[WTH-409] 위드 탈퇴 구현

src/main/kotlin/com/weeth/domain/club/application/usecase/command/ManageClubMemberUsecase.kt

@@ -25,6 +25,7 @@ import com.weeth.domain.file.domain.enums.FileOwnerType
 import com.weeth.domain.file.domain.enums.FileStatus
 import com.weeth.domain.file.domain.port.FileAccessUrlPort
 import com.weeth.domain.file.domain.repository.FileRepository
+import com.weeth.domain.user.application.exception.UserInActiveException
 import com.weeth.domain.user.domain.repository.UserReader
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
@@ -63,6 +64,7 @@ class ManageClubMemberUsecase(
         val club = clubRepository.getClubById(clubId)
         val user =
             userReader.getByIdWithLock(userId)
+        if (!user.isRegistered()) throw UserInActiveException()
 
         clubMemberRepository.findByClubIdAndUserId(clubId, userId)?.let {
             throw AlreadyJoinedException()

src/main/kotlin/com/weeth/domain/club/application/usecase/command/ManageClubUseCase.kt

@@ -30,6 +30,7 @@ import com.weeth.domain.file.domain.entity.File
 import com.weeth.domain.file.domain.enums.FileOwnerType
 import com.weeth.domain.file.domain.enums.FileStatus
 import com.weeth.domain.file.domain.repository.FileRepository
+import com.weeth.domain.user.application.exception.UserInActiveException
 import com.weeth.domain.user.domain.repository.UserReader
 import org.springframework.stereotype.Service
 import org.springframework.transaction.annotation.Transactional
@@ -66,6 +67,7 @@ class ManageClubUseCase(
 
         val user =
             userReader.getByIdWithLock(userId)
+        if (!user.isRegistered()) throw UserInActiveException()
         clubJoinPolicy.validateCreateLimit(userId)
 
         val code = ClubCodePolicy.generateCode()

src/main/kotlin/com/weeth/domain/club/domain/repository/ClubMemberRepository.kt

@@ -30,6 +30,22 @@ interface ClubMemberRepository :
         @Param("ids") ids: List<Long>,
     ): List<ClubMember>
 
+    @Lock(LockModeType.PESSIMISTIC_WRITE)
+    @QueryHints(QueryHint(name = "jakarta.persistence.lock.timeout", value = "2000"))
+    @Query(
+        """
+        SELECT cm
+        FROM ClubMember cm
+        JOIN FETCH cm.user
+        WHERE cm.user.id = :userId
+        AND cm.memberStatus = com.weeth.domain.club.domain.enums.MemberStatus.ACTIVE
+        ORDER BY cm.id ASC
+        """,
+    )
+    fun findAllActiveByUserIdWithLock(
+        @Param("userId") userId: Long,
+    ): List<ClubMember>
+
     override fun findAllByClubIdAndMemberStatus(
         clubId: Long,
         memberStatus: MemberStatus,

src/main/kotlin/com/weeth/domain/user/application/exception/UserErrorCode.kt

@@ -47,4 +47,7 @@ enum class UserErrorCode(
 
     @ExplainError("프로필 초기 설정 시 필수 필드가 누락되었을 때 발생합니다.")
     PROFILE_REQUIRED_FIELDS_MISSING(20912, HttpStatus.BAD_REQUEST, "프로필 초기 설정 시 모든 필수 항목을 입력해야 합니다."),
+
+    @ExplainError("사용자가 LEAD인 활성 동아리를 보유한 상태로 위드 탈퇴를 시도할 때 발생합니다.")
+    USER_HAS_LEAD_CLUB(20913, HttpStatus.CONFLICT, "LEAD인 동아리가 있어 탈퇴할 수 없습니다."),
 }

src/main/kotlin/com/weeth/domain/user/application/exception/UserHasLeadClubException.kt

@@ -0,0 +1,5 @@
+package com.weeth.domain.user.application.exception
+
+import com.weeth.global.common.exception.BaseException
+
+class UserHasLeadClubException : BaseException(UserErrorCode.USER_HAS_LEAD_CLUB)

src/main/kotlin/com/weeth/domain/user/application/usecase/command/AuthUserUseCase.kt

@@ -1,25 +1,16 @@
 package com.weeth.domain.user.application.usecase.command
 
-import com.weeth.domain.user.domain.repository.UserReader
 import com.weeth.global.auth.jwt.application.dto.JwtDto
 import com.weeth.global.auth.jwt.application.service.JwtTokenExtractor
 import com.weeth.global.auth.jwt.application.usecase.JwtManageUseCase
 import jakarta.servlet.http.HttpServletRequest
 import org.springframework.stereotype.Service
-import org.springframework.transaction.annotation.Transactional
 
