From e41ab839c7dbbdffc60a4e02775f24add9d126d9 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Fri, 4 Apr 2014 18:55:17 -0400
Subject: [PATCH 01/24] Use session for rolling back

---
 gogs.go          |  2 +-
 models/access.go | 11 +++++++++++
 models/repo.go   | 43 ++++++++++++++++++++++++++++++++++++-------
 models/user.go   | 18 +++++++++++++++---
 4 files changed, 63 insertions(+), 11 deletions(-)

diff --git a/gogs.go b/gogs.go
index 034e131bc..8d9159d6a 100644
--- a/gogs.go
+++ b/gogs.go
@@ -19,7 +19,7 @@ import (
 // Test that go1.2 tag above is included in builds. main.go refers to this definition.
 const go12tag = true
 
-const APP_VER = "0.2.0.0403 Alpha"
+const APP_VER = "0.2.0.0404 Alpha"
 
 func init() {
 	base.AppVer = APP_VER
diff --git a/models/access.go b/models/access.go
index 83261575e..2c0900151 100644
--- a/models/access.go
+++ b/models/access.go
@@ -7,6 +7,8 @@ package models
 import (
 	"strings"
 	"time"
+
+	"github.com/lunny/xorm"
 )
 
 // Access types.
@@ -40,6 +42,15 @@ func UpdateAccess(access *Access) error {
 	return err
 }
 
+// UpdateAccess updates access information with session for rolling back.
+func UpdateAccessWithSession(sess *xorm.Session, access *Access) error {
+	if _, err := sess.Id(access.Id).Update(access); err != nil {
+		sess.Rollback()
+		return err
+	}
+	return nil
+}
+
 // HasAccess returns true if someone can read or write to given repository.
 func HasAccess(userName, repoName string, mode int) (bool, error) {
 	return orm.Get(&Access{
diff --git a/models/repo.go b/models/repo.go
index e8ebce925..acee6f6af 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -381,45 +381,62 @@ func TransferOwnership(user *User, newOwner string, repo *Repository) (err error
 	if err = orm.Find(&accesses, &Access{RepoName: user.LowerName + "/" + repo.LowerName}); err != nil {
 		return err
 	}
+
+	sess := orm.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	for i := range accesses {
 		accesses[i].RepoName = newUser.LowerName + "/" + repo.LowerName
 		if accesses[i].UserName == user.LowerName {
 			accesses[i].UserName = newUser.LowerName
 		}
-		if err = UpdateAccess(&accesses[i]); err != nil {
+		if err = UpdateAccessWithSession(sess, &accesses[i]); err != nil {
 			return err
 		}
 	}
 
 	// Update repository.
 	repo.OwnerId = newUser.Id
-	if _, err := orm.Id(repo.Id).Update(repo); err != nil {
+	if _, err := sess.Id(repo.Id).Update(repo); err != nil {
+		sess.Rollback()
 		return err
 	}
 
 	// Update user repository number.
 	rawSql := "UPDATE `user` SET num_repos = num_repos + 1 WHERE id = ?"
-	if _, err = orm.Exec(rawSql, newUser.Id); err != nil {
+	if _, err = sess.Exec(rawSql, newUser.Id); err != nil {
+		sess.Rollback()
 		return err
 	}
 	rawSql = "UPDATE `user` SET num_repos = num_repos - 1 WHERE id = ?"
-	if _, err = orm.Exec(rawSql, user.Id); err != nil {
+	if _, err = sess.Exec(rawSql, user.Id); err != nil {
+		sess.Rollback()
 		return err
 	}
 
 	// Add watch of new owner to repository.
 	if !IsWatching(newUser.Id, repo.Id) {
 		if err = WatchRepo(newUser.Id, repo.Id, true); err != nil {
+			sess.Rollback()
 			return err
 		}
 	}
 
 	if err = TransferRepoAction(user, newUser, repo); err != nil {
+		sess.Rollback()
 		return err
 	}
 
 	// Change repository directory name.
-	return os.Rename(RepoPath(user.Name, repo.Name), RepoPath(newUser.Name, repo.Name))
+	if err = os.Rename(RepoPath(user.Name, repo.Name), RepoPath(newUser.Name, repo.Name)); err != nil {
+		sess.Rollback()
+		return err
+	}
+
+	return sess.Commit()
 }
 
 // ChangeRepositoryName changes all corresponding setting from old repository name to new one.
@@ -429,15 +446,27 @@ func ChangeRepositoryName(userName, oldRepoName, newRepoName string) (err error)
 	if err = orm.Find(&accesses, &Access{RepoName: strings.ToLower(userName + "/" + oldRepoName)}); err != nil {
 		return err
 	}
+
+	sess := orm.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	for i := range accesses {
 		accesses[i].RepoName = userName + "/" + newRepoName
-		if err = UpdateAccess(&accesses[i]); err != nil {
+		if err = UpdateAccessWithSession(sess, &accesses[i]); err != nil {
 			return err
 		}
 	}
 
 	// Change repository directory name.
-	return os.Rename(RepoPath(userName, oldRepoName), RepoPath(userName, newRepoName))
+	if err = os.Rename(RepoPath(userName, oldRepoName), RepoPath(userName, newRepoName)); err != nil {
+		sess.Rollback()
+		return err
+	}
+
+	return sess.Commit()
 }
 
 func UpdateRepository(repo *Repository) error {
diff --git a/models/user.go b/models/user.go
index 2641a15ff..1ec3b2952 100644
--- a/models/user.go
+++ b/models/user.go
@@ -218,11 +218,18 @@ func ChangeUserName(user *User, newUserName string) (err error) {
 	if err = orm.Find(&accesses, &Access{UserName: user.LowerName}); err != nil {
 		return err
 	}
+
+	sess := orm.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	for i := range accesses {
 		accesses[i].UserName = newUserName
 		if strings.HasPrefix(accesses[i].RepoName, user.LowerName+"/") {
 			accesses[i].RepoName = strings.Replace(accesses[i].RepoName, user.LowerName, newUserName, 1)
-			if err = UpdateAccess(&accesses[i]); err != nil {
+			if err = UpdateAccessWithSession(sess, &accesses[i]); err != nil {
 				return err
 			}
 		}
@@ -241,14 +248,19 @@ func ChangeUserName(user *User, newUserName string) (err error) {
 
 		for j := range accesses {
 			accesses[j].RepoName = newUserName + "/" + repos[i].LowerName
-			if err = UpdateAccess(&accesses[j]); err != nil {
+			if err = UpdateAccessWithSession(sess, &accesses[j]); err != nil {
 				return err
 			}
 		}
 	}
 
 	// Change user directory name.
-	return os.Rename(UserPath(user.LowerName), UserPath(newUserName))
+	if err = os.Rename(UserPath(user.LowerName), UserPath(newUserName)); err != nil {
+		sess.Rollback()
+		return err
+	}
+
+	return sess.Commit()
 }
 
 // UpdateUser updates user's information.

From 493b0c5ac212a28f46938cf8dfb2efb79f658548 Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sat, 5 Apr 2014 15:17:57 +0800
Subject: [PATCH 02/24] add ssl support for web

---
 conf/app.ini              |  5 +-
 routers/repo/repo.go      | 96 ++++++++++++++++++++++++++++++++++++++-
 templates/status/401.tmpl |  6 +++
 web.go                    | 18 ++++++--
 4 files changed, 118 insertions(+), 7 deletions(-)
 create mode 100644 templates/status/401.tmpl

diff --git a/conf/app.ini b/conf/app.ini
index abc27c39c..f88c750e0 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -12,10 +12,13 @@ LANG_IGNS = Google Go|C|C++|Python|Ruby|C Sharp
 LICENSES = Apache v2 License|GPL v2|MIT License|Affero GPL|Artistic License 2.0|BSD (3-Clause) License
 
 [server]
+PROTOCOL = http
 DOMAIN = localhost
-ROOT_URL = http://%(DOMAIN)s:%(HTTP_PORT)s/
+ROOT_URL = %(PROTOCOL)://%(DOMAIN)s:%(HTTP_PORT)s/
 HTTP_ADDR = 
 HTTP_PORT = 3000
+CERT_FILE = cert.pem
+KEY_FILE = key.pem
 
 [database]
 ; Either "mysql", "postgres" or "sqlite3"(binary release only), it's your choice
diff --git a/routers/repo/repo.go b/routers/repo/repo.go
index ae51c5513..cb7febd21 100644
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@@ -5,6 +5,8 @@
 package repo
 
 import (
+	"encoding/base64"
+	"errors"
 	"fmt"
 	"path"
 	"path/filepath"
@@ -237,15 +239,105 @@ func SingleDownload(ctx *middleware.Context, params martini.Params) {
 	ctx.Res.Write(data)
 }
 
-func Http(ctx *middleware.Context, params martini.Params) {
-	// TODO: access check
+func basicEncode(username, password string) string {
+	auth := username + ":" + password
+	return base64.StdEncoding.EncodeToString([]byte(auth))
+}
 
+func basicDecode(encoded string) (user string, name string, err error) {
+	var s []byte
+	s, err = base64.StdEncoding.DecodeString(encoded)
+	if err != nil {
+		return
+	}
+
+	a := strings.Split(string(s), ":")
+	if len(a) == 2 {
+		user, name = a[0], a[1]
+	} else {
+		err = errors.New("decode failed")
+	}
+	return
+}
+
+func authRequired(ctx *middleware.Context) {
+	ctx.ResponseWriter.Header().Set("WWW-Authenticate", `Basic realm="Gogs Auth"`)
+	ctx.Data["ErrorMsg"] = "no basic auth and digit auth"
+	ctx.HTML(401, fmt.Sprintf("status/401"))
+}
+
+func Http(ctx *middleware.Context, params martini.Params) {
 	username := params["username"]
 	reponame := params["reponame"]
 	if strings.HasSuffix(reponame, ".git") {
 		reponame = reponame[:len(reponame)-4]
 	}
 
+	repoUser, err := models.GetUserByName(username)
+	if err != nil {
+		ctx.Handle(500, "repo.GetUserByName", nil)
+		return
+	}
+
+	repo, err := models.GetRepositoryByName(repoUser.Id, reponame)
+	if err != nil {
+		ctx.Handle(500, "repo.GetRepositoryByName", nil)
+		return
+	}
+
+	isPull := webdav.IsPullMethod(ctx.Req.Method)
+	var askAuth = !(!repo.IsPrivate && isPull)
+
+	//authRequired(ctx)
+	//return
+
+	// check access
+	if askAuth {
+		// check digit auth
+
+		// check basic auth
+		baHead := ctx.Req.Header.Get("Authorization")
+		if baHead != "" {
+			auths := strings.Fields(baHead)
+			if len(auths) != 2 || auths[0] != "Basic" {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+			authUsername, passwd, err := basicDecode(auths[1])
+			if err != nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+
+			authUser, err := models.GetUserByName(authUsername)
+			if err != nil {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+
+			newUser := &models.User{Passwd: passwd}
+			newUser.EncodePasswd()
+			if authUser.Passwd != newUser.Passwd {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+
+			var tp = models.AU_WRITABLE
+			if isPull {
+				tp = models.AU_READABLE
+			}
+
+			has, err := models.HasAccess(authUsername, username+"/"+reponame, tp)
+			if err != nil || !has {
+				ctx.Handle(401, "no basic auth and digit auth", nil)
+				return
+			}
+		} else {
+			authRequired(ctx)
+			return
+		}
+	}
+
 	prefix := path.Join("/", username, params["reponame"])
 	server := webdav.NewServer(
 		models.RepoPath(username, reponame),
diff --git a/templates/status/401.tmpl b/templates/status/401.tmpl
new file mode 100644
index 000000000..98995381a
--- /dev/null
+++ b/templates/status/401.tmpl
@@ -0,0 +1,6 @@
+{{template "base/head" .}}
+{{template "base/navbar" .}}
+<div class="container">
+	401 Unauthorized
+</div>
+{{template "base/footer" .}}
\ No newline at end of file
diff --git a/web.go b/web.go
index 5fc3350f1..18e48b84d 100644
--- a/web.go
+++ b/web.go
@@ -169,12 +169,22 @@ func runWeb(*cli.Context) {
 	// Not found handler.
 	m.NotFound(routers.NotFound)
 
+	protocol := base.Cfg.MustValue("server", "PROTOCOL", "http")
 	listenAddr := fmt.Sprintf("%s:%s",
 		base.Cfg.MustValue("server", "HTTP_ADDR"),
 		base.Cfg.MustValue("server", "HTTP_PORT", "3000"))
-	log.Info("Listen: %s", listenAddr)
-	if err := http.ListenAndServe(listenAddr, m); err != nil {
-		fmt.Println(err.Error())
-		//log.Critical(err.Error()) // not working now
+
+	if protocol == "http" {
+		log.Info("Listen: http://%s", listenAddr)
+		if err := http.ListenAndServe(listenAddr, m); err != nil {
+			fmt.Println(err.Error())
+			//log.Critical(err.Error()) // not working now
+		}
+	} else if protocol == "https" {
+		log.Info("Listen: https://%s", listenAddr)
+		if err := http.ListenAndServeTLS(listenAddr, base.Cfg.MustValue("server", "CERT_FILE"),
+			base.Cfg.MustValue("server", "KEY_FILE"), m); err != nil {
+			fmt.Println(err.Error())
+		}
 	}
 }

From 9791e70da67091d244728070b80ee92c98d6aa8b Mon Sep 17 00:00:00 2001
From: Lunny Xiao <xiaolunwen@gmail.com>
Date: Sat, 5 Apr 2014 22:24:10 +0800
Subject: [PATCH 03/24] bug fixed

---
 models/publickey.go  |  4 +--
 routers/repo/repo.go | 76 +++++++++++++++++++++++---------------------
 2 files changed, 41 insertions(+), 39 deletions(-)

diff --git a/models/publickey.go b/models/publickey.go
index 42d2523b5..426e6b0be 100644
--- a/models/publickey.go
+++ b/models/publickey.go
@@ -77,8 +77,8 @@ func init() {
 // PublicKey represents a SSH key of user.
 type PublicKey struct {
 	Id          int64
-	OwnerId     int64  `xorm:" index not null"`
-	Name        string `xorm:" not null"` //UNIQUE(s)
+	OwnerId     int64  `xorm:"unique(s) index not null"`
+	Name        string `xorm:"unique(s) not null"` //UNIQUE(s)
 	Fingerprint string
 	Content     string    `xorm:"TEXT not null"`
 	Created     time.Time `xorm:"created"`
diff --git a/routers/repo/repo.go b/routers/repo/repo.go
index b6a5d1780..d223600c5 100644
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@@ -261,7 +261,7 @@ func basicDecode(encoded string) (user string, name string, err error) {
 }
 
 func authRequired(ctx *middleware.Context) {
-	ctx.ResponseWriter.Header().Set("WWW-Authenticate", `Basic realm="Gogs Auth"`)
+	ctx.ResponseWriter.Header().Set("WWW-Authenticate", "Basic realm=\".\"")
 	ctx.Data["ErrorMsg"] = "no basic auth and digit auth"
 	ctx.HTML(401, fmt.Sprintf("status/401"))
 }
@@ -273,6 +273,8 @@ func Http(ctx *middleware.Context, params martini.Params) {
 		reponame = reponame[:len(reponame)-4]
 	}
 
+	//fmt.Println("req:", ctx.Req.Header)
+
 	repoUser, err := models.GetUserByName(username)
 	if err != nil {
 		ctx.Handle(500, "repo.GetUserByName", nil)
@@ -297,45 +299,45 @@ func Http(ctx *middleware.Context, params martini.Params) {
 
 		// check basic auth
 		baHead := ctx.Req.Header.Get("Authorization")
-		if baHead != "" {
-			auths := strings.Fields(baHead)
-			if len(auths) != 2 || auths[0] != "Basic" {
-				ctx.Handle(401, "no basic auth and digit auth", nil)
-				return
-			}
-			authUsername, passwd, err := basicDecode(auths[1])
-			if err != nil {
-				ctx.Handle(401, "no basic auth and digit auth", nil)
-				return
-			}
-
-			authUser, err := models.GetUserByName(authUsername)
-			if err != nil {
-				ctx.Handle(401, "no basic auth and digit auth", nil)
-				return
-			}
-
-			newUser := &models.User{Passwd: passwd}
-			newUser.EncodePasswd()
-			if authUser.Passwd != newUser.Passwd {
-				ctx.Handle(401, "no basic auth and digit auth", nil)
-				return
-			}
-
-			var tp = models.AU_WRITABLE
-			if isPull {
-				tp = models.AU_READABLE
-			}
-
-			has, err := models.HasAccess(authUsername, username+"/"+reponame, tp)
-			if err != nil || !has {
-				ctx.Handle(401, "no basic auth and digit auth", nil)
-				return
-			}
-		} else {
+		if baHead == "" {
 			authRequired(ctx)
 			return
 		}
+
+		auths := strings.Fields(baHead)
+		if len(auths) != 2 || auths[0] != "Basic" {
+			ctx.Handle(401, "no basic auth and digit auth", nil)
+			return
+		}
+		authUsername, passwd, err := basicDecode(auths[1])
+		if err != nil {
+			ctx.Handle(401, "no basic auth and digit auth", nil)
+			return
+		}
+
+		authUser, err := models.GetUserByName(authUsername)
+		if err != nil {
+			ctx.Handle(401, "no basic auth and digit auth", nil)
+			return
+		}
+
+		newUser := &models.User{Passwd: passwd}
+		newUser.EncodePasswd()
+		if authUser.Passwd != newUser.Passwd {
+			ctx.Handle(401, "no basic auth and digit auth", nil)
+			return
+		}
+
+		var tp = models.AU_WRITABLE
+		if isPull {
+			tp = models.AU_READABLE
+		}
+
+		has, err := models.HasAccess(authUsername, username+"/"+reponame, tp)
+		if err != nil || !has {
+			ctx.Handle(401, "no basic auth and digit auth", nil)
+			return
+		}
 	}
 
 	dir := models.RepoPath(username, reponame)

From ce350a737a63aeb4e2ca5924adf28862a6a6cfb1 Mon Sep 17 00:00:00 2001
From: skyblue <ssx205@gmail.com>
Date: Sat, 5 Apr 2014 22:46:32 +0800
Subject: [PATCH 04/24] update models, add licence in start.sh

---
 models/models.go | 17 +++++++++++------
 start.sh         |  4 ++++
 2 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/models/models.go b/models/models.go
index 384f1fc42..0dc4d51e7 100644
--- a/models/models.go
+++ b/models/models.go
@@ -18,7 +18,9 @@ import (
 )
 
 var (
-	orm       *xorm.Engine
+	orm    *xorm.Engine
+	tables []interface{}
+
 	HasEngine bool
 
 	DbCfg struct {
@@ -28,6 +30,11 @@ var (
 	UseSQLite3 bool
 )
 
+func init() {
+	tables = append(tables, new(User), new(PublicKey), new(Repository), new(Watch),
+		new(Action), new(Access), new(Issue), new(Comment))
+}
+
 func LoadModelsConfig() {
 	DbCfg.Type = base.Cfg.MustValue("database", "DB_TYPE")
 	if DbCfg.Type == "sqlite3" {
@@ -58,9 +65,7 @@ func NewTestEngine(x *xorm.Engine) (err error) {
 	if err != nil {
 		return fmt.Errorf("models.init(fail to conntect database): %v\n", err)
 	}
-
-	return x.Sync(new(User), new(PublicKey), new(Repository), new(Watch),
-		new(Action), new(Access), new(Issue), new(Comment))
+	return x.Sync(tables...)
 }
 
 func SetEngine() (err error) {
@@ -102,8 +107,8 @@ func SetEngine() (err error) {
 func NewEngine() (err error) {
 	if err = SetEngine(); err != nil {
 		return err
-	} else if err = orm.Sync(new(User), new(PublicKey), new(Repository), new(Watch),
-		new(Action), new(Access), new(Issue), new(Comment)); err != nil {
+	}
+	if err = orm.Sync(tables...); err != nil {
 		return fmt.Errorf("sync database struct error: %v\n", err)
 	}
 	return nil
diff --git a/start.sh b/start.sh
index 331d340cd..b0c9af505 100755
--- a/start.sh
+++ b/start.sh
@@ -1,5 +1,9 @@
 #!/bin/bash -
 #
+# Copyright 2014 The Gogs Authors. All rights reserved.
+# Use of this source code is governed by a MIT-style
+# license that can be found in the LICENSE file.
+#
 # start gogs web
 #
 cd "$(dirname $0)"

From 3ebc9b991a70e10c4b2c6319c1ff6195c0d75a17 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sat, 5 Apr 2014 11:22:14 -0400
Subject: [PATCH 05/24] Use gogits/session for oauth2

---
 .gopmfile                | 42 +++++++++++++--------------
 README.md                |  4 +--
 README_ZH.md             |  4 +--
 gogs.go                  |  2 +-
 models/publickey.go      |  2 +-
 modules/oauth2/oauth2.go | 61 +++++++++++++++++++++-------------------
 routers/install.go       |  1 +
 web.go                   | 23 +++++++--------
 8 files changed, 69 insertions(+), 70 deletions(-)

diff --git a/.gopmfile b/.gopmfile
index ae92d45e3..d3f0b3ca3 100644
--- a/.gopmfile
+++ b/.gopmfile
@@ -1,28 +1,26 @@
 [target]
-path=github.com/gogits/gogs
+path = github.com/gogits/gogs
 
 [deps]
-github.com/codegangsta/cli=
-github.com/go-martini/martini=
-github.com/Unknwon/com=
-github.com/Unknwon/cae=
-github.com/Unknwon/goconfig=
-github.com/dchest/scrypt=
-github.com/nfnt/resize=
-github.com/lunny/xorm=
-github.com/go-sql-driver/mysql=
-github.com/lib/pq=
-github.com/gogits/logs=
-github.com/gogits/binding=
-github.com/gogits/git=
-github.com/gogits/gfm=
-github.com/gogits/cache=
-github.com/gogits/session=
-github.com/gogits/webdav=
-github.com/martini-contrib/oauth2=
-github.com/martini-contrib/sessions=
-code.google.com/p/goauth2=
+github.com/codegangsta/cli = 
+github.com/go-martini/martini = 
+github.com/Unknwon/com = 
+github.com/Unknwon/cae = 
+github.com/Unknwon/goconfig = 
+github.com/dchest/scrypt = 
+github.com/nfnt/resize = 
+github.com/lunny/xorm = 
+github.com/go-sql-driver/mysql = 
+github.com/lib/pq = 
+github.com/gogits/logs = 
+github.com/gogits/binding = 
+github.com/gogits/git = 
+github.com/gogits/gfm = 
+github.com/gogits/cache = 
+github.com/gogits/session = 
+github.com/gogits/webdav = 
+code.google.com/p/goauth2 = 
 
 [res]
-include=templates|public|conf
+include = templates|public|conf
 
diff --git a/README.md b/README.md
index 6061f5a71..ede1894ad 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ Gogs(Go Git Service) is a Self Hosted Git Service in the Go Programming Language
 
 ![Demo](http://gowalker.org/public/gogs_demo.gif)
 
-##### Current version: 0.2.0 Alpha
+##### Current version: 0.2.1 Alpha
 
 #### Due to testing purpose, data of [try.gogits.org](http://try.gogits.org) has been reset in March 29, 2014 and will reset multiple times after. Please do NOT put your important data on the site.
 
