diff --git a/.env.rb b/.env.rb deleted file mode 100644 index ed7489c..0000000 --- a/.env.rb +++ /dev/null @@ -1,3 +0,0 @@ - -ENV["APP_SESSION_SECRET"] ||= "x3UUSSxLjgP62TOxfIOdf7dhXnOdLiN2kE0K+nB7TA0LsRTpSxhf8Om9cRUYGYQxUMhzIBeZ3KtOLo3cXlSfdg==" -# generated with: ruby -rsecurerandom -e 'puts SecureRandom.base64(64).inspect' diff --git a/app.rb b/app.rb index 096b0b4..f590e41 100644 --- a/app.rb +++ b/app.rb @@ -10,9 +10,11 @@ require_relative 'models/assistant' # Listing large language models (aka "Assistants") class App < Roda plugin :render, escape: true - plugin :sessions, secret: ENV.delete('APP_SESSION_SECRET') + plugin :route_csrf route do |r| + check_csrf! + r.root do @page_title = 'Assistants List' @subtitle = 'All Assistants in Database' diff --git a/config.ru b/config.ru index b1cf08d..c9fa468 100644 --- a/config.ru +++ b/config.ru @@ -1,4 +1,3 @@ -require './.env' if File.exist?('.env.rb') -require './app' +require "./app" run App.freeze.app diff --git a/views/edit.erb b/views/edit.erb index d140737..5038044 100644 --- a/views/edit.erb +++ b/views/edit.erb @@ -15,6 +15,9 @@ <% end %> + + <%== csrf_tag('/assistants') %> +