From ef70633aa5b0faf33f01b3fd92592d6d8cc5f011 Mon Sep 17 00:00:00 2001
From: Daniel Nitsikopoulos <daniel@dnitza.com>
Date: Sat, 18 Nov 2023 18:34:08 +1100
Subject: [PATCH] Expire login links

---
 slices/admin/commands/sessions/validate.rb | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/slices/admin/commands/sessions/validate.rb b/slices/admin/commands/sessions/validate.rb
index a33a6bd..8d5abf6 100644
--- a/slices/admin/commands/sessions/validate.rb
+++ b/slices/admin/commands/sessions/validate.rb
@@ -5,9 +5,16 @@ module Admin
         include Deps["repos.login_tokens_repo"]
 
         def call(token:)
-          user_id = login_tokens_repo.by_token(token: token).user_id
-          if user_id
+          token = login_tokens_repo.by_token(token: token)
+
+          if (Time.now - token.created_at) > 15
             login_tokens_repo.delete_all
+            return nil
+          end
+
+          user_id = token.user_id
+
+          if user_id
             user_id
           end
         end