Fix stuff

- cleanup cmd.Dump, with deprication notice
- don't prefic cmd-commands

.drone.yml

@@ -3,12 +3,15 @@ workspace:
   path: src/code.gitea.io/gitea
 
 pipeline:
+  clone:
+    image: plugins/git
+    tags: true
+
   test:
     image: webhippie/golang:edge
     pull: true
     environment:
-      CGO_ENABLED: 1
-      TAGS: sqlite bindata
+      TAGS: bindata sqlite
       GOPATH: /srv/app
     commands:
       - apk -U add openssh-client
@@ -16,47 +19,55 @@ pipeline:
       - make generate
       - make vet
       - make lint
+      - make test-vendor
       - make test
       - make build
     when:
       event: [ push, tag, pull_request ]
 
+  test-sqlite:
+    image: webhippie/golang:edge
+    pull: true
+    environment:
+      TAGS: bindata
+      GOPATH: /srv/app
+    commands:
+      - make test-sqlite
+    when:
+      event: [ push, tag, pull_request ]
+
   test-mysql:
     image: webhippie/golang:edge
     pull: true
     environment:
-      CGO_ENABLED: 1
-      TAGS: sqlite bindata
+      TAGS: bindata
       GOPATH: /srv/app
     commands:
-      - make test-mysql
+      - echo make test-mysql # Not ready yet
     when:
-      event: [ push ]
+      event: [ push, tag, pull_request ]
 
   test-pgsql:
     image: webhippie/golang:edge
     pull: true
     environment:
-      CGO_ENABLED: 1
-      TAGS: sqlite bindata
+      TAGS: bindata
       GOPATH: /srv/app
     commands:
-      - make test-pgsql
+      - echo make test-pqsql # Not ready yet
     when:
-      event: [ push ]
+      event: [ push, tag, pull_request ]
 
-  updater:
+  static:
     image: karalabe/xgo-latest:latest
     pull: true
     environment:
-      CGO_ENABLED: 1
-      TAGS: sqlite bindata
+      TAGS: bindata sqlite
       GOPATH: /srv/app
     commands:
       - make release
     when:
-      event: [ push, tag ]
-      branch: [ master, release/*, refs/tags/* ]
+      event: [ push, tag, pull_request ]
 
   coverage:
     image: plugins/coverage
@@ -136,11 +147,11 @@ services:
       - MYSQL_DATABASE=test
       - MYSQL_ALLOW_EMPTY_PASSWORD=yes
     when:
-      event: [ push ]
+      event: [ push, tag, pull_request ]
 
   pgsql:
     image: postgres:9.5
     environment:
       - POSTGRES_DB=test
     when:
-      event: [ push ]
+      event: [ push, tag, pull_request ]

.drone.yml.sig

@@ -1 +1 @@
-eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2NvZGUuZ2l0ZWEuaW8vZ2l0ZWEKCnBpcGVsaW5lOgogIHRlc3Q6CiAgICBpbWFnZTogd2ViaGlwcGllL2dvbGFuZzplZGdlCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQ0dPX0VOQUJMRUQ6IDEKICAgICAgVEFHUzogc3FsaXRlIGJpbmRhdGEKICAgICAgR09QQVRIOiAvc3J2L2FwcAogICAgY29tbWFuZHM6CiAgICAgIC0gYXBrIC1VIGFkZCBvcGVuc3NoLWNsaWVudAogICAgICAtIG1ha2UgY2xlYW4KICAgICAgLSBtYWtlIGdlbmVyYXRlCiAgICAgIC0gbWFrZSB2ZXQKICAgICAgLSBtYWtlIGxpbnQKICAgICAgLSBtYWtlIHRlc3QKICAgICAgLSBtYWtlIGJ1aWxkCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcsIHB1bGxfcmVxdWVzdCBdCgogIHRlc3QtbXlzcWw6CiAgICBpbWFnZTogd2ViaGlwcGllL2dvbGFuZzplZGdlCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQ0dPX0VOQUJMRUQ6IDEKICAgICAgVEFHUzogc3FsaXRlIGJpbmRhdGEKICAgICAgR09QQVRIOiAvc3J2L2FwcAogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSB0ZXN0LW15c3FsCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KCiAgdGVzdC1wZ3NxbDoKICAgIGltYWdlOiB3ZWJoaXBwaWUvZ29sYW5nOmVkZ2UKICAgIHB1bGw6IHRydWUKICAgIGVudmlyb25tZW50OgogICAgICBDR09fRU5BQkxFRDogMQogICAgICBUQUdTOiBzcWxpdGUgYmluZGF0YQogICAgICBHT1BBVEg6IC9zcnYvYXBwCiAgICBjb21tYW5kczoKICAgICAgLSBtYWtlIHRlc3QtcGdzcWwKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICB1cGRhdGVyOgogICAgaW1hZ2U6IGthcmFsYWJlL3hnby1sYXRlc3Q6bGF0ZXN0CiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgQ0dPX0VOQUJMRUQ6IDEKICAgICAgVEFHUzogc3FsaXRlIGJpbmRhdGEKICAgICAgR09QQVRIOiAvc3J2L2FwcAogICAgY29tbWFuZHM6CiAgICAgIC0gbWFrZSByZWxlYXNlCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcgXQogICAgICBicmFuY2g6IFsgbWFzdGVyLCByZWxlYXNlLyosIHJlZnMvdGFncy8qIF0KCiAgY292ZXJhZ2U6CiAgICBpbWFnZTogcGx1Z2lucy9jb3ZlcmFnZQogICAgc2VydmVyOiBodHRwczovL2NvdmVyYWdlLmdpdGVhLmlvCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcsIHB1bGxfcmVxdWVzdCBdCgogIGRvY2tlcjoKICAgIGltYWdlOiBwbHVnaW5zL2RvY2tlcgogICAgcmVwbzogZ2l0ZWEvZ2l0ZWEKICAgIHRhZ3M6IFsgJyR7RFJPTkVfVEFHIyN2fScgXQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZG9ja2VyOgogICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgICByZXBvOiBnaXRlYS9naXRlYQogICAgdGFnczogWyAnJHtEUk9ORV9CUkFOQ0gjI3JlbGVhc2Uvdn0nIF0KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQogICAgICBicmFuY2g6IFsgcmVsZWFzZS8qIF0KCiAgZG9ja2VyOgogICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgICByZXBvOiBnaXRlYS9naXRlYQogICAgdGFnczogWyAnbGF0ZXN0JyBdCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciBdCgogIHJlbGVhc2U6CiAgICBpbWFnZTogcGx1Z2lucy9zMwogICAgcGF0aF9zdHlsZTogdHJ1ZQogICAgc3RyaXBfcHJlZml4OiBkaXN0L3JlbGVhc2UvCiAgICBzb3VyY2U6IGRpc3QvcmVsZWFzZS8qCiAgICB0YXJnZXQ6IC9naXRlYS8ke0RST05FX1RBRyMjdn0KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHRhZyBdCiAgICAgIGJyYW5jaDogWyByZWZzL3RhZ3MvKiBdCgogIHJlbGVhc2U6CiAgICBpbWFnZTogcGx1Z2lucy9zMwogICAgcGF0aF9zdHlsZTogdHJ1ZQogICAgc3RyaXBfcHJlZml4OiBkaXN0L3JlbGVhc2UvCiAgICBzb3VyY2U6IGRpc3QvcmVsZWFzZS8qCiAgICB0YXJnZXQ6IC9naXRlYS8ke0RST05FX0JSQU5DSCMjcmVsZWFzZS92fQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCBdCiAgICAgIGJyYW5jaDogWyByZWxlYXNlLyogXQoKICByZWxlYXNlOgogICAgaW1hZ2U6IHBsdWdpbnMvczMKICAgIHBhdGhfc3R5bGU6IHRydWUKICAgIHN0cmlwX3ByZWZpeDogZGlzdC9yZWxlYXNlLwogICAgc291cmNlOiBkaXN0L3JlbGVhc2UvKgogICAgdGFyZ2V0OiAvZ2l0ZWEvbWFzdGVyCiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KICAgICAgYnJhbmNoOiBbIG1hc3RlciBdCgogIGdpdGh1YjoKICAgIGltYWdlOiBwbHVnaW5zL2dpdGh1Yi1yZWxlYXNlCiAgICBmaWxlczoKICAgICAgLSBkaXN0L3JlbGVhc2UvKgogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgZ2l0dGVyOgogICAgaW1hZ2U6IHBsdWdpbnMvZ2l0dGVyCgpzZXJ2aWNlczoKICBteXNxbDoKICAgIGltYWdlOiBteXNxbDo1LjcKICAgIGVudmlyb25tZW50OgogICAgICAtIE1ZU1FMX0RBVEFCQVNFPXRlc3QKICAgICAgLSBNWVNRTF9BTExPV19FTVBUWV9QQVNTV09SRD15ZXMKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQoKICBwZ3NxbDoKICAgIGltYWdlOiBwb3N0Z3Jlczo5LjUKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPU1RHUkVTX0RCPXRlc3QKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQo._4feZQfrP_lA1JxSLtj7CDpAN-uB4n4nJKR1R2UcxHg
+eyJhbGciOiJIUzI1NiJ9.d29ya3NwYWNlOgogIGJhc2U6IC9zcnYvYXBwCiAgcGF0aDogc3JjL2NvZGUuZ2l0ZWEuaW8vZ2l0ZWEKCnBpcGVsaW5lOgogIGNsb25lOgogICAgaW1hZ2U6IHBsdWdpbnMvZ2l0CiAgICB0YWdzOiB0cnVlCgogIHRlc3Q6CiAgICBpbWFnZTogd2ViaGlwcGllL2dvbGFuZzplZGdlCiAgICBwdWxsOiB0cnVlCiAgICBlbnZpcm9ubWVudDoKICAgICAgVEFHUzogYmluZGF0YSBzcWxpdGUKICAgICAgR09QQVRIOiAvc3J2L2FwcAogICAgY29tbWFuZHM6CiAgICAgIC0gYXBrIC1VIGFkZCBvcGVuc3NoLWNsaWVudAogICAgICAtIG1ha2UgY2xlYW4KICAgICAgLSBtYWtlIGdlbmVyYXRlCiAgICAgIC0gbWFrZSB2ZXQKICAgICAgLSBtYWtlIGxpbnQKICAgICAgLSBtYWtlIHRlc3QtdmVuZG9yCiAgICAgIC0gbWFrZSB0ZXN0CiAgICAgIC0gbWFrZSBidWlsZAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICB0ZXN0LXNxbGl0ZToKICAgIGltYWdlOiB3ZWJoaXBwaWUvZ29sYW5nOmVkZ2UKICAgIHB1bGw6IHRydWUKICAgIGVudmlyb25tZW50OgogICAgICBUQUdTOiBiaW5kYXRhCiAgICAgIEdPUEFUSDogL3Nydi9hcHAKICAgIGNvbW1hbmRzOgogICAgICAtIG1ha2UgdGVzdC1zcWxpdGUKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZywgcHVsbF9yZXF1ZXN0IF0KCiAgdGVzdC1teXNxbDoKICAgIGltYWdlOiB3ZWJoaXBwaWUvZ29sYW5nOmVkZ2UKICAgIHB1bGw6IHRydWUKICAgIGVudmlyb25tZW50OgogICAgICBUQUdTOiBiaW5kYXRhCiAgICAgIEdPUEFUSDogL3Nydi9hcHAKICAgIGNvbW1hbmRzOgogICAgICAtIGVjaG8gbWFrZSB0ZXN0LW15c3FsICMgTm90IHJlYWR5IHlldAogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICB0ZXN0LXBnc3FsOgogICAgaW1hZ2U6IHdlYmhpcHBpZS9nb2xhbmc6ZWRnZQogICAgcHVsbDogdHJ1ZQogICAgZW52aXJvbm1lbnQ6CiAgICAgIFRBR1M6IGJpbmRhdGEKICAgICAgR09QQVRIOiAvc3J2L2FwcAogICAgY29tbWFuZHM6CiAgICAgIC0gZWNobyBtYWtlIHRlc3QtcHFzcWwgIyBOb3QgcmVhZHkgeWV0CiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoLCB0YWcsIHB1bGxfcmVxdWVzdCBdCgogIHN0YXRpYzoKICAgIGltYWdlOiBrYXJhbGFiZS94Z28tbGF0ZXN0OmxhdGVzdAogICAgcHVsbDogdHJ1ZQogICAgZW52aXJvbm1lbnQ6CiAgICAgIFRBR1M6IGJpbmRhdGEgc3FsaXRlCiAgICAgIEdPUEFUSDogL3Nydi9hcHAKICAgIGNvbW1hbmRzOgogICAgICAtIG1ha2UgcmVsZWFzZQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICBjb3ZlcmFnZToKICAgIGltYWdlOiBwbHVnaW5zL2NvdmVyYWdlCiAgICBzZXJ2ZXI6IGh0dHBzOi8vY292ZXJhZ2UuZ2l0ZWEuaW8KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZywgcHVsbF9yZXF1ZXN0IF0KCiAgZG9ja2VyOgogICAgaW1hZ2U6IHBsdWdpbnMvZG9ja2VyCiAgICByZXBvOiBnaXRlYS9naXRlYQogICAgdGFnczogWyAnJHtEUk9ORV9UQUcjI3Z9JyBdCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBkb2NrZXI6CiAgICBpbWFnZTogcGx1Z2lucy9kb2NrZXIKICAgIHJlcG86IGdpdGVhL2dpdGVhCiAgICB0YWdzOiBbICcke0RST05FX0JSQU5DSCMjcmVsZWFzZS92fScgXQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCBdCiAgICAgIGJyYW5jaDogWyByZWxlYXNlLyogXQoKICBkb2NrZXI6CiAgICBpbWFnZTogcGx1Z2lucy9kb2NrZXIKICAgIHJlcG86IGdpdGVhL2dpdGVhCiAgICB0YWdzOiBbICdsYXRlc3QnIF0KICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQogICAgICBicmFuY2g6IFsgbWFzdGVyIF0KCiAgcmVsZWFzZToKICAgIGltYWdlOiBwbHVnaW5zL3MzCiAgICBwYXRoX3N0eWxlOiB0cnVlCiAgICBzdHJpcF9wcmVmaXg6IGRpc3QvcmVsZWFzZS8KICAgIHNvdXJjZTogZGlzdC9yZWxlYXNlLyoKICAgIHRhcmdldDogL2dpdGVhLyR7RFJPTkVfVEFHIyN2fQogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgdGFnIF0KICAgICAgYnJhbmNoOiBbIHJlZnMvdGFncy8qIF0KCiAgcmVsZWFzZToKICAgIGltYWdlOiBwbHVnaW5zL3MzCiAgICBwYXRoX3N0eWxlOiB0cnVlCiAgICBzdHJpcF9wcmVmaXg6IGRpc3QvcmVsZWFzZS8KICAgIHNvdXJjZTogZGlzdC9yZWxlYXNlLyoKICAgIHRhcmdldDogL2dpdGVhLyR7RFJPTkVfQlJBTkNIIyNyZWxlYXNlL3Z9CiAgICB3aGVuOgogICAgICBldmVudDogWyBwdXNoIF0KICAgICAgYnJhbmNoOiBbIHJlbGVhc2UvKiBdCgogIHJlbGVhc2U6CiAgICBpbWFnZTogcGx1Z2lucy9zMwogICAgcGF0aF9zdHlsZTogdHJ1ZQogICAgc3RyaXBfcHJlZml4OiBkaXN0L3JlbGVhc2UvCiAgICBzb3VyY2U6IGRpc3QvcmVsZWFzZS8qCiAgICB0YXJnZXQ6IC9naXRlYS9tYXN0ZXIKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2ggXQogICAgICBicmFuY2g6IFsgbWFzdGVyIF0KCiAgZ2l0aHViOgogICAgaW1hZ2U6IHBsdWdpbnMvZ2l0aHViLXJlbGVhc2UKICAgIGZpbGVzOgogICAgICAtIGRpc3QvcmVsZWFzZS8qCiAgICB3aGVuOgogICAgICBldmVudDogWyB0YWcgXQogICAgICBicmFuY2g6IFsgcmVmcy90YWdzLyogXQoKICBnaXR0ZXI6CiAgICBpbWFnZTogcGx1Z2lucy9naXR0ZXIKCnNlcnZpY2VzOgogIG15c3FsOgogICAgaW1hZ2U6IG15c3FsOjUuNwogICAgZW52aXJvbm1lbnQ6CiAgICAgIC0gTVlTUUxfREFUQUJBU0U9dGVzdAogICAgICAtIE1ZU1FMX0FMTE9XX0VNUFRZX1BBU1NXT1JEPXllcwogICAgd2hlbjoKICAgICAgZXZlbnQ6IFsgcHVzaCwgdGFnLCBwdWxsX3JlcXVlc3QgXQoKICBwZ3NxbDoKICAgIGltYWdlOiBwb3N0Z3Jlczo5LjUKICAgIGVudmlyb25tZW50OgogICAgICAtIFBPU1RHUkVTX0RCPXRlc3QKICAgIHdoZW46CiAgICAgIGV2ZW50OiBbIHB1c2gsIHRhZywgcHVsbF9yZXF1ZXN0IF0K.dA2VK6LdoPXvBTYAUywWervhOZmgOjU32uiiPrBbVdQ

.gitattributes

@@ -0,0 +1,6 @@
+conf/* linguist-vendored
+docker/* linguist-vendored
+options/* linguist-vendored
+public/* linguist-vendored
+scripts/* linguist-vendored
+templates/* linguist-vendored

.github/issue_template.md

@@ -1,9 +1,9 @@
-1. Please speak English, this is the language everybody of us can speak and write.
-2. Please ask questions or config/deploy problems on our Gitter channel: https://gitter.im/go-gitea/gitea
-3. Please take a moment to search that an issue doesn't already exist.
-4. Please give all relevant information below for bug reports, incomplete details will be handled as an invalid report.
+1. Please speak English, this is the language all of us can speak and write.
+2. Please ask questions or configuration/deploy problems on our Gitter channel: https://gitter.im/go-gitea/gitea
+3. Please take a moment to search check that your issue doesn't already exist.
+4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report.
 
-**You MUST delete the content above including this line before posting, otherwise your pull request will be invalid.**
+**You MUST delete the content above including this line before posting, otherwise your issue will be invalid.**
 
 - Gitea version (or commit ref):
 - Git version:
@@ -11,6 +11,7 @@
 - Database (use `[x]`):
   - [ ] PostgreSQL
   - [ ] MySQL
+  - [ ] MSSQL
   - [ ] SQLite
 - Can you reproduce the bug at https://try.gitea.io:
   - [ ] Yes (provide example URL)
@@ -21,3 +22,8 @@
 ## Description
 
 ...
+
+
+## Screenshots
+
+**If this issue involves the Web Interface, please include a screenshot**

.gitignore

@@ -36,10 +36,13 @@ coverage.out
 *.log
 
 /gitea
+/integrations.test
 
 /bin
 /dist
 /custom
 /data
+/indexers
 /log
 /public/img/avatar
+/integrations/gitea-integration

CHANGELOG.md

@@ -1,5 +1,126 @@
 # Changelog
 
+## Unreleased
+
+* BREAKING
+  * Password reset URL changed from `/user/forget_password` to `/user/forgot_password`
+  * SSH keys management URL changed from `/user/settings/ssh` to `/user/settings/keys`
+
+
+## [1.1.0](https://github.com/go-gitea/gitea/releases/tag/v1.1.0) - 2017-03-09
+
+* BREAKING
+  * The SSH keys can potentially break, make sure to regenerate the authorized keys
+* FEATURE
+  * Git LFSv2 support [#122](https://github.com/go-gitea/gitea/pull/122)
+  * API endpoints for repo watching [#191](https://github.com/go-gitea/gitea/pull/191)
+  * Search within private repos [#222](https://github.com/go-gitea/gitea/pull/222)
+  * Hide user email address on explore page [#336](https://github.com/go-gitea/gitea/pull/336)
+  * Protected branch system [#339](https://github.com/go-gitea/gitea/pull/339)
+  * Sendmail for mail delivery [#355](https://github.com/go-gitea/gitea/pull/355)
+  * API endpoints for org webhooks [#372](https://github.com/go-gitea/gitea/pull/372)
+  * Enabled MSSQL support [#383](https://github.com/go-gitea/gitea/pull/383)
+  * API endpoints for org teams [#370](https://github.com/go-gitea/gitea/pull/370)
+  * API endpoints for collaborators [#375](https://github.com/go-gitea/gitea/pull/375)
+  * Graceful server restart [#416](https://github.com/go-gitea/gitea/pull/416)
+  * Commitgraph / timeline on commits page [#428](https://github.com/go-gitea/gitea/pull/428)
+  * API endpoints for repo forks [#509](https://github.com/go-gitea/gitea/pull/509)
+  * API endpoints for releases [#510](https://github.com/go-gitea/gitea/pull/510)
+  * Folder jumping [#511](https://github.com/go-gitea/gitea/pull/511)
+  * Stars tab on profile page [#519](https://github.com/go-gitea/gitea/pull/519)
+  * Notification system [#523](https://github.com/go-gitea/gitea/pull/523)
+  * Push and pull through reverse proxy basic auth [#524](https://github.com/go-gitea/gitea/pull/524)
+  * Search for issues and pull requests [#530](https://github.com/go-gitea/gitea/pull/530)
+  * API endpoint for stargazers [#597](https://github.com/go-gitea/gitea/pull/597)
+  * API endpoints for subscribers [#598](https://github.com/go-gitea/gitea/pull/598)
+  * PID file support [#610](https://github.com/go-gitea/gitea/pull/610)
+  * Two factor authentication (2FA) [#630](https://github.com/go-gitea/gitea/pull/630)
+  * API endpoints for org users [#645](https://github.com/go-gitea/gitea/pull/645)
+  * Release attachments [#673](https://github.com/go-gitea/gitea/pull/673)
+  * OAuth2 consumer [#679](https://github.com/go-gitea/gitea/pull/679)
+  * Add ability to fork your own repos [#761](https://github.com/go-gitea/gitea/pull/761)
+  * Search repository on dashboard [#773](https://github.com/go-gitea/gitea/pull/773)
+  * Search bar on user profile [#787](https://github.com/go-gitea/gitea/pull/787)
+  * Track label changes on issue view [#788](https://github.com/go-gitea/gitea/pull/788)
+  * Allow using custom time format [#798](https://github.com/go-gitea/gitea/pull/798)
+  * Redirects for renamed repos [#807](https://github.com/go-gitea/gitea/pull/807)
+  * Track assignee changes on issue view [#808](https://github.com/go-gitea/gitea/pull/808)
+  * Track title changes on issue view [#841](https://github.com/go-gitea/gitea/pull/841)
+  * Archive cleanup action [#885](https://github.com/go-gitea/gitea/pull/885)
+  * Basic Open Graph support [#901](https://github.com/go-gitea/gitea/pull/901)
+  * Take back control of Git hooks [#1006](https://github.com/go-gitea/gitea/pull/1006)
+  * API endpoints for user repos [#1059](https://github.com/go-gitea/gitea/pull/1059)
+* BUGFIXES
+  * Fixed counting issues for issue filters [#413](https://github.com/go-gitea/gitea/pull/413)
+  * Added back default settings for SSH [#500](https://github.com/go-gitea/gitea/pull/500)
+  * Fixed repo permissions [#513](https://github.com/go-gitea/gitea/pull/513)
+  * Issues cannot be created with labels [#622](https://github.com/go-gitea/gitea/pull/622)
+  * Add a reserved wiki paths check to the wiki [#720](https://github.com/go-gitea/gitea/pull/720)
+  * Update website binding MaxSize to 255 [#722](https://github.com/go-gitea/gitea/pull/722)
+  * User can see the private activity on public history [#818](https://github.com/go-gitea/gitea/pull/818)
+  * Wrong pages number which includes private repositories [#844](https://github.com/go-gitea/gitea/pull/844)
+  * Trim whitespaces for search keyword [#893](https://github.com/go-gitea/gitea/pull/893)
+  * Don't rewrite non-gitea public keys [#906](https://github.com/go-gitea/gitea/pull/906)
+  * Use fingerprint to check instead content for public key [#911](https://github.com/go-gitea/gitea/pull/911)
+  * Fix random avatars [#1147](https://github.com/go-gitea/gitea/pull/1147)
+* ENHANCEMENT
+  * Refactored process manager [#75](https://github.com/go-gitea/gitea/pull/75)
+  * Restrict rights to create new orgs [#193](https://github.com/go-gitea/gitea/pull/193)
+  * Added label and milestone sorting [#199](https://github.com/go-gitea/gitea/pull/199)
+  * Make minimum password length configurable [#223](https://github.com/go-gitea/gitea/pull/223)
+  * Speedup conflict checking on pull requests [#276](https://github.com/go-gitea/gitea/pull/276)
+  * Added button to delete merged pull request branches [#441](https://github.com/go-gitea/gitea/pull/441)
+  * Improved issue references within markdown [#471](https://github.com/go-gitea/gitea/pull/471)
+  * Dutch translation for the landingpage [#487](https://github.com/go-gitea/gitea/pull/487)
+  * Added Gogs migration script [#532](https://github.com/go-gitea/gitea/pull/532)
+  * Support a .gitea folder for issue templates [#582](https://github.com/go-gitea/gitea/pull/582)
+  * Enhanced diff-view coloring [#584](https://github.com/go-gitea/gitea/pull/584)
+  * Added ETag header to avatars [#721](https://github.com/go-gitea/gitea/pull/721)
+  * Added option to config to disable local path imports [#724](https://github.com/go-gitea/gitea/pull/724)
+  * Allow custom public files [#782](https://github.com/go-gitea/gitea/pull/782)
+  * Added pprof endpoint for debugging [#801](https://github.com/go-gitea/gitea/pull/801)
+  * Added `X-GitHub-*` headers [#809](https://github.com/go-gitea/gitea/pull/809)
+  * Fill SSH key title automatically [#863](https://github.com/go-gitea/gitea/pull/863)
+  * Display Git version on admin panel [#921](https://github.com/go-gitea/gitea/pull/921)
+  * Expose URL field on issue API [#982](https://github.com/go-gitea/gitea/pull/982)
+  * Statically compile the binaries [#985](https://github.com/go-gitea/gitea/pull/985)
+  * Embed build tags into version string [#1051](https://github.com/go-gitea/gitea/pull/1051)
+  * Gitignore support for FSharp and Clojure [#1072](https://github.com/go-gitea/gitea/pull/1072)
+  * Custom templates for static builds [#1087](https://github.com/go-gitea/gitea/pull/1087)
+  * Add ProxyFromEnvironment if none set [#1096](https://github.com/go-gitea/gitea/pull/1096)
+* MISC
+  * Replaced remaining Gogs references
+  * Added more tests on various packages
+  * Use Crowdin for translations again
+  * Resolved some XSS attack vectors
+  * Optimized and reduced number of database queries
+
+## [1.0.2](https://github.com/go-gitea/gitea/releases/tag/v1.0.2) - 2017-02-21
+
+* BUGFIXES
+  * Fixed issue counter [#882](https://github.com/go-gitea/gitea/pull/882)
+  * Fixed XSS vulnerability on wiki page [#955](https://github.com/go-gitea/gitea/pull/955)
+  * Add data dir without session to dump [#587](https://github.com/go-gitea/gitea/pull/587)
+  * Fixed wiki page renaming [#958](https://github.com/go-gitea/gitea/pull/958)
+  * Drop default console logger if not required [#960](https://github.com/go-gitea/gitea/pull/960)
+  * Fixed docker docs link on install page [#972](https://github.com/go-gitea/gitea/pull/972)
+  * Handle SetModel errors [#957](https://github.com/go-gitea/gitea/pull/957)
+  * Fixed XSS vulnerability on milestones [#977](https://github.com/go-gitea/gitea/pull/977)
+  * Fixed XSS vulnerability on alerts [#981](https://github.com/go-gitea/gitea/pull/981)
+
+## [1.0.1](https://github.com/go-gitea/gitea/releases/tag/v1.0.1) - 2017-01-05
+
+* BUGFIXES
+  * Fixed localized `MIN_PASSWORD_LENGTH` [#501](https://github.com/go-gitea/gitea/pull/501)
+  * Fixed 500 error on organization delete [#507](https://github.com/go-gitea/gitea/pull/507)
+  * Ignore empty wiki repo on migrate [#544](https://github.com/go-gitea/gitea/pull/544)
+  * Proper check access for forking [#563](https://github.com/go-gitea/gitea/pull/563)
+  * Fix SSH domain on installer [#506](https://github.com/go-gitea/gitea/pull/506)
+  * Fix missing data rows on admin UI [#580](https://github.com/go-gitea/gitea/pull/580)
+  * Do not delete tags with releases by default [#579](https://github.com/go-gitea/gitea/pull/579)
+  * Fix missing session config data on admin UI [#578](https://github.com/go-gitea/gitea/pull/578)
+  * Properly show the version within footer on the UI [#593](https://github.com/go-gitea/gitea/pull/593)
+
 ## [1.0.0](https://github.com/go-gitea/gitea/releases/tag/v1.0.0) - 2016-12-23
 
 * BREAKING

CONTRIBUTING.md

@@ -2,7 +2,7 @@
 
 ## Introduction
 
-This document explains how to contribute changes to the Gitea project. It assumes you have followed the [installation instructions](https://github.com/go-gitea/docs/tree/master/en-US/installation). Sensitive security-related issues should be reported to [security@gitea.io](mailto:security@gitea.io).
+This document explains how to contribute changes to the Gitea project. It assumes you have followed the [installation instructions](https://docs.gitea.io/en-us/). Sensitive security-related issues should be reported to [security@gitea.io](mailto:security@gitea.io).
 
