[ ] add a user auth middleware to check that the user is the user logged in and only that user can make edits