JSON Web Token

How to properly authenticate with Vue, Nuxt, JWT, Node.js, Axios?

At the moment, the scheme is as follows, after a successful login and password, the user receives a token and a refresh token. The lifetime of the token is 5 minutes. I save them in a radish, and by the key of the refresh token I store the key of the access token. After the token's lifetime has passed, I remove it from the radish and send an error to the client with the information that the login is not valid. In the error handler for axios, I dispatc the action to the route to get a new token with a refresh token.
I update the record of the refresh token in the radish. After blocking the user, since I store the refresh token in the database, I delete his token from the radish and also delete his active token. As a result, the user is blocked.

Questions:
1) Is it correct to store the refresh token in the database?
2) If I store a token and a refresh token on the client, then how can I properly protect myself from hacking?
3) Token verification. i do it in middleware. Do I need to throw an error for axios for a request at all, or can I throw two tokens in the body and do it all at once?
4) Do I need to store a refresh token on the client at all. If it can be stored in a radish by the key from the active token ?

PS.
Option 4 is out.