Batch ameliorations: fix candidats, NER nom, recruiter_id + migration

.dockerignore

@@ -0,0 +1,15 @@
+__pycache__/
+*.py[cod]
+*.so
+.pytest_cache/
+.mypy_cache/
+.ruff_cache/
+.venv/
+venv/
+.env
+.git
+.gitignore
+.vscode/
+uploads/
+tests/
+*.db

ai_module/nlp/resume_ner_extractor.py

@@ -243,35 +243,43 @@ class ResumeNERExtractor:
             email_fallback = self._infer_name_from_email(emails[0])
 
         for index, raw_line in enumerate(lines[:80]):
-            line = raw_line.strip().strip('•*-').strip()
+            line = raw_line.strip().strip(‘•*-’).strip()
             normalized = self._normalize_for_matching(line)
 
-            if not line or '@' in line or 'http' in normalized or self._is_section_header(normalized):
+            if not line or ‘@’ in line or ‘http’ in normalized or self._is_section_header(normalized):
                 continue
-            if any(token in normalized for token in ('linkedin', 'github', 'contact', 'profil', 'profile')):
+            if any(token in normalized for token in (‘linkedin’, ‘github’, ‘contact’, ‘profil’, ‘profile’)):
                 continue
             if any(char.isdigit() for char in line):
                 continue
 
-            words = [word for word in re.split(r'\s+', line) if word]
-            if not 2 <= len(words) <= 3:
+            words = [word for word in re.split(r’\s+’, line) if word]
+            # Allow 1–4 words: single-name aliases, compound names, and particle names (de, van…)
+            if not 1 <= len(words) <= 4:
                 continue
 
-            alpha_words = sum(1 for word in words if re.search(r'[A-Za-zÀ-ÿ]', word))
+            alpha_words = sum(1 for word in words if re.search(r’[A-Za-zÀ-ÿ]’, word))
             if alpha_words != len(words):
                 continue
 
             score = 0
-            if index < 15:
+            # Strong position bonus for the very first lines of the CV
+            if index < 5:
+                score += 5
+            elif index < 15:
                 score += 3
-            if re.fullmatch(r"[A-ZÀ-Ÿ][A-ZÀ-Ÿ'’\-]+(?:\s+[A-ZÀ-Ÿ][A-ZÀ-Ÿ'’\-]+){1,2}", line):
+
+            # ALL_CAPS name (common in French CVs): highest match
+            if re.fullmatch(r"[A-ZÀ-Ÿ][A-ZÀ-Ÿ’’\-]+(?:\s+[A-ZÀ-Ÿ][A-ZÀ-Ÿ’’\-]+){0,3}", line):
                 score += 5
-            elif re.fullmatch(r"[A-ZÀ-Ÿ][A-Za-zÀ-ÿ'’\-]+(?:\s+[A-ZÀ-Ÿ][A-Za-zÀ-ÿ'’\-]+){1,2}", line):
+            # Title-case properly capitalized name
+            elif re.fullmatch(r"[A-ZÀ-Ÿ][A-Za-zÀ-ÿ’’\-]+(?:\s+[A-ZÀ-Ÿ][A-Za-zÀ-ÿ’’\-]+){0,3}", line):
                 score += 4
-            else:
+            # Mixed-case but all letters
+            elif all(re.search(r’[A-Za-zÀ-ÿ]’, w) for w in words):
                 score += 2
 