 @Service
 class AuthUserUseCase(
-    private val userReader: UserReader,
     private val jwtManageUseCase: JwtManageUseCase,
     private val jwtTokenExtractor: JwtTokenExtractor,
 ) {
-    @Transactional
-    fun leave(userId: Long) {
-        val user = userReader.getById(userId)
-        user.leave()
-    }
-
     fun refreshToken(httpServletRequest: HttpServletRequest): JwtDto {
         val refreshToken = jwtTokenExtractor.extractRefreshToken(httpServletRequest)
         return jwtManageUseCase.reIssueToken(refreshToken)

src/main/kotlin/com/weeth/domain/user/application/usecase/command/LeaveUserUseCase.kt

@@ -0,0 +1,105 @@
+package com.weeth.domain.user.application.usecase.command
+
+import com.weeth.domain.club.domain.enums.MemberRole
+import com.weeth.domain.club.domain.repository.ClubMemberRepository
+import com.weeth.domain.club.domain.service.ClubActivityDeletionPolicy
+import com.weeth.domain.user.application.exception.UserHasLeadClubException
+import com.weeth.domain.user.domain.repository.UserReader
+import com.weeth.global.auth.jwt.application.usecase.JwtManageUseCase
+import com.weeth.global.auth.jwt.domain.port.AccessTokenBlacklistStorePort
+import io.micrometer.core.instrument.MeterRegistry
+import org.slf4j.LoggerFactory
+import org.springframework.stereotype.Service
+import org.springframework.transaction.annotation.Transactional
+import org.springframework.transaction.support.TransactionSynchronization
+import org.springframework.transaction.support.TransactionSynchronizationManager
+import java.time.Clock
+import java.time.LocalDateTime
+
+@Service
+class LeaveUserUseCase(
+    private val userReader: UserReader,
+    private val clubMemberRepository: ClubMemberRepository,
+    private val clubActivityDeletionPolicy: ClubActivityDeletionPolicy,
+    private val jwtManageUseCase: JwtManageUseCase,
+    private val accessTokenBlacklistStore: AccessTokenBlacklistStorePort,
+    private val meterRegistry: MeterRegistry,
+    private val clock: Clock,
+) {
+    private val log = LoggerFactory.getLogger(javaClass)
+
+    @Transactional
+    fun execute(userId: Long) {
+        val now = LocalDateTime.now(clock)
+        val user = userReader.getByIdWithLock(userId)
+        val activeMembers = clubMemberRepository.findAllActiveByUserIdWithLock(userId)
+
+        if (activeMembers.any { it.memberRole == MemberRole.LEAD }) {
+            throw UserHasLeadClubException()
+        }
+
+        activeMembers.forEach { member ->
+            clubActivityDeletionPolicy.markMemberActivitiesDeleted(member, now)
+            member.leave(now)
+        }
+
+        user.leave(now)
+        revokeTokensAfterCommit(userId)
+    }
+
+    private fun revokeTokensAfterCommit(userId: Long) {
+        TransactionSynchronizationManager.registerSynchronization(
+            object : TransactionSynchronization {
+                override fun afterCommit() {
+                    retryTokenRevoke("refresh token 삭제", "refresh_token_delete", userId) {
+                        jwtManageUseCase.deleteRefreshToken(userId)
+                    }
+                    retryTokenRevoke("access token blacklist 등록", "access_token_blacklist", userId) {
+                        accessTokenBlacklistStore.blacklist(userId)
+                    }
+                }
+            },
+        )
+    }
+
+    private fun retryTokenRevoke(
+        actionName: String,
+        metricAction: String,
+        userId: Long,
+        action: () -> Unit,
+    ) {
+        for (attempt in 1..TOKEN_REVOKE_ATTEMPTS) {
+            val result = runCatching(action)
+            if (result.isSuccess) break
+
+            result.onFailure { exception ->
+                if (attempt == TOKEN_REVOKE_ATTEMPTS) {
+                    log.error(
+                        "탈퇴 후 {} 최종 실패. userId={}, attempts={}",
+                        actionName,
+                        userId,
+                        TOKEN_REVOKE_ATTEMPTS,
+                        exception,
+                    )
+                    meterRegistry
+                        .counter(TOKEN_REVOKE_FAILURE_METRIC, "action", metricAction)
+                        .increment()
+                } else {
+                    log.warn(
+                        "탈퇴 후 {} 실패. userId={}, attempt={}/{}",
+                        actionName,
+                        userId,
+                        attempt,
+                        TOKEN_REVOKE_ATTEMPTS,
+                        exception,
+                    )
+                }
+            }
+        }
+    }
+
+    companion object {
+        private const val TOKEN_REVOKE_ATTEMPTS = 3
+        private const val TOKEN_REVOKE_FAILURE_METRIC = "user.leave.token_revoke.failure"
+    }
+}

src/main/kotlin/com/weeth/domain/user/domain/entity/User.kt

@@ -15,6 +15,7 @@ import jakarta.persistence.GeneratedValue
 import jakarta.persistence.GenerationType
 import jakarta.persistence.Id
 import jakarta.persistence.Table
+import java.time.LocalDateTime
 
