Secure task board
This tutorial connects the installed 0.2.15 APIs into one design. Snippets are limited to declarations and README patterns verified in the installed packages; a CI-compiled standalone fixture remains on the roadmap.
Application shape
A .wrn page renders tasks from an SSR API binding. A shared validation schema protects mutations. Session middleware identifies users, authorization policies gate updates, and a realtime room broadcasts changes.
Schema and create route
import { v, parseBody } from "@wrnexus/validation";
const task = v.object({ title: v.string().trim().min(3).max(120) });
export const POST = async (ctx) => {
const parsed = await parseBody(task, ctx.req);
if (!parsed.ok) return parsed.response;
return Response.json({ ok: true, task: parsed.value }, { status: 201 });
};Server-rendered list
page Tasks {
ssr { api tasks GET /api/tasks { return tasks } }
view {
<main><h1>Tasks</h1><ul>
{#each tasks as task}<li>{task.title}</li>{:empty}<li>No tasks yet.</li>{/each}
</ul></main>
}
}Production checklist
- Choose SQLite for local development or configure the supported PostgreSQL driver.
- Run migrations before accepting traffic.
- Enable session authentication and enforce authorization on every mutation.
- Validate upload types and sizes; keep private objects behind authenticated routes.
- Use Redis pub/sub when realtime rooms span processes.
- Treat the default queue as non-durable until a production driver is selected.
Follow the focused database, authentication, authorization, realtime, and upload guides.