Move macaron to chi (#14293)

Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
1 year ago · 6433ba0ec3
353 changed files with 5412 additions and 20734 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@ -70,7 +70,7 @@ issues:
    - path: modules/log/
      linters:
        - errcheck
-    - path: routers/routes/macaron.go
+    - path: routers/routes/web.go
      linters:
        - dupl
    - path: routers/api/v1/repo/issue_subscription.go
--- a/cmd/dump.go
+++ b/cmd/dump.go
@ -21,7 +21,7 @@ import (
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"

-	"gitea.com/macaron/session"
+	"gitea.com/go-chi/session"
 	archiver "github.com/mholt/archiver/v3"
 	"github.com/urfave/cli"
 )
--- a/cmd/web.go
+++ b/cmd/web.go
@ -102,8 +102,7 @@ func runWeb(ctx *cli.Context) error {
 				return err
 			}
 		}
-		c := routes.NewChi()
-		routes.RegisterInstallRoute(c)
+		c := routes.InstallRoutes()
 		err := listen(c, false)
 		select {
 		case <-graceful.GetManager().IsShutdown():
@ -134,11 +133,9 @@ func runWeb(ctx *cli.Context) error {
 			return err
 		}
 	}
-	// Set up Chi routes
-	c := routes.NewChi()
-	c.Mount("/", routes.NormalRoutes())
-	routes.DelegateToMacaron(c)

+	// Set up Chi routes
+	c := routes.NormalRoutes()
 	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@ -116,9 +116,7 @@ func runPR() {
 	//routers.GlobalInit()
 	external.RegisterParsers()
 	markup.Init()
-	c := routes.NewChi()
-	c.Mount("/", routes.NormalRoutes())
-	routes.DelegateToMacaron(c)
+	c := routes.NormalRoutes()

 	log.Printf("[PR] Ready for testing !\n")
 	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@ -549,7 +549,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 ## Session (`session`)

- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, mysql, couchbase, memcache, nodb, postgres\].
+- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, mysql, couchbase, memcache, postgres\].
 - `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for others, the connection string.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
@ -609,8 +609,6 @@ Default templates for project boards:
 - `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.modename\]`. By default the file mode will log to `$ROOT_PATH/gitea.log`.
 - `LEVEL`: **Info**: General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
 - `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
- `REDIRECT_MACARON_LOG`: **false**: Redirects the Macaron log to its own logger or the default logger.
- `MACARON`: **file**: Logging mode for the macaron logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.macaron\]`. By default the file mode will log to `$ROOT_PATH/macaron.log`. (If you set this to `,` it will log to default gitea logger.)
 - `ROUTER_LOG_LEVEL`: **Info**: The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default gitea logger.)
 NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
@ -618,7 +616,7 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
 - `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
 - `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
  - The following variables are available:
-  - `Ctx`: the `macaron.Context` of the request.
+  - `Ctx`: the `context.Context` of the request.
  - `Identity`: the SignedUserName or `"-"` if not logged in.
  - `Start`: the start time of the request.
  - `ResponseWriter`: the responseWriter from the request.
--- a/docs/content/doc/advanced/logging-documentation.en-us.md
+++ b/docs/content/doc/advanced/logging-documentation.en-us.md
@ -67,40 +67,11 @@ The provider type of the sublogger can be set using the `MODE` value in
 its subsection, but will default to the name. This allows you to have
 multiple subloggers that will log to files.

-### The "Macaron" logger
-
-By default Macaron will log to its own go `log` instance. This writes
-to `os.Stdout`. You can redirect this log to a Gitea configurable logger
-through setting the `REDIRECT_MACARON_LOG` setting in the `[log]`
-section which you can configure the outputs of by setting the `MACARON`
-value in the `[log]` section of the configuration. `MACARON` defaults
-to `file` if unset.
-
-Please note, the macaron logger will log at `INFO` level, setting the
-`LEVEL` of this logger to `WARN` or above will result in no macaron logs.
-
-Each output sublogger for this logger is configured in
-`[log.sublogger.macaron]` sections. There are certain default values
-which will not be inherited from the `[log]` or relevant
-`[log.sublogger]` sections:
-
- `FLAGS` is `stdflags` (Equal to
-  `date,time,medfile,shortfuncname,levelinitial`)
- `FILE_NAME` will default to `%(ROOT_PATH)/macaron.log`
- `EXPRESSION` will default to `""`
- `PREFIX` will default to `""`
-
-NB: You can redirect the macaron logger to send its events to the gitea
-log using the value: `MACARON = ,`
-
 ### The "Router" logger

-There are two types of Router log. By default Macaron send its own
-router log which will be directed to Macaron's go `log`, however if you
-`REDIRECT_MACARON_LOG` you will enable Gitea's router log. You can
-disable both types of Router log by setting `DISABLE_ROUTER_LOG`.
+You can disable Router log by setting `DISABLE_ROUTER_LOG`.

-If you enable the redirect, you can configure the outputs of this
+You can configure the outputs of this
 router log by setting the `ROUTER` value in the `[log]` section of the
 configuration. `ROUTER` will default to `console` if unset. The Gitea
 Router logs the same data as the Macaron log but has slightly different
@ -162,11 +133,11 @@ This value represent a go template. It's default value is:

 The template is passed following options:

- `Ctx` is the `macaron.Context`
+- `Ctx` is the `context.Context`
 - `Identity` is the `SignedUserName` or `"-"` if the user is not logged
  in
 - `Start` is the start time of the request
- `ResponseWriter` is the `macaron.ResponseWriter`
+- `ResponseWriter` is the `http.ResponseWriter`

 Caution must be taken when changing this template as it runs outside of
 the standard panic recovery trap. The template should also be as simple
--- a/docs/content/page/index.en-us.md
+++ b/docs/content/page/index.en-us.md
@ -267,7 +267,7 @@ Windows, on architectures like amd64, i386, ARM, PowerPC, and others.

 ## Components

-* Web framework: [Macaron](http://go-macaron.com/)
+* Web framework: [Chi](http://github.com/go-chi/chi)
 * ORM: [XORM](https://xorm.io)
 * UI components:
  * [Semantic UI](http://semantic-ui.com/)
--- a/docs/content/page/index.fr-fr.md
+++ b/docs/content/page/index.fr-fr.md
@ -254,7 +254,7 @@ Le but de ce projet est de fournir de la manière la plus simple, la plus rapide

 ## Composants

-* Framework web : [Macaron](http://go-macaron.com/)
+* Framework web : [Chi](http://github.com/go-chi/chi)
 * ORM: [XORM](https://xorm.io)
 * Interface graphique :
  * [Semantic UI](http://semantic-ui.com/)
--- a/docs/content/page/index.zh-cn.md
+++ b/docs/content/page/index.zh-cn.md
@ -47,7 +47,7 @@ Gitea的首要目标是创建一个极易安装，运行非常快速，安装和

 ## 组件

-* Web框架： [Macaron](http://go-macaron.com/)
+* Web框架： [Chi](http://github.com/go-chi/chi)
 * ORM: [XORM](https://xorm.io)
 * UI组件：
  * [Semantic UI](http://semantic-ui.com/)
--- a/docs/content/page/index.zh-tw.md
+++ b/docs/content/page/index.zh-tw.md
@ -47,7 +47,7 @@ Gitea 的首要目標是建立一個容易安裝，運行快速，安装和使

