Prepare to release

Merge pull request #2693 from appleboy/patch-2
test the latest version.
2026-02-28 17:20:59 +01:00 · 2016-02-24 01:14:43 -05:00 · 2016-02-24 00:19:01 -05:00 · 2016-02-23 16:04:40 +08:00 · 2016-02-23 00:12:04 -05:00 · 2016-02-22 12:40:00 -05:00
1424 changed files with 35338 additions and 64478 deletions
--- a/.bra.toml
+++ b/.bra.toml
@@ -1,6 +1,7 @@
 [run]
 init_cmds = [
 	#["grep", "-rn", "FIXME", "."],
+	["make", "build-dev"],
 	["./gogs", "web"]
 ]
 watch_all = true
@@ -11,9 +12,9 @@ watch_dirs = [
 	"$WORKDIR/routers"
 ]
 watch_exts = [".go"]
+ignore_files = [".+_test.go"]
 build_delay = 1500
 cmds = [
-	["go", "install", "-tags", "sqlite tidb"],# redis memcache cert pam
-	["go", "build", "-tags", "sqlite tidb"],
+	["make", "build-dev"], # sqlite cert pam tidb
 	["./gogs", "web"]
 ]
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,14 @@
+.git
+.git/
 .git/*
+conf
+conf/
 conf/*
+packager
+packager/
 packager/*
+scripts
+scripts/
 scripts/*
 *.yml
 *.md
@@ -9,4 +17,4 @@ scripts/*
 .gitignore
 .gopmfile
 config.codekit
-LICENSE
+LICENSE
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -42,21 +42,11 @@ There is no standard form of making a feature request. Just try to describe the

 ### Pull Request

-Pull requests are always welcome, but note that **ALL PULL REQUESTS MUST APPLY TO THE `DEV` BRANCH**.
-
-We are always thrilled to receive pull requests, and do our best to process them as fast as possible. Not sure if that typo is worth a pull request? Do it! We will appreciate it.
-
-If your pull request is not accepted on the first try, don't be discouraged! If there's a problem with the implementation, hopefully you received feedback on what to improve.
-
-We're trying very hard to keep Gogs lean and focused. We don't want it to do everything for everybody. This means that we might decide against incorporating a new feature. We believe you do like to discuss with us first in [Gitter](https://gitter.im/gogits/gogs).
+Please read detailed information on [Wiki](https://github.com/gogits/gogs/wiki/Contributing-Code).

 ### Ask For Help

-Before opening an issue, please make sure your problem isn't already addressed on the [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.md) and [FAQs](http://gogs.io/docs/intro/faqs.html) pages.
-
-## Things To Notice
-
-Please take a moment to check that an issue on [GitHub](https://github.com/gogits/gogs/issues) or card on [Trello](https://trello.com/b/uxAoeLUl/gogs-go-git-service) doesn't already exist documenting your bug report or improvement proposal. If it does, it never hurts to add a quick "+1" or "I have this problem too". This will help prioritize the most common problems and requests.
+Before opening an issue, please make sure your problem isn't already addressed on the [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.html) and [FAQs](http://gogs.io/docs/intro/faqs.html) pages.

 ## Code of conduct

--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,18 @@
+We DO NOT take questions or config/deploy problems on GitHub, please use our forum: https://discuss.gogs.io
+
+Please take a moment to search that an issue doesn't already exist.
+
+For bug reports, please give the relevant info:
+
+- Gogs version (or commit ref):
+- Git version:
+- Operating system:
+- Database:
+  - [ ] PostgreSQL
+  - [ ] MySQL
+  - [ ] SQLite
+- Log gist:
+
+## Description
+
+...
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,4 @@
+Please, make sure you are targeting the `develop` branch!
+
+More instructions about contributing with Gogs code can be found here:
+https://github.com/gogits/gogs/wiki/Contributing-Code
--- a/.gitignore
+++ b/.gitignore
@@ -14,7 +14,6 @@ files/
 *.so
 _obj
 _test
-*.[568vq]
 [568vq].out
 *.cgo1.go
 *.cgo2.c
@@ -35,3 +34,5 @@ docker/docker/Dockerfile
 docker/docker/init_gogs.sh
 gogs.sublime-project
 gogs.sublime-workspace
+.tags*
+release
--- a/.gopmfile
+++ b/.gopmfile
@@ -2,38 +2,51 @@
 path = github.com/gogits/gogs

 [deps]
-github.com/bradfitz/gomemcache = commit:72a68649ba
-github.com/Unknwon/cae = commit:2e70a1351b
-github.com/Unknwon/com = commit:47d7d2b81a
-github.com/Unknwon/i18n = commit:7457d88830
-github.com/Unknwon/macaron = commit:05317cffe5
-github.com/Unknwon/paginater = commit:cab2d086fa
-github.com/codegangsta/cli = commit:142e6cd241
-github.com/go-sql-driver/mysql = commit:527bcd55aa
-github.com/go-xorm/core = commit:3e10003353
-github.com/go-xorm/xorm = commit:803f6db50c
+github.com/bradfitz/gomemcache = commit:fb1f79c
+github.com/codegangsta/cli = commit:5db7419
+github.com/go-macaron/binding = commit:a68f342
+github.com/go-macaron/cache = commit:5617353
+github.com/go-macaron/captcha = commit:8aa5919
+github.com/go-macaron/csrf = commit:715bca0
+github.com/go-macaron/gzip = commit:cad1c65
+github.com/go-macaron/i18n = commit:d2d3329
+github.com/go-macaron/inject = commit:c5ab7bf
+github.com/go-macaron/session = commit:66031fc
+github.com/go-macaron/toolbox = commit:82b5115
+github.com/go-sql-driver/mysql = commit:1309049
+github.com/go-xorm/core = commit:9ddf4ee
+github.com/go-xorm/xorm = commit:e72082c
 github.com/gogits/chardet = commit:2404f77725
-github.com/gogits/go-gogs-client = commit:519eee0af0
-github.com/lib/pq = commit:b269bd035a
-github.com/macaron-contrib/binding = commit:1935a991f2
-github.com/macaron-contrib/cache = commit:a139ea1eee
-github.com/macaron-contrib/captcha = commit:9a0a0b1468
-github.com/macaron-contrib/csrf = commit:98ddf5a710
-github.com/macaron-contrib/i18n = commit:da2b19e90b
-github.com/macaron-contrib/session = commit:e48134e803
-github.com/macaron-contrib/toolbox = commit:acbfe36e16
-github.com/mattn/go-sqlite3 = commit:b808f01f66
-github.com/mcuadros/go-version = commit:d52711f8d6
-github.com/microcosm-cc/bluemonday = commit:85ba47ef2c
-github.com/mssola/user_agent = commit:a163d6a569
-github.com/msteinert/pam = commit:6534f23b39
-github.com/nfnt/resize = commit:dc93e1b98c
-github.com/russross/blackfriday = commit:8cec3a854e
-github.com/shurcooL/sanitized_anchor_name = commit:244f5ac324
-golang.org/x/net = 
-golang.org/x/text = 
-gopkg.in/gomail.v2 = commit:b1e55520bf
-gopkg.in/ini.v1 = commit:e8c222fea7
+github.com/gogits/cron = commit:3abc0f8
+github.com/gogits/git-module = commit:a1c5096
+github.com/gogits/go-gogs-client = commit:d584b1e
+github.com/issue9/identicon = commit:f8c0d2c
+github.com/kardianos/minwinsvc = commit:cad6b2b
+github.com/klauspost/compress = commit:f962535
+github.com/klauspost/cpuid = commit:2c698c6
+github.com/klauspost/crc32 = commit:19b0b33
+github.com/lib/pq = commit:69552e5
+github.com/mattn/go-sqlite3 = commit:09d5c45
+github.com/mcuadros/go-version = commit:d52711f
+github.com/microcosm-cc/bluemonday = commit:4ac6f27
+github.com/msteinert/pam = commit:02ccfbf
+github.com/nfnt/resize = commit:4d93a29
+github.com/russross/blackfriday = commit:006144a
+github.com/satori/go.uuid = commit:e673fdd
+github.com/sergi/go-diff = commit:ec7fdbb
+github.com/shurcooL/sanitized_anchor_name = commit:10ef21a
+github.com/Unknwon/cae = commit:7f5e046
+github.com/Unknwon/com = commit:28b053d
+github.com/Unknwon/i18n = commit:3b48b66
+github.com/Unknwon/paginater = commit:7748a72
+golang.org/x/net = commit:4599ae7
+golang.org/x/text = commit:07b9a78
+golang.org/x/crypto = commit:1f22c01
+gopkg.in/asn1-ber.v1 = commit:4e86f43
+gopkg.in/gomail.v2 = commit:fbb71dd
+gopkg.in/ini.v1 = commit:776aa73
+gopkg.in/ldap.v2 = commit:07a7330
+gopkg.in/macaron.v1 = commit:b9eee38
 gopkg.in/redis.v2 = commit:e617904962

 [res]
--- a/.pkgr.yml
+++ b/.pkgr.yml
@@ -24,4 +24,4 @@ before:
  - mv packager/.godir .
 after:
  - mv bin/main gogs
-after_install: ./packager/debian/postinst
+after_install: ./packager/hooks/postinst
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,10 +1,9 @@
 language: go

 go:
-  - 1.2
-  - 1.3
  - 1.4
  - 1.5
+  - 1.6
  - tip

 before_install:
@@ -12,7 +11,12 @@ before_install:
  - sudo apt-get install -y libpam-dev
  - go get github.com/msteinert/pam 

-script: go build -v -tags "pam"
+install:
+  - go get -t -v ./...
+
+script: 
+  - go build -v -tags "pam"
+  - go test -v -cover -race ./...

 notifications:
  email:
--- a/66
+++ b/66
@@ -1,54 +1,22 @@
-FROM google/debian:wheezy
-MAINTAINER u@gogs.io
+FROM alpine:3.3
+MAINTAINER jp@roemer.im

-RUN echo "deb http://ftp.debian.org/debian/ wheezy-backports main" >> /etc/apt/sources.list && \
-	apt-get update -qqy && \
-	apt-get install --no-install-recommends -qqy \
-	curl build-essential ca-certificates git \ 
-	openssh-server libpam-dev && \
-	apt-get autoclean && \
-    apt-get autoremove && \
-    rm -rf /var/lib/apt/lists/*
+# Install system utils & Gogs runtime dependencies
+ADD https://github.com/tianon/gosu/releases/download/1.6/gosu-amd64 /usr/sbin/gosu
+RUN chmod +x /usr/sbin/gosu \
+ && apk --no-cache --no-progress add ca-certificates bash git linux-pam s6 curl openssh socat

-ENV GOROOT /goroot
-ENV GOPATH /gopath
-ENV PATH $PATH:$GOROOT/bin:$GOPATH/bin
-
-COPY . /gopath/src/github.com/gogits/gogs/
-WORKDIR /gopath/src/github.com/gogits/gogs/
-
-# Build binary and clean up useless files
-RUN mkdir /goroot && \
-	curl https://storage.googleapis.com/golang/go1.5.linux-amd64.tar.gz | tar xzf - -C /goroot --strip-components=1 && \
-	go get -v -tags "sqlite redis memcache cert pam" && \
-	go build -tags "sqlite redis memcache cert pam" && \
-	mkdir /app/ && \
-	mv /gopath/src/github.com/gogits/gogs/ /app/gogs/ && \
-	rm -r $GOROOT $GOPATH
-
-WORKDIR /app/gogs/
-
-RUN useradd --shell /bin/bash --system --comment gogits git
-
-# SSH login fix, otherwise user is kicked off after login
-RUN mkdir /var/run/sshd && \
-	sed 's@session\s*required\s*pam_loginuid.so@session optional pam_loginuid.so@g' -i /etc/pam.d/sshd && \
-	sed 's@UsePrivilegeSeparation yes@UsePrivilegeSeparation no@' -i /etc/ssh/sshd_config && \
-	echo "export VISIBLE=now" >> /etc/profile && \
-	echo "PermitUserEnvironment yes" >> /etc/ssh/sshd_config
-
-# Setup server keys on startup
-RUN sed 's@^HostKey@\#HostKey@' -i /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_rsa_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_dsa_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_ecdsa_key" >> /etc/ssh/sshd_config && \
-	echo "HostKey /data/ssh/ssh_host_ed25519_key" >> /etc/ssh/sshd_config
-
-# Prepare data
 ENV GOGS_CUSTOM /data/gogs
-RUN echo "export GOGS_CUSTOM=/data/gogs" >> /etc/profile

+COPY . /app/gogs/
+WORKDIR /app/gogs/
+RUN ./docker/build.sh
+
+# Configure LibC Name Service
+COPY docker/nsswitch.conf /etc/nsswitch.conf
+
+# Configure Docker Container
+VOLUME ["/data"]
 EXPOSE 22 3000
-ENTRYPOINT []
-CMD ["./docker/start.sh"]
+ENTRYPOINT ["docker/start.sh"]
+CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
--- a/Dockerfile.rpi
+++ b/Dockerfile.rpi
@@ -0,0 +1,26 @@
+FROM hypriot/rpi-alpine-scratch:v3.2
+MAINTAINER jp@roemer.im, raxetul@gmail.com
+
+# Install system utils & Gogs runtime dependencies
+ADD https://github.com/tianon/gosu/releases/download/1.6/gosu-armhf /usr/sbin/gosu
+RUN echo "http://dl-4.alpinelinux.org/alpine/v3.3/main/"      | tee /etc/apk/repositories    \
+ && echo "http://dl-4.alpinelinux.org/alpine/v3.3/community/" | tee -a /etc/apk/repositories \
+ && echo "@edge http://dl-4.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories \
+ && apk -U --no-progress upgrade \
+ && apk -U --no-progress add ca-certificates bash git linux-pam s6@edge curl openssh socat \
+ && chmod +x /usr/sbin/gosu
+
+ENV GOGS_CUSTOM /data/gogs
+
+COPY . /app/gogs/
+WORKDIR /app/gogs/
+RUN ./docker/build.sh
+
+# Configure LibC Name Service
+COPY docker/nsswitch.conf /etc/nsswitch.conf
+
+# Configure Docker Container
+VOLUME ["/data"]
+EXPOSE 22 3000
+ENTRYPOINT ["docker/start.sh"]
+CMD ["/bin/s6-svscan", "/app/gogs/docker/s6/"]
--- a/55
+++ b/55
@@ -0,0 +1,55 @@
+LDFLAGS += -X "github.com/gogits/gogs/modules/setting.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
+LDFLAGS += -X "github.com/gogits/gogs/modules/setting.BuildGitHash=$(shell git rev-parse HEAD)"
+
+DATA_FILES := $(shell find conf | sed 's/ /\\ /g')
+LESS_FILES := $(wildcard public/less/gogs.less public/less/_*.less)
+GENERATED  := modules/bindata/bindata.go public/css/gogs.css
+
+TAGS = ""
+
+RELEASE_ROOT = "release"
+RELEASE_GOGS = "release/gogs"
+NOW = $(shell date -u '+%Y%m%d%I%M%S')
+
+.PHONY: build pack release bindata clean
+
+.IGNORE: public/css/gogs.css
+
+build: $(GENERATED)
+	go install -v -ldflags '$(LDFLAGS)' -tags '$(TAGS)'
+	cp '$(GOPATH)/bin/gogs' .
+
+govet:
+	go tool vet -composites=false -methods=false -structtags=false .
+
+build-dev: $(GENERATED) govet
+	go install -v -race -tags '$(TAGS)'
+	cp '$(GOPATH)/bin/gogs' .
+
+pack:
+	rm -rf $(RELEASE_GOGS)
+	mkdir -p $(RELEASE_GOGS)
+	cp -r gogs LICENSE README.md README_ZH.md templates public scripts $(RELEASE_GOGS)
+	rm -rf $(RELEASE_GOGS)/public/config.codekit $(RELEASE_GOGS)/public/less
+	cd $(RELEASE_ROOT) && zip -r gogs.$(NOW).zip "gogs"
+
+release: build pack
+
+bindata: modules/bindata/bindata.go
+
+modules/bindata/bindata.go: $(DATA_FILES)
+	go-bindata -o=$@ -ignore="\\.DS_Store|README.md|TRANSLATORS" -pkg=bindata conf/...
+
+less: public/css/gogs.css
+
+public/css/gogs.css: $(LESS_FILES)
+	lessc $< $@
+
+clean:
+	go clean -i ./...
+
+clean-mac: clean
+	find . -name ".DS_Store" -print0 | xargs -0 rm
+
+test:
+	go test -cover -race ./...
--- a/README.md
+++ b/README.md
@@ -1,74 +1,61 @@
-Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?branch=master)](https://travis-ci.org/gogits/gogs)
+Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?branch=master)](https://travis-ci.org/gogits/gogs) [![Docker Repository on Quay](https://quay.io/repository/gogs/gogs/status "Docker Repository on Quay")](https://quay.io/repository/gogs/gogs) [![Crowdin](https://d322cqt584bo4o.cloudfront.net/gogs/localized.svg)](https://crowdin.com/project/gogs) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gogits/gogs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 =====================

-[![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/gogits/gogs?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)

-![](public/img/gogs-large-resize.png)
+##### Current version: 0.8.43

-##### Current version: 0.6.15 Beta
-
-<table>
-    <tr>
-        <td width="33%"><img src="http://gogs.io/imgs/screenshoots/1.png"></td>
-        <td width="33%"><img src="http://gogs.io/imgs/screenshoots/2.png"></td>
-        <td width="33%"><img src="http://gogs.io/imgs/screenshoots/3.png"></td>
-    </tr>
-    <tr>
-        <td><img src="http://gogs.io/imgs/screenshoots/4.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/5.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/6.png"></td>
-    </tr>
-    <tr>
-        <td><img src="http://gogs.io/imgs/screenshoots/7.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/8.png"></td>
-        <td><img src="http://gogs.io/imgs/screenshoots/9.png"></td>
-    </tr>
-</table>
+| Web | UI  | Preview  |
+|:-------------:|:-------:|:-------:|
+|![Dashboard](https://gogs.io/img/screenshots/1.png)|![Repository](https://gogs.io/img/screenshots/2.png)|![Commits History](https://gogs.io/img/screenshots/3.png)|
+|![Profile](https://gogs.io/img/screenshots/4.png)|![Admin Dashboard](https://gogs.io/img/screenshots/5.png)|![Diff](https://gogs.io/img/screenshots/6.png)|
+|![Issues](https://gogs.io/img/screenshots/7.png)|![Releases](https://gogs.io/img/screenshots/8.png)|![Organization](https://gogs.io/img/screenshots/9.png)|

 ### NOTICES

- Due to testing purpose, data of [try.gogs.io](https://try.gogs.io) has been reset in **Jan 28, 2015** and will reset multiple times after. Please do **NOT** put your important data on the site.
- The demo site [try.gogs.io](https://try.gogs.io) is running under `develop` branch.
- :exclamation::exclamation::exclamation:<span style="color: red">You **MUST** read [CONTRIBUTING.md](CONTRIBUTING.md) before you start filing an issue or making a Pull Request, and **MUST** discuss with us on [Gitter](https://gitter.im/gogits/gogs) for UI changes and feature Pull Requests, otherwise it's high possibilities that we are not going to merge it.</span>:exclamation::exclamation::exclamation:
- If you think there are vulnerabilities in the project, please talk privately to **u@gogs.io**. Thanks!
+1. :bangbang: You **MUST** **MUST** **MUST** read [CONTRIBUTING.md](https://github.com/gogits/gogs/blob/master/.github/CONTRIBUTING.md) for bug report and contributing code. :bangbang:
+2. **PLEASE** **PLEASE** **PLEASE** [ask questions](https://discuss.gogs.io/c/getting-help) on [the forum](https://discuss.gogs.io/). GitHub issue tracker only keeps **bugs** and **feature requests**, all other topics will be closed without reason.
+3. Due to testing purpose, data of [try.gogs.io](https://try.gogs.io) was reset in **Jan 28, 2015** and will reset multiple times after. Please do **NOT** put your important data on the site.
+4. The demo site [try.gogs.io](https://try.gogs.io) is running under `develop` branch.
+5. If you think there are vulnerabilities in the project, please talk privately to **u@gogs.io**. Thanks!
+6. If you're interested in using APIs, we have experimental support with [documentation](https://github.com/gogits/go-gogs-client/wiki).
+7. If your team/company is using Gogs and would like to put your logo on [our website](http://gogs.io), contact us by any means.

-#### Other language version
-
- [简体中文](README_ZH.md)
+[简体中文](README_ZH.md)

 ## Purpose

-The goal of this project is to make the easiest, fastest, and most painless way to set up a self-hosted Git service. With Go, this can be done via an independent binary distribution across **ALL platforms** that Go supports, including Linux, Mac OS X, and Windows.
+The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. With Go, this can be done with an independent binary distribution across **ALL platforms** that Go supports, including Linux, Mac OS X, Windows and ARM.

 ## Overview

- Please see the [Documentation](http://gogs.io/docs/intro/) for project design, known issues, and change log.
+- Please see the [Documentation](http://gogs.io/docs/intro) for common usages and change log.
 - See the [Trello Board](https://trello.com/b/uxAoeLUl/gogs-go-git-service) to follow the develop team.
- Want to try it before doing anything else? Do it [online](https://try.gogs.io/gogs/gogs) or go down to the **Installation -> Install from binary** section!
- Having trouble? Get help with [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.md).
+- Want to try it before doing anything else? Do it [online](https://try.gogs.io/gogs/gogs)!
+- Having trouble? Get help with [Troubleshooting](http://gogs.io/docs/intro/troubleshooting.html).
 - Want to help with localization? Check out the [guide](http://gogs.io/docs/features/i18n.html)!

 ## Features

 - Activity timeline
- SSH/HTTP(S) protocol support
- SMTP/LDAP/reverse proxy authentication support
- Reverse proxy suburl support
- Account/Organization(with team)/Repository management
- Repository/Organization webhooks(including Slack)
+- SSH and HTTP/HTTPS protocols
+- SMTP/LDAP/Reverse proxy authentication
+- Reverse proxy with sub-path
+- Account/Organization/Repository management
+- Repository/Organization webhooks (including Slack)
 - Repository Git hooks/deploy keys
- Add/remove repository collaborators
- Gravatar and custom source support
+- Repository issues, pull requests and wiki
+- Add/Remove repository collaborators
+- Gravatar and custom source
 - Mail service
 - Administration panel
- CI integration: [Drone](https://github.com/drone/drone)
- Supports MySQL, PostgreSQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb)
+- Supports MySQL, PostgreSQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb) (experimental)
 - Multi-language support ([14 languages](https://crowdin.com/project/gogs))

 ## System Requirements

 - A cheap Raspberry Pi is powerful enough for basic functionality.
- At least 2 CPU cores and 1GB RAM would be the baseline for teamwork.
+- 2 CPU cores and 1GB RAM would be the baseline for teamwork.

 ## Browser Support

@@ -77,13 +64,13 @@ The goal of this project is to make the easiest, fastest, and most painless way

 ## Installation

-Make sure you install the [prerequisites](http://gogs.io/docs/installation/) first.
+Make sure you install the [prerequisites](http://gogs.io/docs/installation) first.

 There are 5 ways to install Gogs:

- [Install from binary](http://gogs.io/docs/installation/install_from_binary.md)
- [Install from source](http://gogs.io/docs/installation/install_from_source.md)
- [Install from packages](http://gogs.io/docs/installation/install_from_packages.md)
+- [Install from binary](http://gogs.io/docs/installation/install_from_binary.html)
+- [Install from source](http://gogs.io/docs/installation/install_from_source.html)
+- [Install from packages](http://gogs.io/docs/installation/install_from_packages.html)
 - [Ship with Docker](https://github.com/gogits/gogs/tree/master/docker)
 - [Install with Vagrant](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)

@@ -91,31 +78,52 @@ There are 5 ways to install Gogs:

 - [How To Set Up Gogs on Ubuntu 14.04](https://www.digitalocean.com/community/tutorials/how-to-set-up-gogs-on-ubuntu-14-04)
 - [Run your own GitHub-like service with the help of Docker](http://blog.hypriot.com/post/run-your-own-github-like-service-with-docker/)
+- [使用 Gogs 搭建自己的 Git 服务器](https://mynook.info/blog/post/host-your-own-git-server-using-gogs) (Chinese)
 - [阿里云上 Ubuntu 14.04 64 位安装 Gogs](http://my.oschina.net/luyao/blog/375654) (Chinese)
 - [Installing Gogs on FreeBSD](https://www.codejam.info/2015/03/installing-gogs-on-freebsd.html)
 - [Gogs on Raspberry Pi](http://blog.meinside.pe.kr/Gogs-on-Raspberry-Pi/)
+- [Cloudflare Full SSL with GOGS (Go Git Service) using NGINX](http://www.listekconsulting.com/articles/cloudflare-full-ssl-with-gogs-go-git-service-using-nginx/)

 ### Screencasts

- [Instalando Gogs no Ubuntu](http://blog.linuxpro.com.br/2015/08/14/instalando-gogs-no-ubuntu/) (Português)
+- [Instalando Gogs no Ubuntu](https://www.youtube.com/watch?v=4UkHAR1F7ZA) (Português)

 ### Deploy to Cloud

 - [OpenShift](https://github.com/tkisme/gogs-openshift)
 - [Cloudron](https://cloudron.io/appstore.html#io.gogs.cloudronapp)
 - [Scaleway](https://www.scaleway.com/imagehub/gogs/)
+- [Portal](https://portaldemo.xyz/cloud/)
+- [Sandstorm](https://github.com/cem/gogs-sandstorm)
+- [sloppy.io](https://github.com/sloppyio/quickstarters/tree/master/gogs)
+- [YunoHost](https://github.com/mbugeia/gogs_ynh)
+
+## Software and Service Support
+
+- [Drone](https://github.com/drone/drone) (CI)
+- [Fabric8](http://fabric8.io/) (DevOps)
+- [Taiga](https://taiga.io/) (Project Management)
+- [Puppet](https://forge.puppetlabs.com/Siteminds/gogs) (IT)
+- [Kanboard](http://kanboard.net/plugin/gogs-webhook) (Project Management)
+- [BearyChat](https://bearychat.com/) (Team Communication)
+
+### Product Support
+
+- [Synology](https://www.synology.com) (Docker)
+- [One Space](http://www.onespace.cc) (App Store)

 ## Acknowledgments

- Router and middleware mechanism of [Macaron](https://github.com/Unknwon/macaron).
- Mail Service, modules design is inspired by [WeTalk](https://github.com/beego/wetalk).
+- Router and middleware mechanism of [Macaron](https://github.com/go-macaron/macaron).
 - System Monitor Status is inspired by [GoBlog](https://github.com/fuxiaohei/goblog).
 - Thanks [lavachen](http://www.lavachen.cn/) and [Rocker](http://weibo.com/rocker1989) for designing Logo.
 - Thanks [Crowdin](https://crowdin.com/project/gogs) for providing open source translation plan.
+- Thanks [DigitalOcean](https://www.digitalocean.com) for hosting home and demo sites.
+- Thanks [KeyCDN](https://www.keycdn.com/) for providing CDN service.

 ## Contributors

- Ex-team members [@lunny](https://github.com/lunny) and [@fuxiaohei](https://github.com/fuxiaohei).
+- Ex-team members [@lunny](https://github.com/lunny), [@fuxiaohei](https://github.com/fuxiaohei) and [@slene](https://github.com/slene).
 - See [contributors page](https://github.com/gogits/gogs/graphs/contributors) for full list of contributors.
 - See [TRANSLATORS](conf/locale/TRANSLATORS) for public list of translators.

--- a/README_ZH.md
+++ b/README_ZH.md
@@ -1,35 +1,35 @@
 Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?branch=master)](https://travis-ci.org/gogits/gogs)
 =====================

-Gogs (Go Git Service) 是一款可轻易搭建的自助 Git 服务。
+Gogs (Go Git Service) 是一款极易搭建的自助 Git 服务。

 ## 开发目的

-Gogs 的目标是打造一个最简单、最快速和最轻松的方式搭建自助 Git 服务。使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发，并且支持 Go 语言支持的 **所有平台**，包括 Linux、Mac OS X 以及 Windows。
+Gogs 的目标是打造一个最简单、最快速和最轻松的方式搭建自助 Git 服务。使用 Go 语言开发使得 Gogs 能够通过独立的二进制分发，并且支持 Go 语言支持的 **所有平台**，包括 Linux、Mac OS X、Windows 以及 ARM 平台。

 ## 项目概览

- 有关项目设计、已知问题和变更日志，请通过 [使用手册](http://gogs.io/docs/intro/) 查看。
+- 有关基本用法和变更日志，请通过 [使用手册](http://gogs.io/docs/intro/) 查看。
 - 您可以到 [Trello Board](https://trello.com/b/uxAoeLUl/gogs-go-git-service) 跟随开发团队的脚步。
- 想要先睹为快？通过 [在线体验](https://try.gogs.io/gogs/gogs) 或查看 **安装部署 -> 二进制安装** 小节。
- 使用过程中遇到问题？尝试从 [故障排查](http://gogs.io/docs/intro/troubleshooting.md) 页面获取帮助。
+- 想要先睹为快？直接去 [在线体验](https://try.gogs.io/gogs/gogs) 。
+- 使用过程中遇到问题？尝试从 [故障排查](http://gogs.io/docs/intro/troubleshooting.html) 页面获取帮助。
 - 希望帮助多国语言界面的翻译吗？请立即访问 [详情页面](http://gogs.io/docs/features/i18n.html)！

 ## 功能特性

 - 支持活动时间线
- 支持 SSH/HTTP(S) 协议
- 支持 SMTP/LDAP/反向代理的用户认证
+- 支持 SSH 以及 HTTP/HTTPS 协议
+- 支持 SMTP、LDAP 和反向代理的用户认证
 - 支持反向代理子路径
 - 支持用户、组织和仓库管理系统
 - 支持仓库和组织级别 Web 钩子（包括 Slack 集成）
 - 支持仓库 Git 钩子和部署密钥
- 支持 添加/删除 仓库协作者
+- 支持仓库工单（Issue）、合并请求（Pull Request）以及 Wiki
+- 支持添加和删除仓库协作者
 - 支持 Gravatar 以及自定义源
 - 支持邮件服务
 - 支持后台管理面板
- 支持 CI 集成：[Drone](https://github.com/drone/drone)
- 支持 MySQL、PostgreSQL、SQLite3 和 [TiDB](https://github.com/pingcap/tidb) 数据库
+- 支持 MySQL、PostgreSQL、SQLite3 和 [TiDB](https://github.com/pingcap/tidb)（实验性支持） 数据库
 - 支持多语言本地化（[14 种语言]([more](https://crowdin.com/project/gogs))）

 ## 系统要求
@@ -44,27 +44,57 @@ Gogs 的目标是打造一个最简单、最快速和最轻松的方式搭建自

 ## 安装部署

-在安装 Gogs 之前，您需要先安装 [基本环境](http://gogs.io/docs/installation/)。
+在安装 Gogs 之前，您需要先安装 [基本环境](http://gogs.io/docs/installation)。

 然后，您可以通过以下 5 种方式来安装 Gogs：

- [二进制安装](http://gogs.io/docs/installation/install_from_binary.md)
- [源码安装](http://gogs.io/docs/installation/install_from_source.md)
- [包管理安装](http://gogs.io/docs/installation/install_from_packages.md)
+- [二进制安装](http://gogs.io/docs/installation/install_from_binary.html)
+- [源码安装](http://gogs.io/docs/installation/install_from_source.html)
+- [包管理安装](http://gogs.io/docs/installation/install_from_packages.html)
 - [采用 Docker 部署](https://github.com/gogits/gogs/tree/master/docker)
 - [通过 Vagrant 安装](https://github.com/geerlingguy/ansible-vagrant-examples/tree/master/gogs)

+### 使用教程
+
+- [使用 Gogs 搭建自己的 Git 服务器](https://mynook.info/blog/post/host-your-own-git-server-using-gogs)
+- [阿里云上 Ubuntu 14.04 64 位安装 Gogs](http://my.oschina.net/luyao/blog/375654)
+
+### 云端部署
+
+- [OpenShift](https://github.com/tkisme/gogs-openshift)
+- [Cloudron](https://cloudron.io/appstore.html#io.gogs.cloudronapp)
+- [Scaleway](https://www.scaleway.com/imagehub/gogs/)
+- [Portal](https://portaldemo.xyz/cloud/)
+- [Sandstorm](https://github.com/cem/gogs-sandstorm)
+- [sloppy.io](https://github.com/sloppyio/quickstarters/tree/master/gogs)
+- [YunoHost](https://github.com/mbugeia/gogs_ynh)
+
+## 软件及服务支持
+
+- [Drone](https://github.com/drone/drone)（CI）
+- [Fabric8](http://fabric8.io/)（DevOps）
+- [Taiga](https://taiga.io/)（项目管理）
+- [Puppet](https://forge.puppetlabs.com/Siteminds/gogs)（IT）
+- [Kanboard](http://kanboard.net/plugin/gogs-webhook)（项目管理）
+- [BearyChat](https://bearychat.com/)（团队交流）
+
+### 产品支持
+
+- [Synology](https://www.synology.com)（Docker）
+- [One Space](http://www.onespace.cc)（应用商店）
+
 ## 特别鸣谢

- 基于 [Macaron](https://github.com/Unknwon/macaron) 的路由与中间件机制。
- 基于 [WeTalk](https://github.com/beego/wetalk) 修改的邮件服务和模块设计。
+- 基于 [Macaron](https://github.com/go-macaron/macaron) 的路由与中间件机制。
 - 基于 [GoBlog](https://github.com/fuxiaohei/goblog) 修改的系统监视状态。
 - 感谢 [lavachen](http://www.lavachen.cn/) 和 [Rocker](http://weibo.com/rocker1989) 设计的 Logo。
 - 感谢 [Crowdin](https://crowdin.com/project/gogs) 提供免费的开源项目本地化支持。
+- 感谢 [DigitalOcean](https://www.digitalocean.com) 提供主站和体验站点的服务器赞助。
+- 感谢 [KeyCDN](https://www.keycdn.com/) 提供 CDN 服务赞助。

 ## 贡献成员

- 前团队成员 [@lunny](https://github.com/lunny) 和 [@fuxiaohei](https://github.com/fuxiaohei)。
+- 前团队成员 [@lunny](https://github.com/lunny)、[@fuxiaohei](https://github.com/fuxiaohei) 和 [@slene](https://github.com/slene)。
 - 您可以通过查看 [贡献者页面](https://github.com/gogits/gogs/graphs/contributors) 获取完整的贡献者列表。
 - 您可以通过查看 [TRANSLATORS](conf/locale/TRANSLATORS) 文件获取公开的翻译人员列表。

--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -32,12 +32,12 @@ var CmdCert = cli.Command{
 Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
 	Action: runCert,
 	Flags: []cli.Flag{
-		cli.StringFlag{"host", "", "Comma-separated hostnames and IPs to generate a certificate for", ""},
-		cli.StringFlag{"ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521", ""},
-		cli.IntFlag{"rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set", ""},
-		cli.StringFlag{"start-date", "", "Creation date formatted as Jan 1 15:04:05 2011", ""},
-		cli.DurationFlag{"duration", 365 * 24 * time.Hour, "Duration that certificate is valid for", ""},
-		cli.BoolFlag{"ca", "whether this cert should be its own Certificate Authority", ""},
+		stringFlag("host", "", "Comma-separated hostnames and IPs to generate a certificate for"),
+		stringFlag("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521"),
+		intFlag("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set"),
+		stringFlag("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011"),
+		durationFlag("duration", 365*24*time.Hour, "Duration that certificate is valid for"),
+		boolFlag("ca", "whether this cert should be its own Certificate Authority"),
 	},
 }

@@ -114,7 +114,7 @@ func runCert(ctx *cli.Context) {
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
 			Organization: []string{"Acme Co"},
-			CommonName: "Gogs",
+			CommonName:   "Gogs",
 		},
 		NotBefore: notBefore,
 		NotAfter:  notAfter,
--- a/cmd/cert_stub.go
+++ b/cmd/cert_stub.go
@@ -14,11 +14,10 @@ import (
 )

 var CmdCert = cli.Command{
-	Name:  "cert",
-	Usage: "Generate self-signed certificate",
-	Description: `Generate a self-signed X.509 certificate for a TLS server. 
-Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
-	Action: runCert,
+	Name:        "cert",
+	Usage:       "Generate self-signed certificate",
+	Description: `Please use build tags "cert" to rebuild Gogs in order to have this ability`,
+	Action:      runCert,
 }

 func runCert(ctx *cli.Context) {
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -0,0 +1,42 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"time"
+
+	"github.com/codegangsta/cli"
+)
+
+func stringFlag(name, value, usage string) cli.StringFlag {
+	return cli.StringFlag{
+		Name:  name,
+		Value: value,
+		Usage: usage,
+	}
+}
+
+func boolFlag(name, usage string) cli.BoolFlag {
+	return cli.BoolFlag{
+		Name:  name,
+		Usage: usage,
+	}
+}
+
+func intFlag(name string, value int, usage string) cli.IntFlag {
+	return cli.IntFlag{
+		Name:  name,
+		Value: value,
+		Usage: usage,
+	}
+}
+
+func durationFlag(name string, value time.Duration, usage string) cli.DurationFlag {
+	return cli.DurationFlag{
+		Name:  name,
+		Value: value,
+		Usage: usage,
+	}
+}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -11,6 +11,8 @@ import (
 	"path"
 	"time"

+	"io/ioutil"
+
 	"github.com/Unknwon/cae/zip"
 	"github.com/codegangsta/cli"

@@ -25,8 +27,8 @@ var CmdDump = cli.Command{
 It can be used for backup and capture Gogs server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
-		cli.BoolFlag{"verbose, v", "show process details", ""},
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
+		boolFlag("verbose, v", "show process details"),
 	},
 }

@@ -38,16 +40,23 @@ func runDump(ctx *cli.Context) {
 	models.LoadConfigs()
 	models.SetEngine()

+	TmpWorkDir, err := ioutil.TempDir(os.TempDir(), "gogs-dump-")
+	if err != nil {
+		log.Fatalf("Fail to create tmp work directory: %v", err)
+	}
+	log.Printf("Creating tmp work dir: %s", TmpWorkDir)
+
+	reposDump := path.Join(TmpWorkDir, "gogs-repo.zip")
+	dbDump := path.Join(TmpWorkDir, "gogs-db.sql")
+
 	log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
 	zip.Verbose = ctx.Bool("verbose")
-	defer os.Remove("gogs-repo.zip")
-	if err := zip.PackTo(setting.RepoRootPath, "gogs-repo.zip", true); err != nil {
+	if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
 		log.Fatalf("Fail to dump local repositories: %v", err)
 	}

 	log.Printf("Dumping database...")
-	defer os.Remove("gogs-db.sql")
-	if err := models.DumpDatabase("gogs-db.sql"); err != nil {
+	if err := models.DumpDatabase(dbDump); err != nil {
 		log.Fatalf("Fail to dump database: %v", err)
 	}

@@ -59,16 +68,30 @@ func runDump(ctx *cli.Context) {
 		log.Fatalf("Fail to create %s: %v", fileName, err)
 	}

-	workDir, _ := setting.WorkDir()
-	z.AddFile("gogs-repo.zip", path.Join(workDir, "gogs-repo.zip"))
-	z.AddFile("gogs-db.sql", path.Join(workDir, "gogs-db.sql"))
-	z.AddDir("custom", path.Join(workDir, "custom"))
-	z.AddDir("log", path.Join(workDir, "log"))
+	if err := z.AddFile("gogs-repo.zip", reposDump); err !=nil {
+		log.Fatalf("Fail to include gogs-repo.zip: %v", err)
+	}
+	if err := z.AddFile("gogs-db.sql", dbDump); err !=nil {
+		log.Fatalf("Fail to include gogs-db.sql: %v", err)
+	}
+	customDir, err := os.Stat(setting.CustomPath)
+	if err == nil && customDir.IsDir() {
+		if err := z.AddDir("custom", setting.CustomPath); err !=nil {
+			log.Fatalf("Fail to include custom: %v", err)
+	    }
+	} else {
+		log.Printf("Custom dir %s doesn't exist, skipped", setting.CustomPath)
+	}
+	if err := z.AddDir("log", setting.LogRootPath); err !=nil {
+		log.Fatalf("Fail to include log: %v", err)
+	}
 	// FIXME: SSH key file.
 	if err = z.Close(); err != nil {
 		os.Remove(fileName)
 		log.Fatalf("Fail to save %s: %v", fileName, err)
 	}

-	log.Println("Finish dumping!")
+	log.Printf("Removing tmp work dir: %s", TmpWorkDir)
+	os.RemoveAll(TmpWorkDir)
+	log.Printf("Finish dumping in file %s", fileName)
 }
--- a/cmd/serve.go
+++ b/cmd/serve.go
@@ -5,6 +5,7 @@
 package cmd

 import (
+	"crypto/tls"
 	"fmt"
 	"os"
 	"os/exec"
@@ -14,12 +15,13 @@ import (

 	"github.com/Unknwon/com"
 	"github.com/codegangsta/cli"
+	gouuid "github.com/satori/go.uuid"

 	"github.com/gogits/gogs/models"
+	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/httplib"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
-	"github.com/gogits/gogs/modules/uuid"
 )

 const (
@@ -32,7 +34,7 @@ var CmdServ = cli.Command{
 	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
 	},
 }

@@ -40,11 +42,6 @@ func setup(logPath string) {
 	setting.NewContext()
 	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))

-	if setting.DisableSSH {
-		println("Gogs: SSH has been disabled")
-		os.Exit(1)
-	}
-
 	models.LoadConfigs()

 	if setting.UseSQLite3 || setting.UseTiDB {
@@ -64,7 +61,7 @@ func parseCmd(cmd string) (string, string) {
 }

 var (
-	COMMANDS = map[string]models.AccessMode{
+	allowedCommands = map[string]models.AccessMode{
 		"git-upload-pack":    models.ACCESS_MODE_READ,
 		"git-upload-archive": models.ACCESS_MODE_READ,
 		"git-receive-pack":   models.ACCESS_MODE_WRITE,
@@ -73,15 +70,77 @@ var (

 func fail(userMessage, logMessage string, args ...interface{}) {
 	fmt.Fprintln(os.Stderr, "Gogs:", userMessage)
-	log.GitLogger.Fatal(3, logMessage, args...)
+
+	if len(logMessage) > 0 {
+		if !setting.ProdMode {
+			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
+		}
+		log.GitLogger.Fatal(3, logMessage, args...)
+		return
+	}
+
+	log.GitLogger.Close()
+	os.Exit(1)
+}
+
+func handleUpdateTask(uuid string, user, repoUser *models.User, reponame string, isWiki bool) {
+	task, err := models.GetUpdateTaskByUUID(uuid)
+	if err != nil {
+		if models.IsErrUpdateTaskNotExist(err) {
+			log.GitLogger.Trace("No update task is presented: %s", uuid)
+			return
+		}
+		log.GitLogger.Fatal(2, "GetUpdateTaskByUUID: %v", err)
+	} else if err = models.DeleteUpdateTaskByUUID(uuid); err != nil {
+		log.GitLogger.Fatal(2, "DeleteUpdateTaskByUUID: %v", err)
+	}
+
+	if isWiki {
+		return
+	}
+
+	if err = models.PushUpdate(models.PushUpdateOptions{
+		RefName:      task.RefName,
+		OldCommitID:  task.OldCommitID,
+		NewCommitID:  task.NewCommitID,
+		PusherID:     user.Id,
+		PusherName:   user.Name,
+		RepoUserName: repoUser.Name,
+		RepoName:     reponame,
+	}); err != nil {
+		log.GitLogger.Error(2, "Update: %v", err)
+	}
+
+	// Ask for running deliver hook and test pull request tasks.
+	reqURL := setting.LocalURL + repoUser.Name + "/" + reponame + "/tasks/trigger?branch=" +
+		strings.TrimPrefix(task.RefName, "refs/heads/") + "&secret=" + base.EncodeMD5(repoUser.Salt)
+	log.GitLogger.Trace("Trigger task: %s", reqURL)
+
+	resp, err := httplib.Head(reqURL).SetTLSClientConfig(&tls.Config{
+		InsecureSkipVerify: true,
+	}).Response()
+	if err == nil {
+		resp.Body.Close()
+		if resp.StatusCode/100 != 2 {
+			log.GitLogger.Error(2, "Fail to trigger task: not 2xx response code")
+		}
+	} else {
+		log.GitLogger.Error(2, "Fail to trigger task: %v", err)
+	}
 }

 func runServ(c *cli.Context) {
 	if c.IsSet("config") {
 		setting.CustomConf = c.String("config")
 	}
+
 	setup("serv.log")

+	if setting.DisableSSH {
+		println("Gogs: SSH has been disabled")
+		return
+	}
+
 	if len(c.Args()) < 1 {
 		fail("Not enough arguments", "Not enough arguments")
 	}
@@ -94,35 +153,46 @@ func runServ(c *cli.Context) {
 	}

 	verb, args := parseCmd(cmd)
-	repoPath := strings.Trim(args, "'")
+	repoPath := strings.ToLower(strings.Trim(args, "'"))
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
 		fail("Invalid repository path", "Invalid repository path: %v", args)
 	}
-	repoUserName := rr[0]
-	repoName := strings.TrimSuffix(rr[1], ".git")
+	username := strings.ToLower(rr[0])
+	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))

-	repoUser, err := models.GetUserByName(repoUserName)
-	if err != nil {
-		if models.IsErrUserNotExist(err) {
-			fail("Repository owner does not exist", "Unregistered owner: %s", repoUserName)
-		}
-		fail("Internal error", "Failed to get repository owner(%s): %v", repoUserName, err)
+	isWiki := false
+	if strings.HasSuffix(reponame, ".wiki") {
+		isWiki = true
+		reponame = reponame[:len(reponame)-5]
 	}

-	repo, err := models.GetRepositoryByName(repoUser.Id, repoName)
+	repoUser, err := models.GetUserByName(username)
+	if err != nil {
+		if models.IsErrUserNotExist(err) {
+			fail("Repository owner does not exist", "Unregistered owner: %s", username)
+		}
+		fail("Internal error", "Failed to get repository owner (%s): %v", username, err)
+	}
+
+	repo, err := models.GetRepositoryByName(repoUser.Id, reponame)
 	if err != nil {
 		if models.IsErrRepoNotExist(err) {
-			fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, repoName)
+			fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", repoUser.Name, reponame)
 		}
 		fail("Internal error", "Failed to get repository: %v", err)
 	}

-	requestedMode, has := COMMANDS[verb]
+	requestedMode, has := allowedCommands[verb]
 	if !has {
 		fail("Unknown git command", "Unknown git command %s", verb)
 	}

+	// Prohibit push to mirror repositories.
+	if requestedMode > models.ACCESS_MODE_READ && repo.IsMirror {
+		fail("mirror repository is read-only", "")
+	}
+
 	// Allow anonymous clone for public repositories.
 	var (
 		keyID int64
@@ -131,12 +201,12 @@ func runServ(c *cli.Context) {
 	if requestedMode == models.ACCESS_MODE_WRITE || repo.IsPrivate {
 		keys := strings.Split(c.Args()[0], "-")
 		if len(keys) != 2 {
-			fail("Key ID format error", "Invalid key ID: %s", c.Args()[0])
+			fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
 		}

 		key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
 		if err != nil {
-			fail("Key ID format error", "Invalid key ID[%s]: %v", c.Args()[0], err)
+			fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
 		}
 		keyID = key.ID

@@ -147,7 +217,7 @@ func runServ(c *cli.Context) {
 			}
 			// Check if this deploy key belongs to current repository.
 			if !models.HasDeployKey(key.ID, repo.ID) {
-				fail("Key access denied", "Key access denied: %d-%d", key.ID, repo.ID)
+				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 			}

 			// Update deploy key activity.
@@ -161,7 +231,7 @@ func runServ(c *cli.Context) {
 				fail("Internal error", "UpdateDeployKey: %v", err)
 			}
 		} else {
-			user, err = models.GetUserByKeyId(key.ID)
+			user, err = models.GetUserByKeyID(key.ID)
 			if err != nil {
 				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
 			}
@@ -181,9 +251,14 @@ func runServ(c *cli.Context) {
 		}
 	}

-	uuid := uuid.NewV4().String()
+	uuid := gouuid.NewV4().String()
 	os.Setenv("uuid", uuid)

+	// Special handle for Windows.
+	if setting.IsWindows {
+		verb = strings.Replace(verb, "-", " ", 1)
+	}
+
 	var gitcmd *exec.Cmd
 	verbs := strings.Split(verb, " ")
 	if len(verbs) == 2 {
@@ -200,28 +275,7 @@ func runServ(c *cli.Context) {
 	}

 	if requestedMode == models.ACCESS_MODE_WRITE {
-		tasks, err := models.GetUpdateTasksByUuid(uuid)
-		if err != nil {
-			log.GitLogger.Fatal(2, "GetUpdateTasksByUuid: %v", err)
-		}
-
-		for _, task := range tasks {
-			err = models.Update(task.RefName, task.OldCommitId, task.NewCommitId,
-				user.Name, repoUserName, repoName, user.Id)
-			if err != nil {
-				log.GitLogger.Error(2, "Failed to update: %v", err)
-			}
-		}
-
-		if err = models.DelUpdateTasksByUuid(uuid); err != nil {
-			log.GitLogger.Fatal(2, "DelUpdateTasksByUuid: %v", err)
-		}
-	}
-
-	// Send deliver hook request.
-	resp, err := httplib.Head(setting.AppUrl + setting.AppSubUrl + repoUserName + "/" + repoName + "/hooks/trigger").Response()
-	if err == nil {
-		resp.Body.Close()
+		handleUpdateTask(uuid, user, repoUser, reponame, isWiki)
 	}

 	// Update user key activity.
--- a/cmd/update.go
+++ b/cmd/update.go
@@ -16,11 +16,11 @@ import (

 var CmdUpdate = cli.Command{
 	Name:        "update",
-	Usage:       "This command should only be called by SSH shell",
+	Usage:       "This command should only be called by Git hook",
 	Description: `Update get pushed info and insert into database`,
 	Action:      runUpdate,
 	Flags: []cli.Flag{
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
 	},
 }

@@ -28,30 +28,29 @@ func runUpdate(c *cli.Context) {
 	if c.IsSet("config") {
 		setting.CustomConf = c.String("config")
 	}
-	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
-	if cmd == "" {
-		return
-	}

 	setup("update.log")

-	args := c.Args()
-	if len(args) != 3 {
-		log.GitLogger.Fatal(2, "received less 3 parameters")
-	} else if args[0] == "" {
-		log.GitLogger.Fatal(2, "refName is empty, shouldn't use")
+	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+		log.GitLogger.Trace("SSH_ORIGINAL_COMMAND is empty")
+		return
 	}

-	uuid := os.Getenv("uuid")
+	args := c.Args()
+	if len(args) != 3 {
+		log.GitLogger.Fatal(2, "Arguments received are not equal to three")
+	} else if len(args[0]) == 0 {
+		log.GitLogger.Fatal(2, "First argument 'refName' is empty, shouldn't use")
+	}

 	task := models.UpdateTask{
-		Uuid:        uuid,
+		UUID:        os.Getenv("uuid"),
 		RefName:     args[0],
-		OldCommitId: args[1],
-		NewCommitId: args[2],
+		OldCommitID: args[1],
+		NewCommitID: args[2],
 	}

 	if err := models.AddUpdateTask(&task); err != nil {
-		log.GitLogger.Fatal(2, err.Error())
+		log.GitLogger.Fatal(2, "AddUpdateTask: %v", err)
 	}
 }
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -7,7 +7,7 @@ package cmd
 import (
 	"crypto/tls"
 	"fmt"
-	"html/template"
+	gotmpl "html/template"
 	"io/ioutil"
 	"net/http"
 	"net/http/fcgi"
@@ -15,33 +15,33 @@ import (
 	"path"
 	"strings"

-	"github.com/Unknwon/macaron"
 	"github.com/codegangsta/cli"
+	"github.com/go-macaron/binding"
+	"github.com/go-macaron/cache"
+	"github.com/go-macaron/captcha"
+	"github.com/go-macaron/csrf"
+	"github.com/go-macaron/gzip"
+	"github.com/go-macaron/i18n"
+	"github.com/go-macaron/session"
+	"github.com/go-macaron/toolbox"
 	"github.com/go-xorm/xorm"
-	"github.com/macaron-contrib/binding"
-	"github.com/macaron-contrib/cache"
-	"github.com/macaron-contrib/captcha"
-	"github.com/macaron-contrib/csrf"
-	"github.com/macaron-contrib/i18n"
-	"github.com/macaron-contrib/session"
-	"github.com/macaron-contrib/toolbox"
 	"github.com/mcuadros/go-version"
 	"gopkg.in/ini.v1"
+	"gopkg.in/macaron.v1"

