Todo example — backend reference
cargo run -p example-todo — full Resuma showcase plus production backend patterns in Rust.
Files
| File | Role |
|---|---|
src/main.rs | UI, #[server] controllers, island |
src/todo_store.rs | Service layer + DTO validation |
src/security.rs | Guards, interceptors, SecurityConfig |
Try it
- Run the app, open DevTools → Network
- Default user: guest — sees only guest tasks
- Click alice — admin, sees all tasks
- As guest, try toggling alice's task → 403 Forbidden
- Check terminal logs: request id + user + IP per action
cargo run -p example-todoPatterns implemented
- Session guard —
attach_session()in action middleware - DTO validation —
AddTodoInput,RenameTodoInput - Domain service —
todo_store::add()etc. - Server action — thin
#[server]→ delegates to store - Client RPC —
__resuma.action()with CSRF - Loader refresh —
list_todoson island mount viause_visible_task - Audit log — request id + structured action log
- Error mapping —
Result<T>→ HTTP status
Env vars
| Variable | Purpose |
|---|---|
RESUMA_ENV=production | Sanitized client error messages |
RESUMA_TRUST_PROXY=1 | Real client IP behind Fly/nginx |
RESUMA_TODO_ADMINS | Admin users (default: alice) |
RESUMA_TODO_API_KEY | Optional shared secret for actions |
See also: Backend patterns · Authorization: RLS guide.