feat: added an additional layer of verification to check if the user …

…token is still active

src/api/generics/verifyToken.ts

@@ -0,0 +1,36 @@
+'use server'
+
+import { ITokenUserInitialValues } from "@/interfaces/Generics"
+import { GetUserToken } from "@/utils/GetUserToken"
+
+export async function verifyUserToken() {
+
+    try {
+        const userParse: ITokenUserInitialValues = GetUserToken()
+
+        const resp = await fetch(`${process.env.BACKEND_DOMAIN}/verify-token`, {
+            method: "GET",
+            headers: {
+                Accept: "application/json",
+                "Content-Type": "application/json",
+                Authorization: "Bearer " + userParse.accessToken,
+            }
+        })
+            .then(async (value) => {
+
+                if (value.status != 200) {
+                    return false
+                }
+
+                return true
+            })
+            .catch((error) => {
+                return false
+            })
+
+        return resp
+    } catch(err) {
+        return false
+    }
+
+}

src/middleware.ts

@@ -3,8 +3,9 @@ import { parseJWT } from "./utils/ParseJWT";
 import { ITokenUserValues } from "./interfaces/Generics";
 import { secondRoutes, actionRoutes } from "@/api/routes"
 import { ActionRoutes, SecondRoutes } from "./interfaces/IRoutes";
+import { verifyUserToken } from "./api/generics/verifyToken";
 
-export function middleware(request: NextRequest) {
+export async function middleware(request: NextRequest) {
 	const token = request.cookies.get('user')?.value
 
 	let validRoute = false
@@ -14,6 +15,12 @@ export function middleware(request: NextRequest) {
 		return NextResponse.redirect(`${process.env.FRONTEND_DOMAIN}/login`)
 	}
 
+	const isValidToken = await verifyUserToken()
+
+	if (!isValidToken) {
+		return NextResponse.redirect(`${process.env.FRONTEND_DOMAIN}/login`)
+	}
+
 	const tokenUserValues: ITokenUserValues | null = parseJWT(token)
 
 	if (tokenUserValues == null) {