How to set up auth for static files

I am using SolidStart which uses Nitro I have been going down a rabbit hole of trying to figure out how I can set up an admin app or portion of the main app and have its static assets protected by JWT auth or something similar I heard of a functions/_middleware.js approach, but this was never deployed/built/recognized by wrangler or the framework Found out it is probably due to the presence of a _worker.js, which is not even a file, its a directory, which I have hardly seen any information about it being a directory I am not sure the best way to go about it. Do I somehow inject code somewhere in the _worker.js directory? Do I have to set up a separate worker and somehow connect it to my Pages app and have it in the middle of the client and static assets? Any insight into all of this would be appreciated!