Update README.md for 3.1.1 release

Feature/improve file list performance

.travis.yml

@@ -1,3 +1,3 @@
 language: scala
 scala:
-  - 2.11.2
+  - 2.11.6

README.md

@@ -1,7 +1,7 @@
 GitBucket [![Gitter chat](https://badges.gitter.im/takezoe/gitbucket.png)](https://gitter.im/takezoe/gitbucket) [![Build Status](https://travis-ci.org/takezoe/gitbucket.svg?branch=master)](https://travis-ci.org/takezoe/gitbucket)
 =========
 
-GitBucket is the easily installable Github clone written with Scala.
+GitBucket is the easily installable GitHub clone powered by Scala.
 
 
 Features
@@ -23,7 +23,6 @@ The current version of GitBucket provides a basic features below:
 
 Following features are not implemented, but we will make them in the future release!
 
-- Comment for the changeset
 - Network graph
 - Statistics
 - Watch / Star
@@ -80,6 +79,33 @@ Run the following commands in `Terminal` to
 
 Release Notes
 --------
+### 3.1.1 - 4 Apr 2015
+- Rolled back H2 version to avoid version compatibility issue
+- Plug-ins can access ServletContext
+
+### 3.1 - 28 Mar 2015
+- Web APIs for Jenkins github pull-request builder
+- Improved diff view
+- Bump Scalatra to 2.3.1, sbt to 0.13.8
+
+### 3.0 - 3 Mar 2015
+- New plug-in system is available
+- Connection pooling by c3p0
+- New branch UI
+- Compare between specified commit ids
+
+### 2.8 - 1 Feb 2015
+- New logo and icons
+- New system setting options to control visibility
+- Comment on side-by-side diff
+- Information message on sign-in page
+- Fork repository by group account
+
+### 2.7 - 29 Dec 2014
+- Comment for commit and diff
+- Fix security issue in markdown rendering
+- Some bug fix and improvements
+
 ### 2.6 - 24 Nov 2014
 - Search box at issues and pull requests
 - Information from administrator

build.xml

@@ -5,8 +5,8 @@
   <property name="embed.classes.dir" value="${target.dir}/embed-classes"/>
   <property name="jetty.dir" value="embed-jetty"/>
   <property name="scala.version" value="2.11"/>
-  <property name="gitbucket.version" value="0.0.1"/>
-  <property name="jetty.version" value="8.1.8.v20121106"/>
+  <property name="gitbucket.version" value="3.1.1"/>
+  <property name="jetty.version" value="8.1.16.v20140903"/>
   <property name="servlet.version" value="3.0.0.v201112011016"/>
 
   <condition property="sbt.exec" value="sbt.bat" else="sbt.sh">

contrib/README.md

@@ -8,6 +8,6 @@ Common scripts are in this directory.
 This version of scripts has so far only been tested on Ubuntu and Mac. Someone else will have to test on RedHat.
 
 To run:
-1. Edit `gitbucket.conf` to suit.
-2. Type: `install`
 
+  1. Edit `gitbucket.conf` to suit.
+  2. Type: `install`

contrib/linux/redhat/README.md

@@ -0,0 +1,15 @@
+# Contrib Notes #
+
+RPM spec file and init script for Red Hat Enterprise Linux 6.x. 
+
+To create RPM:
+1. Edit `../../gitbucket.conf` to suit.
+2. Edit `gitbucket.init` to suit.
+3. Edit `gitbucket.spec` to suit.
+4. Place `gitbucket.spec` to rpm/SPECS/.
+5. Place `gitbucket.init` and `gitbucket.war` to rpm/SOURCES/.
+6. Execute `rpmbuild -ba rpm/SPECS/gitbucket.spec`
+
+This rpm runs gitbucket not as root user but as gitbucket user.
+This rpm creates user and group named `gitbucket` at installation.
+This rpm make chkconfig of gitbucket to be on.

contrib/linux/redhat/gitbucket.init

@@ -0,0 +1,108 @@
+#!/bin/bash
+#
+# RedHat: /etc/rc.d/init.d/gitbucket
+#
+# Starts the GitBucket server
+#
+# chkconfig: 345 60 40
+# description: Run GitBucket server
+# processname: java
+
+[ -f /etc/rc.d/init.d/functions ] && source /etc/rc.d/init.d/functions  # RedHat
+
+# Default values
+GITBUCKET_HOME=/var/lib/gitbucket
+GITBUCKET_WAR_FILE=/usr/share/gitbucket/lib/gitbucket.war
+
+# Pull in cq settings
+[ -f /etc/sysconfig/gitbucket ] && source /etc/sysconfig/gitbucket # RedHat
+[ -f gitbucket.conf ] && source gitbucket.conf  # For all systems
+
+# Location of the log and PID file
+LOG_FILE=$GITBUCKET_LOG_DIR/run.log
+
+RED='\033[1m\E[37;41m'
+GREEN='\033[1m\E[37;42m'
+OFF='\E[0m'
+
+RETVAL=0
+
+start() {
+	echo -n $"Starting GitBucket server: "
+
+  START_OPTS=
+	if [ $GITBUCKET_PORT ]; then
+		START_OPTS="${START_OPTS} --port=${GITBUCKET_PORT}"
+	fi
+	if [ $GITBUCKET_PREFIX ]; then
+		START_OPTS="${START_OPTS} --prefix=${GITBUCKET_PREFIX}"
+	fi
+	if [ $GITBUCKET_HOST ]; then
+		START_OPTS="${START_OPTS} --host=${GITBUCKET_HOST}"
+	fi
+
+	GITBUCKET_HOME="${GITBUCKET_HOME}" daemon --user=gitbucket java $GITBUCKET_JVM_OPTS -jar $GITBUCKET_WAR_FILE $START_OPTS >>$LOG_FILE 2>&1 &
+  sleep 3
+  pgrep -f $GITBUCKET_WAR_FILE >> $LOG_FILE 2>&1
+  RETVAL=$?
+
+	if [ $RETVAL -eq 0 ] ; then
+		success "Success"
+	else
+		failure "Exit code $RETVAL"
+	fi
+
+	echo
+	return $RETVAL
+}
+
+
+stop() {
+	echo -n $"Stopping GitBucket server: "
+
+	# Run the Java process
+	pkill -f $GITBUCKET_WAR_FILE >>$LOG_FILE 2>&1
+	RETVAL=$?
+
+	if [ $RETVAL -eq 0 ] ; then
+		success "GitBucket stopping"
+	else
+		failure "GitBucket stopping"
+	fi
+
+	echo
+	return $RETVAL
+}
+
+
+restart() {
+	stop
+	start
+}
+
+case "$1" in
+	start)
+		start
+		;;
+	stop)
+		stop
+		;;
+	restart)
+		restart
+		;;
+	status)
+    pgrep -f $GITBUCKET_WAR_FILE >> $LOG_FILE 2>&1
+		RETVAL=$?
+    if [ $RETVAL -eq 0 ]; then
+      echo $"GitBucket is running...."
+    else
+      echo $"GitBucket is stopped"
+    fi
+		;;
+	*)
+		echo $"Usage: $0 [start|stop|restart|status]"
+		RETVAL=2
+esac
+
+exit $RETVAL
+

contrib/linux/redhat/gitbucket.spec

@@ -1,6 +1,6 @@
 Name:		gitbucket
 Summary:	GitHub clone written with Scala.
-Version:	1.7
+Version:	2.6
 Release:	1%{?dist}
 License:	Apache
 URL:		https://github.com/takezoe/gitbucket
@@ -26,6 +26,25 @@ GitBucket is the easily installable GitHub clone written with Scala.
 %{__install} -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name}
 touch %{buildroot}%{_localstatedir}/log/%{name}/run.log
 
+%pre
+/usr/sbin/groupadd -r gitbucket &> /dev/null || :
+/usr/sbin/useradd -g gitbucket -s /bin/false -r -c "GitBucket GitHub clone" -d %{_sharedstatedir}/%{name} gitbucket &> /dev/null || :
+
+%post
+/sbin/chkconfig --add gitbucket
+
+%preun
+if [ "$1" = 0 ]; then
+  /sbin/service gitbucket stop > /dev/null 2>&1
+  /sbin/chkconfig --del gitbucket
+fi
+exit 0
+
+%postun
+if [ "$1" -ge 1 ]; then
+  /sbin/service gitbucket restart > /dev/null 2>&1
+fi
+exit 0
 
 %clean
 [ "%{buildroot}" != / ] && %{__rm} -rf "%{buildroot}"
@@ -34,12 +53,28 @@ touch %{buildroot}%{_localstatedir}/log/%{name}/run.log
 %files
 %defattr(-,root,root,-)
 %{_datarootdir}/%{name}/lib/%{name}.war
-%{_sysconfdir}/init.d/%{name}
-%config %{_sysconfdir}/sysconfig/%{name}
-%{_localstatedir}/log/%{name}/run.log
+%config %{_sysconfdir}/init.d/%{name}
+%config(noreplace) %{_sysconfdir}/sysconfig/%{name}
+%attr(0755,gitbucket,gitbucket) %{_sharedstatedir}/%{name}
+%attr(0750,gitbucket,gitbucket) %{_localstatedir}/log/%{name}
 
 
 %changelog
+* Mon Nov 24 2014 Toru Takahashi <torutk at gmail.com>
+- Version bump to v2.6
+
+* Sun Nov 09 2014 Toru Takahashi <torutk at gmail.com>
+- Version bump to v2.5
+
+* Sun Oct 26 2014 Toru Takahashi <torutk at gmail.com>
+- Version bump to v2.4.1
+
+* Mon Jul 21 2014 Toru Takahashi <torutk at gmail.com>
+- execute as gitbucket user
+
+* Sun Jul 20 2014 Toru Takahashi <torutk at gmail.com>
+- Version bump to v2.1.
+
 * Mon Oct 28 2013 Jiri Tyr <jiri_DOT_tyr at gmail.com>
 - Version bump to v1.7.
 

doc/activity.md

@@ -0,0 +1,22 @@
+Activity Timeline
+========
+GitBucket records several types of user activity to ```ACTIVITY``` table. Activity types are shown below:
+
+type              | message                                              | additional information
+------------------|------------------------------------------------------|------------------------
+create_repository |$user created $owner/$repo                            |-
+open_issue        |$user opened issue $owner/$repo#$issueId              |-
+close_issue       |$user closed issue $owner/$repo#$issueId              |-
+close_issue       |$user closed pull request $owner/$repo#$issueId       |-
+reopen_issue      |$user reopened issue $owner/$repo#$issueId            |-
+comment_issue     |$user commented on issue $owner/$repo#$issueId        |-
+comment_issue     |$user commented on pull request $owner/$repo#$issueId |-
+create_wiki       |$user created the $owner/$repo wiki                   |$page
+edit_wiki         |$user edited the $owner/$repo wiki                    |$page<br>$page:$commitId(since 1.5)
+push              |$user pushed to $owner/$repo#$branch to $owner/$repo  |$commitId:$shortMessage\n*
+create_tag        |$user created tag $tag at $owner/$repo                |-
+create_branch     |$user created branch $branch at $owner/$repo          |-
+delete_branch     |$user deleted branch $branch at $owner/$repo          |-
+fork              |$user forked $owner/$repo to $owner/$repo             |-
+open_pullreq      |$user opened pull request $owner/$repo#issueId        |-
+merge_pullreq     |$user merge pull request $owner/$repo#issueId         |-

doc/auto_update.md

@@ -0,0 +1,37 @@
+Automatic Schema Updating
+========
+GitBucket uses H2 database to manage project and account data. GitBucket updates database schema automatically in the first run after the upgrading.
+
+To release a new version of GitBucket, add the version definition to the [servlet.AutoUpdate](https://github.com/takezoe/gitbucket/blob/master/src/main/scala/servlet/AutoUpdateListener.scala) at first.
+
+```scala
+object AutoUpdate {
+  ...
+  /**
+   * The history of versions. A head of this sequence is the current BitBucket version.
+   */
+  val versions = Seq(
+      Version(1, 0)
+  )
+  ...
+```
+
+Next, add a SQL file which updates database schema into [/src/main/resources/update/](https://github.com/takezoe/gitbucket/tree/master/src/main/resources/update) as ```MAJOR_MINOR.sql```.
+
+GitBucket stores the current version to ```GITBUCKET_HOME/version``` and checks it at start-up. If the stored version differs from the actual version, it executes differences of SQL files between the stored version and the actual version. And ```GITBUCKET_HOME/version``` is updated by the actual version.
+
+We can also add any Scala code for upgrade GitBucket which modifies ｒesources other than database. Override ```Version.update``` like below:
+
+```scala
+val versions = Seq(
+  new Version(1, 3){
+    override def update(conn: Connection): Unit = {
+      super.update(conn)
+      // Add any code here!
+    }
+  },
+  Version(1, 2),
+  Version(1, 1),
+  Version(1, 0)
+)
+```

doc/comment_action.md

@@ -0,0 +1,48 @@
+About Action in Issue Comment
+========
+After the issue creation at GitBucket, users can add comments or close it.
+The details are saved at ```ISSUE_COMMENT``` table.
+
+To determine if it was any operation, you see the ```ACTION``` column.
+
+|ACTION|
+|--------|
+|comment|
+|close_comment|
+|reopen_comment|
+|close|
+|reopen|
+|commit|
+|merge|
+|delete_branch|
+|refer|
+
+#####comment
+This value is saved when users have made a normal comment.
+
+#####close_comment, reopen_comment
+These values are saved when users have reopened or closed the issue with comments.
+
+#####close, reopen
+These values are saved when users have reopened or closed the issue.
+At the same time, store the fixed value(i.e. "Close" or "Reopen") to the ```CONTENT``` column.
+Therefore, this comment is not displayed, and not counted as a comment.
+
+#####commit
+This value is saved when users have pushed including the ```#issueId``` to the commit message.
+At the same time, store it to the ```CONTENT``` column with its commit id.
+This comment is displayed. But it can not be edited by all users, and also not counted as a comment.
+
+#####merge
+This value is saved when users have merged the pull request.
+At the same time, store the message to the ```CONTENT``` column.
+This comment is displayed. But it can not be edited by all users, and also not counted as a comment.
+
+#####delete_branch
+This value is saved when users have deleted the branch. Users can delete branch after merging pull request which is requested from the same repository.
+At the same time, store it to the ```CONTENT``` column with the deleted branch name.
+Therefore, this comment is not displayed, and not counted as a comment.
+
+#####refer
+This value is saved when other issue or issue comment contains reference to the issue like ```#issueId```.
+At the same time, store id and title of the referrer issue as ```id:title```.

doc/directory.md

@@ -0,0 +1,44 @@
+Directory Structure
+========
+GitBucket persists all data into __HOME/.gitbucket__ in default (In 1.9 or before, HOME/gitbucket is default).
+
+This directory has following structure:
+
+```
+* /HOME/gitbucket
+  * /repositoties
+    * /USER_NAME
+      * / REPO_NAME.git (substance of repository. GitServlet sees this directory)
+      * / REPO_NAME
+        * /issues (files which are attached to issue)
+      * / REPO_NAME.wiki.git (wiki repository)
+  * /data
+    * /USER_NAME
+      * /files
+        * avatar.xxx (image file of user avatar)
+  * /plugins
+    * /PLUGIN_NAME
+      * plugin.js
+  * /tmp
+    * /_upload
+      * /SESSION_ID (removed at session timeout)
+        * current time millis + random 10 alphanumeric chars (temporary file for file uploading)
+    * /USER_NAME
+      * /init-REPO_NAME (used in repository creation and removed after it) ... unused since 1.8
+      * /REPO_NAME.wiki (working directory for wiki repository) ... unused since 1.8
+      * /REPO_NAME
+         * /download (temporary directories are created under this directory)
+```
+
+There are some ways to specify the data directory instead of the default location.
+
+1. Environment variable __GITBUCKET_HOME__
+2. System property __gitbucket.home__ (e.g. ```-Dgitbucket.home=PATH_TO_DATADIR```)
+3. Command line option for embedded Jetty (e.g. ```java -jar gitbucket.war --data=PATH_TO_DATADIR```)
+4. Context parameter __gitbucket.home__ in web.xml like below:
+```xml
+<context-param>
+  <param-name>gitbucket.home</param-name>
+  <param-value>PATH_TO_DATADIR</param-value>
+</context-param>
+```

doc/how_to_run.md

@@ -0,0 +1,38 @@
+How to run from the source tree
+========
+
+for Testers
+--------
+
+If you want to test GitBucket, input following command at the root directory of the source tree.
+
+```
+C:\gitbucket> sbt ~container:start
+```
+
+Then access to `http://localhost:8080/` by your browser. The default administrator account is `root` and password is `root`.
+
+for Developers
+--------
+If you want to modify source code and confirm it, you can run GitBucket in auto reloading mode as following:
+
+```
+C:\gitbucket> sbt
+...
+> container:start
+...
+> ~ ;copy-resources;aux-compile
+```
+
+Build war file
+--------
+
+To build war file, run the following command:
+
+```
+C:\gitbucket> sbt package
+```
+
+`gitbucket_2.11-x.x.x.war` is generated into `target/scala-2.11`.
+
+To build executable war file, run Ant at the top of the source tree. It generates executable `gitbucket.war` into `target/scala-2.11`. We release this war file as release artifact. Please note the current build.xml works on Windows only. Replace `sbt.bat` with `sbt.sh` in build.xml if you want to run it on Linux.

doc/notification.md

@@ -0,0 +1,23 @@
+Notification Email
+========
+
+GitBucket sends email to target users by enabling the notification email by an administrator.
+
+The timing of the notification are as follows:
+
+##### at the issue registration (new issue, new pull request)
+When a record is saved into the ```ISSUE``` table, GitBucket does the notification.
+
+##### at the comment registration
+Among the records in the ```ISSUE_COMMENT``` table, them to be counted as a comment (i.e. the record ```ACTION``` column value is "comment" or "close_comment" or "reopen_comment") are saved, GitBucket does the notification.
+
+##### at the status update (close, reopen, merge)
+When the ```CLOSED``` column value is updated, GitBucket does the notification.
+
+Notified users are as follows:
+
+* individual repository's owner
+* collaborators
+* participants
+
+However, the operation in person is excluded from the target.

