rf/replaces email with account_id in session and payload

2023-10-15 06:17:04 +02:00 · 2023-10-15 06:17:04 +02:00 · cf4e84380e
commit cf4e84380e
parent 3d6d87854e
52 changed files with 338 additions and 327 deletions
--- a/bff/api/account.go
+++ b/bff/api/account.go
@ -86,7 +86,7 @@ func (server *Server) getAccount(ctx *gin.Context) {
 	}
 	authPayload := ctx.MustGet(authorizationPayloadKey).(*token.Payload)
-	if account.Email != authPayload.Email {
+	if account.ID != authPayload.AccountID {
 		err := errors.New("account doesn't belong to the authenticated user")
 		ctx.JSON(http.StatusUnauthorized, errorResponse(err))
 		return
@ -110,7 +110,7 @@ func (server *Server) listAccounts(ctx *gin.Context) {
 	authPayload := ctx.MustGet(authorizationPayloadKey).(*token.Payload)
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if err == sql.ErrNoRows {
 			ctx.JSON(http.StatusNotFound, errorResponse(err))
@ -160,7 +160,7 @@ func (server *Server) updateAccountPrivacy(ctx *gin.Context) {
 	}
 	authPayload := ctx.MustGet(authorizationPayloadKey).(*token.Payload)
-	if account.Email != authPayload.Email {
+	if account.ID != authPayload.AccountID {
 		err := errors.New("account doesn't belong to the authenticated user")
 		ctx.JSON(http.StatusUnauthorized, errorResponse(err))
 		return
@ -168,7 +168,7 @@ func (server *Server) updateAccountPrivacy(ctx *gin.Context) {
 	account, err = server.store.UpdateAccountPrivacyTx(ctx, db.UpdateAccountPrivacyTxParams{
 		ID:              req.ID,
-		Changer:         authPayload.Email,
+		Changer:         account.Email,
 		PrivacyAccepted: req.PrivacyAccepted,
 	})
 	if err != nil {
@ -207,7 +207,7 @@ func (server *Server) updateAccount(ctx *gin.Context) {
 	}
 	authPayload := ctx.MustGet(authorizationPayloadKey).(*token.Payload)
-	if account.Email != authPayload.Email {
+	if account.ID != authPayload.AccountID {
 		err := errors.New("account doesn't belong to the authenticated user")
 		ctx.JSON(http.StatusUnauthorized, errorResponse(err))
 		return
@ -215,7 +215,7 @@ func (server *Server) updateAccount(ctx *gin.Context) {
 	arg := db.UpdateAccountTxParams{
 		ID:      req.ID,
-		Changer: authPayload.Email,
+		Changer: account.Email,
 		Passwordhash: sql.NullString{
 			String: req.NewPassword,
 			Valid:  req.NewPassword != "",
--- a/bff/api/account_test.go
+++ b/bff/api/account_test.go
@ -49,7 +49,7 @@ func TestCreateAccountAPI(t *testing.T) {
 				"creator":          account.Email,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				arg := db.CreateAccountTxParams{
@ -110,7 +110,7 @@ func TestCreateAccountAPI(t *testing.T) {
 				"email": account.Email,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -139,7 +139,7 @@ func TestCreateAccountAPI(t *testing.T) {
 				"creator":               account.Email,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -197,7 +197,7 @@ func TestGetAccountAPI(t *testing.T) {
 			name:      "OK",
 			accountID: account.ID,
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -214,7 +214,7 @@ func TestGetAccountAPI(t *testing.T) {
 			name:      "UnauthorizedUser",
 			accountID: account.ID,
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, "UnauthorizedUser", time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, 2, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -244,7 +244,7 @@ func TestGetAccountAPI(t *testing.T) {
 			name:      "NotFound",
 			accountID: account.ID,
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -260,7 +260,7 @@ func TestGetAccountAPI(t *testing.T) {
 			name:      "InternalError",
 			accountID: account.ID,
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -276,7 +276,7 @@ func TestGetAccountAPI(t *testing.T) {
 			name:      "InvalidID",
 			accountID: 0,
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -373,7 +373,7 @@ func TestUpdateAccountTxAPI(t *testing.T) {
 				"lastname": newLastname,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				arg := db.UpdateAccountTxParams{
@ -423,7 +423,7 @@ func TestUpdateAccountTxAPI(t *testing.T) {
 				"email": account.Email,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -495,7 +495,7 @@ func TestListAccountsAPI(t *testing.T) {
 				pageSize: n,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				arg := db.ListAccountsParams{
@ -507,7 +507,7 @@ func TestListAccountsAPI(t *testing.T) {
 				accountAdmin.PermissionLevel = 1
 				store.EXPECT().
-					GetAccountByEmail(gomock.Any(), gomock.Eq(account.Email)).
+					GetAccount(gomock.Any(), gomock.Eq(account.ID)).
 					Times(1).
 					Return(accountAdmin, nil)
@ -542,7 +542,7 @@ func TestListAccountsAPI(t *testing.T) {
 			name:  "EmptyQuery",
 			query: Query{},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -560,7 +560,7 @@ func TestListAccountsAPI(t *testing.T) {
 				pageSize: n,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -578,7 +578,7 @@ func TestListAccountsAPI(t *testing.T) {
 				pageSize: 100000,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
@ -640,7 +640,7 @@ func TestUpdateAccountPrivacyTxAPI(t *testing.T) {
 				"privacy_accepted": true,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				trueBool := true
@ -687,7 +687,7 @@ func TestUpdateAccountPrivacyTxAPI(t *testing.T) {
 				"privacy_accepted": true,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				trueBool := true
@ -735,7 +735,7 @@ func TestUpdateAccountPrivacyTxAPI(t *testing.T) {
 				"privacy_accepted": false,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				falseBool := false
@ -784,7 +784,7 @@ func TestUpdateAccountPrivacyTxAPI(t *testing.T) {
 				"id": account.ID,
 			},
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.Email, time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, account.ID, time.Minute)
 			},
 			buildStubs: func(store *mockdb.MockStore) {
 				store.EXPECT().
--- a/bff/api/middleware_test.go
+++ b/bff/api/middleware_test.go
@ -19,13 +19,13 @@ func addAuthorization(
 	request *http.Request,
 	tokenMaker token.Maker,
 	authorizationType string,
-	email string,
+	account_id uint64,
 	duration time.Duration,
 ) {
 	id, err := tokenMaker.NewTokenID()
 	require.NoError(t, err)
-	token, payload, err := tokenMaker.CreateToken(email, id, duration)
+	token, payload, err := tokenMaker.CreateToken(account_id, id, duration)
 	require.NoError(t, err)
 	require.NotEmpty(t, payload)
@ -42,7 +42,7 @@ func TestAuthMiddleware(t *testing.T) {
 		{
 			name: "OK",
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, "user", time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, 1, time.Minute)
 			},
 			checkResponse: func(t *testing.T, recorder *httptest.ResponseRecorder) {
 				require.Equal(t, http.StatusOK, recorder.Code)
@ -59,7 +59,7 @@ func TestAuthMiddleware(t *testing.T) {
 		{
 			name: "UnsupportedAuthorization",
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, "unsupported", "user", time.Minute)
+				addAuthorization(t, request, tokenMaker, "unsupported", 1, time.Minute)
 			},
 			checkResponse: func(t *testing.T, recorder *httptest.ResponseRecorder) {
 				require.Equal(t, http.StatusUnauthorized, recorder.Code)
@ -68,7 +68,7 @@ func TestAuthMiddleware(t *testing.T) {
 		{
 			name: "InvalidAuthorizationFormat",
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, "", "user", time.Minute)
+				addAuthorization(t, request, tokenMaker, "", 1, time.Minute)
 			},
 			checkResponse: func(t *testing.T, recorder *httptest.ResponseRecorder) {
 				require.Equal(t, http.StatusUnauthorized, recorder.Code)
@ -77,7 +77,7 @@ func TestAuthMiddleware(t *testing.T) {
 		{
 			name: "ExpiredToken",
 			setupAuth: func(t *testing.T, request *http.Request, tokenMaker token.Maker) {
-				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, "user", -time.Minute)
+				addAuthorization(t, request, tokenMaker, authorizationTypeBearer, 1, -time.Minute)
 			},
 			checkResponse: func(t *testing.T, recorder *httptest.ResponseRecorder) {
 				require.Equal(t, http.StatusUnauthorized, recorder.Code)
--- a/bff/api/session.go
+++ b/bff/api/session.go
@ -24,7 +24,7 @@ type loginAccountResponse struct {
 	AccessTokenExpiresAt  time.Time `json:"access_token_expires_at"`
 	RefreshToken          string    `json:"refresh_token"`
 	RefreshTokenExpiresAt time.Time `json:"refresh_token_expires_at"`
-	Email                 string    `json:"email"`
+	AccountID             uint64    `json:"account_id"`
 }
 func (server *Server) loginAccount(ctx *gin.Context) {
@ -55,13 +55,13 @@ func (server *Server) loginAccount(ctx *gin.Context) {
 		ctx.JSON(http.StatusInternalServerError, errorResponse(errors.New("failed to create session token")))
 	}
 	refreshToken, refreshPayload, err := server.tokenMaker.CreateToken(
-		account.Email,
+		account.ID,
 		id,
 		server.config.RefreshTokenDuration,
 	)
 	accessToken, accessPayload, err := server.tokenMaker.CreateToken(
-		account.Email,
+		account.ID,
 		id,
 		server.config.AccessTokenDuration,
 	)
@ -73,7 +73,7 @@ func (server *Server) loginAccount(ctx *gin.Context) {
 	session, err := server.store.CreateSession(ctx, db.CreateSessionParams{
 		ID:           refreshPayload.ID,
-		Email:        account.Email,
+		AccountID:    refreshPayload.AccountID,
 		RefreshToken: refreshToken,
 		UserAgent:    ctx.Request.UserAgent(),
 		ClientIp:     ctx.ClientIP(),
@ -91,7 +91,7 @@ func (server *Server) loginAccount(ctx *gin.Context) {
 		AccessTokenExpiresAt:  accessPayload.ExpiredAt,
 		RefreshToken:          refreshToken,
 		RefreshTokenExpiresAt: refreshPayload.ExpiredAt,
-		Email:                 account.Email,
+		AccountID:             refreshPayload.AccountID,
 	}
 	ctx.JSON(http.StatusOK, rsp)
 }
@ -130,7 +130,7 @@ func (server *Server) blockSession(ctx *gin.Context) {
 		return
 	}
-	if session.Email != payload.Email {
+	if session.AccountID != payload.AccountID {
 		ctx.JSON(http.StatusUnauthorized, errorResponse(errors.New("unauthorized")))
 		return
 	}
--- a/bff/api/token.go
+++ b/bff/api/token.go
@ -48,7 +48,7 @@ func (server *Server) renewAccessToken(ctx *gin.Context) {
 		return
 	}
-	if session.Email != refreshPayload.Email {
+	if session.AccountID != refreshPayload.AccountID {
 		err := fmt.Errorf("incorrect session user")
 		ctx.JSON(http.StatusUnauthorized, errorResponse(err))
 		return
@ -71,7 +71,7 @@ func (server *Server) renewAccessToken(ctx *gin.Context) {
 		ctx.JSON(http.StatusInternalServerError, errorResponse(errors.New("failed to create session token")))
 	}
 	accessToken, accessPayload, err := server.tokenMaker.CreateToken(
-		refreshPayload.Email,
+		refreshPayload.AccountID,
 		id,
 		server.config.AccessTokenDuration,
 	)
--- a/bff/db/migration/000001_init_schema.up.sql
+++ b/bff/db/migration/000001_init_schema.up.sql
@ -35,7 +35,7 @@ CREATE TABLE "accounts" (
 CREATE TABLE "sessions" (
  "id" uuid UNIQUE PRIMARY KEY NOT NULL,
-  "email" varchar NOT NULL,
+  "account_id" bigint NOT NULL,
  "user_agent" varchar NOT NULL,
  "client_ip" varchar NOT NULL,
  "refresh_token" varchar NOT NULL,
@ -132,7 +132,7 @@ CREATE TABLE "returnsLog" (
  "changed" timestamptz NOT NULL DEFAULT (now())
 );
-ALTER TABLE "sessions" ADD FOREIGN KEY ("email") REFERENCES "accounts" ("email");
+ALTER TABLE "sessions" ADD FOREIGN KEY ("account_id") REFERENCES "accounts" ("id");
 ALTER TABLE "persons" ADD FOREIGN KEY ("account_id") REFERENCES "accounts" ("id");
--- a/bff/db/mock/store.go
+++ b/bff/db/mock/store.go
@ -763,7 +763,7 @@ func (mr *MockStoreMockRecorder) ListReturnsLogsByPersonID(arg0, arg1 any) *gomo
 }
 // ListSessions mocks base method.
