feat!: remove Pinterest OAuth and API integration

Pinterest's API v5 has significantly reduced functionality, only allowing
users to manage their own content without access to public data. This
makes it not good candidate for the intent of hackathon-starter.

Changes:
- Remove Pinterest OAuth2 authentication
- Remove Pinterest API example endpoints and views
- Remove related configuration and documentation

Author: YasharF

.env.example

@@ -61,9 +61,6 @@ NYT_KEY=9548be6f3a64163d23e1539f067fcabd:5:68537648
 PAYPAL_ID=AdGE8hDyixVoHmbhASqAThfbBcrbcgiJPBwlAM7u7Kfq3YU-iPGc6BXaTppt
 PAYPAL_SECRET=EPN0WxB5PaRaumTB1ZpCuuTqLqIlF6_EWUcAbZV99Eu86YeNBVm9KVsw_Ez5
 
-PINTEREST_ID=4819282851912494691
-PINTEREST_SECRET=b32f578ad83d94c058c6682329220feda7e5817e043a1cc4a5a1e28f51c70301
-
 QUICKBOOKS_CLIENT_ID=ABQSXxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxnIxiz
 QUICKBOOKS_CLIENT_SECRET=Kux3xxxxxxxxxxxxxxxxxxxxxxxxxxxxj58mqYCD
 

README.md

@@ -85,7 +85,7 @@ I also tried to make it as **generic** and **reusable** as possible to cover mos
 - Contact Form (powered by SMTP via Sendgrid, Mailgun, AWS SES, etc.)
 - File upload
 - **API Examples**
-  - Facebook, Foursquare, Tumblr (OAuth 1.0a example), Pinterest, Github, Steam, Quickbooks, Paypal, Stripe, Twilio (text messaging), Lob (USPS Mail), HERE Maps, Google Maps, Google Drive, Google Sheets, Alpha Vantage (stocks and finance info) with ChartJS, Last.fm, New York Times, Web Scraping
+  - Facebook, Foursquare, Tumblr (OAuth 1.0a example), Github, Steam, Quickbooks, Paypal, Stripe, Twilio (text messaging), Lob (USPS Mail), HERE Maps, Google Maps, Google Drive, Google Sheets, Alpha Vantage (stocks and finance info) with ChartJS, Last.fm, New York Times, Web Scraping
 - Flash notifications
 - reCaPTCHA and rate limit protection
 - CSRF protection
@@ -162,7 +162,7 @@ _What to get and configure:_
   - Set TRANSACTION_EMAIL as the "From" address for emails sent to users thru the lost password or email verification emails to users. You may set this to the same address as SITE_CONTACT_EMAIL.
 
 - ngrok and HTTPS
-  If you want to use some API that needs HTTPS to work (for example Pinterest or Facebook),
+  If you want to use some API that needs HTTPS to work (for example Github or Facebook),
   you will need to download [ngrok](https://ngrok.com/). Start ngrok, set your BASE_URL to the forwarding address (i.e `https://3ccb-1234-abcd.ngrok-free.app` ), and use the forwarding address to access your application. If you are using a proxy like ngrok, you may get a CSRF mismatch error if you try to access the app at `http://localhost:8080` instead of the https://...ngrok-free.app address.
 
