[refactor] replace int with httpStatusCodes (#15282)

* replace "200" (int) with "http.StatusOK" (const)

* ctx.Error & ctx.HTML

* ctx.JSON Part1

* ctx.JSON Part2

* ctx.JSON Part3

modules/context/api.go

 		if models.IsErrTwoFactorNotEnrolled(err) {
 			return // No 2FA enrollment for this user
 		}
-		ctx.Context.Error(500)
+		ctx.Context.Error(http.StatusInternalServerError)
 		return
 	}
 	ok, err := twofa.ValidateTOTP(otpHeader)
 	if err != nil {
-		ctx.Context.Error(500)
+		ctx.Context.Error(http.StatusInternalServerError)
 		return
 	}
 	if !ok {
 				repoPath := models.RepoPath(ctx.Repo.Owner.Name, ctx.Repo.Repository.Name)
 				gitRepo, err := git.OpenRepository(repoPath)
 				if err != nil {
-					ctx.Error(500, "RepoRef Invalid repo "+repoPath, err)
+					ctx.Error(http.StatusInternalServerError, "RepoRef Invalid repo "+repoPath, err)
 					return
 				}
 				ctx.Repo.GitRepo = gitRepo
 		}
 	}
 
-	ctx.JSON(404, map[string]interface{}{
+	ctx.JSON(http.StatusNotFound, map[string]interface{}{
 		"message":           message,
 		"documentation_url": setting.API.SwaggerURL,
 		"errors":            errors,

modules/context/auth.go

 package context
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 		if ctx.IsSigned {
 			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, "user/auth/activate")
+				ctx.HTML(http.StatusOK, "user/auth/activate")
 				return
 			}
 			if !ctx.User.IsActive || ctx.User.ProhibitLogin {
 				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-				ctx.HTML(200, "user/auth/prohibit_login")
+				ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 				return
 			}
 
 				return
 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, "user/auth/activate")
+				ctx.HTML(http.StatusOK, "user/auth/activate")
 				return
 			}
 		}
 
 		if options.AdminRequired {
 			if !ctx.User.IsAdmin {
-				ctx.Error(403)
+				ctx.Error(http.StatusForbidden)
 				return
 			}
 			ctx.Data["PageIsAdmin"] = true
 		if ctx.IsSigned {
 			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "This account is not activated.",
 				})
 				return
 			if !ctx.User.IsActive || ctx.User.ProhibitLogin {
 				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "This account is prohibited from signing in, please contact your site administrator.",
 				})
 				return
 			}
 
 			if ctx.User.MustChangePassword {
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "You must change your password. Change it at: " + setting.AppURL + "/user/change_password",
 				})
 				return
 		if options.SignInRequired {
 			if !ctx.IsSigned {
 				// Restrict API calls with error message.
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "Only signed in user is allowed to call APIs.",
 				})
 				return
 			} else if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, "user/auth/activate")
+				ctx.HTML(http.StatusOK, "user/auth/activate")
 				return
 			}
 			if ctx.IsSigned && ctx.IsBasicAuth {
 					return
 				}
 				if !ok {
-					ctx.JSON(403, map[string]string{
+					ctx.JSON(http.StatusForbidden, map[string]string{
 						"message": "Only signed in user is allowed to call APIs.",
 					})
 					return
 
 		if options.AdminRequired {
 			if !ctx.User.IsAdmin {
-				ctx.JSON(403, map[string]string{
+				ctx.JSON(http.StatusForbidden, map[string]string{
 					"message": "You have no permission to request for this.",
 				})
 				return

modules/context/context.go

 	}
 	ctx.Flash.ErrorMsg = msg
 	ctx.Data["Flash"] = ctx.Flash
-	ctx.HTML(200, tpl)
+	ctx.HTML(http.StatusOK, tpl)
 }
 
 // NotFound displays a 404 (Not Found) page and prints the given error, if any.

modules/lfs/locks.go

 package lfs
 
 import (
+	"net/http"
 	"strconv"
 	"strings"
 
 func checkIsValidRequest(ctx *context.Context) bool {
 	if !setting.LFS.StartServer {
 		log.Debug("Attempt to access LFS server but LFS server is disabled")
-		writeStatus(ctx, 404)
+		writeStatus(ctx, http.StatusNotFound)
 		return false
 	}
 	if !MetaMatcher(ctx.Req) {
 		log.Info("Attempt access LOCKs without accepting the correct media type: %s", metaMediaType)
-		writeStatus(ctx, 400)
+		writeStatus(ctx, http.StatusBadRequest)
 		return false
 	}
 	if !ctx.IsSigned {
 		user, _, _, err := parseToken(ctx.Req.Header.Get("Authorization"))
 		if err != nil {
 			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-			writeStatus(ctx, 401)
+			writeStatus(ctx, http.StatusUnauthorized)
 			return false
 		}
 		ctx.User = user
 func handleLockListOut(ctx *context.Context, repo *models.Repository, lock *models.LFSLock, err error) {
 	if err != nil {
 		if models.IsErrLFSLockNotExist(err) {
-			ctx.JSON(200, api.LFSLockList{
+			ctx.JSON(http.StatusOK, api.LFSLockList{
 				Locks: []*api.LFSLock{},
 			})
 			return
 		}
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to list locks : Internal Server Error",
 		})
 		return
 	}
 	if repo.ID != lock.RepoID {
-		ctx.JSON(200, api.LFSLockList{
+		ctx.JSON(http.StatusOK, api.LFSLockList{
 			Locks: []*api.LFSLock{},
 		})
 		return
 	}
-	ctx.JSON(200, api.LFSLockList{
+	ctx.JSON(http.StatusOK, api.LFSLockList{
 		Locks: []*api.LFSLock{convert.ToLFSLock(lock)},
 	})
 }
 	authenticated := authenticate(ctx, repository, rv.Authorization, false)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have pull access to list locks",
 		})
 		return
 	if id != "" { //Case where we request a specific id
 		v, err := strconv.ParseInt(id, 10, 64)
 		if err != nil {
-			ctx.JSON(400, api.LFSLockError{
+			ctx.JSON(http.StatusBadRequest, api.LFSLockError{
 				Message: "bad request : " + err.Error(),
 			})
 			return
 	lockList, err := models.GetLFSLockByRepoID(repository.ID, cursor, limit)
 	if err != nil {
 		log.Error("Unable to list locks for repository ID[%d]: Error: %v", repository.ID, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to list locks : Internal Server Error",
 		})
 		return
 	if limit > 0 && len(lockList) == limit {
 		next = strconv.Itoa(cursor + 1)
 	}
-	ctx.JSON(200, api.LFSLockList{
+	ctx.JSON(http.StatusOK, api.LFSLockList{
 		Locks: lockListAPI,
 		Next:  next,
 	})
 	authenticated := authenticate(ctx, repository, authorization, true)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have push access to create locks",
 		})
 		return
 	})
 	if err != nil {
 		if models.IsErrLFSLockAlreadyExist(err) {
-			ctx.JSON(409, api.LFSLockError{
+			ctx.JSON(http.StatusConflict, api.LFSLockError{
 				Lock:    convert.ToLFSLock(lock),
 				Message: "already created lock",
 			})
 		}
 		if models.IsErrLFSUnauthorizedAction(err) {
 			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-			ctx.JSON(401, api.LFSLockError{
+			ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 				Message: "You must have push access to create locks : " + err.Error(),
 			})
 			return
 		}
 		log.Error("Unable to CreateLFSLock in repository %-v at %s for user %-v: Error: %v", repository, req.Path, ctx.User, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "internal server error : Internal Server Error",
 		})
 		return
 	}
-	ctx.JSON(201, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
+	ctx.JSON(http.StatusCreated, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
 }
 
 // VerifyLockHandler list locks for verification
 	authenticated := authenticate(ctx, repository, authorization, true)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have push access to verify locks",
 		})
 		return
 	lockList, err := models.GetLFSLockByRepoID(repository.ID, cursor, limit)
 	if err != nil {
 		log.Error("Unable to list locks for repository ID[%d]: Error: %v", repository.ID, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to list locks : Internal Server Error",
 		})
 		return
 			lockTheirsListAPI = append(lockTheirsListAPI, convert.ToLFSLock(l))
 		}
 	}
-	ctx.JSON(200, api.LFSLockListVerify{
+	ctx.JSON(http.StatusOK, api.LFSLockListVerify{
 		Ours:   lockOursListAPI,
 		Theirs: lockTheirsListAPI,
 		Next:   next,
 	authenticated := authenticate(ctx, repository, authorization, true)
 	if !authenticated {
 		ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-		ctx.JSON(401, api.LFSLockError{
+		ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 			Message: "You must have push access to delete locks",
 		})
 		return
 	if err != nil {
 		if models.IsErrLFSUnauthorizedAction(err) {
 			ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=gitea-lfs")
-			ctx.JSON(401, api.LFSLockError{
+			ctx.JSON(http.StatusUnauthorized, api.LFSLockError{
 				Message: "You must have push access to delete locks : " + err.Error(),
 			})
 			return
 		}
 		log.Error("Unable to DeleteLFSLockByID[%d] by user %-v with force %t: Error: %v", ctx.ParamsInt64("lid"), ctx.User, req.Force, err)
-		ctx.JSON(500, api.LFSLockError{
+		ctx.JSON(http.StatusInternalServerError, api.LFSLockError{
 			Message: "unable to delete lock : Internal Server Error",
 		})
 		return
 	}
-	ctx.JSON(200, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
+	ctx.JSON(http.StatusOK, api.LFSLockResponse{Lock: convert.ToLFSLock(lock)})
 }

routers/admin/admin.go

 
 import (
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"runtime"
 	updateSystemStatus()
 	ctx.Data["SysStatus"] = sysStatus
 	ctx.Data["SSH"] = setting.SSH
-	ctx.HTML(200, tplDashboard)
+	ctx.HTML(http.StatusOK, tplDashboard)
 }
 
 // DashboardPost run an admin operation
 	ctx.Data["EnableXORMLog"] = setting.EnableXORMLog
 	ctx.Data["LogSQL"] = setting.Database.LogSQL
 
-	ctx.HTML(200, tplConfig)
+	ctx.HTML(http.StatusOK, tplConfig)
 }
 
 // Monitor show admin monitor page
 	ctx.Data["Processes"] = process.GetManager().Processes()
 	ctx.Data["Entries"] = cron.ListTasks()
 	ctx.Data["Queues"] = queue.GetManager().ManagedQueues()
-	ctx.HTML(200, tplMonitor)
+	ctx.HTML(http.StatusOK, tplMonitor)
 }
 
 // MonitorCancel cancels a process
 func MonitorCancel(ctx *context.Context) {
 	pid := ctx.ParamsInt64("pid")
 	process.GetManager().Cancel(pid)
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/monitor",
 	})
 }
 	ctx.Data["PageIsAdmin"] = true
 	ctx.Data["PageIsAdminMonitor"] = true
 	ctx.Data["Queue"] = mq
-	ctx.HTML(200, tplQueue)
+	ctx.HTML(http.StatusOK, tplQueue)
 }
 
 // WorkerCancel cancels a worker group
 	pid := ctx.ParamsInt64("pid")
 	mq.CancelWorkers(pid)
 	ctx.Flash.Info(ctx.Tr("admin.monitor.queue.pool.cancelling"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/monitor/queue/" + strconv.FormatInt(qid, 10),
 	})
 }

routers/admin/auths.go

 import (
 	"errors"
 	"fmt"
+	"net/http"
 	"regexp"
 
 	"code.gitea.io/gitea/models"
 	}
 
 	ctx.Data["Total"] = models.CountLoginSources()
-	ctx.HTML(200, tplAuths)
+	ctx.HTML(http.StatusOK, tplAuths)
 }
 
 type dropdownItem struct {
 		break
 	}
 
-	ctx.HTML(200, tplAuthNew)
+	ctx.HTML(http.StatusOK, tplAuthNew)
 }
 
 func parseLDAPConfig(form auth.AuthenticationForm) *models.LDAPConfig {
 			return
 		}
 	default:
-		ctx.Error(400)
+		ctx.Error(http.StatusBadRequest)
 		return
 	}
 	ctx.Data["HasTLS"] = hasTLS
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplAuthNew)
+		ctx.HTML(http.StatusOK, tplAuthNew)
 		return
 	}
 
 	if source.IsOAuth2() {
 		ctx.Data["CurrentOAuth2Provider"] = models.OAuth2Providers[source.OAuth2().Provider]
 	}
-	ctx.HTML(200, tplAuthEdit)
+	ctx.HTML(http.StatusOK, tplAuthEdit)
 }
 