-func (m *MockStore) ListSessions(arg0 context.Context, arg1 string) ([]db.Session, error) {
+func (m *MockStore) ListSessions(arg0 context.Context, arg1 uint64) ([]db.Session, error) {
 	m.ctrl.T.Helper()
 	ret := m.ctrl.Call(m, "ListSessions", arg0, arg1)
 	ret0, _ := ret[0].([]db.Session)
--- a/bff/db/query/session.sql
+++ b/bff/db/query/session.sql
@ -1,7 +1,7 @@
 -- name: CreateSession :one
 INSERT INTO sessions (
  id,
-  email,
+  account_id,
  refresh_token,
  user_agent,
  client_ip,
@ -24,4 +24,4 @@ WHERE "id" = sqlc.arg(id);
 -- name: ListSessions :many
 SELECT * FROM sessions
-WHERE email = sqlc.arg(email) AND is_blocked = false AND expires_at > now();
+WHERE account_id = sqlc.arg(account_id) AND is_blocked = false AND expires_at > now();
--- a/bff/db/sqlc/account.sql.go
+++ b/bff/db/sqlc/account.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: account.sql
 package db
--- a/bff/db/sqlc/db.go
+++ b/bff/db/sqlc/db.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 package db
--- a/bff/db/sqlc/document.sql.go
+++ b/bff/db/sqlc/document.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: document.sql
 package db
--- a/bff/db/sqlc/mail.sql.go
+++ b/bff/db/sqlc/mail.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: mail.sql
 package db
--- a/bff/db/sqlc/models.go
+++ b/bff/db/sqlc/models.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 package db
@ -136,7 +136,7 @@ type ReturnsLog struct {
 type Session struct {
 	ID           uuid.UUID `json:"id"`
-	Email        string    `json:"email"`
+	AccountID    uint64    `json:"account_id"`
 	UserAgent    string    `json:"user_agent"`
 	ClientIp     string    `json:"client_ip"`
 	RefreshToken string    `json:"refresh_token"`
--- a/bff/db/sqlc/payment.sql.go
+++ b/bff/db/sqlc/payment.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: payment.sql
 package db
--- a/bff/db/sqlc/person.sql.go
+++ b/bff/db/sqlc/person.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: person.sql
 package db
--- a/bff/db/sqlc/provider.sql.go
+++ b/bff/db/sqlc/provider.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: provider.sql
 package db
--- a/bff/db/sqlc/querier.go
+++ b/bff/db/sqlc/querier.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 package db
@ -71,7 +71,7 @@ type Querier interface {
 	ListReturns(ctx context.Context, arg ListReturnsParams) ([]Return, error)
 	ListReturnsLogs(ctx context.Context, arg ListReturnsLogsParams) ([]ReturnsLog, error)
 	ListReturnsLogsByPersonID(ctx context.Context, personID uint64) ([]ReturnsLog, error)
-	ListSessions(ctx context.Context, email string) ([]Session, error)
+	ListSessions(ctx context.Context, accountID uint64) ([]Session, error)
 	UpdateAccount(ctx context.Context, arg UpdateAccountParams) (Account, error)
 	UpdateAccountPrivacy(ctx context.Context, arg UpdateAccountPrivacyParams) (Account, error)
 	UpdateDocument(ctx context.Context, arg UpdateDocumentParams) (Document, error)
--- a/bff/db/sqlc/return.sql.go
+++ b/bff/db/sqlc/return.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: return.sql
 package db
--- a/bff/db/sqlc/returnsLog.sql.go
+++ b/bff/db/sqlc/returnsLog.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: returnsLog.sql
 package db
--- a/bff/db/sqlc/session.sql.go
+++ b/bff/db/sqlc/session.sql.go
@ -1,6 +1,6 @@
 // Code generated by sqlc. DO NOT EDIT.
 // versions:
-//   sqlc v1.22.0
+//   sqlc v1.21.0
 // source: session.sql
 package db
@ -27,7 +27,7 @@ func (q *Queries) BlockSession(ctx context.Context, id uuid.UUID) error {
 const createSession = `-- name: CreateSession :one
 INSERT INTO sessions (
  id,
-  email,
+  account_id,
  refresh_token,
  user_agent,
  client_ip,
@ -35,12 +35,12 @@ INSERT INTO sessions (
  expires_at
 ) VALUES (
  $1, $2, $3, $4, $5, $6, $7
-) RETURNING id, email, user_agent, client_ip, refresh_token, is_blocked, expires_at, created_at
+) RETURNING id, account_id, user_agent, client_ip, refresh_token, is_blocked, expires_at, created_at
 `
 type CreateSessionParams struct {
 	ID           uuid.UUID `json:"id"`
-	Email        string    `json:"email"`
+	AccountID    uint64    `json:"account_id"`
 	RefreshToken string    `json:"refresh_token"`
 	UserAgent    string    `json:"user_agent"`
 	ClientIp     string    `json:"client_ip"`
@ -51,7 +51,7 @@ type CreateSessionParams struct {
 func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (Session, error) {
 	row := q.db.QueryRowContext(ctx, createSession,
 		arg.ID,
-		arg.Email,
+		arg.AccountID,
 		arg.RefreshToken,
 		arg.UserAgent,
 		arg.ClientIp,
@ -61,7 +61,7 @@ func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (S
 	var i Session
 	err := row.Scan(
 		&i.ID,
-		&i.Email,
+		&i.AccountID,
 		&i.UserAgent,
 		&i.ClientIp,
 		&i.RefreshToken,
@ -73,7 +73,7 @@ func (q *Queries) CreateSession(ctx context.Context, arg CreateSessionParams) (S
 }
 const getSession = `-- name: GetSession :one
-SELECT id, email, user_agent, client_ip, refresh_token, is_blocked, expires_at, created_at FROM sessions
+SELECT id, account_id, user_agent, client_ip, refresh_token, is_blocked, expires_at, created_at FROM sessions
 WHERE id = $1 LIMIT 1
 `
@ -82,7 +82,7 @@ func (q *Queries) GetSession(ctx context.Context, id uuid.UUID) (Session, error)
 	var i Session
 	err := row.Scan(
 		&i.ID,
-		&i.Email,
+		&i.AccountID,
 		&i.UserAgent,
 		&i.ClientIp,
 		&i.RefreshToken,
@ -94,12 +94,12 @@ func (q *Queries) GetSession(ctx context.Context, id uuid.UUID) (Session, error)
 }
 const listSessions = `-- name: ListSessions :many
-SELECT id, email, user_agent, client_ip, refresh_token, is_blocked, expires_at, created_at FROM sessions
+SELECT id, account_id, user_agent, client_ip, refresh_token, is_blocked, expires_at, created_at FROM sessions
-WHERE email = $1 AND is_blocked = false AND expires_at > now()
+WHERE account_id = $1 AND is_blocked = false AND expires_at > now()
 `
-func (q *Queries) ListSessions(ctx context.Context, email string) ([]Session, error) {
+func (q *Queries) ListSessions(ctx context.Context, accountID uint64) ([]Session, error) {
-	rows, err := q.db.QueryContext(ctx, listSessions, email)
+	rows, err := q.db.QueryContext(ctx, listSessions, accountID)
 	if err != nil {
 		return nil, err
 	}
@ -109,7 +109,7 @@ func (q *Queries) ListSessions(ctx context.Context, email string) ([]Session, er
 		var i Session
 		if err := rows.Scan(
 			&i.ID,
-			&i.Email,
+			&i.AccountID,
 			&i.UserAgent,
 			&i.ClientIp,
 			&i.RefreshToken,
--- a/bff/doc/swagger/df.swagger.json
+++ b/bff/doc/swagger/df.swagger.json
@ -1338,7 +1338,6 @@
      "properties": {
        "email": {
          "type": "string",
          "format": "email",
          "example": "john.doe@example.com"
        },
        "password": {
@ -1378,10 +1377,10 @@
          "type": "string",
          "format": "date-time"
        },
-        "email": {
+        "accountId": {
          "type": "string",
-          "format": "email",
+          "format": "uint64",
-          "example": "john.doe@example.com"
+          "example": "1"
        }
      },
      "title": "Login Response"
@ -1619,7 +1618,7 @@
      "type": "object",
      "example": {
        "id": "1",
-        "email": "john.doe@example.com",
+        "account_id": "1",
        "refresh_token": "v4.public.eyJlbWFpbCI6ImEyQGIuZGUiLCJleHAiOiIyMDIzLTEwLTA2VDAxOjAyOjA5KzAyOjAwIiwiaWF0IjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCIsImlkIjoiNWUxZDY3ZGEtN2M5Yi00MzY1LWE0ZDUtM2NjMGEwNTEyNDFlIiwibmJmIjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCJ9BoX36w0po1vvHSjsBP_KWeFxV1xRbQayqbJuIoK2jKqy1Bt2RoHyJbLoCEO15CRT5DnQ6P0AHlBzjsXt61aDDw",
        "expires_at": "2023-10-05T02:30:53Z",
        "created_at": "2023-10-05T01:20:11Z",
@ -1631,8 +1630,9 @@
        "id": {
          "type": "string"
        },
-        "email": {
+        "accountId": {
-          "type": "string"
+          "type": "string",
          "format": "uint64"
        },
        "userAgent": {
          "type": "string"
--- a/bff/gapi/authorization.go
+++ b/bff/gapi/authorization.go
@ -60,7 +60,7 @@ func (server *Server) authorizeUser(ctx context.Context) (*token.Payload, error)
 }
 func (server *Server) isAdmin(ctx context.Context, payload *token.Payload) bool {
-	acc, err := server.store.GetAccountByEmail(ctx, payload.Email)
+	acc, err := server.store.GetAccount(ctx, payload.AccountID)
 	if err != nil {
 		fmt.Printf("could not verify admin: %#v", err)
 		return false
--- a/bff/gapi/converter.go
+++ b/bff/gapi/converter.go
@ -49,7 +49,7 @@ func convertPerson(person db.Person) *pb.Person {
 func convertSession(session db.Session) *pb.Session {
 	return &pb.Session{
 		Id:           session.ID.String(),
-		Email:        session.Email,
+		AccountId:    session.AccountID,
 		ClientIp:     session.ClientIp,
 		UserAgent:    session.UserAgent,
 		RefreshToken: session.RefreshToken,
--- a/bff/gapi/rpc_block_session.go
+++ b/bff/gapi/rpc_block_session.go
@ -31,11 +31,11 @@ func (server *Server) BlockSession(ctx context.Context, req *pb.BlockSessionRequ
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "session not found")
 		}
-		slog.Error("block_session (get)", slog.String("invoked_by", authPayload.Email), slog.String("session_id", req.GetSessionId()), slog.String("error", err.Error()))
+		slog.Error("block_session (get)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.String("session_id", req.GetSessionId()), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to get session")
 	}
-	if session.Email != authPayload.Email {
+	if session.AccountID != authPayload.AccountID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "session not found")
