tester/hireflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add user authentication, RBAC, and improved recruiter dashboard

Browse Source 
- JWT-based auth with access tokens (15m) and refresh tokens (7d)
- User registration, login, logout, and /auth/me endpoints
- Three roles: admin, recruiter, hiring_manager with middleware enforcement
- users and refresh_tokens tables with bcrypt password hashing
- Login and Register pages with full form validation
- Protected routes — unauthenticated users redirect to /login
- Dashboard upgraded: real metrics, pipeline overview with progress bars,
  recent activity feed with 30s polling, and quick-action cards
- Dashboard API endpoints: /api/dashboard/metrics, pipeline-summary, recent-activity

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
tester
2026-02-21 22:06:11 +00:00
parent ede906ed3a
commit c4940e9691
11 changed files with 2036 additions and 84 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1032
client/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

27
client/package.json
View File

@@ -9,28 +9,29 @@
"preview": "vite preview" "preview": "vite preview"
}, },
"dependencies": { "dependencies": {
"react": "^19.0.0",
"react-dom": "^19.0.0",
"react-router-dom": "^7.1.0",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"tailwind-merge": "^2.6.0",
"lucide-react": "^0.469.0",
"@radix-ui/react-slot": "^1.1.1",
"@radix-ui/react-separator": "^1.1.1",
"@radix-ui/react-dialog": "^1.1.4", "@radix-ui/react-dialog": "^1.1.4",
"@radix-ui/react-label": "^2.1.1", "@radix-ui/react-label": "^2.1.1",
"@radix-ui/react-select": "^2.1.4", "@radix-ui/react-select": "^2.1.4",
"@radix-ui/react-separator": "^1.1.1",
"@radix-ui/react-slot": "^1.1.1",
"@radix-ui/react-tabs": "^1.1.2", "@radix-ui/react-tabs": "^1.1.2",
"@radix-ui/react-toast": "^1.2.4" "@radix-ui/react-toast": "^1.2.4",
"class-variance-authority": "^0.7.1",
"clsx": "^2.1.1",
"lucide-react": "^0.469.0",
"radix-ui": "^1.4.3",
"react": "^19.0.0",
"react-dom": "^19.0.0",
"react-router-dom": "^7.1.0",
"tailwind-merge": "^2.6.0"
}, },
"devDependencies": { "devDependencies": {
"@tailwindcss/vite": "^4.0.0",
"@types/react": "^19.0.0", "@types/react": "^19.0.0",
"@types/react-dom": "^19.0.0", "@types/react-dom": "^19.0.0",
"@vitejs/plugin-react": "^4.3.4", "@vitejs/plugin-react": "^4.3.4",
"typescript": "~5.7.0",
"vite": "^6.0.0",
"tailwindcss": "^4.0.0", "tailwindcss": "^4.0.0",
"@tailwindcss/vite": "^4.0.0" "typescript": "~5.7.0",
"vite": "^6.0.0"
} }
} }

93
client/src/App.tsx
View File

@@ -1,42 +1,77 @@
import { BrowserRouter, Routes, Route, NavLink } from 'react-router-dom' import { BrowserRouter, Routes, Route, NavLink, Navigate } from 'react-router-dom'
import { AuthProvider, useAuth } from '@/lib/auth'
import HomePage from '@/pages/Home' import HomePage from '@/pages/Home'
import CandidatesPage from '@/pages/Candidates' import CandidatesPage from '@/pages/Candidates'
import JobsPage from '@/pages/Jobs' import JobsPage from '@/pages/Jobs'
import ScorecardsPage from '@/pages/Scorecards' import ScorecardsPage from '@/pages/Scorecards'
import LoginPage from '@/pages/Login'
import RegisterPage from '@/pages/Register'
function ProtectedRoute({ children }: { children: React.ReactNode }) {
const { user, loading } = useAuth()
if (loading) return <div className="min-h-screen flex items-center justify-center text-muted-foreground">Loading...</div>
if (!user) return <Navigate to="/login" replace />
return <>{children}</>
}
function Layout() {
const { user, logout } = useAuth()
return (
<div className="min-h-screen bg-[#F9FAFB]">
<header className="border-b sticky top-0 bg-white z-10 shadow-sm">
<div className="container mx-auto flex h-16 items-center justify-between px-4">
<div className="flex items-center gap-2">
<span className="text-xl font-bold text-[#3B82F6]">HireFlow</span>
<span className="text-xs text-muted-foreground bg-muted px-2 py-0.5 rounded-full hidden sm:block">AI Recruitment</span>
</div>
<nav className="flex items-center gap-1">
<NavLink to="/" end className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-[#3B82F6] text-white' : 'hover:bg-muted'}`
}>Dashboard</NavLink>
<NavLink to="/candidates" className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-[#3B82F6] text-white' : 'hover:bg-muted'}`
}>Candidates</NavLink>
<NavLink to="/jobs" className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-[#3B82F6] text-white' : 'hover:bg-muted'}`
}>Jobs</NavLink>
<NavLink to="/scorecards" className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-[#3B82F6] text-white' : 'hover:bg-muted'}`
}>Scorecards</NavLink>
</nav>
{user && (
<div className="flex items-center gap-3">
<div className="hidden sm:block text-right">
<p className="text-xs font-medium">{user.email}</p>
<p className="text-xs text-muted-foreground capitalize">{user.role.replace('_', ' ')}</p>
</div>
<button onClick={logout} className="text-xs text-muted-foreground hover:text-foreground px-2 py-1 rounded hover:bg-muted transition-colors">
Sign out
</button>
</div>
)}
</div>
</header>
<Routes>
<Route path="/" element={<ProtectedRoute><HomePage /></ProtectedRoute>} />
<Route path="/candidates" element={<ProtectedRoute><CandidatesPage /></ProtectedRoute>} />
<Route path="/jobs" element={<ProtectedRoute><JobsPage /></ProtectedRoute>} />
<Route path="/scorecards" element={<ProtectedRoute><ScorecardsPage /></ProtectedRoute>} />
</Routes>
</div>
)
}
function App() { function App() {
return ( return (
<BrowserRouter> <BrowserRouter>
<div className="min-h-screen bg-background"> <AuthProvider>
<header className="border-b sticky top-0 bg-background z-10">
<div className="container mx-auto flex h-16 items-center justify-between px-4">
<div className="flex items-center gap-2">
<span className="text-xl font-bold text-primary">HireFlow</span>
<span className="text-xs text-muted-foreground bg-muted px-2 py-0.5 rounded-full">AI Recruitment</span>
</div>
<nav className="flex items-center gap-1">
<NavLink to="/" end className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-primary text-primary-foreground' : 'hover:bg-muted'}`
}>Dashboard</NavLink>
<NavLink to="/candidates" className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-primary text-primary-foreground' : 'hover:bg-muted'}`
}>Candidates</NavLink>
<NavLink to="/jobs" className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-primary text-primary-foreground' : 'hover:bg-muted'}`
}>Jobs</NavLink>
<NavLink to="/scorecards" className={({ isActive }) =>
`px-3 py-2 rounded-md text-sm font-medium transition-colors ${isActive ? 'bg-primary text-primary-foreground' : 'hover:bg-muted'}`
}>Scorecards</NavLink>
</nav>
</div>
</header>
<Routes> <Routes>
<Route path="/" element={<HomePage />} /> <Route path="/login" element={<LoginPage />} />
<Route path="/candidates" element={<CandidatesPage />} /> <Route path="/register" element={<RegisterPage />} />
<Route path="/jobs" element={<JobsPage />} /> <Route path="/*" element={<Layout />} />
<Route path="/scorecards" element={<ScorecardsPage />} />
</Routes> </Routes>
</div> </AuthProvider>
</BrowserRouter> </BrowserRouter>
) )
} }

