fix: memory store upgrade in resolvers

2022-05-30 09:19:55 +05:30
parent 43359f1dba
commit 268b22ffb2
47 changed files with 397 additions and 270 deletions
--- a/server/resolvers/admin_login.go
+++ b/server/resolvers/admin_login.go
@@ -9,8 +9,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/utils"
 )

@@ -24,7 +24,11 @@ func AdminLoginResolver(ctx context.Context, params model.AdminLoginInput) (*mod
 		return res, err
 	}

-	adminSecret := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	if err != nil {
+		log.Debug("Error getting admin secret: ", err)
+		return res, err
+	}
 	if params.AdminSecret != adminSecret {
 		log.Debug("Admin secret is not correct")
 		return res, fmt.Errorf(`invalid admin secret`)
--- a/server/resolvers/admin_session.go
+++ b/server/resolvers/admin_session.go
@@ -9,8 +9,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -30,7 +30,12 @@ func AdminSessionResolver(ctx context.Context) (*model.Response, error) {
 		return res, fmt.Errorf("unauthorized")
 	}

-	hashedKey, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
+	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	if err != nil {
+		log.Debug("Error getting admin secret: ", err)
+		return res, fmt.Errorf("unauthorized")
+	}
+	hashedKey, err := crypto.EncryptPassword(adminSecret)
 	if err != nil {
 		log.Debug("Failed to encrypt key: ", err)
 		return res, err
--- a/server/resolvers/admin_signup.go
+++ b/server/resolvers/admin_signup.go
@@ -2,7 +2,6 @@ package resolvers

 import (
 	"context"
-	"encoding/json"
 	"fmt"
 	"strings"

@@ -12,8 +11,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/utils"
 )

@@ -39,7 +38,11 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
 		return res, err
 	}

-	adminSecret := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+	if err != nil {
+		log.Debug("Error getting admin secret: ", err)
+		adminSecret = ""
+	}

 	if adminSecret != "" {
 		log.Debug("Admin secret is already set")
@@ -47,18 +50,11 @@ func AdminSignupResolver(ctx context.Context, params model.AdminSignupInput) (*m
 		return res, err
 	}

-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyAdminSecret, params.AdminSecret)
+	memorystore.Provider.UpdateEnvVariable(constants.EnvKeyAdminSecret, params.AdminSecret)
 	// consvert EnvData to JSON
-	var storeData envstore.Store
-
-	jsonBytes, err := json.Marshal(envstore.EnvStoreObj.GetEnvStoreClone())
+	storeData, err := memorystore.Provider.GetEnvStore()
 	if err != nil {
-		log.Debug("Failed to marshal envstore: ", err)
-		return res, err
-	}
-
-	if err := json.Unmarshal(jsonBytes, &storeData); err != nil {
-		log.Debug("Failed to unmarshal envstore: ", err)
+		log.Debug("Error getting env store: ", err)
 		return res, err
 	}

--- a/server/resolvers/env.go
+++ b/server/resolvers/env.go
@@ -7,8 +7,8 @@ import (
 	log "github.com/sirupsen/logrus"

 	"github.com/authorizerdev/authorizer/server/constants"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -30,50 +30,57 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 	}