   After installing or downloading the standalone ngrok client you can start ngrok to intercept the data exchanged on port 8080 with `./ngrok http 8080` in Linux or `ngrok http 8080` in Windows.
@@ -243,11 +243,11 @@ Obtain SMTP credentials from a provider for transactional emails. Set the SMTP_U
 - Visit <a href="https://cloud.google.com/console/project" target="_blank">Google Cloud Console</a>
 - Click on the **Create Project** button
 - Enter _Project Name_, then click on **Create** button
-- Then click on _APIs & auth_ in the sidebar and select _API_ tab
-- Click on **Google+ API** under _Social APIs_, then click **Enable API**
-- Click on **Google Drive API** under _G Suite_, then click **Enable API**
-- Click on **Google Sheets API** under _G Suite_, then click **Enable API**
-- Next, under _APIs & auth_ in the sidebar click on _Credentials_ tab
+- Then click on _APIs & auth_ in the sidebar and select _API_ tab and based on your usage add:
+  - Login by Google: Click on **Google+ API** under _Social APIs_, then click **Enable API**
+  - Google Drive: Click on **Google Drive API** under _G Suite_, then click **Enable API**
+  - Google Sheets: Click on **Google Sheets API** under _G Suite_, then click **Enable API**
+- Next, under _APIs & auth_ in the sidebar click on the _Credentials_ tab
 - Click on **Create new Client ID** button
 - Select _Web Application_ and click on **Configure Consent Screen**
 - Fill out the required fields then click on **Save**
@@ -258,6 +258,10 @@ Obtain SMTP credentials from a provider for transactional emails. Set the SMTP_U
 - Click on **Create Client ID** button
 - Copy and paste _Client ID_ and _Client secret_ keys into `.env`
 
+**Warning:** Restrict your **Google Maps API key** to the "Maps JavaScript API" and the specific domain name you are using (for example, your ngrok development domain). Avoid using "localhost" or leaving the key unrestricted, because your Maps API key will be publicly exposed through the web application. This exposure could allow unauthorized users to misuse your key, potentially resulting in charges to your GCP account and credit card.
+
+- Google Maps API Key: To use the "Maps JavaScript API," you must activate your Google Cloud Platform account with a valid credit card. If your account hasn't been activated yet, this process will also trigger the countdown for the expiration of your free credits if any. If you'd prefer to avoid this, consider using **HERE Maps** as an alternative. To get a key add the Search for "Maps Platform API Key" in your GCP Console and select the appropriate option. Then get your key and add your domain as the Website restriction for it.
+
 <hr>
 
 <img src="https://upload.wikimedia.org/wikipedia/commons/c/c7/HERE_logo.svg" height="75">

app.js

@@ -200,8 +200,6 @@ app.get('/api/paypal/cancel', apiController.getPayPalCancel);
 app.get('/api/lob', apiController.getLob);
 app.get('/api/upload', lusca({ csrf: true }), apiController.getFileUpload);
 app.post('/api/upload', apiController.uploadMiddleware, lusca({ csrf: true }), apiController.postFileUpload);
-app.get('/api/pinterest', passportConfig.isAuthenticated, passportConfig.isAuthorized, apiController.getPinterest);
-app.post('/api/pinterest', passportConfig.isAuthenticated, passportConfig.isAuthorized, apiController.postPinterest);
 app.get('/api/here-maps', apiController.getHereMaps);
 app.get('/api/google-maps', apiController.getGoogleMaps);
 app.get('/api/google/drive', passportConfig.isAuthenticated, passportConfig.isAuthorized, apiController.getGoogleDrive);
@@ -248,10 +246,6 @@ app.get('/auth/steam', passport.authorize('steam-openid'));
 app.get('/auth/steam/callback', passport.authorize('steam-openid', { failureRedirect: '/api' }), (req, res) => {
   res.redirect(req.session.returnTo);
 });
-app.get('/auth/pinterest', passport.authorize('pinterest'));
-app.get('/auth/pinterest/callback', passport.authorize('pinterest', { failureRedirect: '/login' }), (req, res) => {
-  res.redirect(req.session.returnTo);
-});
 app.get('/auth/quickbooks', passport.authorize('quickbooks'));
 app.get('/auth/quickbooks/callback', passport.authorize('quickbooks', { failureRedirect: '/login' }), (req, res) => {
   res.redirect(req.session.returnTo);

config/passport.js

@@ -693,60 +693,6 @@ passport.use(
   ),
 );
 