22
client/src/components/ui/label.tsx Normal file
View File

@@ -0,0 +1,22 @@
import * as React from "react"
import { Label as LabelPrimitive } from "radix-ui"
import { cn } from "@/lib/utils"
function Label({
className,
...props
}: React.ComponentProps<typeof LabelPrimitive.Root>) {
return (
<LabelPrimitive.Root
data-slot="label"
className={cn(
"flex items-center gap-2 text-sm leading-none font-medium select-none group-data-[disabled=true]:pointer-events-none group-data-[disabled=true]:opacity-50 peer-disabled:cursor-not-allowed peer-disabled:opacity-50",
className
)}
{...props}
/>
)
}
export { Label }

127
client/src/lib/auth.tsx Normal file
View File

@@ -0,0 +1,127 @@
import { createContext, useContext, useState, useEffect, ReactNode } from 'react'
interface User {
id: number
email: string
role: 'admin' | 'recruiter' | 'hiring_manager'
}
interface AuthContextType {
user: User | null
accessToken: string | null
login: (email: string, password: string) => Promise<void>
logout: () => Promise<void>
register: (email: string, password: string, role?: string) => Promise<void>
loading: boolean
}
const AuthContext = createContext<AuthContextType | null>(null)
export function AuthProvider({ children }: { children: ReactNode }) {
const [user, setUser] = useState<User | null>(null)
const [accessToken, setAccessToken] = useState<string | null>(null)
const [loading, setLoading] = useState(true)
useEffect(() => {
const token = localStorage.getItem('accessToken')
const refreshToken = localStorage.getItem('refreshToken')
if (token && refreshToken) {
// Verify token by fetching /auth/me
fetch('/auth/me', { headers: { Authorization: `Bearer ${token}` } })
.then(r => r.json())
.then(data => {
if (data.id) {
setUser(data)
setAccessToken(token)
} else {
// Try refresh
return refreshAccessToken(refreshToken)
}
})
.catch(() => {})
.finally(() => setLoading(false))
} else {
setLoading(false)
}
}, [])
async function refreshAccessToken(refreshToken: string) {
const res = await fetch('/auth/refresh', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ refreshToken })
})
if (res.ok) {
const data = await res.json()
setAccessToken(data.accessToken)
setUser(data.user)
localStorage.setItem('accessToken', data.accessToken)
} else {
localStorage.removeItem('accessToken')
localStorage.removeItem('refreshToken')
}
}
async function login(email: string, password: string) {
const res = await fetch('/auth/login', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email, password })
})
const data = await res.json()
if (!res.ok) throw new Error(data.error || 'Login failed')
setUser(data.user)
setAccessToken(data.accessToken)
localStorage.setItem('accessToken', data.accessToken)
localStorage.setItem('refreshToken', data.refreshToken)
}
async function logout() {
const token = accessToken || localStorage.getItem('accessToken')
if (token) {
await fetch('/auth/logout', {
method: 'POST',
headers: { Authorization: `Bearer ${token}` }
}).catch(() => {})
}
setUser(null)
setAccessToken(null)
localStorage.removeItem('accessToken')
localStorage.removeItem('refreshToken')
}
async function register(email: string, password: string, role = 'recruiter') {
const res = await fetch('/auth/register', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ email, password, role })
})
const data = await res.json()
if (!res.ok) throw new Error(data.error || 'Registration failed')
}
return (
<AuthContext.Provider value={{ user, accessToken, login, logout, register, loading }}>
{children}
</AuthContext.Provider>
)
}
export function useAuth() {
const ctx = useContext(AuthContext)
if (!ctx) throw new Error('useAuth must be used within AuthProvider')
return ctx
}
// Helper to make authenticated API calls
export async function authFetch(url: string, options: RequestInit = {}) {
const token = localStorage.getItem('accessToken')
return fetch(url, {
...options,
headers: {
'Content-Type': 'application/json',
...(token ? { Authorization: `Bearer ${token}` } : {}),
...options.headers
}
})
}

