added jwt authentication on all purchases for admins and on the user routes for PUT and GET, changed URLs