How can all the forms work with no backend code?
Sapling's dynamic data backend figures out what to do based on the type of request it receives to the built-in /data
route. It acts as a lightweight wrapper for abstract CRUD operations;
GET /data/posts
returns all records in the collection postsGET /data/posts/type/text
returns records in the collection posts, where the value of type is "text"POST /data/posts
creates a new record in the collection postsPOST /data/posts/_id/1
modifies any records in the collection posts, where the value of _id is 1DELETE /data/posts
deletes all records in the collection postsDELETE /data/posts/_id/1
deletes any records in the collection posts, where the value of _id is 1
As such, the second URL segment is the collection, and if the third and fourth segments are provided, they will act as key and value for a where clause, respectively. The method of the HTTP request determines what is done with the matching records. In cases of POST requests, any and all POST values received are saved into a new record or any matching records.
Oh wow. Putting this on production would be insanity!
Absolutely, and Sapling's default configuration is indeed not meant for production use, but rather, optimised for rapid prototyping.
Sapling has robust support for built-in data and request validation, as well as access control for each method-route combination. By default, these are optional. However, in Sapling's production mode, both of these must be defined, and nothing is ever implicitly saved into the database.