 		}
@ -47,7 +47,7 @@ func (server *Server) BlockSession(ctx context.Context, req *pb.BlockSessionRequ
 	err = server.store.BlockSession(ctx, uid)
 	if err != nil {
-		slog.Error("block_session (db)", slog.String("invoked_by", authPayload.Email), slog.String("session_id", req.GetSessionId()), slog.String("error", err.Error()))
+		slog.Error("block_session (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.String("session_id", req.GetSessionId()), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to block session")
 	}
--- a/bff/gapi/rpc_create_payment.go
+++ b/bff/gapi/rpc_create_payment.go
@ -30,11 +30,11 @@ func (server *Server) CreatePayment(ctx context.Context, req *pb.CreatePaymentRe
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("create_payment (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("create_payment (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -68,13 +68,13 @@ func (server *Server) CreatePayment(ctx context.Context, req *pb.CreatePaymentRe
 			String: req.GetPaymentSystem(),
 		},
 		Type:    req.GetType(),
-		Creator: authPayload.Email,
+		Creator: account.Email,
-		Changer: authPayload.Email,
+		Changer: account.Email,
 	}
 	payment, err := server.store.CreatePayment(ctx, arg)
 	if err != nil {
-		slog.Error("create_payment (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("payment_category", req.GetPaymentCategory()), slog.String("error", err.Error()))
+		slog.Error("create_payment (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("payment_category", req.GetPaymentCategory()), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to create payment")
 	}
--- a/bff/gapi/rpc_create_person.go
+++ b/bff/gapi/rpc_create_person.go
@ -31,11 +31,11 @@ func (server *Server) CreatePerson(ctx context.Context, req *pb.CreatePersonRequ
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("create_person (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("create_person (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -50,13 +50,13 @@ func (server *Server) CreatePerson(ctx context.Context, req *pb.CreatePersonRequ
 		Street:    req.GetStreet(),
 		Country:   req.GetCountry(),
 		Zip:       req.GetZip(),
-		Creator:   authPayload.Email,
+		Creator:   account.Email,
-		Changer:   authPayload.Email,
+		Changer:   account.Email,
 	}
 	person, err := server.store.CreatePersonTx(ctx, arg)
 	if err != nil {
-		slog.Error("create_person (db)", slog.String("invoked_by", authPayload.Email), slog.String("person", fmt.Sprintf("%s, %s", req.GetLastname(), req.GetFirstname())), slog.String("error", err.Error()))
+		slog.Error("create_person (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.String("person", fmt.Sprintf("%s, %s", req.GetLastname(), req.GetFirstname())), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to create person")
 	}
--- a/bff/gapi/rpc_delete_payment.go
+++ b/bff/gapi/rpc_delete_payment.go
@ -23,16 +23,16 @@ func (server *Server) DeletePayment(ctx context.Context, req *pb.DeletePaymentRe
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("delete_payment (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("delete_payment (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -43,7 +43,7 @@ func (server *Server) DeletePayment(ctx context.Context, req *pb.DeletePaymentRe
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "payment not found")
 		}
-		slog.Error("delete_payment (get_payment)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("delete_payment (get_payment)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to get payment")
 	}
@ -55,7 +55,7 @@ func (server *Server) DeletePayment(ctx context.Context, req *pb.DeletePaymentRe
 	err = server.store.DeletePayment(ctx, req.GetId())
 	if err != nil {
-		slog.Error("delete_payment (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("delete_payment (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to delete payment")
 	}
--- a/bff/gapi/rpc_delete_person.go
+++ b/bff/gapi/rpc_delete_person.go
@ -23,16 +23,16 @@ func (server *Server) DeletePerson(ctx context.Context, req *pb.DeletePersonRequ
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("delete_person (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("delete_person (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -43,7 +43,7 @@ func (server *Server) DeletePerson(ctx context.Context, req *pb.DeletePersonRequ
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "person not found")
 		}
-		slog.Error("delete_person (get_person)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("delete_person (get_person)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to get person")
 	}
@ -55,7 +55,7 @@ func (server *Server) DeletePerson(ctx context.Context, req *pb.DeletePersonRequ
 	err = server.store.DeletePersonTx(ctx, person.ID)
 	if err != nil {
-		slog.Error("delete_person (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("delete_person (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to delete person")
 	}
--- a/bff/gapi/rpc_get_account.go
+++ b/bff/gapi/rpc_get_account.go
@ -28,11 +28,11 @@ func (server *Server) GetAccount(ctx context.Context, req *pb.GetAccountRequest)
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("get_account (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("get_account (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
--- a/bff/gapi/rpc_get_payment.go
+++ b/bff/gapi/rpc_get_payment.go
@ -23,16 +23,16 @@ func (server *Server) GetPayment(ctx context.Context, req *pb.GetPaymentRequest)
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("get_payment (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("get_payment (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -43,7 +43,7 @@ func (server *Server) GetPayment(ctx context.Context, req *pb.GetPaymentRequest)
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "no payments found")
 		}
-		slog.Error("get_payment (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("get_payment (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get payments")
 	}
--- a/bff/gapi/rpc_get_person.go
+++ b/bff/gapi/rpc_get_person.go
@ -23,16 +23,16 @@ func (server *Server) GetPerson(ctx context.Context, req *pb.GetPersonRequest) (
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("get_person (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("get_person (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -43,7 +43,7 @@ func (server *Server) GetPerson(ctx context.Context, req *pb.GetPersonRequest) (
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "no persons found")
 		}
-		slog.Error("get_person (get_person)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("get_person (get_person)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get persons")
 	}
--- a/bff/gapi/rpc_list_accounts.go
+++ b/bff/gapi/rpc_list_accounts.go
@ -34,7 +34,7 @@ func (server *Server) ListAccounts(ctx context.Context, req *pb.ListAccountsRequ
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "no accounts found")
 		}
-		slog.Error("list_accounts (db)", slog.String("invoked_by", authPayload.Email), slog.Int("page_id", int(req.GetPageId())), slog.Int("page_size", int(req.GetPageSize())), slog.String("error", err.Error()))
+		slog.Error("list_accounts (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int("page_id", int(req.GetPageId())), slog.Int("page_size", int(req.GetPageSize())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get accounts")
 	}
--- a/bff/gapi/rpc_list_payments.go
+++ b/bff/gapi/rpc_list_payments.go
@ -23,16 +23,16 @@ func (server *Server) ListPayments(ctx context.Context, req *pb.ListPaymentsRequ
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("list_payments (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("list_payments (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -49,7 +49,7 @@ func (server *Server) ListPayments(ctx context.Context, req *pb.ListPaymentsRequ
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "no payments found")
 		}
-		slog.Error("list_payments (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("list_payments (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get payments")
 	}
--- a/bff/gapi/rpc_list_persons.go
+++ b/bff/gapi/rpc_list_persons.go
@ -23,16 +23,16 @@ func (server *Server) ListPersons(ctx context.Context, req *pb.ListPersonsReques
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("list_persons (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("list_persons (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -49,7 +49,7 @@ func (server *Server) ListPersons(ctx context.Context, req *pb.ListPersonsReques
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "no persons found")
 		}
-		slog.Error("list_persons (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("list_persons (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get persons")
 	}
--- a/bff/gapi/rpc_list_returns_log_by_person_id.go
+++ b/bff/gapi/rpc_list_returns_log_by_person_id.go
@ -23,16 +23,16 @@ func (server *Server) ListReturnsLog(ctx context.Context, req *pb.ListReturnsLog
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("list_returns_log_by_person_id (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetPersonId())), slog.String("error", err.Error()))
+		slog.Error("list_returns_log_by_person_id (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetPersonId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -49,7 +49,7 @@ func (server *Server) ListReturnsLog(ctx context.Context, req *pb.ListReturnsLog
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "no returns_logs found")
 		}
