A race condition was allowing the same email to be subscribed multiple times if the user double-clicked the subscribe button.
How it happened
Two requests would arrive nearly simultaneously. Both would check if the email exists, find nothing, and both would insert a new row.
The fix
We added a unique constraint on (project_id, email) in the database, combined with proper error handling:
ALTER TABLE subscribers
ADD CONSTRAINT unique_project_email
UNIQUE (project_id, email);The subscribe endpoint now:
Attempts the insert
Catches the unique violation
Returns a friendly "You're already subscribed!" message
Existing duplicate entries have been cleaned up — the most recent subscription status was kept.