 ## 元件

-* Web 框架： [Macaron](http://go-macaron.com/)
+* Web 框架： [Chi](http://github.com/go-chi/chi)
 * ORM： [XORM](https://xorm.io)
 * UI 元件：
  * [Semantic UI](http://semantic-ui.com/)
--- a/go.mod
+++ b/go.mod
@ -5,19 +5,12 @@ go 1.14
 require (
 	code.gitea.io/gitea-vet v0.2.1
 	code.gitea.io/sdk/gitea v0.13.1
+	gitea.com/go-chi/binding v0.0.0-20210113025129-03f1d313373c
+	gitea.com/go-chi/cache v0.0.0-20210110083709-82c4c9ce2d5e
+	gitea.com/go-chi/captcha v0.0.0-20210110083842-e7696c336a1e
 	gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee
 	gitea.com/lunny/levelqueue v0.3.0
-	gitea.com/macaron/binding v0.0.0-20190822013154-a5f53841ed2b
-	gitea.com/macaron/cache v0.0.0-20200924044943-905232fba10b
-	gitea.com/macaron/captcha v0.0.0-20200825161008-e8597820aaca
-	gitea.com/macaron/cors v0.0.0-20190826180238-95aec09ea8b4
-	gitea.com/macaron/csrf v0.0.0-20190822024205-3dc5a4474439
-	gitea.com/macaron/gzip v0.0.0-20200827120000-efa5e8477cf5
-	gitea.com/macaron/i18n v0.0.0-20200911004404-4ca3dd0cbd60
-	gitea.com/macaron/inject v0.0.0-20190805023432-d4c86e31027a
-	gitea.com/macaron/macaron v1.5.1-0.20201027213641-0db5d4584804
-	gitea.com/macaron/session v0.0.0-20201103015045-a177a2701dee
-	gitea.com/macaron/toolbox v0.0.0-20190822013122-05ff0fc766b7
+	github.com/NYTimes/gziphandler v1.1.1
 	github.com/PuerkitoBio/goquery v1.5.1
 	github.com/RoaringBitmap/roaring v0.5.5 // indirect
 	github.com/alecthomas/chroma v0.8.2
@ -36,6 +29,7 @@ require (
 	github.com/gliderlabs/ssh v0.3.1
 	github.com/glycerine/go-unsnap-stream v0.0.0-20190901134440-81cf024a9e0a // indirect
 	github.com/go-chi/chi v1.5.1
+	github.com/go-chi/cors v1.1.1
 	github.com/go-enry/go-enry/v2 v2.6.0
 	github.com/go-git/go-billy/v5 v5.0.0
 	github.com/go-git/go-git/v5 v5.2.0
--- a/go.sum
+++ b/go.sum
@ -40,44 +40,16 @@ code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFj
 code.gitea.io/sdk/gitea v0.13.1 h1:Y7bpH2iO6Q0KhhMJfjP/LZ0AmiYITeRQlCD8b0oYqhk=
 code.gitea.io/sdk/gitea v0.13.1/go.mod h1:z3uwDV/b9Ls47NGukYM9XhnHtqPh/J+t40lsUrR6JDY=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+gitea.com/go-chi/binding v0.0.0-20210113025129-03f1d313373c h1:NTtrGYjR40WUdkCdn26Y5LGFT52rIkFPkjmtgCAyiTs=
+gitea.com/go-chi/binding v0.0.0-20210113025129-03f1d313373c/go.mod h1:9bGA9dIsrz+wVQKH1DzvxuAvrudHaQ8Wx8hLme/GVGQ=
+gitea.com/go-chi/cache v0.0.0-20210110083709-82c4c9ce2d5e h1:zgPGaf3kXP0cVm9J0l8ZA2+XDzILYATg0CXbihR6N+o=
+gitea.com/go-chi/cache v0.0.0-20210110083709-82c4c9ce2d5e/go.mod h1:k2V/gPDEtXGjjMGuBJiapffAXTv76H4snSmlJRLUhH0=
+gitea.com/go-chi/captcha v0.0.0-20210110083842-e7696c336a1e h1:YjaQU6XFicdhPN+MlGolcXO8seYY2+EY5g7vZPB17CQ=
+gitea.com/go-chi/captcha v0.0.0-20210110083842-e7696c336a1e/go.mod h1:nfA7JaGv3hbGQ1ktdhAsZhdS84qKffI8NMlHr+Opsog=
 gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee h1:9U6HuKUBt/cGK6T/64dEuz0r7Yp97WAAEJvXHDlY3ws=
 gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0=
 gitea.com/lunny/levelqueue v0.3.0 h1:MHn1GuSZkxvVEDMyAPqlc7A3cOW+q8RcGhRgH/xtm6I=
 gitea.com/lunny/levelqueue v0.3.0/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
-gitea.com/lunny/log v0.0.0-20190322053110-01b5df579c4e h1:r1en/D7xJmcY24VkHkjkcJFa+7ZWubVWPBrvsHkmHxk=
-gitea.com/lunny/log v0.0.0-20190322053110-01b5df579c4e/go.mod h1:uJEsN4LQpeGYRCjuPXPZBClU7N5pWzGuyF4uqLpE/e0=
-gitea.com/lunny/nodb v0.0.0-20200923032308-3238c4655727 h1:ZF2Bd6rqVlwhIDhYiS0uGYcT+GaVNGjuKVJkTNqWMIs=
-gitea.com/lunny/nodb v0.0.0-20200923032308-3238c4655727/go.mod h1:h0OwsgcpJLSYtHcM5+Xciw9OEeuxi6ty4HDiO8C7aIY=
-gitea.com/macaron/binding v0.0.0-20190822013154-a5f53841ed2b h1:vXt85uYV17KURaUlhU7v4GbCShkqRZDSfo0TkC0YCjQ=
-gitea.com/macaron/binding v0.0.0-20190822013154-a5f53841ed2b/go.mod h1:Cxadig6POWpPYYSfg23E7jo35Yf0yvsdC1lifoKWmPo=
-gitea.com/macaron/cache v0.0.0-20190822004001-a6e7fee4ee76 h1:mMsMEg90c5KXQgRWsH8D6GHXfZIW1RAe5S9VYIb12lM=
-gitea.com/macaron/cache v0.0.0-20190822004001-a6e7fee4ee76/go.mod h1:NFHb9Of+LUnU86bU20CiXXg6ZlgCJ4XytP14UsHOXFs=
-gitea.com/macaron/cache v0.0.0-20200924044943-905232fba10b h1:2ZE0JE3bKVBcP1VTrWeE1jqWwCAMIzfOQm1U9EGbBKU=
-gitea.com/macaron/cache v0.0.0-20200924044943-905232fba10b/go.mod h1:W5hKG8T1GBfypp5CRQlgoJU4figIL0jhx02y4XA/NOA=
-gitea.com/macaron/captcha v0.0.0-20200825161008-e8597820aaca h1:f5P41nXmXd/YOh8f6098Q0F1Y0QfpyRPSSIkni2XH4Q=
-gitea.com/macaron/captcha v0.0.0-20200825161008-e8597820aaca/go.mod h1:J5h3N+1nKTXtU1x4GxexaQKgAz8UiWecNwi/CfX7CtQ=
-gitea.com/macaron/cors v0.0.0-20190826180238-95aec09ea8b4 h1:e2rAFDejB0qN8OrY4xP4XSu8/yT6QmWxDZpB3J7r2GU=
-gitea.com/macaron/cors v0.0.0-20190826180238-95aec09ea8b4/go.mod h1:rtOK4J20kpMD9XcNsnO5YA843YSTe/MUMbDj/TJ/Q7A=
-gitea.com/macaron/csrf v0.0.0-20190822024205-3dc5a4474439 h1:88c34YM29a1GlWLrLBaG/GTT2htDdJz1u3n9+lmPolg=
-gitea.com/macaron/csrf v0.0.0-20190822024205-3dc5a4474439/go.mod h1:IsQPHx73HnnqFBYiVHjg87q4XBZyGXXu77xANukvZuk=
