User Management¶

Peek supports multiple users with separate preferences, watch history, and content access. Admins can create accounts, set content restrictions, manage user groups, and control permissions.

User Roles¶

Peek has two user roles:

Creating Users¶

Requirements: Admin role

1. Go to Settings → User Management tab
2. Click + Create User
3. Enter:
4. Username (must be unique)
5. Password (minimum 8 characters, must include at least one letter and one number)
6. Role (User or Admin)
7. Click Create

The new user can now log in with these credentials.

Managing Users¶

Requirements: Admin role

Click on any user row in the User Management table to open the User Edit Modal, which provides a comprehensive view of user settings:

User Edit Modal Sections¶

Quick Actions¶

From the user table, you can also:

User Groups¶

User groups allow you to manage permissions for multiple users at once. Users inherit permissions from all groups they belong to.

How Groups Work¶

• Each group defines default permissions (sharing, downloading files, downloading playlists)
• Users can belong to multiple groups
• Permissions use "most permissive wins" logic—if any group grants a permission, the user has it
• Individual user overrides can further customize permissions

Managing Groups¶

Requirements: Admin role

1. Go to Settings → Groups tab
2. Click + Create Group to add a new group
3. Enter:
4. Name (must be unique)
5. Description (optional)
6. Default Permissions (toggle which permissions group members should have)
7. Click Create

Group Permissions¶

Adding Users to Groups¶

1. Click on a user in the User Management table
2. Go to the Groups section
3. Check the groups you want the user to belong to
4. Click Save

Permission Resolution¶

When determining a user's effective permissions:

1. Start with all permissions disabled
2. For each group the user belongs to, if the group grants a permission, enable it
3. Apply any user-level overrides (explicit allow or deny)

Permissions¶

Permissions control what actions users can perform beyond viewing content.

Available Permissions¶

Setting Permissions¶

1. Click on a user in the User Management table
2. Go to the Permissions section
3. For each permission, choose:
4. Inherit — Use the value from group memberships
5. Allow — Explicitly grant this permission
6. Deny — Explicitly deny this permission
7. Click Save

Content Restrictions¶

Admins can restrict what content users see. Restrictions cascade throughout the UI—restricted items won't appear in lists, cards, dropdowns, or detail pages.

Restriction Types¶

Restriction Modes¶

Setting Restrictions¶

1. Click on a user in the User Management table
2. Go to the Content Restrictions section
3. For each entity type (Collections, Tags, Studios, Galleries):
4. Select a mode (None, Exclude, or Include)
5. Choose specific items to include or exclude
6. Optionally enable Restrict Empty to hide content with no metadata for that type
7. Click Save

How Restrictions Work¶

Exclude mode example: - Exclude the tag "Documentary" - User won't see any scenes, performers, or studios tagged "Documentary"

Include mode example: - Include only the collection "Favorites" - User only sees scenes in the "Favorites" group—nothing else

Cascading behavior: - Restricted tags don't appear in filter dropdowns - Restricted studios don't appear on performer detail pages - Scene counts exclude restricted content

User Settings¶

What Users Can Configure¶

Each user can customize their own experience:

Accessing Settings¶

• Click your username in the header → Settings
• Or navigate directly to the Settings page

Syncing with Stash¶

Sync from Stash (Import)¶

Imports a user's ratings and favorites from Stash into Peek. Useful when: - A new user already has data in Stash - Recovering from a Peek database reset

To sync: 1. Go to User Management 2. Click Sync from Stash for the user 3. Select what to import (ratings, favorites, O-counter) 4. Click Start Sync

Sync to Stash (Export)¶

When enabled, user activity syncs back to Stash:

To enable/disable: 1. Go to User Management 2. Find the user in the table 3. Toggle the Sync to Stash column

Hidden Items¶

Users can hide individual items they don't want to see. Unlike admin restrictions, users can unhide items themselves.

Hiding Content¶

• On any card, click the ⋮ menu → Hide
• Or on detail pages, use the Hide action

Managing Hidden Items¶

1. Go to Settings → Hidden Items tab
2. View all hidden items by type
3. Click Unhide to restore visibility

See Hidden Items for details.

User Menu¶

The user menu (top-right corner) provides quick access to:

• Watch History — Resume where you left off
• My Stats — Personal viewing statistics
• Downloads — View and manage your download history
• TV Mode — Toggle enhanced keyboard navigation
• Sign Out — Log out of your account

Proxy Authentication (SSO)¶

Peek supports single sign-on via reverse proxy authentication. When configured:

• Users are automatically logged in based on proxy headers
• Usernames must match exactly between proxy and Peek
• See Configuration - Proxy Authentication for setup

Security¶

Password Requirements¶

Passwords must meet these requirements:

• Minimum 8 characters
• At least one letter (a-z or A-Z)
• At least one number (0-9)

Account Lockout¶

To protect against brute-force attacks:

• After 5 failed login attempts, the account is locked for 15 minutes
• The lockout applies per username
• Admins cannot manually unlock accounts—wait for the lockout to expire

Rate Limiting¶

Authentication endpoints are rate-limited:

• 10 requests per 15 minutes per IP address
• Applies to login, password reset, and registration endpoints
• Helps prevent automated attacks

Recovery Keys¶

Each user has a recovery key that can be used to reset their password if forgotten.

Viewing your recovery key: 1. Go to Settings → Account tab 2. Your recovery key is displayed in the Security section 3. Copy and store it in a safe place (password manager recommended)

Using a recovery key: 1. On the login page, click Forgot Password 2. Enter your username 3. Enter your recovery key 4. Set a new password

Admin Password Reset¶

Admins can reset any user's password:

1. Click on the user in User Management
2. In the Account section, enter a new password
3. Click Save

The user should change their password after logging in.

Security Best Practices¶

• Passwords are hashed with bcrypt (never stored in plain text)
• Sessions expire after 24 hours of activity
• Inactive sessions expire after 4 hours
• Change the default admin password immediately after setup
• Store recovery keys in a password manager
• Use unique passwords for each user account

Database Backup¶

Admins can create and manage backups of the Peek database from the settings UI.

Location: Settings → Server Configuration → Backup

Creating a Backup¶

1. Click Create Backup
2. Peek creates an atomic snapshot of the entire SQLite database
3. The backup appears in the list with its creation date and file size

What's Included¶

Backups contain all Peek data:

• User accounts, preferences, and permissions
• Ratings, favorites, and watch history
• Playlists and playlist shares
• Cached entity data from Stash
• Custom themes and carousels

Backups do not include Stash media files or Stash server configuration.

Managing Backups¶

• Backups are listed newest-first with creation date and file size
• Click the trash icon to delete a backup (with confirmation)
• Backups are stored in the Peek data directory alongside the database

Next Steps¶

• Downloads — Download scenes, images, and playlists
• Hidden Items — Manage your personal hidden content
• Watch History — Track and resume playback
• Configuration — Server-level settings