fix: slice envs

.env.sample

@@ -1,3 +1,4 @@
+ENV=production
 DATABASE_URL=data.db
 DATABASE_TYPE=sqlite
 CUSTOM_ACCESS_TOKEN_SCRIPT="function(user,tokenPayload){var data = tokenPayload;data.extra = {'x-extra-id': user.id};return data;}"

.env.test

@@ -0,0 +1,9 @@
+ENV=test
+DATABASE_URL=test.db
+DATABASE_TYPE=sqlite
+CUSTOM_ACCESS_TOKEN_SCRIPT="function(user,tokenPayload){var data = tokenPayload;data.extra = {'x-extra-id': user.id};return data;}"
+SMTP_HOST=smtp.mailtrap.io
+SMTP_PORT=2525
+SMTP_USERNAME=test
+SMTP_PASSWORD=test
+SENDER_EMAIL="info@authorizer.dev"

.gitignore

@@ -8,6 +8,7 @@ dashboard/build
 build
 .env
 data.db
+test.db
 .DS_Store
 .env.local
 *.tar.gz

Makefile

@@ -10,7 +10,7 @@ build-dashboard:
 clean:
 	rm -rf build
 test:
-	cd server && go clean --testcache && go test -v ./test
+	rm -rf server/test/test.db && rm -rf test.db && cd server && go clean --testcache && go test -v ./test
 generate:
 	cd server && go get github.com/99designs/gqlgen/cmd@v0.14.0 && go run github.com/99designs/gqlgen generate
 	

server/cli/cli.go

@@ -9,4 +9,6 @@ var (
 	ARG_ENV_FILE *string
 	// ARG_LOG_LEVEL is the cli arg variable for the log level
 	ARG_LOG_LEVEL *string
+	// ARG_REDIS_URL is the cli arg variable for the redis url
+	ARG_REDIS_URL *string
 )

server/constants/env.go

@@ -19,7 +19,6 @@ const (
 	EnvKeyAuthorizerURL = "AUTHORIZER_URL"
 	// EnvKeyPort key for env variable PORT
 	EnvKeyPort = "PORT"
-
 	// EnvKeyAccessTokenExpiryTime key for env variable ACCESS_TOKEN_EXPIRY_TIME
 	EnvKeyAccessTokenExpiryTime = "ACCESS_TOKEN_EXPIRY_TIME"
 	// EnvKeyAdminSecret key for env variable ADMIN_SECRET
@@ -62,30 +61,12 @@ const (
 	EnvKeyJwtPrivateKey = "JWT_PRIVATE_KEY"
 	// EnvKeyJwtPublicKey key for env variable JWT_PUBLIC_KEY
 	EnvKeyJwtPublicKey = "JWT_PUBLIC_KEY"
-	// EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS
-	EnvKeyAllowedOrigins = "ALLOWED_ORIGINS"
 	// EnvKeyAppURL key for env variable APP_URL
 	EnvKeyAppURL = "APP_URL"
 	// EnvKeyRedisURL key for env variable REDIS_URL
 	EnvKeyRedisURL = "REDIS_URL"
 	// EnvKeyResetPasswordURL key for env variable RESET_PASSWORD_URL
 	EnvKeyResetPasswordURL = "RESET_PASSWORD_URL"
-	// EnvKeyDisableEmailVerification key for env variable DISABLE_EMAIL_VERIFICATION
-	EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION"
-	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH
-	EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION"
-	// EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN
-	EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN"
-	// EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE
-	EnvKeyDisableLoginPage = "DISABLE_LOGIN_PAGE"
-	// EnvKeyDisableSignUp key for env variable DISABLE_SIGN_UP
-	EnvKeyDisableSignUp = "DISABLE_SIGN_UP"
-	// EnvKeyRoles key for env variable ROLES
-	EnvKeyRoles = "ROLES"
-	// EnvKeyProtectedRoles key for env variable PROTECTED_ROLES
-	EnvKeyProtectedRoles = "PROTECTED_ROLES"
-	// EnvKeyDefaultRoles key for env variable DEFAULT_ROLES
-	EnvKeyDefaultRoles = "DEFAULT_ROLES"
 	// EnvKeyJwtRoleClaim key for env variable JWT_ROLE_CLAIM
 	EnvKeyJwtRoleClaim = "JWT_ROLE_CLAIM"
 	// EnvKeyGoogleClientID key for env variable GOOGLE_CLIENT_ID
@@ -116,6 +97,28 @@ const (
 	EnvKeyEncryptionKey = "ENCRYPTION_KEY"
 	// EnvKeyJWK key for env variable JWK
 	EnvKeyJWK = "JWK"
+
+	// Boolean variables
 	// EnvKeyIsProd key for env variable IS_PROD
 	EnvKeyIsProd = "IS_PROD"
+	// EnvKeyDisableEmailVerification key for env variable DISABLE_EMAIL_VERIFICATION
+	EnvKeyDisableEmailVerification = "DISABLE_EMAIL_VERIFICATION"
+	// EnvKeyDisableBasicAuthentication key for env variable DISABLE_BASIC_AUTH
+	EnvKeyDisableBasicAuthentication = "DISABLE_BASIC_AUTHENTICATION"
+	// EnvKeyDisableMagicLinkLogin key for env variable DISABLE_MAGIC_LINK_LOGIN
+	EnvKeyDisableMagicLinkLogin = "DISABLE_MAGIC_LINK_LOGIN"
+	// EnvKeyDisableLoginPage key for env variable DISABLE_LOGIN_PAGE
+	EnvKeyDisableLoginPage = "DISABLE_LOGIN_PAGE"
+	// EnvKeyDisableSignUp key for env variable DISABLE_SIGN_UP
+	EnvKeyDisableSignUp = "DISABLE_SIGN_UP"
+
+	// Slice variables
+	// EnvKeyRoles key for env variable ROLES
+	EnvKeyRoles = "ROLES"
+	// EnvKeyProtectedRoles key for env variable PROTECTED_ROLES
+	EnvKeyProtectedRoles = "PROTECTED_ROLES"
+	// EnvKeyDefaultRoles key for env variable DEFAULT_ROLES
+	EnvKeyDefaultRoles = "DEFAULT_ROLES"
+	// EnvKeyAllowedOrigins key for env variable ALLOWED_ORIGINS
+	EnvKeyAllowedOrigins = "ALLOWED_ORIGINS"
 )

server/db/providers/arangodb/provider.go

@@ -6,7 +6,6 @@ import (
 	"github.com/arangodb/go-driver"
 	arangoDriver "github.com/arangodb/go-driver"
 	"github.com/arangodb/go-driver/http"
-	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 )
@@ -22,10 +21,7 @@ type provider struct {
 // NewProvider to initialize arangodb connection
 func NewProvider() (*provider, error) {
 	ctx := context.Background()
-	dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
-	if err != nil {
-		return nil, err
-	}
 	conn, err := http.NewConnection(http.ConnectionConfig{
 		Endpoints: []string{dbURL},
 	})
@@ -41,10 +37,7 @@ func NewProvider() (*provider, error) {
 	}
 
 	var arangodb driver.Database
-	dbName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName)
+	dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
-	if err != nil {
-		return nil, err
-	}
 	arangodb_exists, err := arangoClient.DatabaseExists(nil, dbName)
 
 	if arangodb_exists {

server/db/providers/arangodb/user.go

@@ -3,7 +3,6 @@ package arangodb
 import (
 	"context"
 	"fmt"
-	"strings"
 	"time"
 
 	"github.com/arangodb/go-driver"
@@ -22,11 +21,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 		if err != nil {
 			return user, err
 		}
-		user.Roles = strings.Join(defaultRoles, ",")
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()

server/db/providers/cassandradb/provider.go

@@ -23,23 +23,17 @@ var KeySpace string
 
 // NewProvider to initialize arangodb connection
 func NewProvider() (*provider, error) {
-	dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
-	if err != nil {
-		return nil, err
-	}
 	if dbURL == "" {
-		dbURL, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseHost)
+		dbHost := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseHost
-		dbPort, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabasePort)
+		dbPort := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePort
-		if err != nil {
+		if dbPort != "" && dbHost != "" {
-			return nil, err
+			dbURL = fmt.Sprintf("%s:%s", dbHost, dbPort)
-		}
-		if dbPort != "" {
-			dbURL = fmt.Sprintf("%s:%s", dbURL, dbPort)
 		}
 	}
 
