Cursor Rules Template: LMS with Courses, Lessons, Quizzes, Certificates, Payments, and Admin Dashboard

Overview

Direct answer: This Cursor Rules Template provides Cursor AI with stack-specific guardrails to generate, review, and enforce code for a full Learning Management System (LMS) stack. It targets a NestJS backend with PostgreSQL via TypeORM, Stripe payments, and a React/Next.js frontend plus an admin dashboard. Use this as a copyable configuration you can paste into your project root as a .cursorrules file.

Cursor rules configuration for an LMS stack ensures consistent architecture, secure payments, course content modeling, quiz and certificate flows, and a production-ready admin experience. It pairs strong typing, clean architecture, and testable components with guardrails to prevent common anti-patterns in LMS development.

When to Use These Cursor Rules

• When starting a new LMS project and you want a repeatable, testable scaffolding for courses, lessons, quizzes, and certificates.
• When integrating payments (Stripe) and issuing certificates upon course completion with a verifiable workflow.
• When enforcing a secure, RBAC-based admin dashboard and protected API endpoints across backend and frontend.
• When you need a stack-specific, copyable configuration to speed up onboarding and ensure consistency across environments.

Copyable .cursorrules Configuration

// Cursor Rules Template: LMS with NestJS + PostgreSQL + TypeORM + Stripe
FrameworkRoleContext: Backend NestJS API, PostgreSQL (TypeORM), Stripe payments, Admin Dashboard; Frontend: Next.js
CodeStyleGuides: TypeScript, ESLint, Prettier, Airbnb style, DTO validation, strict typing
ArchitectureDirectoryRules: Monorepo with apps/api, apps/web, libs/core; modules: courses, lessons, quizzes, certificates, payments, admin
AuthenticationSecurityRules: JWT with access/refresh tokens, token rotation, RBAC on roles, secure webhook verification, CSRF considerations for web UI
DatabaseORMPatterns: PostgreSQL; TypeORM; Entities with relations; migrations; seeds; indices; use repositories and services; avoid circular dependencies
TestingLintingWorkflows: Jest + SuperTest for API tests; Cypress for end-to-end; GitHub Actions CI; lint-staged on commit; type-check in CI
ProhibitedActionsAntiPatterns: Do not bypass authentication; Do not trust client input; Do not skip migrations; Do not store secrets in code; Do not implement admin features without RBAC checks

Recommended Project Structure

apps/
  api/
    src/
      main.ts
      app.module.ts
      config/
      modules/
        auth/
        courses/
        lessons/
        quizzes/
        certificates/
        payments/
        admin/
      entities/
      migrations/
      dtos/
  web/
    src/
      pages/
      components/
      public/
      styles/
libs/
  core/
  db/
  payments/

Core Engineering Principles

• Security by default: enforce authentication, validation, and least privilege across all modules.
• Strong typing and explicit contracts for APIs, entities, and DTOs.
• Clear separation of concerns with a clean architecture (modules, services, controllers, repositories).
• Idempotent operations for critical actions (enrollments, payments, certificate issuance).
• Observability: structured logging, metrics, and tracing for debugging and production.

Code Construction Rules

• Use NestJS modules for each domain (courses, lessons, quizzes, certificates, payments, admin).
• Define DTOs with class-validator and map to entities via services.
• Model domain entities with clear relations (Course has Lessons; Lesson has Quizzes; Enrollment links User to Course).
• Implement migrations and seed scripts; avoid altering production databases directly.
• Guard routes with RBAC; validate inputs server-side; never rely on client-side validation for security rules.
• Integrate Stripe using webhooks with signature verification; handle idempotency keys; store payment intents and statuses in a dedicated table.
• Tests: unit tests for services, integration tests for API endpoints, and E2E tests for critical flows (enroll, payment, certificate issuance).

Security and Production Rules

• Use HTTPS in all environments; rotate and revoke tokens; implement short-lived access tokens with refresh tokens.
• Strict RBAC for admin endpoints; audit logs for admin actions; IP allowlists for sensitive routes.
• Validate webhooks (Stripe) using signatures and verify payloads; store only necessary webhook data.
• Limit input sizes and implement rate limiting on public APIs; protect against XSS and SQL injection with ORM and validation layers.
• Separate secrets from code; use environment variables managed by a vault or CI/CD secrets store.

Testing Checklist

• Unit tests for all services (courses, lessons, quizzes, certificates, payments) with mocked dependencies.
• Integration tests for API endpoints using SuperTest; validate error paths and edge cases.
• E2E tests for enrollment, payment flow, certificate issuance, and admin CRUD operations using Cypress.
• Linting and type-checking in CI; ensure migrations run and seed data is applied in test environments.
• Security tests: verify RBAC, token rotation, and webhook verification paths.

Common Mistakes to Avoid

• Not validating inputs or failing to enforce server-side validation on nested objects (courses, lessons, quizzes).
• Skipping migrations or relying on data mutations without versioning.
• Exposing admin routes without proper RBAC checks or auditing redirects.
• Handling payments without idempotency and webhook verification, leading to duplicate charges.
• Coupling frontend and backend logic too tightly, preventing independent deployments and testing.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

• Cursor Rules Template: Django Subscription Box Platform
• Cursor Rules Template: NestJS + Next.js + PostgreSQL for B2B Wholesale Portal
• Cursor Rules Template for Node.js Hotel Booking Platform
• Cursor Rules Template: Construction Project Management Stack

FAQ

What is the purpose of this Cursor Rules Template?

This template provides Cursor AI with stack-specific guardrails to guide code generation for a full LMS backend and frontend, including courses, lessons, quizzes, certificates, payments, and an admin dashboard. It ensures consistent architecture, security, and testability across the LMS stack.

Which stack is assumed for this template?

Backend: NestJS with PostgreSQL via TypeORM; Frontend: Next.js; Payments: Stripe; Auth: JWT; Admin dashboard: RBAC. This forms a cohesive monorepo with clear module boundaries and migration-driven evolution.

How do I extend the templates for additional LMS features?

Follow the existing module pattern: create new modules under apps/api/src/modules (e.g., certificates, achievements); add entities, services, controllers, DTOs, tests, and migrations; update the admin and frontend accordingly while maintaining coding standards.

How does this template handle payments and certificates?

Stripe integration with webhook verification is recommended; support for one-time or subscription payments; on successful completion, issue a downloadable or verifiable certificate linked to the user and course; maintain an audit trail of purchases and certificate generation.

How to integrate with CI/CD and testing?

Use Jest for unit tests and API tests (SuperTest), Cypress for end-to-end tests, and ESLint/Prettier for linting. Configure GitHub Actions to run tests, migrations, and deployment checks on PRs, with secrets managed outside the repository.