feat: implement secure cookie-based authentication with login, refresh, and logout endpoints

2026-05-04 08:56:52 +00:00 · 2026-04-10 18:11:15 +05:30
parent 0d37242f0d
commit 373c2b1815
3 changed files with 53 additions and 6 deletions
@@ -55,6 +55,8 @@ class MeView(generics.RetrieveAPIView):


 class TokenLoginView(TokenObtainPairView):
+    permission_classes = (permissions.AllowAny,)
+
    def post(self, request, *args, **kwargs):
        response = super().post(request, *args, **kwargs)
        if response.status_code == status.HTTP_200_OK:
@@ -64,6 +66,8 @@ class TokenLoginView(TokenObtainPairView):


 class RefreshTokenView(TokenRefreshView):
+    permission_classes = (permissions.IsAuthenticated,)
+
    def post(self, request, *args, **kwargs):
        refresh_token = request.COOKIES.get(settings.SIMPLE_JWT["AUTH_COOKIE"])
        if not refresh_token:
@@ -74,3 +78,18 @@ class RefreshTokenView(TokenRefreshView):
            new_refresh_token = response.data["refresh"]
            response = set_response_cookies(response, new_refresh_token)
        return response
+
+
+class LogoutView(generics.GenericAPIView):
+    permission_classes = (permissions.AllowAny,)
+
+    def post(self, request):
+        response = Response({"detail": "Successfully logged out"}, status=status.HTTP_200_OK)
+        # Clear the secure cookie
+        response.delete_cookie(
+            key=settings.SIMPLE_JWT["AUTH_COOKIE"],
+            domain=settings.SIMPLE_JWT.get("AUTH_COOKIE_DOMAIN"),
+            samesite=settings.SIMPLE_JWT.get("AUTH_COOKIE_SAMESITE"),
+            path="/",
+        )
+        return response