Fix site_id isolation for demo sites

- Auto-derive site_id from demo directory paths (demos/demo-site -> 'demo', demos/simple/test-simple -> 'simple') - Add validation requiring explicit site_id for non-demo paths with helpful error messages - Remove JavaScript 'demo' fallback and add proper error messaging for missing site_id - Ensure each demo site uses isolated content namespace to prevent content mixing Resolves issue where /sites/simple and /sites/demo both used site_id=demo
2025-09-16 22:23:41 +02:00
parent fe00a13780
commit 1fa607c47c
4 changed files with 120 additions and 3 deletions
--- a/lib/src/core/api-client.js
+++ b/lib/src/core/api-client.js
@@ -10,7 +10,7 @@ export class ApiClient {
            : '/api/content';                      // Production: same-origin API
            
        this.baseUrl = options.apiEndpoint || defaultEndpoint;
-        this.siteId = options.siteId || 'demo';
+        this.siteId = options.siteId || this.handleMissingSiteId();
        
        // Log API configuration in development
        if (isDevelopment && !options.apiEndpoint) {
@@ -276,6 +276,22 @@ export class ApiClient {
        return false;
    }
    
+    /**
+     * Handle missing site_id configuration
+     * @returns {string} Site ID or throws error
+     */
+    handleMissingSiteId() {
+        console.error('❌ No site_id configured for Insertr.');
+        console.log('💡 Add data-site-id attribute to your script tag:');
+        console.log('   <script src="insertr.js" data-site-id="mysite"></script>');
+        console.log('');
+        console.log('🚀 For demos under demos/, site_id is auto-derived from directory name.');
+        console.log('🏭 For production sites, you must explicitly set your site_id.');
+        
+        // Return a placeholder that will cause API calls to fail gracefully
+        return '__MISSING_SITE_ID__';
+    }
+
    /**
     * Get current file path from URL for consistent ID generation
     * @returns {string} File path like "index.html", "about.html"
--- a/lib/src/index.js
+++ b/lib/src/index.js
@@ -84,7 +84,7 @@ function autoInitialize() {
        const config = {};
        
        if (insertrScript) {
-            config.siteId = insertrScript.getAttribute('data-site-id') || 'demo';
+            config.siteId = insertrScript.getAttribute('data-site-id'); // No fallback - let ApiClient handle missing values
            config.apiEndpoint = insertrScript.getAttribute('data-api-endpoint') || '/api/content';
            config.mockAuth = insertrScript.getAttribute('data-mock-auth') === 'true';
            config.debug = insertrScript.getAttribute('data-debug') === 'true';