From 6cfbedd9fd06e6b0a90f10741ea8e01588923431 Mon Sep 17 00:00:00 2001
From: Daniel Supernault <danielsupernault@gmail.com>
Date: Tue, 17 Jan 2023 01:47:28 -0700
Subject: [PATCH] Update ApiV1DotController, fix inAppRegistrationConfirm logic

---
 app/Http/Controllers/Api/ApiV1Dot1Controller.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Http/Controllers/Api/ApiV1Dot1Controller.php b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
index 053f31fa0..b46fd38cd 100644
--- a/app/Http/Controllers/Api/ApiV1Dot1Controller.php
+++ b/app/Http/Controllers/Api/ApiV1Dot1Controller.php
@@ -547,13 +547,16 @@ class ApiV1Dot1Controller extends Controller
             return response()->json(['error' => 'Invalid tokens'], 403);
         }
 
+        if($verify->created_at->lt(now()->subHours(24))) {
+            $verify->delete();
+            return response()->json(['error' => 'Invalid tokens'], 403);
+        }
+
         $user = User::findOrFail($verify->user_id);
         $user->email_verified_at = now();
         $user->last_active_at = now();
         $user->save();
 
-        $verify->delete();
-
         $token = $user->createToken('Pixelfed');
 
         return response()->json([