/post routes don't seem to be protected by authentication

[Aosmiles]

Only post/:id seems to be protected with authentication.

It is possible to use postman or thunder client to make requests to the /post endpoints without being logged in.

perhaps moving the ensureAuth to server.js as middleware before all post routes would fix it.

app.use("/", mainRoutes);
app.use("/post", ensureAuth, postRoutes);

maybe this is covered in the classes and I missed something though.