fix: default role values

feat/use opend id standard claims

.env.sample

@@ -2,6 +2,14 @@ ENV=production
 DATABASE_URL=data.db
 DATABASE_TYPE=sqlite
 ADMIN_SECRET=admin
-DISABLE_EMAIL_VERIFICATION=true
 JWT_SECRET=random_string
-JWT_TYPE=HS256
+SENDER_EMAIL=username
+SENDER_PASSWORD=password
+SMTP_HOST=smtp.mailtrap.io
+SMTP_PORT=2525
+JWT_TYPE=HS256
+ROLES=user
+DEFAULT_ROLES=user
+PROTECTED_ROLES=admin
+JWT_ROLE_CLAIM=role
+CUSTOM_ACCESS_TOKEN_SCRIPT=function(user,tokenPayload){var data = tokenPayload;data.extra = {'x-extra-id': user.id};return data;}

.github/CONTRIBUTING.md

@@ -10,7 +10,7 @@ We're so excited you're interested in helping with Authorizer! We are happy to h
 ## Where to ask questions?
 
 1. Check our [Github Issues](https://github.com/authorizerdev/authorizer/issues) to see if someone has already answered your question.
-2. Join our community on [Discord](https://discord.gg/WDvCxwkX) and feel free to ask us your questions
+2. Join our community on [Discord](https://discord.gg/Zv2D5h6kkK) and feel free to ask us your questions
 
 As you gain experience with Authorizer, please help answer other people's questions! :pray:
 
@@ -19,7 +19,7 @@ As you gain experience with Authorizer, please help answer other people's questi
 You can get started by taking a look at our [Github issues](https://github.com/authorizerdev/authorizer/issues)  
 If you find one that looks interesting and no one else is already working on it, comment on that issue and start contributing 🙂.
 
-Please ask as many questions as you need, either directly in the issue or on [Discord](https://discord.gg/WDvCxwkX). We're happy to help!:raised_hands:
+Please ask as many questions as you need, either directly in the issue or on [Discord](https://discord.gg/Zv2D5h6kkK). We're happy to help!:raised_hands:
 
 ### Contributions that are ALWAYS welcome
 
@@ -49,3 +49,192 @@ Please ask as many questions as you need, either directly in the issue or on [Di
 5. Build the code `make clean && make`
    > Note: if you don't have [`make`](https://www.ibm.com/docs/en/aix/7.2?topic=concepts-make-command), you can `cd` into `server` dir and build using the `go build` command
 6. Run binary `./build/server`
+
+### Testing
+
+Make sure you test before creating PR.
+
+If you want to test for all the databases that authorizer supports you will have to run `mongodb` & `arangodb` instances locally.
+
+Setup mongodb & arangodb using Docker
+
+```
+docker run --name mongodb -d -p 27017:27017 mongo
+docker run --name arangodb -d -p 8529:8529 -e ARANGO_ROOT_PASSWORD=root arangodb/arangodb:3.8.4
+```
+> Note: If you are not making any changes in db schema / db operations, you can disable those db tests [here](https://github.com/authorizerdev/authorizer/blob/main/server/__test__/resolvers_test.go#L14)
+
+If you are adding new resolver, 
+1. create new resolver test file [here](https://github.com/authorizerdev/authorizer/tree/main/server/__test__)
+Naming convention filename: `resolver_name_test.go` function name: `resolverNameTest(s TestSetup, t *testing.T)`
+2. Add your tests [here](https://github.com/authorizerdev/authorizer/blob/main/server/__test__/resolvers_test.go#L38)
+
+__Command to run tests:__
+
+```sh
+make test
+```
+
+__Manual Testing:__
+
+For manually testing using graphql playground, you can paste following queries and mutations in your playground and test it
+
+```gql
+mutation Signup {
+  signup(params: {
+    email: "lakhan@yopmail.com",
+    password: "test",
+    confirm_password: "test",
+    given_name: "lakhan"
+  }) {
+    message
+    user {
+      id
+      family_name
+      given_name
+      email
+      email_verified
+    }
+  }
+}
+
+mutation ResendEamil {
+  resend_verify_email(params: {
+    email: "lakhan@yopmail.com"
+    identifier: "basic_auth_signup"
+  }) {
+    message
+  }
+}
+
+query GetVerifyRequests {
+  _verification_requests {
+    id
+    token
+    expires
+    identifier
+  }
+}
+
+mutation VerifyEmail {
+  verify_email(params: {
+    token: ""
+  }) {
+    access_token
+    expires_at
+    user {
+      id
+      email
+      given_name
+      email_verified
+    }
+  }
+}
+
+mutation Login {
+  login(params: {
+    email: "lakhan@yopmail.com",
+    password: "test"
+  }) {
+    access_token
+    expires_at
+    user {
+      id
+      family_name
+      given_name
+      email
+    }
+  }
+}
+
+query GetSession {
+  session {
+    access_token
+    expires_at
+    user {
+      id
+      given_name
+      family_name
+      email
+      email_verified
+      signup_methods
+      created_at
+      updated_at
+    }
+  }
+}
+
+mutation ForgotPassword {
+  forgot_password(params: {
+    email: "lakhan@yopmail.com"
+  }) {
+    message
+  }
+}
+
+mutation ResetPassword {
+  reset_password(params: {
+    token: ""
+    password: "test"
+    confirm_password: "test"
+  }) {
+    message
+  }
+}
+
+mutation UpdateProfile {
+  update_profile(params: {
+    family_name: "samani"
+  }) {
+    message
+  }
+}
+
+query GetUsers {
+  _users {
+    id
+    email
+    email_verified
+    given_name
+    family_name
+    picture
+    signup_methods
+    phone_number
+  }
+}
+
+mutation MagicLinkLogin {
+  magic_link_login(params: {
+    email: "test@yopmail.com"
+  }) {
+    message
+  }
+}
+
+mutation Logout {
+  logout {
+    message
+  }
+}
+
+mutation UpdateUser{
+  _update_user(params: {
+    id: "dafc9400-d603-4ade-997c-83fcd54bbd67",
+    roles: ["user", "admin"]
+  }) {
+    email
+    roles
+  }
+}
+
+mutation DeleteUser {
+  _delete_user(params: {
+    email: "signup.test134523@yopmail.com"
+  }) {
+    message
+  }
+}
+```
+
+
+

.github/workflows/release.yaml

@@ -3,58 +3,72 @@ on:
     types: [created]
 
 jobs:
-  releases-windows:
+  releases:
     name: Release Authorizer Binary
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        goos: [windows]
-        goarch: [amd64]
     steps:
       - uses: actions/checkout@v2
       - name: Install dependencies
         run: |
-          sudo apt-get install build-essential wget zip && \
-          wget https://golang.org/dl/go1.17.1.linux-amd64.tar.gz && \
-          sudo tar -C /usr/local -xzf go1.17.1.linux-amd64.tar.gz && \
-          echo PATH=$PATH:/usr/local/go/bin >> ~/.bashrc && \
-          source ~/.bashrc && \
-          export PATH=$PATH:/usr/local/go/bin && \
+          sudo apt-get install build-essential wget zip gcc-mingw-w64 && \
+          sudo apt-get remove --auto-remove golang-go && \
+          sudo rm -rf /usr/bin/go &&\
+          wget --progress=dot:mega https://golang.org/dl/go1.17.1.linux-amd64.tar.gz -O go-linux.tar.gz && \
+          sudo tar -zxf go-linux.tar.gz && \
+          sudo mv go /usr/bin/ && \
+          sudo mkdir -p /go/bin /go/src /go/pkg && \
+          export GO_HOME=/usr/bin/go && \
+          export GOPATH=/go && \
+          export PATH=${GOPATH}/bin:${GO_HOME}/bin/:$PATH && \
+          echo "/usr/bin/go/bin" >> $GITHUB_PATH
+          echo "/usr/bin/x86_64-w64-mingw32-gcc" >> GITHUB_PATH
+          go version && \
           wget --no-check-certificate --progress=dot:mega https://github.com/wangyoucao577/assets-uploader/releases/download/v0.3.0/github-assets-uploader-v0.3.0-linux-amd64.tar.gz -O github-assets-uploader.tar.gz && \
           tar -zxf github-assets-uploader.tar.gz && \
-          mv github-assets-uploader /usr/sbin/ && \
-          rm -f github-assets-uploader.tar.gz && \
+          sudo mv github-assets-uploader /usr/sbin/ && \
+          sudo rm -f github-assets-uploader.tar.gz && \
           github-assets-uploader -version
+      - name: Print Go paths
+        run: whereis go
       - name: Print Go Version
         run: go version
-      - name: Install windows dependencies
-        if: ${{ matrix.goos == 'windows'}}
-        run: sudo apt-get install gcc-mingw-w64
       - name: Set VERSION env
         run: echo VERSION=$(basename ${GITHUB_REF}) >> ${GITHUB_ENV}
-      - name: Echo Version
-        run: echo ${VERSION}
-      - name: Set CGO_ENABLED env
-        run: echo CGO_ENABLED=1 >> ${GITHUB_ENV}
-      - name: Set GOOS env
-        env: GOOS=${{matrix.goos}}
-      - name: Set Windows C Compiler GO env
-        if: ${{ matrix.goos == 'windows'}}
-        run: echo CC=/usr/bin/x86_64-w64-mingw32-gcc >> ${GITHUB_ENV}
-      - name: Create build
-        run: make clean && make build
-      - name: Package files
-        if: ${{ matrix.goos == 'windows'}}
+      - name: Copy .env file
+        run: mv .env.sample .env
+      - name: Package files for windows
         run: |
-          mv .env.sample .env && \
-          zip -vr authorizer-${VERSION}-windows-${matrix.goarch}.zip .env app build template && \
-          github-assets-uploader -f authorizer-${VERSION}-windows-${matrix.goarch}.zip -mediatype application/zip -repo authorizerdev/authorizer -token ${secrets.RELEASE_TOKEN} -tag ${VERSION}
+          make clean && \
+          CGO_ENABLED=1 GOOS=windows CC=/usr/bin/x86_64-w64-mingw32-gcc make && \
+          mv build/server build/server.exe && \
+          zip -vr authorizer-${VERSION}-windows-amd64.zip .env app/build build templates
+      - name: Package files for linux
+        run: |
+          make clean && \
+          CGO_ENABLED=1 make && \
+          tar cvfz authorizer-${VERSION}-linux-amd64.tar.gz .env app/build build templates
+      - name: Upload assets
+        run: |
+          github-assets-uploader -f authorizer-${VERSION}-windows-amd64.zip -mediatype application/zip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION} && \
+          github-assets-uploader -f authorizer-${VERSION}-linux-amd64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
 
-      # - uses: wangyoucao577/go-release-action@v1.20
-      #   with:
-      #     github_token: ${{ secrets.RELEASE_TOKEN }}
-      #     goos: ${{ matrix.goos }}
-      #     goarch: ${{ matrix.goarch }}
-      #     build_command: make clean && make
-      #     md5sum: FALSE
-      #     extra_files: .env.sample app build template
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: lakhansamani/authorizer
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          build-args: |
+            VERSION=${{ fromJSON(steps.meta.outputs.json).labels['org.opencontainers.image.version'] }}

.gitignore

@@ -6,3 +6,5 @@ build
 .env
 data.db
 .DS_Store
+.env.local
+*.tar.gz

Dockerfile

@@ -1,12 +1,13 @@
-FROM golang:1.16-alpine as builder
+FROM golang:1.17-alpine as builder
 WORKDIR /app
 COPY server server
 COPY Makefile .
 
-ARG VERSION=0.1.0-beta.0
-ENV VERSION="${VERSION}"
+ARG VERSION="latest"
+ENV VERSION="$VERSION"
 
-RUN apk add build-base &&\
+RUN echo "$VERSION"
+RUN apk add build-base nodejs &&\
     make clean && make && \
     chmod 777 build/server
 

Makefile

@@ -2,6 +2,8 @@ DEFAULT_VERSION=0.1.0-local
 VERSION := $(or $(VERSION),$(DEFAULT_VERSION))
 
 cmd:
-	cd server && CGO_ENABLED=1 GOOS=$(GOOS) CC=$(CC) go build -ldflags "-w -X main.Version=$(VERSION)" -o '../build/server'
+	cd server && go build -ldflags "-w -X main.VERSION=$(VERSION)" -o '../build/server'
 clean:
-	rm -rf build
+	rm -rf build
+test:
+	cd server && go clean --testcache && go test -v ./__test__

README.md

@@ -7,15 +7,15 @@
   Authorizer
 </h1>
 
-
-**Authorizer** is an open-source authentication and authorization solution for your applications. Bring your database and have complete control over the user information. You can self-host authorizer instances and connect to any SQL database.
+**Authorizer** is an open-source authentication and authorization solution for your applications. Bring your database and have complete control over the user information. You can self-host authorizer instances and connect to any database (Currently supports [Postgres](https://www.postgresql.org/), [MySQL](https://www.mysql.com/), [SQLite](https://www.sqlite.org/index.html), [SQLServer](https://www.microsoft.com/en-us/sql-server/), [MongoDB](https://mongodb.com/),[ArangoDB](https://www.arangodb.com/)).
 
 ## Table of contents
+
 - [Introduction](#introduction)
 - [Getting Started](#getting-started)
 - [Contributing](https://github.com/authorizerdev/authorizer/blob/main/.github/CONTRIBUTING.md)
 - [Docs](http://docs.authorizer.dev/)
-- [Join Community](https://discord.gg/2fXUQN3E)
+- [Join Community](https://discord.gg/Zv2D5h6kkK)
 
 # Introduction
 
@@ -28,16 +28,12 @@
 - ✅ Email verification
 - ✅ APIs to update profile securely
 - ✅ Forgot password flow using email
-- ✅ Social logins (Google, Github, more coming soon)
-
-## Project Status
-
-⚠️ **Authorizer is still an early beta! missing features and bugs are to be expected!** If you can stomach it, then bring authentication and authorization to your site today!
+- ✅ Social logins (Google, Github, Facebook, more coming soon)
+- ✅ Role-based access management
+- ✅ Password-less login with email and magic link
 
 ## Roadmap
 
-- Password-less login with email and magic link
-- Role-based access management system
 - Support more JWT encryption algorithms (Currently supporting HS256)
 - 2 Factor authentication
 - Back office (Admin dashboard to manage user)
@@ -65,20 +61,97 @@
 
 ## Trying out Authorizer
 
-This guide helps you practice using Authorizer to evaluate it before you use it in a production environment. It includes instructions for installing the Authorizer server in standalone mode.
+This guide helps you practice using Authorizer to evaluate it before you use it in a production environment. It includes instructions for installing the Authorizer server in local or standalone mode.
 
-## Installing a simple instance of Authorizer
+- [Install using source code](#install-using-source-code)
+- [Install using binaries](#install-using-binaries)
+- [Install instance on heroku](#install-instance-on-Heroku)
+- [Install instance on railway.app](#install-instance-on-railway)
+
+## Install using source code
+
+### Prerequisites
+
+- OS: Linux or macOS or windows
+- Go: (Golang)(https://golang.org/dl/) >= v1.15
+
+### Project Setup
+
+1. Fork the [authorizer](https://github.com/authorizerdev/authorizer) repository (**Skip this step if you have access to repo**)
+2. `git clone https://github.com/authorizerdev/authorizer.git`
+3. `cd authorizer`
+4. `cp .env.sample .env`. Check all the supported env [here](https://docs.authorizer.dev/core/env/)
+5. Build the code `make clean && make`
+   > Note: if you don't have [`make`](https://www.ibm.com/docs/en/aix/7.2?topic=concepts-make-command), you can `cd` into `server` dir and build using the `go build` command
+6. Run binary `./build/server`
+
+## Install using binaries
+
+Deploy / Try Authorizer using binaries. With each [Authorizer Release](https://github.com/authorizerdev/authorizer/releases)
+binaries are baked with required deployment files and bundled. You can download a specific version of it for the following operating systems:
+
+- Mac OSX
+- Linux
+
+### Step 1: Download and unzip bundle
+
+- Download the Bundle for the specific OS from the [release page](https://github.com/authorizerdev/authorizer/releases)
+
+> Note: For windows, we recommend running using docker image to run authorizer.
+
+- Unzip using following command
+
+  - Mac / Linux
+
+  ```sh
+  tar -zxf AUTHORIZER_VERSION -c authorizer
+  ```
+
+- Change directory to `authorizer`
+
+  ```sh
+  cd authorizer
+  ```
+
+### Step 2: Configure environment variables
+
+Required environment variables are pre-configured in `.env` file. But based on the production requirements, please configure more environment variables. You can refer to [environment variables docs](/core/env) for more information.
+
+### Step 3: Start Authorizer
+
+- Run following command to start authorizer
+
+  - For Mac / Linux users
+
+  ```sh
+  ./build/server
+  ```
+
+> Note: For mac users, you might have to give binary the permission to execute. Here is the command you can use to grant permission `xattr -d com.apple.quarantine build/server`
+
+## Install instance on Heroku
 
 Deploy Authorizer using [heroku](https://github.com/authorizerdev/authorizer-heroku) and quickly play with it in 30seconds
 <br/><br/>
 [![Deploy to Heroku](https://www.herokucdn.com/deploy/button.svg)](https://heroku.com/deploy?template=https://github.com/authorizerdev/authorizer-heroku)
 
+# Install instance on railway
+
+Deploy production ready Authorizer instance using [railway.app](https://github.com/authorizerdev/authorizer-railway) with postgres and redis for free and build with it in 30seconds
+<br/>
+
+[![Deploy on Railway](https://railway.app/button.svg)](https://railway.app/new/template?template=https%3A%2F%2Fgithub.com%2Fauthorizerdev%2Fauthorizer-railway&plugins=postgresql%2Credis&envs=ENV%2CDATABASE_TYPE%2CADMIN_SECRET%2CCOOKIE_NAME%2CJWT_ROLE_CLAIM%2CJWT_TYPE%2CJWT_SECRET%2CFACEBOOK_CLIENT_ID%2CFACEBOOK_CLIENT_SECRET%2CGOOGLE_CLIENT_ID%2CGOOGLE_CLIENT_SECRET%2CGITHUB_CLIENT_ID%2CGITHUB_CLIENT_SECRET%2CALLOWED_ORIGINS%2CROLES%2CPROTECTED_ROLES%2CDEFAULT_ROLES&optionalEnvs=FACEBOOK_CLIENT_ID%2CFACEBOOK_CLIENT_SECRET%2CGOOGLE_CLIENT_ID%2CGOOGLE_CLIENT_SECRET%2CGITHUB_CLIENT_ID%2CGITHUB_CLIENT_SECRET%2CALLOWED_ORIGINS%2CROLES%2CPROTECTED_ROLES%2CDEFAULT_ROLES&ENVDesc=Deployment+environment&DATABASE_TYPEDesc=With+railway+we+are+deploying+postgres+db&ADMIN_SECRETDesc=Secret+to+access+the+admin+apis&COOKIE_NAMEDesc=Name+of+http+only+cookie+that+will+be+used+as+session&FACEBOOK_CLIENT_IDDesc=Facebook+client+ID+for+facebook+login&FACEBOOK_CLIENT_SECRETDesc=Facebook+client+secret+for+facebook+login&GOOGLE_CLIENT_IDDesc=Google+client+ID+for+google+login&GOOGLE_CLIENT_SECRETDesc=Google+client+secret+for+google+login&GITHUB_CLIENT_IDDesc=Github+client+ID+for+github+login&GITHUB_CLIENT_SECRETDesc=Github+client+secret+for+github+login&ALLOWED_ORIGINSDesc=Whitelist+the+URL+for+which+this+instance+of+authorizer+is+allowed&ROLESDesc=Comma+separated+list+of+roles+that+platform+supports.+Default+role+is+user&PROTECTED_ROLESDesc=Comma+separated+list+of+protected+roles+for+which+sign-up+is+disabled&DEFAULT_ROLESDesc=Default+role+that+should+be+assigned+to+user.+It+should+be+one+from+the+list+of+%60ROLES%60+env.+Default+role+is+user&JWT_ROLE_CLAIMDesc=JWT+key+to+be+used+to+validate+the+role+field.&JWT_TYPEDesc=JWT+encryption+type&JWT_SECRETDesc=Random+string+that+will+be+used+for+encrypting+the+JWT+token&ENVDefault=PRODUCTION&DATABASE_TYPEDefault=postgres&COOKIE_NAMEDefault=authorizer&JWT_TYPEDefault=HS256&JWT_ROLE_CLAIMDefault=role)
+
 ### Things to consider
 
 - For social logins, you will need respective social platform key and secret
 - For having verified users, you will need an SMTP server with an email address and password using which system can send emails. The system will send a verification link to an email address. Once an email is verified then, only able to access it.
   > Note: One can always disable the email verification to allow open sign up, which is not recommended for production as anyone can use anyone's email address 😅
-- For persisting user sessions, you will need Redis URL. If you do not configure a Redis server, sessions will be persisted until the instance is up or not restarted. For better response time on authorization requests/middleware, we recommend deploying Redis on the same infra/network as your authorizer server.
+- For persisting user sessions, you will need Redis URL (not in case of railway.app). If you do not configure a Redis server, sessions will be persisted until the instance is up or not restarted. For better response time on authorization requests/middleware, we recommend deploying Redis on the same infra/network as your authorizer server.
+
+## Testing
+
+- Check the testing instructions [here](https://github.com/authorizerdev/authorizer/blob/main/.github/CONTRIBUTING.md#testing)
 
 ## Integrating into your website
 
@@ -92,30 +165,36 @@ This example demonstrates how you can use [`@authorizerdev/authorizer-js`](/auth
 <script src="https://unpkg.com/@authorizerdev/authorizer-js/lib/authorizer.min.js"></script>
 
 <script type="text/javascript">
-  const authorizerRef = new authorizerdev.Authorizer({
-    authorizerURL: `AUTHORIZER_URL`,
-    redirectURL: window.location.origin,
-  });
+	const authorizerRef = new authorizerdev.Authorizer({
+		authorizerURL: `AUTHORIZER_URL`,
+		redirectURL: window.location.origin,
+	});
 
-  // use the button selector as per your application
-  const logoutBtn = document.getElementById("logout");
-  logoutBtn.addEventListener("click", async function () {
-    await authorizerRef.logout();
-    window.location.href = "/";
-  });
+	// use the button selector as per your application
+	const logoutBtn = document.getElementById('logout');
+	logoutBtn.addEventListener('click', async function () {
+		await authorizerRef.logout();
+		window.location.href = '/';
+	});
 
