on server actions and why I don't like "use server" directive

[glitch-txs]

Hi, first of all I'd like to clarify that I'm not a Solid expert nor a Senior Web Developer. Besides my experience, I'd like to share some thoughts on this new metaframework trend of running backend code on "frontend files".

I think Solid Start should NOT take this approach and I don't this is beneficial either imho.

• Running backend and frontend code in the same file is very confusing: We've seen this with Next.js and the amount of negative feedback it has received. It makes it very complex to have mixed code related to backend and frontend in the same file.

• It's not junior-developer friendly: If we want Solid Start to get adoption the learning curve needs to be low, adding backend/frontend separation helps new devs to focus on one thing first without worrying too much about the server part.

• It is risky in terms of security: There are always bad practices as we know, we've seen this with React's useEffect, now allowing devs to run backend code on a "FE files" is an open door for footguns (e.g. secret leaks).
  If I want to develop a fullstack app in X company I would like to work with a team, and it is possible that in this team there might devs of all seniorities. Senior devs can end up with conventions like this one but for new devs this reasoning is not explicit.

---

If I'm not mistaken it's possible to use the API folder but it has some rules like using export const GET = ...
Why not having instead a folder or file (.server.ts) convention for server side functions and allow devs to freely export them from those files/dirs without needing to use the GET/POST rules? It would be in the same way "use server" directive works when scoping a whole file but more secure and more clear.

Sorry if there are misconseptions here, I love FE and would love to write as little BE as possible + not having to be worried about it.

[lxsmnsyc]

Running backend and frontend code in the same file is very confusing: We've seen this with Next.js and the amount of negative feedback it has received. It makes it very complex to have mixed code related to backend and frontend in the same file.

The response here is mixed, and it's never one-sided, but the thing is, you can pretty much separate the backend code from frontend code by your own.

It's not junior-developer friendly: If we want Solid Start to get adoption the learning curve needs to be low, adding backend/frontend separation helps new devs to focus on one thing first without worrying too much about the server part.

Not exactly sure with this one. Metaframeworks appeal more because of the low learning curve, as it cuts down the learning requirement to help people set up both backend and frontend, which is tricky to do regardless of the framework.

It is risky in terms of security: There are always bad practices as we know, we've seen this with React's useEffect, now allowing devs to run backend code on a "FE files" is an open door for footguns (e.g. secret leaks).

This has been already proven to be false. "use server" functions do not perform "closure extraction" and so the only way a developer would leak secret values is "intentionally". On top of that, backend code is always compiled away so it never exists on the frontend, unless you intentionally ship with source maps, which is a bad practice.

If I want to develop a fullstack app in X company I would like to work with a team, and it is possible that in this team there might devs of all seniorities. Senior devs can end up with conventions like this one but for new devs this reasoning is not explicit.

An interesting thought, but like I mentioned you can always enforce this convention on your own. If you missed it, "use server" can be used on modules, not just functions.

[glitch-txs]

What if I mistakenly write "use sever" instead of "use server"?

Even Next.js, which still makes it relatively complex imho, is a bit more secure, since by default you got everything running on the server unless you explicitly say otherwise, so if I have a mistake with the "use client" directive it won't be that bad as if I were running server code on FE by mistake

[lxsmnsyc]

That same mistake is on the same degree as mistakenly using .sever.ts so I'm not sure what the point is, although honestly the directive can give more hints through tooling.

[glitch-txs]

That same mistake is on the same degree as mistakenly using .sever.ts so I'm not sure what the point is

True, I guess the best would be to use a pre-built folder structure maybe. Thanks for following up