quicknotes/.cursor/rules/backend-logic.mdc

---
description: Keep business logic in the backend to ensure security and compatibility
globs: **/*.{ts,js,go}
---
<rule>
When implementing features that involve business logic:

1. Keep critical business logic in the backend:
   - Data validation and sanitization
   - ID/UUID generation
   - Timestamp management
   - Access control and authorization
   - Complex calculations or data transformations
   - Relationship management and graph traversal
   - Link extraction and validation

2. Frontend should only handle:
   - UI state management
   - User input collection
   - Data display and formatting
   - Basic input validation for UX
   - UI-specific transformations
   - Relationship visualization

3. Security-sensitive operations must always be in backend:
   - Cryptographic operations
   - Token generation/validation
   - Password handling
   - Session management

4. When in doubt about where to place logic:
   - If it affects data integrity → backend
   - If it requires secure execution → backend
   - If it needs to work without JavaScript → backend
   - If it's purely for display/interaction → frontend

5. Data synchronization guidelines:
   - Backend owns the source of truth for relationships
   - Frontend should never compute relationships locally
   - Use backend-provided relationship data for display
   - Cache relationship data in frontend stores
   - Update relationship cache on mutations
   - Preload relationships when beneficial for UX

metadata:
  priority: high
  version: 1.1
</rule>

examples:
  - input: |
      # Bad: Generating UUIDs in frontend
      const id = crypto.randomUUID();
    output: |
      // Backend generates ID
      const response = await api.createResource(data);
      const { id } = response;

  - input: |
      # Bad: Validating permissions in frontend
      if (user.hasPermission('edit')) { ... }
    output: |
      // Let backend handle authorization
      const response = await api.updateResource(id, data);
      if (response.status === 403) {
        showError('Not authorized');
      }

  - input: |
      # Bad: Computing relationships in frontend
      const links = content.match(/\[\[(.*?)\]\]/g);
    output: |
      // Use backend-provided relationships
      const { linksTo, linkedBy } = await api.getNote(id);
docs(rules): add rules for backend logic and manual build process 2025-02-21 07:55:49 +01:00			`---`
			`description: Keep business logic in the backend to ensure security and compatibility`
			`globs: */.{ts,js,go}`
			`---`
			`<rule>`
			`When implementing features that involve business logic:`

			`1. Keep critical business logic in the backend:`
			`- Data validation and sanitization`
			`- ID/UUID generation`
			`- Timestamp management`
			`- Access control and authorization`
			`- Complex calculations or data transformations`
feat(rules): add data synchronization guidelines to backend-logic 2025-02-21 09:11:37 +01:00			`- Relationship management and graph traversal`
			`- Link extraction and validation`
docs(rules): add rules for backend logic and manual build process 2025-02-21 07:55:49 +01:00
			`2. Frontend should only handle:`
			`- UI state management`
			`- User input collection`
			`- Data display and formatting`
			`- Basic input validation for UX`
			`- UI-specific transformations`
feat(rules): add data synchronization guidelines to backend-logic 2025-02-21 09:11:37 +01:00			`- Relationship visualization`
docs(rules): add rules for backend logic and manual build process 2025-02-21 07:55:49 +01:00
			`3. Security-sensitive operations must always be in backend:`
			`- Cryptographic operations`
			`- Token generation/validation`
			`- Password handling`
			`- Session management`

			`4. When in doubt about where to place logic:`
			`- If it affects data integrity → backend`
			`- If it requires secure execution → backend`
			`- If it needs to work without JavaScript → backend`
			`- If it's purely for display/interaction → frontend`

feat(rules): add data synchronization guidelines to backend-logic 2025-02-21 09:11:37 +01:00			`5. Data synchronization guidelines:`
			`- Backend owns the source of truth for relationships`
			`- Frontend should never compute relationships locally`
			`- Use backend-provided relationship data for display`
			`- Cache relationship data in frontend stores`
			`- Update relationship cache on mutations`
			`- Preload relationships when beneficial for UX`

docs(rules): add rules for backend logic and manual build process 2025-02-21 07:55:49 +01:00			`metadata:`
			`priority: high`
feat(rules): add data synchronization guidelines to backend-logic 2025-02-21 09:11:37 +01:00			`version: 1.1`
docs(rules): add rules for backend logic and manual build process 2025-02-21 07:55:49 +01:00			`</rule>`

			`examples:`
			`- input: \|`
			`# Bad: Generating UUIDs in frontend`
			`const id = crypto.randomUUID();`
			`output: \|`
			`// Backend generates ID`
			`const response = await api.createResource(data);`
			`const { id } = response;`

			`- input: \|`
			`# Bad: Validating permissions in frontend`
			`if (user.hasPermission('edit')) { ... }`
			`output: \|`
			`// Let backend handle authorization`
			`const response = await api.updateResource(id, data);`
			`if (response.status === 403) {`
			`showError('Not authorized');`
feat(rules): add data synchronization guidelines to backend-logic 2025-02-21 09:11:37 +01:00			`}`

			`- input: \|`
			`# Bad: Computing relationships in frontend`
			`const links = content.match(/\[\[(.*?)\]\]/g);`
			`output: \|`
			`// Use backend-provided relationships`
			`const { linksTo, linkedBy } = await api.getNote(id);`