From aecf499ea57287bf2f55060e983eaadc2d117295 Mon Sep 17 00:00:00 2001
From: pricelees <priceelees@gmail.com>
Date: Sun, 14 Sep 2025 22:40:55 +0900
Subject: [PATCH] =?UTF-8?q?refactor:=20UserInterceptor=EC=97=90=20?=
 =?UTF-8?q?=EA=B4=80=EB=A6=AC=EC=9E=90=20=ED=86=A0=ED=81=B0=20=EA=B2=80?=
 =?UTF-8?q?=EC=A6=9D=20=EB=A1=9C=EC=A7=81=20=EC=B6=94=EA=B0=80?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../support/interceptors/UserInterceptor.kt   | 23 +++++++++++++++----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt b/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt
index 8c9ebc81..ce02d644 100644
--- a/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt
+++ b/src/main/kotlin/roomescape/auth/web/support/interceptors/UserInterceptor.kt
@@ -8,6 +8,7 @@ import org.slf4j.MDC
 import org.springframework.stereotype.Component
 import org.springframework.web.method.HandlerMethod
 import org.springframework.web.servlet.HandlerInterceptor
+import roomescape.auth.business.CLAIM_ADMIN_TYPE_KEY
 import roomescape.auth.exception.AuthErrorCode
 import roomescape.auth.exception.AuthException
 import roomescape.auth.infrastructure.jwt.JwtUtils
@@ -33,14 +34,26 @@ class UserInterceptor(
         val token: String? = request.accessToken()
 
         try {
-            jwtUtils.extractSubject(token).also {
-                MDC.put(MDC_PRINCIPAL_ID_KEY, it)
-                log.info { "[UserInterceptor] 인증 완료. userId=$it" }
+            val id: String = jwtUtils.extractSubject(token).also { MDC.put(MDC_PRINCIPAL_ID_KEY, it) }
+
+            /**
+             * CLAIM_ADMIN_TYPE_KEY 가 존재하면 관리자 토큰임
+             */
+            jwtUtils.extractClaim(token, key = CLAIM_ADMIN_TYPE_KEY)?.also {
+                log.warn { "[UserInterceptor] 관리자 토큰으로 접근 시도. userId=$id, adminType=$it" }
+                throw AuthException(AuthErrorCode.ACCESS_DENIED)
             }
+
+            log.info { "[UserInterceptor] 인증 완료. userId=$id" }
             return true
         } catch (e: Exception) {
-            log.warn { "[UserInterceptor] 예상치 못한 예외: message=${e.message}" }
-            throw AuthException(AuthErrorCode.TEMPORARY_AUTH_ERROR)
+            when (e) {
+                is AuthException -> { throw e }
+                else -> {
+                    log.warn { "[UserInterceptor] 예상치 못한 예외: message=${e.message}" }
+                    throw AuthException(AuthErrorCode.TEMPORARY_AUTH_ERROR)
+                }
+            }
         }
     }
 }