Cursor Rules TemplatesCursor Rules Template

Cursor Rules Template for Node.js Hotel Booking Platform

Copyable Cursor rules template for a Node.js hotel booking platform with rooms, availability, payments, reviews, and admin management using Express and Sequelize.

.cursorrules templatecursor rules templatehotel bookingnode.jsexpresssequelizestripeavailabilityadmin panelreviewsCursor AI rules

Target User

Backend engineers and platform developers building hotel booking systems

Use Cases

  • Define backend domain models for hotels, rooms, availability, bookings, payments, and reviews
  • Enforce safe AI-assisted code generation with idempotent payment workflows
  • Implement JWT-based auth and admin management
  • Ensure data integrity with transactional booking flows
  • Provide test and linting workflows for CI/CD

Markdown Template

Cursor Rules Template for Node.js Hotel Booking Platform

// Cursor Rules Template: Node.js Hotel Booking Platform
framework: Node.js/Express
stack: PostgreSQL + Sequelize
context: You are Cursor AI. You generate and enforce a copyable .cursorrules block for building a hotel booking platform with rooms, availability, payments, reviews, and admin management using Node.js and Express.
styleGuide: eslint-config-airbnb-base, prettier
architecture:
  root: "/"
  src: "src"
  entry: "src/index.js"
  folders:
    - controllers
    - routes
    - models
    - services
    - middlewares
    - config
    - database
    - migrations
    - tests
auth:
  strategy: JWT
  accessTokenTTL: 15m
  refreshTokenTTL: 7d
security:
  enforceValidation: true
  rateLimiting:
    windowMs: 900000
    max: 200
db:
  type: PostgreSQL
  orm: Sequelize
  migrations: true
  namingConventions: camelCase
models:
  - Hotel: {id, name, address}
  - Room: {id, hotelId, number, type, price}
  - Availability: {id, roomId, date, isAvailable}
  - Booking: {id, userId, roomId, startDate, endDate, status, total}
  - Payment: {id, bookingId, amount, currency, status, gateway}
  - Review: {id, bookingId, rating, comment}
  - Admin: {id, email, passwordHash, role}
payments:
  gateway: Stripe
  currency: USD
  idempotency: true
  webhookVerification: true
tests:
  unit: jest
  integration: supertest
lint:
  precommit: true
  tooling: eslint, prettier
antiPatterns:
  - avoid client-side auth validation
  - avoid raw SQL in business logic
  - avoid concurrency without transactions
patterns:
  - bookingFlow:
      steps:
        - checkRoomAvailability
        - createBooking
        - processPayment
        - confirmBooking
        - notifyUser
  - adminLifecycle:
      steps:
        - adminAuthenticate
        - performAudit
        - logChanges
transforms:
  - normalizeDates: toUTC
  - currency: USD

Overview

Direct answer: This Cursor Rules Template provides a paste-ready .cursorrules block and stack-specific guidance for building a Node.js hotel booking platform (Express backend, PostgreSQL, Sequelize) with rooms, availability, payments via Stripe, user reviews, and an admin management interface.

The Cursor rules configuration is tailored to the Node.js + Express stack, covering authentication, database modeling, payment flows, and secure admin operations while ensuring safe AI-assisted development patterns.

When to Use These Cursor Rules

  • Starting a new hotel booking backend with clear architecture and security constraints.
  • Enforcing consistent coding standards, transactions, and payment idempotency in a multi-service flow.
  • Providing a copyable configuration that your team can paste into the project root as .cursorrules.
  • Educating engineers on safe AI-assisted development patterns for room inventory, bookings, and admin actions.

Copyable .cursorrules Configuration

// Cursor Rules Template: Node.js Hotel Booking Platform
framework: Node.js/Express
stack: PostgreSQL + Sequelize
context: You are Cursor AI. You generate and enforce a copyable .cursorrules block for building a hotel booking platform with rooms, availability, payments, reviews, and admin management using Node.js and Express.
styleGuide: eslint-config-airbnb-base, prettier
architecture:
  root: "/"
  src: "src"
  entry: "src/index.js"
  folders:
    - controllers
    - routes
    - models
    - services
    - middlewares
    - config
    - database
    - migrations
    - tests
auth:
  strategy: JWT
  accessTokenTTL: 15m
  refreshTokenTTL: 7d
security:
  enforceValidation: true
  rateLimiting:
    windowMs: 900000
    max: 200
db:
  type: PostgreSQL
  orm: Sequelize
  migrations: true
  namingConventions: camelCase
models:
  - Hotel: {id, name, address}
  - Room: {id, hotelId, number, type, price}
  - Availability: {id, roomId, date, isAvailable}
  - Booking: {id, userId, roomId, startDate, endDate, status, total}
  - Payment: {id, bookingId, amount, currency, status, gateway}
  - Review: {id, bookingId, rating, comment}
  - Admin: {id, email, passwordHash, role}
payments:
  gateway: Stripe
  currency: USD
  idempotency: true
  webhookVerification: true
tests:
  unit: jest
  integration: supertest
lint:
  precommit: true
  tooling: eslint, prettier
antiPatterns:
  - avoid client-side auth validation
  - avoid raw SQL in business logic
  - avoid concurrency without transactions
patterns:
  - bookingFlow:
      steps:
        - checkRoomAvailability
        - createBooking
        - processPayment
        - confirmBooking
        - notifyUser
  - adminLifecycle:
      steps:
        - adminAuthenticate
        - performAudit
        - logChanges
transforms:
  - normalizeDates: toUTC
  - currency: USD