-	api "github.com/gogits/go-gogs-client"
+	"github.com/gogits/git-module"
+	"github.com/gogits/go-gogs-client"

 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/auth"
-	"github.com/gogits/gogs/modules/auth/apiv1"
-	"github.com/gogits/gogs/modules/avatar"
-	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/bindata"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/middleware"
 	"github.com/gogits/gogs/modules/setting"
+	"github.com/gogits/gogs/modules/template"
 	"github.com/gogits/gogs/routers"
 	"github.com/gogits/gogs/routers/admin"
-	"github.com/gogits/gogs/routers/api/v1"
+	apiv1 "github.com/gogits/gogs/routers/api/v1"
 	"github.com/gogits/gogs/routers/dev"
 	"github.com/gogits/gogs/routers/org"
 	"github.com/gogits/gogs/routers/repo"
@@ -55,8 +55,8 @@ var CmdWeb = cli.Command{
 and it takes care of all the other things for you`,
 	Action: runWeb,
 	Flags: []cli.Flag{
-		cli.StringFlag{"port, p", "3000", "Temporary port number to prevent conflict", ""},
-		cli.StringFlag{"config, c", "custom/conf/app.ini", "Custom configuration file path", ""},
+		stringFlag("port, p", "3000", "Temporary port number to prevent conflict"),
+		stringFlag("config, c", "custom/conf/app.ini", "Custom configuration file path"),
 	},
 }

@@ -79,18 +79,21 @@ func checkVersion() {

 	// Check dependency version.
 	checkers := []VerChecker{
-		{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.4.3.0806"},
-		{"github.com/Unknwon/macaron", macaron.Version, "0.5.4"},
-		{"github.com/macaron-contrib/binding", binding.Version, "0.1.0"},
-		{"github.com/macaron-contrib/cache", cache.Version, "0.1.2"},
-		{"github.com/macaron-contrib/csrf", csrf.Version, "0.0.3"},
-		{"github.com/macaron-contrib/i18n", i18n.Version, "0.0.7"},
-		{"github.com/macaron-contrib/session", session.Version, "0.1.6"},
-		{"gopkg.in/ini.v1", ini.Version, "1.3.4"},
+		{"github.com/go-xorm/xorm", func() string { return xorm.Version }, "0.4.4.1029"},
+		{"github.com/go-macaron/binding", binding.Version, "0.2.1"},
+		{"github.com/go-macaron/cache", cache.Version, "0.1.2"},
+		{"github.com/go-macaron/csrf", csrf.Version, "0.0.3"},
+		{"github.com/go-macaron/i18n", i18n.Version, "0.2.0"},
+		{"github.com/go-macaron/session", session.Version, "0.1.6"},
+		{"github.com/go-macaron/toolbox", toolbox.Version, "0.1.0"},
+		{"gopkg.in/ini.v1", ini.Version, "1.8.4"},
+		{"gopkg.in/macaron.v1", macaron.Version, "0.8.0"},
+		{"github.com/gogits/git-module", git.Version, "0.2.7"},
+		{"github.com/gogits/go-gogs-client", gogs.Version, "0.7.3"},
 	}
 	for _, c := range checkers {
 		if !version.Compare(c.Version(), c.Expected, ">=") {
-			log.Fatal(4, "Package '%s' version is too old(%s -> %s), did you forget to update?", c.ImportPath, c.Version(), c.Expected)
+			log.Fatal(4, "Package '%s' version is too old (%s -> %s), did you forget to update?", c.ImportPath, c.Version(), c.Expected)
 		}
 	}
 }
@@ -103,7 +106,7 @@ func newMacaron() *macaron.Macaron {
 	}
 	m.Use(macaron.Recovery())
 	if setting.EnableGzip {
-		m.Use(macaron.Gziper())
+		m.Use(gzip.Gziper())
 	}
 	if setting.Protocol == setting.FCGI {
 		m.SetURLPrefix(setting.AppSubUrl)
@@ -123,7 +126,7 @@ func newMacaron() *macaron.Macaron {
 	))
 	m.Use(macaron.Renderer(macaron.RenderOptions{
 		Directory:  path.Join(setting.StaticRootPath, "templates"),
-		Funcs:      []template.FuncMap{base.TemplateFuncs},
+		Funcs:      []gotmpl.FuncMap{template.Funcs},
 		IndentJSON: macaron.Env != macaron.PROD,
 	}))

@@ -141,6 +144,7 @@ func newMacaron() *macaron.Macaron {
 		CustomDirectory: path.Join(setting.CustomPath, "conf/locale"),
 		Langs:           setting.Langs,
 		Names:           setting.Names,
+		DefaultLang:     "en-US",
 		Redirect:        true,
 	}))
 	m.Use(cache.Cacher(cache.Options{
@@ -184,7 +188,6 @@ func runWeb(ctx *cli.Context) {
 	ignSignInAndCsrf := middleware.Toggle(&middleware.ToggleOptions{DisableCsrf: true})
 	reqSignOut := middleware.Toggle(&middleware.ToggleOptions{SignOutRequire: true})

-	bind := binding.Bind
 	bindIgnErr := binding.BindIgnErr

 	// Routers.
@@ -195,52 +198,8 @@ func runWeb(ctx *cli.Context) {
 	m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)

 	// ***** START: API *****
-	// FIXME: custom form error response.
 	m.Group("/api", func() {
-		m.Group("/v1", func() {
-			// Miscellaneous.
-			m.Post("/markdown", bindIgnErr(apiv1.MarkdownForm{}), v1.Markdown)
-			m.Post("/markdown/raw", v1.MarkdownRaw)
-
-			// Users.
-			m.Group("/users", func() {
-				m.Get("/search", v1.SearchUsers)
-
-				m.Group("/:username", func() {
-					m.Get("", v1.GetUserInfo)
-
-					m.Group("/tokens", func() {
-						m.Combo("").Get(v1.ListAccessTokens).
-							Post(bind(v1.CreateAccessTokenForm{}), v1.CreateAccessToken)
-					}, middleware.ApiReqBasicAuth())
-				})
-			})
-
-			// Repositories.
-			m.Combo("/user/repos", middleware.ApiReqToken()).Get(v1.ListMyRepos).
-				Post(bind(api.CreateRepoOption{}), v1.CreateRepo)
-			m.Post("/org/:org/repos", middleware.ApiReqToken(), bind(api.CreateRepoOption{}), v1.CreateOrgRepo)
-
-			m.Group("/repos", func() {
-				m.Get("/search", v1.SearchRepos)
-
-				m.Group("", func() {
-					m.Post("/migrate", bindIgnErr(auth.MigrateRepoForm{}), v1.MigrateRepo)
-				}, middleware.ApiReqToken())
-
-				m.Group("/:username/:reponame", func() {
-					m.Combo("/hooks").Get(v1.ListRepoHooks).
-						Post(bind(api.CreateHookOption{}), v1.CreateRepoHook)
-					m.Patch("/hooks/:id:int", bind(api.EditHookOption{}), v1.EditRepoHook)
-					m.Get("/raw/*", middleware.RepoRef(), v1.GetRepoRawFile)
-					m.Get("/archive/*", v1.GetRepoArchive)
-				}, middleware.ApiRepoAssignment(), middleware.ApiReqToken())
-			})
-
-			m.Any("/*", func(ctx *middleware.Context) {
-				ctx.HandleAPI(404, "Page not found")
-			})
-		})
+		apiv1.RegisterRoutes(m)
 	}, ignSignIn)
 	// ***** END: API *****

@@ -285,11 +244,6 @@ func runWeb(ctx *cli.Context) {
 	})
 	// ***** END: User *****

-	// Gravatar service.
-	avt := avatar.CacheServer("public/img/avatar/", "public/img/avatar_default.jpg")
-	os.MkdirAll("public/img/avatar/", os.ModePerm)
-	m.Get("/avatar/:hash", avt.ServeHTTP)
-
 	adminReq := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true, AdminRequire: true})

 	// ***** START: Admin *****
@@ -300,10 +254,8 @@ func runWeb(ctx *cli.Context) {

 		m.Group("/users", func() {
 			m.Get("", admin.Users)
-			m.Get("/new", admin.NewUser)
-			m.Post("/new", bindIgnErr(auth.AdminCrateUserForm{}), admin.NewUserPost)
-			m.Get("/:userid", admin.EditUser)
-			m.Post("/:userid", bindIgnErr(auth.AdminEditUserForm{}), admin.EditUserPost)
+			m.Combo("/new").Get(admin.NewUser).Post(bindIgnErr(auth.AdminCrateUserForm{}), admin.NewUserPost)
+			m.Combo("/:userid").Get(admin.EditUser).Post(bindIgnErr(auth.AdminEditUserForm{}), admin.EditUserPost)
 			m.Post("/:userid/delete", admin.DeleteUser)
 		})

@@ -312,13 +264,13 @@ func runWeb(ctx *cli.Context) {
 		})

 		m.Group("/repos", func() {
-			m.Get("", admin.Repositories)
+			m.Get("", admin.Repos)
+			m.Post("/delete", admin.DeleteRepo)
 		})

 		m.Group("/auths", func() {
 			m.Get("", admin.Authentications)
-			m.Get("/new", admin.NewAuthSource)
-			m.Post("/new", bindIgnErr(auth.AuthenticationForm{}), admin.NewAuthSourcePost)
+			m.Combo("/new").Get(admin.NewAuthSource).Post(bindIgnErr(auth.AuthenticationForm{}), admin.NewAuthSourcePost)
 			m.Combo("/:authid").Get(admin.EditAuthSource).
 				Post(bindIgnErr(auth.AuthenticationForm{}), admin.EditAuthSourcePost)
 			m.Post("/:authid/delete", admin.DeleteAuthSource)
@@ -326,13 +278,20 @@ func runWeb(ctx *cli.Context) {

 		m.Group("/notices", func() {
 			m.Get("", admin.Notices)
-			m.Get("/:id:int/delete", admin.DeleteNotice)
+			m.Post("/delete", admin.DeleteNotices)
+			m.Get("/empty", admin.EmptyNotices)
 		})
 	}, adminReq)
 	// ***** END: Admin *****

 	m.Group("", func() {
-		m.Get("/:username", user.Profile)
+		m.Group("/:username", func() {
+			m.Get("", user.Profile)
+			m.Get("/followers", user.Followers)
+			m.Get("/following", user.Following)
+			m.Get("/stars", user.Stars)
+		})
+
 		m.Get("/attachments/:uuid", func(ctx *middleware.Context) {
 			attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid"))
 			if err != nil {
@@ -362,11 +321,16 @@ func runWeb(ctx *cli.Context) {
 		m.Post("/issues/attachments", repo.UploadIssueAttachment)
 	}, ignSignIn)

+	m.Group("/:username", func() {
+		m.Get("/action/:action", user.Action)
+	}, reqSignIn)
+
 	if macaron.Env == macaron.DEV {
 		m.Get("/template/*", dev.TemplatePreview)
 	}

 	reqRepoAdmin := middleware.RequireRepoAdmin()
+	reqRepoPusher := middleware.RequireRepoPusher()

 	// ***** START: Organization *****
 	m.Group("/org", func() {
@@ -380,11 +344,14 @@ func runWeb(ctx *cli.Context) {
 			m.Get("/members/action/:action", org.MembersAction)

 			m.Get("/teams", org.Teams)
+		}, middleware.OrgAssignment(true))
+
+		m.Group("/:org", func() {
 			m.Get("/teams/:team", org.TeamMembers)
 			m.Get("/teams/:team/repositories", org.TeamRepositories)
-			m.Get("/teams/:team/action/:action", org.TeamsAction)
-			m.Get("/teams/:team/action/repo/:action", org.TeamsRepoAction)
-		}, middleware.OrgAssignment(true, true))
+			m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction)
+			m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction)
+		}, middleware.OrgAssignment(true, false, true))

 		m.Group("/:org", func() {
 			m.Get("/teams/new", org.NewTeam)
@@ -413,11 +380,8 @@ func runWeb(ctx *cli.Context) {
 			})

 			m.Route("/invitations/new", "GET,POST", org.Invitation)
-		}, middleware.OrgAssignment(true, true, true))
+		}, middleware.OrgAssignment(true, true))
 	}, reqSignIn)
-	m.Group("/org", func() {
-		m.Get("/:org", org.Home)
-	}, ignSignIn, middleware.OrgAssignment(true))
 	// ***** END: Organization *****

 	// ***** START: Repository *****
@@ -434,7 +398,7 @@ func runWeb(ctx *cli.Context) {
 		m.Group("/settings", func() {
 			m.Combo("").Get(repo.Settings).
 				Post(bindIgnErr(auth.RepoSettingForm{}), repo.SettingsPost)
-			m.Route("/collaboration", "GET,POST", repo.Collaboration)
+			m.Combo("/collaboration").Get(repo.Collaboration).Post(repo.CollaborationPost)

 			m.Group("/hooks", func() {
 				m.Get("", repo.Webhooks)
@@ -443,6 +407,7 @@ func runWeb(ctx *cli.Context) {
 				m.Post("/gogs/new", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksNewPost)
 				m.Post("/slack/new", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksNewPost)
 				m.Get("/:id", repo.WebHooksEdit)
+				m.Post("/:id/test", repo.TestWebhook)
 				m.Post("/gogs/:id", bindIgnErr(auth.NewWebhookForm{}), repo.WebHooksEditPost)
 				m.Post("/slack/:id", bindIgnErr(auth.NewSlackHookForm{}), repo.SlackHooksEditPost)

@@ -459,14 +424,15 @@ func runWeb(ctx *cli.Context) {
 				m.Post("/delete", repo.DeleteDeployKey)
 			})

+		}, func(ctx *middleware.Context) {
+			ctx.Data["PageIsSettings"] = true
 		})
-	}, reqSignIn, middleware.RepoAssignment(true), reqRepoAdmin)
+	}, reqSignIn, middleware.RepoAssignment(), reqRepoAdmin, middleware.RepoRef())

+	m.Get("/:username/:reponame/action/:action", reqSignIn, middleware.RepoAssignment(), repo.Action)
 	m.Group("/:username/:reponame", func() {
-		m.Get("/action/:action", repo.Action)
-
 		m.Group("/issues", func() {
-			m.Combo("/new").Get(repo.NewIssue).
+			m.Combo("/new", repo.MustEnableIssues).Get(middleware.RepoRef(), repo.NewIssue).
 				Post(bindIgnErr(auth.CreateIssueForm{}), repo.NewIssuePost)

 			m.Combo("/:index/comments").Post(bindIgnErr(auth.CreateCommentForm{}), repo.NewComment)
@@ -486,61 +452,83 @@ func runWeb(ctx *cli.Context) {
 			m.Post("/new", bindIgnErr(auth.CreateLabelForm{}), repo.NewLabel)
 			m.Post("/edit", bindIgnErr(auth.CreateLabelForm{}), repo.UpdateLabel)
 			m.Post("/delete", repo.DeleteLabel)
-		}, reqRepoAdmin)
+		}, reqRepoAdmin, middleware.RepoRef())
 		m.Group("/milestones", func() {
-			m.Get("/new", repo.NewMilestone)
-			m.Post("/new", bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost)
+			m.Combo("/new").Get(repo.NewMilestone).
+				Post(bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost)
 			m.Get("/:id/edit", repo.EditMilestone)
 			m.Post("/:id/edit", bindIgnErr(auth.CreateMilestoneForm{}), repo.EditMilestonePost)
 			m.Get("/:id/:action", repo.ChangeMilestonStatus)
 			m.Post("/delete", repo.DeleteMilestone)
-		}, reqRepoAdmin)
+		}, reqRepoAdmin, middleware.RepoRef())

 		m.Group("/releases", func() {
 			m.Get("/new", repo.NewRelease)
 			m.Post("/new", bindIgnErr(auth.NewReleaseForm{}), repo.NewReleasePost)
 			m.Get("/edit/:tagname", repo.EditRelease)
 			m.Post("/edit/:tagname", bindIgnErr(auth.EditReleaseForm{}), repo.EditReleasePost)
+			m.Post("/delete", repo.DeleteRelease)
 		}, reqRepoAdmin, middleware.RepoRef())

-		m.Combo("/compare/*").Get(repo.CompareAndPullRequest).
+		m.Combo("/compare/*", repo.MustAllowPulls).Get(repo.CompareAndPullRequest).
 			Post(bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
-	}, reqSignIn, middleware.RepoAssignment(true))
+	}, reqSignIn, middleware.RepoAssignment(), repo.MustBeNotBare)

 	m.Group("/:username/:reponame", func() {
-		m.Get("/releases", middleware.RepoRef(), repo.Releases)
-		m.Get("/^:type(issues|pulls)$", repo.RetrieveLabels, repo.Issues)
-		m.Get("/^:type(issues|pulls)$/:index", repo.ViewIssue)
-		m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
-		m.Get("/milestones", repo.Milestones)
-		m.Get("/branches", repo.Branches)
+		m.Group("", func() {
+			m.Get("/releases", repo.Releases)
+			m.Get("/^:type(issues|pulls)$", repo.RetrieveLabels, repo.Issues)
+			m.Get("/^:type(issues|pulls)$/:index", repo.ViewIssue)
+			m.Get("/labels/", repo.RetrieveLabels, repo.Labels)
+			m.Get("/milestones", repo.Milestones)
+		}, middleware.RepoRef())
+
+		// m.Get("/branches", repo.Branches)
+
+		m.Group("/wiki", func() {
+			m.Get("/?:page", repo.Wiki)
+			m.Get("/_pages", repo.WikiPages)
+
+			m.Group("", func() {
+				m.Combo("/_new").Get(repo.NewWiki).
+					Post(bindIgnErr(auth.NewWikiForm{}), repo.NewWikiPost)
+				m.Combo("/:page/_edit").Get(repo.EditWiki).
+					Post(bindIgnErr(auth.NewWikiForm{}), repo.EditWikiPost)
+			}, reqSignIn, reqRepoPusher)
+		}, repo.MustEnableWiki, middleware.RepoRef())
+
 		m.Get("/archive/*", repo.Download)

 		m.Group("/pulls/:index", func() {
-			m.Get("/commits", repo.ViewPullCommits)
-			m.Get("/files", repo.ViewPullFiles)
+			m.Get("/commits", middleware.RepoRef(), repo.ViewPullCommits)
+			m.Get("/files", middleware.RepoRef(), repo.ViewPullFiles)
 			m.Post("/merge", reqRepoAdmin, repo.MergePullRequest)
-		})
+		}, repo.MustAllowPulls)

 		m.Group("", func() {
 			m.Get("/src/*", repo.Home)
 			m.Get("/raw/*", repo.SingleDownload)
 			m.Get("/commits/*", repo.RefCommits)
 			m.Get("/commit/*", repo.Diff)
+			m.Get("/forks", repo.Forks)
 		}, middleware.RepoRef())

-		m.Get("/compare/:before([a-z0-9]{40})...:after([a-z0-9]{40})", repo.CompareDiff)
-	}, ignSignIn, middleware.RepoAssignment(true))
+		m.Get("/compare/:before([a-z0-9]{40})\\.\\.\\.:after([a-z0-9]{40})", repo.CompareDiff)
+	}, ignSignIn, middleware.RepoAssignment(), repo.MustBeNotBare)
+	m.Group("/:username/:reponame", func() {
+		m.Get("/stars", repo.Stars)
+		m.Get("/watchers", repo.Watchers)
+	}, ignSignIn, middleware.RepoAssignment(), middleware.RepoRef())

 	m.Group("/:username", func() {
 		m.Group("/:reponame", func() {
 			m.Get("", repo.Home)
 			m.Get("\\.git$", repo.Home)
-		}, ignSignIn, middleware.RepoAssignment(true, true), middleware.RepoRef())
+		}, ignSignIn, middleware.RepoAssignment(true), middleware.RepoRef())

 		m.Group("/:reponame", func() {
-			m.Any("/*", ignSignInAndCsrf, repo.Http)
-			m.Head("/hooks/trigger", repo.TriggerHook)
+			m.Any("/*", ignSignInAndCsrf, repo.HTTP)
+			m.Head("/tasks/trigger", repo.TriggerTask)
 		})
 	})
 	// ***** END: Repository *****
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -11,6 +11,14 @@ RUN_MODE = dev
 [repository]
 ROOT =
 SCRIPT_TYPE = bash
+; Default ANSI charset
+ANSI_CHARSET = 
+; Force every new repository to be private
+FORCE_PRIVATE = false
+; Global maximum creation limit of repository per user, -1 means no limit
+MAX_CREATION_LIMIT = -1
+; Patch test queue length, make it as large as possible
+PULL_REQUEST_QUEUE_LENGTH = 10000

 [ui]
 ; Number of repositories that are showed in one explore page
@@ -19,6 +27,10 @@ EXPLORE_PAGING_NUM = 20
 ISSUE_PAGING_NUM = 10
 ; Number of maximum commits showed in one activity feed
 FEED_MAX_COMMIT_NUM = 5
+; Value of `theme-color` meta tag, used by Android >= 5.0
+; An invalid color like "none" or "disable" will have the default style
+; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+THEME_COLOR_META_TAG = `#ff5343`

 [ui.admin]
 ; Number of users that are showed in one page
@@ -26,13 +38,16 @@ USER_PAGING_NUM = 50
 ; Number of repos that are showed in one page
 REPO_PAGING_NUM = 50
 ; Number of notices that are showed in one page
-NOTICE_PAGING_NUM = 50
+NOTICE_PAGING_NUM = 25
 ; Number of organization that are showed in one page
 ORG_PAGING_NUM = 50

 [markdown]
 ; Enable hard line break extension
 ENABLE_HARD_LINE_BREAK = false
+; List of custom URL-Schemes that are allowed as links when rendering Markdown
+; for example git,magnet
+CUSTOM_URL_SCHEMES =

 [server]
 PROTOCOL = http
@@ -40,14 +55,21 @@ DOMAIN = localhost
 ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 HTTP_ADDR =
 HTTP_PORT = 3000
+; Local (DMZ) URL for Gogs workers (such as SSH update) accessing web service.
+; In most cases you do not need to change the default value.
+; Alter it only if your SSH server node is not the same as HTTP node.
+LOCAL_ROOT_URL = http://localhost:%(HTTP_PORT)s/
 ; Disable SSH feature when not available
 DISABLE_SSH = false
+; Whether use builtin SSH server or not.
+START_SSH_SERVER = false
 SSH_PORT = 22
+; Root path of SSH directory
+SSH_ROOT_PATH = 
 ; Disable CDN even in "prod" mode
 OFFLINE_MODE = false
 DISABLE_ROUTER_LOG = false
 ; Generate steps:
-; $ cd path/to/gogs/custom/https
 ; $ ./gogs cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;
 ; Or from a .pfx file exported from the Windows certificate store (do
@@ -73,7 +95,7 @@ USER = root
 PASSWD =
 ; For "postgres" only, either "disable", "require" or "verify-full"
 SSL_MODE = disable
-; For "sqlite3" and "tidb"
+; For "sqlite3" and "tidb", use absolute path when you start as service
 PATH = data/gogs.db

 [admin]
@@ -98,15 +120,11 @@ REGISTER_EMAIL_CONFIRM = false
 DISABLE_REGISTRATION = false
 ; User must sign in to view anything.
 REQUIRE_SIGNIN_VIEW = false
-; Cache avatar as picture
-ENABLE_CACHE_AVATAR = false
 ; Mail notification
 ENABLE_NOTIFY_MAIL = false
 ; More detail: https://github.com/gogits/gogs/issues/165
 ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
-; Do not check minimum key size with corresponding type
-DISABLE_MINIMUM_KEY_SIZE_CHECK = false
 ; Enable captcha validation for registration
 ENABLE_CAPTCHA = true

@@ -247,8 +265,8 @@ ADDR =
 ; For "smtp" mode only
 [log.smtp]
 LEVEL =
-; Name displayed in mail title, default is "Diagnostic message from serve"
-SUBJECT = Diagnostic message from serve
+; Name displayed in mail title, default is "Diagnostic message from server"
+SUBJECT = Diagnostic message from server
 ; Mail server
 HOST =
 ; Mailer user name and password
@@ -278,7 +296,8 @@ SCHEDULE = @every 1h
 ; Repository health check
 [cron.repo_health_check]
 SCHEDULE = @every 24h
-; Arguments for command 'git fsck', e.g.: "--unreachable --tags"
+TIMEOUT = 60s
+; Arguments for command 'git fsck', e.g. "--unreachable --tags"
 ; see more on http://git-scm.com/docs/git-fsck/1.7.5
 ARGS = 

@@ -289,7 +308,7 @@ SCHEDULE = @every 24h

 [git]
 MAX_GIT_DIFF_LINES = 10000
-; Arguments for command 'git gc', e.g.: "--aggressive --auto"
+; Arguments for command 'git gc', e.g. "--aggressive --auto"
 ; see more on http://git-scm.com/docs/git-gc/1.7.5
 GC_ARGS = 

@@ -314,5 +333,11 @@ pl-PL = pl
 bg-BG = bg
 it-IT = it

+; Extension mapping to highlight class
+; e.g. .toml=ini
+[highlight.mapping]
+
 [other]
 SHOW_FOOTER_BRANDING = false
+; Show version information about gogs and go in the footer
+SHOW_FOOTER_VERSION = true
--- a/conf/gitignore/Clojure.gitignore
+++ b/conf/gitignore/Clojure.gitignore
@@ -1 +0,0 @@
-Leiningen.gitignore
--- a/conf/gitignore/Fortran.gitignore
+++ b/conf/gitignore/Fortran.gitignore
@@ -1 +0,0 @@
-C++.gitignore
--- a/conf/license/Creative
+++ b/conf/license/Creative
@@ -1,39 +0,0 @@
-Creative Commons CC0 1.0 Universal
-CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER.
-Statement of Purpose
-
-The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
-
-Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
-
-For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
-
-1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
-
-i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
-
-ii. moral rights retained by the original author(s) and/or performer(s);
-
-iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
-
-iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
-
-v. rights protecting the extraction, dissemination, use and reuse of data in a Work;
-
-vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
-
-vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
-
-2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
-
-3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
-
-4. Limitations and Disclaimers.
-
-a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
-
-b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
-
-c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
-
-d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.
--- a/conf/locale/TRANSLATORS
+++ b/conf/locale/TRANSLATORS
@@ -1,20 +1,44 @@
 # This file lists all PUBLIC individuals having contributed content to the translation.
-# Order of name is meaningless.
+# Entries are in alphabetical order.

-Akihiro YAGASAKI <yaggytter@momiage.com>
-Alexander Steinhöfer <kontakt@lx-s.de>
-Alexandre Magno <alexandre.mbm@gmail.com>
-Barış Arda Yılmaz <ardayilmazgamer@gmail.com>
-Christoph Kisfeld <christoph.kisfeld@gmail.com>
-Daniel Speichert <daniel@speichert.pl>
-Gregor Santner <gdev@live.de>
-Huimin Wang <wanghm2009@hotmail.co.jp>
-ilko <email>
-Thomas Fanninger <gogs.thomas@fanninger.at>
-Łukasz Jan Niemier <lukasz@niemier.pl>
-Lafriks <lafriks@gmail.com>
-Luc Stepniewski <luc@stepniewski.fr>
-Miguel de la Cruz <miguel@mcrx.me>
-Marc Schiller <marc@schiller.im>
-Morten Sørensen <klim8d@gmail.com>
-Natan Albuquerque <natanalbuquerque5@gmail.com>
+Adam Strzelecki <ono AT java DOT pl>
+Adrian Verde <me AT adrianverde DOT com>
+Akihiro YAGASAKI <yaggytter AT momiage DOT com>
+Aleksejs Grocevs <aleksejs AT grocevs DOT pro>
+Aleksey Tarakin <hukendo AT yandex DOT ru>
+Alexander Steinhöfer <kontakt AT lx-s DOT de>
+Alexandre Magno <alexandre DOT mbm AT gmail DOT com>
+Andrey Nering <andrey AT nering DOT com DOT br>
+Andrey Solomatin <toadron AT yandex DOT ru>
+Antoine GIRARD <sapk AT sapk DOT fr>
+Arthur Aslanyan <arthur DOT e DOT aslanyan AT gmail DOT com>
+Barış Arda Yılmaz <ardayilmazgamer AT gmail DOT com>
+Christoph Kisfeld <christoph DOT kisfeld AT gmail DOT com>
+Cysioland
+Daniel Speichert <daniel AT speichert DOT pl>
+David Yzaguirre <dvdyzag AT gmail DOT com>
+Dmitriy Nogay <me AT catwhocode DOT ga>
+Ezequiel Gonzalez Rial <gonrial AT gmail DOT com>
+Gregor Santner <gdev AT live DOT de>
+Hamid Feizabadi <hamidfzm AT gmail DOT com>
+Huimin Wang <wanghm2009 AT hotmail DOT co DOT jp>
+ilko <kontact-mr.k AT outlook DOT com">
+Ilya Makarov
+Juraj Bubniak <contact AT jbub DOT eu>
+Lafriks <lafriks AT gmail DOT com>
+Lauri Ojansivu <x AT xet7 DOT org>
+Luc Stepniewski <luc AT stepniewski DOT fr>
+Luca Kröger <l DOT kroeger01 AT gmail DOT com>
+Marc Schiller <marc AT schiller DOT im>
+Miguel de la Cruz <miguel AT mcrx DOT me>
+Mikhail Burdin <xdshot9000 AT gmail DOT com>
+Morten Sørensen <klim8d AT gmail DOT com>
+Nakao Takamasa <at.mattenn AT gmail DOT com>
+Natan Albuquerque <natanalbuquerque5 AT gmail DOT com>
+Odilon Junior <odilon DOT junior93 AT gmail DOT com>
+Thomas Fanninger <gogs DOT thomas AT fanninger DOT at>
+Tilmann Bach <tilmann AT outlook DOT com>
+Toni Villena Jiménez <tonivj5 AT gmail DOT com>
+Vladimir Vissoultchev <wqweto AT gmail DOT com>
+YJSoft <yjsoft AT yjsoft DOT pe DOT kr>
+Łukasz Jan Niemier <lukasz AT niemier DOT pl>
--- a/conf/locale/locale_bg-BG.ini
+++ b/conf/locale/locale_bg-BG.ini
--- a/conf/locale/locale_de-DE.ini
+++ b/conf/locale/locale_de-DE.ini
--- a/conf/locale/locale_en-US.ini
+++ b/conf/locale/locale_en-US.ini
@@ -18,7 +18,7 @@ user_profile_and_more = User profile and more
 signed_in_as = Signed in as

 username = Username
-email = E-mail
+email = Email
 password = Password
 re_type = Re-Type
 captcha = Captcha
@@ -28,6 +28,7 @@ organization = Organization
 mirror = Mirror
 new_repo = New Repository
 new_migrate = New Migration
+new_mirror = New Mirror
 new_fork = New Fork Repository
 new_org = New Organization
 manage_org = Manage Organizations
@@ -37,7 +38,7 @@ settings = Settings
 your_profile = Your Profile
 your_settings = Your Settings

-news_feed = News Feed
+activities = Activities
 pull_requests = Pull Requests
 issues = Issues

@@ -64,7 +65,7 @@ db_name = Database Name
 db_helper = Please use INNODB engine with utf8_general_ci charset for MySQL.
 ssl_mode = SSL Mode
 path = Path
-sqlite_helper = The file path of SQLite3 or TiDB database.
+sqlite_helper = The file path of SQLite3 or TiDB database. <br>Please use absolute path when you start as service.
 err_empty_db_path = SQLite3 or TiDB database path cannot be empty.
 err_invalid_tidb_name = TiDB database name does not allow characters "." and "-".
 no_admin_and_disable_registration = You cannot disable registration without creating an admin account.
@@ -84,14 +85,16 @@ ssh_port_helper = Port number which your SSH server is using, leave it empty to
 http_port = HTTP Port
 http_port_helper = Port number which application will listen on.
 app_url = Application URL
-app_url_helper = This affects HTTP/HTTPS clone URL and somewhere in e-mail.
+app_url_helper = This affects HTTP/HTTPS clone URL and somewhere in email.
+log_root_path = Log Path
+log_root_path_helper = Directory to write log files to.

 optional_title = Optional Settings
-email_title = E-mail Service Settings
+email_title = Email Service Settings
 smtp_host = SMTP Host
 smtp_from = From
 smtp_from_helper = Mail from address, RFC 5322. It can be just an email address, or the "Name" <email@example.com> format.
-mailer_user = Sender E-mail
+mailer_user = Sender Email
 mailer_password = Sender Password
 register_confirm = Enable Register Confirmation
 mail_notify = Enable Mail Notification
@@ -111,7 +114,7 @@ admin_title = Admin Account Settings
 admin_name = Username
 admin_password = Password
 confirm_password = Confirm Password
-admin_email = E-mail
+admin_email = Admin Email
 install_gogs = Install Gogs
 test_git_failed = Fail to test 'git' command: %v
 sqlite3_not_available = Your release version does not support SQLite3, please download the official binary version from %s, NOT the gobuild version.
@@ -121,9 +124,10 @@ run_user_not_match = Run user isn't the current user: %s -> %s
 save_config_failed = Fail to save configuration: %v
 invalid_admin_setting = Admin account setting is invalid: %v
 install_success = Welcome! We're glad that you chose Gogs, have fun and take care.
+invalid_log_root_path = Log root path is invalid: %v

 [home]
-uname_holder = Username or E-mail
+uname_holder = Username or email
 password_holder = Password
 switch_dashboard_context = Switch Dashboard Context
 my_repos = My Repositories
@@ -147,14 +151,13 @@ remember_me = Remember Me
 forgot_password= Forgot Password
 forget_password = Forgot password?
 sign_up_now = Need an account? Sign up now.
-confirmation_mail_sent_prompt = A new confirmation e-mail has been sent to <b>%s</b>, please check your inbox within the next %d hours to complete the registration process.
-sign_in_to_account = Sign in to your account
+confirmation_mail_sent_prompt = A new confirmation email has been sent to <b>%s</b>, please check your inbox within the next %d hours to complete the registration process.
 active_your_account = Activate Your Account
 resent_limit_prompt = Sorry, you already requested an activation email recently. Please wait 3 minutes then try again.
-has_unconfirmed_mail = Hi %s, you have an unconfirmed e-mail address (<b>%s</b>). If you haven't received a confirmation e-mail or need to resend a new one, please click on the button below.
-resend_mail = Click here to resend your activation e-mail
-email_not_associate = This e-mail address is not associated with any account.
-send_reset_mail = Click here to (re)send your password reset e-mail
+has_unconfirmed_mail = Hi %s, you have an unconfirmed email address (<b>%s</b>). If you haven't received a confirmation email or need to resend a new one, please click on the button below.
+resend_mail = Click here to resend your activation email
+email_not_associate = This email address is not associated with any account.
+send_reset_mail = Click here to (re)send your password reset email
 reset_password = Reset Your Password
 invalid_code = Sorry, your confirmation code has expired or not valid.
 reset_password_helper = Click here to reset your password
@@ -162,9 +165,10 @@ password_too_short = Password length cannot be less then 6.

 [mail]
 activate_account = Please activate your account
-activate_email = Verify your e-mail address
+activate_email = Verify your email address
 reset_password = Reset your password
-register_success = Register success, Welcome
+register_success = Registration successful, welcome
+register_notify = Welcome on board

 [modal]
 yes = Yes
@@ -174,7 +178,7 @@ modify = Modify
 [form]
 UserName = Username
 RepoName = Repository name
-Email = E-mail address
+Email = Email address
 Password = Password
 Retype = Re-type password
 SSHTitle = SSH key name
@@ -182,7 +186,7 @@ HttpsUrl = HTTPS URL
 PayloadUrl = Payload URL
 TeamName = Team name
 AuthName = Authorization name
-AdminEmail = Admin E-mail
+AdminEmail = Admin email

 require_error = ` cannot be empty.`
 alpha_dash_error = ` must be valid alpha or numeric or dash(-_) characters.`
@@ -190,18 +194,18 @@ alpha_dash_dot_error = ` must be valid alpha or numeric or dash(-_) or dot chara
 size_error  = ` must be size %s.`
 min_size_error = ` must contain at least %s characters.`
 max_size_error = ` must contain at most %s characters.`
-email_error = ` is not a valid e-mail address.`
+email_error = ` is not a valid email address.`
 url_error = ` is not a valid URL.`
+include_error = ` must contain substring '%s'.`
 unknown_error = Unknown error:
 captcha_incorrect = Captcha didn't match.
 password_not_match = Password and confirm password are not same.

-username_been_taken = Username has been already taken.
-repo_name_been_taken = Repository name has been already taken.
-org_name_been_taken = Organization name has been already taken.
-team_name_been_taken = Team name has been already taken.
-email_been_used = E-mail address has been already used.
-illegal_team_name = Team name contains illegal characters.
+username_been_taken = Username has already been taken.
+repo_name_been_taken = Repository name has already been taken.
+org_name_been_taken = Organization name has already been taken.
+team_name_been_taken = Team name has already been taken.
+email_been_used = Email address has already been used.
 username_password_incorrect = Username or password is not correct.
 enterred_invalid_repo_name = Please make sure that the repository name you entered is correct.
 enterred_invalid_owner_name = Please make sure that the owner name you entered is correct.
@@ -215,9 +219,9 @@ auth_failed = Authentication failed: %v

 still_own_repo = Your account still has ownership over at least one repository, you have to delete or transfer them first.
 still_has_org = Your account still has membership in at least one organization, you have to leave or delete your memberships first.
-org_still_own_repo = This organization still have ownership of repository, you have to delete or transfer them first.
+org_still_own_repo = This organization still has ownership of repositories, you must delete or transfer them first.

-still_own_user = This authentication still is in use by at least one user, please remove them from the authentication and try again.
+still_own_user = This authentication is still in use by at least one user, please remove them from the authentication and try again.

 target_branch_not_exist = Target branch does not exist.

@@ -228,8 +232,10 @@ join_on = Joined on
 repositories = Repositories
 activity = Public Activity
 followers = Followers
-starred = Starred
+starred = Starred repositories
 following = Following
+follow = Follow
+unfollow = Unfollow

 form.name_reserved = Username '%s' is reserved.
 form.name_pattern_not_allowed = Username pattern '%s' is not allowed.
@@ -245,7 +251,8 @@ delete = Delete Account
 uid = Uid

 public_profile = Public Profile
-profile_desc = Your E-mail address is public and will be used for any account related notifications, and any web based operations made via the site.
+profile_desc = Your email address is public and will be used for any account related notifications, and any web based operations made via the site.
+password_username_disabled = Non-local type users are not allowed to change their username.
 full_name = Full Name
 website = Website
 location = Location
@@ -257,7 +264,7 @@ continue = Continue
 cancel = Cancel

 enable_custom_avatar = Enable Custom Avatar
-enable_custom_avatar_helper = Enable this to disable fetch from Gravatar
+enable_custom_avatar_helper = Disable fetch from Gravatar
 choose_new_avatar = Choose new avatar
 update_avatar = Update Avatar Setting
 uploaded_avatar_not_a_image = Uploaded file is not a image.
@@ -270,28 +277,29 @@ new_password = New Password
 retype_new_password = Retype New Password
 password_incorrect = Current password is not correct.
 change_password_success = Your password was successfully changed. You can now sign using this new password.
+password_change_disabled = Non-local type users are not allowed to change their password.

-emails = E-mail Addresses
-manage_emails = Manage e-mail addresses
-email_desc = Your primary e-mail address will be used for notifications and other operations.
+emails = Email Addresses
+manage_emails = Manage email addresses
+email_desc = Your primary email address will be used for notifications and other operations.
 primary = Primary
 primary_email = Set as primary
 delete_email = Delete
-email_deletion = E-mail Deletion
-email_deletion_desc = Delete this e-mail address will remove related information from your account. Do you want to continue?
-email_deletion_success = E-mail has been deleted successfully!
-add_new_email = Add new e-mail address
-add_email = Add e-mail
-add_email_confirmation_sent = A new confirmation e-mail has been sent to '%s', please check your inbox within the next %d hours to complete the confirmation process.
-add_email_success = Your new E-mail address was successfully added.
+email_deletion = Email Deletion
+email_deletion_desc = Deleting this email address will remove related information from your account. Do you want to continue?
+email_deletion_success = Email has been deleted successfully!
+add_new_email = Add new email address
+add_email = Add email
+add_email_confirmation_sent = A new confirmation email has been sent to '%s', please check your inbox within the next %d hours to complete the confirmation process.
+add_email_success = Your new email address was successfully added.

 manage_ssh_keys = Manage SSH Keys
 add_key = Add Key
 ssh_desc = This is a list of SSH keys associated with your account. As these keys allow anyone using them to gain access to your repositories, it is highly important that you make sure you recognize them.
 ssh_helper = <strong>Don't know how?</strong> Check out GitHub's guide to <a href="%s">create your own SSH keys</a> or solve <a href="%s">common problems</a> you might encounter using SSH.
 add_new_key = Add SSH Key
-ssh_key_been_used = Public key content has been used. 
-ssh_key_name_used = Public key with same name has already existed. 
+ssh_key_been_used = Public key content has been used.
+ssh_key_name_used = Public key with same name has already existed.
 key_name = Key Name
 key_content = Content
 add_key_success = New SSH key '%s' has been added successfully!
@@ -334,7 +342,9 @@ repo_name = Repository Name
 repo_name_helper = A good repository name is usually composed of short, memorable and unique keywords.
 visibility = Visibility
 visiblity_helper = This repository is <span class="ui red text">Private</span>
+visiblity_helper_forced = Site admin has forced all new repositories to be <span class="ui red text">Private</span>
 visiblity_fork_helper = (Change of this value will affect all forks)
+clone_helper = Need help cloning? Visit <a target="_blank" href="%s">Help</a>!
 fork_repo = Fork Repository
 fork_from = Fork From
 fork_visiblity_helper = You cannot alter the visibility of a forked repository.
@@ -349,7 +359,13 @@ auto_init = Initialize this repository with selected files and template
 create_repo = Create Repository
 default_branch = Default Branch
 mirror_interval = Mirror Interval (hour)
+mirror_address = Mirror Address
+mirror_address_desc = Please include necessary user credentials in the address.
+watchers = Watchers
+stargazers = Stargazers
+forks = Forks

+form.reach_limit_of_creation = The owner has reached maximum creation limit of %d repositories.
 form.name_reserved = Repository name '%s' is reserved.
 form.name_pattern_not_allowed = Repository name pattern '%s' is not allowed.

@@ -359,14 +375,17 @@ migrate_type_helper = This repository will be a <span class="text blue">mirror</
 migrate_repo = Migrate Repository
 migrate.clone_address = Clone Address
 migrate.clone_address_desc = This can be a HTTP/HTTPS/GIT URL or local server path.
+migrate.permission_denied = You are not allowed to import local repositories.
 migrate.invalid_local_path = Invalid local path, it does not exist or not a directory.
+migrate.failed = Migration failed: %v

+mirror_from = mirror of
 forked_from = forked from
-fork_from_self = You cannot fork repository you already owned!
+fork_from_self = You cannot fork a repository you already own!
 copy_link = Copy
-click_to_copy = Copy to clipboard
+copy_link_success = Copied!
+copy_link_error = Press ⌘-C or Ctrl-C to copy
 copied = Copied OK
-clone_helper = Need help cloning? Visit <a target="_blank" href="%s">Help</a>!
 unwatch = Unwatch
 watch = Watch
 unstar = Unstar
@@ -378,10 +397,12 @@ quick_guide = Quick Guide
 clone_this_repo = Clone this repository
 create_new_repo_command = Create a new repository on the command line
 push_exist_repo = Push an existing repository from the command line
+repo_is_empty = This repository is empty, please come back later!

+code = Code
 branch = Branch
 tree = Tree
-branch_and_tags = Branches & Tags
+filter_branch_and_tag = Filter branch or tag
 branches = Branches
 tags = Tags
 issues = Issues
@@ -450,9 +471,9 @@ issues.num_comments = %d comments
 issues.commented_at = `commented <a id="%[1]s" href="#%[1]s">%[2]s</a>`
 issues.no_content = There is no content yet.
 issues.close_issue = Close
-issues.close_comment_issue = Close and comment
+issues.close_comment_issue = Comment and close
 issues.reopen_issue = Reopen
-issues.reopen_comment_issue = Reopen and comment
+issues.reopen_comment_issue = Comment and reopen
 issues.create_comment = Comment
 issues.closed_at = `closed <a id="%[1]s" href="#%[1]s">%[2]s</a>`
 issues.reopened_at = `reopened <a id="%[1]s" href="#%[1]s">%[2]s</a>`
@@ -473,9 +494,11 @@ issues.label_edit = Edit
 issues.label_delete = Delete
 issues.label_modify = Label Modification
 issues.label_deletion = Label Deletion
-issues.label_deletion_desc = Delete this label will remove its information in all related issues. Do you want to continue?
+issues.label_deletion_desc = Deleting this label will remove its information in all related issues. Do you want to continue?
 issues.label_deletion_success = Label has been deleted successfully!
+issues.num_participants = %d Participants

+pulls.new = New Pull Request
 pulls.compare_changes = Compare Changes
 pulls.compare_changes_desc = Compare two branches and make a pull request for changes.
 pulls.compare_base = base
@@ -494,16 +517,18 @@ pulls.reopen_to_merge = Please reopen this pull request to perform merge operati
 pulls.merged = Merged
 pulls.has_merged = This pull request has been merged successfully!
 pulls.data_broken = Data of this pull request has been broken due to deletion of fork information.
-pulls.can_auto_merge_desc = You can perform auto-merge operation on this pull request.
-pulls.cannot_auto_merge_desc = You can't perform auto-merge operation because there are conflicts between commits.
-pulls.cannot_auto_merge_helper = Please use command line tool to solve it.
+pulls.is_checking = The conflict checking is still in progress, please refresh page in few moments.
+pulls.can_auto_merge_desc = This pull request can be merged automatically.
+pulls.cannot_auto_merge_desc = This pull request can't be merged automatically because there are conflicts.
+pulls.cannot_auto_merge_helper = Please merge manually in order to resolve the conflicts.
 pulls.merge_pull_request = Merge Pull Request
+pulls.open_unmerged_pull_exists = `You can't perform reopen operation because there is already an open pull request (#%d) from same repository with same merge information and is waiting for merging.`

 milestones.new = New Milestone
 milestones.open_tab = %d Open
 milestones.close_tab = %d Closed
 milestones.closed = Closed %s
-milestones.no_due_date = No due date 
+milestones.no_due_date = No due date
 milestones.open = Open
 milestones.close = Close
 milestones.new_subheader = Create milestones to organize your issues.
@@ -512,40 +537,72 @@ milestones.title = Title
 milestones.desc = Description
 milestones.due_date = Due Date (optional)
 milestones.clear = Clear
-milestones.invalid_due_date_format = Due date format is invalid, must be 'year-mm-dd'.
+milestones.invalid_due_date_format = Due date format is invalid, must be 'yyyy-mm-dd'.
 milestones.create_success = Milestone '%s' has been created successfully!
 milestones.edit = Edit Milestone
-milestones.edit_subheader = Use better description for milestones so people won't be confused.
+milestones.edit_subheader = Use a better description for milestones so people won't be confused.
 milestones.cancel = Cancel
 milestones.modify = Modify Milestone
 milestones.edit_success = Changes of milestone '%s' has been saved successfully!
 milestones.deletion = Milestone Deletion
-milestones.deletion_desc = Delete this milestone will remove its information in all related issues. Do you want to continue?
+milestones.deletion_desc = Deleting this milestone will remove its information in all related issues. Do you want to continue?
 milestones.deletion_success = Milestone has been deleted successfully!

+wiki = Wiki
+wiki.welcome = Welcome to Wiki!
+wiki.welcome_desc = Wiki is the place where you would like to document your project together and make it better.
+wiki.create_first_page = Create the first page
+wiki.page = Page
+wiki.filter_page = Filter page
+wiki.new_page = Create New Page
+wiki.default_commit_message = Write a note about this update (optional).
+wiki.save_page = Save Page
+wiki.last_commit_info = %s edited this page %s
+wiki.edit_page_button = Edit
+wiki.new_page_button = New Page
+wiki.page_already_exists = Wiki page with same name already exists.
+wiki.pages = Pages
+wiki.last_updated = Last updated %s
+
 settings = Settings
 settings.options = Options
 settings.collaboration = Collaboration
 settings.hooks = Webhooks
 settings.githooks = Git Hooks
 settings.basic_settings = Basic Settings
-settings.danger_zone = Danger Zone
 settings.site = Official Site
 settings.update_settings = Update Settings
 settings.change_reponame_prompt = This change will affect how links relate to the repository.
+settings.advanced_settings = Advanced Settings
+settings.wiki_desc = Enable wiki to allow people write documents
+settings.use_external_wiki = Use external wiki
+settings.external_wiki_url = External Wiki URL
+settings.external_wiki_url_desc = Visitors will be redirected to URL when they click on the tab.
+settings.issues_desc = Enable builtin lightweight issue tracker
+settings.use_external_issue_tracker = Use external issue tracker
+settings.tracker_url_format = External Issue Tracker URL Format
+settings.tracker_url_format_desc = You can use placeholder <code>{user} {repo} {index}</code> for user name, repository name and issue index.
+settings.pulls_desc = Enable pull requests to accept public contributions
+settings.danger_zone = Danger Zone
+settings.new_owner_has_same_repo = The new owner already has a repository with same name. Please choose another name.
+settings.convert = Convert To Regular Repository
+settings.convert_desc = You can convert this mirror to a regular repository. This cannot be reversed.
+settings.convert_notices_1 = - This operation will convert this repository mirror into a regular repository and cannot be undone.
+settings.convert_confirm = Confirm Conversion
+settings.convert_succeed = Repository has been converted to regular type successfully.
 settings.transfer = Transfer Ownership
 settings.transfer_desc = Transfer this repository to another user or to an organization in which you have admin rights.
-settings.new_owner_has_same_repo = The new owner already has a repository with same name. Please choose another name.
-settings.delete = Delete This Repository
-settings.delete_desc = Once you delete a repository, there is no going back. Please be certain.
 settings.transfer_notices_1 = - You will lose access if new owner is a individual user.
 settings.transfer_notices_2 = - You will conserve access if new owner is an organization and if you're one of the owners.
-settings.transfer_form_title = Please enter following information to confirm your operation: 
+settings.transfer_form_title = Please enter following information to confirm your operation:
+settings.delete = Delete This Repository
+settings.delete_desc = Once you delete a repository, there is no going back. Please be certain.
 settings.delete_notices_1 = - This operation <strong>CANNOT</strong> be undone.
 settings.delete_notices_2 = - This operation will permanently delete the everything of this repository, including Git data, issues, comments and accesses of collaborators.
-settings.delete_notices_fork_1 = - If this repository is public, all forks will be became independent after deletion.
+settings.delete_notices_fork_1 = - If this repository is public, all forks will become independent after deletion.
 settings.delete_notices_fork_2 = - If this repository is private, all forks will be removed at the same time.
 settings.delete_notices_fork_3 = - If you want to keep all forks after deletion, please change visibility of this repository to public first.
+settings.deletion_success = Repository has been deleted successfully!
 settings.update_settings_success = Repository options has been updated successfully.
 settings.transfer_owner = New Owner
 settings.make_transfer = Make Transfer
@@ -554,12 +611,17 @@ settings.confirm_delete = Confirm Deletion
 settings.add_collaborator = Add New Collaborator
 settings.add_collaborator_success = New collaborator has been added.
 settings.remove_collaborator_success = Collaborator has been removed.
+settings.search_user_placeholder = Search user...
+settings.org_not_allowed_to_be_collaborator = Organization is not allowed to be added as a collaborator.
 settings.user_is_org_member = User is organization member who cannot be added as a collaborator.
 settings.add_webhook = Add Webhook
 settings.hooks_desc = Webhooks are much like basic HTTP POST event triggers. Whenever something occurs in Gogs, we will handle the notification to the target host you specify. Learn more in this <a target="_blank" href="%s">Webhooks Guide</a>.
 settings.webhook_deletion = Delete Webhook
 settings.webhook_deletion_desc = Delete this webhook will remove its information and all delivery history. Do you want to continue?
 settings.webhook_deletion_success = Webhook has been deleted successfully!
+settings.webhook.test_delivery = Test Delivery
+settings.webhook.test_delivery_desc = Send a fake push event delivery to test your webhook settings
+settings.webhook.test_delivery_success = Test webhook has been added to delivery queue. It may take few seconds before it shows up in the delivery history.
 settings.webhook.request = Request
 settings.webhook.response = Response
 settings.webhook.headers = Headers
@@ -599,14 +661,15 @@ settings.slack_domain = Domain
 settings.slack_channel = Channel
 settings.deploy_keys = Deploy Keys
 settings.add_deploy_key = Add Deploy Key
-settings.no_deploy_keys = You haven't added any deploy key.
+settings.deploy_key_desc = Deploy keys have read-only access. They are not the same as personal account SSH keys.
+settings.no_deploy_keys = You haven't added any deploy keys.
 settings.title = Title
 settings.deploy_key_content = Content
 settings.key_been_used = Deploy key content has been used.
-settings.key_name_used = Deploy key with same name has already existed.
+settings.key_name_used = Deploy key with the same name already exists.
 settings.add_key_success = New deploy key '%s' has been added successfully!
 settings.deploy_key_deletion = Delete Deploy Key
-settings.deploy_key_deletion_desc = Delete this deploy key will remove all related accesses for this repository. Do you want to continue?
+settings.deploy_key_deletion_desc = Deleting this deploy key will remove all related accesses for this repository. Do you want to continue?
 settings.deploy_key_deletion_success = Deploy key has been deleted successfully!

 diff.browse_source = Browse Source
@@ -614,6 +677,8 @@ diff.parent = parent
 diff.commit = commit
 diff.data_not_available = Diff Data Not Available.
 diff.show_diff_stats = Show Diff Stats
+diff.show_split_view = Split View
+diff.show_unified_view = Unified View
 diff.stats_desc = <strong> %d changed files</strong> with <strong>%d additions</strong> and <strong>%d deletions</strong>
 diff.bin = BIN
 diff.view_file = View File
@@ -626,24 +691,32 @@ release.stable = Stable
 release.edit = edit
 release.ahead = <strong>%d</strong> commits to %s since this release
 release.source_code = Source Code
+release.new_subheader = Publish releases to iterate product.
+release.edit_subheader = Detailed change log can help users understand what has been improved.
 release.tag_name = Tag name
 release.target = Target
 release.tag_helper = Choose an existing tag, or create a new tag on publish.
-release.release_title = Release title
-release.content_with_md = Content with <a href="%s">Markdown</a>
+release.title = Title
+release.content = Content
 release.write = Write
 release.preview = Preview
-release.content_placeholder = Write some content
 release.loading = Loading...
 release.prerelease_desc = This is a pre-release
-release.prerelease_helper = We’ll point out that this release is not production-ready.
+release.prerelease_helper = We'll point out that this release is not production-ready.
+release.cancel = Cancel
 release.publish = Publish Release
 release.save_draft = Save Draft
 release.edit_release = Edit Release
-release.tag_name_already_exist = Release with this tag name has already existed.
+release.delete_release = Delete This Release
+release.deletion = Release Deletion
+release.deletion_desc = Deleting this release will delete the corresponding Git tag. Do you want to continue?
+release.deletion_success = Release has been deleted successfully!
+release.tag_name_already_exist = Release with this tag name already exists.
+release.downloads = Downloads

 [org]
 org_name_holder = Organization Name
+org_full_name_holder = Organization Full Name
 org_name_helper = Great organization names are short and memorable.
 create_org = Create Organization
 repo_updated = Updated
@@ -680,16 +753,17 @@ settings.delete_org_title = Organization Deletion
 settings.delete_org_desc = This organization is going to be deleted permanently, do you want to continue?
 settings.hooks_desc = Add webhooks that will be triggered for <strong>all repositories</strong> under this organization.

