go-gitea
diff --git a/‎modules/context/api.go
+4-4 b/‎modules/context/api.go
+4-4
diff --git a/‎modules/context/auth.go
+13-11 b/‎modules/context/auth.go
+13-11
diff --git a/‎modules/context/context.go
+1-1 b/‎modules/context/context.go
+1-1
diff --git a/‎modules/lfs/locks.go
+24-23 b/‎modules/lfs/locks.go
+24-23
diff --git a/‎routers/admin/admin.go
+7-6 b/‎routers/admin/admin.go
+7-6
@@ -203,12 +203,12 @@ func (ctx *APIContext) CheckForOTP() {
 		if models.IsErrTwoFactorNotEnrolled(err) {
 			return // No 2FA enrollment for this user
 		}
-		ctx.Context.Error(500)
+		ctx.Context.Error(http.StatusInternalServerError)
 		return
 	}
 	ok, err := twofa.ValidateTOTP(otpHeader)
 	if err != nil {
-		ctx.Context.Error(500)
+		ctx.Context.Error(http.StatusInternalServerError)
 		return
 	}
 	if !ok {
@@ -288,7 +288,7 @@ func ReferencesGitRepo(allowEmpty bool) func(http.Handler) http.Handler {
 				repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
 				gitRepo, err := git.OpenRepository(repoPath)
 				if err != nil {
-					ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)
+					ctx.Error(http.StatusInternalServerError, "RepoRef Invalid repo "+repoPath, err)
 					return
 				}
 				ctx.Repo.GitRepo = gitRepo
@@ -324,7 +324,7 @@ func (ctx *APIContext) NotFound(objs ...interface{}) {
 		}
 	}
 
-	ctx.JSON(404, map[string]interface{}{
+	ctx.JSON(http.StatusNotFound, map[string]interface{}{
 		"message":           message,
 		"documentation_url": setting.API.SwaggerURL,
 		"errors":            errors,
 
@@ -6,6 +6,8 @@
 package context
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -27,13 +29,13 @@ func Toggle(options *ToggleOptions) func(ctx *Context) {
 		if ctx.IsSigned {
 			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, "user/auth/activate")
+				ctx.HTML(http.StatusOK, "user/auth/activate")
 				return
 			}
 			if !ctx.User.IsActive || ctx.User.ProhibitLogin {
 				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-				ctx.HTML(200, "user/auth/prohibit_login")
+				ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 				return
 			}
 
@@ -76,7 +78,7 @@ func Toggle(options *ToggleOptions) func(ctx *Context) {
 				return
 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, "user/auth/activate")
+				ctx.HTML(http.StatusOK, "user/auth/activate")
 				return
 			}
 		}
@@ -93,7 +95,7 @@ func Toggle(options *ToggleOptions) func(ctx *Context) {
 
 		if options.AdminRequired {
 			if !ctx.User.IsAdmin {
-				ctx.Error(403)
+				ctx.Error(http.StatusForbidden)
 				return
 			}
 			ctx.Data["PageIsAdmin"] = true
@@ -108,22 +110,22 @@ func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
 		if ctx.IsSigned {
 			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "This account is not activated.",
 				})
 				return
 			}
 			if !ctx.User.IsActive || ctx.User.ProhibitLogin {
 				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "This account is prohibited from signing in, please contact your site administrator.",
 				})
 				return
 			}
 
 			if ctx.User.MustChangePassword {
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "You must change your password. Change it at: " + setting.AppURL + "/user/change_password",
 				})
 				return
@@ -139,13 +141,13 @@ func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
 		if options.SignInRequired {
 			if !ctx.IsSigned {
 				// Restrict API calls with error message.
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "Only signed in user is allowed to call APIs.",
 				})
 				return
 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, "user/auth/activate")
+				ctx.HTML(http.StatusOK, "user/auth/activate")
 				return
 			}
 			if ctx.IsSigned && ctx.IsBasicAuth {
@@ -164,7 +166,7 @@ func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
 					return
 				}
 				if !ok {
-					ctx.JSON(403, map[string]string{
+					ctx.JSON(http.StatusForbidden, map[string]string{
 						"message": "Only signed in user is allowed to call APIs.",
 					})
 					return
@@ -174,7 +176,7 @@ func ToggleAPI(options *ToggleOptions) func(ctx *APIContext) {
 
 		if options.AdminRequired {
 			if !ctx.User.IsAdmin {
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "You have no permission to request for this.",
 				})
 				return
 