doc/readme.md

@@ -0,0 +1,10 @@
+Developer's Guide
+========
+ * [How to run from source tree](how_to_run.md)
+ * [Directory Structure](directory.md)
+ * [Mapping and Validation](validation.md)
+ * Authentication in Controller (not yet)
+ * [About Action in Issue Comment](comment_action.md)
+ * [Activity Types](activity.md)
+ * [Notification Email](notification.md)
+ * [Automatic Schema Updating](auto_update.md)

doc/validation.md

@@ -0,0 +1,71 @@
+Mapping and Validation
+========
+GitBucket uses [scalatra-forms](https://github.com/takezoe/scalatra-forms) to validate request parameters and map them to the scala object. This is inspired by Play2 form mapping / validation.
+
+At first, define the mapping as following:
+
+```scala
+import jp.sf.amateras.scalatra.forms._
+
+case class RegisterForm(name: String, description: String)
+
+val form = mapping(
+  "name"        -> text(required, maxlength(40)),
+  "description" -> text()
+)(RegisterForm.apply)
+```
+
+The servlet have to mixed in ```jp.sf.amateras.scalatra.forms.ClientSideValidationFormSupport``` to validate request parameters and take mapped object. It validates request parameters before action. If any errors are detected, it throws an exception.
+
+```scala
+class RegisterServlet extends ScalatraServlet with ClientSideValidationFormSupport {
+  post("/register", form) { form: RegisterForm =>
+    ...
+  }
+}
+```
+
+In the view template, you can add client-side validation by adding ```validate="true"``` to your form. Error messages are set to ```span#error-<fieldname>```.
+
+```html
+<form method="POST" action="/register" validate="true">
+  Name: <input type="name" type="text">
+  <span class="error" id="error-name"></span>
+  <br/>
+  Description: <input type="description" type="text">
+  <span class="error" id="error-description"></span>
+  <br/>
+  <input type="submit" value="Register"/>
+</form>
+```
+
+Client-side validation calls ```<form-action>/validate``` to validate form contents. It returns a validation result as JSON. In this case, form action is ```/register```, so ```/register/validate``` is called before submitting a form. ```ClientSideValidationFormSupport``` adds this JSON API automatically.
+
+For Ajax request, you have to use '''ajaxGet''' or '''ajaxPost''' to define action. It almost same as '''get''' or '''post'''. You can implement actions which handle Ajax request as same as normal actions.
+Small difference is they return validation errors as JSON.
+
+```scala
+ajaxPost("/register", form){ form =>
+  ...
+}
+```
+
+You can call these actions using jQuery as below:
+
+```javascript
+$('#register').click(function(e){
+  $.ajax($(this).attr('action'), {
+    type: 'POST',
+    data: {
+      name: $('#name').val(),
+      mail: $('#mail').val()
+    }
+  })
+  .done(function(data){
+    $('#result').text('Registered!');
+  })
+  .fail(function(data, status){
+    displayErrors($.parseJSON(data.responseText));
+  });
+});
+```

embed-jetty/update.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+version=$1
+output_dir=`dirname $0`
+git rm -f ${output_dir}/jetty-*.jar
+for name in 'io' 'servlet' 'xml' 'continuation' 'security' 'util' 'http' 'server' 'webapp'
+do
+  jar_filename="jetty-${name}-${version}.jar"
+  wget "http://repo1.maven.org/maven2/org/eclipse/jetty/jetty-${name}/${version}/${jar_filename}" -O ${output_dir}/${jar_filename}
+done
+git add ${output_dir}/*.jar
+git commit

etc/deploy-assemby-jar.sh

@@ -0,0 +1,9 @@
+#!/bin/sh
+mvn deploy:deploy-file \
+  -DgroupId=gitbucket\
+  -DartifactId=gitbucket-assembly\
+  -Dversion=3.1.1\
+  -Dpackaging=jar\
+  -Dfile=../target/scala-2.11/gitbucket-assembly-3.1.1.jar\
+  -DrepositoryId=sourceforge.jp\
+  -Durl=scp://shell.sourceforge.jp/home/groups/a/am/amateras/htdocs/mvn/

etc/pom.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>jp.sf.amateras</groupId>
+    <artifactId>gitbucket-assembly</artifactId>
+    <version>0.0.1</version>
+    <build>
+        <extensions>
+            <extension>
+                <groupId>org.apache.maven.wagon</groupId>
+                <artifactId>wagon-ssh</artifactId>
+                <version>1.0-beta-6</version>
+            </extension>
+        </extensions>
+    </build>
+</project>

project/build.properties

@@ -1 +1 @@
-sbt.version=0.13.5
+sbt.version=0.13.8

project/build.scala

@@ -4,19 +4,32 @@ import org.scalatra.sbt._
 import com.typesafe.sbteclipse.plugin.EclipsePlugin.EclipseKeys
 import play.twirl.sbt.SbtTwirl
 import play.twirl.sbt.Import.TwirlKeys._
+import sbtassembly._
+import sbtassembly.AssemblyKeys._
 
 object MyBuild extends Build {
-  val Organization = "jp.sf.amateras"
+  val Organization = "gitbucket"
   val Name = "gitbucket"
-  val Version = "0.0.1"
-  val ScalaVersion = "2.11.2"
-  val ScalatraVersion = "2.3.0"
+  val Version = "3.1.1"
+  val ScalaVersion = "2.11.6"
+  val ScalatraVersion = "2.3.1"
 
   lazy val project = Project (
     "gitbucket",
     file(".")
   )
   .settings(ScalatraPlugin.scalatraWithJRebel: _*)
+  .settings(
+    test in assembly := {},
+    assemblyMergeStrategy in assembly := {
+      case PathList("META-INF", xs @ _*) =>
+        (xs map {_.toLowerCase}) match {
+          case ("manifest.mf" :: Nil) => MergeStrategy.discard
+          case _ => MergeStrategy.discard
+      }
+      case x => MergeStrategy.first
+    }
+  )
   .settings(
     sourcesInBase := false,
     organization := Organization,
@@ -29,32 +42,37 @@ object MyBuild extends Build {
     ),
     scalacOptions := Seq("-deprecation", "-language:postfixOps"),
     libraryDependencies ++= Seq(
-      "org.eclipse.jgit" % "org.eclipse.jgit.http.server" % "3.4.1.201406201815-r",
-      "org.eclipse.jgit" % "org.eclipse.jgit.archive" % "3.4.1.201406201815-r",
+      "org.eclipse.jgit" % "org.eclipse.jgit.http.server" % "3.4.2.201412180340-r",
+      "org.eclipse.jgit" % "org.eclipse.jgit.archive" % "3.4.2.201412180340-r",
       "org.scalatra" %% "scalatra" % ScalatraVersion,
       "org.scalatra" %% "scalatra-specs2" % ScalatraVersion % "test",
       "org.scalatra" %% "scalatra-json" % ScalatraVersion,
-      "org.json4s" %% "json4s-jackson" % "3.2.10",
+      "org.json4s" %% "json4s-jackson" % "3.2.11",
       "jp.sf.amateras" %% "scalatra-forms" % "0.1.0",
       "commons-io" % "commons-io" % "2.4",
-      "org.pegdown" % "pegdown" % "1.4.1",
-      "org.apache.commons" % "commons-compress" % "1.5",
-      "org.apache.commons" % "commons-email" % "1.3.1",
-      "org.apache.httpcomponents" % "httpclient" % "4.3",
+      "org.pegdown" % "pegdown" % "1.4.1", // 1.4.2 has incompatible APi changes
+      "org.apache.commons" % "commons-compress" % "1.9",
+      "org.apache.commons" % "commons-email" % "1.3.3",
+      "org.apache.httpcomponents" % "httpclient" % "4.3.6",
       "org.apache.sshd" % "apache-sshd" % "0.11.0",
       "com.typesafe.slick" %% "slick" % "2.1.0",
       "com.novell.ldap" % "jldap" % "2009-10-07",
-      "org.quartz-scheduler" % "quartz" % "2.2.1",
       "com.h2database" % "h2" % "1.4.180",
-      "ch.qos.logback" % "logback-classic" % "1.0.13" % "runtime",
-      "org.eclipse.jetty" % "jetty-webapp" % "8.1.8.v20121106" % "container;provided",
+//      "ch.qos.logback" % "logback-classic" % "1.0.13" % "runtime",
+      "org.eclipse.jetty" % "jetty-webapp" % "8.1.16.v20140903" % "container;provided",
       "org.eclipse.jetty.orbit" % "javax.servlet" % "3.0.0.v201112011016" % "container;provided;test" artifacts Artifact("javax.servlet", "jar", "jar"),
-      "junit" % "junit" % "4.11" % "test",
-      "com.typesafe.play" %% "twirl-compiler" % "1.0.2"
+      "junit" % "junit" % "4.12" % "test",
+      "com.mchange" % "c3p0" % "0.9.5",
+      "com.typesafe" % "config" % "1.2.1",
+      "com.typesafe.play" %% "twirl-compiler" % "1.0.4"
     ),
+    play.twirl.sbt.Import.TwirlKeys.templateImports += "gitbucket.core._",
     EclipseKeys.withSource := true,
     javacOptions in compile ++= Seq("-target", "7", "-source", "7"),
     testOptions in Test += Tests.Argument(TestFrameworks.Specs2, "junitxml", "console"),
+    javaOptions in Test += "-Dgitbucket.home=target/gitbucket_home_for_test",
+    testOptions in Test += Tests.Setup( () => new java.io.File("target/gitbucket_home_for_test").mkdir() ),
+    fork in Test := true,
     packageOptions += Package.MainClass("JettyLauncher")
   ).enablePlugins(SbtTwirl)
 }

project/plugins.sbt

@@ -1,9 +1,8 @@
+scalacOptions ++= Seq("-unchecked", "-deprecation", "-feature")
+
 addSbtPlugin("com.typesafe.sbteclipse" % "sbteclipse-plugin" % "2.4.0")
-
-addSbtPlugin("com.github.mpeltonen" % "sbt-idea" % "1.6.0")
-
-addSbtPlugin("org.scalatra.sbt" % "scalatra-sbt" % "0.3.5")
-
-addSbtPlugin("com.typesafe.sbt" % "sbt-twirl" % "1.0.2")
-
-addSbtPlugin("com.timushev.sbt" % "sbt-updates" % "0.1.4")
+addSbtPlugin("com.github.mpeltonen"    % "sbt-idea"          % "1.6.0")
+addSbtPlugin("org.scalatra.sbt"        % "scalatra-sbt"      % "0.3.5")
+addSbtPlugin("com.typesafe.sbt"        % "sbt-twirl"         % "1.0.4")
+addSbtPlugin("com.timushev.sbt"        % "sbt-updates"       % "0.1.8")
+addSbtPlugin("com.eed3si9n"            % "sbt-assembly"      % "0.12.0")

sbt.bat

@@ -1,2 +1,2 @@
 set SCRIPT_DIR=%~dp0
-java -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=256m -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.5.jar" %*
+java -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=256m -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar "%SCRIPT_DIR%\sbt-launch-0.13.8.jar" %*

sbt.sh

@@ -1,2 +1,2 @@
 #!/bin/sh
-java -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=256m -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.5.jar "$@"
+java -Dsbt.log.noformat=true -XX:+CMSClassUnloadingEnabled -XX:MaxPermSize=256m -Xmx512M -Xss2M -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -jar `dirname $0`/sbt-launch-0.13.8.jar "$@"

src/main/java/gitbucket/core/util/PatchUtil.java

@@ -1,4 +1,4 @@
-package util;
+package gitbucket.core.util;
 
 import org.eclipse.jgit.api.errors.PatchApplyException;
 import org.eclipse.jgit.diff.RawText;

src/main/resources/database.conf

@@ -0,0 +1,6 @@
+db {
+  driver = "org.h2.Driver"
+  url = "jdbc:h2:${DatabaseHome};MVCC=true"
+  user = "sa"
+  password = "sa"
+}

src/main/resources/update/2_7.sql

@@ -0,0 +1,18 @@
+CREATE TABLE COMMIT_COMMENT (
+    USER_NAME VARCHAR(100) NOT NULL,
+    REPOSITORY_NAME VARCHAR(100) NOT NULL,
+    COMMIT_ID VARCHAR(100) NOT NULL,
+    COMMENT_ID INT AUTO_INCREMENT,
+    COMMENTED_USER_NAME VARCHAR(100) NOT NULL,
+    CONTENT TEXT NOT NULL,
+    FILE_NAME NVARCHAR(100),
+    OLD_LINE_NUMBER INT,
+    NEW_LINE_NUMBER INT,
+    REGISTERED_DATE TIMESTAMP NOT NULL,
+    UPDATED_DATE TIMESTAMP NOT NULL,
+    PULL_REQUEST BOOLEAN NOT NULL
+);
+
+ALTER TABLE COMMIT_COMMENT ADD CONSTRAINT IDX_COMMIT_COMMENT_PK PRIMARY KEY (COMMENT_ID);
+ALTER TABLE COMMIT_COMMENT ADD CONSTRAINT IDX_COMMIT_COMMENT_FK0 FOREIGN KEY (USER_NAME, REPOSITORY_NAME) REFERENCES REPOSITORY (USER_NAME, REPOSITORY_NAME);
+ALTER TABLE COMMIT_COMMENT ADD CONSTRAINT IDX_COMMIT_COMMENT_1 UNIQUE (USER_NAME, REPOSITORY_NAME, COMMIT_ID, COMMENT_ID);

src/main/resources/update/2_8.sql

@@ -0,0 +1 @@
+ALTER TABLE COMMIT_COMMENT ALTER COLUMN FILE_NAME NVARCHAR(260);

src/main/resources/update/3_1.sql

@@ -0,0 +1,42 @@
+DROP TABLE IF EXISTS ACCESS_TOKEN;
+
+CREATE TABLE ACCESS_TOKEN (
+   ACCESS_TOKEN_ID INT NOT NULL AUTO_INCREMENT,
+   TOKEN_HASH VARCHAR(40) NOT NULL,
+   USER_NAME VARCHAR(100) NOT NULL,
+   NOTE TEXT NOT NULL
+);
+
+ALTER TABLE ACCESS_TOKEN ADD CONSTRAINT IDX_ACCESS_TOKEN_PK PRIMARY KEY (ACCESS_TOKEN_ID);
+ALTER TABLE ACCESS_TOKEN ADD CONSTRAINT IDX_ACCESS_TOKEN_FK0 FOREIGN KEY (USER_NAME) REFERENCES ACCOUNT (USER_NAME)
+  ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE ACCESS_TOKEN ADD CONSTRAINT IDX_ACCESS_TOKEN_TOKEN_HASH UNIQUE(TOKEN_HASH);
+
+
+DROP TABLE IF EXISTS COMMIT_STATUS;
+CREATE TABLE COMMIT_STATUS(
+  COMMIT_STATUS_ID INT AUTO_INCREMENT,
+  USER_NAME VARCHAR(100) NOT NULL,
+  REPOSITORY_NAME VARCHAR(100) NOT NULL,
+  COMMIT_ID VARCHAR(40) NOT NULL,
+  CONTEXT VARCHAR(255) NOT NULL, -- context is too long (maximum is 255 characters)
+  STATE VARCHAR(10) NOT NULL, -- pending, success, error, or failure
+  TARGET_URL VARCHAR(200),
+  DESCRIPTION TEXT,
+  CREATOR VARCHAR(100) NOT NULL,
+  REGISTERED_DATE TIMESTAMP NOT NULL, -- CREATED_AT
+  UPDATED_DATE TIMESTAMP NOT NULL -- UPDATED_AT
+);
+ALTER TABLE COMMIT_STATUS ADD CONSTRAINT IDX_COMMIT_STATUS_PK PRIMARY KEY (COMMIT_STATUS_ID);
+ALTER TABLE COMMIT_STATUS ADD CONSTRAINT IDX_COMMIT_STATUS_1
+  UNIQUE (USER_NAME, REPOSITORY_NAME, COMMIT_ID, CONTEXT);
+ALTER TABLE COMMIT_STATUS ADD CONSTRAINT IDX_COMMIT_STATUS_FK1
+  FOREIGN KEY (USER_NAME, REPOSITORY_NAME)
+  REFERENCES REPOSITORY (USER_NAME, REPOSITORY_NAME)
+  ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE COMMIT_STATUS ADD CONSTRAINT IDX_COMMIT_STATUS_FK2
+  FOREIGN KEY (USER_NAME) REFERENCES ACCOUNT (USER_NAME)
+  ON DELETE CASCADE ON UPDATE CASCADE;
+ALTER TABLE COMMIT_STATUS ADD CONSTRAINT IDX_COMMIT_STATUS_FK3
+  FOREIGN KEY (CREATOR) REFERENCES ACCOUNT (USER_NAME)
+  ON DELETE CASCADE ON UPDATE CASCADE;

src/main/scala/ScalatraBootstrap.scala

@@ -1,21 +1,31 @@
-import _root_.servlet.{PluginActionInvokeFilter, BasicAuthenticationFilter, TransactionFilter}
-import app._
-//import jp.sf.amateras.scalatra.forms.ValidationJavaScriptProvider
-import org.scalatra._
-import javax.servlet._
+
+import gitbucket.core.controller._
+import gitbucket.core.plugin.PluginRegistry
+import gitbucket.core.servlet.{AccessTokenAuthenticationFilter, BasicAuthenticationFilter, TransactionFilter}
+import gitbucket.core.util.Directory
+
 import java.util.EnumSet
+import javax.servlet._
+
+import org.scalatra._
+
 
 class ScalatraBootstrap extends LifeCycle {
   override def init(context: ServletContext) {
     // Register TransactionFilter and BasicAuthenticationFilter at first
     context.addFilter("transactionFilter", new TransactionFilter)
     context.getFilterRegistration("transactionFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
-    context.addFilter("pluginActionInvokeFilter", new PluginActionInvokeFilter)
-    context.getFilterRegistration("pluginActionInvokeFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/*")
     context.addFilter("basicAuthenticationFilter", new BasicAuthenticationFilter)
     context.getFilterRegistration("basicAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/git/*")
-
+    context.addFilter("accessTokenAuthenticationFilter", new AccessTokenAuthenticationFilter)
+    context.getFilterRegistration("accessTokenAuthenticationFilter").addMappingForUrlPatterns(EnumSet.allOf(classOf[DispatcherType]), true, "/api/v3/*")
     // Register controllers
+    context.mount(new AnonymousAccessController, "/*")
+
+    PluginRegistry().getControllers.foreach { case (controller, path) =>
+      context.mount(controller, path)
+    }
+
     context.mount(new IndexController, "/")
     context.mount(new SearchController, "/")
     context.mount(new FileUploadController, "/upload")
@@ -32,9 +42,9 @@ class ScalatraBootstrap extends LifeCycle {
     context.mount(new RepositorySettingsController, "/*")
 
     // Create GITBUCKET_HOME directory if it does not exist
-    val dir = new java.io.File(_root_.util.Directory.GitBucketHome)
+    val dir = new java.io.File(Directory.GitBucketHome)
     if(!dir.exists){
       dir.mkdirs()
     }
   }
-}
+}

src/main/scala/app/SystemSettingsController.scala

@@ -1,202 +0,0 @@
-package app
-
-import service.{AccountService, SystemSettingsService}
-import SystemSettingsService._
-import util.AdminAuthenticator
-import util.Directory._
-import util.ControlUtil._
-import jp.sf.amateras.scalatra.forms._
-import ssh.SshServer
-import org.apache.commons.io.FileUtils
-import java.io.FileInputStream
-import plugin.{Plugin, PluginSystem}
-import org.scalatra.Ok
-import util.Implicits._
-
-class SystemSettingsController extends SystemSettingsControllerBase
-  with AccountService with AdminAuthenticator
-
-trait SystemSettingsControllerBase extends ControllerBase {
-  self: AccountService with AdminAuthenticator =>
-
-  private val form = mapping(
-    "baseUrl"                  -> trim(label("Base URL", optional(text()))),
-    "information"              -> trim(label("Information", optional(text()))),
-    "allowAccountRegistration" -> trim(label("Account registration", boolean())),
-    "gravatar"                 -> trim(label("Gravatar", boolean())),
-    "notification"             -> trim(label("Notification", boolean())),
-    "ssh"                      -> trim(label("SSH access", boolean())),
-    "sshPort"                  -> trim(label("SSH port", optional(number()))),
-    "smtp"                     -> optionalIfNotChecked("notification", mapping(
-        "host"                     -> trim(label("SMTP Host", text(required))),
-        "port"                     -> trim(label("SMTP Port", optional(number()))),
-        "user"                     -> trim(label("SMTP User", optional(text()))),
-        "password"                 -> trim(label("SMTP Password", optional(text()))),
-        "ssl"                      -> trim(label("Enable SSL", optional(boolean()))),
-        "fromAddress"              -> trim(label("FROM Address", optional(text()))),
-        "fromName"                 -> trim(label("FROM Name", optional(text())))
-    )(Smtp.apply)),
-    "ldapAuthentication"       -> trim(label("LDAP", boolean())),
-    "ldap"                     -> optionalIfNotChecked("ldapAuthentication", mapping(
-        "host"                     -> trim(label("LDAP host", text(required))),
-        "port"                     -> trim(label("LDAP port", optional(number()))),
-        "bindDN"                   -> trim(label("Bind DN", optional(text()))),
-        "bindPassword"             -> trim(label("Bind Password", optional(text()))),
-        "baseDN"                   -> trim(label("Base DN", text(required))),
-        "userNameAttribute"        -> trim(label("User name attribute", text(required))),
-        "additionalFilterCondition"-> trim(label("Additional filter condition", optional(text()))),
-        "fullNameAttribute"        -> trim(label("Full name attribute", optional(text()))),
-        "mailAttribute"            -> trim(label("Mail address attribute", optional(text()))),
-        "tls"                      -> trim(label("Enable TLS", optional(boolean()))),
-        "keystore"                 -> trim(label("Keystore", optional(text())))
-    )(Ldap.apply))
-  )(SystemSettings.apply).verifying { settings =>
-    if(settings.ssh && settings.baseUrl.isEmpty){
-      Seq("baseUrl" -> "Base URL is required if SSH access is enabled.")
-    } else Nil
-  }
-
-  private val pluginForm = mapping(
-    "pluginId" -> list(trim(label("", text())))
-  )(PluginForm.apply)
-
-  case class PluginForm(pluginIds: List[String])
-
-  get("/admin/system")(adminOnly {
-    admin.html.system(flash.get("info"))
-  })
-
-  post("/admin/system", form)(adminOnly { form =>
-    saveSystemSettings(form)
-
-    if(form.ssh && SshServer.isActive && context.settings.sshPort != form.sshPort){
-      SshServer.stop()
-    }
-
-    if(form.ssh && !SshServer.isActive && form.baseUrl.isDefined){
-      SshServer.start(request.getServletContext,
-        form.sshPort.getOrElse(SystemSettingsService.DefaultSshPort),
-        form.baseUrl.get)
-    } else if(!form.ssh && SshServer.isActive){
-      SshServer.stop()
-    }
-
-    flash += "info" -> "System settings has been updated."
-    redirect("/admin/system")
-  })
-
-  get("/admin/plugins")(adminOnly {
-    if(enablePluginSystem){
-      val installedPlugins = plugin.PluginSystem.plugins
-      val updatablePlugins = getAvailablePlugins(installedPlugins).filter(_.status == "updatable")
-      admin.plugins.html.installed(installedPlugins, updatablePlugins)
-    } else NotFound
-  })
-
-  post("/admin/plugins/_update", pluginForm)(adminOnly { form =>
-    if(enablePluginSystem){
-      deletePlugins(form.pluginIds)
-      installPlugins(form.pluginIds)
-      redirect("/admin/plugins")
-    } else NotFound
-  })
-
-  post("/admin/plugins/_delete", pluginForm)(adminOnly { form =>
-    if(enablePluginSystem){
-      deletePlugins(form.pluginIds)
-      redirect("/admin/plugins")
-    } else NotFound
-  })
-
-  get("/admin/plugins/available")(adminOnly {
-    if(enablePluginSystem){
-      val installedPlugins = plugin.PluginSystem.plugins
-      val availablePlugins = getAvailablePlugins(installedPlugins).filter(_.status == "available")
-      admin.plugins.html.available(availablePlugins)
-    } else NotFound
-  })
-
-  post("/admin/plugins/_install", pluginForm)(adminOnly { form =>
-    if(enablePluginSystem){
-      installPlugins(form.pluginIds)
-      redirect("/admin/plugins")
-    } else NotFound
-  })
-
-  get("/admin/plugins/console")(adminOnly {
-    if(enablePluginSystem){
-      admin.plugins.html.console()
-    } else NotFound
-  })
-
-  post("/admin/plugins/console")(adminOnly {
-    if(enablePluginSystem){
-      val script = request.getParameter("script")
-      val result = plugin.ScalaPlugin.eval(script)
-      Ok()
-    } else NotFound
-  })
-
-  // TODO Move these methods to PluginSystem or Service?
-  private def deletePlugins(pluginIds: List[String]): Unit = {
-    pluginIds.foreach { pluginId =>
-      plugin.PluginSystem.uninstall(pluginId)
-      val dir = new java.io.File(PluginHome, pluginId)
-      if(dir.exists && dir.isDirectory){
-        FileUtils.deleteQuietly(dir)
-        PluginSystem.uninstall(pluginId)
-      }
-    }
-  }
-
-  private def installPlugins(pluginIds: List[String]): Unit = {
-    val dir = getPluginCacheDir()
-    val installedPlugins = plugin.PluginSystem.plugins
-    getAvailablePlugins(installedPlugins).filter(x => pluginIds.contains(x.id)).foreach { plugin =>
-      val pluginDir = new java.io.File(PluginHome, plugin.id)
-      if(pluginDir.exists){
-        FileUtils.deleteDirectory(pluginDir)
-      }
-      FileUtils.copyDirectory(new java.io.File(dir, plugin.repository + "/" + plugin.id), pluginDir)
-      PluginSystem.installPlugin(plugin.id)
-    }
-  }
-
-  private def getAvailablePlugins(installedPlugins: List[Plugin]): List[SystemSettingsControllerBase.AvailablePlugin] = {
-    val repositoryRoot = getPluginCacheDir()
-
-    if(repositoryRoot.exists && repositoryRoot.isDirectory){
-      PluginSystem.repositories.flatMap { repo =>
-        val repoDir = new java.io.File(repositoryRoot, repo.id)
-        if(repoDir.exists && repoDir.isDirectory){
-          repoDir.listFiles.filter(d => d.isDirectory && !d.getName.startsWith(".")).map { plugin =>
-            val propertyFile = new java.io.File(plugin, "plugin.properties")
-            val properties = new java.util.Properties()
-            if(propertyFile.exists && propertyFile.isFile){
-              using(new FileInputStream(propertyFile)){ in =>
-                properties.load(in)
-              }
-            }
-            SystemSettingsControllerBase.AvailablePlugin(
-              repository  = repo.id,
-              id          = properties.getProperty("id"),
-              version     = properties.getProperty("version"),
-              author      = properties.getProperty("author"),
-              url         = properties.getProperty("url"),
-              description = properties.getProperty("description"),
-              status      = installedPlugins.find(_.id == properties.getProperty("id")) match {
-                case Some(x) if(PluginSystem.isUpdatable(x.version, properties.getProperty("version")))=> "updatable"
-                case Some(x) => "installed"
-                case None    => "available"
-              })
-          }
-        } else Nil
-      }
-    } else Nil
-  }
-}
-
-object SystemSettingsControllerBase {
-  case class AvailablePlugin(repository: String, id: String, version: String,
-                             author: String, url: String, description: String, status: String)
-}