 	// get clone of store
-	store := envstore.EnvStoreObj.GetEnvStoreClone()
-	accessTokenExpiryTime := store.StringEnv[constants.EnvKeyAccessTokenExpiryTime]
-	adminSecret := store.StringEnv[constants.EnvKeyAdminSecret]
-	clientID := store.StringEnv[constants.EnvKeyClientID]
-	clientSecret := store.StringEnv[constants.EnvKeyClientSecret]
-	databaseURL := store.StringEnv[constants.EnvKeyDatabaseURL]
-	databaseName := store.StringEnv[constants.EnvKeyDatabaseName]
-	databaseType := store.StringEnv[constants.EnvKeyDatabaseType]
-	databaseUsername := store.StringEnv[constants.EnvKeyDatabaseUsername]
-	databasePassword := store.StringEnv[constants.EnvKeyDatabasePassword]
-	databaseHost := store.StringEnv[constants.EnvKeyDatabaseHost]
-	databasePort := store.StringEnv[constants.EnvKeyDatabasePort]
-	customAccessTokenScript := store.StringEnv[constants.EnvKeyCustomAccessTokenScript]
-	smtpHost := store.StringEnv[constants.EnvKeySmtpHost]
-	smtpPort := store.StringEnv[constants.EnvKeySmtpPort]
-	smtpUsername := store.StringEnv[constants.EnvKeySmtpUsername]
-	smtpPassword := store.StringEnv[constants.EnvKeySmtpPassword]
-	senderEmail := store.StringEnv[constants.EnvKeySenderEmail]
-	jwtType := store.StringEnv[constants.EnvKeyJwtType]
-	jwtSecret := store.StringEnv[constants.EnvKeyJwtSecret]
-	jwtRoleClaim := store.StringEnv[constants.EnvKeyJwtRoleClaim]
-	jwtPublicKey := store.StringEnv[constants.EnvKeyJwtPublicKey]
-	jwtPrivateKey := store.StringEnv[constants.EnvKeyJwtPrivateKey]
-	allowedOrigins := store.SliceEnv[constants.EnvKeyAllowedOrigins]
-	appURL := store.StringEnv[constants.EnvKeyAppURL]
-	redisURL := store.StringEnv[constants.EnvKeyRedisURL]
-	cookieName := store.StringEnv[constants.EnvKeyCookieName]
-	resetPasswordURL := store.StringEnv[constants.EnvKeyResetPasswordURL]
-	disableEmailVerification := store.BoolEnv[constants.EnvKeyDisableEmailVerification]
-	disableBasicAuthentication := store.BoolEnv[constants.EnvKeyDisableBasicAuthentication]
-	disableMagicLinkLogin := store.BoolEnv[constants.EnvKeyDisableMagicLinkLogin]
-	disableLoginPage := store.BoolEnv[constants.EnvKeyDisableLoginPage]
-	disableSignUp := store.BoolEnv[constants.EnvKeyDisableSignUp]
-	roles := store.SliceEnv[constants.EnvKeyRoles]
-	defaultRoles := store.SliceEnv[constants.EnvKeyDefaultRoles]
-	protectedRoles := store.SliceEnv[constants.EnvKeyProtectedRoles]
-	googleClientID := store.StringEnv[constants.EnvKeyGoogleClientID]
-	googleClientSecret := store.StringEnv[constants.EnvKeyGoogleClientSecret]
-	facebookClientID := store.StringEnv[constants.EnvKeyFacebookClientID]
-	facebookClientSecret := store.StringEnv[constants.EnvKeyFacebookClientSecret]
-	githubClientID := store.StringEnv[constants.EnvKeyGithubClientID]
-	githubClientSecret := store.StringEnv[constants.EnvKeyGithubClientSecret]
-	organizationName := store.StringEnv[constants.EnvKeyOrganizationName]
-	organizationLogo := store.StringEnv[constants.EnvKeyOrganizationLogo]
+	store, err := memorystore.Provider.GetEnvStore()
+	if err != nil {
+		log.Debug("Failed to get env store: ", err)
+		return res, err
+	}
+	accessTokenExpiryTime := store[constants.EnvKeyAccessTokenExpiryTime].(string)
+	adminSecret := store[constants.EnvKeyAdminSecret].(string)
+	clientID := store[constants.EnvKeyClientID].(string)
+	clientSecret := store[constants.EnvKeyClientSecret].(string)
+	databaseURL := store[constants.EnvKeyDatabaseURL].(string)
+	databaseName := store[constants.EnvKeyDatabaseName].(string)
+	databaseType := store[constants.EnvKeyDatabaseType].(string)
+	databaseUsername := store[constants.EnvKeyDatabaseUsername].(string)
+	databasePassword := store[constants.EnvKeyDatabasePassword].(string)
+	databaseHost := store[constants.EnvKeyDatabaseHost].(string)
+	databasePort := store[constants.EnvKeyDatabasePort].(string)
+	customAccessTokenScript := store[constants.EnvKeyCustomAccessTokenScript].(string)
+	smtpHost := store[constants.EnvKeySmtpHost].(string)
+	smtpPort := store[constants.EnvKeySmtpPort].(string)
+	smtpUsername := store[constants.EnvKeySmtpUsername].(string)
+	smtpPassword := store[constants.EnvKeySmtpPassword].(string)
+	senderEmail := store[constants.EnvKeySenderEmail].(string)
+	jwtType := store[constants.EnvKeyJwtType].(string)
+	jwtSecret := store[constants.EnvKeyJwtSecret].(string)
+	jwtRoleClaim := store[constants.EnvKeyJwtRoleClaim].(string)
+	jwtPublicKey := store[constants.EnvKeyJwtPublicKey].(string)
+	jwtPrivateKey := store[constants.EnvKeyJwtPrivateKey].(string)
+	appURL := store[constants.EnvKeyAppURL].(string)
+	redisURL := store[constants.EnvKeyRedisURL].(string)
+	resetPasswordURL := store[constants.EnvKeyResetPasswordURL].(string)
+	googleClientID := store[constants.EnvKeyGoogleClientID].(string)
+	googleClientSecret := store[constants.EnvKeyGoogleClientSecret].(string)
+	facebookClientID := store[constants.EnvKeyFacebookClientID].(string)
+	facebookClientSecret := store[constants.EnvKeyFacebookClientSecret].(string)
+	githubClientID := store[constants.EnvKeyGithubClientID].(string)
+	githubClientSecret := store[constants.EnvKeyGithubClientSecret].(string)
+	organizationName := store[constants.EnvKeyOrganizationName].(string)
+	organizationLogo := store[constants.EnvKeyOrganizationLogo].(string)
+
+	// string slice vars
+	allowedOrigins := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyAllowedOrigins])
+	roles := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyRoles])
+	defaultRoles := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyDefaultRoles])
+	protectedRoles := utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyProtectedRoles])
+
+	// bool vars
+	disableEmailVerification := store[constants.EnvKeyDisableEmailVerification].(bool)
+	disableBasicAuthentication := store[constants.EnvKeyDisableBasicAuthentication].(bool)
+	disableMagicLinkLogin := store[constants.EnvKeyDisableMagicLinkLogin].(bool)
+	disableLoginPage := store[constants.EnvKeyDisableLoginPage].(bool)
+	disableSignUp := store[constants.EnvKeyDisableSignUp].(bool)

