twenty-three-23 · dduqqo · Oct 14, 2024
diff --git a/src/main/java/com/twentythree/peech/security/exception/LoginExceptionCode.java b/src/main/java/com/twentythree/peech/security/exception/LoginExceptionCode.java
@@ -9,7 +9,8 @@ public enum LoginExceptionCode{
     LOGIN_EXCEPTION_CODE(HttpStatus.UNAUTHORIZED, "유효하지않은 토큰입니다."),
     SIGNUP_FINISHED_NOT_YET(HttpStatus.LENGTH_REQUIRED, "아직 가입이 완료되지 않았습니다."),
     ACCESS_TOKEN_EXPIRED(HttpStatus.GONE, "access 토큰이 만료되었습니다. refresh 토큰으로 로그인 해주세요."),
-    REFRESH_TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "refresh 토큰이 만료되었습니다. 다시 로그인 해주세요.");
+    REFRESH_TOKEN_EXPIRED(HttpStatus.UNAUTHORIZED, "refresh 토큰이 만료되었습니다. 다시 로그인 해주세요."),
+    NOT_EXIST_USER(HttpStatus.NOT_FOUND, "존재하지 않는 유저입니다.");
 
 
     private final HttpStatus status;

diff --git a/src/main/java/com/twentythree/peech/security/jwt/JWTUserDetailsService.java b/src/main/java/com/twentythree/peech/security/jwt/JWTUserDetailsService.java
@@ -6,6 +6,7 @@
 import com.twentythree.peech.user.entity.UserEntity;
 import com.twentythree.peech.user.repository.UserRepository;
 import com.twentythree.peech.user.value.SignUpFinished;
+import com.twentythree.peech.user.value.UserStatus;
 import jakarta.servlet.http.HttpServletRequest;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.core.userdetails.UserDetailsService;
@@ -35,6 +36,10 @@ public JWTUserDetails loadUserByUsername(String username) throws UsernameNotFoun
         String httpMethod = request.getMethod();
         String uri = request.getRequestURI();
 
+        if (userEntity.getUserStatus() == UserStatus.DELETE) {
+            throw new JWTAuthenticationException(LoginExceptionCode.NOT_EXIST_USER);
+        }
+
         // User가 Pending이면 에러 발생 단, 요청 request가 PATCH /api/v1/users/{userId} 일 경우에는 에러 발생하지 않음
         if (userEntity.getSignUpFinished() == SignUpFinished.PENDING
                 && !httpMethod.equals("PATCH") && !uri.contains("/api/v1/users/" + userId)) {