179
client/src/pages/Home.tsx
View File

@@ -1,34 +1,87 @@
import { useEffect, useState } from 'react' import { useEffect, useState } from 'react'
import { Link } from 'react-router-dom'
import { Card, CardHeader, CardTitle, CardContent } from '@/components/ui/card' import { Card, CardHeader, CardTitle, CardContent } from '@/components/ui/card'
import { Button } from '@/components/ui/button'
import { authFetch } from '@/lib/auth'
interface Stats { interface Metrics {
candidates: number totalCandidates: number
jobs: number activeJobs: number
scorecards: number totalApplications: number
applications: number interviewsThisWeek: number
}
interface PipelineSummary {
applied: number
screening: number
interview: number
offer: number
hired: number
}
interface Activity {
type: string
title: string
subtitle: string | null
timestamp: string
} }
export default function HomePage() { export default function HomePage() {
const [stats, setStats] = useState<Stats>({ candidates: 0, jobs: 0, scorecards: 0, applications: 0 }) const [metrics, setMetrics] = useState<Metrics>({ totalCandidates: 0, activeJobs: 0, totalApplications: 0, interviewsThisWeek: 0 })
const [pipeline, setPipeline] = useState<PipelineSummary>({ applied: 0, screening: 0, interview: 0, offer: 0, hired: 0 })
const [activities, setActivities] = useState<Activity[]>([])
useEffect(() => { useEffect(() => {
fetch('/api/stats').then(r => r.json()).then(setStats).catch(() => {}) const load = () => {
authFetch('/api/dashboard/metrics').then(r => r.json()).then(setMetrics).catch(() => {})
authFetch('/api/dashboard/pipeline-summary').then(r => r.json()).then(setPipeline).catch(() => {})
authFetch('/api/dashboard/recent-activity').then(r => r.json()).then(d => setActivities(d.activities || [])).catch(() => {})
}
load()
const interval = setInterval(load, 30000)
return () => clearInterval(interval)
}, []) }, [])
const pipelineStages = [
{ key: 'applied', label: 'Applied', color: 'bg-gray-100 text-gray-700' },
{ key: 'screening', label: 'Screening', color: 'bg-blue-100 text-blue-700' },
{ key: 'interview', label: 'Interview', color: 'bg-yellow-100 text-yellow-700' },
{ key: 'offer', label: 'Offer', color: 'bg-purple-100 text-purple-700' },
{ key: 'hired', label: 'Hired', color: 'bg-green-100 text-green-700' },
]
const activityTypeLabel: Record<string, string> = {
candidate_added: 'New Candidate',
job_posted: 'Job Posted',
application: 'Application'
}
return ( return (
<div className="container mx-auto px-4 py-8"> <div className="container mx-auto px-4 py-8">
<div className="mb-8"> <div className="flex flex-col sm:flex-row sm:items-center sm:justify-between mb-8 gap-4">
<div>
<h1 className="text-3xl font-bold">Dashboard</h1> <h1 className="text-3xl font-bold">Dashboard</h1>
<p className="text-muted-foreground mt-1">AI-powered recruitment platform for Nordic agencies</p> <p className="text-muted-foreground mt-1">Your recruitment activity at a glance</p>
</div>
<div className="flex gap-2">
<Link to="/jobs">
<Button className="bg-[#3B82F6] hover:bg-blue-600 text-white">Post a Job</Button>
</Link>
<Link to="/candidates">
<Button variant="outline">Add Candidate</Button>
</Link>
</div>
</div> </div>
{/* Metrics */}
<div className="grid gap-4 sm:grid-cols-2 lg:grid-cols-4 mb-8"> <div className="grid gap-4 sm:grid-cols-2 lg:grid-cols-4 mb-8">
<Card> <Card>
<CardHeader className="pb-2"> <CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">Total Candidates</CardTitle> <CardTitle className="text-sm font-medium text-muted-foreground">Total Candidates</CardTitle>
</CardHeader> </CardHeader>
<CardContent> <CardContent>
<div className="text-3xl font-bold">{stats.candidates}</div> <div className="text-3xl font-bold text-[#3B82F6]">{metrics.totalCandidates}</div>
<p className="text-xs text-muted-foreground mt-1">In your database</p>
</CardContent> </CardContent>
</Card> </Card>
<Card> <Card>
@@ -36,7 +89,8 @@ export default function HomePage() {
<CardTitle className="text-sm font-medium text-muted-foreground">Active Jobs</CardTitle> <CardTitle className="text-sm font-medium text-muted-foreground">Active Jobs</CardTitle>
</CardHeader> </CardHeader>
<CardContent> <CardContent>
<div className="text-3xl font-bold">{stats.jobs}</div> <div className="text-3xl font-bold text-[#3B82F6]">{metrics.activeJobs}</div>
<p className="text-xs text-muted-foreground mt-1">Currently posted</p>
</CardContent> </CardContent>
</Card> </Card>
<Card> <Card>
@@ -44,51 +98,108 @@ export default function HomePage() {
<CardTitle className="text-sm font-medium text-muted-foreground">Applications</CardTitle> <CardTitle className="text-sm font-medium text-muted-foreground">Applications</CardTitle>
</CardHeader> </CardHeader>
<CardContent> <CardContent>
<div className="text-3xl font-bold">{stats.applications}</div> <div className="text-3xl font-bold text-[#3B82F6]">{metrics.totalApplications}</div>
<p className="text-xs text-muted-foreground mt-1">Total received</p>
</CardContent> </CardContent>
