From f1495c35880bae03d7a5be4aa0c351579bfb2d81 Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Wed, 28 Aug 2024 19:24:46 +0200
Subject: [PATCH 01/19] feat: add execution

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/admin.go               |  2 ++
 go/admin/templates/base.html    | 14 ++++-----
 go/admin/templates/content.html | 51 +++++++++++++++++++++++++++++++--
 go/admin/templates/sidebar.html |  5 ++--
 go/server/api.go                | 35 ++++++++++++++++++++++
 go/server/cron.go               | 12 +++++---
 go/server/server.go             |  5 ++--
 7 files changed, 105 insertions(+), 19 deletions(-)

diff --git a/go/admin/admin.go b/go/admin/admin.go
index f6642f6ae..868498896 100644
--- a/go/admin/admin.go
+++ b/go/admin/admin.go
@@ -42,6 +42,8 @@ const (
 	flagAdminAppSecret = "admin-gh-app-secret"
 )
 
+var workloads = []string{"OLTP", "OLTP-READONLY", "OLTP-SET", "TPCC", "TPCC_FK", "TPCC_FK_UNMANAGED", "TPCC_UNSHARDED"}
+
 type Admin struct {
 	port   string
 	router *gin.Engine
diff --git a/go/admin/templates/base.html b/go/admin/templates/base.html
index 29fc33c9d..949c05e32 100644
--- a/go/admin/templates/base.html
+++ b/go/admin/templates/base.html
@@ -13,26 +13,26 @@
     <div class="flex h-screen">
         <!-- Sidebar -->
         <div class="bg-white w-1/4 p-4">
-            <div hx-get="/sidebar" hx-target="#sidebar" hx-swap="outerHTML">
-                Loading Sidebar...
+            <div>
+                <div>{{ template "sidebar.html" . }}</div>
             </div>
         </div>
 
         <!-- Main Content -->
         <div class="bg-white flex-1 p-8">
             <!-- Header -->
-            <div id="header" hx-get="/header" hx-target="#header" hx-swap="outerHTML">
-                Loading Header...
+            <div id="header">
+                <div>{{ template "header.html" . }}</div>
             </div>
 
             <!-- Dynamic Content -->
             <div id="content" class="mt-4">
-                <div hx-get="/content" hx-target="#content" hx-swap="outerHTML">
-                    Loading Content...
+                <div>
+                    <div>{{ template "content.html" . }}</div>
                 </div>
             </div>
         </div>
     </div>
 </body>
 
-</html>
+</html>
\ No newline at end of file
diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index 521a2d5ae..5e41c10b5 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -1,4 +1,49 @@
 <div id="content">
-    <h3 class="text-xl font-semibold text-orange-500 mb-4">Welcome to the Admin Dashboard</h3>
-    <p>Use the sidebar to navigate through different sections of the dashboard.</p>
-</div>
+    <form>
+        <div class="flex flex-row gap-4">
+            <div>
+                <label class="label">Source</label>
+                <input
+                    class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+                    type="text" name="source">
+            </div>
+            <div>
+                <label class="label">SHA</label>
+                <input
+                    class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+                    type="text" class="form-control" name="sha">
+            </div>
+        </div>
+        <label>Workloads</label>
+        <div class="flex flex-row gap-4">
+            <div class="flex flex-col">
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="all" checked>
+                    All</label>
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="OLTP"> OLTP</label>
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="OLTP-READONLY">
+                    OLTP-READONLY</label>
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="OLTP-SET">
+                    OLTP-SET</label>
+            </div>
+            <div class="flex flex-col">
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC"> TPCC</label>
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC_FK">
+                    TPCC_FK</label>
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC_FK_UNMANAGED">
+                    TPCC_FK_UNMANAGED</label>
+                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC_UNSHARDED">
+                    TPCC_UNSHARDED</label>
+            </div>
+        </div>
+        <div>
+            <label class="label">Number of executions</label>
+            <input
+                class="shadow appearance-none border rounded w-20 py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+                type="number" name="numberOfExecutions" value="1" min="1" max="10">
+        </div>
+
+        <button hx-post="http://localhost:8080/api/executions/add"
+            class="bg-orange-500 hover:bg-orange-700 text-white font-bold py-2 px-4 rounded focus:outline-none focus:shadow-outline"
+            type="submit">Add Execution</button>
+    </form>
+</div>
\ No newline at end of file
diff --git a/go/admin/templates/sidebar.html b/go/admin/templates/sidebar.html
index f62fbfedf..97cc34a88 100644
--- a/go/admin/templates/sidebar.html
+++ b/go/admin/templates/sidebar.html
@@ -6,12 +6,11 @@ <h1 class="text-3xl font-bold text-orange-600">arewefastyet</h1>
     <nav>
         <ul>
             <li class="mb-4">
-                <a href="#" hx-get="/executions" hx-target="#content" hx-swap="outerHTML" class="text-orange-500 font-semibold">Add new executions</a>
+                <a href="/executions" class="text-orange-500 font-semibold">Add new executions</a>
             </li>
             <li class="mb-4">
-                <a href="#" hx-get="/settings" hx-target="#content" hx-swap="outerHTML" class="text-gray-500 hover:text-orange-500">Settings</a>
+                <a href="/settings" class="text-gray-500 hover:text-orange-500">Settings</a>
             </li>
-            <!-- Add more links here as needed -->
         </ul>
     </nav>
 </div>
diff --git a/go/server/api.go b/go/server/api.go
index cf11de6b3..28643cbf5 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -27,6 +27,7 @@ import (
 	"time"
 
 	"github.com/gin-gonic/gin"
+	"github.com/google/uuid"
 	"github.com/vitessio/arewefastyet/go/exec"
 	"github.com/vitessio/arewefastyet/go/tools/git"
 	"github.com/vitessio/arewefastyet/go/tools/github"
@@ -536,3 +537,37 @@ func (s *Server) getHistory(c *gin.Context) {
 
 	c.JSON(http.StatusOK, results)
 }
+
+func (s *Server) addExecutions(c *gin.Context) {
+	source := c.PostForm("source")
+	sha := c.PostForm("sha")
+	workloads := c.PostFormArray("workloads")
+	numberOfExecutions := c.PostForm("numberOfExecutions")
+
+	if source == "" || sha == "" || len(workloads) == 0 || numberOfExecutions == "" {
+		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})
+		return
+	}
+
+	if len(workloads) == 1 && workloads[0] == "all" {
+		workloads = s.workloads
+	}
+	execs, err := strconv.Atoi(numberOfExecutions)
+	if err != nil {
+		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "numberOfExecutions must be an integer"})
+		return
+	}
+	newElements := make([]*executionQueueElement, 0, execs*len(workloads))
+
+	for _, workload := range workloads {
+		for i := 0; i < execs; i++ {
+			elem := s.createSimpleExecutionQueueElement(s.benchmarkConfig[strings.ToLower(workload)], source, sha, workload, string(macrobench.Gen4Planner), false, 0, git.Version{})
+			elem.identifier.UUID = uuid.NewString()
+			newElements = append(newElements, elem)
+		}
+	}
+
+	s.appendToQueue(newElements)
+
+	c.JSON(http.StatusOK, "ok")
+}
diff --git a/go/server/cron.go b/go/server/cron.go
index 7cf2cbc1b..48ce9be83 100644
--- a/go/server/cron.go
+++ b/go/server/cron.go
@@ -40,10 +40,10 @@ type (
 
 	executionIdentifier struct {
 		GitRef, Source, Workload, PlannerVersion string
-		PullNb                                        int
-		PullBaseRef                                   string
-		Version                                       git.Version
-		UUID                                          string
+		PullNb                                   int
+		PullBaseRef                              string
+		Version                                  git.Version
+		UUID                                     string
 	}
 
 	executionQueue map[executionIdentifier]*executionQueueElement
@@ -172,6 +172,10 @@ func (s *Server) addToQueue(element *executionQueueElement) {
 	}
 
 	// Add all the elements to the queue
+	s.appendToQueue(execElements)
+}
+
+func (s *Server) appendToQueue(execElements []*executionQueueElement) {
 	for _, execElement := range execElements {
 		// Check if the exact same benchmark is already in the queue
 		_, found := queue[execElement.identifier]
diff --git a/go/server/server.go b/go/server/server.go
index 50fc42f3e..bd09993ef 100644
--- a/go/server/server.go
+++ b/go/server/server.go
@@ -223,8 +223,8 @@ func (s *Server) Run() error {
 
 	s.router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"GET"},
-		AllowHeaders:     []string{"Origin"},
+		AllowMethods:     []string{"GET", "POST"},
+		AllowHeaders:     []string{"Origin", "hx-request", "hx-current-url"},
 		ExposeHeaders:    []string{"Content-Length"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,
@@ -249,6 +249,7 @@ func (s *Server) Run() error {
 	s.router.GET("/api/status/stats", s.getStatusStats)
 	s.router.GET("/api/run/request", s.requestRun)
 	s.router.GET("/api/run/delete", s.deleteRun)
+	s.router.POST("/api/executions/add", s.addExecutions)
 
 	return s.router.Run(":" + s.port)
 }

From 1f765bdfbe5e01749f9ed72d55dc7de4795b3184 Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Wed, 28 Aug 2024 20:10:16 +0200
Subject: [PATCH 02/19] feat: gh token in cookies

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/admin.go               |  5 -----
 go/admin/api.go                 | 20 ++++++++++++--------
 go/admin/templates/content.html |  2 +-
 go/server/server.go             |  2 +-
 4 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/go/admin/admin.go b/go/admin/admin.go
index 868498896..85d5d57c7 100644
--- a/go/admin/admin.go
+++ b/go/admin/admin.go
@@ -26,8 +26,6 @@ import (
 	"time"
 
 	"github.com/gin-contrib/cors"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -115,9 +113,6 @@ func (a *Admin) Run() error {
 	a.Mode.SetGin()
 	a.router = gin.Default()
 
-	store := cookie.NewStore([]byte("secret"))
-	a.router.Use(sessions.Sessions("mysession", store))
-
 	a.router.Static("/assets", filepath.Join(basepath, "assets"))
 
 	a.router.LoadHTMLGlob(filepath.Join(basepath, "templates/*"))
diff --git a/go/admin/api.go b/go/admin/api.go
index 3b2ed66a7..db1fd3b9d 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -22,8 +22,8 @@ import (
 	"context"
 	"net/http"
 	"strings"
+	"time"
 
-	"github.com/gin-contrib/sessions"
 	"github.com/gin-gonic/gin"
 	goGithub "github.com/google/go-github/github"
 	"github.com/labstack/gommon/random"
@@ -51,14 +51,20 @@ func (a *Admin) login(c *gin.Context) {
 }
 
 func (a *Admin) dashboard(c *gin.Context) {
-	a.render(c, gin.H{}, "base.html")
+	user, err := c.Cookie("ghtoken")
+	if err != nil {
+		c.Abort()
+		return
+	}
+	a.render(c, gin.H{
+		"ghtoken": user,
+	}, "base.html")
 }
 
 func (a *Admin) authMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		session := sessions.Default(c)
-		user := session.Get("user")
-		if user == nil {
+		_, err := c.Cookie("ghtoken")
+		if err != nil {
 			// User not authenticated, redirect to login
 			c.Redirect(http.StatusSeeOther, "/admin/login")
 			c.Abort()
@@ -115,9 +121,7 @@ func (a *Admin) handleGitHubCallback(c *gin.Context) {
 	}
 
 	if isMaintainer {
-		session := sessions.Default(c)
-		session.Set("user", user.GetLogin())
-		_ = session.Save()
+		c.SetCookie("ghtoken", token.AccessToken, int(token.Expiry.Sub(time.Now()).Seconds()), "/", "localhost", true, true)
 
 		c.Redirect(http.StatusSeeOther, "/admin/dashboard")
 	} else {
diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index 5e41c10b5..1017c3025 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -42,7 +42,7 @@
                 type="number" name="numberOfExecutions" value="1" min="1" max="10">
         </div>
 
-        <button hx-post="http://localhost:8080/api/executions/add"
+        <button hx-post="http://localhost:8080/api/executions/add" hx-headers='{"admin-user": "{{.ghtoken}}"}'
             class="bg-orange-500 hover:bg-orange-700 text-white font-bold py-2 px-4 rounded focus:outline-none focus:shadow-outline"
             type="submit">Add Execution</button>
     </form>
diff --git a/go/server/server.go b/go/server/server.go
index bd09993ef..e6d25f0d3 100644
--- a/go/server/server.go
+++ b/go/server/server.go
@@ -224,7 +224,7 @@ func (s *Server) Run() error {
 	s.router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
 		AllowMethods:     []string{"GET", "POST"},
-		AllowHeaders:     []string{"Origin", "hx-request", "hx-current-url"},
+		AllowHeaders:     []string{"Origin", "hx-request", "hx-current-url", "admin-user"},
 		ExposeHeaders:    []string{"Content-Length"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,