 	if accessTokenExpiryTime == "" {
 		accessTokenExpiryTime = "30m"
@@ -105,7 +112,6 @@ func EnvResolver(ctx context.Context) (*model.Env, error) {
 		AllowedOrigins:             allowedOrigins,
 		AppURL:                     &appURL,
 		RedisURL:                   &redisURL,
-		CookieName:                 &cookieName,
 		ResetPasswordURL:           &resetPasswordURL,
 		DisableEmailVerification:   &disableEmailVerification,
 		DisableBasicAuthentication: &disableBasicAuthentication,
--- a/server/resolvers/forgot_password.go
+++ b/server/resolvers/forgot_password.go
@@ -12,8 +12,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -28,7 +28,12 @@ func ForgotPasswordResolver(ctx context.Context, params model.ForgotPasswordInpu
 		return res, err
 	}

-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+	if isBasicAuthDisabled {
 		log.Debug("Basic authentication is disabled")
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
--- a/server/resolvers/generate_jwt_keys.go
+++ b/server/resolvers/generate_jwt_keys.go
@@ -6,8 +6,8 @@ import (

 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/crypto"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 	log "github.com/sirupsen/logrus"
@@ -26,7 +26,11 @@ func GenerateJWTKeysResolver(ctx context.Context, params model.GenerateJWTKeysIn
 		return nil, fmt.Errorf("unauthorized")
 	}

