Refactor routers directory (#15800)

* refactor routers directory

* move func used for web and api to common

* make corsHandler a function to prohibit side efects

* rm unused func

Co-authored-by: 6543 <6543@obermui.de>

routers/web/repo/activity.go

@@ -0,0 +1,103 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+)
+
+const (
+	tplActivity base.TplName = "repo/activity"
+)
+
+// Activity render the page to show repository latest changes
+func Activity(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.activity")
+	ctx.Data["PageIsActivity"] = true
+
+	ctx.Data["Period"] = ctx.Params("period")
+
+	timeUntil := time.Now()
+	var timeFrom time.Time
+
+	switch ctx.Data["Period"] {
+	case "daily":
+		timeFrom = timeUntil.Add(-time.Hour * 24)
+	case "halfweekly":
+		timeFrom = timeUntil.Add(-time.Hour * 72)
+	case "weekly":
+		timeFrom = timeUntil.Add(-time.Hour * 168)
+	case "monthly":
+		timeFrom = timeUntil.AddDate(0, -1, 0)
+	case "quarterly":
+		timeFrom = timeUntil.AddDate(0, -3, 0)
+	case "semiyearly":
+		timeFrom = timeUntil.AddDate(0, -6, 0)
+	case "yearly":
+		timeFrom = timeUntil.AddDate(-1, 0, 0)
+	default:
+		ctx.Data["Period"] = "weekly"
+		timeFrom = timeUntil.Add(-time.Hour * 168)
+	}
+	ctx.Data["DateFrom"] = timeFrom.Format("January 2, 2006")
+	ctx.Data["DateUntil"] = timeUntil.Format("January 2, 2006")
+	ctx.Data["PeriodText"] = ctx.Tr("repo.activity.period." + ctx.Data["Period"].(string))
+
+	var err error
+	if ctx.Data["Activity"], err = models.GetActivityStats(ctx.Repo.Repository, timeFrom,
+		ctx.Repo.CanRead(models.UnitTypeReleases),
+		ctx.Repo.CanRead(models.UnitTypeIssues),
+		ctx.Repo.CanRead(models.UnitTypePullRequests),
+		ctx.Repo.CanRead(models.UnitTypeCode)); err != nil {
+		ctx.ServerError("GetActivityStats", err)
+		return
+	}
+
+	if ctx.Data["ActivityTopAuthors"], err = models.GetActivityStatsTopAuthors(ctx.Repo.Repository, timeFrom, 10); err != nil {
+		ctx.ServerError("GetActivityStatsTopAuthors", err)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplActivity)
+}
+
+// ActivityAuthors renders JSON with top commit authors for given time period over all branches
+func ActivityAuthors(ctx *context.Context) {
+	timeUntil := time.Now()
+	var timeFrom time.Time
+
+	switch ctx.Params("period") {
+	case "daily":
+		timeFrom = timeUntil.Add(-time.Hour * 24)
+	case "halfweekly":
+		timeFrom = timeUntil.Add(-time.Hour * 72)
+	case "weekly":
+		timeFrom = timeUntil.Add(-time.Hour * 168)
+	case "monthly":
+		timeFrom = timeUntil.AddDate(0, -1, 0)
+	case "quarterly":
+		timeFrom = timeUntil.AddDate(0, -3, 0)
+	case "semiyearly":
+		timeFrom = timeUntil.AddDate(0, -6, 0)
+	case "yearly":
+		timeFrom = timeUntil.AddDate(-1, 0, 0)
+	default:
+		timeFrom = timeUntil.Add(-time.Hour * 168)
+	}
+
+	var err error
+	authors, err := models.GetActivityStatsTopAuthors(ctx.Repo.Repository, timeFrom, 10)
+	if err != nil {
+		ctx.ServerError("GetActivityStatsTopAuthors", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, authors)
+}

routers/web/repo/attachment.go

@@ -0,0 +1,160 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"fmt"
+	"net/http"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/httpcache"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+	"code.gitea.io/gitea/modules/upload"
+	"code.gitea.io/gitea/routers/common"
+)
+
+// UploadIssueAttachment response for Issue/PR attachments
+func UploadIssueAttachment(ctx *context.Context) {
+	uploadAttachment(ctx, setting.Attachment.AllowedTypes)
+}
+
+// UploadReleaseAttachment response for uploading release attachments
+func UploadReleaseAttachment(ctx *context.Context) {
+	uploadAttachment(ctx, setting.Repository.Release.AllowedTypes)
+}
+
+// UploadAttachment response for uploading attachments
+func uploadAttachment(ctx *context.Context, allowedTypes string) {
+	if !setting.Attachment.Enabled {
+		ctx.Error(http.StatusNotFound, "attachment is not enabled")
+		return
+	}
+
+	file, header, err := ctx.Req.FormFile("file")
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("FormFile: %v", err))
+		return
+	}
+	defer file.Close()
+
+	buf := make([]byte, 1024)
+	n, _ := file.Read(buf)
+	if n > 0 {
+		buf = buf[:n]
+	}
+
+	err = upload.Verify(buf, header.Filename, allowedTypes)
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, err.Error())
+		return
+	}
+
+	attach, err := models.NewAttachment(&models.Attachment{
+		UploaderID: ctx.User.ID,
+		Name:       header.Filename,
+	}, buf, file)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("NewAttachment: %v", err))
+		return
+	}
+
+	log.Trace("New attachment uploaded: %s", attach.UUID)
+	ctx.JSON(http.StatusOK, map[string]string{
+		"uuid": attach.UUID,
+	})
+}
+
+// DeleteAttachment response for deleting issue's attachment
+func DeleteAttachment(ctx *context.Context) {
+	file := ctx.Query("file")
+	attach, err := models.GetAttachmentByUUID(file)
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, err.Error())
+		return
+	}
+	if !ctx.IsSigned || (ctx.User.ID != attach.UploaderID) {
+		ctx.Error(http.StatusForbidden)
+		return
+	}
+	err = models.DeleteAttachment(attach, true)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("DeleteAttachment: %v", err))
+		return
+	}
+	ctx.JSON(http.StatusOK, map[string]string{
+		"uuid": attach.UUID,
+	})
+}
+
+// GetAttachment serve attachements
+func GetAttachment(ctx *context.Context) {
+	attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid"))
+	if err != nil {
+		if models.IsErrAttachmentNotExist(err) {
+			ctx.Error(http.StatusNotFound)
+		} else {
+			ctx.ServerError("GetAttachmentByUUID", err)
+		}
+		return
+	}
+
+	repository, unitType, err := attach.LinkedRepository()
+	if err != nil {
+		ctx.ServerError("LinkedRepository", err)
+		return
+	}
+
+	if repository == nil { //If not linked
+		if !(ctx.IsSigned && attach.UploaderID == ctx.User.ID) { //We block if not the uploader
+			ctx.Error(http.StatusNotFound)
+			return
+		}
+	} else { //If we have the repository we check access
+		perm, err := models.GetUserRepoPermission(repository, ctx.User)
+		if err != nil {
+			ctx.Error(http.StatusInternalServerError, "GetUserRepoPermission", err.Error())
+			return
+		}
+		if !perm.CanRead(unitType) {
+			ctx.Error(http.StatusNotFound)
+			return
+		}
+	}
+
+	if err := attach.IncreaseDownloadCount(); err != nil {
+		ctx.ServerError("IncreaseDownloadCount", err)
+		return
+	}
+
+	if setting.Attachment.ServeDirect {
+		//If we have a signed url (S3, object storage), redirect to this directly.
+		u, err := storage.Attachments.URL(attach.RelativePath(), attach.Name)
+
+		if u != nil && err == nil {
+			ctx.Redirect(u.String())
+			return
+		}
+	}
+
+	if httpcache.HandleGenericETagCache(ctx.Req, ctx.Resp, `"`+attach.UUID+`"`) {
+		return
+	}
+
+	//If we have matched and access to release or issue
+	fr, err := storage.Attachments.Open(attach.RelativePath())
+	if err != nil {
+		ctx.ServerError("Open", err)
+		return
+	}
+	defer fr.Close()
+
+	if err = common.ServeData(ctx, attach.Name, attach.Size, fr); err != nil {
+		ctx.ServerError("ServeData", err)
+		return
+	}
+}

routers/web/repo/blame.go

@@ -0,0 +1,251 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"bytes"
+	"container/list"
+	"fmt"
+	"html"
+	gotemplate "html/template"
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/highlight"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/modules/timeutil"
+)
+
+const (
+	tplBlame base.TplName = "repo/home"
+)
+
+// RefBlame render blame page
+func RefBlame(ctx *context.Context) {
+	fileName := ctx.Repo.TreePath
+	if len(fileName) == 0 {
+		ctx.NotFound("Blame FileName", nil)
+		return
+	}
+
+	userName := ctx.Repo.Owner.Name
+	repoName := ctx.Repo.Repository.Name
+	commitID := ctx.Repo.CommitID
+
+	commit, err := ctx.Repo.GitRepo.GetCommit(commitID)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound("Repo.GitRepo.GetCommit", err)
+		} else {
+			ctx.ServerError("Repo.GitRepo.GetCommit", err)
+		}
+		return
+	}
+	if len(commitID) != 40 {
+		commitID = commit.ID.String()
+	}
+
+	branchLink := ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+	treeLink := branchLink
+	rawLink := ctx.Repo.RepoLink + "/raw/" + ctx.Repo.BranchNameSubURL()
+
+	if len(ctx.Repo.TreePath) > 0 {
+		treeLink += "/" + ctx.Repo.TreePath
+	}
+
+	var treeNames []string
+	paths := make([]string, 0, 5)
+	if len(ctx.Repo.TreePath) > 0 {
+		treeNames = strings.Split(ctx.Repo.TreePath, "/")
+		for i := range treeNames {
+			paths = append(paths, strings.Join(treeNames[:i+1], "/"))
+		}
+
+		ctx.Data["HasParentPath"] = true
+		if len(paths)-2 >= 0 {
+			ctx.Data["ParentPath"] = "/" + paths[len(paths)-1]
+		}
+	}
+
+	// Show latest commit info of repository in table header,
+	// or of directory if not in root directory.
+	latestCommit := ctx.Repo.Commit
+	if len(ctx.Repo.TreePath) > 0 {
+		latestCommit, err = ctx.Repo.Commit.GetCommitByPath(ctx.Repo.TreePath)
+		if err != nil {
+			ctx.ServerError("GetCommitByPath", err)
+			return
+		}
+	}
+	ctx.Data["LatestCommit"] = latestCommit
+	ctx.Data["LatestCommitVerification"] = models.ParseCommitWithSignature(latestCommit)
+	ctx.Data["LatestCommitUser"] = models.ValidateCommitWithEmail(latestCommit)
+
+	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository.ID, ctx.Repo.Commit.ID.String(), models.ListOptions{})
+	if err != nil {
+		log.Error("GetLatestCommitStatus: %v", err)
+	}
+
+	// Get current entry user currently looking at.
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+	if err != nil {
+		ctx.NotFoundOrServerError("Repo.Commit.GetTreeEntryByPath", git.IsErrNotExist, err)
+		return
+	}
+
+	blob := entry.Blob()
+
+	ctx.Data["LatestCommitStatus"] = models.CalcCommitStatus(statuses)
+	ctx.Data["LatestCommitStatuses"] = statuses
+
+	ctx.Data["Paths"] = paths
+	ctx.Data["TreeLink"] = treeLink
+	ctx.Data["TreeNames"] = treeNames
+	ctx.Data["BranchLink"] = branchLink
+
+	ctx.Data["RawFileLink"] = rawLink + "/" + ctx.Repo.TreePath
+	ctx.Data["PageIsViewCode"] = true
+
+	ctx.Data["IsBlame"] = true
+
+	ctx.Data["FileSize"] = blob.Size()
+	ctx.Data["FileName"] = blob.Name()
+
+	ctx.Data["NumLines"], err = blob.GetBlobLineCount()
+	if err != nil {
+		ctx.NotFound("GetBlobLineCount", err)
+		return
+	}
+
+	blameReader, err := git.CreateBlameReader(ctx, models.RepoPath(userName, repoName), commitID, fileName)
+	if err != nil {
+		ctx.NotFound("CreateBlameReader", err)
+		return
+	}
+	defer blameReader.Close()
+
+	blameParts := make([]git.BlamePart, 0)
+
+	for {
+		blamePart, err := blameReader.NextPart()
+		if err != nil {
+			ctx.NotFound("NextPart", err)
+			return
+		}
+		if blamePart == nil {
+			break
+		}
+		blameParts = append(blameParts, *blamePart)
+	}
+
+	commitNames := make(map[string]models.UserCommit)
+	commits := list.New()
+
+	for _, part := range blameParts {
+		sha := part.Sha
+		if _, ok := commitNames[sha]; ok {
+			continue
+		}
+
+		commit, err := ctx.Repo.GitRepo.GetCommit(sha)
+		if err != nil {
+			if git.IsErrNotExist(err) {
+				ctx.NotFound("Repo.GitRepo.GetCommit", err)
+			} else {
+				ctx.ServerError("Repo.GitRepo.GetCommit", err)
+			}
+			return
+		}
+
+		commits.PushBack(commit)
+
+		commitNames[commit.ID.String()] = models.UserCommit{}
+	}
+
+	commits = models.ValidateCommitsWithEmails(commits)
+
+	for e := commits.Front(); e != nil; e = e.Next() {
+		c := e.Value.(models.UserCommit)
+
+		commitNames[c.ID.String()] = c
+	}
+
+	// Get Topics of this repo
+	renderRepoTopics(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	renderBlame(ctx, blameParts, commitNames)
+
+	ctx.HTML(http.StatusOK, tplBlame)
+}
+
+func renderBlame(ctx *context.Context, blameParts []git.BlamePart, commitNames map[string]models.UserCommit) {
+	repoLink := ctx.Repo.RepoLink
+
+	var lines = make([]string, 0)
+
+	var commitInfo bytes.Buffer
+	var lineNumbers bytes.Buffer
+	var codeLines bytes.Buffer
+
+	var i = 0
+	for pi, part := range blameParts {
+		for index, line := range part.Lines {
+			i++
+			lines = append(lines, line)
+
+			var attr = ""
+			if len(part.Lines)-1 == index && len(blameParts)-1 != pi {
+				attr = " bottom-line"
+			}
+			commit := commitNames[part.Sha]
+			if index == 0 {
+				// User avatar image
+				commitSince := timeutil.TimeSinceUnix(timeutil.TimeStamp(commit.Author.When.Unix()), ctx.Data["Lang"].(string))
+
+				var avatar string
+				if commit.User != nil {
+					avatar = string(templates.Avatar(commit.User, 18, "mr-3"))
+				} else {
+					avatar = string(templates.AvatarByEmail(commit.Author.Email, commit.Author.Name, 18, "mr-3"))
+				}
+
+				commitInfo.WriteString(fmt.Sprintf(`<div class="blame-info%s"><div class="blame-data"><div class="blame-avatar">%s</div><div class="blame-message"><a href="%s/commit/%s" title="%[5]s">%[5]s</a></div><div class="blame-time">%s</div></div></div>`, attr, avatar, repoLink, part.Sha, html.EscapeString(commit.CommitMessage), commitSince))
+			} else {
+				commitInfo.WriteString(fmt.Sprintf(`<div class="blame-info%s">&#8203;</div>`, attr))
+			}
+
+			//Line number
+			if len(part.Lines)-1 == index && len(blameParts)-1 != pi {
+				lineNumbers.WriteString(fmt.Sprintf(`<span id="L%d" data-line-number="%d" class="bottom-line"></span>`, i, i))
+			} else {
+				lineNumbers.WriteString(fmt.Sprintf(`<span id="L%d" data-line-number="%d"></span>`, i, i))
+			}
+
+			if i != len(lines)-1 {
+				line += "\n"
+			}
+			fileName := fmt.Sprintf("%v", ctx.Data["FileName"])
+			line = highlight.Code(fileName, line)
+			line = `<code class="code-inner">` + line + `</code>`
+			if len(part.Lines)-1 == index && len(blameParts)-1 != pi {
+				codeLines.WriteString(fmt.Sprintf(`<li class="L%d bottom-line" rel="L%d">%s</li>`, i, i, line))
+			} else {
+				codeLines.WriteString(fmt.Sprintf(`<li class="L%d" rel="L%d">%s</li>`, i, i, line))
+			}
+		}
+	}
+
+	ctx.Data["BlameContent"] = gotemplate.HTML(codeLines.String())
+	ctx.Data["BlameCommitInfo"] = gotemplate.HTML(commitInfo.String())
+	ctx.Data["BlameLineNums"] = gotemplate.HTML(lineNumbers.String())
+}

routers/web/repo/branch.go

@@ -0,0 +1,407 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/repofiles"
+	repo_module "code.gitea.io/gitea/modules/repository"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/routers/utils"
+	"code.gitea.io/gitea/services/forms"
+	release_service "code.gitea.io/gitea/services/release"
+	repo_service "code.gitea.io/gitea/services/repository"
+)
+
+const (
+	tplBranch base.TplName = "repo/branch/list"
+)
+
+// Branch contains the branch information
+type Branch struct {
+	Name              string
+	Commit            *git.Commit
+	IsProtected       bool
+	IsDeleted         bool
+	IsIncluded        bool
+	DeletedBranch     *models.DeletedBranch
+	CommitsAhead      int
+	CommitsBehind     int
+	LatestPullRequest *models.PullRequest
+	MergeMovedOn      bool
+}
+
+// Branches render repository branch page
+func Branches(ctx *context.Context) {
+	ctx.Data["Title"] = "Branches"
+	ctx.Data["IsRepoToolbarBranches"] = true
+	ctx.Data["DefaultBranch"] = ctx.Repo.Repository.DefaultBranch
+	ctx.Data["AllowsPulls"] = ctx.Repo.Repository.AllowsPulls()
+	ctx.Data["IsWriter"] = ctx.Repo.CanWrite(models.UnitTypeCode)
+	ctx.Data["IsMirror"] = ctx.Repo.Repository.IsMirror
+	ctx.Data["CanPull"] = ctx.Repo.CanWrite(models.UnitTypeCode) || (ctx.IsSigned && ctx.User.HasForkedRepo(ctx.Repo.Repository.ID))
+	ctx.Data["PageIsViewCode"] = true
+	ctx.Data["PageIsBranches"] = true
+
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	limit := ctx.QueryInt("limit")
+	if limit <= 0 || limit > git.BranchesRangeSize {
+		limit = git.BranchesRangeSize
+	}
+
+	skip := (page - 1) * limit
+	log.Debug("Branches: skip: %d limit: %d", skip, limit)
+	branches, branchesCount := loadBranches(ctx, skip, limit)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["Branches"] = branches
+	pager := context.NewPagination(int(branchesCount), git.BranchesRangeSize, page, 5)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplBranch)
+}
+
+// DeleteBranchPost responses for delete merged branch
+func DeleteBranchPost(ctx *context.Context) {
+	defer redirect(ctx)
+	branchName := ctx.Query("name")
+
+	if err := repo_service.DeleteBranch(ctx.User, ctx.Repo.Repository, ctx.Repo.GitRepo, branchName); err != nil {
+		switch {
+		case git.IsErrBranchNotExist(err):
+			log.Debug("DeleteBranch: Can't delete non existing branch '%s'", branchName)
+			ctx.Flash.Error(ctx.Tr("repo.branch.deletion_failed", branchName))
+		case errors.Is(err, repo_service.ErrBranchIsDefault):
+			log.Debug("DeleteBranch: Can't delete default branch '%s'", branchName)
+			ctx.Flash.Error(ctx.Tr("repo.branch.default_deletion_failed", branchName))
+		case errors.Is(err, repo_service.ErrBranchIsProtected):
+			log.Debug("DeleteBranch: Can't delete protected branch '%s'", branchName)
+			ctx.Flash.Error(ctx.Tr("repo.branch.protected_deletion_failed", branchName))
+		default:
+			log.Error("DeleteBranch: %v", err)
+			ctx.Flash.Error(ctx.Tr("repo.branch.deletion_failed", branchName))
+		}
+
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.branch.deletion_success", branchName))
+}
+
+// RestoreBranchPost responses for delete merged branch
+func RestoreBranchPost(ctx *context.Context) {
+	defer redirect(ctx)
+
+	branchID := ctx.QueryInt64("branch_id")
+	branchName := ctx.Query("name")
+
+	deletedBranch, err := ctx.Repo.Repository.GetDeletedBranchByID(branchID)
+	if err != nil {
+		log.Error("GetDeletedBranchByID: %v", err)
+		ctx.Flash.Error(ctx.Tr("repo.branch.restore_failed", branchName))
+		return
+	}
+
+	if err := git.Push(ctx.Repo.Repository.RepoPath(), git.PushOptions{
+		Remote: ctx.Repo.Repository.RepoPath(),
+		Branch: fmt.Sprintf("%s:%s%s", deletedBranch.Commit, git.BranchPrefix, deletedBranch.Name),
+		Env:    models.PushingEnvironment(ctx.User, ctx.Repo.Repository),
+	}); err != nil {
+		if strings.Contains(err.Error(), "already exists") {
+			log.Debug("RestoreBranch: Can't restore branch '%s', since one with same name already exist", deletedBranch.Name)
+			ctx.Flash.Error(ctx.Tr("repo.branch.already_exists", deletedBranch.Name))
+			return
+		}
+		log.Error("RestoreBranch: CreateBranch: %v", err)
+		ctx.Flash.Error(ctx.Tr("repo.branch.restore_failed", deletedBranch.Name))
+		return
+	}
+
+	// Don't return error below this
+	if err := repo_service.PushUpdate(
+		&repo_module.PushUpdateOptions{
+			RefFullName:  git.BranchPrefix + deletedBranch.Name,
+			OldCommitID:  git.EmptySHA,
+			NewCommitID:  deletedBranch.Commit,
+			PusherID:     ctx.User.ID,
+			PusherName:   ctx.User.Name,
+			RepoUserName: ctx.Repo.Owner.Name,
+			RepoName:     ctx.Repo.Repository.Name,
+		}); err != nil {
+		log.Error("RestoreBranch: Update: %v", err)
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.branch.restore_success", deletedBranch.Name))
+}
+
+func redirect(ctx *context.Context) {
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": ctx.Repo.RepoLink + "/branches",
+	})
+}
+
+// loadBranches loads branches from the repository limited by page & pageSize.
+// NOTE: May write to context on error.
+func loadBranches(ctx *context.Context, skip, limit int) ([]*Branch, int) {
+	defaultBranch, err := repo_module.GetBranch(ctx.Repo.Repository, ctx.Repo.Repository.DefaultBranch)
+	if err != nil {
+		log.Error("loadBranches: get default branch: %v", err)
+		ctx.ServerError("GetDefaultBranch", err)
+		return nil, 0
+	}
+
+	rawBranches, totalNumOfBranches, err := repo_module.GetBranches(ctx.Repo.Repository, skip, limit)
+	if err != nil {
+		log.Error("GetBranches: %v", err)
+		ctx.ServerError("GetBranches", err)
+		return nil, 0
+	}
+
+	protectedBranches, err := ctx.Repo.Repository.GetProtectedBranches()
+	if err != nil {
+		ctx.ServerError("GetProtectedBranches", err)
+		return nil, 0
+	}
+
+	repoIDToRepo := map[int64]*models.Repository{}
+	repoIDToRepo[ctx.Repo.Repository.ID] = ctx.Repo.Repository
+
+	repoIDToGitRepo := map[int64]*git.Repository{}
+	repoIDToGitRepo[ctx.Repo.Repository.ID] = ctx.Repo.GitRepo
+
+	var branches []*Branch
+	for i := range rawBranches {
+		if rawBranches[i].Name == defaultBranch.Name {
+			// Skip default branch
+			continue
+		}
+
+		var branch = loadOneBranch(ctx, rawBranches[i], protectedBranches, repoIDToRepo, repoIDToGitRepo)
+		if branch == nil {
+			return nil, 0
+		}
+
+		branches = append(branches, branch)
+	}
+
+	// Always add the default branch
+	log.Debug("loadOneBranch: load default: '%s'", defaultBranch.Name)
+	branches = append(branches, loadOneBranch(ctx, defaultBranch, protectedBranches, repoIDToRepo, repoIDToGitRepo))
+
+	if ctx.Repo.CanWrite(models.UnitTypeCode) {
+		deletedBranches, err := getDeletedBranches(ctx)
+		if err != nil {
+			ctx.ServerError("getDeletedBranches", err)
+			return nil, 0
+		}
+		branches = append(branches, deletedBranches...)
+	}
+
+	return branches, totalNumOfBranches - 1
+}
+
+func loadOneBranch(ctx *context.Context, rawBranch *git.Branch, protectedBranches []*models.ProtectedBranch,
+	repoIDToRepo map[int64]*models.Repository,
+	repoIDToGitRepo map[int64]*git.Repository) *Branch {
+	log.Trace("loadOneBranch: '%s'", rawBranch.Name)
+
+	commit, err := rawBranch.GetCommit()
+	if err != nil {
+		ctx.ServerError("GetCommit", err)
+		return nil
+	}
+
+	branchName := rawBranch.Name
+	var isProtected bool
+	for _, b := range protectedBranches {
+		if b.BranchName == branchName {
+			isProtected = true
+			break
+		}
+	}
+
+	divergence, divergenceError := repofiles.CountDivergingCommits(ctx.Repo.Repository, git.BranchPrefix+branchName)
+	if divergenceError != nil {
+		ctx.ServerError("CountDivergingCommits", divergenceError)
+		return nil
+	}
+
+	pr, err := models.GetLatestPullRequestByHeadInfo(ctx.Repo.Repository.ID, branchName)
+	if err != nil {
+		ctx.ServerError("GetLatestPullRequestByHeadInfo", err)
+		return nil
+	}
+	headCommit := commit.ID.String()
+
+	mergeMovedOn := false
+	if pr != nil {
+		pr.HeadRepo = ctx.Repo.Repository
+		if err := pr.LoadIssue(); err != nil {
+			ctx.ServerError("pr.LoadIssue", err)
+			return nil
+		}
+		if repo, ok := repoIDToRepo[pr.BaseRepoID]; ok {
+			pr.BaseRepo = repo
+		} else if err := pr.LoadBaseRepo(); err != nil {
+			ctx.ServerError("pr.LoadBaseRepo", err)
+			return nil
+		} else {
+			repoIDToRepo[pr.BaseRepoID] = pr.BaseRepo
+		}
+		pr.Issue.Repo = pr.BaseRepo
+
+		if pr.HasMerged {
+			baseGitRepo, ok := repoIDToGitRepo[pr.BaseRepoID]
+			if !ok {
+				baseGitRepo, err = git.OpenRepository(pr.BaseRepo.RepoPath())
+				if err != nil {
+					ctx.ServerError("OpenRepository", err)
+					return nil
+				}
+				defer baseGitRepo.Close()
+				repoIDToGitRepo[pr.BaseRepoID] = baseGitRepo
+			}
+			pullCommit, err := baseGitRepo.GetRefCommitID(pr.GetGitRefName())
+			if err != nil && !git.IsErrNotExist(err) {
+				ctx.ServerError("GetBranchCommitID", err)
+				return nil
+			}
+			if err == nil && headCommit != pullCommit {
+				// the head has moved on from the merge - we shouldn't delete
+				mergeMovedOn = true
+			}
+		}
+	}
+
+	isIncluded := divergence.Ahead == 0 && ctx.Repo.Repository.DefaultBranch != branchName
+	return &Branch{
+		Name:              branchName,
+		Commit:            commit,
+		IsProtected:       isProtected,
+		IsIncluded:        isIncluded,
+		CommitsAhead:      divergence.Ahead,
+		CommitsBehind:     divergence.Behind,
+		LatestPullRequest: pr,
+		MergeMovedOn:      mergeMovedOn,
+	}
+}
+
+func getDeletedBranches(ctx *context.Context) ([]*Branch, error) {
+	branches := []*Branch{}
+
+	deletedBranches, err := ctx.Repo.Repository.GetDeletedBranches()
+	if err != nil {
+		return branches, err
+	}
+
+	for i := range deletedBranches {
+		deletedBranches[i].LoadUser()
+		branches = append(branches, &Branch{
+			Name:          deletedBranches[i].Name,
+			IsDeleted:     true,
+			DeletedBranch: deletedBranches[i],
+		})
+	}
+
+	return branches, nil
+}
+
+// CreateBranch creates new branch in repository
+func CreateBranch(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewBranchForm)
+	if !ctx.Repo.CanCreateBranch() {
+		ctx.NotFound("CreateBranch", nil)
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.GetErrMsg())
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL())
+		return
+	}
+
+	var err error
+
+	if form.CreateTag {
+		if ctx.Repo.IsViewTag {
+			err = release_service.CreateNewTag(ctx.User, ctx.Repo.Repository, ctx.Repo.CommitID, form.NewBranchName, "")
+		} else {
+			err = release_service.CreateNewTag(ctx.User, ctx.Repo.Repository, ctx.Repo.BranchName, form.NewBranchName, "")
+		}
+	} else if ctx.Repo.IsViewBranch {
+		err = repo_module.CreateNewBranch(ctx.User, ctx.Repo.Repository, ctx.Repo.BranchName, form.NewBranchName)
+	} else if ctx.Repo.IsViewTag {
+		err = repo_module.CreateNewBranchFromCommit(ctx.User, ctx.Repo.Repository, ctx.Repo.CommitID, form.NewBranchName)
+	} else {
+		err = repo_module.CreateNewBranchFromCommit(ctx.User, ctx.Repo.Repository, ctx.Repo.BranchName, form.NewBranchName)
+	}
+	if err != nil {
+		if models.IsErrTagAlreadyExists(err) {
+			e := err.(models.ErrTagAlreadyExists)
+			ctx.Flash.Error(ctx.Tr("repo.branch.tag_collision", e.TagName))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL())
+			return
+		}
+		if models.IsErrBranchAlreadyExists(err) || git.IsErrPushOutOfDate(err) {
+			ctx.Flash.Error(ctx.Tr("repo.branch.branch_already_exists", form.NewBranchName))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL())
+			return
+		}
+		if models.IsErrBranchNameConflict(err) {
+			e := err.(models.ErrBranchNameConflict)
+			ctx.Flash.Error(ctx.Tr("repo.branch.branch_name_conflict", form.NewBranchName, e.BranchName))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL())
+			return
+		}
+		if git.IsErrPushRejected(err) {
+			e := err.(*git.ErrPushRejected)
+			if len(e.Message) == 0 {
+				ctx.Flash.Error(ctx.Tr("repo.editor.push_rejected_no_message"))
+			} else {
+				flashError, err := ctx.HTMLString(string(tplAlertDetails), map[string]interface{}{
+					"Message": ctx.Tr("repo.editor.push_rejected"),
+					"Summary": ctx.Tr("repo.editor.push_rejected_summary"),
+					"Details": utils.SanitizeFlashErrorString(e.Message),
+				})
+				if err != nil {
+					ctx.ServerError("UpdatePullRequest.HTMLString", err)
+					return
+				}
+				ctx.Flash.Error(flashError)
+			}
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL())
+			return
+		}
+
+		ctx.ServerError("CreateNewBranch", err)
+		return
+	}
+
+	if form.CreateTag {
+		ctx.Flash.Success(ctx.Tr("repo.tag.create_success", form.NewBranchName))
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/tag/" + util.PathEscapeSegments(form.NewBranchName))
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.branch.create_success", form.NewBranchName))
+	ctx.Redirect(ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(form.NewBranchName))
+}

routers/web/repo/commit.go

@@ -0,0 +1,401 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"errors"
+	"net/http"
+	"path"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/charset"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/gitgraph"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/services/gitdiff"
+)
+
+const (
+	tplCommits    base.TplName = "repo/commits"
+	tplGraph      base.TplName = "repo/graph"
+	tplGraphDiv   base.TplName = "repo/graph/div"
+	tplCommitPage base.TplName = "repo/commit_page"
+)
+
+// RefCommits render commits page
+func RefCommits(ctx *context.Context) {
+	switch {
+	case len(ctx.Repo.TreePath) == 0:
+		Commits(ctx)
+	case ctx.Repo.TreePath == "search":
+		SearchCommits(ctx)
+	default:
+		FileHistory(ctx)
+	}
+}
+
+// Commits render branch's commits
+func Commits(ctx *context.Context) {
+	ctx.Data["PageIsCommits"] = true
+	if ctx.Repo.Commit == nil {
+		ctx.NotFound("Commit not found", nil)
+		return
+	}
+	ctx.Data["PageIsViewCode"] = true
+
+	commitsCount, err := ctx.Repo.GetCommitsCount()
+	if err != nil {
+		ctx.ServerError("GetCommitsCount", err)
+		return
+	}
+
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	pageSize := ctx.QueryInt("limit")
+	if pageSize <= 0 {
+		pageSize = git.CommitsRangeSize
+	}
+
+	// Both `git log branchName` and `git log commitId` work.
+	commits, err := ctx.Repo.Commit.CommitsByRange(page, pageSize)
+	if err != nil {
+		ctx.ServerError("CommitsByRange", err)
+		return
+	}
+	commits = models.ValidateCommitsWithEmails(commits)
+	commits = models.ParseCommitsWithSignature(commits, ctx.Repo.Repository)
+	commits = models.ParseCommitsWithStatus(commits, ctx.Repo.Repository)
+	ctx.Data["Commits"] = commits
+
+	ctx.Data["Username"] = ctx.Repo.Owner.Name
+	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
+	ctx.Data["CommitCount"] = commitsCount
+	ctx.Data["Branch"] = ctx.Repo.BranchName
+
+	pager := context.NewPagination(int(commitsCount), git.CommitsRangeSize, page, 5)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplCommits)
+}
+
+// Graph render commit graph - show commits from all branches.
+func Graph(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.commit_graph")
+	ctx.Data["PageIsCommits"] = true
+	ctx.Data["PageIsViewCode"] = true
+	mode := strings.ToLower(ctx.QueryTrim("mode"))
+	if mode != "monochrome" {
+		mode = "color"
+	}
+	ctx.Data["Mode"] = mode
+	hidePRRefs := ctx.QueryBool("hide-pr-refs")
+	ctx.Data["HidePRRefs"] = hidePRRefs
+	branches := ctx.QueryStrings("branch")
+	realBranches := make([]string, len(branches))
+	copy(realBranches, branches)
+	for i, branch := range realBranches {
+		if strings.HasPrefix(branch, "--") {
+			realBranches[i] = "refs/heads/" + branch
+		}
+	}
+	ctx.Data["SelectedBranches"] = realBranches
+	files := ctx.QueryStrings("file")
+
+	commitsCount, err := ctx.Repo.GetCommitsCount()
+	if err != nil {
+		ctx.ServerError("GetCommitsCount", err)
+		return
+	}
+
+	graphCommitsCount, err := ctx.Repo.GetCommitGraphsCount(hidePRRefs, realBranches, files)
+	if err != nil {
+		log.Warn("GetCommitGraphsCount error for generate graph exclude prs: %t branches: %s in %-v, Will Ignore branches and try again. Underlying Error: %v", hidePRRefs, branches, ctx.Repo.Repository, err)
+		realBranches = []string{}
+		branches = []string{}
+		graphCommitsCount, err = ctx.Repo.GetCommitGraphsCount(hidePRRefs, realBranches, files)
+		if err != nil {
+			ctx.ServerError("GetCommitGraphsCount", err)
+			return
+		}
+	}
+
+	page := ctx.QueryInt("page")
+
+	graph, err := gitgraph.GetCommitGraph(ctx.Repo.GitRepo, page, 0, hidePRRefs, realBranches, files)
+	if err != nil {
+		ctx.ServerError("GetCommitGraph", err)
+		return
+	}
+
+	if err := graph.LoadAndProcessCommits(ctx.Repo.Repository, ctx.Repo.GitRepo); err != nil {
+		ctx.ServerError("LoadAndProcessCommits", err)
+		return
+	}
+
+	ctx.Data["Graph"] = graph
+
+	gitRefs, err := ctx.Repo.GitRepo.GetRefs()
+	if err != nil {
+		ctx.ServerError("GitRepo.GetRefs", err)
+		return
+	}
+
+	ctx.Data["AllRefs"] = gitRefs
+
+	ctx.Data["Username"] = ctx.Repo.Owner.Name
+	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
+	ctx.Data["CommitCount"] = commitsCount
+	ctx.Data["Branch"] = ctx.Repo.BranchName
+	paginator := context.NewPagination(int(graphCommitsCount), setting.UI.GraphMaxCommitNum, page, 5)
+	paginator.AddParam(ctx, "mode", "Mode")
+	paginator.AddParam(ctx, "hide-pr-refs", "HidePRRefs")
+	for _, branch := range branches {
+		paginator.AddParamString("branch", branch)
+	}
+	for _, file := range files {
+		paginator.AddParamString("file", file)
+	}
+	ctx.Data["Page"] = paginator
+	if ctx.QueryBool("div-only") {
+		ctx.HTML(http.StatusOK, tplGraphDiv)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplGraph)
+}
+
+// SearchCommits render commits filtered by keyword
+func SearchCommits(ctx *context.Context) {
+	ctx.Data["PageIsCommits"] = true
+	ctx.Data["PageIsViewCode"] = true
+
+	query := strings.Trim(ctx.Query("q"), " ")
+	if len(query) == 0 {
+		ctx.Redirect(ctx.Repo.RepoLink + "/commits/" + ctx.Repo.BranchNameSubURL())
+		return
+	}
+
+	all := ctx.QueryBool("all")
+	opts := git.NewSearchCommitsOptions(query, all)
+	commits, err := ctx.Repo.Commit.SearchCommits(opts)
+	if err != nil {
+		ctx.ServerError("SearchCommits", err)
+		return
+	}
+	commits = models.ValidateCommitsWithEmails(commits)
+	commits = models.ParseCommitsWithSignature(commits, ctx.Repo.Repository)
+	commits = models.ParseCommitsWithStatus(commits, ctx.Repo.Repository)
+	ctx.Data["Commits"] = commits
+
+	ctx.Data["Keyword"] = query
+	if all {
+		ctx.Data["All"] = "checked"
+	}
+	ctx.Data["Username"] = ctx.Repo.Owner.Name
+	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
+	ctx.Data["CommitCount"] = commits.Len()
+	ctx.Data["Branch"] = ctx.Repo.BranchName
+	ctx.HTML(http.StatusOK, tplCommits)
+}
+
+// FileHistory show a file's reversions
+func FileHistory(ctx *context.Context) {
+	ctx.Data["IsRepoToolbarCommits"] = true
+
+	fileName := ctx.Repo.TreePath
+	if len(fileName) == 0 {
+		Commits(ctx)
+		return
+	}
+
+	branchName := ctx.Repo.BranchName
+	commitsCount, err := ctx.Repo.GitRepo.FileCommitsCount(branchName, fileName)
+	if err != nil {
+		ctx.ServerError("FileCommitsCount", err)
+		return
+	} else if commitsCount == 0 {
+		ctx.NotFound("FileCommitsCount", nil)
+		return
+	}
+
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	commits, err := ctx.Repo.GitRepo.CommitsByFileAndRange(branchName, fileName, page)
+	if err != nil {
+		ctx.ServerError("CommitsByFileAndRange", err)
+		return
+	}
+	commits = models.ValidateCommitsWithEmails(commits)
+	commits = models.ParseCommitsWithSignature(commits, ctx.Repo.Repository)
+	commits = models.ParseCommitsWithStatus(commits, ctx.Repo.Repository)
+	ctx.Data["Commits"] = commits
+
+	ctx.Data["Username"] = ctx.Repo.Owner.Name
+	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
+	ctx.Data["FileName"] = fileName
+	ctx.Data["CommitCount"] = commitsCount
+	ctx.Data["Branch"] = branchName
+
+	pager := context.NewPagination(int(commitsCount), git.CommitsRangeSize, page, 5)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplCommits)
+}
+
+// Diff show different from current commit to previous commit
+func Diff(ctx *context.Context) {
+	ctx.Data["PageIsDiff"] = true
+	ctx.Data["RequireHighlightJS"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["RequireTribute"] = true
+
+	userName := ctx.Repo.Owner.Name
+	repoName := ctx.Repo.Repository.Name
+	commitID := ctx.Params(":sha")
+	var (
+		gitRepo  *git.Repository
+		err      error
+		repoPath string
+	)
+
+	if ctx.Data["PageIsWiki"] != nil {
+		gitRepo, err = git.OpenRepository(ctx.Repo.Repository.WikiPath())
+		if err != nil {
+			ctx.ServerError("Repo.GitRepo.GetCommit", err)
+			return
+		}
+		repoPath = ctx.Repo.Repository.WikiPath()
+	} else {
+		gitRepo = ctx.Repo.GitRepo
+		repoPath = models.RepoPath(userName, repoName)
+	}
+
+	commit, err := gitRepo.GetCommit(commitID)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound("Repo.GitRepo.GetCommit", err)
+		} else {
+			ctx.ServerError("Repo.GitRepo.GetCommit", err)
+		}
+		return
+	}
+	if len(commitID) != 40 {
+		commitID = commit.ID.String()
+	}
+
+	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository.ID, commitID, models.ListOptions{})
+	if err != nil {
+		log.Error("GetLatestCommitStatus: %v", err)
+	}
+
+	ctx.Data["CommitStatus"] = models.CalcCommitStatus(statuses)
+	ctx.Data["CommitStatuses"] = statuses
+
+	diff, err := gitdiff.GetDiffCommitWithWhitespaceBehavior(repoPath,
+		commitID, setting.Git.MaxGitDiffLines,
+		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles,
+		gitdiff.GetWhitespaceFlag(ctx.Data["WhitespaceBehavior"].(string)))
+	if err != nil {
+		ctx.NotFound("GetDiffCommitWithWhitespaceBehavior", err)
+		return
+	}
+
+	parents := make([]string, commit.ParentCount())
+	for i := 0; i < commit.ParentCount(); i++ {
+		sha, err := commit.ParentID(i)
+		if err != nil {
+			ctx.NotFound("repo.Diff", err)
+			return
+		}
+		parents[i] = sha.String()
+	}
+
+	ctx.Data["CommitID"] = commitID
+	ctx.Data["AfterCommitID"] = commitID
+	ctx.Data["Username"] = userName
+	ctx.Data["Reponame"] = repoName
+
+	var parentCommit *git.Commit
+	if commit.ParentCount() > 0 {
+		parentCommit, err = gitRepo.GetCommit(parents[0])
+		if err != nil {
+			ctx.NotFound("GetParentCommit", err)
+			return
+		}
+	}
+	headTarget := path.Join(userName, repoName)
+	setCompareContext(ctx, parentCommit, commit, headTarget)
+	ctx.Data["Title"] = commit.Summary() + " · " + base.ShortSha(commitID)
+	ctx.Data["Commit"] = commit
+	verification := models.ParseCommitWithSignature(commit)
+	ctx.Data["Verification"] = verification
+	ctx.Data["Author"] = models.ValidateCommitWithEmail(commit)
+	ctx.Data["Diff"] = diff
+	ctx.Data["Parents"] = parents
+	ctx.Data["DiffNotAvailable"] = diff.NumFiles == 0
+
+	if err := models.CalculateTrustStatus(verification, ctx.Repo.Repository, nil); err != nil {
+		ctx.ServerError("CalculateTrustStatus", err)
+		return
+	}
+
+	note := &git.Note{}
+	err = git.GetNote(ctx, ctx.Repo.GitRepo, commitID, note)
+	if err == nil {
+		ctx.Data["Note"] = string(charset.ToUTF8WithFallback(note.Message))
+		ctx.Data["NoteCommit"] = note.Commit
+		ctx.Data["NoteAuthor"] = models.ValidateCommitWithEmail(note.Commit)
+	}
+
+	ctx.Data["BranchName"], err = commit.GetBranchName()
+	if err != nil {
+		ctx.ServerError("commit.GetBranchName", err)
+		return
+	}
+
+	ctx.Data["TagName"], err = commit.GetTagName()
+	if err != nil {
+		ctx.ServerError("commit.GetTagName", err)
+		return
+	}
+	ctx.HTML(http.StatusOK, tplCommitPage)
+}
+
+// RawDiff dumps diff results of repository in given commit ID to io.Writer
+func RawDiff(ctx *context.Context) {
+	var repoPath string
+	if ctx.Data["PageIsWiki"] != nil {
+		repoPath = ctx.Repo.Repository.WikiPath()
+	} else {
+		repoPath = models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
+	}
+	if err := git.GetRawDiff(
+		repoPath,
+		ctx.Params(":sha"),
+		git.RawDiffType(ctx.Params(":ext")),
+		ctx.Resp,
+	); err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound("GetRawDiff",
+				errors.New("commit "+ctx.Params(":sha")+" does not exist."))
+			return
+		}
+		ctx.ServerError("GetRawDiff", err)
+		return
+	}
+}