@@ -213,7 +213,7 @@ func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}
 	}
 	ctx.Flash.ErrorMsg = msg
 	ctx.Data["Flash"] = ctx.Flash
-	ctx.HTML(200, tpl)
+	ctx.HTML(http.StatusOK, tpl)
 }
 
 // NotFound displays a 404 (Not Found) page and prints the given error, if any.
 
@@ -5,6 +5,7 @@
 package lfs
 
 import (
+	"net/http"
 	"strconv"
 	"strings"
 
@@ -21,19 +22,19 @@ import (
 func checkIsValidRequest(ctx *context.Context) bool {
 	if !setting.LFS.StartServer {
 		log.Debug("Attempt to access LFS server but LFS server is disabled")
-		writeStatus(ctx, 404)
+		writeStatus(ctx, http.StatusNotFound)
 		return false
 	}
 	if !MetaMatcher(ctx.Req) {
 		log.Info("Attempt access LOCKs without accepting the correct media type: %s", metaMediaType)
-		writeStatus(ctx, 400)
+		writeStatus(ctx, http.StatusBadRequest)
 		return false
 	}
 	if !ctx.IsSigned {
 		user, _, _, err := parseToken(ctx.Req.Header.Get("Authorization"))
 		if err != nil {
 			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-			writeStatus(ctx, 401)
+			writeStatus(ctx, http.StatusUnauthorized)
 			return false
 		}
 		ctx.User = user
@@ -44,23 +45,23 @@ func checkIsValidRequest(ctx *context.Context) bool {
 func handleLockListOut(ctx *context.Context, repo *models.Repository, lock *models.LFSLock, err error) {
 	if err != nil {
 		if models.IsErrLFSLockNotExist(err) {
-			ctx.JSON(200, api.LFSLockList{
+			ctx.JSON(http.StatusOK, api.LFSLockList{
 				Locks: []*api.LFSLock{},
 			})
 			return
 		}
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to list locks : Internal Server Error",
 		})
 		return
 	}
 	if repo.ID != lock.RepoID {
-		ctx.JSON(200, api.LFSLockList{
+		ctx.JSON(http.StatusOK, api.LFSLockList{
 			Locks: []*api.LFSLock{},
 		})
 		return
 	}
-	ctx.JSON(200, api.LFSLockList{
+	ctx.JSON(http.StatusOK, api.LFSLockList{
 		Locks: []*api.LFSLock{convert.ToLFSLock(lock)},
 	})
 }
@@ -86,7 +87,7 @@ func GetListLockHandler(ctx *context.Context) {
 	authenticated := authenticate(ctx, repository, rv.Authorization, false)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have pull access to list locks",
 		})
 		return
@@ -106,7 +107,7 @@ func GetListLockHandler(ctx *context.Context) {
 	if id != "" { //Case where we request a specific id
 		v, err := strconv.ParseInt(id, 10, 64)
 		if err != nil {
-			ctx.JSON(400, api.LFSLockError{
+			ctx.JSON(http.StatusBadRequest, api.LFSLockError{
 				Message: "bad request : " + err.Error(),
 			})
 			return
@@ -133,7 +134,7 @@ func GetListLockHandler(ctx *context.Context) {
 	lockList, err := models.GetLFSLockByRepoID(repository.ID, cursor, limit)
 	if err != nil {
 		log.Error("Unable to list locks for repository ID[%d]: Error: %v", repository.ID, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to list locks : Internal Server Error",
 		})
 		return
@@ -146,7 +147,7 @@ func GetListLockHandler(ctx *context.Context) {
 	if limit > 0 && len(lockList) == limit {
 		next = strconv.Itoa(cursor + 1)
 	}
-	ctx.JSON(200, api.LFSLockList{
+	ctx.JSON(http.StatusOK, api.LFSLockList{
 		Locks: lockListAPI,
 		Next:  next,
 	})
@@ -175,7 +176,7 @@ func PostLockHandler(ctx *context.Context) {
 	authenticated := authenticate(ctx, repository, authorization, true)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have push access to create locks",
 		})
 		return
@@ -199,26 +200,26 @@ func PostLockHandler(ctx *context.Context) {
 	})
 	if err != nil {
 		if models.IsErrLFSLockAlreadyExist(err) {
-			ctx.JSON(409, api.LFSLockError{
+			ctx.JSON(http.StatusConflict, api.LFSLockError{
 				Lock:    convert.ToLFSLock(lock),
 				Message: "already created lock",
 			})
 			return
 		}
 		if models.IsErrLFSUnauthorizedAction(err) {
 			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-			ctx.JSON(401, api.LFSLockError{
+			ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 				Message: "You must have push access to create locks : " + err.Error(),
 			})
 			return
 		}
 		log.Error("Unable to CreateLFSLock in repository %-v at %s for user %-v: Error: %v", repository, req.Path, ctx.User, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "internal server error : Internal Server Error",
 		})
 		return
 	}
-	ctx.JSON(201, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
+	ctx.JSON(http.StatusCreated, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
 }
 