-gitea.com/macaron/gzip v0.0.0-20200827120000-efa5e8477cf5 h1:6rbhThlqfOb+sSmhrsVFz3bZoAeoloe7TZqyeiPbbWI=
-gitea.com/macaron/gzip v0.0.0-20200827120000-efa5e8477cf5/go.mod h1:z8vCjuhqDfvzPUJDowGqbsgoeYBvDbl95S5k6y43Pxo=
-gitea.com/macaron/i18n v0.0.0-20200911004404-4ca3dd0cbd60 h1:tNWNe5HBIlsfapFMtT4twTbXQmInRQWmdWNi8Di1ct0=
-gitea.com/macaron/i18n v0.0.0-20200911004404-4ca3dd0cbd60/go.mod h1:g5ope1b+iWhBdHzAn6EJ9u9Gp3FRESxpG+CDf7HYc/A=
-gitea.com/macaron/inject v0.0.0-20190803172902-8375ba841591/go.mod h1:h6E4kLao1Yko6DOU6QDnQPcuoNzvbZqzj2mtPcEn1aM=
-gitea.com/macaron/inject v0.0.0-20190805023432-d4c86e31027a h1:aOKEXkDTnh4euoH0so/THLXeHtQuqHmDPb1xEk6Ehok=
-gitea.com/macaron/inject v0.0.0-20190805023432-d4c86e31027a/go.mod h1:h6E4kLao1Yko6DOU6QDnQPcuoNzvbZqzj2mtPcEn1aM=
-gitea.com/macaron/macaron v1.3.3-0.20190803174002-53e005ff4827/go.mod h1:/rvxMjIkOq4BM8uPUb+VHuU02ZfAO6R4+wD//tiCiRw=
-gitea.com/macaron/macaron v1.3.3-0.20190821202302-9646c0587edb/go.mod h1:0coI+mSPSwbsyAbOuFllVS38awuk9mevhLD52l50Gjs=
-gitea.com/macaron/macaron v1.5.0 h1:TvWEcHw1/zaHlo0GTuKEukLh3A99+QsU2mjBrXLXjVQ=
-gitea.com/macaron/macaron v1.5.0/go.mod h1:P7hfDbQjcW22lkYkXlxdRIfWOXxH2+K4EogN4Q0UlLY=
-gitea.com/macaron/macaron v1.5.1-0.20201027213641-0db5d4584804 h1:yUiJVZKzdXsBe2tumTAXHBZa1qPGoGXM3fBG4RJ5fQg=
-gitea.com/macaron/macaron v1.5.1-0.20201027213641-0db5d4584804/go.mod h1:P7hfDbQjcW22lkYkXlxdRIfWOXxH2+K4EogN4Q0UlLY=
-gitea.com/macaron/session v0.0.0-20190821211443-122c47c5f705/go.mod h1:1ujH0jD6Ca4iK9NL0Q2a7fG2chvXx5hVa7hBfABwpkA=
-gitea.com/macaron/session v0.0.0-20201103015045-a177a2701dee h1:8/N3a56RXRJ66nnep0z+T7oHCB0bY6lpvtjv9Y9FPhE=
-gitea.com/macaron/session v0.0.0-20201103015045-a177a2701dee/go.mod h1:5tJCkDbrwpGv+MQUSIZSOW0wFrkh0exsonJgOvBs1Dw=
-gitea.com/macaron/toolbox v0.0.0-20190822013122-05ff0fc766b7 h1:N9QFoeNsUXLhl14mefLzGluqV7w2mGU3u+iZU+jCeWk=
-gitea.com/macaron/toolbox v0.0.0-20190822013122-05ff0fc766b7/go.mod h1:kgsbFPPS4P+acDYDOPDa3N4IWWOuDJt5/INKRUz7aks=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
 github.com/6543-forks/go-gogs-client v0.0.0-20210116182316-f2f8bc0ea9cc h1:FLylYVXDwK+YtrmXYnv2Q1Y5lQ9TU1Xp5F2vndIOTb4=
@ -92,6 +64,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym
 github.com/GeertJohan/go.incremental v1.0.0/go.mod h1:6fAjUhbVuX1KcMD3c8TEgVUqmo4seqhv0i0kdATSkM0=
 github.com/GeertJohan/go.rice v1.0.0/go.mod h1:eH6gbSOAUv07dQuZVnBmoDP8mgsM1rtixis4Tib9if0=
 github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
+github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
+github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/PuerkitoBio/goquery v1.5.1 h1:PSPBGne8NIUWw+/7vFBV+kG2J/5MOjbzc7154OaKCSE=
 github.com/PuerkitoBio/goquery v1.5.1/go.mod h1:GsLWisAFVj4WgDibEWF4pvYnkVQBpKBKeU+7zCJoLcc=
@ -106,7 +80,6 @@ github.com/RoaringBitmap/roaring v0.5.5 h1:naNqvO1mNnghk2UvcsqnzHDBn9DRbCIRy94Gm
 github.com/RoaringBitmap/roaring v0.5.5/go.mod h1:puNo5VdzwbaIQxSiDIwfXl4Hnc+fbovcX4IW/dSTtUk=
 github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo=
 github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI=
-github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755/go.mod h1:voKvFVpXBJxdIPeqjoJuLK+UVcRlo/JLjeToGxPYu68=
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
 github.com/afex/hystrix-go v0.0.0-20180502004556-fa1af6a1f4f5/go.mod h1:SkGFH1ia65gfNATL8TAiHDNxPzPdmEL5uirI2Uyuz6c=
 github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkKq+c=
@ -233,19 +206,13 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc
 github.com/couchbase/ghistogram v0.1.0/go.mod h1:s1Jhy76zqfEecpNWJfWUiKZookAFaiGOEoyzgHt9i7k=
 github.com/couchbase/go-couchbase v0.0.0-20201026062457-7b3be89bbd89 h1:uNLXQ6QO1TocD8BaN/KkRki0Xw0brCM1PKl/ZA5pgfs=
 github.com/couchbase/go-couchbase v0.0.0-20201026062457-7b3be89bbd89/go.mod h1:+/bddYDxXsf9qt0xpDUtRR47A2GjaXmGGAqQ/k3GJ8A=
-github.com/couchbase/gomemcached v0.0.0-20190515232915-c4b4ca0eb21d/go.mod h1:srVSlQLB8iXBVXHgnqemxUXqN6FCvClgCMPCsjBDR7c=
-github.com/couchbase/gomemcached v0.1.0 h1:whUde87n8CScx8ckMp2En5liqAlcuG3aKy/BQeBPu84=
-github.com/couchbase/gomemcached v0.1.0/go.mod h1:srVSlQLB8iXBVXHgnqemxUXqN6FCvClgCMPCsjBDR7c=
 github.com/couchbase/gomemcached v0.1.1 h1:xCS8ZglJDhrlQg3jmK7Rn1V8f7bPjXABLC05CgLQauc=
 github.com/couchbase/gomemcached v0.1.1/go.mod h1:mxliKQxOv84gQ0bJWbI+w9Wxdpt9HjDvgW9MjCym5Vo=
-github.com/couchbase/goutils v0.0.0-20190315194238-f9d42b11473b/go.mod h1:BQwMFlJzDjFDG3DJUdU0KORxn88UlsOULuxLExMh3Hs=
 github.com/couchbase/goutils v0.0.0-20201030094643-5e82bb967e67 h1:NCqJ6fwen6YP0WlV/IyibaT0kPt3JEI1rA62V/UPKT4=
 github.com/couchbase/goutils v0.0.0-20201030094643-5e82bb967e67/go.mod h1:BQwMFlJzDjFDG3DJUdU0KORxn88UlsOULuxLExMh3Hs=
 github.com/couchbase/moss v0.1.0/go.mod h1:9MaHIaRuy9pvLPUJxB8sh8OrLfyDczECVL37grCIubs=
 github.com/couchbase/vellum v1.0.2 h1:BrbP0NKiyDdndMPec8Jjhy0U47CZ0Lgx3xUC2r9rZqw=