-  async function onLoad() {
-    const res = await authorizerRef.fingertipLogin();
-    if (res && res.user) {
-      // you can use user information here, eg:
-      /**
+	async function onLoad() {
+		const res = await authorizerRef.browserLogin();
+		if (res && res.user) {
+			// you can use user information here, eg:
+			/**
       const userSection = document.getElementById('user');
       const logoutSection = document.getElementById('logout-section');
       logoutSection.classList.toggle('hide');
       userSection.innerHTML = `Welcome, ${res.user.email}`;
       */
-    }
-  }
-  onLoad();
+		}
+	}
+	onLoad();
 </script>
 ```
+
+---
+
+### Support my work
+
+<a href="https://www.buymeacoffee.com/lakhansamani" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" ></a>

TODO.md

@@ -0,0 +1,38 @@
+# Task List
+
+## Open ID compatible claims and schema
+
+- [x] Rename `schema.graphqls` and re generate schema
+- [x] Rename to snake case [files + schema]
+- [x] Refactor db models
+- [x] Check extra data in oauth profile and save accordingly
+- [x] Update all the resolver to make them compatible with schema changes
+- [x] Update JWT claims
+- [x] Write integration tests for all resolvers
+
+## Feature Multiple sessions
+
+- Multiple sessions for users to login use hMset from redis for this
+  user_id access_token1 long_live_token1
+  user_id access_token2 long_live_token2
+
+# Feature roles
+
+For the first version we will only support setting roles master list via env
+
+- [x] Support following ENV
+  - [x] `ROLES` -> comma separated list of role names
+  - [x] `DEFAULT_ROLE` -> default role to assign to users
+- [x] Add roles input for signup
+- [x] Add roles to update profile mutation
+- [x] Add roles input for login
+- [x] Return roles to user
+- [x] Return roles in users list for super admin
+- [x] Add roles to the JWT token generation
+- [x] Validate token should also validate the role, if roles to validate again is present in request
+
+# Misc
+
+- [x] Fix email template
+- [x] Add support for organization name in .env
+- [x] Add support for organization logo in .env

app/package.json

@@ -10,12 +10,13 @@
 	"author": "Lakhan Samani",
 	"license": "ISC",
 	"dependencies": {
-		"@authorizerdev/authorizer-react": "^0.1.0-beta.8",
+		"@authorizerdev/authorizer-react": "^0.3.0",
 		"@types/react": "^17.0.15",
 		"@types/react-dom": "^17.0.9",
 		"esbuild": "^0.12.17",
 		"react": "^17.0.2",
 		"react-dom": "^17.0.2",
+		"react-is": "^17.0.2",
 		"react-router-dom": "^5.2.0",
 		"typescript": "^4.3.5"
 	},

app/src/App.tsx

@@ -4,30 +4,52 @@ import { AuthorizerProvider } from '@authorizerdev/authorizer-react';
 import Root from './Root';
 
 export default function App() {
-  // @ts-ignore
-  const globalState: Record<string, string> = window['__authorizer__'];
-  return (
-    <div style={{ display: 'flex', justifyContent: 'center' }}>
-      <div
-        style={{
-          width: 400,
-          margin: `10px auto`,
-          border: `1px solid #D1D5DB`,
-          padding: `25px 20px`,
-          borderRadius: 5,
-        }}
-      >
-        <BrowserRouter>
-          <AuthorizerProvider
-            config={{
-              authorizerURL: globalState.authorizerURL,
-              redirectURL: globalState.redirectURL,
-            }}
-          >
-            <Root />
-          </AuthorizerProvider>
-        </BrowserRouter>
-      </div>
-    </div>
-  );
+	// @ts-ignore
+	const globalState: Record<string, string> = window['__authorizer__'];
+	return (
+		<div
+			style={{
+				display: 'flex',
+				justifyContent: 'center',
+				flexDirection: 'column',
+			}}
+		>
+			<div
+				style={{
+					display: 'flex',
+					justifyContent: 'center',
+					marginTop: 20,
+					flexDirection: 'column',
+					alignItems: 'center',
+				}}
+			>
+				<img
+					src={`${globalState.organizationLogo}`}
+					alt="logo"
+					style={{ height: 60, width: 60, objectFit: 'cover' }}
+				/>
+				<h1>{globalState.organizationName}</h1>
+			</div>
+			<div
+				style={{
+					width: 400,
+					margin: `10px auto`,
+					border: `1px solid #D1D5DB`,
+					padding: `25px 20px`,
+					borderRadius: 5,
+				}}
+			>
+				<BrowserRouter>
+					<AuthorizerProvider
+						config={{
+							authorizerURL: globalState.authorizerURL,
+							redirectURL: globalState.redirectURL,
+						}}
+					>
+						<Root />
+					</AuthorizerProvider>
+				</BrowserRouter>
+			</div>
+		</div>
+	);
 }

app/src/Root.tsx

@@ -10,9 +10,9 @@ export default function Root() {
 
 	useEffect(() => {
 		if (token) {
-			const url = new URL(config.redirectURL);
+			const url = new URL(config.redirectURL || '/app');
 			if (url.origin !== window.location.origin) {
-				window.location.href = config.redirectURL;
+				window.location.href = config.redirectURL || '/app';
 			}
 		}
 		return () => {};

app/src/pages/login.tsx

@@ -2,9 +2,9 @@ import React, { Fragment } from 'react';
 import { Authorizer } from '@authorizerdev/authorizer-react';
 
 export default function Login() {
-  return (
-    <Fragment>
-      <Authorizer />
-    </Fragment>
-  );
+	return (
+		<Fragment>
+			<Authorizer />
+		</Fragment>
+	);
 }

scripts/build-mac.sh

@@ -0,0 +1,18 @@
+VERSION="$1"
+make clean && CGO_ENABLED=1 VERSION=${VERSION} make
+FILE_NAME=authorizer-${VERSION}-darwin-amd64.tar.gz
+tar cvfz ${FILE_NAME} .env app/build build templates
+AUTH="Authorization: token $GITHUB_TOKEN"
+RELASE_INFO=$(curl -sH "$AUTH" https://api.github.com/repos/authorizerdev/authorizer/releases/tags/${VERSION})
+echo $RELASE_INFO
+
+eval $(echo "$RELASE_INFO" | grep -m 1 "id.:" | grep -w id | tr : = | tr -cd '[[:alnum:]]=')
+[ "$id" ] || { echo "Error: Failed to get release id for tag: $VERSION"; echo "$RELASE_INFO" | awk 'length($0)<100' >&2; exit 1; }
+echo $id
+GH_ASSET="https://uploads.github.com/repos/authorizerdev/authorizer/releases/$id/assets?name=$(basename $FILE_NAME)"
+
+echo $GH_ASSET
+
+curl -H $AUTH -H "Content-Type: $(file -b --mime-type $FILE_NAME)" --data-binary @$FILE_NAME $GH_ASSET
+
+curl "$GITHUB_OAUTH_BASIC" --data-binary @"$FILE_NAME" -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/octet-stream" $GH_ASSET

server/__test__/cors_test.go

@@ -0,0 +1,27 @@
+package test
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCors(t *testing.T) {
+	allowedOrigin := "http://localhost:8080" // The allowed origin that you want to check
+	notAllowedOrigin := "http://myapp.com"
+
+	s := testSetup()
+	defer s.Server.Close()
+	client := &http.Client{}
+
+	req, _ := createContext(s)
+	req.Header.Add("Origin", allowedOrigin)
+	res, _ := client.Do(req)
+
+	// You should get your origin (or a * depending on your config) if the
+	// passed origin is allowed.
+	o := res.Header.Get("Access-Control-Allow-Origin")
+	assert.NotEqual(t, o, notAllowedOrigin, "Origins should not match")
+	assert.Equal(t, o, allowedOrigin, "Origins do match")
+}

server/__test__/delete_user_test.go

@@ -0,0 +1,34 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func deleteUserTest(s TestSetup, t *testing.T) {
+	t.Run(`should delete users with admin secret only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "delete_user." + s.TestInfo.Email
+		resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		_, err := resolvers.DeleteUser(ctx, model.DeleteUserInput{
+			Email: email,
+		})
+		assert.NotNil(t, err, "unauthorized")
+
+		req.Header.Add("x-authorizer-admin-secret", constants.ADMIN_SECRET)
+		_, err = resolvers.DeleteUser(ctx, model.DeleteUserInput{
+			Email: email,
+		})
+		assert.Nil(t, err)
+		cleanData(email)
+	})
+}

server/__test__/env_test.go

@@ -0,0 +1,25 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestEnvs(t *testing.T) {
+	constants.ENV_PATH = "../../.env.sample"
+
+	assert.Equal(t, constants.ADMIN_SECRET, "admin")
+	assert.Equal(t, constants.ENV, "production")
+	assert.False(t, constants.DISABLE_EMAIL_VERIFICATION)
+	assert.False(t, constants.DISABLE_MAGIC_LINK_LOGIN)
+	assert.False(t, constants.DISABLE_BASIC_AUTHENTICATION)
+	assert.Equal(t, constants.JWT_TYPE, "HS256")
+	assert.Equal(t, constants.JWT_SECRET, "random_string")
+	assert.Equal(t, constants.JWT_ROLE_CLAIM, "role")
+	assert.EqualValues(t, constants.ROLES, []string{"user"})
+	assert.EqualValues(t, constants.DEFAULT_ROLES, []string{"user"})
+	assert.EqualValues(t, constants.PROTECTED_ROLES, []string{"admin"})
+	assert.EqualValues(t, constants.ALLOWED_ORIGINS, []string{"*"})
+}

server/__test__/forgot_password_test.go

@@ -0,0 +1,35 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func forgotPasswordTest(s TestSetup, t *testing.T) {
+	t.Run(`should run forgot password`, func(t *testing.T) {
+		_, ctx := createContext(s)
+		email := "forgot_password." + s.TestInfo.Email
+		_, err := resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		_, err = resolvers.ForgotPassword(ctx, model.ForgotPasswordInput{
+			Email: email,
+		})
+		assert.Nil(t, err, "no errors for forgot password")
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.ForgotPassword.String())
+		assert.Nil(t, err)
+
+		assert.Equal(t, verificationRequest.Identifier, enum.ForgotPassword.String())
+
+		cleanData(email)
+	})
+}

server/__test__/login_test.go

@@ -0,0 +1,58 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func loginTests(s TestSetup, t *testing.T) {
+	t.Run(`should login`, func(t *testing.T) {
+		_, ctx := createContext(s)
+		email := "login." + s.TestInfo.Email
+		_, err := resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		_, err = resolvers.Login(ctx, model.LoginInput{
+			Email:    email,
+			Password: s.TestInfo.Password,
+		})
+
+		assert.NotNil(t, err, "should fail because email is not verified")
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.BasicAuthSignup.String())
+		resolvers.VerifyEmail(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+
+		_, err = resolvers.Login(ctx, model.LoginInput{
+			Email:    email,
+			Password: s.TestInfo.Password,
+			Roles:    []string{"test"},
+		})
+		assert.NotNil(t, err, "invalid roles")
+
+		_, err = resolvers.Login(ctx, model.LoginInput{
+			Email:    email,
+			Password: s.TestInfo.Password + "s",
+		})
+		assert.NotNil(t, err, "invalid password")
+
+		loginRes, err := resolvers.Login(ctx, model.LoginInput{
+			Email:    email,
+			Password: s.TestInfo.Password,
+		})
+
+		assert.Nil(t, err, "login successful")
+		assert.NotNil(t, loginRes.AccessToken, "access token should not be empty")
+
+		cleanData(email)
+	})
+}

server/__test__/logout_test.go

@@ -0,0 +1,35 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func logoutTests(s TestSetup, t *testing.T) {
+	t.Run(`should logout user`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "logout." + s.TestInfo.Email
+
+		_, err := resolvers.MagicLinkLogin(ctx, model.MagicLinkLoginInput{
+			Email: email,
+		})
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.MagicLinkLogin.String())
+		verifyRes, err := resolvers.VerifyEmail(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+
+		token := *verifyRes.AccessToken
+		req.Header.Add("Authorization", "Bearer "+token)
+		_, err = resolvers.Logout(ctx)
+		assert.Nil(t, err)
+		_, err = resolvers.Profile(ctx)
+		assert.NotNil(t, err, "unauthorized")
+		cleanData(email)
+	})
+}

server/__test__/magic_link_login_test.go

@@ -0,0 +1,35 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func magicLinkLoginTests(s TestSetup, t *testing.T) {
+	t.Run(`should login with magic link`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "magic_link_login." + s.TestInfo.Email
+
+		_, err := resolvers.MagicLinkLogin(ctx, model.MagicLinkLoginInput{
+			Email: email,
+		})
+		assert.Nil(t, err)
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.MagicLinkLogin.String())
+		verifyRes, err := resolvers.VerifyEmail(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+
+		token := *verifyRes.AccessToken
+		req.Header.Add("Authorization", "Bearer "+token)
+		_, err = resolvers.Profile(ctx)
+		assert.Nil(t, err)
+
+		cleanData(email)
+	})
+}

server/__test__/meta_test.go

@@ -0,0 +1,23 @@
+package test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func metaTests(s TestSetup, t *testing.T) {
+	t.Run(`should get meta information`, func(t *testing.T) {
+		ctx := context.Background()
+		meta, err := resolvers.Meta(ctx)
+		assert.Nil(t, err)
+		assert.False(t, meta.IsFacebookLoginEnabled)
+		assert.False(t, meta.IsGoogleLoginEnabled)
+		assert.False(t, meta.IsGithubLoginEnabled)
+		assert.True(t, meta.IsEmailVerificationEnabled)
+		assert.True(t, meta.IsBasicAuthenticationEnabled)
+		assert.True(t, meta.IsMagicLinkLoginEnabled)
+	})
+}

server/__test__/profile_test.go

@@ -0,0 +1,42 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func profileTests(s TestSetup, t *testing.T) {
+	t.Run(`should get profile only with token`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "profile." + s.TestInfo.Email
+
+		resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		_, err := resolvers.Profile(ctx)
+		assert.NotNil(t, err, "unauthorized")
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.BasicAuthSignup.String())
+		verifyRes, err := resolvers.VerifyEmail(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+
+		token := *verifyRes.AccessToken
+		req.Header.Add("Authorization", "Bearer "+token)
+		profileRes, err := resolvers.Profile(ctx)
+		assert.Nil(t, err)
+
+		newEmail := *&profileRes.Email
+		assert.Equal(t, email, newEmail, "emails should be equal")
+
+		cleanData(email)
+	})
+}

server/__test__/resend_verify_email_test.go

@@ -0,0 +1,31 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func resendVerifyEmailTests(s TestSetup, t *testing.T) {
+	t.Run(`should resend verification email`, func(t *testing.T) {
+		_, ctx := createContext(s)
+		email := "resend_verify_email." + s.TestInfo.Email
+		_, err := resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		_, err = resolvers.ResendVerifyEmail(ctx, model.ResendVerifyEmailInput{
+			Email:      email,
+			Identifier: enum.BasicAuthSignup.String(),
+		})
+
+		assert.Nil(t, err)
+
+		cleanData(email)
+	})
+}

server/__test__/reset_password_test.go

@@ -0,0 +1,49 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func resetPasswordTest(s TestSetup, t *testing.T) {
+	t.Run(`should reset password`, func(t *testing.T) {
+		email := "reset_password." + s.TestInfo.Email
+		_, ctx := createContext(s)
+		_, err := resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		_, err = resolvers.ForgotPassword(ctx, model.ForgotPasswordInput{
+			Email: email,
+		})
+		assert.Nil(t, err, "no errors for forgot password")
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.ForgotPassword.String())
+		assert.Nil(t, err, "should get forgot password request")
+
+		_, err = resolvers.ResetPassword(ctx, model.ResetPasswordInput{
+			Token:           verificationRequest.Token,
+			Password:        "test1",
+			ConfirmPassword: "test",
+		})
+
+		assert.NotNil(t, err, "passowrds don't match")
+
+		_, err = resolvers.ResetPassword(ctx, model.ResetPasswordInput{
+			Token:           verificationRequest.Token,
+			Password:        "test1",
+			ConfirmPassword: "test1",
+		})
+
+		assert.Nil(t, err, "password changed successfully")
+
+		cleanData(email)
+	})
+}

server/__test__/resolvers_test.go

@@ -0,0 +1,47 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+)
+
+func TestResolvers(t *testing.T) {
+	databases := map[string]string{
+		enum.Sqlite.String():   "../../data.db",
+		enum.Arangodb.String(): "http://root:root@localhost:8529",
+		enum.Mongodb.String():  "mongodb://localhost:27017",
+	}
+
+	for dbType, dbURL := range databases {
+		constants.DATABASE_URL = dbURL
+		constants.DATABASE_TYPE = dbType
+		db.InitDB()
+
+		s := testSetup()
+		defer s.Server.Close()
+
+		t.Run("should pass tests for "+dbType, func(t *testing.T) {
+			loginTests(s, t)
+			signupTests(s, t)
+			forgotPasswordTest(s, t)
+			resendVerifyEmailTests(s, t)
+			resetPasswordTest(s, t)
+			verifyEmailTest(s, t)
+			sessionTests(s, t)
+			profileTests(s, t)
+			updateProfileTests(s, t)
+			magicLinkLoginTests(s, t)
+			logoutTests(s, t)
+			metaTests(s, t)
+
+			// admin tests
+			verificationRequestsTest(s, t)
+			usersTest(s, t)
+			deleteUserTest(s, t)
+			updateUserTest(s, t)
+		})
+	}
+}

server/__test__/session_test.go

@@ -0,0 +1,42 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func sessionTests(s TestSetup, t *testing.T) {
+	t.Run(`should allow access to profile with session only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "session." + s.TestInfo.Email
+
+		resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		_, err := resolvers.Session(ctx, []string{})
+		assert.NotNil(t, err, "unauthorized")
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.BasicAuthSignup.String())
+		verifyRes, err := resolvers.VerifyEmail(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+
+		token := *verifyRes.AccessToken
+		req.Header.Add("Authorization", "Bearer "+token)
+		sessionRes, err := resolvers.Session(ctx, []string{})
+		assert.Nil(t, err)
+
+		newToken := *sessionRes.AccessToken
+		assert.Equal(t, token, newToken, "tokens should be equal")
+
+		cleanData(email)
+	})
+}

server/__test__/signup_test.go

@@ -0,0 +1,47 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func signupTests(s TestSetup, t *testing.T) {
+	t.Run(`should complete the signup and check duplicates`, func(t *testing.T) {
+		_, ctx := createContext(s)
+		email := "signup." + s.TestInfo.Email
+		res, err := resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password + "s",
+		})
+		assert.NotNil(t, err, "invalid password errors")
+
+		res, err = resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		user := *res.User
+		assert.Equal(t, email, user.Email)
+		assert.Nil(t, res.AccessToken, "access token should be nil")
+
+		res, err = resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		assert.NotNil(t, err, "should throw duplicate email error")
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.BasicAuthSignup.String())
+		assert.Nil(t, err)
+		assert.Equal(t, email, verificationRequest.Email)
+		cleanData(email)
+	})
+}

server/__test__/test.go

@@ -0,0 +1,93 @@
+package test
+
+import (
+	"context"
+	"net/http"
+	"net/http/httptest"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/env"
+	"github.com/authorizerdev/authorizer/server/handlers"
+	"github.com/authorizerdev/authorizer/server/middlewares"
+	"github.com/authorizerdev/authorizer/server/session"
+	"github.com/gin-contrib/location"
+	"github.com/gin-gonic/gin"
+)
+
+// common user data to share across tests
+type TestData struct {
+	Email    string
+	Password string
+}
+
+type TestSetup struct {
+	GinEngine  *gin.Engine
+	GinContext *gin.Context
+	Server     *httptest.Server
+	TestInfo   TestData
+}
+
+func cleanData(email string) {
+	verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.BasicAuthSignup.String())
+	if err == nil {
+		err = db.Mgr.DeleteVerificationRequest(verificationRequest)
+	}
+
+	verificationRequest, err = db.Mgr.GetVerificationByEmail(email, enum.ForgotPassword.String())
+	if err == nil {
+		err = db.Mgr.DeleteVerificationRequest(verificationRequest)
+	}
+
+	verificationRequest, err = db.Mgr.GetVerificationByEmail(email, enum.UpdateEmail.String())
+	if err == nil {
+		err = db.Mgr.DeleteVerificationRequest(verificationRequest)
+	}
+
+	dbUser, err := db.Mgr.GetUserByEmail(email)
+	if err == nil {
+		db.Mgr.DeleteUser(dbUser)
+		db.Mgr.DeleteUserSession(dbUser.ID)
+	}
+}
+
+func createContext(s TestSetup) (*http.Request, context.Context) {
+	req, _ := http.NewRequest(
+		"POST",
+		"http://"+s.Server.Listener.Addr().String()+"/graphql",
+		nil,
+	)
+
+	ctx := context.WithValue(req.Context(), "GinContextKey", s.GinContext)
+	s.GinContext.Request = req
+	return req, ctx
+}
+
+func testSetup() TestSetup {
+	testData := TestData{
+		Email:    "authorizer_tester@yopmail.com",
+		Password: "test",
+	}
+
+	constants.ENV_PATH = "../../.env.sample"
+	env.InitEnv()
+	session.InitSession()
+
+	w := httptest.NewRecorder()
+	c, r := gin.CreateTestContext(w)
+	r.Use(location.Default())
+	r.Use(middlewares.GinContextToContextMiddleware())
+	r.Use(middlewares.CORSMiddleware())
+
+	r.POST("/graphql", handlers.GraphqlHandler())
+
+	server := httptest.NewServer(r)
+
+	return TestSetup{
+		GinEngine:  r,
+		GinContext: c,
+		Server:     server,
+		TestInfo:   testData,
+	}
+}

server/__test__/update_profile_test.go

@@ -0,0 +1,53 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func updateProfileTests(s TestSetup, t *testing.T) {
+	t.Run(`should update the profile with access token only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "update_profile." + s.TestInfo.Email
+
+		resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		fName := "samani"
+		_, err := resolvers.UpdateProfile(ctx, model.UpdateProfileInput{
+			FamilyName: &fName,
+		})
+		assert.NotNil(t, err, "unauthorized")
+
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.BasicAuthSignup.String())
+		verifyRes, err := resolvers.VerifyEmail(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+
+		token := *verifyRes.AccessToken
+		req.Header.Add("Authorization", "Bearer "+token)
+		_, err = resolvers.UpdateProfile(ctx, model.UpdateProfileInput{
+			FamilyName: &fName,
+		})
+		assert.Nil(t, err)
+
+		newEmail := "new_" + email
+		_, err = resolvers.UpdateProfile(ctx, model.UpdateProfileInput{
+			Email: &newEmail,
+		})
+		assert.Nil(t, err)
+		_, err = resolvers.Profile(ctx)
+		assert.NotNil(t, err, "unauthorized")
+
+		cleanData(newEmail)
+		cleanData(email)
+	})
+}

server/__test__/update_user_test.go

@@ -0,0 +1,40 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func updateUserTest(s TestSetup, t *testing.T) {
+	t.Run(`should update the user with admin secret only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "update_user." + s.TestInfo.Email
+		signupRes, _ := resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		user := *signupRes.User
+		adminRole := "admin"
+		userRole := "user"
+		newRoles := []*string{&adminRole, &userRole}
+		_, err := resolvers.UpdateUser(ctx, model.UpdateUserInput{
+			ID:    user.ID,
+			Roles: newRoles,
+		})
+		assert.NotNil(t, err, "unauthorized")
+
+		req.Header.Add("x-authorizer-admin-secret", constants.ADMIN_SECRET)
+		_, err = resolvers.UpdateUser(ctx, model.UpdateUserInput{
+			ID:    user.ID,
+			Roles: newRoles,
+		})
+		assert.Nil(t, err)
+		cleanData(email)
+	})
+}

server/__test__/urls_test.go

@@ -0,0 +1,27 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetHostName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com:80"
+
+	host, port := utils.GetHostParts(authorizer_url)
+	expectedHost := "test.herokuapp.com"
+
+	assert.Equal(t, host, expectedHost, "hostname should be equal")
+	assert.Equal(t, port, "80", "port should be 80")
+}
+
+func TestGetDomainName(t *testing.T) {
+	authorizer_url := "http://test.herokuapp.com"
+
+	got := utils.GetDomainName(authorizer_url)
+	want := "herokuapp.com"
+
+	assert.Equal(t, got, want, "domain name should be equal")
+}

server/__test__/users_test.go

@@ -0,0 +1,33 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func usersTest(s TestSetup, t *testing.T) {
+	t.Run(`should get users list with admin secret only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+		email := "users." + s.TestInfo.Email
+		resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		users, err := resolvers.Users(ctx)
+		assert.NotNil(t, err, "unauthorized")
+
+		req.Header.Add("x-authorizer-admin-secret", constants.ADMIN_SECRET)
+		users, err = resolvers.Users(ctx)
+		assert.Nil(t, err)
+		rLen := len(users)
+		assert.GreaterOrEqual(t, rLen, 1)
+
+		cleanData(email)
+	})
+}

server/__test__/validator_test.go

@@ -0,0 +1,43 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIsValidEmail(t *testing.T) {
+	validEmail := "lakhan@gmail.com"
+	invalidEmail1 := "lakhan"
+	invalidEmail2 := "lakhan.me"
+
+	assert.True(t, utils.IsValidEmail(validEmail), "it should be valid email")
+	assert.False(t, utils.IsValidEmail(invalidEmail1), "it should be invalid email")
+	assert.False(t, utils.IsValidEmail(invalidEmail2), "it should be invalid email")
+}
+
+func TestIsValidOrigin(t *testing.T) {
+	// don't use portocal(http/https) for ALLOWED_ORIGINS while testing,
+	// as we trim them off while running the main function
+	constants.ALLOWED_ORIGINS = []string{"localhost:8080", "*.google.com", "*.google.in", "*abc.*"}
+
+	assert.False(t, utils.IsValidOrigin("http://myapp.com"), "it should be invalid origin")
+	assert.False(t, utils.IsValidOrigin("http://appgoogle.com"), "it should be invalid origin")
+	assert.True(t, utils.IsValidOrigin("http://app.google.com"), "it should be valid origin")
+	assert.False(t, utils.IsValidOrigin("http://app.google.ind"), "it should be invalid origin")
+	assert.True(t, utils.IsValidOrigin("http://app.google.in"), "it should be valid origin")
+	assert.True(t, utils.IsValidOrigin("http://xyx.abc.com"), "it should be valid origin")
+	assert.True(t, utils.IsValidOrigin("http://xyx.abc.in"), "it should be valid origin")
+	assert.True(t, utils.IsValidOrigin("http://xyxabc.in"), "it should be valid origin")
+	assert.True(t, utils.IsValidOrigin("http://localhost:8080"), "it should be valid origin")
+}
+
+func TestIsValidIdentifier(t *testing.T) {
+	assert.False(t, utils.IsValidVerificationIdentifier("test"), "it should be invalid identifier")
+	assert.True(t, utils.IsValidVerificationIdentifier(enum.BasicAuthSignup.String()), "it should be valid identifier")
+	assert.True(t, utils.IsValidVerificationIdentifier(enum.UpdateEmail.String()), "it should be valid identifier")
+	assert.True(t, utils.IsValidVerificationIdentifier(enum.ForgotPassword.String()), "it should be valid identifier")
+}

server/__test__/verification_requests_test.go

@@ -0,0 +1,35 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func verificationRequestsTest(s TestSetup, t *testing.T) {
+	t.Run(`should get verification requests with admin secret only`, func(t *testing.T) {
+		req, ctx := createContext(s)
+
+		email := "verification_requests." + s.TestInfo.Email
+		resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		requests, err := resolvers.VerificationRequests(ctx)
+		assert.NotNil(t, err, "unauthorizer")
+
+		req.Header.Add("x-authorizer-admin-secret", constants.ADMIN_SECRET)
+		requests, err = resolvers.VerificationRequests(ctx)
+
+		assert.Nil(t, err)
+		rLen := len(requests)
+		assert.GreaterOrEqual(t, rLen, 1)
+
+		cleanData(email)
+	})
+}

server/__test__/verify_email_test.go

@@ -0,0 +1,38 @@
+package test
+
+import (
+	"testing"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/resolvers"
+	"github.com/stretchr/testify/assert"
+)
+
+func verifyEmailTest(s TestSetup, t *testing.T) {
+	t.Run(`should verify email`, func(t *testing.T) {
+		_, ctx := createContext(s)
+		email := "verify_email." + s.TestInfo.Email
+		res, err := resolvers.Signup(ctx, model.SignUpInput{
+			Email:           email,
+			Password:        s.TestInfo.Password,
+			ConfirmPassword: s.TestInfo.Password,
+		})
+
+		user := *res.User
+		assert.Equal(t, email, user.Email)
+		assert.Nil(t, res.AccessToken, "access token should be nil")
+		verificationRequest, err := db.Mgr.GetVerificationByEmail(email, enum.BasicAuthSignup.String())
+		assert.Nil(t, err)
+		assert.Equal(t, email, verificationRequest.Email)
+
+		verifyRes, err := resolvers.VerifyEmail(ctx, model.VerifyEmailInput{
+			Token: verificationRequest.Token,
+		})
+		assert.Nil(t, err)
+		assert.NotEqual(t, verifyRes.AccessToken, "", "access token should not be empty")
+
+		cleanData(email)
+	})
+}

server/constants/constants.go

@@ -1,11 +1,14 @@
 package constants
 
+// this constants are configured via env
 var (
 	ADMIN_SECRET                 = ""
 	ENV                          = ""
+	ENV_PATH                     = ""
 	VERSION                      = ""
 	DATABASE_TYPE                = ""
 	DATABASE_URL                 = ""
+	DATABASE_NAME                = ""
 	SMTP_HOST                    = ""
 	SMTP_PORT                    = ""
 	SENDER_EMAIL                 = ""
@@ -13,15 +16,22 @@ var (
 	JWT_TYPE                     = ""
 	JWT_SECRET                   = ""
 	ALLOWED_ORIGINS              = []string{}
-	ALLOWED_CALLBACK_URLS        = []string{}
 	AUTHORIZER_URL               = ""
-	PORT                         = "8080"
+	APP_URL                      = ""
+	PORT                         = ""
 	REDIS_URL                    = ""
 	IS_PROD                      = false
 	COOKIE_NAME                  = ""
 	RESET_PASSWORD_URL           = ""
-	DISABLE_EMAIL_VERIFICATION   = "false"
-	DISABLE_BASIC_AUTHENTICATION = "false"
+	DISABLE_EMAIL_VERIFICATION   = false
+	DISABLE_BASIC_AUTHENTICATION = false
+	DISABLE_MAGIC_LINK_LOGIN     = false
+
+	// ROLES
+	ROLES           = []string{}
+	PROTECTED_ROLES = []string{}
+	DEFAULT_ROLES   = []string{}
+	JWT_ROLE_CLAIM  = "role"
 
 	// OAuth login
 	GOOGLE_CLIENT_ID       = ""
@@ -32,4 +42,8 @@ var (
 	FACEBOOK_CLIENT_SECRET = ""
 	TWITTER_CLIENT_ID      = ""
 	TWITTER_CLIENT_SECRET  = ""
+
+	// Org envs
+	ORGANIZATION_NAME = "Authorizer"
+	ORGANIZATION_LOGO = "https://authorizer.dev/images/logo.png"
 )

server/constants/oauth_info_urls.go

@@ -2,6 +2,7 @@ package constants
 
 var (
 	// Ref: https://github.com/qor/auth/blob/master/providers/google/google.go
+	// deprecated and not used. instead we follow open id approach for google login
 	GoogleUserInfoURL = "https://www.googleapis.com/oauth2/v3/userinfo"
 	// Ref: https://github.com/qor/auth/blob/master/providers/facebook/facebook.go#L18
 	FacebookUserInfoURL = "https://graph.facebook.com/me?fields=id,first_name,last_name,name,email,picture&access_token="

server/db/arangodb.go

@@ -0,0 +1,104 @@
+package db
+
+import (
+	"context"
+	"log"
+
+	"github.com/arangodb/go-driver"
+	arangoDriver "github.com/arangodb/go-driver"
+	"github.com/arangodb/go-driver/http"
+	"github.com/authorizerdev/authorizer/server/constants"
+)
+
+// for this we need arangodb instance up and running
+// for local testing we can use dockerized version of it
+// docker run -p 8529:8529 -e ARANGO_ROOT_PASSWORD=root arangodb/arangodb:3.8.4
+
+func initArangodb() (arangoDriver.Database, error) {
+	ctx := context.Background()
+	conn, err := http.NewConnection(http.ConnectionConfig{
+		Endpoints: []string{constants.DATABASE_URL},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	arangoClient, err := arangoDriver.NewClient(arangoDriver.ClientConfig{
+		Connection: conn,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	var arangodb driver.Database
+
+	arangodb_exists, err := arangoClient.DatabaseExists(nil, constants.DATABASE_NAME)
+
+	if arangodb_exists {
+		log.Println(constants.DATABASE_NAME + " db exists already")
+		arangodb, err = arangoClient.Database(nil, constants.DATABASE_NAME)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		arangodb, err = arangoClient.CreateDatabase(nil, constants.DATABASE_NAME, nil)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	userCollectionExists, err := arangodb.CollectionExists(ctx, Collections.User)
