All files / src/routes resumes.js

64.95% Statements 76/117
34.42% Branches 21/61
88.88% Functions 8/9
64.95% Lines 76/117

Press n or j to go to the next uncovered block, b, p or k for the previous block. 



1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
3027x
7x
7x
7x
7x
7x
7x
7x
7x
 
7x
 
 
7x
 
1x
1x
 
 
1x
 
 
1x
1x
1x
 
 
 
7x
 
 
 
 
 
1x
 
 
 
 
 
 
1x
1x
 
 
 
 
 
 
 
7x
1x
1x
 
 
1x
1x
 
 
 
1x
 
 
 
 
 
 
1x
 
 
 
 
1x
 
 
 
 
 
 
 
7x
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
7x
1x
1x
 
 
 
 
1x
 
 
 
 
1x
 
 
 
1x
 
 
1x
1x
 
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
7x
1x
1x
 
1x
 
 
 
 
1x
 
 
 
1x
 
 
1x
1x
 
 
 
1x
 
 
 
 
 
 
 
1x
 
 
 
1x
 
 
 
 
 
 
 
7x
1x
1x
 
 
1x
 
 
 
 
1x
 
 
 
1x
 
 
1x
 
 
 
 
1x
 
 
 
 
1x
 
 
 
 
 
1x
 
 
 
 
1x
 
 
 
 
 
 
 
 
 
 
7x
1x
1x
 
 
1x
 
 
 
 
1x
 
 
 
1x
 
 
1x
 
 
 
 
1x
 
 
 
1x
 
 
1x
1x
 
 
 
1x
 
1x
 
 
 
 
 
 
7x
 
const express = require('express');
const multer = require('multer');
const path = require('path');
const fs = require('fs');
const { v4: uuidv4 } = require('uuid');
const sanitize = require('sanitize-filename');
const pool = require('../database/connection');
const { authenticateToken, requireRole } = require('../middleware/auth');
const config = require('../config');
 
const router = express.Router();
 
// Configure multer for file uploads
const storage = multer.diskStorage({
  destination: (req, file, cb) => {
    const uploadDir = path.join(__dirname, '..', '..', config.uploadDir);
    Iif (!fs.existsSync(uploadDir)) {
      fs.mkdirSync(uploadDir, { recursive: true });
    }
    cb(null, uploadDir);
  },
  filename: (req, file, cb) => {
    const safeOriginal = sanitize(file.originalname);
    const uniqueName = `${uuidv4()}-${safeOriginal || 'resume'}`;
    cb(null, uniqueName);
  }
});
 
const upload = multer({
  storage: storage,
  limits: {
    fileSize: 10 * 1024 * 1024 // 10MB limit
  },
  fileFilter: (req, file, cb) => {
    const allowedTypes = [
      'application/pdf',
      'application/msword',
      'application/vnd.openxmlformats-officedocument.wordprocessingml.document',
      'text/plain'
    ];
    
    if (allowedTypes.includes(file.mimetype)) {
      cb(null, true);
    } else E{
      cb(new Error('Invalid file type. Only PDF, DOC, DOCX, and TXT files are allowed.'));
    }
  }
});
 
// Get all resumes for a candidate
router.get('/candidate/:candidateId', authenticateToken, async (req, res) => {
  try {
    const { candidateId } = req.params;
 
    // Check permissions
    if (req.user.role === 'candidate') {
      const candidateResult = await pool.query(
        'SELECT id FROM candidates WHERE user_id = $1',
        [req.user.id]
      );
      Iif (candidateResult.rows.length === 0 || candidateResult.rows[0].id !== candidateId) {
        return res.status(403).json({ error: 'Access denied' });
      }
    } else Eif (req.user.role !== 'admin' && req.user.role !== 'recruiter' && req.user.role !== 'employer') {
      return res.status(403).json({ error: 'Access denied' });
    }
 
    const result = await pool.query(
      'SELECT * FROM resumes WHERE candidate_id = $1 ORDER BY uploaded_at DESC',
      [candidateId]
    );
 
    res.json(result.rows);
  } catch (error) {
    console.error('Get resumes error:', error);
    res.status(500).json({ error: 'Failed to fetch resumes' });
  }
});
 
// Get resume by ID
router.get('/:id', authenticateToken, async (req, res) => {
  try {
    const { id } = req.params;
    
    const result = await pool.query(
      'SELECT * FROM resumes WHERE id = $1',
      [id]
    );
 
    if (result.rows.length === 0) {
      return res.status(404).json({ error: 'Resume not found' });
    }
 
    const resume = result.rows[0];
 
    // Check permissions
    if (req.user.role === 'candidate') {
      const candidateResult = await pool.query(
        'SELECT id FROM candidates WHERE user_id = $1',
        [req.user.id]
      );
      if (candidateResult.rows.length === 0 || candidateResult.rows[0].id !== resume.candidate_id) {
        return res.status(403).json({ error: 'Access denied' });
      }
    } else if (req.user.role !== 'admin' && req.user.role !== 'recruiter' && req.user.role !== 'employer') {
      return res.status(403).json({ error: 'Access denied' });
    }
 
    res.json(resume);
  } catch (error) {
    console.error('Get resume error:', error);
    res.status(500).json({ error: 'Failed to fetch resume' });
  }
});
 
// Upload resume
router.post('/upload', authenticateToken, requireRole(['candidate']), upload.single('resume'), async (req, res) => {
  try {
    Iif (!req.file) {
      return res.status(400).json({ error: 'No file uploaded' });
    }
 