-	KeySpace, err = memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName)
+	KeySpace = memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
-	if err != nil || KeySpace == "" {
+	if KeySpace == "" {
 		KeySpace = constants.EnvKeyDatabaseName
 	}
 	clusterURL := []string{}
@@ -49,14 +43,8 @@ func NewProvider() (*provider, error) {
 		clusterURL = append(clusterURL, dbURL)
 	}
 	cassandraClient := cansandraDriver.NewCluster(clusterURL...)
-	dbUsername, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseUsername)
+	dbUsername := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseUsername
-	if err != nil {
+	dbPassword := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabasePassword
-		return nil, err
-	}
-	dbPassword, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabasePassword)
-	if err != nil {
-		return nil, err
-	}
 
 	if dbUsername != "" && dbPassword != "" {
 		cassandraClient.Authenticator = &cansandraDriver.PasswordAuthenticator{
@@ -65,20 +53,9 @@ func NewProvider() (*provider, error) {
 		}
 	}
 
-	dbCert, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCert)
+	dbCert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCert
-	if err != nil {
+	dbCACert := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCACert
-		return nil, err
+	dbCertKey := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseCertKey
-	}
-
-	dbCACert, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCACert)
-	if err != nil {
-		return nil, err
-	}
-
-	dbCertKey, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseCertKey)
-	if err != nil {
-		return nil, err
-	}
 	if dbCert != "" && dbCACert != "" && dbCertKey != "" {
 		certString, err := crypto.DecryptB64(dbCert)
 		if err != nil {

server/db/providers/cassandradb/user.go

@@ -22,11 +22,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 		if err != nil {
 			return user, err
 		}
-		user.Roles = strings.Join(defaultRoles, ",")
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()

server/db/providers/mongodb/provider.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"time"
 
-	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
 	"go.mongodb.org/mongo-driver/bson"
@@ -19,10 +18,7 @@ type provider struct {
 
 // NewProvider to initialize mongodb connection
 func NewProvider() (*provider, error) {
-	dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
-	if err != nil {
-		return nil, err
-	}
 	mongodbOptions := options.Client().ApplyURI(dbURL)
 	maxWait := time.Duration(5 * time.Second)
 	mongodbOptions.ConnectTimeout = &maxWait
@@ -41,10 +37,7 @@ func NewProvider() (*provider, error) {
 		return nil, err
 	}
 
-	dbName, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseName)
+	dbName := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseName
-	if err != nil {
-		return nil, err
-	}
 	mongodb := mongoClient.Database(dbName, options.Database())
 
 	mongodb.CreateCollection(ctx, models.Collections.User, options.CreateCollection())

server/db/providers/mongodb/user.go

@@ -1,7 +1,6 @@
 package mongodb
 
 import (
-	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -20,11 +19,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 		if err != nil {
 			return user, err
 		}
-		user.Roles = strings.Join(defaultRoles, ",")
+		user.Roles = defaultRoles
 	}
 	user.CreatedAt = time.Now().Unix()
 	user.UpdatedAt = time.Now().Unix()

server/db/providers/provider_template/user.go

@@ -1,7 +1,6 @@
 package provider_template
 
 import (
-	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -18,11 +17,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 		if err != nil {
 			return user, err
 		}
-		user.Roles = strings.Join(defaultRoles, ",")
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()

server/db/providers/sql/provider.go

@@ -42,15 +42,8 @@ func NewProvider() (*provider, error) {
 		},
 	}
 
-	dbType, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseType)
+	dbType := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseType
-	if err != nil {
+	dbURL := memorystore.RequiredEnvStoreObj.GetRequiredEnv().DatabaseURL
-		return nil, err
-	}
-
-	dbURL, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDatabaseURL)
-	if err != nil {
-		return nil, err
-	}
 
 	switch dbType {
 	case constants.DbTypePostgres, constants.DbTypeYugabyte:

server/db/providers/sql/user.go

@@ -1,7 +1,6 @@
 package sql
 
 import (
-	"strings"
 	"time"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -19,11 +18,11 @@ func (p *provider) AddUser(user models.User) (models.User, error) {
 	}
 
 	if user.Roles == "" {
-		defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 		if err != nil {
 			return user, err
 		}
-		user.Roles = strings.Join(defaultRoles, ",")
+		user.Roles = defaultRoles
 	}
 
 	user.CreatedAt = time.Now().Unix()

server/env/env.go

@@ -2,7 +2,9 @@ package env
 
 import (
 	"errors"
+	"fmt"
 	"os"
+	"strconv"
 	"strings"
 
 	"github.com/google/uuid"
@@ -11,7 +13,6 @@ import (
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/crypto"
 	"github.com/authorizerdev/authorizer/server/memorystore"
-	"github.com/authorizerdev/authorizer/server/parsers"
 	"github.com/authorizerdev/authorizer/server/utils"
 )
 
@@ -28,22 +29,65 @@ func InitAllEnv() error {
 		}
 	}
 
-	clientID := envData[constants.EnvKeyClientID].(string)
 	// unique client id for each instance
-	if clientID == "" {
+	cid, ok := envData[constants.EnvKeyClientID]
+	clientID := ""
+	if !ok || cid == "" {
 		clientID = uuid.New().String()
 		envData[constants.EnvKeyClientID] = clientID
+	} else {
+		clientID = cid.(string)
 	}
 
-	clientSecret := envData[constants.EnvKeyClientSecret]
+	// unique client secret for each instance
-	// unique client id for each instance
+	if val, ok := envData[constants.EnvKeyClientSecret]; !ok || val != "" {
-	if clientSecret == "" {
+		envData[constants.EnvKeyClientSecret] = uuid.New().String()
-		clientSecret = uuid.New().String()
-		envData[constants.EnvKeyClientSecret] = clientSecret
 	}
 
-	if envData[constants.EnvKeyEnv] == "" {
+	// os string envs
-		envData[constants.EnvKeyEnv] = os.Getenv(constants.EnvKeyEnv)
+	osEnv := os.Getenv(constants.EnvKeyEnv)
+	osAppURL := os.Getenv(constants.EnvKeyAppURL)
+	osAuthorizerURL := os.Getenv(constants.EnvKeyAuthorizerURL)
+	osPort := os.Getenv(constants.EnvKeyPort)
+	osAccessTokenExpiryTime := os.Getenv(constants.EnvKeyAccessTokenExpiryTime)
+	osAdminSecret := os.Getenv(constants.EnvKeyAdminSecret)
+	osSmtpHost := os.Getenv(constants.EnvKeySmtpHost)
+	osSmtpPort := os.Getenv(constants.EnvKeySmtpPort)
+	osSmtpUsername := os.Getenv(constants.EnvKeySmtpUsername)
+	osSmtpPassword := os.Getenv(constants.EnvKeySmtpPassword)
+	osSenderEmail := os.Getenv(constants.EnvKeySenderEmail)
+	osJwtType := os.Getenv(constants.EnvKeyJwtType)
+	osJwtSecret := os.Getenv(constants.EnvKeyJwtSecret)
+	osJwtPrivateKey := os.Getenv(constants.EnvKeyJwtPrivateKey)
+	osJwtPublicKey := os.Getenv(constants.EnvKeyJwtPublicKey)
+	osJwtRoleClaim := os.Getenv(constants.EnvKeyJwtRoleClaim)
+	osCustomAccessTokenScript := os.Getenv(constants.EnvKeyCustomAccessTokenScript)
+	osGoogleClientID := os.Getenv(constants.EnvKeyGoogleClientID)
+	osGoogleClientSecret := os.Getenv(constants.EnvKeyGoogleClientSecret)
+	osGithubClientID := os.Getenv(constants.EnvKeyGithubClientID)
+	osGithubClientSecret := os.Getenv(constants.EnvKeyGithubClientSecret)
+	osFacebookClientID := os.Getenv(constants.EnvKeyFacebookClientID)
+	osFacebookClientSecret := os.Getenv(constants.EnvKeyFacebookClientSecret)
+	osResetPasswordURL := os.Getenv(constants.EnvKeyResetPasswordURL)
+	osOrganizationName := os.Getenv(constants.EnvKeyOrganizationName)
+	osOrganizationLogo := os.Getenv(constants.EnvKeyOrganizationLogo)
+
+	// os bool vars
+	osDisableBasicAuthentication := os.Getenv(constants.EnvKeyDisableBasicAuthentication)
+	osDisableEmailVerification := os.Getenv(constants.EnvKeyDisableEmailVerification)
+	osDisableMagicLinkLogin := os.Getenv(constants.EnvKeyDisableMagicLinkLogin)
+	osDisableLoginPage := os.Getenv(constants.EnvKeyDisableLoginPage)
+	osDisableSignUp := os.Getenv(constants.EnvKeyDisableSignUp)
+
+	// os slice vars
+	osAllowedOrigins := os.Getenv(constants.EnvKeyAllowedOrigins)
+	osRoles := os.Getenv(constants.EnvKeyRoles)
+	osDefaultRoles := os.Getenv(constants.EnvKeyDefaultRoles)
+	osProtectedRoles := os.Getenv(constants.EnvKeyProtectedRoles)
+
+	ienv, ok := envData[constants.EnvKeyEnv]
+	if !ok || ienv == "" {
+		envData[constants.EnvKeyEnv] = osEnv
 		if envData[constants.EnvKeyEnv] == "" {
 			envData[constants.EnvKeyEnv] = "production"
 		}
@@ -54,71 +98,118 @@ func InitAllEnv() error {
 			envData[constants.EnvKeyIsProd] = false
 		}
 	}
-
+	if osEnv != "" && osEnv != envData[constants.EnvKeyEnv] {
-	if envData[constants.EnvKeyAppURL] == "" {
+		envData[constants.EnvKeyEnv] = osEnv
-		envData[constants.EnvKeyAppURL] = os.Getenv(constants.EnvKeyAppURL)
+		if envData[constants.EnvKeyEnv] == "production" {
+			envData[constants.EnvKeyIsProd] = true
+		} else {
+			envData[constants.EnvKeyIsProd] = false
+		}
 	}
 
