in this line
|
if (request.headers.cookie) { |
you are checking if there is cookies or not and if there is cookie you can access
/admin and that is protected route right? , so in that case it is not enough to check if there is a cookie or not , you must check if there is a token in the cookie , and after that you must verify that token , if the token is valid then you can access
/admin , and the same for all the protected routes.
in this line
MWM-Shop_Project/src/handler.js
Line 10 in e761e4d
you are checking if there is cookies or not and if there is cookie you can access
/adminand that is protected route right? , so in that case it is not enough to check if there is a cookie or not , you must check if there is a token in the cookie , and after that you must verify that token , if the token is valid then you can access/admin, and the same for all the protected routes.