add middleware

middleware.ts

@@ -0,0 +1,23 @@
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+import { getPermision } from "./lib/getPermisions";
+
+export function middleware(req: NextRequest) {
+  const token = req.cookies.get("access_token")?.value;
+  const { pathname } = req.nextUrl;
+
+  const isAdminRoute = pathname.startsWith("/admin");
+  const isLoginPage = pathname.startsWith("/login");
+
+  // 🚫 block user if not logged in or not admin
+  if (isAdminRoute && ( !token || !getPermision(req).includes("Admin") )) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  // 🔁 prevent logged-in users from seeing login page
+  if (isLoginPage && token && getPermision(req).includes("Admin")) {
+    return NextResponse.redirect(new URL("/admin/dashboard", req.url));
+  }
+
+  return NextResponse.next();
+}