Auth middleware is not aware of blacklisted or invalid tokens

In our current implementation of the auth middleware, we don't have a notion of the session token being invalidated or blacklisted, we only check that the JWT is valid using the `verify` function inside the `jsonwebtoken` library. This means that even if a user logout from the backend their token will still be valid until the time set on it expires.