Separate Forward auth into it's own models + controller

app/views/admin/forward_auth_rules/new.html.erb

@@ -0,0 +1,57 @@
+<% content_for :title, "New Forward Auth Rule" %>
+
+<div class="md:flex md:items-center md:justify-between">
+  <div class="min-w-0 flex-1">
+    <h2 class="text-2xl font-bold leading-7 text-gray-900 sm:truncate sm:text-3xl sm:tracking-tight">
+      New Forward Auth Rule
+    </h2>
+  </div>
+</div>
+
+<div class="mt-8">
+  <%= form_with(model: [:admin, @forward_auth_rule], local: true, class: "space-y-6") do |form| %>
+    <%= render "shared/form_errors", form: form %>
+
+    <div class="bg-white shadow-sm ring-1 ring-gray-900/5 sm:rounded-xl md:col-span-2">
+      <div class="px-4 py-6 sm:p-8">
+        <div class="grid max-w-2xl grid-cols-1 gap-x-6 gap-y-8 sm:grid-cols-6">
+          <div class="sm:col-span-4">
+            <%= form.label :domain_pattern, class: "block text-sm font-medium leading-6 text-gray-900" %>
+            <div class="mt-2">
+              <%= form.text_field :domain_pattern, class: "block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 placeholder:text-gray-400 focus:ring-2 focus:ring-inset focus:ring-blue-600 sm:text-sm sm:leading-6", placeholder: "*.example.com" %>
+            </div>
+            <p class="mt-3 text-sm leading-6 text-gray-600">
+              Use patterns like "*.example.com" or "api.example.com". Wildcards (*) are supported.
+            </p>
+          </div>
+
+          <div class="sm:col-span-4">
+            <%= form.label :active, class: "block text-sm font-medium leading-6 text-gray-900" %>
+            <div class="mt-2">
+              <%= form.select :active, options_for_select([["Active", true], ["Inactive", false]], @forward_auth_rule.active), { prompt: "Select status" }, { class: "block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 focus:ring-2 focus:ring-inset focus:ring-blue-600 sm:max-w-xs sm:text-sm sm:leading-6" } %>
+            </div>
+          </div>
+
+          <div class="col-span-full">
+            <div class="block text-sm font-medium leading-6 text-gray-900 mb-4">
+              Groups
+            </div>
+            <div class="mt-2 space-y-2">
+              <%= form.collection_select :group_ids, @available_groups, :id, :name,
+                  { prompt: "Select groups (leave empty for bypass)" },
+                  { multiple: true, class: "block w-full rounded-md border-0 py-1.5 text-gray-900 shadow-sm ring-1 ring-inset ring-gray-300 focus:ring-2 focus:ring-inset focus:ring-blue-600 sm:text-sm sm:leading-6" } %>
+            </div>
+            <p class="mt-3 text-sm leading-6 text-gray-600">
+              Select groups that are allowed to access this domain. If no groups are selected, all authenticated users will be allowed access (bypass).
+            </p>
+          </div>
+        </div>
+      </div>
+    </div>
+
+    <div class="mt-6 flex items-center justify-end gap-x-6">
+      <%= link_to "Cancel", admin_forward_auth_rules_path, class: "text-sm font-semibold leading-6 text-gray-900 hover:text-gray-700" %>
+      <%= form.submit "Create Rule", class: "rounded-md bg-blue-600 px-3 py-2 text-sm font-semibold text-white shadow-sm hover:bg-blue-500 focus-visible:outline focus-visible:outline-2 focus-visible:outline-offset-2 focus-visible:outline-blue-600" %>
+    </div>
+  <% end %>
+</div>