-	clientID := envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	clientID, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyClientID)
+	if err != nil {
+		log.Debug("Error getting client id: ", err)
+		return nil, err
+	}
 	if crypto.IsHMACA(params.Type) {
 		secret, _, err := crypto.NewHMACKey(params.Type, clientID)
 		if err != nil {
--- a/server/resolvers/invite_members.go
+++ b/server/resolvers/invite_members.go
@@ -13,8 +13,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	emailservice "github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -33,12 +33,20 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	}

 	// this feature is only allowed if email server is configured
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
+	isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
+	if err != nil {
+		log.Debug("Error getting email verification disabled: ", err)
+		isEmailVerificationDisabled = true
+	}
+
+	if isEmailVerificationDisabled {
 		log.Debug("Email server is not configured")
 		return nil, errors.New("email sending is disabled")
 	}

-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) && envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
+	if isBasicAuthDisabled && isMagicLinkLoginDisabled {
 		log.Debug("Basic authentication and Magic link login is disabled.")
 		return nil, errors.New("either basic authentication or magic link login is required")
 	}
@@ -77,9 +85,13 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	// invite new emails
 	for _, email := range newEmails {

+		defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			log.Debug("Error getting default roles: ", err)
+		}
 		user := models.User{
 			Email: email,
-			Roles: strings.Join(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles), ","),
+			Roles: strings.Join(defaultRoles, ","),
 		}
 		hostname := utils.GetHost(gc)
 		verifyEmailURL := hostname + "/verify_email"
@@ -109,7 +121,7 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 		}

 		// use magic link login if that option is on
-		if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
+		if !isMagicLinkLoginDisabled {
 			user.SignupMethods = constants.SignupMethodMagicLinkLogin
 			verificationRequest.Identifier = constants.VerificationTypeMagicLinkLogin
 		} else {
--- a/server/resolvers/login.go
+++ b/server/resolvers/login.go
@@ -13,7 +13,6 @@ import (
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
@@ -30,7 +29,13 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		return res, err
 	}

-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
+	isBasiAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasiAuthDisabled = true
+	}
+
+	if isBasiAuthDisabled {
 		log.Debug("Basic authentication is disabled.")
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
@@ -66,7 +71,11 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		log.Debug("Failed to compare password: ", err)
 		return res, fmt.Errorf(`invalid password`)
 	}
-	roles := envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+
+	roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+	if err != nil {
+		log.Debug("Error getting default roles: ", err)
+	}
 	currentRoles := strings.Split(user.Roles, ",")
 	if len(params.Roles) > 0 {
 		if !utils.IsValidRoles(params.Roles, currentRoles) {
--- a/server/resolvers/magic_link_login.go
+++ b/server/resolvers/magic_link_login.go
@@ -12,8 +12,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -28,7 +28,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		return res, err
 	}

-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin) {
+	isMagicLinkLoginDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableMagicLinkLogin)
+	if err != nil {
+		log.Debug("Error getting magic link login disabled: ", err)
+		isMagicLinkLoginDisabled = true
+	}
+
+	if isMagicLinkLoginDisabled {
 		log.Debug("Magic link login is disabled.")
 		return res, fmt.Errorf(`magic link login is disabled for this instance`)
 	}
@@ -53,7 +59,11 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 	// find user with email
 	existingUser, err := db.Provider.GetUserByEmail(params.Email)
 	if err != nil {
-		if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
+		isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
+		if err != nil {
+			log.Debug("Error getting signup disabled: ", err)
+		}
+		if isSignupDisabled {
 			log.Debug("Signup is disabled.")
 			return res, fmt.Errorf(`signup is disabled for this instance`)
 		}
@@ -62,14 +72,24 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		// define roles for new user
 		if len(params.Roles) > 0 {
 			// check if roles exists
-			if !utils.IsValidRoles(params.Roles, envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles)) {
+			roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
+			if err != nil {
+				log.Debug("Error getting roles: ", err)
+				return res, err
+			}
+			if !utils.IsValidRoles(params.Roles, roles) {
 				log.Debug("Invalid roles: ", params.Roles)
 				return res, fmt.Errorf(`invalid roles`)
 			} else {
 				inputRoles = params.Roles
 			}
 		} else {
-			inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			if err != nil {
+				log.Debug("Error getting default roles: ", err)
+				return res, fmt.Errorf(`invalid roles`)
+			}
+
 		}

 		user.Roles = strings.Join(inputRoles, ",")
@@ -88,7 +108,11 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu

