22 files changed, 258 insertions, 197 deletions

diff --git a/routers/repo/branch.go b/routers/repo/branch.go
index bf9f2e6a36..7d844abe5a 100644
--- a/routers/repo/branch.go
+++ b/routers/repo/branch.go
@@ -10,14 +10,15 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/repofiles"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
 	repo_service "code.gitea.io/gitea/services/repository"
 )
@@ -367,7 +368,8 @@ func getDeletedBranches(ctx *context.Context) ([]*Branch, error) {
 }
 
 // CreateBranch creates new branch in repository
-func CreateBranch(ctx *context.Context, form auth.NewBranchForm) {
+func CreateBranch(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewBranchForm)
 	if !ctx.Repo.CanCreateBranch() {
 		ctx.NotFound("CreateBranch", nil)
 		return
diff --git a/routers/repo/editor.go b/routers/repo/editor.go
index 0bc76504f9..619912fef7 100644
--- a/routers/repo/editor.go
+++ b/routers/repo/editor.go
@@ -12,10 +12,10 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/charset"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/repofiles"
@@ -23,6 +23,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/upload"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
 )
 
@@ -325,17 +326,20 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
 }
 
 // EditFilePost response for editing file
-func EditFilePost(ctx *context.Context, form auth.EditRepoFileForm) {
-	editFilePost(ctx, form, false)
+func EditFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.EditRepoFileForm)
+	editFilePost(ctx, *form, false)
 }
 
 // NewFilePost response for creating file
-func NewFilePost(ctx *context.Context, form auth.EditRepoFileForm) {
-	editFilePost(ctx, form, true)
+func NewFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.EditRepoFileForm)
+	editFilePost(ctx, *form, true)
 }
 
 // DiffPreviewPost render preview diff page
-func DiffPreviewPost(ctx *context.Context, form auth.EditPreviewDiffForm) {
+func DiffPreviewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.EditPreviewDiffForm)
 	treePath := cleanUploadFileName(ctx.Repo.TreePath)
 	if len(treePath) == 0 {
 		ctx.Error(500, "file name to diff is invalid")
@@ -394,7 +398,8 @@ func DeleteFile(ctx *context.Context) {
 }
 
 // DeleteFilePost response for deleting file
-func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm) {
+func DeleteFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.DeleteRepoFileForm)
 	canCommit := renderCommitRights(ctx)
 	branchName := ctx.Repo.BranchName
 	if form.CommitChoice == frmCommitChoiceNewBranch {
@@ -556,7 +561,8 @@ func UploadFile(ctx *context.Context) {
 }
 
 // UploadFilePost response for uploading file
-func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
+func UploadFilePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.UploadRepoFileForm)
 	ctx.Data["PageIsUpload"] = true
 	ctx.Data["RequireTribute"] = true
 	ctx.Data["RequireSimpleMDE"] = true
@@ -760,7 +766,8 @@ func UploadFileToServer(ctx *context.Context) {
 }
 
 // RemoveUploadFileFromServer remove file from server file dir
-func RemoveUploadFileFromServer(ctx *context.Context, form auth.RemoveUploadFileForm) {
+func RemoveUploadFileFromServer(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.RemoveUploadFileForm)
 	if len(form.File) == 0 {
 		ctx.Status(204)
 		return
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 3de45698e8..0377979e8b 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -35,8 +35,17 @@ import (
 	repo_service "code.gitea.io/gitea/services/repository"
 )
 
-// HTTP implmentation git smart HTTP protocol
-func HTTP(ctx *context.Context) {
+// httpBase implmentation git smart HTTP protocol
+func httpBase(ctx *context.Context) (h *serviceHandler) {
+	if setting.Repository.DisableHTTPGit {
+		ctx.Resp.WriteHeader(http.StatusForbidden)
+		_, err := ctx.Resp.Write([]byte("Interacting with repositories by HTTP protocol is not allowed"))
+		if err != nil {
+			log.Error(err.Error())
+		}
+		return
+	}
+
 	if len(setting.Repository.AccessControlAllowOrigin) > 0 {
 		allowedOrigin := setting.Repository.AccessControlAllowOrigin
 		// Set CORS headers for browser-based git clients
@@ -344,7 +353,7 @@ func HTTP(ctx *context.Context) {
 	environ = append(environ, models.EnvRepoID+fmt.Sprintf("=%d", repo.ID))
 
 	w := ctx.Resp
-	r := ctx.Req.Request
+	r := ctx.Req
 	cfg := &serviceConfig{
 		UploadPack:  true,
 		ReceivePack: true,
@@ -353,47 +362,9 @@ func HTTP(ctx *context.Context) {
 
 	r.URL.Path = strings.ToLower(r.URL.Path) // blue: In case some repo name has upper case name
 
-	for _, route := range routes {
-		if m := route.reg.FindStringSubmatch(r.URL.Path); m != nil {
-			if setting.Repository.DisableHTTPGit {
-				w.WriteHeader(http.StatusForbidden)
-				_, err := w.Write([]byte("Interacting with repositories by HTTP protocol is not allowed"))
-				if err != nil {
-					log.Error(err.Error())
-				}
-				return
-			}
-			if route.method != r.Method {
-				if r.Proto == "HTTP/1.1" {
-					w.WriteHeader(http.StatusMethodNotAllowed)
-					_, err := w.Write([]byte("Method Not Allowed"))
-					if err != nil {
-						log.Error(err.Error())
-					}
-				} else {
-					w.WriteHeader(http.StatusBadRequest)
-					_, err := w.Write([]byte("Bad Request"))
-					if err != nil {
-						log.Error(err.Error())
-					}
-				}
-				return
-			}
-
-			file := strings.Replace(r.URL.Path, m[1]+"/", "", 1)
-			dir, err := getGitRepoPath(m[1])
-			if err != nil {
-				log.Error(err.Error())
-				ctx.NotFound("Smart Git HTTP", err)
-				return
-			}
-
-			route.handler(serviceHandler{cfg, w, r, dir, file, cfg.Env})
-			return
-		}
-	}
+	dir := models.RepoPath(username, reponame)
 
