I am developing an authentication system using express, So I have a unique email field in the database
should I check the email first and if it exists throw a new custom error Or let the database throw the error?
I want to know what is better
Question posted in PostgreSQL
The official documentation can be found here.
2
Answers
Consumers of your API don’t and shouldn’t know what kind of database you use.
The error that makes it back to them should encapsulate all of it and specifically tell them what is wrong in some standard format with a good HTTP status code.
Database-specific errors leaking to the user should usually be considered a bug.
Both.
You should write code to check that the email exists before you attempt the insert.
But if that check finds no email, you might still get an error, because of a race condition. For example, in the brief moment between checking for the email and then proceeding to insert the row, some other concurrent session may insert its own row using that email. So your insert will get a duplicate key error in that case, even though you had checked and found the email not present.
Then why bother checking? Because if you use a table with an
auto_incrementprimary key, a failed insert generates and then discards an auto-increment value.This might seem like a rare and insignificant amount of waste. Also, we don’t care that auto-increment id’s are consecutive.
But I did help fix an application for a customer where they had a problem that new users were trying 1500 times to create unique accounts before succeeding. So they were "losing" thousands of auto-increment id’s for every account. After a couple of months, they exhausted the range of the signed integer.
The fix I recommended was to first check that the email doesn’t exist, to avoid attempting the insert if the email is found. But you still have to handle the race condition just in case.