Initial wizard fixes

crates/defguard_common/src/config.rs

@@ -112,6 +112,7 @@ pub struct DefGuardConfig {
     pub stats_purge_threshold: Duration,
 
     #[arg(long, env = "DEFGUARD_ENROLLMENT_URL", value_parser = Url::parse, default_value = "http://localhost:8080")]
+    #[deprecated(since = "2.0.0", note = "Use Settings.public_proxy_url instead")]
     pub enrollment_url: Url,
 
     #[arg(long, env = "DEFGUARD_ENROLLMENT_TOKEN_TIMEOUT", default_value = "24h")]

crates/defguard_common/src/db/models/proxy.rs

@@ -14,7 +14,6 @@ pub struct Proxy<I = NoId> {
     pub name: String,
     pub address: String,
     pub port: i32,
-    pub public_address: String,
     pub connected_at: Option<NaiveDateTime>,
     pub disconnected_at: Option<NaiveDateTime>,
     pub version: Option<String>,
@@ -35,13 +34,12 @@ impl fmt::Display for Proxy<Id> {
 }
 
 impl Proxy {
-    pub fn new<S: Into<String>>(name: S, address: S, port: i32, public_address: S) -> Self {
+    pub fn new<S: Into<String>>(name: S, address: S, port: i32) -> Self {
         Self {
             id: NoId,
             name: name.into(),
             address: address.into(),
             port,
-            public_address: public_address.into(),
             connected_at: None,
             disconnected_at: None,
             has_certificate: false,

crates/defguard_common/src/db/models/settings.rs

@@ -149,11 +149,13 @@ pub struct Settings {
     pub ca_key_der: Option<Vec<u8>>,
     pub ca_cert_der: Option<Vec<u8>>,
     pub ca_expiry: Option<NaiveDateTime>,
+    // Initial setup, general settings
     pub initial_setup_completed: bool,
     pub defguard_url: String,
     pub default_admin_group_name: String,
     pub authentication_period_days: i32,
     pub mfa_code_timeout_seconds: i32,
+    pub public_proxy_url: String,
 }
 
 // Implement manually to avoid exposing the license key.
@@ -271,7 +273,8 @@ impl Settings {
             ldap_user_rdn_attr, ldap_sync_groups, \
             openid_username_handling \"openid_username_handling: OpenIdUsernameHandling\", \
             ca_key_der, ca_cert_der, ca_expiry, initial_setup_completed, \
-            defguard_url, default_admin_group_name, authentication_period_days, mfa_code_timeout_seconds \
+            defguard_url, default_admin_group_name, authentication_period_days, mfa_code_timeout_seconds, \
+            public_proxy_url \
             FROM \"settings\" WHERE id = 1",
         )
         .fetch_optional(executor)
@@ -356,7 +359,8 @@ impl Settings {
             defguard_url = $53, \
             default_admin_group_name = $54, \
             authentication_period_days = $55, \
-            mfa_code_timeout_seconds = $56 \
+            mfa_code_timeout_seconds = $56, \
+            public_proxy_url = $57 \
             WHERE id = 1",
             self.openid_enabled,
             self.wireguard_enabled,
@@ -413,7 +417,8 @@ impl Settings {
             self.defguard_url,
             self.default_admin_group_name,
             self.authentication_period_days,
-            self.mfa_code_timeout_seconds
+            self.mfa_code_timeout_seconds,
+            self.public_proxy_url
         )
         .execute(executor)
         .await?;
@@ -493,6 +498,10 @@ impl Settings {
     pub fn authentication_timeout(&self) -> Duration {
         Duration::from_secs(self.authentication_period_days as u64 * 24 * 3600)
     }
+
+    pub fn proxy_public_url(&self) -> Result<Url, url::ParseError> {
+        Url::parse(&self.public_proxy_url)
+    }
 }
 
 #[derive(Serialize)]

crates/defguard_core/src/grpc/mod.rs

@@ -176,17 +176,16 @@ impl InstanceInfo {
         enterprise_settings: &EnterpriseSettings,
         openid_provider: Option<OpenIdProvider<Id>>,
     ) -> Result<Self, UrlParseError> {
-        let config = server_config();
         let openid_display_name = openid_provider
             .as_ref()
             .map(|provider| provider.display_name.clone())
             .unwrap_or_default();
         let url = Settings::url()?;
-        Ok(InstanceInfo {
+        Ok(Self {
             id: settings.uuid,
-            name: settings.instance_name,
-            url: url.clone(),
-            proxy_url: config.enrollment_url.clone(),
+            name: settings.instance_name.clone(),
+            url,
+            proxy_url: settings.proxy_public_url()?,
             username: username.into(),
             client_traffic_policy: enterprise_settings.client_traffic_policy,
             enterprise_enabled: is_business_license_active(),

crates/defguard_core/src/handlers/auth.rs

@@ -54,7 +54,7 @@ use crate::{
 
 /// Common functionality for `authenticate()` and `auth_callback()`.
 /// Returns either `AuthResponse` or `MFAInfo`.
-pub(crate) async fn create_session(
+pub async fn create_session(
     pool: &PgPool,
     mail_tx: &UnboundedSender<Mail>,
     ip_address: IpAddr,

crates/defguard_core/src/handlers/component_setup.rs

@@ -532,7 +532,6 @@ pub async fn setup_proxy_tls_stream(
             &request.common_name,
             &request.ip_or_domain,
             i32::from(request.grpc_port),
-            &request.ip_or_domain,
         );
 
         proxy.has_certificate = true;