-	ctx.NotFound("Smart Git HTTP", nil)
+	return &serviceHandler{cfg, w, r, dir, cfg.Env}
 }
 
 var (
@@ -449,7 +420,6 @@ type serviceHandler struct {
 	w       http.ResponseWriter
 	r       *http.Request
 	dir     string
-	file    string
 	environ []string
 }
 
@@ -467,8 +437,8 @@ func (h *serviceHandler) setHeaderCacheForever() {
 	h.w.Header().Set("Cache-Control", "public, max-age=31536000")
 }
 
-func (h *serviceHandler) sendFile(contentType string) {
-	reqFile := path.Join(h.dir, h.file)
+func (h *serviceHandler) sendFile(contentType, file string) {
+	reqFile := path.Join(h.dir, file)
 
 	fi, err := os.Stat(reqFile)
 	if os.IsNotExist(err) {
@@ -482,26 +452,6 @@ func (h *serviceHandler) sendFile(contentType string) {
 	http.ServeFile(h.w, h.r, reqFile)
 }
 
-type route struct {
-	reg     *regexp.Regexp
-	method  string
-	handler func(serviceHandler)
-}
-
-var routes = []route{
-	{regexp.MustCompile(`(.*?)/git-upload-pack$`), "POST", serviceUploadPack},
-	{regexp.MustCompile(`(.*?)/git-receive-pack$`), "POST", serviceReceivePack},
-	{regexp.MustCompile(`(.*?)/info/refs$`), "GET", getInfoRefs},
-	{regexp.MustCompile(`(.*?)/HEAD$`), "GET", getTextFile},
-	{regexp.MustCompile(`(.*?)/objects/info/alternates$`), "GET", getTextFile},
-	{regexp.MustCompile(`(.*?)/objects/info/http-alternates$`), "GET", getTextFile},
-	{regexp.MustCompile(`(.*?)/objects/info/packs$`), "GET", getInfoPacks},
-	{regexp.MustCompile(`(.*?)/objects/info/[^/]*$`), "GET", getTextFile},
-	{regexp.MustCompile(`(.*?)/objects/[0-9a-f]{2}/[0-9a-f]{38}$`), "GET", getLooseObject},
-	{regexp.MustCompile(`(.*?)/objects/pack/pack-[0-9a-f]{40}\.pack$`), "GET", getPackFile},
-	{regexp.MustCompile(`(.*?)/objects/pack/pack-[0-9a-f]{40}\.idx$`), "GET", getIdxFile},
-}
-
 // one or more key=value pairs separated by colons
 var safeGitProtocolHeader = regexp.MustCompile(`^[0-9a-zA-Z]+=[0-9a-zA-Z]+(:[0-9a-zA-Z]+=[0-9a-zA-Z]+)*$`)
 
@@ -598,12 +548,20 @@ func serviceRPC(h serviceHandler, service string) {
 	}
 }
 
-func serviceUploadPack(h serviceHandler) {
-	serviceRPC(h, "upload-pack")
+// ServiceUploadPack implements Git Smart HTTP protocol
+func ServiceUploadPack(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		serviceRPC(*h, "upload-pack")
+	}
 }
 
-func serviceReceivePack(h serviceHandler) {
-	serviceRPC(h, "receive-pack")
+// ServiceReceivePack implements Git Smart HTTP protocol
+func ServiceReceivePack(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		serviceRPC(*h, "receive-pack")
+	}
 }
 
 func getServiceType(r *http.Request) string {
@@ -630,9 +588,14 @@ func packetWrite(str string) []byte {
 	return []byte(s + str)
 }
 
-func getInfoRefs(h serviceHandler) {
+// GetInfoRefs implements Git dumb HTTP
+func GetInfoRefs(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h == nil {
+		return
+	}
 	h.setHeaderNoCache()
-	if hasAccess(getServiceType(h.r), h, false) {
+	if hasAccess(getServiceType(h.r), *h, false) {
 		service := getServiceType(h.r)
 
 		if protocol := h.r.Header.Get("Git-Protocol"); protocol != "" && safeGitProtocolHeader.MatchString(protocol) {
@@ -652,44 +615,59 @@ func getInfoRefs(h serviceHandler) {
 		_, _ = h.w.Write(refs)
 	} else {
 		updateServerInfo(h.dir)
-		h.sendFile("text/plain; charset=utf-8")
+		h.sendFile("text/plain; charset=utf-8", "info/refs")
 	}
 }
 
-func getTextFile(h serviceHandler) {
-	h.setHeaderNoCache()
-	h.sendFile("text/plain")
-}
-
-func getInfoPacks(h serviceHandler) {
-	h.setHeaderCacheForever()
-	h.sendFile("text/plain; charset=utf-8")
-}
-
-func getLooseObject(h serviceHandler) {
-	h.setHeaderCacheForever()
-	h.sendFile("application/x-git-loose-object")
+// GetTextFile implements Git dumb HTTP
+func GetTextFile(p string) func(*context.Context) {
+	return func(ctx *context.Context) {
+		h := httpBase(ctx)
+		if h != nil {
+			h.setHeaderNoCache()
+			file := ctx.Params("file")
+			if file != "" {
+				h.sendFile("text/plain", "objects/info/"+file)
+			} else {
+				h.sendFile("text/plain", p)
+			}
+		}
+	}
 }
 