</Card> </Card>
<Card> <Card>
<CardHeader className="pb-2"> <CardHeader className="pb-2">
<CardTitle className="text-sm font-medium text-muted-foreground">Scorecards</CardTitle> <CardTitle className="text-sm font-medium text-muted-foreground">Interviews This Week</CardTitle>
</CardHeader> </CardHeader>
<CardContent> <CardContent>
<div className="text-3xl font-bold">{stats.scorecards}</div> <div className="text-3xl font-bold text-[#3B82F6]">{metrics.interviewsThisWeek}</div>
<p className="text-xs text-muted-foreground mt-1">Scorecards submitted</p>
</CardContent> </CardContent>
</Card> </Card>
</div> </div>
<div className="grid gap-6 md:grid-cols-3"> <div className="grid gap-6 lg:grid-cols-2 mb-6">
{/* Pipeline Overview */}
<Card> <Card>
<CardHeader> <CardHeader>
<CardTitle>AI CV Parsing</CardTitle> <CardTitle>Pipeline Overview</CardTitle>
</CardHeader> </CardHeader>
<CardContent> <CardContent>
<p className="text-sm text-muted-foreground mb-3"> {pipeline.applied + pipeline.screening + pipeline.interview + pipeline.offer + pipeline.hired === 0 ? (
Upload CVs and automatically extract candidate information skills, experience, education using AI parsing. <div className="text-center py-8 text-muted-foreground">
</p> <p className="text-sm">No candidates in pipeline yet.</p>
<a href="/candidates" className="text-sm font-medium text-primary hover:underline">Go to Candidates </a> <Link to="/candidates" className="text-[#3B82F6] text-sm hover:underline mt-2 inline-block">Add your first candidate </Link>
</div>
) : (
<div className="space-y-3">
{pipelineStages.map(stage => (
<div key={stage.key} className="flex items-center gap-3">
<span className={`text-xs font-medium px-2 py-1 rounded-full w-24 text-center ${stage.color}`}>{stage.label}</span>
<div className="flex-1 bg-gray-100 rounded-full h-2">
<div
className="bg-[#3B82F6] h-2 rounded-full transition-all"
style={{ width: `${Math.min(100, (pipeline[stage.key as keyof PipelineSummary] / Math.max(1, metrics.totalApplications)) * 100)}%` }}
/>
</div>
<span className="text-sm font-medium w-8 text-right">{pipeline[stage.key as keyof PipelineSummary]}</span>
</div>
))}
</div>
)}
</CardContent> </CardContent>
</Card> </Card>
{/* Recent Activity */}
<Card> <Card>
<CardHeader> <CardHeader>
<CardTitle>Multi-Channel Job Posting</CardTitle> <CardTitle>Recent Activity</CardTitle>
</CardHeader> </CardHeader>
<CardContent> <CardContent>
<p className="text-sm text-muted-foreground mb-3"> {activities.length === 0 ? (
Post jobs to LinkedIn, Indeed, Arbetsförmedlingen, and your company career page with a single click. <div className="text-center py-8 text-muted-foreground">
</p> <p className="text-sm">No activity yet. Start by posting a job or adding a candidate.</p>
<a href="/jobs" className="text-sm font-medium text-primary hover:underline">Go to Jobs </a> </div>
) : (
<div className="space-y-3">
{activities.map((activity, i) => (
<div key={i} className="flex items-start gap-3 py-2 border-b last:border-0">
<div className="flex-1 min-w-0">
<p className="text-sm font-medium truncate">{activity.title}</p>
<p className="text-xs text-muted-foreground">{activityTypeLabel[activity.type] || activity.type}{activity.subtitle ? `${activity.subtitle}` : ''}</p>
</div>
<span className="text-xs text-muted-foreground whitespace-nowrap">
{new Date(activity.timestamp).toLocaleDateString()}
</span>
</div>
))}
</div>
)}
</CardContent> </CardContent>
</Card> </Card>
<Card> </div>
<CardHeader>
<CardTitle>Collaborative Scorecards</CardTitle> {/* Quick Actions */}
</CardHeader> <div className="grid gap-4 sm:grid-cols-3">
<CardContent> <Card className="hover:shadow-md transition-shadow cursor-pointer">
<p className="text-sm text-muted-foreground mb-3"> <CardContent className="pt-6">
Multiple interviewers score candidates using standardized criteria for consistent, unbiased evaluations. <Link to="/jobs" className="block">
</p> <div className="text-2xl mb-2">💼</div>
<a href="/scorecards" className="text-sm font-medium text-primary hover:underline">Go to Scorecards </a> <h3 className="font-semibold">Post a Job</h3>
<p className="text-sm text-muted-foreground mt-1">Publish to LinkedIn, Indeed, and more</p>
</Link>
</CardContent>
</Card>
<Card className="hover:shadow-md transition-shadow cursor-pointer">
<CardContent className="pt-6">
<Link to="/candidates" className="block">
<div className="text-2xl mb-2">👤</div>
<h3 className="font-semibold">Add Candidate</h3>
<p className="text-sm text-muted-foreground mt-1">Upload CV or enter details manually</p>
</Link>
</CardContent>
</Card>
<Card className="hover:shadow-md transition-shadow cursor-pointer">
<CardContent className="pt-6">
<Link to="/scorecards" className="block">
<div className="text-2xl mb-2">📋</div>
<h3 className="font-semibold">Create Scorecard</h3>
<p className="text-sm text-muted-foreground mt-1">Evaluate and compare candidates</p>
</Link>
</CardContent> </CardContent>
</Card> </Card>
</div> </div>

