Release GitBucket 4.36.0

Gitter is a name, and since that capitalized

.github/CODEOWNERS

@@ -0,0 +1,4 @@
+* @takezoe
+
+build.sbt @xuwei-k
+project/* @xuwei-k

.github/CONTRIBUTING.md

@@ -1,6 +1,6 @@
 # The guidelines for contributing
 
 - At first, see [Wiki](https://github.com/gitbucket/gitbucket/wiki) and check issues and pull requests whether there is a same request in the past.
-- The highest priority of GitBucket is the ease of installation and API compatibility with GitHub, so your feature request might be rejected if they go against those principles. If you don't wanna waste your time to make a pull request, ask us about your idea at [gitter room](https://gitter.im/gitbucket/gitbucket) before staring your work.
+- The highest priority of GitBucket is the ease of installation and API compatibility with GitHub, so your feature request might be rejected if they go against those principles. If you don't wanna waste your time to make a pull request, ask us about your idea at [gitter room](https://gitter.im/gitbucket/gitbucket) before starting your work.
 - You can edit the GitBucket documentation on Wiki if you have a GitHub account. When you find any mistakes or lacks in the documentation, please update it directly.
 - All your contributions are handled as [Apache Software License, Version 2.0](https://github.com/gitbucket/gitbucket/blob/master/LICENSE). When you create a pull request or update the documentation, we assume you agreed this clause.

.github/ISSUE_TEMPLATE.md

@@ -12,7 +12,7 @@
 **Deployment mode**: *explain here how you use GitBucket : standalone app, under webcontainer (which one), with an http frontend (nginx, httpd, ...)*
 
 **Problem description**:
-- *be as explicit has you can*
+- *be as explicit as you can*
 - *describe the problem and its symptoms*
 - *explain how to reproduce*
 - *attach whatever information that can help understanding the context (screen capture, log files)*

.github/workflows/build.yml

@@ -5,13 +5,14 @@ on: [push, pull_request]
 jobs:
   build:
     runs-on: ubuntu-latest
+    timeout-minutes: 30
     strategy:
       matrix:
         java: [8, 11]
     steps:
     - uses: actions/checkout@v2
     - name: Cache
-      uses: actions/cache@v2
+      uses: actions/cache@v2.1.6
       env:
         cache-name: cache-sbt-libs
       with:
@@ -21,11 +22,14 @@ jobs:
           ~/.cache/coursier/v1
         key: build-${{ env.cache-name }}-${{ hashFiles('build.sbt') }}
     - name: Set up JDK
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v2
       with:
         java-version: ${{ matrix.java }}
+        distribution: adopt
     - name: Run tests
       run: sbt scalafmtSbtCheck scalafmtCheck test:scalafmtCheck test
+    - name: Scala 3
+      run: sbt '++ 3.0.1!' update # TODO
     - name: Build executable
       run: sbt executable
     - name: Upload artifacts

.scala-steward.conf

@@ -0,0 +1,7 @@
+updates.limit = 3
+
+updates.includeScala = true
+
+updates.pin = [
+  { groupId = "org.eclipse.jetty", version = "9." }
+]

CHANGELOG.md

@@ -1,6 +1,25 @@
 # Changelog
 All changes to the project will be documented in this file.
 
+### 4.36.0 - 17 Jul 2021
+- Tag selector in the repository viewer
+- Link iusses/pull requests of other repositories
+- Files and lines can be linked in the diff view
+- Option to disable XSS protection
+
+### 4.35.3 - 14 Jan 2021
+- Fix a bug that Wiki page cannot be deleted
+- Fix a deployment issue on Tomcat
+
+### 4.35.2 - 30 Dec 2020
+- Upgrade gitbucket-notifications-plugin to 1.10.0
+- Upgrade oauth2-oidc-sdk to 8.29.1 to solve dependency issue
+
+### 4.35.1 - 29 Dec 2020
+- Fix database migration issue which happens if webhook is configured
+- Call push webhook when pull request is merged
+- Show commit status at commits tab of pull request
+
 ### 4.35.0 - 25 Dec 2020
 - Editor and source viewer color theme
 - Auto completion for issues and pull requests

README.md

@@ -8,6 +8,8 @@ GitBucket is a Git web platform powered by Scala offering:
 - High extensibility by plugins
 - API compatibility with GitHub
 
+![GitBucket](https://gitbucket.github.io/img/screenshots/screenshot-repository_viewer.png)
+
 You can try an [online demo](https://gitbucket.herokuapp.com/) *(ID: root / Pass: root)* of GitBucket, and also get the latest information at [GitBucket News](https://gitbucket.github.io/gitbucket-news/).
 
 Features
@@ -22,8 +24,6 @@ The current version of GitBucket provides many features such as:
 - Account and group management with LDAP integration
 - a Plug-in system
 
-If you want to try the development version of GitBucket, see the [Developer's Guide](https://github.com/gitbucket/gitbucket/blob/master/doc/readme.md).
-
 Installation
 --------
 GitBucket requires **Java8**. You have to install it, if it is not already installed.
@@ -48,24 +48,25 @@ GitBucket has a plug-in system that allows extra functionality. Officially the f
 
 You can find more plugins made by the community at [GitBucket community plugins](https://gitbucket-plugins.github.io/).
 
+Building and Development
+-----------
+If you want to try the development version of GitBucket, or want to contribute to the project, please see the [Developer's Guide](https://github.com/gitbucket/gitbucket/blob/master/doc/readme.md).
+It provides instructions on building from source and on setting up an IDE for debugging. 
+It also contains documentation of the core concepts used within the project.
+
 Support
 --------
 
 - If you have any questions about GitBucket, see [Wiki](https://github.com/gitbucket/gitbucket/wiki) and check issues whether there is a same question or request in the past.
-- If you can't find same question and report, send it to [gitter room](https://gitter.im/gitbucket/gitbucket) before raising an issue.
+- If you can't find same question and report, send it to our [Gitter room](https://gitter.im/gitbucket/gitbucket) before raising an issue.
 - The highest priority of GitBucket is the ease of installation and API compatibility with GitHub, so your feature request might be rejected if they go against those principles.
 
-What's New in 4.34.x
+What's New in 4.36.x
 -------------
-### 4.35.0 - 25 Dec 2020
+### 4.36.0 - 17 Jul 2021
-
+- Tag selector in the repository viewer
-- Editor and source viewer color theme
+- Link iusses/pull requests of other repositories
-- Auto completion for issues and pull requests
+- Files and lines can be linked in the diff view
-- Upload image from clipboard
+- Option to disable XSS protection
-- Close multiple issues by commit comment
-- Create pull request from online editor
-- Milestone overview
-- Commit status at various places
-- WebAPI coverage improvements
 
 See the [change log](CHANGELOG.md) for all of the updates.

build.sbt

@@ -1,23 +1,21 @@
 import com.typesafe.sbt.license.{DepModuleInfo, LicenseInfo}
-import com.typesafe.sbt.pgp.PgpKeys._
+import com.jsuereth.sbtpgp.PgpKeys._
 
 val Organization = "io.github.gitbucket"
 val Name = "gitbucket"
-val GitBucketVersion = "4.35.0"
+val GitBucketVersion = "4.36.0"
-val ScalatraVersion = "2.7.0"
+val ScalatraVersion = "2.7.1"
-val JettyVersion = "9.4.32.v20200930"
+val JettyVersion = "9.4.43.v20210629"
-val JgitVersion = "5.9.0.202009080501-r"
+val JgitVersion = "5.12.0.202106070339-r"
 
 lazy val root = (project in file("."))
   .enablePlugins(SbtTwirl, ScalatraPlugin)
-  .settings(
-    )
 
 sourcesInBase := false
 organization := Organization
 name := Name
 version := GitBucketVersion
-scalaVersion := "2.13.1"
+scalaVersion := "2.13.6"
 
 scalafmtOnCompile := true
 
@@ -33,64 +31,80 @@ resolvers ++= Seq(
 libraryDependencies ++= Seq(
   "org.eclipse.jgit"                % "org.eclipse.jgit.http.server" % JgitVersion,
   "org.eclipse.jgit"                % "org.eclipse.jgit.archive"     % JgitVersion,
-  "org.scalatra"                    %% "scalatra"                    % ScalatraVersion,
+  "org.scalatra"                    %% "scalatra"                    % ScalatraVersion cross CrossVersion.for3Use2_13,
-  "org.scalatra"                    %% "scalatra-json"               % ScalatraVersion,
+  "org.scalatra"                    %% "scalatra-json"               % ScalatraVersion cross CrossVersion.for3Use2_13,
-  "org.scalatra"                    %% "scalatra-forms"              % ScalatraVersion,
+  "org.scalatra"                    %% "scalatra-forms"              % ScalatraVersion cross CrossVersion.for3Use2_13,
-  "org.json4s"                      %% "json4s-jackson"              % "3.6.10",
+  "org.json4s"                      %% "json4s-jackson"              % "3.6.11" cross CrossVersion.for3Use2_13,
-  "commons-io"                      % "commons-io"                   % "2.8.0",
+  "commons-io"                      % "commons-io"                   % "2.11.0",
   "io.github.gitbucket"             % "solidbase"                    % "1.0.3",
   "io.github.gitbucket"             % "markedj"                      % "1.0.16",
-  "org.apache.commons"              % "commons-compress"             % "1.20",
+  "org.apache.commons"              % "commons-compress"             % "1.21",
   "org.apache.commons"              % "commons-email"                % "1.5",
-  "commons-net"                     % "commons-net"                  % "3.7",
+  "commons-net"                     % "commons-net"                  % "3.8.0",
-  "org.apache.httpcomponents"       % "httpclient"                   % "4.5.12",
+  "org.apache.httpcomponents"       % "httpclient"                   % "4.5.13",
   "org.apache.sshd"                 % "apache-sshd"                  % "2.1.0" exclude ("org.slf4j", "slf4j-jdk14") exclude ("org.apache.sshd", "sshd-mina") exclude ("org.apache.sshd", "sshd-netty"),
-  "org.apache.tika"                 % "tika-core"                    % "1.24.1",
+  "org.apache.tika"                 % "tika-core"                    % "1.27",
-  "com.github.takezoe"              %% "blocking-slick-32"           % "0.0.12",
+  "com.github.takezoe"              %% "blocking-slick-32"           % "0.0.12" cross CrossVersion.for3Use2_13,
   "com.novell.ldap"                 % "jldap"                        % "2009-10-07",
   "com.h2database"                  % "h2"                           % "1.4.199",
-  "org.mariadb.jdbc"                % "mariadb-java-client"          % "2.7.0",
+  "org.mariadb.jdbc"                % "mariadb-java-client"          % "2.7.3",
-  "org.postgresql"                  % "postgresql"                   % "42.2.6",
+  "org.postgresql"                  % "postgresql"                   % "42.2.23",
   "ch.qos.logback"                  % "logback-classic"              % "1.2.3",
-  "com.zaxxer"                      % "HikariCP"                     % "3.4.5",
+  "com.zaxxer"                      % "HikariCP"                     % "4.0.3",
-  "com.typesafe"                    % "config"                       % "1.4.0",
+  "com.typesafe"                    % "config"                       % "1.4.1",
   "fr.brouillard.oss.security.xhub" % "xhub4j-core"                  % "1.1.0",
-  "com.github.bkromhout"            % "java-diff-utils"              % "2.1.1",
+  "io.github.java-diff-utils"       % "java-diff-utils"              % "4.10",
-  "org.cache2k"                     % "cache2k-all"                  % "1.2.4.Final",
+  "org.cache2k"                     % "cache2k-all"                  % "1.6.0.Final",
-  "net.coobird"                     % "thumbnailator"                % "0.4.12",
+  "net.coobird"                     % "thumbnailator"                % "0.4.14",
   "com.github.zafarkhaja"           % "java-semver"                  % "0.9.0",
-  "com.nimbusds"                    % "oauth2-oidc-sdk"              % "5.64.4",
+  "com.nimbusds"                    % "oauth2-oidc-sdk"              % "9.10.1",
   "org.eclipse.jetty"               % "jetty-webapp"                 % JettyVersion % "provided",
   "javax.servlet"                   % "javax.servlet-api"            % "3.1.0" % "provided",
-  "junit"                           % "junit"                        % "4.13" % "test",
+  "junit"                           % "junit"                        % "4.13.2" % "test",
-  "org.scalatra"                    %% "scalatra-scalatest"          % ScalatraVersion % "test",
+  "org.scalatra"                    %% "scalatra-scalatest"          % ScalatraVersion % "test" cross CrossVersion.for3Use2_13,
-  "org.mockito"                     % "mockito-core"                 % "3.3.3" % "test",
+  "org.mockito"                     % "mockito-core"                 % "3.11.2" % "test",
-  "com.dimafeng"                    %% "testcontainers-scala"        % "0.37.0" % "test",
+  "com.dimafeng"                    %% "testcontainers-scala"        % "0.39.5" % "test",
-  "org.testcontainers"              % "mysql"                        % "1.14.3" % "test",
+  "org.testcontainers"              % "mysql"                        % "1.15.3" % "test",
-  "org.testcontainers"              % "postgresql"                   % "1.14.3" % "test",
+  "org.testcontainers"              % "postgresql"                   % "1.15.3" % "test",
   "net.i2p.crypto"                  % "eddsa"                        % "0.3.0",
   "is.tagomor.woothee"              % "woothee-java"                 % "1.11.0",
-  "org.ec4j.core"                   % "ec4j-core"                    % "0.0.3",
+  "org.ec4j.core"                   % "ec4j-core"                    % "0.3.0",
-  "org.kohsuke"                     % "github-api"                   % "1.116" % "test"
+  "org.kohsuke"                     % "github-api"                   % "1.131" % "test"
 )
 
+libraryDependencies ~= {
+  _.map {
+    case x if x.name == "twirl-api" =>
+      x cross CrossVersion.for3Use2_13
+    case x =>
+      x
+  }
+}
+
 // Compiler settings
-scalacOptions := Seq("-deprecation", "-language:postfixOps", "-opt:l:method")
+scalacOptions := Seq(
-javacOptions in compile ++= Seq("-target", "8", "-source", "8")
+  "-deprecation",
-javaOptions in Jetty += "-Dlogback.configurationFile=/logback-dev.xml"
+  "-language:postfixOps",
+  "-opt:l:method",
+  "-feature",
+  "-Wunused:imports",
+  "-Wconf:cat=unused&src=twirl/.*:s,cat=unused&src=scala/gitbucket/core/model/[^/]+\\.scala:s"
+)
+compile / javacOptions ++= Seq("-target", "8", "-source", "8")
+Jetty / javaOptions += "-Dlogback.configurationFile=/logback-dev.xml"
 
 // Test settings
 //testOptions in Test += Tests.Argument("-l", "ExternalDBTest")
-javaOptions in Test += "-Dgitbucket.home=target/gitbucket_home_for_test"
+Test / javaOptions += "-Dgitbucket.home=target/gitbucket_home_for_test"
-testOptions in Test += Tests.Setup(() => new java.io.File("target/gitbucket_home_for_test").mkdir())
+Test / testOptions += Tests.Setup(() => new java.io.File("target/gitbucket_home_for_test").mkdir())
-fork in Test := true
+Test / fork := true
 
 // Packaging options
 packageOptions += Package.MainClass("JettyLauncher")
 
 // Assembly settings
-test in assembly := {}
+assembly / test := {}
-assemblyMergeStrategy in assembly := {
+assembly / assemblyMergeStrategy := {
   case PathList("META-INF", xs @ _*) =>
     (xs map { _.toLowerCase }) match {
       case ("manifest.mf" :: Nil) => MergeStrategy.discard
@@ -122,9 +136,9 @@ libraryDependencies ++= Seq(
 )
 
 // Run package task before test to generate target/webapp for integration test
-test in Test := {
+Test / test := {
   _root_.sbt.Keys.`package`.value
-  (test in Test).value
+  (Test / test).value
 }
 
 val executableKey = TaskKey[File]("executable")
@@ -155,7 +169,7 @@ executableKey := {
   IO unzip (warFile, temp)
 
   // include launcher classes
-  val classDir = (Keys.classDirectory in Compile).value
+  val classDir = (Compile / Keys.classDirectory).value
   val launchClasses = Seq("JettyLauncher.class" /*, "HttpsSupportConnector.class" */ )
   launchClasses foreach { name =>
     IO copyFile (classDir / name, temp / name)
@@ -258,12 +272,7 @@ pomExtra := (
   </developers>
 )
 
-licenseOverrides := {
+Test / testOptions ++= {
-  case DepModuleInfo("com.github.bkromhout", "java-diff-utils", _) =>
-    LicenseInfo(LicenseCategory.Apache, "Apache-2.0", "http://www.apache.org/licenses/LICENSE-2.0")
-}
-
-testOptions in Test ++= {
   if (scala.util.Properties.isWin) {
     Seq(
       Tests.Exclude(
@@ -276,3 +285,8 @@ testOptions in Test ++= {
     Nil
   }
 }
+
+Jetty / javaOptions ++= Seq(
+  "-Xdebug",
+  "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=8000"
+)

doc/authenticator.md

@@ -2,7 +2,7 @@ Authentication in Controller
 ========
 GitBucket provides many [authenticators](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/util/Authenticator.scala) to access controlling in the controller.
 
-For example, in the case of `RepositoryViwerController`,
+For example, in the case of `RepositoryViewerController`,
 it references three authenticators: `ReadableUsersAuthenticator`, `ReferrerAuthenticator` and `CollaboratorsAuthenticator`.
 
 ```scala
@@ -19,13 +19,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   ...
 ```
 
-Authenticators provides a method to add guard to actions in the controller:
+Authenticators provide a method to add guard to actions in the controller:
 
 - `ReadableUsersAuthenticator` provides `readableUsersOnly` method
 - `ReferrerAuthenticator` provides `referrersOnly` method
 - `CollaboratorsAuthenticator` provides `collaboratorsOnly` method
 
-These methods are available in each actions as below:
+These methods are available in each action as below:
 
 ```scala
 // Allows only the repository owner (or manager for group repository) and administrators.
@@ -38,7 +38,7 @@ get("/:owner/:repository/new/*")(collaboratorsOnly { repository =>
   ...
 })
 
-// Allows only signed in users which can access the repository.
+// Allows only signed-in users which can access the repository.
 post("/:owner/:repository/commit/:id/comment/new", commentForm)(readableUsersOnly { (form, repository) =>
   ...
 })
@@ -50,11 +50,11 @@ Currently, GitBucket provides below authenticators:
 |--------------------------|-----------------|--------------------------------------------------------------------------------------|
 |OneselfAuthenticator      |oneselfOnly      |Allows only oneself and administrators.                                               |
 |OwnerAuthenticator        |ownerOnly        |Allows only the repository owner and administrators.                                  |
-|UsersAuthenticator        |usersOnly        |Allows only signed in users.                                                          |
+|UsersAuthenticator        |usersOnly        |Allows only signed-in users.                                                          |
 |AdminAuthenticator        |adminOnly        |Allows only administrators.                                                           |
 |CollaboratorsAuthenticator|collaboratorsOnly|Allows only collaborators and administrators.                                         |
 |ReferrerAuthenticator     |referrersOnly    |Allows only the repository owner (or manager for group repository) and administrators.|
-|ReadableUsersAuthenticator|readableUsersOnly|Allows only signed in users which can access the repository.                          |
+|ReadableUsersAuthenticator|readableUsersOnly|Allows only signed-in users which can access the repository.                          |
 |GroupManagerAuthenticator |managersOnly     |Allows only the group managers.                                                       |
 
-Of course, if you make a new plugin, you can define a your own authenticator according to requirement in your plugin.
+Of course, if you make a new plugin, you can implement your own authenticator according to requirement in your plugin.

doc/auto_update.md

@@ -2,7 +2,7 @@ Automatic Schema Updating
 ========
 GitBucket updates database schema automatically using [Solidbase](https://github.com/gitbucket/solidbase) in the first run after the upgrading.
 
-To release a new version of GitBucket, add the version definition to the [gitbucket.core.GitBucketCoreModule](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/GitBucketCoreModule.scala) at first.
+To release a new version of GitBucket, add the version definition to [gitbucket.core.GitBucketCoreModule](https://github.com/gitbucket/gitbucket/blob/master/src/main/scala/gitbucket/core/GitBucketCoreModule.scala) at first.
 
 ```scala
 object GitBucketCoreModule extends Module("gitbucket-core",
@@ -17,7 +17,7 @@ object GitBucketCoreModule extends Module("gitbucket-core",
 )
 ```
 
-Next, add a XML file which updates database schema into [/src/main/resources/update/](https://github.com/gitbucket/gitbucket/tree/master/src/main/resources/update) with a filenane defined in `GitBucketCoreModule`.
+Next, add a XML file which updates database schema into [/src/main/resources/update/](https://github.com/gitbucket/gitbucket/tree/master/src/main/resources/update) with a filename defined in `GitBucketCoreModule`.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -31,9 +31,9 @@ Next, add a XML file which updates database schema into [/src/main/resources/upd
 </changeSet>
 ```
 
-Solidbase stores the current version to `VERSIONS` table and checks it at start-up. If the stored version differs from the actual version, it executes differences between the stored version and the actual version.
+Solidbase stores the current version to `VERSIONS` table and checks it at start-up. If the stored version different from the actual version, it executes differences between the stored version and the actual version.
 
-We can add the SQL file instead of the XML file using `SqlMigration`. It try to load a SQL file from classpath as following order:
+We can add the SQL file instead of the XML file using `SqlMigration`. It tries to load a SQL file from classpath in the following order:
 
 1. Specified path (if specified)
 2. `${moduleId}_${version}_${database}.sql`
@@ -51,4 +51,4 @@ object GitBucketCoreModule extends Module("gitbucket-core",
 )
 ```
 
-See more details [README of Solidbase](https://github.com/gitbucket/solidbase).
+See more details at [README of Solidbase](https://github.com/gitbucket/solidbase).

doc/build.md

@@ -18,12 +18,12 @@ $ sbt ~jetty:start
 
 Then access `http://localhost:8080/` in your browser. The default administrator account is `root` and password is `root`.
 
-Source code modifications are detected and a reloaded happens automatically. You can modify the logging configuration by editing `src/main/resources/logback-dev.xml`.
+Source code modifications are detected and a reloading happens automatically. You can modify the logging configuration by editing `src/main/resources/logback-dev.xml`.
 
 Build war file
 --------
 
-To build war file, run the following command:
+To build a war file, run the following command:
 
 ```shell
 $ sbt package

project/build.properties

@@ -1 +1 @@
-sbt.version=1.4.4
+sbt.version=1.5.5

project/plugins.sbt

@@ -1,10 +1,10 @@
 scalacOptions ++= Seq("-unchecked", "-deprecation", "-feature")
 
-addSbtPlugin("com.geirsson"     % "sbt-scalafmt"         % "1.5.1")
+addSbtPlugin("org.scalameta"    % "sbt-scalafmt"         % "2.4.3")
-addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"            % "1.5.0")
+addSbtPlugin("com.typesafe.sbt" % "sbt-twirl"            % "1.5.1")
-addSbtPlugin("com.eed3si9n"     % "sbt-assembly"         % "0.15.0")
+addSbtPlugin("com.eed3si9n"     % "sbt-assembly"         % "1.0.0")
 addSbtPlugin("org.scalatra.sbt" % "sbt-scalatra"         % "1.0.4")
-addSbtPlugin("com.jsuereth"     % "sbt-pgp"              % "1.1.2")
+addSbtPlugin("com.github.sbt"   % "sbt-pgp"              % "2.1.2")
 addSbtPlugin("com.typesafe.sbt" % "sbt-license-report"   % "1.2.0")
 addSbtPlugin("net.virtual-void" % "sbt-dependency-graph" % "0.9.2")
-addSbtPlugin("org.scoverage"    % "sbt-scoverage"        % "1.6.1")
+addSbtPlugin("org.scoverage"    % "sbt-scoverage"        % "1.8.2")

src/main/resources/bundle-plugins.txt

@@ -1,4 +1,4 @@
-notifications:1.9.0
+notifications:1.10.0
 gist:4.20.0
 emoji:4.6.0
 pages:1.9.0

src/main/resources/update/gitbucket-core_4.35.xml

@@ -1,17 +1,35 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <changeSet>
+  <!--================================================================================================-->
+  <!-- WEB_HOOK -->
+  <!--================================================================================================-->
   <dropForeignKeyConstraint constraintName="IDX_WEB_HOOK_EVENT_FK0" baseTableName="WEB_HOOK_EVENT"/>
   <dropForeignKeyConstraint constraintName="IDX_WEB_HOOK_FK0" baseTableName="WEB_HOOK"/>
-  <dropPrimaryKey tableName="WEB_HOOK" constraintName="IDX_WEB_HOOK_PK"/>
+  <dropPrimaryKey constraintName="IDX_WEB_HOOK_PK" tableName="WEB_HOOK"/>
-  <addColumn tableName="WEB_HOOK">
+  
-    <column name="HOOK_ID" type="int" nullable="false" unique="true"/>
+  <createTable tableName="WEB_HOOK_2">
-  </addColumn>
+    <column name="HOOK_ID" type="int" nullable="true" autoIncrement="true" unique="false" primaryKeyName="IDX_WEB_HOOK_PK" primaryKey="true" />
-  <addPrimaryKey constraintName="IDX_WEB_HOOK_PK" tableName="WEB_HOOK" columnNames="USER_NAME, REPOSITORY_NAME, URL, HOOK_ID"/>
+    <column name="USER_NAME" type="varchar(100)" nullable="false"/>
+    <column name="REPOSITORY_NAME" type="varchar(100)" nullable="false"/>
+    <column name="URL" type="varchar(200)" nullable="false"/>
+    <column name="TOKEN" type="varchar(100)" nullable="true"/>
+    <column name="CTYPE" type="varchar(10)" nullable="true"/>
+  </createTable>
+
+  <sql>
+    INSERT INTO WEB_HOOK_2 (USER_NAME, REPOSITORY_NAME, URL, TOKEN, CTYPE) SELECT USER_NAME, REPOSITORY_NAME, URL, TOKEN, CTYPE FROM WEB_HOOK
+  </sql>
+
+  <renameTable newTableName="WEB_HOOK_BK" oldTableName="WEB_HOOK"/>
+  <renameTable newTableName="WEB_HOOK" oldTableName="WEB_HOOK_2"/>
+
   <addUniqueConstraint constraintName="IDX_WEB_HOOK_1" tableName="WEB_HOOK" columnNames="USER_NAME, REPOSITORY_NAME, URL"/>
   <addForeignKeyConstraint constraintName="IDX_WEB_HOOK_FK0" baseTableName="WEB_HOOK" baseColumnNames="USER_NAME, REPOSITORY_NAME" referencedTableName="REPOSITORY" referencedColumnNames="USER_NAME, REPOSITORY_NAME"/>
   <addForeignKeyConstraint constraintName="IDX_WEB_HOOK_EVENT_FK0" baseTableName="WEB_HOOK_EVENT" baseColumnNames="USER_NAME, REPOSITORY_NAME, URL" referencedTableName="WEB_HOOK" referencedColumnNames="USER_NAME, REPOSITORY_NAME, URL" onDelete="CASCADE" onUpdate="CASCADE"/>
-  <addAutoIncrement columnName="HOOK_ID" columnDataType="int" tableName="WEB_HOOK"/>
 
+  <!--================================================================================================-->
+  <!-- ACCOUNT_PREFERENCE -->
+  <!--================================================================================================-->
   <createTable tableName="ACCOUNT_PREFERENCE">
     <column name="USER_NAME" type="varchar(100)" nullable="false"/>
     <column name="HIGHLIGHTER_THEME" type="varchar(100)" nullable="false" defaultValue="prettify"/>

src/main/resources/update/gitbucket-core_4.36.xml

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<changeSet>
+  <addColumn tableName="REPOSITORY">
+    <column name="SAFE_MODE" type="boolean" nullable="false" defaultValue="true"/>
+  </addColumn>
+</changeSet>

src/main/scala/ScalatraBootstrap.scala

@@ -2,7 +2,6 @@ import java.util.EnumSet
 import javax.servlet._
 
 import gitbucket.core.controller.{ReleaseController, _}
-import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service.SystemSettingsService
 import gitbucket.core.servlet._
 import gitbucket.core.util.Directory

src/main/scala/gitbucket/core/GitBucketCoreModule.scala

@@ -12,7 +12,7 @@ import gitbucket.core.util.JDBCUtil
 import io.github.gitbucket.solidbase.Solidbase
 import io.github.gitbucket.solidbase.migration.{LiquibaseMigration, Migration, SqlMigration}
 import io.github.gitbucket.solidbase.model.{Module, Version}
-import org.json4s.NoTypeHints
+import org.json4s.{Formats, NoTypeHints}
 import org.json4s.jackson.Serialization
 import org.json4s.jackson.Serialization.write
 
@@ -85,7 +85,7 @@ object GitBucketCoreModule
         "4.34.0",
         new Migration() {
           override def migrate(moduleId: String, version: String, context: util.Map[String, AnyRef]): Unit = {
-            implicit val formats = Serialization.formats(NoTypeHints)
+            implicit val formats: Formats = Serialization.formats(NoTypeHints)
             import JDBCUtil._
 
             val conn = context.get(Solidbase.CONNECTION).asInstanceOf[Connection]
@@ -115,4 +115,8 @@ object GitBucketCoreModule
         new LiquibaseMigration("update/gitbucket-core_4.34.xml")
       ),
       new Version("4.35.0", new LiquibaseMigration("update/gitbucket-core_4.35.xml")),
+      new Version("4.35.1"),
+      new Version("4.35.2"),
+      new Version("4.35.3"),
+      new Version("4.36.0", new LiquibaseMigration("update/gitbucket-core_4.36.xml"))
     )

src/main/scala/gitbucket/core/api/ApiBranchProtection.scala

@@ -66,7 +66,7 @@ object ApiBranchProtection {
       }
   }
 
-  implicit val enforcementLevelSerializer = new CustomSerializer[EnforcementLevel](
+  implicit val enforcementLevelSerializer: CustomSerializer[EnforcementLevel] = new CustomSerializer[EnforcementLevel](
     format =>
       (
         {

src/main/scala/gitbucket/core/api/ApiContents.scala

@@ -28,7 +28,7 @@ object ApiContents {
               "file",
               fileInfo.name,
               fileInfo.path,
-              fileInfo.commitId,
+              fileInfo.id.getName,
               Some(Base64.getEncoder.encodeToString(arr)),
               Some("base64")
             )(repositoryName)

src/main/scala/gitbucket/core/api/ApiPlugin.scala

@@ -1,6 +1,6 @@
 package gitbucket.core.api
 
-import gitbucket.core.plugin.{PluginRegistry, PluginInfo}
+import gitbucket.core.plugin.PluginInfo
 
 case class ApiPlugin(
   id: String,

src/main/scala/gitbucket/core/api/ApiWebhook.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.api
 
-import gitbucket.core.model.Profile.{RepositoryWebHookEvents, RepositoryWebHooks}
 import gitbucket.core.model.{RepositoryWebHook, WebHook}
-import gitbucket.core.util.RepositoryName
 
 /**
  * https://docs.github.com/en/rest/reference/repos#webhooks

src/main/scala/gitbucket/core/controller/AccountController.scala

@@ -629,7 +629,9 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   }
 
   get("/groups/new")(usersOnly {
-    html.creategroup(List(GroupMember("", context.loginAccount.get.userName, true)))
+    context.withLoginAccount { loginAccount =>
+      html.creategroup(List(GroupMember("", loginAccount.userName, true)))
+    }
   })
 
   post("/groups/new", newGroupForm)(usersOnly { form =>
@@ -650,22 +652,20 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   })
 
   get("/:groupName/_editgroup")(managersOnly {
-    defining(params("groupName")) { groupName =>
+    val groupName = params("groupName")
-      getAccountByUserName(groupName, true).map { account =>
+    getAccountByUserName(groupName, true).map { account =>
-        html.editgroup(account, getGroupMembers(groupName), flash.get("info"))
+      html.editgroup(account, getGroupMembers(groupName), flash.get("info"))
-      } getOrElse NotFound()
+    } getOrElse NotFound()
-    }
   })
 
   get("/:groupName/_deletegroup")(managersOnly {
-    defining(params("groupName")) {
+    val groupName = params("groupName")
-      groupName =>
+    // Remove from GROUP_MEMBER
-        // Remove from GROUP_MEMBER
+    updateGroupMembers(groupName, Nil)
-        updateGroupMembers(groupName, Nil)
+    // Disable group
-        // Disable group
+    getAccountByUserName(groupName, false).foreach { account =>
-        getAccountByUserName(groupName, false).foreach { account =>
+      updateGroup(groupName, account.description, account.url, true)
-          updateGroup(groupName, account.description, account.url, true)
+    }
-        }
 //      // Remove repositories
 //      getRepositoryNamesOfUser(groupName).foreach { repositoryName =>
 //        deleteRepository(groupName, repositoryName)
@@ -673,28 +673,25 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 //        FileUtils.deleteDirectory(getWikiRepositoryDir(groupName, repositoryName))
 //        FileUtils.deleteDirectory(getTemporaryDir(groupName, repositoryName))
 //      }
-    }
     redirect("/")
   })
 
   post("/:groupName/_editgroup", editGroupForm)(managersOnly { form =>
-    defining(
+    val groupName = params("groupName")
-      params("groupName"),
+    val members = form.members
-      form.members
+      .split(",")
-        .split(",")
+      .map {
-        .map {
+        _.split(":") match {
-          _.split(":") match {
+          case Array(userName, isManager) => (userName, isManager.toBoolean)
-            case Array(userName, isManager) => (userName, isManager.toBoolean)
-          }
         }
-        .toList
+      }
-    ) {
+      .toList
-      case (groupName, members) =>
-        getAccountByUserName(groupName, true).map { account =>
-          updateGroup(groupName, form.description, form.url, false)
 
-          // Update GROUP_MEMBER
+    getAccountByUserName(groupName, true).map { account =>
-          updateGroupMembers(form.groupName, members)
+      updateGroup(groupName, form.description, form.url, false)
+
+      // Update GROUP_MEMBER
+      updateGroupMembers(form.groupName, members)
 //        // Update COLLABORATOR for group repositories
 //        getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
 //          removeCollaborators(form.groupName, repositoryName)
@@ -703,87 +700,104 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 //          }
 //        }
 
-          updateImage(form.groupName, form.fileId, form.clearImage)
+      updateImage(form.groupName, form.fileId, form.clearImage)
 
-          flash.update("info", "Account information has been updated.")
+      flash.update("info", "Account information has been updated.")
-          redirect(s"/${groupName}/_editgroup")
+      redirect(s"/${groupName}/_editgroup")
 
-        } getOrElse NotFound()
+    } getOrElse NotFound()
-    }
   })
 
   /**
    * Show the new repository form.
    */
   get("/new")(usersOnly {
-    html.newrepo(getGroupsByUserName(context.loginAccount.get.userName), context.settings.isCreateRepoOptionPublic)
+    context.withLoginAccount { loginAccount =>
+      html.newrepo(getGroupsByUserName(loginAccount.userName), context.settings.isCreateRepoOptionPublic)
+    }
   })
 
