add comment for functionality explanation

middleware.ts

@@ -1,3 +1,9 @@
+/**
+ * Next.js middleware to protect admin routes.
+ * - Runs for paths matched by the config `matcher` (see bottom).
+ * - Checks for the `refreshToken` cookie; if missing, redirects to `/login` before any page renders.
+ * - No manual import/use needed—Next.js automatically executes this for matching requests.
+ */
 import { NextRequest, NextResponse } from 'next/server'
 
 // Move accessToken to HttpOnly cookie in future for better security