 // EditAuthSourcePost response for editing auth source
 	ctx.Data["HasTLS"] = source.HasTLS()
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplAuthEdit)
+		ctx.HTML(http.StatusOK, tplAuthEdit)
 		return
 	}
 
 			return
 		}
 	default:
-		ctx.Error(400)
+		ctx.Error(http.StatusBadRequest)
 		return
 	}
 
 	if err := models.UpdateSource(source); err != nil {
 		if models.IsErrOpenIDConnectInitialize(err) {
 			ctx.Flash.Error(err.Error(), true)
-			ctx.HTML(200, tplAuthEdit)
+			ctx.HTML(http.StatusOK, tplAuthEdit)
 		} else {
 			ctx.ServerError("UpdateSource", err)
 		}
 		} else {
 			ctx.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
 		}
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"redirect": setting.AppSubURL + "/admin/auths/" + ctx.Params(":authid"),
 		})
 		return
 	log.Trace("Authentication deleted by admin(%s): %d", ctx.User.Name, source.ID)
 
 	ctx.Flash.Success(ctx.Tr("admin.auths.deletion_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/auths",
 	})
 }

routers/admin/emails.go

 
 import (
 	"bytes"
+	"net/http"
 	"net/url"
 
 	"code.gitea.io/gitea/models"
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplEmails)
+	ctx.HTML(http.StatusOK, tplEmails)
 }
 
 var (
 	activate, oka := truefalse[ctx.Query("activate")]
 
 	if uid == 0 || len(email) == 0 || !okp || !oka {
-		ctx.Error(400)
+		ctx.Error(http.StatusBadRequest)
 		return
 	}
 

routers/admin/hooks.go

 package admin
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	ctx.Data["DefaultWebhooks"] = def
 	ctx.Data["SystemWebhooks"] = sys
 
-	ctx.HTML(200, tplAdminHooks)
+	ctx.HTML(http.StatusOK, tplAdminHooks)
 }
 
 // DeleteDefaultOrSystemWebhook handler to delete an admin-defined system or default webhook
 		ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/hooks",
 	})
 }

routers/admin/notice.go

 package admin
 
 import (
+	"net/http"
 	"strconv"
 
 	"code.gitea.io/gitea/models"
 
 	ctx.Data["Page"] = context.NewPagination(int(total), setting.UI.Admin.NoticePagingNum, page, 5)
 
-	ctx.HTML(200, tplNotices)
+	ctx.HTML(http.StatusOK, tplNotices)
 }
 
 // DeleteNotices delete the specific notices

routers/admin/repos.go

 package admin
 
 import (
+	"net/http"
 	"net/url"
 	"strconv"
 	"strings"
 	log.Trace("Repository deleted: %s", repo.FullName())
 
 	ctx.Flash.Success(ctx.Tr("repo.settings.deletion_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/repos?page=" + ctx.Query("page") + "&sort=" + ctx.Query("sort"),
 	})
 }
 		pager.SetDefaultParams(ctx)
 		pager.AddParam(ctx, "search", "search")
 		ctx.Data["Page"] = pager
-		ctx.HTML(200, tplUnadoptedRepos)
+		ctx.HTML(http.StatusOK, tplUnadoptedRepos)
 		return
 	}
 
 	pager.SetDefaultParams(ctx)
 	pager.AddParam(ctx, "search", "search")
 	ctx.Data["Page"] = pager
-	ctx.HTML(200, tplUnadoptedRepos)
+	ctx.HTML(http.StatusOK, tplUnadoptedRepos)
 }
 
 // AdoptOrDeleteRepository adopts or deletes a repository

routers/admin/users.go

 
 import (
 	"fmt"
+	"net/http"
 	"strconv"
 	"strings"
 
 	ctx.Data["Sources"] = sources
 
 	ctx.Data["CanSendEmail"] = setting.MailService != nil
-	ctx.HTML(200, tplUserNew)
+	ctx.HTML(http.StatusOK, tplUserNew)
 }
 
 // NewUserPost response for adding a new user
 	ctx.Data["CanSendEmail"] = setting.MailService != nil
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplUserNew)
+		ctx.HTML(http.StatusOK, tplUserNew)
 		return
 	}
 
 		return
 	}
 
-	ctx.HTML(200, tplUserEdit)
+	ctx.HTML(http.StatusOK, tplUserEdit)
 }
 
 // EditUserPost response for editting user
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplUserEdit)
+		ctx.HTML(http.StatusOK, tplUserEdit)
 		return
 	}
 
 		switch {
 		case models.IsErrUserOwnRepos(err):
 			ctx.Flash.Error(ctx.Tr("admin.users.still_own_repo"))
-			ctx.JSON(200, map[string]interface{}{
+			ctx.JSON(http.StatusOK, map[string]interface{}{
 				"redirect": setting.AppSubURL + "/admin/users/" + ctx.Params(":userid"),
 			})
 		case models.IsErrUserHasOrgs(err):
 			ctx.Flash.Error(ctx.Tr("admin.users.still_has_org"))
-			ctx.JSON(200, map[string]interface{}{
+			ctx.JSON(http.StatusOK, map[string]interface{}{
 				"redirect": setting.AppSubURL + "/admin/users/" + ctx.Params(":userid"),
 			})
 		default:
 	log.Trace("Account deleted by admin (%s): %s", ctx.User.Name, u.Name)
 
 	ctx.Flash.Success(ctx.Tr("admin.users.deletion_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/admin/users",
 	})
 }

routers/api/v1/api.go

 		var theObj = reflect.New(tp).Interface() // create a new form obj for every request but not use obj directly
 		errs := binding.Bind(ctx.Req, theObj)
 		if len(errs) > 0 {
-			ctx.Error(422, "validationError", errs[0].Error())
+			ctx.Error(http.StatusUnprocessableEntity, "validationError", errs[0].Error())
 			return
 		}
 		web.SetForm(ctx, theObj)

routers/dev/template.go

 package dev
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale.Language())
 	ctx.Data["CurDbValue"] = ""
 
-	ctx.HTML(200, base.TplName(ctx.Params("*")))
+	ctx.HTML(http.StatusOK, base.TplName(ctx.Params("*")))
 }

routers/home.go

 
 import (
 	"bytes"
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	if ctx.IsSigned {
 		if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 			ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-			ctx.HTML(200, user.TplActivate)
+			ctx.HTML(http.StatusOK, user.TplActivate)
 		} else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
 			log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
 			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-			ctx.HTML(200, "user/auth/prohibit_login")
+			ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 		} else if ctx.User.MustChangePassword {
 			ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
 			ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
 
 	ctx.Data["PageIsHome"] = true
 	ctx.Data["IsRepoIndexerEnabled"] = setting.Indexer.RepoIndexerEnabled
-	ctx.HTML(200, tplHome)
+	ctx.HTML(http.StatusOK, tplHome)
 }
 
 // RepoSearchOptions when calling search repositories
 	pager.AddParam(ctx, "topic", "TopicOnly")
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, opts.TplName)
+	ctx.HTML(http.StatusOK, opts.TplName)
 }
 
 // ExploreRepos render explore repositories page
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplName)
+	ctx.HTML(http.StatusOK, tplName)
 }
 
 // ExploreUsers render explore users page
 	pager.AddParam(ctx, "l", "Language")
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplExploreCode)
+	ctx.HTML(http.StatusOK, tplExploreCode)
 }
 
 // NotFound render 404 page

routers/install.go

 	form.PasswordAlgorithm = setting.PasswordHashAlgo
 
 	middleware.AssignForm(form, ctx.Data)
-	ctx.HTML(200, tplInstall)
+	ctx.HTML(http.StatusOK, tplInstall)
 }
 
 // InstallPost response for submit install items
 			ctx.Data["Err_Admin"] = true
 		}
 
-		ctx.HTML(200, tplInstall)
+		ctx.HTML(http.StatusOK, tplInstall)
 		return
 	}
 
 	ctx.Flash.Success(ctx.Tr("install.install_success"))
 
 	ctx.Header().Add("Refresh", "1; url="+setting.AppURL+"user/login")
-	ctx.HTML(200, tplPostInstall)
+	ctx.HTML(http.StatusOK, tplPostInstall)
 
 	// Now get the http.Server from this request and shut it down
 	// NB: This is not our hammerable graceful shutdown this is http.Server.Shutdown

routers/org/home.go

 package org
 
 import (
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	if ctx.User != nil {
 		isMember, err := org.IsOrgMember(ctx.User.ID)
 		if err != nil {
-			ctx.Error(500, "IsOrgMember")
+			ctx.Error(http.StatusInternalServerError, "IsOrgMember")
 			return
 		}
 		opts.PublicOnly = !isMember && !ctx.User.IsAdmin
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplOrgHome)
+	ctx.HTML(http.StatusOK, tplOrgHome)
 }

routers/org/members.go

 package org
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	if ctx.User != nil {
 		isMember, err := ctx.Org.Organization.IsOrgMember(ctx.User.ID)
 		if err != nil {
-			ctx.Error(500, "IsOrgMember")
+			ctx.Error(http.StatusInternalServerError, "IsOrgMember")
 			return
 		}
 		opts.PublicOnly = !isMember && !ctx.User.IsAdmin
 
 	total, err := models.CountOrgMembers(opts)
 	if err != nil {
-		ctx.Error(500, "CountOrgMembers")
+		ctx.Error(http.StatusInternalServerError, "CountOrgMembers")
 		return
 	}
 
 	ctx.Data["MembersIsUserOrgOwner"] = members.IsUserOrgOwner(org.ID)
 	ctx.Data["MembersTwoFaStatus"] = members.GetTwoFaStatus()
 
-	ctx.HTML(200, tplMembers)
+	ctx.HTML(http.StatusOK, tplMembers)
 }
 
 // MembersAction response for operation to a member of organization
 	switch ctx.Params(":action") {
 	case "private":
 		if ctx.User.ID != uid && !ctx.Org.IsOwner {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		err = models.ChangeOrgUserStatus(org.ID, uid, false)
 	case "public":
 		if ctx.User.ID != uid && !ctx.Org.IsOwner {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		err = models.ChangeOrgUserStatus(org.ID, uid, true)
 	case "remove":
 		if !ctx.Org.IsOwner {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		err = org.RemoveMember(uid)
 
 	if err != nil {
 		log.Error("Action(%s): %v", ctx.Params(":action"), err)
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"ok":  false,
 			"err": err.Error(),
 		})

routers/org/org.go

 
 import (
 	"errors"
+	"net/http"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 		ctx.ServerError("Not allowed", errors.New(ctx.Tr("org.form.create_org_not_allowed")))
 		return
 	}
-	ctx.HTML(200, tplCreateOrg)
+	ctx.HTML(http.StatusOK, tplCreateOrg)
 }
 
 // CreatePost response for create organization
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplCreateOrg)
+		ctx.HTML(http.StatusOK, tplCreateOrg)
 		return
 	}
 

routers/org/org_labels.go

 package org
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
 	auth "code.gitea.io/gitea/modules/forms"
 	if err != nil {
 		switch {
 		case models.IsErrOrgLabelNotExist(err):
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 		default:
 			ctx.ServerError("UpdateLabel", err)
 		}
 		ctx.Flash.Success(ctx.Tr("repo.issues.label_deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Org.OrgLink + "/settings/labels",
 	})
 }

routers/org/setting.go

 package org
 
 import (
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	ctx.Data["PageIsSettingsOptions"] = true
 	ctx.Data["CurrentVisibility"] = ctx.Org.Organization.Visibility
 	ctx.Data["RepoAdminChangeTeamAccess"] = ctx.Org.Organization.RepoAdminChangeTeamAccess
-	ctx.HTML(200, tplSettingsOptions)
+	ctx.HTML(http.StatusOK, tplSettingsOptions)
 }
 
 // SettingsPost response for settings change submited
 	ctx.Data["CurrentVisibility"] = ctx.Org.Organization.Visibility
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplSettingsOptions)
+		ctx.HTML(http.StatusOK, tplSettingsOptions)
 		return
 	}
 
 		return
 	}
 
-	ctx.HTML(200, tplSettingsDelete)
+	ctx.HTML(http.StatusOK, tplSettingsDelete)
 }
 
 // Webhooks render webhook list page
 	}
 
 	ctx.Data["Webhooks"] = ws
-	ctx.HTML(200, tplSettingsHooks)
+	ctx.HTML(http.StatusOK, tplSettingsHooks)
 }
 
