diff --git a/src/app/dev/home/page.tsx b/src/app/dev/(user)/home/page.tsx
similarity index 100%
rename from src/app/dev/home/page.tsx
rename to src/app/dev/(user)/home/page.tsx
diff --git a/src/app/dev/(user)/layout.tsx b/src/app/dev/(user)/layout.tsx
new file mode 100644
index 00000000..0017c962
--- /dev/null
+++ b/src/app/dev/(user)/layout.tsx
@@ -0,0 +1,20 @@
+import { RouterAdminDashboard } from "@/app/lib/router_hipmi/router_admin";
+import { funGetUserIdByToken } from "@/app_modules/_global/fun/get";
+import { funGlobal_getUserById } from "@/app_modules/_global/fun/get/fun_get_user_by_id";
+import { redirect } from "next/navigation";
+
+export default async function Layout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  const userLoginId = await funGetUserIdByToken();
+  const dataUser = await funGlobal_getUserById({
+    userId: userLoginId as string,
+  });
+
+  if (dataUser?.masterUserRoleId != "1")
+    return redirect(RouterAdminDashboard.splash_admin);
+
+  return <>{children}</>;
+}
diff --git a/src/app_modules/_global/fun/get/fun_get_user_id_by_token.ts b/src/app_modules/_global/fun/get/fun_get_user_id_by_token.ts
index 22249f85..d08bc9cb 100644
--- a/src/app_modules/_global/fun/get/fun_get_user_id_by_token.ts
+++ b/src/app_modules/_global/fun/get/fun_get_user_id_by_token.ts
@@ -3,10 +3,17 @@
 import { prisma } from "@/app/lib";
 import { ServerEnv } from "@/app/lib/server_env";
 import { unsealData } from "iron-session";
+import { jwtVerify } from "jose";
 import { cookies } from "next/headers";
 
 export async function funGetUserIdByToken() {
-   const c = cookies().get(process.env.NEXT_PUBLIC_BASE_SESSION_KEY!);
+  const c = cookies().get(process.env.NEXT_PUBLIC_BASE_SESSION_KEY!);
+
+  const cekUser = await decrypt({
+    token: c?.value as string,
+    encodedKey: process.env.NEXT_PUBLIC_BASE_TOKEN_KEY!,
+  });
+
 
   //  const token = JSON.parse(
   //    await unsealData(c?.value as string, {
@@ -15,13 +22,32 @@ export async function funGetUserIdByToken() {
   //  );
   //  return token.id;
 
-  const token = c?.value
-  const cekToken = await prisma.userSession.findFirst({
-    where: {
-      token: token,
-    },
-  });
+  // const token = c?.value;
+  // const cekToken = await prisma.userSession.findFirst({
+  //   where: {
+  //     token: token,
+  //   },
+  // });
 
   // if (cekToken === null) return null
-  return cekToken?.userId
+  return cekUser?.id;
+}
+
+async function decrypt({
+  token,
+  encodedKey,
+}: {
+  token: string;
+  encodedKey: string;
+}): Promise<Record<string, any> | null> {
+  try {
+    const enc = new TextEncoder().encode(encodedKey);
+    const { payload } = await jwtVerify(token, enc, {
+      algorithms: ["HS256"],
+    });
+    return (payload.user as Record<string, any>) || null;
+  } catch (error) {
+    console.error("Gagal verifikasi session", error);
+    return null;
+  }
 }