-func getPackFile(h serviceHandler) {
-	h.setHeaderCacheForever()
-	h.sendFile("application/x-git-packed-objects")
+// GetInfoPacks implements Git dumb HTTP
+func GetInfoPacks(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("text/plain; charset=utf-8", "objects/info/packs")
+	}
 }
 
-func getIdxFile(h serviceHandler) {
-	h.setHeaderCacheForever()
-	h.sendFile("application/x-git-packed-objects-toc")
+// GetLooseObject implements Git dumb HTTP
+func GetLooseObject(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("application/x-git-loose-object", fmt.Sprintf("objects/%s/%s",
+			ctx.Params("head"), ctx.Params("hash")))
+	}
 }
 
-func getGitRepoPath(subdir string) (string, error) {
-	if !strings.HasSuffix(subdir, ".git") {
-		subdir += ".git"
+// GetPackFile implements Git dumb HTTP
+func GetPackFile(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("application/x-git-packed-objects", "objects/pack/pack-"+ctx.Params("file")+".pack")
 	}
+}
 
-	fpath := path.Join(setting.RepoRootPath, subdir)
-	if _, err := os.Stat(fpath); os.IsNotExist(err) {
-		return "", err
+// GetIdxFile implements Git dumb HTTP
+func GetIdxFile(ctx *context.Context) {
+	h := httpBase(ctx)
+	if h != nil {
+		h.setHeaderCacheForever()
+		h.sendFile("application/x-git-packed-objects-toc", "objects/pack/pack-"+ctx.Params("file")+".idx")
 	}
-
-	return fpath, nil
 }
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index fbeae75ab5..fb7107451f 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -16,10 +16,10 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/convert"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	issue_indexer "code.gitea.io/gitea/modules/indexer/issues"
 	"code.gitea.io/gitea/modules/log"
@@ -29,6 +29,7 @@ import (
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/upload"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 	comment_service "code.gitea.io/gitea/services/comments"
 	issue_service "code.gitea.io/gitea/services/issue"
 	pull_service "code.gitea.io/gitea/services/pull"
@@ -924,7 +925,8 @@ func ValidateRepoMetas(ctx *context.Context, form auth.CreateIssueForm, isPull b
 }
 
 // NewIssuePost response for creating new issue
-func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
+func NewIssuePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateIssueForm)
 	ctx.Data["Title"] = ctx.Tr("repo.issues.new")
 	ctx.Data["PageIsIssueList"] = true
 	ctx.Data["NewIssueChooseTemplate"] = len(ctx.IssueTemplatesFromDefaultBranch()) > 0
@@ -940,7 +942,7 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
 		attachments []string
 	)
 
-	labelIDs, assigneeIDs, milestoneID, projectID := ValidateRepoMetas(ctx, form, false)
+	labelIDs, assigneeIDs, milestoneID, projectID := ValidateRepoMetas(ctx, *form, false)
 	if ctx.Written() {
 		return
 	}
@@ -1925,7 +1927,8 @@ func UpdateIssueStatus(ctx *context.Context) {
 }
 
 // NewComment create a comment for issue
-func NewComment(ctx *context.Context, form auth.CreateCommentForm) {
+func NewComment(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateCommentForm)
 	issue := GetActionIssue(ctx)
 	if ctx.Written() {
 		return
@@ -2134,7 +2137,8 @@ func DeleteComment(ctx *context.Context) {
 }
 
 // ChangeIssueReaction create a reaction for issue
-func ChangeIssueReaction(ctx *context.Context, form auth.ReactionForm) {
+func ChangeIssueReaction(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.ReactionForm)
 	issue := GetActionIssue(ctx)
 	if ctx.Written() {
 		return
@@ -2229,7 +2233,8 @@ func ChangeIssueReaction(ctx *context.Context, form auth.ReactionForm) {
 }
 
 // ChangeCommentReaction create a reaction for comment
-func ChangeCommentReaction(ctx *context.Context, form auth.ReactionForm) {
+func ChangeCommentReaction(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.ReactionForm)
 	comment, err := models.GetCommentByID(ctx.ParamsInt64(":id"))
 	if err != nil {
 		ctx.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
diff --git a/routers/repo/issue_label.go b/routers/repo/issue_label.go
index f1e188fe3a..35035103d5 100644
--- a/routers/repo/issue_label.go
+++ b/routers/repo/issue_label.go
@@ -6,11 +6,12 @@ package repo
 
 import (
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
 	issue_service "code.gitea.io/gitea/services/issue"
 )
 
@@ -29,7 +30,8 @@ func Labels(ctx *context.Context) {
 }
 
 // InitializeLabels init labels for a repository
-func InitializeLabels(ctx *context.Context, form auth.InitializeLabelsForm) {
+func InitializeLabels(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.InitializeLabelsForm)
 	if ctx.HasError() {
 		ctx.Redirect(ctx.Repo.RepoLink + "/labels")
 		return
@@ -94,7 +96,8 @@ func RetrieveLabels(ctx *context.Context) {
 }
 
 // NewLabel create new label for repository
-func NewLabel(ctx *context.Context, form auth.CreateLabelForm) {
+func NewLabel(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateLabelForm)
 	ctx.Data["Title"] = ctx.Tr("repo.labels")
 	ctx.Data["PageIsLabels"] = true
 
@@ -118,7 +121,8 @@ func NewLabel(ctx *context.Context, form auth.CreateLabelForm) {
 }
 