 		// find the unassigned roles
 		if len(params.Roles) <= 0 {
-			inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			if err != nil {
+				log.Debug("Error getting default roles: ", err)
+				return res, fmt.Errorf(`invalid default roles`)
+			}
 		}
 		existingRoles := strings.Split(existingUser.Roles, ",")
 		unasignedRoles := []string{}
@@ -101,8 +125,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		if len(unasignedRoles) > 0 {
 			// check if it contains protected unassigned role
 			hasProtectedRole := false
+			protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
+			if err != nil {
+				log.Debug("Error getting protected roles: ", err)
+				return res, err
+			}
 			for _, ur := range unasignedRoles {
-				if utils.StringSliceContains(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles), ur) {
+				if utils.StringSliceContains(protectedRoles, ur) {
 					hasProtectedRole = true
 				}
 			}
@@ -130,7 +159,12 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 	}

 	hostname := utils.GetHost(gc)
-	if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
+	isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
+	if err != nil {
+		log.Debug("Error getting email verification disabled: ", err)
+		isEmailVerificationDisabled = true
+	}
+	if !isEmailVerificationDisabled {
 		// insert verification request
 		_, nonceHash, err := utils.GenerateNonce()
 		if err != nil {
--- a/server/resolvers/reset_password.go
+++ b/server/resolvers/reset_password.go
@@ -11,8 +11,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
@@ -26,7 +26,13 @@ func ResetPasswordResolver(ctx context.Context, params model.ResetPasswordInput)
 		log.Debug("Failed to get GinContext: ", err)
 		return res, err
 	}
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
+
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+	if isBasicAuthDisabled {
 		log.Debug("Basic authentication is disabled")
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
--- a/server/resolvers/signup.go
+++ b/server/resolvers/signup.go
@@ -14,7 +14,6 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
@@ -31,12 +30,23 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 		return res, err
 	}

-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp) {
+	isSignupDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableSignUp)
+	if err != nil {
+		log.Debug("Error getting signup disabled: ", err)
+		isSignupDisabled = true
+	}
+	if isSignupDisabled {
 		log.Debug("Signup is disabled")
 		return res, fmt.Errorf(`signup is disabled for this instance`)
 	}

-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication) {
+	isBasicAuthDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableBasicAuthentication)
+	if err != nil {
+		log.Debug("Error getting basic auth disabled: ", err)
+		isBasicAuthDisabled = true
+	}
+
+	if isBasicAuthDisabled {
 		log.Debug("Basic authentication is disabled")
 		return res, fmt.Errorf(`basic authentication is disabled for this instance`)
 	}
@@ -80,14 +90,23 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR

 	if len(params.Roles) > 0 {
 		// check if roles exists
-		if !utils.IsValidRoles(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), params.Roles) {
+		roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
+		if err != nil {
+			log.Debug("Error getting roles: ", err)
+			return res, err
+		}
+		if !utils.IsValidRoles(roles, params.Roles) {
 			log.Debug("Invalid roles: ", params.Roles)
 			return res, fmt.Errorf(`invalid roles`)
 		} else {
 			inputRoles = params.Roles
 		}
 	} else {
-		inputRoles = envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		if err != nil {
+			log.Debug("Error getting default roles: ", err)
+			return res, err
+		}
 	}

 	user := models.User{
@@ -132,7 +151,12 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 	}