src/main/scala/gitbucket/core/api/ApiCombinedCommitStatus.scala

@@ -0,0 +1,25 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.{Account, CommitState, CommitStatus}
+
+
+/**
+ * https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref
+ */
+case class ApiCombinedCommitStatus(
+  state: String,
+  sha: String,
+  total_count: Int,
+  statuses: Iterable[ApiCommitStatus],
+  repository: ApiRepository){
+  // val commit_url = ApiPath(s"/api/v3/repos/${repository.full_name}/${sha}")
+  val url = ApiPath(s"/api/v3/repos/${repository.full_name}/commits/${sha}/status")
+}
+object ApiCombinedCommitStatus {
+  def apply(sha:String, statuses: Iterable[(CommitStatus, Account)], repository:ApiRepository): ApiCombinedCommitStatus = ApiCombinedCommitStatus(
+    state      = CommitState.combine(statuses.map(_._1.state).toSet).name,
+    sha        = sha,
+    total_count= statuses.size,
+    statuses   = statuses.map{ case (s, a)=> ApiCommitStatus(s, ApiUser(a)) },
+    repository = repository)
+}

src/main/scala/gitbucket/core/api/ApiComment.scala

@@ -0,0 +1,26 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.IssueComment
+
+import java.util.Date
+
+
+/**
+ * https://developer.github.com/v3/issues/comments/
+ */
+case class ApiComment(
+  id: Int,
+  user: ApiUser,
+  body: String,
+  created_at: Date,
+  updated_at: Date)
+
+object ApiComment{
+  def apply(comment: IssueComment, user: ApiUser): ApiComment =
+    ApiComment(
+      id = comment.commentId,
+      user = user,
+      body = comment.content,
+      created_at = comment.registeredDate,
+      updated_at = comment.updatedDate)
+}

src/main/scala/gitbucket/core/api/ApiCommit.scala

@@ -0,0 +1,48 @@
+package gitbucket.core.api
+
+import gitbucket.core.util.JGitUtil
+import gitbucket.core.util.JGitUtil.CommitInfo
+import gitbucket.core.util.RepositoryName
+
+import org.eclipse.jgit.diff.DiffEntry
+import org.eclipse.jgit.api.Git
+
+import java.util.Date
+
+/**
+ * https://developer.github.com/v3/repos/commits/
+ */
+case class ApiCommit(
+  id: String,
+  message: String,
+  timestamp: Date,
+  added: List[String],
+  removed: List[String],
+  modified: List[String],
+  author: ApiPersonIdent,
+  committer: ApiPersonIdent)(repositoryName:RepositoryName){
+  val url = ApiPath(s"/api/v3/${repositoryName.fullName}/commits/${id}")
+  val html_url = ApiPath(s"/${repositoryName.fullName}/commit/${id}")
+}
+
+object ApiCommit{
+  def apply(git: Git, repositoryName: RepositoryName, commit: CommitInfo): ApiCommit = {
+    val diffs = JGitUtil.getDiffs(git, commit.id, false)
+    ApiCommit(
+      id        = commit.id,
+      message   = commit.fullMessage,
+      timestamp = commit.commitTime,
+      added     = diffs._1.collect {
+        case x if x.changeType == DiffEntry.ChangeType.ADD    => x.newPath
+      },
+      removed   = diffs._1.collect {
+        case x if x.changeType == DiffEntry.ChangeType.DELETE => x.oldPath
+      },
+      modified  = diffs._1.collect {
+        case x if x.changeType != DiffEntry.ChangeType.ADD && x.changeType != DiffEntry.ChangeType.DELETE => x.newPath
+      },
+      author    = ApiPersonIdent.author(commit),
+      committer = ApiPersonIdent.committer(commit)
+    )(repositoryName)
+  }
+}

src/main/scala/gitbucket/core/api/ApiCommitListItem.scala

@@ -0,0 +1,42 @@
+package gitbucket.core.api
+
+import gitbucket.core.api.ApiCommitListItem._
+import gitbucket.core.util.JGitUtil.CommitInfo
+import gitbucket.core.util.RepositoryName
+
+
+/**
+ * https://developer.github.com/v3/repos/commits/
+ */
+case class ApiCommitListItem(
+  sha: String,
+  commit: Commit,
+  author: Option[ApiUser],
+  committer: Option[ApiUser],
+  parents: Seq[Parent])(repositoryName: RepositoryName) {
+  val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/commits/${sha}")
+}
+
+object ApiCommitListItem {
+  def apply(commit: CommitInfo, repositoryName: RepositoryName): ApiCommitListItem = ApiCommitListItem(
+    sha    = commit.id,
+    commit = Commit(
+      message   = commit.fullMessage,
+      author    = ApiPersonIdent.author(commit),
+      committer = ApiPersonIdent.committer(commit)
+      )(commit.id, repositoryName),
+    author    = None,
+    committer = None,
+    parents   = commit.parents.map(Parent(_)(repositoryName)))(repositoryName)
+
+  case class Parent(sha: String)(repositoryName: RepositoryName){
+    val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/commits/${sha}")
+  }
+
+  case class Commit(
+    message: String,
+    author: ApiPersonIdent,
+    committer: ApiPersonIdent)(sha:String, repositoryName: RepositoryName) {
+    val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/git/commits/${sha}")
+  }
+}

src/main/scala/gitbucket/core/api/ApiCommitStatus.scala

@@ -0,0 +1,38 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.CommitStatus
+import gitbucket.core.util.RepositoryName
+
+import java.util.Date
+
+
+/**
+ * https://developer.github.com/v3/repos/statuses/#create-a-status
+ * https://developer.github.com/v3/repos/statuses/#list-statuses-for-a-specific-ref
+ */
+case class ApiCommitStatus(
+  created_at: Date,
+  updated_at: Date,
+  state: String,
+  target_url: Option[String],
+  description: Option[String],
+  id: Int,
+  context: String,
+  creator: ApiUser
+)(sha: String, repositoryName: RepositoryName) {
+  val url = ApiPath(s"/api/v3/repos/${repositoryName.fullName}/commits/${sha}/statuses")
+}
+
+
+object ApiCommitStatus {
+  def apply(status: CommitStatus, creator:ApiUser): ApiCommitStatus = ApiCommitStatus(
+    created_at = status.registeredDate,
+    updated_at = status.updatedDate,
+    state      = status.state.name,
+    target_url = status.targetUrl,
+    description= status.description,
+    id         = status.commitStatusId,
+    context    = status.context,
+    creator    = creator
+  )(status.commitId, RepositoryName(status))
+}

src/main/scala/gitbucket/core/api/ApiError.scala

@@ -0,0 +1,5 @@
+package gitbucket.core.api
+
+case class ApiError(
+  message: String,
+  documentation_url: Option[String] = None)

src/main/scala/gitbucket/core/api/ApiIssue.scala

@@ -0,0 +1,31 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.Issue
+
+import java.util.Date
+
+
+/**
+ * https://developer.github.com/v3/issues/
+ */
+case class ApiIssue(
+  number: Int,
+  title: String,
+  user: ApiUser,
+  // labels,
+  state: String,
+  created_at: Date,
+  updated_at: Date,
+  body: String)
+
+object ApiIssue{
+  def apply(issue: Issue, user: ApiUser): ApiIssue =
+    ApiIssue(
+      number = issue.issueId,
+      title  = issue.title,
+      user   = user,
+      state  = if(issue.closed){ "closed" }else{ "open" },
+      body   = issue.content.getOrElse(""),
+      created_at = issue.registeredDate,
+      updated_at = issue.updatedDate)
+}

src/main/scala/gitbucket/core/api/ApiPath.scala

@@ -0,0 +1,6 @@
+package gitbucket.core.api
+
+/**
+ * path for api url. if set path '/repos/aa/bb' then, expand 'http://server:post/repos/aa/bb' when converted to json.
+ */
+case class ApiPath(path: String)

src/main/scala/gitbucket/core/api/ApiPersonIdent.scala

@@ -0,0 +1,25 @@
+package gitbucket.core.api
+
+import gitbucket.core.util.JGitUtil.CommitInfo
+
+import java.util.Date
+
+
+case class ApiPersonIdent(
+  name: String,
+  email: String,
+  date: Date)
+
+
+object ApiPersonIdent {
+  def author(commit: CommitInfo): ApiPersonIdent =
+    ApiPersonIdent(
+      name  = commit.authorName,
+      email = commit.authorEmailAddress,
+      date  = commit.authorTime)
+  def committer(commit: CommitInfo): ApiPersonIdent =
+    ApiPersonIdent(
+      name  = commit.committerName,
+      email = commit.committerEmailAddress,
+      date  = commit.commitTime)
+}

src/main/scala/gitbucket/core/api/ApiPullRequest.scala

@@ -0,0 +1,59 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.{Issue, PullRequest}
+
+import java.util.Date
+
+
+/**
+ * https://developer.github.com/v3/pulls/
+ */
+case class ApiPullRequest(
+  number: Int,
+  updated_at: Date,
+  created_at: Date,
+  head: ApiPullRequest.Commit,
+  base: ApiPullRequest.Commit,
+  mergeable: Option[Boolean],
+  title: String,
+  body: String,
+  user: ApiUser) {
+  val html_url            = ApiPath(s"${base.repo.html_url.path}/pull/${number}")
+  //val diff_url            = ApiPath(s"${base.repo.html_url.path}/pull/${number}.diff")
+  //val patch_url           = ApiPath(s"${base.repo.html_url.path}/pull/${number}.patch")
+  val url                 = ApiPath(s"${base.repo.url.path}/pulls/${number}")
+  //val issue_url           = ApiPath(s"${base.repo.url.path}/issues/${number}")
+  val commits_url         = ApiPath(s"${base.repo.url.path}/pulls/${number}/commits")
+  val review_comments_url = ApiPath(s"${base.repo.url.path}/pulls/${number}/comments")
+  val review_comment_url  = ApiPath(s"${base.repo.url.path}/pulls/comments/{number}")
+  val comments_url        = ApiPath(s"${base.repo.url.path}/issues/${number}/comments")
+  val statuses_url        = ApiPath(s"${base.repo.url.path}/statuses/${head.sha}")
+}
+
+object ApiPullRequest{
+  def apply(issue: Issue, pullRequest: PullRequest, headRepo: ApiRepository, baseRepo: ApiRepository, user: ApiUser): ApiPullRequest = ApiPullRequest(
+      number     = issue.issueId,
+      updated_at = issue.updatedDate,
+      created_at = issue.registeredDate,
+      head       = Commit(
+                     sha  = pullRequest.commitIdTo,
+                     ref  = pullRequest.requestBranch,
+                     repo = headRepo)(issue.userName),
+      base       = Commit(
+                     sha  = pullRequest.commitIdFrom,
+                     ref  = pullRequest.branch,
+                     repo = baseRepo)(issue.userName),
+      mergeable  = None, // TODO: need check mergeable.
+      title      = issue.title,
+      body       = issue.content.getOrElse(""),
+      user       = user
+    )
+
+  case class Commit(
+    sha: String,
+    ref: String,
+    repo: ApiRepository)(baseOwner:String){
+    val label = if( baseOwner == repo.owner.login ){ ref }else{ s"${repo.owner.login}:${ref}" }
+    val user = repo.owner
+  }
+}

src/main/scala/gitbucket/core/api/ApiRepository.scala

@@ -0,0 +1,48 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.{Account, Repository}
+import gitbucket.core.service.RepositoryService.RepositoryInfo
+
+
+// https://developer.github.com/v3/repos/
+case class ApiRepository(
+  name: String,
+  full_name: String,
+  description: String,
+  watchers: Int,
+  forks: Int,
+  `private`: Boolean,
+  default_branch: String,
+  owner: ApiUser) {
+  val forks_count   = forks
+  val watchers_coun = watchers
+  val url       = ApiPath(s"/api/v3/repos/${full_name}")
+  val http_url  = ApiPath(s"/git/${full_name}.git")
+  val clone_url = ApiPath(s"/git/${full_name}.git")
+  val html_url  = ApiPath(s"/${full_name}")
+}
+
+object ApiRepository{
+  def apply(
+      repository: Repository,
+      owner: ApiUser,
+      forkedCount: Int =0,
+      watchers: Int = 0): ApiRepository =
+    ApiRepository(
+      name        = repository.repositoryName,
+      full_name   = s"${repository.userName}/${repository.repositoryName}",
+      description = repository.description.getOrElse(""),
+      watchers    = 0,
+      forks       = forkedCount,
+      `private`   = repository.isPrivate,
+      default_branch = repository.defaultBranch,
+      owner       = owner
+    )
+
+  def apply(repositoryInfo: RepositoryInfo, owner: ApiUser): ApiRepository =
+    ApiRepository(repositoryInfo.repository, owner, forkedCount=repositoryInfo.forkedCount)
+
+  def apply(repositoryInfo: RepositoryInfo, owner: Account): ApiRepository =
+    this(repositoryInfo.repository, ApiUser(owner))
+
+}

src/main/scala/gitbucket/core/api/ApiUser.scala

@@ -0,0 +1,36 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.Account
+
+import java.util.Date
+
+
+case class ApiUser(
+  login: String,
+  email: String,
+  `type`: String,
+  site_admin: Boolean,
+  created_at: Date) {
+  val url                 = ApiPath(s"/api/v3/users/${login}")
+  val html_url            = ApiPath(s"/${login}")
+  // val followers_url       = ApiPath(s"/api/v3/users/${login}/followers")
+  // val following_url       = ApiPath(s"/api/v3/users/${login}/following{/other_user}")
+  // val gists_url           = ApiPath(s"/api/v3/users/${login}/gists{/gist_id}")
+  // val starred_url         = ApiPath(s"/api/v3/users/${login}/starred{/owner}{/repo}")
+  // val subscriptions_url   = ApiPath(s"/api/v3/users/${login}/subscriptions")
+  // val organizations_url   = ApiPath(s"/api/v3/users/${login}/orgs")
+  // val repos_url           = ApiPath(s"/api/v3/users/${login}/repos")
+  // val events_url          = ApiPath(s"/api/v3/users/${login}/events{/privacy}")
+  // val received_events_url = ApiPath(s"/api/v3/users/${login}/received_events")
+}
+
+
+object ApiUser{
+  def apply(user: Account): ApiUser = ApiUser(
+    login      = user.fullName,
+    email      = user.mailAddress,
+    `type`     = if(user.isGroupAccount){ "Organization" }else{ "User" },
+    site_admin = user.isAdmin,
+    created_at = user.registeredDate
+  )
+}

src/main/scala/gitbucket/core/api/CreateAComment.scala

@@ -0,0 +1,7 @@
+package gitbucket.core.api
+
+/**
+ * https://developer.github.com/v3/issues/comments/#create-a-comment
+ * api form
+ */
+case class CreateAComment(body: String)

src/main/scala/gitbucket/core/api/CreateAStatus.scala

@@ -0,0 +1,26 @@
+package gitbucket.core.api
+
+import gitbucket.core.model.CommitState
+
+/**
+ * https://developer.github.com/v3/repos/statuses/#create-a-status
+ * api form
+ */
+case class CreateAStatus(
+  /* state is Required. The state of the status. Can be one of pending, success, error, or failure. */
+  state: String,
+  /* context is a string label to differentiate this status from the status of other systems. Default: "default" */
+  context: Option[String],
+  /* The target URL to associate with this status. This URL will be linked from the GitHub UI to allow users to easily see the ‘source’ of the Status. */
+  target_url: Option[String],
+  /* description is a short description of the status.*/
+  description: Option[String]
+) {
+  def isValid: Boolean = {
+    CommitState.valueOf(state).isDefined &&
+      // only http
+      target_url.filterNot(f => "\\Ahttps?://".r.findPrefixOf(f).isDefined && f.length<255).isEmpty &&
+      context.filterNot(f => f.length<255).isEmpty &&
+      description.filterNot(f => f.length<1000).isEmpty
+  }
+}

src/main/scala/gitbucket/core/api/JsonFormat.scala

@@ -0,0 +1,44 @@
+package gitbucket.core.api
+
+import org.joda.time.DateTime
+import org.joda.time.DateTimeZone
+import org.joda.time.format._
+import org.json4s._
+import org.json4s.jackson.Serialization
+
+import java.util.Date
+
+import scala.util.Try
+
+
+object JsonFormat {
+  case class Context(baseUrl:String)
+  val parserISO = DateTimeFormat.forPattern("yyyy-MM-dd'T'HH:mm:ss'Z'")
+  val jsonFormats = Serialization.formats(NoTypeHints) + new CustomSerializer[Date](format =>
+    (
+      { case JString(s) => Try(parserISO.parseDateTime(s)).toOption.map(_.toDate)
+        .getOrElse(throw new MappingException("Can't convert " + s + " to Date")) },
+      { case x: Date => JString(parserISO.print(new DateTime(x).withZone(DateTimeZone.UTC))) }
+    )
+  ) + FieldSerializer[ApiUser]() + FieldSerializer[ApiPullRequest]() + FieldSerializer[ApiRepository]() +
+    FieldSerializer[ApiCommitListItem.Parent]() + FieldSerializer[ApiCommitListItem]() + FieldSerializer[ApiCommitListItem.Commit]() +
+    FieldSerializer[ApiCommitStatus]() + FieldSerializer[ApiCommit]() + FieldSerializer[ApiCombinedCommitStatus]() +
+    FieldSerializer[ApiPullRequest.Commit]()
+
+
+  def apiPathSerializer(c: Context) = new CustomSerializer[ApiPath](format =>
+      (
+        {
+          case JString(s) if s.startsWith(c.baseUrl) => ApiPath(s.substring(c.baseUrl.length))
+          case JString(s) => throw new MappingException("Can't convert " + s + " to ApiPath")
+        },
+        {
+          case ApiPath(path) => JString(c.baseUrl+path)
+        }
+      )
+    )
+  /**
+   * convert object to json string
+   */
+  def apply(obj: AnyRef)(implicit c: Context): String = Serialization.write(obj)(jsonFormats + apiPathSerializer(c))
+}

src/main/scala/gitbucket/core/controller/AccountController.scala

@@ -1,27 +1,35 @@
-package app
+package gitbucket.core.controller
+
+import gitbucket.core.account.html
+import gitbucket.core.api._
+import gitbucket.core.helper
+import gitbucket.core.model.GroupMember
+import gitbucket.core.service._
+import gitbucket.core.ssh.SshUtil
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Directory._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util.StringUtil._
+import gitbucket.core.util._
 