    // Get candidate ID for the current user
    const candidateResult = await pool.query(
      'SELECT id FROM candidates WHERE user_id = $1',
      [req.user.id]
    );
 
    Iif (candidateResult.rows.length === 0) {
      return res.status(400).json({ error: 'Candidate profile not found' });
    }
 
    const candidateId = candidateResult.rows[0].id;
 
    // If this is set as primary, unset other primary resumes
    Eif (req.body.isPrimary === 'true') {
      await pool.query(
        'UPDATE resumes SET is_primary = false WHERE candidate_id = $1',
        [candidateId]
      );
    }
 
    const result = await pool.query(`
      INSERT INTO resumes (candidate_id, filename, original_name, file_path, file_size, mime_type, is_primary)
      VALUES ($1, $2, $3, $4, $5, $6, $7)
      RETURNING *
    `, [
      candidateId,
      req.file.filename,
      req.file.originalname,
      req.file.path,
      req.file.size,
      req.file.mimetype,
      req.body.isPrimary === 'true'
    ]);
 
    res.status(201).json({
      message: 'Resume uploaded successfully',
      resume: result.rows[0]
    });
  } catch (error) {
    console.error('Upload resume error:', error);
    res.status(500).json({ error: 'Failed to upload resume' });
  }
});
 
// Download resume
router.get('/:id/download', authenticateToken, async (req, res) => {
  try {
    const { id } = req.params;
    
    const result = await pool.query(
      'SELECT * FROM resumes WHERE id = $1',
      [id]
    );
 
    Iif (result.rows.length === 0) {
      return res.status(404).json({ error: 'Resume not found' });
    }
 
    const resume = result.rows[0];
 
    // Check permissions
    if (req.user.role === 'candidate') {
      const candidateResult = await pool.query(
        'SELECT id FROM candidates WHERE user_id = $1',
        [req.user.id]
      );
      Iif (candidateResult.rows.length === 0 || candidateResult.rows[0].id !== resume.candidate_id) {
        return res.status(403).json({ error: 'Access denied' });
      }
    } else Eif (req.user.role !== 'admin' && req.user.role !== 'recruiter' && req.user.role !== 'employer') {
      return res.status(403).json({ error: 'Access denied' });
    }
 
    // Check if file exists
    Iif (!fs.existsSync(resume.file_path)) {
      return res.status(404).json({ error: 'Resume file not found' });
    }
 
    res.download(resume.file_path, resume.original_name);
  } catch (error) {
    console.error('Download resume error:', error);
    res.status(500).json({ error: 'Failed to download resume' });
  }
});
 
// Set primary resume
router.put('/:id/primary', authenticateToken, requireRole(['candidate']), async (req, res) => {
  try {
    const { id } = req.params;
 
    // Get candidate ID for the current user
    const candidateResult = await pool.query(
      'SELECT id FROM candidates WHERE user_id = $1',
      [req.user.id]
    );
 
    Iif (candidateResult.rows.length === 0) {
      return res.status(400).json({ error: 'Candidate profile not found' });
    }
 
    const candidateId = candidateResult.rows[0].id;
 
    // Check if resume exists and belongs to the candidate
    const resumeResult = await pool.query(
      'SELECT id FROM resumes WHERE id = $1 AND candidate_id = $2',
      [id, candidateId]
    );
 
    Iif (resumeResult.rows.length === 0) {
      return res.status(404).json({ error: 'Resume not found' });
    }
 
    // Unset other primary resumes
    await pool.query(
      'UPDATE resumes SET is_primary = false WHERE candidate_id = $1',
      [candidateId]
    );
 
    // Set this resume as primary
    const result = await pool.query(
      'UPDATE resumes SET is_primary = true WHERE id = $1 RETURNING *',
      [id]
    );
 
    res.json({
      message: 'Primary resume updated successfully',
      resume: result.rows[0]
    });
  } catch (error) {
    console.error('Set primary resume error:', error);
    res.status(500).json({ error: 'Failed to set primary resume' });
  }
});
 
// Delete resume
router.delete('/:id', authenticateToken, requireRole(['candidate']), async (req, res) => {
  try {
    const { id } = req.params;
 
    // Get candidate ID for the current user
    const candidateResult = await pool.query(
      'SELECT id FROM candidates WHERE user_id = $1',
      [req.user.id]
    );
 
    Iif (candidateResult.rows.length === 0) {
      return res.status(400).json({ error: 'Candidate profile not found' });
    }
 
    const candidateId = candidateResult.rows[0].id;
 
    // Check if resume exists and belongs to the candidate
    const resumeResult = await pool.query(
      'SELECT * FROM resumes WHERE id = $1 AND candidate_id = $2',
      [id, candidateId]
    );
 
    Iif (resumeResult.rows.length === 0) {
      return res.status(404).json({ error: 'Resume not found' });
    }
 
    const resume = resumeResult.rows[0];
 
    // Delete file from filesystem
    Eif (fs.existsSync(resume.file_path)) {
      fs.unlinkSync(resume.file_path);
    }
 
    // Delete from database
    await pool.query('DELETE FROM resumes WHERE id = $1', [id]);
 
    res.json({ message: 'Resume deleted successfully' });
  } catch (error) {
    console.error('Delete resume error:', error);
    res.status(500).json({ error: 'Failed to delete resume' });
  }
});
 
module.exports = router;
 
Code coverage generated by istanbul at 2025-10-17T03:41:07.369Z