I just checked the code and it was a small demo/front-end issue of assigning the player_id (in javascript)... have corrected it now : )

The logic of back end api (written in go, commitment stored in firestore), is intact, the 409 will come only if the same user tries to commit again before the reveal, this is by design.