routers/web/repo/compare.go

@@ -0,0 +1,787 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"bufio"
+	"encoding/csv"
+	"errors"
+	"fmt"
+	"html"
+	"net/http"
+	"path"
+	"path/filepath"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/charset"
+	"code.gitea.io/gitea/modules/context"
+	csv_module "code.gitea.io/gitea/modules/csv"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/upload"
+	"code.gitea.io/gitea/services/gitdiff"
+)
+
+const (
+	tplCompare     base.TplName = "repo/diff/compare"
+	tplBlobExcerpt base.TplName = "repo/diff/blob_excerpt"
+)
+
+// setCompareContext sets context data.
+func setCompareContext(ctx *context.Context, base *git.Commit, head *git.Commit, headTarget string) {
+	ctx.Data["BaseCommit"] = base
+	ctx.Data["HeadCommit"] = head
+
+	ctx.Data["GetBlobByPathForCommit"] = func(commit *git.Commit, path string) *git.Blob {
+		if commit == nil {
+			return nil
+		}
+
+		blob, err := commit.GetBlobByPath(path)
+		if err != nil {
+			return nil
+		}
+		return blob
+	}
+
+	setPathsCompareContext(ctx, base, head, headTarget)
+	setImageCompareContext(ctx)
+	setCsvCompareContext(ctx)
+}
+
+// setPathsCompareContext sets context data for source and raw paths
+func setPathsCompareContext(ctx *context.Context, base *git.Commit, head *git.Commit, headTarget string) {
+	sourcePath := setting.AppSubURL + "/%s/src/commit/%s"
+	rawPath := setting.AppSubURL + "/%s/raw/commit/%s"
+
+	ctx.Data["SourcePath"] = fmt.Sprintf(sourcePath, headTarget, head.ID)
+	ctx.Data["RawPath"] = fmt.Sprintf(rawPath, headTarget, head.ID)
+	if base != nil {
+		baseTarget := path.Join(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
+		ctx.Data["BeforeSourcePath"] = fmt.Sprintf(sourcePath, baseTarget, base.ID)
+		ctx.Data["BeforeRawPath"] = fmt.Sprintf(rawPath, baseTarget, base.ID)
+	}
+}
+
+// setImageCompareContext sets context data that is required by image compare template
+func setImageCompareContext(ctx *context.Context) {
+	ctx.Data["IsBlobAnImage"] = func(blob *git.Blob) bool {
+		if blob == nil {
+			return false
+		}
+
+		st, err := blob.GuessContentType()
+		if err != nil {
+			log.Error("GuessContentType failed: %v", err)
+			return false
+		}
+		return st.IsImage() && (setting.UI.SVG.Enabled || !st.IsSvgImage())
+	}
+}
+
+// setCsvCompareContext sets context data that is required by the CSV compare template
+func setCsvCompareContext(ctx *context.Context) {
+	ctx.Data["IsCsvFile"] = func(diffFile *gitdiff.DiffFile) bool {
+		extension := strings.ToLower(filepath.Ext(diffFile.Name))
+		return extension == ".csv" || extension == ".tsv"
+	}
+
+	type CsvDiffResult struct {
+		Sections []*gitdiff.TableDiffSection
+		Error    string
+	}
+
+	ctx.Data["CreateCsvDiff"] = func(diffFile *gitdiff.DiffFile, baseCommit *git.Commit, headCommit *git.Commit) CsvDiffResult {
+		if diffFile == nil || baseCommit == nil || headCommit == nil {
+			return CsvDiffResult{nil, ""}
+		}
+
+		errTooLarge := errors.New(ctx.Locale.Tr("repo.error.csv.too_large"))
+
+		csvReaderFromCommit := func(c *git.Commit) (*csv.Reader, error) {
+			blob, err := c.GetBlobByPath(diffFile.Name)
+			if err != nil {
+				return nil, err
+			}
+
+			if setting.UI.CSV.MaxFileSize != 0 && setting.UI.CSV.MaxFileSize < blob.Size() {
+				return nil, errTooLarge
+			}
+
+			reader, err := blob.DataAsync()
+			if err != nil {
+				return nil, err
+			}
+			defer reader.Close()
+
+			return csv_module.CreateReaderAndGuessDelimiter(charset.ToUTF8WithFallbackReader(reader))
+		}
+
+		baseReader, err := csvReaderFromCommit(baseCommit)
+		if err == errTooLarge {
+			return CsvDiffResult{nil, err.Error()}
+		}
+		headReader, err := csvReaderFromCommit(headCommit)
+		if err == errTooLarge {
+			return CsvDiffResult{nil, err.Error()}
+		}
+
+		sections, err := gitdiff.CreateCsvDiff(diffFile, baseReader, headReader)
+		if err != nil {
+			errMessage, err := csv_module.FormatError(err, ctx.Locale)
+			if err != nil {
+				log.Error("RenderCsvDiff failed: %v", err)
+				return CsvDiffResult{nil, ""}
+			}
+			return CsvDiffResult{nil, errMessage}
+		}
+		return CsvDiffResult{sections, ""}
+	}
+}
+
+// ParseCompareInfo parse compare info between two commit for preparing comparing references
+func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, *git.Repository, *git.CompareInfo, string, string) {
+	baseRepo := ctx.Repo.Repository
+
+	// Get compared branches information
+	// A full compare url is of the form:
+	//
+	// 1. /{:baseOwner}/{:baseRepoName}/compare/{:baseBranch}...{:headBranch}
+	// 2. /{:baseOwner}/{:baseRepoName}/compare/{:baseBranch}...{:headOwner}:{:headBranch}
+	// 3. /{:baseOwner}/{:baseRepoName}/compare/{:baseBranch}...{:headOwner}/{:headRepoName}:{:headBranch}
+	//
+	// Here we obtain the infoPath "{:baseBranch}...[{:headOwner}/{:headRepoName}:]{:headBranch}" as ctx.Params("*")
+	// with the :baseRepo in ctx.Repo.
+	//
+	// Note: Generally :headRepoName is not provided here - we are only passed :headOwner.
+	//
+	// How do we determine the :headRepo?
+	//
+	// 1. If :headOwner is not set then the :headRepo = :baseRepo
+	// 2. If :headOwner is set - then look for the fork of :baseRepo owned by :headOwner
+	// 3. But... :baseRepo could be a fork of :headOwner's repo - so check that
+	// 4. Now, :baseRepo and :headRepos could be forks of the same repo - so check that
+	//
+	// format: <base branch>...[<head repo>:]<head branch>
+	// base<-head: master...head:feature
+	// same repo: master...feature
+
+	var (
+		headUser   *models.User
+		headRepo   *models.Repository
+		headBranch string
+		isSameRepo bool
+		infoPath   string
+		err        error
+	)
+	infoPath = ctx.Params("*")
+	infos := strings.SplitN(infoPath, "...", 2)
+	if len(infos) != 2 {
+		log.Trace("ParseCompareInfo[%d]: not enough compared branches information %s", baseRepo.ID, infos)
+		ctx.NotFound("CompareAndPullRequest", nil)
+		return nil, nil, nil, nil, "", ""
+	}
+
+	ctx.Data["BaseName"] = baseRepo.OwnerName
+	baseBranch := infos[0]
+	ctx.Data["BaseBranch"] = baseBranch
+
+	// If there is no head repository, it means compare between same repository.
+	headInfos := strings.Split(infos[1], ":")
+	if len(headInfos) == 1 {
+		isSameRepo = true
+		headUser = ctx.Repo.Owner
+		headBranch = headInfos[0]
+
+	} else if len(headInfos) == 2 {
+		headInfosSplit := strings.Split(headInfos[0], "/")
+		if len(headInfosSplit) == 1 {
+			headUser, err = models.GetUserByName(headInfos[0])
+			if err != nil {
+				if models.IsErrUserNotExist(err) {
+					ctx.NotFound("GetUserByName", nil)
+				} else {
+					ctx.ServerError("GetUserByName", err)
+				}
+				return nil, nil, nil, nil, "", ""
+			}
+			headBranch = headInfos[1]
+			isSameRepo = headUser.ID == ctx.Repo.Owner.ID
+			if isSameRepo {
+				headRepo = baseRepo
+			}
+		} else {
+			headRepo, err = models.GetRepositoryByOwnerAndName(headInfosSplit[0], headInfosSplit[1])
+			if err != nil {
+				if models.IsErrRepoNotExist(err) {
+					ctx.NotFound("GetRepositoryByOwnerAndName", nil)
+				} else {
+					ctx.ServerError("GetRepositoryByOwnerAndName", err)
+				}
+				return nil, nil, nil, nil, "", ""
+			}
+			if err := headRepo.GetOwner(); err != nil {
+				if models.IsErrUserNotExist(err) {
+					ctx.NotFound("GetUserByName", nil)
+				} else {
+					ctx.ServerError("GetUserByName", err)
+				}
+				return nil, nil, nil, nil, "", ""
+			}
+			headBranch = headInfos[1]
+			headUser = headRepo.Owner
+			isSameRepo = headRepo.ID == ctx.Repo.Repository.ID
+		}
+	} else {
+		ctx.NotFound("CompareAndPullRequest", nil)
+		return nil, nil, nil, nil, "", ""
+	}
+	ctx.Data["HeadUser"] = headUser
+	ctx.Data["HeadBranch"] = headBranch
+	ctx.Repo.PullRequest.SameRepo = isSameRepo
+
+	// Check if base branch is valid.
+	baseIsCommit := ctx.Repo.GitRepo.IsCommitExist(baseBranch)
+	baseIsBranch := ctx.Repo.GitRepo.IsBranchExist(baseBranch)
+	baseIsTag := ctx.Repo.GitRepo.IsTagExist(baseBranch)
+	if !baseIsCommit && !baseIsBranch && !baseIsTag {
+		// Check if baseBranch is short sha commit hash
+		if baseCommit, _ := ctx.Repo.GitRepo.GetCommit(baseBranch); baseCommit != nil {
+			baseBranch = baseCommit.ID.String()
+			ctx.Data["BaseBranch"] = baseBranch
+			baseIsCommit = true
+		} else {
+			ctx.NotFound("IsRefExist", nil)
+			return nil, nil, nil, nil, "", ""
+		}
+	}
+	ctx.Data["BaseIsCommit"] = baseIsCommit
+	ctx.Data["BaseIsBranch"] = baseIsBranch
+	ctx.Data["BaseIsTag"] = baseIsTag
+	ctx.Data["IsPull"] = true
+
+	// Now we have the repository that represents the base
+
+	// The current base and head repositories and branches may not
+	// actually be the intended branches that the user wants to
+	// create a pull-request from - but also determining the head
+	// repo is difficult.
+
+	// We will want therefore to offer a few repositories to set as
+	// our base and head
+
+	// 1. First if the baseRepo is a fork get the "RootRepo" it was
+	// forked from
+	var rootRepo *models.Repository
+	if baseRepo.IsFork {
+		err = baseRepo.GetBaseRepo()
+		if err != nil {
+			if !models.IsErrRepoNotExist(err) {
+				ctx.ServerError("Unable to find root repo", err)
+				return nil, nil, nil, nil, "", ""
+			}
+		} else {
+			rootRepo = baseRepo.BaseRepo
+		}
+	}
+
+	// 2. Now if the current user is not the owner of the baseRepo,
+	// check if they have a fork of the base repo and offer that as
+	// "OwnForkRepo"
+	var ownForkRepo *models.Repository
+	if ctx.User != nil && baseRepo.OwnerID != ctx.User.ID {
+		repo, has := models.HasForkedRepo(ctx.User.ID, baseRepo.ID)
+		if has {
+			ownForkRepo = repo
+			ctx.Data["OwnForkRepo"] = ownForkRepo
+		}
+	}
+
+	has := headRepo != nil
+	// 3. If the base is a forked from "RootRepo" and the owner of
+	// the "RootRepo" is the :headUser - set headRepo to that
+	if !has && rootRepo != nil && rootRepo.OwnerID == headUser.ID {
+		headRepo = rootRepo
+		has = true
+	}
+
+	// 4. If the ctx.User has their own fork of the baseRepo and the headUser is the ctx.User
+	// set the headRepo to the ownFork
+	if !has && ownForkRepo != nil && ownForkRepo.OwnerID == headUser.ID {
+		headRepo = ownForkRepo
+		has = true
+	}
+
+	// 5. If the headOwner has a fork of the baseRepo - use that
+	if !has {
+		headRepo, has = models.HasForkedRepo(headUser.ID, baseRepo.ID)
+	}
+
+	// 6. If the baseRepo is a fork and the headUser has a fork of that use that
+	if !has && baseRepo.IsFork {
+		headRepo, has = models.HasForkedRepo(headUser.ID, baseRepo.ForkID)
+	}
+
+	// 7. Otherwise if we're not the same repo and haven't found a repo give up
+	if !isSameRepo && !has {
+		ctx.Data["PageIsComparePull"] = false
+	}
+
+	// 8. Finally open the git repo
+	var headGitRepo *git.Repository
+	if isSameRepo {
+		headRepo = ctx.Repo.Repository
+		headGitRepo = ctx.Repo.GitRepo
+	} else if has {
+		headGitRepo, err = git.OpenRepository(headRepo.RepoPath())
+		if err != nil {
+			ctx.ServerError("OpenRepository", err)
+			return nil, nil, nil, nil, "", ""
+		}
+		defer headGitRepo.Close()
+	}
+
+	ctx.Data["HeadRepo"] = headRepo
+
+	// Now we need to assert that the ctx.User has permission to read
+	// the baseRepo's code and pulls
+	// (NOT headRepo's)
+	permBase, err := models.GetUserRepoPermission(baseRepo, ctx.User)
+	if err != nil {
+		ctx.ServerError("GetUserRepoPermission", err)
+		return nil, nil, nil, nil, "", ""
+	}
+	if !permBase.CanRead(models.UnitTypeCode) {
+		if log.IsTrace() {
+			log.Trace("Permission Denied: User: %-v cannot read code in Repo: %-v\nUser in baseRepo has Permissions: %-+v",
+				ctx.User,
+				baseRepo,
+				permBase)
+		}
+		ctx.NotFound("ParseCompareInfo", nil)
+		return nil, nil, nil, nil, "", ""
+	}
+
+	// If we're not merging from the same repo:
+	if !isSameRepo {
+		// Assert ctx.User has permission to read headRepo's codes
+		permHead, err := models.GetUserRepoPermission(headRepo, ctx.User)
+		if err != nil {
+			ctx.ServerError("GetUserRepoPermission", err)
+			return nil, nil, nil, nil, "", ""
+		}
+		if !permHead.CanRead(models.UnitTypeCode) {
+			if log.IsTrace() {
+				log.Trace("Permission Denied: User: %-v cannot read code in Repo: %-v\nUser in headRepo has Permissions: %-+v",
+					ctx.User,
+					headRepo,
+					permHead)
+			}
+			ctx.NotFound("ParseCompareInfo", nil)
+			return nil, nil, nil, nil, "", ""
+		}
+	}
+
+	// If we have a rootRepo and it's different from:
+	// 1. the computed base
+	// 2. the computed head
+	// then get the branches of it
+	if rootRepo != nil &&
+		rootRepo.ID != headRepo.ID &&
+		rootRepo.ID != baseRepo.ID {
+		perm, branches, tags, err := getBranchesAndTagsForRepo(ctx.User, rootRepo)
+		if err != nil {
+			ctx.ServerError("GetBranchesForRepo", err)
+			return nil, nil, nil, nil, "", ""
+		}
+		if perm {
+			ctx.Data["RootRepo"] = rootRepo
+			ctx.Data["RootRepoBranches"] = branches
+			ctx.Data["RootRepoTags"] = tags
+		}
+	}
+
+	// If we have a ownForkRepo and it's different from:
+	// 1. The computed base
+	// 2. The computed head
+	// 3. The rootRepo (if we have one)
+	// then get the branches from it.
+	if ownForkRepo != nil &&
+		ownForkRepo.ID != headRepo.ID &&
+		ownForkRepo.ID != baseRepo.ID &&
+		(rootRepo == nil || ownForkRepo.ID != rootRepo.ID) {
+		perm, branches, tags, err := getBranchesAndTagsForRepo(ctx.User, ownForkRepo)
+		if err != nil {
+			ctx.ServerError("GetBranchesForRepo", err)
+			return nil, nil, nil, nil, "", ""
+		}
+		if perm {
+			ctx.Data["OwnForkRepo"] = ownForkRepo
+			ctx.Data["OwnForkRepoBranches"] = branches
+			ctx.Data["OwnForkRepoTags"] = tags
+		}
+	}
+
+	// Check if head branch is valid.
+	headIsCommit := headGitRepo.IsCommitExist(headBranch)
+	headIsBranch := headGitRepo.IsBranchExist(headBranch)
+	headIsTag := headGitRepo.IsTagExist(headBranch)
+	if !headIsCommit && !headIsBranch && !headIsTag {
+		// Check if headBranch is short sha commit hash
+		if headCommit, _ := headGitRepo.GetCommit(headBranch); headCommit != nil {
+			headBranch = headCommit.ID.String()
+			ctx.Data["HeadBranch"] = headBranch
+			headIsCommit = true
+		} else {
+			ctx.NotFound("IsRefExist", nil)
+			return nil, nil, nil, nil, "", ""
+		}
+	}
+	ctx.Data["HeadIsCommit"] = headIsCommit
+	ctx.Data["HeadIsBranch"] = headIsBranch
+	ctx.Data["HeadIsTag"] = headIsTag
+
+	// Treat as pull request if both references are branches
+	if ctx.Data["PageIsComparePull"] == nil {
+		ctx.Data["PageIsComparePull"] = headIsBranch && baseIsBranch
+	}
+
+	if ctx.Data["PageIsComparePull"] == true && !permBase.CanReadIssuesOrPulls(true) {
+		if log.IsTrace() {
+			log.Trace("Permission Denied: User: %-v cannot create/read pull requests in Repo: %-v\nUser in baseRepo has Permissions: %-+v",
+				ctx.User,
+				baseRepo,
+				permBase)
+		}
+		ctx.NotFound("ParseCompareInfo", nil)
+		return nil, nil, nil, nil, "", ""
+	}
+
+	baseBranchRef := baseBranch
+	if baseIsBranch {
+		baseBranchRef = git.BranchPrefix + baseBranch
+	} else if baseIsTag {
+		baseBranchRef = git.TagPrefix + baseBranch
+	}
+	headBranchRef := headBranch
+	if headIsBranch {
+		headBranchRef = git.BranchPrefix + headBranch
+	} else if headIsTag {
+		headBranchRef = git.TagPrefix + headBranch
+	}
+
+	compareInfo, err := headGitRepo.GetCompareInfo(baseRepo.RepoPath(), baseBranchRef, headBranchRef)
+	if err != nil {
+		ctx.ServerError("GetCompareInfo", err)
+		return nil, nil, nil, nil, "", ""
+	}
+	ctx.Data["BeforeCommitID"] = compareInfo.MergeBase
+
+	return headUser, headRepo, headGitRepo, compareInfo, baseBranch, headBranch
+}
+
+// PrepareCompareDiff renders compare diff page
+func PrepareCompareDiff(
+	ctx *context.Context,
+	headUser *models.User,
+	headRepo *models.Repository,
+	headGitRepo *git.Repository,
+	compareInfo *git.CompareInfo,
+	baseBranch, headBranch string,
+	whitespaceBehavior string) bool {
+
+	var (
+		repo  = ctx.Repo.Repository
+		err   error
+		title string
+	)
+
+	// Get diff information.
+	ctx.Data["CommitRepoLink"] = headRepo.Link()
+
+	headCommitID := compareInfo.HeadCommitID
+
+	ctx.Data["AfterCommitID"] = headCommitID
+
+	if headCommitID == compareInfo.MergeBase {
+		ctx.Data["IsNothingToCompare"] = true
+		if unit, err := repo.GetUnit(models.UnitTypePullRequests); err == nil {
+			config := unit.PullRequestsConfig()
+
+			if !config.AutodetectManualMerge {
+				allowEmptyPr := !(baseBranch == headBranch && ctx.Repo.Repository.Name == headRepo.Name)
+				ctx.Data["AllowEmptyPr"] = allowEmptyPr
+
+				return !allowEmptyPr
+			}
+
+			ctx.Data["AllowEmptyPr"] = false
+		}
+		return true
+	}
+
+	diff, err := gitdiff.GetDiffRangeWithWhitespaceBehavior(models.RepoPath(headUser.Name, headRepo.Name),
+		compareInfo.MergeBase, headCommitID, setting.Git.MaxGitDiffLines,
+		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles, whitespaceBehavior)
+	if err != nil {
+		ctx.ServerError("GetDiffRangeWithWhitespaceBehavior", err)
+		return false
+	}
+	ctx.Data["Diff"] = diff
+	ctx.Data["DiffNotAvailable"] = diff.NumFiles == 0
+
+	headCommit, err := headGitRepo.GetCommit(headCommitID)
+	if err != nil {
+		ctx.ServerError("GetCommit", err)
+		return false
+	}
+
+	baseGitRepo := ctx.Repo.GitRepo
+	baseCommitID := compareInfo.BaseCommitID
+
+	baseCommit, err := baseGitRepo.GetCommit(baseCommitID)
+	if err != nil {
+		ctx.ServerError("GetCommit", err)
+		return false
+	}
+
+	compareInfo.Commits = models.ValidateCommitsWithEmails(compareInfo.Commits)
+	compareInfo.Commits = models.ParseCommitsWithSignature(compareInfo.Commits, headRepo)
+	compareInfo.Commits = models.ParseCommitsWithStatus(compareInfo.Commits, headRepo)
+	ctx.Data["Commits"] = compareInfo.Commits
+	ctx.Data["CommitCount"] = compareInfo.Commits.Len()
+
+	if compareInfo.Commits.Len() == 1 {
+		c := compareInfo.Commits.Front().Value.(models.SignCommitWithStatuses)
+		title = strings.TrimSpace(c.UserCommit.Summary())
+
+		body := strings.Split(strings.TrimSpace(c.UserCommit.Message()), "\n")
+		if len(body) > 1 {
+			ctx.Data["content"] = strings.Join(body[1:], "\n")
+		}
+	} else {
+		title = headBranch
+	}
+	ctx.Data["title"] = title
+	ctx.Data["Username"] = headUser.Name
+	ctx.Data["Reponame"] = headRepo.Name
+
+	headTarget := path.Join(headUser.Name, repo.Name)
+	setCompareContext(ctx, baseCommit, headCommit, headTarget)
+
+	return false
+}
+
+func getBranchesAndTagsForRepo(user *models.User, repo *models.Repository) (bool, []string, []string, error) {
+	perm, err := models.GetUserRepoPermission(repo, user)
+	if err != nil {
+		return false, nil, nil, err
+	}
+	if !perm.CanRead(models.UnitTypeCode) {
+		return false, nil, nil, nil
+	}
+	gitRepo, err := git.OpenRepository(repo.RepoPath())
+	if err != nil {
+		return false, nil, nil, err
+	}
+	defer gitRepo.Close()
+
+	branches, _, err := gitRepo.GetBranches(0, 0)
+	if err != nil {
+		return false, nil, nil, err
+	}
+	tags, err := gitRepo.GetTags()
+	if err != nil {
+		return false, nil, nil, err
+	}
+	return true, branches, tags, nil
+}
+
+// CompareDiff show different from one commit to another commit
+func CompareDiff(ctx *context.Context) {
+	headUser, headRepo, headGitRepo, compareInfo, baseBranch, headBranch := ParseCompareInfo(ctx)
+
+	if ctx.Written() {
+		return
+	}
+	defer headGitRepo.Close()
+
+	nothingToCompare := PrepareCompareDiff(ctx, headUser, headRepo, headGitRepo, compareInfo, baseBranch, headBranch,
+		gitdiff.GetWhitespaceFlag(ctx.Data["WhitespaceBehavior"].(string)))
+	if ctx.Written() {
+		return
+	}
+
+	baseGitRepo := ctx.Repo.GitRepo
+	baseTags, err := baseGitRepo.GetTags()
+	if err != nil {
+		ctx.ServerError("GetTags", err)
+		return
+	}
+	ctx.Data["Tags"] = baseTags
+
+	headBranches, _, err := headGitRepo.GetBranches(0, 0)
+	if err != nil {
+		ctx.ServerError("GetBranches", err)
+		return
+	}
+	ctx.Data["HeadBranches"] = headBranches
+
+	headTags, err := headGitRepo.GetTags()
+	if err != nil {
+		ctx.ServerError("GetTags", err)
+		return
+	}
+	ctx.Data["HeadTags"] = headTags
+
+	if ctx.Data["PageIsComparePull"] == true {
+		pr, err := models.GetUnmergedPullRequest(headRepo.ID, ctx.Repo.Repository.ID, headBranch, baseBranch)
+		if err != nil {
+			if !models.IsErrPullRequestNotExist(err) {
+				ctx.ServerError("GetUnmergedPullRequest", err)
+				return
+			}
+		} else {
+			ctx.Data["HasPullRequest"] = true
+			ctx.Data["PullRequest"] = pr
+			ctx.HTML(http.StatusOK, tplCompareDiff)
+			return
+		}
+
+		if !nothingToCompare {
+			// Setup information for new form.
+			RetrieveRepoMetas(ctx, ctx.Repo.Repository, true)
+			if ctx.Written() {
+				return
+			}
+		}
+	}
+	beforeCommitID := ctx.Data["BeforeCommitID"].(string)
+	afterCommitID := ctx.Data["AfterCommitID"].(string)
+
+	ctx.Data["Title"] = "Comparing " + base.ShortSha(beforeCommitID) + "..." + base.ShortSha(afterCommitID)
+
+	ctx.Data["IsRepoToolbarCommits"] = true
+	ctx.Data["IsDiffCompare"] = true
+	ctx.Data["RequireTribute"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["PullRequestWorkInProgressPrefixes"] = setting.Repository.PullRequest.WorkInProgressPrefixes
+	setTemplateIfExists(ctx, pullRequestTemplateKey, nil, pullRequestTemplateCandidates)
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	upload.AddUploadContext(ctx, "comment")
+
+	ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(models.UnitTypePullRequests)
+
+	ctx.HTML(http.StatusOK, tplCompare)
+}
+
+// ExcerptBlob render blob excerpt contents
+func ExcerptBlob(ctx *context.Context) {
+	commitID := ctx.Params("sha")
+	lastLeft := ctx.QueryInt("last_left")
+	lastRight := ctx.QueryInt("last_right")
+	idxLeft := ctx.QueryInt("left")
+	idxRight := ctx.QueryInt("right")
+	leftHunkSize := ctx.QueryInt("left_hunk_size")
+	rightHunkSize := ctx.QueryInt("right_hunk_size")
+	anchor := ctx.Query("anchor")
+	direction := ctx.Query("direction")
+	filePath := ctx.Query("path")
+	gitRepo := ctx.Repo.GitRepo
+	chunkSize := gitdiff.BlobExcerptChunkSize
+	commit, err := gitRepo.GetCommit(commitID)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetCommit")
+		return
+	}
+	section := &gitdiff.DiffSection{
+		FileName: filePath,
+		Name:     filePath,
+	}
+	if direction == "up" && (idxLeft-lastLeft) > chunkSize {
+		idxLeft -= chunkSize
+		idxRight -= chunkSize
+		leftHunkSize += chunkSize
+		rightHunkSize += chunkSize
+		section.Lines, err = getExcerptLines(commit, filePath, idxLeft-1, idxRight-1, chunkSize)
+	} else if direction == "down" && (idxLeft-lastLeft) > chunkSize {
+		section.Lines, err = getExcerptLines(commit, filePath, lastLeft, lastRight, chunkSize)
+		lastLeft += chunkSize
+		lastRight += chunkSize
+	} else {
+		section.Lines, err = getExcerptLines(commit, filePath, lastLeft, lastRight, idxRight-lastRight-1)
+		leftHunkSize = 0
+		rightHunkSize = 0
+		idxLeft = lastLeft
+		idxRight = lastRight
+	}
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "getExcerptLines")
+		return
+	}
+	if idxRight > lastRight {
+		lineText := " "
+		if rightHunkSize > 0 || leftHunkSize > 0 {
+			lineText = fmt.Sprintf("@@ -%d,%d +%d,%d @@\n", idxLeft, leftHunkSize, idxRight, rightHunkSize)
+		}
+		lineText = html.EscapeString(lineText)
+		lineSection := &gitdiff.DiffLine{
+			Type:    gitdiff.DiffLineSection,
+			Content: lineText,
+			SectionInfo: &gitdiff.DiffLineSectionInfo{
+				Path:          filePath,
+				LastLeftIdx:   lastLeft,
+				LastRightIdx:  lastRight,
+				LeftIdx:       idxLeft,
+				RightIdx:      idxRight,
+				LeftHunkSize:  leftHunkSize,
+				RightHunkSize: rightHunkSize,
+			}}
+		if direction == "up" {
+			section.Lines = append([]*gitdiff.DiffLine{lineSection}, section.Lines...)
+		} else if direction == "down" {
+			section.Lines = append(section.Lines, lineSection)
+		}
+	}
+	ctx.Data["section"] = section
+	ctx.Data["fileName"] = filePath
+	ctx.Data["AfterCommitID"] = commitID
+	ctx.Data["Anchor"] = anchor
+	ctx.HTML(http.StatusOK, tplBlobExcerpt)
+}
+
+func getExcerptLines(commit *git.Commit, filePath string, idxLeft int, idxRight int, chunkSize int) ([]*gitdiff.DiffLine, error) {
+	blob, err := commit.Tree.GetBlobByPath(filePath)
+	if err != nil {
+		return nil, err
+	}
+	reader, err := blob.DataAsync()
+	if err != nil {
+		return nil, err
+	}
+	defer reader.Close()
+	scanner := bufio.NewScanner(reader)
+	var diffLines []*gitdiff.DiffLine
+	for line := 0; line < idxRight+chunkSize; line++ {
+		if ok := scanner.Scan(); !ok {
+			break
+		}
+		if line < idxRight {
+			continue
+		}
+		lineText := scanner.Text()
+		diffLine := &gitdiff.DiffLine{
+			LeftIdx:  idxLeft + (line - idxRight) + 1,
+			RightIdx: line + 1,
+			Type:     gitdiff.DiffLinePlain,
+			Content:  " " + lineText,
+		}
+		diffLines = append(diffLines, diffLine)
+	}
+	return diffLines, nil
+}

routers/web/repo/download.go

@@ -0,0 +1,131 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/httpcache"
+	"code.gitea.io/gitea/modules/lfs"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/routers/common"
+)
+
+// ServeBlobOrLFS download a git.Blob redirecting to LFS if necessary
+func ServeBlobOrLFS(ctx *context.Context, blob *git.Blob) error {
+	if httpcache.HandleGenericETagCache(ctx.Req, ctx.Resp, `"`+blob.ID.String()+`"`) {
+		return nil
+	}
+
+	dataRc, err := blob.DataAsync()
+	if err != nil {
+		return err
+	}
+	closed := false
+	defer func() {
+		if closed {
+			return
+		}
+		if err = dataRc.Close(); err != nil {
+			log.Error("ServeBlobOrLFS: Close: %v", err)
+		}
+	}()
+
+	pointer, _ := lfs.ReadPointer(dataRc)
+	if pointer.IsValid() {
+		meta, _ := ctx.Repo.Repository.GetLFSMetaObjectByOid(pointer.Oid)
+		if meta == nil {
+			if err = dataRc.Close(); err != nil {
+				log.Error("ServeBlobOrLFS: Close: %v", err)
+			}
+			closed = true
+			return common.ServeBlob(ctx, blob)
+		}
+		if httpcache.HandleGenericETagCache(ctx.Req, ctx.Resp, `"`+pointer.Oid+`"`) {
+			return nil
+		}
+		lfsDataRc, err := lfs.ReadMetaObject(meta.Pointer)
+		if err != nil {
+			return err
+		}
+		defer func() {
+			if err = lfsDataRc.Close(); err != nil {
+				log.Error("ServeBlobOrLFS: Close: %v", err)
+			}
+		}()
+		return common.ServeData(ctx, ctx.Repo.TreePath, meta.Size, lfsDataRc)
+	}
+	if err = dataRc.Close(); err != nil {
+		log.Error("ServeBlobOrLFS: Close: %v", err)
+	}
+	closed = true
+
+	return common.ServeBlob(ctx, blob)
+}
+
+// SingleDownload download a file by repos path
+func SingleDownload(ctx *context.Context) {
+	blob, err := ctx.Repo.Commit.GetBlobByPath(ctx.Repo.TreePath)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound("GetBlobByPath", nil)
+		} else {
+			ctx.ServerError("GetBlobByPath", err)
+		}
+		return
+	}
+	if err = common.ServeBlob(ctx, blob); err != nil {
+		ctx.ServerError("ServeBlob", err)
+	}
+}
+
+// SingleDownloadOrLFS download a file by repos path redirecting to LFS if necessary
+func SingleDownloadOrLFS(ctx *context.Context) {
+	blob, err := ctx.Repo.Commit.GetBlobByPath(ctx.Repo.TreePath)
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound("GetBlobByPath", nil)
+		} else {
+			ctx.ServerError("GetBlobByPath", err)
+		}
+		return
+	}
+	if err = ServeBlobOrLFS(ctx, blob); err != nil {
+		ctx.ServerError("ServeBlobOrLFS", err)
+	}
+}
+
+// DownloadByID download a file by sha1 ID
+func DownloadByID(ctx *context.Context) {
+	blob, err := ctx.Repo.GitRepo.GetBlob(ctx.Params("sha"))
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound("GetBlob", nil)
+		} else {
+			ctx.ServerError("GetBlob", err)
+		}
+		return
+	}
+	if err = common.ServeBlob(ctx, blob); err != nil {
+		ctx.ServerError("ServeBlob", err)
+	}
+}
+
+// DownloadByIDOrLFS download a file by sha1 ID taking account of LFS
+func DownloadByIDOrLFS(ctx *context.Context) {
+	blob, err := ctx.Repo.GitRepo.GetBlob(ctx.Params("sha"))
+	if err != nil {
+		if git.IsErrNotExist(err) {
+			ctx.NotFound("GetBlob", nil)
+		} else {
+			ctx.ServerError("GetBlob", err)
+		}
+		return
+	}
+	if err = ServeBlobOrLFS(ctx, blob); err != nil {
+		ctx.ServerError("ServeBlob", err)
+	}
+}