 // DeleteWebhook response for delete webhook
 		ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Org.OrgLink + "/settings/hooks",
 	})
 }
 	ctx.Data["PageIsOrgSettingsLabels"] = true
 	ctx.Data["RequireTribute"] = true
 	ctx.Data["LabelTemplates"] = models.LabelTemplates
-	ctx.HTML(200, tplSettingsLabels)
+	ctx.HTML(http.StatusOK, tplSettingsLabels)
 }

routers/org/teams.go

 	}
 	ctx.Data["Teams"] = org.Teams
 
-	ctx.HTML(200, tplTeams)
+	ctx.HTML(http.StatusOK, tplTeams)
 }
 
 // TeamsAction response for join, leave, remove, add operations to team
 	switch ctx.Params(":action") {
 	case "join":
 		if !ctx.Org.IsOwner {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		err = ctx.Org.Team.AddMember(ctx.User.ID)
 		err = ctx.Org.Team.RemoveMember(ctx.User.ID)
 	case "remove":
 		if !ctx.Org.IsOwner {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		err = ctx.Org.Team.RemoveMember(uid)
 		page = "team"
 	case "add":
 		if !ctx.Org.IsOwner {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		uname := utils.RemoveUsernameParameterSuffix(strings.ToLower(ctx.Query("uname")))
 			ctx.Flash.Error(ctx.Tr("form.last_org_owner"))
 		} else {
 			log.Error("Action(%s): %v", ctx.Params(":action"), err)
-			ctx.JSON(200, map[string]interface{}{
+			ctx.JSON(http.StatusOK, map[string]interface{}{
 				"ok":  false,
 				"err": err.Error(),
 			})
 // TeamsRepoAction operate team's repository
 func TeamsRepoAction(ctx *context.Context) {
 	if !ctx.Org.IsOwner {
-		ctx.Error(404)
+		ctx.Error(http.StatusNotFound)
 		return
 	}
 
 	}
 
 	if action == "addall" || action == "removeall" {
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"redirect": ctx.Org.OrgLink + "/teams/" + ctx.Org.Team.LowerName + "/repositories",
 		})
 		return
 	ctx.Data["PageIsOrgTeamsNew"] = true
 	ctx.Data["Team"] = &models.Team{}
 	ctx.Data["Units"] = models.Units
-	ctx.HTML(200, tplTeamNew)
+	ctx.HTML(http.StatusOK, tplTeamNew)
 }
 
 // NewTeamPost response for create new team
 	ctx.Data["Team"] = t
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplTeamNew)
+		ctx.HTML(http.StatusOK, tplTeamNew)
 		return
 	}
 
 		ctx.ServerError("GetMembers", err)
 		return
 	}
-	ctx.HTML(200, tplTeamMembers)
+	ctx.HTML(http.StatusOK, tplTeamMembers)
 }
 
 // TeamRepositories show the repositories of team
 		ctx.ServerError("GetRepositories", err)
 		return
 	}
-	ctx.HTML(200, tplTeamRepositories)
+	ctx.HTML(http.StatusOK, tplTeamRepositories)
 }
 
 // EditTeam render team edit page
 	ctx.Data["team_name"] = ctx.Org.Team.Name
 	ctx.Data["desc"] = ctx.Org.Team.Description
 	ctx.Data["Units"] = models.Units
-	ctx.HTML(200, tplTeamNew)
+	ctx.HTML(http.StatusOK, tplTeamNew)
 }
 
 // EditTeamPost response for modify team information
 	t.CanCreateOrgRepo = form.CanCreateOrgRepo
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplTeamNew)
+		ctx.HTML(http.StatusOK, tplTeamNew)
 		return
 	}
 
 		ctx.Flash.Success(ctx.Tr("org.teams.delete_team_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Org.OrgLink + "/teams",
 	})
 }

routers/private/hook.go

 		protectBranch, err := models.GetProtectedBranchBy(repo.ID, branchName)
 		if err != nil {
 			log.Error("Unable to get protected branch: %s in %-v Error: %v", branchName, repo, err)
-			ctx.JSON(500, map[string]interface{}{
+			ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
 				"err": err.Error(),
 			})
 			return

routers/repo/activity.go

 package repo
 
 import (
+	"net/http"
 	"time"
 
 	"code.gitea.io/gitea/models"
 		return
 	}
 
-	ctx.HTML(200, tplActivity)
+	ctx.HTML(http.StatusOK, tplActivity)
 }
 
 // ActivityAuthors renders JSON with top commit authors for given time period over all branches
 		return
 	}
 
-	ctx.JSON(200, authors)
+	ctx.JSON(http.StatusOK, authors)
 }

routers/repo/attachment.go

 // UploadAttachment response for uploading attachments
 func uploadAttachment(ctx *context.Context, allowedTypes string) {
 	if !setting.Attachment.Enabled {
-		ctx.Error(404, "attachment is not enabled")
+		ctx.Error(http.StatusNotFound, "attachment is not enabled")
 		return
 	}
 
 	file, header, err := ctx.Req.FormFile("file")
 	if err != nil {
-		ctx.Error(500, fmt.Sprintf("FormFile: %v", err))
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("FormFile: %v", err))
 		return
 	}
 	defer file.Close()
 
 	err = upload.Verify(buf, header.Filename, allowedTypes)
 	if err != nil {
-		ctx.Error(400, err.Error())
+		ctx.Error(http.StatusBadRequest, err.Error())
 		return
 	}
 
 		Name:       header.Filename,
 	}, buf, file)
 	if err != nil {
-		ctx.Error(500, fmt.Sprintf("NewAttachment: %v", err))
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("NewAttachment: %v", err))
 		return
 	}
 
 	log.Trace("New attachment uploaded: %s", attach.UUID)
-	ctx.JSON(200, map[string]string{
+	ctx.JSON(http.StatusOK, map[string]string{
 		"uuid": attach.UUID,
 	})
 }
 	file := ctx.Query("file")
 	attach, err := models.GetAttachmentByUUID(file)
 	if err != nil {
-		ctx.Error(400, err.Error())
+		ctx.Error(http.StatusBadRequest, err.Error())
 		return
 	}
 	if !ctx.IsSigned || (ctx.User.ID != attach.UploaderID) {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 	err = models.DeleteAttachment(attach, true)
 	if err != nil {
-		ctx.Error(500, fmt.Sprintf("DeleteAttachment: %v", err))
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("DeleteAttachment: %v", err))
 		return
 	}
-	ctx.JSON(200, map[string]string{
+	ctx.JSON(http.StatusOK, map[string]string{
 		"uuid": attach.UUID,
 	})
 }
 	attach, err := models.GetAttachmentByUUID(ctx.Params(":uuid"))
 	if err != nil {
 		if models.IsErrAttachmentNotExist(err) {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 		} else {
 			ctx.ServerError("GetAttachmentByUUID", err)
 		}

routers/repo/blame.go

 	"fmt"
 	"html"
 	gotemplate "html/template"
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 
 	renderBlame(ctx, blameParts, commitNames)
 
-	ctx.HTML(200, tplBlame)
+	ctx.HTML(http.StatusOK, tplBlame)
 }
 
 func renderBlame(ctx *context.Context, blameParts []git.BlamePart, commitNames map[string]models.UserCommit) {

routers/repo/branch.go

 
 import (
 	"fmt"
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplBranch)
+	ctx.HTML(http.StatusOK, tplBranch)
 }
 
 // DeleteBranchPost responses for delete merged branch
 }
 
 func redirect(ctx *context.Context) {
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/branches",
 	})
 }

routers/repo/commit.go

 
 import (
 	"errors"
+	"net/http"
 	"path"
 	"strings"
 
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplCommits)
+	ctx.HTML(http.StatusOK, tplCommits)
 }
 
 // Graph render commit graph - show commits from all branches.
 	}
 	ctx.Data["Page"] = paginator
 	if ctx.QueryBool("div-only") {
-		ctx.HTML(200, tplGraphDiv)
+		ctx.HTML(http.StatusOK, tplGraphDiv)
 		return
 	}
 
-	ctx.HTML(200, tplGraph)
+	ctx.HTML(http.StatusOK, tplGraph)
 }
 
 // SearchCommits render commits filtered by keyword
 	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
 	ctx.Data["CommitCount"] = commits.Len()
 	ctx.Data["Branch"] = ctx.Repo.BranchName
-	ctx.HTML(200, tplCommits)
+	ctx.HTML(http.StatusOK, tplCommits)
 }
 
 // FileHistory show a file's reversions
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplCommits)
+	ctx.HTML(http.StatusOK, tplCommits)
 }
 
 // Diff show different from current commit to previous commit
 		ctx.ServerError("commit.GetTagName", err)
 		return
 	}
-	ctx.HTML(200, tplCommitPage)
+	ctx.HTML(http.StatusOK, tplCommitPage)
 }
 
 // RawDiff dumps diff results of repository in given commit ID to io.Writer

routers/repo/compare.go

 	"fmt"
 	"html"
 	"io/ioutil"
+	"net/http"
 	"path"
 	"path/filepath"
 	"strings"
 		} else {
 			ctx.Data["HasPullRequest"] = true
 			ctx.Data["PullRequest"] = pr
-			ctx.HTML(200, tplCompareDiff)
+			ctx.HTML(http.StatusOK, tplCompareDiff)
 			return
 		}
 
 
 	ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(models.UnitTypePullRequests)
 
-	ctx.HTML(200, tplCompare)
+	ctx.HTML(http.StatusOK, tplCompare)
 }
 
 // ExcerptBlob render blob excerpt contents
 	chunkSize := gitdiff.BlobExcerptChunkSize
 	commit, err := gitRepo.GetCommit(commitID)
 	if err != nil {
-		ctx.Error(500, "GetCommit")
+		ctx.Error(http.StatusInternalServerError, "GetCommit")
 		return
 	}
 	section := &gitdiff.DiffSection{
 		idxRight = lastRight
 	}
 	if err != nil {
-		ctx.Error(500, "getExcerptLines")
+		ctx.Error(http.StatusInternalServerError, "getExcerptLines")
 		return
 	}
 	if idxRight > lastRight {
 	ctx.Data["fileName"] = filePath
 	ctx.Data["AfterCommitID"] = commitID
 	ctx.Data["Anchor"] = anchor
-	ctx.HTML(200, tplBlobExcerpt)
+	ctx.HTML(http.StatusOK, tplBlobExcerpt)
 }
 
 func getExcerptLines(commit *git.Commit, filePath string, idxLeft int, idxRight int, chunkSize int) ([]*gitdiff.DiffLine, error) {

routers/repo/editor.go

 import (
 	"fmt"
 	"io/ioutil"
+	"net/http"
 	"path"
 	"strings"
 
 	ctx.Data["PreviewableFileModes"] = strings.Join(setting.Repository.Editor.PreviewableFileModes, ",")
 	ctx.Data["Editorconfig"] = GetEditorConfig(ctx, treePath)
 
-	ctx.HTML(200, tplEditFile)
+	ctx.HTML(http.StatusOK, tplEditFile)
 }
 
 // GetEditorConfig returns a editorconfig JSON string for given treePath or "null"
 	ctx.Data["Editorconfig"] = GetEditorConfig(ctx, form.TreePath)
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplEditFile)
+		ctx.HTML(http.StatusOK, tplEditFile)
 		return
 	}
 
 				case git.EntryModeBlob:
 					ctx.RenderWithErr(ctx.Tr("repo.editor.directory_is_a_file", fileErr.Path), tplEditFile, &form)
 				default:
-					ctx.Error(500, err.Error())
+					ctx.Error(http.StatusInternalServerError, err.Error())
 				}
 			} else {
-				ctx.Error(500, err.Error())
+				ctx.Error(http.StatusInternalServerError, err.Error())
 			}
 		} else if models.IsErrRepoFileAlreadyExists(err) {
 			ctx.Data["Err_TreePath"] = true
 			if branchErr, ok := err.(git.ErrBranchNotExist); ok {
 				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_does_not_exist", branchErr.Name), tplEditFile, &form)
 			} else {
-				ctx.Error(500, err.Error())
+				ctx.Error(http.StatusInternalServerError, err.Error())
 			}
 		} else if models.IsErrBranchAlreadyExists(err) {
 			// For when a user specifies a new branch that already exists
 			if branchErr, ok := err.(models.ErrBranchAlreadyExists); ok {
 				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchErr.BranchName), tplEditFile, &form)
 			} else {
-				ctx.Error(500, err.Error())
+				ctx.Error(http.StatusInternalServerError, err.Error())
 			}
 		} else if models.IsErrCommitIDDoesNotMatch(err) {
 			ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_editing", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+ctx.Repo.CommitID), tplEditFile, &form)
 	form := web.GetForm(ctx).(*auth.EditPreviewDiffForm)
 	treePath := cleanUploadFileName(ctx.Repo.TreePath)
 	if len(treePath) == 0 {
-		ctx.Error(500, "file name to diff is invalid")
+		ctx.Error(http.StatusInternalServerError, "file name to diff is invalid")
 		return
 	}
 
 	entry, err := ctx.Repo.Commit.GetTreeEntryByPath(treePath)
 	if err != nil {
-		ctx.Error(500, "GetTreeEntryByPath: "+err.Error())
+		ctx.Error(http.StatusInternalServerError, "GetTreeEntryByPath: "+err.Error())
 		return
 	} else if entry.IsDir() {
-		ctx.Error(422)
+		ctx.Error(http.StatusUnprocessableEntity)
 		return
 	}
 
 	diff, err := repofiles.GetDiffPreview(ctx.Repo.Repository, ctx.Repo.BranchName, treePath, form.Content)
 	if err != nil {
-		ctx.Error(500, "GetDiffPreview: "+err.Error())
+		ctx.Error(http.StatusInternalServerError, "GetDiffPreview: "+err.Error())
 		return
 	}
 
