✨ feat: 회원 탈퇴 기능 구현

Author: jiwon1217

backend/src/main/java/io/f1/backend/domain/user/api/UserController.java

@@ -0,0 +1,29 @@
+package io.f1.backend.domain.user.api;
+
+import static io.f1.backend.global.util.SecurityUtils.logout;
+
+import io.f1.backend.domain.user.app.UserService;
+import io.f1.backend.domain.user.dto.UserPrincipal;
+import jakarta.servlet.http.HttpSession;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequiredArgsConstructor
+@RequestMapping("/user/me")
+public class UserController {
+
+    private final UserService userService;
+
+    @DeleteMapping
+    public ResponseEntity<Void> deleteCurrentUser(
+        @AuthenticationPrincipal UserPrincipal userPrincipal, HttpSession httpSession) {
+        userService.deleteUser(userPrincipal.getUserId());
+        logout(httpSession);
+        return ResponseEntity.noContent().build();
+    }
+}

backend/src/main/java/io/f1/backend/domain/user/app/UserService.java

@@ -82,4 +82,11 @@ private void updateSessionAfterSignup(HttpSession session, User user) {
         session.removeAttribute(OAUTH_USER);
         session.setAttribute(USER, AuthenticationUser.from(user));
     }
+
+    @Transactional
+    public void deleteUser(Long userId) {
+        User user = userRepository.findById(userId)
+            .orElseThrow(() -> new RuntimeException("E404001: 존재하지 않는 회원입니다."));
+        userRepository.delete(user);
+    }
 }

backend/src/main/java/io/f1/backend/global/config/SecurityConfig.java

@@ -42,6 +42,7 @@ public SecurityFilterChain userFilterChain(HttpSecurity http) throws Exception {
                                         .permitAll()
                                         .requestMatchers("/ws/**")
                                         .authenticated()
+                                        .requestMatchers("/user/me").hasRole("USER")
                                         .anyRequest()
                                         .authenticated())
                 .formLogin(AbstractHttpConfigurer::disable)

backend/src/main/java/io/f1/backend/global/config/WebConfig.java

@@ -1,6 +1,8 @@
 package io.f1.backend.global.config;
 
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.filter.HiddenHttpMethodFilter;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
@@ -14,4 +16,9 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/images/thumbnail/**")
                 .addResourceLocations("file:images/thumbnail/");
     }
+
+    @Bean
+    public HiddenHttpMethodFilter hiddenHttpMethodFilter() {
+        return new HiddenHttpMethodFilter();
+    }
 }

backend/src/main/java/io/f1/backend/global/util/SecurityUtils.java

@@ -3,6 +3,7 @@
 import io.f1.backend.domain.user.dto.UserPrincipal;
 import io.f1.backend.domain.user.entity.User;
 
+import jakarta.servlet.http.HttpSession;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
@@ -37,4 +38,15 @@ public static Long getCurrentUserId() {
     public static String getCurrentUserNickname() {
         return getCurrentUserPrincipal().getUserNickname();
     }
+
+    public static void logout(HttpSession session) {
+        if (session != null) {
+            session.invalidate();
+        }
+        clearAuthentication();
+    }
+
+    private static void clearAuthentication() {
+        SecurityContextHolder.clearContext();
+    }
 }