Add JSON response handling for form activity check

Refactor `FormActiveController` to return JSON responses using `BooleanResponse`. Introduce exception handling for JSON processing errors and update `FormActiveData` to allow object initialization without parameters.

.idea/workspace.xml

@@ -4,8 +4,11 @@
     <option name="autoReloadType" value="SELECTIVE" />
   </component>
   <component name="ChangeListManager">
-    <list default="true" id="ce59df2a-8d56-446a-867b-80e627daf479" name="Changes" comment="Refactor form submission to use dynamic Discord URLs and emails&#10;&#10;Updated form classes to return Optional URLs for Discord bot submissions. Refactored VerifyController to handle these Optionals and improved error handling when sending forms. Added receiver email method in form classes for more flexible form submissions.">
-      <change beforePath="$PROJECT_DIR$/.idea/workspace.xml" beforeDir="false" afterPath="$PROJECT_DIR$/.idea/workspace.xml" afterDir="false" />
+    <list default="true" id="ce59df2a-8d56-446a-867b-80e627daf479" name="Changes" comment="Ensure NOT NULL constraints in SQL tables&#10;&#10;Refactor SQL table creation scripts to add NOT NULL constraints where necessary. This change ensures data integrity by preventing null values in critical columns across the 'verify_form', 'form', 'rate_limit', and 'form_active' tables.">
+      <change afterPath="$PROJECT_DIR$/src/main/java/com/alttd/forms/controlers/form_active/BooleanResponse.java" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/src/main/java/com/alttd/forms/controlers/form_active/FormActiveController.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/alttd/forms/controlers/form_active/FormActiveController.java" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/src/main/java/com/alttd/forms/controlers/form_active/FormActiveData.java" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/java/com/alttd/forms/controlers/form_active/FormActiveData.java" afterDir="false" />
+      <change beforePath="$PROJECT_DIR$/src/main/resources/application.properties" beforeDir="false" afterPath="$PROJECT_DIR$/src/main/resources/application.properties" afterDir="false" />
     </list>
     <option name="SHOW_DIALOG" value="false" />
     <option name="HIGHLIGHT_CONFLICTS" value="true" />
@@ -49,10 +52,16 @@
         <option value="package-info" />
         <option value="package.json" />
         <option value="Class" />
+        <option value="Record" />
       </list>
     </option>
   </component>
   <component name="Git.Settings">
+    <option name="RECENT_BRANCH_BY_REPOSITORY">
+      <map>
+        <entry key="$PROJECT_DIR$" value="master" />
+      </map>
+    </option>
     <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
   </component>
   <component name="GitHubPullRequestSearchHistory">{
@@ -95,48 +104,56 @@
     <option name="hideEmptyMiddlePackages" value="true" />
     <option name="showLibraryContents" value="true" />
   </component>
-  <component name="PropertiesComponent">{
-  &quot;keyToString&quot;: {
-    &quot;Gradle.Build forms.executor&quot;: &quot;Run&quot;,
-    &quot;Gradle.TestForm.executor&quot;: &quot;Run&quot;,
-    &quot;Gradle.TestForm.testFunctions.executor&quot;: &quot;Debug&quot;,
-    &quot;Gradle.TestForm.testRetrieveForm.executor&quot;: &quot;Run&quot;,
-    &quot;RequestMappingsPanelOrder0&quot;: &quot;0&quot;,
-    &quot;RequestMappingsPanelOrder1&quot;: &quot;1&quot;,
-    &quot;RequestMappingsPanelWidth0&quot;: &quot;75&quot;,
-    &quot;RequestMappingsPanelWidth1&quot;: &quot;75&quot;,
-    &quot;RunOnceActivity.OpenProjectViewOnStart&quot;: &quot;true&quot;,
-    &quot;RunOnceActivity.ShowReadmeOnStart&quot;: &quot;true&quot;,
-    &quot;SHARE_PROJECT_CONFIGURATION_FILES&quot;: &quot;true&quot;,
-    &quot;Spring Boot.Main.executor&quot;: &quot;Run&quot;,
-    &quot;Tomcat Server.Tomcat 10.1.17.executor&quot;: &quot;Run&quot;,
-    &quot;git-widget-placeholder&quot;: &quot;master&quot;,
-    &quot;ignore.virus.scanning.warn.message&quot;: &quot;true&quot;,
-    &quot;kotlin-language-version-configured&quot;: &quot;true&quot;,
-    &quot;last_opened_file_path&quot;: &quot;P:/Code/Plugins/forms&quot;,
-    &quot;node.js.detected.package.eslint&quot;: &quot;true&quot;,
-    &quot;node.js.detected.package.tslint&quot;: &quot;true&quot;,
-    &quot;node.js.selected.package.eslint&quot;: &quot;(autodetect)&quot;,
-    &quot;node.js.selected.package.tslint&quot;: &quot;(autodetect)&quot;,
-    &quot;nodejs_package_manager_path&quot;: &quot;npm&quot;,
-    &quot;project.structure.last.edited&quot;: &quot;Project&quot;,
-    &quot;project.structure.proportion&quot;: &quot;0.0&quot;,
-    &quot;project.structure.side.proportion&quot;: &quot;0.0&quot;,
-    &quot;run.code.analysis.last.selected.profile&quot;: &quot;pProject Default&quot;,
-    &quot;settings.editor.selected.configurable&quot;: &quot;preferences.lookFeel&quot;,
-    &quot;vue.rearranger.settings.migration&quot;: &quot;true&quot;
+  <component name="PropertiesComponent"><![CDATA[{
+  "keyToString": {
+    "Downloaded.Files.Path.Enabled": "false",
+    "Gradle.Build forms.executor": "Run",
+    "Gradle.TestForm.executor": "Run",
+    "Gradle.TestForm.testFunctions.executor": "Debug",
+    "Gradle.TestForm.testRetrieveForm.executor": "Run",
+    "Repository.Attach.Annotations": "false",
+    "Repository.Attach.JavaDocs": "false",
+    "Repository.Attach.Sources": "false",
+    "RequestMappingsPanelOrder0": "0",
+    "RequestMappingsPanelOrder1": "1",
+    "RequestMappingsPanelWidth0": "75",
+    "RequestMappingsPanelWidth1": "75",
+    "RunOnceActivity.OpenProjectViewOnStart": "true",
+    "RunOnceActivity.ShowReadmeOnStart": "true",
+    "SHARE_PROJECT_CONFIGURATION_FILES": "true",
+    "Spring Boot.Main.executor": "Run",
+    "Tomcat Server.Tomcat 10.1.17.executor": "Run",
+    "git-widget-placeholder": "rate__limit",
+    "ignore.virus.scanning.warn.message": "true",
+    "kotlin-language-version-configured": "true",
+    "last_opened_file_path": "P:/Code/Plugins/forms",
+    "node.js.detected.package.eslint": "true",
+    "node.js.detected.package.tslint": "true",
+    "node.js.selected.package.eslint": "(autodetect)",
+    "node.js.selected.package.tslint": "(autodetect)",
+    "nodejs_package_manager_path": "npm",
+    "project.structure.last.edited": "Project",
+    "project.structure.proportion": "0.0",
+    "project.structure.side.proportion": "0.0",
+    "run.code.analysis.last.selected.profile": "pProject Default",
+    "settings.editor.selected.configurable": "preferences.lookFeel",
+    "vue.rearranger.settings.migration": "true"
   },
-  &quot;keyToStringList&quot;: {
-    &quot;DatabaseDriversLRU&quot;: [
-      &quot;mysql&quot;,
-      &quot;mariadb&quot;
+  "keyToStringList": {
+    "DatabaseDriversLRU": [
+      "mysql",
+      "mariadb"
     ]
   }
-}</component>
+}]]></component>
   <component name="RecentsManager">
     <key name="CreateClassDialog.RecentsKey">
       <recent name="com.alttd.forms.apply" />
     </key>
+    <key name="CopyClassDialog.RECENTS_KEY">
+      <recent name="com.alttd.forms.controlers.form_active" />
+      <recent name="com.alttd.forms.form" />
+    </key>
   </component>
   <component name="RunManager" selected="Spring Boot.Main">
     <configuration name="TestForm" type="GradleRunConfiguration" factoryName="Gradle" temporary="true">
@@ -364,7 +381,10 @@
       <workItem from="1722801254695" duration="6135000" />
       <workItem from="1722879625782" duration="358000" />
       <workItem from="1722973564053" duration="6695000" />
-      <workItem from="1723057624940" duration="36000" />
+      <workItem from="1723057624940" duration="2895000" />
+      <workItem from="1723138548381" duration="1949000" />
+      <workItem from="1723230192640" duration="55000" />
+      <workItem from="1723242314809" duration="9799000" />