-	if envData[constants.EnvKeyAuthorizerURL] == "" {
+	if val, ok := envData[constants.EnvKeyAppURL]; !ok || val == "" {
-		envData[constants.EnvKeyAuthorizerURL] = os.Getenv(constants.EnvKeyAuthorizerURL)
+		envData[constants.EnvKeyAppURL] = osAppURL
+	}
+	if osAppURL != "" && envData[constants.EnvKeyAppURL] != osAppURL {
+		envData[constants.EnvKeyAppURL] = osAppURL
 	}
 
-	if envData[constants.EnvKeyPort] == "" {
+	if val, ok := envData[constants.EnvKeyAuthorizerURL]; !ok || val == "" {
-		envData[constants.EnvKeyPort] = os.Getenv(constants.EnvKeyPort)
+		envData[constants.EnvKeyAuthorizerURL] = osAuthorizerURL
+	}
+	if osAuthorizerURL != "" && envData[constants.EnvKeyAuthorizerURL] != osAuthorizerURL {
+		envData[constants.EnvKeyAuthorizerURL] = osAuthorizerURL
+	}
+
+	if val, ok := envData[constants.EnvKeyPort]; !ok || val == "" {
+		envData[constants.EnvKeyPort] = osPort
 		if envData[constants.EnvKeyPort] == "" {
 			envData[constants.EnvKeyPort] = "8080"
 		}
 	}
+	if osPort != "" && envData[constants.EnvKeyPort] != osPort {
+		envData[constants.EnvKeyPort] = osPort
+	}
 
-	if envData[constants.EnvKeyAccessTokenExpiryTime] == "" {
+	if val, ok := envData[constants.EnvKeyAccessTokenExpiryTime]; !ok || val == "" {
-		envData[constants.EnvKeyAccessTokenExpiryTime] = os.Getenv(constants.EnvKeyAccessTokenExpiryTime)
+		envData[constants.EnvKeyAccessTokenExpiryTime] = osAccessTokenExpiryTime
 		if envData[constants.EnvKeyAccessTokenExpiryTime] == "" {
 			envData[constants.EnvKeyAccessTokenExpiryTime] = "30m"
 		}
 	}
-
+	if osAccessTokenExpiryTime != "" && envData[constants.EnvKeyAccessTokenExpiryTime] != osAccessTokenExpiryTime {
-	if envData[constants.EnvKeyAdminSecret] == "" {
+		envData[constants.EnvKeyAccessTokenExpiryTime] = osAccessTokenExpiryTime
-		envData[constants.EnvKeyAdminSecret] = os.Getenv(constants.EnvKeyAdminSecret)
 	}
 
-	if envData[constants.EnvKeySmtpHost] == "" {
+	if val, ok := envData[constants.EnvKeyAdminSecret]; !ok || val == "" {
-		envData[constants.EnvKeySmtpHost] = os.Getenv(constants.EnvKeySmtpHost)
+		envData[constants.EnvKeyAdminSecret] = osAdminSecret
+	}
+	if osAdminSecret != "" && envData[constants.EnvKeyAdminSecret] != osAdminSecret {
+		envData[constants.EnvKeyAdminSecret] = osAdminSecret
 	}
 
-	if envData[constants.EnvKeySmtpPort] == "" {
+	if val, ok := envData[constants.EnvKeySmtpHost]; !ok || val == "" {
-		envData[constants.EnvKeySmtpPort] = os.Getenv(constants.EnvKeySmtpPort)
+		envData[constants.EnvKeySmtpHost] = osSmtpHost
+	}
+	if osSmtpHost != "" && envData[constants.EnvKeySmtpHost] != osSmtpHost {
+		envData[constants.EnvKeySmtpHost] = osSmtpHost
 	}
 
-	if envData[constants.EnvKeySmtpUsername] == "" {
+	if val, ok := envData[constants.EnvKeySmtpPort]; !ok || val == "" {
-		envData[constants.EnvKeySmtpUsername] = os.Getenv(constants.EnvKeySmtpUsername)
+		envData[constants.EnvKeySmtpPort] = osSmtpPort
+	}
+	if osSmtpPort != "" && envData[constants.EnvKeySmtpPort] != osSmtpPort {
+		envData[constants.EnvKeySmtpPort] = osSmtpPort
 	}
 
-	if envData[constants.EnvKeySmtpPassword] == "" {
+	if val, ok := envData[constants.EnvKeySmtpUsername]; !ok || val == "" {
-		envData[constants.EnvKeySmtpPassword] = os.Getenv(constants.EnvKeySmtpPassword)
+		envData[constants.EnvKeySmtpUsername] = osSmtpUsername
+	}
+	if osSmtpUsername != "" && envData[constants.EnvKeySmtpUsername] != osSmtpUsername {
+		envData[constants.EnvKeySmtpUsername] = osSmtpUsername
 	}
 
-	if envData[constants.EnvKeySenderEmail] == "" {
+	if val, ok := envData[constants.EnvKeySmtpPassword]; !ok || val == "" {
-		envData[constants.EnvKeySenderEmail] = os.Getenv(constants.EnvKeySenderEmail)
+		envData[constants.EnvKeySmtpPassword] = osSmtpPassword
+	}
+	if osSmtpPassword != "" && envData[constants.EnvKeySmtpPassword] != osSmtpPassword {
+		envData[constants.EnvKeySmtpPassword] = osSmtpPassword
 	}
 
