From 12639cb6f8e2c995c6edf5bd0e4c1e5f21ba131a Mon Sep 17 00:00:00 2001
From: Peter Maquiran <maquiranpeter29@gmail.com>
Date: Sun, 19 Apr 2026 03:38:15 +0100
Subject: [PATCH] add middleware

---
 middleware.ts | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 middleware.ts

diff --git a/middleware.ts b/middleware.ts
new file mode 100644
index 0000000..540fc11
--- /dev/null
+++ b/middleware.ts
@@ -0,0 +1,23 @@
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+import { getPermision } from "./lib/getPermisions";
+
+export function middleware(req: NextRequest) {
+  const token = req.cookies.get("access_token")?.value;
+  const { pathname } = req.nextUrl;
+
+  const isAdminRoute = pathname.startsWith("/admin");
+  const isLoginPage = pathname.startsWith("/login");
+
+  // 🚫 block user if not logged in or not admin
+  if (isAdminRoute && ( !token || !getPermision(req).includes("Admin") )) {
+    return NextResponse.redirect(new URL("/login", req.url));
+  }
+
+  // 🔁 prevent logged-in users from seeing login page
+  if (isLoginPage && token && getPermision(req).includes("Admin")) {
+    return NextResponse.redirect(new URL("/admin/dashboard", req.url));
+  }
+
+  return NextResponse.next();
+}
\ No newline at end of file