Merge pull request #183 from checkmo2025/feat/182/getWithdrawal

[Feat] 신고 목록 조회 기능 추가

Author: MODUGGAGI

src/main/java/checkmo/authentication/AuthenticationAPI.java

@@ -1,5 +1,8 @@
 package checkmo.authentication;
 
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
 public interface AuthenticationAPI {
 
     /**
@@ -12,7 +15,7 @@ public interface AuthenticationAPI {
     /**
      * 특정 회원의 인증 계정을 비활성화하고 세션을 만료시킵니다.
      */
-    void deactivateMember(String memberId);
+    void deactivateMember(String memberId, HttpServletRequest request, HttpServletResponse response);
 
     /**
      * 특정 회원의 인증 관련 데이터(계정 정보, 권한, 토큰 등)를 완전히 삭제합니다.

src/main/java/checkmo/authentication/AuthenticationEvent.java

@@ -16,6 +16,10 @@ public record SendVerificationEmail(String email, String verificationCode, Verif
     public record SendTempPassword(String email, String tempPassword){
     }
 
+    @Builder
+    public record ReactivateMember(String id) {
+    }
+
     public enum VerificationType {
         SIGN_UP, UPDATE_EMAIL
     }

src/main/java/checkmo/authentication/internal/AuthenticationAPIImpl.java

@@ -3,7 +3,10 @@
 import checkmo.authentication.AuthenticationAPI;
 import checkmo.authentication.internal.repository.AuthRepository;
 import checkmo.authentication.internal.security.jwt.TokenCacheService;
+import checkmo.authentication.internal.service.command.AuthSessionCommandService;
 import checkmo.authentication.internal.service.command.AuthUserCommandService;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
 
@@ -12,6 +15,7 @@
 public class AuthenticationAPIImpl implements AuthenticationAPI {
 
     private final AuthUserCommandService authUserCommandService;
+    private final AuthSessionCommandService authSessionCommandService;
     private final TokenCacheService tokenCacheService;
     private final AuthRepository authRepository;
 
@@ -27,8 +31,8 @@ public void completeProfile(String memberId) {
     }
 
     @Override
-    public void deactivateMember(String memberId) {
-        tokenCacheService.deleteRefreshToken(memberId);
+    public void deactivateMember(String memberId, HttpServletRequest request, HttpServletResponse response) {
+        authSessionCommandService.logout(request, response);
         authUserCommandService.deactivateMember(memberId);
     }
 

src/main/java/checkmo/authentication/internal/config/SecurityConfig.java

@@ -48,6 +48,7 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                         .requestMatchers(HttpMethod.GET, "/api/books/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/book-stories/me", "/api/book-stories/following", "/api/book-stories/clubs/**").authenticated()
                         .requestMatchers(HttpMethod.GET, "/api/book-stories", "/api/book-stories/*", "/api/book-stories/search/*", "/api/book-stories/members/*").permitAll()
+                        .requestMatchers(HttpMethod.GET, "/api/news/me").authenticated()
                         .requestMatchers(HttpMethod.GET, "/api/news/**").permitAll()
                         .requestMatchers(HttpMethod.GET, "/api/members/me", "/api/members/me/**").authenticated()
                         .requestMatchers(HttpMethod.GET, "/api/members/*").permitAll()

src/main/java/checkmo/authentication/internal/entity/AuthUser.java

@@ -34,6 +34,10 @@ public void deactivate() {
         this.deactivatedAt = LocalDateTime.now();
     }
 
+    public void reactivate() {
+        this.deactivatedAt = null;
+    }
+
     public void completeProfile() {
         this.profileCompleted = true;
     }

src/main/java/checkmo/authentication/internal/repository/AuthRepository.java

@@ -7,6 +7,7 @@
 public interface AuthRepository extends JpaRepository<AuthUser, String> {
 
     Optional<AuthUser> findByEmail(String email);
+    Optional<AuthUser> findByIdAndDeactivatedAtIsNotNull(String id);
 
     boolean existsByEmail(String email);
 }

src/main/java/checkmo/authentication/internal/security/auth/CustomUserDetailsService.java

@@ -27,8 +27,7 @@ public UserDetails loadUserByUsername(String email) throws UsernameNotFoundExcep
                 .orElseThrow(() -> new UsernameNotFoundException(
                         "해당 이메일을 가진 사용자를 찾을 수 없습니다: " + email));
 