86
client/src/pages/Login.tsx Normal file
View File

@@ -0,0 +1,86 @@
import { useState } from 'react'
import { useNavigate, Link } from 'react-router-dom'
import { useAuth } from '@/lib/auth'
import { Card, CardHeader, CardTitle, CardContent, CardFooter } from '@/components/ui/card'
import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input'
import { Label } from '@/components/ui/label'
export default function LoginPage() {
const { login } = useAuth()
const navigate = useNavigate()
const [email, setEmail] = useState('')
const [password, setPassword] = useState('')
const [error, setError] = useState('')
const [loading, setLoading] = useState(false)
async function handleSubmit(e: React.FormEvent) {
e.preventDefault()
setError('')
setLoading(true)
try {
await login(email, password)
navigate('/')
} catch (err: any) {
setError(err.message)
} finally {
setLoading(false)
}
}
return (
<div className="min-h-screen bg-[#F9FAFB] flex items-center justify-center p-4">
<div className="w-full max-w-md">
<div className="text-center mb-8">
<h1 className="text-3xl font-bold text-[#3B82F6]">HireFlow</h1>
<p className="text-sm text-gray-500 mt-1">AI Recruitment Platform</p>
</div>
<Card>
<CardHeader>
<CardTitle className="text-xl">Sign in to your account</CardTitle>
</CardHeader>
<form onSubmit={handleSubmit}>
<CardContent className="space-y-4">
{error && (
<div className="bg-red-50 border border-red-200 text-red-700 px-4 py-3 rounded-md text-sm">
{error}
</div>
)}
<div className="space-y-2">
<Label htmlFor="email">Email</Label>
<Input
id="email"
type="email"
placeholder="you@company.com"
value={email}
onChange={e => setEmail(e.target.value)}
required
/>
</div>
<div className="space-y-2">
<Label htmlFor="password">Password</Label>
<Input
id="password"
type="password"
placeholder="••••••••"
value={password}
onChange={e => setPassword(e.target.value)}
required
/>
</div>
</CardContent>
<CardFooter className="flex flex-col gap-3">
<Button type="submit" className="w-full bg-[#3B82F6] hover:bg-blue-600" disabled={loading}>
{loading ? 'Signing in...' : 'Sign In'}
</Button>
<p className="text-sm text-center text-gray-500">
No account yet?{' '}
<Link to="/register" className="text-[#3B82F6] hover:underline font-medium">Register</Link>
</p>
</CardFooter>
</form>
</Card>
</div>
</div>
)
}