     </task>
     <task id="LOCAL-00001" summary="Initial commit for site for forms">
       <option name="closed" value="true" />
@@ -558,7 +578,79 @@
       <option name="project" value="LOCAL" />
       <updated>1722983786557</updated>
     </task>
-    <option name="localTasksCounter" value="25" />
+    <task id="LOCAL-00025" summary="Refactor packages and add exception handler.&#10;&#10;Renamed various classes to follow the &quot;controlers&quot; package structure for better organization and consistency. Added `ControllerExceptionHandler` to manage validation exceptions globally and improve error logging.">
+      <option name="closed" value="true" />
+      <created>1723059243750</created>
+      <option name="number" value="00025" />
+      <option name="presentableId" value="LOCAL-00025" />
+      <option name="project" value="LOCAL" />
+      <updated>1723059243750</updated>
+    </task>
+    <task id="LOCAL-00026" summary="Correct regex pattern for case-insensitive match&#10;&#10;Updated the regex pattern in `StaffAppFormData.java` to ensure that the &quot;yes&quot; or &quot;no&quot; answers are case-insensitive. This improves the form validation to accept &quot;Yes&quot;, &quot;YES&quot;, &quot;No&quot;, or &quot;NO&quot; without errors.">
+      <option name="closed" value="true" />
+      <created>1723059265558</created>
+      <option name="number" value="00026" />
+      <option name="presentableId" value="LOCAL-00026" />
+      <option name="project" value="LOCAL" />
+      <updated>1723059265558</updated>
+    </task>
+    <task id="LOCAL-00027" summary="Remove restriction on dot character in Discord name validation&#10;&#10;This change allows Discord names to include dots anywhere within the name, increasing flexibility for valid usernames. The previous regex pattern incorrectly restricted dots, affecting valid user entries.">
+      <option name="closed" value="true" />
+      <created>1723242929470</created>
+      <option name="number" value="00027" />
+      <option name="presentableId" value="LOCAL-00027" />
+      <option name="project" value="LOCAL" />
+      <updated>1723242929470</updated>
+    </task>
+    <task id="LOCAL-00028" summary="Add StaffAppFormData handling in FormQuery&#10;&#10;Imported StaffAppFormData and updated deserialization logic to include it as a case in the FormQuery class. This allows the processing of staff application forms when parsing form data from JSON.">
+      <option name="closed" value="true" />
+      <created>1723242942749</created>
+      <option name="number" value="00028" />
+      <option name="presentableId" value="LOCAL-00028" />
+      <option name="project" value="LOCAL" />
+      <updated>1723242942749</updated>
+    </task>
+    <task id="LOCAL-00029" summary="workspace.xml update">
+      <option name="closed" value="true" />
+      <created>1723242960642</created>
+      <option name="number" value="00029" />
+      <option name="presentableId" value="LOCAL-00029" />
+      <option name="project" value="LOCAL" />
+      <updated>1723242960642</updated>
+    </task>
+    <task id="LOCAL-00030" summary="Add rate limiting functionality&#10;&#10;Introduces a new 'rate_limit' table to track request counts by IP and email. Adds `RateLimitQuery` class for querying and inserting rate limits, and `RateLimitEntryDTO` for passing rate limit data.">
+      <option name="closed" value="true" />
+      <created>1723243853994</created>
+      <option name="number" value="00030" />
+      <option name="presentableId" value="LOCAL-00030" />
+      <option name="project" value="LOCAL" />
+      <updated>1723243853994</updated>
+    </task>
+    <task id="LOCAL-00031" summary="Refactor form request handling and add rate limiting.&#10;&#10;Consolidate email verification logic into FormRequestHandler to simplify code maintenance. Implement a new rate limiting feature to restrict form submissions based on IP and email address, improving server security and performance.">
+      <option name="closed" value="true" />
+      <created>1723247556185</created>
+      <option name="number" value="00031" />
+      <option name="presentableId" value="LOCAL-00031" />
+      <option name="project" value="LOCAL" />
+      <updated>1723247556185</updated>
+    </task>
+    <task id="LOCAL-00032" summary="Add form activity checking and global rate limiting&#10;&#10;Implemented new features to track form activity and enforce global rate limits. Added a `form_active` table and created endpoints to check form activity. Also, introduced a rate-limiting filter to restrict API requests to 30 per minute per IP.">
+      <option name="closed" value="true" />
+      <created>1723249700073</created>
+      <option name="number" value="00032" />
+      <option name="presentableId" value="LOCAL-00032" />
+      <option name="project" value="LOCAL" />
+      <updated>1723249700073</updated>
+    </task>
+    <task id="LOCAL-00033" summary="Ensure NOT NULL constraints in SQL tables&#10;&#10;Refactor SQL table creation scripts to add NOT NULL constraints where necessary. This change ensures data integrity by preventing null values in critical columns across the 'verify_form', 'form', 'rate_limit', and 'form_active' tables.">
+      <option name="closed" value="true" />
+      <created>1723249968746</created>
+      <option name="number" value="00033" />
+      <option name="presentableId" value="LOCAL-00033" />
+      <option name="project" value="LOCAL" />
+      <updated>1723249968746</updated>
+    </task>
+    <option name="localTasksCounter" value="34" />
     <servers />
   </component>
   <component name="TypeScriptGeneratedFilesManager">
@@ -576,17 +668,6 @@
     </option>
   </component>
   <component name="VcsManagerConfiguration">
-    <MESSAGE value="Initial commit for site for forms" />
-    <MESSAGE value="Refactor code to use Form objects instead of JSON strings&#10;&#10;Several parts of the code have been altered to use Form objects instead of JSON strings. Changes include updating the FormQueryResult record type to hold an Optional&lt;Form&gt; instead of an Optional&lt;String&gt;, altering methods in the StoreFormQuery class to insert Form data into the database and replacing JSON handling methods in the FormQuery class with Form object oriented methods. A 'form_class' field has also been added to the 'form' table in the database to aid form identification and reconstruction from stored data." />
-    <MESSAGE value="Add TestForm class and set up related unit tests&#10;&#10;The changes add a new TestForm class to implement unit tests for form handling in the application. The included tests verify the storing, retrieving, and verification of forms from a database, as well as form object creation and confirmation of form data. This is a step towards improving the code's reliability and making it easier to catch potential bugs or issues." />
-    <MESSAGE value="Remove unnecessary Gson imports in ContactFormData&#10;&#10;The Gson and GsonBuilder imports in the ContactFormData class were unused and have been removed. This cleanup simplifies the code and reduces unnecessary dependencies.&#10;" />
-    <MESSAGE value="Mark fields as final in VerificationData and ContactFormData&#10;&#10;The 'code', 'eMail' fields in the VerificationData class and 'username', 'email', 'question' fields in the ContactFormData class are now marked as 'final'. At the same time, some unused imports from ContactController, ContactFormData, FormQuery, and VerifyController have been removed for code cleanliness." />
-    <MESSAGE value="Update Form HTML output and disable validation auto-configuration&#10;&#10;The form-to-HTML output process has been switched from a `&lt;div&gt;` approach to using a `StringBuilder` with a table structure in `ContactFormData.java`. Also, the spring validation auto-configuration has been disabled by adding `exclude = ValidationAutoConfiguration.class` in the `@SpringBootApplication` annotation of `Main.java`. Some changes in `.idea/workspace.xml` and `VerifyController.java` were made as well." />
