Only post/:id seems to be protected with authentication.
It is possible to use postman or thunder client to make requests to the /post endpoints without being logged in.
perhaps moving the ensureAuth to server.js as middleware before all post routes would fix it.
app.use("/", mainRoutes);
app.use("/post", ensureAuth, postRoutes);
maybe this is covered in the classes and I missed something though.
Only post/:id seems to be protected with authentication.
It is possible to use postman or thunder client to make requests to the /post endpoints without being logged in.
perhaps moving the ensureAuth to server.js as middleware before all post routes would fix it.
maybe this is covered in the classes and I missed something though.