@@ -31,7 +31,7 @@ More importantly, Gogs only needs one binary to setup your own project hosting o
 - Activity timeline
 - SSH/HTTPS(Clone only) protocol support.
 - Register/delete/rename account.
-- Create/delete/watch/rename public repository.
+- Create/delete/watch/rename/transfer public repository.
 - Repository viewer.
 - Issue tracker.
 - Gravatar and cache support.
diff --git a/README_ZH.md b/README_ZH.md
index e66f607a1..9b5e46413 100644
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -5,7 +5,7 @@ Gogs(Go Git Service) 是一个由 Go 语言编写的自助 Git 托管服务。
 
 ![Demo](http://gowalker.org/public/gogs_demo.gif)
 
-##### 当前版本：0.2.0 Alpha
+##### 当前版本：0.2.1 Alpha
 
 ## 开发目的
 
@@ -25,7 +25,7 @@ Gogs 完全使用 Go 语言来实现对 Git 数据的操作，实现 **零** 依
 - 活动时间线
 - SSH/HTTPS（仅限 Clone） 协议支持
 - 注册/删除/重命名用户
-- 创建/删除/关注/重命名公开仓库
+- 创建/删除/关注/重命名/转移公开仓库
 - 仓库浏览器
 - Bug 追踪系统
 - Gravatar 以及缓存支持
diff --git a/gogs.go b/gogs.go
index 8d9159d6a..13b9d377d 100644
--- a/gogs.go
+++ b/gogs.go
@@ -19,7 +19,7 @@ import (
 // Test that go1.2 tag above is included in builds. main.go refers to this definition.
 const go12tag = true
 
-const APP_VER = "0.2.0.0404 Alpha"
+const APP_VER = "0.2.1.0405 Alpha"
 
 func init() {
 	base.AppVer = APP_VER
diff --git a/models/publickey.go b/models/publickey.go
index 426e6b0be..ed47ff209 100644
--- a/models/publickey.go
+++ b/models/publickey.go
@@ -78,7 +78,7 @@ func init() {
 type PublicKey struct {
 	Id          int64
 	OwnerId     int64  `xorm:"unique(s) index not null"`
-	Name        string `xorm:"unique(s) not null"` //UNIQUE(s)
+	Name        string `xorm:"unique(s) not null"`
 	Fingerprint string
 	Content     string    `xorm:"TEXT not null"`
 	Created     time.Time `xorm:"created"`
diff --git a/modules/oauth2/oauth2.go b/modules/oauth2/oauth2.go
index 088d65dda..6612b95a8 100644
--- a/modules/oauth2/oauth2.go
+++ b/modules/oauth2/oauth2.go
@@ -26,7 +26,10 @@ import (
 
 	"code.google.com/p/goauth2/oauth"
 	"github.com/go-martini/martini"
-	"github.com/martini-contrib/sessions"
+
+	"github.com/gogits/session"
+
+	"github.com/gogits/gogs/modules/middleware"
 )
 
 const (
@@ -142,23 +145,23 @@ func NewOAuth2Provider(opts *Options) martini.Handler {
 		Transport: http.DefaultTransport,
 	}
 
-	return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) {
-		if r.Method == "GET" {
-			switch r.URL.Path {
+	return func(c martini.Context, ctx *middleware.Context) {
+		if ctx.Req.Method == "GET" {
+			switch ctx.Req.URL.Path {
 			case PathLogin:
-				login(transport, s, w, r)
+				login(transport, ctx)
 			case PathLogout:
-				logout(transport, s, w, r)
+				logout(transport, ctx)
 			case PathCallback:
-				handleOAuth2Callback(transport, s, w, r)
+				handleOAuth2Callback(transport, ctx)
 			}
 		}
 
-		tk := unmarshallToken(s)
+		tk := unmarshallToken(ctx.Session)
 		if tk != nil {
 			// check if the access token is expired
 			if tk.IsExpired() && tk.Refresh() == "" {
-				s.Delete(keyToken)
+				ctx.Session.Delete(keyToken)
 				tk = nil
 			}
 		}
@@ -172,49 +175,49 @@ func NewOAuth2Provider(opts *Options) martini.Handler {
 // Sample usage:
 // m.Get("/login-required", oauth2.LoginRequired, func() ... {})
 var LoginRequired martini.Handler = func() martini.Handler {
-	return func(s sessions.Session, c martini.Context, w http.ResponseWriter, r *http.Request) {
-		token := unmarshallToken(s)
+	return func(c martini.Context, ctx *middleware.Context) {
+		token := unmarshallToken(ctx.Session)
 		if token == nil || token.IsExpired() {
-			next := url.QueryEscape(r.URL.RequestURI())
-			http.Redirect(w, r, PathLogin+"?next="+next, codeRedirect)
+			next := url.QueryEscape(ctx.Req.URL.RequestURI())
+			ctx.Redirect(PathLogin+"?next="+next, codeRedirect)
 		}
 	}
 }()
 
-func login(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) {
-	next := extractPath(r.URL.Query().Get(keyNextPage))
-	if s.Get(keyToken) == nil {
+func login(t *oauth.Transport, ctx *middleware.Context) {
+	next := extractPath(ctx.Req.URL.Query().Get(keyNextPage))
+	if ctx.Session.Get(keyToken) == nil {
 		// User is not logged in.
-		http.Redirect(w, r, t.Config.AuthCodeURL(next), codeRedirect)
+		ctx.Redirect(t.Config.AuthCodeURL(next), codeRedirect)
 		return
 	}
 	// No need to login, redirect to the next page.
-	http.Redirect(w, r, next, codeRedirect)
+	ctx.Redirect(next, codeRedirect)
 }
 
-func logout(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) {
-	next := extractPath(r.URL.Query().Get(keyNextPage))
-	s.Delete(keyToken)
-	http.Redirect(w, r, next, codeRedirect)
+func logout(t *oauth.Transport, ctx *middleware.Context) {
+	next := extractPath(ctx.Req.URL.Query().Get(keyNextPage))
+	ctx.Session.Delete(keyToken)
+	ctx.Redirect(next, codeRedirect)
 }
 
-func handleOAuth2Callback(t *oauth.Transport, s sessions.Session, w http.ResponseWriter, r *http.Request) {
-	next := extractPath(r.URL.Query().Get("state"))
-	code := r.URL.Query().Get("code")
+func handleOAuth2Callback(t *oauth.Transport, ctx *middleware.Context) {
+	next := extractPath(ctx.Req.URL.Query().Get("state"))
+	code := ctx.Req.URL.Query().Get("code")
 	tk, err := t.Exchange(code)
 	if err != nil {
 		// Pass the error message, or allow dev to provide its own
 		// error handler.
-		http.Redirect(w, r, PathError, codeRedirect)
+		ctx.Redirect(PathError, codeRedirect)
 		return
 	}
 	// Store the credentials in the session.
 	val, _ := json.Marshal(tk)
-	s.Set(keyToken, val)
-	http.Redirect(w, r, next, codeRedirect)
+	ctx.Session.Set(keyToken, val)
+	ctx.Redirect(next, codeRedirect)
 }
 
-func unmarshallToken(s sessions.Session) (t *token) {
+func unmarshallToken(s session.SessionStore) (t *token) {
 	if s.Get(keyToken) == nil {
 		return
 	}
diff --git a/routers/install.go b/routers/install.go
index 032af4802..48c1b5e13 100644
--- a/routers/install.go
+++ b/routers/install.go
@@ -183,6 +183,7 @@ func Install(ctx *middleware.Context, form auth.InstallForm) {
 	if _, err := models.RegisterUser(&models.User{Name: form.AdminName, Email: form.AdminEmail, Passwd: form.AdminPasswd,
 		IsAdmin: true, IsActive: true}); err != nil {
 		if err != models.ErrUserAlreadyExist {
+			base.InstallLock = false
 			ctx.RenderWithErr("Admin account setting is invalid: "+err.Error(), "install", &form)
 			return
 		}
diff --git a/web.go b/web.go
index 18e48b84d..0594d8e60 100644
--- a/web.go
+++ b/web.go
@@ -11,8 +11,6 @@ import (
 
 	"github.com/codegangsta/cli"
 	"github.com/go-martini/martini"
-	// "github.com/martini-contrib/oauth2"
-	// "github.com/martini-contrib/sessions"
 
 	"github.com/gogits/binding"
 
@@ -21,6 +19,7 @@ import (
 	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/middleware"
+	"github.com/gogits/gogs/modules/oauth2"
 	"github.com/gogits/gogs/routers"
 	"github.com/gogits/gogs/routers/admin"
 	"github.com/gogits/gogs/routers/api/v1"
@@ -59,19 +58,17 @@ func runWeb(*cli.Context) {
 
 	// Middlewares.
 	m.Use(middleware.Renderer(middleware.RenderOptions{Funcs: []template.FuncMap{base.TemplateFuncs}}))
-
-	// scope := "https://api.github.com/user"
-	// oauth2.PathCallback = "/oauth2callback"
-	// m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
-	// m.Use(oauth2.Github(&oauth2.Options{
-	// 	ClientId:     "09383403ff2dc16daaa1",
-	// 	ClientSecret: "5f6e7101d30b77952aab22b75eadae17551ea6b5",
-	// 	RedirectURL:  base.AppUrl + oauth2.PathCallback,
-	// 	Scopes:       []string{scope},
-	// }))
-
 	m.Use(middleware.InitContext())
 
+	scope := "https://api.github.com/user"
+	oauth2.PathCallback = "/oauth2callback"
+	m.Use(oauth2.Github(&oauth2.Options{
+		ClientId:     "09383403ff2dc16daaa1",
+		ClientSecret: "5f6e7101d30b77952aab22b75eadae17551ea6b5",
+		RedirectURL:  base.AppUrl + oauth2.PathCallback,
+		Scopes:       []string{scope},
+	}))
+
 	reqSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true})
 	ignSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: base.Service.RequireSignInView})
 	reqSignOut := middleware.Toggle(&middleware.ToggleOptions{SignOutRequire: true})

From b7c3b0cc73ad8721e2eec59d018a91850ba7f750 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sat, 5 Apr 2014 12:32:34 -0400
Subject: [PATCH 06/24] Add reset password, fix #58

---
 models/user.go                          | 15 +++++
 modules/base/template.go                |  4 ++
 modules/mailer/mail.go                  | 22 ++++++-
 routers/user/user.go                    | 84 ++++++++++++++++++++++++-
 templates/mail/auth/reset_passwd.tmpl   | 33 ++++++++++
 templates/mail/auth/reset_password.html | 25 --------
 templates/user/forgot_passwd.tmpl       | 30 +++++++++
 templates/user/reset_passwd.tmpl        | 26 ++++++++
 templates/user/signin.tmpl              |  2 +-
 web.go                                  |  2 +
 10 files changed, 214 insertions(+), 29 deletions(-)
 create mode 100644 templates/mail/auth/reset_passwd.tmpl
 delete mode 100644 templates/mail/auth/reset_password.html
 create mode 100644 templates/user/forgot_passwd.tmpl
 create mode 100644 templates/user/reset_passwd.tmpl

diff --git a/models/user.go b/models/user.go
index 1ec3b2952..2196eae84 100644
--- a/models/user.go
+++ b/models/user.go
@@ -367,6 +367,21 @@ func GetUserByName(name string) (*User, error) {
 	return user, nil
 }
 
+// GetUserByEmail returns the user object by given e-mail if exists.
+func GetUserByEmail(email string) (*User, error) {
+	if len(email) == 0 {
+		return nil, ErrUserNotExist
+	}
+	user := &User{Email: strings.ToLower(email)}
+	has, err := orm.Get(user)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrUserNotExist
+	}
+	return user, nil
+}
+
 // LoginUserPlain validates user by raw user name and password.
 func LoginUserPlain(name, passwd string) (*User, error) {
 	user := User{LowerName: strings.ToLower(name), Passwd: passwd}
diff --git a/modules/base/template.go b/modules/base/template.go
index dfcae9314..56b77a5d6 100644
--- a/modules/base/template.go
+++ b/modules/base/template.go
@@ -67,6 +67,10 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{
 	"DateFormat": DateFormat,
 	"List":       List,
 	"Mail2Domain": func(mail string) string {
+		if !strings.Contains(mail, "@") {
+			return "try.gogits.org"
+		}
+
 		suffix := strings.SplitN(mail, "@", 2)[1]
 		domain, ok := mailDomains[suffix]
 		if !ok {
diff --git a/modules/mailer/mail.go b/modules/mailer/mail.go
index b99fc8fdf..eee6b916c 100644
--- a/modules/mailer/mail.go
+++ b/modules/mailer/mail.go
@@ -86,7 +86,27 @@ func SendActiveMail(r *middleware.Render, user *models.User) {
 	}
 
 	msg := NewMailMessage([]string{user.Email}, subject, body)
-	msg.Info = fmt.Sprintf("UID: %d, send email verify mail", user.Id)
+	msg.Info = fmt.Sprintf("UID: %d, send active mail", user.Id)
+
+	SendAsync(&msg)
+}
+
+// Send reset password email.
+func SendResetPasswdMail(r *middleware.Render, user *models.User) {
+	code := CreateUserActiveCode(user, nil)
+
+	subject := "Reset your password"
+
+	data := GetMailTmplData(user)
+	data["Code"] = code
+	body, err := r.HTMLString("mail/auth/reset_passwd", data)
+	if err != nil {
+		log.Error("mail.SendResetPasswdMail(fail to render): %v", err)
+		return
+	}
+
+	msg := NewMailMessage([]string{user.Email}, subject, body)
+	msg.Info = fmt.Sprintf("UID: %d, send reset password email", user.Id)
 
 	SendAsync(&msg)
 }
diff --git a/routers/user/user.go b/routers/user/user.go
index 08930e22d..872ed0d60 100644
--- a/routers/user/user.go
+++ b/routers/user/user.go
@@ -403,9 +403,12 @@ func Activate(ctx *middleware.Context) {
 	if user := models.VerifyUserActiveCode(code); user != nil {
 		user.IsActive = true
 		user.Rands = models.GetUserSalt()
-		models.UpdateUser(user)
+		if err := models.UpdateUser(user); err != nil {
+			ctx.Handle(404, "user.Activate", err)
+			return
+		}
 
-		log.Trace("%s User activated: %s", ctx.Req.RequestURI, user.LowerName)
+		log.Trace("%s User activated: %s", ctx.Req.RequestURI, user.Name)
 
