add default entries creation on post-migrate signal and refactor application model logic

2026-03-17 14:26:18 +00:00 · 2026-03-16 17:08:50 -03:00
parent a496ba2c63
commit 9e4da484fe
6 changed files with 48 additions and 4 deletions
--- a/app_gateway/apps.py
+++ b/app_gateway/apps.py
@@ -4,3 +4,8 @@ from django.apps import AppConfig
 class AppGatewayConfig(AppConfig):
    default_auto_field = 'django.db.models.BigAutoField'
    name = 'app_gateway'
+
+    def ready(self):
+        from django.db.models.signals import post_migrate
+        from app_gateway.setup_defaults import create_default_entries
+        post_migrate.connect(create_default_entries, sender=self)
--- a/app_gateway/caddy_config_export.py
+++ b/app_gateway/caddy_config_export.py
@@ -2,14 +2,12 @@ import json
 import os

 from app_gateway.models import (
-    AccessPolicy, Application, ApplicationPolicy
+    AccessPolicy, Application, ApplicationPolicy, RESERVED_APP_NAME
 )
 from gatekeeper.models import (
    AuthMethod, GatekeeperGroup, GatekeeperIPAddress, GatekeeperUser
 )

-RESERVED_APP_NAME = 'wireguard_webadmin'
-
 POLICY_TYPE_MAP = {
    'public': 'bypass',
    'protected': 'protected',
--- a/app_gateway/models.py
+++ b/app_gateway/models.py
@@ -5,6 +5,8 @@ from django.utils.translation import gettext_lazy as _

 from gatekeeper.models import GatekeeperGroup, AuthMethod, _unique_slug

+RESERVED_APP_NAME = 'wireguard_webadmin'
+

 class Application(models.Model):
    name = models.SlugField(max_length=64, unique=True)
@@ -17,7 +19,9 @@ class Application(models.Model):
    uuid = models.UUIDField(unique=True, default=uuid.uuid4, editable=False)

    def save(self, *args, **kwargs):
-        if self.display_name:
+        if self.display_name == RESERVED_APP_NAME:
+            self.name = RESERVED_APP_NAME
+        elif self.display_name:
            self.name = _unique_slug(Application, self.display_name, exclude_pk=self.pk)
        super().save(*args, **kwargs)

--- a/app_gateway/setup_defaults.py
+++ b/app_gateway/setup_defaults.py
@@ -0,0 +1,33 @@
+import logging
+
+logger = logging.getLogger(__name__)
+
+
+def create_default_entries(**kwargs):
+    from app_gateway.models import AccessPolicy, Application, ApplicationPolicy, RESERVED_APP_NAME
+
+    # Default access policies
+    public_policy, created = AccessPolicy.objects.get_or_create(
+        policy_type='public',
+        defaults={'display_name': 'Public'},
+    )
+    if created:
+        logger.info("Created default AccessPolicy: Public")
+
+    deny_policy, created = AccessPolicy.objects.get_or_create(
+        policy_type='deny',
+        defaults={'display_name': 'Deny'},
+    )
+    if created:
+        logger.info("Created default AccessPolicy: Deny")
+
+    # Reserved wireguard_webadmin application
+    app, created = Application.objects.get_or_create(
+        display_name=RESERVED_APP_NAME,
+        defaults={'upstream': 'http://wireguard-webadmin:8000'},
+    )
+    if created:
+        logger.info("Created default Application: %s", RESERVED_APP_NAME)
+        if not ApplicationPolicy.objects.filter(application=app).exists():
+            ApplicationPolicy.objects.create(application=app, default_policy=public_policy)
+            logger.info("Assigned default policy 'Public' to application '%s'", RESERVED_APP_NAME)
--- a/app_gateway/views.py
+++ b/app_gateway/views.py
@@ -17,6 +17,7 @@ from app_gateway.forms import (
 from app_gateway.models import (
    Application, ApplicationHost, AccessPolicy, ApplicationPolicy, ApplicationRoute
 )
+from app_gateway.setup_defaults import create_default_entries
 from user_manager.models import UserAcl


@@ -25,6 +26,7 @@ def view_app_gateway_list(request):
    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=20).exists():
        return render(request, 'access_denied.html', {'page_title': _('Access Denied')})

+    create_default_entries()
    applications = Application.objects.all().order_by('name')
    hosts = ApplicationHost.objects.all().order_by('hostname')
    access_policies = AccessPolicy.objects.all().order_by('name')
--- a/gatekeeper/views.py
+++ b/gatekeeper/views.py
@@ -9,6 +9,7 @@ from django.shortcuts import render, get_object_or_404, redirect
 from django.urls import reverse
 from django.utils.translation import gettext as _

+from app_gateway.setup_defaults import create_default_entries
 from gatekeeper.forms import GatekeeperUserForm, GatekeeperGroupForm, AuthMethodForm, AuthMethodAllowedDomainForm, \
    AuthMethodAllowedEmailForm, GatekeeperIPAddressForm
 from gatekeeper.models import GatekeeperUser, GatekeeperGroup, AuthMethod, AuthMethodAllowedDomain, \
@@ -22,6 +23,7 @@ def view_gatekeeper_list(request):
    if not UserAcl.objects.filter(user=request.user).filter(user_level__gte=20).exists():
        return render(request, 'access_denied.html', {'page_title': _('Access Denied')})

+    create_default_entries()
    active_tab = request.GET.get('tab', 'auth_methods')
    auth_methods = AuthMethod.objects.all().order_by('name')
    users = GatekeeperUser.objects.all().prefetch_related('groups').order_by('username')