-    <MESSAGE value="Add database configuration via command-line arguments&#10;&#10;A new configuration setup now allows specifying a path for database properties via command-line arguments during application startup. This update also changes the call signature for `DatabaseConnection.initialize()` method to accept a path argument. Similarly, methods in `PropertiesLoader`, `PropertiesWriter`, and `MailSettings` classes were also updated to use the specified path when working with properties files. The `TestForm` class's tests were updated accordingly to handle these changes." />
-    <MESSAGE value="Add DB config via command-line arguments&#10;&#10;A new setup allows specifying database properties path using command-line arguments during startup. The `DatabaseConnection.initialize()` method signature has been updated to accept a path argument. Methods in `PropertiesLoader`, `PropertiesWriter`, and `MailSettings` classes, along with tests in the `TestForm` class, were adjusted accordingly." />
-    <MESSAGE value="Add Jenkins pipeline for Gradle build and notifications&#10;&#10;This commit introduces a new Jenkinsfile configured to build the project using Gradle and archive the resulting artifacts. Additionally, it includes a stage to send build notifications to Discord with details about the build status." />
-    <MESSAGE value="Disable database tests in Jenkins&#10;&#10;Disabled tests that require a database connection to prevent failures in Jenkins where there isn't a database. Updated Jenkinsfile to include a property that skips these tests during the build process." />
-    <MESSAGE value="Fix typo in Gradle build command in Jenkinsfile&#10;&#10;Corrected the parameter for skipping database tests from `dontRunDatabaseTests` to `doNotRunDatabaseTests` in the Gradle build step. This ensures the intended tests are skipped during the build process." />
     <MESSAGE value="Configure system property for conditional test execution&#10;&#10;Added a system property 'doNotRunDatabaseTests' in the test configuration to allow conditional skipping of database tests. This helps in running tests selectively during different build scenarios." />
     <MESSAGE value="Add CORS support for production server&#10;&#10;Updated the CORS configuration to include the production server URL. This change ensures that requests from the production environment are properly handled." />
     <MESSAGE value="Refactor logging for better granularity&#10;&#10;Updated logging levels in multiple classes to differentiate between debug and trace information. Improved log messages to support parameterized logs, ensuring sensitive or variable information is handled appropriately without concatenation." />
@@ -601,6 +682,17 @@
     <MESSAGE value="Update Jackson config and refactor JSON handling&#10;&#10;Introduced Jackson dependencies to replace Gson for JSON processing. Updated application properties and controllers to handle Jackson-specific exceptions. Refactored form serialization to use Jackson's `ObjectMapper` for better date handling and consistency." />
     <MESSAGE value="Add getDiscordBotUrl method to form classes&#10;&#10;Implemented getDiscordBotUrl in form classes for dynamic URL handling. Updated VerifyController to use this method for constructing Discord bot URIs. This enhances flexibility and maintainability in form submission handling." />
     <MESSAGE value="Refactor form submission to use dynamic Discord URLs and emails&#10;&#10;Updated form classes to return Optional URLs for Discord bot submissions. Refactored VerifyController to handle these Optionals and improved error handling when sending forms. Added receiver email method in form classes for more flexible form submissions." />
-    <option name="LAST_COMMIT_MESSAGE" value="Refactor form submission to use dynamic Discord URLs and emails&#10;&#10;Updated form classes to return Optional URLs for Discord bot submissions. Refactored VerifyController to handle these Optionals and improved error handling when sending forms. Added receiver email method in form classes for more flexible form submissions." />
+    <MESSAGE value="Add validation exception handling to StaffAppController&#10;&#10;Introduced an `ExceptionHandler` for `MethodArgumentNotValidException` in `StaffAppController` to return detailed validation error messages. Updated the regex pattern in `StaffAppFormData` to be case-insensitive. This enhances error reporting and user input validation in the application." />
+    <MESSAGE value="Refactor packages and add exception handler.&#10;&#10;Renamed various classes to follow the &quot;controlers&quot; package structure for better organization and consistency. Added `ControllerExceptionHandler` to manage validation exceptions globally and improve error logging." />
+    <MESSAGE value="Correct regex pattern for case-insensitive match&#10;&#10;Updated the regex pattern in `StaffAppFormData.java` to ensure that the &quot;yes&quot; or &quot;no&quot; answers are case-insensitive. This improves the form validation to accept &quot;Yes&quot;, &quot;YES&quot;, &quot;No&quot;, or &quot;NO&quot; without errors." />
+    <MESSAGE value="Remove restriction on dot character in Discord name validation&#10;&#10;This change allows Discord names to include dots anywhere within the name, increasing flexibility for valid usernames. The previous regex pattern incorrectly restricted dots, affecting valid user entries." />
+    <MESSAGE value="Add StaffAppFormData handling in FormQuery&#10;&#10;Imported StaffAppFormData and updated deserialization logic to include it as a case in the FormQuery class. This allows the processing of staff application forms when parsing form data from JSON." />
+    <MESSAGE value="workspace.xml update" />
+    <MESSAGE value="Add rate limiting functionality&#10;&#10;Introduces a new 'rate_limit' table to track request counts by IP and email. Adds `RateLimitQuery` class for querying and inserting rate limits, and `RateLimitEntryDTO` for passing rate limit data." />
+    <MESSAGE value="Add IP rate limiting for form submissions&#10;&#10;Added IP rate limiting to prevent abuse in form submissions by tracking IP and email address attempts. Updated the form submission methods to include IP in email verification and added detailed HTML email content." />
+    <MESSAGE value="Refactor form request handling and add rate limiting.&#10;&#10;Consolidate email verification logic into FormRequestHandler to simplify code maintenance. Implement a new rate limiting feature to restrict form submissions based on IP and email address, improving server security and performance." />
+    <MESSAGE value="Add form activity checking and global rate limiting&#10;&#10;Implemented new features to track form activity and enforce global rate limits. Added a `form_active` table and created endpoints to check form activity. Also, introduced a rate-limiting filter to restrict API requests to 30 per minute per IP." />
+    <MESSAGE value="Ensure NOT NULL constraints in SQL tables&#10;&#10;Refactor SQL table creation scripts to add NOT NULL constraints where necessary. This change ensures data integrity by preventing null values in critical columns across the 'verify_form', 'form', 'rate_limit', and 'form_active' tables." />
+    <option name="LAST_COMMIT_MESSAGE" value="Ensure NOT NULL constraints in SQL tables&#10;&#10;Refactor SQL table creation scripts to add NOT NULL constraints where necessary. This change ensures data integrity by preventing null values in critical columns across the 'verify_form', 'form', 'rate_limit', and 'form_active' tables." />
   </component>
 </project>