 github.com/couchbase/vellum v1.0.2/go.mod h1:FcwrEivFpNi24R3jLOs3n+fs5RnuQnQqCLBJ1uAg1W4=
-github.com/couchbaselabs/go-couchbase v0.0.0-20190708161019-23e7ca2ce2b7 h1:1XjEY/gnjQ+AfXef2U6dxCquhiRzkEpxZuWqs+QxTL8=
-github.com/couchbaselabs/go-couchbase v0.0.0-20190708161019-23e7ca2ce2b7/go.mod h1:mby/05p8HE5yHEAKiIH/555NoblMs7PtW6NrYshDruc=
 github.com/cpuguy83/go-md2man v1.0.10 h1:BSKMNlYxDvnunlTymqtgONjNnaRV1sTpcovwwjF22jk=
 github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE=
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
@ -331,6 +298,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.1 h1:pDbRAunXzIUXfx4CB2QJFv5IuPiuoW+sWvr/Us
 github.com/go-asn1-ber/asn1-ber v1.5.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0=
 github.com/go-chi/chi v1.5.1 h1:kfTK3Cxd/dkMu/rKs5ZceWYp+t5CtiE7vmaTv3LjC6w=
 github.com/go-chi/chi v1.5.1/go.mod h1:REp24E+25iKvxgeTfHmdUoL5x15kBiDBlnIl5bCwe2k=
+github.com/go-chi/cors v1.1.1 h1:eHuqxsIw89iXcWnWUN8R72JMibABJTN/4IOYI5WERvw=
+github.com/go-chi/cors v1.1.1/go.mod h1:K2Yje0VW/SJzxiyMYu6iPQYa7hMjQX2i/F491VChg1I=
 github.com/go-enry/go-enry/v2 v2.6.0 h1:nbGWQBpO+D+cJuRxNgSDFnFY9QWz3QM/CeZxU7VAH20=
 github.com/go-enry/go-enry/v2 v2.6.0/go.mod h1:GVzIiAytiS5uT/QiuakK7TF1u4xDab87Y8V5EJRpsIQ=
 github.com/go-enry/go-oniguruma v1.2.1 h1:k8aAMuJfMrqm/56SG2lV9Cfti6tC4x8673aHCcBk+eo=
@ -548,7 +517,6 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+
 github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
-github.com/gopherjs/gopherjs v0.0.0-20190430165422-3e4dfb77656c/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99 h1:twflg0XRTjwKpxb/jFExr4HGq6on2dEOmnL6FV+fgPw=
 github.com/gopherjs/gopherjs v0.0.0-20190910122728-9d188e94fb99/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
@ -700,7 +668,6 @@ github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvW
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
-github.com/klauspost/compress v1.9.2/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.9.5/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.10.10/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.11.3 h1:dB4Bn0tN3wdCzQxnS8r06kV74qN/TAfaIS0bVE8h3jc=
@ -995,7 +962,6 @@ github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrf
 github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
-github.com/smartystreets/assertions v1.0.1/go.mod h1:kHHU4qYBaI3q23Pp3VPrmWhuIUrLW/7eUrw0BU5VaoM=
 github.com/smartystreets/assertions v1.1.1 h1:T/YLemO5Yp7KPzS+lVtu+WsHn8yoSwTfItdAd1r3cck=
 github.com/smartystreets/assertions v1.1.1/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo=
 github.com/smartystreets/go-aws-auth v0.0.0-20180515143844-0c1422d1fdb9/go.mod h1:SnhjPscd9TpLiy1LpzGSKh3bXCfxxXuqd9xmQJy3slM=
@ -1068,7 +1034,6 @@ github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oW
 github.com/unknwon/com v0.0.0-20190804042917-757f69c95f3e/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
 github.com/unknwon/com v1.0.1 h1:3d1LTxD+Lnf3soQiD4Cp/0BRB+Rsa/+RTvz8GMMzIXs=
 github.com/unknwon/com v1.0.1/go.mod h1:tOOxU81rwgoCLoOVVPHb6T/wt8HZygqH5id+GNnlCXM=
-github.com/unknwon/i18n v0.0.0-20190805065654-5c6446a380b6/go.mod h1:+5rDk6sDGpl3azws3O+f+GpFSyN9GVr0K8cvQLQM2ZQ=
 github.com/unknwon/i18n v0.0.0-20200823051745-09abd91c7f2c h1:679/gJXwrsHC3RATr0YYjZvDMJPYN7W9FGSGNoLmKxM=
 github.com/unknwon/i18n v0.0.0-20200823051745-09abd91c7f2c/go.mod h1:+5rDk6sDGpl3azws3O+f+GpFSyN9GVr0K8cvQLQM2ZQ=
 github.com/unknwon/paginater v0.0.0-20200328080006-042474bd0eae h1:ihaXiJkaca54IaCSnEXtE/uSZOmPxKZhDfVLrzZLFDs=
@ -1171,9 +1136,6 @@ golang.org/x/crypto v0.0.0-20200604202706-70a84ac30bf9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a h1:vclmkQCjlDX5OydZ9wv8rBCcS0QyQY66Mpf/7BZbInM=
-golang.org/x/crypto v0.0.0-20200820211705-5c72a883971a/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620 h1:3wPMTskHO3+O6jqTEXyFcsnuxMQOqYSaHsDxcbUXpqA=
 golang.org/x/crypto v0.0.0-20201217014255-9d1352758620/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@ -1535,12 +1497,10 @@ gopkg.in/gcfg.v1 v1.2.3/go.mod h1:yesOnuUOFQAhST5vPY4nbZsb/huCgGGXlipJsBn0b3o=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
 gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
 gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
-gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.44.2/go.mod h1:M3Cogqpuv0QCi3ExAY5V4uOt4qb/R3xZubo9m8lK5wg=
 gopkg.in/ini.v1 v1.46.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.60.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.62.0 h1:duBzk771uxoUuOlyRLkHsygud9+5lrlGjdFBb4mSKDU=
 gopkg.in/ini.v1 v1.62.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo=
--- a/integrations/api_helper_for_declarative_test.go
+++ b/integrations/api_helper_for_declarative_test.go
@ -14,7 +14,7 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/queue"
 	api "code.gitea.io/gitea/modules/structs"