-		slog.Error("list_returns_log_by_person_id (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetPersonId())), slog.String("error", err.Error()))
+		slog.Error("list_returns_log_by_person_id (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetPersonId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get returns_logs")
 	}
--- a/bff/gapi/rpc_list_sessions.go
+++ b/bff/gapi/rpc_list_sessions.go
@ -23,16 +23,16 @@ func (server *Server) ListSessions(ctx context.Context, req *pb.ListSessionsRequ
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("list_sessions (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("list_sessions (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -44,12 +44,12 @@ func (server *Server) ListSessions(ctx context.Context, req *pb.ListSessionsRequ
 		}
 	}
-	dbSessions, err := server.store.ListSessions(ctx, account.Email)
+	dbSessions, err := server.store.ListSessions(ctx, account.ID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "no accounts found")
 		}
-		slog.Error("list_sessions (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
+		slog.Error("list_sessions (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetAccountId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.NotFound, "failed to get accounts")
 	}
--- a/bff/gapi/rpc_login.go
+++ b/bff/gapi/rpc_login.go
@ -44,7 +44,7 @@ func (server *Server) Login(ctx context.Context, req *pb.LoginRequest) (*pb.Logi
 	}
 	refreshToken, refreshPayload, err := server.tokenMaker.CreateToken(
-		account.Email,
+		account.ID,
 		id,
 		server.config.RefreshTokenDuration,
 	)
@ -55,7 +55,7 @@ func (server *Server) Login(ctx context.Context, req *pb.LoginRequest) (*pb.Logi
 	}
 	accessToken, accessPayload, err := server.tokenMaker.CreateToken(
-		account.Email,
+		account.ID,
 		id,
 		server.config.AccessTokenDuration,
 	)
@ -68,7 +68,7 @@ func (server *Server) Login(ctx context.Context, req *pb.LoginRequest) (*pb.Logi
 	_, err = server.store.CreateSession(ctx, db.CreateSessionParams{
 		ID:           refreshPayload.ID,
-		Email:        account.Email,
+		AccountID:    account.ID,
 		RefreshToken: refreshToken,
 		UserAgent:    mtdt.UserAgent,
 		ClientIp:     mtdt.ClientIP,
@ -87,7 +87,7 @@ func (server *Server) Login(ctx context.Context, req *pb.LoginRequest) (*pb.Logi
 		AccessTokenExpiresAt:  timestamppb.New(accessPayload.ExpiredAt),
 		RefreshToken:          refreshToken,
 		RefreshTokenExpiresAt: timestamppb.New(refreshPayload.ExpiredAt),
-		Email:                 account.Email,
+		AccountId:             account.ID,
 	}
 	return rsp, nil
 }
--- a/bff/gapi/rpc_refresh_token.go
+++ b/bff/gapi/rpc_refresh_token.go
@ -32,7 +32,7 @@ func (server *Server) RefreshToken(ctx context.Context, req *pb.RefreshTokenRequ
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Error(codes.NotFound, "session not found")
 		}
-		slog.Error("refresh_token (get_account)", slog.String("invoked_by", refreshPayload.Email), slog.String("refresh_token", req.GetRefreshToken()), slog.String("error", err.Error()))
+		slog.Error("refresh_token (get_account)", slog.Int64("invoked_by", int64(refreshPayload.AccountID)), slog.String("refresh_token", req.GetRefreshToken()), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "cannot find session")
 	}
@ -40,7 +40,7 @@ func (server *Server) RefreshToken(ctx context.Context, req *pb.RefreshTokenRequ
 		return nil, status.Error(codes.PermissionDenied, "session is blocked")
 	}
-	if session.Email != refreshPayload.Email {
+	if session.AccountID != refreshPayload.AccountID {
 		return nil, status.Error(codes.PermissionDenied, "invalid account session")
 	}
@ -56,16 +56,16 @@ func (server *Server) RefreshToken(ctx context.Context, req *pb.RefreshTokenRequ
 	id, err := server.tokenMaker.NewTokenID()
 	if err != nil {
-		slog.Error("refresh_token (token_id)", slog.String("invoked_by", refreshPayload.Email), slog.String("error", err.Error()))
+		slog.Error("refresh_token (token_id)", slog.Int64("invoked_by", int64(refreshPayload.AccountID)), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to create session token")
 	}
 	accessToken, accessPayload, err := server.tokenMaker.CreateToken(
-		refreshPayload.Email,
+		refreshPayload.AccountID,
 		id,
 		server.config.AccessTokenDuration,
 	)
 	if err != nil {
-		slog.Error("refresh_token (access_token)", slog.String("invoked_by", refreshPayload.Email), slog.String("error", err.Error()))
+		slog.Error("refresh_token (access_token)", slog.Int64("invoked_by", int64(refreshPayload.AccountID)), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to create session token")
 	}
--- a/bff/gapi/rpc_update_account.go
+++ b/bff/gapi/rpc_update_account.go
@ -26,15 +26,20 @@ func (server *Server) UpdateAccount(ctx context.Context, req *pb.UpdateAccountRe
 		return nil, invalidArgumentError(violations)
 	}
-	if authPayload.Email != req.GetEmail() {
+	if authPayload.AccountID != req.GetId() {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
 	}
 	account, err := server.store.GetAccount(ctx, req.GetId())
 	if err != nil {
 		return nil, status.Error(codes.NotFound, "account not found")
 	}
 	arg := db.UpdateAccountTxParams{
 		ID:      req.GetId(),
-		Changer: authPayload.Email,
+		Changer: account.Email,
 		Email: sql.NullString{
 			Valid:  req.GetEmail() != "",
 			String: req.GetEmail(),
@ -76,7 +81,7 @@ func (server *Server) UpdateAccount(ctx context.Context, req *pb.UpdateAccountRe
 	if req.Password != nil {
 		hashedPassword, err := util.HashPassword(req.GetPassword())
 		if err != nil {
-			slog.Error("update_account (hash_password)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
+			slog.Error("update_account (hash_password)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
 			return nil, status.Error(codes.Internal, "failed to hash password")
 		}
@ -86,9 +91,9 @@ func (server *Server) UpdateAccount(ctx context.Context, req *pb.UpdateAccountRe
 		}
 	}
-	account, err := server.store.UpdateAccountTx(ctx, arg)
+	account, err = server.store.UpdateAccountTx(ctx, arg)
 	if err != nil {
-		slog.Error("update_account (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_account (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to update account")
 	}
--- a/bff/gapi/rpc_update_account_privacy.go
+++ b/bff/gapi/rpc_update_account_privacy.go
@ -29,11 +29,11 @@ func (server *Server) UpdateAccountPrivacy(ctx context.Context, req *pb.UpdateAc
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("update_account_privacy (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_account_privacy (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Errorf(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -41,14 +41,14 @@ func (server *Server) UpdateAccountPrivacy(ctx context.Context, req *pb.UpdateAc
 	privacyAccepted := req.GetPrivacyAccepted()
 	arg := db.UpdateAccountPrivacyTxParams{
-		Changer:         authPayload.Email,
+		Changer:         account.Email,
 		ID:              req.GetId(),
 		PrivacyAccepted: &privacyAccepted,
 	}
 	account, err = server.store.UpdateAccountPrivacyTx(ctx, arg)
 	if err != nil {
-		slog.Error("update_account_privacy (db)", slog.String("invoked_by", authPayload.Email), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_account_privacy (db)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("account_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to update account privacy")
 	}
--- a/bff/gapi/rpc_update_payment.go
+++ b/bff/gapi/rpc_update_payment.go
@ -25,16 +25,16 @@ func (server *Server) UpdatePayment(ctx context.Context, req *pb.UpdatePaymentRe
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("update_payment (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_payment (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -45,7 +45,7 @@ func (server *Server) UpdatePayment(ctx context.Context, req *pb.UpdatePaymentRe
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "payment not found")
 		}
-		slog.Error("update_payment (get_payment)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_payment (get_payment)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get payment")
 	}
@ -89,12 +89,12 @@ func (server *Server) UpdatePayment(ctx context.Context, req *pb.UpdatePaymentRe
 			Valid:  req.GetType() != "",
 			String: req.GetType(),
 		},
-		Changer: authPayload.Email,
+		Changer: account.Email,
 	}
 	payment, err := server.store.UpdatePayment(ctx, arg)
 	if err != nil {
-		slog.Error("update_payment (get_payment)", slog.String("invoked_by", authPayload.Email), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_payment (get_payment)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("payment_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to update payment")
 	}
--- a/bff/gapi/rpc_update_person.go
+++ b/bff/gapi/rpc_update_person.go
@ -24,16 +24,16 @@ func (server *Server) UpdatePerson(ctx context.Context, req *pb.UpdatePersonRequ
 		return nil, invalidArgumentError(violations)
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "account not found")
 		}
-		slog.Error("update_person (get_account)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_person (get_account)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get account")
 	}
-	if authPayload.Email != account.Email {
+	if authPayload.AccountID != account.ID {
 		if !server.isAdmin(ctx, authPayload) {
 			return nil, status.Error(codes.NotFound, "account not found")
 		}
@ -44,7 +44,7 @@ func (server *Server) UpdatePerson(ctx context.Context, req *pb.UpdatePersonRequ
 		if errors.Is(err, sql.ErrNoRows) {
 			return nil, status.Errorf(codes.NotFound, "person not found")
 		}