routers/web/repo/editor.go

@@ -0,0 +1,831 @@
+// Copyright 2016 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"path"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/charset"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/repofiles"
+	repo_module "code.gitea.io/gitea/modules/repository"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/typesniffer"
+	"code.gitea.io/gitea/modules/upload"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/routers/utils"
+	"code.gitea.io/gitea/services/forms"
+	jsoniter "github.com/json-iterator/go"
+)
+
+const (
+	tplEditFile        base.TplName = "repo/editor/edit"
+	tplEditDiffPreview base.TplName = "repo/editor/diff_preview"
+	tplDeleteFile      base.TplName = "repo/editor/delete"
+	tplUploadFile      base.TplName = "repo/editor/upload"
+
+	frmCommitChoiceDirect    string = "direct"
+	frmCommitChoiceNewBranch string = "commit-to-new-branch"
+)
+
+func renderCommitRights(ctx *context.Context) bool {
+	canCommitToBranch, err := ctx.Repo.CanCommitToBranch(ctx.User)
+	if err != nil {
+		log.Error("CanCommitToBranch: %v", err)
+	}
+	ctx.Data["CanCommitToBranch"] = canCommitToBranch
+
+	return canCommitToBranch.CanCommitToBranch
+}
+
+// getParentTreeFields returns list of parent tree names and corresponding tree paths
+// based on given tree path.
+func getParentTreeFields(treePath string) (treeNames []string, treePaths []string) {
+	if len(treePath) == 0 {
+		return treeNames, treePaths
+	}
+
+	treeNames = strings.Split(treePath, "/")
+	treePaths = make([]string, len(treeNames))
+	for i := range treeNames {
+		treePaths[i] = strings.Join(treeNames[:i+1], "/")
+	}
+	return treeNames, treePaths
+}
+
+func editFile(ctx *context.Context, isNewFile bool) {
+	ctx.Data["PageIsEdit"] = true
+	ctx.Data["IsNewFile"] = isNewFile
+	ctx.Data["RequireHighlightJS"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	canCommit := renderCommitRights(ctx)
+
+	treePath := cleanUploadFileName(ctx.Repo.TreePath)
+	if treePath != ctx.Repo.TreePath {
+		if isNewFile {
+			ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_new", util.PathEscapeSegments(ctx.Repo.BranchName), util.PathEscapeSegments(treePath)))
+		} else {
+			ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_edit", util.PathEscapeSegments(ctx.Repo.BranchName), util.PathEscapeSegments(treePath)))
+		}
+		return
+	}
+
+	treeNames, treePaths := getParentTreeFields(ctx.Repo.TreePath)
+
+	if !isNewFile {
+		entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+		if err != nil {
+			ctx.NotFoundOrServerError("GetTreeEntryByPath", git.IsErrNotExist, err)
+			return
+		}
+
+		// No way to edit a directory online.
+		if entry.IsDir() {
+			ctx.NotFound("entry.IsDir", nil)
+			return
+		}
+
+		blob := entry.Blob()
+		if blob.Size() >= setting.UI.MaxDisplayFileSize {
+			ctx.NotFound("blob.Size", err)
+			return
+		}
+
+		dataRc, err := blob.DataAsync()
+		if err != nil {
+			ctx.NotFound("blob.Data", err)
+			return
+		}
+
+		defer dataRc.Close()
+
+		ctx.Data["FileSize"] = blob.Size()
+		ctx.Data["FileName"] = blob.Name()
+
+		buf := make([]byte, 1024)
+		n, _ := dataRc.Read(buf)
+		buf = buf[:n]
+
+		// Only some file types are editable online as text.
+		if !typesniffer.DetectContentType(buf).IsRepresentableAsText() {
+			ctx.NotFound("typesniffer.IsRepresentableAsText", nil)
+			return
+		}
+
+		d, _ := ioutil.ReadAll(dataRc)
+		if err := dataRc.Close(); err != nil {
+			log.Error("Error whilst closing blob data: %v", err)
+		}
+
+		buf = append(buf, d...)
+		if content, err := charset.ToUTF8WithErr(buf); err != nil {
+			log.Error("ToUTF8WithErr: %v", err)
+			ctx.Data["FileContent"] = string(buf)
+		} else {
+			ctx.Data["FileContent"] = content
+		}
+	} else {
+		treeNames = append(treeNames, "") // Append empty string to allow user name the new file.
+	}
+
+	ctx.Data["TreeNames"] = treeNames
+	ctx.Data["TreePaths"] = treePaths
+	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+	ctx.Data["commit_summary"] = ""
+	ctx.Data["commit_message"] = ""
+	if canCommit {
+		ctx.Data["commit_choice"] = frmCommitChoiceDirect
+	} else {
+		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+	}
+	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx)
+	ctx.Data["last_commit"] = ctx.Repo.CommitID
+	ctx.Data["MarkdownFileExts"] = strings.Join(setting.Markdown.FileExtensions, ",")
+	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
+	ctx.Data["PreviewableFileModes"] = strings.Join(setting.Repository.Editor.PreviewableFileModes, ",")
+	ctx.Data["Editorconfig"] = GetEditorConfig(ctx, treePath)
+
+	ctx.HTML(http.StatusOK, tplEditFile)
+}
+
+// GetEditorConfig returns a editorconfig JSON string for given treePath or "null"
+func GetEditorConfig(ctx *context.Context, treePath string) string {
+	ec, err := ctx.Repo.GetEditorconfig()
+	if err == nil {
+		def, err := ec.GetDefinitionForFilename(treePath)
+		if err == nil {
+			json := jsoniter.ConfigCompatibleWithStandardLibrary
+			jsonStr, _ := json.Marshal(def)
+			return string(jsonStr)
+		}
+	}
+	return "null"
+}
+
+// EditFile render edit file page
+func EditFile(ctx *context.Context) {
+	editFile(ctx, false)
+}
+
+// NewFile render create file page
+func NewFile(ctx *context.Context) {
+	editFile(ctx, true)
+}
+
+func editFilePost(ctx *context.Context, form forms.EditRepoFileForm, isNewFile bool) {
+	canCommit := renderCommitRights(ctx)
+	treeNames, treePaths := getParentTreeFields(form.TreePath)
+	branchName := ctx.Repo.BranchName
+	if form.CommitChoice == frmCommitChoiceNewBranch {
+		branchName = form.NewBranchName
+	}
+
+	ctx.Data["PageIsEdit"] = true
+	ctx.Data["PageHasPosted"] = true
+	ctx.Data["IsNewFile"] = isNewFile
+	ctx.Data["RequireHighlightJS"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["TreePath"] = form.TreePath
+	ctx.Data["TreeNames"] = treeNames
+	ctx.Data["TreePaths"] = treePaths
+	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/branch/" + ctx.Repo.BranchName
+	ctx.Data["FileContent"] = form.Content
+	ctx.Data["commit_summary"] = form.CommitSummary
+	ctx.Data["commit_message"] = form.CommitMessage
+	ctx.Data["commit_choice"] = form.CommitChoice
+	ctx.Data["new_branch_name"] = form.NewBranchName
+	ctx.Data["last_commit"] = ctx.Repo.CommitID
+	ctx.Data["MarkdownFileExts"] = strings.Join(setting.Markdown.FileExtensions, ",")
+	ctx.Data["LineWrapExtensions"] = strings.Join(setting.Repository.Editor.LineWrapExtensions, ",")
+	ctx.Data["PreviewableFileModes"] = strings.Join(setting.Repository.Editor.PreviewableFileModes, ",")
+	ctx.Data["Editorconfig"] = GetEditorConfig(ctx, form.TreePath)
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplEditFile)
+		return
+	}
+
+	// Cannot commit to a an existing branch if user doesn't have rights
+	if branchName == ctx.Repo.BranchName && !canCommit {
+		ctx.Data["Err_NewBranchName"] = true
+		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplEditFile, &form)
+		return
+	}
+
+	// CommitSummary is optional in the web form, if empty, give it a default message based on add or update
+	// `message` will be both the summary and message combined
+	message := strings.TrimSpace(form.CommitSummary)
+	if len(message) == 0 {
+		if isNewFile {
+			message = ctx.Tr("repo.editor.add", form.TreePath)
+		} else {
+			message = ctx.Tr("repo.editor.update", form.TreePath)
+		}
+	}
+	form.CommitMessage = strings.TrimSpace(form.CommitMessage)
+	if len(form.CommitMessage) > 0 {
+		message += "\n\n" + form.CommitMessage
+	}
+
+	if _, err := repofiles.CreateOrUpdateRepoFile(ctx.Repo.Repository, ctx.User, &repofiles.UpdateRepoFileOptions{
+		LastCommitID: form.LastCommit,
+		OldBranch:    ctx.Repo.BranchName,
+		NewBranch:    branchName,
+		FromTreePath: ctx.Repo.TreePath,
+		TreePath:     form.TreePath,
+		Message:      message,
+		Content:      strings.ReplaceAll(form.Content, "\r", ""),
+		IsNewFile:    isNewFile,
+		Signoff:      form.Signoff,
+	}); err != nil {
+		// This is where we handle all the errors thrown by repofiles.CreateOrUpdateRepoFile
+		if git.IsErrNotExist(err) {
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_editing_no_longer_exists", ctx.Repo.TreePath), tplEditFile, &form)
+		} else if models.IsErrLFSFileLocked(err) {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.upload_file_is_locked", err.(models.ErrLFSFileLocked).Path, err.(models.ErrLFSFileLocked).UserName), tplEditFile, &form)
+		} else if models.IsErrFilenameInvalid(err) {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.filename_is_invalid", form.TreePath), tplEditFile, &form)
+		} else if models.IsErrFilePathInvalid(err) {
+			ctx.Data["Err_TreePath"] = true
+			if fileErr, ok := err.(models.ErrFilePathInvalid); ok {
+				switch fileErr.Type {
+				case git.EntryModeSymlink:
+					ctx.RenderWithErr(ctx.Tr("repo.editor.file_is_a_symlink", fileErr.Path), tplEditFile, &form)
+				case git.EntryModeTree:
+					ctx.RenderWithErr(ctx.Tr("repo.editor.filename_is_a_directory", fileErr.Path), tplEditFile, &form)
+				case git.EntryModeBlob:
+					ctx.RenderWithErr(ctx.Tr("repo.editor.directory_is_a_file", fileErr.Path), tplEditFile, &form)
+				default:
+					ctx.Error(http.StatusInternalServerError, err.Error())
+				}
+			} else {
+				ctx.Error(http.StatusInternalServerError, err.Error())
+			}
+		} else if models.IsErrRepoFileAlreadyExists(err) {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_already_exists", form.TreePath), tplEditFile, &form)
+		} else if git.IsErrBranchNotExist(err) {
+			// For when a user adds/updates a file to a branch that no longer exists
+			if branchErr, ok := err.(git.ErrBranchNotExist); ok {
+				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_does_not_exist", branchErr.Name), tplEditFile, &form)
+			} else {
+				ctx.Error(http.StatusInternalServerError, err.Error())
+			}
+		} else if models.IsErrBranchAlreadyExists(err) {
+			// For when a user specifies a new branch that already exists
+			ctx.Data["Err_NewBranchName"] = true
+			if branchErr, ok := err.(models.ErrBranchAlreadyExists); ok {
+				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchErr.BranchName), tplEditFile, &form)
+			} else {
+				ctx.Error(http.StatusInternalServerError, err.Error())
+			}
+		} else if models.IsErrCommitIDDoesNotMatch(err) {
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+ctx.Repo.CommitID), tplEditFile, &form)
+		} else if git.IsErrPushOutOfDate(err) {
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+util.PathEscapeSegments(form.NewBranchName)), tplEditFile, &form)
+		} else if git.IsErrPushRejected(err) {
+			errPushRej := err.(*git.ErrPushRejected)
+			if len(errPushRej.Message) == 0 {
+				ctx.RenderWithErr(ctx.Tr("repo.editor.push_rejected_no_message"), tplEditFile, &form)
+			} else {
+				flashError, err := ctx.HTMLString(string(tplAlertDetails), map[string]interface{}{
+					"Message": ctx.Tr("repo.editor.push_rejected"),
+					"Summary": ctx.Tr("repo.editor.push_rejected_summary"),
+					"Details": utils.SanitizeFlashErrorString(errPushRej.Message),
+				})
+				if err != nil {
+					ctx.ServerError("editFilePost.HTMLString", err)
+					return
+				}
+				ctx.RenderWithErr(flashError, tplEditFile, &form)
+			}
+		} else {
+			flashError, err := ctx.HTMLString(string(tplAlertDetails), map[string]interface{}{
+				"Message": ctx.Tr("repo.editor.fail_to_update_file", form.TreePath),
+				"Summary": ctx.Tr("repo.editor.fail_to_update_file_summary"),
+				"Details": utils.SanitizeFlashErrorString(err.Error()),
+			})
+			if err != nil {
+				ctx.ServerError("editFilePost.HTMLString", err)
+				return
+			}
+			ctx.RenderWithErr(flashError, tplEditFile, &form)
+		}
+	}
+
+	if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(models.UnitTypePullRequests) {
+		ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(form.NewBranchName))
+	} else {
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(branchName) + "/" + util.PathEscapeSegments(form.TreePath))
+	}
+}
+
+// EditFilePost response for editing file
+func EditFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditRepoFileForm)
+	editFilePost(ctx, *form, false)
+}
+
+// NewFilePost response for creating file
+func NewFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditRepoFileForm)
+	editFilePost(ctx, *form, true)
+}
+
+// DiffPreviewPost render preview diff page
+func DiffPreviewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditPreviewDiffForm)
+	treePath := cleanUploadFileName(ctx.Repo.TreePath)
+	if len(treePath) == 0 {
+		ctx.Error(http.StatusInternalServerError, "file name to diff is invalid")
+		return
+	}
+
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(treePath)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetTreeEntryByPath: "+err.Error())
+		return
+	} else if entry.IsDir() {
+		ctx.Error(http.StatusUnprocessableEntity)
+		return
+	}
+
+	diff, err := repofiles.GetDiffPreview(ctx.Repo.Repository, ctx.Repo.BranchName, treePath, form.Content)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, "GetDiffPreview: "+err.Error())
+		return
+	}
+
+	if diff.NumFiles == 0 {
+		ctx.PlainText(200, []byte(ctx.Tr("repo.editor.no_changes_to_show")))
+		return
+	}
+	ctx.Data["File"] = diff.Files[0]
+
+	ctx.HTML(http.StatusOK, tplEditDiffPreview)
+}
+
+// DeleteFile render delete file page
+func DeleteFile(ctx *context.Context) {
+	ctx.Data["PageIsDelete"] = true
+	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+	treePath := cleanUploadFileName(ctx.Repo.TreePath)
+
+	if treePath != ctx.Repo.TreePath {
+		ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_delete", util.PathEscapeSegments(ctx.Repo.BranchName), util.PathEscapeSegments(treePath)))
+		return
+	}
+
+	ctx.Data["TreePath"] = treePath
+	canCommit := renderCommitRights(ctx)
+
+	ctx.Data["commit_summary"] = ""
+	ctx.Data["commit_message"] = ""
+	ctx.Data["last_commit"] = ctx.Repo.CommitID
+	if canCommit {
+		ctx.Data["commit_choice"] = frmCommitChoiceDirect
+	} else {
+		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+	}
+	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx)
+
+	ctx.HTML(http.StatusOK, tplDeleteFile)
+}
+
+// DeleteFilePost response for deleting file
+func DeleteFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.DeleteRepoFileForm)
+	canCommit := renderCommitRights(ctx)
+	branchName := ctx.Repo.BranchName
+	if form.CommitChoice == frmCommitChoiceNewBranch {
+		branchName = form.NewBranchName
+	}
+
+	ctx.Data["PageIsDelete"] = true
+	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+	ctx.Data["TreePath"] = ctx.Repo.TreePath
+	ctx.Data["commit_summary"] = form.CommitSummary
+	ctx.Data["commit_message"] = form.CommitMessage
+	ctx.Data["commit_choice"] = form.CommitChoice
+	ctx.Data["new_branch_name"] = form.NewBranchName
+	ctx.Data["last_commit"] = ctx.Repo.CommitID
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplDeleteFile)
+		return
+	}
+
+	if branchName == ctx.Repo.BranchName && !canCommit {
+		ctx.Data["Err_NewBranchName"] = true
+		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplDeleteFile, &form)
+		return
+	}
+
+	message := strings.TrimSpace(form.CommitSummary)
+	if len(message) == 0 {
+		message = ctx.Tr("repo.editor.delete", ctx.Repo.TreePath)
+	}
+	form.CommitMessage = strings.TrimSpace(form.CommitMessage)
+	if len(form.CommitMessage) > 0 {
+		message += "\n\n" + form.CommitMessage
+	}
+
+	if _, err := repofiles.DeleteRepoFile(ctx.Repo.Repository, ctx.User, &repofiles.DeleteRepoFileOptions{
+		LastCommitID: form.LastCommit,
+		OldBranch:    ctx.Repo.BranchName,
+		NewBranch:    branchName,
+		TreePath:     ctx.Repo.TreePath,
+		Message:      message,
+		Signoff:      form.Signoff,
+	}); err != nil {
+		// This is where we handle all the errors thrown by repofiles.DeleteRepoFile
+		if git.IsErrNotExist(err) || models.IsErrRepoFileDoesNotExist(err) {
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_deleting_no_longer_exists", ctx.Repo.TreePath), tplDeleteFile, &form)
+		} else if models.IsErrFilenameInvalid(err) {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.filename_is_invalid", ctx.Repo.TreePath), tplDeleteFile, &form)
+		} else if models.IsErrFilePathInvalid(err) {
+			ctx.Data["Err_TreePath"] = true
+			if fileErr, ok := err.(models.ErrFilePathInvalid); ok {
+				switch fileErr.Type {
+				case git.EntryModeSymlink:
+					ctx.RenderWithErr(ctx.Tr("repo.editor.file_is_a_symlink", fileErr.Path), tplDeleteFile, &form)
+				case git.EntryModeTree:
+					ctx.RenderWithErr(ctx.Tr("repo.editor.filename_is_a_directory", fileErr.Path), tplDeleteFile, &form)
+				case git.EntryModeBlob:
+					ctx.RenderWithErr(ctx.Tr("repo.editor.directory_is_a_file", fileErr.Path), tplDeleteFile, &form)
+				default:
+					ctx.ServerError("DeleteRepoFile", err)
+				}
+			} else {
+				ctx.ServerError("DeleteRepoFile", err)
+			}
+		} else if git.IsErrBranchNotExist(err) {
+			// For when a user deletes a file to a branch that no longer exists
+			if branchErr, ok := err.(git.ErrBranchNotExist); ok {
+				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_does_not_exist", branchErr.Name), tplDeleteFile, &form)
+			} else {
+				ctx.Error(http.StatusInternalServerError, err.Error())
+			}
+		} else if models.IsErrBranchAlreadyExists(err) {
+			// For when a user specifies a new branch that already exists
+			if branchErr, ok := err.(models.ErrBranchAlreadyExists); ok {
+				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchErr.BranchName), tplDeleteFile, &form)
+			} else {
+				ctx.Error(http.StatusInternalServerError, err.Error())
+			}
+		} else if models.IsErrCommitIDDoesNotMatch(err) || git.IsErrPushOutOfDate(err) {
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_deleting", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+ctx.Repo.CommitID), tplDeleteFile, &form)
+		} else if git.IsErrPushRejected(err) {
+			errPushRej := err.(*git.ErrPushRejected)
+			if len(errPushRej.Message) == 0 {
+				ctx.RenderWithErr(ctx.Tr("repo.editor.push_rejected_no_message"), tplDeleteFile, &form)
+			} else {
+				flashError, err := ctx.HTMLString(string(tplAlertDetails), map[string]interface{}{
+					"Message": ctx.Tr("repo.editor.push_rejected"),
+					"Summary": ctx.Tr("repo.editor.push_rejected_summary"),
+					"Details": utils.SanitizeFlashErrorString(errPushRej.Message),
+				})
+				if err != nil {
+					ctx.ServerError("DeleteFilePost.HTMLString", err)
+					return
+				}
+				ctx.RenderWithErr(flashError, tplDeleteFile, &form)
+			}
+		} else {
+			ctx.ServerError("DeleteRepoFile", err)
+		}
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.editor.file_delete_success", ctx.Repo.TreePath))
+	if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(models.UnitTypePullRequests) {
+		ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(form.NewBranchName))
+	} else {
+		treePath := path.Dir(ctx.Repo.TreePath)
+		if treePath == "." {
+			treePath = "" // the file deleted was in the root, so we return the user to the root directory
+		}
+		if len(treePath) > 0 {
+			// Need to get the latest commit since it changed
+			commit, err := ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.BranchName)
+			if err == nil && commit != nil {
+				// We have the comment, now find what directory we can return the user to
+				// (must have entries)
+				treePath = GetClosestParentWithFiles(treePath, commit)
+			} else {
+				treePath = "" // otherwise return them to the root of the repo
+			}
+		}
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(branchName) + "/" + util.PathEscapeSegments(treePath))
+	}
+}
+
+// UploadFile render upload file page
+func UploadFile(ctx *context.Context) {
+	ctx.Data["PageIsUpload"] = true
+	ctx.Data["RequireTribute"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	upload.AddUploadContext(ctx, "repo")
+	canCommit := renderCommitRights(ctx)
+	treePath := cleanUploadFileName(ctx.Repo.TreePath)
+	if treePath != ctx.Repo.TreePath {
+		ctx.Redirect(path.Join(ctx.Repo.RepoLink, "_upload", util.PathEscapeSegments(ctx.Repo.BranchName), util.PathEscapeSegments(treePath)))
+		return
+	}
+	ctx.Repo.TreePath = treePath
+
+	treeNames, treePaths := getParentTreeFields(ctx.Repo.TreePath)
+	if len(treeNames) == 0 {
+		// We must at least have one element for user to input.
+		treeNames = []string{""}
+	}
+
+	ctx.Data["TreeNames"] = treeNames
+	ctx.Data["TreePaths"] = treePaths
+	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+	ctx.Data["commit_summary"] = ""
+	ctx.Data["commit_message"] = ""
+	if canCommit {
+		ctx.Data["commit_choice"] = frmCommitChoiceDirect
+	} else {
+		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+	}
+	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx)
+
+	ctx.HTML(http.StatusOK, tplUploadFile)
+}
+
+// UploadFilePost response for uploading file
+func UploadFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.UploadRepoFileForm)
+	ctx.Data["PageIsUpload"] = true
+	ctx.Data["RequireTribute"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	upload.AddUploadContext(ctx, "repo")
+	canCommit := renderCommitRights(ctx)
+
+	oldBranchName := ctx.Repo.BranchName
+	branchName := oldBranchName
+
+	if form.CommitChoice == frmCommitChoiceNewBranch {
+		branchName = form.NewBranchName
+	}
+
+	form.TreePath = cleanUploadFileName(form.TreePath)
+
+	treeNames, treePaths := getParentTreeFields(form.TreePath)
+	if len(treeNames) == 0 {
+		// We must at least have one element for user to input.
+		treeNames = []string{""}
+	}
+
+	ctx.Data["TreePath"] = form.TreePath
+	ctx.Data["TreeNames"] = treeNames
+	ctx.Data["TreePaths"] = treePaths
+	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/branch/" + branchName
+	ctx.Data["commit_summary"] = form.CommitSummary
+	ctx.Data["commit_message"] = form.CommitMessage
+	ctx.Data["commit_choice"] = form.CommitChoice
+	ctx.Data["new_branch_name"] = branchName
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplUploadFile)
+		return
+	}
+
+	if oldBranchName != branchName {
+		if _, err := repo_module.GetBranch(ctx.Repo.Repository, branchName); err == nil {
+			ctx.Data["Err_NewBranchName"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchName), tplUploadFile, &form)
+			return
+		}
+	} else if !canCommit {
+		ctx.Data["Err_NewBranchName"] = true
+		ctx.Data["commit_choice"] = frmCommitChoiceNewBranch
+		ctx.RenderWithErr(ctx.Tr("repo.editor.cannot_commit_to_protected_branch", branchName), tplUploadFile, &form)
+		return
+	}
+
+	var newTreePath string
+	for _, part := range treeNames {
+		newTreePath = path.Join(newTreePath, part)
+		entry, err := ctx.Repo.Commit.GetTreeEntryByPath(newTreePath)
+		if err != nil {
+			if git.IsErrNotExist(err) {
+				// Means there is no item with that name, so we're good
+				break
+			}
+
+			ctx.ServerError("Repo.Commit.GetTreeEntryByPath", err)
+			return
+		}
+
+		// User can only upload files to a directory.
+		if !entry.IsDir() {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.directory_is_a_file", part), tplUploadFile, &form)
+			return
+		}
+	}
+
+	message := strings.TrimSpace(form.CommitSummary)
+	if len(message) == 0 {
+		message = ctx.Tr("repo.editor.upload_files_to_dir", form.TreePath)
+	}
+
+	form.CommitMessage = strings.TrimSpace(form.CommitMessage)
+	if len(form.CommitMessage) > 0 {
+		message += "\n\n" + form.CommitMessage
+	}
+
+	if err := repofiles.UploadRepoFiles(ctx.Repo.Repository, ctx.User, &repofiles.UploadRepoFileOptions{
+		LastCommitID: ctx.Repo.CommitID,
+		OldBranch:    oldBranchName,
+		NewBranch:    branchName,
+		TreePath:     form.TreePath,
+		Message:      message,
+		Files:        form.Files,
+		Signoff:      form.Signoff,
+	}); err != nil {
+		if models.IsErrLFSFileLocked(err) {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.upload_file_is_locked", err.(models.ErrLFSFileLocked).Path, err.(models.ErrLFSFileLocked).UserName), tplUploadFile, &form)
+		} else if models.IsErrFilenameInvalid(err) {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.filename_is_invalid", form.TreePath), tplUploadFile, &form)
+		} else if models.IsErrFilePathInvalid(err) {
+			ctx.Data["Err_TreePath"] = true
+			fileErr := err.(models.ErrFilePathInvalid)
+			switch fileErr.Type {
+			case git.EntryModeSymlink:
+				ctx.RenderWithErr(ctx.Tr("repo.editor.file_is_a_symlink", fileErr.Path), tplUploadFile, &form)
+			case git.EntryModeTree:
+				ctx.RenderWithErr(ctx.Tr("repo.editor.filename_is_a_directory", fileErr.Path), tplUploadFile, &form)
+			case git.EntryModeBlob:
+				ctx.RenderWithErr(ctx.Tr("repo.editor.directory_is_a_file", fileErr.Path), tplUploadFile, &form)
+			default:
+				ctx.Error(http.StatusInternalServerError, err.Error())
+			}
+		} else if models.IsErrRepoFileAlreadyExists(err) {
+			ctx.Data["Err_TreePath"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_already_exists", form.TreePath), tplUploadFile, &form)
+		} else if git.IsErrBranchNotExist(err) {
+			branchErr := err.(git.ErrBranchNotExist)
+			ctx.RenderWithErr(ctx.Tr("repo.editor.branch_does_not_exist", branchErr.Name), tplUploadFile, &form)
+		} else if models.IsErrBranchAlreadyExists(err) {
+			// For when a user specifies a new branch that already exists
+			ctx.Data["Err_NewBranchName"] = true
+			branchErr := err.(models.ErrBranchAlreadyExists)
+			ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchErr.BranchName), tplUploadFile, &form)
+		} else if git.IsErrPushOutOfDate(err) {
+			ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+ctx.Repo.CommitID+"..."+util.PathEscapeSegments(form.NewBranchName)), tplUploadFile, &form)
+		} else if git.IsErrPushRejected(err) {
+			errPushRej := err.(*git.ErrPushRejected)
+			if len(errPushRej.Message) == 0 {
+				ctx.RenderWithErr(ctx.Tr("repo.editor.push_rejected_no_message"), tplUploadFile, &form)
+			} else {
+				flashError, err := ctx.HTMLString(string(tplAlertDetails), map[string]interface{}{
+					"Message": ctx.Tr("repo.editor.push_rejected"),
+					"Summary": ctx.Tr("repo.editor.push_rejected_summary"),
+					"Details": utils.SanitizeFlashErrorString(errPushRej.Message),
+				})
+				if err != nil {
+					ctx.ServerError("UploadFilePost.HTMLString", err)
+					return
+				}
+				ctx.RenderWithErr(flashError, tplUploadFile, &form)
+			}
+		} else {
+			// os.ErrNotExist - upload file missing in the intervening time?!
+			log.Error("Error during upload to repo: %-v to filepath: %s on %s from %s: %v", ctx.Repo.Repository, form.TreePath, oldBranchName, form.NewBranchName, err)
+			ctx.RenderWithErr(ctx.Tr("repo.editor.unable_to_upload_files", form.TreePath, err), tplUploadFile, &form)
+		}
+		return
+	}
+
+	if form.CommitChoice == frmCommitChoiceNewBranch && ctx.Repo.Repository.UnitEnabled(models.UnitTypePullRequests) {
+		ctx.Redirect(ctx.Repo.RepoLink + "/compare/" + util.PathEscapeSegments(ctx.Repo.BranchName) + "..." + util.PathEscapeSegments(form.NewBranchName))
+	} else {
+		ctx.Redirect(ctx.Repo.RepoLink + "/src/branch/" + util.PathEscapeSegments(branchName) + "/" + util.PathEscapeSegments(form.TreePath))
+	}
+}
+
+func cleanUploadFileName(name string) string {
+	// Rebase the filename
+	name = strings.Trim(path.Clean("/"+name), " /")
+	// Git disallows any filenames to have a .git directory in them.
+	for _, part := range strings.Split(name, "/") {
+		if strings.ToLower(part) == ".git" {
+			return ""
+		}
+	}
+	return name
+}
+
+// UploadFileToServer upload file to server file dir not git
+func UploadFileToServer(ctx *context.Context) {
+	file, header, err := ctx.Req.FormFile("file")
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("FormFile: %v", err))
+		return
+	}
+	defer file.Close()
+
+	buf := make([]byte, 1024)
+	n, _ := file.Read(buf)
+	if n > 0 {
+		buf = buf[:n]
+	}
+
+	err = upload.Verify(buf, header.Filename, setting.Repository.Upload.AllowedTypes)
+	if err != nil {
+		ctx.Error(http.StatusBadRequest, err.Error())
+		return
+	}
+
+	name := cleanUploadFileName(header.Filename)
+	if len(name) == 0 {
+		ctx.Error(http.StatusInternalServerError, "Upload file name is invalid")
+		return
+	}
+
+	upload, err := models.NewUpload(name, buf, file)
+	if err != nil {
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("NewUpload: %v", err))
+		return
+	}
+
+	log.Trace("New file uploaded: %s", upload.UUID)
+	ctx.JSON(http.StatusOK, map[string]string{
+		"uuid": upload.UUID,
+	})
+}
+
+// RemoveUploadFileFromServer remove file from server file dir
+func RemoveUploadFileFromServer(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.RemoveUploadFileForm)
+	if len(form.File) == 0 {
+		ctx.Status(204)
+		return
+	}
+
+	if err := models.DeleteUploadByUUID(form.File); err != nil {
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("DeleteUploadByUUID: %v", err))
+		return
+	}
+
+	log.Trace("Upload file removed: %s", form.File)
+	ctx.Status(204)
+}
+
+// GetUniquePatchBranchName Gets a unique branch name for a new patch branch
+// It will be in the form of <username>-patch-<num> where <num> is the first branch of this format
+// that doesn't already exist. If we exceed 1000 tries or an error is thrown, we just return "" so the user has to
+// type in the branch name themselves (will be an empty field)
+func GetUniquePatchBranchName(ctx *context.Context) string {
+	prefix := ctx.User.LowerName + "-patch-"
+	for i := 1; i <= 1000; i++ {
+		branchName := fmt.Sprintf("%s%d", prefix, i)
+		if _, err := repo_module.GetBranch(ctx.Repo.Repository, branchName); err != nil {
+			if git.IsErrBranchNotExist(err) {
+				return branchName
+			}
+			log.Error("GetUniquePatchBranchName: %v", err)
+			return ""
+		}
+	}
+	return ""
+}
+
+// GetClosestParentWithFiles Recursively gets the path of parent in a tree that has files (used when file in a tree is
+// deleted). Returns "" for the root if no parents other than the root have files. If the given treePath isn't a
+// SubTree or it has no entries, we go up one dir and see if we can return the user to that listing.
+func GetClosestParentWithFiles(treePath string, commit *git.Commit) string {
+	if len(treePath) == 0 || treePath == "." {
+		return ""
+	}
+	// see if the tree has entries
+	if tree, err := commit.SubTree(treePath); err != nil {
+		// failed to get tree, going up a dir
+		return GetClosestParentWithFiles(path.Dir(treePath), commit)
+	} else if entries, err := tree.ListEntries(); err != nil || len(entries) == 0 {
+		// no files in this dir, going up a dir
+		return GetClosestParentWithFiles(path.Dir(treePath), commit)
+	}
+	return treePath
+}

routers/web/repo/editor_test.go

@@ -0,0 +1,83 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/test"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCleanUploadName(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	var kases = map[string]string{
+		".git/refs/master":               "",
+		"/root/abc":                      "root/abc",
+		"./../../abc":                    "abc",
+		"a/../.git":                      "",
+		"a/../../../abc":                 "abc",
+		"../../../acd":                   "acd",
+		"../../.git/abc":                 "",
+		"..\\..\\.git/abc":               "..\\..\\.git/abc",
+		"..\\../.git/abc":                "",
+		"..\\../.git":                    "",
+		"abc/../def":                     "def",
+		".drone.yml":                     ".drone.yml",
+		".abc/def/.drone.yml":            ".abc/def/.drone.yml",
+		"..drone.yml.":                   "..drone.yml.",
+		"..a.dotty...name...":            "..a.dotty...name...",
+		"..a.dotty../.folder../.name...": "..a.dotty../.folder../.name...",
+	}
+	for k, v := range kases {
+		assert.EqualValues(t, cleanUploadFileName(k), v)
+	}
+}
+
+func TestGetUniquePatchBranchName(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1")
+	ctx.SetParams(":id", "1")
+	test.LoadRepo(t, ctx, 1)
+	test.LoadRepoCommit(t, ctx)
+	test.LoadUser(t, ctx, 2)
+	test.LoadGitRepo(t, ctx)
+	defer ctx.Repo.GitRepo.Close()
+
+	expectedBranchName := "user2-patch-1"
+	branchName := GetUniquePatchBranchName(ctx)
+	assert.Equal(t, expectedBranchName, branchName)
+}
+
+func TestGetClosestParentWithFiles(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1")
+	ctx.SetParams(":id", "1")
+	test.LoadRepo(t, ctx, 1)
+	test.LoadRepoCommit(t, ctx)
+	test.LoadUser(t, ctx, 2)
+	test.LoadGitRepo(t, ctx)
+	defer ctx.Repo.GitRepo.Close()
+
+	repo := ctx.Repo.Repository
+	branch := repo.DefaultBranch
+	gitRepo, _ := git.OpenRepository(repo.RepoPath())
+	defer gitRepo.Close()
+	commit, _ := gitRepo.GetBranchCommit(branch)
+	expectedTreePath := ""
+
+	expectedTreePath = "" // Should return the root dir, empty string, since there are no subdirs in this repo
+	for _, deletedFile := range []string{
+		"dir1/dir2/dir3/file.txt",
+		"file.txt",
+	} {
+		treePath := GetClosestParentWithFiles(deletedFile, commit)
+		assert.Equal(t, expectedTreePath, treePath)
+	}
+}

