add default entries creation on post-migrate signal and refactor application model logic

app_gateway/apps.py

@@ -4,3 +4,8 @@ from django.apps import AppConfig
 class AppGatewayConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'app_gateway'
+
+    def ready(self):
+        from django.db.models.signals import post_migrate
+        from app_gateway.setup_defaults import create_default_entries
+        post_migrate.connect(create_default_entries, sender=self)

app_gateway/caddy_config_export.py

@@ -2,14 +2,12 @@ import json
 import os
 
 from app_gateway.models import (
-    AccessPolicy, Application, ApplicationPolicy
+    AccessPolicy, Application, ApplicationPolicy, RESERVED_APP_NAME
 )
 from gatekeeper.models import (
     AuthMethod, GatekeeperGroup, GatekeeperIPAddress, GatekeeperUser
 )
 
-RESERVED_APP_NAME = 'wireguard_webadmin'
-
 POLICY_TYPE_MAP = {
     'public': 'bypass',
     'protected': 'protected',

app_gateway/models.py

@@ -5,6 +5,8 @@ from django.utils.translation import gettext_lazy as _
 
 from gatekeeper.models import GatekeeperGroup, AuthMethod, _unique_slug
 
+RESERVED_APP_NAME = 'wireguard_webadmin'
+
 
 class Application(models.Model):
     name = models.SlugField(max_length=64, unique=True)
@@ -17,7 +19,9 @@ class Application(models.Model):
     uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)
 
     def save(self, *args, **kwargs):
-        if self.display_name:
+        if self.display_name == RESERVED_APP_NAME:
+            self.name = RESERVED_APP_NAME
+        elif self.display_name:
             self.name = _unique_slug(Application, self.display_name, exclude_pk=self.pk)
         super().save(*args, **kwargs)
 

app_gateway/setup_defaults.py

@@ -0,0 +1,33 @@
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def create_default_entries(**kwargs):
+    from app_gateway.models import AccessPolicy, Application, ApplicationPolicy, RESERVED_APP_NAME
+
+    # Default access policies
+    public_policy, created = AccessPolicy.objects.get_or_create(
+        policy_type='public',
+        defaults={'display_name': 'Public'},
+    )
+    if created:
+        logger.info("Created default AccessPolicy: Public")
+
+    deny_policy, created = AccessPolicy.objects.get_or_create(
+        policy_type='deny',
+        defaults={'display_name': 'Deny'},
+    )
+    if created:
+        logger.info("Created default AccessPolicy: Deny")
+
+    # Reserved wireguard_webadmin application
+    app, created = Application.objects.get_or_create(
+        display_name=RESERVED_APP_NAME,
+        defaults={'upstream': 'http://wireguard-webadmin:8000'},
+    )
+    if created:
+        logger.info("Created default Application: %s", RESERVED_APP_NAME)
+        if not ApplicationPolicy.objects.filter(application=app).exists():
+            ApplicationPolicy.objects.create(application=app, default_policy=public_policy)
+            logger.info("Assigned default policy 'Public' to application '%s'", RESERVED_APP_NAME)

app_gateway/views.py

@@ -17,6 +17,7 @@ from app_gateway.forms import (
 from app_gateway.models import (
     Application, ApplicationHost, AccessPolicy, ApplicationPolicy, ApplicationRoute
 )
+from app_gateway.setup_defaults import create_default_entries
 from user_manager.models import UserAcl
 
 
@@ -25,6 +26,7 @@ def view_app_gateway_list(request):
     if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=20).exists():
         return render(request, 'access_denied.html', {'page_title': _('Access Denied')})
 
+    create_default_entries()
     applications = Application.objects.all().order_by('name')
     hosts = ApplicationHost.objects.all().order_by('hostname')
     access_policies = AccessPolicy.objects.all().order_by('name')