Customer Solution
Credentials & Access
⚠️ Change on first login. These are provisioned defaults. The customer must change the password immediately after first login.
Default Admin Account
| Field | Value |
|---|---|
admin@castlecheckers.com | |
| Password | Admin@2026 |
| Password Hash | da004d5ed0e3915f754d8b79ba29c078aa4190a5d9e2d7bcd4188755fb9fb741 |
| Hash Algorithm | PBKDF2-SHA256, 100,000 iterations, salt = SONAN_SP_2026 |
| Admin Portal URL | caretaker-portal.pages.dev/admin |
Changing the Password
Option 1: Via Admin Settings (UI)
- Log in to the admin portal
- Go to Settings → Security
- Enter current password and new password
- Save — calls
PATCH /api/settings/password, re-hashes and updates D1
Option 2: Direct D1 Update (Wrangler)
Generate hash with Python:
import hashlib, binascii
password = "YourNewPassword"
salt = "SONAN_SP_2026"
dk = hashlib.pbkdf2_hmac('sha256', password.encode(), salt.encode(), 100000)
print(binascii.hexlify(dk).decode())
Apply via Wrangler (run from Windows terminal):
cd E:\Claude_Projects\sonan-trackers\caretaker-portal-Claude\caretaker-portal
npx wrangler d1 execute caretaker_db --env castlecheckers --remote --command "UPDATE admins SET password_hash = '<new_hash>' WHERE email = 'admin@castlecheckers.com'"
Session Tokens
| Property | Value |
|---|---|
| Storage | localStorage key cc_admin_token |
| Format | HMAC-SHA256 JWT |
| TTL | 24 hours |
| Signing key | Cloudflare Worker secret JWT_SECRET |
To rotate the signing key (invalidates all active sessions):
npx wrangler secret put JWT_SECRET --env castlecheckers