 	user.SignupMethods = constants.SignupMethodBasicAuth
-	if envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
+	isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
+	if err != nil {
+		log.Debug("Error getting email verification disabled: ", err)
+		isEmailVerificationDisabled = true
+	}
+	if isEmailVerificationDisabled {
 		now := time.Now().Unix()
 		user.EmailVerifiedAt = &now
 	}
@@ -145,7 +169,7 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 	userToReturn := user.AsAPIUser()

 	hostname := utils.GetHost(gc)
-	if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
+	if !isEmailVerificationDisabled {
 		// insert verification request
 		_, nonceHash, err := utils.GenerateNonce()
 		if err != nil {
--- a/server/resolvers/update_env.go
+++ b/server/resolvers/update_env.go
@@ -13,8 +13,8 @@ import (
 	"github.com/authorizerdev/authorizer/server/cookie"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/db"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
+	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/oauth"
 	"github.com/authorizerdev/authorizer/server/token"
 	"github.com/authorizerdev/authorizer/server/utils"
@@ -36,10 +36,14 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
 		return res, fmt.Errorf("unauthorized")
 	}

-	updatedData := envstore.EnvStoreObj.GetEnvStoreClone()
+	updatedData, err := memorystore.Provider.GetEnvStore()
+	if err != nil {
+		log.Debug("Failed to get env store: ", err)
+		return res, err
+	}

 	isJWTUpdated := false
-	algo := updatedData.StringEnv[constants.EnvKeyJwtType]
+	algo := updatedData[constants.EnvKeyJwtType].(string)
 	if params.JwtType != nil {
 		algo = *params.JwtType
 		if !crypto.IsHMACA(algo) && !crypto.IsECDSA(algo) && !crypto.IsRSA(algo) {
@@ -47,7 +51,7 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
 			return res, fmt.Errorf("invalid jwt type")
 		}

-		updatedData.StringEnv[constants.EnvKeyJwtType] = algo
+		updatedData[constants.EnvKeyJwtType] = algo
 		isJWTUpdated = true
 	}

@@ -135,8 +139,12 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
 			log.Debug("Old admin secret is required for admin secret update")
 			return res, errors.New("admin secret and old admin secret are required for secret change")
 		}
-
-		if *params.OldAdminSecret != envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret) {
+		oldAdminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+		if err != nil {
+			log.Debug("Failed to get old admin secret: ", err)
+			return res, err
+		}
+		if *params.OldAdminSecret != oldAdminSecret {
 			log.Debug("Old admin secret is invalid")
 			return res, errors.New("old admin secret is not correct")
 		}
@@ -154,31 +162,31 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
 			fieldType := reflect.TypeOf(value).String()

 			if fieldType == "string" {
-				updatedData.StringEnv[key] = value.(string)
+				updatedData[key] = value.(string)
 			}

 			if fieldType == "bool" {
-				updatedData.BoolEnv[key] = value.(bool)
+				updatedData[key] = value.(bool)
 			}
 			if fieldType == "[]interface {}" {
 				stringArr := []string{}
 				for _, v := range value.([]interface{}) {
 					stringArr = append(stringArr, v.(string))
 				}
-				updatedData.SliceEnv[key] = stringArr
+				updatedData[key] = stringArr
 			}
 		}
 	}

 	// handle derivative cases like disabling email verification & magic login
 	// in case SMTP is off but env is set to true
-	if updatedData.StringEnv[constants.EnvKeySmtpHost] == "" || updatedData.StringEnv[constants.EnvKeySmtpUsername] == "" || updatedData.StringEnv[constants.EnvKeySmtpPassword] == "" || updatedData.StringEnv[constants.EnvKeySenderEmail] == "" && updatedData.StringEnv[constants.EnvKeySmtpPort] == "" {
-		if !updatedData.BoolEnv[constants.EnvKeyDisableEmailVerification] {
-			updatedData.BoolEnv[constants.EnvKeyDisableEmailVerification] = true
+	if updatedData[constants.EnvKeySmtpHost] == "" || updatedData[constants.EnvKeySmtpUsername] == "" || updatedData[constants.EnvKeySmtpPassword] == "" || updatedData[constants.EnvKeySenderEmail] == "" && updatedData[constants.EnvKeySmtpPort] == "" {
+		if !updatedData[constants.EnvKeyDisableEmailVerification].(bool) {
+			updatedData[constants.EnvKeyDisableEmailVerification] = true
 		}