--- a/integrations/api_pull_test.go
+++ b/integrations/api_pull_test.go
@ -10,7 +10,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	issue_service "code.gitea.io/gitea/services/issue"
--- a/integrations/api_releases_test.go
+++ b/integrations/api_releases_test.go
@ -131,7 +131,7 @@ func TestAPIGetReleaseByTag(t *testing.T) {

 	tag := "v1.1"

-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/%s/",
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/%s",
 		owner.Name, repo.Name, tag)

 	req := NewRequestf(t, "GET", urlStr)
@ -144,7 +144,7 @@ func TestAPIGetReleaseByTag(t *testing.T) {

 	nonexistingtag := "nonexistingtag"

-	urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/%s/",
+	urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/%s",
 		owner.Name, repo.Name, nonexistingtag)

 	req = NewRequestf(t, "GET", urlStr)
@ -163,7 +163,7 @@ func TestAPIDeleteTagByName(t *testing.T) {
 	session := loginUser(t, owner.LowerName)
 	token := getTokenForLoggedInUser(t, session)

-	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/delete-tag/?token=%s",
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/delete-tag?token=%s",
 		owner.Name, repo.Name, token)

 	req := NewRequestf(t, http.MethodDelete, urlStr)
@ -171,7 +171,7 @@ func TestAPIDeleteTagByName(t *testing.T) {

 	// Make sure that actual releases can't be deleted outright
 	createNewReleaseUsingAPI(t, session, token, owner, repo, "release-tag", "", "Release Tag", "test")
-	urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/release-tag/?token=%s",
+	urlStr = fmt.Sprintf("/api/v1/repos/%s/%s/releases/tags/release-tag?token=%s",
 		owner.Name, repo.Name, token)

 	req = NewRequestf(t, http.MethodDelete, urlStr)
--- a/integrations/create_no_session_test.go
+++ b/integrations/create_no_session_test.go
@ -17,7 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers/routes"

-	"gitea.com/macaron/session"
+	"gitea.com/go-chi/session"
 	"github.com/stretchr/testify/assert"
 )

@ -58,9 +58,7 @@ func TestSessionFileCreation(t *testing.T) {
 	oldSessionConfig := setting.SessionConfig.ProviderConfig
 	defer func() {
 		setting.SessionConfig.ProviderConfig = oldSessionConfig
-		c = routes.NewChi()
-		c.Mount("/", routes.NormalRoutes())
-		routes.DelegateToMacaron(c)
+		c = routes.NormalRoutes()
 	}()

 	var config session.Options
@ -84,9 +82,7 @@ func TestSessionFileCreation(t *testing.T) {

 	setting.SessionConfig.ProviderConfig = string(newConfigBytes)

-	c = routes.NewChi()
-	c.Mount("/", routes.NormalRoutes())
-	routes.DelegateToMacaron(c)
+	c = routes.NormalRoutes()

 	t.Run("NoSessionOnViewIssue", func(t *testing.T) {
 		defer PrintCurrentTest(t)()
--- a/integrations/integration_test.go
+++ b/integrations/integration_test.go
@ -31,15 +31,15 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"

 	"github.com/PuerkitoBio/goquery"
-	"github.com/go-chi/chi"
 	"github.com/stretchr/testify/assert"
 )

-var c chi.Router
+var c *web.Route

 type NilResponseRecorder struct {
 	httptest.ResponseRecorder
@ -66,9 +66,7 @@ func TestMain(m *testing.M) {
 	defer cancel()

 	initIntegrationTest()
-	c = routes.NewChi()
-	c.Mount("/", routes.NormalRoutes())
-	routes.DelegateToMacaron(c)
+	c = routes.NormalRoutes()

 	// integration test settings...
 	if setting.Cfg != nil {
@ -387,6 +385,9 @@ func NewRequestWithJSON(t testing.TB, method, urlStr string, v interface{}) *htt

 func NewRequestWithBody(t testing.TB, method, urlStr string, body io.Reader) *http.Request {
 	t.Helper()
+	if !strings.HasPrefix(urlStr, "http") && !strings.HasPrefix(urlStr, "/") {
+		urlStr = "/" + urlStr
+	}
 	request, err := http.NewRequest(method, urlStr, body)
 	assert.NoError(t, err)
 	request.RequestURI = urlStr
--- a/integrations/lfs_getobject_test.go
+++ b/integrations/lfs_getobject_test.go
@ -19,8 +19,8 @@ import (
 	"code.gitea.io/gitea/modules/lfs"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
+	"code.gitea.io/gitea/routers/routes"

-	"gitea.com/macaron/gzip"
 	gzipp "github.com/klauspost/compress/gzip"
 	"github.com/stretchr/testify/assert"
 )
@ -121,7 +121,7 @@ func TestGetLFSLarge(t *testing.T) {
 		t.Skip()
 		return
 	}
-	content := make([]byte, gzip.MinSize*10)
+	content := make([]byte, routes.GzipMinSize*10)
 	for i := range content {
 		content[i] = byte(i % 256)
 	}
@ -137,7 +137,7 @@ func TestGetLFSGzip(t *testing.T) {
 		t.Skip()
 		return
 	}
-	b := make([]byte, gzip.MinSize*10)
+	b := make([]byte, routes.GzipMinSize*10)
 	for i := range b {
 		b[i] = byte(i % 256)
 	}
@ -158,7 +158,7 @@ func TestGetLFSZip(t *testing.T) {
 		t.Skip()
 		return
 	}
-	b := make([]byte, gzip.MinSize*10)
+	b := make([]byte, routes.GzipMinSize*10)
 	for i := range b {
 		b[i] = byte(i % 256)
 	}
--- a/integrations/links_test.go
+++ b/integrations/links_test.go
@ -32,7 +32,6 @@ func TestLinksNoLogin(t *testing.T) {
 		"/user/login",
 		"/user/forgot_password",
 		"/api/swagger",
-		"/api/v1/swagger",
 		"/user2/repo1",
 		"/user2/repo1/projects",
 		"/user2/repo1/projects/1",
@ -53,6 +52,7 @@ func TestRedirectsNoLogin(t *testing.T) {
 		"/user2/repo1/src/master/file.txt":           "/user2/repo1/src/branch/master/file.txt",
 		"/user2/repo1/src/master/directory/file.txt": "/user2/repo1/src/branch/master/directory/file.txt",
 		"/user/avatar/Ghost/-1":                      "/img/avatar_default.png",
+		"/api/v1/swagger":                            "/api/swagger",
 	}
 	for link, redirectLink := range redirects {
 		req := NewRequest(t, "GET", link)
@ -86,7 +86,6 @@ func testLinksAsUser(userName string, t *testing.T) {
 		"/",
 		"/user/forgot_password",
 		"/api/swagger",
-		"/api/v1/swagger",
 		"/issues",
 		"/issues?type=your_repositories&repos=[0]&sort=&state=open",
 		"/issues?type=assigned&repos=[0]&sort=&state=open",
--- a/modules/auth/sso/interface.go
+++ b/modules/auth/sso/interface.go
@ -8,19 +8,15 @@ import (
 	"net/http"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/middlewares"
+	"code.gitea.io/gitea/modules/session"
 )

 // DataStore represents a data store
-type DataStore interface {
-	GetData() map[string]interface{}
-}
+type DataStore middlewares.DataStore

 // SessionStore represents a session store
-type SessionStore interface {
-	Get(interface{}) interface{}
-	Set(interface{}, interface{}) error
-	Delete(interface{}) error
-}
+type SessionStore session.Store

 // SingleSignOn represents a SSO authentication method (plugin) for HTTP requests.
 type SingleSignOn interface {
--- a/modules/auth/sso/oauth2.go
+++ b/modules/auth/sso/oauth2.go
@ -62,6 +62,8 @@ func (o *OAuth2) Free() error {

 // userIDFromToken returns the user id corresponding to the OAuth token.
 func (o *OAuth2) userIDFromToken(req *http.Request, store DataStore) int64 {
+	_ = req.ParseForm()
+
 	// Check access token.
 	tokenSHA := req.Form.Get("token")
 	if len(tokenSHA) == 0 {
--- a/modules/cache/cache.go
+++ b/modules/cache/cache.go
@ -10,9 +10,9 @@ import (

 	"code.gitea.io/gitea/modules/setting"

-	mc "gitea.com/macaron/cache"
+	mc "gitea.com/go-chi/cache"

