From 5c2466dfaf85e2ade0406276fecc525c25987618 Mon Sep 17 00:00:00 2001
From: James Dinkel <jdinkel@gmail.com>
Date: Sun, 24 Aug 2025 14:53:34 -0500
Subject: [PATCH] Getting rid of CSRF for now.

---
 .env.rb        | 3 +++
 app.rb         | 4 +---
 config.ru      | 3 ++-
 views/edit.erb | 2 --
 4 files changed, 6 insertions(+), 6 deletions(-)
 create mode 100644 .env.rb

diff --git a/.env.rb b/.env.rb
new file mode 100644
index 0000000..ed7489c
--- /dev/null
+++ b/.env.rb
@@ -0,0 +1,3 @@
+
+ENV["APP_SESSION_SECRET"] ||= "x3UUSSxLjgP62TOxfIOdf7dhXnOdLiN2kE0K+nB7TA0LsRTpSxhf8Om9cRUYGYQxUMhzIBeZ3KtOLo3cXlSfdg=="
+# generated with: ruby -rsecurerandom -e 'puts SecureRandom.base64(64).inspect'
diff --git a/app.rb b/app.rb
index 6e67653..096b0b4 100644
--- a/app.rb
+++ b/app.rb
@@ -10,11 +10,9 @@ require_relative 'models/assistant'
 # Listing large language models (aka "Assistants")
 class App < Roda
   plugin :render, escape: true
-  plugin :route_csrf
+  plugin :sessions, secret: ENV.delete('APP_SESSION_SECRET')
 
   route do |r|
-    # check_csrf!
-
     r.root do
       @page_title = 'Assistants List'
       @subtitle = 'All Assistants in Database'
diff --git a/config.ru b/config.ru
index c9fa468..b1cf08d 100644
--- a/config.ru
+++ b/config.ru
@@ -1,3 +1,4 @@
-require "./app"
+require './.env' if File.exist?('.env.rb')
+require './app'
 
 run App.freeze.app
diff --git a/views/edit.erb b/views/edit.erb
index b147d9a..d140737 100644
--- a/views/edit.erb
+++ b/views/edit.erb
@@ -15,8 +15,6 @@
     <input type="hidden" name="_method" value="put">
   <% end %>
 
-  <!-- Add CSRF token tag -->
-  
   <div class="field">
     <label class="label">Name</label>
     <div class="control">