From de06404d0fce9e1ad6ab3717edd2878b4d443ca4 Mon Sep 17 00:00:00 2001
From: AutonetSellCar Deploy <autonet@grantech.kr>
Date: Thu, 1 Jan 2026 17:40:47 +0900
Subject: [PATCH] =?UTF-8?q?Fix:=20=EC=82=AD=EC=A0=9C=EB=90=9C=20=EC=82=AC?=
 =?UTF-8?q?=EC=9A=A9=EC=9E=90=20=EC=9E=AC=EA=B0=80=EC=9E=85=20=ED=97=88?=
 =?UTF-8?q?=EC=9A=A9=20=EB=B0=8F=20=EB=A1=9C=EA=B7=B8=EC=9D=B8=20=EC=B0=A8?=
 =?UTF-8?q?=EB=8B=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- 소프트 삭제된 사용자도 재가입 가능하도록 수정
- 재가입 시 기존 삭제된 사용자 데이터 완전 삭제
- 삭제된/비활성화된 사용자 로그인 차단

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 backend/app/api/auth.py | 38 +++++++++++++++++++++++++++++++++++++-
 1 file changed, 37 insertions(+), 1 deletion(-)

diff --git a/backend/app/api/auth.py b/backend/app/api/auth.py
index 1342a61..a1c13ee 100644
--- a/backend/app/api/auth.py
+++ b/backend/app/api/auth.py
@@ -97,10 +97,30 @@ def register(user_data: UserCreate, db: Session = Depends(get_db)):
     from ..models.user import VerificationCode
     from datetime import datetime
 
-    existing = db.query(User).filter(User.email == user_data.email).first()
+    # 활성 사용자만 체크 (삭제된 사용자는 재가입 허용)
+    existing = db.query(User).filter(
+        User.email == user_data.email,
+        User.deleted_at.is_(None)  # 삭제되지 않은 사용자만
+    ).first()
     if existing:
         raise HTTPException(status_code=400, detail="Email already registered")
 
+    # 삭제된 사용자가 있다면 완전히 제거 (동일 이메일 재가입 허용)
+    deleted_user = db.query(User).filter(
+        User.email == user_data.email,
+        User.deleted_at.isnot(None)
+    ).first()
+    if deleted_user:
+        # 관련 데이터 삭제
+        from ..models import CarView, PerformanceCheckView, ChargeHistory, Inquiry, Notification
+        db.query(CarView).filter(CarView.user_id == deleted_user.id).delete()
+        db.query(PerformanceCheckView).filter(PerformanceCheckView.user_id == deleted_user.id).delete()
+        db.query(ChargeHistory).filter(ChargeHistory.user_id == deleted_user.id).delete()
+        db.query(Inquiry).filter(Inquiry.user_id == deleted_user.id).delete()
+        db.query(Notification).filter(Notification.user_id == deleted_user.id).delete()
+        db.delete(deleted_user)
+        db.commit()
+
     # Check if email was verified (pre-registration verification)
     email_verified = False
     verification = db.query(VerificationCode).filter(
@@ -148,6 +168,22 @@ def login(
             headers={"WWW-Authenticate": "Bearer"},
         )
 
+    # 삭제된 사용자 체크
+    if user.deleted_at:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="This account has been deleted",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    # 비활성화된 사용자 체크
+    if not user.is_active:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="This account has been deactivated",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
     access_token = create_access_token(data={"sub": user.email})
     return Token(access_token=access_token)