-		slog.Error("update_person (get_person)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_person (get_person)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to get person")
 	}
@ -84,12 +84,12 @@ func (server *Server) UpdatePerson(ctx context.Context, req *pb.UpdatePersonRequ
 			Valid: req.GetBirthday().IsValid(),
 			Time:  req.GetBirthday().AsTime(),
 		},
-		Changer: authPayload.Email,
+		Changer: account.Email,
 	}
 	person, err := server.store.UpdatePerson(ctx, arg)
 	if err != nil {
-		slog.Error("update_person (get_person)", slog.String("invoked_by", authPayload.Email), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
+		slog.Error("update_person (get_person)", slog.Int64("invoked_by", int64(authPayload.AccountID)), slog.Int64("person_id", int64(req.GetId())), slog.String("error", err.Error()))
 		return nil, status.Error(codes.Internal, "failed to update person")
 	}
--- a/bff/gw/document.go
+++ b/bff/gw/document.go
@ -34,7 +34,7 @@ func (server *Server) UploadDocument(ctx *gin.Context) {
 		return
 	}
-	account, err := server.store.GetAccountByEmail(ctx, authPayload.Email)
+	account, err := server.store.GetAccount(ctx, authPayload.AccountID)
 	if err != nil {
 		ctx.JSON(http.StatusNotFound, errorResponse(errors.New("account not found")))
 		return
--- a/bff/pb/rpc_login.pb.go
+++ b/bff/pb/rpc_login.pb.go
@ -87,7 +87,7 @@ type LoginResponse struct {
 	AccessTokenExpiresAt  *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=access_token_expires_at,json=accessTokenExpiresAt,proto3" json:"access_token_expires_at,omitempty"`
 	RefreshToken          string                 `protobuf:"bytes,4,opt,name=refresh_token,json=refreshToken,proto3" json:"refresh_token,omitempty"`
 	RefreshTokenExpiresAt *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=refresh_token_expires_at,json=refreshTokenExpiresAt,proto3" json:"refresh_token_expires_at,omitempty"`
-	Email                 string                 `protobuf:"bytes,6,opt,name=email,proto3" json:"email,omitempty"`
+	AccountId             uint64                 `protobuf:"varint,6,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"`
 }
 func (x *LoginResponse) Reset() {
@ -157,11 +157,11 @@ func (x *LoginResponse) GetRefreshTokenExpiresAt() *timestamppb.Timestamp {
 	return nil
 }
-func (x *LoginResponse) GetEmail() string {
+func (x *LoginResponse) GetAccountId() uint64 {
 	if x != nil {
-		return x.Email
+		return x.AccountId
 	}
-	return ""
+	return 0
 }
 var File_rpc_login_proto protoreflect.FileDescriptor
@ -173,93 +173,92 @@ var file_rpc_login_proto_rawDesc = []byte{
 	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x2d, 0x67,
 	0x65, 0x6e, 0x2d, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x32, 0x2f, 0x6f, 0x70, 0x74,
 	0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73,
-	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x89, 0x02, 0x0a, 0x0c, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
+	0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x81, 0x02, 0x0a, 0x0c, 0x4c, 0x6f, 0x67, 0x69, 0x6e,
-	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x39, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c,
+	0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c,
-	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x23, 0x92, 0x41, 0x20, 0x4a, 0x16, 0x22, 0x6a, 0x6f,
+	0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x1b, 0x92, 0x41, 0x18, 0x4a, 0x16, 0x22, 0x6a, 0x6f,
 	0x68, 0x6e, 0x2e, 0x64, 0x6f, 0x65, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63,
-	0x6f, 0x6d, 0x22, 0xa2, 0x02, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x52, 0x05, 0x65, 0x6d, 0x61,
+	0x6f, 0x6d, 0x22, 0x52, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x43, 0x0a, 0x08, 0x70, 0x61,
-	0x69, 0x6c, 0x12, 0x43, 0x0a, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02,
+	0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x27, 0x92, 0x41,
-	0x20, 0x01, 0x28, 0x09, 0x42, 0x27, 0x92, 0x41, 0x24, 0x4a, 0x17, 0x22, 0x4d, 0x61, 0x79, 0x54,
+	0x24, 0x4a, 0x17, 0x22, 0x4d, 0x61, 0x79, 0x54, 0x68, 0x65, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x42,
-	0x68, 0x65, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x42, 0x65, 0x57, 0x69, 0x74, 0x68, 0x59, 0x6f, 0x75,
+	0x65, 0x57, 0x69, 0x74, 0x68, 0x59, 0x6f, 0x75, 0x21, 0x22, 0xa2, 0x02, 0x08, 0x70, 0x61, 0x73,
-	0x21, 0x22, 0xa2, 0x02, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x08, 0x70,
+	0x73, 0x77, 0x6f, 0x72, 0x64, 0x52, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x3a,
-	0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x3a, 0x79, 0x92, 0x41, 0x76, 0x0a, 0x2c, 0x2a, 0x05,
+	0x79, 0x92, 0x41, 0x76, 0x0a, 0x2c, 0x2a, 0x05, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x32, 0x10, 0x4c,
-	0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x32, 0x10, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x20, 0x61, 0x6e, 0x20,
+	0x6f, 0x67, 0x69, 0x6e, 0x20, 0x61, 0x6e, 0x20, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0xd2,
-	0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0xd2, 0x01, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0xd2,
+	0x01, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0xd2, 0x01, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f,
-	0x01, 0x08, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x32, 0x46, 0x7b, 0x22, 0x65, 0x6d,
+	0x72, 0x64, 0x32, 0x46, 0x7b, 0x22, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x22, 0x3a, 0x20, 0x22, 0x6a,
-	0x61, 0x69, 0x6c, 0x22, 0x3a, 0x20, 0x22, 0x6a, 0x6f, 0x68, 0x6e, 0x2e, 0x64, 0x6f, 0x65, 0x40,
+	0x6f, 0x68, 0x6e, 0x2e, 0x64, 0x6f, 0x65, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e,
-	0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x22, 0x2c, 0x20, 0x22, 0x70,
+	0x63, 0x6f, 0x6d, 0x22, 0x2c, 0x20, 0x22, 0x70, 0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22,
-	0x61, 0x73, 0x73, 0x77, 0x6f, 0x72, 0x64, 0x22, 0x3a, 0x20, 0x22, 0x4d, 0x61, 0x79, 0x54, 0x68,
+	0x3a, 0x20, 0x22, 0x4d, 0x61, 0x79, 0x54, 0x68, 0x65, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x42, 0x65,
-	0x65, 0x46, 0x6f, 0x72, 0x63, 0x65, 0x42, 0x65, 0x57, 0x69, 0x74, 0x68, 0x59, 0x6f, 0x75, 0x21,
+	0x57, 0x69, 0x74, 0x68, 0x59, 0x6f, 0x75, 0x21, 0x22, 0x7d, 0x22, 0xa4, 0x08, 0x0a, 0x0d, 0x4c,
-	0x22, 0x7d, 0x22, 0xb6, 0x08, 0x0a, 0x0d, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70,
+	0x6f, 0x67, 0x69, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x51, 0x0a, 0x0a,
-	0x6f, 0x6e, 0x73, 0x65, 0x12, 0x51, 0x0a, 0x0a, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f,
+	0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09,
-	0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x32, 0x92, 0x41, 0x2f, 0x4a, 0x26, 0x22,
+	0x42, 0x32, 0x92, 0x41, 0x2f, 0x4a, 0x26, 0x22, 0x35, 0x65, 0x31, 0x64, 0x36, 0x37, 0x64, 0x61,
-	0x35, 0x65, 0x31, 0x64, 0x36, 0x37, 0x64, 0x61, 0x2d, 0x37, 0x63, 0x39, 0x62, 0x2d, 0x34, 0x33,
+	0x2d, 0x37, 0x63, 0x39, 0x62, 0x2d, 0x34, 0x33, 0x36, 0x35, 0x2d, 0x61, 0x34, 0x64, 0x35, 0x2d,
-	0x36, 0x35, 0x2d, 0x61, 0x34, 0x64, 0x35, 0x2d, 0x33, 0x63, 0x63, 0x30, 0x61, 0x30, 0x35, 0x31,
+	0x33, 0x63, 0x63, 0x30, 0x61, 0x30, 0x35, 0x31, 0x32, 0x34, 0x31, 0x65, 0x22, 0xa2, 0x02, 0x04,
-	0x32, 0x34, 0x31, 0x65, 0x22, 0xa2, 0x02, 0x04, 0x75, 0x75, 0x69, 0x64, 0x52, 0x09, 0x73, 0x65,
+	0x75, 0x75, 0x69, 0x64, 0x52, 0x09, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12,
-	0x73, 0x73, 0x69, 0x6f, 0x6e, 0x49, 0x64, 0x12, 0xe9, 0x02, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65,
+	0xe9, 0x02, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
-	0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0xc5,
+	0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0xc5, 0x02, 0x92, 0x41, 0xc1, 0x02, 0x4a, 0xbe, 0x02,
-	0x02, 0x92, 0x41, 0xc1, 0x02, 0x4a, 0xbe, 0x02, 0x22, 0x76, 0x34, 0x2e, 0x70, 0x75, 0x62, 0x6c,
+	0x22, 0x76, 0x34, 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2e, 0x65, 0x79, 0x4a, 0x6c, 0x62,
-	0x69, 0x63, 0x2e, 0x65, 0x79, 0x4a, 0x6c, 0x62, 0x57, 0x46, 0x70, 0x62, 0x43, 0x49, 0x36, 0x49,
+	0x57, 0x46, 0x70, 0x62, 0x43, 0x49, 0x36, 0x49, 0x6d, 0x45, 0x79, 0x51, 0x47, 0x49, 0x75, 0x5a,
-	0x6d, 0x45, 0x79, 0x51, 0x47, 0x49, 0x75, 0x5a, 0x47, 0x55, 0x69, 0x4c, 0x43, 0x4a, 0x6c, 0x65,
+	0x47, 0x55, 0x69, 0x4c, 0x43, 0x4a, 0x6c, 0x65, 0x48, 0x41, 0x69, 0x4f, 0x69, 0x49, 0x79, 0x4d,
-	0x48, 0x41, 0x69, 0x4f, 0x69, 0x49, 0x79, 0x4d, 0x44, 0x49, 0x7a, 0x4c, 0x54, 0x45, 0x77, 0x4c,
+	0x44, 0x49, 0x7a, 0x4c, 0x54, 0x45, 0x77, 0x4c, 0x54, 0x41, 0x31, 0x56, 0x44, 0x41, 0x78, 0x4f,
-	0x54, 0x41, 0x31, 0x56, 0x44, 0x41, 0x78, 0x4f, 0x6a, 0x45, 0x33, 0x4f, 0x6a, 0x41, 0x35, 0x4b,
+	0x6a, 0x45, 0x33, 0x4f, 0x6a, 0x41, 0x35, 0x4b, 0x7a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x77, 0x49,
-	0x7a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x77, 0x49, 0x69, 0x77, 0x69, 0x61, 0x57, 0x46, 0x30, 0x49,
+	0x69, 0x77, 0x69, 0x61, 0x57, 0x46, 0x30, 0x49, 0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d,
 	0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e, 0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d,
 	0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x49, 0x73, 0x49,
 	0x6d, 0x6c, 0x6b, 0x49, 0x6a, 0x6f, 0x69, 0x5a, 0x6a, 0x6c, 0x68, 0x4d, 0x6a, 0x45, 0x32, 0x4f,
 	0x57, 0x51, 0x74, 0x4d, 0x57, 0x59, 0x78, 0x59, 0x53, 0x30, 0x30, 0x59, 0x54, 0x68, 0x69, 0x4c,
 	0x54, 0x67, 0x7a, 0x5a, 0x57, 0x45, 0x74, 0x4e, 0x7a, 0x6b, 0x78, 0x4d, 0x7a, 0x59, 0x35, 0x59,
 	0x6a, 0x59, 0x33, 0x5a, 0x6d, 0x59, 0x78, 0x49, 0x69, 0x77, 0x69, 0x62, 0x6d, 0x4a, 0x6d, 0x49,