 ## Bug reports
 
@@ -10,7 +10,7 @@ Please search the issues on the issue tracker with a variety of keywords to ensu
 
 If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new) and answer the questions so we can understand and reproduce the problematic behavior.
 
-The burden is on you to convince us that it is actually a bug in Gitea. This is easiest to do when you write clear, concise instructions so we can reproduce the behavior (even if it seems obvious). The more detailed and specific you are, the faster we will be able to help you. Check out [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).
+To show us that the issue you are having is in Gitea itself, please write clear, concise instructions so we can reproduce the behavior (even if it seems obvious). The more detailed and specific you are, the faster we can fix the issue. Check out [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).
 
 Please be kind, remember that Gitea comes at no cost to you, and you're getting free help.
 
@@ -24,17 +24,44 @@ This process gives everyone a chance to validate the design, helps prevent dupli
 
 ## Testing redux
 
-Before sending code out for review, run all the tests for the whole tree to make sure the changes don't break other usage and keep the compatibility on upgrade. To make sure you are running the test suite exactly like we do you should install the CLI for [Drone CI](https://github.com/drone/drone), as we are using the server for continous testing, following [these instructions](http://readme.drone.io/0.5/install/cli/). After that you can simply call `drone exec` within your working directory and it will try to run the test suite locally.
+Before sending code out for review, run all the tests for the whole tree to make sure the changes don't break other usage and keep the compatibility on upgrade. To make sure you are running the test suite exactly like we do, you should install the CLI for [Drone CI](https://github.com/drone/drone), as we are using the server for continous testing, following [these instructions](http://readme.drone.io/usage/getting-started-cli). After that you can simply call `drone exec` within your working directory and it will try to run the test suite locally.
+
+## Vendoring
+
+We keep a cached copy of dependencies within the `vendor/` directory, managing updates via [govendor](http://github.com/kardianos/govendor).
+
+Pull requests should only include `vendor/` updates if they are part of the same change, be it a bugfix or a feature addition.
+
+The `vendor/` update needs to be justified as part of the PR description, and must be verified by the reviewers and/or merger to always reference an existing upstream commit.
 
 ## Code review
 
 Changes to Gitea must be reviewed before they are accepted, no matter who makes the change even if it is an owner or a maintainer. We use GitHub's pull request workflow to do that and we also use [LGTM](http://lgtm.co) to ensure every PR is reviewed by at least 2 maintainers.
 
-Please try to make your pull request easy to review for us. Please read the "[How to get faster PR reviews](https://github.com/kubernetes/kubernetes/blob/master/docs/devel/faster_reviews.md)" guide, it has lots of useful tips for any project you may want to contribute. Some of the key points:
+Please try to make your pull request easy to review for us. Please read the "[How to get faster PR reviews](https://github.com/kubernetes/community/blob/master/contributors/devel/faster_reviews.md)" guide, it has lots of useful tips for any project you may want to contribute. Some of the key points:
 
 * Make small pull requests. The smaller, the faster to review and the more likely it will be merged soon.
 * Don't make changes unrelated to your PR. Maybe there are typos on some comments, maybe refactoring would be welcome on a function... but if that is not related to your PR, please make *another* PR for that.
-* Split big pull requests in multiple small ones. An incremental change will be faster to review than a huge PR.
+* Split big pull requests into multiple small ones. An incremental change will be faster to review than a huge PR.
+
+## Styleguide
+
+For imports you should use the following format (_without_ the comments)
+```go
+import (
+  // stdlib
+  "encoding/json"
+  "fmt"
+
+  // local packages
+  "code.gitea.io/gitea/models"
+  "code.gitea.io/sdk/gitea"
+
+  // external packages
+  "github.com/foo/bar"
+  "gopkg.io/baz.v1"
+)
+```
 
 ## Sign your work
 
@@ -44,20 +71,26 @@ The sign-off is a simple line at the end of the explanation for the patch. Your
 Signed-off-by: Joe Smith <joe.smith@email.com>
 ```
 
-Please use your real name, we really dislike pseudonyms or anonymous contributions. We are in the opensource world without secrets. If you set your `user.name` and `user.email` git configs, you can sign your commit automatically with `git commit -s`.
+Please use your real name, we really dislike pseudonyms or anonymous contributions. We are in the open-source world without secrets. If you set your `user.name` and `user.email` git configs, you can sign your commit automatically with `git commit -s`.
+
+## Release Cycle
+
+We adopted a release schedule to streamline the process of working on, finishing, and issuing releases. The overall goal is to make a major release every two months, which breaks down into one month of general development followed by one month of testing and polishing known as the release freeze. A release is maintained by issuing minor releases to only correct critical problems such as crashes or security issues. All the feature pull requests should be merged in the first month of one release period. 
+
+The current release cycle is aligned to start on December 25 to February 24, next is February 25 to April 24, and etc. On this cycle, we also maybe publish the previous release minor version. For example, the current release version is v1.1, but we maybe also publish v1.0.2. When we publish v1.2, then we will stop publish v1.0.3.
 
 ## Maintainers
 
-To make sure every PR is checked, we got team maintainers. Every PR **MUST** be reviewed by at least two maintainers (or owners) before it can get merged. A maintainer should be a contributor of Gitea (or Gogs) and contributed at least 4 accepted PRs. A contributor should apply as a maintainer in the [Gitter develop channel](https://gitter.im/go-gitea/develop). The owners or the team maintainers may invite the contributor. A maintainer should spend some time on code reviews. If a maintainer has no time to do that, they should apply to leave the maintainers team and we will give them the honor of being a member of the advisors team. Of course, if an advisor has time to code review, we will gladly welcome them back to maintainers team. If someone has no time to code review and forgets to leave the maintainers team, the owners have the power to move him from maintainers team to advisors team.
+To make sure every PR is checked, we have [team maintainers](MAINTAINERS). Every PR **MUST** be reviewed by at least two maintainers (or owners) before it can get merged. A maintainer should be a contributor of Gitea (or Gogs) and contributed at least 4 accepted PRs. A contributor should apply as a maintainer in the [Gitter develop channel](https://gitter.im/go-gitea/develop). The owners or the team maintainers may invite the contributor. A maintainer should spend some time on code reviews. If a maintainer has no time to do that, they should apply to leave the maintainers team and we will give them the honor of being a member of the [advisors team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if an advisor has time to code review, we will gladly welcome them back to the maintainers team. If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team.
 
 ## Owners
 
-Since Gitea is a pure community organization without any company support, to keep the development healthy we will elect the owners every year. Every time we will elect three owners. All the contributors may vote up to three people, one of which is the main owner, and the others are assistant owners. When the new owners have been elected, the old owners MUST move the power to the new ones. If an owner don't obey these rules, the others are allowed to revoke his owner status.
+Since Gitea is a pure community organization without any company support, to keep the development healthy we will elect three owners every year. All contributors may vote to elect up to three candidates, one of which will be the main owner, and the other two the assistant owners. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. If an owner is unable to do so, the other owners will assist in ceding ownership to the newly elected owners.
 
-After the election, the new owners should say they agree with these rules on the [CONTRIBUTING](CONTRIBUTING.md) on the [Gitter main channel](https://gitter.im/go-gitea/gitea). Below are the words to speak:
+After the election, the new owners should proactively agree with our [CONTRIBUTING](CONTRIBUTING.md) requirements on the [Gitter main channel](https://gitter.im/go-gitea/gitea). Below are the words to speak:
 
 ```
-I'm glad to be an owner of Gitea, I agree with [CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea and lead the development of Gitea.
+I'm honored to having been elected an owner of Gitea, I agree with [CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea and lead the development of Gitea.
 ```
 
 To honor the past owners, here's the history of the owners and the time they served:
@@ -78,7 +111,7 @@ Since the `master` branch is a tip version, if you wish to use Gitea in producti
 Code that you contribute should use the standard copyright header:
 
 ```
-// Copyright 2016 The Gitea Authors. All rights reserved.
+// Copyright 2017 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```

Dockerfile.aarch64

@@ -0,0 +1,43 @@
+FROM aarch64/alpine:3.5
+
+EXPOSE 22 3000
+
+RUN apk update && \
+  apk add \
+    su-exec \
+    ca-certificates \
+    sqlite \
+    bash \
+    git \
+    linux-pam \
+    s6 \
+    curl \
+    openssh \
+    tzdata && \
+  rm -rf \
+    /var/cache/apk/* && \
+  addgroup \
+    -S -g 1000 \
+    git && \
+  adduser \
+    -S -H -D \
+    -h /data/git \
+    -s /bin/bash \
+    -u 1000 \
+    -G git \
+    git && \
+  echo "git:$(date +%s | sha256sum | base64 | head -c 32)" | chpasswd
+
+ENV USER git
+ENV GITEA_CUSTOM /data/gitea
+
+COPY docker /
+COPY gitea /app/gitea/gitea
+
+ENV GODEBUG=netdns=go
+
+VOLUME ["/data"]
+
+ENTRYPOINT ["/usr/bin/entrypoint"]
+CMD ["/bin/s6-svscan", "/etc/s6"]
+

Dockerfile.rpi

@@ -26,7 +26,8 @@ RUN apk update && \
     -s /bin/bash \
     -u 1000 \
     -G git \
-    git
+    git && \
+  echo "git:$(date +%s | sha256sum | base64 | head -c 32)" | chpasswd
 
 ENV USER git
 ENV GITEA_CUSTOM /data/gitea
@@ -38,7 +39,4 @@ ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]
 
 COPY docker /
-
-COPY public /app/gitea/public
-COPY templates /app/gitea/templates
 COPY gitea /app/gitea/gitea

MAINTAINERS

@@ -1,5 +1,7 @@
 Alexey Makhov <amakhov@avito.ru> (@makhov)
 Andrey Nering <andrey.nering@gmail.com> (@andreynering)
+Bo-Yi Wu <appleboy.tw@gmail.com> (@appleboy)
+Ethan Koenig <ethantkoenig@gmail.com> (@ethantkoenig)
 Kees de Vries <bouwko@gmail.com> (@Bwko)
 Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
 LefsFlare <nobody@nobody.tld> (@LefsFlarey)
@@ -10,3 +12,5 @@ Rémy Boulanouar <admin@dblk.org> (@DblK)
 Sandro Santilli <strk@kbt.io> (@strk)
 Thibault Meyer <meyer.thibault@gmail.com> (@0xbaadf00d)
 Thomas Boerger <thomas@webhippie.de> (@tboerger)
+Patrick G <geek1011@outlook.com> (@geek1011)
+Antoine Girard <sapk@sapk.fr> (@sapk)

Makefile

@@ -1,15 +1,24 @@
 DIST := dist
-EXECUTABLE := gitea
 IMPORT := code.gitea.io/gitea
 
+ifeq ($(OS), Windows_NT)
+	EXECUTABLE := gitea.exe
+else
+	EXECUTABLE := gitea
+endif
+
 BINDATA := modules/{options,public,templates}/bindata.go
 STYLESHEETS := $(wildcard public/less/index.less public/less/_*.less)
 JAVASCRIPTS :=
 
-LDFLAGS += -X "main.Version=$(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')"
+GOFLAGS := -i -v
+EXTRA_GOFLAGS ?=
 
-TARGETS ?= linux/*,darwin/*,windows/*
-PACKAGES ?= $(shell go list ./... | grep -v /vendor/)
+VERSION := $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
+
+LDFLAGS := -X "main.Version=$(VERSION)" -X "main.Tags=$(TAGS)"
+
+PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations,$(shell go list ./... | grep -v /vendor/))
 SOURCES ?= $(shell find . -name "*.go" -type f)
 
 TAGS ?=
@@ -34,7 +43,7 @@ clean:
 
 .PHONY: fmt
 fmt:
-	go fmt $(PACKAGES)
+	find . -name "*.go" -type f -not -path "./vendor/*" | xargs gofmt -s -w
 
 .PHONY: vet
 vet:
@@ -42,36 +51,56 @@ vet:
 
 .PHONY: generate
 generate:
-	@which go-bindata > /dev/null; if [ $$? -ne 0 ]; then \
+	@hash go-bindata > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		go get -u github.com/jteeuwen/go-bindata/...; \
 	fi
 	go generate $(PACKAGES)
 
 .PHONY: errcheck
 errcheck:
-	@which errcheck > /dev/null; if [ $$? -ne 0 ]; then \
+	@hash errcheck > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		go get -u github.com/kisielk/errcheck; \
 	fi
 	errcheck $(PACKAGES)
 
 .PHONY: lint
 lint:
-	@which golint > /dev/null; if [ $$? -ne 0 ]; then \
+	@hash golint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		go get -u github.com/golang/lint/golint; \
 	fi
 	for PKG in $(PACKAGES); do golint -set_exit_status $$PKG || exit 1; done;
 
+.PHONY: integrations
+integrations: TAGS=bindata sqlite
+integrations: build
+	go test code.gitea.io/gitea/integrations
+
 .PHONY: test
 test:
 	for PKG in $(PACKAGES); do go test -cover -coverprofile $$GOPATH/src/$$PKG/coverage.out $$PKG || exit 1; done;
 
+.PHONY: test-vendor
+test-vendor:
+	@hash govendor > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		go get -u github.com/kardianos/govendor; \
+	fi
+	govendor status +outside +unused  || exit 1
+
+.PHONY: test-sqlite
+test-sqlite: integrations.test
+	GITEA_CONF=integrations/sqlite.ini ./integrations.test
+
 .PHONY: test-mysql
-test-mysql:
-	@echo "Not integrated yet!"
+test-mysql: integrations.test
+	echo "CREATE DATABASE IF NOT EXISTS testgitea" | mysql -u root
+	GITEA_CONF=integrations/mysql.ini ./integrations.test
 
 .PHONY: test-pgsql
-test-pgsql:
-	@echo "Not integrated yet!"
+test-pgsql: integrations.test
+	GITEA_CONF=integrations/pgsql.ini ./integrations.test
+
+integrations.test: $(SOURCES)
+	go test -c code.gitea.io/gitea/integrations -tags 'sqlite'
 
 .PHONY: check
 check: test
@@ -84,26 +113,46 @@ install: $(wildcard *.go)
 build: $(EXECUTABLE)
 
 $(EXECUTABLE): $(SOURCES)
-	go build -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
+	go build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 
 .PHONY: docker
 docker:
-	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="$(TAGS)" webhippie/golang:edge make clean generate build
+	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" webhippie/golang:edge make clean generate build
 	docker build -t gitea/gitea:latest .
 
 .PHONY: release
-release: release-dirs release-build release-copy release-check
+release: release-dirs release-windows release-linux release-darwin release-copy release-check
 
 .PHONY: release-dirs
 release-dirs:
 	mkdir -p $(DIST)/binaries $(DIST)/release
 
-.PHONY: release-build
-release-build:
-	@which xgo > /dev/null; if [ $$? -ne 0 ]; then \
+.PHONY: release-windows
+release-windows:
+	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		go get -u github.com/karalabe/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -targets '$(TARGETS)' -out $(EXECUTABLE)-$(VERSION) $(IMPORT)
+	xgo -dest $(DIST)/binaries -tags '$(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+ifeq ($(CI),drone)
+	mv /build/* $(DIST)/binaries
+endif
+
+.PHONY: release-linux
+release-linux:
+	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		go get -u github.com/karalabe/xgo; \
+	fi
+	xgo -dest $(DIST)/binaries -tags '$(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/*' -out gitea-$(VERSION) .
+ifeq ($(CI),drone)
+	mv /build/* $(DIST)/binaries
+endif
+
+.PHONY: release-darwin
+release-darwin:
+	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		go get -u github.com/karalabe/xgo; \
+	fi
+	xgo -dest $(DIST)/binaries -tags '$(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
 	mv /build/* $(DIST)/binaries
 endif

README.md

@@ -2,24 +2,23 @@
 
 # Gitea - Git with a cup of tea
 
-[![Build Status](http://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](http://drone.gitea.io/go-gitea/gitea)
+[![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
 [![Join the chat at https://gitter.im/go-gitea/gitea](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-gitea/gitea?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](http://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
 [![Coverage Status](https://coverage.gitea.io/badges/go-gitea/gitea/coverage.svg)](https://coverage.gitea.io/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
-[![Release](http://github-release-version.herokuapp.com/github/go-gitea/gitea/release.svg?style=flat)](https://github.com/go-gitea/gitea/releases/latest)
+[![Release](https://github-release-version.herokuapp.com/github/go-gitea/gitea/release.svg?style=flat)](https://github.com/go-gitea/gitea/releases/latest)
 
-||||
-|:-------------:|:-------:|:-------:|
+| | | |
+|:---:|:---:|:---:|
 |![Dashboard](https://i.imgur.com/3iEQsux.jpg)|![Repository](https://i.imgur.com/glqFnj8.jpg)|![Commits History](https://i.imgur.com/ad1FEpi.jpg)|
 |![Profile](https://i.imgur.com/q81EcGa.jpg)|![Admin Dashboard](https://i.imgur.com/L2CQeN0.jpg)|![Diff](https://i.imgur.com/cNuvMum.jpg)|
 |![Issues](https://i.imgur.com/xCYRqaF.jpg)|![Releases](https://i.imgur.com/ILpRBCe.jpg)|![Organization](https://i.imgur.com/0BHnrcL.jpg)|
-||||
 
 ## Purpose
 
-The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. With Go, this can be done with an independent binary distribution across **all platforms** that Go supports, including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC architectures. Want to try it before doing anything else? Do it [online](https://try.gitea.io/)!
+The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. Using Go, this can be done with an independent binary distribution across **all platforms** which Go supports, including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC architectures. Want to try it before doing anything else? Do it [with the online demo](https://try.gitea.io/)! This project has been [forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from [Gogs](https://gogs.io).
 
 ## Notes
 
@@ -29,7 +28,7 @@ The goal of this project is to make the easiest, fastest, and most painless way
 
 ## Docs
 
-For further information or instructions how to install Gitea please take a look at our [documentation](https://docs.gitea.io/en-us/), if you can not find some specific information just head over to our [Gitter](https://gitter.im/go-gitea/gitea) channel to have a chat with us.
+For more information and instructions about how to install Gitea please look at our [documentation](https://docs.gitea.io/en-us/). If you cannot find some specific information, then head over to our [Gitter](https://gitter.im/go-gitea/gitea) channel to chat with us.
 
 ## Contributing
 
@@ -43,4 +42,4 @@ Fork -> Patch -> Push -> Pull Request
 
 ## License
 
-This project is under the MIT License. See the [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) file for the full license text.
+This project is licensed under the MIT License. See the [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) file for the full license text.

README_ZH.md

@@ -2,20 +2,19 @@
 
 # Gitea - Git with a cup of tea
 
-[![Build Status](http://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](http://drone.gitea.io/go-gitea/gitea)
+[![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
 [![Join the chat at https://gitter.im/go-gitea/gitea](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/go-gitea/gitea?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](http://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
+[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
 [![Coverage Status](https://coverage.gitea.io/badges/go-gitea/gitea/coverage.svg)](https://coverage.gitea.io/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
-[![Release](http://github-release-version.herokuapp.com/github/go-gitea/gitea/release.svg?style=flat)](https://github.com/go-gitea/gitea/releases/latest)
+[![Release](https://github-release-version.herokuapp.com/github/go-gitea/gitea/release.svg?style=flat)](https://github.com/go-gitea/gitea/releases/latest)
 
-||||
-|:-------------:|:-------:|:-------:|
+| | | |
+|:---:|:---:|:---:|
 |![Dashboard](https://i.imgur.com/3iEQsux.jpg)|![Repository](https://i.imgur.com/glqFnj8.jpg)|![Commits History](https://i.imgur.com/ad1FEpi.jpg)|
 |![Profile](https://i.imgur.com/q81EcGa.jpg)|![Admin Dashboard](https://i.imgur.com/L2CQeN0.jpg)|![Diff](https://i.imgur.com/cNuvMum.jpg)|
 |![Issues](https://i.imgur.com/xCYRqaF.jpg)|![Releases](https://i.imgur.com/ILpRBCe.jpg)|![Organization](https://i.imgur.com/0BHnrcL.jpg)|
-||||
 
 ## 目标
 

changelog/unreleased/restore-backup.yml

@@ -0,0 +1,3 @@
+title: Implement proper `gitea restore` & `gitea backup`. Deprecating `gitea dump`
+kind: feature
+pull_request: 1637

cmd/admin.go

@@ -8,21 +8,22 @@ package cmd
 import (
 	"fmt"
 
-	"github.com/urfave/cli"
-
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli"
 )
 
 var (
 	// CmdAdmin represents the available admin sub-command.
 	CmdAdmin = cli.Command{
 		Name:  "admin",
-		Usage: "Preform admin operations on command line",
+		Usage: "Perform admin operations on command line",
 		Description: `Allow using internal logic of Gitea without hacking into the source code
 to make automatic initialization process more smoothly`,
 		Subcommands: []cli.Command{
 			subcmdCreateUser,
+			subcmdChangePassword,
 		},
 	}
 
@@ -57,8 +58,59 @@ to make automatic initialization process more smoothly`,
 			},
 		},
 	}
+
+	subcmdChangePassword = cli.Command{
+		Name:   "change-password",
+		Usage:  "Change a user's password",
+		Action: runChangePassword,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "username,u",
+				Value: "",
+				Usage: "The user to change password for",
+			},
+			cli.StringFlag{
+				Name:  "password,p",
+				Value: "",
+				Usage: "New password to set for user",
+			},
+		},
+	}
 )
 
+func runChangePassword(c *cli.Context) error {
+	if !c.IsSet("password") {
+		return fmt.Errorf("Password is not specified")
+	} else if !c.IsSet("username") {
+		return fmt.Errorf("Username is not specified")
+	}
+
+	setting.NewContext()
+	models.LoadConfigs()
+
+	setting.NewXORMLogService(false)
+	if err := models.SetEngine(); err != nil {
+		return fmt.Errorf("models.SetEngine: %v", err)
+	}
+
+	uname := c.String("username")
+	user, err := models.GetUserByName(uname)
+	if err != nil {
+		return fmt.Errorf("%v", err)
+	}
+	user.Passwd = c.String("password")
+	if user.Salt, err = models.GetUserSalt(); err != nil {
+		return fmt.Errorf("%v", err)
+	}
+	user.EncodePasswd()
+	if err := models.UpdateUser(user); err != nil {
+		return fmt.Errorf("%v", err)
+	}
+
+	fmt.Printf("User '%s' password has been successfully updated!\n", uname)
+	return nil
+}
+
 func runCreateUser(c *cli.Context) error {
 	if !c.IsSet("name") {
 		return fmt.Errorf("Username is not specified")
@@ -74,7 +126,11 @@ func runCreateUser(c *cli.Context) error {
 
 	setting.NewContext()
 	models.LoadConfigs()
-	models.SetEngine()
+
+	setting.NewXORMLogService(false)
+	if err := models.SetEngine(); err != nil {
+		return fmt.Errorf("models.SetEngine: %v", err)
+	}
 
 	if err := models.CreateUser(&models.User{
 		Name:     c.String("name"),

cmd/backup.go

@@ -0,0 +1,197 @@
+// Copyright 2017 the Gitea Authors. All rights reserved.
+// Copyright 2017 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"runtime/debug"
+	"time"
+
+	"github.com/Unknwon/cae/zip"
+	"github.com/Unknwon/com"
+	"github.com/urfave/cli"
+	"gopkg.in/ini.v1"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// Backup files and database
+var Backup = cli.Command{
+	Name:  "backup",
+	Usage: "Backup files and database",
+	Description: `Backup dumps and compresses all related files and database into zip file,
+   which can be used for migrating Gitea to another server. The output format is meant to be
+   portable among all supported database engines.`,
+	Action: runBackup,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "config, c",
+			Value: "custom/conf/app.ini",
+			Usage: "Custom configuration `FILE` path",
+		},
+		cli.StringFlag{
+			Name:  "tempdir, t",
+			Value: os.TempDir(),
+			Usage: "Temporary directory `PATH`",
+		},
+		cli.StringFlag{
+			Name:  "target",
+			Value: "./",
+			Usage: "Target directory `PATH` to save backup archive",
+		},
+		cli.BoolFlag{
+			Name:  "verbose, v",
+			Usage: "Show process details",
+		},
+		cli.BoolTFlag{
+			Name:  "db",
+			Usage: "Backup the database (default: true)",
+		},
+		cli.BoolTFlag{
+			Name:  "repos",
+			Usage: "Backup repositories (default: true)",
+		},
+		cli.BoolTFlag{
+			Name:  "data",
+			Usage: "Backup attachments and avatars (default: true)",
+		},
+		cli.BoolTFlag{
+			Name:  "custom",
+			Usage: "Backup custom files (default: true)",
+		},
+	},
+}
+
+const (
+	archiveRootDir = "gitea-backup"
+	backupVersion  = 1
+)
+
+func runBackup(c *cli.Context) error {
+	zip.Verbose = c.Bool("verbose")
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	}
+	setting.NewContext()
+	models.LoadConfigs()
+	if err := models.SetEngine(); err != nil {
+		return err
+	}
+
+	// Setup temp-dir
+	tmpDir := c.String("tempdir")
+	if !com.IsExist(tmpDir) {
+		log.Fatal(0, "'--tempdir' does not exist: %s", tmpDir)
+	}
+	rootDir, err := ioutil.TempDir(tmpDir, "gitea-backup-")
+	if err != nil {
+		log.Fatal(0, "Fail to create backup root directory '%s': %v", rootDir, err)
+	}
+	defer func(rootDir string) {
+		os.RemoveAll(rootDir)
+	}(rootDir)
+	log.Info("Backup root directory: %s", rootDir)
+
+	// Metadata
+	metaFile := path.Join(rootDir, "metadata.ini")
+	metadata := ini.Empty()
+	metadata.Section("").Key("VERSION").SetValue(fmt.Sprintf("%d", backupVersion))
+	metadata.Section("").Key("DATE_TIME").SetValue(time.Now().String())
+	metadata.Section("").Key("GITEA_VERSION").SetValue(setting.AppVer)
+	if err = metadata.SaveTo(metaFile); err != nil {
+		log.Fatal(0, "Fail to save metadata '%s': %v", metaFile, err)
+	}
+
+	// Create ZIP-file
+	archiveName := path.Join(c.String("target"), fmt.Sprintf("gitea-backup-%d.zip", time.Now().Unix()))
+	log.Info("Packing backup files to: %s", archiveName)
+
+	z, err := zip.Create(archiveName)
+	if err != nil {
+		log.Fatal(0, "Fail to create backup archive '%s': %v", archiveName, err)
+	}
+	defer func(archiveName string) {
+		if r := recover(); r != nil {
+			var ok bool
+			err, ok = r.(error)
+			if !ok {
+				err = fmt.Errorf("pkg: %v", r)
+			}
+			debug.PrintStack()
+			log.Info("Removing partial backup-file %s\n", archiveName)
+			os.Remove(archiveName)
+			log.Fatal(9, "%v\n", err)
+		}
+	}(archiveName)
+
+	// Add metadata-file
+	if err = z.AddFile(archiveRootDir+"/metadata.ini", metaFile); err != nil {
+		log.Fatal(0, "Fail to include 'metadata.ini': %v", err)
+	}
+
+	// Database
+	if c.Bool("db") {
+		log.Info("Backing up database")
+		dbDir := path.Join(rootDir, "db")
+		if err = models.DumpDatabase(dbDir); err != nil {
+			log.Fatal(0, "Fail to dump database: %v", err)
+		}
+		if err = z.AddDir(archiveRootDir+"/db", dbDir); err != nil {
+			log.Fatal(0, "Fail to include 'db': %v", err)
+		}
+	}
+
+	// Custom files
+	if c.Bool("custom") {
+		log.Info("Backing up custom files")
+		if err = z.AddDir(archiveRootDir+"/custom", setting.CustomPath); err != nil {
+			log.Fatal(0, "Fail to include 'custom': %v", err)
+		}
+	}
+
+	// Data files
+	if c.Bool("data") {
+		log.Info("Backing up attachments and avatars")
+		for _, dir := range []string{"attachments", "avatars"} {
+			dirPath := path.Join(setting.AppDataPath, dir)
+			if !com.IsDir(dirPath) {
+				continue
+			}
+
+			if err = z.AddDir(path.Join(archiveRootDir+"/data", dir), dirPath); err != nil {
+				log.Fatal(0, "Fail to include 'data': %v", err)
+			}
+		}
+	}
+
+	// Repositories
+	if c.Bool("repos") {
+		log.Info("Backing up repositories")
+		reposDump := path.Join(rootDir, "repositories.zip")
+		log.Info("Dumping repositories in '%s'", setting.RepoRootPath)
+		if err = zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
+			log.Fatal(0, "Fail to dump repositories: %v", err)
+		}
+		log.Info("Repositories dumped to: %s", reposDump)
+
+		if err = z.AddFile(archiveRootDir+"/repositories.zip", reposDump); err != nil {
+			log.Fatal(0, "Fail to include 'repositories.zip': %v", err)
+		}
+	}
+
+	if err = z.Close(); err != nil {
+		log.Fatal(0, "Fail to save backup archive '%s': %v", archiveName, err)
+	}
+
+	os.RemoveAll(rootDir)
+	log.Info("Backup succeed! Archive is located at: %s", archiveName)
+	return nil
+}

cmd/cert.go

@@ -82,7 +82,7 @@ func pemBlockForKey(priv interface{}) *pem.Block {
 	case *ecdsa.PrivateKey:
 		b, err := x509.MarshalECPrivateKey(k)
 		if err != nil {
-			log.Fatalf("Unable to marshal ECDSA private key: %v\n", err)
+			log.Fatalf("Unable to marshal ECDSA private key: %v", err)
 		}
 		return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}
 	default:
@@ -112,7 +112,7 @@ func runCert(ctx *cli.Context) error {
 		log.Fatalf("Unrecognized elliptic curve: %q", ctx.String("ecdsa-curve"))
 	}
 	if err != nil {
-		log.Fatalf("Failed to generate private key: %s", err)
+		log.Fatalf("Failed to generate private key: %v", err)
 	}
 
 	var notBefore time.Time
@@ -121,7 +121,7 @@ func runCert(ctx *cli.Context) error {
 	} else {
 		notBefore, err = time.Parse("Jan 2 15:04:05 2006", ctx.String("start-date"))
 		if err != nil {
-			log.Fatalf("Failed to parse creation date: %s", err)
+			log.Fatalf("Failed to parse creation date: %v", err)
 		}
 	}
 
