chore: fix yaml indentation

fixed validation of refresh token

.env.test

@@ -7,3 +7,4 @@ SMTP_PORT=2525
 SMTP_USERNAME=test
 SMTP_PASSWORD=test
 SENDER_EMAIL="info@authorizer.dev"
+AWS_REGION=ap-south-1

.github/workflows/release.yaml

@@ -2,16 +2,16 @@ on:
   workflow_dispatch:
     inputs:
       logLevel:
-        description: 'Log level'     
+        description: "Log level"
         required: true
-        default: 'warning' 
+        default: "warning"
         type: choice
         options:
           - info
           - warning
           - debug
       tags:
-        description: 'Tags'
+        description: "Tags"
         required: false
         type: boolean
   release:
@@ -22,13 +22,22 @@ jobs:
     name: Release Authorizer Binary
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - uses: actions/setup-node@v2
         with:
-          node-version: '16'
+          node-version: "16"
+      - # Add support for more platforms with QEMU (optional)
+        # https://github.com/docker/setup-qemu-action
+        name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          platforms: linux/amd64,linux/arm64
+          buildkitd-flags: --debug
       - uses: actions/setup-go@v2
         with:
-          go-version: '^1.17.3'
+          go-version: "^1.17.3"
       - name: Install dependencies
         run: |
           sudo apt-get install build-essential wget zip gcc-mingw-w64 && \
@@ -59,10 +68,16 @@ jobs:
           make clean && \
           CGO_ENABLED=1 make && \
           tar cvfz authorizer-${VERSION}-linux-amd64.tar.gz .env app/build build templates dashboard/build
+      - name: Build package
+        run: |
+          make clean && \
+          make build && \
+          mkdir -p authorizer-${VERSION}-darwin-amd64/build authorizer-${VERSION}-darwin-amd64/app authorizer-${VERSION}-darwin-amd64/templates authorizer-${VERSION}-darwin-amd64/dashboard && cp build/darwin/amd64/server authorizer-${VERSION}-darwin-amd64/build/ && cp .env authorizer-${VERSION}-darwin-amd64/.env && cp -rf app/build authorizer-${VERSION}-darwin-amd64/app/build && cp -rf templates authorizer-${VERSION}-darwin-amd64/templates && cp -rf dashboard/build authorizer-${VERSION}-darwin-amd64/dashboard/build && tar cvfz  authorizer-${VERSION}-darwin-amd64.tar.gz authorizer-${VERSION}-darwin-amd64
       - name: Upload assets
         run: |
           github-assets-uploader -f authorizer-${VERSION}-windows-amd64.zip -mediatype application/zip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION} && \
           github-assets-uploader -f authorizer-${VERSION}-linux-amd64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
+          github-assets-uploader -f authorizer-${VERSION}-darwin-amd64.tar.gz -mediatype application/gzip -repo authorizerdev/authorizer -token ${{secrets.RELEASE_TOKEN}} -tag ${VERSION}
       - name: Log in to Docker Hub
         uses: docker/login-action@v1
         with:
@@ -74,6 +89,9 @@ jobs:
         uses: docker/metadata-action@v3
         with:
           images: lakhansamani/authorizer
+          tags: |
+            # set latest tag for default branch
+            type=raw,value=latest,enable={{is_default_branch}}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v2

Makefile

@@ -3,6 +3,12 @@ VERSION := $(or $(VERSION),$(DEFAULT_VERSION))
 
 cmd:
 	cd server && go build -ldflags "-w -X main.VERSION=$(VERSION)" -o '../build/server'
+build:
+	cd server && gox \
+		-osarch="linux/amd64 linux/arm64 darwin/amd64 windows/386 windows/amd64" \
+		-ldflags "-w -X main.VERSION=$(VERSION)" \
+		-output="../build/{{.OS}}/{{.Arch}}/server" \
+		./...
 build-app:
 	cd app && npm i && npm run build
 build-dashboard:
@@ -23,14 +29,20 @@ test-arangodb:
 	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
 	cd server && go clean --testcache && TEST_DBS="arangodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_arangodb
+test-dynamodb:
+	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
+	cd server && go clean --testcache && TEST_DBS="dynamodb" go test -p 1 -v ./test
+	docker rm -vf dynamodb-local-test
 test-all-db:
 	rm -rf server/test/test.db && rm -rf test.db
 	docker run -d --name authorizer_scylla_db -p 9042:9042 scylladb/scylla
 	docker run -d --name authorizer_mongodb_db -p 27017:27017 mongo:4.4.15
 	docker run -d --name authorizer_arangodb -p 8529:8529 -e ARANGO_NO_AUTH=1 arangodb/arangodb:3.8.4
-	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb" go test -p 1 -v ./test
+	docker run -d --name dynamodb-local-test  -p 8000:8000 amazon/dynamodb-local:latest 
+	cd server && go clean --testcache && TEST_DBS="sqlite,mongodb,arangodb,scylladb,dynamodb" go test -p 1 -v ./test
 	docker rm -vf authorizer_scylla_db
 	docker rm -vf authorizer_mongodb_db
 	docker rm -vf authorizer_arangodb
+	docker rm -vf dynamodb-local-test
 generate:
 	cd server && go run github.com/99designs/gqlgen generate && go mod tidy

app/.prettierrc.json

@@ -0,0 +1,6 @@
+{
+	"tabWidth": 2,
+	"singleQuote": true,
+	"trailingComma": "all",
+	"useTabs": false
+}

app/package-lock.json

@@ -22,7 +22,8 @@
 			},
 			"devDependencies": {
 				"@types/react-router-dom": "^5.1.8",
-				"@types/styled-components": "^5.1.11"
+				"@types/styled-components": "^5.1.11",
+				"prettier": "2.7.1"
 			}
 		},
 		"node_modules/@authorizerdev/authorizer-js": {
@@ -617,6 +618,21 @@
 			"resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
 			"integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
 		},
+		"node_modules/prettier": {
+			"version": "2.7.1",
+			"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
+			"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
+			"dev": true,
+			"bin": {
+				"prettier": "bin-prettier.js"
+			},
+			"engines": {
+				"node": ">=10.13.0"
+			},
+			"funding": {
+				"url": "https://github.com/prettier/prettier?sponsor=1"
+			}
+		},
 		"node_modules/prop-types": {
 			"version": "15.7.2",
 			"resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz",
@@ -1329,6 +1345,12 @@
 			"resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
 			"integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
 		},
+		"prettier": {
+			"version": "2.7.1",
+			"resolved": "https://registry.npmjs.org/prettier/-/prettier-2.7.1.tgz",
+			"integrity": "sha512-ujppO+MkdPqoVINuDFDRLClm7D78qbDt0/NR+wp5FqEZOoTNAjPHWj17QRhu7geIHJfcNhRk1XVQmF8Bp3ye+g==",
+			"dev": true
+		},
 		"prop-types": {
 			"version": "15.7.2",
 			"resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.7.2.tgz",

app/package.json

@@ -5,7 +5,8 @@
 	"main": "index.js",
 	"scripts": {
 		"build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
-		"start": "NODE_ENV=development node ./esbuild.config.js"
+		"start": "NODE_ENV=development node ./esbuild.config.js",
+		"format": "prettier --write --use-tabs 'src/**/*.(ts|tsx|js|jsx)'"
 	},
 	"keywords": [],
 	"author": "Lakhan Samani",
@@ -19,11 +20,12 @@
 		"react-dom": "^17.0.2",
 		"react-is": "^17.0.2",
 		"react-router-dom": "^5.2.0",
-		"typescript": "^4.3.5",
-		"styled-components": "^5.3.0"
+		"styled-components": "^5.3.0",
+		"typescript": "^4.3.5"
 	},
 	"devDependencies": {
 		"@types/react-router-dom": "^5.1.8",
-		"@types/styled-components": "^5.1.11"
+		"@types/styled-components": "^5.1.11",
+		"prettier": "2.7.1"
 	}
 }

app/src/Root.tsx

@@ -32,7 +32,7 @@ export default function Root({
 	const { token, loading, config } = useAuthorizer();
 
 	const searchParams = new URLSearchParams(
-		hasWindow() ? window.location.search : ``
+		hasWindow() ? window.location.search : ``,
 	);
 	const state = searchParams.get('state') || createRandomString();
 	const scope = searchParams.get('scope')

app/src/pages/login.tsx

@@ -60,7 +60,12 @@ export default function Login({ urlProps }: { urlProps: Record<string, any> }) {
 			{view === VIEW_TYPES.FORGOT_PASSWORD && (
 				<Fragment>
 					<h1 style={{ textAlign: 'center' }}>Forgot Password</h1>
-					<AuthorizerForgotPassword urlProps={urlProps} />
+					<AuthorizerForgotPassword
+						urlProps={{
+							...urlProps,
+							redirect_uri: `${window.location.origin}/app/reset-password`,
+						}}
+					/>
 					<Footer>
 						<Link
 							to="#"

app/src/utils/common.ts

@@ -8,7 +8,7 @@ export const createRandomString = () => {
 		'0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-_~.';
 	let random = '';
 	const randomValues = Array.from(
-		getCrypto().getRandomValues(new Uint8Array(43))
+		getCrypto().getRandomValues(new Uint8Array(43)),
 	);
 	randomValues.forEach((v) => (random += charset[v % charset.length]));
 	return random;

dashboard/.prettierrc.json

@@ -0,0 +1,6 @@
+{
+	"tabWidth": 2,
+	"singleQuote": true,
+	"trailingComma": "all",
+	"useTabs": false
+}

dashboard/package.json

@@ -5,7 +5,8 @@
 	"main": "index.js",
 	"scripts": {
 		"build": "rm -rf build && NODE_ENV=production node ./esbuild.config.js",
-		"start": "NODE_ENV=development node ./esbuild.config.js"
+		"start": "NODE_ENV=development node ./esbuild.config.js",
+		"format": "prettier --write --use-tabs 'src/**/*.(ts|tsx|js|jsx)'"
 	},
 	"keywords": [],
 	"author": "Lakhan Samani",
@@ -35,6 +36,7 @@
 		"urql": "^2.0.6"
 	},
 	"devDependencies": {
-		"@types/react-email-editor": "^1.1.7"
+		"@types/react-email-editor": "^1.1.7",
+		"prettier": "2.7.1"
 	}
 }

dashboard/src/components/EditUserModal.tsx

@@ -1,4 +1,4 @@
-import React from 'react';
+import React, { useState } from 'react';
 import {
 	Button,
 	Center,
@@ -20,13 +20,14 @@ import { useClient } from 'urql';
 import { FaSave } from 'react-icons/fa';
 import InputField from './InputField';
 import {
-	ArrayInputType,
 	DateInputType,
+	MultiSelectInputType,
 	SelectInputType,
 	TextInputType,
 } from '../constants';
 import { getObjectDiff } from '../utils';
 import { UpdateUser } from '../graphql/mutation';
+import { GetAvailableRolesQuery } from '../graphql/queries';
 
 const GenderTypes = {
 	Undisclosed: null,
@@ -57,8 +58,9 @@ const EditUserModal = ({
 }) => {
 	const client = useClient();
 	const toast = useToast();
+	const [availableRoles, setAvailableRoles] = useState<string[]>([]);
 	const { isOpen, onOpen, onClose } = useDisclosure();
-	const [userData, setUserData] = React.useState<userDataTypes>({
+	const [userData, setUserData] = useState<userDataTypes>({
 		id: '',
 		email: '',
 		given_name: '',
@@ -73,7 +75,17 @@ const EditUserModal = ({
 	});
 	React.useEffect(() => {
 		setUserData(user);
+		fetchAvailableRoles();
 	}, []);
+	const fetchAvailableRoles = async () => {
+		const res = await client.query(GetAvailableRolesQuery).toPromise();
+		if (res.data?._env?.ROLES && res.data?._env?.PROTECTED_ROLES) {
+			setAvailableRoles([
+				...res.data._env.ROLES,
+				...res.data._env.PROTECTED_ROLES,
+			]);
+		}
+	};
 	const saveHandler = async () => {
 		const diff = getObjectDiff(user, userData);
 		const updatedUserData = diff.reduce(
@@ -82,7 +94,7 @@ const EditUserModal = ({
 				// @ts-ignore
 				[property]: userData[property],
 			}),
-			{}
+			{},
 		);
 		const res = await client
 			.mutation(UpdateUser, { params: { ...updatedUserData, id: userData.id } })
@@ -221,7 +233,8 @@ const EditUserModal = ({
 									<InputField
 										variables={userData}
 										setVariables={setUserData}
-										inputType={ArrayInputType.USER_ROLES}
+										availableRoles={availableRoles}
+										inputType={MultiSelectInputType.USER_ROLES}
 									/>
 								</Center>
 							</Flex>

dashboard/src/components/EnvComponents/AccessToken.tsx

@@ -1,28 +1,28 @@
-import React from "react";
-import { Flex, Stack, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../../components/InputField";
-import { TextInputType, TextAreaInputType } from "../../constants";
+import React from 'react';
+import { Flex, Stack, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../../components/InputField';
+import { TextInputType, TextAreaInputType } from '../../constants';
 
 const AccessToken = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
 				Access Token
 			</Text>
 			<Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "50%"}
+						w={isNotSmallerScreen ? '30%' : '50%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">Access Token Expiry Time:</Text>
 					</Flex>
 					<Flex
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -33,9 +33,9 @@ const AccessToken = ({ variables, setVariables }: any) => {
 						/>
 					</Flex>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "60%"}
+						w={isNotSmallerScreen ? '30%' : '60%'}
 						justifyContent="start"
 						direction="column"
 					>
@@ -45,8 +45,8 @@ const AccessToken = ({ variables, setVariables }: any) => {
 						</Text>
 					</Flex>
 					<Flex
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							variables={variables}

dashboard/src/components/EnvComponents/DomainWhitelisting.tsx

@@ -1,24 +1,24 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../../components/InputField";
-import { ArrayInputType} from "../../constants";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../../components/InputField';
+import { ArrayInputType } from '../../constants';
 
 const DomainWhiteListing = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
 				Domain White Listing
 			</Text>
 			<Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">Allowed Origins:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							variables={variables}

dashboard/src/components/EnvComponents/EmailConfiguration.tsx

@@ -1,28 +1,28 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../../components/InputField";
-import { TextInputType, HiddenInputType} from "../../constants";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../../components/InputField';
+import { TextInputType, HiddenInputType } from '../../constants';
 const EmailConfigurations = ({
 	variables,
 	setVariables,
 	fieldVisibility,
 	setFieldVisibility,
 }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
 				Email Configurations
 			</Text>
 			<Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">SMTP Host:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -32,13 +32,13 @@ const EmailConfigurations = ({
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">SMTP Port:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -48,17 +48,37 @@ const EmailConfigurations = ({
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
+						justifyContent="start"
+						alignItems="center"
+					>
+						<Text fontSize="sm">SMTP Local Name:</Text>
+					</Flex>
+					<Center
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
+					>
+						<InputField
+							borderRadius={5}
+							variables={variables}
+							setVariables={setVariables}
+							inputType={TextInputType.SMTP_LOCAL_NAME}
+						/>
+					</Center>
+				</Flex>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
+					<Flex
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">SMTP Username:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -68,17 +88,17 @@ const EmailConfigurations = ({
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">SMTP Password:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -90,13 +110,13 @@ const EmailConfigurations = ({
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex w="30%" justifyContent="start" alignItems="center">
 						<Text fontSize="sm">From Email:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}

dashboard/src/components/EnvComponents/Features.tsx

@@ -126,6 +126,40 @@ const Features = ({ variables, setVariables }: any) => {
 					</Flex>
 				</Flex>
 			</Stack>
+			<Divider paddingY={5} />
+			<Text fontSize="md" paddingTop={5} fontWeight="bold" mb={5}>
+				Cookie Security Features
+			</Text>
+			<Stack spacing={6}>
+				<Flex>
+					<Flex w="100%" alignItems="baseline" flexDir="column">
+						<Text fontSize="sm">Use Secure App Cookie:</Text>
+						<Text fontSize="x-small">
+							Note: If you set this to insecure, it will set{' '}
+							<code>sameSite</code> property of cookie to <code>lax</code> mode
+						</Text>
+					</Flex>
+					<Flex justifyContent="start">
+						<InputField
+							variables={variables}
+							setVariables={setVariables}
+							inputType={SwitchInputType.APP_COOKIE_SECURE}
+						/>
+					</Flex>
+				</Flex>
+				<Flex>
+					<Flex w="100%" alignItems="baseline" flexDir="column">
+						<Text fontSize="sm">Use Secure Admin Cookie:</Text>
+					</Flex>
+					<Flex justifyContent="start">
+						<InputField
+							variables={variables}
+							setVariables={setVariables}
+							inputType={SwitchInputType.ADMIN_COOKIE_SECURE}
+						/>
+					</Flex>
+				</Flex>
+			</Stack>
 		</div>
 	);
 };

dashboard/src/components/EnvComponents/JWTConfiguration.tsx

@@ -37,7 +37,7 @@ const JSTConfigurations = ({
 				JSON.stringify({
 					type: variables.JWT_TYPE,
 					key: variables.JWT_PUBLIC_KEY || variables.JWT_SECRET,
-				})
+				}),
 			);
 			toast({
 				title: `JWT config copied successfully`,

dashboard/src/components/EnvComponents/OrganizationInfo.tsx

@@ -1,28 +1,28 @@
-import React from "react";
-import { Flex, Stack, Center, Text, useMediaQuery } from "@chakra-ui/react";
-import InputField from "../InputField";
-import { TextInputType } from "../../constants";
+import React from 'react';
+import { Flex, Stack, Center, Text, useMediaQuery } from '@chakra-ui/react';
+import InputField from '../InputField';
+import { TextInputType } from '../../constants';
 