 		ctx.Session.Set("userId", user.Id)
 		ctx.Session.Set("userName", user.Name)
@@ -416,3 +419,80 @@ func Activate(ctx *middleware.Context) {
 	ctx.Data["IsActivateFailed"] = true
 	ctx.HTML(200, "user/active")
 }
+
+func ForgotPasswd(ctx *middleware.Context) {
+	ctx.Data["Title"] = "Forgot Password"
+
+	if base.MailService == nil {
+		ctx.Data["IsResetDisable"] = true
+		ctx.HTML(200, "user/forgot_passwd")
+		return
+	}
+
+	ctx.Data["IsResetRequest"] = true
+	if ctx.Req.Method == "GET" {
+		ctx.HTML(200, "user/forgot_passwd")
+		return
+	}
+
+	email := ctx.Query("email")
+	u, err := models.GetUserByEmail(email)
+	if err != nil {
+		if err == models.ErrUserNotExist {
+			ctx.RenderWithErr("This e-mail address does not associate to any account.", "user/forgot_passwd", nil)
+		} else {
+			ctx.Handle(404, "user.ResetPasswd(check existence)", err)
+		}
+		return
+	}
+
+	mailer.SendResetPasswdMail(ctx.Render, u)
+	ctx.Data["Email"] = email
+	ctx.Data["Hours"] = base.Service.ActiveCodeLives / 60
+	ctx.Data["IsResetSent"] = true
+	ctx.HTML(200, "user/forgot_passwd")
+}
+
+func ResetPasswd(ctx *middleware.Context) {
+	code := ctx.Query("code")
+	if len(code) == 0 {
+		ctx.Error(404)
+		return
+	}
+	ctx.Data["Code"] = code
+
+	if ctx.Req.Method == "GET" {
+		ctx.Data["IsResetForm"] = true
+		ctx.HTML(200, "user/reset_passwd")
+		return
+	}
+
+	if u := models.VerifyUserActiveCode(code); u != nil {
+		// Validate password length.
+		passwd := ctx.Query("passwd")
+		if len(passwd) < 6 || len(passwd) > 30 {
+			ctx.Data["IsResetForm"] = true
+			ctx.RenderWithErr("Password length should be in 6 and 30.", "user/reset_passwd", nil)
+			return
+		}
+
+		u.Passwd = passwd
+		if err := u.EncodePasswd(); err != nil {
+			ctx.Handle(404, "user.ResetPasswd(EncodePasswd)", err)
+			return
+		}
+
+		u.Rands = models.GetUserSalt()
+		if err := models.UpdateUser(u); err != nil {
+			ctx.Handle(404, "user.ResetPasswd(UpdateUser)", err)
+			return
+		}
+
+		log.Trace("%s User password reset: %s", ctx.Req.RequestURI, u.Name)
+		ctx.Redirect("/user/login")
+		return
+	}
+
+	ctx.Data["IsResetFailed"] = true
+	ctx.HTML(200, "user/reset_passwd")
+}
diff --git a/templates/mail/auth/reset_passwd.tmpl b/templates/mail/auth/reset_passwd.tmpl
new file mode 100644
index 000000000..11861f4e2
--- /dev/null
+++ b/templates/mail/auth/reset_passwd.tmpl
@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+<title>{{.User.Name}}, please reset your password</title>
+</head>
+<body style="background:#eee;">
+<div style="color:#333; font:12px/1.5 Tahoma,Arial,sans-serif;; text-shadow:1px 1px #fff; padding:0; margin:0;">
+    <div style="width:600px;margin:0 auto; padding:40px 0 20px;">
+        <div style="border:1px solid #d9d9d9;border-radius:3px; background:#fff; box-shadow: 0px 2px 5px rgba(0, 0, 0,.05); -webkit-box-shadow: 0px 2px 5px rgba(0, 0, 0,.05);">
+            <div style="padding: 20px 15px;">
+                <h1 style="font-size:20px; padding:10px 0 20px; margin:0; border-bottom:1px solid #ddd;"><img src="{{.AppUrl}}/{{.AppLogo}}" style="height: 32px; margin-bottom: -10px;"> <a style="color:#333;text-decoration:none;" target="_blank" href="{{.AppUrl}}">{{.AppName}}</a></h1>
+                <div style="padding:40px 15px;">
+                    <div style="font-size:16px; padding-bottom:30px; font-weight:bold;">
+                        Hi <span style="color: #00BFFF;">{{.User.Name}}</span>,
+                    </div>
+                    <div style="font-size:14px; padding:0 15px;">
+						<p style="margin:0;padding:0 0 9px 0;">Please click following link to reset your password within <b>{{.ActiveCodeLives}} hours</b>.</p>
+						<p style="margin:0;padding:0 0 9px 0;">
+							<a href="{{.AppUrl}}user/reset_password?code={{.Code}}">{{.AppUrl}}user/reset_password?code={{.Code}}</a>
+						</p>
+						<p style="margin:0;padding:0 0 9px 0;">Copy and paste it to your browser if the link is not working.</p>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <div style="color:#aaa;padding:10px;text-align:center;">
+            © 2014 <a style="color:#888;text-decoration:none;" target="_blank" href="http://gogits.org">Gogs: Go Git Service</a>
+        </div>
+    </div>
+</div>
+</body>
+</html>
\ No newline at end of file
diff --git a/templates/mail/auth/reset_password.html b/templates/mail/auth/reset_password.html
deleted file mode 100644
index 40a9efa85..000000000
--- a/templates/mail/auth/reset_password.html
+++ /dev/null
@@ -1,25 +0,0 @@
-{{template "mail/base.html" .}}
-{{define "title"}}
-	{{if eq .Lang "zh-CN"}}
-		 {{.User.NickName}}，重置账户密码
-	{{end}}
-	{{if eq .Lang "en-US"}}
-		{{.User.NickName}}, reset your password
-	{{end}}
-{{end}}
-{{define "body"}}
-	{{if eq .Lang "zh-CN"}}
-		<p style="margin:0;padding:0 0 9px 0;">点击链接重置密码，{{.ResetPwdCodeLives}} 分钟内有效</p>
-		<p style="margin:0;padding:0 0 9px 0;">
-			<a href="{{.AppUrl}}reset/{{.Code}}">{{.AppUrl}}reset/{{.Code}}</a>
-		</p>
-		<p style="margin:0;padding:0 0 9px 0;">如果链接点击无反应，请复制到浏览器打开。</p>
-	{{end}}
-	{{if eq .Lang "en-US"}}
-		<p style="margin:0;padding:0 0 9px 0;">Please click following link to reset your password in {{.ResetPwdCodeLives}} hours</p>
-		<p style="margin:0;padding:0 0 9px 0;">
-			<a href="{{.AppUrl}}reset/{{.Code}}">{{.AppUrl}}reset/{{.Code}}</a>
-		</p>
-		<p style="margin:0;padding:0 0 9px 0;">Copy and paste it to your browser if it's not working.</p>
-	{{end}}
-{{end}}
\ No newline at end of file
diff --git a/templates/user/forgot_passwd.tmpl b/templates/user/forgot_passwd.tmpl
new file mode 100644
index 000000000..ff25406fd
--- /dev/null
+++ b/templates/user/forgot_passwd.tmpl
@@ -0,0 +1,30 @@
+{{template "base/head" .}}
+{{template "base/navbar" .}}
+<div id="body" class="container">
+    <form action="/user/forget_password" method="post" class="form-horizontal card" id="login-card">
+        {{.CsrfTokenHtml}}
+        <h3>Reset Your Password</h3>
+        <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
+        {{if .IsResetSent}}
+        <p>A confirmation e-mail has been sent to <b>{{.Email}}</b>, please check your inbox within {{.Hours}} hours.</p>
+        <hr/>
+        <a href="http://{{Mail2Domain .Email}}" class="btn btn-lg btn-success">Sign in to your e-mail</a>
+        {{else if .IsResetRequest}}
+        <div class="form-group {{if .Err_Email}}has-error has-feedback{{end}}">
+            <label class="col-md-3 control-label">Email: </label>
+            <div class="col-md-7">
+                <input name="email" class="form-control" placeholder="Type your e-mail address" required="required">
+            </div>
+        </div>
+        <hr/>
+        <div class="form-group">
+            <div class="col-md-offset-4 col-md-6">
+                <button type="submit" class="btn btn-lg btn-primary">Click here to send reset confirmation e-mail</button>
+            </div>
+        </div>
+        {{else if .IsResetDisable}}
+        <p>Sorry, mail service is not enabled.</p>
+        {{end}}
+    </form>
+</div>
+{{template "base/footer" .}}
\ No newline at end of file
diff --git a/templates/user/reset_passwd.tmpl b/templates/user/reset_passwd.tmpl
new file mode 100644
index 000000000..9190c7c13
--- /dev/null
+++ b/templates/user/reset_passwd.tmpl
@@ -0,0 +1,26 @@
+{{template "base/head" .}}
+{{template "base/navbar" .}}
+<div id="body" class="container">
+    <form action="/user/reset_password?code={{.Code}}" method="post" class="form-horizontal card" id="login-card">
+        {{.CsrfTokenHtml}}
+        <h3>Reset Your Pasword</h3>
+        <div class="alert alert-danger form-error{{if .HasError}}{{else}} hidden{{end}}">{{.ErrorMsg}}</div>
+        {{if .IsResetForm}}
+        <div class="form-group">
+            <label class="col-md-4 control-label">Password: </label>
+            <div class="col-md-6">
+                <input name="passwd" type="password" class="form-control" placeholder="Type your password" required="required">
+            </div>
+        </div>
+        <hr/>
+        <div class="form-group">
+            <div class="col-md-offset-4 col-md-6">
+                <button type="submit" class="btn btn-lg btn-primary">Click here to reset your password</button>
+            </div>
+        </div>
+        {{else}}
+        <p>Sorry, your confirmation code has been exipired or not valid.</p>
+        {{end}}
+    </form>
+</div>
+{{template "base/footer" .}}
\ No newline at end of file
diff --git a/templates/user/signin.tmpl b/templates/user/signin.tmpl
index b6c39af1b..43f47e412 100644
--- a/templates/user/signin.tmpl
+++ b/templates/user/signin.tmpl
@@ -33,7 +33,7 @@
         <div class="form-group">
             <div class="col-md-offset-4 col-md-6">
                 <button type="submit" class="btn btn-lg btn-primary">Log In</button>
-                <a href="/forget-password/">Forgot your password?</a>
+                <a href="/user/forget_password/">Forgot your password?</a>
             </div>
         </div>
 
diff --git a/web.go b/web.go
index 0594d8e60..b5e4af3ee 100644
--- a/web.go
+++ b/web.go
@@ -92,6 +92,8 @@ func runWeb(*cli.Context) {
 		// r.Any("/login/github", user.SocialSignIn)
 		r.Any("/login", binding.BindIgnErr(auth.LogInForm{}), user.SignIn)
 		r.Any("/sign_up", binding.BindIgnErr(auth.RegisterForm{}), user.SignUp)
+		r.Any("/forget_password", user.ForgotPasswd)
+		r.Any("/reset_password", user.ResetPasswd)
 	}, reqSignOut)
 	m.Group("/user", func(r martini.Router) {
 		r.Any("/logout", user.SignOut)

From 3ede496383bc0e5ad2cb9c5f034890bb6d626b3c Mon Sep 17 00:00:00 2001
From: FuXiaoHei <fuxiaohei@hexiaz.com>
Date: Sun, 6 Apr 2014 14:54:28 +0800
Subject: [PATCH 07/24] add release-new route

---
 routers/repo/release.go     |  8 ++++++++
 templates/release/new.tmpl  | 15 +++++++++++++++
 templates/repo/toolbar.tmpl |  2 +-
 web.go                      |  1 +
 4 files changed, 25 insertions(+), 1 deletion(-)
 create mode 100644 templates/release/new.tmpl

diff --git a/routers/repo/release.go b/routers/repo/release.go
index 8e8b93c9e..279fc169f 100644
--- a/routers/repo/release.go
+++ b/routers/repo/release.go
@@ -12,6 +12,7 @@ import (
 func Releases(ctx *middleware.Context) {
 	ctx.Data["Title"] = "Releases"
 	ctx.Data["IsRepoToolbarReleases"] = true
+	ctx.Data["IsRepoReleaseNew"] = false
 	tags, err := models.GetTags(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
 	if err != nil {
 		ctx.Handle(404, "repo.Releases(GetTags)", err)
@@ -20,3 +21,10 @@ func Releases(ctx *middleware.Context) {
 	ctx.Data["Releases"] = tags
 	ctx.HTML(200, "release/list")
 }
+
+func ReleasesNew(ctx *middleware.Context) {
+	ctx.Data["Title"] = "New Release"
+	ctx.Data["IsRepoToolbarReleases"] = true
+	ctx.Data["IsRepoReleaseNew"] = true
+	ctx.HTML(200, "release/new")
+}
diff --git a/templates/release/new.tmpl b/templates/release/new.tmpl
new file mode 100644
index 000000000..a7dc905a0
--- /dev/null
+++ b/templates/release/new.tmpl
@@ -0,0 +1,15 @@
+{{template "base/head" .}}
+{{template "base/navbar" .}}
+{{template "repo/nav" .}}
+{{template "repo/toolbar" .}}
+<div id="body" class="container">
+    <div id="release">
+        <h4 id="release-head">New Release</h4>
+        <form id="release-new-form" action="" class="form form-inline">
+            <div class="form-group">
+                <input id="release-tag-name" type="text" class="form-control" placeholder="tag name"/>
+            </div>
+        </form>
+    </div>
+</div>
+{{template "base/footer" .}}
\ No newline at end of file
diff --git a/templates/repo/toolbar.tmpl b/templates/repo/toolbar.tmpl
index 548420483..d8ab26214 100644
--- a/templates/repo/toolbar.tmpl
+++ b/templates/repo/toolbar.tmpl
@@ -15,7 +15,7 @@
                     {{end}}
                     <li class="{{if .IsRepoToolbarReleases}}active{{end}}"><a href="{{.RepoLink}}/releases">{{if .Repository.NumReleases}}<span class="badge">{{.Repository.NumReleases}}</span> {{end}}Releases</a></li>
                     {{if .IsRepoToolbarReleases}}
-                    <li class="tmp"><a href="{{.RepoLink}}/releases/new"><button class="btn btn-primary btn-sm">New Release</button></a></li>
+                    <li class="tmp">{{if not .IsRepoReleaseNew}}<a href="{{.RepoLink}}/releases/new"><button class="btn btn-primary btn-sm">New Release</button></a>{{end}}</li>
                     {{end}}
                     <!-- <li class="dropdown">
                         <a href="#" class="dropdown-toggle" data-toggle="dropdown">More <b class="caret"></b></a>
diff --git a/web.go b/web.go
index 5fc3350f1..01765e5c0 100644
--- a/web.go
+++ b/web.go
@@ -148,6 +148,7 @@ func runWeb(*cli.Context) {
 		r.Get("/issues", repo.Issues)
 		r.Get("/issues/:index", repo.ViewIssue)
 		r.Get("/releases", repo.Releases)
+		r.Any("/releases/new",repo.ReleasesNew)
 		r.Get("/pulls", repo.Pulls)
 		r.Get("/branches", repo.Branches)
 	}, ignSignIn, middleware.RepoAssignment(true))

From 1b0142513e21fd37d477ca776ccf8d6f6f1bc928 Mon Sep 17 00:00:00 2001
From: FuXiaoHei <fuxiaohei@hexiaz.com>
Date: Sun, 6 Apr 2014 16:29:45 +0800
Subject: [PATCH 08/24] release-new page ui

---
 public/css/gogs.css        | 70 ++++++++++++++++++++++++++++++++++++++
 public/js/app.js           | 20 +++++++++++
 templates/release/new.tmpl | 51 +++++++++++++++++++++++++++
 3 files changed, 141 insertions(+)

diff --git a/public/css/gogs.css b/public/css/gogs.css
index a6d6b4cce..da2a7fd1a 100755
--- a/public/css/gogs.css
+++ b/public/css/gogs.css
@@ -1304,4 +1304,74 @@ html, body {
 
 #release .release-item .info .avatar {
     vertical-align: middle;
+}
+
+#release-new-form {
+    margin-top: 24px;
+}
+
+#release-new-form .target-at {
+    margin: 0 1em;
+}
+
+#release-new-form .target-text {
+    color: #888;
+}
+
+#release-new-target-branch-list {
+    padding-top: 0;
+    padding-bottom: 0;
+    min-width: 200px;
+}
+
+#release-new-target-branch-list ul {
+    margin-bottom: 0;
+}
+
+#release-new-target-branch-list li {
+    padding: 8px 20px;
+}
+
+#release-new-target-branch-list li a {
+    margin-left: 0;
+    background-color: transparent;
+    padding: 0;
+}
+
+#release-new-target-branch-list li a:hover {
+    background-image: none;
+}
+
+#release-new-target-branch-list li:hover {
+    background-color: #0093c4;
+}
+
+#release-new-target-branch-list li:hover a {
+    color: #FFF;
+}
+
+#release-new-title {
+    width: 50%;
+}
+
+#release-new-content-div {
+    margin-top: 16px;
+    padding-left: 0;
+}
+
+#release-new-content-div .md-help {
+    margin-top: 6px;
+}
+
+#release-textarea .form-group {
+    display: block;
+}
+
+#release-new-content {
+    width: 100%;
+    margin: 16px 0;
+}
+
+#release-preview{
+    margin: 6px 0;
 }
\ No newline at end of file
diff --git a/public/js/app.js b/public/js/app.js
index 0ba0675f2..93e01abd2 100644
--- a/public/js/app.js
+++ b/public/js/app.js
@@ -520,6 +520,23 @@ function initIssue() {
 
 }
 
+function initRelease() {
+// release new ajax preview
+    (function () {
+        $('[data-ajax-name=release-preview]').on("click", function () {
+            var $this = $(this);
+            $this.toggleAjax(function (json) {
+                if (json.ok) {
+                    $($this.data("preview")).html(json.content);
+                }
+            })
+        });
+        $('.release-write a[data-toggle]').on("click", function () {
+            $('.release-preview-content').html("loading...");
+        });
+    }())
+}
+
 (function ($) {
     $(function () {
         initCore();
@@ -539,5 +556,8 @@ function initIssue() {
         if ($('#issue').length) {
             initIssue();
         }
+        if ($('#release').length) {
+            initRelease();
+        }
     });
 })(jQuery);
diff --git a/templates/release/new.tmpl b/templates/release/new.tmpl
index a7dc905a0..fe5aa179c 100644
--- a/templates/release/new.tmpl
+++ b/templates/release/new.tmpl
@@ -8,6 +8,57 @@
         <form id="release-new-form" action="" class="form form-inline">
             <div class="form-group">
                 <input id="release-tag-name" type="text" class="form-control" placeholder="tag name"/>
+                <span class="target-at">@</span>
+                <div class="btn-group" id="release-new-target-select">
+                    <button type="button" class="btn btn-default"><i class="fa fa-code-fork fa-lg fa-m"></i>
+                        <span class="target-text">Target : </span>
+                        <strong id="release-new-target-name"> master</strong>
+                    </button>
+                    <button type="button" class="btn btn-default dropdown-toggle" data-toggle="dropdown">
+                        <span class="caret"></span>
+                    </button>
+                    <div class="dropdown-menu clone-group-btn" id="release-new-target-branch-list">
+                        <ul class="list-group">
+                            <li class="list-group-item">
+                                <a href="#" rel="master"><i class="fa fa-code-fork"></i>master</a>
+                            </li>
+                        </ul>
+                    </div>
+                </div>
+                <p class="help-block">Choose an existing tag without release notes</p>
+            </div>
+            <div class="form-group" style="display: block">
+                <input class="form-control input-lg" id="release-new-title" name="title" type="text" placeholder="release title"/>
+            </div>
+            <div class="form-group col-md-8" style="display: block" id="release-new-content-div">
+                <div class="md-help pull-right">
+                    Content with <a href="https://help.github.com/articles/markdown-basics">Markdown</a>
+                </div>
+                <ul class="nav nav-tabs" data-init="tabs">
+                    <li class="release-write active"><a href="#release-textarea" data-toggle="tab">Write</a></li>
+                    <li class="release-preview"><a href="#release-preview" data-toggle="tab" data-ajax="/api/v1/markdown?repo=repo_id&amp;release=new" data-ajax-name="release-preview" data-ajax-method="post" data-preview="#release-preview">Preview</a></li>
+                </ul>
+                <div class="tab-content">
+                    <div class="tab-pane active" id="release-textarea">
+                        <div class="form-group">
+                            <textarea class="form-control" name="content" id="release-new-content" rows="10" placeholder="Write some content" data-ajax-rel="release-preview" data-ajax-val="val" data-ajax-field="content"></textarea>
+                        </div>
+                    </div>
+                    <div class="tab-pane release-preview-content" id="release-preview">loading...</div>
+                </div>
+            </div>
+            <div class="text-right form-group col-md-8" style="display: block">
+                <hr/>
+                <label for="release-new-pre-release">
+                    <input id="release-new-pre-release" type="checkbox" name="is-pre-release" value="true"/>
+                    <strong>This is a pre-release</strong>
+                </label>
+                <p class="help-block">We’ll point out that this release is identified as non-production ready.</p>
+            </div>
+            <div class="text-right form-group col-md-8" style="display: block">
+                <input type="hidden" value="id" name="repo-id">
+                <button class="btn-success btn">Publish release</button>
+                <input class="btn btn-default" type="submit" name="is-draft" value="Save Draft"/>
             </div>
         </form>
     </div>

From d3a987eded8bf2d0afc35dce32238e59da8080a8 Mon Sep 17 00:00:00 2001
From: FuXiaoHei <fuxiaohei@hexiaz.com>
Date: Sun, 6 Apr 2014 16:48:02 +0800
Subject: [PATCH 09/24] username & repo-name changing help message