89
client/src/pages/Register.tsx Normal file
View File

@@ -0,0 +1,89 @@
import { useState } from 'react'
import { useNavigate, Link } from 'react-router-dom'
import { useAuth } from '@/lib/auth'
import { Card, CardHeader, CardTitle, CardContent, CardFooter } from '@/components/ui/card'
import { Button } from '@/components/ui/button'
import { Input } from '@/components/ui/input'
import { Label } from '@/components/ui/label'
export default function RegisterPage() {
const { register } = useAuth()
const navigate = useNavigate()
const [email, setEmail] = useState('')
const [password, setPassword] = useState('')
const [confirmPassword, setConfirmPassword] = useState('')
const [role, setRole] = useState('recruiter')
const [error, setError] = useState('')
const [loading, setLoading] = useState(false)
async function handleSubmit(e: React.FormEvent) {
e.preventDefault()
setError('')
if (password !== confirmPassword) { setError('Passwords do not match'); return }
if (password.length < 8) { setError('Password must be at least 8 characters'); return }
setLoading(true)
try {
await register(email, password, role)
navigate('/login?registered=1')
} catch (err: any) {
setError(err.message)
} finally {
setLoading(false)
}
}
return (
<div className="min-h-screen bg-[#F9FAFB] flex items-center justify-center p-4">
<div className="w-full max-w-md">
<div className="text-center mb-8">
<h1 className="text-3xl font-bold text-[#3B82F6]">HireFlow</h1>
<p className="text-sm text-gray-500 mt-1">AI Recruitment Platform</p>
</div>
<Card>
<CardHeader>
<CardTitle className="text-xl">Create your account</CardTitle>
</CardHeader>
<form onSubmit={handleSubmit}>
<CardContent className="space-y-4">
{error && (
<div className="bg-red-50 border border-red-200 text-red-700 px-4 py-3 rounded-md text-sm">
{error}
</div>
)}
<div className="space-y-2">
<Label htmlFor="email">Work Email</Label>
<Input id="email" type="email" placeholder="you@company.com" value={email} onChange={e => setEmail(e.target.value)} required />
</div>
<div className="space-y-2">
<Label htmlFor="role">Role</Label>
<select id="role" value={role} onChange={e => setRole(e.target.value)}
className="w-full border border-input rounded-md px-3 py-2 text-sm bg-background">
<option value="recruiter">Recruiter</option>
<option value="hiring_manager">Hiring Manager</option>
<option value="admin">Admin</option>
</select>
</div>
<div className="space-y-2">
<Label htmlFor="password">Password</Label>
<Input id="password" type="password" placeholder="Min. 8 characters" value={password} onChange={e => setPassword(e.target.value)} required />
</div>
<div className="space-y-2">
<Label htmlFor="confirmPassword">Confirm Password</Label>
<Input id="confirmPassword" type="password" placeholder="Repeat password" value={confirmPassword} onChange={e => setConfirmPassword(e.target.value)} required />
</div>
</CardContent>
<CardFooter className="flex flex-col gap-3">
<Button type="submit" className="w-full bg-[#3B82F6] hover:bg-blue-600" disabled={loading}>
{loading ? 'Creating account...' : 'Create Account'}
</Button>
<p className="text-sm text-center text-gray-500">
Already have an account?{' '}
<Link to="/login" className="text-[#3B82F6] hover:underline font-medium">Sign in</Link>
</p>
</CardFooter>
</form>
</Card>
</div>
</div>
)
}