@@ -130,7 +130,7 @@ func runCert(ctx *cli.Context) error {
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
-		log.Fatalf("Failed to generate serial number: %s", err)
+		log.Fatalf("Failed to generate serial number: %v", err)
 	}
 
 	template := x509.Certificate{
@@ -163,12 +163,12 @@ func runCert(ctx *cli.Context) error {
 
 	derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv)
 	if err != nil {
-		log.Fatalf("Failed to create certificate: %s", err)
+		log.Fatalf("Failed to create certificate: %v", err)
 	}
 
 	certOut, err := os.Create("cert.pem")
 	if err != nil {
-		log.Fatalf("Failed to open cert.pem for writing: %s", err)
+		log.Fatalf("Failed to open cert.pem for writing: %v", err)
 	}
 	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
 	certOut.Close()
@@ -176,7 +176,7 @@ func runCert(ctx *cli.Context) error {
 
 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
-		log.Fatalf("Failed to open key.pem for writing: %v\n", err)
+		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
 	pem.Encode(keyOut, pemBlockForKey(priv))
 	keyOut.Close()

cmd/dump.go

@@ -8,21 +8,24 @@ package cmd
 import (
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"path"
+	"path/filepath"
 	"time"
 
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+
 	"github.com/Unknwon/cae/zip"
+	"github.com/Unknwon/com"
 	"github.com/urfave/cli"
 )
 
-// CmdDump represents the available dump sub-command.
-var CmdDump = cli.Command{
+// Dump represents the available dump sub-command.
+var Dump = cli.Command{
 	Name:  "dump",
-	Usage: "Dump Gitea files and database",
+	Usage: "DEPRICATED! Dump Gitea files and database",
 	Description: `Dump compresses all related files and database into zip file.
 It can be used for backup and capture Gitea server image to send to maintainer`,
 	Action: runDump,
@@ -41,6 +44,10 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Value: os.TempDir(),
 			Usage: "Temporary dir path",
 		},
+		cli.StringFlag{
+			Name:  "database, d",
+			Usage: "Specify the database SQL syntax",
+		},
 	},
 }
 
@@ -49,73 +56,138 @@ func runDump(ctx *cli.Context) error {
 		setting.CustomConf = ctx.String("config")
 	}
 	setting.NewContext()
+	setting.NewServices() // cannot access session settings otherwise
 	models.LoadConfigs()
-	models.SetEngine()
+
+	log.Info("")
+
+	if err := models.SetEngine(); err != nil {
+		return err
+	}
 
 	tmpDir := ctx.String("tempdir")
 	if _, err := os.Stat(tmpDir); os.IsNotExist(err) {
-		log.Fatalf("Path does not exist: %s", tmpDir)
+		log.Fatal(4, "Path does not exist: %s", tmpDir)
 	}
 	TmpWorkDir, err := ioutil.TempDir(tmpDir, "gitea-dump-")
 	if err != nil {
-		log.Fatalf("Fail to create tmp work directory: %v", err)
+		log.Fatal(4, "Failed to create tmp work directory: %v", err)
 	}
-	log.Printf("Creating tmp work dir: %s", TmpWorkDir)
+	log.Info("Creating tmp work dir: %s", TmpWorkDir)
 
 	reposDump := path.Join(TmpWorkDir, "gitea-repo.zip")
 	dbDump := path.Join(TmpWorkDir, "gitea-db.sql")
 
-	log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
+	log.Info("Dumping local repositories...%s", setting.RepoRootPath)
 	zip.Verbose = ctx.Bool("verbose")
-	if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
-		log.Fatalf("Fail to dump local repositories: %v", err)
+	if err = zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
+		log.Fatal(4, "Failed to dump local repositories: %v", err)
 	}
 
-	log.Printf("Dumping database...")
-	if err := models.DumpDatabase(dbDump); err != nil {
-		log.Fatalf("Fail to dump database: %v", err)
+	targetDBType := ctx.String("database")
+	if len(targetDBType) > 0 && targetDBType != models.DbCfg.Type {
+		log.Info("Dumping database %s => %s...", models.DbCfg.Type, targetDBType)
+	} else {
+		log.Info("Dumping database...")
+	}
+
+	if err = models.DumpDatabaseOld(dbDump, targetDBType); err != nil {
+		log.Fatal(4, "Failed to dump database: %v", err)
 	}
 
 	fileName := fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix())
-	log.Printf("Packing dump files...")
+	log.Info("Packing dump files...")
 	z, err := zip.Create(fileName)
 	if err != nil {
-		log.Fatalf("Fail to create %s: %v", fileName, err)
+		log.Fatal(4, "Failed to create %s: %v", fileName, err)
 	}
 
-	if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
-		log.Fatalf("Fail to include gitea-repo.zip: %v", err)
+	if err = z.AddFile("gitea-repo.zip", reposDump); err != nil {
+		log.Fatal(4, "Failed to include gitea-repo.zip: %v", err)
 	}
-	if err := z.AddFile("gitea-db.sql", dbDump); err != nil {
-		log.Fatalf("Fail to include gitea-db.sql: %v", err)
+	if err = z.AddFile("gitea-db.sql", dbDump); err != nil {
+		log.Fatal(4, "Failed to include gitea-db.sql: %v", err)
 	}
 	customDir, err := os.Stat(setting.CustomPath)
 	if err == nil && customDir.IsDir() {
-		if err := z.AddDir("custom", setting.CustomPath); err != nil {
-			log.Fatalf("Fail to include custom: %v", err)
+		if err = z.AddDir("custom", setting.CustomPath); err != nil {
+			log.Fatal(4, "Failed to include custom: %v", err)
 		}
 	} else {
-		log.Printf("Custom dir %s doesn't exist, skipped", setting.CustomPath)
+		log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
 	}
-	if err := z.AddDir("log", setting.LogRootPath); err != nil {
-		log.Fatalf("Fail to include log: %v", err)
+
+	if com.IsExist(setting.AppDataPath) {
+		log.Info("Packing data directory...%s", setting.AppDataPath)
+
+		var sessionAbsPath string
+		if setting.SessionConfig.Provider == "file" {
+			if len(setting.SessionConfig.ProviderConfig) == 0 {
+				setting.SessionConfig.ProviderConfig = "data/sessions"
+			}
+			sessionAbsPath, _ = filepath.Abs(setting.SessionConfig.ProviderConfig)
+		}
+		if err = zipAddDirectoryExclude(z, "data", setting.AppDataPath, sessionAbsPath); err != nil {
+			log.Fatal(4, "Failed to include data directory: %v", err)
+		}
 	}
-	// FIXME: SSH key file.
+
+	if err = z.AddDir("log", setting.LogRootPath); err != nil {
+		log.Fatal(4, "Failed to include log: %v", err)
+	}
+
 	if err = z.Close(); err != nil {
 		_ = os.Remove(fileName)
-		log.Fatalf("Fail to save %s: %v", fileName, err)
+		log.Fatal(4, "Failed to save %s: %v", fileName, err)
 	}
 
 	if err := os.Chmod(fileName, 0600); err != nil {
-		log.Printf("Can't change file access permissions mask to 0600: %v", err)
+		log.Info("Can't change file access permissions mask to 0600: %v", err)
 	}
 
-	log.Printf("Removing tmp work dir: %s", TmpWorkDir)
+	log.Info("Removing tmp work dir: %s", TmpWorkDir)
 
 	if err := os.RemoveAll(TmpWorkDir); err != nil {
-		log.Fatalf("Fail to remove %s: %v", TmpWorkDir, err)
+		log.Fatal(4, "Failed to remove %s: %v", TmpWorkDir, err)
 	}
-	log.Printf("Finish dumping in file %s", fileName)
+	log.Info("Finish dumping in file %s", fileName)
 
 	return nil
 }
+
+// zipAddDirectoryExclude zips absPath to specified zipPath inside z excluding excludeAbsPath
+func zipAddDirectoryExclude(zip *zip.ZipArchive, zipPath, absPath string, excludeAbsPath string) error {
+	absPath, err := filepath.Abs(absPath)
+	if err != nil {
+		return err
+	}
+	dir, err := os.Open(absPath)
+	if err != nil {
+		return err
+	}
+	defer dir.Close()
+
+	zip.AddEmptyDir(zipPath)
+
+	files, err := dir.Readdir(0)
+	if err != nil {
+		return err
+	}
+	for _, file := range files {
+		currentAbsPath := path.Join(absPath, file.Name())
+		currentZipPath := path.Join(zipPath, file.Name())
+		if file.IsDir() {
+			if currentAbsPath != excludeAbsPath {
+				if err = zipAddDirectoryExclude(zip, currentZipPath, currentAbsPath, excludeAbsPath); err != nil {
+					return err
+				}
+			}
+
+		} else {
+			if err = zip.AddFile(currentZipPath, currentAbsPath); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}

cmd/hook.go

@@ -0,0 +1,233 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"bufio"
+	"bytes"
+	"crypto/tls"
+	"fmt"
+	"os"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/git"
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/httplib"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/Unknwon/com"
+	"github.com/urfave/cli"
+)
+
+var (
+	// CmdHook represents the available hooks sub-command.
+	CmdHook = cli.Command{
+		Name:        "hook",
+		Usage:       "Delegate commands to corresponding Git hooks",
+		Description: "This should only be called by Git",
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "config, c",
+				Value: "custom/conf/app.ini",
+				Usage: "Custom configuration file path",
+			},
+		},
+		Subcommands: []cli.Command{
+			subcmdHookPreReceive,
+			subcmdHookUpadte,
+			subcmdHookPostReceive,
+		},
+	}
+
+	subcmdHookPreReceive = cli.Command{
+		Name:        "pre-receive",
+		Usage:       "Delegate pre-receive Git hook",
+		Description: "This command should only be called by Git",
+		Action:      runHookPreReceive,
+	}
+	subcmdHookUpadte = cli.Command{
+		Name:        "update",
+		Usage:       "Delegate update Git hook",
+		Description: "This command should only be called by Git",
+		Action:      runHookUpdate,
+	}
+	subcmdHookPostReceive = cli.Command{
+		Name:        "post-receive",
+		Usage:       "Delegate post-receive Git hook",
+		Description: "This command should only be called by Git",
+		Action:      runHookPostReceive,
+	}
+)
+
+func runHookPreReceive(c *cli.Context) error {
+	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+		return nil
+	}
+
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	} else if c.GlobalIsSet("config") {
+		setting.CustomConf = c.GlobalString("config")
+	}
+
+	if err := setup("hooks/pre-receive.log"); err != nil {
+		fail("Hook pre-receive init failed", fmt.Sprintf("setup: %v", err))
+	}
+
+	// the environment setted on serv command
+	repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
+	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
+	//username := os.Getenv(models.EnvRepoUsername)
+	//reponame := os.Getenv(models.EnvRepoName)
+	//repoPath := models.RepoPath(username, reponame)
+
+	buf := bytes.NewBuffer(nil)
+	scanner := bufio.NewScanner(os.Stdin)
+	for scanner.Scan() {
+		buf.Write(scanner.Bytes())
+		buf.WriteByte('\n')
+
+		// TODO: support news feeds for wiki
+		if isWiki {
+			continue
+		}
+
+		fields := bytes.Fields(scanner.Bytes())
+		if len(fields) != 3 {
+			continue
+		}
+
+		//oldCommitID := string(fields[0])
+		newCommitID := string(fields[1])
+		refFullName := string(fields[2])
+
+		// FIXME: when we add feature to protected branch to deny force push, then uncomment below
+		/*var isForce bool
+		// detect force push
+		if git.EmptySHA != oldCommitID {
+			output, err := git.NewCommand("rev-list", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
+			if err != nil {
+				fail("Internal error", "Fail to detect force push: %v", err)
+			} else if len(output) > 0 {
+				isForce = true
+			}
+		}*/
+
+		branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
+		protectBranch, err := models.GetProtectedBranchBy(repoID, branchName)
+		if err != nil {
+			log.GitLogger.Fatal(2, "retrieve protected branches information failed")
+		}
+
+		if protectBranch != nil {
+			// check and deletion
+			if newCommitID == git.EmptySHA {
+				fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
+			} else {
+				fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
+				//fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
+			}
+		}
+	}
+
+	return nil
+}
+
+func runHookUpdate(c *cli.Context) error {
+	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+		return nil
+	}
+
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	} else if c.GlobalIsSet("config") {
+		setting.CustomConf = c.GlobalString("config")
+	}
+
+	if err := setup("hooks/update.log"); err != nil {
+		fail("Hook update init failed", fmt.Sprintf("setup: %v", err))
+	}
+
+	return nil
+}
+
+func runHookPostReceive(c *cli.Context) error {
+	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+		return nil
+	}
+
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	} else if c.GlobalIsSet("config") {
+		setting.CustomConf = c.GlobalString("config")
+	}
+
+	if err := setup("hooks/post-receive.log"); err != nil {
+		fail("Hook post-receive init failed", fmt.Sprintf("setup: %v", err))
+	}
+
+	// the environment setted on serv command
+	repoUser := os.Getenv(models.EnvRepoUsername)
+	repoUserSalt := os.Getenv(models.EnvRepoUserSalt)
+	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
+	repoName := os.Getenv(models.EnvRepoName)
+	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	pusherName := os.Getenv(models.EnvPusherName)
+
+	buf := bytes.NewBuffer(nil)
+	scanner := bufio.NewScanner(os.Stdin)
+	for scanner.Scan() {
+		buf.Write(scanner.Bytes())
+		buf.WriteByte('\n')
+
+		// TODO: support news feeds for wiki
+		if isWiki {
+			continue
+		}
+
+		fields := bytes.Fields(scanner.Bytes())
+		if len(fields) != 3 {
+			continue
+		}
+
+		oldCommitID := string(fields[0])
+		newCommitID := string(fields[1])
+		refFullName := string(fields[2])
+
+		if err := models.PushUpdate(models.PushUpdateOptions{
+			RefFullName:  refFullName,
+			OldCommitID:  oldCommitID,
+			NewCommitID:  newCommitID,
+			PusherID:     pusherID,
+			PusherName:   pusherName,
+			RepoUserName: repoUser,
+			RepoName:     repoName,
+		}); err != nil {
+			log.GitLogger.Error(2, "Update: %v", err)
+		}
+
+		// Ask for running deliver hook and test pull request tasks.
+		reqURL := setting.LocalURL + repoUser + "/" + repoName + "/tasks/trigger?branch=" +
+			strings.TrimPrefix(refFullName, git.BranchPrefix) + "&secret=" + base.EncodeMD5(repoUserSalt) + "&pusher=" + com.ToStr(pusherID)
+		log.GitLogger.Trace("Trigger task: %s", reqURL)
+
+		resp, err := httplib.Head(reqURL).SetTLSClientConfig(&tls.Config{
+			InsecureSkipVerify: true,
+		}).Response()
+		if err == nil {
+			resp.Body.Close()
+			if resp.StatusCode/100 != 2 {
+				log.GitLogger.Error(2, "Failed to trigger task: not 2xx response code")
+			}
+		} else {
+			log.GitLogger.Error(2, "Failed to trigger task: %v", err)
+		}
+	}
+
+	return nil
+}

cmd/restore.go

@@ -0,0 +1,166 @@
+// Copyright 2017 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"os"
+	"path"
+
+	"github.com/Unknwon/cae/zip"
+	"github.com/Unknwon/com"
+	"github.com/mcuadros/go-version"
+	"github.com/urfave/cli"
+	"gopkg.in/ini.v1"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// Restore a backup
+var Restore = cli.Command{
+	Name:  "restore",
+	Usage: "Restore files and database from backup",
+	Description: `Restore imports all related files and database from a backup archive.
+The backup version must lower or equal to current Gitea version. You can also import
+backup from other database engines, which is useful for database migrating.
+
+If corresponding files or database tables are not presented in the archive, they will
+be skipped and remian unchanged.`,
+	Action: runRestore,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "config, c",
+			Value: "custom/conf/app.ini",
+			Usage: "Custom configuration file path",
+		},
+		cli.StringFlag{
+			Name:  "tempdir, t",
+			Value: os.TempDir(),
+			Usage: "Temporary directory path",
+		},
+		cli.StringFlag{
+			Name:  "from",
+			Value: "",
+			Usage: "Path to backup archive",
+		},
+		cli.BoolFlag{
+			Name:  "verbose, v",
+			Usage: "Show process details",
+		},
+		cli.BoolTFlag{
+			Name:  "repos",
+			Usage: "Restore repositories (default: true)",
+		},
+		cli.BoolTFlag{
+			Name:  "data",
+			Usage: "Restore attachments and avatars (default: true)",
+		},
+		cli.BoolTFlag{
+			Name:  "custom",
+			Usage: "Restore custom files (default: true)",
+		},
+		cli.BoolTFlag{
+			Name:  "db",
+			Usage: "Restore database (default: true)",
+		},
+	},
+}
+
+func runRestore(c *cli.Context) error {
+	zip.Verbose = c.Bool("verbose")
+
+	tmpDir := c.String("tempdir")
+	if !com.IsExist(tmpDir) {
+		log.Fatal(0, "'--tempdir' does not exist: %s", tmpDir)
+	}
+
+	log.Info("Restore backup from: %s", c.String("from"))
+	if err := zip.ExtractTo(c.String("from"), tmpDir); err != nil {
+		log.Fatal(0, "Fail to extract backup archive: %v", err)
+	}
+	archivePath := path.Join(tmpDir, archiveRootDir)
+
+	// Check backup version
+	metaFile := path.Join(archivePath, "metadata.ini")
+	if !com.IsExist(metaFile) {
+		log.Fatal(0, "File 'metadata.ini' is missing")
+	}
+	metadata, err := ini.Load(metaFile)
+	if err != nil {
+		log.Fatal(0, "Fail to load metadata '%s': %v", metaFile, err)
+	}
+	ver := metadata.Section("").Key("VERSION").MustInt(10000000)
+	if ver != backupVersion {
+		log.Fatal(0, "Current Backup version does not match the version in the backup: %d != %d", ver, backupVersion)
+	}
+	backupVersion := metadata.Section("").Key("GITEA_VERSION").MustString("999.0")
+	if version.Compare(setting.AppVer, backupVersion, "<") {
+		log.Fatal(0, "Current Gitea version is lower than backup version: %s < %s", setting.AppVer, backupVersion)
+	}
+
+	// If config file is not present in backup, user must set this file via flag.
+	// Otherwise, it's optional to set config file flag.
+	configFile := path.Join(archivePath, "custom/conf/app.ini")
+	if c.IsSet("config") {
+		setting.CustomConf = c.String("config")
+	} else if !com.IsExist(configFile) {
+		log.Fatal(0, "'--config' is not specified and custom config file is not found in backup")
+	} else {
+		setting.CustomConf = configFile
+	}
+	setting.NewContext()
+	models.LoadConfigs()
+	models.SetEngine()
+
+	// Database
+	if c.Bool("db") {
+		dbDir := path.Join(archivePath, "db")
+		if err = models.ImportDatabase(dbDir); err != nil {
+			log.Fatal(0, "Fail to import database: %v", err)
+		}
+	}
+
+	// Custom files
+	if c.Bool("custom") {
+		if com.IsExist(setting.CustomPath) {
+			if err = os.Rename(setting.CustomPath, setting.CustomPath+".bak"); err != nil {
+				log.Fatal(0, "Fail to backup current 'custom': %v", err)
+			}
+		}
+		if err = os.Rename(path.Join(archivePath, "custom"), setting.CustomPath); err != nil {
+			log.Fatal(0, "Fail to import 'custom': %v", err)
+		}
+	}
+
+	// Data files
+	if c.Bool("data") {
+		for _, dir := range []string{"attachments", "avatars"} {
+			dirPath := path.Join(setting.AppDataPath, dir)
+			if com.IsExist(dirPath) {
+				if err = os.Rename(dirPath, dirPath+".bak"); err != nil {
+					log.Fatal(0, "Fail to backup current 'data': %v", err)
+				}
+			}
+			if err = os.Rename(path.Join(archivePath, "data", dir), dirPath); err != nil {
+				log.Fatal(0, "Fail to import 'data': %v", err)
+			}
+		}
+	}
+
+	// Repositories
+	if c.Bool("repos") {
+		reposPath := path.Join(archivePath, "repositories.zip")
+		if !c.Bool("exclude-repos") && !c.Bool("database-only") && com.IsExist(reposPath) {
+			if err := zip.ExtractTo(reposPath, path.Dir(setting.RepoRootPath)); err != nil {
+				log.Fatal(0, "Fail to extract 'repositories.zip': %v", err)
+			}
+		}
+	}
+
+	os.RemoveAll(path.Join(tmpDir, archiveRootDir))
+	log.Info("Restore succeed!")
+	return nil
+}

cmd/serv.go

@@ -6,7 +6,7 @@
 package cmd
 
 import (
-	"crypto/tls"
+	"encoding/json"
 	"fmt"
 	"os"
 	"os/exec"
@@ -14,19 +14,19 @@ import (
 	"strings"
 	"time"
 
-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/base"
-	"code.gitea.io/gitea/modules/httplib"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
+
 	"github.com/Unknwon/com"
-	gouuid "github.com/satori/go.uuid"
+	"github.com/dgrijalva/jwt-go"
 	"github.com/urfave/cli"
 )
 
 const (
-	accessDenied = "Repository does not exist or you do not have access"
+	accessDenied        = "Repository does not exist or you do not have access"
+	lfsAuthenticateVerb = "git-lfs-authenticate"
 )
 
 // CmdServ represents the available serv sub-command.
@@ -44,20 +44,20 @@ var CmdServ = cli.Command{
 	},
 }
 
-func setup(logPath string) {
+func setup(logPath string) error {
 	setting.NewContext()
 	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
-
 	models.LoadConfigs()
 
 	if setting.UseSQLite3 || setting.UseTiDB {
 		workDir, _ := setting.WorkDir()
 		if err := os.Chdir(workDir); err != nil {
-			log.GitLogger.Fatal(4, "Fail to change directory %s: %v", workDir, err)
+			log.GitLogger.Fatal(4, "Failed to change directory %s: %v", workDir, err)
 		}
 	}
 
-	models.SetEngine()
+	setting.NewXORMLogService(true)
+	return models.SetEngine()
 }
 
 func parseCmd(cmd string) (string, string) {
@@ -73,6 +73,7 @@ var (
 		"git-upload-pack":    models.AccessModeRead,
 		"git-upload-archive": models.AccessModeRead,
 		"git-receive-pack":   models.AccessModeWrite,
+		lfsAuthenticateVerb:  models.AccessModeNone,
 	}
 )
 
@@ -91,58 +92,14 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 	os.Exit(1)
 }
 
-func handleUpdateTask(uuid string, user, repoUser *models.User, reponame string, isWiki bool) {
-	task, err := models.GetUpdateTaskByUUID(uuid)
-	if err != nil {
-		if models.IsErrUpdateTaskNotExist(err) {
-			log.GitLogger.Trace("No update task is presented: %s", uuid)
-			return
-		}
-		log.GitLogger.Fatal(2, "GetUpdateTaskByUUID: %v", err)
-	} else if err = models.DeleteUpdateTaskByUUID(uuid); err != nil {
-		log.GitLogger.Fatal(2, "DeleteUpdateTaskByUUID: %v", err)
-	}
-
-	if isWiki {
-		return
-	}
-
-	if err = models.PushUpdate(models.PushUpdateOptions{
-		RefFullName:  task.RefName,
-		OldCommitID:  task.OldCommitID,
-		NewCommitID:  task.NewCommitID,
-		PusherID:     user.ID,
-		PusherName:   user.Name,
-		RepoUserName: repoUser.Name,
-		RepoName:     reponame,
-	}); err != nil {
-		log.GitLogger.Error(2, "Update: %v", err)
-	}
-
-	// Ask for running deliver hook and test pull request tasks.
-	reqURL := setting.LocalURL + repoUser.Name + "/" + reponame + "/tasks/trigger?branch=" +
-		strings.TrimPrefix(task.RefName, git.BranchPrefix) + "&secret=" + base.EncodeMD5(repoUser.Salt) + "&pusher=" + com.ToStr(user.ID)
-	log.GitLogger.Trace("Trigger task: %s", reqURL)
-
-	resp, err := httplib.Head(reqURL).SetTLSClientConfig(&tls.Config{
-		InsecureSkipVerify: true,
-	}).Response()
-	if err == nil {
-		resp.Body.Close()
-		if resp.StatusCode/100 != 2 {
-			log.GitLogger.Error(2, "Fail to trigger task: not 2xx response code")
-		}
-	} else {
-		log.GitLogger.Error(2, "Fail to trigger task: %v", err)
-	}
-}
-
 func runServ(c *cli.Context) error {
 	if c.IsSet("config") {
 		setting.CustomConf = c.String("config")
 	}
 
-	setup("serv.log")
+	if err := setup("serv.log"); err != nil {
+		fail("System init failed", fmt.Sprintf("setup: %v", err))
+	}
 
 	if setting.SSH.Disabled {
 		println("Gitea: SSH has been disabled")
@@ -150,7 +107,8 @@ func runServ(c *cli.Context) error {
 	}
 
 	if len(c.Args()) < 1 {
-		fail("Not enough arguments", "Not enough arguments")
+		cli.ShowSubcommandHelp(c)
+		return nil
 	}
 
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
@@ -161,11 +119,26 @@ func runServ(c *cli.Context) error {
 	}
 
 	verb, args := parseCmd(cmd)
+
+	var lfsVerb string
+	if verb == lfsAuthenticateVerb {
+		if !setting.LFS.StartServer {
+			fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
+		}
+
+		argsSplit := strings.Split(args, " ")
+		if len(argsSplit) >= 2 {
+			args = strings.TrimSpace(argsSplit[0])
+			lfsVerb = strings.TrimSpace(argsSplit[1])
+		}
+	}
+
 	repoPath := strings.ToLower(strings.Trim(args, "'"))
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
 		fail("Invalid repository path", "Invalid repository path: %v", args)
 	}
+
 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))
 
@@ -175,6 +148,14 @@ func runServ(c *cli.Context) error {
 		reponame = reponame[:len(reponame)-5]
 	}
 
+	os.Setenv(models.EnvRepoUsername, username)
+	if isWiki {
+		os.Setenv(models.EnvRepoIsWiki, "true")
+	} else {
+		os.Setenv(models.EnvRepoIsWiki, "false")
+	}
+	os.Setenv(models.EnvRepoName, reponame)
+
 	repoUser, err := models.GetUserByName(username)
 	if err != nil {
 		if models.IsErrUserNotExist(err) {
@@ -183,6 +164,8 @@ func runServ(c *cli.Context) error {
 		fail("Internal error", "Failed to get repository owner (%s): %v", username, err)
 	}
 
+	os.Setenv(models.EnvRepoUserSalt, repoUser.Salt)
+
 	repo, err := models.GetRepositoryByName(repoUser.ID, reponame)
 	if err != nil {
 		if models.IsErrRepoNotExist(err) {
@@ -196,6 +179,16 @@ func runServ(c *cli.Context) error {
 		fail("Unknown git command", "Unknown git command %s", verb)
 	}
 
+	if verb == lfsAuthenticateVerb {
+		if lfsVerb == "upload" {
+			requestedMode = models.AccessModeWrite
+		} else if lfsVerb == "download" {
+			requestedMode = models.AccessModeRead
+		} else {
+			fail("Unknown LFS verb", "Unkown lfs verb %s", lfsVerb)
+		}
+	}
+
 	// Prohibit push to mirror repositories.
 	if requestedMode > models.AccessModeRead && repo.IsMirror {
 		fail("mirror repository is read-only", "")
@@ -244,9 +237,9 @@ func runServ(c *cli.Context) error {
 				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
 			}
 
-			mode, err := models.AccessLevel(user, repo)
+			mode, err := models.AccessLevel(user.ID, repo)
 			if err != nil {
-				fail("Internal error", "Fail to check access: %v", err)
+				fail("Internal error", "Failed to check access: %v", err)
 			} else if mode < requestedMode {
 				clientMessage := accessDenied
 				if mode >= models.AccessModeRead {
@@ -257,14 +250,43 @@ func runServ(c *cli.Context) error {
 					user.Name, requestedMode, repoPath)
 			}
 
-			os.Setenv("GITEA_PUSHER_NAME", user.Name)
+			os.Setenv(models.EnvPusherName, user.Name)
+			os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", user.ID))
 		}
 	}
 
