refactor(auth): Move token version check to authentication class.

- Remove TokenVersionMiddleware
- Implement CustomJWTAuthentication with same validation logic
- No functional changes for end users

Author: RandomProgramm3r

promo_code/promo_code/settings.py

@@ -50,7 +50,7 @@ def load_bool(name, default):
 
 REST_FRAMEWORK = {
     'DEFAULT_AUTHENTICATION_CLASSES': [
-        'rest_framework_simplejwt.authentication.JWTAuthentication',
+        'user.authentication.CustomJWTAuthentication'
     ],
 }
 
@@ -108,7 +108,6 @@ def load_bool(name, default):
     'django.contrib.auth.middleware.AuthenticationMiddleware',
     'django.contrib.messages.middleware.MessageMiddleware',
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
-    'user.middleware.TokenVersionMiddleware',
 ]
 
 ROOT_URLCONF = 'promo_code.urls'

promo_code/user/authentication.py

@@ -0,0 +1,17 @@
+import rest_framework_simplejwt.exceptions
+import rest_framework_simplejwt.authentication
+
+
+class CustomJWTAuthentication(rest_framework_simplejwt.authentication.JWTAuthentication):
+    def authenticate(self, request):
+        try:
+            user_token = super().authenticate(request)
+        except rest_framework_simplejwt.exceptions.InvalidToken:
+            raise rest_framework_simplejwt.exceptions.AuthenticationFailed('Token is invalid or expired')
+
+        if user_token:
+            user, token = user_token
+            if token.payload.get('token_version') != user.token_version:
+                raise rest_framework_simplejwt.exceptions.AuthenticationFailed('Token invalid')
+
+        return user_token