diff --git a/src/routes/auth.nim b/src/routes/auth.nim
index 56bf970..253ea63 100644
--- a/src/routes/auth.nim
+++ b/src/routes/auth.nim
@@ -15,11 +15,23 @@ proc createAuthenticationRoutes*() =
       returns: JSON
     ]#
     post "/api/v1/newUser":
-      # TODO: sanitization + check if username and email are unique
       if @"username".isEmptyOrWhitespace() or @"email".isEmptyOrWhitespace() or
           @"password".isEmptyOrWhitespace():
         resp Http403, "Not all required parameters are provided.\n"
 
+      block UniqueParametersCheck:
+        try:
+          var user = newUser()
+          db.select(user, """"User".username = $1""", @"username")
+        except NotFoundError:
+          try:
+            var user = newUser()
+            db.select(user, """"User".email = $1""", @"email")
+          except NotFoundError:
+            break UniqueParametersCheck
+          resp Http403, "A user with that email already exists.\n"
+        resp Http403, "A user with that username already exists.\n"
+
       var user = newUser(@"username", @"email", @"password")
       db.insert(user)
 
diff --git a/src/types/users.nim b/src/types/users.nim
index 3fd89c9..0a442a9 100644
--- a/src/types/users.nim
+++ b/src/types/users.nim
@@ -1,13 +1,13 @@
 import std/oids
-import norm/[model, postgres]
+import norm/[model, postgres, pragmas]
 import checksums/sha3
 
 # define user object
 type User* = ref object of Model
-  username*: string # should be unique
-  email*: string    # should be unique
+  username* {.unique.}: string
+  email* {.unique.}: string
   password*: string # sha3-512 hash
-  token*: string    # should be unique
+  token* {.unique.}: string
   fileCount*: int = 0
 
 # checks if the provided token exists in the database