+	if userCollectionExists {
+		log.Println(Collections.User + " collection exists already")
+	} else {
+		_, err = arangodb.CreateCollection(ctx, Collections.User, nil)
+		if err != nil {
+			log.Println("error creating collection("+Collections.User+"):", err)
+		}
+	}
+	userCollection, _ := arangodb.Collection(nil, Collections.User)
+	userCollection.EnsureHashIndex(ctx, []string{"email"}, &arangoDriver.EnsureHashIndexOptions{
+		Unique: true,
+		Sparse: true,
+	})
+	userCollection.EnsureHashIndex(ctx, []string{"phone_number"}, &arangoDriver.EnsureHashIndexOptions{
+		Unique: true,
+		Sparse: true,
+	})
+
+	verificationRequestCollectionExists, err := arangodb.CollectionExists(ctx, Collections.VerificationRequest)
+	if verificationRequestCollectionExists {
+		log.Println(Collections.VerificationRequest + " collection exists already")
+	} else {
+		_, err = arangodb.CreateCollection(ctx, Collections.VerificationRequest, nil)
+		if err != nil {
+			log.Println("error creating collection("+Collections.VerificationRequest+"):", err)
+		}
+	}
+
+	verificationRequestCollection, _ := arangodb.Collection(nil, Collections.VerificationRequest)
+	verificationRequestCollection.EnsureHashIndex(ctx, []string{"email", "identifier"}, &arangoDriver.EnsureHashIndexOptions{
+		Unique: true,
+		Sparse: true,
+	})
+	verificationRequestCollection.EnsureHashIndex(ctx, []string{"token"}, &arangoDriver.EnsureHashIndexOptions{
+		Sparse: true,
+	})
+
+	sessionCollectionExists, err := arangodb.CollectionExists(ctx, Collections.Session)
+	if sessionCollectionExists {
+		log.Println(Collections.Session + " collection exists already")
+	} else {
+		_, err = arangodb.CreateCollection(ctx, Collections.Session, nil)
+		if err != nil {
+			log.Println("error creating collection("+Collections.Session+"):", err)
+		}
+	}
+
+	sessionCollection, _ := arangodb.Collection(nil, Collections.Session)
+	sessionCollection.EnsureHashIndex(ctx, []string{"user_id"}, &arangoDriver.EnsureHashIndexOptions{
+		Sparse: true,
+	})
+
+	return arangodb, err
+}

server/db/db.go

@@ -3,58 +3,127 @@ package db
 import (
 	"log"
 
+	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/enum"
+	"go.mongodb.org/mongo-driver/mongo"
 	"gorm.io/driver/mysql"
 	"gorm.io/driver/postgres"
 	"gorm.io/driver/sqlite"
+	"gorm.io/driver/sqlserver"
 	"gorm.io/gorm"
 	"gorm.io/gorm/schema"
 )
 
 type Manager interface {
-	SaveUser(user User) (User, error)
+	AddUser(user User) (User, error)
 	UpdateUser(user User) (User, error)
+	DeleteUser(user User) error
 	GetUsers() ([]User, error)
 	GetUserByEmail(email string) (User, error)
-	UpdateVerificationTime(verifiedAt int64, id uint) error
+	GetUserByID(email string) (User, error)
 	AddVerification(verification VerificationRequest) (VerificationRequest, error)
 	GetVerificationByToken(token string) (VerificationRequest, error)
-	DeleteToken(email string) error
+	DeleteVerificationRequest(verificationRequest VerificationRequest) error
 	GetVerificationRequests() ([]VerificationRequest, error)
-	GetVerificationByEmail(email string) (VerificationRequest, error)
-	DeleteUser(email string) error
+	GetVerificationByEmail(email string, identifier string) (VerificationRequest, error)
+	AddSession(session Session) error
+	DeleteUserSession(userId string) error
 }
 
 type manager struct {
-	db *gorm.DB
+	sqlDB    *gorm.DB
+	arangodb arangoDriver.Database
+	mongodb  *mongo.Database
 }
 
-var Mgr Manager
+// mainly used by nosql dbs
+type CollectionList struct {
+	User                string
+	VerificationRequest string
+	Session             string
+}
+
+var (
+	IsORMSupported bool
+	IsArangoDB     bool
+	IsMongoDB      bool
+	Mgr            Manager
+	Prefix         = "authorizer_"
+	Collections    = CollectionList{
+		User:                Prefix + "users",
+		VerificationRequest: Prefix + "verification_requests",
+		Session:             Prefix + "sessions",
+	}
+)
 
 func InitDB() {
-	var db *gorm.DB
+	var sqlDB *gorm.DB
 	var err error
+
+	IsORMSupported = constants.DATABASE_TYPE != enum.Arangodb.String() && constants.DATABASE_TYPE != enum.Mongodb.String()
+	IsArangoDB = constants.DATABASE_TYPE == enum.Arangodb.String()
+	IsMongoDB = constants.DATABASE_TYPE == enum.Mongodb.String()
+
+	// sql db orm config
 	ormConfig := &gorm.Config{
 		NamingStrategy: schema.NamingStrategy{
-			TablePrefix: "authorizer_",
+			TablePrefix: Prefix,
 		},
 	}
-	if constants.DATABASE_TYPE == enum.Postgres.String() {
-		db, err = gorm.Open(postgres.Open(constants.DATABASE_URL), ormConfig)
-	}
-	if constants.DATABASE_TYPE == enum.Mysql.String() {
-		db, err = gorm.Open(mysql.Open(constants.DATABASE_URL), ormConfig)
-	}
-	if constants.DATABASE_TYPE == enum.Sqlite.String() {
-		db, err = gorm.Open(sqlite.Open(constants.DATABASE_URL), ormConfig)
+
+	log.Println("db type:", constants.DATABASE_TYPE)
+
+	switch constants.DATABASE_TYPE {
+	case enum.Postgres.String():
+		sqlDB, err = gorm.Open(postgres.Open(constants.DATABASE_URL), ormConfig)
+		break
+	case enum.Sqlite.String():
+		sqlDB, err = gorm.Open(sqlite.Open(constants.DATABASE_URL), ormConfig)
+		break
+	case enum.Mysql.String():
+		sqlDB, err = gorm.Open(mysql.Open(constants.DATABASE_URL), ormConfig)
+		break
+	case enum.SQLServer.String():
+		sqlDB, err = gorm.Open(sqlserver.Open(constants.DATABASE_URL), ormConfig)
+		break
+	case enum.Arangodb.String():
+		arangodb, err := initArangodb()
+		if err != nil {
+			log.Fatal("error initializing arangodb:", err)
+		}
+
+		Mgr = &manager{
+			sqlDB:    nil,
+			arangodb: arangodb,
+			mongodb:  nil,
+		}
+
+		break
+	case enum.Mongodb.String():
+		mongodb, err := initMongodb()
+		if err != nil {
+			log.Fatal("error initializing mongodb connection:", err)
+		}
+
+		Mgr = &manager{
+			sqlDB:    nil,
+			arangodb: nil,
+			mongodb:  mongodb,
+		}
 	}
 
-	if err != nil {
-		log.Fatal("Failed to init db:", err)
-	} else {
-		db.AutoMigrate(&User{}, &VerificationRequest{})
+	// common for all sql dbs that are configured via go-orm
+	if IsORMSupported {
+		if err != nil {
+			log.Fatal("Failed to init sqlDB:", err)
+		} else {
+			sqlDB.AutoMigrate(&User{}, &VerificationRequest{}, &Session{})
+		}
+		Mgr = &manager{
+			sqlDB:    sqlDB,
+			arangodb: nil,
+			mongodb:  nil,
+		}
 	}
-
-	Mgr = &manager{db: db}
 }

server/db/mongodb.go

@@ -0,0 +1,77 @@
+package db
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo"
+	"go.mongodb.org/mongo-driver/mongo/options"
+	"go.mongodb.org/mongo-driver/mongo/readpref"
+)
+
+func initMongodb() (*mongo.Database, error) {
+	mongodbOptions := options.Client().ApplyURI(constants.DATABASE_URL)
+	maxWait := time.Duration(5 * time.Second)
+	mongodbOptions.ConnectTimeout = &maxWait
+	mongoClient, err := mongo.NewClient(mongodbOptions)
+	if err != nil {
+		return nil, err
+	}
+	ctx, _ := context.WithTimeout(context.Background(), 30*time.Second)
+	err = mongoClient.Connect(ctx)
+	if err != nil {
+		return nil, err
+	}
+
+	err = mongoClient.Ping(ctx, readpref.Primary())
+	if err != nil {
+		return nil, err
+	}
+
+	mongodb := mongoClient.Database(constants.DATABASE_NAME, options.Database())
+
+	mongodb.CreateCollection(ctx, Collections.User, options.CreateCollection())
+	userCollection := mongodb.Collection(Collections.User, options.Collection())
+	userCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
+		mongo.IndexModel{
+			Keys:    bson.M{"email": 1},
+			Options: options.Index().SetUnique(true).SetSparse(true),
+		},
+	}, options.CreateIndexes())
+	userCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
+		mongo.IndexModel{
+			Keys: bson.M{"phone_number": 1},
+			Options: options.Index().SetUnique(true).SetSparse(true).SetPartialFilterExpression(map[string]interface{}{
+				"phone_number": map[string]string{"$type": "string"},
+			}),
+		},
+	}, options.CreateIndexes())
+
+	mongodb.CreateCollection(ctx, Collections.VerificationRequest, options.CreateCollection())
+	verificationRequestCollection := mongodb.Collection(Collections.VerificationRequest, options.Collection())
+	verificationRequestCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
+		mongo.IndexModel{
+			Keys:    bson.M{"email": 1, "identifier": 1},
+			Options: options.Index().SetUnique(true).SetSparse(true),
+		},
+	}, options.CreateIndexes())
+	verificationRequestCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
+		mongo.IndexModel{
+			Keys:    bson.M{"token": 1},
+			Options: options.Index().SetSparse(true),
+		},
+	}, options.CreateIndexes())
+
+	mongodb.CreateCollection(ctx, Collections.Session, options.CreateCollection())
+	sessionCollection := mongodb.Collection(Collections.Session, options.Collection())
+	sessionCollection.Indexes().CreateMany(ctx, []mongo.IndexModel{
+		mongo.IndexModel{
+			Keys:    bson.M{"user_id": 1},
+			Options: options.Index().SetSparse(true),
+		},
+	}, options.CreateIndexes())
+
+	return mongodb, nil
+}

server/db/session.go

@@ -0,0 +1,102 @@
+package db
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/google/uuid"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo/options"
+	"gorm.io/gorm/clause"
+)
+
+type Session struct {
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id"`
+	UserID    string `gorm:"type:char(36),index:" json:"user_id" bson:"user_id"`
+	User      User   `json:"-" bson:"-"`
+	UserAgent string `json:"user_agent" bson:"user_agent"`
+	IP        string `json:"ip" bson:"ip"`
+	CreatedAt int64  `gorm:"autoCreateTime" json:"created_at" bson:"created_at"`
+	UpdatedAt int64  `gorm:"autoUpdateTime" json:"updated_at" bson:"updated_at"`
+}
+
+// AddSession function to save user sessiosn
+func (mgr *manager) AddSession(session Session) error {
+	if session.ID == "" {
+		session.ID = uuid.New().String()
+	}
+
+	if IsORMSupported {
+		session.Key = session.ID
+		res := mgr.sqlDB.Clauses(
+			clause.OnConflict{
+				DoNothing: true,
+			}).Create(&session)
+		if res.Error != nil {
+			log.Println(`error saving session`, res.Error)
+			return res.Error
+		}
+	}
+
+	if IsArangoDB {
+		session.CreatedAt = time.Now().Unix()
+		session.UpdatedAt = time.Now().Unix()
+		sessionCollection, _ := mgr.arangodb.Collection(nil, Collections.Session)
+		_, err := sessionCollection.CreateDocument(nil, session)
+		if err != nil {
+			log.Println(`error saving session`, err)
+			return err
+		}
+	}
+
+	if IsMongoDB {
+		session.Key = session.ID
+		session.CreatedAt = time.Now().Unix()
+		session.UpdatedAt = time.Now().Unix()
+		sessionCollection := mgr.mongodb.Collection(Collections.Session, options.Collection())
+		_, err := sessionCollection.InsertOne(nil, session)
+		if err != nil {
+			log.Println(`error saving session`, err)
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (mgr *manager) DeleteUserSession(userId string) error {
+	if IsORMSupported {
+		result := mgr.sqlDB.Where("user_id = ?", userId).Delete(&Session{})
+
+		if result.Error != nil {
+			log.Println(`error deleting session:`, result.Error)
+			return result.Error
+		}
+	}
+
+	if IsArangoDB {
+		query := fmt.Sprintf(`FOR d IN %s FILTER d.user_id == @userId REMOVE { _key: d._key } IN %s`, Collections.Session, Collections.Session)
+		bindVars := map[string]interface{}{
+			"userId": userId,
+		}
+		cursor, err := mgr.arangodb.Query(nil, query, bindVars)
+		if err != nil {
+			log.Println("=> error deleting arangodb session:", err)
+			return err
+		}
+		defer cursor.Close()
+	}
+
+	if IsMongoDB {
+		sessionCollection := mgr.mongodb.Collection(Collections.Session, options.Collection())
+		_, err := sessionCollection.DeleteMany(nil, bson.M{"user_id": userId}, options.Delete())
+		if err != nil {
+			log.Println("error deleting session:", err)
+			return err
+		}
+	}
+
+	return nil
+}

server/db/user.go

@@ -1,96 +1,312 @@
 package db
 
 import (
+	"fmt"
 	"log"
+	"time"
 
+	"github.com/arangodb/go-driver"
+	arangoDriver "github.com/arangodb/go-driver"
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/google/uuid"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo/options"
 	"gorm.io/gorm/clause"
 )
 
 type User struct {
-	ID              uint `gorm:"primaryKey"`
-	FirstName       string
-	LastName        string
-	Email           string `gorm:"unique"`
-	Password        string
-	SignupMethod    string
-	EmailVerifiedAt int64
-	CreatedAt       int64 `gorm:"autoCreateTime"`
-	UpdatedAt       int64 `gorm:"autoUpdateTime"`
-	Image           string
+	Key string `json:"_key,omitempty" bson:"_key"` // for arangodb
+	ID  string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id"`
+
+	Email                 string  `gorm:"unique" json:"email" bson:"email"`
+	EmailVerifiedAt       *int64  `json:"email_verified_at" bson:"email_verified_at"`
+	Password              *string `gorm:"type:text" json:"password" bson:"password"`
+	SignupMethods         string  `json:"signup_methods" bson:"signup_methods"`
+	GivenName             *string `json:"given_name" bson:"given_name"`
+	FamilyName            *string `json:"family_name" bson:"family_name"`
+	MiddleName            *string `json:"middle_name" bson:"middle_name"`
+	Nickname              *string `json:"nickname" bson:"nickname"`
+	Gender                *string `json:"gender" bson:"gender"`
+	Birthdate             *string `json:"birthdate" bson:"birthdate"`
+	PhoneNumber           *string `gorm:"unique" json:"phone_number" bson:"phone_number"`
+	PhoneNumberVerifiedAt *int64  `json:"phone_number_verified_at" bson:"phone_number_verified_at"`
+	Picture               *string `gorm:"type:text" json:"picture" bson:"picture"`
+	Roles                 string  `json:"roles" bson:"roles"`
+	UpdatedAt             int64   `gorm:"autoUpdateTime" json:"updated_at" bson:"updated_at"`
+	CreatedAt             int64   `gorm:"autoCreateTime" json:"created_at" bson:"created_at"`
 }
 
-// SaveUser function to add user even with email conflict
-func (mgr *manager) SaveUser(user User) (User, error) {
-	result := mgr.db.Clauses(
-		clause.OnConflict{
-			UpdateAll: true,
-			Columns:   []clause.Column{{Name: "email"}},
-		}).Create(&user)
-
-	if result.Error != nil {
-		log.Println(result.Error)
-		return user, result.Error
+// AddUser function to add user even with email conflict
+func (mgr *manager) AddUser(user User) (User, error) {
+	if user.ID == "" {
+		user.ID = uuid.New().String()
 	}
+
+	if user.Roles == "" {
+		user.Roles = constants.DEFAULT_ROLES[0]
+	}
+
+	if IsORMSupported {
+		// copy id as value for fields required for mongodb & arangodb
+		user.Key = user.ID
+		result := mgr.sqlDB.Clauses(
+			clause.OnConflict{
+				UpdateAll: true,
+				Columns:   []clause.Column{{Name: "email"}},
+			}).Create(&user)
+
+		if result.Error != nil {
+			log.Println("error adding user:", result.Error)
+			return user, result.Error
+		}
+	}
+
+	if IsArangoDB {
+		user.CreatedAt = time.Now().Unix()
+		user.UpdatedAt = time.Now().Unix()
+		userCollection, _ := mgr.arangodb.Collection(nil, Collections.User)
+		meta, err := userCollection.CreateDocument(arangoDriver.WithOverwrite(nil), user)
+		if err != nil {
+			log.Println("error adding user:", err)
+			return user, err
+		}
+		user.Key = meta.Key
+		user.ID = meta.ID.String()
+	}
+
+	if IsMongoDB {
+		user.CreatedAt = time.Now().Unix()
+		user.UpdatedAt = time.Now().Unix()
+		user.Key = user.ID
+		userCollection := mgr.mongodb.Collection(Collections.User, options.Collection())
+		_, err := userCollection.InsertOne(nil, user)
+		if err != nil {
+			log.Println("error adding user:", err)
+			return user, err
+		}
+	}
+
 	return user, nil
 }
 
 // UpdateUser function to update user with ID conflict
 func (mgr *manager) UpdateUser(user User) (User, error) {
-	result := mgr.db.Clauses(
-		clause.OnConflict{
-			UpdateAll: true,
-			Columns:   []clause.Column{{Name: "id"}},
-		}).Create(&user)
+	user.UpdatedAt = time.Now().Unix()
 
-	if result.Error != nil {
-		log.Println(result.Error)
-		return user, result.Error
+	if IsORMSupported {
+		result := mgr.sqlDB.Save(&user)
+
+		if result.Error != nil {
+			log.Println("error updating user:", result.Error)
+			return user, result.Error
+		}
 	}
+
+	if IsArangoDB {
+		collection, _ := mgr.arangodb.Collection(nil, Collections.User)
+		meta, err := collection.UpdateDocument(nil, user.Key, user)
+		if err != nil {
+			log.Println("error updating user:", err)
+			return user, err
+		}
+
+		user.Key = meta.Key
+		user.ID = meta.ID.String()
+	}
+
+	if IsMongoDB {
+		userCollection := mgr.mongodb.Collection(Collections.User, options.Collection())
+		_, err := userCollection.UpdateOne(nil, bson.M{"_id": bson.M{"$eq": user.ID}}, bson.M{"$set": user}, options.MergeUpdateOptions())
+		if err != nil {
+			log.Println("error updating user:", err)
+			return user, err
+		}
+	}
+
 	return user, nil
 }
 
 // GetUsers function to get all users
 func (mgr *manager) GetUsers() ([]User, error) {
 	var users []User
-	result := mgr.db.Find(&users)
-	if result.Error != nil {
-		log.Println(result.Error)
-		return users, result.Error
+
+	if IsORMSupported {
+		result := mgr.sqlDB.Find(&users)
+		if result.Error != nil {
+			log.Println("error getting users:", result.Error)
+			return users, result.Error
+		}
 	}
+
+	if IsArangoDB {
+		query := fmt.Sprintf("FOR d in %s RETURN d", Collections.User)
+
+		cursor, err := mgr.arangodb.Query(nil, query, nil)
+		if err != nil {
+			return users, err
+		}
+		defer cursor.Close()
+
+		for {
+			var user User
+			meta, err := cursor.ReadDocument(nil, &user)
+
+			if driver.IsNoMoreDocuments(err) {
+				break
+			} else if err != nil {
+				return users, err
+			}
+
+			if meta.Key != "" {
+				users = append(users, user)
+			}
+		}
+	}
+
+	if IsMongoDB {
+		userCollection := mgr.mongodb.Collection(Collections.User, options.Collection())
+		cursor, err := userCollection.Find(nil, bson.M{}, options.Find())
+		if err != nil {
+			log.Println("error getting users:", err)
+			return users, err
+		}
+		defer cursor.Close(nil)
+
+		for cursor.Next(nil) {
+			var user User
+			err := cursor.Decode(&user)
+			if err != nil {
+				return users, err
+			}
+			users = append(users, user)
+		}
+	}
+
 	return users, nil
 }
 
 func (mgr *manager) GetUserByEmail(email string) (User, error) {
 	var user User
-	result := mgr.db.Where("email = ?", email).First(&user)
 
-	if result.Error != nil {
-		return user, result.Error
+	if IsORMSupported {
+		result := mgr.sqlDB.Where("email = ?", email).First(&user)
+
+		if result.Error != nil {
+			return user, result.Error
+		}
+	}
+
+	if IsArangoDB {
+		query := fmt.Sprintf("FOR d in %s FILTER d.email == @email RETURN d", Collections.User)
+		bindVars := map[string]interface{}{
+			"email": email,
+		}
+
+		cursor, err := mgr.arangodb.Query(nil, query, bindVars)
+		if err != nil {
+			return user, err
+		}
+		defer cursor.Close()
+
+		for {
+			if !cursor.HasMore() {
+				if user.Key == "" {
+					return user, fmt.Errorf("user not found")
+				}
+				break
+			}
+			_, err := cursor.ReadDocument(nil, &user)
+			if err != nil {
+				return user, err
+			}
+		}
+	}
+
+	if IsMongoDB {
+		userCollection := mgr.mongodb.Collection(Collections.User, options.Collection())
+		err := userCollection.FindOne(nil, bson.M{"email": email}).Decode(&user)
+		if err != nil {
+			return user, err
+		}
 	}
 
 	return user, nil
 }
 
-func (mgr *manager) UpdateVerificationTime(verifiedAt int64, id uint) error {
-	user := &User{
-		ID: id,
-	}
-	result := mgr.db.Model(&user).Where("id = ?", id).Update("email_verified_at", verifiedAt)
-
-	if result.Error != nil {
-		return result.Error
-	}
-
-	return nil
-}
-
-func (mgr *manager) DeleteUser(email string) error {
+func (mgr *manager) GetUserByID(id string) (User, error) {
 	var user User
-	result := mgr.db.Where("email = ?", email).Delete(&user)
 
-	if result.Error != nil {
-		log.Println(`Error deleting user:`, result.Error)
-		return result.Error
+	if IsORMSupported {
+		result := mgr.sqlDB.Where("id = ?", id).First(&user)
+
+		if result.Error != nil {
+			return user, result.Error
+		}
+	}
+
+	if IsArangoDB {
+		query := fmt.Sprintf("FOR d in %s FILTER d._id == @id LIMIT 1 RETURN d", Collections.User)
+		bindVars := map[string]interface{}{
+			"id": id,
+		}
+
+		cursor, err := mgr.arangodb.Query(nil, query, bindVars)
+		if err != nil {
+			return user, err
+		}
+		defer cursor.Close()
+
+		for {
+			if !cursor.HasMore() {
+				if user.Key == "" {
+					return user, fmt.Errorf("user not found")
+				}
+				break
+			}
+			_, err := cursor.ReadDocument(nil, &user)
+			if err != nil {
+				return user, err
+			}
+		}
+	}
+
+	if IsMongoDB {
+		userCollection := mgr.mongodb.Collection(Collections.User, options.Collection())
+		err := userCollection.FindOne(nil, bson.M{"_id": id}).Decode(&user)
+		if err != nil {
+			return user, err
+		}
+	}
+
+	return user, nil
+}
+
+func (mgr *manager) DeleteUser(user User) error {
+	if IsORMSupported {
+		result := mgr.sqlDB.Delete(&user)
+
+		if result.Error != nil {
+			log.Println(`error deleting user:`, result.Error)
+			return result.Error
+		}
+	}
+
+	if IsArangoDB {
+		collection, _ := mgr.arangodb.Collection(nil, Collections.User)
+		_, err := collection.RemoveDocument(nil, user.Key)
+		if err != nil {
+			log.Println(`error deleting user:`, err)
+			return err
+		}
+	}
+
+	if IsMongoDB {
+		userCollection := mgr.mongodb.Collection(Collections.User, options.Collection())
+		_, err := userCollection.DeleteOne(nil, bson.M{"_id": user.ID}, options.Delete())
+		if err != nil {
+			log.Println("error deleting user:", err)
+			return err
+		}
 	}
 
 	return nil

server/db/verificationRequests.go

@@ -1,77 +0,0 @@
-package db
-
-import (
-	"log"
-
-	"gorm.io/gorm/clause"
-)
-
-type VerificationRequest struct {
-	ID         uint   `gorm:"primaryKey"`
-	Token      string `gorm:"index"`
-	Identifier string
-	ExpiresAt  int64
-	CreatedAt  int64  `gorm:"autoCreateTime"`
-	UpdatedAt  int64  `gorm:"autoUpdateTime"`
-	Email      string `gorm:"unique"`
-}
-
-// AddVerification function to add verification record
-func (mgr *manager) AddVerification(verification VerificationRequest) (VerificationRequest, error) {
-	result := mgr.db.Clauses(clause.OnConflict{
-		Columns:   []clause.Column{{Name: "email"}},
-		DoUpdates: clause.AssignmentColumns([]string{"token", "identifier", "expires_at"}),
-	}).Create(&verification)
-	if result.Error != nil {
-		log.Println(`Error saving verification record`, result.Error)
-		return verification, result.Error
-	}
-	return verification, nil
-}
-
-func (mgr *manager) GetVerificationByToken(token string) (VerificationRequest, error) {
-	var verification VerificationRequest
-	result := mgr.db.Where("token = ?", token).First(&verification)
-
-	if result.Error != nil {
-		log.Println(`Error getting verification token:`, result.Error)
-		return verification, result.Error
-	}
-
-	return verification, nil
-}
-
-func (mgr *manager) GetVerificationByEmail(email string) (VerificationRequest, error) {
-	var verification VerificationRequest
-	result := mgr.db.Where("email = ?", email).First(&verification)
-
-	if result.Error != nil {
-		log.Println(`Error getting verification token:`, result.Error)
-		return verification, result.Error
-	}
-
-	return verification, nil
-}
-
-func (mgr *manager) DeleteToken(email string) error {
-	var verification VerificationRequest
-	result := mgr.db.Where("email = ?", email).Delete(&verification)
-
-	if result.Error != nil {
-		log.Println(`Error deleting token:`, result.Error)
-		return result.Error
-	}
-
-	return nil
-}
-
-// GetUsers function to get all users
-func (mgr *manager) GetVerificationRequests() ([]VerificationRequest, error) {
-	var verificationRequests []VerificationRequest
-	result := mgr.db.Find(&verificationRequests)
-	if result.Error != nil {
-		log.Println(result.Error)
-		return verificationRequests, result.Error
-	}
-	return verificationRequests, nil
-}

server/db/verification_requests.go

@@ -0,0 +1,260 @@
+package db
+
+import (
+	"fmt"
+	"log"
+	"time"
+
+	"github.com/arangodb/go-driver"
+	"github.com/google/uuid"
+	"go.mongodb.org/mongo-driver/bson"
+	"go.mongodb.org/mongo-driver/mongo/options"
+	"gorm.io/gorm/clause"
+)
+
+type VerificationRequest struct {
+	Key        string `json:"_key,omitempty" bson:"_key"` // for arangodb
+	ID         string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id"`
+	Token      string `gorm:"type:text" json:"token" bson:"token"`
+	Identifier string `gorm:"uniqueIndex:idx_email_identifier" json:"identifier" bson:"identifier"`
+	ExpiresAt  int64  `json:"expires_at" bson:"expires_at"`
+	CreatedAt  int64  `gorm:"autoCreateTime" json:"created_at" bson:"created_at"`
+	UpdatedAt  int64  `gorm:"autoUpdateTime" json:"updated_at" bson:"updated_at"`
+	Email      string `gorm:"uniqueIndex:idx_email_identifier" json:"email" bson:"email"`
+}
+
+// AddVerification function to add verification record
+func (mgr *manager) AddVerification(verification VerificationRequest) (VerificationRequest, error) {
+	if verification.ID == "" {
+		verification.ID = uuid.New().String()
+	}
+	if IsORMSupported {
+		// copy id as value for fields required for mongodb & arangodb
+		verification.Key = verification.ID
+		result := mgr.sqlDB.Clauses(clause.OnConflict{
+			Columns:   []clause.Column{{Name: "email"}, {Name: "identifier"}},
+			DoUpdates: clause.AssignmentColumns([]string{"token", "expires_at"}),
+		}).Create(&verification)
+
+		if result.Error != nil {
+			log.Println(`error saving verification record`, result.Error)
+			return verification, result.Error
+		}
+	}
+
+	if IsArangoDB {
+		verification.CreatedAt = time.Now().Unix()
+		verification.UpdatedAt = time.Now().Unix()
+		verificationRequestCollection, _ := mgr.arangodb.Collection(nil, Collections.VerificationRequest)
+		meta, err := verificationRequestCollection.CreateDocument(nil, verification)
+		if err != nil {
+			log.Println("error saving verification record:", err)
+			return verification, err
+		}
+		verification.Key = meta.Key
+		verification.ID = meta.ID.String()
+	}
+
+	if IsMongoDB {
+		verification.CreatedAt = time.Now().Unix()
+		verification.UpdatedAt = time.Now().Unix()
+		verification.Key = verification.ID
+		verificationRequestCollection := mgr.mongodb.Collection(Collections.VerificationRequest, options.Collection())
+		_, err := verificationRequestCollection.InsertOne(nil, verification)
+		if err != nil {
+			log.Println("error saving verification record:", err)
+			return verification, err
+		}
+	}
+
+	return verification, nil
+}
+
+// GetVerificationRequests function to get all verification requests
+func (mgr *manager) GetVerificationRequests() ([]VerificationRequest, error) {
+	var verificationRequests []VerificationRequest
+
+	if IsORMSupported {
+		result := mgr.sqlDB.Find(&verificationRequests)
+		if result.Error != nil {
+			log.Println("error getting verification requests:", result.Error)
+			return verificationRequests, result.Error
+		}
+	}
+
+	if IsArangoDB {
+		query := fmt.Sprintf("FOR d in %s RETURN d", Collections.VerificationRequest)
+
+		cursor, err := mgr.arangodb.Query(nil, query, nil)
+		if err != nil {
+			return verificationRequests, err
+		}
+		defer cursor.Close()
+
+		for {
+			var verificationRequest VerificationRequest
+			meta, err := cursor.ReadDocument(nil, &verificationRequest)
+
+			if driver.IsNoMoreDocuments(err) {
+				break
+			} else if err != nil {
+				return verificationRequests, err
+			}
+
+			if meta.Key != "" {
+				verificationRequests = append(verificationRequests, verificationRequest)
+			}
+
+		}
+	}
+
+	if IsMongoDB {
+		verificationRequestCollection := mgr.mongodb.Collection(Collections.VerificationRequest, options.Collection())
+		cursor, err := verificationRequestCollection.Find(nil, bson.M{}, options.Find())
+		if err != nil {
+			log.Println("error getting verification requests:", err)
+			return verificationRequests, err
+		}
+		defer cursor.Close(nil)
+
+		for cursor.Next(nil) {
+			var verificationRequest VerificationRequest
+			err := cursor.Decode(&verificationRequest)
+			if err != nil {
+				return verificationRequests, err
+			}
+			verificationRequests = append(verificationRequests, verificationRequest)
+		}
+	}
+
+	return verificationRequests, nil
+}
+
+func (mgr *manager) GetVerificationByToken(token string) (VerificationRequest, error) {
+	var verification VerificationRequest
+
+	if IsORMSupported {
+		result := mgr.sqlDB.Where("token = ?", token).First(&verification)
+
+		if result.Error != nil {
+			log.Println(`error getting verification request:`, result.Error)
+			return verification, result.Error
+		}
+	}
+
+	if IsArangoDB {
+		query := fmt.Sprintf("FOR d in %s FILTER d.token == @token LIMIT 1 RETURN d", Collections.VerificationRequest)
+		bindVars := map[string]interface{}{
+			"token": token,
+		}
+
+		cursor, err := mgr.arangodb.Query(nil, query, bindVars)
+		if err != nil {
+			return verification, err
+		}
+		defer cursor.Close()
+
+		for {
+			if !cursor.HasMore() {
+				if verification.Key == "" {
+					return verification, fmt.Errorf("verification request not found")
+				}
+				break
+			}
+			_, err := cursor.ReadDocument(nil, &verification)
+			if err != nil {
+				return verification, err
+			}
+		}
+	}
+
+	if IsMongoDB {
+		verificationRequestCollection := mgr.mongodb.Collection(Collections.VerificationRequest, options.Collection())
+		err := verificationRequestCollection.FindOne(nil, bson.M{"token": token}).Decode(&verification)
+		if err != nil {
+			return verification, err
+		}
+	}
+
+	return verification, nil
+}
+
+func (mgr *manager) GetVerificationByEmail(email string, identifier string) (VerificationRequest, error) {
+	var verification VerificationRequest
+	if IsORMSupported {
+		result := mgr.sqlDB.Where("email = ? AND identifier = ?", email, identifier).First(&verification)
+
+		if result.Error != nil {
+			log.Println(`error getting verification token:`, result.Error)
+			return verification, result.Error
+		}
+	}
+
+	if IsArangoDB {
+		query := fmt.Sprintf("FOR d in %s FILTER d.email == @email FILTER d.identifier == @identifier LIMIT 1 RETURN d", Collections.VerificationRequest)
+		bindVars := map[string]interface{}{
+			"email":      email,
+			"identifier": identifier,
+		}
+
+		cursor, err := mgr.arangodb.Query(nil, query, bindVars)
+		if err != nil {
+			return verification, err
+		}
+		defer cursor.Close()
+
+		for {
+			if !cursor.HasMore() {
+				if verification.Key == "" {
+					return verification, fmt.Errorf("verification request not found")
+				}
+				break
+			}
+			_, err := cursor.ReadDocument(nil, &verification)
+			if err != nil {
+				return verification, err
+			}
+		}
+	}
+
+	if IsMongoDB {
+		verificationRequestCollection := mgr.mongodb.Collection(Collections.VerificationRequest, options.Collection())
+		err := verificationRequestCollection.FindOne(nil, bson.M{"email": email, "identifier": identifier}).Decode(&verification)
+		if err != nil {
+			return verification, err
+		}
+	}
+
+	return verification, nil