From caac9f8ab68896e580775a29fe0100680edcf6f2 Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 15:56:45 +0200
Subject: [PATCH 03/19] feat: encrypted gh token

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/admin.go                  | 14 ++++-
 go/admin/api.go                    | 87 +++++++++++++++++++++++++++---
 go/admin/templates/content.html    |  2 +-
 go/admin/templates/executions.html | 36 -------------
 go/admin/templates/header.html     |  3 +-
 go/admin/templates/sidebar.html    |  6 ++-
 go/server/api.go                   | 41 ++++++++++----
 go/server/server.go                |  8 ++-
 go/tools/server/utils.go           | 73 +++++++++++++++++++++++++
 9 files changed, 207 insertions(+), 63 deletions(-)
 delete mode 100644 go/admin/templates/executions.html

diff --git a/go/admin/admin.go b/go/admin/admin.go
index 85d5d57c7..aec1632b2 100644
--- a/go/admin/admin.go
+++ b/go/admin/admin.go
@@ -26,6 +26,8 @@ import (
 	"time"
 
 	"github.com/gin-contrib/cors"
+	"github.com/gin-contrib/sessions"
+	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -38,6 +40,7 @@ const (
 	flagMode           = "admin-mode"
 	flagAdminAppId     = "admin-gh-app-id"
 	flagAdminAppSecret = "admin-gh-app-secret"
+	flagGhAuth         = "auth"
 )
 
 var workloads = []string{"OLTP", "OLTP-READONLY", "OLTP-SET", "TPCC", "TPCC_FK", "TPCC_FK_UNMANAGED", "TPCC_UNSHARDED"}
@@ -48,6 +51,7 @@ type Admin struct {
 
 	ghAppId     string
 	ghAppSecret string
+	ghTokenSalt string
 
 	dbCfg    *psdb.Config
 	dbClient *psdb.Client
@@ -60,11 +64,13 @@ func (a *Admin) AddToCommand(cmd *cobra.Command) {
 	cmd.Flags().Var(&a.Mode, flagMode, "Specify the mode on which the server will run")
 	cmd.Flags().StringVar(&a.ghAppId, flagAdminAppId, "", "The ID of the GitHub App")
 	cmd.Flags().StringVar(&a.ghAppSecret, flagAdminAppSecret, "", "The secret of the GitHub App")
+	cmd.Flags().StringVar(&a.ghTokenSalt, flagGhAuth, "", "The salt string to salt the GitHub Token")
 
 	_ = viper.BindPFlag(flagPort, cmd.Flags().Lookup(flagPort))
 	_ = viper.BindPFlag(flagMode, cmd.Flags().Lookup(flagMode))
 	_ = viper.BindPFlag(flagAdminAppId, cmd.Flags().Lookup(flagAdminAppId))
 	_ = viper.BindPFlag(flagAdminAppSecret, cmd.Flags().Lookup(flagAdminAppSecret))
+	_ = viper.BindPFlag(flagGhAuth, cmd.Flags().Lookup(flagGhAuth))
 
 	if a.dbCfg == nil {
 		a.dbCfg = &psdb.Config{}
@@ -113,15 +119,18 @@ func (a *Admin) Run() error {
 	a.Mode.SetGin()
 	a.router = gin.Default()
 
+	store := cookie.NewStore([]byte("secret"))
+	a.router.Use(sessions.Sessions("admin-session", store))
+
 	a.router.Static("/assets", filepath.Join(basepath, "assets"))
 
 	a.router.LoadHTMLGlob(filepath.Join(basepath, "templates/*"))
 
 	a.router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
-		AllowMethods:     []string{"GET"},
+		AllowMethods:     []string{"GET", "POST"},
 		AllowHeaders:     []string{"Origin"},
-		ExposeHeaders:    []string{"Content-Length"},
+		ExposeHeaders:    []string{"Content-Length", "Content-Type"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,
 	}))
@@ -130,6 +139,7 @@ func (a *Admin) Run() error {
 	a.router.GET("/admin", a.login)
 	a.router.GET("/admin/login", a.handleGitHubLogin)
 	a.router.GET("/admin/auth/callback", a.handleGitHubCallback)
+	a.router.POST("/admin/executions/add", a.handleExecutionsAdd)
 	a.router.GET("/admin/dashboard", a.authMiddleware(), a.dashboard)
 
 	return a.router.Run(":" + a.port)
diff --git a/go/admin/api.go b/go/admin/api.go
index db1fd3b9d..c31f52b63 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -19,7 +19,9 @@
 package admin
 
 import (
+	"bytes"
 	"context"
+	"encoding/json"
 	"net/http"
 	"strings"
 	"time"
@@ -39,6 +41,7 @@ var (
 		RedirectURL: "http://localhost:8081/admin/auth/callback",
 	}
 	oauthStateString = random.String(10) // A random string to protect against CSRF attacks
+	client           *goGithub.Client
 )
 
 const (
@@ -46,19 +49,20 @@ const (
 	arewefastyetTeamGitHub = "arewefastyet"
 )
 
+type ExecutionRequest struct {
+	Auth               string   `json:"auth"`
+	Source             string   `json:"source"`
+	SHA                string   `json:"sha"`
+	Workloads          []string `json:"workloads"`
+	NumberOfExecutions string   `json:"number_of_executions"`
+}
+
 func (a *Admin) login(c *gin.Context) {
 	a.render(c, gin.H{}, "login.html")
 }
 
 func (a *Admin) dashboard(c *gin.Context) {
-	user, err := c.Cookie("ghtoken")
-	if err != nil {
-		c.Abort()
-		return
-	}
-	a.render(c, gin.H{
-		"ghtoken": user,
-	}, "base.html")
+	a.render(c, gin.H{}, "base.html")
 }
 
 func (a *Admin) authMiddleware() gin.HandlerFunc {
@@ -153,3 +157,70 @@ func (a *Admin) checkUserOrgMembership(client *goGithub.Client, username, orgNam
 	}
 	return isMember, nil
 }
+
+func (a *Admin) handleExecutionsAdd(c *gin.Context) {
+	slog.Info("Adding execution")
+	token, err := c.Cookie("ghtoken")
+	source := c.PostForm("source")
+	sha := c.PostForm("sha")
+	workloads := c.PostFormArray("workloads")
+	numberOfExecutions := c.PostForm("numberOfExecutions")
+
+	if err != nil {
+		slog.Error("Failed to get token from cookie: ", err)
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
+
+	encryptedToken := server.Encrypt(token, a.ghTokenSalt)
+
+	requestPayload := ExecutionRequest{
+		Auth:               encryptedToken,
+		Source:             source,
+		SHA:                sha,
+		Workloads:          workloads,
+		NumberOfExecutions: numberOfExecutions,
+	}
+
+	jsonData, err := json.Marshal(requestPayload)
+
+	slog.Infof("Request payload: %s", jsonData)
+
+	if err != nil {
+		slog.Error("Failed to marshal request payload: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to marshal request payload"})
+		return
+	}
+
+	serverAPIURL := "http://localhost:8080/api/executions/add"
+	// make a body with "admin-user": {encryptedToken}, "source": {source}, "sha": {sha}, "workloads": workloads, "numberOfExecutions": {numberOfExecutions}}
+
+	req, err := http.NewRequest("POST", serverAPIURL, bytes.NewBuffer(jsonData))
+
+	if err != nil {
+		slog.Error("Failed to create new HTTP request: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create request to server API"})
+		return
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+
+	// Execute the request
+	client := &http.Client{}
+	resp, err := client.Do(req)
+	if err != nil {
+		slog.Error("Failed to send request to server API: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to send request to server API"})
+		return
+	}
+	defer resp.Body.Close()
+
+	// Handle the response from the server API
+	if resp.StatusCode != http.StatusOK {
+		slog.Error("Server API returned an error: ", resp.Status)
+		c.JSON(resp.StatusCode, gin.H{"error": "Failed to process request on server API"})
+		return
+	}
+
+	c.JSON(http.StatusOK, gin.H{"message": "Request forwarded to server API"})
+}
diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index 1017c3025..ca8a55843 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -42,7 +42,7 @@
                 type="number" name="numberOfExecutions" value="1" min="1" max="10">
         </div>
 
-        <button hx-post="http://localhost:8080/api/executions/add" hx-headers='{"admin-user": "{{.ghtoken}}"}'
+        <button hx-post="/admin/executions/add"
             class="bg-orange-500 hover:bg-orange-700 text-white font-bold py-2 px-4 rounded focus:outline-none focus:shadow-outline"
             type="submit">Add Execution</button>
     </form>
diff --git a/go/admin/templates/executions.html b/go/admin/templates/executions.html
deleted file mode 100644
index 5a985748e..000000000
--- a/go/admin/templates/executions.html
+++ /dev/null
@@ -1,36 +0,0 @@
-<div id="content">
-    <h3 class="text-xl font-semibold text-orange-500 mb-4">Add new executions</h3>
-    <form action="/api/execute" method="post" class="space-y-4">
-        <div class="flex gap-4">
-            <input type="text" name="source" placeholder="Source" class="border p-2 w-full rounded">
-            <input type="text" name="sha" placeholder="SHA" class="border p-2 w-full rounded">
-        </div>
-
-        <div class="grid grid-cols-2 gap-4">
-            <div>
-                <label class="block mb-2 font-semibold">Workloads</label>
-                <div class="space-y-2">
-                    <div>
-                        <label>
-                            <input type="checkbox" name="workloads" value="all" class="mr-2">
-                            All
-                        </label>
-                    </div>
-                    <!-- Add more checkboxes as needed -->
-                </div>
-            </div>
-            <!-- More fields as needed -->
-        </div>
-
-        <div>
-            <label class="block mb-2 font-semibold">Counter</label>
-            <input type="number" name="counter" value="10" class="border p-2 rounded w-20">
-        </div>
-
-        <div>
-            <button type="submit" class="bg-orange-500 text-white px-4 py-2 rounded hover:bg-orange-600 transition">
-                Add Executions
-            </button>
-        </div>
-    </form>
-</div>
diff --git a/go/admin/templates/header.html b/go/admin/templates/header.html
index 177d4edd3..7d654a022 100644
--- a/go/admin/templates/header.html
+++ b/go/admin/templates/header.html
@@ -1,3 +1,4 @@
-<div class="border-b-2 pb-4 mb-6">
+<div class="border-b-2 pb-4 mb-6 w-full flex justify-between text-center flex-wrap">
     <h2 class="text-2xl font-bold text-gray-700">Admin Dashboard</h2>
+    <a href="https://benchmark.vitess.io/" target="_blank" class="text-orange-500 align-middle">arewefastyet website</a>
 </div>
diff --git a/go/admin/templates/sidebar.html b/go/admin/templates/sidebar.html
index 97cc34a88..2fef25d76 100644
--- a/go/admin/templates/sidebar.html
+++ b/go/admin/templates/sidebar.html
@@ -1,7 +1,9 @@
 <div id="sidebar">
     <div class="mb-8">
-        <img src="/assets/logo.png" alt="Logo" class="mb-4" style="max-width: 100px;">
-        <h1 class="text-3xl font-bold text-orange-600">arewefastyet</h1>
+        <a href="/admin/dashboard" class="cursor-pointer">
+            <img src="/assets/logo.png" alt="Logo" class="mb-4" style="max-width: 100px;">
+            <h1 class="text-3xl font-bold text-orange-600">arewefastyet</h1>
+        </a>
     </div>
     <nav>
         <ul>
diff --git a/go/server/api.go b/go/server/api.go
index 28643cbf5..c93e3f1e4 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -33,6 +33,7 @@ import (
 	"github.com/vitessio/arewefastyet/go/tools/github"
 	"github.com/vitessio/arewefastyet/go/tools/macrobench"
 	"github.com/vitessio/arewefastyet/go/tools/microbench"
+	"github.com/vitessio/arewefastyet/go/tools/server"
 	"golang.org/x/exp/slices"
 )
 
@@ -538,30 +539,48 @@ func (s *Server) getHistory(c *gin.Context) {
 	c.JSON(http.StatusOK, results)
 }
 
