Rustango docs

Forms & CSRF

Type-safe form parsing with built-in CSRF protection.

#[derive(Form)] generates a parser + validator from a struct. ModelForm binds a form to a model for create/edit. CSRF protection is a double-submit-cookie middleware, auto-applied to admin forms.

#[derive(Form)]
pub struct SignupForm {
    #[rustango(max_length = 150)] pub email: String,
    #[rustango(min_length = 12)]  pub password: String,
}

let form = SignupForm::from_bytes(&body)?;
form.validate()?;   // collects field errors

CSRF tokens

Render {{ csrf_token | csrf_input | safe }} in your form; the middleware verifies the cookie/field pair on POST.