working on manual logout: block access token

apps/authentication/api/v1/api.py

@@ -10,7 +10,7 @@ from apps.authentication.api.v1.serializers.serializer import (
     OrganizationTypeSerializer,
     OrganizationSerializer,
     UserSerializer,
-    BankAccountSerializer
+    BankAccountSerializer,
 )
 from rest_framework_simplejwt.views import TokenObtainPairView
 from apps.authorization.api.v1 import api as authorize_view
@@ -21,7 +21,8 @@ from apps.authentication.models import (
     Province,
     Organization,
     OrganizationType,
-    BankAccountInformation
+    BankAccountInformation,
+    BlacklistedAccessToken
 )
 from django.db import transaction
 from rest_framework.response import Response
@@ -30,6 +31,9 @@ from django.core.cache import cache
 from rest_framework import status
 from common.sms import send_sms
 import random
+from rest_framework.views import APIView
+from rest_framework.permissions import IsAuthenticated
+from apps.authentication.tools import get_token_jti
 
 
 class CustomizedTokenObtainPairView(TokenObtainPairView):
@@ -37,6 +41,24 @@ class CustomizedTokenObtainPairView(TokenObtainPairView):
     serializer_class = CustomizedTokenObtainPairSerializer
 
 
+class LogoutView(APIView):
+    permission_classes = [IsAuthenticated]
+
+    def post(self, request):
+        token_str = request.auth  # access token from header
+        jti, user_id = get_token_jti(str(token_str))
+
+        if not jti:
+            return Response({'detail': 'Invalid token'}, status=status.HTTP_400_BAD_REQUEST)
+
+        BlacklistedAccessToken.objects.get_or_create(jti=jti, defaults={
+            'token': token_str,
+            'user_id': user_id,
+        })
+
+        return Response({'detail': 'Access token blacklisted.'}, status=status.HTTP_200_OK)
+
+
 class UserViewSet(ModelViewSet):
     """ Crud operations for user model """
     queryset = User.objects.all()