+type ExecutionRequest struct {
+	Auth               string   `json:"auth"`
+	Source             string   `json:"source"`
+	SHA                string   `json:"sha"`
+	Workloads          []string `json:"workloads"`
+	NumberOfExecutions string   `json:"number_of_executions"`
+}
+
 func (s *Server) addExecutions(c *gin.Context) {
-	source := c.PostForm("source")
-	sha := c.PostForm("sha")
-	workloads := c.PostFormArray("workloads")
-	numberOfExecutions := c.PostForm("numberOfExecutions")
+	slog.Info("Adding execution")
+
+	var req ExecutionRequest
+
+	if err := c.ShouldBindJSON(&req); err != nil {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Invalid request body"})
+		return
+	}
+
+	decryptedToken := server.Decrypt(req.Auth, s.ghTokenSalt)
+
+	slog.Info(decryptedToken)
 
-	if source == "" || sha == "" || len(workloads) == 0 || numberOfExecutions == "" {
+	slog.Infof("source: %s, sha: %s, workloads: %v, numberOfExecutions: %s, token: %s", req.Source, req.SHA, req.Workloads, req.NumberOfExecutions, decryptedToken)
+
+	if req.Source == "" || req.SHA == "" || len(req.Workloads) == 0 || req.NumberOfExecutions == "" {
 		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})
 		return
 	}
 
-	if len(workloads) == 1 && workloads[0] == "all" {
-		workloads = s.workloads
+	if len(req.Workloads) == 1 && req.Workloads[0] == "all" {
+		req.Workloads = s.workloads
 	}
-	execs, err := strconv.Atoi(numberOfExecutions)
+	execs, err := strconv.Atoi(req.NumberOfExecutions)
 	if err != nil {
 		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "numberOfExecutions must be an integer"})
 		return
 	}
-	newElements := make([]*executionQueueElement, 0, execs*len(workloads))
+	newElements := make([]*executionQueueElement, 0, execs*len(req.Workloads))
 
-	for _, workload := range workloads {
+	for _, workload := range req.Workloads {
 		for i := 0; i < execs; i++ {
-			elem := s.createSimpleExecutionQueueElement(s.benchmarkConfig[strings.ToLower(workload)], source, sha, workload, string(macrobench.Gen4Planner), false, 0, git.Version{})
+			elem := s.createSimpleExecutionQueueElement(s.benchmarkConfig[strings.ToLower(workload)], req.Source, req.SHA, workload, string(macrobench.Gen4Planner), false, 0, git.Version{})
 			elem.identifier.UUID = uuid.NewString()
 			newElements = append(newElements, elem)
 		}
diff --git a/go/server/server.go b/go/server/server.go
index e6d25f0d3..f01a14b28 100644
--- a/go/server/server.go
+++ b/go/server/server.go
@@ -50,6 +50,7 @@ const (
 	flagFilterBySource                       = "web-source-filter"
 	flagExcludeFilterBySource                = "web-source-exclude-filter"
 	flagRequestRunKey                        = "web-request-run-key"
+	flagGhAuth                          = "auth"
 
 	// keyMinimumVitessVersion is used to define on which minimum Vitess version a given
 	// benchmark should be run. Only the major version is counted. This key/value is located
@@ -95,7 +96,8 @@ type Server struct {
 	sourceFilter        []string
 	excludeSourceFilter []string
 
-	ghApp *github.App
+	ghApp       *github.App
+	ghTokenSalt string
 
 	requestRunKey string
 
@@ -119,6 +121,7 @@ func (s *Server) AddToCommand(cmd *cobra.Command) {
 	cmd.Flags().StringSliceVar(&s.sourceFilter, flagFilterBySource, nil, "List of execution source that should be run. By default, all sources are ran.")
 	cmd.Flags().StringSliceVar(&s.excludeSourceFilter, flagExcludeFilterBySource, nil, "List of execution source to not execute. By default, all sources are ran.")
 	cmd.Flags().StringVar(&s.requestRunKey, flagRequestRunKey, "", "Key to authenticate requests for custom benchmark runs.")
+	cmd.Flags().StringVar(&s.ghTokenSalt, flagGhAuth, "", "The salt string to salt the GitHub Token")
 
 	_ = viper.BindPFlag(flagPort, cmd.Flags().Lookup(flagPort))
 	_ = viper.BindPFlag(flagVitessPath, cmd.Flags().Lookup(flagVitessPath))
@@ -132,6 +135,7 @@ func (s *Server) AddToCommand(cmd *cobra.Command) {
 	_ = viper.BindPFlag(flagFilterBySource, cmd.Flags().Lookup(flagFilterBySource))
 	_ = viper.BindPFlag(flagExcludeFilterBySource, cmd.Flags().Lookup(flagExcludeFilterBySource))
 	_ = viper.BindPFlag(flagRequestRunKey, cmd.Flags().Lookup(flagRequestRunKey))
+	_ = viper.BindPFlag(flagGhAuth, cmd.Flags().Lookup(flagGhAuth))
 
 	s.slackConfig.AddToCommand(cmd)
 	if s.dbCfg == nil {
@@ -224,7 +228,7 @@ func (s *Server) Run() error {
 	s.router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
 		AllowMethods:     []string{"GET", "POST"},
-		AllowHeaders:     []string{"Origin", "hx-request", "hx-current-url", "admin-user"},
+		AllowHeaders:     []string{"Origin", "hx-request", "hx-current-url", "Content-Type"},
 		ExposeHeaders:    []string{"Content-Length"},
 		AllowCredentials: true,
 		MaxAge:           12 * time.Hour,
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index f31f85dd1..a64d61d9b 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -18,6 +18,79 @@
 
 package server
 
+import (
+	"crypto/aes"
+	"crypto/cipher"
+	"crypto/rand"
+	"encoding/hex"
+	"fmt"
+	"io"
+	"log/slog"
+)
+
 const (
 	ErrorIncorrectConfiguration = "incorrect configuration"
 )
+
+func Encrypt(stringToEncrypt string, keyString string) (encryptedString string) {
+	slog.Info(stringToEncrypt, keyString)
+	//Since the key is in string, we need to convert decode it to bytes
+	key, _ := hex.DecodeString(keyString)
+	plaintext := []byte(stringToEncrypt)
+
+	//Create a new Cipher Block from the key
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	//Create a new GCM - https://en.wikipedia.org/wiki/Galois/Counter_Mode
+	//https://golang.org/pkg/crypto/cipher/#NewGCM
+	aesGCM, err := cipher.NewGCM(block)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	//Create a nonce. Nonce should be from GCM
+	nonce := make([]byte, aesGCM.NonceSize())
+	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
+		panic(err.Error())
+	}
+
+	//Encrypt the data using aesGCM.Seal
+	//Since we don't want to save the nonce somewhere else in this case, we add it as a prefix to the encrypted data. The first nonce argument in Seal is the prefix.
+	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
+	return fmt.Sprintf("%x", ciphertext)
+}
+
+func Decrypt(encryptedString string, keyString string) (decryptedString string) {
+
+	key, _ := hex.DecodeString(keyString)
+	enc, _ := hex.DecodeString(encryptedString)
+
+	//Create a new Cipher Block from the key
+	block, err := aes.NewCipher(key)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	//Create a new GCM
+	aesGCM, err := cipher.NewGCM(block)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	//Get the nonce size
+	nonceSize := aesGCM.NonceSize()
+
+	//Extract the nonce from the encrypted data
+	nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
+
+	//Decrypt the data
+	plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
+	if err != nil {
+		panic(err.Error())
+	}
+
+	return fmt.Sprintf("%s", plaintext)
+}

From 5e4e6785316b6512faf3cd1d674aef5d9c7bc8ce Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 16:02:47 +0200
Subject: [PATCH 04/19] refactor: removed logs and comments

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/api.go          |  3 ---
 go/server/api.go         |  4 ----
 go/tools/server/utils.go | 12 ------------
 3 files changed, 19 deletions(-)

diff --git a/go/admin/api.go b/go/admin/api.go
index c31f52b63..01818910b 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -193,7 +193,6 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 	}
 
 	serverAPIURL := "http://localhost:8080/api/executions/add"
-	// make a body with "admin-user": {encryptedToken}, "source": {source}, "sha": {sha}, "workloads": workloads, "numberOfExecutions": {numberOfExecutions}}
 
 	req, err := http.NewRequest("POST", serverAPIURL, bytes.NewBuffer(jsonData))
 
@@ -205,7 +204,6 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 
 	req.Header.Set("Content-Type", "application/json")
 
-	// Execute the request
 	client := &http.Client{}
 	resp, err := client.Do(req)
 	if err != nil {
@@ -215,7 +213,6 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 	}
 	defer resp.Body.Close()
 
-	// Handle the response from the server API
 	if resp.StatusCode != http.StatusOK {
 		slog.Error("Server API returned an error: ", resp.Status)
 		c.JSON(resp.StatusCode, gin.H{"error": "Failed to process request on server API"})
diff --git a/go/server/api.go b/go/server/api.go
index c93e3f1e4..fdbd96a56 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -548,8 +548,6 @@ type ExecutionRequest struct {
 }
 
 func (s *Server) addExecutions(c *gin.Context) {
-	slog.Info("Adding execution")
-
 	var req ExecutionRequest
 
 	if err := c.ShouldBindJSON(&req); err != nil {
@@ -561,8 +559,6 @@ func (s *Server) addExecutions(c *gin.Context) {
 
 	slog.Info(decryptedToken)
 
-	slog.Infof("source: %s, sha: %s, workloads: %v, numberOfExecutions: %s, token: %s", req.Source, req.SHA, req.Workloads, req.NumberOfExecutions, decryptedToken)
-
 	if req.Source == "" || req.SHA == "" || len(req.Workloads) == 0 || req.NumberOfExecutions == "" {
 		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})
 		return
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index a64d61d9b..74e7eca21 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -34,31 +34,24 @@ const (
 
 func Encrypt(stringToEncrypt string, keyString string) (encryptedString string) {
 	slog.Info(stringToEncrypt, keyString)
-	//Since the key is in string, we need to convert decode it to bytes
 	key, _ := hex.DecodeString(keyString)
 	plaintext := []byte(stringToEncrypt)
 
-	//Create a new Cipher Block from the key
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		panic(err.Error())
 	}
 
-	//Create a new GCM - https://en.wikipedia.org/wiki/Galois/Counter_Mode
-	//https://golang.org/pkg/crypto/cipher/#NewGCM
 	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
 		panic(err.Error())
 	}
 
-	//Create a nonce. Nonce should be from GCM
 	nonce := make([]byte, aesGCM.NonceSize())
 	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
 		panic(err.Error())
 	}
 
-	//Encrypt the data using aesGCM.Seal
-	//Since we don't want to save the nonce somewhere else in this case, we add it as a prefix to the encrypted data. The first nonce argument in Seal is the prefix.
 	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
 	return fmt.Sprintf("%x", ciphertext)
 }
@@ -68,25 +61,20 @@ func Decrypt(encryptedString string, keyString string) (decryptedString string)
 	key, _ := hex.DecodeString(keyString)
 	enc, _ := hex.DecodeString(encryptedString)
 
-	//Create a new Cipher Block from the key
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		panic(err.Error())
 	}
 
-	//Create a new GCM
 	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
 		panic(err.Error())
 	}
 
-	//Get the nonce size
 	nonceSize := aesGCM.NonceSize()
 
-	//Extract the nonce from the encrypted data
 	nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
 
-	//Decrypt the data
 	plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
 	if err != nil {
 		panic(err.Error())

From b2b776ca2618701e2ca76edd774696585abda705 Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 16:06:17 +0200
Subject: [PATCH 05/19] feat: format

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/templates/base.html    |  52 +++++-----
 go/admin/templates/content.html | 167 +++++++++++++++++++++++---------
 go/admin/templates/header.html  |  13 ++-
 go/admin/templates/login.html   |  32 +++---
 go/admin/templates/sidebar.html |  41 +++++---
 5 files changed, 196 insertions(+), 109 deletions(-)

diff --git a/go/admin/templates/base.html b/go/admin/templates/base.html
index 949c05e32..bd733f9e3 100644
--- a/go/admin/templates/base.html
+++ b/go/admin/templates/base.html
@@ -1,38 +1,34 @@
 <!DOCTYPE html>
 <html lang="en">
-
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Admin Dashboard</title>
-    <link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet">
+    <link
+      href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css"
+      rel="stylesheet"
+    />
     <script src="https://unpkg.com/htmx.org@1.9.2"></script>
-</head>
+  </head>
 