-            if any(keyword in normalized for keyword in ('experience', 'formation', 'education', 'profil', 'contact')):
+            if any(keyword in normalized for keyword in (‘experience’, ‘formation’, ‘education’, ‘profil’, ‘contact’)):
                 score -= 4
 
             candidates.append((score, line.title()))

alembic/versions/20260620_add_recruiter_id.py

@@ -0,0 +1,43 @@
+"""Add recruiter_id to candidates to track who uploaded each CV
+
+Revision ID: 20260620_add_recruiter_id
+Revises: 20260617_add_profile_visibility
+Create Date: 2026-06-20 00:00:00.000000
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+revision: str = "20260620_add_recruiter_id"
+down_revision: Union[str, None] = "20260617_add_profile_visibility"
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    op.add_column(
+        "candidates",
+        sa.Column(
+            "recruiter_id",
+            sa.Integer(),
+            sa.ForeignKey("users.id"),
+            nullable=True,
+        ),
+    )
+    op.create_index("ix_candidates_recruiter_id", "candidates", ["recruiter_id"])
+    # Backfill: existing recruiter-deposited profiles have owner_role='recruiter'
+    # and their user_id was incorrectly set to the recruiter's id.
+    # Move that value to recruiter_id and clear user_id so the unique constraint
+    # no longer blocks future uploads by the same recruiter.
+    op.execute("""
+        UPDATE candidates
+        SET recruiter_id = user_id, user_id = NULL
+        WHERE owner_role = 'recruiter' AND user_id IS NOT NULL
+    """)
+
+
+def downgrade() -> None:
+    op.drop_index("ix_candidates_recruiter_id", table_name="candidates")
+    op.drop_column("candidates", "recruiter_id")

app/api/candidates.py

@@ -84,7 +84,7 @@ def get_candidates(
     elif current_user.role == UserRole.recruiter:
         query = db.query(Candidate).filter(
             or_(
-                Candidate.user_id == current_user.id,
+                Candidate.recruiter_id == current_user.id,
                 and_(
                     or_(
                         Candidate.owner_role == "candidate",
@@ -380,29 +380,39 @@ async def upload_candidate_cv(
 
         # Visibility metadata
         depositor_role = cast(UserRole, current_user.role)
-        candidate_dict["user_id"] = current_user.id
         candidate_dict["owner_role"] = depositor_role.value  # "candidate" or "recruiter"
         # Recruiter deposits are always private; candidate profiles start hidden
         candidate_dict["is_visible"] = False
 
-        # Upsert: prefer user_id match, fall back to email
-        existing_candidate = db.query(Candidate).filter(
-            Candidate.user_id == current_user.id
-        ).first()
-
-        if not existing_candidate and candidate_dict.get("email"):
+        if depositor_role == UserRole.candidate:
+            # Candidate owns their profile: link via user_id (unique per user)
+            candidate_dict["user_id"] = current_user.id
+            candidate_dict["recruiter_id"] = None
             existing_candidate = db.query(Candidate).filter(
-                Candidate.email == candidate_dict["email"]
+                Candidate.user_id == current_user.id
             ).first()
+            if not existing_candidate and candidate_dict.get("email"):
+                existing_candidate = db.query(Candidate).filter(
+                    Candidate.email == candidate_dict["email"]
+                ).first()
+        else:
+            # Recruiter deposits: track recruiter via recruiter_id, NOT user_id.
+            # This allows a recruiter to upload many CVs without constraint conflicts.
+            candidate_dict["user_id"] = None
+            candidate_dict["recruiter_id"] = current_user.id
+            # Upsert only by email to avoid overwriting a different person's record
+            existing_candidate = None
+            if candidate_dict.get("email"):
+                existing_candidate = db.query(Candidate).filter(
+                    Candidate.email == candidate_dict["email"]
+                ).first()
 
         if existing_candidate:
             for key, value in candidate_dict.items():
                 setattr(existing_candidate, key, value)
-            existing_candidate.user_id = current_user.id
             db_candidate = existing_candidate
         else:
             db_candidate = Candidate(**candidate_dict)
-            db_candidate.user_id = current_user.id
             db.add(db_candidate)
 
         db.flush()
@@ -528,10 +538,14 @@ async def upload_cv_with_ner(
         candidate_email = profile.get("email") or current_user.email
         depositor_role = cast(UserRole, current_user.role)
 