 // UpdateLabel update a label's name and color
-func UpdateLabel(ctx *context.Context, form auth.CreateLabelForm) {
+func UpdateLabel(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateLabelForm)
 	l, err := models.GetLabelInRepoByID(ctx.Repo.Repository.ID, form.ID)
 	if err != nil {
 		switch {
diff --git a/routers/repo/issue_label_test.go b/routers/repo/issue_label_test.go
index bf62511258..d67c70085d 100644
--- a/routers/repo/issue_label_test.go
+++ b/routers/repo/issue_label_test.go
@@ -10,8 +10,9 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/web"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -32,7 +33,8 @@ func TestInitializeLabels(t *testing.T) {
 	ctx := test.MockContext(t, "user2/repo1/labels/initialize")
 	test.LoadUser(t, ctx, 2)
 	test.LoadRepo(t, ctx, 2)
-	InitializeLabels(ctx, auth.InitializeLabelsForm{TemplateName: "Default"})
+	web.SetForm(ctx, &auth.InitializeLabelsForm{TemplateName: "Default"})
+	InitializeLabels(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 	models.AssertExistsAndLoadBean(t, &models.Label{
 		RepoID: 2,
@@ -74,10 +76,11 @@ func TestNewLabel(t *testing.T) {
 	ctx := test.MockContext(t, "user2/repo1/labels/edit")
 	test.LoadUser(t, ctx, 2)
 	test.LoadRepo(t, ctx, 1)
-	NewLabel(ctx, auth.CreateLabelForm{
+	web.SetForm(ctx, &auth.CreateLabelForm{
 		Title: "newlabel",
 		Color: "#abcdef",
 	})
+	NewLabel(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 	models.AssertExistsAndLoadBean(t, &models.Label{
 		Name:  "newlabel",
@@ -91,11 +94,12 @@ func TestUpdateLabel(t *testing.T) {
 	ctx := test.MockContext(t, "user2/repo1/labels/edit")
 	test.LoadUser(t, ctx, 2)
 	test.LoadRepo(t, ctx, 1)
-	UpdateLabel(ctx, auth.CreateLabelForm{
+	web.SetForm(ctx, &auth.CreateLabelForm{
 		ID:    2,
 		Title: "newnameforlabel",
 		Color: "#abcdef",
 	})
+	UpdateLabel(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 	models.AssertExistsAndLoadBean(t, &models.Label{
 		ID:    2,
diff --git a/routers/repo/issue_lock.go b/routers/repo/issue_lock.go
index fa87588319..f8131e46aa 100644
--- a/routers/repo/issue_lock.go
+++ b/routers/repo/issue_lock.go
@@ -8,14 +8,15 @@ import (
 	"net/http"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
+	"code.gitea.io/gitea/modules/web"
 )
 
 // LockIssue locks an issue. This would limit commenting abilities to
 // users with write access to the repo.
-func LockIssue(ctx *context.Context, form auth.IssueLockForm) {
-
+func LockIssue(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.IssueLockForm)
 	issue := GetActionIssue(ctx)
 	if ctx.Written() {
 		return
diff --git a/routers/repo/issue_timetrack.go b/routers/repo/issue_timetrack.go
index 0f711bc734..425f215110 100644
--- a/routers/repo/issue_timetrack.go
+++ b/routers/repo/issue_timetrack.go
@@ -9,12 +9,14 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
+	"code.gitea.io/gitea/modules/web"
 )
 
 // AddTimeManually tracks time manually
-func AddTimeManually(c *context.Context, form auth.AddTimeManuallyForm) {
+func AddTimeManually(c *context.Context) {
+	form := web.GetForm(c).(*auth.AddTimeManuallyForm)
 	issue := GetActionIssue(c)
 	if c.Written() {
 		return
diff --git a/routers/repo/migrate.go b/routers/repo/migrate.go
index a628fd2e2f..89452de0fa 100644
--- a/routers/repo/migrate.go
+++ b/routers/repo/migrate.go
@@ -10,14 +10,15 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/migrations"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/task"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 )
 
 const (
@@ -117,7 +118,8 @@ func handleMigrateError(ctx *context.Context, owner *models.User, err error, nam
 }
 
 // MigratePost response for migrating from external git repository
-func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
+func MigratePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.MigrateRepoForm)
 	if setting.Repository.DisableMigrations {
 		ctx.Error(http.StatusForbidden, "MigratePost: the site administrator has disabled migrations")
 		return
@@ -192,7 +194,7 @@ func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
 
 	err = models.CheckCreateRepository(ctx.User, ctxUser, opts.RepoName, false)
 	if err != nil {
-		handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, &form)
+		handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, form)
 		return
 	}
 
@@ -202,5 +204,5 @@ func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
 		return
 	}
 
-	handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, &form)
+	handleMigrateError(ctx, ctxUser, err, "MigratePost", tpl, form)
 }
diff --git a/routers/repo/milestone.go b/routers/repo/milestone.go
index 96f5b4e5f0..a9beed75d7 100644
--- a/routers/repo/milestone.go
+++ b/routers/repo/milestone.go
@@ -8,14 +8,15 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/markup/markdown"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 
 	"xorm.io/builder"
 )
@@ -106,7 +107,8 @@ func NewMilestone(ctx *context.Context) {
 }
 
 // NewMilestonePost response for creating milestone
-func NewMilestonePost(ctx *context.Context, form auth.CreateMilestoneForm) {
+func NewMilestonePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateMilestoneForm)
 	ctx.Data["Title"] = ctx.Tr("repo.milestones.new")
 	ctx.Data["PageIsIssueList"] = true
 	ctx.Data["PageIsMilestones"] = true
@@ -165,7 +167,8 @@ func EditMilestone(ctx *context.Context) {
 }
 