-<body class="bg-gray-900">
+  <body class="bg-gray-900">
     <div class="flex h-screen">
-        <!-- Sidebar -->
-        <div class="bg-white w-1/4 p-4">
-            <div>
-                <div>{{ template "sidebar.html" . }}</div>
-            </div>
+      <div class="bg-white w-1/4 p-4">
+        <div>
+          <div>{{ template "sidebar.html" . }}</div>
+        </div>
+      </div>
+      <div class="bg-white flex-1 p-8">
+        <div id="header">
+          <div>{{ template "header.html" . }}</div>
         </div>
 
-        <!-- Main Content -->
-        <div class="bg-white flex-1 p-8">
-            <!-- Header -->
-            <div id="header">
-                <div>{{ template "header.html" . }}</div>
-            </div>
-
-            <!-- Dynamic Content -->
-            <div id="content" class="mt-4">
-                <div>
-                    <div>{{ template "content.html" . }}</div>
-                </div>
-            </div>
+        <div id="content" class="mt-4">
+          <div>
+            <div>{{ template "content.html" . }}</div>
+          </div>
         </div>
+      </div>
     </div>
-</body>
-
-</html>
\ No newline at end of file
+  </body>
+</html>
diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index ca8a55843..2f102c9a9 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -1,49 +1,122 @@
 <div id="content">
-    <form>
-        <div class="flex flex-row gap-4">
-            <div>
-                <label class="label">Source</label>
-                <input
-                    class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
-                    type="text" name="source">
-            </div>
-            <div>
-                <label class="label">SHA</label>
-                <input
-                    class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
-                    type="text" class="form-control" name="sha">
-            </div>
-        </div>
-        <label>Workloads</label>
-        <div class="flex flex-row gap-4">
-            <div class="flex flex-col">
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="all" checked>
-                    All</label>
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="OLTP"> OLTP</label>
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="OLTP-READONLY">
-                    OLTP-READONLY</label>
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="OLTP-SET">
-                    OLTP-SET</label>
-            </div>
-            <div class="flex flex-col">
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC"> TPCC</label>
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC_FK">
-                    TPCC_FK</label>
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC_FK_UNMANAGED">
-                    TPCC_FK_UNMANAGED</label>
-                <label><input class="accent-orange-500" type="checkbox" name="workloads" value="TPCC_UNSHARDED">
-                    TPCC_UNSHARDED</label>
-            </div>
-        </div>
-        <div>
-            <label class="label">Number of executions</label>
-            <input
-                class="shadow appearance-none border rounded w-20 py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
-                type="number" name="numberOfExecutions" value="1" min="1" max="10">
-        </div>
+  <form>
+    <div class="flex flex-row gap-4">
+      <div>
+        <label class="label">Source</label>
+        <input
+          class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+          type="text"
+          name="source"
+        />
+      </div>
+      <div>
+        <label class="label">SHA</label>
+        <input
+          class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+          type="text"
+          class="form-control"
+          name="sha"
+        />
+      </div>
+    </div>
+    <label>Workloads</label>
+    <div class="flex flex-row gap-4">
+      <div class="flex flex-col">
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="all"
+            checked
+          />
+          All</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="OLTP"
+          />
+          OLTP</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="OLTP-READONLY"
+          />
+          OLTP-READONLY</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="OLTP-SET"
+          />
+          OLTP-SET</label
+        >
+      </div>
+      <div class="flex flex-col">
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC"
+          />
+          TPCC</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC_FK"
+          />
+          TPCC_FK</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC_FK_UNMANAGED"
+          />
+          TPCC_FK_UNMANAGED</label
+        >
+        <label
+          ><input
+            class="accent-orange-500"
+            type="checkbox"
+            name="workloads"
+            value="TPCC_UNSHARDED"
+          />
+          TPCC_UNSHARDED</label
+        >
+      </div>
+    </div>
+    <div>
+      <label class="label">Number of executions</label>
+      <input
+        class="shadow appearance-none border rounded w-20 py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
+        type="number"
+        name="numberOfExecutions"
+        value="1"
+        min="1"
+        max="10"
+      />
+    </div>
 
-        <button hx-post="/admin/executions/add"
-            class="bg-orange-500 hover:bg-orange-700 text-white font-bold py-2 px-4 rounded focus:outline-none focus:shadow-outline"
-            type="submit">Add Execution</button>
-    </form>
-</div>
\ No newline at end of file
+    <button
+      hx-post="/admin/executions/add"
+      class="bg-orange-500 hover:bg-orange-700 text-white font-bold py-2 px-4 rounded focus:outline-none focus:shadow-outline"
+      type="submit"
+    >
+      Add Execution
+    </button>
+  </form>
+</div>
diff --git a/go/admin/templates/header.html b/go/admin/templates/header.html
index 7d654a022..90040a0ee 100644
--- a/go/admin/templates/header.html
+++ b/go/admin/templates/header.html
@@ -1,4 +1,11 @@
-<div class="border-b-2 pb-4 mb-6 w-full flex justify-between text-center flex-wrap">
-    <h2 class="text-2xl font-bold text-gray-700">Admin Dashboard</h2>
-    <a href="https://benchmark.vitess.io/" target="_blank" class="text-orange-500 align-middle">arewefastyet website</a>
+<div
+  class="border-b-2 pb-4 mb-6 w-full flex justify-between text-center flex-wrap"
+>
+  <h2 class="text-2xl font-bold text-gray-700">Admin Dashboard</h2>
+  <a
+    href="https://benchmark.vitess.io/"
+    target="_blank"
+    class="text-orange-500 align-middle"
+    >arewefastyet website</a
+  >
 </div>
diff --git a/go/admin/templates/login.html b/go/admin/templates/login.html
index 593d93306..b3670ac57 100644
--- a/go/admin/templates/login.html
+++ b/go/admin/templates/login.html
@@ -1,24 +1,26 @@
 <!DOCTYPE html>
 <html lang="en">
-
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Admin Login Page</title>
-    <link href="https://unpkg.com/tailwindcss@1.9.6/dist/tailwind.min.css" rel="stylesheet">
-</head>
+    <link
+      href="https://unpkg.com/tailwindcss@1.9.6/dist/tailwind.min.css"
+      rel="stylesheet"
+    />
+  </head>
 
-<body class="flex flex-col items-center justify-center h-screen bg-white">
+  <body class="flex flex-col items-center justify-center h-screen bg-white">
     <div class="flex flex-row">
-        <img src="/assets/logo.png" class="h-12" alt="logo">
-        <h1 class="text-3xl font-bold mb-2">arewefastyet</h1>
+      <img src="/assets/logo.png" class="h-12" alt="logo" />
+      <h1 class="text-3xl font-bold mb-2">arewefastyet</h1>
     </div>
     <h2 class="text-5xl font-semibold text-orange-500 mb-8">Admin Login</h2>
-    <img src="/assets/github-icon.png" alt="GitHub Icon" class="w-32 h-32">
+    <img src="/assets/github-icon.png" alt="GitHub Icon" class="w-32 h-32" />
     <button
-        class="bg-black text-white flex items-center justify-center gap-2 px-4 py-2 rounded-md hover:bg-gray-800 transition mx-auto">
-        <a href="/admin/login">Sign in with GitHub</a>
+      class="bg-black text-white flex items-center justify-center gap-2 px-4 py-2 rounded-md hover:bg-gray-800 transition mx-auto"
+    >
+      <a href="/admin/login">Sign in with GitHub</a>
     </button>
-</body>
-
-</html>
\ No newline at end of file
+  </body>
+</html>
diff --git a/go/admin/templates/sidebar.html b/go/admin/templates/sidebar.html
index 2fef25d76..6f5b2aa21 100644
--- a/go/admin/templates/sidebar.html
+++ b/go/admin/templates/sidebar.html
@@ -1,18 +1,27 @@
 <div id="sidebar">
-    <div class="mb-8">
-        <a href="/admin/dashboard" class="cursor-pointer">
-            <img src="/assets/logo.png" alt="Logo" class="mb-4" style="max-width: 100px;">
-            <h1 class="text-3xl font-bold text-orange-600">arewefastyet</h1>
-        </a>
-    </div>
-    <nav>
-        <ul>
-            <li class="mb-4">
-                <a href="/executions" class="text-orange-500 font-semibold">Add new executions</a>
-            </li>
-            <li class="mb-4">
-                <a href="/settings" class="text-gray-500 hover:text-orange-500">Settings</a>
-            </li>
-        </ul>
-    </nav>
+  <div class="mb-8">
+    <a href="/admin/dashboard" class="cursor-pointer">
+      <img
+        src="/assets/logo.png"
+        alt="Logo"
+        class="mb-4"
+        style="max-width: 100px"
+      />
+      <h1 class="text-3xl font-bold text-orange-600">arewefastyet</h1>
+    </a>
+  </div>
+  <nav>
+    <ul>
+      <li class="mb-4">
+        <a href="/executions" class="text-orange-500 font-semibold"
+          >Add new executions</a
+        >
+      </li>
+      <li class="mb-4">
+        <a href="/settings" class="text-gray-500 hover:text-orange-500"
+          >Settings</a
+        >
+      </li>
+    </ul>
+  </nav>
 </div>

From b7f74ce22eb42fa5921f6ab409c4c03439e909bd Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 16:57:09 +0200
Subject: [PATCH 06/19] feat: UI enhancement

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/api.go                 | 12 ++++++++++--
 go/admin/templates/base.html    | 26 +++++++-------------------
 go/admin/templates/content.html | 11 +++++++++++
 go/admin/templates/header.html  | 15 +++++++++++----
 go/admin/templates/sidebar.html | 24 +++---------------------
 5 files changed, 42 insertions(+), 46 deletions(-)

diff --git a/go/admin/api.go b/go/admin/api.go
index 01818910b..2f9ce0cd1 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -160,12 +160,17 @@ func (a *Admin) checkUserOrgMembership(client *goGithub.Client, username, orgNam
 
 func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 	slog.Info("Adding execution")
-	token, err := c.Cookie("ghtoken")
 	source := c.PostForm("source")
 	sha := c.PostForm("sha")
 	workloads := c.PostFormArray("workloads")
 	numberOfExecutions := c.PostForm("numberOfExecutions")
 
+	if source == "" || sha == "" || len(workloads) == 0 || numberOfExecutions == "" {
+		c.JSON(http.StatusBadRequest, gin.H{"error": "Missing required fields: Source and/or SHA"})
+		return
+	}
+
+	token, err := c.Cookie("ghtoken")
 	if err != nil {
 		slog.Error("Failed to get token from cookie: ", err)
 		c.AbortWithStatus(http.StatusUnauthorized)
@@ -205,12 +210,15 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 	req.Header.Set("Content-Type", "application/json")
 
 	client := &http.Client{}
+
 	resp, err := client.Do(req)
+
 	if err != nil {
 		slog.Error("Failed to send request to server API: ", err)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to send request to server API"})
 		return
 	}
+
 	defer resp.Body.Close()
 
 	if resp.StatusCode != http.StatusOK {
@@ -219,5 +227,5 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	c.JSON(http.StatusOK, gin.H{"message": "Request forwarded to server API"})
+	c.JSON(http.StatusOK, gin.H{"message": "Execution(s) added successfully"})
 }
diff --git a/go/admin/templates/base.html b/go/admin/templates/base.html
index bd733f9e3..26ef162a7 100644
--- a/go/admin/templates/base.html
+++ b/go/admin/templates/base.html
@@ -3,7 +3,8 @@
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>Admin Dashboard</title>
+    <title>Arewefastyet Admin</title>
+    <link rel="icon" type="image/png" href="/assets/favicon.ico" />
     <link
       href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css"
       rel="stylesheet"
@@ -11,24 +12,11 @@
     <script src="https://unpkg.com/htmx.org@1.9.2"></script>
   </head>
 
-  <body class="bg-gray-900">
-    <div class="flex h-screen">
-      <div class="bg-white w-1/4 p-4">
-        <div>
-          <div>{{ template "sidebar.html" . }}</div>
-        </div>
-      </div>
-      <div class="bg-white flex-1 p-8">
-        <div id="header">
-          <div>{{ template "header.html" . }}</div>
-        </div>
-
-        <div id="content" class="mt-4">
-          <div>
-            <div>{{ template "content.html" . }}</div>
-          </div>
-        </div>
-      </div>
+  <body class="h-screen w-screen">
+    {{ template "header.html" . }}
+    <div class="flex h-full">
+      <div class="bg-white w-1/5 h-full">{{ template "sidebar.html" . }}</div>
+      <div class="bg-white flex-1 p-8">{{ template "content.html" . }}</div>
     </div>
   </body>
 </html>
diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index 2f102c9a9..f9c6fc5a1 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -113,10 +113,21 @@
 
