add is_deactivated

Backend/src/services/auth.service.ts

@@ -37,6 +37,12 @@ export class AuthService {
             throw new UnauthorizedError('Invalid email or password');
         }
 
+        // Check if account is deactivated
+        if (user.is_deactivated) {
+            logger.warn('Login attempt with deactivated account', { email, userId: user.id });
+            throw new ForbiddenError('This account has been deactivated');
+        }
+
         // Verify password
         const isPasswordValid = await bcrypt.compare(password, user.password);
         if (!isPasswordValid) {