-	uuid := gouuid.NewV4().String()
-	os.Setenv("GITEA_UUID", uuid)
-	// Keep the old env variable name for backward compability
-	os.Setenv("uuid", uuid)
+	//LFS token authentication
+	if verb == lfsAuthenticateVerb {
+		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, repoUser.Name, repo.Name)
+
+		now := time.Now()
+		token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
+			"repo": repo.ID,
+			"op":   lfsVerb,
+			"exp":  now.Add(5 * time.Minute).Unix(),
+			"nbf":  now.Unix(),
+		})
+
+		// Sign and get the complete encoded token as a string using the secret
+		tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
+		if err != nil {
+			fail("Internal error", "Failed to sign JWT token: %v", err)
+		}
+
+		tokenAuthentication := &models.LFSTokenResponse{
+			Header: make(map[string]string),
+			Href:   url,
+		}
+		tokenAuthentication.Header["Authorization"] = fmt.Sprintf("Bearer %s", tokenString)
+
+		enc := json.NewEncoder(os.Stdout)
+		err = enc.Encode(tokenAuthentication)
+		if err != nil {
+			fail("Internal error", "Failed to encode LFS json response: %v", err)
+		}
+
+		return nil
+	}
 
 	// Special handle for Windows.
 	if setting.IsWindows {
@@ -278,6 +300,15 @@ func runServ(c *cli.Context) error {
 	} else {
 		gitcmd = exec.Command(verb, repoPath)
 	}
+
+	if isWiki {
+		if err = repo.InitWiki(); err != nil {
+			fail("Internal error", "Failed to init wiki repo: %v", err)
+		}
+	}
+
+	os.Setenv(models.ProtectedBranchRepoID, fmt.Sprintf("%d", repo.ID))
+
 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
 	gitcmd.Stdin = os.Stdin
@@ -286,19 +317,9 @@ func runServ(c *cli.Context) error {
 		fail("Internal error", "Failed to execute git command: %v", err)
 	}
 
-	if requestedMode == models.AccessModeWrite {
-		handleUpdateTask(uuid, user, repoUser, reponame, isWiki)
-	}
-
 	// Update user key activity.
 	if keyID > 0 {
-		key, err := models.GetPublicKeyByID(keyID)
-		if err != nil {
-			fail("Internal error", "GetPublicKeyById: %v", err)
-		}
-
-		key.Updated = time.Now()
-		if err = models.UpdatePublicKey(key); err != nil {
+		if err = private.UpdatePublicKeyUpdated(keyID); err != nil {
 			fail("Internal error", "UpdatePublicKey: %v", err)
 		}
 	}

cmd/update.go

@@ -1,63 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"os"
-
-	"github.com/urfave/cli"
-
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-)
-
-// CmdUpdate represents the available update sub-command.
-var CmdUpdate = cli.Command{
-	Name:        "update",
-	Usage:       "This command should only be called by Git hook",
-	Description: `Update get pushed info and insert into database`,
-	Action:      runUpdate,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
-	},
-}
-
-func runUpdate(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
-	setup("update.log")
-
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-		log.GitLogger.Trace("SSH_ORIGINAL_COMMAND is empty")
-		return nil
-	}
-
-	args := c.Args()
-	if len(args) != 3 {
-		log.GitLogger.Fatal(2, "Arguments received are not equal to three")
-	} else if len(args[0]) == 0 {
-		log.GitLogger.Fatal(2, "First argument 'refName' is empty, shouldn't use")
-	}
-
-	task := models.UpdateTask{
-		UUID:        os.Getenv("GITEA_UUID"),
-		RefName:     args[0],
-		OldCommitID: args[1],
-		NewCommitID: args[2],
-	}
-
-	if err := models.AddUpdateTask(&task); err != nil {
-		log.GitLogger.Fatal(2, "AddUpdateTask: %v", err)
-	}
-
-	return nil
-}

cmd/web.go

@@ -5,40 +5,21 @@
 package cmd
 
 import (
-	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"net/http/fcgi"
+	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
 	"os"
-	"path"
 	"strings"
 
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
-	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/options"
-	"code.gitea.io/gitea/modules/public"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/routers"
-	"code.gitea.io/gitea/routers/admin"
-	apiv1 "code.gitea.io/gitea/routers/api/v1"
-	"code.gitea.io/gitea/routers/dev"
-	"code.gitea.io/gitea/routers/org"
-	"code.gitea.io/gitea/routers/repo"
-	"code.gitea.io/gitea/routers/user"
-	"github.com/go-macaron/binding"
-	"github.com/go-macaron/cache"
-	"github.com/go-macaron/captcha"
-	"github.com/go-macaron/csrf"
-	"github.com/go-macaron/gzip"
-	"github.com/go-macaron/i18n"
-	"github.com/go-macaron/session"
-	"github.com/go-macaron/toolbox"
+	"code.gitea.io/gitea/routers/routes"
+
+	context2 "github.com/gorilla/context"
 	"github.com/urfave/cli"
-	macaron "gopkg.in/macaron.v1"
 )
 
 // CmdWeb represents the available web sub-command.
@@ -59,531 +40,27 @@ and it takes care of all the other things for you`,
 			Value: "custom/conf/app.ini",
 			Usage: "Custom configuration file path",
 		},
+		cli.StringFlag{
+			Name:  "pid, P",
+			Value: "/var/run/gitea.pid",
+			Usage: "Custom pid file path",
+		},
 	},
 }
 
-// VerChecker is a listing of required dependency versions.
-type VerChecker struct {
-	ImportPath string
-	Version    func() string
-	Expected   string
-}
-
-// newMacaron initializes Macaron instance.
-func newMacaron() *macaron.Macaron {
-	m := macaron.New()
-	if !setting.DisableRouterLog {
-		m.Use(macaron.Logger())
-	}
-	m.Use(macaron.Recovery())
-	if setting.EnableGzip {
-		m.Use(gzip.Gziper())
-	}
-	if setting.Protocol == setting.FCGI {
-		m.SetURLPrefix(setting.AppSubURL)
-	}
-	m.Use(public.Static(
-		&public.Options{
-			Directory:   path.Join(setting.StaticRootPath, "public"),
-			SkipLogging: setting.DisableRouterLog,
-		},
-	))
-	m.Use(macaron.Static(
-		setting.AvatarUploadPath,
-		macaron.StaticOptions{
-			Prefix:      "avatars",
-			SkipLogging: setting.DisableRouterLog,
-		},
-	))
-
-	m.Use(templates.Renderer())
-	models.InitMailRender(templates.Mailer())
-
-	localeNames, err := options.Dir("locale")
-
-	if err != nil {
-		log.Fatal(4, "Fail to list locale files: %v", err)
-	}
-
-	localFiles := make(map[string][]byte)
-
-	for _, name := range localeNames {
-		localFiles[name], err = options.Locale(name)
-
-		if err != nil {
-			log.Fatal(4, "Failed to load %s locale file. %v", name, err)
-		}
-	}
-
-	m.Use(i18n.I18n(i18n.Options{
-		SubURL:      setting.AppSubURL,
-		Files:       localFiles,
-		Langs:       setting.Langs,
-		Names:       setting.Names,
-		DefaultLang: "en-US",
-		Redirect:    true,
-	}))
-	m.Use(cache.Cacher(cache.Options{
-		Adapter:       setting.CacheAdapter,
-		AdapterConfig: setting.CacheConn,
-		Interval:      setting.CacheInterval,
-	}))
-	m.Use(captcha.Captchaer(captcha.Options{
-		SubURL: setting.AppSubURL,
-	}))
-	m.Use(session.Sessioner(setting.SessionConfig))
-	m.Use(csrf.Csrfer(csrf.Options{
-		Secret:     setting.SecretKey,
-		Cookie:     setting.CSRFCookieName,
-		SetCookie:  true,
-		Header:     "X-Csrf-Token",
-		CookiePath: setting.AppSubURL,
-	}))
-	m.Use(toolbox.Toolboxer(m, toolbox.Options{
-		HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{
-			{
-				Desc: "Database connection",
-				Func: models.Ping,
-			},
-		},
-	}))
-	m.Use(context.Contexter())
-	return m
-}
-
 func runWeb(ctx *cli.Context) error {
 	if ctx.IsSet("config") {
 		setting.CustomConf = ctx.String("config")
 	}
-	routers.GlobalInit()
 
-	m := newMacaron()
-
-	reqSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: true})
-	ignSignIn := context.Toggle(&context.ToggleOptions{SignInRequired: setting.Service.RequireSignInView})
-	ignSignInAndCsrf := context.Toggle(&context.ToggleOptions{DisableCSRF: true})
-	reqSignOut := context.Toggle(&context.ToggleOptions{SignOutRequired: true})
-
-	bindIgnErr := binding.BindIgnErr
-
-	// FIXME: not all routes need go through same middlewares.
-	// Especially some AJAX requests, we can reduce middleware number to improve performance.
-	// Routers.
-	m.Get("/", ignSignIn, routers.Home)
-	m.Group("/explore", func() {
-		m.Get("", func(ctx *context.Context) {
-			ctx.Redirect(setting.AppSubURL + "/explore/repos")
-		})
-		m.Get("/repos", routers.ExploreRepos)
-		m.Get("/users", routers.ExploreUsers)
-		m.Get("/organizations", routers.ExploreOrganizations)
-	}, ignSignIn)
-	m.Combo("/install", routers.InstallInit).Get(routers.Install).
-		Post(bindIgnErr(auth.InstallForm{}), routers.InstallPost)
-	m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
-
-	// ***** START: User *****
-	m.Group("/user", func() {
-		m.Get("/login", user.SignIn)
-		m.Post("/login", bindIgnErr(auth.SignInForm{}), user.SignInPost)
-		m.Get("/sign_up", user.SignUp)
-		m.Post("/sign_up", bindIgnErr(auth.RegisterForm{}), user.SignUpPost)
-		m.Get("/reset_password", user.ResetPasswd)
-		m.Post("/reset_password", user.ResetPasswdPost)
-	}, reqSignOut)
-
-	m.Group("/user/settings", func() {
-		m.Get("", user.Settings)
-		m.Post("", bindIgnErr(auth.UpdateProfileForm{}), user.SettingsPost)
-		m.Combo("/avatar").Get(user.SettingsAvatar).
-			Post(binding.MultipartForm(auth.AvatarForm{}), user.SettingsAvatarPost)
-		m.Post("/avatar/delete", user.SettingsDeleteAvatar)
-		m.Combo("/email").Get(user.SettingsEmails).
-			Post(bindIgnErr(auth.AddEmailForm{}), user.SettingsEmailPost)
-		m.Post("/email/delete", user.DeleteEmail)
-		m.Get("/password", user.SettingsPassword)
-		m.Post("/password", bindIgnErr(auth.ChangePasswordForm{}), user.SettingsPasswordPost)
-		m.Combo("/ssh").Get(user.SettingsSSHKeys).
-			Post(bindIgnErr(auth.AddSSHKeyForm{}), user.SettingsSSHKeysPost)
-		m.Post("/ssh/delete", user.DeleteSSHKey)
-		m.Combo("/applications").Get(user.SettingsApplications).
-			Post(bindIgnErr(auth.NewAccessTokenForm{}), user.SettingsApplicationsPost)
-		m.Post("/applications/delete", user.SettingsDeleteApplication)
-		m.Route("/delete", "GET,POST", user.SettingsDelete)
-	}, reqSignIn, func(ctx *context.Context) {
-		ctx.Data["PageIsUserSettings"] = true
-	})
-
-	m.Group("/user", func() {
-		// r.Get("/feeds", binding.Bind(auth.FeedsForm{}), user.Feeds)
-		m.Any("/activate", user.Activate)
-		m.Any("/activate_email", user.ActivateEmail)
-		m.Get("/email2user", user.Email2User)
-		m.Get("/forget_password", user.ForgotPasswd)
-		m.Post("/forget_password", user.ForgotPasswdPost)
-		m.Get("/logout", user.SignOut)
-	})
-	// ***** END: User *****
-
-	adminReq := context.Toggle(&context.ToggleOptions{SignInRequired: true, AdminRequired: true})
-
-	// ***** START: Admin *****
-	m.Group("/admin", func() {
-		m.Get("", adminReq, admin.Dashboard)
-		m.Get("/config", admin.Config)
-		m.Post("/config/test_mail", admin.SendTestMail)
-		m.Get("/monitor", admin.Monitor)
-
-		m.Group("/users", func() {
-			m.Get("", admin.Users)
-			m.Combo("/new").Get(admin.NewUser).Post(bindIgnErr(auth.AdminCreateUserForm{}), admin.NewUserPost)
-			m.Combo("/:userid").Get(admin.EditUser).Post(bindIgnErr(auth.AdminEditUserForm{}), admin.EditUserPost)
-			m.Post("/:userid/delete", admin.DeleteUser)
-		})
-
-		m.Group("/orgs", func() {
-			m.Get("", admin.Organizations)
-		})
-
-		m.Group("/repos", func() {
-			m.Get("", admin.Repos)
-			m.Post("/delete", admin.DeleteRepo)
-		})
-
-		m.Group("/auths", func() {
-			m.Get("", admin.Authentications)
-			m.Combo("/new").Get(admin.NewAuthSource).Post(bindIgnErr(auth.AuthenticationForm{}), admin.NewAuthSourcePost)
-			m.Combo("/:authid").Get(admin.EditAuthSource).
-				Post(bindIgnErr(auth.AuthenticationForm{}), admin.EditAuthSourcePost)
-			m.Post("/:authid/delete", admin.DeleteAuthSource)
-		})
-
-		m.Group("/notices", func() {
-			m.Get("", admin.Notices)
-			m.Post("/delete", admin.DeleteNotices)
-			m.Get("/empty", admin.EmptyNotices)
-		})
-	}, adminReq)
-	// ***** END: Admin *****
-
-	m.Group("", func() {
-		m.Group("/:username", func() {
-			m.Get("", user.Profile)
-			m.Get("/followers", user.Followers)
-			m.Get("/following", user.Following)
-			m.Get("/stars", user.Stars)
-		})
-
-		m.Get("/attachments/:uuid", func(ctx *context.Context) {
-			attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid"))
-			if err != nil {
-				if models.IsErrAttachmentNotExist(err) {
-					ctx.Error(404)
-				} else {
-					ctx.Handle(500, "GetAttachmentByUUID", err)
-				}
-				return
-			}
-
-			fr, err := os.Open(attach.LocalPath())
-			if err != nil {
-				ctx.Handle(500, "Open", err)
-				return
-			}
-			defer fr.Close()
-
-			if err = repo.ServeData(ctx, attach.Name, fr); err != nil {
-				ctx.Handle(500, "ServeData", err)
-				return
-			}
-		})
-		m.Post("/issues/attachments", repo.UploadIssueAttachment)
-	}, ignSignIn)
-
-	m.Group("/:username", func() {
-		m.Get("/action/:action", user.Action)
-	}, reqSignIn)
-
-	if macaron.Env == macaron.DEV {
-		m.Get("/template/*", dev.TemplatePreview)
+	if ctx.IsSet("pid") {
+		setting.CustomPID = ctx.String("pid")
 	}
 
-	reqRepoAdmin := context.RequireRepoAdmin()
-	reqRepoWriter := context.RequireRepoWriter()
+	routers.GlobalInit()
 
-	// ***** START: Organization *****
-	m.Group("/org", func() {
-		m.Get("/create", org.Create)
-		m.Post("/create", bindIgnErr(auth.CreateOrgForm{}), org.CreatePost)
-
-		m.Group("/:org", func() {
-			m.Get("/dashboard", user.Dashboard)
-			m.Get("/^:type(issues|pulls)$", user.Issues)
-			m.Get("/members", org.Members)
-			m.Get("/members/action/:action", org.MembersAction)
-
-			m.Get("/teams", org.Teams)
-		}, context.OrgAssignment(true))
-
-		m.Group("/:org", func() {
-			m.Get("/teams/:team", org.TeamMembers)
-			m.Get("/teams/:team/repositories", org.TeamRepositories)
-			m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
-			m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
-		}, context.OrgAssignment(true, false, true))
-
-		m.Group("/:org", func() {
-			m.Get("/teams/new", org.NewTeam)
-			m.Post("/teams/new", bindIgnErr(auth.CreateTeamForm{}), org.NewTeamPost)
-			m.Get("/teams/:team/edit", org.EditTeam)
-			m.Post("/teams/:team/edit", bindIgnErr(auth.CreateTeamForm{}), org.EditTeamPost)
-			m.Post("/teams/:team/delete", org.DeleteTeam)
-
-			m.Group("/settings", func() {
-				m.Combo("").Get(org.Settings).
-					Post(bindIgnErr(auth.UpdateOrgSettingForm{}), org.SettingsPost)
-				m.Post("/avatar", binding.MultipartForm(auth.AvatarForm{}), org.SettingsAvatar)
-				m.Post("/avatar/delete", org.SettingsDeleteAvatar)
-
-				m.Group("/hooks", func() {
-					m.Get("", org.Webhooks)
-					m.Post("/delete", org.DeleteWebhook)
-					m.Get("/:type/new", repo.WebhooksNew)
-					m.Post("/gogs/new", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksNewPost)
-					m.Post("/slack/new", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksNewPost)
-					m.Get("/:id", repo.WebHooksEdit)
-					m.Post("/gogs/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
-					m.Post("/slack/:id", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksEditPost)
-				})
-
-				m.Route("/delete", "GET,POST", org.SettingsDelete)
-			})
-
-			m.Route("/invitations/new", "GET,POST", org.Invitation)
-		}, context.OrgAssignment(true, true))
-	}, reqSignIn)
-	// ***** END: Organization *****
-
-	// ***** START: Repository *****
-	m.Group("/repo", func() {
-		m.Get("/create", repo.Create)
-		m.Post("/create", bindIgnErr(auth.CreateRepoForm{}), repo.CreatePost)
-		m.Get("/migrate", repo.Migrate)
-		m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), repo.MigratePost)
-		m.Combo("/fork/:repoid").Get(repo.Fork).
-			Post(bindIgnErr(auth.CreateRepoForm{}), repo.ForkPost)
-	}, reqSignIn)
-
-	m.Group("/:username/:reponame", func() {
-		m.Group("/settings", func() {
-			m.Combo("").Get(repo.Settings).
-				Post(bindIgnErr(auth.RepoSettingForm{}), repo.SettingsPost)
-			m.Group("/collaboration", func() {
-				m.Combo("").Get(repo.Collaboration).Post(repo.CollaborationPost)
-				m.Post("/access_mode", repo.ChangeCollaborationAccessMode)
-				m.Post("/delete", repo.DeleteCollaboration)
-			})
-
-			m.Group("/hooks", func() {
-				m.Get("", repo.Webhooks)
-				m.Post("/delete", repo.DeleteWebhook)
-				m.Get("/:type/new", repo.WebhooksNew)
-				m.Post("/gogs/new", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksNewPost)
-				m.Post("/slack/new", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksNewPost)
-				m.Get("/:id", repo.WebHooksEdit)
-				m.Post("/:id/test", repo.TestWebhook)
-				m.Post("/gogs/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
-				m.Post("/slack/:id", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksEditPost)
-
-				m.Group("/git", func() {
-					m.Get("", repo.GitHooks)
-					m.Combo("/:name").Get(repo.GitHooksEdit).
-						Post(repo.GitHooksEditPost)
-				}, context.GitHookService())
-			})
-
-			m.Group("/keys", func() {
-				m.Combo("").Get(repo.DeployKeys).
-					Post(bindIgnErr(auth.AddSSHKeyForm{}), repo.DeployKeysPost)
-				m.Post("/delete", repo.DeleteDeployKey)
-			})
-
-		}, func(ctx *context.Context) {
-			ctx.Data["PageIsSettings"] = true
-		})
-	}, reqSignIn, context.RepoAssignment(), reqRepoAdmin, context.RepoRef())
-
-	m.Get("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), repo.Action)
-	m.Group("/:username/:reponame", func() {
-		// FIXME: should use different URLs but mostly same logic for comments of issue and pull reuqest.
-		// So they can apply their own enable/disable logic on routers.
-		m.Group("/issues", func() {
-			m.Combo("/new", repo.MustEnableIssues).Get(context.RepoRef(), repo.NewIssue).
-				Post(bindIgnErr(auth.CreateIssueForm{}), repo.NewIssuePost)
-
-			m.Group("/:index", func() {
-				m.Post("/label", repo.UpdateIssueLabel)
-				m.Post("/milestone", repo.UpdateIssueMilestone)
-				m.Post("/assignee", repo.UpdateIssueAssignee)
-			}, reqRepoWriter)
-
-			m.Group("/:index", func() {
-				m.Post("/title", repo.UpdateIssueTitle)
-				m.Post("/content", repo.UpdateIssueContent)
-				m.Combo("/comments").Post(bindIgnErr(auth.CreateCommentForm{}), repo.NewComment)
-			})
-		})
-		m.Group("/comments/:id", func() {
-			m.Post("", repo.UpdateCommentContent)
-			m.Post("/delete", repo.DeleteComment)
-		})
-		m.Group("/labels", func() {
-			m.Post("/new", bindIgnErr(auth.CreateLabelForm{}), repo.NewLabel)
-			m.Post("/edit", bindIgnErr(auth.CreateLabelForm{}), repo.UpdateLabel)
-			m.Post("/delete", repo.DeleteLabel)
-			m.Post("/initialize", bindIgnErr(auth.InitializeLabelsForm{}), repo.InitializeLabels)
-		}, reqRepoWriter, context.RepoRef())
-		m.Group("/milestones", func() {
-			m.Combo("/new").Get(repo.NewMilestone).
-				Post(bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost)
-			m.Get("/:id/edit", repo.EditMilestone)
-			m.Post("/:id/edit", bindIgnErr(auth.CreateMilestoneForm{}), repo.EditMilestonePost)
-			m.Get("/:id/:action", repo.ChangeMilestonStatus)
-			m.Post("/delete", repo.DeleteMilestone)
-		}, reqRepoWriter, context.RepoRef())
-
-		m.Group("/releases", func() {
-			m.Get("/new", repo.NewRelease)
-			m.Post("/new", bindIgnErr(auth.NewReleaseForm{}), repo.NewReleasePost)
-			m.Post("/delete", repo.DeleteRelease)
-		}, reqRepoWriter, context.RepoRef())
-
-		m.Group("/releases", func() {
-			m.Get("/edit/*", repo.EditRelease)
-			m.Post("/edit/*", bindIgnErr(auth.EditReleaseForm{}), repo.EditReleasePost)
-		}, reqRepoWriter, func(ctx *context.Context) {
-			var err error
-			ctx.Repo.Commit, err = ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch)
-			if err != nil {
-				ctx.Handle(500, "GetBranchCommit", err)
-				return
-			}
-			ctx.Repo.CommitsCount, err = ctx.Repo.Commit.CommitsCount()
-			if err != nil {
-				ctx.Handle(500, "CommitsCount", err)
-				return
-			}
-			ctx.Data["CommitsCount"] = ctx.Repo.CommitsCount
-		})
-
-		m.Combo("/compare/*", repo.MustAllowPulls, repo.SetEditorconfigIfExists).
-			Get(repo.CompareAndPullRequest).
-			Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
-
-		m.Group("", func() {
-			m.Combo("/_edit/*").Get(repo.EditFile).
-				Post(bindIgnErr(auth.EditRepoFileForm{}), repo.EditFilePost)
-			m.Combo("/_new/*").Get(repo.NewFile).
-				Post(bindIgnErr(auth.EditRepoFileForm{}), repo.NewFilePost)
-			m.Post("/_preview/*", bindIgnErr(auth.EditPreviewDiffForm{}), repo.DiffPreviewPost)
-			m.Combo("/_delete/*").Get(repo.DeleteFile).
-				Post(bindIgnErr(auth.DeleteRepoFileForm{}), repo.DeleteFilePost)
-
-			m.Group("", func() {
-				m.Combo("/_upload/*").Get(repo.UploadFile).
-					Post(bindIgnErr(auth.UploadRepoFileForm{}), repo.UploadFilePost)
-				m.Post("/upload-file", repo.UploadFileToServer)
-				m.Post("/upload-remove", bindIgnErr(auth.RemoveUploadFileForm{}), repo.RemoveUploadFileFromServer)
-			}, func(ctx *context.Context) {
-				if !setting.Repository.Upload.Enabled {
-					ctx.Handle(404, "", nil)
-					return
-				}
-			})
-		}, reqRepoWriter, context.RepoRef(), func(ctx *context.Context) {
-			if !ctx.Repo.Repository.CanEnableEditor() || ctx.Repo.IsViewCommit {
-				ctx.Handle(404, "", nil)
-				return
-			}
-		})
-	}, reqSignIn, context.RepoAssignment(), repo.MustBeNotBare)
-
-	m.Group("/:username/:reponame", func() {
-		m.Group("", func() {
-			m.Get("/releases", repo.Releases)
-			m.Get("/^:type(issues|pulls)$", repo.RetrieveLabels, repo.Issues)
-			m.Get("/^:type(issues|pulls)$/:index", repo.ViewIssue)
-			m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
-			m.Get("/milestones", repo.Milestones)
-		}, context.RepoRef())
-
-		// m.Get("/branches", repo.Branches)
-
-		m.Group("/wiki", func() {
-			m.Get("/?:page", repo.Wiki)
-			m.Get("/_pages", repo.WikiPages)
-
-			m.Group("", func() {
-				m.Combo("/_new").Get(repo.NewWiki).
-					Post(bindIgnErr(auth.NewWikiForm{}), repo.NewWikiPost)
-				m.Combo("/:page/_edit").Get(repo.EditWiki).
-					Post(bindIgnErr(auth.NewWikiForm{}), repo.EditWikiPost)
-				m.Post("/:page/delete", repo.DeleteWikiPagePost)
-			}, reqSignIn, reqRepoWriter)
-		}, repo.MustEnableWiki, context.RepoRef())
-
-		m.Get("/archive/*", repo.Download)
-
-		m.Group("/pulls/:index", func() {
-			m.Get("/commits", context.RepoRef(), repo.ViewPullCommits)
-			m.Get("/files", context.RepoRef(), repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.ViewPullFiles)
-			m.Post("/merge", reqRepoWriter, repo.MergePullRequest)
-		}, repo.MustAllowPulls)
-
-		m.Group("", func() {
-			m.Get("/src/*", repo.SetEditorconfigIfExists, repo.Home)
-			m.Get("/raw/*", repo.SingleDownload)
-			m.Get("/commits/*", repo.RefCommits)
-			m.Get("/commit/:sha([a-f0-9]{7,40})$", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.Diff)
-			m.Get("/forks", repo.Forks)
-		}, context.RepoRef())
-		m.Get("/commit/:sha([a-f0-9]{7,40})\\.:ext(patch|diff)", repo.RawDiff)
-
-		m.Get("/compare/:before([a-z0-9]{40})\\.\\.\\.:after([a-z0-9]{40})", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.CompareDiff)
-	}, ignSignIn, context.RepoAssignment(), repo.MustBeNotBare)
-	m.Group("/:username/:reponame", func() {
-		m.Get("/stars", repo.Stars)
-		m.Get("/watchers", repo.Watchers)
-	}, ignSignIn, context.RepoAssignment(), context.RepoRef())
-
-	m.Group("/:username", func() {
-		m.Group("/:reponame", func() {
-			m.Get("", repo.SetEditorconfigIfExists, repo.Home)
-			m.Get("\\.git$", repo.SetEditorconfigIfExists, repo.Home)
-		}, ignSignIn, context.RepoAssignment(true), context.RepoRef())
-
-		m.Group("/:reponame", func() {
-			m.Any("/*", ignSignInAndCsrf, repo.HTTP)
-			m.Head("/tasks/trigger", repo.TriggerTask)
-		})
-	})
-	// ***** END: Repository *****
-
-	m.Group("/api", func() {
-		apiv1.RegisterRoutes(m)
-	}, ignSignIn)
-
-	// robots.txt
-	m.Get("/robots.txt", func(ctx *context.Context) {
-		if setting.HasRobotsTxt {
-			ctx.ServeFileContent(path.Join(setting.CustomPath, "robots.txt"))
-		} else {
-			ctx.Error(404)
-		}
-	})
-
-	// Not found handler.
-	m.NotFound(routers.NotFound)
+	m := routes.NewMacaron()
+	routes.RegisterRoutes(m)
 
 	// Flag for port number in case first time run conflict.
 	if ctx.IsSet("port") {
@@ -599,18 +76,32 @@ func runWeb(ctx *cli.Context) error {
 	}
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
 
