Forms & CSRF
Type-safe form parsing with built-in CSRF protection.
#[derive(Form)] generates a parser + validator from a struct. ModelForm binds a form to a model for create/edit. CSRF protection is a double-submit-cookie middleware, auto-applied to admin forms.
#[derive(Form)]
pub struct SignupForm {
#[rustango(max_length = 150)] pub email: String,
#[rustango(min_length = 12)] pub password: String,
}
let form = SignupForm::from_bytes(&body)?;
form.validate()?; // collects field errors
CSRF tokens
Render {{ csrf_token | csrf_input | safe }} in your form; the middleware verifies the cookie/field pair on POST.