add token validation in qwik server

[ymoukhli]

add a token validation before loading the page.

expected behavior:

if a user change the role to admin in the jwt and try to go to dashboard page it will log him out.

issue:

#687

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
reduced-to	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 3, 2024 3:59pm

[origranot]

Hey @ymoukhli,

Quick heads up on the PR – with our server-side validation in NestJS already in place, I'm questioning if the client-side token validation is doing us any real favors. Especially thinking about multi-user, this approach might not hold up too well.

Considering we're pretty covered by the backend security, focusing our efforts there or on enhancing other security aspects might be more beneficial. This PR, as is, might not be the solution we're looking for. We might need to consider closing this issue and brainstorming a bit more on what really needs our attention.

What's your take on this?

[ymoukhli]

Hello @origranot

I concur that this Pull Request won't contribute significantly; it merely addresses the open issue. If I come across any vulnerabilities, Il make sure to let you know.