     <button
       hx-post="/admin/executions/add"
+      hx-target="#response"
       class="bg-orange-500 hover:bg-orange-700 text-white font-bold py-2 px-4 rounded focus:outline-none focus:shadow-outline"
       type="submit"
     >
       Add Execution
     </button>
   </form>
+  <div id="response" class="mt-4"></div>
 </div>
+
+<script>
+  document.body.addEventListener("htmx:responseError", function(e) {
+    error = e.detail.xhr.response;
+    errorMessage = JSON.parse(error).error;
+    document.getElementById("response").classList.add("text-red-500");
+    document.getElementById("response").innerHTML = errorMessage;
+});
+</script>
\ No newline at end of file
diff --git a/go/admin/templates/header.html b/go/admin/templates/header.html
index 90040a0ee..c5ece8da4 100644
--- a/go/admin/templates/header.html
+++ b/go/admin/templates/header.html
@@ -1,11 +1,18 @@
-<div
-  class="border-b-2 pb-4 mb-6 w-full flex justify-between text-center flex-wrap"
+<nav
+  class="w-full flex justify-between lg:justify-center p-4 border-b-2"
 >
-  <h2 class="text-2xl font-bold text-gray-700">Admin Dashboard</h2>
+    <a href="/admin/dashboard" class="cursor-pointer flex flex-1 gap-x-2 items-center">
+      <img
+        src="/assets/logo.png"
+        alt="Logo"
+        class="w-8"
+      />
+      <h1 class="font-semilight text-lg md:hidden lg:block">arewefastyet</h1>
+    </a>
   <a
     href="https://benchmark.vitess.io/"
     target="_blank"
     class="text-orange-500 align-middle"
     >arewefastyet website</a
   >
-</div>
+</nav>
diff --git a/go/admin/templates/sidebar.html b/go/admin/templates/sidebar.html
index 6f5b2aa21..684a557a7 100644
--- a/go/admin/templates/sidebar.html
+++ b/go/admin/templates/sidebar.html
@@ -1,27 +1,9 @@
-<div id="sidebar">
-  <div class="mb-8">
-    <a href="/admin/dashboard" class="cursor-pointer">
-      <img
-        src="/assets/logo.png"
-        alt="Logo"
-        class="mb-4"
-        style="max-width: 100px"
-      />
-      <h1 class="text-3xl font-bold text-orange-600">arewefastyet</h1>
-    </a>
-  </div>
-  <nav>
+<div class="border-r-2 h-full p-4">
     <ul>
-      <li class="mb-4">
-        <a href="/executions" class="text-orange-500 font-semibold"
+      <li class="my-4 hover:bg-slate-400">
+        <a class="text-orange-500 font-semibold text-lg"
           >Add new executions</a
         >
       </li>
-      <li class="mb-4">
-        <a href="/settings" class="text-gray-500 hover:text-orange-500"
-          >Settings</a
-        >
-      </li>
     </ul>
-  </nav>
 </div>

From d53e8bf60375e63feaa0afc8e2a8106a79ed429a Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 18:50:35 +0200
Subject: [PATCH 07/19] feat: multiple tokens

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/admin.go        |  6 +--
 go/admin/api.go          | 86 +++++++++++++++++++++++++++++-----------
 go/tools/server/utils.go |  4 +-
 3 files changed, 68 insertions(+), 28 deletions(-)

diff --git a/go/admin/admin.go b/go/admin/admin.go
index aec1632b2..ca7e3e1da 100644
--- a/go/admin/admin.go
+++ b/go/admin/admin.go
@@ -51,7 +51,7 @@ type Admin struct {
 
 	ghAppId     string
 	ghAppSecret string
-	ghTokenSalt string
+	auth string
 
 	dbCfg    *psdb.Config
 	dbClient *psdb.Client
@@ -64,7 +64,7 @@ func (a *Admin) AddToCommand(cmd *cobra.Command) {
 	cmd.Flags().Var(&a.Mode, flagMode, "Specify the mode on which the server will run")
 	cmd.Flags().StringVar(&a.ghAppId, flagAdminAppId, "", "The ID of the GitHub App")
 	cmd.Flags().StringVar(&a.ghAppSecret, flagAdminAppSecret, "", "The secret of the GitHub App")
-	cmd.Flags().StringVar(&a.ghTokenSalt, flagGhAuth, "", "The salt string to salt the GitHub Token")
+	cmd.Flags().StringVar(&a.auth, flagGhAuth, "", "The salt string to salt the GitHub Token")
 
 	_ = viper.BindPFlag(flagPort, cmd.Flags().Lookup(flagPort))
 	_ = viper.BindPFlag(flagMode, cmd.Flags().Lookup(flagMode))
@@ -139,7 +139,7 @@ func (a *Admin) Run() error {
 	a.router.GET("/admin", a.login)
 	a.router.GET("/admin/login", a.handleGitHubLogin)
 	a.router.GET("/admin/auth/callback", a.handleGitHubCallback)
-	a.router.POST("/admin/executions/add", a.handleExecutionsAdd)
+	a.router.POST("/admin/executions/add", a.authMiddleware(), a.handleExecutionsAdd)
 	a.router.GET("/admin/dashboard", a.authMiddleware(), a.dashboard)
 
 	return a.router.Run(":" + a.port)
diff --git a/go/admin/api.go b/go/admin/api.go
index 2f9ce0cd1..8aed15335 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -24,6 +24,7 @@ import (
 	"encoding/json"
 	"net/http"
 	"strings"
+	"sync"
 	"time"
 
 	"github.com/gin-gonic/gin"
@@ -42,6 +43,10 @@ var (
 	}
 	oauthStateString = random.String(10) // A random string to protect against CSRF attacks
 	client           *goGithub.Client
+	orgName          = "vitessio"
+	tokens           = make(map[string]oauth2.Token)
+
+	mu sync.Mutex
 )
 
 const (
@@ -65,21 +70,65 @@ func (a *Admin) dashboard(c *gin.Context) {
 	a.render(c, gin.H{}, "base.html")
 }
 
+func CreateGhClient(token *oauth2.Token) *goGithub.Client {
+	return goGithub.NewClient(oauthConf.Client(context.Background(), token))
+}
+
 func (a *Admin) authMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		_, err := c.Cookie("ghtoken")
+		cookie, err := c.Cookie("ghtoken")
 		if err != nil {
-			// User not authenticated, redirect to login
 			c.Redirect(http.StatusSeeOther, "/admin/login")
 			c.Abort()
 			return
 		}
 
-		// User is authenticated, proceed to the next handler
+		mu.Lock()
+		defer mu.Unlock()
+
+		token, ok := tokens[cookie]
+
+		if !ok {
+			c.Redirect(http.StatusSeeOther, "/admin/login")
+			c.Abort()
+			return
+		}
+
+		client := CreateGhClient(&token)
+
+		isMaintainer, err := a.GetUser(client)
+
+		if err != nil {
+			slog.Error("Error getting user: ", err)
+			c.AbortWithStatus(http.StatusInternalServerError)
+			return
+		}
+
+		if !isMaintainer {
+			c.String(http.StatusForbidden, "You must be a maintainer in the %s organization to access this page.", orgName)
+			c.Abort()
+			return
+		}
+
 		c.Next()
 	}
 }
 
+func (a *Admin) GetUser(client *goGithub.Client) (bool, error) {
+	user, _, err := client.Users.Get(context.Background(), "")
+	if err != nil {
+		return false, err
+	}
+
+	isMaintainer, err := a.checkUserOrgMembership(client, user.GetLogin(), orgName)
+	if err != nil {
+		slog.Error("Error checking org membership: ", err)
+		return false, err
+	}
+
+	return isMaintainer, nil
+}
+
 func (a *Admin) handleGitHubLogin(c *gin.Context) {
 	if a.Mode == server.ProductionMode {
 		oauthConf.RedirectURL = "https://benchmark.vitess.io/admin/auth/callback"
@@ -105,27 +154,17 @@ func (a *Admin) handleGitHubCallback(c *gin.Context) {
 		return
 	}
 
-	client := goGithub.NewClient(oauthConf.Client(context.Background(), token))
-
-	user, _, err := client.Users.Get(context.Background(), "")
-	if err != nil {
-		slog.Error("Failed to get user: ", err)
-		c.AbortWithStatus(http.StatusInternalServerError)
-		return
-	}
-
-	slog.Infof("Authenticated user: %s", user.GetLogin())
+	client := CreateGhClient(token)
 
-	orgName := "vitessio"
-	isMaintainer, err := a.checkUserOrgMembership(client, user.GetLogin(), orgName)
-	if err != nil {
-		slog.Error("Error checking org membership: ", err)
-		c.AbortWithStatus(http.StatusInternalServerError)
-		return
-	}
+	isMaintainer, err := a.GetUser(client)
 
 	if isMaintainer {
-		c.SetCookie("ghtoken", token.AccessToken, int(token.Expiry.Sub(time.Now()).Seconds()), "/", "localhost", true, true)
+		mu.Lock()
+		defer mu.Unlock()
+
+		randomKey := random.String(32)
+		tokens[randomKey] = *token
+		c.SetCookie("ghtoken", randomKey, int(time.Hour.Seconds()), "/", "localhost", true, true)
 
 		c.Redirect(http.StatusSeeOther, "/admin/dashboard")
 	} else {
@@ -159,7 +198,6 @@ func (a *Admin) checkUserOrgMembership(client *goGithub.Client, username, orgNam
 }
 
 func (a *Admin) handleExecutionsAdd(c *gin.Context) {
-	slog.Info("Adding execution")
 	source := c.PostForm("source")
 	sha := c.PostForm("sha")
 	workloads := c.PostFormArray("workloads")
@@ -177,7 +215,9 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	encryptedToken := server.Encrypt(token, a.ghTokenSalt)
+	encryptedToken := server.Encrypt(token, a.auth)
+
+	slog.Info("Encrypted token: ", encryptedToken)
 
 	requestPayload := ExecutionRequest{
 		Auth:               encryptedToken,
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index 74e7eca21..914d10400 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -25,7 +25,7 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"log/slog"
+	"log"
 )
 
 const (
@@ -33,7 +33,7 @@ const (
 )
 
 func Encrypt(stringToEncrypt string, keyString string) (encryptedString string) {
-	slog.Info(stringToEncrypt, keyString)
+	log.Println(stringToEncrypt, keyString)
 	key, _ := hex.DecodeString(keyString)
 	plaintext := []byte(stringToEncrypt)
 

From 9f6310899184ed62efc9034165e4cb178802a2e3 Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 19:28:36 +0200
Subject: [PATCH 08/19] feat: token

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/api.go  | 19 ++++++++++++++-----
 go/server/api.go |  2 +-
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/go/admin/api.go b/go/admin/api.go
index 8aed15335..e46d86b37 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -84,10 +84,11 @@ func (a *Admin) authMiddleware() gin.HandlerFunc {
 		}
 
 		mu.Lock()
-		defer mu.Unlock()
 
 		token, ok := tokens[cookie]
 
+		mu.Unlock()
+
 		if !ok {
 			c.Redirect(http.StatusSeeOther, "/admin/login")
 			c.Abort()
@@ -208,16 +209,25 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	token, err := c.Cookie("ghtoken")
+	tokenKey, err := c.Cookie("ghtoken")
 	if err != nil {
 		slog.Error("Failed to get token from cookie: ", err)
 		c.AbortWithStatus(http.StatusUnauthorized)
 		return
 	}
 
-	encryptedToken := server.Encrypt(token, a.auth)
+	mu.Lock()
+	defer mu.Unlock()
+
+	token, exists := tokens[tokenKey]
+
+	if !exists {
+		slog.Error("Failed to get token from map")
+		c.AbortWithStatus(http.StatusUnauthorized)
+		return
+	}
 
-	slog.Info("Encrypted token: ", encryptedToken)
+	encryptedToken := server.Encrypt(token.AccessToken, a.auth)
 
 	requestPayload := ExecutionRequest{
 		Auth:               encryptedToken,
@@ -229,7 +239,6 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 
 	jsonData, err := json.Marshal(requestPayload)
 
-	slog.Infof("Request payload: %s", jsonData)
 
 	if err != nil {
 		slog.Error("Failed to marshal request payload: ", err)
diff --git a/go/server/api.go b/go/server/api.go
index fdbd96a56..972dddf40 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -557,7 +557,7 @@ func (s *Server) addExecutions(c *gin.Context) {
 
 	decryptedToken := server.Decrypt(req.Auth, s.ghTokenSalt)
 
-	slog.Info(decryptedToken)
+	slog.Info(req.Auth, decryptedToken)
 
 	if req.Source == "" || req.SHA == "" || len(req.Workloads) == 0 || req.NumberOfExecutions == "" {
 		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})