   /**
    * Create new repository.
    */
   post("/new", newRepositoryForm)(usersOnly { form =>
-    if (context.settings.repositoryOperation.create || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount {
-      LockUtil.lock(s"${form.owner}/${form.name}") {
+      loginAccount =>
-        if (getRepository(form.owner, form.name).isEmpty) {
+        if (context.settings.repositoryOperation.create || loginAccount.isAdmin) {
-          createRepository(
+          LockUtil.lock(s"${form.owner}/${form.name}") {
-            context.loginAccount.get,
+            if (getRepository(form.owner, form.name).isDefined) {
-            form.owner,
+              // redirect to the repository if repository already exists
-            form.name,
+              redirect(s"/${form.owner}/${form.name}")
-            form.description,
+            } else if (!canCreateRepository(form.owner, loginAccount)) {
-            form.isPrivate,
+              // Permission error
-            form.initOption,
+              Forbidden()
-            form.sourceUrl
+            } else {
-          )
+              // create repository asynchronously
-        }
+              createRepository(
-      }
+                loginAccount,
-      // redirect to the repository
+                form.owner,
-      redirect(s"/${form.owner}/${form.name}")
+                form.name,
-    } else Forbidden()
+                form.description,
+                form.isPrivate,
+                form.initOption,
+                form.sourceUrl
+              )
+              // redirect to the repository
+              redirect(s"/${form.owner}/${form.name}")
+            }
+          }
+        } else Forbidden()
+    }
   })
 
   get("/:owner/:repository/fork")(readableUsersOnly { repository =>
-    val loginAccount = context.loginAccount.get
+    context.withLoginAccount {
-    if (repository.repository.options.allowFork && (context.settings.repositoryOperation.fork || loginAccount.isAdmin)) {
+      loginAccount =>
-      val loginUserName = loginAccount.userName
+        if (repository.repository.options.allowFork && (context.settings.repositoryOperation.fork || loginAccount.isAdmin)) {
-      val groups = getGroupsByUserName(loginUserName)
+          val loginUserName = loginAccount.userName
-      groups match {
+          val groups = getGroupsByUserName(loginUserName)
-        case _: List[String] =>
+          groups match {
-          val managerPermissions = groups.map { group =>
+            case _: List[String] =>
-            val members = getGroupMembers(group)
+              val managerPermissions = groups.map { group =>
-            context.loginAccount.exists(
+                val members = getGroupMembers(group)
-              x =>
+                context.loginAccount.exists(
-                members.exists { member =>
+                  x =>
-                  member.userName == x.userName && member.isManager
+                    members.exists { member =>
+                      member.userName == x.userName && member.isManager
+                  }
+                )
               }
-            )
+              helper.html.forkrepository(
+                repository,
+                (groups zip managerPermissions).sortBy(_._1)
+              )
+            case _ => redirect(s"/${loginUserName}")
           }
-          helper.html.forkrepository(
+        } else BadRequest()
-            repository,
+    }
-            (groups zip managerPermissions).sortBy(_._1)
-          )
-        case _ => redirect(s"/${loginUserName}")
-      }
-    } else BadRequest()
   })
 
   post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
-    val loginAccount = context.loginAccount.get
+    context.withLoginAccount {
-    if (repository.repository.options.allowFork && (context.settings.repositoryOperation.fork || loginAccount.isAdmin)) {
+      loginAccount =>
-      val loginUserName = loginAccount.userName
+        if (repository.repository.options.allowFork && (context.settings.repositoryOperation.fork || loginAccount.isAdmin)) {
-      val accountName = form.accountName
+          val loginUserName = loginAccount.userName
+          val accountName = form.accountName
 
-      if (getRepository(accountName, repository.name).isDefined ||
+          if (getRepository(accountName, repository.name).isDefined) {
-          (accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))) {
+            // redirect to the repository if repository already exists
-        // redirect to the repository if repository already exists
+            redirect(s"/${accountName}/${repository.name}")
-        redirect(s"/${accountName}/${repository.name}")
+          } else if (!canCreateRepository(accountName, loginAccount)) {
-      } else {
+            // Permission error
-        // fork repository asynchronously
+            Forbidden()
-        forkRepository(accountName, repository, loginUserName)
+          } else {
-        // redirect to the repository
+            // fork repository asynchronously
-        redirect(s"/${accountName}/${repository.name}")
+            forkRepository(accountName, repository, loginUserName)
-      }
+            // redirect to the repository
-    } else Forbidden()
+            redirect(s"/${accountName}/${repository.name}")
+          }
+        } else Forbidden()
+    }
   })
 
   private def existsAccount: Constraint = new Constraint() {

src/main/scala/gitbucket/core/controller/ControllerBase.scala

@@ -28,6 +28,7 @@ import org.eclipse.jgit.revwalk.RevCommit
 import org.eclipse.jgit.treewalk._
 import org.apache.commons.io.IOUtils
 import org.slf4j.LoggerFactory
+import org.json4s.Formats
 
 /**
  * Provides generic features for controller implementations.
@@ -43,7 +44,7 @@ abstract class ControllerBase
 
   private val logger = LoggerFactory.getLogger(getClass)
 
-  implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
+  implicit val jsonFormats: Formats = gitbucket.core.api.JsonFormat.jsonFormats
 
   before("/api/v3/*") {
     contentType = formats("json")
@@ -157,11 +158,8 @@ abstract class ControllerBase
           org.scalatra.Unauthorized(
             redirect(
               "/signin?redirect=" + StringUtil.urlEncode(
-                defining(request.getQueryString) { queryString =>
+                request.getRequestURI
-                  request.getRequestURI.substring(request.getContextPath.length) + (if (queryString != null)
+                  .substring(request.getContextPath.length) + Option(request.getQueryString).map("?" + _).getOrElse("")
-                                                                                      "?" + queryString
-                                                                                    else "")
-                }
               )
             )
           )
@@ -255,7 +253,7 @@ abstract class ControllerBase
     repository: RepositoryService.RepositoryInfo
   ): Unit = {
     JGitUtil.getObjectLoaderFromId(git, objectId) { loader =>
-      contentType = FileUtil.getSafeMimeType(path)
+      contentType = FileUtil.getSafeMimeType(path, repository.repository.options.safeMode)
 
       if (loader.isLarge) {
         response.setContentLength(loader.getSize.toInt)
@@ -302,20 +300,27 @@ case class Context(
   }
   val sidebarCollapse = request.getSession.getAttribute("sidebar-collapse") != null
 
+  def withLoginAccount(f: Account => Any): Any = {
+    loginAccount match {
+      case Some(loginAccount) => f(loginAccount)
+      case None               => Unauthorized()
+    }
+  }
+
   /**
    * Get object from cache.
    *
    * If object has not been cached with the specified key then retrieves by given action.
    * Cached object are available during a request.
    */
-  def cache[A](key: String)(action: => A): A =
+  def cache[A](key: String)(action: => A): A = {
-    defining(Keys.Request.Cache(key)) { cacheKey =>
+    val cacheKey = Keys.Request.Cache(key)
-      Option(request.getAttribute(cacheKey).asInstanceOf[A]).getOrElse {
+    Option(request.getAttribute(cacheKey).asInstanceOf[A]).getOrElse {
-        val newObject = action
+      val newObject = action
-        request.setAttribute(cacheKey, newObject)
+      request.setAttribute(cacheKey, newObject)
-        newObject
+      newObject
-      }
     }
+  }
 
 }
 
@@ -421,7 +426,7 @@ trait AccountManagementControllerBase extends ControllerBase {
     "new"
   )
 
-  protected def reservedNames(): Constraint = new Constraint() {
+  protected def reservedNames: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] =
       if (allReservedNames.contains(value.toLowerCase)) {
         Some(s"${value} is reserved")

src/main/scala/gitbucket/core/controller/DashboardController.scala

@@ -1,6 +1,7 @@
 package gitbucket.core.controller
 
 import gitbucket.core.dashboard.html
+import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.{Keys, UsersAuthenticator}
 import gitbucket.core.util.Implicits._
@@ -34,45 +35,63 @@ trait DashboardControllerBase extends ControllerBase {
     with UsersAuthenticator =>
 
   get("/dashboard/repos")(usersOnly {
-    val repos = getVisibleRepositories(
+    context.withLoginAccount { loginAccount =>
-      context.loginAccount,
+      val repos = getVisibleRepositories(
-      None,
+        context.loginAccount,
-      withoutPhysicalInfo = true,
+        None,
-      limit = context.settings.limitVisibleRepositories
+        withoutPhysicalInfo = true,
-    )
+        limit = context.settings.limitVisibleRepositories
-    html.repos(getGroupNames(context.loginAccount.get.userName), repos, repos)
+      )
+      html.repos(getGroupNames(loginAccount.userName), repos, repos)
+    }
   })
 
   get("/dashboard/issues")(usersOnly {
-    searchIssues("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/issues/assigned")(usersOnly {
-    searchIssues("assigned")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "assigned")
+    }
   })
 
   get("/dashboard/issues/created_by")(usersOnly {
-    searchIssues("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/issues/mentioned")(usersOnly {
-    searchIssues("mentioned")
+    context.withLoginAccount { loginAccount =>
+      searchIssues(loginAccount, "mentioned")
+    }
   })
 
   get("/dashboard/pulls")(usersOnly {
-    searchPullRequests("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/pulls/created_by")(usersOnly {
-    searchPullRequests("created_by")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "created_by")
+    }
   })
 
   get("/dashboard/pulls/assigned")(usersOnly {
-    searchPullRequests("assigned")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "assigned")
+    }
   })
 
   get("/dashboard/pulls/mentioned")(usersOnly {
-    searchPullRequests("mentioned")
+    context.withLoginAccount { loginAccount =>
+      searchPullRequests(loginAccount, "mentioned")
+    }
   })
 
   private def getOrCreateCondition(key: String, filter: String, userName: String) = {
@@ -85,10 +104,10 @@ trait DashboardControllerBase extends ControllerBase {
     }
   }
 
-  private def searchIssues(filter: String) = {
+  private def searchIssues(loginAccount: Account, filter: String) = {
     import IssuesService._
 
-    val userName = context.loginAccount.get.userName
+    val userName = loginAccount.userName
     val condition = getOrCreateCondition(Keys.Session.DashboardIssues, filter, userName)
     val userRepos = getUserRepositories(userName, true).map(repo => repo.owner -> repo.name)
     val page = IssueSearchCondition.page(request)
@@ -115,11 +134,11 @@ trait DashboardControllerBase extends ControllerBase {
     )
   }
 
-  private def searchPullRequests(filter: String) = {
+  private def searchPullRequests(loginAccount: Account, filter: String) = {
     import IssuesService._
     import PullRequestService._
 
-    val userName = context.loginAccount.get.userName
+    val userName = loginAccount.userName
     val condition = getOrCreateCondition(Keys.Session.DashboardPulls, filter, userName)
     val allRepos = getAllRepositories(userName)
     val page = IssueSearchCondition.page(request)

src/main/scala/gitbucket/core/controller/FileUploadController.scala

@@ -6,7 +6,6 @@ import gitbucket.core.model.Account
 import gitbucket.core.service.{AccountService, ReleaseService, RepositoryService}
 import gitbucket.core.servlet.Database
 import gitbucket.core.util._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
 import org.eclipse.jgit.api.Git
@@ -18,6 +17,7 @@ import org.apache.commons.io.{FileUtils, IOUtils}
 
 import scala.util.Using
 import gitbucket.core.service.SystemSettingsService
+import slick.jdbc.JdbcBackend.Session
 
 /**
  * Provides Ajax based file upload functionality.
@@ -37,10 +37,10 @@ class FileUploadController
     execute(
       { (file, fileId) =>
         FileUtils
-          .writeByteArrayToFile(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)), file.get)
+          .writeByteArrayToFile(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)), file.get())
         session += Keys.Session.Upload(fileId) -> file.name
       },
-      FileUtil.isImage
+      FileUtil.isImage(_)
     )
   }
 
@@ -49,7 +49,7 @@ class FileUploadController
     execute(
       { (file, fileId) =>
         FileUtils
-          .writeByteArrayToFile(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)), file.get)
+          .writeByteArrayToFile(new File(getTemporaryDir(session.getId), FileUtil.checkFilename(fileId)), file.get())
         session += Keys.Session.Upload(fileId) -> file.name
       },
       _ => true
@@ -65,7 +65,7 @@ class FileUploadController
             getAttachedDir(params("owner"), params("repository")),
             FileUtil.checkFilename(fileId + "." + FileUtil.getExtension(file.getName))
           ),
-          file.get
+          file.get()
         )
       },
       _ => true
@@ -131,7 +131,7 @@ class FileUploadController
     } getOrElse BadRequest()
   }
 
-  post("/release/:owner/:repository/:tag") {
+  post("/release/:owner/:repository/*") {
     setMultipartConfigForLargeFile()
     session
       .get(Keys.Session.LoginAccount)
@@ -139,12 +139,12 @@ class FileUploadController
         case _: Account =>
           val owner = params("owner")
           val repository = params("repository")
-          val tag = params("tag")
+          val tag = multiParams("splat").head
           execute(
             { (file, fileId) =>
               FileUtils.writeByteArrayToFile(
                 new File(getReleaseFilesDir(owner, repository), FileUtil.checkFilename(tag + "/" + fileId)),
-                file.get
+                file.get()
               )
             },
             _ => true
@@ -178,7 +178,7 @@ class FileUploadController
   }
 
   private def onlyWikiEditable(owner: String, repository: String, loginAccount: Account)(action: => Any): Any = {
-    implicit val session = Database.getSession(request)
+    implicit val session: Session = Database.getSession(request)
     getRepository(owner, repository) match {
       case Some(x) =>
         x.repository.options.wikiOption match {
@@ -191,14 +191,13 @@ class FileUploadController
     }
   }
 
-  private def execute(f: (FileItem, String) => Unit, mimeTypeChcker: (String) => Boolean) =
+  private def execute(f: (FileItem, String) => Unit, mimeTypeChecker: (String) => Boolean) =
     fileParams.get("file") match {
-      case Some(file) if (mimeTypeChcker(file.name)) =>
+      case Some(file) if mimeTypeChecker(file.name) =>
-        defining(FileUtil.generateFileId) { fileId =>
+        val fileId = FileUtil.generateFileId
-          f(file, fileId)
+        f(file, fileId)
-          contentType = "text/plain"
+        contentType = "text/plain"
-          Ok(fileId)
+        Ok(fileId)
-        }
       case _ => BadRequest()
     }
 

src/main/scala/gitbucket/core/controller/IndexController.scala

@@ -8,7 +8,6 @@ import gitbucket.core.helper.xml
 import gitbucket.core.model.Account
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util._
 import gitbucket.core.view.helpers._
 import org.scalatra.Ok
@@ -237,50 +236,49 @@ trait IndexControllerBase extends ControllerBase {
 
   // TODO Move to RepositoryViewrController?
   get("/:owner/:repository/search")(referrersOnly { repository =>
-    defining(params.getOrElse("q", "").trim, params.getOrElse("type", "code")) {
+    val query = params.getOrElse("q", "").trim
-      case (query, target) =>
+    val target = params.getOrElse("type", "code")
-        val page = try {
+    val page = try {
-          val i = params.getOrElse("page", "1").toInt
+      val i = params.getOrElse("page", "1").toInt
-          if (i <= 0) 1 else i
+      if (i <= 0) 1 else i
-        } catch {
+    } catch {
-          case e: NumberFormatException => 1
+      case _: NumberFormatException => 1
-        }
+    }
 
-        target.toLowerCase match {
+    target.toLowerCase match {
-          case "issues" =>
+      case "issues" =>
-            gitbucket.core.search.html.issues(
+        gitbucket.core.search.html.issues(
-              if (query.nonEmpty) searchIssues(repository.owner, repository.name, query, false) else Nil,
+          if (query.nonEmpty) searchIssues(repository.owner, repository.name, query, false) else Nil,
-              false,
+          false,
-              query,
+          query,
-              page,
+          page,
-              repository
+          repository
-            )
+        )
 
-          case "pulls" =>
+      case "pulls" =>
-            gitbucket.core.search.html.issues(
+        gitbucket.core.search.html.issues(
-              if (query.nonEmpty) searchIssues(repository.owner, repository.name, query, true) else Nil,
+          if (query.nonEmpty) searchIssues(repository.owner, repository.name, query, true) else Nil,
-              true,
+          true,
-              query,
+          query,
-              page,
+          page,
-              repository
+          repository
-            )
+        )
 
-          case "wiki" =>
+      case "wiki" =>
-            gitbucket.core.search.html.wiki(
+        gitbucket.core.search.html.wiki(
-              if (query.nonEmpty) searchWikiPages(repository.owner, repository.name, query) else Nil,
+          if (query.nonEmpty) searchWikiPages(repository.owner, repository.name, query) else Nil,
-              query,
+          query,
-              page,
+          page,
-              repository
+          repository
-            )
+        )
 
-          case _ =>
+      case _ =>
-            gitbucket.core.search.html.code(
+        gitbucket.core.search.html.code(
-              if (query.nonEmpty) searchFiles(repository.owner, repository.name, query) else Nil,
+          if (query.nonEmpty) searchFiles(repository.owner, repository.name, query) else Nil,
-              query,
+          query,
-              page,
+          page,
-              repository
+          repository
-            )
+        )
-        }
     }
   })
 

src/main/scala/gitbucket/core/controller/IssuesController.scala

@@ -1,9 +1,9 @@
 package gitbucket.core.controller
 
 import gitbucket.core.issues.html
+import gitbucket.core.model.Account
 import gitbucket.core.service.IssuesService._
 import gitbucket.core.service._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import gitbucket.core.view
@@ -95,212 +95,224 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/issues/:id")(referrersOnly { repository =>
-    defining(repository.owner, repository.name, params("id")) {
+    val issueId = params("id")
-      case (owner, name, issueId) =>
+    getIssue(repository.owner, repository.name, issueId) map {
-        getIssue(owner, name, issueId) map {
+      issue =>
-          issue =>
+        if (issue.isPullRequest) {
-            if (issue.isPullRequest) {
+          redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
-              redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+        } else {
-            } else {
+          html.issue(
-              html.issue(
+            issue,
-                issue,
+            getComments(repository.owner, repository.name, issueId.toInt),
-                getComments(owner, name, issueId.toInt),
+            getIssueLabels(repository.owner, repository.name, issueId.toInt),
-                getIssueLabels(owner, name, issueId.toInt),
+            getAssignableUserNames(repository.owner, repository.name),
-                getAssignableUserNames(owner, name),
+            getMilestonesWithIssueCount(repository.owner, repository.name),
-                getMilestonesWithIssueCount(owner, name),
+            getPriorities(repository.owner, repository.name),
-                getPriorities(owner, name),
+            getLabels(repository.owner, repository.name),
-                getLabels(owner, name),
+            isIssueEditable(repository),
-                isIssueEditable(repository),
+            isIssueManageable(repository),
-                isIssueManageable(repository),
+            isIssueCommentManageable(repository),
-                isIssueCommentManageable(repository),
+            repository
-                repository
+          )
-              )
+        }
-            }
+    } getOrElse NotFound()
-        } getOrElse NotFound()
-    }
   })
 
   get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
     if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
-      defining(repository.owner, repository.name) {
+      html.create(
-        case (owner, name) =>
+        getAssignableUserNames(repository.owner, repository.name),
-          html.create(
+        getMilestones(repository.owner, repository.name),
-            getAssignableUserNames(owner, name),
+        getPriorities(repository.owner, repository.name),
-            getMilestones(owner, name),
+        getDefaultPriority(repository.owner, repository.name),
-            getPriorities(owner, name),
+        getLabels(repository.owner, repository.name),
-            getDefaultPriority(owner, name),
+        isIssueManageable(repository),
-            getLabels(owner, name),
+        getContentTemplate(repository, "ISSUE_TEMPLATE"),
-            isIssueManageable(repository),
+        repository
-            getContentTemplate(repository, "ISSUE_TEMPLATE"),
+      )
-            repository
-          )
-      }
     } else Unauthorized()
   })
 
   post("/:owner/:repository/issues/new", issueCreateForm)(readableUsersOnly { (form, repository) =>
-    if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
+    context.withLoginAccount {
-      val issue = createIssue(
+      loginAccount =>
-        repository,
+        if (isIssueEditable(repository)) { // TODO Should this check is provided by authenticator?
-        form.title,
+          val issue = createIssue(
-        form.content,
+            repository,
-        form.assignedUserName,
+            form.title,
-        form.milestoneId,
+            form.content,
-        form.priorityId,
+            form.assignedUserName,
-        form.labelNames.toSeq.flatMap(_.split(",")),
+            form.milestoneId,
-        context.loginAccount.get
+            form.priorityId,
-      )
+            form.labelNames.toSeq.flatMap(_.split(",")),
-
+            loginAccount
-      redirect(s"/${issue.userName}/${issue.repositoryName}/issues/${issue.issueId}")
+          )
-    } else Unauthorized()
+          redirect(s"/${issue.userName}/${issue.repositoryName}/issues/${issue.issueId}")
+        } else Unauthorized()
+    }
   })
 
   ajaxPost("/:owner/:repository/issues/edit_title/:id", issueTitleEditForm)(readableUsersOnly { (title, repository) =>
-    defining(repository.owner, repository.name) {
+    context.withLoginAccount {
-      case (owner, name) =>
+      loginAccount =>
-        getIssue(owner, name, params("id")).map {
+        getIssue(repository.owner, repository.name, params("id")).map {
           issue =>
-            if (isEditableContent(owner, name, issue.openedUserName)) {
+            if (isEditableContent(repository.owner, repository.name, issue.openedUserName, loginAccount)) {
               if (issue.title != title) {
                 // update issue
-                updateIssue(owner, name, issue.issueId, title, issue.content)
+                updateIssue(repository.owner, repository.name, issue.issueId, title, issue.content)
                 // extract references and create refer comment
-                createReferComment(owner, name, issue.copy(title = title), title, context.loginAccount.get)
+                createReferComment(repository.owner, repository.name, issue.copy(title = title), title, loginAccount)
                 createComment(
-                  owner,
+                  repository.owner,
-                  name,
+                  repository.name,
-                  context.loginAccount.get.userName,
+                  loginAccount.userName,
                   issue.issueId,
                   issue.title + "\r\n" + title,
                   "change_title"
                 )
               }
-              redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
+              redirect(s"/${repository.owner}/${repository.name}/issues/_data/${issue.issueId}")
             } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issues/edit/:id", issueEditForm)(readableUsersOnly { (content, repository) =>
-    defining(repository.owner, repository.name) {
+    context.withLoginAccount {
-      case (owner, name) =>
+      loginAccount =>
-        getIssue(owner, name, params("id")).map { issue =>
+        getIssue(repository.owner, repository.name, params("id")).map { issue =>
-          if (isEditableContent(owner, name, issue.openedUserName)) {
+          if (isEditableContent(repository.owner, repository.name, issue.openedUserName, loginAccount)) {
             // update issue
-            updateIssue(owner, name, issue.issueId, issue.title, content)
+            updateIssue(repository.owner, repository.name, issue.issueId, issue.title, content)
             // extract references and create refer comment
-            createReferComment(owner, name, issue, content.getOrElse(""), context.loginAccount.get)
+            createReferComment(repository.owner, repository.name, issue, content.getOrElse(""), loginAccount)
 
-            redirect(s"/${owner}/${name}/issues/_data/${issue.issueId}")
+            redirect(s"/${repository.owner}/${repository.name}/issues/_data/${issue.issueId}")
           } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   post("/:owner/:repository/issue_comments/new", commentForm)(readableUsersOnly { (form, repository) =>
-    getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
+    context.withLoginAccount {
-      val actionOpt =
+      loginAccount =>
-        params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
+        getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      handleComment(issue, Some(form.content), repository, actionOpt) map {
+          val actionOpt =
-        case (issue, id) =>
+            params
-          redirect(
+              .get("action")
-            s"/${repository.owner}/${repository.name}/${if (issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}"
+              .filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName, loginAccount))
-          )
+          handleComment(issue, Some(form.content), repository, actionOpt) map {
-      }
+            case (issue, id) =>
-    } getOrElse NotFound()
+              redirect(
+                s"/${repository.owner}/${repository.name}/${if (issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}"
+              )
+          }
+        } getOrElse NotFound()
+    }
   })
 
   post("/:owner/:repository/issue_comments/state", issueStateForm)(readableUsersOnly { (form, repository) =>
-    getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
+    context.withLoginAccount {
-      val actionOpt =
+      loginAccount =>
-        params.get("action").filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName))
+        getIssue(repository.owner, repository.name, form.issueId.toString).flatMap { issue =>
-      handleComment(issue, form.content, repository, actionOpt) map {
+          val actionOpt =
-        case (issue, id) =>
+            params
-          redirect(
+              .get("action")
-            s"/${repository.owner}/${repository.name}/${if (issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}"
+              .filter(_ => isEditableContent(issue.userName, issue.repositoryName, issue.openedUserName, loginAccount))
-          )
+          handleComment(issue, form.content, repository, actionOpt) map {
-      }
+            case (issue, id) =>
-    } getOrElse NotFound()
+              redirect(
+                s"/${repository.owner}/${repository.name}/${if (issue.isPullRequest) "pull" else "issues"}/${form.issueId}#comment-${id}"
+              )
+          }
+        } getOrElse NotFound()
+    }
   })
 
   ajaxPost("/:owner/:repository/issue_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name) {
+    context.withLoginAccount {
-      case (owner, name) =>
+      loginAccount =>
-        getComment(owner, name, params("id")).map { comment =>
+        getComment(repository.owner, repository.name, params("id")).map { comment =>
-          if (isEditableContent(owner, name, comment.commentedUserName)) {
+          if (isEditableContent(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
             updateComment(comment.issueId, comment.commentId, form.content)
-            redirect(s"/${owner}/${name}/issue_comments/_data/${comment.commentId}")
+            redirect(s"/${repository.owner}/${repository.name}/issue_comments/_data/${comment.commentId}")
           } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/issue_comments/delete/:id")(readableUsersOnly { repository =>
-    defining(repository.owner, repository.name) {
+    context.withLoginAccount { loginAccount =>
-      case (owner, name) =>
+      getComment(repository.owner, repository.name, params("id")).map { comment =>
-        getComment(owner, name, params("id")).map { comment =>
+        if (isDeletableComment(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
-          if (isDeletableComment(owner, name, comment.commentedUserName)) {
+          Ok(deleteComment(repository.owner, repository.name, comment.issueId, comment.commentId))
-            Ok(deleteComment(repository.owner, repository.name, comment.issueId, comment.commentId))
+        } else Unauthorized()
-          } else Unauthorized()
+      } getOrElse NotFound()
-        } getOrElse NotFound()
     }
   })
 
   ajaxGet("/:owner/:repository/issues/_data/:id")(readableUsersOnly { repository =>
-    getIssue(repository.owner, repository.name, params("id")) map {
+    context.withLoginAccount {
-      x =>
+      loginAccount =>
-        if (isEditableContent(x.userName, x.repositoryName, x.openedUserName)) {
+        getIssue(repository.owner, repository.name, params("id")) map {
-          params.get("dataType") collect {
+          x =>
-            case t if t == "html" => html.editissue(x.content, x.issueId, repository)
+            if (isEditableContent(x.userName, x.repositoryName, x.openedUserName, loginAccount)) {
-          } getOrElse {
+              params.get("dataType") collect {
-            contentType = formats("json")
+                case t if t == "html" => html.editissue(x.content, x.issueId, repository)
-            org.json4s.jackson.Serialization.write(
+              } getOrElse {
-              Map(
+                contentType = formats("json")
-                "title" -> x.title,
+                org.json4s.jackson.Serialization.write(
-                "content" -> Markdown.toHtml(
+                  Map(
-                  markdown = x.content getOrElse "No description given.",
+                    "title" -> x.title,
-                  repository = repository,
+                    "content" -> Markdown.toHtml(
-                  branch = repository.repository.defaultBranch,
+                      markdown = x.content getOrElse "No description given.",
-                  enableWikiLink = false,
+                      repository = repository,
-                  enableRefsLink = true,
+                      branch = repository.repository.defaultBranch,
-                  enableAnchor = true,
+                      enableWikiLink = false,
-                  enableLineBreaks = true,
+                      enableRefsLink = true,
-                  enableTaskList = true,
+                      enableAnchor = true,
-                  hasWritePermission = true
+                      enableLineBreaks = true,
+                      enableTaskList = true,
+                      hasWritePermission = true
+                    )
+                  )
                 )
-              )
+              }
-            )
+            } else Unauthorized()
-          }
+        } getOrElse NotFound()
-        } else Unauthorized()
+    }
-    } getOrElse NotFound()
   })
 
   ajaxGet("/:owner/:repository/issue_comments/_data/:id")(readableUsersOnly { repository =>
-    getComment(repository.owner, repository.name, params("id")) map {
+    context.withLoginAccount {
-      x =>
+      loginAccount =>
-        if (isEditableContent(x.userName, x.repositoryName, x.commentedUserName)) {
+        getComment(repository.owner, repository.name, params("id")) map {
-          params.get("dataType") collect {
+          x =>
-            case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
+            if (isEditableContent(x.userName, x.repositoryName, x.commentedUserName, loginAccount)) {
-          } getOrElse {
+              params.get("dataType") collect {
-            contentType = formats("json")
+                case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
-            org.json4s.jackson.Serialization.write(
+              } getOrElse {
-              Map(
+                contentType = formats("json")
-                "content" -> view.Markdown.toHtml(
+                org.json4s.jackson.Serialization.write(
-                  markdown = x.content,
+                  Map(
-                  repository = repository,
+                    "content" -> view.Markdown.toHtml(
-                  branch = repository.repository.defaultBranch,
+                      markdown = x.content,
-                  enableWikiLink = false,
+                      repository = repository,
-                  enableRefsLink = true,
+                      branch = repository.repository.defaultBranch,
-                  enableAnchor = true,
+                      enableWikiLink = false,
-                  enableLineBreaks = true,
+                      enableRefsLink = true,
-                  enableTaskList = true,
+                      enableAnchor = true,
-                  hasWritePermission = true
+                      enableLineBreaks = true,
+                      enableTaskList = true,
+                      hasWritePermission = true
+                    )
+                  )
                 )
-              )
+              }
-            )
+            } else Unauthorized()
-          }
+        } getOrElse NotFound()
-        } else Unauthorized()
+    }
-    } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/issues/new/label")(writableUsersOnly { repository =>
@@ -310,17 +322,15 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   ajaxPost("/:owner/:repository/issues/:id/label/new")(writableUsersOnly { repository =>
-    defining(params("id").toInt) { issueId =>
+    val issueId = params("id").toInt
-      registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
+    registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
-      html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
+    html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
-    }
   })
 
   ajaxPost("/:owner/:repository/issues/:id/label/delete")(writableUsersOnly { repository =>
-    defining(params("id").toInt) { issueId =>
+    val issueId = params("id").toInt
-      deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
+    deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt, true)
-      html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
+    html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
-    }
   })
 
   ajaxPost("/:owner/:repository/issues/:id/assign")(writableUsersOnly { repository =>
@@ -353,26 +363,27 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/state")(writableUsersOnly { repository =>
-    defining(params.get("value")) {
+    val action = params.get("value")
-      action =>
+    action match {
-        action match {
+      case Some("open") =>
-          case Some("open") =>
+        executeBatch(repository) { issueId =>
-            executeBatch(repository) { issueId =>
+          getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
-              getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
+            handleComment(issue, None, repository, Some("reopen"))
-                handleComment(issue, None, repository, Some("reopen"))
+          }
-              }
-            }
-          case Some("close") =>
-            executeBatch(repository) { issueId =>
-              getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
-                handleComment(issue, None, repository, Some("close"))
-              }
-            }
-          case _ => BadRequest()
         }
         if (params("uri").nonEmpty) {
           redirect(params("uri"))
         }
+      case Some("close") =>
+        executeBatch(repository) { issueId =>
+          getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
+            handleComment(issue, None, repository, Some("close"))
+          }
+        }
+        if (params("uri").nonEmpty) {
+          redirect(params("uri"))
+        }
+      case _ => BadRequest()
     }
   })
 
@@ -390,29 +401,26 @@ trait IssuesControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/issues/batchedit/assign")(writableUsersOnly { repository =>
-    defining(assignedUserName("value")) { value =>
+    val value = assignedUserName("value")
-      executeBatch(repository) {
+    executeBatch(repository) {
-        updateAssignedUserName(repository.owner, repository.name, _, value, true)
+      updateAssignedUserName(repository.owner, repository.name, _, value, true)
-      }
+    }
-      if (params("uri").nonEmpty) {
+    if (params("uri").nonEmpty) {
-        redirect(params("uri"))
+      redirect(params("uri"))
-      }
     }
   })
 
   post("/:owner/:repository/issues/batchedit/milestone")(writableUsersOnly { repository =>
-    defining(milestoneId("value")) { value =>
+    val value = milestoneId("value")
-      executeBatch(repository) {
+    executeBatch(repository) {
-        updateMilestoneId(repository.owner, repository.name, _, value, true)
+      updateMilestoneId(repository.owner, repository.name, _, value, true)
-      }
     }
   })
 
   post("/:owner/:repository/issues/batchedit/priority")(writableUsersOnly { repository =>
-    defining(priorityId("value")) { value =>
+    val value = priorityId("value")
-      executeBatch(repository) {
+    executeBatch(repository) {
-        updatePriorityId(repository.owner, repository.name, _, value, true)
+      updatePriorityId(repository.owner, repository.name, _, value, true)
-      }
     }
   })
 
@@ -464,48 +472,51 @@ trait IssuesControllerBase extends ControllerBase {
   }
 
   private def searchIssues(repository: RepositoryService.RepositoryInfo) = {
-    defining(repository.owner, repository.name) {
+    val page = IssueSearchCondition.page(request)
-      case (owner, repoName) =>
+    // retrieve search condition
-        val page = IssueSearchCondition.page(request)
+    val condition = IssueSearchCondition(request)
-        // retrieve search condition
+    // search issues
-        val condition = IssueSearchCondition(request)
+    val issues =
-        // search issues
+      searchIssue(
-        val issues =
+        condition,
-          searchIssue(condition, IssueSearchOption.Issues, (page - 1) * IssueLimit, IssueLimit, owner -> repoName)
+        IssueSearchOption.Issues,
+        (page - 1) * IssueLimit,
+        IssueLimit,
+        repository.owner -> repository.name
+      )
 
-        html.list(
+    html.list(
-          "issues",
+      "issues",
-          issues.map(issue => (issue, None)),
+      issues.map(issue => (issue, None)),
-          page,
+      page,
-          getAssignableUserNames(owner, repoName),
+      getAssignableUserNames(repository.owner, repository.name),
-          getMilestones(owner, repoName),
+      getMilestones(repository.owner, repository.name),
-          getPriorities(owner, repoName),
+      getPriorities(repository.owner, repository.name),
-          getLabels(owner, repoName),
+      getLabels(repository.owner, repository.name),
-          countIssue(condition.copy(state = "open"), IssueSearchOption.Issues, owner -> repoName),
+      countIssue(condition.copy(state = "open"), IssueSearchOption.Issues, repository.owner -> repository.name),
-          countIssue(condition.copy(state = "closed"), IssueSearchOption.Issues, owner -> repoName),
+      countIssue(condition.copy(state = "closed"), IssueSearchOption.Issues, repository.owner -> repository.name),
-          condition,
+      condition,
-          repository,
+      repository,
-          isIssueEditable(repository),
+      isIssueEditable(repository),
-          isIssueManageable(repository)
+      isIssueManageable(repository)
-        )
+    )
-    }
   }
 
   /**
    * Tests whether an issue or a comment is editable by a logged-in user.
    */
-  private def isEditableContent(owner: String, repository: String, author: String)(
+  private def isEditableContent(owner: String, repository: String, author: String, loginAccount: Account)(
     implicit context: Context
   ): Boolean = {
-    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, context.loginAccount) || author == loginAccount.userName
   }
 
