You can also separate out the "rendering of the UI" whether client side or server side, vs. "business logics/data base."
Generally, for security reasons, your core business logic and database should always be as part of the backend. And you can design an API interface for it.
Your UI, whether client side render or server side rendered, is just an optimization. And it should interface with your business logic and database via an API only.
Also important: never completely trust the front end, i.e. make sure you have the right Authentication & Authorization in place for the APIs set up.