+members.membership_visibility = Membership Visibility:
 members.public = Public
 members.public_helper = make private
 members.private = Private
 members.private_helper = make public
+members.member_role = Member Role:
 members.owner = Owner
 members.member = Member
-members.conceal = Conceal
 members.remove = Remove
 members.leave = Leave
-members.invite_desc = Start typing a username to invite a new member to %s:
+members.invite_desc = Add a new member to %s:
 members.invite_now = Invite Now

 teams.join = Join
@@ -714,6 +788,7 @@ teams.read_permission_desc = This team grants <strong>Read</strong> access: memb
 teams.write_permission_desc = This team grants <strong>Write</strong> access: members can read from and push to the team's repositories.
 teams.admin_permission_desc = This team grants <strong>Admin</strong> access: members can read from, push to, and add collaborators to the team's repositories.
 teams.repositories = Team Repositories
+teams.search_repo_placeholder = Search repository...
 teams.add_team_repository = Add Team Repository
 teams.remove_repo = Remove
 teams.add_nonexistent_repo = The repository you're trying to add does not exist, please create it first.
@@ -744,12 +819,16 @@ dashboard.delete_inactivate_accounts = Delete all inactive accounts
 dashboard.delete_inactivate_accounts_success = All inactivate accounts have been deleted successfully.
 dashboard.delete_repo_archives = Delete all repositories archives
 dashboard.delete_repo_archives_success = All repositories archives have been deleted successfully.
+dashboard.delete_missing_repos = Delete all repository records that lost Git files
+dashboard.delete_missing_repos_success = All repository records that lost Git files have been deleted successfully.
 dashboard.git_gc_repos = Do garbage collection on repositories
 dashboard.git_gc_repos_success = All repositories have done garbage collection successfully.
 dashboard.resync_all_sshkeys = Rewrite '.ssh/authorized_keys' file (caution: non-Gogs keys will be lost)
 dashboard.resync_all_sshkeys_success = All public keys have been rewritten successfully.
 dashboard.resync_all_update_hooks = Rewrite all update hook of repositories (needed when custom config path is changed)
 dashboard.resync_all_update_hooks_success = All repositories' update hook have been rewritten successfully.
+dashboard.reinit_missing_repos = Reinitialize all repository records that lost Git files
+dashboard.reinit_missing_repos_success = All repository records that lost Git files have been reinitialized successfully.

 dashboard.server_uptime = Server Uptime
 dashboard.current_goroutine = Current Goroutines
@@ -772,7 +851,7 @@ dashboard.mspan_structures_obtained = MSpan Structures Obtained
 dashboard.mcache_structures_usage = MCache Structures Usage
 dashboard.mcache_structures_obtained = MCache Structures Obtained
 dashboard.profiling_bucket_hash_table_obtained = Profiling Bucket Hash Table Obtained
-dashboard.gc_metadata_obtained = GC Metadada Obtained
+dashboard.gc_metadata_obtained = GC Metadata Obtained
 dashboard.other_system_allocation_obtained = Other System Allocation Obtained
 dashboard.next_gc_recycle = Next GC Recycle
 dashboard.last_gc_time = Since Last GC Time
@@ -797,9 +876,12 @@ users.auth_login_name = Authentication Login Name
 users.password_helper = Leave it empty to remain unchanged.
 users.update_profile_success = Account profile has been updated successfully.
 users.edit_account = Edit Account
+users.max_repo_creation = Maximum Repository Creation Limit
+users.max_repo_creation_desc = (Set -1 to use global default limit)
 users.is_activated = This account is activated
 users.is_admin = This account has administrator permissions
 users.allow_git_hook = This account has permissions to create Git hooks
+users.allow_import_local = This account has permissions to import local repositories
 users.update_profile = Update Account Profile
 users.delete_account = Delete This Account
 users.still_own_repo = This account still has ownership over at least one repository, you have to delete or transfer them first.
@@ -835,9 +917,12 @@ auths.bind_password = Bind Password
 auths.bind_password_helper = Warning: This password is stored in plain text. Do not use a high privileged account.
 auths.user_base = User Search Base
 auths.user_dn = User DN
+auths.attribute_username = Username attribute
+auths.attribute_username_placeholder = Leave empty to use sign-in form field value for user name.
 auths.attribute_name = First name attribute
 auths.attribute_surname = Surname attribute
-auths.attribute_mail = E-mail attribute
+auths.attribute_mail = Email attribute
+auths.attributes_in_bind = Fetch attributes in Bind DN context
 auths.filter = User Filter
 auths.admin_filter = Admin Filter
 auths.ms_ad_sa = Ms Ad SA
@@ -885,11 +970,10 @@ config.db_ssl_mode_helper = (for "postgres" only)
 config.db_path = Path
 config.db_path_helper = (for "sqlite3" and "tidb")
 config.service_config = Service Configuration
-config.register_email_confirm = Require E-mail Confirmation
+config.register_email_confirm = Require Email Confirmation
 config.disable_register = Disable Registration
 config.show_registration_button = Show Register Button
 config.require_sign_in_view = Require Sign In View
-config.enable_cache_avatar = Enable Cache Avatar
 config.mail_notify = Mail Notification
 config.disable_key_size_check = Disable Minimum Key Size Check
 config.enable_captcha = Enable Captcha
@@ -938,23 +1022,32 @@ monitor.start = Start Time
 monitor.execute_time = Execution Time

 notices.system_notice_list = System Notices
+notices.view_detail_header = View Notice Detail
+notices.actions = Actions
+notices.select_all = Select All
+notices.deselect_all = Deselect All
+notices.inverse_selection = Inverse Selection
+notices.delete_selected = Delete Selected
+notices.delete_all = Delete All Notices
 notices.type = Type
 notices.type_1 = Repository
 notices.desc = Description
 notices.op = Op.
-notices.delete_success = System notice has been deleted successfully.
+notices.delete_success = System notices have been deleted successfully.

 [action]
 create_repo = created repository <a href="%s">%s</a>
 rename_repo = renamed repository from <code>%[1]s</code> to <a href="%[2]s">%[3]s</a>
-commit_repo = pushed to <a href="%s/src/%s">%[2]s</a> at <a href="%[1]s">%[3]s</a>
+commit_repo = pushed to <a href="%[1]s/src/%[2]s">%[3]s</a> at <a href="%[1]s">%[4]s</a>
 create_issue = `opened issue <a href="%s/issues/%s">%s#%[2]s</a>`
+close_issue = `closed issue <a href="%s/issues/%s">%s#%[2]s</a>`
+reopen_issue = `reopened issue <a href="%s/issues/%s">%s#%[2]s</a>`
 create_pull_request = `created pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
 comment_issue = `commented on issue <a href="%s/issues/%s">%s#%[2]s</a>`
 merge_pull_request = `merged pull request <a href="%s/pulls/%s">%s#%[2]s</a>`
 transfer_repo = transfered repository <code>%s</code> to <a href="%s">%s</a>
 push_tag = pushed tag <a href="%s/src/%s">%[2]s</a> to <a href="%[1]s">%[3]s</a>
-compare_2_commits = View comparison for these 2 commits
+compare_commits = View comparison for these %d commits

 [tool]
 ago = ago
@@ -980,5 +1073,5 @@ raw_minutes = minutes
 [dropzone]
 default_message = Drop files here or click to upload.
 invalid_input_type = You can't upload files of this type.
-file_too_big = File size({{filesize}} MB) exceeds maximum size({{maxFilesize}} MB).
+file_too_big = File size ({{filesize}} MB) exceeds maximum size ({{maxFilesize}} MB).
 remove_file = Remove file
--- a/conf/locale/locale_es-ES.ini
+++ b/conf/locale/locale_es-ES.ini
--- a/conf/locale/locale_fr-FR.ini
+++ b/conf/locale/locale_fr-FR.ini
--- a/conf/locale/locale_it-IT.ini
+++ b/conf/locale/locale_it-IT.ini
--- a/conf/locale/locale_ja-JP.ini
+++ b/conf/locale/locale_ja-JP.ini
--- a/conf/locale/locale_lv-LV.ini
+++ b/conf/locale/locale_lv-LV.ini
--- a/conf/locale/locale_nl-NL.ini
+++ b/conf/locale/locale_nl-NL.ini
--- a/conf/locale/locale_pl-PL.ini
+++ b/conf/locale/locale_pl-PL.ini
--- a/conf/locale/locale_pt-BR.ini
+++ b/conf/locale/locale_pt-BR.ini
--- a/conf/locale/locale_ru-RU.ini
+++ b/conf/locale/locale_ru-RU.ini
--- a/conf/locale/locale_zh-CN.ini
+++ b/conf/locale/locale_zh-CN.ini
--- a/conf/locale/locale_zh-HK.ini
+++ b/conf/locale/locale_zh-HK.ini
--- a/config.codekit
+++ b/config.codekit
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,12 +0,0 @@
-web:
-  build: .
-  links:
-    - mysql
-  ports:
-    - "3000:3000"
-
-mysql:
-  image: mysql
-  environment:
-    - MYSQL_ROOT_PASSWORD=gogs
-    - MYSQL_DATABASE=gogs
--- a/docker/README.md
+++ b/docker/README.md
@@ -1,6 +1,6 @@
 # Docker for Gogs

-Visit [Docker Hub](https://hub.docker.com/r/gogs/gogs/) see all available tags.
+Visit [Docker Hub](https://hub.docker.com/r/gogs/gogs/) or [Quay](https://quay.io/repository/gogs/gogs) see all available tags.

 ## Usage

@@ -17,12 +17,14 @@ $ mkdir -p /var/gogs
 $ docker run --name=gogs -p 10022:22 -p 10080:3000 -v /var/gogs:/data gogs/gogs