 // EditMilestonePost response for edting milestone
-func EditMilestonePost(ctx *context.Context, form auth.CreateMilestoneForm) {
+func EditMilestonePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateMilestoneForm)
 	ctx.Data["Title"] = ctx.Tr("repo.milestones.edit")
 	ctx.Data["PageIsMilestones"] = true
 	ctx.Data["PageIsEditMilestone"] = true
diff --git a/routers/repo/projects.go b/routers/repo/projects.go
index 4cff199b34..49bcfef0ce 100644
--- a/routers/repo/projects.go
+++ b/routers/repo/projects.go
@@ -9,12 +9,13 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/markup/markdown"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 )
 
 const (
@@ -112,7 +113,8 @@ func NewProject(ctx *context.Context) {
 }
 
 // NewProjectPost creates a new project
-func NewProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
+func NewProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateProjectForm)
 	ctx.Data["Title"] = ctx.Tr("repo.projects.new")
 
 	if ctx.HasError() {
@@ -217,7 +219,8 @@ func EditProject(ctx *context.Context) {
 }
 
 // EditProjectPost response for editing a project
-func EditProjectPost(ctx *context.Context, form auth.CreateProjectForm) {
+func EditProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateProjectForm)
 	ctx.Data["Title"] = ctx.Tr("repo.projects.edit")
 	ctx.Data["PageIsProjects"] = true
 	ctx.Data["PageIsEditProjects"] = true
@@ -399,8 +402,8 @@ func DeleteProjectBoard(ctx *context.Context) {
 }
 
 // AddBoardToProjectPost allows a new board to be added to a project.
-func AddBoardToProjectPost(ctx *context.Context, form auth.EditProjectBoardTitleForm) {
-
+func AddBoardToProjectPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.EditProjectBoardTitleForm)
 	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
 		ctx.JSON(403, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
@@ -479,8 +482,8 @@ func checkProjectBoardChangePermissions(ctx *context.Context) (*models.Project,
 }
 
 // EditProjectBoardTitle allows a project board's title to be updated
-func EditProjectBoardTitle(ctx *context.Context, form auth.EditProjectBoardTitleForm) {
-
+func EditProjectBoardTitle(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.EditProjectBoardTitleForm)
 	_, board := checkProjectBoardChangePermissions(ctx)
 	if ctx.Written() {
 		return
diff --git a/routers/repo/pull.go b/routers/repo/pull.go
index 01c6efaa1d..1862c15f43 100644
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -16,17 +16,19 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/middlewares"
 	"code.gitea.io/gitea/modules/notification"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/upload"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
 	"code.gitea.io/gitea/services/gitdiff"
 	pull_service "code.gitea.io/gitea/services/pull"
@@ -168,7 +170,8 @@ func Fork(ctx *context.Context) {
 }
 
 // ForkPost response for forking a repository
-func ForkPost(ctx *context.Context, form auth.CreateRepoForm) {
+func ForkPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateRepoForm)
 	ctx.Data["Title"] = ctx.Tr("new_fork")
 
 	ctxUser := checkContextUser(ctx, form.UID)
@@ -765,7 +768,8 @@ func UpdatePullRequest(ctx *context.Context) {
 }
 
 // MergePullRequest response for merging pull request
-func MergePullRequest(ctx *context.Context, form auth.MergePullRequestForm) {
+func MergePullRequest(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.MergePullRequestForm)
 	issue := checkPullInfo(ctx)
 	if ctx.Written() {
 		return
@@ -954,7 +958,8 @@ func stopTimerIfAvailable(user *models.User, issue *models.Issue) error {
 }
 
 // CompareAndPullRequestPost response for creating pull request
-func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm) {
+func CompareAndPullRequestPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateIssueForm)
 	ctx.Data["Title"] = ctx.Tr("repo.pulls.compare_changes")
 	ctx.Data["PageIsComparePull"] = true
 	ctx.Data["IsDiffCompare"] = true
@@ -974,7 +979,7 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)
 	}
 	defer headGitRepo.Close()
 
-	labelIDs, assigneeIDs, milestoneID, _ := ValidateRepoMetas(ctx, form, true)
+	labelIDs, assigneeIDs, milestoneID, _ := ValidateRepoMetas(ctx, *form, true)
 	if ctx.Written() {
 		return
 	}
@@ -984,7 +989,7 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)
 	}
 
 	if ctx.HasError() {
-		auth.AssignForm(form, ctx.Data)
+		middlewares.AssignForm(form, ctx.Data)
 
 		// This stage is already stop creating new pull request, so it does not matter if it has
 		// something to compare or not.
diff --git a/routers/repo/pull_review.go b/routers/repo/pull_review.go
index 0bacc68232..df49b6cfe1 100644
--- a/routers/repo/pull_review.go
+++ b/routers/repo/pull_review.go
@@ -8,10 +8,11 @@ import (
 	"fmt"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/web"
 	pull_service "code.gitea.io/gitea/services/pull"
 )
 
@@ -44,7 +45,8 @@ func RenderNewCodeCommentForm(ctx *context.Context) {
 }
 
 // CreateCodeComment will create a code comment including an pending review if required
-func CreateCodeComment(ctx *context.Context, form auth.CodeCommentForm) {
+func CreateCodeComment(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CodeCommentForm)
 	issue := GetActionIssue(ctx)
 	if !issue.IsPull {
 		return
@@ -171,7 +173,8 @@ func renderConversation(ctx *context.Context, comment *models.Comment) {
 }
 
 // SubmitReview creates a review out of the existing pending review or creates a new one if no pending review exist
-func SubmitReview(ctx *context.Context, form auth.SubmitReviewForm) {
+func SubmitReview(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.SubmitReviewForm)
 	issue := GetActionIssue(ctx)
 	if !issue.IsPull {
 		return
diff --git a/routers/repo/release.go b/routers/repo/release.go
index 4d75c37c87..54642f9b21 100644
--- a/routers/repo/release.go
+++ b/routers/repo/release.go
@@ -9,14 +9,15 @@ import (
 	"fmt"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/convert"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup/markdown"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/upload"
+	"code.gitea.io/gitea/modules/web"
 	releaseservice "code.gitea.io/gitea/services/release"
 )
 
