logout view

backend/account/urls.py

@@ -14,4 +14,5 @@ urlpatterns = [
     path('address/<int:pk>', views.GetIDUserAddressView.as_view(), name='get-ID-address'),
     path('subscribe', views.SubscribeView.as_view(), name='subscibe'),
     path('attack/view/<int:pk>', views.ChangeViewAttack.as_view(), name='attack-view'),
+    path('logout', views.LogoutView.as_view(), name='logout'),
 ]

backend/account/views.py

@@ -196,3 +196,26 @@ class ChangeViewAttack(View):
         attack.viewd = not attack.viewd
         attack.save()
         return redirect('admin:account_securitybreachattemptmodel_changelist')
+
+
+from rest_framework import serializers
+from rest_framework_simplejwt.tokens import RefreshToken
+
+class LogoutSerializer(serializers.Serializer):
+    refresh_token = serializers.CharField(help_text="Refresh token to be blacklisted")
+
+class LogoutView(APIView):
+    permission_classes = (IsAuthenticated,)
+
+    @extend_schema(
+        request=LogoutSerializer,
+        responses={205: None, 400: "Bad request (invalid token or missing data)"},
+    )
+    def post(self, request):
+        try:
+            refresh_token = request.data["refresh_token"]
+            token = RefreshToken(refresh_token)
+            token.blacklist()
+            return Response(status=status.HTTP_205_RESET_CONTENT)
+        except Exception as e:
+            return Response(status=status.HTTP_400_BAD_REQUEST)