT NULL,
"username" text NOT NULL,
"displayUsername" text,
"name" text NOT NULL,
"email" text NOT NULL,
"reason" text NOT NULL,
"status" text DEFAULT 'pending' NOT NULL,
"requestedAt" timestamp DEFAULT now() NOT NULL,
"reviewedAt" timestamp,
"reviewedBy" text,
"reviewerNotes" text,
"createdAt" timestamp DEFAULT now() NOT NULL,
"updatedAt" timestamp DEFAULT now() NOT NULL,
CONSTRAINT "accessRequest_username_unique" UNIQUE("username"),
CONSTRAINT "accessRequest_email_unique" UNIQUE("email")
);
Add unique constraint on
emailcolumn to prevent race conditions.The
accessRequesttable has a unique constraint onusernamebut not onemail. The API code checks for duplicate emails, but without a database-level constraint, concurrent requests with the same email could both pass the application check and create duplicates.🔎 Proposed fix
📝 Committable suggestion
🤖 Prompt for AI Agents
Originally posted by @coderabbitai[bot] in #1 (comment)