Skip to content

Demo: make the homepage upload (and data) work on a multi-tenant server#79

Merged
jwicks31 merged 2 commits into
mainfrom
claude/demo-multitenant-key
Jun 13, 2026
Merged

Demo: make the homepage upload (and data) work on a multi-tenant server#79
jwicks31 merged 2 commits into
mainfrom
claude/demo-multitenant-key

Conversation

@jwicks31

@jwicks31 jwicks31 commented Jun 13, 2026

Copy link
Copy Markdown
Owner

What

Fixes the reported issue: the homepage upload form fails on a multi-tenant server.

Root cause

The homepage demo runs Zero() with no key. In multi-tenant mode every data/file call requires a project key, so they all 401data list, files list, and upload. The data failures were silent (the lists just render empty), while the upload form has a visible action, so it looked like "upload is broken" when in fact the whole demo was unauthenticated. (Verified by reproduction: all three return 401 "Provide a project key."; with a project key, upload returns 201.)

This is a demo/frontend gap, not a server bug — authed upload already works.

Fix (frontend only)

  • On a multi-tenant server, the demo shows a "project key" box. The pasted key is held in sessionStorage (this tab only, cleared when it closes) and never put in the URL — so it can't leak into history/logs or be shared by accident. A Clear button forgets it.
  • Entering or clearing the key reconnects the SDK and refreshes the lists + the live guestbook subscription.
  • When no key is set on a multi-tenant server, a clear notice explains how (create a project in the dashboard, paste the key).
  • loadEntries/loadFiles and the post/upload handlers now catch errors and show a friendly message instead of throwing uncaught.
  • Open mode (the zero-config default) is unchanged: no key box, works as before.

Updated from an earlier ?key= URL approach per review — a key in the URL is easy to forget and can leak into history/logs; sessionStorage avoids both.

Verification

  • Reproduced the 401s in multi-tenant; confirmed 201 upload once a project key is supplied.
  • 65/65 SQLite, including a new test that / serves the demo HTML and carries the key-form + sessionStorage handling + the notice. (No server logic changed.)

https://claude.ai/code/session_018efxvWw3MRjdtvE5xgBqya


Generated by Claude Code

claude added 2 commits June 13, 2026 09:04
The homepage demo used Zero() with no key, so on a multi-tenant server every
data/file call 401s. Data failures were silent (lists just render empty) while
the upload form surfaced the error — hence "upload is failing", though the whole
demo was unauthenticated.

- The demo now reads an optional project key from the URL (?key=pk_…) and passes
  it to the SDK, so an operator can point the showcase at a project.
- On a multi-tenant server with no key it shows a clear notice (create a project
  in /admin, open as ?key=…) instead of failing silently.
- loadEntries/loadFiles and the post/upload handlers now catch errors and show a
  friendly inline message rather than throwing uncaught.

Server behavior is unchanged (authed upload already works — verified 201 with a
project key). Added a test that / serves the demo and carries the key handling.
65/65 SQLite.
Per review: a key in the URL can leak into history/logs and is easy to forget.
The demo now shows a "project key" box only on a multi-tenant server; the key is
held in sessionStorage (this tab only, cleared when it closes) and never touches
the URL. A "Clear" button forgets it. Entering or clearing the key reconnects the
SDK and refreshes the lists + live subscription. Test asserts the key-form +
sessionStorage handling.
@jwicks31 jwicks31 merged commit 4b33a13 into main Jun 13, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants