cursor rules group 4 & 5

.cursorrules

@@ -71,3 +71,69 @@
    • Document non-trivial logic with inline comments and consider implementing error boundaries where needed.
    • New code must adhere to these conventions to avoid ambiguity.
    • Use descriptive names that reflect the purpose and domain, avoiding abbreviations unless standard in the project.
+
+## Group 4 – Backend & API Guidelines
+
+1. API Endpoint Design & Documentation:
+   • Follow RESTful naming conventions; all route handlers should be named clearly and consistently.
+   • Document endpoints with Swagger annotations to provide descriptions, expected request bodies, and response codes.
+   • Examples (for Auth endpoints):
+       - POST /api/auth/signin/local
+           • Description: Logs the user into the system.
+           • Request Body (application/json):
+               { "email": "admin@flatlogic.com", "password": "password" }
+           • Responses:
+               - 200: Successful login (returns token and user data).
+               - 400: Invalid username/password supplied.
+       - GET /api/auth/me
+           • Description: Retrieves current authorized user information.
+           • Secured via Passport JWT; uses req.currentUser.
+           • Responses:
+               - 200: Returns current user info.
+               - 400: Invalid credentials or missing user data.
+       - POST /api/auth/signup
+           • Description: Registers a new user.
+           • Request Body (application/json):
+               { "email": "admin@flatlogic.com", "password": "password" }
+           • Responses:
+               - 200: New user signed up successfully.
+               - 400: Invalid input supplied.
+               - 500: Server error.
+
+## Group 5 – Testing, Quality Assurance & Error Handling
+
+1. Testing Guidelines:
+   • Write unit tests for critical backend and frontend components using frameworks such as Jest, React Testing Library, and Mocha/Chai.
+   • Practice test-driven development and maintain high test coverage.
+   • Regularly update tests following changes in business logic.
+
+2. Quality Assurance:
+   • Enforce code quality with ESLint, Prettier, and static analysis tools.
+   • Integrate continuous testing workflows (CI/CD) to catch issues early.
+   • Ensure documentation is kept up-to-date with the implemented code.
+
+3. Error Handling:
+   • Back-end:
+       - Wrap asynchronous route handlers with a helper (e.g., wrapAsync) to capture errors.
+       - Use centralized error handling middleware (e.g., commonErrorHandler) for uniform error responses.
+       - Verify the existence of req.currentUser in protected routes and return clear errors if authentication fails.
+   • Front-end:
+       - Implement error boundaries in React to gracefully handle runtime errors.
+       - Display user-friendly error messages and log errors for further analysis.
+
+2. Authentication & Security:
+   • Protect endpoints by using Passport.js with JWT (e.g., passport.authenticate('jwt', { session: false })).
+   • Ensure that secure routes check for existence of req.currentUser. If absent, return a ForbiddenError.
+
+3. Consistent Error Handling & Middleware Usage:
+   • Wrap asynchronous route handlers with helpers like wrapAsync for error propagation.
+   • Use centralized error handling middleware (e.g., commonErrorHandler) to capture and format errors uniformly.
+
+4. Modular Code Organization:
+   • Organize backend code into separate files for routes, services, and database access (e.g., auth.js, projects.js, tasks.js).
+   • Use descriptive, lowercase filenames for modules and routes.
+
+5. Endpoint Security Best Practices:
+   • Validate input data and sanitize requests where necessary.
+   • Restrict sensitive operations to authenticated users with proper role-based permissions.
+

frontend/json/runtimeError.json

@@ -0,0 +1 @@
+{}