diff --git a/middleware/auth.ts b/middleware/auth.ts
index 5048b24c316618f701b82aebc25c6fd56cb1698a..53fc7a2fdfbe263cbc571fd30bc3e202b54b8ee7 100644
--- a/middleware/auth.ts
+++ b/middleware/auth.ts
@@ -1,6 +1,20 @@
-export default defineNuxtRouteMiddleware((to) => {
+export default defineNuxtRouteMiddleware(async () => {
     const hasToken = useCookie('session_token');
-    if (!hasToken && to.path.startsWith('/admin')) {
+    if (!hasToken) {
+        return navigateTo('/login');
+    }
+
+    let isAuthorized = false;
+    await useFetch('/api/admin/ping', {
+        onResponse({response}) {
+            console.log(response.ok);
+            if (response.ok) {
+                isAuthorized = true;
+            }
+        }
+    });
+
+    if (!isAuthorized) {
         return navigateTo('/login');
     }
 });
\ No newline at end of file
diff --git a/pages/admin.vue b/pages/admin.vue
index 67818b9fcf8915ecaeb4ed2fafc95893dd354460..bdb76bcf95f439b1b15c5b002acf6412930720a0 100644
--- a/pages/admin.vue
+++ b/pages/admin.vue
@@ -1,7 +1,10 @@
 <script setup lang="ts">
 definePageMeta({
   middleware: 'auth'
-})
+});
+
+useAuthStore();
+
 </script>
 
 <template>
diff --git a/server/api/admin/ping.ts b/server/api/admin/ping.ts
new file mode 100644
index 0000000000000000000000000000000000000000..6064d83998470b086a06c39d79378167bec75a0a
--- /dev/null
+++ b/server/api/admin/ping.ts
@@ -0,0 +1,5 @@
+import {EventHandlerRequest, H3Event} from "h3";
+
+export default defineEventHandler(async () => {
+    return "pong";
+});
\ No newline at end of file
diff --git a/server/middleware/auth.ts b/server/middleware/auth.ts
new file mode 100644
index 0000000000000000000000000000000000000000..3927e0a92a1a8accaa0ab4d3747f81a8c030eca6
--- /dev/null
+++ b/server/middleware/auth.ts
@@ -0,0 +1,34 @@
+import {EventHandlerRequest, H3Event} from "h3";
+import prisma from "~/lib/prisma";
+
+export default defineEventHandler(async (event: H3Event<EventHandlerRequest>) => {
+    if (!event.path.startsWith('/admin/')) {
+        return;
+    }
+
+    const sessionToken = getCookie(event, 'session_token');
+    const sessionUserId = getCookie(event, 'userId');
+    console.log(sessionToken, sessionUserId);
+
+    if (!sessionToken || !sessionUserId) {
+        throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
+    }
+
+    const dateNow = new Date();
+    const session = await prisma.session.findUnique({
+        where: {
+            token: sessionToken,
+            expiresAt: {
+                gte: dateNow,
+            }
+        },
+    });
+
+    if (!session) {
+        throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
+    }
+
+    if (session.userId.toString() !== sessionUserId) {
+        throw createError({statusCode: 401, statusMessage: 'Unauthorized'});
+    }
+});
\ No newline at end of file