add rate limiting to membership confirmation codes #2016
Description
when people pay for membership, they validate their membership on their profile page with a confirmation code that they receive via email. to prevent bad actors from spamming random codes trying to game the system, let's introduce a rate limiting system for these codes.
- each user is given 5 code attempts. after 5 attempts, they will no longer be able to verify their membership
- we can do this by storing a hashmap in memory that maps userId -> number of attempts
- every time a bad attempt is made, increment the number; if/when the user makes a good request and verifies their membership, remove their hashmap entry