 const OrganizationInfo = ({ variables, setVariables }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold" mb={5}>
 				Organization Information
 			</Text>
 			<Stack spacing={6} padding="2% 0%">
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">Organization Name:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}
@@ -32,17 +32,17 @@ const OrganizationInfo = ({ variables, setVariables }: any) => {
 						/>
 					</Center>
 				</Flex>
-        <Flex direction={isNotSmallerScreen ? "row" : "column"}>
+				<Flex direction={isNotSmallerScreen ? 'row' : 'column'}>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">Organization Logo:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}

dashboard/src/components/EnvComponents/SecurityAdminSecret.tsx

@@ -1,4 +1,4 @@
-import React from "react";
+import React from 'react';
 import {
 	Flex,
 	Stack,
@@ -8,10 +8,10 @@ import {
 	InputGroup,
 	InputRightElement,
 	useMediaQuery,
-} from "@chakra-ui/react";
-import { FaRegEyeSlash, FaRegEye } from "react-icons/fa";
-import InputField from "../InputField";
-import { HiddenInputType } from "../../constants";
+} from '@chakra-ui/react';
+import { FaRegEyeSlash, FaRegEye } from 'react-icons/fa';
+import InputField from '../InputField';
+import { HiddenInputType } from '../../constants';
 const SecurityAdminSecret = ({
 	variables,
 	setVariables,
@@ -20,10 +20,10 @@ const SecurityAdminSecret = ({
 	validateAdminSecretHandler,
 	adminSecret,
 }: any) => {
-  const [isNotSmallerScreen] = useMediaQuery("(min-width:600px)");
+	const [isNotSmallerScreen] = useMediaQuery('(min-width:600px)');
 	return (
 		<div>
-      {" "}
+			{' '}
 			<Text fontSize="md" paddingTop="2%" fontWeight="bold">
 				Security (Admin Secret)
 			</Text>
@@ -35,20 +35,20 @@ const SecurityAdminSecret = ({
 				borderRadius="5px"
 			>
 				<Flex
-          marginTop={isNotSmallerScreen ? "3%" : "5%"}
-          direction={isNotSmallerScreen ? "row" : "column"}
+					marginTop={isNotSmallerScreen ? '3%' : '5%'}
+					direction={isNotSmallerScreen ? 'row' : 'column'}
 				>
 					<Flex
 						mt={3}
-            w={isNotSmallerScreen ? "30%" : "40%"}
+						w={isNotSmallerScreen ? '30%' : '40%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">Old Admin Secret:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputGroup size="sm">
 							<Input
@@ -59,8 +59,8 @@ const SecurityAdminSecret = ({
 								onChange={(event: any) => validateAdminSecretHandler(event)}
 								type={
 									!fieldVisibility[HiddenInputType.OLD_ADMIN_SECRET]
-                    ? "password"
-                    : "text"
+										? 'password'
+										: 'text'
 								}
 							/>
 							<InputRightElement
@@ -104,18 +104,18 @@ const SecurityAdminSecret = ({
 				</Flex>
 				<Flex
 					paddingBottom="3%"
-          direction={isNotSmallerScreen ? "row" : "column"}
+					direction={isNotSmallerScreen ? 'row' : 'column'}
 				>
 					<Flex
-            w={isNotSmallerScreen ? "30%" : "50%"}
+						w={isNotSmallerScreen ? '30%' : '50%'}
 						justifyContent="start"
 						alignItems="center"
 					>
 						<Text fontSize="sm">New Admin Secret:</Text>
 					</Flex>
 					<Center
-            w={isNotSmallerScreen ? "70%" : "100%"}
-            mt={isNotSmallerScreen ? "0" : "3"}
+						w={isNotSmallerScreen ? '70%' : '100%'}
+						mt={isNotSmallerScreen ? '0' : '3'}
 					>
 						<InputField
 							borderRadius={5}

dashboard/src/components/GenerateKeysModal.tsx

@@ -167,7 +167,7 @@ const GenerateKeysModal = ({ jwtType, getData }: propTypes) => {
 						) : (
 							<>
 								{Object.values(HMACEncryptionType).includes(
-									stateVariables.JWT_TYPE
+									stateVariables.JWT_TYPE,
 								) ? (
 									<Flex marginTop="8">
 										<Flex w="23%" justifyContent="start" alignItems="center">

dashboard/src/components/InputField.tsx

@@ -1,4 +1,4 @@
-import React from 'react';
+import React, { useState } from 'react';
 import {
 	Box,
 	Flex,
@@ -13,6 +13,12 @@ import {
 	Textarea,
 	Switch,
 	Text,
+	MenuButton,
+	MenuList,
+	MenuItemOption,
+	MenuOptionGroup,
+	Button,
+	Menu,
 } from '@chakra-ui/react';
 import {
 	FaRegClone,
@@ -20,6 +26,7 @@ import {
 	FaRegEyeSlash,
 	FaPlus,
 	FaTimes,
+	FaAngleDown,
 } from 'react-icons/fa';
 import {
 	ArrayInputOperations,
@@ -30,6 +37,7 @@ import {
 	TextAreaInputType,
 	SwitchInputType,
 	DateInputType,
+	MultiSelectInputType,
 } from '../constants';
 import { copyTextToClipboard } from '../utils';
 
@@ -39,13 +47,16 @@ const InputField = ({
 	setVariables,
 	fieldVisibility,
 	setFieldVisibility,
+	availableRoles,
 	...downshiftProps
 }: any) => {
 	const props = {
 		size: 'sm',
 		...downshiftProps,
 	};
-	const [inputFieldVisibility, setInputFieldVisibility] = React.useState<
+	const [availableUserRoles, setAvailableUserRoles] =
+		useState<string[]>(availableRoles);
+	const [inputFieldVisibility, setInputFieldVisibility] = useState<
 		Record<string, boolean>
 	>({
 		ROLES: false,
@@ -54,7 +65,7 @@ const InputField = ({
 		ALLOWED_ORIGINS: false,
 		roles: false,
 	});
-	const [inputData, setInputData] = React.useState<Record<string, string>>({
+	const [inputData, setInputData] = useState<Record<string, string>>({
 		ROLES: '',
 		DEFAULT_ROLES: '',
 		PROTECTED_ROLES: '',
@@ -64,7 +75,7 @@ const InputField = ({
 	const updateInputHandler = (
 		type: string,
 		operation: any,
-		role: string = ''
+		role: string = '',
 	) => {
 		if (operation === ArrayInputOperations.APPEND) {
 			if (inputData[type] !== '') {
@@ -78,7 +89,7 @@ const InputField = ({
 		}
 		if (operation === ArrayInputOperations.REMOVE) {
 			let updatedEnvVars = variables[type].filter(
-				(item: string) => item !== role
+				(item: string) => item !== role,
 			);
 			setVariables({
 				...variables,
@@ -95,7 +106,7 @@ const InputField = ({
 					onChange={(
 						event: Event & {
 							target: HTMLInputElement;
-						}
+						},
 					) =>
 						setVariables({
 							...variables,
@@ -116,11 +127,11 @@ const InputField = ({
 			<InputGroup size="sm">
 				<Input
 					{...props}
-					value={variables[inputType] ?? ''}
+					value={variables[inputType] || ''}
 					onChange={(
 						event: Event & {
 							target: HTMLInputElement;
-						}
+						},
 					) =>
 						setVariables({
 							...variables,
@@ -207,7 +218,7 @@ const InputField = ({
 									updateInputHandler(
 										inputType,
 										ArrayInputOperations.REMOVE,
-										role
+										role,
 									)
 								}
 							/>
@@ -221,7 +232,7 @@ const InputField = ({
 							size="xs"
 							minW="150px"
 							placeholder="add a new value"
-							value={inputData[inputType] ?? ''}
+							value={inputData[inputType] || ''}
 							onChange={(e: any) => {
 								setInputData({ ...inputData, [inputType]: e.target.value });
 							}}
@@ -278,6 +289,87 @@ const InputField = ({
 			</Select>
 		);
 	}
+	if (Object.values(MultiSelectInputType).includes(inputType)) {
+		return (
+			<Flex w="100%" style={{ position: 'relative' }}>
+				<Flex
+					border="1px solid #e2e8f0"
+					w="100%"
+					borderRadius="var(--chakra-radii-sm)"
+					p="1% 0 0 2.5%"
+					overflowX={variables[inputType].length > 3 ? 'scroll' : 'hidden'}
+					overflowY="hidden"
+					justifyContent="space-between"
+					alignItems="center"
+				>
+					<Flex justifyContent="start" alignItems="center" w="100%" wrap="wrap">
+						{variables[inputType].map((role: string, index: number) => (
+							<Box key={index} margin="0.5%" role="group">
+								<Tag
+									size="sm"
+									variant="outline"
+									colorScheme="gray"
+									minW="fit-content"
+								>
+									<TagLabel cursor="default">{role}</TagLabel>
+									<TagRightIcon
+										boxSize="12px"
+										as={FaTimes}
+										display="none"
+										cursor="pointer"
+										_groupHover={{ display: 'block' }}
+										onClick={() =>
+											updateInputHandler(
+												inputType,
+												ArrayInputOperations.REMOVE,
+												role,
+											)
+										}
+									/>
+								</Tag>
+							</Box>
+						))}
+					</Flex>
+					<Menu matchWidth={true}>
+						<MenuButton px="10px" py="7.5px">
+							<FaAngleDown />
+						</MenuButton>
+						<MenuList
+							position="absolute"
+							top="0"
+							right="0"
+							zIndex="10"
+							maxH="150"
+							overflowX="scroll"
+						>
+							<MenuOptionGroup
+								title={undefined}
+								value={variables[inputType]}
+								type="checkbox"
+								onChange={(values: string[] | string) => {
+									setVariables({
+										...variables,
+										[inputType]: values,
+									});
+								}}
+							>
+								{availableUserRoles.map((role) => {
+									return (
+										<MenuItemOption
+											key={`multiselect-menu-${role}`}
+											value={role}
+										>
+											{role}
+										</MenuItemOption>
+									);
+								})}
+							</MenuOptionGroup>
+						</MenuList>
+					</Menu>
+				</Flex>
+			</Flex>
+		);
+	}
 	if (Object.values(TextAreaInputType).includes(inputType)) {
 		return (
 			<Textarea
@@ -288,7 +380,7 @@ const InputField = ({
 				onChange={(
 					event: Event & {
 						target: HTMLInputElement;
-					}
+					},
 				) =>
 					setVariables({
 						...variables,

dashboard/src/components/InviteMembersModal.tsx

@@ -304,7 +304,7 @@ const InviteMembersModal = ({
 																onClick={() =>
 																	updateEmailListHandler(
 																		ArrayInputOperations.REMOVE,
-																		index
+																		index,
 																	)
 																}
 															>

dashboard/src/components/Menu.tsx

@@ -218,7 +218,7 @@ export const Sidebar = ({ onClose, ...rest }: SidebarProps) => {
 									</NavItem>{' '}
 								</Text>
 							</NavLink>
-						)
+						),
 					)}
 					<Link
 						href="/playground"

dashboard/src/components/UpdateEmailTemplateModal.tsx

@@ -185,7 +185,7 @@ const UpdateEmailTemplate = ({
 				toast({
 					title: capitalizeFirstLetter(
 						res.data?._add_email_template?.message ||
-							res.data?._update_email_template?.message
+							res.data?._update_email_template?.message,
 					),
 					isClosable: true,
 					status: 'success',
@@ -220,7 +220,7 @@ const UpdateEmailTemplate = ({
 	}, [isOpen]);
 	useEffect(() => {
 		const updatedTemplateVariables = Object.entries(
-			emailTemplateVariables
+			emailTemplateVariables,
 		).reduce((acc, [key, val]): any => {
 			if (
 				(templateData[EmailTemplateInputDataFields.EVENT_NAME] !==
@@ -367,7 +367,7 @@ const UpdateEmailTemplate = ({
 										onChange={(e) =>
 											inputChangehandler(
 												EmailTemplateInputDataFields.EVENT_NAME,
-												e.currentTarget.value
+												e.currentTarget.value,
 											)
 										}
 									>
@@ -376,7 +376,7 @@ const UpdateEmailTemplate = ({
 												<option value={value} key={key}>
 													{key}
 												</option>
-											)
+											),
 										)}
 									</Select>
 								</Flex>
@@ -401,7 +401,7 @@ const UpdateEmailTemplate = ({
 											onChange={(e) =>
 												inputChangehandler(
 													EmailTemplateInputDataFields.SUBJECT,
-													e.currentTarget.value
+													e.currentTarget.value,
 												)
 											}
 										/>

dashboard/src/components/UpdateWebhookModal.tsx

@@ -126,13 +126,13 @@ const UpdateWebhookModal = ({
 		...initWebhookValidatorData,
 	});
 	const [verifiedStatus, setVerifiedStatus] = useState<webhookVerifiedStatus>(
-		webhookVerifiedStatus.PENDING
+		webhookVerifiedStatus.PENDING,
 	);
 	const inputChangehandler = (
 		inputType: string,
 		value: any,
 		headerInputType: string = WebhookInputHeaderFields.KEY,
-		headerIndex: number = 0
+		headerIndex: number = 0,
 	) => {
 		if (
 			verifiedStatus !== webhookVerifiedStatus.PENDING &&
@@ -238,7 +238,7 @@ const UpdateWebhookModal = ({
 			validator[WebhookInputDataFields.ENDPOINT] &&
 			!validator[WebhookInputDataFields.HEADERS].some(
 				(headerData: headersValidatorDataType) =>
-					!headerData.key || !headerData.value
+					!headerData.key || !headerData.value,
 			)
 		);
 	};
@@ -256,7 +256,7 @@ const UpdateWebhookModal = ({
 				(acc, data) => {
 					return data.key ? { ...acc, [data.key]: data.value } : acc;
 				},
-				{}
+				{},
 			);
 			if (Object.keys(headers).length) {
 				params[WebhookInputDataFields.HEADERS] = headers;
@@ -295,7 +295,7 @@ const UpdateWebhookModal = ({
 		} else if (res.data?._add_webhook || res.data?._update_webhook) {
 			toast({
 				title: capitalizeFirstLetter(
-					res.data?._add_webhook?.message || res.data?._update_webhook?.message
+					res.data?._add_webhook?.message || res.data?._update_webhook?.message,
 				),
 				isClosable: true,
 				status: 'success',
@@ -333,7 +333,7 @@ const UpdateWebhookModal = ({
 				setValidator({
 					...validator,
 					[WebhookInputDataFields.HEADERS]: new Array(
-						formattedHeadersData.length
+						formattedHeadersData.length,
 					)
 						.fill({})
 						.map(() => ({ ...initHeadersValidatorData })),
@@ -406,7 +406,7 @@ const UpdateWebhookModal = ({
 										onChange={(e) =>
 											inputChangehandler(
 												WebhookInputDataFields.EVENT_NAME,
-												e.currentTarget.value
+												e.currentTarget.value,
 											)
 										}
 									>
@@ -415,7 +415,7 @@ const UpdateWebhookModal = ({
 												<option value={value} key={key}>
 													{key}
 												</option>
-											)
+											),
 										)}
 									</Select>
 								</Flex>
@@ -438,7 +438,7 @@ const UpdateWebhookModal = ({
 											onChange={(e) =>
 												inputChangehandler(
 													WebhookInputDataFields.ENDPOINT,
-													e.currentTarget.value
+													e.currentTarget.value,
 												)
 											}
 										/>
@@ -462,7 +462,7 @@ const UpdateWebhookModal = ({
 										onChange={() =>
 											inputChangehandler(
 												WebhookInputDataFields.ENABLED,
-												!webhook[WebhookInputDataFields.ENABLED]
+												!webhook[WebhookInputDataFields.ENABLED],
 											)
 										}
 									/>
@@ -517,7 +517,7 @@ const UpdateWebhookModal = ({
 															WebhookInputDataFields.HEADERS,
 															e.target.value,
 															WebhookInputHeaderFields.KEY,
-															index
+															index,
 														)
 													}
 													width="30%"
@@ -540,7 +540,7 @@ const UpdateWebhookModal = ({
 															WebhookInputDataFields.HEADERS,
 															e.target.value,
 															WebhookInputHeaderFields.VALUE,
-															index
+															index,
 														)
 													}
 													width="65%"
@@ -560,7 +560,7 @@ const UpdateWebhookModal = ({
 												</InputRightElement>
 											</InputGroup>
 										</Flex>
-									)
+									),
 								)}
 							</Flex>
 							<Divider marginY={5} />

dashboard/src/components/ViewWebhookLogsModal.tsx

@@ -161,15 +161,15 @@ const ViewWebhookLogsModal = ({
 													<Td>
 														<Text fontSize="sm">{`${logData.id.substring(
 															0,
-															5
+															5,
 														)}***${logData.id.substring(
 															logData.id.length - 5,
-															logData.id.length
+															logData.id.length,
 														)}`}</Text>
 													</Td>
 													<Td>
 														{dayjs(logData.created_at * 1000).format(
-															'MMM DD, YYYY'
+															'MMM DD, YYYY',
 														)}
 													</Td>
 													<Td>

dashboard/src/constants.ts

@@ -15,6 +15,7 @@ export const TextInputType = {
 	SMTP_HOST: 'SMTP_HOST',
 	SMTP_PORT: 'SMTP_PORT',
 	SMTP_USERNAME: 'SMTP_USERNAME',
+	SMTP_LOCAL_NAME: 'SMTP_LOCAL_NAME',
 	SENDER_EMAIL: 'SENDER_EMAIL',
 	ORGANIZATION_NAME: 'ORGANIZATION_NAME',
 	ORGANIZATION_LOGO: 'ORGANIZATION_LOGO',
@@ -48,7 +49,6 @@ export const ArrayInputType = {
 	DEFAULT_ROLES: 'DEFAULT_ROLES',
 	PROTECTED_ROLES: 'PROTECTED_ROLES',
 	ALLOWED_ORIGINS: 'ALLOWED_ORIGINS',
-	USER_ROLES: 'roles',
 };
 
 export const SelectInputType = {
@@ -56,6 +56,10 @@ export const SelectInputType = {
 	GENDER: 'gender',
 };
 