src/main/java/com/alttd/forms/Main.java

@@ -1,6 +1,7 @@
 package com.alttd.forms;
 
 import com.alttd.forms.database.DatabaseConnection;
+import com.alttd.forms.mail.rate_limitter.FormRateLimit;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.validation.ValidationAutoConfiguration;
@@ -16,6 +17,7 @@ public class Main {
         path = args[0];
         SpringApplication.run(Main.class, args);
         DatabaseConnection.initialize(args[0]);
+        FormRateLimit.initialize(args[0]);
     }
 
     public static String getConfigPath() {

src/main/java/com/alttd/forms/controlers/FormRequestHandler.java

@@ -0,0 +1,41 @@
+package com.alttd.forms.controlers;
+
+import com.alttd.forms.form.Form;
+import com.alttd.forms.form.StoreFormQuery;
+import com.alttd.forms.mail.verification.VerificationResult;
+import com.alttd.forms.mail.verification.Verify;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import java.util.concurrent.CompletableFuture;
+
+public class FormRequestHandler {
+
+    private static final Logger logger = LoggerFactory.getLogger(FormRequestHandler.class);
+
+    public static CompletableFuture<ResponseEntity<String>> handleRequestWithVerifyMail(Form form, String ip) {
+        CompletableFuture<Integer> storeFormForVerificationCode = new StoreFormQuery().storeFormForVerificationCode(form.getSender(), form);
+        return storeFormForVerificationCode.thenCompose(code -> Verify.verifyEmail(ip, form.getSender(), code, form).thenApply(verificationResult -> {
+            if (verificationResult == VerificationResult.VERIFICATION_SENT) {
+                //TODO if this is ok tell the user they have x min to verify if they fail to do so they have to remake the form
+                logger.trace("Staff application form stored and requested verification from user");
+                return ResponseEntity.ok("User Data received and email verification sent.");
+            } else if (verificationResult == VerificationResult.RATE_LIMIT_EXCEEDED) {
+                logger.trace("User hit the rate limit email: {} ip: {}", form.getSender(), ip);
+                return ResponseEntity.status(HttpStatus.TOO_MANY_REQUESTS).body("You have sent too many forms today, " +
+                                                                                "please wait up to an hour before trying again. " +
+                                                                                "You can resubmit your form by hitting submit again later. " +
+                                                                                "Continued use of the form will extent the time you have to wait.");
+            } else {
+                logger.trace("Failed to send verification email {}", verificationResult.name());
+                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+                        .body("Failed to send verification email. Reason: " + verificationResult.name());
+            }
+        })).exceptionally(throwable -> {
+            logger.error("Failed to store form", throwable);
+            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to store your form");
+        });
+    }
+}

src/main/java/com/alttd/forms/controlers/apply/StaffAppController.java

@@ -1,12 +1,10 @@
 package com.alttd.forms.controlers.apply;
 
-import com.alttd.forms.form.StoreFormQuery;
-import com.alttd.forms.mail.verification.VerificationResult;
-import com.alttd.forms.mail.verification.Verify;
+import com.alttd.forms.controlers.FormRequestHandler;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
@@ -19,24 +17,10 @@ public class StaffAppController {
     private static final Logger logger = LoggerFactory.getLogger(StaffAppController.class);
 
     @PostMapping("/staffApplication")
-    public CompletableFuture<ResponseEntity<String>> submitForm(@Valid @RequestBody StaffAppFormData formData) {
+    public CompletableFuture<ResponseEntity<String>> submitForm(@Valid @RequestBody StaffAppFormData formData, HttpServletRequest request) {
         logger.debug("submitForm");
         logger.trace(formData.toString());
 