-/**
- * Pinterest API OAuth.
- */
-const pinterestStrategyConfig = new OAuth2Strategy(
-  {
-    authorizationURL: 'https://www.pinterest.com/oauth',
-    tokenURL: 'https://api.pinterest.com/v5/oauth/token',
-    clientID: process.env.PINTEREST_ID,
-    clientSecret: process.env.PINTEREST_SECRET,
-    callbackURL: `${process.env.BASE_URL}/auth/pinterest/callback`,
-    passReqToCallback: true,
-    state: generateState(),
-    scope: ['user_accounts:read', 'pins:read', 'pins:write', 'boards:read'],
-    customHeaders: {
-      Authorization: `Basic ${Buffer.from(`${process.env.PINTEREST_ID}:${process.env.PINTEREST_SECRET}`).toString('base64')}`,
-    },
-  },
-  async (req, accessToken, refreshToken, params, profile, done) => {
-    try {
-      const user = await User.findById(req.user._id);
-      if (!user.pinterest) {
-        const pinterestUserResponse = await fetch('https://api.pinterest.com/v5/user_account', {
-          headers: {
-            Authorization: `Bearer ${accessToken}`,
-          },
-        });
-        if (!pinterestUserResponse.ok) {
-          throw new Error(`HTTP error! status: ${pinterestUserResponse.status}`);
-        }
-        const pinterestUser = await pinterestUserResponse.json();
-        user.pinterest = pinterestUser.id;
-        if (pinterestUser.website_url) {
-          user.profile.website = pinterestUser.website_url;
-        }
-        if (
-          !user.profile.picture &&
-          // && pinterestUser.account_type === 'PINNER'
-          pinterestUser.profile_image &&
-          !pinterestUser.profile_image.includes('default')
-        ) {
-          user.profile.picture = pinterestUser.profile_image;
-        }
-      }
-      const updatedUser = await saveOAuth2UserTokens(req, accessToken, refreshToken, params.expires_in, params.refresh_token_expires_in, 'pinterest');
-      await user.save();
-      return done(null, updatedUser);
-    } catch (err) {
-      return done(err);
-    }
-  },
-);
-passport.use('pinterest', pinterestStrategyConfig);
-refresh.use('pinterest', pinterestStrategyConfig);
-
 /**
  * Intuit/QuickBooks API OAuth.
  */

controllers/api.js

@@ -1115,87 +1115,6 @@ exports.uploadMiddleware = (req, res, next) => {
   });
 };
 
-/**
- * GET /api/pinterest
- * Pinterest API example.
- */
-exports.getPinterest = (req, res, next) => {
-  const token = req.user.tokens.find((token) => token.kind === 'pinterest');
-  const headers = { Authorization: `Bearer ${token.accessToken}` };
-
-  fetch('https://api.pinterest.com/v5/boards', {
-    method: 'GET',
-    headers,
-  })
-    .then(async (response) => {
-      if (!response.ok) {
-        const errorData = await response.json();
-        throw new Error(errorData.message || 'An error occurred.');
-      }
-      return response.json();
-    })
-    .then((data) => {
-      res.render('api/pinterest', {
-        title: 'Pinterest API',
-        boards: data.items,
-      });
-    })
-    .catch((error) => {
-      next(error);
-    });
-};
-
-/**
- * POST /api/pinterest
- * Create a pin.
- */
-exports.postPinterest = (req, res, next) => {
-  const validationErrors = [];
-  if (validator.isEmpty(req.body.board)) validationErrors.push({ msg: 'Board is required.' });
-  if (validator.isEmpty(req.body.note)) validationErrors.push({ msg: 'Note cannot be blank.' });
-  if (validator.isEmpty(req.body.image_url)) validationErrors.push({ msg: 'Image URL cannot be blank.' });
-
-  if (validationErrors.length) {
-    req.flash('errors', validationErrors);
-    return res.redirect('/api/pinterest');
-  }
-
-  const token = req.user.tokens.find((token) => token.kind === 'pinterest');
-  const headers = { Authorization: `Bearer ${token.accessToken}`, 'Content-Type': 'application/json' };
-  const formData = {
-    board_id: req.body.board,
-    title: req.body.note,
-    media: {
-      media_type: 'image',
-      url: req.body.image_url,
-    },
-    link: req.body.link,
-  };
-
-  fetch('https://api.pinterest.com/v5/pins', {
-    method: 'POST',
-    headers,
-    body: JSON.stringify(formData),
-  })
-    .then(async (response) => {
-      if (!response.ok) {
-        const errorData = await response.json();
-        throw new Error(errorData.message || 'An error occurred.');
-      }
-      return response.json();
-    })
-    .then(() => {
-      req.flash('success', { msg: 'Pin created' });
-      res.redirect('/api/pinterest');
-    })
-    .catch((error) => {
-      req.flash('errors', {
-        msg: error.message || 'An error occurred.',
-      });
-      res.redirect('/api/pinterest');
-    });
-};
-
 exports.getHereMaps = (req, res) => {
   res.render('api/here-maps', {
     apikey: process.env.HERE_API_KEY,