+export const MultiSelectInputType = {
+	USER_ROLES: 'roles',
+};
+
 export const TextAreaInputType = {
 	CUSTOM_ACCESS_TOKEN_SCRIPT: 'CUSTOM_ACCESS_TOKEN_SCRIPT',
 	JWT_PRIVATE_KEY: 'JWT_PRIVATE_KEY',
@@ -63,6 +67,8 @@ export const TextAreaInputType = {
 };
 
 export const SwitchInputType = {
+	APP_COOKIE_SECURE: 'APP_COOKIE_SECURE',
+	ADMIN_COOKIE_SECURE: 'ADMIN_COOKIE_SECURE',
 	DISABLE_LOGIN_PAGE: 'DISABLE_LOGIN_PAGE',
 	DISABLE_MAGIC_LINK_LOGIN: 'DISABLE_MAGIC_LINK_LOGIN',
 	DISABLE_EMAIL_VERIFICATION: 'DISABLE_EMAIL_VERIFICATION',
@@ -127,12 +133,15 @@ export interface envVarTypes {
 	SMTP_PORT: string;
 	SMTP_USERNAME: string;
 	SMTP_PASSWORD: string;
+	SMTP_LOCAL_NAME: string;
 	SENDER_EMAIL: string;
 	ALLOWED_ORIGINS: [string] | [];
 	ORGANIZATION_NAME: string;
 	ORGANIZATION_LOGO: string;
 	CUSTOM_ACCESS_TOKEN_SCRIPT: string;
 	ADMIN_SECRET: string;
+	APP_COOKIE_SECURE: boolean;
+	ADMIN_COOKIE_SECURE: boolean;
 	DISABLE_LOGIN_PAGE: boolean;
 	DISABLE_MAGIC_LINK_LOGIN: boolean;
 	DISABLE_EMAIL_VERIFICATION: boolean;

dashboard/src/graphql/queries/index.ts

@@ -45,11 +45,14 @@ export const EnvVariablesQuery = `
       SMTP_PORT
       SMTP_USERNAME
       SMTP_PASSWORD
+      SMTP_LOCAL_NAME
       SENDER_EMAIL
       ALLOWED_ORIGINS
       ORGANIZATION_NAME
       ORGANIZATION_LOGO
       ADMIN_SECRET
+      APP_COOKIE_SECURE
+      ADMIN_COOKIE_SECURE
       DISABLE_LOGIN_PAGE
       DISABLE_MAGIC_LINK_LOGIN
       DISABLE_EMAIL_VERIFICATION
@@ -167,3 +170,12 @@ export const WebhookLogsQuery = `
     }
   }
 `;
+
+export const GetAvailableRolesQuery = `
+  query {
+    _env {
+      ROLES
+      PROTECTED_ROLES
+    }
+  }
+`;

dashboard/src/index.tsx

@@ -6,5 +6,5 @@ ReactDOM.render(
 	<div>
 		<App />
 	</div>,
-	document.getElementById('root')
+	document.getElementById('root'),
 );

dashboard/src/pages/EmailTemplates.tsx

@@ -154,7 +154,7 @@ const EmailTemplates = () => {
 									<Td>{templateData[EmailTemplateInputDataFields.SUBJECT]}</Td>
 									<Td>
 										{dayjs(templateData.created_at * 1000).format(
-											'MMM DD, YYYY'
+											'MMM DD, YYYY',
 										)}
 									</Td>
 									<Td>

dashboard/src/pages/Environment.tsx

@@ -65,12 +65,15 @@ const Environment = () => {
 		SMTP_PORT: '',
 		SMTP_USERNAME: '',
 		SMTP_PASSWORD: '',
+		SMTP_LOCAL_NAME: '',
 		SENDER_EMAIL: '',
 		ALLOWED_ORIGINS: [],
 		ORGANIZATION_NAME: '',
 		ORGANIZATION_LOGO: '',
 		CUSTOM_ACCESS_TOKEN_SCRIPT: '',
 		ADMIN_SECRET: '',
+		APP_COOKIE_SECURE: false,
+		ADMIN_COOKIE_SECURE: false,
 		DISABLE_LOGIN_PAGE: false,
 		DISABLE_MAGIC_LINK_LOGIN: false,
 		DISABLE_EMAIL_VERIFICATION: false,
@@ -155,7 +158,7 @@ const Environment = () => {
 				// @ts-ignore
 				[property]: envVariables[property],
 			}),
-			{}
+			{},
 		);
 		if (
 			updatedEnvVariables[HiddenInputType.ADMIN_SECRET] === '' ||

dashboard/src/pages/Users.tsx

@@ -29,7 +29,7 @@ import {
 	MenuItem,
 	useToast,
 	Spinner,
-	TableContainer
+	TableContainer,
 } from '@chakra-ui/react';
 import {
 	FaAngleLeft,
@@ -195,7 +195,7 @@ export default function Users() {
 
 	const updateAccessHandler = async (
 		id: string,
-		action: updateAccessActions
+		action: updateAccessActions,
 	) => {
 		switch (action) {
 			case updateAccessActions.ENABLE:
@@ -263,7 +263,8 @@ export default function Users() {
 			.toPromise();
 		if (res.data?._update_user?.id) {
 			toast({
-				title: `Multi factor authentication ${user.is_multi_factor_auth_enabled ? 'disabled' : 'enabled'
+				title: `Multi factor authentication ${
+					user.is_multi_factor_auth_enabled ? 'disabled' : 'enabled'
 				} for user`,
 				isClosable: true,
 				status: 'success',
@@ -387,7 +388,7 @@ export default function Users() {
 																onClick={() =>
 																	updateAccessHandler(
 																		user.id,
-																		updateAccessActions.ENABLE
+																		updateAccessActions.ENABLE,
 																	)
 																}
 															>
@@ -398,7 +399,7 @@ export default function Users() {
 																onClick={() =>
 																	updateAccessHandler(
 																		user.id,
-																		updateAccessActions.REVOKE
+																		updateAccessActions.REVOKE,
 																	)
 																}
 															>
@@ -407,13 +408,17 @@ export default function Users() {
 														)}
 														{user.is_multi_factor_auth_enabled ? (
 															<MenuItem
-																onClick={() => multiFactorAuthUpdateHandler(user)}
+																onClick={() =>
+																	multiFactorAuthUpdateHandler(user)
+																}
 															>
 																Disable MultiFactor Authentication
 															</MenuItem>
 														) : (
 															<MenuItem
-																onClick={() => multiFactorAuthUpdateHandler(user)}
+																onClick={() =>
+																	multiFactorAuthUpdateHandler(user)
+																}
 															>
 																Enable MultiFactor Authentication
 															</MenuItem>

dashboard/src/pages/Webhooks.tsx

@@ -170,12 +170,12 @@ const Webhooks = () => {
 											label={JSON.stringify(
 												webhook[WebhookInputDataFields.HEADERS],
 												null,
-												' '
+												' ',
 											)}
 										>
 											<Tag size="sm" variant="outline" colorScheme="gray">
 												{Object.keys(
-													webhook[WebhookInputDataFields.HEADERS] || {}
+													webhook[WebhookInputDataFields.HEADERS] || {},
 												)?.length.toString()}
 											</Tag>
 										</Tooltip>

dashboard/src/utils/index.ts

@@ -67,7 +67,7 @@ export const validateEmail = (email: string) => {
 	return email
 		.toLowerCase()
 		.match(
-			/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+			/^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/,
 		)
 		? true
 		: false;
@@ -78,7 +78,7 @@ export const validateURI = (uri: string) => {
 	return uri
 		.toLowerCase()
 		.match(
-			/(?:^|\s)((https?:\/\/)?(?:localhost|[\w-]+(?:\.[\w-]+)+)(:\d+)?(\/\S*)?)/
+			/(?:^|\s)((https?:\/\/)?(?:localhost|[\w-]+(?:\.[\w-]+)+)(:\d+)?(\/\S*)?)/,
 		)
 		? true
 		: false;

dashboard/src/utils/parseCSV.ts

@@ -27,7 +27,7 @@ const parseCSV = (file: File, delimiter: string): Promise<dataTypes[]> => {
 						value: email.trim(),
 						isInvalid: !validateEmail(email.trim()),
 					};
-				})
+				}),
 			);
 		};
 

server/constants/db_types.go

@@ -25,4 +25,6 @@ const (
 	DbTypeCockroachDB = "cockroachdb"
 	// DbTypePlanetScaleDB is the planetscale database type
 	DbTypePlanetScaleDB = "planetscale"
+	// DbTypeDynamoDB is the Dynamo database type
+	DbTypeDynamoDB = "dynamodb"
 )

server/constants/env.go

@@ -21,6 +21,12 @@ const (
 	EnvKeyDatabaseType = "DATABASE_TYPE"
 	// EnvKeyDatabaseURL key for env variable DATABASE_URL
 	EnvKeyDatabaseURL = "DATABASE_URL"
+	// EnvAwsRegion key for env variable AWS REGION
+	EnvAwsRegion = "AWS_REGION"
+	// EnvAwsAccessKeyID key for env variable AWS_ACCESS_KEY_ID
+	EnvAwsAccessKeyID = "AWS_ACCESS_KEY_ID"
+	// EnvAwsAccessKey key for env variable AWS_SECRET_ACCESS_KEY
+	EnvAwsSecretAccessKey = "AWS_SECRET_ACCESS_KEY"
 	// EnvKeyDatabaseName key for env variable DATABASE_NAME
 	EnvKeyDatabaseName = "DATABASE_NAME"
 	// EnvKeyDatabaseUsername key for env variable DATABASE_USERNAME
@@ -45,6 +51,8 @@ const (
 	EnvKeySmtpUsername = "SMTP_USERNAME"
 	// EnvKeySmtpPassword key for env variable SMTP_PASSWORD
 	EnvKeySmtpPassword = "SMTP_PASSWORD"
+	// EnvKeySmtpLocalName key for env variable SMTP_LOCAL_NAME
+	EnvKeySmtpLocalName = "SMTP_LOCAL_NAME"
 	// EnvKeySenderEmail key for env variable SENDER_EMAIL
 	EnvKeySenderEmail = "SENDER_EMAIL"
 	// EnvKeyIsEmailServiceEnabled key for env variable IS_EMAIL_SERVICE_ENABLED

server/cookie/cookie.go

@@ -29,8 +29,7 @@ func SetSession(gc *gin.Context, sessionID string) {
 		domain = "." + domain
 	}
 
-	// Use sameSite = lax by default
-	// Since app cookie can come from cross site it becomes important to set this in lax mode.
+	// Since app cookie can come from cross site it becomes important to set this in lax mode when insecure.
 	// Example person using custom UI on their app domain and making request to authorizer domain.
 	// For more information check:
 	// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

server/db/db.go

@@ -7,6 +7,7 @@ import (
 	"github.com/authorizerdev/authorizer/server/db/providers"
 	"github.com/authorizerdev/authorizer/server/db/providers/arangodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/cassandradb"
+	"github.com/authorizerdev/authorizer/server/db/providers/dynamodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/mongodb"
 	"github.com/authorizerdev/authorizer/server/db/providers/sql"
 	"github.com/authorizerdev/authorizer/server/memorystore"
@@ -20,10 +21,11 @@ func InitDB() error {
 
 	envs := memorystore.RequiredEnvStoreObj.GetRequiredEnv()
 
-	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB
+	isSQL := envs.DatabaseType != constants.DbTypeArangodb && envs.DatabaseType != constants.DbTypeMongodb && envs.DatabaseType != constants.DbTypeCassandraDB && envs.DatabaseType != constants.DbTypeScyllaDB && envs.DatabaseType != constants.DbTypeDynamoDB
 	isArangoDB := envs.DatabaseType == constants.DbTypeArangodb
 	isMongoDB := envs.DatabaseType == constants.DbTypeMongodb
 	isCassandra := envs.DatabaseType == constants.DbTypeCassandraDB || envs.DatabaseType == constants.DbTypeScyllaDB
+	isDynamoDB := envs.DatabaseType == constants.DbTypeDynamoDB
 
 	if isSQL {
 		log.Info("Initializing SQL Driver for: ", envs.DatabaseType)
@@ -61,5 +63,14 @@ func InitDB() error {
 		}
 	}
 
+	if isDynamoDB {
+		log.Info("Initializing DynamoDB Driver for: ", envs.DatabaseType)
+		Provider, err = dynamodb.NewProvider()
+		if err != nil {
+			log.Fatal("Failed to initialize DynamoDB driver: ", err)
+			return err
+		}
+	}
+
 	return nil
 }

server/db/models/email_templates.go

@@ -9,14 +9,14 @@ import (
 
 // EmailTemplate model for database
 type EmailTemplate struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name"`
-	Subject   string `gorm:"type:text" json:"subject" bson:"subject" cql:"subject"`
-	Template  string `gorm:"type:text" json:"template" bson:"template" cql:"template"`
-	Design    string `gorm:"type:text" json:"design" bson:"design" cql:"design"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name" dynamo:"event_name" index:"event_name,hash"`
+	Subject   string `json:"subject" bson:"subject" cql:"subject" dynamo:"subject"`
+	Template  string `json:"template" bson:"template" cql:"template" dynamo:"template"`
+	Design    string `json:"design" bson:"design" cql:"design" dynamo:"design"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 // AsAPIEmailTemplate to return email template as graphql response object

server/db/models/env.go

@@ -4,10 +4,10 @@ package models
 
 // Env model for db
 type Env struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	EnvData   string `gorm:"type:text" json:"env" bson:"env" cql:"env"`
-	Hash      string `gorm:"type:text" json:"hash" bson:"hash" cql:"hash"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EnvData   string `json:"env" bson:"env" cql:"env" dynamo:"env"`
+	Hash      string `json:"hash" bson:"hash" cql:"hash" dynamo:"hash"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }

server/db/models/otp.go

@@ -2,11 +2,15 @@ package models
 
 // OTP model for database
 type OTP struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	Email     string `gorm:"unique" json:"email" bson:"email" cql:"email"`
-	Otp       string `json:"otp" bson:"otp" cql:"otp"`
-	ExpiresAt int64  `json:"expires_at" bson:"expires_at" cql:"expires_at"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	Email     string `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
+	Otp       string `json:"otp" bson:"otp" cql:"otp" dynamo:"otp"`
+	ExpiresAt int64  `json:"expires_at" bson:"expires_at" cql:"expires_at" dynamo:"expires_at"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+}
+
+type Paging struct {
+	ID string `json:"id,omitempty" dynamo:"id,hash"`
 }

server/db/models/session.go

@@ -4,11 +4,11 @@ package models
 
 // Session model for db
 type Session struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	UserID    string `gorm:"type:char(36)" json:"user_id" bson:"user_id" cql:"user_id"`
-	UserAgent string `json:"user_agent" bson:"user_agent" cql:"user_agent"`
-	IP        string `json:"ip" bson:"ip" cql:"ip"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	UserID    string `gorm:"type:char(36)" json:"user_id" bson:"user_id" cql:"user_id" dynamo:"user_id" index:"user_id,hash"`
+	UserAgent string `json:"user_agent" bson:"user_agent" cql:"user_agent" dynamo:"user_agent"`
+	IP        string `json:"ip" bson:"ip" cql:"ip" dynamo:"ip"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }

server/db/models/user.go

@@ -12,27 +12,27 @@ import (
 
 // User model for db
 type User struct {
-	Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID  string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
+	Key string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID  string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
 