 @Entity
 @Table(name = "users")
@@ -64,6 +65,14 @@ class User(
     var status: Status = status
         private set
 
+    @Column(name = "left_at", nullable = true)
+    var leftAt: LocalDateTime? = null
+        private set
+
+    @Column(name = "hard_delete_after", nullable = true)
+    var hardDeleteAfter: LocalDateTime? = null
+        private set
+
     @Column(nullable = false)
     var termsAgreed: Boolean = false
         private set
@@ -78,8 +87,11 @@ class User(
     val telValue: String?
         get() = tel?.value
 
-    fun leave() {
+    fun leave(now: LocalDateTime) {
+        check(status != Status.LEFT) { "이미 탈퇴한 사용자입니다." }
         status = Status.LEFT
+        leftAt = now
+        hardDeleteAfter = now.plusDays(RETENTION_DAYS)
     }
 
     fun isActive(): Boolean = status == Status.ACTIVE
@@ -146,6 +158,8 @@ class User(
     }
 
     companion object {
+        private const val RETENTION_DAYS = 30L
+
         fun create(
             name: String,
             email: String,

src/main/kotlin/com/weeth/domain/user/presentation/UserController.kt

@@ -9,6 +9,7 @@ import com.weeth.domain.user.application.exception.UserErrorCode
 import com.weeth.domain.user.application.usecase.command.AgreeTermsUseCase
 import com.weeth.domain.user.application.usecase.command.AuthUserUseCase
 import com.weeth.domain.user.application.usecase.command.CreateInquiryUseCase
+import com.weeth.domain.user.application.usecase.command.LeaveUserUseCase
 import com.weeth.domain.user.application.usecase.command.SocialLoginUseCase
 import com.weeth.domain.user.application.usecase.command.UpdateUserProfileUseCase
 import com.weeth.global.auth.annotation.CurrentUser
@@ -25,6 +26,7 @@ import jakarta.servlet.http.HttpServletRequest
 import jakarta.validation.Valid
 import org.springframework.http.HttpHeaders
 import org.springframework.http.ResponseEntity
+import org.springframework.web.bind.annotation.DeleteMapping
 import org.springframework.web.bind.annotation.PatchMapping
 import org.springframework.web.bind.annotation.PostMapping
 import org.springframework.web.bind.annotation.RequestBody
@@ -41,6 +43,7 @@ class UserController(
     private val updateUserProfileUseCase: UpdateUserProfileUseCase,
     private val agreeTermsUseCase: AgreeTermsUseCase,
     private val createInquiryUseCase: CreateInquiryUseCase,
+    private val leaveUserUseCase: LeaveUserUseCase,
     private val tokenCookieProvider: TokenCookieProvider,
 ) {
     @PostMapping("/social/kakao")
@@ -107,6 +110,15 @@ class UserController(
         return CommonResponse.success(UserResponseCode.USER_UPDATE_SUCCESS)
     }
 
+    @DeleteMapping("/me")
+    @Operation(summary = "위드 탈퇴")
+    fun leave(
+        @Parameter(hidden = true) @CurrentUser userId: Long,
+    ): ResponseEntity<CommonResponse<Void>> {
+        leaveUserUseCase.execute(userId)
+        return buildExpiredTokenResponse(CommonResponse.success(UserResponseCode.USER_LEFT_SUCCESS))
+    }
+
     @PostMapping("/inquiries")
     @Operation(summary = "문의하기")
     @SecurityRequirements
@@ -127,4 +139,11 @@ class UserController(
             .header(HttpHeaders.SET_COOKIE, tokenCookieProvider.createAccessTokenCookie(accessToken).toString())
             .header(HttpHeaders.SET_COOKIE, tokenCookieProvider.createRefreshTokenCookie(refreshToken).toString())
             .body(body)
+
+    private fun buildExpiredTokenResponse(body: CommonResponse<Void>): ResponseEntity<CommonResponse<Void>> =
+        ResponseEntity
+            .ok()
+            .header(HttpHeaders.SET_COOKIE, tokenCookieProvider.expireAccessTokenCookie().toString())
+            .header(HttpHeaders.SET_COOKIE, tokenCookieProvider.expireRefreshTokenCookie().toString())
+            .body(body)
 }