 	0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d, 0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e,
 	0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d,
-	0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x49, 0x73, 0x49, 0x6d, 0x6c, 0x6b, 0x49, 0x6a, 0x6f, 0x69, 0x5a,
+	0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x4a, 0x39, 0x41, 0x68, 0x30, 0x62, 0x56, 0x62, 0x78, 0x39, 0x53,
-	0x6a, 0x6c, 0x68, 0x4d, 0x6a, 0x45, 0x32, 0x4f, 0x57, 0x51, 0x74, 0x4d, 0x57, 0x59, 0x78, 0x59,
+	0x31, 0x4c, 0x52, 0x2d, 0x70, 0x66, 0x38, 0x68, 0x4c, 0x57, 0x56, 0x52, 0x51, 0x50, 0x55, 0x66,
-	0x53, 0x30, 0x30, 0x59, 0x54, 0x68, 0x69, 0x4c, 0x54, 0x67, 0x7a, 0x5a, 0x57, 0x45, 0x74, 0x4e,
+	0x4b, 0x39, 0x7a, 0x72, 0x48, 0x5a, 0x76, 0x41, 0x37, 0x41, 0x70, 0x4a, 0x35, 0x61, 0x5a, 0x58,
-	0x7a, 0x6b, 0x78, 0x4d, 0x7a, 0x59, 0x35, 0x59, 0x6a, 0x59, 0x33, 0x5a, 0x6d, 0x59, 0x78, 0x49,
+	0x77, 0x68, 0x41, 0x37, 0x48, 0x31, 0x6a, 0x2d, 0x6b, 0x48, 0x68, 0x63, 0x63, 0x42, 0x6a, 0x4f,
-	0x69, 0x77, 0x69, 0x62, 0x6d, 0x4a, 0x6d, 0x49, 0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d,
+	0x41, 0x47, 0x59, 0x58, 0x5a, 0x51, 0x54, 0x2d, 0x74, 0x73, 0x37, 0x4a, 0x71, 0x33, 0x53, 0x4a,
 	0x6c, 0x7a, 0x6f, 0x35, 0x76, 0x74, 0x55, 0x6a, 0x47, 0x42, 0x74, 0x44, 0x67, 0x22, 0x52, 0x0b,
 	0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x51, 0x0a, 0x17, 0x61,
 	0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x69,
 	0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67,
 	0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54,
 	0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x14, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73,
 	0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x12, 0xeb,
 	0x02, 0x0a, 0x0d, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
 	0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0xc5, 0x02, 0x92, 0x41, 0xc1, 0x02, 0x4a, 0xbe, 0x02,
 	0x22, 0x76, 0x34, 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2e, 0x65, 0x79, 0x4a, 0x6c, 0x62,
 	0x57, 0x46, 0x70, 0x62, 0x43, 0x49, 0x36, 0x49, 0x6d, 0x45, 0x79, 0x51, 0x47, 0x49, 0x75, 0x5a,
 	0x47, 0x55, 0x69, 0x4c, 0x43, 0x4a, 0x6c, 0x65, 0x48, 0x41, 0x69, 0x4f, 0x69, 0x49, 0x79, 0x4d,
 	0x44, 0x49, 0x7a, 0x4c, 0x54, 0x45, 0x77, 0x4c, 0x54, 0x41, 0x32, 0x56, 0x44, 0x41, 0x78, 0x4f,
 	0x6a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x35, 0x4b, 0x7a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x77, 0x49,
 	0x69, 0x77, 0x69, 0x61, 0x57, 0x46, 0x30, 0x49, 0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d,
 	0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e, 0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d,
-	0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x4a, 0x39, 0x41,
+	0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x49, 0x73, 0x49,
-	0x68, 0x30, 0x62, 0x56, 0x62, 0x78, 0x39, 0x53, 0x31, 0x4c, 0x52, 0x2d, 0x70, 0x66, 0x38, 0x68,
+	0x6d, 0x6c, 0x6b, 0x49, 0x6a, 0x6f, 0x69, 0x4e, 0x57, 0x55, 0x78, 0x5a, 0x44, 0x59, 0x33, 0x5a,
-	0x4c, 0x57, 0x56, 0x52, 0x51, 0x50, 0x55, 0x66, 0x4b, 0x39, 0x7a, 0x72, 0x48, 0x5a, 0x76, 0x41,
+	0x47, 0x45, 0x74, 0x4e, 0x32, 0x4d, 0x35, 0x59, 0x69, 0x30, 0x30, 0x4d, 0x7a, 0x59, 0x31, 0x4c,
-	0x37, 0x41, 0x70, 0x4a, 0x35, 0x61, 0x5a, 0x58, 0x77, 0x68, 0x41, 0x37, 0x48, 0x31, 0x6a, 0x2d,
+	0x57, 0x45, 0x30, 0x5a, 0x44, 0x55, 0x74, 0x4d, 0x32, 0x4e, 0x6a, 0x4d, 0x47, 0x45, 0x77, 0x4e,
-	0x6b, 0x48, 0x68, 0x63, 0x63, 0x42, 0x6a, 0x4f, 0x41, 0x47, 0x59, 0x58, 0x5a, 0x51, 0x54, 0x2d,
+	0x54, 0x45, 0x79, 0x4e, 0x44, 0x46, 0x6c, 0x49, 0x69, 0x77, 0x69, 0x62, 0x6d, 0x4a, 0x6d, 0x49,
 	0x74, 0x73, 0x37, 0x4a, 0x71, 0x33, 0x53, 0x4a, 0x6c, 0x7a, 0x6f, 0x35, 0x76, 0x74, 0x55, 0x6a,
 	0x47, 0x42, 0x74, 0x44, 0x67, 0x22, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f,
 	0x6b, 0x65, 0x6e, 0x12, 0x51, 0x0a, 0x17, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f,
 	0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x03,
 	0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
 	0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70,
 	0x52, 0x14, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x78, 0x70,
 	0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x12, 0xeb, 0x02, 0x0a, 0x0d, 0x72, 0x65, 0x66, 0x72, 0x65,
 	0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x42, 0xc5,
 	0x02, 0x92, 0x41, 0xc1, 0x02, 0x4a, 0xbe, 0x02, 0x22, 0x76, 0x34, 0x2e, 0x70, 0x75, 0x62, 0x6c,
 	0x69, 0x63, 0x2e, 0x65, 0x79, 0x4a, 0x6c, 0x62, 0x57, 0x46, 0x70, 0x62, 0x43, 0x49, 0x36, 0x49,
 	0x6d, 0x45, 0x79, 0x51, 0x47, 0x49, 0x75, 0x5a, 0x47, 0x55, 0x69, 0x4c, 0x43, 0x4a, 0x6c, 0x65,
 	0x48, 0x41, 0x69, 0x4f, 0x69, 0x49, 0x79, 0x4d, 0x44, 0x49, 0x7a, 0x4c, 0x54, 0x45, 0x77, 0x4c,
 	0x54, 0x41, 0x32, 0x56, 0x44, 0x41, 0x78, 0x4f, 0x6a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x35, 0x4b,
 	0x7a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x77, 0x49, 0x69, 0x77, 0x69, 0x61, 0x57, 0x46, 0x30, 0x49,
 	0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d, 0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e,
 	0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d,
-	0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x49, 0x73, 0x49, 0x6d, 0x6c, 0x6b, 0x49, 0x6a, 0x6f, 0x69, 0x4e,
+	0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x4a, 0x39, 0x42, 0x6f, 0x58, 0x33, 0x36, 0x77, 0x30, 0x70, 0x6f,
-	0x57, 0x55, 0x78, 0x5a, 0x44, 0x59, 0x33, 0x5a, 0x47, 0x45, 0x74, 0x4e, 0x32, 0x4d, 0x35, 0x59,
+	0x31, 0x76, 0x76, 0x48, 0x53, 0x6a, 0x73, 0x42, 0x50, 0x5f, 0x4b, 0x57, 0x65, 0x46, 0x78, 0x56,
-	0x69, 0x30, 0x30, 0x4d, 0x7a, 0x59, 0x31, 0x4c, 0x57, 0x45, 0x30, 0x5a, 0x44, 0x55, 0x74, 0x4d,
+	0x31, 0x78, 0x52, 0x62, 0x51, 0x61, 0x79, 0x71, 0x62, 0x4a, 0x75, 0x49, 0x6f, 0x4b, 0x32, 0x6a,
-	0x32, 0x4e, 0x6a, 0x4d, 0x47, 0x45, 0x77, 0x4e, 0x54, 0x45, 0x79, 0x4e, 0x44, 0x46, 0x6c, 0x49,
+	0x4b, 0x71, 0x79, 0x31, 0x42, 0x74, 0x32, 0x52, 0x6f, 0x48, 0x79, 0x4a, 0x62, 0x4c, 0x6f, 0x43,
-	0x69, 0x77, 0x69, 0x62, 0x6d, 0x4a, 0x6d, 0x49, 0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d,
+	0x45, 0x4f, 0x31, 0x35, 0x43, 0x52, 0x54, 0x35, 0x44, 0x6e, 0x51, 0x36, 0x50, 0x30, 0x41, 0x48,
-	0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e, 0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d,
+	0x6c, 0x42, 0x7a, 0x6a, 0x73, 0x58, 0x74, 0x36, 0x31, 0x61, 0x44, 0x44, 0x77, 0x22, 0x52, 0x0c,
-	0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x4a, 0x39, 0x42,
+	0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x53, 0x0a, 0x18,
-	0x6f, 0x58, 0x33, 0x36, 0x77, 0x30, 0x70, 0x6f, 0x31, 0x76, 0x76, 0x48, 0x53, 0x6a, 0x73, 0x42,
+	0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78,
-	0x50, 0x5f, 0x4b, 0x57, 0x65, 0x46, 0x78, 0x56, 0x31, 0x78, 0x52, 0x62, 0x51, 0x61, 0x79, 0x71,
+	0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
-	0x62, 0x4a, 0x75, 0x49, 0x6f, 0x4b, 0x32, 0x6a, 0x4b, 0x71, 0x79, 0x31, 0x42, 0x74, 0x32, 0x52,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x6f, 0x48, 0x79, 0x4a, 0x62, 0x4c, 0x6f, 0x43, 0x45, 0x4f, 0x31, 0x35, 0x43, 0x52, 0x54, 0x35,
+	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x15, 0x72, 0x65, 0x66, 0x72,
-	0x44, 0x6e, 0x51, 0x36, 0x50, 0x30, 0x41, 0x48, 0x6c, 0x42, 0x7a, 0x6a, 0x73, 0x58, 0x74, 0x36,
+	0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41,
-	0x31, 0x61, 0x44, 0x44, 0x77, 0x22, 0x52, 0x0c, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54,
+	0x74, 0x12, 0x27, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18,
-	0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x53, 0x0a, 0x18, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f,
+	0x06, 0x20, 0x01, 0x28, 0x04, 0x42, 0x08, 0x92, 0x41, 0x05, 0x4a, 0x03, 0x22, 0x31, 0x22, 0x52,
-	0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74,
+	0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x64, 0x3a, 0x15, 0x92, 0x41, 0x12, 0x0a,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
+	0x10, 0x2a, 0x0e, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73,
-	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
+	0x65, 0x42, 0x19, 0x5a, 0x17, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f,
-	0x6d, 0x70, 0x52, 0x15, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e,
+	0x69, 0x74, 0x73, 0x73, 0x63, 0x62, 0x2f, 0x64, 0x66, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72,
-	0x45, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x12, 0x39, 0x0a, 0x05, 0x65, 0x6d, 0x61,
+	0x6f, 0x74, 0x6f, 0x33,
 	0x69, 0x6c, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x42, 0x23, 0x92, 0x41, 0x20, 0x4a, 0x16, 0x22,
 	0x6a, 0x6f, 0x68, 0x6e, 0x2e, 0x64, 0x6f, 0x65, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
 	0x2e, 0x63, 0x6f, 0x6d, 0x22, 0xa2, 0x02, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x52, 0x05, 0x65,
 	0x6d, 0x61, 0x69, 0x6c, 0x3a, 0x15, 0x92, 0x41, 0x12, 0x0a, 0x10, 0x2a, 0x0e, 0x4c, 0x6f, 0x67,
 	0x69, 0x6e, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x19, 0x5a, 0x17, 0x67,
 	0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x69, 0x74, 0x73, 0x73, 0x63, 0x62,
 	0x2f, 0x64, 0x66, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 var (
--- a/bff/pb/session.pb.go
+++ b/bff/pb/session.pb.go
@ -28,7 +28,7 @@ type Session struct {
 	unknownFields protoimpl.UnknownFields
 	Id           string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
-	Email        string                 `protobuf:"bytes,2,opt,name=email,proto3" json:"email,omitempty"`
+	AccountId    uint64                 `protobuf:"varint,2,opt,name=account_id,json=accountId,proto3" json:"account_id,omitempty"`
