Cursor Rules TemplatesBackend
Cursor Rules Template: Node.js Express PostgreSQL Course Marketplace
Cursor Rules Template for building a Node.js + Express + PostgreSQL course marketplace with instructors, video lessons, reviews, coupons, payouts, and student analytics.
.cursorrules templatecursor rules templatecursor rulesCursor AI rulesnode express cursor rulespostgresql cursor rulescourse marketplace cursor rulesinstructors video lessons cursor rulescoupons payouts cursor rulesstudent analytics cursor rulesnode.js cursor rules template
Target User
Backend engineers and platform teams building course marketplaces
Use Cases
- Implement a scalable course marketplace backend
- Enforce secure authentication and payments flows
- Standardize API contracts across admin, instructor, and student roles
- Enable instructor onboarding, video lessons, reviews, and student analytics
Markdown Template
Cursor Rules Template: Node.js Express PostgreSQL Course Marketplace
Framework Role & Context:
- You are a senior Node.js/Express backend engineer tasked with implementing a scalable course marketplace backend using PostgreSQL. The Cursor AI will generate code and config following this template block.
Code Style and Style Guides:
- Use ESLint with Airbnb style, Prettier formatting, and consistent naming conventions (camelCase for variables, PascalCase for classes).
- Enforce unit tests and linting in CI.
Architecture & Directory Rules:
- Project layout:
src/
controllers/
routes/
services/
repositories/
models/
middlewares/
config/
validators/
db/
migrations/
tests/
- Controllers call services; services implement business logic; repositories access the database.
Authentication & Security Rules:
- Use JWT-based authentication with HttpOnly cookies; salt and hash passwords with bcrypt; verify password strength; verify tokens on protected endpoints.
- Do not log raw passwords; do not send tokens in URL; enable CSRF protection where applicable.
Database and ORM patterns:
- PostgreSQL with Sequelize ORM; migrations in db/migrations; models in src/models; use parameterized queries; avoid dynamic SQL strings.
- Enforce foreign key constraints; use transactions for multi-step operations (e.g., payout, coupon application).
Testing & Linting Workflows:
- Jest for unit tests; Supertest for endpoint integration tests; include mocks for external payment providers.
- Lint and format on commit via Husky/Git hooks; CI runs npm test and npm run lint.
Prohibited Actions and Anti-patterns for the AI:
- Do not bypass authentication or authorization checks; never use unparameterized SQL; avoid performing destructive operations on production data without confirmation; do not export secrets in code blocks.Overview
Direct answer: This Cursor Rules Template provides a complete configuration for building a Node.js/Express + PostgreSQL powered course marketplace with instructors, video lessons, reviews, coupons, payouts, and student analytics. It is designed for Cursor AI to consume and generate consistent code blocks in .cursorrules.
The Cursor rules configuration explains stack coverage, patterns, and constraints to ensure safe, scalable AI-assisted development.
Stack covered: Node.js, Express, PostgreSQL, Sequelize ORM, JWT-based authentication, and a payouts/analytics workflow.
When to Use These Cursor Rules
- Starting a course marketplace project requiring instructors, video lessons, reviews, coupons, and payouts.
- When you need consistent code scaffolding and API design for admin, instructor, and student flows.
- When you want reproducible architectures across teams and CI/CD pipelines.
Copyable .cursorrules Configuration
Framework Role & Context:
- You are a senior Node.js/Express backend engineer tasked with implementing a scalable course marketplace backend using PostgreSQL. The Cursor AI will generate code and config following this template block.
Code Style and Style Guides:
- Use ESLint with Airbnb style, Prettier formatting, and consistent naming conventions (camelCase for variables, PascalCase for classes).
- Enforce unit tests and linting in CI.
Architecture & Directory Rules:
- Project layout:
src/
controllers/
routes/
services/
repositories/
models/
middlewares/
config/
validators/
db/
migrations/
tests/
- Controllers call services; services implement business logic; repositories access the database.
Authentication & Security Rules:
- Use JWT-based authentication with HttpOnly cookies; salt and hash passwords with bcrypt; verify password strength; verify tokens on protected endpoints.
- Do not log raw passwords; do not send tokens in URL; enable CSRF protection where applicable.
Database and ORM patterns:
- PostgreSQL with Sequelize ORM; migrations in db/migrations; models in src/models; use parameterized queries; avoid dynamic SQL strings.
- Enforce foreign key constraints; use transactions for multi-step operations (e.g., payout, coupon application).
Testing & Linting Workflows:
- Jest for unit tests; Supertest for endpoint integration tests; include mocks for external payment providers.
- Lint and format on commit via Husky/Git hooks; CI runs npm test and npm run lint.