-	Email                    string  `gorm:"unique" json:"email" bson:"email" cql:"email"`
-	EmailVerifiedAt          *int64  `json:"email_verified_at" bson:"email_verified_at" cql:"email_verified_at"`
-	Password                 *string `gorm:"type:text" json:"password" bson:"password" cql:"password"`
-	SignupMethods            string  `json:"signup_methods" bson:"signup_methods" cql:"signup_methods"`
-	GivenName                *string `json:"given_name" bson:"given_name" cql:"given_name"`
-	FamilyName               *string `json:"family_name" bson:"family_name" cql:"family_name"`
-	MiddleName               *string `json:"middle_name" bson:"middle_name" cql:"middle_name"`
-	Nickname                 *string `json:"nickname" bson:"nickname" cql:"nickname"`
-	Gender                   *string `json:"gender" bson:"gender" cql:"gender"`
-	Birthdate                *string `json:"birthdate" bson:"birthdate" cql:"birthdate"`
-	PhoneNumber              *string `gorm:"unique" json:"phone_number" bson:"phone_number" cql:"phone_number"`
-	PhoneNumberVerifiedAt    *int64  `json:"phone_number_verified_at" bson:"phone_number_verified_at" cql:"phone_number_verified_at"`
-	Picture                  *string `gorm:"type:text" json:"picture" bson:"picture" cql:"picture"`
-	Roles                    string  `json:"roles" bson:"roles" cql:"roles"`
-	RevokedTimestamp         *int64  `json:"revoked_timestamp" bson:"revoked_timestamp" cql:"revoked_timestamp"`
-	IsMultiFactorAuthEnabled *bool   `json:"is_multi_factor_auth_enabled" bson:"is_multi_factor_auth_enabled" cql:"is_multi_factor_auth_enabled"`
-	UpdatedAt                int64   `json:"updated_at" bson:"updated_at" cql:"updated_at"`
-	CreatedAt                int64   `json:"created_at" bson:"created_at" cql:"created_at"`
+	Email                    string  `gorm:"unique" json:"email" bson:"email" cql:"email" dynamo:"email" index:"email,hash"`
+	EmailVerifiedAt          *int64  `json:"email_verified_at" bson:"email_verified_at" cql:"email_verified_at" dynamo:"email_verified_at"`
+	Password                 *string `json:"password" bson:"password" cql:"password" dynamo:"password"`
+	SignupMethods            string  `json:"signup_methods" bson:"signup_methods" cql:"signup_methods" dynamo:"signup_methods"`
+	GivenName                *string `json:"given_name" bson:"given_name" cql:"given_name" dynamo:"given_name"`
+	FamilyName               *string `json:"family_name" bson:"family_name" cql:"family_name" dynamo:"family_name"`
+	MiddleName               *string `json:"middle_name" bson:"middle_name" cql:"middle_name" dynamo:"middle_name"`
+	Nickname                 *string `json:"nickname" bson:"nickname" cql:"nickname" dynamo:"nickname"`
+	Gender                   *string `json:"gender" bson:"gender" cql:"gender" dynamo:"gender"`
+	Birthdate                *string `json:"birthdate" bson:"birthdate" cql:"birthdate" dynamo:"birthdate"`
+	PhoneNumber              *string `gorm:"unique" json:"phone_number" bson:"phone_number" cql:"phone_number" dynamo:"phone_number"`
+	PhoneNumberVerifiedAt    *int64  `json:"phone_number_verified_at" bson:"phone_number_verified_at" cql:"phone_number_verified_at" dynamo:"phone_number_verified_at"`
+	Picture                  *string `json:"picture" bson:"picture" cql:"picture" dynamo:"picture"`
+	Roles                    string  `json:"roles" bson:"roles" cql:"roles" dynamo:"roles"`
+	RevokedTimestamp         *int64  `json:"revoked_timestamp" bson:"revoked_timestamp" cql:"revoked_timestamp" dynamo:"revoked_timestamp"`
+	IsMultiFactorAuthEnabled *bool   `json:"is_multi_factor_auth_enabled" bson:"is_multi_factor_auth_enabled" cql:"is_multi_factor_auth_enabled" dynamo:"is_multi_factor_auth_enabled"`
+	UpdatedAt                int64   `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
+	CreatedAt                int64   `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
 }
 
 func (user *User) AsAPIUser() *model.User {

server/db/models/verification_requests.go

@@ -11,16 +11,16 @@ import (
 
 // VerificationRequest model for db
 type VerificationRequest struct {
-	Key         string `json:"_key,omitempty" bson:"_key" cql:"_key,omitempty"` // for arangodb
-	ID          string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	Token       string `gorm:"type:text" json:"token" bson:"token" cql:"jwt_token"` // token is reserved keyword in cassandra
-	Identifier  string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(64)" json:"identifier" bson:"identifier" cql:"identifier"`
-	ExpiresAt   int64  `json:"expires_at" bson:"expires_at" cql:"expires_at"`
-	Email       string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(256)" json:"email" bson:"email" cql:"email"`
-	Nonce       string `gorm:"type:text" json:"nonce" bson:"nonce" cql:"nonce"`
-	RedirectURI string `gorm:"type:text" json:"redirect_uri" bson:"redirect_uri" cql:"redirect_uri"`
-	CreatedAt   int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt   int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key         string `json:"_key,omitempty" bson:"_key" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID          string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	Token       string `json:"token" bson:"token" cql:"jwt_token" dynamo:"token" index:"token,hash"`
+	Identifier  string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(64)" json:"identifier" bson:"identifier" cql:"identifier" dynamo:"identifier"`
+	ExpiresAt   int64  `json:"expires_at" bson:"expires_at" cql:"expires_at" dynamo:"expires_at"`
+	Email       string `gorm:"uniqueIndex:idx_email_identifier;type:varchar(256)" json:"email" bson:"email" cql:"email" dynamo:"email"`
+	Nonce       string `json:"nonce" bson:"nonce" cql:"nonce" dynamo:"nonce"`
+	RedirectURI string `json:"redirect_uri" bson:"redirect_uri" cql:"redirect_uri" dynamo:"redirect_uri"`
+	CreatedAt   int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt   int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 func (v *VerificationRequest) AsAPIVerificationRequest() *model.VerificationRequest {

server/db/models/webhook.go

@@ -12,14 +12,14 @@ import (
 
 // Webhook model for db
 type Webhook struct {
-	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name"`
-	EndPoint  string `gorm:"type:text" json:"endpoint" bson:"endpoint" cql:"endpoint"`
-	Headers   string `gorm:"type:text" json:"headers" bson:"headers" cql:"headers"`
-	Enabled   bool   `json:"enabled" bson:"enabled" cql:"enabled"`
-	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key       string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID        string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	EventName string `gorm:"unique" json:"event_name" bson:"event_name" cql:"event_name" dynamo:"event_name" index:"event_name,hash"`
+	EndPoint  string `json:"endpoint" bson:"endpoint" cql:"endpoint" dynamo:"endpoint"`
+	Headers   string `json:"headers" bson:"headers" cql:"headers" dynamo:"headers"`
+	Enabled   bool   `json:"enabled" bson:"enabled" cql:"enabled" dynamo:"enabled"`
+	CreatedAt int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 // AsAPIWebhook to return webhook as graphql response object

server/db/models/webhook_log.go

@@ -11,14 +11,14 @@ import (
 
 // WebhookLog model for db
 type WebhookLog struct {
-	Key        string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty"` // for arangodb
-	ID         string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id"`
-	HttpStatus int64  `json:"http_status" bson:"http_status" cql:"http_status"`
-	Response   string `gorm:"type:text" json:"response" bson:"response" cql:"response"`
-	Request    string `gorm:"type:text" json:"request" bson:"request" cql:"request"`
-	WebhookID  string `gorm:"type:char(36)" json:"webhook_id" bson:"webhook_id" cql:"webhook_id"`
-	CreatedAt  int64  `json:"created_at" bson:"created_at" cql:"created_at"`
-	UpdatedAt  int64  `json:"updated_at" bson:"updated_at" cql:"updated_at"`
+	Key        string `json:"_key,omitempty" bson:"_key,omitempty" cql:"_key,omitempty" dynamo:"key,omitempty"` // for arangodb
+	ID         string `gorm:"primaryKey;type:char(36)" json:"_id" bson:"_id" cql:"id" dynamo:"id,hash"`
+	HttpStatus int64  `json:"http_status" bson:"http_status" cql:"http_status" dynamo:"http_status"`
+	Response   string `json:"response" bson:"response" cql:"response" dynamo:"response"`
+	Request    string `json:"request" bson:"request" cql:"request" dynamo:"request"`
+	WebhookID  string `gorm:"type:char(36)" json:"webhook_id" bson:"webhook_id" cql:"webhook_id" dynamo:"webhook_id" index:"webhook_id,hash"`
+	CreatedAt  int64  `json:"created_at" bson:"created_at" cql:"created_at" dynamo:"created_at"`
+	UpdatedAt  int64  `json:"updated_at" bson:"updated_at" cql:"updated_at" dynamo:"updated_at"`
 }
 
 // AsAPIWebhookLog to return webhook log as graphql response object

server/db/providers/dynamodb/email_template.go

@@ -0,0 +1,121 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddEmailTemplate to add EmailTemplate
+func (p *provider) AddEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	if emailTemplate.ID == "" {
+		emailTemplate.ID = uuid.New().String()
+	}
+
+	emailTemplate.Key = emailTemplate.ID
+	emailTemplate.CreatedAt = time.Now().Unix()
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	err := collection.Put(emailTemplate).RunWithContext(ctx)
+
+	if err != nil {
+		return emailTemplate.AsAPIEmailTemplate(), err
+	}
+
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// UpdateEmailTemplate to update EmailTemplate
+func (p *provider) UpdateEmailTemplate(ctx context.Context, emailTemplate models.EmailTemplate) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	emailTemplate.UpdatedAt = time.Now().Unix()
+	err := UpdateByHashKey(collection, "id", emailTemplate.ID, emailTemplate)
+	if err != nil {
+		return emailTemplate.AsAPIEmailTemplate(), err
+	}
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// ListEmailTemplates to list EmailTemplate
+func (p *provider) ListEmailTemplate(ctx context.Context, pagination model.Pagination) (*model.EmailTemplates, error) {
+
+	var emailTemplate models.EmailTemplate
+	var iter dynamo.PagingIter
+	var lastEval dynamo.PagingKey
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	emailTemplates := []*model.EmailTemplate{}
+	paginationClone := pagination
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &emailTemplate) {
+			if paginationClone.Offset == iteration {
+				emailTemplates = append(emailTemplates, emailTemplate.AsAPIEmailTemplate())
+			}
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	paginationClone.Total = count
+
+	return &model.EmailTemplates{
+		Pagination:     &paginationClone,
+		EmailTemplates: emailTemplates,
+	}, nil
+}
+
+// GetEmailTemplateByID to get EmailTemplate by id
+func (p *provider) GetEmailTemplateByID(ctx context.Context, emailTemplateID string) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	var emailTemplate models.EmailTemplate
+	err := collection.Get("id", emailTemplateID).OneWithContext(ctx, &emailTemplate)
+	if err != nil {
+		return nil, err
+	}
+	return emailTemplate.AsAPIEmailTemplate(), nil
+}
+
+// GetEmailTemplateByEventName to get EmailTemplate by event_name
+func (p *provider) GetEmailTemplateByEventName(ctx context.Context, eventName string) (*model.EmailTemplate, error) {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	var emailTemplates []models.EmailTemplate
+	var emailTemplate models.EmailTemplate
+
+	err := collection.Scan().Index("event_name").Filter("'event_name' = ?", eventName).Limit(1).AllWithContext(ctx, &emailTemplates)
+	if err != nil {
+		return nil, err
+	}
+	if len(emailTemplates) > 0 {
+		emailTemplate = emailTemplates[0]
+		return emailTemplate.AsAPIEmailTemplate(), nil
+	} else {
+		return nil, errors.New("no record found")
+	}
+
+}
+
+// DeleteEmailTemplate to delete EmailTemplate
+func (p *provider) DeleteEmailTemplate(ctx context.Context, emailTemplate *model.EmailTemplate) error {
+	collection := p.db.Table(models.Collections.EmailTemplate)
+	err := collection.Delete("id", emailTemplate.ID).RunWithContext(ctx)
+
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

server/db/providers/dynamodb/env.go

@@ -0,0 +1,72 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+)
+
+// AddEnv to save environment information in database
+func (p *provider) AddEnv(ctx context.Context, env models.Env) (models.Env, error) {
+	collection := p.db.Table(models.Collections.Env)
+
+	if env.ID == "" {
+		env.ID = uuid.New().String()
+	}
+
+	env.Key = env.ID
+
+	env.CreatedAt = time.Now().Unix()
+	env.UpdatedAt = time.Now().Unix()
+
+	err := collection.Put(env).RunWithContext(ctx)
+
+	if err != nil {
+		return env, err
+	}
+
+	return env, nil
+}
+
+// UpdateEnv to update environment information in database
+func (p *provider) UpdateEnv(ctx context.Context, env models.Env) (models.Env, error) {
+
+	collection := p.db.Table(models.Collections.Env)
+	env.UpdatedAt = time.Now().Unix()
+
+	err := UpdateByHashKey(collection, "id", env.ID, env)
+
+	if err != nil {
+		return env, err
+	}
+	return env, nil
+}
+
+// GetEnv to get environment information from database
+func (p *provider) GetEnv(ctx context.Context) (models.Env, error) {
+	var env models.Env
+
+	collection := p.db.Table(models.Collections.Env)
+	// As there is no Findone supported.
+	iter := collection.Scan().Limit(1).Iter()
+
+	for iter.NextWithContext(ctx, &env) {
+		if env.ID == "" {
+			return env, errors.New("no documets found")
+		} else {
+			return env, nil
+		}
+	}
+
+	err := iter.Err()
+
+	if err != nil {
+		return env, fmt.Errorf("config not found")
+	}
+
+	return env, nil
+}

server/db/providers/dynamodb/otp.go

@@ -0,0 +1,80 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+)
+
+// UpsertOTP to add or update otp
+func (p *provider) UpsertOTP(ctx context.Context, otpParam *models.OTP) (*models.OTP, error) {
+	otp, _ := p.GetOTPByEmail(ctx, otpParam.Email)
+	shouldCreate := false
+	if otp == nil {
+		id := uuid.NewString()
+		otp = &models.OTP{
+			ID:        id,
+			Key:       id,
+			Otp:       otpParam.Otp,
+			Email:     otpParam.Email,
+			ExpiresAt: otpParam.ExpiresAt,
+			CreatedAt: time.Now().Unix(),
+		}
+		shouldCreate = true
+	} else {
+		otp.Otp = otpParam.Otp
+		otp.ExpiresAt = otpParam.ExpiresAt
+	}
+
+	collection := p.db.Table(models.Collections.OTP)
+	otp.UpdatedAt = time.Now().Unix()
+
+	var err error
+	if shouldCreate {
+		err = collection.Put(otp).RunWithContext(ctx)
+	} else {
+		err = UpdateByHashKey(collection, "id", otp.ID, otp)
+	}
+	if err != nil {
+		return nil, err
+	}
+
+	return otp, nil
+}
+
+// GetOTPByEmail to get otp for a given email address
+func (p *provider) GetOTPByEmail(ctx context.Context, emailAddress string) (*models.OTP, error) {
+	var otps []models.OTP
+	var otp models.OTP
+
+	collection := p.db.Table(models.Collections.OTP)
+
+	err := collection.Scan().Index("email").Filter("'email' = ?", emailAddress).Limit(1).AllWithContext(ctx, &otps)
+
+	if err != nil {
+		return nil, err
+	}
+	if len(otps) > 0 {
+		otp = otps[0]
+		return &otp, nil
+	} else {
+		return nil, errors.New("no docuemnt found")
+	}
+}
+
+// DeleteOTP to delete otp
+func (p *provider) DeleteOTP(ctx context.Context, otp *models.OTP) error {
+	collection := p.db.Table(models.Collections.OTP)
+
+	if otp.ID != "" {
+		err := collection.Delete("id", otp.ID).RunWithContext(ctx)
+		if err != nil {
+			return err
+		}
+	}
+
+	return nil
+}

server/db/providers/dynamodb/provider.go

@@ -0,0 +1,61 @@
+package dynamodb
+
+import (
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/guregu/dynamo"
+	log "github.com/sirupsen/logrus"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+)
+
+type provider struct {
+	db *dynamo.DB
+}
+
+// NewProvider returns a new Dynamo provider
+func NewProvider() (*provider, error) {
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
+	awsRegion := memorystore.RequiredEnvStoreObj.GetRequiredEnv().AwsRegion
+	awsAccessKeyID := memorystore.RequiredEnvStoreObj.GetRequiredEnv().AwsAccessKeyID
+	awsSecretAccessKey := memorystore.RequiredEnvStoreObj.GetRequiredEnv().AwsSecretAccessKey
+
+	config := aws.Config{
+		MaxRetries:                    aws.Int(3),
+		CredentialsChainVerboseErrors: aws.Bool(true), // for full error logs
+	}
+
+	if awsRegion != "" {
+		config.Region = aws.String(awsRegion)
+	}
+
+	// custom awsAccessKeyID, awsSecretAccessKey took first priority, if not then fetch config from aws credentials
+	if awsAccessKeyID != "" && awsSecretAccessKey != "" {
+		config.Credentials = credentials.NewStaticCredentials(awsAccessKeyID, awsSecretAccessKey, "")
+	} else if dbURL != "" {
+		// static config in case of testing or local-setup
+		config.Credentials = credentials.NewStaticCredentials("key", "key", "")
+		config.Endpoint = aws.String(dbURL)
+	} else {
+		log.Debugf("%s or %s or %s not found. Trying to load default credentials from aws config", constants.EnvAwsRegion, constants.EnvAwsAccessKeyID, constants.EnvAwsSecretAccessKey)
+	}
+
+	session := session.Must(session.NewSession(&config))
+	db := dynamo.New(session)
+
+	db.CreateTable(models.Collections.User, models.User{}).Wait()
+	db.CreateTable(models.Collections.Session, models.Session{}).Wait()
+	db.CreateTable(models.Collections.EmailTemplate, models.EmailTemplate{}).Wait()
+	db.CreateTable(models.Collections.Env, models.Env{}).Wait()
+	db.CreateTable(models.Collections.OTP, models.OTP{}).Wait()
+	db.CreateTable(models.Collections.VerificationRequest, models.VerificationRequest{}).Wait()
+	db.CreateTable(models.Collections.Webhook, models.Webhook{}).Wait()
+	db.CreateTable(models.Collections.WebhookLog, models.WebhookLog{}).Wait()
+
+	return &provider{
+		db: db,
+	}, nil
+}

server/db/providers/dynamodb/session.go

@@ -0,0 +1,28 @@
+package dynamodb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/google/uuid"
+)
+
+// AddSession to save session information in database
+func (p *provider) AddSession(ctx context.Context, session models.Session) error {
+	collection := p.db.Table(models.Collections.Session)
+
+	if session.ID == "" {
+		session.ID = uuid.New().String()
+	}
+
+	session.CreatedAt = time.Now().Unix()
+	session.UpdatedAt = time.Now().Unix()
+	err := collection.Put(session).RunWithContext(ctx)
+	return err
+}
+
+// DeleteSession to delete session information from database
+func (p *provider) DeleteSession(ctx context.Context, userId string) error {
+	return nil
+}

server/db/providers/dynamodb/shared.go

@@ -0,0 +1,46 @@
+package dynamodb
+
+import (
+	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
+	"github.com/guregu/dynamo"
+)
+
+// As updpate all item not supported so set manually via Set and SetNullable for empty field
+func UpdateByHashKey(table dynamo.Table, hashKey string, hashValue string, item interface{}) error {
+	existingValue, err := dynamo.MarshalItem(item)
+	var i interface{}
+
+	if err != nil {
+		return err
+	}
+
+	nullableValue, err := dynamodbattribute.MarshalMap(item)
+	if err != nil {
+		return err
+	}
+
+	u := table.Update(hashKey, hashValue)
+	for k, v := range existingValue {
+		if k == hashKey {
+			continue
+		}
+		u = u.Set(k, v)
+	}
+
+	for k, v := range nullableValue {
+		if k == hashKey {
+			continue
+		}
+		dynamodbattribute.Unmarshal(v, &i)
+		if i == nil {
+			u = u.SetNullable(k, v)
+		}
+	}
+
+	err = u.Run()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}

