Bedrud Docs

The admin dashboard provides a web interface for managing your Bedrud instance. Superadmins can view system statistics, manage users and rooms, configure instance-wide settings, and generate invite tokens.

Prerequisites

  • Superadmin access: You must have superadmin in your user’s accesses array.
  • First admin setup: After installing Bedrud, create a user and promote them via the CLI:
bedrud user create --email "admin@example.com" --password "securepassword" --name "Admin"
bedrud user promote --email "admin@example.com"

There is no web UI or API to create the first superadmin. This is intentional for security.

Accessing the Admin Panel

Once you have superadmin access, the admin panel is available at /dashboard/admin in your Bedrud web application.

Navigation:

  • The sidebar shows an “Admin” section with links to Overview, Users, Rooms, and Settings. This section is only visible to superadmins.
  • The top-right user dropdown includes an “Admin panel” link with a shield icon.
  • Non-admin users who attempt to visit /dashboard/admin/* URLs are automatically redirected to /dashboard.

Overview Page

The overview page at /dashboard/admin provides a dashboard with key system metrics.

System Stats

Cards display:

  • Online Users: Total distinct active participants across all rooms
  • Total Rooms: Total rooms on the instance
  • Total Users: Total registered users

TLS Certificate Status

A color-coded indicator shows the state of your server’s TLS certificate:

StatusColorMeaning
ValidGreenCertificate is valid
Expiring SoonAmberExpires within 30 days
ExpiredRedCertificate has expired
Not ConfiguredGrayTLS is disabled

The certificate status refreshes every 5 minutes.

Charts

  • Room Creation: Bar chart of rooms created over the last 8 weeks
  • Recent Signups: List of the most recent user registrations

User Management

User List

The user list at /dashboard/admin/users shows all registered users in a searchable, sortable table.

Columns:

  • Name: User’s display name
  • Email: User’s email address
  • Provider: Authentication method (local, google, github, guest, passkey)
  • Role: Access level badge. Shows “Superadmin” for users with superadmin access.
  • Created: Registration date
  • Status: Active/Banned toggle

Actions:

  • Search: Type in the search bar to filter users by name or email (client-side).
  • Sort: Click any column header to sort. Click again to toggle ascending/descending.
  • Pagination: Navigation controls for browsing large user lists.

User Actions

Each user row includes quick-action buttons:

  • Promote/Demote: Toggle between ["user"] and ["user", "superadmin"] access levels. Visible in the access level column.
  • Active/Banned: Toggle the user’s account status. Banned users cannot log in or refresh tokens.
  • View Detail: Click the user row to open the detail view.

User Detail

The detail page at /dashboard/admin/users/:userId shows a full user profile.

Information displayed:

  • User name, email, provider, and registration date
  • Access level badge (superadmin/user)
  • Room creation activity chart (8-week history)
  • List of rooms created by the user

Actions:

  • Promote/Demote: Dedicated button in the detail header
  • Delete User: Permanently removes the user and all their data. Requires email confirmation. The delete button is hidden for your own account (you cannot delete yourself).

Delete is permanent and asynchronous. Deleting a user also removes all their rooms, passkeys, and preferences. The request returns immediately while the cleanup runs in the background.

Room Management

Room List

The room list at /dashboard/admin/rooms shows all rooms on the instance.

Columns:

  • Room Name: Room identifier
  • Visibility: Public, private, or unlisted
  • Max Participants: Editable inline — click the value to change it
  • Status: Active or inactive
  • Created: Room creation date

Actions:

  • Search: Filter rooms by name (client-side)
  • Sort: Click column headers to sort
  • Suspend: End an active call without deleting the room
  • Delete: Permanently close a room with cascade deletion

Room Detail

The detail page at /dashboard/admin/rooms/:roomId provides deep visibility into a room.

Room Settings:

  • Room name, visibility mode, max participants
  • Persistent mode toggle: Enable to prevent automatic cleanup of idle rooms. This is available to superadmins only — room creators cannot change it.

Live Participants:

  • Real-time participant list that polls every 3 seconds
  • Per participant: name, join time, track information (audio/video/screen share)
  • Bitrate chart: Live bitrate graph for audio and video tracks
  • Kick: Remove any participant from the room
  • Mute: Mute any participant’s audio tracks

System Settings

The settings page at /dashboard/admin/settings is organized into 7 tabs. Click “Save changes” after modifying any tab (the General tab auto-saves on registration mode changes).

General Tab

  • Registration Mode:
    • Open: Anyone can register an account
    • Invite-only: New users must provide a valid invite token
    • Closed: No new registrations — existing users can still log in
    • Changes save automatically when you switch modes

Invite Token Management (within General tab):

Tokens control who can register when in Invite-only mode.