routers/web/repo/http.go

@@ -0,0 +1,602 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"bytes"
+	"compress/gzip"
+	gocontext "context"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"path"
+	"regexp"
+	"strconv"
+	"strings"
+	"sync"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/process"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
+	repo_service "code.gitea.io/gitea/services/repository"
+)
+
+// httpBase implmentation git smart HTTP protocol
+func httpBase(ctx *context.Context) (h *serviceHandler) {
+	if setting.Repository.DisableHTTPGit {
+		ctx.Resp.WriteHeader(http.StatusForbidden)
+		_, err := ctx.Resp.Write([]byte("Interacting with repositories by HTTP protocol is not allowed"))
+		if err != nil {
+			log.Error(err.Error())
+		}
+		return
+	}
+
+	if len(setting.Repository.AccessControlAllowOrigin) > 0 {
+		allowedOrigin := setting.Repository.AccessControlAllowOrigin
+		// Set CORS headers for browser-based git clients
+		ctx.Resp.Header().Set("Access-Control-Allow-Origin", allowedOrigin)
+		ctx.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, User-Agent")
+
+		// Handle preflight OPTIONS request
+		if ctx.Req.Method == "OPTIONS" {
+			if allowedOrigin == "*" {
+				ctx.Status(http.StatusOK)
+			} else if allowedOrigin == "null" {
+				ctx.Status(http.StatusForbidden)
+			} else {
+				origin := ctx.Req.Header.Get("Origin")
+				if len(origin) > 0 && origin == allowedOrigin {
+					ctx.Status(http.StatusOK)
+				} else {
+					ctx.Status(http.StatusForbidden)
+				}
+			}
+			return
+		}
+	}
+
+	username := ctx.Params(":username")
+	reponame := strings.TrimSuffix(ctx.Params(":reponame"), ".git")
+
+	if ctx.Query("go-get") == "1" {
+		context.EarlyResponseForGoGetMeta(ctx)
+		return
+	}
+
+	var isPull, receivePack bool
+	service := ctx.Query("service")
+	if service == "git-receive-pack" ||
+		strings.HasSuffix(ctx.Req.URL.Path, "git-receive-pack") {
+		isPull = false
+		receivePack = true
+	} else if service == "git-upload-pack" ||
+		strings.HasSuffix(ctx.Req.URL.Path, "git-upload-pack") {
+		isPull = true
+	} else if service == "git-upload-archive" ||
+		strings.HasSuffix(ctx.Req.URL.Path, "git-upload-archive") {
+		isPull = true
+	} else {
+		isPull = ctx.Req.Method == "GET"
+	}
+
+	var accessMode models.AccessMode
+	if isPull {
+		accessMode = models.AccessModeRead
+	} else {
+		accessMode = models.AccessModeWrite
+	}
+
+	isWiki := false
+	var unitType = models.UnitTypeCode
+	var wikiRepoName string
+	if strings.HasSuffix(reponame, ".wiki") {
+		isWiki = true
+		unitType = models.UnitTypeWiki
+		wikiRepoName = reponame
+		reponame = reponame[:len(reponame)-5]
+	}
+
+	owner, err := models.GetUserByName(username)
+	if err != nil {
+		if models.IsErrUserNotExist(err) {
+			if redirectUserID, err := models.LookupUserRedirect(username); err == nil {
+				context.RedirectToUser(ctx, username, redirectUserID)
+			} else {
+				ctx.NotFound(fmt.Sprintf("User %s does not exist", username), nil)
+			}
+		} else {
+			ctx.ServerError("GetUserByName", err)
+		}
+		return
+	}
+	if !owner.IsOrganization() && !owner.IsActive {
+		ctx.HandleText(http.StatusForbidden, "Repository cannot be accessed. You cannot push or open issues/pull-requests.")
+		return
+	}
+
+	repoExist := true
+	repo, err := models.GetRepositoryByName(owner.ID, reponame)
+	if err != nil {
+		if models.IsErrRepoNotExist(err) {
+			if redirectRepoID, err := models.LookupRepoRedirect(owner.ID, reponame); err == nil {
+				context.RedirectToRepo(ctx, redirectRepoID)
+				return
+			}
+			repoExist = false
+		} else {
+			ctx.ServerError("GetRepositoryByName", err)
+			return
+		}
+	}
+
+	// Don't allow pushing if the repo is archived
+	if repoExist && repo.IsArchived && !isPull {
+		ctx.HandleText(http.StatusForbidden, "This repo is archived. You can view files and clone it, but cannot push or open issues/pull-requests.")
+		return
+	}
+
+	// Only public pull don't need auth.
+	isPublicPull := repoExist && !repo.IsPrivate && isPull
+	var (
+		askAuth = !isPublicPull || setting.Service.RequireSignInView
+		environ []string
+	)
+
+	// don't allow anonymous pulls if organization is not public
+	if isPublicPull {
+		if err := repo.GetOwner(); err != nil {
+			ctx.ServerError("GetOwner", err)
+			return
+		}
+
+		askAuth = askAuth || (repo.Owner.Visibility != structs.VisibleTypePublic)
+	}
+
+	// check access
+	if askAuth {
+		// rely on the results of Contexter
+		if !ctx.IsSigned {
+			// TODO: support digit auth - which would be Authorization header with digit
+			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"")
+			ctx.Error(http.StatusUnauthorized)
+			return
+		}
+
+		if ctx.IsBasicAuth && ctx.Data["IsApiToken"] != true {
+			_, err = models.GetTwoFactorByUID(ctx.User.ID)
+			if err == nil {
+				// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
+				ctx.HandleText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page")
+				return
+			} else if !models.IsErrTwoFactorNotEnrolled(err) {
+				ctx.ServerError("IsErrTwoFactorNotEnrolled", err)
+				return
+			}
+		}
+
+		if !ctx.User.IsActive || ctx.User.ProhibitLogin {
+			ctx.HandleText(http.StatusForbidden, "Your account is disabled.")
+			return
+		}
+
+		if repoExist {
+			perm, err := models.GetUserRepoPermission(repo, ctx.User)
+			if err != nil {
+				ctx.ServerError("GetUserRepoPermission", err)
+				return
+			}
+
+			if !perm.CanAccess(accessMode, unitType) {
+				ctx.HandleText(http.StatusForbidden, "User permission denied")
+				return
+			}
+
+			if !isPull && repo.IsMirror {
+				ctx.HandleText(http.StatusForbidden, "mirror repository is read-only")
+				return
+			}
+		}
+
+		environ = []string{
+			models.EnvRepoUsername + "=" + username,
+			models.EnvRepoName + "=" + reponame,
+			models.EnvPusherName + "=" + ctx.User.Name,
+			models.EnvPusherID + fmt.Sprintf("=%d", ctx.User.ID),
+			models.EnvIsDeployKey + "=false",
+			models.EnvAppURL + "=" + setting.AppURL,
+		}
+
+		if !ctx.User.KeepEmailPrivate {
+			environ = append(environ, models.EnvPusherEmail+"="+ctx.User.Email)
+		}
+
+		if isWiki {
+			environ = append(environ, models.EnvRepoIsWiki+"=true")
+		} else {
+			environ = append(environ, models.EnvRepoIsWiki+"=false")
+		}
+	}
+
+	if !repoExist {
+		if !receivePack {
+			ctx.HandleText(http.StatusNotFound, "Repository not found")
+			return
+		}
+
+		if isWiki { // you cannot send wiki operation before create the repository
+			ctx.HandleText(http.StatusNotFound, "Repository not found")
+			return
+		}
+
+		if owner.IsOrganization() && !setting.Repository.EnablePushCreateOrg {
+			ctx.HandleText(http.StatusForbidden, "Push to create is not enabled for organizations.")
+			return
+		}
+		if !owner.IsOrganization() && !setting.Repository.EnablePushCreateUser {
+			ctx.HandleText(http.StatusForbidden, "Push to create is not enabled for users.")
+			return
+		}
+
+		// Return dummy payload if GET receive-pack
+		if ctx.Req.Method == http.MethodGet {
+			dummyInfoRefs(ctx)
+			return
+		}
+
+		repo, err = repo_service.PushCreateRepo(ctx.User, owner, reponame)
+		if err != nil {
+			log.Error("pushCreateRepo: %v", err)
+			ctx.Status(http.StatusNotFound)
+			return
+		}
+	}
+
+	if isWiki {
+		// Ensure the wiki is enabled before we allow access to it
+		if _, err := repo.GetUnit(models.UnitTypeWiki); err != nil {
+			if models.IsErrUnitTypeNotExist(err) {
+				ctx.HandleText(http.StatusForbidden, "repository wiki is disabled")
+				return
+			}
+			log.Error("Failed to get the wiki unit in %-v Error: %v", repo, err)
+			ctx.ServerError("GetUnit(UnitTypeWiki) for "+repo.FullName(), err)
+			return
+		}
+	}
+
+	environ = append(environ, models.EnvRepoID+fmt.Sprintf("=%d", repo.ID))
+
+	w := ctx.Resp
+	r := ctx.Req
+	cfg := &serviceConfig{
+		UploadPack:  true,
+		ReceivePack: true,
+		Env:         environ,
+	}
+
+	r.URL.Path = strings.ToLower(r.URL.Path) // blue: In case some repo name has upper case name
+
+	dir := models.RepoPath(username, reponame)
+	if isWiki {
+		dir = models.RepoPath(username, wikiRepoName)
+	}
+
+	return &serviceHandler{cfg, w, r, dir, cfg.Env}
+}
+
+var (
+	infoRefsCache []byte
+	infoRefsOnce  sync.Once
+)
+
+func dummyInfoRefs(ctx *context.Context) {
+	infoRefsOnce.Do(func() {
+		tmpDir, err := ioutil.TempDir(os.TempDir(), "gitea-info-refs-cache")
+		if err != nil {
+			log.Error("Failed to create temp dir for git-receive-pack cache: %v", err)
+			return
+		}
+
+		defer func() {
+			if err := util.RemoveAll(tmpDir); err != nil {
+				log.Error("RemoveAll: %v", err)
+			}
+		}()
+
+		if err := git.InitRepository(tmpDir, true); err != nil {
+			log.Error("Failed to init bare repo for git-receive-pack cache: %v", err)
+			return
+		}
+
+		refs, err := git.NewCommand("receive-pack", "--stateless-rpc", "--advertise-refs", ".").RunInDirBytes(tmpDir)
+		if err != nil {
+			log.Error(fmt.Sprintf("%v - %s", err, string(refs)))
+		}
+
+		log.Debug("populating infoRefsCache: \n%s", string(refs))
+		infoRefsCache = refs
+	})
+
+	ctx.Header().Set("Expires", "Fri, 01 Jan 1980 00:00:00 GMT")
+	ctx.Header().Set("Pragma", "no-cache")
+	ctx.Header().Set("Cache-Control", "no-cache, max-age=0, must-revalidate")
+	ctx.Header().Set("Content-Type", "application/x-git-receive-pack-advertisement")
+	_, _ = ctx.Write(packetWrite("# service=git-receive-pack\n"))
+	_, _ = ctx.Write([]byte("0000"))
+	_, _ = ctx.Write(infoRefsCache)
+}
+
+type serviceConfig struct {
+	UploadPack  bool
+	ReceivePack bool
+	Env         []string
+}
+
+type serviceHandler struct {
+	cfg     *serviceConfig
+	w       http.ResponseWriter
+	r       *http.Request
+	dir     string
+	environ []string
+}
+
+func (h *serviceHandler) setHeaderNoCache() {
+	h.w.Header().Set("Expires", "Fri, 01 Jan 1980 00:00:00 GMT")
+	h.w.Header().Set("Pragma", "no-cache")
+	h.w.Header().Set("Cache-Control", "no-cache, max-age=0, must-revalidate")
+}
+
+func (h *serviceHandler) setHeaderCacheForever() {
+	now := time.Now().Unix()
+	expires := now + 31536000
+	h.w.Header().Set("Date", fmt.Sprintf("%d", now))
+	h.w.Header().Set("Expires", fmt.Sprintf("%d", expires))
+	h.w.Header().Set("Cache-Control", "public, max-age=31536000")
+}
+
+func (h *serviceHandler) sendFile(contentType, file string) {
+	reqFile := path.Join(h.dir, file)
+
+	fi, err := os.Stat(reqFile)
+	if os.IsNotExist(err) {
+		h.w.WriteHeader(http.StatusNotFound)
+		return
+	}
+
+	h.w.Header().Set("Content-Type", contentType)
+	h.w.Header().Set("Content-Length", fmt.Sprintf("%d", fi.Size()))
+	h.w.Header().Set("Last-Modified", fi.ModTime().Format(http.TimeFormat))
+	http.ServeFile(h.w, h.r, reqFile)
+}
+
+// one or more key=value pairs separated by colons
+var safeGitProtocolHeader = regexp.MustCompile(`^[0-9a-zA-Z]+=[0-9a-zA-Z]+(:[0-9a-zA-Z]+=[0-9a-zA-Z]+)*$`)
+
+func getGitConfig(option, dir string) string {
+	out, err := git.NewCommand("config", option).RunInDir(dir)
+	if err != nil {
+		log.Error("%v - %s", err, out)
+	}
+	return out[0 : len(out)-1]
+}
+
+func getConfigSetting(service, dir string) bool {
+	service = strings.ReplaceAll(service, "-", "")
+	setting := getGitConfig("http."+service, dir)
+
+	if service == "uploadpack" {
+		return setting != "false"
+	}
+
+	return setting == "true"
+}
+
+func hasAccess(service string, h serviceHandler, checkContentType bool) bool {
+	if checkContentType {
+		if h.r.Header.Get("Content-Type") != fmt.Sprintf("application/x-git-%s-request", service) {
+			return false
+		}
+	}
+
+	if !(service == "upload-pack" || service == "receive-pack") {
+		return false
+	}
+	if service == "receive-pack" {
+		return h.cfg.ReceivePack
+	}
+	if service == "upload-pack" {
+		return h.cfg.UploadPack
+	}
+
+	return getConfigSetting(service, h.dir)
+}
+
+func serviceRPC(h serviceHandler, service string) {
+	defer func() {
+		if err := h.r.Body.Close(); err != nil {
+			log.Error("serviceRPC: Close: %v", err)
+		}
+
+	}()
+
+	if !hasAccess(service, h, true) {
+		h.w.WriteHeader(http.StatusUnauthorized)
+		return
+	}
+
+	h.w.Header().Set("Content-Type", fmt.Sprintf("application/x-git-%s-result", service))
+
+	var err error
+	var reqBody = h.r.Body
+
+	// Handle GZIP.
+	if h.r.Header.Get("Content-Encoding") == "gzip" {
+		reqBody, err = gzip.NewReader(reqBody)
+		if err != nil {
+			log.Error("Fail to create gzip reader: %v", err)
+			h.w.WriteHeader(http.StatusInternalServerError)
+			return
+		}
+	}
+
+	// set this for allow pre-receive and post-receive execute
+	h.environ = append(h.environ, "SSH_ORIGINAL_COMMAND="+service)
+
+	if protocol := h.r.Header.Get("Git-Protocol"); protocol != "" && safeGitProtocolHeader.MatchString(protocol) {
+		h.environ = append(h.environ, "GIT_PROTOCOL="+protocol)
+	}
+
+	ctx, cancel := gocontext.WithCancel(git.DefaultContext)
+	defer cancel()
+	var stderr bytes.Buffer
+	cmd := exec.CommandContext(ctx, git.GitExecutable, service, "--stateless-rpc", h.dir)
+	cmd.Dir = h.dir
+	cmd.Env = append(os.Environ(), h.environ...)
+	cmd.Stdout = h.w
+	cmd.Stdin = reqBody
+	cmd.Stderr = &stderr
+
+	pid := process.GetManager().Add(fmt.Sprintf("%s %s %s [repo_path: %s]", git.GitExecutable, service, "--stateless-rpc", h.dir), cancel)
+	defer process.GetManager().Remove(pid)
+
+	if err := cmd.Run(); err != nil {
+		log.Error("Fail to serve RPC(%s) in %s: %v - %s", service, h.dir, err, stderr.String())
+		return
+	}
+}
+
+// ServiceUploadPack implements Git Smart HTTP protocol
+func ServiceUploadPack(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		serviceRPC(*h, "upload-pack")
+	}
+}
+
+// ServiceReceivePack implements Git Smart HTTP protocol
+func ServiceReceivePack(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		serviceRPC(*h, "receive-pack")
+	}
+}
+
+func getServiceType(r *http.Request) string {
+	serviceType := r.FormValue("service")
+	if !strings.HasPrefix(serviceType, "git-") {
+		return ""
+	}
+	return strings.Replace(serviceType, "git-", "", 1)
+}
+
+func updateServerInfo(dir string) []byte {
+	out, err := git.NewCommand("update-server-info").RunInDirBytes(dir)
+	if err != nil {
+		log.Error(fmt.Sprintf("%v - %s", err, string(out)))
+	}
+	return out
+}
+
+func packetWrite(str string) []byte {
+	s := strconv.FormatInt(int64(len(str)+4), 16)
+	if len(s)%4 != 0 {
+		s = strings.Repeat("0", 4-len(s)%4) + s
+	}
+	return []byte(s + str)
+}
+
+// GetInfoRefs implements Git dumb HTTP
+func GetInfoRefs(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h == nil {
+		return
+	}
+	h.setHeaderNoCache()
+	if hasAccess(getServiceType(h.r), *h, false) {
+		service := getServiceType(h.r)
+
+		if protocol := h.r.Header.Get("Git-Protocol"); protocol != "" && safeGitProtocolHeader.MatchString(protocol) {
+			h.environ = append(h.environ, "GIT_PROTOCOL="+protocol)
+		}
+		h.environ = append(os.Environ(), h.environ...)
+
+		refs, err := git.NewCommand(service, "--stateless-rpc", "--advertise-refs", ".").RunInDirTimeoutEnv(h.environ, -1, h.dir)
+		if err != nil {
+			log.Error(fmt.Sprintf("%v - %s", err, string(refs)))
+		}
+
+		h.w.Header().Set("Content-Type", fmt.Sprintf("application/x-git-%s-advertisement", service))
+		h.w.WriteHeader(http.StatusOK)
+		_, _ = h.w.Write(packetWrite("# service=git-" + service + "\n"))
+		_, _ = h.w.Write([]byte("0000"))
+		_, _ = h.w.Write(refs)
+	} else {
+		updateServerInfo(h.dir)
+		h.sendFile("text/plain; charset=utf-8", "info/refs")
+	}
+}
+
+// GetTextFile implements Git dumb HTTP
+func GetTextFile(p string) func(*context.Context) {
+	return func(ctx *context.Context) {
+		h := httpBase(ctx)
+		if h != nil {
+			h.setHeaderNoCache()
+			file := ctx.Params("file")
+			if file != "" {
+				h.sendFile("text/plain", "objects/info/"+file)
+			} else {
+				h.sendFile("text/plain", p)
+			}
+		}
+	}
+}
+
+// GetInfoPacks implements Git dumb HTTP
+func GetInfoPacks(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("text/plain; charset=utf-8", "objects/info/packs")
+	}
+}
+
+// GetLooseObject implements Git dumb HTTP
+func GetLooseObject(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("application/x-git-loose-object", fmt.Sprintf("objects/%s/%s",
+			ctx.Params("head"), ctx.Params("hash")))
+	}
+}
+
+// GetPackFile implements Git dumb HTTP
+func GetPackFile(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("application/x-git-packed-objects", "objects/pack/pack-"+ctx.Params("file")+".pack")
+	}
+}
+
+// GetIdxFile implements Git dumb HTTP
+func GetIdxFile(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("application/x-git-packed-objects-toc", "objects/pack/pack-"+ctx.Params("file")+".idx")
+	}
+}

routers/web/repo/issue_dependency.go

@@ -0,0 +1,129 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+// AddDependency adds new dependencies
+func AddDependency(ctx *context.Context) {
+	issueIndex := ctx.ParamsInt64("index")
+	issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, issueIndex)
+	if err != nil {
+		ctx.ServerError("GetIssueByIndex", err)
+		return
+	}
+
+	// Check if the Repo is allowed to have dependencies
+	if !ctx.Repo.CanCreateIssueDependencies(ctx.User, issue.IsPull) {
+		ctx.Error(http.StatusForbidden, "CanCreateIssueDependencies")
+		return
+	}
+
+	depID := ctx.QueryInt64("newDependency")
+
+	if err = issue.LoadRepo(); err != nil {
+		ctx.ServerError("LoadRepo", err)
+		return
+	}
+
+	// Redirect
+	defer ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther)
+
+	// Dependency
+	dep, err := models.GetIssueByID(depID)
+	if err != nil {
+		ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_issue_not_exist"))
+		return
+	}
+
+	// Check if both issues are in the same repo if cross repository dependencies is not enabled
+	if issue.RepoID != dep.RepoID && !setting.Service.AllowCrossRepositoryDependencies {
+		ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_not_same_repo"))
+		return
+	}
+
+	// Check if issue and dependency is the same
+	if dep.ID == issue.ID {
+		ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_same_issue"))
+		return
+	}
+
+	err = models.CreateIssueDependency(ctx.User, issue, dep)
+	if err != nil {
+		if models.IsErrDependencyExists(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_exists"))
+			return
+		} else if models.IsErrCircularDependency(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_cannot_create_circular"))
+			return
+		} else {
+			ctx.ServerError("CreateOrUpdateIssueDependency", err)
+			return
+		}
+	}
+}
+
+// RemoveDependency removes the dependency
+func RemoveDependency(ctx *context.Context) {
+	issueIndex := ctx.ParamsInt64("index")
+	issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, issueIndex)
+	if err != nil {
+		ctx.ServerError("GetIssueByIndex", err)
+		return
+	}
+
+	// Check if the Repo is allowed to have dependencies
+	if !ctx.Repo.CanCreateIssueDependencies(ctx.User, issue.IsPull) {
+		ctx.Error(http.StatusForbidden, "CanCreateIssueDependencies")
+		return
+	}
+
+	depID := ctx.QueryInt64("removeDependencyID")
+
+	if err = issue.LoadRepo(); err != nil {
+		ctx.ServerError("LoadRepo", err)
+		return
+	}
+
+	// Dependency Type
+	depTypeStr := ctx.Req.PostForm.Get("dependencyType")
+
+	var depType models.DependencyType
+
+	switch depTypeStr {
+	case "blockedBy":
+		depType = models.DependencyTypeBlockedBy
+	case "blocking":
+		depType = models.DependencyTypeBlocking
+	default:
+		ctx.Error(http.StatusBadRequest, "GetDependecyType")
+		return
+	}
+
+	// Dependency
+	dep, err := models.GetIssueByID(depID)
+	if err != nil {
+		ctx.ServerError("GetIssueByID", err)
+		return
+	}
+
+	if err = models.RemoveIssueDependency(ctx.User, issue, dep, depType); err != nil {
+		if models.IsErrDependencyNotExists(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.dependency.add_error_dep_not_exist"))
+			return
+		}
+		ctx.ServerError("RemoveIssueDependency", err)
+		return
+	}
+
+	// Redirect
+	ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther)
+}

routers/web/repo/issue_label.go

@@ -0,0 +1,222 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+	issue_service "code.gitea.io/gitea/services/issue"
+)
+
+const (
+	tplLabels base.TplName = "repo/issue/labels"
+)
+
+// Labels render issue's labels page
+func Labels(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.labels")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsLabels"] = true
+	ctx.Data["RequireTribute"] = true
+	ctx.Data["LabelTemplates"] = models.LabelTemplates
+	ctx.HTML(http.StatusOK, tplLabels)
+}
+
+// InitializeLabels init labels for a repository
+func InitializeLabels(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.InitializeLabelsForm)
+	if ctx.HasError() {
+		ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+		return
+	}
+
+	if err := models.InitializeLabels(models.DefaultDBContext(), ctx.Repo.Repository.ID, form.TemplateName, false); err != nil {
+		if models.IsErrIssueLabelTemplateLoad(err) {
+			originalErr := err.(models.ErrIssueLabelTemplateLoad).OriginalError
+			ctx.Flash.Error(ctx.Tr("repo.issues.label_templates.fail_to_load_file", form.TemplateName, originalErr))
+			ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+			return
+		}
+		ctx.ServerError("InitializeLabels", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+}
+
+// RetrieveLabels find all the labels of a repository and organization
+func RetrieveLabels(ctx *context.Context) {
+	labels, err := models.GetLabelsByRepoID(ctx.Repo.Repository.ID, ctx.Query("sort"), models.ListOptions{})
+	if err != nil {
+		ctx.ServerError("RetrieveLabels.GetLabels", err)
+		return
+	}
+
+	for _, l := range labels {
+		l.CalOpenIssues()
+	}
+
+	ctx.Data["Labels"] = labels
+
+	if ctx.Repo.Owner.IsOrganization() {
+		orgLabels, err := models.GetLabelsByOrgID(ctx.Repo.Owner.ID, ctx.Query("sort"), models.ListOptions{})
+		if err != nil {
+			ctx.ServerError("GetLabelsByOrgID", err)
+			return
+		}
+		for _, l := range orgLabels {
+			l.CalOpenOrgIssues(ctx.Repo.Repository.ID, l.ID)
+		}
+		ctx.Data["OrgLabels"] = orgLabels
+
+		org, err := models.GetOrgByName(ctx.Repo.Owner.LowerName)
+		if err != nil {
+			ctx.ServerError("GetOrgByName", err)
+			return
+		}
+		if ctx.User != nil {
+			ctx.Org.IsOwner, err = org.IsOwnedBy(ctx.User.ID)
+			if err != nil {
+				ctx.ServerError("org.IsOwnedBy", err)
+				return
+			}
+			ctx.Org.OrgLink = org.OrganisationLink()
+			ctx.Data["IsOrganizationOwner"] = ctx.Org.IsOwner
+			ctx.Data["OrganizationLink"] = ctx.Org.OrgLink
+		}
+	}
+	ctx.Data["NumLabels"] = len(labels)
+	ctx.Data["SortType"] = ctx.Query("sort")
+}
+
+// NewLabel create new label for repository
+func NewLabel(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateLabelForm)
+	ctx.Data["Title"] = ctx.Tr("repo.labels")
+	ctx.Data["PageIsLabels"] = true
+
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))
+		ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+		return
+	}
+
+	l := &models.Label{
+		RepoID:      ctx.Repo.Repository.ID,
+		Name:        form.Title,
+		Description: form.Description,
+		Color:       form.Color,
+	}
+	if err := models.NewLabel(l); err != nil {
+		ctx.ServerError("NewLabel", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+}
+
+// UpdateLabel update a label's name and color
+func UpdateLabel(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateLabelForm)
+	l, err := models.GetLabelInRepoByID(ctx.Repo.Repository.ID, form.ID)
+	if err != nil {
+		switch {
+		case models.IsErrRepoLabelNotExist(err):
+			ctx.Error(http.StatusNotFound)
+		default:
+			ctx.ServerError("UpdateLabel", err)
+		}
+		return
+	}
+
+	l.Name = form.Title
+	l.Description = form.Description
+	l.Color = form.Color
+	if err := models.UpdateLabel(l); err != nil {
+		ctx.ServerError("UpdateLabel", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/labels")
+}
+
+// DeleteLabel delete a label
+func DeleteLabel(ctx *context.Context) {
+	if err := models.DeleteLabel(ctx.Repo.Repository.ID, ctx.QueryInt64("id")); err != nil {
+		ctx.Flash.Error("DeleteLabel: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.issues.label_deletion_success"))
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": ctx.Repo.RepoLink + "/labels",
+	})
+}
+
+// UpdateIssueLabel change issue's labels
+func UpdateIssueLabel(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	switch action := ctx.Query("action"); action {
+	case "clear":
+		for _, issue := range issues {
+			if err := issue_service.ClearLabels(issue, ctx.User); err != nil {
+				ctx.ServerError("ClearLabels", err)
+				return
+			}
+		}
+	case "attach", "detach", "toggle":
+		label, err := models.GetLabelByID(ctx.QueryInt64("id"))
+		if err != nil {
+			if models.IsErrRepoLabelNotExist(err) {
+				ctx.Error(http.StatusNotFound, "GetLabelByID")
+			} else {
+				ctx.ServerError("GetLabelByID", err)
+			}
+			return
+		}
+
+		if action == "toggle" {
+			// detach if any issues already have label, otherwise attach
+			action = "attach"
+			for _, issue := range issues {
+				if issue.HasLabel(label.ID) {
+					action = "detach"
+					break
+				}
+			}
+		}
+
+		if action == "attach" {
+			for _, issue := range issues {
+				if err = issue_service.AddLabel(issue, ctx.User, label); err != nil {
+					ctx.ServerError("AddLabel", err)
+					return
+				}
+			}
+		} else {
+			for _, issue := range issues {
+				if err = issue_service.RemoveLabel(issue, ctx.User, label); err != nil {
+					ctx.ServerError("RemoveLabel", err)
+					return
+				}
+			}
+		}
+	default:
+		log.Warn("Unrecognized action: %s", action)
+		ctx.Error(http.StatusInternalServerError)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}

routers/web/repo/issue_label_test.go

@@ -0,0 +1,168 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"strconv"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func int64SliceToCommaSeparated(a []int64) string {
+	s := ""
+	for i, n := range a {
+		if i > 0 {
+			s += ","
+		}
+		s += strconv.Itoa(int(n))
+	}
+	return s
+}
+
+func TestInitializeLabels(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/labels/initialize")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 2)
+	web.SetForm(ctx, &forms.InitializeLabelsForm{TemplateName: "Default"})
+	InitializeLabels(ctx)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	models.AssertExistsAndLoadBean(t, &models.Label{
+		RepoID: 2,
+		Name:   "enhancement",
+		Color:  "#84b6eb",
+	})
+	assert.Equal(t, "/user2/repo2/labels", test.RedirectURL(ctx.Resp))
+}
+
+func TestRetrieveLabels(t *testing.T) {
+	models.PrepareTestEnv(t)
+	for _, testCase := range []struct {
+		RepoID           int64
+		Sort             string
+		ExpectedLabelIDs []int64
+	}{
+		{1, "", []int64{1, 2}},
+		{1, "leastissues", []int64{2, 1}},
+		{2, "", []int64{}},
+	} {
+		ctx := test.MockContext(t, "user/repo/issues")
+		test.LoadUser(t, ctx, 2)
+		test.LoadRepo(t, ctx, testCase.RepoID)
+		ctx.Req.Form.Set("sort", testCase.Sort)
+		RetrieveLabels(ctx)
+		assert.False(t, ctx.Written())
+		labels, ok := ctx.Data["Labels"].([]*models.Label)
+		assert.True(t, ok)
+		if assert.Len(t, labels, len(testCase.ExpectedLabelIDs)) {
+			for i, label := range labels {
+				assert.EqualValues(t, testCase.ExpectedLabelIDs[i], label.ID)
+			}
+		}
+	}
+}
+
+func TestNewLabel(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/labels/edit")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.CreateLabelForm{
+		Title: "newlabel",
+		Color: "#abcdef",
+	})
+	NewLabel(ctx)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	models.AssertExistsAndLoadBean(t, &models.Label{
+		Name:  "newlabel",
+		Color: "#abcdef",
+	})
+	assert.Equal(t, "/user2/repo1/labels", test.RedirectURL(ctx.Resp))
+}
+
+func TestUpdateLabel(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/labels/edit")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.CreateLabelForm{
+		ID:    2,
+		Title: "newnameforlabel",
+		Color: "#abcdef",
+	})
+	UpdateLabel(ctx)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	models.AssertExistsAndLoadBean(t, &models.Label{
+		ID:    2,
+		Name:  "newnameforlabel",
+		Color: "#abcdef",
+	})
+	assert.Equal(t, "/user2/repo1/labels", test.RedirectURL(ctx.Resp))
+}
+
+func TestDeleteLabel(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/labels/delete")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	ctx.Req.Form.Set("id", "2")
+	DeleteLabel(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	models.AssertNotExistsBean(t, &models.Label{ID: 2})
+	models.AssertNotExistsBean(t, &models.IssueLabel{LabelID: 2})
+	assert.Equal(t, ctx.Tr("repo.issues.label_deletion_success"), ctx.Flash.SuccessMsg)
+}
+
+func TestUpdateIssueLabel_Clear(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/issues/labels")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	ctx.Req.Form.Set("issue_ids", "1,3")
+	ctx.Req.Form.Set("action", "clear")
+	UpdateIssueLabel(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	models.AssertNotExistsBean(t, &models.IssueLabel{IssueID: 1})
+	models.AssertNotExistsBean(t, &models.IssueLabel{IssueID: 3})
+	models.CheckConsistencyFor(t, &models.Label{})
+}
+
+func TestUpdateIssueLabel_Toggle(t *testing.T) {
+	for _, testCase := range []struct {
+		Action      string
+		IssueIDs    []int64
+		LabelID     int64
+		ExpectedAdd bool // whether we expect the label to be added to the issues
+	}{
+		{"attach", []int64{1, 3}, 1, true},
+		{"detach", []int64{1, 3}, 1, false},
+		{"toggle", []int64{1, 3}, 1, false},
+		{"toggle", []int64{1, 2}, 2, true},
+	} {
+		models.PrepareTestEnv(t)
+		ctx := test.MockContext(t, "user2/repo1/issues/labels")
+		test.LoadUser(t, ctx, 2)
+		test.LoadRepo(t, ctx, 1)
+		ctx.Req.Form.Set("issue_ids", int64SliceToCommaSeparated(testCase.IssueIDs))
+		ctx.Req.Form.Set("action", testCase.Action)
+		ctx.Req.Form.Set("id", strconv.Itoa(int(testCase.LabelID)))
+		UpdateIssueLabel(ctx)
+		assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+		for _, issueID := range testCase.IssueIDs {
+			models.AssertExistsIf(t, testCase.ExpectedAdd, &models.IssueLabel{
+				IssueID: issueID,
+				LabelID: testCase.LabelID,
+			})
+		}
+		models.CheckConsistencyFor(t, &models.Label{})
+	}
+}

routers/web/repo/issue_lock.go

@@ -0,0 +1,72 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+)
+
+// LockIssue locks an issue. This would limit commenting abilities to
+// users with write access to the repo.
+func LockIssue(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.IssueLockForm)
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if issue.IsLocked {
+		ctx.Flash.Error(ctx.Tr("repo.issues.lock_duplicate"))
+		ctx.Redirect(issue.HTMLURL())
+		return
+	}
+
+	if !form.HasValidReason() {
+		ctx.Flash.Error(ctx.Tr("repo.issues.lock.unknown_reason"))
+		ctx.Redirect(issue.HTMLURL())
+		return
+	}
+
+	if err := models.LockIssue(&models.IssueLockOptions{
+		Doer:   ctx.User,
+		Issue:  issue,
+		Reason: form.Reason,
+	}); err != nil {
+		ctx.ServerError("LockIssue", err)
+		return
+	}
+
+	ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther)
+}
+
+// UnlockIssue unlocks a previously locked issue.
+func UnlockIssue(ctx *context.Context) {
+
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !issue.IsLocked {
+		ctx.Flash.Error(ctx.Tr("repo.issues.unlock_error"))
+		ctx.Redirect(issue.HTMLURL())
+		return
+	}
+
+	if err := models.UnlockIssue(&models.IssueLockOptions{
+		Doer:  ctx.User,
+		Issue: issue,
+	}); err != nil {
+		ctx.ServerError("UnlockIssue", err)
+		return
+	}
+
+	ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther)
+}

routers/web/repo/issue_stopwatch.go

@@ -0,0 +1,108 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+)
+
+// IssueStopwatch creates or stops a stopwatch for the given issue.
+func IssueStopwatch(c *context.Context) {
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+
+	var showSuccessMessage bool
+
+	if !models.StopwatchExists(c.User.ID, issue.ID) {
+		showSuccessMessage = true
+	}
+
+	if !c.Repo.CanUseTimetracker(issue, c.User) {
+		c.NotFound("CanUseTimetracker", nil)
+		return
+	}
+
+	if err := models.CreateOrStopIssueStopwatch(c.User, issue); err != nil {
+		c.ServerError("CreateOrStopIssueStopwatch", err)
+		return
+	}
+
+	if showSuccessMessage {
+		c.Flash.Success(c.Tr("repo.issues.tracker_auto_close"))
+	}
+
+	url := issue.HTMLURL()
+	c.Redirect(url, http.StatusSeeOther)
+}
+
+// CancelStopwatch cancel the stopwatch
+func CancelStopwatch(c *context.Context) {
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+	if !c.Repo.CanUseTimetracker(issue, c.User) {
+		c.NotFound("CanUseTimetracker", nil)
+		return
+	}
+
+	if err := models.CancelStopwatch(c.User, issue); err != nil {
+		c.ServerError("CancelStopwatch", err)
+		return
+	}
+
+	url := issue.HTMLURL()
+	c.Redirect(url, http.StatusSeeOther)
+}
+
+// GetActiveStopwatch is the middleware that sets .ActiveStopwatch on context
+func GetActiveStopwatch(c *context.Context) {
+	if strings.HasPrefix(c.Req.URL.Path, "/api") {
+		return
+	}
+
+	if !c.IsSigned {
+		return
+	}
+
+	_, sw, err := models.HasUserStopwatch(c.User.ID)
+	if err != nil {
+		c.ServerError("HasUserStopwatch", err)
+		return
+	}
+
+	if sw == nil || sw.ID == 0 {
+		return
+	}
+
+	issue, err := models.GetIssueByID(sw.IssueID)
+	if err != nil || issue == nil {
+		c.ServerError("GetIssueByID", err)
+		return
+	}
+	if err = issue.LoadRepo(); err != nil {
+		c.ServerError("LoadRepo", err)
+		return
+	}
+
+	c.Data["ActiveStopwatch"] = StopwatchTmplInfo{
+		issue.Repo.FullName(),
+		issue.Index,
+		sw.Seconds() + 1, // ensure time is never zero in ui
+	}
+}
+
+// StopwatchTmplInfo is a view on a stopwatch specifically for template rendering
+type StopwatchTmplInfo struct {
+	RepoSlug   string
+	IssueIndex int64
+	Seconds    int64
+}

routers/web/repo/issue_test.go

@@ -0,0 +1,324 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCombineLabelComments(t *testing.T) {
+	var kases = []struct {
+		name           string
+		beforeCombined []*models.Comment
+		afterCombined  []*models.Comment
+	}{
+		{
+			name: "kase 1",
+			beforeCombined: []*models.Comment{
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*models.Comment{
+				{
+					Type:        models.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 0,
+					AddedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					RemovedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+		},
+		{
+			name: "kase 2",
+			beforeCombined: []*models.Comment{
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 70,
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*models.Comment{
+				{
+					Type:        models.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 0,
+					AddedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        models.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "",
+					CreatedUnix: 70,
+					RemovedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+		},
+		{
+			name: "kase 3",
+			beforeCombined: []*models.Comment{
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 2,
+					Content:  "",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*models.Comment{
+				{
+					Type:        models.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 0,
+					AddedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        models.CommentTypeLabel,
+					PosterID:    2,
+					Content:     "",
+					CreatedUnix: 0,
+					RemovedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    1,
+					Content:     "test",
+					CreatedUnix: 0,
+				},
+			},
+		},
+		{
+			name: "kase 4",
+			beforeCombined: []*models.Comment{
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &models.Label{
+						Name: "kind/backport",
+					},
+					CreatedUnix: 10,
+				},
+			},
+			afterCombined: []*models.Comment{
+				{
+					Type:        models.CommentTypeLabel,
+					PosterID:    1,
+					Content:     "1",
+					CreatedUnix: 10,
+					AddedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+						{
+							Name: "kind/backport",
+						},
+					},
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+				},
+			},
+		},
+		{
+			name: "kase 5",
+			beforeCombined: []*models.Comment{
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    2,
+					Content:     "testtest",
+					CreatedUnix: 0,
+				},
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+			},
+			afterCombined: []*models.Comment{
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "1",
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					AddedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					CreatedUnix: 0,
+				},
+				{
+					Type:        models.CommentTypeComment,
+					PosterID:    2,
+					Content:     "testtest",
+					CreatedUnix: 0,
+				},
+				{
+					Type:     models.CommentTypeLabel,
+					PosterID: 1,
+					Content:  "",
+					RemovedLabels: []*models.Label{
+						{
+							Name: "kind/bug",
+						},
+					},
+					Label: &models.Label{
+						Name: "kind/bug",
+					},
+					CreatedUnix: 0,
+				},
+			},
+		},
+	}
+
+	for _, kase := range kases {
+		t.Run(kase.name, func(t *testing.T) {
+			var issue = models.Issue{
+				Comments: kase.beforeCombined,
+			}
+			combineLabelComments(&issue)
+			assert.EqualValues(t, kase.afterCombined, issue.Comments)
+		})
+	}
+}

routers/web/repo/issue_timetrack.go

@@ -0,0 +1,86 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+)
+
+// AddTimeManually tracks time manually
+func AddTimeManually(c *context.Context) {
+	form := web.GetForm(c).(*forms.AddTimeManuallyForm)
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+	if !c.Repo.CanUseTimetracker(issue, c.User) {
+		c.NotFound("CanUseTimetracker", nil)
+		return
+	}
+	url := issue.HTMLURL()
+
+	if c.HasError() {
+		c.Flash.Error(c.GetErrMsg())
+		c.Redirect(url)
+		return
+	}
+
+	total := time.Duration(form.Hours)*time.Hour + time.Duration(form.Minutes)*time.Minute
+
+	if total <= 0 {
+		c.Flash.Error(c.Tr("repo.issues.add_time_sum_to_small"))
+		c.Redirect(url, http.StatusSeeOther)
+		return
+	}
+
+	if _, err := models.AddTime(c.User, issue, int64(total.Seconds()), time.Now()); err != nil {
+		c.ServerError("AddTime", err)
+		return
+	}
+
+	c.Redirect(url, http.StatusSeeOther)
+}
+
+// DeleteTime deletes tracked time
+func DeleteTime(c *context.Context) {
+	issue := GetActionIssue(c)
+	if c.Written() {
+		return
+	}
+	if !c.Repo.CanUseTimetracker(issue, c.User) {
+		c.NotFound("CanUseTimetracker", nil)
+		return
+	}
+
+	t, err := models.GetTrackedTimeByID(c.ParamsInt64(":timeid"))
+	if err != nil {
+		if models.IsErrNotExist(err) {
+			c.NotFound("time not found", err)
+			return
+		}
+		c.Error(http.StatusInternalServerError, "GetTrackedTimeByID", err.Error())
+		return
+	}
+
+	// only OP or admin may delete
+	if !c.IsSigned || (!c.IsUserSiteAdmin() && c.User.ID != t.UserID) {
+		c.Error(http.StatusForbidden, "not allowed")
+		return
+	}
+
+	if err = models.DeleteTime(t); err != nil {
+		c.ServerError("DeleteTime", err)
+		return
+	}
+
+	c.Flash.Success(c.Tr("repo.issues.del_time_history", models.SecToTime(t.Time)))
+	c.Redirect(issue.HTMLURL())
+}

routers/web/repo/issue_watch.go

@@ -0,0 +1,57 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"strconv"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+)
+
+// IssueWatch sets issue watching
+func IssueWatch(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if !ctx.IsSigned || (ctx.User.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
+		if log.IsTrace() {
+			if ctx.IsSigned {
+				issueType := "issues"
+				if issue.IsPull {
+					issueType = "pulls"
+				}
+				log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
+					"User in Repo has Permissions: %-+v",
+					ctx.User,
+					log.NewColoredIDValue(issue.PosterID),
+					issueType,
+					ctx.Repo.Repository,
+					ctx.Repo.Permission)
+			} else {
+				log.Trace("Permission Denied: Not logged in")
+			}
+		}
+		ctx.Error(http.StatusForbidden)
+		return
+	}
+
+	watch, err := strconv.ParseBool(ctx.Req.PostForm.Get("watch"))
+	if err != nil {
+		ctx.ServerError("watch is not bool", err)
+		return
+	}
+
+	if err := models.CreateOrUpdateIssueWatch(ctx.User.ID, issue.ID, watch); err != nil {
+		ctx.ServerError("CreateOrUpdateIssueWatch", err)
+		return
+	}
+
+	ctx.Redirect(issue.HTMLURL(), http.StatusSeeOther)
+}