-	algo := envData[constants.EnvKeyJwtType].(string)
+	if val, ok := envData[constants.EnvKeySenderEmail]; !ok || val == "" {
-	if algo == "" {
+		envData[constants.EnvKeySenderEmail] = osSenderEmail
-		envData[constants.EnvKeyJwtType] = os.Getenv(constants.EnvKeyJwtType)
+	}
+	if osSenderEmail != "" && envData[constants.EnvKeySenderEmail] != osSenderEmail {
+		envData[constants.EnvKeySenderEmail] = osSenderEmail
+	}
+
+	algoVal, ok := envData[constants.EnvKeyJwtType]
+	algo := ""
+	if !ok || algoVal == "" {
+		envData[constants.EnvKeyJwtType] = osJwtType
 		if envData[constants.EnvKeyJwtType] == "" {
 			envData[constants.EnvKeyJwtType] = "RS256"
 			algo = envData[constants.EnvKeyJwtType].(string)
-		} else {
-			algo = envData[constants.EnvKeyJwtType].(string)
-			if !crypto.IsHMACA(algo) && !crypto.IsRSA(algo) && !crypto.IsECDSA(algo) {
-				log.Debug("Invalid JWT Algorithm")
-				return errors.New("invalid JWT_TYPE")
-			}
 		}
+	} else {
+		algo = algoVal.(string)
+		if !crypto.IsHMACA(algo) && !crypto.IsRSA(algo) && !crypto.IsECDSA(algo) {
+			log.Debug("Invalid JWT Algorithm")
+			return errors.New("invalid JWT_TYPE")
+		}
+	}
+	if osJwtType != "" && osJwtType != algo {
+		if !crypto.IsHMACA(osJwtType) && !crypto.IsRSA(osJwtType) && !crypto.IsECDSA(osJwtType) {
+			log.Debug("Invalid JWT Algorithm")
+			return errors.New("invalid JWT_TYPE")
+		}
+		algo = osJwtType
+		envData[constants.EnvKeyJwtType] = osJwtType
 	}
 
 	if crypto.IsHMACA(algo) {
-		if envData[constants.EnvKeyJwtSecret] == "" {
+		if val, ok := envData[constants.EnvKeyJwtSecret]; !ok || val == "" {
-			envData[constants.EnvKeyJwtSecret] = os.Getenv(constants.EnvKeyJwtSecret)
+			envData[constants.EnvKeyJwtSecret] = osJwtSecret
 			if envData[constants.EnvKeyJwtSecret] == "" {
 				envData[constants.EnvKeyJwtSecret], _, err = crypto.NewHMACKey(algo, clientID)
 				if err != nil {
@@ -126,17 +217,26 @@ func InitAllEnv() error {
 				}
 			}
 		}
+		if osJwtSecret != "" && envData[constants.EnvKeyJwtSecret] != osJwtSecret {
+			envData[constants.EnvKeyJwtSecret] = osJwtSecret
+		}
 	}
 
 	if crypto.IsRSA(algo) || crypto.IsECDSA(algo) {
 		privateKey, publicKey := "", ""
 
-		if envData[constants.EnvKeyJwtPrivateKey] == "" {
+		if val, ok := envData[constants.EnvKeyJwtPrivateKey]; !ok || val == "" {
-			privateKey = os.Getenv(constants.EnvKeyJwtPrivateKey)
+			privateKey = osJwtPrivateKey
+		}
+		if osJwtPrivateKey != "" && privateKey != osJwtPrivateKey {
+			privateKey = osJwtPrivateKey
 		}
 
-		if envData[constants.EnvKeyJwtPublicKey] == "" {
+		if val, ok := envData[constants.EnvKeyJwtPublicKey]; !ok || val == "" {
-			publicKey = os.Getenv(constants.EnvKeyJwtPublicKey)
+			publicKey = osJwtPublicKey
+		}
+		if osJwtPublicKey != "" && publicKey != osJwtPublicKey {
+			publicKey = osJwtPublicKey
 		}
 
 		// if algo is RSA / ECDSA, then we need to have both private and public key
@@ -184,55 +284,151 @@ func InitAllEnv() error {
 
 	}
 
-	if envData[constants.EnvKeyJwtRoleClaim] == "" {
+	if val, ok := envData[constants.EnvKeyJwtRoleClaim]; !ok || val == "" {
-		envData[constants.EnvKeyJwtRoleClaim] = os.Getenv(constants.EnvKeyJwtRoleClaim)
+		envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim
 
 		if envData[constants.EnvKeyJwtRoleClaim] == "" {
 			envData[constants.EnvKeyJwtRoleClaim] = "role"
 		}
 	}
-
+	if osJwtRoleClaim != "" && envData[constants.EnvKeyJwtRoleClaim] != osJwtRoleClaim {
-	if envData[constants.EnvKeyCustomAccessTokenScript] == "" {
+		envData[constants.EnvKeyJwtRoleClaim] = osJwtRoleClaim
-		envData[constants.EnvKeyCustomAccessTokenScript] = os.Getenv(constants.EnvKeyCustomAccessTokenScript)
 	}
 
-	if envData[constants.EnvKeyRedisURL] == "" {
+	if val, ok := envData[constants.EnvKeyCustomAccessTokenScript]; !ok || val == "" {
-		envData[constants.EnvKeyRedisURL] = os.Getenv(constants.EnvKeyRedisURL)
+		envData[constants.EnvKeyCustomAccessTokenScript] = osCustomAccessTokenScript
+	}
+	if osCustomAccessTokenScript != "" && envData[constants.EnvKeyCustomAccessTokenScript] != osCustomAccessTokenScript {
+		envData[constants.EnvKeyCustomAccessTokenScript] = osCustomAccessTokenScript
 	}
 
-	if envData[constants.EnvKeyGoogleClientID] == "" {
+	if val, ok := envData[constants.EnvKeyGoogleClientID]; !ok || val == "" {
-		envData[constants.EnvKeyGoogleClientID] = os.Getenv(constants.EnvKeyGoogleClientID)
+		envData[constants.EnvKeyGoogleClientID] = osGoogleClientID
+	}
+	if osGoogleClientID != "" && envData[constants.EnvKeyGoogleClientID] != osGoogleClientID {
+		envData[constants.EnvKeyGoogleClientID] = osGoogleClientID
 	}
 
-	if envData[constants.EnvKeyGoogleClientSecret] == "" {
+	if val, ok := envData[constants.EnvKeyGoogleClientSecret]; !ok || val == "" {
-		envData[constants.EnvKeyGoogleClientSecret] = os.Getenv(constants.EnvKeyGoogleClientSecret)
+		envData[constants.EnvKeyGoogleClientSecret] = osGoogleClientSecret
+	}
+	if osGoogleClientSecret != "" && envData[constants.EnvKeyGoogleClientSecret] != osGoogleClientSecret {
+		envData[constants.EnvKeyGoogleClientSecret] = osGoogleClientSecret
 	}
 
-	if envData[constants.EnvKeyGithubClientID] == "" {
+	if val, ok := envData[constants.EnvKeyGithubClientID]; !ok || val == "" {
-		envData[constants.EnvKeyGithubClientID] = os.Getenv(constants.EnvKeyGithubClientID)
+		envData[constants.EnvKeyGithubClientID] = osGithubClientID
+	}
+	if osGithubClientID != "" && envData[constants.EnvKeyGithubClientID] != osGithubClientID {
+		envData[constants.EnvKeyGithubClientID] = osGithubClientID
 	}
 
-	if envData[constants.EnvKeyGithubClientSecret] == "" {
+	if val, ok := envData[constants.EnvKeyGithubClientSecret]; !ok || val == "" {
-		envData[constants.EnvKeyGithubClientSecret] = os.Getenv(constants.EnvKeyGithubClientSecret)
+		envData[constants.EnvKeyGithubClientSecret] = osGithubClientSecret
+	}
+	if osGithubClientSecret != "" && envData[constants.EnvKeyGithubClientSecret] != osGithubClientSecret {
+		envData[constants.EnvKeyGithubClientSecret] = osGithubClientSecret
 	}
 
-	if envData[constants.EnvKeyFacebookClientID] == "" {
+	if val, ok := envData[constants.EnvKeyFacebookClientID]; !ok || val == "" {
-		envData[constants.EnvKeyFacebookClientID] = os.Getenv(constants.EnvKeyFacebookClientID)
+		envData[constants.EnvKeyFacebookClientID] = osFacebookClientID
+	}
+	if osFacebookClientID != "" && envData[constants.EnvKeyFacebookClientID] != osFacebookClientID {
+		envData[constants.EnvKeyFacebookClientID] = osFacebookClientID
 	}
 