@@ -230,7 +231,8 @@ func NewRelease(ctx *context.Context) {
 }
 
 // NewReleasePost response for creating a release
-func NewReleasePost(ctx *context.Context, form auth.NewReleaseForm) {
+func NewReleasePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewReleaseForm)
 	ctx.Data["Title"] = ctx.Tr("repo.release.new_release")
 	ctx.Data["PageIsReleaseList"] = true
 
@@ -336,7 +338,8 @@ func EditRelease(ctx *context.Context) {
 }
 
 // EditReleasePost response for edit release
-func EditReleasePost(ctx *context.Context, form auth.EditReleaseForm) {
+func EditReleasePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.EditReleaseForm)
 	ctx.Data["Title"] = ctx.Tr("repo.release.edit_release")
 	ctx.Data["PageIsReleaseList"] = true
 	ctx.Data["PageIsEditRelease"] = true
diff --git a/routers/repo/release_test.go b/routers/repo/release_test.go
index 47d1a89b54..38c0d9fec0 100644
--- a/routers/repo/release_test.go
+++ b/routers/repo/release_test.go
@@ -8,8 +8,9 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/web"
 )
 
 func TestNewReleasePost(t *testing.T) {
@@ -48,7 +49,8 @@ func TestNewReleasePost(t *testing.T) {
 		test.LoadUser(t, ctx, 2)
 		test.LoadRepo(t, ctx, 1)
 		test.LoadGitRepo(t, ctx)
-		NewReleasePost(ctx, testCase.Form)
+		web.SetForm(ctx, &testCase.Form)
+		NewReleasePost(ctx)
 		models.AssertExistsAndLoadBean(t, &models.Release{
 			RepoID:      1,
 			PublisherID: 2,
diff --git a/routers/repo/repo.go b/routers/repo/repo.go
index 3832b89971..a8cfb9ad7c 100644
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@@ -11,11 +11,12 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
 	archiver_service "code.gitea.io/gitea/services/archiver"
 	repo_service "code.gitea.io/gitea/services/repository"
 )
@@ -181,7 +182,8 @@ func handleCreateError(ctx *context.Context, owner *models.User, err error, name
 }
 
 // CreatePost response for creating repository
-func CreatePost(ctx *context.Context, form auth.CreateRepoForm) {
+func CreatePost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.CreateRepoForm)
 	ctx.Data["Title"] = ctx.Tr("new_repo")
 
 	ctx.Data["Gitignores"] = models.Gitignores
diff --git a/routers/repo/setting.go b/routers/repo/setting.go
index 368879234b..3e22e8804e 100644
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -15,9 +15,9 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/repository"
@@ -25,6 +25,7 @@ import (
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/validation"
+	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
 	"code.gitea.io/gitea/services/mailer"
 	mirror_service "code.gitea.io/gitea/services/mirror"
@@ -59,7 +60,8 @@ func Settings(ctx *context.Context) {
 }
 
 // SettingsPost response for changes of a repository
-func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
+func SettingsPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.RepoSettingForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsOptions"] = true
 
@@ -839,7 +841,8 @@ func DeployKeys(ctx *context.Context) {
 }
 
 // DeployKeysPost response for adding a deploy key of a repository
-func DeployKeysPost(ctx *context.Context, form auth.AddKeyForm) {
+func DeployKeysPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.AddKeyForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings.deploy_keys")
 	ctx.Data["PageIsSettingsKeys"] = true
 
@@ -956,9 +959,10 @@ func UpdateAvatarSetting(ctx *context.Context, form auth.AvatarForm) error {
 }
 
 // SettingsAvatar save new POSTed repository avatar
-func SettingsAvatar(ctx *context.Context, form auth.AvatarForm) {
+func SettingsAvatar(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.AvatarForm)
 	form.Source = auth.AvatarLocal
-	if err := UpdateAvatarSetting(ctx, form); err != nil {
+	if err := UpdateAvatarSetting(ctx, *form); err != nil {
 		ctx.Flash.Error(err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("repo.settings.update_avatar_success"))
diff --git a/routers/repo/setting_protected_branch.go b/routers/repo/setting_protected_branch.go
index c2e7bc8fac..017054d4c2 100644
--- a/routers/repo/setting_protected_branch.go
+++ b/routers/repo/setting_protected_branch.go
@@ -10,12 +10,13 @@ import (
 	"time"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/web"
 	pull_service "code.gitea.io/gitea/services/pull"
 )
 
@@ -168,7 +169,8 @@ func SettingsProtectedBranch(c *context.Context) {
 }
 
 // SettingsProtectedBranchPost updates the protected branch settings
-func SettingsProtectedBranchPost(ctx *context.Context, f auth.ProtectBranchForm) {
+func SettingsProtectedBranchPost(ctx *context.Context) {
+	f := web.GetForm(ctx).(*auth.ProtectBranchForm)
 	branch := ctx.Params("*")
 	if !ctx.Repo.GitRepo.IsBranchExist(branch) {
 		ctx.NotFound("IsBranchExist", nil)
diff --git a/routers/repo/settings_test.go b/routers/repo/settings_test.go
index 679bb0d33c..85515121c7 100644
--- a/routers/repo/settings_test.go
+++ b/routers/repo/settings_test.go
@@ -10,11 +10,12 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/test"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -52,7 +53,8 @@ func TestAddReadOnlyDeployKey(t *testing.T) {
 		Title:   "read-only",
 		Content: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
 	}
-	DeployKeysPost(ctx, addKeyForm)
+	web.SetForm(ctx, &addKeyForm)
+	DeployKeysPost(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 
 	models.AssertExistsAndLoadBean(t, &models.DeployKey{
@@ -81,7 +83,8 @@ func TestAddReadWriteOnlyDeployKey(t *testing.T) {
 		Content:    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\n",
 		IsWritable: true,
 	}
-	DeployKeysPost(ctx, addKeyForm)
+	web.SetForm(ctx, &addKeyForm)
+	DeployKeysPost(ctx)
 	assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 
 	models.AssertExistsAndLoadBean(t, &models.DeployKey{
diff --git a/routers/repo/webhook.go b/routers/repo/webhook.go
index 5d7074b339..01d142843f 100644
--- a/routers/repo/webhook.go
+++ b/routers/repo/webhook.go
@@ -13,14 +13,15 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/convert"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/setting"
 	api "code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/services/webhook"
 )
 
