Overview
Platform Overview
All restaurants and activity at a glance.
Restaurants
total onboarded
Active
menus live
Users
owners & staff
Total Items
dishes listed
Recent Restaurants
Recent Activity
All Restaurants
Manage all onboarded restaurant accounts.
Restaurants
RestaurantOwnerCuisineItemsCreatedStatusActions
All Users
Manage owners, staff and admin accounts.
Name / EmailRoleRestaurantLast LoginStatusActions
Activity Log
Last 100 actions across the platform.
TimeUserRestaurantActionDetailsIP
RBAC Access Policy
Role-Based Access Control defines what each user type can do.
super_admin

Super Administrator

Full platform access. Can manage all restaurants, users, view all menus and activity logs. Can create or delete any account. Cannot be deactivated.

✓ View all restaurants ✓ Create restaurants ✓ Activate/deactivate restaurants ✓ Delete restaurants ✓ Create users (any role) ✓ Reset any password ✓ View activity log ✓ Edit any restaurant info
owner

Restaurant Owner

Full control over their own restaurant only. Can edit all menu content, restaurant info, branding, and manage their QR code. Cannot access other restaurants.

✓ Edit own restaurant info ✓ Add/edit/delete categories ✓ Add/edit/delete menu items ✓ Change theme & branding ✓ Download QR code ✓ Change own password ✗ Access other restaurants ✗ Create/delete users
staff

Staff Member

Read-only access to their assigned restaurant's menu and information. Useful for waitstaff to view the menu. Cannot make any changes.

✓ View own restaurant menu ✓ View restaurant info ✓ View QR code ✓ Change own password ✗ Edit any content ✗ Access other restaurants ✗ Delete anything
API Authentication Flow

1. Client sends POST /api/auth/login with email + password

2. Server validates credentials with bcrypt hash comparison

3. On success, a session cookie is set (httpOnly, SameSite=lax, 7-day expiry)

4. Every subsequent request carries the session cookie; server validates role via requireAuth(...roles) middleware

5. For restaurant routes, requireRestaurantAccess verifies the user's restaurant_id matches the requested resource

6. Super admins bypass the restaurant ownership check automatically

Restaurant
Live · Menu Active
Overview
Welcome back 👋
Your menu is live and ready to share.
Categories
0
menu sections
Total Items
0
dishes listed
Status
Live
QR code active
Quick Actions
Your QR Code

Customers scan this to view your menu — no app needed

Edit Menu
Changes save immediately to your live menu.
Restaurant Information
Updates appear instantly on your live menu page.
Basic Details
Branding
Classic
🍂 Classic
Dark
🖤 Dark
MINIMAL
◻ Minimal
Rustic
🏡 Rustic
QR Code
Download and print for your restaurant tables.

My Restaurant

Scan to view menu

Use your QR code everywhere

Print this QR on table tents, menu covers, receipts, and entrance posters. When scanned, customers see your full menu instantly — no app needed.

1
Download the high-res PNG above
2
Run launch.bat (Windows) to get your ngrok public URL
3
Print the QR code and place on every table
4
Edit anytime — changes appear live, no reprinting
Settings
Account and menu preferences.
Change Password
Danger Zone

Sign out everywhere

End your current session on all devices.