Add support for more JWT algo methods

lakhansamani · lakhansamani · commit 8259fb515cb5 · 2022-02-12T15:54:23.000+05:30
diff --git a/server/constants/env.go b/server/constants/env.go
@@ -43,6 +43,10 @@ const (
 	EnvKeyJwtType = "JWT_TYPE"
 	// EnvKeyJwtSecret key for env variable JWT_SECRET
 	EnvKeyJwtSecret = "JWT_SECRET"
+	// EnvKeyJwtPrivateKey key for env variable JWT_PRIVATE_KEY
+	EnvKeyJwtPrivateKey = "JWT_PRIVATE_KEY"
+	// EnvKeyJwtPublicKey key for env variable JWT_PUBLIC_KEY
+	EnvKeyJwtPublicKey = "JWT_PUBLIC_KEY"
 	// EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS
 	EnvKeyAllowedOrigins = "ALLOWED_ORIGINS"
 	// EnvKeyAppURL key for env variable APP_URL
diff --git a/server/env/env.go b/server/env/env.go
@@ -19,7 +19,7 @@ func InitEnv() {
 	envData := envstore.EnvInMemoryStoreObj.GetEnvStoreClone()
 
 	if envData.StringEnv[constants.EnvKeyEnv] == "" {
-		envData.StringEnv[constants.EnvKeyEnv] = os.Getenv("ENV")
+		envData.StringEnv[constants.EnvKeyEnv] = os.Getenv(constants.EnvKeyEnv)
 		if envData.StringEnv[constants.EnvKeyEnv] == "" {
 			envData.StringEnv[constants.EnvKeyEnv] = "production"
 		}
@@ -50,18 +50,18 @@ func InitEnv() {
 	}
 
 	if envData.StringEnv[constants.EnvKeyPort] == "" {
-		envData.StringEnv[constants.EnvKeyPort] = os.Getenv("PORT")
+		envData.StringEnv[constants.EnvKeyPort] = os.Getenv(constants.EnvKeyPort)
 		if envData.StringEnv[constants.EnvKeyPort] == "" {
 			envData.StringEnv[constants.EnvKeyPort] = "8080"
 		}
 	}
 
 	if envData.StringEnv[constants.EnvKeyAdminSecret] == "" {
-		envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv("ADMIN_SECRET")
+		envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret)
 	}
 
 	if envData.StringEnv[constants.EnvKeyDatabaseType] == "" {
-		envData.StringEnv[constants.EnvKeyDatabaseType] = os.Getenv("DATABASE_TYPE")
+		envData.StringEnv[constants.EnvKeyDatabaseType] = os.Getenv(constants.EnvKeyDatabaseType)
 
 		if envstore.ARG_DB_TYPE != nil && *envstore.ARG_DB_TYPE != "" {
 			envData.StringEnv[constants.EnvKeyDatabaseType] = *envstore.ARG_DB_TYPE
@@ -73,7 +73,7 @@ func InitEnv() {
 	}
 
 	if envData.StringEnv[constants.EnvKeyDatabaseURL] == "" {
-		envData.StringEnv[constants.EnvKeyDatabaseURL] = os.Getenv("DATABASE_URL")
+		envData.StringEnv[constants.EnvKeyDatabaseURL] = os.Getenv(constants.EnvKeyDatabaseURL)
 
 		if envstore.ARG_DB_URL != nil && *envstore.ARG_DB_URL != "" {
 			envData.StringEnv[constants.EnvKeyDatabaseURL] = *envstore.ARG_DB_URL
@@ -85,97 +85,105 @@ func InitEnv() {
 	}
 
 	if envData.StringEnv[constants.EnvKeyDatabaseName] == "" {
-		envData.StringEnv[constants.EnvKeyDatabaseName] = os.Getenv("DATABASE_NAME")
+		envData.StringEnv[constants.EnvKeyDatabaseName] = os.Getenv(constants.EnvKeyDatabaseName)
 		if envData.StringEnv[constants.EnvKeyDatabaseName] == "" {
 			envData.StringEnv[constants.EnvKeyDatabaseName] = "authorizer"
 		}
 	}
 
 	if envData.StringEnv[constants.EnvKeySmtpHost] == "" {
-		envData.StringEnv[constants.EnvKeySmtpHost] = os.Getenv("SMTP_HOST")
+		envData.StringEnv[constants.EnvKeySmtpHost] = os.Getenv(constants.EnvKeySmtpHost)
 	}
 
 	if envData.StringEnv[constants.EnvKeySmtpPort] == "" {
-		envData.StringEnv[constants.EnvKeySmtpPort] = os.Getenv("SMTP_PORT")
+		envData.StringEnv[constants.EnvKeySmtpPort] = os.Getenv(constants.EnvKeySmtpPort)
 	}
 
 	if envData.StringEnv[constants.EnvKeySmtpUsername] == "" {
-		envData.StringEnv[constants.EnvKeySmtpUsername] = os.Getenv("SMTP_USERNAME")
+		envData.StringEnv[constants.EnvKeySmtpUsername] = os.Getenv(constants.EnvKeySmtpUsername)
 	}
 
 	if envData.StringEnv[constants.EnvKeySmtpPassword] == "" {
-		envData.StringEnv[constants.EnvKeySmtpPassword] = os.Getenv("SMTP_PASSWORD")
+		envData.StringEnv[constants.EnvKeySmtpPassword] = os.Getenv(constants.EnvKeySmtpPassword)
 	}
 
 	if envData.StringEnv[constants.EnvKeySenderEmail] == "" {
-		envData.StringEnv[constants.EnvKeySenderEmail] = os.Getenv("SENDER_EMAIL")
+		envData.StringEnv[constants.EnvKeySenderEmail] = os.Getenv(constants.EnvKeySenderEmail)
 	}
 
 	if envData.StringEnv[constants.EnvKeyJwtSecret] == "" {
-		envData.StringEnv[constants.EnvKeyJwtSecret] = os.Getenv("JWT_SECRET")
+		envData.StringEnv[constants.EnvKeyJwtSecret] = os.Getenv(constants.EnvKeyJwtSecret)
 		if envData.StringEnv[constants.EnvKeyJwtSecret] == "" {
 			envData.StringEnv[constants.EnvKeyJwtSecret] = uuid.New().String()
 		}
 	}
 