-	_ "gitea.com/macaron/cache/memcache" // memcache plugin for cache
+	_ "gitea.com/go-chi/cache/memcache" // memcache plugin for cache
 )

 var (
@ -20,7 +20,7 @@ var (
 )

 func newCache(cacheConfig setting.Cache) (mc.Cache, error) {
-	return mc.NewCacher(cacheConfig.Adapter, mc.Options{
+	return mc.NewCacher(mc.Options{
 		Adapter:       cacheConfig.Adapter,
 		AdapterConfig: cacheConfig.Conn,
 		Interval:      cacheConfig.Interval,
--- a/modules/cache/cache_redis.go
+++ b/modules/cache/cache_redis.go
@ -10,7 +10,7 @@ import (

 	"code.gitea.io/gitea/modules/nosql"

-	"gitea.com/macaron/cache"
+	"gitea.com/go-chi/cache"
 	"github.com/go-redis/redis/v7"
 	"github.com/unknwon/com"
 )
--- a/modules/context/api.go
+++ b/modules/context/api.go
@ -6,18 +6,21 @@
 package context

 import (
+	"context"
 	"fmt"
+	"html"
 	"net/http"
 	"net/url"
 	"strings"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/middlewares"
 	"code.gitea.io/gitea/modules/setting"

-	"gitea.com/macaron/csrf"
-	"gitea.com/macaron/macaron"
+	"gitea.com/go-chi/session"
 )

 // APIContext is a specific macaron context for API service
@ -91,7 +94,7 @@ func (ctx *APIContext) Error(status int, title string, obj interface{}) {
 	if status == http.StatusInternalServerError {
 		log.ErrorWithSkip(1, "%s: %s", title, message)

-		if macaron.Env == macaron.PROD && !(ctx.User != nil && ctx.User.IsAdmin) {
+		if setting.IsProd() && !(ctx.User != nil && ctx.User.IsAdmin) {
 			message = ""
 		}
 	}
@ -108,7 +111,7 @@ func (ctx *APIContext) InternalServerError(err error) {
 	log.ErrorWithSkip(1, "InternalServerError: %v", err)

 	var message string
-	if macaron.Env != macaron.PROD || (ctx.User != nil && ctx.User.IsAdmin) {
+	if !setting.IsProd() || (ctx.User != nil && ctx.User.IsAdmin) {
 		message = err.Error()
 	}

@ -118,6 +121,20 @@ func (ctx *APIContext) InternalServerError(err error) {
 	})
 }

+var (
+	apiContextKey interface{} = "default_api_context"
+)
+
+// WithAPIContext set up api context in request
+func WithAPIContext(req *http.Request, ctx *APIContext) *http.Request {
+	return req.WithContext(context.WithValue(req.Context(), apiContextKey, ctx))
+}
+
+// GetAPIContext returns a context for API routes
+func GetAPIContext(req *http.Request) *APIContext {
+	return req.Context().Value(apiContextKey).(*APIContext)
+}
+
 func genAPILinks(curURL *url.URL, total, pageSize, curPage int) []string {
 	page := NewPagination(total, pageSize, curPage, 0)
 	paginater := page.Paginater
@ -172,7 +189,7 @@ func (ctx *APIContext) RequireCSRF() {
 	headerToken := ctx.Req.Header.Get(ctx.csrf.GetHeaderName())
 	formValueToken := ctx.Req.FormValue(ctx.csrf.GetFormName())
 	if len(headerToken) > 0 || len(formValueToken) > 0 {
-		csrf.Validate(ctx.Context.Context, ctx.csrf)
+		Validate(ctx.Context, ctx.csrf)
 	} else {
 		ctx.Context.Error(401, "Missing CSRF token.")
 	}
@ -201,42 +218,91 @@ func (ctx *APIContext) CheckForOTP() {
 }

 // APIContexter returns apicontext as macaron middleware
-func APIContexter() macaron.Handler {
-	return func(c *Context) {
-		ctx := &APIContext{
-			Context: c,
-		}
-		c.Map(ctx)
+func APIContexter() func(http.Handler) http.Handler {
+	var csrfOpts = getCsrfOpts()
+
+	return func(next http.Handler) http.Handler {
+
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			var locale = middlewares.Locale(w, req)
+			var ctx = APIContext{
+				Context: &Context{
+					Resp:    NewResponse(w),
+					Data:    map[string]interface{}{},
+					Locale:  locale,
+					Session: session.GetSession(req),
+					Repo: &Repository{
+						PullRequest: &PullRequest{},
+					},
+					Org: &Organization{},
+				},
+				Org: &APIOrganization{},
+			}
+
+			ctx.Req = WithAPIContext(WithContext(req, ctx.Context), &ctx)
+			ctx.csrf = Csrfer(csrfOpts, ctx.Context)
+
+			// If request sends files, parse them here otherwise the Query() can't be parsed and the CsrfToken will be invalid.
+			if ctx.Req.Method == "POST" && strings.Contains(ctx.Req.Header.Get("Content-Type"), "multipart/form-data") {
+				if err := ctx.Req.ParseMultipartForm(setting.Attachment.MaxSize << 20); err != nil && !strings.Contains(err.Error(), "EOF") { // 32MB max size
+					ctx.InternalServerError(err)
+					return
+				}
+			}
+
+			// Get user from session if logged in.
+			ctx.User, ctx.IsBasicAuth = sso.SignedInUser(ctx.Req, ctx.Resp, &ctx, ctx.Session)
+			if ctx.User != nil {
+				ctx.IsSigned = true
+				ctx.Data["IsSigned"] = ctx.IsSigned
+				ctx.Data["SignedUser"] = ctx.User
+				ctx.Data["SignedUserID"] = ctx.User.ID
+				ctx.Data["SignedUserName"] = ctx.User.Name
+				ctx.Data["IsAdmin"] = ctx.User.IsAdmin
+			} else {
+				ctx.Data["SignedUserID"] = int64(0)
+				ctx.Data["SignedUserName"] = ""
+			}
+
+			ctx.Resp.Header().Set(`X-Frame-Options`, `SAMEORIGIN`)
+
+			ctx.Data["CsrfToken"] = html.EscapeString(ctx.csrf.GetToken())
+
+			next.ServeHTTP(ctx.Resp, ctx.Req)
+		})
 	}
 }

 // ReferencesGitRepo injects the GitRepo into the Context
-func ReferencesGitRepo(allowEmpty bool) macaron.Handler {
-	return func(ctx *APIContext) {
-		// Empty repository does not have reference information.
-		if !allowEmpty && ctx.Repo.Repository.IsEmpty {
-			return
-		}
-
-		// For API calls.
-		if ctx.Repo.GitRepo == nil {
-			repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
-			gitRepo, err := git.OpenRepository(repoPath)
-			if err != nil {
-				ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)
+func ReferencesGitRepo(allowEmpty bool) func(http.Handler) http.Handler {
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+			ctx := GetAPIContext(req)
+			// Empty repository does not have reference information.
+			if !allowEmpty && ctx.Repo.Repository.IsEmpty {
 				return
 			}
-			ctx.Repo.GitRepo = gitRepo
-			// We opened it, we should close it
-			defer func() {
-				// If it's been set to nil then assume someone else has closed it.
-				if ctx.Repo.GitRepo != nil {
-					ctx.Repo.GitRepo.Close()
+
+			// For API calls.
+			if ctx.Repo.GitRepo == nil {
+				repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
+				gitRepo, err := git.OpenRepository(repoPath)
+				if err != nil {
+					ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)
+					return
 				}
-			}()
-		}
+				ctx.Repo.GitRepo = gitRepo
+				// We opened it, we should close it
+				defer func() {
+					// If it's been set to nil then assume someone else has closed it.
+					if ctx.Repo.GitRepo != nil {
+						ctx.Repo.GitRepo.Close()
+					}
+				}()
+			}