+        is_recruiter_upload = depositor_role == UserRole.recruiter
         candidate = db.query(Candidate).filter(Candidate.email == candidate_email).first()
 
         if candidate:
-            candidate.user_id = current_user.id
+            if is_recruiter_upload:
+                candidate.recruiter_id = current_user.id
+            else:
+                candidate.user_id = current_user.id
             candidate.full_name = profile.get("full_name") or current_user.full_name
             candidate.phone = profile.get("phone")
             candidate.raw_text = text[:5000]
@@ -547,7 +561,8 @@ async def upload_cv_with_ner(
             candidate.cv_path = None  # not persisted
         else:
             candidate = Candidate(
-                user_id=current_user.id,
+                user_id=None if is_recruiter_upload else current_user.id,
+                recruiter_id=current_user.id if is_recruiter_upload else None,
                 full_name=profile.get("full_name") or current_user.full_name,
                 email=candidate_email,
                 phone=profile.get("phone"),

app/main.py

@@ -19,25 +19,20 @@ import logging
 class HTTPSRedirectMiddleware(BaseHTTPMiddleware):
     """
     Middleware to ensure redirects use HTTPS in production.
-    When deployed behind a reverse proxy (e.g., Railway), the request arrives as HTTP
+    When deployed behind a reverse proxy the request arrives as HTTP
     but should redirect to HTTPS. Starlette's redirect_slashes uses the request scheme,
     so we wrap the scope to force HTTPS redirects in production.
+    Activated by setting DEPLOY_ENV=production or NODE_ENV=production.
     """
-    """ async def dispatch(self, request: Request, call_next):
+    async def dispatch(self, request: Request, call_next):
         # In production, ensure the scheme seen by Starlette is HTTPS
         # by checking X-Forwarded-Proto header (set by reverse proxies)
-        if (os.getenv("NODE_ENV") == "production" or 
-            os.getenv("RAILWAY_ENVIRONMENT_NAME") == "production"):
+        if (os.getenv("NODE_ENV") == "production" or
+                os.getenv("DEPLOY_ENV") == "production"):
             forwarded_proto = request.headers.get("x-forwarded-proto", "").lower()
             if forwarded_proto == "https":
-                # Force the scope to use https so redirects are generated correctly
                 request.scope["scheme"] = "https"
         
-        return await call_next(request) """
-    async def dispatch(self, request: Request, call_next):
-        forwarded_proto = request.headers.get("x-forwarded-proto", "").lower()
-        if forwarded_proto == "https":
-            request.scope["scheme"] = "https"
         return await call_next(request)
 
 
@@ -52,12 +47,9 @@ app = FastAPI(
     redirect_slashes=True,
 )
 
-
 # Add HTTPS redirect middleware BEFORE CORS to catch all requests
-""" if os.getenv("ENABLE_HTTPS_REDIRECT", "false").lower() == "true":
-        app.add_middleware(HTTPSRedirectMiddleware) """
-app.add_middleware(HTTPSRedirectMiddleware)
-
+if os.getenv("ENABLE_HTTPS_REDIRECT", "false").lower() == "true":
+        app.add_middleware(HTTPSRedirectMiddleware)
 
 # Configure CORS
 allowed_origins = [

app/models/models.py

@@ -52,6 +52,7 @@ class Candidate(Base):
 
     id = Column(Integer, primary_key=True, index=True)
     user_id = Column(Integer, ForeignKey("users.id"), nullable=True, unique=True)
+    recruiter_id = Column(Integer, ForeignKey("users.id"), nullable=True, index=True)
     full_name = Column(String, nullable=False)
     email = Column(String, unique=True, index=True, nullable=False)
     phone = Column(String, nullable=True)

app/schemas/candidate.py

@@ -28,6 +28,7 @@ class CandidateResponse(CandidateBase):
     raw_text: Optional[str]
     owner_role: Optional[str] = None
     is_visible: bool = False
+    recruiter_id: Optional[int] = None
     created_at: datetime
     updated_at: Optional[datetime] = None