@@ -181,7 +182,8 @@ func ParseHookEvent(form auth.WebhookForm) *models.HookEvent {
 }
 
 // GiteaHooksNewPost response for creating Gitea webhook
-func GiteaHooksNewPost(ctx *context.Context, form auth.NewWebhookForm) {
+func GiteaHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewWebhookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings.add_webhook")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -230,8 +232,9 @@ func GiteaHooksNewPost(ctx *context.Context, form auth.NewWebhookForm) {
 }
 
 // GogsHooksNewPost response for creating webhook
-func GogsHooksNewPost(ctx *context.Context, form auth.NewGogshookForm) {
-	newGogsWebhookPost(ctx, form, models.GOGS)
+func GogsHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewGogshookForm)
+	newGogsWebhookPost(ctx, *form, models.GOGS)
 }
 
 // newGogsWebhookPost response for creating gogs hook
@@ -283,7 +286,8 @@ func newGogsWebhookPost(ctx *context.Context, form auth.NewGogshookForm, kind mo
 }
 
 // DiscordHooksNewPost response for creating discord hook
-func DiscordHooksNewPost(ctx *context.Context, form auth.NewDiscordHookForm) {
+func DiscordHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewDiscordHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -334,7 +338,8 @@ func DiscordHooksNewPost(ctx *context.Context, form auth.NewDiscordHookForm) {
 }
 
 // DingtalkHooksNewPost response for creating dingtalk hook
-func DingtalkHooksNewPost(ctx *context.Context, form auth.NewDingtalkHookForm) {
+func DingtalkHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewDingtalkHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -376,7 +381,8 @@ func DingtalkHooksNewPost(ctx *context.Context, form auth.NewDingtalkHookForm) {
 }
 
 // TelegramHooksNewPost response for creating telegram hook
-func TelegramHooksNewPost(ctx *context.Context, form auth.NewTelegramHookForm) {
+func TelegramHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewTelegramHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -427,7 +433,8 @@ func TelegramHooksNewPost(ctx *context.Context, form auth.NewTelegramHookForm) {
 }
 
 // MatrixHooksNewPost response for creating a Matrix hook
-func MatrixHooksNewPost(ctx *context.Context, form auth.NewMatrixHookForm) {
+func MatrixHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewMatrixHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -481,7 +488,8 @@ func MatrixHooksNewPost(ctx *context.Context, form auth.NewMatrixHookForm) {
 }
 
 // MSTeamsHooksNewPost response for creating MS Teams hook
-func MSTeamsHooksNewPost(ctx *context.Context, form auth.NewMSTeamsHookForm) {
+func MSTeamsHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewMSTeamsHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -523,7 +531,8 @@ func MSTeamsHooksNewPost(ctx *context.Context, form auth.NewMSTeamsHookForm) {
 }
 
 // SlackHooksNewPost response for creating slack hook
-func SlackHooksNewPost(ctx *context.Context, form auth.NewSlackHookForm) {
+func SlackHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewSlackHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -582,7 +591,8 @@ func SlackHooksNewPost(ctx *context.Context, form auth.NewSlackHookForm) {
 }
 
 // FeishuHooksNewPost response for creating feishu hook
-func FeishuHooksNewPost(ctx *context.Context, form auth.NewFeishuHookForm) {
+func FeishuHooksNewPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewFeishuHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksNew"] = true
@@ -685,7 +695,8 @@ func WebHooksEdit(ctx *context.Context) {
 }
 
 // WebHooksEditPost response for editing web hook
-func WebHooksEditPost(ctx *context.Context, form auth.NewWebhookForm) {
+func WebHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewWebhookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings.update_webhook")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -725,7 +736,8 @@ func WebHooksEditPost(ctx *context.Context, form auth.NewWebhookForm) {
 }
 
 // GogsHooksEditPost response for editing gogs hook
-func GogsHooksEditPost(ctx *context.Context, form auth.NewGogshookForm) {
+func GogsHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewGogshookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings.update_webhook")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -764,7 +776,8 @@ func GogsHooksEditPost(ctx *context.Context, form auth.NewGogshookForm) {
 }
 
 // SlackHooksEditPost response for editing slack hook
-func SlackHooksEditPost(ctx *context.Context, form auth.NewSlackHookForm) {
+func SlackHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewSlackHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -814,7 +827,8 @@ func SlackHooksEditPost(ctx *context.Context, form auth.NewSlackHookForm) {
 }
 
 // DiscordHooksEditPost response for editing discord hook
-func DiscordHooksEditPost(ctx *context.Context, form auth.NewDiscordHookForm) {
+func DiscordHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewDiscordHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -856,7 +870,8 @@ func DiscordHooksEditPost(ctx *context.Context, form auth.NewDiscordHookForm) {
 }
 
