diff --git a/server/graph/generated/generated.go b/server/graph/generated/generated.go
index 93b07be..a6bc86a 100644
--- a/server/graph/generated/generated.go
+++ b/server/graph/generated/generated.go
@@ -533,7 +533,7 @@ input SignUpInput {
   lastName: String
   email: String!
   password: String!
-  cofirmPassword: String!
+  confirmPassword: String!
   image: String
 }
 
@@ -3311,11 +3311,11 @@ func (ec *executionContext) unmarshalInputSignUpInput(ctx context.Context, obj i
 			if err != nil {
 				return it, err
 			}
-		case "cofirmPassword":
+		case "confirmPassword":
 			var err error
 
-			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("cofirmPassword"))
-			it.CofirmPassword, err = ec.unmarshalNString2string(ctx, v)
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("confirmPassword"))
+			it.ConfirmPassword, err = ec.unmarshalNString2string(ctx, v)
 			if err != nil {
 				return it, err
 			}
diff --git a/server/graph/model/models_gen.go b/server/graph/model/models_gen.go
index ad21f94..c880d39 100644
--- a/server/graph/model/models_gen.go
+++ b/server/graph/model/models_gen.go
@@ -38,12 +38,12 @@ type Response struct {
 }
 
 type SignUpInput struct {
-	FirstName      *string `json:"firstName"`
-	LastName       *string `json:"lastName"`
-	Email          string  `json:"email"`
-	Password       string  `json:"password"`
-	CofirmPassword string  `json:"cofirmPassword"`
-	Image          *string `json:"image"`
+	FirstName       *string `json:"firstName"`
+	LastName        *string `json:"lastName"`
+	Email           string  `json:"email"`
+	Password        string  `json:"password"`
+	ConfirmPassword string  `json:"confirmPassword"`
+	Image           *string `json:"image"`
 }
 
 type UpdateProfileInput struct {
diff --git a/server/graph/schema.graphqls b/server/graph/schema.graphqls
index bb5362e..1b988b5 100644
--- a/server/graph/schema.graphqls
+++ b/server/graph/schema.graphqls
@@ -47,7 +47,7 @@ input SignUpInput {
   lastName: String
   email: String!
   password: String!
-  cofirmPassword: String!
+  confirmPassword: String!
   image: String
 }
 
diff --git a/server/graph/schema.resolvers.go b/server/graph/schema.resolvers.go
index 6a7bf95..b9501e8 100644
--- a/server/graph/schema.resolvers.go
+++ b/server/graph/schema.resolvers.go
@@ -65,7 +65,5 @@ func (r *Resolver) Mutation() generated.MutationResolver { return &mutationResol
 // Query returns generated.QueryResolver implementation.
 func (r *Resolver) Query() generated.QueryResolver { return &queryResolver{r} }
 
-type (
-	mutationResolver struct{ *Resolver }
-	queryResolver    struct{ *Resolver }
-)
+type mutationResolver struct{ *Resolver }
+type queryResolver struct{ *Resolver }
diff --git a/server/handlers/verifyEmailhandler.go b/server/handlers/verifyEmailhandler.go
new file mode 100644
index 0000000..821a015
--- /dev/null
+++ b/server/handlers/verifyEmailhandler.go
@@ -0,0 +1,69 @@
+package handlers
+
+import (
+	"fmt"
+	"net/http"
+	"time"
+
+	"github.com/gin-gonic/gin"
+	"github.com/yauthdev/yauth/server/constants"
+	"github.com/yauthdev/yauth/server/db"
+	"github.com/yauthdev/yauth/server/enum"
+	"github.com/yauthdev/yauth/server/session"
+	"github.com/yauthdev/yauth/server/utils"
+)
+
+// Defining the Graphql handler
+func VerifyEmail() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		errorRes := gin.H{
+			"message": "invalid token",
+		}
+		token := c.Query("token")
+		if token == "" {
+			c.JSON(400, errorRes)
+			return
+		}
+
+		_, err := db.Mgr.GetVerificationByToken(token)
+		if err != nil {
+			c.JSON(400, errorRes)
+			return
+		}
+
+		// verify if token exists in db
+		claim, err := utils.VerifyVerificationToken(token)
+		if err != nil {
+			c.JSON(400, errorRes)
+			return
+		}
+
+		user, err := db.Mgr.GetUserByEmail(claim.Email)
+		if err != nil {
+			c.JSON(400, gin.H{
+				"message": err.Error(),
+			})
+			return
+		}
+
+		// update email_verified_at in users table
+		db.Mgr.UpdateVerificationTime(time.Now().Unix(), user.ID)
+		// delete from verification table
+		db.Mgr.DeleteToken(claim.Email)
+
+		userIdStr := fmt.Sprintf("%d", user.ID)
+		refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
+			ID:    userIdStr,
+			Email: user.Email,
+		}, enum.RefreshToken)
+
+		accessToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
+			ID:    userIdStr,
+			Email: user.Email,
+		}, enum.AccessToken)
+
+		session.SetToken(userIdStr, refreshToken)
+		utils.SetCookie(c, accessToken)
+		c.Redirect(http.StatusTemporaryRedirect, constants.FRONTEND_URL)
+	}
+}
diff --git a/server/resolvers/signup.go b/server/resolvers/signup.go
index cc9e1b7..8c9fb7d 100644
--- a/server/resolvers/signup.go
+++ b/server/resolvers/signup.go
@@ -15,7 +15,7 @@ import (
 
 func Signup(ctx context.Context, params model.SignUpInput) (*model.Response, error) {
 	var res *model.Response
-	if params.CofirmPassword != params.Password {
+	if params.ConfirmPassword != params.Password {
 		return res, fmt.Errorf(`passowrd and confirm password does not match`)
 	}
 
diff --git a/server/server.go b/server/server.go
index 7e617d6..373da0d 100644
--- a/server/server.go
+++ b/server/server.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"log"
 
 	"github.com/gin-gonic/gin"
 	"github.com/yauthdev/yauth/server/enum"
@@ -17,11 +18,31 @@ func GinContextToContextMiddleware() gin.HandlerFunc {
 	}
 }
 
+func CORSMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		origin := c.Request.Header.Get("Origin")
+		log.Println("-> origin", origin)
+		c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
+		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
+
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(204)
+			return
+		}
+
+		c.Next()
+	}
+}
+
 func main() {
 	r := gin.Default()
 	r.Use(GinContextToContextMiddleware())
+	r.Use(CORSMiddleware())
 	r.GET("/", handlers.PlaygroundHandler())
 	r.POST("/graphql", handlers.GraphqlHandler())
+	r.GET("/verify_email", handlers.VerifyEmail())
 	if oauth.OAuthProvider.GoogleConfig != nil {
 		r.GET("/login/google", handlers.HandleOAuthLogin(enum.GoogleProvider))
 		r.GET("/callback/google", handlers.HandleOAuthCallback(enum.GoogleProvider))
diff --git a/server/utils/email.go b/server/utils/email.go
index a5f8ea5..a73f059 100644
--- a/server/utils/email.go
+++ b/server/utils/email.go
@@ -26,7 +26,7 @@ func SendVerificationMail(toEmail, token string) error {
 		<a href="%s">Click here to verify</a>
 	</body>
 	</html>
-	`, constants.FRONTEND_URL+"/"+constants.VERIFY_EMAIL_URI+"?token="+token)
+	`, constants.SERVER_URL+"/verify_email"+"?token="+token)
 	bodyMessage := sender.WriteHTMLEmail(Receiver, Subject, message)
 
 	return sender.SendMail(Receiver, Subject, bodyMessage)