---
 public/js/app.js            | 27 ++++++++++++++++++++++++++-
 templates/repo/setting.tmpl |  5 +++--
 templates/user/setting.tmpl |  5 +++--
 3 files changed, 32 insertions(+), 5 deletions(-)

diff --git a/public/js/app.js b/public/js/app.js
index 93e01abd2..059663e1a 100644
--- a/public/js/app.js
+++ b/public/js/app.js
@@ -354,6 +354,7 @@ function initRegister() {
 }
 
 function initUserSetting() {
+    // ssh confirmation
     $('#ssh-keys .delete').confirmation({
         singleton: true,
         onConfirm: function (e, $this) {
@@ -366,6 +367,18 @@ function initUserSetting() {
             });
         }
     });
+
+    // profile form
+    (function () {
+        $('#user-setting-username').on("keyup", function () {
+            var $this = $(this);
+            if ($this.val() != $this.attr('title')) {
+                $this.next('.help-block').toggleShow();
+            } else {
+                $this.next('.help-block').toggleHide();
+            }
+        });
+    }())
 }
 
 function initRepository() {
@@ -383,7 +396,7 @@ function initRepository() {
                     $clone.find('span.clone-url').text($this.data('link'));
                 }
             }).eq(0).trigger("click");
-            $("#repo-clone").on("shown.bs.dropdown",function () {
+            $("#repo-clone").on("shown.bs.dropdown", function () {
                 Gogits.bindCopy("[data-init=copy]");
             });
             Gogits.bindCopy("[data-init=copy]:visible");
@@ -438,6 +451,18 @@ function initRepository() {
             $item.find(".bar .add").css("width", addPercent + "%");
         });
     }());
+
+    // repo setting form
+    (function () {
+        $('#repo-setting-name').on("keyup", function () {
+            var $this = $(this);
+            if ($this.val() != $this.attr('title')) {
+                $this.next('.help-block').toggleShow();
+            } else {
+                $this.next('.help-block').toggleHide();
+            }
+        });
+    }())
 }
 
 function initInstall() {
diff --git a/templates/repo/setting.tmpl b/templates/repo/setting.tmpl
index 6e2d3bec8..85d08c597 100644
--- a/templates/repo/setting.tmpl
+++ b/templates/repo/setting.tmpl
@@ -23,9 +23,10 @@
                     {{.CsrfTokenHtml}}
                     <input type="hidden" name="action" value="update">
                     <div class="form-group">
-                        <label class="col-md-3 text-right">Name</label>
+                        <label class="col-md-3 text-right" for="repo-setting-name">Name</label>
                         <div class="col-md-9">
-                            <input class="form-control" name="name" value="{{.Repository.Name}}" title="{{.Repository.Name}}" />
+                            <input class="form-control" name="name" value="{{.Repository.Name}}" title="{{.Repository.Name}}" id="repo-setting-name"/>
+                            <p class="help-block hidden"><span class="text-danger">Cautious : </span>your repository name is changing !</p>
                         </div>
                     </div>
 
diff --git a/templates/user/setting.tmpl b/templates/user/setting.tmpl
index b32689fe1..d58283387 100644
--- a/templates/user/setting.tmpl
+++ b/templates/user/setting.tmpl
@@ -10,9 +10,10 @@
                 {{if .IsSuccess}}<p class="alert alert-success">Your profile has been successfully updated.</p>{{else if .HasError}}<p class="alert alert-danger form-error">{{.ErrorMsg}}</p>{{end}}
                 <p>Your Email will be public and used for Account related notifications and any web based operations made via the web.</p>
                 <div class="form-group">
-                    <label class="col-md-2 control-label">Username<strong class="text-danger">*</strong></label>
+                    <label class="col-md-2 control-label" for="user-setting-username">Username<strong class="text-danger">*</strong></label>
                     <div class="col-md-8">
-                        <input name="username" class="form-control" placeholder="Type your user name" required="required" value="{{.SignedUser.Name}}" title="{{.SignedUser.Name}}">
+                        <input name="username" class="form-control" placeholder="Type your user name" required="required" value="{{.SignedUser.Name}}" title="{{.SignedUser.Name}}" id="user-setting-username">
+                        <p class="help-block hidden"><span class="text-danger">Cautious : </span>your username is changing !</p>
                     </div>
                 </div>
 

From a04918e36d49e1d066c6f661a73eebf706a97237 Mon Sep 17 00:00:00 2001
From: skyblue <ssx205@gmail.com>
Date: Sun, 6 Apr 2014 23:12:19 +0800
Subject: [PATCH 10/24] add fswatch.json for hot compile

---
 .fswatch.json | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 .fswatch.json

diff --git a/.fswatch.json b/.fswatch.json
new file mode 100644
index 000000000..f84e30356
--- /dev/null
+++ b/.fswatch.json
@@ -0,0 +1,22 @@
+{
+    "paths": [
+		"."
+	],
+    "depth": 2,
+    "exclude": [
+		"^gogs$",
+        "~$",
+        "\\.swp$",
+        "\\.exe$",
+		"\\.swx$",
+		".*\\.log$"
+    ],
+    "include": [],
+    "command": [
+        "bash", "-c", "go build && ./gogs web"
+    ],
+    "env": {
+        "PROGRAM": "fswatch"
+    },
+    "enable-restart": false
+}

From 7a4c6c22ce1e79d0f0c97ab9c5deae73020bd11c Mon Sep 17 00:00:00 2001
From: skyblue <ssx205@gmail.com>
Date: Mon, 7 Apr 2014 00:11:18 +0800
Subject: [PATCH 11/24] fix start.sh in crontab run failed problem

---
 start.sh | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/start.sh b/start.sh
index b0c9af505..3b974378e 100755
--- a/start.sh
+++ b/start.sh
@@ -1,10 +1,15 @@
-#!/bin/bash -
-#
+#!/bin/sh -
 # Copyright 2014 The Gogs Authors. All rights reserved.
 # Use of this source code is governed by a MIT-style
 # license that can be found in the LICENSE file.
 #
 # start gogs web
 #
-cd "$(dirname $0)"
-./gogs web
+IFS=' 
+	'
+PATH=/bin:/usr/bin:/usr/local/bin
+HOME=${HOME:?"need \$HOME variable"}
+USER=$(whoami)
+export USER HOME PATH
+
+cd "$(dirname $0)" && exec ./gogs web

From 583f11f27cb6d5d04a5198c6d4514a4da3cae92a Mon Sep 17 00:00:00 2001
From: skyblue <ssx205@gmail.com>
Date: Mon, 7 Apr 2014 00:19:59 +0800
Subject: [PATCH 12/24] better looks on github

---
 .fswatch.json | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/.fswatch.json b/.fswatch.json
index f84e30356..81243ebc3 100644
--- a/.fswatch.json
+++ b/.fswatch.json
@@ -1,22 +1,20 @@
 {
-    "paths": [
-		"."
-	],
+    "paths": ["."],
     "depth": 2,
     "exclude": [
-		"^gogs$",
+        "^gogs$",
         "~$",
         "\\.swp$",
         "\\.exe$",
-		"\\.swx$",
-		".*\\.log$"
+        "\\.swx$",
+        ".*\\.log$"
     ],
-    "include": [],
+    "include": ["\\.go$"],
     "command": [
         "bash", "-c", "go build && ./gogs web"
     ],
     "env": {
-        "PROGRAM": "fswatch"
+        "POWERED_BY": "github.com/shxsun/fswatch"
     },
     "enable-restart": false
 }

From 2846ff7d31fc93659a2e90fe869ff51c885decfa Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sun, 6 Apr 2014 13:00:20 -0400
Subject: [PATCH 13/24] Fix bug related to log

---
 .gopmfile            |  3 ++-
 bee.json             |  2 ++
 modules/base/conf.go | 36 ++++++++++++++---------------------
 modules/log/log.go   |  2 --
 routers/install.go   |  5 ++---
 update.go            | 45 ++++++++++++++++++++++----------------------
 web.go               | 10 ++++------
 7 files changed, 46 insertions(+), 57 deletions(-)

diff --git a/.gopmfile b/.gopmfile
index d3f0b3ca3..9bdca49fc 100644
--- a/.gopmfile
+++ b/.gopmfile
@@ -12,6 +12,8 @@ github.com/nfnt/resize =
 github.com/lunny/xorm = 
 github.com/go-sql-driver/mysql = 
 github.com/lib/pq = 
+github.com/qiniu/log = 
+code.google.com/p/goauth2 = 
 github.com/gogits/logs = 
 github.com/gogits/binding = 
 github.com/gogits/git = 
@@ -19,7 +21,6 @@ github.com/gogits/gfm =
 github.com/gogits/cache = 
 github.com/gogits/session = 
 github.com/gogits/webdav = 
-code.google.com/p/goauth2 = 
 
 [res]
 include = templates|public|conf
diff --git a/bee.json b/bee.json
index 4f7f7a771..ff120f0c9 100644
--- a/bee.json
+++ b/bee.json
@@ -13,6 +13,8 @@
 		"others": [
 			"modules",
 			"$GOPATH/src/github.com/gogits/binding",
+			"$GOPATH/src/github.com/gogits/webdav",
+			"$GOPATH/src/github.com/gogits/logs",
 			"$GOPATH/src/github.com/gogits/git",
 			"$GOPATH/src/github.com/gogits/gfm"
 		]
diff --git a/modules/base/conf.go b/modules/base/conf.go
index 3ebc4ede1..4a6eec70a 100644
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -14,6 +14,7 @@ import (
 
 	"github.com/Unknwon/com"
 	"github.com/Unknwon/goconfig"
+	qlog "github.com/qiniu/log"
 
 	"github.com/gogits/cache"
 	"github.com/gogits/session"
@@ -105,16 +106,14 @@ func newLogService() {
 	LogMode = Cfg.MustValue("log", "MODE", "console")
 	modeSec := "log." + LogMode
 	if _, err := Cfg.GetSection(modeSec); err != nil {
-		fmt.Printf("Unknown log mode: %s\n", LogMode)
-		os.Exit(2)
+		qlog.Fatalf("Unknown log mode: %s\n", LogMode)
 	}
 
 	// Log level.
 	levelName := Cfg.MustValue("log."+LogMode, "LEVEL", "Trace")
 	level, ok := logLevels[levelName]
 	if !ok {
-		fmt.Printf("Unknown log level: %s\n", levelName)
-		os.Exit(2)
+		qlog.Fatalf("Unknown log level: %s\n", levelName)
 	}
 
 	// Generate log configuration.
@@ -164,16 +163,14 @@ func newCacheService() {
 	case "redis", "memcache":
 		CacheConfig = fmt.Sprintf(`{"conn":"%s"}`, Cfg.MustValue("cache", "HOST"))
 	default:
-		fmt.Printf("Unknown cache adapter: %s\n", CacheAdapter)
-		os.Exit(2)
+		qlog.Fatalf("Unknown cache adapter: %s\n", CacheAdapter)
 	}
 
 	var err error
 	Cache, err = cache.NewCache(CacheAdapter, CacheConfig)
 	if err != nil {
-		fmt.Printf("Init cache system failed, adapter: %s, config: %s, %v\n",
+		qlog.Fatalf("Init cache system failed, adapter: %s, config: %s, %v\n",
 			CacheAdapter, CacheConfig, err)
-		os.Exit(2)
 	}
 
 	log.Info("Cache Service Enabled")
@@ -199,9 +196,8 @@ func newSessionService() {
 	var err error
 	SessionManager, err = session.NewManager(SessionProvider, *SessionConfig)
 	if err != nil {
-		fmt.Printf("Init session system failed, provider: %s, %v\n",
+		qlog.Fatalf("Init session system failed, provider: %s, %v\n",
 			SessionProvider, err)
-		os.Exit(2)
 	}
 
 	log.Info("Session Service Enabled")
@@ -246,23 +242,20 @@ func NewConfigContext() {
 	//var err error
 	workDir, err := ExecDir()
 	if err != nil {
-		fmt.Printf("Fail to get work directory: %s\n", err)
-		os.Exit(2)
+		qlog.Fatalf("Fail to get work directory: %s\n", err)
 	}
 
 	cfgPath := filepath.Join(workDir, "conf/app.ini")
 	Cfg, err = goconfig.LoadConfigFile(cfgPath)
 	if err != nil {
-		fmt.Printf("Cannot load config file(%s): %v\n", cfgPath, err)
-		os.Exit(2)
+		qlog.Fatalf("Cannot load config file(%s): %v\n", cfgPath, err)
 	}
 	Cfg.BlockMode = false
 
 	cfgPath = filepath.Join(workDir, "custom/conf/app.ini")
 	if com.IsFile(cfgPath) {
 		if err = Cfg.AppendFiles(cfgPath); err != nil {
-			fmt.Printf("Cannot load config file(%s): %v\n", cfgPath, err)
-			os.Exit(2)
+			qlog.Fatalf("Cannot load config file(%s): %v\n", cfgPath, err)
 		}
 	}
 
@@ -281,8 +274,7 @@ func NewConfigContext() {
 	}
 	// Does not check run user when the install lock is off.
 	if InstallLock && RunUser != curUser {
-		fmt.Printf("Expect user(%s) but current user is: %s\n", RunUser, curUser)
-		os.Exit(2)
+		qlog.Fatalf("Expect user(%s) but current user is: %s\n", RunUser, curUser)
 	}
 
 	LogInRememberDays = Cfg.MustInt("security", "LOGIN_REMEMBER_DAYS")
@@ -294,14 +286,14 @@ func NewConfigContext() {
 	// Determine and create root git reposiroty path.
 	homeDir, err := com.HomeDir()
 	if err != nil {
-		fmt.Printf("Fail to get home directory): %v\n", err)
-		os.Exit(2)
+		qlog.Fatalf("Fail to get home directory): %v\n", err)
 	}
 	RepoRootPath = Cfg.MustValue("repository", "ROOT", filepath.Join(homeDir, "git/gogs-repositories"))
 	if err = os.MkdirAll(RepoRootPath, os.ModePerm); err != nil {
-		fmt.Printf("Fail to create RepoRootPath(%s): %v\n", RepoRootPath, err)
-		os.Exit(2)
+		qlog.Fatalf("Fail to create RepoRootPath(%s): %v\n", RepoRootPath, err)
 	}
+
+	log.Info("%s %s", AppName, AppVer)
 }
 
 func NewServices() {
diff --git a/modules/log/log.go b/modules/log/log.go
index 65150237d..f21897b90 100644
--- a/modules/log/log.go
+++ b/modules/log/log.go
@@ -21,8 +21,6 @@ func init() {
 func NewLogger(bufLen int64, mode, config string) {
 	Mode, Config = mode, config
 	logger = logs.NewLogger(bufLen)
-	logger.EnableFuncCallDepth(true)
-	logger.SetLogFuncCallDepth(4)
 	logger.SetLogger(mode, config)
 }
 
diff --git a/routers/install.go b/routers/install.go
index 48c1b5e13..1c4e6181d 100644
--- a/routers/install.go
+++ b/routers/install.go
@@ -6,13 +6,13 @@ package routers
 
 import (
 	"errors"
-	"fmt"
 	"os"
 	"strings"
 
 	"github.com/Unknwon/goconfig"
 	"github.com/go-martini/martini"
 	"github.com/lunny/xorm"
+	qlog "github.com/qiniu/log"
 
 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/auth"
@@ -43,8 +43,7 @@ func GlobalInit() {
 
 	if base.InstallLock {
 		if err := models.NewEngine(); err != nil {
-			fmt.Println(err)
-			os.Exit(2)
+			qlog.Fatal(err)
 		}
 
 		models.HasEngine = true
diff --git a/update.go b/update.go
index 5ccb72fd4..97d924085 100644
--- a/update.go
+++ b/update.go
@@ -6,7 +6,6 @@ package main
 
 import (
 	"container/list"
-	"fmt"
 	"os"
 	"os/exec"
 	"path"
@@ -14,11 +13,11 @@ import (
 	"strings"
 
 	"github.com/codegangsta/cli"
+	qlog "github.com/qiniu/log"
+
 	"github.com/gogits/git"
 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/base"
-	"github.com/gogits/gogs/modules/log"
-	//"github.com/qiniu/log"
 )
 
 var CmdUpdate = cli.Command{
@@ -31,11 +30,15 @@ gogs serv provide access auth for repositories`,
 }
 
 func newUpdateLogger(execDir string) {
-	level := "0"
 	logPath := execDir + "/log/update.log"
 	os.MkdirAll(path.Dir(logPath), os.ModePerm)
-	log.NewLogger(0, "file", fmt.Sprintf(`{"level":%s,"filename":"%s"}`, level, logPath))
-	log.Trace("start logging...")
+	f, err := os.Open(logPath)
+	if err != nil {
+		qlog.Fatal(err)
+	}
+
+	qlog.SetOutput(f)
+	qlog.Info("Start logging update...")
 }
 
 // for command: ./gogs update
@@ -54,14 +57,12 @@ func runUpdate(c *cli.Context) {
 
 	args := c.Args()
 	if len(args) != 3 {
-		log.Error("received less 3 parameters")
-		return
+		qlog.Fatal("received less 3 parameters")
 	}
 
 	refName := args[0]
 	if refName == "" {
-		log.Error("refName is empty, shouldn't use")
-		return
+		qlog.Fatal("refName is empty, shouldn't use")
 	}
 	oldCommitId := args[1]
 	newCommitId := args[2]
@@ -69,8 +70,7 @@ func runUpdate(c *cli.Context) {
 	isNew := strings.HasPrefix(oldCommitId, "0000000")
 	if isNew &&
 		strings.HasPrefix(newCommitId, "0000000") {
-		log.Error("old rev and new rev both 000000")
-		return
+		qlog.Fatal("old rev and new rev both 000000")
 	}
 
 	userName := os.Getenv("userName")
@@ -86,19 +86,18 @@ func runUpdate(c *cli.Context) {
 
 	repo, err := git.OpenRepository(f)
 	if err != nil {
-		log.Error("runUpdate.Open repoId: %v", err)
-		return
+		qlog.Fatalf("runUpdate.Open repoId: %v", err)
 	}
 
 	newOid, err := git.NewOidFromString(newCommitId)
 	if err != nil {
-		log.Error("runUpdate.Ref repoId: %v", err)
+		qlog.Fatalf("runUpdate.Ref repoId: %v", err)
 		return
 	}
 
 	newCommit, err := repo.LookupCommit(newOid)
 	if err != nil {
-		log.Error("runUpdate.Ref repoId: %v", err)
+		qlog.Fatalf("runUpdate.Ref repoId: %v", err)
 		return
 	}
 
@@ -107,38 +106,38 @@ func runUpdate(c *cli.Context) {
 	if isNew {
 		l, err = repo.CommitsBefore(newCommit.Id())
 		if err != nil {
-			log.Error("Find CommitsBefore erro:", err)
+			qlog.Fatalf("Find CommitsBefore erro:", err)
 			return
 		}
 	} else {
 		oldOid, err := git.NewOidFromString(oldCommitId)
 		if err != nil {
-			log.Error("runUpdate.Ref repoId: %v", err)
+			qlog.Fatalf("runUpdate.Ref repoId: %v", err)
 			return
 		}
 
 		oldCommit, err := repo.LookupCommit(oldOid)
 		if err != nil {
-			log.Error("runUpdate.Ref repoId: %v", err)
+			qlog.Fatalf("runUpdate.Ref repoId: %v", err)
 			return
 		}
 		l = repo.CommitsBetween(newCommit, oldCommit)
 	}
 
 	if err != nil {
-		log.Error("runUpdate.Commit repoId: %v", err)
+		qlog.Fatalf("runUpdate.Commit repoId: %v", err)
 		return
 	}
 
 	sUserId, err := strconv.Atoi(userId)
 	if err != nil {
-		log.Error("runUpdate.Parse userId: %v", err)
+		qlog.Fatalf("runUpdate.Parse userId: %v", err)
 		return
 	}
 
 	repos, err := models.GetRepositoryByName(int64(sUserId), repoName)
 	if err != nil {
-		log.Error("runUpdate.GetRepositoryByName userId: %v", err)
+		qlog.Fatalf("runUpdate.GetRepositoryByName userId: %v", err)
 		return
 	}
 
@@ -163,6 +162,6 @@ func runUpdate(c *cli.Context) {
 	//commits = append(commits, []string{lastCommit.Id().String(), lastCommit.Message()})
 	if err = models.CommitRepoAction(int64(sUserId), userName, actEmail,
 		repos.Id, repoName, git.BranchName(refName), &base.PushCommits{l.Len(), commits}); err != nil {
-		log.Error("runUpdate.models.CommitRepoAction: %v", err)
+		qlog.Fatalf("runUpdate.models.CommitRepoAction: %v", err)
 	}
 }
diff --git a/web.go b/web.go
index cab3dfecc..00fa72cbc 100644
--- a/web.go
+++ b/web.go
@@ -11,6 +11,7 @@ import (
 
 	"github.com/codegangsta/cli"
 	"github.com/go-martini/martini"
+	qlog "github.com/qiniu/log"
 
 	"github.com/gogits/binding"
 
@@ -50,9 +51,7 @@ func newMartini() *martini.ClassicMartini {
 }
 
 func runWeb(*cli.Context) {
-	fmt.Println("Server is running...")
 	routers.GlobalInit()
-	log.Info("%s %s", base.AppName, base.AppVer)
 
 	m := newMartini()
 
@@ -147,7 +146,7 @@ func runWeb(*cli.Context) {
 		r.Get("/issues", repo.Issues)
 		r.Get("/issues/:index", repo.ViewIssue)
 		r.Get("/releases", repo.Releases)
-		r.Any("/releases/new",repo.ReleasesNew)
+		r.Any("/releases/new", repo.ReleasesNew)
 		r.Get("/pulls", repo.Pulls)
 		r.Get("/branches", repo.Branches)
 	}, ignSignIn, middleware.RepoAssignment(true))
@@ -177,14 +176,13 @@ func runWeb(*cli.Context) {
 	if protocol == "http" {
 		log.Info("Listen: http://%s", listenAddr)
 		if err := http.ListenAndServe(listenAddr, m); err != nil {
-			fmt.Println(err.Error())
-			//log.Critical(err.Error()) // not working now
+			qlog.Error(err.Error())
 		}
 	} else if protocol == "https" {
 		log.Info("Listen: https://%s", listenAddr)
 		if err := http.ListenAndServeTLS(listenAddr, base.Cfg.MustValue("server", "CERT_FILE"),
 			base.Cfg.MustValue("server", "KEY_FILE"), m); err != nil {
-			fmt.Println(err.Error())
+			qlog.Error(err.Error())
 		}
 	}
 }