+}
+
+func (mgr *manager) DeleteVerificationRequest(verificationRequest VerificationRequest) error {
+	if IsORMSupported {
+		result := mgr.sqlDB.Delete(&verificationRequest)
+
+		if result.Error != nil {
+			log.Println(`error deleting verification request:`, result.Error)
+			return result.Error
+		}
+	}
+
+	if IsArangoDB {
+		collection, _ := mgr.arangodb.Collection(nil, Collections.VerificationRequest)
+		_, err := collection.RemoveDocument(nil, verificationRequest.Key)
+		if err != nil {
+			log.Println(`error deleting verification request:`, err)
+			return err
+		}
+	}
+
+	if IsMongoDB {
+		verificationRequestCollection := mgr.mongodb.Collection(Collections.VerificationRequest, options.Collection())
+		_, err := verificationRequestCollection.DeleteOne(nil, bson.M{"_id": verificationRequest.ID}, options.Delete())
+		if err != nil {
+			log.Println("error deleting verification request::", err)
+			return err
+		}
+	}
+
+	return nil
+}

server/enum/db_types.go

@@ -6,6 +6,9 @@ const (
 	Postgres DbType = iota
 	Sqlite
 	Mysql
+	SQLServer
+	Arangodb
+	Mongodb
 )
 
 func (d DbType) String() string {
@@ -13,5 +16,8 @@ func (d DbType) String() string {
 		"postgres",
 		"sqlite",
 		"mysql",
+		"sqlserver",
+		"arangodb",
+		"mongodb",
 	}[d]
 }

server/enum/signup_methods.go

@@ -4,7 +4,7 @@ type SignupMethod int
 
 const (
 	BasicAuth SignupMethod = iota
-	MagicLink
+	MagicLinkLogin
 	Google
 	Github
 	Facebook
@@ -13,7 +13,7 @@ const (
 func (d SignupMethod) String() string {
 	return [...]string{
 		"basic_auth",
-		"magic_link",
+		"magic_link_login",
 		"google",
 		"github",
 		"facebook",

server/env.go

@@ -1,146 +0,0 @@
-package main
-
-import (
-	"flag"
-	"log"
-	"os"
-	"strings"
-
-	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/joho/godotenv"
-)
-
-// build variables
-var Version string
-
-// ParseArgs -> to parse the cli flag and get db url. This is useful with heroku button
-func ParseArgs() {
-	dbURL := flag.String("database_url", "", "Database connection string")
-	dbType := flag.String("databse_type", "", "Database type, possible values are postgres,mysql,sqlite")
-	authorizerURL := flag.String("authorizer_url", "", "URL for authorizer instance, eg: https://xyz.herokuapp.com")
-
-	flag.Parse()
-	if *dbURL != "" {
-		constants.DATABASE_URL = *dbURL
-	}
-
-	if *dbType != "" {
-		constants.DATABASE_TYPE = *dbType
-	}
-
-	if *authorizerURL != "" {
-		constants.AUTHORIZER_URL = *authorizerURL
-	}
-}
-
-// InitEnv -> to initialize env and through error if required env are not present
-func InitEnv() {
-	envPath := `.env`
-	envFile := flag.String("env_file", "", "Env file path")
-	flag.Parse()
-	if *envFile != "" {
-		envPath = *envFile
-	}
-	err := godotenv.Load(envPath)
-	if err != nil {
-		log.Println("Error loading .env file")
-	}
-
-	constants.VERSION = Version
-
-	constants.ADMIN_SECRET = os.Getenv("ADMIN_SECRET")
-	constants.ENV = os.Getenv("ENV")
-	constants.DATABASE_TYPE = os.Getenv("DATABASE_TYPE")
-	constants.DATABASE_URL = os.Getenv("DATABASE_URL")
-	constants.SMTP_HOST = os.Getenv("SMTP_HOST")
-	constants.SMTP_PORT = os.Getenv("SMTP_PORT")
-	constants.SENDER_EMAIL = os.Getenv("SENDER_EMAIL")
-	constants.SENDER_PASSWORD = os.Getenv("SENDER_PASSWORD")
-	constants.JWT_SECRET = os.Getenv("JWT_SECRET")
-	constants.JWT_TYPE = os.Getenv("JWT_TYPE")
-	constants.AUTHORIZER_URL = strings.TrimSuffix(os.Getenv("AUTHORIZER_URL"), "/")
-	constants.PORT = os.Getenv("PORT")
-	constants.REDIS_URL = os.Getenv("REDIS_URL")
-	constants.COOKIE_NAME = os.Getenv("COOKIE_NAME")
-	constants.GOOGLE_CLIENT_ID = os.Getenv("GOOGLE_CLIENT_ID")
-	constants.GOOGLE_CLIENT_SECRET = os.Getenv("GOOGLE_CLIENT_SECRET")
-	constants.GITHUB_CLIENT_ID = os.Getenv("GITHUB_CLIENT_ID")
-	constants.GITHUB_CLIENT_SECRET = os.Getenv("GITHUB_CLIENT_SECRET")
-	constants.FACEBOOK_CLIENT_ID = os.Getenv("FACEBOOK_CLIENT_ID")
-	constants.FACEBOOK_CLIENT_SECRET = os.Getenv("FACEBOOK_CLIENT_SECRET")
-	constants.TWITTER_CLIENT_ID = os.Getenv("TWITTER_CLIENT_ID")
-	constants.TWITTER_CLIENT_SECRET = os.Getenv("TWITTER_CLIENT_SECRET")
-	constants.RESET_PASSWORD_URL = strings.TrimPrefix(os.Getenv("RESET_PASSWORD_URL"), "/")
-	constants.DISABLE_BASIC_AUTHENTICATION = os.Getenv("DISABLE_BASIC_AUTHENTICATION")
-	constants.DISABLE_EMAIL_VERIFICATION = os.Getenv("DISABLE_EMAIL_VERIFICATION")
-
-	if constants.ADMIN_SECRET == "" {
-		panic("root admin secret is required")
-	}
-
-	if constants.ENV == "" {
-		constants.ENV = "production"
-	}
-
-	if constants.ENV == "production" {
-		constants.IS_PROD = true
-		os.Setenv("GIN_MODE", "release")
-	} else {
-		constants.IS_PROD = false
-	}
-
-	allowedOriginsSplit := strings.Split(os.Getenv("ALLOWED_ORIGINS"), ",")
-	allowedOrigins := []string{}
-	for _, val := range allowedOriginsSplit {
-		trimVal := strings.TrimSpace(val)
-		if trimVal != "" {
-			allowedOrigins = append(allowedOrigins, trimVal)
-		}
-	}
-	if len(allowedOrigins) == 0 {
-		allowedOrigins = []string{"*"}
-	}
-	constants.ALLOWED_ORIGINS = allowedOrigins
-
-	allowedCallbackSplit := strings.Split(os.Getenv("ALLOWED_CALLBACK_URLS"), ",")
-	allowedCallbacks := []string{}
-	for _, val := range allowedCallbackSplit {
-		trimVal := strings.TrimSpace(val)
-		if trimVal != "" {
-			allowedCallbacks = append(allowedCallbacks, trimVal)
-		}
-	}
-	if len(allowedCallbackSplit) == 0 {
-		allowedCallbackSplit = []string{"*"}
-	}
-	constants.ALLOWED_CALLBACK_URLS = allowedCallbackSplit
-
-	ParseArgs()
-	if constants.DATABASE_URL == "" {
-		panic("Database url is required")
-	}
-
-	if constants.DATABASE_TYPE == "" {
-		panic("Database type is required")
-	}
-
-	if constants.JWT_TYPE == "" {
-		constants.JWT_TYPE = "HS256"
-	}
-
-	if constants.COOKIE_NAME == "" {
-		constants.COOKIE_NAME = "authorizer"
-	}
-
-	if constants.DISABLE_BASIC_AUTHENTICATION == "" {
-		constants.DISABLE_BASIC_AUTHENTICATION = "false"
-	}
-
-	if constants.DISABLE_EMAIL_VERIFICATION == "" && constants.DISABLE_BASIC_AUTHENTICATION == "false" {
-		if constants.SMTP_HOST == "" || constants.SENDER_EMAIL == "" || constants.SENDER_PASSWORD == "" {
-			constants.DISABLE_EMAIL_VERIFICATION = "true"
-		} else {
-			constants.DISABLE_EMAIL_VERIFICATION = "false"
-		}
-	}
-}

server/env/env.go

@@ -0,0 +1,273 @@
+package env
+
+import (
+	"log"
+	"os"
+	"strings"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/joho/godotenv"
+)
+
+// build variables
+var (
+	ARG_DB_URL         *string
+	ARG_DB_TYPE        *string
+	ARG_AUTHORIZER_URL *string
+	ARG_ENV_FILE       *string
+)
+
+// InitEnv -> to initialize env and through error if required env are not present
+func InitEnv() {
+	if constants.ENV_PATH == "" {
+		constants.ENV_PATH = `.env`
+	}
+
+	if ARG_ENV_FILE != nil && *ARG_ENV_FILE != "" {
+		constants.ENV_PATH = *ARG_ENV_FILE
+	}
+
+	err := godotenv.Load(constants.ENV_PATH)
+	if err != nil {
+		log.Printf("error loading %s file", constants.ENV_PATH)
+	}
+
+	if constants.ADMIN_SECRET == "" {
+		constants.ADMIN_SECRET = os.Getenv("ADMIN_SECRET")
+		if constants.ADMIN_SECRET == "" {
+			panic("root admin secret is required")
+		}
+	}
+
+	if constants.ENV == "" {
+		constants.ENV = os.Getenv("ENV")
+		if constants.ENV == "" {
+			constants.ENV = "production"
+		}
+
+		if constants.ENV == "production" {
+			constants.IS_PROD = true
+			os.Setenv("GIN_MODE", "release")
+		} else {
+			constants.IS_PROD = false
+		}
+	}
+
+	if constants.DATABASE_TYPE == "" {
+		constants.DATABASE_TYPE = os.Getenv("DATABASE_TYPE")
+		log.Println(constants.DATABASE_TYPE)
+
+		if ARG_DB_TYPE != nil && *ARG_DB_TYPE != "" {
+			constants.DATABASE_TYPE = *ARG_DB_TYPE
+		}
+
+		if constants.DATABASE_TYPE == "" {
+			panic("DATABASE_TYPE is required")
+		}
+	}
+
+	if constants.DATABASE_URL == "" {
+		constants.DATABASE_URL = os.Getenv("DATABASE_URL")
+
+		if ARG_DB_URL != nil && *ARG_DB_URL != "" {
+			constants.DATABASE_URL = *ARG_DB_URL
+		}
+
+		if constants.DATABASE_URL == "" {
+			panic("DATABASE_URL is required")
+		}
+	}
+
+	if constants.DATABASE_NAME == "" {
+		constants.DATABASE_NAME = os.Getenv("DATABASE_NAME")
+		if constants.DATABASE_NAME == "" {
+			constants.DATABASE_NAME = "authorizer"
+		}
+	}
+
+	if constants.SMTP_HOST == "" {
+		constants.SMTP_HOST = os.Getenv("SMTP_HOST")
+	}
+
+	if constants.SMTP_PORT == "" {
+		constants.SMTP_PORT = os.Getenv("SMTP_PORT")
+	}
+
+	if constants.SENDER_EMAIL == "" {
+		constants.SENDER_EMAIL = os.Getenv("SENDER_EMAIL")
+	}
+
+	if constants.SENDER_PASSWORD == "" {
+		constants.SENDER_PASSWORD = os.Getenv("SENDER_PASSWORD")
+	}
+
+	if constants.JWT_SECRET == "" {
+		constants.JWT_SECRET = os.Getenv("JWT_SECRET")
+	}
+
+	if constants.JWT_TYPE == "" {
+		constants.JWT_TYPE = os.Getenv("JWT_TYPE")
+	}
+
+	if constants.JWT_ROLE_CLAIM == "" {
+		constants.JWT_ROLE_CLAIM = os.Getenv("JWT_ROLE_CLAIM")
+
+		if constants.JWT_ROLE_CLAIM == "" {
+			constants.JWT_ROLE_CLAIM = "role"
+		}
+	}
+
+	if constants.AUTHORIZER_URL == "" {
+		constants.AUTHORIZER_URL = strings.TrimSuffix(os.Getenv("AUTHORIZER_URL"), "/")
+
+		if ARG_AUTHORIZER_URL != nil && *ARG_AUTHORIZER_URL != "" {
+			constants.AUTHORIZER_URL = *ARG_AUTHORIZER_URL
+		}
+	}
+
+	if constants.PORT == "" {
+		constants.PORT = os.Getenv("PORT")
+		if constants.PORT == "" {
+			constants.PORT = "8080"
+		}
+	}
+
+	if constants.REDIS_URL == "" {
+		constants.REDIS_URL = os.Getenv("REDIS_URL")
+	}
+
+	if constants.COOKIE_NAME == "" {
+		constants.COOKIE_NAME = os.Getenv("COOKIE_NAME")
+	}
+
+	if constants.GOOGLE_CLIENT_ID == "" {
+		constants.GOOGLE_CLIENT_ID = os.Getenv("GOOGLE_CLIENT_ID")
+	}
+
+	if constants.GOOGLE_CLIENT_SECRET == "" {
+		constants.GOOGLE_CLIENT_SECRET = os.Getenv("GOOGLE_CLIENT_SECRET")
+	}
+
+	if constants.GITHUB_CLIENT_ID == "" {
+		constants.GITHUB_CLIENT_ID = os.Getenv("GITHUB_CLIENT_ID")
+	}
+
+	if constants.GITHUB_CLIENT_SECRET == "" {
+		constants.GITHUB_CLIENT_SECRET = os.Getenv("GITHUB_CLIENT_SECRET")
+	}
+
+	if constants.FACEBOOK_CLIENT_ID == "" {
+		constants.FACEBOOK_CLIENT_ID = os.Getenv("FACEBOOK_CLIENT_ID")
+	}
+
+	if constants.FACEBOOK_CLIENT_SECRET == "" {
+		constants.FACEBOOK_CLIENT_SECRET = os.Getenv("FACEBOOK_CLIENT_SECRET")
+	}
+
+	if constants.RESET_PASSWORD_URL == "" {
+		constants.RESET_PASSWORD_URL = strings.TrimPrefix(os.Getenv("RESET_PASSWORD_URL"), "/")
+	}
+
+	constants.DISABLE_BASIC_AUTHENTICATION = os.Getenv("DISABLE_BASIC_AUTHENTICATION") == "true"
+	constants.DISABLE_EMAIL_VERIFICATION = os.Getenv("DISABLE_EMAIL_VERIFICATION") == "true"
+	constants.DISABLE_MAGIC_LINK_LOGIN = os.Getenv("DISABLE_MAGIC_LINK_LOGIN") == "true"
+
+	if constants.SMTP_HOST == "" || constants.SENDER_EMAIL == "" || constants.SENDER_PASSWORD == "" {
+		constants.DISABLE_EMAIL_VERIFICATION = true
+		constants.DISABLE_MAGIC_LINK_LOGIN = true
+	}
+
+	allowedOriginsSplit := strings.Split(os.Getenv("ALLOWED_ORIGINS"), ",")
+	allowedOrigins := []string{}
+	hasWildCard := false
+
+	for _, val := range allowedOriginsSplit {
+		trimVal := strings.TrimSpace(val)
+		if trimVal != "" {
+			if trimVal != "*" {
+				host, port := utils.GetHostParts(trimVal)
+				allowedOrigins = append(allowedOrigins, host+":"+port)
+			} else {
+				hasWildCard = true
+				allowedOrigins = append(allowedOrigins, trimVal)
+				break
+			}
+		}
+	}
+
+	if len(allowedOrigins) > 1 && hasWildCard {
+		allowedOrigins = []string{"*"}
+	}
+
+	if len(allowedOrigins) == 0 {
+		allowedOrigins = []string{"*"}
+	}
+
+	constants.ALLOWED_ORIGINS = allowedOrigins
+
+	if constants.JWT_TYPE == "" {
+		constants.JWT_TYPE = "HS256"
+	}
+
+	if constants.COOKIE_NAME == "" {
+		constants.COOKIE_NAME = "authorizer"
+	}
+
+	if constants.DISABLE_EMAIL_VERIFICATION {
+		constants.DISABLE_MAGIC_LINK_LOGIN = true
+	}
+
+	rolesEnv := strings.TrimSpace(os.Getenv("ROLES"))
+	rolesSplit := strings.Split(rolesEnv, ",")
+	roles := []string{}
+	if len(rolesEnv) == 0 {
+		roles = []string{"user"}
+	}
+
+	defaultRolesEnv := strings.TrimSpace(os.Getenv("DEFAULT_ROLES"))
+	defaultRoleSplit := strings.Split(defaultRolesEnv, ",")
+	defaultRoles := []string{}
+
+	if len(defaultRolesEnv) == 0 {
+		defaultRoles = []string{"user"}
+	}
+
+	protectedRolesEnv := strings.TrimSpace(os.Getenv("PROTECTED_ROLES"))
+	protectedRolesSplit := strings.Split(protectedRolesEnv, ",")
+	protectedRoles := []string{}
+
+	if len(protectedRolesEnv) > 0 {
+		for _, val := range protectedRolesSplit {
+			trimVal := strings.TrimSpace(val)
+			protectedRoles = append(protectedRoles, trimVal)
+		}
+	}
+
+	for _, val := range rolesSplit {
+		trimVal := strings.TrimSpace(val)
+		if trimVal != "" {
+			roles = append(roles, trimVal)
+		}
+
+		if utils.StringSliceContains(defaultRoleSplit, trimVal) {
+			defaultRoles = append(defaultRoles, trimVal)
+		}
+	}
+
+	if len(roles) > 0 && len(defaultRoles) == 0 && len(defaultRoleSplit) > 0 {
+		panic(`Invalid DEFAULT_ROLE environment variable. It can be one from give ROLES environment variable value`)
+	}
+
+	constants.ROLES = roles
+	constants.DEFAULT_ROLES = defaultRoles
+	constants.PROTECTED_ROLES = protectedRoles
+
+	if os.Getenv("ORGANIZATION_NAME") != "" {
+		constants.ORGANIZATION_NAME = os.Getenv("ORGANIZATION_NAME")
+	}
+
+	if os.Getenv("ORGANIZATION_LOGO") != "" {
+		constants.ORGANIZATION_LOGO = os.Getenv("ORGANIZATION_LOGO")
+	}
+}

server/go.mod

@@ -3,29 +3,36 @@ module github.com/authorizerdev/authorizer/server
 go 1.16
 
 require (
-	github.com/99designs/gqlgen v0.13.0
-	github.com/gin-contrib/location v0.0.2 // indirect
+	github.com/99designs/gqlgen v0.14.0
+	github.com/arangodb/go-driver v1.2.1
+	github.com/coreos/go-oidc/v3 v3.1.0
+	github.com/gin-contrib/location v0.0.2
 	github.com/gin-gonic/gin v1.7.2
 	github.com/go-playground/validator/v10 v10.8.0 // indirect
 	github.com/go-redis/redis/v8 v8.11.0
-	github.com/golang-jwt/jwt v3.2.1+incompatible
+	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.3.0
-	github.com/jackc/pgproto3/v2 v2.1.0 // indirect
 	github.com/joho/godotenv v1.3.0
 	github.com/json-iterator/go v1.1.11 // indirect
 	github.com/mattn/go-isatty v0.0.13 // indirect
-	github.com/mattn/go-sqlite3 v1.14.7 // indirect
+	github.com/mitchellh/mapstructure v1.1.2 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f
+	github.com/stretchr/testify v1.7.0
 	github.com/ugorji/go v1.2.6 // indirect
-	github.com/vektah/gqlparser/v2 v2.1.0
-	golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97
+	github.com/vektah/gqlparser/v2 v2.2.0
+	go.mongodb.org/mongo-driver v1.8.1
+	golang.org/x/crypto v0.0.0-20210921155107-089bfa567519
 	golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect
 	golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gorm.io/driver/mysql v1.1.1
-	gorm.io/driver/postgres v1.1.0
-	gorm.io/driver/sqlite v1.1.4
-	gorm.io/gorm v1.21.11
+	gorm.io/driver/mysql v1.2.1
+	gorm.io/driver/postgres v1.2.3
+	gorm.io/driver/sqlite v1.2.6
+	gorm.io/driver/sqlserver v1.2.1
+	gorm.io/gorm v1.22.4
 )

server/go.sum

@@ -12,7 +12,6 @@ cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bP
 cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
 cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
 cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0 h1:Dg9iHVQfrhq82rUNu9ZxUDrJLaxFUe/HlCVaLyRruq8=
 cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
 cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
@@ -32,89 +31,57 @@ cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohl
 cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
 cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
-github.com/99designs/gqlgen v0.13.0 h1:haLTcUp3Vwp80xMVEg5KRNwzfUrgFdRmtBY8fuB8scA=
-github.com/99designs/gqlgen v0.13.0/go.mod h1:NV130r6f4tpRWuAI+zsrSdooO/eWUv+Gyyoi3rEfXIk=
+github.com/99designs/gqlgen v0.14.0 h1:Wg8aNYQUjMR/4v+W3xD+7SizOy6lSvVeQ06AobNQAXI=
+github.com/99designs/gqlgen v0.14.0/go.mod h1:S7z4boV+Nx4VvzMUpVrY/YuHjFX4n7rDyuTqvAkuoRE=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
-github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/Masterminds/semver/v3 v3.1.1 h1:hLg3sBzpNErnxhQtUy/mmLR2I9foDujNK030IGemrRc=
 github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
-github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
-github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
-github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM=
-github.com/agnivade/levenshtein v1.0.3 h1:M5ZnqLOoZR8ygVq0FfkXsNOKzMCk0xRiow0R5+5VkQ0=
-github.com/agnivade/levenshtein v1.0.3/go.mod h1:4SFRZbbXWLF4MU1T9Qg0pGgH3Pjs+t6ie5efyrwRJXs=
-github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
-github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
-github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/agnivade/levenshtein v1.1.0 h1:n6qGwyHG61v3ABce1rPVZklEYRT8NFpCMrpZdBUbYGM=
+github.com/agnivade/levenshtein v1.1.0/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883 h1:bvNMNQO63//z+xNgfBlViaCIJKLlCJ6/fmUseuG0wVQ=
 github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8=
-github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
-github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ=
+github.com/arangodb/go-driver v1.2.1 h1:HREDHhDmzdIWxHmfkfTESbYUnRjESjPh4WUuXq7FZa8=
+github.com/arangodb/go-driver v1.2.1/go.mod h1:zdDkJJnCj8DAkfbtIjIXnsTrWIiy6VhP3Vy14p+uQeY=
+github.com/arangodb/go-velocypack v0.0.0-20200318135517-5af53c29c67e h1:Xg+hGrY2LcQBbxd0ZFdbGSyRKTYMZCfBbw/pMJFOk1g=
+github.com/arangodb/go-velocypack v0.0.0-20200318135517-5af53c29c67e/go.mod h1:mq7Shfa/CaixoDxiyAAc5jZ6CVBAyPaNQCGS7mkj4Ho=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
-github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
-github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
-github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
-github.com/aryann/difflib v0.0.0-20170710044230-e206f873d14a/go.mod h1:DAHtR1m6lCRdSC2Tm3DSWRPvIPr6xNKyeHdqDQSQT+A=
-github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
-github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
-github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
-github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
-github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
-github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
-github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
-github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ=
-github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
 github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
 github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
 github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
 github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
-github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
-github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
-github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
-github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
+github.com/coreos/go-iptables v0.4.3/go.mod h1:/mVI274lEDI2ns62jHCDnCyBF9Iwsmekav8Dbxlm1MU=
+github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbrRw=
+github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo=
 github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
 github.com/coreos/go-systemd v0.0.0-20190719114852-fd7a80b32e1f/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA=
-github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
+github.com/denisenkom/go-mssqldb v0.11.0 h1:9rHa233rhdOyrz2GcP9NM+gi2psgJZ4GWDpL/7ND8HI=
+github.com/denisenkom/go-mssqldb v0.11.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27NDyej4t/EjAShU=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
 github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
-github.com/dgryski/trifles v0.0.0-20190318185328-a8d75aae118c h1:TUuUh0Xgj97tLMNtWtNvI9mIV6isjEb9lBMNv+77IGM=
-github.com/dgryski/trifles v0.0.0-20190318185328-a8d75aae118c/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
-github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
-github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs=
-github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
-github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
-github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
-github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
+github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g=
+github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
-github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
-github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
 github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
-github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gin-contrib/location v0.0.2 h1:QZKh1+K/LLR4KG/61eIO3b7MLuKi8tytQhV6texLgP4=
 github.com/gin-contrib/location v0.0.2/go.mod h1:NGoidiRlf0BlA/VKSVp+g3cuSMeTmip/63PhEjRhUAc=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
@@ -122,15 +89,10 @@ github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm
 github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M=
 github.com/gin-gonic/gin v1.7.2 h1:Tg03T9yM2xa8j6I3Z3oqLaQRSmKvxPd6g/2HJ6zICFA=
 github.com/gin-gonic/gin v1.7.2/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
-github.com/go-chi/chi v3.3.2+incompatible/go.mod h1:eB3wogJHnLi3x/kFX2A+IbTBlXxmMeXJVKy9tTv1XzQ=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
-github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o=
-github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
-github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
@@ -144,21 +106,18 @@ github.com/go-playground/validator/v10 v10.8.0 h1:1kAa0fCrnpv+QYdkdcRzrRM7AyYs5o
 github.com/go-playground/validator/v10 v10.8.0/go.mod h1:9JhgTzTaE31GZDpH/HSvHiRJrJ3iKAgqqH0Bl/Ocjdk=
 github.com/go-redis/redis/v8 v8.11.0 h1:O1Td0mQ8UFChQ3N9zFQqo6kTU2cJ+/it88gDB+zg0wo=
 github.com/go-redis/redis/v8 v8.11.0/go.mod h1:DLomh7y2e3ggQXQLd1YgmvIfecPJoFl7WU5SOQ/r06M=
-github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE=
 github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
+github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/gofrs/uuid v3.2.0+incompatible h1:y12jRkkFxsd7GpqdSZ+/KCs/fJbqpEXSGd4+jfEaewE=
-github.com/gofrs/uuid v3.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gogo/googleapis v1.1.0/go.mod h1:gf4bu3Q80BeJ6H1S1vYPm8/ELATdvryBaNFGgqEef3s=
-github.com/gogo/protobuf v1.0.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
-github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
-github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c=
-github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
+github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
+github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
+github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -185,7 +144,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw
 github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
 github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw=
 github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
+github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
 github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
@@ -195,6 +155,7 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/
 github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-cmp v0.5.6 h1:BKbKCqvP6I+rmFHt06ZmyQtvB8xAkWdhFyr0ZUNZcxQ=
 github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
@@ -209,49 +170,20 @@ github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hf
 github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
-github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
 github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v0.0.0-20160226214623-1ea25387ff6f/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/mux v1.6.1/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
-github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ=
 github.com/gorilla/websocket v1.4.2 h1:+/TMaTYc4QFitKJxsQ7Yye35DkWvkdLcvGKqM+x0Ufc=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
-github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs=
-github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY=
-github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE=
-github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8=
-github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
-github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80=
-github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
-github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU=
-github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
-github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4=
-github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro=
-github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
-github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
-github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
-github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
-github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/hudl/fargo v1.3.0/go.mod h1:y3CKSmjA+wD2gak7sUSXTAoopbhU08POFhmITJgmKTg=
 github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod h1:qj24IKcXYK6Iy9ceXlo3Tc+vtHo9lIhSX5JddghvEPo=
 github.com/jackc/chunkreader v1.0.0 h1:4s39bBR8ByfqH+DKm8rQA3E1LHZWB9XWcrz8fqaZbe0=
 github.com/jackc/chunkreader v1.0.0/go.mod h1:RT6O25fNZIuasFJRyZ4R/Y2BbhasbmZXF9QQ7T3kePo=
 github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
@@ -260,15 +192,17 @@ github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgO
 github.com/jackc/pgconn v0.0.0-20190420214824-7e0022ef6ba3/go.mod h1:jkELnwuX+w9qN5YIfX0fl88Ehu4XC3keFuOJJk9pcnA=
 github.com/jackc/pgconn v0.0.0-20190824142844-760dd75542eb/go.mod h1:lLjNuW/+OfW9/pnVKPazfWOgNfH2aPem8YQ7ilXGvJE=
 github.com/jackc/pgconn v0.0.0-20190831204454-2fabfa3c18b7/go.mod h1:ZJKsE/KZfsUgOEh9hBm+xYTstcNHg7UPMVJqRfQxq4s=
-github.com/jackc/pgconn v1.4.0/go.mod h1:Y2O3ZDF0q4mMacyWV3AstPJpeHXWGEetiFttmq5lahk=
-github.com/jackc/pgconn v1.5.0/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
-github.com/jackc/pgconn v1.5.1-0.20200601181101-fa742c524853/go.mod h1:QeD3lBfpTFe8WUnPZWN5KY/mB8FGMIYRdd8P8Jr0fAI=
-github.com/jackc/pgconn v1.8.1 h1:ySBX7Q87vOMqKU2bbmKbUvtYhauDFclYbNDYIE1/h6s=
-github.com/jackc/pgconn v1.8.1/go.mod h1:JV6m6b6jhjdmzchES0drzCcYcAHS1OPD5xu3OZ/lE2g=
+github.com/jackc/pgconn v1.8.0/go.mod h1:1C2Pb36bGIP9QHGBYCjnyhqu7Rv3sGshaQUvmfGIB/o=
+github.com/jackc/pgconn v1.9.0/go.mod h1:YctiPyvzfU11JFxoXokUOOKQXQmDMoJL9vJzHH8/2JY=
+github.com/jackc/pgconn v1.9.1-0.20210724152538-d89c8390a530/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
+github.com/jackc/pgconn v1.10.1 h1:DzdIHIjG1AxGwoEEqS+mGsURyjt4enSmqzACXvVzOT8=
+github.com/jackc/pgconn v1.10.1/go.mod h1:4z2w8XhRbP1hYxkpTuBjTS3ne3J48K83+u0zoyvg2pI=
 github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=
 github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
-github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2 h1:JVX6jT/XfzNqIjye4717ITLaNwV9mWbJx0dLCpcRzdA=
 github.com/jackc/pgmock v0.0.0-20190831213851-13a1b77aafa2/go.mod h1:fGZlG77KXmcq05nJLRkk0+p82V8B8Dw8KN2/V9c/OAE=
+github.com/jackc/pgmock v0.0.0-20201204152224-4fe30f7445fd/go.mod h1:hrBW0Enj2AZTNpt/7Y5rr2xe/9Mn757Wtb2xeBzPv2c=
+github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc=
+github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
 github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
 github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
 github.com/jackc/pgproto3 v1.1.0 h1:FYYE4yRw+AgI8wXIinMlNjBbp/UitDJwfj5LqqewP1A=
@@ -277,58 +211,46 @@ github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190420180111-c116219b62db/go.mod
 github.com/jackc/pgproto3/v2 v2.0.0-alpha1.0.20190609003834-432c2951c711/go.mod h1:uH0AWtUmuShn0bcesswc4aBTWGvw0cAxIJp+6OB//Wg=
 github.com/jackc/pgproto3/v2 v2.0.0-rc3/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
 github.com/jackc/pgproto3/v2 v2.0.0-rc3.0.20190831210041-4c03ce451f29/go.mod h1:ryONWYqW6dqSg1Lw6vXNMXoBJhpzvWKnT95C46ckYeM=
-github.com/jackc/pgproto3/v2 v2.0.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
 github.com/jackc/pgproto3/v2 v2.0.6/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.1.0 h1:h2yg3kjIyAGSZKDijYn1/gXHlYLCwl9ZjEh2PU0yVxE=
-github.com/jackc/pgproto3/v2 v2.1.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgservicefile v0.0.0-20200307190119-3430c5407db8/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
+github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgproto3/v2 v2.2.0 h1:r7JypeP2D3onoQTCxWdTpCtJ4D+qpKr0TxvoyMhZ5ns=
+github.com/jackc/pgproto3/v2 v2.2.0/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
 github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg=
 github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
 github.com/jackc/pgtype v0.0.0-20190421001408-4ed0de4755e0/go.mod h1:hdSHsc1V01CGwFsrv11mJRHWJ6aifDLfdV3aVjFF0zg=
 github.com/jackc/pgtype v0.0.0-20190824184912-ab885b375b90/go.mod h1:KcahbBH1nCMSo2DXpzsoWOAfFkdEtEJpPbVLq8eE+mc=
 github.com/jackc/pgtype v0.0.0-20190828014616-a8802b16cc59/go.mod h1:MWlu30kVJrUS8lot6TQqcg7mtthZ9T0EoIBFiJcmcyw=
-github.com/jackc/pgtype v1.2.0/go.mod h1:5m2OfMh1wTK7x+Fk952IDmI4nw3nPrvtQdM0ZT4WpC0=
-github.com/jackc/pgtype v1.3.1-0.20200510190516-8cd94a14c75a/go.mod h1:vaogEUkALtxZMCH411K+tKzNpwzCKU+AnPzBKZ+I+Po=
-github.com/jackc/pgtype v1.3.1-0.20200606141011-f6355165a91c/go.mod h1:cvk9Bgu/VzJ9/lxTO5R5sf80p0DiucVtN7ZxvaC4GmQ=
-github.com/jackc/pgtype v1.7.0 h1:6f4kVsW01QftE38ufBYxKciO6gyioXSC0ABIRLcZrGs=
-github.com/jackc/pgtype v1.7.0/go.mod h1:ZnHF+rMePVqDKaOfJVI4Q8IVvAQMryDlDkZnKOI75BE=
+github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM=
+github.com/jackc/pgtype v1.9.0 h1:/SH1RxEtltvJgsDqp3TbiTFApD3mey3iygpuEGeuBXk=
+github.com/jackc/pgtype v1.9.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
 github.com/jackc/pgx/v4 v4.0.0-20190420224344-cc3461e65d96/go.mod h1:mdxmSJJuR08CZQyj1PVQBHy9XOp5p8/SHH6a0psbY9Y=
 github.com/jackc/pgx/v4 v4.0.0-20190421002000-1b8f0016e912/go.mod h1:no/Y67Jkk/9WuGR0JG/JseM9irFbnEPbuWV2EELPNuM=
 github.com/jackc/pgx/v4 v4.0.0-pre1.0.20190824185557-6972a5742186/go.mod h1:X+GQnOEnf1dqHGpw7JmHqHc1NxDoalibchSk9/RWuDc=
-github.com/jackc/pgx/v4 v4.5.0/go.mod h1:EpAKPLdnTorwmPUUsqrPxy5fphV18j9q3wrfRXgo+kA=
-github.com/jackc/pgx/v4 v4.6.1-0.20200510190926-94ba730bb1e9/go.mod h1:t3/cdRQl6fOLDxqtlyhe9UWgfIi9R8+8v8GKV5TRA/o=
-github.com/jackc/pgx/v4 v4.6.1-0.20200606145419-4e5062306904/go.mod h1:ZDaNWkt9sW1JMiNn0kdYBaLelIhw7Pg4qd+Vk6tw7Hg=
-github.com/jackc/pgx/v4 v4.11.0 h1:J86tSWd3Y7nKjwT/43xZBvpi04keQWx8gNC2YkdJhZI=
-github.com/jackc/pgx/v4 v4.11.0/go.mod h1:i62xJgdrtVDsnL3U8ekyrQXEwGNTRoG7/8r+CIdYfcc=
+github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
+github.com/jackc/pgx/v4 v4.14.0 h1:TgdrmgnM7VY72EuSQzBbBd4JA1RLqJolrw9nQVZABVc=
+github.com/jackc/pgx/v4 v4.14.0/go.mod h1:jT3ibf/A0ZVCp89rtCIN0zCJxcE74ypROmHEZYsG/j8=