 	UserAgent    string                 `protobuf:"bytes,3,opt,name=user_agent,json=userAgent,proto3" json:"user_agent,omitempty"`
 	ClientIp     string                 `protobuf:"bytes,4,opt,name=client_ip,json=clientIp,proto3" json:"client_ip,omitempty"`
 	IsBlocked    bool                   `protobuf:"varint,5,opt,name=is_blocked,json=isBlocked,proto3" json:"is_blocked,omitempty"`
@ -76,11 +76,11 @@ func (x *Session) GetId() string {
 	return ""
 }
-func (x *Session) GetEmail() string {
+func (x *Session) GetAccountId() uint64 {
 	if x != nil {
-		return x.Email
+		return x.AccountId
 	}
-	return ""
+	return 0
 }
 func (x *Session) GetUserAgent() string {
@ -134,66 +134,66 @@ var file_session_proto_rawDesc = []byte{
 	0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x2d, 0x67, 0x65, 0x6e,
 	0x2d, 0x6f, 0x70, 0x65, 0x6e, 0x61, 0x70, 0x69, 0x76, 0x32, 0x2f, 0x6f, 0x70, 0x74, 0x69, 0x6f,
 	0x6e, 0x73, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70,
-	0x72, 0x6f, 0x74, 0x6f, 0x22, 0x8d, 0x07, 0x0a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
+	0x72, 0x6f, 0x74, 0x6f, 0x22, 0x88, 0x07, 0x0a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
 	0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64,
-	0x12, 0x14, 0x0a, 0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
+	0x12, 0x1d, 0x0a, 0x0a, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x02,
-	0x05, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61,
+	0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x49, 0x64, 0x12,
-	0x67, 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72,
+	0x1d, 0x0a, 0x0a, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x18, 0x03, 0x20,
-	0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f,
+	0x01, 0x28, 0x09, 0x52, 0x09, 0x75, 0x73, 0x65, 0x72, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x1b,
-	0x69, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+	0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x70, 0x18, 0x04, 0x20, 0x01, 0x28,
-	0x49, 0x70, 0x12, 0x1d, 0x0a, 0x0a, 0x69, 0x73, 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64,
+	0x09, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x70, 0x12, 0x1d, 0x0a, 0x0a, 0x69,
-	0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x69, 0x73, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65,
+	0x73, 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52,
-	0x64, 0x12, 0x56, 0x0a, 0x0a, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18,
+	0x09, 0x69, 0x73, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x12, 0x56, 0x0a, 0x0a, 0x65, 0x78,
-	0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70,
+	0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a,
-	0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d,
+	0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
-	0x70, 0x42, 0x1b, 0x92, 0x41, 0x18, 0x4a, 0x16, 0x22, 0x31, 0x39, 0x39, 0x30, 0x2d, 0x31, 0x30,
+	0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x1b, 0x92, 0x41, 0x18, 0x4a,
-	0x2d, 0x30, 0x35, 0x54, 0x30, 0x30, 0x3a, 0x30, 0x30, 0x3a, 0x30, 0x30, 0x5a, 0x22, 0x52, 0x09,
+	0x16, 0x22, 0x31, 0x39, 0x39, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x54, 0x30, 0x30, 0x3a,
-	0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x41, 0x74, 0x12, 0x56, 0x0a, 0x0a, 0x63, 0x72, 0x65,
+	0x30, 0x30, 0x3a, 0x30, 0x30, 0x5a, 0x22, 0x52, 0x09, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73,
-	0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e,
+	0x41, 0x74, 0x12, 0x56, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74,
-	0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
+	0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e,
-	0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x42, 0x1b, 0x92, 0x41, 0x18, 0x4a, 0x16,
+	0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61,
-	0x22, 0x31, 0x39, 0x39, 0x30, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x54, 0x30, 0x30, 0x3a, 0x30,
+	0x6d, 0x70, 0x42, 0x1b, 0x92, 0x41, 0x18, 0x4a, 0x16, 0x22, 0x31, 0x39, 0x39, 0x30, 0x2d, 0x31,
-	0x30, 0x3a, 0x30, 0x30, 0x5a, 0x22, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41,
+	0x30, 0x2d, 0x30, 0x35, 0x54, 0x30, 0x30, 0x3a, 0x30, 0x30, 0x3a, 0x30, 0x30, 0x5a, 0x22, 0x52,
-	0x74, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b,
+	0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65,
-	0x65, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73,
+	0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28,
-	0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x3a, 0xab, 0x04, 0x92, 0x41, 0xa7, 0x04, 0x0a, 0x09, 0x2a,
+	0x09, 0x52, 0x0c, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x3a,
-	0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x32, 0x99, 0x04, 0x7b, 0x22, 0x69, 0x64, 0x22,
+	0x9d, 0x04, 0x92, 0x41, 0x99, 0x04, 0x0a, 0x09, 0x2a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f,
-	0x3a, 0x20, 0x22, 0x31, 0x22, 0x2c, 0x22, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x22, 0x3a, 0x20, 0x22,
+	0x6e, 0x32, 0x8b, 0x04, 0x7b, 0x22, 0x69, 0x64, 0x22, 0x3a, 0x20, 0x22, 0x31, 0x22, 0x2c, 0x22,
-	0x6a, 0x6f, 0x68, 0x6e, 0x2e, 0x64, 0x6f, 0x65, 0x40, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65,
+	0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x22, 0x3a, 0x20, 0x22, 0x31, 0x22,
-	0x2e, 0x63, 0x6f, 0x6d, 0x22, 0x2c, 0x20, 0x22, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f,
+	0x2c, 0x20, 0x22, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e,
-	0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x3a, 0x20, 0x22, 0x76, 0x34, 0x2e, 0x70, 0x75, 0x62, 0x6c,
+	0x22, 0x3a, 0x20, 0x22, 0x76, 0x34, 0x2e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2e, 0x65, 0x79,
-	0x69, 0x63, 0x2e, 0x65, 0x79, 0x4a, 0x6c, 0x62, 0x57, 0x46, 0x70, 0x62, 0x43, 0x49, 0x36, 0x49,
+	0x4a, 0x6c, 0x62, 0x57, 0x46, 0x70, 0x62, 0x43, 0x49, 0x36, 0x49, 0x6d, 0x45, 0x79, 0x51, 0x47,
-	0x6d, 0x45, 0x79, 0x51, 0x47, 0x49, 0x75, 0x5a, 0x47, 0x55, 0x69, 0x4c, 0x43, 0x4a, 0x6c, 0x65,
+	0x49, 0x75, 0x5a, 0x47, 0x55, 0x69, 0x4c, 0x43, 0x4a, 0x6c, 0x65, 0x48, 0x41, 0x69, 0x4f, 0x69,
-	0x48, 0x41, 0x69, 0x4f, 0x69, 0x49, 0x79, 0x4d, 0x44, 0x49, 0x7a, 0x4c, 0x54, 0x45, 0x77, 0x4c,
+	0x49, 0x79, 0x4d, 0x44, 0x49, 0x7a, 0x4c, 0x54, 0x45, 0x77, 0x4c, 0x54, 0x41, 0x32, 0x56, 0x44,
-	0x54, 0x41, 0x32, 0x56, 0x44, 0x41, 0x78, 0x4f, 0x6a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x35, 0x4b,
+	0x41, 0x78, 0x4f, 0x6a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x35, 0x4b, 0x7a, 0x41, 0x79, 0x4f, 0x6a,
-	0x7a, 0x41, 0x79, 0x4f, 0x6a, 0x41, 0x77, 0x49, 0x69, 0x77, 0x69, 0x61, 0x57, 0x46, 0x30, 0x49,
+	0x41, 0x77, 0x49, 0x69, 0x77, 0x69, 0x61, 0x57, 0x46, 0x30, 0x49, 0x6a, 0x6f, 0x69, 0x4d, 0x6a,
-	0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d, 0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e,
+	0x41, 0x79, 0x4d, 0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e, 0x56, 0x51, 0x77, 0x4d, 0x54,
-	0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d,
+	0x6f, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4d, 0x43,
-	0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x49, 0x73, 0x49, 0x6d, 0x6c, 0x6b, 0x49, 0x6a, 0x6f, 0x69, 0x4e,
+	0x49, 0x73, 0x49, 0x6d, 0x6c, 0x6b, 0x49, 0x6a, 0x6f, 0x69, 0x4e, 0x57, 0x55, 0x78, 0x5a, 0x44,
-	0x57, 0x55, 0x78, 0x5a, 0x44, 0x59, 0x33, 0x5a, 0x47, 0x45, 0x74, 0x4e, 0x32, 0x4d, 0x35, 0x59,
+	0x59, 0x33, 0x5a, 0x47, 0x45, 0x74, 0x4e, 0x32, 0x4d, 0x35, 0x59, 0x69, 0x30, 0x30, 0x4d, 0x7a,
-	0x69, 0x30, 0x30, 0x4d, 0x7a, 0x59, 0x31, 0x4c, 0x57, 0x45, 0x30, 0x5a, 0x44, 0x55, 0x74, 0x4d,
+	0x59, 0x31, 0x4c, 0x57, 0x45, 0x30, 0x5a, 0x44, 0x55, 0x74, 0x4d, 0x32, 0x4e, 0x6a, 0x4d, 0x47,
-	0x32, 0x4e, 0x6a, 0x4d, 0x47, 0x45, 0x77, 0x4e, 0x54, 0x45, 0x79, 0x4e, 0x44, 0x46, 0x6c, 0x49,
+	0x45, 0x77, 0x4e, 0x54, 0x45, 0x79, 0x4e, 0x44, 0x46, 0x6c, 0x49, 0x69, 0x77, 0x69, 0x62, 0x6d,
-	0x69, 0x77, 0x69, 0x62, 0x6d, 0x4a, 0x6d, 0x49, 0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d,
+	0x4a, 0x6d, 0x49, 0x6a, 0x6f, 0x69, 0x4d, 0x6a, 0x41, 0x79, 0x4d, 0x79, 0x30, 0x78, 0x4d, 0x43,
-	0x79, 0x30, 0x78, 0x4d, 0x43, 0x30, 0x77, 0x4e, 0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d,
+	0x30, 0x77, 0x4e, 0x56, 0x51, 0x77, 0x4d, 0x54, 0x6f, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4f, 0x53,
-	0x6a, 0x6f, 0x77, 0x4f, 0x53, 0x73, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x4a, 0x39, 0x42,
+	0x73, 0x77, 0x4d, 0x6a, 0x6f, 0x77, 0x4d, 0x43, 0x4a, 0x39, 0x42, 0x6f, 0x58, 0x33, 0x36, 0x77,
-	0x6f, 0x58, 0x33, 0x36, 0x77, 0x30, 0x70, 0x6f, 0x31, 0x76, 0x76, 0x48, 0x53, 0x6a, 0x73, 0x42,
+	0x30, 0x70, 0x6f, 0x31, 0x76, 0x76, 0x48, 0x53, 0x6a, 0x73, 0x42, 0x50, 0x5f, 0x4b, 0x57, 0x65,
-	0x50, 0x5f, 0x4b, 0x57, 0x65, 0x46, 0x78, 0x56, 0x31, 0x78, 0x52, 0x62, 0x51, 0x61, 0x79, 0x71,
+	0x46, 0x78, 0x56, 0x31, 0x78, 0x52, 0x62, 0x51, 0x61, 0x79, 0x71, 0x62, 0x4a, 0x75, 0x49, 0x6f,
-	0x62, 0x4a, 0x75, 0x49, 0x6f, 0x4b, 0x32, 0x6a, 0x4b, 0x71, 0x79, 0x31, 0x42, 0x74, 0x32, 0x52,
+	0x4b, 0x32, 0x6a, 0x4b, 0x71, 0x79, 0x31, 0x42, 0x74, 0x32, 0x52, 0x6f, 0x48, 0x79, 0x4a, 0x62,
-	0x6f, 0x48, 0x79, 0x4a, 0x62, 0x4c, 0x6f, 0x43, 0x45, 0x4f, 0x31, 0x35, 0x43, 0x52, 0x54, 0x35,
+	0x4c, 0x6f, 0x43, 0x45, 0x4f, 0x31, 0x35, 0x43, 0x52, 0x54, 0x35, 0x44, 0x6e, 0x51, 0x36, 0x50,
-	0x44, 0x6e, 0x51, 0x36, 0x50, 0x30, 0x41, 0x48, 0x6c, 0x42, 0x7a, 0x6a, 0x73, 0x58, 0x74, 0x36,
+	0x30, 0x41, 0x48, 0x6c, 0x42, 0x7a, 0x6a, 0x73, 0x58, 0x74, 0x36, 0x31, 0x61, 0x44, 0x44, 0x77,
-	0x31, 0x61, 0x44, 0x44, 0x77, 0x22, 0x2c, 0x20, 0x22, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73,
