Hey @tybritten 
Welcome to The Community 
RE: issue #1, it sounds like you’re essentially doing RBAC with an external provider — granted, that external provider is your own Functions, but point being that you’re not using Netlify Identity. Given that constraint, can you walk me through what your JWT actually looks like? Just want to make sure it adheres to the particular format that the Netlify _redirects engine is looking for in order to work correctly. Additionally, did you set the secret/signing key that you’re using as the “JWT Secret” in the Site’s settings?
RE: issue #2, there’s a long-standing thread running based around redirects and rewrites to a function. I’d recommend giving it a thorough read, as it should inform you on how to refactor that particular redirect.
Hope that helps!
–
Jon