Authentication

The writeJwt function is responsible for generating and writing a JWT (JSON Web Token) secure cookie to the user's browser.

Stops execution of the current API request and returns an HTTP 401 Login Required response to the caller. Use it in #/API/ endpoints to block requests that are missing a valid request.Jwt or that lack the required role. Because hash templates are static and cached, denyAccess() belongs in API/JS files — never in .hash templates.

flagActivity flags suspicious request patterns to deter potential brute force attacks. After a set number of flagged requests from a single IP, it blocks that IP to protect the platform.

The deleteJwt function is responsible for removing the current (if any) JWT (JSON Web Token) secure cookie from the user's browser.

This function retrieves the URL of a user's profile picture from the system. It returns a string containing the direct link to the image, which can be used to display the user's profile picture in applications or web interfaces.

Ends the built-in Docly session for the calling user and clears the session cookie. Typically invoked from an API endpoint (e.g. #/API/LogOut.js) that returns the result to the browser. If your app issues its own JWT cookie with writeJwt(), use deleteJwt() instead to remove that cookie.