-        CompletableFuture<Integer> storeFormForVerificationCode = new StoreFormQuery().storeFormForVerificationCode(formData.email, formData);
-        return storeFormForVerificationCode.thenCompose(code -> Verify.verifyEmail(formData.email, code).thenApply(verificationResult -> {
-            if (verificationResult == VerificationResult.VERIFICATION_SENT) {
-                //TODO if this is ok tell the user they have x min to verify if they fail to do so they have to remake the form
-                logger.trace("Staff application form stored and requested verification from user");
-                return ResponseEntity.ok("User Data received and email verification sent.");
-            } else {
-                logger.trace("Failed to send verification email");
-                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
-                        .body("Failed to send verification email. Reason: " + verificationResult.name());
-            }
-        })).exceptionally(throwable -> {
-            logger.error("Failed to store form", throwable);
-            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to store your form");
-        });
+        return FormRequestHandler.handleRequestWithVerifyMail(formData, request.getRemoteAddr());
     }
 }

src/main/java/com/alttd/forms/controlers/apply/StaffAppFormData.java

@@ -40,7 +40,7 @@ public class StaffAppFormData extends Form {
 
     @NotEmpty(message = "Discord name is required")
     @Length(min = 2, max = 32, message = "Discord name should be between 2 and 32 characters")
-    @Pattern(regexp = "^(?!.*\\..)([a-z0-9._]{2,32})$", message = "Please enter a valid Discord name")
+    @Pattern(regexp = "^([a-z0-9._]{2,32})$", message = "Please enter a valid Discord name")
     public final String discord;
 
     @NotEmpty(message = "An answer is required")
@@ -119,6 +119,11 @@ public class StaffAppFormData extends Form {
         return "apply@alttd.com";
     }
 
+    @Override
+    public String getSender() {
+        return email;
+    }
+
     @Override
     public String toHtml() {
         String[] fields = {"Username", "Email", "Discord", "PC requirements", "Age", "Pronoun", "Join date", "Avg time", "Available days", "Available time", "Staff experience", "Plugin experience", "Why staff", "Expectations mod", "Other"};

src/main/java/com/alttd/forms/controlers/contact/ContactController.java

@@ -1,11 +1,9 @@
 package com.alttd.forms.controlers.contact;
-import com.alttd.forms.form.StoreFormQuery;
-import com.alttd.forms.mail.verification.VerificationResult;
-import com.alttd.forms.mail.verification.Verify;
+import com.alttd.forms.controlers.FormRequestHandler;
+import jakarta.servlet.http.HttpServletRequest;
 import jakarta.validation.Valid;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
 
@@ -18,25 +16,11 @@ public class ContactController {
     private static final Logger logger = LoggerFactory.getLogger(ContactController.class);
 
     @PostMapping("/submitContactForm")
-    public CompletableFuture<ResponseEntity<String>> submitForm(@Valid @RequestBody ContactFormData formData) {
+    public CompletableFuture<ResponseEntity<String>> submitForm(@Valid @RequestBody ContactFormData formData, HttpServletRequest request) {
         logger.debug("submitForm");
         logger.trace(formData.toString());
 
-        CompletableFuture<Integer> storeFormForVerificationCode = new StoreFormQuery().storeFormForVerificationCode(formData.email, formData);
-        return storeFormForVerificationCode.thenCompose(code -> Verify.verifyEmail(formData.email, code).thenApply(verificationResult -> {
-            if (verificationResult == VerificationResult.VERIFICATION_SENT) {
-                //TODO if this is ok tell the user they have x min to verify if they fail to do so they have to remake the form
-                logger.trace("Contact form stored and requested verification from user");
-                return ResponseEntity.ok("User Data received and email verification sent.");
-            } else {
-                logger.trace("Failed to send verification email");
-                return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
-                        .body("Failed to send verification email. Reason: " + verificationResult.name());
-            }
-        })).exceptionally(throwable -> {
-            logger.error("Failed to store form", throwable);
-            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to store your form");
-        });
+        return FormRequestHandler.handleRequestWithVerifyMail(formData, request.getRemoteAddr());
     }
 }
 

src/main/java/com/alttd/forms/controlers/contact/ContactFormData.java

@@ -48,6 +48,11 @@ public class ContactFormData extends Form {
         return "support@alttd.com";
     }
 
+    @Override
+    public String getSender() {
+        return email;
+    }
+
     @Override
     public String toHtml() {
         String[] fields = {"Username", "Email", "Question"};

src/main/java/com/alttd/forms/controlers/form_active/BooleanResponse.java

@@ -0,0 +1,4 @@
+package com.alttd.forms.controlers.form_active;
+
+public record BooleanResponse(boolean isActive) {
+}

src/main/java/com/alttd/forms/controlers/form_active/FormActiveController.java

@@ -0,0 +1,47 @@
+package com.alttd.forms.controlers.form_active;
+
+import com.alttd.forms.form.FormSettingsQuery;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import jakarta.validation.Valid;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.concurrent.CompletableFuture;
+
+@RestController
+@RequestMapping("/api/checks")
+public class FormActiveController {
+
+    private static final Logger logger = LoggerFactory.getLogger(FormActiveController.class);
+
+    @PostMapping("/formActive")
+    public CompletableFuture<ResponseEntity<String>> formActiveRequest(@Valid @RequestBody FormActiveData formData) {
+        logger.debug("formActive");
+        logger.trace(formData.toString());
+
+        FormSettingsQuery formSettingsQuery = new FormSettingsQuery();
+        return formSettingsQuery
+                .isActive(formData.formName)
+                .thenApply(result -> {
+                    try {
+                        if (result.isEmpty()) {
+                            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to check if the form is active");
+                        } else if (result.get()) {
+                            return ResponseEntity.ok(new ObjectMapper().writeValueAsString(new BooleanResponse(true)));
+                        } else {
+                            return ResponseEntity.ok(new ObjectMapper().writeValueAsString(new BooleanResponse(false)));
+                        }
+                    } catch (JsonProcessingException e) {
+                        logger.error("Failed to parse BooleanResponse", e);
+                        return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("Failed to respond");
+                    }
+                });
+    }
+}

src/main/java/com/alttd/forms/controlers/form_active/FormActiveData.java

@@ -0,0 +1,20 @@
+package com.alttd.forms.controlers.form_active;
+
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.Pattern;
+import org.hibernate.validator.constraints.Length;
+
+public class FormActiveData {
+
+    public FormActiveData() {}
+
+    public FormActiveData(String formName) {
+        this.formName = formName;
+    }
+
+    @NotEmpty(message = "You have to provide a form name")
+    @Length(min = 1, max = 64, message = "Usernames have to be between 3 and 16 characters")
+    @Pattern(regexp = "[a-zA-Z]{1,64}", message = "This is an invalid form name")
+    public String formName;
+
+}

src/main/java/com/alttd/forms/controlers/global_rate_limiter/FilterConfig.java

@@ -0,0 +1,17 @@
+package com.alttd.forms.controlers.global_rate_limiter;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class FilterConfig {
+
+    @Bean
+    public FilterRegistrationBean<GlobalRateLimitingFilter> rateLimitingFilter() {
+        FilterRegistrationBean<GlobalRateLimitingFilter> registrationBean = new FilterRegistrationBean<>();
+        registrationBean.setFilter(new GlobalRateLimitingFilter());
+        registrationBean.addUrlPatterns("/api/*");
+        return registrationBean;
+    }
+}

src/main/java/com/alttd/forms/controlers/global_rate_limiter/GlobalRateLimitingFilter.java