-import service._
-import util._
-import util.StringUtil._
-import util.Directory._
-import util.ControlUtil._
-import util.Implicits._
-import ssh.SshUtil
 import jp.sf.amateras.scalatra.forms._
 import org.apache.commons.io.FileUtils
-import org.scalatra.i18n.Messages
 import org.eclipse.jgit.api.Git
-import org.eclipse.jgit.lib.{FileMode, Constants}
 import org.eclipse.jgit.dircache.DirCache
-import model.GroupMember
+import org.eclipse.jgit.lib.{FileMode, Constants}
+import org.scalatra.i18n.Messages
+
 
 class AccountController extends AccountControllerBase
   with AccountService with RepositoryService with ActivityService with WikiService with LabelsService with SshKeyService
   with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator
+  with AccessTokenService with WebHookService
+
 
 trait AccountControllerBase extends AccountManagementControllerBase {
   self: AccountService with RepositoryService with ActivityService with WikiService with LabelsService with SshKeyService
-    with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator =>
+    with OneselfAuthenticator with UsersAuthenticator with GroupManagerAuthenticator with ReadableUsersAuthenticator
+    with AccessTokenService with WebHookService =>
 
   case class AccountNewForm(userName: String, password: String, fullName: String, mailAddress: String,
                             url: Option[String], fileId: Option[String])
@@ -31,6 +39,8 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   case class SshKeyForm(title: String, publicKey: String)
 
+  case class PersonalTokenForm(note: String)
+
   val newForm = mapping(
     "userName"    -> trim(label("User name"    , text(required, maxlength(100), identifier, uniqueUserName))),
     "password"    -> trim(label("Password"     , text(required, maxlength(20)))),
@@ -54,6 +64,10 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     "publicKey" -> trim(label("Key"  , text(required, validPublicKey)))
   )(SshKeyForm.apply)
 
+  val personalTokenForm = mapping(
+    "note"     -> trim(label("Token", text(required, maxlength(100))))
+  )(PersonalTokenForm.apply)
+
   case class NewGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String)
   case class EditGroupForm(groupName: String, url: Option[String], fileId: Option[String], members: String, clearImage: Boolean)
 
@@ -88,6 +102,12 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     "name"  -> trim(label("Repository name",  text(required)))
   )(ForkRepositoryForm.apply)
 
+  case class AccountForm(accountName: String)
+
+  val accountForm = mapping(
+    "account" -> trim(label("Group/User name", text(required, validAccountName)))
+  )(AccountForm.apply)
+
   /**
    * Displays user information.
    */
@@ -97,21 +117,21 @@ trait AccountControllerBase extends AccountManagementControllerBase {
       params.getOrElse("tab", "repositories") match {
         // Public Activity
         case "activity" =>
-          _root_.account.html.activity(account,
+          gitbucket.core.account.html.activity(account,
             if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
             getActivitiesByUser(userName, true))
 
         // Members
         case "members" if(account.isGroupAccount) => {
           val members = getGroupMembers(account.userName)
-          _root_.account.html.members(account, members.map(_.userName),
+          gitbucket.core.account.html.members(account, members.map(_.userName),
             context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
         }
 
         // Repositories
         case _ => {
           val members = getGroupMembers(account.userName)
-          _root_.account.html.repositories(account,
+          gitbucket.core.account.html.repositories(account,
             if(account.isGroupAccount) Nil else getGroupsByUserName(userName),
             getVisibleRepositories(context.loginAccount, context.baseUrl, Some(userName)),
             context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager }))
@@ -129,18 +149,36 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   get("/:userName/_avatar"){
     val userName = params("userName")
     getAccountByUserName(userName).flatMap(_.image).map { image =>
-      contentType = FileUtil.getMimeType(image)
-      new java.io.File(getUserUploadDir(userName), image)
+      RawData(FileUtil.getMimeType(image), new java.io.File(getUserUploadDir(userName), image))
     } getOrElse {
       contentType = "image/png"
       Thread.currentThread.getContextClassLoader.getResourceAsStream("noimage.png")
     }
   }
 
+  /**
+   * https://developer.github.com/v3/users/#get-a-single-user
+   */
+  get("/api/v3/users/:userName") {
+    getAccountByUserName(params("userName")).map { account =>
+      JsonFormat(ApiUser(account))
+    } getOrElse NotFound
+  }
+
+  /**
+   * https://developer.github.com/v3/users/#get-the-authenticated-user
+   */
+  get("/api/v3/user") {
+    context.loginAccount.map { account =>
+      JsonFormat(ApiUser(account))
+    } getOrElse Unauthorized
+  }
+
+
   get("/:userName/_edit")(oneselfOnly {
     val userName = params("userName")
     getAccountByUserName(userName).map { x =>
-      account.html.edit(x, flash.get("info"))
+      html.edit(x, flash.get("info"))
     } getOrElse NotFound
   })
 
@@ -184,7 +222,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   get("/:userName/_ssh")(oneselfOnly {
     val userName = params("userName")
     getAccountByUserName(userName).map { x =>
-      account.html.ssh(x, getPublicKeys(x.userName))
+      html.ssh(x, getPublicKeys(x.userName))
     } getOrElse NotFound
   })
 
@@ -201,12 +239,46 @@ trait AccountControllerBase extends AccountManagementControllerBase {
     redirect(s"/${userName}/_ssh")
   })
 
+  get("/:userName/_application")(oneselfOnly {
+    val userName = params("userName")
+    getAccountByUserName(userName).map { x =>
+      var tokens = getAccessTokens(x.userName)
+      val generatedToken = flash.get("generatedToken") match {
+        case Some((tokenId:Int, token:String)) => {
+          val gt = tokens.find(_.accessTokenId == tokenId)
+          gt.map{ t =>
+            tokens = tokens.filterNot(_ == t)
+            (t, token)
+          }
+        }
+        case _ => None
+      }
+      html.application(x, tokens, generatedToken)
+    } getOrElse NotFound
+  })
+
+  post("/:userName/_personalToken", personalTokenForm)(oneselfOnly { form =>
+    val userName = params("userName")
+    getAccountByUserName(userName).map { x =>
+      val (tokenId, token) = generateAccessToken(userName, form.note)
+      flash += "generatedToken" -> (tokenId, token)
+    }
+    redirect(s"/${userName}/_application")
+  })
+
+  get("/:userName/_personalToken/delete/:id")(oneselfOnly {
+    val userName = params("userName")
+    val tokenId = params("id").toInt
+    deleteAccessToken(userName, tokenId)
+    redirect(s"/${userName}/_application")
+  })
+
   get("/register"){
     if(context.settings.allowAccountRegistration){
       if(context.loginAccount.isDefined){
         redirect("/")
       } else {
-        account.html.register()
+        html.register()
       }
     } else NotFound
   }
@@ -220,7 +292,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   }
 
   get("/groups/new")(usersOnly {
-    account.html.group(None, List(GroupMember("", context.loginAccount.get.userName, true)))
+    html.group(None, List(GroupMember("", context.loginAccount.get.userName, true)))
   })
 
   post("/groups/new", newGroupForm)(usersOnly { form =>
@@ -236,7 +308,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
   get("/:groupName/_editgroup")(managersOnly {
     defining(params("groupName")){ groupName =>
-      account.html.group(getAccountByUserName(groupName, true), getGroupMembers(groupName))
+      html.group(getAccountByUserName(groupName, true), getGroupMembers(groupName))
     }
   })
 
@@ -285,7 +357,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
    * Show the new repository form.
    */
   get("/new")(usersOnly {
-    account.html.newrepo(getGroupsByUserName(context.loginAccount.get.userName))
+    html.newrepo(getGroupsByUserName(context.loginAccount.get.userName), context.settings.isCreateRepoOptionPublic)
   })
 
   /**
@@ -354,11 +426,31 @@ trait AccountControllerBase extends AccountManagementControllerBase {
   get("/:owner/:repository/fork")(readableUsersOnly { repository =>
     val loginAccount   = context.loginAccount.get
     val loginUserName  = loginAccount.userName
+    val groups         = getGroupsByUserName(loginUserName)
+    groups match {
+      case _: List[String] =>
+        val managerPermissions = groups.map { group =>
+          val members = getGroupMembers(group)
+          context.loginAccount.exists(x => members.exists { member => member.userName == x.userName && member.isManager })
+        }
+        helper.html.forkrepository(
+          repository,
+          (groups zip managerPermissions).toMap
+        )
+      case _ => redirect(s"/${loginUserName}")
+    }
+  })
 
-    LockUtil.lock(s"${loginUserName}/${repository.name}"){
-      if(repository.owner == loginUserName || getRepository(loginAccount.userName, repository.name, baseUrl).isDefined){
+  post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
+    val loginAccount  = context.loginAccount.get
+    val loginUserName = loginAccount.userName
+    val accountName   = form.accountName
+
+    LockUtil.lock(s"${accountName}/${repository.name}"){
+      if(getRepository(accountName, repository.name, baseUrl).isDefined ||
+          (accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))){
         // redirect to the repository if repository already exists
-        redirect(s"/${loginUserName}/${repository.name}")
+        redirect(s"/${accountName}/${repository.name}")
       } else {
         // Insert to the database at first
         val originUserName = repository.repository.originUserName.getOrElse(repository.owner)
@@ -366,7 +458,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
 
         createRepository(
           repositoryName       = repository.name,
-          userName             = loginUserName,
+          userName             = accountName,
           description          = repository.repository.description,
           isPrivate            = repository.repository.isPrivate,
           originRepositoryName = Some(originRepositoryName),
@@ -376,22 +468,22 @@ trait AccountControllerBase extends AccountManagementControllerBase {
         )
 
         // Insert default labels
-        insertDefaultLabels(loginUserName, repository.name)
+        insertDefaultLabels(accountName, repository.name)
 
         // clone repository actually
         JGitUtil.cloneRepository(
           getRepositoryDir(repository.owner, repository.name),
-          getRepositoryDir(loginUserName, repository.name))
+          getRepositoryDir(accountName, repository.name))
 
         // Create Wiki repository
         JGitUtil.cloneRepository(
           getWikiRepositoryDir(repository.owner, repository.name),
-          getWikiRepositoryDir(loginUserName, repository.name))
+          getWikiRepositoryDir(accountName, repository.name))
 
         // Record activity
-        recordForkActivity(repository.owner, repository.name, loginUserName)
+        recordForkActivity(repository.owner, repository.name, loginUserName, accountName)
         // redirect to the repository
-        redirect(s"/${loginUserName}/${repository.name}")
+        redirect(s"/${accountName}/${repository.name}")
       }
     }
   })
@@ -431,4 +523,13 @@ trait AccountControllerBase extends AccountManagementControllerBase {
      case None => Some("Key is invalid.")
     }
   }
+
+  private def validAccountName: Constraint = new Constraint(){
+    override def validate(name: String, value: String, messages: Messages): Option[String] = {
+      getAccountByUserName(value) match {
+        case Some(_) => None
+        case None => Some("Invalid Group/User Account.")
+      }
+    }
+  }
 }

src/main/scala/gitbucket/core/controller/AnonymousAccessController.scala

@@ -0,0 +1,14 @@
+package gitbucket.core.controller
+
+class AnonymousAccessController extends AnonymousAccessControllerBase
+
+trait AnonymousAccessControllerBase extends ControllerBase {
+  get(!context.settings.allowAnonymousAccess, context.loginAccount.isEmpty) {
+    if(!context.currentPath.startsWith("/assets") && !context.currentPath.startsWith("/signin") &&
+      !context.currentPath.startsWith("/register")) {
+      Unauthorized()
+    } else {
+      pass()
+    }
+  }
+}

src/main/scala/gitbucket/core/controller/ControllerBase.scala

@@ -1,19 +1,25 @@
-package app
+package gitbucket.core.controller
+
+import gitbucket.core.api.ApiError
+import gitbucket.core.model.Account
+import gitbucket.core.service.{AccountService, SystemSettingsService}
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Directory._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util._
 
-import _root_.util.Directory._
-import _root_.util.Implicits._
-import _root_.util.ControlUtil._
-import _root_.util.{StringUtil, FileUtil, Validations, Keys}
-import org.scalatra._
-import org.scalatra.json._
-import org.json4s._
 import jp.sf.amateras.scalatra.forms._
 import org.apache.commons.io.FileUtils
-import model._
-import service.{SystemSettingsService, AccountService}
+import org.json4s._
+import org.scalatra._
+import org.scalatra.i18n._
+import org.scalatra.json._
+
 import javax.servlet.http.{HttpServletResponse, HttpServletRequest}
 import javax.servlet.{FilterChain, ServletResponse, ServletRequest}
-import org.scalatra.i18n._
+
+import scala.util.Try
+
 
 /**
  * Provides generic features for controller implementations.
@@ -51,6 +57,9 @@ abstract class ControllerBase extends ScalatraFilter
       // Git repository
       chain.doFilter(request, response)
     } else {
+      if(path.startsWith("/api/v3/")){
+        httpRequest.setAttribute(Keys.Request.APIv3, true)
+      }
       // Scalatra actions
       super.doFilter(request, response, chain)
     }
@@ -74,7 +83,7 @@ abstract class ControllerBase extends ScalatraFilter
     }
   }
 
-  private def LoginAccount: Option[Account] = session.getAs[Account](Keys.Session.LoginAccount)
+  private def LoginAccount: Option[Account] = request.getAs[Account](Keys.Session.LoginAccount).orElse(session.getAs[Account](Keys.Session.LoginAccount))
 
   def ajaxGet(path : String)(action : => Any) : Route =
     super.get(path){
@@ -103,13 +112,19 @@ abstract class ControllerBase extends ScalatraFilter
   protected def NotFound() =
     if(request.hasAttribute(Keys.Request.Ajax)){
       org.scalatra.NotFound()
+    } else if(request.hasAttribute(Keys.Request.APIv3)){
+      contentType = formats("json")
+      org.scalatra.NotFound(ApiError("Not Found"))
     } else {
-      org.scalatra.NotFound(html.error("Not Found"))
+      org.scalatra.NotFound(gitbucket.core.html.error("Not Found"))
     }
 
-  protected def Unauthorized()(implicit context: app.Context) =
+  protected def Unauthorized()(implicit context: Context) =
     if(request.hasAttribute(Keys.Request.Ajax)){
       org.scalatra.Unauthorized()
+    } else if(request.hasAttribute(Keys.Request.APIv3)){
+      contentType = formats("json")
+      org.scalatra.Unauthorized(ApiError("Requires authentication"))
     } else {
       if(context.loginAccount.isDefined){
         org.scalatra.Unauthorized(redirect("/"))
@@ -134,6 +149,27 @@ abstract class ControllerBase extends ScalatraFilter
     if (path.startsWith("http")) path
     else baseUrl + super.url(path, params, false, false, false)
 
+  /**
+   * Use this method to response the raw data against XSS.
+   */
+  protected def RawData[T](contentType: String, rawData: T): T = {
+    if(contentType.split(";").head.trim.toLowerCase.startsWith("text/html")){
+      this.contentType = "text/plain"
+    } else {
+      this.contentType = contentType
+    }
+    response.addHeader("X-Content-Type-Options", "nosniff")
+    rawData
+  }
+
+  // jenkins send message as 'application/x-www-form-urlencoded' but scalatra already parsed as multi-part-request.
+  def extractFromJsonBody[A](implicit request:HttpServletRequest, mf:Manifest[A]): Option[A] = {
+    (request.contentType.map(_.split(";").head.toLowerCase) match{
+      case Some("application/x-www-form-urlencoded") => multiParams.keys.headOption.map(parse(_))
+      case Some("application/json") => Some(parsedBody)
+      case _ => Some(parse(request.body))
+    }).filterNot(_ == JNothing).flatMap(j => Try(j.extract[A]).toOption)
+  }
 }
 
 /**

src/main/scala/gitbucket/core/controller/DashboardController.scala

@@ -1,9 +1,10 @@
-package app
+package gitbucket.core.controller
 
-import service._
-import util.{StringUtil, UsersAuthenticator, Keys}
-import util.Implicits._
-import service.IssuesService.IssueSearchCondition
+import gitbucket.core.dashboard.html
+import gitbucket.core.service.{RepositoryService, PullRequestService, AccountService, IssuesService}
+import gitbucket.core.util.{StringUtil, Keys, UsersAuthenticator}
+import gitbucket.core.util.Implicits._
+import gitbucket.core.service.IssuesService._
 
 class DashboardController extends DashboardControllerBase
   with IssuesService with PullRequestService with RepositoryService with AccountService
@@ -96,7 +97,7 @@ trait DashboardControllerBase extends ControllerBase {
     val userRepos = getUserRepositories(userName, context.baseUrl, true).map(repo => repo.owner -> repo.name)
     val page      = IssueSearchCondition.page(request)
 
-    dashboard.html.issues(
+    html.issues(
       searchIssue(condition, false, (page - 1) * IssueLimit, IssueLimit, userRepos: _*),
       page,
       countIssue(condition.copy(state = "open"  ), false, userRepos: _*),
@@ -119,7 +120,7 @@ trait DashboardControllerBase extends ControllerBase {
     val allRepos  = getAllRepositories(userName)
     val page      = IssueSearchCondition.page(request)
 
-    dashboard.html.pulls(
+    html.pulls(
       searchIssue(condition, true, (page - 1) * PullRequestLimit, PullRequestLimit, allRepos: _*),
       page,
       countIssue(condition.copy(state = "open"  ), true, allRepos: _*),

src/main/scala/gitbucket/core/controller/FileUploadController.scala

@@ -1,8 +1,8 @@
-package app
+package gitbucket.core.controller
 
-import util.{Keys, FileUtil}
-import util.ControlUtil._
-import util.Directory._
+import gitbucket.core.util.{Keys, FileUtil}
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Directory._
 import org.scalatra._
 import org.scalatra.servlet.{MultipartConfig, FileUploadSupport, FileItem}
 import org.apache.commons.io.FileUtils

src/main/scala/gitbucket/core/controller/IndexController.scala

@@ -1,13 +1,20 @@
-package app
+package gitbucket.core.controller
+
+import gitbucket.core.api._
+import gitbucket.core.helper.xml
+import gitbucket.core.html
+import gitbucket.core.model.Account
+import gitbucket.core.service.{RepositoryService, ActivityService, AccountService}
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util.{LDAPUtil, Keys, UsersAuthenticator}
 
-import util._
-import util.Implicits._
-import service._
 import jp.sf.amateras.scalatra.forms._
 
+
 class IndexController extends IndexControllerBase 
   with RepositoryService with ActivityService with AccountService with UsersAuthenticator
 
+
 trait IndexControllerBase extends ControllerBase {
   self: RepositoryService with ActivityService with AccountService with UsersAuthenticator =>
 
@@ -61,13 +68,13 @@ trait IndexControllerBase extends ControllerBase {
 
   get("/activities.atom"){
     contentType = "application/atom+xml; type=feed"
-    helper.xml.feed(getRecentActivities())
+    xml.feed(getRecentActivities())
   }
 
   /**
    * Set account information into HttpSession and redirect.
    */
-  private def signin(account: model.Account) = {
+  private def signin(account: Account) = {
     session.setAttribute(Keys.Session.LoginAccount, account)
     updateLastLoginDate(account.userName)
 
@@ -103,4 +110,13 @@ trait IndexControllerBase extends ControllerBase {
     getAccountByUserName(params("userName")).isDefined
   })
 
+  /**
+   * @see https://developer.github.com/v3/rate_limit/#get-your-current-rate-limit-status
+   * but not enabled.
+   */
+  get("/api/v3/rate_limit"){
+    contentType = formats("json")
+    // this message is same as github enterprise...
+    org.scalatra.NotFound(ApiError("Rate limiting is not enabled."))
+  }
 }

src/main/scala/gitbucket/core/controller/IssuesController.scala

@@ -1,22 +1,27 @@
-package app
+package gitbucket.core.controller
+
+import gitbucket.core.api._
+import gitbucket.core.issues.html
+import gitbucket.core.model.Issue
+import gitbucket.core.service.IssuesService._
+import gitbucket.core.service._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util._
+import gitbucket.core.view
+import gitbucket.core.view.Markdown
 
 import jp.sf.amateras.scalatra.forms._
-
-import service._
-import IssuesService._
-import util._
-import util.Implicits._
-import util.ControlUtil._
 import org.scalatra.Ok
-import model.Issue
+
 
 class IssuesController extends IssuesControllerBase
   with IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService
-  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService
 
 trait IssuesControllerBase extends ControllerBase {
   self: IssuesService with RepositoryService with AccountService with LabelsService with MilestonesService with ActivityService
-    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator =>
+    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with WebHookIssueCommentService =>
 
   case class IssueCreateForm(title: String, content: Option[String],
     assignedUserName: Option[String], milestoneId: Option[Int], labelNames: Option[String])
@@ -60,7 +65,7 @@ trait IssuesControllerBase extends ControllerBase {
   get("/:owner/:repository/issues/:id")(referrersOnly { repository =>
     defining(repository.owner, repository.name, params("id")){ case (owner, name, issueId) =>
       getIssue(owner, name, issueId) map {
-        issues.html.issue(
+        html.issue(
           _,
           getComments(owner, name, issueId.toInt),
           getIssueLabels(owner, name, issueId.toInt),
@@ -73,9 +78,21 @@ trait IssuesControllerBase extends ControllerBase {
     }
   })
 