From 794cd27db3de55cce4c5d3716bf9e60fadaa86bc Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sun, 6 Apr 2014 13:07:34 -0400
Subject: [PATCH 14/24] Fix bug related to log

---
 gogs.go   |  2 +-
 serve.go  | 53 ++++++++++++++++++++++-------------------------------
 update.go |  8 --------
 3 files changed, 23 insertions(+), 40 deletions(-)

diff --git a/gogs.go b/gogs.go
index 13b9d377d..0e48ff7b1 100644
--- a/gogs.go
+++ b/gogs.go
@@ -19,7 +19,7 @@ import (
 // Test that go1.2 tag above is included in builds. main.go refers to this definition.
 const go12tag = true
 
-const APP_VER = "0.2.1.0405 Alpha"
+const APP_VER = "0.2.1.0406 Alpha"
 
 func init() {
 	base.AppVer = APP_VER
diff --git a/serve.go b/serve.go
index afc16c281..e7649476d 100644
--- a/serve.go
+++ b/serve.go
@@ -14,7 +14,7 @@ import (
 	"strings"
 
 	"github.com/codegangsta/cli"
-	"github.com/gogits/gogs/modules/log"
+	qlog "github.com/qiniu/log"
 
 	//"github.com/gogits/git"
 	"github.com/gogits/gogs/models"
@@ -44,11 +44,15 @@ gogs serv provide access auth for repositories`,
 }
 
 func newLogger(execDir string) {
-	level := "0"
 	logPath := execDir + "/log/serv.log"
 	os.MkdirAll(path.Dir(logPath), os.ModePerm)
-	log.NewLogger(0, "file", fmt.Sprintf(`{"level":%s,"filename":"%s"}`, level, logPath))
-	log.Trace("start logging...")
+	f, err := os.Open(logPath)
+	if err != nil {
+		qlog.Fatal(err)
+	}
+
+	qlog.SetOutput(f)
+	qlog.Info("Start logging serv...")
 }
 
 func parseCmd(cmd string) (string, string) {
@@ -87,21 +91,18 @@ func runServ(k *cli.Context) {
 	keys := strings.Split(os.Args[2], "-")
 	if len(keys) != 2 {
 		println("auth file format error")
-		log.Error("auth file format error")
-		return
+		qlog.Fatal("auth file format error")
 	}
 
 	keyId, err := strconv.ParseInt(keys[1], 10, 64)
 	if err != nil {
 		println("auth file format error")
-		log.Error("auth file format error", err)
-		return
+		qlog.Fatal("auth file format error", err)
 	}
 	user, err := models.GetUserByKeyId(keyId)
 	if err != nil {
 		println("You have no right to access")
-		log.Error("SSH visit error: %v", err)
-		return
+		qlog.Fatalf("SSH visit error: %v", err)
 	}
 
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
@@ -115,8 +116,7 @@ func runServ(k *cli.Context) {
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
 		println("Unavilable repository", args)
-		log.Error("Unavilable repository %v", args)
-		return
+		qlog.Fatalf("Unavilable repository %v", args)
 	}
 	repoUserName := rr[0]
 	repoName := rr[1]
@@ -129,9 +129,8 @@ func runServ(k *cli.Context) {
 
 	repoUser, err := models.GetUserByName(repoUserName)
 	if err != nil {
-		fmt.Println("You have no right to access")
-		log.Error("Get user failed", err)
-		return
+		println("You have no right to access")
+		qlog.Fatal("Get user failed", err)
 	}
 
 	// access check
@@ -140,19 +139,16 @@ func runServ(k *cli.Context) {
 		has, err := models.HasAccess(user.LowerName, path.Join(repoUserName, repoName), models.AU_WRITABLE)
 		if err != nil {
 			println("Inernel error:", err)
-			log.Error(err.Error())
-			return
+			qlog.Fatal(err)
 		} else if !has {
 			println("You have no right to write this repository")
-			log.Error("User %s has no right to write repository %s", user.Name, repoPath)
-			return
+			qlog.Fatalf("User %s has no right to write repository %s", user.Name, repoPath)
 		}
 	case isRead:
 		repo, err := models.GetRepositoryByName(repoUser.Id, repoName)
 		if err != nil {
 			println("Get repository error:", err)
-			log.Error("Get repository error: " + err.Error())
-			return
+			qlog.Fatal("Get repository error: " + err.Error())
 		}
 
 		if !repo.IsPrivate {
@@ -162,26 +158,22 @@ func runServ(k *cli.Context) {
 		has, err := models.HasAccess(user.Name, repoPath, models.AU_READABLE)
 		if err != nil {
 			println("Inernel error")
-			log.Error(err.Error())
-			return
+			qlog.Fatal(err)
 		}
 		if !has {
 			has, err = models.HasAccess(user.Name, repoPath, models.AU_WRITABLE)
 			if err != nil {
 				println("Inernel error")
-				log.Error(err.Error())
-				return
+				qlog.Fatal(err)
 			}
 		}
 		if !has {
 			println("You have no right to access this repository")
-			log.Error("You have no right to access this repository")
-			return
+			qlog.Fatal("You have no right to access this repository")
 		}
 	default:
 		println("Unknown command")
-		log.Error("Unknown command")
-		return
+		qlog.Fatal("Unknown command")
 	}
 
 	// for update use
@@ -197,7 +189,6 @@ func runServ(k *cli.Context) {
 
 	if err = gitcmd.Run(); err != nil {
 		println("execute command error:", err.Error())
-		log.Error("execute command error: " + err.Error())
-		return
+		qlog.Fatal("execute command error: " + err.Error())
 	}
 }
diff --git a/update.go b/update.go
index 97d924085..aae2e7104 100644
--- a/update.go
+++ b/update.go
@@ -92,13 +92,11 @@ func runUpdate(c *cli.Context) {
 	newOid, err := git.NewOidFromString(newCommitId)
 	if err != nil {
 		qlog.Fatalf("runUpdate.Ref repoId: %v", err)
-		return
 	}
 
 	newCommit, err := repo.LookupCommit(newOid)
 	if err != nil {
 		qlog.Fatalf("runUpdate.Ref repoId: %v", err)
-		return
 	}
 
 	var l *list.List
@@ -107,38 +105,32 @@ func runUpdate(c *cli.Context) {
 		l, err = repo.CommitsBefore(newCommit.Id())
 		if err != nil {
 			qlog.Fatalf("Find CommitsBefore erro:", err)
-			return
 		}
 	} else {
 		oldOid, err := git.NewOidFromString(oldCommitId)
 		if err != nil {
 			qlog.Fatalf("runUpdate.Ref repoId: %v", err)
-			return
 		}
 
 		oldCommit, err := repo.LookupCommit(oldOid)
 		if err != nil {
 			qlog.Fatalf("runUpdate.Ref repoId: %v", err)
-			return
 		}
 		l = repo.CommitsBetween(newCommit, oldCommit)
 	}
 
 	if err != nil {
 		qlog.Fatalf("runUpdate.Commit repoId: %v", err)
-		return
 	}
 
 	sUserId, err := strconv.Atoi(userId)
 	if err != nil {
 		qlog.Fatalf("runUpdate.Parse userId: %v", err)
-		return
 	}
 
 	repos, err := models.GetRepositoryByName(int64(sUserId), repoName)
 	if err != nil {
 		qlog.Fatalf("runUpdate.GetRepositoryByName userId: %v", err)
-		return
 	}
 
 	commits := make([]*base.PushCommit, 0)

From 6a16866f4e0908e62c5e5b30e3dc0ef8e4cb0819 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sun, 6 Apr 2014 13:41:58 -0400
Subject: [PATCH 15/24] Fix bug related to log

---
 conf/app.ini         | 2 +-
 modules/base/conf.go | 2 +-
 serve.go             | 3 ++-
 update.go            | 3 ++-
 4 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/conf/app.ini b/conf/app.ini
index f88c750e0..43033eaa6 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -14,7 +14,7 @@ LICENSES = Apache v2 License|GPL v2|MIT License|Affero GPL|Artistic License 2.0|
 [server]
 PROTOCOL = http
 DOMAIN = localhost
-ROOT_URL = %(PROTOCOL)://%(DOMAIN)s:%(HTTP_PORT)s/
+ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
 HTTP_ADDR = 
 HTTP_PORT = 3000
 CERT_FILE = cert.pem
diff --git a/modules/base/conf.go b/modules/base/conf.go
index 4a6eec70a..4285b5239 100644
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -288,7 +288,7 @@ func NewConfigContext() {
 	if err != nil {
 		qlog.Fatalf("Fail to get home directory): %v\n", err)
 	}
-	RepoRootPath = Cfg.MustValue("repository", "ROOT", filepath.Join(homeDir, "git/gogs-repositories"))
+	RepoRootPath = Cfg.MustValue("repository", "ROOT", filepath.Join(homeDir, "gogs-repositories"))
 	if err = os.MkdirAll(RepoRootPath, os.ModePerm); err != nil {
 		qlog.Fatalf("Fail to create RepoRootPath(%s): %v\n", RepoRootPath, err)
 	}
diff --git a/serve.go b/serve.go
index e7649476d..7e00db473 100644
--- a/serve.go
+++ b/serve.go
@@ -46,7 +46,8 @@ gogs serv provide access auth for repositories`,
 func newLogger(execDir string) {
 	logPath := execDir + "/log/serv.log"
 	os.MkdirAll(path.Dir(logPath), os.ModePerm)
-	f, err := os.Open(logPath)
+
+	f, err := os.OpenFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, os.ModePerm)
 	if err != nil {
 		qlog.Fatal(err)
 	}
diff --git a/update.go b/update.go
index aae2e7104..79ce8f524 100644
--- a/update.go
+++ b/update.go
@@ -32,7 +32,8 @@ gogs serv provide access auth for repositories`,
 func newUpdateLogger(execDir string) {
 	logPath := execDir + "/log/update.log"
 	os.MkdirAll(path.Dir(logPath), os.ModePerm)
-	f, err := os.Open(logPath)
+
+	f, err := os.OpenFile(logPath, os.O_WRONLY|os.O_APPEND|os.O_CREATE, os.ModePerm)
 	if err != nil {
 		qlog.Fatal(err)
 	}

From db1fe3483ed2c8c0962ee4395073e0b190310602 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sun, 6 Apr 2014 13:54:48 -0400
Subject: [PATCH 16/24] Fix bug related to log

---
 modules/base/conf.go | 3 +--
 update.go            | 2 +-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/modules/base/conf.go b/modules/base/conf.go
index 4285b5239..0a618ab1d 100644
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -150,6 +150,7 @@ func newLogService() {
 			Cfg.MustValue(modeSec, "CONN"))
 	}
 
+	log.Info("%s %s", AppName, AppVer)
 	log.NewLogger(Cfg.MustInt64("log", "BUFFER_LEN", 10000), LogMode, LogConfig)
 	log.Info("Log Mode: %s(%s)", strings.Title(LogMode), levelName)
 }
@@ -292,8 +293,6 @@ func NewConfigContext() {
 	if err = os.MkdirAll(RepoRootPath, os.ModePerm); err != nil {
 		qlog.Fatalf("Fail to create RepoRootPath(%s): %v\n", RepoRootPath, err)
 	}
-
-	log.Info("%s %s", AppName, AppVer)
 }
 
 func NewServices() {
diff --git a/update.go b/update.go
index 79ce8f524..c9cbb35b9 100644
--- a/update.go
+++ b/update.go
@@ -45,7 +45,7 @@ func newUpdateLogger(execDir string) {
 // for command: ./gogs update
 func runUpdate(c *cli.Context) {
 	execDir, _ := base.ExecDir()
-	newLogger(execDir)
+	newUpdateLogger(execDir)
 
 	base.NewConfigContext()
 	models.LoadModelsConfig()

From e7c8a3cb8d26da68b09f799585c03970cd243be1 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Sun, 6 Apr 2014 16:10:57 -0400
Subject: [PATCH 17/24] Add salt for every single user

---
 .gopmfile               |  1 -
 README.md               |  4 ++--
 README_ZH.md            |  2 +-
 gogs.go                 |  2 +-
 models/user.go          | 31 ++++++++++++++++---------------
 modules/base/tool.go    | 40 ++++++++++++++++++++++++++++++++++++++++
 routers/user/setting.go |  7 ++-----
 routers/user/user.go    |  7 ++-----
 8 files changed, 64 insertions(+), 30 deletions(-)

diff --git a/.gopmfile b/.gopmfile
index 9bdca49fc..c9fad8a03 100644
--- a/.gopmfile
+++ b/.gopmfile
@@ -7,7 +7,6 @@ github.com/go-martini/martini =
 github.com/Unknwon/com = 
 github.com/Unknwon/cae = 
 github.com/Unknwon/goconfig = 
-github.com/dchest/scrypt = 
 github.com/nfnt/resize = 
 github.com/lunny/xorm = 
 github.com/go-sql-driver/mysql = 
diff --git a/README.md b/README.md
index ede1894ad..fe15328b1 100644
--- a/README.md
+++ b/README.md
@@ -5,9 +5,9 @@ Gogs(Go Git Service) is a Self Hosted Git Service in the Go Programming Language
 
 ![Demo](http://gowalker.org/public/gogs_demo.gif)
 
-##### Current version: 0.2.1 Alpha
+##### Current version: 0.2.2 Alpha
 
-#### Due to testing purpose, data of [try.gogits.org](http://try.gogits.org) has been reset in March 29, 2014 and will reset multiple times after. Please do NOT put your important data on the site.
+#### Due to testing purpose, data of [try.gogits.org](http://try.gogits.org) has been reset in April 6, 2014 and will reset multiple times after. Please do NOT put your important data on the site.
 
 #### Other language version
 
diff --git a/README_ZH.md b/README_ZH.md
index 9b5e46413..015ee0af9 100644
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -5,7 +5,7 @@ Gogs(Go Git Service) 是一个由 Go 语言编写的自助 Git 托管服务。
 
 ![Demo](http://gowalker.org/public/gogs_demo.gif)
 
-##### 当前版本：0.2.1 Alpha
+##### 当前版本：0.2.2 Alpha
 
 ## 开发目的
 
diff --git a/gogs.go b/gogs.go
index 0e48ff7b1..e71974820 100644
--- a/gogs.go
+++ b/gogs.go
@@ -19,7 +19,7 @@ import (
 // Test that go1.2 tag above is included in builds. main.go refers to this definition.
 const go12tag = true
 
-const APP_VER = "0.2.1.0406 Alpha"
+const APP_VER = "0.2.2.0406 Alpha"
 
 func init() {
 	base.AppVer = APP_VER
diff --git a/models/user.go b/models/user.go
index 2196eae84..a5a6de097 100644
--- a/models/user.go
+++ b/models/user.go
@@ -5,6 +5,7 @@
 package models
 
 import (
+	"crypto/sha256"
 	"encoding/hex"
 	"errors"
 	"fmt"
@@ -13,8 +14,6 @@ import (
 	"strings"
 	"time"
 
-	"github.com/dchest/scrypt"
-
 	"github.com/gogits/git"
 
 	"github.com/gogits/gogs/modules/base"
@@ -62,6 +61,7 @@ type User struct {
 	IsActive      bool
 	IsAdmin       bool
 	Rands         string    `xorm:"VARCHAR(10)"`
+	Salt          string    `xorm:"VARCHAR(10)"`
 	Created       time.Time `xorm:"created"`
 	Updated       time.Time `xorm:"updated"`
 }
@@ -89,10 +89,9 @@ func (user *User) NewGitSig() *git.Signature {
 }
 
 // EncodePasswd encodes password to safe format.
-func (user *User) EncodePasswd() error {
-	newPasswd, err := scrypt.Key([]byte(user.Passwd), []byte(base.SecretKey), 16384, 8, 1, 64)
+func (user *User) EncodePasswd() {
+	newPasswd := base.PBKDF2([]byte(user.Passwd), []byte(user.Salt), 10000, 50, sha256.New)
 	user.Passwd = fmt.Sprintf("%x", newPasswd)
-	return err
 }
 
 // Member represents user is member of organization.
@@ -148,9 +147,9 @@ func RegisterUser(user *User) (*User, error) {
 	user.Avatar = base.EncodeMd5(user.Email)
 	user.AvatarEmail = user.Email
 	user.Rands = GetUserSalt()
-	if err = user.EncodePasswd(); err != nil {
-		return nil, err
-	} else if _, err = orm.Insert(user); err != nil {
+	user.Salt = GetUserSalt()
+	user.EncodePasswd()
+	if _, err = orm.Insert(user); err != nil {
 		return nil, err
 	} else if err = os.MkdirAll(UserPath(user.Name), os.ModePerm); err != nil {
 		if _, err := orm.Id(user.Id).Delete(&User{}); err != nil {
@@ -384,18 +383,20 @@ func GetUserByEmail(email string) (*User, error) {
 
 // LoginUserPlain validates user by raw user name and password.
 func LoginUserPlain(name, passwd string) (*User, error) {
-	user := User{LowerName: strings.ToLower(name), Passwd: passwd}
-	if err := user.EncodePasswd(); err != nil {
-		return nil, err
-	}
-
+	user := User{LowerName: strings.ToLower(name)}
 	has, err := orm.Get(&user)
 	if err != nil {
 		return nil, err
 	} else if !has {
-		err = ErrUserNotExist
+		return nil, ErrUserNotExist
 	}
-	return &user, err
+
+	newUser := &User{Passwd: passwd, Salt: user.Salt}
+	newUser.EncodePasswd()
+	if user.Passwd != newUser.Passwd {
+		return nil, ErrUserNotExist
+	}
+	return &user, nil
 }
 
 // Follow is connection request for receiving user notifycation.
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 3946c4b56..f7d1bc2c5 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -6,12 +6,14 @@ package base
 
 import (
 	"bytes"
+	"crypto/hmac"
 	"crypto/md5"
 	"crypto/rand"
 	"crypto/sha1"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
+	"hash"
 	"math"
 	"strconv"
 	"strings"
@@ -40,6 +42,44 @@ func GetRandomString(n int, alphabets ...byte) string {
 	return string(bytes)
 }
 
+// http://code.google.com/p/go/source/browse/pbkdf2/pbkdf2.go?repo=crypto
+func PBKDF2(password, salt []byte, iter, keyLen int, h func() hash.Hash) []byte {
+	prf := hmac.New(h, password)
+	hashLen := prf.Size()
+	numBlocks := (keyLen + hashLen - 1) / hashLen
+
+	var buf [4]byte
+	dk := make([]byte, 0, numBlocks*hashLen)
+	U := make([]byte, hashLen)
+	for block := 1; block <= numBlocks; block++ {
+		// N.B.: || means concatenation, ^ means XOR
+		// for each block T_i = U_1 ^ U_2 ^ ... ^ U_iter
+		// U_1 = PRF(password, salt || uint(i))
+		prf.Reset()
+		prf.Write(salt)
+		buf[0] = byte(block >> 24)
+		buf[1] = byte(block >> 16)
+		buf[2] = byte(block >> 8)
+		buf[3] = byte(block)
+		prf.Write(buf[:4])
+		dk = prf.Sum(dk)
+		T := dk[len(dk)-hashLen:]
+		copy(U, T)
+
+		// U_n = PRF(password, U_(n-1))
+		for n := 2; n <= iter; n++ {
+			prf.Reset()
+			prf.Write(U)
+			U = U[:0]
+			U = prf.Sum(U)
+			for x := range U {
+				T[x] ^= U[x]
+			}
+		}
+	}
+	return dk[:keyLen]
+}
+
 // verify time limit code
 func VerifyTimeLimitCode(data string, minutes int, code string) bool {
 	if len(code) <= 18 {
diff --git a/routers/user/setting.go b/routers/user/setting.go
index 4b6d88a36..ea779e854 100644
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@@ -73,11 +73,7 @@ func SettingPassword(ctx *middleware.Context, form auth.UpdatePasswdForm) {
 
 	user := ctx.User
 	newUser := &models.User{Passwd: form.NewPasswd}
-	if err := newUser.EncodePasswd(); err != nil {
-		ctx.Handle(200, "setting.SettingPassword", err)
-		return
-	}
-
+	newUser.EncodePasswd()
 	if user.Passwd != newUser.Passwd {
 		ctx.Data["HasError"] = true
 		ctx.Data["ErrorMsg"] = "Old password is not correct"
@@ -85,6 +81,7 @@ func SettingPassword(ctx *middleware.Context, form auth.UpdatePasswdForm) {
 		ctx.Data["HasError"] = true
 		ctx.Data["ErrorMsg"] = "New password and re-type password are not same"
 	} else {
+		newUser.Salt = models.GetUserSalt()
 		user.Passwd = newUser.Passwd
 		if err := models.UpdateUser(user); err != nil {
 			ctx.Handle(200, "setting.SettingPassword", err)
diff --git a/routers/user/user.go b/routers/user/user.go
index 872ed0d60..12f2bd8c5 100644
--- a/routers/user/user.go
+++ b/routers/user/user.go
@@ -477,12 +477,9 @@ func ResetPasswd(ctx *middleware.Context) {
 		}
 
 		u.Passwd = passwd
-		if err := u.EncodePasswd(); err != nil {
-			ctx.Handle(404, "user.ResetPasswd(EncodePasswd)", err)
-			return
-		}
-
 		u.Rands = models.GetUserSalt()
+		u.Salt = models.GetUserSalt()
+		u.EncodePasswd()
 		if err := models.UpdateUser(u); err != nil {
 			ctx.Handle(404, "user.ResetPasswd(UpdateUser)", err)
 			return