server/db/providers/dynamodb/user.go

@@ -0,0 +1,195 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/constants"
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+	log "github.com/sirupsen/logrus"
+)
+
+// AddUser to save user information in database
+func (p *provider) AddUser(ctx context.Context, user models.User) (models.User, error) {
+	collection := p.db.Table(models.Collections.User)
+
+	if user.ID == "" {
+		user.ID = uuid.New().String()
+	}
+
+	if user.Roles == "" {
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			return user, err
+		}
+		user.Roles = defaultRoles
+	}
+
+	user.CreatedAt = time.Now().Unix()
+	user.UpdatedAt = time.Now().Unix()
+
+	err := collection.Put(user).RunWithContext(ctx)
+
+	if err != nil {
+		return user, err
+	}
+	return user, nil
+}
+
+// UpdateUser to update user information in database
+func (p *provider) UpdateUser(ctx context.Context, user models.User) (models.User, error) {
+	collection := p.db.Table(models.Collections.User)
+
+	if user.ID != "" {
+
+		user.UpdatedAt = time.Now().Unix()
+
+		err := UpdateByHashKey(collection, "id", user.ID, user)
+		if err != nil {
+			return user, err
+		}
+
+		if err != nil {
+			return user, err
+		}
+
+	}
+	return user, nil
+}
+
+// DeleteUser to delete user information from database
+func (p *provider) DeleteUser(ctx context.Context, user models.User) error {
+	collection := p.db.Table(models.Collections.User)
+	sessionCollection := p.db.Table(models.Collections.Session)
+
+	if user.ID != "" {
+		err := collection.Delete("id", user.ID).Run()
+		if err != nil {
+			return err
+		}
+
+		_, err = sessionCollection.Batch("id").Write().Delete(dynamo.Keys{"user_id", user.ID}).RunWithContext(ctx)
+
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+// ListUsers to get list of users from database
+func (p *provider) ListUsers(ctx context.Context, pagination model.Pagination) (*model.Users, error) {
+	var user models.User
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.User)
+	users := []*model.User{}
+
+	paginationClone := pagination
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &user) {
+			if paginationClone.Offset == iteration {
+				users = append(users, user.AsAPIUser())
+			}
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	err = iter.Err()
+
+	if err != nil {
+		return nil, err
+	}
+
+	paginationClone.Total = count
+
+	return &model.Users{
+		Pagination: &paginationClone,
+		Users:      users,
+	}, nil
+}
+
+// GetUserByEmail to get user information from database using email address
+func (p *provider) GetUserByEmail(ctx context.Context, email string) (models.User, error) {
+	var users []models.User
+	var user models.User
+
+	collection := p.db.Table(models.Collections.User)
+	err := collection.Scan().Index("email").Filter("'email' = ?", email).AllWithContext(ctx, &users)
+
+	if err != nil {
+		return user, nil
+	}
+
+	if len(users) > 0 {
+		user = users[0]
+		return user, nil
+	} else {
+		return user, errors.New("no record found")
+	}
+
+}
+
+// GetUserByID to get user information from database using user ID
+func (p *provider) GetUserByID(ctx context.Context, id string) (models.User, error) {
+	collection := p.db.Table(models.Collections.User)
+	var user models.User
+	err := collection.Get("id", id).OneWithContext(ctx, &user)
+
+	if err != nil {
+		if user.Email == "" {
+			return user, errors.New("no documets found")
+		} else {
+			return user, nil
+		}
+	}
+	return user, nil
+}
+
+// UpdateUsers to update multiple users, with parameters of user IDs slice
+// If ids set to nil / empty all the users will be updated
+func (p *provider) UpdateUsers(ctx context.Context, data map[string]interface{}, ids []string) error {
+	// set updated_at time for all users
+	userCollection := p.db.Table(models.Collections.User)
+	var allUsers []models.User
+	var res int64 = 0
+	var err error
+	if len(ids) > 0 {
+		for _, v := range ids {
+			err = UpdateByHashKey(userCollection, "id", v, data)
+		}
+	} else {
+		// as there is no facility to update all doc - https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/SQLtoNoSQL.UpdateData.html
+		userCollection.Scan().All(&allUsers)
+
+		for _, user := range allUsers {
+			err = UpdateByHashKey(userCollection, "id", user.ID, data)
+			if err == nil {
+				res = res + 1
+			}
+		}
+	}
+
+	if err != nil {
+		return err
+	} else {
+		log.Info("Updated users: ", res)
+	}
+	return nil
+}

server/db/providers/dynamodb/verification_requests.go

@@ -0,0 +1,116 @@
+package dynamodb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddVerification to save verification request in database
+func (p *provider) AddVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) (models.VerificationRequest, error) {
+	collection := p.db.Table(models.Collections.VerificationRequest)
+
+	if verificationRequest.ID == "" {
+		verificationRequest.ID = uuid.New().String()
+		verificationRequest.CreatedAt = time.Now().Unix()
+		verificationRequest.UpdatedAt = time.Now().Unix()
+		err := collection.Put(verificationRequest).RunWithContext(ctx)
+		if err != nil {
+			return verificationRequest, err
+		}
+	}
+
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByToken to get verification request from database using token
+func (p *provider) GetVerificationRequestByToken(ctx context.Context, token string) (models.VerificationRequest, error) {
+	collection := p.db.Table(models.Collections.VerificationRequest)
+	var verificationRequest models.VerificationRequest
+
+	iter := collection.Scan().Filter("'token' = ?", token).Iter()
+	for iter.NextWithContext(ctx, &verificationRequest) {
+		return verificationRequest, nil
+	}
+
+	err := iter.Err()
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// GetVerificationRequestByEmail to get verification request by email from database
+func (p *provider) GetVerificationRequestByEmail(ctx context.Context, email string, identifier string) (models.VerificationRequest, error) {
+	var verificationRequest models.VerificationRequest
+	collection := p.db.Table(models.Collections.VerificationRequest)
+	iter := collection.Scan().Filter("'email' = ?", email).Filter("'identifier' = ?", identifier).Iter()
+	for iter.NextWithContext(ctx, &verificationRequest) {
+		return verificationRequest, nil
+	}
+
+	err := iter.Err()
+	if err != nil {
+		return verificationRequest, err
+	}
+	return verificationRequest, nil
+}
+
+// ListVerificationRequests to get list of verification requests from database
+func (p *provider) ListVerificationRequests(ctx context.Context, pagination model.Pagination) (*model.VerificationRequests, error) {
+	verificationRequests := []*model.VerificationRequest{}
+	var verificationRequest models.VerificationRequest
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.VerificationRequest)
+	paginationClone := pagination
+
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &verificationRequest) {
+			if paginationClone.Offset == iteration {
+				verificationRequests = append(verificationRequests, verificationRequest.AsAPIVerificationRequest())
+			}
+		}
+		err = iter.Err()
+		if err != nil {
+			return nil, err
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	paginationClone.Total = count
+
+	return &model.VerificationRequests{
+		VerificationRequests: verificationRequests,
+		Pagination:           &paginationClone,
+	}, nil
+}
+
+// DeleteVerificationRequest to delete verification request from database
+func (p *provider) DeleteVerificationRequest(ctx context.Context, verificationRequest models.VerificationRequest) error {
+	collection := p.db.Table(models.Collections.VerificationRequest)
+
+	if verificationRequest.ID != "" {
+		err := collection.Delete("id", verificationRequest.ID).RunWithContext(ctx)
+
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}

server/db/providers/dynamodb/webhook.go

@@ -0,0 +1,148 @@
+package dynamodb
+
+import (
+	"context"
+	"errors"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddWebhook to add webhook
+func (p *provider) AddWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	collection := p.db.Table(models.Collections.Webhook)
+
+	if webhook.ID == "" {
+		webhook.ID = uuid.New().String()
+	}
+
+	webhook.Key = webhook.ID
+	webhook.CreatedAt = time.Now().Unix()
+	webhook.UpdatedAt = time.Now().Unix()
+
+	err := collection.Put(webhook).RunWithContext(ctx)
+
+	if err != nil {
+		return nil, err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// UpdateWebhook to update webhook
+func (p *provider) UpdateWebhook(ctx context.Context, webhook models.Webhook) (*model.Webhook, error) {
+	collection := p.db.Table(models.Collections.Webhook)
+
+	webhook.UpdatedAt = time.Now().Unix()
+	err := UpdateByHashKey(collection, "id", webhook.ID, webhook)
+
+	if err != nil {
+		return nil, err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// ListWebhooks to list webhook
+func (p *provider) ListWebhook(ctx context.Context, pagination model.Pagination) (*model.Webhooks, error) {
+	webhooks := []*model.Webhook{}
+	var webhook models.Webhook
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+
+	collection := p.db.Table(models.Collections.Webhook)
+	paginationClone := pagination
+	scanner := collection.Scan()
+	count, err := scanner.Count()
+
+	if err != nil {
+		return nil, err
+	}
+
+	for (paginationClone.Offset + paginationClone.Limit) > iteration {
+		iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+		for iter.NextWithContext(ctx, &webhook) {
+			if paginationClone.Offset == iteration {
+				webhooks = append(webhooks, webhook.AsAPIWebhook())
+			}
+		}
+		err = iter.Err()
+		if err != nil {
+			return nil, err
+		}
+		lastEval = iter.LastEvaluatedKey()
+		iteration += paginationClone.Limit
+	}
+
+	paginationClone.Total = count
+
+	return &model.Webhooks{
+		Pagination: &paginationClone,
+		Webhooks:   webhooks,
+	}, nil
+}
+
+// GetWebhookByID to get webhook by id
+func (p *provider) GetWebhookByID(ctx context.Context, webhookID string) (*model.Webhook, error) {
+	collection := p.db.Table(models.Collections.Webhook)
+	var webhook models.Webhook
+
+	err := collection.Get("id", webhookID).OneWithContext(ctx, &webhook)
+
+	if err != nil {
+		return nil, err
+	}
+
+	if webhook.ID == "" {
+		return webhook.AsAPIWebhook(), errors.New("no documets found")
+	}
+
+	return webhook.AsAPIWebhook(), nil
+}
+
+// GetWebhookByEventName to get webhook by event_name
+func (p *provider) GetWebhookByEventName(ctx context.Context, eventName string) (*model.Webhook, error) {
+	var webhook models.Webhook
+	collection := p.db.Table(models.Collections.Webhook)
+
+	iter := collection.Scan().Index("event_name").Filter("'event_name' = ?", eventName).Iter()
+
+	for iter.NextWithContext(ctx, &webhook) {
+		return webhook.AsAPIWebhook(), nil
+	}
+
+	err := iter.Err()
+
+	if err != nil {
+		return webhook.AsAPIWebhook(), err
+	}
+	return webhook.AsAPIWebhook(), nil
+}
+
+// DeleteWebhook to delete webhook
+func (p *provider) DeleteWebhook(ctx context.Context, webhook *model.Webhook) error {
+	// Also delete webhook logs for given webhook id
+	if webhook.ID != "" {
+		webhookCollection := p.db.Table(models.Collections.Webhook)
+		pagination := model.Pagination{}
+		webhookLogCollection := p.db.Table(models.Collections.WebhookLog)
+		err := webhookCollection.Delete("id", webhook.ID).RunWithContext(ctx)
+		if err != nil {
+			return err
+		}
+		webhookLogs, errIs := p.ListWebhookLogs(ctx, pagination, webhook.ID)
+
+		for _, webhookLog := range webhookLogs.WebhookLogs {
+			err = webhookLogCollection.Delete("id", webhookLog.ID).RunWithContext(ctx)
+			if err != nil {
+				return err
+			}
+		}
+		if errIs != nil {
+			return errIs
+		}
+	}
+	return nil
+}

server/db/providers/dynamodb/webhook_log.go

@@ -0,0 +1,78 @@
+package dynamodb
+
+import (
+	"context"
+	"time"
+
+	"github.com/authorizerdev/authorizer/server/db/models"
+	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/google/uuid"
+	"github.com/guregu/dynamo"
+)
+
+// AddWebhookLog to add webhook log
+func (p *provider) AddWebhookLog(ctx context.Context, webhookLog models.WebhookLog) (*model.WebhookLog, error) {
+	collection := p.db.Table(models.Collections.WebhookLog)
+
+	if webhookLog.ID == "" {
+		webhookLog.ID = uuid.New().String()
+	}
+
+	webhookLog.Key = webhookLog.ID
+	webhookLog.CreatedAt = time.Now().Unix()
+	webhookLog.UpdatedAt = time.Now().Unix()
+	err := collection.Put(webhookLog).RunWithContext(ctx)
+
+	if err != nil {
+		return nil, err
+	}
+	return webhookLog.AsAPIWebhookLog(), nil
+}
+
+// ListWebhookLogs to list webhook logs
+func (p *provider) ListWebhookLogs(ctx context.Context, pagination model.Pagination, webhookID string) (*model.WebhookLogs, error) {
+	webhookLogs := []*model.WebhookLog{}
+	var webhookLog models.WebhookLog
+	var lastEval dynamo.PagingKey
+	var iter dynamo.PagingIter
+	var iteration int64 = 0
+	var err error
+	var count int64
+
+	collection := p.db.Table(models.Collections.WebhookLog)
+	paginationClone := pagination
+	scanner := collection.Scan()
+
+	if webhookID != "" {
+		iter = scanner.Index("webhook_id").Filter("'webhook_id' = ?", webhookID).Iter()
+		for iter.NextWithContext(ctx, &webhookLog) {
+			webhookLogs = append(webhookLogs, webhookLog.AsAPIWebhookLog())
+		}
+		err = iter.Err()
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		for (paginationClone.Offset + paginationClone.Limit) > iteration {
+			iter = scanner.StartFrom(lastEval).Limit(paginationClone.Limit).Iter()
+			for iter.NextWithContext(ctx, &webhookLog) {
+				if paginationClone.Offset == iteration {
+					webhookLogs = append(webhookLogs, webhookLog.AsAPIWebhookLog())
+				}
+			}
+			err = iter.Err()
+			if err != nil {
+				return nil, err
+			}
+			lastEval = iter.LastEvaluatedKey()
+			iteration += paginationClone.Limit
+		}
+	}
+
+	paginationClone.Total = count
+	// paginationClone.Cursor = iter.LastEvaluatedKey()
+	return &model.WebhookLogs{
+		Pagination:  &paginationClone,
+		WebhookLogs: webhookLogs,
+	}, nil
+}

server/db/providers/sql/provider.go

@@ -1,6 +1,7 @@
 package sql
 
 import (
+	"fmt"
 	"log"
 	"os"
 	"time"
@@ -21,6 +22,16 @@ type provider struct {
 	db *gorm.DB
 }
 
+const (
+	phoneNumberIndexName  = "UQ_phone_number"
+	phoneNumberColumnName = "phone_number"
+)
+
+type indexInfo struct {
+	IndexName  string `json:"index_name"`
+	ColumnName string `json:"column_name"`
+}
+
 // NewProvider returns a new SQL provider
 func NewProvider() (*provider, error) {
 	var sqlDB *gorm.DB
@@ -65,6 +76,32 @@ func NewProvider() (*provider, error) {
 	if err != nil {
 		return nil, err
 	}
+
+	// unique constraint on phone number does not work with multiple null values for sqlserver
+	// for more information check https://stackoverflow.com/a/767702
+	if dbType == constants.DbTypeSqlserver {
+		var indexInfos []indexInfo
+		// remove index on phone number if present with different name
+		res := sqlDB.Raw("SELECT i.name AS index_name, i.type_desc AS index_algorithm, CASE i.is_unique WHEN 1 THEN 'TRUE' ELSE 'FALSE' END AS is_unique, ac.Name AS column_name FROM sys.tables AS t INNER JOIN sys.indexes AS i ON t.object_id = i.object_id INNER JOIN sys.index_columns AS ic ON ic.object_id = i.object_id AND ic.index_id = i.index_id INNER JOIN sys.all_columns AS ac ON ic.object_id = ac.object_id AND ic.column_id = ac.column_id WHERE t.name = 'authorizer_users' AND SCHEMA_NAME(t.schema_id) = 'dbo';").Scan(&indexInfos)
+		if res.Error != nil {
+			return nil, res.Error
+		}
+
+		for _, val := range indexInfos {
+			if val.ColumnName == phoneNumberColumnName && val.IndexName != phoneNumberIndexName {
+				// drop index & create new
+				if res := sqlDB.Exec(fmt.Sprintf(`ALTER TABLE authorizer_users DROP CONSTRAINT "%s";`, val.IndexName)); res.Error != nil {
+					return nil, res.Error
+				}
+
+				// create index
+				if res := sqlDB.Exec(fmt.Sprintf("CREATE UNIQUE NONCLUSTERED INDEX %s ON authorizer_users(phone_number) WHERE phone_number IS NOT NULL;", phoneNumberIndexName)); res.Error != nil {
+					return nil, res.Error
+				}
+			}
+		}
+	}
+
 	return &provider{
 		db: sqlDB,
 	}, nil

server/email/email.go

@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/tls"
 	"strconv"
+	"strings"
 	"text/template"
 
 	log "github.com/sirupsen/logrus"
@@ -126,6 +127,12 @@ func SendEmail(to []string, event string, data map[string]interface{}) error {
 		return err
 	}
 