+	if setting.LFS.StartServer {
+		log.Info("LFS server enabled")
+	}
+
+	if setting.EnablePprof {
+		go func() {
+			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
+		}()
+	}
+
 	var err error
 	switch setting.Protocol {
 	case setting.HTTP:
-		err = http.ListenAndServe(listenAddr, m)
+		err = runHTTP(listenAddr, context2.ClearHandler(m))
 	case setting.HTTPS:
-		server := &http.Server{Addr: listenAddr, TLSConfig: &tls.Config{MinVersion: tls.VersionTLS10}, Handler: m}
-		err = server.ListenAndServeTLS(setting.CertFile, setting.KeyFile)
+		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
-		err = fcgi.Serve(nil, m)
+		listener, err := net.Listen("tcp", listenAddr)
+		if err != nil {
+			log.Fatal(4, "Failed to bind %s", listenAddr, err)
+		}
+		defer listener.Close()
+		err = fcgi.Serve(listener, context2.ClearHandler(m))
 	case setting.UnixSocket:
-		if err := os.Remove(listenAddr); err != nil {
-			log.Fatal(4, "Fail to remove unix socket directory %s: %v", listenAddr, err)
+		if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
+			log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err)
 		}
 		var listener *net.UnixListener
 		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
@@ -623,13 +114,13 @@ func runWeb(ctx *cli.Context) error {
 		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
 			log.Fatal(4, "Failed to set permission of unix socket: %v", err)
 		}
-		err = http.Serve(listener, m)
+		err = http.Serve(listener, context2.ClearHandler(m))
 	default:
 		log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
 	}
 
 	if err != nil {
-		log.Fatal(4, "Fail to start server: %v", err)
+		log.Fatal(4, "Failed to start server: %v", err)
 	}
 
 	return nil

cmd/web_graceful.go

@@ -0,0 +1,45 @@
+// +build !windows
+
+// Copyright 2016 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"crypto/tls"
+	"net/http"
+
+	"code.gitea.io/gitea/modules/log"
+
+	"github.com/facebookgo/grace/gracehttp"
+)
+
+func runHTTP(listenAddr string, m http.Handler) error {
+	return gracehttp.Serve(&http.Server{
+		Addr:    listenAddr,
+		Handler: m,
+	})
+}
+
+func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
+	config := &tls.Config{
+		MinVersion: tls.VersionTLS10,
+	}
+	if config.NextProtos == nil {
+		config.NextProtos = []string{"http/1.1"}
+	}
+
+	config.Certificates = make([]tls.Certificate, 1)
+	var err error
+	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
+	if err != nil {
+		log.Fatal(4, "Failed to load https cert file %s: %v", listenAddr, err)
+	}
+
+	return gracehttp.Serve(&http.Server{
+		Addr:      listenAddr,
+		Handler:   m,
+		TLSConfig: config,
+	})
+}

cmd/web_windows.go

@@ -0,0 +1,19 @@
+// +build windows
+
+// Copyright 2016 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"net/http"
+)
+
+func runHTTP(listenAddr string, m http.Handler) error {
+	return http.ListenAndServe(listenAddr, m)
+}
+
+func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
+	return http.ListenAndServeTLS(listenAddr, certFile, keyFile, m)
+}

conf/app.ini

@@ -57,6 +57,8 @@ FEED_MAX_COMMIT_NUM = 5
 THEME_COLOR_META_TAG = `#6cc644`
 ; Max size of files to be displayed (defaults is 8MiB)
 MAX_DISPLAY_FILE_SIZE = 8388608
+; Whether show the user email in the Explore Users page
+SHOW_USER_EMAIL = true
 
 [ui.admin]
 ; Number of users that are showed in one page
@@ -72,6 +74,11 @@ ORG_PAGING_NUM = 50
 ; Number of repos that are showed in one page
 REPO_PAGING_NUM = 15
 
+[ui.meta]
+AUTHOR = Gitea - Git with a cup of tea
+DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+KEYWORDS = go,git,self-hosted,gitea
+
 [markdown]
 ; Enable hard line break extension
 ENABLE_HARD_LINE_BREAK = false
@@ -101,7 +108,7 @@ START_SSH_SERVER = false
 ; Domain name to be exposed in clone URL
 SSH_DOMAIN = %(DOMAIN)s
 ; Network interface builtin SSH server listens on
-SSH_LISTEN_HOST = 
+SSH_LISTEN_HOST =
 ; Port number to be exposed in clone URL
 SSH_PORT = 22
 ; Port number builtin SSH server listens on
@@ -145,7 +152,7 @@ RSA     = 2048
 DSA     = 1024
 
 [database]
-; Either "mysql", "postgres" or "sqlite3", it's your choice
+; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
 DB_TYPE = mysql
 HOST = 127.0.0.1:3306
 NAME = gitea
@@ -156,9 +163,16 @@ SSL_MODE = disable
 ; For "sqlite3" and "tidb", use absolute path when you start as service
 PATH = data/gitea.db
 
+[indexer]
+ISSUE_INDEXER_PATH = indexers/issues.bleve
+UPDATE_BUFFER_LEN = 20
+
 [admin]
+; Disable regular (non-admin) users to create organizations
+DISABLE_REGULAR_ORG_CREATION = false
 
 [security]
+; Whether the installer is disabled
 INSTALL_LOCK = false
 ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
 SECRET_KEY = !#@FDEWREWR&*(
@@ -168,6 +182,44 @@ COOKIE_USERNAME = gitea_awesome
 COOKIE_REMEMBER_NAME = gitea_incredible
 ; Reverse proxy authentication header name of user name
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+; Sets the minimum password length for new Users
+MIN_PASSWORD_LENGTH = 6
+; True when users are allowed to import local server paths
+IMPORT_LOCAL_PATHS = false
+
+[openid]
+;
+; OpenID is an open standard and decentralized authentication protocol.
+; Your identity is the address of a webpage you provide, which describes
+; how to prove you are in control of that page.
+;
+; For more info: https://en.wikipedia.org/wiki/OpenID
+;
+; Current implementation supports OpenID-2.0
+;
+; Tested to work providers at the time of writing:
+;  - Any GNUSocial node (your.hostname.tld/username)
+;  - Any SimpleID provider (http://simpleid.koinic.net)
+;  - http://openid.org.cn/
+;  - openid.stackexchange.com
+;  - login.launchpad.net
+;  - <username>.livejournal.com
+;
+; Whether to allow signin in via OpenID
+ENABLE_OPENID_SIGNIN = true
+; Whether to allow registering via OpenID
+; Do not include to rely on DISABLE_REGISTRATION setting
+;ENABLE_OPENID_SIGNUP = true
+; Allowed URI patterns (POSIX regexp).
+; Space separated.
+; Only these would be allowed if non-blank.
+; Example value: trusted.domain.org trusted.domain.net
+WHITELISTED_URIS =
+; Forbidden URI patterns (POSIX regexp).
+; Space sepaated.
+; Only used if WHITELISTED_URIS is blank.
+; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
+BLACKLISTED_URIS =
 
 [service]
 ACTIVE_CODE_LIVE_MINUTES = 180
@@ -185,6 +237,13 @@ ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ; Enable captcha validation for registration
 ENABLE_CAPTCHA = true
+; Default value for KeepEmailPrivate
+; New user will get the value of this setting copied into their profile
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+; Default value for the domain part of the user's email address in the git log
+; if he has set KeepEmailPrivate true. The user's email replaced with a
+; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
+NO_REPLY_ADDRESS = noreply.example.org
 
 [webhook]
 ; Hook task queue length, increase if webhook shooting starts hanging
@@ -224,6 +283,10 @@ USER =
 PASSWD =
 ; Use text/html as alternative format of content
 ENABLE_HTML_ALTERNATIVE = false
+; Enable sendmail (override SMTP)
+USE_SENDMAIL = false
+; Specifiy an alternative sendmail binary
+SENDMAIL_PATH = sendmail
 
 [cache]
 ; Either "memory", "redis", or "memcache", default is "memory"
@@ -245,14 +308,14 @@ PROVIDER = memory
 ; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
 PROVIDER_CONFIG = data/sessions
 ; Session cookie name
-COOKIE_NAME = i_like_gogits
+COOKIE_NAME = i_like_gitea
 ; If you use session in https only, default is false
 COOKIE_SECURE = false
 ; Enable set cookie, default is true
 ENABLE_SET_COOKIE = true
-; Session GC time interval, default is 86400
+; Session GC time interval in seconds, default is 86400 (1 day)
 GC_INTERVAL_TIME = 86400
-; Session life time, default is 86400
+; Session life time in seconds, default is 86400 (1 day)
 SESSION_LIFE_TIME = 86400
 
 [picture]
@@ -273,7 +336,7 @@ ENABLE = true
 ; Path for attachments. Defaults to `data/attachments`
 PATH = data/attachments
 ; One or more allowed types, e.g. image/jpeg|image/png
-ALLOWED_TYPES = image/jpeg|image/png
+ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
 ; Max size of each file. Defaults to 32MB
 MAX_SIZE = 4
 ; Max number of files per upload. Defaults to 10
@@ -369,6 +432,13 @@ ARGS =
 RUN_AT_START = true
 SCHEDULE = @every 24h
 
+; Clean up old repository archives
+[cron.archive_cleanup]
+RUN_AT_START = true
+SCHEDULE = @every 24h
+; Archives created more than OLDER_THAN ago are subject to deletion
+OLDER_THAN = 24h
+
 [git]
 ; Disables highlight of added and removed changes
 DISABLE_DIFF_HIGHLIGHT = false
@@ -391,8 +461,10 @@ PULL = 300
 GC = 60
 
 [mirror]
-; Default interval in hours between each check
-DEFAULT_INTERVAL = 8
+; Default interval as a duration between each check
+DEFAULT_INTERVAL = 8h
+; Min interval as a duration must be > 1m
+MIN_INTERVAL = 10m
 
 [api]
 ; Max number of items will response in a page
@@ -400,7 +472,7 @@ MAX_RESPONSE_ITEMS = 50
 
 [i18n]
 LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
-NAMES = English,简体中文,繁體中文（香港）,繁體中文（台湾）,Deutsch,Français,Nederlands,Latviešu,Русский,日本語,Español,Português do Brasil,Polski,български,Italiano,Suomalainen,Türkçe,čeština,Српски,Svenska,한국어
+NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,日本語,Español,Português do Brasil,Polski,български,Italiano,Suomalainen,Türkçe,čeština,Српски,Svenska,한국어
 
 ; Used for datetimepicker
 [i18n.datelang]

contrib/init/debian/gitea

@@ -0,0 +1,86 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          gitea
+# Required-Start:    $syslog $network
+# Required-Stop:     $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: A self-hosted Git service written in Go.
+# Description:       A self-hosted Git service written in Go.
+### END INIT INFO
+
+# Author: Danny Boisvert
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Git with a cup of tea"
+NAME=gitea
+SERVICEVERBOSE=yes
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+WORKINGDIR=/home/git/gitea
+DAEMON=$WORKINGDIR/$NAME
+DAEMON_ARGS="web"
+USER=git
+USERBIND="setcap cap_net_bind_service=+ep"
+STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/1/KILL/5}"
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+do_start()
+{
+    $USERBIND $DAEMON
+    sh -c "USER=$USER start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \\
+        --background --chdir $WORKINGDIR --chuid $USER \\
+        --exec $DAEMON -- $DAEMON_ARGS"
+}
+
+do_stop()
+{
+    start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PIDFILE --name $NAME --oknodo
+    rm -f $PIDFILE
+}
+
+do_status()
+{
+    if [ -f $PIDFILE ]; then
+        if kill -0 $(cat "$PIDFILE"); then
+            echo "$NAME is running, PID is $(cat $PIDFILE)"
+        else
+            echo "$NAME process is dead, but pidfile exists"
+        fi
+    else
+        echo "$NAME is not running"
+    fi
+}
+
+case "$1" in
+    start)
+        echo "Starting $DESC" "$NAME"
+        do_start
+        ;;
+    stop)
+        echo "Stopping $DESC" "$NAME"
+        do_stop
+        ;;
+    status)
+        do_status
+        ;;
+    restart)
+        echo "Restarting $DESC" "$NAME"
+        do_stop
+        do_start
+        ;;
+    *)
+        echo "Usage: $SCRIPTNAME {start|stop|status|restart}" >&2
+        exit 2
+        ;;
+esac
+
+exit 0

contrib/migrate/gogs_migrate.sh

@@ -0,0 +1,206 @@
+#!/bin/bash
+
+gitea_version=1.0.1
+tested_gogs_version="0.9.114.1227"
+gogs_binary=gogs
+gitea_binary=gitea
+download_gitea=true
+gitea_path=
+
+function usage() { 
+  echo "Optional parameters: [-b Gitea binary] [-i Gitea install dir] [-o gogs binary] [-h help]";
+  exit 1; 
+}
+
+while getopts ":b::i:o:h:" opt; do
+  case $opt in
+    b)
+        gitea_binary=${OPTARG}
+        download_gitea=false
+      ;;
+    i)
+        gitea_path=${OPTARG}
+      ;;
+    o)
+        gogs_binary=${OPTARG}
+      ;;
+    h)
+       usage
+      ;;
+    \?)
+      echo -e "Invalid option: -$OPTARG" 
+      exit 1
+      ;;
+    :)
+      usage
+      exit 1
+      ;;
+  esac
+done
+
+function exitOnError() {
+  if [ "$?" != "0" ]; then
+      echo -e $1
+      exit 1
+  fi
+}
+
+function checkBinary() {
+  if [ ! -f $1 ]; then
+   echo "Unable to find $1"
+   exit 1
+  fi
+}
+
+function continueYN(){
+  while true; do
+    echo -e "$1 Yes or No"
+    read yn
+    case $yn in
+        [Yy]* ) break;;
+        [Nn]* ) exit 1;;
+        * )     echo "Please answer yes or no.";;
+    esac
+  done
+}
+
+########## Binary checks
+if pidof "$gogs_binary" >/dev/null; then
+ echo "Please stop gogs before migrating to Gitea"
+ exit 1
+fi
+
+checkBinary "$gogs_binary"
+
+if [ ! -x "$gogs_binary" ]; then
+ echo "Please make sure that you are running this script as the gogs user"
+ exit 1
+fi
+
+########## Version check
+gogs_version=$(./$gogs_binary --version)
+original_IFS=$IFS
+IFS="." && current_version=(${gogs_version#"Gogs version "}) && minimal_version=($tested_gogs_version)
+IFS=$original_IFS
+
+count=0
+for i in "${current_version[@]}" 
+do
+  if [ $i -gt ${minimal_version[$count]} ]; then
+   echo -e "!!!--WARNING--!!!\nYour $gogs_version is newer than the tested Gogs version $tested_gogs_version\nUse this script on your own risk\n!!!--WARNING--!!!"
+   break
+  fi
+  let count+=1
+done
+
+########## Disclaimer
+continueYN "This migration script creates a backup before it starts with the actual migration
+If something goes wrong you could always resotre this backup.
+The backups are stored into your gogs folder in gogs-dump-[timestamp].zip file
+
+Migrating from gogs to gitea, are you sure?"
+
+########## gogs dump
+echo "Creating a backup of gogs, this could take a while..."
+./"$gogs_binary" dump
+exitOnError "Failed to create a gogs dump"
+
+########## Create Gitea folder
+if [ -z "$gitea_path" ]; then
+  echo "Where do you want to install Gitea?"
+  read gitea_path 
+fi
+
+if [ ! -d "$gitea_path" ]; then
+  mkdir -p "$gitea_path"
+  exitOnError
+fi
+
+if [ "$(ls -A $gitea_path)" ]; then
+  continueYN "!!!--WARNING--!!!\nDirectory $gitea_path is not empty, do you want to continue?"
+fi
+
+
+########## Download Gitea
+if [ $download_gitea == true ]; then
+
+  ########## Detect os
+  case "$OSTYPE" in
+    darwin*)    platform="darwin-10.6";; 
+    linux*)     platform="linux" ;;
+    freebsd*)   platform="bsd" ;;
+    netbsd*)    platform="bsd" ;;
+    openbsd*)   platform="bsd" ;;
+    *)          echo "Unsupported os: $OSTYPE\n Please download/compile your own binary and run this script with the -b option" exit 1;;
+  esac
+
+  arch=""
+  bits=""
+  if [[ "$platform" == "linux" ]] || [[ "$platform" == "bsd" ]]; then
+    arch="$(uname -m | sed -e 's/arm\(.*\)/arm-\1/' -e s/aarch64.*/arm64/)"
+  fi
+
+  if [[ "$platform" == "bsd" ]] && [[ "$arch" != "arm"* ]]; then
+    echo "Currently Gitea only supports arm prebuilt binarys on bsd"
+    exit 1
+  fi
+
+  if [[ "$arch" != "arm"* ]] &&  [[ "$arch" != "mips"* ]]; then
+    arch=""
+    case "$(getconf LONG_BIT)" in
+      64*)  bits="amd64";; 
+      32*)  bits="386" ;;
+    esac
+  fi
+
+  ########## Wget Gitea
+  echo "Downloading Gitea"
+  file="gitea-$gitea_version-$platform-$arch$bits"
+  url="https://dl.gitea.io/gitea/$gitea_version/$file"
+  wget "$url" -P "$gitea_path"
+  exitOnError "Failed to download $url"
+
+  wget "$url.sha256" -P "$gitea_path"
+  exitOnError "Failed to Gitea checksum $url.sha256"
+
+  echo "Comparing checksums"
+  gogs_dir=$(pwd)
+  cd "$gitea_path"
+
+  sha256sum -c "$file.sha256"
+  exitOnError "Downloaded Gitea checksums do not match"
+
+  rm "$file.sha256"
+  mv "$file" gitea
+  cd "$gogs_dir"
+
+else
+  checkBinary "$gitea_binary"
+  if [ "$gitea_binary" != "$gitea_path/gitea" ];then
+    cp "$gitea_binary" "$gitea_path/gitea"
+  fi
+fi
+
+########## Copy gogs data to Gitea folder
+echo "Copying gogs data to Gitea, this could take a while..."
+cp -R custom "$gitea_path"
+cp -R data "$gitea_path"
+#cp -R conf "$gitea_path"
+
+########## Moving & deleting old files
+#mv $gitea_path/conf $gitea_path/options
+cd "$gitea_path"
+mv "custom/conf/app.ini" "custom/conf/gogs_app.ini"
+url="https://raw.githubusercontent.com/go-gitea/gitea/v$gitea_version/conf/app.ini"
+wget "$url" -P "custom/conf/"
+exitOnError "Unable to download Gitea app.ini"
+rm -f conf/README.md
+
+echo -e "Migration is almost complete, you only need to merge custom/conf/gogs_app.ini into custom/conf/app.ini"
+continueYN "Do you want to start Gitea?"
+
+########## Starting Gitea
+echo "Starting Gitea"
+chmod +x gitea
+./gitea web
+exitOnError "Failed to start Gitea"

contrib/mysql.sql

@@ -0,0 +1,2 @@
+DROP DATABASE IF EXISTS gitea;
+CREATE DATABASE IF NOT EXISTS gitea CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

integrations/gitea-integration-meta/LICENSE

@@ -1,4 +1,6 @@
-Copyright (c) 2016 SmartyStreets, LLC
+MIT License
+
+Copyright (c) 2017 Ethan Koenig
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -17,7 +19,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
-
-NOTE: Various optional and subordinate components carry their own licensing
-requirements and restrictions.  Use of those components is subject to the terms
-and conditions outlined the respective license of each component.

integrations/gitea-integration-meta/README.md

@@ -0,0 +1,2 @@
+# gitea-integration
+Gitea integration test environment

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/HEAD

@@ -0,0 +1 @@
+ref: refs/heads/master

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/config

@@ -0,0 +1,4 @@
+[core]
+	repositoryformatversion = 0
+	filemode = true
+	bare = true

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/description

@@ -0,0 +1 @@
+Unnamed repository; edit this file 'description' to name the repository.

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/applypatch-msg.sample

@@ -0,0 +1,15 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message taken by
+# applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.  The hook is
+# allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "applypatch-msg".
+
+. git-sh-setup
+commitmsg="$(git rev-parse --git-path hooks/commit-msg)"
+test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"}
+:

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/commit-msg.sample

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# An example hook script to check the commit log message.
+# Called by "git commit" with one argument, the name of the file
+# that has the commit message.  The hook should exit with non-zero
+# status after issuing an appropriate message if it wants to stop the
+# commit.  The hook is allowed to edit the commit message file.
+#
+# To enable this hook, rename this file to "commit-msg".
+
+# Uncomment the below to add a Signed-off-by line to the message.
+# Doing this in a hook is a bad idea in general, but the prepare-commit-msg
+# hook is more suited to it.
+#
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"
+
+# This example catches duplicate Signed-off-by lines.
+
+test "" = "$(grep '^Signed-off-by: ' "$1" |
+	 sort | uniq -c | sed -e '/^[ 	]*1[ 	]/d')" || {
+	echo >&2 Duplicate Signed-off-by lines.
+	exit 1
+}

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/post-receive

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/post-receive.d"`; do
+    sh "$SHELL_FOLDER/post-receive.d/$i"
+done

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/post-receive.d/gitea

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config='integrations/app.ini' post-receive

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/post-update.sample

@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# An example hook script to prepare a packed repository for use over
+# dumb transports.
+#
+# To enable this hook, rename this file to "post-update".
+
+exec git update-server-info

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/pre-applypatch.sample

@@ -0,0 +1,14 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed
+# by applypatch from an e-mail message.
+#
+# The hook should exit with non-zero status after issuing an
+# appropriate message if it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-applypatch".
+
+. git-sh-setup
+precommit="$(git rev-parse --git-path hooks/pre-commit)"
+test -x "$precommit" && exec "$precommit" ${1+"$@"}
+:

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/pre-commit.sample

@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# An example hook script to verify what is about to be committed.
+# Called by "git commit" with no arguments.  The hook should
+# exit with non-zero status after issuing an appropriate message if
+# it wants to stop the commit.
+#
+# To enable this hook, rename this file to "pre-commit".
+
+if git rev-parse --verify HEAD >/dev/null 2>&1
+then
+	against=HEAD
+else
+	# Initial commit: diff against an empty tree object
+	against=4b825dc642cb6eb9a060e54bf8d69288fbee4904
+fi
+
+# If you want to allow non-ASCII filenames set this variable to true.
+allownonascii=$(git config --bool hooks.allownonascii)
+
+# Redirect output to stderr.
+exec 1>&2
+
+# Cross platform projects tend to avoid non-ASCII filenames; prevent
+# them from being added to the repository. We exploit the fact that the
+# printable range starts at the space character and ends with tilde.
+if [ "$allownonascii" != "true" ] &&
+	# Note that the use of brackets around a tr range is ok here, (it's
+	# even required, for portability to Solaris 10's /usr/bin/tr), since
+	# the square bracket bytes happen to fall in the designated range.
+	test $(git diff --cached --name-only --diff-filter=A -z $against |
+	  LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0
+then
+	cat <<\EOF
+Error: Attempt to add a non-ASCII file name.
+
+This can cause problems if you want to work with people on other platforms.
+
+To be portable it is advisable to rename the file.
+
+If you know what you are doing you can disable this check using:
+
+  git config hooks.allownonascii true
+EOF
+	exit 1
+fi
+
+# If there are whitespace errors, print the offending file names and fail.
+exec git diff-index --check --cached $against --

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/pre-push.sample

@@ -0,0 +1,53 @@
+#!/bin/sh
+
+# An example hook script to verify what is about to be pushed.  Called by "git
+# push" after it has checked the remote status, but before anything has been
+# pushed.  If this script exits with a non-zero status nothing will be pushed.
+#
+# This hook is called with the following parameters:
+#
+# $1 -- Name of the remote to which the push is being done
+# $2 -- URL to which the push is being done
+#
+# If pushing without using a named remote those arguments will be equal.
+#
+# Information about the commits which are being pushed is supplied as lines to
+# the standard input in the form:
+#
+#   <local ref> <local sha1> <remote ref> <remote sha1>
+#
+# This sample shows how to prevent push of commits where the log message starts
+# with "WIP" (work in progress).
+
+remote="$1"
+url="$2"
+
+z40=0000000000000000000000000000000000000000
+
+while read local_ref local_sha remote_ref remote_sha
+do
+	if [ "$local_sha" = $z40 ]
+	then
+		# Handle delete
+		:
+	else
+		if [ "$remote_sha" = $z40 ]
+		then
+			# New branch, examine all commits
+			range="$local_sha"
+		else
+			# Update to existing branch, examine new commits
+			range="$remote_sha..$local_sha"
+		fi
+
+		# Check for WIP commit
+		commit=`git rev-list -n 1 --grep '^WIP' "$range"`
+		if [ -n "$commit" ]
+		then
+			echo >&2 "Found WIP commit in $local_ref, not pushing"
+			exit 1
+		fi
+	fi
+done
+
+exit 0

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/pre-rebase.sample

@@ -0,0 +1,169 @@
+#!/bin/sh
+#
+# Copyright (c) 2006, 2008 Junio C Hamano
+#
+# The "pre-rebase" hook is run just before "git rebase" starts doing
+# its job, and can prevent the command from running by exiting with
+# non-zero status.
+#
+# The hook is called with the following parameters:
+#
+# $1 -- the upstream the series was forked from.
+# $2 -- the branch being rebased (or empty when rebasing the current branch).
+#
+# This sample shows how to prevent topic branches that are already
+# merged to 'next' branch from getting rebased, because allowing it
+# would result in rebasing already published history.
+
+publish=next
+basebranch="$1"
+if test "$#" = 2
+then
+	topic="refs/heads/$2"
+else
+	topic=`git symbolic-ref HEAD` ||
+	exit 0 ;# we do not interrupt rebasing detached HEAD
+fi
+
+case "$topic" in
+refs/heads/??/*)
+	;;
+*)
+	exit 0 ;# we do not interrupt others.
+	;;
+esac
+
+# Now we are dealing with a topic branch being rebased
+# on top of master.  Is it OK to rebase it?
+
+# Does the topic really exist?
+git show-ref -q "$topic" || {
+	echo >&2 "No such branch $topic"
+	exit 1
+}
+
+# Is topic fully merged to master?
+not_in_master=`git rev-list --pretty=oneline ^master "$topic"`
+if test -z "$not_in_master"
+then
+	echo >&2 "$topic is fully merged to master; better remove it."
+	exit 1 ;# we could allow it, but there is no point.
+fi
+
+# Is topic ever merged to next?  If so you should not be rebasing it.
+only_next_1=`git rev-list ^master "^$topic" ${publish} | sort`
+only_next_2=`git rev-list ^master           ${publish} | sort`
+if test "$only_next_1" = "$only_next_2"
+then
+	not_in_topic=`git rev-list "^$topic" master`
+	if test -z "$not_in_topic"
+	then
+		echo >&2 "$topic is already up-to-date with master"
+		exit 1 ;# we could allow it, but there is no point.
+	else
+		exit 0
+	fi
+else
+	not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"`
+	/usr/bin/perl -e '
+		my $topic = $ARGV[0];
+		my $msg = "* $topic has commits already merged to public branch:\n";
+		my (%not_in_next) = map {
+			/^([0-9a-f]+) /;
+			($1 => 1);
+		} split(/\n/, $ARGV[1]);
+		for my $elem (map {
+				/^([0-9a-f]+) (.*)$/;
+				[$1 => $2];
+			} split(/\n/, $ARGV[2])) {
+			if (!exists $not_in_next{$elem->[0]}) {
+				if ($msg) {
+					print STDERR $msg;
+					undef $msg;
+				}
+				print STDERR " $elem->[1]\n";
+			}
+		}
+	' "$topic" "$not_in_next" "$not_in_master"
+	exit 1
+fi
+
+<<\DOC_END
+
+This sample hook safeguards topic branches that have been
+published from being rewound.
+
+The workflow assumed here is:
+
+ * Once a topic branch forks from "master", "master" is never
+   merged into it again (either directly or indirectly).
+
+ * Once a topic branch is fully cooked and merged into "master",
+   it is deleted.  If you need to build on top of it to correct
+   earlier mistakes, a new topic branch is created by forking at
+   the tip of the "master".  This is not strictly necessary, but
+   it makes it easier to keep your history simple.
+
+ * Whenever you need to test or publish your changes to topic
+   branches, merge them into "next" branch.
+
+The script, being an example, hardcodes the publish branch name
+to be "next", but it is trivial to make it configurable via
+$GIT_DIR/config mechanism.
+
+With this workflow, you would want to know:
+
+(1) ... if a topic branch has ever been merged to "next".  Young
+    topic branches can have stupid mistakes you would rather
+    clean up before publishing, and things that have not been
+    merged into other branches can be easily rebased without
+    affecting other people.  But once it is published, you would
+    not want to rewind it.
+
+(2) ... if a topic branch has been fully merged to "master".
+    Then you can delete it.  More importantly, you should not
+    build on top of it -- other people may already want to
+    change things related to the topic as patches against your
+    "master", so if you need further changes, it is better to
+    fork the topic (perhaps with the same name) afresh from the
+    tip of "master".
+
+Let's look at this example:
+
+		   o---o---o---o---o---o---o---o---o---o "next"
+		  /       /           /           /
+		 /   a---a---b A     /           /
+		/   /               /           /
+	       /   /   c---c---c---c B         /
+	      /   /   /             \         /
+	     /   /   /   b---b C     \       /
+	    /   /   /   /             \     /
+    ---o---o---o---o---o---o---o---o---o---o---o "master"
+
+
+A, B and C are topic branches.
+
+ * A has one fix since it was merged up to "next".
+
+ * B has finished.  It has been fully merged up to "master" and "next",
+   and is ready to be deleted.
+
+ * C has not merged to "next" at all.
+
+We would want to allow C to be rebased, refuse A, and encourage
+B to be deleted.
+
+To compute (1):
+
+	git rev-list ^master ^topic next
+	git rev-list ^master        next
+
+	if these match, topic has not merged in next at all.
+
+To compute (2):
+
+	git rev-list master..topic
+
+	if this is empty, it is fully merged to "master".
+
+DOC_END

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/pre-receive

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/pre-receive.d"`; do
+    sh "$SHELL_FOLDER/pre-receive.d/$i"
+done

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/pre-receive.d/gitea

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config='integrations/app.ini' pre-receive