@@ -0,0 +1,67 @@
+package com.alttd.forms.controlers.global_rate_limiter;
+
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import org.springframework.stereotype.Component;
+
+import java.io.IOException;
+import java.time.Instant;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.atomic.AtomicInteger;
+
+@Component
+public class GlobalRateLimitingFilter implements Filter {
+
+    private static final int MAX_REQUESTS_PER_MINUTE = 30;
+    private final Map<String, RequestCounter> ipRequestMap = new ConcurrentHashMap<>();
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest httpRequest = (HttpServletRequest) request;
+        HttpServletResponse httpResponse = (HttpServletResponse) response;
+        String clientIp = httpRequest.getRemoteAddr();
+
+        RequestCounter requestCounter = ipRequestMap.computeIfAbsent(clientIp, k -> new RequestCounter(0, Instant.now().getEpochSecond()));
+
+        synchronized (requestCounter) {
+            long currentTime = Instant.now().getEpochSecond();
+            if (currentTime - requestCounter.timestamp > 60) {
+                // Reset counter every 60 seconds
+                requestCounter.timestamp = currentTime;
+                requestCounter.count.set(0);
+            }
+
+            if (requestCounter.count.incrementAndGet() > MAX_REQUESTS_PER_MINUTE) {
+                httpResponse.setStatus(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
+                return;
+            }
+        }
+
+        chain.doFilter(request, response);
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+    }
+
+    @Override
+    public void destroy() {
+    }
+
+    private static class RequestCounter {
+        AtomicInteger count;
+        long timestamp;
+
+        public RequestCounter(int count, long timestamp) {
+            this.count = new AtomicInteger(count);
+            this.timestamp = timestamp;
+        }
+    }
+}

src/main/java/com/alttd/forms/database/Database.java

@@ -12,8 +12,45 @@ public class Database {
 
     public static void createTables() {
         String[] createTables = {
-                "CREATE TABLE IF NOT EXISTS verify_form (e_mail VARCHAR(256), verification_code INT, formId INT, PRIMARY KEY(e_mail, verification_code))",
-                "CREATE TABLE IF NOT EXISTS form (formId INT AUTO_INCREMENT, creation_date BIGINT, form_json TEXT, form_class VARCHAR(64), PRIMARY KEY(formId))"
+                // language=SQL
+                """
+                CREATE TABLE IF NOT EXISTS verify_form(
+                    e_mail VARCHAR(256) NOT NULL,
+                    verification_code INT NOT NULL,
+                    formId INT NOT NULL,
+                    PRIMARY KEY(e_mail, verification_code)
+                )
+                """,
+                // language=SQL
+                """
+                CREATE TABLE IF NOT EXISTS form(
+                    formId INT AUTO_INCREMENT NOT NULL,
+                    creation_date BIGINT NOT NULL,
+                    form_json TEXT NOT NULL,
+                    form_class VARCHAR(64) NOT NULL,
+                    PRIMARY KEY(formId)
+                )
+                """,
+                // language=SQL
+                """
+                CREATE TABLE IF NOT EXISTS rate_limit(
+                    id INT AUTO_INCREMENT NOT NULL,
+                    time TIMESTAMP NOT NULL,
+                    ip VARCHAR(45) NOT NULL,
+                    mail VARCHAR(256) NOT NULL,
+                    PRIMARY KEY(id)
+                )
+                """,
+                // language=SQL
+                """
+                CREATE TABLE IF NOT EXISTS form_active(
+                    id INT AUTO_INCREMENT NOT NULL,
+                    name VARCHAR(64) NOT NULL,
+                    active_from TIMESTAMP NOT NULL,
+                    active_until TIMESTAMP NOT NULL,
+                    PRIMARY KEY(id)
+                )
+                """
         };
         Connection connection = DatabaseConnection.getConnection();
         for (String query : createTables) {

src/main/java/com/alttd/forms/form/Form.java

@@ -18,20 +18,25 @@ public abstract class Form {
 
     public String toHtml(String[] fields, String[] values) {
         StringBuilder htmlOutput = new StringBuilder();
+        //language=HTML
         htmlOutput.append("<table style='border-collapse: collapse; width: 100%;'>");
         for (int i = 0; i < fields.length; i++) {
-            htmlOutput.append("<tr style='border: 1px solid #ddd;'>");
-            htmlOutput.append("<td style='border: 1px solid #ddd; padding: 10px; font-weight: bold;'>");
-            htmlOutput.append(fields[i]);
-            htmlOutput.append("</td>");
-            htmlOutput.append("<td style='border: 1px solid #ddd; padding: 10px;'>");
-            htmlOutput.append(values[i]);
-            htmlOutput.append("</td>");
-            htmlOutput.append("</tr>");
+            htmlOutput.append(
+                    String.format(
+                            //language=HTML
+                            """
+                            <tr style='border: 1px solid #ddd;'>
+                                <td style='border: 1px solid #ddd; padding: 10px; font-weight: bold;'>
+                            %s
+                            </td>
+                            <td style='border: 1px solid #ddd; padding: 10px;'>
+                            %s
+                                </td>
+                            </tr>
+                            """, fields[i], values[i]));
         }
-
+        //language=HTML
         htmlOutput.append("</table>");
-
         return htmlOutput.toString();
     }
 
