feat(SW-162): Used token instead of cookie

middlewares/authRequired.ts

@@ -1,4 +1,3 @@
-import { cookies } from "next/headers"
 import { NextResponse } from "next/server"
 
 import { authRequired, mfaRequired } from "@/constants/routes/authRequired"
@@ -55,13 +54,15 @@ export const middleware = auth(async (request) => {
   nextUrlClone.hostname = publicUrl.hostname
 
   /**
-   * Function to validate MFA cookie expiry
+   * Function to validate MFA from token data
    * @returns boolean
    */
   function isMFAInvalid() {
     const isMFAPath = mfaRequired.includes(nextUrl.pathname)
-    const cookieStore = cookies()
-    return isMFAPath && !cookieStore.get("_MFA-validated-cookie")?.value
+    const isMFATokenValid = request.auth
+      ? request.auth.token.mfa_expires_at > Date.now()
+      : false
+    return isMFAPath && !(request.auth?.token.mfa_scope && isMFATokenValid)
   }
 
   if (isLoggedIn && isMFAInvalid()) {