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/prepare-commit-msg.sample

@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# An example hook script to prepare the commit log message.
+# Called by "git commit" with the name of the file that has the
+# commit message, followed by the description of the commit
+# message's source.  The hook's purpose is to edit the commit
+# message file.  If the hook fails with a non-zero status,
+# the commit is aborted.
+#
+# To enable this hook, rename this file to "prepare-commit-msg".
+
+# This hook includes three examples.  The first comments out the
+# "Conflicts:" part of a merge commit.
+#
+# The second includes the output of "git diff --name-status -r"
+# into the message, just before the "git status" output.  It is
+# commented because it doesn't cope with --amend or with squashed
+# commits.
+#
+# The third example adds a Signed-off-by line to the message, that can
+# still be edited.  This is rarely a good idea.
+
+case "$2,$3" in
+  merge,)
+    /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;;
+
+# ,|template,)
+#   /usr/bin/perl -i.bak -pe '
+#      print "\n" . `git diff --cached --name-status -r`
+#	 if /^#/ && $first++ == 0' "$1" ;;
+
+  *) ;;
+esac
+
+# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p')
+# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1"

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/update

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+ORI_DIR=`pwd`
+SHELL_FOLDER=$(cd "$(dirname "$0")";pwd)
+cd "$ORI_DIR"
+for i in `ls "$SHELL_FOLDER/update.d"`; do
+    sh "$SHELL_FOLDER/update.d/$i" $1 $2 $3
+done

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/update.d/gitea

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash
+"$GITEA_ROOT/gitea" hook --config='integrations/app.ini' update $1 $2 $3

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/hooks/update.sample

@@ -0,0 +1,128 @@
+#!/bin/sh
+#
+# An example hook script to block unannotated tags from entering.
+# Called by "git receive-pack" with arguments: refname sha1-old sha1-new
+#
+# To enable this hook, rename this file to "update".
+#
+# Config
+# ------
+# hooks.allowunannotated
+#   This boolean sets whether unannotated tags will be allowed into the
+#   repository.  By default they won't be.
+# hooks.allowdeletetag
+#   This boolean sets whether deleting tags will be allowed in the
+#   repository.  By default they won't be.
+# hooks.allowmodifytag
+#   This boolean sets whether a tag may be modified after creation. By default
+#   it won't be.
+# hooks.allowdeletebranch
+#   This boolean sets whether deleting branches will be allowed in the
+#   repository.  By default they won't be.
+# hooks.denycreatebranch
+#   This boolean sets whether remotely creating branches will be denied
+#   in the repository.  By default this is allowed.
+#
+
+# --- Command line
+refname="$1"
+oldrev="$2"
+newrev="$3"
+
+# --- Safety check
+if [ -z "$GIT_DIR" ]; then
+	echo "Don't run this script from the command line." >&2
+	echo " (if you want, you could supply GIT_DIR then run" >&2
+	echo "  $0 <ref> <oldrev> <newrev>)" >&2
+	exit 1
+fi
+
+if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then
+	echo "usage: $0 <ref> <oldrev> <newrev>" >&2
+	exit 1
+fi
+
+# --- Config
+allowunannotated=$(git config --bool hooks.allowunannotated)
+allowdeletebranch=$(git config --bool hooks.allowdeletebranch)
+denycreatebranch=$(git config --bool hooks.denycreatebranch)
+allowdeletetag=$(git config --bool hooks.allowdeletetag)
+allowmodifytag=$(git config --bool hooks.allowmodifytag)
+
+# check for no description
+projectdesc=$(sed -e '1q' "$GIT_DIR/description")
+case "$projectdesc" in
+"Unnamed repository"* | "")
+	echo "*** Project description file hasn't been set" >&2
+	exit 1
+	;;
+esac
+
+# --- Check types
+# if $newrev is 0000...0000, it's a commit to delete a ref.
+zero="0000000000000000000000000000000000000000"
+if [ "$newrev" = "$zero" ]; then
+	newrev_type=delete
+else
+	newrev_type=$(git cat-file -t $newrev)
+fi
+
+case "$refname","$newrev_type" in
+	refs/tags/*,commit)
+		# un-annotated tag
+		short_refname=${refname##refs/tags/}
+		if [ "$allowunannotated" != "true" ]; then
+			echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2
+			echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,delete)
+		# delete tag
+		if [ "$allowdeletetag" != "true" ]; then
+			echo "*** Deleting a tag is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/tags/*,tag)
+		# annotated tag
+		if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1
+		then
+			echo "*** Tag '$refname' already exists." >&2
+			echo "*** Modifying a tag is not allowed in this repository." >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,commit)
+		# branch
+		if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then
+			echo "*** Creating a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/heads/*,delete)
+		# delete branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	refs/remotes/*,commit)
+		# tracking branch
+		;;
+	refs/remotes/*,delete)
+		# delete tracking branch
+		if [ "$allowdeletebranch" != "true" ]; then
+			echo "*** Deleting a tracking branch is not allowed in this repository" >&2
+			exit 1
+		fi
+		;;
+	*)
+		# Anything else (is there anything else?)
+		echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2
+		exit 1
+		;;
+esac
+
+# --- Finished
+exit 0

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/info/exclude

@@ -0,0 +1,6 @@
+# git ls-files --others --exclude-from=.git/info/exclude
+# Lines that start with '#' are comments.
+# For a project mostly in C, the following would be a good set of
+# exclude patterns (uncomment them if you want to use them):
+# *.[oa]
+# *~

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/info/refs

@@ -0,0 +1 @@
+65f1bf27bc3bf70f64657658635e66094edbcb4d	refs/heads/master

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/objects/info/packs

@@ -0,0 +1 @@
+

integrations/gitea-integration-meta/gitea-repositories/user2/repo1.git/refs/heads/master

@@ -0,0 +1 @@
+65f1bf27bc3bf70f64657658635e66094edbcb4d

integrations/integration_test.go

@@ -0,0 +1,100 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"bytes"
+	"fmt"
+	"io"
+	"net/http"
+	"os"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/routers"
+	"code.gitea.io/gitea/routers/routes"
+
+	"github.com/Unknwon/com"
+	"github.com/stretchr/testify/assert"
+	"gopkg.in/macaron.v1"
+	"gopkg.in/testfixtures.v2"
+)
+
+var mac *macaron.Macaron
+
+func TestMain(m *testing.M) {
+	appIniPath := os.Getenv("GITEA_CONF")
+	if appIniPath == "" {
+		fmt.Println("Environment variable $GITEA_CONF not set")
+		os.Exit(1)
+	}
+	setting.CustomConf = appIniPath
+	routers.GlobalInit()
+	mac = routes.NewMacaron()
+	routes.RegisterRoutes(mac)
+
+	var helper testfixtures.Helper
+	if setting.UseMySQL {
+		helper = &testfixtures.MySQL{}
+	} else if setting.UsePostgreSQL {
+		helper = &testfixtures.PostgreSQL{}
+	} else if setting.UseSQLite3 {
+		helper = &testfixtures.SQLite{}
+	} else {
+		fmt.Println("Unsupported RDBMS for integration tests")
+		os.Exit(1)
+	}
+
+	err := models.InitFixtures(
+		helper,
+		"models/fixtures/",
+	)
+	if err != nil {
+		fmt.Printf("Error initializing test database: %v\n", err)
+		os.Exit(1)
+	}
+	os.Exit(m.Run())
+}
+
+func prepareTestEnv(t *testing.T) {
+	assert.NoError(t, models.LoadFixtures())
+	assert.NoError(t, os.RemoveAll("integrations/gitea-integration"))
+	assert.NoError(t, com.CopyDir("integrations/gitea-integration-meta", "integrations/gitea-integration"))
+}
+
+type TestResponseWriter struct {
+	HeaderCode int
+	Writer     io.Writer
+}
+
+func (w *TestResponseWriter) Header() http.Header {
+	return make(map[string][]string)
+}
+
+func (w *TestResponseWriter) Write(b []byte) (int, error) {
+	return w.Writer.Write(b)
+}
+
+func (w *TestResponseWriter) WriteHeader(n int) {
+	w.HeaderCode = n
+}
+
+type TestResponse struct {
+	HeaderCode int
+	Body       []byte
+}
+
+func MakeRequest(req *http.Request) *TestResponse {
+	buffer := bytes.NewBuffer(nil)
+	respWriter := &TestResponseWriter{
+		Writer: buffer,
+	}
+	mac.ServeHTTP(respWriter, req)
+	return &TestResponse{
+		HeaderCode: respWriter.HeaderCode,
+		Body:       buffer.Bytes(),
+	}
+}

integrations/mysql.ini

@@ -0,0 +1,56 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = mysql
+HOST     = 127.0.0.1:3306
+NAME     = testgitea
+USER     = root
+PASSWD   =
+SSL_MODE = disable
+PATH     = data/gitea.db
+
+[repository]
+ROOT = integrations/gitea-integration/gitea-repositories
+
+[server]
+SSH_DOMAIN       = localhost
+HTTP_PORT        = 3000
+ROOT_URL         = http://localhost:3000/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+LFS_START_SERVER = false
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM     = false
+ENABLE_NOTIFY_MAIL         = false
+DISABLE_REGISTRATION       = false
+ENABLE_CAPTCHA             = false
+REQUIRE_SIGNIN_VIEW        = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+NO_REPLY_ADDRESS           = noreply.example.org
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = console,file
+
+[log.console]
+LEVEL = Warn
+
+[log.file]
+LEVEL     = Info
+ROOT_PATH = log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY   = 9pCviYTWSb

integrations/pgsql.ini

@@ -0,0 +1,56 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = postgres
+HOST     = 127.0.0.1:5432
+NAME     = testgitea
+USER     = postgres
+PASSWD   = postgres
+SSL_MODE = disable
+PATH     = data/gitea.db
+
+[repository]
+ROOT = integrations/gitea-integration/gitea-repositories
+
+[server]
+SSH_DOMAIN       = localhost
+HTTP_PORT        = 3000
+ROOT_URL         = http://localhost:3000/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+LFS_START_SERVER = false
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM     = false
+ENABLE_NOTIFY_MAIL         = false
+DISABLE_REGISTRATION       = false
+ENABLE_CAPTCHA             = false
+REQUIRE_SIGNIN_VIEW        = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+NO_REPLY_ADDRESS           = noreply.example.org
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = console,file
+
+[log.console]
+LEVEL = Warn
+
+[log.file]
+LEVEL     = Info
+ROOT_PATH = log
+
+[security]
+INSTALL_LOCK = true
+SECRET_KEY   = 9pCviYTWSb

integrations/signup_test.go

@@ -0,0 +1,41 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"bytes"
+	"net/http"
+	"net/url"
+	"testing"
+
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSignup(t *testing.T) {
+	prepareTestEnv(t)
+
+	setting.Service.EnableCaptcha = false
+
+	req, err := http.NewRequest("POST", "/user/sign_up",
+		bytes.NewBufferString(url.Values{
+			"user_name": []string{"exampleUser"},
+			"email":     []string{"exampleUser@example.com"},
+			"password":  []string{"examplePassword"},
+			"retype":    []string{"examplePassword"},
+		}.Encode()),
+	)
+	assert.NoError(t, err)
+	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+	resp := MakeRequest(req)
+	assert.EqualValues(t, http.StatusFound, resp.HeaderCode)
+
+	// should be able to view new user's page
+	req, err = http.NewRequest("GET", "/exampleUser", nil)
+	assert.NoError(t, err)
+	resp = MakeRequest(req)
+	assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+}

integrations/sqlite.ini

@@ -0,0 +1,58 @@
+APP_NAME = Gitea: Git with a cup of tea
+RUN_MODE = prod
+
+[database]
+DB_TYPE  = sqlite3
+HOST     = 127.0.0.1:3306
+NAME     = testgitea
+USER     = gitea
+PASSWD   =
+SSL_MODE = disable
+PATH     = :memory:
+
+[repository]
+ROOT = integrations/gitea-integration/gitea-repositories
+
+[server]
+SSH_DOMAIN       = localhost
+HTTP_PORT        = 3000
+ROOT_URL         = http://localhost:3000/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+LFS_START_SERVER = false
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED = false
+
+[service]
+REGISTER_EMAIL_CONFIRM     = false
+ENABLE_NOTIFY_MAIL         = false
+DISABLE_REGISTRATION       = false
+ENABLE_CAPTCHA             = false
+REQUIRE_SIGNIN_VIEW        = false
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+NO_REPLY_ADDRESS           = noreply.example.org
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = false
+
+[session]
+PROVIDER = file
+
+[log]
+MODE = console,file
+
+[log.console]
+LEVEL = Warn
+
+[log.file]
+LEVEL     = Info
+ROOT_PATH = log
+
+[security]
+INSTALL_LOCK   = true
+SECRET_KEY     = 9pCviYTWSb
+INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI3OTU5ODN9.OQkH5UmzID2XBdwQ9TAI6Jj2t1X-wElVTjbE7aoN4I8
+

integrations/version_test.go

@@ -0,0 +1,33 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"bytes"
+	"encoding/json"
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/sdk/gitea"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestVersion(t *testing.T) {
+	prepareTestEnv(t)
+
+	setting.AppVer = "1.1.0+dev"
+	req, err := http.NewRequest("GET", "/api/v1/version", nil)
+	assert.NoError(t, err)
+	resp := MakeRequest(req)
+
+	var version gitea.ServerVersion
+	decoder := json.NewDecoder(bytes.NewBuffer(resp.Body))
+	assert.NoError(t, decoder.Decode(&version))
+
+	assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+	assert.Equal(t, setting.AppVer, string(version.Version))
+}

integrations/view_test.go

@@ -0,0 +1,30 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestViewRepo(t *testing.T) {
+	prepareTestEnv(t)
+
+	req, err := http.NewRequest("GET", "/user2/repo1", nil)
+	assert.NoError(t, err)
+	resp := MakeRequest(req)
+	assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+}
+
+func TestViewUser(t *testing.T) {
+	prepareTestEnv(t)
+
+	req, err := http.NewRequest("GET", "/user2", nil)
+	assert.NoError(t, err)
+	resp := MakeRequest(req)
+	assert.EqualValues(t, http.StatusOK, resp.HeaderCode)
+}

main.go

@@ -8,40 +8,51 @@ package main // import "code.gitea.io/gitea"
 
 import (
 	"os"
-	"runtime"
-
-	"code.gitea.io/gitea/modules/log"
+	"strings"
 
 	"code.gitea.io/gitea/cmd"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/urfave/cli"
 )
 
 // Version holds the current Gitea version
-var Version = "1.0.0+dev"
+var Version = "1.1.0+dev"
+
+// Tags holds the build tags used
+var Tags = ""
 
 func init() {
-	runtime.GOMAXPROCS(runtime.NumCPU())
 	setting.AppVer = Version
+	setting.AppBuiltWith = formatBuiltWith(Tags)
 }
 
 func main() {
 	app := cli.NewApp()
 	app.Name = "Gitea"
 	app.Usage = "A painless self-hosted Git service"
-	app.Version = Version
+	app.Version = Version + formatBuiltWith(Tags)
 	app.Commands = []cli.Command{
 		cmd.CmdWeb,
 		cmd.CmdServ,
-		cmd.CmdUpdate,
-		cmd.CmdDump,
+		cmd.CmdHook,
 		cmd.CmdCert,
 		cmd.CmdAdmin,
+		cmd.Backup,
+		cmd.Restore,
+		cmd.Dump,
 	}
 	app.Flags = append(app.Flags, []cli.Flag{}...)
 	err := app.Run(os.Args)
 	if err != nil {
-		log.Fatal(4, "Fail to run app with %s: %v", os.Args, err)
+		log.Fatal(4, "Failed to run app with %s: %v", os.Args, err)
+	}
+}
+
+func formatBuiltWith(Tags string) string {
+	if len(Tags) == 0 {
+		return ""
 	}
 
+	return " built with: " + strings.Replace(Tags, " ", ", ", -1)
 }

models/access.go

@@ -4,11 +4,7 @@
 
 package models
 
-import (
-	"fmt"
-
-	"code.gitea.io/gitea/modules/log"
-)
+import "fmt"
 
 // AccessMode specifies the users access mode
 type AccessMode int
@@ -63,21 +59,21 @@ type Access struct {
 	Mode   AccessMode
 }
 
-func accessLevel(e Engine, user *User, repo *Repository) (AccessMode, error) {
+func accessLevel(e Engine, userID int64, repo *Repository) (AccessMode, error) {
 	mode := AccessModeNone
 	if !repo.IsPrivate {
 		mode = AccessModeRead
 	}
 
-	if user == nil {
+	if userID == 0 {
 		return mode, nil
 	}
 
-	if user.ID == repo.OwnerID {
+	if userID == repo.OwnerID {
 		return AccessModeOwner, nil
 	}
 
-	a := &Access{UserID: user.ID, RepoID: repo.ID}
+	a := &Access{UserID: userID, RepoID: repo.ID}
 	if has, err := e.Get(a); !has || err != nil {
 		return mode, err
 	}
@@ -85,44 +81,60 @@ func accessLevel(e Engine, user *User, repo *Repository) (AccessMode, error) {
 }
 
 // AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
-// user does not have access. User can be nil!
-func AccessLevel(user *User, repo *Repository) (AccessMode, error) {
-	return accessLevel(x, user, repo)
+// user does not have access.
+func AccessLevel(userID int64, repo *Repository) (AccessMode, error) {
+	return accessLevel(x, userID, repo)
 }
 
-func hasAccess(e Engine, user *User, repo *Repository, testMode AccessMode) (bool, error) {
-	mode, err := accessLevel(e, user, repo)
+func hasAccess(e Engine, userID int64, repo *Repository, testMode AccessMode) (bool, error) {
+	mode, err := accessLevel(e, userID, repo)
 	return testMode <= mode, err
 }
 
-// HasAccess returns true if someone has the request access level. User can be nil!
-func HasAccess(user *User, repo *Repository, testMode AccessMode) (bool, error) {
-	return hasAccess(x, user, repo, testMode)
+// HasAccess returns true if user has access to repo
+func HasAccess(userID int64, repo *Repository, testMode AccessMode) (bool, error) {
+	return hasAccess(x, userID, repo, testMode)
+}
+
+type repoAccess struct {
+	Access     `xorm:"extends"`
+	Repository `xorm:"extends"`
+}
+
+func (repoAccess) TableName() string {
+	return "access"
 }
 
 // GetRepositoryAccesses finds all repositories with their access mode where a user has access but does not own.
 func (user *User) GetRepositoryAccesses() (map[*Repository]AccessMode, error) {
-	accesses := make([]*Access, 0, 10)
-	if err := x.Find(&accesses, &Access{UserID: user.ID}); err != nil {
+	rows, err := x.
+		Join("INNER", "repository", "repository.id = access.repo_id").
+		Where("access.user_id = ?", user.ID).
+		And("repository.owner_id <> ?", user.ID).
+		Rows(new(repoAccess))
+	if err != nil {
 		return nil, err
 	}
+	defer rows.Close()
 
-	repos := make(map[*Repository]AccessMode, len(accesses))
-	for _, access := range accesses {
-		repo, err := GetRepositoryByID(access.RepoID)
+	var repos = make(map[*Repository]AccessMode, 10)
+	var ownerCache = make(map[int64]*User, 10)
+	for rows.Next() {
+		var repo repoAccess
+		err = rows.Scan(&repo)
 		if err != nil {
-			if IsErrRepoNotExist(err) {
-				log.Error(4, "GetRepositoryByID: %v", err)
-				continue
+			return nil, err
+		}
+
+		var ok bool
+		if repo.Owner, ok = ownerCache[repo.OwnerID]; !ok {
+			if err = repo.GetOwner(); err != nil {
+				return nil, err
 			}
-			return nil, err
+			ownerCache[repo.OwnerID] = repo.Owner
 		}
-		if err = repo.GetOwner(); err != nil {
-			return nil, err
-		} else if repo.OwnerID == user.ID {
-			continue
-		}
-		repos[repo] = access.Mode
+
+		repos[&repo.Repository] = repo.Access.Mode
 	}
 	return repos, nil
 }
@@ -154,7 +166,7 @@ func maxAccessMode(modes ...AccessMode) AccessMode {
 	return max
 }
 
-// FIXME: do corss-comparison so reduce deletions and additions to the minimum?
+// FIXME: do cross-comparison so reduce deletions and additions to the minimum?
 func (repo *Repository) refreshAccesses(e Engine, accessMap map[int64]AccessMode) (err error) {
 	minMode := AccessModeRead
 	if !repo.IsPrivate {

models/access_test.go

@@ -0,0 +1,125 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var accessModes = []AccessMode{
+	AccessModeRead,
+	AccessModeWrite,
+	AccessModeAdmin,
+	AccessModeOwner,
+}
+
+func TestAccessLevel(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user1 := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user2 := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)
+	repo1 := AssertExistsAndLoadBean(t, &Repository{OwnerID: 2, IsPrivate: false}).(*Repository)
+	repo2 := AssertExistsAndLoadBean(t, &Repository{OwnerID: 3, IsPrivate: true}).(*Repository)
+
+	level, err := AccessLevel(user1.ID, repo1)
+	assert.NoError(t, err)
+	assert.Equal(t, AccessModeOwner, level)
+
+	level, err = AccessLevel(user1.ID, repo2)
+	assert.NoError(t, err)
+	assert.Equal(t, AccessModeWrite, level)
+
+	level, err = AccessLevel(user2.ID, repo1)
+	assert.NoError(t, err)
+	assert.Equal(t, AccessModeRead, level)
+
+	level, err = AccessLevel(user2.ID, repo2)
+	assert.NoError(t, err)
+	assert.Equal(t, AccessModeNone, level)
+}
+
+func TestHasAccess(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user1 := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user2 := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)
+	repo1 := AssertExistsAndLoadBean(t, &Repository{OwnerID: 2, IsPrivate: false}).(*Repository)
+	repo2 := AssertExistsAndLoadBean(t, &Repository{OwnerID: 3, IsPrivate: true}).(*Repository)
+
+	for _, accessMode := range accessModes {
+		has, err := HasAccess(user1.ID, repo1, accessMode)
+		assert.NoError(t, err)
+		assert.True(t, has)
+
+		has, err = HasAccess(user1.ID, repo2, accessMode)
+		assert.NoError(t, err)
+		assert.Equal(t, accessMode <= AccessModeWrite, has)
+
+		has, err = HasAccess(user2.ID, repo1, accessMode)
+		assert.NoError(t, err)
+		assert.Equal(t, accessMode <= AccessModeRead, has)
+
+		has, err = HasAccess(user2.ID, repo2, accessMode)
+		assert.NoError(t, err)
+		assert.Equal(t, accessMode <= AccessModeNone, has)
+	}
+}
+
+func TestUser_GetRepositoryAccesses(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user1 := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	accesses, err := user1.GetRepositoryAccesses()
+	assert.NoError(t, err)
+	assert.Len(t, accesses, 0)
+}
+
+func TestUser_GetAccessibleRepositories(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user1 := AssertExistsAndLoadBean(t, &User{ID: 1}).(*User)
+	repos, err := user1.GetAccessibleRepositories(0)
+	assert.NoError(t, err)
+	assert.Len(t, repos, 0)
+
+	user2 := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	repos, err = user2.GetAccessibleRepositories(0)
+	assert.NoError(t, err)
+	assert.Len(t, repos, 1)
+}
+
+func TestRepository_RecalculateAccesses(t *testing.T) {
+	// test with organization repo
+	assert.NoError(t, PrepareTestDatabase())
+	repo1 := AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
+	assert.NoError(t, repo1.GetOwner())
+
+	_, err := x.Delete(&Collaboration{UserID: 2, RepoID: 3})
+	assert.NoError(t, err)
+	assert.NoError(t, repo1.RecalculateAccesses())
+
+	access := &Access{UserID: 2, RepoID: 3}
+	has, err := x.Get(access)
+	assert.NoError(t, err)
+	assert.True(t, has)
+	assert.Equal(t, AccessModeOwner, access.Mode)
+}
+
+func TestRepository_RecalculateAccesses2(t *testing.T) {
+	// test with non-organization repo
+	assert.NoError(t, PrepareTestDatabase())
+	repo1 := AssertExistsAndLoadBean(t, &Repository{ID: 4}).(*Repository)
+	assert.NoError(t, repo1.GetOwner())
+
+	_, err := x.Delete(&Collaboration{UserID: 4, RepoID: 4})
+	assert.NoError(t, err)
+	assert.NoError(t, repo1.RecalculateAccesses())
+
+	has, err := x.Get(&Access{UserID: 4, RepoID: 4})
+	assert.NoError(t, err)
+	assert.False(t, has)
+}

models/action.go

@@ -71,19 +71,19 @@ func init() {
 // used in template render.
 type Action struct {
 	ID           int64 `xorm:"pk autoincr"`
-	UserID       int64 // Receiver user id.
+	UserID       int64 `xorm:"INDEX"` // Receiver user id.
 	OpType       ActionType
-	ActUserID    int64  // Action user id.
+	ActUserID    int64  `xorm:"INDEX"` // Action user id.
 	ActUserName  string // Action user name.
 	ActAvatar    string `xorm:"-"`
-	RepoID       int64
+	RepoID       int64  `xorm:"INDEX"`
 	RepoUserName string
 	RepoName     string
 	RefName      string
-	IsPrivate    bool      `xorm:"NOT NULL DEFAULT false"`
+	IsPrivate    bool      `xorm:"INDEX NOT NULL DEFAULT false"`
 	Content      string    `xorm:"TEXT"`
 	Created      time.Time `xorm:"-"`
-	CreatedUnix  int64
+	CreatedUnix  int64     `xorm:"INDEX"`
 }
 
 // BeforeInsert will be invoked by XORM before inserting a record
@@ -145,7 +145,7 @@ func (a *Action) GetRepoPath() string {
 }
 
 // ShortRepoPath returns the virtual path to the action repository
-// trimed to max 20 + 1 + 33 chars.
+// trimmed to max 20 + 1 + 33 chars.
 func (a *Action) ShortRepoPath() string {
 	return path.Join(a.ShortRepoUserName(), a.ShortRepoName())
 }
@@ -360,7 +360,7 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) err
 
 			issue, err := GetIssueByRef(ref)
 			if err != nil {
-				if IsErrIssueNotExist(err) {
+				if IsErrIssueNotExist(err) || err == errMissingIssueNumber {
 					continue
 				}
 				return err
@@ -398,7 +398,7 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) err
 
 			issue, err := GetIssueByRef(ref)
 			if err != nil {
-				if IsErrIssueNotExist(err) {
+				if IsErrIssueNotExist(err) || err == errMissingIssueNumber {
 					continue
 				}
 				return err
@@ -418,7 +418,7 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) err
 			}
 		}
 