 # Use `docker start` if you have stopped it.
-$ docker start gogs 
+$ docker start gogs
 ```

+Note: It is important to map the Gogs ssh service from the container to the host and set the appropriate SSH Port and URI settings when setting up Gogs for the first time. To access and clone Gogs Git repositories with the above configuration you would use: `git clone ssh://git@hostname:10022/username/myrepo.git` for example.
+
 Files will be store in local path `/var/gogs` in my case.

-Directory `/var/gogs` keeps Git repoistories and Gogs data:
+Directory `/var/gogs` keeps Git repositories and Gogs data:

    /var/gogs
    |-- git
@@ -33,20 +35,45 @@ Directory `/var/gogs` keeps Git repoistories and Gogs data:
        |-- conf
        |-- data
        |-- log
-        |-- templates
+
+### Volume with data container
+
+If you're more comfortable with mounting data to a data container, the commands you execute at the first time will look like as follows:
+
+```
+# Create data container
+docker run --name=gogs-data --entrypoint /bin/true gogs/gogs
+# Use `docker run` for the first time.
+docker run --name=gogs --volumes-from gogs-data -p 10022:22 -p 10080:3000 gogs/gogs
+```
+#### Using Docker 1.9 Volume command
+
+```
+# Create docker volume.
+$ docker volume create --name gogs-data
+
+# Use `docker run` for the first time.
+$ docker run --name=gogs -p 10022:22 -p 10080:3000 -v gogs-data:/data gogs/gogs
+```

 ## Settings

+### Application
+
 Most of settings are obvious and easy to understand, but there are some settings can be confusing by running Gogs inside Docker:

 - **Repository Root Path**: keep it as default value `/home/git/gogs-repositories` because `start.sh` already made a symbolic link for you.
 - **Run User**: keep it as default value `git` because `start.sh` already setup a user with name `git`.
 - **Domain**: fill in with Docker container IP(e.g. `192.168.99.100`). But if you want to access your Gogs instance from a different physical machine, please fill in with the hostname or IP address of the Docker host machine.
- **SSH Port**: Use the exposed port from Docker container. For example, your SSH server listens on `22` inside Docker, but you expose it by `10022:22`, then use `10022` for this value.
+- **SSH Port**: Use the exposed port from Docker container. For example, your SSH server listens on `22` inside Docker, but you expose it by `10022:22`, then use `10022` for this value. **Builtin SSH server is not recommended inside Docker Container**
 - **HTTP Port**: Use port you want Gogs to listen on inside Docker container. For example, your Gogs listens on `3000` inside Docker, and you expose it by `10080:3000`, but you still use `3000` for this value.
- **Application URL**: Use combination of **Domain** and **exposed HTTP Port** values(e.g. `http://192.168.99.100:10080/`). 
+- **Application URL**: Use combination of **Domain** and **exposed HTTP Port** values(e.g. `http://192.168.99.100:10080/`).

-Full documentation of settings can be found [here](http://gogs.io/docs/advanced/configuration_cheat_sheet.html).
+Full documentation of application settings can be found [here](http://gogs.io/docs/advanced/configuration_cheat_sheet.html).
+
+### Crond
+
+Please set environment variable `RUN_CROND` to be `true` or `1` in order to start `crond` inside the container.

 ## Upgrade

@@ -59,16 +86,6 @@ Steps to upgrade Gogs with Docker:
 - `docker rm gogs`
 - Finally, create container as the first time and don't forget to do same volume and port mapping.

-## Troubleshooting
-
-If you see the following error:
-
-```
-checkVersion()] [E] Binary and template file version does not match
-```
-
-Run `rm -fr /var/gogs/gogs/templates/` should fix this it. Just remember to backup templates file if you have made modifications youself.
-
 ## Known Issues

- [Use ctrl+c when clone through SSH makes Docker exit unexpectedly](https://github.com/gogits/gogs/issues/1499)
+- `.dockerignore` seems to be ignored during Docker Hub Automated build
--- a/docker/build.sh
+++ b/docker/build.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+set -x
+set -e
+
+# Set temp environment vars
+export GOPATH=/tmp/go
+export PATH=${PATH}:${GOPATH}/bin
+
+# Install build deps
+apk -U --no-progress add --virtual build-deps linux-pam-dev go gcc musl-dev
+
+# Init go environment to build Gogs
+mkdir -p ${GOPATH}/src/github.com/gogits/
+ln -s /app/gogs/ ${GOPATH}/src/github.com/gogits/gogs
+cd ${GOPATH}/src/github.com/gogits/gogs
+go get -v -tags "sqlite cert pam"
+go build -tags "sqlite cert pam"
+
+# Cleanup GOPATH
+rm -r $GOPATH
+
+# Remove build deps
+apk --no-progress del build-deps
+
+# Create git user for Gogs
+adduser -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash && passwd -u git
+echo "export GOGS_CUSTOM=${GOGS_CUSTOM}" >> /etc/profile
--- a/docker/nsswitch.conf
+++ b/docker/nsswitch.conf
@@ -0,0 +1,16 @@
+# /etc/nsswitch.conf
+
+passwd:         compat
+group:          compat
+shadow:         compat
+
+hosts:          files dns
+networks:       files
+
+protocols:      db files
+services:       db files
+ethers:         db files
+rpc:            db files
+
+netgroup:       nis
+
--- a/docker/s6/.s6-svscan/finish
+++ b/docker/s6/.s6-svscan/finish
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Cleanup SOCAT services and s6 event folder
+rm -rf $(find /app/gogs/docker/s6/ -name 'event')
+rm -rf /app/gogs/docker/s6/SOCAT_*
--- a/docker/s6/crond/down
+++ b/docker/s6/crond/down
--- a/docker/s6/crond/run
+++ b/docker/s6/crond/run
@@ -0,0 +1,9 @@
+#!/bin/sh
+# Crontabs are located by default in /var/spool/cron/crontabs/
+# The default configuration is also calling all the scripts in /etc/periodic/${period}
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+exec gosu root /usr/sbin/crond -fS
--- a/docker/s6/gogs/run
+++ b/docker/s6/gogs/run
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+export USER=git
+exec gosu $USER /app/gogs/gogs web
--- a/docker/s6/gogs/setup
+++ b/docker/s6/gogs/setup
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+if ! test -d ~git/.ssh; then
+    mkdir -p ~git/.ssh
+    chmod 700 ~git/.ssh
+fi
+
+if ! test -f ~git/.ssh/environment; then
+    echo "GOGS_CUSTOM=${GOGS_CUSTOM}" > ~git/.ssh/environment
+    chmod 600 ~git/.ssh/environment
+fi
+
+cd /app/gogs
+
+# Link volumed data with app data
+ln -sf /data/gogs/log  ./log
+ln -sf /data/gogs/data ./data
+
+# Backward Compatibility with Gogs Container v0.6.15
+ln -sf /data/git /home/git
+
+chown -R git:git /data /app/gogs ~git/
+chmod 0755 /data /data/gogs ~git/
--- a/docker/s6/openssh/run
+++ b/docker/s6/openssh/run
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+exec gosu root /usr/sbin/sshd -D -f /app/gogs/docker/sshd_config
--- a/docker/s6/openssh/setup
+++ b/docker/s6/openssh/setup
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+# Check if host keys are present, else create them
+if ! test -f /data/ssh/ssh_host_rsa_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
+fi
+
+if ! test -f /data/ssh/ssh_host_dsa_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
+fi
+
+if ! test -f /data/ssh/ssh_host_ecdsa_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
+fi
+
+if ! test -f /data/ssh/ssh_host_ed25519_key; then
+    ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
+fi
+
+# Set correct right to ssh keys
+chown -R root:root /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*
--- a/docker/s6/syslogd/run
+++ b/docker/s6/syslogd/run
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if test -f ./setup; then
+    source ./setup
+fi
+
+exec gosu root /sbin/syslogd -nS -O-
--- a/docker/sshd_config
+++ b/docker/sshd_config
@@ -0,0 +1,16 @@
+Port 22
+AddressFamily any
+ListenAddress 0.0.0.0
+ListenAddress ::
+Protocol 2
+LogLevel INFO
+HostKey /data/ssh/ssh_host_rsa_key
+HostKey /data/ssh/ssh_host_dsa_key
+HostKey /data/ssh/ssh_host_ecdsa_key
+HostKey /data/ssh/ssh_host_ed25519_key
+PermitRootLogin no
+AuthorizedKeysFile	.ssh/authorized_keys
+PasswordAuthentication no
+UsePrivilegeSeparation no
+PermitUserEnvironment yes
+AllowUsers git
--- a/docker/start.sh
+++ b/docker/start.sh
@@ -1,43 +1,65 @@
-#!/bin/bash -
-#
+#!/bin/sh

-if ! test -d /data/gogs
-then
-	mkdir -p /var/run/sshd
-	mkdir -p /data/gogs/data /data/gogs/conf /data/gogs/log /data/git
+create_socat_links() {
+    # Bind linked docker container to localhost socket using socat
+    USED_PORT="3000:22"
+    while read NAME ADDR PORT; do
+        if test -z "$NAME$ADDR$PORT"; then
+            continue
+        elif echo $USED_PORT | grep -E "(^|:)$PORT($|:)" > /dev/null; then
+            echo "init:socat  | Can't bind linked container ${NAME} to localhost, port ${PORT} already in use" 1>&2
+        else
+            SERV_FOLDER=/app/gogs/docker/s6/SOCAT_${NAME}_${PORT}
+            mkdir -p ${SERV_FOLDER}
+            CMD="socat -ls TCP4-LISTEN:${PORT},fork,reuseaddr TCP4:${ADDR}:${PORT}"
+            echo -e "#!/bin/sh\nexec $CMD" > ${SERV_FOLDER}/run
+            chmod +x ${SERV_FOLDER}/run
+            USED_PORT="${USED_PORT}:${PORT}"
+            echo "init:socat  | Linked container ${NAME} will be binded to localhost on port ${PORT}" 1>&2
+        fi
+    done << EOT
+    $(env | sed -En 's|(.*)_PORT_([0-9]+)_TCP=tcp://(.*):([0-9]+)|\1 \3 \4|p')
+EOT
+}
+
+cleanup() {
+    # Cleanup SOCAT services and s6 event folder
+    # On start and on shutdown in case container has been killed
+    rm -rf $(find /app/gogs/docker/s6/ -name 'event')
+    rm -rf /app/gogs/docker/s6/SOCAT_*
+}
+
+create_volume_subfolder() {
+    # Create VOLUME subfolder
+    for f in /data/gogs/data /data/gogs/conf /data/gogs/log /data/git /data/ssh; do
+        if ! test -d $f; then
+            mkdir -p $f
+        fi
+    done
+}
+
+cleanup
+create_volume_subfolder
+
+LINK=$(echo "$SOCAT_LINK" | tr '[:upper:]' '[:lower:]')
+if [ "$LINK" = "false" -o "$LINK" = "0" ]; then
+    echo "init:socat  | Will not try to create socat links as requested" 1>&2
+else
+    create_socat_links
 fi

-if ! test -d /data/ssh
-then
-	mkdir /data/ssh
-	ssh-keygen -q -f /data/ssh/ssh_host_key -N '' -t rsa1
-	ssh-keygen -q -f /data/ssh/ssh_host_rsa_key -N '' -t rsa
-	ssh-keygen -q -f /data/ssh/ssh_host_dsa_key -N '' -t dsa
-	ssh-keygen -q -f /data/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
-	ssh-keygen -q -f /data/ssh/ssh_host_ed25519_key -N '' -t ed25519
-	chown -R root:root /data/ssh/*
-	chmod 600 /data/ssh/*
+CROND=$(echo "$RUN_CROND" | tr '[:upper:]' '[:lower:]')
+if [ "$CROND" = "true" -o "$CROND" = "1" ]; then
+    echo "init:crond  | Cron Daemon (crond) will be run as requested by s6" 1>&2
+    rm -f /app/gogs/docker/s6/crond/down
+else
+    # Tell s6 not to run the crond service
+    touch /app/gogs/docker/s6/crond/down
 fi

-service ssh start
-
-ln -sf /data/gogs/log ./log
-ln -sf /data/gogs/data ./data
-ln -sf /data/git /home/git
-
-
-if ! test -d ~git/.ssh
-then
-  mkdir ~git/.ssh
-  chmod 700 ~git/.ssh
+# Exec CMD or S6 by default if nothing present
+if [ $# -gt 0 ];then
+    exec "$@"
+else
+    exec /bin/s6-svscan /app/gogs/docker/s6/
 fi
-
-if ! test -f ~git/.ssh/environment
-then
-  echo "GOGS_CUSTOM=/data/gogs" > ~git/.ssh/environment
-  chown git:git ~git/.ssh/environment
-  chown 600 ~git/.ssh/environment
-fi
-
-chown -R git:git /data .
-exec su git -c "./gogs web"
--- a/gogs.go
+++ b/gogs.go
@@ -1,10 +1,10 @@
-// +build go1.2
+// +build go1.4

 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-// Gogs(Go Git Service) is a painless self-hosted Git Service written in Go.
+// Gogs (Go Git Service) is a painless self-hosted Git Service.
 package main

 import (
@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )

-const APP_VER = "0.6.15.0926 Beta"
+const APP_VER = "0.8.43.0223"

 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
--- a/models/access.go
+++ b/models/access.go
@@ -36,19 +36,19 @@ func accessLevel(e Engine, u *User, repo *Repository) (AccessMode, error) {
 		mode = ACCESS_MODE_READ
 	}

-	if u != nil {
-		if u.Id == repo.OwnerID {
-			return ACCESS_MODE_OWNER, nil
-		}
-
-		a := &Access{UserID: u.Id, RepoID: repo.ID}
-		if has, err := e.Get(a); !has || err != nil {
-			return mode, err
-		}
-		return a.Mode, nil
+	if u == nil {
+		return mode, nil
 	}

-	return mode, nil
+	if u.Id == repo.OwnerID {
+		return ACCESS_MODE_OWNER, nil
+	}
+
+	a := &Access{UserID: u.Id, RepoID: repo.ID}
+	if has, err := e.Get(a); !has || err != nil {
+		return mode, err
+	}
+	return a.Mode, nil
 }

 // AccessLevel returns the Access a user has to a repository. Will return NoneAccess if the
@@ -67,9 +67,8 @@ func HasAccess(u *User, repo *Repository, testMode AccessMode) (bool, error) {
 	return hasAccess(x, u, repo, testMode)
 }

-// GetAccessibleRepositories finds all repositories where a user has access to,
-// besides he/she owns.
-func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
+// GetRepositoryAccesses finds all repositories with their access mode where a user has access but does not own.
+func (u *User) GetRepositoryAccesses() (map[*Repository]AccessMode, error) {
 	accesses := make([]*Access, 0, 10)
 	if err := x.Find(&accesses, &Access{UserID: u.Id}); err != nil {
 		return nil, err
@@ -80,7 +79,7 @@ func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
 		repo, err := GetRepositoryByID(access.RepoID)
 		if err != nil {
 			if IsErrRepoNotExist(err) {
-				log.Error(4, "%v", err)
+				log.Error(4, "GetRepositoryByID: %v", err)
 				continue
 			}
 			return nil, err
@@ -92,11 +91,28 @@ func (u *User) GetAccessibleRepositories() (map[*Repository]AccessMode, error) {
 		}
 		repos[repo] = access.Mode
 	}
-
-	// FIXME: should we generate an ordered list here? Random looks weird.
 	return repos, nil
 }

+// GetAccessibleRepositories finds all repositories where a user has access but does not own.
+func (u *User) GetAccessibleRepositories() ([]*Repository, error) {
+	accesses := make([]*Access, 0, 10)
+	if err := x.Find(&accesses, &Access{UserID: u.Id}); err != nil {
+		return nil, err
+	}
+
+	if len(accesses) == 0 {
+		return []*Repository{}, nil
+	}
+
+	repoIDs := make([]int64, 0, len(accesses))
+	for _, access := range accesses {
+		repoIDs = append(repoIDs, access.RepoID)
+	}
+	repos := make([]*Repository, 0, len(repoIDs))
+	return repos, x.Where("owner_id != ?", u.Id).In("id", repoIDs).Desc("updated").Find(&repos)
+}
+
 func maxAccessMode(modes ...AccessMode) AccessMode {
 	max := ACCESS_MODE_NONE
 	for _, mode := range modes {
--- a/models/action.go
+++ b/models/action.go
@@ -14,12 +14,13 @@ import (
 	"time"
 	"unicode"

+	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"

+	"github.com/gogits/git-module"
 	api "github.com/gogits/go-gogs-client"

 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
 )
@@ -27,17 +28,19 @@ import (
 type ActionType int

 const (
-	CREATE_REPO         ActionType = iota + 1 // 1
-	RENAME_REPO                               // 2
-	STAR_REPO                                 // 3
-	FOLLOW_REPO                               // 4
-	COMMIT_REPO                               // 5
-	CREATE_ISSUE                              // 6
-	CREATE_PULL_REQUEST                       // 7
-	TRANSFER_REPO                             // 8
-	PUSH_TAG                                  // 9
-	COMMENT_ISSUE                             // 10
-	MERGE_PULL_REQUEST                        // 11
+	ACTION_CREATE_REPO         ActionType = iota + 1 // 1
+	ACTION_RENAME_REPO                               // 2
+	ACTION_STAR_REPO                                 // 3
+	ACTION_WATCH_REPO                                // 4
+	ACTION_COMMIT_REPO                               // 5
+	ACTION_CREATE_ISSUE                              // 6
+	ACTION_CREATE_PULL_REQUEST                       // 7
+	ACTION_TRANSFER_REPO                             // 8
+	ACTION_PUSH_TAG                                  // 9
+	ACTION_COMMENT_ISSUE                             // 10
+	ACTION_MERGE_PULL_REQUEST                        // 11
+	ACTION_CLOSE_ISSUE                               // 12
+	ACTION_REOPEN_ISSUE                              // 13
 )

 var (
@@ -89,65 +92,101 @@ func (a *Action) AfterSet(colName string, _ xorm.Cell) {
 	}
 }

-func (a Action) GetOpType() int {
+func (a *Action) GetOpType() int {
 	return int(a.OpType)
 }

-func (a Action) GetActUserName() string {
+func (a *Action) GetActUserName() string {
 	return a.ActUserName
 }

-func (a Action) GetActEmail() string {
+func (a *Action) ShortActUserName() string {
+	return base.EllipsisString(a.ActUserName, 20)
+}
+
+func (a *Action) GetActEmail() string {
 	return a.ActEmail
 }

-func (a Action) GetRepoUserName() string {
+func (a *Action) GetRepoUserName() string {
 	return a.RepoUserName
 }

-func (a Action) GetRepoName() string {
+func (a *Action) ShortRepoUserName() string {
+	return base.EllipsisString(a.RepoUserName, 20)
+}
+
+func (a *Action) GetRepoName() string {
 	return a.RepoName
 }

-func (a Action) GetRepoPath() string {
+func (a *Action) ShortRepoName() string {
+	return base.EllipsisString(a.RepoName, 33)
+}
+
+func (a *Action) GetRepoPath() string {
 	return path.Join(a.RepoUserName, a.RepoName)
 }

-func (a Action) GetRepoLink() string {
+func (a *Action) ShortRepoPath() string {
+	return path.Join(a.ShortRepoUserName(), a.ShortRepoName())
+}
+
+func (a *Action) GetRepoLink() string {
 	if len(setting.AppSubUrl) > 0 {
 		return path.Join(setting.AppSubUrl, a.GetRepoPath())
 	}
 	return "/" + a.GetRepoPath()
 }

-func (a Action) GetBranch() string {
+func (a *Action) GetBranch() string {
 	return a.RefName
 }

-func (a Action) GetContent() string {
+func (a *Action) GetContent() string {
 	return a.Content
 }

-func (a Action) GetCreate() time.Time {
+func (a *Action) GetCreate() time.Time {
 	return a.Created
 }

-func (a Action) GetIssueInfos() []string {
+func (a *Action) GetIssueInfos() []string {
 	return strings.SplitN(a.Content, "|", 2)
 }

+func (a *Action) GetIssueTitle() string {
+	index := com.StrTo(a.GetIssueInfos()[0]).MustInt64()
+	issue, err := GetIssueByIndex(a.RepoID, index)
+	if err != nil {
+		log.Error(4, "GetIssueByIndex: %v", err)
+		return "500 when get issue"
+	}
+	return issue.Name
+}
+
+func (a *Action) GetIssueContent() string {
+	index := com.StrTo(a.GetIssueInfos()[0]).MustInt64()
+	issue, err := GetIssueByIndex(a.RepoID, index)
+	if err != nil {
+		log.Error(4, "GetIssueByIndex: %v", err)
+		return "500 when get issue"
+	}
+	return issue.Content
+}
+
 func newRepoAction(e Engine, u *User, repo *Repository) (err error) {
 	if err = notifyWatchers(e, &Action{
 		ActUserID:    u.Id,
 		ActUserName:  u.Name,
 		ActEmail:     u.Email,
-		OpType:       CREATE_REPO,
+		OpType:       ACTION_CREATE_REPO,
 		RepoID:       repo.ID,
 		RepoUserName: repo.Owner.Name,
 		RepoName:     repo.Name,
 		IsPrivate:    repo.IsPrivate,
 	}); err != nil {
-		return fmt.Errorf("notify watchers '%d/%s': %v", u.Id, repo.ID, err)
+		return fmt.Errorf("notify watchers '%d/%d': %v", u.Id, repo.ID, err)
 	}

 	log.Trace("action.newRepoAction: %s/%s", u.Name, repo.Name)
@@ -164,7 +203,7 @@ func renameRepoAction(e Engine, actUser *User, oldRepoName string, repo *Reposit
 		ActUserID:    actUser.Id,
 		ActUserName:  actUser.Name,
 		ActEmail:     actUser.Email,
-		OpType:       RENAME_REPO,
+		OpType:       ACTION_RENAME_REPO,
 		RepoID:       repo.ID,
 		RepoUserName: repo.Owner.Name,
 		RepoName:     repo.Name,
@@ -187,8 +226,70 @@ func issueIndexTrimRight(c rune) bool {
 	return !unicode.IsDigit(c)
 }

+type PushCommit struct {
+	Sha1        string
+	Message     string
+	AuthorEmail string
+	AuthorName  string
+}
+
+type PushCommits struct {
+	Len        int
+	Commits    []*PushCommit
+	CompareUrl string
+
+	avatars map[string]string
+}
+
+func NewPushCommits() *PushCommits {
+	return &PushCommits{
+		avatars: make(map[string]string),
+	}
+}
+
+func (pc *PushCommits) ToApiPayloadCommits(repoLink string) []*api.PayloadCommit {
+	commits := make([]*api.PayloadCommit, len(pc.Commits))
+	for i, cmt := range pc.Commits {
+		author_username := ""
+		author, err := GetUserByEmail(cmt.AuthorEmail)
+		if err == nil {
+			author_username = author.Name
+		}
+		commits[i] = &api.PayloadCommit{
+			ID:      cmt.Sha1,
+			Message: cmt.Message,
+			URL:     fmt.Sprintf("%s/commit/%s", repoLink, cmt.Sha1),
+			Author: &api.PayloadAuthor{
+				Name:     cmt.AuthorName,
+				Email:    cmt.AuthorEmail,
+				UserName: author_username,
+			},
+		}
+	}
+	return commits
+}
+
+// AvatarLink tries to match user in database with e-mail
+// in order to show custom avatar, and falls back to general avatar link.
+func (push *PushCommits) AvatarLink(email string) string {
+	_, ok := push.avatars[email]
+	if !ok {
+		u, err := GetUserByEmail(email)
+		if err != nil {
+			push.avatars[email] = base.AvatarLink(email)
+			if !IsErrUserNotExist(err) {
+				log.Error(4, "GetUserByEmail: %v", err)
+			}
+		} else {
+			push.avatars[email] = u.AvatarLink()
+		}
+	}
+
+	return push.avatars[email]
+}
+
 // updateIssuesCommit checks if issues are manipulated by commit message.
-func updateIssuesCommit(u *User, repo *Repository, repoUserName, repoName string, commits []*base.PushCommit) error {
+func updateIssuesCommit(u *User, repo *Repository, repoUserName, repoName string, commits []*PushCommit) error {
 	// Commits are appended in the reverse order.
 	for i := len(commits) - 1; i >= 0; i-- {
 		c := commits[i]
@@ -322,7 +423,7 @@ func CommitRepoAction(
 	repoID int64,
 	repoUserName, repoName string,
 	refFullName string,
-	commit *base.PushCommits,
+	commit *PushCommits,
 	oldCommitID string, newCommitID string) error {

 	u, err := GetUserByID(userID)
@@ -337,26 +438,26 @@ func CommitRepoAction(
 		return fmt.Errorf("GetOwner: %v", err)
 	}

+	// Change repository bare status and update last updated time.
+	repo.IsBare = false
+	if err = UpdateRepository(repo, false); err != nil {
+		return fmt.Errorf("UpdateRepository: %v", err)
+	}
+
 	isNewBranch := false
-	opType := COMMIT_REPO
+	opType := ACTION_COMMIT_REPO
 	// Check it's tag push or branch.
 	if strings.HasPrefix(refFullName, "refs/tags/") {
-		opType = PUSH_TAG
-		commit = &base.PushCommits{}
+		opType = ACTION_PUSH_TAG
+		commit = &PushCommits{}
 	} else {
 		// if not the first commit, set the compareUrl
 		if !strings.HasPrefix(oldCommitID, "0000000") {
-			commit.CompareUrl = fmt.Sprintf("%s/%s/compare/%s...%s", repoUserName, repoName, oldCommitID, newCommitID)
+			commit.CompareUrl = repo.ComposeCompareURL(oldCommitID, newCommitID)
 		} else {
 			isNewBranch = true
 		}

-		// Change repository bare status and update last updated time.
-		repo.IsBare = false
-		if err = UpdateRepository(repo, false); err != nil {
-			return fmt.Errorf("UpdateRepository: %v", err)
-		}
-
 		if err = updateIssuesCommit(u, repo, repoUserName, repoName, commit.Commits); err != nil {
 			log.Error(4, "updateIssuesCommit: %v", err)
 		}
@@ -386,24 +487,9 @@ func CommitRepoAction(
 		IsPrivate:    repo.IsPrivate,
 	}); err != nil {
 		return fmt.Errorf("NotifyWatchers: %v", err)
-
 	}

-	repoLink := fmt.Sprintf("%s%s/%s", setting.AppUrl, repoUserName, repoName)
-	payloadRepo := &api.PayloadRepo{
-		ID:          repo.ID,
-		Name:        repo.LowerName,
-		URL:         repoLink,
-		Description: repo.Description,
-		Website:     repo.Website,
-		Watchers:    repo.NumWatches,
-		Owner: &api.PayloadAuthor{
-			Name:     repo.Owner.DisplayName(),
-			Email:    repo.Owner.Email,
-			UserName: repo.Owner.Name,
-		},
-		Private: repo.IsPrivate,
-	}
+	payloadRepo := repo.ComposePayload()

 	pusher_email, pusher_name := "", ""
 	pusher, err := GetUserByName(userName)
@@ -414,35 +500,17 @@ func CommitRepoAction(
 	payloadSender := &api.PayloadUser{
 		UserName:  pusher.Name,
 		ID:        pusher.Id,
-		AvatarUrl: setting.AppUrl + pusher.RelAvatarLink(),
+		AvatarUrl: pusher.AvatarLink(),
 	}

 	switch opType {
-	case COMMIT_REPO: // Push
-		commits := make([]*api.PayloadCommit, len(commit.Commits))
-		for i, cmt := range commit.Commits {
-			author_username := ""
-			author, err := GetUserByEmail(cmt.AuthorEmail)
-			if err == nil {
-				author_username = author.Name
-			}
-			commits[i] = &api.PayloadCommit{
-				ID:      cmt.Sha1,
-				Message: cmt.Message,
-				URL:     fmt.Sprintf("%s/commit/%s", repoLink, cmt.Sha1),
-				Author: &api.PayloadAuthor{
-					Name:     cmt.AuthorName,
-					Email:    cmt.AuthorEmail,
-					UserName: author_username,
-				},
-			}
-		}
+	case ACTION_COMMIT_REPO: // Push
 		p := &api.PushPayload{
 			Ref:        refFullName,
 			Before:     oldCommitID,
 			After:      newCommitID,
 			CompareUrl: setting.AppUrl + commit.CompareUrl,
-			Commits:    commits,
+			Commits:    commit.ToApiPayloadCommits(repo.FullRepoLink()),
 			Repo:       payloadRepo,
 			Pusher: &api.PayloadAuthor{
 				Name:     pusher_name,
@@ -464,7 +532,7 @@ func CommitRepoAction(
 			})
 		}

-	case PUSH_TAG: // Create
+	case ACTION_PUSH_TAG: // Create
 		return PrepareWebhooks(repo, HOOK_EVENT_CREATE, &api.CreatePayload{
 			Ref:     refName,
 			RefType: "tag",
@@ -481,14 +549,14 @@ func transferRepoAction(e Engine, actUser, oldOwner, newOwner *User, repo *Repos
 		ActUserID:    actUser.Id,
 		ActUserName:  actUser.Name,
 		ActEmail:     actUser.Email,
-		OpType:       TRANSFER_REPO,
+		OpType:       ACTION_TRANSFER_REPO,
 		RepoID:       repo.ID,
 		RepoUserName: newOwner.Name,
 		RepoName:     repo.Name,
 		IsPrivate:    repo.IsPrivate,
 		Content:      path.Join(oldOwner.LowerName, repo.LowerName),
 	}); err != nil {
-		return fmt.Errorf("notify watchers '%d/%s': %v", actUser.Id, repo.ID, err)
+		return fmt.Errorf("notify watchers '%d/%d': %v", actUser.Id, repo.ID, err)
 	}

 	// Remove watch for organization.
@@ -512,7 +580,7 @@ func mergePullRequestAction(e Engine, actUser *User, repo *Repository, pull *Iss
 		ActUserID:    actUser.Id,
 		ActUserName:  actUser.Name,
 		ActEmail:     actUser.Email,
-		OpType:       MERGE_PULL_REQUEST,
+		OpType:       ACTION_MERGE_PULL_REQUEST,
 		Content:      fmt.Sprintf("%d|%s", pull.Index, pull.Name),
 		RepoID:       repo.ID,
 		RepoUserName: repo.Owner.Name,
@@ -527,12 +595,29 @@ func MergePullRequestAction(actUser *User, repo *Repository, pull *Issue) error
 }

 // GetFeeds returns action list of given user in given context.
-func GetFeeds(uid, offset int64, isProfile bool) ([]*Action, error) {
+// userID is the user who's requesting, ctxUserID is the user/org that is requested.
+// userID can be -1, if isProfile is true or in order to skip the permission check.
+func GetFeeds(ctxUserID, userID, offset int64, isProfile bool) ([]*Action, error) {
 	actions := make([]*Action, 0, 20)
-	sess := x.Limit(20, int(offset)).Desc("id").Where("user_id=?", uid)
+	sess := x.Limit(20, int(offset)).Desc("id").Where("user_id=?", ctxUserID)
 	if isProfile {
-		sess.And("is_private=?", false).And("act_user_id=?", uid)
+		sess.And("is_private=?", false).And("act_user_id=?", ctxUserID)
+	} else if ctxUserID != -1 {
+		ctxUser := &User{Id: ctxUserID}
+		if err := ctxUser.GetUserRepositories(userID); err != nil {
+			return nil, err
+		}
+
+		var repoIDs []int64
+		for _, repo := range ctxUser.Repos {
+			repoIDs = append(repoIDs, repo.ID)
+		}
+
+		if len(repoIDs) > 0 {
+			sess.In("repo_id", repoIDs)
+		}
 	}
+
 	err := sess.Find(&actions)
 	return actions, err
 }
--- a/models/admin.go
+++ b/models/admin.go
@@ -5,9 +5,17 @@
 package models

 import (
+	"fmt"
+	"os"
+	"os/exec"
+	"strings"
 	"time"

 	"github.com/Unknwon/com"
+
+	"github.com/gogits/gogs/modules/base"
+	"github.com/gogits/gogs/modules/log"
+	"github.com/gogits/gogs/modules/setting"
 )

 type NoticeType int
@@ -18,7 +26,7 @@ const (

 // Notice represents a system notice for admin.
 type Notice struct {
-	Id          int64
+	ID          int64 `xorm:"pk autoincr"`
 	Type        NoticeType
 	Description string    `xorm:"TEXT"`
 	Created     time.Time `xorm:"CREATED"`
@@ -44,6 +52,25 @@ func CreateRepositoryNotice(desc string) error {
 	return CreateNotice(NOTICE_REPOSITORY, desc)
 }

+// RemoveAllWithNotice removes all directories in given path and
+// creates a system notice when error occurs.
+func RemoveAllWithNotice(title, path string) {
+	var err error
+	if setting.IsWindows {
+		err = exec.Command("cmd", "/C", "rmdir", "/S", "/Q", path).Run()
+	} else {
+		err = os.RemoveAll(path)
+	}
+
+	if err != nil {
+		desc := fmt.Sprintf("%s [%s]: %v", title, path, err)
+		log.Warn(desc)
+		if err = CreateRepositoryNotice(desc); err != nil {
+			log.Error(4, "CreateRepositoryNotice: %v", err)
+		}
+	}
+}
+
 // CountNotices returns number of notices.
 func CountNotices() int64 {
 	count, _ := x.Count(new(Notice))
@@ -61,3 +88,22 @@ func DeleteNotice(id int64) error {
 	_, err := x.Id(id).Delete(new(Notice))
 	return err
 }
+
+// DeleteNotices deletes all notices with ID from start to end (inclusive).
+func DeleteNotices(start, end int64) error {
+	sess := x.Where("id >= ?", start)
+	if end > 0 {
+		sess.And("id <= ?", end)
+	}
+	_, err := sess.Delete(new(Notice))
+	return err
+}
+
+// DeleteNoticesByIDs deletes notices by given IDs.
+func DeleteNoticesByIDs(ids []int64) error {
+	if len(ids) == 0 {
+		return nil
+	}
+	_, err := x.Where("id IN (" + strings.Join(base.Int64sToStrings(ids), ",") + ")").Delete(new(Notice))
+	return err
+}
--- a/models/cron/cron.go
+++ b/models/cron/cron.go
@@ -1,59 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cron
-
-import (
-	"time"
-
-	"github.com/gogits/gogs/models"
-	"github.com/gogits/gogs/modules/cron"
-	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/setting"
-)
-
-var c = cron.New()
-
-func NewContext() {
-	var (
-		entry *cron.Entry
-		err   error
-	)
-	if setting.Cron.UpdateMirror.Enabled {
-		entry, err = c.AddFunc("Update mirrors", setting.Cron.UpdateMirror.Schedule, models.MirrorUpdate)
-		if err != nil {
-			log.Fatal(4, "Cron[Update mirrors]: %v", err)
-		}
-		if setting.Cron.UpdateMirror.RunAtStart {
-			entry.Prev = time.Now()
-			go models.MirrorUpdate()
-		}
-	}
-	if setting.Cron.RepoHealthCheck.Enabled {
-		entry, err = c.AddFunc("Repository health check", setting.Cron.RepoHealthCheck.Schedule, models.GitFsck)
-		if err != nil {
-			log.Fatal(4, "Cron[Repository health check]: %v", err)
-		}
-		if setting.Cron.RepoHealthCheck.RunAtStart {
-			entry.Prev = time.Now()
-			go models.GitFsck()
-		}
-	}
-	if setting.Cron.CheckRepoStats.Enabled {
-		entry, err = c.AddFunc("Check repository statistics", setting.Cron.CheckRepoStats.Schedule, models.CheckRepoStats)
-		if err != nil {
-			log.Fatal(4, "Cron[Check repository statistics]: %v", err)
-		}
-		if setting.Cron.CheckRepoStats.RunAtStart {
-			entry.Prev = time.Now()
-			go models.CheckRepoStats()
-		}
-	}
-	c.Start()
-}
-
-// ListTasks returns all running cron tasks.
-func ListTasks() []*cron.Entry {
-	return c.Entries()
-}
--- a/models/error.go
+++ b/models/error.go
@@ -18,7 +18,7 @@ func IsErrNameReserved(err error) bool {
 }

 func (err ErrNameReserved) Error() string {
-	return fmt.Sprintf("name is reserved: [name: %s]", err.Name)
+	return fmt.Sprintf("name is reserved [name: %s]", err.Name)
 }

 type ErrNamePatternNotAllowed struct {
@@ -31,7 +31,7 @@ func IsErrNamePatternNotAllowed(err error) bool {
 }

 func (err ErrNamePatternNotAllowed) Error() string {
-	return fmt.Sprintf("name pattern is not allowed: [pattern: %s]", err.Pattern)
+	return fmt.Sprintf("name pattern is not allowed [pattern: %s]", err.Pattern)
 }

 //  ____ ___
@@ -51,7 +51,7 @@ func IsErrUserAlreadyExist(err error) bool {
 }

 func (err ErrUserAlreadyExist) Error() string {
-	return fmt.Sprintf("user already exists: [name: %s]", err.Name)
+	return fmt.Sprintf("user already exists [name: %s]", err.Name)
 }

 type ErrUserNotExist struct {
@@ -65,7 +65,7 @@ func IsErrUserNotExist(err error) bool {
 }

 func (err ErrUserNotExist) Error() string {
-	return fmt.Sprintf("user does not exist: [uid: %d, name: %s]", err.UID, err.Name)
+	return fmt.Sprintf("user does not exist [uid: %d, name: %s]", err.UID, err.Name)
 }

 type ErrEmailAlreadyUsed struct {
@@ -78,7 +78,7 @@ func IsErrEmailAlreadyUsed(err error) bool {
 }

 func (err ErrEmailAlreadyUsed) Error() string {
-	return fmt.Sprintf("e-mail has been used: [email: %s]", err.Email)
+	return fmt.Sprintf("e-mail has been used [email: %s]", err.Email)
 }

 type ErrUserOwnRepos struct {
@@ -91,7 +91,7 @@ func IsErrUserOwnRepos(err error) bool {
 }

 func (err ErrUserOwnRepos) Error() string {
-	return fmt.Sprintf("user still has ownership of repositories: [uid: %d]", err.UID)
+	return fmt.Sprintf("user still has ownership of repositories [uid: %d]", err.UID)
 }

 type ErrUserHasOrgs struct {
@@ -104,7 +104,40 @@ func IsErrUserHasOrgs(err error) bool {
 }

 func (err ErrUserHasOrgs) Error() string {
-	return fmt.Sprintf("user still has membership of organizations: [uid: %d]", err.UID)
+	return fmt.Sprintf("user still has membership of organizations [uid: %d]", err.UID)
+}
+
+type ErrReachLimitOfRepo struct {
+	Limit int
+}
+
+func IsErrReachLimitOfRepo(err error) bool {
+	_, ok := err.(ErrReachLimitOfRepo)
+	return ok
+}
+
+func (err ErrReachLimitOfRepo) Error() string {
+	return fmt.Sprintf("user has reached maximum limit of repositories [limit: %d]", err.Limit)
+}
+
+//  __      __.__ __   .__
+// /  \    /  \__|  | _|__|
+// \   \/\/   /  |  |/ /  |
+//  \        /|  |    <|  |
+//   \__/\  / |__|__|_ \__|
+//        \/          \/
+
+type ErrWikiAlreadyExist struct {
+	Title string
+}
+
+func IsErrWikiAlreadyExist(err error) bool {
+	_, ok := err.(ErrWikiAlreadyExist)
+	return ok
+}
+
+func (err ErrWikiAlreadyExist) Error() string {
+	return fmt.Sprintf("wiki page already exists [title: %s]", err.Title)
 }

 // __________     ___.   .__  .__          ____  __.
@@ -114,6 +147,19 @@ func (err ErrUserHasOrgs) Error() string {
 //  |____|   |____/|___  /____/__|\___  > |____|__ \___  > ____|
 //                     \/             \/          \/   \/\/

+type ErrKeyUnableVerify struct {
+	Result string
+}
+
+func IsErrKeyUnableVerify(err error) bool {
+	_, ok := err.(ErrKeyUnableVerify)
+	return ok
+}
+
+func (err ErrKeyUnableVerify) Error() string {
+	return fmt.Sprintf("Unable to verify key content [result: %s]", err.Result)
+}
+
 type ErrKeyNotExist struct {
 	ID int64
 }
@@ -124,7 +170,7 @@ func IsErrKeyNotExist(err error) bool {
 }

 func (err ErrKeyNotExist) Error() string {
-	return fmt.Sprintf("public key does not exist: [id: %d]", err.ID)
+	return fmt.Sprintf("public key does not exist [id: %d]", err.ID)
 }

 type ErrKeyAlreadyExist struct {
@@ -138,7 +184,7 @@ func IsErrKeyAlreadyExist(err error) bool {
 }

 func (err ErrKeyAlreadyExist) Error() string {
-	return fmt.Sprintf("public key already exists: [owner_id: %d, content: %s]", err.OwnerID, err.Content)
+	return fmt.Sprintf("public key already exists [owner_id: %d, content: %s]", err.OwnerID, err.Content)
 }

 type ErrKeyNameAlreadyUsed struct {
@@ -152,7 +198,38 @@ func IsErrKeyNameAlreadyUsed(err error) bool {
 }

 func (err ErrKeyNameAlreadyUsed) Error() string {
-	return fmt.Sprintf("public key already exists: [owner_id: %d, name: %s]", err.OwnerID, err.Name)
+	return fmt.Sprintf("public key already exists [owner_id: %d, name: %s]", err.OwnerID, err.Name)
+}
+
+type ErrKeyAccessDenied struct {
+	UserID int64
+	KeyID  int64
+	Note   string
+}
+
+func IsErrKeyAccessDenied(err error) bool {
+	_, ok := err.(ErrKeyAccessDenied)
+	return ok
+}
+
+func (err ErrKeyAccessDenied) Error() string {
+	return fmt.Sprintf("user does not have access to the key [user_id: %d, key_id: %d, note: %s]",
+		err.UserID, err.KeyID, err.Note)
+}
+
+type ErrDeployKeyNotExist struct {
+	ID     int64
+	KeyID  int64
+	RepoID int64
+}
+
+func IsErrDeployKeyNotExist(err error) bool {
+	_, ok := err.(ErrDeployKeyNotExist)
+	return ok
+}
+
+func (err ErrDeployKeyNotExist) Error() string {
+	return fmt.Sprintf("Deploy key does not exist [id: %d, key_id: %d, repo_id: %d]", err.ID, err.KeyID, err.RepoID)
 }

 type ErrDeployKeyAlreadyExist struct {
@@ -166,7 +243,7 @@ func IsErrDeployKeyAlreadyExist(err error) bool {
 }

 func (err ErrDeployKeyAlreadyExist) Error() string {
-	return fmt.Sprintf("public key already exists: [key_id: %d, repo_id: %d]", err.KeyID, err.RepoID)
+	return fmt.Sprintf("public key already exists [key_id: %d, repo_id: %d]", err.KeyID, err.RepoID)
 }

 type ErrDeployKeyNameAlreadyUsed struct {
@@ -180,7 +257,7 @@ func IsErrDeployKeyNameAlreadyUsed(err error) bool {
 }

 func (err ErrDeployKeyNameAlreadyUsed) Error() string {
-	return fmt.Sprintf("public key already exists: [repo_id: %d, name: %s]", err.RepoID, err.Name)
+	return fmt.Sprintf("public key already exists [repo_id: %d, name: %s]", err.RepoID, err.Name)
 }

 //    _____                                   ___________     __
@@ -200,7 +277,7 @@ func IsErrAccessTokenNotExist(err error) bool {
 }

 func (err ErrAccessTokenNotExist) Error() string {
-	return fmt.Sprintf("access token does not exist: [sha: %s]", err.SHA)
+	return fmt.Sprintf("access token does not exist [sha: %s]", err.SHA)
 }

 // ________                            .__                __  .__
@@ -220,7 +297,7 @@ func IsErrLastOrgOwner(err error) bool {
 }

 func (err ErrLastOrgOwner) Error() string {
-	return fmt.Sprintf("user is the last member of owner team: [uid: %d]", err.UID)
+	return fmt.Sprintf("user is the last member of owner team [uid: %d]", err.UID)
 }

 // __________                           .__  __
@@ -259,6 +336,82 @@ func (err ErrRepoAlreadyExist) Error() string {
 	return fmt.Sprintf("repository already exists [uname: %s, name: %s]", err.Uname, err.Name)
 }

+type ErrInvalidCloneAddr struct {
+	IsURLError         bool
+	IsInvalidPath      bool
+	IsPermissionDenied bool
+}
+
+func IsErrInvalidCloneAddr(err error) bool {
+	_, ok := err.(ErrInvalidCloneAddr)
+	return ok
+}
+
+func (err ErrInvalidCloneAddr) Error() string {
+	return fmt.Sprintf("invalid clone address [is_url_error: %v, is_invalid_path: %v, is_permission_denied: %v]",
+		err.IsURLError, err.IsInvalidPath, err.IsPermissionDenied)
+}
+
+type ErrUpdateTaskNotExist struct {
+	UUID string
+}
+
+func IsErrUpdateTaskNotExist(err error) bool {
+	_, ok := err.(ErrUpdateTaskNotExist)
+	return ok
+}
+
+func (err ErrUpdateTaskNotExist) Error() string {
+	return fmt.Sprintf("update task does not exist [uuid: %s]", err.UUID)
+}
+
+type ErrReleaseAlreadyExist struct {
+	TagName string
+}
+
+func IsErrReleaseAlreadyExist(err error) bool {
+	_, ok := err.(ErrReleaseAlreadyExist)
+	return ok
+}
+
+func (err ErrReleaseAlreadyExist) Error() string {
+	return fmt.Sprintf("Release tag already exist [tag_name: %s]", err.TagName)
+}
+
+type ErrReleaseNotExist struct {
+	ID      int64
+	TagName string
+}
+
+func IsErrReleaseNotExist(err error) bool {
+	_, ok := err.(ErrReleaseNotExist)
+	return ok
+}
+
+func (err ErrReleaseNotExist) Error() string {
+	return fmt.Sprintf("Release tag does not exist [id: %d, tag_name: %s]", err.ID, err.TagName)
+}
+
+// __________                             .__
+// \______   \____________    ____   ____ |  |__
+//  |    |  _/\_  __ \__  \  /    \_/ ___\|  |  \
+//  |    |   \ |  | \// __ \|   |  \  \___|   Y  \
+//  |______  / |__|  (____  /___|  /\___  >___|  /
+//         \/             \/     \/     \/     \/
+
+type ErrBranchNotExist struct {
+	Name string
+}
+
+func IsErrBranchNotExist(err error) bool {
+	_, ok := err.(ErrBranchNotExist)
+	return ok
+}
+
+func (err ErrBranchNotExist) Error() string {
+	return fmt.Sprintf("Branch does not exist [name: %s]", err.Name)
+}
+
 //  __      __      ___.   .__                   __
 // /  \    /  \ ____\_ |__ |  |__   ____   ____ |  | __
 // \   \/\/   // __ \| __ \|  |  \ /  _ \ /  _ \|  |/ /
@@ -310,7 +463,7 @@ func (err ErrIssueNotExist) Error() string {

 type ErrPullRequestNotExist struct {
 	ID         int64
-	PullID     int64
+	IssueID    int64
 	HeadRepoID int64
 	BaseRepoID int64
 	HeadBarcnh string
@@ -323,8 +476,8 @@ func IsErrPullRequestNotExist(err error) bool {
 }

 func (err ErrPullRequestNotExist) Error() string {
-	return fmt.Sprintf("pull request does not exist [id: %d, pull_id: %d, head_repo_id: %d, base_repo_id: %d, head_branch: %s, base_branch: %s]",
-		err.ID, err.PullID, err.HeadRepoID, err.BaseRepoID, err.HeadBarcnh, err.BaseBranch)
+	return fmt.Sprintf("pull request does not exist [id: %d, issue_id: %d, head_repo_id: %d, base_repo_id: %d, head_branch: %s, base_branch: %s]",
+		err.ID, err.IssueID, err.HeadRepoID, err.BaseRepoID, err.HeadBarcnh, err.BaseBranch)
 }

 // _________                                       __
@@ -408,3 +561,44 @@ func IsErrAttachmentNotExist(err error) bool {
 func (err ErrAttachmentNotExist) Error() string {
 	return fmt.Sprintf("attachment does not exist [id: %d, uuid: %s]", err.ID, err.UUID)
 }
+
+//    _____          __  .__                   __  .__               __  .__
+//   /  _  \  __ ___/  |_|  |__   ____   _____/  |_|__| ____ _____ _/  |_|__| ____   ____
+//  /  /_\  \|  |  \   __\  |  \_/ __ \ /    \   __\  |/ ___\\__  \\   __\  |/  _ \ /    \
+// /    |    \  |  /|  | |   Y  \  ___/|   |  \  | |  \  \___ / __ \|  | |  (  <_> )   |  \
+// \____|__  /____/ |__| |___|  /\___  >___|  /__| |__|\___  >____  /__| |__|\____/|___|  /
+//         \/                 \/     \/     \/             \/     \/                    \/
+
+type ErrAuthenticationNotExist struct {
+	ID int64
+}
+
+func IsErrAuthenticationNotExist(err error) bool {
+	_, ok := err.(ErrAuthenticationNotExist)
+	return ok
+}
+
+func (err ErrAuthenticationNotExist) Error() string {
+	return fmt.Sprintf("authentication does not exist [id: %d]", err.ID)
+}
+
+// ___________
+// \__    ___/___ _____    _____
+//   |    |_/ __ \\__  \  /     \
+//   |    |\  ___/ / __ \|  Y Y  \
+//   |____| \___  >____  /__|_|  /
+//              \/     \/      \/
+
+type ErrTeamAlreadyExist struct {
+	OrgID int64
+	Name  string
+}
+
+func IsErrTeamAlreadyExist(err error) bool {
+	_, ok := err.(ErrTeamAlreadyExist)
+	return ok
+}
+
+func (err ErrTeamAlreadyExist) Error() string {
+	return fmt.Sprintf("team already exists [org_id: %d, name: %s]", err.OrgID, err.Name)
+}
--- a/models/git_diff.go
+++ b/models/git_diff.go
@@ -8,46 +8,54 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"html"
+	"html/template"
 	"io"
+	"io/ioutil"
 	"os"
 	"os/exec"
 	"strings"
-	"time"

+	"github.com/Unknwon/com"
+	"github.com/sergi/go-diff/diffmatchpatch"
 	"golang.org/x/net/html/charset"
 	"golang.org/x/text/transform"

-	"github.com/Unknwon/com"
+	"github.com/gogits/git-module"

 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/process"
+	"github.com/gogits/gogs/modules/template/highlight"
 )

-// Diff line types.
+type DiffLineType uint8
+
 const (
-	DIFF_LINE_PLAIN = iota + 1
+	DIFF_LINE_PLAIN DiffLineType = iota + 1
 	DIFF_LINE_ADD
 	DIFF_LINE_DEL
 	DIFF_LINE_SECTION
 )

+type DiffFileType uint8
+
 const (
-	DIFF_FILE_ADD = iota + 1
+	DIFF_FILE_ADD DiffFileType = iota + 1
 	DIFF_FILE_CHANGE
 	DIFF_FILE_DEL
+	DIFF_FILE_RENAME
 )

 type DiffLine struct {
-	LeftIdx  int
-	RightIdx int
-	Type     int
-	Content  string
+	LeftIdx       int
+	RightIdx      int
+	Type          DiffLineType
+	Content       string
 }

-func (d DiffLine) GetType() int {
-	return d.Type
+func (d *DiffLine) GetType() int {
+	return int(d.Type)
 }

 type DiffSection struct {
@@ -55,17 +63,114 @@ type DiffSection struct {
 	Lines []*DiffLine
 }

+var (
+	addedCodePrefix   = []byte("<span class=\"added-code\">")
+	removedCodePrefix = []byte("<span class=\"removed-code\">")
+	codeTagSuffix     = []byte("</span>")
+)
+
+func diffToHTML(diffs []diffmatchpatch.Diff, lineType DiffLineType) template.HTML {
+	var buf bytes.Buffer
+	for i := range diffs {
+		if diffs[i].Type == diffmatchpatch.DiffInsert && lineType == DIFF_LINE_ADD {
+			buf.Write(addedCodePrefix)
+			buf.WriteString(html.EscapeString(diffs[i].Text))
+			buf.Write(codeTagSuffix)
+		} else if diffs[i].Type == diffmatchpatch.DiffDelete && lineType == DIFF_LINE_DEL {
+			buf.Write(removedCodePrefix)
+			buf.WriteString(html.EscapeString(diffs[i].Text))
+			buf.Write(codeTagSuffix)
+		} else if diffs[i].Type == diffmatchpatch.DiffEqual {
+			buf.WriteString(html.EscapeString(diffs[i].Text))
+		}
+	}
+
+	return template.HTML(buf.Bytes())
+}
+
+// get an specific line by type (add or del) and file line number
+func (diffSection *DiffSection) GetLine(lineType DiffLineType, idx int) *DiffLine {
+	difference := 0
+
+	for _, diffLine := range diffSection.Lines {
+		if diffLine.Type == DIFF_LINE_PLAIN {
+			// get the difference of line numbers between ADD and DEL versions
+			difference = diffLine.RightIdx - diffLine.LeftIdx
+			continue
+		}
+
+		if lineType == DIFF_LINE_DEL {
+			if diffLine.RightIdx == 0 && diffLine.LeftIdx == idx-difference {
+				return diffLine
+			}
+		} else if lineType == DIFF_LINE_ADD {
+			if diffLine.LeftIdx == 0 && diffLine.RightIdx == idx+difference {
+				return diffLine
+			}
+		}
+	}
+	return nil
+}
+
+// computes inline diff for the given line
+func (diffSection *DiffSection) GetComputedInlineDiffFor(diffLine *DiffLine) template.HTML {
+	var compareDiffLine *DiffLine
+	var diff1, diff2 string
+
+	getDefaultReturn := func() template.HTML {
+		return template.HTML(html.EscapeString(diffLine.Content[1:]))
+	}
+
+	// just compute diff for adds and removes
+	if diffLine.Type != DIFF_LINE_ADD && diffLine.Type != DIFF_LINE_DEL {
+		return getDefaultReturn()
+	}
+
+	// try to find equivalent diff line. ignore, otherwise
+	if diffLine.Type == DIFF_LINE_ADD {
+		compareDiffLine = diffSection.GetLine(DIFF_LINE_DEL, diffLine.RightIdx)
+		if compareDiffLine == nil {
+			return getDefaultReturn()
+		}
+		diff1 = compareDiffLine.Content
+		diff2 = diffLine.Content
+	} else {
+		compareDiffLine = diffSection.GetLine(DIFF_LINE_ADD, diffLine.LeftIdx)
+		if compareDiffLine == nil {
+			return getDefaultReturn()
+		}
+		diff1 = diffLine.Content
+		diff2 = compareDiffLine.Content
+	}
+
+	dmp := diffmatchpatch.New()
+	diffRecord := dmp.DiffMain(diff1[1:], diff2[1:], true)
+	diffRecord = dmp.DiffCleanupSemantic(diffRecord)
+
+	return diffToHTML(diffRecord, diffLine.Type)
+}
+
 type DiffFile struct {
 	Name               string
+	OldName            string
 	Index              int
 	Addition, Deletion int
-	Type               int
+	Type               DiffFileType
 	IsCreated          bool
 	IsDeleted          bool
 	IsBin              bool
+	IsRenamed          bool
 	Sections           []*DiffSection
 }

+func (diffFile *DiffFile) GetType() int {
+	return int(diffFile.Type)
+}
+
+func (diffFile *DiffFile) GetHighlightClass() string {
+	return highlight.FileNameToHighlightClass(diffFile.Name)
+}
+
 type Diff struct {
 	TotalAddition, TotalDeletion int
 	Files                        []*DiffFile
@@ -77,39 +182,54 @@ func (diff *Diff) NumFiles() int {

 const DIFF_HEAD = "diff --git "

-func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff, error) {
-	scanner := bufio.NewScanner(reader)
+func ParsePatch(maxlines int, reader io.Reader) (*Diff, error) {
 	var (
+		diff = &Diff{Files: make([]*DiffFile, 0)}
+
 		curFile    *DiffFile
 		curSection = &DiffSection{
 			Lines: make([]*DiffLine, 0, 10),
 		}

 		leftLine, rightLine int
-		isTooLong           bool
-		// FIXME: Should use cache in the future.
-		buf bytes.Buffer
+		lineCount           int
 	)

-	diff := &Diff{Files: make([]*DiffFile, 0)}
-	var i int
-	for scanner.Scan() {
-		line := scanner.Text()
-		// fmt.Println(i, line)
+	input := bufio.NewReader(reader)
+	isEOF := false
+	for {
+		if isEOF {
+			break
+		}
+
+		line, err := input.ReadString('\n')
+		if err != nil {
+			if err == io.EOF {
+				isEOF = true
+			} else {
+				return nil, fmt.Errorf("ReadString: %v", err)
+			}
+		}
+
+		if len(line) > 0 && line[len(line)-1] == '\n' {
+			// Remove line break.
+			line = line[:len(line)-1]
+		}
+
 		if strings.HasPrefix(line, "+++ ") || strings.HasPrefix(line, "--- ") {
 			continue
-		}
-
-		if line == "" {
+		} else if len(line) == 0 {
 			continue
 		}

-		i = i + 1
+		lineCount++

 		// Diff data too large, we only show the first about maxlines lines
-		if i == maxlines {
-			isTooLong = true
+		if lineCount >= maxlines {
 			log.Warn("Diff data too large")
+			io.Copy(ioutil.Discard, reader)
+			diff.Files = nil
+			return diff, nil
 		}

 		switch {
@@ -120,10 +240,6 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 			curSection.Lines = append(curSection.Lines, diffLine)
 			continue
 		case line[0] == '@':
-			if isTooLong {
-				break
-			}
-
 			curSection = &DiffSection{}
 			curFile.Sections = append(curFile.Sections, curSection)
 			ss := strings.Split(line, "@@")
@@ -162,21 +278,27 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff

 		// Get new file.
 		if strings.HasPrefix(line, DIFF_HEAD) {
-			if isTooLong {
-				break
+			middle := -1
+
+			// Note: In case file name is surrounded by double quotes (it happens only in git-shell).
+			// e.g. diff --git "a/xxx" "b/xxx"
+			hasQuote := line[len(DIFF_HEAD)] == '"'
+			if hasQuote {
+				middle = strings.Index(line, ` "b/`)
+			} else {
+				middle = strings.Index(line, " b/")
 			}

 			beg := len(DIFF_HEAD)
-			a := line[beg : (len(line)-beg)/2+beg]
-
-			// In case file name is surrounded by double quotes(it happens only in git-shell).
-			if a[0] == '"' {
-				a = a[1 : len(a)-1]
-				a = strings.Replace(a, `\"`, `"`, -1)
+			a := line[beg+2 : middle]
+			b := line[middle+3:]
+			if hasQuote {
+				a = string(git.UnescapeChars([]byte(a[1 : len(a)-1])))
+				b = string(git.UnescapeChars([]byte(b[1 : len(b)-1])))
 			}

 			curFile = &DiffFile{
-				Name:     a[strings.Index(a, "/")+1:],
+				Name:     a,
 				Index:    len(diff.Files) + 1,
 				Type:     DIFF_FILE_CHANGE,
 				Sections: make([]*DiffSection, 0, 10),
@@ -184,20 +306,30 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 			diff.Files = append(diff.Files, curFile)

 			// Check file diff type.
-			for scanner.Scan() {
+			for {
+				line, err := input.ReadString('\n')
+				if err != nil {
+					if err == io.EOF {
+						isEOF = true
+					} else {
+						return nil, fmt.Errorf("ReadString: %v", err)
+					}
+				}
+
 				switch {
-				case strings.HasPrefix(scanner.Text(), "new file"):
+				case strings.HasPrefix(line, "new file"):
 					curFile.Type = DIFF_FILE_ADD
-					curFile.IsDeleted = false
 					curFile.IsCreated = true
-				case strings.HasPrefix(scanner.Text(), "deleted"):
+				case strings.HasPrefix(line, "deleted"):
 					curFile.Type = DIFF_FILE_DEL
-					curFile.IsCreated = false
 					curFile.IsDeleted = true
-				case strings.HasPrefix(scanner.Text(), "index"):
+				case strings.HasPrefix(line, "index"):
