From 07fb6202a83ead25ce347a8523bd155a439b7457 Mon Sep 17 00:00:00 2001
From: Klaus <klaus@vividnext.co.kr>
Date: Mon, 23 Feb 2026 11:00:00 +0900
Subject: [PATCH] =?UTF-8?q?fix(member):=20=EB=8F=99=EC=9D=BC=20=EB=B3=B8?=
 =?UTF-8?q?=EC=9D=B8=EC=9D=B8=EC=A6=9D=20=EA=B3=84=EC=A0=95=20=EC=B0=A8?=
 =?UTF-8?q?=EB=8B=A8=EC=9D=84=20=ED=95=A8=EA=BB=98=20=EC=A0=81=EC=9A=A9?=
 =?UTF-8?q?=ED=95=9C=EB=8B=A4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 docs/20260223_회원차단동일본인인증확장.md     | 17 ++++++++
 .../sodalive/member/MemberService.kt          | 42 ++++++++++++-------
 2 files changed, 44 insertions(+), 15 deletions(-)
 create mode 100644 docs/20260223_회원차단동일본인인증확장.md

diff --git a/docs/20260223_회원차단동일본인인증확장.md b/docs/20260223_회원차단동일본인인증확장.md
new file mode 100644
index 00000000..ca2f4189
--- /dev/null
+++ b/docs/20260223_회원차단동일본인인증확장.md
@@ -0,0 +1,17 @@
+# 회원 차단 동일 본인인증 확장 구현
+
+- [x] `memberBlock` 기존 단일 유저 차단 동작 확인
+- [x] 차단 대상 유저가 본인인증(`Auth`)된 유저인지 확인
+- [x] 본인인증 유저일 경우 동일 `di`를 가진 유저 id 목록 조회
+- [x] 요청 유저(`memberId`)가 목록에 포함된 경우 제외
+- [x] 대상 유저 + 동일 본인인증 유저 전체에 대해 차단 활성화 처리
+- [x] 변경 파일 LSP 진단 및 관련 테스트 실행
+
+## 검증 기록
+
+- 무엇을: `MemberService.memberBlock`을 확장해 차단 대상 1명 + 동일 `Auth.di`를 가진 모든 계정을 일괄 차단하도록 수정했다.
+- 왜: 본인인증 기반 다중 계정 우회 차단을 방지하고, 요청된 정책(동일 본인인증 정보 보유 계정 전체 차단)을 반영하기 위함이다.
+- 어떻게 검증했는가:
+  - `lsp_diagnostics` 실행 시 `.kt` LSP 서버 미구성으로 진단 불가를 확인했다.
+  - `./gradlew test` 실행 성공.
+  - `./gradlew build -x test` 실행 성공(ktlint/check 포함).
diff --git a/src/main/kotlin/kr/co/vividnext/sodalive/member/MemberService.kt b/src/main/kotlin/kr/co/vividnext/sodalive/member/MemberService.kt
index 7ea24956..81e5d686 100644
--- a/src/main/kotlin/kr/co/vividnext/sodalive/member/MemberService.kt
+++ b/src/main/kotlin/kr/co/vividnext/sodalive/member/MemberService.kt
@@ -17,6 +17,7 @@ import kr.co.vividnext.sodalive.i18n.SodaMessageSource
 import kr.co.vividnext.sodalive.jwt.TokenProvider
 import kr.co.vividnext.sodalive.live.reservation.LiveReservationRepository
 import kr.co.vividnext.sodalive.live.room.detail.GetRoomDetailUser
+import kr.co.vividnext.sodalive.member.auth.AuthRepository
 import kr.co.vividnext.sodalive.member.block.BlockMember
 import kr.co.vividnext.sodalive.member.block.BlockMemberRepository
 import kr.co.vividnext.sodalive.member.block.GetBlockedMemberListResponse
@@ -80,6 +81,7 @@ class MemberService(
     private val stipulationAgreeRepository: StipulationAgreeRepository,
     private val creatorFollowingRepository: CreatorFollowingRepository,
     private val blockMemberRepository: BlockMemberRepository,
+    private val authRepository: AuthRepository,
     private val signOutRepository: SignOutRepository,
     private val nicknameChangeLogRepository: NicknameChangeLogRepository,
     private val memberTagRepository: MemberTagRepository,
@@ -522,25 +524,35 @@ class MemberService(
 
     @Transactional
     fun memberBlock(request: MemberBlockRequest, memberId: Long) {
-        var blockMember = blockMemberRepository.getBlockAccount(
-            blockedMemberId = request.blockMemberId,
-            memberId = memberId
-        )
+        val member = repository.findByIdOrNull(id = memberId)
+            ?: throw SodaException(messageKey = "common.error.invalid_request")
+        val blockedMember = repository.findByIdOrNull(id = request.blockMemberId)
+            ?: throw SodaException(messageKey = "common.error.invalid_request")
 
-        if (blockMember == null) {
-            val blockedMember = repository.findByIdOrNull(id = request.blockMemberId)
-                ?: throw SodaException(messageKey = "common.error.invalid_request")
+        val blockTargetMemberIds = mutableSetOf(request.blockMemberId)
+        blockedMember.auth?.di?.let { di ->
+            val verifiedMemberIds = authRepository.getMemberIdsByDi(di = di)
+            blockTargetMemberIds.addAll(verifiedMemberIds)
+        }
+        blockTargetMemberIds.remove(memberId)
 
-            val member = repository.findByIdOrNull(id = memberId)
-                ?: throw SodaException(messageKey = "common.error.invalid_request")
+        blockTargetMemberIds.forEach { targetMemberId ->
+            val targetMember = repository.findByIdOrNull(id = targetMemberId) ?: return@forEach
 
-            blockMember = BlockMember()
-            blockMember.member = member
-            blockMember.blockedMember = blockedMember
+            var blockMember = blockMemberRepository.getBlockAccount(
+                blockedMemberId = targetMemberId,
+                memberId = memberId
+            )
 
-            blockMemberRepository.save(blockMember)
-        } else {
-            blockMember.isActive = true
+            if (blockMember == null) {
+                blockMember = BlockMember()
+                blockMember.member = member
+                blockMember.blockedMember = targetMember
+
+                blockMemberRepository.save(blockMember)
+            } else {
+                blockMember.isActive = true
+            }
         }
     }