+	if envData.StringEnv[constants.EnvKeyJwtPrivateKey] == "" {
+		envData.StringEnv[constants.EnvKeyJwtPrivateKey] = os.Getenv(constants.EnvKeyJwtPrivateKey)
+	}
+
+	if envData.StringEnv[constants.EnvKeyJwtPublicKey] == "" {
+		envData.StringEnv[constants.EnvKeyJwtPublicKey] = os.Getenv(constants.EnvKeyJwtPublicKey)
+	}
+
 	if envData.StringEnv[constants.EnvKeyJwtType] == "" {
-		envData.StringEnv[constants.EnvKeyJwtType] = os.Getenv("JWT_TYPE")
+		envData.StringEnv[constants.EnvKeyJwtType] = os.Getenv(constants.EnvKeyJwtType)
 		if envData.StringEnv[constants.EnvKeyJwtType] == "" {
 			envData.StringEnv[constants.EnvKeyJwtType] = "HS256"
 		}
 	}
 
 	if envData.StringEnv[constants.EnvKeyJwtRoleClaim] == "" {
-		envData.StringEnv[constants.EnvKeyJwtRoleClaim] = os.Getenv("JWT_ROLE_CLAIM")
+		envData.StringEnv[constants.EnvKeyJwtRoleClaim] = os.Getenv(constants.EnvKeyJwtRoleClaim)
 
 		if envData.StringEnv[constants.EnvKeyJwtRoleClaim] == "" {
 			envData.StringEnv[constants.EnvKeyJwtRoleClaim] = "role"
 		}
 	}
 
 	if envData.StringEnv[constants.EnvKeyRedisURL] == "" {
-		envData.StringEnv[constants.EnvKeyRedisURL] = os.Getenv("REDIS_URL")
+		envData.StringEnv[constants.EnvKeyRedisURL] = os.Getenv(constants.EnvKeyRedisURL)
 	}
 
 	if envData.StringEnv[constants.EnvKeyCookieName] == "" {
-		envData.StringEnv[constants.EnvKeyCookieName] = os.Getenv("COOKIE_NAME")
+		envData.StringEnv[constants.EnvKeyCookieName] = os.Getenv(constants.EnvKeyCookieName)
 		if envData.StringEnv[constants.EnvKeyCookieName] == "" {
 			envData.StringEnv[constants.EnvKeyCookieName] = "authorizer"
 		}
 	}
 
 	if envData.StringEnv[constants.EnvKeyGoogleClientID] == "" {
-		envData.StringEnv[constants.EnvKeyGoogleClientID] = os.Getenv("GOOGLE_CLIENT_ID")
+		envData.StringEnv[constants.EnvKeyGoogleClientID] = os.Getenv(constants.EnvKeyGoogleClientID)
 	}
 
 	if envData.StringEnv[constants.EnvKeyGoogleClientSecret] == "" {
-		envData.StringEnv[constants.EnvKeyGoogleClientSecret] = os.Getenv("GOOGLE_CLIENT_SECRET")
+		envData.StringEnv[constants.EnvKeyGoogleClientSecret] = os.Getenv(constants.EnvKeyGoogleClientSecret)
 	}
 
 	if envData.StringEnv[constants.EnvKeyGithubClientID] == "" {
-		envData.StringEnv[constants.EnvKeyGithubClientID] = os.Getenv("GITHUB_CLIENT_ID")
+		envData.StringEnv[constants.EnvKeyGithubClientID] = os.Getenv(constants.EnvKeyGithubClientID)
 	}
 
 	if envData.StringEnv[constants.EnvKeyGithubClientSecret] == "" {
-		envData.StringEnv[constants.EnvKeyGithubClientSecret] = os.Getenv("GITHUB_CLIENT_SECRET")
+		envData.StringEnv[constants.EnvKeyGithubClientSecret] = os.Getenv(constants.EnvKeyGithubClientSecret)
 	}
 
 	if envData.StringEnv[constants.EnvKeyFacebookClientID] == "" {
-		envData.StringEnv[constants.EnvKeyFacebookClientID] = os.Getenv("FACEBOOK_CLIENT_ID")
+		envData.StringEnv[constants.EnvKeyFacebookClientID] = os.Getenv(constants.EnvKeyFacebookClientID)
 	}
 
 	if envData.StringEnv[constants.EnvKeyFacebookClientSecret] == "" {
-		envData.StringEnv[constants.EnvKeyFacebookClientSecret] = os.Getenv("FACEBOOK_CLIENT_SECRET")
+		envData.StringEnv[constants.EnvKeyFacebookClientSecret] = os.Getenv(constants.EnvKeyFacebookClientSecret)
 	}
 
 	if envData.StringEnv[constants.EnvKeyResetPasswordURL] == "" {
-		envData.StringEnv[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(os.Getenv("RESET_PASSWORD_URL"), "/")
+		envData.StringEnv[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(os.Getenv(constants.EnvKeyResetPasswordURL), "/")
 	}
 