routers/web/repo/lfs.go

@@ -0,0 +1,537 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"bytes"
+	"fmt"
+	gotemplate "html/template"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"path"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/charset"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/git/pipeline"
+	"code.gitea.io/gitea/modules/lfs"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
+	"code.gitea.io/gitea/modules/typesniffer"
+)
+
+const (
+	tplSettingsLFS         base.TplName = "repo/settings/lfs"
+	tplSettingsLFSLocks    base.TplName = "repo/settings/lfs_locks"
+	tplSettingsLFSFile     base.TplName = "repo/settings/lfs_file"
+	tplSettingsLFSFileFind base.TplName = "repo/settings/lfs_file_find"
+	tplSettingsLFSPointers base.TplName = "repo/settings/lfs_pointers"
+)
+
+// LFSFiles shows a repository's LFS files
+func LFSFiles(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSFiles", nil)
+		return
+	}
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+	total, err := ctx.Repo.Repository.CountLFSMetaObjects()
+	if err != nil {
+		ctx.ServerError("LFSFiles", err)
+		return
+	}
+	ctx.Data["Total"] = total
+
+	pager := context.NewPagination(int(total), setting.UI.ExplorePagingNum, page, 5)
+	ctx.Data["Title"] = ctx.Tr("repo.settings.lfs")
+	ctx.Data["PageIsSettingsLFS"] = true
+	lfsMetaObjects, err := ctx.Repo.Repository.GetLFSMetaObjects(pager.Paginater.Current(), setting.UI.ExplorePagingNum)
+	if err != nil {
+		ctx.ServerError("LFSFiles", err)
+		return
+	}
+	ctx.Data["LFSFiles"] = lfsMetaObjects
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplSettingsLFS)
+}
+
+// LFSLocks shows a repository's LFS locks
+func LFSLocks(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSLocks", nil)
+		return
+	}
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+	total, err := models.CountLFSLockByRepoID(ctx.Repo.Repository.ID)
+	if err != nil {
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+	ctx.Data["Total"] = total
+
+	pager := context.NewPagination(int(total), setting.UI.ExplorePagingNum, page, 5)
+	ctx.Data["Title"] = ctx.Tr("repo.settings.lfs_locks")
+	ctx.Data["PageIsSettingsLFS"] = true
+	lfsLocks, err := models.GetLFSLockByRepoID(ctx.Repo.Repository.ID, pager.Paginater.Current(), setting.UI.ExplorePagingNum)
+	if err != nil {
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+	ctx.Data["LFSLocks"] = lfsLocks
+
+	if len(lfsLocks) == 0 {
+		ctx.Data["Page"] = pager
+		ctx.HTML(http.StatusOK, tplSettingsLFSLocks)
+		return
+	}
+
+	// Clone base repo.
+	tmpBasePath, err := models.CreateTemporaryPath("locks")
+	if err != nil {
+		log.Error("Failed to create temporary path: %v", err)
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+	defer func() {
+		if err := models.RemoveTemporaryPath(tmpBasePath); err != nil {
+			log.Error("LFSLocks: RemoveTemporaryPath: %v", err)
+		}
+	}()
+
+	if err := git.Clone(ctx.Repo.Repository.RepoPath(), tmpBasePath, git.CloneRepoOptions{
+		Bare:   true,
+		Shared: true,
+	}); err != nil {
+		log.Error("Failed to clone repository: %s (%v)", ctx.Repo.Repository.FullName(), err)
+		ctx.ServerError("LFSLocks", fmt.Errorf("Failed to clone repository: %s (%v)", ctx.Repo.Repository.FullName(), err))
+		return
+	}
+
+	gitRepo, err := git.OpenRepository(tmpBasePath)
+	if err != nil {
+		log.Error("Unable to open temporary repository: %s (%v)", tmpBasePath, err)
+		ctx.ServerError("LFSLocks", fmt.Errorf("Failed to open new temporary repository in: %s %v", tmpBasePath, err))
+		return
+	}
+	defer gitRepo.Close()
+
+	filenames := make([]string, len(lfsLocks))
+
+	for i, lock := range lfsLocks {
+		filenames[i] = lock.Path
+	}
+
+	if err := gitRepo.ReadTreeToIndex(ctx.Repo.Repository.DefaultBranch); err != nil {
+		log.Error("Unable to read the default branch to the index: %s (%v)", ctx.Repo.Repository.DefaultBranch, err)
+		ctx.ServerError("LFSLocks", fmt.Errorf("Unable to read the default branch to the index: %s (%v)", ctx.Repo.Repository.DefaultBranch, err))
+		return
+	}
+
+	name2attribute2info, err := gitRepo.CheckAttribute(git.CheckAttributeOpts{
+		Attributes: []string{"lockable"},
+		Filenames:  filenames,
+		CachedOnly: true,
+	})
+	if err != nil {
+		log.Error("Unable to check attributes in %s (%v)", tmpBasePath, err)
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+
+	lockables := make([]bool, len(lfsLocks))
+	for i, lock := range lfsLocks {
+		attribute2info, has := name2attribute2info[lock.Path]
+		if !has {
+			continue
+		}
+		if attribute2info["lockable"] != "set" {
+			continue
+		}
+		lockables[i] = true
+	}
+	ctx.Data["Lockables"] = lockables
+
+	filelist, err := gitRepo.LsFiles(filenames...)
+	if err != nil {
+		log.Error("Unable to lsfiles in %s (%v)", tmpBasePath, err)
+		ctx.ServerError("LFSLocks", err)
+		return
+	}
+
+	filemap := make(map[string]bool, len(filelist))
+	for _, name := range filelist {
+		filemap[name] = true
+	}
+
+	linkable := make([]bool, len(lfsLocks))
+	for i, lock := range lfsLocks {
+		linkable[i] = filemap[lock.Path]
+	}
+	ctx.Data["Linkable"] = linkable
+
+	ctx.Data["Page"] = pager
+	ctx.HTML(http.StatusOK, tplSettingsLFSLocks)
+}
+
+// LFSLockFile locks a file
+func LFSLockFile(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSLocks", nil)
+		return
+	}
+	originalPath := ctx.Query("path")
+	lockPath := originalPath
+	if len(lockPath) == 0 {
+		ctx.Flash.Error(ctx.Tr("repo.settings.lfs_invalid_locking_path", originalPath))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+		return
+	}
+	if lockPath[len(lockPath)-1] == '/' {
+		ctx.Flash.Error(ctx.Tr("repo.settings.lfs_invalid_lock_directory", originalPath))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+		return
+	}
+	lockPath = path.Clean("/" + lockPath)[1:]
+	if len(lockPath) == 0 {
+		ctx.Flash.Error(ctx.Tr("repo.settings.lfs_invalid_locking_path", originalPath))
+		ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+		return
+	}
+
+	_, err := models.CreateLFSLock(&models.LFSLock{
+		Repo:  ctx.Repo.Repository,
+		Path:  lockPath,
+		Owner: ctx.User,
+	})
+	if err != nil {
+		if models.IsErrLFSLockAlreadyExist(err) {
+			ctx.Flash.Error(ctx.Tr("repo.settings.lfs_lock_already_exists", originalPath))
+			ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+			return
+		}
+		ctx.ServerError("LFSLockFile", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+}
+
+// LFSUnlock forcibly unlocks an LFS lock
+func LFSUnlock(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSUnlock", nil)
+		return
+	}
+	_, err := models.DeleteLFSLockByID(ctx.ParamsInt64("lid"), ctx.User, true)
+	if err != nil {
+		ctx.ServerError("LFSUnlock", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs/locks")
+}
+
+// LFSFileGet serves a single LFS file
+func LFSFileGet(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSFileGet", nil)
+		return
+	}
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+	oid := ctx.Params("oid")
+	ctx.Data["Title"] = oid
+	ctx.Data["PageIsSettingsLFS"] = true
+	meta, err := ctx.Repo.Repository.GetLFSMetaObjectByOid(oid)
+	if err != nil {
+		if err == models.ErrLFSObjectNotExist {
+			ctx.NotFound("LFSFileGet", nil)
+			return
+		}
+		ctx.ServerError("LFSFileGet", err)
+		return
+	}
+	ctx.Data["LFSFile"] = meta
+	dataRc, err := lfs.ReadMetaObject(meta.Pointer)
+	if err != nil {
+		ctx.ServerError("LFSFileGet", err)
+		return
+	}
+	defer dataRc.Close()
+	buf := make([]byte, 1024)
+	n, err := dataRc.Read(buf)
+	if err != nil {
+		ctx.ServerError("Data", err)
+		return
+	}
+	buf = buf[:n]
+
+	st := typesniffer.DetectContentType(buf)
+	ctx.Data["IsTextFile"] = st.IsText()
+	isRepresentableAsText := st.IsRepresentableAsText()
+
+	fileSize := meta.Size
+	ctx.Data["FileSize"] = meta.Size
+	ctx.Data["RawFileLink"] = fmt.Sprintf("%s%s.git/info/lfs/objects/%s/%s", setting.AppURL, ctx.Repo.Repository.FullName(), meta.Oid, "direct")
+	switch {
+	case isRepresentableAsText:
+		if st.IsSvgImage() {
+			ctx.Data["IsImageFile"] = true
+		}
+
+		if fileSize >= setting.UI.MaxDisplayFileSize {
+			ctx.Data["IsFileTooLarge"] = true
+			break
+		}
+
+		buf := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc))
+
+		// Building code view blocks with line number on server side.
+		fileContent, _ := ioutil.ReadAll(buf)
+
+		var output bytes.Buffer
+		lines := strings.Split(string(fileContent), "\n")
+		//Remove blank line at the end of file
+		if len(lines) > 0 && lines[len(lines)-1] == "" {
+			lines = lines[:len(lines)-1]
+		}
+		for index, line := range lines {
+			line = gotemplate.HTMLEscapeString(line)
+			if index != len(lines)-1 {
+				line += "\n"
+			}
+			output.WriteString(fmt.Sprintf(`<li class="L%d" rel="L%d">%s</li>`, index+1, index+1, line))
+		}
+		ctx.Data["FileContent"] = gotemplate.HTML(output.String())
+
+		output.Reset()
+		for i := 0; i < len(lines); i++ {
+			output.WriteString(fmt.Sprintf(`<span id="L%d">%d</span>`, i+1, i+1))
+		}
+		ctx.Data["LineNums"] = gotemplate.HTML(output.String())
+
+	case st.IsPDF():
+		ctx.Data["IsPDFFile"] = true
+	case st.IsVideo():
+		ctx.Data["IsVideoFile"] = true
+	case st.IsAudio():
+		ctx.Data["IsAudioFile"] = true
+	case st.IsImage() && (setting.UI.SVG.Enabled || !st.IsSvgImage()):
+		ctx.Data["IsImageFile"] = true
+	}
+	ctx.HTML(http.StatusOK, tplSettingsLFSFile)
+}
+
+// LFSDelete disassociates the provided oid from the repository and if the lfs file is no longer associated with any repositories - deletes it
+func LFSDelete(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSDelete", nil)
+		return
+	}
+	oid := ctx.Params("oid")
+	count, err := ctx.Repo.Repository.RemoveLFSMetaObjectByOid(oid)
+	if err != nil {
+		ctx.ServerError("LFSDelete", err)
+		return
+	}
+	// FIXME: Warning: the LFS store is not locked - and can't be locked - there could be a race condition here
+	// Please note a similar condition happens in models/repo.go DeleteRepository
+	if count == 0 {
+		oidPath := path.Join(oid[0:2], oid[2:4], oid[4:])
+		err = storage.LFS.Delete(oidPath)
+		if err != nil {
+			ctx.ServerError("LFSDelete", err)
+			return
+		}
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs")
+}
+
+// LFSFileFind guesses a sha for the provided oid (or uses the provided sha) and then finds the commits that contain this sha
+func LFSFileFind(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSFind", nil)
+		return
+	}
+	oid := ctx.Query("oid")
+	size := ctx.QueryInt64("size")
+	if len(oid) == 0 || size == 0 {
+		ctx.NotFound("LFSFind", nil)
+		return
+	}
+	sha := ctx.Query("sha")
+	ctx.Data["Title"] = oid
+	ctx.Data["PageIsSettingsLFS"] = true
+	var hash git.SHA1
+	if len(sha) == 0 {
+		pointer := lfs.Pointer{Oid: oid, Size: size}
+		hash = git.ComputeBlobHash([]byte(pointer.StringContent()))
+		sha = hash.String()
+	} else {
+		hash = git.MustIDFromString(sha)
+	}
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+	ctx.Data["Oid"] = oid
+	ctx.Data["Size"] = size
+	ctx.Data["SHA"] = sha
+
+	results, err := pipeline.FindLFSFile(ctx.Repo.GitRepo, hash)
+	if err != nil && err != io.EOF {
+		log.Error("Failure in FindLFSFile: %v", err)
+		ctx.ServerError("LFSFind: FindLFSFile.", err)
+		return
+	}
+
+	ctx.Data["Results"] = results
+	ctx.HTML(http.StatusOK, tplSettingsLFSFileFind)
+}
+
+// LFSPointerFiles will search the repository for pointer files and report which are missing LFS files in the content store
+func LFSPointerFiles(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSFileGet", nil)
+		return
+	}
+	ctx.Data["PageIsSettingsLFS"] = true
+	err := git.LoadGitVersion()
+	if err != nil {
+		log.Fatal("Error retrieving git version: %v", err)
+	}
+	ctx.Data["LFSFilesLink"] = ctx.Repo.RepoLink + "/settings/lfs"
+
+	err = func() error {
+		pointerChan := make(chan lfs.PointerBlob)
+		errChan := make(chan error, 1)
+		go lfs.SearchPointerBlobs(ctx, ctx.Repo.GitRepo, pointerChan, errChan)
+
+		numPointers := 0
+		var numAssociated, numNoExist, numAssociatable int
+
+		type pointerResult struct {
+			SHA        string
+			Oid        string
+			Size       int64
+			InRepo     bool
+			Exists     bool
+			Accessible bool
+		}
+
+		results := []pointerResult{}
+
+		contentStore := lfs.NewContentStore()
+		repo := ctx.Repo.Repository
+
+		for pointerBlob := range pointerChan {
+			numPointers++
+
+			result := pointerResult{
+				SHA:  pointerBlob.Hash,
+				Oid:  pointerBlob.Oid,
+				Size: pointerBlob.Size,
+			}
+
+			if _, err := repo.GetLFSMetaObjectByOid(pointerBlob.Oid); err != nil {
+				if err != models.ErrLFSObjectNotExist {
+					return err
+				}
+			} else {
+				result.InRepo = true
+			}
+
+			result.Exists, err = contentStore.Exists(pointerBlob.Pointer)
+			if err != nil {
+				return err
+			}
+
+			if result.Exists {
+				if !result.InRepo {
+					// Can we fix?
+					// OK well that's "simple"
+					// - we need to check whether current user has access to a repo that has access to the file
+					result.Accessible, err = models.LFSObjectAccessible(ctx.User, pointerBlob.Oid)
+					if err != nil {
+						return err
+					}
+				} else {
+					result.Accessible = true
+				}
+			}
+
+			if result.InRepo {
+				numAssociated++
+			}
+			if !result.Exists {
+				numNoExist++
+			}
+			if !result.InRepo && result.Accessible {
+				numAssociatable++
+			}
+
+			results = append(results, result)
+		}
+
+		err, has := <-errChan
+		if has {
+			return err
+		}
+
+		ctx.Data["Pointers"] = results
+		ctx.Data["NumPointers"] = numPointers
+		ctx.Data["NumAssociated"] = numAssociated
+		ctx.Data["NumAssociatable"] = numAssociatable
+		ctx.Data["NumNoExist"] = numNoExist
+		ctx.Data["NumNotAssociated"] = numPointers - numAssociated
+
+		return nil
+	}()
+	if err != nil {
+		ctx.ServerError("LFSPointerFiles", err)
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplSettingsLFSPointers)
+}
+
+// LFSAutoAssociate auto associates accessible lfs files
+func LFSAutoAssociate(ctx *context.Context) {
+	if !setting.LFS.StartServer {
+		ctx.NotFound("LFSAutoAssociate", nil)
+		return
+	}
+	oids := ctx.QueryStrings("oid")
+	metas := make([]*models.LFSMetaObject, len(oids))
+	for i, oid := range oids {
+		idx := strings.IndexRune(oid, ' ')
+		if idx < 0 || idx+1 > len(oid) {
+			ctx.ServerError("LFSAutoAssociate", fmt.Errorf("Illegal oid input: %s", oid))
+			return
+		}
+		var err error
+		metas[i] = &models.LFSMetaObject{}
+		metas[i].Size, err = strconv.ParseInt(oid[idx+1:], 10, 64)
+		if err != nil {
+			ctx.ServerError("LFSAutoAssociate", fmt.Errorf("Illegal oid input: %s %v", oid, err))
+			return
+		}
+		metas[i].Oid = oid[:idx]
+		//metas[i].RepositoryID = ctx.Repo.Repository.ID
+	}
+	if err := models.LFSAutoAssociate(metas, ctx.User, ctx.Repo.Repository.ID); err != nil {
+		ctx.ServerError("LFSAutoAssociate", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/settings/lfs")
+}

routers/web/repo/main_test.go

@@ -0,0 +1,16 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+)
+
+func TestMain(m *testing.M) {
+	models.MainTest(m, filepath.Join("..", "..", ".."))
+}

routers/web/repo/middlewares.go

@@ -0,0 +1,72 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"fmt"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+)
+
+// SetEditorconfigIfExists set editor config as render variable
+func SetEditorconfigIfExists(ctx *context.Context) {
+	if ctx.Repo.Repository.IsEmpty {
+		ctx.Data["Editorconfig"] = nil
+		return
+	}
+
+	ec, err := ctx.Repo.GetEditorconfig()
+
+	if err != nil && !git.IsErrNotExist(err) {
+		description := fmt.Sprintf("Error while getting .editorconfig file: %v", err)
+		if err := models.CreateRepositoryNotice(description); err != nil {
+			ctx.ServerError("ErrCreatingReporitoryNotice", err)
+		}
+		return
+	}
+
+	ctx.Data["Editorconfig"] = ec
+}
+
+// SetDiffViewStyle set diff style as render variable
+func SetDiffViewStyle(ctx *context.Context) {
+	queryStyle := ctx.Query("style")
+
+	if !ctx.IsSigned {
+		ctx.Data["IsSplitStyle"] = queryStyle == "split"
+		return
+	}
+
+	var (
+		userStyle = ctx.User.DiffViewStyle
+		style     string
+	)
+
+	if queryStyle == "unified" || queryStyle == "split" {
+		style = queryStyle
+	} else if userStyle == "unified" || userStyle == "split" {
+		style = userStyle
+	} else {
+		style = "unified"
+	}
+
+	ctx.Data["IsSplitStyle"] = style == "split"
+	if err := ctx.User.UpdateDiffViewStyle(style); err != nil {
+		ctx.ServerError("ErrUpdateDiffViewStyle", err)
+	}
+}
+
+// SetWhitespaceBehavior set whitespace behavior as render variable
+func SetWhitespaceBehavior(ctx *context.Context) {
+	whitespaceBehavior := ctx.Query("whitespace")
+	switch whitespaceBehavior {
+	case "ignore-all", "ignore-eol", "ignore-change":
+		ctx.Data["WhitespaceBehavior"] = whitespaceBehavior
+	default:
+		ctx.Data["WhitespaceBehavior"] = ""
+	}
+}

routers/web/repo/migrate.go

@@ -0,0 +1,254 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/lfs"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/migrations"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/task"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+)
+
+const (
+	tplMigrate base.TplName = "repo/migrate/migrate"
+)
+
+// Migrate render migration of repository page
+func Migrate(ctx *context.Context) {
+	if setting.Repository.DisableMigrations {
+		ctx.Error(http.StatusForbidden, "Migrate: the site administrator has disabled migrations")
+		return
+	}
+
+	serviceType := structs.GitServiceType(ctx.QueryInt("service_type"))
+
+	setMigrationContextData(ctx, serviceType)
+
+	if serviceType == 0 {
+		ctx.Data["Org"] = ctx.Query("org")
+		ctx.Data["Mirror"] = ctx.Query("mirror")
+
+		ctx.HTML(http.StatusOK, tplMigrate)
+		return
+	}
+
+	ctx.Data["private"] = getRepoPrivate(ctx)
+	ctx.Data["mirror"] = ctx.Query("mirror") == "1"
+	ctx.Data["lfs"] = ctx.Query("lfs") == "1"
+	ctx.Data["wiki"] = ctx.Query("wiki") == "1"
+	ctx.Data["milestones"] = ctx.Query("milestones") == "1"
+	ctx.Data["labels"] = ctx.Query("labels") == "1"
+	ctx.Data["issues"] = ctx.Query("issues") == "1"
+	ctx.Data["pull_requests"] = ctx.Query("pull_requests") == "1"
+	ctx.Data["releases"] = ctx.Query("releases") == "1"
+
+	ctxUser := checkContextUser(ctx, ctx.QueryInt64("org"))
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	ctx.HTML(http.StatusOK, base.TplName("repo/migrate/"+serviceType.Name()))
+}
+
+func handleMigrateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form *forms.MigrateRepoForm) {
+	if setting.Repository.DisableMigrations {
+		ctx.Error(http.StatusForbidden, "MigrateError: the site administrator has disabled migrations")
+		return
+	}
+
+	switch {
+	case migrations.IsRateLimitError(err):
+		ctx.RenderWithErr(ctx.Tr("form.visit_rate_limit"), tpl, form)
+	case migrations.IsTwoFactorAuthError(err):
+		ctx.RenderWithErr(ctx.Tr("form.2fa_auth_required"), tpl, form)
+	case models.IsErrReachLimitOfRepo(err):
+		ctx.RenderWithErr(ctx.Tr("repo.form.reach_limit_of_creation", owner.MaxCreationLimit()), tpl, form)
+	case models.IsErrRepoAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErr(ctx.Tr("form.repo_name_been_taken"), tpl, form)
+	case models.IsErrRepoFilesAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		switch {
+		case ctx.IsUserSiteAdmin() || (setting.Repository.AllowAdoptionOfUnadoptedRepositories && setting.Repository.AllowDeleteOfUnadoptedRepositories):
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist.adopt_or_delete"), tpl, form)
+		case setting.Repository.AllowAdoptionOfUnadoptedRepositories:
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist.adopt"), tpl, form)
+		case setting.Repository.AllowDeleteOfUnadoptedRepositories:
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist.delete"), tpl, form)
+		default:
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist"), tpl, form)
+		}
+	case models.IsErrNameReserved(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErr(ctx.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), tpl, form)
+	case models.IsErrNamePatternNotAllowed(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErr(ctx.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form)
+	default:
+		remoteAddr, _ := forms.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
+		err = util.URLSanitizedError(err, remoteAddr)
+		if strings.Contains(err.Error(), "Authentication failed") ||
+			strings.Contains(err.Error(), "Bad credentials") ||
+			strings.Contains(err.Error(), "could not read Username") {
+			ctx.Data["Err_Auth"] = true
+			ctx.RenderWithErr(ctx.Tr("form.auth_failed", err.Error()), tpl, form)
+		} else if strings.Contains(err.Error(), "fatal:") {
+			ctx.Data["Err_CloneAddr"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.migrate.failed", err.Error()), tpl, form)
+		} else {
+			ctx.ServerError(name, err)
+		}
+	}
+}
+
+func handleMigrateRemoteAddrError(ctx *context.Context, err error, tpl base.TplName, form *forms.MigrateRepoForm) {
+	if models.IsErrInvalidCloneAddr(err) {
+		addrErr := err.(*models.ErrInvalidCloneAddr)
+		switch {
+		case addrErr.IsProtocolInvalid:
+			ctx.RenderWithErr(ctx.Tr("repo.mirror_address_protocol_invalid"), tpl, form)
+		case addrErr.IsURLError:
+			ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, form)
+		case addrErr.IsPermissionDenied:
+			if addrErr.LocalPath {
+				ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied"), tpl, form)
+			} else if len(addrErr.PrivateNet) == 0 {
+				ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_blocked"), tpl, form)
+			} else {
+				ctx.RenderWithErr(ctx.Tr("repo.migrate.permission_denied_private_ip"), tpl, form)
+			}
+		case addrErr.IsInvalidPath:
+			ctx.RenderWithErr(ctx.Tr("repo.migrate.invalid_local_path"), tpl, form)
+		default:
+			log.Error("Error whilst updating url: %v", err)
+			ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, form)
+		}
+	} else {
+		log.Error("Error whilst updating url: %v", err)
+		ctx.RenderWithErr(ctx.Tr("form.url_error"), tpl, form)
+	}
+}
+
+// MigratePost response for migrating from external git repository
+func MigratePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.MigrateRepoForm)
+	if setting.Repository.DisableMigrations {
+		ctx.Error(http.StatusForbidden, "MigratePost: the site administrator has disabled migrations")
+		return
+	}
+
+	serviceType := structs.GitServiceType(form.Service)
+
+	setMigrationContextData(ctx, serviceType)
+
+	ctxUser := checkContextUser(ctx, form.UID)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	tpl := base.TplName("repo/migrate/" + serviceType.Name())
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tpl)
+		return
+	}
+
+	remoteAddr, err := forms.ParseRemoteAddr(form.CloneAddr, form.AuthUsername, form.AuthPassword)
+	if err == nil {
+		err = migrations.IsMigrateURLAllowed(remoteAddr, ctx.User)
+	}
+	if err != nil {
+		ctx.Data["Err_CloneAddr"] = true
+		handleMigrateRemoteAddrError(ctx, err, tpl, form)
+		return
+	}
+
+	form.LFS = form.LFS && setting.LFS.StartServer
+
+	if form.LFS && len(form.LFSEndpoint) > 0 {
+		ep := lfs.DetermineEndpoint("", form.LFSEndpoint)
+		if ep == nil {
+			ctx.Data["Err_LFSEndpoint"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.migrate.invalid_lfs_endpoint"), tpl, &form)
+			return
+		}
+		err = migrations.IsMigrateURLAllowed(ep.String(), ctx.User)
+		if err != nil {
+			ctx.Data["Err_LFSEndpoint"] = true
+			handleMigrateRemoteAddrError(ctx, err, tpl, form)
+			return
+		}
+	}
+
+	var opts = migrations.MigrateOptions{
+		OriginalURL:    form.CloneAddr,
+		GitServiceType: serviceType,
+		CloneAddr:      remoteAddr,
+		RepoName:       form.RepoName,
+		Description:    form.Description,
+		Private:        form.Private || setting.Repository.ForcePrivate,
+		Mirror:         form.Mirror && !setting.Repository.DisableMirrors,
+		LFS:            form.LFS,
+		LFSEndpoint:    form.LFSEndpoint,
+		AuthUsername:   form.AuthUsername,
+		AuthPassword:   form.AuthPassword,
+		AuthToken:      form.AuthToken,
+		Wiki:           form.Wiki,
+		Issues:         form.Issues,
+		Milestones:     form.Milestones,
+		Labels:         form.Labels,
+		Comments:       form.Issues || form.PullRequests,
+		PullRequests:   form.PullRequests,
+		Releases:       form.Releases,
+	}
+	if opts.Mirror {
+		opts.Issues = false
+		opts.Milestones = false
+		opts.Labels = false
+		opts.Comments = false
+		opts.PullRequests = false
+		opts.Releases = false
+	}
+
+	err = models.CheckCreateRepository(ctx.User, ctxUser, opts.RepoName, false)
+	if err != nil {
+		handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, form)
+		return
+	}
+
+	err = task.MigrateRepository(ctx.User, ctxUser, opts)
+	if err == nil {
+		ctx.Redirect(ctxUser.HomeLink() + "/" + opts.RepoName)
+		return
+	}
+
+	handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, form)
+}
+
+func setMigrationContextData(ctx *context.Context, serviceType structs.GitServiceType) {
+	ctx.Data["Title"] = ctx.Tr("new_migrate")
+
+	ctx.Data["LFSActive"] = setting.LFS.StartServer
+	ctx.Data["IsForcedPrivate"] = setting.Repository.ForcePrivate
+	ctx.Data["DisableMirrors"] = setting.Repository.DisableMirrors
+
+	// Plain git should be first
+	ctx.Data["Services"] = append([]structs.GitServiceType{structs.PlainGitService}, structs.SupportedFullGitService...)
+	ctx.Data["service"] = serviceType
+}

routers/web/repo/milestone.go

@@ -0,0 +1,299 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/markup/markdown"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+
+	"xorm.io/builder"
+)
+
+const (
+	tplMilestone       base.TplName = "repo/issue/milestones"
+	tplMilestoneNew    base.TplName = "repo/issue/milestone_new"
+	tplMilestoneIssues base.TplName = "repo/issue/milestone_issues"
+)
+
+// Milestones render milestones page
+func Milestones(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.milestones")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsMilestones"] = true
+
+	isShowClosed := ctx.Query("state") == "closed"
+	stats, err := models.GetMilestonesStatsByRepoCond(builder.And(builder.Eq{"id": ctx.Repo.Repository.ID}))
+	if err != nil {
+		ctx.ServerError("MilestoneStats", err)
+		return
+	}
+	ctx.Data["OpenCount"] = stats.OpenCount
+	ctx.Data["ClosedCount"] = stats.ClosedCount
+
+	sortType := ctx.Query("sort")
+
+	keyword := strings.Trim(ctx.Query("q"), " ")
+
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	var total int
+	var state structs.StateType
+	if !isShowClosed {
+		total = int(stats.OpenCount)
+		state = structs.StateOpen
+	} else {
+		total = int(stats.ClosedCount)
+		state = structs.StateClosed
+	}
+
+	miles, err := models.GetMilestones(models.GetMilestonesOption{
+		ListOptions: models.ListOptions{
+			Page:     page,
+			PageSize: setting.UI.IssuePagingNum,
+		},
+		RepoID:   ctx.Repo.Repository.ID,
+		State:    state,
+		SortType: sortType,
+		Name:     keyword,
+	})
+	if err != nil {
+		ctx.ServerError("GetMilestones", err)
+		return
+	}
+	if ctx.Repo.Repository.IsTimetrackerEnabled() {
+		if err := miles.LoadTotalTrackedTimes(); err != nil {
+			ctx.ServerError("LoadTotalTrackedTimes", err)
+			return
+		}
+	}
+	for _, m := range miles {
+		m.RenderedContent, err = markdown.RenderString(&markup.RenderContext{
+			URLPrefix: ctx.Repo.RepoLink,
+			Metas:     ctx.Repo.Repository.ComposeMetas(),
+		}, m.Content)
+		if err != nil {
+			ctx.ServerError("RenderString", err)
+			return
+		}
+	}
+	ctx.Data["Milestones"] = miles
+
+	if isShowClosed {
+		ctx.Data["State"] = "closed"
+	} else {
+		ctx.Data["State"] = "open"
+	}
+
+	ctx.Data["SortType"] = sortType
+	ctx.Data["Keyword"] = keyword
+	ctx.Data["IsShowClosed"] = isShowClosed
+
+	pager := context.NewPagination(total, setting.UI.IssuePagingNum, page, 5)
+	pager.AddParam(ctx, "state", "State")
+	pager.AddParam(ctx, "q", "Keyword")
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplMilestone)
+}
+
+// NewMilestone render creating milestone page
+func NewMilestone(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.new")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsMilestones"] = true
+	ctx.HTML(http.StatusOK, tplMilestoneNew)
+}
+
+// NewMilestonePost response for creating milestone
+func NewMilestonePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateMilestoneForm)
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.new")
+	ctx.Data["PageIsIssueList"] = true
+	ctx.Data["PageIsMilestones"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplMilestoneNew)
+		return
+	}
+
+	if len(form.Deadline) == 0 {
+		form.Deadline = "9999-12-31"
+	}
+	deadline, err := time.ParseInLocation("2006-01-02", form.Deadline, time.Local)
+	if err != nil {
+		ctx.Data["Err_Deadline"] = true
+		ctx.RenderWithErr(ctx.Tr("repo.milestones.invalid_due_date_format"), tplMilestoneNew, &form)
+		return
+	}
+
+	deadline = time.Date(deadline.Year(), deadline.Month(), deadline.Day(), 23, 59, 59, 0, deadline.Location())
+	if err = models.NewMilestone(&models.Milestone{
+		RepoID:       ctx.Repo.Repository.ID,
+		Name:         form.Title,
+		Content:      form.Content,
+		DeadlineUnix: timeutil.TimeStamp(deadline.Unix()),
+	}); err != nil {
+		ctx.ServerError("NewMilestone", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.milestones.create_success", form.Title))
+	ctx.Redirect(ctx.Repo.RepoLink + "/milestones")
+}
+
+// EditMilestone render edting milestone page
+func EditMilestone(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.edit")
+	ctx.Data["PageIsMilestones"] = true
+	ctx.Data["PageIsEditMilestone"] = true
+
+	m, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrMilestoneNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetMilestoneByRepoID", err)
+		}
+		return
+	}
+	ctx.Data["title"] = m.Name
+	ctx.Data["content"] = m.Content
+	if len(m.DeadlineString) > 0 {
+		ctx.Data["deadline"] = m.DeadlineString
+	}
+	ctx.HTML(http.StatusOK, tplMilestoneNew)
+}
+
+// EditMilestonePost response for edting milestone
+func EditMilestonePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateMilestoneForm)
+	ctx.Data["Title"] = ctx.Tr("repo.milestones.edit")
+	ctx.Data["PageIsMilestones"] = true
+	ctx.Data["PageIsEditMilestone"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplMilestoneNew)
+		return
+	}
+
+	if len(form.Deadline) == 0 {
+		form.Deadline = "9999-12-31"
+	}
+	deadline, err := time.ParseInLocation("2006-01-02", form.Deadline, time.Local)
+	if err != nil {
+		ctx.Data["Err_Deadline"] = true
+		ctx.RenderWithErr(ctx.Tr("repo.milestones.invalid_due_date_format"), tplMilestoneNew, &form)
+		return
+	}
+
+	deadline = time.Date(deadline.Year(), deadline.Month(), deadline.Day(), 23, 59, 59, 0, deadline.Location())
+	m, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrMilestoneNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetMilestoneByRepoID", err)
+		}
+		return
+	}
+	m.Name = form.Title
+	m.Content = form.Content
+	m.DeadlineUnix = timeutil.TimeStamp(deadline.Unix())
+	if err = models.UpdateMilestone(m, m.IsClosed); err != nil {
+		ctx.ServerError("UpdateMilestone", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.milestones.edit_success", m.Name))
+	ctx.Redirect(ctx.Repo.RepoLink + "/milestones")
+}
+
+// ChangeMilestoneStatus response for change a milestone's status
+func ChangeMilestoneStatus(ctx *context.Context) {
+	toClose := false
+	switch ctx.Params(":action") {
+	case "open":
+		toClose = false
+	case "close":
+		toClose = true
+	default:
+		ctx.Redirect(ctx.Repo.RepoLink + "/milestones")
+	}
+	id := ctx.ParamsInt64(":id")
+
+	if err := models.ChangeMilestoneStatusByRepoIDAndID(ctx.Repo.Repository.ID, id, toClose); err != nil {
+		if models.IsErrMilestoneNotExist(err) {
+			ctx.NotFound("", err)
+		} else {
+			ctx.ServerError("ChangeMilestoneStatusByIDAndRepoID", err)
+		}
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/milestones?state=" + ctx.Params(":action"))
+}
+
+// DeleteMilestone delete a milestone
+func DeleteMilestone(ctx *context.Context) {
+	if err := models.DeleteMilestoneByRepoID(ctx.Repo.Repository.ID, ctx.QueryInt64("id")); err != nil {
+		ctx.Flash.Error("DeleteMilestoneByRepoID: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.milestones.deletion_success"))
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": ctx.Repo.RepoLink + "/milestones",
+	})
+}
+
+// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
+func MilestoneIssuesAndPulls(ctx *context.Context) {
+	milestoneID := ctx.ParamsInt64(":id")
+	milestone, err := models.GetMilestoneByID(milestoneID)
+	if err != nil {
+		if models.IsErrMilestoneNotExist(err) {
+			ctx.NotFound("GetMilestoneByID", err)
+			return
+		}
+
+		ctx.ServerError("GetMilestoneByID", err)
+		return
+	}
+
+	milestone.RenderedContent, err = markdown.RenderString(&markup.RenderContext{
+		URLPrefix: ctx.Repo.RepoLink,
+		Metas:     ctx.Repo.Repository.ComposeMetas(),
+	}, milestone.Content)
+	if err != nil {
+		ctx.ServerError("RenderString", err)
+		return
+	}
+
+	ctx.Data["Title"] = milestone.Name
+	ctx.Data["Milestone"] = milestone
+
+	issues(ctx, milestoneID, 0, util.OptionalBoolNone)
+	ctx.Data["NewIssueChooseTemplate"] = len(ctx.IssueTemplatesFromDefaultBranch()) > 0
+
+	ctx.Data["CanWriteIssues"] = ctx.Repo.CanWriteIssuesOrPulls(false)
+	ctx.Data["CanWritePulls"] = ctx.Repo.CanWriteIssuesOrPulls(true)
+
+	ctx.HTML(http.StatusOK, tplMilestoneIssues)
+}

routers/web/repo/projects.go

@@ -0,0 +1,665 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/markup/markdown"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+)
+
+const (
+	tplProjects           base.TplName = "repo/projects/list"
+	tplProjectsNew        base.TplName = "repo/projects/new"
+	tplProjectsView       base.TplName = "repo/projects/view"
+	tplGenericProjectsNew base.TplName = "user/project"
+)
+
+// MustEnableProjects check if projects are enabled in settings
+func MustEnableProjects(ctx *context.Context) {
+	if models.UnitTypeProjects.UnitGlobalDisabled() {
+		ctx.NotFound("EnableKanbanBoard", nil)
+		return
+	}
+
+	if ctx.Repo.Repository != nil {
+		if !ctx.Repo.CanRead(models.UnitTypeProjects) {
+			ctx.NotFound("MustEnableProjects", nil)
+			return
+		}
+	}
+}
+
+// Projects renders the home page of projects
+func Projects(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.project_board")
+
+	sortType := ctx.QueryTrim("sort")
+
+	isShowClosed := strings.ToLower(ctx.QueryTrim("state")) == "closed"
+	repo := ctx.Repo.Repository
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	ctx.Data["OpenCount"] = repo.NumOpenProjects
+	ctx.Data["ClosedCount"] = repo.NumClosedProjects
+
+	var total int
+	if !isShowClosed {
+		total = repo.NumOpenProjects
+	} else {
+		total = repo.NumClosedProjects
+	}
+
+	projects, count, err := models.GetProjects(models.ProjectSearchOptions{
+		RepoID:   repo.ID,
+		Page:     page,
+		IsClosed: util.OptionalBoolOf(isShowClosed),
+		SortType: sortType,
+		Type:     models.ProjectTypeRepository,
+	})
+	if err != nil {
+		ctx.ServerError("GetProjects", err)
+		return
+	}
+
+	for i := range projects {
+		projects[i].RenderedContent, err = markdown.RenderString(&markup.RenderContext{
+			URLPrefix: ctx.Repo.RepoLink,
+			Metas:     ctx.Repo.Repository.ComposeMetas(),
+		}, projects[i].Description)
+		if err != nil {
+			ctx.ServerError("RenderString", err)
+			return
+		}
+	}
+
+	ctx.Data["Projects"] = projects
+
+	if isShowClosed {
+		ctx.Data["State"] = "closed"
+	} else {
+		ctx.Data["State"] = "open"
+	}
+
+	numPages := 0
+	if count > 0 {
+		numPages = int((int(count) - 1) / setting.UI.IssuePagingNum)
+	}
+
+	pager := context.NewPagination(total, setting.UI.IssuePagingNum, page, numPages)
+	pager.AddParam(ctx, "state", "State")
+	ctx.Data["Page"] = pager
+
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+	ctx.Data["IsShowClosed"] = isShowClosed
+	ctx.Data["IsProjectsPage"] = true
+	ctx.Data["SortType"] = sortType
+
+	ctx.HTML(http.StatusOK, tplProjects)
+}
+
+// NewProject render creating a project page
+func NewProject(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.projects.new")
+	ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+	ctx.HTML(http.StatusOK, tplProjectsNew)
+}
+
+// NewProjectPost creates a new project
+func NewProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateProjectForm)
+	ctx.Data["Title"] = ctx.Tr("repo.projects.new")
+
+	if ctx.HasError() {
+		ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+		ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
+		ctx.HTML(http.StatusOK, tplProjectsNew)
+		return
+	}
+
+	if err := models.NewProject(&models.Project{
+		RepoID:      ctx.Repo.Repository.ID,
+		Title:       form.Title,
+		Description: form.Content,
+		CreatorID:   ctx.User.ID,
+		BoardType:   form.BoardType,
+		Type:        models.ProjectTypeRepository,
+	}); err != nil {
+		ctx.ServerError("NewProject", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.projects.create_success", form.Title))
+	ctx.Redirect(ctx.Repo.RepoLink + "/projects")
+}
+
+// ChangeProjectStatus updates the status of a project between "open" and "close"
+func ChangeProjectStatus(ctx *context.Context) {
+	toClose := false
+	switch ctx.Params(":action") {
+	case "open":
+		toClose = false
+	case "close":
+		toClose = true
+	default:
+		ctx.Redirect(ctx.Repo.RepoLink + "/projects")
+	}
+	id := ctx.ParamsInt64(":id")
+
+	if err := models.ChangeProjectStatusByRepoIDAndID(ctx.Repo.Repository.ID, id, toClose); err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", err)
+		} else {
+			ctx.ServerError("ChangeProjectStatusByIDAndRepoID", err)
+		}
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/projects?state=" + ctx.Params(":action"))
+}
+
+// DeleteProject delete a project
+func DeleteProject(ctx *context.Context) {
+	p, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if p.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound("", nil)
+		return
+	}
+
+	if err := models.DeleteProjectByID(p.ID); err != nil {
+		ctx.Flash.Error("DeleteProjectByID: " + err.Error())
+	} else {
+		ctx.Flash.Success(ctx.Tr("repo.projects.deletion_success"))
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": ctx.Repo.RepoLink + "/projects",
+	})
+}
+
+// EditProject allows a project to be edited
+func EditProject(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
+	ctx.Data["PageIsProjects"] = true
+	ctx.Data["PageIsEditProjects"] = true
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+
+	p, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if p.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound("", nil)
+		return
+	}
+
+	ctx.Data["title"] = p.Title
+	ctx.Data["content"] = p.Description
+
+	ctx.HTML(http.StatusOK, tplProjectsNew)
+}
+
+// EditProjectPost response for editing a project
+func EditProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateProjectForm)
+	ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
+	ctx.Data["PageIsProjects"] = true
+	ctx.Data["PageIsEditProjects"] = true
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplProjectsNew)
+		return
+	}
+
+	p, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if p.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound("", nil)
+		return
+	}
+
+	p.Title = form.Title
+	p.Description = form.Content
+	if err = models.UpdateProject(p); err != nil {
+		ctx.ServerError("UpdateProjects", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.projects.edit_success", p.Title))
+	ctx.Redirect(ctx.Repo.RepoLink + "/projects")
+}
+
+// ViewProject renders the project board for a project
+func ViewProject(ctx *context.Context) {
+
+	project, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if project.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound("", nil)
+		return
+	}
+
+	boards, err := models.GetProjectBoards(project.ID)
+	if err != nil {
+		ctx.ServerError("GetProjectBoards", err)
+		return
+	}
+
+	if boards[0].ID == 0 {
+		boards[0].Title = ctx.Tr("repo.projects.type.uncategorized")
+	}
+
+	issueList, err := boards.LoadIssues()
+	if err != nil {
+		ctx.ServerError("LoadIssuesOfBoards", err)
+		return
+	}
+	ctx.Data["Issues"] = issueList
+
+	linkedPrsMap := make(map[int64][]*models.Issue)
+	for _, issue := range issueList {
+		var referencedIds []int64
+		for _, comment := range issue.Comments {
+			if comment.RefIssueID != 0 && comment.RefIsPull {
+				referencedIds = append(referencedIds, comment.RefIssueID)
+			}
+		}
+
+		if len(referencedIds) > 0 {
+			if linkedPrs, err := models.Issues(&models.IssuesOptions{
+				IssueIDs: referencedIds,
+				IsPull:   util.OptionalBoolTrue,
+			}); err == nil {
+				linkedPrsMap[issue.ID] = linkedPrs
+			}
+		}
+	}
+	ctx.Data["LinkedPRs"] = linkedPrsMap
+
+	project.RenderedContent, err = markdown.RenderString(&markup.RenderContext{
+		URLPrefix: ctx.Repo.RepoLink,
+		Metas:     ctx.Repo.Repository.ComposeMetas(),
+	}, project.Description)
+	if err != nil {
+		ctx.ServerError("RenderString", err)
+		return
+	}
+
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+	ctx.Data["Project"] = project
+	ctx.Data["Boards"] = boards
+	ctx.Data["PageIsProjects"] = true
+	ctx.Data["RequiresDraggable"] = true
+
+	ctx.HTML(http.StatusOK, tplProjectsView)
+}
+
+// UpdateIssueProject change an issue's project
+func UpdateIssueProject(ctx *context.Context) {
+	issues := getActionIssues(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	projectID := ctx.QueryInt64("id")
+	for _, issue := range issues {
+		oldProjectID := issue.ProjectID()
+		if oldProjectID == projectID {
+			continue
+		}
+
+		if err := models.ChangeProjectAssign(issue, ctx.User, projectID); err != nil {
+			ctx.ServerError("ChangeProjectAssign", err)
+			return
+		}
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}
+
+// DeleteProjectBoard allows for the deletion of a project board
+func DeleteProjectBoard(ctx *context.Context) {
+	if ctx.User == nil {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only signed in users are allowed to perform this action.",
+		})
+		return
+	}
+
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return
+	}
+
+	project, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+
+	pb, err := models.GetProjectBoard(ctx.ParamsInt64(":boardID"))
+	if err != nil {
+		ctx.ServerError("GetProjectBoard", err)
+		return
+	}
+	if pb.ProjectID != ctx.ParamsInt64(":id") {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectBoard[%d] is not in Project[%d] as expected", pb.ID, project.ID),
+		})
+		return
+	}
+
+	if project.RepoID != ctx.Repo.Repository.ID {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectBoard[%d] is not in Repository[%d] as expected", pb.ID, ctx.Repo.Repository.ID),
+		})
+		return
+	}
+
+	if err := models.DeleteProjectBoardByID(ctx.ParamsInt64(":boardID")); err != nil {
+		ctx.ServerError("DeleteProjectBoardByID", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}
+
+// AddBoardToProjectPost allows a new board to be added to a project.
+func AddBoardToProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditProjectBoardForm)
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return
+	}
+
+	project, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+
+	if err := models.NewProjectBoard(&models.ProjectBoard{
+		ProjectID: project.ID,
+		Title:     form.Title,
+		CreatorID: ctx.User.ID,
+	}); err != nil {
+		ctx.ServerError("NewProjectBoard", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}
+
+func checkProjectBoardChangePermissions(ctx *context.Context) (*models.Project, *models.ProjectBoard) {
+	if ctx.User == nil {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only signed in users are allowed to perform this action.",
+		})
+		return nil, nil
+	}
+
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return nil, nil
+	}
+
+	project, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return nil, nil
+	}
+
+	board, err := models.GetProjectBoard(ctx.ParamsInt64(":boardID"))
+	if err != nil {
+		ctx.ServerError("GetProjectBoard", err)
+		return nil, nil
+	}
+	if board.ProjectID != ctx.ParamsInt64(":id") {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectBoard[%d] is not in Project[%d] as expected", board.ID, project.ID),
+		})
+		return nil, nil
+	}
+
+	if project.RepoID != ctx.Repo.Repository.ID {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
+			"message": fmt.Sprintf("ProjectBoard[%d] is not in Repository[%d] as expected", board.ID, ctx.Repo.Repository.ID),
+		})
+		return nil, nil
+	}
+	return project, board
+}
+
+// EditProjectBoard allows a project board's to be updated
+func EditProjectBoard(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditProjectBoardForm)
+	_, board := checkProjectBoardChangePermissions(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if form.Title != "" {
+		board.Title = form.Title
+	}
+
+	if form.Sorting != 0 {
+		board.Sorting = form.Sorting
+	}
+
+	if err := models.UpdateProjectBoard(board); err != nil {
+		ctx.ServerError("UpdateProjectBoard", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}
+
+// SetDefaultProjectBoard set default board for uncategorized issues/pulls
+func SetDefaultProjectBoard(ctx *context.Context) {
+
+	project, board := checkProjectBoardChangePermissions(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if err := models.SetDefaultBoard(project.ID, board.ID); err != nil {
+		ctx.ServerError("SetDefaultBoard", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}
+
+// MoveIssueAcrossBoards move a card from one board to another in a project
+func MoveIssueAcrossBoards(ctx *context.Context) {
+
+	if ctx.User == nil {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only signed in users are allowed to perform this action.",
+		})
+		return
+	}
+
+	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
+		ctx.JSON(http.StatusForbidden, map[string]string{
+			"message": "Only authorized users are allowed to perform this action.",
+		})
+		return
+	}
+
+	p, err := models.GetProjectByID(ctx.ParamsInt64(":id"))
+	if err != nil {
+		if models.IsErrProjectNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetProjectByID", err)
+		}
+		return
+	}
+	if p.RepoID != ctx.Repo.Repository.ID {
+		ctx.NotFound("", nil)
+		return
+	}
+
+	var board *models.ProjectBoard
+
+	if ctx.ParamsInt64(":boardID") == 0 {
+
+		board = &models.ProjectBoard{
+			ID:        0,
+			ProjectID: 0,
+			Title:     ctx.Tr("repo.projects.type.uncategorized"),
+		}
+
+	} else {
+		board, err = models.GetProjectBoard(ctx.ParamsInt64(":boardID"))
+		if err != nil {
+			if models.IsErrProjectBoardNotExist(err) {
+				ctx.NotFound("", nil)
+			} else {
+				ctx.ServerError("GetProjectBoard", err)
+			}
+			return
+		}
+		if board.ProjectID != p.ID {
+			ctx.NotFound("", nil)
+			return
+		}
+	}
+
+	issue, err := models.GetIssueByID(ctx.ParamsInt64(":index"))
+	if err != nil {
+		if models.IsErrIssueNotExist(err) {
+			ctx.NotFound("", nil)
+		} else {
+			ctx.ServerError("GetIssueByID", err)
+		}
+
+		return
+	}
+
+	if err := models.MoveIssueAcrossProjectBoards(issue, board); err != nil {
+		ctx.ServerError("MoveIssueAcrossProjectBoards", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}
+
+// CreateProject renders the generic project creation page
+func CreateProject(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.projects.new")
+	ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
+	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+
+	ctx.HTML(http.StatusOK, tplGenericProjectsNew)
+}
+
+// CreateProjectPost creates an individual and/or organization project
+func CreateProjectPost(ctx *context.Context, form forms.UserCreateProjectForm) {
+
+	user := checkContextUser(ctx, form.UID)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.Data["ContextUser"] = user
+
+	if ctx.HasError() {
+		ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
+		ctx.HTML(http.StatusOK, tplGenericProjectsNew)
+		return
+	}
+
+	var projectType = models.ProjectTypeIndividual
+	if user.IsOrganization() {
+		projectType = models.ProjectTypeOrganization
+	}
+
+	if err := models.NewProject(&models.Project{
+		Title:       form.Title,
+		Description: form.Content,
+		CreatorID:   user.ID,
+		BoardType:   form.BoardType,
+		Type:        projectType,
+	}); err != nil {
+		ctx.ServerError("NewProject", err)
+		return
+	}
+
+	ctx.Flash.Success(ctx.Tr("repo.projects.create_success", form.Title))
+	ctx.Redirect(setting.AppSubURL + "/")
+}