 	}
 	ctx.Data["File"] = diff.Files[0]
 
-	ctx.HTML(200, tplEditDiffPreview)
+	ctx.HTML(http.StatusOK, tplEditDiffPreview)
 }
 
 // DeleteFile render delete file page
 	}
 	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx)
 
-	ctx.HTML(200, tplDeleteFile)
+	ctx.HTML(http.StatusOK, tplDeleteFile)
 }
 
 // DeleteFilePost response for deleting file
 	ctx.Data["last_commit"] = ctx.Repo.CommitID
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplDeleteFile)
+		ctx.HTML(http.StatusOK, tplDeleteFile)
 		return
 	}
 
 			if branchErr, ok := err.(git.ErrBranchNotExist); ok {
 				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_does_not_exist", branchErr.Name), tplDeleteFile, &form)
 			} else {
-				ctx.Error(500, err.Error())
+				ctx.Error(http.StatusInternalServerError, err.Error())
 			}
 		} else if models.IsErrBranchAlreadyExists(err) {
 			// For when a user specifies a new branch that already exists
 			if branchErr, ok := err.(models.ErrBranchAlreadyExists); ok {
 				ctx.RenderWithErr(ctx.Tr("repo.editor.branch_already_exists", branchErr.BranchName), tplDeleteFile, &form)
 			} else {
-				ctx.Error(500, err.Error())
+				ctx.Error(http.StatusInternalServerError, err.Error())
 			}
 		} else if models.IsErrCommitIDDoesNotMatch(err) || git.IsErrPushOutOfDate(err) {
 			ctx.RenderWithErr(ctx.Tr("repo.editor.file_changed_while_deleting", ctx.Repo.RepoLink+"/compare/"+form.LastCommit+"..."+ctx.Repo.CommitID), tplDeleteFile, &form)
 	}
 	ctx.Data["new_branch_name"] = GetUniquePatchBranchName(ctx)
 
-	ctx.HTML(200, tplUploadFile)
+	ctx.HTML(http.StatusOK, tplUploadFile)
 }
 
 // UploadFilePost response for uploading file
 	ctx.Data["new_branch_name"] = branchName
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplUploadFile)
+		ctx.HTML(http.StatusOK, tplUploadFile)
 		return
 	}
 
 			case git.EntryModeBlob:
 				ctx.RenderWithErr(ctx.Tr("repo.editor.directory_is_a_file", fileErr.Path), tplUploadFile, &form)
 			default:
-				ctx.Error(500, err.Error())
+				ctx.Error(http.StatusInternalServerError, err.Error())
 			}
 		} else if models.IsErrRepoFileAlreadyExists(err) {
 			ctx.Data["Err_TreePath"] = true
 func UploadFileToServer(ctx *context.Context) {
 	file, header, err := ctx.Req.FormFile("file")
 	if err != nil {
-		ctx.Error(500, fmt.Sprintf("FormFile: %v", err))
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("FormFile: %v", err))
 		return
 	}
 	defer file.Close()
 
 	err = upload.Verify(buf, header.Filename, setting.Repository.Upload.AllowedTypes)
 	if err != nil {
-		ctx.Error(400, err.Error())
+		ctx.Error(http.StatusBadRequest, err.Error())
 		return
 	}
 
 	name := cleanUploadFileName(header.Filename)
 	if len(name) == 0 {
-		ctx.Error(500, "Upload file name is invalid")
+		ctx.Error(http.StatusInternalServerError, "Upload file name is invalid")
 		return
 	}
 
 	upload, err := models.NewUpload(name, buf, file)
 	if err != nil {
-		ctx.Error(500, fmt.Sprintf("NewUpload: %v", err))
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("NewUpload: %v", err))
 		return
 	}
 
 	log.Trace("New file uploaded: %s", upload.UUID)
-	ctx.JSON(200, map[string]string{
+	ctx.JSON(http.StatusOK, map[string]string{
 		"uuid": upload.UUID,
 	})
 }
 	}
 
 	if err := models.DeleteUploadByUUID(form.File); err != nil {
-		ctx.Error(500, fmt.Sprintf("DeleteUploadByUUID: %v", err))
+		ctx.Error(http.StatusInternalServerError, fmt.Sprintf("DeleteUploadByUUID: %v", err))
 		return
 	}
 

routers/repo/issue.go

 
 	ctx.Data["CanWriteIssuesOrPulls"] = ctx.Repo.CanWriteIssuesOrPulls(isPullList)
 
-	ctx.HTML(200, tplIssues)
+	ctx.HTML(http.StatusOK, tplIssues)
 }
 
 // RetrieveRepoMilestonesAndAssignees find all the milestones and assignees of a repository
 
 	ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWrite(models.UnitTypeIssues)
 
-	ctx.HTML(200, tplIssueNew)
+	ctx.HTML(http.StatusOK, tplIssueNew)
 }
 
 // NewIssueChooseTemplate render creating issue from template page
 	ctx.Data["NewIssueChooseTemplate"] = len(issueTemplates) > 0
 	ctx.Data["IssueTemplates"] = issueTemplates
 
-	ctx.HTML(200, tplIssueChoose)
+	ctx.HTML(http.StatusOK, tplIssueChoose)
 }
 
 // ValidateRepoMetas check and returns repository's meta informations
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplIssueNew)
+		ctx.HTML(http.StatusOK, tplIssueNew)
 		return
 	}
 
 
 	if err := issue_service.NewIssue(repo, issue, labelIDs, attachments, assigneeIDs); err != nil {
 		if models.IsErrUserDoesNotHaveAccessToRepo(err) {
-			ctx.Error(400, "UserDoesNotHaveAccessToRepo", err.Error())
+			ctx.Error(http.StatusBadRequest, "UserDoesNotHaveAccessToRepo", err.Error())
 			return
 		}
 		ctx.ServerError("NewIssue", err)
 	ctx.Data["IsRepoAdmin"] = ctx.IsSigned && (ctx.Repo.IsAdmin() || ctx.User.IsAdmin)
 	ctx.Data["LockReasons"] = setting.Repository.Issue.LockReasons
 	ctx.Data["RefEndName"] = git.RefEndName(issue.Ref)
-	ctx.HTML(200, tplIssueView)
+	ctx.HTML(http.StatusOK, tplIssueView)
 }
 
 // GetActionIssue will return the issue which is used in the context.
 	}
 
 	if !ctx.IsSigned || (!issue.IsPoster(ctx.User.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 	title := ctx.QueryTrim("title")
 	if len(title) == 0 {
-		ctx.Error(204)
+		ctx.Error(http.StatusNoContent)
 		return
 	}
 
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"title": issue.Title,
 	})
 }
 	}
 
 	if !ctx.IsSigned || (!issue.IsPoster(ctx.User.ID) && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) || issue.IsPull {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ref": ref,
 	})
 }
 	}
 
 	if !ctx.IsSigned || (ctx.User.ID != issue.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)) {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 		ctx.ServerError("UpdateAttachments", err)
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"content":     string(markdown.Render([]byte(issue.Content), ctx.Query("context"), ctx.Repo.Repository.ComposeMetas())),
 		"attachments": attachmentsHTML(ctx, issue.Attachments, issue.Content),
 	})
 		}
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 			}
 		}
 	}
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 		}
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 			}
 		}
 	}
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 			}
 		}
 
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 	}
 
 	if !ctx.IsSigned || (ctx.User.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	} else if comment.Type != models.CommentTypeComment && comment.Type != models.CommentTypeCode {
-		ctx.Error(204)
+		ctx.Error(http.StatusNoContent)
 		return
 	}
 
 	oldContent := comment.Content
 	comment.Content = ctx.Query("content")
 	if len(comment.Content) == 0 {
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"content": "",
 		})
 		return
 		ctx.ServerError("UpdateAttachments", err)
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"content":     string(markdown.Render([]byte(comment.Content), ctx.Query("context"), ctx.Repo.Repository.ComposeMetas())),
 		"attachments": attachmentsHTML(ctx, comment.Attachments, comment.Content),
 	})
 	}
 
 	if !ctx.IsSigned || (ctx.User.ID != comment.PosterID && !ctx.Repo.CanWriteIssuesOrPulls(comment.Issue.IsPull)) {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	} else if comment.Type != models.CommentTypeComment && comment.Type != models.CommentTypeCode {
-		ctx.Error(204)
+		ctx.Error(http.StatusNoContent)
 		return
 	}
 
 			}
 		}
 
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 	}
 
 	if len(issue.Reactions) == 0 {
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"empty": true,
 			"html":  "",
 		})
 		ctx.ServerError("ChangeIssueReaction.HTMLString", err)
 		return
 	}
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"html": html,
 	})
 }
 			}
 		}
 
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	} else if comment.Type != models.CommentTypeComment && comment.Type != models.CommentTypeCode {
-		ctx.Error(204)
+		ctx.Error(http.StatusNoContent)
 		return
 	}
 
 	}
 
 	if len(comment.Reactions) == 0 {
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"empty": true,
 			"html":  "",
 		})
 		ctx.ServerError("ChangeCommentReaction.HTMLString", err)
 		return
 	}
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"html": html,
 	})
 }
 	for i := 0; i < len(issue.Attachments); i++ {
 		attachments[i] = convert.ToReleaseAttachment(issue.Attachments[i])
 	}
-	ctx.JSON(200, attachments)
+	ctx.JSON(http.StatusOK, attachments)
 }
 
 // GetCommentAttachments returns attachments for the comment
 			attachments = append(attachments, convert.ToReleaseAttachment(comment.Attachments[i]))
 		}
 	}
-	ctx.JSON(200, attachments)
+	ctx.JSON(http.StatusOK, attachments)
 }
 
 func updateAttachments(item interface{}, files []string) error {

routers/repo/issue_label.go

 package repo
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	ctx.Data["PageIsLabels"] = true
 	ctx.Data["RequireTribute"] = true
 	ctx.Data["LabelTemplates"] = models.LabelTemplates
-	ctx.HTML(200, tplLabels)
+	ctx.HTML(http.StatusOK, tplLabels)
 }
 
 // InitializeLabels init labels for a repository
 	if err != nil {
 		switch {
 		case models.IsErrRepoLabelNotExist(err):
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 		default:
 			ctx.ServerError("UpdateLabel", err)
 		}
 		ctx.Flash.Success(ctx.Tr("repo.issues.label_deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/labels",
 	})
 }
 		label, err := models.GetLabelByID(ctx.QueryInt64("id"))
 		if err != nil {
 			if models.IsErrRepoLabelNotExist(err) {
-				ctx.Error(404, "GetLabelByID")
+				ctx.Error(http.StatusNotFound, "GetLabelByID")
 			} else {
 				ctx.ServerError("GetLabelByID", err)
 			}
 		}
 	default:
 		log.Warn("Unrecognized action: %s", action)
-		ctx.Error(500)
+		ctx.Error(http.StatusInternalServerError)
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }

routers/repo/issue_watch.go

 				log.Trace("Permission Denied: Not logged in")
 			}
 		}
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 

routers/repo/lfs.go

 	gotemplate "html/template"
 	"io"
 	"io/ioutil"
+	"net/http"
 	"path"
 	"strconv"
 	"strings"
 	}
 	ctx.Data["LFSFiles"] = lfsMetaObjects
 	ctx.Data["Page"] = pager
-	ctx.HTML(200, tplSettingsLFS)
+	ctx.HTML(http.StatusOK, tplSettingsLFS)
 }
 
 // LFSLocks shows a repository's LFS locks
 
 	if len(lfsLocks) == 0 {
 		ctx.Data["Page"] = pager
-		ctx.HTML(200, tplSettingsLFSLocks)
+		ctx.HTML(http.StatusOK, tplSettingsLFSLocks)
 		return
 	}
 
 	ctx.Data["Linkable"] = linkable
 
 	ctx.Data["Page"] = pager
-	ctx.HTML(200, tplSettingsLFSLocks)
+	ctx.HTML(http.StatusOK, tplSettingsLFSLocks)
 }
 