-	envData.BoolEnv[constants.EnvKeyDisableBasicAuthentication] = os.Getenv("DISABLE_BASIC_AUTHENTICATION") == "true"
-	envData.BoolEnv[constants.EnvKeyDisableEmailVerification] = os.Getenv("DISABLE_EMAIL_VERIFICATION") == "true"
-	envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = os.Getenv("DISABLE_MAGIC_LINK_LOGIN") == "true"
-	envData.BoolEnv[constants.EnvKeyDisableLoginPage] = os.Getenv("DISABLE_LOGIN_PAGE") == "true"
+	envData.BoolEnv[constants.EnvKeyDisableBasicAuthentication] = os.Getenv(constants.EnvKeyDisableBasicAuthentication) == "true"
+	envData.BoolEnv[constants.EnvKeyDisableEmailVerification] = os.Getenv(constants.EnvKeyDisableEmailVerification) == "true"
+	envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = os.Getenv(constants.EnvKeyDisableMagicLinkLogin) == "true"
+	envData.BoolEnv[constants.EnvKeyDisableLoginPage] = os.Getenv(constants.EnvKeyDisableLoginPage) == "true"
 
 	// no need to add nil check as its already done above
 	if envData.StringEnv[constants.EnvKeySmtpHost] == "" || envData.StringEnv[constants.EnvKeySmtpUsername] == "" || envData.StringEnv[constants.EnvKeySmtpPassword] == "" || envData.StringEnv[constants.EnvKeySenderEmail] == "" && envData.StringEnv[constants.EnvKeySmtpPort] == "" {
@@ -187,7 +195,7 @@ func InitEnv() {
 		envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true
 	}
 
-	allowedOriginsSplit := strings.Split(os.Getenv("ALLOWED_ORIGINS"), ",")
+	allowedOriginsSplit := strings.Split(os.Getenv(constants.EnvKeyAllowedOrigins), ",")
 	allowedOrigins := []string{}
 	hasWildCard := false
 
@@ -215,22 +223,22 @@ func InitEnv() {
 
 	envData.SliceEnv[constants.EnvKeyAllowedOrigins] = allowedOrigins
 
-	rolesEnv := strings.TrimSpace(os.Getenv("ROLES"))
+	rolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyRoles))
 	rolesSplit := strings.Split(rolesEnv, ",")
 	roles := []string{}
 	if len(rolesEnv) == 0 {
 		roles = []string{"user"}
 	}
 
-	defaultRolesEnv := strings.TrimSpace(os.Getenv("DEFAULT_ROLES"))
+	defaultRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyDefaultRoles))
 	defaultRoleSplit := strings.Split(defaultRolesEnv, ",")
 	defaultRoles := []string{}
 
 	if len(defaultRolesEnv) == 0 {
 		defaultRoles = []string{"user"}
 	}
 
-	protectedRolesEnv := strings.TrimSpace(os.Getenv("PROTECTED_ROLES"))
+	protectedRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyProtectedRoles))
 	protectedRolesSplit := strings.Split(protectedRolesEnv, ",")
 	protectedRoles := []string{}
 
@@ -259,12 +267,12 @@ func InitEnv() {
 	envData.SliceEnv[constants.EnvKeyDefaultRoles] = defaultRoles
 	envData.SliceEnv[constants.EnvKeyProtectedRoles] = protectedRoles
 
-	if os.Getenv("ORGANIZATION_NAME") != "" {
-		envData.StringEnv[constants.EnvKeyOrganizationName] = os.Getenv("ORGANIZATION_NAME")
+	if os.Getenv(constants.EnvKeyOrganizationName) != "" {
+		envData.StringEnv[constants.EnvKeyOrganizationName] = os.Getenv(constants.EnvKeyOrganizationName)
 	}
 
-	if os.Getenv("ORGANIZATION_LOGO") != "" {
-		envData.StringEnv[constants.EnvKeyOrganizationLogo] = os.Getenv("ORGANIZATION_LOGO")
+	if os.Getenv(constants.EnvKeyOrganizationLogo) != "" {
+		envData.StringEnv[constants.EnvKeyOrganizationLogo] = os.Getenv(constants.EnvKeyOrganizationLogo)
 	}
 
 	envstore.EnvInMemoryStoreObj.UpdateEnvStore(envData)
diff --git a/server/handlers/verify_email.go b/server/handlers/verify_email.go
@@ -33,13 +33,13 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		}
 
 		// verify if token exists in db
-		claim, err := token.VerifyVerificationToken(tokenInQuery)
+		claim, err := token.ParseJWTToken(tokenInQuery)
 		if err != nil {
 			c.JSON(400, errorRes)
 			return
 		}
 
-		user, err := db.Provider.GetUserByEmail(claim.Email)
+		user, err := db.Provider.GetUserByEmail(claim["email"].(string))
 		if err != nil {
 			c.JSON(400, gin.H{
 				"message": err.Error(),
@@ -68,6 +68,6 @@ func VerifyEmailHandler() gin.HandlerFunc {
 		cookie.SetCookie(c, authToken.AccessToken.Token, authToken.RefreshToken.Token, authToken.FingerPrintHash)
 		utils.SaveSessionInDB(user.ID, c)
 
-		c.Redirect(http.StatusTemporaryRedirect, claim.RedirectURL)
+		c.Redirect(http.StatusTemporaryRedirect, claim["redirect_url"].(string))
 	}
 }
diff --git a/server/resolvers/is_valid_jwt.go b/server/resolvers/is_valid_jwt.go
@@ -26,7 +26,7 @@ func IsValidJwtResolver(ctx context.Context, params *model.IsValidJWTQueryInput)
 		}
 	}
 
