JWT User authentication and protecting routes part-2

Direct access is not allowed!