The structure of MERNKIT dictates that all routing is done by Routers in the routes folder. All the authentication methods issue a JSON Web Token for continual API authentication. Therefore, Keep a close eye out for the following line:
router.use(passport.authenticate("jwt", { session: false }));
Anything above that line in a routes file is accessible without authentication.
Anything below is protected.
When you create your own routes you can use this same line of code to protect your routes.
Last modified 1yr ago
Copy link