-	claims, err := tokenHelper.VerifyJWTToken(token)
+	claims, err := tokenHelper.ParseJWTToken(token)
 	if err != nil {
 		return nil, err
 	}
diff --git a/server/resolvers/logout.go b/server/resolvers/logout.go
@@ -38,7 +38,7 @@ func LogoutResolver(ctx context.Context) (*model.Response, error) {
 	fingerPrint := string(decryptedFingerPrint)
 
 	// verify refresh token and fingerprint
-	claims, err := token.VerifyJWTToken(refreshToken)
+	claims, err := token.ParseJWTToken(refreshToken)
 	if err != nil {
 		return res, err
 	}
diff --git a/server/resolvers/reset_password.go b/server/resolvers/reset_password.go
@@ -31,12 +31,12 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
 	}
 
 	// verify if token exists in db
-	claim, err := token.VerifyVerificationToken(params.Token)
+	claim, err := token.ParseJWTToken(params.Token)
 	if err != nil {
 		return res, fmt.Errorf(`invalid token`)
 	}
 
-	user, err := db.Provider.GetUserByEmail(claim.Email)
+	user, err := db.Provider.GetUserByEmail(claim["email"].(string))
 	if err != nil {
 		return res, err
 	}
diff --git a/server/resolvers/session.go b/server/resolvers/session.go
@@ -41,7 +41,7 @@ func SessionResolver(ctx context.Context, params *model.SessionQueryInput) (*mod
 	fingerPrint := string(decryptedFingerPrint)
 
 	// verify refresh token and fingerprint
-	claims, err := token.VerifyJWTToken(refreshToken)
+	claims, err := token.ParseJWTToken(refreshToken)
 	if err != nil {
 		return res, err
 	}
diff --git a/server/resolvers/verify_email.go b/server/resolvers/verify_email.go
@@ -28,12 +28,12 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m
 	}
 
 	// verify if token exists in db
-	claim, err := token.VerifyVerificationToken(params.Token)
+	claim, err := token.ParseJWTToken(params.Token)
 	if err != nil {
 		return res, fmt.Errorf(`invalid token`)
 	}
 
-	user, err := db.Provider.GetUserByEmail(claim.Email)
+	user, err := db.Provider.GetUserByEmail(claim["email"].(string))
 	if err != nil {
 		return res, err
 	}
diff --git a/server/token/auth_token.go b/server/token/auth_token.go
@@ -62,7 +62,6 @@ func CreateAuthToken(user models.User, roles []string) (*Token, error) {
 
 // CreateRefreshToken util to create JWT token
 func CreateRefreshToken(user models.User, roles []string) (string, int64, error) {
-	t := jwt.New(jwt.GetSigningMethod(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)))
 	// expires in 1 year
 	expiryBound := time.Hour * 8760
 	expiresAt := time.Now().Add(expiryBound).Unix()
@@ -75,8 +74,7 @@ func CreateRefreshToken(user models.User, roles []string) (string, int64, error)
 		"id":         user.ID,
 	}
 
-	t.Claims = customClaims
-	token, err := t.SignedString([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))
+	token, err := SignJWTToken(customClaims)
 	if err != nil {
 		return "", 0, err
 	}
@@ -86,9 +84,7 @@ func CreateRefreshToken(user models.User, roles []string) (string, int64, error)
 // CreateAccessToken util to create JWT token, based on
 // user information, roles config and CUSTOM_ACCESS_TOKEN_SCRIPT
 func CreateAccessToken(user models.User, roles []string) (string, int64, error) {
-	t := jwt.New(jwt.GetSigningMethod(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtType)))
 	expiryBound := time.Minute * 30
-
 	expiresAt := time.Now().Add(expiryBound).Unix()
 
 	resUser := user.AsAPIUser()
@@ -141,9 +137,7 @@ func CreateAccessToken(user models.User, roles []string) (string, int64, error)
 		}
 	}
 
-	t.Claims = customClaims
-
-	token, err := t.SignedString([]byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)))
+	token, err := SignJWTToken(customClaims)
 	if err != nil {
 		return "", 0, err
 	}
@@ -187,43 +181,13 @@ func GetFingerPrint(gc *gin.Context) (string, error) {
 	return fingerPrint, nil
 }
 
-// VerifyJWTToken helps in verifying the JWT token
-func VerifyJWTToken(token string) (map[string]interface{}, error) {
-	var res map[string]interface{}
-	claims := jwt.MapClaims{}
-
-	t, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
-		return []byte(envstore.EnvInMemoryStoreObj.GetStringStoreEnvVariable(constants.EnvKeyJwtSecret)), nil
-	})
-	if err != nil {
-		return res, err
-	}
-
-	if !t.Valid {
-		return res, fmt.Errorf(`invalid token`)
-	}
-
-	// claim parses exp & iat into float 64 with e^10,
-	// but we expect it to be int64
-	// hence we need to assert interface and convert to int64
-	intExp := int64(claims["exp"].(float64))
-	intIat := int64(claims["iat"].(float64))
-
-	data, _ := json.Marshal(claims)
-	json.Unmarshal(data, &res)
-	res["exp"] = intExp
-	res["iat"] = intIat
-
-	return res, nil
-}
-
 func ValidateAccessToken(gc *gin.Context) (map[string]interface{}, error) {
 	token, err := GetAccessToken(gc)
 	if err != nil {
 		return nil, err
 	}
 
-	claims, err := VerifyJWTToken(token)
+	claims, err := ParseJWTToken(token)
 	if err != nil {
 		return nil, err
 	}
diff --git a/server/token/jwt.go b/server/token/jwt.go
diff --git a/server/token/verification_token.go b/server/token/verification_token.go