 					curFile.Type = DIFF_FILE_CHANGE
-					curFile.IsCreated = false
-					curFile.IsDeleted = false
+				case strings.HasPrefix(line, "similarity index 100%"):
+					curFile.Type = DIFF_FILE_RENAME
+					curFile.IsRenamed = true
+					curFile.OldName = curFile.Name
+					curFile.Name = b
 				}
 				if curFile.Type > 0 {
 					break
@@ -206,6 +338,8 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 		}
 	}

+	// FIXME: detect encoding while parsing.
+	var buf bytes.Buffer
 	for _, f := range diff.Files {
 		buf.Reset()
 		for _, sec := range f.Sections {
@@ -232,61 +366,55 @@ func ParsePatch(pid int64, maxlines int, cmd *exec.Cmd, reader io.Reader) (*Diff
 	return diff, nil
 }

-func GetDiffRange(repoPath, beforeCommitId string, afterCommitId string, maxlines int) (*Diff, error) {
+func GetDiffRange(repoPath, beforeCommitID string, afterCommitID string, maxlines int) (*Diff, error) {
 	repo, err := git.OpenRepository(repoPath)
 	if err != nil {
 		return nil, err
 	}

-	commit, err := repo.GetCommit(afterCommitId)
+	commit, err := repo.GetCommit(afterCommitID)
 	if err != nil {
 		return nil, err
 	}

-	rd, wr := io.Pipe()
 	var cmd *exec.Cmd
 	// if "after" commit given
-	if beforeCommitId == "" {
+	if len(beforeCommitID) == 0 {
 		// First commit of repository.
 		if commit.ParentCount() == 0 {
-			cmd = exec.Command("git", "show", afterCommitId)
+			cmd = exec.Command("git", "show", afterCommitID)
 		} else {
 			c, _ := commit.Parent(0)
-			cmd = exec.Command("git", "diff", c.Id.String(), afterCommitId)
+			cmd = exec.Command("git", "diff", "-M", c.ID.String(), afterCommitID)
 		}
 	} else {
-		cmd = exec.Command("git", "diff", beforeCommitId, afterCommitId)
+		cmd = exec.Command("git", "diff", "-M", beforeCommitID, afterCommitID)
 	}
 	cmd.Dir = repoPath
-	cmd.Stdout = wr
-	cmd.Stdin = os.Stdin
 	cmd.Stderr = os.Stderr

-	done := make(chan error)
-	go func() {
-		cmd.Start()
-		done <- cmd.Wait()
-		wr.Close()
-	}()
-	defer rd.Close()
+	stdout, err := cmd.StdoutPipe()
+	if err != nil {
+		return nil, fmt.Errorf("StdoutPipe: %v", err)
+	}

-	desc := fmt.Sprintf("GetDiffRange(%s)", repoPath)
-	pid := process.Add(desc, cmd)
-	go func() {
-		// In case process became zombie.
-		select {
-		case <-time.After(5 * time.Minute):
-			if errKill := process.Kill(pid); errKill != nil {
-				log.Error(4, "git_diff.ParsePatch(Kill): %v", err)
-			}
-			<-done
-			// return "", ErrExecTimeout.Error(), ErrExecTimeout
-		case err = <-done:
-			process.Remove(pid)
-		}
-	}()
+	if err = cmd.Start(); err != nil {
+		return nil, fmt.Errorf("Start: %v", err)
+	}

-	return ParsePatch(pid, maxlines, cmd, rd)
+	pid := process.Add(fmt.Sprintf("GetDiffRange (%s)", repoPath), cmd)
+	defer process.Remove(pid)
+
+	diff, err := ParsePatch(maxlines, stdout)
+	if err != nil {
+		return nil, fmt.Errorf("ParsePatch: %v", err)
+	}
+
+	if err = cmd.Wait(); err != nil {
+		return nil, fmt.Errorf("Wait: %v", err)
+	}
+
+	return diff, nil
 }

 func GetDiffCommit(repoPath, commitId string, maxlines int) (*Diff, error) {
--- a/models/git_diff_test.go
+++ b/models/git_diff_test.go
@@ -0,0 +1,70 @@
+package models
+
+import (
+	dmp "github.com/sergi/go-diff/diffmatchpatch"
+	"html/template"
+	"testing"
+)
+
+func assertEqual(t *testing.T, s1 string, s2 template.HTML) {
+	if s1 != string(s2) {
+		t.Errorf("%s should be equal %s", s2, s1)
+	}
+}
+
+func assertLineEqual(t *testing.T, d1 *DiffLine, d2 *DiffLine) {
+	if d1 != d2 {
+		t.Errorf("%v should be equal %v", d1, d2)
+	}
+}
+
+func TestDiffToHTML(t *testing.T) {
+	assertEqual(t, "foo <span class=\"added-code\">bar</span> biz", diffToHTML([]dmp.Diff{
+		dmp.Diff{dmp.DiffEqual, "foo "},
+		dmp.Diff{dmp.DiffInsert, "bar"},
+		dmp.Diff{dmp.DiffDelete, " baz"},
+		dmp.Diff{dmp.DiffEqual, " biz"},
+	}, DIFF_LINE_ADD))
+
+	assertEqual(t, "foo <span class=\"removed-code\">bar</span> biz", diffToHTML([]dmp.Diff{
+		dmp.Diff{dmp.DiffEqual, "foo "},
+		dmp.Diff{dmp.DiffDelete, "bar"},
+		dmp.Diff{dmp.DiffInsert, " baz"},
+		dmp.Diff{dmp.DiffEqual, " biz"},
+	}, DIFF_LINE_DEL))
+}
+
+// test if GetLine is return the correct lines
+func TestGetLine(t *testing.T) {
+	ds := DiffSection{Lines: []*DiffLine{
+		&DiffLine{LeftIdx: 28, RightIdx: 28, Type: DIFF_LINE_PLAIN},
+		&DiffLine{LeftIdx: 29, RightIdx: 29, Type: DIFF_LINE_PLAIN},
+		&DiffLine{LeftIdx: 30, RightIdx: 30, Type: DIFF_LINE_PLAIN},
+		&DiffLine{LeftIdx: 31, RightIdx: 0, Type: DIFF_LINE_DEL},
+		&DiffLine{LeftIdx: 0, RightIdx: 31, Type: DIFF_LINE_ADD},
+		&DiffLine{LeftIdx: 0, RightIdx: 32, Type: DIFF_LINE_ADD},
+		&DiffLine{LeftIdx: 32, RightIdx: 33, Type: DIFF_LINE_PLAIN},
+		&DiffLine{LeftIdx: 33, RightIdx: 0, Type: DIFF_LINE_DEL},
+		&DiffLine{LeftIdx: 34, RightIdx: 0, Type: DIFF_LINE_DEL},
+		&DiffLine{LeftIdx: 35, RightIdx: 0, Type: DIFF_LINE_DEL},
+		&DiffLine{LeftIdx: 36, RightIdx: 0, Type: DIFF_LINE_DEL},
+		&DiffLine{LeftIdx: 0, RightIdx: 34, Type: DIFF_LINE_ADD},
+		&DiffLine{LeftIdx: 0, RightIdx: 35, Type: DIFF_LINE_ADD},
+		&DiffLine{LeftIdx: 0, RightIdx: 36, Type: DIFF_LINE_ADD},
+		&DiffLine{LeftIdx: 0, RightIdx: 37, Type: DIFF_LINE_ADD},
+		&DiffLine{LeftIdx: 37, RightIdx: 38, Type: DIFF_LINE_PLAIN},
+		&DiffLine{LeftIdx: 38, RightIdx: 39, Type: DIFF_LINE_PLAIN},
+	}}
+
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_ADD, 31), ds.Lines[4])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_DEL, 31), ds.Lines[3])
+
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_ADD, 33), ds.Lines[11])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_ADD, 34), ds.Lines[12])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_ADD, 35), ds.Lines[13])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_ADD, 36), ds.Lines[14])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_DEL, 34), ds.Lines[7])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_DEL, 35), ds.Lines[8])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_DEL, 36), ds.Lines[9])
+	assertLineEqual(t, ds.GetLine(DIFF_LINE_DEL, 37), ds.Lines[10])
+}
--- a/models/issue.go
+++ b/models/issue.go
@@ -9,7 +9,6 @@ import (
 	"errors"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"mime/multipart"
 	"os"
 	"path"
@@ -18,13 +17,11 @@ import (

 	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
+	gouuid "github.com/satori/go.uuid"

 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/process"
 	"github.com/gogits/gogs/modules/setting"
-	gouuid "github.com/gogits/gogs/modules/uuid"
 )

 var (
@@ -95,15 +92,6 @@ func (i *Issue) AfterSet(colName string, _ xorm.Cell) {
 		if err != nil {
 			log.Error(3, "GetUserByID[%d]: %v", i.ID, err)
 		}
-	case "is_pull":
-		if !i.IsPull {
-			return
-		}
-
-		i.PullRequest, err = GetPullRequestByPullID(i.ID)
-		if err != nil {
-			log.Error(3, "GetPullRequestByPullID[%d]: %v", i.ID, err)
-		}
 	case "created":
 		i.Created = regulateTimeZone(i.Created)
 	}
@@ -236,7 +224,7 @@ func (i *Issue) changeStatus(e *xorm.Session, doer *User, isClosed bool) (err er
 	}
 	i.IsClosed = isClosed

-	if err = updateIssue(e, i); err != nil {
+	if err = updateIssueCols(e, i, "is_closed"); err != nil {
 		return err
 	} else if err = updateIssueUsersByStatus(e, i.ID, isClosed); err != nil {
 		return err
@@ -285,6 +273,15 @@ func (i *Issue) ChangeStatus(doer *User, isClosed bool) (err error) {
 	return sess.Commit()
 }

+func (i *Issue) GetPullRequest() (err error) {
+	if i.PullRequest != nil {
+		return nil
+	}
+
+	i.PullRequest, err = GetPullRequestByIssueID(i.ID)
+	return err
+}
+
 // It's caller's responsibility to create action.
 func newIssue(e *xorm.Session, repo *Repository, issue *Issue, labelIDs []int64, uuids []string, isPull bool) (err error) {
 	if _, err = e.Insert(issue); err != nil {
@@ -367,7 +364,7 @@ func NewIssue(repo *Repository, issue *Issue, labelIDs []int64, uuids []string)
 		ActUserID:    issue.Poster.Id,
 		ActUserName:  issue.Poster.Name,
 		ActEmail:     issue.Poster.Email,
-		OpType:       CREATE_ISSUE,
+		OpType:       ACTION_CREATE_ISSUE,
 		Content:      fmt.Sprintf("%d|%s", issue.Index, issue.Name),
 		RepoID:       repo.ID,
 		RepoUserName: repo.Owner.Name,
@@ -668,6 +665,47 @@ func GetIssueUserPairsByMode(uid, rid int64, isClosed bool, page, filterMode int
 	return ius, err
 }

+func UpdateMentions(userNames []string, issueId int64) error {
+	for i := range userNames {
+		userNames[i] = strings.ToLower(userNames[i])
+	}
+	users := make([]*User, 0, len(userNames))
+
+	if err := x.Where("lower_name IN (?)", strings.Join(userNames, "\",\"")).OrderBy("lower_name ASC").Find(&users); err != nil {
+		return err
+	}
+
+	ids := make([]int64, 0, len(userNames))
+	for _, user := range users {
+		ids = append(ids, user.Id)
+		if !user.IsOrganization() {
+			continue
+		}
+
+		if user.NumMembers == 0 {
+			continue
+		}
+
+		tempIds := make([]int64, 0, user.NumMembers)
+		orgUsers, err := GetOrgUsersByOrgId(user.Id)
+		if err != nil {
+			return err
+		}
+
+		for _, orgUser := range orgUsers {
+			tempIds = append(tempIds, orgUser.ID)
+		}
+
+		ids = append(ids, tempIds...)
+	}
+
+	if err := UpdateIssueUsersByMentions(ids, issueId); err != nil {
+		return err
+	}
+
+	return nil
+}
+
 // IssueStats represents issue statistic information.
 type IssueStats struct {
 	OpenCount, ClosedCount int64
@@ -721,32 +759,28 @@ func GetIssueStats(opts *IssueStatsOptions) *IssueStats {
 	if opts.AssigneeID > 0 {
 		baseCond += " AND assignee_id=" + com.ToStr(opts.AssigneeID)
 	}
-	if opts.IsPull {
-		baseCond += " AND issue.is_pull=1"
-	} else {
-		baseCond += " AND issue.is_pull=0"
-	}
+	baseCond += " AND issue.is_pull=?"

 	switch opts.FilterMode {
 	case FM_ALL, FM_ASSIGN:
-		results, _ := x.Query(queryStr+baseCond, false)
+		results, _ := x.Query(queryStr+baseCond, false, opts.IsPull)
 		stats.OpenCount = parseCountResult(results)
-		results, _ = x.Query(queryStr+baseCond, true)
+		results, _ = x.Query(queryStr+baseCond, true, opts.IsPull)
 		stats.ClosedCount = parseCountResult(results)

 	case FM_CREATE:
 		baseCond += " AND poster_id=?"
-		results, _ := x.Query(queryStr+baseCond, false, opts.UserID)
+		results, _ := x.Query(queryStr+baseCond, false, opts.IsPull, opts.UserID)
 		stats.OpenCount = parseCountResult(results)
-		results, _ = x.Query(queryStr+baseCond, true, opts.UserID)
+		results, _ = x.Query(queryStr+baseCond, true, opts.IsPull, opts.UserID)
 		stats.ClosedCount = parseCountResult(results)

 	case FM_MENTION:
 		queryStr += " INNER JOIN `issue_user` ON `issue`.id=`issue_user`.issue_id"
 		baseCond += " AND `issue_user`.uid=? AND `issue_user`.is_mentioned=?"
-		results, _ := x.Query(queryStr+baseCond, false, opts.UserID, true)
+		results, _ := x.Query(queryStr+baseCond, false, opts.IsPull, opts.UserID, true)
 		stats.OpenCount = parseCountResult(results)
-		results, _ = x.Query(queryStr+baseCond, true, opts.UserID, true)
+		results, _ = x.Query(queryStr+baseCond, true, opts.IsPull, opts.UserID, true)
 		stats.ClosedCount = parseCountResult(results)
 	}
 	return stats
@@ -821,11 +855,17 @@ func updateIssue(e Engine, issue *Issue) error {
 	return err
 }

-// UpdateIssue updates information of issue.
+// UpdateIssue updates all fields of given issue.
 func UpdateIssue(issue *Issue) error {
 	return updateIssue(x, issue)
 }

+// updateIssueCols updates specific fields of given issue.
+func updateIssueCols(e Engine, issue *Issue, cols ...string) error {
+	_, err := e.Id(issue.ID).Cols(cols...).Update(issue)
+	return err
+}
+
 func updateIssueUsersByStatus(e Engine, issueID int64, isClosed bool) error {
 	_, err := e.Exec("UPDATE `issue_user` SET is_closed=? WHERE issue_id=?", isClosed, issueID)
 	return err
@@ -894,233 +934,6 @@ func UpdateIssueUsersByMentions(uids []int64, iid int64) error {
 	return nil
 }

-// __________      .__  .__ __________                                     __
-// \______   \__ __|  | |  |\______   \ ____  ________ __   ____   _______/  |_
-//  |     ___/  |  \  | |  | |       _// __ \/ ____/  |  \_/ __ \ /  ___/\   __\
-//  |    |   |  |  /  |_|  |_|    |   \  ___< <_|  |  |  /\  ___/ \___ \  |  |
-//  |____|   |____/|____/____/____|_  /\___  >__   |____/  \___  >____  > |__|
-//                                  \/     \/   |__|           \/     \/
-
-type PullRequestType int
-
-const (
-	PULL_REQUEST_GOGS = iota
-	PLLL_ERQUEST_GIT
-)
-
-// PullRequest represents relation between pull request and repositories.
-type PullRequest struct {
-	ID             int64  `xorm:"pk autoincr"`
-	PullID         int64  `xorm:"INDEX"`
-	Pull           *Issue `xorm:"-"`
-	PullIndex      int64
-	HeadRepoID     int64
-	HeadRepo       *Repository `xorm:"-"`
-	BaseRepoID     int64
-	HeadUserName   string
-	HeadBarcnh     string
-	BaseBranch     string
-	MergeBase      string `xorm:"VARCHAR(40)"`
-	MergedCommitID string `xorm:"VARCHAR(40)"`
-	Type           PullRequestType
-	CanAutoMerge   bool
-	HasMerged      bool
-	Merged         time.Time
-	MergerID       int64
-	Merger         *User `xorm:"-"`
-}
-
-func (pr *PullRequest) AfterSet(colName string, _ xorm.Cell) {
-	var err error
-	switch colName {
-	case "head_repo_id":
-		pr.HeadRepo, err = GetRepositoryByID(pr.HeadRepoID)
-		if err != nil {
-			log.Error(3, "GetRepositoryByID[%d]: %v", pr.ID, err)
-		}
-	case "merger_id":
-		if !pr.HasMerged {
-			return
-		}
-
-		pr.Merger, err = GetUserByID(pr.MergerID)
-		if err != nil {
-			if IsErrUserNotExist(err) {
-				pr.MergerID = -1
-				pr.Merger = NewFakeUser()
-			} else {
-				log.Error(3, "GetUserByID[%d]: %v", pr.ID, err)
-			}
-		}
-	case "merged":
-		if !pr.HasMerged {
-			return
-		}
-
-		pr.Merged = regulateTimeZone(pr.Merged)
-	}
-}
-
-// Merge merges pull request to base repository.
-func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository) (err error) {
-	sess := x.NewSession()
-	defer sessionRelease(sess)
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	if err = pr.Pull.changeStatus(sess, doer, true); err != nil {
-		return fmt.Errorf("Pull.changeStatus: %v", err)
-	}
-
-	headRepoPath := RepoPath(pr.HeadUserName, pr.HeadRepo.Name)
-	headGitRepo, err := git.OpenRepository(headRepoPath)
-	if err != nil {
-		return fmt.Errorf("OpenRepository: %v", err)
-	}
-	pr.MergedCommitID, err = headGitRepo.GetCommitIdOfBranch(pr.HeadBarcnh)
-	if err != nil {
-		return fmt.Errorf("GetCommitIdOfBranch: %v", err)
-	}
-
-	if err = mergePullRequestAction(sess, doer, pr.Pull.Repo, pr.Pull); err != nil {
-		return fmt.Errorf("mergePullRequestAction: %v", err)
-	}
-
-	pr.HasMerged = true
-	pr.Merged = time.Now()
-	pr.MergerID = doer.Id
-	if _, err = sess.Id(pr.ID).AllCols().Update(pr); err != nil {
-		return fmt.Errorf("update pull request: %v", err)
-	}
-
-	// Clone base repo.
-	tmpBasePath := path.Join("data/tmp/repos", com.ToStr(time.Now().Nanosecond())+".git")
-	os.MkdirAll(path.Dir(tmpBasePath), os.ModePerm)
-	defer os.RemoveAll(path.Dir(tmpBasePath))
-
-	var stderr string
-	if _, stderr, err = process.ExecTimeout(5*time.Minute,
-		fmt.Sprintf("PullRequest.Merge(git clone): %s", tmpBasePath),
-		"git", "clone", baseGitRepo.Path, tmpBasePath); err != nil {
-		return fmt.Errorf("git clone: %s", stderr)
-	}
-
-	// Check out base branch.
-	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
-		fmt.Sprintf("PullRequest.Merge(git checkout): %s", tmpBasePath),
-		"git", "checkout", pr.BaseBranch); err != nil {
-		return fmt.Errorf("git checkout: %s", stderr)
-	}
-
-	// Pull commits.
-	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
-		fmt.Sprintf("PullRequest.Merge(git pull): %s", tmpBasePath),
-		"git", "pull", headRepoPath, pr.HeadBarcnh); err != nil {
-		return fmt.Errorf("git pull: %s", stderr)
-	}
-
-	// Push back to upstream.
-	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
-		fmt.Sprintf("PullRequest.Merge(git push): %s", tmpBasePath),
-		"git", "push", baseGitRepo.Path, pr.BaseBranch); err != nil {
-		return fmt.Errorf("git push: %s", stderr)
-	}
-
-	return sess.Commit()
-}
-
-// NewPullRequest creates new pull request with labels for repository.
-func NewPullRequest(repo *Repository, pull *Issue, labelIDs []int64, uuids []string, pr *PullRequest, patch []byte) (err error) {
-	sess := x.NewSession()
-	defer sessionRelease(sess)
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	if err = newIssue(sess, repo, pull, labelIDs, uuids, true); err != nil {
-		return fmt.Errorf("newIssue: %v", err)
-	}
-
-	// Notify watchers.
-	act := &Action{
-		ActUserID:    pull.Poster.Id,
-		ActUserName:  pull.Poster.Name,
-		ActEmail:     pull.Poster.Email,
-		OpType:       CREATE_PULL_REQUEST,
-		Content:      fmt.Sprintf("%d|%s", pull.Index, pull.Name),
-		RepoID:       repo.ID,
-		RepoUserName: repo.Owner.Name,
-		RepoName:     repo.Name,
-		IsPrivate:    repo.IsPrivate,
-	}
-	if err = notifyWatchers(sess, act); err != nil {
-		return err
-	}
-
-	// Test apply patch.
-	repoPath, err := repo.RepoPath()
-	if err != nil {
-		return fmt.Errorf("RepoPath: %v", err)
-	}
-	patchPath := path.Join(repoPath, "pulls", com.ToStr(pr.ID)+".patch")
-
-	os.MkdirAll(path.Dir(patchPath), os.ModePerm)
-	if err = ioutil.WriteFile(patchPath, patch, 0644); err != nil {
-		return fmt.Errorf("save patch: %v", err)
-	}
-	defer os.Remove(patchPath)
-
-	stdout, stderr, err := process.ExecDir(-1, repoPath,
-		fmt.Sprintf("NewPullRequest(git apply --check): %d", repo.ID),
-		"git", "apply", "--check", "-v", patchPath)
-	if err != nil {
-		if strings.Contains(stderr, "fatal:") {
-			return fmt.Errorf("git apply --check: %v - %s", err, stderr)
-		}
-	}
-	pr.CanAutoMerge = !strings.Contains(stdout, "error: patch failed:")
-
-	pr.PullID = pull.ID
-	pr.PullIndex = pull.Index
-	if _, err = sess.Insert(pr); err != nil {
-		return fmt.Errorf("insert pull repo: %v", err)
-	}
-
-	return sess.Commit()
-}
-
-// GetUnmergedPullRequest returnss a pull request hasn't been merged by given info.
-func GetUnmergedPullRequest(headRepoID, baseRepoID int64, headBranch, baseBranch string) (*PullRequest, error) {
-	pr := &PullRequest{
-		HeadRepoID: headRepoID,
-		BaseRepoID: baseRepoID,
-		HeadBarcnh: headBranch,
-		BaseBranch: baseBranch,
-	}
-
-	has, err := x.Where("has_merged=?", false).Get(pr)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, ErrPullRequestNotExist{0, 0, headRepoID, baseRepoID, headBranch, baseBranch}
-	}
-
-	return pr, nil
-}
-
-// GetPullRequestByPullID returns pull repo by given pull ID.
-func GetPullRequestByPullID(pullID int64) (*PullRequest, error) {
-	pr := new(PullRequest)
-	has, err := x.Where("pull_id=?", pullID).Get(pr)
-	if err != nil {
-		return nil, err
-	} else if !has {
-		return nil, ErrPullRequestNotExist{0, pullID, 0, 0, "", ""}
-	}
-	return pr, nil
-}
-
 // .____          ___.          .__
 // |    |   _____ \_ |__   ____ |  |
 // |    |   \__  \ | __ \_/ __ \|  |
@@ -1366,6 +1179,7 @@ func (m *Milestone) AfterSet(colName string, _ xorm.Cell) {
 		if m.Deadline.Year() == 9999 {
 			return
 		}
+		m.Deadline = regulateTimeZone(m.Deadline)

 		m.DeadlineString = m.Deadline.Format("2006-01-02")
 		if time.Now().After(m.Deadline) {
@@ -1525,7 +1339,7 @@ func changeMilestoneIssueStats(e *xorm.Session, issue *Issue) error {
 }

 // ChangeMilestoneIssueStats updates the open/closed issues counter and progress
-// for the milestone associated witht the given issue.
+// for the milestone associated with the given issue.
 func ChangeMilestoneIssueStats(issue *Issue) (err error) {
 	sess := x.NewSession()
 	defer sessionRelease(sess)
@@ -1599,8 +1413,8 @@ func ChangeMilestoneAssign(oldMid int64, issue *Issue) (err error) {
 }

 // DeleteMilestoneByID deletes a milestone by given ID.
-func DeleteMilestoneByID(mid int64) error {
-	m, err := GetMilestoneByID(mid)
+func DeleteMilestoneByID(id int64) error {
+	m, err := GetMilestoneByID(id)
 	if err != nil {
 		if IsErrMilestoneNotExist(err) {
 			return nil
@@ -1750,9 +1564,24 @@ func createComment(e *xorm.Session, u *User, repo *Repository, issue *Issue, com
 		return nil, err
 	}

+	// Compose comment action, could be plain comment, close or reopen issue.
+	// This object will be used to notify watchers in the end of function.
+	act := &Action{
+		ActUserID:    u.Id,
+		ActUserName:  u.Name,
+		ActEmail:     u.Email,
+		Content:      fmt.Sprintf("%d|%s", issue.Index, strings.Split(content, "\n")[0]),
+		RepoID:       repo.ID,
+		RepoUserName: repo.Owner.Name,
+		RepoName:     repo.Name,
+		IsPrivate:    repo.IsPrivate,
+	}
+
 	// Check comment type.
 	switch cmtType {
 	case COMMENT_TYPE_COMMENT:
+		act.OpType = ACTION_COMMENT_ISSUE
+
 		if _, err = e.Exec("UPDATE `issue` SET num_comments=num_comments+1 WHERE id=?", issue.ID); err != nil {
 			return nil, err
 		}
@@ -1779,23 +1608,9 @@ func createComment(e *xorm.Session, u *User, repo *Repository, issue *Issue, com
 			}
 		}

-		// Notify watchers.
-		act := &Action{
-			ActUserID:    u.Id,
-			ActUserName:  u.LowerName,
-			ActEmail:     u.Email,
-			OpType:       COMMENT_ISSUE,
-			Content:      fmt.Sprintf("%d|%s", issue.Index, strings.Split(content, "\n")[0]),
-			RepoID:       repo.ID,
-			RepoUserName: repo.Owner.LowerName,
-			RepoName:     repo.LowerName,
-			IsPrivate:    repo.IsPrivate,
-		}
-		if err = notifyWatchers(e, act); err != nil {
-			return nil, err
-		}
-
 	case COMMENT_TYPE_REOPEN:
+		act.OpType = ACTION_REOPEN_ISSUE
+
 		if issue.IsPull {
 			_, err = e.Exec("UPDATE `repository` SET num_closed_pulls=num_closed_pulls-1 WHERE id=?", repo.ID)
 		} else {
@@ -1805,6 +1620,8 @@ func createComment(e *xorm.Session, u *User, repo *Repository, issue *Issue, com
 			return nil, err
 		}
 	case COMMENT_TYPE_CLOSE:
+		act.OpType = ACTION_CLOSE_ISSUE
+
 		if issue.IsPull {
 			_, err = e.Exec("UPDATE `repository` SET num_closed_pulls=num_closed_pulls+1 WHERE id=?", repo.ID)
 		} else {
@@ -1815,6 +1632,11 @@ func createComment(e *xorm.Session, u *User, repo *Repository, issue *Issue, com
 		}
 	}

+	// Notify watchers for whatever action comes in.
+	if err = notifyWatchers(e, act); err != nil {
+		return nil, fmt.Errorf("notifyWatchers: %v", err)
+	}
+
 	return comment, nil
 }

--- a/models/login.go
+++ b/models/login.go
@@ -10,6 +10,7 @@ import (
 	"errors"
 	"fmt"
 	"net/smtp"
+	"net/textproto"
 	"strings"
 	"time"

@@ -26,25 +27,24 @@ type LoginType int

 // Note: new type must be added at the end of list to maintain compatibility.
 const (
-	NOTYPE LoginType = iota
-	PLAIN
-	LDAP
-	SMTP
-	PAM
-	DLDAP
+	LOGIN_NOTYPE LoginType = iota
+	LOGIN_PLAIN            // 1
+	LOGIN_LDAP             // 2
+	LOGIN_SMTP             // 3
+	LOGIN_PAM              // 4
+	LOGIN_DLDAP            // 5
 )

 var (
 	ErrAuthenticationAlreadyExist = errors.New("Authentication already exist")
-	ErrAuthenticationNotExist     = errors.New("Authentication does not exist")
 	ErrAuthenticationUserUsed     = errors.New("Authentication has been used by some users")
 )

 var LoginNames = map[LoginType]string{
-	LDAP:  "LDAP (via BindDN)",
-	DLDAP: "LDAP (simple auth)",
-	SMTP:  "SMTP",
-	PAM:   "PAM",
+	LOGIN_LDAP:  "LDAP (via BindDN)",
+	LOGIN_DLDAP: "LDAP (simple auth)", // Via direct bind
+	LOGIN_SMTP:  "SMTP",
+	LOGIN_PAM:   "PAM",
 }

 // Ensure structs implemented interface.
@@ -105,15 +105,26 @@ type LoginSource struct {
 	Updated   time.Time       `xorm:"UPDATED"`
 }

+// Cell2Int64 converts a xorm.Cell type to int64,
+// and handles possible irregular cases.
+func Cell2Int64(val xorm.Cell) int64 {
+	switch (*val).(type) {
+	case []uint8:
+		log.Trace("Cell2Int64 ([]uint8): %v", *val)
+		return com.StrTo(string((*val).([]uint8))).MustInt64()
+	}
+	return (*val).(int64)
+}
+
 func (source *LoginSource) BeforeSet(colName string, val xorm.Cell) {
 	switch colName {
 	case "type":
-		switch LoginType((*val).(int64)) {
-		case LDAP, DLDAP:
+		switch LoginType(Cell2Int64(val)) {
+		case LOGIN_LDAP, LOGIN_DLDAP:
 			source.Cfg = new(LDAPConfig)
-		case SMTP:
+		case LOGIN_SMTP:
 			source.Cfg = new(SMTPConfig)
-		case PAM:
+		case LOGIN_PAM:
 			source.Cfg = new(PAMConfig)
 		default:
 			panic("unrecognized login source type: " + com.ToStr(*val))
@@ -126,26 +137,26 @@ func (source *LoginSource) TypeName() string {
 }

 func (source *LoginSource) IsLDAP() bool {
-	return source.Type == LDAP
+	return source.Type == LOGIN_LDAP
 }

 func (source *LoginSource) IsDLDAP() bool {
-	return source.Type == DLDAP
+	return source.Type == LOGIN_DLDAP
 }

 func (source *LoginSource) IsSMTP() bool {
-	return source.Type == SMTP
+	return source.Type == LOGIN_SMTP
 }

 func (source *LoginSource) IsPAM() bool {
-	return source.Type == PAM
+	return source.Type == LOGIN_PAM
 }

 func (source *LoginSource) UseTLS() bool {
 	switch source.Type {
-	case LDAP, DLDAP:
+	case LOGIN_LDAP, LOGIN_DLDAP:
 		return source.LDAP().UseSSL
-	case SMTP:
+	case LOGIN_SMTP:
 		return source.SMTP().TLS
 	}

@@ -154,9 +165,9 @@ func (source *LoginSource) UseTLS() bool {

 func (source *LoginSource) SkipVerify() bool {
 	switch source.Type {
-	case LDAP, DLDAP:
+	case LOGIN_LDAP, LOGIN_DLDAP:
 		return source.LDAP().SkipVerify
-	case SMTP:
+	case LOGIN_SMTP:
 		return source.SMTP().SkipVerify
 	}

@@ -191,13 +202,14 @@ func LoginSources() ([]*LoginSource, error) {
 	return auths, x.Find(&auths)
 }

+// GetLoginSourceByID returns login source by given ID.
 func GetLoginSourceByID(id int64) (*LoginSource, error) {
 	source := new(LoginSource)
 	has, err := x.Id(id).Get(source)
 	if err != nil {
 		return nil, err
 	} else if !has {
-		return nil, ErrAuthenticationNotExist
+		return nil, ErrAuthenticationNotExist{id}
 	}
 	return source, nil
 }
@@ -225,17 +237,16 @@ func DeleteSource(source *LoginSource) error {
 // |_______ \/_______  /\____|__  /____|
 //         \/        \/         \/

-// Query if name/passwd can login against the LDAP directory pool
-// Create a local user if success
-// Return the same LoginUserPlain semantic
-// FIXME: https://github.com/gogits/gogs/issues/672
-func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
+// LoginUserLDAPSource queries if loginName/passwd can login against the LDAP directory pool,
+// and create a local user if success when enabled.
+// It returns the same LoginUserPlain semantic.
+func LoginUserLDAPSource(u *User, loginName, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
 	cfg := source.Cfg.(*LDAPConfig)
-	directBind := (source.Type == DLDAP)
-	fn, sn, mail, admin, logged := cfg.SearchEntry(name, passwd, directBind)
+	directBind := (source.Type == LOGIN_DLDAP)
+	name, fn, sn, mail, admin, logged := cfg.SearchEntry(loginName, passwd, directBind)
 	if !logged {
 		// User not in LDAP, do nothing
-		return nil, ErrUserNotExist{0, name}
+		return nil, ErrUserNotExist{0, loginName}
 	}

 	if !autoRegister {
@@ -243,6 +254,9 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	}

 	// Fallback.
+	if len(name) == 0 {
+		name = loginName
+	}
 	if len(mail) == 0 {
 		mail = fmt.Sprintf("%s@localhost", name)
 	}
@@ -250,10 +264,10 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	u = &User{
 		LowerName:   strings.ToLower(name),
 		Name:        name,
-		FullName:    strings.TrimSpace(fn + " " + sn),
+		FullName:    composeFullName(fn, sn, name),
 		LoginType:   source.Type,
 		LoginSource: source.ID,
-		LoginName:   name,
+		LoginName:   loginName,
 		Email:       mail,
 		IsAdmin:     admin,
 		IsActive:    true,
@@ -261,6 +275,19 @@ func LoginUserLDAPSource(u *User, name, passwd string, source *LoginSource, auto
 	return u, CreateUser(u)
 }

+func composeFullName(firstName, surename, userName string) string {
+	switch {
+	case len(firstName) == 0 && len(surename) == 0:
+		return userName
+	case len(firstName) == 0:
+		return surename
+	case len(surename) == 0:
+		return firstName
+	default:
+		return firstName + " " + surename
+	}
+}
+
 //   _________   __________________________
 //  /   _____/  /     \__    ___/\______   \
 //  \_____  \  /  \ /  \|    |    |     ___/
@@ -335,7 +362,7 @@ func SMTPAuth(a smtp.Auth, cfg *SMTPConfig) error {
 // Query if name/passwd can login against the LDAP directory pool
 // Create a local user if success
 // Return the same LoginUserPlain semantic
-func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
+func LoginUserSMTPSource(u *User, name, passwd string, sourceID int64, cfg *SMTPConfig, autoRegister bool) (*User, error) {
 	// Verify allowed domains.
 	if len(cfg.AllowedDomains) > 0 {
 		idx := strings.Index(name, "@")
@@ -356,7 +383,11 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
 	}

 	if err := SMTPAuth(auth, cfg); err != nil {
-		if strings.Contains(err.Error(), "Username and Password not accepted") {
+		// Check standard error format first,
+		// then fallback to worse case.
+		tperr, ok := err.(*textproto.Error)
+		if (ok && tperr.Code == 535) ||
+			strings.Contains(err.Error(), "Username and Password not accepted") {
 			return nil, ErrUserNotExist{0, name}
 		}
 		return nil, err
@@ -375,8 +406,8 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
 	u = &User{
 		LowerName:   strings.ToLower(loginName),
 		Name:        strings.ToLower(loginName),
-		LoginType:   SMTP,
-		LoginSource: sourceId,
+		LoginType:   LOGIN_SMTP,
+		LoginSource: sourceID,
 		LoginName:   name,
 		IsActive:    true,
 		Passwd:      passwd,
@@ -396,7 +427,7 @@ func LoginUserSMTPSource(u *User, name, passwd string, sourceId int64, cfg *SMTP
 // Query if name/passwd can login against PAM
 // Create a local user if success
 // Return the same LoginUserPlain semantic
-func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
+func LoginUserPAMSource(u *User, name, passwd string, sourceID int64, cfg *PAMConfig, autoRegister bool) (*User, error) {
 	if err := pam.PAMAuth(cfg.ServiceName, name, passwd); err != nil {
 		if strings.Contains(err.Error(), "Authentication failure") {
 			return nil, ErrUserNotExist{0, name}
@@ -411,16 +442,15 @@ func LoginUserPAMSource(u *User, name, passwd string, sourceId int64, cfg *PAMCo
 	// fake a local user creation
 	u = &User{
 		LowerName:   strings.ToLower(name),
-		Name:        strings.ToLower(name),
-		LoginType:   PAM,
-		LoginSource: sourceId,
+		Name:        name,
+		LoginType:   LOGIN_PAM,
+		LoginSource: sourceID,
 		LoginName:   name,
 		IsActive:    true,
 		Passwd:      passwd,
 		Email:       name,
 	}
-	err := CreateUser(u)
-	return u, err
+	return u, CreateUser(u)
 }

 func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRegister bool) (*User, error) {
@@ -429,11 +459,11 @@ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRe
 	}

 	switch source.Type {
-	case LDAP, DLDAP:
+	case LOGIN_LDAP, LOGIN_DLDAP:
 		return LoginUserLDAPSource(u, name, passwd, source, autoRegister)
-	case SMTP:
+	case LOGIN_SMTP:
 		return LoginUserSMTPSource(u, name, passwd, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
-	case PAM:
+	case LOGIN_PAM:
 		return LoginUserPAMSource(u, name, passwd, source.ID, source.Cfg.(*PAMConfig), autoRegister)
 	}

@@ -444,7 +474,7 @@ func ExternalUserLogin(u *User, name, passwd string, source *LoginSource, autoRe
 func UserSignIn(uname, passwd string) (*User, error) {
 	var u *User
 	if strings.Contains(uname, "@") {
-		u = &User{Email: uname}
+		u = &User{Email: strings.ToLower(uname)}
 	} else {
 		u = &User{LowerName: strings.ToLower(uname)}
 	}
@@ -456,7 +486,7 @@ func UserSignIn(uname, passwd string) (*User, error) {

 	if userExists {
 		switch u.LoginType {
-		case NOTYPE, PLAIN:
+		case LOGIN_NOTYPE, LOGIN_PLAIN:
 			if u.ValidatePassword(passwd) {
 				return u, nil
 			}
--- a/models/migrations/migrations.go
+++ b/models/migrations/migrations.go
@@ -11,19 +11,20 @@ import (
 	"io/ioutil"
 	"os"
 	"path"
+	"path/filepath"
 	"strings"
-	"time"

 	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
+	gouuid "github.com/satori/go.uuid"
 	"gopkg.in/ini.v1"

+	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
-	gouuid "github.com/gogits/gogs/modules/uuid"
 )

-const _MIN_DB_VER = 0
+const _MIN_DB_VER = 4

 type Migration interface {
 	Description() string
@@ -57,14 +58,13 @@ type Version struct {
 // If you want to "retire" a migration, remove it from the top of the list and
 // update _MIN_VER_DB accordingly
 var migrations = []Migration{
-	NewMigration("generate collaboration from access", accessToCollaboration),    // V0 -> V1:v0.5.13
-	NewMigration("make authorize 4 if team is owners", ownerTeamUpdate),          // V1 -> V2:v0.5.13
-	NewMigration("refactor access table to use id's", accessRefactor),            // V2 -> V3:v0.5.13
-	NewMigration("generate team-repo from team", teamToTeamRepo),                 // V3 -> V4:v0.5.13
-	NewMigration("fix locale file load panic", fixLocaleFileLoadPanic),           // V4 -> V5:v0.6.0
-	NewMigration("trim action compare URL prefix", trimCommitActionAppUrlPrefix), // V5 -> V6:v0.6.3
-	NewMigration("generate issue-label from issue", issueToIssueLabel),           // V6 -> V7:v0.6.4
-	NewMigration("refactor attachment table", attachmentRefactor),                // V7 -> V8:v0.6.4
+	NewMigration("fix locale file load panic", fixLocaleFileLoadPanic),                 // V4 -> V5:v0.6.0
+	NewMigration("trim action compare URL prefix", trimCommitActionAppUrlPrefix),       // V5 -> V6:v0.6.3
+	NewMigration("generate issue-label from issue", issueToIssueLabel),                 // V6 -> V7:v0.6.4
+	NewMigration("refactor attachment table", attachmentRefactor),                      // V7 -> V8:v0.6.4
+	NewMigration("rename pull request fields", renamePullRequestFields),                // V8 -> V9:v0.6.16
+	NewMigration("clean up migrate repo info", cleanUpMigrateRepoInfo),                 // V9 -> V10:v0.6.20
+	NewMigration("generate rands and salt for organizations", generateOrgRandsAndSalt), // V10 -> V11:v0.8.5
 }

 // Migrate database to current version
@@ -78,24 +78,9 @@ func Migrate(x *xorm.Engine) error {
 	if err != nil {
 		return fmt.Errorf("get: %v", err)
 	} else if !has {
-		// If the user table does not exist it is a fresh installation and we
-		// can skip all migrations.
-		needsMigration, err := x.IsTableExist("user")
-		if err != nil {
-			return err
-		}
-		if needsMigration {
-			isEmpty, err := x.IsTableEmpty("user")
-			if err != nil {
-				return err
-			}
-			// If the user table is empty it is a fresh installation and we can
-			// skip all migrations.
-			needsMigration = !isEmpty
-		}
-		if !needsMigration {
-			currentVersion.Version = int64(_MIN_DB_VER + len(migrations))
-		}
+		// If the version record does not exist we think
+		// it is a fresh installation and we can skip all migrations.
+		currentVersion.Version = int64(_MIN_DB_VER + len(migrations))

 		if _, err = x.InsertOne(currentVersion); err != nil {
 			return fmt.Errorf("insert: %v", err)
@@ -103,6 +88,12 @@ func Migrate(x *xorm.Engine) error {
 	}

 	v := currentVersion.Version
+	if _MIN_DB_VER > v {
+		log.Fatal(4, `Gogs no longer supports auto-migration from your previously installed version. 
+Please try to upgrade to a lower version (>= v0.6.0) first, then upgrade to current version.`)
+		return nil
+	}
+
 	if int(v-_MIN_DB_VER) > len(migrations) {
 		// User downgraded Gogs.
 		currentVersion.Version = int64(len(migrations) + _MIN_DB_VER)
@@ -129,276 +120,6 @@ func sessionRelease(sess *xorm.Session) {
 	sess.Close()
 }

-func accessToCollaboration(x *xorm.Engine) (err error) {
-	type Collaboration struct {
-		ID      int64 `xorm:"pk autoincr"`
-		RepoID  int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
-		UserID  int64 `xorm:"UNIQUE(s) INDEX NOT NULL"`
-		Created time.Time
-	}
-
-	if err = x.Sync(new(Collaboration)); err != nil {
-		return fmt.Errorf("sync: %v", err)
-	}
-
-	results, err := x.Query("SELECT u.id AS `uid`, a.repo_name AS `repo`, a.mode AS `mode`, a.created as `created` FROM `access` a JOIN `user` u ON a.user_name=u.lower_name")
-	if err != nil {
-		if strings.Contains(err.Error(), "no such column") {
-			return nil
-		}
-		return err
-	}
-
-	sess := x.NewSession()
-	defer sessionRelease(sess)
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	offset := strings.Split(time.Now().String(), " ")[2]
-	for _, result := range results {
-		mode := com.StrTo(result["mode"]).MustInt64()
-		// Collaborators must have write access.
-		if mode < 2 {
-			continue
-		}
-
-		userID := com.StrTo(result["uid"]).MustInt64()
-		repoRefName := string(result["repo"])
-
-		var created time.Time
-		switch {
-		case setting.UseSQLite3:
-			created, _ = time.Parse(time.RFC3339, string(result["created"]))
-		case setting.UseMySQL:
-			created, _ = time.Parse("2006-01-02 15:04:05-0700", string(result["created"])+offset)
-		case setting.UsePostgreSQL:
-			created, _ = time.Parse("2006-01-02T15:04:05Z-0700", string(result["created"])+offset)
-		}
-
-		// find owner of repository
-		parts := strings.SplitN(repoRefName, "/", 2)
-		ownerName := parts[0]
-		repoName := parts[1]
-
-		results, err := sess.Query("SELECT u.id as `uid`, ou.uid as `memberid` FROM `user` u LEFT JOIN org_user ou ON ou.org_id=u.id WHERE u.lower_name=?", ownerName)
-		if err != nil {
-			return err
-		}
-		if len(results) < 1 {
-			continue
-		}
-
-		ownerID := com.StrTo(results[0]["uid"]).MustInt64()
-		if ownerID == userID {
-			continue
-		}
-
-		// test if user is member of owning organization
-		isMember := false
-		for _, member := range results {
-			memberID := com.StrTo(member["memberid"]).MustInt64()
-			// We can skip all cases that a user is member of the owning organization
-			if memberID == userID {
-				isMember = true
-			}
-		}
-		if isMember {
-			continue
-		}
-
-		results, err = sess.Query("SELECT id FROM `repository` WHERE owner_id=? AND lower_name=?", ownerID, repoName)
-		if err != nil {
-			return err
-		} else if len(results) < 1 {
-			continue
-		}
-
-		collaboration := &Collaboration{
-			UserID: userID,
-			RepoID: com.StrTo(results[0]["id"]).MustInt64(),
-		}
-		has, err := sess.Get(collaboration)
-		if err != nil {
-			return err
-		} else if has {
-			continue
-		}
-
-		collaboration.Created = created
-		if _, err = sess.InsertOne(collaboration); err != nil {
-			return err
-		}
-	}
-
-	return sess.Commit()
-}
-
-func ownerTeamUpdate(x *xorm.Engine) (err error) {
-	if _, err := x.Exec("UPDATE `team` SET authorize=4 WHERE lower_name=?", "owners"); err != nil {
-		return fmt.Errorf("update owner team table: %v", err)
-	}
-	return nil
-}
-
-func accessRefactor(x *xorm.Engine) (err error) {
-	type (
-		AccessMode int
-		Access     struct {
-			ID     int64 `xorm:"pk autoincr"`
-			UserID int64 `xorm:"UNIQUE(s)"`
-			RepoID int64 `xorm:"UNIQUE(s)"`
-			Mode   AccessMode
-		}
-		UserRepo struct {
-			UserID int64
-			RepoID int64
-		}
-	)
-
-	// We consiously don't start a session yet as we make only reads for now, no writes
-
-	accessMap := make(map[UserRepo]AccessMode, 50)
-
-	results, err := x.Query("SELECT r.id AS `repo_id`, r.is_private AS `is_private`, r.owner_id AS `owner_id`, u.type AS `owner_type` FROM `repository` r LEFT JOIN `user` u ON r.owner_id=u.id")
-	if err != nil {
-		return fmt.Errorf("select repositories: %v", err)
-	}
-	for _, repo := range results {
-		repoID := com.StrTo(repo["repo_id"]).MustInt64()
-		isPrivate := com.StrTo(repo["is_private"]).MustInt() > 0
-		ownerID := com.StrTo(repo["owner_id"]).MustInt64()
-		ownerIsOrganization := com.StrTo(repo["owner_type"]).MustInt() > 0
-
-		results, err := x.Query("SELECT `user_id` FROM `collaboration` WHERE repo_id=?", repoID)
-		if err != nil {
-			return fmt.Errorf("select collaborators: %v", err)
-		}
-		for _, user := range results {
-			userID := com.StrTo(user["user_id"]).MustInt64()
-			accessMap[UserRepo{userID, repoID}] = 2 // WRITE ACCESS
-		}
-
-		if !ownerIsOrganization {
-			continue
-		}
-
-		// The minimum level to add a new access record,
-		// because public repository has implicit open access.
-		minAccessLevel := AccessMode(0)
-		if !isPrivate {
-			minAccessLevel = 1
-		}
-
-		repoString := "$" + string(repo["repo_id"]) + "|"
-
-		results, err = x.Query("SELECT `id`,`authorize`,`repo_ids` FROM `team` WHERE org_id=? AND authorize>? ORDER BY `authorize` ASC", ownerID, int(minAccessLevel))
-		if err != nil {
-			if strings.Contains(err.Error(), "no such column") {
-				return nil
-			}
-			return fmt.Errorf("select teams from org: %v", err)
-		}
-
-		for _, team := range results {
-			if !strings.Contains(string(team["repo_ids"]), repoString) {
-				continue
-			}
-			teamID := com.StrTo(team["id"]).MustInt64()
-			mode := AccessMode(com.StrTo(team["authorize"]).MustInt())
-
-			results, err := x.Query("SELECT `uid` FROM `team_user` WHERE team_id=?", teamID)
-			if err != nil {
-				return fmt.Errorf("select users from team: %v", err)
-			}
-			for _, user := range results {
-				userID := com.StrTo(user["uid"]).MustInt64()
-				accessMap[UserRepo{userID, repoID}] = mode
-			}
-		}
-	}
-
-	// Drop table can't be in a session (at least not in sqlite)
-	if _, err = x.Exec("DROP TABLE `access`"); err != nil {
-		return fmt.Errorf("drop access table: %v", err)
-	}
-
-	// Now we start writing so we make a session
-	sess := x.NewSession()
-	defer sessionRelease(sess)
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	if err = sess.Sync2(new(Access)); err != nil {
-		return fmt.Errorf("sync: %v", err)
-	}
-
-	accesses := make([]*Access, 0, len(accessMap))
-	for ur, mode := range accessMap {
-		accesses = append(accesses, &Access{UserID: ur.UserID, RepoID: ur.RepoID, Mode: mode})
-	}
-
-	if _, err = sess.Insert(accesses); err != nil {
-		return fmt.Errorf("insert accesses: %v", err)
-	}
-
-	return sess.Commit()
-}
-
-func teamToTeamRepo(x *xorm.Engine) error {
-	type TeamRepo struct {
-		ID     int64 `xorm:"pk autoincr"`
-		OrgID  int64 `xorm:"INDEX"`
-		TeamID int64 `xorm:"UNIQUE(s)"`
-		RepoID int64 `xorm:"UNIQUE(s)"`
-	}
-
-	teamRepos := make([]*TeamRepo, 0, 50)
-
-	results, err := x.Query("SELECT `id`,`org_id`,`repo_ids` FROM `team`")
-	if err != nil {
-		if strings.Contains(err.Error(), "no such column") {
-			return nil
-		}
-		return fmt.Errorf("select teams: %v", err)
-	}
-	for _, team := range results {
-		orgID := com.StrTo(team["org_id"]).MustInt64()
-		teamID := com.StrTo(team["id"]).MustInt64()
-
-		// #1032: legacy code can have duplicated IDs for same repository.
-		mark := make(map[int64]bool)
-		for _, idStr := range strings.Split(string(team["repo_ids"]), "|") {
-			repoID := com.StrTo(strings.TrimPrefix(idStr, "$")).MustInt64()
-			if repoID == 0 || mark[repoID] {
-				continue
-			}
-
-			mark[repoID] = true
-			teamRepos = append(teamRepos, &TeamRepo{
-				OrgID:  orgID,
-				TeamID: teamID,
-				RepoID: repoID,
-			})
-		}
-	}
-
-	sess := x.NewSession()
-	defer sessionRelease(sess)
-	if err = sess.Begin(); err != nil {
-		return err
-	}
-
-	if err = sess.Sync2(new(TeamRepo)); err != nil {
-		return fmt.Errorf("sync2: %v", err)
-	} else if _, err = sess.Insert(teamRepos); err != nil {
-		return fmt.Errorf("insert team-repos: %v", err)
-	}
-
-	return sess.Commit()
-}
-
 func fixLocaleFileLoadPanic(_ *xorm.Engine) error {
 	cfg, err := ini.Load(setting.CustomConf)
 	if err != nil {
@@ -453,7 +174,7 @@ func trimCommitActionAppUrlPrefix(x *xorm.Engine) error {

 		pushCommits = new(PushCommits)
 		if err = json.Unmarshal(action["content"], pushCommits); err != nil {
-			return fmt.Errorf("unmarshal action content[%s]: %v", actID, err)
+			return fmt.Errorf("unmarshal action content[%d]: %v", actID, err)
 		}

 		infos := strings.Split(pushCommits.CompareUrl, "/")
@@ -464,7 +185,7 @@ func trimCommitActionAppUrlPrefix(x *xorm.Engine) error {

 		p, err := json.Marshal(pushCommits)
 		if err != nil {
-			return fmt.Errorf("marshal action content[%s]: %v", actID, err)
+			return fmt.Errorf("marshal action content[%d]: %v", actID, err)
 		}

 		if _, err = sess.Id(actID).Update(&Action{
@@ -486,7 +207,8 @@ func issueToIssueLabel(x *xorm.Engine) error {
 	issueLabels := make([]*IssueLabel, 0, 50)
 	results, err := x.Query("SELECT `id`,`label_ids` FROM `issue`")
 	if err != nil {
-		if strings.Contains(err.Error(), "no such column") {
+		if strings.Contains(err.Error(), "no such column") ||
+			strings.Contains(err.Error(), "Unknown column") {
 			return nil
 		}
 		return fmt.Errorf("select issues: %v", err)
@@ -606,3 +328,128 @@ func attachmentRefactor(x *xorm.Engine) error {

 	return sess.Commit()
 }
+
+func renamePullRequestFields(x *xorm.Engine) (err error) {
+	type PullRequest struct {
+		ID         int64 `xorm:"pk autoincr"`
+		PullID     int64 `xorm:"INDEX"`
+		PullIndex  int64
+		HeadBarcnh string
+
+		IssueID    int64 `xorm:"INDEX"`
+		Index      int64
+		HeadBranch string
+	}
+
+	if err = x.Sync(new(PullRequest)); err != nil {
+		return fmt.Errorf("sync: %v", err)
+	}
+
+	results, err := x.Query("SELECT `id`,`pull_id`,`pull_index`,`head_barcnh` FROM `pull_request`")
+	if err != nil {
+		if strings.Contains(err.Error(), "no such column") {
+			return nil
+		}
+		return fmt.Errorf("select pull requests: %v", err)
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	var pull *PullRequest
+	for _, pr := range results {
+		pull = &PullRequest{
+			ID:         com.StrTo(pr["id"]).MustInt64(),
+			IssueID:    com.StrTo(pr["pull_id"]).MustInt64(),
+			Index:      com.StrTo(pr["pull_index"]).MustInt64(),
+			HeadBranch: string(pr["head_barcnh"]),
+		}
+		if pull.Index == 0 {
+			continue
+		}
+		if _, err = sess.Id(pull.ID).Update(pull); err != nil {
+			return err
+		}
+	}
+
+	return sess.Commit()
+}
+
+func cleanUpMigrateRepoInfo(x *xorm.Engine) (err error) {
+	type (
+		User struct {
+			ID        int64 `xorm:"pk autoincr"`
+			LowerName string
+		}
+		Repository struct {
+			ID        int64 `xorm:"pk autoincr"`
+			OwnerID   int64
+			LowerName string
+		}
+	)
+
+	repos := make([]*Repository, 0, 25)
+	if err = x.Where("is_mirror=?", false).Find(&repos); err != nil {
+		return fmt.Errorf("select all non-mirror repositories: %v", err)
+	}
+	var user *User
+	for _, repo := range repos {
+		user = &User{ID: repo.OwnerID}
+		has, err := x.Get(user)
+		if err != nil {
+			return fmt.Errorf("get owner of repository[%d - %d]: %v", repo.ID, repo.OwnerID, err)
+		} else if !has {
+			continue
+		}
+
+		configPath := filepath.Join(setting.RepoRootPath, user.LowerName, repo.LowerName+".git/config")
+
+		// In case repository file is somehow missing.
+		if !com.IsFile(configPath) {
+			continue
+		}
+
+		cfg, err := ini.Load(configPath)
+		if err != nil {
+			return fmt.Errorf("open config file: %v", err)
+		}
+		cfg.DeleteSection("remote \"origin\"")
+		if err = cfg.SaveToIndent(configPath, "\t"); err != nil {
+			return fmt.Errorf("save config file: %v", err)
+		}
+	}
+
+	return nil
+}
+
+func generateOrgRandsAndSalt(x *xorm.Engine) (err error) {
+	type User struct {
+		ID    int64  `xorm:"pk autoincr"`
+		Rands string `xorm:"VARCHAR(10)"`
+		Salt  string `xorm:"VARCHAR(10)"`
+	}
+
+	orgs := make([]*User, 0, 10)
+	if err = x.Where("type=1").And("rands=''").Find(&orgs); err != nil {
+		return fmt.Errorf("select all organizations: %v", err)
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	for _, org := range orgs {
+		org.Rands = base.GetRandomString(10)
+		org.Salt = base.GetRandomString(10)
+		if _, err = sess.Id(org.ID).Update(org); err != nil {
+			return err
+		}
+	}
+
+	return sess.Commit()
+}
--- a/models/models.go
+++ b/models/models.go
@@ -20,6 +20,7 @@ import (
 	_ "github.com/lib/pq"

 	"github.com/gogits/gogs/models/migrations"
+	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
 )

@@ -52,6 +53,7 @@ func regulateTimeZone(t time.Time) time.Time {

 	zone := t.Local().Format("-0700")
 	if len(zone) != 5 {
+		log.Error(4, "Unprocessable timezone: %s - %s", t.Local(), zone)
 		return t
 	}
 	hour := com.StrTo(zone[2:3]).MustInt()
@@ -88,7 +90,7 @@ func init() {
 		new(Team), new(OrgUser), new(TeamUser), new(TeamRepo),
 		new(Notice), new(EmailAddress))

-	gonicNames := []string{"UID", "SSL"}
+	gonicNames := []string{"SSL"}
 	for _, name := range gonicNames {
 		core.LintGonicMapper[name] = true
 	}
@@ -189,12 +191,7 @@ func SetEngine() (err error) {
 		return fmt.Errorf("Fail to create xorm.log: %v", err)
 	}
 	x.SetLogger(xorm.NewSimpleLogger(f))
-
-	x.ShowSQL = true
-	x.ShowInfo = true
-	x.ShowDebug = true
-	x.ShowErr = true
-	x.ShowWarn = true
+	x.ShowSQL(true)
 	return nil
 }

--- a/models/org.go
+++ b/models/org.go
@@ -10,14 +10,13 @@ import (
 	"os"
 	"strings"

+	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
 )

 var (
-	ErrOrgNotExist      = errors.New("Organization does not exist")
-	ErrTeamAlreadyExist = errors.New("Team already exist")
-	ErrTeamNotExist     = errors.New("Team does not exist")
-	ErrTeamNameIllegal  = errors.New("Team name contains illegal characters")
+	ErrOrgNotExist  = errors.New("Organization does not exist")
+	ErrTeamNotExist = errors.New("Team does not exist")
 )

 // IsOwnedBy returns true if given user is in the owner team.
@@ -108,7 +107,10 @@ func CreateOrganization(org, owner *User) (err error) {

 	org.LowerName = strings.ToLower(org.Name)
 	org.FullName = org.Name
+	org.Rands = GetUserSalt()
+	org.Salt = GetUserSalt()
 	org.UseCustomAvatar = true
+	org.MaxRepoCreation = -1
 	org.NumTeams = 1
 	org.NumMembers = 1

@@ -252,6 +254,27 @@ func IsPublicMembership(orgId, uid int64) bool {
 	return has
 }

+func getOrgsByUserID(sess *xorm.Session, userID int64, showAll bool) ([]*User, error) {
+	orgs := make([]*User, 0, 10)
+	if !showAll {
+		sess.And("`org_user`.is_public=?", true)
+	}
+	return orgs, sess.And("`org_user`.uid=?", userID).
+		Join("INNER", "`org_user`", "`org_user`.org_id=`user`.id").Find(&orgs)
+}
+
+// GetOrgsByUserID returns a list of organizations that the given user ID
+// has joined.
+func GetOrgsByUserID(userID int64, showAll bool) ([]*User, error) {
+	return getOrgsByUserID(x.NewSession(), userID, showAll)
+}
+
+// GetOrgsByUserIDDesc returns a list of organizations that the given user ID
+// has joined, ordered descending by the given condition.
+func GetOrgsByUserIDDesc(userID int64, desc string, showAll bool) ([]*User, error) {
+	return getOrgsByUserID(x.NewSession().Desc(desc), userID, showAll)
+}
+
 func getOwnedOrgsByUserID(sess *xorm.Session, userID int64) ([]*User, error) {
 	orgs := make([]*User, 0, 10)
 	return orgs, sess.Where("`org_user`.uid=?", userID).And("`org_user`.is_owner=?", true).
@@ -265,16 +288,21 @@ func GetOwnedOrgsByUserID(userID int64) ([]*User, error) {
 }

 // GetOwnedOrganizationsByUserIDDesc returns a list of organizations are owned by
-// given user ID and descring order by given condition.
+// given user ID, ordered descending by the given condition.
 func GetOwnedOrgsByUserIDDesc(userID int64, desc string) ([]*User, error) {
 	sess := x.NewSession()
 	return getOwnedOrgsByUserID(sess.Desc(desc), userID)
 }

