Consider using HttpOnly cookies rather than sessionStorage for token storage to improve security

you might want to add role-based access control in protected routes for better permmisions.