models/User.js

@@ -19,7 +19,6 @@ const userSchema = new mongoose.Schema(
     steam: String,
     twitch: String,
     quickbooks: String,
-    pinterest: String,
     tumblr: String,
     tokens: Array,
 

test/.env.test

@@ -49,9 +49,6 @@ NYT_KEY=test_nyt_key
 PAYPAL_ID=test_paypal_id
 PAYPAL_SECRET=test_paypal_secret
 
-PINTEREST_ID=test_pinterest_id
-PINTEREST_SECRET=test_pinterest_secret
-
 QUICKBOOKS_CLIENT_ID=test_quickbooks_client_id
 QUICKBOOKS_CLIENT_SECRET=test_quickbooks_client_secret
 

test/passport.js

@@ -254,7 +254,7 @@ describe('Passport Config', () => {
       const refreshToken = 'refresh-token';
       const accessTokenExpiration = 2592000;
       const refreshTokenExpiration = 31536000;
-      const providerName = 'pinterest';
+      const providerName = 'quickbooks';
 
       _saveOAuth2UserTokens(req, accessToken, refreshToken, accessTokenExpiration, refreshTokenExpiration, providerName)
         .then(() => {
@@ -468,7 +468,7 @@ describe('Passport Config', () => {
       const refreshToken = 'refresh-token';
       const accessTokenExpiration = 2592000;
       const refreshTokenExpiration = 31536000;
-      const providerName = 'pinterest';
+      const providerName = 'quickbooks';
       const tokenConfig = {};
 
       _saveOAuth2UserTokens(req, accessToken, refreshToken, accessTokenExpiration, refreshTokenExpiration, providerName, tokenConfig)

views/account/profile.pug

@@ -141,11 +141,6 @@ block content
         p.mb-1: a.text-danger(href='/account/unlink/quickbooks') Unlink your QuickBooks account
       else
         p.mb-1: a(href='/auth/quickbooks') Link your QuickBooks account
-    .offset-sm-3.col-md-7.pl-2
-      if user.pinterest
-        p.mb-1: a.text-danger(href='/account/unlink/pinterest') Unlink your Pinterest account
-      else
-        p.mb-1: a(href='/auth/pinterest') Link your Pinterest account
     .offset-sm-3.col-md-7.pl-2
       if user.tumblr
         p.mb-1: a.text-danger(href='/account/unlink/tumblr') Unlink your Tumblr account

views/api/index.pug

@@ -95,12 +95,6 @@ block content
           .card-body
             img(src='https://i.imgur.com/UPTzIdC.png', height=40, style='padding: 0px 10px 0px 0px')
             | File Upload
-    .col-md-4
-      a(href='/api/pinterest', style='color: #fff')
-        .card.text-white.mb-3(style='background-color: #bd081c')
-          .card-body
-            img(src='https://i.imgur.com/JNNRQSm.png', height=40, style='padding: 0px 10px 0px 0px')
-            | Pinterest
     .col-md-4
       a(href='/api/google-maps', style='color: #000')
         .card.mb-3(style='background-color: #0f9d58')