   /**
    * Tests whether an issue comment is deletable by a logged-in user.
    */
-  private def isDeletableComment(owner: String, repository: String, author: String)(
+  private def isDeletableComment(owner: String, repository: String, author: String, loginAccount: Account)(
     implicit context: Context
   ): Boolean = {
-    hasOwnerRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasOwnerRole(owner, repository, context.loginAccount) || author == loginAccount.userName
   }
 }

src/main/scala/gitbucket/core/controller/PullRequestsController.scala

@@ -8,7 +8,6 @@ import gitbucket.core.service.IssuesService._
 import gitbucket.core.service.PullRequestService._
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.service._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Directory._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
@@ -58,7 +57,7 @@ trait PullRequestsControllerBase extends ControllerBase {
     with PrioritiesService =>
 
   val pullRequestForm = mapping(
-    "title" -> trim(label("Title", text(required, maxlength(100)))),
+    "title" -> trim(label("Title", text(required))),
     "content" -> trim(label("Content", optional(text()))),
     "targetUserName" -> trim(text(required, maxlength(100))),
     "targetBranch" -> trim(text(required, maxlength(100))),
@@ -111,24 +110,29 @@ trait PullRequestsControllerBase extends ControllerBase {
   get("/:owner/:repository/pull/:id")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
+        getPullRequest(repository.owner, repository.name, issueId) map {
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
           case (issue, pullreq) =>
             val (commits, diffs) =
-              getRequestCompareInfo(owner, name, pullreq.commitIdFrom, owner, name, pullreq.commitIdTo)
+              getRequestCompareInfo(
+                repository.owner,
+                repository.name,
+                pullreq.commitIdFrom,
+                repository.owner,
+                repository.name,
+                pullreq.commitIdTo
+              )
 
             html.conversation(
               issue,
               pullreq,
               commits.flatten,
-              getPullRequestComments(owner, name, issue.issueId, commits.flatten),
+              getPullRequestComments(repository.owner, repository.name, issue.issueId, commits.flatten),
               diffs.size,
-              getIssueLabels(owner, name, issueId),
+              getIssueLabels(repository.owner, repository.name, issueId),
-              getAssignableUserNames(owner, name),
+              getAssignableUserNames(repository.owner, repository.name),
-              getMilestonesWithIssueCount(owner, name),
+              getMilestonesWithIssueCount(repository.owner, repository.name),
-              getPriorities(owner, name),
+              getPriorities(repository.owner, repository.name),
-              getLabels(owner, name),
+              getLabels(repository.owner, repository.name),
               isEditable(repository),
               isManageable(repository),
               hasDeveloperRole(pullreq.requestUserName, pullreq.requestRepositoryName, context.loginAccount),
@@ -162,18 +166,29 @@ trait PullRequestsControllerBase extends ControllerBase {
   get("/:owner/:repository/pull/:id/commits")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
+        getPullRequest(repository.owner, repository.name, issueId) map {
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
           case (issue, pullreq) =>
             val (commits, diffs) =
-              getRequestCompareInfo(owner, name, pullreq.commitIdFrom, owner, name, pullreq.commitIdTo)
+              getRequestCompareInfo(
+                repository.owner,
+                repository.name,
+                pullreq.commitIdFrom,
+                repository.owner,
+                repository.name,
+                pullreq.commitIdTo
+              )
+
+            val commitsWithStatus = commits.map { day =>
+              day.map { commit =>
+                (commit, getCommitStatusWithSummary(repository.owner, repository.name, commit.id))
+              }
+            }
 
             html.commits(
               issue,
               pullreq,
-              commits,
+              commitsWithStatus,
-              getPullRequestComments(owner, name, issue.issueId, commits.flatten),
+              getPullRequestComments(repository.owner, repository.name, issue.issueId, commits.flatten),
               diffs.size,
               isManageable(repository),
               repository
@@ -185,19 +200,24 @@ trait PullRequestsControllerBase extends ControllerBase {
   get("/:owner/:repository/pull/:id/files")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
+        getPullRequest(repository.owner, repository.name, issueId) map {
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
           case (issue, pullreq) =>
             val (commits, diffs) =
-              getRequestCompareInfo(owner, name, pullreq.commitIdFrom, owner, name, pullreq.commitIdTo)
+              getRequestCompareInfo(
+                repository.owner,
+                repository.name,
+                pullreq.commitIdFrom,
+                repository.owner,
+                repository.name,
+                pullreq.commitIdTo
+              )
 
             html.files(
               issue,
               pullreq,
               diffs,
               commits.flatten,
-              getPullRequestComments(owner, name, issue.issueId, commits.flatten),
+              getPullRequestComments(repository.owner, repository.name, issue.issueId, commits.flatten),
               isManageable(repository),
               repository
             )
@@ -208,20 +228,20 @@ trait PullRequestsControllerBase extends ControllerBase {
   ajaxGet("/:owner/:repository/pull/:id/mergeguide")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap {
       issueId =>
-        val owner = repository.owner
+        getPullRequest(repository.owner, repository.name, issueId) map {
-        val name = repository.name
-        getPullRequest(owner, name, issueId) map {
           case (issue, pullreq) =>
-            val conflictMessage = LockUtil.lock(s"${owner}/${name}") {
+            val conflictMessage = LockUtil.lock(s"${repository.owner}/${repository.name}") {
-              checkConflict(owner, name, pullreq.branch, issueId)
+              checkConflict(repository.owner, repository.name, pullreq.branch, issueId)
             }
-            val hasMergePermission = hasDeveloperRole(owner, name, context.loginAccount)
+            val hasMergePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount)
-            val branchProtection = getProtectedBranchInfo(owner, name, pullreq.branch)
+            val branchProtection = getProtectedBranchInfo(repository.owner, repository.name, pullreq.branch)
             val mergeStatus = PullRequestService.MergeStatus(
               conflictMessage = conflictMessage,
-              commitStatuses = getCommitStatuses(owner, name, pullreq.commitIdTo),
+              commitStatuses = getCommitStatuses(repository.owner, repository.name, pullreq.commitIdTo),
               branchProtection = branchProtection,
-              branchIsOutOfDate = JGitUtil.getShaByRef(owner, name, pullreq.branch) != Some(pullreq.commitIdFrom),
+              branchIsOutOfDate = JGitUtil.getShaByRef(repository.owner, repository.name, pullreq.branch) != Some(
+                pullreq.commitIdFrom
+              ),
               needStatusCheck = context.loginAccount
                 .map { u =>
                   branchProtection.needStatusCheck(u.userName)
@@ -357,23 +377,22 @@ trait PullRequestsControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/pull/:id/merge", mergeForm)(writableUsersOnly { (form, repository) =>
-    params("id").toIntOpt.flatMap { issueId =>
+    context.withLoginAccount { loginAccount =>
-      val owner = repository.owner
+      params("id").toIntOpt.flatMap { issueId =>
-      val name = repository.name
+        mergePullRequest(
-
+          repository,
-      mergePullRequest(
+          issueId,
-        repository,
+          loginAccount,
-        issueId,
+          form.message,
-        context.loginAccount.get,
+          form.strategy,
-        form.message,
+          form.isDraft,
-        form.strategy,
+          context.settings
-        form.isDraft,
+        ) match {
-        context.settings
+          case Right(objectId) => redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
-      ) match {
+          case Left(message)   => Some(BadRequest(message))
-        case Right(objectId) => redirect(s"/${owner}/${name}/pull/${issueId}")
+        }
-        case Left(message)   => Some(BadRequest(message))
+      } getOrElse NotFound()
-      }
+    }
-    } getOrElse NotFound()
   })
 
   get("/:owner/:repository/compare")(referrersOnly { forkedRepository =>
@@ -543,15 +562,14 @@ trait PullRequestsControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/pulls/new", pullRequestForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name) {
+    context.withLoginAccount {
-      case (owner, name) =>
+      loginAccount =>
         val manageable = isManageable(repository)
-        val loginUserName = context.loginAccount.get.userName
 
         val issueId = insertIssue(
           owner = repository.owner,
           repository = repository.name,
-          loginUser = loginUserName,
+          loginUser = loginAccount.userName,
           title = form.title,
           content = form.content,
           assignedUserName = if (manageable) form.assignedUserName else None,
@@ -570,14 +588,14 @@ trait PullRequestsControllerBase extends ControllerBase {
           commitIdFrom = form.commitIdFrom,
           commitIdTo = form.commitIdTo,
           isDraft = form.isDraft,
-          loginAccount = context.loginAccount.get,
+          loginAccount = loginAccount,
           settings = context.settings
         )
 
         // insert labels
         if (manageable) {
           form.labelNames.foreach { value =>
-            val labels = getLabels(owner, name)
+            val labels = getLabels(repository.owner, repository.name)
             value.split(",").foreach { labelName =>
               labels.find(_.labelName == labelName).map { label =>
                 registerIssueLabel(repository.owner, repository.name, issueId, label.labelId)
@@ -586,7 +604,7 @@ trait PullRequestsControllerBase extends ControllerBase {
           }
         }
 
-        redirect(s"/${owner}/${name}/pull/${issueId}")
+        redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
     }
   })
 
@@ -633,44 +651,42 @@ trait PullRequestsControllerBase extends ControllerBase {
     html.proposals(proposedBranches, targetRepository, repository)
   })
 
-  private def searchPullRequests(userName: Option[String], repository: RepositoryService.RepositoryInfo) =
+  private def searchPullRequests(userName: Option[String], repository: RepositoryService.RepositoryInfo) = {
-    defining(repository.owner, repository.name) {
+    val page = IssueSearchCondition.page(request)
-      case (owner, repoName) =>
+    // retrieve search condition
-        val page = IssueSearchCondition.page(request)
+    val condition = IssueSearchCondition(request)
-        // retrieve search condition
+    // search issues
-        val condition = IssueSearchCondition(request)
+    val issues = searchIssue(
-        // search issues
+      condition,
-        val issues = searchIssue(
+      IssueSearchOption.PullRequests,
-          condition,
+      (page - 1) * PullRequestLimit,
-          IssueSearchOption.PullRequests,
+      PullRequestLimit,
-          (page - 1) * PullRequestLimit,
+      repository.owner -> repository.name
-          PullRequestLimit,
+    )
-          owner -> repoName
+    // commit status
-        )
+    val status = issues.map { issue =>
-        // commit status
+      issue.commitId.flatMap { commitId =>
-        val status = issues.map { issue =>
+        getCommitStatusWithSummary(repository.owner, repository.name, commitId)
-          issue.commitId.flatMap { commitId =>
+      }
-            getCommitStatusWithSummary(owner, repoName, commitId)
-          }
-        }
-
-        gitbucket.core.issues.html.list(
-          "pulls",
-          issues.zip(status),
-          page,
-          getAssignableUserNames(owner, repoName),
-          getMilestones(owner, repoName),
-          getPriorities(owner, repoName),
-          getLabels(owner, repoName),
-          countIssue(condition.copy(state = "open"), IssueSearchOption.PullRequests, owner -> repoName),
-          countIssue(condition.copy(state = "closed"), IssueSearchOption.PullRequests, owner -> repoName),
-          condition,
-          repository,
-          isEditable(repository),
-          isManageable(repository)
-        )
     }
 
+    gitbucket.core.issues.html.list(
+      "pulls",
+      issues.zip(status),
+      page,
+      getAssignableUserNames(repository.owner, repository.name),
+      getMilestones(repository.owner, repository.name),
+      getPriorities(repository.owner, repository.name),
+      getLabels(repository.owner, repository.name),
+      countIssue(condition.copy(state = "open"), IssueSearchOption.PullRequests, repository.owner -> repository.name),
+      countIssue(condition.copy(state = "closed"), IssueSearchOption.PullRequests, repository.owner -> repository.name),
+      condition,
+      repository,
+      isEditable(repository),
+      isManageable(repository)
+    )
+  }
+
   /**
    * Tests whether an logged-in user can manage pull requests.
    */

src/main/scala/gitbucket/core/controller/ReleasesController.scala

@@ -63,8 +63,8 @@ trait ReleaseControllerBase extends ControllerBase {
     )
   })
 
-  get("/:owner/:repository/releases/:tag")(referrersOnly { repository =>
+  get("/:owner/:repository/releases/*")(referrersOnly { repository =>
-    val tagName = params("tag")
+    val tagName = multiParams("splat").head
     getRelease(repository.owner, repository.name, tagName)
       .map { release =>
         html.release(
@@ -77,8 +77,8 @@ trait ReleaseControllerBase extends ControllerBase {
       .getOrElse(NotFound())
   })
 
-  get("/:owner/:repository/releases/:tag/assets/:fileId")(referrersOnly { repository =>
+  get("/:owner/:repository/releases/*/assets/:fileId")(referrersOnly { repository =>
-    val tagName = params("tag")
+    val tagName = multiParams("splat").head
     val fileId = params("fileId")
     (for {
       _ <- repository.tags.find(_.name == tagName)
@@ -93,8 +93,8 @@ trait ReleaseControllerBase extends ControllerBase {
     }).getOrElse(NotFound())
   })
 
-  get("/:owner/:repository/releases/:tag/create")(writableUsersOnly { repository =>
+  get("/:owner/:repository/releases/*/create")(writableUsersOnly { repository =>
-    val tagName = params("tag")
+    val tagName = multiParams("splat").head
     val previousTags = repository.tags.takeWhile(_.name != tagName).reverse
 
     repository.tags
@@ -105,33 +105,35 @@ trait ReleaseControllerBase extends ControllerBase {
       .getOrElse(NotFound())
   })
 
-  post("/:owner/:repository/releases/:tag/create", releaseForm)(writableUsersOnly { (form, repository) =>
+  post("/:owner/:repository/releases/*/create", releaseForm)(writableUsersOnly { (form, repository) =>
-    val tagName = params("tag")
+    context.withLoginAccount {
-    val loginAccount = context.loginAccount.get
+      loginAccount =>
+        val tagName = multiParams("splat").head
 
-    // Insert into RELEASE
+        // Insert into RELEASE
-    createRelease(repository.owner, repository.name, form.name, form.content, tagName, loginAccount)
+        createRelease(repository.owner, repository.name, form.name, form.content, tagName, loginAccount)
 
-    // Insert into RELEASE_ASSET
+        // Insert into RELEASE_ASSET
-    val files = params.toMap.collect {
+        val files = params.toMap.collect {
-      case (name, value) if name.startsWith("file:") =>
+          case (name, value) if name.startsWith("file:") =>
-        val Array(_, fileId) = name.split(":")
+            val Array(_, fileId) = name.split(":")
-        (fileId, value)
+            (fileId, value)
+        }
+        files.foreach {
+          case (fileId, fileName) =>
+            val size =
+              new File(
+                getReleaseFilesDir(repository.owner, repository.name),
+                FileUtil.checkFilename(tagName + "/" + fileId)
+              ).length
+            createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
+        }
+
+        val releaseInfo = ReleaseInfo(repository.owner, repository.name, loginAccount.userName, form.name, tagName)
+        recordActivity(releaseInfo)
+
+        redirect(s"/${repository.owner}/${repository.name}/releases/${tagName}")
     }
-    files.foreach {
-      case (fileId, fileName) =>
-        val size =
-          new File(
-            getReleaseFilesDir(repository.owner, repository.name),
-            FileUtil.checkFilename(tagName + "/" + fileId)
-          ).length
-        createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
-    }
-
-    val releaseInfo = ReleaseInfo(repository.owner, repository.name, loginAccount.userName, form.name, tagName)
-    recordActivity(releaseInfo)
-
-    redirect(s"/${repository.owner}/${repository.name}/releases/${tagName}")
   })
 
   get("/:owner/:repository/changelog/*...*")(writableUsersOnly { repository =>
@@ -150,8 +152,8 @@ trait ReleaseControllerBase extends ControllerBase {
     commitLog
   })
 
-  get("/:owner/:repository/releases/:tag/edit")(writableUsersOnly { repository =>
+  get("/:owner/:repository/releases/*/edit")(writableUsersOnly { repository =>
-    val tagName = params("tag")
+    val tagName = multiParams("splat").head
     val previousTags = repository.tags.takeWhile(_.name != tagName).reverse
 
     (for {
@@ -168,52 +170,54 @@ trait ReleaseControllerBase extends ControllerBase {
     }).getOrElse(NotFound())
   })
 
-  post("/:owner/:repository/releases/:tag/edit", releaseForm)(writableUsersOnly {
+  post("/:owner/:repository/releases/*/edit", releaseForm)(writableUsersOnly { (form, repository) =>
-    (form, repository) =>
+    context.withLoginAccount {
-      val tagName = params("tag")
+      loginAccount =>
-      val loginAccount = context.loginAccount.get
+        val tagName = multiParams("splat").head
 
-      getRelease(repository.owner, repository.name, tagName)
+        getRelease(repository.owner, repository.name, tagName)
-        .map { release =>
+          .map {
-          // Update RELEASE
+            release =>
-          updateRelease(repository.owner, repository.name, tagName, form.name, form.content)
+              // Update RELEASE
+              updateRelease(repository.owner, repository.name, tagName, form.name, form.content)
 
-          // Delete and Insert RELEASE_ASSET
+              // Delete and Insert RELEASE_ASSET
-          val assets = getReleaseAssets(repository.owner, repository.name, tagName)
+              val assets = getReleaseAssets(repository.owner, repository.name, tagName)
-          deleteReleaseAssets(repository.owner, repository.name, tagName)
+              deleteReleaseAssets(repository.owner, repository.name, tagName)
 
-          val files = params.toMap.collect {
+              val files = params.toMap.collect {
-            case (name, value) if name.startsWith("file:") =>
+                case (name, value) if name.startsWith("file:") =>
-              val Array(_, fileId) = name.split(":")
+                  val Array(_, fileId) = name.split(":")
-              (fileId, value)
+                  (fileId, value)
+              }
+              files.foreach {
+                case (fileId, fileName) =>
+                  val size =
+                    new File(
+                      getReleaseFilesDir(repository.owner, repository.name),
+                      FileUtil.checkFilename(tagName + "/" + fileId)
+                    ).length
+                  createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
+              }
+
+              assets.foreach { asset =>
+                if (!files.exists { case (fileId, _) => fileId == asset.fileName }) {
+                  val file = new File(
+                    getReleaseFilesDir(repository.owner, repository.name),
+                    FileUtil.checkFilename(release.tag + "/" + asset.fileName)
+                  )
+                  FileUtils.forceDelete(file)
+                }
+              }
+
+              redirect(s"/${release.userName}/${release.repositoryName}/releases/${tagName}")
           }
-          files.foreach {
+          .getOrElse(NotFound())
-            case (fileId, fileName) =>
+    }
-              val size =
-                new File(
-                  getReleaseFilesDir(repository.owner, repository.name),
-                  FileUtil.checkFilename(tagName + "/" + fileId)
-                ).length
-              createReleaseAsset(repository.owner, repository.name, tagName, fileId, fileName, size, loginAccount)
-          }
-
-          assets.foreach { asset =>
-            if (!files.exists { case (fileId, _) => fileId == asset.fileName }) {
-              val file = new File(
-                getReleaseFilesDir(repository.owner, repository.name),
-                FileUtil.checkFilename(release.tag + "/" + asset.fileName)
-              )
-              FileUtils.forceDelete(file)
-            }
-          }
-
-          redirect(s"/${release.userName}/${release.repositoryName}/releases/${tagName}")
-        }
-        .getOrElse(NotFound())
   })
 
-  post("/:owner/:repository/releases/:tag/delete")(writableUsersOnly { repository =>
+  post("/:owner/:repository/releases/*/delete")(writableUsersOnly { repository =>
-    val tagName = params("tag")
+    val tagName = multiParams("splat").head
     getRelease(repository.owner, repository.name, tagName).foreach { release =>
       FileUtils.deleteDirectory(
         new File(getReleaseFilesDir(repository.owner, repository.name), FileUtil.checkFilename(release.tag))
@@ -224,7 +228,6 @@ trait ReleaseControllerBase extends ControllerBase {
   })
 
   private def fetchReleases(repository: RepositoryService.RepositoryInfo, page: Int) = {
-
     import gitbucket.core.service.ReleaseService._
 
     val (offset, limit) = ((page - 1) * ReleaseLimit, ReleaseLimit)

src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala

@@ -1,6 +1,6 @@
 package gitbucket.core.controller
 
-import java.time.{LocalDateTime, ZoneId, ZoneOffset}
+import java.time.{LocalDateTime, ZoneOffset}
 import java.util.Date
 
 import gitbucket.core.settings.html
@@ -57,7 +57,8 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     externalWikiUrl: Option[String],
     allowFork: Boolean,
     mergeOptions: Seq[String],
-    defaultMergeOption: String
+    defaultMergeOption: String,
+    safeMode: Boolean
   )
 
   val optionsForm = mapping(
@@ -69,7 +70,8 @@ trait RepositorySettingsControllerBase extends ControllerBase {
     "externalWikiUrl" -> trim(label("External Wiki URL", optional(text(maxlength(200))))),
     "allowFork" -> trim(label("Allow Forking", boolean())),
     "mergeOptions" -> mergeOptions,
-    "defaultMergeOption" -> trim(label("Default merge strategy", text(required)))
+    "defaultMergeOption" -> trim(label("Default merge strategy", text(required))),
+    "safeMode" -> trim(label("XSS protection", boolean()))
   )(OptionsForm.apply).verifying { form =>
     if (!form.mergeOptions.contains(form.defaultMergeOption)) {
       Seq("defaultMergeOption" -> s"This merge strategy isn't enabled.")
@@ -150,7 +152,8 @@ trait RepositorySettingsControllerBase extends ControllerBase {
       form.externalWikiUrl,
       form.allowFork,
       form.mergeOptions,
-      form.defaultMergeOption
+      form.defaultMergeOption,
+      form.safeMode
     )
     flash.update("info", "Repository settings has been updated.")
     redirect(s"/${repository.owner}/${repository.name}/settings/options")
@@ -342,7 +345,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
                 .map(
                   res =>
                     Map(
-                      "status" -> res.getStatusLine(),
+                      "status" -> res.getStatusLine.getStatusCode,
                       "body" -> EntityUtils.toString(res.getEntity()),
                       "headers" -> _headers(res.getAllHeaders())
                   )
@@ -385,54 +388,62 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Rename repository.
    */
   post("/:owner/:repository/settings/rename", renameForm)(ownerOnly { (form, repository) =>
-    if (context.settings.repositoryOperation.rename || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount {
-      if (repository.name != form.repositoryName) {
+      loginAccount =>
-        // Update database and move git repository
+        if (context.settings.repositoryOperation.rename || loginAccount.isAdmin) {
-        renameRepository(repository.owner, repository.name, repository.owner, form.repositoryName)
+          if (repository.name != form.repositoryName) {
-        // Record activity log
+            // Update database and move git repository
-        val renameInfo = RenameRepositoryInfo(
+            renameRepository(repository.owner, repository.name, repository.owner, form.repositoryName)
-          repository.owner,
+            // Record activity log
-          form.repositoryName,
+            val renameInfo = RenameRepositoryInfo(
-          context.loginAccount.get.userName,
+              repository.owner,
-          repository.name
+              form.repositoryName,
-        )
+              loginAccount.userName,
-        recordActivity(renameInfo)
+              repository.name
-      }
+            )
-      redirect(s"/${repository.owner}/${form.repositoryName}")
+            recordActivity(renameInfo)
-    } else Forbidden()
+          }
+          redirect(s"/${repository.owner}/${form.repositoryName}")
+        } else Forbidden()
+    }
   })
 
   /**
    * Transfer repository ownership.
    */
   post("/:owner/:repository/settings/transfer", transferForm)(ownerOnly { (form, repository) =>
-    if (context.settings.repositoryOperation.transfer || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount {
-      // Change repository owner
+      loginAccount =>
-      if (repository.owner != form.newOwner) {
+        if (context.settings.repositoryOperation.transfer || loginAccount.isAdmin) {
-        // Update database and move git repository
+          // Change repository owner
-        renameRepository(repository.owner, repository.name, form.newOwner, repository.name)
+          if (repository.owner != form.newOwner) {
-        // Record activity log
+            // Update database and move git repository
-        val renameInfo = RenameRepositoryInfo(
+            renameRepository(repository.owner, repository.name, form.newOwner, repository.name)
-          form.newOwner,
+            // Record activity log
-          repository.name,
+            val renameInfo = RenameRepositoryInfo(
-          context.loginAccount.get.userName,
+              form.newOwner,
-          repository.owner
+              repository.name,
-        )
+              loginAccount.userName,
-        recordActivity(renameInfo)
+              repository.owner
-      }
+            )
-      redirect(s"/${form.newOwner}/${repository.name}")
+            recordActivity(renameInfo)
-    } else Forbidden()
+          }
+          redirect(s"/${form.newOwner}/${repository.name}")
+        } else Forbidden()
+    }
   })
 
   /**
    * Delete the repository.
    */
   post("/:owner/:repository/settings/delete")(ownerOnly { repository =>
-    if (context.settings.repositoryOperation.delete || context.loginAccount.get.isAdmin) {
+    context.withLoginAccount { loginAccount =>
-      // Delete the repository and related files
+      if (context.settings.repositoryOperation.delete || loginAccount.isAdmin) {
-      deleteRepository(repository.repository)
+        // Delete the repository and related files
-      redirect(s"/${repository.owner}")
+        deleteRepository(repository.repository)
-    } else Forbidden()
+        redirect(s"/${repository.owner}")
+      } else Forbidden()
+    }
   })
 
   /**

src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.controller
 
 import java.io.{File, FileInputStream, FileOutputStream}
-
 import scala.util.Using
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import gitbucket.core.repo.html
@@ -11,12 +10,11 @@ import gitbucket.core.service._
 import gitbucket.core.service.RepositoryCommitFileService.CommitFile
 import gitbucket.core.util._
 import gitbucket.core.util.StringUtil._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.Directory._
-import gitbucket.core.model.Account
+import gitbucket.core.model.{Account, WebHook}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
-import gitbucket.core.util.JGitUtil.CommitInfo
+import gitbucket.core.service.WebHookService.{WebHookCreatePayload, WebHookPushPayload}
 import gitbucket.core.view
 import gitbucket.core.view.helpers
 import org.apache.commons.compress.archivers.{ArchiveEntry, ArchiveOutputStream}
@@ -221,11 +219,8 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       gitbucket.core.repo.html.creating(owner, repository)
     } else {
       params.get("go-get") match {
-        case Some("1") =>
+        case Some("1") => getRepository(owner, repository).map(gitbucket.core.html.goget(_)) getOrElse NotFound()
-          defining(request.paths) { paths =>
+        case _         => referrersOnly(fileList(_))
-            getRepository(owner, repository).map(gitbucket.core.html.goget(_)) getOrElse NotFound()
-          }
-        case _ => referrersOnly(fileList(_))
       }
     }
   }
@@ -271,26 +266,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
               branchName,
               repository,
               logs
-                .map {
+                .map { commit =>
-                  commit =>
+                  (
-                    (
+                    commit.copy(verified = commit.commitSign.flatMap(GpgUtil.verifySign)),
-                      CommitInfo(
+                    JGitUtil.getTagsOnCommit(git, commit.id),
-                        id = commit.id,
+                    getCommitStatusWithSummary(repository.owner, repository.name, commit.id)
-                        shortMessage = commit.shortMessage,
+                  )
-                        fullMessage = commit.fullMessage,
-                        parents = commit.parents,
-                        authorTime = commit.authorTime,
-                        authorName = commit.authorName,
-                        authorEmailAddress = commit.authorEmailAddress,
-                        commitTime = commit.commitTime,
-                        committerName = commit.committerName,
-                        committerEmailAddress = commit.committerEmailAddress,
-                        commitSign = commit.commitSign,
-                        verified = commit.commitSign.flatMap(GpgUtil.verifySign)
-                      ),
-                      JGitUtil.getTagsOnCommit(git, commit.id),
-                      getCommitStatusWithSummary(repository.owner, repository.name, commit.id)
-                    )
                 }
                 .splitWith {
                   case ((commit1, _, _), (commit2, _, _)) =>
@@ -306,74 +287,99 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/new/*")(writableUsersOnly { repository =>
-    val (branch, path) = repository.splitPath(multiParams("splat").head)
+    context.withLoginAccount {
-    val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
+      loginAccount =>
-      .needStatusCheck(context.loginAccount.get.userName)
+        val (branch, path) = repository.splitPath(multiParams("splat").head)
+        val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
+          .needStatusCheck(loginAccount.userName)
 
-    Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
+        Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
-      val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
+          val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
 
-      html.editor(
+          html.editor(
-        branch = branch,
+            branch = branch,
-        repository = repository,
+            repository = repository,
-        pathList = if (path.length == 0) Nil else path.split("/").toList,
+            pathList = if (path.length == 0) Nil else path.split("/").toList,
-        fileName = None,
+            fileName = None,
-        content = JGitUtil.ContentInfo("text", None, None, Some("UTF-8")),
+            content = JGitUtil.ContentInfo("text", None, None, Some("UTF-8")),
-        protectedBranch = protectedBranch,
+            protectedBranch = protectedBranch,
-        commit = revCommit.getName
+            commit = revCommit.getName
-      )
+          )
+        }
     }
   })
 
   get("/:owner/:repository/upload/*")(writableUsersOnly { repository =>
-    val (branch, path) = repository.splitPath(multiParams("splat").head)
+    context.withLoginAccount {
-    val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
+      loginAccount =>
-      .needStatusCheck(context.loginAccount.get.userName)
+        val (branch, path) = repository.splitPath(multiParams("splat").head)
-    Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
+        val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
-      val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
+          .needStatusCheck(loginAccount.userName)
-      html.upload(
+        Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
-        branch,
+          val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
-        repository,
+          html.upload(
-        if (path.length == 0) Nil else path.split("/").toList,
+            branch,
-        protectedBranch,
+            repository,
-        revCommit.name
+            if (path.length == 0) Nil else path.split("/").toList,
-      )
+            protectedBranch,
+            revCommit.name
+          )
+        }
     }
   })
 
   post("/:owner/:repository/upload", uploadForm)(writableUsersOnly { (form, repository) =>
-    val files = form.uploadFiles.split("\n").map { line =>
+    context.withLoginAccount {
-      val i = line.indexOf(':')
+      loginAccount =>
-      CommitFile(line.substring(0, i).trim, line.substring(i + 1).trim)
+        val files = form.uploadFiles
+          .split("\n")
+          .map { line =>
+            val i = line.indexOf(':')
+            CommitFile(line.substring(0, i).trim, line.substring(i + 1).trim)
+          }
+          .toSeq
+
+        val newFiles = files.map { file =>
+          file.copy(name = if (form.path.length == 0) file.name else s"${form.path}/${file.name}")
+        }
+
+        if (form.newBranch) {
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
+          val objectId = _commit(newBranchName, newFiles, loginAccount)
+          val issueId =
+            createIssueAndPullRequest(
+              repository,
+              form.branch,
+              newBranchName,
+              form.commit,
+              objectId.name,
+              form.message,
+              loginAccount
+            )
+          redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+        } else {
+          _commit(form.branch, newFiles, loginAccount)
+          if (form.path.length == 0) {
+            redirect(s"/${repository.owner}/${repository.name}/tree/${form.branch}")
+          } else {
+            redirect(s"/${repository.owner}/${repository.name}/tree/${form.branch}/${form.path}")
+          }
+        }
     }
 
-    val newFiles = files.map { file =>
+    def _commit(
-      file.copy(name = if (form.path.length == 0) file.name else s"${form.path}/${file.name}")
+      branchName: String,
-    }
+      //files: Seq[CommitFile],
-
+      newFiles: Seq[CommitFile],
-    if (form.newBranch) {
+      loginAccount: Account
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
+    ): ObjectId = {
-      val objectId = _commit(newBranchName)
-      val issueId =
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
-      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
-    } else {
-      _commit(form.branch)
-      if (form.path.length == 0) {
-        redirect(s"/${repository.owner}/${repository.name}/tree/${form.branch}")
-      } else {
-        redirect(s"/${repository.owner}/${repository.name}/tree/${form.branch}/${form.path}")
-      }
-    }
-
-    def _commit(branchName: String): ObjectId = {
       commitFiles(
         repository = repository,
         branch = branchName,
-        path = form.path,
+        //path = form.path,
-        files = files.toIndexedSeq,
+        //files = files.toIndexedSeq,
         message = form.message.getOrElse("Add files via upload"),
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
       ) {
         case (git, headTip, builder, inserter) =>
@@ -396,32 +402,36 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/edit/*")(writableUsersOnly { repository =>
-    val (branch, path) = repository.splitPath(multiParams("splat").head)
+    context.withLoginAccount {
-    val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
+      loginAccount =>
-      .needStatusCheck(context.loginAccount.get.userName)
+        val (branch, path) = repository.splitPath(multiParams("splat").head)
+        val protectedBranch = getProtectedBranchInfo(repository.owner, repository.name, branch)
+          .needStatusCheck(loginAccount.userName)
 
-    Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) {
+        Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) {
-      git =>
+          git =>
-        val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
+            val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
 
-        getPathObjectId(git, path, revCommit).map {
+            getPathObjectId(git, path, revCommit)
-          objectId =>
+              .map {
-            val paths = path.split("/")
+                objectId =>
-            val info = EditorConfigUtil.getEditorConfigInfo(git, branch, path)
+                  val paths = path.split("/")
+                  val info = EditorConfigUtil.getEditorConfigInfo(git, branch, path)
 
-            html.editor(
+                  html.editor(
-              branch = branch,
+                    branch = branch,
-              repository = repository,
+                    repository = repository,
-              pathList = paths.take(paths.size - 1).toList,
+                    pathList = paths.take(paths.size - 1).toList,
-              fileName = Some(paths.last),
+                    fileName = Some(paths.last),
-              content = JGitUtil.getContentInfo(git, path, objectId),
+                    content = JGitUtil.getContentInfo(git, path, objectId, repository.repository.options.safeMode),
-              protectedBranch = protectedBranch,
+                    protectedBranch = protectedBranch,
-              commit = revCommit.getName,
+                    commit = revCommit.getName,
-              newLineMode = info.newLineMode,
+                    newLineMode = info.newLineMode,
-              useSoftTabs = info.useSoftTabs,
+                    useSoftTabs = info.useSoftTabs,
-              tabSize = info.tabSize
+                    tabSize = info.tabSize
-            )
+                  )
-        } getOrElse NotFound()
+              } getOrElse NotFound()
+        }
     }
   })
 
@@ -438,7 +448,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
             repository = repository,
             pathList = paths.take(paths.size - 1).toList,
             fileName = paths.last,
-            content = JGitUtil.getContentInfo(git, path, objectId),
+            content = JGitUtil.getContentInfo(git, path, objectId, repository.repository.options.safeMode),
             commit = revCommit.getName
           )
         } getOrElse NotFound()
@@ -446,21 +456,32 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/create", editorForm)(writableUsersOnly { (form, repository) =>
-    if (form.newBranch) {
+    context.withLoginAccount {
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
+      loginAccount =>
-      val objectId = _commit(newBranchName)
+        if (form.newBranch) {
-      val issueId =
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
+          val objectId = _commit(newBranchName, loginAccount)
-      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+          val issueId =
-    } else {
+            createIssueAndPullRequest(
-      _commit(form.branch)
+              repository,
-      redirect(
+              form.branch,
-        s"/${repository.owner}/${repository.name}/blob/${form.branch}/${if (form.path.length == 0) urlEncode(form.newFileName)
+              newBranchName,
-        else s"${form.path}/${urlEncode(form.newFileName)}"}"
+              form.commit,
-      )
+              objectId.name,
+              form.message,
+              loginAccount
+            )
+          redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+        } else {
+          _commit(form.branch, loginAccount)
+          redirect(
+            s"/${repository.owner}/${repository.name}/blob/${form.branch}/${if (form.path.length == 0) urlEncode(form.newFileName)
+            else s"${form.path}/${urlEncode(form.newFileName)}"}"
+          )
+        }
     }
 
-    def _commit(branchName: String): ObjectId = {
+    def _commit(branchName: String, loginAccount: Account): ObjectId = {
       commitFile(
         repository = repository,
         branch = branchName,
@@ -471,28 +492,39 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         charset = form.charset,
         message = form.message.getOrElse(s"Create ${form.newFileName}"),
         commit = form.commit,
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
-      )
+      )._1
     }
   })
 
   post("/:owner/:repository/update", editorForm)(writableUsersOnly { (form, repository) =>
-    if (form.newBranch) {
+    context.withLoginAccount {
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
+      loginAccount =>
-      val objectId = _commit(newBranchName)
+        if (form.newBranch) {
-      val issueId =
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
+          val objectId = _commit(newBranchName, loginAccount)
-      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+          val issueId =
-    } else {
+            createIssueAndPullRequest(
-      _commit(form.branch)
+              repository,
-      redirect(
+              form.branch,
-        s"/${repository.owner}/${repository.name}/blob/${urlEncode(form.branch)}/${if (form.path.length == 0) urlEncode(form.newFileName)
+              newBranchName,
-        else s"${form.path}/${urlEncode(form.newFileName)}"}"
+              form.commit,
-      )
+              objectId.name,
+              form.message,
+              loginAccount
+            )
+          redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+        } else {
+          _commit(form.branch, loginAccount)
+          redirect(
+            s"/${repository.owner}/${repository.name}/blob/${urlEncode(form.branch)}/${if (form.path.length == 0) urlEncode(form.newFileName)
+            else s"${form.path}/${urlEncode(form.newFileName)}"}"
+          )
+        }
     }
 