242
package-lock.json generated
View File

@@ -9,8 +9,11 @@
"version": "1.0.0", "version": "1.0.0",
"hasInstallScript": true, "hasInstallScript": true,
"dependencies": { "dependencies": {
"bcryptjs": "^3.0.3",
"cors": "^2.8.5", "cors": "^2.8.5",
"express": "^4.18.2", "express": "^4.18.2",
"jsonwebtoken": "^9.0.3",
"multer": "^1.4.5-lts.1",
"pg": "^8.11.3", "pg": "^8.11.3",
"redis": "^4.6.12" "redis": "^4.6.12"
}, },
@@ -141,6 +144,11 @@
"node": ">= 8" "node": ">= 8"
} }
}, },
"node_modules/append-field": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz",
"integrity": "sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw=="
},
"node_modules/array-flatten": { "node_modules/array-flatten": {
"version": "1.1.1", "version": "1.1.1",
"resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
@@ -154,6 +162,14 @@
"dev": true, "dev": true,
"license": "MIT" "license": "MIT"
}, },
"node_modules/bcryptjs": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-3.0.3.tgz",
"integrity": "sha512-GlF5wPWnSa/X5LKM1o0wz0suXIINz1iHRLvTS+sLyi7XPbe5ycmYI3DlZqVGZZtDgl4DmasFg7gOB3JYbphV5g==",
"bin": {
"bcrypt": "bin/bcrypt"
}
},
"node_modules/binary-extensions": { "node_modules/binary-extensions": {
"version": "2.3.0", "version": "2.3.0",
"resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
@@ -215,6 +231,27 @@
"node": ">=8" "node": ">=8"
} }
}, },
"node_modules/buffer-equal-constant-time": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
"integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA=="
},
"node_modules/buffer-from": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
"integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ=="
},
"node_modules/busboy": {
"version": "1.6.0",
"resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz",
"integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==",
"dependencies": {
"streamsearch": "^1.1.0"
},
"engines": {
"node": ">=10.16.0"
}
},
"node_modules/bytes": { "node_modules/bytes": {
"version": "3.1.2", "version": "3.1.2",
"resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz",
@@ -359,6 +396,20 @@
"dev": true, "dev": true,
"license": "MIT" "license": "MIT"
}, },
"node_modules/concat-stream": {
"version": "1.6.2",
"resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz",
"integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==",
"engines": [
"node >= 0.8"
],
"dependencies": {
"buffer-from": "^1.0.0",
"inherits": "^2.0.3",
"readable-stream": "^2.2.2",
"typedarray": "^0.0.6"
}
},
"node_modules/concurrently": { "node_modules/concurrently": {
"version": "8.2.2", "version": "8.2.2",
"resolved": "https://registry.npmjs.org/concurrently/-/concurrently-8.2.2.tgz", "resolved": "https://registry.npmjs.org/concurrently/-/concurrently-8.2.2.tgz",
@@ -423,6 +474,11 @@
"integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==",
"license": "MIT" "license": "MIT"
}, },
"node_modules/core-util-is": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz",
"integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ=="
},
"node_modules/cors": { "node_modules/cors": {
"version": "2.8.6", "version": "2.8.6",
"resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz", "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.6.tgz",
@@ -499,6 +555,14 @@
"node": ">= 0.4" "node": ">= 0.4"
} }
}, },
"node_modules/ecdsa-sig-formatter": {
"version": "1.0.11",
"resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz",
"integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==",
"dependencies": {
"safe-buffer": "^5.0.1"
}
},
"node_modules/ee-first": { "node_modules/ee-first": {
"version": "1.1.1", "version": "1.1.1",
"resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
@@ -920,6 +984,56 @@
"node": ">=0.12.0" "node": ">=0.12.0"
} }
}, },
"node_modules/isarray": {
"version": "1.0.0",
"resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
"integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ=="
},
"node_modules/jsonwebtoken": {
"version": "9.0.3",
"resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz",
"integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==",
"dependencies": {
"jws": "^4.0.1",
"lodash.includes": "^4.3.0",
"lodash.isboolean": "^3.0.3",
"lodash.isinteger": "^4.0.4",
"lodash.isnumber": "^3.0.3",
"lodash.isplainobject": "^4.0.6",
"lodash.isstring": "^4.0.1",
"lodash.once": "^4.0.0",
"ms": "^2.1.1",
"semver": "^7.5.4"
},
"engines": {
"node": ">=12",
"npm": ">=6"
}
},
"node_modules/jsonwebtoken/node_modules/ms": {
"version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
"integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="
},
"node_modules/jwa": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz",
"integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==",
"dependencies": {
"buffer-equal-constant-time": "^1.0.1",
"ecdsa-sig-formatter": "1.0.11",
"safe-buffer": "^5.0.1"
}
},
"node_modules/jws": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz",
"integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==",
"dependencies": {
"jwa": "^2.0.1",
"safe-buffer": "^5.0.1"
}
},
"node_modules/lodash": { "node_modules/lodash": {
"version": "4.17.23", "version": "4.17.23",
"resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz", "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
@@ -927,6 +1041,41 @@
"dev": true, "dev": true,
"license": "MIT" "license": "MIT"
}, },
"node_modules/lodash.includes": {
"version": "4.3.0",
"resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
"integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w=="
},
"node_modules/lodash.isboolean": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
"integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg=="
},
"node_modules/lodash.isinteger": {
"version": "4.0.4",
"resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
"integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA=="
},
"node_modules/lodash.isnumber": {
"version": "3.0.3",
"resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
"integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw=="
},
"node_modules/lodash.isplainobject": {
"version": "4.0.6",
"resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
"integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA=="
},
"node_modules/lodash.isstring": {
"version": "4.0.1",
"resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
"integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw=="
},
"node_modules/lodash.once": {
"version": "4.1.1",
"resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
"integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg=="
},
"node_modules/math-intrinsics": { "node_modules/math-intrinsics": {
"version": "1.1.0", "version": "1.1.0",
"resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz",
@@ -1009,12 +1158,49 @@
"node": "*" "node": "*"
} }
}, },
"node_modules/minimist": {
"version": "1.2.8",
"resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
"integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==",
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
},
"node_modules/mkdirp": {
"version": "0.5.6",
"resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz",
"integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==",
"dependencies": {
"minimist": "^1.2.6"
},
"bin": {
"mkdirp": "bin/cmd.js"
}
},
"node_modules/ms": { "node_modules/ms": {
"version": "2.0.0", "version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==",
"license": "MIT" "license": "MIT"
}, },
"node_modules/multer": {
"version": "1.4.5-lts.2",
"resolved": "https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz",
"integrity": "sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==",
"deprecated": "Multer 1.x is impacted by a number of vulnerabilities, which have been patched in 2.x. You should upgrade to the latest 2.x version.",
"dependencies": {
"append-field": "^1.0.0",
"busboy": "^1.0.0",
"concat-stream": "^1.5.2",
"mkdirp": "^0.5.4",
"object-assign": "^4.1.1",
"type-is": "^1.6.4",
"xtend": "^4.0.0"
},
"engines": {
"node": ">= 6.0.0"
}
},
"node_modules/negotiator": { "node_modules/negotiator": {
"version": "0.6.3", "version": "0.6.3",
"resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz",
@@ -1300,6 +1486,11 @@
"node": ">=0.10.0" "node": ">=0.10.0"
} }
}, },
"node_modules/process-nextick-args": {
"version": "2.0.1",
"resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
"integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag=="
},
"node_modules/proxy-addr": { "node_modules/proxy-addr": {
"version": "2.0.7", "version": "2.0.7",
"resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz",
@@ -1359,6 +1550,25 @@
"node": ">= 0.8" "node": ">= 0.8"
} }
}, },
"node_modules/readable-stream": {
"version": "2.3.8",
"resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
"integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
"dependencies": {
"core-util-is": "~1.0.0",
"inherits": "~2.0.3",
"isarray": "~1.0.0",
"process-nextick-args": "~2.0.0",
"safe-buffer": "~5.1.1",
"string_decoder": "~1.1.1",
"util-deprecate": "~1.0.1"
}
},
"node_modules/readable-stream/node_modules/safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
},
"node_modules/readdirp": { "node_modules/readdirp": {
"version": "3.6.0", "version": "3.6.0",
"resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
@@ -1439,7 +1649,6 @@
"version": "7.7.4", "version": "7.7.4",
"resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz", "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.4.tgz",
"integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==", "integrity": "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA==",
"dev": true,
"license": "ISC", "license": "ISC",
"bin": { "bin": {
"semver": "bin/semver.js" "semver": "bin/semver.js"
@@ -1621,6 +1830,27 @@
"node": ">= 0.8" "node": ">= 0.8"
} }
}, },
"node_modules/streamsearch": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz",
"integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==",
"engines": {
"node": ">=10.0.0"
}
},
"node_modules/string_decoder": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
"integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
"dependencies": {
"safe-buffer": "~5.1.0"
}
},
"node_modules/string_decoder/node_modules/safe-buffer": {
"version": "5.1.2",
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
"integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
},
"node_modules/string-width": { "node_modules/string-width": {
"version": "4.2.3", "version": "4.2.3",
"resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz", "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
@@ -1727,6 +1957,11 @@
"node": ">= 0.6" "node": ">= 0.6"
} }
}, },
"node_modules/typedarray": {
"version": "0.0.6",
"resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
"integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA=="
},
"node_modules/undefsafe": { "node_modules/undefsafe": {
"version": "2.0.5", "version": "2.0.5",
"resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz", "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz",
@@ -1743,6 +1978,11 @@
"node": ">= 0.8" "node": ">= 0.8"
} }
}, },
"node_modules/util-deprecate": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
"integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
},
"node_modules/utils-merge": { "node_modules/utils-merge": {
"version": "1.0.1", "version": "1.0.1",
"resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",

