feat(auth): complete registration anti-spam and quota hardening

app/Http/Controllers/Auth/RegistrationVerificationController.php

@@ -4,30 +4,28 @@ namespace App\Http\Controllers\Auth;
 
 use App\Http\Controllers\Controller;
 use App\Models\User;
+use App\Services\Auth\RegistrationVerificationTokenService;
 use Illuminate\Http\RedirectResponse;
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\DB;
 
 class RegistrationVerificationController extends Controller
 {
+    public function __construct(
+        private readonly RegistrationVerificationTokenService $tokenService
+    )
+    {
+    }
+
     public function __invoke(string $token): RedirectResponse
     {
-        $record = DB::table('user_verification_tokens')
-            ->where('token', $token)
-            ->first();
+        $record = $this->tokenService->findValidRecord($token);
 
         if (! $record) {
             return redirect(route('login', absolute: false))
                 ->withErrors(['email' => 'Verification link is invalid.']);
         }
 
-        if (now()->greaterThan($record->expires_at)) {
-            DB::table('user_verification_tokens')->where('id', $record->id)->delete();
-
-            return redirect(route('login', absolute: false))
-                ->withErrors(['email' => 'Verification link has expired.']);
-        }
-
         $user = User::query()->find((int) $record->user_id);
         if (! $user) {
             DB::table('user_verification_tokens')->where('id', $record->id)->delete();