 github.com/jackc/puddle v0.0.0-20190413234325-e4ced69a3a2b/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v0.0.0-20190608224051-11cab39313c9/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.1.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.1.1/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/puddle v1.2.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
 github.com/jinzhu/inflection v1.0.0 h1:K317FqzuhWc8YvSVlFMCCUb36O/S9MCKRDI7QkRKD/E=
 github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkryuEj+Srlc=
-github.com/jinzhu/now v1.1.1/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/jinzhu/now v1.1.2 h1:eVKgfIdy9b6zbWBMgFpfDPoAMifwSZagU9HmEU6zgiI=
 github.com/jinzhu/now v1.1.2/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
-github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jinzhu/now v1.1.3 h1:PlHq1bSCSZL9K0wUhbm2pGLoTWs2GwVhsP6emvGV/ZI=
+github.com/jinzhu/now v1.1.3/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=
-github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
-github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ=
 github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
-github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
-github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQxcgc=
+github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
@@ -341,39 +263,21 @@ github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ic
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
 github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.3.0 h1:/qkRGz8zljWiDcFvgpwUpwIAPu3r07TDvs3Rws+o/pU=
-github.com/lib/pq v1.3.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM=
-github.com/lightstep/lightstep-tracer-go v0.18.1/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4=
+github.com/lib/pq v1.10.2 h1:AqzbZs4ZoCBp+GtejcpCpcxM3zlSMx29dXbUSeVtJb8=
+github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381/go.mod h1:7rIyQOR62GCctdiQpZ/zOJlFyk6y+94wXzv6RNZgaR4=
-github.com/lyft/protoc-gen-validate v0.0.13/go.mod h1:XbGvPuh87YZc5TdIa2/I4pLk0QoUACkjt2znoq26NVQ=
 github.com/matryer/moq v0.0.0-20200106131100-75d0ddfc0007/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ=
-github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.1/go.mod h1:FuOcm+DKB9mbwrcAfNl7/TZVBZ6rcnceauSikq3lYCQ=
-github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
-github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.5/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
-github.com/mattn/go-isatty v0.0.9/go.mod h1:YNRxwqDuOph6SZLI9vUUz6OYw3QyUt7WiY2yME+cCiQ=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA=
 github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU=
-github.com/mattn/go-sqlite3 v1.14.5/go.mod h1:WVKg1VTActs4Qso6iwGbiFih2UIHo0ENGwNd0Lj+XmI=
-github.com/mattn/go-sqlite3 v1.14.7 h1:fxWBnXkxfM6sRiuH3bqJ4CfzZojMOLVc0UTsTglEghA=
-github.com/mattn/go-sqlite3 v1.14.7/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
-github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
-github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
-github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
-github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
-github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg=
-github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
-github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mattn/go-sqlite3 v1.14.9 h1:10HX2Td0ocZpYEjhilsuo6WWtUqttj2Kb0KtD86/KYA=
+github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
 github.com/mitchellh/mapstructure v0.0.0-20180203102830-a4e142e9c047/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
@@ -383,101 +287,45 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJ
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
 github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
-github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg=
-github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU=
-github.com/nats-io/nats-server/v2 v2.1.2/go.mod h1:Afk+wRZqkMQs/p45uXdrVLuab3gwv3Z8C4HTBu8GD/k=
-github.com/nats-io/nats.go v1.9.1/go.mod h1:ZjDU1L/7fJ09jvUSRVBR2e7+RnLiiIQyqyzEE/Zbp4w=
-github.com/nats-io/nkeys v0.1.0/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nkeys v0.1.3/go.mod h1:xpnFELMwJABBLVhffcfd1MZx6VsNRFpEugbxziKVo7w=
-github.com/nats-io/nuid v1.0.1/go.mod h1:19wcPz3Ph3q0Jbyiqsd0kePYG7A95tJPxeL+1OSON2c=
+github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
 github.com/nxadm/tail v1.4.4 h1:DQuhQpB1tVlglWS2hLQ5OV6B5r8aGxSrPc5Qo6uTN78=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
-github.com/oklog/oklog v0.3.2/go.mod h1:FCV+B7mhrz4o+ueLpx+KqkyXRGMWOYEvfiXtdGtbWGs=
-github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
-github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
-github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.15.0 h1:1V1NfVQR87RtWAgp1lv9JZJ5Jap+XFGKPi00andXGi4=
 github.com/onsi/ginkgo v1.15.0/go.mod h1:hF8qUzuuC8DJGygJH3726JnCZX4MYbRB8yFfISqnKUg=
-github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.10.5 h1:7n6FEkpFmfCoo2t+YYqXH0evK+a9ICQz0xcAy9dYcaQ=
 github.com/onsi/gomega v1.10.5/go.mod h1:gza4q3jKQJijlu05nKWRCW/GavJumGt8aNRxWg7mt48=
-github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk=
-github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492/go.mod h1:Ngi6UdF0k5OKD5t5wlmGhe/EDKPoUM3BXZSSfIuJbis=
 github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74=
 github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
-github.com/openzipkin-contrib/zipkin-go-opentracing v0.4.5/go.mod h1:/wsWhb9smxSfWAKL3wpBW7V8scJMt8N8gnaMCS9E/cA=
-github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw=
-github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
-github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
-github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
-github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/performancecopilot/speed v3.0.0+incompatible/go.mod h1:/CLtqpZ5gBg1M9iaPbIdPPGyKcA8hKdoy6hAWba7Yac=
-github.com/pierrec/lz4 v1.0.2-0.20190131084431-473cd7ce01a1/go.mod h1:3/3N9NVKO0jef7pBehbT1qWhCMrIgbYNnFAZCqQ5LRc=
-github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
-github.com/pkg/profile v1.2.1/go.mod h1:hJw3o1OdXxsrSjjVksARp5W95eeEaEfptyVZyv6JUPA=
+github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
+github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI=
-github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
-github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod h1:p2iRAGwDERtqlqzRXnrOVns+ignqQo//hLXqYxZYVNs=
-github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo=
-github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og=
-github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
-github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
-github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA=
-github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
-github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
-github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A=
-github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
-github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg=
+github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f h1:a7clxaGmmqtdNTXyvrp/lVO/Gnkzlhc/+dLs5v965GM=
+github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f/go.mod h1:/mK7FZ3mFYEn9zvNPhpngTyatyehSwte5bJZ4ehL5Xw=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
 github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
-github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/rs/zerolog v1.19.0/go.mod h1:IzD0RJ65iWH0w97OQQebJEvTZYvsCUm9WVLWBQrJRjo=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
-github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0=
 github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
 github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
-github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc h1:jUIKcSPO9MoMJBbEoyE/RJoE8vz7Mb8AjvifMMwSyvY=
-github.com/shopspring/decimal v0.0.0-20200227202807-02e2044944cc/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
+github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ=
+github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
 github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
-github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/shurcooL/vfsgen v0.0.0-20180121065927-ffb13db8def0/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
-github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
-github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
-github.com/sony/gobreaker v0.4.1/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/pflag v1.0.1/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
-github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw=
-github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
@@ -486,33 +334,36 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
+github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
+github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
 github.com/ugorji/go v1.2.6 h1:tGiWC9HENWE2tqYycIqFTNorMmFRVhNwCpDOpWqnk8E=
 github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
 github.com/ugorji/go/codec v1.2.6 h1:7kbGefxLoDBuYXOms4yD7223OpNMMPNPZxXk5TvFcyQ=
 github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
-github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
-github.com/urfave/cli v1.22.1 h1:+mkCCcOFKPnCmVYVcURKps1Xe+3zP90gSYGNfRkjoIY=
-github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=
-github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
 github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
 github.com/vektah/dataloaden v0.2.1-0.20190515034641-a19b9a6e7c9e/go.mod h1:/HUdMve7rvxZma+2ZELQeNh88+003LL7Pf/CZ089j8U=
-github.com/vektah/gqlparser/v2 v2.1.0 h1:uiKJ+T5HMGGQM2kRKQ8Pxw8+Zq9qhhZhz/lieYvCMns=
-github.com/vektah/gqlparser/v2 v2.1.0/go.mod h1:SyUiHgLATUR8BiYURfTirrTcGpcE+4XkV2se04Px1Ms=
-github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
+github.com/vektah/gqlparser/v2 v2.2.0 h1:bAc3slekAAJW6sZTi07aGq0OrfaCjj4jxARAaC7g2EM=
+github.com/vektah/gqlparser/v2 v2.2.0/go.mod h1:i3mQIGIrbK2PD1RrCeMTlVbkF2FJ6WkU1KJlJlC+3F4=
+github.com/xdg-go/pbkdf2 v1.0.0 h1:Su7DPu48wXMwC3bs7MCNG+z4FhcyEuz5dlvchbq0B0c=
+github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
+github.com/xdg-go/scram v1.0.2 h1:akYIkZ28e6A96dkWNJQu3nmCzH3YfwMPQExUYDaRv7w=
+github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
+github.com/xdg-go/stringprep v1.0.2 h1:6iq84/ryjjeRmMJwxutI51F2GIPlP5BfTvXHeYjyhBc=
+github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d h1:splanxYIlg+5LfHAM6xpdFEAYOk8iySO56hMFq6uLyA=
+github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
 github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
-go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg=
-go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
-go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
+go.mongodb.org/mongo-driver v1.8.1 h1:OZE4Wni/SJlrcmSIBRYNzunX5TKxjrTS4jKSnA99oKU=
+go.mongodb.org/mongo-driver v1.8.1/go.mod h1:0sQWfOeY63QTntERDJJ/0SuKK0T1uVSgKCuAROlKEPY=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
 go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
@@ -529,21 +380,20 @@ go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9E
 go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q=
 go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97 h1:/UOmuWzQfxxo9UtlXMwuQU8CMgg1eZXqTRwkSQJWKOI=
+golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
+golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -573,24 +423,17 @@ golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181023162649-9b4f9f5ad519/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190125091013-d26f9f9a57f3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
-golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
@@ -603,6 +446,7 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200505041828-1ed23360d12c/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
 golang.org/x/net v0.0.0-20200520004742-59133d7f0dd7/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
@@ -630,15 +474,11 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 h1:SQFwaSi55rU7vdNs9Yr0Z324VNlrF+0wMqRXT4St8ck=
 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -651,13 +491,12 @@ golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191220142924-d4481acd189f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -680,20 +519,21 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c h1:F1jZWGFhYfh0Ci55sIpILtKKK8p3i2/krTr0H1rg74I=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6 h1:aRYxNxv6iGQlyVaZmk6ZgYEDa+Jg18DxebPSrd6bg1M=
+golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
+golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -701,17 +541,18 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190515012406-7d7faa4812bd/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
 golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190828213141-aed303cbaa74/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -724,7 +565,6 @@ golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200114235610-7ae403b6b589/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
@@ -740,11 +580,12 @@ golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roY
 golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
 golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e h1:4nW4NLDYnU28ojHaHO8OVxFHk/aQ33U01a9cjED+pzE=
 golang.org/x/tools v0.0.0-20201224043029-2b0845dc783e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
 golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -752,7 +593,6 @@ golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
-google.golang.org/api v0.3.1/go.mod h1:6wY9I6uQWHQ8EM57III9mq/AjF+i8G65rmVagqKMtkk=
 google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
 google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
@@ -770,7 +610,6 @@ google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0M
 google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
 google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
@@ -783,7 +622,6 @@ google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRn
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190530194941-fb225487d101/go.mod h1:z3L6/3dTEVtUr6QSP8miRzeRqwQOioJ9I66odjN4I7s=
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
@@ -808,15 +646,10 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc
 google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
 google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.0/go.mod h1:chYK+tFQF0nDUGJgXMSgLCQk3phJEuONr2DCgLDdAQM=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
 google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
 google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
@@ -839,22 +672,20 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.27.1 h1:SnqbnDw1V7RiZcXPx5MEeqPv2s79L9i7BJUlG/+RurQ=
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
-gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
-gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
+gopkg.in/readline.v1 v1.0.0-20160726135117-62c6fe619375/go.mod h1:lNEQeAhU009zbRxng+XOj5ITVgY24WcbNnQopyfKoYQ=
+gopkg.in/sourcemap.v1 v1.0.5 h1:inv58fC9f9J3TK2Y2R1NPntXEn3/wjWHkonhIUODNTI=
+gopkg.in/sourcemap.v1 v1.0.5/go.mod h1:2RlvNNSMglmRrcvhfuzp4hQHwOtjxlbjX7UPY/GXb78=
+gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
+gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
-gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
-gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74=
-gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
@@ -863,17 +694,18 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
 gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gorm.io/driver/mysql v1.1.1 h1:yr1bpyqiwuSPJ4aGGUX9nu46RHXlF8RASQVb1QQNcvo=
-gorm.io/driver/mysql v1.1.1/go.mod h1:KdrTanmfLPPyAOeYGyG+UpDys7/7eeWT1zCq+oekYnU=
-gorm.io/driver/postgres v1.1.0 h1:afBljg7PtJ5lA6YUWluV2+xovIPhS+YiInuL3kUjrbk=
-gorm.io/driver/postgres v1.1.0/go.mod h1:hXQIwafeRjJvUm+OMxcFWyswJ/vevcpPLlGocwAwuqw=
-gorm.io/driver/sqlite v1.1.4 h1:PDzwYE+sI6De2+mxAneV9Xs11+ZyKV6oxD3wDGkaNvM=
-gorm.io/driver/sqlite v1.1.4/go.mod h1:mJCeTFr7+crvS+TRnWc5Z3UvwxUN1BGBLMrf5LA9DYw=
-gorm.io/gorm v1.20.7/go.mod h1:0HFTzE/SqkGTzK6TlDPPQbAYCluiVvhzoA1+aVyzenw=
-gorm.io/gorm v1.21.9/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0=
-gorm.io/gorm v1.21.11 h1:CxkXW6Cc+VIBlL8yJEHq+Co4RYXdSLiMKNvgoZPjLK4=
-gorm.io/gorm v1.21.11/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0=
-honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+gorm.io/driver/mysql v1.2.1 h1:h+3f1l9Ng2C072Y2tIiLgPpWN78r1KXL7bHJ0nTjlhU=
+gorm.io/driver/mysql v1.2.1/go.mod h1:qsiz+XcAyMrS6QY+X3M9R6b/lKM1imKmcuK9kac5LTo=
+gorm.io/driver/postgres v1.2.3 h1:f4t0TmNMy9gh3TU2PX+EppoA6YsgFnyq8Ojtddb42To=
+gorm.io/driver/postgres v1.2.3/go.mod h1:pJV6RgYQPG47aM1f0QeOzFH9HxQc8JcmAgjRCgS0wjs=
+gorm.io/driver/sqlite v1.2.6 h1:SStaH/b+280M7C8vXeZLz/zo9cLQmIGwwj3cSj7p6l4=
+gorm.io/driver/sqlite v1.2.6/go.mod h1:gyoX0vHiiwi0g49tv+x2E7l8ksauLK0U/gShcdUsjWY=
+gorm.io/driver/sqlserver v1.2.1 h1:KhGOjvPX7JZ5hPyQICTJfMuTz88zgJ2lk9bWiHVNHd8=
+gorm.io/driver/sqlserver v1.2.1/go.mod h1:nixq0OB3iLXZDiPv6JSOjWuPgpyaRpOIIevYtA4Ulb4=
+gorm.io/gorm v1.22.2/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0=
+gorm.io/gorm v1.22.3/go.mod h1:F+OptMscr0P2F2qU97WT1WimdH9GaQPoDW7AYd5i2Y0=
+gorm.io/gorm v1.22.4 h1:8aPcyEJhY0MAt8aY6Dc524Pn+pO29K+ydu+e/cXSpQM=
+gorm.io/gorm v1.22.4/go.mod h1:1aeVC+pe9ZmvKZban/gW4QPra7PRoTEssyc922qCAkk=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -884,7 +716,5 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
-sourcegraph.com/sourcegraph/appdash v0.0.0-20180110180208-2cc67fd64755/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
 sourcegraph.com/sourcegraph/appdash v0.0.0-20190731080439-ebfcffb1b5c0/go.mod h1:hI742Nqp5OhwiqlzhgfbWU4mW4yO10fP+LoT9WOswdU=
 sourcegraph.com/sourcegraph/appdash-data v0.0.0-20151005221446-73f23eafcf67/go.mod h1:L5q+DGLGOQFpo1snNEkLOJT2d1YTW66rWNzatr3He1k=

server/gqlgen.yml

@@ -55,6 +55,11 @@ models:
       - github.com/99designs/gqlgen/graphql.Int
       - github.com/99designs/gqlgen/graphql.Int64
       - github.com/99designs/gqlgen/graphql.Int32
+  Float:
+    model:
+      - github.com/99designs/gqlgen/graphql.Float
+      - github.com/99designs/gqlgen/graphql.Float64
+      - github.com/99designs/gqlgen/graphql.Float32
   Int64:
     model:
       - github.com/99designs/gqlgen/graphql.Int64

server/graph/model/models_gen.go

@@ -3,10 +3,10 @@
 package model
 
 type AuthResponse struct {
-	Message              string  `json:"message"`
-	AccessToken          *string `json:"accessToken"`
-	AccessTokenExpiresAt *int64  `json:"accessTokenExpiresAt"`
-	User                 *User   `json:"user"`
+	Message     string  `json:"message"`
+	AccessToken *string `json:"access_token"`
+	ExpiresAt   *int64  `json:"expires_at"`
+	User        *User   `json:"user"`
 }
 
 type DeleteUserInput struct {
@@ -23,28 +23,35 @@ type ForgotPasswordInput struct {
 }
 
 type LoginInput struct {
-	Email    string `json:"email"`
-	Password string `json:"password"`
+	Email    string   `json:"email"`
+	Password string   `json:"password"`
+	Roles    []string `json:"roles"`
+}
+
+type MagicLinkLoginInput struct {
+	Email string   `json:"email"`
+	Roles []string `json:"roles"`
 }
 
 type Meta struct {
 	Version                      string `json:"version"`
-	IsGoogleLoginEnabled         bool   `json:"isGoogleLoginEnabled"`
-	IsFacebookLoginEnabled       bool   `json:"isFacebookLoginEnabled"`
-	IsTwitterLoginEnabled        bool   `json:"isTwitterLoginEnabled"`
-	IsGithubLoginEnabled         bool   `json:"isGithubLoginEnabled"`
-	IsEmailVerificationEnabled   bool   `json:"isEmailVerificationEnabled"`
-	IsBasicAuthenticationEnabled bool   `json:"isBasicAuthenticationEnabled"`
+	IsGoogleLoginEnabled         bool   `json:"is_google_login_enabled"`
+	IsFacebookLoginEnabled       bool   `json:"is_facebook_login_enabled"`
+	IsGithubLoginEnabled         bool   `json:"is_github_login_enabled"`
+	IsEmailVerificationEnabled   bool   `json:"is_email_verification_enabled"`
+	IsBasicAuthenticationEnabled bool   `json:"is_basic_authentication_enabled"`
+	IsMagicLinkLoginEnabled      bool   `json:"is_magic_link_login_enabled"`
 }
 
 type ResendVerifyEmailInput struct {
-	Email string `json:"email"`
+	Email      string `json:"email"`
+	Identifier string `json:"identifier"`
 }
 
 type ResetPasswordInput struct {
 	Token           string `json:"token"`
 	Password        string `json:"password"`
-	ConfirmPassword string `json:"confirmPassword"`
+	ConfirmPassword string `json:"confirm_password"`
 }
 
 type Response struct {
@@ -52,34 +59,67 @@ type Response struct {
 }
 
 type SignUpInput struct {
-	FirstName       *string `json:"firstName"`
-	LastName        *string `json:"lastName"`
-	Email           string  `json:"email"`
-	Password        string  `json:"password"`
-	ConfirmPassword string  `json:"confirmPassword"`
-	Image           *string `json:"image"`
+	Email           string   `json:"email"`
+	GivenName       *string  `json:"given_name"`
+	FamilyName      *string  `json:"family_name"`
+	MiddleName      *string  `json:"middle_name"`
+	Nickname        *string  `json:"nickname"`
+	Gender          *string  `json:"gender"`
+	Birthdate       *string  `json:"birthdate"`
+	PhoneNumber     *string  `json:"phone_number"`
+	Picture         *string  `json:"picture"`
+	Password        string   `json:"password"`
+	ConfirmPassword string   `json:"confirm_password"`
+	Roles           []string `json:"roles"`
 }
 
 type UpdateProfileInput struct {
-	OldPassword        *string `json:"oldPassword"`
-	NewPassword        *string `json:"newPassword"`
-	ConfirmNewPassword *string `json:"confirmNewPassword"`
-	FirstName          *string `json:"firstName"`
-	LastName           *string `json:"lastName"`
-	Image              *string `json:"image"`
+	OldPassword        *string `json:"old_password"`
+	NewPassword        *string `json:"new_password"`
+	ConfirmNewPassword *string `json:"confirm_new_password"`
 	Email              *string `json:"email"`
+	GivenName          *string `json:"given_name"`
+	FamilyName         *string `json:"family_name"`
+	MiddleName         *string `json:"middle_name"`
+	Nickname           *string `json:"nickname"`
+	Gender             *string `json:"gender"`
+	Birthdate          *string `json:"birthdate"`
+	PhoneNumber        *string `json:"phone_number"`
+	Picture            *string `json:"picture"`
+}
+
+type UpdateUserInput struct {
+	ID          string    `json:"id"`
+	Email       *string   `json:"email"`
+	GivenName   *string   `json:"given_name"`
+	FamilyName  *string   `json:"family_name"`
+	MiddleName  *string   `json:"middle_name"`
+	Nickname    *string   `json:"nickname"`
+	Gender      *string   `json:"gender"`
+	Birthdate   *string   `json:"birthdate"`
+	PhoneNumber *string   `json:"phone_number"`
+	Picture     *string   `json:"picture"`
+	Roles       []*string `json:"roles"`
 }
 
 type User struct {
-	ID              string  `json:"id"`
-	Email           string  `json:"email"`
-	SignupMethod    string  `json:"signupMethod"`
-	FirstName       *string `json:"firstName"`
-	LastName        *string `json:"lastName"`
-	EmailVerifiedAt *int64  `json:"emailVerifiedAt"`
-	Image           *string `json:"image"`
-	CreatedAt       *int64  `json:"createdAt"`
-	UpdatedAt       *int64  `json:"updatedAt"`
+	ID                  string   `json:"id"`
+	Email               string   `json:"email"`
+	EmailVerified       bool     `json:"email_verified"`
+	SignupMethods       string   `json:"signup_methods"`
+	GivenName           *string  `json:"given_name"`
+	FamilyName          *string  `json:"family_name"`
+	MiddleName          *string  `json:"middle_name"`
+	Nickname            *string  `json:"nickname"`
+	PreferredUsername   *string  `json:"preferred_username"`
+	Gender              *string  `json:"gender"`
+	Birthdate           *string  `json:"birthdate"`
+	PhoneNumber         *string  `json:"phone_number"`
+	PhoneNumberVerified *bool    `json:"phone_number_verified"`
+	Picture             *string  `json:"picture"`
+	Roles               []string `json:"roles"`
+	CreatedAt           *int64   `json:"created_at"`
+	UpdatedAt           *int64   `json:"updated_at"`
 }
 
 type VerificationRequest struct {
@@ -88,8 +128,8 @@ type VerificationRequest struct {
 	Token      *string `json:"token"`
 	Email      *string `json:"email"`
 	Expires    *int64  `json:"expires"`
-	CreatedAt  *int64  `json:"createdAt"`
-	UpdatedAt  *int64  `json:"updatedAt"`
+	CreatedAt  *int64  `json:"created_at"`
+	UpdatedAt  *int64  `json:"updated_at"`
 }
 
 type VerifyEmailInput struct {

server/graph/schema.graphqls

@@ -2,27 +2,38 @@
 #
 # https://gqlgen.com/getting-started/
 scalar Int64
+scalar Map
+scalar Any
 
 type Meta {
 	version: String!
-	isGoogleLoginEnabled: Boolean!
-	isFacebookLoginEnabled: Boolean!
-	isTwitterLoginEnabled: Boolean!
-	isGithubLoginEnabled: Boolean!
-	isEmailVerificationEnabled: Boolean!
-	isBasicAuthenticationEnabled: Boolean!
+	is_google_login_enabled: Boolean!
+	is_facebook_login_enabled: Boolean!
+	is_github_login_enabled: Boolean!
+	is_email_verification_enabled: Boolean!
+	is_basic_authentication_enabled: Boolean!
+	is_magic_link_login_enabled: Boolean!
 }
 
 type User {
 	id: ID!
 	email: String!
-	signupMethod: String!
-	firstName: String
-	lastName: String
-	emailVerifiedAt: Int64
-	image: String
-	createdAt: Int64
-	updatedAt: Int64
+	email_verified: Boolean!
+	signup_methods: String!
+	given_name: String
+	family_name: String
+	middle_name: String
+	nickname: String
+	# defaults to email
+	preferred_username: String
+	gender: String
+	birthdate: String
+	phone_number: String
+	phone_number_verified: Boolean
+	picture: String
+	roles: [String!]!
+	created_at: Int64
+	updated_at: Int64
 }
 
 type VerificationRequest {
@@ -31,8 +42,8 @@ type VerificationRequest {
 	token: String
 	email: String
 	expires: Int64
-	createdAt: Int64
-	updatedAt: Int64
+	created_at: Int64
+	updated_at: Int64
 }
 
 type Error {
@@ -42,8 +53,8 @@ type Error {
 
 type AuthResponse {
 	message: String!
-	accessToken: String
-	accessTokenExpiresAt: Int64
+	access_token: String
+	expires_at: Int64
 	user: User
 }
 
@@ -52,17 +63,24 @@ type Response {
 }
 
 input SignUpInput {
-	firstName: String
-	lastName: String
 	email: String!
+	given_name: String
+	family_name: String
+	middle_name: String
+	nickname: String
+	gender: String
+	birthdate: String
+	phone_number: String
+	picture: String
 	password: String!
-	confirmPassword: String!
-	image: String
+	confirm_password: String!
+	roles: [String!]
 }
 
 input LoginInput {
 	email: String!
 	password: String!
+	roles: [String!]
 }
 
 input VerifyEmailInput {
@@ -71,16 +89,36 @@ input VerifyEmailInput {
 
 input ResendVerifyEmailInput {
 	email: String!
+	identifier: String!
 }
 
 input UpdateProfileInput {
-	oldPassword: String
-	newPassword: String
-	confirmNewPassword: String
-	firstName: String
-	lastName: String
-	image: String
+	old_password: String
+	new_password: String
+	confirm_new_password: String
 	email: String
+	given_name: String
+	family_name: String
+	middle_name: String
+	nickname: String
+	gender: String
+	birthdate: String
+	phone_number: String
+	picture: String
+}
+
+input UpdateUserInput {
+	id: ID!
+	email: String
+	given_name: String
+	family_name: String
+	middle_name: String
+	nickname: String
+	gender: String
+	birthdate: String
+	phone_number: String
+	picture: String
+	roles: [String]
 }
 
 input ForgotPasswordInput {
@@ -90,29 +128,38 @@ input ForgotPasswordInput {
 input ResetPasswordInput {
 	token: String!
 	password: String!
-	confirmPassword: String!
+	confirm_password: String!
 }
 
 input DeleteUserInput {
 	email: String!
 }
 
+input MagicLinkLoginInput {
+	email: String!
+	roles: [String!]
+}
+
 type Mutation {
 	signup(params: SignUpInput!): AuthResponse!
 	login(params: LoginInput!): AuthResponse!
+	magic_link_login(params: MagicLinkLoginInput!): Response!
 	logout: Response!
-	updateProfile(params: UpdateProfileInput!): Response!
-	verifyEmail(params: VerifyEmailInput!): AuthResponse!
-	resendVerifyEmail(params: ResendVerifyEmailInput!): Response!
-	forgotPassword(params: ForgotPasswordInput!): Response!
-	resetPassword(params: ResetPasswordInput!): Response!
-	deleteUser(params: DeleteUserInput!): Response!
+	update_profile(params: UpdateProfileInput!): Response!
+	verify_email(params: VerifyEmailInput!): AuthResponse!
+	resend_verify_email(params: ResendVerifyEmailInput!): Response!
+	forgot_password(params: ForgotPasswordInput!): Response!
+	reset_password(params: ResetPasswordInput!): Response!
+	# admin only apis
+	_delete_user(params: DeleteUserInput!): Response!
+	_update_user(params: UpdateUserInput!): User!
 }
 
 type Query {
 	meta: Meta!
-	users: [User!]!
-	token: AuthResponse
+	session(roles: [String!]): AuthResponse
 	profile: User!
-	verificationRequests: [VerificationRequest!]!
+	# admin only apis
+	_users: [User!]!
+	_verification_requests: [VerificationRequest!]!
 }

server/graph/schema.resolvers.go

@@ -19,6 +19,10 @@ func (r *mutationResolver) Login(ctx context.Context, params model.LoginInput) (
 	return resolvers.Login(ctx, params)
 }
 
+func (r *mutationResolver) MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*model.Response, error) {
+	return resolvers.MagicLinkLogin(ctx, params)
+}
+
 func (r *mutationResolver) Logout(ctx context.Context) (*model.Response, error) {
 	return resolvers.Logout(ctx)
 }
@@ -47,22 +51,26 @@ func (r *mutationResolver) DeleteUser(ctx context.Context, params model.DeleteUs
 	return resolvers.DeleteUser(ctx, params)
 }
 
+func (r *mutationResolver) UpdateUser(ctx context.Context, params model.UpdateUserInput) (*model.User, error) {
+	return resolvers.UpdateUser(ctx, params)
+}
+
 func (r *queryResolver) Meta(ctx context.Context) (*model.Meta, error) {
 	return resolvers.Meta(ctx)
 }
 
-func (r *queryResolver) Users(ctx context.Context) ([]*model.User, error) {
-	return resolvers.Users(ctx)
-}
-
-func (r *queryResolver) Token(ctx context.Context) (*model.AuthResponse, error) {
-	return resolvers.Token(ctx)
+func (r *queryResolver) Session(ctx context.Context, roles []string) (*model.AuthResponse, error) {
+	return resolvers.Session(ctx, roles)
 }
 
 func (r *queryResolver) Profile(ctx context.Context) (*model.User, error) {
 	return resolvers.Profile(ctx)
 }
 
+func (r *queryResolver) Users(ctx context.Context) ([]*model.User, error) {
+	return resolvers.Users(ctx)
+}
+
 func (r *queryResolver) VerificationRequests(ctx context.Context) ([]*model.VerificationRequest, error) {
 	return resolvers.VerificationRequests(ctx)
 }

server/handlers/app.go

@@ -25,7 +25,6 @@ func AppHandler() gin.HandlerFunc {
 
 		if state == "" {
 			// cookie, err := utils.GetAuthToken(c)
