4 changed files with 7 additions and 6 deletions
--- a/.env.rb
+++ b/.env.rb
@ -1,3 +0,0 @@
-
-ENV["APP_SESSION_SECRET"] ||= "x3UUSSxLjgP62TOxfIOdf7dhXnOdLiN2kE0K+nB7TA0LsRTpSxhf8Om9cRUYGYQxUMhzIBeZ3KtOLo3cXlSfdg=="
-# generated with: ruby -rsecurerandom -e 'puts SecureRandom.base64(64).inspect'
--- a/app.rb
+++ b/app.rb
@ -10,9 +10,11 @@ require_relative 'models/assistant'
 # Listing large language models (aka "Assistants")
 class App < Roda
  plugin :render, escape: true
-  plugin :sessions, secret: ENV.delete('APP_SESSION_SECRET')
+  plugin :route_csrf

  route do |r|
+    check_csrf!
+
    r.root do
      @page_title = 'Assistants List'
      @subtitle = 'All Assistants in Database'
--- a/config.ru
+++ b/config.ru
@ -1,4 +1,3 @@
-require './.env' if File.exist?('.env.rb')
-require './app'
+require "./app"

 run App.freeze.app
--- a/views/edit.erb
+++ b/views/edit.erb
@ -15,6 +15,9 @@
    <input type="hidden" name="_method" value="put">
  <% end %>

+  <!-- Add CSRF token tag -->
+  <%== csrf_tag('/assistants') %>
+  
  <div class="field">
    <label class="label">Name</label>
    <div class="control">