Improve security when updating history

Right now our application let's any authenticated user update their history freely if they use some external software such as postman. This is because we are doing the game logic in the frontend and probably the only way to fix it would be to move it to the backend.