Prohibited Actions and Anti-patterns for the AI:
- Do not bypass authentication or authorization checks; never use unparameterized SQL; avoid performing destructive operations on production data without confirmation; do not export secrets in code blocks.
Recommended Project Structure
.
├─ package.json
├─ tsconfig.json (if using TypeScript) or jsconfig.json
├─ src
│ ├─ controllers
│ │ ├─ instructorController.js
│ │ ├─ courseController.js
│ │ └─ studentAnalyticsController.js
│ ├─ routes
│ │ ├─ api.js
│ │ └─ v1/
│ ├─ services
│ │ ├─ courseService.js
│ │ └─ payoutService.js
│ ├─ repositories
│ │ ├─ courseRepository.js
│ │ └─ couponRepository.js
│ ├─ models
│ │ ├─ user.js
│ │ ├─ course.js
│ │ ├─ instructor.js
│ │ ├─ review.js
│ │ ├─ coupon.js
│ │ ├─ payout.js
│ │ └─ analytics.js
│ ├─ middlewares
│ │ ├─ authMiddleware.js
│ │ └─ errorMiddleware.js
│ ├─ config
│ │ ├─ database.js
│ │ └─ passport.js
│ ├─ validators
│ │ └─ schemaValidators.js
│ └─ tests
│ └─ example.test.js
db
└─ migrations
└─ 20240601-create-buckets.js
Core Engineering Principles
- Explicit separation of concerns: controllers, services, and repositories must be distinct.
- Security by default: strong authentication, input validation, and safe database access patterns.
- Data-driven design: PostgreSQL schemas and ORM mappings drive API contracts.
- Observability: structured logging, metrics, and tracing for payout and analytics flows.
- Idempotence for payout and coupon application: retry-safe operations.
- Documentation and code quality: types, DTOs, validators, and linted code.
Code Construction Rules
- Endpoints under /api/v1 must be RESTful and versioned.
- DTOs and validation schemas must be defined for all request payloads.
- All DB access must go through repositories with parameterized queries and transactions when needed.
- Use environment-based configuration via a single config module; no hard-coded secrets.
- Payments and payouts must be modeled carefully with idempotency keys.
- Tests should cover unit, integration, and end-to-end flows where applicable.
- Do not bypass authentication checks or expose raw secrets in code blocks.
Security and Production Rules
- Store passwords hashed (bcrypt) and never in plain text; store password hashes only.
- Use JWTs with HttpOnly cookies; implement refresh token rotation, strong token secret management.
- Validate inputs (server-side) and escape or parameterize queries to prevent SQL injection.
- Enable CSRF protection for browser-based clients; use same-site cookies.
- Log security-relevant events, but never log secrets or tokens.
- Apply rate limiting and IP-based guards on sensitive endpoints (payouts, coupons).
Testing Checklist
- Unit tests for services and validators; mocks for external services.
- Integration tests for API endpoints using Supertest against a test DB.
- End-to-end tests for core flows: create course, enroll student, apply coupon, process payout, view analytics.
- Linting, formatting, and type checks in CI; tests must pass before merge.
Common Mistakes to Avoid
- Overusing global state or mutable shared objects in handlers.
- Skipping input validation or failing to sanitize data before DB access.
- Not using parameterized queries, leading to SQL injection risks.
- Out-of-date migrations or missing transactional boundaries for payouts.
- Ignoring observability; no logs or metrics for critical flows.
Related Cursor rules templates
Explore adjacent Cursor rules templates for similar stacks, workflows, and production constraints.
- Cursor Rules Template for Node.js Hotel Booking Platform
- Cursor Rules Template: Rental Marketplace with Property Listings, Applications, Tenant Screening, Payments and Messaging
- Cursor Rules Template: SaaS Revenue Dashboard (MRR, ARR, Churn & Cohorts)
- Cursor Rules Template: Podcast Management Stack
FAQ
What stack is covered by this Cursor Rules Template?
This Cursor Rules Template targets a Node.js/Express backend with PostgreSQL, Sequelize ORM, and JWT-based authentication to power a course marketplace with instructors, video lessons, reviews, coupons, payouts, and student analytics.
How do I implement authentication securely?
Use JWTs stored in HttpOnly cookies with refresh token rotation, bcrypt for password hashing, server-side validation, and CSRF protection for browser clients.
Where should I place database migrations?
Place migrations under db/migrations in your repository; run migrations on startup or via a dedicated migration tool during CI/CD.
How do I run tests and linting?
Run npm test for unit and integration tests; npm run lint for code style; configure CI to run tests on push and pull requests.
Can I customize the payouts workflow?
Yes, model payouts as idempotent operations with transaction-safe boundaries; use an external payment provider’s API with idempotency keys and ensure proper reconciliation within analytics.