in this line
https://github.com/facg3/MWM-Shop_Project/blob/e761e4d5a61dcf82570f808e98c8e50b8f240905/src/handler.js#L10
you are checking if there is cookies or not and if there is cookie you can access /admin and that is protected route right? , so in that case it is not enough to check if there is a cookie or not , you must check if there is a token in the cookie , and after that you must verify that token , if the token is valid then you can access /admin , and the same for all the protected routes.
in this line https://github.com/facg3/MWM-Shop_Project/blob/e761e4d5a61dcf82570f808e98c8e50b8f240905/src/handler.js#L10 you are checking if there is cookies or not and if there is cookie you can access
/admin
and that is protected route right? , so in that case it is not enough to check if there is a cookie or not , you must check if there is a token in the cookie , and after that you must verify that token , if the token is valid then you can access/admin
, and the same for all the protected routes.