+	smtpLocalName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeySmtpLocalName)
+	if err != nil {
+		log.Debugf("Error while getting smtp localname from env variable: %v", err)
+		smtpLocalName = ""
+	}
+
 	isProd, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyIsProd)
 	if err != nil {
 		log.Errorf("Error while getting env variable: %v", err)
@@ -141,6 +148,11 @@ func SendEmail(to []string, event string, data map[string]interface{}) error {
 	if !isProd {
 		d.TLSConfig = &tls.Config{InsecureSkipVerify: true}
 	}
+
+	if strings.TrimSpace(smtpLocalName) != "" {
+		d.LocalName = smtpLocalName
+	}
+
 	if err := d.DialAndSend(m); err != nil {
 		log.Debug("SMTP Failed: ", err)
 		return err

server/env/env.go

@@ -55,6 +55,7 @@ func InitAllEnv() error {
 	osSmtpPort := os.Getenv(constants.EnvKeySmtpPort)
 	osSmtpUsername := os.Getenv(constants.EnvKeySmtpUsername)
 	osSmtpPassword := os.Getenv(constants.EnvKeySmtpPassword)
+	osSmtpLocalName := os.Getenv(constants.EnvKeySmtpLocalName)
 	osSenderEmail := os.Getenv(constants.EnvKeySenderEmail)
 	osJwtType := os.Getenv(constants.EnvKeyJwtType)
 	osJwtSecret := os.Getenv(constants.EnvKeyJwtSecret)
@@ -77,6 +78,9 @@ func InitAllEnv() error {
 	osResetPasswordURL := os.Getenv(constants.EnvKeyResetPasswordURL)
 	osOrganizationName := os.Getenv(constants.EnvKeyOrganizationName)
 	osOrganizationLogo := os.Getenv(constants.EnvKeyOrganizationLogo)
+	osAwsRegion := os.Getenv(constants.EnvAwsRegion)
+	osAwsAccessKey := os.Getenv(constants.EnvAwsAccessKeyID)
+	osAwsSecretKey := os.Getenv(constants.EnvAwsSecretAccessKey)
 
 	// os bool vars
 	osAppCookieSecure := os.Getenv(constants.EnvKeyAppCookieSecure)
@@ -119,6 +123,27 @@ func InitAllEnv() error {
 		}
 	}
 
+	if val, ok := envData[constants.EnvAwsRegion]; !ok || val == "" {
+		envData[constants.EnvAwsRegion] = osAwsRegion
+	}
+	if osAwsRegion != "" && envData[constants.EnvAwsRegion] != osAwsRegion {
+		envData[constants.EnvAwsRegion] = osAwsRegion
+	}
+
+	if val, ok := envData[constants.EnvAwsAccessKeyID]; !ok || val == "" {
+		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
+	}
+	if osAwsAccessKey != "" && envData[constants.EnvAwsAccessKeyID] != osAwsRegion {
+		envData[constants.EnvAwsAccessKeyID] = osAwsAccessKey
+	}
+
+	if val, ok := envData[constants.EnvAwsSecretAccessKey]; !ok || val == "" {
+		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
+	}
+	if osAwsSecretKey != "" && envData[constants.EnvAwsSecretAccessKey] != osAwsRegion {
+		envData[constants.EnvAwsSecretAccessKey] = osAwsSecretKey
+	}
+
 	if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" {
 		envData[constants.EnvKeyAppURL] = osAppURL
 	}
@@ -181,6 +206,13 @@ func InitAllEnv() error {
 		envData[constants.EnvKeySmtpUsername] = osSmtpUsername
 	}
 
+	if val, ok := envData[constants.EnvKeySmtpLocalName]; !ok || val == "" {
+		envData[constants.EnvKeySmtpLocalName] = osSmtpLocalName
+	}
+	if osSmtpLocalName != "" && envData[constants.EnvKeySmtpLocalName] != osSmtpLocalName {
+		envData[constants.EnvKeySmtpLocalName] = osSmtpLocalName
+	}
+
 	if val, ok := envData[constants.EnvKeySmtpPassword]; !ok || val == "" {
 		envData[constants.EnvKeySmtpPassword] = osSmtpPassword
 	}

server/go.mod

@@ -5,6 +5,7 @@ go 1.16
 require (
 	github.com/99designs/gqlgen v0.17.20
 	github.com/arangodb/go-driver v1.2.1
+	github.com/aws/aws-sdk-go v1.44.109
 	github.com/coreos/go-oidc/v3 v3.1.0
 	github.com/gin-gonic/gin v1.8.1
 	github.com/go-playground/validator/v10 v10.11.1 // indirect
@@ -14,7 +15,9 @@ require (
 	github.com/golang-jwt/jwt v3.2.2+incompatible
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/google/uuid v1.3.0
+	github.com/guregu/dynamo v1.16.0
 	github.com/joho/godotenv v1.3.0
+	github.com/mitchellh/gox v1.0.1 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/pelletier/go-toml/v2 v2.0.5 // indirect
 	github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f

server/go.sum

@@ -49,10 +49,15 @@ github.com/arangodb/go-velocypack v0.0.0-20200318135517-5af53c29c67e h1:Xg+hGrY2
 github.com/arangodb/go-velocypack v0.0.0-20200318135517-5af53c29c67e/go.mod h1:mq7Shfa/CaixoDxiyAAc5jZ6CVBAyPaNQCGS7mkj4Ho=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q=
 github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE=
+github.com/aws/aws-sdk-go v1.42.47/go.mod h1:OGr6lGMAKGlG9CVrYnWYDKIyb829c6EVBRjxqjmPepc=
+github.com/aws/aws-sdk-go v1.44.109 h1:+Na5JPeS0kiEHoBp5Umcuuf+IDqXqD0lXnM920E31YI=
+github.com/aws/aws-sdk-go v1.44.109/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo=
 github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932 h1:mXoPYz/Ul5HYEDvkta6I8/rnYM5gSdSV2tJ6XbZuEtY=
 github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932/go.mod h1:NOuUCSz6Q9T7+igc/hlvDOUdtWKryOrtFyIVABv/p7k=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4YnC6+E63dPcxHo2sUxDIu8g3QgEJdRY=
 github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
+github.com/cenkalti/backoff/v4 v4.1.2 h1:6Yo7N8UP2K6LWZnW94DLVSSrbobcWdVzAYOisuDPIFo=
+github.com/cenkalti/backoff/v4 v4.1.2/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw=
 github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
 github.com/cespare/xxhash/v2 v2.1.1 h1:6MnRN8NT7+YBpUIWxHtefFZOKTAPgGjpQSxqLNn0+qY=
 github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
@@ -91,8 +96,6 @@ github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWo
 github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/gin v1.7.2 h1:Tg03T9yM2xa8j6I3Z3oqLaQRSmKvxPd6g/2HJ6zICFA=
-github.com/gin-gonic/gin v1.7.2/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
 github.com/gin-gonic/gin v1.8.1 h1:4+fr/el88TOO3ewCmQr8cx/CtZ/umlIRIs5M4NTNjf8=
 github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
@@ -102,17 +105,10 @@ github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vb
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-playground/assert/v2 v2.0.1 h1:MsBgLAaY856+nPRTKrp3/OZK38U/wa0CcBYNjji3q3A=
 github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
-github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
-github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
 github.com/go-playground/locales v0.14.0 h1:u50s323jtVGugKlcYeyzC0etD1HifMjqmJqb8WugfUU=
 github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs=
-github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
-github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
 github.com/go-playground/universal-translator v0.18.0 h1:82dyy6p4OuJq4/CByFNOn/jYrnRPArHwAcmLoJZxyho=
 github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA=
-github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
-github.com/go-playground/validator/v10 v10.8.0 h1:1kAa0fCrnpv+QYdkdcRzrRM7AyYs5o8+jZdJCz9xj6k=
-github.com/go-playground/validator/v10 v10.8.0/go.mod h1:9JhgTzTaE31GZDpH/HSvHiRJrJ3iKAgqqH0Bl/Ocjdk=
 github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos=
 github.com/go-playground/validator/v10 v10.11.1 h1:prmOlTVv+YjZjmRmNSF3VmspqJIxJWXmqUsHwfTRRkQ=
 github.com/go-playground/validator/v10 v10.11.1/go.mod h1:i+3WkQ1FvaUjjxh1kSvIA4dMGDBiPU55YFDl0WbKdWU=
@@ -127,8 +123,9 @@ github.com/goccy/go-json v0.9.11 h1:/pAaQDLHEoCq/5FFmSKBswWmK6H0e8g4159Kc/X/nqk=
 github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
 github.com/gocql/gocql v1.2.0 h1:TZhsCd7fRuye4VyHr3WCvWwIQaZUmjsqnSIXK9FcVCE=
 github.com/gocql/gocql v1.2.0/go.mod h1:3gM2c4D3AnkISwBxGnMMsS8Oy4y2lhbPRsH4xnJrHG8=
-github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.2.0+incompatible h1:yyYWMnhkhrKwwr8gAOcOCYxOOscHgDS9yZgBrnJfGa0=
+github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
 github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
@@ -194,8 +191,12 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
+github.com/guregu/dynamo v1.16.0 h1:gmI8oi1VHwYQtq7+RPBeOiSssVLgxH/Az2t+NtDtL2c=
+github.com/guregu/dynamo v1.16.0/go.mod h1:W2Gqcf3MtkrS+Q6fHPGAmRtT0Dyq+TGrqfqrUC9+R/c=
 github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed h1:5upAirOpQc1Q53c0bnx2ufif5kANL7bfZWcc6VJWJd8=
 github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4=
+github.com/hashicorp/go-version v1.0.0 h1:21MVWPKDphxa7ineQQTrCU5brh7OuVVAzGOCnnCPtE8=
+github.com/hashicorp/go-version v1.0.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
 github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc=
@@ -256,11 +257,12 @@ github.com/jinzhu/inflection v1.0.0/go.mod h1:h+uFLlag+Qp1Va5pdKtLDYj+kHp5pxUVkr
 github.com/jinzhu/now v1.1.2/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
 github.com/jinzhu/now v1.1.3 h1:PlHq1bSCSZL9K0wUhbm2pGLoTWs2GwVhsP6emvGV/ZI=
 github.com/jinzhu/now v1.1.3/go.mod h1:d3SSVoowX0Lcu0IBviAWJpolVfI5UJVZZ7cO71lE/z8=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
+github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
-github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
-github.com/json-iterator/go v1.1.11 h1:uVUAXhF2To8cbw/3xN3pxj6kk7TYKs98NIrTqPlMWAQ=
-github.com/json-iterator/go v1.1.11/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
 github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
@@ -271,16 +273,15 @@ github.com/klauspost/compress v1.13.6 h1:P76CopJELS0TiO2mebmnzgWaajssP/EszplttgQ
 github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0=
 github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw=
-github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
 github.com/leodido/go-urn v1.2.1 h1:BqpAaACuzVSgi/VLzGZIobT2z4v53pjosyNd9Yv6n/w=
 github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY=
 github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
@@ -301,14 +302,15 @@ github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peK
 github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
 github.com/mattn/go-sqlite3 v1.14.9 h1:10HX2Td0ocZpYEjhilsuo6WWtUqttj2Kb0KtD86/KYA=
 github.com/mattn/go-sqlite3 v1.14.9/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mitchellh/gox v1.0.1 h1:x0jD3dcHk9a9xPSDN6YEL4xL6Qz0dvNYm8yZqui5chI=
+github.com/mitchellh/gox v1.0.1/go.mod h1:ED6BioOGXMswlXa2zxfh/xdd5QhwYliBFn9V18Ap4z4=
+github.com/mitchellh/iochan v1.0.0 h1:C+X3KsSTLFVBr/tK1eYN/vs4rJcvsiLU338UhYPJWeY=
+github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY=
 github.com/mitchellh/mapstructure v1.3.1 h1:cCBH2gTD2K0OtLlv/Y5H01VQCqmlDxz30kS5Y5bqfLA=
 github.com/mitchellh/mapstructure v1.3.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
 github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
-github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
-github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI=
-github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
 github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
 github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
@@ -336,6 +338,7 @@ github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f h1:a7clxaGmmqtdN
 github.com/robertkrimen/otto v0.0.0-20211024170158-b87d35c0b86f/go.mod h1:/mK7FZ3mFYEn9zvNPhpngTyatyehSwte5bJZ4ehL5Xw=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
+github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8=
 github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE=
 github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
 github.com/rs/zerolog v1.13.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU=
@@ -363,19 +366,13 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
-github.com/stretchr/testify v1.7.1 h1:5TQK59W5E3v0r2duFAb7P95B6hEeOyEnHRa8MjYSMTY=
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
-github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
-github.com/ugorji/go v1.2.6 h1:tGiWC9HENWE2tqYycIqFTNorMmFRVhNwCpDOpWqnk8E=
-github.com/ugorji/go v1.2.6/go.mod h1:anCg0y61KIhDlPZmnH+so+RQbysYVyDko0IMgJv0Nn0=
 github.com/ugorji/go v1.2.7 h1:qYhyWUUd6WbiM+C6JZAUkIJt/1WrjzNHY9+KCIjVqTo=
 github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M=
-github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
-github.com/ugorji/go/codec v1.2.6 h1:7kbGefxLoDBuYXOms4yD7223OpNMMPNPZxXk5TvFcyQ=
-github.com/ugorji/go/codec v1.2.6/go.mod h1:V6TCNZ4PHqoHGFZuSG1W8nrCzzdgA2DozYxWFFpvxTw=
 github.com/ugorji/go/codec v1.2.7 h1:YPXUKf7fYbp/y8xloBqZOw2qaVggbfwMlI8WM3wZUJ0=
 github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY=
 github.com/urfave/cli/v2 v2.8.1 h1:CGuYNZF9IKZY/rfBe3lJpccSoIY1ytfvmgQT90cNOl4=
@@ -429,7 +426,6 @@ golang.org/x/crypto v0.0.0-20201203163018-be400aefbc4c/go.mod h1:jdWPYTVW3xRLrWP
 golang.org/x/crypto v0.0.0-20201216223049-8b5274cf687f/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
 golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
 golang.org/x/crypto v0.0.0-20220926161630-eccd6366d1be h1:fmw3UbQh+nxngCAHrDCCztao/kbYFnWjoqop8dHx05A=
@@ -502,7 +498,8 @@ golang.org/x/net v0.0.0-20201202161906-c7110b5ffcbb/go.mod h1:sp8m0HH+o8qH0wwXwY
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
-golang.org/x/net v0.0.0-20220722155237-a158d28d115b h1:PxfKdU9lEEDYjdIzOtC4qFWgkU2rGHdKlKowJSMN9h0=
+golang.org/x/net v0.0.0-20211216030914-fe4d6282115f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
+golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b h1:uKO3Js8lXGjpjdc4J3rqs0/Ex5yDKUGfk43tTYWVLas=
 golang.org/x/net v0.0.0-20220930213112-107f3e3c3b0b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
@@ -569,16 +566,17 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab h1:2QkjZIsXupsJbJIdSjjUOgWK3aEtzyuh2mPt3l/CkeU=
 golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec h1:BkDtF2Ih9xZ7le9ndzTA7KJow28VbQW3odyk/8drmuI=
 golang.org/x/sys v0.0.0-20220928140112-f11e5e49a4ec/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -727,7 +725,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj
 google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
@@ -735,8 +732,8 @@ gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gG
 gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo=
 gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=

server/graph/generated/generated.go

@@ -71,8 +71,10 @@ type ComplexityRoot struct {
 
 	Env struct {
 		AccessTokenExpiryTime            func(childComplexity int) int
+		AdminCookieSecure                func(childComplexity int) int
 		AdminSecret                      func(childComplexity int) int
 		AllowedOrigins                   func(childComplexity int) int
+		AppCookieSecure                  func(childComplexity int) int
 		AppURL                           func(childComplexity int) int
 		AppleClientID                    func(childComplexity int) int
 		AppleClientSecret                func(childComplexity int) int
@@ -116,6 +118,7 @@ type ComplexityRoot struct {
 		ResetPasswordURL                 func(childComplexity int) int
 		Roles                            func(childComplexity int) int
 		SMTPHost                         func(childComplexity int) int
+		SMTPLocalName                    func(childComplexity int) int
 		SMTPPassword                     func(childComplexity int) int
 		SMTPPort                         func(childComplexity int) int
 		SMTPUsername                     func(childComplexity int) int
@@ -243,6 +246,7 @@ type ComplexityRoot struct {
 	}
 
 	ValidateJWTTokenResponse struct {
+		Claims  func(childComplexity int) int
 		IsValid func(childComplexity int) int
 	}
 
@@ -474,6 +478,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Env.AccessTokenExpiryTime(childComplexity), true
 
+	case "Env.ADMIN_COOKIE_SECURE":
+		if e.complexity.Env.AdminCookieSecure == nil {
+			break
+		}
+
+		return e.complexity.Env.AdminCookieSecure(childComplexity), true
+
 	case "Env.ADMIN_SECRET":
 		if e.complexity.Env.AdminSecret == nil {
 			break
@@ -488,6 +499,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Env.AllowedOrigins(childComplexity), true
 
+	case "Env.APP_COOKIE_SECURE":
+		if e.complexity.Env.AppCookieSecure == nil {
+			break
+		}
+
+		return e.complexity.Env.AppCookieSecure(childComplexity), true
+
 	case "Env.APP_URL":
 		if e.complexity.Env.AppURL == nil {
 			break
@@ -789,6 +807,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Env.SMTPHost(childComplexity), true
 