From e2fe2209057b90e6c78a84b7c66c3395cf100e30 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Mon, 7 Apr 2014 00:47:19 -0400
Subject: [PATCH 18/24] Work on comment

---
 modules/base/markdown.go |  27 +++++++++-
 modules/base/template.go | 106 +++++++++++++++++++++++++++++++++++++++
 modules/base/tool.go     | 106 ---------------------------------------
 3 files changed, 131 insertions(+), 108 deletions(-)

diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index 962e1ae1e..828f87de5 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -6,9 +6,11 @@ package base
 
 import (
 	"bytes"
+	"fmt"
 	"net/http"
 	"path"
 	"path/filepath"
+	"regexp"
 	"strings"
 
 	"github.com/gogits/gfm"
@@ -87,7 +89,28 @@ func (options *CustomRender) Link(out *bytes.Buffer, link []byte, title []byte,
 	options.Renderer.Link(out, link, title, content)
 }
 
+var (
+	mentionPattern = regexp.MustCompile(`@[0-9a-zA-Z_]{1,}`)
+	commitPattern  = regexp.MustCompile(`[^>]http[s]{0,}.*commit/[0-9a-zA-Z]{1,}`)
+)
+
+func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
+	ms := mentionPattern.FindAll(rawBytes, -1)
+	for _, m := range ms {
+		rawBytes = bytes.Replace(rawBytes, m,
+			[]byte(fmt.Sprintf(`<a href="/user/%s">%s</a>`, m[1:], m)), -1)
+	}
+	ms = commitPattern.FindAll(rawBytes, -1)
+	for _, m := range ms {
+		rawBytes = bytes.Replace(rawBytes, m,
+			[]byte(fmt.Sprintf(`<code><a href="%s">%s</a></code>`, m, m)), -1)
+	}
+	return rawBytes
+}
+
 func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
+	body := RenderSpecialLink(rawBytes, urlPrefix)
+	fmt.Println(string(body))
 	htmlFlags := 0
 	// htmlFlags |= gfm.HTML_USE_XHTML
 	// htmlFlags |= gfm.HTML_USE_SMARTYPANTS
@@ -115,7 +138,7 @@ func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
 	extensions |= gfm.EXTENSION_SPACE_HEADERS
 	extensions |= gfm.EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK
 
-	body := gfm.Markdown(rawBytes, renderer, extensions)
-
+	body = gfm.Markdown(body, renderer, extensions)
+	fmt.Println(string(body))
 	return body
 }
diff --git a/modules/base/template.go b/modules/base/template.go
index 56b77a5d6..6cd8ade61 100644
--- a/modules/base/template.go
+++ b/modules/base/template.go
@@ -5,7 +5,9 @@
 package base
 
 import (
+	"bytes"
 	"container/list"
+	"encoding/json"
 	"fmt"
 	"html/template"
 	"strings"
@@ -85,3 +87,107 @@ var TemplateFuncs template.FuncMap = map[string]interface{}{
 	"DiffLineTypeToStr": DiffLineTypeToStr,
 	"ShortSha":          ShortSha,
 }
+
+type Actioner interface {
+	GetOpType() int
+	GetActUserName() string
+	GetActEmail() string
+	GetRepoName() string
+	GetBranch() string
+	GetContent() string
+}
+
+// ActionIcon accepts a int that represents action operation type
+// and returns a icon class name.
+func ActionIcon(opType int) string {
+	switch opType {
+	case 1: // Create repository.
+		return "plus-circle"
+	case 5: // Commit repository.
+		return "arrow-circle-o-right"
+	case 6: // Create issue.
+		return "exclamation-circle"
+	case 8: // Transfer repository.
+		return "share"
+	default:
+		return "invalid type"
+	}
+}
+
+const (
+	TPL_CREATE_REPO    = `<a href="/user/%s">%s</a> created repository <a href="/%s">%s</a>`
+	TPL_COMMIT_REPO    = `<a href="/user/%s">%s</a> pushed to <a href="/%s/src/%s">%s</a> at <a href="/%s">%s</a>%s`
+	TPL_COMMIT_REPO_LI = `<div><img src="%s?s=16" alt="user-avatar"/> <a href="/%s/commit/%s">%s</a> %s</div>`
+	TPL_CREATE_ISSUE   = `<a href="/user/%s">%s</a> opened issue <a href="/%s/issues/%s">%s#%s</a>
+<div><img src="%s?s=16" alt="user-avatar"/> %s</div>`
+	TPL_TRANSFER_REPO = `<a href="/user/%s">%s</a> transfered repository <code>%s</code> to <a href="/%s">%s</a>`
+)
+
+type PushCommit struct {
+	Sha1        string
+	Message     string
+	AuthorEmail string
+	AuthorName  string
+}
+
+type PushCommits struct {
+	Len     int
+	Commits []*PushCommit
+}
+
+// ActionDesc accepts int that represents action operation type
+// and returns the description.
+func ActionDesc(act Actioner) string {
+	actUserName := act.GetActUserName()
+	email := act.GetActEmail()
+	repoName := act.GetRepoName()
+	repoLink := actUserName + "/" + repoName
+	branch := act.GetBranch()
+	content := act.GetContent()
+	switch act.GetOpType() {
+	case 1: // Create repository.
+		return fmt.Sprintf(TPL_CREATE_REPO, actUserName, actUserName, repoLink, repoName)
+	case 5: // Commit repository.
+		var push *PushCommits
+		if err := json.Unmarshal([]byte(content), &push); err != nil {
+			return err.Error()
+		}
+		buf := bytes.NewBuffer([]byte("\n"))
+		for _, commit := range push.Commits {
+			buf.WriteString(fmt.Sprintf(TPL_COMMIT_REPO_LI, AvatarLink(commit.AuthorEmail), repoLink, commit.Sha1, commit.Sha1[:7], commit.Message) + "\n")
+		}
+		if push.Len > 3 {
+			buf.WriteString(fmt.Sprintf(`<div><a href="/%s/%s/commits/%s">%d other commits >></a></div>`, actUserName, repoName, branch, push.Len))
+		}
+		return fmt.Sprintf(TPL_COMMIT_REPO, actUserName, actUserName, repoLink, branch, branch, repoLink, repoLink,
+			buf.String())
+	case 6: // Create issue.
+		infos := strings.SplitN(content, "|", 2)
+		return fmt.Sprintf(TPL_CREATE_ISSUE, actUserName, actUserName, repoLink, infos[0], repoLink, infos[0],
+			AvatarLink(email), infos[1])
+	case 8: // Transfer repository.
+		newRepoLink := content + "/" + repoName
+		return fmt.Sprintf(TPL_TRANSFER_REPO, actUserName, actUserName, repoLink, newRepoLink, newRepoLink)
+	default:
+		return "invalid type"
+	}
+}
+
+func DiffTypeToStr(diffType int) string {
+	diffTypes := map[int]string{
+		1: "add", 2: "modify", 3: "del",
+	}
+	return diffTypes[diffType]
+}
+
+func DiffLineTypeToStr(diffType int) string {
+	switch diffType {
+	case 2:
+		return "add"
+	case 3:
+		return "del"
+	case 4:
+		return "tag"
+	}
+	return "same"
+}
diff --git a/modules/base/tool.go b/modules/base/tool.go
index f7d1bc2c5..0f06b3e0e 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -5,13 +5,11 @@
 package base
 
 import (
-	"bytes"
 	"crypto/hmac"
 	"crypto/md5"
 	"crypto/rand"
 	"crypto/sha1"
 	"encoding/hex"
-	"encoding/json"
 	"fmt"
 	"hash"
 	"math"
@@ -514,107 +512,3 @@ func (a argInt) Get(i int, args ...int) (r int) {
 	}
 	return
 }
-
-type Actioner interface {
-	GetOpType() int
-	GetActUserName() string
-	GetActEmail() string
-	GetRepoName() string
-	GetBranch() string
-	GetContent() string
-}
-
-// ActionIcon accepts a int that represents action operation type
-// and returns a icon class name.
-func ActionIcon(opType int) string {
-	switch opType {
-	case 1: // Create repository.
-		return "plus-circle"
-	case 5: // Commit repository.
-		return "arrow-circle-o-right"
-	case 6: // Create issue.
-		return "exclamation-circle"
-	case 8: // Transfer repository.
-		return "share"
-	default:
-		return "invalid type"
-	}
-}
-
-const (
-	TPL_CREATE_REPO    = `<a href="/user/%s">%s</a> created repository <a href="/%s">%s</a>`
-	TPL_COMMIT_REPO    = `<a href="/user/%s">%s</a> pushed to <a href="/%s/src/%s">%s</a> at <a href="/%s">%s</a>%s`
-	TPL_COMMIT_REPO_LI = `<div><img src="%s?s=16" alt="user-avatar"/> <a href="/%s/commit/%s">%s</a> %s</div>`
-	TPL_CREATE_ISSUE   = `<a href="/user/%s">%s</a> opened issue <a href="/%s/issues/%s">%s#%s</a>
-<div><img src="%s?s=16" alt="user-avatar"/> %s</div>`
-	TPL_TRANSFER_REPO = `<a href="/user/%s">%s</a> transfered repository <code>%s</code> to <a href="/%s">%s</a>`
-)
-
-type PushCommit struct {
-	Sha1        string
-	Message     string
-	AuthorEmail string
-	AuthorName  string
-}
-
-type PushCommits struct {
-	Len     int
-	Commits []*PushCommit
-}
-
-// ActionDesc accepts int that represents action operation type
-// and returns the description.
-func ActionDesc(act Actioner) string {
-	actUserName := act.GetActUserName()
-	email := act.GetActEmail()
-	repoName := act.GetRepoName()
-	repoLink := actUserName + "/" + repoName
-	branch := act.GetBranch()
-	content := act.GetContent()
-	switch act.GetOpType() {
-	case 1: // Create repository.
-		return fmt.Sprintf(TPL_CREATE_REPO, actUserName, actUserName, repoLink, repoName)
-	case 5: // Commit repository.
-		var push *PushCommits
-		if err := json.Unmarshal([]byte(content), &push); err != nil {
-			return err.Error()
-		}
-		buf := bytes.NewBuffer([]byte("\n"))
-		for _, commit := range push.Commits {
-			buf.WriteString(fmt.Sprintf(TPL_COMMIT_REPO_LI, AvatarLink(commit.AuthorEmail), repoLink, commit.Sha1, commit.Sha1[:7], commit.Message) + "\n")
-		}
-		if push.Len > 3 {
-			buf.WriteString(fmt.Sprintf(`<div><a href="/%s/%s/commits/%s">%d other commits >></a></div>`, actUserName, repoName, branch, push.Len))
-		}
-		return fmt.Sprintf(TPL_COMMIT_REPO, actUserName, actUserName, repoLink, branch, branch, repoLink, repoLink,
-			buf.String())
-	case 6: // Create issue.
-		infos := strings.SplitN(content, "|", 2)
-		return fmt.Sprintf(TPL_CREATE_ISSUE, actUserName, actUserName, repoLink, infos[0], repoLink, infos[0],
-			AvatarLink(email), infos[1])
-	case 8: // Transfer repository.
-		newRepoLink := content + "/" + repoName
-		return fmt.Sprintf(TPL_TRANSFER_REPO, actUserName, actUserName, repoLink, newRepoLink, newRepoLink)
-	default:
-		return "invalid type"
-	}
-}
-
-func DiffTypeToStr(diffType int) string {
-	diffTypes := map[int]string{
-		1: "add", 2: "modify", 3: "del",
-	}
-	return diffTypes[diffType]
-}
-
-func DiffLineTypeToStr(diffType int) string {
-	switch diffType {
-	case 2:
-		return "add"
-	case 3:
-		return "del"
-	case 4:
-		return "tag"
-	}
-	return "same"
-}

From 8c9a0494ecb477a641c07be68a9c0cb8fa661d29 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Mon, 7 Apr 2014 01:55:22 -0400
Subject: [PATCH 19/24] Add @ # commit link detect on all markdown render

---
 modules/base/markdown.go        | 45 +++++++++++++++++++++++++--------
 routers/api/v1/miscellaneous.go |  2 +-
 routers/repo/issue.go           |  8 +++---
 templates/issue/view.tmpl       |  2 +-
 4 files changed, 41 insertions(+), 16 deletions(-)

diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index 828f87de5..f0992d04d 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -90,8 +90,10 @@ func (options *CustomRender) Link(out *bytes.Buffer, link []byte, title []byte,
 }
 
 var (
-	mentionPattern = regexp.MustCompile(`@[0-9a-zA-Z_]{1,}`)
-	commitPattern  = regexp.MustCompile(`[^>]http[s]{0,}.*commit/[0-9a-zA-Z]{1,}`)
+	mentionPattern    = regexp.MustCompile(`@[0-9a-zA-Z_]{1,}`)
+	commitPattern     = regexp.MustCompile(`(\s|^)https?.*commit/[0-9a-zA-Z]+(#+[0-9a-zA-Z-]*)?`)
+	issueFullPattern  = regexp.MustCompile(`(\s|^)https?.*issues/[0-9]+(#+[0-9a-zA-Z-]*)?`)
+	issueIndexPattern = regexp.MustCompile(`(\s|^)#[0-9]+`)
 )
 
 func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
@@ -102,8 +104,31 @@ func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
 	}
 	ms = commitPattern.FindAll(rawBytes, -1)
 	for _, m := range ms {
-		rawBytes = bytes.Replace(rawBytes, m,
-			[]byte(fmt.Sprintf(`<code><a href="%s">%s</a></code>`, m, m)), -1)
+		m = bytes.TrimPrefix(m, []byte(" "))
+		i := strings.Index(string(m), "commit/")
+		j := strings.Index(string(m), "#")
+		if j == -1 {
+			j = len(m)
+		}
+		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
+			` <code><a href="%s">%s</a></code>`, m, ShortSha(string(m[i+7:j])))), -1)
+	}
+	ms = issueFullPattern.FindAll(rawBytes, -1)
+	for _, m := range ms {
+		m = bytes.TrimPrefix(m, []byte(" "))
+		i := strings.Index(string(m), "issues/")
+		j := strings.Index(string(m), "#")
+		if j == -1 {
+			j = len(m)
+		}
+		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
+			` <a href="%s">#%s</a>`, m, ShortSha(string(m[i+7:j])))), -1)
+	}
+	ms = issueIndexPattern.FindAll(rawBytes, -1)
+	for _, m := range ms {
+		m = bytes.TrimPrefix(m, []byte(" "))
+		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
+			` <a href="%s/issues/%s">%s</a>`, urlPrefix, m[1:], m)), -1)
 	}
 	return rawBytes
 }
@@ -122,10 +147,10 @@ func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
 	htmlFlags |= gfm.HTML_GITHUB_BLOCKCODE
 	htmlFlags |= gfm.HTML_OMIT_CONTENTS
 	// htmlFlags |= gfm.HTML_COMPLETE_PAGE
-	renderer := &CustomRender{
-		Renderer:  gfm.HtmlRenderer(htmlFlags, "", ""),
-		urlPrefix: urlPrefix,
-	}
+	// renderer := &CustomRender{
+	// 	Renderer:  gfm.HtmlRenderer(htmlFlags, "", ""),
+	// 	urlPrefix: urlPrefix,
+	// }
 
 	// set up the parser
 	extensions := 0
@@ -138,7 +163,7 @@ func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
 	extensions |= gfm.EXTENSION_SPACE_HEADERS
 	extensions |= gfm.EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK
 
-	body = gfm.Markdown(body, renderer, extensions)
-	fmt.Println(string(body))
+	// body = gfm.Markdown(body, renderer, extensions)
+	// fmt.Println(string(body))
 	return body
 }
diff --git a/routers/api/v1/miscellaneous.go b/routers/api/v1/miscellaneous.go
index 0ff1eb04a..babdfce9b 100644
--- a/routers/api/v1/miscellaneous.go
+++ b/routers/api/v1/miscellaneous.go
@@ -13,6 +13,6 @@ func Markdown(ctx *middleware.Context) {
 	content := ctx.Query("content")
 	ctx.Render.JSON(200, map[string]interface{}{
 		"ok":      true,
-		"content": string(base.RenderMarkdown([]byte(content), "")),
+		"content": string(base.RenderMarkdown([]byte(content), ctx.Query("repoLink"))),
 	})
 }
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index be9254264..38522e0c7 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -147,7 +147,7 @@ func ViewIssue(ctx *middleware.Context, params martini.Params) {
 		return
 	}
 	issue.Poster = u
-	issue.RenderedContent = string(base.RenderMarkdown([]byte(issue.Content), ""))
+	issue.RenderedContent = string(base.RenderMarkdown([]byte(issue.Content), ctx.Repo.RepoLink))
 
 	// Get comments.
 	comments, err := models.GetIssueComments(issue.Id)
@@ -164,7 +164,7 @@ func ViewIssue(ctx *middleware.Context, params martini.Params) {
 			return
 		}
 		comments[i].Poster = u
-		comments[i].Content = string(base.RenderMarkdown([]byte(comments[i].Content), ""))
+		comments[i].Content = string(base.RenderMarkdown([]byte(comments[i].Content), ctx.Repo.RepoLink))
 	}
 
 	ctx.Data["Title"] = issue.Name
@@ -193,7 +193,7 @@ func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 		return
 	}
 
-	if ctx.User.Id != issue.PosterId {
+	if ctx.User.Id != issue.PosterId && !ctx.Repo.IsOwner {
 		ctx.Handle(404, "issue.UpdateIssue", nil)
 		return
 	}
@@ -211,7 +211,7 @@ func UpdateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 	ctx.JSON(200, map[string]interface{}{
 		"ok":      true,
 		"title":   issue.Name,
-		"content": string(base.RenderMarkdown([]byte(issue.Content), "")),
+		"content": string(base.RenderMarkdown([]byte(issue.Content), ctx.Repo.RepoLink)),
 	})
 }
 
diff --git a/templates/issue/view.tmpl b/templates/issue/view.tmpl
index e619451cc..16d60d358 100644
--- a/templates/issue/view.tmpl
+++ b/templates/issue/view.tmpl
@@ -72,7 +72,7 @@
                                 </div>
                                 <ul class="nav nav-tabs" data-init="tabs">
                                     <li class="active issue-write"><a href="#issue-textarea" data-toggle="tab">Write</a></li>
-                                    <li class="issue-preview"><a href="#issue-preview" data-toggle="tab" data-ajax="/api/v1/markdown?repo=repo_id&issue=issue_id&comment=new" data-ajax-name="issue-preview" data-ajax-method="post" data-preview="#issue-preview">Preview</a></li>
+                                    <li class="issue-preview"><a href="#issue-preview" data-toggle="tab" data-ajax="/api/v1/markdown?repoLink={{.RepoLink}}" data-ajax-name="issue-preview" data-ajax-method="post" data-preview="#issue-preview">Preview</a></li>
                                 </ul>
                                 <div class="tab-content">
                                     <div class="tab-pane" id="issue-textarea">