-	if envData[constants.EnvKeyFacebookClientSecret] == "" {
+	if val, ok := envData[constants.EnvKeyFacebookClientSecret]; !ok || val == "" {
-		envData[constants.EnvKeyFacebookClientSecret] = os.Getenv(constants.EnvKeyFacebookClientSecret)
+		envData[constants.EnvKeyFacebookClientSecret] = osFacebookClientSecret
+	}
+	if osFacebookClientSecret != "" && envData[constants.EnvKeyFacebookClientSecret] != osFacebookClientSecret {
+		envData[constants.EnvKeyFacebookClientSecret] = osFacebookClientSecret
 	}
 
-	if envData[constants.EnvKeyResetPasswordURL] == "" {
+	if val, ok := envData[constants.EnvKeyResetPasswordURL]; !ok || val == "" {
-		envData[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(os.Getenv(constants.EnvKeyResetPasswordURL), "/")
+		envData[constants.EnvKeyResetPasswordURL] = strings.TrimPrefix(osResetPasswordURL, "/")
+	}
+	if osResetPasswordURL != "" && envData[constants.EnvKeyResetPasswordURL] != osResetPasswordURL {
+		envData[constants.EnvKeyResetPasswordURL] = osResetPasswordURL
 	}
 
-	envData[constants.EnvKeyDisableBasicAuthentication] = os.Getenv(constants.EnvKeyDisableBasicAuthentication) == "true"
+	if val, ok := envData[constants.EnvKeyOrganizationName]; !ok || val == "" {
-	envData[constants.EnvKeyDisableEmailVerification] = os.Getenv(constants.EnvKeyDisableEmailVerification) == "true"
+		envData[constants.EnvKeyOrganizationName] = osOrganizationName
-	envData[constants.EnvKeyDisableMagicLinkLogin] = os.Getenv(constants.EnvKeyDisableMagicLinkLogin) == "true"
+	}
-	envData[constants.EnvKeyDisableLoginPage] = os.Getenv(constants.EnvKeyDisableLoginPage) == "true"
+	if osOrganizationName != "" && envData[constants.EnvKeyOrganizationName] != osOrganizationName {
-	envData[constants.EnvKeyDisableSignUp] = os.Getenv(constants.EnvKeyDisableSignUp) == "true"
+		envData[constants.EnvKeyOrganizationName] = osOrganizationName
+	}
+
+	if val, ok := envData[constants.EnvKeyOrganizationLogo]; !ok || val == "" {
+		envData[constants.EnvKeyOrganizationLogo] = osOrganizationLogo
+	}
+	if osOrganizationLogo != "" && envData[constants.EnvKeyOrganizationLogo] != osOrganizationLogo {
+		envData[constants.EnvKeyOrganizationLogo] = osOrganizationLogo
+	}
+
+	if _, ok := envData[constants.EnvKeyDisableBasicAuthentication]; !ok {
+		envData[constants.EnvKeyDisableBasicAuthentication] = osDisableBasicAuthentication == "true"
+	}
+	if osDisableBasicAuthentication != "" {
+		boolValue, err := strconv.ParseBool(osDisableBasicAuthentication)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableBasicAuthentication].(bool) {
+			envData[constants.EnvKeyDisableBasicAuthentication] = boolValue
+		}
+	}
+
+	if _, ok := envData[constants.EnvKeyDisableEmailVerification]; !ok {
+		envData[constants.EnvKeyDisableEmailVerification] = osDisableEmailVerification == "true"
+	}
+	if osDisableEmailVerification != "" {
+		boolValue, err := strconv.ParseBool(osDisableEmailVerification)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableEmailVerification].(bool) {
+			envData[constants.EnvKeyDisableEmailVerification] = boolValue
+		}
+	}
+
+	if _, ok := envData[constants.EnvKeyDisableMagicLinkLogin]; !ok {
+		envData[constants.EnvKeyDisableMagicLinkLogin] = osDisableMagicLinkLogin == "true"
+	}
+	if osDisableMagicLinkLogin != "" {
+		boolValue, err := strconv.ParseBool(osDisableMagicLinkLogin)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableMagicLinkLogin].(bool) {
+			envData[constants.EnvKeyDisableMagicLinkLogin] = boolValue
+		}
+	}
+
+	if _, ok := envData[constants.EnvKeyDisableLoginPage]; !ok {
+		envData[constants.EnvKeyDisableLoginPage] = osDisableLoginPage == "true"
+	}
+	if osDisableLoginPage != "" {
+		boolValue, err := strconv.ParseBool(osDisableLoginPage)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableLoginPage].(bool) {
+			envData[constants.EnvKeyDisableLoginPage] = boolValue
+		}
+	}
+
+	if _, ok := envData[constants.EnvKeyDisableSignUp]; !ok {
+		envData[constants.EnvKeyDisableSignUp] = osDisableSignUp == "true"
+	}
+	if osDisableSignUp != "" {
+		boolValue, err := strconv.ParseBool(osDisableSignUp)
+		if err != nil {
+			return err
+		}
+		if boolValue != envData[constants.EnvKeyDisableSignUp].(bool) {
+			envData[constants.EnvKeyDisableSignUp] = boolValue
+		}
+	}
 
 	// no need to add nil check as its already done above
 	if envData[constants.EnvKeySmtpHost] == "" || envData[constants.EnvKeySmtpUsername] == "" || envData[constants.EnvKeySmtpPassword] == "" || envData[constants.EnvKeySenderEmail] == "" && envData[constants.EnvKeySmtpPort] == "" {
@@ -244,87 +440,67 @@ func InitAllEnv() error {
 		envData[constants.EnvKeyDisableMagicLinkLogin] = true
 	}
 
-	allowedOriginsSplit := strings.Split(os.Getenv(constants.EnvKeyAllowedOrigins), ",")
+	if val, ok := envData[constants.EnvKeyAllowedOrigins]; !ok || val == "" {
-	allowedOrigins := []string{}
+		envData[constants.EnvKeyAllowedOrigins] = osAllowedOrigins
-	hasWildCard := false
+		if envData[constants.EnvKeyAllowedOrigins] == "" {
-
+			envData[constants.EnvKeyAllowedOrigins] = "*"
-	for _, val := range allowedOriginsSplit {
-		trimVal := strings.TrimSpace(val)
-		if trimVal != "" {
-			if trimVal != "*" {
-				host, port := parsers.GetHostParts(trimVal)
-				allowedOrigins = append(allowedOrigins, host+":"+port)
-			} else {
-				hasWildCard = true
-				allowedOrigins = append(allowedOrigins, trimVal)
-				break
-			}
 		}
 	}
-
+	if osAllowedOrigins != "" && envData[constants.EnvKeyAllowedOrigins] != osAllowedOrigins {
-	if len(allowedOrigins) > 1 && hasWildCard {
+		envData[constants.EnvKeyAllowedOrigins] = osAllowedOrigins
-		allowedOrigins = []string{"*"}
 	}
 
-	if len(allowedOrigins) == 0 {
+	////// Roles /////
-		allowedOrigins = []string{"*"}
+	if val, ok := envData[constants.EnvKeyRoles]; !ok || val == "" {
-	}
+		envData[constants.EnvKeyRoles] = osRoles
-
+		if envData[constants.EnvKeyRoles] == "" {
-	envData[constants.EnvKeyAllowedOrigins] = allowedOrigins
+			envData[constants.EnvKeyRoles] = "user"
-
-	rolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyRoles))
-	rolesSplit := strings.Split(rolesEnv, ",")
-	roles := []string{}
-	if len(rolesEnv) == 0 {
-		roles = []string{"user"}
-	}
-
-	defaultRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyDefaultRoles))
-	defaultRoleSplit := strings.Split(defaultRolesEnv, ",")
-	defaultRoles := []string{}
-
-	if len(defaultRolesEnv) == 0 {
-		defaultRoles = []string{"user"}
-	}
-
-	protectedRolesEnv := strings.TrimSpace(os.Getenv(constants.EnvKeyProtectedRoles))
-	protectedRolesSplit := strings.Split(protectedRolesEnv, ",")
-	protectedRoles := []string{}
-
-	if len(protectedRolesEnv) > 0 {
-		for _, val := range protectedRolesSplit {
-			trimVal := strings.TrimSpace(val)
-			protectedRoles = append(protectedRoles, trimVal)
 		}
 	}
+	if osRoles != "" && envData[constants.EnvKeyRoles] != osRoles {
+		envData[constants.EnvKeyRoles] = osRoles
+	}
+	roles := strings.Split(envData[constants.EnvKeyRoles].(string), ",")
+	////// Roles /////
 
