Login

flagActivity Last updated: 26. Apr 2026

API only function

flagActivity flags suspicious request patterns to deter potential brute force attacks. After a set number of flagged requests from a single IP, it blocks that IP to protect the platform.

See also: writeJwt, deleteJwt, denyAccess, logOut, getProfilePictureUrl — and Custom JWT login example.

Parameters

This function takes no parameters

Returns

Boolean false if only flagged, true if IP is now blocked.

Example

Code example (JS)

JS is normal JavaScript either running in the browser or on the Docly™ server. 
// Typical use in a login endpoint — flag failed attempts so brute force
// from a single IP is throttled and eventually blocked.

// #/API/login.js
export default (form) => {

    let user = lookupUser(form.username);

    if (!user || !verifyPassword(form.password, user.passwordHash)) {

        // Tick the "flag" counter for the calling IP.
        // Returns true if this IP has now been blocked.
        let blocked = docly.flagActivity();

        if (blocked) {
            return { error: "Too many failed attempts. Try again later." };
        }
        return { error: "Invalid username or password." };
    }

    // Success — issue the session JWT
    docly.writeJwt({ username: user.name, access: user.role });
    return { success: true };
}