-        // 비활성화된 계정, 탈퇴한 계정 등의 상태 검증
-        validateMemberStatus(user);
+        // 로그인 성공 시점 자동 복구 정책 때문에 로그인 단계에서는 비활성 상태를 차단하지 않는다.
         return new PrincipalDetails(user);
     }
 

src/main/java/checkmo/authentication/internal/security/auth/PrincipalDetails.java

@@ -60,7 +60,7 @@ public boolean isCredentialsNonExpired() {
 
     @Override
     public boolean isEnabled() {
-        return user.getDeactivatedAt() == null;
+        return true;
     }
 
     // OAuth2User methods

src/main/java/checkmo/authentication/internal/security/jwt/JwtAuthenticationFilter.java

@@ -1,6 +1,7 @@
 package checkmo.authentication.internal.security.jwt;
 
 import checkmo.authentication.internal.exception.AuthErrorStatus;
+import checkmo.authentication.internal.exception.AuthException;
 import checkmo.authentication.internal.repository.AuthRepository;
 import checkmo.common.apiPayload.ApiResponse;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -99,6 +100,10 @@ protected void doFilterInternal(
                 SecurityContextHolder.getContext().setAuthentication(authentication);
                 log.info("[JWT 필터] Access Token 유효성 검사 통과");
             }
+        } catch (AuthException e) {
+            log.warn("[JWT 필터] 비활성/유효하지 않은 회원 토큰 감지: {}", e.getMessage());
+            clearInvalidSession(response, accessToken);
+            SecurityContextHolder.clearContext();
         } catch (ExpiredJwtException e) { // Access Token이 존재하지만 만료된 경우
             log.warn("[JWT 필터] Access Token 만료됨: {}", e.getMessage());
             reissueAccessToken(request, response); // Refresh Token을 사용해 재발급 시도
@@ -107,6 +112,14 @@ protected void doFilterInternal(
         filterChain.doFilter(request, response);
     }
 
+    private void clearInvalidSession(HttpServletResponse response, String accessToken) {
+        if (StringUtils.hasText(accessToken)) {
+            tokenCacheService.saveBlacklistToken(accessToken);
+        }
+        jwtCookieUtil.deleteTokenFromCookie(response, "accessToken");
+        jwtCookieUtil.deleteTokenFromCookie(response, "refreshToken");
+    }
+
     // Access Token이 만료된 경우, Refresh Token을 사용해 재발급
     private void reissueAccessToken(HttpServletRequest request, HttpServletResponse response) {
         // 쿠키에서 Refresh Token 추출

src/main/java/checkmo/authentication/internal/security/jwt/JwtLoginProcessor.java

@@ -1,6 +1,7 @@
 package checkmo.authentication.internal.security.jwt;
 
 import checkmo.authentication.internal.security.auth.PrincipalDetails;
+import checkmo.authentication.internal.service.command.AuthReactivationCommandService;
 import jakarta.servlet.http.HttpServletResponse;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.Authentication;
@@ -13,9 +14,15 @@ public class JwtLoginProcessor {
     private final JwtTokenProvider jwtTokenProvider;
     private final JwtCookieUtil jwtCookieUtil;
     private final TokenCacheService tokenCacheService;
+    private final AuthReactivationCommandService authReactivationCommandService;
 
     // 로그인 성공 시 JWT 토큰 생성 및 쿠키 설정
     public void processLogin(HttpServletResponse response, Authentication authentication) {
+        String userId = ((PrincipalDetails) authentication.getPrincipal()).getUser().getId();
+
+        // 인증 성공 시점에만 계정 자동 복구
+        authReactivationCommandService.reactivateIfDeactivated(userId);
+
         // JWT 토큰 생성
         JwtToken jwtToken = jwtTokenProvider.generateToken(authentication);
 
@@ -26,8 +33,6 @@ public void processLogin(HttpServletResponse response, Authentication authentica
         jwtCookieUtil.addTokenToCookie(response, "refreshToken", jwtToken.getRefreshToken(), refreshTokenMaxAge);
 
         // RefreshToken Redis에 저장
-        String userId = ((PrincipalDetails) authentication.getPrincipal()).getUser().getId();
         tokenCacheService.saveRefreshToken(userId, jwtToken.getRefreshToken());
     }
 }
-