Add token revocation mechanism and support for logout APIs

This commit introduces a system to revoke tokens by storing their `jti` in a new `RevokedToken` model. It includes APIs for logging out (revoking a current token) and logging out from all devices (revoking all tokens). Additionally, token validation now checks revocation status during the decode process.

backend/app/alembic/versions/37315a5b4021_add_revokedtoken_model.py

@@ -0,0 +1,41 @@
+"""Add RevokedToken model
+
+Revision ID: 37315a5b4021
+Revises: 38bf9e7e74b3
+Create Date: 2025-02-28 17:11:07.741372
+
+"""
+from typing import Sequence, Union
+
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision: str = '37315a5b4021'
+down_revision: Union[str, None] = '38bf9e7e74b3'
+branch_labels: Union[str, Sequence[str], None] = None
+depends_on: Union[str, Sequence[str], None] = None
+
+
+def upgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('revoked_tokens',
+    sa.Column('jti', sa.String(length=50), nullable=False),
+    sa.Column('token_type', sa.String(length=20), nullable=False),
+    sa.Column('user_id', sa.UUID(), nullable=True),
+    sa.Column('id', sa.UUID(), nullable=False),
+    sa.Column('created_at', sa.DateTime(timezone=True), nullable=False),
+    sa.Column('updated_at', sa.DateTime(timezone=True), nullable=False),
+    sa.ForeignKeyConstraint(['user_id'], ['users.id'], ondelete='CASCADE'),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_revoked_tokens_jti'), 'revoked_tokens', ['jti'], unique=True)
+    # ### end Alembic commands ###
+
+
+def downgrade() -> None:
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_index(op.f('ix_revoked_tokens_jti'), table_name='revoked_tokens')
+    op.drop_table('revoked_tokens')
+    # ### end Alembic commands ###