Original file line number	Diff line number	Diff line change
`@@ -19,7 +19,7 @@ func InitEnv() {`
`19`	`19`	`envData := envstore.EnvInMemoryStoreObj.GetEnvStoreClone()`
`20`	`20`
`21`	`21`	`if envData.StringEnv[constants.EnvKeyEnv] == "" {`
`22`		`- envData.StringEnv[constants.EnvKeyEnv] = os.Getenv("ENV")`
	`22`	`+ envData.StringEnv[constants.EnvKeyEnv] = os.Getenv(constants.EnvKeyEnv)`
`23`	`23`	`if envData.StringEnv[constants.EnvKeyEnv] == "" {`
`24`	`24`	`envData.StringEnv[constants.EnvKeyEnv] = "production"`
`25`	`25`	`}`
`@@ -50,18 +50,18 @@ func InitEnv() {`
`50`	`50`	`}`
`51`	`51`
`52`	`52`	`if envData.StringEnv[constants.EnvKeyPort] == "" {`
`53`		`- envData.StringEnv[constants.EnvKeyPort] = os.Getenv("PORT")`
	`53`	`+ envData.StringEnv[constants.EnvKeyPort] = os.Getenv(constants.EnvKeyPort)`
`54`	`54`	`if envData.StringEnv[constants.EnvKeyPort] == "" {`
`55`	`55`	`envData.StringEnv[constants.EnvKeyPort] = "8080"`
`56`	`56`	`}`
`57`	`57`	`}`
`58`	`58`
`59`	`59`	`if envData.StringEnv[constants.EnvKeyAdminSecret] == "" {`
`60`		`- envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv("ADMIN_SECRET")`
	`60`	`+ envData.StringEnv[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret)`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`if envData.StringEnv[constants.EnvKeyDatabaseType] == "" {`
`64`		`- envData.StringEnv[constants.EnvKeyDatabaseType] = os.Getenv("DATABASE_TYPE")`
	`64`	`+ envData.StringEnv[constants.EnvKeyDatabaseType] = os.Getenv(constants.EnvKeyDatabaseType)`
`65`	`65`
`66`	`66`	`if envstore.ARG_DB_TYPE != nil && *envstore.ARG_DB_TYPE != "" {`
`67`	`67`	`envData.StringEnv[constants.EnvKeyDatabaseType] = *envstore.ARG_DB_TYPE`
`@@ -73,7 +73,7 @@ func InitEnv() {`
`73`	`73`	`}`
`74`	`74`
`75`	`75`	`if envData.StringEnv[constants.EnvKeyDatabaseURL] == "" {`
`76`		`- envData.StringEnv[constants.EnvKeyDatabaseURL] = os.Getenv("DATABASE_URL")`
	`76`	`+ envData.StringEnv[constants.EnvKeyDatabaseURL] = os.Getenv(constants.EnvKeyDatabaseURL)`
`77`	`77`
`78`	`78`	`if envstore.ARG_DB_URL != nil && *envstore.ARG_DB_URL != "" {`
`79`	`79`	`envData.StringEnv[constants.EnvKeyDatabaseURL] = *envstore.ARG_DB_URL`
`@@ -85,97 +85,105 @@ func InitEnv() {`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`if envData.StringEnv[constants.EnvKeyDatabaseName] == "" {`
`88`		`- envData.StringEnv[constants.EnvKeyDatabaseName] = os.Getenv("DATABASE_NAME")`
	`88`	`+ envData.StringEnv[constants.EnvKeyDatabaseName] = os.Getenv(constants.EnvKeyDatabaseName)`
`89`	`89`	`if envData.StringEnv[constants.EnvKeyDatabaseName] == "" {`
`90`	`90`	`envData.StringEnv[constants.EnvKeyDatabaseName] = "authorizer"`
`91`	`91`	`}`
`92`	`92`	`}`
`93`	`93`
`94`	`94`	`if envData.StringEnv[constants.EnvKeySmtpHost] == "" {`
`95`		`- envData.StringEnv[constants.EnvKeySmtpHost] = os.Getenv("SMTP_HOST")`
	`95`	`+ envData.StringEnv[constants.EnvKeySmtpHost] = os.Getenv(constants.EnvKeySmtpHost)`
`96`	`96`	`}`
`97`	`97`
`98`	`98`	`if envData.StringEnv[constants.EnvKeySmtpPort] == "" {`
`99`		`- envData.StringEnv[constants.EnvKeySmtpPort] = os.Getenv("SMTP_PORT")`
	`99`	`+ envData.StringEnv[constants.EnvKeySmtpPort] = os.Getenv(constants.EnvKeySmtpPort)`
`100`	`100`	`}`
`101`	`101`
`102`	`102`	`if envData.StringEnv[constants.EnvKeySmtpUsername] == "" {`
`103`		`- envData.StringEnv[constants.EnvKeySmtpUsername] = os.Getenv("SMTP_USERNAME")`
	`103`	`+ envData.StringEnv[constants.EnvKeySmtpUsername] = os.Getenv(constants.EnvKeySmtpUsername)`
`104`	`104`	`}`
`105`	`105`
`106`	`106`	`if envData.StringEnv[constants.EnvKeySmtpPassword] == "" {`
`107`		`- envData.StringEnv[constants.EnvKeySmtpPassword] = os.Getenv("SMTP_PASSWORD")`
	`107`	`+ envData.StringEnv[constants.EnvKeySmtpPassword] = os.Getenv(constants.EnvKeySmtpPassword)`
`108`	`108`	`}`
`109`	`109`
`110`	`110`	`if envData.StringEnv[constants.EnvKeySenderEmail] == "" {`
`111`		`- envData.StringEnv[constants.EnvKeySenderEmail] = os.Getenv("SENDER_EMAIL")`
	`111`	`+ envData.StringEnv[constants.EnvKeySenderEmail] = os.Getenv(constants.EnvKeySenderEmail)`
`112`	`112`	`}`
`113`	`113`