routers/web/repo/projects_test.go

@@ -0,0 +1,28 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/test"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestCheckProjectBoardChangePermissions(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/projects/1/2")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	ctx.SetParams(":id", "1")
+	ctx.SetParams(":boardID", "2")
+
+	project, board := checkProjectBoardChangePermissions(ctx)
+	assert.NotNil(t, project)
+	assert.NotNil(t, board)
+	assert.False(t, ctx.Written())
+}

routers/web/repo/pull_review.go

@@ -0,0 +1,238 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"fmt"
+	"net/http"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+	pull_service "code.gitea.io/gitea/services/pull"
+)
+
+const (
+	tplConversation base.TplName = "repo/diff/conversation"
+	tplNewComment   base.TplName = "repo/diff/new_comment"
+)
+
+// RenderNewCodeCommentForm will render the form for creating a new review comment
+func RenderNewCodeCommentForm(ctx *context.Context) {
+	issue := GetActionIssue(ctx)
+	if !issue.IsPull {
+		return
+	}
+	currentReview, err := models.GetCurrentReview(ctx.User, issue)
+	if err != nil && !models.IsErrReviewNotExist(err) {
+		ctx.ServerError("GetCurrentReview", err)
+		return
+	}
+	ctx.Data["PageIsPullFiles"] = true
+	ctx.Data["Issue"] = issue
+	ctx.Data["CurrentReview"] = currentReview
+	pullHeadCommitID, err := ctx.Repo.GitRepo.GetRefCommitID(issue.PullRequest.GetGitRefName())
+	if err != nil {
+		ctx.ServerError("GetRefCommitID", err)
+		return
+	}
+	ctx.Data["AfterCommitID"] = pullHeadCommitID
+	ctx.HTML(http.StatusOK, tplNewComment)
+}
+
+// CreateCodeComment will create a code comment including an pending review if required
+func CreateCodeComment(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CodeCommentForm)
+	issue := GetActionIssue(ctx)
+	if !issue.IsPull {
+		return
+	}
+	if ctx.Written() {
+		return
+	}
+
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))
+		ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		return
+	}
+
+	signedLine := form.Line
+	if form.Side == "previous" {
+		signedLine *= -1
+	}
+
+	comment, err := pull_service.CreateCodeComment(
+		ctx.User,
+		ctx.Repo.GitRepo,
+		issue,
+		signedLine,
+		form.Content,
+		form.TreePath,
+		form.IsReview,
+		form.Reply,
+		form.LatestCommitID,
+	)
+	if err != nil {
+		ctx.ServerError("CreateCodeComment", err)
+		return
+	}
+
+	if comment == nil {
+		log.Trace("Comment not created: %-v #%d[%d]", ctx.Repo.Repository, issue.Index, issue.ID)
+		ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		return
+	}
+
+	log.Trace("Comment created: %-v #%d[%d] Comment[%d]", ctx.Repo.Repository, issue.Index, issue.ID, comment.ID)
+
+	if form.Origin == "diff" {
+		renderConversation(ctx, comment)
+		return
+	}
+	ctx.Redirect(comment.HTMLURL())
+}
+
+// UpdateResolveConversation add or remove an Conversation resolved mark
+func UpdateResolveConversation(ctx *context.Context) {
+	origin := ctx.Query("origin")
+	action := ctx.Query("action")
+	commentID := ctx.QueryInt64("comment_id")
+
+	comment, err := models.GetCommentByID(commentID)
+	if err != nil {
+		ctx.ServerError("GetIssueByID", err)
+		return
+	}
+
+	if err = comment.LoadIssue(); err != nil {
+		ctx.ServerError("comment.LoadIssue", err)
+		return
+	}
+
+	var permResult bool
+	if permResult, err = models.CanMarkConversation(comment.Issue, ctx.User); err != nil {
+		ctx.ServerError("CanMarkConversation", err)
+		return
+	}
+	if !permResult {
+		ctx.Error(http.StatusForbidden)
+		return
+	}
+
+	if !comment.Issue.IsPull {
+		ctx.Error(http.StatusBadRequest)
+		return
+	}
+
+	if action == "Resolve" || action == "UnResolve" {
+		err = models.MarkConversation(comment, ctx.User, action == "Resolve")
+		if err != nil {
+			ctx.ServerError("MarkConversation", err)
+			return
+		}
+	} else {
+		ctx.Error(http.StatusBadRequest)
+		return
+	}
+
+	if origin == "diff" {
+		renderConversation(ctx, comment)
+		return
+	}
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"ok": true,
+	})
+}
+
+func renderConversation(ctx *context.Context, comment *models.Comment) {
+	comments, err := models.FetchCodeCommentsByLine(comment.Issue, ctx.User, comment.TreePath, comment.Line)
+	if err != nil {
+		ctx.ServerError("FetchCodeCommentsByLine", err)
+		return
+	}
+	ctx.Data["PageIsPullFiles"] = true
+	ctx.Data["comments"] = comments
+	ctx.Data["CanMarkConversation"] = true
+	ctx.Data["Issue"] = comment.Issue
+	if err = comment.Issue.LoadPullRequest(); err != nil {
+		ctx.ServerError("comment.Issue.LoadPullRequest", err)
+		return
+	}
+	pullHeadCommitID, err := ctx.Repo.GitRepo.GetRefCommitID(comment.Issue.PullRequest.GetGitRefName())
+	if err != nil {
+		ctx.ServerError("GetRefCommitID", err)
+		return
+	}
+	ctx.Data["AfterCommitID"] = pullHeadCommitID
+	ctx.HTML(http.StatusOK, tplConversation)
+}
+
+// SubmitReview creates a review out of the existing pending review or creates a new one if no pending review exist
+func SubmitReview(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.SubmitReviewForm)
+	issue := GetActionIssue(ctx)
+	if !issue.IsPull {
+		return
+	}
+	if ctx.Written() {
+		return
+	}
+	if ctx.HasError() {
+		ctx.Flash.Error(ctx.Data["ErrorMsg"].(string))
+		ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		return
+	}
+
+	reviewType := form.ReviewType()
+	switch reviewType {
+	case models.ReviewTypeUnknown:
+		ctx.ServerError("ReviewType", fmt.Errorf("unknown ReviewType: %s", form.Type))
+		return
+
+	// can not approve/reject your own PR
+	case models.ReviewTypeApprove, models.ReviewTypeReject:
+		if issue.IsPoster(ctx.User.ID) {
+			var translated string
+			if reviewType == models.ReviewTypeApprove {
+				translated = ctx.Tr("repo.issues.review.self.approval")
+			} else {
+				translated = ctx.Tr("repo.issues.review.self.rejection")
+			}
+
+			ctx.Flash.Error(translated)
+			ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+			return
+		}
+	}
+
+	_, comm, err := pull_service.SubmitReview(ctx.User, ctx.Repo.GitRepo, issue, reviewType, form.Content, form.CommitID)
+	if err != nil {
+		if models.IsContentEmptyErr(err) {
+			ctx.Flash.Error(ctx.Tr("repo.issues.review.content.empty"))
+			ctx.Redirect(fmt.Sprintf("%s/pulls/%d/files", ctx.Repo.RepoLink, issue.Index))
+		} else {
+			ctx.ServerError("SubmitReview", err)
+		}
+		return
+	}
+
+	ctx.Redirect(fmt.Sprintf("%s/pulls/%d#%s", ctx.Repo.RepoLink, issue.Index, comm.HashTag()))
+}
+
+// DismissReview dismissing stale review by repo admin
+func DismissReview(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.DismissReviewForm)
+	comm, err := pull_service.DismissReview(form.ReviewID, form.Message, ctx.User, true)
+	if err != nil {
+		ctx.ServerError("pull_service.DismissReview", err)
+		return
+	}
+
+	ctx.Redirect(fmt.Sprintf("%s/pulls/%d#%s", ctx.Repo.RepoLink, comm.Issue.Index, comm.HashTag()))
+}

routers/web/repo/release.go

@@ -0,0 +1,512 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/convert"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/markup/markdown"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/upload"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+	releaseservice "code.gitea.io/gitea/services/release"
+)
+
+const (
+	tplReleases   base.TplName = "repo/release/list"
+	tplReleaseNew base.TplName = "repo/release/new"
+)
+
+// calReleaseNumCommitsBehind calculates given release has how many commits behind release target.
+func calReleaseNumCommitsBehind(repoCtx *context.Repository, release *models.Release, countCache map[string]int64) error {
+	// Fast return if release target is same as default branch.
+	if repoCtx.BranchName == release.Target {
+		release.NumCommitsBehind = repoCtx.CommitsCount - release.NumCommits
+		return nil
+	}
+
+	// Get count if not exists
+	if _, ok := countCache[release.Target]; !ok {
+		if repoCtx.GitRepo.IsBranchExist(release.Target) {
+			commit, err := repoCtx.GitRepo.GetBranchCommit(release.Target)
+			if err != nil {
+				return fmt.Errorf("GetBranchCommit: %v", err)
+			}
+			countCache[release.Target], err = commit.CommitsCount()
+			if err != nil {
+				return fmt.Errorf("CommitsCount: %v", err)
+			}
+		} else {
+			// Use NumCommits of the newest release on that target
+			countCache[release.Target] = release.NumCommits
+		}
+	}
+	release.NumCommitsBehind = countCache[release.Target] - release.NumCommits
+	return nil
+}
+
+// Releases render releases list page
+func Releases(ctx *context.Context) {
+	releasesOrTags(ctx, false)
+}
+
+// TagsList render tags list page
+func TagsList(ctx *context.Context) {
+	releasesOrTags(ctx, true)
+}
+
+func releasesOrTags(ctx *context.Context, isTagList bool) {
+	ctx.Data["PageIsReleaseList"] = true
+	ctx.Data["DefaultBranch"] = ctx.Repo.Repository.DefaultBranch
+	ctx.Data["IsViewBranch"] = false
+	ctx.Data["IsViewTag"] = true
+	// Disable the showCreateNewBranch form in the dropdown on this page.
+	ctx.Data["CanCreateBranch"] = false
+	ctx.Data["HideBranchesInDropdown"] = true
+
+	if isTagList {
+		ctx.Data["Title"] = ctx.Tr("repo.release.tags")
+		ctx.Data["PageIsTagList"] = true
+	} else {
+		ctx.Data["Title"] = ctx.Tr("repo.release.releases")
+		ctx.Data["PageIsTagList"] = false
+	}
+
+	tags, err := ctx.Repo.GitRepo.GetTags()
+	if err != nil {
+		ctx.ServerError("GetTags", err)
+		return
+	}
+	ctx.Data["Tags"] = tags
+
+	writeAccess := ctx.Repo.CanWrite(models.UnitTypeReleases)
+	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
+
+	opts := models.FindReleasesOptions{
+		ListOptions: models.ListOptions{
+			Page:     ctx.QueryInt("page"),
+			PageSize: convert.ToCorrectPageSize(ctx.QueryInt("limit")),
+		},
+		IncludeDrafts: writeAccess && !isTagList,
+		IncludeTags:   isTagList,
+	}
+
+	releases, err := models.GetReleasesByRepoID(ctx.Repo.Repository.ID, opts)
+	if err != nil {
+		ctx.ServerError("GetReleasesByRepoID", err)
+		return
+	}
+
+	count, err := models.GetReleaseCountByRepoID(ctx.Repo.Repository.ID, opts)
+	if err != nil {
+		ctx.ServerError("GetReleaseCountByRepoID", err)
+		return
+	}
+
+	if err = models.GetReleaseAttachments(releases...); err != nil {
+		ctx.ServerError("GetReleaseAttachments", err)
+		return
+	}
+
+	// Temporary cache commits count of used branches to speed up.
+	countCache := make(map[string]int64)
+	cacheUsers := make(map[int64]*models.User)
+	if ctx.User != nil {
+		cacheUsers[ctx.User.ID] = ctx.User
+	}
+	var ok bool
+
+	for _, r := range releases {
+		if r.Publisher, ok = cacheUsers[r.PublisherID]; !ok {
+			r.Publisher, err = models.GetUserByID(r.PublisherID)
+			if err != nil {
+				if models.IsErrUserNotExist(err) {
+					r.Publisher = models.NewGhostUser()
+				} else {
+					ctx.ServerError("GetUserByID", err)
+					return
+				}
+			}
+			cacheUsers[r.PublisherID] = r.Publisher
+		}
+
+		r.Note, err = markdown.RenderString(&markup.RenderContext{
+			URLPrefix: ctx.Repo.RepoLink,
+			Metas:     ctx.Repo.Repository.ComposeMetas(),
+		}, r.Note)
+		if err != nil {
+			ctx.ServerError("RenderString", err)
+			return
+		}
+
+		if r.IsDraft {
+			continue
+		}
+
+		if err := calReleaseNumCommitsBehind(ctx.Repo, r, countCache); err != nil {
+			ctx.ServerError("calReleaseNumCommitsBehind", err)
+			return
+		}
+	}
+
+	ctx.Data["Releases"] = releases
+	ctx.Data["ReleasesNum"] = len(releases)
+
+	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplReleases)
+}
+
+// SingleRelease renders a single release's page
+func SingleRelease(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.release.releases")
+	ctx.Data["PageIsReleaseList"] = true
+
+	writeAccess := ctx.Repo.CanWrite(models.UnitTypeReleases)
+	ctx.Data["CanCreateRelease"] = writeAccess && !ctx.Repo.Repository.IsArchived
+
+	release, err := models.GetRelease(ctx.Repo.Repository.ID, ctx.Params("*"))
+	if err != nil {
+		if models.IsErrReleaseNotExist(err) {
+			ctx.NotFound("GetRelease", err)
+			return
+		}
+		ctx.ServerError("GetReleasesByRepoID", err)
+		return
+	}
+
+	err = models.GetReleaseAttachments(release)
+	if err != nil {
+		ctx.ServerError("GetReleaseAttachments", err)
+		return
+	}
+
+	release.Publisher, err = models.GetUserByID(release.PublisherID)
+	if err != nil {
+		if models.IsErrUserNotExist(err) {
+			release.Publisher = models.NewGhostUser()
+		} else {
+			ctx.ServerError("GetUserByID", err)
+			return
+		}
+	}
+	if !release.IsDraft {
+		if err := calReleaseNumCommitsBehind(ctx.Repo, release, make(map[string]int64)); err != nil {
+			ctx.ServerError("calReleaseNumCommitsBehind", err)
+			return
+		}
+	}
+	release.Note, err = markdown.RenderString(&markup.RenderContext{
+		URLPrefix: ctx.Repo.RepoLink,
+		Metas:     ctx.Repo.Repository.ComposeMetas(),
+	}, release.Note)
+	if err != nil {
+		ctx.ServerError("RenderString", err)
+		return
+	}
+
+	ctx.Data["Releases"] = []*models.Release{release}
+	ctx.HTML(http.StatusOK, tplReleases)
+}
+
+// LatestRelease redirects to the latest release
+func LatestRelease(ctx *context.Context) {
+	release, err := models.GetLatestReleaseByRepoID(ctx.Repo.Repository.ID)
+	if err != nil {
+		if models.IsErrReleaseNotExist(err) {
+			ctx.NotFound("LatestRelease", err)
+			return
+		}
+		ctx.ServerError("GetLatestReleaseByRepoID", err)
+		return
+	}
+
+	if err := release.LoadAttributes(); err != nil {
+		ctx.ServerError("LoadAttributes", err)
+		return
+	}
+
+	ctx.Redirect(release.HTMLURL())
+}
+
+// NewRelease render creating or edit release page
+func NewRelease(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.release.new_release")
+	ctx.Data["PageIsReleaseList"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["RequireTribute"] = true
+	ctx.Data["tag_target"] = ctx.Repo.Repository.DefaultBranch
+	if tagName := ctx.Query("tag"); len(tagName) > 0 {
+		rel, err := models.GetRelease(ctx.Repo.Repository.ID, tagName)
+		if err != nil && !models.IsErrReleaseNotExist(err) {
+			ctx.ServerError("GetRelease", err)
+			return
+		}
+
+		if rel != nil {
+			rel.Repo = ctx.Repo.Repository
+			if err := rel.LoadAttributes(); err != nil {
+				ctx.ServerError("LoadAttributes", err)
+				return
+			}
+
+			ctx.Data["tag_name"] = rel.TagName
+			ctx.Data["tag_target"] = rel.Target
+			ctx.Data["title"] = rel.Title
+			ctx.Data["content"] = rel.Note
+			ctx.Data["attachments"] = rel.Attachments
+		}
+	}
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	upload.AddUploadContext(ctx, "release")
+	ctx.HTML(http.StatusOK, tplReleaseNew)
+}
+
+// NewReleasePost response for creating a release
+func NewReleasePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewReleaseForm)
+	ctx.Data["Title"] = ctx.Tr("repo.release.new_release")
+	ctx.Data["PageIsReleaseList"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["RequireTribute"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplReleaseNew)
+		return
+	}
+
+	if !ctx.Repo.GitRepo.IsBranchExist(form.Target) {
+		ctx.RenderWithErr(ctx.Tr("form.target_branch_not_exist"), tplReleaseNew, &form)
+		return
+	}
+
+	var attachmentUUIDs []string
+	if setting.Attachment.Enabled {
+		attachmentUUIDs = form.Files
+	}
+
+	rel, err := models.GetRelease(ctx.Repo.Repository.ID, form.TagName)
+	if err != nil {
+		if !models.IsErrReleaseNotExist(err) {
+			ctx.ServerError("GetRelease", err)
+			return
+		}
+
+		msg := ""
+		if len(form.Title) > 0 && form.AddTagMsg {
+			msg = form.Title + "\n\n" + form.Content
+		}
+
+		if len(form.TagOnly) > 0 {
+			if err = releaseservice.CreateNewTag(ctx.User, ctx.Repo.Repository, form.Target, form.TagName, msg); err != nil {
+				if models.IsErrTagAlreadyExists(err) {
+					e := err.(models.ErrTagAlreadyExists)
+					ctx.Flash.Error(ctx.Tr("repo.branch.tag_collision", e.TagName))
+					ctx.Redirect(ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL())
+					return
+				}
+
+				ctx.ServerError("releaseservice.CreateNewTag", err)
+				return
+			}
+
+			ctx.Flash.Success(ctx.Tr("repo.tag.create_success", form.TagName))
+			ctx.Redirect(ctx.Repo.RepoLink + "/src/tag/" + form.TagName)
+			return
+		}
+
+		rel = &models.Release{
+			RepoID:       ctx.Repo.Repository.ID,
+			PublisherID:  ctx.User.ID,
+			Title:        form.Title,
+			TagName:      form.TagName,
+			Target:       form.Target,
+			Note:         form.Content,
+			IsDraft:      len(form.Draft) > 0,
+			IsPrerelease: form.Prerelease,
+			IsTag:        false,
+		}
+
+		if err = releaseservice.CreateRelease(ctx.Repo.GitRepo, rel, attachmentUUIDs, msg); err != nil {
+			ctx.Data["Err_TagName"] = true
+			switch {
+			case models.IsErrReleaseAlreadyExist(err):
+				ctx.RenderWithErr(ctx.Tr("repo.release.tag_name_already_exist"), tplReleaseNew, &form)
+			case models.IsErrInvalidTagName(err):
+				ctx.RenderWithErr(ctx.Tr("repo.release.tag_name_invalid"), tplReleaseNew, &form)
+			default:
+				ctx.ServerError("CreateRelease", err)
+			}
+			return
+		}
+	} else {
+		if !rel.IsTag {
+			ctx.Data["Err_TagName"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.release.tag_name_already_exist"), tplReleaseNew, &form)
+			return
+		}
+
+		rel.Title = form.Title
+		rel.Note = form.Content
+		rel.Target = form.Target
+		rel.IsDraft = len(form.Draft) > 0
+		rel.IsPrerelease = form.Prerelease
+		rel.PublisherID = ctx.User.ID
+		rel.IsTag = false
+
+		if err = releaseservice.UpdateRelease(ctx.User, ctx.Repo.GitRepo, rel, attachmentUUIDs, nil, nil); err != nil {
+			ctx.Data["Err_TagName"] = true
+			ctx.ServerError("UpdateRelease", err)
+			return
+		}
+	}
+	log.Trace("Release created: %s/%s:%s", ctx.User.LowerName, ctx.Repo.Repository.Name, form.TagName)
+
+	ctx.Redirect(ctx.Repo.RepoLink + "/releases")
+}
+
+// EditRelease render release edit page
+func EditRelease(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.release.edit_release")
+	ctx.Data["PageIsReleaseList"] = true
+	ctx.Data["PageIsEditRelease"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["RequireTribute"] = true
+	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
+	upload.AddUploadContext(ctx, "release")
+
+	tagName := ctx.Params("*")
+	rel, err := models.GetRelease(ctx.Repo.Repository.ID, tagName)
+	if err != nil {
+		if models.IsErrReleaseNotExist(err) {
+			ctx.NotFound("GetRelease", err)
+		} else {
+			ctx.ServerError("GetRelease", err)
+		}
+		return
+	}
+	ctx.Data["ID"] = rel.ID
+	ctx.Data["tag_name"] = rel.TagName
+	ctx.Data["tag_target"] = rel.Target
+	ctx.Data["title"] = rel.Title
+	ctx.Data["content"] = rel.Note
+	ctx.Data["prerelease"] = rel.IsPrerelease
+	ctx.Data["IsDraft"] = rel.IsDraft
+
+	rel.Repo = ctx.Repo.Repository
+	if err := rel.LoadAttributes(); err != nil {
+		ctx.ServerError("LoadAttributes", err)
+		return
+	}
+	ctx.Data["attachments"] = rel.Attachments
+
+	ctx.HTML(http.StatusOK, tplReleaseNew)
+}
+
+// EditReleasePost response for edit release
+func EditReleasePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.EditReleaseForm)
+	ctx.Data["Title"] = ctx.Tr("repo.release.edit_release")
+	ctx.Data["PageIsReleaseList"] = true
+	ctx.Data["PageIsEditRelease"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+	ctx.Data["RequireTribute"] = true
+
+	tagName := ctx.Params("*")
+	rel, err := models.GetRelease(ctx.Repo.Repository.ID, tagName)
+	if err != nil {
+		if models.IsErrReleaseNotExist(err) {
+			ctx.NotFound("GetRelease", err)
+		} else {
+			ctx.ServerError("GetRelease", err)
+		}
+		return
+	}
+	if rel.IsTag {
+		ctx.NotFound("GetRelease", err)
+		return
+	}
+	ctx.Data["tag_name"] = rel.TagName
+	ctx.Data["tag_target"] = rel.Target
+	ctx.Data["title"] = rel.Title
+	ctx.Data["content"] = rel.Note
+	ctx.Data["prerelease"] = rel.IsPrerelease
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplReleaseNew)
+		return
+	}
+
+	const delPrefix = "attachment-del-"
+	const editPrefix = "attachment-edit-"
+	var addAttachmentUUIDs, delAttachmentUUIDs []string
+	var editAttachments = make(map[string]string) // uuid -> new name
+	if setting.Attachment.Enabled {
+		addAttachmentUUIDs = form.Files
+		for k, v := range ctx.Req.Form {
+			if strings.HasPrefix(k, delPrefix) && v[0] == "true" {
+				delAttachmentUUIDs = append(delAttachmentUUIDs, k[len(delPrefix):])
+			} else if strings.HasPrefix(k, editPrefix) {
+				editAttachments[k[len(editPrefix):]] = v[0]
+			}
+		}
+	}
+
+	rel.Title = form.Title
+	rel.Note = form.Content
+	rel.IsDraft = len(form.Draft) > 0
+	rel.IsPrerelease = form.Prerelease
+	if err = releaseservice.UpdateRelease(ctx.User, ctx.Repo.GitRepo,
+		rel, addAttachmentUUIDs, delAttachmentUUIDs, editAttachments); err != nil {
+		ctx.ServerError("UpdateRelease", err)
+		return
+	}
+	ctx.Redirect(ctx.Repo.RepoLink + "/releases")
+}
+
+// DeleteRelease delete a release
+func DeleteRelease(ctx *context.Context) {
+	deleteReleaseOrTag(ctx, false)
+}
+
+// DeleteTag delete a tag
+func DeleteTag(ctx *context.Context) {
+	deleteReleaseOrTag(ctx, true)
+}
+
+func deleteReleaseOrTag(ctx *context.Context, isDelTag bool) {
+	if err := releaseservice.DeleteReleaseByID(ctx.QueryInt64("id"), ctx.User, isDelTag); err != nil {
+		ctx.Flash.Error("DeleteReleaseByID: " + err.Error())
+	} else {
+		if isDelTag {
+			ctx.Flash.Success(ctx.Tr("repo.release.deletion_tag_success"))
+		} else {
+			ctx.Flash.Success(ctx.Tr("repo.release.deletion_success"))
+		}
+	}
+
+	if isDelTag {
+		ctx.JSON(http.StatusOK, map[string]interface{}{
+			"redirect": ctx.Repo.RepoLink + "/tags",
+		})
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": ctx.Repo.RepoLink + "/releases",
+	})
+}

routers/web/repo/release_test.go

@@ -0,0 +1,64 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+)
+
+func TestNewReleasePost(t *testing.T) {
+	for _, testCase := range []struct {
+		RepoID  int64
+		UserID  int64
+		TagName string
+		Form    forms.NewReleaseForm
+	}{
+		{
+			RepoID:  1,
+			UserID:  2,
+			TagName: "v1.1", // pre-existing tag
+			Form: forms.NewReleaseForm{
+				TagName: "newtag",
+				Target:  "master",
+				Title:   "title",
+				Content: "content",
+			},
+		},
+		{
+			RepoID:  1,
+			UserID:  2,
+			TagName: "newtag",
+			Form: forms.NewReleaseForm{
+				TagName: "newtag",
+				Target:  "master",
+				Title:   "title",
+				Content: "content",
+			},
+		},
+	} {
+		models.PrepareTestEnv(t)
+
+		ctx := test.MockContext(t, "user2/repo1/releases/new")
+		test.LoadUser(t, ctx, 2)
+		test.LoadRepo(t, ctx, 1)
+		test.LoadGitRepo(t, ctx)
+		web.SetForm(ctx, &testCase.Form)
+		NewReleasePost(ctx)
+		models.AssertExistsAndLoadBean(t, &models.Release{
+			RepoID:      1,
+			PublisherID: 2,
+			TagName:     testCase.Form.TagName,
+			Target:      testCase.Form.Target,
+			Title:       testCase.Form.Title,
+			Note:        testCase.Form.Content,
+		}, models.Cond("is_draft=?", len(testCase.Form.Draft) > 0))
+		ctx.Repo.GitRepo.Close()
+	}
+}

routers/web/repo/repo.go

@@ -0,0 +1,388 @@
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"errors"
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
+	archiver_service "code.gitea.io/gitea/services/archiver"
+	"code.gitea.io/gitea/services/forms"
+	repo_service "code.gitea.io/gitea/services/repository"
+)
+
+const (
+	tplCreate       base.TplName = "repo/create"
+	tplAlertDetails base.TplName = "base/alert_details"
+)
+
+// MustBeNotEmpty render when a repo is a empty git dir
+func MustBeNotEmpty(ctx *context.Context) {
+	if ctx.Repo.Repository.IsEmpty {
+		ctx.NotFound("MustBeNotEmpty", nil)
+	}
+}
+
+// MustBeEditable check that repo can be edited
+func MustBeEditable(ctx *context.Context) {
+	if !ctx.Repo.Repository.CanEnableEditor() || ctx.Repo.IsViewCommit {
+		ctx.NotFound("", nil)
+		return
+	}
+}
+
+// MustBeAbleToUpload check that repo can be uploaded to
+func MustBeAbleToUpload(ctx *context.Context) {
+	if !setting.Repository.Upload.Enabled {
+		ctx.NotFound("", nil)
+	}
+}
+
+func checkContextUser(ctx *context.Context, uid int64) *models.User {
+	orgs, err := models.GetOrgsCanCreateRepoByUserID(ctx.User.ID)
+	if err != nil {
+		ctx.ServerError("GetOrgsCanCreateRepoByUserID", err)
+		return nil
+	}
+
+	if !ctx.User.IsAdmin {
+		orgsAvailable := []*models.User{}
+		for i := 0; i < len(orgs); i++ {
+			if orgs[i].CanCreateRepo() {
+				orgsAvailable = append(orgsAvailable, orgs[i])
+			}
+		}
+		ctx.Data["Orgs"] = orgsAvailable
+	} else {
+		ctx.Data["Orgs"] = orgs
+	}
+
+	// Not equal means current user is an organization.
+	if uid == ctx.User.ID || uid == 0 {
+		return ctx.User
+	}
+
+	org, err := models.GetUserByID(uid)
+	if models.IsErrUserNotExist(err) {
+		return ctx.User
+	}
+
+	if err != nil {
+		ctx.ServerError("GetUserByID", fmt.Errorf("[%d]: %v", uid, err))
+		return nil
+	}
+
+	// Check ownership of organization.
+	if !org.IsOrganization() {
+		ctx.Error(http.StatusForbidden)
+		return nil
+	}
+	if !ctx.User.IsAdmin {
+		canCreate, err := org.CanCreateOrgRepo(ctx.User.ID)
+		if err != nil {
+			ctx.ServerError("CanCreateOrgRepo", err)
+			return nil
+		} else if !canCreate {
+			ctx.Error(http.StatusForbidden)
+			return nil
+		}
+	} else {
+		ctx.Data["Orgs"] = orgs
+	}
+	return org
+}
+
+func getRepoPrivate(ctx *context.Context) bool {
+	switch strings.ToLower(setting.Repository.DefaultPrivate) {
+	case setting.RepoCreatingLastUserVisibility:
+		return ctx.User.LastRepoVisibility
+	case setting.RepoCreatingPrivate:
+		return true
+	case setting.RepoCreatingPublic:
+		return false
+	default:
+		return ctx.User.LastRepoVisibility
+	}
+}
+
+// Create render creating repository page
+func Create(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("new_repo")
+
+	// Give default value for template to render.
+	ctx.Data["Gitignores"] = models.Gitignores
+	ctx.Data["LabelTemplates"] = models.LabelTemplates
+	ctx.Data["Licenses"] = models.Licenses
+	ctx.Data["Readmes"] = models.Readmes
+	ctx.Data["readme"] = "Default"
+	ctx.Data["private"] = getRepoPrivate(ctx)
+	ctx.Data["IsForcedPrivate"] = setting.Repository.ForcePrivate
+	ctx.Data["default_branch"] = setting.Repository.DefaultBranch
+
+	ctxUser := checkContextUser(ctx, ctx.QueryInt64("org"))
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	ctx.Data["repo_template_name"] = ctx.Tr("repo.template_select")
+	templateID := ctx.QueryInt64("template_id")
+	if templateID > 0 {
+		templateRepo, err := models.GetRepositoryByID(templateID)
+		if err == nil && templateRepo.CheckUnitUser(ctxUser, models.UnitTypeCode) {
+			ctx.Data["repo_template"] = templateID
+			ctx.Data["repo_template_name"] = templateRepo.Name
+		}
+	}
+
+	ctx.Data["CanCreateRepo"] = ctx.User.CanCreateRepo()
+	ctx.Data["MaxCreationLimit"] = ctx.User.MaxCreationLimit()
+
+	ctx.HTML(http.StatusOK, tplCreate)
+}
+
+func handleCreateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form interface{}) {
+	switch {
+	case models.IsErrReachLimitOfRepo(err):
+		ctx.RenderWithErr(ctx.Tr("repo.form.reach_limit_of_creation", owner.MaxCreationLimit()), tpl, form)
+	case models.IsErrRepoAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErr(ctx.Tr("form.repo_name_been_taken"), tpl, form)
+	case models.IsErrRepoFilesAlreadyExist(err):
+		ctx.Data["Err_RepoName"] = true
+		switch {
+		case ctx.IsUserSiteAdmin() || (setting.Repository.AllowAdoptionOfUnadoptedRepositories && setting.Repository.AllowDeleteOfUnadoptedRepositories):
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist.adopt_or_delete"), tpl, form)
+		case setting.Repository.AllowAdoptionOfUnadoptedRepositories:
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist.adopt"), tpl, form)
+		case setting.Repository.AllowDeleteOfUnadoptedRepositories:
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist.delete"), tpl, form)
+		default:
+			ctx.RenderWithErr(ctx.Tr("form.repository_files_already_exist"), tpl, form)
+		}
+	case models.IsErrNameReserved(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErr(ctx.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), tpl, form)
+	case models.IsErrNamePatternNotAllowed(err):
+		ctx.Data["Err_RepoName"] = true
+		ctx.RenderWithErr(ctx.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form)
+	default:
+		ctx.ServerError(name, err)
+	}
+}
+
+// CreatePost response for creating repository
+func CreatePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.CreateRepoForm)
+	ctx.Data["Title"] = ctx.Tr("new_repo")
+
+	ctx.Data["Gitignores"] = models.Gitignores
+	ctx.Data["LabelTemplates"] = models.LabelTemplates
+	ctx.Data["Licenses"] = models.Licenses
+	ctx.Data["Readmes"] = models.Readmes
+
+	ctx.Data["CanCreateRepo"] = ctx.User.CanCreateRepo()
+	ctx.Data["MaxCreationLimit"] = ctx.User.MaxCreationLimit()
+
+	ctxUser := checkContextUser(ctx, form.UID)
+	if ctx.Written() {
+		return
+	}
+	ctx.Data["ContextUser"] = ctxUser
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplCreate)
+		return
+	}
+
+	var repo *models.Repository
+	var err error
+	if form.RepoTemplate > 0 {
+		opts := models.GenerateRepoOptions{
+			Name:        form.RepoName,
+			Description: form.Description,
+			Private:     form.Private,
+			GitContent:  form.GitContent,
+			Topics:      form.Topics,
+			GitHooks:    form.GitHooks,
+			Webhooks:    form.Webhooks,
+			Avatar:      form.Avatar,
+			IssueLabels: form.Labels,
+		}
+
+		if !opts.IsValid() {
+			ctx.RenderWithErr(ctx.Tr("repo.template.one_item"), tplCreate, form)
+			return
+		}
+
+		templateRepo := getRepository(ctx, form.RepoTemplate)
+		if ctx.Written() {
+			return
+		}
+
+		if !templateRepo.IsTemplate {
+			ctx.RenderWithErr(ctx.Tr("repo.template.invalid"), tplCreate, form)
+			return
+		}
+
+		repo, err = repo_service.GenerateRepository(ctx.User, ctxUser, templateRepo, opts)
+		if err == nil {
+			log.Trace("Repository generated [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
+			ctx.Redirect(ctxUser.HomeLink() + "/" + repo.Name)
+			return
+		}
+	} else {
+		repo, err = repo_service.CreateRepository(ctx.User, ctxUser, models.CreateRepoOptions{
+			Name:          form.RepoName,
+			Description:   form.Description,
+			Gitignores:    form.Gitignores,
+			IssueLabels:   form.IssueLabels,
+			License:       form.License,
+			Readme:        form.Readme,
+			IsPrivate:     form.Private || setting.Repository.ForcePrivate,
+			DefaultBranch: form.DefaultBranch,
+			AutoInit:      form.AutoInit,
+			IsTemplate:    form.Template,
+			TrustModel:    models.ToTrustModel(form.TrustModel),
+		})
+		if err == nil {
+			log.Trace("Repository created [%d]: %s/%s", repo.ID, ctxUser.Name, repo.Name)
+			ctx.Redirect(ctxUser.HomeLink() + "/" + repo.Name)
+			return
+		}
+	}
+
+	handleCreateError(ctx, ctxUser, err, "CreatePost", tplCreate, &form)
+}
+
+// Action response for actions to a repository
+func Action(ctx *context.Context) {
+	var err error
+	switch ctx.Params(":action") {
+	case "watch":
+		err = models.WatchRepo(ctx.User.ID, ctx.Repo.Repository.ID, true)
+	case "unwatch":
+		err = models.WatchRepo(ctx.User.ID, ctx.Repo.Repository.ID, false)
+	case "star":
+		err = models.StarRepo(ctx.User.ID, ctx.Repo.Repository.ID, true)
+	case "unstar":
+		err = models.StarRepo(ctx.User.ID, ctx.Repo.Repository.ID, false)
+	case "accept_transfer":
+		err = acceptOrRejectRepoTransfer(ctx, true)
+	case "reject_transfer":
+		err = acceptOrRejectRepoTransfer(ctx, false)
+	case "desc": // FIXME: this is not used
+		if !ctx.Repo.IsOwner() {
+			ctx.Error(http.StatusNotFound)
+			return
+		}
+
+		ctx.Repo.Repository.Description = ctx.Query("desc")
+		ctx.Repo.Repository.Website = ctx.Query("site")
+		err = models.UpdateRepository(ctx.Repo.Repository, false)
+	}
+
+	if err != nil {
+		ctx.ServerError(fmt.Sprintf("Action (%s)", ctx.Params(":action")), err)
+		return
+	}
+
+	ctx.RedirectToFirst(ctx.Query("redirect_to"), ctx.Repo.RepoLink)
+}
+
+func acceptOrRejectRepoTransfer(ctx *context.Context, accept bool) error {
+	repoTransfer, err := models.GetPendingRepositoryTransfer(ctx.Repo.Repository)
+	if err != nil {
+		return err
+	}
+
+	if err := repoTransfer.LoadAttributes(); err != nil {
+		return err
+	}
+
+	if !repoTransfer.CanUserAcceptTransfer(ctx.User) {
+		return errors.New("user does not have enough permissions")
+	}
+
+	if accept {
+		if err := repo_service.TransferOwnership(repoTransfer.Doer, repoTransfer.Recipient, ctx.Repo.Repository, repoTransfer.Teams); err != nil {
+			return err
+		}
+		ctx.Flash.Success(ctx.Tr("repo.settings.transfer.success"))
+	} else {
+		if err := models.CancelRepositoryTransfer(ctx.Repo.Repository); err != nil {
+			return err
+		}
+		ctx.Flash.Success(ctx.Tr("repo.settings.transfer.rejected"))
+	}
+
+	ctx.Redirect(ctx.Repo.Repository.HTMLURL())
+	return nil
+}
+
+// RedirectDownload return a file based on the following infos:
+func RedirectDownload(ctx *context.Context) {
+	var (
+		vTag     = ctx.Params("vTag")
+		fileName = ctx.Params("fileName")
+	)
+	tagNames := []string{vTag}
+	curRepo := ctx.Repo.Repository
+	releases, err := models.GetReleasesByRepoIDAndNames(models.DefaultDBContext(), curRepo.ID, tagNames)
+	if err != nil {
+		if models.IsErrAttachmentNotExist(err) {
+			ctx.Error(http.StatusNotFound)
+			return
+		}
+		ctx.ServerError("RedirectDownload", err)
+		return
+	}
+	if len(releases) == 1 {
+		release := releases[0]
+		att, err := models.GetAttachmentByReleaseIDFileName(release.ID, fileName)
+		if err != nil {
+			ctx.Error(http.StatusNotFound)
+			return
+		}
+		if att != nil {
+			ctx.Redirect(att.DownloadURL())
+			return
+		}
+	}
+	ctx.Error(http.StatusNotFound)
+}
+
+// InitiateDownload will enqueue an archival request, as needed.  It may submit
+// a request that's already in-progress, but the archiver service will just
+// kind of drop it on the floor if this is the case.
+func InitiateDownload(ctx *context.Context) {
+	uri := ctx.Params("*")
+	aReq := archiver_service.DeriveRequestFrom(ctx, uri)
+
+	if aReq == nil {
+		ctx.Error(http.StatusNotFound)
+		return
+	}
+
+	complete := aReq.IsComplete()
+	if !complete {
+		aReq = archiver_service.ArchiveRepository(aReq)
+		complete, _ = aReq.TimedWaitForCompletion(ctx, 2*time.Second)
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"complete": complete,
+	})
+}