-    def _commit(branchName: String): ObjectId = {
+    def _commit(branchName: String, loginAccount: Account): ObjectId = {
       commitFile(
         repository = repository,
         branch = branchName,
@@ -507,28 +539,39 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           form.message.getOrElse(s"Rename ${form.oldFileName.get} to ${form.newFileName}")
         },
         commit = form.commit,
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
-      )
+      )._1
     }
   })
 
   post("/:owner/:repository/remove", deleteForm)(writableUsersOnly { (form, repository) =>
-    if (form.newBranch) {
+    context.withLoginAccount {
-      val newBranchName = createNewBranchForPullRequest(repository, form.branch)
+      loginAccount =>
-      val objectId = _commit(newBranchName)
+        if (form.newBranch) {
-      val issueId =
+          val newBranchName = createNewBranchForPullRequest(repository, form.branch, loginAccount)
-        createIssueAndPullRequest(repository, form.branch, newBranchName, form.commit, objectId.name, form.message)
+          val objectId = _commit(newBranchName, loginAccount)
-      redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+          val issueId =
-    } else {
+            createIssueAndPullRequest(
-      _commit(form.branch)
+              repository,
-      redirect(
+              form.branch,
-        s"/${repository.owner}/${repository.name}/tree/${form.branch}${if (form.path.length == 0) ""
+              newBranchName,
-        else "/" + form.path}"
+              form.commit,
-      )
+              objectId.name,
+              form.message,
+              loginAccount
+            )
+          redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
+        } else {
+          _commit(form.branch, loginAccount)
+          redirect(
+            s"/${repository.owner}/${repository.name}/tree/${form.branch}${if (form.path.length == 0) ""
+            else "/" + form.path}"
+          )
+        }
     }
 
-    def _commit(branchName: String): ObjectId = {
+    def _commit(branchName: String, loginAccount: Account): ObjectId = {
       commitFile(
         repository = repository,
         branch = branchName,
@@ -539,26 +582,46 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         charset = "",
         message = form.message.getOrElse(s"Delete ${form.fileName}"),
         commit = form.commit,
-        loginAccount = context.loginAccount.get,
+        loginAccount = loginAccount,
         settings = context.settings
-      )
+      )._1
     }
   })
 
-  private def getNewBranchName(repository: RepositoryInfo): String = {
+  private def getNewBranchName(repository: RepositoryInfo, loginAccount: Account): String = {
     var i = 1
-    val branchNamePrefix = cutTail(context.loginAccount.get.userName.replaceAll("[^a-zA-Z0-9-_]", "-"), 25)
+    val branchNamePrefix = cutTail(loginAccount.userName.replaceAll("[^a-zA-Z0-9-_]", "-"), 25)
     while (repository.branchList.exists(p => p.contains(s"$branchNamePrefix-patch-$i"))) {
       i += 1
     }
     s"$branchNamePrefix-patch-$i"
   }
 
-  private def createNewBranchForPullRequest(repository: RepositoryInfo, baseBranchName: String): String = {
+  private def createNewBranchForPullRequest(
-    val newBranchName = getNewBranchName(repository)
+    repository: RepositoryInfo,
+    baseBranchName: String,
+    loginAccount: Account
+  ): String = {
+    val newBranchName = getNewBranchName(repository, loginAccount)
     Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
       JGitUtil.createBranch(git, baseBranchName, newBranchName)
     }
+    // Call webhook
+    val settings = loadSystemSettings()
+    callWebHookOf(repository.owner, repository.name, WebHook.Create, settings) {
+      for {
+        sender <- Some(loginAccount)
+        owner <- getAccountByUserName(repository.owner)
+      } yield {
+        WebHookCreatePayload(
+          sender,
+          repository,
+          owner,
+          ref = newBranchName,
+          refType = "branch"
+        )
+      }
+    }
     newBranchName
   }
 
@@ -568,12 +631,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     requestBranch: String,
     commitIdFrom: String,
     commitIdTo: String,
-    commitMessage: Option[String]
+    commitMessage: Option[String],
+    loginAccount: Account
   ): Int = {
     val issueId = insertIssue(
       owner = repository.owner,
       repository = repository.name,
-      loginUser = context.loginAccount.get.userName,
+      loginUser = loginAccount.userName,
       title = requestBranch,
       content = commitMessage,
       assignedUserName = None,
@@ -591,7 +655,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       commitIdFrom = commitIdFrom,
       commitIdTo = commitIdTo,
       isDraft = false,
-      loginAccount = context.loginAccount.get,
+      loginAccount = loginAccount,
       settings = context.settings
     )
     issueId
@@ -629,7 +693,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                 branch = id,
                 repository = repository,
                 pathList = path.split("/").toList,
-                content = JGitUtil.getContentInfo(git, path, objectId),
+                content = JGitUtil.getContentInfo(git, path, objectId, repository.repository.options.safeMode),
                 latestCommit = new JGitUtil.CommitInfo(JGitUtil.getLastModifiedCommit(git, revCommit, path)),
                 hasWritePermission = hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
                 isBlame = request.paths(2) == "blame",
@@ -704,26 +768,24 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     try {
       Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) {
         git =>
-          defining(JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))) {
+          val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))
-            revCommit =>
+          val diffs = JGitUtil.getDiffs(git, None, id, true, false)
-              val diffs = JGitUtil.getDiffs(git, None, id, true, false)
+          val oldCommitId = JGitUtil.getParentCommitId(git, id)
-              val oldCommitId = JGitUtil.getParentCommitId(git, id)
 
-              html.commit(
+          html.commit(
-                id,
+            id,
-                new JGitUtil.CommitInfo(revCommit),
+            new JGitUtil.CommitInfo(revCommit),
-                JGitUtil.getBranchesOfCommit(git, revCommit.getName),
+            JGitUtil.getBranchesOfCommit(git, revCommit.getName),
-                JGitUtil.getTagsOfCommit(git, revCommit.getName),
+            JGitUtil.getTagsOfCommit(git, revCommit.getName),
-                getCommitStatusWithSummary(repository.owner, repository.name, revCommit.getName),
+            getCommitStatusWithSummary(repository.owner, repository.name, revCommit.getName),
-                getCommitComments(repository.owner, repository.name, id, true),
+            getCommitComments(repository.owner, repository.name, id, true),
-                repository,
+            repository,
-                diffs,
+            diffs,
-                oldCommitId,
+            oldCommitId,
-                hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
+            hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
-                flash.get("info"),
+            flash.get("info"),
-                flash.get("error")
+            flash.get("error")
-              )
+          )
-          }
       }
     } catch {
       case e: MissingObjectException => NotFound()
@@ -756,20 +818,22 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/commit/:id/comment/new", commentForm)(readableUsersOnly { (form, repository) =>
-    val id = params("id")
+    context.withLoginAccount { loginAccount =>
-    createCommitComment(
+      val id = params("id")
-      repository,
+      createCommitComment(
-      id,
+        repository,
-      context.loginAccount.get,
+        id,
-      form.content,
+        loginAccount,
-      form.fileName,
+        form.content,
-      form.oldLineNumber,
+        form.fileName,
-      form.newLineNumber,
+        form.oldLineNumber,
-      form.diff,
+        form.newLineNumber,
-      form.issueId
+        form.diff,
-    )
+        form.issueId
+      )
 
-    redirect(s"/${repository.owner}/${repository.name}/commit/${id}")
+      redirect(s"/${repository.owner}/${repository.name}/commit/${id}")
+    }
   })
 
   ajaxGet("/:owner/:repository/commit/:id/comment/_form")(readableUsersOnly { repository =>
@@ -791,72 +855,77 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   ajaxPost("/:owner/:repository/commit/:id/comment/_data/new", commentForm)(readableUsersOnly { (form, repository) =>
-    val id = params("id")
+    context.withLoginAccount {
-    val commentId = createCommitComment(
+      loginAccount =>
-      repository,
+        val id = params("id")
-      id,
+        val commentId = createCommitComment(
-      context.loginAccount.get,
+          repository,
-      form.content,
+          id,
-      form.fileName,
+          loginAccount,
-      form.oldLineNumber,
+          form.content,
-      form.newLineNumber,
+          form.fileName,
-      form.diff,
+          form.oldLineNumber,
-      form.issueId
+          form.newLineNumber,
-    )
+          form.diff,
+          form.issueId
+        )
 
-    val comment = getCommitComment(repository.owner, repository.name, commentId.toString).get
+        val comment = getCommitComment(repository.owner, repository.name, commentId.toString).get
-    helper.html
+        helper.html
-      .commitcomment(comment, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
+          .commitcomment(comment, hasDeveloperRole(repository.owner, repository.name, context.loginAccount), repository)
+    }
   })
 
   ajaxGet("/:owner/:repository/commit_comments/_data/:id")(readableUsersOnly { repository =>
-    getCommitComment(repository.owner, repository.name, params("id")) map {
+    context.withLoginAccount {
-      x =>
+      loginAccount =>
-        if (isEditable(x.userName, x.repositoryName, x.commentedUserName)) {
+        getCommitComment(repository.owner, repository.name, params("id")) map {
-          params.get("dataType") collect {
+          x =>
-            case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
+            if (isEditable(x.userName, x.repositoryName, x.commentedUserName, loginAccount)) {
-          } getOrElse {
+              params.get("dataType") collect {
-            contentType = formats("json")
+                case t if t == "html" => html.editcomment(x.content, x.commentId, repository)
-            org.json4s.jackson.Serialization.write(
+              } getOrElse {
-              Map(
+                contentType = formats("json")
-                "content" -> view.Markdown.toHtml(
+                org.json4s.jackson.Serialization.write(
-                  markdown = x.content,
+                  Map(
-                  repository = repository,
+                    "content" -> view.Markdown.toHtml(
-                  branch = repository.repository.defaultBranch,
+                      markdown = x.content,
-                  enableWikiLink = false,
+                      repository = repository,
-                  enableRefsLink = true,
+                      branch = repository.repository.defaultBranch,
-                  enableAnchor = true,
+                      enableWikiLink = false,
-                  enableLineBreaks = true,
+                      enableRefsLink = true,
-                  enableTaskList = true,
+                      enableAnchor = true,
-                  hasWritePermission = true
+                      enableLineBreaks = true,
+                      enableTaskList = true,
+                      hasWritePermission = true
+                    )
+                  )
                 )
-              )
+              }
-            )
+            } else Unauthorized()
-          }
+        } getOrElse NotFound()
-        } else Unauthorized()
+    }
-    } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/commit_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
-    defining(repository.owner, repository.name) {
+    context.withLoginAccount {
-      case (owner, name) =>
+      loginAccount =>
-        getCommitComment(owner, name, params("id")).map { comment =>
+        getCommitComment(repository.owner, repository.name, params("id")).map { comment =>
-          if (isEditable(owner, name, comment.commentedUserName)) {
+          if (isEditable(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
             updateCommitComment(comment.commentId, form.content)
-            redirect(s"/${owner}/${name}/commit_comments/_data/${comment.commentId}")
+            redirect(s"/${repository.owner}/${repository.name}/commit_comments/_data/${comment.commentId}")
           } else Unauthorized()
         } getOrElse NotFound()
     }
   })
 
   ajaxPost("/:owner/:repository/commit_comments/delete/:id")(readableUsersOnly { repository =>
-    defining(repository.owner, repository.name) {
+    context.withLoginAccount { loginAccount =>
-      case (owner, name) =>
+      getCommitComment(repository.owner, repository.name, params("id")).map { comment =>
-        getCommitComment(owner, name, params("id")).map { comment =>
+        if (isEditable(repository.owner, repository.name, comment.commentedUserName, loginAccount)) {
-          if (isEditable(owner, name, comment.commentedUserName)) {
+          Ok(deleteCommitComment(comment.commentId))
-            Ok(deleteCommitComment(comment.commentId))
+        } else Unauthorized()
-          } else Unauthorized()
+      } getOrElse NotFound()
-        } getOrElse NotFound()
     }
   })
 
@@ -924,17 +993,54 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   post("/:owner/:repository/branches")(writableUsersOnly { repository =>
     val newBranchName = params.getOrElse("new", halt(400))
     val fromBranchName = params.getOrElse("from", halt(400))
-    Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
+    Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) {
-      JGitUtil.createBranch(git, fromBranchName, newBranchName)
+      git =>
-    } match {
+        JGitUtil.createBranch(git, fromBranchName, newBranchName) match {
-      case Right(message) =>
+          case Right(message) =>
-        flash.update("info", message)
+            flash.update("info", message)
-        redirect(
+            val settings = loadSystemSettings()
-          s"/${repository.owner}/${repository.name}/tree/${StringUtil.urlEncode(newBranchName).replace("%2F", "/")}"
+            val newCommitId = git.getRepository.resolve(s"refs/heads/${newBranchName}")
-        )
+            val oldCommitId = ObjectId.fromString("0" * 40)
-      case Left(message) =>
+            // call push webhook
-        flash.update("error", message)
+            callWebHookOf(repository.owner, repository.name, WebHook.Push, settings) {
-        redirect(s"/${repository.owner}/${repository.name}/tree/${fromBranchName}")
+              for {
+                pusherAccount <- context.loginAccount
+                ownerAccount <- getAccountByUserName(repository.owner)
+              } yield {
+                WebHookPushPayload(
+                  git,
+                  pusherAccount,
+                  newBranchName,
+                  repository,
+                  List(),
+                  ownerAccount,
+                  newId = newCommitId,
+                  oldId = oldCommitId
+                )
+              }
+            }
+            // call create webhook
+            callWebHookOf(repository.owner, repository.name, WebHook.Create, settings) {
+              for {
+                sender <- context.loginAccount
+                owner <- getAccountByUserName(repository.owner)
+              } yield {
+                WebHookCreatePayload(
+                  sender,
+                  repository,
+                  owner,
+                  ref = newBranchName,
+                  refType = "branch"
+                )
+              }
+            }
+            redirect(
+              s"/${repository.owner}/${repository.name}/tree/${StringUtil.urlEncode(newBranchName).replace("%2F", "/")}"
+            )
+          case Left(message) =>
+            flash.update("error", message)
+            redirect(s"/${repository.owner}/${repository.name}/tree/${fromBranchName}")
+        }
     }
   })
 
@@ -942,16 +1048,19 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    * Deletes branch.
    */
   get("/:owner/:repository/delete/*")(writableUsersOnly { repository =>
-    val branchName = multiParams("splat").head
+    context.withLoginAccount {
-    val userName = context.loginAccount.get.userName
+      loginAccount =>
-    if (repository.repository.defaultBranch != branchName) {
+        val branchName = multiParams("splat").head
-      Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
+        if (repository.repository.defaultBranch != branchName) {
-        git.branchDelete().setForce(true).setBranchNames(branchName).call()
+          Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
-        val deleteBranchInfo = DeleteBranchInfo(repository.owner, repository.name, userName, branchName)
+            git.branchDelete().setForce(true).setBranchNames(branchName).call()
-        recordActivity(deleteBranchInfo)
+            val deleteBranchInfo =
-      }
+              DeleteBranchInfo(repository.owner, repository.name, loginAccount.userName, branchName)
+            recordActivity(deleteBranchInfo)
+          }
+        }
+        redirect(s"/${repository.owner}/${repository.name}/branches")
     }
-    redirect(s"/${repository.owner}/${repository.name}/branches")
   })
 
   /**
@@ -1037,54 +1146,53 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         // get specified commit
         JGitUtil.getDefaultBranch(git, repository, revstr).map {
           case (objectId, revision) =>
-            defining(JGitUtil.getRevCommitFromId(git, objectId)) { revCommit =>
+            val revCommit = JGitUtil.getRevCommitFromId(git, objectId)
-              val lastModifiedCommit =
+            val lastModifiedCommit =
-                if (path == ".") revCommit else JGitUtil.getLastModifiedCommit(git, revCommit, path)
+              if (path == ".") revCommit else JGitUtil.getLastModifiedCommit(git, revCommit, path)
-              val commitCount = JGitUtil.getCommitCount(git, lastModifiedCommit.getName)
+            val commitCount = JGitUtil.getCommitCount(git, lastModifiedCommit.getName)
-              // get files
+            // get files
-              val files = JGitUtil.getFileList(
+            val files = JGitUtil.getFileList(
-                git,
+              git,
-                revision,
+              revision,
-                path,
+              path,
-                context.settings.baseUrl,
+              context.settings.baseUrl,
-                commitCount,
+              commitCount,
-                context.settings.repositoryViewer.maxFiles
+              context.settings.repositoryViewer.maxFiles
-              )
+            )
-              val parentPath = if (path == ".") Nil else path.split("/").toList
+            val parentPath = if (path == ".") Nil else path.split("/").toList
-              // process README
+            // process README
-              val readme = files // files should be sorted alphabetically.
+            val readme = files // files should be sorted alphabetically.
-                .find { file =>
+              .find { file =>
-                  !file.isDirectory && RepositoryService.readmeFiles.contains(file.name.toLowerCase)
+                !file.isDirectory && RepositoryService.readmeFiles.contains(file.name.toLowerCase)
-                }
+              }
-                .map { file =>
+              .map { file =>
-                  val path = (file.name :: parentPath.reverse).reverse
+                val path = (file.name :: parentPath.reverse).reverse
-                  path -> StringUtil.convertFromByteArray(
+                path -> StringUtil.convertFromByteArray(
-                    JGitUtil
+                  JGitUtil
-                      .getContentFromId(Git.open(getRepositoryDir(repository.owner, repository.name)), file.id, true)
+                    .getContentFromId(Git.open(getRepositoryDir(repository.owner, repository.name)), file.id, true)
-                      .get
+                    .get
-                  )
+                )
-                }
+              }
 
-              html.files(
+            html.files(
-                revision,
+              revision,
-                repository,
+              repository,
-                if (path == ".") Nil else path.split("/").toList, // current path
+              if (path == ".") Nil else path.split("/").toList, // current path
-                new JGitUtil.CommitInfo(lastModifiedCommit), // last modified commit
+              new JGitUtil.CommitInfo(lastModifiedCommit), // last modified commit
-                getCommitStatusWithSummary(repository.owner, repository.name, lastModifiedCommit.getName),
+              getCommitStatusWithSummary(repository.owner, repository.name, lastModifiedCommit.getName),
-                commitCount,
+              commitCount,
-                files,
+              files,
-                readme,
+              readme,
-                hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
+              hasDeveloperRole(repository.owner, repository.name, context.loginAccount),
-                getPullRequestFromBranch(
+              getPullRequestFromBranch(
-                  repository.owner,
+                repository.owner,
-                  repository.name,
+                repository.name,
-                  revstr,
+                revstr,
-                  repository.repository.defaultBranch
+                repository.repository.defaultBranch
-                ),
+              ),
-                flash.get("info"),
+              flash.get("info"),
-                flash.get("error")
+              flash.get("error")
-              )
+            )
-            }
         } getOrElse NotFound()
       }
     }
@@ -1115,34 +1223,37 @@ trait RepositoryViewerControllerBase extends ControllerBase {
           }
           if (treeWalk != null) {
             while (treeWalk.next()) {
-              val entryPath =
+              if (treeWalk.getFileMode != FileMode.GITLINK) {
-                if (path.isEmpty) baseName + "/" + treeWalk.getPathString
+                val entryPath =
-                else path.split("/").last + treeWalk.getPathString.substring(path.length)
+                  if (path.isEmpty) baseName + "/" + treeWalk.getPathString
-              val mode = treeWalk.getFileMode.getBits
+                  else path.split("/").last + treeWalk.getPathString.substring(path.length)
-              JGitUtil.openFile(git, repository, commit.getTree, treeWalk.getPathString) { in =>
+                val mode = treeWalk.getFileMode.getBits
-                val tempFile = File.createTempFile("gitbucket", ".archive")
-                val size = Using.resource(new FileOutputStream(tempFile)) { out =>
-                  IOUtils.copy(
-                    EolStreamTypeUtil.wrapInputStream(
-                      in,
-                      EolStreamTypeUtil
-                        .detectStreamType(
-                          OperationType.CHECKOUT_OP,
-                          git.getRepository.getConfig.get(WorkingTreeOptions.KEY),
-                          treeWalk.getAttributes
-                        )
-                    ),
-                    out
-                  )
-                }
 
-                val entry: ArchiveEntry = entryCreator(entryPath, size, date, mode)
+                JGitUtil.openFile(git, repository, commit.getTree, treeWalk.getPathString) { in =>
-                archive.putArchiveEntry(entry)
+                  val tempFile = File.createTempFile("gitbucket", ".archive")
-                Using.resource(new FileInputStream(tempFile)) { in =>
+                  val size = Using.resource(new FileOutputStream(tempFile)) { out =>
-                  IOUtils.copy(in, archive)
+                    IOUtils.copy(
+                      EolStreamTypeUtil.wrapInputStream(
+                        in,
+                        EolStreamTypeUtil
+                          .detectStreamType(
+                            OperationType.CHECKOUT_OP,
+                            git.getRepository.getConfig.get(WorkingTreeOptions.KEY),
+                            treeWalk.getAttributes
+                          )
+                      ),
+                      out
+                    )
+                  }
+
+                  val entry: ArchiveEntry = entryCreator(entryPath, size, date, mode)
+                  archive.putArchiveEntry(entry)
+                  Using.resource(new FileInputStream(tempFile)) { in =>
+                    IOUtils.copy(in, archive)
+                  }
+                  archive.closeArchiveEntry()
+                  tempFile.delete()
                 }
-                archive.closeArchiveEntry()
-                tempFile.delete()
               }
             }
           }
@@ -1204,8 +1315,9 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }
   }
 
-  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
+  private def isEditable(owner: String, repository: String, author: String, loginAccount: Account): Boolean = {
-    hasDeveloperRole(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
+    hasDeveloperRole(owner, repository, Some(loginAccount)) || author == loginAccount.userName
+  }
 
   private def conflict: Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {

src/main/scala/gitbucket/core/controller/SystemSettingsController.scala

@@ -9,7 +9,6 @@ import gitbucket.core.service.{AccountService, RepositoryService}
 import gitbucket.core.ssh.SshServer
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.StringUtil._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.{AdminAuthenticator, Mailer}
 import org.apache.commons.io.IOUtils
 import org.apache.commons.mail.EmailException
@@ -463,31 +462,28 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   })
 
   get("/admin/users/:groupName/_editgroup")(adminOnly {
-    defining(params("groupName")) { groupName =>
+    val groupName = params("groupName")
-      html.usergroup(getAccountByUserName(groupName, true), getGroupMembers(groupName))
+    html.usergroup(getAccountByUserName(groupName, true), getGroupMembers(groupName))
-    }
   })
 
   post("/admin/users/:groupName/_editgroup", editGroupForm)(adminOnly { form =>
-    defining(
+    val groupName = params("groupName")
-      params("groupName"),
+    val members = form.members
-      form.members
+      .split(",")
-        .split(",")
+      .map {
-        .map {
+        _.split(":") match {
-          _.split(":") match {
+          case Array(userName, isManager) => (userName, isManager.toBoolean)
-            case Array(userName, isManager) => (userName, isManager.toBoolean)
-          }
         }
-        .toList
+      }
-    ) {
+      .toList
-      case (groupName, members) =>
-        getAccountByUserName(groupName, true).map {
-          account =>
-            updateGroup(groupName, form.description, form.url, form.isRemoved)
 
-            if (form.isRemoved) {
+    getAccountByUserName(groupName, true).map {
-              // Remove from GROUP_MEMBER
+      account =>
-              updateGroupMembers(form.groupName, Nil)
+        updateGroup(groupName, form.description, form.url, form.isRemoved)
+
+        if (form.isRemoved) {
+          // Remove from GROUP_MEMBER
+          updateGroupMembers(form.groupName, Nil)
 //          // Remove repositories
 //          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
 //            deleteRepository(groupName, repositoryName)
@@ -495,9 +491,9 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 //            FileUtils.deleteDirectory(getWikiRepositoryDir(groupName, repositoryName))
 //            FileUtils.deleteDirectory(getTemporaryDir(groupName, repositoryName))
 //          }
-            } else {
+        } else {
-              // Update GROUP_MEMBER
+          // Update GROUP_MEMBER
-              updateGroupMembers(form.groupName, members)
+          updateGroupMembers(form.groupName, members)
 //          // Update COLLABORATOR for group repositories
 //          getRepositoryNamesOfUser(form.groupName).foreach { repositoryName =>
 //            removeCollaborators(form.groupName, repositoryName)
@@ -505,13 +501,12 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
 //              addCollaborator(form.groupName, repositoryName, userName)
 //            }
 //          }
-            }
+        }
 
-            updateImage(form.groupName, form.fileId, form.clearImage)
+        updateImage(form.groupName, form.fileId, form.clearImage)
-            redirect("/admin/users")
+        redirect("/admin/users")
 
-        } getOrElse NotFound()
+    } getOrElse NotFound()
-    }
   })
 
   get("/admin/data")(adminOnly {
@@ -559,12 +554,11 @@ trait SystemSettingsControllerBase extends AccountManagementControllerBase {
   protected def disableByNotYourself(paramName: String): Constraint =
     new Constraint() {
       override def validate(name: String, value: String, messages: Messages): Option[String] = {
-        params.get(paramName).flatMap { userName =>
+        for {
-          if (userName == context.loginAccount.get.userName && params.get("removed") == Some("true"))
+          userName <- params.get(paramName)
-            Some("You can't disable your account yourself")
+          loginAccount <- context.loginAccount
-          else
+          if userName == loginAccount.userName && params.get("removed") == Some("true")
-            None
+        } yield "You can't disable your account yourself"
-        }
       }
     }
 

src/main/scala/gitbucket/core/controller/WikiController.scala

@@ -136,32 +136,38 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/wiki/:page/_revert/:commitId")(readableUsersOnly { repository =>
-    if (isEditable(repository)) {
+    context.withLoginAccount {
-      val pageName = StringUtil.urlDecode(params("page"))
+      loginAccount =>
-      val Array(from, to) = params("commitId").split("\\.\\.\\.")
+        if (isEditable(repository)) {
+          val pageName = StringUtil.urlDecode(params("page"))
+          val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-      if (revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, Some(pageName))) {
+          if (revertWikiPage(repository.owner, repository.name, from, to, loginAccount, Some(pageName))) {
-        redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}")
+            redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}")
-      } else {
+          } else {
-        flash.update("info", "This patch was not able to be reversed.")
+            flash.update("info", "This patch was not able to be reversed.")
-        redirect(
+            redirect(
-          s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_compare/${from}...${to}"
+              s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_compare/${from}...${to}"
-        )
+            )
-      }
+          }
-    } else Unauthorized()
+        } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/_revert/:commitId")(readableUsersOnly { repository =>
-    if (isEditable(repository)) {
+    context.withLoginAccount {
-      val Array(from, to) = params("commitId").split("\\.\\.\\.")
+      loginAccount =>
+        if (isEditable(repository)) {
+          val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
-      if (revertWikiPage(repository.owner, repository.name, from, to, context.loginAccount.get, None)) {
+          if (revertWikiPage(repository.owner, repository.name, from, to, loginAccount, None)) {
-        redirect(s"/${repository.owner}/${repository.name}/wiki")
+            redirect(s"/${repository.owner}/${repository.name}/wiki")
-      } else {
+          } else {
-        flash.update("info", "This patch was not able to be reversed.")
+            flash.update("info", "This patch was not able to be reversed.")
-        redirect(s"/${repository.owner}/${repository.name}/wiki/_compare/${from}...${to}")
+            redirect(s"/${repository.owner}/${repository.name}/wiki/_compare/${from}...${to}")
-      }
+          }
-    } else Unauthorized()
+        } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/:page/_edit")(readableUsersOnly { repository =>
@@ -172,9 +178,9 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/wiki/_edit", editForm)(readableUsersOnly { (form, repository) =>
-    if (isEditable(repository)) {
+    context.withLoginAccount {
-      defining(context.loginAccount.get) {
+      loginAccount =>
-        loginAccount =>
+        if (isEditable(repository)) {
           saveWikiPage(
             repository.owner,
             repository.name,
@@ -201,8 +207,8 @@ trait WikiControllerBase extends ControllerBase {
           } else {
             redirect(s"/${repository.owner}/${repository.name}/wiki")
           }
-      }
+        } else Unauthorized()
-    } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/_new")(readableUsersOnly { repository =>
@@ -212,9 +218,9 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/wiki/_new", newForm)(readableUsersOnly { (form, repository) =>
-    if (isEditable(repository)) {
+    context.withLoginAccount {
-      defining(context.loginAccount.get) {
+      loginAccount =>
-        loginAccount =>
+        if (isEditable(repository)) {
           saveWikiPage(
             repository.owner,
             repository.name,
@@ -242,27 +248,35 @@ trait WikiControllerBase extends ControllerBase {
           } else {
             redirect(s"/${repository.owner}/${repository.name}/wiki")
           }
-      }
+        } else Unauthorized()
-    } else Unauthorized()
+    }
   })
 
   get("/:owner/:repository/wiki/:page/_delete")(readableUsersOnly { repository =>
-    if (isEditable(repository)) {
+    context.withLoginAccount {
-      val pageName = StringUtil.urlDecode(params("page"))
+      loginAccount =>
+        if (isEditable(repository)) {
+          val pageName = StringUtil.urlDecode(params("page"))
+          deleteWikiPage(
+            repository.owner,
+            repository.name,
+            pageName,
+            loginAccount.fullName,
+            loginAccount.mailAddress,
+            s"Destroyed ${pageName}"
+          )
+          val deleteWikiInfo = DeleteWikiInfo(
+            repository.owner,
+            repository.name,
+            loginAccount.userName,
+            pageName
+          )
+          recordActivity(deleteWikiInfo)
+          updateLastActivityDate(repository.owner, repository.name)
 
-      defining(context.loginAccount.get) { loginAccount =>
+          redirect(s"/${repository.owner}/${repository.name}/wiki")
-        val deleteWikiInfo = DeleteWikiInfo(
+        } else Unauthorized()
-          repository.owner,
+    }
-          repository.name,
-          loginAccount.userName,
-          pageName
-        )
-        recordActivity(deleteWikiInfo)
-        updateLastActivityDate(repository.owner, repository.name)
-
-        redirect(s"/${repository.owner}/${repository.name}/wiki")
-      }
-    } else Unauthorized()
   })
 
   get("/:owner/:repository/wiki/_pages")(referrersOnly { repository =>

src/main/scala/gitbucket/core/controller/api/ApiIssueCommentControllerBase.scala

@@ -4,7 +4,7 @@ import gitbucket.core.controller.{Context, ControllerBase}
 import gitbucket.core.service._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.{ReadableUsersAuthenticator, ReferrerAuthenticator, RepositoryName}
-import org.scalatra.{ActionResult, NoContent}
+import org.scalatra.ActionResult
 
 trait ApiIssueCommentControllerBase extends ControllerBase {
   self: AccountService

src/main/scala/gitbucket/core/controller/api/ApiIssueControllerBase.scala

@@ -5,7 +5,7 @@ import gitbucket.core.model.{Account, Issue}
 import gitbucket.core.service.{AccountService, IssueCreationService, IssuesService, MilestonesService}
 import gitbucket.core.service.IssuesService.IssueSearchCondition
 import gitbucket.core.service.PullRequestService.PullRequestLimit
-import gitbucket.core.util.{ReadableUsersAuthenticator, ReferrerAuthenticator, RepositoryName, UsersAuthenticator}
+import gitbucket.core.util.{ReadableUsersAuthenticator, ReferrerAuthenticator, RepositoryName}
 import gitbucket.core.util.Implicits._
 
 trait ApiIssueControllerBase extends ControllerBase {

src/main/scala/gitbucket/core/controller/api/ApiOrganizationControllerBase.scala

@@ -1,5 +1,5 @@
 package gitbucket.core.controller.api
-import gitbucket.core.api.{ApiGroup, CreateAGroup, ApiRepository, ApiUser, JsonFormat}
+import gitbucket.core.api.{ApiGroup, CreateAGroup, JsonFormat}
 import gitbucket.core.controller.ControllerBase
 import gitbucket.core.service.{AccountService, RepositoryService}
 import gitbucket.core.util.Implicits._

src/main/scala/gitbucket/core/controller/api/ApiPullRequestControllerBase.scala

@@ -230,9 +230,9 @@ trait ApiPullRequestControllerBase extends ControllerBase {
       if (checkConflict(repository.owner, repository.name, pullReq.branch, issueId).isDefined) {
         NoContent
       } else {
-        NotFound
+        NotFound()
       }
-    }).getOrElse(NotFound)
+    }).getOrElse(NotFound())
   })
 
   /*

src/main/scala/gitbucket/core/controller/api/ApiReleaseControllerBase.scala

@@ -1,5 +1,5 @@
 package gitbucket.core.controller.api
-import java.io.{ByteArrayInputStream, File}
+import java.io.File
 
 import gitbucket.core.api._
 import gitbucket.core.controller.ControllerBase
@@ -7,9 +7,8 @@ import gitbucket.core.service.{AccountService, ReleaseService}
 import gitbucket.core.util.Directory.getReleaseFilesDir
 import gitbucket.core.util.{FileUtil, ReferrerAuthenticator, RepositoryName, WritableUsersAuthenticator}
 import gitbucket.core.util.Implicits._
-import gitbucket.core.util.SyntaxSugars.defining
 import org.apache.commons.io.FileUtils
-import org.scalatra.{Created, NoContent}
+import org.scalatra.NoContent
 
 trait ApiReleaseControllerBase extends ControllerBase {
   self: AccountService with ReleaseService with ReferrerAuthenticator with WritableUsersAuthenticator =>
@@ -120,41 +119,40 @@ trait ApiReleaseControllerBase extends ControllerBase {
    * ix. Upload a release asset
    * https://developer.github.com/v3/repos/releases/#upload-a-release-asset
    */
-  post("/api/v3/repos/:owner/:repository/releases/:tag/assets")(writableUsersOnly { repository =>
+  post("/api/v3/repos/:owner/:repository/releases/:tag/assets")(writableUsersOnly {
-    val name = params("name")
+    repository =>
-    val tag = params("tag")
+      val name = params("name")
-    getRelease(repository.owner, repository.name, tag)
+      val tag = params("tag")
-      .map {
+      getRelease(repository.owner, repository.name, tag)
-        release =>
+        .map { release =>
-          defining(FileUtil.generateFileId) { fileId =>
+          val fileId = FileUtil.generateFileId
-            val buf = new Array[Byte](request.inputStream.available())
+          val buf = new Array[Byte](request.inputStream.available())
-            request.inputStream.read(buf)
+          request.inputStream.read(buf)
-            FileUtils.writeByteArrayToFile(
+          FileUtils.writeByteArrayToFile(
-              new File(
+            new File(
-                getReleaseFilesDir(repository.owner, repository.name),
+              getReleaseFilesDir(repository.owner, repository.name),
-                FileUtil.checkFilename(tag + "/" + fileId)
+              FileUtil.checkFilename(tag + "/" + fileId)
-              ),
+            ),
-              buf
+            buf
-            )
+          )
-            createReleaseAsset(
+          createReleaseAsset(
-              repository.owner,
+            repository.owner,
-              repository.name,
+            repository.name,
-              tag,
+            tag,
-              fileId,
+            fileId,
-              name,
+            name,
-              request.contentLength.getOrElse(0),
+            request.contentLength.getOrElse(0),
-              context.loginAccount.get
+            context.loginAccount.get
-            )
+          )
-            getReleaseAsset(repository.owner, repository.name, tag, fileId)
+          getReleaseAsset(repository.owner, repository.name, tag, fileId)
-              .map { asset =>
+            .map { asset =>
-                JsonFormat(ApiReleaseAsset(asset, RepositoryName(repository)))
+              JsonFormat(ApiReleaseAsset(asset, RepositoryName(repository)))
-              }
+            }
-              .getOrElse {
+            .getOrElse {
-                ApiError("Unknown error")
+              ApiError("Unknown error")
-              }
+            }
-          }
+        }
-      }
+        .getOrElse(NotFound())
-      .getOrElse(NotFound())
   })
 