 // VerifyLockHandler list locks for verification
@@ -244,7 +245,7 @@ func VerifyLockHandler(ctx *context.Context) {
 	authenticated := authenticate(ctx, repository, authorization, true)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have push access to verify locks",
 		})
 		return
@@ -263,7 +264,7 @@ func VerifyLockHandler(ctx *context.Context) {
 	lockList, err := models.GetLFSLockByRepoID(repository.ID, cursor, limit)
 	if err != nil {
 		log.Error("Unable to list locks for repository ID[%d]: Error: %v", repository.ID, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to list locks : Internal Server Error",
 		})
 		return
@@ -281,7 +282,7 @@ func VerifyLockHandler(ctx *context.Context) {
 			lockTheirsListAPI = append(lockTheirsListAPI, convert.ToLFSLock(l))
 		}
 	}
-	ctx.JSON(200, api.LFSLockListVerify{
+	ctx.JSON(http.StatusOK, api.LFSLockListVerify{
 		Ours:   lockOursListAPI,
 		Theirs: lockTheirsListAPI,
 		Next:   next,
@@ -311,7 +312,7 @@ func UnLockHandler(ctx *context.Context) {
 	authenticated := authenticate(ctx, repository, authorization, true)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have push access to delete locks",
 		})
 		return
@@ -332,16 +333,16 @@ func UnLockHandler(ctx *context.Context) {
 	if err != nil {
 		if models.IsErrLFSUnauthorizedAction(err) {
 			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-			ctx.JSON(401, api.LFSLockError{
+			ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 				Message: "You must have push access to delete locks : " + err.Error(),
 			})
 			return
 		}
 		log.Error("Unable to DeleteLFSLockByID[%d] by user %-v with force %t: Error: %v", ctx.ParamsInt64("lid"), ctx.User, req.Force, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to delete lock : Internal Server Error",
 		})
 		return
 	}
-	ctx.JSON(200, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
+	ctx.JSON(http.StatusOK, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
 }
@@ -7,6 +7,7 @@ package admin
 
 import (
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"runtime"
@@ -128,7 +129,7 @@ func Dashboard(ctx *context.Context) {
 	updateSystemStatus()
 	ctx.Data["SysStatus"] = sysStatus
 	ctx.Data["SSH"] = setting.SSH
-	ctx.HTML(200, tplDashboard)
+	ctx.HTML(http.StatusOK, tplDashboard)
 }
 
 // DashboardPost run an admin operation
@@ -315,7 +316,7 @@ func Config(ctx *context.Context) {
 	ctx.Data["EnableXORMLog"] = setting.EnableXORMLog
 	ctx.Data["LogSQL"] = setting.Database.LogSQL
 