-			// log.Println(`cookie`, cookie)
 			// if err != nil {
 			// 	c.JSON(400, gin.H{"error": "invalid state"})
 			// 	return
@@ -50,7 +49,7 @@ func AppHandler() gin.HandlerFunc {
 			stateObj.RedirectURL = strings.TrimSuffix(stateObj.RedirectURL, "/")
 
 			// validate redirect url with allowed origins
-			if !utils.IsValidRedirectURL(stateObj.RedirectURL) {
+			if !utils.IsValidOrigin(stateObj.RedirectURL) {
 				c.JSON(400, gin.H{"error": "invalid redirect url"})
 				return
 			}
@@ -67,13 +66,6 @@ func AppHandler() gin.HandlerFunc {
 			}
 		}
 
-		log.Println(gin.H{
-			"data": map[string]string{
-				"authorizerURL": stateObj.AuthorizerURL,
-				"redirectURL":   stateObj.RedirectURL,
-			},
-		})
-
 		// debug the request state
 		if pusher := c.Writer.Pusher(); pusher != nil {
 			// use pusher.Push() to do server push
@@ -83,8 +75,10 @@ func AppHandler() gin.HandlerFunc {
 		}
 		c.HTML(http.StatusOK, "app.tmpl", gin.H{
 			"data": map[string]string{
-				"authorizerURL": stateObj.AuthorizerURL,
-				"redirectURL":   stateObj.RedirectURL,
+				"authorizerURL":    stateObj.AuthorizerURL,
+				"redirectURL":      stateObj.RedirectURL,
+				"organizationName": constants.ORGANIZATION_NAME,
+				"organizationLogo": constants.ORGANIZATION_LOGO,
 			},
 		})
 	}

server/handlers/oauthCallback.go

@@ -1,268 +0,0 @@
-package handlers
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/enum"
-	"github.com/authorizerdev/authorizer/server/oauth"
-	"github.com/authorizerdev/authorizer/server/session"
-	"github.com/authorizerdev/authorizer/server/utils"
-	"github.com/gin-gonic/gin"
-	"golang.org/x/oauth2"
-)
-
-func processGoogleUserInfo(code string, c *gin.Context) error {
-	token, err := oauth.OAuthProvider.GoogleConfig.Exchange(oauth2.NoContext, code)
-	if err != nil {
-		return fmt.Errorf("invalid google exchange code: %s", err.Error())
-	}
-	client := oauth.OAuthProvider.GoogleConfig.Client(oauth2.NoContext, token)
-	response, err := client.Get(constants.GoogleUserInfoURL)
-	if err != nil {
-		return err
-	}
-
-	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
-	if err != nil {
-		return fmt.Errorf("failed to read google response body: %s", err.Error())
-	}
-
-	userRawData := make(map[string]string)
-	json.Unmarshal(body, &userRawData)
-
-	existingUser, err := db.Mgr.GetUserByEmail(userRawData["email"])
-	user := db.User{
-		FirstName:       userRawData["given_name"],
-		LastName:        userRawData["family_name"],
-		Image:           userRawData["picture"],
-		Email:           userRawData["email"],
-		EmailVerifiedAt: time.Now().Unix(),
-	}
-	if err != nil {
-		// user not registered, register user and generate session token
-		user.SignupMethod = enum.Google.String()
-	} else {
-		// user exists in db, check if method was google
-		// if not append google to existing signup method and save it
-
-		signupMethod := existingUser.SignupMethod
-		if !strings.Contains(signupMethod, enum.Google.String()) {
-			signupMethod = signupMethod + "," + enum.Google.String()
-		}
-		user.SignupMethod = signupMethod
-		user.Password = existingUser.Password
-	}
-
-	user, _ = db.Mgr.SaveUser(user)
-	user, _ = db.Mgr.GetUserByEmail(user.Email)
-	userIdStr := fmt.Sprintf("%v", user.ID)
-
-	refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.RefreshToken)
-
-	accessToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.AccessToken)
-	utils.SetCookie(c, accessToken)
-	session.SetToken(userIdStr, refreshToken)
-	return nil
-}
-
-func processGithubUserInfo(code string, c *gin.Context) error {
-	token, err := oauth.OAuthProvider.GithubConfig.Exchange(oauth2.NoContext, code)
-	if err != nil {
-		return fmt.Errorf("invalid github exchange code: %s", err.Error())
-	}
-	client := http.Client{}
-	req, err := http.NewRequest("GET", constants.GithubUserInfoURL, nil)
-	if err != nil {
-		return fmt.Errorf("error creating github user info request: %s", err.Error())
-	}
-	req.Header = http.Header{
-		"Authorization": []string{fmt.Sprintf("token %s", token.AccessToken)},
-	}
-
-	response, err := client.Do(req)
-	if err != nil {
-		return err
-	}
-
-	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
-	if err != nil {
-		return fmt.Errorf("failed to read github response body: %s", err.Error())
-	}
-
-	userRawData := make(map[string]string)
-	json.Unmarshal(body, &userRawData)
-
-	existingUser, err := db.Mgr.GetUserByEmail(userRawData["email"])
-	name := strings.Split(userRawData["name"], " ")
-	firstName := ""
-	lastName := ""
-	if len(name) >= 1 && strings.TrimSpace(name[0]) != "" {
-		firstName = name[0]
-	}
-	if len(name) > 1 && strings.TrimSpace(name[1]) != "" {
-		lastName = name[0]
-	}
-	user := db.User{
-		FirstName:       firstName,
-		LastName:        lastName,
-		Image:           userRawData["avatar_url"],
-		Email:           userRawData["email"],
-		EmailVerifiedAt: time.Now().Unix(),
-	}
-	if err != nil {
-		// user not registered, register user and generate session token
-		user.SignupMethod = enum.Github.String()
-	} else {
-		// user exists in db, check if method was google
-		// if not append google to existing signup method and save it
-
-		signupMethod := existingUser.SignupMethod
-		if !strings.Contains(signupMethod, enum.Github.String()) {
-			signupMethod = signupMethod + "," + enum.Github.String()
-		}
-		user.SignupMethod = signupMethod
-		user.Password = existingUser.Password
-	}
-
-	user, _ = db.Mgr.SaveUser(user)
-	user, _ = db.Mgr.GetUserByEmail(user.Email)
-	userIdStr := fmt.Sprintf("%v", user.ID)
-	refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.RefreshToken)
-
-	accessToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.AccessToken)
-	utils.SetCookie(c, accessToken)
-	session.SetToken(userIdStr, refreshToken)
-	return nil
-}
-
-func processFacebookUserInfo(code string, c *gin.Context) error {
-	token, err := oauth.OAuthProvider.FacebookConfig.Exchange(oauth2.NoContext, code)
-	if err != nil {
-		return fmt.Errorf("invalid facebook exchange code: %s", err.Error())
-	}
-	client := http.Client{}
-	req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+token.AccessToken, nil)
-	if err != nil {
-		return fmt.Errorf("error creating facebook user info request: %s", err.Error())
-	}
-
-	response, err := client.Do(req)
-	if err != nil {
-		log.Println("err:", err)
-		return err
-	}
-
-	defer response.Body.Close()
-	body, err := ioutil.ReadAll(response.Body)
-	if err != nil {
-		return fmt.Errorf("failed to read facebook response body: %s", err.Error())
-	}
-
-	userRawData := make(map[string]interface{})
-	json.Unmarshal(body, &userRawData)
-
-	email := fmt.Sprintf("%v", userRawData["email"])
-	existingUser, err := db.Mgr.GetUserByEmail(email)
-
-	picObject := userRawData["picture"].(map[string]interface{})["data"]
-	picDataObject := picObject.(map[string]interface{})
-	user := db.User{
-		FirstName:       fmt.Sprintf("%v", userRawData["first_name"]),
-		LastName:        fmt.Sprintf("%v", userRawData["last_name"]),
-		Image:           fmt.Sprintf("%v", picDataObject["url"]),
-		Email:           email,
-		EmailVerifiedAt: time.Now().Unix(),
-	}
-
-	if err != nil {
-		// user not registered, register user and generate session token
-		user.SignupMethod = enum.Github.String()
-	} else {
-		// user exists in db, check if method was google
-		// if not append google to existing signup method and save it
-
-		signupMethod := existingUser.SignupMethod
-		if !strings.Contains(signupMethod, enum.Github.String()) {
-			signupMethod = signupMethod + "," + enum.Github.String()
-		}
-		user.SignupMethod = signupMethod
-		user.Password = existingUser.Password
-	}
-
-	user, _ = db.Mgr.SaveUser(user)
-	user, _ = db.Mgr.GetUserByEmail(user.Email)
-	userIdStr := fmt.Sprintf("%v", user.ID)
-	refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.RefreshToken)
-
-	accessToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.AccessToken)
-	utils.SetCookie(c, accessToken)
-	session.SetToken(userIdStr, refreshToken)
-	return nil
-}
-
-func OAuthCallbackHandler() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		provider := c.Param("oauth_provider")
-		state := c.Request.FormValue("state")
-
-		sessionState := session.GetToken(state)
-		if sessionState == "" {
-			c.JSON(400, gin.H{"error": "invalid oauth state"})
-		}
-		session.DeleteToken(sessionState)
-		sessionSplit := strings.Split(state, "___")
-
-		// TODO validate redirect url
-		if len(sessionSplit) != 2 {
-			c.JSON(400, gin.H{"error": "invalid redirect url"})
-			return
-		}
-
-		var err error
-		code := c.Request.FormValue("code")
-		switch provider {
-		case enum.Google.String():
-			err = processGoogleUserInfo(code, c)
-		case enum.Github.String():
-			err = processGithubUserInfo(code, c)
-		case enum.Facebook.String():
-			err = processFacebookUserInfo(code, c)
-		default:
-			err = fmt.Errorf(`invalid oauth provider`)
-		}
-
-		if err != nil {
-			c.JSON(400, gin.H{"error": err.Error()})
-			return
-		}
-		c.Redirect(http.StatusTemporaryRedirect, sessionSplit[1])
-	}
-}

server/handlers/oauthLogin.go

@@ -1,55 +0,0 @@
-package handlers
-
-import (
-	"net/http"
-
-	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/enum"
-	"github.com/authorizerdev/authorizer/server/oauth"
-	"github.com/authorizerdev/authorizer/server/session"
-	"github.com/gin-gonic/gin"
-	"github.com/google/uuid"
-)
-
-// set host in the oauth state that is useful for redirecting
-
-func OAuthLoginHandler() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		// TODO validate redirect URL
-		redirectURL := c.Query("redirectURL")
-
-		if redirectURL == "" {
-			c.JSON(400, gin.H{
-				"error": "invalid redirect url",
-			})
-			return
-		}
-		uuid := uuid.New()
-		oauthStateString := uuid.String() + "___" + redirectURL
-
-		provider := c.Param("oauth_provider")
-
-		switch provider {
-		case enum.Google.String():
-			session.SetToken(oauthStateString, enum.Google.String())
-			// during the init of OAuthProvider authorizer url might be empty
-			oauth.OAuthProvider.GoogleConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/google"
-			url := oauth.OAuthProvider.GoogleConfig.AuthCodeURL(oauthStateString)
-			c.Redirect(http.StatusTemporaryRedirect, url)
-		case enum.Github.String():
-			session.SetToken(oauthStateString, enum.Github.String())
-			oauth.OAuthProvider.GithubConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/github"
-			url := oauth.OAuthProvider.GithubConfig.AuthCodeURL(oauthStateString)
-			c.Redirect(http.StatusTemporaryRedirect, url)
-		case enum.Facebook.String():
-			session.SetToken(oauthStateString, enum.Github.String())
-			oauth.OAuthProvider.FacebookConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/facebook"
-			url := oauth.OAuthProvider.FacebookConfig.AuthCodeURL(oauthStateString)
-			c.Redirect(http.StatusTemporaryRedirect, url)
-		default:
-			c.JSON(422, gin.H{
-				"message": "Invalid oauth provider",
-			})
-		}
-	}
-}

server/handlers/oauth_callback.go

@@ -0,0 +1,271 @@
+package handlers
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/oauth"
+	"github.com/authorizerdev/authorizer/server/session"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/coreos/go-oidc/v3/oidc"
+	"github.com/gin-gonic/gin"
+	"golang.org/x/oauth2"
+)
+
+func processGoogleUserInfo(code string) (db.User, error) {
+	user := db.User{}
+	ctx := context.Background()
+	oauth2Token, err := oauth.OAuthProviders.GoogleConfig.Exchange(ctx, code)
+	if err != nil {
+		return user, fmt.Errorf("invalid google exchange code: %s", err.Error())
+	}
+
+	verifier := oauth.OIDCProviders.GoogleOIDC.Verifier(&oidc.Config{ClientID: oauth.OAuthProviders.GoogleConfig.ClientID})
+
+	// Extract the ID Token from OAuth2 token.
+	rawIDToken, ok := oauth2Token.Extra("id_token").(string)
+	if !ok {
+		return user, fmt.Errorf("unable to extract id_token")
+	}
+
+	// Parse and verify ID Token payload.
+	idToken, err := verifier.Verify(ctx, rawIDToken)
+	if err != nil {
+		return user, fmt.Errorf("unable to verify id_token: %s", err.Error())
+	}
+
+	if err := idToken.Claims(&user); err != nil {
+		return user, fmt.Errorf("unable to extract claims")
+	}
+
+	return user, nil
+}
+
+func processGithubUserInfo(code string) (db.User, error) {
+	user := db.User{}
+	token, err := oauth.OAuthProviders.GithubConfig.Exchange(oauth2.NoContext, code)
+	if err != nil {
+		return user, fmt.Errorf("invalid github exchange code: %s", err.Error())
+	}
+	client := http.Client{}
+	req, err := http.NewRequest("GET", constants.GithubUserInfoURL, nil)
+	if err != nil {
+		return user, fmt.Errorf("error creating github user info request: %s", err.Error())
+	}
+	req.Header = http.Header{
+		"Authorization": []string{fmt.Sprintf("token %s", token.AccessToken)},
+	}
+
+	response, err := client.Do(req)
+	if err != nil {
+		return user, err
+	}
+
+	defer response.Body.Close()
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return user, fmt.Errorf("failed to read github response body: %s", err.Error())
+	}
+
+	userRawData := make(map[string]string)
+	json.Unmarshal(body, &userRawData)
+
+	name := strings.Split(userRawData["name"], " ")
+	firstName := ""
+	lastName := ""
+	if len(name) >= 1 && strings.TrimSpace(name[0]) != "" {
+		firstName = name[0]
+	}
+	if len(name) > 1 && strings.TrimSpace(name[1]) != "" {
+		lastName = name[0]
+	}
+
+	picture := userRawData["avatar_url"]
+
+	user = db.User{
+		GivenName:  &firstName,
+		FamilyName: &lastName,
+		Picture:    &picture,
+		Email:      userRawData["email"],
+	}
+
+	return user, nil
+}
+
+func processFacebookUserInfo(code string) (db.User, error) {
+	user := db.User{}
+	token, err := oauth.OAuthProviders.FacebookConfig.Exchange(oauth2.NoContext, code)
+	if err != nil {
+		return user, fmt.Errorf("invalid facebook exchange code: %s", err.Error())
+	}
+	client := http.Client{}
+	req, err := http.NewRequest("GET", constants.FacebookUserInfoURL+token.AccessToken, nil)
+	if err != nil {
+		return user, fmt.Errorf("error creating facebook user info request: %s", err.Error())
+	}
+
+	response, err := client.Do(req)
+	if err != nil {
+		log.Println("error processing facebook user info:", err)
+		return user, err
+	}
+
+	defer response.Body.Close()
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		return user, fmt.Errorf("failed to read facebook response body: %s", err.Error())
+	}
+
+	userRawData := make(map[string]interface{})
+	json.Unmarshal(body, &userRawData)
+
+	email := fmt.Sprintf("%v", userRawData["email"])
+
+	picObject := userRawData["picture"].(map[string]interface{})["data"]
+	picDataObject := picObject.(map[string]interface{})
+	firstName := fmt.Sprintf("%v", userRawData["first_name"])
+	lastName := fmt.Sprintf("%v", userRawData["last_name"])
+	picture := fmt.Sprintf("%v", picDataObject["url"])
+
+	user = db.User{
+		GivenName:  &firstName,
+		FamilyName: &lastName,
+		Picture:    &picture,
+		Email:      email,
+	}
+
+	return user, nil
+}
+
+func OAuthCallbackHandler() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		provider := c.Param("oauth_provider")
+		state := c.Request.FormValue("state")
+
+		sessionState := session.GetSocailLoginState(state)
+		if sessionState == "" {
+			c.JSON(400, gin.H{"error": "invalid oauth state"})
+		}
+		session.RemoveSocialLoginState(state)
+		// contains random token, redirect url, role
+		sessionSplit := strings.Split(state, "___")
+
+		// TODO validate redirect url
+		if len(sessionSplit) < 2 {
+			c.JSON(400, gin.H{"error": "invalid redirect url"})
+			return
+		}
+
+		inputRoles := strings.Split(sessionSplit[2], ",")
+		redirectURL := sessionSplit[1]
+
+		var err error
+		user := db.User{}
+		code := c.Request.FormValue("code")
+		switch provider {
+		case enum.Google.String():
+			user, err = processGoogleUserInfo(code)
+		case enum.Github.String():
+			user, err = processGithubUserInfo(code)
+		case enum.Facebook.String():
+			user, err = processFacebookUserInfo(code)
+		default:
+			err = fmt.Errorf(`invalid oauth provider`)
+		}
+
+		if err != nil {
+			c.JSON(400, gin.H{"error": err.Error()})
+			return
+		}
+
+		existingUser, err := db.Mgr.GetUserByEmail(user.Email)
+
+		if err != nil {
+			// user not registered, register user and generate session token
+			user.SignupMethods = provider
+			// make sure inputRoles don't include protected roles
+			hasProtectedRole := false
+			for _, ir := range inputRoles {
+				if utils.StringSliceContains(constants.PROTECTED_ROLES, ir) {
+					hasProtectedRole = true
+				}
+			}
+
+			if hasProtectedRole {
+				c.JSON(400, gin.H{"error": "invalid role"})
+				return
+			}
+
+			user.Roles = strings.Join(inputRoles, ",")
+			now := time.Now().Unix()
+			user.EmailVerifiedAt = &now
+			user, _ = db.Mgr.AddUser(user)
+		} else {
+			// user exists in db, check if method was google
+			// if not append google to existing signup method and save it
+
+			signupMethod := existingUser.SignupMethods
+			if !strings.Contains(signupMethod, provider) {
+				signupMethod = signupMethod + "," + provider
+			}
+			user.SignupMethods = signupMethod
+			user.Password = existingUser.Password
+
+			// There multiple scenarios with roles here in social login
+			// 1. user has access to protected roles + roles and trying to login
+			// 2. user has not signed up for one of the available role but trying to signup.
+			// 		Need to modify roles in this case
+
+			// find the unassigned roles
+			existingRoles := strings.Split(existingUser.Roles, ",")
+			unasignedRoles := []string{}
+			for _, ir := range inputRoles {
+				if !utils.StringSliceContains(existingRoles, ir) {
+					unasignedRoles = append(unasignedRoles, ir)
+				}
+			}
+
+			if len(unasignedRoles) > 0 {
+				// check if it contains protected unassigned role
+				hasProtectedRole := false
+				for _, ur := range unasignedRoles {
+					if utils.StringSliceContains(constants.PROTECTED_ROLES, ur) {
+						hasProtectedRole = true
+					}
+				}
+
+				if hasProtectedRole {
+					c.JSON(400, gin.H{"error": "invalid role"})
+					return
+				} else {
+					user.Roles = existingUser.Roles + "," + strings.Join(unasignedRoles, ",")
+				}
+			} else {
+				user.Roles = existingUser.Roles
+			}
+			user.Key = existingUser.Key
+			user.ID = existingUser.ID
+			user, err = db.Mgr.UpdateUser(user)
+		}
+
+		user, _ = db.Mgr.GetUserByEmail(user.Email)
+		userIdStr := fmt.Sprintf("%v", user.ID)
+		refreshToken, _, _ := utils.CreateAuthToken(user, enum.RefreshToken, inputRoles)
+
+		accessToken, _, _ := utils.CreateAuthToken(user, enum.AccessToken, inputRoles)
+		utils.SetCookie(c, accessToken)
+		session.SetToken(userIdStr, accessToken, refreshToken)
+		utils.CreateSession(user.ID, c)
+
+		c.Redirect(http.StatusTemporaryRedirect, redirectURL)
+	}
+}

server/handlers/oauth_login.go

@@ -0,0 +1,93 @@
+package handlers
+
+import (
+	"net/http"
+	"strings"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/oauth"
+	"github.com/authorizerdev/authorizer/server/session"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
+)
+
+// set host in the oauth state that is useful for redirecting
+
+func OAuthLoginHandler() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		// TODO validate redirect URL
+		redirectURL := c.Query("redirectURL")
+		roles := c.Query("roles")
+
+		if redirectURL == "" {
+			c.JSON(400, gin.H{
+				"error": "invalid redirect url",
+			})
+			return
+		}
+
+		if roles != "" {
+			// validate role
+			rolesSplit := strings.Split(roles, ",")
+
+			// use protected roles verification for admin login only.
+			// though if not associated with user, it will be rejected from oauth_callback
+			if !utils.IsValidRoles(append([]string{}, append(constants.ROLES, constants.PROTECTED_ROLES...)...), rolesSplit) {
+				c.JSON(400, gin.H{
+					"error": "invalid role",
+				})
+				return
+			}
+		} else {
+			roles = strings.Join(constants.DEFAULT_ROLES, ",")
+		}
+
+		uuid := uuid.New()
+		oauthStateString := uuid.String() + "___" + redirectURL + "___" + roles
+
+		provider := c.Param("oauth_provider")
+		isProviderConfigured := true
+		switch provider {
+		case enum.Google.String():
+			if oauth.OAuthProviders.GoogleConfig == nil {
+				isProviderConfigured = false
+				break
+			}
+			session.SetSocailLoginState(oauthStateString, enum.Google.String())
+			// during the init of OAuthProvider authorizer url might be empty
+			oauth.OAuthProviders.GoogleConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/google"
+			url := oauth.OAuthProviders.GoogleConfig.AuthCodeURL(oauthStateString)
+			c.Redirect(http.StatusTemporaryRedirect, url)
+		case enum.Github.String():
+			if oauth.OAuthProviders.GithubConfig == nil {
+				isProviderConfigured = false
+				break
+			}
+			session.SetSocailLoginState(oauthStateString, enum.Github.String())
+			oauth.OAuthProviders.GithubConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/github"
+			url := oauth.OAuthProviders.GithubConfig.AuthCodeURL(oauthStateString)
+			c.Redirect(http.StatusTemporaryRedirect, url)
+		case enum.Facebook.String():
+			if oauth.OAuthProviders.FacebookConfig == nil {
+				isProviderConfigured = false
+				break
+			}
+			session.SetSocailLoginState(oauthStateString, enum.Facebook.String())
+			oauth.OAuthProviders.FacebookConfig.RedirectURL = constants.AUTHORIZER_URL + "/oauth_callback/facebook"
+			url := oauth.OAuthProviders.FacebookConfig.AuthCodeURL(oauthStateString)
+			c.Redirect(http.StatusTemporaryRedirect, url)
+		default:
+			c.JSON(422, gin.H{
+				"message": "Invalid oauth provider",
+			})
+		}
+
+		if !isProviderConfigured {
+			c.JSON(422, gin.H{
+				"message": provider + " not configured",
+			})
+		}
+	}
+}

server/handlers/verify_email.go

@@ -1,8 +1,8 @@
 package handlers
 
 import (
-	"fmt"
 	"net/http"
+	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/db"
@@ -23,7 +23,7 @@ func VerifyEmailHandler() gin.HandlerFunc {
 			return
 		}
 
-		_, err := db.Mgr.GetVerificationByToken(token)
+		verificationRequest, err := db.Mgr.GetVerificationByToken(token)
 		if err != nil {
 			c.JSON(400, errorRes)
 			return
@@ -45,23 +45,22 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		}
 
 		// update email_verified_at in users table
-		db.Mgr.UpdateVerificationTime(time.Now().Unix(), user.ID)
+		if user.EmailVerifiedAt == nil {
+			now := time.Now().Unix()
+			user.EmailVerifiedAt = &now
+			db.Mgr.UpdateUser(user)
+		}
 		// delete from verification table
-		db.Mgr.DeleteToken(claim.Email)
+		db.Mgr.DeleteVerificationRequest(verificationRequest)
 
-		userIdStr := fmt.Sprintf("%v", user.ID)
-		refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-			ID:    userIdStr,
-			Email: user.Email,
-		}, enum.RefreshToken)
+		roles := strings.Split(user.Roles, ",")
+		refreshToken, _, _ := utils.CreateAuthToken(user, enum.RefreshToken, roles)
 
-		accessToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-			ID:    userIdStr,
-			Email: user.Email,
-		}, enum.AccessToken)
+		accessToken, _, _ := utils.CreateAuthToken(user, enum.AccessToken, roles)
 
-		session.SetToken(userIdStr, refreshToken)
+		session.SetToken(user.ID, accessToken, refreshToken)
+		utils.CreateSession(user.ID, c)
 		utils.SetCookie(c, accessToken)
-		c.Redirect(http.StatusTemporaryRedirect, claim.Host)
+		c.Redirect(http.StatusTemporaryRedirect, claim.RedirectURL)
 	}
 }

server/main.go

@@ -1,76 +1,45 @@
 package main
 
 import (
-	"context"
-	"log"
+	"flag"
 
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/env"
 	"github.com/authorizerdev/authorizer/server/handlers"
 	"github.com/authorizerdev/authorizer/server/oauth"
+	"github.com/authorizerdev/authorizer/server/router"
 	"github.com/authorizerdev/authorizer/server/session"
-	"github.com/gin-contrib/location"
-	"github.com/gin-gonic/gin"
+	"github.com/authorizerdev/authorizer/server/utils"
 )
 
-func GinContextToContextMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		if constants.AUTHORIZER_URL == "" {
-			url := location.Get(c)
-			constants.AUTHORIZER_URL = url.Scheme + "://" + c.Request.Host
-			log.Println("=> setting url:", constants.AUTHORIZER_URL)
-		}
-		ctx := context.WithValue(c.Request.Context(), "GinContextKey", c)
-		c.Request = c.Request.WithContext(ctx)
-		c.Next()
-	}
-}
-
-// TODO use allowed origins for cors origin
-// TODO throw error if url is not allowed
-func CORSMiddleware() gin.HandlerFunc {
-	return func(c *gin.Context) {
-		origin := c.Request.Header.Get("Origin")
-		c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
-		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
-		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
-		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
-
-		if c.Request.Method == "OPTIONS" {
-			c.AbortWithStatus(204)
-			return
-		}
-
-		c.Next()
-	}
-}
+var VERSION string
 
 func main() {
-	InitEnv()
+	env.ARG_DB_URL = flag.String("database_url", "", "Database connection string")
+	env.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite")
+	env.ARG_AUTHORIZER_URL = flag.String("authorizer_url", "", "URL for authorizer instance, eg: https://xyz.herokuapp.com")
+	env.ARG_ENV_FILE = flag.String("env_file", "", "Env file path")
+	flag.Parse()
+
+	constants.VERSION = VERSION
+
+	env.InitEnv()
 	db.InitDB()
 	session.InitSession()
 	oauth.InitOAuth()
+	utils.InitServer()
 
-	r := gin.Default()
-	r.Use(location.Default())
-	r.Use(GinContextToContextMiddleware())
-	r.Use(CORSMiddleware())
+	router := router.InitRouter()
 
-	r.GET("/", handlers.PlaygroundHandler())
-	r.POST("/graphql", handlers.GraphqlHandler())
-	r.GET("/verify_email", handlers.VerifyEmailHandler())
-	r.GET("/oauth_login/:oauth_provider", handlers.OAuthLoginHandler())
-	r.GET("/oauth_callback/:oauth_provider", handlers.OAuthCallbackHandler())
-
-	// login wall app related routes
-
-	r.LoadHTMLGlob("templates/*")
-	app := r.Group("/app")
+	// login wall app related routes.
+	// if we put them in router file then tests would fail as templates or build path will be different
+	router.LoadHTMLGlob("templates/*")
+	app := router.Group("/app")
 	{
 		app.Static("/build", "app/build")
 		app.GET("/", handlers.AppHandler())
 		app.GET("/reset-password", handlers.AppHandler())
 	}
-
-	r.Run()
+	router.Run(":" + constants.PORT)
 }

server/middlewares/context.go

@@ -0,0 +1,23 @@
+package middlewares
+
+import (
+	"context"
+	"log"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/gin-contrib/location"
+	"github.com/gin-gonic/gin"
+)
+
+func GinContextToContextMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		if constants.AUTHORIZER_URL == "" {
+			url := location.Get(c)
+			constants.AUTHORIZER_URL = url.Scheme + "://" + c.Request.Host
+			log.Println("authorizer url:", constants.AUTHORIZER_URL)
+		}
+		ctx := context.WithValue(c.Request.Context(), "GinContextKey", c)
+		c.Request = c.Request.WithContext(ctx)
+		c.Next()
+	}
+}

server/middlewares/cors.go

@@ -0,0 +1,29 @@
+package middlewares
+
+import (
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/utils"
+	"github.com/gin-gonic/gin"
+)
+
+func CORSMiddleware() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		origin := c.Request.Header.Get("Origin")
+		constants.APP_URL = origin
+
+		if utils.IsValidOrigin(origin) {
+			c.Writer.Header().Set("Access-Control-Allow-Origin", origin)
+		}
+
+		c.Writer.Header().Set("Access-Control-Allow-Credentials", "true")
+		c.Writer.Header().Set("Access-Control-Allow-Headers", "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With")
+		c.Writer.Header().Set("Access-Control-Allow-Methods", "POST, OPTIONS, GET, PUT")
+
+		if c.Request.Method == "OPTIONS" {
+			c.AbortWithStatus(204)
+			return
+		}
+
+		c.Next()
+	}
+}

server/oauth/oauth.go

@@ -1,33 +1,49 @@
 package oauth
 
 import (
+	"context"
+	"log"
+
 	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/coreos/go-oidc/v3/oidc"
 	"golang.org/x/oauth2"
 	facebookOAuth2 "golang.org/x/oauth2/facebook"
 	githubOAuth2 "golang.org/x/oauth2/github"
-	googleOAuth2 "golang.org/x/oauth2/google"
 )
 
-type OAuthProviders struct {
+type OAuthProvider struct {
 	GoogleConfig   *oauth2.Config
 	GithubConfig   *oauth2.Config
 	FacebookConfig *oauth2.Config
 }
 
-var OAuthProvider OAuthProviders
+type OIDCProvider struct {
+	GoogleOIDC *oidc.Provider
+}
+
+var (
+	OAuthProviders OAuthProvider
+	OIDCProviders  OIDCProvider
+)
 
 func InitOAuth() {
+	ctx := context.Background()
 	if constants.GOOGLE_CLIENT_ID != "" && constants.GOOGLE_CLIENT_SECRET != "" {
-		OAuthProvider.GoogleConfig = &oauth2.Config{
+		p, err := oidc.NewProvider(ctx, "https://accounts.google.com")
+		if err != nil {
+			log.Fatalln("error creating oidc provider for google:", err)
+		}
+		OIDCProviders.GoogleOIDC = p
+		OAuthProviders.GoogleConfig = &oauth2.Config{
 			ClientID:     constants.GOOGLE_CLIENT_ID,
 			ClientSecret: constants.GOOGLE_CLIENT_SECRET,
 			RedirectURL:  constants.AUTHORIZER_URL + "/oauth_callback/google",
-			Endpoint:     googleOAuth2.Endpoint,
-			Scopes:       []string{"https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/userinfo.profile"},
+			Endpoint:     OIDCProviders.GoogleOIDC.Endpoint(),
+			Scopes:       []string{oidc.ScopeOpenID, "profile", "email"},
 		}
 	}
 	if constants.GITHUB_CLIENT_ID != "" && constants.GITHUB_CLIENT_SECRET != "" {
-		OAuthProvider.GithubConfig = &oauth2.Config{
+		OAuthProviders.GithubConfig = &oauth2.Config{
 			ClientID:     constants.GITHUB_CLIENT_ID,
 			ClientSecret: constants.GITHUB_CLIENT_SECRET,
 			RedirectURL:  constants.AUTHORIZER_URL + "/oauth_callback/github",
@@ -35,7 +51,7 @@ func InitOAuth() {
 		}
 	}
 	if constants.FACEBOOK_CLIENT_ID != "" && constants.FACEBOOK_CLIENT_SECRET != "" {
-		OAuthProvider.FacebookConfig = &oauth2.Config{
+		OAuthProviders.FacebookConfig = &oauth2.Config{
 			ClientID:     constants.FACEBOOK_CLIENT_ID,
 			ClientSecret: constants.FACEBOOK_CLIENT_SECRET,
 			RedirectURL:  constants.AUTHORIZER_URL + "/oauth_callback/facebook",

server/resolvers/delete_user.go

@@ -27,11 +27,11 @@ func DeleteUser(ctx context.Context, params model.DeleteUserInput) (*model.Respo
 		return res, err
 	}
 
-	session.DeleteToken(fmt.Sprintf("%x", user.ID))
+	session.DeleteUserSession(fmt.Sprintf("%x", user.ID))
 
-	err = db.Mgr.DeleteUser(params.Email)
+	err = db.Mgr.DeleteUser(user)
 	if err != nil {
-		log.Println("Err:", err)
+		log.Println("error deleting user:", err)
 		return res, err
 	}
 

server/resolvers/forgot_password.go

@@ -20,7 +20,7 @@ func ForgotPassword(ctx context.Context, params model.ForgotPasswordInput) (*mod
 	if err != nil {
 		return res, err
 	}
-	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+	if constants.DISABLE_BASIC_AUTHENTICATION {
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
 	host := gc.Request.Host
@@ -37,7 +37,7 @@ func ForgotPassword(ctx context.Context, params model.ForgotPasswordInput) (*mod
 
 	token, err := utils.CreateVerificationToken(params.Email, enum.ForgotPassword.String())
 	if err != nil {
-		log.Println(`Error generating token`, err)
+		log.Println(`error generating token`, err)
 	}