 // LFSLockFile locks a file
 	case base.IsImageFile(buf):
 		ctx.Data["IsImageFile"] = true
 	}
-	ctx.HTML(200, tplSettingsLFSFile)
+	ctx.HTML(http.StatusOK, tplSettingsLFSFile)
 }
 
 // LFSDelete disassociates the provided oid from the repository and if the lfs file is no longer associated with any repositories - deletes it
 	}
 
 	ctx.Data["Results"] = results
-	ctx.HTML(200, tplSettingsLFSFileFind)
+	ctx.HTML(http.StatusOK, tplSettingsLFSFileFind)
 }
 
 // LFSPointerFiles will search the repository for pointer files and report which are missing LFS files in the content store
 		}
 	default:
 	}
-	ctx.HTML(200, tplSettingsLFSPointers)
+	ctx.HTML(http.StatusOK, tplSettingsLFSPointers)
 }
 
 type pointerResult struct {

routers/repo/migrate.go

 		ctx.Data["Org"] = ctx.Query("org")
 		ctx.Data["Mirror"] = ctx.Query("mirror")
 
-		ctx.HTML(200, tplMigrate)
+		ctx.HTML(http.StatusOK, tplMigrate)
 		return
 	}
 
 	}
 	ctx.Data["ContextUser"] = ctxUser
 
-	ctx.HTML(200, base.TplName("repo/migrate/"+serviceType.Name()))
+	ctx.HTML(http.StatusOK, base.TplName("repo/migrate/"+serviceType.Name()))
 }
 
 func handleMigrateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form *auth.MigrateRepoForm) {
 	tpl := base.TplName("repo/migrate/" + serviceType.Name())
 
 	if ctx.HasError() {
-		ctx.HTML(200, tpl)
+		ctx.HTML(http.StatusOK, tpl)
 		return
 	}
 

routers/repo/milestone.go

 package repo
 
 import (
+	"net/http"
 	"time"
 
 	"code.gitea.io/gitea/models"
 	pager.AddParam(ctx, "state", "State")
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplMilestone)
+	ctx.HTML(http.StatusOK, tplMilestone)
 }
 
 // NewMilestone render creating milestone page
 	ctx.Data["Title"] = ctx.Tr("repo.milestones.new")
 	ctx.Data["PageIsIssueList"] = true
 	ctx.Data["PageIsMilestones"] = true
-	ctx.HTML(200, tplMilestoneNew)
+	ctx.HTML(http.StatusOK, tplMilestoneNew)
 }
 
 // NewMilestonePost response for creating milestone
 	ctx.Data["PageIsMilestones"] = true
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplMilestoneNew)
+		ctx.HTML(http.StatusOK, tplMilestoneNew)
 		return
 	}
 
 	if len(m.DeadlineString) > 0 {
 		ctx.Data["deadline"] = m.DeadlineString
 	}
-	ctx.HTML(200, tplMilestoneNew)
+	ctx.HTML(http.StatusOK, tplMilestoneNew)
 }
 
 // EditMilestonePost response for edting milestone
 	ctx.Data["PageIsEditMilestone"] = true
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplMilestoneNew)
+		ctx.HTML(http.StatusOK, tplMilestoneNew)
 		return
 	}
 
 		ctx.Flash.Success(ctx.Tr("repo.milestones.deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/milestones",
 	})
 }
 	ctx.Data["CanWriteIssues"] = ctx.Repo.CanWriteIssuesOrPulls(false)
 	ctx.Data["CanWritePulls"] = ctx.Repo.CanWriteIssuesOrPulls(true)
 
-	ctx.HTML(200, tplMilestoneIssues)
+	ctx.HTML(http.StatusOK, tplMilestoneIssues)
 }

routers/repo/projects.go

 
 import (
 	"fmt"
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	ctx.Data["IsProjectsPage"] = true
 	ctx.Data["SortType"] = sortType
 
-	ctx.HTML(200, tplProjects)
+	ctx.HTML(http.StatusOK, tplProjects)
 }
 
 // NewProject render creating a project page
 	ctx.Data["Title"] = ctx.Tr("repo.projects.new")
 	ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
 	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
-	ctx.HTML(200, tplProjectsNew)
+	ctx.HTML(http.StatusOK, tplProjectsNew)
 }
 
 // NewProjectPost creates a new project
 	if ctx.HasError() {
 		ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
 		ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
-		ctx.HTML(200, tplProjectsNew)
+		ctx.HTML(http.StatusOK, tplProjectsNew)
 		return
 	}
 
 		ctx.Flash.Success(ctx.Tr("repo.projects.deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/projects",
 	})
 }
 	ctx.Data["title"] = p.Title
 	ctx.Data["content"] = p.Description
 
-	ctx.HTML(200, tplProjectsNew)
+	ctx.HTML(http.StatusOK, tplProjectsNew)
 }
 
 // EditProjectPost response for editing a project
 	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplProjectsNew)
+		ctx.HTML(http.StatusOK, tplProjectsNew)
 		return
 	}
 
 	ctx.Data["PageIsProjects"] = true
 	ctx.Data["RequiresDraggable"] = true
 
-	ctx.HTML(200, tplProjectsView)
+	ctx.HTML(http.StatusOK, tplProjectsView)
 }
 
 // UpdateIssueProject change an issue's project
 		}
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 // DeleteProjectBoard allows for the deletion of a project board
 func DeleteProjectBoard(ctx *context.Context) {
 	if ctx.User == nil {
-		ctx.JSON(403, map[string]string{
+		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only signed in users are allowed to perform this action.",
 		})
 		return
 	}
 
 	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
-		ctx.JSON(403, map[string]string{
+		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
 		return
 		return
 	}
 	if pb.ProjectID != ctx.ParamsInt64(":id") {
-		ctx.JSON(422, map[string]string{
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
 			"message": fmt.Sprintf("ProjectBoard[%d] is not in Project[%d] as expected", pb.ID, project.ID),
 		})
 		return
 	}
 
 	if project.RepoID != ctx.Repo.Repository.ID {
-		ctx.JSON(422, map[string]string{
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
 			"message": fmt.Sprintf("ProjectBoard[%d] is not in Repository[%d] as expected", pb.ID, ctx.Repo.Repository.ID),
 		})
 		return
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 func AddBoardToProjectPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*auth.EditProjectBoardForm)
 	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
-		ctx.JSON(403, map[string]string{
+		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
 		return
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 
 func checkProjectBoardChangePermissions(ctx *context.Context) (*models.Project, *models.ProjectBoard) {
 	if ctx.User == nil {
-		ctx.JSON(403, map[string]string{
+		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only signed in users are allowed to perform this action.",
 		})
 		return nil, nil
 	}
 
 	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
-		ctx.JSON(403, map[string]string{
+		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
 		return nil, nil
 		return nil, nil
 	}
 	if board.ProjectID != ctx.ParamsInt64(":id") {
-		ctx.JSON(422, map[string]string{
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
 			"message": fmt.Sprintf("ProjectBoard[%d] is not in Project[%d] as expected", board.ID, project.ID),
 		})
 		return nil, nil
 	}
 
 	if project.RepoID != ctx.Repo.Repository.ID {
-		ctx.JSON(422, map[string]string{
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]string{
 			"message": fmt.Sprintf("ProjectBoard[%d] is not in Repository[%d] as expected", board.ID, ctx.Repo.Repository.ID),
 		})
 		return nil, nil
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 func MoveIssueAcrossBoards(ctx *context.Context) {
 
 	if ctx.User == nil {
-		ctx.JSON(403, map[string]string{
+		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only signed in users are allowed to perform this action.",
 		})
 		return
 	}
 
 	if !ctx.Repo.IsOwner() && !ctx.Repo.IsAdmin() && !ctx.Repo.CanAccess(models.AccessModeWrite, models.UnitTypeProjects) {
-		ctx.JSON(403, map[string]string{
+		ctx.JSON(http.StatusForbidden, map[string]string{
 			"message": "Only authorized users are allowed to perform this action.",
 		})
 		return
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 	ctx.Data["ProjectTypes"] = models.GetProjectsConfig()
 	ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
 
-	ctx.HTML(200, tplGenericProjectsNew)
+	ctx.HTML(http.StatusOK, tplGenericProjectsNew)
 }
 
 // CreateProjectPost creates an individual and/or organization project
 
 	if ctx.HasError() {
 		ctx.Data["CanWriteProjects"] = ctx.Repo.Permission.CanWrite(models.UnitTypeProjects)
-		ctx.HTML(200, tplGenericProjectsNew)
+		ctx.HTML(http.StatusOK, tplGenericProjectsNew)
 		return
 	}
 

routers/repo/pull.go

 		return
 	}
 
-	ctx.HTML(200, tplFork)
+	ctx.HTML(http.StatusOK, tplFork)
 }
 
 // ForkPost response for forking a repository
 	ctx.Data["ContextUser"] = ctxUser
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplFork)
+		ctx.HTML(http.StatusOK, tplFork)
 		return
 	}
 
 			ctx.ServerError("IsOwnedBy", err)
 			return
 		} else if !isOwner {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 	}
 	ctx.Data["CommitCount"] = commits.Len()
 
 	getBranchData(ctx, issue)
-	ctx.HTML(200, tplPullCommits)
+	ctx.HTML(http.StatusOK, tplPullCommits)
 }
 
 // ViewPullFiles render pull request changed files list page
 	getBranchData(ctx, issue)
 	ctx.Data["IsIssuePoster"] = ctx.IsSigned && issue.IsPoster(ctx.User.ID)
 	ctx.Data["HasIssuesOrPullsWritePermission"] = ctx.Repo.CanWriteIssuesOrPulls(issue.IsPull)
-	ctx.HTML(200, tplPullFiles)
+	ctx.HTML(http.StatusOK, tplPullFiles)
 }
 
 // UpdatePullRequest merge PR's baseBranch into headBranch
 			return
 		}
 
-		ctx.HTML(200, tplCompareDiff)
+		ctx.HTML(http.StatusOK, tplCompareDiff)
 		return
 	}
 
 
 	if err := pull_service.NewPullRequest(repo, pullIssue, labelIDs, attachments, pullRequest, assigneeIDs); err != nil {
 		if models.IsErrUserDoesNotHaveAccessToRepo(err) {
-			ctx.Error(400, "UserDoesNotHaveAccessToRepo", err.Error())
+			ctx.Error(http.StatusBadRequest, "UserDoesNotHaveAccessToRepo", err.Error())
 			return
 		} else if git.IsErrPushRejected(err) {
 			pushrejErr := err.(*git.ErrPushRejected)
 	branch := ctx.Query("branch")
 	secret := ctx.Query("secret")
 	if len(branch) == 0 || len(secret) == 0 || pusherID <= 0 {
-		ctx.Error(404)
+		ctx.Error(http.StatusNotFound)
 		log.Trace("TriggerTask: branch or secret is empty, or pusher ID is not valid")
 		return
 	}
 	got := []byte(base.EncodeMD5(owner.Salt))
 	want := []byte(secret)
 	if subtle.ConstantTimeCompare(got, want) != 1 {
-		ctx.Error(404)
+		ctx.Error(http.StatusNotFound)
 		log.Trace("TriggerTask [%s/%s]: invalid secret", owner.Name, repo.Name)
 		return
 	}
 	pusher, err := models.GetUserByID(pusherID)
 	if err != nil {
 		if models.IsErrUserNotExist(err) {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 		} else {
 			ctx.ServerError("GetUserByID", err)
 		}
 	defer gitBaseRepo.Close()
 
 	defer func() {
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"redirect": pr.BaseRepo.Link() + "/pulls/" + fmt.Sprint(issue.Index),
 		})
 	}()

routers/repo/pull_review.go

 
 import (
 	"fmt"
+	"net/http"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 		return
 	}
 	ctx.Data["AfterCommitID"] = pullHeadCommitID
-	ctx.HTML(200, tplNewComment)
+	ctx.HTML(http.StatusOK, tplNewComment)
 }
 
 // CreateCodeComment will create a code comment including an pending review if required
 		return
 	}
 	if !permResult {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 	if !comment.Issue.IsPull {
-		ctx.Error(400)
+		ctx.Error(http.StatusBadRequest)
 		return
 	}
 
 			return
 		}
 	} else {
-		ctx.Error(400)
+		ctx.Error(http.StatusBadRequest)
 		return
 	}
 
 		renderConversation(ctx, comment)
 		return
 	}
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok": true,
 	})
 }
 		return
 	}
 	ctx.Data["AfterCommitID"] = pullHeadCommitID
-	ctx.HTML(200, tplConversation)
+	ctx.HTML(http.StatusOK, tplConversation)
 }
 
 // SubmitReview creates a review out of the existing pending review or creates a new one if no pending review exist

routers/repo/release.go

 
 import (
 	"fmt"
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplReleases)
+	ctx.HTML(http.StatusOK, tplReleases)
 }
 