-	for _, val := range rolesSplit {
+	////// Default Role /////
-		trimVal := strings.TrimSpace(val)
+	if val, ok := envData[constants.EnvKeyDefaultRoles]; !ok || val == "" {
-		if trimVal != "" {
+		envData[constants.EnvKeyDefaultRoles] = osDefaultRoles
-			roles = append(roles, trimVal)
+		if envData[constants.EnvKeyDefaultRoles] == "" {
-			if utils.StringSliceContains(defaultRoleSplit, trimVal) {
+			envData[constants.EnvKeyDefaultRoles] = "user"
-				defaultRoles = append(defaultRoles, trimVal)
-			}
 		}
 	}
-
+	if osDefaultRoles != "" && envData[constants.EnvKeyDefaultRoles] != osDefaultRoles {
-	if len(roles) > 0 && len(defaultRoles) == 0 && len(defaultRolesEnv) > 0 {
+		envData[constants.EnvKeyDefaultRoles] = osDefaultRoles
-		log.Debug("Default roles not found in roles list. It can be one from ROLES only")
+	}
-		return errors.New(`invalid DEFAULT_ROLE environment variable. It can be one from give ROLES environment variable value`)
+	defaultRoles := strings.Split(envData[constants.EnvKeyDefaultRoles].(string), ",")
+	if len(defaultRoles) == 0 {
+		defaultRoles = []string{roles[0]}
 	}
 
-	envData[constants.EnvKeyRoles] = roles
+	for _, role := range defaultRoles {
-	envData[constants.EnvKeyDefaultRoles] = defaultRoles
+		if !utils.StringSliceContains(roles, role) {
-	envData[constants.EnvKeyProtectedRoles] = protectedRoles
+			return fmt.Errorf("Default role %s is not defined in roles", role)
-
+		}
-	if os.Getenv(constants.EnvKeyOrganizationName) != "" {
-		envData[constants.EnvKeyOrganizationName] = os.Getenv(constants.EnvKeyOrganizationName)
 	}
+	////// Default Role /////
 
-	if os.Getenv(constants.EnvKeyOrganizationLogo) != "" {
+	////// Roles /////
-		envData[constants.EnvKeyOrganizationLogo] = os.Getenv(constants.EnvKeyOrganizationLogo)
+	if val, ok := envData[constants.EnvKeyProtectedRoles]; !ok || val == "" {
+		envData[constants.EnvKeyProtectedRoles] = osProtectedRoles
+		if envData[constants.EnvKeyProtectedRoles] == "" {
+			envData[constants.EnvKeyProtectedRoles] = "user"
+		}
 	}
+	if osProtectedRoles != "" && envData[constants.EnvKeyProtectedRoles] != osProtectedRoles {
+		envData[constants.EnvKeyProtectedRoles] = osProtectedRoles
+	}
+	////// Roles /////
 
-	memorystore.Provider.UpdateEnvStore(envData)
+	err = memorystore.Provider.UpdateEnvStore(envData)
+	if err != nil {
+		log.Debug("Error while updating env store: ", err)
+		return err
+	}
 	return nil
 }

server/env/persist_env.go

@@ -14,8 +14,6 @@ import (
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/db/models"
 	"github.com/authorizerdev/authorizer/server/memorystore"
-	"github.com/authorizerdev/authorizer/server/utils"
-	"github.com/authorizerdev/authorizer/server/validators"
 )
 
 // GetEnvData returns the env data from database
@@ -55,6 +53,42 @@ func GetEnvData() (map[string]interface{}, error) {
 		return result, err
 	}
 
+	///////// start backward compatibility ///////////
+	// check if env data is stored in older format
+	hasOlderFormat := false
+	if _, ok := result["bool_env"]; ok {
+		for key, value := range result["bool_env"].(map[string]interface{}) {
+			result[key] = value
+		}
+		hasOlderFormat = true
+		delete(result, "bool_env")
+	}
+
+	if _, ok := result["string_env"]; ok {
+		for key, value := range result["string_env"].(map[string]interface{}) {
+			result[key] = value
+		}
+		hasOlderFormat = true
+		delete(result, "string_env")
+	}
+
+	if _, ok := result["slice_env"]; ok {
+		for key, value := range result["slice_env"].(map[string]interface{}) {
+			result[key] = strings.Join(value.([]string), ",")
+		}
+		hasOlderFormat = true
+		delete(result, "slice_env")
+	}
+
+	if hasOlderFormat {
+		err := memorystore.Provider.UpdateEnvStore(result)
+		if err != nil {
+			log.Fatal("Error while updating env store: ", err)
+			return result, err
+		}
+	}
+	///////// end backward compatibility ///////////
+
 	return result, err
 }
 
@@ -136,15 +170,6 @@ func PersistEnv() error {
 				envValue := strings.TrimSpace(os.Getenv(key))
 				if envValue != "" {
 					switch key {
-					case constants.EnvKeyRoles, constants.EnvKeyDefaultRoles, constants.EnvKeyProtectedRoles:
-						envStringArr := strings.Split(envValue, ",")
-						originalValue := utils.ConvertInterfaceToStringSlice(value)
-						if !validators.IsStringArrayEqual(originalValue, envStringArr) {
-							storeData[key] = envStringArr
-							hasChanged = true
-						}
-
-						break
 					case constants.EnvKeyIsProd, constants.EnvKeyDisableBasicAuthentication, constants.EnvKeyDisableEmailVerification, constants.EnvKeyDisableLoginPage, constants.EnvKeyDisableMagicLinkLogin, constants.EnvKeyDisableSignUp:
 						if envValueBool, err := strconv.ParseBool(envValue); err == nil {
 							if value.(bool) != envValueBool {
@@ -152,15 +177,11 @@ func PersistEnv() error {
 								hasChanged = true
 							}
 						}
-
-						break
 					default:
-						if value.(string) != envValue {
+						if value != nil && value.(string) != envValue {
 							storeData[key] = envValue
 							hasChanged = true
 						}
-
-						break
 					}
 				}
 			}

server/handlers/oauth_callback.go

@@ -91,10 +91,13 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 			// make sure inputRoles don't include protected roles
 			hasProtectedRole := false
 			for _, ir := range inputRoles {
-				protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
+				protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+				protectedRoles := []string{}
 				if err != nil {
 					log.Debug("Failed to get protected roles: ", err)
-					protectedRoles = []string{}
+					protectedRolesString = ""
+				} else {
+					protectedRoles = strings.Split(protectedRolesString, ",")
 				}
 				if utils.StringSliceContains(protectedRoles, ir) {
 					hasProtectedRole = true
@@ -149,10 +152,13 @@ func OAuthCallbackHandler() gin.HandlerFunc {
 				// check if it contains protected unassigned role
 				hasProtectedRole := false
 				for _, ur := range unasignedRoles {
-					protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
+					protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+					protectedRoles := []string{}
 					if err != nil {
 						log.Debug("Failed to get protected roles: ", err)
-						protectedRoles = []string{}
+						protectedRolesString = ""
+					} else {
+						protectedRoles = strings.Split(protectedRolesString, ",")
 					}
 					if utils.StringSliceContains(protectedRoles, ur) {
 						hasProtectedRole = true

server/handlers/oauth_login.go

@@ -56,13 +56,22 @@ func OAuthLoginHandler() gin.HandlerFunc {
 
 			// use protected roles verification for admin login only.
 			// though if not associated with user, it will be rejected from oauth_callback
-			roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
+			rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+			roles := []string{}
 			if err != nil {
 				log.Debug("Error getting roles: ", err)
+				rolesString = ""
+			} else {
+				roles = strings.Split(rolesString, ",")
 			}
-			protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
+
+			protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+			protectedRoles := []string{}
 			if err != nil {
 				log.Debug("Error getting protected roles: ", err)
+				protectedRolesString = ""
+			} else {
+				protectedRoles = strings.Split(protectedRolesString, ",")
 			}
 
 			if !validators.IsValidRoles(rolesSplit, append([]string{}, append(roles, protectedRoles...)...)) {
@@ -73,7 +82,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				return
 			}
 		} else {
-			defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			defaultRoles, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 			if err != nil {
 				log.Debug("Error getting default roles: ", err)
 				c.JSON(400, gin.H{
@@ -81,7 +90,7 @@ func OAuthLoginHandler() gin.HandlerFunc {
 				})
 				return
 			}
-			roles = strings.Join(defaultRoles, ",")
+			roles = defaultRoles
 
