source: app/Http/Middleware/CheckCreatePassword.php@ ff9da8b

<?php

namespace App\Http\Middleware;

use Closure;
use App\Models\User;
use Illuminate\Support\Carbon;

class CheckCreatePassword
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $id = $request->route("id");
        $token = $request->route("token");

        $user = User::findOrFail($id);

        if($user->is_active) {
            return redirect()->route("auth.loginShow");
        }

        if($user->verify_token != $token) {
            return redirect()->route("blog.index");
        }

        if(!$user->is_forgot_password) {
            if(Carbon::now()->greaterThan($user->created_at->addMinutes(10))) {
                return redirect()->route("auth.loginShow");
            }
        }

        return $next($request);
    }
}