 // SingleRelease renders a single release's page
 	release.Note = markdown.RenderString(release.Note, ctx.Repo.RepoLink, ctx.Repo.Repository.ComposeMetas())
 
 	ctx.Data["Releases"] = []*models.Release{release}
-	ctx.HTML(200, tplReleases)
+	ctx.HTML(http.StatusOK, tplReleases)
 }
 
 // LatestRelease redirects to the latest release
 	}
 	ctx.Data["IsAttachmentEnabled"] = setting.Attachment.Enabled
 	upload.AddUploadContext(ctx, "release")
-	ctx.HTML(200, tplReleaseNew)
+	ctx.HTML(http.StatusOK, tplReleaseNew)
 }
 
 // NewReleasePost response for creating a release
 	ctx.Data["RequireTribute"] = true
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplReleaseNew)
+		ctx.HTML(http.StatusOK, tplReleaseNew)
 		return
 	}
 
 	}
 	ctx.Data["attachments"] = rel.Attachments
 
-	ctx.HTML(200, tplReleaseNew)
+	ctx.HTML(http.StatusOK, tplReleaseNew)
 }
 
 // EditReleasePost response for edit release
 	ctx.Data["prerelease"] = rel.IsPrerelease
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplReleaseNew)
+		ctx.HTML(http.StatusOK, tplReleaseNew)
 		return
 	}
 
 	}
 
 	if isDelTag {
-		ctx.JSON(200, map[string]interface{}{
+		ctx.JSON(http.StatusOK, map[string]interface{}{
 			"redirect": ctx.Repo.RepoLink + "/tags",
 		})
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/releases",
 	})
 }

routers/repo/repo.go

 import (
 	"errors"
 	"fmt"
+	"net/http"
 	"strings"
 	"time"
 
 
 	// Check ownership of organization.
 	if !org.IsOrganization() {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return nil
 	}
 	if !ctx.User.IsAdmin {
 			ctx.ServerError("CanCreateOrgRepo", err)
 			return nil
 		} else if !canCreate {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return nil
 		}
 	} else {
 	ctx.Data["CanCreateRepo"] = ctx.User.CanCreateRepo()
 	ctx.Data["MaxCreationLimit"] = ctx.User.MaxCreationLimit()
 
-	ctx.HTML(200, tplCreate)
+	ctx.HTML(http.StatusOK, tplCreate)
 }
 
 func handleCreateError(ctx *context.Context, owner *models.User, err error, name string, tpl base.TplName, form interface{}) {
 	ctx.Data["ContextUser"] = ctxUser
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplCreate)
+		ctx.HTML(http.StatusOK, tplCreate)
 		return
 	}
 
 		err = acceptOrRejectRepoTransfer(ctx, false)
 	case "desc": // FIXME: this is not used
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 
 	releases, err := models.GetReleasesByRepoIDAndNames(models.DefaultDBContext(), curRepo.ID, tagNames)
 	if err != nil {
 		if models.IsErrAttachmentNotExist(err) {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		ctx.ServerError("RedirectDownload", err)
 		release := releases[0]
 		att, err := models.GetAttachmentByReleaseIDFileName(release.ID, fileName)
 		if err != nil {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		if att != nil {
 			return
 		}
 	}
-	ctx.Error(404)
+	ctx.Error(http.StatusNotFound)
 }
 
 // Download an archive of a repository
 	aReq := archiver_service.DeriveRequestFrom(ctx, uri)
 
 	if aReq == nil {
-		ctx.Error(404)
+		ctx.Error(http.StatusNotFound)
 		return
 	}
 
 	if complete {
 		ctx.ServeFile(aReq.GetArchivePath(), downloadName)
 	} else {
-		ctx.Error(404)
+		ctx.Error(http.StatusNotFound)
 	}
 }
 
 	aReq := archiver_service.DeriveRequestFrom(ctx, uri)
 
 	if aReq == nil {
-		ctx.Error(404)
+		ctx.Error(http.StatusNotFound)
 		return
 	}
 
 		complete, _ = aReq.TimedWaitForCompletion(ctx, 2*time.Second)
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"complete": complete,
 	})
 }

routers/repo/search.go

 package repo
 
 import (
+	"net/http"
 	"path"
 	"strings"
 
 	pager.AddParam(ctx, "l", "Language")
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplSearch)
+	ctx.HTML(http.StatusOK, tplSearch)
 }

routers/repo/setting.go

 	"errors"
 	"fmt"
 	"io/ioutil"
+	"net/http"
 	"strings"
 	"time"
 
 	ctx.Data["SigningKeyAvailable"] = len(signing) > 0
 	ctx.Data["SigningSettings"] = setting.Repository.Signing
 
-	ctx.HTML(200, tplSettingsOptions)
+	ctx.HTML(http.StatusOK, tplSettingsOptions)
 }
 
 // SettingsPost response for changes of a repository
 	switch ctx.Query("action") {
 	case "update":
 		if ctx.HasError() {
-			ctx.HTML(200, tplSettingsOptions)
+			ctx.HTML(http.StatusOK, tplSettingsOptions)
 			return
 		}
 
 
 	case "admin":
 		if !ctx.User.IsAdmin {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 
 
 	case "convert":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		if repo.Name != form.RepoName {
 		}
 
 		if !repo.IsMirror {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		repo.IsMirror = false
 
 	case "convert_fork":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		if err := repo.GetOwner(); err != nil {
 		}
 
 		if !repo.IsFork {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 
 
 	case "transfer":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		if repo.Name != form.RepoName {
 
 	case "cancel_transfer":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 
 
 	case "delete":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		if repo.Name != form.RepoName {
 
 	case "delete-wiki":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		if repo.Name != form.RepoName {
 
 	case "archive":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 
 		ctx.Redirect(ctx.Repo.RepoLink + "/settings")
 	case "unarchive":
 		if !ctx.Repo.IsOwner() {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 
 	ctx.Data["Org"] = ctx.Repo.Repository.Owner
 	ctx.Data["Units"] = models.Units
 
-	ctx.HTML(200, tplCollaboration)
+	ctx.HTML(http.StatusOK, tplCollaboration)
 }
 
 // CollaborationPost response for actions for a collaboration of a repository
 		ctx.Flash.Success(ctx.Tr("repo.settings.remove_collaborator_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/settings/collaboration",
 	})
 }
 	}
 
 	ctx.Flash.Success(ctx.Tr("repo.settings.remove_team_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/settings/collaboration",
 	})
 }
 	}
 	ctx.Data["Hooks"] = hooks
 
-	ctx.HTML(200, tplGithooks)
+	ctx.HTML(http.StatusOK, tplGithooks)
 }
 
 // GitHooksEdit render for editing a hook of repository page
 		return
 	}
 	ctx.Data["Hook"] = hook
-	ctx.HTML(200, tplGithookEdit)
+	ctx.HTML(http.StatusOK, tplGithookEdit)
 }
 
 // GitHooksEditPost response for editing a git hook of a repository
 	}
 	ctx.Data["Deploykeys"] = keys
 
-	ctx.HTML(200, tplDeployKeys)
+	ctx.HTML(http.StatusOK, tplDeployKeys)
 }
 
 // DeployKeysPost response for adding a deploy key of a repository
 	ctx.Data["Deploykeys"] = keys
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplDeployKeys)
+		ctx.HTML(http.StatusOK, tplDeployKeys)
 		return
 	}
 
 		ctx.Flash.Success(ctx.Tr("repo.settings.deploy_key_deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/settings/keys",
 	})
 }

routers/repo/setting_protected_branch.go

 
 import (
 	"fmt"
+	"net/http"
 	"strings"
 	"time"
 
 
 	ctx.Data["LeftBranches"] = leftBranches
 
-	ctx.HTML(200, tplBranches)
+	ctx.HTML(http.StatusOK, tplBranches)
 }
 
 // ProtectedBranchPost response for protect for a branch of a repository
 	switch ctx.Query("action") {
 	case "default_branch":
 		if ctx.HasError() {
-			ctx.HTML(200, tplBranches)
+			ctx.HTML(http.StatusOK, tplBranches)
 			return
 		}
 
 	}
 
 	c.Data["Branch"] = protectBranch
-	c.HTML(200, tplProtectedBranch)
+	c.HTML(http.StatusOK, tplProtectedBranch)
 }
 
 // SettingsProtectedBranchPost updates the protected branch settings

routers/repo/topic.go

 package repo
 
 import (
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 // TopicsPost response for creating repository
 func TopicsPost(ctx *context.Context) {
 	if ctx.User == nil {
-		ctx.JSON(403, map[string]interface{}{
+		ctx.JSON(http.StatusForbidden, map[string]interface{}{
 			"message": "Only owners could change the topics.",
 		})
 		return
 	validTopics, invalidTopics := models.SanitizeAndValidateTopics(topics)
 
 	if len(validTopics) > 25 {
-		ctx.JSON(422, map[string]interface{}{
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]interface{}{
 			"invalidTopics": nil,
 			"message":       ctx.Tr("repo.topic.count_prompt"),
 		})
 	}
 
 	if len(invalidTopics) > 0 {
-		ctx.JSON(422, map[string]interface{}{
+		ctx.JSON(http.StatusUnprocessableEntity, map[string]interface{}{
 			"invalidTopics": invalidTopics,
 			"message":       ctx.Tr("repo.topic.format_prompt"),
 		})
 	err := models.SaveTopics(ctx.Repo.Repository.ID, validTopics...)
 	if err != nil {
 		log.Error("SaveTopics failed: %v", err)
-		ctx.JSON(500, map[string]interface{}{
+		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"message": "Save topics failed.",
 		})
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"status": "ok",
 	})
 }

routers/repo/view.go

 	gotemplate "html/template"
 	"io"
 	"io/ioutil"
+	"net/http"
 	"net/url"
 	"path"
 	"strconv"
 			ctx.Data["Repo"] = ctx.Repo
 			ctx.Data["MigrateTask"] = task
 			ctx.Data["CloneAddr"] = safeURL(cfg.CloneAddr)
-			ctx.HTML(200, tplMigrating)
+			ctx.HTML(http.StatusOK, tplMigrating)
 			return
 		}
 
 	ctx.Data["PageIsViewCode"] = true
 
 	if ctx.Repo.Repository.IsEmpty {
-		ctx.HTML(200, tplRepoEMPTY)
+		ctx.HTML(http.StatusOK, tplRepoEMPTY)
 		return
 	}
 
 	ctx.Data["TreeLink"] = treeLink
 	ctx.Data["TreeNames"] = treeNames
 	ctx.Data["BranchLink"] = branchLink
-	ctx.HTML(200, tplRepoHome)
+	ctx.HTML(http.StatusOK, tplRepoHome)
 }
 
 // RenderUserCards render a page show users according the input templaet
 	}
 	ctx.Data["Cards"] = items
 
-	ctx.HTML(200, tpl)
+	ctx.HTML(http.StatusOK, tpl)
 }
 
 // Watchers render repository's watch users
 	}
 	ctx.Data["Forks"] = forks
 
-	ctx.HTML(200, tplForks)
+	ctx.HTML(http.StatusOK, tplForks)
 }

routers/repo/webhook.go

 import (
 	"errors"
 	"fmt"
+	"net/http"
 	"path"
 	"strings"
 
 	}
 	ctx.Data["Webhooks"] = ws
 
-	ctx.HTML(200, tplHooks)
+	ctx.HTML(http.StatusOK, tplHooks)
 }
 
 type orgRepoCtx struct {
 	}
 	ctx.Data["BaseLink"] = orCtx.LinkNew
 
-	ctx.HTML(200, orCtx.NewTemplate)
+	ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 }
 
 // ParseHookEvent convert web form content to models.HookEvent
 	ctx.Data["BaseLink"] = orCtx.LinkNew
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	ctx.Data["BaseLink"] = orCtx.LinkNew
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	}
 	ctx.Data["Webhook"] = w
 
-	ctx.HTML(200, orCtx.NewTemplate)
+	ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 }
 
 // WebHooksEditPost response for editing web hook
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 	ctx.Data["Webhook"] = w
 
 	if ctx.HasError() {
-		ctx.HTML(200, orCtx.NewTemplate)
+		ctx.HTML(http.StatusOK, orCtx.NewTemplate)
 		return
 	}
 
 		ctx.Flash.Success(ctx.Tr("repo.settings.webhook_deletion_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/settings/hooks",
 	})
 }

routers/repo/wiki.go

 import (
 	"fmt"
 	"io/ioutil"
+	"net/http"
 	"net/url"
 	"path/filepath"
 	"strings"
 
 	if !ctx.Repo.Repository.HasWiki() {
 		ctx.Data["Title"] = ctx.Tr("repo.wiki")
-		ctx.HTML(200, tplWikiStart)
+		ctx.HTML(http.StatusOK, tplWikiStart)
 		return
 	}
 