   /**

src/main/scala/gitbucket/core/controller/api/ApiRepositoryContentsControllerBase.scala

@@ -1,10 +1,9 @@
 package gitbucket.core.controller.api
-import gitbucket.core.api.{ApiContents, ApiError, CreateAFile, JsonFormat}
+import gitbucket.core.api.{ApiCommit, ApiContents, ApiError, CreateAFile, JsonFormat}
 import gitbucket.core.controller.ControllerBase
-import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service.{RepositoryCommitFileService, RepositoryService}
 import gitbucket.core.util.Directory.getRepositoryDir
-import gitbucket.core.util.JGitUtil.{FileInfo, getContentFromId, getFileList}
+import gitbucket.core.util.JGitUtil.{CommitInfo, FileInfo, getContentFromId, getFileList}
 import gitbucket.core.util._
 import gitbucket.core.view.helpers.{isRenderable, renderMarkup}
 import gitbucket.core.util.Implicits._
@@ -36,7 +35,7 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
 
   /**
    * ii. Get contents
-   * https://developer.github.com/v3/repos/contents/#get-contents
+   * https://docs.github.com/en/rest/reference/repos#get-repository-content
    */
   get("/api/v3/repos/:owner/:repository/contents")(referrersOnly { repository =>
     getContents(repository, ".", params.getOrElse("ref", repository.repository.defaultBranch))
@@ -44,34 +43,34 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
 
   /**
    * ii. Get contents
-   * https://developer.github.com/v3/repos/contents/#get-contents
+   * https://docs.github.com/en/rest/reference/repos#get-repository-content
    */
   get("/api/v3/repos/:owner/:repository/contents/*")(referrersOnly { repository =>
     getContents(repository, multiParams("splat").head, params.getOrElse("ref", repository.repository.defaultBranch))
   })
 
+  private def getFileInfo(git: Git, revision: String, pathStr: String, ignoreCase: Boolean): Option[FileInfo] = {
+    val (dirName, fileName) = pathStr.lastIndexOf('/') match {
+      case -1 =>
+        (".", pathStr)
+      case n =>
+        (pathStr.take(n), pathStr.drop(n + 1))
+    }
+    if (ignoreCase) {
+      getFileList(git, revision, dirName, maxFiles = context.settings.repositoryViewer.maxFiles)
+        .find(_.name.toLowerCase.equals(fileName.toLowerCase))
+    } else {
+      getFileList(git, revision, dirName, maxFiles = context.settings.repositoryViewer.maxFiles)
+        .find(_.name.equals(fileName))
+    }
+  }
+
   private def getContents(
     repository: RepositoryService.RepositoryInfo,
     path: String,
     refStr: String,
     ignoreCase: Boolean = false
   ) = {
-    def getFileInfo(git: Git, revision: String, pathStr: String, ignoreCase: Boolean): Option[FileInfo] = {
-      val (dirName, fileName) = pathStr.lastIndexOf('/') match {
-        case -1 =>
-          (".", pathStr)
-        case n =>
-          (pathStr.take(n), pathStr.drop(n + 1))
-      }
-      if (ignoreCase) {
-        getFileList(git, revision, dirName, maxFiles = context.settings.repositoryViewer.maxFiles)
-          .find(_.name.toLowerCase.equals(fileName.toLowerCase))
-      } else {
-        getFileList(git, revision, dirName, maxFiles = context.settings.repositoryViewer.maxFiles)
-          .find(_.name.equals(fileName))
-      }
-    }
-
     Using.resource(Git.open(getRepositoryDir(params("owner"), params("repository")))) { git =>
       val fileList = getFileList(git, refStr, path, maxFiles = context.settings.repositoryViewer.maxFiles)
       if (fileList.isEmpty) { // file or NotFound
@@ -127,56 +126,88 @@ trait ApiRepositoryContentsControllerBase extends ControllerBase {
       }
     }
   }
-  /*
+
+  /**
    * iii. Create a file or iv. Update a file
-   * https://developer.github.com/v3/repos/contents/#create-a-file
+   * https://docs.github.com/en/rest/reference/repos#create-or-update-file-contents
-   * https://developer.github.com/v3/repos/contents/#update-a-file
    * if sha is presented, update a file else create a file.
    * requested #2112
    */
-
   put("/api/v3/repos/:owner/:repository/contents/*")(writableUsersOnly { repository =>
-    JsonFormat(for {
+    context.withLoginAccount {
-      data <- extractFromJsonBody[CreateAFile]
+      loginAccount =>
-    } yield {
+        JsonFormat(for {
-      val branch = data.branch.getOrElse(repository.repository.defaultBranch)
+          data <- extractFromJsonBody[CreateAFile]
-      val commit = Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
+        } yield {
-        val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
+          val branch = data.branch.getOrElse(repository.repository.defaultBranch)
-        revCommit.name
+          val commit = Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
-      }
+            val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(branch))
-      val paths = multiParams("splat").head.split("/")
+            revCommit.name
-      val path = paths.take(paths.size - 1).toList.mkString("/")
+          }
-      if (data.sha.isDefined && data.sha.get != commit) {
+          val paths = multiParams("splat").head.split("/")
-        ApiError("The blob SHA is not matched.", Some("https://developer.github.com/v3/repos/contents/#update-a-file"))
+          val path = paths.take(paths.size - 1).toList.mkString("/")
-      } else {
+          Using.resource(Git.open(getRepositoryDir(params("owner"), params("repository")))) {
-        val objectId = commitFile(
+            git =>
-          repository,
+              val fileInfo = getFileInfo(git, commit, path, false)
-          branch,
+
-          path,
+              fileInfo match {
-          Some(paths.last),
+                case Some(f) if !data.sha.contains(f.id.getName) =>
-          data.sha.map(_ => paths.last),
+                  ApiError(
-          StringUtil.base64Decode(data.content),
+                    "The blob SHA is not matched.",
-          data.message,
+                    Some("https://docs.github.com/en/rest/reference/repos#create-or-update-file-contents")
-          commit,
+                  )
-          context.loginAccount.get,
+                case _ =>
-          data.committer.map(_.name).getOrElse(context.loginAccount.get.fullName),
+                  val (commitId, blobId) = commitFile(
-          data.committer.map(_.email).getOrElse(context.loginAccount.get.mailAddress),
+                    repository,
-          context.settings
+                    branch,
-        )
+                    path,
-        ApiContents("file", paths.last, path, objectId.name, None, None)(RepositoryName(repository))
+                    Some(paths.last),
-      }
+                    data.sha.map(_ => paths.last),
-    })
+                    StringUtil.base64Decode(data.content),
+                    data.message,
+                    commit,
+                    loginAccount,
+                    data.committer.map(_.name).getOrElse(loginAccount.fullName),
+                    data.committer.map(_.email).getOrElse(loginAccount.mailAddress),
+                    context.settings
+                  )
+
+                  blobId match {
+                    case None =>
+                      ApiError("Failed to commit a file.", None)
+                    case Some(blobId) =>
+                      Map(
+                        "content" -> ApiContents(
+                          "file",
+                          paths.last,
+                          path,
+                          blobId.name,
+                          Some(data.content),
+                          Some("base64")
+                        )(RepositoryName(repository)),
+                        "commit" -> ApiCommit(
+                          git,
+                          RepositoryName(repository),
+                          new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
+                        )
+                      )
+                  }
+              }
+          }
+        })
+    }
   })
 
   /*
    * v. Delete a file
-   * https://developer.github.com/v3/repos/contents/#delete-a-file
+   * https://docs.github.com/en/rest/reference/repos#delete-a-file
    * should be implemented
    */
 
   /*
- * vi. Get archive link
+ * vi. Download a repository archive (tar/zip)
- * https://developer.github.com/v3/repos/contents/#get-archive-link
+ * https://docs.github.com/en/rest/reference/repos#download-a-repository-archive-tar
+ * https://docs.github.com/en/rest/reference/repos#download-a-repository-archive-zip
  */
 
 }

src/main/scala/gitbucket/core/controller/api/ApiRepositoryControllerBase.scala

@@ -8,6 +8,7 @@ import gitbucket.core.util._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.model.Profile.profile.blockingApi._
 import org.eclipse.jgit.api.Git
+import org.scalatra.Forbidden
 
 import scala.concurrent.Await
 import scala.concurrent.duration.Duration
@@ -26,7 +27,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * i. List your repositories
-   * https://developer.github.com/v3/repos/#list-your-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-repositories-for-the-authenticated-user
    */
   get("/api/v3/user/repos")(usersOnly {
     JsonFormat(getVisibleRepositories(context.loginAccount, Option(context.loginAccount.get.userName)).map { r =>
@@ -36,7 +37,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * ii. List user repositories
-   * https://developer.github.com/v3/repos/#list-user-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-repositories-for-a-user
    */
   get("/api/v3/users/:userName/repos") {
     JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("userName"))).map { r =>
@@ -46,7 +47,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * iii. List organization repositories
-   * https://developer.github.com/v3/repos/#list-organization-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-organization-repositories
    */
   get("/api/v3/orgs/:orgName/repos") {
     JsonFormat(getVisibleRepositories(context.loginAccount, Some(params("orgName"))).map { r =>
@@ -56,7 +57,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * iv. List all public repositories
-   * https://developer.github.com/v3/repos/#list-public-repositories
+   * https://docs.github.com/en/rest/reference/repos#list-public-repositories
    */
   get("/api/v3/repositories") {
     JsonFormat(getPublicRepositories().map { r =>
@@ -66,13 +67,12 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * v. Create
-   * https://developer.github.com/v3/repos/#create
    * Implemented with two methods (user/orgs)
    */
 
   /**
    * Create user repository
-   * https://developer.github.com/v3/repos/#create
+   * https://docs.github.com/en/rest/reference/repos#create-a-repository-for-the-authenticated-user
    */
   post("/api/v3/user/repos")(usersOnly {
     val owner = context.loginAccount.get.userName
@@ -80,7 +80,12 @@ trait ApiRepositoryControllerBase extends ControllerBase {
       data <- extractFromJsonBody[CreateARepository] if data.isValid
     } yield {
       LockUtil.lock(s"${owner}/${data.name}") {
-        if (getRepository(owner, data.name).isEmpty) {
+        if (getRepository(owner, data.name).isDefined) {
+          ApiError(
+            "A repository with this name already exists on this account",
+            Some("https://developer.github.com/v3/repos/#create")
+          )
+        } else {
           val f = createRepository(
             context.loginAccount.get,
             owner,
@@ -95,11 +100,6 @@ trait ApiRepositoryControllerBase extends ControllerBase {
             getRepository(owner, data.name)(session).get
           }
           JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(owner).get)))
-        } else {
-          ApiError(
-            "A repository with this name already exists on this account",
-            Some("https://developer.github.com/v3/repos/#create")
-          )
         }
       }
     }) getOrElse NotFound()
@@ -107,15 +107,22 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /**
    * Create group repository
-   * https://developer.github.com/v3/repos/#create
+   * https://docs.github.com/en/rest/reference/repos#create-an-organization-repository
    */
-  post("/api/v3/orgs/:org/repos")(managersOnly {
+  post("/api/v3/orgs/:org/repos")(usersOnly {
     val groupName = params("org")
     (for {
       data <- extractFromJsonBody[CreateARepository] if data.isValid
     } yield {
       LockUtil.lock(s"${groupName}/${data.name}") {
-        if (getRepository(groupName, data.name).isEmpty) {
+        if (getRepository(groupName, data.name).isDefined) {
+          ApiError(
+            "A repository with this name already exists for this group",
+            Some("https://developer.github.com/v3/repos/#create")
+          )
+        } else if (!canCreateRepository(groupName, context.loginAccount.get)) {
+          Forbidden()
+        } else {
           val f = createRepository(
             context.loginAccount.get,
             groupName,
@@ -129,11 +136,6 @@ trait ApiRepositoryControllerBase extends ControllerBase {
             getRepository(groupName, data.name).get
           }
           JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(groupName).get)))
-        } else {
-          ApiError(
-            "A repository with this name already exists for this group",
-            Some("https://developer.github.com/v3/repos/#create")
-          )
         }
       }
     }) getOrElse NotFound()
@@ -141,7 +143,7 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * vi. Get
-   * https://developer.github.com/v3/repos/#get
+   * https://docs.github.com/en/rest/reference/repos#get-a-repository
    */
   get("/api/v3/repos/:owner/:repository")(referrersOnly { repository =>
     JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(repository.owner).get)))
@@ -149,32 +151,32 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * vii. Edit
-   * https://developer.github.com/v3/repos/#edit
+   * https://docs.github.com/en/rest/reference/repos#update-a-repository
    */
 
   /*
    * viii. List all topics for a repository
-   * https://developer.github.com/v3/repos/#list-all-topics-for-a-repository
+   * https://docs.github.com/en/rest/reference/repos#get-all-repository-topics
    */
 
   /*
    * ix. Replace all topics for a repository
-   * https://developer.github.com/v3/repos/#replace-all-topics-for-a-repository
+   * https://docs.github.com/en/rest/reference/repos#replace-all-repository-topics
    */
 
   /*
    * x. List contributors
-   * https://developer.github.com/v3/repos/#list-contributors
+   * https://docs.github.com/en/rest/reference/repos#list-repository-contributors
    */
 
   /*
    * xi. List languages
-   * https://developer.github.com/v3/repos/#list-languages
+   * https://docs.github.com/en/rest/reference/repos#list-repository-languages
    */
 
   /*
    * xii. List teams
-   * https://developer.github.com/v3/repos/#list-teams
+   * https://docs.github.com/en/rest/reference/repos#list-repository-teams
    */
 
   /*
@@ -189,12 +191,12 @@ trait ApiRepositoryControllerBase extends ControllerBase {
 
   /*
    * xiv. Delete a repository
-   * https://developer.github.com/v3/repos/#delete-a-repository
+   * https://docs.github.com/en/rest/reference/repos#delete-a-repository
    */
 
   /*
    * xv. Transfer a repository
-   * https://developer.github.com/v3/repos/#transfer-a-repository
+   * https://docs.github.com/en/rest/reference/repos#transfer-a-repository
    */
 
   /**

src/main/scala/gitbucket/core/controller/api/ApiUserControllerBase.scala

@@ -104,7 +104,7 @@ trait ApiUserControllerBase extends ControllerBase {
    */
   delete("/api/v3/users/:userName/suspended")(adminOnly {
     val userName = params("userName")
-    getAccountByUserName(userName) match {
+    getAccountByUserName(userName, true) match {
       case Some(targetAccount) =>
         updateAccount(targetAccount.copy(isRemoved = false))
         NoContent()

src/main/scala/gitbucket/core/model/AccessToken.scala

@@ -10,7 +10,7 @@ trait AccessTokenComponent { self: Profile =>
     val userName = column[String]("USER_NAME")
     val tokenHash = column[String]("TOKEN_HASH")
     val note = column[String]("NOTE")
-    def * = (accessTokenId, userName, tokenHash, note) <> (AccessToken.tupled, AccessToken.unapply)
+    def * = (accessTokenId, userName, tokenHash, note).<>(AccessToken.tupled, AccessToken.unapply)
   }
 }
 case class AccessToken(

src/main/scala/gitbucket/core/model/Account.scala

@@ -35,7 +35,7 @@ trait AccountComponent { self: Profile =>
         groupAccount,
         removed,
         description.?
-      ) <> (Account.tupled, Account.unapply)
+      ).<>(Account.tupled, Account.unapply)
   }
 }
 

src/main/scala/gitbucket/core/model/AccountExtraMailAddress.scala

@@ -9,7 +9,7 @@ trait AccountExtraMailAddressComponent { self: Profile =>
     val userName = column[String]("USER_NAME", O PrimaryKey)
     val extraMailAddress = column[String]("EXTRA_MAIL_ADDRESS", O PrimaryKey)
     def * =
-      (userName, extraMailAddress) <> (AccountExtraMailAddress.tupled, AccountExtraMailAddress.unapply)
+      (userName, extraMailAddress).<>(AccountExtraMailAddress.tupled, AccountExtraMailAddress.unapply)
   }
 }
 

src/main/scala/gitbucket/core/model/AccountFederation.scala

@@ -9,7 +9,7 @@ trait AccountFederationComponent { self: Profile =>
     val issuer = column[String]("ISSUER")
     val subject = column[String]("SUBJECT")
     val userName = column[String]("USER_NAME")
-    def * = (issuer, subject, userName) <> (AccountFederation.tupled, AccountFederation.unapply)
+    def * = (issuer, subject, userName).<>(AccountFederation.tupled, AccountFederation.unapply)
 
     def byPrimaryKey(issuer: String, subject: String): Rep[Boolean] =
       (this.issuer === issuer.bind) && (this.subject === subject.bind)

src/main/scala/gitbucket/core/model/AccountPreference.scala

@@ -9,7 +9,7 @@ trait AccountPreferenceComponent { self: Profile =>
     val userName = column[String]("USER_NAME", O PrimaryKey)
     val highlighterTheme = column[String]("HIGHLIGHTER_THEME")
     def * =
-      (userName, highlighterTheme) <> (AccountPreference.tupled, AccountPreference.unapply)
+      (userName, highlighterTheme).<>(AccountPreference.tupled, AccountPreference.unapply)
 
     def byPrimaryKey(userName: String): Rep[Boolean] = this.userName === userName.bind
   }

src/main/scala/gitbucket/core/model/AccountWebHook.scala

@@ -3,7 +3,7 @@ package gitbucket.core.model
 trait AccountWebHookComponent extends TemplateComponent { self: Profile =>
   import profile.api._
 
-  private implicit val whContentTypeColumnType =
+  private implicit val whContentTypeColumnType: BaseColumnType[WebHookContentType] =
     MappedColumnType.base[WebHookContentType, String](whct => whct.code, code => WebHookContentType.valueOf(code))
 
   lazy val AccountWebHooks = TableQuery[AccountWebHooks]
@@ -12,7 +12,7 @@ trait AccountWebHookComponent extends TemplateComponent { self: Profile =>
     val url = column[String]("URL")
     val token = column[Option[String]]("TOKEN")
     val ctype = column[WebHookContentType]("CTYPE")
-    def * = (userName, url, ctype, token) <> ((AccountWebHook.apply _).tupled, AccountWebHook.unapply)
+    def * = (userName, url, ctype, token).<>((AccountWebHook.apply _).tupled, AccountWebHook.unapply)
 
     def byPrimaryKey(userName: String, url: String) = (this.userName === userName.bind) && (this.url === url.bind)
   }

src/main/scala/gitbucket/core/model/AccountWebHookEvent.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.model
 
-trait AccountWebHookEventComponent extends TemplateComponent {
+trait AccountWebHookEventComponent extends TemplateComponent { self: Profile =>
-  self: Profile =>
-
   import profile.api._
   import gitbucket.core.model.Profile.AccountWebHooks
 
@@ -14,7 +12,7 @@ trait AccountWebHookEventComponent extends TemplateComponent {
     val url = column[String]("URL")
     val event = column[WebHook.Event]("EVENT")
 
-    def * = (userName, url, event) <> ((AccountWebHookEvent.apply _).tupled, AccountWebHookEvent.unapply)
+    def * = (userName, url, event).<>((AccountWebHookEvent.apply _).tupled, AccountWebHookEvent.unapply)
 
     def byAccountWebHook(userName: String, url: String) = (this.userName === userName.bind) && (this.url === url.bind)
 

src/main/scala/gitbucket/core/model/Collaborator.scala

@@ -8,7 +8,7 @@ trait CollaboratorComponent extends TemplateComponent { self: Profile =>
   class Collaborators(tag: Tag) extends Table[Collaborator](tag, "COLLABORATOR") with BasicTemplate {
     val collaboratorName = column[String]("COLLABORATOR_NAME")
     val role = column[String]("ROLE")
-    def * = (userName, repositoryName, collaboratorName, role) <> (Collaborator.tupled, Collaborator.unapply)
+    def * = (userName, repositoryName, collaboratorName, role).<>(Collaborator.tupled, Collaborator.unapply)
 
     def byPrimaryKey(owner: String, repository: String, collaborator: String) =
       byRepository(owner, repository) && (collaboratorName === collaborator.bind)

src/main/scala/gitbucket/core/model/Comment.scala

@@ -20,7 +20,8 @@ trait IssueCommentComponent extends TemplateComponent { self: Profile =>
     val registeredDate = column[java.util.Date]("REGISTERED_DATE")
     val updatedDate = column[java.util.Date]("UPDATED_DATE")
     def * =
-      (userName, repositoryName, issueId, commentId, action, commentedUserName, content, registeredDate, updatedDate) <> (IssueComment.tupled, IssueComment.unapply)
+      (userName, repositoryName, issueId, commentId, action, commentedUserName, content, registeredDate, updatedDate)
+        .<>(IssueComment.tupled, IssueComment.unapply)
 
     def byPrimaryKey(commentId: Int) = this.commentId === commentId.bind
   }
@@ -74,7 +75,7 @@ trait CommitCommentComponent extends TemplateComponent { self: Profile =>
         originalCommitId,
         originalOldLine,
         originalNewLine
-      ) <> (CommitComment.tupled, CommitComment.unapply)
+      ).<>(CommitComment.tupled, CommitComment.unapply)
 
     def byPrimaryKey(commentId: Int) = this.commentId === commentId.bind
   }

src/main/scala/gitbucket/core/model/CommitStatus.scala

@@ -4,7 +4,8 @@ trait CommitStatusComponent extends TemplateComponent { self: Profile =>
   import profile.api._
   import self._
 
-  implicit val commitStateColumnType = MappedColumnType.base[CommitState, String](b => b.name, i => CommitState(i))
+  implicit val commitStateColumnType: BaseColumnType[CommitState] =
+    MappedColumnType.base[CommitState, String](b => b.name, i => CommitState(i))
 
   lazy val CommitStatuses = TableQuery[CommitStatuses]
   class CommitStatuses(tag: Tag) extends Table[CommitStatus](tag, "COMMIT_STATUS") with CommitTemplate {
@@ -29,7 +30,7 @@ trait CommitStatusComponent extends TemplateComponent { self: Profile =>
         creator,
         registeredDate,
         updatedDate
-      ) <> ((CommitStatus.apply _).tupled, CommitStatus.unapply)
+      ).<>((CommitStatus.apply _).tupled, CommitStatus.unapply)
     def byPrimaryKey(id: Int) = commitStatusId === id.bind
   }
 }
@@ -77,7 +78,7 @@ object CommitState {
 
   val values: Vector[CommitState] = Vector(PENDING, SUCCESS, ERROR, FAILURE)
 
-  private val map: Map[String, CommitState] = values.map(enum => enum.name -> enum).toMap
+  private val map: Map[String, CommitState] = values.map(e => e.name -> e).toMap
 
   def apply(name: String): CommitState = map(name)
 

src/main/scala/gitbucket/core/model/DeployKey.scala

@@ -11,7 +11,7 @@ trait DeployKeyComponent extends TemplateComponent { self: Profile =>
     val publicKey = column[String]("PUBLIC_KEY")
     val allowWrite = column[Boolean]("ALLOW_WRITE")
     def * =
-      (userName, repositoryName, deployKeyId, title, publicKey, allowWrite) <> (DeployKey.tupled, DeployKey.unapply)
+      (userName, repositoryName, deployKeyId, title, publicKey, allowWrite).<>(DeployKey.tupled, DeployKey.unapply)
 
     def byPrimaryKey(userName: String, repositoryName: String, deployKeyId: Int) =
       (this.userName === userName.bind) && (this.repositoryName === repositoryName.bind) && (this.deployKeyId === deployKeyId.bind)

src/main/scala/gitbucket/core/model/GpgKey.scala

@@ -11,7 +11,7 @@ trait GpgKeyComponent { self: Profile =>
     val gpgKeyId = column[Long]("GPG_KEY_ID")
     val title = column[String]("TITLE")
     val publicKey = column[String]("PUBLIC_KEY")
-    def * = (userName, keyId, gpgKeyId, title, publicKey) <> (GpgKey.tupled, GpgKey.unapply)
+    def * = (userName, keyId, gpgKeyId, title, publicKey).<>(GpgKey.tupled, GpgKey.unapply)
 
     def byPrimaryKey(userName: String, keyId: Int) =
       (this.userName === userName.bind) && (this.keyId === keyId.bind)

src/main/scala/gitbucket/core/model/GroupMembers.scala

@@ -9,7 +9,7 @@ trait GroupMemberComponent { self: Profile =>
     val groupName = column[String]("GROUP_NAME", O PrimaryKey)
     val userName = column[String]("USER_NAME", O PrimaryKey)
     val isManager = column[Boolean]("MANAGER")
-    def * = (groupName, userName, isManager) <> (GroupMember.tupled, GroupMember.unapply)
+    def * = (groupName, userName, isManager).<>(GroupMember.tupled, GroupMember.unapply)
   }
 }
 

src/main/scala/gitbucket/core/model/Issue.scala

@@ -49,7 +49,7 @@ trait IssueComponent extends TemplateComponent { self: Profile =>
         registeredDate,
         updatedDate,
         pullRequest
-      ) <> (Issue.tupled, Issue.unapply)
+      ).<>(Issue.tupled, Issue.unapply)
 
     def byPrimaryKey(owner: String, repository: String, issueId: Int) = byIssue(owner, repository, issueId)
   }

src/main/scala/gitbucket/core/model/IssueLabels.scala

@@ -6,7 +6,7 @@ trait IssueLabelComponent extends TemplateComponent { self: Profile =>
   lazy val IssueLabels = TableQuery[IssueLabels]
 
   class IssueLabels(tag: Tag) extends Table[IssueLabel](tag, "ISSUE_LABEL") with IssueTemplate with LabelTemplate {
-    def * = (userName, repositoryName, issueId, labelId) <> (IssueLabel.tupled, IssueLabel.unapply)
+    def * = (userName, repositoryName, issueId, labelId).<>(IssueLabel.tupled, IssueLabel.unapply)
     def byPrimaryKey(owner: String, repository: String, issueId: Int, labelId: Int) =
       byIssue(owner, repository, issueId) && (this.labelId === labelId.bind)
   }

src/main/scala/gitbucket/core/model/Labels.scala

@@ -9,7 +9,7 @@ trait LabelComponent extends TemplateComponent { self: Profile =>
     override val labelId = column[Int]("LABEL_ID", O AutoInc)
     override val labelName = column[String]("LABEL_NAME")
     val color = column[String]("COLOR")
-    def * = (userName, repositoryName, labelId, labelName, color) <> (Label.tupled, Label.unapply)
+    def * = (userName, repositoryName, labelId, labelName, color).<>(Label.tupled, Label.unapply)
 
     def byPrimaryKey(owner: String, repository: String, labelId: Int) = byLabel(owner, repository, labelId)
     def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], labelId: Rep[Int]) =

src/main/scala/gitbucket/core/model/Milestone.scala

@@ -13,7 +13,8 @@ trait MilestoneComponent extends TemplateComponent { self: Profile =>
     val dueDate = column[Option[java.util.Date]]("DUE_DATE")
     val closedDate = column[Option[java.util.Date]]("CLOSED_DATE")
     def * =
-      (userName, repositoryName, milestoneId, title, description, dueDate, closedDate) <> (Milestone.tupled, Milestone.unapply)
+      (userName, repositoryName, milestoneId, title, description, dueDate, closedDate)
+        .<>(Milestone.tupled, Milestone.unapply)
 
     def byPrimaryKey(owner: String, repository: String, milestoneId: Int) = byMilestone(owner, repository, milestoneId)
     def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], milestoneId: Rep[Int]) =

src/main/scala/gitbucket/core/model/Priorities.scala

@@ -13,7 +13,8 @@ trait PriorityComponent extends TemplateComponent { self: Profile =>
     val isDefault = column[Boolean]("IS_DEFAULT")
     val color = column[String]("COLOR")
     def * =
-      (userName, repositoryName, priorityId, priorityName, description.?, isDefault, ordering, color) <> (Priority.tupled, Priority.unapply)
+      (userName, repositoryName, priorityId, priorityName, description.?, isDefault, ordering, color)
+        .<>(Priority.tupled, Priority.unapply)
 
     def byPrimaryKey(owner: String, repository: String, priorityId: Int) = byPriority(owner, repository, priorityId)
     def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], priorityId: Rep[Int]) =

src/main/scala/gitbucket/core/model/Profile.scala

@@ -10,15 +10,17 @@ trait Profile {
   /**
    * java.util.Date Mapped Column Types
    */
-  implicit val dateColumnType = MappedColumnType.base[java.util.Date, java.sql.Timestamp](
+  implicit val dateColumnType: BaseColumnType[java.util.Date] =
-    d => new java.sql.Timestamp(d.getTime),
+    MappedColumnType.base[java.util.Date, java.sql.Timestamp](
-    t => new java.util.Date(t.getTime)
+      d => new java.sql.Timestamp(d.getTime),
-  )
+      t => new java.util.Date(t.getTime)
+    )
 
   /**
    * WebHookBase.Event Column Types
    */
-  implicit val eventColumnType = MappedColumnType.base[WebHook.Event, String](_.name, WebHook.Event.valueOf(_))
+  implicit val eventColumnType: BaseColumnType[WebHook.Event] =
+    MappedColumnType.base[WebHook.Event, String](_.name, WebHook.Event.valueOf(_))
 
   /**
    * Extends Column to add conditional condition
@@ -45,7 +47,7 @@ trait CoreProfile
     with Profile
     with AccessTokenComponent
     with AccountComponent
-    with ActivityComponent // ActivityComponent has been deprecated, but keep it for binary compatibility
+    with ActivityComponent
     with CollaboratorComponent
     with CommitCommentComponent
     with CommitStatusComponent

src/main/scala/gitbucket/core/model/ProtectedBranch.scala

@@ -7,7 +7,7 @@ trait ProtectedBranchComponent extends TemplateComponent { self: Profile =>
   lazy val ProtectedBranches = TableQuery[ProtectedBranches]
   class ProtectedBranches(tag: Tag) extends Table[ProtectedBranch](tag, "PROTECTED_BRANCH") with BranchTemplate {
     val statusCheckAdmin = column[Boolean]("STATUS_CHECK_ADMIN")
-    def * = (userName, repositoryName, branch, statusCheckAdmin) <> (ProtectedBranch.tupled, ProtectedBranch.unapply)
+    def * = (userName, repositoryName, branch, statusCheckAdmin).<>(ProtectedBranch.tupled, ProtectedBranch.unapply)
     def byPrimaryKey(userName: String, repositoryName: String, branch: String) =
       byBranch(userName, repositoryName, branch)
     def byPrimaryKey(userName: Rep[String], repositoryName: Rep[String], branch: Rep[String]) =
@@ -20,7 +20,7 @@ trait ProtectedBranchComponent extends TemplateComponent { self: Profile =>
       with BranchTemplate {
     val context = column[String]("CONTEXT")
     def * =
-      (userName, repositoryName, branch, context) <> (ProtectedBranchContext.tupled, ProtectedBranchContext.unapply)
+      (userName, repositoryName, branch, context).<>(ProtectedBranchContext.tupled, ProtectedBranchContext.unapply)
   }
 }
 

src/main/scala/gitbucket/core/model/PullRequest.scala

@@ -25,7 +25,7 @@ trait PullRequestComponent extends TemplateComponent { self: Profile =>
         commitIdFrom,
         commitIdTo,
         isDraft
-      ) <> (PullRequest.tupled, PullRequest.unapply)
+      ).<>(PullRequest.tupled, PullRequest.unapply)
 
     def byPrimaryKey(userName: String, repositoryName: String, issueId: Int) =
       byIssue(userName, repositoryName, issueId)

src/main/scala/gitbucket/core/model/ReleaseAsset.scala

@@ -2,9 +2,7 @@ package gitbucket.core.model
 
 import java.util.Date
 
-trait ReleaseAssetComponent extends TemplateComponent {
+trait ReleaseAssetComponent extends TemplateComponent { self: Profile =>
-  self: Profile =>
-
   import profile.api._
   import self._
 
@@ -21,7 +19,8 @@ trait ReleaseAssetComponent extends TemplateComponent {
     val updatedDate = column[Date]("UPDATED_DATE")
 
     def * =
-      (userName, repositoryName, tag, releaseAssetId, fileName, label, size, uploader, registeredDate, updatedDate) <> (ReleaseAsset.tupled, ReleaseAsset.unapply)
+      (userName, repositoryName, tag, releaseAssetId, fileName, label, size, uploader, registeredDate, updatedDate)
+        .<>(ReleaseAsset.tupled, ReleaseAsset.unapply)
     def byPrimaryKey(owner: String, repository: String, tag: String, fileName: String) =
       byTag(owner, repository, tag) && (this.fileName === fileName.bind)
     def byTag(owner: String, repository: String, tag: String) =

src/main/scala/gitbucket/core/model/ReleaseTag.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.model
 
-trait ReleaseTagComponent extends TemplateComponent {
+trait ReleaseTagComponent extends TemplateComponent { self: Profile =>
-  self: Profile =>
-
   import profile.api._
   import self._
 
@@ -17,7 +15,8 @@ trait ReleaseTagComponent extends TemplateComponent {
     val updatedDate = column[java.util.Date]("UPDATED_DATE")
 
     def * =
-      (userName, repositoryName, name, tag, author, content, registeredDate, updatedDate) <> (ReleaseTag.tupled, ReleaseTag.unapply)
+      (userName, repositoryName, name, tag, author, content, registeredDate, updatedDate)
+        .<>(ReleaseTag.tupled, ReleaseTag.unapply)
     def byPrimaryKey(owner: String, repository: String, tag: String) = byTag(owner, repository, tag)
     def byTag(owner: String, repository: String, tag: String) =
       byRepository(owner, repository) && (this.tag === tag.bind)

src/main/scala/gitbucket/core/model/Repository.scala

@@ -24,6 +24,7 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
     val allowFork = column[Boolean]("ALLOW_FORK")
     val mergeOptions = column[String]("MERGE_OPTIONS")
     val defaultMergeOption = column[String]("DEFAULT_MERGE_OPTION")
+    val safeMode = column[Boolean]("SAFE_MODE")
 
     def * =
       (
@@ -41,47 +42,58 @@ trait RepositoryComponent extends TemplateComponent { self: Profile =>
           parentUserName.?,
           parentRepositoryName.?
         ),
-        (issuesOption, externalIssuesUrl.?, wikiOption, externalWikiUrl.?, allowFork, mergeOptions, defaultMergeOption)
+        (
-      ).shaped <> ({
+          issuesOption,
-        case (repository, options) =>
+          externalIssuesUrl.?,
-          Repository(
+          wikiOption,
-            repository._1,
+          externalWikiUrl.?,
-            repository._2,
+          allowFork,
-            repository._3,
+          mergeOptions,
-            repository._4,
+          defaultMergeOption,
-            repository._5,
+          safeMode
-            repository._6,
+        )
-            repository._7,
+      ).shaped.<>(
-            repository._8,
+        {
-            repository._9,
+          case (repository, options) =>
-            repository._10,
+            Repository(
-            repository._11,
+              repository._1,
-            repository._12,
+              repository._2,
-            RepositoryOptions.tupled.apply(options)
+              repository._3,
-          )
+              repository._4,
-      }, { (r: Repository) =>
+              repository._5,
-        Some(
+              repository._6,
-          (
+              repository._7,
+              repository._8,
+              repository._9,
+              repository._10,
+              repository._11,
+              repository._12,
+              RepositoryOptions.tupled.apply(options)
+            )
+        }, { (r: Repository) =>
+          Some(
             (
-              r.userName,
+              (
-              r.repositoryName,
+                r.userName,
-              r.isPrivate,
+                r.repositoryName,
-              r.description,
+                r.isPrivate,
-              r.defaultBranch,
+                r.description,
-              r.registeredDate,
+                r.defaultBranch,
-              r.updatedDate,
+                r.registeredDate,
-              r.lastActivityDate,
+                r.updatedDate,
-              r.originUserName,
+                r.lastActivityDate,
-              r.originRepositoryName,
+                r.originUserName,
-              r.parentUserName,
+                r.originRepositoryName,
-              r.parentRepositoryName
+                r.parentUserName,
-            ),
+                r.parentRepositoryName
-            (
+              ),
-              RepositoryOptions.unapply(r.options).get
+              (
+                RepositoryOptions.unapply(r.options).get
+              )
             )
           )
-        )
+        }
-      })
+      )
 
     def byPrimaryKey(owner: String, repository: String) = byRepository(owner, repository)
   }
@@ -110,5 +122,6 @@ case class RepositoryOptions(
   externalWikiUrl: Option[String],
   allowFork: Boolean,
   mergeOptions: String,
-  defaultMergeOption: String
+  defaultMergeOption: String,
+  safeMode: Boolean
 )

src/main/scala/gitbucket/core/model/RepositoryWebHook.scala

@@ -3,7 +3,7 @@ package gitbucket.core.model
 trait RepositoryWebHookComponent extends TemplateComponent { self: Profile =>
   import profile.api._
 
