Implement token blacklist for JWT logout support

- TokenBlacklistService tracks invalidated tokens using Caffeine cache.
- AuthController adds tokens to blacklist on logout.
- JwtAuthenticationFilter blocks blacklisted tokens during authentication.

src/main/java/com/skycrate/backend/skycrateBackend/controller/AuthController.java

@@ -4,6 +4,9 @@ import com.skycrate.backend.skycrateBackend.dto.LoginRequest;
 import com.skycrate.backend.skycrateBackend.security.JwtService;
 import com.skycrate.backend.skycrateBackend.entity.User;
 import com.skycrate.backend.skycrateBackend.repository.UserRepository;
+import com.skycrate.backend.skycrateBackend.security.TokenBlacklistService;
+import jakarta.servlet.http.HttpServletRequest;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -48,9 +51,19 @@ public class AuthController {
         return ResponseEntity.ok().body(token);
     }
 
+    @Autowired
+    private TokenBlacklistService tokenBlacklistService;
+
     @PostMapping("/logout")
-    public ResponseEntity<?> logout() {
-        // Client-side token deletion (or implement blacklist)
-        return ResponseEntity.ok("Logged out (client should delete token)");
+    public ResponseEntity<?> logout(HttpServletRequest request) {
+        String authHeader = request.getHeader("Authorization");
+        if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+            return ResponseEntity.badRequest().body("Missing or invalid Authorization header");
+        }
+
+        String token = authHeader.substring(7);
+        tokenBlacklistService.blacklistToken(token);
+
+        return ResponseEntity.ok("Logged out successfully");
     }
 }