Merge remote-tracking branch 'origin/prototype/reverse-proxy' into prototype/reverse-proxy

# Conflicts:
#	management/internals/modules/reverseproxy/reverseproxy.go
#	management/internals/server/boot.go
#	management/internals/shared/grpc/proxy.go
#	proxy/internal/auth/middleware.go
#	shared/management/proto/proxy_service.pb.go
#	shared/management/proto/proxy_service.proto
#	shared/management/proto/proxy_service_grpc.pb.go

management/internals/modules/reverseproxy/interface.go

@@ -10,4 +10,6 @@ type Manager interface {
 	CreateReverseProxy(ctx context.Context, accountID, userID string, reverseProxy *ReverseProxy) (*ReverseProxy, error)
 	UpdateReverseProxy(ctx context.Context, accountID, userID string, reverseProxy *ReverseProxy) (*ReverseProxy, error)
 	DeleteReverseProxy(ctx context.Context, accountID, userID, reverseProxyID string) error
+	SetCertificateIssuedAt(ctx context.Context, accountID, reverseProxyID string) error
+	SetStatus(ctx context.Context, accountID, reverseProxyID string, status ProxyStatus) error
 }

management/internals/modules/reverseproxy/manager/manager.go

@@ -3,6 +3,7 @@ package manager
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/google/uuid"
 	"github.com/rs/xid"
@@ -229,3 +230,40 @@ func (m *managerImpl) DeleteReverseProxy(ctx context.Context, accountID, userID,
 
 	return nil
 }
+
+// SetCertificateIssuedAt sets the certificate issued timestamp to the current time.
+// Call this when receiving a gRPC notification that the certificate was issued.
+func (m *managerImpl) SetCertificateIssuedAt(ctx context.Context, accountID, reverseProxyID string) error {
+	return m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
+		proxy, err := transaction.GetReverseProxyByID(ctx, store.LockingStrengthUpdate, accountID, reverseProxyID)
+		if err != nil {
+			return fmt.Errorf("failed to get reverse proxy: %w", err)
+		}
+
+		proxy.Meta.CertificateIssuedAt = time.Now()
+
+		if err = transaction.UpdateReverseProxy(ctx, proxy); err != nil {
+			return fmt.Errorf("failed to update reverse proxy certificate timestamp: %w", err)
+		}
+
+		return nil
+	})
+}
+
+// SetStatus updates the status of the reverse proxy (e.g., "active", "tunnel_not_created", etc.)
+func (m *managerImpl) SetStatus(ctx context.Context, accountID, reverseProxyID string, status reverseproxy.ProxyStatus) error {
+	return m.store.ExecuteInTransaction(ctx, func(transaction store.Store) error {
+		proxy, err := transaction.GetReverseProxyByID(ctx, store.LockingStrengthUpdate, accountID, reverseProxyID)
+		if err != nil {
+			return fmt.Errorf("failed to get reverse proxy: %w", err)
+		}
+
+		proxy.Meta.Status = string(status)
+
+		if err = transaction.UpdateReverseProxy(ctx, proxy); err != nil {
+			return fmt.Errorf("failed to update reverse proxy status: %w", err)
+		}
+
+		return nil
+	})
+}

management/internals/modules/reverseproxy/reverseproxy.go

@@ -5,6 +5,7 @@ import (
 	"net"
 	"net/url"
 	"strconv"
+	"time"
 
 	"github.com/rs/xid"
 	log "github.com/sirupsen/logrus"
@@ -21,6 +22,17 @@ const (
 	Delete Operation = "delete"
 )
 
+type ProxyStatus string
+
+const (
+	StatusPending            ProxyStatus = "pending"
+	StatusActive             ProxyStatus = "active"
+	StatusTunnelNotCreated   ProxyStatus = "tunnel_not_created"
+	StatusCertificatePending ProxyStatus = "certificate_pending"
+	StatusCertificateFailed  ProxyStatus = "certificate_failed"
+	StatusError              ProxyStatus = "error"
+)
+
 type Target struct {
 	Path       *string `json:"path,omitempty"`
 	Host       string  `json:"host"`
@@ -64,6 +76,12 @@ type OIDCValidationConfig struct {
 	MaxTokenAgeSeconds int64
 }
 
+type ReverseProxyMeta struct {
+	CreatedAt           time.Time
+	CertificateIssuedAt time.Time
+	Status              string
+}
+
 type ReverseProxy struct {
 	ID        string `gorm:"primaryKey"`
 	AccountID string `gorm:"index"`
@@ -71,7 +89,8 @@ type ReverseProxy struct {
 	Domain    string   `gorm:"index"`
 	Targets   []Target `gorm:"serializer:json"`
 	Enabled   bool
-	Auth      AuthConfig `gorm:"serializer:json"`
+	Auth      AuthConfig       `gorm:"serializer:json"`
+	Meta      ReverseProxyMeta `gorm:"embedded;embeddedPrefix:meta_"`
 }
 
 func NewReverseProxy(accountID, name, domain string, targets []Target, enabled bool) *ReverseProxy {
@@ -82,6 +101,10 @@ func NewReverseProxy(accountID, name, domain string, targets []Target, enabled b
 		Domain:    domain,
 		Targets:   targets,
 		Enabled:   enabled,
+		Meta: ReverseProxyMeta{
+			CreatedAt: time.Now(),
+			Status:    string(StatusPending),
+		},
 	}
 }
 
@@ -129,6 +152,15 @@ func (r *ReverseProxy) ToAPIResponse() *api.ReverseProxy {
 		})
 	}
 
+	meta := api.ReverseProxyMeta{
+		CreatedAt: r.Meta.CreatedAt,
+		Status:    api.ReverseProxyMetaStatus(r.Meta.Status),
+	}
+
+	if !r.Meta.CertificateIssuedAt.IsZero() {
+		meta.CertificateIssuedAt = &r.Meta.CertificateIssuedAt
+	}
+
 	return &api.ReverseProxy{
 		Id:      r.ID,
 		Name:    r.Name,
@@ -136,6 +168,7 @@ func (r *ReverseProxy) ToAPIResponse() *api.ReverseProxy {
 		Targets: apiTargets,
 		Enabled: r.Enabled,
 		Auth:    authConfig,
+		Meta:    meta,
 	}
 }