  • Generate Token: Enter an optional email to lock the token to a specific address, and select an expiry period (24 hours, 72 hours, 7 days, or 30 days).
  • Token List: Shows all tokens with their status. Unused tokens have a green “Active” badge, used tokens show “Used” in gray.
  • Copy Token: Click the copy button to copy the 32-character token value to your clipboard.
  • Revoke: Delete a token to prevent it from being used.
  • Recordings Toggle: Under the token list, toggle Allow room recordings on/off. When disabled, all recording API endpoints return 403 system-wide.

Webhooks Tab

The Webhooks tab lets superadmins register HTTP callbacks for real-time room and recording events.

  • Add Webhook: Enter a URL, select event types, and optionally set a custom HMAC secret.
  • Event Types: room.ended, participant.joined, participant.left, recording.completed.
  • Test: Send a test ping to verify connectivity.
  • Rotate: Generate a new HMAC signing secret (old one immediately invalidated).
  • Status Column: Shows last HTTP status code and timestamp of last delivery.

Authentication Tab

  • Passkeys: Toggle FIDO2/WebAuthn passwordless authentication
  • OAuth Providers: Configure Google, GitHub, and Twitter OAuth:
    • Client ID
    • Client Secret
    • Redirect URL

Each provider has its own configuration card. Enable a provider by filling in all three fields.

LiveKit Tab

  • External LiveKit: Toggle to use an external LiveKit server instead of the embedded one
  • Host: LiveKit server host and port (e.g., 127.0.0.1:7880)
  • API Key: LiveKit server API key
  • API Secret: LiveKit server API secret

Server Tab

  • Port: HTTP server port (default: 80)
  • Host: Server hostname
  • Domain: Server domain
  • Email: Administrative email (used for ACME certificate registration)
  • TLS: Enable HTTPS with certificate files
  • ACME: Enable automatic Let’s Encrypt certificate management
  • Reverse Proxy: Indicate the server is behind a proxy (affects client IP detection)
  • Certificate Paths: Cert file and key file paths (for manual TLS setup)
  • Certificate Status: Inline indicator showing current TLS certificate health

CORS Tab

  • Allowed Origins: Comma-separated list of CORS origins
  • Allowed Headers: Comma-separated list of allowed request headers
  • Allowed Methods: Comma-separated list of allowed HTTP methods
  • Allow Credentials: Toggle to include credentials in cross-origin requests
  • Max Age: Cache duration for CORS preflight responses (seconds)

Room Limits Tab

Controls how many rooms a single user can create:

  • Max Rooms Per User: Maximum number of active rooms a non-superadmin user can create (default: 100, 0 = unlimited). Superadmins bypass this limit.

Upload Quotas Tab

Controls storage limits for chat image uploads:

  • Max Upload Bytes Per User: Per-user storage quota across all rooms (default: 524288000 = 500 MB, 0 = unlimited). Superadmins bypass this limit.
  • Global Disk Threshold: Total storage ceiling across all users. When exceeded, all uploads are rejected until an admin frees space (default: 0 = unlimited). This limit applies to everyone, including superadmins.

Chat Uploads Tab

Configure how chat image uploads are stored:

  • Backend: disk (local filesystem), s3 (S3-compatible storage), or inline (base64 embedded)
  • Max Upload Bytes: Maximum file size per upload
  • Inline Max: Maximum size for inline/base64 uploads
  • Disk Directory: Local directory for disk backend uploads

S3 Configuration (when backend is s3):

  • Endpoint, Bucket, Region
  • Access Key, Secret Key
  • Public URL

Logging Tab

  • Log Level: trace, debug, info, warn, or error. Useful for debugging — switch to debug to see detailed logs, then back to info for production.

Troubleshooting

”Admin panel not visible”

Symptom: The Admin section does not appear in the sidebar, and the “Admin panel” link is missing from the user dropdown.

Cause: The logged-in user does not have superadmin in their accesses array.

Solution: Use the CLI to promote the user:

bedrud user promote --email "your-email@example.com"

Then log out and log back in to get a new JWT with the updated accesses.

”Settings won’t save”

Symptom: Saving settings returns successfully, but secret values appear unchanged.

Cause: The server preserves existing secret values when you send "••••••••" or an empty string in the update request. This is by design — it prevents accidentally overwriting secrets when you’re only changing non-secret fields.

Solution: Send the actual secret value (not the masked placeholder) in the update request.

”Cannot delete my own account”

Symptom: The delete button is hidden on your own user detail page, or the API returns a 400 error.

Cause: Self-deletion is blocked for safety. You cannot delete the account you’re currently logged in as.

Solution: Have another superadmin delete the account, or use the CLI as a different user.

”Redirected to dashboard when visiting admin URL”

Symptom: Visiting /dashboard/admin directly redirects to /dashboard.

Cause: The admin guard route checks your JWT’s accesses array. If superadmin is missing, the guard redirects.

Solution: Verify your account has superadmin access. If your access was recently changed, log out and log back in to refresh your JWT.

See Also