routers/web/repo/search.go

@@ -0,0 +1,55 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	code_indexer "code.gitea.io/gitea/modules/indexer/code"
+	"code.gitea.io/gitea/modules/setting"
+)
+
+const tplSearch base.TplName = "repo/search"
+
+// Search render repository search page
+func Search(ctx *context.Context) {
+	if !setting.Indexer.RepoIndexerEnabled {
+		ctx.Redirect(ctx.Repo.RepoLink, 302)
+		return
+	}
+	language := strings.TrimSpace(ctx.Query("l"))
+	keyword := strings.TrimSpace(ctx.Query("q"))
+	page := ctx.QueryInt("page")
+	if page <= 0 {
+		page = 1
+	}
+	queryType := strings.TrimSpace(ctx.Query("t"))
+	isMatch := queryType == "match"
+
+	total, searchResults, searchResultLanguages, err := code_indexer.PerformSearch([]int64{ctx.Repo.Repository.ID},
+		language, keyword, page, setting.UI.RepoSearchPagingNum, isMatch)
+	if err != nil {
+		ctx.ServerError("SearchResults", err)
+		return
+	}
+	ctx.Data["Keyword"] = keyword
+	ctx.Data["Language"] = language
+	ctx.Data["queryType"] = queryType
+	ctx.Data["SourcePath"] = ctx.Repo.Repository.HTMLURL()
+	ctx.Data["SearchResults"] = searchResults
+	ctx.Data["SearchResultLanguages"] = searchResultLanguages
+	ctx.Data["RequireHighlightJS"] = true
+	ctx.Data["PageIsViewCode"] = true
+
+	pager := context.NewPagination(total, setting.UI.RepoSearchPagingNum, page, 5)
+	pager.SetDefaultParams(ctx)
+	pager.AddParam(ctx, "l", "Language")
+	ctx.Data["Page"] = pager
+
+	ctx.HTML(http.StatusOK, tplSearch)
+}

routers/web/repo/setting_protected_branch.go

@@ -0,0 +1,286 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"fmt"
+	"net/http"
+	"strings"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+	pull_service "code.gitea.io/gitea/services/pull"
+)
+
+// ProtectedBranch render the page to protect the repository
+func ProtectedBranch(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings")
+	ctx.Data["PageIsSettingsBranches"] = true
+
+	protectedBranches, err := ctx.Repo.Repository.GetProtectedBranches()
+	if err != nil {
+		ctx.ServerError("GetProtectedBranches", err)
+		return
+	}
+	ctx.Data["ProtectedBranches"] = protectedBranches
+
+	branches := ctx.Data["Branches"].([]string)
+	leftBranches := make([]string, 0, len(branches)-len(protectedBranches))
+	for _, b := range branches {
+		var protected bool
+		for _, pb := range protectedBranches {
+			if b == pb.BranchName {
+				protected = true
+				break
+			}
+		}
+		if !protected {
+			leftBranches = append(leftBranches, b)
+		}
+	}
+
+	ctx.Data["LeftBranches"] = leftBranches
+
+	ctx.HTML(http.StatusOK, tplBranches)
+}
+
+// ProtectedBranchPost response for protect for a branch of a repository
+func ProtectedBranchPost(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.settings")
+	ctx.Data["PageIsSettingsBranches"] = true
+
+	repo := ctx.Repo.Repository
+
+	switch ctx.Query("action") {
+	case "default_branch":
+		if ctx.HasError() {
+			ctx.HTML(http.StatusOK, tplBranches)
+			return
+		}
+
+		branch := ctx.Query("branch")
+		if !ctx.Repo.GitRepo.IsBranchExist(branch) {
+			ctx.Status(404)
+			return
+		} else if repo.DefaultBranch != branch {
+			repo.DefaultBranch = branch
+			if err := ctx.Repo.GitRepo.SetDefaultBranch(branch); err != nil {
+				if !git.IsErrUnsupportedVersion(err) {
+					ctx.ServerError("SetDefaultBranch", err)
+					return
+				}
+			}
+			if err := repo.UpdateDefaultBranch(); err != nil {
+				ctx.ServerError("SetDefaultBranch", err)
+				return
+			}
+		}
+
+		log.Trace("Repository basic settings updated: %s/%s", ctx.Repo.Owner.Name, repo.Name)
+
+		ctx.Flash.Success(ctx.Tr("repo.settings.update_settings_success"))
+		ctx.Redirect(setting.AppSubURL + ctx.Req.URL.Path)
+	default:
+		ctx.NotFound("", nil)
+	}
+}
+
+// SettingsProtectedBranch renders the protected branch setting page
+func SettingsProtectedBranch(c *context.Context) {
+	branch := c.Params("*")
+	if !c.Repo.GitRepo.IsBranchExist(branch) {
+		c.NotFound("IsBranchExist", nil)
+		return
+	}
+
+	c.Data["Title"] = c.Tr("repo.settings.protected_branch") + " - " + branch
+	c.Data["PageIsSettingsBranches"] = true
+
+	protectBranch, err := models.GetProtectedBranchBy(c.Repo.Repository.ID, branch)
+	if err != nil {
+		if !git.IsErrBranchNotExist(err) {
+			c.ServerError("GetProtectBranchOfRepoByName", err)
+			return
+		}
+	}
+
+	if protectBranch == nil {
+		// No options found, create defaults.
+		protectBranch = &models.ProtectedBranch{
+			BranchName: branch,
+		}
+	}
+
+	users, err := c.Repo.Repository.GetReaders()
+	if err != nil {
+		c.ServerError("Repo.Repository.GetReaders", err)
+		return
+	}
+	c.Data["Users"] = users
+	c.Data["whitelist_users"] = strings.Join(base.Int64sToStrings(protectBranch.WhitelistUserIDs), ",")
+	c.Data["merge_whitelist_users"] = strings.Join(base.Int64sToStrings(protectBranch.MergeWhitelistUserIDs), ",")
+	c.Data["approvals_whitelist_users"] = strings.Join(base.Int64sToStrings(protectBranch.ApprovalsWhitelistUserIDs), ",")
+	contexts, _ := models.FindRepoRecentCommitStatusContexts(c.Repo.Repository.ID, 7*24*time.Hour) // Find last week status check contexts
+	for _, ctx := range protectBranch.StatusCheckContexts {
+		var found bool
+		for i := range contexts {
+			if contexts[i] == ctx {
+				found = true
+				break
+			}
+		}
+		if !found {
+			contexts = append(contexts, ctx)
+		}
+	}
+
+	c.Data["branch_status_check_contexts"] = contexts
+	c.Data["is_context_required"] = func(context string) bool {
+		for _, c := range protectBranch.StatusCheckContexts {
+			if c == context {
+				return true
+			}
+		}
+		return false
+	}
+
+	if c.Repo.Owner.IsOrganization() {
+		teams, err := c.Repo.Owner.TeamsWithAccessToRepo(c.Repo.Repository.ID, models.AccessModeRead)
+		if err != nil {
+			c.ServerError("Repo.Owner.TeamsWithAccessToRepo", err)
+			return
+		}
+		c.Data["Teams"] = teams
+		c.Data["whitelist_teams"] = strings.Join(base.Int64sToStrings(protectBranch.WhitelistTeamIDs), ",")
+		c.Data["merge_whitelist_teams"] = strings.Join(base.Int64sToStrings(protectBranch.MergeWhitelistTeamIDs), ",")
+		c.Data["approvals_whitelist_teams"] = strings.Join(base.Int64sToStrings(protectBranch.ApprovalsWhitelistTeamIDs), ",")
+	}
+
+	c.Data["Branch"] = protectBranch
+	c.HTML(http.StatusOK, tplProtectedBranch)
+}
+
+// SettingsProtectedBranchPost updates the protected branch settings
+func SettingsProtectedBranchPost(ctx *context.Context) {
+	f := web.GetForm(ctx).(*forms.ProtectBranchForm)
+	branch := ctx.Params("*")
+	if !ctx.Repo.GitRepo.IsBranchExist(branch) {
+		ctx.NotFound("IsBranchExist", nil)
+		return
+	}
+
+	protectBranch, err := models.GetProtectedBranchBy(ctx.Repo.Repository.ID, branch)
+	if err != nil {
+		if !git.IsErrBranchNotExist(err) {
+			ctx.ServerError("GetProtectBranchOfRepoByName", err)
+			return
+		}
+	}
+
+	if f.Protected {
+		if protectBranch == nil {
+			// No options found, create defaults.
+			protectBranch = &models.ProtectedBranch{
+				RepoID:     ctx.Repo.Repository.ID,
+				BranchName: branch,
+			}
+		}
+		if f.RequiredApprovals < 0 {
+			ctx.Flash.Error(ctx.Tr("repo.settings.protected_branch_required_approvals_min"))
+			ctx.Redirect(fmt.Sprintf("%s/settings/branches/%s", ctx.Repo.RepoLink, branch))
+		}
+
+		var whitelistUsers, whitelistTeams, mergeWhitelistUsers, mergeWhitelistTeams, approvalsWhitelistUsers, approvalsWhitelistTeams []int64
+		switch f.EnablePush {
+		case "all":
+			protectBranch.CanPush = true
+			protectBranch.EnableWhitelist = false
+			protectBranch.WhitelistDeployKeys = false
+		case "whitelist":
+			protectBranch.CanPush = true
+			protectBranch.EnableWhitelist = true
+			protectBranch.WhitelistDeployKeys = f.WhitelistDeployKeys
+			if strings.TrimSpace(f.WhitelistUsers) != "" {
+				whitelistUsers, _ = base.StringsToInt64s(strings.Split(f.WhitelistUsers, ","))
+			}
+			if strings.TrimSpace(f.WhitelistTeams) != "" {
+				whitelistTeams, _ = base.StringsToInt64s(strings.Split(f.WhitelistTeams, ","))
+			}
+		default:
+			protectBranch.CanPush = false
+			protectBranch.EnableWhitelist = false
+			protectBranch.WhitelistDeployKeys = false
+		}
+
+		protectBranch.EnableMergeWhitelist = f.EnableMergeWhitelist
+		if f.EnableMergeWhitelist {
+			if strings.TrimSpace(f.MergeWhitelistUsers) != "" {
+				mergeWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistUsers, ","))
+			}
+			if strings.TrimSpace(f.MergeWhitelistTeams) != "" {
+				mergeWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.MergeWhitelistTeams, ","))
+			}
+		}
+
+		protectBranch.EnableStatusCheck = f.EnableStatusCheck
+		if f.EnableStatusCheck {
+			protectBranch.StatusCheckContexts = f.StatusCheckContexts
+		} else {
+			protectBranch.StatusCheckContexts = nil
+		}
+
+		protectBranch.RequiredApprovals = f.RequiredApprovals
+		protectBranch.EnableApprovalsWhitelist = f.EnableApprovalsWhitelist
+		if f.EnableApprovalsWhitelist {
+			if strings.TrimSpace(f.ApprovalsWhitelistUsers) != "" {
+				approvalsWhitelistUsers, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistUsers, ","))
+			}
+			if strings.TrimSpace(f.ApprovalsWhitelistTeams) != "" {
+				approvalsWhitelistTeams, _ = base.StringsToInt64s(strings.Split(f.ApprovalsWhitelistTeams, ","))
+			}
+		}
+		protectBranch.BlockOnRejectedReviews = f.BlockOnRejectedReviews
+		protectBranch.BlockOnOfficialReviewRequests = f.BlockOnOfficialReviewRequests
+		protectBranch.DismissStaleApprovals = f.DismissStaleApprovals
+		protectBranch.RequireSignedCommits = f.RequireSignedCommits
+		protectBranch.ProtectedFilePatterns = f.ProtectedFilePatterns
+		protectBranch.BlockOnOutdatedBranch = f.BlockOnOutdatedBranch
+
+		err = models.UpdateProtectBranch(ctx.Repo.Repository, protectBranch, models.WhitelistOptions{
+			UserIDs:          whitelistUsers,
+			TeamIDs:          whitelistTeams,
+			MergeUserIDs:     mergeWhitelistUsers,
+			MergeTeamIDs:     mergeWhitelistTeams,
+			ApprovalsUserIDs: approvalsWhitelistUsers,
+			ApprovalsTeamIDs: approvalsWhitelistTeams,
+		})
+		if err != nil {
+			ctx.ServerError("UpdateProtectBranch", err)
+			return
+		}
+		if err = pull_service.CheckPrsForBaseBranch(ctx.Repo.Repository, protectBranch.BranchName); err != nil {
+			ctx.ServerError("CheckPrsForBaseBranch", err)
+			return
+		}
+		ctx.Flash.Success(ctx.Tr("repo.settings.update_protect_branch_success", branch))
+		ctx.Redirect(fmt.Sprintf("%s/settings/branches/%s", ctx.Repo.RepoLink, branch))
+	} else {
+		if protectBranch != nil {
+			if err := ctx.Repo.Repository.DeleteProtectedBranch(protectBranch.ID); err != nil {
+				ctx.ServerError("DeleteProtectedBranch", err)
+				return
+			}
+		}
+		ctx.Flash.Success(ctx.Tr("repo.settings.remove_protected_branch_success", branch))
+		ctx.Redirect(fmt.Sprintf("%s/settings/branches", ctx.Repo.RepoLink))
+	}
+}

routers/web/repo/settings_test.go

@@ -0,0 +1,413 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"io/ioutil"
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func createSSHAuthorizedKeysTmpPath(t *testing.T) func() {
+	tmpDir, err := ioutil.TempDir("", "tmp-ssh")
+	if err != nil {
+		assert.Fail(t, "Unable to create temporary directory: %v", err)
+		return nil
+	}
+
+	oldPath := setting.SSH.RootPath
+	setting.SSH.RootPath = tmpDir
+
+	return func() {
+		setting.SSH.RootPath = oldPath
+		util.RemoveAll(tmpDir)
+	}
+}
+
+func TestAddReadOnlyDeployKey(t *testing.T) {
+	if deferable := createSSHAuthorizedKeysTmpPath(t); deferable != nil {
+		defer deferable()
+	} else {
+		return
+	}
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/settings/keys")
+
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 2)
+
+	addKeyForm := forms.AddKeyForm{
+		Title:   "read-only",
+		Content: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
+	}
+	web.SetForm(ctx, &addKeyForm)
+	DeployKeysPost(ctx)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+
+	models.AssertExistsAndLoadBean(t, &models.DeployKey{
+		Name:    addKeyForm.Title,
+		Content: addKeyForm.Content,
+		Mode:    models.AccessModeRead,
+	})
+}
+
+func TestAddReadWriteOnlyDeployKey(t *testing.T) {
+	if deferable := createSSHAuthorizedKeysTmpPath(t); deferable != nil {
+		defer deferable()
+	} else {
+		return
+	}
+
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/settings/keys")
+
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 2)
+
+	addKeyForm := forms.AddKeyForm{
+		Title:      "read-write",
+		Content:    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
+		IsWritable: true,
+	}
+	web.SetForm(ctx, &addKeyForm)
+	DeployKeysPost(ctx)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+
+	models.AssertExistsAndLoadBean(t, &models.DeployKey{
+		Name:    addKeyForm.Title,
+		Content: addKeyForm.Content,
+		Mode:    models.AccessModeWrite,
+	})
+}
+
+func TestCollaborationPost(t *testing.T) {
+
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/issues/labels")
+	test.LoadUser(t, ctx, 2)
+	test.LoadUser(t, ctx, 4)
+	test.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user4")
+
+	u := &models.User{
+		LowerName: "user2",
+		Type:      models.UserTypeIndividual,
+	}
+
+	re := &models.Repository{
+		ID:    2,
+		Owner: u,
+	}
+
+	repo := &context.Repository{
+		Owner:      u,
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+
+	exists, err := re.IsCollaborator(4)
+	assert.NoError(t, err)
+	assert.True(t, exists)
+}
+
+func TestCollaborationPost_InactiveUser(t *testing.T) {
+
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/issues/labels")
+	test.LoadUser(t, ctx, 2)
+	test.LoadUser(t, ctx, 9)
+	test.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user9")
+
+	repo := &context.Repository{
+		Owner: &models.User{
+			LowerName: "user2",
+		},
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestCollaborationPost_AddCollaboratorTwice(t *testing.T) {
+
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/issues/labels")
+	test.LoadUser(t, ctx, 2)
+	test.LoadUser(t, ctx, 4)
+	test.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user4")
+
+	u := &models.User{
+		LowerName: "user2",
+		Type:      models.UserTypeIndividual,
+	}
+
+	re := &models.Repository{
+		ID:    2,
+		Owner: u,
+	}
+
+	repo := &context.Repository{
+		Owner:      u,
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+
+	exists, err := re.IsCollaborator(4)
+	assert.NoError(t, err)
+	assert.True(t, exists)
+
+	// Try adding the same collaborator again
+	CollaborationPost(ctx)
+
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestCollaborationPost_NonExistentUser(t *testing.T) {
+
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "user2/repo1/issues/labels")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+
+	ctx.Req.Form.Set("collaborator", "user34")
+
+	repo := &context.Repository{
+		Owner: &models.User{
+			LowerName: "user2",
+		},
+	}
+
+	ctx.Repo = repo
+
+	CollaborationPost(ctx)
+
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestAddTeamPost(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team11")
+
+	org := &models.User{
+		LowerName: "org26",
+		Type:      models.UserTypeOrganization,
+	}
+
+	team := &models.Team{
+		ID:    11,
+		OrgID: 26,
+	}
+
+	re := &models.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &models.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+
+	assert.True(t, team.HasRepository(re.ID))
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	assert.Empty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestAddTeamPost_NotAllowed(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team11")
+
+	org := &models.User{
+		LowerName: "org26",
+		Type:      models.UserTypeOrganization,
+	}
+
+	team := &models.Team{
+		ID:    11,
+		OrgID: 26,
+	}
+
+	re := &models.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &models.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: false,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+
+	assert.False(t, team.HasRepository(re.ID))
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+
+}
+
+func TestAddTeamPost_AddTeamTwice(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team11")
+
+	org := &models.User{
+		LowerName: "org26",
+		Type:      models.UserTypeOrganization,
+	}
+
+	team := &models.Team{
+		ID:    11,
+		OrgID: 26,
+	}
+
+	re := &models.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &models.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+
+	AddTeamPost(ctx)
+	assert.True(t, team.HasRepository(re.ID))
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestAddTeamPost_NonExistentTeam(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "org26/repo43")
+
+	ctx.Req.Form.Set("team", "team-non-existent")
+
+	org := &models.User{
+		LowerName: "org26",
+		Type:      models.UserTypeOrganization,
+	}
+
+	re := &models.Repository{
+		ID:      43,
+		Owner:   org,
+		OwnerID: 26,
+	}
+
+	repo := &context.Repository{
+		Owner: &models.User{
+			ID:                        26,
+			LowerName:                 "org26",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	AddTeamPost(ctx)
+	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+	assert.NotEmpty(t, ctx.Flash.ErrorMsg)
+}
+
+func TestDeleteTeam(t *testing.T) {
+	models.PrepareTestEnv(t)
+	ctx := test.MockContext(t, "org3/team1/repo3")
+
+	ctx.Req.Form.Set("id", "2")
+
+	org := &models.User{
+		LowerName: "org3",
+		Type:      models.UserTypeOrganization,
+	}
+
+	team := &models.Team{
+		ID:    2,
+		OrgID: 3,
+	}
+
+	re := &models.Repository{
+		ID:      3,
+		Owner:   org,
+		OwnerID: 3,
+	}
+
+	repo := &context.Repository{
+		Owner: &models.User{
+			ID:                        3,
+			LowerName:                 "org3",
+			RepoAdminChangeTeamAccess: true,
+		},
+		Repository: re,
+	}
+
+	ctx.Repo = repo
+
+	DeleteTeam(ctx)
+
+	assert.False(t, team.HasRepository(re.ID))
+}

routers/web/repo/topic.go

@@ -0,0 +1,61 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"net/http"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+)
+
+// TopicsPost response for creating repository
+func TopicsPost(ctx *context.Context) {
+	if ctx.User == nil {
+		ctx.JSON(http.StatusForbidden, map[string]interface{}{
+			"message": "Only owners could change the topics.",
+		})
+		return
+	}
+
+	var topics = make([]string, 0)
+	var topicsStr = strings.TrimSpace(ctx.Query("topics"))
+	if len(topicsStr) > 0 {
+		topics = strings.Split(topicsStr, ",")
+	}
+
+	validTopics, invalidTopics := models.SanitizeAndValidateTopics(topics)
+
+	if len(validTopics) > 25 {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]interface{}{
+			"invalidTopics": nil,
+			"message":       ctx.Tr("repo.topic.count_prompt"),
+		})
+		return
+	}
+
+	if len(invalidTopics) > 0 {
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]interface{}{
+			"invalidTopics": invalidTopics,
+			"message":       ctx.Tr("repo.topic.format_prompt"),
+		})
+		return
+	}
+
+	err := models.SaveTopics(ctx.Repo.Repository.ID, validTopics...)
+	if err != nil {
+		log.Error("SaveTopics failed: %v", err)
+		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
+			"message": "Save topics failed.",
+		})
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"status": "ok",
+	})
+}

