Configuration
All configuration lives in config.js (not escrowed).
Web Server
js
Config.WebPort = 8080; // HTTP port for the web panel
Config.Framework = 'auto'; // 'auto' | 'qbcore' | 'esx'Accounts
The owner account is defined here and cannot be removed from the UI. Additional staff are best managed from the Accounts & Roles page in the panel.
js
Config.Users = [
{ username: 'admin', password: 'CHANGE_ME_NOW', role: 'owner' },
];In-Game Menu
js
Config.InGame = {
enabled: true,
command: 'a', // opens the menu with /a
keybind: '', // e.g. 'F3' — leave empty to disable the keybind
keybindLabel: 'Open ORB Admin Menu',
};Inventory Integration
js
Config.Inventory = {
resource: 'ox_inventory', // 'ox_inventory' | 'qb-inventory' | 'tgiann-inventory'
imagesPath: 'web/images/', // path to item images, relative to the inventory resource
};Live Streaming
js
Config.Stream = {
enabled: true,
quality: 0.7, // capture quality (0.0 – 1.0)
maxWidth: 1280, // max capture width in pixels
};Actions
The actions available against a player (revive, heal, kick, ban, give item, set job, etc.) are defined in Config.Actions. Each action has a permission so you can gate it per role:
js
Config.Actions = [
{
name: 'revive',
label: 'Revive',
icon: 'heart-pulse',
permission: 'action.revive',
inputs: [],
},
// ... more actions
];Optional Systems
js
Config.Systems = {
reports: {
enabled: false, // in-game /report system
command: 'report',
cooldown: 60, // seconds between reports
maxOpen: 50, // max open reports in the queue
},
};Security Recommendations
- Always change the default owner password before going live
- The login endpoint is rate-limited (5 attempts per 60 seconds per IP)
- Sessions use HttpOnly cookies and expire after 24 hours
- Consider placing the panel behind a reverse proxy with HTTPS if exposed publicly