+  /**
+   * https://developer.github.com/v3/issues/comments/#list-comments-on-an-issue
+   */
+  get("/api/v3/repos/:owner/:repository/issues/:id/comments")(referrersOnly { repository =>
+    (for{
+      issueId <- params("id").toIntOpt
+      comments = getCommentsForApi(repository.owner, repository.name, issueId.toInt)
+    } yield {
+      JsonFormat(comments.map{ case (issueComment, user) => ApiComment(issueComment, ApiUser(user)) })
+    }).getOrElse(NotFound)
+  })
+
   get("/:owner/:repository/issues/new")(readableUsersOnly { repository =>
     defining(repository.owner, repository.name){ case (owner, name) =>
-      issues.html.create(
+      html.create(
         (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
           getMilestones(owner, name),
           getLabels(owner, name),
@@ -109,9 +126,12 @@ trait IssuesControllerBase extends ControllerBase {
       // record activity
       recordCreateIssueActivity(owner, name, userName, issueId, form.title)
 
-      // extract references and create refer comment
       getIssue(owner, name, issueId.toString).foreach { issue =>
+        // extract references and create refer comment
         createReferComment(owner, name, issue, form.title + " " + form.content.getOrElse(""))
+
+        // call web hooks
+        callIssuesWebHook("opened", repository, issue, context.baseUrl, context.loginAccount.get)
       }
 
       // notifications
@@ -160,6 +180,20 @@ trait IssuesControllerBase extends ControllerBase {
     } getOrElse NotFound
   })
 
+  /**
+   * https://developer.github.com/v3/issues/comments/#create-a-comment
+   */
+  post("/api/v3/repos/:owner/:repository/issues/:id/comments")(readableUsersOnly { repository =>
+    (for{
+      issueId <- params("id").toIntOpt
+      body <- extractFromJsonBody[CreateAComment].map(_.body) if ! body.isEmpty
+      (issue, id) <- handleComment(issueId, Some(body), repository)()
+      issueComment <- getComment(repository.owner, repository.name, id.toString())
+    } yield {
+      JsonFormat(ApiComment(issueComment, ApiUser(context.loginAccount.get)))
+    }) getOrElse NotFound
+  })
+
   post("/:owner/:repository/issue_comments/state", issueStateForm)(readableUsersOnly { (form, repository) =>
     handleComment(form.issueId, form.content, repository)() map { case (issue, id) =>
       redirect(s"/${repository.owner}/${repository.name}/${
@@ -192,13 +226,13 @@ trait IssuesControllerBase extends ControllerBase {
     getIssue(repository.owner, repository.name, params("id")) map { x =>
       if(isEditable(x.userName, x.repositoryName, x.openedUserName)){
         params.get("dataType") collect {
-          case t if t == "html" => issues.html.editissue(
+          case t if t == "html" => html.editissue(
               x.content, x.issueId, x.userName, x.repositoryName)
         } getOrElse {
           contentType = formats("json")
           org.json4s.jackson.Serialization.write(
               Map("title"   -> x.title,
-                  "content" -> view.Markdown.toHtml(x.content getOrElse "No description given.",
+                  "content" -> Markdown.toHtml(x.content getOrElse "No description given.",
                       repository, false, true, true, isEditable(x.userName, x.repositoryName, x.openedUserName))
               ))
         }
@@ -210,7 +244,7 @@ trait IssuesControllerBase extends ControllerBase {
     getComment(repository.owner, repository.name, params("id")) map { x =>
       if(isEditable(x.userName, x.repositoryName, x.commentedUserName)){
         params.get("dataType") collect {
-          case t if t == "html" => issues.html.editcomment(
+          case t if t == "html" => html.editcomment(
               x.content, x.commentId, x.userName, x.repositoryName)
         } getOrElse {
           contentType = formats("json")
@@ -226,14 +260,14 @@ trait IssuesControllerBase extends ControllerBase {
   ajaxPost("/:owner/:repository/issues/:id/label/new")(collaboratorsOnly { repository =>
     defining(params("id").toInt){ issueId =>
       registerIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
-      issues.html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
+      html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
   ajaxPost("/:owner/:repository/issues/:id/label/delete")(collaboratorsOnly { repository =>
     defining(params("id").toInt){ issueId =>
       deleteIssueLabel(repository.owner, repository.name, issueId, params("labelId").toInt)
-      issues.html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
+      html.labellist(getIssueLabels(repository.owner, repository.name, issueId))
     }
   })
 
@@ -247,7 +281,7 @@ trait IssuesControllerBase extends ControllerBase {
     milestoneId("milestoneId").map { milestoneId =>
       getMilestonesWithIssueCount(repository.owner, repository.name)
           .find(_._1.milestoneId == milestoneId).map { case (_, openCount, closeCount) =>
-        issues.milestones.html.progress(openCount + closeCount, closeCount)
+        gitbucket.core.issues.milestones.html.progress(openCount + closeCount, closeCount)
       } getOrElse NotFound
     } getOrElse Ok()
   })
@@ -292,8 +326,7 @@ trait IssuesControllerBase extends ControllerBase {
     (Directory.getAttachedDir(repository.owner, repository.name) match {
       case dir if(dir.exists && dir.isDirectory) =>
         dir.listFiles.find(_.getName.startsWith(params("file") + ".")).map { file =>
-          contentType = FileUtil.getMimeType(file.getName)
-          file
+          RawData(FileUtil.getMimeType(file.getName), file)
         }
       case _ => None
     }) getOrElse NotFound
@@ -302,7 +335,7 @@ trait IssuesControllerBase extends ControllerBase {
   val assignedUserName = (key: String) => params.get(key) filter (_.trim != "")
   val milestoneId: String => Option[Int] = (key: String) => params.get(key).flatMap(_.toIntOpt)
 
-  private def isEditable(owner: String, repository: String, author: String)(implicit context: app.Context): Boolean =
+  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
     hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 
   private def executeBatch(repository: RepositoryService.RepositoryInfo)(execute: Int => Unit) = {
@@ -326,13 +359,13 @@ trait IssuesControllerBase extends ControllerBase {
    * @see [[https://github.com/takezoe/gitbucket/wiki/CommentAction]]
    */
   private def handleComment(issueId: Int, content: Option[String], repository: RepositoryService.RepositoryInfo)
-      (getAction: model.Issue => Option[String] =
+      (getAction: Issue => Option[String] =
            p1 => params.get("action").filter(_ => isEditable(p1.userName, p1.repositoryName, p1.openedUserName))) = {
 
     defining(repository.owner, repository.name){ case (owner, name) =>
       val userName = context.loginAccount.get.userName
 
-      getIssue(owner, name, issueId.toString) map { issue =>
+      getIssue(owner, name, issueId.toString) flatMap { issue =>
         val (action, recordActivity) =
           getAction(issue)
             .collect {
@@ -347,11 +380,10 @@ trait IssuesControllerBase extends ControllerBase {
             }
             .getOrElse(None -> None)
 
-        val commentId = content
-          .map       ( _ -> action.map( _ + "_comment" ).getOrElse("comment") )
-          .getOrElse ( action.get.capitalize -> action.get )
-        match {
-          case (content, action) => createComment(owner, name, userName, issueId, content, action)
+        val commentId = (content, action) match {
+          case (None, None) => None
+          case (None, Some(action)) => Some(createComment(owner, name, userName, issueId, action.capitalize, action))
+          case (Some(content), _) => Some(createComment(owner, name, userName, issueId, content, action.map(_+ "_comment").getOrElse("comment")))
         }
 
         // record comment activity if comment is entered
@@ -366,13 +398,29 @@ trait IssuesControllerBase extends ControllerBase {
           createReferComment(owner, name, issue, content)
         }
 
+        // call web hooks
+        action match {
+          case None => commentId.map{ commentIdSome => callIssueCommentWebHook(repository, issue, commentIdSome, context.loginAccount.get) }
+          case Some(act) => val webHookAction = act match {
+            case "open"   => "opened"
+            case "reopen" => "reopened"
+            case "close"  => "closed"
+            case _ => act
+          }
+          if(issue.isPullRequest){
+            callPullRequestWebHook(webHookAction, repository, issue.issueId, context.baseUrl, context.loginAccount.get)
+          } else {
+            callIssuesWebHook(webHookAction, repository, issue, context.baseUrl, context.loginAccount.get)
+          }
+        }
+
         // notifications
         Notifier() match {
           case f =>
             content foreach {
               f.toNotify(repository, issueId, _){
                 Notifier.msgComment(s"${context.baseUrl}/${owner}/${name}/${
-                  if(issue.isPullRequest) "pull" else "issues"}/${issueId}#comment-${commentId}")
+                  if(issue.isPullRequest) "pull" else "issues"}/${issueId}#comment-${commentId.get}")
               }
             }
             action foreach {
@@ -382,7 +430,7 @@ trait IssuesControllerBase extends ControllerBase {
             }
         }
 
-        issue -> commentId
+        commentId.map( issue -> _ )
       }
     }
   }
@@ -396,7 +444,7 @@ trait IssuesControllerBase extends ControllerBase {
       val condition = session.putAndGet(sessionKey,
         if(request.hasQueryString){
           val q = request.getParameter("q")
-          if(q == null){
+          if(q == null || q.trim.isEmpty){
             IssueSearchCondition(request)
           } else {
             IssueSearchCondition(q, getMilestones(owner, repoName).map(x => (x.title, x.milestoneId)).toMap)
@@ -404,7 +452,7 @@ trait IssuesControllerBase extends ControllerBase {
         } else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
       )
 
-      issues.html.list(
+      html.list(
           "issues",
           searchIssue(condition, false, (page - 1) * IssueLimit, IssueLimit, owner -> repoName),
           page,
@@ -418,5 +466,4 @@ trait IssuesControllerBase extends ControllerBase {
           hasWritePermission(owner, repoName, context.loginAccount))
     }
   }
-
 }

src/main/scala/gitbucket/core/controller/LabelsController.scala

@@ -1,9 +1,10 @@
-package app
+package gitbucket.core.controller
 
+import gitbucket.core.issues.labels.html
+import gitbucket.core.service.{RepositoryService, AccountService, IssuesService, LabelsService}
+import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.Implicits._
 import jp.sf.amateras.scalatra.forms._
-import service._
-import util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
-import util.Implicits._
 import org.scalatra.i18n.Messages
 import org.scalatra.Ok
 
@@ -23,7 +24,7 @@ trait LabelsControllerBase extends ControllerBase {
   )(LabelForm.apply)
 
   get("/:owner/:repository/issues/labels")(referrersOnly { repository =>
-    issues.labels.html.list(
+    html.list(
       getLabels(repository.owner, repository.name),
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
       repository,
@@ -31,12 +32,12 @@ trait LabelsControllerBase extends ControllerBase {
   })
 
   ajaxGet("/:owner/:repository/issues/labels/new")(collaboratorsOnly { repository =>
-    issues.labels.html.edit(None, repository)
+    html.edit(None, repository)
   })
 
   ajaxPost("/:owner/:repository/issues/labels/new", labelForm)(collaboratorsOnly { (form, repository) =>
     val labelId = createLabel(repository.owner, repository.name, form.labelName, form.color.substring(1))
-    issues.labels.html.label(
+    html.label(
       getLabel(repository.owner, repository.name, labelId).get,
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),
@@ -46,13 +47,13 @@ trait LabelsControllerBase extends ControllerBase {
 
   ajaxGet("/:owner/:repository/issues/labels/:labelId/edit")(collaboratorsOnly { repository =>
     getLabel(repository.owner, repository.name, params("labelId").toInt).map { label =>
-      issues.labels.html.edit(Some(label), repository)
+      html.edit(Some(label), repository)
     } getOrElse NotFound()
   })
 
   ajaxPost("/:owner/:repository/issues/labels/:labelId/edit", labelForm)(collaboratorsOnly { (form, repository) =>
     updateLabel(repository.owner, repository.name, params("labelId").toInt, form.labelName, form.color.substring(1))
-    issues.labels.html.label(
+    html.label(
       getLabel(repository.owner, repository.name, params("labelId").toInt).get,
       // TODO futility
       countIssueGroupByLabels(repository.owner, repository.name, IssuesService.IssueSearchCondition(), Map.empty),

src/main/scala/gitbucket/core/controller/MilestonesController.scala

@@ -1,11 +1,11 @@
-package app
+package gitbucket.core.controller
 
+import gitbucket.core.issues.milestones.html
+import gitbucket.core.service.{RepositoryService, MilestonesService, AccountService}
+import gitbucket.core.util.{ReferrerAuthenticator, CollaboratorsAuthenticator}
+import gitbucket.core.util.Implicits._
 import jp.sf.amateras.scalatra.forms._
 
-import service._
-import util.{CollaboratorsAuthenticator, ReferrerAuthenticator}
-import util.Implicits._
-
 class MilestonesController extends MilestonesControllerBase
   with MilestonesService with RepositoryService with AccountService
   with ReferrerAuthenticator with CollaboratorsAuthenticator
@@ -23,7 +23,7 @@ trait MilestonesControllerBase extends ControllerBase {
   )(MilestoneForm.apply)
 
   get("/:owner/:repository/issues/milestones")(referrersOnly { repository =>
-    issues.milestones.html.list(
+    html.list(
       params.getOrElse("state", "open"),
       getMilestonesWithIssueCount(repository.owner, repository.name),
       repository,
@@ -31,7 +31,7 @@ trait MilestonesControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/issues/milestones/new")(collaboratorsOnly {
-    issues.milestones.html.edit(None, _)
+    html.edit(None, _)
   })
 
   post("/:owner/:repository/issues/milestones/new", milestoneForm)(collaboratorsOnly { (form, repository) =>
@@ -41,7 +41,7 @@ trait MilestonesControllerBase extends ControllerBase {
 
   get("/:owner/:repository/issues/milestones/:milestoneId/edit")(collaboratorsOnly { repository =>
     params("milestoneId").toIntOpt.map{ milestoneId =>
-      issues.milestones.html.edit(getMilestone(repository.owner, repository.name, milestoneId), repository)
+      html.edit(getMilestone(repository.owner, repository.name, milestoneId), repository)
     } getOrElse NotFound
   })
 

src/main/scala/gitbucket/core/controller/PullRequestsController.scala

@@ -1,34 +1,39 @@
-package app
+package gitbucket.core.controller
+
+import gitbucket.core.api._
+import gitbucket.core.model.{Account, CommitState, Repository, PullRequest, Issue}
+import gitbucket.core.pulls.html
+import gitbucket.core.service.CommitStatusService
+import gitbucket.core.service.MergeService
+import gitbucket.core.service.IssuesService._
+import gitbucket.core.service.PullRequestService._
+import gitbucket.core.service._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Directory._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util.JGitUtil._
+import gitbucket.core.util._
+import gitbucket.core.view
+import gitbucket.core.view.helpers
 
-import util._
-import util.Directory._
-import util.Implicits._
-import util.ControlUtil._
-import service._
-import org.eclipse.jgit.api.Git
 import jp.sf.amateras.scalatra.forms._
-import org.eclipse.jgit.transport.RefSpec
-import scala.collection.JavaConverters._
-import org.eclipse.jgit.lib.{ObjectId, CommitBuilder, PersonIdent}
-import service.IssuesService._
-import service.PullRequestService._
-import util.JGitUtil.DiffInfo
-import util.JGitUtil.CommitInfo
+import org.eclipse.jgit.api.Git
+import org.eclipse.jgit.lib.PersonIdent
 import org.slf4j.LoggerFactory
-import org.eclipse.jgit.merge.MergeStrategy
-import org.eclipse.jgit.errors.NoMergeBaseException
-import service.WebHookService.WebHookPayload
-import util.JGitUtil.DiffInfo
-import scala.Some
-import util.JGitUtil.CommitInfo
+
+import scala.collection.JavaConverters._
+
 
 class PullRequestsController extends PullRequestsControllerBase
   with RepositoryService with AccountService with IssuesService with PullRequestService with MilestonesService with LabelsService
-  with ActivityService with WebHookService with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with CommitsService with ActivityService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with CommitStatusService with MergeService
+
 
 trait PullRequestsControllerBase extends ControllerBase {
   self: RepositoryService with AccountService with IssuesService with MilestonesService with LabelsService
-    with ActivityService with PullRequestService with WebHookService with ReferrerAuthenticator with CollaboratorsAuthenticator =>
+    with CommitsService with ActivityService with PullRequestService with WebHookPullRequestService with ReferrerAuthenticator with CollaboratorsAuthenticator
+    with CommitStatusService with MergeService =>
 
   private val logger = LoggerFactory.getLogger(classOf[PullRequestsControllerBase])
 
@@ -70,6 +75,24 @@ trait PullRequestsControllerBase extends ControllerBase {
     }
   })
 
+  /**
+   * https://developer.github.com/v3/pulls/#list-pull-requests
+   */
+  get("/api/v3/repos/:owner/:repository/pulls")(referrersOnly { repository =>
+    val page       = IssueSearchCondition.page(request)
+    // TODO: more api spec condition
+    val condition = IssueSearchCondition(request)
+    val baseOwner = getAccountByUserName(repository.owner).get
+    val issues:List[(Issue, Account, Int, PullRequest, Repository, Account)] = searchPullRequestByApi(condition, (page - 1) * PullRequestLimit, PullRequestLimit, repository.owner -> repository.name)
+    JsonFormat(issues.map{case (issue, issueUser, commentCount, pullRequest, headRepo, headOwner) =>
+      ApiPullRequest(
+        issue,
+        pullRequest,
+        ApiRepository(headRepo, ApiUser(headOwner)),
+        ApiRepository(repository, ApiUser(baseOwner)),
+        ApiUser(issueUser)) })
+  })
+
   get("/:owner/:repository/pull/:id")(referrersOnly { repository =>
     params("id").toIntOpt.flatMap{ issueId =>
       val owner = repository.owner
@@ -78,10 +101,10 @@ trait PullRequestsControllerBase extends ControllerBase {
         using(Git.open(getRepositoryDir(owner, name))){ git =>
           val (commits, diffs) =
             getRequestCompareInfo(owner, name, pullreq.commitIdFrom, owner, name, pullreq.commitIdTo)
-
-          pulls.html.pullreq(
+          html.pullreq(
             issue, pullreq,
-            getComments(owner, name, issueId),
+            (commits.flatten.map(commit => getCommitComments(owner, name, commit.id, true)).flatten.toList ::: getComments(owner, name, issueId))
+              .sortWith((a, b) => a.registeredDate before b.registeredDate),
             getIssueLabels(owner, name, issueId),
             (getCollaborators(owner, name) ::: (if(getAccountByUserName(owner).get.isGroupAccount) Nil else List(owner))).sorted,
             getMilestonesWithIssueCount(owner, name),
@@ -95,14 +118,64 @@ trait PullRequestsControllerBase extends ControllerBase {
     } getOrElse NotFound
   })
 
+  /**
+   * https://developer.github.com/v3/pulls/#get-a-single-pull-request
+   */
+  get("/api/v3/repos/:owner/:repository/pulls/:id")(referrersOnly { repository =>
+    (for{
+      issueId <- params("id").toIntOpt
+      (issue, pullRequest) <- getPullRequest(repository.owner, repository.name, issueId)
+      users = getAccountsByUserNames(Set(repository.owner, pullRequest.requestUserName, issue.userName), Set())
+      baseOwner <- users.get(repository.owner)
+      headOwner <- users.get(pullRequest.requestUserName)
+      issueUser <- users.get(issue.userName)
+      headRepo  <- getRepository(pullRequest.requestUserName, pullRequest.requestRepositoryName, baseUrl)
+    } yield {
+      JsonFormat(ApiPullRequest(
+        issue,
+        pullRequest,
+        ApiRepository(headRepo, ApiUser(headOwner)),
+        ApiRepository(repository, ApiUser(baseOwner)),
+        ApiUser(issueUser)))
+    }).getOrElse(NotFound)
+  })
+
+  /**
+   * https://developer.github.com/v3/pulls/#list-commits-on-a-pull-request
+   */
+  get("/api/v3/repos/:owner/:repository/pulls/:id/commits")(referrersOnly { repository =>
+    val owner = repository.owner
+    val name = repository.name
+    params("id").toIntOpt.flatMap{ issueId =>
+      getPullRequest(owner, name, issueId) map { case(issue, pullreq) =>
+        using(Git.open(getRepositoryDir(owner, name))){ git =>
+          val oldId = git.getRepository.resolve(pullreq.commitIdFrom)
+          val newId = git.getRepository.resolve(pullreq.commitIdTo)
+          val repoFullName = RepositoryName(repository)
+          val commits = git.log.addRange(oldId, newId).call.iterator.asScala.map(c => ApiCommitListItem(new CommitInfo(c), repoFullName)).toList
+          JsonFormat(commits)
+        }
+      }
+    } getOrElse NotFound
+  })
+
   ajaxGet("/:owner/:repository/pull/:id/mergeguide")(collaboratorsOnly { repository =>
     params("id").toIntOpt.flatMap{ issueId =>
       val owner = repository.owner
       val name  = repository.name
       getPullRequest(owner, name, issueId) map { case(issue, pullreq) =>
-        pulls.html.mergeguide(
-          checkConflictInPullRequest(owner, name, pullreq.branch, pullreq.requestUserName, name, pullreq.requestBranch, issueId),
+        val statuses = getCommitStatues(owner, name, pullreq.commitIdTo)
+        val hasConfrict = LockUtil.lock(s"${owner}/${name}"){
+          checkConflict(owner, name, pullreq.branch, issueId)
+        }
+        val hasProblem = hasConfrict || (!statuses.isEmpty && CommitState.combine(statuses.map(_.state).toSet) != CommitState.SUCCESS)
+        html.mergeguide(
+          hasConfrict,
+          hasProblem,
+          issue,
           pullreq,
+          statuses,
+          repository,
           s"${context.baseUrl}/git/${pullreq.requestUserName}/${pullreq.requestRepositoryName}.git")
       }
     } getOrElse NotFound
@@ -139,43 +212,10 @@ trait PullRequestsControllerBase extends ControllerBase {
             // record activity
             recordMergeActivity(owner, name, loginAccount.userName, issueId, form.message)
 