 // DingtalkHooksEditPost response for editing discord hook
-func DingtalkHooksEditPost(ctx *context.Context, form auth.NewDingtalkHookForm) {
+func DingtalkHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewDingtalkHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -888,7 +903,8 @@ func DingtalkHooksEditPost(ctx *context.Context, form auth.NewDingtalkHookForm)
 }
 
 // TelegramHooksEditPost response for editing discord hook
-func TelegramHooksEditPost(ctx *context.Context, form auth.NewTelegramHookForm) {
+func TelegramHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewTelegramHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -928,7 +944,8 @@ func TelegramHooksEditPost(ctx *context.Context, form auth.NewTelegramHookForm)
 }
 
 // MatrixHooksEditPost response for editing a Matrix hook
-func MatrixHooksEditPost(ctx *context.Context, form auth.NewMatrixHookForm) {
+func MatrixHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewMatrixHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -971,7 +988,8 @@ func MatrixHooksEditPost(ctx *context.Context, form auth.NewMatrixHookForm) {
 }
 
 // MSTeamsHooksEditPost response for editing MS Teams hook
-func MSTeamsHooksEditPost(ctx *context.Context, form auth.NewMSTeamsHookForm) {
+func MSTeamsHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewMSTeamsHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
@@ -1003,7 +1021,8 @@ func MSTeamsHooksEditPost(ctx *context.Context, form auth.NewMSTeamsHookForm) {
 }
 
 // FeishuHooksEditPost response for editing feishu hook
-func FeishuHooksEditPost(ctx *context.Context, form auth.NewFeishuHookForm) {
+func FeishuHooksEditPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewFeishuHookForm)
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsHooks"] = true
 	ctx.Data["PageIsSettingsHooksEdit"] = true
diff --git a/routers/repo/wiki.go b/routers/repo/wiki.go
index ac650d3fc4..c4521a3071 100644
--- a/routers/repo/wiki.go
+++ b/routers/repo/wiki.go
@@ -13,15 +13,16 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/markdown"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/web"
 	wiki_service "code.gitea.io/gitea/services/wiki"
 )
 
@@ -556,7 +557,8 @@ func NewWiki(ctx *context.Context) {
 }
 
 // NewWikiPost response for wiki create request
-func NewWikiPost(ctx *context.Context, form auth.NewWikiForm) {
+func NewWikiPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewWikiForm)
 	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
 	ctx.Data["PageIsWiki"] = true
 	ctx.Data["RequireSimpleMDE"] = true
@@ -613,7 +615,8 @@ func EditWiki(ctx *context.Context) {
 }
 
 // EditWikiPost response for wiki modify request
-func EditWikiPost(ctx *context.Context, form auth.NewWikiForm) {
+func EditWikiPost(ctx *context.Context) {
+	form := web.GetForm(ctx).(*auth.NewWikiForm)
 	ctx.Data["Title"] = ctx.Tr("repo.wiki.new_page")
 	ctx.Data["PageIsWiki"] = true
 	ctx.Data["RequireSimpleMDE"] = true
diff --git a/routers/repo/wiki_test.go b/routers/repo/wiki_test.go
index cc79c808f5..badd07f080 100644
--- a/routers/repo/wiki_test.go
+++ b/routers/repo/wiki_test.go
@@ -10,9 +10,10 @@ import (
 	"testing"
 
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/auth"
+	auth "code.gitea.io/gitea/modules/forms"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/test"
+	"code.gitea.io/gitea/modules/web"
 	wiki_service "code.gitea.io/gitea/services/wiki"
 
 	"github.com/stretchr/testify/assert"
@@ -114,11 +115,12 @@ func TestNewWikiPost(t *testing.T) {
 		ctx := test.MockContext(t, "user2/repo1/wiki/_new")
 		test.LoadUser(t, ctx, 2)
 		test.LoadRepo(t, ctx, 1)
-		NewWikiPost(ctx, auth.NewWikiForm{
+		web.SetForm(ctx, &auth.NewWikiForm{
 			Title:   title,
 			Content: content,
 			Message: message,
 		})
+		NewWikiPost(ctx)
 		assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 		assertWikiExists(t, ctx.Repo.Repository, title)
 		assert.Equal(t, wikiContent(t, ctx.Repo.Repository, title), content)
@@ -131,11 +133,12 @@ func TestNewWikiPost_ReservedName(t *testing.T) {
 	ctx := test.MockContext(t, "user2/repo1/wiki/_new")
 	test.LoadUser(t, ctx, 2)
 	test.LoadRepo(t, ctx, 1)
-	NewWikiPost(ctx, auth.NewWikiForm{
+	web.SetForm(ctx, &auth.NewWikiForm{
 		Title:   "_edit",
 		Content: content,
 		Message: message,
 	})
+	NewWikiPost(ctx)
 	assert.EqualValues(t, http.StatusOK, ctx.Resp.Status())
 	assert.EqualValues(t, ctx.Tr("repo.wiki.reserved_page"), ctx.Flash.ErrorMsg)
 	assertWikiNotExists(t, ctx.Repo.Repository, "_edit")
@@ -164,11 +167,12 @@ func TestEditWikiPost(t *testing.T) {
 		ctx.SetParams(":page", "Home")
 		test.LoadUser(t, ctx, 2)
 		test.LoadRepo(t, ctx, 1)
-		EditWikiPost(ctx, auth.NewWikiForm{
+		web.SetForm(ctx, &auth.NewWikiForm{
 			Title:   title,
 			Content: content,
 			Message: message,
 		})
+		EditWikiPost(ctx)
 		assert.EqualValues(t, http.StatusFound, ctx.Resp.Status())
 		assertWikiExists(t, ctx.Repo.Repository, title)
 		assert.Equal(t, wikiContent(t, ctx.Repo.Repository, title), content)