From 125c87a405a689c37a3f3d0dede23d74c1581a81 Mon Sep 17 00:00:00 2001
From: skyblue <ssx205@gmail.com>
Date: Mon, 7 Apr 2014 14:14:17 +0800
Subject: [PATCH 20/24] update fswatch.json

---
 .fswatch.json | 11 ++---------
 web.go        |  2 +-
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/.fswatch.json b/.fswatch.json
index 81243ebc3..90a6e4eae 100644
--- a/.fswatch.json
+++ b/.fswatch.json
@@ -1,14 +1,7 @@
 {
     "paths": ["."],
     "depth": 2,
-    "exclude": [
-        "^gogs$",
-        "~$",
-        "\\.swp$",
-        "\\.exe$",
-        "\\.swx$",
-        ".*\\.log$"
-    ],
+    "exclude": [],
     "include": ["\\.go$"],
     "command": [
         "bash", "-c", "go build && ./gogs web"
@@ -16,5 +9,5 @@
     "env": {
         "POWERED_BY": "github.com/shxsun/fswatch"
     },
-    "enable-restart": false
+    "enable-restart": true
 }
diff --git a/web.go b/web.go
index a7a80436a..1cda2bfd7 100644
--- a/web.go
+++ b/web.go
@@ -147,7 +147,7 @@ func runWeb(*cli.Context) {
 		r.Get("/issues", repo.Issues)
 		r.Get("/issues/:index", repo.ViewIssue)
 		r.Get("/releases", repo.Releases)
-		r.Any("/releases/new",repo.ReleasesNew)
+		r.Any("/releases/new", repo.ReleasesNew)
 		r.Get("/pulls", repo.Pulls)
 		r.Get("/branches", repo.Branches)
 	}, ignSignIn, middleware.RepoAssignment(true))

From 05fb34eacdbec59fb8bcdf96c82c0855e6ec78d2 Mon Sep 17 00:00:00 2001
From: skyblue <ssx205@gmail.com>
Date: Mon, 7 Apr 2014 18:01:25 +0800
Subject: [PATCH 21/24] first works oauth2(github). need to login with
 /user/login/github

---
 models/oauth2.go       |  33 +++++++++--
 routers/user/social.go | 121 ++++++++++++++++++++++++++++++++---------
 web.go                 |   8 ++-
 3 files changed, 128 insertions(+), 34 deletions(-)

diff --git a/models/oauth2.go b/models/oauth2.go
index 70dcd5100..a17d4e30f 100644
--- a/models/oauth2.go
+++ b/models/oauth2.go
@@ -1,6 +1,6 @@
 package models
 
-import "time"
+import "fmt"
 
 // OT: Oauth2 Type
 const (
@@ -10,9 +10,30 @@ const (
 )
 
 type Oauth2 struct {
-	Uid         int64     `xorm:"pk"`               // userId
-	Type        int       `xorm:"pk unique(oauth)"` // twitter,github,google...
-	Identity    string    `xorm:"pk unique(oauth)"` // id..
-	Token       string    `xorm:"VARCHAR(200) not null"`
-	RefreshTime time.Time `xorm:"created"`
+	Uid      int64  `xorm:"pk"`               // userId
+	Type     int    `xorm:"pk unique(oauth)"` // twitter,github,google...
+	Identity string `xorm:"pk unique(oauth)"` // id..
+	Token    string `xorm:"VARCHAR(200) not null"`
+	//RefreshTime time.Time `xorm:"created"`
+}
+
+func AddOauth2(oa *Oauth2) (err error) {
+	if _, err = orm.Insert(oa); err != nil {
+		return err
+	}
+	return nil
+}
+
+func GetOauth2User(identity string) (u *User, err error) {
+	oa := &Oauth2{}
+	oa.Identity = identity
+	exists, err := orm.Get(oa)
+	if err != nil {
+		return
+	}
+	if !exists {
+		err = fmt.Errorf("not exists oauth2: %s", identity)
+		return
+	}
+	return GetUserById(oa.Uid)
 }
diff --git a/routers/user/social.go b/routers/user/social.go
index b59f49630..f5577d809 100644
--- a/routers/user/social.go
+++ b/routers/user/social.go
@@ -5,45 +5,114 @@ package user
 
 import (
 	"encoding/json"
+	"strconv"
+
+	"github.com/gogits/gogs/models"
+	"github.com/gogits/gogs/modules/base"
+	"github.com/gogits/gogs/modules/log"
+	"github.com/gogits/gogs/modules/middleware"
+	//"github.com/gogits/gogs/modules/oauth2"
 
 	"code.google.com/p/goauth2/oauth"
-	"github.com/gogits/gogs/modules/log"
-	"github.com/gogits/gogs/modules/oauth2"
+	"github.com/martini-contrib/oauth2"
 )
 
-// github && google && ...
-func SocialSignIn(tokens oauth2.Tokens) {
-	transport := &oauth.Transport{}
-	transport.Token = &oauth.Token{
-		AccessToken:  tokens.Access(),
-		RefreshToken: tokens.Refresh(),
-		Expiry:       tokens.ExpiryTime(),
-		Extra:        tokens.ExtraData(),
-	}
+type SocialConnector interface {
+	Identity() string
+	Type() int
+	Name() string
+	Email() string
+	Token() string
+}
 
-	// Github API refer: https://developer.github.com/v3/users/
-	// FIXME: need to judge url
-	type GithubUser struct {
+type SocialGithub struct {
+	data struct {
 		Id    int    `json:"id"`
 		Name  string `json:"login"`
 		Email string `json:"email"`
 	}
+	WebToken *oauth.Token
+}
 
-	// Make the request.
+func (s *SocialGithub) Identity() string {
+	return strconv.Itoa(s.data.Id)
+}
+
+func (s *SocialGithub) Type() int {
+	return models.OT_GITHUB
+}
+
+func (s *SocialGithub) Name() string {
+	return s.data.Name
+}
+
+func (s *SocialGithub) Email() string {
+	return s.data.Email
+}
+
+func (s *SocialGithub) Token() string {
+	data, _ := json.Marshal(s.WebToken)
+	return string(data)
+}
+
+// Github API refer: https://developer.github.com/v3/users/
+func (s *SocialGithub) Update() error {
 	scope := "https://api.github.com/user"
+	transport := &oauth.Transport{
+		Token: s.WebToken,
+	}
+	log.Debug("update github info")
 	r, err := transport.Client().Get(scope)
 	if err != nil {
-		log.Error("connect with github error: %s", err)
-		// FIXME: handle error page
-		return
+		return err
 	}
 	defer r.Body.Close()
-
-	user := &GithubUser{}
-	err = json.NewDecoder(r.Body).Decode(user)
-	if err != nil {
-		log.Error("Get: %s", err)
-	}
-	log.Info("login: %s", user.Name)
-	// FIXME: login here, user email to check auth, if not registe, then generate a uniq username
+	return json.NewDecoder(r.Body).Decode(&s.data)
+}
+
+// github && google && ...
+func SocialSignIn(ctx *middleware.Context, tokens oauth2.Tokens) {
+	gh := &SocialGithub{
+		WebToken: &oauth.Token{
+			AccessToken:  tokens.Access(),
+			RefreshToken: tokens.Refresh(),
+			Expiry:       tokens.ExpiryTime(),
+			Extra:        tokens.ExtraData(),
+		},
+	}
+	var err error
+	var u *models.User
+	if err = gh.Update(); err != nil {
+		// FIXME: handle error page
+		log.Error("connect with github error: %s", err)
+		return
+	}
+	var soc SocialConnector = gh
+	log.Info("login: %s", soc.Name())
+	// FIXME: login here, user email to check auth, if not registe, then generate a uniq username
+	if u, err = models.GetOauth2User(soc.Identity()); err != nil {
+		u = &models.User{
+			Name:     soc.Name(),
+			Email:    soc.Email(),
+			Passwd:   "123456",
+			IsActive: !base.Service.RegisterEmailConfirm,
+		}
+		if u, err = models.RegisterUser(u); err != nil {
+			log.Error("register user: %v", err)
+			return
+		}
+		oa := &models.Oauth2{}
+		oa.Uid = u.Id
+		oa.Type = soc.Type()
+		oa.Token = soc.Token()
+		oa.Identity = soc.Identity()
+		log.Info("oa: %v", oa)
+		if err = models.AddOauth2(oa); err != nil {
+			log.Error("add oauth2 %v", err)
+			return
+		}
+	}
+	ctx.Session.Set("userId", u.Id)
+	ctx.Session.Set("userName", u.Name)
+	ctx.Redirect("/")
 }
diff --git a/web.go b/web.go
index 86c395e7b..c8fb8dc09 100644
--- a/web.go
+++ b/web.go
@@ -20,13 +20,16 @@ import (
 	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/middleware"
-	"github.com/gogits/gogs/modules/oauth2"
+	//"github.com/gogits/gogs/modules/oauth2"
 	"github.com/gogits/gogs/routers"
 	"github.com/gogits/gogs/routers/admin"
 	"github.com/gogits/gogs/routers/api/v1"
 	"github.com/gogits/gogs/routers/dev"
 	"github.com/gogits/gogs/routers/repo"
 	"github.com/gogits/gogs/routers/user"
+
+	"github.com/martini-contrib/oauth2"
+	"github.com/martini-contrib/sessions"
 )
 
 var CmdWeb = cli.Command{
@@ -61,6 +64,7 @@ func runWeb(*cli.Context) {
 
 	scope := "https://api.github.com/user"
 	oauth2.PathCallback = "/oauth2callback"
+	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
 	m.Use(oauth2.Github(&oauth2.Options{
 		ClientId:     "09383403ff2dc16daaa1",
 		ClientSecret: "5f6e7101d30b77952aab22b75eadae17551ea6b5",
@@ -88,7 +92,7 @@ func runWeb(*cli.Context) {
 	m.Get("/avatar/:hash", avt.ServeHTTP)
 
 	m.Group("/user", func(r martini.Router) {
-		r.Any("/login/github", user.SocialSignIn)
+		r.Any("/login/github", reqSignOut, oauth2.LoginRequired, user.SocialSignIn)
 		r.Any("/login", binding.BindIgnErr(auth.LogInForm{}), user.SignIn)
 		r.Any("/sign_up", binding.BindIgnErr(auth.RegisterForm{}), user.SignUp)
 		r.Any("/forget_password", user.ForgotPasswd)

From 9ea9818d3255e5b08293205e278240dece36687d Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Mon, 7 Apr 2014 12:56:40 -0400
Subject: [PATCH 22/24] Fix issue with log in with GitHub but need more error
 handle after

---
 conf/app.ini                |  8 ++++++
 gogs.go                     |  2 +-
 models/user.go              | 13 +++++++++
 modules/base/conf.go        | 53 +++++++++++++++++++++++++++++--------
 modules/base/markdown.go    | 13 +++++----
 modules/mailer/mail.go      | 31 +++++++++++++++++-----
 modules/oauth2/oauth2.go    | 33 ++++++++++++++---------
 routers/repo/issue.go       | 28 ++++++++++++++++----
 routers/user/social.go      | 12 ++++++---
 routers/user/user.go        |  5 ++++
 templates/issue/create.tmpl |  2 +-
 templates/user/signin.tmpl  |  5 +++-
 web.go                      | 22 ++++++++-------
 13 files changed, 167 insertions(+), 60 deletions(-)

diff --git a/conf/app.ini b/conf/app.ini
index 43033eaa6..c90246005 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -72,6 +72,14 @@ FROM =
 USER = 
 PASSWD = 
 
+[oauth]
+ENABLED = false
+
+[oauth.github]
+ENABLED =
+CLIENT_ID = 
+CLIENT_SECRET = 
+
 [cache]
 ; Either "memory", "redis", or "memcache", default is "memory"
 ADAPTER = memory
diff --git a/gogs.go b/gogs.go
index e71974820..df268980f 100644
--- a/gogs.go
+++ b/gogs.go
@@ -19,7 +19,7 @@ import (
 // Test that go1.2 tag above is included in builds. main.go refers to this definition.
 const go12tag = true
 
-const APP_VER = "0.2.2.0406 Alpha"
+const APP_VER = "0.2.2.0407 Alpha"
 
 func init() {
 	base.AppVer = APP_VER
diff --git a/models/user.go b/models/user.go
index a5a6de097..0fcf72437 100644
--- a/models/user.go
+++ b/models/user.go
@@ -366,6 +366,19 @@ func GetUserByName(name string) (*User, error) {
 	return user, nil
 }
 
+// GetUserEmailsByNames returns a slice of e-mails corresponds to names.
+func GetUserEmailsByNames(names []string) []string {
+	mails := make([]string, 0, len(names))
+	for _, name := range names {
+		u, err := GetUserByName(name)
+		if err != nil {
+			continue
+		}
+		mails = append(mails, u.Email)
+	}
+	return mails
+}
+
 // GetUserByEmail returns the user object by given e-mail if exists.
 func GetUserByEmail(email string) (*User, error) {
 	if len(email) == 0 {
diff --git a/modules/base/conf.go b/modules/base/conf.go
index 0a618ab1d..ba9c320d7 100644
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -22,13 +22,21 @@ import (
 	"github.com/gogits/gogs/modules/log"
 )
 
-// Mailer represents a mail service.
+// Mailer represents mail service.
 type Mailer struct {
 	Name         string
 	Host         string
 	User, Passwd string
 }
 
+// Oauther represents oauth service.
+type Oauther struct {
+	GitHub struct {
+		Enabled                bool
+		ClientId, ClientSecret string
+	}
+}
+
 var (
 	AppVer       string
 	AppName      string
@@ -45,8 +53,9 @@ var (
 	CookieUserName     string
 	CookieRememberName string
 
-	Cfg         *goconfig.ConfigFile
-	MailService *Mailer
+	Cfg          *goconfig.ConfigFile
+	MailService  *Mailer
+	OauthService *Oauther
 
 	LogMode   string
 	LogConfig string
@@ -206,15 +215,17 @@ func newSessionService() {
 
 func newMailService() {
 	// Check mailer setting.
-	if Cfg.MustBool("mailer", "ENABLED") {
-		MailService = &Mailer{
-			Name:   Cfg.MustValue("mailer", "NAME", AppName),
-			Host:   Cfg.MustValue("mailer", "HOST"),
-			User:   Cfg.MustValue("mailer", "USER"),
-			Passwd: Cfg.MustValue("mailer", "PASSWD"),
-		}
-		log.Info("Mail Service Enabled")
+	if !Cfg.MustBool("mailer", "ENABLED") {
+		return
 	}
+
+	MailService = &Mailer{
+		Name:   Cfg.MustValue("mailer", "NAME", AppName),
+		Host:   Cfg.MustValue("mailer", "HOST"),
+		User:   Cfg.MustValue("mailer", "USER"),
+		Passwd: Cfg.MustValue("mailer", "PASSWD"),
+	}
+	log.Info("Mail Service Enabled")
 }
 
 func newRegisterMailService() {
@@ -239,6 +250,25 @@ func newNotifyMailService() {
 	log.Info("Notify Mail Service Enabled")
 }
 
+func newOauthService() {
+	if !Cfg.MustBool("oauth", "ENABLED") {
+		return
+	}
+
+	OauthService = &Oauther{}
+	oauths := make([]string, 0, 10)
+
+	// GitHub.
+	if Cfg.MustBool("oauth.github", "ENABLED") {
+		OauthService.GitHub.Enabled = true
+		OauthService.GitHub.ClientId = Cfg.MustValue("oauth.github", "CLIENT_ID")
+		OauthService.GitHub.ClientSecret = Cfg.MustValue("oauth.github", "CLIENT_SECRET")
+		oauths = append(oauths, "GitHub")
+	}
+
+	log.Info("Oauth Service Enabled %s", oauths)
+}
+
 func NewConfigContext() {
 	//var err error
 	workDir, err := ExecDir()
@@ -303,4 +333,5 @@ func NewServices() {
 	newMailService()
 	newRegisterMailService()
 	newNotifyMailService()
+	newOauthService()
 }
diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index f0992d04d..ce1e2f5be 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -90,21 +90,21 @@ func (options *CustomRender) Link(out *bytes.Buffer, link []byte, title []byte,
 }
 
 var (
-	mentionPattern    = regexp.MustCompile(`@[0-9a-zA-Z_]{1,}`)
+	MentionPattern    = regexp.MustCompile(`@[0-9a-zA-Z_]{1,}`)
 	commitPattern     = regexp.MustCompile(`(\s|^)https?.*commit/[0-9a-zA-Z]+(#+[0-9a-zA-Z-]*)?`)
 	issueFullPattern  = regexp.MustCompile(`(\s|^)https?.*issues/[0-9]+(#+[0-9a-zA-Z-]*)?`)
-	issueIndexPattern = regexp.MustCompile(`(\s|^)#[0-9]+`)
+	issueIndexPattern = regexp.MustCompile(`#[0-9]+`)
 )
 
 func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
-	ms := mentionPattern.FindAll(rawBytes, -1)
+	ms := MentionPattern.FindAll(rawBytes, -1)
 	for _, m := range ms {
 		rawBytes = bytes.Replace(rawBytes, m,
 			[]byte(fmt.Sprintf(`<a href="/user/%s">%s</a>`, m[1:], m)), -1)
 	}
 	ms = commitPattern.FindAll(rawBytes, -1)
 	for _, m := range ms {
-		m = bytes.TrimPrefix(m, []byte(" "))
+		m = bytes.TrimSpace(m)
 		i := strings.Index(string(m), "commit/")
 		j := strings.Index(string(m), "#")
 		if j == -1 {
@@ -115,7 +115,7 @@ func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
 	}
 	ms = issueFullPattern.FindAll(rawBytes, -1)
 	for _, m := range ms {
-		m = bytes.TrimPrefix(m, []byte(" "))
+		m = bytes.TrimSpace(m)
 		i := strings.Index(string(m), "issues/")
 		j := strings.Index(string(m), "#")
 		if j == -1 {
@@ -126,9 +126,8 @@ func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
 	}
 	ms = issueIndexPattern.FindAll(rawBytes, -1)
 	for _, m := range ms {
-		m = bytes.TrimPrefix(m, []byte(" "))
 		rawBytes = bytes.Replace(rawBytes, m, []byte(fmt.Sprintf(
-			` <a href="%s/issues/%s">%s</a>`, urlPrefix, m[1:], m)), -1)
+			`<a href="%s/issues/%s">%s</a>`, urlPrefix, m[1:], m)), -1)
 	}
 	return rawBytes
 }
diff --git a/modules/mailer/mail.go b/modules/mailer/mail.go
index eee6b916c..d2bf1310a 100644
--- a/modules/mailer/mail.go
+++ b/modules/mailer/mail.go
@@ -111,11 +111,11 @@ func SendResetPasswdMail(r *middleware.Render, user *models.User) {
 	SendAsync(&msg)
 }
 
-// SendNotifyMail sends mail notification of all watchers.
-func SendNotifyMail(user, owner *models.User, repo *models.Repository, issue *models.Issue) error {
+// SendIssueNotifyMail sends mail notification of all watchers of repository.
+func SendIssueNotifyMail(user, owner *models.User, repo *models.Repository, issue *models.Issue) ([]string, error) {
 	watches, err := models.GetWatches(repo.Id)
 	if err != nil {
-		return errors.New("mail.NotifyWatchers(get watches): " + err.Error())
+		return nil, errors.New("mail.NotifyWatchers(get watches): " + err.Error())
 	}
 
 	tos := make([]string, 0, len(watches))
@@ -126,20 +126,37 @@ func SendNotifyMail(user, owner *models.User, repo *models.Repository, issue *mo
 		}
 		u, err := models.GetUserById(uid)
 		if err != nil {
-			return errors.New("mail.NotifyWatchers(get user): " + err.Error())
+			return nil, errors.New("mail.NotifyWatchers(get user): " + err.Error())
 		}
 		tos = append(tos, u.Email)
 	}
 
 	if len(tos) == 0 {
-		return nil
+		return tos, nil
 	}
 
 	subject := fmt.Sprintf("[%s] %s", repo.Name, issue.Name)
 	content := fmt.Sprintf("%s<br>-<br> <a href=\"%s%s/%s/issues/%d\">View it on Gogs</a>.",
-		issue.Content, base.AppUrl, owner.Name, repo.Name, issue.Index)
+		base.RenderSpecialLink([]byte(issue.Content), owner.Name+"/"+repo.Name),
+		base.AppUrl, owner.Name, repo.Name, issue.Index)
 	msg := NewMailMessageFrom(tos, user.Name, subject, content)
-	msg.Info = fmt.Sprintf("Subject: %s, send notify emails", subject)
+	msg.Info = fmt.Sprintf("Subject: %s, send issue notify emails", subject)
+	SendAsync(&msg)
+	return tos, nil
+}
+
+// SendIssueMentionMail sends mail notification for who are mentioned in issue.
+func SendIssueMentionMail(user, owner *models.User, repo *models.Repository, issue *models.Issue, tos []string) error {
+	if len(tos) == 0 {
+		return nil
+	}
+
+	issueLink := fmt.Sprintf("%s%s/%s/issues/%d", base.AppUrl, owner.Name, repo.Name, issue.Index)
+	body := fmt.Sprintf(`%s mentioned you.`)
+	subject := fmt.Sprintf("[%s] %s", repo.Name, issue.Name)
+	content := fmt.Sprintf("%s<br>-<br> <a href=\"%s\">View it on Gogs</a>.", body, issueLink)
+	msg := NewMailMessageFrom(tos, user.Name, subject, content)
+	msg.Info = fmt.Sprintf("Subject: %s, send issue mention emails", subject)
 	SendAsync(&msg)
 	return nil
 }
diff --git a/modules/oauth2/oauth2.go b/modules/oauth2/oauth2.go
index 6612b95a8..180c52ca0 100644
--- a/modules/oauth2/oauth2.go
+++ b/modules/oauth2/oauth2.go
@@ -29,13 +29,13 @@ import (
 