-            // merge
-            val mergeBaseRefName = s"refs/heads/${pullreq.branch}"
-            val merger = MergeStrategy.RECURSIVE.newMerger(git.getRepository, true)
-            val mergeBaseTip = git.getRepository.resolve(mergeBaseRefName)
-            val mergeTip = git.getRepository.resolve(s"refs/pull/${issueId}/head")
-            val conflicted = try {
-              !merger.merge(mergeBaseTip, mergeTip)
-            } catch {
-              case e: NoMergeBaseException => true
-            }
-            if (conflicted) {
-              throw new RuntimeException("This pull request can't merge automatically.")
-            }
-
-            // creates merge commit
-            val mergeCommit = new CommitBuilder()
-            mergeCommit.setTreeId(merger.getResultTreeId)
-            mergeCommit.setParentIds(Array[ObjectId](mergeBaseTip, mergeTip): _*)
-            val personIdent = new PersonIdent(loginAccount.fullName, loginAccount.mailAddress)
-            mergeCommit.setAuthor(personIdent)
-            mergeCommit.setCommitter(personIdent)
-            mergeCommit.setMessage(s"Merge pull request #${issueId} from ${pullreq.requestUserName}/${pullreq.requestBranch}\n\n" +
-                                   form.message)
-
-            // insertObject and got mergeCommit Object Id
-            val inserter = git.getRepository.newObjectInserter
-            val mergeCommitId = inserter.insert(mergeCommit)
-            inserter.flush()
-            inserter.release()
-
-            // update refs
-            val refUpdate = git.getRepository.updateRef(mergeBaseRefName)
-            refUpdate.setNewObjectId(mergeCommitId)
-            refUpdate.setForceUpdate(false)
-            refUpdate.setRefLogIdent(personIdent)
-            refUpdate.setRefLogMessage("merged", true)
-            refUpdate.update()
+            // merge git repository
+            mergePullRequest(git, pullreq.branch, issueId,
+              s"Merge pull request #${issueId} from ${pullreq.requestUserName}/${pullreq.requestBranch}\n\n" + form.message,
+               new PersonIdent(loginAccount.fullName, loginAccount.mailAddress))
 
             val (commits, _) = getRequestCompareInfo(owner, name, pullreq.commitIdFrom,
               pullreq.requestUserName, pullreq.requestRepositoryName, pullreq.commitIdTo)
@@ -193,14 +233,7 @@ trait PullRequestsControllerBase extends ControllerBase {
               closeIssuesFromMessage(form.message, loginAccount.userName, owner, name)
             }
             // call web hook
-            getWebHookURLs(owner, name) match {
-              case webHookURLs if(webHookURLs.nonEmpty) =>
-                for(ownerAccount <- getAccountByUserName(owner)){
-                  callWebHook(owner, name, webHookURLs,
-                    WebHookPayload(git, loginAccount, mergeBaseRefName, repository, commits.flatten.toList, ownerAccount))
-                }
-              case _ =>
-            }
+            callPullRequestWebHook("closed", repository, issueId, context.baseUrl, context.loginAccount.get)
 
             // notifications
             Notifier().toNotify(repository, issueId, "merge"){
@@ -243,8 +276,8 @@ trait PullRequestsControllerBase extends ControllerBase {
 
   get("/:owner/:repository/compare/*...*")(referrersOnly { forkedRepository =>
     val Seq(origin, forked) = multiParams("splat")
-    val (originOwner, tmpOriginBranch) = parseCompareIdentifie(origin, forkedRepository.owner)
-    val (forkedOwner, tmpForkedBranch) = parseCompareIdentifie(forked, forkedRepository.owner)
+    val (originOwner, originId) = parseCompareIdentifie(origin, forkedRepository.owner)
+    val (forkedOwner, forkedId) = parseCompareIdentifie(forked, forkedRepository.owner)
 
     (for(
       originRepositoryName <- if(originOwner == forkedOwner){
@@ -260,29 +293,33 @@ trait PullRequestsControllerBase extends ControllerBase {
         Git.open(getRepositoryDir(originRepository.owner, originRepository.name)),
         Git.open(getRepositoryDir(forkedRepository.owner, forkedRepository.name))
       ){ case (oldGit, newGit) =>
-        val originBranch = JGitUtil.getDefaultBranch(oldGit, originRepository, tmpOriginBranch).get._2
-        val forkedBranch = JGitUtil.getDefaultBranch(newGit, forkedRepository, tmpForkedBranch).get._2
+        val (oldId, newId) =
+          if(originRepository.branchList.contains(originId) && forkedRepository.branchList.contains(forkedId)){
+            // Branch name
+            val rootId = JGitUtil.getForkedCommitId(oldGit, newGit,
+              originRepository.owner, originRepository.name, originId,
+              forkedRepository.owner, forkedRepository.name, forkedId)
 
-        val forkedId = JGitUtil.getForkedCommitId(oldGit, newGit,
-          originRepository.owner, originRepository.name, originBranch,
-          forkedRepository.owner, forkedRepository.name, forkedBranch)
-
-        val oldId = oldGit.getRepository.resolve(forkedId)
-        val newId = newGit.getRepository.resolve(forkedBranch)
+            (oldGit.getRepository.resolve(rootId),  newGit.getRepository.resolve(forkedId))
+          } else {
+            // Commit id
+            (oldGit.getRepository.resolve(originId), newGit.getRepository.resolve(forkedId))
+          }
 
         val (commits, diffs) = getRequestCompareInfo(
           originRepository.owner, originRepository.name, oldId.getName,
           forkedRepository.owner, forkedRepository.name, newId.getName)
 
-        pulls.html.compare(
+        html.compare(
           commits,
           diffs,
           (forkedRepository.repository.originUserName, forkedRepository.repository.originRepositoryName) match {
             case (Some(userName), Some(repositoryName)) => (userName, repositoryName) :: getForkedRepositories(userName, repositoryName)
             case _ => (forkedRepository.owner, forkedRepository.name) :: getForkedRepositories(forkedRepository.owner, forkedRepository.name)
           },
-          originBranch,
-          forkedBranch,
+          commits.flatten.map(commit => getCommitComments(forkedRepository.owner, forkedRepository.name, commit.id, false)).flatten.toList,
+          originId,
+          forkedId,
           oldId.getName,
           newId.getName,
           forkedRepository,
@@ -314,10 +351,11 @@ trait PullRequestsControllerBase extends ControllerBase {
       ){ case (oldGit, newGit) =>
         val originBranch = JGitUtil.getDefaultBranch(oldGit, originRepository, tmpOriginBranch).get._2
         val forkedBranch = JGitUtil.getDefaultBranch(newGit, forkedRepository, tmpForkedBranch).get._2
-
-        pulls.html.mergecheck(
+        val conflict = LockUtil.lock(s"${originRepository.owner}/${originRepository.name}"){
           checkConflict(originRepository.owner, originRepository.name, originBranch,
-                        forkedRepository.owner, forkedRepository.name, forkedBranch))
+                        forkedRepository.owner, forkedRepository.name, forkedBranch)
+        }
+        html.mergecheck(conflict)
       }
     }) getOrElse NotFound
   })
@@ -347,16 +385,14 @@ trait PullRequestsControllerBase extends ControllerBase {
       commitIdTo            = form.commitIdTo)
 
     // fetch requested branch
-    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
-      git.fetch
-        .setRemote(getRepositoryDir(form.requestUserName, form.requestRepositoryName).toURI.toString)
-        .setRefSpecs(new RefSpec(s"refs/heads/${form.requestBranch}:refs/pull/${issueId}/head"))
-        .call
-    }
+    fetchAsPullRequest(repository.owner, repository.name, form.requestUserName, form.requestRepositoryName, form.requestBranch, issueId)
 
     // record activity
     recordPullRequestActivity(repository.owner, repository.name, loginUserName, issueId, form.title)
 
+    // call web hook
+    callPullRequestWebHook("opened", repository, issueId, context.baseUrl, context.loginAccount.get)
+
     // notifications
     Notifier().toNotify(repository, issueId, form.content.getOrElse("")){
       Notifier.msgPullRequest(s"${context.baseUrl}/${repository.owner}/${repository.name}/pull/${issueId}")
@@ -365,62 +401,6 @@ trait PullRequestsControllerBase extends ControllerBase {
     redirect(s"/${repository.owner}/${repository.name}/pull/${issueId}")
   })
 
-  /**
-   * Checks whether conflict will be caused in merging. Returns true if conflict will be caused.
-   */
-  private def checkConflict(userName: String, repositoryName: String, branch: String,
-                            requestUserName: String, requestRepositoryName: String, requestBranch: String): Boolean = {
-    LockUtil.lock(s"${userName}/${repositoryName}"){
-      using(Git.open(getRepositoryDir(requestUserName, requestRepositoryName))) { git =>
-        val remoteRefName = s"refs/heads/${branch}"
-        val tmpRefName = s"refs/merge-check/${userName}/${branch}"
-        val refSpec = new RefSpec(s"${remoteRefName}:${tmpRefName}").setForceUpdate(true)
-        try {
-          // fetch objects from origin repository branch
-          git.fetch
-             .setRemote(getRepositoryDir(userName, repositoryName).toURI.toString)
-             .setRefSpecs(refSpec)
-             .call
-
-          // merge conflict check
-          val merger = MergeStrategy.RECURSIVE.newMerger(git.getRepository, true)
-          val mergeBaseTip = git.getRepository.resolve(s"refs/heads/${requestBranch}")
-          val mergeTip = git.getRepository.resolve(tmpRefName)
-          try {
-            !merger.merge(mergeBaseTip, mergeTip)
-          } catch {
-            case e: NoMergeBaseException =>  true
-          }
-        } finally {
-          val refUpdate = git.getRepository.updateRef(refSpec.getDestination)
-          refUpdate.setForceUpdate(true)
-          refUpdate.delete()
-        }
-      }
-    }
-  }
-
-  /**
-   * Checks whether conflict will be caused in merging within pull request. Returns true if conflict will be caused.
-   */
-  private def checkConflictInPullRequest(userName: String, repositoryName: String, branch: String,
-                                         requestUserName: String, requestRepositoryName: String, requestBranch: String,
-                                         issueId: Int): Boolean = {
-    LockUtil.lock(s"${userName}/${repositoryName}") {
-      using(Git.open(getRepositoryDir(userName, repositoryName))) { git =>
-        // merge
-        val merger = MergeStrategy.RECURSIVE.newMerger(git.getRepository, true)
-        val mergeBaseTip = git.getRepository.resolve(s"refs/heads/${branch}")
-        val mergeTip = git.getRepository.resolve(s"refs/pull/${issueId}/head")
-        try {
-          !merger.merge(mergeBaseTip, mergeTip)
-        } catch {
-          case e: NoMergeBaseException => true
-        }
-      }
-    }
-  }
-
   /**
    * Parses branch identifier and extracts owner and branch name as tuple.
    *
@@ -447,7 +427,7 @@ trait PullRequestsControllerBase extends ControllerBase {
       val commits = newGit.log.addRange(oldId, newId).call.iterator.asScala.map { revCommit =>
         new CommitInfo(revCommit)
       }.toList.splitWith { (commit1, commit2) =>
-        view.helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
+        helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
       }
 
       val diffs = JGitUtil.getDiffs(newGit, oldId.getName, newId.getName, true)
@@ -466,7 +446,7 @@ trait PullRequestsControllerBase extends ControllerBase {
         else session.getAs[IssueSearchCondition](sessionKey).getOrElse(IssueSearchCondition())
       )
 
-      issues.html.list(
+      gitbucket.core.issues.html.list(
         "pulls",
         searchIssue(condition, true, (page - 1) * PullRequestLimit, PullRequestLimit, owner -> repoName),
         page,
@@ -479,5 +459,4 @@ trait PullRequestsControllerBase extends ControllerBase {
         repository,
         hasWritePermission(owner, repoName, context.loginAccount))
     }
-
 }

src/main/scala/gitbucket/core/controller/RepositorySettingsController.scala

@@ -1,18 +1,21 @@
-package app
+package gitbucket.core.controller
 
-import service._
-import util.Directory._
-import util.Implicits._
-import util.{LockUtil, UsersAuthenticator, OwnerAuthenticator}
+import gitbucket.core.settings.html
+import gitbucket.core.model.WebHook
+import gitbucket.core.service.{RepositoryService, AccountService, WebHookService}
+import gitbucket.core.service.WebHookService._
+import gitbucket.core.util._
+import gitbucket.core.util.JGitUtil._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util.Directory._
 import jp.sf.amateras.scalatra.forms._
 import org.apache.commons.io.FileUtils
 import org.scalatra.i18n.Messages
-import service.WebHookService.WebHookPayload
-import util.JGitUtil.CommitInfo
-import util.ControlUtil._
 import org.eclipse.jgit.api.Git
 import org.eclipse.jgit.lib.Constants
 
+
 class RepositorySettingsController extends RepositorySettingsControllerBase
   with RepositoryService with AccountService with WebHookService
   with OwnerAuthenticator with UsersAuthenticator
@@ -63,7 +66,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Display the Options page.
    */
   get("/:owner/:repository/settings/options")(ownerOnly {
-    settings.html.options(_, flash.get("info"))
+    html.options(_, flash.get("info"))
   })
   
   /**
@@ -105,7 +108,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Display the Collaborators page.
    */
   get("/:owner/:repository/settings/collaborators")(ownerOnly { repository =>
-    settings.html.collaborators(
+    html.collaborators(
       getCollaborators(repository.owner, repository.name),
       getAccountByUserName(repository.owner).get.isGroupAccount,
       repository)
@@ -135,7 +138,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Display the web hook page.
    */
   get("/:owner/:repository/settings/hooks")(ownerOnly { repository =>
-    settings.html.hooks(getWebHookURLs(repository.owner, repository.name), flash.get("url"), repository, flash.get("info"))
+    html.hooks(getWebHookURLs(repository.owner, repository.name), flash.get("url"), repository, flash.get("info"))
   })
 
   /**
@@ -166,9 +169,9 @@ trait RepositorySettingsControllerBase extends ControllerBase {
         .call.iterator.asScala.map(new CommitInfo(_))
 
       getAccountByUserName(repository.owner).foreach { ownerAccount =>
-        callWebHook(repository.owner, repository.name,
-          List(model.WebHook(repository.owner, repository.name, form.url)),
-          WebHookPayload(git, ownerAccount, "refs/heads/" + repository.repository.defaultBranch, repository, commits.toList, ownerAccount)
+        callWebHook("push",
+          List(WebHook(repository.owner, repository.name, form.url)),
+          WebHookPushPayload(git, ownerAccount, "refs/heads/" + repository.repository.defaultBranch, repository, commits.toList, ownerAccount)
         )
       }
       flash += "url"  -> form.url
@@ -181,7 +184,7 @@ trait RepositorySettingsControllerBase extends ControllerBase {
    * Display the danger zone.
    */
   get("/:owner/:repository/settings/danger")(ownerOnly {
-    settings.html.danger(_)
+    html.danger(_)
   })
 
   /**
@@ -271,4 +274,4 @@ trait RepositorySettingsControllerBase extends ControllerBase {
         }
       }
   }
-}
+}

src/main/scala/gitbucket/core/controller/RepositoryViewerController.scala

@@ -1,35 +1,45 @@
-package app
+package gitbucket.core.controller
 
-import _root_.util.JGitUtil.CommitInfo
-import util.Directory._
-import util.Implicits._
-import _root_.util.ControlUtil._
-import _root_.util._
-import service._
-import org.scalatra._
-import java.io.File
+import gitbucket.core.api._
+import gitbucket.core.repo.html
+import gitbucket.core.helper
+import gitbucket.core.service._
+import gitbucket.core.util._
+import gitbucket.core.util.JGitUtil._
+import gitbucket.core.util.StringUtil._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util.Directory._
+import gitbucket.core.model.{Account, CommitState}
+import gitbucket.core.service.CommitStatusService
+import gitbucket.core.service.WebHookService._
+import gitbucket.core.view
+import gitbucket.core.view.helpers
 
+import jp.sf.amateras.scalatra.forms._
+import org.apache.commons.io.FileUtils
 import org.eclipse.jgit.api.{ArchiveCommand, Git}
 import org.eclipse.jgit.archive.{TgzFormat, ZipFormat}
-import org.eclipse.jgit.lib._
-import org.apache.commons.io.FileUtils
-import org.eclipse.jgit.treewalk._
-import jp.sf.amateras.scalatra.forms._
 import org.eclipse.jgit.dircache.DirCache
+import org.eclipse.jgit.lib._
 import org.eclipse.jgit.revwalk.RevCommit
-import service.WebHookService.WebHookPayload
+import org.eclipse.jgit.treewalk._
+import org.scalatra._
+
 
 class RepositoryViewerController extends RepositoryViewerControllerBase
-  with RepositoryService with AccountService with ActivityService with IssuesService with WebHookService
-  with ReferrerAuthenticator with CollaboratorsAuthenticator
+  with RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
+  with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+  with WebHookPullRequestService
 
 
 /**
  * The repository viewer.
  */
 trait RepositoryViewerControllerBase extends ControllerBase {
-  self: RepositoryService with AccountService with ActivityService with IssuesService with WebHookService
-    with ReferrerAuthenticator with CollaboratorsAuthenticator =>
+  self: RepositoryService with AccountService with ActivityService with IssuesService with WebHookService with CommitsService
+    with ReadableUsersAuthenticator with ReferrerAuthenticator with CollaboratorsAuthenticator with PullRequestService with CommitStatusService
+    with WebHookPullRequestService =>
 
   ArchiveCommand.registerFormat("zip", new ZipFormat)
   ArchiveCommand.registerFormat("tar.gz", new TgzFormat)
@@ -52,6 +62,14 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     fileName: String
   )
 
+  case class CommentForm(
+    fileName: Option[String],
+    oldLineNumber: Option[Int],
+    newLineNumber: Option[Int],
+    content: String,
+    issueId: Option[Int]
+  )
+
   val editorForm = mapping(
     "branch"        -> trim(label("Branch", text(required))),
     "path"          -> trim(label("Path", text())),
@@ -70,12 +88,20 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     "fileName" -> trim(label("Filename", text(required)))
   )(DeleteForm.apply)
 
+  val commentForm = mapping(
+    "fileName"      -> trim(label("Filename", optional(text()))),
+    "oldLineNumber" -> trim(label("Old line number", optional(number()))),
+    "newLineNumber" -> trim(label("New line number", optional(number()))),
+    "content"       -> trim(label("Content", text(required))),
+    "issueId"       -> trim(label("Issue Id", optional(number())))
+  )(CommentForm.apply)
+
   /**
    * Returns converted HTML from Markdown for preview.
    */
   post("/:owner/:repository/_preview")(referrersOnly { repository =>
     contentType = "text/html"
-    view.helpers.markdown(params("content"), repository,
+    helpers.markdown(params("content"), repository,
       params("enableWikiLink").toBoolean,
       params("enableRefsLink").toBoolean,
       params("enableTaskList").toBoolean,
@@ -89,6 +115,13 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     fileList(_)
   })
 
+  /**
+   * https://developer.github.com/v3/repos/#get
+   */
+  get("/api/v3/repos/:owner/:repository")(referrersOnly { repository =>
+    JsonFormat(ApiRepository(repository, ApiUser(getAccountByUserName(repository.owner).get)))
+  })
+
   /**
    * Displays the file list of the specified path and branch.
    */
@@ -111,7 +144,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       JGitUtil.getCommitLog(git, branchName, page, 30, path) match {
         case Right((logs, hasNext)) =>
-          repo.html.commits(if(path.isEmpty) Nil else path.split("/").toList, branchName, repository,
+          html.commits(if(path.isEmpty) Nil else path.split("/").toList, branchName, repository,
             logs.splitWith{ (commit1, commit2) =>
               view.helpers.date(commit1.commitTime) == view.helpers.date(commit2.commitTime)
             }, page, hasNext, hasWritePermission(repository.owner, repository.name, context.loginAccount))
@@ -120,9 +153,59 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }
   })
 
