gatekeeper and app_gateway first commit

2026-03-15 13:36:18 +00:00 · 2026-03-11 16:35:43 -03:00
parent 7677ddc851
commit 1b51ced8bd
17 changed files with 415 additions and 1 deletions
--- a/gatekeeper/models.py
+++ b/gatekeeper/models.py
@@ -0,0 +1,97 @@
+import uuid
+
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+
+
+class AuthMethod(models.Model):
+    name = models.SlugField(max_length=64, unique=True)
+    auth_type = models.CharField(max_length=32, choices=(('local_password', _('Local Password')), ('totp', _('TOTP')), ('oidc', _('OIDC'))))
+
+    # TOTP-specific fields
+    totp_secret = models.CharField(
+        max_length=255, blank=True,
+        help_text="Shared/global TOTP secret key"
+    )
+
+    # OIDC-specific fields
+    oidc_provider = models.CharField(max_length=64, blank=True)
+    oidc_client_id = models.CharField(max_length=255, blank=True)
+    oidc_client_secret = models.CharField(max_length=255, blank=True)
+
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+    uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
+
+    def __str__(self):
+        return f"{self.name} ({self.get_auth_type_display()})"
+
+    class Meta:
+        ordering = ['name']
+
+
+class AuthMethodAllowedDomain(models.Model):
+    auth_method = models.ForeignKey(AuthMethod, on_delete=models.CASCADE, related_name='allowed_domains')
+    domain = models.CharField(max_length=255)
+
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+    uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
+
+    def __str__(self):
+        return self.domain
+
+    class Meta:
+        unique_together = [('auth_method', 'domain')]
+
+
+class AuthMethodAllowedEmail(models.Model):
+    auth_method = models.ForeignKey(AuthMethod, on_delete=models.CASCADE, related_name='allowed_emails')
+    email = models.EmailField()
+
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+    uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
+
+    def __str__(self):
+        return self.email
+
+    class Meta:
+        unique_together = [('auth_method', 'email')]
+
+
+class GatekeeperUser(models.Model):
+    username = models.SlugField(max_length=64, unique=True)
+    email = models.EmailField(unique=True)
+    password = models.CharField(blank=True, max_length=128, help_text=_("Password for local authentication (leave blank if not using)"))
+    totp_secret = models.CharField(max_length=255, blank=True, help_text=_("Per-user TOTP secret key"))
+
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+    uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
+
+    def __str__(self):
+        return self.username
+
+    class Meta:
+        ordering = ['username']
+        verbose_name = 'Gatekeeper User'
+        verbose_name_plural = 'Gatekeeper Users'
+
+
+class GatekeeperGroup(models.Model):
+    name = models.SlugField(max_length=64, unique=True)
+    users = models.ManyToManyField(GatekeeperUser, blank=True, related_name='groups')
+
+    created = models.DateTimeField(auto_now_add=True)
+    updated = models.DateTimeField(auto_now=True)
+    uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        ordering = ['name']
+        verbose_name = 'Gatekeeper Group'
+        verbose_name_plural = 'Gatekeeper Groups'
+