src/main/kotlin/com/weeth/domain/user/presentation/UserResponseCode.kt

@@ -13,4 +13,5 @@ enum class UserResponseCode(
     SOCIAL_LOGIN_SUCCESS(10903, HttpStatus.OK, "소셜 로그인이 성공적으로 처리되었습니다."),
     USER_TERMS_AGREE_SUCCESS(10904, HttpStatus.OK, "약관 동의가 성공적으로 처리되었습니다."),
     INQUIRY_SEND_SUCCESS(10905, HttpStatus.OK, "문의가 성공적으로 접수되었습니다."),
+    USER_LEFT_SUCCESS(10906, HttpStatus.OK, "위드 탈퇴가 완료되었습니다."),
 }

src/main/kotlin/com/weeth/global/auth/jwt/application/service/TokenCookieProvider.kt

@@ -27,6 +27,22 @@ class TokenCookieProvider(
             path = cookieProperties.refreshPath,
         )
 
+    fun expireAccessTokenCookie(): ResponseCookie =
+        buildCookie(
+            name = cookieProperties.accessTokenName,
+            value = "",
+            maxAge = Duration.ZERO,
+            path = cookieProperties.path,
+        )
+
+    fun expireRefreshTokenCookie(): ResponseCookie =
+        buildCookie(
+            name = cookieProperties.refreshTokenName,
+            value = "",
+            maxAge = Duration.ZERO,
+            path = cookieProperties.refreshPath,
+        )
+
     private fun buildCookie(
         name: String,
         value: String,

src/main/kotlin/com/weeth/global/auth/jwt/application/usecase/JwtManageUseCase.kt

@@ -38,4 +38,8 @@ class JwtManageUseCase(
 
         return create(userId, email, tokenType)
     }
+
+    fun deleteRefreshToken(userId: Long) {
+        refreshTokenStore.delete(userId)
+    }
 }

src/main/kotlin/com/weeth/global/auth/jwt/domain/port/AccessTokenBlacklistStorePort.kt

@@ -0,0 +1,7 @@
+package com.weeth.global.auth.jwt.domain.port
+
+interface AccessTokenBlacklistStorePort {
+    fun blacklist(userId: Long)
+
+    fun isBlacklisted(userId: Long): Boolean
+}

src/main/kotlin/com/weeth/global/auth/jwt/filter/JwtAuthenticationProcessingFilter.kt

@@ -1,8 +1,10 @@
 package com.weeth.global.auth.jwt.filter
 
+import com.weeth.domain.user.application.exception.UserInActiveException
 import com.weeth.global.auth.jwt.application.exception.TokenNotFoundException
 import com.weeth.global.auth.jwt.application.service.JwtTokenExtractor
 import com.weeth.global.auth.jwt.domain.enums.TokenType
+import com.weeth.global.auth.jwt.domain.port.AccessTokenBlacklistStorePort
 import com.weeth.global.auth.jwt.domain.service.JwtTokenProvider
 import com.weeth.global.auth.model.AuthenticatedUser
 import jakarta.servlet.FilterChain
@@ -18,6 +20,7 @@ import org.springframework.web.filter.OncePerRequestFilter
 class JwtAuthenticationProcessingFilter(
     private val jwtTokenProvider: JwtTokenProvider,
     private val jwtTokenExtractor: JwtTokenExtractor,
+    private val accessTokenBlacklistStore: AccessTokenBlacklistStorePort,
 ) : OncePerRequestFilter() {
     private val log = LoggerFactory.getLogger(javaClass)
 
@@ -41,6 +44,7 @@ class JwtAuthenticationProcessingFilter(
 
     private fun saveAuthentication(accessToken: String) {
         val claims = jwtTokenExtractor.extractClaims(accessToken) ?: throw TokenNotFoundException()
+        validateAccessTokenBlacklist(claims.id)
         val principal = AuthenticatedUser(claims.id, claims.email)
 
         val role =
@@ -59,4 +63,16 @@ class JwtAuthenticationProcessingFilter(
         SecurityContextHolder.getContext().authentication = authentication
         MDC.put("userId", claims.id.toString())
     }
+
+    private fun validateAccessTokenBlacklist(userId: Long) {
+        val isBlacklisted =
+            try {
+                accessTokenBlacklistStore.isBlacklisted(userId)
+            } catch (e: RuntimeException) {
+                log.error("Access token blacklist lookup failed. userId={}", userId, e)
+                throw e
+            }
+
+        if (isBlacklisted) throw UserInActiveException()
+    }
 }