+  /**
+   * https://developer.github.com/v3/repos/statuses/#create-a-status
+   */
+  post("/api/v3/repos/:owner/:repo/statuses/:sha")(collaboratorsOnly { repository =>
+    (for{
+      ref <- params.get("sha")
+      sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
+      data <- extractFromJsonBody[CreateAStatus] if data.isValid
+      creator <- context.loginAccount
+      state <- CommitState.valueOf(data.state)
+      statusId = createCommitStatus(repository.owner, repository.name, sha, data.context.getOrElse("default"),
+                                    state, data.target_url, data.description, new java.util.Date(), creator)
+      status <- getCommitStatus(repository.owner, repository.name, statusId)
+    } yield {
+      JsonFormat(ApiCommitStatus(status, ApiUser(creator)))
+    }) getOrElse NotFound
+  })
+
+  /**
+   * https://developer.github.com/v3/repos/statuses/#list-statuses-for-a-specific-ref
+   *
+   * ref is Ref to list the statuses from. It can be a SHA, a branch name, or a tag name.
+   */
+  get("/api/v3/repos/:owner/:repo/commits/:ref/statuses")(referrersOnly { repository =>
+    (for{
+      ref <- params.get("ref")
+      sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
+    } yield {
+      JsonFormat(getCommitStatuesWithCreator(repository.owner, repository.name, sha).map{ case(status, creator) =>
+        ApiCommitStatus(status, ApiUser(creator))
+      })
+    }) getOrElse NotFound
+  })
+
+  /**
+   * https://developer.github.com/v3/repos/statuses/#get-the-combined-status-for-a-specific-ref
+   *
+   * ref is Ref to list the statuses from. It can be a SHA, a branch name, or a tag name.
+   */
+  get("/api/v3/repos/:owner/:repo/commits/:ref/status")(referrersOnly { repository =>
+    (for{
+      ref <- params.get("ref")
+      owner <- getAccountByUserName(repository.owner)
+      sha <- JGitUtil.getShaByRef(repository.owner, repository.name, ref)
+    } yield {
+      val statuses = getCommitStatuesWithCreator(repository.owner, repository.name, sha)
+      JsonFormat(ApiCombinedCommitStatus(sha, statuses, ApiRepository(repository, owner)))
+    }) getOrElse NotFound
+  })
+
   get("/:owner/:repository/new/*")(collaboratorsOnly { repository =>
     val (branch, path) = splitPath(repository, multiParams("splat").head)
-    repo.html.editor(branch, repository, if(path.length == 0) Nil else path.split("/").toList,
+    html.editor(branch, repository, if(path.length == 0) Nil else path.split("/").toList,
       None, JGitUtil.ContentInfo("text", None, Some("UTF-8")))
   })
 
@@ -134,7 +217,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
 
       getPathObjectId(git, path, revCommit).map { objectId =>
         val paths = path.split("/")
-        repo.html.editor(branch, repository, paths.take(paths.size - 1).toList, Some(paths.last),
+        html.editor(branch, repository, paths.take(paths.size - 1).toList, Some(paths.last),
           JGitUtil.getContentInfo(git, path, objectId))
       } getOrElse NotFound
     }
@@ -147,16 +230,23 @@ trait RepositoryViewerControllerBase extends ControllerBase {
 
       getPathObjectId(git, path, revCommit).map { objectId =>
         val paths = path.split("/")
-        repo.html.delete(branch, repository, paths.take(paths.size - 1).toList, paths.last,
+        html.delete(branch, repository, paths.take(paths.size - 1).toList, paths.last,
           JGitUtil.getContentInfo(git, path, objectId))
       } getOrElse NotFound
     }
   })
 
   post("/:owner/:repository/create", editorForm)(collaboratorsOnly { (form, repository) =>
-    commitFile(repository, form.branch, form.path, Some(form.newFileName), None,
-      StringUtil.convertLineSeparator(form.content, form.lineSeparator), form.charset,
-      form.message.getOrElse(s"Create ${form.newFileName}"))
+    commitFile(
+      repository  = repository,
+      branch      = form.branch,
+      path        = form.path,
+      newFileName = Some(form.newFileName),
+      oldFileName = None,
+      content     = appendNewLine(convertLineSeparator(form.content, form.lineSeparator), form.lineSeparator),
+      charset     = form.charset,
+      message     = form.message.getOrElse(s"Create ${form.newFileName}")
+    )
 
     redirect(s"/${repository.owner}/${repository.name}/blob/${form.branch}/${
       if(form.path.length == 0) form.newFileName else s"${form.path}/${form.newFileName}"
@@ -164,13 +254,20 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   post("/:owner/:repository/update", editorForm)(collaboratorsOnly { (form, repository) =>
-    commitFile(repository, form.branch, form.path, Some(form.newFileName), form.oldFileName,
-      StringUtil.convertLineSeparator(form.content, form.lineSeparator), form.charset,
-      if(form.oldFileName.exists(_ == form.newFileName)){
+    commitFile(
+      repository  = repository,
+      branch      = form.branch,
+      path        = form.path,
+      newFileName = Some(form.newFileName),
+      oldFileName = form.oldFileName,
+      content     = appendNewLine(convertLineSeparator(form.content, form.lineSeparator), form.lineSeparator),
+      charset     = form.charset,
+      message     = if(form.oldFileName.exists(_ == form.newFileName)){
         form.message.getOrElse(s"Update ${form.newFileName}")
       } else {
         form.message.getOrElse(s"Rename ${form.oldFileName.get} to ${form.newFileName}")
-      })
+      }
+    )
 
     redirect(s"/${repository.owner}/${repository.name}/blob/${form.branch}/${
       if(form.path.length == 0) form.newFileName else s"${form.path}/${form.newFileName}"
@@ -198,11 +295,10 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         if(raw){
           // Download
           defining(JGitUtil.getContentFromId(git, objectId, false).get){ bytes =>
-            contentType = FileUtil.getContentType(path, bytes)
-            bytes
+            RawData(FileUtil.getContentType(path, bytes), bytes)
           }
         } else {
-          repo.html.blob(id, repository, path.split("/").toList, JGitUtil.getContentInfo(git, path, objectId),
+          html.blob(id, repository, path.split("/").toList, JGitUtil.getContentInfo(git, path, objectId),
             new JGitUtil.CommitInfo(lastModifiedCommit), hasWritePermission(repository.owner, repository.name, context.loginAccount))
         }
       } getOrElse NotFound
@@ -218,27 +314,100 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       defining(JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(id))){ revCommit =>
         JGitUtil.getDiffs(git, id) match { case (diffs, oldCommitId) =>
-          repo.html.commit(id, new JGitUtil.CommitInfo(revCommit),
+          html.commit(id, new JGitUtil.CommitInfo(revCommit),
             JGitUtil.getBranchesOfCommit(git, revCommit.getName),
             JGitUtil.getTagsOfCommit(git, revCommit.getName),
-            repository, diffs, oldCommitId)
+            getCommitComments(repository.owner, repository.name, id, false),
+            repository, diffs, oldCommitId, hasWritePermission(repository.owner, repository.name, context.loginAccount))
         }
       }
     }
   })
 
+  post("/:owner/:repository/commit/:id/comment/new", commentForm)(readableUsersOnly { (form, repository) =>
+    val id = params("id")
+    createCommitComment(repository.owner, repository.name, id, context.loginAccount.get.userName, form.content,
+      form.fileName, form.oldLineNumber, form.newLineNumber, form.issueId.isDefined)
+    form.issueId match {
+      case Some(issueId) => recordCommentPullRequestActivity(repository.owner, repository.name, context.loginAccount.get.userName, issueId, form.content)
+      case None => recordCommentCommitActivity(repository.owner, repository.name, context.loginAccount.get.userName, id, form.content)
+    }
+    redirect(s"/${repository.owner}/${repository.name}/commit/${id}")
+  })
+
+  ajaxGet("/:owner/:repository/commit/:id/comment/_form")(readableUsersOnly { repository =>
+    val id            = params("id")
+    val fileName      = params.get("fileName")
+    val oldLineNumber = params.get("oldLineNumber") map (_.toInt)
+    val newLineNumber = params.get("newLineNumber") map (_.toInt)
+    val issueId   = params.get("issueId") map (_.toInt)
+    html.commentform(
+      commitId = id,
+      fileName, oldLineNumber, newLineNumber, issueId,
+      hasWritePermission = hasWritePermission(repository.owner, repository.name, context.loginAccount),
+      repository = repository
+    )
+  })
+
+  ajaxPost("/:owner/:repository/commit/:id/comment/_data/new", commentForm)(readableUsersOnly { (form, repository) =>
+    val id = params("id")
+    val commentId = createCommitComment(repository.owner, repository.name, id, context.loginAccount.get.userName,
+      form.content, form.fileName, form.oldLineNumber, form.newLineNumber, form.issueId.isDefined)
+    form.issueId match {
+      case Some(issueId) => recordCommentPullRequestActivity(repository.owner, repository.name, context.loginAccount.get.userName, issueId, form.content)
+      case None => recordCommentCommitActivity(repository.owner, repository.name, context.loginAccount.get.userName, id, form.content)
+    }
+    helper.html.commitcomment(getCommitComment(repository.owner, repository.name, commentId.toString).get,
+      hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
+  })
+
+  ajaxGet("/:owner/:repository/commit_comments/_data/:id")(readableUsersOnly { repository =>
+    getCommitComment(repository.owner, repository.name, params("id")) map { x =>
+      if(isEditable(x.userName, x.repositoryName, x.commentedUserName)){
+        params.get("dataType") collect {
+          case t if t == "html" => html.editcomment(
+            x.content, x.commentId, x.userName, x.repositoryName)
+        } getOrElse {
+          contentType = formats("json")
+          org.json4s.jackson.Serialization.write(
+            Map("content" -> view.Markdown.toHtml(x.content,
+              repository, false, true, true, isEditable(x.userName, x.repositoryName, x.commentedUserName))
+            ))
+        }
+      } else Unauthorized
+    } getOrElse NotFound
+  })
+
+  ajaxPost("/:owner/:repository/commit_comments/edit/:id", commentForm)(readableUsersOnly { (form, repository) =>
+    defining(repository.owner, repository.name){ case (owner, name) =>
+      getCommitComment(owner, name, params("id")).map { comment =>
+        if(isEditable(owner, name, comment.commentedUserName)){
+          updateCommitComment(comment.commentId, form.content)
+          redirect(s"/${owner}/${name}/commit_comments/_data/${comment.commentId}")
+        } else Unauthorized
+      } getOrElse NotFound
+    }
+  })
+
+  ajaxPost("/:owner/:repository/commit_comments/delete/:id")(readableUsersOnly { repository =>
+    defining(repository.owner, repository.name){ case (owner, name) =>
+      getCommitComment(owner, name, params("id")).map { comment =>
+        if(isEditable(owner, name, comment.commentedUserName)){
+          Ok(deleteCommitComment(comment.commentId))
+        } else Unauthorized
+      } getOrElse NotFound
+    }
+  })
+
   /**
    * Displays branches.
    */
   get("/:owner/:repository/branches")(referrersOnly { repository =>
-    using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
-      // retrieve latest update date of each branch
-      val branchInfo = repository.branchList.map { branchName =>
-        val revCommit = git.log.add(git.getRepository.resolve(branchName)).setMaxCount(1).call.iterator.next
-        (branchName, revCommit.getCommitterIdent.getWhen)
-      }
-      repo.html.branches(branchInfo, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
-    }
+    val branches = JGitUtil.getBranches(repository.owner, repository.name, repository.repository.defaultBranch)
+      .sortBy(br => (br.mergeInfo.isEmpty, br.commitTime))
+      .map(br => br -> getPullRequestByRequestCommit(repository.owner, repository.name, repository.repository.defaultBranch, br.name, br.commitId))
+      .reverse
+    html.branches(branches, hasWritePermission(repository.owner, repository.name, context.loginAccount), repository)
   })
 
   /**
@@ -278,7 +447,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    * Displays tags.
    */
   get("/:owner/:repository/tags")(referrersOnly {
-    repo.html.tags(_)
+    html.tags(_)
   })
 
   /**
@@ -295,7 +464,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/network/members")(referrersOnly { repository =>
-    repo.html.forked(
+    html.forked(
       getRepository(
         repository.repository.originUserName.getOrElse(repository.owner),
         repository.repository.originRepositoryName.getOrElse(repository.name),
@@ -306,7 +475,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
       repository)
   })
 
-  private def splitPath(repository: service.RepositoryService.RepositoryInfo, path: String): (String, String) = {
+  private def splitPath(repository: RepositoryService.RepositoryInfo, path: String): (String, String) = {
     val id = repository.branchList.collectFirst {
       case branch if(path == branch || path.startsWith(branch + "/")) => branch
     } orElse repository.tags.collectFirst {
@@ -329,7 +498,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
    */
   private def fileList(repository: RepositoryService.RepositoryInfo, revstr: String = "", path: String = ".") = {
     if(repository.commitCount == 0){
-      repo.html.guide(repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
+      html.guide(repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
     } else {
       using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
         // get specified commit
@@ -348,8 +517,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
                 Git.open(getRepositoryDir(repository.owner, repository.name)), file.id, true).get)
             }
 
-            repo.html.files(revision, repository,
+            html.files(revision, repository,
               if(path == ".") Nil else path.split("/").toList, // current path
+              context.loginAccount match {
+                case None => List()
+                case account: Option[Account] => getGroupsByUserName(account.get.userName)
+              }, // groups of current user
               new JGitUtil.CommitInfo(lastModifiedCommit), // last modified commit
               files, readme, hasWritePermission(repository.owner, repository.name, context.loginAccount),
               flash.get("info"), flash.get("error"))
@@ -359,7 +532,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }
   }
 
-  private def commitFile(repository: service.RepositoryService.RepositoryInfo,
+  private def commitFile(repository: RepositoryService.RepositoryInfo,
                          branch: String, path: String, newFileName: Option[String], oldFileName: Option[String],
                          content: String, charset: String, message: String) = {
 
@@ -400,6 +573,9 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         //refUpdate.setRefLogMessage("merged", true)
         refUpdate.update()
 
+        // update pull request
+        updatePullRequests(repository.owner, repository.name, branch)
+
         // record activity
         recordPushActivity(repository.owner, repository.name, loginAccount.userName, branch,
           List(new CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))))
@@ -408,14 +584,12 @@ trait RepositoryViewerControllerBase extends ControllerBase {
         closeIssuesFromMessage(message, loginAccount.userName, repository.owner, repository.name)
 
         // call web hook
+        callPullRequestWebHookByRequestBranch("synchronize", repository, branch, context.baseUrl, loginAccount)
         val commit = new JGitUtil.CommitInfo(JGitUtil.getRevCommitFromId(git, commitId))
-        getWebHookURLs(repository.owner, repository.name) match {
-          case webHookURLs if(webHookURLs.nonEmpty) =>
-            for(ownerAccount <- getAccountByUserName(repository.owner)){
-              callWebHook(repository.owner, repository.name, webHookURLs,
-                WebHookPayload(git, loginAccount, headName, repository, List(commit), ownerAccount))
-            }
-          case _ =>
+        callWebHookOf(repository.owner, repository.name, "push") {
+          getAccountByUserName(repository.owner).map{ ownerAccount =>
+            WebHookPushPayload(git, loginAccount, headName, repository, List(commit), ownerAccount)
+          }
         }
       }
     }
@@ -436,7 +610,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }
   }
 
-  private def archiveRepository(name: String, suffix: String, repository: RepositoryService.RepositoryInfo): File = {
+  private def archiveRepository(name: String, suffix: String, repository: RepositoryService.RepositoryInfo): Unit = {
     val revision = name.stripSuffix(suffix)
     val workDir = getDownloadWorkDir(repository.owner, repository.name, session.getId)
     if(workDir.exists) {
@@ -444,21 +618,26 @@ trait RepositoryViewerControllerBase extends ControllerBase {
     }
     workDir.mkdirs
 
-    val file = new File(workDir, repository.name + "-" +
-      (if(revision.length == 40) revision.substring(0, 10) else revision).replace('/', '_') + suffix)
+    val filename = repository.name + "-" +
+      (if(revision.length == 40) revision.substring(0, 10) else revision).replace('/', '_') + suffix
 
     using(Git.open(getRepositoryDir(repository.owner, repository.name))){ git =>
       val revCommit = JGitUtil.getRevCommitFromId(git, git.getRepository.resolve(revision))
-      using(new java.io.FileOutputStream(file))  { out =>
-        git.archive
-           .setFormat(suffix.tail)
-           .setTree(revCommit.getTree)
-           .setOutputStream(out)
-           .call()
-      }
+
       contentType = "application/octet-stream"
-      response.setHeader("Content-Disposition", s"attachment; filename=${file.getName}")
-      file
+      response.setHeader("Content-Disposition", s"attachment; filename=${filename}")
+      response.setBufferSize(1024 * 1024);
+
+      git.archive
+         .setFormat(suffix.tail)
+         .setTree(revCommit.getTree)
+         .setOutputStream(response.getOutputStream)
+         .call()
+
+      Unit
     }
   }
+
+  private def isEditable(owner: String, repository: String, author: String)(implicit context: Context): Boolean =
+    hasWritePermission(owner, repository, context.loginAccount) || author == context.loginAccount.get.userName
 }

src/main/scala/gitbucket/core/controller/SearchController.scala

@@ -1,9 +1,10 @@
-package app
+package gitbucket.core.controller
 
-import util._
+import gitbucket.core.search.html
+import gitbucket.core.service._
+import gitbucket.core.util.{StringUtil, ControlUtil, ReferrerAuthenticator, Implicits}
 import ControlUtil._
 import Implicits._
-import service._
 import jp.sf.amateras.scalatra.forms._
 
 class SearchController extends SearchControllerBase
@@ -34,12 +35,12 @@ trait SearchControllerBase extends ControllerBase { self: RepositoryService
       }
 
       target.toLowerCase match {
-        case "issue" => search.html.issues(
+        case "issue" => html.issues(
           searchIssues(repository.owner, repository.name, query),
           countFiles(repository.owner, repository.name, query),
           query, page, repository)
 
-        case _ => search.html.code(
+        case _ => html.code(
           searchFiles(repository.owner, repository.name, query),
           countIssues(repository.owner, repository.name, query),
           query, page, repository)

src/main/scala/gitbucket/core/controller/SystemSettingsController.scala

@@ -0,0 +1,85 @@
+package gitbucket.core.controller
+
+import gitbucket.core.admin.html
+import gitbucket.core.service.{AccountService, SystemSettingsService}
+import gitbucket.core.util.AdminAuthenticator
+import gitbucket.core.ssh.SshServer
+import SystemSettingsService._
+import jp.sf.amateras.scalatra.forms._
+
+class SystemSettingsController extends SystemSettingsControllerBase
+  with AccountService with AdminAuthenticator
+
+trait SystemSettingsControllerBase extends ControllerBase {
+  self: AccountService with AdminAuthenticator =>
+
+  private val form = mapping(
+    "baseUrl"                  -> trim(label("Base URL", optional(text()))),
+    "information"              -> trim(label("Information", optional(text()))),
+    "allowAccountRegistration" -> trim(label("Account registration", boolean())),
+    "allowAnonymousAccess"     -> trim(label("Anonymous access", boolean())),
+    "isCreateRepoOptionPublic" -> trim(label("Default option to create a new repository", boolean())),
+    "gravatar"                 -> trim(label("Gravatar", boolean())),
+    "notification"             -> trim(label("Notification", boolean())),
+    "ssh"                      -> trim(label("SSH access", boolean())),
+    "sshPort"                  -> trim(label("SSH port", optional(number()))),
+    "smtp"                     -> optionalIfNotChecked("notification", mapping(
+        "host"                     -> trim(label("SMTP Host", text(required))),
+        "port"                     -> trim(label("SMTP Port", optional(number()))),
+        "user"                     -> trim(label("SMTP User", optional(text()))),
+        "password"                 -> trim(label("SMTP Password", optional(text()))),
+        "ssl"                      -> trim(label("Enable SSL", optional(boolean()))),
+        "fromAddress"              -> trim(label("FROM Address", optional(text()))),
+        "fromName"                 -> trim(label("FROM Name", optional(text())))
+    )(Smtp.apply)),
+    "ldapAuthentication"       -> trim(label("LDAP", boolean())),
+    "ldap"                     -> optionalIfNotChecked("ldapAuthentication", mapping(
+        "host"                     -> trim(label("LDAP host", text(required))),
+        "port"                     -> trim(label("LDAP port", optional(number()))),
+        "bindDN"                   -> trim(label("Bind DN", optional(text()))),
+        "bindPassword"             -> trim(label("Bind Password", optional(text()))),
+        "baseDN"                   -> trim(label("Base DN", text(required))),
+        "userNameAttribute"        -> trim(label("User name attribute", text(required))),
+        "additionalFilterCondition"-> trim(label("Additional filter condition", optional(text()))),
+        "fullNameAttribute"        -> trim(label("Full name attribute", optional(text()))),
+        "mailAttribute"            -> trim(label("Mail address attribute", optional(text()))),
+        "tls"                      -> trim(label("Enable TLS", optional(boolean()))),
+        "ssl"                      -> trim(label("Enable SSL", optional(boolean()))),
+        "keystore"                 -> trim(label("Keystore", optional(text())))
+    )(Ldap.apply))
+  )(SystemSettings.apply).verifying { settings =>
+    if(settings.ssh && settings.baseUrl.isEmpty){
+      Seq("baseUrl" -> "Base URL is required if SSH access is enabled.")
+    } else Nil
+  }
+
+  private val pluginForm = mapping(
+    "pluginId" -> list(trim(label("", text())))
+  )(PluginForm.apply)
+
+  case class PluginForm(pluginIds: List[String])
+
+  get("/admin/system")(adminOnly {
+    html.system(flash.get("info"))
+  })
+
+  post("/admin/system", form)(adminOnly { form =>
+    saveSystemSettings(form)
+
+    if(form.ssh && SshServer.isActive && context.settings.sshPort != form.sshPort){
+      SshServer.stop()
+    }
+
+    if(form.ssh && !SshServer.isActive && form.baseUrl.isDefined){
+      SshServer.start(
+        form.sshPort.getOrElse(SystemSettingsService.DefaultSshPort),
+        form.baseUrl.get)
+    } else if(!form.ssh && SshServer.isActive){
+      SshServer.stop()
+    }
+
+    flash += "info" -> "System settings has been updated."
+    redirect("/admin/system")
+  })
+
+}

src/main/scala/gitbucket/core/controller/UserManagementController.scala

@@ -1,11 +1,12 @@
-package app
+package gitbucket.core.controller
 
-import service._
-import util.AdminAuthenticator
-import util.StringUtil._
-import util.ControlUtil._
-import util.Directory._
-import util.Implicits._
+import gitbucket.core.service.{RepositoryService, AccountService}
+import gitbucket.core.admin.users.html
+import gitbucket.core.util._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.StringUtil._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util.Directory._
 import jp.sf.amateras.scalatra.forms._
 import org.scalatra.i18n.Messages
 import org.apache.commons.io.FileUtils
@@ -75,11 +76,11 @@ trait UserManagementControllerBase extends AccountManagementControllerBase {
       account.userName -> getGroupMembers(account.userName).map(_.userName)
     }.toMap
 