`114`	`114`	`if envData.StringEnv[constants.EnvKeyJwtSecret] == "" {`
`115`		`- envData.StringEnv[constants.EnvKeyJwtSecret] = os.Getenv("JWT_SECRET")`
	`115`	`+ envData.StringEnv[constants.EnvKeyJwtSecret] = os.Getenv(constants.EnvKeyJwtSecret)`
`116`	`116`	`if envData.StringEnv[constants.EnvKeyJwtSecret] == "" {`
`117`	`117`	`envData.StringEnv[constants.EnvKeyJwtSecret] = uuid.New().String()`
`118`	`118`	`}`
`119`	`119`	`}`
`120`	`120`
	`121`	`+ if envData.StringEnv[constants.EnvKeyJwtPrivateKey] == "" {`
	`122`	`+ envData.StringEnv[constants.EnvKeyJwtPrivateKey] = os.Getenv(constants.EnvKeyJwtPrivateKey)`
	`123`	`+ }`
	`124`	`+`
	`125`	`+ if envData.StringEnv[constants.EnvKeyJwtPublicKey] == "" {`
	`126`	`+ envData.StringEnv[constants.EnvKeyJwtPublicKey] = os.Getenv(constants.EnvKeyJwtPublicKey)`
	`127`	`+ }`
	`128`	`+`
`121`	`129`	`if envData.StringEnv[constants.EnvKeyJwtType] == "" {`
`122`		`- envData.StringEnv[constants.EnvKeyJwtType] = os.Getenv("JWT_TYPE")`
	`130`	`+ envData.StringEnv[constants.EnvKeyJwtType] = os.Getenv(constants.EnvKeyJwtType)`
`123`	`131`	`if envData.StringEnv[constants.EnvKeyJwtType] == "" {`
`124`	`132`	`envData.StringEnv[constants.EnvKeyJwtType] = "HS256"`
`125`	`133`	`}`
`126`	`134`	`}`
`127`	`135`
`128`	`136`	`if envData.StringEnv[constants.EnvKeyJwtRoleClaim] == "" {`
`129`		`- envData.StringEnv[constants.EnvKeyJwtRoleClaim] = os.Getenv("JWT_ROLE_CLAIM")`
	`137`	`+ envData.StringEnv[constants.EnvKeyJwtRoleClaim] = os.Getenv(constants.EnvKeyJwtRoleClaim)`
`130`	`138`
`131`	`139`	`if envData.StringEnv[constants.EnvKeyJwtRoleClaim] == "" {`
`132`	`140`	`envData.StringEnv[constants.EnvKeyJwtRoleClaim] = "role"`
`133`	`141`	`}`
`134`	`142`	`}`
`135`	`143`
`136`	`144`	`if envData.StringEnv[constants.EnvKeyRedisURL] == "" {`
`137`		`- envData.StringEnv[constants.EnvKeyRedisURL] = os.Getenv("REDIS_URL")`
	`145`	`+ envData.StringEnv[constants.EnvKeyRedisURL] = os.Getenv(constants.EnvKeyRedisURL)`
`138`	`146`	`}`
`139`	`147`
`140`	`148`	`if envData.StringEnv[constants.EnvKeyCookieName] == "" {`
`141`		`- envData.StringEnv[constants.EnvKeyCookieName] = os.Getenv("COOKIE_NAME")`
	`149`	`+ envData.StringEnv[constants.EnvKeyCookieName] = os.Getenv(constants.EnvKeyCookieName)`
`142`	`150`	`if envData.StringEnv[constants.EnvKeyCookieName] == "" {`
`143`	`151`	`envData.StringEnv[constants.EnvKeyCookieName] = "authorizer"`
`144`	`152`	`}`
`145`	`153`	`}`
`146`	`154`
`147`	`155`	`if envData.StringEnv[constants.EnvKeyGoogleClientID] == "" {`
`148`		`- envData.StringEnv[constants.EnvKeyGoogleClientID] = os.Getenv("GOOGLE_CLIENT_ID")`
	`156`	`+ envData.StringEnv[constants.EnvKeyGoogleClientID] = os.Getenv(constants.EnvKeyGoogleClientID)`
`149`	`157`	`}`
`150`	`158`
`151`	`159`	`if envData.StringEnv[constants.EnvKeyGoogleClientSecret] == "" {`
`152`		`- envData.StringEnv[constants.EnvKeyGoogleClientSecret] = os.Getenv("GOOGLE_CLIENT_SECRET")`
	`160`	`+ envData.StringEnv[constants.EnvKeyGoogleClientSecret] = os.Getenv(constants.EnvKeyGoogleClientSecret)`
`153`	`161`	`}`
`154`	`162`
`155`	`163`	`if envData.StringEnv[constants.EnvKeyGithubClientID] == "" {`
`156`		`- envData.StringEnv[constants.EnvKeyGithubClientID] = os.Getenv("GITHUB_CLIENT_ID")`
	`164`	`+ envData.StringEnv[constants.EnvKeyGithubClientID] = os.Getenv(constants.EnvKeyGithubClientID)`
`157`	`165`	`}`
`158`	`166`
`159`	`167`	`if envData.StringEnv[constants.EnvKeyGithubClientSecret] == "" {`
`160`		`- envData.StringEnv[constants.EnvKeyGithubClientSecret] = os.Getenv("GITHUB_CLIENT_SECRET")`
	`168`	`+ envData.StringEnv[constants.EnvKeyGithubClientSecret] = os.Getenv(constants.EnvKeyGithubClientSecret)`
`161`	`169`	`}`
`162`	`170`
`163`	`171`	`if envData.StringEnv[constants.EnvKeyFacebookClientID] == "" {`
`164`		`- envData.StringEnv[constants.EnvKeyFacebookClientID] = os.Getenv("FACEBOOK_CLIENT_ID")`
	`172`	`+ envData.StringEnv[constants.EnvKeyFacebookClientID] = os.Getenv(constants.EnvKeyFacebookClientID)`
`165`	`173`	`}`
`166`	`174`
`167`	`175`	`if envData.StringEnv[constants.EnvKeyFacebookClientSecret] == "" {`
