mirror of
https://github.com/fosrl/pangolin.git
synced 2026-07-15 21:31:24 -05:00
[PR #3199] fix: blueprint apply fails with UNIQUE constraint on certificates.dom… #26850
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
📋 Pull Request Information
Original PR: https://github.com/fosrl/pangolin/pull/3199
Author: @Adityakk9031
Created: 6/1/2026
Status: 🔄 Open
Base:
dev← Head:#2937📝 Commits (1)
92f9c11fix: blueprint apply fails with UNIQUE constraint on certificates.domain (#2937)📊 Changes
1 file changed (+13 additions, -18 deletions)
View changed files
📝
server/private/routers/certificates/createCertificate.ts(+13 -18)📄 Description
Problem
Applying a blueprint with a resource under a wildcard subdomain (e.g. *.web.domain.com) fails with:
SqliteError: UNIQUE constraint failed: certificates.domain
Resources under a top-level wildcard (e.g. *.domain.com) succeed. Only deeper wildcard domains are affected.
Root Cause
createCertificate checked for an existing cert by filtering on both domainId and domain. However, certificates.domain has a global unique constraint (not per-domainId).
When getDomainId() resolves a full-domain to a parent domain (e.g. domain.com → domainId = "domain1") instead of the more specific web.domain.com domain, the domainId used in the check doesn't match the existing cert's stored domainId. The check silently misses the cert and falls through to INSERT — which then crashes on the global unique constraint.
Fix
Removed domainId from the existing-cert WHERE clause. Since certificates.domain is globally unique, checking by domain value alone is correct and sufficient.
Added .onConflictDoNothing() to the INSERT as a safety net for any remaining edge cases.
Files Changed
server/private/routers/certificates/createCertificate.ts
Fixes
Closes #2937
🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.