Add deployed apps gateway

[kapicic]

📋 Pull Request Summary

WIP: need to resolve some bugs with Netlify production headers

Use iframe to proxy apps from deployed platforms to our builder.
Use slugs to have human readable urls.
Update websites table to store slugs.
Update deployment methods to set CORS headers.
TODO: allow only from builder origin

🔗 Related Issues

• Fixes #
• Relates to #

📝 Changes Made

🧪 Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• All existing tests pass

Testing Details:

📚 Documentation

• Code is self-documenting with clear variable/function names
• Added/updated JSDoc comments for public APIs
• Updated README.md if needed
• Updated other documentation files
• No documentation changes needed

🔄 Type of Change

• 🐛 Bug fix (non-breaking change that fixes an issue)
• ✨ New feature (non-breaking change that adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📝 Documentation update
• 🔧 Refactoring (no functional changes)
• ⚡ Performance improvement
• 🧪 Test improvements

🚨 Breaking Changes

• This PR introduces breaking changes
• Migration guide provided
• Deprecation warnings added

Breaking Change Details:

📸 Screenshots/Videos

📋 Additional Notes

[gemini-code-assist]

Summary of Changes

Hello @kapicic, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the platform's ability to manage and display deployed applications. It introduces a robust 'app viewer' that allows users to access their deployed projects through friendly, slug-based URLs directly within the application. This is achieved by integrating iframe-based viewing, implementing a comprehensive slug generation and validation system, and configuring critical security headers on deployment platforms to facilitate cross-origin embedding. The changes aim to streamline the workflow for reviewing and interacting with deployed projects.

Highlights

• Deployed Apps Gateway: Introduced a new system to proxy deployed applications from various platforms (like Netlify, Vercel, AWS) directly into our builder using iframes, providing a unified viewing experience.
• Human-Readable Slugs: Implemented a slug generation and management system to create human-readable and unique URLs for deployed applications, improving discoverability and user experience.
• CORS and Security Headers: Updated deployment configurations for Netlify, Vercel, and AWS to include necessary CORS and security headers (like X-Frame-Options, Cross-Origin-Resource-Policy) to ensure proper embedding of applications within iframes.
• App Viewer UI: Developed a dedicated AppViewer component with loading states, error handling, refresh functionality, fullscreen mode, and basic app information display for a seamless viewing experience.
• Database Schema Update: Modified the Website database model to include a new slug field, ensuring that each deployed application can have a unique, persistent, and human-friendly identifier.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a significant new feature: an app gateway for viewing deployed applications using iframes and human-readable slugs. The changes are extensive, touching frontend components, API routes, deployment plugins, and the database schema. My review has identified two critical security vulnerabilities in the new app viewer pages that allow unauthorized access to private applications. Additionally, there are several medium-severity issues related to type safety (use of any), code duplication, and maintainability that should be addressed.

[bears4barrett]

Is it worth handling this TODO and any now? Or do you expect this in a future PR?

[bears4barrett]

Another any TODO