Security issue found I think #41
Description
it looks like there is no permissions on the routes, I don't see gates, policies or bouncer permissions, unless there is something I am missing any unauthenticated user can do any administrative task the wish like update a posts content.
I have not tested it so maybe I am missing some other way you secured the routes, idk