-	ctx.HTML(200, tplConfig)
+	ctx.HTML(http.StatusOK, tplConfig)
 }
 
 // Monitor show admin monitor page
@@ -326,14 +327,14 @@ func Monitor(ctx *context.Context) {
 	ctx.Data["Processes"] = process.GetManager().Processes()
 	ctx.Data["Entries"] = cron.ListTasks()
 	ctx.Data["Queues"] = queue.GetManager().ManagedQueues()
-	ctx.HTML(200, tplMonitor)
+	ctx.HTML(http.StatusOK, tplMonitor)
 }
 
 // MonitorCancel cancels a process
 func MonitorCancel(ctx *context.Context) {
 	pid := ctx.ParamsInt64("pid")
 	process.GetManager().Cancel(pid)
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/monitor",
 	})
 }
@@ -350,7 +351,7 @@ func Queue(ctx *context.Context) {
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminMonitor"] = true
 	ctx.Data["Queue"] = mq
-	ctx.HTML(200, tplQueue)
+	ctx.HTML(http.StatusOK, tplQueue)
 }
 
 // WorkerCancel cancels a worker group
@@ -364,7 +365,7 @@ func WorkerCancel(ctx *context.Context) {
 	pid := ctx.ParamsInt64("pid")
 	mq.CancelWorkers(pid)
 	ctx.Flash.Info(ctx.Tr("admin.monitor.queue.pool.cancelling"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/monitor/queue/" + strconv.FormatInt(qid, 10),
 	})
 }
Original file line number	Diff line number	Diff line change
`@@ -203,12 +203,12 @@ func (ctx *APIContext) CheckForOTP() {`
`203`	`203`	`if models.IsErrTwoFactorNotEnrolled(err) {`
`204`	`204`	`return // No 2FA enrollment for this user`
`205`	`205`	`}`
`206`		`- ctx.Context.Error(500)`
	`206`	`+ ctx.Context.Error(http.StatusInternalServerError)`
`207`	`207`	`return`
`208`	`208`	`}`
`209`	`209`	`ok, err := twofa.ValidateTOTP(otpHeader)`
`210`	`210`	`if err != nil {`
`211`		`- ctx.Context.Error(500)`
	`211`	`+ ctx.Context.Error(http.StatusInternalServerError)`
`212`	`212`	`return`
`213`	`213`	`}`
`214`	`214`	`if !ok {`
`@@ -288,7 +288,7 @@ func ReferencesGitRepo(allowEmpty bool) func(http.Handler) http.Handler {`
`288`	`288`	`repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)`
`289`	`289`	`gitRepo, err := git.OpenRepository(repoPath)`
`290`	`290`	`if err != nil {`
`291`		`- ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)`
	`291`	`+ ctx.Error(http.StatusInternalServerError, "RepoRef Invalid repo "+repoPath, err)`
`292`	`292`	`return`
`293`	`293`	`}`
`294`	`294`	`ctx.Repo.GitRepo = gitRepo`
`@@ -324,7 +324,7 @@ func (ctx *APIContext) NotFound(objs ...interface{}) {`
`324`	`324`	`}`
`325`	`325`	`}`
`326`	`326`
`327`		`- ctx.JSON(404, map[string]interface{}{`
	`327`	`+ ctx.JSON(http.StatusNotFound, map[string]interface{}{`
`328`	`328`	`"message": message,`
`329`	`329`	`"documentation_url": setting.API.SwaggerURL,`
`330`	`330`	`"errors": errors,`
Original file line number	Diff line number	Diff line change
`@@ -213,7 +213,7 @@ func (ctx *Context) RenderWithErr(msg string, tpl base.TplName, form interface{}`
`213`	`213`	`}`
`214`	`214`	`ctx.Flash.ErrorMsg = msg`
`215`	`215`	`ctx.Data["Flash"] = ctx.Flash`
`216`		`- ctx.HTML(200, tpl)`
	`216`	`+ ctx.HTML(http.StatusOK, tpl)`
`217`	`217`	`}`
`218`	`218`
`219`	`219`	`// NotFound displays a 404 (Not Found) page and prints the given error, if any.`