 		}
 

server/main.go

@@ -31,6 +31,7 @@ func main() {
 	cli.ARG_DB_TYPE = flag.String("database_type", "", "Database type, possible values are postgres,mysql,sqlite")
 	cli.ARG_ENV_FILE = flag.String("env_file", "", "Env file path")
 	cli.ARG_LOG_LEVEL = flag.String("log_level", "info", "Log level, possible values are debug,info,warn,error,fatal,panic")
+	cli.ARG_REDIS_URL = flag.String("redis_url", "", "Redis connection string")
 	flag.Parse()
 
 	// global log level

server/memorystore/providers/inmemory/envstore.go

@@ -1,6 +1,8 @@
 package inmemory
 
-import "sync"
+import (
+	"sync"
+)
 
 // EnvStore struct to store the env variables
 type EnvStore struct {
@@ -23,6 +25,7 @@ func (e *EnvStore) UpdateStore(store map[string]interface{}) {
 func (e *EnvStore) GetStore() map[string]interface{} {
 	e.mutex.Lock()
 	defer e.mutex.Unlock()
+
 	return e.store
 }
 

server/memorystore/providers/inmemory/store.go

@@ -1,6 +1,7 @@
 package inmemory
 
 import (
+	"fmt"
 	"strings"
 )
 
@@ -15,8 +16,8 @@ func (c *provider) ClearStore() error {
 
 // GetUserSessions returns all the user session token from the in-memory store.
 func (c *provider) GetUserSessions(userId string) map[string]string {
-	// c.mutex.Lock()
+	c.mutex.Lock()
-	// defer c.mutex.Unlock()
+	defer c.mutex.Unlock()
 	res := map[string]string{}
 	for k, v := range c.stateStore {
 		split := strings.Split(v, "@")
@@ -30,8 +31,8 @@ func (c *provider) GetUserSessions(userId string) map[string]string {
 
 // DeleteAllUserSession deletes all the user sessions from in-memory store.
 func (c *provider) DeleteAllUserSession(userId string) error {
-	// c.mutex.Lock()
+	c.mutex.Lock()
-	// defer c.mutex.Unlock()
+	defer c.mutex.Unlock()
 	sessions := c.GetUserSessions(userId)
 	for k := range sessions {
 		c.RemoveState(k)
@@ -91,24 +92,17 @@ func (c *provider) UpdateEnvVariable(key string, value interface{}) error {
 // GetStringStoreEnvVariable to get the env variable from string store object
 func (c *provider) GetStringStoreEnvVariable(key string) (string, error) {
 	res := c.envStore.Get(key)
-	return res.(string), nil
+	if res == nil {
+		return "", nil
+	}
+	return fmt.Sprintf("%v", res), nil
 }
 
 // GetBoolStoreEnvVariable to get the env variable from bool store object
 func (c *provider) GetBoolStoreEnvVariable(key string) (bool, error) {
 	res := c.envStore.Get(key)
+	if res == nil {
+		return false, nil
+	}
 	return res.(bool), nil
 }
-
-// GetSliceStoreEnvVariable to get the env variable from slice store object
-func (c *provider) GetSliceStoreEnvVariable(key string) ([]string, error) {
-	res := c.envStore.Get(key)
-	data := res.([]interface{})
-	var resSlice []string
-
-	for _, v := range data {
-		resSlice = append(resSlice, v.(string))
-	}
-
-	return resSlice, nil
-}

server/memorystore/providers/providers.go

@@ -27,6 +27,4 @@ type Provider interface {
 	GetStringStoreEnvVariable(key string) (string, error)
 	// GetBoolStoreEnvVariable to get the bool env variable from env store
 	GetBoolStoreEnvVariable(key string) (bool, error)
-	// GetSliceStoreEnvVariable to get the string slice env variable from env store
-	GetSliceStoreEnvVariable(key string) ([]string, error)
 }

server/memorystore/providers/redis/store.go

@@ -148,15 +148,3 @@ func (c *provider) GetBoolStoreEnvVariable(key string) (bool, error) {
 
 	return res, nil
 }
-
-// GetSliceStoreEnvVariable to get the string slice env variable from env store
-func (c *provider) GetSliceStoreEnvVariable(key string) ([]string, error) {
-	var res []string
-	err := c.store.Get(c.ctx, envStorePrefix+key).Scan(&res)
-	if err != nil {
-		log.Debug("error getting token from redis store: ", err)
-		return nil, err
-	}
-
-	return res, nil
-}

server/memorystore/required_env_store.go

@@ -69,7 +69,7 @@ func InitRequiredEnv() error {
 
 	err := godotenv.Load(envPath)
 	if err != nil {
-		log.Info("using OS env instead of %s file", envPath)
+		log.Infof("using OS env instead of %s file", envPath)
 	}
 
 	dbURL := os.Getenv(constants.EnvKeyDatabaseURL)
@@ -84,6 +84,12 @@ func InitRequiredEnv() error {
 	dbCACert := os.Getenv(constants.EnvKeyDatabaseCACert)
 	redisURL := os.Getenv(constants.EnvKeyRedisURL)
 
+	if strings.TrimSpace(redisURL) == "" {
+		if cli.ARG_REDIS_URL != nil && *cli.ARG_REDIS_URL != "" {
+			redisURL = *cli.ARG_REDIS_URL
+		}
+	}
+
 	if strings.TrimSpace(dbType) == "" {
 		if cli.ARG_DB_TYPE != nil && *cli.ARG_DB_TYPE != "" {
 			dbType = strings.TrimSpace(*cli.ARG_DB_TYPE)

server/resolvers/invite_members.go

@@ -87,10 +87,15 @@ func InviteMembersResolver(ctx context.Context, params model.InviteMemberInput)
 	// invite new emails
 	for _, email := range newEmails {
 
-		defaultRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		defaultRoles := []string{}
 		if err != nil {
 			log.Debug("Error getting default roles: ", err)
+			defaultRolesString = ""
+		} else {
+			defaultRoles = strings.Split(defaultRolesString, ",")
 		}
+
 		user := models.User{
 			Email: email,
 			Roles: strings.Join(defaultRoles, ","),

server/resolvers/login.go

@@ -73,10 +73,15 @@ func LoginResolver(ctx context.Context, params model.LoginInput) (*model.AuthRes
 		return res, fmt.Errorf(`invalid password`)
 	}
 
-	roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+	defaultRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
+	roles := []string{}
 	if err != nil {
 		log.Debug("Error getting default roles: ", err)
+		defaultRolesString = ""
+	} else {
+		roles = strings.Split(defaultRolesString, ",")
 	}
+
 	currentRoles := strings.Split(user.Roles, ",")
 	if len(params.Roles) > 0 {
 		if !validators.IsValidRoles(params.Roles, currentRoles) {

server/resolvers/magic_link_login.go

@@ -74,10 +74,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		// define roles for new user
 		if len(params.Roles) > 0 {
 			// check if roles exists
-			roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
+			rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+			roles := []string{}
 			if err != nil {
 				log.Debug("Error getting roles: ", err)
 				return res, err
+			} else {
+				roles = strings.Split(rolesString, ",")
 			}
 			if !validators.IsValidRoles(params.Roles, roles) {
 				log.Debug("Invalid roles: ", params.Roles)
@@ -86,12 +89,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 				inputRoles = params.Roles
 			}
 		} else {
-			inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 			if err != nil {
 				log.Debug("Error getting default roles: ", err)
 				return res, fmt.Errorf(`invalid roles`)
+			} else {
+				inputRoles = strings.Split(inputRolesString, ",")
 			}
-
 		}
 
