chore: defer Sourcery auth; continue work

backend/internal/models/access_list.go

@@ -0,0 +1,19 @@
+package models
+
+import (
+	"time"
+)
+
+// AccessList defines IP-based or auth-based access control rules
+// that can be applied to proxy hosts.
+type AccessList struct {
+	ID          uint      `json:"id" gorm:"primaryKey"`
+	UUID        string    `json:"uuid" gorm:"uniqueIndex"`
+	Name        string    `json:"name" gorm:"index"`
+	Description string    `json:"description"`
+	Type        string    `json:"type"`                   // "allow", "deny", "basic_auth", "forward_auth"
+	Rules       string    `json:"rules" gorm:"type:text"` // JSON array of rule definitions
+	Enabled     bool      `json:"enabled" gorm:"default:true"`
+	CreatedAt   time.Time `json:"created_at"`
+	UpdatedAt   time.Time `json:"updated_at"`
+}

backend/internal/models/import_session.go

@@ -0,0 +1,21 @@
+package models
+
+import (
+	"time"
+)
+
+// ImportSession tracks Caddyfile import operations with pending state
+// until user reviews and confirms via UI.
+type ImportSession struct {
+	ID              uint       `json:"id" gorm:"primaryKey"`
+	UUID            string     `json:"uuid" gorm:"uniqueIndex"`
+	SourceFile      string     `json:"source_file"`                       // Path to original Caddyfile
+	Status          string     `json:"status" gorm:"default:'pending'"`   // "pending", "reviewing", "committed", "rejected", "failed"
+	ParsedData      string     `json:"parsed_data" gorm:"type:text"`      // JSON representation of detected hosts
+	ConflictReport  string     `json:"conflict_report" gorm:"type:text"`  // JSON array of conflicts
+	UserResolutions string     `json:"user_resolutions" gorm:"type:text"` // JSON map of conflict resolutions
+	ErrorMsg        string     `json:"error_msg"`
+	CreatedAt       time.Time  `json:"created_at"`
+	UpdatedAt       time.Time  `json:"updated_at"`
+	CommittedAt     *time.Time `json:"committed_at,omitempty"`
+}

backend/internal/models/remote_server.go

@@ -0,0 +1,24 @@
+package models
+
+import (
+	"time"
+)
+
+// RemoteServer represents a known backend server that can be selected
+// when creating proxy hosts, eliminating manual IP/port entry.
+type RemoteServer struct {
+	ID          uint       `json:"id" gorm:"primaryKey"`
+	UUID        string     `json:"uuid" gorm:"uniqueIndex"`
+	Name        string     `json:"name" gorm:"index"`
+	Provider    string     `json:"provider"` // e.g., "docker", "vm", "cloud", "manual"
+	Host        string     `json:"host"`     // IP address or hostname
+	Port        int        `json:"port"`
+	Scheme      string     `json:"scheme"` // http/https
+	Tags        string     `json:"tags"`   // comma-separated tags for filtering
+	Description string     `json:"description"`
+	Enabled     bool       `json:"enabled" gorm:"default:true"`
+	LastChecked *time.Time `json:"last_checked,omitempty"`
+	Reachable   bool       `json:"reachable" gorm:"default:false"`
+	CreatedAt   time.Time  `json:"created_at"`
+	UpdatedAt   time.Time  `json:"updated_at"`
+}

backend/internal/models/setting.go

@@ -0,0 +1,16 @@
+package models
+
+import (
+	"time"
+)
+
+// Setting stores global application configuration as key-value pairs.
+// Used for system-wide preferences, feature flags, and runtime config.
+type Setting struct {
+	ID        uint      `json:"id" gorm:"primaryKey"`
+	Key       string    `json:"key" gorm:"uniqueIndex"`
+	Value     string    `json:"value" gorm:"type:text"`
+	Type      string    `json:"type"`     // "string", "int", "bool", "json"
+	Category  string    `json:"category"` // "general", "security", "caddy", "smtp", etc.
+	UpdatedAt time.Time `json:"updated_at"`
+}

backend/internal/models/ssl_certificate.go

@@ -0,0 +1,21 @@
+package models
+
+import (
+	"time"
+)
+
+// SSLCertificate represents TLS certificates managed by CPM+.
+// Can be Let's Encrypt auto-generated or custom uploaded certs.
+type SSLCertificate struct {
+	ID          uint       `json:"id" gorm:"primaryKey"`
+	UUID        string     `json:"uuid" gorm:"uniqueIndex"`
+	Name        string     `json:"name"`
+	Provider    string     `json:"provider"`                     // "letsencrypt", "custom", "self-signed"
+	Domains     string     `json:"domains"`                      // comma-separated list of domains
+	Certificate string     `json:"certificate" gorm:"type:text"` // PEM-encoded certificate
+	PrivateKey  string     `json:"private_key" gorm:"type:text"` // PEM-encoded private key
+	ExpiresAt   *time.Time `json:"expires_at,omitempty"`
+	AutoRenew   bool       `json:"auto_renew" gorm:"default:false"`
+	CreatedAt   time.Time  `json:"created_at"`
+	UpdatedAt   time.Time  `json:"updated_at"`
+}

backend/internal/models/user.go

@@ -0,0 +1,20 @@
+package models
+
+import (
+	"time"
+)
+
+// User represents authenticated users with role-based access control.
+// Supports local auth, SSO integration planned for later phases.
+type User struct {
+	ID           uint       `json:"id" gorm:"primaryKey"`
+	UUID         string     `json:"uuid" gorm:"uniqueIndex"`
+	Email        string     `json:"email" gorm:"uniqueIndex"`
+	PasswordHash string     `json:"-"` // Never serialize password hash
+	Name         string     `json:"name"`
+	Role         string     `json:"role" gorm:"default:'user'"` // "admin", "user", "viewer"
+	Enabled      bool       `json:"enabled" gorm:"default:true"`
+	LastLogin    *time.Time `json:"last_login,omitempty"`
+	CreatedAt    time.Time  `json:"created_at"`
+	UpdatedAt    time.Time  `json:"updated_at"`
+}