🛂 security: fix auth token validation flow

shared/models/auth/logout.ts

@@ -1,12 +1,12 @@
 "use server";
 
-import { backendFetch } from "@/shared/helpers/backendFetch";
+import { backendFetch, BackendResponse } from "@/shared/helpers/backendFetch";
 import { cookies } from "next/headers";
 
 export const logout = async () => {
-  const res = await backendFetch("auth/logout", {
+  const res = (await backendFetch("auth/logout", {
     method: "POST",
-  });
+  })) as BackendResponse;
 
   if (res.success) {
     (await cookies()).delete("auth_token");

shared/models/auth/validateAndDecodeJWT.ts

@@ -1,6 +1,7 @@
 "use server";
 
 import { backendFetch, BackendResponse } from "@/shared/helpers/backendFetch";
+import { redirect } from "next/navigation";
 import { cookies } from "next/headers";
 
 export interface UserSession {
@@ -30,18 +31,14 @@ export interface UserSession {
 }
 
 export const validateAndDecodeJWT = async (): Promise<UserSession | null> => {
-  const cookieHeader = (await cookies()).get("auth_token")?.value;
-
-  if (!cookieHeader) {
-    return null;
-  }
-
+  "use server";
   const res = (await backendFetch("auth/token/validate", {
     method: "POST",
-    body: JSON.stringify({
-      token: cookieHeader,
-    }),
   })) as BackendResponse<UserSession>;
 
-  return res.data!;
+  if (res.status === 403) {
+    redirect("/auth/logout");
+  }
+
+  return res.data ?? null;
 };