I don't think you'll be able to restrict a user to specific ports. However, a common solution here is to use Unix domain sockets (UDS) rather than TCP ports.
For example, if you're running Nginx on ports 80/443, you'd have your users configure their nodejs apps to each listen on their own Unix domain sockets. Each Unix domain socket has a filesystem path and filesystem permissions, just like files. So, each user would configure their app to listen on a Unix domain socket under their home directory at something like /home/USER/run/app.sock with permissions set so that the socket is readable and writable by Nginx. Then you'd configure Nginx so that it talks to the correct Unix domain socket for each "server" you've configured in Nginx (a "server" is what each separate website is called in the Nginx configuration).
For permissions reasons, if you aren't a filesystem permissions expert, you might have them use a path other than one under their home directory, too. It might be easier to use /var/run/USER/APPNAME.sock and you could make each /var/run/USER directory owned and writeable by USER and readable by the user Nginx runs as. That way, you don't have to be allowing the Nginx user's read access under each of your developer's home directories.