 	db.Mgr.AddVerification(db.VerificationRequest{
 		Token:      token,

server/resolvers/login.go

@@ -22,7 +22,7 @@ func Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, e
 		return res, err
 	}
 
-	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+	if constants.DISABLE_BASIC_AUTHENTICATION {
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
 
@@ -32,48 +32,41 @@ func Login(ctx context.Context, params model.LoginInput) (*model.AuthResponse, e
 		return res, fmt.Errorf(`user with this email not found`)
 	}
 
-	if !strings.Contains(user.SignupMethod, enum.BasicAuth.String()) {
+	if !strings.Contains(user.SignupMethods, enum.BasicAuth.String()) {
 		return res, fmt.Errorf(`user has not signed up email & password`)
 	}
 
-	if user.EmailVerifiedAt <= 0 {
+	if user.EmailVerifiedAt == nil {
 		return res, fmt.Errorf(`email not verified`)
 	}
 
-	err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(params.Password))
+	err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(params.Password))
 
 	if err != nil {
-		log.Println("Compare password error:", err)
+		log.Println("compare password error:", err)
 		return res, fmt.Errorf(`invalid password`)
 	}
-	userIdStr := fmt.Sprintf("%v", user.ID)
-	refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.RefreshToken)
+	roles := constants.DEFAULT_ROLES
+	currentRoles := strings.Split(user.Roles, ",")
+	if len(params.Roles) > 0 {
+		if !utils.IsValidRoles(currentRoles, params.Roles) {
+			return res, fmt.Errorf(`invalid roles`)
+		}
 
-	accessToken, expiresAt, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.AccessToken)
+		roles = params.Roles
+	}
+	refreshToken, _, _ := utils.CreateAuthToken(user, enum.RefreshToken, roles)
 
-	session.SetToken(userIdStr, refreshToken)
+	accessToken, expiresAt, _ := utils.CreateAuthToken(user, enum.AccessToken, roles)
+
+	session.SetToken(user.ID, accessToken, refreshToken)
+	utils.CreateSession(user.ID, gc)
 
 	res = &model.AuthResponse{
-		Message:              `Logged in successfully`,
-		AccessToken:          &accessToken,
-		AccessTokenExpiresAt: &expiresAt,
-		User: &model.User{
-			ID:              userIdStr,
-			Email:           user.Email,
-			Image:           &user.Image,
-			FirstName:       &user.FirstName,
-			LastName:        &user.LastName,
-			SignupMethod:    user.SignupMethod,
-			EmailVerifiedAt: &user.EmailVerifiedAt,
-			CreatedAt:       &user.CreatedAt,
-			UpdatedAt:       &user.UpdatedAt,
-		},
+		Message:     `Logged in successfully`,
+		AccessToken: &accessToken,
+		ExpiresAt:   &expiresAt,
+		User:        utils.GetResponseUserData(user),
 	}
 
 	utils.SetCookie(gc, accessToken)

server/resolvers/logout.go

@@ -2,6 +2,7 @@ package resolvers
 
 import (
 	"context"
+	"fmt"
 
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/session"
@@ -25,7 +26,8 @@ func Logout(ctx context.Context) (*model.Response, error) {
 		return res, err
 	}
 
-	session.DeleteToken(claim.ID)
+	userId := fmt.Sprintf("%v", claim["id"])
+	session.DeleteVerificationRequest(userId, token)
 	res = &model.Response{
 		Message: "Logged out successfully",
 	}

server/resolvers/magic_link_login.go

@@ -0,0 +1,126 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+func MagicLinkLogin(ctx context.Context, params model.MagicLinkLoginInput) (*model.Response, error) {
+	var res *model.Response
+
+	if constants.DISABLE_MAGIC_LINK_LOGIN {
+		return res, fmt.Errorf(`magic link login is disabled for this instance`)
+	}
+
+	params.Email = strings.ToLower(params.Email)
+
+	if !utils.IsValidEmail(params.Email) {
+		return res, fmt.Errorf(`invalid email address`)
+	}
+
+	inputRoles := []string{}
+
+	user := db.User{
+		Email: params.Email,
+	}
+
+	// find user with email
+	existingUser, err := db.Mgr.GetUserByEmail(params.Email)
+
+	if err != nil {
+		user.SignupMethods = enum.MagicLinkLogin.String()
+		// define roles for new user
+		if len(params.Roles) > 0 {
+			// check if roles exists
+			if !utils.IsValidRoles(constants.ROLES, params.Roles) {
+				return res, fmt.Errorf(`invalid roles`)
+			} else {
+				inputRoles = params.Roles
+			}
+		} else {
+			inputRoles = constants.DEFAULT_ROLES
+		}
+
+		user.Roles = strings.Join(inputRoles, ",")
+		user, _ = db.Mgr.AddUser(user)
+	} else {
+		user = existingUser
+		// There multiple scenarios with roles here in magic link login
+		// 1. user has access to protected roles + roles and trying to login
+		// 2. user has not signed up for one of the available role but trying to signup.
+		// 		Need to modify roles in this case
+
+		// find the unassigned roles
+		existingRoles := strings.Split(existingUser.Roles, ",")
+		unasignedRoles := []string{}
+		for _, ir := range inputRoles {
+			if !utils.StringSliceContains(existingRoles, ir) {
+				unasignedRoles = append(unasignedRoles, ir)
+			}
+		}
+
+		if len(unasignedRoles) > 0 {
+			// check if it contains protected unassigned role
+			hasProtectedRole := false
+			for _, ur := range unasignedRoles {
+				if utils.StringSliceContains(constants.PROTECTED_ROLES, ur) {
+					hasProtectedRole = true
+				}
+			}
+
+			if hasProtectedRole {
+				return res, fmt.Errorf(`invalid roles`)
+			} else {
+				user.Roles = existingUser.Roles + "," + strings.Join(unasignedRoles, ",")
+			}
+		} else {
+			user.Roles = existingUser.Roles
+		}
+
+		signupMethod := existingUser.SignupMethods
+		if !strings.Contains(signupMethod, enum.MagicLinkLogin.String()) {
+			signupMethod = signupMethod + "," + enum.MagicLinkLogin.String()
+		}
+
+		user.SignupMethods = signupMethod
+		user, _ = db.Mgr.UpdateUser(user)
+		if err != nil {
+			log.Println("error updating user:", err)
+		}
+	}
+
+	if !constants.DISABLE_EMAIL_VERIFICATION {
+		// insert verification request
+		verificationType := enum.MagicLinkLogin.String()
+		token, err := utils.CreateVerificationToken(params.Email, verificationType)
+		if err != nil {
+			log.Println(`error generating token`, err)
+		}
+		db.Mgr.AddVerification(db.VerificationRequest{
+			Token:      token,
+			Identifier: verificationType,
+			ExpiresAt:  time.Now().Add(time.Minute * 30).Unix(),
+			Email:      params.Email,
+		})
+
+		// exec it as go routin so that we can reduce the api latency
+		go func() {
+			utils.SendVerificationMail(params.Email, token)
+		}()
+	}
+
+	res = &model.Response{
+		Message: `Magic Link has been sent to your email. Please check your inbox!`,
+	}
+
+	return res, nil
+}

server/resolvers/profile.go

@@ -27,30 +27,20 @@ func Profile(ctx context.Context) (*model.User, error) {
 		return res, err
 	}
 
-	sessionToken := session.GetToken(claim.ID)
+	userID := fmt.Sprintf("%v", claim["id"])
+	email := fmt.Sprintf("%v", claim["email"])
+	sessionToken := session.GetToken(userID, token)
 
 	if sessionToken == "" {
 		return res, fmt.Errorf(`unauthorized`)
 	}
 
-	user, err := db.Mgr.GetUserByEmail(claim.Email)
+	user, err := db.Mgr.GetUserByEmail(email)
 	if err != nil {
 		return res, err
 	}
 
-	userIdStr := fmt.Sprintf("%v", user.ID)
-
-	res = &model.User{
-		ID:              userIdStr,
-		Email:           user.Email,
-		Image:           &user.Image,
-		FirstName:       &user.FirstName,
-		LastName:        &user.LastName,
-		SignupMethod:    user.SignupMethod,
-		EmailVerifiedAt: &user.EmailVerifiedAt,
-		CreatedAt:       &user.CreatedAt,
-		UpdatedAt:       &user.UpdatedAt,
-	}
+	res = utils.GetResponseUserData(user)
 
 	return res, nil
 }

server/resolvers/resend_verify_email.go

@@ -20,18 +20,28 @@ func ResendVerifyEmail(ctx context.Context, params model.ResendVerifyEmailInput)
 		return res, fmt.Errorf("invalid email")
 	}
 
-	verificationRequest, err := db.Mgr.GetVerificationByEmail(params.Email)
+	if !utils.IsValidVerificationIdentifier(params.Identifier) {
+		return res, fmt.Errorf("invalid identifier")
+	}
+
+	verificationRequest, err := db.Mgr.GetVerificationByEmail(params.Email, params.Identifier)
 	if err != nil {
 		return res, fmt.Errorf(`verification request not found`)
 	}
 
-	token, err := utils.CreateVerificationToken(params.Email, verificationRequest.Identifier)
+	// delete current verification and create new one
+	err = db.Mgr.DeleteVerificationRequest(verificationRequest)
 	if err != nil {
-		log.Println(`Error generating token`, err)
+		log.Println("error deleting verification request:", err)
+	}
+
+	token, err := utils.CreateVerificationToken(params.Email, params.Identifier)
+	if err != nil {
+		log.Println(`error generating token`, err)
 	}
 	db.Mgr.AddVerification(db.VerificationRequest{
 		Token:      token,
-		Identifier: verificationRequest.Identifier,
+		Identifier: params.Identifier,
 		ExpiresAt:  time.Now().Add(time.Minute * 30).Unix(),
 		Email:      params.Email,
 	})

server/resolvers/reset_password.go

@@ -14,11 +14,11 @@ import (
 
 func ResetPassword(ctx context.Context, params model.ResetPasswordInput) (*model.Response, error) {
 	var res *model.Response
-	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+	if constants.DISABLE_BASIC_AUTHENTICATION {
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
 
-	_, err := db.Mgr.GetVerificationByToken(params.Token)
+	verificationRequest, err := db.Mgr.GetVerificationByToken(params.Token)
 	if err != nil {
 		return res, fmt.Errorf(`invalid token`)
 	}
@@ -39,16 +39,16 @@ func ResetPassword(ctx context.Context, params model.ResetPasswordInput) (*model
 	}
 
 	password, _ := utils.HashPassword(params.Password)
-	user.Password = password
+	user.Password = &password
 
-	signupMethod := user.SignupMethod
+	signupMethod := user.SignupMethods
 	if !strings.Contains(signupMethod, enum.BasicAuth.String()) {
 		signupMethod = signupMethod + "," + enum.BasicAuth.String()
 	}
-	user.SignupMethod = signupMethod
+	user.SignupMethods = signupMethod
 
 	// delete from verification table
-	db.Mgr.DeleteToken(claim.Email)
+	db.Mgr.DeleteVerificationRequest(verificationRequest)
 	db.Mgr.UpdateUser(user)
 
 	res = &model.Response{

server/resolvers/session.go

@@ -0,0 +1,80 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/session"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+func Session(ctx context.Context, roles []string) (*model.AuthResponse, error) {
+	var res *model.AuthResponse
+
+	gc, err := utils.GinContextFromContext(ctx)
+	if err != nil {
+		return res, err
+	}
+	token, err := utils.GetAuthToken(gc)
+	if err != nil {
+		return res, err
+	}
+
+	claim, accessTokenErr := utils.VerifyAuthToken(token)
+	expiresAt := claim["exp"].(int64)
+	email := fmt.Sprintf("%v", claim["email"])
+
+	user, err := db.Mgr.GetUserByEmail(email)
+	if err != nil {
+		return res, err
+	}
+
+	userIdStr := fmt.Sprintf("%v", user.ID)
+
+	sessionToken := session.GetToken(userIdStr, token)
+
+	if sessionToken == "" {
+		return res, fmt.Errorf(`unauthorized`)
+	}
+
+	expiresTimeObj := time.Unix(expiresAt, 0)
+	currentTimeObj := time.Now()
+
+	claimRoleInterface := claim[constants.JWT_ROLE_CLAIM].([]interface{})
+	claimRoles := make([]string, len(claimRoleInterface))
+	for i, v := range claimRoleInterface {
+		claimRoles[i] = v.(string)
+	}
+
+	if len(roles) > 0 {
+		for _, v := range roles {
+			if !utils.StringSliceContains(claimRoles, v) {
+				return res, fmt.Errorf(`unauthorized`)
+			}
+		}
+	}
+
+	if accessTokenErr != nil || expiresTimeObj.Sub(currentTimeObj).Minutes() <= 5 {
+		// if access token has expired and refresh/session token is valid
+		// generate new accessToken
+		currentRefreshToken := session.GetToken(userIdStr, token)
+		session.DeleteVerificationRequest(userIdStr, token)
+		token, expiresAt, _ = utils.CreateAuthToken(user, enum.AccessToken, claimRoles)
+		session.SetToken(userIdStr, token, currentRefreshToken)
+		utils.CreateSession(user.ID, gc)
+	}
+
+	utils.SetCookie(gc, token)
+	res = &model.AuthResponse{
+		Message:     `Token verified`,
+		AccessToken: &token,
+		ExpiresAt:   &expiresAt,
+		User:        utils.GetResponseUserData(user),
+	}
+	return res, nil
+}

server/resolvers/signup.go

@@ -22,11 +22,11 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
 		return res, err
 	}
 
-	if constants.DISABLE_BASIC_AUTHENTICATION == "true" {
+	if constants.DISABLE_BASIC_AUTHENTICATION {
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
 	if params.ConfirmPassword != params.Password {
-		return res, fmt.Errorf(`passowrd and confirm password does not match`)
+		return res, fmt.Errorf(`password and confirm password does not match`)
 	}
 
 	params.Email = strings.ToLower(params.Email)
@@ -38,55 +38,89 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
 	// find user with email
 	existingUser, err := db.Mgr.GetUserByEmail(params.Email)
 	if err != nil {
-		log.Println("User with email " + params.Email + " not found")
+		log.Println("user with email " + params.Email + " not found")
 	}
 
-	if existingUser.EmailVerifiedAt > 0 {
+	if existingUser.EmailVerifiedAt != nil {
 		// email is verified
-		return res, fmt.Errorf(`you have already signed up. Please login`)
+		return res, fmt.Errorf(`%s has already signed up`, params.Email)
+	} else if existingUser.ID != "" && existingUser.EmailVerifiedAt == nil {
+		return res, fmt.Errorf("%s has already signed up. please complete the email verification process or reset the password", params.Email)
 	}
+
+	inputRoles := []string{}
+
+	if len(params.Roles) > 0 {
+		// check if roles exists
+		if !utils.IsValidRoles(constants.ROLES, params.Roles) {
+			return res, fmt.Errorf(`invalid roles`)
+		} else {
+			inputRoles = params.Roles
+		}
+	} else {
+		inputRoles = constants.DEFAULT_ROLES
+	}
+
 	user := db.User{
 		Email: params.Email,
 	}
 
+	user.Roles = strings.Join(inputRoles, ",")
+
 	password, _ := utils.HashPassword(params.Password)
-	user.Password = password
+	user.Password = &password
 
-	if params.FirstName != nil {
-		user.FirstName = *params.FirstName
+	if params.GivenName != nil {
+		user.GivenName = params.GivenName
 	}
 
-	if params.LastName != nil {
-		user.LastName = *params.LastName
+	if params.FamilyName != nil {
+		user.FamilyName = params.FamilyName
 	}
 
-	user.SignupMethod = enum.BasicAuth.String()
-	if constants.DISABLE_EMAIL_VERIFICATION == "true" {
-		user.EmailVerifiedAt = time.Now().Unix()
+	if params.MiddleName != nil {
+		user.MiddleName = params.MiddleName
 	}
-	user, err = db.Mgr.SaveUser(user)
+
+	if params.Nickname != nil {
+		user.Nickname = params.Nickname
+	}
+
+	if params.Gender != nil {
+		user.Gender = params.Gender
+	}
+
+	if params.Birthdate != nil {
+		user.Birthdate = params.Birthdate
+	}
+
+	if params.PhoneNumber != nil {
+		user.PhoneNumber = params.PhoneNumber
+	}
+
+	if params.Picture != nil {
+		user.Picture = params.Picture
+	}
+
+	user.SignupMethods = enum.BasicAuth.String()
+	if constants.DISABLE_EMAIL_VERIFICATION {
+		now := time.Now().Unix()
+		user.EmailVerifiedAt = &now
+	}
+	user, err = db.Mgr.AddUser(user)
 	if err != nil {
 		return res, err
 	}
 	userIdStr := fmt.Sprintf("%v", user.ID)
-	userToReturn := &model.User{
-		ID:              userIdStr,
-		Email:           user.Email,
-		Image:           &user.Image,
-		FirstName:       &user.FirstName,
-		LastName:        &user.LastName,
-		SignupMethod:    user.SignupMethod,
-		EmailVerifiedAt: &user.EmailVerifiedAt,
-		CreatedAt:       &user.CreatedAt,
-		UpdatedAt:       &user.UpdatedAt,
-	}
+	roles := strings.Split(user.Roles, ",")
+	userToReturn := utils.GetResponseUserData(user)
 
-	if constants.DISABLE_EMAIL_VERIFICATION != "true" {
+	if !constants.DISABLE_EMAIL_VERIFICATION {
 		// insert verification request
 		verificationType := enum.BasicAuthSignup.String()
 		token, err := utils.CreateVerificationToken(params.Email, verificationType)
 		if err != nil {
-			log.Println(`Error generating token`, err)
+			log.Println(`error generating token`, err)
 		}
 		db.Mgr.AddVerification(db.VerificationRequest{
 			Token:      token,
@@ -106,22 +140,17 @@ func Signup(ctx context.Context, params model.SignUpInput) (*model.AuthResponse,
 		}
 	} else {
 
-		refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-			ID:    userIdStr,
-			Email: user.Email,
-		}, enum.RefreshToken)
+		refreshToken, _, _ := utils.CreateAuthToken(user, enum.RefreshToken, roles)
 
-		accessToken, expiresAt, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-			ID:    userIdStr,
-			Email: user.Email,
-		}, enum.AccessToken)
+		accessToken, expiresAt, _ := utils.CreateAuthToken(user, enum.AccessToken, roles)
 
-		session.SetToken(userIdStr, refreshToken)
+		session.SetToken(userIdStr, accessToken, refreshToken)
+		utils.CreateSession(user.ID, gc)
 		res = &model.AuthResponse{
-			Message:              `Signed up successfully.`,
-			AccessToken:          &accessToken,
-			AccessTokenExpiresAt: &expiresAt,
-			User:                 userToReturn,
+			Message:     `Signed up successfully.`,
+			AccessToken: &accessToken,
+			ExpiresAt:   &expiresAt,
+			User:        userToReturn,
 		}
 
 		utils.SetCookie(gc, accessToken)

server/resolvers/token.go

@@ -1,70 +0,0 @@
-package resolvers
-
-import (
-	"context"
-	"fmt"
-	"time"
-
-	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/enum"
-	"github.com/authorizerdev/authorizer/server/graph/model"
-	"github.com/authorizerdev/authorizer/server/session"
-	"github.com/authorizerdev/authorizer/server/utils"
-)
-
-func Token(ctx context.Context) (*model.AuthResponse, error) {
-	var res *model.AuthResponse
-
-	gc, err := utils.GinContextFromContext(ctx)
-	if err != nil {
-		return res, err
-	}
-	token, err := utils.GetAuthToken(gc)
-	if err != nil {
-		return res, err
-	}
-
-	claim, accessTokenErr := utils.VerifyAuthToken(token)
-	expiresAt := claim.ExpiresAt
-
-	user, err := db.Mgr.GetUserByEmail(claim.Email)
-	if err != nil {
-		return res, err
-	}
-
-	userIdStr := fmt.Sprintf("%v", user.ID)
-
-	sessionToken := session.GetToken(userIdStr)
-
-	if sessionToken == "" {
-		return res, fmt.Errorf(`unauthorized`)
-	}
-	// TODO check if refresh/session token has expired
-
-	expiresTimeObj := time.Unix(expiresAt, 0)
-	currentTimeObj := time.Now()
-	if accessTokenErr != nil || expiresTimeObj.Sub(currentTimeObj).Minutes() <= 5 {
-		// if access token has expired and refresh/session token is valid
-		// generate new accessToken
-		token, expiresAt, _ = utils.CreateAuthToken(utils.UserAuthInfo{
-			ID:    userIdStr,
-			Email: user.Email,
-		}, enum.AccessToken)
-	}
-	utils.SetCookie(gc, token)
-	res = &model.AuthResponse{
-		Message:              `Token verified`,
-		AccessToken:          &token,
-		AccessTokenExpiresAt: &expiresAt,
-		User: &model.User{
-			ID:        userIdStr,
-			Email:     user.Email,
-			Image:     &user.Image,
-			FirstName: &user.FirstName,
-			LastName:  &user.LastName,
-			CreatedAt: &user.CreatedAt,
-			UpdatedAt: &user.UpdatedAt,
-		},
-	}
-	return res, nil
-}

server/resolvers/update_profile.go

@@ -32,36 +32,58 @@ func UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model
 		return res, err
 	}
 
-	sessionToken := session.GetToken(claim.ID)
+	id := fmt.Sprintf("%v", claim["id"])
+	sessionToken := session.GetToken(id, token)
 
 	if sessionToken == "" {
 		return res, fmt.Errorf(`unauthorized`)
 	}
 
 	// validate if all params are not empty
-	if params.FirstName == nil && params.LastName == nil && params.Image == nil && params.OldPassword == nil && params.Email == nil {
+	if params.GivenName == nil && params.FamilyName == nil && params.Picture == nil && params.MiddleName == nil && params.Nickname == nil && params.OldPassword == nil && params.Email == nil && params.Birthdate == nil && params.Gender == nil && params.PhoneNumber == nil {
 		return res, fmt.Errorf("please enter atleast one param to update")
 	}
 
-	user, err := db.Mgr.GetUserByEmail(claim.Email)
+	email := fmt.Sprintf("%v", claim["email"])
+	user, err := db.Mgr.GetUserByEmail(email)
 	if err != nil {
 		return res, err
 	}
 
-	if params.FirstName != nil && user.FirstName != *params.FirstName {
-		user.FirstName = *params.FirstName
+	if params.GivenName != nil && user.GivenName != params.GivenName {
+		user.GivenName = params.GivenName
 	}
 
-	if params.LastName != nil && user.LastName != *params.LastName {
-		user.LastName = *params.LastName
+	if params.FamilyName != nil && user.FamilyName != params.FamilyName {
+		user.FamilyName = params.FamilyName
 	}
 
-	if params.Image != nil && user.Image != *params.Image {
-		user.Image = *params.Image
+	if params.MiddleName != nil && user.MiddleName != params.MiddleName {
+		user.MiddleName = params.MiddleName
+	}
+
+	if params.Nickname != nil && user.Nickname != params.Nickname {
+		user.Nickname = params.Nickname
+	}
+
+	if params.Birthdate != nil && user.Birthdate != params.Birthdate {
+		user.Birthdate = params.Birthdate
+	}
+
+	if params.Gender != nil && user.Gender != params.Gender {
+		user.Gender = params.Gender
+	}
+
+	if params.PhoneNumber != nil && user.PhoneNumber != params.PhoneNumber {
+		user.PhoneNumber = params.PhoneNumber
+	}
+
+	if params.Picture != nil && user.Picture != params.Picture {
+		user.Picture = params.Picture
 	}
 
 	if params.OldPassword != nil {
-		if err = bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(*params.OldPassword)); err != nil {
+		if err = bcrypt.CompareHashAndPassword([]byte(*user.Password), []byte(*params.OldPassword)); err != nil {
 			return res, fmt.Errorf("incorrect old password")
 		}
 
@@ -79,7 +101,7 @@ func UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model
 
 		password, _ := utils.HashPassword(*params.NewPassword)
 
-		user.Password = password
+		user.Password = &password
 	}
 
 	hasEmailChanged := false
@@ -91,23 +113,24 @@ func UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model
 		}
 		newEmail := strings.ToLower(*params.Email)
 		// check if user with new email exists
-		_, err = db.Mgr.GetUserByEmail(newEmail)
+		_, err := db.Mgr.GetUserByEmail(newEmail)
+
 		// err = nil means user exists
 		if err == nil {
 			return res, fmt.Errorf("user with this email address already exists")
 		}
 
-		session.DeleteToken(fmt.Sprintf("%v", user.ID))
+		session.DeleteUserSession(fmt.Sprintf("%v", user.ID))
 		utils.DeleteCookie(gc)
 
 		user.Email = newEmail
-		user.EmailVerifiedAt = 0
+		user.EmailVerifiedAt = nil
 		hasEmailChanged = true
 		// insert verification request
 		verificationType := enum.UpdateEmail.String()
 		token, err := utils.CreateVerificationToken(newEmail, verificationType)
 		if err != nil {
-			log.Println(`Error generating token`, err)
+			log.Println(`error generating token`, err)
 		}
 		db.Mgr.AddVerification(db.VerificationRequest{
 			Token:      token,
@@ -120,12 +143,11 @@ func UpdateProfile(ctx context.Context, params model.UpdateProfileInput) (*model
 		go func() {
 			utils.SendVerificationMail(newEmail, token)
 		}()
-
 	}
 
 	_, err = db.Mgr.UpdateUser(user)
 	if err != nil {
-		log.Println("Error updating user:", err)
+		log.Println("error updating user:", err)
 		return res, err
 	}
 	message := `Profile details updated successfully.`

server/resolvers/update_user.go

@@ -0,0 +1,148 @@
+package resolvers
+
+import (
+	"context"
+	"fmt"
+	"log"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/session"
+	"github.com/authorizerdev/authorizer/server/utils"
+)
+
+func UpdateUser(ctx context.Context, params model.UpdateUserInput) (*model.User, error) {
+	gc, err := utils.GinContextFromContext(ctx)
+	var res *model.User
+	if err != nil {
+		return res, err
+	}
+
+	if !utils.IsSuperAdmin(gc) {
+		return res, fmt.Errorf("unauthorized")
+	}
+
+	if params.GivenName == nil && params.FamilyName == nil && params.Picture == nil && params.MiddleName == nil && params.Nickname == nil && params.Email == nil && params.Birthdate == nil && params.Gender == nil && params.PhoneNumber == nil && params.Roles == nil {
+		return res, fmt.Errorf("please enter atleast one param to update")
+	}
+
+	user, err := db.Mgr.GetUserByID(params.ID)
+	if err != nil {
+		return res, fmt.Errorf(`User not found`)
+	}
+
+	if params.GivenName != nil && user.GivenName != params.GivenName {
+		user.GivenName = params.GivenName
+	}
+
+	if params.FamilyName != nil && user.FamilyName != params.FamilyName {
+		user.FamilyName = params.FamilyName
+	}
+
+	if params.MiddleName != nil && user.MiddleName != params.MiddleName {
+		user.MiddleName = params.MiddleName
+	}
+
+	if params.Nickname != nil && user.Nickname != params.Nickname {
+		user.Nickname = params.Nickname
+	}
+
+	if params.Birthdate != nil && user.Birthdate != params.Birthdate {
+		user.Birthdate = params.Birthdate
+	}
+
+	if params.Gender != nil && user.Gender != params.Gender {
+		user.Gender = params.Gender
+	}
+
+	if params.PhoneNumber != nil && user.PhoneNumber != params.PhoneNumber {
+		user.PhoneNumber = params.PhoneNumber
+	}
+
+	if params.Picture != nil && user.Picture != params.Picture {
+		user.Picture = params.Picture
+	}
+
+	if params.Email != nil && user.Email != *params.Email {
+		// check if valid email
+		if !utils.IsValidEmail(*params.Email) {
+			return res, fmt.Errorf("invalid email address")
+		}
+		newEmail := strings.ToLower(*params.Email)
+		// check if user with new email exists
+		_, err = db.Mgr.GetUserByEmail(newEmail)
+		// err = nil means user exists
+		if err == nil {
+			return res, fmt.Errorf("user with this email address already exists")
+		}
+
+		session.DeleteUserSession(fmt.Sprintf("%v", user.ID))
+		utils.DeleteCookie(gc)
+
+		user.Email = newEmail
+		user.EmailVerifiedAt = nil
+		// insert verification request
+		verificationType := enum.UpdateEmail.String()
+		token, err := utils.CreateVerificationToken(newEmail, verificationType)
+		if err != nil {
+			log.Println(`error generating token`, err)
+		}
+		db.Mgr.AddVerification(db.VerificationRequest{
+			Token:      token,
+			Identifier: verificationType,
+			ExpiresAt:  time.Now().Add(time.Minute * 30).Unix(),
+			Email:      newEmail,
+		})
+
+		// exec it as go routin so that we can reduce the api latency
+		go func() {
+			utils.SendVerificationMail(newEmail, token)
+		}()
+	}
+
+	rolesToSave := ""
+	if params.Roles != nil && len(params.Roles) > 0 {
+		currentRoles := strings.Split(user.Roles, ",")
+		inputRoles := []string{}
+		for _, item := range params.Roles {
+			inputRoles = append(inputRoles, *item)
+		}
+
+		if !utils.IsValidRoles(append([]string{}, append(constants.ROLES, constants.PROTECTED_ROLES...)...), inputRoles) {
+			return res, fmt.Errorf("invalid list of roles")
+		}
+
+		if !utils.IsStringArrayEqual(inputRoles, currentRoles) {
+			rolesToSave = strings.Join(inputRoles, ",")
+		}
+
+		session.DeleteUserSession(fmt.Sprintf("%v", user.ID))
+		utils.DeleteCookie(gc)
+	}
+
+	if rolesToSave != "" {
+		user.Roles = rolesToSave
+	}
+
+	user, err = db.Mgr.UpdateUser(user)
+	if err != nil {
+		log.Println("error updating user:", err)
+		return res, err
+	}
+
+	res = &model.User{
+		ID:         params.ID,
+		Email:      user.Email,
+		Picture:    user.Picture,
+		GivenName:  user.GivenName,
+		FamilyName: user.FamilyName,
+		Roles:      strings.Split(user.Roles, ","),
+		CreatedAt:  &user.CreatedAt,
+		UpdatedAt:  &user.UpdatedAt,
+	}
+	return res, nil
+}

server/resolvers/users.go

@@ -26,16 +26,7 @@ func Users(ctx context.Context) ([]*model.User, error) {
 	}
 
 	for i := 0; i < len(users); i++ {
-		res = append(res, &model.User{
-			ID:              fmt.Sprintf("%v", users[i].ID),
-			Email:           users[i].Email,
-			SignupMethod:    users[i].SignupMethod,
-			FirstName:       &users[i].FirstName,
-			LastName:        &users[i].LastName,
-			EmailVerifiedAt: &users[i].EmailVerifiedAt,
-			CreatedAt:       &users[i].CreatedAt,
-			UpdatedAt:       &users[i].UpdatedAt,
-		})
+		res = append(res, utils.GetResponseUserData(users[i]))
 	}
 
 	return res, nil

server/resolvers/verify_email.go

@@ -3,6 +3,7 @@ package resolvers
 import (
 	"context"
 	"fmt"
+	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/db"
@@ -19,7 +20,7 @@ func VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.Aut
 		return res, err
 	}
 
-	_, err = db.Mgr.GetVerificationByToken(params.Token)
+	verificationRequest, err := db.Mgr.GetVerificationByToken(params.Token)
 	if err != nil {
 		return res, fmt.Errorf(`invalid token`)
 	}
@@ -36,38 +37,25 @@ func VerifyEmail(ctx context.Context, params model.VerifyEmailInput) (*model.Aut
 	}
 
 	// update email_verified_at in users table
-	db.Mgr.UpdateVerificationTime(time.Now().Unix(), user.ID)
+	now := time.Now().Unix()
+	user.EmailVerifiedAt = &now
+	db.Mgr.UpdateUser(user)
 	// delete from verification table
-	db.Mgr.DeleteToken(claim.Email)
+	db.Mgr.DeleteVerificationRequest(verificationRequest)
 
-	userIdStr := fmt.Sprintf("%v", user.ID)
-	refreshToken, _, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.RefreshToken)
+	roles := strings.Split(user.Roles, ",")
+	refreshToken, _, _ := utils.CreateAuthToken(user, enum.RefreshToken, roles)
 
-	accessToken, expiresAt, _ := utils.CreateAuthToken(utils.UserAuthInfo{
-		ID:    userIdStr,
-		Email: user.Email,
-	}, enum.AccessToken)
+	accessToken, expiresAt, _ := utils.CreateAuthToken(user, enum.AccessToken, roles)
 
-	session.SetToken(userIdStr, refreshToken)
+	session.SetToken(user.ID, accessToken, refreshToken)
+	utils.CreateSession(user.ID, gc)
 
 	res = &model.AuthResponse{
-		Message:              `Email verified successfully.`,
-		AccessToken:          &accessToken,
-		AccessTokenExpiresAt: &expiresAt,
-		User: &model.User{
-			ID:              userIdStr,
-			Email:           user.Email,
-			Image:           &user.Image,
-			FirstName:       &user.FirstName,
-			LastName:        &user.LastName,
-			SignupMethod:    user.SignupMethod,
-			EmailVerifiedAt: &user.EmailVerifiedAt,
-			CreatedAt:       &user.CreatedAt,
-			UpdatedAt:       &user.UpdatedAt,
-		},
+		Message:     `Email verified successfully.`,
+		AccessToken: &accessToken,
+		ExpiresAt:   &expiresAt,
+		User:        utils.GetResponseUserData(user),
 	}
 
 	utils.SetCookie(gc, accessToken)

server/router/router.go

@@ -0,0 +1,23 @@
+package router
+
+import (
+	"github.com/authorizerdev/authorizer/server/handlers"
+	"github.com/authorizerdev/authorizer/server/middlewares"
+	"github.com/gin-contrib/location"
+	"github.com/gin-gonic/gin"
+)
+
+func InitRouter() *gin.Engine {
+	router := gin.Default()
+	router.Use(location.Default())
+	router.Use(middlewares.GinContextToContextMiddleware())
+	router.Use(middlewares.CORSMiddleware())
+
+	router.GET("/", handlers.PlaygroundHandler())
+	router.POST("/graphql", handlers.GraphqlHandler())
+	router.GET("/verify_email", handlers.VerifyEmailHandler())
+	router.GET("/oauth_login/:oauth_provider", handlers.OAuthLoginHandler())
+	router.GET("/oauth_callback/:oauth_provider", handlers.OAuthCallbackHandler())
+
+	return router
+}

server/session/inMemoryStore.go

@@ -1,41 +0,0 @@
-package session
-
-import "sync"
-
-type InMemoryStore struct {
-	mu    sync.Mutex
-	store map[string]string
-}
-
-func (c *InMemoryStore) AddToken(userId, token string) {
-	c.mu.Lock()
-	// delete sessions > 500 // not recommended for production
-	if len(c.store) >= 500 {
-		c.store = make(map[string]string)
-	}
