fix: 탈퇴 회원이 UserGuard를 통과할 수 있는 문제를 수정하라

Here-You · Feb 15, 2024 · 9beb090 · 9beb090
1 parent d0745cf
commit 9beb090
Showing 1 changed file with 18 additions and 5 deletions.
diff --git a/src/user/user.guard.ts b/src/user/user.guard.ts
@@ -1,25 +1,38 @@
 import Express from 'express';
 import { CanActivate, ExecutionContext, Injectable } from '@nestjs/common';
-import { Observable } from 'rxjs';
 import * as jsonwebtoken from 'jsonwebtoken';
 import { IReqUser } from './user.dto';
+import { UserEntity } from './user.entity';
 
 @Injectable()
 export class UserGuard implements CanActivate {
-  canActivate(
-    context: ExecutionContext,
-  ): boolean | Promise<boolean> | Observable<boolean> {
+  async canActivate(context: ExecutionContext): Promise<boolean> {
     const request = context.switchToHttp().getRequest<Express.Request>();
     const authorization = request.headers['authorization']?.split(' ');
 
-    if (authorization.length === 2 && authorization[0] === 'Bearer') {
+    if (
+      authorization &&
+      authorization.length === 2 &&
+      authorization[0] === 'Bearer'
+    ) {
       const token = authorization[1];
 
       try {
         request.user = jsonwebtoken.verify(
           token,
           process.env.JWT_SECRET,
         ) as IReqUser;
+
+        // 사용자 검증
+        const isValidUser = await UserEntity.findOne({
+          where: {
+            id: request.user.id,
+          },
+        });
+
+        if (!isValidUser) {
+          return false;
+        }
       } catch (error) {
         return false;
       }