routers/web/repo/view.go

@@ -0,0 +1,808 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2014 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"bytes"
+	"encoding/base64"
+	"fmt"
+	gotemplate "html/template"
+	"io"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"path"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/cache"
+	"code.gitea.io/gitea/modules/charset"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/highlight"
+	"code.gitea.io/gitea/modules/lfs"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/typesniffer"
+)
+
+const (
+	tplRepoEMPTY base.TplName = "repo/empty"
+	tplRepoHome  base.TplName = "repo/home"
+	tplWatchers  base.TplName = "repo/watchers"
+	tplForks     base.TplName = "repo/forks"
+	tplMigrating base.TplName = "repo/migrate/migrating"
+)
+
+type namedBlob struct {
+	name      string
+	isSymlink bool
+	blob      *git.Blob
+}
+
+func linesBytesCount(s []byte) int {
+	nl := []byte{'\n'}
+	n := bytes.Count(s, nl)
+	if len(s) > 0 && !bytes.HasSuffix(s, nl) {
+		n++
+	}
+	return n
+}
+
+// FIXME: There has to be a more efficient way of doing this
+func getReadmeFileFromPath(commit *git.Commit, treePath string) (*namedBlob, error) {
+	tree, err := commit.SubTree(treePath)
+	if err != nil {
+		return nil, err
+	}
+
+	entries, err := tree.ListEntries()
+	if err != nil {
+		return nil, err
+	}
+
+	var readmeFiles [4]*namedBlob
+	var exts = []string{".md", ".txt", ""} // sorted by priority
+	for _, entry := range entries {
+		if entry.IsDir() {
+			continue
+		}
+		for i, ext := range exts {
+			if markup.IsReadmeFile(entry.Name(), ext) {
+				if readmeFiles[i] == nil || base.NaturalSortLess(readmeFiles[i].name, entry.Blob().Name()) {
+					name := entry.Name()
+					isSymlink := entry.IsLink()
+					target := entry
+					if isSymlink {
+						target, err = entry.FollowLinks()
+						if err != nil && !git.IsErrBadLink(err) {
+							return nil, err
+						}
+					}
+					if target != nil && (target.IsExecutable() || target.IsRegular()) {
+						readmeFiles[i] = &namedBlob{
+							name,
+							isSymlink,
+							target.Blob(),
+						}
+					}
+				}
+			}
+		}
+
+		if markup.IsReadmeFile(entry.Name()) {
+			if readmeFiles[3] == nil || base.NaturalSortLess(readmeFiles[3].name, entry.Blob().Name()) {
+				name := entry.Name()
+				isSymlink := entry.IsLink()
+				if isSymlink {
+					entry, err = entry.FollowLinks()
+					if err != nil && !git.IsErrBadLink(err) {
+						return nil, err
+					}
+				}
+				if entry != nil && (entry.IsExecutable() || entry.IsRegular()) {
+					readmeFiles[3] = &namedBlob{
+						name,
+						isSymlink,
+						entry.Blob(),
+					}
+				}
+			}
+		}
+	}
+	var readmeFile *namedBlob
+	for _, f := range readmeFiles {
+		if f != nil {
+			readmeFile = f
+			break
+		}
+	}
+	return readmeFile, nil
+}
+
+func renderDirectory(ctx *context.Context, treeLink string) {
+	tree, err := ctx.Repo.Commit.SubTree(ctx.Repo.TreePath)
+	if err != nil {
+		ctx.NotFoundOrServerError("Repo.Commit.SubTree", git.IsErrNotExist, err)
+		return
+	}
+
+	entries, err := tree.ListEntries()
+	if err != nil {
+		ctx.ServerError("ListEntries", err)
+		return
+	}
+	entries.CustomSort(base.NaturalSortLess)
+
+	var c *git.LastCommitCache
+	if setting.CacheService.LastCommit.Enabled && ctx.Repo.CommitsCount >= setting.CacheService.LastCommit.CommitsCount {
+		c = git.NewLastCommitCache(ctx.Repo.Repository.FullName(), ctx.Repo.GitRepo, setting.LastCommitCacheTTLSeconds, cache.GetCache())
+	}
+
+	var latestCommit *git.Commit
+	ctx.Data["Files"], latestCommit, err = entries.GetCommitsInfo(ctx, ctx.Repo.Commit, ctx.Repo.TreePath, c)
+	if err != nil {
+		ctx.ServerError("GetCommitsInfo", err)
+		return
+	}
+
+	// 3 for the extensions in exts[] in order
+	// the last one is for a readme that doesn't
+	// strictly match an extension
+	var readmeFiles [4]*namedBlob
+	var docsEntries [3]*git.TreeEntry
+	var exts = []string{".md", ".txt", ""} // sorted by priority
+	for _, entry := range entries {
+		if entry.IsDir() {
+			lowerName := strings.ToLower(entry.Name())
+			switch lowerName {
+			case "docs":
+				if entry.Name() == "docs" || docsEntries[0] == nil {
+					docsEntries[0] = entry
+				}
+			case ".gitea":
+				if entry.Name() == ".gitea" || docsEntries[1] == nil {
+					docsEntries[1] = entry
+				}
+			case ".github":
+				if entry.Name() == ".github" || docsEntries[2] == nil {
+					docsEntries[2] = entry
+				}
+			}
+			continue
+		}
+
+		for i, ext := range exts {
+			if markup.IsReadmeFile(entry.Name(), ext) {
+				log.Debug("%s", entry.Name())
+				name := entry.Name()
+				isSymlink := entry.IsLink()
+				target := entry
+				if isSymlink {
+					target, err = entry.FollowLinks()
+					if err != nil && !git.IsErrBadLink(err) {
+						ctx.ServerError("FollowLinks", err)
+						return
+					}
+				}
+				log.Debug("%t", target == nil)
+				if target != nil && (target.IsExecutable() || target.IsRegular()) {
+					readmeFiles[i] = &namedBlob{
+						name,
+						isSymlink,
+						target.Blob(),
+					}
+				}
+			}
+		}
+
+		if markup.IsReadmeFile(entry.Name()) {
+			name := entry.Name()
+			isSymlink := entry.IsLink()
+			if isSymlink {
+				entry, err = entry.FollowLinks()
+				if err != nil && !git.IsErrBadLink(err) {
+					ctx.ServerError("FollowLinks", err)
+					return
+				}
+			}
+			if entry != nil && (entry.IsExecutable() || entry.IsRegular()) {
+				readmeFiles[3] = &namedBlob{
+					name,
+					isSymlink,
+					entry.Blob(),
+				}
+			}
+		}
+	}
+
+	var readmeFile *namedBlob
+	readmeTreelink := treeLink
+	for _, f := range readmeFiles {
+		if f != nil {
+			readmeFile = f
+			break
+		}
+	}
+
+	if ctx.Repo.TreePath == "" && readmeFile == nil {
+		for _, entry := range docsEntries {
+			if entry == nil {
+				continue
+			}
+			readmeFile, err = getReadmeFileFromPath(ctx.Repo.Commit, entry.GetSubJumpablePathName())
+			if err != nil {
+				ctx.ServerError("getReadmeFileFromPath", err)
+				return
+			}
+			if readmeFile != nil {
+				readmeFile.name = entry.Name() + "/" + readmeFile.name
+				readmeTreelink = treeLink + "/" + entry.GetSubJumpablePathName()
+				break
+			}
+		}
+	}
+
+	if readmeFile != nil {
+		ctx.Data["RawFileLink"] = ""
+		ctx.Data["ReadmeInList"] = true
+		ctx.Data["ReadmeExist"] = true
+		ctx.Data["FileIsSymlink"] = readmeFile.isSymlink
+
+		dataRc, err := readmeFile.blob.DataAsync()
+		if err != nil {
+			ctx.ServerError("Data", err)
+			return
+		}
+		defer dataRc.Close()
+
+		buf := make([]byte, 1024)
+		n, _ := dataRc.Read(buf)
+		buf = buf[:n]
+
+		st := typesniffer.DetectContentType(buf)
+		isTextFile := st.IsText()
+
+		ctx.Data["FileIsText"] = isTextFile
+		ctx.Data["FileName"] = readmeFile.name
+		fileSize := int64(0)
+		isLFSFile := false
+		ctx.Data["IsLFSFile"] = false
+
+		// FIXME: what happens when README file is an image?
+		if isTextFile && setting.LFS.StartServer {
+			pointer, _ := lfs.ReadPointerFromBuffer(buf)
+			if pointer.IsValid() {
+				meta, err := ctx.Repo.Repository.GetLFSMetaObjectByOid(pointer.Oid)
+				if err != nil && err != models.ErrLFSObjectNotExist {
+					ctx.ServerError("GetLFSMetaObject", err)
+					return
+				}
+				if meta != nil {
+					ctx.Data["IsLFSFile"] = true
+					isLFSFile = true
+
+					// OK read the lfs object
+					var err error
+					dataRc, err = lfs.ReadMetaObject(pointer)
+					if err != nil {
+						ctx.ServerError("ReadMetaObject", err)
+						return
+					}
+					defer dataRc.Close()
+
+					buf = make([]byte, 1024)
+					n, err = dataRc.Read(buf)
+					if err != nil {
+						ctx.ServerError("Data", err)
+						return
+					}
+					buf = buf[:n]
+
+					st = typesniffer.DetectContentType(buf)
+					isTextFile = st.IsText()
+					ctx.Data["IsTextFile"] = isTextFile
+
+					fileSize = meta.Size
+					ctx.Data["FileSize"] = meta.Size
+					filenameBase64 := base64.RawURLEncoding.EncodeToString([]byte(readmeFile.name))
+					ctx.Data["RawFileLink"] = fmt.Sprintf("%s%s.git/info/lfs/objects/%s/%s", setting.AppURL, ctx.Repo.Repository.FullName(), meta.Oid, filenameBase64)
+				}
+			}
+		}
+
+		if !isLFSFile {
+			fileSize = readmeFile.blob.Size()
+		}
+
+		if isTextFile {
+			if fileSize >= setting.UI.MaxDisplayFileSize {
+				// Pretend that this is a normal text file to display 'This file is too large to be shown'
+				ctx.Data["IsFileTooLarge"] = true
+				ctx.Data["IsTextFile"] = true
+				ctx.Data["FileSize"] = fileSize
+			} else {
+				rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc))
+
+				if markupType := markup.Type(readmeFile.name); markupType != "" {
+					ctx.Data["IsMarkup"] = true
+					ctx.Data["MarkupType"] = string(markupType)
+					var result strings.Builder
+					err := markup.Render(&markup.RenderContext{
+						Filename:  readmeFile.name,
+						URLPrefix: readmeTreelink,
+						Metas:     ctx.Repo.Repository.ComposeDocumentMetas(),
+					}, rd, &result)
+					if err != nil {
+						log.Error("Render failed: %v then fallback", err)
+						bs, _ := ioutil.ReadAll(rd)
+						ctx.Data["FileContent"] = strings.ReplaceAll(
+							gotemplate.HTMLEscapeString(string(bs)), "\n", `<br>`,
+						)
+					} else {
+						ctx.Data["FileContent"] = result.String()
+					}
+				} else {
+					ctx.Data["IsRenderedHTML"] = true
+					ctx.Data["FileContent"] = strings.ReplaceAll(
+						gotemplate.HTMLEscapeString(string(buf)), "\n", `<br>`,
+					)
+				}
+			}
+		}
+	}
+
+	// Show latest commit info of repository in table header,
+	// or of directory if not in root directory.
+	ctx.Data["LatestCommit"] = latestCommit
+	verification := models.ParseCommitWithSignature(latestCommit)
+
+	if err := models.CalculateTrustStatus(verification, ctx.Repo.Repository, nil); err != nil {
+		ctx.ServerError("CalculateTrustStatus", err)
+		return
+	}
+	ctx.Data["LatestCommitVerification"] = verification
+
+	ctx.Data["LatestCommitUser"] = models.ValidateCommitWithEmail(latestCommit)
+
+	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository.ID, ctx.Repo.Commit.ID.String(), models.ListOptions{})
+	if err != nil {
+		log.Error("GetLatestCommitStatus: %v", err)
+	}
+
+	ctx.Data["LatestCommitStatus"] = models.CalcCommitStatus(statuses)
+	ctx.Data["LatestCommitStatuses"] = statuses
+
+	// Check permission to add or upload new file.
+	if ctx.Repo.CanWrite(models.UnitTypeCode) && ctx.Repo.IsViewBranch {
+		ctx.Data["CanAddFile"] = !ctx.Repo.Repository.IsArchived
+		ctx.Data["CanUploadFile"] = setting.Repository.Upload.Enabled && !ctx.Repo.Repository.IsArchived
+	}
+
+	ctx.Data["SSHDomain"] = setting.SSH.Domain
+}
+
+func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink string) {
+	ctx.Data["IsViewFile"] = true
+	blob := entry.Blob()
+	dataRc, err := blob.DataAsync()
+	if err != nil {
+		ctx.ServerError("DataAsync", err)
+		return
+	}
+	defer dataRc.Close()
+
+	ctx.Data["Title"] = ctx.Data["Title"].(string) + " - " + ctx.Repo.TreePath + " at " + ctx.Repo.BranchName
+
+	fileSize := blob.Size()
+	ctx.Data["FileIsSymlink"] = entry.IsLink()
+	ctx.Data["FileName"] = blob.Name()
+	ctx.Data["RawFileLink"] = rawLink + "/" + ctx.Repo.TreePath
+
+	buf := make([]byte, 1024)
+	n, _ := dataRc.Read(buf)
+	buf = buf[:n]
+
+	st := typesniffer.DetectContentType(buf)
+	isTextFile := st.IsText()
+
+	isLFSFile := false
+	isDisplayingSource := ctx.Query("display") == "source"
+	isDisplayingRendered := !isDisplayingSource
+
+	//Check for LFS meta file
+	if isTextFile && setting.LFS.StartServer {
+		pointer, _ := lfs.ReadPointerFromBuffer(buf)
+		if pointer.IsValid() {
+			meta, err := ctx.Repo.Repository.GetLFSMetaObjectByOid(pointer.Oid)
+			if err != nil && err != models.ErrLFSObjectNotExist {
+				ctx.ServerError("GetLFSMetaObject", err)
+				return
+			}
+			if meta != nil {
+				isLFSFile = true
+
+				// OK read the lfs object
+				var err error
+				dataRc, err = lfs.ReadMetaObject(pointer)
+				if err != nil {
+					ctx.ServerError("ReadMetaObject", err)
+					return
+				}
+				defer dataRc.Close()
+
+				buf = make([]byte, 1024)
+				n, err = dataRc.Read(buf)
+				// Error EOF don't mean there is an error, it just means we read to
+				// the end
+				if err != nil && err != io.EOF {
+					ctx.ServerError("Data", err)
+					return
+				}
+				buf = buf[:n]
+
+				st = typesniffer.DetectContentType(buf)
+				isTextFile = st.IsText()
+
+				fileSize = meta.Size
+				ctx.Data["RawFileLink"] = fmt.Sprintf("%s/media/%s/%s", ctx.Repo.RepoLink, ctx.Repo.BranchNameSubURL(), ctx.Repo.TreePath)
+			}
+		}
+	}
+
+	isRepresentableAsText := st.IsRepresentableAsText()
+	if !isRepresentableAsText {
+		// If we can't show plain text, always try to render.
+		isDisplayingSource = false
+		isDisplayingRendered = true
+	}
+	ctx.Data["IsLFSFile"] = isLFSFile
+	ctx.Data["FileSize"] = fileSize
+	ctx.Data["IsTextFile"] = isTextFile
+	ctx.Data["IsRepresentableAsText"] = isRepresentableAsText
+	ctx.Data["IsDisplayingSource"] = isDisplayingSource
+	ctx.Data["IsDisplayingRendered"] = isDisplayingRendered
+	ctx.Data["IsTextSource"] = isTextFile || isDisplayingSource
+
+	// Check LFS Lock
+	lfsLock, err := ctx.Repo.Repository.GetTreePathLock(ctx.Repo.TreePath)
+	ctx.Data["LFSLock"] = lfsLock
+	if err != nil {
+		ctx.ServerError("GetTreePathLock", err)
+		return
+	}
+	if lfsLock != nil {
+		ctx.Data["LFSLockOwner"] = lfsLock.Owner.DisplayName()
+		ctx.Data["LFSLockHint"] = ctx.Tr("repo.editor.this_file_locked")
+	}
+
+	// Assume file is not editable first.
+	if isLFSFile {
+		ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.cannot_edit_lfs_files")
+	} else if !isRepresentableAsText {
+		ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.cannot_edit_non_text_files")
+	}
+
+	switch {
+	case isRepresentableAsText:
+		if st.IsSvgImage() {
+			ctx.Data["IsImageFile"] = true
+			ctx.Data["HasSourceRenderedToggle"] = true
+		}
+
+		if fileSize >= setting.UI.MaxDisplayFileSize {
+			ctx.Data["IsFileTooLarge"] = true
+			break
+		}
+
+		rd := charset.ToUTF8WithFallbackReader(io.MultiReader(bytes.NewReader(buf), dataRc))
+		readmeExist := markup.IsReadmeFile(blob.Name())
+		ctx.Data["ReadmeExist"] = readmeExist
+		if markupType := markup.Type(blob.Name()); markupType != "" {
+			ctx.Data["IsMarkup"] = true
+			ctx.Data["MarkupType"] = markupType
+			var result strings.Builder
+			err := markup.Render(&markup.RenderContext{
+				Filename:  blob.Name(),
+				URLPrefix: path.Dir(treeLink),
+				Metas:     ctx.Repo.Repository.ComposeDocumentMetas(),
+			}, rd, &result)
+			if err != nil {
+				ctx.ServerError("Render", err)
+				return
+			}
+			ctx.Data["FileContent"] = result.String()
+		} else if readmeExist {
+			buf, _ := ioutil.ReadAll(rd)
+			ctx.Data["IsRenderedHTML"] = true
+			ctx.Data["FileContent"] = strings.ReplaceAll(
+				gotemplate.HTMLEscapeString(string(buf)), "\n", `<br>`,
+			)
+		} else {
+			buf, _ := ioutil.ReadAll(rd)
+			lineNums := linesBytesCount(buf)
+			ctx.Data["NumLines"] = strconv.Itoa(lineNums)
+			ctx.Data["NumLinesSet"] = true
+			ctx.Data["FileContent"] = highlight.File(lineNums, blob.Name(), buf)
+		}
+		if !isLFSFile {
+			if ctx.Repo.CanEnableEditor() {
+				if lfsLock != nil && lfsLock.OwnerID != ctx.User.ID {
+					ctx.Data["CanEditFile"] = false
+					ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
+				} else {
+					ctx.Data["CanEditFile"] = true
+					ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.edit_this_file")
+				}
+			} else if !ctx.Repo.IsViewBranch {
+				ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
+			} else if !ctx.Repo.CanWrite(models.UnitTypeCode) {
+				ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.fork_before_edit")
+			}
+		}
+
+	case st.IsPDF():
+		ctx.Data["IsPDFFile"] = true
+	case st.IsVideo():
+		ctx.Data["IsVideoFile"] = true
+	case st.IsAudio():
+		ctx.Data["IsAudioFile"] = true
+	case st.IsImage() && (setting.UI.SVG.Enabled || !st.IsSvgImage()):
+		ctx.Data["IsImageFile"] = true
+	default:
+		if fileSize >= setting.UI.MaxDisplayFileSize {
+			ctx.Data["IsFileTooLarge"] = true
+			break
+		}
+
+		if markupType := markup.Type(blob.Name()); markupType != "" {
+			rd := io.MultiReader(bytes.NewReader(buf), dataRc)
+			ctx.Data["IsMarkup"] = true
+			ctx.Data["MarkupType"] = markupType
+			var result strings.Builder
+			err := markup.Render(&markup.RenderContext{
+				Filename:  blob.Name(),
+				URLPrefix: path.Dir(treeLink),
+				Metas:     ctx.Repo.Repository.ComposeDocumentMetas(),
+			}, rd, &result)
+			if err != nil {
+				ctx.ServerError("Render", err)
+				return
+			}
+			ctx.Data["FileContent"] = result.String()
+		}
+	}
+
+	if ctx.Repo.CanEnableEditor() {
+		if lfsLock != nil && lfsLock.OwnerID != ctx.User.ID {
+			ctx.Data["CanDeleteFile"] = false
+			ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.this_file_locked")
+		} else {
+			ctx.Data["CanDeleteFile"] = true
+			ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.delete_this_file")
+		}
+	} else if !ctx.Repo.IsViewBranch {
+		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_be_on_a_branch")
+	} else if !ctx.Repo.CanWrite(models.UnitTypeCode) {
+		ctx.Data["DeleteFileTooltip"] = ctx.Tr("repo.editor.must_have_write_access")
+	}
+}
+
+func safeURL(address string) string {
+	u, err := url.Parse(address)
+	if err != nil {
+		return address
+	}
+	u.User = nil
+	return u.String()
+}
+
+// Home render repository home page
+func Home(ctx *context.Context) {
+	if len(ctx.Repo.Units) > 0 {
+		if ctx.Repo.Repository.IsBeingCreated() {
+			task, err := models.GetMigratingTask(ctx.Repo.Repository.ID)
+			if err != nil {
+				ctx.ServerError("models.GetMigratingTask", err)
+				return
+			}
+			cfg, err := task.MigrateConfig()
+			if err != nil {
+				ctx.ServerError("task.MigrateConfig", err)
+				return
+			}
+
+			ctx.Data["Repo"] = ctx.Repo
+			ctx.Data["MigrateTask"] = task
+			ctx.Data["CloneAddr"] = safeURL(cfg.CloneAddr)
+			ctx.HTML(http.StatusOK, tplMigrating)
+			return
+		}
+
+		if ctx.IsSigned {
+			// Set repo notification-status read if unread
+			if err := ctx.Repo.Repository.ReadBy(ctx.User.ID); err != nil {
+				ctx.ServerError("ReadBy", err)
+				return
+			}
+		}
+
+		var firstUnit *models.Unit
+		for _, repoUnit := range ctx.Repo.Units {
+			if repoUnit.Type == models.UnitTypeCode {
+				renderCode(ctx)
+				return
+			}
+
+			unit, ok := models.Units[repoUnit.Type]
+			if ok && (firstUnit == nil || !firstUnit.IsLessThan(unit)) {
+				firstUnit = &unit
+			}
+		}
+
+		if firstUnit != nil {
+			ctx.Redirect(fmt.Sprintf("%s/%s%s", setting.AppSubURL, ctx.Repo.Repository.FullName(), firstUnit.URI))
+			return
+		}
+	}
+
+	ctx.NotFound("Home", fmt.Errorf(ctx.Tr("units.error.no_unit_allowed_repo")))
+}
+
+func renderLanguageStats(ctx *context.Context) {
+	langs, err := ctx.Repo.Repository.GetTopLanguageStats(5)
+	if err != nil {
+		ctx.ServerError("Repo.GetTopLanguageStats", err)
+		return
+	}
+
+	ctx.Data["LanguageStats"] = langs
+}
+
+func renderRepoTopics(ctx *context.Context) {
+	topics, err := models.FindTopics(&models.FindTopicOptions{
+		RepoID: ctx.Repo.Repository.ID,
+	})
+	if err != nil {
+		ctx.ServerError("models.FindTopics", err)
+		return
+	}
+	ctx.Data["Topics"] = topics
+}
+
+func renderCode(ctx *context.Context) {
+	ctx.Data["PageIsViewCode"] = true
+
+	if ctx.Repo.Repository.IsEmpty {
+		ctx.HTML(http.StatusOK, tplRepoEMPTY)
+		return
+	}
+
+	title := ctx.Repo.Repository.Owner.Name + "/" + ctx.Repo.Repository.Name
+	if len(ctx.Repo.Repository.Description) > 0 {
+		title += ": " + ctx.Repo.Repository.Description
+	}
+	ctx.Data["Title"] = title
+
+	branchLink := ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
+	treeLink := branchLink
+	rawLink := ctx.Repo.RepoLink + "/raw/" + ctx.Repo.BranchNameSubURL()
+
+	if len(ctx.Repo.TreePath) > 0 {
+		treeLink += "/" + ctx.Repo.TreePath
+	}
+
+	// Get Topics of this repo
+	renderRepoTopics(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	// Get current entry user currently looking at.
+	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(ctx.Repo.TreePath)
+	if err != nil {
+		ctx.NotFoundOrServerError("Repo.Commit.GetTreeEntryByPath", git.IsErrNotExist, err)
+		return
+	}
+
+	renderLanguageStats(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	if entry.IsDir() {
+		renderDirectory(ctx, treeLink)
+	} else {
+		renderFile(ctx, entry, treeLink, rawLink)
+	}
+	if ctx.Written() {
+		return
+	}
+
+	var treeNames []string
+	paths := make([]string, 0, 5)
+	if len(ctx.Repo.TreePath) > 0 {
+		treeNames = strings.Split(ctx.Repo.TreePath, "/")
+		for i := range treeNames {
+			paths = append(paths, strings.Join(treeNames[:i+1], "/"))
+		}
+
+		ctx.Data["HasParentPath"] = true
+		if len(paths)-2 >= 0 {
+			ctx.Data["ParentPath"] = "/" + paths[len(paths)-2]
+		}
+	}
+
+	ctx.Data["Paths"] = paths
+	ctx.Data["TreeLink"] = treeLink
+	ctx.Data["TreeNames"] = treeNames
+	ctx.Data["BranchLink"] = branchLink
+	ctx.HTML(http.StatusOK, tplRepoHome)
+}
+
+// RenderUserCards render a page show users according the input templaet
+func RenderUserCards(ctx *context.Context, total int, getter func(opts models.ListOptions) ([]*models.User, error), tpl base.TplName) {
+	page := ctx.QueryInt("page")
+	if page <= 0 {
+		page = 1
+	}
+	pager := context.NewPagination(total, models.ItemsPerPage, page, 5)
+	ctx.Data["Page"] = pager
+
+	items, err := getter(models.ListOptions{
+		Page:     pager.Paginater.Current(),
+		PageSize: models.ItemsPerPage,
+	})
+	if err != nil {
+		ctx.ServerError("getter", err)
+		return
+	}
+	ctx.Data["Cards"] = items
+
+	ctx.HTML(http.StatusOK, tpl)
+}
+
+// Watchers render repository's watch users
+func Watchers(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.watchers")
+	ctx.Data["CardsTitle"] = ctx.Tr("repo.watchers")
+	ctx.Data["PageIsWatchers"] = true
+
+	RenderUserCards(ctx, ctx.Repo.Repository.NumWatches, ctx.Repo.Repository.GetWatchers, tplWatchers)
+}
+
+// Stars render repository's starred users
+func Stars(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.stargazers")
+	ctx.Data["CardsTitle"] = ctx.Tr("repo.stargazers")
+	ctx.Data["PageIsStargazers"] = true
+	RenderUserCards(ctx, ctx.Repo.Repository.NumStars, ctx.Repo.Repository.GetStargazers, tplWatchers)
+}
+
+// Forks render repository's forked users
+func Forks(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repos.forks")
+
+	// TODO: need pagination
+	forks, err := ctx.Repo.Repository.GetForks(models.ListOptions{})
+	if err != nil {
+		ctx.ServerError("GetForks", err)
+		return
+	}
+
+	for _, fork := range forks {
+		if err = fork.GetOwner(); err != nil {
+			ctx.ServerError("GetOwner", err)
+			return
+		}
+	}
+	ctx.Data["Forks"] = forks
+
+	ctx.HTML(http.StatusOK, tplForks)
+}

routers/web/repo/wiki.go

@@ -0,0 +1,684 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"bytes"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/markup/markdown"
+	"code.gitea.io/gitea/modules/timeutil"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/routers/common"
+	"code.gitea.io/gitea/services/forms"
+	wiki_service "code.gitea.io/gitea/services/wiki"
+)
+
+const (
+	tplWikiStart    base.TplName = "repo/wiki/start"
+	tplWikiView     base.TplName = "repo/wiki/view"
+	tplWikiRevision base.TplName = "repo/wiki/revision"
+	tplWikiNew      base.TplName = "repo/wiki/new"
+	tplWikiPages    base.TplName = "repo/wiki/pages"
+)
+
+// MustEnableWiki check if wiki is enabled, if external then redirect
+func MustEnableWiki(ctx *context.Context) {
+	if !ctx.Repo.CanRead(models.UnitTypeWiki) &&
+		!ctx.Repo.CanRead(models.UnitTypeExternalWiki) {
+		if log.IsTrace() {
+			log.Trace("Permission Denied: User %-v cannot read %-v or %-v of repo %-v\n"+
+				"User in repo has Permissions: %-+v",
+				ctx.User,
+				models.UnitTypeWiki,
+				models.UnitTypeExternalWiki,
+				ctx.Repo.Repository,
+				ctx.Repo.Permission)
+		}
+		ctx.NotFound("MustEnableWiki", nil)
+		return
+	}
+
+	unit, err := ctx.Repo.Repository.GetUnit(models.UnitTypeExternalWiki)
+	if err == nil {
+		ctx.Redirect(unit.ExternalWikiConfig().ExternalWikiURL)
+		return
+	}
+}
+
+// PageMeta wiki page meta information
+type PageMeta struct {
+	Name        string
+	SubURL      string
+	UpdatedUnix timeutil.TimeStamp
+}
+
+// findEntryForFile finds the tree entry for a target filepath.
+func findEntryForFile(commit *git.Commit, target string) (*git.TreeEntry, error) {
+	entry, err := commit.GetTreeEntryByPath(target)
+	if err != nil && !git.IsErrNotExist(err) {
+		return nil, err
+	}
+	if entry != nil {
+		return entry, nil
+	}
+
+	// Then the unescaped, shortest alternative
+	var unescapedTarget string
+	if unescapedTarget, err = url.QueryUnescape(target); err != nil {
+		return nil, err
+	}
+	return commit.GetTreeEntryByPath(unescapedTarget)
+}
+
+func findWikiRepoCommit(ctx *context.Context) (*git.Repository, *git.Commit, error) {
+	wikiRepo, err := git.OpenRepository(ctx.Repo.Repository.WikiPath())
+	if err != nil {
+		ctx.ServerError("OpenRepository", err)
+		return nil, nil, err
+	}
+
+	commit, err := wikiRepo.GetBranchCommit("master")
+	if err != nil {
+		return wikiRepo, nil, err
+	}
+	return wikiRepo, commit, nil
+}
+
+// wikiContentsByEntry returns the contents of the wiki page referenced by the
+// given tree entry. Writes to ctx if an error occurs.
+func wikiContentsByEntry(ctx *context.Context, entry *git.TreeEntry) []byte {
+	reader, err := entry.Blob().DataAsync()
+	if err != nil {
+		ctx.ServerError("Blob.Data", err)
+		return nil
+	}
+	defer reader.Close()
+	content, err := ioutil.ReadAll(reader)
+	if err != nil {
+		ctx.ServerError("ReadAll", err)
+		return nil
+	}
+	return content
+}
+
+// wikiContentsByName returns the contents of a wiki page, along with a boolean
+// indicating whether the page exists. Writes to ctx if an error occurs.
+func wikiContentsByName(ctx *context.Context, commit *git.Commit, wikiName string) ([]byte, *git.TreeEntry, string, bool) {
+	pageFilename := wiki_service.NameToFilename(wikiName)
+	entry, err := findEntryForFile(commit, pageFilename)
+	if err != nil && !git.IsErrNotExist(err) {
+		ctx.ServerError("findEntryForFile", err)
+		return nil, nil, "", false
+	} else if entry == nil {
+		return nil, nil, "", true
+	}
+	return wikiContentsByEntry(ctx, entry), entry, pageFilename, false
+}
+
+func renderViewPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
+	wikiRepo, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if !git.IsErrNotExist(err) {
+			ctx.ServerError("GetBranchCommit", err)
+		}
+		return nil, nil
+	}
+
+	// Get page list.
+	entries, err := commit.ListEntries()
+	if err != nil {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		ctx.ServerError("ListEntries", err)
+		return nil, nil
+	}
+	pages := make([]PageMeta, 0, len(entries))
+	for _, entry := range entries {
+		if !entry.IsRegular() {
+			continue
+		}
+		wikiName, err := wiki_service.FilenameToName(entry.Name())
+		if err != nil {
+			if models.IsErrWikiInvalidFileName(err) {
+				continue
+			}
+			if wikiRepo != nil {
+				wikiRepo.Close()
+			}
+			ctx.ServerError("WikiFilenameToName", err)
+			return nil, nil
+		} else if wikiName == "_Sidebar" || wikiName == "_Footer" {
+			continue
+		}
+		pages = append(pages, PageMeta{
+			Name:   wikiName,
+			SubURL: wiki_service.NameToSubURL(wikiName),
+		})
+	}
+	ctx.Data["Pages"] = pages
+
+	// get requested pagename
+	pageName := wiki_service.NormalizeWikiName(ctx.Params(":page"))
+	if len(pageName) == 0 {
+		pageName = "Home"
+	}
+	ctx.Data["PageURL"] = wiki_service.NameToSubURL(pageName)
+	ctx.Data["old_title"] = pageName
+	ctx.Data["Title"] = pageName
+	ctx.Data["title"] = pageName
+	ctx.Data["RequireHighlightJS"] = true
+
+	//lookup filename in wiki - get filecontent, gitTree entry , real filename
+	data, entry, pageFilename, noEntry := wikiContentsByName(ctx, commit, pageName)
+	if noEntry {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/_pages")
+	}
+	if entry == nil || ctx.Written() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return nil, nil
+	}
+
+	sidebarContent, _, _, _ := wikiContentsByName(ctx, commit, "_Sidebar")
+	if ctx.Written() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return nil, nil
+	}
+
+	footerContent, _, _, _ := wikiContentsByName(ctx, commit, "_Footer")
+	if ctx.Written() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return nil, nil
+	}
+
+	var rctx = &markup.RenderContext{
+		URLPrefix: ctx.Repo.RepoLink,
+		Metas:     ctx.Repo.Repository.ComposeDocumentMetas(),
+		IsWiki:    true,
+	}
+
+	var buf strings.Builder
+	if err := markdown.Render(rctx, bytes.NewReader(data), &buf); err != nil {
+		ctx.ServerError("Render", err)
+		return nil, nil
+	}
+	ctx.Data["content"] = buf.String()
+
+	buf.Reset()
+	if err := markdown.Render(rctx, bytes.NewReader(sidebarContent), &buf); err != nil {
+		ctx.ServerError("Render", err)
+		return nil, nil
+	}
+	ctx.Data["sidebarPresent"] = sidebarContent != nil
+	ctx.Data["sidebarContent"] = buf.String()
+
+	buf.Reset()
+	if err := markdown.Render(rctx, bytes.NewReader(footerContent), &buf); err != nil {
+		ctx.ServerError("Render", err)
+		return nil, nil
+	}
+	ctx.Data["footerPresent"] = footerContent != nil
+	ctx.Data["footerContent"] = buf.String()
+
+	// get commit count - wiki revisions
+	commitsCount, _ := wikiRepo.FileCommitsCount("master", pageFilename)
+	ctx.Data["CommitCount"] = commitsCount
+
+	return wikiRepo, entry
+}
+
+func renderRevisionPage(ctx *context.Context) (*git.Repository, *git.TreeEntry) {
+	wikiRepo, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		if !git.IsErrNotExist(err) {
+			ctx.ServerError("GetBranchCommit", err)
+		}
+		return nil, nil
+	}
+
+	// get requested pagename
+	pageName := wiki_service.NormalizeWikiName(ctx.Params(":page"))
+	if len(pageName) == 0 {
+		pageName = "Home"
+	}
+	ctx.Data["PageURL"] = wiki_service.NameToSubURL(pageName)
+	ctx.Data["old_title"] = pageName
+	ctx.Data["Title"] = pageName
+	ctx.Data["title"] = pageName
+	ctx.Data["RequireHighlightJS"] = true
+	ctx.Data["Username"] = ctx.Repo.Owner.Name
+	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
+
+	//lookup filename in wiki - get filecontent, gitTree entry , real filename
+	data, entry, pageFilename, noEntry := wikiContentsByName(ctx, commit, pageName)
+	if noEntry {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/_pages")
+	}
+	if entry == nil || ctx.Written() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return nil, nil
+	}
+
+	ctx.Data["content"] = string(data)
+	ctx.Data["sidebarPresent"] = false
+	ctx.Data["sidebarContent"] = ""
+	ctx.Data["footerPresent"] = false
+	ctx.Data["footerContent"] = ""
+
+	// get commit count - wiki revisions
+	commitsCount, _ := wikiRepo.FileCommitsCount("master", pageFilename)
+	ctx.Data["CommitCount"] = commitsCount
+
+	// get page
+	page := ctx.QueryInt("page")
+	if page <= 1 {
+		page = 1
+	}
+
+	// get Commit Count
+	commitsHistory, err := wikiRepo.CommitsByFileAndRangeNoFollow("master", pageFilename, page)
+	if err != nil {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		ctx.ServerError("CommitsByFileAndRangeNoFollow", err)
+		return nil, nil
+	}
+	commitsHistory = models.ValidateCommitsWithEmails(commitsHistory)
+	commitsHistory = models.ParseCommitsWithSignature(commitsHistory, ctx.Repo.Repository)
+
+	ctx.Data["Commits"] = commitsHistory
+
+	pager := context.NewPagination(int(commitsCount), git.CommitsRangeSize, page, 5)
+	pager.SetDefaultParams(ctx)
+	ctx.Data["Page"] = pager
+
+	return wikiRepo, entry
+}
+
+func renderEditPage(ctx *context.Context) {
+	wikiRepo, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		if !git.IsErrNotExist(err) {
+			ctx.ServerError("GetBranchCommit", err)
+		}
+		return
+	}
+	defer func() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+	}()
+
+	// get requested pagename
+	pageName := wiki_service.NormalizeWikiName(ctx.Params(":page"))
+	if len(pageName) == 0 {
+		pageName = "Home"
+	}
+	ctx.Data["PageURL"] = wiki_service.NameToSubURL(pageName)
+	ctx.Data["old_title"] = pageName
+	ctx.Data["Title"] = pageName
+	ctx.Data["title"] = pageName
+	ctx.Data["RequireHighlightJS"] = true
+
+	//lookup filename in wiki - get filecontent, gitTree entry , real filename
+	data, entry, _, noEntry := wikiContentsByName(ctx, commit, pageName)
+	if noEntry {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki/_pages")
+	}
+	if entry == nil || ctx.Written() {
+		return
+	}
+
+	ctx.Data["content"] = string(data)
+	ctx.Data["sidebarPresent"] = false
+	ctx.Data["sidebarContent"] = ""
+	ctx.Data["footerPresent"] = false
+	ctx.Data["footerContent"] = ""
+}
+
+// Wiki renders single wiki page
+func Wiki(ctx *context.Context) {
+	ctx.Data["PageIsWiki"] = true
+	ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(models.UnitTypeWiki) && !ctx.Repo.Repository.IsArchived
+
+	if !ctx.Repo.Repository.HasWiki() {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	wikiRepo, entry := renderViewPage(ctx)
+	if ctx.Written() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return
+	}
+	defer func() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+	}()
+	if entry == nil {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	wikiPath := entry.Name()
+	if markup.Type(wikiPath) != markdown.MarkupName {
+		ext := strings.ToUpper(filepath.Ext(wikiPath))
+		ctx.Data["FormatWarning"] = fmt.Sprintf("%s rendering is not supported at the moment. Rendered as Markdown.", ext)
+	}
+	// Get last change information.
+	lastCommit, err := wikiRepo.GetCommitByPath(wikiPath)
+	if err != nil {
+		ctx.ServerError("GetCommitByPath", err)
+		return
+	}
+	ctx.Data["Author"] = lastCommit.Author
+
+	ctx.HTML(http.StatusOK, tplWikiView)
+}
+
+// WikiRevision renders file revision list of wiki page
+func WikiRevision(ctx *context.Context) {
+	ctx.Data["PageIsWiki"] = true
+	ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(models.UnitTypeWiki) && !ctx.Repo.Repository.IsArchived
+
+	if !ctx.Repo.Repository.HasWiki() {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	wikiRepo, entry := renderRevisionPage(ctx)
+	if ctx.Written() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return
+	}
+	defer func() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+	}()
+	if entry == nil {
+		ctx.Data["Title"] = ctx.Tr("repo.wiki")
+		ctx.HTML(http.StatusOK, tplWikiStart)
+		return
+	}
+
+	// Get last change information.
+	wikiPath := entry.Name()
+	lastCommit, err := wikiRepo.GetCommitByPath(wikiPath)
+	if err != nil {
+		ctx.ServerError("GetCommitByPath", err)
+		return
+	}
+	ctx.Data["Author"] = lastCommit.Author
+
+	ctx.HTML(http.StatusOK, tplWikiRevision)
+}
+
+// WikiPages render wiki pages list page
+func WikiPages(ctx *context.Context) {
+	if !ctx.Repo.Repository.HasWiki() {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki")
+		return
+	}
+
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.pages")
+	ctx.Data["PageIsWiki"] = true
+	ctx.Data["CanWriteWiki"] = ctx.Repo.CanWrite(models.UnitTypeWiki) && !ctx.Repo.Repository.IsArchived
+
+	wikiRepo, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+		return
+	}
+
+	entries, err := commit.ListEntries()
+	if err != nil {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+
+		ctx.ServerError("ListEntries", err)
+		return
+	}
+	pages := make([]PageMeta, 0, len(entries))
+	for _, entry := range entries {
+		if !entry.IsRegular() {
+			continue
+		}
+		c, err := wikiRepo.GetCommitByPath(entry.Name())
+		if err != nil {
+			if wikiRepo != nil {
+				wikiRepo.Close()
+			}
+
+			ctx.ServerError("GetCommit", err)
+			return
+		}
+		wikiName, err := wiki_service.FilenameToName(entry.Name())
+		if err != nil {
+			if models.IsErrWikiInvalidFileName(err) {
+				continue
+			}
+			if wikiRepo != nil {
+				wikiRepo.Close()
+			}
+
+			ctx.ServerError("WikiFilenameToName", err)
+			return
+		}
+		pages = append(pages, PageMeta{
+			Name:        wikiName,
+			SubURL:      wiki_service.NameToSubURL(wikiName),
+			UpdatedUnix: timeutil.TimeStamp(c.Author.When.Unix()),
+		})
+	}
+	ctx.Data["Pages"] = pages
+
+	defer func() {
+		if wikiRepo != nil {
+			wikiRepo.Close()
+		}
+	}()
+	ctx.HTML(http.StatusOK, tplWikiPages)
+}
+
+// WikiRaw outputs raw blob requested by user (image for example)
+func WikiRaw(ctx *context.Context) {
+	wikiRepo, commit, err := findWikiRepoCommit(ctx)
+	if err != nil {
+		if wikiRepo != nil {
+			return
+		}
+	}
+
+	providedPath := ctx.Params("*")
+
+	var entry *git.TreeEntry
+	if commit != nil {
+		// Try to find a file with that name
+		entry, err = findEntryForFile(commit, providedPath)
+		if err != nil && !git.IsErrNotExist(err) {
+			ctx.ServerError("findFile", err)
+			return
+		}
+
+		if entry == nil {
+			// Try to find a wiki page with that name
+			if strings.HasSuffix(providedPath, ".md") {
+				providedPath = providedPath[:len(providedPath)-3]
+			}
+
+			wikiPath := wiki_service.NameToFilename(providedPath)
+			entry, err = findEntryForFile(commit, wikiPath)
+			if err != nil && !git.IsErrNotExist(err) {
+				ctx.ServerError("findFile", err)
+				return
+			}
+		}
+	}
+
+	if entry != nil {
+		if err = common.ServeBlob(ctx, entry.Blob()); err != nil {
+			ctx.ServerError("ServeBlob", err)
+		}
+		return
+	}
+
+	ctx.NotFound("findEntryForFile", nil)
+}
+
+// NewWiki render wiki create page
+func NewWiki(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
+	ctx.Data["PageIsWiki"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+
+	if !ctx.Repo.Repository.HasWiki() {
+		ctx.Data["title"] = "Home"
+	}
+
+	ctx.HTML(http.StatusOK, tplWikiNew)
+}
+
+// NewWikiPost response for wiki create request
+func NewWikiPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewWikiForm)
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
+	ctx.Data["PageIsWiki"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplWikiNew)
+		return
+	}
+
+	if util.IsEmptyString(form.Title) {
+		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplWikiNew, form)
+		return
+	}
+
+	wikiName := wiki_service.NormalizeWikiName(form.Title)
+
+	if len(form.Message) == 0 {
+		form.Message = ctx.Tr("repo.editor.add", form.Title)
+	}
+
+	if err := wiki_service.AddWikiPage(ctx.User, ctx.Repo.Repository, wikiName, form.Content, form.Message); err != nil {
+		if models.IsErrWikiReservedName(err) {
+			ctx.Data["Err_Title"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.wiki.reserved_page", wikiName), tplWikiNew, &form)
+		} else if models.IsErrWikiAlreadyExist(err) {
+			ctx.Data["Err_Title"] = true
+			ctx.RenderWithErr(ctx.Tr("repo.wiki.page_already_exists"), tplWikiNew, &form)
+		} else {
+			ctx.ServerError("AddWikiPage", err)
+		}
+		return
+	}
+
+	ctx.Redirect(ctx.Repo.RepoLink + "/wiki/" + wiki_service.NameToSubURL(wikiName))
+}
+
+// EditWiki render wiki modify page
+func EditWiki(ctx *context.Context) {
+	ctx.Data["PageIsWiki"] = true
+	ctx.Data["PageIsWikiEdit"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+
+	if !ctx.Repo.Repository.HasWiki() {
+		ctx.Redirect(ctx.Repo.RepoLink + "/wiki")
+		return
+	}
+
+	renderEditPage(ctx)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplWikiNew)
+}
+
+// EditWikiPost response for wiki modify request
+func EditWikiPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*forms.NewWikiForm)
+	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
+	ctx.Data["PageIsWiki"] = true
+	ctx.Data["RequireSimpleMDE"] = true
+
+	if ctx.HasError() {
+		ctx.HTML(http.StatusOK, tplWikiNew)
+		return
+	}
+
+	oldWikiName := wiki_service.NormalizeWikiName(ctx.Params(":page"))
+	newWikiName := wiki_service.NormalizeWikiName(form.Title)
+
+	if len(form.Message) == 0 {
+		form.Message = ctx.Tr("repo.editor.update", form.Title)
+	}
+
+	if err := wiki_service.EditWikiPage(ctx.User, ctx.Repo.Repository, oldWikiName, newWikiName, form.Content, form.Message); err != nil {
+		ctx.ServerError("EditWikiPage", err)
+		return
+	}
+
+	ctx.Redirect(ctx.Repo.RepoLink + "/wiki/" + wiki_service.NameToSubURL(newWikiName))
+}
+
+// DeleteWikiPagePost delete wiki page
+func DeleteWikiPagePost(ctx *context.Context) {
+	wikiName := wiki_service.NormalizeWikiName(ctx.Params(":page"))
+	if len(wikiName) == 0 {
+		wikiName = "Home"
+	}
+
+	if err := wiki_service.DeleteWikiPage(ctx.User, ctx.Repo.Repository, wikiName); err != nil {
+		ctx.ServerError("DeleteWikiPage", err)
+		return
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": ctx.Repo.RepoLink + "/wiki/",
+	})
+}

routers/web/repo/wiki_test.go

@@ -0,0 +1,215 @@
+// Copyright 2017 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package repo
+
+import (
+	"io/ioutil"
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+	wiki_service "code.gitea.io/gitea/services/wiki"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const content = "Wiki contents for unit tests"
+const message = "Wiki commit message for unit tests"
+
+func wikiEntry(t *testing.T, repo *models.Repository, wikiName string) *git.TreeEntry {
+	wikiRepo, err := git.OpenRepository(repo.WikiPath())
+	assert.NoError(t, err)
+	defer wikiRepo.Close()
+	commit, err := wikiRepo.GetBranchCommit("master")
+	assert.NoError(t, err)
+	entries, err := commit.ListEntries()
+	assert.NoError(t, err)
+	for _, entry := range entries {
+		if entry.Name() == wiki_service.NameToFilename(wikiName) {
+			return entry
+		}
+	}
+	return nil
+}
+
+func wikiContent(t *testing.T, repo *models.Repository, wikiName string) string {
+	entry := wikiEntry(t, repo, wikiName)
+	if !assert.NotNil(t, entry) {
+		return ""
+	}
+	reader, err := entry.Blob().DataAsync()
+	assert.NoError(t, err)
+	defer reader.Close()
+	bytes, err := ioutil.ReadAll(reader)
+	assert.NoError(t, err)
+	return string(bytes)
+}
+
+func assertWikiExists(t *testing.T, repo *models.Repository, wikiName string) {
+	assert.NotNil(t, wikiEntry(t, repo, wikiName))
+}
+
+func assertWikiNotExists(t *testing.T, repo *models.Repository, wikiName string) {
+	assert.Nil(t, wikiEntry(t, repo, wikiName))
+}
+
+func assertPagesMetas(t *testing.T, expectedNames []string, metas interface{}) {
+	pageMetas, ok := metas.([]PageMeta)
+	if !assert.True(t, ok) {
+		return
+	}
+	if !assert.Len(t, pageMetas, len(expectedNames)) {
+		return
+	}
+	for i, pageMeta := range pageMetas {
+		assert.EqualValues(t, expectedNames[i], pageMeta.Name)
+	}
+}
+
+func TestWiki(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/wiki/_pages")
+	ctx.SetParams(":page", "Home")
+	test.LoadRepo(t, ctx, 1)
+	Wiki(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	assert.EqualValues(t, "Home", ctx.Data["Title"])
+	assertPagesMetas(t, []string{"Home", "Page With Image", "Page With Spaced Name"}, ctx.Data["Pages"])
+}
+
+func TestWikiPages(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/wiki/_pages")
+	test.LoadRepo(t, ctx, 1)
+	WikiPages(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	assertPagesMetas(t, []string{"Home", "Page With Image", "Page With Spaced Name"}, ctx.Data["Pages"])
+}
+
+func TestNewWiki(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/wiki/_new")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	NewWiki(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	assert.EqualValues(t, ctx.Tr("repo.wiki.new_page"), ctx.Data["Title"])
+}
+
+func TestNewWikiPost(t *testing.T) {
+	for _, title := range []string{
+		"New page",
+		"&&&&",
+	} {
+		models.PrepareTestEnv(t)
+
+		ctx := test.MockContext(t, "user2/repo1/wiki/_new")
+		test.LoadUser(t, ctx, 2)
+		test.LoadRepo(t, ctx, 1)
+		web.SetForm(ctx, &forms.NewWikiForm{
+			Title:   title,
+			Content: content,
+			Message: message,
+		})
+		NewWikiPost(ctx)
+		assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+		assertWikiExists(t, ctx.Repo.Repository, title)
+		assert.Equal(t, wikiContent(t, ctx.Repo.Repository, title), content)
+	}
+}
+
+func TestNewWikiPost_ReservedName(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/wiki/_new")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	web.SetForm(ctx, &forms.NewWikiForm{
+		Title:   "_edit",
+		Content: content,
+		Message: message,
+	})
+	NewWikiPost(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	assert.EqualValues(t, ctx.Tr("repo.wiki.reserved_page"), ctx.Flash.ErrorMsg)
+	assertWikiNotExists(t, ctx.Repo.Repository, "_edit")
+}
+
+func TestEditWiki(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/wiki/_edit/Home")
+	ctx.SetParams(":page", "Home")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	EditWiki(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	assert.EqualValues(t, "Home", ctx.Data["Title"])
+	assert.Equal(t, wikiContent(t, ctx.Repo.Repository, "Home"), ctx.Data["content"])
+}
+
+func TestEditWikiPost(t *testing.T) {
+	for _, title := range []string{
+		"Home",
+		"New/<page>",
+	} {
+		models.PrepareTestEnv(t)
+		ctx := test.MockContext(t, "user2/repo1/wiki/_new/Home")
+		ctx.SetParams(":page", "Home")
+		test.LoadUser(t, ctx, 2)
+		test.LoadRepo(t, ctx, 1)
+		web.SetForm(ctx, &forms.NewWikiForm{
+			Title:   title,
+			Content: content,
+			Message: message,
+		})
+		EditWikiPost(ctx)
+		assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
+		assertWikiExists(t, ctx.Repo.Repository, title)
+		assert.Equal(t, wikiContent(t, ctx.Repo.Repository, title), content)
+		if title != "Home" {
+			assertWikiNotExists(t, ctx.Repo.Repository, "Home")
+		}
+	}
+}
+
+func TestDeleteWikiPagePost(t *testing.T) {
+	models.PrepareTestEnv(t)
+
+	ctx := test.MockContext(t, "user2/repo1/wiki/Home/delete")
+	test.LoadUser(t, ctx, 2)
+	test.LoadRepo(t, ctx, 1)
+	DeleteWikiPagePost(ctx)
+	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+	assertWikiNotExists(t, ctx.Repo.Repository, "Home")
+}
+
+func TestWikiRaw(t *testing.T) {
+	for filepath, filetype := range map[string]string{
+		"jpeg.jpg":                 "image/jpeg",
+		"images/jpeg.jpg":          "image/jpeg",
+		"Page With Spaced Name":    "text/plain; charset=utf-8",
+		"Page-With-Spaced-Name":    "text/plain; charset=utf-8",
+		"Page With Spaced Name.md": "text/plain; charset=utf-8",
+		"Page-With-Spaced-Name.md": "text/plain; charset=utf-8",
+	} {
+		models.PrepareTestEnv(t)
+
+		ctx := test.MockContext(t, "user2/repo1/wiki/raw/"+filepath)
+		ctx.SetParams("*", filepath)
+		test.LoadUser(t, ctx, 2)
+		test.LoadRepo(t, ctx, 1)
+		WikiRaw(ctx)
+		assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
+		assert.EqualValues(t, filetype, ctx.Resp.Header().Get("Content-Type"))
+	}
+}