-// GetOrgUsersByUserId returns all organization-user relations by user ID.
-func GetOrgUsersByUserId(uid int64) ([]*OrgUser, error) {
+// GetOrgUsersByUserID returns all organization-user relations by user ID.
+func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error) {
 	ous := make([]*OrgUser, 0, 10)
-	err := x.Where("uid=?", uid).Find(&ous)
+	sess := x.Where("uid=?", uid)
+	if !all {
+		// Only show public organizations
+		sess.And("is_public=?", true)
+	}
+	err := sess.Find(&ous)
 	return ous, err
 }

@@ -590,9 +618,9 @@ func (t *Team) RemoveRepository(repoID int64) error {

 // NewTeam creates a record of new team.
 // It's caller's responsibility to assign organization ID.
-func NewTeam(t *Team) (err error) {
-	if err = IsUsableName(t.Name); err != nil {
-		return err
+func NewTeam(t *Team) error {
+	if len(t.Name) == 0 {
+		return errors.New("empty team name")
 	}

 	has, err := x.Id(t.OrgID).Get(new(User))
@@ -607,7 +635,7 @@ func NewTeam(t *Team) (err error) {
 	if err != nil {
 		return err
 	} else if has {
-		return ErrTeamAlreadyExist
+		return ErrTeamAlreadyExist{t.OrgID, t.LowerName}
 	}

 	sess := x.NewSession()
@@ -666,8 +694,8 @@ func GetTeamById(teamId int64) (*Team, error) {

 // UpdateTeam updates information of team.
 func UpdateTeam(t *Team, authChanged bool) (err error) {
-	if err = IsUsableName(t.Name); err != nil {
-		return err
+	if len(t.Name) == 0 {
+		return errors.New("empty team name")
 	}

 	if len(t.Description) > 255 {
@@ -681,6 +709,13 @@ func UpdateTeam(t *Team, authChanged bool) (err error) {
 	}

 	t.LowerName = strings.ToLower(t.Name)
+	has, err := x.Where("org_id=?", t.OrgID).And("lower_name=?", t.LowerName).And("id!=?", t.ID).Get(new(Team))
+	if err != nil {
+		return err
+	} else if has {
+		return ErrTeamAlreadyExist{t.OrgID, t.LowerName}
+	}
+
 	if _, err = sess.Id(t.ID).AllCols().Update(t); err != nil {
 		return fmt.Errorf("update: %v", err)
 	}
@@ -1015,3 +1050,61 @@ func removeOrgRepo(e Engine, orgID, repoID int64) error {
 func RemoveOrgRepo(orgID, repoID int64) error {
 	return removeOrgRepo(x, orgID, repoID)
 }
+
+// GetUserRepositories gets all repositories of an organization,
+// that the user with the given userID has access to.
+func (org *User) GetUserRepositories(userID int64) (err error) {
+	teams := make([]*Team, 0, 10)
+	if err = x.Cols("`team`.id").
+		Where("`team_user`.org_id=?", org.Id).
+		And("`team_user`.uid=?", userID).
+		Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
+		Find(&teams); err != nil {
+		return fmt.Errorf("GetUserRepositories: get teams: %v", err)
+	}
+
+	teamIDs := make([]string, len(teams))
+	for i := range teams {
+		teamIDs[i] = com.ToStr(teams[i].ID)
+	}
+	if len(teamIDs) == 0 {
+		// user has no team but "IN ()" is invalid SQL
+		teamIDs = append(teamIDs, "-1") // there is no repo with id=-1
+	}
+
+	// Due to a bug in xorm using IN() together with OR() is impossible.
+	// As a workaround, we have to build the IN statement on our own, until this is fixed.
+	// https://github.com/go-xorm/xorm/issues/342
+
+	if err = x.Cols("`repository`.*").
+		Join("INNER", "`team_repo`", "`team_repo`.repo_id=`repository`.id").
+		Where("`repository`.owner_id=?", org.Id).
+		And("`repository`.is_private=?", false).
+		Or("`team_repo`.team_id=(?)", strings.Join(teamIDs, ",")).
+		GroupBy("`repository`.id").
+		Find(&org.Repos); err != nil {
+		return fmt.Errorf("GetUserRepositories: get repositories: %v", err)
+	}
+
+	// FIXME: should I change this value inside method,
+	// or only in location of caller where it's really needed?
+	org.NumRepos = len(org.Repos)
+	return nil
+}
+
+// GetTeams returns all teams that belong to organization,
+// and that the user has joined.
+func (org *User) GetUserTeams(userID int64) error {
+	if err := x.Cols("`team`.*").
+		Where("`team_user`.org_id=?", org.Id).
+		And("`team_user`.uid=?", userID).
+		Join("INNER", "`team_user`", "`team_user`.team_id=`team`.id").
+		Find(&org.Teams); err != nil {
+		return fmt.Errorf("GetUserTeams: %v", err)
+	}
+
+	// FIXME: should I change this value inside method,
+	// or only in location of caller where it's really needed?
+	org.NumTeams = len(org.Teams)
+	return nil
+}
--- a/models/pull.go
+++ b/models/pull.go
@@ -0,0 +1,631 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"fmt"
+	"os"
+	"path"
+	"strings"
+	"time"
+
+	"github.com/Unknwon/com"
+	"github.com/go-xorm/xorm"
+
+	"github.com/gogits/git-module"
+	api "github.com/gogits/go-gogs-client"
+
+	"github.com/gogits/gogs/modules/log"
+	"github.com/gogits/gogs/modules/process"
+	"github.com/gogits/gogs/modules/setting"
+)
+
+type PullRequestType int
+
+const (
+	PULL_REQUEST_GOGS PullRequestType = iota
+	PLLL_ERQUEST_GIT
+)
+
+type PullRequestStatus int
+
+const (
+	PULL_REQUEST_STATUS_CONFLICT PullRequestStatus = iota
+	PULL_REQUEST_STATUS_CHECKING
+	PULL_REQUEST_STATUS_MERGEABLE
+)
+
+// PullRequest represents relation between pull request and repositories.
+type PullRequest struct {
+	ID     int64 `xorm:"pk autoincr"`
+	Type   PullRequestType
+	Status PullRequestStatus
+
+	IssueID int64  `xorm:"INDEX"`
+	Issue   *Issue `xorm:"-"`
+	Index   int64
+
+	HeadRepoID   int64
+	HeadRepo     *Repository `xorm:"-"`
+	BaseRepoID   int64
+	BaseRepo     *Repository `xorm:"-"`
+	HeadUserName string
+	HeadBranch   string
+	BaseBranch   string
+	MergeBase    string `xorm:"VARCHAR(40)"`
+
+	HasMerged      bool
+	MergedCommitID string `xorm:"VARCHAR(40)"`
+	Merged         time.Time
+	MergerID       int64
+	Merger         *User `xorm:"-"`
+}
+
+// Note: don't try to get Pull because will end up recursive querying.
+func (pr *PullRequest) AfterSet(colName string, _ xorm.Cell) {
+	switch colName {
+	case "merged":
+		if !pr.HasMerged {
+			return
+		}
+
+		pr.Merged = regulateTimeZone(pr.Merged)
+	}
+}
+
+func (pr *PullRequest) getHeadRepo(e Engine) (err error) {
+	pr.HeadRepo, err = getRepositoryByID(e, pr.HeadRepoID)
+	if err != nil && !IsErrRepoNotExist(err) {
+		return fmt.Errorf("getRepositoryByID(head): %v", err)
+	}
+	return nil
+}
+
+func (pr *PullRequest) GetHeadRepo() (err error) {
+	return pr.getHeadRepo(x)
+}
+
+func (pr *PullRequest) GetBaseRepo() (err error) {
+	if pr.BaseRepo != nil {
+		return nil
+	}
+
+	pr.BaseRepo, err = GetRepositoryByID(pr.BaseRepoID)
+	if err != nil {
+		return fmt.Errorf("GetRepositoryByID(base): %v", err)
+	}
+	return nil
+}
+
+func (pr *PullRequest) GetMerger() (err error) {
+	if !pr.HasMerged || pr.Merger != nil {
+		return nil
+	}
+
+	pr.Merger, err = GetUserByID(pr.MergerID)
+	if IsErrUserNotExist(err) {
+		pr.MergerID = -1
+		pr.Merger = NewFakeUser()
+	} else if err != nil {
+		return fmt.Errorf("GetUserByID: %v", err)
+	}
+	return nil
+}
+
+// IsChecking returns true if this pull request is still checking conflict.
+func (pr *PullRequest) IsChecking() bool {
+	return pr.Status == PULL_REQUEST_STATUS_CHECKING
+}
+
+// CanAutoMerge returns true if this pull request can be merged automatically.
+func (pr *PullRequest) CanAutoMerge() bool {
+	return pr.Status == PULL_REQUEST_STATUS_MERGEABLE
+}
+
+// Merge merges pull request to base repository.
+func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository) (err error) {
+	if err = pr.GetHeadRepo(); err != nil {
+		return fmt.Errorf("GetHeadRepo: %v", err)
+	} else if err = pr.GetBaseRepo(); err != nil {
+		return fmt.Errorf("GetBaseRepo: %v", err)
+	}
+
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if err = pr.Issue.changeStatus(sess, doer, true); err != nil {
+		return fmt.Errorf("Issue.changeStatus: %v", err)
+	}
+
+	headRepoPath := RepoPath(pr.HeadUserName, pr.HeadRepo.Name)
+	headGitRepo, err := git.OpenRepository(headRepoPath)
+	if err != nil {
+		return fmt.Errorf("OpenRepository: %v", err)
+	}
+	pr.MergedCommitID, err = headGitRepo.GetBranchCommitID(pr.HeadBranch)
+	if err != nil {
+		return fmt.Errorf("GetBranchCommitID: %v", err)
+	}
+
+	if err = mergePullRequestAction(sess, doer, pr.Issue.Repo, pr.Issue); err != nil {
+		return fmt.Errorf("mergePullRequestAction: %v", err)
+	}
+
+	pr.HasMerged = true
+	pr.Merged = time.Now()
+	pr.MergerID = doer.Id
+	if _, err = sess.Id(pr.ID).AllCols().Update(pr); err != nil {
+		return fmt.Errorf("update pull request: %v", err)
+	}
+
+	// Clone base repo.
+	tmpBasePath := path.Join(setting.AppDataPath, "tmp/repos", com.ToStr(time.Now().Nanosecond())+".git")
+	os.MkdirAll(path.Dir(tmpBasePath), os.ModePerm)
+	defer os.RemoveAll(path.Dir(tmpBasePath))
+
+	var stderr string
+	if _, stderr, err = process.ExecTimeout(5*time.Minute,
+		fmt.Sprintf("PullRequest.Merge (git clone): %s", tmpBasePath),
+		"git", "clone", baseGitRepo.Path, tmpBasePath); err != nil {
+		return fmt.Errorf("git clone: %s", stderr)
+	}
+
+	// Check out base branch.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git checkout): %s", tmpBasePath),
+		"git", "checkout", pr.BaseBranch); err != nil {
+		return fmt.Errorf("git checkout: %s", stderr)
+	}
+
+	// Add head repo remote.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git remote add): %s", tmpBasePath),
+		"git", "remote", "add", "head_repo", headRepoPath); err != nil {
+		return fmt.Errorf("git remote add [%s -> %s]: %s", headRepoPath, tmpBasePath, stderr)
+	}
+
+	// Merge commits.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git fetch): %s", tmpBasePath),
+		"git", "fetch", "head_repo"); err != nil {
+		return fmt.Errorf("git fetch [%s -> %s]: %s", headRepoPath, tmpBasePath, stderr)
+	}
+
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git merge --no-ff --no-commit): %s", tmpBasePath),
+		"git", "merge", "--no-ff", "--no-commit", "head_repo/"+pr.HeadBranch); err != nil {
+		return fmt.Errorf("git merge --no-ff --no-commit [%s]: %v - %s", tmpBasePath, err, stderr)
+	}
+
+	sig := doer.NewGitSig()
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git merge): %s", tmpBasePath),
+		"git", "commit", fmt.Sprintf("--author='%s <%s>'", sig.Name, sig.Email),
+		"-m", fmt.Sprintf("Merge branch '%s' of %s/%s into %s", pr.HeadBranch, pr.HeadUserName, pr.HeadRepo.Name, pr.BaseBranch)); err != nil {
+		return fmt.Errorf("git commit [%s]: %v - %s", tmpBasePath, err, stderr)
+	}
+
+	// Push back to upstream.
+	if _, stderr, err = process.ExecDir(-1, tmpBasePath,
+		fmt.Sprintf("PullRequest.Merge (git push): %s", tmpBasePath),
+		"git", "push", baseGitRepo.Path, pr.BaseBranch); err != nil {
+		return fmt.Errorf("git push: %s", stderr)
+	}
+
+	if err = sess.Commit(); err != nil {
+		return fmt.Errorf("Commit: %v", err)
+	}
+
+	// Compose commit repository action
+	l, err := headGitRepo.CommitsBetweenIDs(pr.MergedCommitID, pr.MergeBase)
+	if err != nil {
+		return fmt.Errorf("CommitsBetween: %v", err)
+	}
+	p := &api.PushPayload{
+		Ref:        "refs/heads/" + pr.BaseBranch,
+		Before:     pr.MergeBase,
+		After:      pr.MergedCommitID,
+		CompareUrl: setting.AppUrl + pr.BaseRepo.ComposeCompareURL(pr.MergeBase, pr.MergedCommitID),
+		Commits:    ListToPushCommits(l).ToApiPayloadCommits(pr.BaseRepo.FullRepoLink()),
+		Repo:       pr.BaseRepo.ComposePayload(),
+		Pusher: &api.PayloadAuthor{
+			Name:     pr.HeadRepo.MustOwner().DisplayName(),
+			Email:    pr.HeadRepo.MustOwner().Email,
+			UserName: pr.HeadRepo.MustOwner().Name,
+		},
+		Sender: &api.PayloadUser{
+			UserName:  doer.Name,
+			ID:        doer.Id,
+			AvatarUrl: setting.AppUrl + doer.RelAvatarLink(),
+		},
+	}
+	if err = PrepareWebhooks(pr.BaseRepo, HOOK_EVENT_PUSH, p); err != nil {
+		return fmt.Errorf("PrepareWebhooks: %v", err)
+	}
+	go HookQueue.Add(pr.BaseRepo.ID)
+	return nil
+}
+
+// patchConflicts is a list of conflit description from Git.
+var patchConflicts = []string{
+	"patch does not apply",
+	"already exists in working directory",
+	"unrecognized input",
+	"error:",
+}
+
+// testPatch checks if patch can be merged to base repository without conflit.
+// FIXME: make a mechanism to clean up stable local copies.
+func (pr *PullRequest) testPatch() (err error) {
+	if pr.BaseRepo == nil {
+		pr.BaseRepo, err = GetRepositoryByID(pr.BaseRepoID)
+		if err != nil {
+			return fmt.Errorf("GetRepositoryByID: %v", err)
+		}
+	}
+
+	patchPath, err := pr.BaseRepo.PatchPath(pr.Index)
+	if err != nil {
+		return fmt.Errorf("BaseRepo.PatchPath: %v", err)
+	}
+
+	// Fast fail if patch does not exist, this assumes data is cruppted.
+	if !com.IsFile(patchPath) {
+		log.Trace("PullRequest[%d].testPatch: ignored cruppted data", pr.ID)
+		return nil
+	}
+
+	log.Trace("PullRequest[%d].testPatch (patchPath): %s", pr.ID, patchPath)
+
+	if err := pr.BaseRepo.UpdateLocalCopy(); err != nil {
+		return fmt.Errorf("UpdateLocalCopy: %v", err)
+	}
+
+	// Checkout base branch.
+	_, stderr, err := process.ExecDir(-1, pr.BaseRepo.LocalCopyPath(),
+		fmt.Sprintf("PullRequest.Merge (git checkout): %v", pr.BaseRepo.ID),
+		"git", "checkout", pr.BaseBranch)
+	if err != nil {
+		return fmt.Errorf("git checkout: %s", stderr)
+	}
+
+	pr.Status = PULL_REQUEST_STATUS_CHECKING
+	_, stderr, err = process.ExecDir(-1, pr.BaseRepo.LocalCopyPath(),
+		fmt.Sprintf("testPatch (git apply --check): %d", pr.BaseRepo.ID),
+		"git", "apply", "--check", patchPath)
+	if err != nil {
+		for i := range patchConflicts {
+			if strings.Contains(stderr, patchConflicts[i]) {
+				log.Trace("PullRequest[%d].testPatch (apply): has conflit", pr.ID)
+				fmt.Println(stderr)
+				pr.Status = PULL_REQUEST_STATUS_CONFLICT
+				return nil
+			}
+		}
+
+		return fmt.Errorf("git apply --check: %v - %s", err, stderr)
+	}
+	return nil
+}
+
+// NewPullRequest creates new pull request with labels for repository.
+func NewPullRequest(repo *Repository, pull *Issue, labelIDs []int64, uuids []string, pr *PullRequest, patch []byte) (err error) {
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
+	if err = newIssue(sess, repo, pull, labelIDs, uuids, true); err != nil {
+		return fmt.Errorf("newIssue: %v", err)
+	}
+
+	// Notify watchers.
+	act := &Action{
+		ActUserID:    pull.Poster.Id,
+		ActUserName:  pull.Poster.Name,
+		ActEmail:     pull.Poster.Email,
+		OpType:       ACTION_CREATE_PULL_REQUEST,
+		Content:      fmt.Sprintf("%d|%s", pull.Index, pull.Name),
+		RepoID:       repo.ID,
+		RepoUserName: repo.Owner.Name,
+		RepoName:     repo.Name,
+		IsPrivate:    repo.IsPrivate,
+	}
+	if err = notifyWatchers(sess, act); err != nil {
+		return err
+	}
+
+	pr.Index = pull.Index
+	if err = repo.SavePatch(pr.Index, patch); err != nil {
+		return fmt.Errorf("SavePatch: %v", err)
+	}
+
+	pr.BaseRepo = repo
+	if err = pr.testPatch(); err != nil {
+		return fmt.Errorf("testPatch: %v", err)
+	}
+	if pr.Status == PULL_REQUEST_STATUS_CHECKING {
+		pr.Status = PULL_REQUEST_STATUS_MERGEABLE
+	}
+
+	pr.IssueID = pull.ID
+	if _, err = sess.Insert(pr); err != nil {
+		return fmt.Errorf("insert pull repo: %v", err)
+	}
+
+	return sess.Commit()
+}
+
+// GetUnmergedPullRequest returnss a pull request that is open and has not been merged
+// by given head/base and repo/branch.
+func GetUnmergedPullRequest(headRepoID, baseRepoID int64, headBranch, baseBranch string) (*PullRequest, error) {
+	pr := new(PullRequest)
+	has, err := x.Where("head_repo_id=? AND head_branch=? AND base_repo_id=? AND base_branch=? AND has_merged=? AND issue.is_closed=?",
+		headRepoID, headBranch, baseRepoID, baseBranch, false, false).
+		Join("INNER", "issue", "issue.id=pull_request.issue_id").Get(pr)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrPullRequestNotExist{0, 0, headRepoID, baseRepoID, headBranch, baseBranch}
+	}
+
+	return pr, nil
+}
+
+// GetUnmergedPullRequestsByHeadInfo returnss all pull requests that are open and has not been merged
+// by given head information (repo and branch).
+func GetUnmergedPullRequestsByHeadInfo(repoID int64, branch string) ([]*PullRequest, error) {
+	prs := make([]*PullRequest, 0, 2)
+	return prs, x.Where("head_repo_id=? AND head_branch=? AND has_merged=? AND issue.is_closed=?",
+		repoID, branch, false, false).
+		Join("INNER", "issue", "issue.id=pull_request.issue_id").Find(&prs)
+}
+
+// GetUnmergedPullRequestsByBaseInfo returnss all pull requests that are open and has not been merged
+// by given base information (repo and branch).
+func GetUnmergedPullRequestsByBaseInfo(repoID int64, branch string) ([]*PullRequest, error) {
+	prs := make([]*PullRequest, 0, 2)
+	return prs, x.Where("base_repo_id=? AND base_branch=? AND has_merged=? AND issue.is_closed=?",
+		repoID, branch, false, false).
+		Join("INNER", "issue", "issue.id=pull_request.issue_id").Find(&prs)
+}
+
+// GetPullRequestByID returns a pull request by given ID.
+func GetPullRequestByID(id int64) (*PullRequest, error) {
+	pr := new(PullRequest)
+	has, err := x.Id(id).Get(pr)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrPullRequestNotExist{id, 0, 0, 0, "", ""}
+	}
+	return pr, nil
+}
+
+// GetPullRequestByIssueID returns pull request by given issue ID.
+func GetPullRequestByIssueID(issueID int64) (*PullRequest, error) {
+	pr := &PullRequest{
+		IssueID: issueID,
+	}
+	has, err := x.Get(pr)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrPullRequestNotExist{0, issueID, 0, 0, "", ""}
+	}
+	return pr, nil
+}
+
+// Update updates all fields of pull request.
+func (pr *PullRequest) Update() error {
+	_, err := x.Id(pr.ID).AllCols().Update(pr)
+	return err
+}
+
+// Update updates specific fields of pull request.
+func (pr *PullRequest) UpdateCols(cols ...string) error {
+	_, err := x.Id(pr.ID).Cols(cols...).Update(pr)
+	return err
+}
+
+var PullRequestQueue = NewUniqueQueue(setting.Repository.PullRequestQueueLength)
+
+// UpdatePatch generates and saves a new patch.
+func (pr *PullRequest) UpdatePatch() (err error) {
+	if err = pr.GetHeadRepo(); err != nil {
+		return fmt.Errorf("GetHeadRepo: %v", err)
+	} else if pr.HeadRepo == nil {
+		log.Trace("PullRequest[%d].UpdatePatch: ignored cruppted data", pr.ID)
+		return nil
+	}
+
+	if err = pr.GetBaseRepo(); err != nil {
+		return fmt.Errorf("GetBaseRepo: %v", err)
+	}
+
+	headGitRepo, err := git.OpenRepository(pr.HeadRepo.RepoPath())
+	if err != nil {
+		return fmt.Errorf("OpenRepository: %v", err)
+	}
+
+	// Add a temporary remote.
+	tmpRemote := com.ToStr(time.Now().UnixNano())
+	if err = headGitRepo.AddRemote(tmpRemote, RepoPath(pr.BaseRepo.MustOwner().Name, pr.BaseRepo.Name), true); err != nil {
+		return fmt.Errorf("AddRemote: %v", err)
+	}
+	defer func() {
+		headGitRepo.RemoveRemote(tmpRemote)
+	}()
+	remoteBranch := "remotes/" + tmpRemote + "/" + pr.BaseBranch
+	pr.MergeBase, err = headGitRepo.GetMergeBase(remoteBranch, pr.HeadBranch)
+	if err != nil {
+		return fmt.Errorf("GetMergeBase: %v", err)
+	} else if err = pr.Update(); err != nil {
+		return fmt.Errorf("Update: %v", err)
+	}
+
+	patch, err := headGitRepo.GetPatch(pr.MergeBase, pr.HeadBranch)
+	if err != nil {
+		return fmt.Errorf("GetPatch: %v", err)
+	}
+
+	if err = pr.BaseRepo.SavePatch(pr.Index, patch); err != nil {
+		return fmt.Errorf("BaseRepo.SavePatch: %v", err)
+	}
+
+	return nil
+}
+
+// PushToBaseRepo pushes commits from branches of head repository to
+// corresponding branches of base repository.
+// FIXME: could fail after user force push head repo, should we always force push here?
+// FIXME: Only push branches that are actually updates?
+func (pr *PullRequest) PushToBaseRepo() (err error) {
+	log.Trace("PushToBaseRepo[%[1]d]: pushing commits to base repo 'refs/pull/%[1]d/head'", pr.ID)
+
+	headRepoPath := pr.HeadRepo.RepoPath()
+	headGitRepo, err := git.OpenRepository(headRepoPath)
+	if err != nil {
+		return fmt.Errorf("OpenRepository: %v", err)
+	}
+
+	tmpRemoteName := fmt.Sprintf("tmp-pull-%d", pr.ID)
+	if err = headGitRepo.AddRemote(tmpRemoteName, pr.BaseRepo.RepoPath(), false); err != nil {
+		return fmt.Errorf("headGitRepo.AddRemote: %v", err)
+	}
+	// Make sure to remove the remote even if the push fails
+	defer headGitRepo.RemoveRemote(tmpRemoteName)
+
+	if err = git.Push(headRepoPath, tmpRemoteName, fmt.Sprintf("%s:refs/pull/%d/head", pr.HeadBranch, pr.Index)); err != nil {
+		return fmt.Errorf("Push: %v", err)
+	}
+
+	return nil
+}
+
+// AddToTaskQueue adds itself to pull request test task queue.
+func (pr *PullRequest) AddToTaskQueue() {
+	go PullRequestQueue.AddFunc(pr.ID, func() {
+		pr.Status = PULL_REQUEST_STATUS_CHECKING
+		if err := pr.UpdateCols("status"); err != nil {
+			log.Error(5, "AddToTaskQueue.UpdateCols[%d].(add to queue): %v", pr.ID, err)
+		}
+	})
+}
+
+func addHeadRepoTasks(prs []*PullRequest) {
+	for _, pr := range prs {
+		log.Trace("addHeadRepoTasks[%d]: composing new test task", pr.ID)
+		if err := pr.UpdatePatch(); err != nil {
+			log.Error(4, "UpdatePatch: %v", err)
+			continue
+		} else if err := pr.PushToBaseRepo(); err != nil {
+			log.Error(4, "PushToBaseRepo: %v", err)
+			continue
+		}
+
+		pr.AddToTaskQueue()
+	}
+}
+
+// AddTestPullRequestTask adds new test tasks by given head/base repository and head/base branch,
+// and generate new patch for testing as needed.
+func AddTestPullRequestTask(repoID int64, branch string) {
+	log.Trace("AddTestPullRequestTask[head_repo_id: %d, head_branch: %s]: finding pull requests", repoID, branch)
+	prs, err := GetUnmergedPullRequestsByHeadInfo(repoID, branch)
+	if err != nil {
+		log.Error(4, "Find pull requests[head_repo_id: %d, head_branch: %s]: %v", repoID, branch, err)
+		return
+	}
+	addHeadRepoTasks(prs)
+
+	log.Trace("AddTestPullRequestTask[base_repo_id: %d, base_branch: %s]: finding pull requests", repoID, branch)
+	prs, err = GetUnmergedPullRequestsByBaseInfo(repoID, branch)
+	if err != nil {
+		log.Error(4, "Find pull requests[base_repo_id: %d, base_branch: %s]: %v", repoID, branch, err)
+		return
+	}
+	for _, pr := range prs {
+		pr.AddToTaskQueue()
+	}
+}
+
+func ChangeUsernameInPullRequests(oldUserName, newUserName string) error {
+	pr := PullRequest{
+		HeadUserName: strings.ToLower(newUserName),
+	}
+	_, err := x.Cols("head_user_name").Where("head_user_name = ?", strings.ToLower(oldUserName)).Update(pr)
+	return err
+}
+
+// checkAndUpdateStatus checks if pull request is possible to levaing checking status,
+// and set to be either conflict or mergeable.
+func (pr *PullRequest) checkAndUpdateStatus() {
+	// Status is not changed to conflict means mergeable.
+	if pr.Status == PULL_REQUEST_STATUS_CHECKING {
+		pr.Status = PULL_REQUEST_STATUS_MERGEABLE
+	}
+
+	// Make sure there is no waiting test to process before levaing the checking status.
+	if !PullRequestQueue.Exist(pr.ID) {
+		if err := pr.UpdateCols("status"); err != nil {
+			log.Error(4, "Update[%d]: %v", pr.ID, err)
+		}
+	}
+}
+
+// TestPullRequests checks and tests untested patches of pull requests.
+// TODO: test more pull requests at same time.
+func TestPullRequests() {
+	prs := make([]*PullRequest, 0, 10)
+	x.Iterate(PullRequest{
+		Status: PULL_REQUEST_STATUS_CHECKING,
+	},
+		func(idx int, bean interface{}) error {
+			pr := bean.(*PullRequest)
+
+			if err := pr.GetBaseRepo(); err != nil {
+				log.Error(3, "GetBaseRepo: %v", err)
+				return nil
+			}
+
+			if err := pr.testPatch(); err != nil {
+				log.Error(3, "testPatch: %v", err)
+				return nil
+			}
+			prs = append(prs, pr)
+			return nil
+		})
+
+	// Update pull request status.
+	for _, pr := range prs {
+		pr.checkAndUpdateStatus()
+	}
+
+	// Start listening on new test requests.
+	for prID := range PullRequestQueue.Queue() {
+		log.Trace("TestPullRequests[%v]: processing test task", prID)
+		PullRequestQueue.Remove(prID)
+
+		pr, err := GetPullRequestByID(com.StrTo(prID).MustInt64())
+		if err != nil {
+			log.Error(4, "GetPullRequestByID[%d]: %v", prID, err)
+			continue
+		} else if err = pr.testPatch(); err != nil {
+			log.Error(4, "testPatch[%d]: %v", pr.ID, err)
+			continue
+		}
+
+		pr.checkAndUpdateStatus()
+	}
+}
+
+func InitTestPullRequests() {
+	go TestPullRequests()
+}
--- a/models/release.go
+++ b/models/release.go
@@ -5,34 +5,31 @@
 package models

 import (
-	"errors"
+	"fmt"
 	"sort"
 	"strings"
 	"time"

 	"github.com/go-xorm/xorm"

-	"github.com/gogits/gogs/modules/git"
-)
+	"github.com/gogits/git-module"

-var (
-	ErrReleaseAlreadyExist = errors.New("Release already exist")
-	ErrReleaseNotExist     = errors.New("Release does not exist")
+	"github.com/gogits/gogs/modules/process"
 )

 // Release represents a release of repository.
 type Release struct {
-	Id               int64
-	RepoId           int64
-	PublisherId      int64
+	ID               int64 `xorm:"pk autoincr"`
+	RepoID           int64
+	PublisherID      int64
 	Publisher        *User `xorm:"-"`
 	TagName          string
 	LowerTagName     string
 	Target           string
 	Title            string
 	Sha1             string `xorm:"VARCHAR(40)"`
-	NumCommits       int
-	NumCommitsBehind int    `xorm:"-"`
+	NumCommits       int64
+	NumCommitsBehind int64  `xorm:"-"`
 	Note             string `xorm:"TEXT"`
 	IsDraft          bool   `xorm:"NOT NULL DEFAULT false"`
 	IsPrerelease     bool
@@ -47,35 +44,35 @@ func (r *Release) AfterSet(colName string, _ xorm.Cell) {
 }

 // IsReleaseExist returns true if release with given tag name already exists.
-func IsReleaseExist(repoId int64, tagName string) (bool, error) {
+func IsReleaseExist(repoID int64, tagName string) (bool, error) {
 	if len(tagName) == 0 {
 		return false, nil
 	}

-	return x.Get(&Release{RepoId: repoId, LowerTagName: strings.ToLower(tagName)})
+	return x.Get(&Release{RepoID: repoID, LowerTagName: strings.ToLower(tagName)})
 }

 func createTag(gitRepo *git.Repository, rel *Release) error {
 	// Only actual create when publish.
 	if !rel.IsDraft {
 		if !gitRepo.IsTagExist(rel.TagName) {
-			commit, err := gitRepo.GetCommitOfBranch(rel.Target)
+			commit, err := gitRepo.GetBranchCommit(rel.Target)
 			if err != nil {
-				return err
+				return fmt.Errorf("GetBranchCommit: %v", err)
 			}

-			if err = gitRepo.CreateTag(rel.TagName, commit.Id.String()); err != nil {
+			if err = gitRepo.CreateTag(rel.TagName, commit.ID.String()); err != nil {
 				return err
 			}
 		} else {
-			commit, err := gitRepo.GetCommitOfTag(rel.TagName)
+			commit, err := gitRepo.GetTagCommit(rel.TagName)
 			if err != nil {
-				return err
+				return fmt.Errorf("GetTagCommit: %v", err)
 			}

 			rel.NumCommits, err = commit.CommitsCount()
 			if err != nil {
-				return err
+				return fmt.Errorf("CommitsCount: %v", err)
 			}
 		}
 	}
@@ -84,11 +81,11 @@ func createTag(gitRepo *git.Repository, rel *Release) error {

 // CreateRelease creates a new release of repository.
 func CreateRelease(gitRepo *git.Repository, rel *Release) error {
-	isExist, err := IsReleaseExist(rel.RepoId, rel.TagName)
+	isExist, err := IsReleaseExist(rel.RepoID, rel.TagName)
 	if err != nil {
 		return err
 	} else if isExist {
-		return ErrReleaseAlreadyExist
+		return ErrReleaseAlreadyExist{rel.TagName}
 	}

 	if err = createTag(gitRepo, rel); err != nil {
@@ -100,22 +97,35 @@ func CreateRelease(gitRepo *git.Repository, rel *Release) error {
 }

 // GetRelease returns release by given ID.
-func GetRelease(repoId int64, tagName string) (*Release, error) {
-	isExist, err := IsReleaseExist(repoId, tagName)
+func GetRelease(repoID int64, tagName string) (*Release, error) {
+	isExist, err := IsReleaseExist(repoID, tagName)
 	if err != nil {
 		return nil, err
 	} else if !isExist {
-		return nil, ErrReleaseNotExist
+		return nil, ErrReleaseNotExist{0, tagName}
 	}

-	rel := &Release{RepoId: repoId, LowerTagName: strings.ToLower(tagName)}
+	rel := &Release{RepoID: repoID, LowerTagName: strings.ToLower(tagName)}
 	_, err = x.Get(rel)
 	return rel, err
 }

-// GetReleasesByRepoId returns a list of releases of repository.
-func GetReleasesByRepoId(repoId int64) (rels []*Release, err error) {
-	err = x.Desc("created").Find(&rels, Release{RepoId: repoId})
+// GetReleaseByID returns release with given ID.
+func GetReleaseByID(id int64) (*Release, error) {
+	rel := new(Release)
+	has, err := x.Id(id).Get(rel)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrReleaseNotExist{id, ""}
+	}
+
+	return rel, nil
+}
+
+// GetReleasesByRepoID returns a list of releases of repository.
+func GetReleasesByRepoID(repoID int64) (rels []*Release, err error) {
+	err = x.Desc("created").Find(&rels, Release{RepoID: repoID})
 	return rels, err
 }

@@ -150,6 +160,32 @@ func UpdateRelease(gitRepo *git.Repository, rel *Release) (err error) {
 	if err = createTag(gitRepo, rel); err != nil {
 		return err
 	}
-	_, err = x.Id(rel.Id).AllCols().Update(rel)
+	_, err = x.Id(rel.ID).AllCols().Update(rel)
 	return err
 }
+
+// DeleteReleaseByID deletes a release and corresponding Git tag by given ID.
+func DeleteReleaseByID(id int64) error {
+	rel, err := GetReleaseByID(id)
+	if err != nil {
+		return fmt.Errorf("GetReleaseByID: %v", err)
+	}
+
+	repo, err := GetRepositoryByID(rel.RepoID)
+	if err != nil {
+		return fmt.Errorf("GetRepositoryByID: %v", err)
+	}
+
+	_, stderr, err := process.ExecDir(-1, repo.RepoPath(),
+		fmt.Sprintf("DeleteReleaseByID (git tag -d): %d", rel.ID),
+		"git", "tag", "-d", rel.TagName)
+	if err != nil && !strings.Contains(stderr, "not found") {
+		return fmt.Errorf("git tag -d: %v - %s", err, stderr)
+	}
+
+	if _, err = x.Id(rel.ID).Delete(new(Release)); err != nil {
+		return fmt.Errorf("Delete: %v", err)
+	}
+
+	return nil
+}
--- a/models/repo.go
+++ b/models/repo.go
--- a/models/repo_branch.go
+++ b/models/repo_branch.go
@@ -0,0 +1,57 @@
+// Copyright 2016 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"github.com/gogits/git-module"
+)
+
+type Branch struct {
+	Path string
+	Name string
+}
+
+func GetBranchesByPath(path string) ([]*Branch, error) {
+	gitRepo, err := git.OpenRepository(path)
+	if err != nil {
+		return nil, err
+	}
+
+	brs, err := gitRepo.GetBranches()
+	if err != nil {
+		return nil, err
+	}
+
+	branches := make([]*Branch, len(brs))
+	for i := range brs {
+		branches[i] = &Branch{
+			Path: path,
+			Name: brs[i],
+		}
+	}
+	return branches, nil
+}
+
+func (repo *Repository) GetBranch(br string) (*Branch, error) {
+	if !git.IsBranchExist(repo.RepoPath(), br) {
+		return nil, &ErrBranchNotExist{br}
+	}
+	return &Branch{
+		Path: repo.RepoPath(),
+		Name: br,
+	}, nil
+}
+
+func (repo *Repository) GetBranches() ([]*Branch, error) {
+	return GetBranchesByPath(repo.RepoPath())
+}
+
+func (br *Branch) GetCommit() (*git.Commit, error) {
+	gitRepo, err := git.OpenRepository(br.Path)
+	if err != nil {
+		return nil, err
+	}
+	return gitRepo.GetBranchCommit(br.Name)
+}
--- a/models/publickey.go
+++ b/models/publickey.go
@@ -13,7 +13,6 @@ import (
 	"io"
 	"io/ioutil"
 	"os"
-	"os/exec"
 	"path"
 	"path/filepath"
 	"strings"
@@ -22,6 +21,7 @@ import (

 	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
+	"golang.org/x/crypto/ssh"

 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/process"
@@ -33,50 +33,8 @@ const (
 	_TPL_PUBLICK_KEY = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
 )

-var (
-	ErrKeyUnableVerify = errors.New("Unable to verify public key")
-)
-
 var sshOpLocker = sync.Mutex{}

-var (
-	SSHPath string // SSH directory.
-	appPath string // Execution(binary) path.
-)
-
-// exePath returns the executable path.
-func exePath() (string, error) {
-	file, err := exec.LookPath(os.Args[0])
-	if err != nil {
-		return "", err
-	}
-	return filepath.Abs(file)
-}
-
-// homeDir returns the home directory of current user.
-func homeDir() string {
-	home, err := com.HomeDir()
-	if err != nil {
-		log.Fatal(4, "Fail to get home directory: %v", err)
-	}
-	return home
-}
-
-func init() {
-	var err error
-
-	if appPath, err = exePath(); err != nil {
-		log.Fatal(4, "fail to get app path: %v\n", err)
-	}
-	appPath = strings.Replace(appPath, "\\", "/", -1)
-
-	// Determine and create .ssh path.
-	SSHPath = filepath.Join(homeDir(), ".ssh")
-	if err = os.MkdirAll(SSHPath, 0700); err != nil {
-		log.Fatal(4, "fail to create '%s': %v", SSHPath, err)
-	}
-}
-
 type KeyType int

 const (
@@ -114,17 +72,7 @@ func (k *PublicKey) OmitEmail() string {

 // GetAuthorizedString generates and returns formatted public key string for authorized_keys file.
 func (key *PublicKey) GetAuthorizedString() string {
-	return fmt.Sprintf(_TPL_PUBLICK_KEY, appPath, key.ID, setting.CustomConf, key.Content)
-}
-
-var minimumKeySizes = map[string]int{
-	"(ED25519)": 256,
-	"(ECDSA)":   256,
-	"(NTRU)":    1087,
-	"(MCE)":     1702,
-	"(McE)":     1702,
-	"(RSA)":     1024,
-	"(DSA)":     1024,
+	return fmt.Sprintf(_TPL_PUBLICK_KEY, setting.AppPath, key.ID, setting.CustomConf, key.Content)
 }

 func extractTypeFromBase64Key(key string) (string, error) {
@@ -217,47 +165,23 @@ func CheckPublicKeyString(content string) (_ string, err error) {
 		return "", errors.New("only a single line with a single key please")
 	}

-	// write the key to a file…
-	tmpFile, err := ioutil.TempFile(os.TempDir(), "keytest")
+	// remove any unnecessary whitespace now
+	content = strings.TrimSpace(content)
+
+	fields := strings.Fields(content)
+	if len(fields) < 2 {
+		return "", errors.New("too less fields")
+	}
+
+	key, err := base64.StdEncoding.DecodeString(fields[1])
 	if err != nil {
-		return "", err
+		return "", fmt.Errorf("StdEncoding.DecodeString: %v", err)
 	}
-	tmpPath := tmpFile.Name()
-	defer os.Remove(tmpPath)
-	tmpFile.WriteString(content)
-	tmpFile.Close()
-
-	// Check if ssh-keygen recognizes its contents.
-	stdout, stderr, err := process.Exec("CheckPublicKeyString", "ssh-keygen", "-l", "-f", tmpPath)
+	pkey, err := ssh.ParsePublicKey([]byte(key))
 	if err != nil {
-		return "", errors.New("ssh-keygen -l -f: " + stderr)
-	} else if len(stdout) < 2 {
-		return "", errors.New("ssh-keygen returned not enough output to evaluate the key: " + stdout)
-	}
-
-	// The ssh-keygen in Windows does not print key type, so no need go further.
-	if setting.IsWindows {
-		return content, nil
-	}
-
-	sshKeygenOutput := strings.Split(stdout, " ")
-	if len(sshKeygenOutput) < 4 {
-		return content, ErrKeyUnableVerify
-	}
-
-	// Check if key type and key size match.
-	if !setting.Service.DisableMinimumKeySizeCheck {
-		keySize := com.StrTo(sshKeygenOutput[0]).MustInt()
-		if keySize == 0 {
-			return "", errors.New("cannot get key size of the given key")
-		}
-		keyType := strings.TrimSpace(sshKeygenOutput[len(sshKeygenOutput)-1])
-		if minimumKeySize := minimumKeySizes[keyType]; minimumKeySize == 0 {
-			return "", errors.New("sorry, unrecognized public key type")
-		} else if keySize < minimumKeySize {
-			return "", fmt.Errorf("the minimum accepted size of a public key %s is %d", keyType, minimumKeySize)
-		}
+		return "", fmt.Errorf("ParsePublicKey: %v", err)
 	}
+	log.Trace("Key type: %s", pkey.Type())

 	return content, nil
 }
@@ -267,7 +191,7 @@ func saveAuthorizedKeyFile(keys ...*PublicKey) error {
 	sshOpLocker.Lock()
 	defer sshOpLocker.Unlock()

-	fpath := filepath.Join(SSHPath, "authorized_keys")
+	fpath := filepath.Join(setting.SSHRootPath, "authorized_keys")
 	f, err := os.OpenFile(fpath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0600)
 	if err != nil {
 		return err
@@ -321,9 +245,9 @@ func addKey(e Engine, key *PublicKey) (err error) {
 	if err = ioutil.WriteFile(tmpPath, []byte(key.Content), 0644); err != nil {
 		return err
 	}
-	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-l", "-f", tmpPath)
+	stdout, stderr, err := process.Exec("AddPublicKey", "ssh-keygen", "-lf", tmpPath)
 	if err != nil {
-		return errors.New("ssh-keygen -l -f: " + stderr)
+		return errors.New("ssh-keygen -lf: " + stderr)
 	} else if len(stdout) < 2 {
 		return errors.New("not enough output for calculating fingerprint: " + stdout)
 	}
@@ -333,27 +257,32 @@ func addKey(e Engine, key *PublicKey) (err error) {
 	if _, err = e.Insert(key); err != nil {
 		return err
 	}
+
+	// Don't need to rewrite this file if builtin SSH server is enabled.
+	if setting.StartSSHServer {
+		return nil
+	}
 	return saveAuthorizedKeyFile(key)
 }

 // AddPublicKey adds new public key to database and authorized_keys file.
-func AddPublicKey(ownerID int64, name, content string) (err error) {
-	if err = checkKeyContent(content); err != nil {
-		return err
+func AddPublicKey(ownerID int64, name, content string) (*PublicKey, error) {
+	if err := checkKeyContent(content); err != nil {
+		return nil, err
 	}

 	// Key name of same user cannot be duplicated.
 	has, err := x.Where("owner_id=? AND name=?", ownerID, name).Get(new(PublicKey))
 	if err != nil {
-		return err
+		return nil, err
 	} else if has {
-		return ErrKeyNameAlreadyUsed{ownerID, name}
+		return nil, ErrKeyNameAlreadyUsed{ownerID, name}
 	}

 	sess := x.NewSession()
 	defer sessionRelease(sess)
 	if err = sess.Begin(); err != nil {
-		return err
+		return nil, err
 	}

 	key := &PublicKey{
@@ -364,10 +293,10 @@ func AddPublicKey(ownerID int64, name, content string) (err error) {
 		Type:    KEY_TYPE_USER,
 	}
 	if err = addKey(sess, key); err != nil {
-		return fmt.Errorf("addKey: %v", err)
+		return nil, fmt.Errorf("addKey: %v", err)
 	}

-	return sess.Commit()
+	return key, sess.Commit()
 }

 // GetPublicKeyByID returns public key by given ID.
@@ -382,6 +311,19 @@ func GetPublicKeyByID(keyID int64) (*PublicKey, error) {
 	return key, nil
 }

+// SearchPublicKeyByContent searches content as prefix (leak e-mail part)
+// and returns public key found.
+func SearchPublicKeyByContent(content string) (*PublicKey, error) {
+	key := new(PublicKey)
+	has, err := x.Where("content like ?", content+"%").Get(key)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrKeyNotExist{}
+	}
+	return key, nil
+}
+
 // ListPublicKeys returns a list of public keys belongs to given user.
 func ListPublicKeys(uid int64) ([]*PublicKey, error) {
 	keys := make([]*PublicKey, 0, 5)
@@ -435,6 +377,11 @@ func rewriteAuthorizedKeys(key *PublicKey, p, tmpP string) error {
 			break
 		}
 	}
+
+	if !isFound {
+		log.Warn("SSH key %d not found in authorized_keys file for deletion", key.ID)
+	}
+
 	return nil
 }

@@ -460,8 +407,13 @@ func deletePublicKey(e *xorm.Session, keyID int64) error {
 		return err
 	}

-	fpath := filepath.Join(SSHPath, "authorized_keys")
-	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
+	// Don't need to rewrite this file if builtin SSH server is enabled.
+	if setting.StartSSHServer {
+		return nil
+	}
+
+	fpath := filepath.Join(setting.SSHRootPath, "authorized_keys")
+	tmpPath := filepath.Join(setting.SSHRootPath, "authorized_keys.tmp")
 	if err = rewriteAuthorizedKeys(key, fpath, tmpPath); err != nil {
 		return err
 	} else if err = os.Remove(fpath); err != nil {
@@ -471,12 +423,18 @@ func deletePublicKey(e *xorm.Session, keyID int64) error {
 }

 // DeletePublicKey deletes SSH key information both in database and authorized_keys file.
-func DeletePublicKey(id int64) (err error) {
-	has, err := x.Id(id).Get(new(PublicKey))
+func DeletePublicKey(doer *User, id int64) (err error) {
+	key, err := GetPublicKeyByID(id)
 	if err != nil {
-		return err
-	} else if !has {
-		return nil
+		if IsErrKeyNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("GetPublicKeyByID: %v", err)
+	}
+
+	// Check if user has access to delete this key.
+	if !doer.IsAdmin && doer.Id != key.OwnerID {
+		return ErrKeyAccessDenied{doer.Id, key.ID, "public"}
 	}

 	sess := x.NewSession()
@@ -497,7 +455,7 @@ func RewriteAllPublicKeys() error {
 	sshOpLocker.Lock()
 	defer sshOpLocker.Unlock()

-	tmpPath := filepath.Join(SSHPath, "authorized_keys.tmp")
+	tmpPath := filepath.Join(setting.SSHRootPath, "authorized_keys.tmp")
 	f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return err
@@ -513,7 +471,7 @@ func RewriteAllPublicKeys() error {
 		return err
 	}

-	fpath := filepath.Join(SSHPath, "authorized_keys")
+	fpath := filepath.Join(setting.SSHRootPath, "authorized_keys")
 	if com.IsExist(fpath) {
 		if err = os.Remove(fpath); err != nil {
 			return err
@@ -540,6 +498,7 @@ type DeployKey struct {
 	RepoID            int64 `xorm:"UNIQUE(s) INDEX"`
 	Name              string
 	Fingerprint       string
+	Content           string    `xorm:"-"`
 	Created           time.Time `xorm:"CREATED"`
 	Updated           time.Time // Note: Updated must below Created for AfterSet.
 	HasRecentActivity bool      `xorm:"-"`
@@ -554,6 +513,16 @@ func (k *DeployKey) AfterSet(colName string, _ xorm.Cell) {
 	}
 }

+// GetContent gets associated public key content.
+func (k *DeployKey) GetContent() error {
+	pkey, err := GetPublicKeyByID(k.KeyID)
+	if err != nil {
+		return err
+	}
+	k.Content = pkey.Content
+	return nil
+}
+
 func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
 	// Note: We want error detail, not just true or false here.
 	has, err := e.Where("key_id=? AND repo_id=?", keyID, repoID).Get(new(DeployKey))
@@ -574,18 +543,19 @@ func checkDeployKey(e Engine, keyID, repoID int64, name string) error {
 }

 // addDeployKey adds new key-repo relation.
-func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (err error) {
-	if err = checkDeployKey(e, keyID, repoID, name); err != nil {
-		return err
+func addDeployKey(e *xorm.Session, keyID, repoID int64, name, fingerprint string) (*DeployKey, error) {
+	if err := checkDeployKey(e, keyID, repoID, name); err != nil {
+		return nil, err
 	}

-	_, err = e.Insert(&DeployKey{
+	key := &DeployKey{
 		KeyID:       keyID,
 		RepoID:      repoID,
 		Name:        name,
 		Fingerprint: fingerprint,
-	})
-	return err
+	}
+	_, err := e.Insert(key)
+	return key, err
 }

 // HasDeployKey returns true if public key is a deploy key of given repository.
@@ -595,39 +565,52 @@ func HasDeployKey(keyID, repoID int64) bool {
 }

 // AddDeployKey add new deploy key to database and authorized_keys file.
-func AddDeployKey(repoID int64, name, content string) (err error) {
-	if err = checkKeyContent(content); err != nil {
-		return err
+func AddDeployKey(repoID int64, name, content string) (*DeployKey, error) {
+	if err := checkKeyContent(content); err != nil {
+		return nil, err
 	}

-	key := &PublicKey{
+	pkey := &PublicKey{
 		Content: content,
 		Mode:    ACCESS_MODE_READ,
 		Type:    KEY_TYPE_DEPLOY,
 	}
-	has, err := x.Get(key)
+	has, err := x.Get(pkey)
 	if err != nil {
-		return err
+		return nil, err
 	}

 	sess := x.NewSession()
 	defer sessionRelease(sess)
 	if err = sess.Begin(); err != nil {
-		return err
+		return nil, err
 	}

 	// First time use this deploy key.
 	if !has {
-		if err = addKey(sess, key); err != nil {
-			return nil
+		if err = addKey(sess, pkey); err != nil {
+			return nil, fmt.Errorf("addKey: %v", err)
 		}
 	}

-	if err = addDeployKey(sess, key.ID, repoID, name, key.Fingerprint); err != nil {
-		return err
+	key, err := addDeployKey(sess, pkey.ID, repoID, name, pkey.Fingerprint)
+	if err != nil {
+		return nil, fmt.Errorf("addDeployKey: %v", err)
 	}

-	return sess.Commit()
+	return key, sess.Commit()
+}
+
+// GetDeployKeyByID returns deploy key by given ID.
+func GetDeployKeyByID(id int64) (*DeployKey, error) {
+	key := new(DeployKey)
+	has, err := x.Id(id).Get(key)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrDeployKeyNotExist{id, 0, 0}
+	}
+	return key, nil
 }

 // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.
@@ -636,8 +619,13 @@ func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
 		KeyID:  keyID,
 		RepoID: repoID,
 	}
-	_, err := x.Get(key)
-	return key, err
+	has, err := x.Get(key)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrDeployKeyNotExist{0, keyID, repoID}
+	}
+	return key, nil
 }

 // UpdateDeployKey updates deploy key information.
@@ -647,13 +635,27 @@ func UpdateDeployKey(key *DeployKey) error {
 }

 // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
-func DeleteDeployKey(id int64) error {
-	key := &DeployKey{ID: id}
-	has, err := x.Id(key.ID).Get(key)
+func DeleteDeployKey(doer *User, id int64) error {
+	key, err := GetDeployKeyByID(id)
 	if err != nil {
-		return err
-	} else if !has {
-		return nil
+		if IsErrDeployKeyNotExist(err) {
+			return nil
+		}
+		return fmt.Errorf("GetDeployKeyByID: %v", err)
+	}
+
+	// Check if user has access to delete this key.
+	if !doer.IsAdmin {
+		repo, err := GetRepositoryByID(key.RepoID)
+		if err != nil {
+			return fmt.Errorf("GetRepositoryByID: %v", err)
+		}
+		yes, err := HasAccess(doer, repo, ACCESS_MODE_ADMIN)
+		if err != nil {
+			return fmt.Errorf("HasAccess: %v", err)
+		} else if !yes {
+			return ErrKeyAccessDenied{doer.Id, key.ID, "deploy"}
+		}
 	}

 	sess := x.NewSession()
@@ -667,7 +669,7 @@ func DeleteDeployKey(id int64) error {
 	}

 	// Check if this is the last reference to same key content.
-	has, err = sess.Where("key_id=?", key.KeyID).Get(new(DeployKey))
+	has, err := sess.Where("key_id=?", key.KeyID).Get(new(DeployKey))
 	if err != nil {
 		return err
 	} else if !has {
--- a/models/token.go
+++ b/models/token.go
@@ -7,8 +7,9 @@ package models
 import (
 	"time"

+	gouuid "github.com/satori/go.uuid"
+
 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/uuid"
 )

 // AccessToken represents a personal access token.
@@ -25,7 +26,7 @@ type AccessToken struct {

 // NewAccessToken creates new access token.
 func NewAccessToken(t *AccessToken) error {
-	t.Sha1 = base.EncodeSha1(uuid.NewV4().String())
+	t.Sha1 = base.EncodeSha1(gouuid.NewV4().String())
 	_, err := x.Insert(t)
 	return err
 }
@@ -57,8 +58,8 @@ func ListAccessTokens(uid int64) ([]*AccessToken, error) {
 	return tokens, nil
 }

-// UpdateAccessToekn updates information of access token.
-func UpdateAccessToekn(t *AccessToken) error {
+// UpdateAccessToken updates information of access token.
+func UpdateAccessToken(t *AccessToken) error {
 	_, err := x.Id(t.ID).AllCols().Update(t)
 	return err
 }
--- a/models/update.go
+++ b/models/update.go
@@ -10,17 +10,17 @@ import (
 	"os/exec"
 	"strings"

-	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
+	git "github.com/gogits/git-module"
+
 	"github.com/gogits/gogs/modules/log"
 )

 type UpdateTask struct {
-	Id          int64
-	Uuid        string `xorm:"index"`
+	ID          int64  `xorm:"pk autoincr"`
+	UUID        string `xorm:"index"`
 	RefName     string
-	OldCommitId string
-	NewCommitId string
+	OldCommitID string
+	NewCommitID string
 }

 func AddUpdateTask(task *UpdateTask) error {
@@ -28,110 +28,27 @@ func AddUpdateTask(task *UpdateTask) error {
 	return err
 }

-func GetUpdateTasksByUuid(uuid string) ([]*UpdateTask, error) {
+// GetUpdateTaskByUUID returns update task by given UUID.
+func GetUpdateTaskByUUID(uuid string) (*UpdateTask, error) {
 	task := &UpdateTask{
-		Uuid: uuid,
+		UUID: uuid,
 	}
-	tasks := make([]*UpdateTask, 0)
-	err := x.Find(&tasks, task)
+	has, err := x.Get(task)
 	if err != nil {
 		return nil, err
+	} else if !has {
+		return nil, ErrUpdateTaskNotExist{uuid}
 	}
-	return tasks, nil
+	return task, nil
 }

-func DelUpdateTasksByUuid(uuid string) error {
-	_, err := x.Delete(&UpdateTask{Uuid: uuid})
+func DeleteUpdateTaskByUUID(uuid string) error {
+	_, err := x.Delete(&UpdateTask{UUID: uuid})
 	return err
 }

-func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName string, userId int64) error {
-	isNew := strings.HasPrefix(oldCommitId, "0000000")
-	if isNew &&
-		strings.HasPrefix(newCommitId, "0000000") {
-		return fmt.Errorf("old rev and new rev both 000000")
-	}
-
-	f := RepoPath(repoUserName, repoName)
-
-	gitUpdate := exec.Command("git", "update-server-info")
-	gitUpdate.Dir = f
-	gitUpdate.Run()
-
-	isDel := strings.HasPrefix(newCommitId, "0000000")
-	if isDel {
-		log.GitLogger.Info("del rev", refName, "from", userName+"/"+repoName+".git", "by", userId)
-		return nil
-	}
-
-	repo, err := git.OpenRepository(f)
-	if err != nil {
-		return fmt.Errorf("runUpdate.Open repoId: %v", err)
-	}
-
-	ru, err := GetUserByName(repoUserName)
-	if err != nil {
-		return fmt.Errorf("runUpdate.GetUserByName: %v", err)
-	}
-
-	repos, err := GetRepositoryByName(ru.Id, repoName)
-	if err != nil {
-		return fmt.Errorf("runUpdate.GetRepositoryByName userId: %v", err)
-	}
-
-	// Push tags.
-	if strings.HasPrefix(refName, "refs/tags/") {
-		tagName := git.RefEndName(refName)
-		tag, err := repo.GetTag(tagName)
-		if err != nil {
-			log.GitLogger.Fatal(4, "runUpdate.GetTag: %v", err)
-		}
-
-		var actEmail string
-		if tag.Tagger != nil {
-			actEmail = tag.Tagger.Email
-		} else {
-			cmt, err := tag.Commit()
-			if err != nil {
-				log.GitLogger.Fatal(4, "runUpdate.GetTag Commit: %v", err)
-			}
-			actEmail = cmt.Committer.Email
-		}
-
-		commit := &base.PushCommits{}
-
-		if err = CommitRepoAction(userId, ru.Id, userName, actEmail,
-			repos.ID, repoUserName, repoName, refName, commit, oldCommitId, newCommitId); err != nil {
-			log.GitLogger.Fatal(4, "CommitRepoAction: %s/%s:%v", repoUserName, repoName, err)
-		}
-		return err
-	}
-
-	newCommit, err := repo.GetCommit(newCommitId)
-	if err != nil {
-		return fmt.Errorf("runUpdate GetCommit of newCommitId: %v", err)
-	}
-
-	// Push new branch.
-	var l *list.List
-	if isNew {
-		l, err = newCommit.CommitsBefore()
-		if err != nil {
-			return fmt.Errorf("Find CommitsBefore erro: %v", err)
-		}
-	} else {
-		l, err = newCommit.CommitsBeforeUntil(oldCommitId)
-		if err != nil {
-			return fmt.Errorf("Find CommitsBeforeUntil erro: %v", err)
-		}
-	}
-
-	if err != nil {
-		return fmt.Errorf("runUpdate.Commit repoId: %v", err)
-	}
-
-	// Push commits.
-	commits := make([]*base.PushCommit, 0)
+func ListToPushCommits(l *list.List) *PushCommits {
+	commits := make([]*PushCommit, 0)
 	var actEmail string
 	for e := l.Front(); e != nil; e = e.Next() {
 		commit := e.Value.(*git.Commit)
@@ -139,16 +56,113 @@ func Update(refName, oldCommitId, newCommitId, userName, repoUserName, repoName
 			actEmail = commit.Committer.Email
 		}
 		commits = append(commits,
-			&base.PushCommit{commit.Id.String(),
+			&PushCommit{commit.ID.String(),
 				commit.Message(),
 				commit.Author.Email,
 				commit.Author.Name,
 			})
 	}
+	return &PushCommits{l.Len(), commits, "", nil}
+}

-	if err = CommitRepoAction(userId, ru.Id, userName, actEmail,
-		repos.ID, repoUserName, repoName, refName, &base.PushCommits{l.Len(), commits, ""}, oldCommitId, newCommitId); err != nil {
-		return fmt.Errorf("runUpdate.models.CommitRepoAction: %s/%s:%v", repoUserName, repoName, err)
+type PushUpdateOptions struct {
+	RefName      string
+	OldCommitID  string
+	NewCommitID  string
+	PusherID     int64
+	PusherName   string
+	RepoUserName string
+	RepoName     string
+}
+
+// PushUpdate must be called for any push actions in order to
+// generates necessary push action history feeds.
+func PushUpdate(opts PushUpdateOptions) (err error) {
+	isNewRef := strings.HasPrefix(opts.OldCommitID, "0000000")
+	isDelRef := strings.HasPrefix(opts.NewCommitID, "0000000")
+	if isNewRef && isDelRef {
+		return fmt.Errorf("Old and new revisions both start with 000000")
+	}
+
+	repoPath := RepoPath(opts.RepoUserName, opts.RepoName)
+