 	}()
 	if entry == nil {
 		ctx.Data["Title"] = ctx.Tr("repo.wiki")
-		ctx.HTML(200, tplWikiStart)
+		ctx.HTML(http.StatusOK, tplWikiStart)
 		return
 	}
 
 	}
 	ctx.Data["Author"] = lastCommit.Author
 
-	ctx.HTML(200, tplWikiView)
+	ctx.HTML(http.StatusOK, tplWikiView)
 }
 
 // WikiRevision renders file revision list of wiki page
 
 	if !ctx.Repo.Repository.HasWiki() {
 		ctx.Data["Title"] = ctx.Tr("repo.wiki")
-		ctx.HTML(200, tplWikiStart)
+		ctx.HTML(http.StatusOK, tplWikiStart)
 		return
 	}
 
 	}()
 	if entry == nil {
 		ctx.Data["Title"] = ctx.Tr("repo.wiki")
-		ctx.HTML(200, tplWikiStart)
+		ctx.HTML(http.StatusOK, tplWikiStart)
 		return
 	}
 
 	}
 	ctx.Data["Author"] = lastCommit.Author
 
-	ctx.HTML(200, tplWikiRevision)
+	ctx.HTML(http.StatusOK, tplWikiRevision)
 }
 
 // WikiPages render wiki pages list page
 			wikiRepo.Close()
 		}
 	}()
-	ctx.HTML(200, tplWikiPages)
+	ctx.HTML(http.StatusOK, tplWikiPages)
 }
 
 // WikiRaw outputs raw blob requested by user (image for example)
 		ctx.Data["title"] = "Home"
 	}
 
-	ctx.HTML(200, tplWikiNew)
+	ctx.HTML(http.StatusOK, tplWikiNew)
 }
 
 // NewWikiPost response for wiki create request
 	ctx.Data["RequireSimpleMDE"] = true
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplWikiNew)
+		ctx.HTML(http.StatusOK, tplWikiNew)
 		return
 	}
 
 		return
 	}
 
-	ctx.HTML(200, tplWikiNew)
+	ctx.HTML(http.StatusOK, tplWikiNew)
 }
 
 // EditWikiPost response for wiki modify request
 	ctx.Data["RequireSimpleMDE"] = true
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplWikiNew)
+		ctx.HTML(http.StatusOK, tplWikiNew)
 		return
 	}
 
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": ctx.Repo.RepoLink + "/wiki/",
 	})
 }

routers/routes/web.go

 
 	openIDSignInEnabled := func(ctx *context.Context) {
 		if !setting.Service.EnableOpenIDSignIn {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 	}
 
 	openIDSignUpEnabled := func(ctx *context.Context) {
 		if !setting.Service.EnableOpenIDSignUp {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 	}
 
 	reqMilestonesDashboardPageEnabled := func(ctx *context.Context) {
 		if !setting.Service.ShowMilestonesDashboardPage {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 	}
 	// webhooksEnabled requires webhooks to be enabled by admin.
 	webhooksEnabled := func(ctx *context.Context) {
 		if setting.DisableWebhooks {
-			ctx.Error(403)
+			ctx.Error(http.StatusForbidden)
 			return
 		}
 	}

routers/swagger_json.go

 package routers
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 	"code.gitea.io/gitea/modules/log"
 	ctx.Resp.Header().Set("Content-Type", "application/json")
 	if err := t.Execute(ctx.Resp, ctx.Data); err != nil {
 		log.Error("%v", err)
-		ctx.Error(500)
+		ctx.Error(http.StatusInternalServerError)
 	}
 }

routers/user/auth.go

 	ctx.Data["PageIsLogin"] = true
 	ctx.Data["EnableSSPI"] = models.IsSSPIEnabled()
 
-	ctx.HTML(200, tplSignIn)
+	ctx.HTML(http.StatusOK, tplSignIn)
 }
 
 // SignInPost response for sign in request
 	ctx.Data["EnableSSPI"] = models.IsSSPIEnabled()
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplSignIn)
+		ctx.HTML(http.StatusOK, tplSignIn)
 		return
 	}
 
 		} else if models.IsErrUserProhibitLogin(err) {
 			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-			ctx.HTML(200, "user/auth/prohibit_login")
+			ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 		} else if models.IsErrUserInactive(err) {
 			if setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, TplActivate)
+				ctx.HTML(http.StatusOK, TplActivate)
 			} else {
 				log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-				ctx.HTML(200, "user/auth/prohibit_login")
+				ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
 			}
 		} else {
 			ctx.ServerError("UserSignIn", err)
 		return
 	}
 
-	ctx.HTML(200, tplTwofa)
+	ctx.HTML(http.StatusOK, tplTwofa)
 }
 
 // TwoFactorPost validates a user's two-factor authentication token.
 		return
 	}
 
-	ctx.HTML(200, tplTwofaScratch)
+	ctx.HTML(http.StatusOK, tplTwofaScratch)
 }
 
 // TwoFactorScratchPost validates and invalidates a user's two-factor scratch token.
 		return
 	}
 
-	ctx.HTML(200, tplU2F)
+	ctx.HTML(http.StatusOK, tplU2F)
 }
 
 // U2FChallenge submits a sign challenge to the browser
 		ctx.ServerError("UserSignIn: unable to store session", err)
 	}
 
-	ctx.JSON(200, challenge.SignRequest(regs.ToRegistrations()))
+	ctx.JSON(http.StatusOK, challenge.SignRequest(regs.ToRegistrations()))
 }
 
 // U2FSign authenticates the user by signResp
 			return
 		}
 	}
-	ctx.Error(401)
+	ctx.Error(http.StatusUnauthorized)
 }
 
 // This handles the final part of the sign-in process of the user.
 		}
 	}
 
-	ctx.HTML(200, tplLinkAccount)
+	ctx.HTML(http.StatusOK, tplLinkAccount)
 }
 
 // LinkAccountPostSignIn handle the coupling of external account with another account using signIn
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplLinkAccount)
+		ctx.HTML(http.StatusOK, tplLinkAccount)
 		return
 	}
 
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplLinkAccount)
+		ctx.HTML(http.StatusOK, tplLinkAccount)
 		return
 	}
 
 	if setting.Service.DisableRegistration {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 		ctx.Data["IsSendRegisterMail"] = true
 		ctx.Data["Email"] = u.Email
 		ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale.Language())
-		ctx.HTML(200, TplActivate)
+		ctx.HTML(http.StatusOK, TplActivate)
 
 		if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
 			log.Error("Set cache(MailResendLimit) fail: %v", err)
 	//Show Disabled Registration message if DisableRegistration or AllowOnlyExternalRegistration options are true
 	ctx.Data["DisableRegistration"] = setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration
 
-	ctx.HTML(200, tplSignUp)
+	ctx.HTML(http.StatusOK, tplSignUp)
 }
 
 // SignUpPost response for sign up information submission
 
 	//Permission denied if DisableRegistration or AllowOnlyExternalRegistration options are true
 	if setting.Service.DisableRegistration || setting.Service.AllowOnlyExternalRegistration {
-		ctx.Error(403)
+		ctx.Error(http.StatusForbidden)
 		return
 	}
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplSignUp)
+		ctx.HTML(http.StatusOK, tplSignUp)
 		return
 	}
 
 		ctx.Data["IsSendRegisterMail"] = true
 		ctx.Data["Email"] = u.Email
 		ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale.Language())
-		ctx.HTML(200, TplActivate)
+		ctx.HTML(http.StatusOK, TplActivate)
 
 		if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
 			log.Error("Set cache(MailResendLimit) fail: %v", err)
 	if len(code) == 0 {
 		ctx.Data["IsActivatePage"] = true
 		if ctx.User.IsActive {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 			return
 		}
 		// Resend confirmation email.
 		} else {
 			ctx.Data["ServiceNotEnabled"] = true
 		}
-		ctx.HTML(200, TplActivate)
+		ctx.HTML(http.StatusOK, TplActivate)
 		return
 	}
 
 	// if code is wrong
 	if user == nil {
 		ctx.Data["IsActivateFailed"] = true
-		ctx.HTML(200, TplActivate)
+		ctx.HTML(http.StatusOK, TplActivate)
 		return
 	}
 
 		if len(password) == 0 {
 			ctx.Data["Code"] = code
 			ctx.Data["NeedsPassword"] = true
-			ctx.HTML(200, TplActivate)
+			ctx.HTML(http.StatusOK, TplActivate)
 			return
 		}
 		if !user.ValidatePassword(password) {
 			ctx.Data["IsActivateFailed"] = true
-			ctx.HTML(200, TplActivate)
+			ctx.HTML(http.StatusOK, TplActivate)
 			return
 		}
 	}
 	}
 	if err := models.UpdateUserCols(user, "is_active", "rands"); err != nil {
 		if models.IsErrUserNotExist(err) {
-			ctx.Error(404)
+			ctx.Error(http.StatusNotFound)
 		} else {
 			ctx.ServerError("UpdateUser", err)
 		}
 
 	if setting.MailService == nil {
 		ctx.Data["IsResetDisable"] = true
-		ctx.HTML(200, tplForgotPassword)
+		ctx.HTML(http.StatusOK, tplForgotPassword)
 		return
 	}
 
 	ctx.Data["Email"] = email
 
 	ctx.Data["IsResetRequest"] = true
-	ctx.HTML(200, tplForgotPassword)
+	ctx.HTML(http.StatusOK, tplForgotPassword)
 }
 
 // ForgotPasswdPost response for forget password request
 		if models.IsErrUserNotExist(err) {
 			ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale.Language())
 			ctx.Data["IsResetSent"] = true
-			ctx.HTML(200, tplForgotPassword)
+			ctx.HTML(http.StatusOK, tplForgotPassword)
 			return
 		}
 
 
 	if ctx.Cache.IsExist("MailResendLimit_" + u.LowerName) {
 		ctx.Data["ResendLimited"] = true
-		ctx.HTML(200, tplForgotPassword)
+		ctx.HTML(http.StatusOK, tplForgotPassword)
 		return
 	}
 
 
 	ctx.Data["ResetPwdCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ResetPwdCodeLives, ctx.Locale.Language())
 	ctx.Data["IsResetSent"] = true
-	ctx.HTML(200, tplForgotPassword)
+	ctx.HTML(http.StatusOK, tplForgotPassword)
 }
 
 func commonResetPassword(ctx *context.Context) (*models.User, *models.TwoFactor) {
 		return
 	}
 
-	ctx.HTML(200, tplResetPassword)
+	ctx.HTML(http.StatusOK, tplResetPassword)
 }
 
 // ResetPasswdPost response from account recovery request
 
 	if u == nil {
 		// Flash error has been set
-		ctx.HTML(200, tplResetPassword)
+		ctx.HTML(http.StatusOK, tplResetPassword)
 		return
 	}
 
 	ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
 	ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"
 	ctx.Data["MustChangePassword"] = true
-	ctx.HTML(200, tplMustChangePassword)
+	ctx.HTML(http.StatusOK, tplMustChangePassword)
 }
 
 // MustChangePasswordPost response for updating a user's password after his/her
 	ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
 	ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/settings/change_password"
 	if ctx.HasError() {
-		ctx.HTML(200, tplMustChangePassword)
+		ctx.HTML(http.StatusOK, tplMustChangePassword)
 		return
 	}
 	u := ctx.User

routers/user/auth_openid.go

 
 import (
 	"fmt"
+	"net/http"
 	"net/url"
 
 	"code.gitea.io/gitea/models"
 
 	ctx.Data["PageIsSignIn"] = true
 	ctx.Data["PageIsLoginOpenID"] = true
-	ctx.HTML(200, tplSignInOpenID)
+	ctx.HTML(http.StatusOK, tplSignInOpenID)
 }
 
 // Check if the given OpenID URI is allowed by blacklist/whitelist
 	ctx.Data["PageIsLoginOpenID"] = true
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplSignInOpenID)
+		ctx.HTML(http.StatusOK, tplSignInOpenID)
 		return
 	}
 
 	if userName != "" {
 		ctx.Data["user_name"] = userName
 	}
-	ctx.HTML(200, tplConnectOID)
+	ctx.HTML(http.StatusOK, tplConnectOID)
 }
 
 // ConnectOpenIDPost handles submission of a form to connect an OpenID URI to an existing account
 	if email != "" {
 		ctx.Data["email"] = email
 	}
-	ctx.HTML(200, tplSignUpOID)
+	ctx.HTML(http.StatusOK, tplSignUpOID)
 }
 