-  implicit val whContentTypeColumnType =
+  implicit val whContentTypeColumnType: BaseColumnType[WebHookContentType] =
     MappedColumnType.base[WebHookContentType, String](whct => whct.code, code => WebHookContentType.valueOf(code))
 
   lazy val RepositoryWebHooks = TableQuery[RepositoryWebHooks]
@@ -14,7 +14,8 @@ trait RepositoryWebHookComponent extends TemplateComponent { self: Profile =>
     val token = column[Option[String]]("TOKEN")
     val ctype = column[WebHookContentType]("CTYPE")
     def * =
-      (userName, repositoryName, hookId, url, ctype, token) <> ((RepositoryWebHook.apply _).tupled, RepositoryWebHook.unapply)
+      (userName, repositoryName, hookId, url, ctype, token)
+        .<>((RepositoryWebHook.apply _).tupled, RepositoryWebHook.unapply)
 
     def byRepositoryUrl(owner: String, repository: String, url: String) =
       byRepository(owner, repository) && (this.url === url.bind)

src/main/scala/gitbucket/core/model/RepositoryWebHookEvent.scala

@@ -12,7 +12,7 @@ trait RepositoryWebHookEventComponent extends TemplateComponent { self: Profile
     val url = column[String]("URL")
     val event = column[WebHook.Event]("EVENT")
     def * =
-      (userName, repositoryName, url, event) <> ((RepositoryWebHookEvent.apply _).tupled, RepositoryWebHookEvent.unapply)
+      (userName, repositoryName, url, event).<>((RepositoryWebHookEvent.apply _).tupled, RepositoryWebHookEvent.unapply)
 
     def byRepositoryWebHook(owner: String, repository: String, url: String) =
       byRepository(owner, repository) && (this.url === url.bind)

src/main/scala/gitbucket/core/model/SshKey.scala

@@ -10,7 +10,7 @@ trait SshKeyComponent { self: Profile =>
     val sshKeyId = column[Int]("SSH_KEY_ID", O AutoInc)
     val title = column[String]("TITLE")
     val publicKey = column[String]("PUBLIC_KEY")
-    def * = (userName, sshKeyId, title, publicKey) <> (SshKey.tupled, SshKey.unapply)
+    def * = (userName, sshKeyId, title, publicKey).<>(SshKey.tupled, SshKey.unapply)
 
     def byPrimaryKey(userName: String, sshKeyId: Int) =
       (this.userName === userName.bind) && (this.sshKeyId === sshKeyId.bind)

src/main/scala/gitbucket/core/model/WebHook.scala

@@ -8,7 +8,7 @@ object WebHookContentType {
 
   val values: Vector[WebHookContentType] = Vector(JSON, FORM)
 
-  private val map: Map[String, WebHookContentType] = values.map(enum => enum.code -> enum).toMap
+  private val map: Map[String, WebHookContentType] = values.map(e => e.code -> e).toMap
 
   def apply(code: String): WebHookContentType = map(code)
 

src/main/scala/gitbucket/core/service/AccessTokenService.scala

@@ -21,13 +21,13 @@ trait AccessTokenService {
    * @return (TokenId, Token)
    */
   def generateAccessToken(userName: String, note: String)(implicit s: Session): (Int, String) = {
-    var token: String = null
+    var token: String = makeAccessTokenString
-    var hash: String = null
+    var hash: String = tokenToHash(token)
 
-    do {
+    while (AccessTokens.filter(_.tokenHash === hash.bind).exists.run) {
       token = makeAccessTokenString
       hash = tokenToHash(token)
-    } while (AccessTokens.filter(_.tokenHash === hash.bind).exists.run)
+    }
 
     val newToken = AccessToken(userName = userName, note = note, tokenHash = hash)
     val tokenId = (AccessTokens returning AccessTokens.map(_.accessTokenId)) insert newToken

src/main/scala/gitbucket/core/service/AccountService.scala

@@ -105,13 +105,13 @@ trait AccountService {
   }
 
   def getAccountByUserName(userName: String, includeRemoved: Boolean = false)(implicit s: Session): Option[Account] =
-    Accounts filter (t => (t.userName === userName.bind) && (t.removed === false.bind, !includeRemoved)) firstOption
+    Accounts filter (t => (t.userName === userName.bind).&&(t.removed === false.bind, !includeRemoved)) firstOption
 
   def getAccountByUserNameIgnoreCase(userName: String, includeRemoved: Boolean = false)(
     implicit s: Session
   ): Option[Account] =
     Accounts filter (
-      t => (t.userName.toLowerCase === userName.toLowerCase.bind) && (t.removed === false.bind, !includeRemoved)
+      t => (t.userName.toLowerCase === userName.toLowerCase.bind).&&(t.removed === false.bind, !includeRemoved)
     ) firstOption
 
   def getAccountsByUserNames(userNames: Set[String], knowns: Set[Account], includeRemoved: Boolean = false)(
@@ -123,7 +123,7 @@ trait AccountService {
       map
     } else {
       map ++ Accounts
-        .filter(t => (t.userName inSetBind needs) && (t.removed === false.bind, !includeRemoved))
+        .filter(t => (t.userName inSetBind needs).&&(t.removed === false.bind, !includeRemoved))
         .list
         .map(a => a.userName -> a)
         .toMap
@@ -140,15 +140,15 @@ trait AccountService {
             (x.map { e =>
                 e.extraMailAddress.toLowerCase === mailAddress.toLowerCase.bind
               }
-              .getOrElse(false.bind))) && (a.removed === false.bind, !includeRemoved)
+              .getOrElse(false.bind))).&&(a.removed === false.bind, !includeRemoved)
       }
       .map { case (a, e) => a } firstOption
 
   def getAllUsers(includeRemoved: Boolean = true, includeGroups: Boolean = true)(implicit s: Session): List[Account] = {
     Accounts filter { t =>
-      (1.bind === 1.bind) &&
+      (1.bind === 1.bind)
-      (t.groupAccount === false.bind, !includeGroups) &&
+        .&&(t.groupAccount === false.bind, !includeGroups)
-      (t.removed === false.bind, !includeRemoved)
+        .&&(t.removed === false.bind, !includeRemoved)
     } sortBy (_.userName) list
   }
 

src/main/scala/gitbucket/core/service/ActivityService.scala

@@ -1,8 +1,6 @@
 package gitbucket.core.service
 
 import gitbucket.core.model.Activity
-import gitbucket.core.util.JGitUtil
-import gitbucket.core.model.Profile._
 import gitbucket.core.util.Directory._
 import org.json4s._
 import org.json4s.jackson.Serialization
@@ -11,10 +9,8 @@ import org.json4s.jackson.Serialization.{read, write}
 import scala.util.Using
 import java.io.FileOutputStream
 import java.nio.charset.StandardCharsets
-import java.util.UUID
 
 import gitbucket.core.controller.Context
-import gitbucket.core.model.activity.BaseActivityInfo
 import org.apache.commons.io.input.ReversedLinesFileReader
 
 import scala.collection.mutable.ListBuffer
@@ -22,7 +18,7 @@ import scala.collection.mutable.ListBuffer
 trait ActivityService {
   self: RequestCache =>
 
-  private implicit val formats = Serialization.formats(NoTypeHints)
+  private implicit val formats: Formats = Serialization.formats(NoTypeHints)
 
   private def writeLog(activity: Activity): Unit = {
     Using.resource(new FileOutputStream(ActivityLog, true)) { out =>
@@ -98,6 +94,8 @@ trait ActivityService {
     }
   }
 
-  def recordActivity[T <: { def toActivity: Activity }](info: T): Unit =
+  def recordActivity[T <: { def toActivity: Activity }](info: T): Unit = {
+    import scala.language.reflectiveCalls
     writeLog(info.toActivity)
+  }
 }

src/main/scala/gitbucket/core/service/HandleCommentService.scala

@@ -13,7 +13,6 @@ import gitbucket.core.model.activity.{
 }
 import gitbucket.core.plugin.{IssueHook, PluginRegistry}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 
 trait HandleCommentService {
@@ -34,105 +33,104 @@ trait HandleCommentService {
     actionOpt: Option[String]
   )(implicit context: Context, s: Session) = {
     context.loginAccount.flatMap { loginAccount =>
-      defining(repository.owner, repository.name) {
+      val owner = repository.owner
-        case (owner, name) =>
+      val name = repository.name
-          val userName = loginAccount.userName
+      val userName = loginAccount.userName
 
-          actionOpt.collect {
+      actionOpt.collect {
-            case "close" if !issue.closed =>
+        case "close" if !issue.closed =>
-              updateClosed(owner, name, issue.issueId, true)
+          updateClosed(owner, name, issue.issueId, true)
-            case "reopen" if issue.closed =>
+        case "reopen" if issue.closed =>
-              updateClosed(owner, name, issue.issueId, false)
+          updateClosed(owner, name, issue.issueId, false)
-          }
-
-          val (action, _) = actionOpt
-            .collect {
-              case "close" if !issue.closed =>
-                val info = if (issue.isPullRequest) {
-                  ClosePullRequestInfo(owner, name, userName, issue.issueId, issue.title)
-                } else {
-                  CloseIssueInfo(owner, name, userName, issue.issueId, issue.title)
-                }
-                recordActivity(info)
-                Some("close") -> info
-              case "reopen" if issue.closed =>
-                val info = if (issue.isPullRequest) {
-                  ReopenPullRequestInfo(owner, name, userName, issue.issueId, issue.title)
-                } else {
-                  ReopenIssueInfo(owner, name, userName, issue.issueId, issue.title)
-                }
-                recordActivity(info)
-                Some("reopen") -> info
-            }
-            .getOrElse(None -> None)
-
-          val commentId = (content, action) match {
-            case (None, None) => None
-            case (None, Some(action)) =>
-              Some(createComment(owner, name, userName, issue.issueId, action.capitalize, action))
-            case (Some(content), _) =>
-              val id = Some(
-                createComment(
-                  owner,
-                  name,
-                  userName,
-                  issue.issueId,
-                  content,
-                  action.map(_ + "_comment").getOrElse("comment")
-                )
-              )
-
-              // record comment activity
-              val commentInfo = if (issue.isPullRequest) {
-                PullRequestCommentInfo(owner, name, userName, content, issue.issueId)
-              } else {
-                IssueCommentInfo(owner, name, userName, content, issue.issueId)
-              }
-              recordActivity(commentInfo)
-
-              // extract references and create refer comment
-              createReferComment(owner, name, issue, content, loginAccount)
-
-              id
-          }
-
-          // call web hooks
-          action match {
-            case None =>
-              commentId foreach (callIssueCommentWebHook(repository, issue, _, loginAccount, context.settings))
-            case Some(act) =>
-              val webHookAction = act match {
-                case "close"  => "closed"
-                case "reopen" => "reopened"
-              }
-              if (issue.isPullRequest)
-                callPullRequestWebHook(webHookAction, repository, issue.issueId, loginAccount, context.settings)
-              else
-                callIssuesWebHook(webHookAction, repository, issue, loginAccount, context.settings)
-          }
-
-          // call hooks
-          content foreach { x =>
-            if (issue.isPullRequest)
-              PluginRegistry().getPullRequestHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
-            else
-              PluginRegistry().getIssueHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
-          }
-          action foreach {
-            case "close" =>
-              if (issue.isPullRequest)
-                PluginRegistry().getPullRequestHooks.foreach(_.closed(issue, repository))
-              else
-                PluginRegistry().getIssueHooks.foreach(_.closed(issue, repository))
-            case "reopen" =>
-              if (issue.isPullRequest)
-                PluginRegistry().getPullRequestHooks.foreach(_.reopened(issue, repository))
-              else
-                PluginRegistry().getIssueHooks.foreach(_.reopened(issue, repository))
-          }
-
-          commentId.map(issue -> _)
       }
+
+      val (action, _) = actionOpt
+        .collect {
+          case "close" if !issue.closed =>
+            val info = if (issue.isPullRequest) {
+              ClosePullRequestInfo(owner, name, userName, issue.issueId, issue.title)
+            } else {
+              CloseIssueInfo(owner, name, userName, issue.issueId, issue.title)
+            }
+            recordActivity(info)
+            Some("close") -> info
+          case "reopen" if issue.closed =>
+            val info = if (issue.isPullRequest) {
+              ReopenPullRequestInfo(owner, name, userName, issue.issueId, issue.title)
+            } else {
+              ReopenIssueInfo(owner, name, userName, issue.issueId, issue.title)
+            }
+            recordActivity(info)
+            Some("reopen") -> info
+        }
+        .getOrElse(None -> None)
+
+      val commentId = (content, action) match {
+        case (None, None) => None
+        case (None, Some(action)) =>
+          Some(createComment(owner, name, userName, issue.issueId, action.capitalize, action))
+        case (Some(content), _) =>
+          val id = Some(
+            createComment(
+              owner,
+              name,
+              userName,
+              issue.issueId,
+              content,
+              action.map(_ + "_comment").getOrElse("comment")
+            )
+          )
+
+          // record comment activity
+          val commentInfo = if (issue.isPullRequest) {
+            PullRequestCommentInfo(owner, name, userName, content, issue.issueId)
+          } else {
+            IssueCommentInfo(owner, name, userName, content, issue.issueId)
+          }
+          recordActivity(commentInfo)
+
+          // extract references and create refer comment
+          createReferComment(owner, name, issue, content, loginAccount)
+
+          id
+      }
+
+      // call web hooks
+      action match {
+        case None =>
+          commentId foreach (callIssueCommentWebHook(repository, issue, _, loginAccount, context.settings))
+        case Some(act) =>
+          val webHookAction = act match {
+            case "close"  => "closed"
+            case "reopen" => "reopened"
+          }
+          if (issue.isPullRequest)
+            callPullRequestWebHook(webHookAction, repository, issue.issueId, loginAccount, context.settings)
+          else
+            callIssuesWebHook(webHookAction, repository, issue, loginAccount, context.settings)
+      }
+
+      // call hooks
+      content foreach { x =>
+        if (issue.isPullRequest)
+          PluginRegistry().getPullRequestHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
+        else
+          PluginRegistry().getIssueHooks.foreach(_.addedComment(commentId.get, x, issue, repository))
+      }
+      action foreach {
+        case "close" =>
+          if (issue.isPullRequest)
+            PluginRegistry().getPullRequestHooks.foreach(_.closed(issue, repository))
+          else
+            PluginRegistry().getIssueHooks.foreach(_.closed(issue, repository))
+        case "reopen" =>
+          if (issue.isPullRequest)
+            PluginRegistry().getPullRequestHooks.foreach(_.reopened(issue, repository))
+          else
+            PluginRegistry().getIssueHooks.foreach(_.reopened(issue, repository))
+      }
+
+      commentId.map(issue -> _)
     }
   }
 
@@ -161,33 +159,32 @@ trait HandleCommentService {
     content: Option[String]
   )(implicit context: Context, s: Session): Option[(Issue, Int)] = {
     context.loginAccount.flatMap { loginAccount =>
-      defining(repository.owner, repository.name) {
+      val owner = repository.owner
-        case (owner, name) =>
+      val name = repository.name
-          val userName = loginAccount.userName
+      val userName = loginAccount.userName
-          content match {
+      content match {
-            case Some(content) =>
+        case Some(content) =>
-              // Update comment
+          // Update comment
-              val _commentId = Some(updateComment(issue.issueId, commentId.toInt, content))
+          val _commentId = Some(updateComment(issue.issueId, commentId.toInt, content))
-              // Record comment activity
+          // Record comment activity
-              val commentInfo = if (issue.isPullRequest) {
+          val commentInfo = if (issue.isPullRequest) {
-                PullRequestCommentInfo(owner, name, userName, content, issue.issueId)
+            PullRequestCommentInfo(owner, name, userName, content, issue.issueId)
-              } else {
+          } else {
-                IssueCommentInfo(owner, name, userName, content, issue.issueId)
+            IssueCommentInfo(owner, name, userName, content, issue.issueId)
-              }
-              recordActivity(commentInfo)
-              // extract references and create refer comment
-              createReferComment(owner, name, issue, content, loginAccount)
-              // call web hooks
-              commentId foreach (callIssueCommentWebHook(repository, issue, _, loginAccount, context.settings))
-              // call hooks
-              if (issue.isPullRequest)
-                PluginRegistry().getPullRequestHooks
-                  .foreach(_.updatedComment(commentId.toInt, content, issue, repository))
-              else
-                PluginRegistry().getIssueHooks.foreach(_.updatedComment(commentId.toInt, content, issue, repository))
-              _commentId.map(issue -> _)
-            case _ => None
           }
+          recordActivity(commentInfo)
+          // extract references and create refer comment
+          createReferComment(owner, name, issue, content, loginAccount)
+          // call web hooks
+          commentId foreach (callIssueCommentWebHook(repository, issue, _, loginAccount, context.settings))
+          // call hooks
+          if (issue.isPullRequest)
+            PluginRegistry().getPullRequestHooks
+              .foreach(_.updatedComment(commentId.toInt, content, issue, repository))
+          else
+            PluginRegistry().getIssueHooks.foreach(_.updatedComment(commentId.toInt, content, issue, repository))
+          _commentId.map(issue -> _)
+        case _ => None
       }
     }
   }

src/main/scala/gitbucket/core/service/IssuesService.scala

@@ -5,17 +5,7 @@ import gitbucket.core.util.StringUtil._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.controller.Context
-import gitbucket.core.model.{
+import gitbucket.core.model.{Account, Issue, IssueComment, IssueLabel, Label, PullRequest, Repository, Role}
-  Account,
-  CommitState,
-  Issue,
-  IssueComment,
-  IssueLabel,
-  Label,
-  PullRequest,
-  Repository,
-  Role
-}
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
@@ -351,49 +341,64 @@ trait IssuesService {
        } else {
          ((t1.userName ++ "/" ++ t1.repositoryName) inSetBind (repos.map { case (owner, repo) => s"$owner/$repo" }))
        }) &&
-      (t1.closed === (condition.state == "closed").bind) &&
+      (t1.closed === (condition.state == "closed").bind)
-      (t1.milestoneId.? isEmpty, condition.milestone == Some(None)) &&
+        .&&(t1.milestoneId.? isEmpty, condition.milestone == Some(None))
-      (t1.priorityId.? isEmpty, condition.priority == Some(None)) &&
+        .&&(t1.priorityId.? isEmpty, condition.priority == Some(None))
-      (t1.assignedUserName.? isEmpty, condition.assigned == Some(None)) &&
+        .&&(t1.assignedUserName.? isEmpty, condition.assigned == Some(None))
-      (t1.openedUserName === condition.author.get.bind, condition.author.isDefined) &&
+        .&&(t1.openedUserName === condition.author.get.bind, condition.author.isDefined) &&
       (searchOption match {
         case IssueSearchOption.Issues       => t1.pullRequest === false
         case IssueSearchOption.PullRequests => t1.pullRequest === true
         case IssueSearchOption.Both         => t1.pullRequest === false || t1.pullRequest === true
-      }) &&
+      })
       // Milestone filter
-      (Milestones filter { t2 =>
+        .&&(
-        (t2.byPrimaryKey(t1.userName, t1.repositoryName, t1.milestoneId)) &&
+          Milestones filter { t2 =>
-        (t2.title === condition.milestone.get.get.bind)
+            (t2.byPrimaryKey(t1.userName, t1.repositoryName, t1.milestoneId)) &&
-      } exists, condition.milestone.flatten.isDefined) &&
+            (t2.title === condition.milestone.get.get.bind)
-      // Priority filter
+          } exists,
-      (Priorities filter { t2 =>
+          condition.milestone.flatten.isDefined
-        (t2.byPrimaryKey(t1.userName, t1.repositoryName, t1.priorityId)) &&
+        )
-        (t2.priorityName === condition.priority.get.get.bind)
+        // Priority filter
-      } exists, condition.priority.flatten.isDefined) &&
+        .&&(
-      // Assignee filter
+          Priorities filter { t2 =>
-      (t1.assignedUserName === condition.assigned.get.get.bind, condition.assigned.flatten.isDefined) &&
+            (t2.byPrimaryKey(t1.userName, t1.repositoryName, t1.priorityId)) &&
-      // Label filter
+            (t2.priorityName === condition.priority.get.get.bind)
-      (IssueLabels filter { t2 =>
+          } exists,
-        (t2.byIssue(t1.userName, t1.repositoryName, t1.issueId)) &&
+          condition.priority.flatten.isDefined
-        (t2.labelId in
+        )
-          (Labels filter { t3 =>
+        // Assignee filter
-            (t3.byRepository(t1.userName, t1.repositoryName)) &&
+        .&&(t1.assignedUserName === condition.assigned.get.get.bind, condition.assigned.flatten.isDefined)
-            (t3.labelName inSetBind condition.labels)
+        // Label filter
-          } map (_.labelId)))
+        .&&(
-      } exists, condition.labels.nonEmpty) &&
+          IssueLabels filter { t2 =>
-      // Visibility filter
+            (t2.byIssue(t1.userName, t1.repositoryName, t1.issueId)) &&
-      (Repositories filter { t2 =>
+            (t2.labelId in
-        (t2.byRepository(t1.userName, t1.repositoryName)) &&
+              (Labels filter { t3 =>
-        (t2.isPrivate === (condition.visibility == Some("private")).bind)
+                (t3.byRepository(t1.userName, t1.repositoryName)) &&
-      } exists, condition.visibility.nonEmpty) &&
+                (t3.labelName inSetBind condition.labels)
-      // Organization (group) filter
+              } map (_.labelId)))
-      (t1.userName inSetBind condition.groups, condition.groups.nonEmpty) &&
+          } exists,
-      // Mentioned filter
+          condition.labels.nonEmpty
-      ((t1.openedUserName === condition.mentioned.get.bind) || t1.assignedUserName === condition.mentioned.get.bind ||
+        )
-      (IssueComments filter { t2 =>
+        // Visibility filter
-        (t2.byIssue(t1.userName, t1.repositoryName, t1.issueId)) && (t2.commentedUserName === condition.mentioned.get.bind)
+        .&&(
-      } exists), condition.mentioned.isDefined)
+          Repositories filter { t2 =>
+            (t2.byRepository(t1.userName, t1.repositoryName)) &&
+            (t2.isPrivate === (condition.visibility == Some("private")).bind)
+          } exists,
+          condition.visibility.nonEmpty
+        )
+        // Organization (group) filter
+        .&&(t1.userName inSetBind condition.groups, condition.groups.nonEmpty)
+        // Mentioned filter
+        .&&(
+          (t1.openedUserName === condition.mentioned.get.bind) || t1.assignedUserName === condition.mentioned.get.bind ||
+            (IssueComments filter { t2 =>
+              (t2.byIssue(t1.userName, t1.repositoryName, t1.issueId)) && (t2.commentedUserName === condition.mentioned.get.bind)
+            } exists),
+          condition.mentioned.isDefined
+        )
     }
 
   def insertIssue(
@@ -692,8 +697,8 @@ trait IssuesService {
         case (t1, t2) =>
           keywords
             .map { keyword =>
-              (t1.title.toLowerCase like (s"%${likeEncode(keyword)}%", '^')) ||
+              (t1.title.toLowerCase.like(s"%${likeEncode(keyword)}%", '^')) ||
-              (t1.content.toLowerCase like (s"%${likeEncode(keyword)}%", '^'))
+              (t1.content.toLowerCase.like(s"%${likeEncode(keyword)}%", '^'))
             }
             .reduceLeft(_ && _)
       }
@@ -720,7 +725,7 @@ trait IssuesService {
           t2.pullRequest === pullRequest.bind &&
             keywords
               .map { query =>
-                t1.content.toLowerCase like (s"%${likeEncode(query)}%", '^')
+                t1.content.toLowerCase.like(s"%${likeEncode(query)}%", '^')
               }
               .reduceLeft(_ && _)
       }
@@ -763,16 +768,37 @@ trait IssuesService {
   def createReferComment(owner: String, repository: String, fromIssue: Issue, message: String, loginAccount: Account)(
     implicit s: Session
   ): Unit = {
-    extractIssueId(message).foreach { issueId =>
+    extractGlobalIssueId(message).foreach {
-      val content = s"${fromIssue.issueId}:${fromIssue.title}"
+      case (_referredOwner, _referredRepository, referredIssueId) =>
-      if (getIssue(owner, repository, issueId).isDefined) {
+        val referredOwner = _referredOwner.getOrElse(owner)
-        // Not add if refer comment already exist.
+        val referredRepository = _referredRepository.getOrElse(repository)
-        if (!getComments(owner, repository, issueId.toInt).exists { x =>
+        getRepository(referredOwner, referredRepository).foreach { repo =>
-              x.action == "refer" && x.content == content
+          if (isReadable(repo.repository, Option(loginAccount))) {
-            }) {
+            getIssue(referredOwner, referredRepository, referredIssueId.get).foreach { _ =>
-          createComment(owner, repository, loginAccount.userName, issueId.toInt, content, "refer")
+              val (content, action) = if (owner == referredOwner && repository == referredRepository) {
+                (s"${fromIssue.issueId}:${fromIssue.title}", "refer")
+              } else {
+                (s"${fromIssue.issueId}:${owner}:${repository}:${fromIssue.title}", "refer_global")
+              }
+              referredIssueId.foreach(
+                x =>
+                  // Not add if refer comment already exist.
+                  if (!getComments(referredOwner, referredRepository, x.toInt).exists { x =>
+                        (x.action == "refer" || x.action == "refer_global") && x.content == content
+                      }) {
+                    createComment(
+                      referredOwner,
+                      referredRepository,
+                      loginAccount.userName,
+                      x.toInt,
+                      content,
+                      action
+                    )
+                }
+              )
+            }
+          }
         }
-      }
     }
   }
 

src/main/scala/gitbucket/core/service/MergeService.scala

@@ -10,6 +10,7 @@ import gitbucket.core.util.{JGitUtil, LockUtil}
 import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.model.activity.{CloseIssueInfo, MergeInfo, PushInfo}
 import gitbucket.core.service.SystemSettingsService.SystemSettings
+import gitbucket.core.service.WebHookService.WebHookPushPayload
 import gitbucket.core.util.JGitUtil.CommitInfo
 import org.eclipse.jgit.merge.{MergeStrategy, Merger, RecursiveMerger}
 import org.eclipse.jgit.api.Git
@@ -27,7 +28,8 @@ trait MergeService {
     with IssuesService
     with RepositoryService
     with PullRequestService
-    with WebHookPullRequestService =>
+    with WebHookPullRequestService
+    with WebHookService =>
 
   import MergeService._
 
@@ -61,40 +63,91 @@ trait MergeService {
   /** merge the pull request with a merge commit */
   def mergeWithMergeCommit(
     git: Git,
-    userName: String,
+    repository: RepositoryInfo,
-    repositoryName: String,
     branch: String,
     issueId: Int,
     message: String,
-    committer: PersonIdent
+    loginAccount: Account,
-  )(implicit s: Session): ObjectId = {
+    settings: SystemSettings
-    new MergeCacheInfo(git, userName, repositoryName, branch, issueId, getReceiveHooks()).merge(message, committer)
+  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+    val beforeCommitId = git.getRepository.resolve(s"refs/heads/${branch}")
+    val afterCommitId = new MergeCacheInfo(git, repository.owner, repository.name, branch, issueId, getReceiveHooks())
+      .merge(message, new PersonIdent(loginAccount.fullName, loginAccount.mailAddress), loginAccount.userName)
+    callWebHook(git, repository, branch, beforeCommitId, afterCommitId, loginAccount, settings)
+    afterCommitId
   }
 
   /** rebase to the head of the pull request branch */
   def mergeWithRebase(
     git: Git,
-    userName: String,
+    repository: RepositoryInfo,
-    repositoryName: String,
     branch: String,
     issueId: Int,
     commits: Seq[RevCommit],
-    committer: PersonIdent
+    loginAccount: Account,
-  )(implicit s: Session): ObjectId = {
+    settings: SystemSettings
-    new MergeCacheInfo(git, userName, repositoryName, branch, issueId, getReceiveHooks()).rebase(committer, commits)
+  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+    val beforeCommitId = git.getRepository.resolve(s"refs/heads/${branch}")
+    val afterCommitId =
+      new MergeCacheInfo(git, repository.owner, repository.name, branch, issueId, getReceiveHooks())
+        .rebase(new PersonIdent(loginAccount.fullName, loginAccount.mailAddress), loginAccount.userName, commits)
+    callWebHook(git, repository, branch, beforeCommitId, afterCommitId, loginAccount, settings)
+    afterCommitId
   }
 
   /** squash commits in the pull request and append it */
   def mergeWithSquash(
     git: Git,
-    userName: String,
+    repository: RepositoryInfo,
-    repositoryName: String,
     branch: String,
     issueId: Int,
     message: String,
-    committer: PersonIdent
+    loginAccount: Account,
-  )(implicit s: Session): ObjectId = {
+    settings: SystemSettings
-    new MergeCacheInfo(git, userName, repositoryName, branch, issueId, getReceiveHooks()).squash(message, committer)
+  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+    val beforeCommitId = git.getRepository.resolve(s"refs/heads/${branch}")
+    val afterCommitId =
+      new MergeCacheInfo(git, repository.owner, repository.name, branch, issueId, getReceiveHooks())
+        .squash(message, new PersonIdent(loginAccount.fullName, loginAccount.mailAddress), loginAccount.userName)
+    callWebHook(git, repository, branch, beforeCommitId, afterCommitId, loginAccount, settings)
+    afterCommitId
+  }
+
+  private def callWebHook(
+    git: Git,
+    repository: RepositoryInfo,
+    branch: String,
+    beforeCommitId: ObjectId,
+    afterCommitId: ObjectId,
+    loginAccount: Account,
+    settings: SystemSettings
+  )(
+    implicit s: Session,
+    c: JsonFormat.Context
+  ): Unit = {
+    callWebHookOf(repository.owner, repository.name, WebHook.Push, settings) {
+      getAccountByUserName(repository.owner).map { ownerAccount =>
+        WebHookPushPayload(
+          git,
+          loginAccount,
+          s"refs/heads/${branch}",
+          repository,
+          git
+            .log()
+            .addRange(beforeCommitId, afterCommitId)
+            .call()
+            .asScala
+            .map { commit =>
+              new JGitUtil.CommitInfo(commit)
+            }
+            .toList
+            .reverse,
+          ownerAccount,
+          oldId = beforeCommitId,
+          newId = afterCommitId
+        )
+      }
+    }
   }
 
   /** fetch remote branch to my repository refs/pull/{issueId}/head */
@@ -303,7 +356,8 @@ trait MergeService {
                     message,
                     strategy,
                     commits,
-                    getReceiveHooks()
+                    getReceiveHooks(),
+                    settings
                   ) match {
                     case Some(newCommitId) =>
                       // mark issue as merged and close.
@@ -428,8 +482,9 @@ trait MergeService {
     message: String,
     strategy: String,
     commits: Seq[Seq[CommitInfo]],
-    receiveHooks: Seq[ReceiveHook]
+    receiveHooks: Seq[ReceiveHook],
-  )(implicit s: Session): Option[ObjectId] = {
+    settings: SystemSettings
+  )(implicit s: Session, c: JsonFormat.Context): Option[ObjectId] = {
     val revCommits = Using
       .resource(new RevWalk(git.getRepository)) { revWalk =>
         commits.flatten.map { commit =>
@@ -443,36 +498,36 @@ trait MergeService {
         Some(
           mergeWithMergeCommit(
             git,
-            repository.owner,
+            repository,
-            repository.name,
             pullRequest.branch,
             issue.issueId,
             s"Merge pull request #${issue.issueId} from ${pullRequest.requestUserName}/${pullRequest.requestBranch}\n\n" + message,
-            new PersonIdent(loginAccount.fullName, loginAccount.mailAddress)
+            loginAccount,
+            settings
           )
         )
       case "rebase" =>
         Some(
           mergeWithRebase(
             git,
-            repository.owner,
+            repository,
-            repository.name,
             pullRequest.branch,
             issue.issueId,
             revCommits,
-            new PersonIdent(loginAccount.fullName, loginAccount.mailAddress)
+            loginAccount,
+            settings
           )
         )
       case "squash" =>
         Some(
           mergeWithSquash(
             git,
-            repository.owner,
+            repository,
-            repository.name,
             pullRequest.branch,
             issue.issueId,
             s"${issue.title} (#${issue.issueId})\n\n" + message,
-            new PersonIdent(loginAccount.fullName, loginAccount.mailAddress)
+            loginAccount,
+            settings
           )
         )
       case _ =>
@@ -561,7 +616,7 @@ object MergeService {
     }
 
     def checkConflict(): Option[String] = {
-      checkConflictCache.getOrElse(checkConflictForce)
+      checkConflictCache().getOrElse(checkConflictForce())
     }
 
     def checkConflictForce(): Option[String] = {
@@ -593,7 +648,7 @@ object MergeService {
     }
 
     // update branch from cache
-    def merge(message: String, committer: PersonIdent)(implicit s: Session): ObjectId = {
+    def merge(message: String, committer: PersonIdent, pusher: String)(implicit s: Session): ObjectId = {
       if (checkConflict().isDefined) {
         throw new RuntimeException("This pull request can't merge automatically.")
       }
@@ -610,7 +665,7 @@ object MergeService {
 
       // call pre-commit hooks
       val error = receiveHooks.flatMap { hook =>
-        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, committer.getName, true)
+        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, pusher, true)
       }.headOption
 
       error.foreach { error =>
@@ -628,7 +683,7 @@ object MergeService {
       objectId
     }
 
-    def rebase(committer: PersonIdent, commits: Seq[RevCommit])(implicit s: Session): ObjectId = {
+    def rebase(committer: PersonIdent, pusher: String, commits: Seq[RevCommit])(implicit s: Session): ObjectId = {
       if (checkConflict().isDefined) {
         throw new RuntimeException("This pull request can't merge automatically.")
       }
@@ -664,7 +719,7 @@ object MergeService {
 
       // call pre-commit hooks
       val error = receiveHooks.flatMap { hook =>
-        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, committer.getName, true)
+        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, pusher, true)
       }.headOption
 
       error.foreach { error =>
@@ -683,7 +738,7 @@ object MergeService {
       objectId
     }
 
-    def squash(message: String, committer: PersonIdent)(implicit s: Session): ObjectId = {
+    def squash(message: String, committer: PersonIdent, pusher: String)(implicit s: Session): ObjectId = {
       if (checkConflict().isDefined) {
         throw new RuntimeException("This pull request can't merge automatically.")
       }
@@ -714,7 +769,7 @@ object MergeService {
 