@@ -41,4 +46,6 @@ public abstract class Form {
     public abstract Optional<String> getDiscordBotUrl();
 
     public abstract String getReceiver();
+
+    public abstract String getSender();
 }

src/main/java/com/alttd/forms/form/FormSettingsQuery.java

@@ -0,0 +1,43 @@
+package com.alttd.forms.form;
+
+import com.alttd.forms.database.DatabaseConnection;
+import jakarta.validation.constraints.NotNull;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.time.Instant;
+import java.util.Optional;
+import java.util.concurrent.CompletableFuture;
+
+public class FormSettingsQuery {
+
+    private static final Logger logger = LoggerFactory.getLogger(FormSettingsQuery.class);
+
+    public CompletableFuture<Optional<Boolean>> isActive(@NotNull String formName) {
+        return CompletableFuture.supplyAsync(() -> {
+            Connection connection = DatabaseConnection.getConnection();
+            String sql = "SELECT active_from, active_until FROM form_active WHERE name = ?";
+            try (PreparedStatement stmt = connection.prepareStatement(sql)) {
+                stmt.setString(1, formName);
+                ResultSet resultSet = stmt.executeQuery();
+                if (!resultSet.next()) {
+                    return Optional.of(true);
+                }
+                Instant activeFrom = resultSet.getTimestamp("active_from").toInstant();
+                Instant activeUntil = resultSet.getTimestamp("active_until").toInstant();
+                Instant now = Instant.now();
+                if (activeFrom.isAfter(now) || activeUntil.isBefore(now))
+                    return Optional.of(false);
+                return Optional.of(true);
+            } catch (SQLException e) {
+                logger.error("Failed to check if the {} form is active", formName ,e);
+                return Optional.empty();
+            }
+        });
+    }
+
+}

src/main/java/com/alttd/forms/mail/rate_limitter/FormRateLimit.java

@@ -0,0 +1,87 @@
+package com.alttd.forms.mail.rate_limitter;
+
+import com.alttd.forms.database.DatabaseConnection;
+import com.alttd.forms.properties.PropertiesLoader;
+import com.alttd.forms.properties.PropertiesWriter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.sql.SQLException;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Optional;
+import java.util.Properties;
+import java.util.concurrent.CompletableFuture;
+
+public class FormRateLimit {
+
+    private static final Logger logger = LoggerFactory.getLogger(FormRateLimit.class);
+    private static FormRateLimit instance;
+    private Properties properties;
+
+    private FormRateLimit(String path) {
+        FormRateLimit.instance = this;
+        loadProperties(path);
+    }
+
+    public static FormRateLimit getInstance() {
+        return FormRateLimit.instance;
+    }
+
+    public static void initialize(String path) {
+        if (instance != null)
+            return;
+        FormRateLimit.instance = new FormRateLimit(path);
+    }
+
+    private void loadProperties(String path) {
+        String fileName = "form.properties";
+        Optional<Properties> optionalProperties = PropertiesLoader.loadProperties(path, fileName);
+        if (optionalProperties.isPresent()) {
+            properties = optionalProperties.get();
+            return;
+        }
+
+        properties = new Properties();
+        properties.setProperty("rate-limit-ip-count", "10");
+        properties.setProperty("rate-limit-mail-count", "10");
+        properties.setProperty("rate-limit-ip-minutes", "60");
+        properties.setProperty("rate-limit-mail-minutes", "60");
+        PropertiesWriter.writeProperties(properties, path, fileName);
+    }
+
+    public CompletableFuture<Optional<Boolean>> isRateLimited(String ip, String mail) {
+        return CompletableFuture.supplyAsync(
+            () -> {
+                RateLimitQuery rateLimitQuery = new RateLimitQuery(DatabaseConnection.getConnection());
+                try {
+                    if (isIpRateLimited(rateLimitQuery, ip) || isMailRateLimited(rateLimitQuery, mail))
+                        return Optional.of(true);
+                } catch (SQLException e) {
+                    logger.error("Failed rate limit query for ip: {}, mail: {}", ip, mail, e);
+                    return Optional.empty();
+                } catch (NumberFormatException e) {
+                    logger.error("Failed loading numbers from properties", e);
+                    return Optional.empty();
+                }
+                return Optional.of(false);
+            });
+    }
+
+    private boolean isIpRateLimited(RateLimitQuery rateLimitQuery, String ip) throws SQLException, NumberFormatException {
+        int minutes = Integer.parseInt(properties.getProperty("rate-limit-ip-minutes"));
+        Instant after = Instant.now().minus(Duration.ofMinutes(minutes));
+        int ipHits = rateLimitQuery.getIpHits(ip, after);
+        int ipRateLimit = Integer.parseInt(properties.getProperty("rate-limit-ip-count"));
+        return ipHits >= ipRateLimit;
+    }
+
+    private boolean isMailRateLimited(RateLimitQuery rateLimitQuery, String mail) throws SQLException, NumberFormatException {
+        int minutes = Integer.parseInt(properties.getProperty("rate-limit-mail-minutes"));
+        Instant after = Instant.now().minus(Duration.ofMinutes(minutes));
+        int ipHits = rateLimitQuery.getMailHits(mail, after);
+        int ipRateLimit = Integer.parseInt(properties.getProperty("rate-limit-mail-count"));
+        return ipHits >= ipRateLimit;
+    }
+
+}

src/main/java/com/alttd/forms/mail/rate_limitter/RateLimitEntryDTO.java

@@ -0,0 +1,6 @@
+package com.alttd.forms.mail.rate_limitter;
+
+import java.time.Instant;
+
+public record RateLimitEntryDTO(Instant time, String ip, String mail) {
+}

src/main/java/com/alttd/forms/mail/rate_limitter/RateLimitQuery.java

@@ -0,0 +1,64 @@
+package com.alttd.forms.mail.rate_limitter;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.sql.*;
+import java.time.Instant;
+
+public class RateLimitQuery {
+
+    private static final Logger logger = LoggerFactory.getLogger(RateLimitQuery.class);
+    private final Connection connection;
+
+    protected RateLimitQuery(Connection connection) {
+        this.connection = connection;
+    }
+
+    protected int getIpHits(String ip, Instant after) throws SQLException {
+        String sql = "SELECT COUNT(*) AS hits FROM rate_limit WHERE ip = ? AND time > ?";
+        try (PreparedStatement stmt = connection.prepareStatement(sql)) {
+            stmt.setString(1, ip);
+            stmt.setTimestamp(2, Timestamp.from(after));
+            ResultSet resultSet = stmt.executeQuery();
+            if (!resultSet.next()) {
+                return 0;
+            }
+            return resultSet.getInt("hits");
+        } catch (SQLException e) {
+            logger.error("Failed get ip hits query for ip: {}", ip, e);
+            throw e;
+        }
+    }
+
+    protected int getMailHits(String mail, Instant after) throws SQLException {
+        String sql = "SELECT COUNT(*) AS hits FROM rate_limit WHERE mail = ? AND time > ?";
+        try (PreparedStatement stmt = connection.prepareStatement(sql)) {
+            stmt.setString(1, mail);
+            stmt.setTimestamp(2, Timestamp.from(after));
+            ResultSet resultSet = stmt.executeQuery();
+            if (!resultSet.next()) {
+                return 0;
+            }
+            return resultSet.getInt("hits");
+        } catch (SQLException e) {
+            logger.error("Failed get mail hits query for ip: {}", mail, e);
+            throw e;
+        }
+    }
+
+    protected boolean insertRateLimitEntry(RateLimitEntryDTO entry) throws SQLException {
+        String sql = "INSERT INTO rate_limit (time, ip, mail) VALUES (?, ?, ?)";
+        try {
+            PreparedStatement stmt = connection.prepareStatement(sql);
+            stmt.setTimestamp(1, Timestamp.from(entry.time()));
+            stmt.setString(2, entry.ip());
+            stmt.setString(3, entry.mail());
+            return stmt.executeUpdate() > 0;
+        } catch (SQLException e) {
+            logger.error("Failed to store rate limit for ip: {}, mail: {}, time: {}", entry.ip(), entry.mail(), entry.time(), e);
+            throw e;
+        }
+    }
+
+}

