Nextjs Abstractions & Common Mistakes 

You can set up the middleware to run before the protected page(or any other pages you want) is loaded so at that point you can check user authentication redirect them wherever you want if they arent authenticated. so even if they type it out they wont access it.

Yeah pretty much what @enz1222 said. I am currently making a video on how to implement role based access in nextjs so maybe that will be useful :)

thank you in advance