Motivation

• Ensure user-data endpoints operate on the authenticated user's ID rather than relying on implicit single-user fallbacks.
• Surface a stable website_url when website analysis (onboarding step 2) exists so clients get a consistent field.
• Avoid returning ambiguous empty success payloads and turn absent onboarding into a defensive 404 instead of allowing unexpected 500s.

Description

• Added current_user: dict = Depends(get_current_user) to /, /website-url, and /onboarding endpoints and extract user_id = str(current_user.get("id")) for all service calls.
• Replaced implicit/default user behavior by passing user_id explicitly into UserDataService.get_user_onboarding_data(user_id) and get_user_website_url(user_id).
• Changed UserDataService.get_user_website_url signature to require user_id: str and removed the default user_id=1 assumption, and updated the integration call to use the explicit ID.
• Added defensive handling that raises HTTPException(status_code=404) when onboarding data is absent, re-raises HTTPException cleanly, ensures db_session is closed, and injects a top-level website_url into responses when a website_analysis exists.

Testing

• Ran Python compilation check with python -m py_compile backend/api/user_data.py backend/services/user_data_service.py which completed successfully.

Codex Task