+	case "Env.SMTP_LOCAL_NAME":
+		if e.complexity.Env.SMTPLocalName == nil {
+			break
+		}
+
+		return e.complexity.Env.SMTPLocalName(childComplexity), true
+
 	case "Env.SMTP_PASSWORD":
 		if e.complexity.Env.SMTPPassword == nil {
 			break
@@ -1622,6 +1647,13 @@ func (e *executableSchema) Complexity(typeName, field string, childComplexity in
 
 		return e.complexity.Users.Users(childComplexity), true
 
+	case "ValidateJWTTokenResponse.claims":
+		if e.complexity.ValidateJWTTokenResponse.Claims == nil {
+			break
+		}
+
+		return e.complexity.ValidateJWTTokenResponse.Claims(childComplexity), true
+
 	case "ValidateJWTTokenResponse.is_valid":
 		if e.complexity.ValidateJWTTokenResponse.IsValid == nil {
 			break
@@ -2043,6 +2075,7 @@ type Env {
   SMTP_PORT: String
   SMTP_USERNAME: String
   SMTP_PASSWORD: String
+  SMTP_LOCAL_NAME: String
   SENDER_EMAIL: String
   JWT_TYPE: String
   JWT_SECRET: String
@@ -2079,10 +2112,13 @@ type Env {
   TWITTER_CLIENT_SECRET: String
   ORGANIZATION_NAME: String
   ORGANIZATION_LOGO: String
+  APP_COOKIE_SECURE: Boolean!
+  ADMIN_COOKIE_SECURE: Boolean!
 }
 
 type ValidateJWTTokenResponse {
   is_valid: Boolean!
+  claims: Map
 }
 
 type GenerateJWTKeysResponse {
@@ -2150,6 +2186,7 @@ input UpdateEnvInput {
   SMTP_PORT: String
   SMTP_USERNAME: String
   SMTP_PASSWORD: String
+  SMTP_LOCAL_NAME: String
   SENDER_EMAIL: String
   JWT_TYPE: String
   JWT_SECRET: String
@@ -2158,6 +2195,8 @@ input UpdateEnvInput {
   ALLOWED_ORIGINS: [String!]
   APP_URL: String
   RESET_PASSWORD_URL: String
+  APP_COOKIE_SECURE: Boolean
+  ADMIN_COOKIE_SECURE: Boolean
   DISABLE_EMAIL_VERIFICATION: Boolean
   DISABLE_BASIC_AUTHENTICATION: Boolean
   DISABLE_MAGIC_LINK_LOGIN: Boolean
@@ -4422,6 +4461,47 @@ func (ec *executionContext) fieldContext_Env_SMTP_PASSWORD(ctx context.Context,
 	return fc, nil
 }
 
+func (ec *executionContext) _Env_SMTP_LOCAL_NAME(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	fc, err := ec.fieldContext_Env_SMTP_LOCAL_NAME(ctx, field)
+	if err != nil {
+		return graphql.Null
+	}
+	ctx = graphql.WithFieldContext(ctx, fc)
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.SMTPLocalName, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		return graphql.Null
+	}
+	res := resTmp.(*string)
+	fc.Result = res
+	return ec.marshalOString2ᚖstring(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) fieldContext_Env_SMTP_LOCAL_NAME(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
+	fc = &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		IsMethod:   false,
+		IsResolver: false,
+		Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
+			return nil, errors.New("field of type String does not have child fields")
+		},
+	}
+	return fc, nil
+}
+
 func (ec *executionContext) _Env_SENDER_EMAIL(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
 	fc, err := ec.fieldContext_Env_SENDER_EMAIL(ctx, field)
 	if err != nil {
@@ -5925,6 +6005,94 @@ func (ec *executionContext) fieldContext_Env_ORGANIZATION_LOGO(ctx context.Conte
 	return fc, nil
 }
 
+func (ec *executionContext) _Env_APP_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	fc, err := ec.fieldContext_Env_APP_COOKIE_SECURE(ctx, field)
+	if err != nil {
+		return graphql.Null
+	}
+	ctx = graphql.WithFieldContext(ctx, fc)
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.AppCookieSecure, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(bool)
+	fc.Result = res
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) fieldContext_Env_APP_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
+	fc = &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		IsMethod:   false,
+		IsResolver: false,
+		Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
+			return nil, errors.New("field of type Boolean does not have child fields")
+		},
+	}
+	return fc, nil
+}
+
+func (ec *executionContext) _Env_ADMIN_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField, obj *model.Env) (ret graphql.Marshaler) {
+	fc, err := ec.fieldContext_Env_ADMIN_COOKIE_SECURE(ctx, field)
+	if err != nil {
+		return graphql.Null
+	}
+	ctx = graphql.WithFieldContext(ctx, fc)
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.AdminCookieSecure, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		if !graphql.HasFieldError(ctx, fc) {
+			ec.Errorf(ctx, "must not be null")
+		}
+		return graphql.Null
+	}
+	res := resTmp.(bool)
+	fc.Result = res
+	return ec.marshalNBoolean2bool(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) fieldContext_Env_ADMIN_COOKIE_SECURE(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
+	fc = &graphql.FieldContext{
+		Object:     "Env",
+		Field:      field,
+		IsMethod:   false,
+		IsResolver: false,
+		Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
+			return nil, errors.New("field of type Boolean does not have child fields")
+		},
+	}
+	return fc, nil
+}
+
 func (ec *executionContext) _Error_message(ctx context.Context, field graphql.CollectedField, obj *model.Error) (ret graphql.Marshaler) {
 	fc, err := ec.fieldContext_Error_message(ctx, field)
 	if err != nil {
@@ -8977,6 +9145,8 @@ func (ec *executionContext) fieldContext_Query_validate_jwt_token(ctx context.Co
 			switch field.Name {
 			case "is_valid":
 				return ec.fieldContext_ValidateJWTTokenResponse_is_valid(ctx, field)
+			case "claims":
+				return ec.fieldContext_ValidateJWTTokenResponse_claims(ctx, field)
 			}
 			return nil, fmt.Errorf("no field named %q was found under type ValidateJWTTokenResponse", field.Name)
 		},
@@ -9236,6 +9406,8 @@ func (ec *executionContext) fieldContext_Query__env(ctx context.Context, field g
 				return ec.fieldContext_Env_SMTP_USERNAME(ctx, field)
 			case "SMTP_PASSWORD":
 				return ec.fieldContext_Env_SMTP_PASSWORD(ctx, field)
+			case "SMTP_LOCAL_NAME":
+				return ec.fieldContext_Env_SMTP_LOCAL_NAME(ctx, field)
 			case "SENDER_EMAIL":
 				return ec.fieldContext_Env_SENDER_EMAIL(ctx, field)
 			case "JWT_TYPE":
@@ -9308,6 +9480,10 @@ func (ec *executionContext) fieldContext_Query__env(ctx context.Context, field g
 				return ec.fieldContext_Env_ORGANIZATION_NAME(ctx, field)
 			case "ORGANIZATION_LOGO":
 				return ec.fieldContext_Env_ORGANIZATION_LOGO(ctx, field)
+			case "APP_COOKIE_SECURE":
+				return ec.fieldContext_Env_APP_COOKIE_SECURE(ctx, field)
+			case "ADMIN_COOKIE_SECURE":
+				return ec.fieldContext_Env_ADMIN_COOKIE_SECURE(ctx, field)
 			}
 			return nil, fmt.Errorf("no field named %q was found under type Env", field.Name)
 		},
@@ -10800,6 +10976,47 @@ func (ec *executionContext) fieldContext_ValidateJWTTokenResponse_is_valid(ctx c
 	return fc, nil
 }
 
+func (ec *executionContext) _ValidateJWTTokenResponse_claims(ctx context.Context, field graphql.CollectedField, obj *model.ValidateJWTTokenResponse) (ret graphql.Marshaler) {
+	fc, err := ec.fieldContext_ValidateJWTTokenResponse_claims(ctx, field)
+	if err != nil {
+		return graphql.Null
+	}
+	ctx = graphql.WithFieldContext(ctx, fc)
+	defer func() {
+		if r := recover(); r != nil {
+			ec.Error(ctx, ec.Recover(ctx, r))
+			ret = graphql.Null
+		}
+	}()
+	resTmp, err := ec.ResolverMiddleware(ctx, func(rctx context.Context) (interface{}, error) {
+		ctx = rctx // use context from middleware stack in children
+		return obj.Claims, nil
+	})
+	if err != nil {
+		ec.Error(ctx, err)
+		return graphql.Null
+	}
+	if resTmp == nil {
+		return graphql.Null
+	}
+	res := resTmp.(map[string]interface{})
+	fc.Result = res
+	return ec.marshalOMap2map(ctx, field.Selections, res)
+}
+
+func (ec *executionContext) fieldContext_ValidateJWTTokenResponse_claims(ctx context.Context, field graphql.CollectedField) (fc *graphql.FieldContext, err error) {
+	fc = &graphql.FieldContext{
+		Object:     "ValidateJWTTokenResponse",
+		Field:      field,
+		IsMethod:   false,
+		IsResolver: false,
+		Child: func(ctx context.Context, field graphql.CollectedField) (*graphql.FieldContext, error) {
+			return nil, errors.New("field of type Map does not have child fields")
+		},
+	}
+	return fc, nil
+}
+
 func (ec *executionContext) _VerificationRequest_id(ctx context.Context, field graphql.CollectedField, obj *model.VerificationRequest) (ret graphql.Marshaler) {
 	fc, err := ec.fieldContext_VerificationRequest_id(ctx, field)
 	if err != nil {
@@ -14858,7 +15075,7 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 		asMap[k] = v
 	}
 
-	fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SENDER_EMAIL", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "ORGANIZATION_NAME", "ORGANIZATION_LOGO"}
+	fieldsInOrder := [...]string{"ACCESS_TOKEN_EXPIRY_TIME", "ADMIN_SECRET", "CUSTOM_ACCESS_TOKEN_SCRIPT", "OLD_ADMIN_SECRET", "SMTP_HOST", "SMTP_PORT", "SMTP_USERNAME", "SMTP_PASSWORD", "SMTP_LOCAL_NAME", "SENDER_EMAIL", "JWT_TYPE", "JWT_SECRET", "JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", "ALLOWED_ORIGINS", "APP_URL", "RESET_PASSWORD_URL", "APP_COOKIE_SECURE", "ADMIN_COOKIE_SECURE", "DISABLE_EMAIL_VERIFICATION", "DISABLE_BASIC_AUTHENTICATION", "DISABLE_MAGIC_LINK_LOGIN", "DISABLE_LOGIN_PAGE", "DISABLE_SIGN_UP", "DISABLE_REDIS_FOR_ENV", "DISABLE_STRONG_PASSWORD", "DISABLE_MULTI_FACTOR_AUTHENTICATION", "ENFORCE_MULTI_FACTOR_AUTHENTICATION", "ROLES", "PROTECTED_ROLES", "DEFAULT_ROLES", "JWT_ROLE_CLAIM", "GOOGLE_CLIENT_ID", "GOOGLE_CLIENT_SECRET", "GITHUB_CLIENT_ID", "GITHUB_CLIENT_SECRET", "FACEBOOK_CLIENT_ID", "FACEBOOK_CLIENT_SECRET", "LINKEDIN_CLIENT_ID", "LINKEDIN_CLIENT_SECRET", "APPLE_CLIENT_ID", "APPLE_CLIENT_SECRET", "TWITTER_CLIENT_ID", "TWITTER_CLIENT_SECRET", "ORGANIZATION_NAME", "ORGANIZATION_LOGO"}
 	for _, k := range fieldsInOrder {
 		v, ok := asMap[k]
 		if !ok {
@@ -14929,6 +15146,14 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 			if err != nil {
 				return it, err
 			}
+		case "SMTP_LOCAL_NAME":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("SMTP_LOCAL_NAME"))
+			it.SMTPLocalName, err = ec.unmarshalOString2ᚖstring(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		case "SENDER_EMAIL":
 			var err error
 
@@ -14993,6 +15218,22 @@ func (ec *executionContext) unmarshalInputUpdateEnvInput(ctx context.Context, ob
 			if err != nil {
 				return it, err
 			}
+		case "APP_COOKIE_SECURE":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("APP_COOKIE_SECURE"))
+			it.AppCookieSecure, err = ec.unmarshalOBoolean2ᚖbool(ctx, v)
+			if err != nil {
+				return it, err
+			}
+		case "ADMIN_COOKIE_SECURE":
+			var err error
+
+			ctx := graphql.WithPathContext(ctx, graphql.NewPathWithField("ADMIN_COOKIE_SECURE"))
+			it.AdminCookieSecure, err = ec.unmarshalOBoolean2ᚖbool(ctx, v)
+			if err != nil {
+				return it, err
+			}
 		case "DISABLE_EMAIL_VERIFICATION":
 			var err error
 
@@ -15898,6 +16139,10 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
 
 			out.Values[i] = ec._Env_SMTP_PASSWORD(ctx, field, obj)
 
+		case "SMTP_LOCAL_NAME":
+
+			out.Values[i] = ec._Env_SMTP_LOCAL_NAME(ctx, field, obj)
+
 		case "SENDER_EMAIL":
 
 			out.Values[i] = ec._Env_SENDER_EMAIL(ctx, field, obj)
@@ -16069,6 +16314,20 @@ func (ec *executionContext) _Env(ctx context.Context, sel ast.SelectionSet, obj
 
 			out.Values[i] = ec._Env_ORGANIZATION_LOGO(ctx, field, obj)
 
+		case "APP_COOKIE_SECURE":
+
+			out.Values[i] = ec._Env_APP_COOKIE_SECURE(ctx, field, obj)
+
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
+		case "ADMIN_COOKIE_SECURE":
+
+			out.Values[i] = ec._Env_ADMIN_COOKIE_SECURE(ctx, field, obj)
+
+			if out.Values[i] == graphql.Null {
+				invalids++
+			}
 		default:
 			panic("unknown field " + strconv.Quote(field.Name))
 		}
@@ -17146,6 +17405,10 @@ func (ec *executionContext) _ValidateJWTTokenResponse(ctx context.Context, sel a
 			if out.Values[i] == graphql.Null {
 				invalids++
 			}
+		case "claims":
+
+			out.Values[i] = ec._ValidateJWTTokenResponse_claims(ctx, field, obj)
+
 		default:
 			panic("unknown field " + strconv.Quote(field.Name))
 		}

server/graph/model/models_gen.go

@@ -74,6 +74,7 @@ type Env struct {
 	SMTPPort                         *string  `json:"SMTP_PORT"`
 	SMTPUsername                     *string  `json:"SMTP_USERNAME"`
 	SMTPPassword                     *string  `json:"SMTP_PASSWORD"`
+	SMTPLocalName                    *string  `json:"SMTP_LOCAL_NAME"`
 	SenderEmail                      *string  `json:"SENDER_EMAIL"`
 	JwtType                          *string  `json:"JWT_TYPE"`
 	JwtSecret                        *string  `json:"JWT_SECRET"`
@@ -110,6 +111,8 @@ type Env struct {
 	TwitterClientSecret              *string  `json:"TWITTER_CLIENT_SECRET"`
 	OrganizationName                 *string  `json:"ORGANIZATION_NAME"`
 	OrganizationLogo                 *string  `json:"ORGANIZATION_LOGO"`
+	AppCookieSecure                  bool     `json:"APP_COOKIE_SECURE"`
+	AdminCookieSecure                bool     `json:"ADMIN_COOKIE_SECURE"`
 }
 
 type Error struct {
@@ -269,6 +272,7 @@ type UpdateEnvInput struct {
 	SMTPPort                         *string  `json:"SMTP_PORT"`
 	SMTPUsername                     *string  `json:"SMTP_USERNAME"`
 	SMTPPassword                     *string  `json:"SMTP_PASSWORD"`
+	SMTPLocalName                    *string  `json:"SMTP_LOCAL_NAME"`
 	SenderEmail                      *string  `json:"SENDER_EMAIL"`
 	JwtType                          *string  `json:"JWT_TYPE"`
 	JwtSecret                        *string  `json:"JWT_SECRET"`
@@ -277,6 +281,8 @@ type UpdateEnvInput struct {
 	AllowedOrigins                   []string `json:"ALLOWED_ORIGINS"`
 	AppURL                           *string  `json:"APP_URL"`
 	ResetPasswordURL                 *string  `json:"RESET_PASSWORD_URL"`
+	AppCookieSecure                  *bool    `json:"APP_COOKIE_SECURE"`
+	AdminCookieSecure                *bool    `json:"ADMIN_COOKIE_SECURE"`
 	DisableEmailVerification         *bool    `json:"DISABLE_EMAIL_VERIFICATION"`
 	DisableBasicAuthentication       *bool    `json:"DISABLE_BASIC_AUTHENTICATION"`
 	DisableMagicLinkLogin            *bool    `json:"DISABLE_MAGIC_LINK_LOGIN"`
@@ -381,6 +387,7 @@ type ValidateJWTTokenInput struct {
 
 type ValidateJWTTokenResponse struct {
 	IsValid bool                   `json:"is_valid"`
+	Claims  map[string]interface{} `json:"claims"`
 }
 
 type VerificationRequest struct {

server/graph/schema.graphqls

@@ -110,6 +110,7 @@ type Env {
   SMTP_PORT: String
   SMTP_USERNAME: String
   SMTP_PASSWORD: String
+  SMTP_LOCAL_NAME: String
   SENDER_EMAIL: String
   JWT_TYPE: String
   JWT_SECRET: String
@@ -146,10 +147,13 @@ type Env {
   TWITTER_CLIENT_SECRET: String
   ORGANIZATION_NAME: String
   ORGANIZATION_LOGO: String
+  APP_COOKIE_SECURE: Boolean!
+  ADMIN_COOKIE_SECURE: Boolean!
 }
 
 type ValidateJWTTokenResponse {
   is_valid: Boolean!
+  claims: Map
 }
 
 type GenerateJWTKeysResponse {
@@ -217,6 +221,7 @@ input UpdateEnvInput {
   SMTP_PORT: String
   SMTP_USERNAME: String
   SMTP_PASSWORD: String
+  SMTP_LOCAL_NAME: String
   SENDER_EMAIL: String
   JWT_TYPE: String
   JWT_SECRET: String
@@ -225,6 +230,8 @@ input UpdateEnvInput {
   ALLOWED_ORIGINS: [String!]
   APP_URL: String
   RESET_PASSWORD_URL: String
+  APP_COOKIE_SECURE: Boolean
+  ADMIN_COOKIE_SECURE: Boolean
   DISABLE_EMAIL_VERIFICATION: Boolean
   DISABLE_BASIC_AUTHENTICATION: Boolean
   DISABLE_MAGIC_LINK_LOGIN: Boolean

server/handlers/app.go

@@ -30,7 +30,7 @@ func AppHandler() gin.HandlerFunc {
 			return
 		}
 
-		redirect_uri := strings.TrimSpace(c.Query("redirect_uri"))
+		redirectURI := strings.TrimSpace(c.Query("redirect_uri"))
 		state := strings.TrimSpace(c.Query("state"))
 		scopeString := strings.TrimSpace(c.Query("scope"))
 
@@ -41,11 +41,11 @@ func AppHandler() gin.HandlerFunc {
 			scope = strings.Split(scopeString, " ")
 		}
 
-		if redirect_uri == "" {
-			redirect_uri = hostname + "/app"
+		if redirectURI == "" {
+			redirectURI = hostname + "/app"
 		} else {
 			// validate redirect url with allowed origins
-			if !validators.IsValidOrigin(redirect_uri) {
+			if !validators.IsValidOrigin(redirectURI) {
 				log.Debug("Invalid redirect_uri")
 				c.JSON(400, gin.H{"error": "invalid redirect url"})
 				return
@@ -75,7 +75,7 @@ func AppHandler() gin.HandlerFunc {
 		c.HTML(http.StatusOK, "app.tmpl", gin.H{
 			"data": map[string]interface{}{
 				"authorizerURL":    hostname,
-				"redirectURL":      redirect_uri,
+				"redirectURL":      redirectURI,
 				"scope":            scope,
 				"state":            state,
 				"organizationName": orgName,

server/handlers/openid_config.go

@@ -17,14 +17,14 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
 		c.JSON(200, gin.H{
 			"issuer":                                issuer,
 			"authorization_endpoint":                issuer + "/authorize",
-			"token_endpoint":                        issuer + "/token",
+			"token_endpoint":                        issuer + "/oauth/token",
 			"userinfo_endpoint":                     issuer + "/userinfo",
 			"jwks_uri":                              issuer + "/.well-known/jwks.json",
-			"response_types_supported":              []string{"code", "token", "id_token", "code token", "code id_token", "token id_token", "code token id_token"},
+			"response_types_supported":              []string{"code", "token", "id_token"},
 			"scopes_supported":                      []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
-			"response_modes_supported":              []string{"query", "fragment", "form_post"},
+			"response_modes_supported":              []string{"query", "fragment", "form_post", "web_message"},
 			"id_token_signing_alg_values_supported": []string{jwtType},
-			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
+			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "role", "gender", "birthdate", "phone_number", "phone_number_verified", "nonce", "updated_at", "created_at", "revoked_timestamp", "login_method", "signup_methods", "token_type"},
 		})
 	}
 }

server/handlers/token.go

@@ -154,6 +154,7 @@ func TokenHandler() gin.HandlerFunc {
 					"error":             "invalid_refresh_token",
 					"error_description": "The refresh token is invalid",
 				})
+				return
 			}
 
 			claims, err := token.ValidateRefreshToken(gc, refreshToken)
@@ -163,9 +164,10 @@ func TokenHandler() gin.HandlerFunc {
 					"error":             "unauthorized",
 					"error_description": err.Error(),
 				})
+				return
 			}
 			userID = claims["sub"].(string)
-			loginMethod := claims["login_method"]
+			claimLoginMethod := claims["login_method"]
 			rolesInterface := claims["roles"].([]interface{})
 			scopeInterface := claims["scope"].([]interface{})
 			for _, v := range rolesInterface {
@@ -176,9 +178,11 @@ func TokenHandler() gin.HandlerFunc {
 			}
 
 			sessionKey = userID
-			if loginMethod != nil && loginMethod != "" {
-				sessionKey = loginMethod.(string) + ":" + sessionKey
+			if claimLoginMethod != nil && claimLoginMethod != "" {
+				sessionKey = claimLoginMethod.(string) + ":" + sessionKey
+				loginMethod = claimLoginMethod.(string)
 			}
+
 			// remove older refresh token and rotate it for security
 			go memorystore.Provider.DeleteUserSession(sessionKey, claims["nonce"].(string))
 		}
@@ -211,6 +215,7 @@ func TokenHandler() gin.HandlerFunc {
 			})
 			return
 		}
+
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeSessionToken+"_"+authToken.FingerPrint, authToken.FingerPrintHash)
 		memorystore.Provider.SetUserSession(sessionKey, constants.TokenTypeAccessToken+"_"+authToken.FingerPrint, authToken.AccessToken.Token)
 		cookie.SetSession(gc, authToken.FingerPrintHash)

server/main.go

@@ -15,12 +15,15 @@ import (
 	"github.com/authorizerdev/authorizer/server/routes"
 )
 
+// VERSION is used to define the version of authorizer from build tags
 var VERSION string
 
+// LogUTCFormatter hels in setting UTC time format for the logs
 type LogUTCFormatter struct {
 	log.Formatter
 }
 
+// Format helps fomratting time to UTC
 func (u LogUTCFormatter) Format(e *log.Entry) ([]byte, error) {
 	e.Time = e.Time.UTC()
 	return u.Formatter.Format(e)
@@ -58,7 +61,10 @@ func main() {
 	default:
 		logLevel = logrus.InfoLevel
 	}
+	// set log level globally
 	logrus.SetLevel(logLevel)
+
+	// set log level for go-gin middleware
 	log.SetLevel(logLevel)
 
 	// show file path in log for debug or other log levels.

server/memorystore/memory_store.go

@@ -57,7 +57,7 @@ func InitMemStore() error {
 	}
 
 	redisURL := requiredEnvs.RedisURL
-	if redisURL != "" && !requiredEnvs.disableRedisForEnv {
+	if redisURL != "" && !requiredEnvs.DisableRedisForEnv {
 		log.Info("Initializing Redis memory store")
 		Provider, err = redis.NewRedisProvider(redisURL)
 		if err != nil {

server/memorystore/required_env_store.go

@@ -27,7 +27,11 @@ type RequiredEnv struct {
 	DatabaseCertKey    string `json:"DATABASE_CERT_KEY"`
 	DatabaseCACert     string `json:"DATABASE_CA_CERT"`
 	RedisURL           string `json:"REDIS_URL"`
-	disableRedisForEnv bool   `json:"DISABLE_REDIS_FOR_ENV"`
+	DisableRedisForEnv bool   `json:"DISABLE_REDIS_FOR_ENV"`
+	// AWS Related Envs
+	AwsRegion          string `json:"AWS_REGION"`
+	AwsAccessKeyID     string `json:"AWS_ACCESS_KEY_ID"`
+	AwsSecretAccessKey string `json:"AWS_SECRET_ACCESS_KEY"`
 }
 
 // RequiredEnvObj is a simple in-memory store for sessions.
@@ -53,7 +57,8 @@ func (r *RequiredEnvStore) SetRequiredEnv(requiredEnv RequiredEnv) {
 
 var RequiredEnvStoreObj *RequiredEnvStore
 
-// InitRequiredEnv to initialize EnvData and through error if required env are not present
+// InitRequiredEnv to initialize EnvData and throw error if required env are not present
+// This includes env that only configurable via env vars and not the ui
 func InitRequiredEnv() error {
 	envPath := os.Getenv(constants.EnvKeyEnvPath)
 
@@ -85,6 +90,9 @@ func InitRequiredEnv() error {
 	dbCACert := os.Getenv(constants.EnvKeyDatabaseCACert)
 	redisURL := os.Getenv(constants.EnvKeyRedisURL)
 	disableRedisForEnv := os.Getenv(constants.EnvKeyDisableRedisForEnv) == "true"
+	awsRegion := os.Getenv(constants.EnvAwsRegion)
+	awsAccessKeyID := os.Getenv(constants.EnvAwsAccessKeyID)
+	awsSecretAccessKey := os.Getenv(constants.EnvAwsSecretAccessKey)
 
 	if strings.TrimSpace(redisURL) == "" {
 		if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" {
@@ -113,7 +121,8 @@ func InitRequiredEnv() error {
 			dbURL = strings.TrimSpace(*cli.ARG_DB_URL)
 		}
 
-		if dbURL == "" && dbPort == "" && dbHost == "" && dbUsername == "" && dbPassword == "" {
+		// In dynamoDB these field are not always mandatory
+		if dbType != constants.DbTypeDynamoDB && dbURL == "" && dbPort == "" && dbHost == "" && dbUsername == "" && dbPassword == "" {
 			log.Debug("DATABASE_URL is not set")
 			return errors.New("invalid database url. DATABASE_URL is required")
 		}
@@ -138,7 +147,10 @@ func InitRequiredEnv() error {
 		DatabaseCertKey:    dbCertKey,
 		DatabaseCACert:     dbCACert,
 		RedisURL:           redisURL,
-		disableRedisForEnv: disableRedisForEnv,
+		DisableRedisForEnv: disableRedisForEnv,
+		AwsRegion:          awsRegion,
+		AwsAccessKeyID:     awsAccessKeyID,
+		AwsSecretAccessKey: awsSecretAccessKey,
 	}
 
 	RequiredEnvStoreObj = &RequiredEnvStore{

server/resolvers/env.go

@@ -89,6 +89,9 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	if val, ok := store[constants.EnvKeySenderEmail]; ok {
 		res.SenderEmail = refs.NewStringRef(val.(string))
 	}
+	if val, ok := store[constants.EnvKeySmtpLocalName]; ok {
+		res.SMTPLocalName = refs.NewStringRef(val.(string))
+	}
 	if val, ok := store[constants.EnvKeyJwtType]; ok {
 		res.JwtType = refs.NewStringRef(val.(string))
 	}
@@ -179,6 +182,8 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	res.DisableStrongPassword = store[constants.EnvKeyDisableStrongPassword].(bool)
 	res.EnforceMultiFactorAuthentication = store[constants.EnvKeyEnforceMultiFactorAuthentication].(bool)
 	res.DisableMultiFactorAuthentication = store[constants.EnvKeyDisableMultiFactorAuthentication].(bool)
+	res.AdminCookieSecure = store[constants.EnvKeyAdminCookieSecure].(bool)
+	res.AppCookieSecure = store[constants.EnvKeyAppCookieSecure].(bool)
 
 	return res, nil
 }

server/resolvers/forgot_password.go

@@ -62,12 +62,21 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		log.Debug("Failed to generate nonce: ", err)
 		return res, err
 	}
-	redirectURL := parsers.GetAppURL(gc)
+
+	redirectURI := ""
+	// give higher preference to params redirect uri
 	if strings.TrimSpace(refs.StringValue(params.RedirectURI)) != "" {
-		redirectURL = refs.StringValue(params.RedirectURI)
+		redirectURI = refs.StringValue(params.RedirectURI)
+	} else {
+		redirectURI, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
+		if err != nil {
+			log.Debug("ResetPasswordURL not found using default app url: ", err)
+			redirectURI = hostname + "/app/reset-password"
+			memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, redirectURI)
+		}
 	}
 
-	verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURL)
+	verificationToken, err := token.CreateVerificationToken(params.Email, constants.VerificationTypeForgotPassword, hostname, nonceHash, redirectURI)
 	if err != nil {
 		log.Debug("Failed to create verification token", err)
 		return res, err
@@ -78,7 +87,7 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		ExpiresAt:   time.Now().Add(time.Minute * 30).Unix(),
 		Email:       params.Email,
 		Nonce:       nonceHash,
-		RedirectURI: redirectURL,
+		RedirectURI: redirectURI,
 	})
 	if err != nil {
 		log.Debug("Failed to add verification request", err)
@@ -89,7 +98,7 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 	go email.SendEmail([]string{params.Email}, constants.VerificationTypeForgotPassword, map[string]interface{}{
 		"user":             user.ToMap(),
 		"organization":     utils.GetOrganization(),
-		"verification_url": utils.GetForgotPasswordURL(verificationToken, hostname),
+		"verification_url": utils.GetForgotPasswordURL(verificationToken, redirectURI),
 	})
 
 	res = &model.Response{

server/resolvers/validate_jwt_token.go

@@ -93,5 +93,6 @@ func ValidateJwtTokenResolver(ctx context.Context, params model.ValidateJWTToken
 	}
 	return &model.ValidateJWTTokenResponse{
 		IsValid: true,
+		Claims:  claims,
 	}, nil
 }

server/test/resolvers_test.go

@@ -20,6 +20,7 @@ func TestResolvers(t *testing.T) {
 		constants.DbTypeArangodb: "http://localhost:8529",
 		constants.DbTypeMongodb:  "mongodb://localhost:27017",
 		constants.DbTypeScyllaDB: "127.0.0.1:9042",
+		constants.DbTypeDynamoDB: "http://0.0.0.0:8000",
 	}
 
 	testDBs := strings.Split(os.Getenv("TEST_DBS"), ",")
@@ -51,25 +52,33 @@ func TestResolvers(t *testing.T) {
 		os.Setenv(constants.EnvKeyDatabaseURL, dbURL)
 		os.Setenv(constants.EnvKeyDatabaseType, dbType)
 		os.Setenv(constants.EnvKeyDatabaseName, testDb)
+
+		if dbType == constants.DbTypeDynamoDB {
+			memorystore.Provider.UpdateEnvVariable(constants.EnvAwsRegion, "ap-south-1")
+			os.Setenv(constants.EnvAwsRegion, "ap-south-1")
+		}
+
 		memorystore.InitRequiredEnv()
 
 		err := db.InitDB()
 		if err != nil {
-			t.Errorf("Error initializing database: %s", err.Error())
+			t.Logf("Error initializing database: %s", err.Error())
 		}
 
 		// clean the persisted config for test to use fresh config
 		envData, err := db.Provider.GetEnv(ctx)
-		if err == nil {
+		if err == nil && envData.ID != "" {
 			envData.EnvData = ""
 			_, err = db.Provider.UpdateEnv(ctx, envData)
 			if err != nil {
-				t.Errorf("Error updating env: %s", err.Error())
+				t.Logf("Error updating env: %s", err.Error())
 			}
+		} else if err != nil {
+			t.Logf("Error getting env: %s", err.Error())
 		}
 		err = env.PersistEnv()
 		if err != nil {
-			t.Errorf("Error persisting env: %s", err.Error())
+			t.Logf("Error persisting env: %s", err.Error())
 		}
 
 		memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEnv, "test")

server/test/test.go

@@ -84,7 +84,7 @@ func testSetup() TestSetup {
 	testData := TestData{
 		Email:                       fmt.Sprintf("%d_authorizer_tester@yopmail.com", time.Now().Unix()),
 		Password:                    "Test@123",
-		WebhookEndpoint:             "https://62cbc6738042b16aa7c22df2.mockapi.io/api/v1/webhook",
+		WebhookEndpoint:             "https://62f93101e05644803533cf36.mockapi.io/authorizer/webhook",
 		TestWebhookEventTypes:       []string{constants.UserAccessEnabledWebhookEvent, constants.UserAccessRevokedWebhookEvent, constants.UserCreatedWebhookEvent, constants.UserDeletedWebhookEvent, constants.UserLoginWebhookEvent, constants.UserSignUpWebhookEvent},
 		TestEmailTemplateEventTypes: []string{constants.VerificationTypeBasicAuthSignup, constants.VerificationTypeForgotPassword, constants.VerificationTypeMagicLinkLogin, constants.VerificationTypeUpdateEmail},
 	}

server/test/validate_jwt_token_test.go

@@ -93,5 +93,6 @@ func validateJwtTokenTest(t *testing.T, s TestSetup) {
 		})
 		assert.NoError(t, err)
 		assert.True(t, res.IsValid)
+		assert.Equal(t, user.Email, res.Claims["email"])
 	})
 }

server/token/auth_token.go

@@ -124,6 +124,7 @@ func CreateRefreshToken(user models.User, roles, scopes []string, hostname, nonc
 		"scope":         scopes,
 		"nonce":         nonce,
 		"login_method":  loginMethod,
+		"allowed_roles": strings.Split(user.Roles, ","),
 	}
 
 	token, err := SignJWTToken(customClaims)
@@ -163,6 +164,7 @@ func CreateAccessToken(user models.User, roles, scopes []string, hostName, nonce
 		"scope":         scopes,
 		"roles":         roles,
 		"login_method":  loginMethod,
+		"allowed_roles": strings.Split(user.Roles, ","),
 	}
 
 	token, err := SignJWTToken(customClaims)
@@ -256,7 +258,6 @@ func ValidateRefreshToken(gc *gin.Context, refreshToken string) (map[string]inte
 	if loginMethod != nil && loginMethod != "" {
 		sessionKey = loginMethod.(string) + ":" + userID
 	}
-
 	token, err := memorystore.Provider.GetUserSession(sessionKey, constants.TokenTypeRefreshToken+"_"+nonce)
 	if nonce == "" || err != nil {
 		return res, fmt.Errorf(`unauthorized`)

server/utils/common.go

@@ -81,17 +81,8 @@ func GetOrganization() map[string]interface{} {
 }
 
 // GetForgotPasswordURL to get url for given token and hostname
-func GetForgotPasswordURL(token, hostname string) string {
-	resetPasswordUrl, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyResetPasswordURL)
-	if err != nil {
-		return ""
-	}
-	if resetPasswordUrl == "" {
-		if err := memorystore.Provider.UpdateEnvVariable(constants.EnvKeyResetPasswordURL, hostname+"/app/reset-password"); err != nil {
-			return ""
-		}
-	}
-	verificationURL := resetPasswordUrl + "?token=" + token
+func GetForgotPasswordURL(token, redirectURI string) string {
+	verificationURL := redirectURI + "?token=" + token
 	return verificationURL
 }