Server Actions

#[server] registers Rust functions as RPC endpoints callable from handlers and client code.

Define an action

#[server]
async fn search(q: String) -> Vec<String> {
    db::search(&q).await
}

#[server]
async fn greet(name: String) -> String {
    format!("Hello, {name}!")
}

With FlowRequest

Server actions can access request context when Flow is enabled:

#[server]
async fn list_items(req: &FlowRequest) -> Vec<Item> {
    let cookie = req.header("cookie").unwrap_or("");
    db::items_for_session(cookie).await
}

HTTP endpoint

Each action is exposed at POST /_resuma/action/:name with body { \"args\": [...] }. CSRF token required on mutations.

Return Result for errors

#[server]
async fn create(name: String) -> Result<Item> {
    validate(&name)?;
    Ok(db::create(name).await?)
}

From handlers

view! {
    <button onClick={ js! {
        const rows = await __resuma.action("search", [state.q.value]);
        state.results.set(rows);
    }}>"Search"</button>
}

Production patterns

Validation, auth middleware, and fail-closed errors: Secure server actions · Todo example.