From ef1aa343e509ff693268df1fbbbfd9801b31c62b Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 20:02:59 +0200
Subject: [PATCH 09/19] feat: check if user is authenticated in server

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/api.go          |  9 +++++++--
 go/server/api.go         | 40 +++++++++++++++++++++++++++++++++++++---
 go/tools/server/utils.go | 24 ++++++++++++++----------
 3 files changed, 58 insertions(+), 15 deletions(-)

diff --git a/go/admin/api.go b/go/admin/api.go
index e46d86b37..6869c787d 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -227,7 +227,13 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	encryptedToken := server.Encrypt(token.AccessToken, a.auth)
+	encryptedToken, err := server.Encrypt(token.AccessToken, a.auth)
+
+	if err != nil {
+		slog.Error("Failed to encrypt token: ", err)
+		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to encrypt token"})
+		return
+	}
 
 	requestPayload := ExecutionRequest{
 		Auth:               encryptedToken,
@@ -239,7 +245,6 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 
 	jsonData, err := json.Marshal(requestPayload)
 
-
 	if err != nil {
 		slog.Error("Failed to marshal request payload: ", err)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to marshal request payload"})
diff --git a/go/server/api.go b/go/server/api.go
index 972dddf40..01de92e0e 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -555,9 +555,21 @@ func (s *Server) addExecutions(c *gin.Context) {
 		return
 	}
 
-	decryptedToken := server.Decrypt(req.Auth, s.ghTokenSalt)
+	decryptedToken, err := server.Decrypt(req.Auth, s.ghTokenSalt)
 
-	slog.Info(req.Auth, decryptedToken)
+	if err != nil {
+		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "Unauthorized"})
+		return
+	}
+
+	isUserAuthenticated, err := IsUserAuthenticated(decryptedToken)
+
+	if err != nil || !isUserAuthenticated {
+		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "Unauthorized"})
+		return
+	}
+
+	slog.Info(decryptedToken)
 
 	if req.Source == "" || req.SHA == "" || len(req.Workloads) == 0 || req.NumberOfExecutions == "" {
 		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})
@@ -582,7 +594,29 @@ func (s *Server) addExecutions(c *gin.Context) {
 		}
 	}
 
-	s.appendToQueue(newElements)
+	// s.appendToQueue(newElements)
 
 	c.JSON(http.StatusOK, "ok")
 }
+
+func IsUserAuthenticated(accessToken string) (bool, error) {
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "https://api.github.com/user", nil)
+	if err != nil {
+		slog.Error("Error creating request to Github: %v", err)
+		return false, err
+	}
+
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+	req.Header.Set("Accept", "application/vnd.github+json")
+
+	resp, err := client.Do(req)
+	if err != nil {
+		slog.Error("Error making request to Github: %v", err)
+		return false, err
+	}
+	defer resp.Body.Close()
+
+	return resp.StatusCode == http.StatusOK, nil
+}
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index 914d10400..022a1f2eb 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -32,53 +32,57 @@ const (
 	ErrorIncorrectConfiguration = "incorrect configuration"
 )
 
-func Encrypt(stringToEncrypt string, keyString string) (encryptedString string) {
+func Encrypt(stringToEncrypt string, keyString string) (string, error) {
 	log.Println(stringToEncrypt, keyString)
 	key, _ := hex.DecodeString(keyString)
 	plaintext := []byte(stringToEncrypt)
 
 	block, err := aes.NewCipher(key)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	nonce := make([]byte, aesGCM.NonceSize())
 	if _, err = io.ReadFull(rand.Reader, nonce); err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
-	return fmt.Sprintf("%x", ciphertext)
+	return fmt.Sprintf("%x", ciphertext), nil
 }
 
-func Decrypt(encryptedString string, keyString string) (decryptedString string) {
+func Decrypt(encryptedString string, keyString string) (string, error) {
 
 	key, _ := hex.DecodeString(keyString)
 	enc, _ := hex.DecodeString(encryptedString)
 
 	block, err := aes.NewCipher(key)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	aesGCM, err := cipher.NewGCM(block)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
 	nonceSize := aesGCM.NonceSize()
 
+	if len(enc) <= nonceSize {
+		return "", fmt.Errorf("Encrypted string is too short")
+	}
+
 	nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
 
 	plaintext, err := aesGCM.Open(nil, nonce, ciphertext, nil)
 	if err != nil {
-		panic(err.Error())
+		return "", err
 	}
 
-	return fmt.Sprintf("%s", plaintext)
+	return fmt.Sprintf("%s", plaintext), nil
 }

From e8fd1b3f4bb8fb08f26265e73cc81458032014e2 Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 20:10:46 +0200
Subject: [PATCH 10/19] feat: clean code and 201

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 go/admin/api.go                 | 17 ++++++++++++++---
 go/admin/templates/content.html |  9 +++++++++
 go/server/api.go                |  6 ++----
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/go/admin/api.go b/go/admin/api.go
index 6869c787d..b65a54fcd 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -165,7 +165,14 @@ func (a *Admin) handleGitHubCallback(c *gin.Context) {
 
 		randomKey := random.String(32)
 		tokens[randomKey] = *token
-		c.SetCookie("ghtoken", randomKey, int(time.Hour.Seconds()), "/", "localhost", true, true)
+
+		domain := "localhost"
+
+		if a.Mode == server.ProductionMode {
+			domain = "benchmark.vitess.io"
+		}
+
+		c.SetCookie("ghtoken", randomKey, int(time.Hour.Seconds()), "/", domain, true, true)
 
 		c.Redirect(http.StatusSeeOther, "/admin/dashboard")
 	} else {
@@ -253,6 +260,10 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 
 	serverAPIURL := "http://localhost:8080/api/executions/add"
 
+	if a.Mode == server.ProductionMode {
+		serverAPIURL = "https://benchmark.vitess.io/api/executions/add"
+	}
+
 	req, err := http.NewRequest("POST", serverAPIURL, bytes.NewBuffer(jsonData))
 
 	if err != nil {
@@ -275,11 +286,11 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 
 	defer resp.Body.Close()
 
-	if resp.StatusCode != http.StatusOK {
+	if resp.StatusCode != http.StatusCreated {
 		slog.Error("Server API returned an error: ", resp.Status)
 		c.JSON(resp.StatusCode, gin.H{"error": "Failed to process request on server API"})
 		return
 	}
 
-	c.JSON(http.StatusOK, gin.H{"message": "Execution(s) added successfully"})
+	c.JSON(http.StatusCreated, gin.H{"message": "Execution(s) added successfully"})
 }
diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index f9c6fc5a1..748bd1204 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -130,4 +130,13 @@
     document.getElementById("response").classList.add("text-red-500");
     document.getElementById("response").innerHTML = errorMessage;
 });
+
+// Display success on 201
+document.body.addEventListener("htmx:afterOnLoad", function(e) {
+  if (e.detail.xhr.status == 201) {
+    document.getElementById("response").classList.remove("text-red-500");
+    document.getElementById("response").classList.add("text-green-500");
+    document.getElementById("response").innerHTML = "Execution added successfully!";
+  }
+});
 </script>
\ No newline at end of file
diff --git a/go/server/api.go b/go/server/api.go
index 01de92e0e..3380cf9cd 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -569,8 +569,6 @@ func (s *Server) addExecutions(c *gin.Context) {
 		return
 	}
 
-	slog.Info(decryptedToken)
-
 	if req.Source == "" || req.SHA == "" || len(req.Workloads) == 0 || req.NumberOfExecutions == "" {
 		c.JSON(http.StatusBadRequest, &ErrorAPI{Error: "missing argument"})
 		return
@@ -594,9 +592,9 @@ func (s *Server) addExecutions(c *gin.Context) {
 		}
 	}
 
-	// s.appendToQueue(newElements)
+	s.appendToQueue(newElements)
 
-	c.JSON(http.StatusOK, "ok")
+	c.JSON(http.StatusCreated, "")
 }
 
 func IsUserAuthenticated(accessToken string) (bool, error) {

From d5f42f33d29cc9409e517312eef1affab59dd826 Mon Sep 17 00:00:00 2001
From: Florent Poinsard <florent.poinsard@outlook.fr>
Date: Fri, 30 Aug 2024 13:04:51 -0600
Subject: [PATCH 11/19] Add docker-compose infra to build and run the admin

Signed-off-by: Florent Poinsard <florent.poinsard@outlook.fr>
---
 Dockerfile                     |  2 +-
 Dockerfile.admin               | 40 ++++++++++++++++++++++++++++++++++
 docker-compose.prod.yml        | 18 +++++++++++++++
 docker-compose.yml             | 18 +++++++++++++++
 go/admin/admin.go              | 16 +++-----------
 go/admin/api.go                |  4 ++--
 go/admin/templates/base.html   |  2 +-
 go/admin/templates/header.html |  2 +-
 go/admin/templates/login.html  |  4 ++--
 9 files changed, 86 insertions(+), 20 deletions(-)
 create mode 100644 Dockerfile.admin

diff --git a/Dockerfile b/Dockerfile
index 82411ffab..66a08500c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-FROM golang:1.22.5-bookworm AS build-stage
+FROM golang:1.23.0-bookworm AS build-stage
 
 WORKDIR /build
 
diff --git a/Dockerfile.admin b/Dockerfile.admin
new file mode 100644
index 000000000..0bb833ebf
--- /dev/null
+++ b/Dockerfile.admin
@@ -0,0 +1,40 @@
+# Copyright 2023 The Vitess Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM golang:1.23.0-bookworm AS build-stage
+
+WORKDIR /build
+
+COPY go.mod go.sum ./
+
+RUN go mod download
+
+COPY . .
+
+# Build arewefastyet
+RUN CGO_ENABLED=0 GOOS=linux go build -o /arewefastyetcli ./go/main.go
+
+FROM debian:bookworm AS run-stage
+
+# Copy the source code to the working directory
+COPY --from=build-stage /arewefastyetcli /arewefastyetcli
+COPY --from=build-stage /build/go/admin/templates/ /go/admin/templates/
+COPY --from=build-stage /build/go/admin/assets/ /go/admin/assets/
+
+EXPOSE 8081
+
+# Configuration files MUST be attached to the container using a volume.
+# The configuration files are not mounted on the Docker image for obvious
+# security reasons.
+CMD ["/arewefastyetcli", "admin", "--config", "/config/config.yaml", "--secrets", "/config/secrets.yaml"]
diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 9b3be6e26..4decce72e 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -70,6 +70,24 @@ services:
       - "traefik.http.services.api.loadbalancer.server.port=8080"
     network_mode: bridge
 
+  admin:
+    restart: always
+    build:
+      context: .
+      dockerfile: Dockerfile.admin
+    image: "arewefastyet-admin"
+    container_name: "admin"
+    volumes:
+      - "./config/prod/config.yaml:/config/config.yaml"
+      - "./config/prod/secrets.yaml:/config/secrets.yaml"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.admin.rule=Host(`benchmark.vitess.io`) && PathPrefix(`/admin`)"
+      - "traefik.http.routers.admin.entrypoints=https"
+      - "traefik.http.routers.admin.tls.certresolver=tlsresolver"
+      - "traefik.http.services.admin.loadbalancer.server.port=8081"
+    network_mode: bridge
+
   cleanup_executions:
     image: alpine
     restart: on-failure
diff --git a/docker-compose.yml b/docker-compose.yml
index f74037fdc..f06c2fa1f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -53,6 +53,24 @@ services:
       - "traefik.http.services.api.loadbalancer.server.port=8080"
     network_mode: bridge
 
+  admin:
+    restart: always
+    build:
+      context: .
+      dockerfile: Dockerfile.admin
+    image: "arewefastyet-admin"
+    container_name: "admin"
+    volumes:
+      - "./config/dev/config.yaml:/config/config.yaml"
+      - "./config/dev/secrets.yaml:/config/secrets.yaml"
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.admin.rule=Host(`localhost`)"
+      - "traefik.http.routers.admin.rule=PathPrefix(`/admin`)"
+      - "traefik.http.routers.admin.entrypoints=http"
+      - "traefik.http.services.admin.loadbalancer.server.port=8081"
+    network_mode: bridge
+
   frontend:
     build:
       context: ./website
diff --git a/go/admin/admin.go b/go/admin/admin.go
index ca7e3e1da..b0bade9d8 100644
--- a/go/admin/admin.go
+++ b/go/admin/admin.go
@@ -21,13 +21,9 @@ package admin
 import (
 	"errors"
 	"net/http"
-	"path/filepath"
-	"runtime"
 	"time"
 