 // RegisterOpenIDPost handles submission of a form to create a new user authenticated via an OpenID URI
 		ctx.Data["IsSendRegisterMail"] = true
 		ctx.Data["Email"] = u.Email
 		ctx.Data["ActiveCodeLives"] = timeutil.MinutesToFriendly(setting.Service.ActiveCodeLives, ctx.Locale.Language())
-		ctx.HTML(200, TplActivate)
+		ctx.HTML(http.StatusOK, TplActivate)
 
 		if err := ctx.Cache.Put("MailResendLimit_"+u.LowerName, u.LowerName, 180); err != nil {
 			log.Error("Set cache(MailResendLimit) fail: %v", err)

routers/user/home.go

 import (
 	"bytes"
 	"fmt"
+	"net/http"
 	"regexp"
 	"sort"
 	"strconv"
 	if ctx.Written() {
 		return
 	}
-	ctx.HTML(200, tplDashboard)
+	ctx.HTML(http.StatusOK, tplDashboard)
 }
 
 // Milestones render the user milestones page
 	pager.AddParam(ctx, "state", "State")
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplMilestones)
+	ctx.HTML(http.StatusOK, tplMilestones)
 }
 
 // Pulls renders the user's pull request overview page
 	pager.AddParam(ctx, "assignee", "AssigneeID")
 	ctx.Data["Page"] = pager
 
-	ctx.HTML(200, tplIssues)
+	ctx.HTML(http.StatusOK, tplIssues)
 }
 
 func getRepoIDs(reposQuery string) []int64 {

routers/user/oauth.go

 	"encoding/base64"
 	"fmt"
 	"html"
+	"net/http"
 	"net/url"
 	"strings"
 
 		// we'll tolerate errors here as they *should* get saved elsewhere
 		log.Error("Unable to save changes to the session: %v", err)
 	}
-	ctx.HTML(200, tplGrantAccess)
+	ctx.HTML(http.StatusOK, tplGrantAccess)
 }
 
 // GrantApplicationOAuth manages the post request submitted when a user grants access to an application
 	form := web.GetForm(ctx).(*auth.GrantApplicationForm)
 	if ctx.Session.Get("client_id") != form.ClientID || ctx.Session.Get("state") != form.State ||
 		ctx.Session.Get("redirect_uri") != form.RedirectURI {
-		ctx.Error(400)
+		ctx.Error(http.StatusBadRequest)
 		return
 	}
 	app, err := models.GetOAuth2ApplicationByClientID(form.ClientID)
 		handleAccessTokenError(ctx, *tokenErr)
 		return
 	}
-	ctx.JSON(200, accessToken)
+	ctx.JSON(http.StatusOK, accessToken)
 }
 
 func handleAuthorizationCode(ctx *context.Context, form auth.AccessTokenForm) {
 		return
 	}
 	// send successful response
-	ctx.JSON(200, resp)
+	ctx.JSON(http.StatusOK, resp)
 }
 
 func handleAccessTokenError(ctx *context.Context, acErr AccessTokenError) {
-	ctx.JSON(400, acErr)
+	ctx.JSON(http.StatusBadRequest, acErr)
 }
 
 func handleServerError(ctx *context.Context, state string, redirectURI string) {

routers/user/profile.go

 
 import (
 	"fmt"
+	"net/http"
 	"path"
 	"strings"
 
 		ctx.ServeFile(path.Join(setting.StaticRootPath, "public/img/favicon.png"))
 		return
 	} else if strings.HasSuffix(uname, ".png") {
-		ctx.Error(404)
+		ctx.Error(http.StatusNotFound)
 		return
 	}
 
 
 	ctx.Data["ShowUserEmail"] = len(ctxUser.Email) > 0 && ctx.IsSigned && (!ctxUser.KeepEmailPrivate || ctxUser.ID == ctx.User.ID)
 
-	ctx.HTML(200, tplProfile)
+	ctx.HTML(http.StatusOK, tplProfile)
 }
 
 // Action response for follow/unfollow user request

routers/user/setting/account.go

 
 import (
 	"errors"
+	"net/http"
 	"time"
 
 	"code.gitea.io/gitea/models"
 
 	loadAccountData(ctx)
 
-	ctx.HTML(200, tplSettingsAccount)
+	ctx.HTML(http.StatusOK, tplSettingsAccount)
 }
 
 // AccountPost response for change user's password
 	if ctx.HasError() {
 		loadAccountData(ctx)
 
-		ctx.HTML(200, tplSettingsAccount)
+		ctx.HTML(http.StatusOK, tplSettingsAccount)
 		return
 	}
 
 	if ctx.HasError() {
 		loadAccountData(ctx)
 
-		ctx.HTML(200, tplSettingsAccount)
+		ctx.HTML(http.StatusOK, tplSettingsAccount)
 		return
 	}
 
 	log.Trace("Email address deleted: %s", ctx.User.Name)
 
 	ctx.Flash.Success(ctx.Tr("settings.email_deletion_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/account",
 	})
 }

routers/user/setting/applications.go

 package setting
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 
 	loadApplicationsData(ctx)
 
-	ctx.HTML(200, tplSettingsApplications)
+	ctx.HTML(http.StatusOK, tplSettingsApplications)
 }
 
 // ApplicationsPost response for add user's access token
 	if ctx.HasError() {
 		loadApplicationsData(ctx)
 
-		ctx.HTML(200, tplSettingsApplications)
+		ctx.HTML(http.StatusOK, tplSettingsApplications)
 		return
 	}
 
 		ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/applications",
 	})
 }

routers/user/setting/keys.go

 package setting
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 
 	loadKeysData(ctx)
 
-	ctx.HTML(200, tplSettingsKeys)
+	ctx.HTML(http.StatusOK, tplSettingsKeys)
 }
 
 // KeysPost response for change user's SSH/GPG keys
 	if ctx.HasError() {
 		loadKeysData(ctx)
 
-		ctx.HTML(200, tplSettingsKeys)
+		ctx.HTML(http.StatusOK, tplSettingsKeys)
 		return
 	}
 	switch form.Type {
 		ctx.Flash.Warning("Function not implemented")
 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")
 	}
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/keys",
 	})
 }

routers/user/setting/oauth2.go

 
 import (
 	"fmt"
+	"net/http"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	if ctx.HasError() {
 		loadApplicationsData(ctx)
 
-		ctx.HTML(200, tplSettingsApplications)
+		ctx.HTML(http.StatusOK, tplSettingsApplications)
 		return
 	}
 	// TODO validate redirect URI
 		ctx.ServerError("GenerateClientSecret", err)
 		return
 	}
-	ctx.HTML(200, tplSettingsOAuthApplications)
+	ctx.HTML(http.StatusOK, tplSettingsOAuthApplications)
 }
 
 // OAuthApplicationsEdit response for editing oauth2 application
 	if ctx.HasError() {
 		loadApplicationsData(ctx)
 
-		ctx.HTML(200, tplSettingsApplications)
+		ctx.HTML(http.StatusOK, tplSettingsApplications)
 		return
 	}
 	// TODO validate redirect URI
 		return
 	}
 	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
-	ctx.HTML(200, tplSettingsOAuthApplications)
+	ctx.HTML(http.StatusOK, tplSettingsOAuthApplications)
 }
 
 // OAuthApplicationsRegenerateSecret handles the post request for regenerating the secret
 		return
 	}
 	ctx.Flash.Success(ctx.Tr("settings.update_oauth2_application_success"))
-	ctx.HTML(200, tplSettingsOAuthApplications)
+	ctx.HTML(http.StatusOK, tplSettingsOAuthApplications)
 }
 
 // OAuth2ApplicationShow displays the given application
 		return
 	}
 	ctx.Data["App"] = app
-	ctx.HTML(200, tplSettingsOAuthApplications)
+	ctx.HTML(http.StatusOK, tplSettingsOAuthApplications)
 }
 
 // DeleteOAuth2Application deletes the given oauth2 application
 	log.Trace("OAuth2 Application deleted: %s", ctx.User.Name)
 
 	ctx.Flash.Success(ctx.Tr("settings.remove_oauth2_application_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/applications",
 	})
 }
 	}
 
 	ctx.Flash.Success(ctx.Tr("settings.revoke_oauth2_grant_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/applications",
 	})
 }

routers/user/setting/profile.go

 	"errors"
 	"fmt"
 	"io/ioutil"
+	"net/http"
 	"os"
 	"path/filepath"
 	"strings"
 	ctx.Data["Title"] = ctx.Tr("settings")
 	ctx.Data["PageIsSettingsProfile"] = true
 
-	ctx.HTML(200, tplSettingsProfile)
+	ctx.HTML(http.StatusOK, tplSettingsProfile)
 }
 
 // HandleUsernameChange handle username changes from user settings and admin interface
 	ctx.Data["PageIsSettingsProfile"] = true
 
 	if ctx.HasError() {
-		ctx.HTML(200, tplSettingsProfile)
+		ctx.HTML(http.StatusOK, tplSettingsProfile)
 		return
 	}
 
 		return
 	}
 	ctx.Data["Orgs"] = orgs
-	ctx.HTML(200, tplSettingsOrganization)
+	ctx.HTML(http.StatusOK, tplSettingsOrganization)
 }
 
 // Repos display a list of all repositories of the user
 	pager := context.NewPagination(int(count), opts.PageSize, opts.Page, 5)
 	pager.SetDefaultParams(ctx)
 	ctx.Data["Page"] = pager
-	ctx.HTML(200, tplSettingsRepositories)
+	ctx.HTML(http.StatusOK, tplSettingsRepositories)
 }

routers/user/setting/security.go

 package setting
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
 
 	loadSecurityData(ctx)
 
-	ctx.HTML(200, tplSettingsSecurity)
+	ctx.HTML(http.StatusOK, tplSettingsSecurity)
 }
 
 // DeleteAccountLink delete a single account link
 		}
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/security",
 	})
 }

routers/user/setting/security_openid.go

 package setting
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth/openid"
 	"code.gitea.io/gitea/modules/context"
 	if ctx.HasError() {
 		loadSecurityData(ctx)
 
-		ctx.HTML(200, tplSettingsSecurity)
+		ctx.HTML(http.StatusOK, tplSettingsSecurity)
 		return
 	}
 
 	log.Trace("OpenID address deleted: %s", ctx.User.Name)
 
 	ctx.Flash.Success(ctx.Tr("settings.openid_deletion_success"))
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/security",
 	})
 }

routers/user/setting/security_twofa.go

 	"encoding/base64"
 	"html/template"
 	"image/png"
+	"net/http"
 	"strings"
 
 	"code.gitea.io/gitea/models"
 		return
 	}
 
-	ctx.HTML(200, tplSettingsTwofaEnroll)
+	ctx.HTML(http.StatusOK, tplSettingsTwofaEnroll)
 }
 
 // EnrollTwoFactorPost handles enrolling the user into 2FA.
 		if !twofaGenerateSecretAndQr(ctx) {
 			return
 		}
-		ctx.HTML(200, tplSettingsTwofaEnroll)
+		ctx.HTML(http.StatusOK, tplSettingsTwofaEnroll)
 		return
 	}
 

routers/user/setting/security_u2f.go

 
 import (
 	"errors"
+	"net/http"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
 func U2FRegister(ctx *context.Context) {
 	form := web.GetForm(ctx).(*auth.U2FRegistrationForm)
 	if form.Name == "" {
-		ctx.Error(409)
+		ctx.Error(http.StatusConflict)
 		return
 	}
 	challenge, err := u2f.NewChallenge(setting.U2F.AppID, setting.U2F.TrustedFacets)
 	}
 	for _, reg := range regs {
 		if reg.Name == form.Name {
-			ctx.Error(409, "Name already taken")
+			ctx.Error(http.StatusConflict, "Name already taken")
 			return
 		}
 	}
 		// we'll tolerate errors here as they *should* get saved elsewhere
 		log.Error("Unable to save changes to the session: %v", err)
 	}
-	ctx.JSON(200, u2f.NewWebRegisterRequest(challenge, regs.ToRegistrations()))
+	ctx.JSON(http.StatusOK, u2f.NewWebRegisterRequest(challenge, regs.ToRegistrations()))
 }
 
 // U2FRegisterPost receives the response of the security key
 		ctx.ServerError("DeleteRegistration", err)
 		return
 	}
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"redirect": setting.AppSubURL + "/user/settings/security",
 	})
 }

routers/user/task.go

 package user
 
 import (
+	"net/http"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/context"
 )
 func TaskStatus(ctx *context.Context) {
 	task, opts, err := models.GetMigratingTaskByID(ctx.ParamsInt64("task"), ctx.User.ID)
 	if err != nil {
-		ctx.JSON(500, map[string]interface{}{
+		ctx.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"err": err,
 		})
 		return
 	}
 
-	ctx.JSON(200, map[string]interface{}{
+	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"status":    task.Status,
 		"err":       task.Errors,
 		"repo-id":   task.RepoID,