User auth and protected routes

To restrict access to user operations such as user profile view, user update, and user delete, we will implement sign-in authentication with JWT, then protect and authorize the read, update, and delete routes.

The auth-related API endpoints for sign-in and sign-out will be declared in server/routes/auth.routes.js and then mounted on the Express app in server/express.js.

mern-skeleton/server/express.js:

import authRoutes from './routes/auth.routes'
  ...
  app.use('/', authRoutes)
  ...