src/main/java/com/alttd/forms/mail/verification/VerificationResult.java

@@ -1,6 +1,6 @@
 package com.alttd.forms.mail.verification;
 
 public enum VerificationResult {
-    NO_MAIL_ACCOUNT, FAILED_TO_SEND, VERIFICATION_SENT,
+    NO_MAIL_ACCOUNT, FAILED_TO_SEND, VERIFICATION_SENT, RATE_LIMIT_EXCEEDED, FAILED_TO_RETRIEVE_RATE_LIMIT_DATA;
 
 }

src/main/java/com/alttd/forms/mail/verification/Verify.java

@@ -1,6 +1,8 @@
 package com.alttd.forms.mail.verification;
 
+import com.alttd.forms.form.Form;
 import com.alttd.forms.mail.MailSettings;
+import com.alttd.forms.mail.rate_limitter.FormRateLimit;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -15,7 +17,7 @@ public class Verify {
 
     private static final Logger logger = LoggerFactory.getLogger(Verify.class);
 
-    public static CompletableFuture<VerificationResult> verifyEmail(String address, int code) {
+    public static CompletableFuture<VerificationResult> verifyEmail(String ip, String address, int code, Form form) {
         logger.debug("verifyEmail");
         Properties mailProperties = MailSettings.getMailProperties();
         logger.debug("mailProperties: {}", mailProperties);
@@ -30,35 +32,62 @@ public class Verify {
 
         //TODO rate limit sending mail from IP and to specific e-mail addresses (max 1 per minute and max 10 per day)
         //TODO include a link to all emails that people can click to block us from sending mail to them so no one can use us to spam ppl
+        return CompletableFuture.supplyAsync(() -> sendMail(ip, address, code, session, passwordAuthentication, form));
+    }
+
+    private static VerificationResult sendMail(String ip, String address, int code, Session session, PasswordAuthentication passwordAuthentication, Form form) {
+        Optional<Boolean> isRateLimited = FormRateLimit.getInstance().isRateLimited(ip, address).join();
+        if (isRateLimited.isEmpty()) {
+            return VerificationResult.FAILED_TO_RETRIEVE_RATE_LIMIT_DATA;
+        } else if (isRateLimited.get()) {
+            return VerificationResult.RATE_LIMIT_EXCEEDED;
+        }
+
+        Message message;
         try {
-            logger.trace("Creating mail");
-            Message message = new MimeMessage(session);
-            message.setFrom(new InternetAddress(passwordAuthentication.getUserName()));
-            logger.trace("Set from to {}", passwordAuthentication.getUserName());
-            message.setRecipients(
-                    Message.RecipientType.TO,
-                    InternetAddress.parse(address)
-            );
-            logger.trace("Set recipients");
-            message.setSubject("Altitude Email Verification");
-            message.setText("Please verify your email by entering the following code on the page you made the form in\n" + code); //TODO pretty html stuff
-            logger.trace("Set code: {}", code);
-            //TODO include the form they filled in (also in pretty html stuff)
-            return CompletableFuture.supplyAsync(() -> {
-                try {
-                    logger.trace("Sending mail");
-                    Transport.send(message);
-                    logger.trace("Sending mail succeeded");
-                    return VerificationResult.VERIFICATION_SENT;
-                } catch (MessagingException e) {
-                    logger.error("Failed to send mail", e);
-                    return VerificationResult.FAILED_TO_SEND;
-                }
-            });
+            message = getMail(address, code, session, passwordAuthentication, form);
         } catch (MessagingException e) {
             logger.error("Failed to create MimeMessage", e);
-            return CompletableFuture.completedFuture(VerificationResult.FAILED_TO_SEND);
+            return VerificationResult.FAILED_TO_SEND;
+        }
+
+        try {
+            logger.trace("Sending mail");
+            Transport.send(message);
+            logger.trace("Sending mail succeeded");
+            return VerificationResult.VERIFICATION_SENT;
+        } catch (MessagingException e) {
+            logger.error("Failed to send mail", e);
+            return VerificationResult.FAILED_TO_SEND;
         }
     }
 
+    private static Message getMail(String address, int code, Session session, PasswordAuthentication passwordAuthentication, Form form) throws MessagingException {
+        logger.trace("Creating mail");
+        Message message = new MimeMessage(session);
+        message.setFrom(new InternetAddress(passwordAuthentication.getUserName()));
+        logger.trace("Set from to {}", passwordAuthentication.getUserName());
+        message.setRecipients(
+                Message.RecipientType.TO,
+                InternetAddress.parse(address)
+        );
+        logger.trace("Set recipients");
+        message.setSubject("Altitude Email Verification");
+        String body = String.format(
+                //language=HTML
+                """
+                <title>
+                Email Verification
+                </title>
+                <p>Please verify your email by entering the following code on the page you made the form in:</p>
+                <p>%s</p>
+                <p></p>
+                <p>This is the form you're submitting:</p>
+                """, code);
+        body += form.toHtml();
+        message.setContent(body, "text/html");
+        logger.trace("Set code: {}", code);
+        return message;
+    }
+
 }

src/main/java/com/alttd/forms/verify_mail/FormQuery.java

@@ -1,5 +1,6 @@
 package com.alttd.forms.verify_mail;
 
+import com.alttd.forms.controlers.apply.StaffAppFormData;
 import com.alttd.forms.controlers.contact.ContactFormData;
 import com.alttd.forms.database.DatabaseConnection;
 import com.alttd.forms.form.Form;
@@ -72,6 +73,9 @@ public class FormQuery {
             case "ContactFormData" -> {
                 return objectMapper.readValue(json, ContactFormData.class);
             }
+            case "StaffAppFormData" -> {
+                return objectMapper.readValue(json, StaffAppFormData.class);
+            }
             default -> throw new IllegalArgumentException("Invalid form class name: " + className);
         }
     }

src/main/resources/application.properties

@@ -1,4 +1,4 @@
-logging.level.com.alttd.forms=warn
+logging.level.com.alttd.forms=WARN
 server.port=8002
 spring.jackson.date-format=yyyy-MM-dd
 spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS=false