-    admin.users.html.list(users, members, includeRemoved)
+    html.list(users, members, includeRemoved)
   })
   
   get("/admin/users/_newuser")(adminOnly {
-    admin.users.html.user(None)
+    html.user(None)
   })
   
   post("/admin/users/_newuser", newUserForm)(adminOnly { form =>
@@ -90,7 +91,7 @@ trait UserManagementControllerBase extends AccountManagementControllerBase {
   
   get("/admin/users/:userName/_edituser")(adminOnly {
     val userName = params("userName")
-    admin.users.html.user(getAccountByUserName(userName, true))
+    html.user(getAccountByUserName(userName, true))
   })
   
   post("/admin/users/:name/_edituser", editUserForm)(adminOnly { form =>
@@ -124,7 +125,7 @@ trait UserManagementControllerBase extends AccountManagementControllerBase {
   })
 
   get("/admin/users/_newgroup")(adminOnly {
-    admin.users.html.group(None, Nil)
+    html.group(None, Nil)
   })
 
   post("/admin/users/_newgroup", newGroupForm)(adminOnly { form =>
@@ -140,7 +141,7 @@ trait UserManagementControllerBase extends AccountManagementControllerBase {
 
   get("/admin/users/:groupName/_editgroup")(adminOnly {
     defining(params("groupName")){ groupName =>
-      admin.users.html.group(getAccountByUserName(groupName, true), getGroupMembers(groupName))
+      html.group(getAccountByUserName(groupName, true), getGroupMembers(groupName))
     }
   })
 
@@ -193,7 +194,7 @@ trait UserManagementControllerBase extends AccountManagementControllerBase {
   protected def disableByNotYourself(paramName: String): Constraint = new Constraint() {
     override def validate(name: String, value: String, messages: Messages): Option[String] = {
       params.get(paramName).flatMap { userName =>
-        if(userName == context.loginAccount.get.userName)
+        if(userName == context.loginAccount.get.userName && params.get("removed") == Some("true"))
           Some("You can't disable your account yourself")
         else
           None

src/main/scala/gitbucket/core/controller/WikiController.scala

@@ -1,14 +1,15 @@
-package app
+package gitbucket.core.controller
 
-import service._
-import util._
-import util.Directory._
-import util.ControlUtil._
-import util.Implicits._
+import gitbucket.core.wiki.html
+import gitbucket.core.service.{RepositoryService, WikiService, ActivityService, AccountService}
+import gitbucket.core.util._
+import gitbucket.core.util.StringUtil._
+import gitbucket.core.util.ControlUtil._
+import gitbucket.core.util.Implicits._
+import gitbucket.core.util.Directory._
 import jp.sf.amateras.scalatra.forms._
 import org.eclipse.jgit.api.Git
 import org.scalatra.i18n.Messages
-import java.util.ResourceBundle
 
 class WikiController extends WikiControllerBase 
   with WikiService with RepositoryService with AccountService with ActivityService with CollaboratorsAuthenticator with ReferrerAuthenticator
@@ -36,7 +37,7 @@ trait WikiControllerBase extends ControllerBase {
   
   get("/:owner/:repository/wiki")(referrersOnly { repository =>
     getWikiPage(repository.owner, repository.name, "Home").map { page =>
-      wiki.html.page("Home", page, getWikiPageList(repository.owner, repository.name),
+      html.page("Home", page, getWikiPageList(repository.owner, repository.name),
         repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
     } getOrElse redirect(s"/${repository.owner}/${repository.name}/wiki/Home/_edit")
   })
@@ -45,7 +46,7 @@ trait WikiControllerBase extends ControllerBase {
     val pageName = StringUtil.urlDecode(params("page"))
 
     getWikiPage(repository.owner, repository.name, pageName).map { page =>
-      wiki.html.page(pageName, page, getWikiPageList(repository.owner, repository.name),
+      html.page(pageName, page, getWikiPageList(repository.owner, repository.name),
         repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
     } getOrElse redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(pageName)}/_edit")
   })
@@ -55,7 +56,7 @@ trait WikiControllerBase extends ControllerBase {
 
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       JGitUtil.getCommitLog(git, "master", path = pageName + ".md") match {
-        case Right((logs, hasNext)) => wiki.html.history(Some(pageName), logs, repository)
+        case Right((logs, hasNext)) => html.history(Some(pageName), logs, repository)
         case Left(_) => NotFound
       }
     }
@@ -66,7 +67,7 @@ trait WikiControllerBase extends ControllerBase {
     val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
-      wiki.html.compare(Some(pageName), from, to, JGitUtil.getDiffs(git, from, to, true).filter(_.newPath == pageName + ".md"), repository,
+      html.compare(Some(pageName), from, to, JGitUtil.getDiffs(git, from, to, true).filter(_.newPath == pageName + ".md"), repository,
         hasWritePermission(repository.owner, repository.name, context.loginAccount), flash.get("info"))
     }
   })
@@ -75,7 +76,7 @@ trait WikiControllerBase extends ControllerBase {
     val Array(from, to) = params("commitId").split("\\.\\.\\.")
 
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
-      wiki.html.compare(None, from, to, JGitUtil.getDiffs(git, from, to, true), repository,
+      html.compare(None, from, to, JGitUtil.getDiffs(git, from, to, true), repository,
         hasWritePermission(repository.owner, repository.name, context.loginAccount), flash.get("info"))
     }
   })
@@ -105,13 +106,21 @@ trait WikiControllerBase extends ControllerBase {
 
   get("/:owner/:repository/wiki/:page/_edit")(collaboratorsOnly { repository =>
     val pageName = StringUtil.urlDecode(params("page"))
-    wiki.html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
+    html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
   })
   
   post("/:owner/:repository/wiki/_edit", editForm)(collaboratorsOnly { (form, repository) =>
     defining(context.loginAccount.get){ loginAccount =>
-      saveWikiPage(repository.owner, repository.name, form.currentPageName, form.pageName,
-          form.content, loginAccount, form.message.getOrElse(""), Some(form.id)).map { commitId =>
+      saveWikiPage(
+        repository.owner,
+        repository.name,
+        form.currentPageName,
+        form.pageName,
+        appendNewLine(convertLineSeparator(form.content, "LF"), "LF"),
+        loginAccount,
+        form.message.getOrElse(""),
+        Some(form.id)
+      ).map { commitId =>
         updateLastActivityDate(repository.owner, repository.name)
         recordEditWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName, commitId)
       }
@@ -120,7 +129,7 @@ trait WikiControllerBase extends ControllerBase {
   })
   
   get("/:owner/:repository/wiki/_new")(collaboratorsOnly {
-    wiki.html.edit("", None, _)
+    html.edit("", None, _)
   })
   
   post("/:owner/:repository/wiki/_new", newForm)(collaboratorsOnly { (form, repository) =>
@@ -147,14 +156,14 @@ trait WikiControllerBase extends ControllerBase {
   })
   
   get("/:owner/:repository/wiki/_pages")(referrersOnly { repository =>
-    wiki.html.pages(getWikiPageList(repository.owner, repository.name), repository,
+    html.pages(getWikiPageList(repository.owner, repository.name), repository,
       hasWritePermission(repository.owner, repository.name, context.loginAccount))
   })
   
   get("/:owner/:repository/wiki/_history")(referrersOnly { repository =>
     using(Git.open(getWikiRepositoryDir(repository.owner, repository.name))){ git =>
       JGitUtil.getCommitLog(git, "master") match {
-        case Right((logs, hasNext)) => wiki.html.history(None, logs, repository)
+        case Right((logs, hasNext)) => html.history(None, logs, repository)
         case Left(_) => NotFound
       }
     }
@@ -164,8 +173,7 @@ trait WikiControllerBase extends ControllerBase {
     val path = multiParams("splat").head
 
     getFileContent(repository.owner, repository.name, path).map { bytes =>
-      contentType = FileUtil.getContentType(path, bytes)
-      bytes
+      RawData(FileUtil.getContentType(path, bytes), bytes)
     } getOrElse NotFound
   })
 

src/main/scala/gitbucket/core/model/AccessToken.scala

@@ -0,0 +1,21 @@
+package gitbucket.core.model
+
+
+trait AccessTokenComponent { self: Profile =>
+  import profile.simple._
+  lazy val AccessTokens = TableQuery[AccessTokens]
+
+  class AccessTokens(tag: Tag) extends Table[AccessToken](tag, "ACCESS_TOKEN") {
+    val accessTokenId = column[Int]("ACCESS_TOKEN_ID", O AutoInc)
+    val userName = column[String]("USER_NAME")
+    val tokenHash = column[String]("TOKEN_HASH")
+    val note = column[String]("NOTE")
+    def * = (accessTokenId, userName, tokenHash, note) <> (AccessToken.tupled, AccessToken.unapply)
+  }
+}
+case class AccessToken(
+  accessTokenId: Int = 0,
+  userName: String,
+  tokenHash: String,
+  note: String
+)

src/main/scala/gitbucket/core/model/Account.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait AccountComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Activity.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait ActivityComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/BasicTemplate.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 protected[model] trait TemplateComponent { self: Profile =>
   import profile.simple._
@@ -44,4 +44,14 @@ protected[model] trait TemplateComponent { self: Profile =>
       byRepository(userName, repositoryName) && (this.milestoneId === milestoneId)
   }
 
+  trait CommitTemplate extends BasicTemplate { self: Table[_] =>
+    val commitId = column[String]("COMMIT_ID")
+
+    def byCommit(owner: String, repository: String, commitId: String) =
+      byRepository(owner, repository) && (this.commitId === commitId)
+
+    def byCommit(owner: Column[String], repository: Column[String], commitId: Column[String]) =
+      byRepository(userName, repositoryName) && (this.commitId === commitId)
+  }
+
 }

src/main/scala/gitbucket/core/model/Collaborator.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait CollaboratorComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Comment.scala

@@ -0,0 +1,78 @@
+package gitbucket.core.model
+
+trait Comment {
+  val commentedUserName: String
+  val registeredDate: java.util.Date
+}
+
+trait IssueCommentComponent extends TemplateComponent { self: Profile =>
+  import profile.simple._
+  import self._
+
+  lazy val IssueComments = new TableQuery(tag => new IssueComments(tag)){
+    def autoInc = this returning this.map(_.commentId)
+  }
+
+  class IssueComments(tag: Tag) extends Table[IssueComment](tag, "ISSUE_COMMENT") with IssueTemplate {
+    val commentId = column[Int]("COMMENT_ID", O AutoInc)
+    val action = column[String]("ACTION")
+    val commentedUserName = column[String]("COMMENTED_USER_NAME")
+    val content = column[String]("CONTENT")
+    val registeredDate = column[java.util.Date]("REGISTERED_DATE")
+    val updatedDate = column[java.util.Date]("UPDATED_DATE")
+    def * = (userName, repositoryName, issueId, commentId, action, commentedUserName, content, registeredDate, updatedDate) <> (IssueComment.tupled, IssueComment.unapply)
+
+    def byPrimaryKey(commentId: Int) = this.commentId === commentId.bind
+  }
+}
+
+case class IssueComment (
+  userName: String,
+  repositoryName: String,
+  issueId: Int,
+  commentId: Int = 0,
+  action: String,
+  commentedUserName: String,
+  content: String,
+  registeredDate: java.util.Date,
+  updatedDate: java.util.Date
+) extends Comment
+
+trait CommitCommentComponent extends TemplateComponent { self: Profile =>
+  import profile.simple._
+  import self._
+
+  lazy val CommitComments = new TableQuery(tag => new CommitComments(tag)){
+    def autoInc = this returning this.map(_.commentId)
+  }
+
+  class CommitComments(tag: Tag) extends Table[CommitComment](tag, "COMMIT_COMMENT") with CommitTemplate {
+    val commentId = column[Int]("COMMENT_ID", O AutoInc)
+    val commentedUserName = column[String]("COMMENTED_USER_NAME")
+    val content = column[String]("CONTENT")
+    val fileName = column[Option[String]]("FILE_NAME")
+    val oldLine = column[Option[Int]]("OLD_LINE_NUMBER")
+    val newLine = column[Option[Int]]("NEW_LINE_NUMBER")
+    val registeredDate = column[java.util.Date]("REGISTERED_DATE")
+    val updatedDate = column[java.util.Date]("UPDATED_DATE")
+    val pullRequest = column[Boolean]("PULL_REQUEST")
+    def * = (userName, repositoryName, commitId, commentId, commentedUserName, content, fileName, oldLine, newLine, registeredDate, updatedDate, pullRequest) <> (CommitComment.tupled, CommitComment.unapply)
+
+    def byPrimaryKey(commentId: Int) = this.commentId === commentId.bind
+  }
+}
+
+case class CommitComment(
+  userName: String,
+  repositoryName: String,
+  commitId: String,
+  commentId: Int = 0,
+  commentedUserName: String,
+  content: String,
+  fileName: Option[String],
+  oldLine: Option[Int],
+  newLine: Option[Int],
+  registeredDate: java.util.Date,
+  updatedDate: java.util.Date,
+  pullRequest: Boolean
+ ) extends Comment

src/main/scala/gitbucket/core/model/CommitStatus.scala

@@ -0,0 +1,83 @@
+package gitbucket.core.model
+
+import scala.slick.lifted.MappedTo
+import scala.slick.jdbc._
+
+trait CommitStatusComponent extends TemplateComponent { self: Profile =>
+  import profile.simple._
+  import self._
+
+  implicit val commitStateColumnType = MappedColumnType.base[CommitState, String](b => b.name , i => CommitState(i))
+
+  lazy val CommitStatuses = TableQuery[CommitStatuses]
+  class CommitStatuses(tag: Tag) extends Table[CommitStatus](tag, "COMMIT_STATUS") with CommitTemplate {
+    val commitStatusId = column[Int]("COMMIT_STATUS_ID", O AutoInc)
+    val context = column[String]("CONTEXT")
+    val state = column[CommitState]("STATE")
+    val targetUrl = column[Option[String]]("TARGET_URL")
+    val description = column[Option[String]]("DESCRIPTION")
+    val creator = column[String]("CREATOR")
+    val registeredDate = column[java.util.Date]("REGISTERED_DATE")
+    val updatedDate = column[java.util.Date]("UPDATED_DATE")
+    def * = (commitStatusId, userName, repositoryName, commitId, context, state, targetUrl, description, creator, registeredDate, updatedDate) <> (CommitStatus.tupled, CommitStatus.unapply)
+    def byPrimaryKey(id: Int) = commitStatusId === id.bind
+  }
+}
+
+
+case class CommitStatus(
+  commitStatusId: Int = 0,
+  userName: String,
+  repositoryName: String,
+  commitId: String,
+  context: String,
+  state: CommitState,
+  targetUrl: Option[String],
+  description: Option[String],
+  creator: String,
+  registeredDate: java.util.Date,
+  updatedDate: java.util.Date
+)
+
+
+sealed abstract class CommitState(val name: String)
+
+
+object CommitState {
+  object ERROR extends CommitState("error")
+
+  object FAILURE extends CommitState("failure")
+
+  object PENDING extends CommitState("pending")
+
+  object SUCCESS extends CommitState("success")
+
+  val values: Vector[CommitState] = Vector(PENDING, SUCCESS, ERROR, FAILURE)
+
+  private val map: Map[String, CommitState] = values.map(enum => enum.name -> enum).toMap
+
+  def apply(name: String): CommitState = map(name)
+
+  def valueOf(name: String): Option[CommitState] = map.get(name)
+
+  /**
+   * failure if any of the contexts report as error or failure
+   * pending if there are no statuses or a context is pending
+   * success if the latest status for all contexts is success
+   */
+  def combine(statuses: Set[CommitState]): CommitState = {
+    if(statuses.isEmpty){
+      PENDING
+    } else if(statuses.contains(CommitState.ERROR) || statuses.contains(CommitState.FAILURE)) {
+      FAILURE
+    } else if(statuses.contains(CommitState.PENDING)) {
+      PENDING
+    } else {
+      SUCCESS
+    }
+  }
+
+  implicit val getResult: GetResult[CommitState] = GetResult(r => CommitState(r.<<))
+  implicit val getResultOpt: GetResult[Option[CommitState]] = GetResult(r => r.<<?[String].map(CommitState(_)))
+}
+

src/main/scala/gitbucket/core/model/GroupMembers.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait GroupMemberComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Issue.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait IssueComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/IssueLabels.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait IssueLabelComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Labels.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait LabelComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Milestone.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait MilestoneComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Plugin.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait PluginComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Profile.scala

@@ -1,27 +1,43 @@
-package model
+package gitbucket.core.model
+
 
 trait Profile {
   val profile: slick.driver.JdbcProfile
   import profile.simple._
 
-  // java.util.Date Mapped Column Types
+  /**
+   * java.util.Date Mapped Column Types
+   */
   implicit val dateColumnType = MappedColumnType.base[java.util.Date, java.sql.Timestamp](
-      d => new java.sql.Timestamp(d.getTime),
-      t => new java.util.Date(t.getTime)
+    d => new java.sql.Timestamp(d.getTime),
+    t => new java.util.Date(t.getTime)
   )
 
+  /**
+   * Extends Column to add conditional condition
+   */
   implicit class RichColumn(c1: Column[Boolean]){
     def &&(c2: => Column[Boolean], guard: => Boolean): Column[Boolean] = if(guard) c1 && c2 else c1
   }
 
+  /**
+   * Returns system date.
+   */
+  def currentDate = new java.util.Date()
+
 }
 
-object Profile extends {
+trait ProfileProvider { self: Profile =>
   val profile = slick.driver.H2Driver
+}
 
-} with AccountComponent
+trait CoreProfile extends ProfileProvider with Profile
+  with AccessTokenComponent
+  with AccountComponent
   with ActivityComponent
   with CollaboratorComponent
+  with CommitCommentComponent
+  with CommitStatusComponent
   with GroupMemberComponent
   with IssueComponent
   with IssueCommentComponent
@@ -32,11 +48,6 @@ object Profile extends {
   with RepositoryComponent
   with SshKeyComponent
   with WebHookComponent
-  with PluginComponent with Profile {
+  with PluginComponent
 
-  /**
-   * Returns system date.
-   */
-  def currentDate = new java.util.Date()
-
-}
+object Profile extends CoreProfile

src/main/scala/gitbucket/core/model/PullRequest.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait PullRequestComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/Repository.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait RepositoryComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/SshKey.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait SshKeyComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/WebHook.scala

@@ -1,4 +1,4 @@
-package model
+package gitbucket.core.model
 
 trait WebHookComponent extends TemplateComponent { self: Profile =>
   import profile.simple._

src/main/scala/gitbucket/core/model/package.scala

@@ -1,3 +1,5 @@
+package gitbucket.core
+
 package object model {
   type Session = slick.jdbc.JdbcBackend#Session
 }

src/main/scala/gitbucket/core/plugin/Images.scala

@@ -0,0 +1,10 @@
+package gitbucket.core.plugin
+
+/**
+ * Provides a helper method to generate data URI of images registered by plug-in.
+ */
+object Images {
+
+  def dataURI(id: String) = s"data:image/png;base64,${PluginRegistry().getImage(id)}"
+
+}

src/main/scala/gitbucket/core/plugin/Plugin.scala

@@ -0,0 +1,29 @@
+package gitbucket.core.plugin
+
+import javax.servlet.ServletContext
+import gitbucket.core.util.Version
+
+/**
+ * Trait for define plugin interface.
+ * To provide plugin, put Plugin class which mixed in this trait into the package root.
+ */
+trait Plugin {
+
+  val pluginId: String
+  val pluginName: String
+  val description: String
+  val versions: Seq[Version]
+
+  /**
+   * This method is invoked in initialization of plugin system.
+   * Register plugin functionality to PluginRegistry.
+   */
+  def initialize(registry: PluginRegistry, context: ServletContext): Unit
+
+  /**
+   * This method is invoked in shutdown of plugin system.
+   * If the plugin has any resources, release them in this method.
+   */
+  def shutdown(registry: PluginRegistry, context: ServletContext): Unit
+
+}