`168`		`- envData.StringEnv[constants.EnvKeyFacebookClientSecret] = os.Getenv("FACEBOOK_CLIENT_SECRET")`
	`176`	`+ envData.StringEnv[constants.EnvKeyFacebookClientSecret] = os.Getenv(constants.EnvKeyFacebookClientSecret)`
`169`	`177`	`}`
`170`	`178`
`171`	`179`	`if envData.StringEnv[constants.EnvKeyResetPasswordURL] == "" {`
`172`		`- envData.StringEnv[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(os.Getenv("RESET_PASSWORD_URL"), "/")`
	`180`	`+ envData.StringEnv[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(os.Getenv(constants.EnvKeyResetPasswordURL), "/")`
`173`	`181`	`}`
`174`	`182`
`175`		`- envData.BoolEnv[constants.EnvKeyDisableBasicAuthentication] = os.Getenv("DISABLE_BASIC_AUTHENTICATION") == "true"`
`176`		`- envData.BoolEnv[constants.EnvKeyDisableEmailVerification] = os.Getenv("DISABLE_EMAIL_VERIFICATION") == "true"`
`177`		`- envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = os.Getenv("DISABLE_MAGIC_LINK_LOGIN") == "true"`
`178`		`- envData.BoolEnv[constants.EnvKeyDisableLoginPage] = os.Getenv("DISABLE_LOGIN_PAGE") == "true"`
	`183`	`+ envData.BoolEnv[constants.EnvKeyDisableBasicAuthentication] = os.Getenv(constants.EnvKeyDisableBasicAuthentication) == "true"`
	`184`	`+ envData.BoolEnv[constants.EnvKeyDisableEmailVerification] = os.Getenv(constants.EnvKeyDisableEmailVerification) == "true"`
	`185`	`+ envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = os.Getenv(constants.EnvKeyDisableMagicLinkLogin) == "true"`
	`186`	`+ envData.BoolEnv[constants.EnvKeyDisableLoginPage] = os.Getenv(constants.EnvKeyDisableLoginPage) == "true"`
`179`	`187`
`180`	`188`	`// no need to add nil check as its already done above`
`181`	`189`	`if envData.StringEnv[constants.EnvKeySmtpHost] == "" \|\| envData.StringEnv[constants.EnvKeySmtpUsername] == "" \|\| envData.StringEnv[constants.EnvKeySmtpPassword] == "" \|\| envData.StringEnv[constants.EnvKeySenderEmail] == "" && envData.StringEnv[constants.EnvKeySmtpPort] == "" {`
`@@ -187,7 +195,7 @@ func InitEnv() {`
`187`	`195`	`envData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true`
`188`	`196`	`}`
`189`	`197`
`190`		`- allowedOriginsSplit := strings.Split(os.Getenv("ALLOWED_ORIGINS"), ",")`
	`198`	`+ allowedOriginsSplit := strings.Split(os.Getenv(constants.EnvKeyAllowedOrigins), ",")`
`191`	`199`	`allowedOrigins := []string{}`
`192`	`200`	`hasWildCard := false`
`193`	`201`
`@@ -215,22 +223,22 @@ func InitEnv() {`
`215`	`223`
`216`	`224`	`envData.SliceEnv[constants.EnvKeyAllowedOrigins] = allowedOrigins`
`217`	`225`
`218`		`- rolesEnv := strings.TrimSpace(os.Getenv("ROLES"))`
	`226`	`+ rolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyRoles))`
`219`	`227`	`rolesSplit := strings.Split(rolesEnv, ",")`
`220`	`228`	`roles := []string{}`
`221`	`229`	`if len(rolesEnv) == 0 {`
`222`	`230`	`roles = []string{"user"}`
`223`	`231`	`}`
`224`	`232`
`225`		`- defaultRolesEnv := strings.TrimSpace(os.Getenv("DEFAULT_ROLES"))`
	`233`	`+ defaultRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyDefaultRoles))`
`226`	`234`	`defaultRoleSplit := strings.Split(defaultRolesEnv, ",")`
`227`	`235`	`defaultRoles := []string{}`
`228`	`236`
`229`	`237`	`if len(defaultRolesEnv) == 0 {`
`230`	`238`	`defaultRoles = []string{"user"}`
`231`	`239`	`}`
`232`	`240`
`233`		`- protectedRolesEnv := strings.TrimSpace(os.Getenv("PROTECTED_ROLES"))`
	`241`	`+ protectedRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyProtectedRoles))`
`234`	`242`	`protectedRolesSplit := strings.Split(protectedRolesEnv, ",")`
`235`	`243`	`protectedRoles := []string{}`
`236`	`244`
`@@ -259,12 +267,12 @@ func InitEnv() {`
`259`	`267`	`envData.SliceEnv[constants.EnvKeyDefaultRoles] = defaultRoles`
`260`	`268`	`envData.SliceEnv[constants.EnvKeyProtectedRoles] = protectedRoles`
`261`	`269`
`262`		`- if os.Getenv("ORGANIZATION_NAME") != "" {`
`263`		`- envData.StringEnv[constants.EnvKeyOrganizationName] = os.Getenv("ORGANIZATION_NAME")`
	`270`	`+ if os.Getenv(constants.EnvKeyOrganizationName) != "" {`
	`271`	`+ envData.StringEnv[constants.EnvKeyOrganizationName] = os.Getenv(constants.EnvKeyOrganizationName)`
