import os import sys # Hugging Face safe cache os.environ["HF_HOME"] = "/tmp/huggingface" os.environ["TRANSFORMERS_CACHE"] = "/tmp/huggingface/transformers" os.environ["HUGGINGFACE_HUB_CACHE"] = "/tmp/huggingface/hub" # Force Flask instance path to a writable temporary folder safe_instance_path = "/tmp/flask_instance" # Create the safe instance path after imports os.makedirs(safe_instance_path, exist_ok=True) from flask import Flask, render_template, redirect, url_for, flash, request from flask_login import LoginManager, login_required, current_user from werkzeug.utils import secure_filename import sys import json from datetime import datetime # Adjust sys.path for import flexibility current_dir = os.path.dirname(os.path.abspath(__file__)) sys.path.append(current_dir) # Import and initialize DB from backend.models.database import db, Job, Application, init_db from backend.models.user import User from backend.routes.auth import auth_bp, handle_resume_upload from backend.routes.interview_api import interview_api # Import additional utilities import re import json # Initialize Flask app app = Flask( __name__, static_folder='backend/static', static_url_path='/static', template_folder='backend/templates', instance_path=safe_instance_path # ✅ points to writable '/tmp/flask_instance' ) app.config['SECRET_KEY'] = 'saadi' # ----------------------------------------------------------------------------- # Cookie configuration for Hugging Face Spaces # # When running this app inside an iframe (as is typical on Hugging Face Spaces), # browsers will drop cookies that have the default SameSite policy of ``Lax``. # This prevents the Flask session cookie from being stored and means that # ``login_user()`` will appear to have no effect – the user will be redirected # back to the home page but remain anonymous. By explicitly setting the # SameSite policy to ``None`` and enabling the ``Secure`` flag, we allow the # session and remember cookies to be sent even when the app is embedded in an # iframe. Without these settings the sign‑up and login flows work locally # but silently fail in Spaces, causing the "redirect to home page without # anything" behaviour reported by users. app.config['SESSION_COOKIE_SAMESITE'] = 'None' app.config['SESSION_COOKIE_SECURE'] = True app.config['REMEMBER_COOKIE_SAMESITE'] = 'None' app.config['REMEMBER_COOKIE_SECURE'] = True # Configure the database connection # Use /tmp directory for database in Hugging Face Spaces # Note: Data will be lost when the space restarts app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:////tmp/codingo.db' app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False from flask_wtf.csrf import CSRFProtect # csrf = CSRFProtect(app) # Create necessary directories in writable locations os.makedirs('/tmp/static/audio', exist_ok=True) os.makedirs('/tmp/temp', exist_ok=True) # Initialize DB with app init_db(app) # Flask-Login setup login_manager = LoginManager() login_manager.login_view = 'auth.login' login_manager.init_app(app) @login_manager.user_loader def load_user(user_id): return db.session.get(User, int(user_id)) # Register blueprints app.register_blueprint(auth_bp) app.register_blueprint(interview_api, url_prefix="/api") # Routes (keep your existing routes) @app.route('/') def index(): return render_template('index.html') @app.route('/jobs') def jobs(): all_jobs = Job.query.order_by(Job.date_posted.desc()).all() return render_template('jobs.html', jobs=all_jobs) @app.route('/job/') def job_detail(job_id): job = Job.query.get_or_404(job_id) return render_template('job_detail.html', job=job) @app.route('/apply/', methods=['GET', 'POST']) @login_required def apply(job_id): job = Job.query.get_or_404(job_id) if request.method == 'POST': # Retrieve the uploaded resume file from the request. The ``name`` # attribute in the HTML form is ``resume``. file = request.files.get('resume') # Use our safe upload helper to store the resume. ``filepath`` # contains the location where the file was saved so that recruiters # can download it later. Resume parsing has been disabled, so # ``features`` will always be an empty dictionary. features, error, filepath = handle_resume_upload(file) # If there was an error saving the resume, notify the user. We no # longer attempt to parse the resume contents, so the manual fields # collected below will form the entire feature set. if error: flash("Resume upload failed. Please try again.", "danger") return render_template('apply.html', job=job) # Collect the manually entered fields for skills, experience and education. # Users can separate entries with commas, semicolons or newlines; we # normalise the input into lists of trimmed strings. def parse_entries(raw_value: str): import re entries = [] if raw_value: # Split on commas, semicolons or newlines for item in re.split(r'[\n,;]+', raw_value): item = item.strip() if item: entries.append(item) return entries skills_input = request.form.get('skills', '') experience_input = request.form.get('experience', '') education_input = request.form.get('education', '') manual_features = { "skills": parse_entries(skills_input), "experience": parse_entries(experience_input), "education": parse_entries(education_input) } # Prepare the application record. We ignore the empty ``features`` # returned by ``handle_resume_upload`` and instead persist the # manually collected attributes. The extracted_features column # expects a JSON string; json.dumps handles proper serialization. application = Application( job_id=job_id, user_id=current_user.id, name=current_user.username, email=current_user.email, resume_path=filepath, extracted_features=json.dumps(manual_features) ) db.session.add(application) db.session.commit() flash('Your application has been submitted successfully!', 'success') return redirect(url_for('jobs')) return render_template('apply.html', job=job) @app.route('/my_applications') @login_required def my_applications(): applications = Application.query.filter_by( user_id=current_user.id ).order_by(Application.date_applied.desc()).all() return render_template('my_applications.html', applications=applications) @app.route('/parse_resume', methods=['POST']) def parse_resume(): file = request.files.get('resume') features, error, filepath = handle_resume_upload(file) # If the upload failed, return an error. Parsing is no longer # supported, so we do not attempt to inspect the resume contents. if error: return {"error": "Error processing resume. Please try again."