 	"github.com/gin-contrib/cors"
-	"github.com/gin-contrib/sessions"
-	"github.com/gin-contrib/sessions/cookie"
 	"github.com/gin-gonic/gin"
 	"github.com/spf13/cobra"
 	"github.com/spf13/viper"
@@ -51,7 +47,7 @@ type Admin struct {
 
 	ghAppId     string
 	ghAppSecret string
-	auth string
+	auth        string
 
 	dbCfg    *psdb.Config
 	dbClient *psdb.Client
@@ -113,18 +109,12 @@ func (a *Admin) Run() error {
 		return errors.New(server.ErrorIncorrectConfiguration)
 	}
 
-	_, b, _, _ := runtime.Caller(0)
-	basepath := filepath.Dir(b)
-
 	a.Mode.SetGin()
 	a.router = gin.Default()
 
-	store := cookie.NewStore([]byte("secret"))
-	a.router.Use(sessions.Sessions("admin-session", store))
-
-	a.router.Static("/assets", filepath.Join(basepath, "assets"))
+	a.router.Static("/admin/assets", "/go/admin/assets")
 
-	a.router.LoadHTMLGlob(filepath.Join(basepath, "templates/*"))
+	a.router.LoadHTMLGlob("/go/admin/templates/*")
 
 	a.router.Use(cors.New(cors.Config{
 		AllowOrigins:     []string{"*"},
diff --git a/go/admin/api.go b/go/admin/api.go
index b65a54fcd..14a405e9e 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -39,7 +39,7 @@ var (
 	oauthConf = &oauth2.Config{
 		Scopes:      []string{"read:org"}, // Request access to read organization membership
 		Endpoint:    github.Endpoint,
-		RedirectURL: "http://localhost:8081/admin/auth/callback",
+		RedirectURL: "http://localhost/admin/auth/callback",
 	}
 	oauthStateString = random.String(10) // A random string to protect against CSRF attacks
 	client           *goGithub.Client
@@ -258,7 +258,7 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	serverAPIURL := "http://localhost:8080/api/executions/add"
+	serverAPIURL := "http://localhost/api/executions/add"
 
 	if a.Mode == server.ProductionMode {
 		serverAPIURL = "https://benchmark.vitess.io/api/executions/add"
diff --git a/go/admin/templates/base.html b/go/admin/templates/base.html
index 26ef162a7..146031e93 100644
--- a/go/admin/templates/base.html
+++ b/go/admin/templates/base.html
@@ -4,7 +4,7 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0" />
     <title>Arewefastyet Admin</title>
-    <link rel="icon" type="image/png" href="/assets/favicon.ico" />
+    <link rel="icon" type="image/png" href="/admin/assets/favicon.ico" />
     <link
       href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css"
       rel="stylesheet"
diff --git a/go/admin/templates/header.html b/go/admin/templates/header.html
index c5ece8da4..7e1267cb0 100644
--- a/go/admin/templates/header.html
+++ b/go/admin/templates/header.html
@@ -3,7 +3,7 @@
 >
     <a href="/admin/dashboard" class="cursor-pointer flex flex-1 gap-x-2 items-center">
       <img
-        src="/assets/logo.png"
+        src="/admin/assets/logo.png"
         alt="Logo"
         class="w-8"
       />
diff --git a/go/admin/templates/login.html b/go/admin/templates/login.html
index b3670ac57..6cbdc7e5f 100644
--- a/go/admin/templates/login.html
+++ b/go/admin/templates/login.html
@@ -12,11 +12,11 @@
 
   <body class="flex flex-col items-center justify-center h-screen bg-white">
     <div class="flex flex-row">
-      <img src="/assets/logo.png" class="h-12" alt="logo" />
+      <img src="/admin/assets/logo.png" class="h-12" alt="logo" />
       <h1 class="text-3xl font-bold mb-2">arewefastyet</h1>
     </div>
     <h2 class="text-5xl font-semibold text-orange-500 mb-8">Admin Login</h2>
-    <img src="/assets/github-icon.png" alt="GitHub Icon" class="w-32 h-32" />
+    <img src="/admin/assets/github-icon.png" alt="GitHub Icon" class="w-32 h-32" />
     <button
       class="bg-black text-white flex items-center justify-center gap-2 px-4 py-2 rounded-md hover:bg-gray-800 transition mx-auto"
     >

From 4fe0bf0852c4cd5a86f70b3b7fd615c6685ecc08 Mon Sep 17 00:00:00 2001
From: Jad Chahed <jad.chahed@bashroom.com>
Date: Fri, 30 Aug 2024 21:32:29 +0200
Subject: [PATCH 12/19] wip: docker compose

Signed-off-by: Jad Chahed <jad.chahed@bashroom.com>
---
 Dockerfile.admin         | 5 +++++
 go/server/api.go         | 2 +-
 go/tools/server/utils.go | 2 --
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/Dockerfile.admin b/Dockerfile.admin
index 0bb833ebf..4e57b136e 100644
--- a/Dockerfile.admin
+++ b/Dockerfile.admin
@@ -27,6 +27,11 @@ RUN CGO_ENABLED=0 GOOS=linux go build -o /arewefastyetcli ./go/main.go
 
 FROM debian:bookworm AS run-stage
 
+RUN apt-get update \
+    && apt-get upgrade -y \
+    && apt-get install -y --reinstall ca-certificates \
+    && update-ca-certificates
+
 # Copy the source code to the working directory
 COPY --from=build-stage /arewefastyetcli /arewefastyetcli
 COPY --from=build-stage /build/go/admin/templates/ /go/admin/templates/
diff --git a/go/server/api.go b/go/server/api.go
index 3380cf9cd..541f1f88d 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -565,7 +565,7 @@ func (s *Server) addExecutions(c *gin.Context) {
 	isUserAuthenticated, err := IsUserAuthenticated(decryptedToken)
 
 	if err != nil || !isUserAuthenticated {
-		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "Unauthorized"})
+		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "isUserAuthenticated Unauthorized"})
 		return
 	}
 
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index 022a1f2eb..a7e48da03 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -25,7 +25,6 @@ import (
 	"encoding/hex"
 	"fmt"
 	"io"
-	"log"
 )
 
 const (
@@ -33,7 +32,6 @@ const (
 )
 
 func Encrypt(stringToEncrypt string, keyString string) (string, error) {
-	log.Println(stringToEncrypt, keyString)
 	key, _ := hex.DecodeString(keyString)
 	plaintext := []byte(stringToEncrypt)
 

From 535c20e7ffaac7d6de1b90070502d57e85d39cab Mon Sep 17 00:00:00 2001
From: Florent Poinsard <florent.poinsard@outlook.fr>
Date: Fri, 30 Aug 2024 15:37:56 -0600
Subject: [PATCH 13/19] Fix connection issue in docker

Signed-off-by: Florent Poinsard <florent.poinsard@outlook.fr>
---
 docker-compose.yml | 7 +++----
 go/admin/admin.go  | 4 +---
 go/admin/api.go    | 8 +-------
 3 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index f06c2fa1f..932f39f43 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,6 +13,9 @@
 # limitations under the License.
 
 version: "3.8"
+networks:
+  default:
+    driver: bridge
 
 services:
   traefik:
@@ -29,7 +32,6 @@ services:
       - "8080:8080"
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock"
-    network_mode: bridge
 
   api:
     restart: always
@@ -51,7 +53,6 @@ services:
       - "traefik.http.routers.api.rule=PathPrefix(`/api`)"
       - "traefik.http.routers.api.entrypoints=http"
       - "traefik.http.services.api.loadbalancer.server.port=8080"
-    network_mode: bridge
 
   admin:
     restart: always
@@ -69,7 +70,6 @@ services:
       - "traefik.http.routers.admin.rule=PathPrefix(`/admin`)"
       - "traefik.http.routers.admin.entrypoints=http"
       - "traefik.http.services.admin.loadbalancer.server.port=8081"
-    network_mode: bridge
 
   frontend:
     build:
@@ -85,7 +85,6 @@ services:
       - "traefik.http.routers.frontend.rule=Host(`localhost`)"
       - "traefik.http.routers.frontend.entrypoints=http"
       - "traefik.http.services.frontend.loadbalancer.server.port=5173"
-    network_mode: bridge
 
   cleanup_executions:
     image: alpine
diff --git a/go/admin/admin.go b/go/admin/admin.go
index b0bade9d8..be397db5d 100644
--- a/go/admin/admin.go
+++ b/go/admin/admin.go
@@ -36,11 +36,9 @@ const (
 	flagMode           = "admin-mode"
 	flagAdminAppId     = "admin-gh-app-id"
 	flagAdminAppSecret = "admin-gh-app-secret"
-	flagGhAuth         = "auth"
+	flagGhAuth         = "admin-auth"
 )
 
-var workloads = []string{"OLTP", "OLTP-READONLY", "OLTP-SET", "TPCC", "TPCC_FK", "TPCC_FK_UNMANAGED", "TPCC_UNSHARDED"}
-
 type Admin struct {
 	port   string
 	router *gin.Engine
diff --git a/go/admin/api.go b/go/admin/api.go
index 14a405e9e..b85b6c619 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -42,7 +42,6 @@ var (
 		RedirectURL: "http://localhost/admin/auth/callback",
 	}
 	oauthStateString = random.String(10) // A random string to protect against CSRF attacks
-	client           *goGithub.Client
 	orgName          = "vitessio"
 	tokens           = make(map[string]oauth2.Token)
 
@@ -258,26 +257,21 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	serverAPIURL := "http://localhost/api/executions/add"
-
+	serverAPIURL := "http://traefik/api/executions/add"
 	if a.Mode == server.ProductionMode {
 		serverAPIURL = "https://benchmark.vitess.io/api/executions/add"
 	}
 
 	req, err := http.NewRequest("POST", serverAPIURL, bytes.NewBuffer(jsonData))
-
 	if err != nil {
 		slog.Error("Failed to create new HTTP request: ", err)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to create request to server API"})
 		return
 	}
-
 	req.Header.Set("Content-Type", "application/json")
 
 	client := &http.Client{}
-
 	resp, err := client.Do(req)
-
 	if err != nil {
 		slog.Error("Failed to send request to server API: ", err)
 		c.JSON(http.StatusInternalServerError, gin.H{"error": "Failed to send request to server API"})

From 6bfca350cb1eeddbff78635cbc97d358547770b5 Mon Sep 17 00:00:00 2001
From: Florent Poinsard <florent.poinsard@outlook.fr>
Date: Fri, 30 Aug 2024 16:08:22 -0600
Subject: [PATCH 14/19] Fix small issues

Signed-off-by: Florent Poinsard <florent.poinsard@outlook.fr>
---
 go/admin/api.go          | 15 ++++++++-------
 go/server/server.go      |  2 +-
 go/tools/server/utils.go |  6 +++---
 3 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/go/admin/api.go b/go/admin/api.go
index b85b6c619..6a4a94a0a 100644
--- a/go/admin/api.go
+++ b/go/admin/api.go
@@ -75,7 +75,7 @@ func CreateGhClient(token *oauth2.Token) *goGithub.Client {
 
 func (a *Admin) authMiddleware() gin.HandlerFunc {
 	return func(c *gin.Context) {
-		cookie, err := c.Cookie("ghtoken")
+		cookie, err := c.Cookie("tk")
 		if err != nil {
 			c.Redirect(http.StatusSeeOther, "/admin/login")
 			c.Abort()
@@ -83,11 +83,8 @@ func (a *Admin) authMiddleware() gin.HandlerFunc {
 		}
 
 		mu.Lock()
-
 		token, ok := tokens[cookie]
-
 		mu.Unlock()
-
 		if !ok {
 			c.Redirect(http.StatusSeeOther, "/admin/login")
 			c.Abort()
@@ -122,7 +119,6 @@ func (a *Admin) GetUser(client *goGithub.Client) (bool, error) {
 
 	isMaintainer, err := a.checkUserOrgMembership(client, user.GetLogin(), orgName)
 	if err != nil {
-		slog.Error("Error checking org membership: ", err)
 		return false, err
 	}
 
@@ -157,6 +153,11 @@ func (a *Admin) handleGitHubCallback(c *gin.Context) {
 	client := CreateGhClient(token)
 
 	isMaintainer, err := a.GetUser(client)
+	if err != nil {
+		slog.Error("Failed to get user information: ", err)
+		c.AbortWithStatus(http.StatusInternalServerError)
+		return
+	}
 
 	if isMaintainer {
 		mu.Lock()
@@ -171,7 +172,7 @@ func (a *Admin) handleGitHubCallback(c *gin.Context) {
 			domain = "benchmark.vitess.io"
 		}
 