-		// It is conflict to have close and reopen at same time, so refsMarkd doesn't need to reinit here.
+		// It is conflict to have close and reopen at same time, so refsMarked doesn't need to reinit here.
 		for _, ref := range issueReopenKeywordsPat.FindAllString(c.Message, -1) {
 			ref = ref[strings.IndexByte(ref, byte(' '))+1:]
 			ref = strings.TrimRightFunc(ref, issueIndexTrimRight)
@@ -438,7 +438,7 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) err
 
 			issue, err := GetIssueByRef(ref)
 			if err != nil {
-				if IsErrIssueNotExist(err) {
+				if IsErrIssueNotExist(err) || err == errMissingIssueNumber {
 					continue
 				}
 				return err
@@ -658,17 +658,14 @@ func GetFeeds(ctxUser *User, actorID, offset int64, isProfile bool) ([]*Action,
 			And("is_private = ?", false).
 			And("act_user_id = ?", ctxUser.ID)
 	} else if actorID != -1 && ctxUser.IsOrganization() {
-		// FIXME: only need to get IDs here, not all fields of repository.
-		repos, _, err := ctxUser.GetUserRepositories(actorID, 1, ctxUser.NumRepos)
+		env, err := ctxUser.AccessibleReposEnv(actorID)
+		if err != nil {
+			return nil, fmt.Errorf("AccessibleReposEnv: %v", err)
+		}
+		repoIDs, err := env.RepoIDs(1, ctxUser.NumRepos)
 		if err != nil {
 			return nil, fmt.Errorf("GetUserRepositories: %v", err)
 		}
-
-		var repoIDs []int64
-		for _, repo := range repos {
-			repoIDs = append(repoIDs, repo.ID)
-		}
-
 		if len(repoIDs) > 0 {
 			sess.In("repo_id", repoIDs)
 		}

models/action_test.go

@@ -0,0 +1,337 @@
+package models
+
+import (
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAction_GetRepoPath(t *testing.T) {
+	action := &Action{
+		RepoUserName: "username",
+		RepoName:     "reponame",
+	}
+	assert.Equal(t, "username/reponame", action.GetRepoPath())
+}
+
+func TestAction_GetRepoLink(t *testing.T) {
+	action := &Action{
+		RepoUserName: "username",
+		RepoName:     "reponame",
+	}
+	setting.AppSubURL = "/suburl/"
+	assert.Equal(t, "/suburl/username/reponame", action.GetRepoLink())
+	setting.AppSubURL = ""
+	assert.Equal(t, "/username/reponame", action.GetRepoLink())
+}
+
+func TestNewRepoAction(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	repo := AssertExistsAndLoadBean(t, &Repository{OwnerID: user.ID}).(*Repository)
+	repo.Owner = user
+
+	actionBean := &Action{
+		OpType:       ActionCreateRepo,
+		ActUserID:    user.ID,
+		RepoID:       repo.ID,
+		ActUserName:  user.Name,
+		RepoName:     repo.Name,
+		RepoUserName: repo.Owner.Name,
+		IsPrivate:    repo.IsPrivate,
+	}
+
+	AssertNotExistsBean(t, actionBean)
+	assert.NoError(t, NewRepoAction(user, repo))
+	AssertExistsAndLoadBean(t, actionBean)
+	CheckConsistencyFor(t, &Action{})
+}
+
+func TestRenameRepoAction(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	repo := AssertExistsAndLoadBean(t, &Repository{OwnerID: user.ID}).(*Repository)
+	repo.Owner = user
+
+	oldRepoName := repo.Name
+	const newRepoName = "newRepoName"
+	repo.Name = newRepoName
+	repo.LowerName = strings.ToLower(newRepoName)
+
+	actionBean := &Action{
+		OpType:       ActionRenameRepo,
+		ActUserID:    user.ID,
+		ActUserName:  user.Name,
+		RepoID:       repo.ID,
+		RepoName:     repo.Name,
+		RepoUserName: repo.Owner.Name,
+		IsPrivate:    repo.IsPrivate,
+		Content:      oldRepoName,
+	}
+	AssertNotExistsBean(t, actionBean)
+	assert.NoError(t, RenameRepoAction(user, oldRepoName, repo))
+	AssertExistsAndLoadBean(t, actionBean)
+
+	_, err := x.Id(repo.ID).Cols("name", "lower_name").Update(repo)
+	assert.NoError(t, err)
+	CheckConsistencyFor(t, &Action{})
+}
+
+func TestPushCommits_ToAPIPayloadCommits(t *testing.T) {
+	pushCommits := NewPushCommits()
+	pushCommits.Commits = []*PushCommit{
+		{
+			Sha1:           "abcdef1",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user4@example.com",
+			AuthorName:     "User Four",
+			Message:        "message1",
+		},
+		{
+			Sha1:           "abcdef2",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user2@example.com",
+			AuthorName:     "User Two",
+			Message:        "message2",
+		},
+	}
+	pushCommits.Len = len(pushCommits.Commits)
+
+	payloadCommits := pushCommits.ToAPIPayloadCommits("/username/reponame")
+	assert.Len(t, payloadCommits, 2)
+	assert.Equal(t, "abcdef1", payloadCommits[0].ID)
+	assert.Equal(t, "message1", payloadCommits[0].Message)
+	assert.Equal(t, "/username/reponame/commit/abcdef1", payloadCommits[0].URL)
+	assert.Equal(t, "User Two", payloadCommits[0].Committer.Name)
+	assert.Equal(t, "user2", payloadCommits[0].Committer.UserName)
+	assert.Equal(t, "User Four", payloadCommits[0].Author.Name)
+	assert.Equal(t, "user4", payloadCommits[0].Author.UserName)
+
+	assert.Equal(t, "abcdef2", payloadCommits[1].ID)
+	assert.Equal(t, "message2", payloadCommits[1].Message)
+	assert.Equal(t, "/username/reponame/commit/abcdef2", payloadCommits[1].URL)
+	assert.Equal(t, "User Two", payloadCommits[1].Committer.Name)
+	assert.Equal(t, "user2", payloadCommits[1].Committer.UserName)
+	assert.Equal(t, "User Two", payloadCommits[1].Author.Name)
+	assert.Equal(t, "user2", payloadCommits[1].Author.UserName)
+}
+
+func TestPushCommits_AvatarLink(t *testing.T) {
+	pushCommits := NewPushCommits()
+	pushCommits.Commits = []*PushCommit{
+		{
+			Sha1:           "abcdef1",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user4@example.com",
+			AuthorName:     "User Four",
+			Message:        "message1",
+		},
+		{
+			Sha1:           "abcdef2",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user2@example.com",
+			AuthorName:     "User Two",
+			Message:        "message2",
+		},
+	}
+	pushCommits.Len = len(pushCommits.Commits)
+
+	assert.Equal(t,
+		"https://secure.gravatar.com/avatar/ab53a2911ddf9b4817ac01ddcd3d975f",
+		pushCommits.AvatarLink("user2@example.com"))
+
+	assert.Equal(t,
+		"https://secure.gravatar.com/avatar/19ade630b94e1e0535b3df7387434154",
+		pushCommits.AvatarLink("nonexistent@example.com"))
+}
+
+func TestUpdateIssuesCommit(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+	pushCommits := []*PushCommit{
+		{
+			Sha1:           "abcdef1",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user4@example.com",
+			AuthorName:     "User Four",
+			Message:        "start working on #1",
+		},
+		{
+			Sha1:           "abcdef2",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user2@example.com",
+			AuthorName:     "User Two",
+			Message:        "a plain message",
+		},
+		{
+			Sha1:           "abcdef2",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user2@example.com",
+			AuthorName:     "User Two",
+			Message:        "close #2",
+		},
+	}
+
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	repo := AssertExistsAndLoadBean(t, &Repository{ID: 1}).(*Repository)
+	repo.Owner = user
+
+	commentBean := &Comment{
+		Type:      CommentTypeCommitRef,
+		CommitSHA: "abcdef1",
+		PosterID:  user.ID,
+		IssueID:   1,
+	}
+	issueBean := &Issue{RepoID: repo.ID, Index: 2}
+
+	AssertNotExistsBean(t, commentBean)
+	AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 2}, "is_closed=1")
+	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits))
+	AssertExistsAndLoadBean(t, commentBean)
+	AssertExistsAndLoadBean(t, issueBean, "is_closed=1")
+	CheckConsistencyFor(t, &Action{})
+}
+
+func TestCommitRepoAction(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	repo := AssertExistsAndLoadBean(t, &Repository{ID: 2, OwnerID: user.ID}).(*Repository)
+	repo.Owner = user
+
+	pushCommits := NewPushCommits()
+	pushCommits.Commits = []*PushCommit{
+		{
+			Sha1:           "abcdef1",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user4@example.com",
+			AuthorName:     "User Four",
+			Message:        "message1",
+		},
+		{
+			Sha1:           "abcdef2",
+			CommitterEmail: "user2@example.com",
+			CommitterName:  "User Two",
+			AuthorEmail:    "user2@example.com",
+			AuthorName:     "User Two",
+			Message:        "message2",
+		},
+	}
+	pushCommits.Len = len(pushCommits.Commits)
+
+	actionBean := &Action{
+		OpType:      ActionCommitRepo,
+		ActUserID:   user.ID,
+		ActUserName: user.Name,
+		RepoID:      repo.ID,
+		RepoName:    repo.Name,
+		RefName:     "refName",
+		IsPrivate:   repo.IsPrivate,
+	}
+	AssertNotExistsBean(t, actionBean)
+	assert.NoError(t, CommitRepoAction(CommitRepoActionOptions{
+		PusherName:  user.Name,
+		RepoOwnerID: user.ID,
+		RepoName:    repo.Name,
+		RefFullName: "refName",
+		OldCommitID: "oldCommitID",
+		NewCommitID: "newCommitID",
+		Commits:     pushCommits,
+	}))
+	AssertExistsAndLoadBean(t, actionBean)
+	CheckConsistencyFor(t, &Action{})
+}
+
+func TestTransferRepoAction(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	user2 := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	user4 := AssertExistsAndLoadBean(t, &User{ID: 4}).(*User)
+	repo := AssertExistsAndLoadBean(t, &Repository{ID: 1, OwnerID: user2.ID}).(*Repository)
+
+	repo.OwnerID = user4.ID
+	repo.Owner = user4
+
+	actionBean := &Action{
+		OpType:       ActionTransferRepo,
+		ActUserID:    user2.ID,
+		ActUserName:  user2.Name,
+		RepoID:       repo.ID,
+		RepoName:     repo.Name,
+		RepoUserName: repo.Owner.Name,
+		IsPrivate:    repo.IsPrivate,
+	}
+	AssertNotExistsBean(t, actionBean)
+	assert.NoError(t, TransferRepoAction(user2, user2, repo))
+	AssertExistsAndLoadBean(t, actionBean)
+
+	_, err := x.Id(repo.ID).Cols("owner_id").Update(repo)
+	assert.NoError(t, err)
+	CheckConsistencyFor(t, &Action{})
+}
+
+func TestMergePullRequestAction(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+	repo := AssertExistsAndLoadBean(t, &Repository{ID: 1, OwnerID: user.ID}).(*Repository)
+	repo.Owner = user
+	issue := AssertExistsAndLoadBean(t, &Issue{ID: 3, RepoID: repo.ID}).(*Issue)
+
+	actionBean := &Action{
+		OpType:       ActionMergePullRequest,
+		ActUserID:    user.ID,
+		ActUserName:  user.Name,
+		RepoID:       repo.ID,
+		RepoName:     repo.Name,
+		RepoUserName: repo.Owner.Name,
+		IsPrivate:    repo.IsPrivate,
+	}
+	AssertNotExistsBean(t, actionBean)
+	assert.NoError(t, MergePullRequestAction(user, repo, issue))
+	AssertExistsAndLoadBean(t, actionBean)
+	CheckConsistencyFor(t, &Action{})
+}
+
+func TestGetFeeds(t *testing.T) {
+	// test with an individual user
+	assert.NoError(t, PrepareTestDatabase())
+	user := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
+
+	actions, err := GetFeeds(user, user.ID, 0, false)
+	assert.NoError(t, err)
+	assert.Len(t, actions, 1)
+	assert.Equal(t, int64(1), actions[0].ID)
+	assert.Equal(t, user.ID, actions[0].UserID)
+
+	actions, err = GetFeeds(user, user.ID, 0, true)
+	assert.NoError(t, err)
+	assert.Len(t, actions, 0)
+}
+
+func TestGetFeeds2(t *testing.T) {
+	// test with an organization user
+	assert.NoError(t, PrepareTestDatabase())
+	user := AssertExistsAndLoadBean(t, &User{ID: 3}).(*User)
+
+	actions, err := GetFeeds(user, user.ID, 0, false)
+	assert.NoError(t, err)
+	assert.Len(t, actions, 1)
+	assert.Equal(t, int64(2), actions[0].ID)
+	assert.Equal(t, user.ID, actions[0].UserID)
+
+	actions, err = GetFeeds(user, user.ID, 0, true)
+	assert.NoError(t, err)
+	assert.Len(t, actions, 0)
+}

models/admin.go

@@ -6,16 +6,13 @@ package models
 
 import (
 	"fmt"
-	"os"
-	"os/exec"
-	"strings"
 	"time"
 
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/util"
+
 	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
-
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
 )
 
 //NoticeType describes the notice type
@@ -32,7 +29,7 @@ type Notice struct {
 	Type        NoticeType
 	Description string    `xorm:"TEXT"`
 	Created     time.Time `xorm:"-"`
-	CreatedUnix int64
+	CreatedUnix int64     `xorm:"INDEX"`
 }
 
 // BeforeInsert is invoked from XORM before inserting an object of this type.
@@ -55,43 +52,34 @@ func (n *Notice) TrStr() string {
 
 // CreateNotice creates new system notice.
 func CreateNotice(tp NoticeType, desc string) error {
-	// prevent panic if database connection is not available at this point
-	if x == nil {
-		return fmt.Errorf("Could not save notice due database connection not being available: %d %s", tp, desc)
-	}
+	return createNotice(x, tp, desc)
+}
 
+func createNotice(e Engine, tp NoticeType, desc string) error {
 	n := &Notice{
 		Type:        tp,
 		Description: desc,
 	}
-	_, err := x.Insert(n)
+	_, err := e.Insert(n)
 	return err
 }
 
 // CreateRepositoryNotice creates new system notice with type NoticeRepository.
 func CreateRepositoryNotice(desc string) error {
-	return CreateNotice(NoticeRepository, desc)
+	return createNotice(x, NoticeRepository, desc)
 }
 
 // RemoveAllWithNotice removes all directories in given path and
 // creates a system notice when error occurs.
 func RemoveAllWithNotice(title, path string) {
-	var err error
-	// workaround for Go not being able to remove read-only files/folders: https://github.com/golang/go/issues/9606
-	// this bug should be fixed on Go 1.7, so the workaround should be removed when Gogs don't support Go 1.6 anymore:
-	// https://github.com/golang/go/commit/2ffb3e5d905b5622204d199128dec06cefd57790
-	if setting.IsWindows {
-		// converting "/" to "\" in path on Windows
-		path = strings.Replace(path, "/", "\\", -1)
-		err = exec.Command("cmd", "/C", "rmdir", "/S", "/Q", path).Run()
-	} else {
-		err = os.RemoveAll(path)
-	}
+	removeAllWithNotice(x, title, path)
+}
 
-	if err != nil {
+func removeAllWithNotice(e Engine, title, path string) {
+	if err := util.RemoveAll(path); err != nil {
 		desc := fmt.Sprintf("%s [%s]: %v", title, path, err)
 		log.Warn(desc)
-		if err = CreateRepositoryNotice(desc); err != nil {
+		if err = createNotice(e, NoticeRepository, desc); err != nil {
 			log.Error(4, "CreateRepositoryNotice: %v", err)
 		}
 	}
@@ -103,7 +91,7 @@ func CountNotices() int64 {
 	return count
 }
 
-// Notices returns number of notices in given page.
+// Notices returns notices in given page.
 func Notices(page, pageSize int) ([]*Notice, error) {
 	notices := make([]*Notice, 0, pageSize)
 	return notices, x.

models/admin_test.go

@@ -0,0 +1,111 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestNotice_TrStr(t *testing.T) {
+	notice := &Notice{
+		Type:        NoticeRepository,
+		Description: "test description",
+	}
+	assert.Equal(t, "admin.notices.type_1", notice.TrStr())
+}
+
+func TestCreateNotice(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	noticeBean := &Notice{
+		Type:        NoticeRepository,
+		Description: "test description",
+	}
+	AssertNotExistsBean(t, noticeBean)
+	assert.NoError(t, CreateNotice(noticeBean.Type, noticeBean.Description))
+	AssertExistsAndLoadBean(t, noticeBean)
+}
+
+func TestCreateRepositoryNotice(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	noticeBean := &Notice{
+		Type:        NoticeRepository,
+		Description: "test description",
+	}
+	AssertNotExistsBean(t, noticeBean)
+	assert.NoError(t, CreateRepositoryNotice(noticeBean.Description))
+	AssertExistsAndLoadBean(t, noticeBean)
+}
+
+// TODO TestRemoveAllWithNotice
+
+func TestCountNotices(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+	assert.Equal(t, int64(3), CountNotices())
+}
+
+func TestNotices(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	notices, err := Notices(1, 2)
+	assert.NoError(t, err)
+	assert.Len(t, notices, 2)
+	assert.Equal(t, int64(3), notices[0].ID)
+	assert.Equal(t, int64(2), notices[1].ID)
+
+	notices, err = Notices(2, 2)
+	assert.NoError(t, err)
+	assert.Len(t, notices, 1)
+	assert.Equal(t, int64(1), notices[0].ID)
+}
+
+func TestDeleteNotice(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	AssertExistsAndLoadBean(t, &Notice{ID: 3})
+	assert.NoError(t, DeleteNotice(3))
+	AssertNotExistsBean(t, &Notice{ID: 3})
+}
+
+func TestDeleteNotices(t *testing.T) {
+	// delete a non-empty range
+	assert.NoError(t, PrepareTestDatabase())
+
+	AssertExistsAndLoadBean(t, &Notice{ID: 1})
+	AssertExistsAndLoadBean(t, &Notice{ID: 2})
+	AssertExistsAndLoadBean(t, &Notice{ID: 3})
+	assert.NoError(t, DeleteNotices(1, 2))
+	AssertNotExistsBean(t, &Notice{ID: 1})
+	AssertNotExistsBean(t, &Notice{ID: 2})
+	AssertExistsAndLoadBean(t, &Notice{ID: 3})
+}
+
+func TestDeleteNotices2(t *testing.T) {
+	// delete an empty range
+	assert.NoError(t, PrepareTestDatabase())
+
+	AssertExistsAndLoadBean(t, &Notice{ID: 1})
+	AssertExistsAndLoadBean(t, &Notice{ID: 2})
+	AssertExistsAndLoadBean(t, &Notice{ID: 3})
+	assert.NoError(t, DeleteNotices(3, 2))
+	AssertExistsAndLoadBean(t, &Notice{ID: 1})
+	AssertExistsAndLoadBean(t, &Notice{ID: 2})
+	AssertExistsAndLoadBean(t, &Notice{ID: 3})
+}
+
+func TestDeleteNoticesByIDs(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	AssertExistsAndLoadBean(t, &Notice{ID: 1})
+	AssertExistsAndLoadBean(t, &Notice{ID: 2})
+	AssertExistsAndLoadBean(t, &Notice{ID: 3})
+	assert.NoError(t, DeleteNoticesByIDs([]int64{1, 3}))
+	AssertNotExistsBean(t, &Notice{ID: 1})
+	AssertExistsAndLoadBean(t, &Notice{ID: 2})
+	AssertNotExistsBean(t, &Notice{ID: 3})
+}

models/attachment.go

@@ -0,0 +1,188 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"fmt"
+	"io"
+	"mime/multipart"
+	"os"
+	"path"
+	"time"
+
+	"github.com/go-xorm/xorm"
+	gouuid "github.com/satori/go.uuid"
+
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// Attachment represent a attachment of issue/comment/release.
+type Attachment struct {
+	ID            int64  `xorm:"pk autoincr"`
+	UUID          string `xorm:"uuid UNIQUE"`
+	IssueID       int64  `xorm:"INDEX"`
+	ReleaseID     int64  `xorm:"INDEX"`
+	CommentID     int64
+	Name          string
+	DownloadCount int64     `xorm:"DEFAULT 0"`
+	Created       time.Time `xorm:"-"`
+	CreatedUnix   int64
+}
+
+// BeforeInsert is invoked from XORM before inserting an object of this type.
+func (a *Attachment) BeforeInsert() {
+	a.CreatedUnix = time.Now().Unix()
+}
+
+// AfterSet is invoked from XORM after setting the value of a field of
+// this object.
+func (a *Attachment) AfterSet(colName string, _ xorm.Cell) {
+	switch colName {
+	case "created_unix":
+		a.Created = time.Unix(a.CreatedUnix, 0).Local()
+	}
+}
+
+// IncreaseDownloadCount is update download count + 1
+func (a *Attachment) IncreaseDownloadCount() error {
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+
+	// Update download count.
+	if _, err := sess.Exec("UPDATE `attachment` SET download_count=download_count+1 WHERE id=?", a.ID); err != nil {
+		return fmt.Errorf("increase attachment count: %v", err)
+	}
+
+	return nil
+}
+
+// AttachmentLocalPath returns where attachment is stored in local file
+// system based on given UUID.
+func AttachmentLocalPath(uuid string) string {
+	return path.Join(setting.AttachmentPath, uuid[0:1], uuid[1:2], uuid)
+}
+
+// LocalPath returns where attachment is stored in local file system.
+func (a *Attachment) LocalPath() string {
+	return AttachmentLocalPath(a.UUID)
+}
+
+// NewAttachment creates a new attachment object.
+func NewAttachment(name string, buf []byte, file multipart.File) (_ *Attachment, err error) {
+	attach := &Attachment{
+		UUID: gouuid.NewV4().String(),
+		Name: name,
+	}
+
+	localPath := attach.LocalPath()
+	if err = os.MkdirAll(path.Dir(localPath), os.ModePerm); err != nil {
+		return nil, fmt.Errorf("MkdirAll: %v", err)
+	}
+
+	fw, err := os.Create(localPath)
+	if err != nil {
+		return nil, fmt.Errorf("Create: %v", err)
+	}
+	defer fw.Close()
+
+	if _, err = fw.Write(buf); err != nil {
+		return nil, fmt.Errorf("Write: %v", err)
+	} else if _, err = io.Copy(fw, file); err != nil {
+		return nil, fmt.Errorf("Copy: %v", err)
+	}
+
+	if _, err := x.Insert(attach); err != nil {
+		return nil, err
+	}
+
+	return attach, nil
+}
+
+func getAttachmentByUUID(e Engine, uuid string) (*Attachment, error) {
+	attach := &Attachment{UUID: uuid}
+	has, err := e.Get(attach)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrAttachmentNotExist{0, uuid}
+	}
+	return attach, nil
+}
+
+func getAttachmentsByUUIDs(e Engine, uuids []string) ([]*Attachment, error) {
+	if len(uuids) == 0 {
+		return []*Attachment{}, nil
+	}
+
+	// Silently drop invalid uuids.
+	attachments := make([]*Attachment, 0, len(uuids))
+	return attachments, e.In("uuid", uuids).Find(&attachments)
+}
+
+// GetAttachmentByUUID returns attachment by given UUID.
+func GetAttachmentByUUID(uuid string) (*Attachment, error) {
+	return getAttachmentByUUID(x, uuid)
+}
+
+func getAttachmentsByIssueID(e Engine, issueID int64) ([]*Attachment, error) {
+	attachments := make([]*Attachment, 0, 10)
+	return attachments, e.Where("issue_id = ? AND comment_id = 0", issueID).Find(&attachments)
+}
+
+// GetAttachmentsByIssueID returns all attachments of an issue.
+func GetAttachmentsByIssueID(issueID int64) ([]*Attachment, error) {
+	return getAttachmentsByIssueID(x, issueID)
+}
+
+// GetAttachmentsByCommentID returns all attachments if comment by given ID.
+func GetAttachmentsByCommentID(commentID int64) ([]*Attachment, error) {
+	attachments := make([]*Attachment, 0, 10)
+	return attachments, x.Where("comment_id=?", commentID).Find(&attachments)
+}
+
+// DeleteAttachment deletes the given attachment and optionally the associated file.
+func DeleteAttachment(a *Attachment, remove bool) error {
+	_, err := DeleteAttachments([]*Attachment{a}, remove)
+	return err
+}
+
+// DeleteAttachments deletes the given attachments and optionally the associated files.
+func DeleteAttachments(attachments []*Attachment, remove bool) (int, error) {
+	for i, a := range attachments {
+		if remove {
+			if err := os.Remove(a.LocalPath()); err != nil {
+				return i, err
+			}
+		}
+
+		if _, err := x.Delete(a); err != nil {
+			return i, err
+		}
+	}
+
+	return len(attachments), nil
+}
+
+// DeleteAttachmentsByIssue deletes all attachments associated with the given issue.
+func DeleteAttachmentsByIssue(issueID int64, remove bool) (int, error) {
+	attachments, err := GetAttachmentsByIssueID(issueID)
+
+	if err != nil {
+		return 0, err
+	}
+
+	return DeleteAttachments(attachments, remove)
+}
+
+// DeleteAttachmentsByComment deletes all attachments associated with the given comment.
+func DeleteAttachmentsByComment(commentID int64, remove bool) (int, error) {
+	attachments, err := GetAttachmentsByCommentID(commentID)
+
+	if err != nil {
+		return 0, err
+	}
+
+	return DeleteAttachments(attachments, remove)
+}

models/attachment_test.go

@@ -0,0 +1,60 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestIncreaseDownloadCount(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	attachment, err := GetAttachmentByUUID("1234567890")
+	assert.NoError(t, err)
+	assert.Equal(t, int64(0), attachment.DownloadCount)
+
+	// increase download count
+	err = attachment.IncreaseDownloadCount()
+	assert.NoError(t, err)
+
+	attachment, err = GetAttachmentByUUID("1234567890")
+	assert.NoError(t, err)
+	assert.Equal(t, int64(1), attachment.DownloadCount)
+}
+
+func TestGetByCommentOrIssueID(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	// count of attachments from issue ID
+	attachments, err := GetAttachmentsByIssueID(1)
+	assert.NoError(t, err)
+	assert.Equal(t, 2, len(attachments))
+
+	attachments, err = GetAttachmentsByCommentID(1)
+	assert.NoError(t, err)
+	assert.Equal(t, 2, len(attachments))
+}
+
+func TestDeleteAttachments(t *testing.T) {
+	assert.NoError(t, PrepareTestDatabase())
+
+	count, err := DeleteAttachmentsByIssue(4, false)
+	assert.NoError(t, err)
+	assert.Equal(t, 1, count)
+
+	count, err = DeleteAttachmentsByComment(2, false)
+	assert.NoError(t, err)
+	assert.Equal(t, 2, count)
+
+	err = DeleteAttachment(&Attachment{ID: 8}, false)
+	assert.NoError(t, err)
+
+	attachment, err := GetAttachmentByUUID("test-12345")
+	assert.Error(t, err)
+	assert.True(t, IsErrAttachmentNotExist(err))
+	assert.Nil(t, attachment)
+}

models/branches.go

@@ -0,0 +1,156 @@
+// Copyright 2016 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"fmt"
+	"strings"
+	"time"
+)
+
+const (
+	// ProtectedBranchRepoID protected Repo ID
+	ProtectedBranchRepoID = "GITEA_REPO_ID"
+)
+
+// ProtectedBranch struct
+type ProtectedBranch struct {
+	ID          int64  `xorm:"pk autoincr"`
+	RepoID      int64  `xorm:"UNIQUE(s)"`
+	BranchName  string `xorm:"UNIQUE(s)"`
+	CanPush     bool
+	Created     time.Time `xorm:"-"`
+	CreatedUnix int64
+	Updated     time.Time `xorm:"-"`
+	UpdatedUnix int64
+}
+
+// BeforeInsert before protected branch insert create and update time
+func (protectBranch *ProtectedBranch) BeforeInsert() {
+	protectBranch.CreatedUnix = time.Now().Unix()
+	protectBranch.UpdatedUnix = protectBranch.CreatedUnix
+}
+
+// BeforeUpdate before protected branch update time
+func (protectBranch *ProtectedBranch) BeforeUpdate() {
+	protectBranch.UpdatedUnix = time.Now().Unix()
+}
+
+// GetProtectedBranchByRepoID getting protected branch by repo ID
+func GetProtectedBranchByRepoID(RepoID int64) ([]*ProtectedBranch, error) {
+	protectedBranches := make([]*ProtectedBranch, 0)
+	return protectedBranches, x.Where("repo_id = ?", RepoID).Desc("updated_unix").Find(&protectedBranches)
+}
+
+// GetProtectedBranchBy getting protected branch by ID/Name
+func GetProtectedBranchBy(repoID int64, BranchName string) (*ProtectedBranch, error) {
+	rel := &ProtectedBranch{RepoID: repoID, BranchName: strings.ToLower(BranchName)}
+	has, err := x.Get(rel)
+	if err != nil {
+		return nil, err
+	}
+	if !has {
+		return nil, nil
+	}
+	return rel, nil
+}
+
+// GetProtectedBranches get all protected branches
+func (repo *Repository) GetProtectedBranches() ([]*ProtectedBranch, error) {
+	protectedBranches := make([]*ProtectedBranch, 0)
+	return protectedBranches, x.Find(&protectedBranches, &ProtectedBranch{RepoID: repo.ID})
+}
+
+// AddProtectedBranch add protection to branch
+func (repo *Repository) AddProtectedBranch(branchName string, canPush bool) error {
+	protectedBranch := &ProtectedBranch{
+		RepoID:     repo.ID,
+		BranchName: branchName,
+	}
+
+	has, err := x.Get(protectedBranch)
+	if err != nil {
+		return err
+	} else if has {
+		return nil
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+	protectedBranch.CanPush = canPush
+	if _, err = sess.InsertOne(protectedBranch); err != nil {
+		return err
+	}
+
+	return sess.Commit()
+}
+
+// ChangeProtectedBranch access mode sets new access mode for the ProtectedBranch.
+func (repo *Repository) ChangeProtectedBranch(id int64, canPush bool) error {
+	ProtectedBranch := &ProtectedBranch{
+		RepoID: repo.ID,
+		ID:     id,
+	}
+	has, err := x.Get(ProtectedBranch)
+	if err != nil {
+		return fmt.Errorf("get ProtectedBranch: %v", err)
+	} else if !has {
+		return nil
+	}
+
+	if ProtectedBranch.CanPush == canPush {
+		return nil
+	}
+	ProtectedBranch.CanPush = canPush
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if _, err = sess.Id(ProtectedBranch.ID).AllCols().Update(ProtectedBranch); err != nil {
+		return fmt.Errorf("update ProtectedBranch: %v", err)
+	}
+
+	return sess.Commit()
+}
+
+// DeleteProtectedBranch removes ProtectedBranch relation between the user and repository.
+func (repo *Repository) DeleteProtectedBranch(id int64) (err error) {
+	protectedBranch := &ProtectedBranch{
+		RepoID: repo.ID,
+		ID:     id,
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if affected, err := sess.Delete(protectedBranch); err != nil {
+		return err
+	} else if affected != 1 {
+		return fmt.Errorf("delete protected branch ID(%v) failed", id)
+	}
+
+	return sess.Commit()
+}
+
+// newProtectedBranch insert one queue
+func newProtectedBranch(protectedBranch *ProtectedBranch) error {
+	_, err := x.InsertOne(protectedBranch)
+	return err
+}
+
+// UpdateProtectedBranch update queue
+func UpdateProtectedBranch(protectedBranch *ProtectedBranch) error {
+	_, err := x.Update(protectedBranch)
+	return err
+}