       // call pre-commit hooks
       val error = receiveHooks.flatMap { hook =>
-        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, committer.getName, true)
+        hook.preReceive(userName, repositoryName, receivePack, receiveCommand, pusher, true)
       }.headOption
 
       error.foreach { error =>

src/main/scala/gitbucket/core/service/OpenIDConnectService.scala

@@ -101,7 +101,10 @@ trait OpenIDConnectService {
     redirectURI: URI
   ): Option[AuthenticationSuccessResponse] =
     try {
-      AuthenticationResponseParser.parse(redirectURI, params.asJava) match {
+      AuthenticationResponseParser.parse(
+        redirectURI,
+        params.map { case (key, value) => (key, List(value).asJava) }.asJava
+      ) match {
         case response: AuthenticationSuccessResponse =>
           if (response.getState == state) {
             Some(response)

src/main/scala/gitbucket/core/service/PrioritiesService.scala

@@ -3,7 +3,6 @@ package gitbucket.core.service
 import gitbucket.core.model.Priority
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
-import gitbucket.core.util.StringUtil
 
 trait PrioritiesService {
 

src/main/scala/gitbucket/core/service/PullRequestService.scala

@@ -1,9 +1,10 @@
 package gitbucket.core.service
 
+import com.github.difflib.DiffUtils
+import com.github.difflib.patch.DeltaType
 import gitbucket.core.model.{CommitComments => _, Session => _, _}
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
-import difflib.{Delta, DiffUtils}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.api.JsonFormat
 import gitbucket.core.controller.Context
@@ -77,9 +78,9 @@ trait PullRequestService {
       }
       .filter {
         case (t1, t2) =>
-          (t2.closed === closed.bind) &&
+          (t2.closed === closed.bind)
-            (t1.userName === owner.get.bind, owner.isDefined) &&
+            .&&(t1.userName === owner.get.bind, owner.isDefined)
-            (t1.repositoryName === repository.get.bind, repository.isDefined)
+            .&&(t1.repositoryName === repository.get.bind, repository.isDefined)
       }
       .groupBy { case (t1, t2) => t2.openedUserName }
       .map { case (userName, t) => userName -> t.length }
@@ -183,10 +184,10 @@ trait PullRequestService {
       }
       .filter {
         case (t1, t2) =>
-          (t1.requestUserName === userName.bind) &&
+          (t1.requestUserName === userName.bind)
-            (t1.requestRepositoryName === repositoryName.bind) &&
+            .&&(t1.requestRepositoryName === repositoryName.bind)
-            (t1.requestBranch === branch.bind) &&
+            .&&(t1.requestBranch === branch.bind)
-            (t2.closed === closed.get.bind, closed.isDefined)
+            .&&(t2.closed === closed.get.bind, closed.isDefined)
       }
       .map { case (t1, t2) => t1 }
       .list
@@ -201,10 +202,10 @@ trait PullRequestService {
       }
       .filter {
         case (t1, t2) =>
-          (t1.requestUserName === userName.bind) &&
+          (t1.requestUserName === userName.bind)
-            (t1.requestRepositoryName === repositoryName.bind) &&
+            .&&(t1.requestRepositoryName === repositoryName.bind)
-            (t1.branch === branch.bind) &&
+            .&&(t1.branch === branch.bind)
-            (t2.closed === closed.get.bind, closed.isDefined)
+            .&&(t2.closed === closed.get.bind, closed.isDefined)
       }
       .map { case (t1, t2) => t1 }
       .list
@@ -243,7 +244,7 @@ trait PullRequestService {
     owner: String,
     repository: String,
     branch: String,
-    loginAccount: Account,
+    pusherAccount: Account,
     action: String,
     settings: SystemSettings
   )(
@@ -295,7 +296,7 @@ trait PullRequestService {
           action,
           getRepository(owner, repository).get,
           pullreq.requestBranch,
-          loginAccount,
+          pusherAccount,
           settings
         )
       }
@@ -441,16 +442,17 @@ trait PullRequestService {
                   case Left(oldLine) => updateCommitCommentPosition(commentId, newCommitId, Some(oldLine), None)
                   case Right(newLine) =>
                     var counter = newLine
-                    patch.getDeltas.asScala.filter(_.getOriginal.getPosition < newLine).foreach { delta =>
+                    patch.getDeltas.asScala.filter(_.getSource.getPosition < newLine).foreach { delta =>
                       delta.getType match {
-                        case Delta.TYPE.CHANGE =>
+                        case DeltaType.CHANGE =>
-                          if (delta.getOriginal.getPosition <= newLine - 1 && newLine <= delta.getOriginal.getPosition + delta.getRevised.getLines.size) {
+                          if (delta.getSource.getPosition <= newLine - 1 && newLine <= delta.getSource.getPosition + delta.getTarget.getLines.size) {
                             counter = -1
                           } else {
-                            counter = counter + (delta.getRevised.getLines.size - delta.getOriginal.getLines.size)
+                            counter = counter + (delta.getTarget.getLines.size - delta.getSource.getLines.size)
                           }
-                        case Delta.TYPE.INSERT => counter = counter + delta.getRevised.getLines.size
+                        case DeltaType.INSERT => counter = counter + delta.getTarget.getLines.size
-                        case Delta.TYPE.DELETE => counter = counter - delta.getOriginal.getLines.size
+                        case DeltaType.DELETE => counter = counter - delta.getSource.getLines.size
+                        case DeltaType.EQUAL  => // Do nothing
                       }
                     }
                     if (counter >= 0) {

src/main/scala/gitbucket/core/service/RepositoryCommitFileService.scala

@@ -23,23 +23,29 @@ trait RepositoryCommitFileService {
     with PullRequestService
     with WebHookPullRequestService
     with RepositoryService =>
-  import RepositoryCommitFileService._
 
+  /**
+   * Create multiple files by callback function.
+   * Returns commitId.
+   */
   def commitFiles(
     repository: RepositoryService.RepositoryInfo,
-    files: Seq[CommitFile],
     branch: String,
-    path: String,
     message: String,
     loginAccount: Account,
     settings: SystemSettings
   )(
     f: (Git, ObjectId, DirCacheBuilder, ObjectInserter) => Unit
-  )(implicit s: Session, c: JsonFormat.Context) = {
+  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
-    // prepend path to the filename
+    _createFiles(repository, branch, message, loginAccount, loginAccount.fullName, loginAccount.mailAddress, settings)(
-    _commitFile(repository, branch, message, loginAccount, loginAccount.fullName, loginAccount.mailAddress, settings)(f)
+      f
+    )._1
   }
 
+  /**
+   * Create a file from string content.
+   * Returns commitId + blobId.
+   */
   def commitFile(
     repository: RepositoryService.RepositoryInfo,
     branch: String,
@@ -52,7 +58,7 @@ trait RepositoryCommitFileService {
     commit: String,
     loginAccount: Account,
     settings: SystemSettings
-  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+  )(implicit s: Session, c: JsonFormat.Context): (ObjectId, Option[ObjectId]) = {
     commitFile(
       repository,
       branch,
@@ -69,6 +75,10 @@ trait RepositoryCommitFileService {
     )
   }
 
+  /**
+   * Create a file from byte array content.
+   * Returns commitId + blobId.
+   */
   def commitFile(
     repository: RepositoryService.RepositoryInfo,
     branch: String,
@@ -78,11 +88,11 @@ trait RepositoryCommitFileService {
     content: Array[Byte],
     message: String,
     commit: String,
-    loginAccount: Account,
+    pusherAccount: Account,
-    fullName: String,
+    committerName: String,
-    mailAddress: String,
+    committerMailAddress: String,
     settings: SystemSettings
-  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+  )(implicit s: Session, c: JsonFormat.Context): (ObjectId, Option[ObjectId]) = {
 
     val newPath = newFileName.map { newFileName =>
       if (path.length == 0) newFileName else s"${path}/${newFileName}"
@@ -91,7 +101,7 @@ trait RepositoryCommitFileService {
       if (path.length == 0) oldFileName else s"${path}/${oldFileName}"
     }
 
-    _commitFile(repository, branch, message, loginAccount, fullName, mailAddress, settings) {
+    _createFiles(repository, branch, message, pusherAccount, committerName, committerMailAddress, settings) {
       case (git, headTip, builder, inserter) =>
         if (headTip.getName == commit) {
           val permission = JGitUtil
@@ -105,28 +115,33 @@ trait RepositoryCommitFileService {
             }
             .flatten
             .headOption
-
+            .map { bits =>
-          newPath.foreach { newPath =>
-            builder.add(JGitUtil.createDirCacheEntry(newPath, permission.map { bits =>
               FileMode.fromBits(bits)
-            } getOrElse FileMode.REGULAR_FILE, inserter.insert(Constants.OBJ_BLOB, content)))
+            }
+            .getOrElse(FileMode.REGULAR_FILE)
+
+          val objectId = newPath.map { newPath =>
+            val objectId = inserter.insert(Constants.OBJ_BLOB, content)
+            builder.add(JGitUtil.createDirCacheEntry(newPath, permission, objectId))
+            objectId
           }
           builder.finish()
-        }
+          objectId
+        } else None
     }
   }
 
-  private def _commitFile(
+  private def _createFiles[R](
     repository: RepositoryService.RepositoryInfo,
     branch: String,
     message: String,
-    loginAccount: Account,
+    pusherAccount: Account,
     committerName: String,
     committerMailAddress: String,
     settings: SystemSettings
   )(
-    f: (Git, ObjectId, DirCacheBuilder, ObjectInserter) => Unit
+    f: (Git, ObjectId, DirCacheBuilder, ObjectInserter) => R
-  )(implicit s: Session, c: JsonFormat.Context): ObjectId = {
+  )(implicit s: Session, c: JsonFormat.Context): (ObjectId, R) = {
 
     LockUtil.lock(s"${repository.owner}/${repository.name}") {
       Using.resource(Git.open(getRepositoryDir(repository.owner, repository.name))) { git =>
@@ -135,7 +150,7 @@ trait RepositoryCommitFileService {
         val headName = s"refs/heads/${branch}"
         val headTip = git.getRepository.resolve(headName)
 
-        f(git, headTip, builder, inserter)
+        val result = f(git, headTip, builder, inserter)
 
         val commitId = JGitUtil.createNewCommit(
           git,
@@ -156,7 +171,7 @@ trait RepositoryCommitFileService {
 
         // call pre-commit hook
         val error = PluginRegistry().getReceiveHooks.flatMap { hook =>
-          hook.preReceive(repository.owner, repository.name, receivePack, receiveCommand, committerName, false)
+          hook.preReceive(repository.owner, repository.name, receivePack, receiveCommand, pusherAccount.userName, false)
         }.headOption
 
         error match {
@@ -177,12 +192,12 @@ trait RepositoryCommitFileService {
             refUpdate.update()
 
             // update pull request
-            updatePullRequests(repository.owner, repository.name, branch, loginAccount, "synchronize", settings)
+            updatePullRequests(repository.owner, repository.name, branch, pusherAccount, "synchronize", settings)
 
             // record activity
             updateLastActivityDate(repository.owner, repository.name)
             val commitInfo = new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
-            val pushInfo = PushInfo(repository.owner, repository.name, loginAccount.userName, branch, List(commitInfo))
+            val pushInfo = PushInfo(repository.owner, repository.name, pusherAccount.userName, branch, List(commitInfo))
             recordActivity(pushInfo)
 
             // create issue comment by commit message
@@ -192,17 +207,17 @@ trait RepositoryCommitFileService {
             if (branch == repository.repository.defaultBranch) {
               closeIssuesFromMessage(message, committerName, repository.owner, repository.name).foreach { issueId =>
                 getIssue(repository.owner, repository.name, issueId.toString).foreach { issue =>
-                  callIssuesWebHook("closed", repository, issue, loginAccount, settings)
+                  callIssuesWebHook("closed", repository, issue, pusherAccount, settings)
                   val closeIssueInfo = CloseIssueInfo(
                     repository.owner,
                     repository.name,
-                    loginAccount.userName,
+                    pusherAccount.userName,
                     issue.issueId,
                     issue.title
                   )
                   recordActivity(closeIssueInfo)
                   PluginRegistry().getIssueHooks
-                    .foreach(_.closedByCommitComment(issue, repository, message, loginAccount))
+                    .foreach(_.closedByCommitComment(issue, repository, message, pusherAccount))
                 }
               }
             }
@@ -217,7 +232,7 @@ trait RepositoryCommitFileService {
               getAccountByUserName(repository.owner).map { ownerAccount =>
                 WebHookPushPayload(
                   git,
-                  loginAccount,
+                  pusherAccount,
                   headName,
                   repository,
                   List(commit),
@@ -228,7 +243,7 @@ trait RepositoryCommitFileService {
               }
             }
         }
-        commitId
+        (commitId, result)
       }
     }
   }

src/main/scala/gitbucket/core/service/RepositoryCreationService.scala

@@ -53,6 +53,11 @@ trait RepositoryCreationService {
     with ActivityService
     with PrioritiesService =>
 
+  def canCreateRepository(repositoryOwner: String, loginAccount: Account)(implicit session: Session): Boolean = {
+    repositoryOwner == loginAccount.userName || getGroupsByUserName(loginAccount.userName)
+      .contains(repositoryOwner) || loginAccount.isAdmin
+  }
+
   def createRepository(
     loginAccount: Account,
     owner: String,
@@ -76,7 +81,7 @@ trait RepositoryCreationService {
     RepositoryCreationService.startCreation(owner, name)
     try {
       Database() withTransaction { implicit session =>
-        val ownerAccount = getAccountByUserName(owner).get
+        //val ownerAccount = getAccountByUserName(owner).get
         val loginUserName = loginAccount.userName
 
         val copyRepositoryDir = if (initOption == "COPY") {

src/main/scala/gitbucket/core/service/RepositoryService.scala

@@ -2,7 +2,6 @@ package gitbucket.core.service
 
 import gitbucket.core.controller.Context
 import gitbucket.core.util._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.model.{CommitComments => _, Session => _, _}
 import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
@@ -12,7 +11,7 @@ import gitbucket.core.util.Directory.{getRepositoryDir, getRepositoryFilesDir, g
 import gitbucket.core.util.JGitUtil.FileInfo
 import org.apache.commons.io.FileUtils
 import org.eclipse.jgit.api.Git
-import org.eclipse.jgit.lib.{Repository => _, _}
+import org.eclipse.jgit.lib.{Repository => _}
 import scala.util.Using
 
 trait RepositoryService {
@@ -61,7 +60,8 @@ trait RepositoryService {
           externalWikiUrl = None,
           allowFork = true,
           mergeOptions = "merge-commit,squash,rebase",
-          defaultMergeOption = "merge-commit"
+          defaultMergeOption = "merge-commit",
+          safeMode = true
         )
       )
 
@@ -202,22 +202,19 @@ trait RepositoryService {
           )
 
           // Move git repository
-          defining(getRepositoryDir(oldUserName, oldRepositoryName)) { dir =>
+          val repoDir = getRepositoryDir(oldUserName, oldRepositoryName)
-            if (dir.isDirectory) {
+          if (repoDir.isDirectory) {
-              FileUtils.moveDirectory(dir, getRepositoryDir(newUserName, newRepositoryName))
+            FileUtils.moveDirectory(repoDir, getRepositoryDir(newUserName, newRepositoryName))
-            }
           }
           // Move wiki repository
-          defining(getWikiRepositoryDir(oldUserName, oldRepositoryName)) { dir =>
+          val wikiDir = getWikiRepositoryDir(oldUserName, oldRepositoryName)
-            if (dir.isDirectory) {
+          if (wikiDir.isDirectory) {
-              FileUtils.moveDirectory(dir, getWikiRepositoryDir(newUserName, newRepositoryName))
+            FileUtils.moveDirectory(wikiDir, getWikiRepositoryDir(newUserName, newRepositoryName))
-            }
           }
           // Move files directory
-          defining(getRepositoryFilesDir(oldUserName, oldRepositoryName)) { dir =>
+          val filesDir = getRepositoryFilesDir(oldUserName, oldRepositoryName)
-            if (dir.isDirectory) {
+          if (filesDir.isDirectory) {
-              FileUtils.moveDirectory(dir, getRepositoryFilesDir(newUserName, newRepositoryName))
+            FileUtils.moveDirectory(filesDir, getRepositoryFilesDir(newUserName, newRepositoryName))
-            }
           }
           // Delete parent directory
           FileUtil.deleteDirectoryIfEmpty(getRepositoryFilesDir(oldUserName, oldRepositoryName))
@@ -237,10 +234,11 @@ trait RepositoryService {
     LockUtil.lock(s"${repository.userName}/${repository.repositoryName}") {
       deleteRepositoryOnModel(repository.userName, repository.repositoryName)
 
-      FileUtils.deleteDirectory(getRepositoryDir(repository.userName, repository.repositoryName))
+      FileUtil.deleteRecursively(getRepositoryDir(repository.userName, repository.repositoryName))
-      FileUtils.deleteDirectory(getWikiRepositoryDir(repository.userName, repository.repositoryName))
+
-      FileUtils.deleteDirectory(getTemporaryDir(repository.userName, repository.repositoryName))
+      FileUtil.deleteRecursively(getWikiRepositoryDir(repository.userName, repository.repositoryName))
-      FileUtils.deleteDirectory(getRepositoryFilesDir(repository.userName, repository.repositoryName))
+      FileUtil.deleteRecursively(getTemporaryDir(repository.userName, repository.repositoryName))
+      FileUtil.deleteRecursively(getRepositoryFilesDir(repository.userName, repository.repositoryName))
 
       // Call hooks
       PluginRegistry().getRepositoryHooks.foreach(_.deleted(repository.userName, repository.repositoryName))
@@ -463,7 +461,7 @@ trait RepositoryService {
           .filter { case (t1, t2) => t2.removed === false.bind }
           .map { case (t1, t2) => t1 }
       // for Normal Users
-      case Some(x) if (!x.isAdmin || limit) =>
+      case Some(x) =>
         Repositories
           .join(Accounts)
           .on(_.userName === _.userName)
@@ -553,7 +551,8 @@ trait RepositoryService {
     externalWikiUrl: Option[String],
     allowFork: Boolean,
     mergeOptions: Seq[String],
-    defaultMergeOption: String
+    defaultMergeOption: String,
+    safeMode: Boolean
   )(implicit s: Session): Unit = {
 
     Repositories
@@ -569,6 +568,7 @@ trait RepositoryService {
           r.allowFork,
           r.mergeOptions,
           r.defaultMergeOption,
+          r.safeMode,
           r.updatedDate
         )
       }
@@ -582,6 +582,7 @@ trait RepositoryService {
         allowFork,
         mergeOptions.mkString(","),
         defaultMergeOption,
+        safeMode,
         currentDate
       )
   }
@@ -819,11 +820,13 @@ object RepositoryService {
     def sshUrl(implicit context: Context): Option[String] = RepositoryService.sshUrl(owner, name)
 
     def splitPath(path: String): (String, String) = {
-      val id = branchList.collectFirst {
+      val names = (branchList ++ tags.map(_.name)).sortBy(_.length).reverse
-        case branch if (path == branch || path.startsWith(branch + "/")) => branch
+
-      } orElse tags.collectFirst {
+      val id = names.collectFirst {
-        case tag if (path == tag.name || path.startsWith(tag.name + "/")) => tag.name
+        case name if (path == name || path.startsWith(name + "/")) => name
-      } getOrElse path.split("/")(0)
+      } getOrElse {
+        path.split("/")(0)
+      }
 
       (id, path.substring(id.length).stripPrefix("/"))
     }

src/main/scala/gitbucket/core/service/SystemSettingsService.scala

@@ -7,7 +7,6 @@ import com.nimbusds.oauth2.sdk.id.{ClientID, Issuer}
 import gitbucket.core.service.SystemSettingsService._
 import gitbucket.core.util.ConfigUtil._
 import gitbucket.core.util.Directory._
-import gitbucket.core.util.SyntaxSugars._
 import scala.util.Using
 
 trait SystemSettingsService {
@@ -15,175 +14,173 @@ trait SystemSettingsService {
   def baseUrl(implicit request: HttpServletRequest): String = loadSystemSettings().baseUrl(request)
 
   def saveSystemSettings(settings: SystemSettings): Unit = {
-    defining(new java.util.Properties()) { props =>
+    val props = new java.util.Properties()
-      settings.baseUrl.foreach(x => props.setProperty(BaseURL, x.replaceFirst("/\\Z", "")))
+    settings.baseUrl.foreach(x => props.setProperty(BaseURL, x.replaceFirst("/\\Z", "")))
-      settings.information.foreach(x => props.setProperty(Information, x))
+    settings.information.foreach(x => props.setProperty(Information, x))
-      props.setProperty(AllowAccountRegistration, settings.allowAccountRegistration.toString)
+    props.setProperty(AllowAccountRegistration, settings.allowAccountRegistration.toString)
-      props.setProperty(AllowAnonymousAccess, settings.allowAnonymousAccess.toString)
+    props.setProperty(AllowAnonymousAccess, settings.allowAnonymousAccess.toString)
-      props.setProperty(IsCreateRepoOptionPublic, settings.isCreateRepoOptionPublic.toString)
+    props.setProperty(IsCreateRepoOptionPublic, settings.isCreateRepoOptionPublic.toString)
-      props.setProperty(RepositoryOperationCreate, settings.repositoryOperation.create.toString)
+    props.setProperty(RepositoryOperationCreate, settings.repositoryOperation.create.toString)
-      props.setProperty(RepositoryOperationDelete, settings.repositoryOperation.delete.toString)
+    props.setProperty(RepositoryOperationDelete, settings.repositoryOperation.delete.toString)
-      props.setProperty(RepositoryOperationRename, settings.repositoryOperation.rename.toString)
+    props.setProperty(RepositoryOperationRename, settings.repositoryOperation.rename.toString)
-      props.setProperty(RepositoryOperationTransfer, settings.repositoryOperation.transfer.toString)
+    props.setProperty(RepositoryOperationTransfer, settings.repositoryOperation.transfer.toString)
-      props.setProperty(RepositoryOperationFork, settings.repositoryOperation.fork.toString)
+    props.setProperty(RepositoryOperationFork, settings.repositoryOperation.fork.toString)
-      props.setProperty(Gravatar, settings.gravatar.toString)
+    props.setProperty(Gravatar, settings.gravatar.toString)
-      props.setProperty(Notification, settings.notification.toString)
+    props.setProperty(Notification, settings.notification.toString)
-      props.setProperty(LimitVisibleRepositories, settings.limitVisibleRepositories.toString)
+    props.setProperty(LimitVisibleRepositories, settings.limitVisibleRepositories.toString)
-      props.setProperty(SshEnabled, settings.ssh.enabled.toString)
+    props.setProperty(SshEnabled, settings.ssh.enabled.toString)
-      settings.ssh.sshHost.foreach(x => props.setProperty(SshHost, x.trim))
+    settings.ssh.sshHost.foreach(x => props.setProperty(SshHost, x.trim))
-      settings.ssh.sshPort.foreach(x => props.setProperty(SshPort, x.toString))
+    settings.ssh.sshPort.foreach(x => props.setProperty(SshPort, x.toString))
-      props.setProperty(UseSMTP, settings.useSMTP.toString)
+    props.setProperty(UseSMTP, settings.useSMTP.toString)
-      if (settings.useSMTP) {
+    if (settings.useSMTP) {
-        settings.smtp.foreach { smtp =>
+      settings.smtp.foreach { smtp =>
-          props.setProperty(SmtpHost, smtp.host)
+        props.setProperty(SmtpHost, smtp.host)
-          smtp.port.foreach(x => props.setProperty(SmtpPort, x.toString))
+        smtp.port.foreach(x => props.setProperty(SmtpPort, x.toString))
-          smtp.user.foreach(props.setProperty(SmtpUser, _))
+        smtp.user.foreach(props.setProperty(SmtpUser, _))
-          smtp.password.foreach(props.setProperty(SmtpPassword, _))
+        smtp.password.foreach(props.setProperty(SmtpPassword, _))
-          smtp.ssl.foreach(x => props.setProperty(SmtpSsl, x.toString))
+        smtp.ssl.foreach(x => props.setProperty(SmtpSsl, x.toString))
-          smtp.starttls.foreach(x => props.setProperty(SmtpStarttls, x.toString))
+        smtp.starttls.foreach(x => props.setProperty(SmtpStarttls, x.toString))
-          smtp.fromAddress.foreach(props.setProperty(SmtpFromAddress, _))
+        smtp.fromAddress.foreach(props.setProperty(SmtpFromAddress, _))
-          smtp.fromName.foreach(props.setProperty(SmtpFromName, _))
+        smtp.fromName.foreach(props.setProperty(SmtpFromName, _))
+      }
+    }
+    props.setProperty(LdapAuthentication, settings.ldapAuthentication.toString)
+    if (settings.ldapAuthentication) {
+      settings.ldap.foreach { ldap =>
+        props.setProperty(LdapHost, ldap.host)
+        ldap.port.foreach(x => props.setProperty(LdapPort, x.toString))
+        ldap.bindDN.foreach(x => props.setProperty(LdapBindDN, x))
+        ldap.bindPassword.foreach(x => props.setProperty(LdapBindPassword, x))
+        props.setProperty(LdapBaseDN, ldap.baseDN)
+        props.setProperty(LdapUserNameAttribute, ldap.userNameAttribute)
+        ldap.additionalFilterCondition.foreach(x => props.setProperty(LdapAdditionalFilterCondition, x))
+        ldap.fullNameAttribute.foreach(x => props.setProperty(LdapFullNameAttribute, x))
+        ldap.mailAttribute.foreach(x => props.setProperty(LdapMailAddressAttribute, x))
+        ldap.tls.foreach(x => props.setProperty(LdapTls, x.toString))
+        ldap.ssl.foreach(x => props.setProperty(LdapSsl, x.toString))
+        ldap.keystore.foreach(x => props.setProperty(LdapKeystore, x))
+      }
+    }
+    props.setProperty(OidcAuthentication, settings.oidcAuthentication.toString)
+    if (settings.oidcAuthentication) {
+      settings.oidc.foreach { oidc =>
+        props.setProperty(OidcIssuer, oidc.issuer.getValue)
+        props.setProperty(OidcClientId, oidc.clientID.getValue)
+        props.setProperty(OidcClientSecret, oidc.clientSecret.getValue)
+        oidc.jwsAlgorithm.foreach { x =>
+          props.setProperty(OidcJwsAlgorithm, x.getName)
         }
       }
-      props.setProperty(LdapAuthentication, settings.ldapAuthentication.toString)
+    }
-      if (settings.ldapAuthentication) {
+    props.setProperty(SkinName, settings.skinName.toString)
-        settings.ldap.foreach { ldap =>
+    settings.userDefinedCss.foreach(x => props.setProperty(UserDefinedCss, x))
-          props.setProperty(LdapHost, ldap.host)
+    props.setProperty(ShowMailAddress, settings.showMailAddress.toString)
-          ldap.port.foreach(x => props.setProperty(LdapPort, x.toString))
+    props.setProperty(WebHookBlockPrivateAddress, settings.webHook.blockPrivateAddress.toString)
-          ldap.bindDN.foreach(x => props.setProperty(LdapBindDN, x))
+    props.setProperty(WebHookWhitelist, settings.webHook.whitelist.mkString("\n"))
-          ldap.bindPassword.foreach(x => props.setProperty(LdapBindPassword, x))
+    props.setProperty(UploadMaxFileSize, settings.upload.maxFileSize.toString)
-          props.setProperty(LdapBaseDN, ldap.baseDN)
+    props.setProperty(UploadTimeout, settings.upload.timeout.toString)
-          props.setProperty(LdapUserNameAttribute, ldap.userNameAttribute)
+    props.setProperty(UploadLargeMaxFileSize, settings.upload.largeMaxFileSize.toString)
-          ldap.additionalFilterCondition.foreach(x => props.setProperty(LdapAdditionalFilterCondition, x))
+    props.setProperty(UploadLargeTimeout, settings.upload.largeTimeout.toString)
-          ldap.fullNameAttribute.foreach(x => props.setProperty(LdapFullNameAttribute, x))
+    props.setProperty(RepositoryViewerMaxFiles, settings.repositoryViewer.maxFiles.toString)
-          ldap.mailAttribute.foreach(x => props.setProperty(LdapMailAddressAttribute, x))
-          ldap.tls.foreach(x => props.setProperty(LdapTls, x.toString))
-          ldap.ssl.foreach(x => props.setProperty(LdapSsl, x.toString))
-          ldap.keystore.foreach(x => props.setProperty(LdapKeystore, x))
-        }
-      }
-      props.setProperty(OidcAuthentication, settings.oidcAuthentication.toString)
-      if (settings.oidcAuthentication) {
-        settings.oidc.foreach { oidc =>
-          props.setProperty(OidcIssuer, oidc.issuer.getValue)
-          props.setProperty(OidcClientId, oidc.clientID.getValue)
-          props.setProperty(OidcClientSecret, oidc.clientSecret.getValue)
-          oidc.jwsAlgorithm.foreach { x =>
-            props.setProperty(OidcJwsAlgorithm, x.getName)
-          }
-        }
-      }
-      props.setProperty(SkinName, settings.skinName.toString)
-      settings.userDefinedCss.foreach(x => props.setProperty(UserDefinedCss, x))
-      props.setProperty(ShowMailAddress, settings.showMailAddress.toString)
-      props.setProperty(WebHookBlockPrivateAddress, settings.webHook.blockPrivateAddress.toString)
-      props.setProperty(WebHookWhitelist, settings.webHook.whitelist.mkString("\n"))
-      props.setProperty(UploadMaxFileSize, settings.upload.maxFileSize.toString)
-      props.setProperty(UploadTimeout, settings.upload.timeout.toString)
-      props.setProperty(UploadLargeMaxFileSize, settings.upload.largeMaxFileSize.toString)
-      props.setProperty(UploadLargeTimeout, settings.upload.largeTimeout.toString)
-      props.setProperty(RepositoryViewerMaxFiles, settings.repositoryViewer.maxFiles.toString)
 
-      Using.resource(new java.io.FileOutputStream(GitBucketConf)) { out =>
+    Using.resource(new java.io.FileOutputStream(GitBucketConf)) { out =>
-        props.store(out, null)
+      props.store(out, null)
-      }
     }
   }
 
   def loadSystemSettings(): SystemSettings = {
-    defining(new java.util.Properties()) { props =>
+    val props = new java.util.Properties()
-      if (GitBucketConf.exists) {
+    if (GitBucketConf.exists) {
-        Using.resource(new java.io.FileInputStream(GitBucketConf)) { in =>
+      Using.resource(new java.io.FileInputStream(GitBucketConf)) { in =>
-          props.load(in)
+        props.load(in)
-        }
       }
-      SystemSettings(
-        getOptionValue[String](props, BaseURL, None).map(x => x.replaceFirst("/\\Z", "")),
-        getOptionValue(props, Information, None),
-        getValue(props, AllowAccountRegistration, false),
-        getValue(props, AllowAnonymousAccess, true),
-        getValue(props, IsCreateRepoOptionPublic, true),
-        RepositoryOperation(
-          create = getValue(props, RepositoryOperationCreate, true),
-          delete = getValue(props, RepositoryOperationDelete, true),
-          rename = getValue(props, RepositoryOperationRename, true),
-          transfer = getValue(props, RepositoryOperationTransfer, true),
-          fork = getValue(props, RepositoryOperationFork, true)
-        ),
-        getValue(props, Gravatar, false),
-        getValue(props, Notification, false),
-        getValue(props, LimitVisibleRepositories, false),
-        Ssh(
-          getValue(props, SshEnabled, false),
-          getOptionValue[String](props, SshHost, None).map(_.trim),
-          getOptionValue(props, SshPort, Some(DefaultSshPort))
-        ),
-        getValue(
-          props,
-          UseSMTP,
-          getValue(props, Notification, false)
-        ), // handle migration scenario from only notification to useSMTP
-        if (getValue(props, UseSMTP, getValue(props, Notification, false))) {
-          Some(
-            Smtp(
-              getValue(props, SmtpHost, ""),
-              getOptionValue(props, SmtpPort, Some(DefaultSmtpPort)),
-              getOptionValue(props, SmtpUser, None),
-              getOptionValue(props, SmtpPassword, None),
-              getOptionValue[Boolean](props, SmtpSsl, None),
-              getOptionValue[Boolean](props, SmtpStarttls, None),
-              getOptionValue(props, SmtpFromAddress, None),
-              getOptionValue(props, SmtpFromName, None)
-            )
-          )
-        } else None,
-        getValue(props, LdapAuthentication, false),
-        if (getValue(props, LdapAuthentication, false)) {
-          Some(
-            Ldap(
-              getValue(props, LdapHost, ""),
-              getOptionValue(props, LdapPort, Some(DefaultLdapPort)),
-              getOptionValue(props, LdapBindDN, None),
-              getOptionValue(props, LdapBindPassword, None),
-              getValue(props, LdapBaseDN, ""),
-              getValue(props, LdapUserNameAttribute, ""),
-              getOptionValue(props, LdapAdditionalFilterCondition, None),
-              getOptionValue(props, LdapFullNameAttribute, None),
-              getOptionValue(props, LdapMailAddressAttribute, None),
-              getOptionValue[Boolean](props, LdapTls, None),
-              getOptionValue[Boolean](props, LdapSsl, None),
-              getOptionValue(props, LdapKeystore, None)
-            )
-          )
-        } else None,
-        getValue(props, OidcAuthentication, false),
-        if (getValue(props, OidcAuthentication, false)) {
-          Some(
-            OIDC(
-              getValue(props, OidcIssuer, ""),
-              getValue(props, OidcClientId, ""),
-              getValue(props, OidcClientSecret, ""),
-              getOptionValue(props, OidcJwsAlgorithm, None)
-            )
-          )
-        } else {
-          None
-        },
-        getValue(props, SkinName, "skin-blue"),
-        getOptionValue(props, UserDefinedCss, None),
-        getValue(props, ShowMailAddress, false),
-        WebHook(getValue(props, WebHookBlockPrivateAddress, false), getSeqValue(props, WebHookWhitelist, "")),
-        Upload(
-          getValue(props, UploadMaxFileSize, 3 * 1024 * 1024),
-          getValue(props, UploadTimeout, 3 * 10000),
-          getValue(props, UploadLargeMaxFileSize, 3 * 1024 * 1024),
-          getValue(props, UploadLargeTimeout, 3 * 10000)
-        ),
-        RepositoryViewerSettings(
-          getValue(props, RepositoryViewerMaxFiles, 0)
-        )
-      )
     }
+    SystemSettings(
+      getOptionValue[String](props, BaseURL, None).map(x => x.replaceFirst("/\\Z", "")),
+      getOptionValue(props, Information, None),
+      getValue(props, AllowAccountRegistration, false),
+      getValue(props, AllowAnonymousAccess, true),
+      getValue(props, IsCreateRepoOptionPublic, true),
+      RepositoryOperation(
+        create = getValue(props, RepositoryOperationCreate, true),
+        delete = getValue(props, RepositoryOperationDelete, true),
+        rename = getValue(props, RepositoryOperationRename, true),
+        transfer = getValue(props, RepositoryOperationTransfer, true),
+        fork = getValue(props, RepositoryOperationFork, true)
+      ),
+      getValue(props, Gravatar, false),
+      getValue(props, Notification, false),
+      getValue(props, LimitVisibleRepositories, false),
+      Ssh(
+        getValue(props, SshEnabled, false),
+        getOptionValue[String](props, SshHost, None).map(_.trim),
+        getOptionValue(props, SshPort, Some(DefaultSshPort))
+      ),
+      getValue(
+        props,
+        UseSMTP,
+        getValue(props, Notification, false)
+      ), // handle migration scenario from only notification to useSMTP
+      if (getValue(props, UseSMTP, getValue(props, Notification, false))) {
+        Some(
+          Smtp(
+            getValue(props, SmtpHost, ""),
+            getOptionValue(props, SmtpPort, Some(DefaultSmtpPort)),
+            getOptionValue(props, SmtpUser, None),
+            getOptionValue(props, SmtpPassword, None),
+            getOptionValue[Boolean](props, SmtpSsl, None),
+            getOptionValue[Boolean](props, SmtpStarttls, None),
+            getOptionValue(props, SmtpFromAddress, None),
+            getOptionValue(props, SmtpFromName, None)
+          )
+        )
+      } else None,
+      getValue(props, LdapAuthentication, false),
+      if (getValue(props, LdapAuthentication, false)) {
+        Some(
+          Ldap(
+            getValue(props, LdapHost, ""),
+            getOptionValue(props, LdapPort, Some(DefaultLdapPort)),
+            getOptionValue(props, LdapBindDN, None),
+            getOptionValue(props, LdapBindPassword, None),
+            getValue(props, LdapBaseDN, ""),
+            getValue(props, LdapUserNameAttribute, ""),
+            getOptionValue(props, LdapAdditionalFilterCondition, None),
+            getOptionValue(props, LdapFullNameAttribute, None),
+            getOptionValue(props, LdapMailAddressAttribute, None),
+            getOptionValue[Boolean](props, LdapTls, None),
+            getOptionValue[Boolean](props, LdapSsl, None),
+            getOptionValue(props, LdapKeystore, None)
+          )
+        )
+      } else None,
+      getValue(props, OidcAuthentication, false),
+      if (getValue(props, OidcAuthentication, false)) {
+        Some(
+          OIDC(
+            getValue(props, OidcIssuer, ""),
+            getValue(props, OidcClientId, ""),
+            getValue(props, OidcClientSecret, ""),
+            getOptionValue(props, OidcJwsAlgorithm, None)
+          )
+        )
+      } else {
+        None
+      },
+      getValue(props, SkinName, "skin-blue"),
+      getOptionValue(props, UserDefinedCss, None),
+      getValue(props, ShowMailAddress, false),
+      WebHook(getValue(props, WebHookBlockPrivateAddress, false), getSeqValue(props, WebHookWhitelist, "")),
+      Upload(
+        getValue(props, UploadMaxFileSize, 3 * 1024 * 1024),
+        getValue(props, UploadTimeout, 3 * 10000),
+        getValue(props, UploadLargeMaxFileSize, 3 * 1024 * 1024),
+        getValue(props, UploadLargeTimeout, 3 * 10000)
+      ),
+      RepositoryViewerSettings(
+        getValue(props, RepositoryViewerMaxFiles, 0)
+      )
+    )
   }
 