+	gitUpdate := exec.Command("git", "update-server-info")
+	gitUpdate.Dir = repoPath
+	if err = gitUpdate.Run(); err != nil {
+		return fmt.Errorf("Fail to call 'git update-server-info': %v", err)
+	}
+
+	if isDelRef {
+		log.GitLogger.Info("Reference '%s' has been deleted from '%s/%s' by %d",
+			opts.RefName, opts.RepoUserName, opts.RepoName, opts.PusherName)
+		return nil
+	}
+
+	gitRepo, err := git.OpenRepository(repoPath)
+	if err != nil {
+		return fmt.Errorf("OpenRepository: %v", err)
+	}
+
+	repoUser, err := GetUserByName(opts.RepoUserName)
+	if err != nil {
+		return fmt.Errorf("GetUserByName: %v", err)
+	}
+
+	repo, err := GetRepositoryByName(repoUser.Id, opts.RepoName)
+	if err != nil {
+		return fmt.Errorf("GetRepositoryByName: %v", err)
+	}
+
+	// Push tags.
+	if strings.HasPrefix(opts.RefName, "refs/tags/") {
+		tag, err := gitRepo.GetTag(git.RefEndName(opts.RefName))
+		if err != nil {
+			return fmt.Errorf("gitRepo.GetTag: %v", err)
+		}
+
+		// When tagger isn't available, fall back to get committer email.
+		var actEmail string
+		if tag.Tagger != nil {
+			actEmail = tag.Tagger.Email
+		} else {
+			cmt, err := tag.Commit()
+			if err != nil {
+				return fmt.Errorf("tag.Commit: %v", err)
+			}
+			actEmail = cmt.Committer.Email
+		}
+
+		commit := &PushCommits{}
+		if err = CommitRepoAction(opts.PusherID, repoUser.Id, opts.PusherName, actEmail,
+			repo.ID, opts.RepoUserName, opts.RepoName, opts.RefName, commit, opts.OldCommitID, opts.NewCommitID); err != nil {
+			return fmt.Errorf("CommitRepoAction (tag): %v", err)
+		}
+		return err
+	}
+
+	newCommit, err := gitRepo.GetCommit(opts.NewCommitID)
+	if err != nil {
+		return fmt.Errorf("gitRepo.GetCommit: %v", err)
+	}
+
+	// Push new branch.
+	var l *list.List
+	if isNewRef {
+		l, err = newCommit.CommitsBeforeLimit(10)
+		if err != nil {
+			return fmt.Errorf("newCommit.CommitsBeforeLimit: %v", err)
+		}
+	} else {
+		l, err = newCommit.CommitsBeforeUntil(opts.OldCommitID)
+		if err != nil {
+			return fmt.Errorf("newCommit.CommitsBeforeUntil: %v", err)
+		}
+	}
+
+	if err = CommitRepoAction(opts.PusherID, repoUser.Id, opts.PusherName, repoUser.Email,
+		repo.ID, opts.RepoUserName, opts.RepoName, opts.RefName, ListToPushCommits(l),
+		opts.OldCommitID, opts.NewCommitID); err != nil {
+		return fmt.Errorf("CommitRepoAction (branch): %v", err)
 	}
 	return nil
 }
--- a/models/user.go
+++ b/models/user.go
@@ -14,8 +14,8 @@ import (
 	"image"
 	"image/jpeg"
 	_ "image/jpeg"
+	"image/png"
 	"os"
-	"path"
 	"path/filepath"
 	"strings"
 	"time"
@@ -24,10 +24,12 @@ import (
 	"github.com/go-xorm/xorm"
 	"github.com/nfnt/resize"

+	"github.com/gogits/git-module"
+
 	"github.com/gogits/gogs/modules/avatar"
 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/git"
 	"github.com/gogits/gogs/modules/log"
+	"github.com/gogits/gogs/modules/markdown"
 	"github.com/gogits/gogs/modules/setting"
 )

@@ -54,7 +56,7 @@ type User struct {
 	LowerName string `xorm:"UNIQUE NOT NULL"`
 	Name      string `xorm:"UNIQUE NOT NULL"`
 	FullName  string
-	// Email is the primary email address (to be used for communication).
+	// Email is the primary email address (to be used for communication)
 	Email       string `xorm:"NOT NULL"`
 	Passwd      string `xorm:"NOT NULL"`
 	LoginType   LoginType
@@ -71,26 +73,29 @@ type User struct {
 	Created     time.Time `xorm:"CREATED"`
 	Updated     time.Time `xorm:"UPDATED"`

-	// Remember visibility choice for convenience.
+	// Remember visibility choice for convenience, true for private
 	LastRepoVisibility bool
+	// Maximum repository creation limit, -1 means use gloabl default
+	MaxRepoCreation int `xorm:"NOT NULL DEFAULT -1"`

-	// Permissions.
-	IsActive     bool
-	IsAdmin      bool
-	AllowGitHook bool
+	// Permissions
+	IsActive         bool
+	IsAdmin          bool
+	AllowGitHook     bool
+	AllowImportLocal bool // Allow migrate repository by local path

-	// Avatar.
+	// Avatar
 	Avatar          string `xorm:"VARCHAR(2048) NOT NULL"`
 	AvatarEmail     string `xorm:"NOT NULL"`
 	UseCustomAvatar bool

-	// Counters.
-	NumFollowers  int
-	NumFollowings int
-	NumStars      int
-	NumRepos      int
+	// Counters
+	NumFollowers int
+	NumFollowing int `xorm:"NOT NULL DEFAULT 0"`
+	NumStars     int
+	NumRepos     int

-	// For organization.
+	// For organization
 	Description string
 	NumTeams    int
 	NumMembers  int
@@ -98,15 +103,59 @@ type User struct {
 	Members     []*User `xorm:"-"`
 }

+func (u *User) BeforeUpdate() {
+	if u.MaxRepoCreation < -1 {
+		u.MaxRepoCreation = -1
+	}
+}
+
 func (u *User) AfterSet(colName string, _ xorm.Cell) {
 	switch colName {
 	case "full_name":
-		u.FullName = base.Sanitizer.Sanitize(u.FullName)
+		u.FullName = markdown.Sanitizer.Sanitize(u.FullName)
 	case "created":
 		u.Created = regulateTimeZone(u.Created)
 	}
 }

+// returns true if user login type is LOGIN_PLAIN.
+func (u *User) IsLocal() bool {
+	return u.LoginType <= LOGIN_PLAIN
+}
+
+// HasForkedRepo checks if user has already forked a repository with given ID.
+func (u *User) HasForkedRepo(repoID int64) bool {
+	_, has := HasForkedRepo(u.Id, repoID)
+	return has
+}
+
+func (u *User) RepoCreationNum() int {
+	if u.MaxRepoCreation <= -1 {
+		return setting.Repository.MaxCreationLimit
+	}
+	return u.MaxRepoCreation
+}
+
+func (u *User) CanCreateRepo() bool {
+	if u.MaxRepoCreation <= -1 {
+		if setting.Repository.MaxCreationLimit <= -1 {
+			return true
+		}
+		return u.NumRepos < setting.Repository.MaxCreationLimit
+	}
+	return u.NumRepos < u.MaxRepoCreation
+}
+
+// CanEditGitHook returns true if user can edit Git hooks.
+func (u *User) CanEditGitHook() bool {
+	return u.IsAdmin || u.AllowGitHook
+}
+
+// CanImportLocal returns true if user can migrate repository by local path.
+func (u *User) CanImportLocal() bool {
+	return u.IsAdmin || u.AllowImportLocal
+}
+
 // EmailAdresses is the list of all email addresses of a user. Can contain the
 // primary email address, but is not obligatory
 type EmailAddress struct {
@@ -127,9 +176,6 @@ func (u *User) DashboardLink() string {

 // HomeLink returns the user or organization home page link.
 func (u *User) HomeLink() string {
-	if u.IsOrganization() {
-		return setting.AppSubUrl + "/org/" + u.Name
-	}
 	return setting.AppSubUrl + "/" + u.Name
 }

@@ -165,7 +211,7 @@ func (u *User) GenerateRandomAvatar() error {
 	if err != nil {
 		return fmt.Errorf("RandomImage: %v", err)
 	}
-	if err = os.MkdirAll(path.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil {
+	if err = os.MkdirAll(filepath.Dir(u.CustomAvatarPath()), os.ModePerm); err != nil {
 		return fmt.Errorf("MkdirAll: %v", err)
 	}
 	fw, err := os.Create(u.CustomAvatarPath())
@@ -202,8 +248,6 @@ func (u *User) RelAvatarLink() string {
 		}

 		return "/avatars/" + com.ToStr(u.Id)
-	case setting.Service.EnableCacheAvatar:
-		return "/avatar/" + u.Avatar
 	}
 	return setting.GravatarSource + u.Avatar
 }
@@ -217,6 +261,34 @@ func (u *User) AvatarLink() string {
 	return link
 }

+// User.GetFollwoers returns range of user's followers.
+func (u *User) GetFollowers(page int) ([]*User, error) {
+	users := make([]*User, 0, ItemsPerPage)
+	sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("follow.follow_id=?", u.Id)
+	if setting.UsePostgreSQL {
+		sess = sess.Join("LEFT", "follow", `"user".id=follow.user_id`)
+	} else {
+		sess = sess.Join("LEFT", "follow", "user.id=follow.user_id")
+	}
+	return users, sess.Find(&users)
+}
+
+func (u *User) IsFollowing(followID int64) bool {
+	return IsFollowing(u.Id, followID)
+}
+
+// GetFollowing returns range of user's following.
+func (u *User) GetFollowing(page int) ([]*User, error) {
+	users := make([]*User, 0, ItemsPerPage)
+	sess := x.Limit(ItemsPerPage, (page-1)*ItemsPerPage).Where("follow.user_id=?", u.Id)
+	if setting.UsePostgreSQL {
+		sess = sess.Join("LEFT", "follow", `"user".id=follow.follow_id`)
+	} else {
+		sess = sess.Join("LEFT", "follow", "user.id=follow.follow_id")
+	}
+	return users, sess.Find(&users)
+}
+
 // NewGitSig generates and returns the signature of given user.
 func (u *User) NewGitSig() *git.Signature {
 	return &git.Signature{
@@ -242,14 +314,12 @@ func (u *User) ValidatePassword(passwd string) bool {
 // UploadAvatar saves custom avatar for user.
 // FIXME: split uploads to different subdirs in case we have massive users.
 func (u *User) UploadAvatar(data []byte) error {
-	u.UseCustomAvatar = true
-
 	img, _, err := image.Decode(bytes.NewReader(data))
 	if err != nil {
-		return err
+		return fmt.Errorf("Decode: %v", err)
 	}

-	m := resize.Resize(234, 234, img, resize.NearestNeighbor)
+	m := resize.Resize(290, 290, img, resize.NearestNeighbor)

 	sess := x.NewSession()
 	defer sessionRelease(sess)
@@ -257,19 +327,20 @@ func (u *User) UploadAvatar(data []byte) error {
 		return err
 	}

-	if _, err = sess.Id(u.Id).AllCols().Update(u); err != nil {
-		return err
+	u.UseCustomAvatar = true
+	if err = updateUser(sess, u); err != nil {
+		return fmt.Errorf("updateUser: %v", err)
 	}

 	os.MkdirAll(setting.AvatarUploadPath, os.ModePerm)
 	fw, err := os.Create(u.CustomAvatarPath())
 	if err != nil {
-		return err
+		return fmt.Errorf("Create: %v", err)
 	}
 	defer fw.Close()

-	if err = jpeg.Encode(fw, m, nil); err != nil {
-		return err
+	if err = png.Encode(fw, m); err != nil {
+		return fmt.Errorf("Encode: %v", err)
 	}

 	return sess.Commit()
@@ -331,8 +402,8 @@ func (u *User) GetOwnedOrganizations() (err error) {
 }

 // GetOrganizations returns all organizations that user belongs to.
-func (u *User) GetOrganizations() error {
-	ous, err := GetOrgUsersByUserId(u.Id)
+func (u *User) GetOrganizations(all bool) error {
+	ous, err := GetOrgUsersByUserID(u.Id, all)
 	if err != nil {
 		return err
 	}
@@ -356,6 +427,10 @@ func (u *User) DisplayName() string {
 	return u.Name
 }

+func (u *User) ShortName(length int) string {
+	return base.EllipsisString(u.Name, length)
+}
+
 // IsUserExist checks if given user name exist,
 // the user name should be noncased unique.
 // If uid is presented, then check will rule out that one,
@@ -407,6 +482,7 @@ func CreateUser(u *User) (err error) {
 		return ErrUserAlreadyExist{u.Name}
 	}

+	u.Email = strings.ToLower(u.Email)
 	isExist, err = IsEmailUsed(u.Email)
 	if err != nil {
 		return err
@@ -416,10 +492,11 @@ func CreateUser(u *User) (err error) {

 	u.LowerName = strings.ToLower(u.Name)
 	u.AvatarEmail = u.Email
-	u.Avatar = avatar.HashEmail(u.AvatarEmail)
+	u.Avatar = base.HashEmail(u.AvatarEmail)
 	u.Rands = GetUserSalt()
 	u.Salt = GetUserSalt()
 	u.EncodePasswd()
+	u.MaxRepoCreation = -1

 	sess := x.NewSession()
 	defer sess.Close()
@@ -520,7 +597,20 @@ func ChangeUserName(u *User, newUserName string) (err error) {
 		return ErrUserAlreadyExist{newUserName}
 	}

-	return os.Rename(UserPath(u.LowerName), UserPath(newUserName))
+	if err = ChangeUsernameInPullRequests(u.Name, newUserName); err != nil {
+		return fmt.Errorf("ChangeUsernameInPullRequests: %v", err)
+	}
+
+	// Delete all local copies of repository wiki that user owns.
+	if err = x.Where("owner_id=?", u.Id).Iterate(new(Repository), func(idx int, bean interface{}) error {
+		repo := bean.(*Repository)
+		RemoveAllWithNotice("Delete repository wiki local copy", repo.LocalWikiPath())
+		return nil
+	}); err != nil {
+		return fmt.Errorf("Delete repository wiki local copy: %v", err)
+	}
+
+	return os.Rename(UserPath(u.Name), UserPath(newUserName))
 }

 func updateUser(e Engine, u *User) error {
@@ -537,7 +627,7 @@ func updateUser(e Engine, u *User) error {
 		if len(u.AvatarEmail) == 0 {
 			u.AvatarEmail = u.Email
 		}
-		u.Avatar = avatar.HashEmail(u.AvatarEmail)
+		u.Avatar = base.HashEmail(u.AvatarEmail)
 	}

 	u.LowerName = strings.ToLower(u.Name)
@@ -552,7 +642,7 @@ func updateUser(e Engine, u *User) error {
 		u.Description = u.Description[:255]
 	}

-	u.FullName = base.Sanitizer.Sanitize(u.FullName)
+	u.FullName = markdown.Sanitizer.Sanitize(u.FullName)
 	_, err := e.Id(u.Id).AllCols().Update(u)
 	return err
 }
@@ -640,7 +730,7 @@ func deleteUser(e *xorm.Session, u *User) error {
 		&IssueUser{UID: u.Id},
 		&EmailAddress{UID: u.Id},
 	); err != nil {
-		return fmt.Errorf("deleteUser: %v", err)
+		return fmt.Errorf("deleteBeans: %v", err)
 	}

 	// ***** START: PublicKey *****
@@ -717,9 +807,9 @@ func UserPath(userName string) string {
 	return filepath.Join(setting.RepoRootPath, strings.ToLower(userName))
 }

-func GetUserByKeyId(keyId int64) (*User, error) {
+func GetUserByKeyID(keyID int64) (*User, error) {
 	user := new(User)
-	has, err := x.Sql("SELECT a.* FROM `user` AS a, public_key AS b WHERE a.id = b.owner_id AND b.id=?", keyId).Get(user)
+	has, err := x.Sql("SELECT a.* FROM `user` AS a, public_key AS b WHERE a.id = b.owner_id AND b.id=?", keyID).Get(user)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -832,7 +922,7 @@ func GetEmailAddresses(uid int64) ([]*EmailAddress, error) {
 }

 func AddEmailAddress(email *EmailAddress) error {
-	email.Email = strings.ToLower(email.Email)
+	email.Email = strings.ToLower(strings.TrimSpace(email.Email))
 	used, err := IsEmailUsed(email.Email)
 	if err != nil {
 		return err
@@ -844,6 +934,29 @@ func AddEmailAddress(email *EmailAddress) error {
 	return err
 }

+func AddEmailAddresses(emails []*EmailAddress) error {
+	if len(emails) == 0 {
+		return nil
+	}
+
+	// Check if any of them has been used
+	for i := range emails {
+		emails[i].Email = strings.ToLower(strings.TrimSpace(emails[i].Email))
+		used, err := IsEmailUsed(emails[i].Email)
+		if err != nil {
+			return err
+		} else if used {
+			return ErrEmailAlreadyUsed{emails[i].Email}
+		}
+	}
+
+	if _, err := x.Insert(emails); err != nil {
+		return fmt.Errorf("Insert: %v", err)
+	}
+
+	return nil
+}
+
 func (email *EmailAddress) Activate() error {
 	email.IsActivated = true
 	if _, err := x.Id(email.ID).AllCols().Update(email); err != nil {
@@ -858,20 +971,23 @@ func (email *EmailAddress) Activate() error {
 	}
 }

-func DeleteEmailAddress(email *EmailAddress) error {
-	has, err := x.Get(email)
-	if err != nil {
-		return err
-	} else if !has {
-		return ErrEmailNotExist
+func DeleteEmailAddress(email *EmailAddress) (err error) {
+	if email.ID > 0 {
+		_, err = x.Id(email.ID).Delete(new(EmailAddress))
+	} else {
+		_, err = x.Where("email=?", email.Email).Delete(new(EmailAddress))
 	}
+	return err
+}

-	if _, err = x.Id(email.ID).Delete(email); err != nil {
-		return err
+func DeleteEmailAddresses(emails []*EmailAddress) (err error) {
+	for i := range emails {
+		if err = DeleteEmailAddress(emails[i]); err != nil {
+			return err
+		}
 	}

 	return nil
-
 }

 func MakeEmailPrimary(email *EmailAddress) error {
@@ -980,7 +1096,7 @@ func GetUserByEmail(email string) (*User, error) {
 		return GetUserByID(emailAddress.UID)
 	}

-	return nil, ErrUserNotExist{0, "email"}
+	return nil, ErrUserNotExist{0, email}
 }

 // SearchUserByName returns given number of users whose name contains keyword.
@@ -995,100 +1111,73 @@ func SearchUserByName(opt SearchOption) (us []*User, err error) {
 	return us, err
 }

-// Follow is connection request for receiving user notification.
+// ___________    .__  .__
+// \_   _____/___ |  | |  |   ______  _  __
+//  |    __)/  _ \|  | |  |  /  _ \ \/ \/ /
+//  |     \(  <_> )  |_|  |_(  <_> )     /
+//  \___  / \____/|____/____/\____/ \/\_/
+//      \/
+
+// Follow represents relations of user and his/her followers.
 type Follow struct {
 	ID       int64 `xorm:"pk autoincr"`
 	UserID   int64 `xorm:"UNIQUE(follow)"`
 	FollowID int64 `xorm:"UNIQUE(follow)"`
 }

+func IsFollowing(userID, followID int64) bool {
+	has, _ := x.Get(&Follow{UserID: userID, FollowID: followID})
+	return has
+}
+
 // FollowUser marks someone be another's follower.
-func FollowUser(userId int64, followId int64) (err error) {
+func FollowUser(userID, followID int64) (err error) {
+	if userID == followID || IsFollowing(userID, followID) {
+		return nil
+	}
+
 	sess := x.NewSession()
-	defer sess.Close()
-	sess.Begin()
-
-	if _, err = sess.Insert(&Follow{UserID: userId, FollowID: followId}); err != nil {
-		sess.Rollback()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
 		return err
 	}

-	rawSql := "UPDATE `user` SET num_followers = num_followers + 1 WHERE id = ?"
-	if _, err = sess.Exec(rawSql, followId); err != nil {
-		sess.Rollback()
+	if _, err = sess.Insert(&Follow{UserID: userID, FollowID: followID}); err != nil {
 		return err
 	}

-	rawSql = "UPDATE `user` SET num_followings = num_followings + 1 WHERE id = ?"
-	if _, err = sess.Exec(rawSql, userId); err != nil {
-		sess.Rollback()
+	if _, err = sess.Exec("UPDATE `user` SET num_followers = num_followers + 1 WHERE id = ?", followID); err != nil {
+		return err
+	}
+
+	if _, err = sess.Exec("UPDATE `user` SET num_following = num_following + 1 WHERE id = ?", userID); err != nil {
 		return err
 	}
 	return sess.Commit()
 }

-// UnFollowUser unmarks someone be another's follower.
-func UnFollowUser(userId int64, unFollowId int64) (err error) {
-	session := x.NewSession()
-	defer session.Close()
-	session.Begin()
+// UnfollowUser unmarks someone be another's follower.
+func UnfollowUser(userID, followID int64) (err error) {
+	if userID == followID || !IsFollowing(userID, followID) {
+		return nil
+	}

-	if _, err = session.Delete(&Follow{UserID: userId, FollowID: unFollowId}); err != nil {
-		session.Rollback()
+	sess := x.NewSession()
+	defer sessionRelease(sess)
+	if err = sess.Begin(); err != nil {
 		return err
 	}

-	rawSql := "UPDATE `user` SET num_followers = num_followers - 1 WHERE id = ?"
-	if _, err = session.Exec(rawSql, unFollowId); err != nil {
-		session.Rollback()
+	if _, err = sess.Delete(&Follow{UserID: userID, FollowID: followID}); err != nil {
 		return err
 	}

-	rawSql = "UPDATE `user` SET num_followings = num_followings - 1 WHERE id = ?"
-	if _, err = session.Exec(rawSql, userId); err != nil {
-		session.Rollback()
+	if _, err = sess.Exec("UPDATE `user` SET num_followers = num_followers - 1 WHERE id = ?", followID); err != nil {
 		return err
 	}
-	return session.Commit()
-}
-
-func UpdateMentions(userNames []string, issueId int64) error {
-	for i := range userNames {
-		userNames[i] = strings.ToLower(userNames[i])
-	}
-	users := make([]*User, 0, len(userNames))
-
-	if err := x.Where("lower_name IN (?)", strings.Join(userNames, "\",\"")).OrderBy("lower_name ASC").Find(&users); err != nil {
-		return err
-	}
-
-	ids := make([]int64, 0, len(userNames))
-	for _, user := range users {
-		ids = append(ids, user.Id)
-		if !user.IsOrganization() {
-			continue
-		}
-
-		if user.NumMembers == 0 {
-			continue
-		}
-
-		tempIds := make([]int64, 0, user.NumMembers)
-		orgUsers, err := GetOrgUsersByOrgId(user.Id)
-		if err != nil {
-			return err
-		}
-
-		for _, orgUser := range orgUsers {
-			tempIds = append(tempIds, orgUser.ID)
-		}
-
-		ids = append(ids, tempIds...)
-	}
-
-	if err := UpdateIssueUsersByMentions(ids, issueId); err != nil {
-		return err
-	}
-
-	return nil
+
+	if _, err = sess.Exec("UPDATE `user` SET num_following = num_following - 1 WHERE id = ?", userID); err != nil {
+		return err
+	}
+	return sess.Commit()
 }
--- a/models/webhook.go
+++ b/models/webhook.go
@@ -13,14 +13,15 @@ import (
 	"sync"
 	"time"

+	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
+	gouuid "github.com/satori/go.uuid"

 	api "github.com/gogits/go-gogs-client"

 	"github.com/gogits/gogs/modules/httplib"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
-	"github.com/gogits/gogs/modules/uuid"
 )

 type HookContentType int
@@ -177,8 +178,8 @@ func GetActiveWebhooksByRepoID(repoID int64) (ws []*Webhook, err error) {
 	return ws, err
 }

-// GetWebhooksByRepoId returns all webhooks of repository.
-func GetWebhooksByRepoId(repoID int64) (ws []*Webhook, err error) {
+// GetWebhooksByRepoID returns all webhooks of repository.
+func GetWebhooksByRepoID(repoID int64) (ws []*Webhook, err error) {
 	err = x.Find(&ws, &Webhook{RepoID: repoID})
 	return ws, err
 }
@@ -284,7 +285,7 @@ type HookTask struct {
 	HookID          int64
 	UUID            string
 	Type            HookTaskType
-	URL             string
+	URL             string `xorm:"TEXT"`
 	api.Payloader   `xorm:"-"`
 	PayloadContent  string `xorm:"TEXT"`
 	ContentType     HookContentType
@@ -334,7 +335,7 @@ func (t *HookTask) AfterSet(colName string, _ xorm.Cell) {

 		t.ResponseInfo = &HookResponse{}
 		if err = json.Unmarshal([]byte(t.ResponseContent), t.ResponseInfo); err != nil {
-			log.Error(3, "Unmarshal[%d]: %v", t.ID, err)
+			log.Error(3, "Unmarshal [%d]: %v", t.ID, err)
 		}
 	}
 }
@@ -342,7 +343,7 @@ func (t *HookTask) AfterSet(colName string, _ xorm.Cell) {
 func (t *HookTask) MarshalJSON(v interface{}) string {
 	p, err := json.Marshal(v)
 	if err != nil {
-		log.Error(3, "Marshal[%d]: %v", t.ID, err)
+		log.Error(3, "Marshal [%d]: %v", t.ID, err)
 	}
 	return string(p)
 }
@@ -360,7 +361,7 @@ func CreateHookTask(t *HookTask) error {
 	if err != nil {
 		return err
 	}
-	t.UUID = uuid.NewV4().String()
+	t.UUID = gouuid.NewV4().String()
 	t.PayloadContent = string(data)
 	_, err = x.Insert(t)
 	return err
@@ -397,6 +398,7 @@ func PrepareWebhooks(repo *Repository, event HookEventType, p api.Payloader) err
 		return nil
 	}

+	var payloader api.Payloader
 	for _, w := range ws {
 		switch event {
 		case HOOK_EVENT_CREATE:
@@ -409,14 +411,16 @@ func PrepareWebhooks(repo *Repository, event HookEventType, p api.Payloader) err
 			}
 		}

+		// Use separate objects so modifcations won't be made on payload on non-Gogs type hooks.
 		switch w.HookTaskType {
 		case SLACK:
-			p, err = GetSlackPayload(p, event, w.Meta)
+			payloader, err = GetSlackPayload(p, event, w.Meta)
 			if err != nil {
 				return fmt.Errorf("GetSlackPayload: %v", err)
 			}
 		default:
 			p.SetSecret(w.Secret)
+			payloader = p
 		}

 		if err = CreateHookTask(&HookTask{
@@ -424,7 +428,7 @@ func PrepareWebhooks(repo *Repository, event HookEventType, p api.Payloader) err
 			HookID:      w.ID,
 			Type:        w.HookTaskType,
 			URL:         w.URL,
-			Payloader:   p,
+			Payloader:   payloader,
 			ContentType: w.ContentType,
 			EventType:   HOOK_EVENT_PUSH,
 			IsSSL:       w.IsSSL,
@@ -435,39 +439,65 @@ func PrepareWebhooks(repo *Repository, event HookEventType, p api.Payloader) err
 	return nil
 }

-type hookQueue struct {
-	// Make sure one repository only occur once in the queue.
-	lock    sync.Mutex
-	repoIDs map[int64]bool
+// UniqueQueue represents a queue that guarantees only one instance of same ID is in the line.
+type UniqueQueue struct {
+	lock sync.Mutex
+	ids  map[string]bool

-	queue chan int64
+	queue chan string
 }

-func (q *hookQueue) removeRepoID(id int64) {
+func (q *UniqueQueue) Queue() <-chan string {
+	return q.queue
+}
+
+func NewUniqueQueue(queueLength int) *UniqueQueue {
+	if queueLength <= 0 {
+		queueLength = 100
+	}
+
+	return &UniqueQueue{
+		ids:   make(map[string]bool),
+		queue: make(chan string, queueLength),
+	}
+}
+
+func (q *UniqueQueue) Remove(id interface{}) {
 	q.lock.Lock()
 	defer q.lock.Unlock()
-	delete(q.repoIDs, id)
+	delete(q.ids, com.ToStr(id))
 }

-func (q *hookQueue) addRepoID(id int64) {
-	q.lock.Lock()
-	if q.repoIDs[id] {
-		q.lock.Unlock()
+func (q *UniqueQueue) AddFunc(id interface{}, fn func()) {
+	newid := com.ToStr(id)
+
+	if q.Exist(id) {
 		return
 	}
-	q.repoIDs[id] = true
+
+	q.lock.Lock()
+	q.ids[newid] = true
+	if fn != nil {
+		fn()
+	}
 	q.lock.Unlock()
-	q.queue <- id
+	q.queue <- newid
 }

-// AddRepoID adds repository ID to hook delivery queue.
-func (q *hookQueue) AddRepoID(id int64) {
-	go q.addRepoID(id)
+func (q *UniqueQueue) Add(id interface{}) {
+	q.AddFunc(id, nil)
 }

-var HookQueue *hookQueue
+func (q *UniqueQueue) Exist(id interface{}) bool {
+	q.lock.Lock()
+	defer q.lock.Unlock()

-func deliverHook(t *HookTask) {
+	return q.ids[com.ToStr(id)]
+}
+
+var HookQueue = NewUniqueQueue(setting.Webhook.QueueLength)
+
+func (t *HookTask) deliver() {
 	t.IsDelivered = true

 	timeout := time.Duration(setting.Webhook.DeliverTimeout) * time.Second
@@ -499,6 +529,8 @@ func deliverHook(t *HookTask) {
 		t.Delivered = time.Now().UTC().UnixNano()
 		if t.IsSucceed {
 			log.Trace("Hook delivered: %s", t.UUID)
+		} else {
+			log.Trace("Hook delivery failed: %s", t.UUID)
 		}

 		// Update webhook last delivery status.
@@ -549,12 +581,13 @@ func deliverHook(t *HookTask) {
 }

 // DeliverHooks checks and delivers undelivered hooks.
+// TODO: shoot more hooks at same time.
 func DeliverHooks() {
 	tasks := make([]*HookTask, 0, 10)
 	x.Where("is_delivered=?", false).Iterate(new(HookTask),
 		func(idx int, bean interface{}) error {
 			t := bean.(*HookTask)
-			deliverHook(t)
+			t.deliver()
 			tasks = append(tasks, t)
 			return nil
 		})
@@ -562,29 +595,25 @@ func DeliverHooks() {
 	// Update hook task status.
 	for _, t := range tasks {
 		if err := UpdateHookTask(t); err != nil {
-			log.Error(4, "UpdateHookTask(%d): %v", t.ID, err)
+			log.Error(4, "UpdateHookTask [%d]: %v", t.ID, err)
 		}
 	}

-	HookQueue = &hookQueue{
-		lock:    sync.Mutex{},
-		repoIDs: make(map[int64]bool),
-		queue:   make(chan int64, setting.Webhook.QueueLength),
-	}
-
 	// Start listening on new hook requests.
-	for repoID := range HookQueue.queue {
-		HookQueue.removeRepoID(repoID)
+	for repoID := range HookQueue.Queue() {
+		log.Trace("DeliverHooks [%v]: processing delivery hooks", repoID)
+		HookQueue.Remove(repoID)

 		tasks = make([]*HookTask, 0, 5)
 		if err := x.Where("repo_id=? AND is_delivered=?", repoID, false).Find(&tasks); err != nil {
-			log.Error(4, "Get repository(%d) hook tasks: %v", repoID, err)
+			log.Error(4, "Get repository [%d] hook tasks: %v", repoID, err)
 			continue
 		}
 		for _, t := range tasks {
-			deliverHook(t)
+			t.deliver()
 			if err := UpdateHookTask(t); err != nil {
-				log.Error(4, "UpdateHookTask(%d): %v", t.ID, err)
+				log.Error(4, "UpdateHookTask [%d]: %v", t.ID, err)
+				continue
 			}
 		}
 	}
--- a/models/webhook_slack.go
+++ b/models/webhook_slack.go
@@ -10,9 +10,8 @@ import (
 	"fmt"
 	"strings"

+	"github.com/gogits/git-module"
 	api "github.com/gogits/go-gogs-client"
-
-	"github.com/gogits/gogs/modules/git"
 )

 type SlackMeta struct {
@@ -33,8 +32,9 @@ type SlackPayload struct {
 }

 type SlackAttachment struct {
-	Color string `json:"color"`
-	Text  string `json:"text"`
+	Fallback string `json:"fallback"`
+	Color    string `json:"color"`
+	Text     string `json:"text"`
 }

 func (p *SlackPayload) SetSecret(_ string) {}
@@ -82,19 +82,19 @@ func getSlackPushPayload(p *api.PushPayload, slack *SlackMeta) (*SlackPayload, e
 	// n new commits
 	var (
 		branchName   = git.RefEndName(p.Ref)
+		commitDesc   string
 		commitString string
 	)

 	if len(p.Commits) == 1 {
-		commitString = "1 new commit"
-		if len(p.CompareUrl) > 0 {
-			commitString = SlackLinkFormatter(p.CompareUrl, commitString)
-		}
+		commitDesc = "1 new commit"
 	} else {
-		commitString = fmt.Sprintf("%d new commits", len(p.Commits))
-		if p.CompareUrl != "" {
-			commitString = SlackLinkFormatter(p.CompareUrl, commitString)
-		}
+		commitDesc = fmt.Sprintf("%d new commits", len(p.Commits))
+	}
+	if len(p.CompareUrl) > 0 {
+		commitString = SlackLinkFormatter(p.CompareUrl, commitDesc)
+	} else {
+		commitString = commitDesc
 	}

 	repoLink := SlackLinkFormatter(p.Repo.URL, p.Repo.Name)
@@ -111,7 +111,10 @@ func getSlackPushPayload(p *api.PushPayload, slack *SlackMeta) (*SlackPayload, e
 		}
 	}

-	slackAttachments := []SlackAttachment{{Color: slack.Color, Text: attachmentText}}
+	slackAttachments := []SlackAttachment{{
+		Color: slack.Color,
+		Text:  attachmentText,
+	}}

 	return &SlackPayload{
 		Channel:     slack.Channel,
--- a/models/wiki.go
+++ b/models/wiki.go
@@ -0,0 +1,180 @@
+// Copyright 2015 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"sync"
+	"net/url"
+
+	"github.com/Unknwon/com"
+
+	"github.com/gogits/git-module"
+
+	"github.com/gogits/gogs/modules/setting"
+)
+
+// workingPool represents a pool of working status which makes sure
+// that only one instance of same task is performing at a time.
+// However, different type of tasks can performing at the same time.
+type workingPool struct {
+	lock  sync.Mutex
+	pool  map[string]*sync.Mutex
+	count map[string]int
+}
+
+// CheckIn checks in a task and waits if others are running.
+func (p *workingPool) CheckIn(name string) {
+	p.lock.Lock()
+
+	lock, has := p.pool[name]
+	if !has {
+		lock = &sync.Mutex{}
+		p.pool[name] = lock
+	}
+	p.count[name]++
+
+	p.lock.Unlock()
+	lock.Lock()
+}
+
+// CheckOut checks out a task to let other tasks run.
+func (p *workingPool) CheckOut(name string) {
+	p.lock.Lock()
+	defer p.lock.Unlock()
+
+	p.pool[name].Unlock()
+	if p.count[name] == 1 {
+		delete(p.pool, name)
+		delete(p.count, name)
+	} else {
+		p.count[name]--
+	}
+}
+
+var wikiWorkingPool = &workingPool{
+	pool:  make(map[string]*sync.Mutex),
+	count: make(map[string]int),
+}
+
+// ToWikiPageURL formats a string to corresponding wiki URL name.
+func ToWikiPageURL(name string) string {
+	return url.QueryEscape(strings.Replace(name, " ", "-", -1))
+}
+
+// ToWikiPageName formats a URL back to corresponding wiki page name.
+func ToWikiPageName(urlString string) string {
+	name, _ := url.QueryUnescape(strings.Replace(urlString, "-", " ", -1))
+	return name
+}
+
+// WikiCloneLink returns clone URLs of repository wiki.
+func (repo *Repository) WikiCloneLink() (cl *CloneLink) {
+	return repo.cloneLink(true)
+}
+
+// WikiPath returns wiki data path by given user and repository name.
+func WikiPath(userName, repoName string) string {
+	return filepath.Join(UserPath(userName), strings.ToLower(repoName)+".wiki.git")
+}
+
+func (repo *Repository) WikiPath() string {
+	return WikiPath(repo.MustOwner().Name, repo.Name)
+}
+
+// HasWiki returns true if repository has wiki.
+func (repo *Repository) HasWiki() bool {
+	return com.IsDir(repo.WikiPath())
+}
+
+// InitWiki initializes a wiki for repository,
+// it does nothing when repository already has wiki.
+func (repo *Repository) InitWiki() error {
+	if repo.HasWiki() {
+		return nil
+	}
+
+	if err := git.InitRepository(repo.WikiPath(), true); err != nil {
+		return fmt.Errorf("InitRepository: %v", err)
+	}
+	return nil
+}
+
+func (repo *Repository) LocalWikiPath() string {
+	return path.Join(setting.AppDataPath, "tmp/local-wiki", com.ToStr(repo.ID))
+}
+
+// UpdateLocalWiki makes sure the local copy of repository wiki is up-to-date.
+func (repo *Repository) UpdateLocalWiki() error {
+	return updateLocalCopy(repo.WikiPath(), repo.LocalWikiPath())
+}
+
+// updateWikiPage adds new page to repository wiki.
+func (repo *Repository) updateWikiPage(doer *User, oldTitle, title, content, message string, isNew bool) (err error) {
+	wikiWorkingPool.CheckIn(com.ToStr(repo.ID))
+	defer wikiWorkingPool.CheckOut(com.ToStr(repo.ID))
+
+	if err = repo.InitWiki(); err != nil {
+		return fmt.Errorf("InitWiki: %v", err)
+	}
+
+	localPath := repo.LocalWikiPath()
+
+	// Discard local commits make sure even to remote when local copy exists.
+	if com.IsExist(localPath) {
+		// No need to check if nothing in the repository.
+		if git.IsBranchExist(localPath, "master") {
+			if err = git.ResetHEAD(localPath, true, "origin/master"); err != nil {
+				return fmt.Errorf("Reset: %v", err)
+			}
+		}
+	}
+
+	if err = repo.UpdateLocalWiki(); err != nil {
+		return fmt.Errorf("UpdateLocalWiki: %v", err)
+	}
+
+	title = ToWikiPageName(strings.Replace(title, "/", " ", -1))
+	filename := path.Join(localPath, title+".md")
+
+	// If not a new file, show perform update not create.
+	if isNew {
+		if com.IsExist(filename) {
+			return ErrWikiAlreadyExist{filename}
+		}
+	} else {
+		os.Remove(path.Join(localPath, oldTitle+".md"))
+	}
+
+	if err = ioutil.WriteFile(filename, []byte(content), 0666); err != nil {
+		return fmt.Errorf("WriteFile: %v", err)
+	}
+
+	if len(message) == 0 {
+		message = "Update page '" + title + "'"
+	}
+	if err = git.AddChanges(localPath, true); err != nil {
+		return fmt.Errorf("AddChanges: %v", err)
+	} else if err = git.CommitChanges(localPath, message, doer.NewGitSig()); err != nil {
+		return fmt.Errorf("CommitChanges: %v", err)
+	} else if err = git.Push(localPath, "origin", "master"); err != nil {
+		return fmt.Errorf("Push: %v", err)
+	}
+
+	return nil
+}
+
+func (repo *Repository) AddWikiPage(doer *User, title, content, message string) error {
+	return repo.updateWikiPage(doer, "", title, content, message, true)
+}
+
+func (repo *Repository) EditWikiPage(doer *User, oldTitle, title, content, message string) error {
+	return repo.updateWikiPage(doer, oldTitle, title, content, message, false)
+}
--- a/modules/asn1-ber/LICENSE
+++ b/modules/asn1-ber/LICENSE
@@ -1,27 +0,0 @@
-Copyright (c) 2012 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/modules/asn1-ber/Makefile
+++ b/modules/asn1-ber/Makefile
@@ -1,11 +0,0 @@
-# Copyright 2009 The Go Authors. All rights reserved.
-# Use of this source code is governed by a BSD-style
-# license that can be found in the LICENSE file.
-
-include $(GOROOT)/src/Make.inc
-
-TARG=github.com/mmitton/asn1-ber
-GOFILES=\
-	ber.go\
-
-include $(GOROOT)/src/Make.pkg
--- a/modules/asn1-ber/README
+++ b/modules/asn1-ber/README
@@ -1,14 +0,0 @@
-ASN1 BER Encoding / Decoding Library for the GO programming language.
-
-Required Librarys: 
-   None
-
-Working:
-   Very basic encoding / decoding needed for LDAP protocol
-
-Tests Implemented:
-   None
-
-TODO:
-   Fix all encoding / decoding to conform to ASN1 BER spec
-   Implement Tests / Benchmarks
--- a/modules/asn1-ber/ber.go
+++ b/modules/asn1-ber/ber.go
@@ -1,497 +0,0 @@
-package ber
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"reflect"
-	"errors"
-)
-
-type Packet struct {
-	ClassType   uint8
-	TagType     uint8
-	Tag         uint8
-	Value       interface{}
-	ByteValue   []byte
-	Data        *bytes.Buffer
-	Children    []*Packet
-	Description string
-}
-
-const (
-	TagEOC              = 0x00
-	TagBoolean          = 0x01
-	TagInteger          = 0x02
-	TagBitString        = 0x03
-	TagOctetString      = 0x04
-	TagNULL             = 0x05
-	TagObjectIdentifier = 0x06
-	TagObjectDescriptor = 0x07
-	TagExternal         = 0x08
-	TagRealFloat        = 0x09
-	TagEnumerated       = 0x0a
-	TagEmbeddedPDV      = 0x0b
-	TagUTF8String       = 0x0c
-	TagRelativeOID      = 0x0d
-	TagSequence         = 0x10
-	TagSet              = 0x11
-	TagNumericString    = 0x12
-	TagPrintableString  = 0x13
-	TagT61String        = 0x14
-	TagVideotexString   = 0x15
-	TagIA5String        = 0x16
-	TagUTCTime          = 0x17
-	TagGeneralizedTime  = 0x18
-	TagGraphicString    = 0x19
-	TagVisibleString    = 0x1a
-	TagGeneralString    = 0x1b
-	TagUniversalString  = 0x1c
-	TagCharacterString  = 0x1d
-	TagBMPString        = 0x1e
-	TagBitmask          = 0x1f // xxx11111b
-)
-
-var TagMap = map[uint8]string{
-	TagEOC:              "EOC (End-of-Content)",
-	TagBoolean:          "Boolean",
-	TagInteger:          "Integer",
-	TagBitString:        "Bit String",
-	TagOctetString:      "Octet String",
-	TagNULL:             "NULL",
-	TagObjectIdentifier: "Object Identifier",
-	TagObjectDescriptor: "Object Descriptor",
-	TagExternal:         "External",
-	TagRealFloat:        "Real (float)",
-	TagEnumerated:       "Enumerated",
-	TagEmbeddedPDV:      "Embedded PDV",
-	TagUTF8String:       "UTF8 String",
-	TagRelativeOID:      "Relative-OID",
-	TagSequence:         "Sequence and Sequence of",
-	TagSet:              "Set and Set OF",
-	TagNumericString:    "Numeric String",
-	TagPrintableString:  "Printable String",
-	TagT61String:        "T61 String",
-	TagVideotexString:   "Videotex String",
-	TagIA5String:        "IA5 String",
-	TagUTCTime:          "UTC Time",
-	TagGeneralizedTime:  "Generalized Time",
-	TagGraphicString:    "Graphic String",
-	TagVisibleString:    "Visible String",
-	TagGeneralString:    "General String",
-	TagUniversalString:  "Universal String",
-	TagCharacterString:  "Character String",
-	TagBMPString:        "BMP String",
-}
-
-const (
-	ClassUniversal   = 0   // 00xxxxxxb
-	ClassApplication = 64  // 01xxxxxxb
-	ClassContext     = 128 // 10xxxxxxb
-	ClassPrivate     = 192 // 11xxxxxxb
-	ClassBitmask     = 192 // 11xxxxxxb
-)
-
-var ClassMap = map[uint8]string{
-	ClassUniversal:   "Universal",
-	ClassApplication: "Application",
-	ClassContext:     "Context",
-	ClassPrivate:     "Private",
-}
-
-const (
-	TypePrimitive   = 0  // xx0xxxxxb
-	TypeConstructed = 32 // xx1xxxxxb
-	TypeBitmask     = 32 // xx1xxxxxb
-)
-
-var TypeMap = map[uint8]string{
-	TypePrimitive:   "Primative",
-	TypeConstructed: "Constructed",
-}
-
-var Debug bool = false
-
-func PrintBytes(buf []byte, indent string) {
-	data_lines := make([]string, (len(buf)/30)+1)
-	num_lines := make([]string, (len(buf)/30)+1)
-
-	for i, b := range buf {
-		data_lines[i/30] += fmt.Sprintf("%02x ", b)
-		num_lines[i/30] += fmt.Sprintf("%02d ", (i+1)%100)
-	}
-
-	for i := 0; i < len(data_lines); i++ {
-		fmt.Print(indent + data_lines[i] + "\n")
-		fmt.Print(indent + num_lines[i] + "\n\n")
-	}
-}
-
-func PrintPacket(p *Packet) {
-	printPacket(p, 0, false)
-}
-
-func printPacket(p *Packet, indent int, printBytes bool) {
-	indent_str := ""
-
-	for len(indent_str) != indent {
-		indent_str += " "
-	}
-
-	class_str := ClassMap[p.ClassType]
-
-	tagtype_str := TypeMap[p.TagType]
-
-	tag_str := fmt.Sprintf("0x%02X", p.Tag)
-
-	if p.ClassType == ClassUniversal {
-		tag_str = TagMap[p.Tag]
-	}
-
-	value := fmt.Sprint(p.Value)
-	description := ""
-
-	if p.Description != "" {
-		description = p.Description + ": "
-	}
-
-	fmt.Printf("%s%s(%s, %s, %s) Len=%d %q\n", indent_str, description, class_str, tagtype_str, tag_str, p.Data.Len(), value)
-
-	if printBytes {
-		PrintBytes(p.Bytes(), indent_str)
-	}
-
-	for _, child := range p.Children {
-		printPacket(child, indent+1, printBytes)
-	}
-}
-
-func resizeBuffer(in []byte, new_size uint64) (out []byte) {
-	out = make([]byte, new_size)
-
-	copy(out, in)
-
-	return
-}
-
-func readBytes(reader io.Reader, buf []byte) error {
-	idx := 0
-	buflen := len(buf)
-
-	if reader == nil {
-		return errors.New("reader was nil, aborting")
-	}
-	
-	for idx < buflen {
-		n, err := reader.Read(buf[idx:])
-		if err != nil {
-			return err
-		}
-		idx += n
-	}
-
-	return nil
-}
-
-func ReadPacket(reader io.Reader) (*Packet, error) {
-	buf := make([]byte, 2)
-
-	err := readBytes(reader, buf)
-
-	if err != nil {
-		return nil, err
-	}
-
-	idx := uint64(2)
-	datalen := uint64(buf[1])
-
-	if Debug {
-		fmt.Printf("Read: datalen = %d len(buf) = %d ", datalen, len(buf))
-
-		for _, b := range buf {
-			fmt.Printf("%02X ", b)
-		}
-
-		fmt.Printf("\n")
-	}
-
-	if datalen&128 != 0 {
-		a := datalen - 128
-
-		idx += a
-		buf = resizeBuffer(buf, 2+a)
-
-		err := readBytes(reader, buf[2:])
-
-		if err != nil {
-			return nil, err
-		}
-
-		datalen = DecodeInteger(buf[2 : 2+a])
-
-		if Debug {
-			fmt.Printf("Read: a = %d  idx = %d  datalen = %d  len(buf) = %d", a, idx, datalen, len(buf))
-
-			for _, b := range buf {
-				fmt.Printf("%02X ", b)
-			}
-
-			fmt.Printf("\n")
-		}
-	}
-
-	buf = resizeBuffer(buf, idx+datalen)
-	err = readBytes(reader, buf[idx:])
-
-	if err != nil {
-		return nil, err
-	}
-
-	if Debug {
-		fmt.Printf("Read: len( buf ) = %d  idx=%d datalen=%d idx+datalen=%d\n", len(buf), idx, datalen, idx+datalen)
-
-		for _, b := range buf {
-			fmt.Printf("%02X ", b)
-		}
-	}
-
-	p := DecodePacket(buf)
-
-	return p, nil
-}
-
-func DecodeString(data []byte) (ret string) {
-	// for _, c := range data {
-	// 	ret += fmt.Sprintf("%c", c)
-	// }
-
-	return string(data)
-}
-
-func DecodeInteger(data []byte) (ret uint64) {
-	for _, i := range data {
-		ret = ret * 256
-		ret = ret + uint64(i)
-	}
-
-	return
-}
-
-func EncodeInteger(val uint64) []byte {
-	var out bytes.Buffer
-
-	found := false
-
-	shift := uint(56)
-
-	mask := uint64(0xFF00000000000000)
-
-	for mask > 0 {
-		if !found && (val&mask != 0) {
-			found = true
-		}
-
-		if found || (shift == 0) {
-			out.Write([]byte{byte((val & mask) >> shift)})
-		}
-
-		shift -= 8
-		mask = mask >> 8
-	}
-
-	return out.Bytes()
-}
-
-func DecodePacket(data []byte) *Packet {
-	p, _ := decodePacket(data)
-
-	return p
-}
-
-func decodePacket(data []byte) (*Packet, []byte) {
-	if Debug {
-		fmt.Printf("decodePacket: enter %d\n", len(data))
-	}
-
-	p := new(Packet)
-
-	p.ClassType = data[0] & ClassBitmask
-	p.TagType = data[0] & TypeBitmask
-	p.Tag = data[0] & TagBitmask
-
-	datalen := DecodeInteger(data[1:2])
-	datapos := uint64(2)
-
-	if datalen&128 != 0 {
-		datalen -= 128
-		datapos += datalen
-		datalen = DecodeInteger(data[2 : 2+datalen])
-	}
-
-	p.Data = new(bytes.Buffer)
-
-	p.Children = make([]*Packet, 0, 2)
-
-	p.Value = nil
-
-	value_data := data[datapos : datapos+datalen]
-
-	if p.TagType == TypeConstructed {
-		for len(value_data) != 0 {
-			var child *Packet
-
-			child, value_data = decodePacket(value_data)
-			p.AppendChild(child)
-		}
-	} else if p.ClassType == ClassUniversal {
-		p.Data.Write(data[datapos : datapos+datalen])
-		p.ByteValue = value_data
-
-		switch p.Tag {
-		case TagEOC:
-		case TagBoolean:
-			val := DecodeInteger(value_data)
-
-			p.Value = val != 0
-		case TagInteger:
-			p.Value = DecodeInteger(value_data)
-		case TagBitString:
-		case TagOctetString:
-			p.Value = DecodeString(value_data)
-		case TagNULL:
-		case TagObjectIdentifier:
-		case TagObjectDescriptor:
-		case TagExternal:
-		case TagRealFloat:
-		case TagEnumerated:
-			p.Value = DecodeInteger(value_data)
-		case TagEmbeddedPDV:
-		case TagUTF8String:
-		case TagRelativeOID:
-		case TagSequence:
-		case TagSet:
-		case TagNumericString:
-		case TagPrintableString:
-			p.Value = DecodeString(value_data)
-		case TagT61String:
-		case TagVideotexString:
-		case TagIA5String:
-		case TagUTCTime:
-		case TagGeneralizedTime:
-		case TagGraphicString:
-		case TagVisibleString:
-		case TagGeneralString:
-		case TagUniversalString:
-		case TagCharacterString:
-		case TagBMPString:
-		}
-	} else {
-		p.Data.Write(data[datapos : datapos+datalen])
-	}
-
-	return p, data[datapos+datalen:]
-}
-
-func (p *Packet) DataLength() uint64 {
-	return uint64(p.Data.Len())
-}
-
-func (p *Packet) Bytes() []byte {
-	var out bytes.Buffer
-
-	out.Write([]byte{p.ClassType | p.TagType | p.Tag})
-	packet_length := EncodeInteger(p.DataLength())
-
-	if p.DataLength() > 127 || len(packet_length) > 1 {
-		out.Write([]byte{byte(len(packet_length) | 128)})
-		out.Write(packet_length)
-	} else {
-		out.Write(packet_length)
-	}
-
-	out.Write(p.Data.Bytes())
-
-	return out.Bytes()
-}
-
-func (p *Packet) AppendChild(child *Packet) {
-	p.Data.Write(child.Bytes())
-
-	if len(p.Children) == cap(p.Children) {
-		newChildren := make([]*Packet, cap(p.Children)*2)
-
-		copy(newChildren, p.Children)
-		p.Children = newChildren[0:len(p.Children)]
-	}
-
-	p.Children = p.Children[0 : len(p.Children)+1]
-	p.Children[len(p.Children)-1] = child
-}
-
-func Encode(ClassType, TagType, Tag uint8, Value interface{}, Description string) *Packet {
-	p := new(Packet)
-
-	p.ClassType = ClassType
-	p.TagType = TagType
-	p.Tag = Tag
-	p.Data = new(bytes.Buffer)
-
-	p.Children = make([]*Packet, 0, 2)
-
-	p.Value = Value
-	p.Description = Description
-
-	if Value != nil {
-		v := reflect.ValueOf(Value)
-
-		if ClassType == ClassUniversal {
-			switch Tag {
-			case TagOctetString:
-				sv, ok := v.Interface().(string)
-
-				if ok {
-					p.Data.Write([]byte(sv))
-				}
-			}
-		}
-	}
-
-	return p
-}
-
-func NewSequence(Description string) *Packet {
-	return Encode(ClassUniversal, TypePrimitive, TagSequence, nil, Description)
-}
-
-func NewBoolean(ClassType, TagType, Tag uint8, Value bool, Description string) *Packet {
-	intValue := 0
-
-	if Value {
-		intValue = 1
-	}
-
-	p := Encode(ClassType, TagType, Tag, nil, Description)
-
-	p.Value = Value
-	p.Data.Write(EncodeInteger(uint64(intValue)))
-
-	return p
-}
-
-func NewInteger(ClassType, TagType, Tag uint8, Value uint64, Description string) *Packet {
-	p := Encode(ClassType, TagType, Tag, nil, Description)
-
-	p.Value = Value
-	p.Data.Write(EncodeInteger(Value))
-
-	return p
-}
-
-func NewString(ClassType, TagType, Tag uint8, Value, Description string) *Packet {
-	p := Encode(ClassType, TagType, Tag, nil, Description)
-
-	p.Value = Value
-	p.Data.Write([]byte(Value))
-
-	return p
-}
--- a/modules/auth/admin.go
+++ b/modules/auth/admin.go
@@ -5,9 +5,9 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
+	"gopkg.in/macaron.v1"

-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
 )

 type AdminCrateUserForm struct {
@@ -24,16 +24,18 @@ func (f *AdminCrateUserForm) Validate(ctx *macaron.Context, errs binding.Errors)
 }

 type AdminEditUserForm struct {
-	LoginType    string `binding:"Required"`
-	LoginName    string
-	FullName     string `binding:"MaxSize(100)"`
-	Email        string `binding:"Required;Email;MaxSize(254)"`
-	Password     string `binding:"MaxSize(255)"`
-	Website      string `binding:"MaxSize(50)"`
-	Location     string `binding:"MaxSize(50)"`
-	Active       bool
-	Admin        bool
-	AllowGitHook bool
+	LoginType        string `binding:"Required"`
+	LoginName        string
+	FullName         string `binding:"MaxSize(100)"`
+	Email            string `binding:"Required;Email;MaxSize(254)"`
+	Password         string `binding:"MaxSize(255)"`
+	Website          string `binding:"MaxSize(50)"`
+	Location         string `binding:"MaxSize(50)"`
+	MaxRepoCreation  int
+	Active           bool
+	Admin            bool
+	AllowGitHook     bool
+	AllowImportLocal bool
 }

 func (f *AdminEditUserForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/modules/auth/apiv1/miscellaneous.go
+++ b/modules/auth/apiv1/miscellaneous.go
@@ -1,73 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package apiv1
-
-import (
-	"reflect"
-
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
-
-	"github.com/gogits/gogs/modules/auth"
-)
-
-type MarkdownForm struct {
-	Text    string
-	Mode    string
-	Context string
-}
-
-func (f *MarkdownForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
-	return validateApiReq(errs, ctx.Data, f)
-}
-
-func validateApiReq(errs binding.Errors, data map[string]interface{}, f auth.Form) binding.Errors {
-	if errs.Len() == 0 {
-		return errs
-	}
-
-	data["HasError"] = true
-
-	typ := reflect.TypeOf(f)
-	val := reflect.ValueOf(f)
-
-	if typ.Kind() == reflect.Ptr {
-		typ = typ.Elem()
-		val = val.Elem()
-	}
-
-	for i := 0; i < typ.NumField(); i++ {
-		field := typ.Field(i)
-
-		fieldName := field.Tag.Get("form")
-		// Allow ignored fields in the struct
-		if fieldName == "-" {
-			continue
-		}
-
-		if errs[0].FieldNames[0] == field.Name {
-			switch errs[0].Classification {
-			case binding.ERR_REQUIRED:
-				data["ErrorMsg"] = fieldName + " cannot be empty"
-			case binding.ERR_ALPHA_DASH:
-				data["ErrorMsg"] = fieldName + " must be valid alpha or numeric or dash(-_) characters"
-			case binding.ERR_ALPHA_DASH_DOT:
-				data["ErrorMsg"] = fieldName + " must be valid alpha or numeric or dash(-_) or dot characters"
-			case binding.ERR_MIN_SIZE:
-				data["ErrorMsg"] = fieldName + " must contain at least " + auth.GetMinSize(field) + " characters"
-			case binding.ERR_MAX_SIZE:
-				data["ErrorMsg"] = fieldName + " must contain at most " + auth.GetMaxSize(field) + " characters"
-			case binding.ERR_EMAIL:
-				data["ErrorMsg"] = fieldName + " is not a valid e-mail address"
-			case binding.ERR_URL:
-				data["ErrorMsg"] = fieldName + " is not a valid URL"
-			default:
-				data["ErrorMsg"] = "Unknown error: " + errs[0].Classification
-			}
-			return errs
-		}
-	}
-	return errs
-}
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -10,15 +10,15 @@ import (
 	"time"

 	"github.com/Unknwon/com"
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
-	"github.com/macaron-contrib/session"
+	"github.com/go-macaron/binding"
+	"github.com/go-macaron/session"
+	gouuid "github.com/satori/go.uuid"
+	"gopkg.in/macaron.v1"

 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
-	"github.com/gogits/gogs/modules/uuid"
 )

 func IsAPIPath(url string) bool {
@@ -55,8 +55,8 @@ func SignedInID(ctx *macaron.Context, sess session.Store) int64 {
 				return 0
 			}
 			t.Updated = time.Now()
-			if err = models.UpdateAccessToekn(t); err != nil {
-				log.Error(4, "UpdateAccessToekn: %v", err)
+			if err = models.UpdateAccessToken(t); err != nil {
+				log.Error(4, "UpdateAccessToken: %v", err)
 			}
 			return t.UID
 		}
@@ -102,7 +102,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
 					if setting.Service.EnableReverseProxyAutoRegister {
 						u := &models.User{
 							Name:     webAuthUser,
-							Email:    uuid.NewV4().String() + "@localhost",
+							Email:    gouuid.NewV4().String() + "@localhost",
 							Passwd:   webAuthUser,
 							IsActive: true,
 						}
@@ -181,7 +181,7 @@ func AssignForm(form interface{}, data map[string]interface{}) {
 	}
 }

-func getSize(field reflect.StructField, prefix string) string {
+func getRuleBody(field reflect.StructField, prefix string) string {
 	for _, rule := range strings.Split(field.Tag.Get("binding"), ";") {
 		if strings.HasPrefix(rule, prefix) {
 			return rule[len(prefix) : len(rule)-1]
@@ -191,15 +191,19 @@ func getSize(field reflect.StructField, prefix string) string {
 }

 func GetSize(field reflect.StructField) string {
-	return getSize(field, "Size(")
+	return getRuleBody(field, "Size(")
 }

 func GetMinSize(field reflect.StructField) string {
-	return getSize(field, "MinSize(")
+	return getRuleBody(field, "MinSize(")
 }

 func GetMaxSize(field reflect.StructField) string {
-	return getSize(field, "MaxSize(")
+	return getRuleBody(field, "MaxSize(")
+}
+
+func GetInclude(field reflect.StructField) string {
+	return getRuleBody(field, "Include(")
 }

 // FIXME: struct contains a struct
@@ -260,6 +264,8 @@ func validate(errs binding.Errors, data map[string]interface{}, f Form, l macaro
 				data["ErrorMsg"] = trName + l.Tr("form.email_error")
 			case binding.ERR_URL:
 				data["ErrorMsg"] = trName + l.Tr("form.url_error")
+			case binding.ERR_INCLUDE:
+				data["ErrorMsg"] = trName + l.Tr("form.include_error", GetInclude(field))
 			default:
 				data["ErrorMsg"] = l.Tr("form.unknown_error") + " " + errs[0].Classification
 			}
--- a/modules/auth/auth_form.go
+++ b/modules/auth/auth_form.go
@@ -5,33 +5,35 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
 )

 type AuthenticationForm struct {
-	ID               int64
-	Type             int    `binding:"Range(2,5)"`
-	Name             string `binding:"Required;MaxSize(30)"`
-	Host             string
-	Port             int
-	BindDN           string
-	BindPassword     string
-	UserBase         string
