3 files changed, 20 insertions, 12 deletions

diff --git a/src/routes/login.rs b/src/routes/login.rs
index 665659e..0e1e825 100644
--- a/src/routes/login.rs
+++ b/src/routes/login.rs
@@ -31,7 +31,7 @@ impl Login {
             ..
         } = sqlx::query_as!(
             UserSchema,
-            "SELECT * FROM users WHERE email = $1",
+            "SELECT * FROM users WHERE email = $1 LIMIT 1",
             email.to_ascii_lowercase()
         )
         .fetch_optional(&state.pool)
diff --git a/src/routes/register.rs b/src/routes/register.rs
index 5e06ae6..286e70f 100644
--- a/src/routes/register.rs
+++ b/src/routes/register.rs
@@ -35,7 +35,7 @@ impl Register {
         email_address::EmailAddress::from_str(&email)?;
 
         let exists: Option<bool> =
-            sqlx::query_scalar("SELECT EXISTS(SELECT 1 FROM users WHERE email = $1)")
+            sqlx::query_scalar("SELECT EXISTS(SELECT 1 FROM users WHERE email = $1 LIMIT 1)")
                 .bind(email.to_ascii_lowercase())
                 .fetch_one(&state.pool)
                 .await?;
diff --git a/src/routes/user.rs b/src/routes/user.rs
index 04ab500..73eef04 100644
--- a/src/routes/user.rs
+++ b/src/routes/user.rs
@@ -18,11 +18,15 @@ impl UserUuid {
     /// Get a user with a specific `uuid`
     #[tracing::instrument]
     pub async fn get(self, State(state): State<Arc<AppState>>) -> impl IntoResponse {
-        sqlx::query_as!(UserSchema, "SELECT * FROM users WHERE uuid = $1", self.uuid)
-            .fetch_optional(&state.pool)
-            .await?
-            .ok_or_else(|| Error::UserNotFound)
-            .map(Json)
+        sqlx::query_as!(
+            UserSchema,
+            "SELECT * FROM users WHERE uuid = $1 LIMIT 1",
+            self.uuid
+        )
+        .fetch_optional(&state.pool)
+        .await?
+        .ok_or_else(|| Error::UserNotFound)
+        .map(Json)
     }
 }
 
@@ -37,11 +41,15 @@ impl User {
         State(state): State<Arc<AppState>>,
         Extension(Claims { sub, .. }): Extension<Claims>,
     ) -> Result<impl IntoResponse, Error> {
-        sqlx::query_as!(UserSchema, "SELECT * FROM users WHERE uuid = $1", sub)
-            .fetch_optional(&state.pool)
-            .await?
-            .ok_or_else(|| Error::UserNotFound)
-            .map(Json)
+        sqlx::query_as!(
+            UserSchema,
+            "SELECT * FROM users WHERE uuid = $1 LIMIT 1",
+            sub
+        )
+        .fetch_optional(&state.pool)
+        .await?
+        .ok_or_else(|| Error::UserNotFound)
+        .map(Json)
     }
 }