# CV / Resume Jobdesc Compatibility Checker

This project is a Flask-based web service that allows users to upload their resumes in PDF format and compare them against a given job description. The application uses Google's Gemini AI to analyze compatibility and provide a score out of 100.

<img src="https://pub-29cbef3ae01c408e9477a8e34bb4a9ef.r2.dev/2025/02/CV_score.jpg">

## Features
- Upload a resume in PDF format
- Analyze compatibility against a provided job description
- Convert PDF to images for AI processing
- Secure API with CSRF protection and reCAPTCHA validation
- Rate-limiting to prevent abuse
- Uses Flask-Limiter, Flask-WTF, and Flask-CORS for security enhancements
- Deletes uploaded files after processing

## Requirements
Before running the application, ensure you have the following dependencies installed:

- Python 3.8+
- Flask
- Flask-WTF
- Flask-CORS
- Flask-Limiter
- PyMuPDF (fitz)
- pdf2image
- Pillow
- Google Generative AI SDK
- python-dotenv
- requests
- markdown

Install dependencies using:
```sh
pip install -r requirements.txt
```

## Environment Variables
Create a `.env` file in the root directory and configure the following:

```ini
GOOGLE_API_KEY=<your_google_api_key>
UPLOAD_FOLDER=uploads/
MAX_FILE_SIZE=4194304  # 4MB limit
SECRET_KEY=<your_secret_key>
RATE_LIMIT=1 per 10 seconds
RECAPTCHA_SECRET_KEY=<your_recaptcha_secret_key>
RECAPTCHA_SITE_KEY=<your_recaptcha_site_key>
CORS_ORIGIN=<your_allowed_origin>
FLASK_RUN_HOST=0.0.0.0
FLASK_RUN_PORT=49465
```

## Usage
### Running the Application
Start the Flask server:
```sh
flask run --host=0.0.0.0 --port=49465
```
or
```sh
python app.py
```

### API Endpoints
#### `GET /`
Returns the upload page with reCAPTCHA integration.

#### `POST /`
Accepts form data with a job description and a PDF resume.

- **Parameters:**
  - `g-recaptcha-response`: Required for reCAPTCHA verification.
  - `text_input`: The job description.
  - `file`: A valid PDF file (max 4MB).

- **Response:**
  ```json
  {
    "summary": "Resume compatibility summary",
    "score": 85
  }
  ```
  
  - Returns a compatibility summary and a score (0-100).
  - If reCAPTCHA fails, returns `{ "error": "reCAPTCHA verification failed." }`.
  - If the PDF is invalid, returns `{ "error": "Invalid or potentially harmful PDF." }`.

## Security Features
- **CSRF Protection**: Uses `Flask-WTF` for CSRF token validation.
- **Rate Limiting**: Limits users to 1 request per 10 seconds.
- **reCAPTCHA**: Ensures human users.
- **PDF Sanitization**: Checks for JavaScript, embedded files, and potential security threats.
- **Secure Headers**: Implements X-Frame-Options, Content-Security-Policy, and other security headers.

## Deployment
To deploy this application in development mode, use:
```sh
flask run --host=0.0.0.0 --port=49465
```
or
```sh
python app.py
```

You can also deploy it using Docker, Nginx, or cloud services like AWS, Google Cloud, or Heroku.