-		ctx.Next()
+			next.ServeHTTP(w, req)
+		})
 	}
 }

@ -266,8 +332,9 @@ func (ctx *APIContext) NotFound(objs ...interface{}) {
 }

 // RepoRefForAPI handles repository reference names when the ref name is not explicitly given
-func RepoRefForAPI() macaron.Handler {
-	return func(ctx *APIContext) {
+func RepoRefForAPI(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		ctx := GetAPIContext(req)
 		// Empty repository does not have reference information.
 		if ctx.Repo.Repository.IsEmpty {
 			return
@ -319,6 +386,6 @@ func RepoRefForAPI() macaron.Handler {
 			return
 		}

-		ctx.Next()
-	}
+		next.ServeHTTP(w, req)
+	})
 }
--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@ -7,12 +7,8 @@ package context

 import (
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-
-	"gitea.com/macaron/csrf"
-	"gitea.com/macaron/macaron"
 )

 // ToggleOptions contains required or check options
@ -24,42 +20,23 @@ type ToggleOptions struct {
 }

 // Toggle returns toggle options as middleware
-func Toggle(options *ToggleOptions) macaron.Handler {
+func Toggle(options *ToggleOptions) func(ctx *Context) {
 	return func(ctx *Context) {
-		isAPIPath := auth.IsAPIPath(ctx.Req.URL.Path)
-
 		// Check prohibit login users.
 		if ctx.IsSigned {
 			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				if isAPIPath {
-					ctx.JSON(403, map[string]string{
-						"message": "This account is not activated.",
-					})
-					return
-				}
 				ctx.HTML(200, "user/auth/activate")
 				return
-			} else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
+			}
+			if !ctx.User.IsActive || ctx.User.ProhibitLogin {
 				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-				if isAPIPath {
-					ctx.JSON(403, map[string]string{
-						"message": "This account is prohibited from signing in, please contact your site administrator.",
-					})
-					return
-				}
 				ctx.HTML(200, "user/auth/prohibit_login")
 				return
 			}

 			if ctx.User.MustChangePassword {
-				if isAPIPath {
-					ctx.JSON(403, map[string]string{
-						"message": "You must change your password. Change it at: " + setting.AppURL + "/user/change_password",
-					})
-					return
-				}
 				if ctx.Req.URL.Path != "/user/settings/change_password" {
 					ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
 					ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
@ -82,8 +59,8 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 			return
 		}

-		if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == "POST" && !auth.IsAPIPath(ctx.Req.URL.Path) {
-			csrf.Validate(ctx.Context, ctx.csrf)
+		if !options.SignOutRequired && !options.DisableCSRF && ctx.Req.Method == "POST" {
+			Validate(ctx, ctx.csrf)
 			if ctx.Written() {
 				return
 			}
@ -91,13 +68,6 @@ func Toggle(options *ToggleOptions) macaron.Handler {

 		if options.SignInRequired {
 			if !ctx.IsSigned {
-				// Restrict API calls with error message.
-				if isAPIPath {
-					ctx.JSON(403, map[string]string{
-						"message": "Only signed in user is allowed to call APIs.",
-					})
-					return
-				}
 				if ctx.Req.URL.Path != "/user/events" {
 					ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
 				}
@ -108,19 +78,88 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 				ctx.HTML(200, "user/auth/activate")
 				return
 			}
-			if ctx.IsSigned && isAPIPath && ctx.IsBasicAuth {
+		}
+
+		// Redirect to log in page if auto-signin info is provided and has not signed in.
+		if !options.SignOutRequired && !ctx.IsSigned &&
+			len(ctx.GetCookie(setting.CookieUserName)) > 0 {
+			if ctx.Req.URL.Path != "/user/events" {
+				ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
+			}
+			ctx.Redirect(setting.AppSubURL + "/user/login")
+			return
+		}
+
+		if options.AdminRequired {
+			if !ctx.User.IsAdmin {
+				ctx.Error(403)
+				return
+			}
+			ctx.Data["PageIsAdmin"] = true
+		}
+	}
+}
+
+// ToggleAPI returns toggle options as middleware
+func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
+	return func(ctx *APIContext) {
+		// Check prohibit login users.
+		if ctx.IsSigned {
+			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
+				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
+				ctx.JSON(403, map[string]string{
+					"message": "This account is not activated.",
+				})
+				return
+			}
+			if !ctx.User.IsActive || ctx.User.ProhibitLogin {
+				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
+				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
+				ctx.JSON(403, map[string]string{
+					"message": "This account is prohibited from signing in, please contact your site administrator.",
+				})
+				return
+			}
+
+			if ctx.User.MustChangePassword {
+				ctx.JSON(403, map[string]string{
+					"message": "You must change your password. Change it at: " + setting.AppURL + "/user/change_password",
+				})
+				return
+			}
+		}
+
+		// Redirect to dashboard if user tries to visit any non-login page.
+		if options.SignOutRequired && ctx.IsSigned && ctx.Req.URL.RequestURI() != "/" {
+			ctx.Redirect(setting.AppSubURL + "/")
+			return
+		}
+
+		if options.SignInRequired {
+			if !ctx.IsSigned {
+				// Restrict API calls with error message.
+				ctx.JSON(403, map[string]string{
+					"message": "Only signed in user is allowed to call APIs.",
+				})
+				return
+			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
+				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
+				ctx.HTML(200, "user/auth/activate")
+				return
+			}
+			if ctx.IsSigned && ctx.IsBasicAuth {
 				twofa, err := models.GetTwoFactorByUID(ctx.User.ID)
 				if err != nil {
 					if models.IsErrTwoFactorNotEnrolled(err) {
 						return // No 2FA enrollment for this user
 					}
-					ctx.Error(500)
+					ctx.InternalServerError(err)
 					return
 				}
 				otpHeader := ctx.Req.Header.Get("X-Gitea-OTP")
 				ok, err := twofa.ValidateTOTP(otpHeader)
 				if err != nil {
-					ctx.Error(500)
+					ctx.InternalServerError(err)
 					return
 				}
 				if !ok {
@ -132,19 +171,11 @@ func Toggle(options *ToggleOptions) macaron.Handler {
 			}
 		}

-		// Redirect to log in page if auto-signin info is provided and has not signed in.
-		if !options.SignOutRequired && !ctx.IsSigned && !isAPIPath &&
-			len(ctx.GetCookie(setting.CookieUserName)) > 0 {
-			if ctx.Req.URL.Path != "/user/events" {
-				ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL)
-			}
-			ctx.Redirect(setting.AppSubURL + "/user/login")
-			return
-		}
-
 		if options.AdminRequired {
 			if !ctx.User.IsAdmin {
-				ctx.Error(403)
+				ctx.JSON(403, map[string]string{
+					"message": "You have no permission to request for this.",
+				})
 				return
 			}
 			ctx.Data["PageIsAdmin"] = true
--- a/modules/context/captcha.go
+++ b/modules/context/captcha.go
@ -0,0 +1,26 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package context
+
+import (
+	"sync"
+
+	"code.gitea.io/gitea/modules/setting"
+
+	"gitea.com/go-chi/captcha"
+)
+
+var imageCaptchaOnce sync.Once
+var cpt *captcha.Captcha
+
+// GetImageCaptcha returns global image captcha
+func GetImageCaptcha() *captcha.Captcha {
+	imageCaptchaOnce.Do(func() {
+		cpt = captcha.NewCaptcha(captcha.Options{
+			SubURL: setting.AppSubURL,
+		})
+	})
+	return cpt
+}
--- a/modules/context/context.go
+++ b/modules/context/context.go
@ -6,37 +6,55 @@
 package context

 import (
+	"context"
+	"crypto/sha256"
+	"encoding/hex"
+	"encoding/json"
 	"html"
 	"html/template"
 	"io"
 	"net/http"
 	"net/url"
 	"path"
+	"strconv"
 	"strings"
 	"time"

