UMC-8th-Hackathon · Baguette-bbang · Jul 6, 2025 · Jul 5, 2025 · Jul 5, 2025 · Jul 5, 2025
diff --git a/src/main/java/com/umc/auth/controller/AuthController.java b/src/main/java/com/umc/auth/controller/AuthController.java
@@ -37,6 +37,15 @@ public class AuthController {
     })
     @PostMapping("/login")
     public ResponseEntity<ApiResponse<TokenResponse>> login(@Valid @RequestBody LoginRequest request) {
+
+        if (request.nickname() == null || request.nickname().trim().isEmpty()) {
+            throw new BusinessException(ErrorCode.LOGIN_NICKNAME_EMPTY);
+        }
+
+        if (request.password() == null || request.password().trim().isEmpty()) {
+            throw new BusinessException(ErrorCode.LOGIN_PASSWORD_EMPTY);
+        }
+
         User user = userRepository.findByNickname(request.nickname())
                 .orElseGet(() -> {
                     // 없으면 자동 회원가입

diff --git a/src/main/java/com/umc/auth/dto/LoginRequest.java b/src/main/java/com/umc/auth/dto/LoginRequest.java
@@ -3,4 +3,4 @@
 import jakarta.validation.constraints.NotBlank;
 
 // 요청 DTO
-public record LoginRequest(@NotBlank String nickname, @NotBlank String password) {}
+public record LoginRequest(String nickname, String password) {}
diff --git a/src/main/java/com/umc/auth/util/JwtUtil.java b/src/main/java/com/umc/auth/util/JwtUtil.java
@@ -3,12 +3,16 @@
 import com.umc.auth.Jwt.JwtProvider;
 import com.umc.domain.user.entity.User;
 import com.umc.domain.user.repository.UserRepository;
+import com.umc.global.exception.BusinessException;
+import com.umc.global.exception.ErrorCode;
 import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 
 @Component
 @RequiredArgsConstructor
+@Slf4j
 public class JwtUtil {
 
     private final JwtProvider jwtProvider;
@@ -35,19 +39,43 @@ public Long getUserIdFromToken(String token) {
      * 토큰에서 사용자 정보를 조회합니다.
      */
     public User getUserFromToken(String token) {
-        Long userId = getUserIdFromToken(token);
-        return userRepository.findById(userId)
-                .orElseThrow(() -> new RuntimeException("사용자를 찾을 수 없습니다: " + userId));
+        try {
+            Long userId = getUserIdFromToken(token);
+            return userRepository.findById(userId)
+                    .orElseThrow(() -> {
+                        log.warn("토큰에서 추출한 사용자 ID로 사용자를 찾을 수 없습니다: {}", userId);
+                        return new BusinessException(ErrorCode.USER_NOT_FOUND);
+                    });
+        } catch (BusinessException e) {
+            throw e; // BusinessException은 그대로 전파
+        } catch (Exception e) {
+            log.warn("토큰 파싱 중 오류 발생: {}", e.getMessage());
+            throw new BusinessException(ErrorCode.TOKEN_INVALID);
+        }
     }
 
     /**
      * Authorization 헤더에서 사용자 정보를 조회합니다.
      */
     public User getUserFromHeader(String authorizationHeader) {
+        // Authorization 헤더 존재 여부 검증
+        if (authorizationHeader == null || authorizationHeader.trim().isEmpty()) {
+            log.warn("Authorization 헤더가 없습니다.");
+            throw new BusinessException(ErrorCode.TOKEN_MISSING);
+        }
+
+        // Bearer 형식 검증
+        if (!authorizationHeader.startsWith("Bearer ")) {
+            log.warn("잘못된 Authorization 헤더 형식: {}", authorizationHeader);
+            throw new BusinessException(ErrorCode.TOKEN_MALFORMED);
+        }
+
         String token = extractTokenFromHeader(authorizationHeader);
-        if (token == null) {
-            throw new RuntimeException("유효한 토큰이 없습니다.");
+        if (token == null || token.trim().isEmpty()) {
+            log.warn("토큰 추출 실패 - Authorization: {}", authorizationHeader);
+            throw new BusinessException(ErrorCode.TOKEN_MALFORMED);
         }
+
         return getUserFromToken(token);
     }
 } 
diff --git a/src/main/java/com/umc/domain/file/controller/FileUploadController.java b/src/main/java/com/umc/domain/file/controller/FileUploadController.java