-		c.SetCookie("ghtoken", randomKey, int(time.Hour.Seconds()), "/", domain, true, true)
+		c.SetCookie("tk", randomKey, int(time.Hour.Seconds()), "/", domain, true, true)
 
 		c.Redirect(http.StatusSeeOther, "/admin/dashboard")
 	} else {
@@ -215,7 +216,7 @@ func (a *Admin) handleExecutionsAdd(c *gin.Context) {
 		return
 	}
 
-	tokenKey, err := c.Cookie("ghtoken")
+	tokenKey, err := c.Cookie("tk")
 	if err != nil {
 		slog.Error("Failed to get token from cookie: ", err)
 		c.AbortWithStatus(http.StatusUnauthorized)
diff --git a/go/server/server.go b/go/server/server.go
index f01a14b28..ddd5fb6e7 100644
--- a/go/server/server.go
+++ b/go/server/server.go
@@ -50,7 +50,7 @@ const (
 	flagFilterBySource                       = "web-source-filter"
 	flagExcludeFilterBySource                = "web-source-exclude-filter"
 	flagRequestRunKey                        = "web-request-run-key"
-	flagGhAuth                          = "auth"
+	flagGhAuth                               = "admin-auth"
 
 	// keyMinimumVitessVersion is used to define on which minimum Vitess version a given
 	// benchmark should be run. Only the major version is counted. This key/value is located
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index a7e48da03..6ec83e5d6 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -51,7 +51,7 @@ func Encrypt(stringToEncrypt string, keyString string) (string, error) {
 	}
 
 	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
-	return fmt.Sprintf("%x", ciphertext), nil
+	return string(ciphertext), nil
 }
 
 func Decrypt(encryptedString string, keyString string) (string, error) {
@@ -72,7 +72,7 @@ func Decrypt(encryptedString string, keyString string) (string, error) {
 	nonceSize := aesGCM.NonceSize()
 
 	if len(enc) <= nonceSize {
-		return "", fmt.Errorf("Encrypted string is too short")
+		return "", fmt.Errorf("encrypted string is too short")
 	}
 
 	nonce, ciphertext := enc[:nonceSize], enc[nonceSize:]
@@ -82,5 +82,5 @@ func Decrypt(encryptedString string, keyString string) (string, error) {
 		return "", err
 	}
 
-	return fmt.Sprintf("%s", plaintext), nil
+	return string(plaintext), nil
 }

From 37c1f2be69e43b8d299d3634fca9076dfc3ae5c2 Mon Sep 17 00:00:00 2001
From: Florent Poinsard <florent.poinsard@outlook.fr>
Date: Fri, 30 Aug 2024 16:11:06 -0600
Subject: [PATCH 15/19] Re-gen docs

Signed-off-by: Florent Poinsard <florent.poinsard@outlook.fr>
---
 docs/arewefastyet_admin.md | 1 +
 docs/arewefastyet_api.md   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/docs/arewefastyet_admin.md b/docs/arewefastyet_admin.md
index 2f34f4939..f86840361 100644
--- a/docs/arewefastyet_admin.md
+++ b/docs/arewefastyet_admin.md
@@ -9,6 +9,7 @@ arewefastyet admin [flags]
 ### Options
 
 ```
+      --admin-auth string                      The salt string to salt the GitHub Token
       --admin-gh-app-id string                 The ID of the GitHub App
       --admin-gh-app-secret string             The secret of the GitHub App
       --admin-mode string                      Specify the mode on which the server will run
diff --git a/docs/arewefastyet_api.md b/docs/arewefastyet_api.md
index 5666b5e81..c12daceaa 100644
--- a/docs/arewefastyet_api.md
+++ b/docs/arewefastyet_api.md
@@ -9,6 +9,7 @@ arewefastyet api [flags]
 ### Options
 
 ```
+      --admin-auth string                        The salt string to salt the GitHub Token
       --gh-app-id int                            ID of the GitHub App
       --gh-installation-id int                   GitHub installation ID of this app
       --gh-port string                           Port on which to run the github app (default "8181")

From 6867823b03b636a988918363fdf6576389cc06c6 Mon Sep 17 00:00:00 2001
From: Florent Poinsard <florent.poinsard@outlook.fr>
Date: Fri, 30 Aug 2024 16:11:35 -0600
Subject: [PATCH 16/19] Go mod tidy

Signed-off-by: Florent Poinsard <florent.poinsard@outlook.fr>
---
 go.mod |  4 ----
 go.sum | 10 ----------
 2 files changed, 14 deletions(-)

diff --git a/go.mod b/go.mod
index 2ce13af10..19a86d976 100644
--- a/go.mod
+++ b/go.mod
@@ -8,7 +8,6 @@ require (
 	github.com/dustin/go-humanize v1.0.1
 	github.com/frankban/quicktest v1.14.6
 	github.com/gin-contrib/cors v1.7.2
-	github.com/gin-contrib/sessions v1.0.1
 	github.com/gin-gonic/gin v1.10.0
 	github.com/go-sql-driver/mysql v1.8.1
 	github.com/google/go-github v17.0.0+incompatible
@@ -62,9 +61,6 @@ require (
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v62 v62.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
-	github.com/gorilla/context v1.1.2 // indirect
-	github.com/gorilla/securecookie v1.1.2 // indirect
-	github.com/gorilla/sessions v1.2.2 // indirect
 	github.com/gorilla/websocket v1.5.3 // indirect
 	github.com/hashicorp/golang-lru v1.0.2 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
diff --git a/go.sum b/go.sum
index c76f386af..4f8633b33 100644
--- a/go.sum
+++ b/go.sum
@@ -42,8 +42,6 @@ github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy
 github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s=
 github.com/gin-contrib/cors v1.7.2 h1:oLDHxdg8W/XDoN/8zamqk/Drgt4oVZDvaV0YmvVICQw=
 github.com/gin-contrib/cors v1.7.2/go.mod h1:SUJVARKgQ40dmrzgXEVxj2m7Ig1v1qIboQkPDTQ9t2E=
-github.com/gin-contrib/sessions v1.0.1 h1:3hsJyNs7v7N8OtelFmYXFrulAf6zSR7nW/putcPEHxI=
-github.com/gin-contrib/sessions v1.0.1/go.mod h1:ouxSFM24/OgIud5MJYQJLpy6AwxQ5EYO9yLhbtObGkM=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
 github.com/gin-gonic/gin v1.10.0 h1:nTuyha1TYqgedzytsKYqna+DfLos46nTv2ygFy86HFU=
@@ -83,16 +81,8 @@ github.com/google/go-github/v63 v63.0.0/go.mod h1:IqbcrgUmIcEaioWrGYei/09o+ge5vh
 github.com/google/go-querystring v1.1.0 h1:AnCroh3fv4ZBgVIf1Iwtovgjaw/GiKJo8M8yD/fhyJ8=
 github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17icRSOU623lUBU=
 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
-github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/gorilla/context v1.1.2 h1:WRkNAv2uoa03QNIc1A6u4O7DAGMUVoopZhkiXWA2V1o=
-github.com/gorilla/context v1.1.2/go.mod h1:KDPwT9i/MeWHiLl90fuTgrt4/wPcv75vFAZLaOOcbxM=
-github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
-github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
-github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
 github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg=
 github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=

From 5d0cddf23390b895f4fdc66417894c87910293bc Mon Sep 17 00:00:00 2001
From: Florent Poinsard <florent.poinsard@outlook.fr>
Date: Fri, 30 Aug 2024 17:10:22 -0600
Subject: [PATCH 17/19] Fix some issues with the decypher

Signed-off-by: Florent Poinsard <florent.poinsard@outlook.fr>
---
 go/admin/templates/content.html | 3 ++-
 go/server/api.go                | 3 +--
 go/tools/server/utils.go        | 3 +--
 3 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/go/admin/templates/content.html b/go/admin/templates/content.html
index 748bd1204..dd90cd5b2 100644
--- a/go/admin/templates/content.html
+++ b/go/admin/templates/content.html
@@ -2,11 +2,12 @@
   <form>
     <div class="flex flex-row gap-4">
       <div>
-        <label class="label">Source</label>
+        <label class="label">Source (execution's trigger/reason)</label>
         <input
           class="shadow appearance-none border rounded w-full py-2 px-3 text-gray-700 leading-tight focus:outline-none focus:shadow-outline"
           type="text"
           name="source"
+          value="admin"
         />
       </div>
       <div>
diff --git a/go/server/api.go b/go/server/api.go
index 541f1f88d..76b9c4f27 100644
--- a/go/server/api.go
+++ b/go/server/api.go
@@ -556,14 +556,13 @@ func (s *Server) addExecutions(c *gin.Context) {
 	}
 
 	decryptedToken, err := server.Decrypt(req.Auth, s.ghTokenSalt)
-
 	if err != nil {
+		slog.Error(err)
 		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "Unauthorized"})
 		return
 	}
 
 	isUserAuthenticated, err := IsUserAuthenticated(decryptedToken)
-
 	if err != nil || !isUserAuthenticated {
 		c.JSON(http.StatusUnauthorized, &ErrorAPI{Error: "isUserAuthenticated Unauthorized"})
 		return
diff --git a/go/tools/server/utils.go b/go/tools/server/utils.go
index 6ec83e5d6..27024f2ae 100644
--- a/go/tools/server/utils.go
+++ b/go/tools/server/utils.go
@@ -51,11 +51,10 @@ func Encrypt(stringToEncrypt string, keyString string) (string, error) {
 	}
 
 	ciphertext := aesGCM.Seal(nonce, nonce, plaintext, nil)
-	return string(ciphertext), nil
+	return fmt.Sprintf("%x", ciphertext), nil
 }
 
 func Decrypt(encryptedString string, keyString string) (string, error) {
-
 	key, _ := hex.DecodeString(keyString)
 	enc, _ := hex.DecodeString(encryptedString)
 

From d257b990dfd165ded3694fc30b80dbfd4b29f5b8 Mon Sep 17 00:00:00 2001
From: Florent Poinsard <florent.poinsard@outlook.fr>
Date: Fri, 30 Aug 2024 17:11:12 -0600
Subject: [PATCH 18/19] Fix production docker compose

Signed-off-by: Florent Poinsard <florent.poinsard@outlook.fr>
---
 docker-compose.prod.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/docker-compose.prod.yml b/docker-compose.prod.yml
index 4decce72e..26791c862 100644
--- a/docker-compose.prod.yml
+++ b/docker-compose.prod.yml
@@ -13,6 +13,9 @@
 # limitations under the License.
 
 version: "3.8"
+networks:
+  default:
+    driver: bridge
 
 services:
   traefik:
@@ -31,7 +34,6 @@ services:
     volumes:
       - "/var/letsencrypt:/letsencrypt"
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
-    network_mode: bridge
 
   frontend:
     build:
@@ -46,7 +48,6 @@ services:
       - "traefik.http.routers.frontend.entrypoints=https"
       - "traefik.http.routers.frontend.tls.certresolver=tlsresolver"
       - "traefik.http.services.frontend.loadbalancer.server.port=3000"
-    network_mode: bridge
 
   api:
     restart: always
@@ -68,7 +69,6 @@ services:
       - "traefik.http.routers.api.entrypoints=https"
       - "traefik.http.routers.api.tls.certresolver=tlsresolver"
       - "traefik.http.services.api.loadbalancer.server.port=8080"
-    network_mode: bridge
 
   admin:
     restart: always
@@ -86,7 +86,6 @@ services:
       - "traefik.http.routers.admin.entrypoints=https"
       - "traefik.http.routers.admin.tls.certresolver=tlsresolver"
       - "traefik.http.services.admin.loadbalancer.server.port=8081"
-    network_mode: bridge
 
   cleanup_executions:
     image: alpine

From 71d131c5afc28dfb56011e5b3c8e818aa4cddfd1 Mon Sep 17 00:00:00 2001
From: Florent Poinsard <35779988+frouioui@users.noreply.github.com>
Date: Fri, 30 Aug 2024 17:13:33 -0600
Subject: [PATCH 19/19] Update Dockerfile.admin

Signed-off-by: Florent Poinsard <35779988+frouioui@users.noreply.github.com>
---
 Dockerfile.admin | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile.admin b/Dockerfile.admin
index 4e57b136e..d3b0bc0b6 100644
--- a/Dockerfile.admin
+++ b/Dockerfile.admin
@@ -1,4 +1,4 @@
-# Copyright 2023 The Vitess Authors.
+# Copyright 2024 The Vitess Authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.