 	"github.com/gogits/session"
 
+	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/middleware"
 )
 
 const (
-	codeRedirect = 302
-	keyToken     = "oauth2_token"
-	keyNextPage  = "next"
+	keyToken    = "oauth2_token"
+	keyNextPage = "next"
 )
 
 var (
@@ -179,42 +179,49 @@ var LoginRequired martini.Handler = func() martini.Handler {
 		token := unmarshallToken(ctx.Session)
 		if token == nil || token.IsExpired() {
 			next := url.QueryEscape(ctx.Req.URL.RequestURI())
-			ctx.Redirect(PathLogin+"?next="+next, codeRedirect)
+			ctx.Redirect(PathLogin + "?next=" + next)
+			return
 		}
 	}
 }()
 
 func login(t *oauth.Transport, ctx *middleware.Context) {
-	next := extractPath(ctx.Req.URL.Query().Get(keyNextPage))
+	next := extractPath(ctx.Query(keyNextPage))
 	if ctx.Session.Get(keyToken) == nil {
 		// User is not logged in.
-		ctx.Redirect(t.Config.AuthCodeURL(next), codeRedirect)
+		ctx.Redirect(t.Config.AuthCodeURL(next))
 		return
 	}
 	// No need to login, redirect to the next page.
-	ctx.Redirect(next, codeRedirect)
+	ctx.Redirect(next)
 }
 
 func logout(t *oauth.Transport, ctx *middleware.Context) {
-	next := extractPath(ctx.Req.URL.Query().Get(keyNextPage))
+	next := extractPath(ctx.Query(keyNextPage))
 	ctx.Session.Delete(keyToken)
-	ctx.Redirect(next, codeRedirect)
+	ctx.Redirect(next)
 }
 
 func handleOAuth2Callback(t *oauth.Transport, ctx *middleware.Context) {
-	next := extractPath(ctx.Req.URL.Query().Get("state"))
-	code := ctx.Req.URL.Query().Get("code")
+	if errMsg := ctx.Query("error_description"); len(errMsg) > 0 {
+		log.Error("oauth2.handleOAuth2Callback: %s", errMsg)
+		return
+	}
+
+	next := extractPath(ctx.Query("state"))
+	code := ctx.Query("code")
 	tk, err := t.Exchange(code)
 	if err != nil {
 		// Pass the error message, or allow dev to provide its own
 		// error handler.
-		ctx.Redirect(PathError, codeRedirect)
+		log.Error("oauth2.handleOAuth2Callback(token.Exchange): %v", err)
+		// ctx.Redirect(PathError)
 		return
 	}
 	// Store the credentials in the session.
 	val, _ := json.Marshal(tk)
 	ctx.Session.Set(keyToken, val)
-	ctx.Redirect(next, codeRedirect)
+	ctx.Redirect(next)
 }
 
 func unmarshallToken(s session.SessionStore) (t *token) {
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index 38522e0c7..9688fd4d9 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -9,6 +9,7 @@ import (
 	"net/url"
 	"strings"
 
+	"github.com/Unknwon/com"
 	"github.com/go-martini/martini"
 
 	"github.com/gogits/gogs/models"
@@ -99,7 +100,7 @@ func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 	issue, err := models.CreateIssue(ctx.User.Id, ctx.Repo.Repository.Id, form.MilestoneId, form.AssigneeId,
 		ctx.Repo.Repository.NumIssues, form.IssueName, form.Labels, form.Content, false)
 	if err != nil {
-		ctx.Handle(200, "issue.CreateIssue", err)
+		ctx.Handle(200, "issue.CreateIssue(CreateIssue)", err)
 		return
 	}
 
@@ -107,14 +108,31 @@ func CreateIssue(ctx *middleware.Context, params martini.Params, form auth.Creat
 	if err = models.NotifyWatchers(&models.Action{ActUserId: ctx.User.Id, ActUserName: ctx.User.Name, ActEmail: ctx.User.Email,
 		OpType: models.OP_CREATE_ISSUE, Content: fmt.Sprintf("%d|%s", issue.Index, issue.Name),
 		RepoId: ctx.Repo.Repository.Id, RepoName: ctx.Repo.Repository.Name, RefName: ""}); err != nil {
-		ctx.Handle(200, "issue.CreateIssue", err)
+		ctx.Handle(200, "issue.CreateIssue(NotifyWatchers)", err)
 		return
 	}
 
-	// Mail watchers.
+	// Mail watchers and mentions.
 	if base.Service.NotifyMail {
-		if err = mailer.SendNotifyMail(ctx.User, ctx.Repo.Owner, ctx.Repo.Repository, issue); err != nil {
-			ctx.Handle(200, "issue.CreateIssue", err)
+		tos, err := mailer.SendIssueNotifyMail(ctx.User, ctx.Repo.Owner, ctx.Repo.Repository, issue)
+		if err != nil {
+			ctx.Handle(200, "issue.CreateIssue(SendIssueNotifyMail)", err)
+			return
+		}
+
+		tos = append(tos, ctx.User.LowerName)
+		ms := base.MentionPattern.FindAllString(issue.Content, -1)
+		newTos := make([]string, 0, len(ms))
+		for _, m := range ms {
+			if com.IsSliceContainsStr(tos, m[1:]) {
+				continue
+			}
+
+			newTos = append(newTos, m[1:])
+		}
+		if err = mailer.SendIssueMentionMail(ctx.User, ctx.Repo.Owner, ctx.Repo.Repository,
+			issue, models.GetUserEmailsByNames(newTos)); err != nil {
+			ctx.Handle(200, "issue.CreateIssue(SendIssueMentionMail)", err)
 			return
 		}
 	}
diff --git a/routers/user/social.go b/routers/user/social.go
index f5577d809..08cfcd83f 100644
--- a/routers/user/social.go
+++ b/routers/user/social.go
@@ -1,20 +1,20 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
+
 package user
 
 import (
 	"encoding/json"
 	"strconv"
 
+	"code.google.com/p/goauth2/oauth"
+
 	"github.com/gogits/gogs/models"
 	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/middleware"
-	//"github.com/gogits/gogs/modules/oauth2"
-
-	"code.google.com/p/goauth2/oauth"
-	"github.com/martini-contrib/oauth2"
+	"github.com/gogits/gogs/modules/oauth2"
 )
 
 type SocialConnector interface {
@@ -80,6 +80,10 @@ func SocialSignIn(ctx *middleware.Context, tokens oauth2.Tokens) {
 			Extra:        tokens.ExtraData(),
 		},
 	}
+	if len(tokens.Access()) == 0 {
+		log.Error("empty access")
+		return
+	}
 	var err error
 	var u *models.User
 	if err = gh.Update(); err != nil {
diff --git a/routers/user/user.go b/routers/user/user.go
index 12f2bd8c5..f6a39b86c 100644
--- a/routers/user/user.go
+++ b/routers/user/user.go
@@ -78,6 +78,11 @@ func SignIn(ctx *middleware.Context, form auth.LogInForm) {
 	ctx.Data["Title"] = "Log In"
 
 	if ctx.Req.Method == "GET" {
+		if base.OauthService != nil {
+			ctx.Data["OauthEnabled"] = true
+			ctx.Data["OauthGitHubEnabled"] = base.OauthService.GitHub.Enabled
+		}
+
 		// Check auto-login.
 		userName := ctx.GetCookie(base.CookieUserName)
 		if len(userName) == 0 {
diff --git a/templates/issue/create.tmpl b/templates/issue/create.tmpl
index 01784cd21..5375040b0 100644
--- a/templates/issue/create.tmpl
+++ b/templates/issue/create.tmpl
@@ -19,7 +19,7 @@
                     </div>
                     <ul class="nav nav-tabs" data-init="tabs">
                         <li class="active issue-write"><a href="#issue-textarea" data-toggle="tab">Write</a></li>
-                        <li class="issue-preview"><a href="#issue-preview" data-toggle="tab" data-ajax="/api/v1/markdown?repo=repo_id&issue=new" data-ajax-name="issue-preview" data-ajax-method="post" data-preview="#issue-preview">Preview</a></li>
+                        <li class="issue-preview"><a href="#issue-preview" data-toggle="tab" data-ajax="/api/v1/markdown?repoLink={{.RepoLink}}" data-ajax-name="issue-preview" data-ajax-method="post" data-preview="#issue-preview">Preview</a></li>
                     </ul>
                     <div class="tab-content">
                         <div class="tab-pane" id="issue-textarea">
diff --git a/templates/user/signin.tmpl b/templates/user/signin.tmpl
index 43f47e412..eb4cb9cce 100644
--- a/templates/user/signin.tmpl
+++ b/templates/user/signin.tmpl
@@ -43,9 +43,12 @@
             </div>
         </div>
 
+        {{if .OauthEnabled}}
         <div class="form-group text-center" id="social-login">
-            <a class="btn btn-danger btn-lg" href="/user/sign_up">Register new account</a>
+            <h4>Log In with Social Accounts</h4>
+            {{if .OauthGitHubEnabled}}<a href="/user/login/github"><i class="fa fa-github-square fa-3x"></i></a>{{end}}
         </div>
+        {{end}}
     </form>
 </div>
 {{template "base/footer" .}}
\ No newline at end of file
diff --git a/web.go b/web.go
index c8fb8dc09..8d53b9e1b 100644
--- a/web.go
+++ b/web.go
@@ -20,16 +20,13 @@ import (
 	"github.com/gogits/gogs/modules/base"
 	"github.com/gogits/gogs/modules/log"
 	"github.com/gogits/gogs/modules/middleware"
-	//"github.com/gogits/gogs/modules/oauth2"
+	"github.com/gogits/gogs/modules/oauth2"
 	"github.com/gogits/gogs/routers"
 	"github.com/gogits/gogs/routers/admin"
 	"github.com/gogits/gogs/routers/api/v1"
 	"github.com/gogits/gogs/routers/dev"
 	"github.com/gogits/gogs/routers/repo"
 	"github.com/gogits/gogs/routers/user"
-
-	"github.com/martini-contrib/oauth2"
-	"github.com/martini-contrib/sessions"
 )
 
 var CmdWeb = cli.Command{
@@ -63,12 +60,17 @@ func runWeb(*cli.Context) {
 	m.Use(middleware.InitContext())
 
 	scope := "https://api.github.com/user"
-	oauth2.PathCallback = "/oauth2callback"
-	m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
+	// m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
+	// m.Use(oauth2.Github(&oauth2.Options{
+	// 	ClientId:     "09383403ff2dc16daaa1",
+	// 	ClientSecret: "5f6e7101d30b77952aab22b75eadae17551ea6b5",
+	// 	RedirectURL:  base.AppUrl + oauth2.PathCallback,
+	// 	Scopes:       []string{scope},
+	// }))
 	m.Use(oauth2.Github(&oauth2.Options{
-		ClientId:     "09383403ff2dc16daaa1",
-		ClientSecret: "5f6e7101d30b77952aab22b75eadae17551ea6b5",
-		RedirectURL:  base.AppUrl + oauth2.PathCallback,
+		ClientId:     "ba323b44192e65c7c320",
+		ClientSecret: "6818ffed53bea5815bf1a6412d1933f25fa10619",
+		RedirectURL:  base.AppUrl + oauth2.PathCallback[1:],
 		Scopes:       []string{scope},
 	}))
 
@@ -92,8 +94,8 @@ func runWeb(*cli.Context) {
 	m.Get("/avatar/:hash", avt.ServeHTTP)
 
 	m.Group("/user", func(r martini.Router) {
-		r.Any("/login/github", reqSignOut, oauth2.LoginRequired, user.SocialSignIn)
 		r.Any("/login", binding.BindIgnErr(auth.LogInForm{}), user.SignIn)
+		r.Any("/login/github", oauth2.LoginRequired, user.SocialSignIn)
 		r.Any("/sign_up", binding.BindIgnErr(auth.RegisterForm{}), user.SignUp)
 		r.Any("/forget_password", user.ForgotPasswd)
 		r.Any("/reset_password", user.ResetPasswd)

From 7776f407b6cf7e4897377b73ef6235ecfd9f2a53 Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Mon, 7 Apr 2014 13:00:59 -0400
Subject: [PATCH 23/24] Fix issue with log in with GitHub but need more error
 handle after

---
 conf/app.ini         |  1 +
 modules/base/conf.go |  2 ++
 web.go               | 24 ++++++++++--------------
 3 files changed, 13 insertions(+), 14 deletions(-)

diff --git a/conf/app.ini b/conf/app.ini
index c90246005..575e18a40 100644
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -79,6 +79,7 @@ ENABLED = false
 ENABLED =
 CLIENT_ID = 
 CLIENT_SECRET = 
+SCOPES = https://api.github.com/user
 
 [cache]
 ; Either "memory", "redis", or "memcache", default is "memory"
diff --git a/modules/base/conf.go b/modules/base/conf.go
index ba9c320d7..69df49dc4 100644
--- a/modules/base/conf.go
+++ b/modules/base/conf.go
@@ -34,6 +34,7 @@ type Oauther struct {
 	GitHub struct {
 		Enabled                bool
 		ClientId, ClientSecret string
+		Scopes                 string
 	}
 }
 
@@ -263,6 +264,7 @@ func newOauthService() {
 		OauthService.GitHub.Enabled = true
 		OauthService.GitHub.ClientId = Cfg.MustValue("oauth.github", "CLIENT_ID")
 		OauthService.GitHub.ClientSecret = Cfg.MustValue("oauth.github", "CLIENT_SECRET")
+		OauthService.GitHub.Scopes = Cfg.MustValue("oauth.github", "SCOPES")
 		oauths = append(oauths, "GitHub")
 	}
 
diff --git a/web.go b/web.go
index 8d53b9e1b..b8fa9eb7a 100644
--- a/web.go
+++ b/web.go
@@ -59,20 +59,16 @@ func runWeb(*cli.Context) {
 	m.Use(middleware.Renderer(middleware.RenderOptions{Funcs: []template.FuncMap{base.TemplateFuncs}}))
 	m.Use(middleware.InitContext())
 
-	scope := "https://api.github.com/user"
-	// m.Use(sessions.Sessions("my_session", sessions.NewCookieStore([]byte("secret123"))))
-	// m.Use(oauth2.Github(&oauth2.Options{
-	// 	ClientId:     "09383403ff2dc16daaa1",
-	// 	ClientSecret: "5f6e7101d30b77952aab22b75eadae17551ea6b5",
-	// 	RedirectURL:  base.AppUrl + oauth2.PathCallback,
-	// 	Scopes:       []string{scope},
-	// }))
-	m.Use(oauth2.Github(&oauth2.Options{
-		ClientId:     "ba323b44192e65c7c320",
-		ClientSecret: "6818ffed53bea5815bf1a6412d1933f25fa10619",
-		RedirectURL:  base.AppUrl + oauth2.PathCallback[1:],
-		Scopes:       []string{scope},
-	}))
+	if base.OauthService != nil {
+		if base.OauthService.GitHub.Enabled {
+			m.Use(oauth2.Github(&oauth2.Options{
+				ClientId:     base.OauthService.GitHub.ClientId,
+				ClientSecret: base.OauthService.GitHub.ClientSecret,
+				RedirectURL:  base.AppUrl + oauth2.PathCallback[1:],
+				Scopes:       []string{base.OauthService.GitHub.Scopes},
+			}))
+		}
+	}
 
 	reqSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: true})
 	ignSignIn := middleware.Toggle(&middleware.ToggleOptions{SignInRequire: base.Service.RequireSignInView})

From 22feddf804c7fbf3418cbbc8e7302da271da4e5a Mon Sep 17 00:00:00 2001
From: Unknown <joe2010xtmf@163.com>
Date: Mon, 7 Apr 2014 14:24:58 -0400
Subject: [PATCH 24/24] Fix #66

---
 models/repo.go           | 14 ++++++++++----
 modules/base/markdown.go | 14 +++++++-------
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/models/repo.go b/models/repo.go
index acee6f6af..bb5c36372 100644
--- a/models/repo.go
+++ b/models/repo.go
@@ -138,11 +138,8 @@ func CreateRepository(user *User, repoName, desc, repoLang, license string, priv
 		IsPrivate:   private,
 		IsBare:      repoLang == "" && license == "" && !initReadme,
 	}
-
 	repoPath := RepoPath(user.Name, repoName)
-	if err = initRepository(repoPath, user, repo, initReadme, repoLang, license); err != nil {
-		return nil, err
-	}
+
 	sess := orm.NewSession()
 	defer sess.Close()
 	sess.Begin()
@@ -207,6 +204,10 @@ func CreateRepository(user *User, repoName, desc, repoLang, license string, priv
 		log.Error("repo.CreateRepository(WatchRepo): %v", err)
 	}
 
+	if err = initRepository(repoPath, user, repo, initReadme, repoLang, license); err != nil {
+		return nil, err
+	}
+
 	return repo, nil
 }
 
@@ -332,6 +333,11 @@ func initRepository(f string, user *User, repo *Repository, initReadme bool, rep
 		return nil
 	}
 
+	// for update use
+	os.Setenv("userName", user.Name)
+	os.Setenv("userId", base.ToStr(user.Id))
+	os.Setenv("repoName", repo.Name)
+
 	// Apply changes and commit.
 	return initRepoCommit(tmpDir, user.NewGitSig())
 }
diff --git a/modules/base/markdown.go b/modules/base/markdown.go
index ce1e2f5be..1893ccee6 100644
--- a/modules/base/markdown.go
+++ b/modules/base/markdown.go
@@ -133,8 +133,8 @@ func RenderSpecialLink(rawBytes []byte, urlPrefix string) []byte {
 }
 
 func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
-	body := RenderSpecialLink(rawBytes, urlPrefix)
-	fmt.Println(string(body))
+	// body := RenderSpecialLink(rawBytes, urlPrefix)
+	// fmt.Println(string(body))
 	htmlFlags := 0
 	// htmlFlags |= gfm.HTML_USE_XHTML
 	// htmlFlags |= gfm.HTML_USE_SMARTYPANTS
@@ -146,10 +146,10 @@ func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
 	htmlFlags |= gfm.HTML_GITHUB_BLOCKCODE
 	htmlFlags |= gfm.HTML_OMIT_CONTENTS
 	// htmlFlags |= gfm.HTML_COMPLETE_PAGE
-	// renderer := &CustomRender{
-	// 	Renderer:  gfm.HtmlRenderer(htmlFlags, "", ""),
-	// 	urlPrefix: urlPrefix,
-	// }
+	renderer := &CustomRender{
+		Renderer:  gfm.HtmlRenderer(htmlFlags, "", ""),
+		urlPrefix: urlPrefix,
+	}
 
 	// set up the parser
 	extensions := 0
@@ -162,7 +162,7 @@ func RenderMarkdown(rawBytes []byte, urlPrefix string) []byte {
 	extensions |= gfm.EXTENSION_SPACE_HEADERS
 	extensions |= gfm.EXTENSION_NO_EMPTY_LINE_BEFORE_BLOCK
 
-	// body = gfm.Markdown(body, renderer, extensions)
+	body := gfm.Markdown(rawBytes, renderer, extensions)
 	// fmt.Println(string(body))
 	return body
 }