Recommended Project Structure

hotel-booking-app/
├── src/
│   ├── controllers/
│   ├── routes/
│   ├── models/
│   ├── services/
│   ├── middlewares/
│   ├── config/
│   ├── database/
│   ├── migrations/
│   └── tests/
├── migrations/
├── package.json
├── .env.example
└── README.md

Core Engineering Principles

  • Explicit contracts: strongly type inputs/outputs in controllers and services.
  • Transactional integrity: bookings and payments use DB transactions to avoid partial updates.
  • Security by default: JWT-based auth, not relying on client-side enforcement; secret management via environment variables.
  • Observability: structured logs, metrics, and tracing for critical flows (booking, payment, admin actions).
  • Separation of concerns: clear boundaries between controllers, services, and models.

Code Construction Rules

  • Place all route handlers under src/routes and business logic under src/services.
  • Validate all input on the server with schema validation (e.g., Joi/express-validator).
  • Use transactions for booking and payment flows to ensure atomicity.
  • Implement Stripe payments with idempotency keys to prevent double charges.
  • Avoid direct DB writes in controllers; delegate to services with clear return values.
  • Do not hard-code credentials; use environment variables and config management.
  • Ensure availability updates are cached with a robust cache invalidation strategy.

Security and Production Rules

  • Encrypt sensitive data at rest where applicable; never store raw payment card numbers.
  • Use TLS, secure cookies (if sessions used), and CSRF protection for state-changing requests.
  • Validate every input server-side; reject malformed payloads early.
  • Rotate secrets and API keys regularly; use a secrets manager where possible.
  • Limit rate to booking and payment endpoints to mitigate abuse.

Testing Checklist

  • Unit tests for models and helpers (date math, price calculations).
  • Integration tests for booking flow with mocked Stripe or test gateway.
  • End-to-end tests for booking, payment, and admin actions in a test environment.
  • Linting and type-checking in CI; ensure pre-commit hooks run.

Common Mistakes to Avoid

  • Relying on client-side validation for security-critical flows.
  • Race conditions in availability updates without proper locking/transactions.
  • Storing PII or payment tokens insecurely; avoid logging sensitive data.
  • Ignoring auditing trails for admin actions and bookings.

Related Cursor rules templates

Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.

FAQ

What is a Cursor Rules Template and how does it help in this stack?

A Cursor Rules Template is a copyable configuration block that guides AI-driven code generation and enforcement for a Node.js hotel platform. It includes stack-specific rules for Express, Sequelize, PostgreSQL, Stripe payments, and admin tooling to ensure secure, maintainable development.

Which stack assumptions are baked into this template?

The template assumes a Node.js + Express backend, PostgreSQL database with Sequelize ORM, Stripe for payments, JWT for authentication, and a basic admin console. It enforces server-side validation, transactional integrity, and safe AI-assisted coding practices specific to this stack.

How do I paste the block into my project?

Copy the entire .cursorrules block from the Copyable section and place it at the project root as .cursorrules. Cursor AI will then guide code generation and enforcement for the stack during development and reviews.

Can I adapt this to a multi-hotel system?

Yes. Extend the models to support hotel hierarchies, room hierarchies, and multi-tenant data isolation. Maintain transactional integrity and audit trails across hotel scopes, while preserving the same patterns for bookings, payments, and admin actions.

What about security and PCI considerations?

Use Stripe’s secure payment flows, tokenization, and idempotent operations. Do not store raw card data; enforce input validation, TLS, and secure configuration management. Regularly rotate secrets and monitor access to admin routes.

How does the template influence testing and CI?

The template includes a testing and linting workflow, guiding unit/integration tests and CI steps to run tests, lint code, and verify security rules before deployment.