-	UserDN           string `form:"user_dn"`
-	AttributeName    string
-	AttributeSurname string
-	AttributeMail    string
-	Filter           string
-	AdminFilter      string
-	IsActive         bool
-	SMTPAuth         string
-	SMTPHost         string
-	SMTPPort         int
-	AllowedDomains   string
-	TLS              bool
-	SkipVerify       bool
-	PAMServiceName   string `form:"pam_service_name"`
+	ID                int64
+	Type              int    `binding:"Range(2,5)"`
+	Name              string `binding:"Required;MaxSize(30)"`
+	Host              string
+	Port              int
+	BindDN            string
+	BindPassword      string
+	UserBase          string
+	UserDN            string
+	AttributeUsername string
+	AttributeName     string
+	AttributeSurname  string
+	AttributeMail     string
+	AttributesInBind  bool
+	Filter            string
+	AdminFilter       string
+	IsActive          bool
+	SMTPAuth          string
+	SMTPHost          string
+	SMTPPort          int
+	AllowedDomains    string
+	TLS               bool
+	SkipVerify        bool
+	PAMServiceName    string
 }

 func (f *AuthenticationForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -9,42 +9,60 @@ package ldap
 import (
 	"crypto/tls"
 	"fmt"
+	"strings"
+
+	"gopkg.in/ldap.v2"

-	"github.com/gogits/gogs/modules/ldap"
 	"github.com/gogits/gogs/modules/log"
 )

 // Basic LDAP authentication service
 type Source struct {
-	Name             string // canonical name (ie. corporate.ad)
-	Host             string // LDAP host
-	Port             int    // port number
-	UseSSL           bool   // Use SSL
-	SkipVerify       bool
-	BindDN           string // DN to bind with
-	BindPassword     string // Bind DN password
-	UserBase         string // Base search path for users
-	UserDN           string // Template for the DN of the user for simple auth
-	AttributeName    string // First name attribute
-	AttributeSurname string // Surname attribute
-	AttributeMail    string // E-mail attribute
-	Filter           string // Query filter to validate entry
-	AdminFilter      string // Query filter to check if user is admin
-	Enabled          bool   // if this source is disabled
+	Name              string // canonical name (ie. corporate.ad)
+	Host              string // LDAP host
+	Port              int    // port number
+	UseSSL            bool   // Use SSL
+	SkipVerify        bool
+	BindDN            string // DN to bind with
+	BindPassword      string // Bind DN password
+	UserBase          string // Base search path for users
+	UserDN            string // Template for the DN of the user for simple auth
+	AttributeUsername string // Username attribute
+	AttributeName     string // First name attribute
+	AttributeSurname  string // Surname attribute
+	AttributeMail     string // E-mail attribute
+	AttributesInBind  bool   // fetch attributes in bind context (not user)
+	Filter            string // Query filter to validate entry
+	AdminFilter       string // Query filter to check if user is admin
+	Enabled           bool   // if this source is disabled
 }

-func (ls *Source) FindUserDN(name string) (string, bool) {
-	l, err := ldapDial(ls)
-	if err != nil {
-		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
-		ls.Enabled = false
+func (ls *Source) sanitizedUserQuery(username string) (string, bool) {
+	// See http://tools.ietf.org/search/rfc4515
+	badCharacters := "\x00()*\\"
+	if strings.ContainsAny(username, badCharacters) {
+		log.Debug("'%s' contains invalid query characters. Aborting.", username)
 		return "", false
 	}
-	defer l.Close()

+	return fmt.Sprintf(ls.Filter, username), true
+}
+
+func (ls *Source) sanitizedUserDN(username string) (string, bool) {
+	// See http://tools.ietf.org/search/rfc4514: "special characters"
+	badCharacters := "\x00()*\\,='\"#+;<> "
+	if strings.ContainsAny(username, badCharacters) {
+		log.Debug("'%s' contains invalid DN characters. Aborting.", username)
+		return "", false
+	}
+
+	return fmt.Sprintf(ls.UserDN, username), true
+}
+
+func (ls *Source) findUserDN(l *ldap.Conn, name string) (string, bool) {
 	log.Trace("Search for LDAP user: %s", name)
 	if ls.BindDN != "" && ls.BindPassword != "" {
-		err = l.Bind(ls.BindDN, ls.BindPassword)
+		err := l.Bind(ls.BindDN, ls.BindPassword)
 		if err != nil {
 			log.Debug("Failed to bind as BindDN[%s]: %v", ls.BindDN, err)
 			return "", false
@@ -55,8 +73,12 @@ func (ls *Source) FindUserDN(name string) (string, bool) {
 	}

 	// A search for the user.
-	userFilter := fmt.Sprintf(ls.Filter, name)
-	log.Trace("Searching using filter %s", userFilter)
+	userFilter, ok := ls.sanitizedUserQuery(name)
+	if !ok {
+		return "", false
+	}
+
+	log.Trace("Searching for DN using filter %s and base %s", userFilter, ls.UserBase)
 	search := ldap.NewSearchRequest(
 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0,
 		false, userFilter, []string{}, nil)
@@ -73,7 +95,7 @@ func (ls *Source) FindUserDN(name string) (string, bool) {

 	userDN := sr.Entries[0].DN
 	if userDN == "" {
-		log.Error(4, "LDAP search was succesful, but found no DN!")
+		log.Error(4, "LDAP search was successful, but found no DN!")
 		return "", false
 	}

@@ -81,47 +103,57 @@ func (ls *Source) FindUserDN(name string) (string, bool) {
 }

 // searchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter
-func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, bool, bool) {
-	var userDN string
-	if directBind {
-		log.Trace("LDAP will bind directly via UserDN template: %s", ls.UserDN)
-		userDN = fmt.Sprintf(ls.UserDN, name)
-	} else {
-		log.Trace("LDAP will use BindDN.")
-
-		var found bool
-		userDN, found = ls.FindUserDN(name)
-		if !found {
-			return "", "", "", false, false
-		}
-	}
-
+func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) {
 	l, err := ldapDial(ls)
 	if err != nil {
 		log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)
 		ls.Enabled = false
-		return "", "", "", false, false
+		return "", "", "", "", false, false
 	}
 	defer l.Close()

-	log.Trace("Binding with userDN: %s", userDN)
-	err = l.Bind(userDN, passwd)
-	if err != nil {
-		log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)
-		return "", "", "", false, false
+	var userDN string
+	if directBind {
+		log.Trace("LDAP will bind directly via UserDN template: %s", ls.UserDN)
+
+		var ok bool
+		userDN, ok = ls.sanitizedUserDN(name)
+		if !ok {
+			return "", "", "", "", false, false
+		}
+	} else {
+		log.Trace("LDAP will use BindDN.")
+
+		var found bool
+		userDN, found = ls.findUserDN(l, name)
+		if !found {
+			return "", "", "", "", false, false
+		}
 	}

-	log.Trace("Bound successfully with userDN: %s", userDN)
-	userFilter := fmt.Sprintf(ls.Filter, name)
+	if directBind || !ls.AttributesInBind {
+		// binds user (checking password) before looking-up attributes in user context
+		err = bindUser(l, userDN, passwd)
+		if err != nil {
+			return "", "", "", "", false, false
+		}
+	}
+
+	userFilter, ok := ls.sanitizedUserQuery(name)
+	if !ok {
+		return "", "", "", "", false, false
+	}
+
+	log.Trace("Fetching attributes '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, userFilter, userDN)
 	search := ldap.NewSearchRequest(
 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
-		[]string{ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
+		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail},
 		nil)

 	sr, err := l.Search(search)
 	if err != nil {
 		log.Error(4, "LDAP Search failed unexpectedly! (%v)", err)
-		return "", "", "", false, false
+		return "", "", "", "", false, false
 	} else if len(sr.Entries) < 1 {
 		if directBind {
 			log.Error(4, "User filter inhibited user login.")
@@ -129,15 +161,17 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 			log.Error(4, "LDAP Search failed unexpectedly! (0 entries)")
 		}

-		return "", "", "", false, false
+		return "", "", "", "", false, false
 	}

+	username_attr := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
 	name_attr := sr.Entries[0].GetAttributeValue(ls.AttributeName)
 	sn_attr := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
 	mail_attr := sr.Entries[0].GetAttributeValue(ls.AttributeMail)

 	admin_attr := false
 	if len(ls.AdminFilter) > 0 {
+		log.Trace("Checking admin with filter %s and base %s", ls.AdminFilter, userDN)
 		search = ldap.NewSearchRequest(
 			userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, ls.AdminFilter,
 			[]string{ls.AttributeName},
@@ -153,7 +187,26 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, str
 		}
 	}

-	return name_attr, sn_attr, mail_attr, admin_attr, true
+	if !directBind && ls.AttributesInBind {
+		// binds user (checking password) after looking-up attributes in BindDN context
+		err = bindUser(l, userDN, passwd)
+		if err != nil {
+			return "", "", "", "", false, false
+		}
+	}
+
+	return username_attr, name_attr, sn_attr, mail_attr, admin_attr, true
+}
+
+func bindUser(l *ldap.Conn, userDN, passwd string) error {
+	log.Trace("Binding with userDN: %s", userDN)
+	err := l.Bind(userDN, passwd)
+	if err != nil {
+		log.Debug("LDAP auth. failed for %s, reason: %v", userDN, err)
+		return err
+	}
+	log.Trace("Bound successfully with userDN: %s", userDN)
+	return err
 }

 func ldapDial(ls *Source) (*ldap.Conn, error) {
--- a/modules/auth/org.go
+++ b/modules/auth/org.go
@@ -5,8 +5,8 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
 )

 // ________                            .__                __  .__
@@ -17,7 +17,7 @@ import (
 //         \/     /_____/     \/     \/         \/     \/                    \/

 type CreateOrgForm struct {
-	OrgName string `binding:"Required;AlphaDashDot;MaxSize(30)" locale:"org.org_name_holder"`
+	OrgName string `binding:"Required;AlphaDashDot;MaxSize(35)" locale:"org.org_name_holder"`
 }

 func (f *CreateOrgForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -25,11 +25,12 @@ func (f *CreateOrgForm) Validate(ctx *macaron.Context, errs binding.Errors) bind
 }

 type UpdateOrgSettingForm struct {
-	Name        string `binding:"Required;AlphaDashDot;MaxSize(30)" locale:"org.org_name_holder"`
-	FullName    string `binding:"MaxSize(100)"`
-	Description string `binding:"MaxSize(255)"`
-	Website     string `binding:"Url;MaxSize(100)"`
-	Location    string `binding:"MaxSize(50)"`
+	Name            string `binding:"Required;AlphaDashDot;MaxSize(35)" locale:"org.org_name_holder"`
+	FullName        string `binding:"MaxSize(100)"`
+	Description     string `binding:"MaxSize(255)"`
+	Website         string `binding:"Url;MaxSize(100)"`
+	Location        string `binding:"MaxSize(50)"`
+	MaxRepoCreation int
 }

 func (f *UpdateOrgSettingForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -44,9 +45,9 @@ func (f *UpdateOrgSettingForm) Validate(ctx *macaron.Context, errs binding.Error
 //              \/     \/      \/

 type CreateTeamForm struct {
-	TeamName    string `form:"team_name" binding:"Required;AlphaDashDot;MaxSize(30)"`
-	Description string `form:"desc" binding:"MaxSize(255)"`
-	Permission  string `form:"permission"`
+	TeamName    string `binding:"Required;AlphaDashDot;MaxSize(30)"`
+	Description string `binding:"MaxSize(255)"`
+	Permission  string
 }

 func (f *CreateTeamForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/modules/auth/repo_form.go
+++ b/modules/auth/repo_form.go
@@ -5,8 +5,14 @@
 package auth

 import (
-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"net/url"
+	"strings"
+
+	"github.com/Unknwon/com"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
+
+	"github.com/gogits/gogs/models"
 )

 // _______________________________________    _________.______________________ _______________.___.
@@ -37,8 +43,8 @@ type MigrateRepoForm struct {
 	AuthPassword string `json:"auth_password"`
 	Uid          int64  `json:"uid" binding:"Required"`
 	RepoName     string `json:"repo_name" binding:"Required;AlphaDashDot;MaxSize(100)"`
-	Private      bool   `json:"mirror"`
-	Mirror       bool   `json:"private"`
+	Mirror       bool   `json:"mirror"`
+	Private      bool   `json:"private"`
 	Description  string `json:"description" binding:"MaxSize(255)"`
 }

@@ -46,13 +52,51 @@ func (f *MigrateRepoForm) Validate(ctx *macaron.Context, errs binding.Errors) bi
 	return validate(errs, ctx.Data, f, ctx.Locale)
 }

+// ParseRemoteAddr checks if given remote address is valid,
+// and returns composed URL with needed username and passowrd.
+// It also checks if given user has permission when remote address
+// is actually a local path.
+func (f MigrateRepoForm) ParseRemoteAddr(user *models.User) (string, error) {
+	remoteAddr := strings.TrimSpace(f.CloneAddr)
+
+	// Remote address can be HTTP/HTTPS/Git URL or local path.
+	if strings.HasPrefix(remoteAddr, "http://") ||
+		strings.HasPrefix(remoteAddr, "https://") ||
+		strings.HasPrefix(remoteAddr, "git://") {
+		u, err := url.Parse(remoteAddr)
+		if err != nil {
+			return "", models.ErrInvalidCloneAddr{IsURLError: true}
+		}
+		if len(f.AuthUsername)+len(f.AuthPassword) > 0 {
+			u.User = url.UserPassword(f.AuthUsername, f.AuthPassword)
+		}
+		remoteAddr = u.String()
+	} else if !user.CanImportLocal() {
+		return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true}
+	} else if !com.IsDir(remoteAddr) {
+		return "", models.ErrInvalidCloneAddr{IsInvalidPath: true}
+	}
+
+	return remoteAddr, nil
+}
+
 type RepoSettingForm struct {
-	RepoName    string `binding:"Required;AlphaDashDot;MaxSize(100)"`
-	Description string `binding:"MaxSize(255)"`
-	Website     string `binding:"Url;MaxSize(100)"`
-	Branch      string
-	Interval    int
-	Private     bool
+	RepoName      string `binding:"Required;AlphaDashDot;MaxSize(100)"`
+	Description   string `binding:"MaxSize(255)"`
+	Website       string `binding:"Url;MaxSize(100)"`
+	Branch        string
+	Interval      int
+	MirrorAddress string
+	Private       bool
+
+	// Advanced settings
+	EnableWiki            bool
+	EnableExternalWiki    bool
+	ExternalWikiURL       string
+	EnableIssues          bool
+	EnableExternalTracker bool
+	TrackerURLFormat      string
+	EnablePulls           bool
 }

 func (f *RepoSettingForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -181,12 +225,12 @@ func (f *CreateLabelForm) Validate(ctx *macaron.Context, errs binding.Errors) bi
 //         \/     \/          \/     \/     \/     \/

 type NewReleaseForm struct {
-	TagName    string `form:"tag_name" binding:"Required"`
+	TagName    string `binding:"Required"`
 	Target     string `form:"tag_target" binding:"Required"`
-	Title      string `form:"title" binding:"Required"`
-	Content    string `form:"content" binding:"Required"`
-	Draft      string `form:"draft"`
-	Prerelease bool   `form:"prerelease"`
+	Title      string `binding:"Required"`
+	Content    string
+	Draft      string
+	Prerelease bool
 }

 func (f *NewReleaseForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -195,7 +239,7 @@ func (f *NewReleaseForm) Validate(ctx *macaron.Context, errs binding.Errors) bin

 type EditReleaseForm struct {
 	Title      string `form:"title" binding:"Required"`
-	Content    string `form:"content" binding:"Required"`
+	Content    string `form:"content"`
 	Draft      string `form:"draft"`
 	Prerelease bool   `form:"prerelease"`
 }
@@ -203,3 +247,22 @@ type EditReleaseForm struct {
 func (f *EditReleaseForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
 	return validate(errs, ctx.Data, f, ctx.Locale)
 }
+
+//  __      __.__ __   .__
+// /  \    /  \__|  | _|__|
+// \   \/\/   /  |  |/ /  |
+//  \        /|  |    <|  |
+//   \__/\  / |__|__|_ \__|
+//        \/          \/
+
+type NewWikiForm struct {
+	OldTitle string
+	Title    string `binding:"Required"`
+	Content  string `binding:"Required"`
+	Message  string
+}
+
+// FIXME: use code generation to generate this method.
+func (f *NewWikiForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
+	return validate(errs, ctx.Data, f, ctx.Locale)
+}
--- a/modules/auth/user_form.go
+++ b/modules/auth/user_form.go
@@ -7,8 +7,8 @@ package auth
 import (
 	"mime/multipart"

-	"github.com/Unknwon/macaron"
-	"github.com/macaron-contrib/binding"
+	"github.com/go-macaron/binding"
+	"gopkg.in/macaron.v1"
 )

 type InstallForm struct {
@@ -27,10 +27,11 @@ type InstallForm struct {
 	SSHPort      int
 	HTTPPort     string `binding:"Required"`
 	AppUrl       string `binding:"Required"`
+	LogRootPath  string `binding:"Required"`

 	SMTPHost        string
 	SMTPFrom        string
-	SMTPEmail       string `binding:"OmitEmpty;Email;MaxSize(50)" locale:"install.mailer_user"`
+	SMTPEmail       string `binding:"OmitEmpty;Email;MaxSize(254)" locale:"install.mailer_user"`
 	SMTPPasswd      string
 	RegisterConfirm bool
 	MailNotify      bool
@@ -44,7 +45,7 @@ type InstallForm struct {
 	AdminName          string `binding:"OmitEmpty;AlphaDashDot;MaxSize(30)" locale:"install.admin_name"`
 	AdminPasswd        string `binding:"OmitEmpty;MaxSize(255)" locale:"install.admin_password"`
 	AdminConfirmPasswd string
-	AdminEmail         string `binding:"OmitEmpty;Email;MaxSize(50)" locale:"install.admin_email"`
+	AdminEmail         string `binding:"OmitEmpty;MinSize(3);MaxSize(254);Include(@)" locale:"install.admin_email"`
 }

 func (f *InstallForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
@@ -87,12 +88,12 @@ func (f *SignInForm) Validate(ctx *macaron.Context, errs binding.Errors) binding
 //         \/         \/                                   \/        \/        \/

 type UpdateProfileForm struct {
-	Name     string `binding:"Required;MaxSize(35)"`
+	Name     string `binding:"OmitEmpty;MaxSize(35)"`
 	FullName string `binding:"MaxSize(100)"`
 	Email    string `binding:"Required;Email;MaxSize(254)"`
 	Website  string `binding:"Url;MaxSize(100)"`
 	Location string `binding:"MaxSize(50)"`
-	Gravatar string `binding:"Required;Email;MaxSize(254)"`
+	Gravatar string `binding:"OmitEmpty;Email;MaxSize(254)"`
 }

 func (f *UpdateProfileForm) Validate(ctx *macaron.Context, errs binding.Errors) binding.Errors {
--- a/modules/avatar/avatar.go
+++ b/modules/avatar/avatar.go
@@ -2,72 +2,23 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

-// for www.gravatar.com image cache
-
-/*
-It is recommend to use this way
-
-	cacheDir := "./cache"
-	defaultImg := "./default.jpg"
-	http.Handle("/avatar/", avatar.CacheServer(cacheDir, defaultImg))
-*/
 package avatar

 import (
-	"crypto/md5"
-	"encoding/hex"
-	"errors"
 	"fmt"
 	"image"
 	"image/color/palette"
-	"image/jpeg"
-	"image/png"
-	"io"
 	"math/rand"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"strings"
-	"sync"
 	"time"

-	"github.com/nfnt/resize"
-
-	"github.com/gogits/gogs/modules/identicon"
-	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/setting"
+	"github.com/issue9/identicon"
 )

-var gravatarSource string
-
-func UpdateGravatarSource() {
-	gravatarSource = setting.GravatarSource
-	if strings.HasPrefix(gravatarSource, "//") {
-		gravatarSource = "http:" + gravatarSource
-	} else if !strings.HasPrefix(gravatarSource, "http://") &&
-		!strings.HasPrefix(gravatarSource, "https://") {
-		gravatarSource = "http://" + gravatarSource
-	}
-	log.Debug("avatar.UpdateGravatarSource(update gavatar source): %s", gravatarSource)
-}
-
-// hash email to md5 string
-// keep this func in order to make this package independent
-func HashEmail(email string) string {
-	// https://en.gravatar.com/site/implement/hash/
-	email = strings.TrimSpace(email)
-	email = strings.ToLower(email)
-
-	h := md5.New()
-	h.Write([]byte(email))
-	return hex.EncodeToString(h.Sum(nil))
-}
-
 const _RANDOM_AVATAR_SIZE = 200

-// RandomImage generates and returns a random avatar image.
-func RandomImage(data []byte) (image.Image, error) {
+// RandomImage generates and returns a random avatar image unique to input data
+// in custom size (height and width).
+func RandomImageSize(size int, data []byte) (image.Image, error) {
 	randExtent := len(palette.WebSafe) - 32
 	rand.Seed(time.Now().UnixNano())
 	colorIndex := rand.Intn(randExtent)
@@ -76,262 +27,17 @@ func RandomImage(data []byte) (image.Image, error) {
 		backColorIndex = randExtent - 1
 	}

-	// Size, background, forecolor
-	imgMaker, err := identicon.New(_RANDOM_AVATAR_SIZE,
+	// Define size, background, and forecolor
+	imgMaker, err := identicon.New(size,
 		palette.WebSafe[backColorIndex], palette.WebSafe[colorIndex:colorIndex+32]...)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("identicon.New: %v", err)
 	}
 	return imgMaker.Make(data), nil
 }

-// Avatar represents the avatar object.
-type Avatar struct {
-	Hash           string
-	AlterImage     string // image path
-	cacheDir       string // image save dir
-	reqParams      string
-	imagePath      string
-	expireDuration time.Duration
-}
-
-func New(hash string, cacheDir string) *Avatar {
-	return &Avatar{
-		Hash:           hash,
-		cacheDir:       cacheDir,
-		expireDuration: time.Minute * 10,
-		reqParams: url.Values{
-			"d":    {"retro"},
-			"size": {"200"},
-			"r":    {"pg"}}.Encode(),
-		imagePath: filepath.Join(cacheDir, hash+".image"), //maybe png or jpeg
-	}
-}
-
-func (this *Avatar) HasCache() bool {
-	fileInfo, err := os.Stat(this.imagePath)
-	return err == nil && fileInfo.Mode().IsRegular()
-}
-
-func (this *Avatar) Modtime() (modtime time.Time, err error) {
-	fileInfo, err := os.Stat(this.imagePath)
-	if err != nil {
-		return
-	}
-	return fileInfo.ModTime(), nil
-}
-
-func (this *Avatar) Expired() bool {
-	modtime, err := this.Modtime()
-	return err != nil || time.Since(modtime) > this.expireDuration
-}
-
-// default image format: jpeg
-func (this *Avatar) Encode(wr io.Writer, size int) (err error) {
-	var img image.Image
-	decodeImageFile := func(file string) (img image.Image, err error) {
-		fd, err := os.Open(file)
-		if err != nil {
-			return
-		}
-		defer fd.Close()
-
-		if img, err = jpeg.Decode(fd); err != nil {
-			fd.Seek(0, os.SEEK_SET)
-			img, err = png.Decode(fd)
-		}
-		return
-	}
-	imgPath := this.imagePath
-	if !this.HasCache() {
-		if this.AlterImage == "" {
-			return errors.New("request image failed, and no alt image offered")
-		}
-		imgPath = this.AlterImage
-	}
-
-	if img, err = decodeImageFile(imgPath); err != nil {
-		return
-	}
-	m := resize.Resize(uint(size), 0, img, resize.NearestNeighbor)
-	return jpeg.Encode(wr, m, nil)
-}
-
-// get image from gravatar.com
-func (this *Avatar) Update() {
-	UpdateGravatarSource()
-	thunder.Fetch(gravatarSource+this.Hash+"?"+this.reqParams,
-		this.imagePath)
-}
-
-func (this *Avatar) UpdateTimeout(timeout time.Duration) (err error) {
-	UpdateGravatarSource()
-	select {
-	case <-time.After(timeout):
-		err = fmt.Errorf("get gravatar image %s timeout", this.Hash)
-	case err = <-thunder.GoFetch(gravatarSource+this.Hash+"?"+this.reqParams,
-		this.imagePath):
-	}
-	return err
-}
-
-type service struct {
-	cacheDir string
-	altImage string
-}
-
-func (this *service) mustInt(r *http.Request, defaultValue int, keys ...string) (v int) {
-	for _, k := range keys {
-		if _, err := fmt.Sscanf(r.FormValue(k), "%d", &v); err == nil {
-			defaultValue = v
-		}
-	}
-	return defaultValue
-}
-
-func (this *service) ServeHTTP(w http.ResponseWriter, r *http.Request) {
-	urlPath := r.URL.Path
-	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
-	size := this.mustInt(r, 80, "s", "size") // default size = 80*80
-
-	avatar := New(hash, this.cacheDir)
-	avatar.AlterImage = this.altImage
-	if avatar.Expired() {
-		if err := avatar.UpdateTimeout(time.Millisecond * 1000); err != nil {
-			log.Trace("avatar update error: %v", err)
-			return
-		}
-	}
-	if modtime, err := avatar.Modtime(); err == nil {
-		etag := fmt.Sprintf("size(%d)", size)
-		if t, err := time.Parse(http.TimeFormat, r.Header.Get("If-Modified-Since")); err == nil && modtime.Before(t.Add(1*time.Second)) && etag == r.Header.Get("If-None-Match") {
-			h := w.Header()
-			delete(h, "Content-Type")
-			delete(h, "Content-Length")
-			w.WriteHeader(http.StatusNotModified)
-			return
-		}
-		w.Header().Set("Last-Modified", modtime.UTC().Format(http.TimeFormat))
-		w.Header().Set("ETag", etag)
-	}
-	w.Header().Set("Content-Type", "image/jpeg")
-
-	if err := avatar.Encode(w, size); err != nil {
-		log.Warn("avatar encode error: %v", err)
-		w.WriteHeader(500)
-	}
-}
-
-// http.Handle("/avatar/", avatar.CacheServer("./cache"))
-func CacheServer(cacheDir string, defaultImgPath string) http.Handler {
-	return &service{
-		cacheDir: cacheDir,
-		altImage: defaultImgPath,
-	}
-}
-
-// thunder downloader
-var thunder = &Thunder{QueueSize: 10}
-
-type Thunder struct {
-	QueueSize int // download queue size
-	q         chan *thunderTask
-	once      sync.Once
-}
-
-func (t *Thunder) init() {
-	if t.QueueSize < 1 {
-		t.QueueSize = 1
-	}
-	t.q = make(chan *thunderTask, t.QueueSize)
-	for i := 0; i < t.QueueSize; i++ {
-		go func() {
-			for {
-				task := <-t.q
-				task.Fetch()
-			}
-		}()
-	}
-}
-
-func (t *Thunder) Fetch(url string, saveFile string) error {
-	t.once.Do(t.init)
-	task := &thunderTask{
-		Url:      url,
-		SaveFile: saveFile,
-	}
-	task.Add(1)
-	t.q <- task
-	task.Wait()
-	return task.err
-}
-
-func (t *Thunder) GoFetch(url, saveFile string) chan error {
-	c := make(chan error)
-	go func() {
-		c <- t.Fetch(url, saveFile)
-	}()
-	return c
-}
-
-// thunder download
-type thunderTask struct {
-	Url      string
-	SaveFile string
-	sync.WaitGroup
-	err error
-}
-
-func (this *thunderTask) Fetch() {
-	this.err = this.fetch()
-	this.Done()
-}
-
-var client = &http.Client{}
-
-func (this *thunderTask) fetch() error {
-	log.Debug("avatar.fetch(fetch new avatar): %s", this.Url)
-	req, _ := http.NewRequest("GET", this.Url, nil)
-	req.Header.Set("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/jpeg,image/png,*/*;q=0.8")
-	req.Header.Set("Accept-Encoding", "deflate,sdch")
-	req.Header.Set("Accept-Language", "zh-CN,zh;q=0.8")
-	req.Header.Set("Cache-Control", "no-cache")
-	req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.154 Safari/537.36")
-	resp, err := client.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode != 200 {
-		return fmt.Errorf("status code: %d", resp.StatusCode)
-	}
-
-	/*
-		log.Println("headers:", resp.Header)
-		switch resp.Header.Get("Content-Type") {
-		case "image/jpeg":
-			this.SaveFile += ".jpeg"
-		case "image/png":
-			this.SaveFile += ".png"
-		}
-	*/
-	/*
-		imgType := resp.Header.Get("Content-Type")
-		if imgType != "image/jpeg" && imgType != "image/png" {
-			return errors.New("not png or jpeg")
-		}
-	*/
-
-	tmpFile := this.SaveFile + ".part" // mv to destination when finished
-	fd, err := os.Create(tmpFile)
-	if err != nil {
-		return err
-	}
-	_, err = io.Copy(fd, resp.Body)
-	fd.Close()
-	if err != nil {
-		os.Remove(tmpFile)
-		return err
-	}
-	return os.Rename(tmpFile, this.SaveFile)
+// RandomImage generates and returns a random avatar image unique to input data
+// in default size (height and width).
+func RandomImage(data []byte) (image.Image, error) {
+	return RandomImageSize(_RANDOM_AVATAR_SIZE, data)
 }
--- a/modules/avatar/avatar_test.go
+++ b/modules/avatar/avatar_test.go
@@ -1,61 +1,23 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
+// Copyright 2016 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
-package avatar_test
+
+package avatar

 import (
-	"errors"
-	"os"
-	"strconv"
 	"testing"
-	"time"

-	"github.com/gogits/gogs/modules/avatar"
-	"github.com/gogits/gogs/modules/log"
+	. "github.com/smartystreets/goconvey/convey"
 )

-const TMPDIR = "test-avatar"
+func Test_RandomImage(t *testing.T) {
+	Convey("Generate a random avatar from email", t, func() {
+		_, err := RandomImage([]byte("gogs@local"))
+		So(err, ShouldBeNil)

-func TestFetch(t *testing.T) {
-	os.Mkdir(TMPDIR, 0755)
-	defer os.RemoveAll(TMPDIR)
-
-	hash := avatar.HashEmail("ssx205@gmail.com")
-	a := avatar.New(hash, TMPDIR)
-	a.UpdateTimeout(time.Millisecond * 200)
-}
-
-func TestFetchMany(t *testing.T) {
-	os.Mkdir(TMPDIR, 0755)
-	defer os.RemoveAll(TMPDIR)
-
-	t.Log("start")
-	var n = 5
-	ch := make(chan bool, n)
-	for i := 0; i < n; i++ {
-		go func(i int) {
-			hash := avatar.HashEmail(strconv.Itoa(i) + "ssx205@gmail.com")
-			a := avatar.New(hash, TMPDIR)
-			a.Update()
-			t.Log("finish", hash)
-			ch <- true
-		}(i)
-	}
-	for i := 0; i < n; i++ {
-		<-ch
-	}
-	t.Log("end")
-}
-
-// cat
-// wget http://www.artsjournal.com/artfulmanager/wp/wp-content/uploads/2013/12/200x200xmirror_cat.jpg.pagespeed.ic.GOZSv6v1_H.jpg -O default.jpg
-/*
-func TestHttp(t *testing.T) {
-	http.Handle("/", avatar.CacheServer("./", "default.jpg"))
-	http.ListenAndServe(":8001", nil)
-}
-*/
-
-func TestLogTrace(t *testing.T) {
-	log.Trace("%v", errors.New("console log test"))
+		Convey("Try to generate an image with size zero", func() {
+			_, err := RandomImageSize(0, []byte("gogs@local"))
+			So(err, ShouldNotBeNil)
+		})
+	})
 }
--- a/modules/base/base.go
+++ b/modules/base/base.go
@@ -8,11 +8,4 @@ const DOC_URL = "https://github.com/gogits/go-gogs-client/wiki"

 type (
 	TplName string
-
-	ApiJsonErr struct {
-		Message string `json:"message"`
-		DocUrl  string `json:"url"`
-	}
 )
-
-var GoGetMetas = make(map[string]bool)
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -1,262 +0,0 @@
-// Copyright 2014 The Gogs Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package base
-
-import (
-	"bytes"
-	"fmt"
-	"io"
-	"net/http"
-	"path"
-	"path/filepath"
-	"regexp"
-	"strings"
-
-	"github.com/russross/blackfriday"
-	"golang.org/x/net/html"
-
-	"github.com/gogits/gogs/modules/setting"
-)
-
-func isletter(c byte) bool {
-	return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z')
-}
-
-func isalnum(c byte) bool {
-	return (c >= '0' && c <= '9') || isletter(c)
-}
-
-var validLinks = [][]byte{[]byte("http://"), []byte("https://"), []byte("ftp://"), []byte("mailto://")}
-
-func isLink(link []byte) bool {
-	for _, prefix := range validLinks {
-		if len(link) > len(prefix) && bytes.Equal(bytes.ToLower(link[:len(prefix)]), prefix) && isalnum(link[len(prefix)]) {
-			return true
-		}
-	}
-
-	return false
-}
-
-func IsMarkdownFile(name string) bool {
-	name = strings.ToLower(name)
-	switch filepath.Ext(name) {
-	case ".md", ".markdown", ".mdown", ".mkd":
-		return true
-	}
-	return false
-}
-
-func IsTextFile(data []byte) (string, bool) {
-	contentType := http.DetectContentType(data)
-	if strings.Index(contentType, "text/") != -1 {
-		return contentType, true
-	}
-	return contentType, false
-}
-
-func IsImageFile(data []byte) (string, bool) {
-	contentType := http.DetectContentType(data)
-	if strings.Index(contentType, "image/") != -1 {
-		return contentType, true
-	}
-	return contentType, false
-}
-
-// IsReadmeFile returns true if given file name suppose to be a README file.
-func IsReadmeFile(name string) bool {
-	name = strings.ToLower(name)
-	if len(name) < 6 {
-		return false
-	} else if len(name) == 6 {
-		if name == "readme" {
-			return true
-		}
-		return false
-	}
-	if name[:7] == "readme." {
-		return true
-	}
-	return false
-}
-
-type CustomRender struct {
-	blackfriday.Renderer
-	urlPrefix string
-}
-
-func (options *CustomRender) Link(out *bytes.Buffer, link []byte, title []byte, content []byte) {
-	if len(link) > 0 && !isLink(link) {
-		if link[0] == '#' {
-			// link = append([]byte(options.urlPrefix), link...)
-		} else {
-			link = []byte(path.Join(options.urlPrefix, string(link)))
-		}
-	}
-
-	options.Renderer.Link(out, link, title, content)
-}
-
-func (options *CustomRender) Image(out *bytes.Buffer, link []byte, title []byte, alt []byte) {
-	if len(link) > 0 && !isLink(link) {
-		link = []byte(path.Join(strings.Replace(options.urlPrefix, "/src/", "/raw/", 1), string(link)))
-	}
-
-	options.Renderer.Image(out, link, title, alt)
-}
-
-var (
-	MentionPattern     = regexp.MustCompile(`(\s|^)@[0-9a-zA-Z_\.]+`)
-	commitPattern      = regexp.MustCompile(`(\s|^)https?.*commit/[0-9a-zA-Z]+(#+[0-9a-zA-Z-]*)?`)
-	issueFullPattern   = regexp.MustCompile(`(\s|^)https?.*issues/[0-9]+(#+[0-9a-zA-Z-]*)?`)
-	issueIndexPattern  = regexp.MustCompile(`( |^)#[0-9]+\b`)
-	sha1CurrentPattern = regexp.MustCompile(`\b[0-9a-f]{40}\b`)
-)
-
-func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
-	ms := MentionPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		m = bytes.TrimSpace(m)
-		rawBytes = bytes.Replace(rawBytes, m,
-			[]byte(fmt.Sprintf(`<a href="%s/%s">%s</a>`, setting.AppSubUrl, m[1:], m)), -1)
-	}
-
-	ms = commitPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		m = bytes.TrimSpace(m)
-		i := strings.Index(string(m), "commit/")
-		j := strings.Index(string(m), "#")
-		if j == -1 {
-			j = len(m)
-		}
-		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
-			` <code><a href="%s">%s</a></code>`, m, ShortSha(string(m[i+7:j])))), -1)
-	}
-	ms = issueFullPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		m = bytes.TrimSpace(m)
-		i := strings.Index(string(m), "issues/")
-		j := strings.Index(string(m), "#")
-		if j == -1 {
-			j = len(m)
-		}
-		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
-			` <a href="%s">#%s</a>`, m, ShortSha(string(m[i+7:j])))), -1)
-	}
-	rawBytes = RenderIssueIndexPattern(rawBytes, urlPrefix)
-	rawBytes = RenderSha1CurrentPattern(rawBytes, urlPrefix)
-	return rawBytes
-}
-
-func RenderSha1CurrentPattern(rawBytes []byte, urlPrefix string) []byte {
-	ms := sha1CurrentPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
-			`<a href="%s/commit/%s"><code>%s</code></a>`, urlPrefix, m, ShortSha(string(m)))), -1)
-	}
-	return rawBytes
-}
-
-func RenderIssueIndexPattern(rawBytes []byte, urlPrefix string) []byte {
-	ms := issueIndexPattern.FindAll(rawBytes, -1)
-	for _, m := range ms {
-		var space string
-		m2 := m
-		if m2[0] == ' ' {
-			space = " "
-			m2 = m2[1:]
-		}
-		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(`%s<a href="%s/issues/%s">%s</a>`,
-			space, urlPrefix, m2[1:], m2)), 1)
-	}
-	return rawBytes
-}
-
-func RenderRawMarkdown(body []byte, urlPrefix string) []byte {
-	htmlFlags := 0
-	// htmlFlags |= blackfriday.HTML_USE_XHTML
-	// htmlFlags |= blackfriday.HTML_USE_SMARTYPANTS
-	// htmlFlags |= blackfriday.HTML_SMARTYPANTS_FRACTIONS
-	// htmlFlags |= blackfriday.HTML_SMARTYPANTS_LATEX_DASHES
-	// htmlFlags |= blackfriday.HTML_SKIP_HTML
-	htmlFlags |= blackfriday.HTML_SKIP_STYLE
-	// htmlFlags |= blackfriday.HTML_SKIP_SCRIPT
-	// htmlFlags |= blackfriday.HTML_GITHUB_BLOCKCODE
-	htmlFlags |= blackfriday.HTML_OMIT_CONTENTS
-	// htmlFlags |= blackfriday.HTML_COMPLETE_PAGE
-	renderer := &CustomRender{
-		Renderer:  blackfriday.HtmlRenderer(htmlFlags, "", ""),
-		urlPrefix: urlPrefix,
-	}
-
-	// set up the parser
-	extensions := 0
-	extensions |= blackfriday.EXTENSION_NO_INTRA_EMPHASIS
-	extensions |= blackfriday.EXTENSION_TABLES
-	extensions |= blackfriday.EXTENSION_FENCED_CODE
-	extensions |= blackfriday.EXTENSION_AUTOLINK
-	extensions |= blackfriday.EXTENSION_STRIKETHROUGH
-	extensions |= blackfriday.EXTENSION_SPACE_HEADERS
-	extensions |= blackfriday.EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK
-
-	if setting.Markdown.EnableHardLineBreak {
-		extensions |= blackfriday.EXTENSION_HARD_LINE_BREAK
-	}
-
-	body = blackfriday.Markdown(body, renderer, extensions)
-	return body
-}
-
-// PostProcessMarkdown treats different types of HTML differently,
-// and only renders special links for plain text blocks.
-func PostProcessMarkdown(rawHtml []byte, urlPrefix string) []byte {
-	var buf bytes.Buffer
-	tokenizer := html.NewTokenizer(bytes.NewReader(rawHtml))
-	for html.ErrorToken != tokenizer.Next() {
-		token := tokenizer.Token()
-		switch token.Type {
-		case html.TextToken:
-			buf.Write(RenderSpecialLink([]byte(token.String()), urlPrefix))
-
-		case html.StartTagToken:
-			buf.WriteString(token.String())
-			tagName := token.Data
-			// If this is an excluded tag, we skip processing all output until a close tag is encountered.
-			if strings.EqualFold("a", tagName) || strings.EqualFold("code", tagName) || strings.EqualFold("pre", tagName) {
-				for html.ErrorToken != tokenizer.Next() {
-					token = tokenizer.Token()
-					// Copy the token to the output verbatim
-					buf.WriteString(token.String())
-					// If this is the close tag, we are done
-					if html.EndTagToken == token.Type && strings.EqualFold(tagName, token.Data) {
-						break
-					}
-				}
-			}
-
-		default:
-			buf.WriteString(token.String())
-		}
-	}
-
-	if io.EOF == tokenizer.Err() {
-		return buf.Bytes()
-	}
-
-	// If we are not at the end of the input, then some other parsing error has occurred,
-	// so return the input verbatim.
-	return rawHtml
-}
-
-func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
-	result := RenderRawMarkdown(rawBytes, urlPrefix)
-	result = PostProcessMarkdown(result, urlPrefix)
-	result = Sanitizer.SanitizeBytes(result)
-	return result
-}
-
-func RenderMarkdownString(raw, urlPrefix string) string {
-	return string(RenderMarkdown([]byte(raw), urlPrefix))
-}
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -15,22 +15,23 @@ import (
 	"hash"
 	"html/template"
 	"math"
-	"regexp"
+	"net/http"
 	"strings"
 	"time"
+	"unicode"
+	"unicode/utf8"

 	"github.com/Unknwon/com"
 	"github.com/Unknwon/i18n"
-	"github.com/microcosm-cc/bluemonday"

-	"github.com/gogits/gogs/modules/avatar"
+	"github.com/gogits/chardet"
+
+	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/setting"
 )

-var Sanitizer = bluemonday.UGCPolicy().AllowAttrs("class").Matching(regexp.MustCompile(`[\p{L}\p{N}\s\-_',:\[\]!\./\\\(\)&]*`)).OnElements("code")
-
-// Encode string to md5 hex value.
-func EncodeMd5(str string) string {
+// EncodeMD5 encodes string to md5 hex value.
+func EncodeMD5(str string) string {
 	m := md5.New()
 	m.Write([]byte(str))
 	return hex.EncodeToString(m.Sum(nil))
@@ -43,6 +44,29 @@ func EncodeSha1(str string) string {
 	return hex.EncodeToString(h.Sum(nil))
 }

+func ShortSha(sha1 string) string {
+	if len(sha1) == 40 {
+		return sha1[:10]
+	}
+	return sha1
+}
+
+func DetectEncoding(content []byte) (string, error) {
+	if utf8.Valid(content) {
+		log.Debug("Detected encoding: utf-8 (fast)")
+		return "UTF-8", nil
+	}
+
+	result, err := chardet.NewTextDetector().DetectBest(content)
+	if result.Charset != "UTF-8" && len(setting.Repository.AnsiCharset) > 0 {
+		log.Debug("Using default AnsiCharset: %s", setting.Repository.AnsiCharset)
+		return setting.Repository.AnsiCharset, err
+	}
+
+	log.Debug("Detected encoding: %s", result.Charset)
+	return result.Charset, err
+}
+
 func BasicAuthDecode(encoded string) (string, string, error) {
 	s, err := base64.StdEncoding.DecodeString(encoded)
 	if err != nil {
@@ -170,17 +194,22 @@ func CreateTimeLimitCode(data string, minutes int, startInf interface{}) string
 	return code
 }

-// AvatarLink returns avatar link by given e-mail.
+// HashEmail hashes email address to MD5 string.
+// https://en.gravatar.com/site/implement/hash/
+func HashEmail(email string) string {
+	email = strings.ToLower(strings.TrimSpace(email))
+	h := md5.New()
+	h.Write([]byte(email))
+	return hex.EncodeToString(h.Sum(nil))
+}
+
+// AvatarLink returns avatar link by given email.
 func AvatarLink(email string) string {
 	if setting.DisableGravatar || setting.OfflineMode {
 		return setting.AppSubUrl + "/img/avatar_default.jpg"
 	}

-	gravatarHash := avatar.HashEmail(email)
-	if setting.Service.EnableCacheAvatar {
-		return setting.AppSubUrl + "/avatar/" + gravatarHash
-	}
-	return setting.GravatarSource + gravatarHash
+	return setting.GravatarSource + HashEmail(email)
 }

 // Seconds-based time units
@@ -426,6 +455,15 @@ func Subtract(left interface{}, right interface{}) interface{} {
 	}
 }

+// EllipsisString returns a truncated short string,
+// it appends '...' in the end of the length of string is too large.
+func EllipsisString(str string, length int) string {
+	if len(str) < length {
+		return str
+	}
+	return str[:length-3] + "..."
+}
+
 // StringsToInt64s converts a slice of string to a slice of int64.
 func StringsToInt64s(strs []string) []int64 {
 	ints := make([]int64, len(strs))
@@ -452,3 +490,25 @@ func Int64sToMap(ints []int64) map[int64]bool {
 	}
 	return m
 }
+
+// IsLetter reports whether the rune is a letter (category L).
+// https://github.com/golang/go/blob/master/src/go/scanner/scanner.go#L257
+func IsLetter(ch rune) bool {
+	return 'a' <= ch && ch <= 'z' || 'A' <= ch && ch <= 'Z' || ch == '_' || ch >= 0x80 && unicode.IsLetter(ch)
+}
+
+func IsTextFile(data []byte) (string, bool) {
+	contentType := http.DetectContentType(data)
+	if strings.Index(contentType, "text/") != -1 {
+		return contentType, true
+	}
+	return contentType, false
+}
+
+func IsImageFile(data []byte) (string, bool) {
+	contentType := http.DetectContentType(data)
+	if strings.Index(contentType, "image/") != -1 {
+		return contentType, true
+	}
+	return contentType, false
+}
--- a/modules/bindata/bindata.go
+++ b/modules/bindata/bindata.go
--- a/modules/cron/constantdelay.go
+++ b/modules/cron/constantdelay.go
@@ -1,27 +0,0 @@
-package cron
-
-import "time"
-
-// ConstantDelaySchedule represents a simple recurring duty cycle, e.g. "Every 5 minutes".
-// It does not support jobs more frequent than once a second.
-type ConstantDelaySchedule struct {
-	Delay time.Duration
-}
-
-// Every returns a crontab Schedule that activates once every duration.
-// Delays of less than a second are not supported (will round up to 1 second).
-// Any fields less than a Second are truncated.
-func Every(duration time.Duration) ConstantDelaySchedule {
-	if duration < time.Second {
-		duration = time.Second
-	}
-	return ConstantDelaySchedule{
-		Delay: duration - time.Duration(duration.Nanoseconds())%time.Second,
-	}
-}
-
-// Next returns the next time this should be run.
-// This rounds so that the next activation time will be on the second.
-func (schedule ConstantDelaySchedule) Next(t time.Time) time.Time {
-	return t.Add(schedule.Delay - time.Duration(t.Nanosecond())*time.Nanosecond)
-}
--- a/modules/cron/constantdelay_test.go
+++ b/modules/cron/constantdelay_test.go
@@ -1,54 +0,0 @@
-package cron
-
-import (
-	"testing"
-	"time"
-)
-
-func TestConstantDelayNext(t *testing.T) {
-	tests := []struct {
-		time     string
-		delay    time.Duration
-		expected string
-	}{
-		// Simple cases
-		{"Mon Jul 9 14:45 2012", 15*time.Minute + 50*time.Nanosecond, "Mon Jul 9 15:00 2012"},
-		{"Mon Jul 9 14:59 2012", 15 * time.Minute, "Mon Jul 9 15:14 2012"},
-		{"Mon Jul 9 14:59:59 2012", 15 * time.Minute, "Mon Jul 9 15:14:59 2012"},
-
-		// Wrap around hours
-		{"Mon Jul 9 15:45 2012", 35 * time.Minute, "Mon Jul 9 16:20 2012"},
-
-		// Wrap around days
-		{"Mon Jul 9 23:46 2012", 14 * time.Minute, "Tue Jul 10 00:00 2012"},
-		{"Mon Jul 9 23:45 2012", 35 * time.Minute, "Tue Jul 10 00:20 2012"},
-		{"Mon Jul 9 23:35:51 2012", 44*time.Minute + 24*time.Second, "Tue Jul 10 00:20:15 2012"},
-		{"Mon Jul 9 23:35:51 2012", 25*time.Hour + 44*time.Minute + 24*time.Second, "Thu Jul 11 01:20:15 2012"},
-
-		// Wrap around months
-		{"Mon Jul 9 23:35 2012", 91*24*time.Hour + 25*time.Minute, "Thu Oct 9 00:00 2012"},
-
-		// Wrap around minute, hour, day, month, and year
-		{"Mon Dec 31 23:59:45 2012", 15 * time.Second, "Tue Jan 1 00:00:00 2013"},
-
-		// Round to nearest second on the delay
-		{"Mon Jul 9 14:45 2012", 15*time.Minute + 50*time.Nanosecond, "Mon Jul 9 15:00 2012"},
-
-		// Round up to 1 second if the duration is less.
-		{"Mon Jul 9 14:45:00 2012", 15 * time.Millisecond, "Mon Jul 9 14:45:01 2012"},
-
-		// Round to nearest second when calculating the next time.
-		{"Mon Jul 9 14:45:00.005 2012", 15 * time.Minute, "Mon Jul 9 15:00 2012"},
-
-		// Round to nearest second for both.
-		{"Mon Jul 9 14:45:00.005 2012", 15*time.Minute + 50*time.Nanosecond, "Mon Jul 9 15:00 2012"},
-	}
-
-	for _, c := range tests {
-		actual := Every(c.delay).Next(getTime(c.time))
-		expected := getTime(c.expected)
-		if actual != expected {
-			t.Errorf("%s, \"%s\": (expected) %v != %v (actual)", c.time, c.delay, expected, actual)
-		}
-	}
-}
--- a/modules/cron/cron.go
+++ b/modules/cron/cron.go
@@ -1,4 +1,3 @@
-// Copyright 2012 Rob Figueiredo. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
@@ -6,207 +5,59 @@
 package cron

 import (
-	"sort"
 	"time"
+
+	"github.com/gogits/cron"
+
+	"github.com/gogits/gogs/models"
+	"github.com/gogits/gogs/modules/log"
+	"github.com/gogits/gogs/modules/setting"
 )

-// Cron keeps track of any number of entries, invoking the associated func as
-// specified by the schedule. It may be started, stopped, and the entries may
-// be inspected while running.
-type Cron struct {
-	entries  []*Entry
-	stop     chan struct{}
-	add      chan *Entry
-	snapshot chan []*Entry
-	running  bool
-}
+var c = cron.New()

-// Job is an interface for submitted cron jobs.
-type Job interface {
-	Run()
-}
-
-// The Schedule describes a job's duty cycle.
-type Schedule interface {
-	// Return the next activation time, later than the given time.
-	// Next is invoked initially, and then each time the job is run.
-	Next(time.Time) time.Time
-}
-
-// Entry consists of a schedule and the func to execute on that schedule.
-type Entry struct {
-	Description string
-	Spec        string
-
-	// The schedule on which this job should be run.
-	Schedule Schedule
-
-	// The next time the job will run. This is the zero time if Cron has not been
-	// started or this entry's schedule is unsatisfiable
-	Next time.Time
-
-	// The last time this job was run. This is the zero time if the job has never
-	// been run.
-	Prev time.Time
-
-	// The Job to run.
-	Job Job
-
-	ExecTimes int // Execute times count.
-}
-
-// byTime is a wrapper for sorting the entry array by time
-// (with zero time at the end).
-type byTime []*Entry
-
-func (s byTime) Len() int      { return len(s) }
-func (s byTime) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-func (s byTime) Less(i, j int) bool {
-	// Two zero times should return false.
-	// Otherwise, zero is "greater" than any other time.
-	// (To sort it at the end of the list.)
-	if s[i].Next.IsZero() {
-		return false
-	}
-	if s[j].Next.IsZero() {
-		return true
-	}
-	return s[i].Next.Before(s[j].Next)
-}
-
-// New returns a new Cron job runner.
-func New() *Cron {
-	return &Cron{
-		entries:  nil,
-		add:      make(chan *Entry),
-		stop:     make(chan struct{}),
-		snapshot: make(chan []*Entry),
-		running:  false,
-	}
-}
-
-// A wrapper that turns a func() into a cron.Job
-type FuncJob func()
-
-func (f FuncJob) Run() { f() }
-
-// AddFunc adds a func to the Cron to be run on the given schedule.
-func (c *Cron) AddFunc(desc, spec string, cmd func()) (*Entry, error) {
-	return c.AddJob(desc, spec, FuncJob(cmd))
-}
-
-// AddFunc adds a Job to the Cron to be run on the given schedule.
-func (c *Cron) AddJob(desc, spec string, cmd Job) (*Entry, error) {
-	schedule, err := Parse(spec)
-	if err != nil {
-		return nil, err
-	}
-	return c.Schedule(desc, spec, schedule, cmd), nil
-}
-
-// Schedule adds a Job to the Cron to be run on the given schedule.
-func (c *Cron) Schedule(desc, spec string, schedule Schedule, cmd Job) *Entry {
-	entry := &Entry{
-		Description: desc,
-		Spec:        spec,
-		Schedule:    schedule,
-		Job:         cmd,
-	}
-	if c.running {
-		c.add <- entry
-	} else {
-		c.entries = append(c.entries, entry)
-	}
-	return entry
-}
-
-// Entries returns a snapshot of the cron entries.
-func (c *Cron) Entries() []*Entry {
-	if c.running {
-		c.snapshot <- nil
-		x := <-c.snapshot
-		return x
-	}
-	return c.entrySnapshot()
-}
-
-// Start the cron scheduler in its own go-routine.
-func (c *Cron) Start() {
-	c.running = true
-	go c.run()
-}
-
-// Run the scheduler.. this is private just due to the need to synchronize
-// access to the 'running' state variable.
-func (c *Cron) run() {
-	// Figure out the next activation times for each entry.
-	now := time.Now().Local()
-	for _, entry := range c.entries {
-		entry.Next = entry.Schedule.Next(now)
-	}
-
-	for {
-		// Determine the next entry to run.
-		sort.Sort(byTime(c.entries))
-
-		var effective time.Time
-		if len(c.entries) == 0 || c.entries[0].Next.IsZero() {
-			// If there are no entries yet, just sleep - it still handles new entries
-			// and stop requests.
-			effective = now.AddDate(10, 0, 0)
-		} else {
-			effective = c.entries[0].Next
+func NewContext() {
+	var (
+		entry *cron.Entry
+		err   error
+	)
+	if setting.Cron.UpdateMirror.Enabled {
+		entry, err = c.AddFunc("Update mirrors", setting.Cron.UpdateMirror.Schedule, models.MirrorUpdate)
+		if err != nil {
+			log.Fatal(4, "Cron[Update mirrors]: %v", err)
 		}
-
-		select {
-		case now = <-time.After(effective.Sub(now)):
-			// Run every entry whose next time was this effective time.
-			for _, e := range c.entries {
-				if e.Next != effective {
-					break
-				}
-				go e.Job.Run()
-				e.ExecTimes++
-				e.Prev = e.Next
-				e.Next = e.Schedule.Next(effective)
-			}
-			continue
-
-		case newEntry := <-c.add:
-			c.entries = append(c.entries, newEntry)
-			newEntry.Next = newEntry.Schedule.Next(now)
-
-		case <-c.snapshot:
-			c.snapshot <- c.entrySnapshot()
-
-		case <-c.stop:
-			return
+		if setting.Cron.UpdateMirror.RunAtStart {
+			entry.Prev = time.Now()
+			entry.ExecTimes++
+			go models.MirrorUpdate()
 		}
-
-		// 'now' should be updated after newEntry and snapshot cases.
-		now = time.Now().Local()
 	}
-}
-
-// Stop the cron scheduler.
-func (c *Cron) Stop() {
-	c.stop <- struct{}{}
-	c.running = false
-}
-
-// entrySnapshot returns a copy of the current cron entry list.
-func (c *Cron) entrySnapshot() []*Entry {
-	entries := make([]*Entry, 0, len(c.entries))
-	for _, e := range c.entries {
-		entries = append(entries, &Entry{
-			Description: e.Description,
-			Spec:        e.Spec,
-			Schedule:    e.Schedule,
-			Next:        e.Next,
-			Prev:        e.Prev,
-			Job:         e.Job,
-			ExecTimes:   e.ExecTimes,
-		})
+	if setting.Cron.RepoHealthCheck.Enabled {
+		entry, err = c.AddFunc("Repository health check", setting.Cron.RepoHealthCheck.Schedule, models.GitFsck)
+		if err != nil {
+			log.Fatal(4, "Cron[Repository health check]: %v", err)
+		}
+		if setting.Cron.RepoHealthCheck.RunAtStart {
+			entry.Prev = time.Now()
+			entry.ExecTimes++
+			go models.GitFsck()
+		}
 	}
-	return entries
+	if setting.Cron.CheckRepoStats.Enabled {
+		entry, err = c.AddFunc("Check repository statistics", setting.Cron.CheckRepoStats.Schedule, models.CheckRepoStats)
+		if err != nil {
+			log.Fatal(4, "Cron[Check repository statistics]: %v", err)
+		}
+		if setting.Cron.CheckRepoStats.RunAtStart {
+			entry.Prev = time.Now()
+			entry.ExecTimes++
+			go models.CheckRepoStats()
+		}
+	}
+	c.Start()
+}
+
+// ListTasks returns all running cron tasks.
+func ListTasks() []*cron.Entry {
+	return c.Entries()
 }
--- a/Show More
+++ b/Show More