}, 400 # If no features were extracted (the normal case now), respond with # empty fields rather than an error. This preserves the API # contract expected by any front‑end code that might call this # endpoint. if not features: return { "name": "", "email": "", "mobile_number": "", "skills": [], "experience": [], "education": [], "summary": "" }, 200 # Should features contain values (unlikely in the new implementation), # pass them through to the client. response = { "name": features.get('name', ''), "email": features.get('email', ''), "mobile_number": features.get('mobile_number', ''), "skills": features.get('skills', []), "experience": features.get('experience', []), "education": features.get('education', []), "summary": features.get('summary', '') } return response, 200 @app.route("/interview/") @login_required def interview_page(job_id): job = Job.query.get_or_404(job_id) application = Application.query.filter_by( user_id=current_user.id, job_id=job_id ).first() if not application or not application.extracted_features: flash("Please apply for this job and upload your resume first.", "warning") return redirect(url_for('job_detail', job_id=job_id)) cv_data = json.loads(application.extracted_features) return render_template("interview.html", job=job, cv=cv_data) # ----------------------------------------------------------------------------- # Recruiter job posting route # # Authenticated users with a recruiter or admin role can access this page to # create new job listings. Posted jobs are associated with the current # recruiter via the ``recruiter_id`` foreign key on the ``Job`` model. @app.route('/post_job', methods=['GET', 'POST']) @login_required def post_job(): # Only allow recruiters and admins to post jobs if current_user.role not in ('recruiter', 'admin'): flash('You do not have permission to post jobs.', 'warning') return redirect(url_for('jobs')) if request.method == 'POST': # Extract fields from the form role_title = request.form.get('role', '').strip() description = request.form.get('description', '').strip() seniority = request.form.get('seniority', '').strip() skills_input = request.form.get('skills', '').strip() company = request.form.get('company', '').strip() # Validate required fields errors = [] if not role_title: errors.append('Job title is required.') if not description: errors.append('Job description is required.') if not seniority: errors.append('Seniority level is required.') if not skills_input: errors.append('Skills are required.') if not company: errors.append('Company name is required.') if errors: for err in errors: flash(err, 'danger') return render_template('post_job.html') # Normalise the skills input into a JSON encoded list. Users can # separate entries with commas, semicolons or newlines. skills_list = [s.strip() for s in re.split(r'[\n,;]+', skills_input) if s.strip()] skills_json = json.dumps(skills_list) # Create and persist the new job new_job = Job( role=role_title, description=description, seniority=seniority, skills=skills_json, company=company, recruiter_id=current_user.id ) db.session.add(new_job) db.session.commit() flash('Job posted successfully!', 'success') return redirect(url_for('jobs')) # GET request returns the form return render_template('post_job.html') # ----------------------------------------------------------------------------- # Recruiter dashboard route # # Displays a list of candidates who applied to jobs posted by the current # recruiter. Candidates are sorted by a simple skill match score computed # against the job requirements. A placeholder download button is provided # for future PDF report functionality. @app.route('/dashboard') @login_required def dashboard(): # Only recruiters and admins can view the dashboard if current_user.role not in ('recruiter', 'admin'): flash('You do not have permission to access the dashboard.', 'warning') return redirect(url_for('index')) # Fetch jobs posted by the current recruiter posted_jobs = Job.query.filter_by(recruiter_id=current_user.id).all() job_ids = [job.id for job in posted_jobs] candidates_with_scores = [] if job_ids: # Fetch applications associated with these job IDs candidate_apps = Application.query.filter(Application.job_id.in_(job_ids)).all() # Helper to compute a match score based on skills overlap def compute_score(application): try: # Extract candidate skills from stored JSON candidate_features = json.loads(application.extracted_features) if application.extracted_features else {} candidate_skills = candidate_features.get('skills', []) # Retrieve the job's required skills and parse from JSON job_skills = json.loads(application.job.skills) if application.job and application.job.skills else [] if not job_skills: return ('Medium', 2) # Default when job specifies no skills # Compute case‑insensitive intersection candidate_set = {s.lower() for s in candidate_skills} job_set = {s.lower() for s in job_skills} common = candidate_set & job_set ratio = len(common) / len(job_set) if job_set else 0 # Map ratio to qualitative score if ratio >= 0.75: return ('Excellent', 4) elif ratio >= 0.5: return ('Good', 3) elif ratio >= 0.25: return ('Medium', 2) else: return ('Poor', 1) except Exception: return ('Medium', 2) # Build a list of candidate applications with computed scores for app_record in candidate_apps: score_label, score_value = compute_score(app_record) candidates_with_scores.append({ 'application': app_record, 'score_label': score_label, 'score_value': score_value }) # Sort candidates from highest to lowest score candidates_with_scores.sort(key=lambda item: item['score_value'], reverse=True) return render_template('dashboard.html', candidates=candidates_with_scores) if __name__ == '__main__': print("Starting Codingo application...") with app.app_context(): db.create_all() # Use port from environment or default to 7860 port = int(os.environ.get('PORT', 7860)) app.run(debug=True, host='0.0.0.0', port=port)