-		if !updatedData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] {
-			updatedData.BoolEnv[constants.EnvKeyDisableMagicLinkLogin] = true
+		if !updatedData[constants.EnvKeyDisableMagicLinkLogin].(bool) {
+			updatedData[constants.EnvKeyDisableMagicLinkLogin] = true
 		}
 	}

@@ -205,14 +213,18 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
 	}

 	// Update local store
-	envstore.EnvStoreObj.UpdateEnvStore(updatedData)
+	memorystore.Provider.UpdateEnvStore(updatedData)
 	jwk, err := crypto.GenerateJWKBasedOnEnv()
 	if err != nil {
 		log.Debug("Failed to generate JWK: ", err)
 		return res, err
 	}
 	// updating jwk
-	envstore.EnvStoreObj.UpdateEnvVariable(constants.StringStoreIdentifier, constants.EnvKeyJWK, jwk)
+	err = memorystore.Provider.UpdateEnvVariable(constants.EnvKeyJWK, jwk)
+	if err != nil {
+		log.Debug("Failed to update JWK: ", err)
+		return res, err
+	}

 	// TODO check how to update session store based on env change.
 	// err = sessionstore.InitSession()
@@ -233,7 +245,12 @@ func UpdateEnvResolver(ctx context.Context, params model.UpdateEnvInput) (*model
 	}

 	if params.AdminSecret != nil {
-		hashedKey, err := crypto.EncryptPassword(envstore.EnvStoreObj.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret))
+		adminSecret, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAdminSecret)
+		if err != nil {
+			log.Debug("Failed to get admin secret: ", err)
+			return res, err
+		}
+		hashedKey, err := crypto.EncryptPassword(adminSecret)
 		if err != nil {
 			log.Debug("Failed to encrypt admin secret: ", err)
 			return res, err
--- a/server/resolvers/update_profile.go
+++ b/server/resolvers/update_profile.go
@@ -14,7 +14,6 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
@@ -145,7 +144,12 @@ func UpdateProfileResolver(ctx context.Context, params model.UpdateProfileInput)
 		go cookie.DeleteSession(gc)

 		user.Email = newEmail
-		if !envstore.EnvStoreObj.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification) {
+		isEmailVerificationDisabled, err := memorystore.Provider.GetBoolStoreEnvVariable(constants.EnvKeyDisableEmailVerification)
+		if err != nil {
+			log.Debug("Failed to get disable email verification env variable: ", err)
+			return res, err
+		}
+		if !isEmailVerificationDisabled {
 			hostname := utils.GetHost(gc)
 			user.EmailVerifiedAt = nil
 			hasEmailChanged = true
--- a/server/resolvers/update_user.go
+++ b/server/resolvers/update_user.go
@@ -12,7 +12,6 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/email"
-	"github.com/authorizerdev/authorizer/server/envstore"
 	"github.com/authorizerdev/authorizer/server/graph/model"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"github.com/authorizerdev/authorizer/server/token"
@@ -155,7 +154,16 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 			inputRoles = append(inputRoles, *item)
 		}

-		if !utils.IsValidRoles(inputRoles, append([]string{}, append(envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyRoles), envstore.EnvStoreObj.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)...)...)) {
+		roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
+		if err != nil {
+			log.Debug("Error getting roles: ", err)
+		}
+		protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
+		if err != nil {
+			log.Debug("Error getting protected roles: ", err)
+		}
+
+		if !utils.IsValidRoles(inputRoles, append([]string{}, append(roles, protectedRoles...)...)) {
 			log.Debug("Invalid roles: ", params.Roles)
 			return res, fmt.Errorf("invalid list of roles")
 		}