 		user.Roles = strings.Join(inputRoles, ",")
@@ -110,10 +114,12 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 
 		// find the unassigned roles
 		if len(params.Roles) <= 0 {
-			inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+			inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 			if err != nil {
 				log.Debug("Error getting default roles: ", err)
 				return res, fmt.Errorf(`invalid default roles`)
+			} else {
+				inputRoles = strings.Split(inputRolesString, ",")
 			}
 		}
 		existingRoles := strings.Split(existingUser.Roles, ",")
@@ -127,10 +133,13 @@ func MagicLinkLoginResolver(ctx context.Context, params model.MagicLinkLoginInpu
 		if len(unasignedRoles) > 0 {
 			// check if it contains protected unassigned role
 			hasProtectedRole := false
-			protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
+			protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+			protectedRoles := []string{}
 			if err != nil {
 				log.Debug("Error getting protected roles: ", err)
 				return res, err
+			} else {
+				protectedRoles = strings.Split(protectedRolesString, ",")
 			}
 			for _, ur := range unasignedRoles {
 				if utils.StringSliceContains(protectedRoles, ur) {

server/resolvers/signup.go

@@ -92,10 +92,13 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 
 	if len(params.Roles) > 0 {
 		// check if roles exists
-		roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
+		rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+		roles := []string{}
 		if err != nil {
 			log.Debug("Error getting roles: ", err)
 			return res, err
+		} else {
+			roles = strings.Split(rolesString, ",")
 		}
 		if !validators.IsValidRoles(roles, params.Roles) {
 			log.Debug("Invalid roles: ", params.Roles)
@@ -104,10 +107,12 @@ func SignupResolver(ctx context.Context, params model.SignUpInput) (*model.AuthR
 			inputRoles = params.Roles
 		}
 	} else {
-		inputRoles, err = memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyDefaultRoles)
+		inputRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyDefaultRoles)
 		if err != nil {
 			log.Debug("Error getting default roles: ", err)
 			return res, err
+		} else {
+			inputRoles = strings.Split(inputRolesString, ",")
 		}
 	}
 

server/resolvers/update_user.go

@@ -156,13 +156,22 @@ func UpdateUserResolver(ctx context.Context, params model.UpdateUserInput) (*mod
 			inputRoles = append(inputRoles, *item)
 		}
 
-		roles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyRoles)
+		rolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyRoles)
+		roles := []string{}
 		if err != nil {
 			log.Debug("Error getting roles: ", err)
+			rolesString = ""
+		} else {
+			roles = strings.Split(rolesString, ",")
 		}
-		protectedRoles, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyProtectedRoles)
+		protectedRolesString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyProtectedRoles)
+		fmt.Println(protectedRolesString)
+		protectedRoles := []string{}
 		if err != nil {
 			log.Debug("Error getting protected roles: ", err)
+			protectedRolesString = ""
+		} else {
+			protectedRoles = strings.Split(protectedRolesString, ",")
 		}
 
 		if !validators.IsValidRoles(inputRoles, append([]string{}, append(roles, protectedRoles...)...)) {

server/test/env_file_test.go

@@ -1,28 +1,33 @@
 package test
 
 import (
+	"os"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/env"
 	"github.com/authorizerdev/authorizer/server/memorystore"
-	"github.com/authorizerdev/authorizer/server/utils"
-	"github.com/stretchr/testify/assert"
 )
 
 func TestEnvs(t *testing.T) {
-	memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEnvPath, "../../.env.sample")
+	err := os.Setenv(constants.EnvKeyEnvPath, "../../.env.test")
-	env.InitAllEnv()
+	assert.Nil(t, err)
+	err = memorystore.InitRequiredEnv()
+	assert.Nil(t, err)
+	err = env.InitAllEnv()
+	assert.Nil(t, err)
 	store, err := memorystore.Provider.GetEnvStore()
 	assert.Nil(t, err)
 
-	assert.Equal(t, store[constants.EnvKeyEnv].(string), "production")
+	assert.Equal(t, "test", store[constants.EnvKeyEnv].(string))
 	assert.False(t, store[constants.EnvKeyDisableEmailVerification].(bool))
 	assert.False(t, store[constants.EnvKeyDisableMagicLinkLogin].(bool))
 	assert.False(t, store[constants.EnvKeyDisableBasicAuthentication].(bool))
-	assert.Equal(t, store[constants.EnvKeyJwtType].(string), "RS256")
+	assert.Equal(t, "RS256", store[constants.EnvKeyJwtType].(string))
 	assert.Equal(t, store[constants.EnvKeyJwtRoleClaim].(string), "role")
-	assert.EqualValues(t, utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyRoles]), []string{"user"})
+	assert.EqualValues(t, store[constants.EnvKeyRoles].(string), "user")
-	assert.EqualValues(t, utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyDefaultRoles]), []string{"user"})
+	assert.EqualValues(t, store[constants.EnvKeyDefaultRoles].(string), "user")
-	assert.EqualValues(t, utils.ConvertInterfaceToStringSlice(store[constants.EnvKeyAllowedOrigins]), []string{"*"})
+	assert.EqualValues(t, store[constants.EnvKeyAllowedOrigins].(string), "*")
 }

server/test/test.go

@@ -5,8 +5,11 @@ import (
 	"fmt"
 	"net/http"
 	"net/http/httptest"
+	"os"
 	"time"
 
+	log "github.com/sirupsen/logrus"
+
 	"github.com/authorizerdev/authorizer/server/constants"
 	"github.com/authorizerdev/authorizer/server/db"
 	"github.com/authorizerdev/authorizer/server/env"
@@ -75,7 +78,15 @@ func testSetup() TestSetup {
 		Password: "Test@123",
 	}
 
-	memorystore.Provider.UpdateEnvVariable(constants.EnvKeyEnvPath, "../../.env.sample")
+	err := os.Setenv(constants.EnvKeyEnvPath, "../../.env.test")
+	if err != nil {
+		log.Fatal("Error loading .env.sample file")
+	}
+	err = memorystore.InitRequiredEnv()
+	if err != nil {
+		log.Fatal("Error loading required env: ", err)
+	}
+
 	memorystore.InitMemStore()
 	memorystore.Provider.UpdateEnvVariable(constants.EnvKeySmtpHost, "smtp.yopmail.com")
 	memorystore.Provider.UpdateEnvVariable(constants.EnvKeySmtpPort, "2525")

server/test/update_env_test.go

@@ -2,6 +2,7 @@ package test
 
 import (
 	"fmt"
+	"strings"
 	"testing"
 
 	"github.com/authorizerdev/authorizer/server/constants"
@@ -48,8 +49,9 @@ func updateEnvTests(t *testing.T, s TestSetup) {
 		assert.Nil(t, err)
 		assert.True(t, isLoginPageDisabled)
 
-		storedOrigins, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins)
+		storedOriginsStrings, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAllowedOrigins)
 		assert.Nil(t, err)
+		storedOrigins := strings.Split(storedOriginsStrings, ",")
 		assert.Equal(t, storedOrigins, allowedOrigins)
 
 		disableLoginPage = false

server/types/interface_slice.go

@@ -0,0 +1,16 @@
+package types
+
+import "encoding/json"
+
+// Type for interface slice. Used for redis store.
+type InterfaceSlice []interface{}
+
+// MarshalBinary for interface slice.
+func (s InterfaceSlice) MarshalBinary() ([]byte, error) {
+	return json.Marshal(s)
+}
+
+// UnmarshalBinary for interface slice.
+func (s *InterfaceSlice) UnmarshalBinary(data []byte) error {
+	return json.Unmarshal(data, s)
+}

server/validators/url.go

@@ -11,9 +11,12 @@ import (
 
 // IsValidOrigin validates origin based on ALLOWED_ORIGINS
 func IsValidOrigin(url string) bool {
-	allowedOrigins, err := memorystore.Provider.GetSliceStoreEnvVariable(constants.EnvKeyAllowedOrigins)
+	allowedOriginsString, err := memorystore.Provider.GetStringStoreEnvVariable(constants.EnvKeyAllowedOrigins)
+	allowedOrigins := []string{}
 	if err != nil {
 		allowedOrigins = []string{"*"}
+	} else {
+		allowedOrigins = strings.Split(allowedOriginsString, ",")
 	}
 	if len(allowedOrigins) == 1 && allowedOrigins[0] == "*" {
 		return true