 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/auth/sso"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/middlewares"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/templates"
+	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/util"

-	"gitea.com/macaron/cache"
-	"gitea.com/macaron/csrf"
-	"gitea.com/macaron/i18n"
-	"gitea.com/macaron/macaron"
-	"gitea.com/macaron/session"
+	"gitea.com/go-chi/cache"
+	"gitea.com/go-chi/session"
+	"github.com/go-chi/chi"
 	"github.com/unknwon/com"
+	"github.com/unknwon/i18n"
+	"github.com/unrolled/render"
+	"golang.org/x/crypto/pbkdf2"
 )

+// Render represents a template render
+type Render interface {
+	TemplateLookup(tmpl string) *template.Template
+	HTML(w io.Writer, status int, name string, binding interface{}, htmlOpt ...render.HTMLOptions) error
+}
+
 // Context represents context of a request.
 type Context struct {
-	*macaron.Context
+	Resp   ResponseWriter
+	Req    *http.Request
+	Data   map[string]interface{}
+	Render Render
+	translation.Locale
 	Cache   cache.Cache
-	csrf    csrf.CSRF
-	Flash   *session.Flash
+	csrf    CSRF
+	Flash   *middlewares.Flash
 	Session session.Store

 	Link        string // current request URL
@ -163,13 +181,22 @@ func (ctx *Context) RedirectToFirst(location ...string) {
 // HTML calls Context.HTML and converts template name to string.
 func (ctx *Context) HTML(status int, name base.TplName) {
 	log.Debug("Template: %s", name)
-	ctx.Context.HTML(status, string(name))
+	if err := ctx.Render.HTML(ctx.Resp, status, string(name), ctx.Data); err != nil {
+		ctx.ServerError("Render failed", err)
+	}
+}
+
+// HTMLString render content to a string but not http.ResponseWriter
+func (ctx *Context) HTMLString(name string, data interface{}) (string, error) {
+	var buf strings.Builder
+	err := ctx.Render.HTML(&buf, 200, string(name), data)
+	return buf.String(), err
 }

 // RenderWithErr used for page has form validation but need to prompt error to users.
 func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}) {
 	if form != nil {
-		auth.AssignForm(form, ctx.Data)
+		middlewares.AssignForm(form, ctx.Data)
 	}
 	ctx.Flash.ErrorMsg = msg
 	ctx.Data["Flash"] = ctx.Flash
@ -184,7 +211,7 @@ func (ctx *Context) NotFound(title string, err error) {
 func (ctx *Context) notFoundInternal(title string, err error) {
 	if err != nil {
 		log.ErrorWithSkip(2, "%s: %v", title, err)
-		if macaron.Env != macaron.PROD {
+		if !setting.IsProd() {
 			ctx.Data["ErrorMsg"] = err
 		}
 	}
@ -203,7 +230,7 @@ func (ctx *Context) ServerError(title string, err error) {
 func (ctx *Context) serverErrorInternal(title string, err error) {
 	if err != nil {
 		log.ErrorWithSkip(2, "%s: %v", title, err)
-		if macaron.Env != macaron.PROD {
+		if !setting.IsProd() {
 			ctx.Data["ErrorMsg"] = err
 		}
 	}
@ -224,6 +251,44 @@ func (ctx *Context) NotFoundOrServerError(title string, errck func(error) bool,
 	ctx.serverErrorInternal(title, err)
 }

+// Header returns a header
+func (ctx *Context) Header() http.Header {
+	return ctx.Resp.Header()
+}
+
+// FIXME: We should differ Query and Form, currently we just use form as query
+// Currently to be compatible with macaron, we keep it.
+
+// Query returns request form as string with default
+func (ctx *Context) Query(key string, defaults ...string) string {
+	return (*Forms)(ctx.Req).MustString(key, defaults...)
+}
+
+// QueryTrim returns request form as string with default and trimmed spaces
+func (ctx *Context) QueryTrim(key string, defaults ...string) string {
+	return (*Forms)(ctx.Req).MustTrimmed(key, defaults...)
+}
+
+// QueryStrings returns request form as strings with default
+func (ctx *Context) QueryStrings(key string, defaults ...[]string) []string {
+	return (*Forms)(ctx.Req).MustStrings(key, defaults...)
+}
+
+// QueryInt returns request form as int with default
+func (ctx *Context) QueryInt(key string, defaults ...int) int {
+	return (*Forms)(ctx.Req).MustInt(key, defaults...)
+}
+
+// QueryInt64 returns request form as int64 with default
+func (ctx *Context) QueryInt64(key string, defaults ...int64) int64 {
+	return (*Forms)(ctx.Req).MustInt64(key, defaults...)
+}
+
+// QueryBool returns request form as bool with default
+func (ctx *Context) QueryBool(key string, defaults ...bool) bool {
+	return (*Forms)(ctx.Req).MustBool(key, defaults...)
+}
+
 // HandleText handles HTTP status code
 func (ctx *Context) HandleText(status int, title string) {
 	if (status/100 == 4) || (status/100 == 5) {
@ -249,66 +314,324 @@ func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interfa
 	ctx.Resp.Header().Set("Cache-Control", "must-revalidate")
 	ctx.Resp.Header().Set("Pragma", "public")
 	ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
-	http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)
+	http.ServeContent(ctx.Resp, ctx.Req, name, modtime, r)
+}
+
+// PlainText render content as plain text
+func (ctx *Context) PlainText(status int, bs []byte) {
+	ctx.Resp.WriteHeader(status)
+	ctx.Resp.Header().Set("Content-Type", "text/plain;charset=utf8")
+	if _, err := ctx.Resp.Write(bs); err != nil {
+		ctx.ServerError("Render JSON failed", err)
+	}
+}
+
+// ServeFile serves given file to response.
+func (ctx *Context) ServeFile(file string, names ...string) {
+	var name string
+	if len(names) > 0 {
+		name = names[0]
+	} else {
+		name = path.Base(file)
+	}
+	ctx.Resp.Header().Set("Content-Description", "File Transfer")
+	ctx.Resp.Header().Set("Content-Type", "application/octet-stream")
+	ctx.Resp.Header().Set("Content-Disposition", "attachment; filename="+name)
+	ctx.Resp.Header().Set("Content-Transfer-Encoding", "binary")
+	ctx.Resp.Header().Set("Expires", "0")
+	ctx.Resp.Header().Set("Cache-Control", "must-revalidate")
+	ctx.Resp.Header().Set("Pragma", "public")
+	http.ServeFile(ctx.Resp, ctx.Req, file)
+}
+
+// Error returned an error to web browser
+func (ctx *Context) Error(status int, contents ...string) {
+	var v = http.StatusText(status)
+	if len(contents) > 0 {
+		v = contents[0]
+	}
+	http.Error(ctx.Resp, v, status)
+}
+
+// JSON render content as JSON
+func (ctx *Context) JSON(status int, content interface{}) {
+	ctx.Resp.WriteHeader(status)
+	ctx.Resp.Header().Set("Content-Type", "application/json;charset=utf8")
+	if err := json.NewEncoder(ctx.Resp).Encode(content); err != nil {
+		ctx.ServerError("Render JSON failed", err)
+	}
+}
+
+// Redirect redirect the request
+func (ctx *Context) Redirect(location string, status ...int) {
+	code := http.StatusFound
+	if len(status) == 1 {
+		code = status[0]
+	}
+
+	http.Redirect(ctx.Resp, ctx.Req, location, code)
+}
+
+// SetCookie set cookies to web browser
+func (ctx *Context) SetCookie(name string, value string, others ...interface{}) {