models/consistency_test.go

@@ -0,0 +1,172 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"reflect"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// ConsistencyCheckable a type that can be tested for database consistency
+type ConsistencyCheckable interface {
+	CheckForConsistency(t *testing.T)
+}
+
+// CheckConsistencyForAll test that the entire database is consistent
+func CheckConsistencyForAll(t *testing.T) {
+	CheckConsistencyFor(t,
+		&User{},
+		&Repository{},
+		&Issue{},
+		&PullRequest{},
+		&Milestone{},
+		&Label{},
+		&Team{},
+		&Action{})
+}
+
+// CheckConsistencyFor test that all matching database entries are consistent
+func CheckConsistencyFor(t *testing.T, beansToCheck ...interface{}) {
+	for _, bean := range beansToCheck {
+		sliceType := reflect.SliceOf(reflect.TypeOf(bean))
+		sliceValue := reflect.MakeSlice(sliceType, 0, 10)
+
+		ptrToSliceValue := reflect.New(sliceType)
+		ptrToSliceValue.Elem().Set(sliceValue)
+
+		assert.NoError(t, x.Where(bean).Find(ptrToSliceValue.Interface()))
+		sliceValue = ptrToSliceValue.Elem()
+
+		for i := 0; i < sliceValue.Len(); i++ {
+			entity := sliceValue.Index(i).Interface()
+			checkable, ok := entity.(ConsistencyCheckable)
+			if !ok {
+				t.Errorf("Expected %+v (of type %T) to be checkable for consistency",
+					entity, entity)
+			} else {
+				checkable.CheckForConsistency(t)
+			}
+		}
+	}
+}
+
+// getCount get the count of database entries matching bean
+func getCount(t *testing.T, e Engine, bean interface{}) int64 {
+	count, err := e.Count(bean)
+	assert.NoError(t, err)
+	return count
+}
+
+// assertCount test the count of database entries matching bean
+func assertCount(t *testing.T, bean interface{}, expected int) {
+	assert.EqualValues(t, expected, getCount(t, x, bean),
+		"Failed consistency test, the counted bean (of type %T) was %+v", bean, bean)
+}
+
+func (user *User) CheckForConsistency(t *testing.T) {
+	assertCount(t, &Repository{OwnerID: user.ID}, user.NumRepos)
+	assertCount(t, &Star{UID: user.ID}, user.NumStars)
+	assertCount(t, &OrgUser{OrgID: user.ID}, user.NumMembers)
+	assertCount(t, &Team{OrgID: user.ID}, user.NumTeams)
+	assertCount(t, &Follow{UserID: user.ID}, user.NumFollowing)
+	assertCount(t, &Follow{FollowID: user.ID}, user.NumFollowers)
+	if user.Type != UserTypeOrganization {
+		assert.EqualValues(t, 0, user.NumMembers)
+		assert.EqualValues(t, 0, user.NumTeams)
+	}
+}
+
+func (repo *Repository) CheckForConsistency(t *testing.T) {
+	assert.Equal(t, repo.LowerName, strings.ToLower(repo.Name), "repo: %+v", repo)
+	assertCount(t, &Star{RepoID: repo.ID}, repo.NumStars)
+	assertCount(t, &Watch{RepoID: repo.ID}, repo.NumWatches)
+	assertCount(t, &Milestone{RepoID: repo.ID}, repo.NumMilestones)
+	assertCount(t, &Repository{ForkID: repo.ID}, repo.NumForks)
+	if repo.IsFork {
+		AssertExistsAndLoadBean(t, &Repository{ID: repo.ForkID})
+	}
+
+	actual := getCount(t, x.Where("is_pull=?", false), &Issue{RepoID: repo.ID})
+	assert.EqualValues(t, repo.NumIssues, actual,
+		"Unexpected number of issues for repo %+v", repo)
+
+	actual = getCount(t, x.Where("is_pull=? AND is_closed=?", false, true), &Issue{RepoID: repo.ID})
+	assert.EqualValues(t, repo.NumClosedIssues, actual,
+		"Unexpected number of closed issues for repo %+v", repo)
+
+	actual = getCount(t, x.Where("is_pull=?", true), &Issue{RepoID: repo.ID})
+	assert.EqualValues(t, repo.NumPulls, actual,
+		"Unexpected number of pulls for repo %+v", repo)
+
+	actual = getCount(t, x.Where("is_pull=? AND is_closed=?", true, true), &Issue{RepoID: repo.ID})
+	assert.EqualValues(t, repo.NumClosedPulls, actual,
+		"Unexpected number of closed pulls for repo %+v", repo)
+
+	actual = getCount(t, x.Where("is_closed=?", true), &Milestone{RepoID: repo.ID})
+	assert.EqualValues(t, repo.NumClosedMilestones, actual,
+		"Unexpected number of closed milestones for repo %+v", repo)
+}
+
+func (issue *Issue) CheckForConsistency(t *testing.T) {
+	actual := getCount(t, x.Where("type=?", CommentTypeComment), &Comment{IssueID: issue.ID})
+	assert.EqualValues(t, issue.NumComments, actual,
+		"Unexpected number of comments for issue %+v", issue)
+	if issue.IsPull {
+		pr := AssertExistsAndLoadBean(t, &PullRequest{IssueID: issue.ID}).(*PullRequest)
+		assert.EqualValues(t, pr.Index, issue.Index)
+	}
+}
+
+func (pr *PullRequest) CheckForConsistency(t *testing.T) {
+	issue := AssertExistsAndLoadBean(t, &Issue{ID: pr.IssueID}).(*Issue)
+	assert.True(t, issue.IsPull)
+	assert.EqualValues(t, issue.Index, pr.Index)
+}
+
+func (milestone *Milestone) CheckForConsistency(t *testing.T) {
+	assertCount(t, &Issue{MilestoneID: milestone.ID}, milestone.NumIssues)
+
+	actual := getCount(t, x.Where("is_closed=?", true), &Issue{MilestoneID: milestone.ID})
+	assert.EqualValues(t, milestone.NumClosedIssues, actual,
+		"Unexpected number of closed issues for milestone %+v", milestone)
+}
+
+func (label *Label) CheckForConsistency(t *testing.T) {
+	issueLabels := make([]*IssueLabel, 0, 10)
+	assert.NoError(t, x.Find(&issueLabels, &IssueLabel{LabelID: label.ID}))
+	assert.EqualValues(t, label.NumIssues, len(issueLabels),
+		"Unexpected number of issue for label %+v", label)
+
+	issueIDs := make([]int64, len(issueLabels))
+	for i, issueLabel := range issueLabels {
+		issueIDs[i] = issueLabel.IssueID
+	}
+
+	expected := int64(0)
+	if len(issueIDs) > 0 {
+		expected = getCount(t, x.In("id", issueIDs).Where("is_closed=?", true), &Issue{})
+	}
+	assert.EqualValues(t, expected, label.NumClosedIssues,
+		"Unexpected number of closed issues for label %+v", label)
+}
+
+func (team *Team) CheckForConsistency(t *testing.T) {
+	assertCount(t, &TeamUser{TeamID: team.ID}, team.NumMembers)
+	assertCount(t, &TeamRepo{TeamID: team.ID}, team.NumRepos)
+}
+
+func (action *Action) CheckForConsistency(t *testing.T) {
+	repo := AssertExistsAndLoadBean(t, &Repository{ID: action.RepoID}).(*Repository)
+	owner := AssertExistsAndLoadBean(t, &User{ID: repo.OwnerID}).(*User)
+	actor := AssertExistsAndLoadBean(t, &User{ID: action.ActUserID}).(*User)
+
+	assert.Equal(t, repo.Name, action.RepoName, "action: %+v", action)
+	assert.Equal(t, repo.IsPrivate, action.IsPrivate, "action: %+v", action)
+	assert.Equal(t, owner.Name, action.RepoUserName, "action: %+v", action)
+	assert.Equal(t, actor.Name, action.ActUserName, "action: %+v", action)
+}

models/error.go

@@ -93,6 +93,21 @@ func (err ErrEmailAlreadyUsed) Error() string {
 	return fmt.Sprintf("e-mail has been used [email: %s]", err.Email)
 }
 
+// ErrOpenIDAlreadyUsed represents a "OpenIDAlreadyUsed" kind of error.
+type ErrOpenIDAlreadyUsed struct {
+	OpenID string
+}
+
+// IsErrOpenIDAlreadyUsed checks if an error is a ErrOpenIDAlreadyUsed.
+func IsErrOpenIDAlreadyUsed(err error) bool {
+	_, ok := err.(ErrOpenIDAlreadyUsed)
+	return ok
+}
+
+func (err ErrOpenIDAlreadyUsed) Error() string {
+	return fmt.Sprintf("OpenID has been used [oid: %s]", err.OpenID)
+}
+
 // ErrUserOwnRepos represents a "UserOwnRepos" kind of error.
 type ErrUserOwnRepos struct {
 	UID int64
@@ -123,6 +138,20 @@ func (err ErrUserHasOrgs) Error() string {
 	return fmt.Sprintf("user still has membership of organizations [uid: %d]", err.UID)
 }
 
+// ErrUserNotAllowedCreateOrg represents a "UserNotAllowedCreateOrg" kind of error.
+type ErrUserNotAllowedCreateOrg struct {
+}
+
+// IsErrUserNotAllowedCreateOrg checks if an error is an ErrUserNotAllowedCreateOrg.
+func IsErrUserNotAllowedCreateOrg(err error) bool {
+	_, ok := err.(ErrUserNotAllowedCreateOrg)
+	return ok
+}
+
+func (err ErrUserNotAllowedCreateOrg) Error() string {
+	return fmt.Sprintf("user is not allowed to create organizations")
+}
+
 // ErrReachLimitOfRepo represents a "ReachLimitOfRepo" kind of error.
 type ErrReachLimitOfRepo struct {
 	Limit int
@@ -199,8 +228,9 @@ func (err ErrKeyNotExist) Error() string {
 
 // ErrKeyAlreadyExist represents a "KeyAlreadyExist" kind of error.
 type ErrKeyAlreadyExist struct {
-	OwnerID int64
-	Content string
+	OwnerID     int64
+	Fingerprint string
+	Content     string
 }
 
 // IsErrKeyAlreadyExist checks if an error is a ErrKeyAlreadyExist.
@@ -210,7 +240,8 @@ func IsErrKeyAlreadyExist(err error) bool {
 }
 
 func (err ErrKeyAlreadyExist) Error() string {
-	return fmt.Sprintf("public key already exists [owner_id: %d, content: %s]", err.OwnerID, err.Content)
+	return fmt.Sprintf("public key already exists [owner_id: %d, finter_print: %s, content: %s]",
+		err.OwnerID, err.Fingerprint, err.Content)
 }
 
 // ErrKeyNameAlreadyUsed represents a "KeyNameAlreadyUsed" kind of error.
@@ -229,6 +260,84 @@ func (err ErrKeyNameAlreadyUsed) Error() string {
 	return fmt.Sprintf("public key already exists [owner_id: %d, name: %s]", err.OwnerID, err.Name)
 }
 
+// ErrGPGEmailNotFound represents a "ErrGPGEmailNotFound" kind of error.
+type ErrGPGEmailNotFound struct {
+	Email string
+}
+
+// IsErrGPGEmailNotFound checks if an error is a ErrGPGEmailNotFound.
+func IsErrGPGEmailNotFound(err error) bool {
+	_, ok := err.(ErrGPGEmailNotFound)
+	return ok
+}
+
+func (err ErrGPGEmailNotFound) Error() string {
+	return fmt.Sprintf("failed to found email or is not confirmed : %s", err.Email)
+}
+
+// ErrGPGKeyParsing represents a "ErrGPGKeyParsing" kind of error.
+type ErrGPGKeyParsing struct {
+	ParseError error
+}
+
+// IsErrGPGKeyParsing checks if an error is a ErrGPGKeyParsing.
+func IsErrGPGKeyParsing(err error) bool {
+	_, ok := err.(ErrGPGKeyParsing)
+	return ok
+}
+
+func (err ErrGPGKeyParsing) Error() string {
+	return fmt.Sprintf("failed to parse gpg key %s", err.ParseError.Error())
+}
+
+// ErrGPGKeyNotExist represents a "GPGKeyNotExist" kind of error.
+type ErrGPGKeyNotExist struct {
+	ID int64
+}
+
+// IsErrGPGKeyNotExist checks if an error is a ErrGPGKeyNotExist.
+func IsErrGPGKeyNotExist(err error) bool {
+	_, ok := err.(ErrGPGKeyNotExist)
+	return ok
+}
+
+func (err ErrGPGKeyNotExist) Error() string {
+	return fmt.Sprintf("public gpg key does not exist [id: %d]", err.ID)
+}
+
+// ErrGPGKeyIDAlreadyUsed represents a "GPGKeyIDAlreadyUsed" kind of error.
+type ErrGPGKeyIDAlreadyUsed struct {
+	KeyID string
+}
+
+// IsErrGPGKeyIDAlreadyUsed checks if an error is a ErrKeyNameAlreadyUsed.
+func IsErrGPGKeyIDAlreadyUsed(err error) bool {
+	_, ok := err.(ErrGPGKeyIDAlreadyUsed)
+	return ok
+}
+
+func (err ErrGPGKeyIDAlreadyUsed) Error() string {
+	return fmt.Sprintf("public key already exists [key_id: %s]", err.KeyID)
+}
+
+// ErrGPGKeyAccessDenied represents a "GPGKeyAccessDenied" kind of Error.
+type ErrGPGKeyAccessDenied struct {
+	UserID int64
+	KeyID  int64
+}
+
+// IsErrGPGKeyAccessDenied checks if an error is a ErrGPGKeyAccessDenied.
+func IsErrGPGKeyAccessDenied(err error) bool {
+	_, ok := err.(ErrGPGKeyAccessDenied)
+	return ok
+}
+
+// Error pretty-prints an error of type ErrGPGKeyAccessDenied.
+func (err ErrGPGKeyAccessDenied) Error() string {
+	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d]",
+		err.UserID, err.KeyID)
+}
+
 // ErrKeyAccessDenied represents a "KeyAccessDenied" kind of error.
 type ErrKeyAccessDenied struct {
 	UserID int64
@@ -394,6 +503,22 @@ func (err ErrRepoAlreadyExist) Error() string {
 	return fmt.Sprintf("repository already exists [uname: %s, name: %s]", err.Uname, err.Name)
 }
 
+// ErrRepoRedirectNotExist represents a "RepoRedirectNotExist" kind of error.
+type ErrRepoRedirectNotExist struct {
+	OwnerID  int64
+	RepoName string
+}
+
+// IsErrRepoRedirectNotExist check if an error is an ErrRepoRedirectNotExist
+func IsErrRepoRedirectNotExist(err error) bool {
+	_, ok := err.(ErrRepoRedirectNotExist)
+	return ok
+}
+
+func (err ErrRepoRedirectNotExist) Error() string {
+	return fmt.Sprintf("repository redirect does not exist [uid: %d, name: %s]", err.OwnerID, err.RepoName)
+}
+
 // ErrInvalidCloneAddr represents a "InvalidCloneAddr" kind of error.
 type ErrInvalidCloneAddr struct {
 	IsURLError         bool
@@ -569,7 +694,7 @@ type ErrPullRequestNotExist struct {
 	IssueID    int64
 	HeadRepoID int64
 	BaseRepoID int64
-	HeadBarcnh string
+	HeadBranch string
 	BaseBranch string
 }
 
@@ -581,7 +706,7 @@ func IsErrPullRequestNotExist(err error) bool {
 
 func (err ErrPullRequestNotExist) Error() string {
 	return fmt.Sprintf("pull request does not exist [id: %d, issue_id: %d, head_repo_id: %d, base_repo_id: %d, head_branch: %s, base_branch: %s]",
-		err.ID, err.IssueID, err.HeadRepoID, err.BaseRepoID, err.HeadBarcnh, err.BaseBranch)
+		err.ID, err.IssueID, err.HeadRepoID, err.BaseRepoID, err.HeadBranch, err.BaseBranch)
 }
 
 // ErrPullRequestAlreadyExists represents a "PullRequestAlreadyExists"-error
@@ -773,6 +898,25 @@ func (err ErrTeamAlreadyExist) Error() string {
 	return fmt.Sprintf("team already exists [org_id: %d, name: %s]", err.OrgID, err.Name)
 }
 
+//
+// Two-factor authentication
+//
+
+// ErrTwoFactorNotEnrolled indicates that a user is not enrolled in two-factor authentication.
+type ErrTwoFactorNotEnrolled struct {
+	UID int64
+}
+
+// IsErrTwoFactorNotEnrolled checks if an error is a ErrTwoFactorNotEnrolled.
+func IsErrTwoFactorNotEnrolled(err error) bool {
+	_, ok := err.(ErrTwoFactorNotEnrolled)
+	return ok
+}
+
+func (err ErrTwoFactorNotEnrolled) Error() string {
+	return fmt.Sprintf("user not enrolled in 2FA [uid: %d]", err.UID)
+}
+
 //  ____ ___        .__                    .___
 // |    |   \______ |  |   _________     __| _/
 // |    |   /\____ \|  |  /  _ \__  \   / __ |
@@ -796,3 +940,43 @@ func IsErrUploadNotExist(err error) bool {
 func (err ErrUploadNotExist) Error() string {
 	return fmt.Sprintf("attachment does not exist [id: %d, uuid: %s]", err.ID, err.UUID)
 }
+
+//  ___________         __                             .__    .____                 .__          ____ ___
+//  \_   _____/__  ____/  |_  ___________  ____ _____  |  |   |    |    ____   ____ |__| ____   |    |   \______ ___________
+//   |    __)_\  \/  /\   __\/ __ \_  __ \/    \\__  \ |  |   |    |   /  _ \ / ___\|  |/    \  |    |   /  ___// __ \_  __ \
+//   |        \>    <  |  | \  ___/|  | \/   |  \/ __ \|  |__ |    |__(  <_> ) /_/  >  |   |  \ |    |  /\___ \\  ___/|  | \/
+//  /_______  /__/\_ \ |__|  \___  >__|  |___|  (____  /____/ |_______ \____/\___  /|__|___|  / |______//____  >\___  >__|
+//          \/      \/           \/           \/     \/               \/    /_____/         \/               \/     \/
+
+// ErrExternalLoginUserAlreadyExist represents a "ExternalLoginUserAlreadyExist" kind of error.
+type ErrExternalLoginUserAlreadyExist struct {
+	ExternalID    string
+	UserID        int64
+	LoginSourceID int64
+}
+
+// IsErrExternalLoginUserAlreadyExist checks if an error is a ExternalLoginUserAlreadyExist.
+func IsErrExternalLoginUserAlreadyExist(err error) bool {
+	_, ok := err.(ErrExternalLoginUserAlreadyExist)
+	return ok
+}
+
+func (err ErrExternalLoginUserAlreadyExist) Error() string {
+	return fmt.Sprintf("external login user already exists [externalID: %s, userID: %d, loginSourceID: %d]", err.ExternalID, err.UserID, err.LoginSourceID)
+}
+
+// ErrExternalLoginUserNotExist represents a "ExternalLoginUserNotExist" kind of error.
+type ErrExternalLoginUserNotExist struct {
+	UserID        int64
+	LoginSourceID int64
+}
+
+// IsErrExternalLoginUserNotExist checks if an error is a ExternalLoginUserNotExist.
+func IsErrExternalLoginUserNotExist(err error) bool {
+	_, ok := err.(ErrExternalLoginUserNotExist)
+	return ok
+}
+
+func (err ErrExternalLoginUserNotExist) Error() string {
+	return fmt.Sprintf("external login user link does not exists [userID: %d, loginSourceID: %d]", err.UserID, err.LoginSourceID)
+}

models/external_login_user.go

@@ -0,0 +1,74 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import "github.com/markbates/goth"
+
+// ExternalLoginUser makes the connecting between some existing user and additional external login sources
+type ExternalLoginUser struct {
+	ExternalID    string `xorm:"NOT NULL"`
+	UserID        int64  `xorm:"NOT NULL"`
+	LoginSourceID int64  `xorm:"NOT NULL"`
+}
+
+// GetExternalLogin checks if a externalID in loginSourceID scope already exists
+func GetExternalLogin(externalLoginUser *ExternalLoginUser) (bool, error) {
+	return x.Get(externalLoginUser)
+}
+
+// ListAccountLinks returns a map with the ExternalLoginUser and its LoginSource
+func ListAccountLinks(user *User) ([]*ExternalLoginUser, error) {
+	externalAccounts := make([]*ExternalLoginUser, 0, 5)
+	err := x.Where("user_id=?", user.ID).
+		Desc("login_source_id").
+		Find(&externalAccounts)
+
+	if err != nil {
+		return nil, err
+	}
+
+	return externalAccounts, nil
+}
+
+// LinkAccountToUser link the gothUser to the user
+func LinkAccountToUser(user *User, gothUser goth.User) error {
+	loginSource, err := GetActiveOAuth2LoginSourceByName(gothUser.Provider)
+	if err != nil {
+		return err
+	}
+
+	externalLoginUser := &ExternalLoginUser{
+		ExternalID:    gothUser.UserID,
+		UserID:        user.ID,
+		LoginSourceID: loginSource.ID,
+	}
+	has, err := x.Get(externalLoginUser)
+	if err != nil {
+		return err
+	} else if has {
+		return ErrExternalLoginUserAlreadyExist{gothUser.UserID, user.ID, loginSource.ID}
+	}
+
+	_, err = x.Insert(externalLoginUser)
+	return err
+}
+
+// RemoveAccountLink will remove all external login sources for the given user
+func RemoveAccountLink(user *User, loginSourceID int64) (int64, error) {
+	deleted, err := x.Delete(&ExternalLoginUser{UserID: user.ID, LoginSourceID: loginSourceID})
+	if err != nil {
+		return deleted, err
+	}
+	if deleted < 1 {
+		return deleted, ErrExternalLoginUserNotExist{user.ID, loginSourceID}
+	}
+	return deleted, err
+}
+
+// removeAllAccountLinks will remove all external login sources for the given user
+func removeAllAccountLinks(e Engine, user *User) error {
+	_, err := e.Delete(&ExternalLoginUser{UserID: user.ID})
+	return err
+}

models/fixtures/access.yml

@@ -0,0 +1,11 @@
+-
+  id: 1
+  user_id: 2
+  repo_id: 3
+  mode: 2 # write
+
+-
+  id: 2
+  user_id: 4
+  repo_id: 4
+  mode: 2 # write

models/fixtures/access_token.yml

@@ -0,0 +1,23 @@
+-
+  id: 1
+  uid: 1
+  name: Token A
+  sha1: hash1
+  created_unix: 946687980
+  updated_unix: 946687980
+
+-
+  id: 2
+  uid: 1
+  name: Token B
+  sha1: hash2
+  created_unix: 946687980
+  updated_unix: 946687980
+
+-
+  id: 3
+  uid: 2
+  name: Token A
+  sha1: hash3
+  created_unix: 946687980
+  updated_unix: 946687980

models/fixtures/action.yml

@@ -0,0 +1,33 @@
+-
+  id: 1
+  user_id: 2
+  op_type: 12 # close issue
+  act_user_id: 2
+  act_user_name: user2
+  repo_id: 2
+  repo_user_name: user2
+  repo_name: repo2
+  is_private: true
+
+-
+  id: 2
+  user_id: 3
+  op_type: 2 # rename repo
+  act_user_id: 3
+  act_user_name: user3
+  repo_id: 3
+  repo_user_name: user3
+  repo_name: repo3
+  is_private: true
+  content: oldRepoName
+
+-
+  id: 3
+  user_id: 11
+  op_type: 1 # create repo
+  act_user_id: 11
+  act_user_name: user11
+  repo_id: 9
+  repo_user_name: user11
+  repo_name: repo9
+  is_private: false

models/fixtures/attachment.yml

@@ -0,0 +1,71 @@
+-
+  id: 1
+  uuid: 1234567890
+  issue_id: 1
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  created_unix: 946684800
+
+-
+  id: 2
+  uuid: 1122334455
+  issue_id: 1
+  comment_id: 0
+  name: attach2
+  download_count: 1
+  created_unix: 946684800
+
+-
+  id: 3
+  uuid: comment-id-1
+  issue_id: 2
+  comment_id: 1
+  name: attach1
+  download_count: 0
+  created_unix: 946684800
+
+-
+  id: 4
+  uuid: comment-id-2
+  issue_id: 3
+  comment_id: 1
+  name: attach2
+  download_count: 1
+  created_unix: 946684800
+
+-
+  id: 5
+  uuid: comment-id-3
+  issue_id: 4
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  created_unix: 946684800
+
+-
+  id: 6
+  uuid: comment-id-4
+  issue_id: 5
+  comment_id: 2
+  name: attach1
+  download_count: 0
+  created_unix: 946684800
+
+-
+  id: 7
+  uuid: comment-id-5
+  issue_id: 5
+  comment_id: 2
+  name: attach1
+  download_count: 0
+  created_unix: 946684800
+
+-
+  id: 8
+  uuid: test-12345
+  issue_id: 6
+  comment_id: 0
+  name: attach1
+  download_count: 0
+  created_unix: 946684800

models/fixtures/collaboration.yml

@@ -0,0 +1,11 @@
+-
+  id: 1
+  repo_id: 3
+  user_id: 2
+  mode: 2 # write
+
+-
+  id: 2
+  repo_id: 4
+  user_id: 4
+  mode: 2 # write

models/fixtures/comment.yml

@@ -0,0 +1,19 @@
+-
+  id: 1
+  type: 7 # label
+  poster_id: 2
+  issue_id: 1 # in repo_id 1
+  label_id: 1
+  content: "1"
+-
+  id: 2
+  type: 0 # comment
+  poster_id: 3 # user not watching (see watch.yml)
+  issue_id: 1 # in repo_id 1
+  content: "good work!"
+-
+  id: 3
+  type: 0 # comment
+  poster_id: 5 # user not watching (see watch.yml)
+  issue_id: 1 # in repo_id 1
+  content: "meh..."

models/fixtures/commit_status.yml

@@ -0,0 +1,54 @@
+-
+  id: 1
+  index: 1
+  repo_id: 1
+  state: "pending"
+  sha: "1234123412341234123412341234123412341234"
+  target_url: https://example.com/builds/
+  description: My awesome CI-service
+  context: ci/awesomeness
+  creator_id: 2
+
+-
+  id: 2
+  index: 2
+  repo_id: 1
+  state: "warning"
+  sha: "1234123412341234123412341234123412341234"
+  target_url: https://example.com/converage/
+  description: My awesome Coverage service
+  context: cov/awesomeness
+  creator_id: 2
+
+-
+  id: 3
+  index: 3
+  repo_id: 1
+  state: "success"
+  sha: "1234123412341234123412341234123412341234"
+  target_url: https://example.com/converage/
+  description: My awesome Coverage service
+  context: cov/awesomeness
+  creator_id: 2
+
+-
+  id: 4
+  index: 4
+  repo_id: 1
+  state: "failure"
+  sha: "1234123412341234123412341234123412341234"
+  target_url: https://example.com/builds/
+  description: My awesome CI-service
+  context: ci/awesomeness
+  creator_id: 2
+
+-
+  id: 5
+  index: 5
+  repo_id: 1
+  state: "error"
+  sha: "1234123412341234123412341234123412341234"
+  target_url: https://example.com/builds/
+  description: My awesome deploy service
+  context: deploy/awesomeness
+  creator_id: 2

models/fixtures/email_address.yml

@@ -0,0 +1,35 @@
+-
+  id: 1
+  uid: 1
+  email: user11@example.com
+  is_activated: false
+
+-
+  id: 2
+  uid: 1
+  email: user12@example.com
+  is_activated: false
+
+-
+  id: 3
+  uid: 2
+  email: user2@example.com
+  is_activated: true
+
+-
+  id: 4
+  uid: 2
+  email: user21@example.com
+  is_activated: false
+
+-
+  id: 5
+  uid: 9999999
+  email: user9999999@example.com
+  is_activated: true
+
+-
+  id: 6
+  uid: 10
+  email: user101@example.com
+  is_activated: true

models/fixtures/follow.yml

@@ -0,0 +1,4 @@
+-
+  id: 1
+  user_id: 4
+  follow_id: 2

models/fixtures/hook_task.yml

@@ -0,0 +1,5 @@
+-
+  id: 1
+  repo_id: 1
+  hook_id: 1
+  uuid: uuid1

models/fixtures/issue.yml

@@ -0,0 +1,59 @@
+-
+  id: 1
+  repo_id: 1
+  index: 1
+  poster_id: 1
+  assignee_id: 1
+  name: issue1
+  content: content1
+  is_closed: false
+  is_pull: false
+  num_comments: 2
+  created_unix: 946684800
+  updated_unix: 978307200
+
+-
+  id: 2
+  repo_id: 1
+  index: 2
+  poster_id: 1
+  name: issue2
+  content: content2
+  milestone_id: 1
+  is_closed: false
+  is_pull: true
+  created_unix: 946684810
+  updated_unix: 978307190
+
+
+-
+  id: 3
+  repo_id: 1
+  index: 3
+  poster_id: 1
+  name: issue3
+  content: content4
+  is_closed: false
+  is_pull: true
+  created_unix: 946684820
+  updated_unix: 978307180
+
+-
+  id: 4
+  repo_id: 2
+  index: 1
+  poster_id: 2
+  name: issue4
+  content: content4
+  is_closed: true
+  is_pull: false
+
+-
+  id: 5
+  repo_id: 1
+  index: 4
+  poster_id: 2
+  name: issue5
+  content: content5
+  is_closed: true
+  is_pull: false

models/fixtures/issue_label.yml

@@ -0,0 +1,14 @@
+-
+  id: 1
+  issue_id: 1
+  label_id: 1
+
+-
+  id: 2
+  issue_id: 5
+  label_id: 2
+
+-
+  id: 3
+  issue_id: 2
+  label_id: 1

models/fixtures/issue_user.yml

@@ -0,0 +1,23 @@
+-
+  id: 1
+  uid: 1
+  issue_id: 1
+  is_read: true
+  is_assigned: true
+  is_mentioned: false
+
+-
+  id: 2
+  uid: 2
+  issue_id: 1
+  is_read: true
+  is_assigned: false
+  is_mentioned: false
+
+-
+  id: 3
+  uid: 4
+  issue_id: 1
+  is_read: false
+  is_assigned: false
+  is_mentioned: false