-	c.store[userId] = token
-	c.mu.Unlock()
-}
-
-func (c *InMemoryStore) DeleteToken(userId string) {
-	c.mu.Lock()
-	delete(c.store, userId)
-	c.mu.Unlock()
-}
-
-func (c *InMemoryStore) ClearStore() {
-	c.mu.Lock()
-	c.store = make(map[string]string)
-	c.mu.Unlock()
-}
-
-func (c *InMemoryStore) GetToken(userId string) string {
-	token := ""
-	c.mu.Lock()
-	if val, ok := c.store[userId]; ok {
-		token = val
-	}
-	c.mu.Unlock()
-
-	return token
-}

server/session/in_memory_session.go

@@ -0,0 +1,85 @@
+package session
+
+import (
+	"sync"
+)
+
+type InMemoryStore struct {
+	mu               sync.Mutex
+	store            map[string]map[string]string
+	socialLoginState map[string]string
+}
+
+func (c *InMemoryStore) AddToken(userId, accessToken, refreshToken string) {
+	c.mu.Lock()
+	// delete sessions > 500 // not recommended for production
+	if len(c.store) >= 500 {
+		c.store = map[string]map[string]string{}
+	}
+	// check if entry exists in map
+	_, exists := c.store[userId]
+	if exists {
+		tempMap := c.store[userId]
+		tempMap[accessToken] = refreshToken
+		c.store[userId] = tempMap
+	} else {
+		tempMap := map[string]string{
+			accessToken: refreshToken,
+		}
+		c.store[userId] = tempMap
+	}
+
+	c.mu.Unlock()
+}
+
+func (c *InMemoryStore) DeleteUserSession(userId string) {
+	c.mu.Lock()
+	delete(c.store, userId)
+	c.mu.Unlock()
+}
+
+func (c *InMemoryStore) DeleteVerificationRequest(userId, accessToken string) {
+	c.mu.Lock()
+	delete(c.store[userId], accessToken)
+	c.mu.Unlock()
+}
+
+func (c *InMemoryStore) ClearStore() {
+	c.mu.Lock()
+	c.store = map[string]map[string]string{}
+	c.mu.Unlock()
+}
+
+func (c *InMemoryStore) GetToken(userId, accessToken string) string {
+	token := ""
+	c.mu.Lock()
+	if sessionMap, ok := c.store[userId]; ok {
+		if val, ok := sessionMap[accessToken]; ok {
+			token = val
+		}
+	}
+	c.mu.Unlock()
+
+	return token
+}
+
+func (c *InMemoryStore) SetSocialLoginState(key, state string) {
+	c.mu.Lock()
+	c.socialLoginState[key] = state
+	c.mu.Unlock()
+}
+
+func (c *InMemoryStore) GetSocialLoginState(key string) string {
+	state := ""
+	if stateVal, ok := c.socialLoginState[key]; ok {
+		state = stateVal
+	}
+
+	return state
+}
+
+func (c *InMemoryStore) RemoveSocialLoginState(key string) {
+	c.mu.Lock()
+	delete(c.socialLoginState, key)
+	c.mu.Unlock()
+}

server/session/redisStore.go

@@ -1,43 +0,0 @@
-package session
-
-import (
-	"context"
-	"log"
-
-	"github.com/go-redis/redis/v8"
-)
-
-type RedisStore struct {
-	ctx   context.Context
-	store *redis.Client
-}
-
-func (c *RedisStore) AddToken(userId, token string) {
-	err := c.store.Set(c.ctx, "authorizer_"+userId, token, 0).Err()
-	if err != nil {
-		log.Fatalln("Error saving redis token:", err)
-	}
-}
-
-func (c *RedisStore) DeleteToken(userId string) {
-	err := c.store.Del(c.ctx, "authorizer_"+userId).Err()
-	if err != nil {
-		log.Fatalln("Error deleting redis token:", err)
-	}
-}
-
-func (c *RedisStore) ClearStore() {
-	err := c.store.Del(c.ctx, "authorizer_*").Err()
-	if err != nil {
-		log.Fatalln("Error clearing redis store:", err)
-	}
-}
-
-func (c *RedisStore) GetToken(userId string) string {
-	token := ""
-	token, err := c.store.Get(c.ctx, "authorizer_"+userId).Result()
-	if err != nil {
-		log.Println("Error getting token from redis store:", err)
-	}
-	return token
-}

server/session/redis_store.go

@@ -0,0 +1,80 @@
+package session
+
+import (
+	"context"
+	"fmt"
+	"log"
+
+	"github.com/go-redis/redis/v8"
+)
+
+type RedisStore struct {
+	ctx   context.Context
+	store *redis.Client
+}
+
+func (c *RedisStore) AddToken(userId, accessToken, refreshToken string) {
+	err := c.store.HMSet(c.ctx, "authorizer_"+userId, map[string]string{
+		accessToken: refreshToken,
+	}).Err()
+	if err != nil {
+		log.Fatalln("Error saving redis token:", err)
+	}
+}
+
+func (c *RedisStore) DeleteUserSession(userId string) {
+	err := c.store.Del(c.ctx, "authorizer_"+userId).Err()
+	if err != nil {
+		log.Fatalln("Error deleting redis token:", err)
+	}
+}
+
+func (c *RedisStore) DeleteVerificationRequest(userId, accessToken string) {
+	err := c.store.HDel(c.ctx, "authorizer_"+userId, accessToken).Err()
+	if err != nil {
+		log.Fatalln("Error deleting redis token:", err)
+	}
+}
+
+func (c *RedisStore) ClearStore() {
+	err := c.store.Del(c.ctx, "authorizer_*").Err()
+	if err != nil {
+		log.Fatalln("Error clearing redis store:", err)
+	}
+}
+
+func (c *RedisStore) GetToken(userId, accessToken string) string {
+	token := ""
+	res, err := c.store.HMGet(c.ctx, "authorizer_"+userId, accessToken).Result()
+	if err != nil {
+		log.Println("error getting token from redis store:", err)
+	}
+	if len(res) > 0 && res[0] != nil {
+		token = fmt.Sprintf("%v", res[0])
+	}
+	return token
+}
+
+func (c *RedisStore) SetSocialLoginState(key, state string) {
+	err := c.store.Set(c.ctx, key, state, 0).Err()
+	if err != nil {
+		log.Fatalln("Error saving redis token:", err)
+	}
+}
+
+func (c *RedisStore) GetSocialLoginState(key string) string {
+	state := ""
+	state, err := c.store.Get(c.ctx, key).Result()
+	if err != nil {
+		log.Println("error getting token from redis store:", err)
+	}
+
+	return state
+}
+
+func (c *RedisStore) RemoveSocialLoginState(key string) {
+	err := c.store.Del(c.ctx, key).Err()
+	if err != nil {
+		log.Fatalln("Error deleting redis token:", err)
+	}
+}

server/session/session.go

@@ -15,30 +15,42 @@ type SessionStore struct {
 
 var SessionStoreObj SessionStore
 
-func SetToken(userId, token string) {
+func SetToken(userId, accessToken, refreshToken string) {
+	// TODO: Set session information in db for all the sessions that gets generated
+	// it should async go function
+
 	if SessionStoreObj.RedisMemoryStoreObj != nil {
-		SessionStoreObj.RedisMemoryStoreObj.AddToken(userId, token)
+		SessionStoreObj.RedisMemoryStoreObj.AddToken(userId, accessToken, refreshToken)
 	}
 	if SessionStoreObj.InMemoryStoreObj != nil {
-		SessionStoreObj.InMemoryStoreObj.AddToken(userId, token)
+		SessionStoreObj.InMemoryStoreObj.AddToken(userId, accessToken, refreshToken)
 	}
 }
 
-func DeleteToken(userId string) {
+func DeleteVerificationRequest(userId, accessToken string) {
 	if SessionStoreObj.RedisMemoryStoreObj != nil {
-		SessionStoreObj.RedisMemoryStoreObj.DeleteToken(userId)
+		SessionStoreObj.RedisMemoryStoreObj.DeleteVerificationRequest(userId, accessToken)
 	}
 	if SessionStoreObj.InMemoryStoreObj != nil {
-		SessionStoreObj.InMemoryStoreObj.DeleteToken(userId)
+		SessionStoreObj.InMemoryStoreObj.DeleteVerificationRequest(userId, accessToken)
 	}
 }
 
-func GetToken(userId string) string {
+func DeleteUserSession(userId string) {
 	if SessionStoreObj.RedisMemoryStoreObj != nil {
-		return SessionStoreObj.RedisMemoryStoreObj.GetToken(userId)
+		SessionStoreObj.RedisMemoryStoreObj.DeleteUserSession(userId)
 	}
 	if SessionStoreObj.InMemoryStoreObj != nil {
-		return SessionStoreObj.InMemoryStoreObj.GetToken(userId)
+		SessionStoreObj.InMemoryStoreObj.DeleteUserSession(userId)
+	}
+}
+
+func GetToken(userId, accessToken string) string {
+	if SessionStoreObj.RedisMemoryStoreObj != nil {
+		return SessionStoreObj.RedisMemoryStoreObj.GetToken(userId, accessToken)
+	}
+	if SessionStoreObj.InMemoryStoreObj != nil {
+		return SessionStoreObj.InMemoryStoreObj.GetToken(userId, accessToken)
 	}
 
 	return ""
@@ -53,9 +65,38 @@ func ClearStore() {
 	}
 }
 
+func SetSocailLoginState(key, state string) {
+	if SessionStoreObj.RedisMemoryStoreObj != nil {
+		SessionStoreObj.RedisMemoryStoreObj.SetSocialLoginState(key, state)
+	}
+	if SessionStoreObj.InMemoryStoreObj != nil {
+		SessionStoreObj.InMemoryStoreObj.SetSocialLoginState(key, state)
+	}
+}
+
+func GetSocailLoginState(key string) string {
+	if SessionStoreObj.RedisMemoryStoreObj != nil {
+		return SessionStoreObj.RedisMemoryStoreObj.GetSocialLoginState(key)
+	}
+	if SessionStoreObj.InMemoryStoreObj != nil {
+		return SessionStoreObj.InMemoryStoreObj.GetSocialLoginState(key)
+	}
+
+	return ""
+}
+
+func RemoveSocialLoginState(key string) {
+	if SessionStoreObj.RedisMemoryStoreObj != nil {
+		SessionStoreObj.RedisMemoryStoreObj.RemoveSocialLoginState(key)
+	}
+	if SessionStoreObj.InMemoryStoreObj != nil {
+		SessionStoreObj.InMemoryStoreObj.RemoveSocialLoginState(key)
+	}
+}
+
 func InitSession() {
 	if constants.REDIS_URL != "" {
-		log.Println("Using redis store to save sessions")
+		log.Println("using redis store to save sessions")
 		opt, err := redis.ParseURL(constants.REDIS_URL)
 		if err != nil {
 			log.Fatalln("Error parsing redis url:", err)
@@ -73,9 +114,10 @@ func InitSession() {
 		}
 
 	} else {
-		log.Println("Using in memory store to save sessions")
+		log.Println("using in memory store to save sessions")
 		SessionStoreObj.InMemoryStoreObj = &InMemoryStore{
-			store: make(map[string]string),
+			store:            map[string]map[string]string{},
+			socialLoginState: map[string]string{},
 		}
 	}
 }

server/utils/authToken.go

@@ -1,76 +0,0 @@
-package utils
-
-import (
-	"fmt"
-	"log"
-	"strings"
-	"time"
-
-	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/enum"
-	"github.com/gin-gonic/gin"
-	"github.com/golang-jwt/jwt"
-)
-
-type UserAuthInfo struct {
-	Email string `json:"email"`
-	ID    string `json:"id"`
-}
-
-type UserAuthClaim struct {
-	*jwt.StandardClaims
-	TokenType string `json:"token_type"`
-	UserAuthInfo
-}
-
-func CreateAuthToken(user UserAuthInfo, tokenType enum.TokenType) (string, int64, error) {
-	t := jwt.New(jwt.GetSigningMethod(constants.JWT_TYPE))
-	expiryBound := time.Hour
-	if tokenType == enum.RefreshToken {
-		// expires in 1 year
-		expiryBound = time.Hour * 8760
-	}
-
-	expiresAt := time.Now().Add(expiryBound).Unix()
-
-	t.Claims = &UserAuthClaim{
-		&jwt.StandardClaims{
-			ExpiresAt: expiresAt,
-		},
-		tokenType.String(),
-		user,
-	}
-
-	token, err := t.SignedString([]byte(constants.JWT_SECRET))
-	if err != nil {
-		return "", 0, err
-	}
-	return token, expiresAt, nil
-}
-
-func GetAuthToken(gc *gin.Context) (string, error) {
-	token, err := GetCookie(gc)
-	if err != nil || token == "" {
-		// try to check in auth header for cookie
-		log.Println("cookie not found checking headers")
-		auth := gc.Request.Header.Get("Authorization")
-		if auth == "" {
-			return "", fmt.Errorf(`unauthorized`)
-		}
-
-		token = strings.TrimPrefix(auth, "Bearer ")
-	}
-	return token, nil
-}
-
-func VerifyAuthToken(token string) (*UserAuthClaim, error) {
-	claims := &UserAuthClaim{}
-	_, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
-		return []byte(constants.JWT_SECRET), nil
-	})
-	if err != nil {
-		return claims, err
-	}
-
-	return claims, nil
-}

server/utils/auth_token.go

@@ -0,0 +1,126 @@
+package utils
+
+import (
+	"encoding/json"
+	"fmt"
+	"log"
+	"os"
+	"strings"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/enum"
+	"github.com/gin-gonic/gin"
+	"github.com/golang-jwt/jwt"
+	"github.com/robertkrimen/otto"
+)
+
+func CreateAuthToken(user db.User, tokenType enum.TokenType, roles []string) (string, int64, error) {
+	t := jwt.New(jwt.GetSigningMethod(constants.JWT_TYPE))
+	expiryBound := time.Hour
+	if tokenType == enum.RefreshToken {
+		// expires in 1 year
+		expiryBound = time.Hour * 8760
+	}
+
+	expiresAt := time.Now().Add(expiryBound).Unix()
+
+	resUser := GetResponseUserData(user)
+	userBytes, _ := json.Marshal(&resUser)
+	var userMap map[string]interface{}
+	json.Unmarshal(userBytes, &userMap)
+
+	customClaims := jwt.MapClaims{
+		"exp":                    expiresAt,
+		"iat":                    time.Now().Unix(),
+		"token_type":             tokenType.String(),
+		"allowed_roles":          strings.Split(user.Roles, ","),
+		constants.JWT_ROLE_CLAIM: roles,
+	}
+
+	for k, v := range userMap {
+		if k != "roles" {
+			customClaims[k] = v
+		}
+	}
+
+	// check for the extra access token script
+	accessTokenScript := os.Getenv("CUSTOM_ACCESS_TOKEN_SCRIPT")
+	if accessTokenScript != "" {
+		vm := otto.New()
+
+		claimBytes, _ := json.Marshal(customClaims)
+		vm.Run(fmt.Sprintf(`
+			var user = %s;
+			var tokenPayload = %s;
+			var customFunction = %s;
+			var functionRes = JSON.stringify(customFunction(user, tokenPayload));
+		`, string(userBytes), string(claimBytes), accessTokenScript))
+
+		val, err := vm.Get("functionRes")
+
+		if err != nil {
+			log.Println("error getting custom access token script:", err)
+		} else {
+			extraPayload := make(map[string]interface{})
+			err = json.Unmarshal([]byte(fmt.Sprintf("%s", val)), &extraPayload)
+			if err != nil {
+				log.Println("error converting accessTokenScript response to map:", err)
+			} else {
+				for k, v := range extraPayload {
+					customClaims[k] = v
+				}
+			}
+		}
+	}
+
+	t.Claims = customClaims
+
+	token, err := t.SignedString([]byte(constants.JWT_SECRET))
+	if err != nil {
+		return "", 0, err
+	}
+
+	return token, expiresAt, nil
+}
+
+func GetAuthToken(gc *gin.Context) (string, error) {
+	token, err := GetCookie(gc)
+	if err != nil || token == "" {
+		// try to check in auth header for cookie
+		log.Println("cookie not found checking headers")
+		auth := gc.Request.Header.Get("Authorization")
+		if auth == "" {
+			return "", fmt.Errorf(`unauthorized`)
+		}
+
+		token = strings.TrimPrefix(auth, "Bearer ")
+	}
+	return token, nil
+}
+
+func VerifyAuthToken(token string) (map[string]interface{}, error) {
+	var res map[string]interface{}
+	claims := jwt.MapClaims{}
+
+	_, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
+		return []byte(constants.JWT_SECRET), nil
+	})
+	if err != nil {
+		return res, err
+	}
+
+	// claim parses exp & iat into float 64 with e^10,
+	// but we expect it to be int64
+	// hence we need to assert interface and convert to int64
+	intExp := int64(claims["exp"].(float64))
+	intIat := int64(claims["iat"].(float64))
+
+	data, _ := json.Marshal(claims)
+	json.Unmarshal(data, &res)
+	res["exp"] = intExp
+	res["iat"] = intIat
+
+	return res, nil
+}

server/utils/common.go

@@ -0,0 +1,29 @@
+package utils
+
+import (
+	"io"
+	"os"
+)
+
+func WriteToFile(filename string, data string) error {
+	file, err := os.Create(filename)
+	if err != nil {
+		return err
+	}
+	defer file.Close()
+
+	_, err = io.WriteString(file, data)
+	if err != nil {
+		return err
+	}
+	return file.Sync()
+}
+
+func StringSliceContains(s []string, e string) bool {
+	for _, a := range s {
+		if a == e {
+			return true
+		}
+	}
+	return false
+}

server/utils/cookie.go

@@ -1,7 +1,6 @@
 package utils
 
 import (
-	"log"
 	"net/http"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -11,17 +10,24 @@ import (
 func SetCookie(gc *gin.Context, token string) {
 	secure := true
 	httpOnly := true
+	host, _ := GetHostParts(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
+	}
 
-	host := GetHostName(constants.AUTHORIZER_URL)
-	log.Println("=> cookie host", host)
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, token, 3600, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", token, 3600, "/", domain, secure, httpOnly)
 }
 
 func GetCookie(gc *gin.Context) (string, error) {
 	cookie, err := gc.Request.Cookie(constants.COOKIE_NAME)
 	if err != nil {
-		return "", err
+		cookie, err = gc.Request.Cookie(constants.COOKIE_NAME + "-client")
+		if err != nil {
+			return "", err
+		}
 	}
 
 	return cookie.Value, nil
@@ -31,11 +37,13 @@ func DeleteCookie(gc *gin.Context) {
 	secure := true
 	httpOnly := true
 
-	if !constants.IS_PROD {
-		secure = false
+	host, _ := GetHostParts(constants.AUTHORIZER_URL)
+	domain := GetDomainName(constants.AUTHORIZER_URL)
+	if domain != "localhost" {
+		domain = "." + domain
 	}
 
-	host := GetHostName(constants.AUTHORIZER_URL)
 	gc.SetSameSite(http.SameSiteNoneMode)
 	gc.SetCookie(constants.COOKIE_NAME, "", -1, "/", host, secure, httpOnly)
+	gc.SetCookie(constants.COOKIE_NAME+"-client", "", -1, "/", domain, secure, httpOnly)
 }

server/utils/create_session.go

@@ -0,0 +1,16 @@
+package utils
+
+import (
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/gin-gonic/gin"
+)
+
+func CreateSession(userId string, c *gin.Context) {
+	sessionData := db.Session{
+		UserID:    userId,
+		UserAgent: GetUserAgent(c.Request),
+		IP:        GetIP(c.Request),
+	}
+
+	db.Mgr.AddSession(sessionData)
+}

server/utils/email.go

@@ -16,17 +16,91 @@ func SendVerificationMail(toEmail, token string) error {
 
 	Subject := "Please verify your email"
 	message := fmt.Sprintf(`
-	<!DOCTYPE HTML PULBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-	<html>
-	<head>
-	<meta http-equiv="content-type" content="text/html"; charset=ISO-8859-1">
-	</head>
-	<body>
-		<h1>Please verify your email by clicking on the link below </h1><br/>
-		<a href="%s">Click here to verify</a>
-	</body>
-	</html>
-	`, constants.AUTHORIZER_URL+"/verify_email"+"?token="+token)
+	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+    <html xmlns="http://www.w3.org/1999/xhtml" xmlns:o="urn:schemas-microsoft-com:office:office">
+
+        <head>
+            <meta charset="UTF-8">
+            <meta content="width=device-width, initial-scale=1" name="viewport">
+            <meta name="x-apple-disable-message-reformatting">
+            <meta http-equiv="X-UA-Compatible" content="IE=edge">
+            <meta content="telephone=no" name="format-detection">
+            <title></title>
+            <!--[if (mso 16)]>
+            <style type="text/css">
+            a {}
+            </style>
+            <![endif]-->
+            <!--[if gte mso 9]><style>sup { font-size: 100%% !important; }</style><![endif]-->
+            <!--[if gte mso 9]>
+        <xml>
+            <o:OfficeDocumentSettings>
+            <o:AllowPNG></o:AllowPNG>
+            <o:PixelsPerInch>96</o:PixelsPerInch>
+            </o:OfficeDocumentSettings>
+        </xml>
+        <![endif]-->
+        </head>
+
+        <body style="font-family: sans-serif;">
+            <div class="es-wrapper-color">
+                <!--[if gte mso 9]>
+                    <v:background xmlns:v="urn:schemas-microsoft-com:vml" fill="t">
+                        <v:fill type="tile" color="#ffffff"></v:fill>
+                    </v:background>
+                <![endif]-->
+                <table class="es-wrapper" width="100%%" cellspacing="0" cellpadding="0">
+                    <tbody>
+                        <tr>
+                            <td class="esd-email-paddings" valign="top">
+                                <table class="es-content esd-footer-popover" cellspacing="0" cellpadding="0" align="center">
+                                    <tbody>
+                                        <tr>
+                                            <td class="esd-stripe" align="center">
+                                                <table class="es-content-body" style="border-left:1px solid transparent;border-right:1px solid transparent;border-top:1px solid transparent;border-bottom:1px solid transparent;padding:20px 0px;" width="600" cellspacing="0" cellpadding="0" bgcolor="#ffffff" align="center">
+                                                    <tbody>
+                                                        <tr>
+                                                            <td class="esd-structure es-p20t es-p40b es-p40r es-p40l" esd-custom-block-id="8537" align="left">
+                                                                <table width="100%%" cellspacing="0" cellpadding="0">
+                                                                    <tbody>
+                                                                        <tr>
+                                                                            <td class="esd-container-frame" width="518" align="left">
+                                                                                <table width="100%%" cellspacing="0" cellpadding="0">
+                                                                                    <tbody>
+                                                                                        <tr>
+                                                                                            <td class="esd-block-image es-m-txt-c es-p5b" style="font-size:0;padding:10px" align="center"><a target="_blank"><img src="%s" alt="icon" style="display: block;" title="icon" width="30"></a></td>
+                                                                                        </tr>
+                                                                                        
+                                                                                        <tr style="background: rgb(249,250,251);padding: 10px;margin-bottom:10px;border-radius:5px;">
+                                                                                            <td class="esd-block-text es-m-txt-c es-p15t" align="center" style="padding:10px;padding-bottom:30px;">
+                                                                                                <p>Hey there 👋</p>
+                                                                                                <p>We received a request to sign-up / login for <b>%s</b>. If this is correct, please confirm your email address by clicking the button below.</p> <br/>
+                                                                                                <a href="%s" class="es-button" target="_blank" style="text-decoration: none;padding:10px 15px;background-color: rgba(59,130,246,1);color: #fff;font-size: 1em;border-radius:5px;">Confirm Email</a>
+                                                                                            </td>
+                                                                                        </tr>
+                                                                                    </tbody>
+                                                                                </table>
+                                                                            </td>
+                                                                        </tr>
+                                                                    </tbody>
+                                                                </table>
+                                                            </td>
+                                                        </tr>
+                                                    </tbody>
+                                                </table>
+                                            </td>
+                                        </tr>
+                                    </tbody>
+                                </table>
+                            </td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+            <div style="position: absolute; left: -9999px; top: -9999px; margin: 0px;"></div>
+        </body>
+    </html>
+	`, constants.ORGANIZATION_LOGO, constants.ORGANIZATION_NAME, constants.AUTHORIZER_URL+"/verify_email"+"?token="+token)
 	bodyMessage := sender.WriteHTMLEmail(Receiver, Subject, message)
 
 	return sender.SendMail(Receiver, Subject, bodyMessage)
@@ -46,17 +120,92 @@ func SendForgotPasswordMail(toEmail, token, host string) error {
 	Subject := "Reset Password"
 
 	message := fmt.Sprintf(`
-	<!DOCTYPE HTML PULBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-	<html>
-	<head>
-	<meta http-equiv="content-type" content="text/html"; charset=ISO-8859-1">
-	</head>
-	<body>
-		<h1>Please use the link below to reset password </h1><br/>
-		<a href="%s">Reset Password</a>
-	</body>
-	</html>
-	`, constants.RESET_PASSWORD_URL+"?token="+token)
+	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+    <html xmlns="http://www.w3.org/1999/xhtml" xmlns:o="urn:schemas-microsoft-com:office:office">
+
+        <head>
+            <meta charset="UTF-8">
+            <meta content="width=device-width, initial-scale=1" name="viewport">
+            <meta name="x-apple-disable-message-reformatting">
+            <meta http-equiv="X-UA-Compatible" content="IE=edge">
+            <meta content="telephone=no" name="format-detection">
+            <title></title>
+            <!--[if (mso 16)]>
+            <style type="text/css">
+            a {}
+            </style>
+            <![endif]-->
+            <!--[if gte mso 9]><style>sup { font-size: 100%% !important; }</style><![endif]-->
+            <!--[if gte mso 9]>
+        <xml>
+            <o:OfficeDocumentSettings>
+            <o:AllowPNG></o:AllowPNG>
+            <o:PixelsPerInch>96</o:PixelsPerInch>
+            </o:OfficeDocumentSettings>
+        </xml>
+        <![endif]-->
+        </head>
+
+        <body style="font-family: sans-serif;">
+            <div class="es-wrapper-color">
+                <!--[if gte mso 9]>
+                    <v:background xmlns:v="urn:schemas-microsoft-com:vml" fill="t">
+                        <v:fill type="tile" color="#ffffff"></v:fill>
+                    </v:background>
+                <![endif]-->
+                <table class="es-wrapper" width="100%%" cellspacing="0" cellpadding="0">
+                    <tbody>
+                        <tr>
+                            <td class="esd-email-paddings" valign="top">
+                                <table class="es-content esd-footer-popover" cellspacing="0" cellpadding="0" align="center">
+                                    <tbody>
+                                        <tr>
+                                            <td class="esd-stripe" align="center">
+                                                <table class="es-content-body" style="border-left:1px solid transparent;border-right:1px solid transparent;border-top:1px solid transparent;border-bottom:1px solid transparent;padding:20px 0px;" width="600" cellspacing="0" cellpadding="0" bgcolor="#ffffff" align="center">
+                                                    <tbody>
+                                                        <tr>
+                                                            <td class="esd-structure es-p20t es-p40b es-p40r es-p40l" esd-custom-block-id="8537" align="left">
+                                                                <table width="100%%" cellspacing="0" cellpadding="0">
+                                                                    <tbody>
+                                                                        <tr>
+                                                                            <td class="esd-container-frame" width="518" align="left">
+                                                                                <table width="100%%" cellspacing="0" cellpadding="0">
+                                                                                    <tbody>
+                                                                                        <tr>
+                                                                                            <td class="esd-block-image es-m-txt-c es-p5b" style="font-size:0;padding:10px" align="center"><a target="_blank"><img src="%s" alt="icon" style="display: block;" title="icon" width="30"></a></td>
+                                                                                        </tr>
+                                                                                        
+                                                                                        <tr style="background: rgb(249,250,251);padding: 10px;margin-bottom:10px;border-radius:5px;">
+                                                                                            <td class="esd-block-text es-m-txt-c es-p15t" align="center" style="padding:10px;padding-bottom:30px;">
+                                                                                                <p>Hey there 👋</p>
+                                                                                                <p>We received a request to reset password for email: <b>%s</b>. If this is correct, please reset the password clicking the button below.</p> <br/>
+                                                                                                <a href="%s" class="es-button" target="_blank" style="text-decoration: none;padding:10px 15px;background-color: rgba(59,130,246,1);color: #fff;font-size: 1em;border-radius:5px;">Reset Password</a>
+                                                                                            </td>
+                                                                                        </tr>
+                                                                                    </tbody>
+                                                                                </table>
+                                                                            </td>
+                                                                        </tr>
+                                                                    </tbody>
+                                                                </table>
+                                                            </td>
+                                                        </tr>
+                                                    </tbody>
+                                                </table>
+                                            </td>
+                                        </tr>
+                                    </tbody>
+                                </table>
+                            </td>
+                        </tr>
+                    </tbody>
+                </table>
+            </div>
+            <div style="position: absolute; left: -9999px; top: -9999px; margin: 0px;"></div>
+        </body>
+    </html>
+	`, constants.ORGANIZATION_LOGO, toEmail, constants.RESET_PASSWORD_URL+"?token="+token)
+
 	bodyMessage := sender.WriteHTMLEmail(Receiver, Subject, message)
 
 	return sender.SendMail(Receiver, Subject, bodyMessage)

server/utils/get_response_user_data.go

@@ -0,0 +1,32 @@
+package utils
+
+import (
+	"strings"
+
+	"github.com/authorizerdev/authorizer/server/db"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+)
+
+func GetResponseUserData(user db.User) *model.User {
+	isEmailVerified := user.EmailVerifiedAt != nil
+	isPhoneVerified := user.PhoneNumberVerifiedAt != nil
+	return &model.User{
+		ID:                  user.ID,
+		Email:               user.Email,
+		EmailVerified:       isEmailVerified,
+		SignupMethods:       user.SignupMethods,
+		GivenName:           user.GivenName,
+		FamilyName:          user.FamilyName,
+		MiddleName:          user.MiddleName,
+		Nickname:            user.Nickname,
+		PreferredUsername:   &user.Email,
+		Gender:              user.Gender,
+		Birthdate:           user.Birthdate,
+		PhoneNumber:         user.PhoneNumber,
+		PhoneNumberVerified: &isPhoneVerified,
+		Picture:             user.Picture,
+		Roles:               strings.Split(user.Roles, ","),
+		CreatedAt:           &user.CreatedAt,
+		UpdatedAt:           &user.UpdatedAt,
+	}
+}