`264`	`272`	`}`
`265`	`273`
`266`		`- if os.Getenv("ORGANIZATION_LOGO") != "" {`
`267`		`- envData.StringEnv[constants.EnvKeyOrganizationLogo] = os.Getenv("ORGANIZATION_LOGO")`
	`274`	`+ if os.Getenv(constants.EnvKeyOrganizationLogo) != "" {`
	`275`	`+ envData.StringEnv[constants.EnvKeyOrganizationLogo] = os.Getenv(constants.EnvKeyOrganizationLogo)`
`268`	`276`	`}`
`269`	`277`
`270`	`278`	`envstore.EnvInMemoryStoreObj.UpdateEnvStore(envData)`
Original file line number	Diff line number	Diff line change
`@@ -33,13 +33,13 @@ func VerifyEmailHandler() gin.HandlerFunc {`
`33`	`33`	`}`
`34`	`34`
`35`	`35`	`// verify if token exists in db`
`36`		`- claim, err := token.VerifyVerificationToken(tokenInQuery)`
	`36`	`+ claim, err := token.ParseJWTToken(tokenInQuery)`
`37`	`37`	`if err != nil {`
`38`	`38`	`c.JSON(400, errorRes)`
`39`	`39`	`return`
`40`	`40`	`}`
`41`	`41`
`42`		`- user, err := db.Provider.GetUserByEmail(claim.Email)`
	`42`	`+ user, err := db.Provider.GetUserByEmail(claim["email"].(string))`
`43`	`43`	`if err != nil {`
`44`	`44`	`c.JSON(400, gin.H{`
`45`	`45`	`"message": err.Error(),`
`@@ -68,6 +68,6 @@ func VerifyEmailHandler() gin.HandlerFunc {`
`68`	`68`	`cookie.SetCookie(c, authToken.AccessToken.Token, authToken.RefreshToken.Token, authToken.FingerPrintHash)`
`69`	`69`	`utils.SaveSessionInDB(user.ID, c)`
`70`	`70`
`71`		`- c.Redirect(http.StatusTemporaryRedirect, claim.RedirectURL)`
	`71`	`+ c.Redirect(http.StatusTemporaryRedirect, claim["redirect_url"].(string))`
`72`	`72`	`}`
`73`	`73`	`}`
Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,7 @@ func IsValidJwtResolver(ctx context.Context, params *model.IsValidJWTQueryInput)`
`26`	`26`	`}`
`27`	`27`	`}`
`28`	`28`
`29`		`- claims, err := tokenHelper.VerifyJWTToken(token)`
	`29`	`+ claims, err := tokenHelper.ParseJWTToken(token)`
`30`	`30`	`if err != nil {`
`31`	`31`	`return nil, err`
`32`	`32`	`}`
Original file line number	Diff line number	Diff line change
`@@ -38,7 +38,7 @@ func LogoutResolver(ctx context.Context) (*model.Response, error) {`
`38`	`38`	`fingerPrint := string(decryptedFingerPrint)`
`39`	`39`
`40`	`40`	`// verify refresh token and fingerprint`
`41`		`- claims, err := token.VerifyJWTToken(refreshToken)`
	`41`	`+ claims, err := token.ParseJWTToken(refreshToken)`
`42`	`42`	`if err != nil {`
`43`	`43`	`return res, err`
`44`	`44`	`}`
Original file line number	Diff line number	Diff line change
`@@ -31,12 +31,12 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)`
`31`	`31`	`}`
`32`	`32`
`33`	`33`	`// verify if token exists in db`
`34`		`- claim, err := token.VerifyVerificationToken(params.Token)`
	`34`	`+ claim, err := token.ParseJWTToken(params.Token)`
`35`	`35`	`if err != nil {`
`36`	`36`	return res, fmt.Errorf(`invalid token`)
`37`	`37`	`}`
`38`	`38`
`39`		`- user, err := db.Provider.GetUserByEmail(claim.Email)`
	`39`	`+ user, err := db.Provider.GetUserByEmail(claim["email"].(string))`
`40`	`40`	`if err != nil {`
`41`	`41`	`return res, err`
`42`	`42`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ func SessionResolver(ctx context.Context, params model.SessionQueryInput) (mod`
`41`	`41`	`fingerPrint := string(decryptedFingerPrint)`
`42`	`42`
`43`	`43`	`// verify refresh token and fingerprint`
`44`		`- claims, err := token.VerifyJWTToken(refreshToken)`
	`44`	`+ claims, err := token.ParseJWTToken(refreshToken)`
`45`	`45`	`if err != nil {`
`46`	`46`	`return res, err`
`47`	`47`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,12 +28,12 @@ func VerifyEmailResolver(ctx context.Context, params model.VerifyEmailInput) (*m`
`28`	`28`	`}`
`29`	`29`
`30`	`30`	`// verify if token exists in db`
`31`		`- claim, err := token.VerifyVerificationToken(params.Token)`
	`31`	`+ claim, err := token.ParseJWTToken(params.Token)`
`32`	`32`	`if err != nil {`
`33`	`33`	return res, fmt.Errorf(`invalid token`)
`34`	`34`	`}`
`35`	`35`
`36`		`- user, err := db.Provider.GetUserByEmail(claim.Email)`
	`36`	`+ user, err := db.Provider.GetUserByEmail(claim["email"].(string))`
`37`	`37`	`if err != nil {`
`38`	`38`	`return res, err`
`39`	`39`	`}`