14
package.json
View File

@@ -13,14 +13,16 @@
"dev:client": "cd client && npm run dev" "dev:client": "cd client && npm run dev"
}, },
"dependencies": { "dependencies": {
"express": "^4.18.2", "bcryptjs": "^3.0.3",
"pg": "^8.11.3",
"redis": "^4.6.12",
"cors": "^2.8.5", "cors": "^2.8.5",
"multer": "^1.4.5-lts.1" "express": "^4.18.2",
"jsonwebtoken": "^9.0.3",
"multer": "^1.4.5-lts.1",
"pg": "^8.11.3",
"redis": "^4.6.12"
}, },
"devDependencies": { "devDependencies": {
"nodemon": "^3.0.2", "concurrently": "^8.2.2",
"concurrently": "^8.2.2" "nodemon": "^3.0.2"
} }
} }

207
server.js
View File

@@ -4,9 +4,14 @@ const redis = require('redis');
const path = require('path'); const path = require('path');
const multer = require('multer'); const multer = require('multer');
const upload = multer({ storage: multer.memoryStorage(), limits: { fileSize: 10 * 1024 * 1024 } }); const upload = multer({ storage: multer.memoryStorage(), limits: { fileSize: 10 * 1024 * 1024 } });
const jwt = require('jsonwebtoken');
const bcryptjs = require('bcryptjs');
const bcrypt = bcryptjs;
const app = express(); const app = express();
const PORT = process.env.PORT || 3000; const PORT = process.env.PORT || 3000;
const JWT_SECRET = process.env.JWT_SECRET || 'hireflow-secret-key-change-in-production';
const JWT_REFRESH_SECRET = process.env.JWT_REFRESH_SECRET || 'hireflow-refresh-secret-change-in-production';
app.use(express.json()); app.use(express.json());
@@ -83,6 +88,27 @@ async function initDb() {
created_at TIMESTAMP DEFAULT NOW(), created_at TIMESTAMP DEFAULT NOW(),
UNIQUE(job_id, candidate_id) UNIQUE(job_id, candidate_id)
); );
CREATE TABLE IF NOT EXISTS users (
id SERIAL PRIMARY KEY,
email VARCHAR(255) UNIQUE NOT NULL,
password_hash VARCHAR(255) NOT NULL,
role VARCHAR(50) NOT NULL DEFAULT 'recruiter',
agency_id INTEGER,
is_active BOOLEAN DEFAULT true,
created_at TIMESTAMP DEFAULT NOW(),
updated_at TIMESTAMP DEFAULT NOW(),
deleted_at TIMESTAMP
);
CREATE TABLE IF NOT EXISTS refresh_tokens (
id SERIAL PRIMARY KEY,
user_id INTEGER REFERENCES users(id),
token_hash VARCHAR(255) NOT NULL,
expires_at TIMESTAMP NOT NULL,
revoked_at TIMESTAMP,
created_at TIMESTAMP DEFAULT NOW()
);
`); `);
console.log('Database schema initialized'); console.log('Database schema initialized');
} catch (err) { } catch (err) {
@@ -136,6 +162,187 @@ function parseCV(text) {
}; };
} }
// Auth middleware
function authenticateToken(req, res, next) {
const authHeader = req.headers['authorization'];
const token = authHeader && authHeader.split(' ')[1];
if (!token) return res.status(401).json({ error: 'Access token required' });
try {
const user = jwt.verify(token, JWT_SECRET);
req.user = user;
next();
} catch (err) {
return res.status(401).json({ error: 'Invalid or expired token' });
}
}
function requireRole(...roles) {
return (req, res, next) => {
if (!req.user || !roles.includes(req.user.role)) {
return res.status(403).json({ error: 'Insufficient permissions' });
}
next();
};
}
// POST /auth/register
app.post('/auth/register', async (req, res) => {
try {
const { email, password, role } = req.body;
if (!email || !password) return res.status(400).json({ error: 'Email and password required' });
const allowedRoles = ['admin', 'recruiter', 'hiring_manager'];
const userRole = allowedRoles.includes(role) ? role : 'recruiter';
const passwordHash = await bcrypt.hash(password, 12);
const result = await pool.query(
'INSERT INTO users (email, password_hash, role) VALUES ($1, $2, $3) RETURNING id, email, role, created_at',
[email.toLowerCase(), passwordHash, userRole]
);
res.status(201).json({ success: true, user: result.rows[0] });
} catch (err) {
if (err.code === '23505') return res.status(409).json({ error: 'Email already registered' });
res.status(500).json({ error: err.message });
}
});
// POST /auth/login
app.post('/auth/login', async (req, res) => {
try {
const { email, password } = req.body;
if (!email || !password) return res.status(400).json({ error: 'Email and password required' });
const result = await pool.query('SELECT * FROM users WHERE email = $1 AND deleted_at IS NULL', [email.toLowerCase()]);
if (!result.rows.length) return res.status(401).json({ error: 'Invalid credentials' });
const user = result.rows[0];
if (!user.is_active) return res.status(401).json({ error: 'Account is disabled' });
const valid = await bcrypt.compare(password, user.password_hash);
if (!valid) return res.status(401).json({ error: 'Invalid credentials' });
const accessToken = jwt.sign({ id: user.id, email: user.email, role: user.role }, JWT_SECRET, { expiresIn: '15m' });
const refreshToken = jwt.sign({ id: user.id }, JWT_REFRESH_SECRET, { expiresIn: '7d' });
const refreshHash = await bcrypt.hash(refreshToken, 10);
const expiresAt = new Date(Date.now() + 7 * 24 * 60 * 60 * 1000);
await pool.query('INSERT INTO refresh_tokens (user_id, token_hash, expires_at) VALUES ($1, $2, $3)', [user.id, refreshHash, expiresAt]);
res.json({ success: true, accessToken, refreshToken, user: { id: user.id, email: user.email, role: user.role } });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// POST /auth/refresh
app.post('/auth/refresh', async (req, res) => {
try {
const { refreshToken } = req.body;
if (!refreshToken) return res.status(401).json({ error: 'Refresh token required' });
let payload;
try { payload = jwt.verify(refreshToken, JWT_REFRESH_SECRET); } catch { return res.status(401).json({ error: 'Invalid refresh token' }); }
const tokens = await pool.query('SELECT * FROM refresh_tokens WHERE user_id = $1 AND revoked_at IS NULL AND expires_at > NOW()', [payload.id]);
let validToken = null;
for (const t of tokens.rows) {
if (await bcrypt.compare(refreshToken, t.token_hash)) { validToken = t; break; }
}
if (!validToken) return res.status(401).json({ error: 'Invalid or expired refresh token' });
const user = await pool.query('SELECT id, email, role FROM users WHERE id = $1 AND is_active = true AND deleted_at IS NULL', [payload.id]);
if (!user.rows.length) return res.status(401).json({ error: 'User not found' });
const accessToken = jwt.sign({ id: user.rows[0].id, email: user.rows[0].email, role: user.rows[0].role }, JWT_SECRET, { expiresIn: '15m' });
res.json({ success: true, accessToken, user: user.rows[0] });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// POST /auth/logout
app.post('/auth/logout', authenticateToken, async (req, res) => {
try {
await pool.query('UPDATE refresh_tokens SET revoked_at = NOW() WHERE user_id = $1 AND revoked_at IS NULL', [req.user.id]);
res.json({ success: true });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// GET /auth/me
app.get('/auth/me', authenticateToken, async (req, res) => {
try {
const result = await pool.query('SELECT id, email, role, agency_id, is_active, created_at FROM users WHERE id = $1 AND deleted_at IS NULL', [req.user.id]);
if (!result.rows.length) return res.status(404).json({ error: 'User not found' });
res.json(result.rows[0]);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// GET /api/users (admin only)
app.get('/api/users', authenticateToken, requireRole('admin'), async (req, res) => {
try {
const result = await pool.query('SELECT id, email, role, agency_id, is_active, created_at FROM users WHERE deleted_at IS NULL ORDER BY created_at DESC');
res.json({ users: result.rows });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// PATCH /api/users/:id/role (admin only)
app.patch('/api/users/:id/role', authenticateToken, requireRole('admin'), async (req, res) => {
try {
const { role } = req.body;
const allowedRoles = ['admin', 'recruiter', 'hiring_manager'];
if (!allowedRoles.includes(role)) return res.status(400).json({ error: 'Invalid role' });
const result = await pool.query('UPDATE users SET role = $1, updated_at = NOW() WHERE id = $2 AND deleted_at IS NULL RETURNING id, email, role', [role, req.params.id]);
if (!result.rows.length) return res.status(404).json({ error: 'User not found' });
res.json({ success: true, user: result.rows[0] });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// Add dashboard endpoints
app.get('/api/dashboard/metrics', authenticateToken, async (req, res) => {
try {
const [candidates, jobs, applications, interviews] = await Promise.all([
pool.query('SELECT COUNT(*) FROM candidates'),
pool.query("SELECT COUNT(*) FROM jobs WHERE status = 'posted'"),
pool.query('SELECT COUNT(*) FROM job_applications'),
pool.query("SELECT COUNT(*) FROM scorecards WHERE created_at >= NOW() - INTERVAL '7 days'"),
]);
res.json({
totalCandidates: parseInt(candidates.rows[0].count),
activeJobs: parseInt(jobs.rows[0].count),
totalApplications: parseInt(applications.rows[0].count),
interviewsThisWeek: parseInt(interviews.rows[0].count),
});
} catch (err) {
res.status(500).json({ error: err.message });
}
});
app.get('/api/dashboard/pipeline-summary', authenticateToken, async (req, res) => {
try {
const result = await pool.query('SELECT stage, COUNT(*) as count FROM job_applications GROUP BY stage');
const stages = { applied: 0, screening: 0, interview: 0, offer: 0, hired: 0 };
result.rows.forEach(r => { if (stages.hasOwnProperty(r.stage)) stages[r.stage] = parseInt(r.count); });
res.json(stages);
} catch (err) {
res.status(500).json({ error: err.message });
}
});
app.get('/api/dashboard/recent-activity', authenticateToken, async (req, res) => {
try {
const result = await pool.query(`
SELECT 'candidate_added' as type, c.name as title, c.email as subtitle, c.created_at as timestamp
FROM candidates c
UNION ALL
SELECT 'job_posted' as type, j.title, j.location as subtitle, j.created_at as timestamp
FROM jobs j
UNION ALL
SELECT 'application' as type, c.name as title, jo.title as subtitle, ja.created_at as timestamp
FROM job_applications ja JOIN candidates c ON ja.candidate_id = c.id JOIN jobs jo ON ja.job_id = jo.id
ORDER BY timestamp DESC LIMIT 10
`);
res.json({ activities: result.rows });
} catch (err) {
res.status(500).json({ error: err.message });
}
});
// Health check // Health check
app.get('/health', async (req, res) => { app.get('/health', async (req, res) => {
try { try {