 }
@@ -368,12 +365,11 @@ object SystemSettingsService {
 
   private def getValue[A: ClassTag](props: java.util.Properties, key: String, default: A): A = {
     getConfigValue(key).getOrElse {
-      defining(props.getProperty(key)) { value =>
+      val value = props.getProperty(key)
-        if (value == null || value.isEmpty) {
+      if (value == null || value.isEmpty) {
-          default
+        default
-        } else {
+      } else {
-          convertType(value).asInstanceOf[A]
+        convertType(value).asInstanceOf[A]
-        }
       }
     }
   }
@@ -390,12 +386,11 @@ object SystemSettingsService {
 
   private def getOptionValue[A: ClassTag](props: java.util.Properties, key: String, default: Option[A]): Option[A] = {
     getConfigValue(key).orElse {
-      defining(props.getProperty(key)) { value =>
+      val value = props.getProperty(key)
-        if (value == null || value.isEmpty) {
+      if (value == null || value.isEmpty) {
-          default
+        default
-        } else {
+      } else {
-          Some(convertType(value)).asInstanceOf[Option[A]]
+        Some(convertType(value)).asInstanceOf[Option[A]]
-        }
       }
     }
   }

src/main/scala/gitbucket/core/service/WebHookService.scala

@@ -3,7 +3,6 @@ package gitbucket.core.service
 import fr.brouillard.oss.security.xhub.XHub
 import fr.brouillard.oss.security.xhub.XHub.{XHubConverter, XHubDigest}
 import gitbucket.core.api._
-import gitbucket.core.controller.Context
 import gitbucket.core.model.{
   Account,
   AccountWebHook,
@@ -21,7 +20,6 @@ import gitbucket.core.model.Profile._
 import gitbucket.core.model.Profile.profile.blockingApi._
 import org.apache.http.client.utils.URLEncodedUtils
 import gitbucket.core.util.JGitUtil.CommitInfo
-import gitbucket.core.util.Implicits._
 import gitbucket.core.util.{HttpClientUtil, RepositoryName, StringUtil}
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import org.apache.http.NameValuePair
@@ -128,7 +126,7 @@ trait WebHookService {
       ctype = ctype,
       token = token
     )
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       RepositoryWebHookEvents insert RepositoryWebHookEvent(owner, repository, url, event)
     }
   }
@@ -146,7 +144,7 @@ trait WebHookService {
       .map(w => (w.ctype, w.token))
       .update((ctype, token))
     RepositoryWebHookEvents.filter(_.byRepositoryWebHook(owner, repository, url)).delete
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       RepositoryWebHookEvents insert RepositoryWebHookEvent(owner, repository, url, event)
     }
   }
@@ -165,14 +163,16 @@ trait WebHookService {
       .map(w => (w.url, w.ctype, w.token))
       .update((url, ctype, token))
     RepositoryWebHookEvents.filter(_.byRepositoryWebHook(owner, repository, url)).delete
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       RepositoryWebHookEvents insert RepositoryWebHookEvent(owner, repository, url, event)
     }
   }
 
+  // Records in WEB_HOOK_EVENT will be deleted automatically by cascaded constraint
   def deleteWebHook(owner: String, repository: String, url: String)(implicit s: Session): Unit =
     RepositoryWebHooks.filter(_.byRepositoryUrl(owner, repository, url)).delete
 
+  // Records in WEB_HOOK_EVENT will be deleted automatically by cascaded constraint
   def deleteWebHookById(id: Int)(implicit s: Session): Unit =
     RepositoryWebHooks.filter(_.byId(id)).delete
 
@@ -228,7 +228,7 @@ trait WebHookService {
     token: Option[String]
   )(implicit s: Session): Unit = {
     AccountWebHooks insert AccountWebHook(owner, url, ctype, token)
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       AccountWebHookEvents insert AccountWebHookEvent(owner, url, event)
     }
   }
@@ -242,7 +242,7 @@ trait WebHookService {
   )(implicit s: Session): Unit = {
     AccountWebHooks.filter(_.byPrimaryKey(owner, url)).map(w => (w.ctype, w.token)).update((ctype, token))
     AccountWebHookEvents.filter(_.byAccountWebHook(owner, url)).delete
-    events.map { event: WebHook.Event =>
+    events.map { (event: WebHook.Event) =>
       AccountWebHookEvents insert AccountWebHookEvent(owner, url, event)
     }
   }
@@ -255,11 +255,11 @@ trait WebHookService {
   )(implicit s: Session, c: JsonFormat.Context): Unit = {
     val webHooks = getWebHooksByEvent(owner, repository, event)
     if (webHooks.nonEmpty) {
-      makePayload.map(callWebHook(event, webHooks, _, settings))
+      makePayload.foreach(callWebHook(event, webHooks, _, settings))
     }
     val accountWebHooks = getAccountWebHooksByEvent(owner, event)
     if (accountWebHooks.nonEmpty) {
-      makePayload.map(callWebHook(event, accountWebHooks, _, settings))
+      makePayload.foreach(callWebHook(event, accountWebHooks, _, settings))
     }
   }
 
@@ -283,7 +283,7 @@ trait WebHookService {
       val json = JsonFormat(payload)
 
       webHooks.map { webHook =>
-        val reqPromise = Promise[HttpRequest]
+        val reqPromise = Promise[HttpRequest]()
         val f = Future {
           val itcp = new org.apache.http.HttpRequestInterceptor {
             def process(res: HttpRequest, ctx: HttpContext): Unit = {

src/main/scala/gitbucket/core/service/WikiService.scala

@@ -5,7 +5,6 @@ import gitbucket.core.controller.Context
 import gitbucket.core.model.Account
 import gitbucket.core.service.RepositoryService.RepositoryInfo
 import gitbucket.core.util._
-import gitbucket.core.util.SyntaxSugars._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.treewalk.CanonicalTreeParser
 import org.eclipse.jgit.lib._
@@ -54,20 +53,19 @@ trait WikiService {
 
   def createWikiRepository(loginAccount: Account, owner: String, repository: String): Unit =
     LockUtil.lock(s"${owner}/${repository}/wiki") {
-      defining(Directory.getWikiRepositoryDir(owner, repository)) { dir =>
+      val dir = Directory.getWikiRepositoryDir(owner, repository)
-        if (!dir.exists) {
+      if (!dir.exists) {
-          JGitUtil.initRepository(dir)
+        JGitUtil.initRepository(dir)
-          saveWikiPage(
+        saveWikiPage(
-            owner,
+          owner,
-            repository,
+          repository,
-            "Home",
+          "Home",
-            "Home",
+          "Home",
-            s"Welcome to the ${repository} wiki!!",
+          s"Welcome to the ${repository} wiki!!",
-            loginAccount,
+          loginAccount,
-            "Initial Commit",
+          "Initial Commit",
-            None
+          None
-          )
+        )
-        }
       }
     }
 

src/main/scala/gitbucket/core/servlet/ApiAuthenticationFilter.scala

@@ -19,8 +19,9 @@ class ApiAuthenticationFilter extends Filter with AccessTokenService with Accoun
   override def destroy(): Unit = {}
 
   override def doFilter(req: ServletRequest, res: ServletResponse, chain: FilterChain): Unit = {
-    implicit val request = req.asInstanceOf[HttpServletRequest]
+    implicit val request: HttpServletRequest = req.asInstanceOf[HttpServletRequest]
-    implicit val session = req.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
+    implicit val session: slick.jdbc.JdbcBackend#Session =
+      req.getAttribute(Keys.Request.DBSession).asInstanceOf[slick.jdbc.JdbcBackend#Session]
     val response = res.asInstanceOf[HttpServletResponse]
     Option(request.getHeader("Authorization"))
       .map {

src/main/scala/gitbucket/core/servlet/GitLfsTransferServlet.scala

@@ -6,6 +6,7 @@ import javax.servlet.http.{HttpServlet, HttpServletRequest, HttpServletResponse}
 
 import gitbucket.core.util.{FileUtil, StringUtil}
 import org.apache.commons.io.{FileUtils, IOUtils}
+import org.json4s.Formats
 import org.json4s.jackson.Serialization._
 import org.apache.http.HttpStatus
 
@@ -17,7 +18,7 @@ import scala.util.Using
  */
 class GitLfsTransferServlet extends HttpServlet {
 
-  private implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
+  private implicit val jsonFormats: Formats = gitbucket.core.api.JsonFormat.jsonFormats
   private val LongObjectIdLength = 32
   private val LongObjectIdStringLength = LongObjectIdLength * 2
 

src/main/scala/gitbucket/core/servlet/GitRepositoryServlet.scala

@@ -6,12 +6,12 @@ import java.util.Date
 
 import scala.util.Using
 import gitbucket.core.api
+import gitbucket.core.api.JsonFormat.Context
 import gitbucket.core.model.WebHook
 import gitbucket.core.plugin.{GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.IssuesService.IssueSearchCondition
 import gitbucket.core.service.WebHookService._
 import gitbucket.core.service._
-import gitbucket.core.util.SyntaxSugars._
 import gitbucket.core.util.Implicits._
 import gitbucket.core.util._
 import gitbucket.core.model.Profile.profile.blockingApi._
@@ -42,6 +42,7 @@ import javax.servlet.ServletConfig
 import javax.servlet.http.{HttpServletRequest, HttpServletResponse}
 import org.eclipse.jgit.diff.DiffEntry.ChangeType
 import org.eclipse.jgit.internal.storage.file.FileRepository
+import org.json4s.Formats
 import org.json4s.jackson.Serialization._
 
 /**
@@ -53,7 +54,7 @@ import org.json4s.jackson.Serialization._
 class GitRepositoryServlet extends GitServlet with SystemSettingsService {
 
   private val logger = LoggerFactory.getLogger(classOf[GitRepositoryServlet])
-  private implicit val jsonFormats = gitbucket.core.api.JsonFormat.jsonFormats
+  private implicit val jsonFormats: Formats = gitbucket.core.api.JsonFormat.jsonFormats
 
   override def init(config: ServletConfig): Unit = {
     setReceivePackFactory(new GitBucketReceivePackFactory())
@@ -200,33 +201,28 @@ class GitBucketReceivePackFactory extends ReceivePackFactory[HttpServletRequest]
       logger.debug("requestURI: " + request.getRequestURI)
       logger.debug("pusher:" + pusher)
 
-      defining(request.paths) { paths =>
+      val paths = request.paths
-        val owner = paths(1)
+      val owner = paths(1)
-        val repository = paths(2).stripSuffix(".git")
+      val repository = paths(2).stripSuffix(".git")
 
-        logger.debug("repository:" + owner + "/" + repository)
+      logger.debug("repository:" + owner + "/" + repository)
 
-        val settings = loadSystemSettings()
+      val settings = loadSystemSettings()
-        val baseUrl = settings.baseUrl(request)
+      val baseUrl = settings.baseUrl(request)
-        val sshUrl = settings.sshAddress.map { x =>
+      val sshUrl = settings.sshAddress.map { x =>
-          s"${x.genericUser}@${x.host}:${x.port}"
+        s"${x.genericUser}@${x.host}:${x.port}"
-        }
+      }
 
-        if (!repository.endsWith(".wiki")) {
+      if (!repository.endsWith(".wiki")) {
-          defining(request) { implicit r =>
+        val hook = new CommitLogHook(owner, repository, pusher, baseUrl, sshUrl)
-            val hook = new CommitLogHook(owner, repository, pusher, baseUrl, sshUrl)
+        receivePack.setPreReceiveHook(hook)
-            receivePack.setPreReceiveHook(hook)
+        receivePack.setPostReceiveHook(hook)
-            receivePack.setPostReceiveHook(hook)
+      }
-          }
-        }
 
-        if (repository.endsWith(".wiki")) {
+      if (repository.endsWith(".wiki")) {
-          defining(request) { implicit r =>
+        receivePack.setPostReceiveHook(
-            receivePack.setPostReceiveHook(
+          new WikiCommitHook(owner, repository.stripSuffix(".wiki"), pusher, baseUrl, sshUrl)
-              new WikiCommitHook(owner, repository.stripSuffix(".wiki"), pusher, baseUrl, sshUrl)
+        )
-            )
-          }
-        }
       }
     }
 
@@ -293,7 +289,7 @@ class CommitLogHook(owner: String, repository: String, pusher: String, baseUrl:
           val pushedIds = scala.collection.mutable.Set[String]()
           commands.asScala.foreach { command =>
             logger.debug(s"commandType: ${command.getType}, refName: ${command.getRefName}")
-            implicit val apiContext = api.JsonFormat.Context(baseUrl, sshUrl)
+            implicit val apiContext: Context = api.JsonFormat.Context(baseUrl, sshUrl)
             val refName = command.getRefName.split("/")
             val branchName = refName.drop(2).mkString("/")
             val commits = if (refName(1) == "tags") {
@@ -469,7 +465,7 @@ class WikiCommitHook(owner: String, repository: String, pusher: String, baseUrl:
     Database() withTransaction { implicit session =>
       try {
         commands.asScala.headOption.foreach { command =>
-          implicit val apiContext = api.JsonFormat.Context(baseUrl, sshUrl)
+          implicit val apiContext: Context = api.JsonFormat.Context(baseUrl, sshUrl)
           val refName = command.getRefName.split("/")
           val commitIds = if (refName(1) == "tags") {
             None

src/main/scala/gitbucket/core/servlet/InitializeListener.scala

@@ -2,7 +2,6 @@ package gitbucket.core.servlet
 
 import java.io.{File, FileOutputStream}
 
-import com.typesafe.config.ConfigFactory
 import gitbucket.core.GitBucketCoreModule
 import gitbucket.core.plugin.PluginRegistry
 import gitbucket.core.service.SystemSettingsService

src/main/scala/gitbucket/core/servlet/PluginControllerFilter.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.servlet
 
 import javax.servlet._
-import javax.servlet.http.HttpServletRequest
 
 import gitbucket.core.controller.ControllerBase
 import gitbucket.core.plugin.PluginRegistry

src/main/scala/gitbucket/core/ssh/GitCommand.scala

@@ -4,7 +4,7 @@ import gitbucket.core.model.Profile.profile.blockingApi._
 import gitbucket.core.plugin.{GitRepositoryRouting, PluginRegistry}
 import gitbucket.core.service.{AccountService, DeployKeyService, RepositoryService, SystemSettingsService}
 import gitbucket.core.servlet.{CommitLogHook, Database}
-import gitbucket.core.util.{SyntaxSugars, Directory}
+import gitbucket.core.util.Directory
 import org.apache.sshd.server.{Environment, ExitCallback, SessionAware}
 import org.apache.sshd.server.command.{Command, CommandFactory}
 import org.apache.sshd.server.session.ServerSession

src/main/scala/gitbucket/core/ssh/SshServerListener.scala

@@ -1,6 +1,5 @@
 package gitbucket.core.ssh
 
-import java.io.File
 import java.util.concurrent.atomic.AtomicBoolean
 import javax.servlet.{ServletContextEvent, ServletContextListener}
 

src/main/scala/gitbucket/core/util/Authenticator.scala

@@ -5,7 +5,6 @@ import gitbucket.core.service.{AccountService, RepositoryService}
 import gitbucket.core.model.Role
 import RepositoryService.RepositoryInfo
 import Implicits._
-import SyntaxSugars._
 
 /**
  * Allows only oneself and administrators.
@@ -113,13 +112,10 @@ trait ReadableUsersAuthenticator { self: ControllerBase with RepositoryService w
     val userName = params("owner")
     val repoName = params("repository")
     getRepository(userName, repoName).map { repository =>
-      context.loginAccount match {
+      if (isReadable(repository.repository, context.loginAccount) || !repository.repository.isPrivate) {
-        case Some(x) if (x.isAdmin)                                                          => action(repository)
+        action(repository)
-        case Some(x) if (!repository.repository.isPrivate)                                   => action(repository)
+      } else {
-        case Some(x) if (userName == x.userName)                                             => action(repository)
+        Unauthorized()
-        case Some(x) if (getGroupMembers(repository.owner).exists(_.userName == x.userName)) => action(repository)
-        case Some(x) if (getCollaboratorUserNames(userName, repoName).contains(x.userName))  => action(repository)
-        case _                                                                               => Unauthorized()
       }
     } getOrElse NotFound()
   }

src/main/scala/gitbucket/core/util/ConfigUtil.scala

@@ -1,7 +1,5 @@
 package gitbucket.core.util
 
-import gitbucket.core.util.SyntaxSugars.defining
-
 import scala.reflect.ClassTag
 
 object ConfigUtil {
@@ -30,12 +28,12 @@ object ConfigUtil {
     }
   }
 
-  def convertType[A: ClassTag](value: String): A =
+  def convertType[A: ClassTag](value: String): A = {
-    defining(implicitly[ClassTag[A]].runtimeClass) { c =>
+    val c = implicitly[ClassTag[A]].runtimeClass
-      if (c == classOf[Boolean]) value.toBoolean
+    if (c == classOf[Boolean]) value.toBoolean
-      else if (c == classOf[Long]) value.toLong
+    else if (c == classOf[Long]) value.toLong
-      else if (c == classOf[Int]) value.toInt
+    else if (c == classOf[Int]) value.toInt
-      else value
+    else value
-    }.asInstanceOf[A]
+  }.asInstanceOf[A]
 
 }

src/main/scala/gitbucket/core/util/EditorConfigUtil.scala

@@ -28,7 +28,7 @@ object EditorConfigUtil {
     }
 
     private def getRevTree: RevTree = {
-      Using.resource(repo.newObjectReader()) { reader: ObjectReader =>
+      Using.resource(repo.newObjectReader()) { (reader: ObjectReader) =>
         val revWalk = new RevWalk(reader)
         val id = repo.resolve(revStr)
         val commit = revWalk.parseCommit(id)
@@ -37,7 +37,7 @@ object EditorConfigUtil {
     }
 
     override def exists(): Boolean = {
-      Using.resource(repo.newObjectReader()) { reader: ObjectReader =>
+      Using.resource(repo.newObjectReader()) { (reader: ObjectReader) =>
         try {
           val treeWalk = Option(TreeWalk.forPath(reader, removeInitialSlash(path), getRevTree))
           treeWalk.isDefined
@@ -60,7 +60,7 @@ object EditorConfigUtil {
     }
 
     override def openReader(): Reader = {
-      Using.resource(repo.newObjectReader) { reader: ObjectReader =>
+      Using.resource(repo.newObjectReader) { (reader: ObjectReader) =>
         val treeWalk = TreeWalk.forPath(reader, removeInitialSlash(path), getRevTree)
         new InputStreamReader(reader.open(treeWalk.getObjectId(0)).openStream, StandardCharsets.UTF_8)
       }

src/main/scala/gitbucket/core/util/FileUtil.scala

@@ -3,36 +3,39 @@ package gitbucket.core.util
 import org.apache.commons.io.FileUtils
 import org.apache.tika.Tika
 import java.io.File
-import SyntaxSugars._
 import scala.util.Random
 
 object FileUtil {
 
-  def getMimeType(name: String): String =
+  def getMimeType(name: String): String = {
-    defining(new Tika()) { tika =>
+    val tika = new Tika()
-      tika.detect(name) match {
+    tika.detect(name) match {
-        case null     => "application/octet-stream"
+      case null     => "application/octet-stream"
-        case mimeType => mimeType
+      case mimeType => mimeType
-      }
     }
+  }
 
   def getMimeType(name: String, bytes: Array[Byte]): String = {
-    defining(getMimeType(name)) { mimeType =>
+    val mimeType = getMimeType(name)
-      if (mimeType == "application/octet-stream" && isText(bytes)) {
+    if (mimeType == "application/octet-stream" && isText(bytes)) {
-        "text/plain"
+      "text/plain"
-      } else {
+    } else {
-        mimeType
+      mimeType
-      }
     }
   }
 
-  def getSafeMimeType(name: String): String = {
+  def getSafeMimeType(name: String, safeMode: Boolean = true): String = {
-    getMimeType(name)
+    val mimeType = getMimeType(name)
       .replace("text/html", "text/plain")
-      .replace("image/svg+xml", "text/plain; charset=UTF-8")
+
+    if (safeMode) {
+      mimeType.replace("image/svg+xml", "text/plain; charset=UTF-8")
+    } else {
+      mimeType
+    }
   }
 
-  def isImage(name: String): Boolean = getSafeMimeType(name).startsWith("image/")
+  def isImage(name: String, safeMode: Boolean = true): Boolean = getSafeMimeType(name, safeMode).startsWith("image/")
 
   def isLarge(size: Long): Boolean = (size > 1024 * 1000)
 
@@ -92,4 +95,14 @@ object FileUtil {
     name
   }
 
+  /**
+   * Delete given folder recursively.
+   */
+  def deleteRecursively(f: File): Boolean = {
+    if (f.isDirectory) f.listFiles match {
+      case files: Array[File] => files.foreach(deleteRecursively)
+      case null               =>
+    }
+    f.delete()
+  }
 }

src/main/scala/gitbucket/core/util/HttpClientUtil.scala

@@ -1,6 +1,6 @@
 package gitbucket.core.util
 
-import java.net.{InetAddress, URL}
+import java.net.InetAddress
 
 import gitbucket.core.service.SystemSettingsService
 import org.apache.commons.net.util.SubnetUtils

src/main/scala/gitbucket/core/util/JDBCUtil.scala

@@ -83,7 +83,9 @@ object JDBCUtil {
               }
               if (c == ';' && !stringLiteral) {
                 val sql = new String(out.toByteArray, "UTF-8")
-                conn.update(sql.trim)
+                if (sql != null && !sql.isEmpty()) {
+                  conn.update(sql.trim)
+                }
                 out = new ByteArrayOutputStream()
               } else {
                 out.write(c)
@@ -202,7 +204,7 @@ object JDBCUtil {
     }
 
     private def allTablesOrderByDependencies(meta: DatabaseMetaData): Seq[String] = {
-      val tables = allTableNames.map { tableName =>
+      val tables = allTableNames().map { tableName =>
         TableDependency(tableName, childTables(meta, tableName))
       }
 

src/main/scala/gitbucket/core/util/JGitUtil.scala

@@ -6,7 +6,6 @@ import gitbucket.core.service.RepositoryService
 import org.eclipse.jgit.api.Git
 import Directory._
 import StringUtil._
-import SyntaxSugars._
 
 import scala.annotation.tailrec
 import scala.jdk.CollectionConverters._
@@ -38,7 +37,7 @@ object JGitUtil {
 
   private val logger = LoggerFactory.getLogger(JGitUtil.getClass)
 
-  implicit val objectDatabaseReleasable = new Releasable[ObjectDatabase] {
+  implicit val objectDatabaseReleasable: Releasable[ObjectDatabase] = new Releasable[ObjectDatabase] {
     override def release(resource: ObjectDatabase): Unit = resource.close()
   }
 
@@ -183,7 +182,8 @@ object JGitUtil {
 
     val summary = getSummaryMessage(fullMessage, shortMessage)
 
-    val description = defining(fullMessage.trim.indexOf('\n')) { i =>
+    val description = {
+      val i = fullMessage.trim.indexOf('\n')
       if (i >= 0) {
         Some(fullMessage.trim.substring(i).trim)
       } else None
@@ -514,11 +514,9 @@ object JGitUtil {
    * Returns the first line of the commit message.
    */
   private def getSummaryMessage(fullMessage: String, shortMessage: String): String = {
-    defining(fullMessage.trim.indexOf('\n')) { i =>
+    val i = fullMessage.trim.indexOf('\n')
-      defining(if (i >= 0) fullMessage.trim.substring(0, i).trim else fullMessage) { firstLine =>
+    val firstLine = if (i >= 0) fullMessage.trim.substring(0, i).trim else fullMessage
-        if (firstLine.length > shortMessage.length) shortMessage else firstLine
+    if (firstLine.length > shortMessage.length) shortMessage else firstLine
-      }
-    }
   }
 
   /**
@@ -592,16 +590,15 @@ object JGitUtil {
       }
 
     Using.resource(new RevWalk(git.getRepository)) { revWalk =>
-      defining(git.getRepository.resolve(revision)) { objectId =>
+      val objectId = git.getRepository.resolve(revision)
-        if (objectId == null) {
+      if (objectId == null) {
-          Left(s"${revision} can't be resolved.")
+        Left(s"${revision} can't be resolved.")
-        } else {
+      } else {
-          revWalk.markStart(revWalk.parseCommit(objectId))
+        revWalk.markStart(revWalk.parseCommit(objectId))
-          if (path.nonEmpty) {
+        if (path.nonEmpty) {
-            revWalk.setTreeFilter(AndTreeFilter.create(PathFilter.create(path), TreeFilter.ANY_DIFF))
+          revWalk.setTreeFilter(AndTreeFilter.create(PathFilter.create(path), TreeFilter.ANY_DIFF))
-          }
-          Right(getCommitLog(revWalk.iterator, 0, Nil))
         }
+        Right(getCommitLog(revWalk.iterator, 0, Nil))
       }
     }
   }
@@ -804,22 +801,21 @@ object JGitUtil {
    */
   def getBranchesOfCommit(git: Git, commitId: String): List[String] =
     Using.resource(new RevWalk(git.getRepository)) { revWalk =>
-      defining(revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))) { commit =>
+      val commit = revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))
-        git.getRepository.getRefDatabase
+      git.getRepository.getRefDatabase
-          .getRefsByPrefix(Constants.R_HEADS)
+        .getRefsByPrefix(Constants.R_HEADS)
-          .asScala
+        .asScala
-          .filter { e =>
+        .filter { e =>
-            (revWalk.isMergedInto(
+          (revWalk.isMergedInto(
-              commit,
+            commit,
-              revWalk.parseCommit(e.getObjectId)
+            revWalk.parseCommit(e.getObjectId)
-            ))
+          ))
-          }
+        }
-          .map { e =>
+        .map { e =>
-            e.getName.substring(Constants.R_HEADS.length)
+          e.getName.substring(Constants.R_HEADS.length)
-          }
+        }
-          .toList
+        .toList
-          .sorted
+        .sorted
-      }
     }
 
   /**
@@ -847,23 +843,22 @@ object JGitUtil {
    */
   def getTagsOfCommit(git: Git, commitId: String): List[String] =
     Using.resource(new RevWalk(git.getRepository)) { revWalk =>
-      defining(revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))) { commit =>
+      val commit = revWalk.parseCommit(git.getRepository.resolve(commitId + "^0"))
-        git.getRepository.getRefDatabase
+      git.getRepository.getRefDatabase
-          .getRefsByPrefix(Constants.R_TAGS)
+        .getRefsByPrefix(Constants.R_TAGS)
-          .asScala
+        .asScala
-          .filter { e =>
+        .filter { e =>
-            (revWalk.isMergedInto(
+          (revWalk.isMergedInto(
-              commit,
+            commit,
-              revWalk.parseCommit(e.getObjectId)
+            revWalk.parseCommit(e.getObjectId)
-            ))
+          ))
-          }
+        }
-          .map { e =>
+        .map { e =>
-            e.getName.substring(Constants.R_TAGS.length)
+          e.getName.substring(Constants.R_TAGS.length)
-          }
+        }
-          .toList
+        .toList
-          .sorted
+        .sorted
-          .reverse
+        .reverse
-      }
     }
 
   def initRepository(dir: java.io.File): Unit =
@@ -879,11 +874,11 @@ object JGitUtil {
 
   def isEmpty(git: Git): Boolean = git.getRepository.resolve(Constants.HEAD) == null
 
-  private def setReceivePack(repository: org.eclipse.jgit.lib.Repository): Unit =
+  private def setReceivePack(repository: org.eclipse.jgit.lib.Repository): Unit = {
-    defining(repository.getConfig) { config =>
+    val config = repository.getConfig
-      config.setBoolean("http", null, "receivepack", true)
+    config.setBoolean("http", null, "receivepack", true)
-      config.save
+    config.save
-    }
+  }
 
   def getDefaultBranch(
     git: Git,
@@ -912,10 +907,10 @@ object JGitUtil {
       }
       Right("Tag added.")
     } catch {
-      case e: ConcurrentRefUpdateException => Left("Sorry, some error occurs.")
+      case _: ConcurrentRefUpdateException => Left("Sorry, some error occurs.")
-      case e: InvalidTagNameException      => Left("Sorry, that name is invalid.")
+      case _: InvalidTagNameException      => Left("Sorry, that name is invalid.")
-      case e: NoHeadException              => Left("Sorry, this repo doesn't have HEAD reference")
+      case _: NoHeadException              => Left("Sorry, this repo doesn't have HEAD reference")
-      case e: GitAPIException              => Left("Sorry, some Git operation error occurs.")
+      case _: GitAPIException              => Left("Sorry, some Git operation error occurs.")
     }
   }
 
@@ -924,7 +919,7 @@ object JGitUtil {
       git.branchCreate().setStartPoint(fromBranch).setName(newBranch).call()
       Right("Branch created.")
     } catch {
-      case e: RefAlreadyExistsException => Left("Sorry, that branch already exists.")
+      case _: RefAlreadyExistsException => Left("Sorry, that branch already exists.")
       // JGitInternalException occurs when new branch name is 'a' and the branch whose name is 'a/*' exists.
       case _: InvalidRefNameException | _: JGitInternalException => Left("Sorry, that name is invalid.")
     }
@@ -1052,13 +1047,13 @@ object JGitUtil {
     !loader.isLarge && new String(loader.getBytes(), "UTF-8").startsWith("version https://git-lfs.github.com/spec/v1")
   }
 
-  def getContentInfo(git: Git, path: String, objectId: ObjectId): ContentInfo = {
+  def getContentInfo(git: Git, path: String, objectId: ObjectId, safeMode: Boolean): ContentInfo = {
     // Viewer
     Using.resource(git.getRepository.getObjectDatabase) { db =>
       val loader = db.open(objectId)
       val isLfs = isLfsPointer(loader)
       val large = FileUtil.isLarge(loader.getSize)
-      val viewer = if (FileUtil.isImage(path)) "image" else if (large) "large" else "other"
+      val viewer = if (FileUtil.isImage(path, safeMode)) "image" else if (large) "large" else "other"
       val bytes = if (viewer == "other") JGitUtil.getContentFromId(git, objectId, false) else None
       val size = Some(getContentSize(loader))
 
@@ -1101,7 +1096,7 @@ object JGitUtil {
         }
       }
     } catch {
-      case e: MissingObjectException => None
+      case _: MissingObjectException => None
     }
 
   /**
@@ -1118,7 +1113,7 @@ object JGitUtil {
         Some(f(db.open(id)))
       }
     } catch {
-      case e: MissingObjectException => None
+      case _: MissingObjectException => None
     }
 
   /**
@@ -1162,12 +1157,12 @@ object JGitUtil {
     requestUserName: String,
     requestRepositoryName: String,
     requestBranch: String
-  ): String =
+  ): String = {
-    defining(getAllCommitIds(oldGit)) { existIds =>
+    val existIds = getAllCommitIds(oldGit)
-      getCommitLogs(newGit, requestBranch, true) { commit =>
+    getCommitLogs(newGit, requestBranch, true) { commit =>
-        existIds.contains(commit.name) && getBranchesOfCommit(oldGit, commit.getName).contains(branch)
+      existIds.contains(commit.name) && getBranchesOfCommit(oldGit, commit.getName).contains(branch)
-      }.head.id
+    }.head.id
-    }
+  }
 
   /**
    * Fetch pull request contents into refs/pull/${issueId}/head and return (commitIdTo, commitIdFrom)

src/main/scala/gitbucket/core/util/LDAPUtil.scala

@@ -1,7 +1,6 @@
 package gitbucket.core.util
 
 import gitbucket.core.model.Account
-import SyntaxSugars._
 import gitbucket.core.service.SystemSettingsService
 import gitbucket.core.service.SystemSettingsService.Ldap
 import com.novell.ldap._
@@ -125,6 +124,8 @@ object LDAPUtil {
   }
 
   private def getSslProvider(): Provider = {
+    import scala.language.existentials
+
     val cachedInstance = provider.get()
     if (cachedInstance == null) {
       val cls = try {
@@ -244,20 +245,18 @@ object LDAPUtil {
     userNameAttribute: String,
     userName: String,
     mailAttribute: String
-  ): Option[String] =
+  ): Option[String] = {
-    defining(
+    val results = conn.search(
-      conn.search(
+      userDN,
-        userDN,
+      LDAPConnection.SCOPE_BASE,
-        LDAPConnection.SCOPE_BASE,
+      userNameAttribute + "=" + userName,
-        userNameAttribute + "=" + userName,
+      Array[String](mailAttribute),
-        Array[String](mailAttribute),
+      false
-        false
+    )
-      )
+    if (results.hasMore) {
-    ) { results =>
+      Option(results.next.getAttribute(mailAttribute)).map(_.getStringValue)
-      if (results.hasMore) {
+    } else None
-        Option(results.next.getAttribute(mailAttribute)).map(_.getStringValue)
+  }
-      } else None
-    }
 
   private def findFullName(
     conn: LDAPConnection,
@@ -265,20 +264,18 @@ object LDAPUtil {
     userNameAttribute: String,
     userName: String,
     nameAttribute: String
-  ): Option[String] =
+  ): Option[String] = {
-    defining(
+    val results = conn.search(
-      conn.search(
+      userDN,
-        userDN,
+      LDAPConnection.SCOPE_BASE,
-        LDAPConnection.SCOPE_BASE,
+      userNameAttribute + "=" + userName,
-        userNameAttribute + "=" + userName,
+      Array[String](nameAttribute),
-        Array[String](nameAttribute),
+      false
-        false
+    )
-      )
+    if (results.hasMore) {
-    ) { results =>
+      Option(results.next.getAttribute(nameAttribute)).map(_.getStringValue)
-      if (results.hasMore) {
+    } else None
-        Option(results.next.getAttribute(nameAttribute)).map(_.getStringValue)
+  }
-      } else None
-    }
 
   case class LDAPUserInfo(userName: String, fullName: String, mailAddress: String)