+	0x22, 0x2c, 0x20, 0x22, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x73, 0x5f, 0x61, 0x74, 0x22, 0x3a,
-	0x5f, 0x61, 0x74, 0x22, 0x3a, 0x20, 0x22, 0x32, 0x30, 0x32, 0x33, 0x2d, 0x31, 0x30, 0x2d, 0x30,
+	0x20, 0x22, 0x32, 0x30, 0x32, 0x33, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x54, 0x30, 0x32, 0x3a,
-	0x35, 0x54, 0x30, 0x32, 0x3a, 0x33, 0x30, 0x3a, 0x35, 0x33, 0x5a, 0x22, 0x2c, 0x20, 0x22, 0x63,
+	0x33, 0x30, 0x3a, 0x35, 0x33, 0x5a, 0x22, 0x2c, 0x20, 0x22, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65,
-	0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x22, 0x3a, 0x20, 0x22, 0x32, 0x30, 0x32,
+	0x64, 0x5f, 0x61, 0x74, 0x22, 0x3a, 0x20, 0x22, 0x32, 0x30, 0x32, 0x33, 0x2d, 0x31, 0x30, 0x2d,
-	0x33, 0x2d, 0x31, 0x30, 0x2d, 0x30, 0x35, 0x54, 0x30, 0x31, 0x3a, 0x32, 0x30, 0x3a, 0x31, 0x31,
+	0x30, 0x35, 0x54, 0x30, 0x31, 0x3a, 0x32, 0x30, 0x3a, 0x31, 0x31, 0x5a, 0x22, 0x2c, 0x20, 0x22,
-	0x5a, 0x22, 0x2c, 0x20, 0x22, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x70, 0x22, 0x3a,
+	0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x70, 0x22, 0x3a, 0x20, 0x22, 0x31, 0x30, 0x2e,
-	0x20, 0x22, 0x31, 0x30, 0x2e, 0x35, 0x36, 0x2e, 0x30, 0x2e, 0x31, 0x32, 0x22, 0x2c, 0x20, 0x22,
+	0x35, 0x36, 0x2e, 0x30, 0x2e, 0x31, 0x32, 0x22, 0x2c, 0x20, 0x22, 0x75, 0x73, 0x65, 0x72, 0x5f,
-	0x75, 0x73, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x22, 0x3a, 0x20, 0x22, 0x4d, 0x6f,
+	0x61, 0x67, 0x65, 0x6e, 0x74, 0x22, 0x3a, 0x20, 0x22, 0x4d, 0x6f, 0x7a, 0x69, 0x6c, 0x6c, 0x61,
-	0x7a, 0x69, 0x6c, 0x6c, 0x61, 0x20, 0x46, 0x69, 0x72, 0x65, 0x66, 0x6f, 0x78, 0x22, 0x2c, 0x20,
+	0x20, 0x46, 0x69, 0x72, 0x65, 0x66, 0x6f, 0x78, 0x22, 0x2c, 0x20, 0x22, 0x69, 0x73, 0x5f, 0x62,
-	0x22, 0x69, 0x73, 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x22, 0x3a, 0x20, 0x66, 0x61,
+	0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64, 0x22, 0x3a, 0x20, 0x66, 0x61, 0x6c, 0x73, 0x65, 0x7d, 0x42,
-	0x6c, 0x73, 0x65, 0x7d, 0x42, 0x19, 0x5a, 0x17, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63,
+	0x19, 0x5a, 0x17, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x69, 0x74,
-	0x6f, 0x6d, 0x2f, 0x69, 0x74, 0x73, 0x73, 0x63, 0x62, 0x2f, 0x64, 0x66, 0x2f, 0x70, 0x62, 0x62,
+	0x73, 0x73, 0x63, 0x62, 0x2f, 0x64, 0x66, 0x2f, 0x70, 0x62, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74,
-	0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x6f, 0x33,
 }
 var (
--- a/bff/proto/rpc_login.proto
+++ b/bff/proto/rpc_login.proto
@ -20,7 +20,6 @@ message LoginRequest {
        example: "{\"email\": \"john.doe@example.com\", \"password\": \"MayTheForceBeWithYou!\"}";
    };
    string email = 1 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
        format: "email",
        example: "\"john.doe@example.com\""
      }];
    string password = 2 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
@ -47,8 +46,7 @@ message LoginResponse {
        example: "\"v4.public.eyJlbWFpbCI6ImEyQGIuZGUiLCJleHAiOiIyMDIzLTEwLTA2VDAxOjAyOjA5KzAyOjAwIiwiaWF0IjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCIsImlkIjoiNWUxZDY3ZGEtN2M5Yi00MzY1LWE0ZDUtM2NjMGEwNTEyNDFlIiwibmJmIjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCJ9BoX36w0po1vvHSjsBP_KWeFxV1xRbQayqbJuIoK2jKqy1Bt2RoHyJbLoCEO15CRT5DnQ6P0AHlBzjsXt61aDDw\""
      }];
    google.protobuf.Timestamp refresh_token_expires_at = 5;
-    string email = 6 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+    uint64 account_id = 6 [(grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
-        format: "email",
+        example: "\"1\""
        example: "\"john.doe@example.com\""
      }];
 }
--- a/bff/proto/session.proto
+++ b/bff/proto/session.proto
@ -12,10 +12,10 @@ message Session {
        json_schema: {
          title: "Session";
        };
-        example: "{\"id\": \"1\",\"email\": \"john.doe@example.com\", \"refresh_token\": \"v4.public.eyJlbWFpbCI6ImEyQGIuZGUiLCJleHAiOiIyMDIzLTEwLTA2VDAxOjAyOjA5KzAyOjAwIiwiaWF0IjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCIsImlkIjoiNWUxZDY3ZGEtN2M5Yi00MzY1LWE0ZDUtM2NjMGEwNTEyNDFlIiwibmJmIjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCJ9BoX36w0po1vvHSjsBP_KWeFxV1xRbQayqbJuIoK2jKqy1Bt2RoHyJbLoCEO15CRT5DnQ6P0AHlBzjsXt61aDDw\", \"expires_at\": \"2023-10-05T02:30:53Z\", \"created_at\": \"2023-10-05T01:20:11Z\", \"client_ip\": \"10.56.0.12\", \"user_agent\": \"Mozilla Firefox\", \"is_blocked\": false}";
+        example: "{\"id\": \"1\",\"account_id\": \"1\", \"refresh_token\": \"v4.public.eyJlbWFpbCI6ImEyQGIuZGUiLCJleHAiOiIyMDIzLTEwLTA2VDAxOjAyOjA5KzAyOjAwIiwiaWF0IjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCIsImlkIjoiNWUxZDY3ZGEtN2M5Yi00MzY1LWE0ZDUtM2NjMGEwNTEyNDFlIiwibmJmIjoiMjAyMy0xMC0wNVQwMTowMjowOSswMjowMCJ9BoX36w0po1vvHSjsBP_KWeFxV1xRbQayqbJuIoK2jKqy1Bt2RoHyJbLoCEO15CRT5DnQ6P0AHlBzjsXt61aDDw\", \"expires_at\": \"2023-10-05T02:30:53Z\", \"created_at\": \"2023-10-05T01:20:11Z\", \"client_ip\": \"10.56.0.12\", \"user_agent\": \"Mozilla Firefox\", \"is_blocked\": false}";
    };
    string id = 1;
-    string email = 2;
+    uint64 account_id = 2;
    string user_agent = 3;
    string client_ip = 4;
    bool is_blocked = 5;
--- a/bff/sqlc.yaml
+++ b/bff/sqlc.yaml
@ -29,6 +29,8 @@ sql:
            go_type: "uint64"
          - column: "returns.person_id"
            go_type: "uint64"
          - column: "sessions.account_id"
            go_type: "uint64"
          - db_type: "timestamptz"
            go_type: "time.Time"
          - db_type: "uuid"
--- a/bff/token/maker.go
+++ b/bff/token/maker.go
@ -10,7 +10,7 @@ import (
 type Maker interface {
 	NewTokenID() (uuid.UUID, error)
 	// CreateToken creates a new token for a specific username and duration
-	CreateToken(email string, id uuid.UUID, duration time.Duration) (string, *Payload, error)
+	CreateToken(account_id uint64, id uuid.UUID, duration time.Duration) (string, *Payload, error)
 	// VerifyToken checks if the token is valid or not
 	VerifyToken(token string) (*Payload, error)
--- a/bff/token/paseto_maker.go
+++ b/bff/token/paseto_maker.go
@ -1,6 +1,8 @@
 package token
 import (
 	"fmt"
 	"strconv"
 	"time"
 	"aidanwoods.dev/go-paseto"
@ -35,8 +37,8 @@ func (maker *PasetoMaker) NewTokenID() (uuid.UUID, error) {
 }
 // CreateToken creates a new token for a specific username and duration
-func (maker *PasetoMaker) CreateToken(email string, id uuid.UUID, duration time.Duration) (string, *Payload, error) {
+func (maker *PasetoMaker) CreateToken(account_id uint64, id uuid.UUID, duration time.Duration) (string, *Payload, error) {
-	payload, err := NewPayload(email, id, duration)
+	payload, err := NewPayload(account_id, id, duration)
 	if err != nil {
 		return "", payload, err
 	}
@ -46,7 +48,7 @@ func (maker *PasetoMaker) CreateToken(email string, id uuid.UUID, duration time.
 	token.SetIssuedAt(payload.IssuedAt)
 	token.SetExpiration(payload.ExpiredAt)
 	token.SetString("id", id.String())
-	token.SetString("email", payload.Email)
+	token.SetString("account_id", fmt.Sprintf("%d", payload.AccountID))
 	signed := token.V4Sign(maker.privateKey, nil)
 	return signed, payload, err
@ -71,7 +73,12 @@ func (maker *PasetoMaker) VerifyToken(token string) (*Payload, error) {
 		return nil, ErrInvalidToken
 	}
-	payload.Email, err = t.GetString("email")
+	account_id, err := t.GetString("account_id")
 	if err != nil {
 		return nil, ErrInvalidToken
 	}
 	payload.AccountID, err = strconv.ParseUint(account_id, 10, 64)
 	if err != nil {
 		return nil, ErrInvalidToken
 	}
--- a/bff/token/paseto_maker_test.go
+++ b/bff/token/paseto_maker_test.go
@ -12,7 +12,7 @@ func TestPasetoMaker(t *testing.T) {
 	maker, err := NewPasetoMaker(devPrivateKeyHex)
 	require.NoError(t, err)
-	email := util.RandomEmail()
+	account_id := util.RandomInt(100, 10000)
 	duration := time.Minute * 2
 	issuedAt := time.Now()
@ -20,7 +20,7 @@ func TestPasetoMaker(t *testing.T) {
 	id, err := maker.NewTokenID()
 	require.NoError(t, err)
-	token, payload, err := maker.CreateToken(email, id, duration)
+	token, payload, err := maker.CreateToken(account_id, id, duration)
 	require.NoError(t, err)
 	require.NotEmpty(t, token)
 	require.NotEmpty(t, payload)
@ -30,7 +30,7 @@ func TestPasetoMaker(t *testing.T) {
 	require.NotEmpty(t, token)
 	require.NotZero(t, payload.ID)
-	require.Equal(t, email, payload.Email)
+	require.Equal(t, account_id, payload.AccountID)
 	require.WithinDuration(t, issuedAt, payload.IssuedAt, time.Second)
 	require.WithinDuration(t, expiredAt, payload.ExpiredAt, time.Second)
 }
@ -41,7 +41,7 @@ func TestExpiredPasetoToken(t *testing.T) {
 	id, err := maker.NewTokenID()
 	require.NoError(t, err)
-	token, payload, err := maker.CreateToken(util.RandomEmail(), id, -time.Minute)
+	token, payload, err := maker.CreateToken(util.RandomInt(100, 10000), id, -time.Minute)
 	require.NoError(t, err)
 	require.NotEmpty(t, token)
 	require.NotEmpty(t, payload)
--- a/bff/token/payload.go
+++ b/bff/token/payload.go
@ -16,16 +16,16 @@ var (
 // Payload contains the payload data of the token
 type Payload struct {
 	ID        uuid.UUID `json:"id"`
-	Email     string    `json:"account_id"`
+	AccountID uint64    `json:"account_id"`
 	IssuedAt  time.Time `json:"issued_at"`
 	ExpiredAt time.Time `json:"expired_at"`
 }
 // NewPayload creates a new token payload with a specific accountID and duration
-func NewPayload(email string, tokenID uuid.UUID, duration time.Duration) (*Payload, error) {
+func NewPayload(account_id uint64, tokenID uuid.UUID, duration time.Duration) (*Payload, error) {
 	payload := &Payload{
 		ID:        tokenID,
-		Email:     email,
+		AccountID: account_id,
 		IssuedAt:  time.Now(),
 		ExpiredAt: time.Now().Add(duration),
 	}