Login

flagActivity Last updated: 01. May 2026

API only function

flagActivity flags suspicious request patterns to deter potential brute force attacks. After a set number of flagged requests from a single IP, it blocks that IP to protect the platform.

See also: writeJwt deleteJwt denyAccess logOut getProfilePictureUrl Custom JWT login example

Parameters

This function takes no parameters

Returns

Boolean false if only flagged, true if IP is now blocked.

Example

Code example (JS)

JS is normal JavaScript either running in the browser or on the Docly™ server. 
// Typical use in a login endpoint — flag failed attempts so brute force
// from a single IP is throttled and eventually blocked.

// #/API/login.js
export default (form) => {

    let user = lookupUser(form.username);

    if (!user || !verifyPassword(form.password, user.passwordHash)) {

        // Tick the "flag" counter for the calling IP.
        // Returns true if this IP has now been blocked.
        let blocked = docly.flagActivity();

        if (blocked) {
            return { error: "Too many failed attempts. Try again later." };
        }
        return { error: "Invalid username or password." };
    }

    // Success — issue the session JWT
    docly.writeJwt({ username: user.name, access: user.role });
    return { success: true };
}